Issue #1693 - Update NSS to 3.59.1.1

This updates to MoonchildProductions/NSS@bd49b2b88 in the repo created for our consumption of the library.
author: Moonchild <moonchild@palemoon.org> 2020-12-23 19:02:52 +0000
committer: Moonchild <moonchild@palemoon.org> 2020-12-23 19:02:52 +0000
commit: 029bcfe189eae5eebbaf58ccff4e1200dd78b228 (patch)
tree: 1c226a334ea1a88e2d1c6f949c9320eb0c3bff59 /security/nss/cmd/lib
parent: 149d2ffa779826cb48a381099858e76e4624d471 (diff)
download: UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar
UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.gz
UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.lz
UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.xz
UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.zip
4 files changed, 86 insertions, 29 deletions
diff --git a/security/nss/cmd/lib/basicutil.c b/security/nss/cmd/lib/basicutil.c
index de56fbdd9..476475d90 100644
--- a/security/nss/cmd/lib/basicutil.c
+++ b/security/nss/cmd/lib/basicutil.c
@@ -17,6 +17,7 @@
 
 #include "basicutil.h"
 #include <stdarg.h>
+#include <stddef.h>
 #include <sys/stat.h>
 #include <errno.h>
 
@@ -632,7 +633,8 @@ void
 SECU_PrintPRandOSError(const char *progName)
 {
     char buffer[513];
-    PRInt32 errLen = PR_GetErrorTextLength();
+    PRInt32 errLenInt = PR_GetErrorTextLength();
+    size_t errLen = errLenInt < 0 ? 0 : (size_t)errLenInt;
     if (errLen > 0 && errLen < sizeof buffer) {
         PR_GetErrorText(buffer);
     }
@@ -739,7 +741,6 @@ SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
     int byteval = 0;
     int tmp = PORT_Strlen(str);
 
-    PORT_Assert(arena);
     PORT_Assert(item);
 
     if ((tmp % 2) != 0) {
@@ -760,7 +761,9 @@ SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
         } else if ((str[i] >= 'A') && (str[i] <= 'F')) {
             tmp = str[i] - 'A' + 10;
         } else {
-            /* item is in arena and gets freed by the caller */
+            if (!arena) {
+                SECITEM_FreeItem(item, PR_FALSE);
+            }
             return NULL;
         }
 
diff --git a/security/nss/cmd/lib/pk11table.c b/security/nss/cmd/lib/pk11table.c
index ec5d88926..f7a45fa84 100644
--- a/security/nss/cmd/lib/pk11table.c
+++ b/security/nss/cmd/lib/pk11table.c
@@ -102,7 +102,7 @@ const Constant _consts[] = {
     mkEntry(CKF_WRAP, MechanismFlags),
     mkEntry(CKF_UNWRAP, MechanismFlags),
     mkEntry(CKF_DERIVE, MechanismFlags),
-    mkEntry(CKF_EC_FP, MechanismFlags),
+    mkEntry(CKF_EC_F_P, MechanismFlags),
     mkEntry(CKF_EC_F_2M, MechanismFlags),
     mkEntry(CKF_EC_ECPARAMETERS, MechanismFlags),
     mkEntry(CKF_EC_NAMEDCURVE, MechanismFlags),
@@ -128,7 +128,6 @@ const Constant _consts[] = {
     mkEntry(CKO_SECRET_KEY, Object),
     mkEntry(CKO_HW_FEATURE, Object),
     mkEntry(CKO_DOMAIN_PARAMETERS, Object),
-    mkEntry(CKO_KG_PARAMETERS, Object),
     mkEntry(CKO_NSS_CRL, Object),
     mkEntry(CKO_NSS_SMIME, Object),
     mkEntry(CKO_NSS_TRUST, Object),
@@ -255,8 +254,8 @@ const Constant _consts[] = {
     mkEntry2(CKA_TRUST_TIME_STAMPING, Attribute, Trust),
     mkEntry2(CKA_CERT_SHA1_HASH, Attribute, None),
     mkEntry2(CKA_CERT_MD5_HASH, Attribute, None),
-    mkEntry2(CKA_NETSCAPE_DB, Attribute, None),
-    mkEntry2(CKA_NETSCAPE_TRUST, Attribute, Trust),
+    mkEntry2(CKA_NSS_DB, Attribute, None),
+    mkEntry2(CKA_NSS_TRUST, Attribute, Trust),
 
     mkEntry(CKM_RSA_PKCS, Mechanism),
     mkEntry(CKM_RSA_9796, Mechanism),
@@ -473,16 +472,16 @@ const Constant _consts[] = {
     mkEntry(CKM_DH_PKCS_PARAMETER_GEN, Mechanism),
     mkEntry(CKM_NSS_AES_KEY_WRAP, Mechanism),
     mkEntry(CKM_NSS_AES_KEY_WRAP_PAD, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_SHA1_DES_CBC, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, Mechanism),
-    mkEntry(CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, Mechanism),
+    mkEntry(CKM_NSS_PBE_SHA1_DES_CBC, Mechanism),
+    mkEntry(CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC, Mechanism),
+    mkEntry(CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC, Mechanism),
+    mkEntry(CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC, Mechanism),
+    mkEntry(CKM_NSS_PBE_SHA1_40_BIT_RC4, Mechanism),
+    mkEntry(CKM_NSS_PBE_SHA1_128_BIT_RC4, Mechanism),
+    mkEntry(CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC, Mechanism),
+    mkEntry(CKM_NSS_PBE_SHA1_HMAC_KEY_GEN, Mechanism),
+    mkEntry(CKM_NSS_PBE_MD5_HMAC_KEY_GEN, Mechanism),
+    mkEntry(CKM_NSS_PBE_MD2_HMAC_KEY_GEN, Mechanism),
     mkEntry(CKM_TLS_PRF_GENERAL, Mechanism),
     mkEntry(CKM_NSS_TLS_PRF_GENERAL_SHA256, Mechanism),
 
@@ -520,7 +519,6 @@ const Constant _consts[] = {
     mkEntry(CKR_KEY_FUNCTION_NOT_PERMITTED, Result),
     mkEntry(CKR_KEY_NOT_WRAPPABLE, Result),
     mkEntry(CKR_KEY_UNEXTRACTABLE, Result),
-    mkEntry(CKR_KEY_PARAMS_INVALID, Result),
     mkEntry(CKR_MECHANISM_INVALID, Result),
     mkEntry(CKR_MECHANISM_PARAM_INVALID, Result),
     mkEntry(CKR_OBJECT_HANDLE_INVALID, Result),
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index 703845e98..b70a14172 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -494,23 +494,30 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
     if (ascii) {
         /* First convert ascii to binary */
         SECItem filedata;
-        char *asc, *body;
 
         /* Read in ascii data */
         rv = SECU_FileToItem(&filedata, inFile);
         if (rv != SECSuccess)
             return rv;
-        asc = (char *)filedata.data;
-        if (!asc) {
+        if (!filedata.data) {
             fprintf(stderr, "unable to read data from input file\n");
             return SECFailure;
         }
+        /* need one additional byte for zero terminator */
+        rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1);
+        if (rv != SECSuccess) {
+            PORT_Free(filedata.data);
+            return rv;
+        }
+        char *asc = (char *)filedata.data;
+        asc[filedata.len - 1] = '\0';
 
         if (warnOnPrivateKeyInAsciiFile && strstr(asc, "PRIVATE KEY")) {
             fprintf(stderr, "Warning: ignoring private key. Consider to use "
                             "pk12util.\n");
         }
 
+        char *body;
         /* check for headers and trailers and remove them */
         if ((body = strstr(asc, "-----BEGIN")) != NULL) {
             char *trailer = NULL;
@@ -528,14 +535,7 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
                 return SECFailure;
             }
         } else {
-            /* need one additional byte for zero terminator */
-            rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1);
-            if (rv != SECSuccess) {
-                PORT_Free(filedata.data);
-                return rv;
-            }
-            body = (char *)filedata.data;
-            body[filedata.len - 1] = '\0';
+            body = asc;
         }
 
         /* Convert to binary */
@@ -4159,3 +4159,57 @@ exportKeyingMaterials(PRFileDesc *fd,
 
     return SECSuccess;
 }
+
+SECStatus
+readPSK(const char *arg, SECItem *psk, SECItem *label)
+{
+    SECStatus rv = SECFailure;
+    char *str = PORT_Strdup(arg);
+    if (!str) {
+        goto cleanup;
+    }
+
+    char *pskBytes = strtok(str, ":");
+    if (!pskBytes) {
+        goto cleanup;
+    }
+    if (PORT_Strncasecmp(pskBytes, "0x", 2) != 0) {
+        goto cleanup;
+    }
+
+    psk = SECU_HexString2SECItem(NULL, psk, &pskBytes[2]);
+    if (!psk || !psk->data || psk->len != strlen(&str[2]) / 2) {
+        goto cleanup;
+    }
+
+    SECItem labelItem = { siBuffer, NULL, 0 };
+    char *inLabel = strtok(NULL, ":");
+    if (inLabel) {
+        labelItem.data = (unsigned char *)PORT_Strdup(inLabel);
+        if (!labelItem.data) {
+            goto cleanup;
+        }
+        labelItem.len = strlen(inLabel);
+
+        if (PORT_Strncasecmp(inLabel, "0x", 2) == 0) {
+            rv = SECU_SECItemHexStringToBinary(&labelItem);
+            if (rv != SECSuccess) {
+                SECITEM_FreeItem(&labelItem, PR_FALSE);
+                goto cleanup;
+            }
+        }
+        rv = SECSuccess;
+    } else {
+        PRUint8 defaultLabel[] = { 'C', 'l', 'i', 'e', 'n', 't', '_',
+                                   'i', 'd', 'e', 'n', 't', 'i', 't', 'y' };
+        SECItem src = { siBuffer, defaultLabel, sizeof(defaultLabel) };
+        rv = SECITEM_CopyItem(NULL, &labelItem, &src);
+    }
+    if (rv == SECSuccess) {
+        *label = labelItem;
+    }
+
+cleanup:
+    PORT_Free(str);
+    return rv;
+}
diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h
index c6da961e7..0bdfa9508 100644
--- a/security/nss/cmd/lib/secutil.h
+++ b/security/nss/cmd/lib/secutil.h
@@ -424,6 +424,8 @@ SECStatus exportKeyingMaterials(PRFileDesc *fd,
                                 const secuExporter *exporters,
                                 unsigned int exporterCount);
 
+SECStatus readPSK(const char *arg, SECItem *psk, SECItem *label);
+
 /*
  *
  *  Error messaging
author	Moonchild <moonchild@palemoon.org>	2020-12-23 19:02:52 +0000
committer	Moonchild <moonchild@palemoon.org>	2020-12-23 19:02:52 +0000
commit	029bcfe189eae5eebbaf58ccff4e1200dd78b228 (patch)
tree	1c226a334ea1a88e2d1c6f949c9320eb0c3bff59 /security/nss/cmd/lib
parent	149d2ffa779826cb48a381099858e76e4624d471 (diff)
download	UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.gz UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.lz UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.tar.xz UXP-029bcfe189eae5eebbaf58ccff4e1200dd78b228.zip