Bug 1401594 - land NSS NSS_3_34_BETA2 UPGRADE_NSS_RELEASE, r=me

MozReview-Commit-ID: IZcYFTH0x9o

old-configure.in

@@ -1915,7 +1915,7 @@ MOZ_ARG_WITH_BOOL(system-nss,
     _USE_SYSTEM_NSS=1 )
 
 if test -n "$_USE_SYSTEM_NSS"; then
-    AM_PATH_NSS(3.35, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
+    AM_PATH_NSS(3.34, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])])
 fi
 
 if test -n "$MOZ_SYSTEM_NSS"; then

security/nss/TAG-INFO

@@ -1 +1 @@
-de7e5e67e878
+NSS_3_34_BETA2

security/nss/automation/abi-check/expected-report-libnss3.so.txt

@@ -0,0 +1,11 @@
+Functions changes summary: 0 Removed, 0 Changed, 4 Added functions
+Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
+
+4 Added functions:
+
+  'function SECItem* SEC_CreateSignatureAlgorithmParameters(SECItem*, SECOidTag, SECOidTag, const SECItem*, const SECKEYPrivateKey*)'    {SEC_CreateSignatureAlgorithmParameters@@NSS_3.34}
+  'function SECStatus SEC_DerSignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)'    {SEC_DerSignDataWithAlgorithmID@@NSS_3.34}
+  'function SECStatus SEC_SignDataWithAlgorithmID(SECItem*, const unsigned char*, int, SECKEYPrivateKey*, SECAlgorithmID*)'    {SEC_SignDataWithAlgorithmID@@NSS_3.34}
+  'function void SGN_NewContextWithAlgorithmID(SECAlgorithmID*, SECKEYPrivateKey*)'    {SGN_NewContextWithAlgorithmID@@NSS_3.34}
+
+

security/nss/automation/abi-check/expected-report-libssl3.so.txt

@@ -0,0 +1,15 @@
+Functions changes summary: 0 Removed, 1 Changed, 0 Added function
+Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
+
+1 function with some indirect sub-type change:
+
+  [C]'function SECStatus SSL_GetChannelInfo(SSLChannelInfo*, PRUintn)' at sslinfo.c:26:1 has some indirect sub-type changes:
+    parameter 1 of type 'SSLChannelInfo*' has sub-type changes:
+      in pointed to type 'typedef SSLChannelInfo' at sslt.h:288:1:
+        underlying type 'struct SSLChannelInfoStr' at sslt.h:229:1 changed:
+          type size changed from 896 to 960 bits
+          2 data member insertions:
+            'SSLNamedGroup SSLChannelInfoStr::originalKeaGroup', at offset 864 (in bits) at sslt.h:281:1
+            'PRBool SSLChannelInfoStr::resumed', at offset 896 (in bits) at sslt.h:284:1
+
+

security/nss/automation/abi-check/previous-nss-release

@@ -1 +1 @@
-NSS_3_34_BRANCH
+NSS_3_33_BRANCH

security/nss/coreconf/coreconf.dep

@@ -10,3 +10,4 @@
  */
 
 #error "Do not include this header file."
+

security/nss/gtests/common/util.h

@@ -10,7 +10,7 @@
 #include <cassert>
 #include <vector>
 
-static inline std::vector<uint8_t> hex_string_to_bytes(std::string s) {
+std::vector<uint8_t> hex_string_to_bytes(std::string s) {
   std::vector<uint8_t> bytes;
   for (size_t i = 0; i < s.length(); i += 2) {
     bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));

security/nss/gtests/pk11_gtest/manifest.mn

@@ -11,7 +11,6 @@ CPPSRCS = \
       pk11_chacha20poly1305_unittest.cc \
       pk11_curve25519_unittest.cc \
       pk11_ecdsa_unittest.cc \
-      pk11_encrypt_derive_unittest.cc \
       pk11_export_unittest.cc \
       pk11_pbkdf2_unittest.cc \
       pk11_prf_unittest.cc \

security/nss/gtests/pk11_gtest/pk11_gtest.gyp

@@ -16,7 +16,6 @@
         'pk11_chacha20poly1305_unittest.cc',
         'pk11_curve25519_unittest.cc',
         'pk11_ecdsa_unittest.cc',
-        'pk11_encrypt_derive_unittest.cc',
         'pk11_pbkdf2_unittest.cc',
         'pk11_prf_unittest.cc',
         'pk11_prng_unittest.cc',

security/nss/gtests/ssl_gtest/ssl_alths_unittest.cc

@@ -0,0 +1,189 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <memory>
+#include <vector>
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#include "gtest_utils.h"
+#include "tls_connect.h"
+#include "tls_filter.h"
+#include "tls_parser.h"
+
+namespace nss_test {
+
+static const uint32_t kServerHelloVersionAlt = SSL_LIBRARY_VERSION_TLS_1_2;
+static const uint16_t kServerHelloVersionRegular =
+    0x7f00 | TLS_1_3_DRAFT_VERSION;
+
+class AltHandshakeTest : public TlsConnectStreamTls13 {
+ protected:
+  void SetUp() {
+    TlsConnectStreamTls13::SetUp();
+    client_ccs_recorder_ =
+        std::make_shared<TlsRecordRecorder>(kTlsChangeCipherSpecType);
+    server_handshake_recorder_ =
+        std::make_shared<TlsRecordRecorder>(kTlsHandshakeType);
+    server_ccs_recorder_ =
+        std::make_shared<TlsRecordRecorder>(kTlsChangeCipherSpecType);
+    server_hello_recorder_ =
+        std::make_shared<TlsInspectorRecordHandshakeMessage>(
+            kTlsHandshakeServerHello);
+  }
+
+  void SetAltHandshakeTypeEnabled() {
+    client_->SetAltHandshakeTypeEnabled();
+    server_->SetAltHandshakeTypeEnabled();
+  }
+
+  void InstallFilters() {
+    client_->SetPacketFilter(client_ccs_recorder_);
+    auto chain = std::make_shared<ChainedPacketFilter>(ChainedPacketFilterInit(
+        {server_handshake_recorder_, server_ccs_recorder_,
+         server_hello_recorder_}));
+    server_->SetPacketFilter(chain);
+  }
+
+  void CheckServerHelloRecordVersion(uint16_t record_version) {
+    ASSERT_EQ(record_version,
+              server_handshake_recorder_->record(0).header.version());
+  }
+
+  void CheckServerHelloVersion(uint16_t server_hello_version) {
+    uint32_t ver;
+    ASSERT_TRUE(server_hello_recorder_->buffer().Read(0, 2, &ver));
+    ASSERT_EQ(server_hello_version, ver);
+  }
+
+  void CheckForRegularHandshake() {
+    EXPECT_EQ(0U, client_ccs_recorder_->count());
+    EXPECT_EQ(0U, server_ccs_recorder_->count());
+    CheckServerHelloVersion(kServerHelloVersionRegular);
+    CheckServerHelloRecordVersion(SSL_LIBRARY_VERSION_TLS_1_0);
+  }
+
+  void CheckForAltHandshake() {
+    EXPECT_EQ(1U, client_ccs_recorder_->count());
+    EXPECT_EQ(1U, server_ccs_recorder_->count());
+    CheckServerHelloVersion(kServerHelloVersionAlt);
+    CheckServerHelloRecordVersion(SSL_LIBRARY_VERSION_TLS_1_2);
+  }
+
+  std::shared_ptr<TlsRecordRecorder> client_ccs_recorder_;
+  std::shared_ptr<TlsRecordRecorder> server_handshake_recorder_;
+  std::shared_ptr<TlsRecordRecorder> server_ccs_recorder_;
+  std::shared_ptr<TlsInspectorRecordHandshakeMessage> server_hello_recorder_;
+};
+
+TEST_F(AltHandshakeTest, ClientOnly) {
+  client_->SetAltHandshakeTypeEnabled();
+  InstallFilters();
+  Connect();
+  CheckForRegularHandshake();
+}
+
+TEST_F(AltHandshakeTest, ServerOnly) {
+  server_->SetAltHandshakeTypeEnabled();
+  InstallFilters();
+  Connect();
+  CheckForRegularHandshake();
+}
+
+TEST_F(AltHandshakeTest, Enabled) {
+  SetAltHandshakeTypeEnabled();
+  InstallFilters();
+  Connect();
+  CheckForAltHandshake();
+}
+
+TEST_F(AltHandshakeTest, ZeroRtt) {
+  SetAltHandshakeTypeEnabled();
+  SetupForZeroRtt();
+  SetAltHandshakeTypeEnabled();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  InstallFilters();
+
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true);
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+
+  CheckForAltHandshake();
+}
+
+// Neither client nor server has the extension prior to resumption, so the
+// client doesn't send a CCS before its 0-RTT data.
+TEST_F(AltHandshakeTest, DisabledBeforeZeroRtt) {
+  SetupForZeroRtt();
+  SetAltHandshakeTypeEnabled();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  InstallFilters();
+
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true);
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+
+  EXPECT_EQ(0U, client_ccs_recorder_->count());
+  EXPECT_EQ(1U, server_ccs_recorder_->count());
+  CheckServerHelloVersion(kServerHelloVersionAlt);
+}
+
+// Both use the alternative in the initial handshake but only the server enables
+// it on resumption.
+TEST_F(AltHandshakeTest, ClientDisabledAfterZeroRtt) {
+  SetAltHandshakeTypeEnabled();
+  SetupForZeroRtt();
+  server_->SetAltHandshakeTypeEnabled();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  InstallFilters();
+
+  ExpectResumption(RESUME_TICKET);
+  ZeroRttSendReceive(true, true);
+  Handshake();
+  ExpectEarlyDataAccepted(true);
+  CheckConnected();
+
+  CheckForRegularHandshake();
+}
+
+// If the alternative handshake isn't negotiated after 0-RTT, and the client has
+// it enabled, it will send a ChangeCipherSpec.  The server chokes on it if it
+// hasn't negotiated the alternative handshake.
+TEST_F(AltHandshakeTest, ServerDisabledAfterZeroRtt) {
+  SetAltHandshakeTypeEnabled();
+  SetupForZeroRtt();
+  client_->SetAltHandshakeTypeEnabled();
+  client_->Set0RttEnabled(true);
+  server_->Set0RttEnabled(true);
+
+  client_->ExpectSendAlert(kTlsAlertEndOfEarlyData);
+  client_->Handshake();  // Send ClientHello (and CCS)
+
+  server_->Handshake();  // Consume the ClientHello, which is OK.
+  client_->ExpectResumption();
+  client_->Handshake();  // Read the server handshake.
+  EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+
+  // Now the server reads the CCS instead of more handshake messages.
+  ExpectAlert(server_, kTlsAlertBadRecordMac);
+  server_->Handshake();
+  EXPECT_EQ(TlsAgent::STATE_ERROR, server_->state());
+  client_->Handshake();  // Consume the alert.
+  EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
+}
+
+}  // nss_test

security/nss/lib/freebl/poly1305.h

@@ -8,8 +8,6 @@
 #ifndef FREEBL_POLY1305_H_
 #define FREEBL_POLY1305_H_
 
-#include "stddef.h"
-
 typedef unsigned char poly1305_state[512];
 
 /* Poly1305Init sets up |state| so that it can be used to calculate an

security/nss/lib/nss/nss.h

@@ -22,9 +22,9 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.35" _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION "3.34" _NSS_CUSTOMIZED " Beta"
 #define NSS_VMAJOR 3
-#define NSS_VMINOR 35
+#define NSS_VMINOR 34
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
 #define NSS_BETA PR_TRUE

security/nss/lib/softoken/pkcs11.c

@@ -421,20 +421,11 @@ static const struct mechanismList mechanisms[] = {
 #endif
     /* --------------------- Secret Key Operations ------------------------ */
     { CKM_GENERIC_SECRET_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE },
-    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
+    { CKM_CONCATENATE_BASE_AND_KEY, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_CONCATENATE_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_CONCATENATE_DATA_AND_BASE, { 1, 32, CKF_GENERATE }, PR_FALSE },
+    { CKM_XOR_BASE_AND_DATA, { 1, 32, CKF_GENERATE }, PR_FALSE },
     { CKM_EXTRACT_KEY_FROM_KEY, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_DES3_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_DES3_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_AES_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_AES_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CAMELLIA_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_CAMELLIA_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_SEED_ECB_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-    { CKM_SEED_CBC_ENCRYPT_DATA, { 1, 32, CKF_DERIVE }, PR_FALSE },
-
     /* ---------------------- SSL Key Derivations ------------------------- */
     { CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE },
     { CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },