From ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Tue, 14 Aug 2018 07:52:35 +0200 Subject: Update NSS to 3.38 - Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code. --- security/nss/lib/util/nssutil.def | 7 ++++++- security/nss/lib/util/nssutil.h | 6 +++--- security/nss/lib/util/pkcs11t.h | 2 ++ security/nss/lib/util/secasn1d.c | 4 +++- security/nss/lib/util/secitem.c | 9 +++++++++ security/nss/lib/util/secitem.h | 8 ++++++++ 6 files changed, 31 insertions(+), 5 deletions(-) (limited to 'security/nss/lib/util') diff --git a/security/nss/lib/util/nssutil.def b/security/nss/lib/util/nssutil.def index 936455f6e..26e438ba6 100644 --- a/security/nss/lib/util/nssutil.def +++ b/security/nss/lib/util/nssutil.def @@ -322,4 +322,9 @@ _NSSUTIL_UTF8ToWide;- _NSSUTIL_Access;- ;- local: ;- *; -;-}; +;+NSSUTIL_3.38 { # NSS Utilities 3.38 release +;+ global: +SECITEM_MakeItem; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index b65d4a0c9..2749abaa1 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.36.4" +#define NSSUTIL_VERSION "3.38" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 36 -#define NSSUTIL_VPATCH 4 +#define NSSUTIL_VMINOR 38 +#define NSSUTIL_VPATCH 0 #define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/lib/util/pkcs11t.h b/security/nss/lib/util/pkcs11t.h index c945f314e..01ff8a572 100644 --- a/security/nss/lib/util/pkcs11t.h +++ b/security/nss/lib/util/pkcs11t.h @@ -466,6 +466,8 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE; #define CKA_EXPONENT_1 0x00000126 #define CKA_EXPONENT_2 0x00000127 #define CKA_COEFFICIENT 0x00000128 +/* CKA_PUBLIC_KEY_INFO is new for v2.40 */ +#define CKA_PUBLIC_KEY_INFO 0x00000129 #define CKA_PRIME 0x00000130 #define CKA_SUBPRIME 0x00000131 #define CKA_BASE 0x00000132 diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c index ccd97481d..ed237ed72 100644 --- a/security/nss/lib/util/secasn1d.c +++ b/security/nss/lib/util/secasn1d.c @@ -2987,7 +2987,9 @@ SEC_ASN1DecoderFinish(SEC_ASN1DecoderContext *cx) * XXX anything else that needs to be finished? */ - PORT_FreeArena(cx->our_pool, PR_TRUE); + if (cx) { + PORT_FreeArena(cx->our_pool, PR_TRUE); + } return rv; } diff --git a/security/nss/lib/util/secitem.c b/security/nss/lib/util/secitem.c index 22c5b1f6e..1e505a9af 100644 --- a/security/nss/lib/util/secitem.c +++ b/security/nss/lib/util/secitem.c @@ -75,6 +75,15 @@ loser: return (NULL); } +SECStatus +SECITEM_MakeItem(PLArenaPool *arena, SECItem *dest, unsigned char *data, + unsigned int len) +{ + SECItem it = { siBuffer, data, len }; + + return SECITEM_CopyItem(arena, dest, &it); +} + SECStatus SECITEM_ReallocItem(PLArenaPool *arena, SECItem *item, unsigned int oldlen, unsigned int newlen) diff --git a/security/nss/lib/util/secitem.h b/security/nss/lib/util/secitem.h index 5b9d0e174..4fb123938 100644 --- a/security/nss/lib/util/secitem.h +++ b/security/nss/lib/util/secitem.h @@ -35,6 +35,14 @@ SEC_BEGIN_PROTOS extern SECItem *SECITEM_AllocItem(PLArenaPool *arena, SECItem *item, unsigned int len); +/* Allocate and make an item with the requested contents. + * + * We seem to have mostly given up on SECItemType, so the result is + * always siBuffer. + */ +extern SECStatus SECITEM_MakeItem(PLArenaPool *arena, SECItem *dest, + unsigned char *data, unsigned int len); + /* ** This is a legacy function containing bugs. It doesn't update item->len, ** and it has other issues as described in bug 298649 and bug 298938. -- cgit v1.2.3