Bug 1353748 - Upgrade ESR45 to NSS 3.21.4. a=gchang
authorRyan VanderMeulen <ryanvm@gmail.com>
Thu, 06 Apr 2017 16:06:50 -0400
changeset 312860 163329b7d17ccfe05dc3f2b7bc8531d1e34abcfc
parent 312859 f0b89acc24eaf32974d21098ec65910039ac7fc9
child 312861 9cb520a4ca8f9453e4003b6a74e3bee5b8ed9fab
push id513
push userryanvm@gmail.com
push dateThu, 06 Apr 2017 20:11:06 +0000
treeherdermozilla-esr45@9cb520a4ca8f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersgchang
bugs1353748
milestone45.8.1
Bug 1353748 - Upgrade ESR45 to NSS 3.21.4. a=gchang
configure.in
security/nss/TAG-INFO
security/nss/coreconf/coreconf.dep
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/drbg.c
security/nss/lib/nss/nss.h
security/nss/lib/softoken/softkver.h
security/nss/lib/util/nssb64d.c
security/nss/lib/util/nssb64e.c
security/nss/lib/util/nssutil.h
--- a/configure.in
+++ b/configure.in
@@ -3446,17 +3446,17 @@ dnl = If NSS was not detected in the sys
 dnl = use the one in the source tree (mozilla/security/nss)
 dnl ========================================================
 
 MOZ_ARG_WITH_BOOL(system-nss,
 [  --with-system-nss       Use system installed NSS],
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.21.3, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.21.4, [MOZ_NATIVE_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_NATIVE_NSS"; then
    NSS_LIBS="$NSS_LIBS -lcrmf"
 else
    NSS_CFLAGS="-I${DIST}/include/nss"
 fi
 
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_21_3_RTM
+NSS_3_21_4_RTM
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@@ -1439,16 +1439,22 @@ FIPS186Change_GenerateX(unsigned char *X
  *        q, DSA_SUBPRIME_LEN bytes
  * Output: xj, DSA_SUBPRIME_LEN bytes
  */
 extern SECStatus
 FIPS186Change_ReduceModQForDSA(const unsigned char *w,
                                const unsigned char *q,
                                unsigned char *xj);
 
+/* To allow NIST KAT tests */
+extern SECStatus
+PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
+                         const PRUint8 *nonce, unsigned int nonce_len,
+                         const PRUint8 *personal_string, unsigned int ps_len);
+
 /*
  * The following functions are for FIPS poweron self test and FIPS algorithm
  * testing.
  */
 extern SECStatus
 PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len, 
 		const PRUint8 *nonce, unsigned int nonce_len,
 		const PRUint8 *personal_string, unsigned int ps_len);
--- a/security/nss/lib/freebl/drbg.c
+++ b/security/nss/lib/freebl/drbg.c
@@ -91,17 +91,18 @@ struct RNGContextStr {
 					 * save the rest of the rng output for 
 					 * another partial block */
     PRUint8  dataAvail;            /* # bytes of output available in our cache,
 	                            * [0...SHA256_LENGTH] */
     /* store additional data that has been shovelled off to us by
      * RNG_RandomUpdate. */
     PRUint8  additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE];
     PRUint32 additionalAvail;
-    PRBool   isValid;          /* false if RNG reaches an invalid state */
+    PRBool   isValid;   /* false if RNG reaches an invalid state */
+    PRBool   isKatTest; /* true if running NIST PRNG KAT tests */
 };
 
 typedef struct RNGContextStr RNGContext;
 static RNGContext *globalrng = NULL;
 static RNGContext theGlobalRng;
 
 
 /*
@@ -144,27 +145,29 @@ prng_Hash_df(PRUint8 *requested_bytes, u
 	requested_bytes += hash_return_len;
 	no_of_bytes_to_return -= hash_return_len;
     }
     return SECSuccess;
 }
 
 
 /*
- * Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2
+ * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2
  *
  * NOTE: bytes & len are entropy || nonce || personalization_string. In
  * normal operation, NSS calculates them all together in a single call.
  */
 static SECStatus
 prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len)
 {
-    if (len < PRNG_SEEDLEN) {
-	/* if the seedlen is to small, it's probably because we failed to get
-	 * enough random data */
+    if (!rng->isKatTest && len < PRNG_SEEDLEN) {
+	/* If the seedlen is too small, it's probably because we failed to get
+	 * enough random data.
+	 * This is stricter than NIST SP800-90A requires. Don't enforce it for
+	 * tests. */
 	PORT_SetError(SEC_ERROR_NEED_RANDOM);
 	return SECFailure;
     }
     prng_Hash_df(V(rng), VSize(rng), bytes, len, NULL, 0);
     rng->V_type = prngCGenerateType;
     prng_Hash_df(rng->C,sizeof rng->C,rng->V_Data,sizeof rng->V_Data,NULL,0);
     PRNG_RESET_RESEED_COUNT(rng)
     return SECSuccess;
@@ -267,17 +270,17 @@ prng_reseed_test(RNGContext *rng, const 
             carry += dest[k1] + add[k2]; \
             dest[k1] = (PRUint8) carry; \
             carry >>= 8; \
         } \
     }
 
 #define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
     PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
-    PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry)
+    PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry)
 
 /*
  * This function expands the internal state of the prng to fulfill any number
  * of bytes we need for this request. We only use this call if we need more
  * than can be supplied by a single call to SHA256_HashBuf. 
  *
  * This function is specified in NIST SP 800-90 section 10.1.1.4, Hashgen
  */
@@ -418,16 +421,17 @@ static PRStatus rng_init(void)
 	    return PR_FAILURE;
 	}
  
 	if (rv != SECSuccess) {
 	    return PR_FAILURE;
 	}
 	/* the RNG is in a valid state */
 	globalrng->isValid = PR_TRUE;
+	globalrng->isKatTest = PR_FALSE;
 
 	/* fetch one random value so that we can populate rng->oldV for our
 	 * continous random number test. */
 	prng_generateNewBytes(globalrng, bytes, SHA256_LENGTH, NULL, 0);
 
 	/* Fetch more entropy into the PRNG */
 	RNG_SystemInfoForRNG();
     }
@@ -662,16 +666,27 @@ RNG_RNGShutdown(void)
 /*
  * Test case interface. used by fips testing and power on self test
  */
  /* make sure the test context is separate from the global context, This
   * allows us to test the internal random number generator without losing
   * entropy we may have previously collected. */
 RNGContext testContext;
 
+SECStatus
+PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
+                         const PRUint8 *nonce, unsigned int nonce_len,
+                         const PRUint8 *personal_string, unsigned int ps_len)
+{
+    testContext.isKatTest = PR_TRUE;
+    return PRNGTEST_Instantiate(entropy, entropy_len,
+                                nonce, nonce_len,
+                                personal_string, ps_len);
+}
+
 /*
  * Test vector API. Use NIST SP 800-90 general interface so one of the
  * other NIST SP 800-90 algorithms may be used in the future.
  */
 SECStatus
 PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len, 
 		const PRUint8 *nonce, unsigned int nonce_len,
 		const PRUint8 *personal_string, unsigned int ps_len)
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -28,20 +28,20 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.21.3" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION  "3.21.4" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   21
-#define NSS_VPATCH   3
+#define NSS_VPATCH   4
 #define NSS_VBUILD   0
 #define NSS_BETA     PR_FALSE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -20,16 +20,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION  "3.21.3" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION  "3.21.4" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   21
-#define SOFTOKEN_VPATCH   3
+#define SOFTOKEN_VPATCH   4
 #define SOFTOKEN_VBUILD   0
 #define SOFTOKEN_BETA     PR_FALSE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/util/nssb64d.c
+++ b/security/nss/lib/util/nssb64d.c
@@ -368,17 +368,17 @@ pl_base64_decode_flush (PLBase64Decoder 
 
 /*
  * The maximum space needed to hold the output of the decoder given
  * input data of length "size".
  */
 static PRUint32
 PL_Base64MaxDecodedLength (PRUint32 size)
 {
-    return ((size * 3) / 4);
+    return size * 0.75;
 }
 
 
 /*
  * A distinct internal creation function for the buffer version to use.
  * (It does not want to specify an output_fn, and we want the normal
  * Create function to require that.)  If more common initialization
  * of the decoding context needs to be done, it should be done *here*.
--- a/security/nss/lib/util/nssb64e.c
+++ b/security/nss/lib/util/nssb64e.c
@@ -280,16 +280,21 @@ pl_base64_encode_flush (PLBase64Encoder 
  * line_length bytes (we will add it at nearest lower multiple of 4).
  * There is no trailing CRLF.
  */
 static PRUint32
 PL_Base64MaxEncodedLength (PRUint32 size, PRUint32 line_length)
 {
     PRUint32 tokens, tokens_per_line, full_lines, line_break_chars, remainder;
 
+    /* This is the maximum length we support. */
+    if (size > 0x3fffffff) {
+        return 0;
+    }
+
     tokens = (size + 2) / 3;
 
     if (line_length == 0)
 	return tokens * 4;
 
     if (line_length < 4)	/* too small! */
 	line_length = 4;
 
@@ -456,16 +461,20 @@ PL_Base64EncodeBuffer (const unsigned ch
     PR_ASSERT(srclen > 0);
     if (srclen == 0)
 	return dest;
 
     /*
      * How much space could we possibly need for encoding this input?
      */
     need_length = PL_Base64MaxEncodedLength (srclen, line_length);
+    if (need_length == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
 
     /*
      * Make sure we have at least that much, if output buffer provided.
      */
     if (dest != NULL) {
 	PR_ASSERT(maxdestlen >= need_length);
 	if (maxdestlen < need_length) {
 	    PR_SetError(PR_BUFFER_OVERFLOW_ERROR, 0);
@@ -638,16 +647,20 @@ NSSBase64_EncodeItem (PLArenaPool *arena
 
     PORT_Assert(inItem != NULL && inItem->data != NULL && inItem->len != 0);
     if (inItem == NULL || inItem->data == NULL || inItem->len == 0) {
 	PORT_SetError (SEC_ERROR_INVALID_ARGS);
 	return NULL;
     }
 
     max_out_len = PL_Base64MaxEncodedLength (inItem->len, 64);
+    if (max_out_len == 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
 
     if (arenaOpt != NULL)
 	mark = PORT_ArenaMark (arenaOpt);
 
     if (out_string == NULL) {
 	if (arenaOpt != NULL)
 	    out_string = PORT_ArenaAlloc (arenaOpt, max_out_len + 1);
 	else
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,20 +14,20 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION  "3.21.3"
+#define NSSUTIL_VERSION  "3.21.4"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   21
-#define NSSUTIL_VPATCH   3
+#define NSSUTIL_VPATCH   4
 #define NSSUTIL_VBUILD   0
 #define NSSUTIL_BETA     PR_FALSE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */