Bug 1176097 - Update NSS to NSS_3_19_2_RTM. a=sledru
--- a/configure.in
+++ b/configure.in
@@ -3622,17 +3622,17 @@ dnl = If NSS was not detected in the sys
dnl = use the one in the source tree (mozilla/security/nss)
dnl ========================================================
MOZ_ARG_WITH_BOOL(system-nss,
[ --with-system-nss Use system installed NSS],
_USE_SYSTEM_NSS=1 )
if test -n "$_USE_SYSTEM_NSS"; then
- AM_PATH_NSS(3.19.1, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+ AM_PATH_NSS(3.19.2, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
fi
if test -n "$MOZ_NATIVE_NSS"; then
NSS_LIBS="$NSS_LIBS -lcrmf"
else
NSS_CFLAGS='-I$(LIBXUL_DIST)/include/nss'
if test -z "$GNU_CC" -a "$OS_ARCH" = "WINNT"; then
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_19_1_RTM
+NSS_3_19_2_RTM
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -2415,20 +2415,20 @@ certutil_main(int argc, char **argv, PRB
{
CERTCertDBHandle *certHandle;
PK11SlotInfo *slot = NULL;
CERTName * subject = 0;
PRFileDesc *inFile = PR_STDIN;
PRFileDesc *outFile = PR_STDOUT;
SECItem certReqDER = { siBuffer, NULL, 0 };
SECItem certDER = { siBuffer, NULL, 0 };
- char * slotname = "internal";
- char * certPrefix = "";
+ const char *slotname = "internal";
+ const char *certPrefix = "";
char * sourceDir = "";
- char * srcCertPrefix = "";
+ const char *srcCertPrefix = "";
char * upgradeID = "";
char * upgradeTokenName = "";
KeyType keytype = rsaKey;
char * name = NULL;
char * email = NULL;
char * keysource = NULL;
SECOidTag hashAlgTag = SEC_OID_UNKNOWN;
int keysize = DEFAULT_KEY_BITS;
@@ -2529,17 +2529,17 @@ certutil_main(int argc, char **argv, PRB
}
/* -h specify token name */
if (certutil.options[opt_TokenName].activated) {
if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0)
slotname = NULL;
else
- slotname = PL_strdup(certutil.options[opt_TokenName].arg);
+ slotname = certutil.options[opt_TokenName].arg;
}
/* -Z hash type */
if (certutil.options[opt_Hash].activated) {
char * arg = certutil.options[opt_Hash].arg;
hashAlgTag = SECU_StringToSignatureAlgTag(arg);
if (hashAlgTag == SEC_OID_UNKNOWN) {
PR_fprintf(PR_STDERR, "%s -Z: %s is not a recognized type.\n",
@@ -2589,26 +2589,26 @@ certutil_main(int argc, char **argv, PRB
return 255;
}
serialNumber = sn;
}
/* -P certdb name prefix */
if (certutil.options[opt_DBPrefix].activated) {
if (certutil.options[opt_DBPrefix].arg) {
- certPrefix = strdup(certutil.options[opt_DBPrefix].arg);
+ certPrefix = certutil.options[opt_DBPrefix].arg;
} else {
Usage(progName);
}
}
/* --source-prefix certdb name prefix */
if (certutil.options[opt_SourcePrefix].activated) {
if (certutil.options[opt_SourcePrefix].arg) {
- srcCertPrefix = strdup(certutil.options[opt_SourcePrefix].arg);
+ srcCertPrefix = certutil.options[opt_SourcePrefix].arg;
} else {
Usage(progName);
}
}
/* -q PQG file or curve name */
if (certutil.options[opt_PQGFile].activated) {
#ifndef NSS_DISABLE_ECC
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
/*
* A dummy header file that is a dependency for all the object files.
* Used to force a full recompilation of NSS in Mozilla's Tinderbox
* depend builds. See comments in rules.mk.
*/
#error "Do not include this header file."
+
--- a/security/nss/lib/freebl/blapit.h
+++ b/security/nss/lib/freebl/blapit.h
@@ -133,23 +133,20 @@ typedef int __BLAPI_DEPRECATED __attribu
#define SEED_KEY_LENGTH 16 /* bytes */
#define NSS_FREEBL_DEFAULT_CHUNKSIZE 2048
/*
* These values come from the initial key size limits from the PKCS #11
* module. They may be arbitrarily adjusted to any value freebl supports.
*/
-#define RSA_MIN_MODULUS_BITS 512
+#define RSA_MIN_MODULUS_BITS 128
#define RSA_MAX_MODULUS_BITS 16384
#define RSA_MAX_EXPONENT_BITS 64
-/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
- * only 1023 bits and similar. We don't have good data on whether this
- * happens because NSS used to count bit lengths incorrectly. */
-#define DH_MIN_P_BITS 1023
+#define DH_MIN_P_BITS 128
#define DH_MAX_P_BITS 16384
/*
* The FIPS 186-1 algorithm for generating primes P and Q allows only 9
* distinct values for the length of P, and only one value for the
* length of Q.
* The algorithm uses a variable j to indicate which of the 9 lengths
* of P is to be used.
@@ -179,17 +176,17 @@ typedef int __BLAPI_DEPRECATED __attribu
* 3072 256
*
* The FIPS-186-3 complaiant PQG generator (PQG V2) takes arbitrary p and q
* lengths as input and returns an error if they aren't in this list.
*/
#define DSA1_Q_BITS 160
#define DSA_MAX_P_BITS 3072
-#define DSA_MIN_P_BITS 1023
+#define DSA_MIN_P_BITS 512
#define DSA_MAX_Q_BITS 256
#define DSA_MIN_Q_BITS 160
#if DSA_MAX_Q_BITS != DSA_MAX_SUBPRIME_LEN*8
#error "Inconsistent declaration of DSA SUBPRIME/Q parameters in blapit.h"
#endif
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -28,20 +28,20 @@
/*
* NSS's major version, minor version, patch level, build number, and whether
* this is a beta release.
*
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.19.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION "3.19.2" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 19
-#define NSS_VPATCH 1
+#define NSS_VPATCH 2
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#ifndef RC_INVOKED
#include "seccomon.h"
typedef struct NSSInitParametersStr NSSInitParameters;
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
/*
* Softoken's major version, minor version, patch level, build number,
* and whether this is a beta release.
*
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.19.1" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.19.2" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 19
-#define SOFTOKEN_VPATCH 1
+#define SOFTOKEN_VPATCH 2
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
#endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/ssl/dtlscon.c
+++ b/security/nss/lib/ssl/dtlscon.c
@@ -224,17 +224,17 @@ dtls_HandleHandshake(sslSocket *ss, sslB
message_length = (buf.buf[1] << 16) | (buf.buf[2] << 8) | buf.buf[3];
message_seq = (buf.buf[4] << 8) | buf.buf[5];
fragment_offset = (buf.buf[6] << 16) | (buf.buf[7] << 8) | buf.buf[8];
fragment_length = (buf.buf[9] << 16) | (buf.buf[10] << 8) | buf.buf[11];
#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
if (message_length > MAX_HANDSHAKE_MSG_LEN) {
(void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
return SECFailure;
}
#undef MAX_HANDSHAKE_MSG_LEN
buf.buf += 12;
buf.len -= 12;
/* This fragment must be complete */
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -6738,17 +6738,17 @@ ssl3_HandleServerKeyExchange(sslSocket *
unsigned dh_g_bits;
unsigned dh_Ys_bits;
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length);
if (rv != SECSuccess) {
goto loser; /* malformed. */
}
dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
- if (dh_p_bits < DH_MIN_P_BITS) {
+ if (dh_p_bits < SSL_DH_MIN_P_BITS) {
errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
goto alert_loser;
}
rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
if (rv != SECSuccess) {
goto loser; /* malformed. */
}
/* Abort if dh_g is 0, 1, or obviously too big. */
@@ -10045,25 +10045,25 @@ ssl3_AuthCertificate(sslSocket *ss)
ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType;
ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType;
if (pubKey) {
KeyType pubKeyType;
ss->sec.keaKeyBits = ss->sec.authKeyBits =
SECKEY_PublicKeyStrengthInBits(pubKey);
pubKeyType = SECKEY_GetPublicKeyType(pubKey);
/* Too small: not good enough. Send a fatal alert. */
- /* TODO: Use 1023 for RSA because a higher RSA_MIN_MODULUS_BITS
- * breaks export cipher suites, not 1024 to be conservative; when
- * export removed, increase RSA_MIN_MODULUS_BITS and use that. */
/* We aren't checking EC here on the understanding that we only
* support curves we like, a decision that might need revisiting. */
if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey ||
- pubKeyType == rsaOaepKey) && ss->sec.authKeyBits < 1023) ||
- (pubKeyType == dsaKey && ss->sec.authKeyBits < DSA_MIN_P_BITS) ||
- (pubKeyType == dhKey && ss->sec.authKeyBits < DH_MIN_P_BITS)) {
+ pubKeyType == rsaOaepKey) &&
+ ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) ||
+ (pubKeyType == dsaKey &&
+ ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) ||
+ (pubKeyType == dhKey &&
+ ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) {
PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY);
(void)SSL3_SendAlert(ss, alert_fatal,
ss->version >= SSL_LIBRARY_VERSION_TLS_1_0
? insufficient_security
: illegal_parameter);
SECKEY_DestroyPublicKey(pubKey);
return SECFailure;
}
@@ -10993,17 +10993,17 @@ ssl3_HandleHandshake(sslSocket *ss, sslB
else
ss->ssl3.hs.msg_len = (ss->ssl3.hs.msg_len << 8) + t;
if (ss->ssl3.hs.header_bytes < 4)
continue;
#define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */
if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) {
(void)ssl3_DecodeError(ss);
- PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG);
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE);
return SECFailure;
}
#undef MAX_HANDSHAKE_MSG_LEN
/* If msg_len is zero, be sure we fall through,
** even if buf->len is zero.
*/
if (ss->ssl3.hs.msg_len > 0)
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -148,16 +148,25 @@ typedef enum { SSLAppOpRead = 0,
#define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
#ifndef BPB
#define BPB 8 /* Bits Per Byte */
#endif
#define EXPORT_RSA_KEY_LENGTH 64 /* bytes */
+/* The minimum server key sizes accepted by the clients.
+ * Not 1024 to be conservative. */
+#define SSL_RSA_MIN_MODULUS_BITS 1023
+/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
+ * only 1023 bits and similar. We don't have good data on whether this
+ * happens because NSS used to count bit lengths incorrectly. */
+#define SSL_DH_MIN_P_BITS 1023
+#define SSL_DSA_MIN_P_BITS 1023
+
#define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/
#define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */
#define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */
typedef struct sslBufferStr sslBuffer;
typedef struct sslConnectInfoStr sslConnectInfo;
typedef struct sslGatherStr sslGather;
typedef struct sslSecurityInfoStr sslSecurityInfo;
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,20 +14,20 @@
/*
* NSS utilities's major version, minor version, patch level, build number,
* and whether this is a beta release.
*
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.19.1"
+#define NSSUTIL_VERSION "3.19.2"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 19
-#define NSSUTIL_VPATCH 1
+#define NSSUTIL_VPATCH 2
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
SEC_BEGIN_PROTOS
/*
* Returns a const string of the UTIL library version.
*/
