Update NSS to 3.41

15 files changed, 204 insertions, 12 deletions

diff --git a/security/nss/gtests/pk11_gtest/manifest.mn b/security/nss/gtests/pk11_gtest/manifest.mn
index a3dff9d10..ea7b43a2b 100644
--- a/security/nss/gtests/pk11_gtest/manifest.mn
+++ b/security/nss/gtests/pk11_gtest/manifest.mn
@@ -16,6 +16,7 @@ CPPSRCS = \
       pk11_pbkdf2_unittest.cc \
       pk11_prf_unittest.cc \
       pk11_prng_unittest.cc \
+      pk11_rsapkcs1_unittest.cc \
       pk11_rsapss_unittest.cc \
       pk11_der_private_key_import_unittest.cc \
       $(NULL)
diff --git a/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
index a4e8bedba..4072cf2b7 100644
--- a/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_aes_gcm_unittest.cc
@@ -10,7 +10,7 @@
 #include "secerr.h"
 #include "sechash.h"
 
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 #include "gcm-vectors.h"
 #include "gtest/gtest.h"
diff --git a/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
index a0226e6df..4d4250a5e 100644
--- a/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_aeskeywrap_unittest.cc
@@ -9,7 +9,7 @@
 #include "pk11pub.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 namespace nss_test {
 
@@ -129,4 +129,4 @@ TEST_F(Pkcs11AESKeyWrapTest, WrapUnwrepTest6) {
   WrapUnwrap(kKEK3, sizeof(kKEK3), kKD6, sizeof(kKD6), kC6);
 }
 
-} /* nss_test */
\ No newline at end of file
+} /* nss_test */
diff --git a/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
index dac2a41ba..07bc91ee6 100644
--- a/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc
@@ -10,7 +10,7 @@
 #include "sechash.h"
 
 #include "cpputil.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 #include "gtest/gtest.h"
 
diff --git a/security/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
new file mode 100644
index 000000000..38982fd88
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc
@@ -0,0 +1,80 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#include "gtest/gtest.h"
+
+#include <assert.h>
+#include <limits.h>
+#include <prinit.h>
+#include <nss.h>
+#include <pk11pub.h>
+
+static const size_t kKeyLen = 128 / 8;
+
+namespace nss_test {
+
+//
+// The ciper tests using the bltest command cover a great deal of testing.
+// However, Bug 1489691 revealed a corner case which is covered here.
+// This test will make multiple calls to PK11_CipherOp using the same
+// cipher context with data that is not cipher block aligned.
+//
+
+static SECStatus GetBytes(PK11Context* ctx, uint8_t* bytes, size_t len) {
+  std::vector<uint8_t> in(len, 0);
+
+  int outlen;
+  SECStatus rv = PK11_CipherOp(ctx, bytes, &outlen, len, &in[0], len);
+  if (static_cast<size_t>(outlen) != len) {
+    return SECFailure;
+  }
+  return rv;
+}
+
+TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
+  PK11SlotInfo* slot;
+  PK11SymKey* key;
+  PK11Context* ctx;
+
+  NSSInitContext* globalctx =
+      NSS_InitContext("", "", "", "", NULL,
+                      NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
+                          NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
+
+  const CK_MECHANISM_TYPE cipher = CKM_AES_CTR;
+
+  slot = PK11_GetInternalSlot();
+  ASSERT_TRUE(slot);
+
+  // Use arbitrary bytes for the AES key
+  uint8_t key_bytes[kKeyLen];
+  for (size_t i = 0; i < kKeyLen; i++) {
+    key_bytes[i] = i;
+  }
+
+  SECItem keyItem = {siBuffer, key_bytes, kKeyLen};
+
+  // The IV can be all zeros since we only encrypt once with
+  // each AES key.
+  CK_AES_CTR_PARAMS param = {128, {}};
+  SECItem paramItem = {siBuffer, reinterpret_cast<unsigned char*>(&param),
+                       sizeof(CK_AES_CTR_PARAMS)};
+
+  key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
+                          &keyItem, NULL);
+  ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, &paramItem);
+  ASSERT_TRUE(key);
+  ASSERT_TRUE(ctx);
+
+  uint8_t outbuf[128];
+  ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECSuccess);
+  ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
+
+  PK11_FreeSymKey(key);
+  PK11_FreeSlot(slot);
+  PK11_DestroyContext(ctx, PR_TRUE);
+  NSS_ShutdownContext(globalctx);
+}
+
+}  // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
index 40b536207..009c44fce 100644
--- a/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_curve25519_unittest.cc
@@ -7,7 +7,7 @@
 #include "pk11pub.h"
 
 #include "cpputil.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 #include "gtest/gtest.h"
 
diff --git a/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc
index 836cc7876..88c283317 100644
--- a/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_der_private_key_import_unittest.cc
@@ -11,7 +11,7 @@
 #include "secutil.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 namespace nss_test {
 
diff --git a/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
index fb0659852..e905f7835 100644
--- a/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_ecdsa_unittest.cc
@@ -8,7 +8,7 @@
 #include "sechash.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 #include "pk11_ecdsa_vectors.h"
 #include "pk11_signature_test.h"
diff --git a/security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
index aa92756f2..f4accac02 100644
--- a/security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_encrypt_derive_unittest.cc
@@ -8,7 +8,7 @@
 #include "prerror.h"
 #include "nss.h"
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 #include "cpputil.h"
 #include "databuffer.h"
 #include "util.h"
diff --git a/security/nss/gtests/pk11_gtest/pk11_export_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_export_unittest.cc
index e5d5ae8e9..bfd65b952 100644
--- a/security/nss/gtests/pk11_gtest/pk11_export_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_export_unittest.cc
@@ -9,7 +9,7 @@
 #include "pk11pub.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 namespace nss_test {
 
diff --git a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
index 076b4d37f..c73139b05 100644
--- a/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
+++ b/security/nss/gtests/pk11_gtest/pk11_gtest.gyp
@@ -14,12 +14,14 @@
         'pk11_aeskeywrap_unittest.cc',
         'pk11_aes_gcm_unittest.cc',
         'pk11_chacha20poly1305_unittest.cc',
+        'pk11_cipherop_unittest.cc',
         'pk11_curve25519_unittest.cc',
         'pk11_ecdsa_unittest.cc',
         'pk11_encrypt_derive_unittest.cc',
         'pk11_pbkdf2_unittest.cc',
         'pk11_prf_unittest.cc',
         'pk11_prng_unittest.cc',
+        'pk11_rsapkcs1_unittest.cc',
         'pk11_rsapss_unittest.cc',
         'pk11_der_private_key_import_unittest.cc',
         '<(DEPTH)/gtests/common/gtests.cc'
diff --git a/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
index d72f94c2c..fc055f400 100644
--- a/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_pbkdf2_unittest.cc
@@ -9,7 +9,7 @@
 #include "pk11pub.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 namespace nss_test {
 
diff --git a/security/nss/gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc
new file mode 100644
index 000000000..044d4e25e
--- /dev/null
+++ b/security/nss/gtests/pk11_gtest/pk11_rsapkcs1_unittest.cc
@@ -0,0 +1,109 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdint.h>
+#include "cryptohi.h"
+#include "nss.h"
+#include "pk11pub.h"
+
+#include "gtest/gtest.h"
+#include "nss_scoped_ptrs.h"
+#include "cpputil.h"
+
+namespace nss_test {
+
+// Test that the RSASSA-PKCS1-v1_5 implementation enforces the missing NULL
+// parameter.
+TEST(RsaPkcs1Test, RequireNullParameter) {
+  // kSpki is an RSA public key in an X.509 SubjectPublicKeyInfo.
+  const uint8_t kSpki[] = {
+      0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+      0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
+      0x89, 0x02, 0x81, 0x81, 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9,
+      0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb,
+      0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0,
+      0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef,
+      0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa,
+      0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76,
+      0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25,
+      0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79,
+      0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49,
+      0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd,
+      0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61,
+      0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
+  };
+  // kHash is the SHA-256 hash of {1,2,3,4}.
+  const uint8_t kHash[] = {
+      0x9f, 0x64, 0xa7, 0x47, 0xe1, 0xb9, 0x7f, 0x13, 0x1f, 0xab, 0xb6,
+      0xb4, 0x47, 0x29, 0x6c, 0x9b, 0x6f, 0x02, 0x01, 0xe7, 0x9f, 0xb3,
+      0xc5, 0x35, 0x6e, 0x6c, 0x77, 0xe8, 0x9b, 0x6a, 0x80, 0x6a,
+  };
+  // kSignature is the signature of kHash with RSASSA-PKCS1-v1_5.
+  const uint8_t kSignature[] = {
+      0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
+      0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
+      0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
+      0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
+      0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
+      0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
+      0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
+      0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
+      0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
+      0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
+      0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
+  };
+  // kSignature is an invalid signature of kHash with RSASSA-PKCS1-v1_5 with the
+  // NULL parameter omitted.
+  const uint8_t kSignatureInvalid[] = {
+      0x71, 0x6c, 0x24, 0x4e, 0xc9, 0x9b, 0x19, 0xc7, 0x49, 0x29, 0xb8, 0xd4,
+      0xfb, 0x26, 0x23, 0xc0, 0x96, 0x18, 0xcd, 0x1e, 0x60, 0xe8, 0x88, 0x94,
+      0x8c, 0x59, 0xfb, 0x58, 0x5c, 0x61, 0x58, 0x7a, 0xae, 0xcc, 0xeb, 0xee,
+      0x1e, 0x85, 0x7d, 0x83, 0xa9, 0xdc, 0x6f, 0x4c, 0x34, 0x5c, 0xcb, 0xd9,
+      0xde, 0x58, 0x76, 0xdf, 0x1f, 0x5e, 0xd4, 0x57, 0x5b, 0xeb, 0xaf, 0x4f,
+      0x7a, 0xa7, 0x6b, 0x21, 0xf1, 0x0a, 0x96, 0x78, 0xc7, 0xa8, 0x02, 0x7a,
+      0xc2, 0x06, 0xd3, 0x18, 0x79, 0x72, 0x6b, 0xfe, 0x2d, 0xec, 0xd8, 0x8e,
+      0x98, 0x86, 0x89, 0xf4, 0x67, 0x14, 0x2b, 0xac, 0x6d, 0xd7, 0x04, 0xd8,
+      0xab, 0x05, 0xe6, 0x51, 0xf6, 0xee, 0x58, 0x63, 0xef, 0x6a, 0x3e, 0x89,
+      0x99, 0x2a, 0x1c, 0x10, 0xc2, 0xd0, 0x41, 0x9e, 0x1e, 0x9a, 0x9a, 0x57,
+      0x32, 0x0f, 0x49, 0xb4, 0x57, 0x37, 0xa4, 0x26,
+  };
+
+  // The test vectors may be verified with:
+  //
+  // openssl rsautl -keyform der -pubin -inkey spki.bin -in sig.bin | der2ascii
+  // openssl rsautl -keyform der -pubin -inkey spki.bin -in sig2.bin | der2ascii
+
+  // Import public key.
+  SECItem spkiItem = {siBuffer, toUcharPtr(kSpki), sizeof(kSpki)};
+  ScopedCERTSubjectPublicKeyInfo certSpki(
+      SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+  ASSERT_TRUE(certSpki);
+  ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
+  ASSERT_TRUE(pubKey);
+
+  SECItem hash = {siBuffer, toUcharPtr(kHash), sizeof(kHash)};
+
+  // kSignature is a valid signature.
+  SECItem sigItem = {siBuffer, toUcharPtr(kSignature), sizeof(kSignature)};
+  SECStatus rv = VFY_VerifyDigestDirect(&hash, pubKey.get(), &sigItem,
+                                        SEC_OID_PKCS1_RSA_ENCRYPTION,
+                                        SEC_OID_SHA256, nullptr);
+  EXPECT_EQ(SECSuccess, rv);
+
+  // kSignatureInvalid is not.
+  sigItem = {siBuffer, toUcharPtr(kSignatureInvalid),
+             sizeof(kSignatureInvalid)};
+  rv = VFY_VerifyDigestDirect(&hash, pubKey.get(), &sigItem,
+                              SEC_OID_PKCS1_RSA_ENCRYPTION, SEC_OID_SHA256,
+                              nullptr);
+#ifdef NSS_PKCS1_AllowMissingParameters
+  EXPECT_EQ(SECSuccess, rv);
+#else
+  EXPECT_EQ(SECFailure, rv);
+#endif
+}
+
+}  // namespace nss_test
diff --git a/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc b/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
index 6c8c5ab4e..ed0573027 100644
--- a/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
+++ b/security/nss/gtests/pk11_gtest/pk11_rsapss_unittest.cc
@@ -10,7 +10,7 @@
 #include "sechash.h"
 
 #include "gtest/gtest.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 
 #include "pk11_signature_test.h"
 #include "pk11_rsapss_vectors.h"
diff --git a/security/nss/gtests/pk11_gtest/pk11_signature_test.h b/security/nss/gtests/pk11_gtest/pk11_signature_test.h
index 8a12171a0..0526fea55 100644
--- a/security/nss/gtests/pk11_gtest/pk11_signature_test.h
+++ b/security/nss/gtests/pk11_gtest/pk11_signature_test.h
@@ -8,7 +8,7 @@
 #include "sechash.h"
 
 #include "cpputil.h"
-#include "scoped_ptrs.h"
+#include "nss_scoped_ptrs.h"
 #include "databuffer.h"
 
 #include "gtest/gtest.h"