Bug 1523175 - land NSS NSS_3_43_BETA2 UPGRADE_NSS_RELEASE, r=me
authorJ.C. Jones <jc@mozilla.com>
Thu, 14 Mar 2019 00:08:17 +0000
changeset 524833 71aaa0c1b7d8e8520e1b221c55bc86931efab31b
parent 524832 9b16f651358bba0661de7a864b2adb3d5e6c60cb
child 524834 9fa0296c189b24c5b418409c711d3a4aebc42873
child 524896 92d7192b7d69054565010b2ba41dc667d01fc4cb
push id2032
push userffxbld-merge
push dateMon, 13 May 2019 09:36:57 +0000
treeherdermozilla-release@455c1065dcbe [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs1523175
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1523175 - land NSS NSS_3_43_BETA2 UPGRADE_NSS_RELEASE, r=me
security/nss/TAG-INFO
security/nss/coreconf/coreconf.dep
security/nss/gtests/ssl_gtest/tls_esni_unittest.cc
security/nss/lib/ssl/ssl3con.c
security/nss/lib/ssl/tls13con.c
security/nss/lib/ssl/tls13con.h
security/nss/lib/ssl/tls13esni.c
security/nss/lib/ssl/tls13hkdf.c
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_43_BETA1
+NSS_3_43_BETA2
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/tls_esni_unittest.cc
@@ -300,21 +300,24 @@ TEST_P(TlsConnectTls13, ConnectEsniHrr) 
   EnsureTlsSetup();
   const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1};
   server_->ConfigNamedGroups(groups);
   SetupEsni(client_, server_);
   auto hrr_capture = MakeTlsFilter<TlsHandshakeRecorder>(
       server_, kTlsHandshakeHelloRetryRequest);
   auto filter =
       MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn);
-  auto cfilter =
-      MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn);
+  auto filter2 =
+      MakeTlsFilter<TlsExtensionCapture>(client_, ssl_server_name_xtn, true);
+  client_->SetFilter(std::make_shared<ChainedPacketFilter>(
+      ChainedPacketFilterInit({filter, filter2})));
   server_->SetSniCallback(SniCallback);
   Connect();
-  CheckSniExtension(cfilter->extension());
+  CheckSniExtension(filter->extension());
+  CheckSniExtension(filter2->extension());
   EXPECT_NE(0UL, hrr_capture->buffer().len());
 }
 
 TEST_P(TlsConnectTls13, ConnectEsniNoDummy) {
   EnsureTlsSetup();
   ScopedSECKEYPublicKey pub;
   ScopedSECKEYPrivateKey priv;
   DataBuffer record;
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -4978,19 +4978,18 @@ ssl3_SendClientHello(sslSocket *ss, sslC
     /* Generate a new random if this is the first attempt. */
     if (type == client_hello_initial) {
         rv = ssl3_GetNewRandom(ss->ssl3.hs.client_random);
         if (rv != SECSuccess) {
             goto loser; /* err set by GetNewRandom. */
         }
     }
 
-    if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3 &&
-        type == client_hello_initial) {
-        rv = tls13_SetupClientHello(ss);
+    if (ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3) {
+        rv = tls13_SetupClientHello(ss, type);
         if (rv != SECSuccess) {
             goto loser;
         }
     }
 
     if (isTLS || (ss->firstHsDone && ss->peerRequestedProtection)) {
         rv = ssl_ConstructExtensions(ss, &extensionBuf, ssl_hs_client_hello);
         if (rv != SECSuccess) {
--- a/security/nss/lib/ssl/tls13con.c
+++ b/security/nss/lib/ssl/tls13con.c
@@ -411,38 +411,45 @@ SSL_SendAdditionalKeyShares(PRFileDesc *
 
 /*
  * Generate shares for ECDHE and FFDHE.  This picks the first enabled group of
  * the requisite type and creates a share for that.
  *
  * Called from ssl3_SendClientHello.
  */
 SECStatus
-tls13_SetupClientHello(sslSocket *ss)
+tls13_SetupClientHello(sslSocket *ss, sslClientHelloType chType)
 {
     unsigned int i;
     SSL3Statistics *ssl3stats = SSL_GetStatistics();
     NewSessionTicket *session_ticket = NULL;
     sslSessionID *sid = ss->sec.ci.sid;
     unsigned int numShares = 0;
     SECStatus rv;
 
     PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
     PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
-    PORT_Assert(PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
-
-    /* Do encrypted SNI. This may create a key share as a side effect. */
+
+    /* Do encrypted SNI.
+     * Note: this makes a new key even though we don't need one.
+     * Maybe remove this in future for efficiency. */
     rv = tls13_ClientSetupESNI(ss);
     if (rv != SECSuccess) {
         return SECFailure;
     }
 
+    /* Everything below here is only run on the first CH. */
+    if (chType != client_hello_initial) {
+        return SECSuccess;
+    }
+
     /* Select the first enabled group.
      * TODO(ekr@rtfm.com): be smarter about offering the group
      * that the other side negotiated if we are resuming. */
+    PORT_Assert(PR_CLIST_IS_EMPTY(&ss->ephemeralKeyPairs));
     for (i = 0; i < SSL_NAMED_GROUP_COUNT; ++i) {
         if (!ss->namedGroupPreferences[i]) {
             continue;
         }
         rv = tls13_AddKeyShare(ss, ss->namedGroupPreferences[i]);
         if (rv != SECSuccess) {
             return SECFailure;
         }
--- a/security/nss/lib/ssl/tls13con.h
+++ b/security/nss/lib/ssl/tls13con.h
@@ -58,17 +58,17 @@ SECStatus tls13_ComputeHash(sslSocket *s
 SECStatus tls13_ComputeHandshakeHashes(sslSocket *ss,
                                        SSL3Hashes *hashes);
 SECStatus tls13_DeriveSecretNullHash(sslSocket *ss, PK11SymKey *key,
                                      const char *label,
                                      unsigned int labelLen,
                                      PK11SymKey **dest);
 void tls13_FatalError(sslSocket *ss, PRErrorCode prError,
                       SSL3AlertDescription desc);
-SECStatus tls13_SetupClientHello(sslSocket *ss);
+SECStatus tls13_SetupClientHello(sslSocket *ss, sslClientHelloType chType);
 SECStatus tls13_MaybeDo0RTTHandshake(sslSocket *ss);
 PRInt32 tls13_LimitEarlyData(sslSocket *ss, SSLContentType type, PRInt32 toSend);
 PRBool tls13_AllowPskCipher(const sslSocket *ss,
                             const ssl3CipherSuiteDef *cipher_def);
 PRBool tls13_PskSuiteEnabled(sslSocket *ss);
 SECStatus tls13_WriteExtensionsWithBinder(sslSocket *ss, sslBuffer *extensions);
 SECStatus tls13_HandleClientHelloPart2(sslSocket *ss,
                                        const SECItem *suites,
--- a/security/nss/lib/ssl/tls13esni.c
+++ b/security/nss/lib/ssl/tls13esni.c
@@ -579,16 +579,18 @@ tls13_ClientSetupESNI(sslSocket *ss)
     sslEphemeralKeyPair *keyPair;
     size_t i;
     PRCList *cur;
     SECStatus rv;
     TLS13KeyShareEntry *share;
     const sslNamedGroupDef *group = NULL;
     PRTime now = PR_Now() / PR_USEC_PER_SEC;
 
+    PORT_Assert(!ss->xtnData.esniPrivateKey);
+
     if (!ss->esniKeys) {
         return SECSuccess;
     }
 
     if ((ss->esniKeys->notBefore > now) || (ss->esniKeys->notAfter < now)) {
         return SECSuccess;
     }
 
--- a/security/nss/lib/ssl/tls13hkdf.c
+++ b/security/nss/lib/ssl/tls13hkdf.c
@@ -202,17 +202,17 @@ tls13_HkdfExpandLabel(PK11SymKey *prk, S
                                    CKA_DERIVE, keySize,
                                    CKF_SIGN | CKF_VERIFY);
     if (!derived)
         return SECFailure;
 
     *keyp = derived;
 
 #ifdef TRACE
-    if (ssl_trace >= 10) {
+    if (ssl_trace >= 50) {
         /* Make sure the label is null terminated. */
         char labelStr[100];
         PORT_Memcpy(labelStr, label, labelLen);
         labelStr[labelLen] = 0;
         SSL_TRC(50, ("HKDF Expand: label='tls13 %s',requested length=%d",
                      labelStr, keySize));
     }
     PRINT_KEY(50, (NULL, "PRK", prk));