Bug 1564499 - land NSS 264f19e7ede7 UPGRADE_NSS_RELEASE, r=me

--HG--
extra : rebase_source : ff8107777ed0677caaa7249d77f5cf3871c25de2
extra : amend_source : bc8998d1b575164552d4b44396a7db4122a04777

old-configure.in

@@ -1537,7 +1537,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.45, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.46, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 NSS_CFLAGS="$NSS_CFLAGS -I${DIST}/include/nss"

security/nss/TAG-INFO

@@ -1 +1 @@
-NSS_3_45_RTM
+264f19e7ede7

security/nss/automation/abi-check/expected-report-libnss3.so.txt

@@ -1,4 +0,0 @@
-
-1 Added function:
-
-  'function SECStatus PK11_FindRawCertsWithSubject(PK11SlotInfo*, SECItem*, CERTCertificateList**)'    {PK11_FindRawCertsWithSubject@@NSS_3.45}

security/nss/automation/abi-check/expected-report-libssl3.so.txt

@@ -1,22 +0,0 @@
-
-2 functions with some indirect sub-type change:
-
-  [C]'function SECStatus SSL_ConfigServerCert(PRFileDesc*, CERTCertificate*, SECKEYPrivateKey*, const SSLExtraServerCertData*, unsigned int)' at sslcert.c:640:1 has some indirect sub-type changes:
-    parameter 4 of type 'const SSLExtraServerCertData*' has sub-type changes:
-      in pointed to type 'const SSLExtraServerCertData':
-        in unqualified underlying type 'typedef SSLExtraServerCertData' at sslt.h:291:1:
-          underlying type 'struct SSLExtraServerCertDataStr' at sslt.h:256:1 changed:
-            type size changed from 256 to 384 (in bits)
-            2 data member insertions:
-              'const SECItem* SSLExtraServerCertDataStr::delegCred', at offset 256 (in bits) at sslt.h:283:1
-              'const SECKEYPrivateKey* SSLExtraServerCertDataStr::delegCredPrivKey', at offset 320 (in bits) at sslt.h:290:1
-
-  [C]'function SECStatus SSL_GetChannelInfo(PRFileDesc*, SSLChannelInfo*, PRUintn)' at sslinfo.c:13:1 has some indirect sub-type changes:
-    parameter 2 of type 'SSLChannelInfo*' has sub-type changes:
-      in pointed to type 'typedef SSLChannelInfo' at sslt.h:357:1:
-        underlying type 'struct SSLChannelInfoStr' at sslt.h:272:1 changed:
-          type size hasn't changed
-          1 data member insertion:
-            'PRBool SSLChannelInfoStr::peerDelegCred', at offset 928 (in bits) at sslt.h:353:1
-
-

security/nss/automation/abi-check/previous-nss-release

@@ -1 +1 @@
-NSS_3_44_BRANCH
+NSS_3_45_BRANCH

security/nss/coreconf/coreconf.dep

@@ -10,3 +10,4 @@
  */
 
 #error "Do not include this header file."
+

security/nss/lib/freebl/Makefile

@@ -242,6 +242,9 @@ ifeq ($(CPU_ARCH),arm)
     DEFINES += -DSHA_NO_LONG_LONG # avoid 64-bit arithmetic in SHA512
     MPI_SRCS += mpi_arm.c
 endif
+ifeq ($(CPU_ARCH),aarch64)
+    EXTRA_SRCS += gcm-aarch64.c
+endif
 ifeq ($(CPU_ARCH),ppc)
 ifdef USE_64
     DEFINES += -DNSS_NO_INIT_SUPPORT
@@ -757,3 +760,7 @@ ifdef INTEL_GCM_CLANG_CL
 #
 $(OBJDIR)/$(PROG_PREFIX)intel-gcm-wrap$(OBJ_SUFFIX): CFLAGS += -mssse3
 endif
+
+ifeq ($(CPU_ARCH),aarch64)
+$(OBJDIR)/$(PROG_PREFIX)gcm-aarch64$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
+endif

security/nss/lib/freebl/blinit.c

@@ -137,10 +137,11 @@ CheckARMSupport()
 {
     char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON");
     char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
+    char *disable_pmull = PR_GetEnvSecure("NSS_DISABLE_PMULL");
     if (getauxval) {
         long hwcaps = getauxval(AT_HWCAP);
         arm_aes_support_ = hwcaps & HWCAP_AES && disable_hw_aes == NULL;
-        arm_pmull_support_ = hwcaps & HWCAP_PMULL;
+        arm_pmull_support_ = hwcaps & HWCAP_PMULL && disable_pmull == NULL;
         arm_sha1_support_ = hwcaps & HWCAP_SHA1;
         arm_sha2_support_ = hwcaps & HWCAP_SHA2;
     }

