Reland http://crrev.com/209278

Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2

Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
ships 4.9.2 on stable, so this is the lower bound.

3.14.3 contains a number of important security fixes, and support for
older systems is no longer desirable.

BUG=245370
TBR=thestig@chromium.org, wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/20615002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@216296 0039d316-1c4b-4281-b951-d872f2087c98

chrome/installer/linux/debian/build.sh

@@ -288,14 +288,16 @@ fi
 rm -rf "$DUMMY_STAGING_DIR"
 
 # Additional dependencies not in the dpkg-shlibdeps output.
-ADDITION_DEPS="ca-certificates, libcurl3, \
+# Pull a more recent version of NSS than required by runtime linking, for
+# security and stability updates in NSS.
+ADDITION_DEPS="ca-certificates, libcurl3, libnss3 (>= 3.14.3), \
   lsb-base (>=3.2), xdg-utils (>= 1.0.2), wget"
 
 # Fix-up libnspr dependency due to renaming in Ubuntu (the old package still
 # exists, but it was moved to "universe" repository, which isn't installed by
 # default).
 DPKG_SHLIB_DEPS=$(sed \
-    's/\(libnspr4-0d ([^)]*)\), /\1 | libnspr4 (>= 4.8.7-0ubuntu1), /g' \
+    's/\(libnspr4-0d ([^)]*)\), /\1 | libnspr4 (>= 4.9.5-0ubuntu0), /g' \
     <<< $DPKG_SHLIB_DEPS)
 
 # Fix-up libudev dependency because Ubuntu 13.04 has libudev1 instead of

chrome/installer/linux/rpm/build.sh

@@ -124,7 +124,7 @@ do_package() {
   # https://bugzilla.novell.com/show_bug.cgi?id=556248
   DEPENDS="lsb >= 4.0, \
   libcurl.so.4${EMPTY_VERSION}${PKG_ARCH}, \
-  libnss3.so(NSS_3.12.3)${PKG_ARCH}, \
+  libnss3.so(NSS_3.14.3)${PKG_ARCH}, \
   wget, \
   xdg-utils, \
   zlib, \

crypto/nss_util.cc

@@ -384,23 +384,17 @@ class NSSInitSingleton {
     base::TimeTicks start_time = base::TimeTicks::Now();
     EnsureNSPRInit();
 
-    // We *must* have NSS >= 3.12.3.  See bug 26448.
+    // We *must* have NSS >= 3.14.3.
     COMPILE_ASSERT(
-        (NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH >= 3) ||
-        (NSS_VMAJOR == 3 && NSS_VMINOR > 12) ||
+        (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) ||
+        (NSS_VMAJOR == 3 && NSS_VMINOR > 14) ||
         (NSS_VMAJOR > 3),
         nss_version_check_failed);
     // Also check the run-time NSS version.
     // NSS_VersionCheck is a >= check, not strict equality.
-    if (!NSS_VersionCheck("3.12.3")) {
-      // It turns out many people have misconfigured NSS setups, where
-      // their run-time NSPR doesn't match the one their NSS was compiled
-      // against.  So rather than aborting, complain loudly.
-      LOG(ERROR) << "NSS_VersionCheck(\"3.12.3\") failed.  "
-                    "We depend on NSS >= 3.12.3, and this error is not fatal "
-                    "only because many people have busted NSS setups (for "
-                    "example, using the wrong version of NSPR). "
-                    "Please upgrade to the latest NSS and NSPR, and if you "
+    if (!NSS_VersionCheck("3.14.3")) {
+      LOG(FATAL) << "NSS_VersionCheck(\"3.14.3\") failed. NSS >= 3.14.3 is "
+                    "required. Please upgrade to the latest NSS, and if you "
                     "still get this error, contact your distribution "
                     "maintainer.";
     }

crypto/signature_creator_nss.cc

@@ -67,11 +67,7 @@ bool SignatureCreator::Sign(RSAPrivateKey* key,
 }
 
 bool SignatureCreator::Update(const uint8* data_part, int data_part_len) {
-  // TODO(wtc): Remove this const_cast when we require NSS 3.12.5.
-  // See NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=518255
-  SECStatus rv = SGN_Update(sign_context_,
-                            const_cast<unsigned char*>(data_part),
-                            data_part_len);
+  SECStatus rv = SGN_Update(sign_context_, data_part, data_part_len);
   if (rv != SECSuccess) {
     NOTREACHED();
     return false;

net/cert/cert_verify_proc_nss.cc

@@ -162,10 +162,6 @@ CertStatus MapCertErrorToCertStatus(int err) {
 void GetCertChainInfo(CERTCertList* cert_list,
                       CERTCertificate* root_cert,
                       CertVerifyResult* verify_result) {
-  // NOTE: Using a NSS library before 3.12.3.1 will crash below.  To see the
-  // NSS version currently in use:
-  // 1. use ldd on the chrome executable for NSS's location (ie. libnss3.so*)
-  // 2. use ident libnss3.so* for the library's version
   DCHECK(cert_list);
 
   CERTCertificate* verified_cert = NULL;
@@ -367,31 +363,6 @@ SECStatus PKIXVerifyCert(CERTCertificate* cert_handle,
   bool use_crl = check_revocation;
   bool use_ocsp = check_revocation;
 
-  // These CAs have multiple keys, which trigger two bugs in NSS's CRL code.
-  // 1. NSS may use one key to verify a CRL signed with another key,
-  //    incorrectly concluding that the CRL's signature is invalid.
-  //    Hopefully this bug will be fixed in NSS 3.12.9.
-  // 2. NSS considers all certificates issued by the CA as revoked when it
-  //    receives a CRL with an invalid signature.  This overly strict policy
-  //    has been relaxed in NSS 3.12.7.  See
-  //    https://bugzilla.mozilla.org/show_bug.cgi?id=562542.
-  // So we have to turn off CRL checking for these CAs.  See
-  // http://crbug.com/55695.
-  static const char* const kMultipleKeyCA[] = {
-    "CN=Microsoft Secure Server Authority,"
-    "DC=redmond,DC=corp,DC=microsoft,DC=com",
-    "CN=Microsoft Secure Server Authority",
-  };
-
-  if (!NSS_VersionCheck("3.12.7")) {
-    for (size_t i = 0; i < arraysize(kMultipleKeyCA); ++i) {
-      if (strcmp(cert_handle->issuerName, kMultipleKeyCA[i]) == 0) {
-        use_crl = false;
-        break;
-      }
-    }
-  }
-
   PRUint64 revocation_method_flags =
       CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD |
       CERT_REV_M_ALLOW_NETWORK_FETCHING |

net/socket/ssl_client_socket_nss.cc

@@ -1271,7 +1271,6 @@ SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(
     PRFileDesc* socket,
     PRBool checksig,
     PRBool is_server) {
-#ifdef SSL_ENABLE_FALSE_START
   Core* core = reinterpret_cast<Core*>(arg);
   if (!core->handshake_callback_called_) {
     // Only need to turn off False Start in the initial handshake. Also, it is
@@ -1293,7 +1292,6 @@ SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(
       SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE);
     }
   }
-#endif
 
   // Tell NSS to not verify the certificate.
   return SECSuccess;
@@ -2419,8 +2417,8 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
          SSL_CONNECTION_COMPRESSION_MASK) <<
         SSL_CONNECTION_COMPRESSION_SHIFT;
 
-    // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS
-    // doesn't support them yet), so we use 0x0302 and 0x0303 directly.
+    // NSS 3.14.x doesn't have a version macro for TLS 1.2 (because NSS didn't
+    // support it yet), so use 0x0303 directly.
     int version = SSL_CONNECTION_VERSION_UNKNOWN;
     if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) {
       // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL
@@ -2430,7 +2428,7 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
       version = SSL_CONNECTION_VERSION_SSL3;
     } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) {
       version = SSL_CONNECTION_VERSION_TLS1;
-    } else if (channel_info.protocolVersion == 0x0302) {
+    } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_1) {
       version = SSL_CONNECTION_VERSION_TLS1_1;
     } else if (channel_info.protocolVersion == 0x0303) {
       version = SSL_CONNECTION_VERSION_TLS1_2;
@@ -2440,10 +2438,6 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
         SSL_CONNECTION_VERSION_SHIFT;
   }
 
-  // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6.
-  // Since SSL_MAX_EXTENSIONS was added at the same time, we can test
-  // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension.
-#if defined(SSL_MAX_EXTENSIONS)
   PRBool peer_supports_renego_ext;
   ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
                                         &peer_supports_renego_ext);
@@ -2477,7 +2471,6 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
                             peer_supports_renego_ext == PR_TRUE);
     }
   }
-#endif
 
   if (ssl_config_.version_fallback) {
     nss_handshake_state_.ssl_connection_status |=
@@ -3150,25 +3143,18 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
     SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
   }
 
-#ifdef SSL_ENABLE_SESSION_TICKETS
   // Support RFC 5077
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(
         net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
   }
-#else
-  #error "You need to install NSS-3.12 or later to build chromium"
-#endif
 
-#ifdef SSL_ENABLE_FALSE_START
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
                      ssl_config_.false_start_enabled);
   if (rv != SECSuccess)
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
-#endif
 
-#ifdef SSL_ENABLE_RENEGOTIATION
   // We allow servers to request renegotiation. Since we're a client,
   // prohibiting this is rather a waste of time. Only servers are in a
   // position to prevent renegotiation attacks.
@@ -3180,14 +3166,12 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
     LogFailedNSSFunction(
         net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
   }
-#endif  // SSL_ENABLE_RENEGOTIATION
 
-#ifdef SSL_CBC_RANDOM_IV
   rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, PR_TRUE);
   if (rv != SECSuccess)
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV");
-#endif
 
+// Added in NSS 3.15
 #ifdef SSL_ENABLE_OCSP_STAPLING
   if (IsOCSPStaplingSupported()) {
     rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
@@ -3198,6 +3182,7 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
   }
 #endif
 
+// Chromium patch to libssl
 #ifdef SSL_ENABLE_CACHED_INFO
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO,
                      ssl_config_.cached_info_enabled);

net/third_party/nss/README.chromium

@@ -75,10 +75,6 @@ Patches:
     patches/cbc.patch
     https://code.google.com/p/chromium/issues/detail?id=172658#c12
 
-  * Define AES_256_KEY_LENGTH if the system blapit.h header doesn't define it.
-    Remove this patch when all system NSS packages are NSS 3.12.10 or later.
-    patches/aes256keylength.patch
-
   * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS
     versions older than 3.15 report an EC key size range of 112 bits to 571
     bits, even when it is compiled to support only the NIST P-256, P-384, and

net/third_party/nss/patches/applypatches.sh

@@ -38,8 +38,6 @@ patch -p4 < $patches_dir/secretexporterlocks.patch
 
 patch -p4 < $patches_dir/cbc.patch
 
-patch -p4 < $patches_dir/aes256keylength.patch
-
 patch -p4 < $patches_dir/suitebonly.patch
 
 patch -p4 < $patches_dir/secitemarray.patch

net/third_party/nss/ssl.gyp

@@ -68,7 +68,6 @@
         'ssl/win32err.c',
         'ssl/win32err.h',
         'ssl/bodge/secitem_array.c',
-        'ssl/bodge/secure_memcmp.c',
       ],
       'sources!': [
         'ssl/os2_err.c',

net/third_party/nss/ssl/sslsnce.c

@@ -86,11 +86,6 @@
 #include "nspr.h"
 #include "sslmutex.h"
 
-/* AES_256_KEY_LENGTH was added to blapit.h in NSS 3.12.10. */
-#ifndef AES_256_KEY_LENGTH
-#define AES_256_KEY_LENGTH      32  /* bytes */
-#endif
-
 /*
 ** Format of a cache entry in the shared memory.
 */