Bug 1401594 - land NSS NSS_3_34_BETA3 UPGRADE_NSS_RELEASE CLOSED TREE, r=me
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Wed, 08 Nov 2017 15:26:20 +0100
changeset 444008 34e1dd628fb3b9618c23c1c81a0821c764c01d62
parent 444007 969c788d78b3f3b7515a83a268e2afe4a5c76a58
child 444009 aa132747394e61e607ce2e3bea248c1e66011aea
push id1618
push userCallek@gmail.com
push dateThu, 11 Jan 2018 17:45:48 +0000
treeherdermozilla-release@882ca853e05a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1401594
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1401594 - land NSS NSS_3_34_BETA3 UPGRADE_NSS_RELEASE CLOSED TREE, r=me MozReview-Commit-ID: HCa9qQq2zPP
security/nss/TAG-INFO
security/nss/cmd/certutil/certutil.c
security/nss/coreconf/coreconf.dep
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/tls13con.c
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_34_BETA2
+NSS_3_34_BETA3
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -223,17 +223,18 @@ CertReq(SECKEYPrivateKey *privk, SECKEYP
             PORT_FreeArena(arena, PR_FALSE);
             SECKEY_DestroySubjectPublicKeyInfo(spki);
             SECU_PrintError(progName, "unable to create RSA-PSS parameters");
             return SECFailure;
         }
 
         spki->algorithm.parameters.data = NULL;
         rv = SECOID_SetAlgorithmID(arena, &spki->algorithm,
-                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE, params);
+                                   SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+                                   hashAlgTag == SEC_OID_UNKNOWN ? NULL : params);
         if (rv != SECSuccess) {
             PORT_FreeArena(arena, PR_FALSE);
             SECKEY_DestroySubjectPublicKeyInfo(spki);
             SECU_PrintError(progName, "unable to set algorithm ID");
             return SECFailure;
         }
     }
 
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -6835,18 +6835,19 @@ ssl3_HandleServerHello(sslSocket *ss, PR
         }
     }
 
     /* Set compression (to be removed soon), and cipher suite. */
     ss->ssl3.hs.compression = ssl_compression_null;
     rv = ssl_ClientSetCipherSuite(ss, ss->version, cipher,
                                   PR_TRUE /* init hashes */);
     if (rv != SECSuccess) {
+        desc = handshake_failure;
         errCode = PORT_GetError();
-        goto loser;
+        goto alert_loser;
     }
 
     rv = ssl3_HandleParsedExtensions(ss, server_hello);
     ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
     if (rv != SECSuccess) {
         goto alert_loser;
     }
 
--- a/security/nss/lib/ssl/tls13con.c
+++ b/security/nss/lib/ssl/tls13con.c
@@ -2739,19 +2739,16 @@ tls13_SetSpecRecordVersion(sslSocket *ss
 
 static SECStatus
 tls13_SetupPendingCipherSpec(sslSocket *ss, ssl3CipherSpec *spec)
 {
     ssl3CipherSuite suite = ss->ssl3.hs.cipher_suite;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
-    ssl_GetSpecWriteLock(ss); /*******************************/
-
-    spec = ss->ssl3.pwSpec;
     /* Version isn't set when we send 0-RTT data. */
     spec->version = PR_MAX(SSL_LIBRARY_VERSION_TLS_1_3, ss->version);
 
     SSL_TRC(3, ("%d: TLS13[%d]: Set Pending Cipher Suite to 0x%04x",
                 SSL_GETPID(), ss->fd, suite));
 
     spec->cipher_def = ssl_GetBulkCipherDef(ssl_LookupCipherSuiteDef(suite));
     switch (spec->cipher_def->calg) {