Revert "Update NSS to 3.35-RTM"

This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
author: wolfbeast <mcwerewolf@gmail.com> 2018-04-25 21:33:33 +0200
committer: wolfbeast <mcwerewolf@gmail.com> 2018-04-25 21:33:33 +0200
commit: fba28f19754f62b5227650143d5441fc86d4c7d7 (patch)
tree: 26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/lib/pk11wrap
parent: b4154e043bfc0d2f301d88304efc896989d650bf (diff)
download: UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip
11 files changed, 28 insertions, 88 deletions
diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c
index d1f6ec442..91339fad8 100644
--- a/security/nss/lib/pk11wrap/pk11load.c
+++ b/security/nss/lib/pk11wrap/pk11load.c
@@ -64,7 +64,8 @@ secmodUnlockMutext(CK_VOID_PTR mutext)
 static SECMODModuleID nextModuleID = 1;
 static const CK_C_INITIALIZE_ARGS secmodLockFunctions = {
     secmodCreateMutext, secmodDestroyMutext, secmodLockMutext,
-    secmodUnlockMutext, CKF_LIBRARY_CANT_CREATE_OS_THREADS | CKF_OS_LOCKING_OK,
+    secmodUnlockMutext, CKF_LIBRARY_CANT_CREATE_OS_THREADS |
+                            CKF_OS_LOCKING_OK,
     NULL
 };
 static const CK_C_INITIALIZE_ARGS secmodNoLockArgs = {
diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c
index b2101b819..8c4c5129a 100644
--- a/security/nss/lib/pk11wrap/pk11merge.c
+++ b/security/nss/lib/pk11wrap/pk11merge.c
@@ -68,11 +68,8 @@ pk11_copyAttributes(PLArenaPool *arena,
                              copyTemplate, copyTemplateCount);
     /* if we have missing attributes, just skip them and create the object */
     if (crv == CKR_ATTRIBUTE_TYPE_INVALID) {
-        CK_ULONG i, j;
+        int i, j;
         newTemplate = PORT_NewArray(CK_ATTRIBUTE, copyTemplateCount);
-        if (!newTemplate) {
-            return SECFailure;
-        }
         /* remove the unknown attributes. If we don't have enough attributes
 	 * PK11_CreateNewObject() will fail */
         for (i = 0, j = 0; i < copyTemplateCount; i++) {
@@ -1261,7 +1258,6 @@ pk11_newMergeLogNode(PLArenaPool *arena,
     /* initialize it */
     obj->slot = slot;
     obj->objectID = id;
-    obj->owner = PR_FALSE;
 
     newLog->object = obj;
     newLog->error = error;
diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c
index b97caddd4..47c56154d 100644
--- a/security/nss/lib/pk11wrap/pk11obj.c
+++ b/security/nss/lib/pk11wrap/pk11obj.c
@@ -201,6 +201,7 @@ PK11_GetAttributes(PLArenaPool *arena, PK11SlotInfo *slot,
     /* make pedantic happy... note that it's only used arena != NULL */
     void *mark = NULL;
     CK_RV crv;
+    PORT_Assert(slot->session != CK_INVALID_SESSION);
     if (slot->session == CK_INVALID_SESSION)
         return CKR_SESSION_HANDLE_INVALID;
 
@@ -1505,7 +1506,6 @@ PK11_FindGenericObjects(PK11SlotInfo *slot, CK_OBJECT_CLASS objClass)
         /* initialize it */
         obj->slot = PK11_ReferenceSlot(slot);
         obj->objectID = objectIDs[i];
-        obj->owner = PR_FALSE;
         obj->next = NULL;
         obj->prev = NULL;
 
@@ -1586,9 +1586,6 @@ PK11_DestroyGenericObject(PK11GenericObject *object)
 
     PK11_UnlinkGenericObject(object);
     if (object->slot) {
-        if (object->owner) {
-            PK11_DestroyObject(object->slot, object->objectID);
-        }
         PK11_FreeSlot(object->slot);
     }
     PORT_Free(object);
@@ -1630,9 +1627,8 @@ PK11_DestroyGenericObjects(PK11GenericObject *objects)
  * Hand Create a new object and return the Generic object for our new object.
  */
 PK11GenericObject *
-pk11_CreateGenericObjectHelper(PK11SlotInfo *slot,
-                               const CK_ATTRIBUTE *pTemplate,
-                               int count, PRBool token, PRBool owner)
+PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *pTemplate,
+                         int count, PRBool token)
 {
     CK_OBJECT_HANDLE objectID;
     PK11GenericObject *obj;
@@ -1656,40 +1652,11 @@ pk11_CreateGenericObjectHelper(PK11SlotInfo *slot,
     /* initialize it */
     obj->slot = PK11_ReferenceSlot(slot);
     obj->objectID = objectID;
-    obj->owner = owner;
     obj->next = NULL;
     obj->prev = NULL;
     return obj;
 }
 
-/* This is the classic interface. Applications would call this function to
- * create new object that would not be destroyed later. This lead to resource
- * leaks (and thus memory leaks in the PKCS #11 module).  To solve this we have
- * a new interface that automatically marks objects created on the fly to be 
- * destroyed later. 
- * The old interface is preserved because applications like Mozilla purposefully
- * leak the reference to be found later with PK11_FindGenericObjects. New 
- * applications should use the new interface PK11_CreateManagedGenericObject */
-PK11GenericObject *
-PK11_CreateGenericObject(PK11SlotInfo *slot, const CK_ATTRIBUTE *pTemplate,
-                         int count, PRBool token)
-{
-    return pk11_CreateGenericObjectHelper(slot, pTemplate, count, token,
-                                          PR_FALSE);
-}
-
-/* Use this interface. It will automatically destroy any temporary objects 
- * (token = PR_FALSE) when the PK11GenericObject is freed. Permanent objects still 
- * need to be destroyed by hand with PK11_DestroyTokenObject.
- */
-PK11GenericObject *
-PK11_CreateManagedGenericObject(PK11SlotInfo *slot,
-                                const CK_ATTRIBUTE *pTemplate, int count, PRBool token)
-{
-    return pk11_CreateGenericObjectHelper(slot, pTemplate, count, token,
-                                          !token);
-}
-
 /*
  * Change an attribute on a raw object
  */
diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c
index fc30222b3..ee20789cc 100644
--- a/security/nss/lib/pk11wrap/pk11pars.c
+++ b/security/nss/lib/pk11wrap/pk11pars.c
@@ -413,7 +413,8 @@ static const policyFlagDef policyFlagList[] = {
     /* add other signatures in the future */
     { CIPHER_NAME("SIGNATURE"), NSS_USE_ALG_IN_CERT_SIGNATURE },
     /* enable everything */
-    { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_CERT_SIGNATURE },
+    { CIPHER_NAME("ALL"), NSS_USE_ALG_IN_SSL | NSS_USE_ALG_IN_SSL_KX |
+                              NSS_USE_ALG_IN_CERT_SIGNATURE },
     { CIPHER_NAME("NONE"), 0 }
 };
 
diff --git a/security/nss/lib/pk11wrap/pk11pbe.c b/security/nss/lib/pk11wrap/pk11pbe.c
index 5f68f399e..bea9333f6 100644
--- a/security/nss/lib/pk11wrap/pk11pbe.c
+++ b/security/nss/lib/pk11wrap/pk11pbe.c
@@ -367,24 +367,7 @@ sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId)
         cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId);
 
     if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) {
-        /* Previously, the PKCS#12 files created with the old NSS
-         * releases encoded the maximum key size of AES (that is 32)
-         * in the keyLength field of PBKDF2-params. That resulted in
-         * always performing AES-256 even if AES-128-CBC or
-         * AES-192-CBC is specified in the encryptionScheme field of
-         * PBES2-params. This is wrong, but for compatibility reasons,
-         * check the keyLength field and use the value if it is 32.
-         */
-        if (p5_param.keyLength.data != NULL) {
-            length = DER_GetInteger(&p5_param.keyLength);
-        }
-        /* If the keyLength field is present and contains a value
-         * other than 32, that means the file is created outside of
-         * NSS, which we don't care about. Note that the following
-         * also handles the case when the field is absent. */
-        if (length != 32) {
-            length = sec_pkcs5v2_aes_key_length(cipherAlg);
-        }
+        length = sec_pkcs5v2_aes_key_length(cipherAlg);
     } else if (p5_param.keyLength.data != NULL) {
         length = DER_GetInteger(&p5_param.keyLength);
     } else {
diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c
index 035143af8..d753b87e5 100644
--- a/security/nss/lib/pk11wrap/pk11pk12.c
+++ b/security/nss/lib/pk11wrap/pk11pk12.c
@@ -153,6 +153,7 @@ const SEC_ASN1Template SECKEY_DHPrivateKeyExportTemplate[] = {
     { SEC_ASN1_INTEGER, offsetof(SECKEYRawPrivateKey, u.dh.prime) },
 };
 
+#ifndef NSS_DISABLE_ECC
 SEC_ASN1_MKSUB(SEC_BitStringTemplate)
 SEC_ASN1_MKSUB(SEC_ObjectIDTemplate)
 
@@ -177,6 +178,7 @@ const SEC_ASN1Template SECKEY_ECPrivateKeyExportTemplate[] = {
       SEC_ASN1_SUB(SEC_BitStringTemplate) },
     { 0 }
 };
+#endif /* NSS_DISABLE_ECC */
 
 const SEC_ASN1Template SECKEY_EncryptedPrivateKeyInfoTemplate[] = {
     { SEC_ASN1_SEQUENCE,
@@ -344,13 +346,16 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
     switch (lpk->keyType) {
         case rsaKey:
             keyType = CKK_RSA;
-            PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_UNWRAP, (keyUsage & KU_KEY_ENCIPHERMENT) ? &cktrue
+                                                                              : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
-            PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_DECRYPT, (keyUsage & KU_DATA_ENCIPHERMENT) ? &cktrue
+                                                                                : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
-            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+                                                                             : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
             PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
@@ -477,6 +482,7 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
                           lpk->u.dh.privateValue.len);
             attrs++;
             break;
+#ifndef NSS_DISABLE_ECC
         case ecKey:
             keyType = CKK_EC;
             if (lpk->u.ec.publicValue.len == 0) {
@@ -488,7 +494,8 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
                               lpk->u.ec.publicValue.len);
                 attrs++;
             }
-            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_SIGN, (keyUsage & KU_DIGITAL_SIGNATURE) ? &cktrue
+                                                                             : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
             PK11_SETATTRS(attrs, CKA_SIGN_RECOVER,
@@ -496,7 +503,8 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
                                                             : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
-            PK11_SETATTRS(attrs, CKA_DERIVE, (keyUsage & KU_KEY_AGREEMENT) ? &cktrue : &ckfalse,
+            PK11_SETATTRS(attrs, CKA_DERIVE, (keyUsage & KU_KEY_AGREEMENT) ? &cktrue
+                                                                           : &ckfalse,
                           sizeof(CK_BBOOL));
             attrs++;
             ck_id = PK11_MakeIDFromPubKey(&lpk->u.ec.publicValue);
@@ -517,6 +525,7 @@ PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
                           lpk->u.ec.publicValue.len);
             attrs++;
             break;
+#endif /* NSS_DISABLE_ECC */
         default:
             PORT_SetError(SEC_ERROR_BAD_KEY);
             goto loser;
@@ -597,6 +606,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
             paramDest = NULL;
             lpk->keyType = dhKey;
             break;
+#ifndef NSS_DISABLE_ECC
         case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
             prepare_ec_priv_key_export_for_asn1(lpk);
             keyTemplate = SECKEY_ECPrivateKeyExportTemplate;
@@ -604,6 +614,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
             paramDest = NULL;
             lpk->keyType = ecKey;
             break;
+#endif /* NSS_DISABLE_ECC */
 
         default:
             keyTemplate = NULL;
@@ -622,6 +633,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
         goto loser;
     }
 
+#ifndef NSS_DISABLE_ECC
     if (lpk->keyType == ecKey) {
         /* Convert length in bits to length in bytes. */
         lpk->u.ec.publicValue.len >>= 3;
@@ -633,6 +645,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
             goto loser;
         }
     }
+#endif /* NSS_DISABLE_ECC */
 
     if (paramDest && paramTemplate) {
         rv = SEC_ASN1DecodeItem(arena, paramDest, paramTemplate,
diff --git a/security/nss/lib/pk11wrap/pk11pub.h b/security/nss/lib/pk11wrap/pk11pub.h
index dbd8da092..edfe82f5a 100644
--- a/security/nss/lib/pk11wrap/pk11pub.h
+++ b/security/nss/lib/pk11wrap/pk11pub.h
@@ -831,10 +831,6 @@ SECStatus PK11_LinkGenericObject(PK11GenericObject *list,
                                  PK11GenericObject *object);
 SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object);
 SECStatus PK11_DestroyGenericObject(PK11GenericObject *object);
-PK11GenericObject *PK11_CreateManagedGenericObject(PK11SlotInfo *slot,
-                                                   const CK_ATTRIBUTE *pTemplate,
-                                                   int count, PRBool token);
-/* deprecated */
 PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot,
                                             const CK_ATTRIBUTE *pTemplate,
                                             int count, PRBool token);
diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c
index cf2a40a2f..1ef53e1d7 100644
--- a/security/nss/lib/pk11wrap/pk11skey.c
+++ b/security/nss/lib/pk11wrap/pk11skey.c
@@ -182,10 +182,6 @@ PK11_FreeSymKey(PK11SymKey *symKey)
     PK11SlotInfo *slot;
     PRBool freeit = PR_TRUE;
 
-    if (!symKey) {
-        return;
-    }
-
     if (PR_ATOMIC_DECREMENT(&symKey->refCount) == 0) {
         PK11SymKey *parent = symKey->parent;
 
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index c39abe17e..0a6ed6c08 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -1182,7 +1182,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
 
     /* set the slot flags to the current token values */
     slot->series++; /* allow other objects to detect that the
-                     * slot is different */
+                      * slot is different */
     slot->flags = slot->tokenInfo.flags;
     slot->needLogin = ((slot->tokenInfo.flags & CKF_LOGIN_REQUIRED) ? PR_TRUE : PR_FALSE);
     slot->readOnly = ((slot->tokenInfo.flags & CKF_WRITE_PROTECTED) ? PR_TRUE : PR_FALSE);
@@ -1471,9 +1471,6 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
             slot->hasRootCerts = PR_TRUE;
         }
     }
-    if ((slotInfo.flags & CKF_USER_PIN_INITIALIZED) != 0) {
-        slot->flags |= CKF_USER_PIN_INITIALIZED;
-    }
 }
 
 /*********************************************************************
diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c
index e316f1f1a..a962e9bb3 100644
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@@ -437,11 +437,6 @@ SECMOD_DeleteInternalModule(const char *name)
         return rv;
     }
 
-#ifdef NSS_FIPS_DISABLED
-    PORT_SetError(PR_OPERATION_NOT_SUPPORTED_ERROR);
-    return rv;
-#endif
-
     SECMOD_GetWriteLock(moduleLock);
     for (mlpp = &modules, mlp = modules;
          mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) {
@@ -960,11 +955,7 @@ SECMOD_DestroyModuleList(SECMODModuleList *list)
 PRBool
 SECMOD_CanDeleteInternalModule(void)
 {
-#ifdef NSS_FIPS_DISABLED
-    return PR_FALSE;
-#else
     return (PRBool)(pendingModule == NULL);
-#endif
 }
 
 /*
diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h
index 260e6387d..63c207929 100644
--- a/security/nss/lib/pk11wrap/secmodti.h
+++ b/security/nss/lib/pk11wrap/secmodti.h
@@ -175,7 +175,6 @@ struct PK11GenericObjectStr {
     PK11GenericObject *next;
     PK11SlotInfo *slot;
     CK_OBJECT_HANDLE objectID;
-    PRBool owner;
 };
 
 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
author	wolfbeast <mcwerewolf@gmail.com>	2018-04-25 21:33:33 +0200
committer	wolfbeast <mcwerewolf@gmail.com>	2018-04-25 21:33:33 +0200
commit	fba28f19754f62b5227650143d5441fc86d4c7d7 (patch)
tree	26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/lib/pk11wrap
parent	b4154e043bfc0d2f301d88304efc896989d650bf (diff)
download	UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip