Bug 839141 - Upgrade Mozilla to NSS 3.14.3, r=wtc,bsmith

2013-03-12 22:58:12 +01:00 · 2013-03-12 22:58:12 +01:00 · eaecc3b15f
--- a/dbm/include/moz.build
+++ b/dbm/include/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/dbm/moz.build
+++ b/dbm/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/dbm/src/moz.build
+++ b/dbm/src/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/dbm/tests/moz.build
+++ b/dbm/tests/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
--- a/security/coreconf/coreconf.dep
+++ b/security/coreconf/coreconf.dep
@ -10,3 +10,4 @@
 */

 #error "Do not include this header file."
+
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@ -1 +1 @@
-NSS_3_14_3_BETA1
+NSS_3_14_3_RTM
--- a/security/nss/TAG-INFO-CKBI
+++ b/security/nss/TAG-INFO-CKBI
@ -1 +1 @@
-NSS_3_14_3_BETA1
+NSS_3_14_3_RTM
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@ -313,7 +313,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType,
 		PRUint32 trailerLen = PL_strlen(trailer);
 		SECITEM_AllocItem(NULL, result,
 				  headerLen + obufLen + trailerLen);
-		if (!result->data) {
+		if (result->data) {
 		    PORT_Memcpy(result->data, header, headerLen);
 		    PORT_Memcpy(result->data + headerLen, obuf, obufLen);
 		    PORT_Memcpy(result->data + headerLen + obufLen,
--- a/security/nss/lib/freebl/blapi.h
+++ b/security/nss/lib/freebl/blapi.h
@ -4,7 +4,7 @@
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: blapi.h,v 1.50 2013/02/05 18:10:42 wtc%google.com Exp $ */
+/* $Id: blapi.h,v 1.51 2013/02/14 21:20:46 wtc%google.com Exp $ */

 #ifndef _BLAPI_H_
 #define _BLAPI_H_
@ -875,8 +875,8 @@ extern void MD5_End(MD5Context *cx, unsigned char *digest,
 		    unsigned int *digestLen, unsigned int maxDigestLen);

 /*
-** Export the raw state of the MD5 hash without appending the standard padding
-** and length bytes. Produce the digested results in "digest"
+** Export the current state of the MD5 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
 **	"digest" where the 16 bytes of digest data are stored
 **	"digestLen" where the digest length (16) is stored (optional)
@ -1044,9 +1044,9 @@ extern void SHA1_End(SHA1Context *cx, unsigned char *digest,

 /*
 ** Export the current state of the SHA-1 hash without appending the standard
-** padding and length. Produce the digested results in "digest"
+** padding and length bytes. Produce the digested results in "digest"
 **	"cx" the context
-**	"digest" where the 16 bytes of digest data are stored
+**	"digest" where the 20 bytes of digest data are stored
 **	"digestLen" where the digest length (20) is stored (optional)
 **	"maxDigestLen" the maximum amount of data that can ever be
 **	   stored in "digest"
@ -1092,6 +1092,15 @@ extern void SHA224_Update(SHA224Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA224_End(SHA224Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-224 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 28 bytes of digest data are stored
+**	"digestLen" where the digest length (28) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA224_EndRaw(SHA224Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
@ -1112,6 +1121,15 @@ extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-256 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 32 bytes of digest data are stored
+**	"digestLen" where the digest length (32) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA256_EndRaw(SHA256Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
@ -1130,6 +1148,15 @@ extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
 extern void SHA512_Begin(SHA512Context *cx);
 extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
 			unsigned int inputLen);
+/*
+** Export the current state of the SHA-512 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 64 bytes of digest data are stored
+**	"digestLen" where the digest length (64) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA512_EndRaw(SHA512Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
@ -1152,6 +1179,15 @@ extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
 			unsigned int inputLen);
 extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
 		     unsigned int *digestLen, unsigned int maxDigestLen);
+/*
+** Export the current state of the SHA-384 hash without appending the standard
+** padding and length bytes. Produce the digested results in "digest"
+**	"cx" the context
+**	"digest" where the 48 bytes of digest data are stored
+**	"digestLen" where the digest length (48) is stored (optional)
+**	"maxDigestLen" the maximum amount of data that can ever be
+**	   stored in "digest"
+*/
 extern void SHA384_EndRaw(SHA384Context *cx, unsigned char *digest,
 			  unsigned int *digestLen, unsigned int maxDigestLen);
 extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
--- a/security/nss/lib/freebl/hmacct.h
+++ b/security/nss/lib/freebl/hmacct.h
@ -2,8 +2,8 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

-#ifndef _ALGHMACCT_H_
-#define _ALGHMACCT_H_
+#ifndef _HMACCT_H_
+#define _HMACCT_H_

 SEC_BEGIN_PROTOS

--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@ -4,7 +4,7 @@
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: nss.h,v 1.103 2013/01/31 22:59:44 kaie%kuix.de Exp $ */
+/* $Id: nss.h,v 1.104 2013/02/14 19:16:13 kaie%kuix.de Exp $ */

 #ifndef __nss_h_
 #define __nss_h_
@ -34,12 +34,12 @@
 * The format of the version string should be
 *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
 */
-#define NSS_VERSION  "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION  "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   14
 #define NSS_VPATCH   3
 #define NSS_VBUILD   0
-#define NSS_BETA     PR_TRUE
+#define NSS_BETA     PR_FALSE

 #ifndef RC_INVOKED

--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@ -25,11 +25,11 @@
 * The format of the version string should be
 *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
 */
-#define SOFTOKEN_VERSION  "3.14.3.0" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION  "3.14.3.0" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR   3
 #define SOFTOKEN_VMINOR   14
 #define SOFTOKEN_VPATCH   3
 #define SOFTOKEN_VBUILD   0
-#define SOFTOKEN_BETA     PR_TRUE
+#define SOFTOKEN_BETA     PR_FALSE

 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@ -19,12 +19,12 @@
 * The format of the version string should be
 *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
 */
-#define NSSUTIL_VERSION  "3.14.3.0 Beta"
+#define NSSUTIL_VERSION  "3.14.3.0"
 #define NSSUTIL_VMAJOR   3
 #define NSSUTIL_VMINOR   14
 #define NSSUTIL_VPATCH   3
 #define NSSUTIL_VBUILD   0
-#define NSSUTIL_BETA     PR_TRUE
+#define NSSUTIL_BETA     PR_FALSE

 SEC_BEGIN_PROTOS

--- a/security/nss/lib/util/pkcs11n.h
+++ b/security/nss/lib/util/pkcs11n.h
@ -6,7 +6,7 @@
 #define _PKCS11N_H_

 #ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $ $Date: 2013/02/07 01:29:19 $";
+static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.32 $ $Date: 2013/02/12 22:33:53 $";
 #endif /* DEBUG */

 /*
@ -195,6 +195,20 @@ static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $
 #define CKM_NSS_JPAKE_FINAL_SHA384  (CKM_NSS + 17)
 #define CKM_NSS_JPAKE_FINAL_SHA512  (CKM_NSS + 18)

+/* Constant-time MAC mechanisms:
+ *
+ * These operations verify a padded, MAC-then-encrypt block of data in
+ * constant-time. Because of the order of operations, the padding bytes are not
+ * protected by the MAC. However, disclosing the value of the padding bytes
+ * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be
+ * as subtle as taking slightly less time to perform the MAC when the padding
+ * is one byte longer. See https://www.isg.rhul.ac.uk/tls/
+ *
+ * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication.
+ * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC.
+ *
+ * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS
+ */
 #define CKM_NSS_HMAC_CONSTANT_TIME      (CKM_NSS + 19)
 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME  (CKM_NSS + 20)

@ -243,7 +257,15 @@ typedef struct CK_NSS_JPAKEFinalParams {
    CK_NSS_JPAKEPublicValue B; /* in */
 } CK_NSS_JPAKEFinalParams;

-/* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
+/* macAlg: the MAC algorithm to use. This determines the hash function used in
+ *     the HMAC/SSLv3 MAC calculations.
+ * ulBodyTotalLen: the total length of the data, including padding bytes and
+ *     padding length.
+ * pHeader: points to a block of data that contains additional data to
+ *     authenticate. For TLS this includes the sequence number etc. For SSLv3,
+ *     this also includes the initial padding bytes.
+ *
+ * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
 * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen
 * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an
 * unsigned int variable to represent the length in bits. This should not
--- a/security/nss/tests/pkcs11/netscape/trivial/moz.build
+++ b/security/nss/tests/pkcs11/netscape/trivial/moz.build
@ -1,5 +0,0 @@
-# vim: set filetype=python:
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-