security/nss/lib/freebl/freebl.gyp

@@ -116,6 +116,22 @@
         }]
       ]
     },
+    {
+      'target_name': 'gcm-aes-aarch64_c_lib',
+      'type': 'static_library',
+      'sources': [
+        'gcm-aarch64.c'
+      ],
+      'dependencies': [
+        '<(DEPTH)/exports.gyp:nss_exports'
+      ],
+      'cflags': [
+        '-march=armv8-a+crypto'
+      ],
+      'cflags_mozilla': [
+        '-march=armv8-a+crypto'
+      ]
+    },
     {
       'target_name': 'freebl',
       'type': 'static_library',
@@ -145,6 +161,11 @@
             'gcm-aes-x86_c_lib',
           ],
         }],
+        [ 'target_arch=="arm64" or target_arch=="aarch64"', {
+          'dependencies': [
+            'gcm-aes-aarch64_c_lib',
+          ],
+        }],
         [ 'OS=="linux"', {
           'defines!': [
             'FREEBL_NO_DEPEND',
@@ -182,6 +203,11 @@
             'gcm-aes-x86_c_lib',
           ]
         }],
+        [ 'target_arch=="arm64" or target_arch=="aarch64"', {
+          'dependencies': [
+            'gcm-aes-aarch64_c_lib',
+          ],
+        }],
         [ 'OS!="linux"', {
           'conditions': [
             [ 'moz_fold_libs==0', {

security/nss/lib/freebl/gcm-aarch64.c

@@ -0,0 +1,95 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+#include "gcm.h"
+#include "secerr.h"
+
+/* old gcc doesn't support some poly64x2_t intrinsic */
+#if defined(__clang__) || (defined(__GNUC__) && __GNUC__ > 6)
+
+#include <arm_neon.h>
+
+SECStatus
+gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf)
+{
+    uint8x16_t ci = vrbitq_u8(vreinterpretq_u8_u64(ghash->x));
+    vst1q_u8(outbuf, ci);
+    return SECSuccess;
+}
+
+SECStatus
+gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
+                unsigned int count)
+{
+    const poly64x2_t p = vdupq_n_p64(0x87);
+    const uint8x16_t zero = vdupq_n_u8(0);
+    const uint64x2_t h = ghash->h;
+    uint64x2_t ci = ghash->x;
+    unsigned int i;
+    uint8x16_t z_low, z_high;
+    uint8x16_t t_low, t_high;
+    poly64x2_t t1;
+    uint8x16_t t2;
+
+    for (i = 0; i < count; i++, buf += 16) {
+        ci = vreinterpretq_u64_u8(veorq_u8(vreinterpretq_u8_u64(ci),
+                                           vrbitq_u8(vld1q_u8(buf))));
+
+        /* Do binary mult ghash->X = Ci * ghash->H. */
+        z_low = vreinterpretq_u8_p128(
+            vmull_p64((poly64_t)vget_low_p64(vreinterpretq_p64_u64(ci)),
+                      (poly64_t)vget_low_p64(vreinterpretq_p64_u64(h))));
+        z_high = vreinterpretq_u8_p128(
+            vmull_high_p64(vreinterpretq_p64_u64(ci), vreinterpretq_p64_u64(h)));
+        t1 = vreinterpretq_p64_u8(
+            vextq_u8(vreinterpretq_u8_u64(h), vreinterpretq_u8_u64(h), 8));
+        t_low = vreinterpretq_u8_p128(
+            vmull_p64((poly64_t)vget_low_p64(vreinterpretq_p64_u64(ci)),
+                      (poly64_t)vget_low_p64(t1)));
+        t_high = vreinterpretq_u8_p128(vmull_high_p64(vreinterpretq_p64_u64(ci), t1));
+        t2 = veorq_u8(t_high, t_low);
+        z_low = veorq_u8(z_low, vextq_u8(zero, t2, 8));
+        z_high = veorq_u8(z_high, vextq_u8(t2, zero, 8));
+
+        /* polynomial reduction */
+        t2 = vreinterpretq_u8_p128(vmull_high_p64(vreinterpretq_p64_u8(z_high), p));
+        z_high = veorq_u8(z_high, vextq_u8(t2, zero, 8));
+        z_low = veorq_u8(z_low, vextq_u8(zero, t2, 8));
+        ci = veorq_u64(vreinterpretq_u64_u8(z_low),
+                       vreinterpretq_u64_p128(
+                           vmull_p64((poly64_t)vget_low_p64(vreinterpretq_p64_u8(z_high)),
+                                     (poly64_t)vget_low_p64(p))));
+    }
+
+    ghash->x = ci;
+    return SECSuccess;
+}
+
+SECStatus
+gcm_HashInit_hw(gcmHashContext *ghash)
+{
+    /* Workaround of "used uninitialized in this function" error */
+    uint64x2_t h = vdupq_n_u64(0);
+
+    ghash->ghash_mul = gcm_HashMult_hw;
+    ghash->x = vdupq_n_u64(0);
+    h = vsetq_lane_u64(__builtin_bswap64(ghash->h_low), h, 1);
+    h = vsetq_lane_u64(__builtin_bswap64(ghash->h_high), h, 0);
+    h = vreinterpretq_u64_u8(vrbitq_u8(vreinterpretq_u8_u64(h)));
+    ghash->h = h;
+    ghash->hw = PR_TRUE;
+    return SECSuccess;
+}
+
+SECStatus
+gcm_HashZeroX_hw(gcmHashContext *ghash)
+{
+    ghash->x = vdupq_n_u64(0);
+    return SECSuccess;
+}
+
+#endif /* defined(__clang__) || (defined(__GNUC__) && __GNUC__ > 6) */

security/nss/lib/freebl/gcm.c

@@ -17,6 +17,12 @@
 
 #include <limits.h>
 
+/* old gcc doesn't support some poly64x2_t intrinsic */
+#if defined(__aarch64__) && defined(IS_LITTLE_ENDIAN) && \
+    (defined(__clang__) || defined(__GNUC__) && __GNUC__ > 6)
+#define USE_ARM_GCM
+#endif
+
 /* Forward declarations */
 SECStatus gcm_HashInit_hw(gcmHashContext *ghash);
 SECStatus gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf);
@@ -30,7 +36,7 @@ SECStatus gcm_HashMult_sftw32(gcmHashContext *ghash, const unsigned char *buf,
 
 /* Stub definitions for the above *_hw functions, which shouldn't be
  * used unless NSS_X86_OR_X64 is defined */
-#ifndef NSS_X86_OR_X64
+#if !defined(NSS_X86_OR_X64) && !defined(USE_ARM_GCM)
 SECStatus
 gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf)
 {
@@ -59,7 +65,7 @@ gcm_HashZeroX_hw(gcmHashContext *ghash)
     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
     return SECFailure;
 }
-#endif /* NSS_X86_OR_X64 */
+#endif /* !NSS_X86_OR_X64 && !USE_ARM_GCM */
 
 uint64_t
 get64(const unsigned char *bytes)
@@ -86,7 +92,11 @@ gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H, PRBool sw)
 
     ghash->h_low = get64(H + 8);
     ghash->h_high = get64(H);
+#ifdef USE_ARM_GCM
+    if (arm_pmull_support() && !sw) {
+#else
     if (clmul_support() && !sw) {
+#endif
         rv = gcm_HashInit_hw(ghash);
     } else {
 /* We fall back to the software implementation if we can't use / don't

security/nss/lib/freebl/gcm.h

@@ -26,6 +26,10 @@
 #endif /* NSS_DISABLE_SSE2 */
 #endif
 
+#ifdef __aarch64__
+#include <arm_neon.h>
+#endif
+
 SEC_BEGIN_PROTOS
 
 #ifdef HAVE_INT128_SUPPORT
@@ -61,6 +65,8 @@ typedef SECStatus (*ghash_t)(gcmHashContext *, const unsigned char *,
 pre_align struct gcmHashContextStr {
 #ifdef NSS_X86_OR_X64
     __m128i x, h;
+#elif defined(__aarch64__)
+    uint64x2_t x, h;
 #endif
     uint64_t x_low, x_high, h_high, h_low;
     unsigned char buffer[MAX_BLOCK_SIZE];

security/nss/lib/nss/nss.h

@@ -22,12 +22,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.45" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.46" _NSS_CUSTOMIZED " Beta"
 #define NSS_VMAJOR 3
-#define NSS_VMINOR 45
+#define NSS_VMINOR 46
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
-#define NSS_BETA PR_FALSE
+#define NSS_BETA PR_TRUE
 
 #ifndef RC_INVOKED
 

security/nss/lib/softoken/softkver.h

@@ -17,11 +17,11 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.45" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.46" SOFTOKEN_ECC_STRING " Beta"
 #define SOFTOKEN_VMAJOR 3
-#define SOFTOKEN_VMINOR 45
+#define SOFTOKEN_VMINOR 46
 #define SOFTOKEN_VPATCH 0
 #define SOFTOKEN_VBUILD 0
-#define SOFTOKEN_BETA PR_FALSE
+#define SOFTOKEN_BETA PR_TRUE
 
 #endif /* _SOFTKVER_H_ */

security/nss/lib/util/nssutil.h

@@ -19,12 +19,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.45"
+#define NSSUTIL_VERSION "3.46 Beta"
 #define NSSUTIL_VMAJOR 3
-#define NSSUTIL_VMINOR 45
+#define NSSUTIL_VMINOR 46
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
-#define NSSUTIL_BETA PR_FALSE
+#define NSSUTIL_BETA PR_TRUE
 
 SEC_BEGIN_PROTOS