Bug 1748820 - land NSS 44e6341be5e8 UPGRADE_NSS_RELEASE, r=beurdouche

Differential Revision: https://phabricator.services.mozilla.com/D135690

build/moz.configure/nss.configure

@@ -9,7 +9,7 @@ system_lib_option("--with-system-nss", help="Use system NSS")
 imply_option("--with-system-nspr", True, when="--with-system-nss")
 
 nss_pkg = pkg_check_modules(
-    "NSS", "nss >= 3.74", when="--with-system-nss", config=False
+    "NSS", "nss >= 3.75", when="--with-system-nss", config=False
 )
 
 set_config("MOZ_SYSTEM_NSS", True, when="--with-system-nss")

security/nss/TAG-INFO

@@ -1 +1 @@
-NSS_3_74_RTM
+44e6341be5e8

security/nss/automation/abi-check/previous-nss-release

@@ -1 +1 @@
-NSS_3_73_BRANCH
+NSS_3_74_BRANCH

security/nss/build.sh

@@ -68,10 +68,6 @@ sslkeylogfile=1
 gyp_params=(--depth="$cwd" --generator-output=".")
 ninja_params=()
 
-# Assume that the target architecture is the same as the host by default.
-host_arch=$(python "$cwd/coreconf/detect_host_arch.py")
-target_arch=$host_arch
-
 # Assume that MSVC is wanted if this is running on windows.
 platform=$(uname -s)
 if [ "${platform%-*}" = "MINGW32_NT" -o "${platform%-*}" = "MINGW64_NT" ]; then
@@ -132,12 +128,24 @@ while [ $# -gt 0 ]; do
         --disable-keylog) sslkeylogfile=0 ;;
         --enable-legacy-db) gyp_params+=(-Ddisable_dbm=0) ;;
         --mozilla-central) gyp_params+=(-Dmozilla_central=1) ;;
+	--python) python="$2"; shift ;;
+	--python=*) python="${1#*=}" ;;
         -D*) gyp_params+=("$1") ;;
         *) show_help; exit 2 ;;
     esac
     shift
 done
 
+if [ -n "$python" ]; then
+    gyp_params+=(-Dpython="$python")
+fi
+
+if [ -z "$target_arch" ]; then
+    # Assume that the target architecture is the same as the host by default.
+    host_arch=$(${python:-python} "$cwd/coreconf/detect_host_arch.py")
+    target_arch=$host_arch
+fi
+
 # Set the target architecture and build type.
 gyp_params+=(-Dtarget_arch="$target_arch")
 if [ "$opt_build" = 1 ]; then

security/nss/cmd/addbuiltin/addbuiltin.c

@@ -552,7 +552,9 @@ main(int argc, char **argv)
 
     nickname = strdup(addbuiltin.options[opt_Nickname].arg);
 
-    NSS_NoDB_Init(NULL);
+    if (NSS_NoDB_Init(NULL) != SECSuccess) {
+        exit(1);
+    }
 
     if (addbuiltin.options[opt_Distrust].activated ||
         addbuiltin.options[opt_DistrustCRL].activated) {

security/nss/cmd/bltest/tests/ecdsa/README

@@ -1,4 +1,5 @@
-0 nistp256
-1 nistp384
-# the following tests are not yet implemented
-2 nistp521
+The files in this directory contain test-vectors for ECDSA using NIST P-256 Curve (the test-vectors from 0 to 6 included), using NIST P-384 Curve (the test-vectors from 7 to 13 included) and using NIST P-521 Curve (the test-vectors from 14 to 20 included). 
+
+The key files used for the signature contain a curve, a private key and a public key. Each key is represented as follows: Base64(len (curveID), curveID, len(privateKey), privateKey, len(publicKey), publicKey). The length is 4 bytes long. The curveID is a DER encoded OID (as stated in http://www.secg.org/sec2-v2.pdf). A public key (a point) is encoded as 0x4 || x coordinate || y coordinate, where (x, y) computed using the base point. The private key is generated randomly. To generate the test-vectors we were using Sage Math system. 
+
+The random nonces (sigseed) and the plaintexts (already as hashes) are generated randomly and encoded using Base64 encoding. The resulted ciphertexts are presented in the ciphertext files and encoded using Base64 encoding. 

security/nss/cmd/bltest/tests/ecdsa/ciphertext0

@@ -1 +1 @@
-GoWqve3YezF7HOABQjioFL/3oq32oM9pHsGTQTJE7aFE62nItVqAdg==
+g0O4OK4uKlJAlR1MDRLTBjyfxFI3PLKLYk+pJyu7gDJTgMptbhg+vZS0lgEBR7jHFDG89TymXn2bZ+NWDE6h5Q==

security/nss/cmd/bltest/tests/ecdsa/ciphertext1

@@ -1 +1 @@
-PM6xHbiwP6Xcb44mg7BHtaJvd8PkxgvHAB1sh2cF0so3naFf0Tj6vQ==
+yaMRWtXb5AUhgva2zYOq3aczhYOP5pEldcaXtbnIbARVv3o2RjdhnVl2Nq6BaL36nPdO6KZrjHm0oQoUvD2bTA==

security/nss/cmd/bltest/tests/ecdsa/ciphertext10

@@ -1,2 +1,2 @@
-AF3bbyED08NTrUgKmag9HiuUbaW0skXA/Bp9RPjRAD6M0rp3nvLDKozI940jxPP1
-nWpHF7VcyCVzJeV6
+AIlc19+p3H+s2rJ98KkTaA351Vz2pAVuMCFB1jRshJVrw4QbHS+UQ9VuSGjZLe6dTf5vBAjlfeYQ
+NGnU7yhOxU2nl3tI+9qe/MrAL76d3e0+G/jBHk8hp006TbdiBrNK

security/nss/cmd/bltest/tests/ecdsa/ciphertext11

@@ -1,2 +1 @@
-AOLrxy4FWd29ToUjOwLs6GyQ+dYZN6NkZ8oVO6dsAEXt55ePlCWZbOtmk6v9PrNG
-JOsY/MHnGhDeAGRl
+L8GGYb8eZCyjr/YAgmB7jWonjqXZ773+Iizm80wRe9PQzQKjaP3c9PiBjAJ5W8VBH8X0twayfznc/v4jozzE2PC3adIkOiIhn4TGWd0zcD/TpxeVreCEOLtCnO7ZTwGh

security/nss/cmd/bltest/tests/ecdsa/ciphertext12

@@ -1,2 +1 @@
-aQHMte9cFByD9Ff3rZOPOtPI75luPoxemmgjXIgh/9jEeoTdDk8xuAYQUkayCfs+
-DpDaGnOLkfAyZ8GcuaCujg==
+lbxmnrmyoI+SotJ0F3cTBm+XigEB12hCBhXWdLotb1juvr80ksg2komHRqzKuuyrgQbmQwTnpQfmn/Y2iNx3CsL4++UWRH77/MaleccxGjHTJ0fNoQsBTT3Pa7s+1FDg

security/nss/cmd/bltest/tests/ecdsa/ciphertext13

@@ -1,2 +1 @@
-AaeVCRJQPbpTqa1+zLd/8xAbkz3KKTr0dlS4tuGC8hc9j5esAeEv+7IklbA3v5Jz
-jC+nJy4p81iNO5E9H8nfGGckfQSiFzHG
+wRJKnt6DnqSYtMHr0HX/4v3qT2FTdLA/aY40y0Grz8Jc5aPD062+mUSSI3d43BKy3aGvJBJPXo5FfBAGZrrcPTZ4hb783D8MnRRzGnYqlP18d+HxGbhI/X3FgQvDpvoA

security/nss/cmd/bltest/tests/ecdsa/ciphertext14

@@ -1,2 +1,3 @@
-AgU0N7zJPg/1UxmCWD5Z+DqDqkRKjy4heFgayCyopb/u4XErAZArgsjashAxzMKC
-PSDJasPT90T5Va8sNtjXtSpHWxc2roV9
+AcKWiddIfeC5MGnUw8HxiW6h55HY+QgSgE2aPGdgv06hz3fF7+ibSHHWOOOKDAb+DOkDS/06fUSj
+Bz4JPrI+1S7GAfsjSDNA7FCdMMDlz6SzJ/AXtDqEnqPvuKjxkZTIWFoGcl3ckEqaXuHZQY6/ZUEC
+tU6BBedWeaZcj0VDiFDhT7VM

security/nss/cmd/bltest/tests/ecdsa/ciphertext15

@@ -1,2 +1,3 @@
-NXo8is+7lAoOwWGt7+GBbT/UX8LGs8TXEHBI+tX9311pJ4J3pfBYobgN0ZK6ZBtp
-dS6PkrPaQp0S9nrfTOS5uAH95eD1eymRfCbOnjTUKzLuIn53V17vRjdcDtLzrhzX
+ALrhfS4bAPvF9GooBRAmS5BPItf9JJxuB9kXAnqFyoTfeo9Qj2X1BsZ1lRQ9/tNm791Pg434w6XT
+jVifx3sWdo79AZ/sgRq97VGVjVLvSNPkEuDWUP0UcjHQP7sOPZS3i04pactfM2D/xI9KKTH7nF0/
+oNQGqp3kSV5pdo9tBD5kNLxP

security/nss/cmd/bltest/tests/ecdsa/ciphertext16

@@ -1,3 +1,3 @@
-ADhxjBz/ACTy4GJlL0tYZpyNpC4DsXND9lJuU7x9N7g6gkpJyBPw3vBYU1olw6PH
-dnegpgAm4Gh6MCsZB4KBcLwl1wjt4B3p2eqEqDYn5fiie5f4XuRomvI92jR5Sb+I
-nBLCHIppt/Q=
+AUpC4BhuE7JTjlHZVrtjHZgzyudEOC5/I73cN3IJREJoUi4GaD34Lbc2Uaj2I40J/imqTukMAF92
+AIhzAoPKbY7LATmfsfCzC9QJJ110ch19FxipEUEmgYi2khejzsDgSjhDP9DjUHyvnX5GCC/jGzbZ
++38Vef+1pH73V1Dk7VGPfly/

security/nss/cmd/bltest/tests/ecdsa/ciphertext17

@@ -1,3 +1,3 @@
-AGhHQ6kfdZRgu1svQTXEIewvFVglnUy6ANPumyUbM14AEfRkCUNa1uzvhV1sbWYj
-qT3egQCA9MTjThDNJeDOvvL6hVVOryUv4+C3RtkpQGCtdml+CSsjVTej8h9JbMds
-Dme40b2G6fE=
+AVu1YHSDn9uZIQcRKy79vaUtrfJb6dG6gX001BmwMnInkt3QpylrzyPScpWlMHHeNG7WhSJudTp+
+9EbcmQOvG6eUAb1cnamAm0q3oX4PlJMM50lUsX1bjSG7CEYwb0x1H9xr9fN+TgFMUgvZZXC7pY5r
+bhHlEUYQcMmRKG9ZHFc6LbEj

security/nss/cmd/bltest/tests/ecdsa/ciphertext18

@@ -1,3 +1,3 @@
-AGBuqk48tufy0bKEWpu+xEHsmi+6KCfdwOSRwLDnpVetGe9AWknHDzeTSwe0QxcE
-RsEkUZGDpxfzUlCLSSSU+ErrYY/uyLV2AJTb3prB6A2YNwdmFGeRbDoxeOu7FuQA
-3gxBQhR+TGMuskeM+BdHFmFrwvTTdHCGzjTBa5S8mbgEJTfeik/it28T/9i+duZ8
+AHC8RciYJUDbd9w/47KfKD/9pKS98cXqep7XnKi9NDRuKi1wzgnVDMiUACkRA4IRy2I1/9cNKA8o
+j17hRNbWAEO9AF2fg5BhJSNLiOAkhBCt2GvLOsBRvPX58xn4u6gWyY8oV5bFBrMQvHS2avNujgHs
+MI+/lDXXb7w6GOFiScWeX6NC

security/nss/cmd/bltest/tests/ecdsa/ciphertext19

@@ -1,3 +1,3 @@
-AaiotJfCiWU1d2LFe+t0CcWHDSF7EOlApWYJ+RNRSq8TbkXJIzi6abbb7BovtRwf
-i/COYwjS7OnkFQ6x5Pdrb7OZ0dTAdDRXAKtXWSKR20Y4fhnx/HUxisFwKrsCEQ3O
-uVtwDG8rh5V8zjBnCEcs5Iy9CsklucibR0PIyglVmW+ZuY42YNebuOC2VUKqHNF7
+AXNA1v4coiWNri0FEpHBpyDBt3IWjsaSa222ySUgcf6bz1SUIfB0DBGPZI7CZpRHl+B8oRHaD6gB
++IN6+4UI+nf+ACSsoM4ivi6HO3OcwG1uK1I93qhujMOkHSWZ27njMq6K20VbAW1WIAOwIwhEyqUc
+br/V+GZCCQgoKdmRh4Q2daOi

security/nss/cmd/bltest/tests/ecdsa/ciphertext2

@@ -1 +1 @@
-Vli8Hau3xL8oder6ZdM9Y3fMd92jbguiMq6F+9CUjlUQXy5EwAVGeg==
+tnDjU02HxiZc64bV5bXn0SY9qRc302CSEXbSojvsVWL9MDLf7n+HYoCL3KzDzc9c3Am23YkNe+UmGmyiQ2cDsQ==

security/nss/cmd/bltest/tests/ecdsa/ciphertext20

@@ -1,3 +1,3 @@
-ALAM5hGnex7TvBbSEzDlfv+n5g7aWyRyZsBbl2Y6wW1plSovbq2GcV6w1ZV1Vlot
-70zbqkKyNApvTi3xoD4Ens6pAeLMYDILwaQhnyJZWQv3etbWqUKJZNgfH1IDj03k
-n9hbjYLX3y4bc4CnrhOiv5Ab34s7M8wUYcjC+DbHwhLl/S6N
+APkk3zqRJEzbXeIJ1d7RgzkRJzgTUZwwpTDSVvSGgkMLs/vKSBnWHQk4sVGbU5lTNbgltF6sBC+1
+J2XgsiQ/xqLbAG/Bu4mbGTmWs1kaNDiDFg/BUr+au2QQSx8HbBTHZcXLmsLxNzItCS8oAlRA2Rjv
+Nq9oZNaz3rebPdt9xHXFh6bw

security/nss/cmd/bltest/tests/ecdsa/ciphertext3

@@ -1 +1 @@
-AFohw5TN/dpmqbhp/T4z1Rl1boAUA6r9eEPJbYN0zf+eHZzyvezxqjxU
+4KKGd2/fEIClyuhRwrehW6BKH0/+OQgsirRfzIcrOZvFzAfKi5khbVYxHK37tL9P5PomDbXN4Dp0AeruvBLAiA==

security/nss/cmd/bltest/tests/ecdsa/ciphertext4

@@ -1 +1 @@
-AtJdCPXn5yQW34jekhsnsNmaMOeeA3KIVl1d2+7pb6QycUAzYccgwSrp
+pnjNl+SQmTBayW5VQ+CkmKP0xnB7UTBY4RsZtkSbCeTHWSbv3i6bZPR105a0uMLG5nS/gQjyl4eH/zE+MgETpA==

security/nss/cmd/bltest/tests/ecdsa/ciphertext5

@@ -1 +1 @@
-AzEg0sOGHwxd0o3cv+o9dsRPOzXMAdpgtI6O0uUmVN2+a5qI5FYQlItz
+U9uDPGgYelgtc3AfIMnUtUUbAy0r+Gfu4Ig2RnrtlEZyEBE4VFKqwT55ScQqD5FUwjCqhjtnrKohq+FbrRejjA==

security/nss/cmd/bltest/tests/ecdsa/ciphertext6

@@ -1 +1 @@
-5+HDXH/ieN8Bzxd3dfxKZoqbbhsm7jyeqWdemt6Xy0kx+7zwSYsh9Ng5KRdy6wtA
+7ED/IZr06H2cFwgTZ3iOtg59SCsSIa4+t1DW9cwd2u1oMgkkFvPHMgQboH8aULC6lRE8aGMJZTZ6WnTYJR3hBw==

security/nss/cmd/bltest/tests/ecdsa/ciphertext7

@@ -1 +1 @@
-WcS9umnUASP0X6lHvkWJwPY37ZVvAMLBERHLjL3Vzg6QVjwcS8kDVortTFei3aTx
+b37O7Ui12JgVhBxhPsr6SVBu9WAfYgNj0VE5j8sIq7S2KH2UkLMsV87cAn0LAj58clN0lmBJXJViLyU9zptz5A/IodDm/mAY92yVr2V/SdOGdrubjqQ74giLceDaWK5G

security/nss/cmd/bltest/tests/ecdsa/ciphertext8

@@ -1,2 +1 @@
-ItpmPaGAaoe2feXPbh5+EASLGnEzyYbEnwJ+JFNSOQcoY4a/cMV2rn8FYyBsEDiZ
-LPDBU0i2uOg=
+5wrpYRET0Om1gAeZOQrqeDkWLC11pKLF2ECxWwaUD4lqDbJYKF6mfYPXz8hrrbFvfq1TQywm+Wvb9fkAofHg99tdlv5HOE0vrhIdZHyXACtJ9hAjlYYZhmp0wSjP02ZH

security/nss/cmd/bltest/tests/ecdsa/ciphertext9

@@ -1,2 +1 @@
-QjzCVGRUjulOLqeBqC5xpY0GWomOrmQUCtImY0czn98a/jHrdgsSRKiMHukBUxM1
-TIRGjkV2L+A=
+Ehmee5KL3MVy+ulw/4sw22HbIqY2pPp3V29Q7MTTSmA9xxhyLe4tuzWvio3rRFFaSiTDJUs9FJ/qN5uRrU59VtyU27jv+jXmRZGF14eW/+bI7pJ46u2I4oC/PKWrJUlg

security/nss/cmd/bltest/tests/ecdsa/key1

@@ -1,4 +1 @@
-AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGG
-r2VDwOfqb9tMninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lM
-q0RSVECCgdBOKIhB0H6VxAAAADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsA
-yALMCiXJqRVXwbq42WMuaELMW+g=
+AAAACgYIKoZIzj0DAQcAAABBBP8XY2jN9iSwGmgjiKiEJ13traQZAfQjp9gm/s1ued3vKcAUoCya7wVzoOtE+1e318eseAmUCFTmSue3oRQ4iNAAAAAgUoPXpYUpyVq3AM/eQ8krtoa+IvndvJSu2d0Wfmw4G3k=

security/nss/cmd/bltest/tests/ecdsa/key10

@@ -0,0 +1,3 @@
+AAAABwYFK4EEACIAAABhBGNmUY5lDAhCxgugJReD7Q9NWibKxv4mPCeXk90hyZKquY0U1Z6WUOEY
+PbpMei6MDGdjOUnMAfTLKa10WajMqIFgR7rInBQqZqOtpKqtFUb3ilJbiOZUnUpn4zuWoDUCFQAA
+ADD/dS8s2Bui8eTEmURjxj0bzlPVfhbPErX/BETy11xb63U48OK2obH+N5b1mJlck3w=

security/nss/cmd/bltest/tests/ecdsa/key11

@@ -0,0 +1,3 @@
+AAAABwYFK4EEACIAAABhBI+fZwvjDD9sX9mh9nLTOiy6npcJ2nzGGeDLkcSlFhsnwigQLvyMNBvP
+d7afj9P09hHRozYAf2Z0UWhCHAiFccw9GChq2eTgCvTl6jxNKsdPIHqa1+eoukMB2mLchEKk8gAA
+ADAVhVW7PB4G4UBgfYgSDrbKZ4MJaED8XCvlKjjvPHaiYlr7+le4A54annNInynW3DY=

security/nss/cmd/bltest/tests/ecdsa/key12

@@ -0,0 +1,3 @@
+AAAABwYFK4EEACIAAABhBPF9n9O34oRxht9krXuHEQFusdW2Q7XrgWTMX4w4YXasi3OXSzOHywxa
+JQ8jIXu7AcUVQTLfhSwQvswwvzvJUD1vPiJH/AZFPhQOrg8fYzsuSVs0NLQ/PW0nDqdcz9BVxAAA
+ADBfPgxyWf18Zn/ftiQfrpU/+Td0WD3QhAVYbNmRGGzP73YSLgmD8rafs1fW6NjZEOg=

security/nss/cmd/bltest/tests/ecdsa/key13

@@ -0,0 +1,3 @@
+AAAABwYFK4EEACIAAABhBN9riLgrpq184TDaWpgqnU4pYyqyTXreZQ69O2sU4GENCGN9tmsgyGi3
+lt0r4wRwchlU4cxJeO5f6XrX0dqF46s57Pw6+tFf2OCU1X0jCPn7NrYz8X9Gjw9ZrKnqESLNyQAA
+ADBIzoBK0nAaFkL9z0H/6dmakHfrRZtrZE556sN0bHbN6uo+YGv8JK4xYJ+okqorCV4=

security/nss/cmd/bltest/tests/ecdsa/key14

@@ -0,0 +1,5 @@
+AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
+jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
+nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
+MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
+DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=

security/nss/cmd/bltest/tests/ecdsa/key15

@@ -0,0 +1,4 @@
+AAAABwYFK4EEACMAAACFBAHNraBOZWsOfiIfcjggO2UgdVT/hWKgnuPNxeiBUN0y7hhWdeJDJEQw
+h8CKaKe34NwLHkI9v3srwrjjgrZhSE1C0wEqnTHutNYvzgdim0/1ez1AltxjpE2EELzUqnsrXl+V
+IbvO/SMGiUb4SPz3ddc3BDQ6uCCWkawr6CryY6fbQHSZgQAAAEIBVb3HzBg8uneljgGlyFD+6hQs
+nyNyOwYeMZTgd7pPCY43K4TGDGFtKzpDWPWjf5/TvLgxFhvzwPGLPMK5TLPtTPs=

security/nss/cmd/bltest/tests/ecdsa/key16

@@ -0,0 +1,4 @@
+AAAABwYFK4EEACMAAACFBAELM1S0u6wWCy7/Alg1B/a3VSSnO42mKq/7Eydq+ae+nqhLUa7tX7Vv
+e6N1uWdJOX4t1ZwdHKyQUrrcR2ZhXCymmABTwSVTmcqRRIALlehX+Z24mE1hMyxJwlJAGOmDNpXg
+aWhBXQXu10vqQVfWqOER5OdvZlSMDlsHVmldgTxFi/tw8wAAAEIBc6g47xXFFvgOcqgikHnuMm+4
+F4YmKLbIXuCAlVqeMtlGG4utC4jeX2BKgsVoifsL1amJM4NNP9PJmeXHjtJKpRo=

security/nss/cmd/bltest/tests/ecdsa/key17

@@ -0,0 +1,4 @@
+AAAABwYFK4EEACMAAACFBADPXFUBwFhZPy1f6FaZu6IWEDpPRh0UmxGsbBYyXGXme/zgR9masrLY
+Q9SmgR9I+qfl2tpBjmwB8ltoNjcxyJGg+QFAdH/rM+0TRJo6qDm7uJNzY5mloOsKVgefekfMEPdX
+A2Sn2FVafJLZW7A6R6GvxRX5btTgjM6/XfnJaHr47DFBMwAAAEIAwzmBaAc3LPeoyPzcX70vAo6T
+jfI7tvA+N3DXvynLTcKWYZjIilMIqsNn7u+eMQ0xDM45im6j3yPcATmgGzUDam4=

security/nss/cmd/bltest/tests/ecdsa/key18

@@ -0,0 +1,4 @@
+AAAABwYFK4EEACMAAACFBAFieatjCQKes5RNySyOxoR3TvNJ9tDAHwsR9RZJM4S3At6tU3fe8Pql
+yPt1eibbLvh7wgELngpPmoIRVWGG4LbCiQGHsWFJtpZQ2bs7BHGHT7L/t+vGqOUtvubTLq+xfTgW
+pUj0epQp+M8ZD0Fd622S4hODtlmPae695+yzNfUub4AjrAAAAEIBDMKWdudLb+7AriZjMEir6Qr+
+JUw6SG5KjiAi3nYymFRqr7tRGwUTkvX1Q64lMV7BgJ1Ch9qW6J11g4H6vtbGxLc=

security/nss/cmd/bltest/tests/ecdsa/key19

@@ -0,0 +1,4 @@
+AAAABwYFK4EEACMAAACFBAFRn1tqa8+H8gsEY6SDyUIg7L0ssJAePQcx1ADEbqorSXraND7BecWW
+fdzB/l3KbHXcFWAySIEhHJsxiaZEkoiOlQHKvTgw4WVzThQ09xcPBxP01R2Z29jRvoR6dh0vwCt6
+/Yw8Bt5DkafIV3fhrGSQcAPHNomub9yKoSrntNzgPBPZKQAAAEIBBeO8oosJMamU5b7R5LVAkl+J
+WEpiwFKGyK9svHBF5xbBy5HSFxt0tKXCzkhaJhu/tXGyeSedFATSTznrUR71tYU=

security/nss/cmd/bltest/tests/ecdsa/key2

@@ -1,5 +1 @@
-AAAABwYFK4EEACMAAACFBAHLMSpMFVyG6mXE7SZ5O5Bwv4d8/QiAB3BzpXkyrU1W
-jJ9O9uOYTXM+cFtF5v56+LsI4yGkaAl9+RF6lFPjrhpIswCmBmEqMBgZpjoz38my
-nLHBI9MaFF8AHkRQwD3LJLo4eSZHOVkdIvDYLwicdlgr0zD3Nf76/HB1+0DkBGqE
-MyG22gAAAEIAFah7z179UbqqdH68pzdZsP1ChXjtYZ11rBM0+HP7yLirxH3ahKTt
-DjsY19GEjz4gKsaLfLiQ1/Dp+VKVLcBKpk0=
+AAAACgYIKoZIzj0DAQcAAABBBGVG3cGzcX5hDchx/w8PZLuMMc2P6qlhzbfzWvtxVTkEd7MQ9deN7hIlyVUYk198Q2PQIRTiWtRVYA7bRwIlRCIAAAAggL+HbIocY2czS/UJE8y5lYKptWxLz7l2nkDCicqb3BM=

security/nss/cmd/bltest/tests/ecdsa/key20

@@ -0,0 +1,4 @@
+AAAABwYFK4EEACMAAACFBAAO18BJbSwNGxuZotCaEE2ZRutYNruikxsjqbXE5WtbyED65bllWUzD
+iCi9kn+r7avAL/ld+qDoTme1Pmzt+BSreQBBird/RGH5XIDuge8UQjnNMUPu6Iu4/j4DcoDuewtG
+O2y44isoGdRvOc3Iw9jQULJ5VtJtuCMmsIleglJ9gjAO9QAAAEIBPQClifuzZvzcrw4Hahu1UH3o
+A1m6xnJUK9JL8B/tZmUCdUwBevXHQ1xIajGxVka1DnYC7KzfgoqTJQhZnmejCOY=

security/nss/cmd/bltest/tests/ecdsa/key3

@@ -0,0 +1 @@
+AAAACgYIKoZIzj0DAQcAAABBBNgKE5o33CAcWXYgyE967xgyVCx/Ny3T+46oDsNoGguKssq2oVqlhpDwJeuwcSWjFUADuZKdpfGsfsCZwoG2oTsAAAAgc1T8iAilEQPJwL3QLVoSYH+gj9WyaMIzlEXb/BdDXHA=

security/nss/cmd/bltest/tests/ecdsa/key4

@@ -0,0 +1 @@
+AAAACgYIKoZIzj0DAQcAAABBBF5bq/2D0xa1ImD8HKoGiWLNU2p7HOegQcYVROWRQQyzFl3UOtrjQVHsef4oKfo8G3eHWAJRVc+iuLyvGOPQXl8AAAAgjzwuwj9STrQmn1vaUjll1jDQe6K/cH0F2IbIuFImXgQ=

security/nss/cmd/bltest/tests/ecdsa/key5

@@ -0,0 +1 @@
+AAAACgYIKoZIzj0DAQcAAABBBFB50pPWkcrENLddIYxsb/1DyEEFqk+k3NODT7NfrgDPmP+rgdYQS8dpSTDMLio+lS9BWAHEXPLJpY9RuSkjlD8AAAAgP9tI3QDXD5JFPCNfxYRSiQCsvwH+rKefnaKPUOBqIcM=

security/nss/cmd/bltest/tests/ecdsa/key6

@@ -0,0 +1 @@
+AAAACgYIKoZIzj0DAQcAAABBBMaKRuPseagu0jdyGJMGK/v/R3hGN2Jgsx0nLOKxDQTjD96BClG7fFOf4KlWY5+SVvIa+ySmH95oOEvlvFw/O7QAAAAg9pRcgToGhu2rwCf97g7rWxMv8ZM+nn7KhN1ChI25xuU=

security/nss/cmd/bltest/tests/ecdsa/key7

@@ -0,0 +1,3 @@
+AAAABwYFK4EEACIAAABhBLWMJG3t4khPYcsl3H492rAqukJ1RqJm27pqpN54rFGGr2VDwOfqb9tM
+ninq8IyOh42eaaVOEPXXu4Q/ATWBEfrbTRBjTpzAE2SSPuQma0lMq0RSVECCgdBOKIhB0H6VxAAA
+ADA3WPjUaMWCS9E5KbVDrEcf5CV5tCNNWJQkwjsAyALMCiXJqRVXwbq42WMuaELMW+g=

security/nss/cmd/bltest/tests/ecdsa/key8

@@ -0,0 +1,3 @@
+AAAABwYFK4EEACIAAABhBFAOD4kkHmLG2ASSN8n3K/R/ZNOKl8egsJUv+l2KNicOjOJqwTnhi1gN
+0gFX6tV0ZN9IEzj48bvMG3T9goEptgk5GWVMZv4tbsctnWzO6xEOD3szB0rWc+0Gdc9ZNxVuWQAA
+ADBMZ8FYtBjL0iyvCuK3sv7SKqjPBlRap0IhzlhGq8yROlBNj9O9T+SbVPqSGg4dca0=

security/nss/cmd/bltest/tests/ecdsa/key9

@@ -0,0 +1,3 @@
+AAAABwYFK4EEACIAAABhBHwN4O5s8oMHEZRW9Cw25pBY1wN3aEA1FhY+YB6pGuRWW2gyR8gER0LJ
+iaL678GU9dRO6M3vqtxUXtmS/f3RkvsV/kcQa5tod5G7EPGzcnnhxB4jQ7s+eVtDEE3LQRm54AAA
+ADA4ahA2Ems2zcznoW2Ogdv9XOTfuVU5cx7RvcygOqljsXs7kMIiK0g7ChP9AgRcmmM=

security/nss/cmd/bltest/tests/ecdsa/plaintext1

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+70+lqMS2yiBPPask+j3Iru0I+CBps0dkxKYv9wkKN/0=

security/nss/cmd/bltest/tests/ecdsa/plaintext10

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+O7xOr9dtXLrVOUwnoZuOamJoksOCu/AJQl7vnM5nKBrG+MiyB6tT0QinvJf/V/Dg

security/nss/cmd/bltest/tests/ecdsa/plaintext11

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+2Ea3W3p+4T9F8jQ3u1sB08h45Icn0g0XZdAkqkZAl8C+bNRt7HFD2yelVjO1n2++

security/nss/cmd/bltest/tests/ecdsa/plaintext12

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+7tI6LK4h3omU9JIsy3YQ5D35Q6bvA7SSHC5dfr7HRHVBO0aHG8LvB/MmUeSKC1Lx

security/nss/cmd/bltest/tests/ecdsa/plaintext13

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+V3J3ZsDxwglKTddpj0cZb+iDqOyJ6GeQqJAkPW9bFwAmsD2UVBntvKR4kQsk7CQR

security/nss/cmd/bltest/tests/ecdsa/plaintext15

@@ -1 +1,2 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+ASGhzaNwWzEVNsr0G7vLgzHLmwanZp/58qj/yrcC711bn6cAzVnm0yD7klFyypW55PmE07T0b45D
+0hMzO3URX8kY

security/nss/cmd/bltest/tests/ecdsa/plaintext16

@@ -1 +1,2 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+ACU0to4fsw+gcz5fwzPuRGxbnh1wk0kNPbk09Bg7zarJb/0SnZf0RL/JciIZXS0mfZwBprfYcLss
+g5E09EiLyYPE

security/nss/cmd/bltest/tests/ecdsa/plaintext17

@@ -1 +1,2 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+AHFZ+2hr7LE73SrITnxBdRIAQuIhe9sJv2IjH6mZ63hz7B0lUZBRq1L1UZYCMiJcySQE72fm58qD
+HBTp4TZFT4i6

security/nss/cmd/bltest/tests/ecdsa/plaintext18

@@ -1 +1,2 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+ASwIYky567pL6O3quwElPDfKVZO/7mDgYfyTfDXPdgzshZy5m0m9QeBHyt+nR0tHHEQGGm+fyhD2
+j3ymdPPQ7vhO

security/nss/cmd/bltest/tests/ecdsa/plaintext19

@@ -1 +1,2 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+AeL/vCfQJqo6G0cKf4JP85zORGd2wDp47NI8jilqs3hPzN0DRV322Kgwpn1Wm819FP6zOiMgtw+p
+lKiA2AoX9vA1

security/nss/cmd/bltest/tests/ecdsa/plaintext2

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+SfpXl5Llf4iquhkXy4lshoIqoSbnaBB+PxGW17x99sU=

security/nss/cmd/bltest/tests/ecdsa/plaintext20

@@ -1 +1,2 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+ANDejmBr18vwOj5bRuaVvsbCJsJUnsY0h7meGKBmehWiaSzEy+Uk3frUxD+jFwB3QJ+y00mfjJHk
+gcQTb1dNKtk7

security/nss/cmd/bltest/tests/ecdsa/plaintext3

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+5zRhgEl3WocyPf53pVA08iC9rhwsXNu6esNgfNOd09A=

security/nss/cmd/bltest/tests/ecdsa/plaintext4

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+CbvtewBEVhbGdugFywOCh7YyM/99PoGsqgmM100hFok=

security/nss/cmd/bltest/tests/ecdsa/plaintext5

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+cROiGlKZaGbm1nfrM2L8YXXX9l+h4IkQtI5ovo66Vm0=

security/nss/cmd/bltest/tests/ecdsa/plaintext6

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+nBtD5rFYJ+4NmPw6qfeAxfcjl+UtcHJ6AtXgnC04Kck=

security/nss/cmd/bltest/tests/ecdsa/plaintext8

@@ -1 +1,2 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+Mxl2AoAoODkjI3BRRJhERyaYl3mGdClyckJTOYg3ApBlAXdQY2mQJmOXQDiUiXhyGEIyEWWRcJJI
+GQ==

security/nss/cmd/bltest/tests/ecdsa/plaintext9

@@ -1 +1 @@
-qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
+cxSK1gNt4qh6Q/YMYTPGb06yvMmOA8CdF2Fe+TA3KWu9Sma4Uw60bsNiUXVfGJaG

security/nss/cmd/bltest/tests/ecdsa/sigseed1

@@ -1 +1 @@
-aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
++uIjgHPQK45HEoD6scaacINDhCSlavy/LOQstFOjA9I=

security/nss/cmd/bltest/tests/ecdsa/sigseed10

@@ -1 +1 @@
-fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
+Ee3Cm8MeIculRkFplZnPEv7gBCPRTq+C9g55xgfw6XlEDgwQ2O4sW0QBpSbV1bkE

security/nss/cmd/bltest/tests/ecdsa/sigseed11

@@ -1 +1 @@
-fjIzMWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA=
+eacQrgxAKTRE67OWEAIn1PiBGMjr1MHrAvugBZGvWLWj0qpJK7ysGrP5AUU5knA6

security/nss/cmd/bltest/tests/ecdsa/sigseed12

@@ -1 +1 @@
-/jI1NmJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDk=
+OZyWwfeQNAwuldqcxrvG6D1U53pto7nNeBtFOxWApMAsfy8znVlNJ392yPOYFXR1

security/nss/cmd/bltest/tests/ecdsa/sigseed13

@@ -1 +1 @@
-ATI4MWJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBi
+E5M7txkzv3/JJzgkWgYkjSb+auo3diREUK6QtEe5tUovRinB9D62rwsUnYO4Zh9h

security/nss/cmd/bltest/tests/ecdsa/sigseed15

@@ -1 +1,2 @@
-/jM4NGJpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDEx
+AWTDEcA39i86TZu4RjBbkDE4Bo0PcPsy3Vs7uSpfEpzG1za21tk7778bg0zjh+Cn40uqfG0F47do
+hMKNtshEivBN

security/nss/cmd/bltest/tests/ecdsa/sigseed16

@@ -1 +1,2 @@
-fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
+ASnw0hIQ2FzntL2vHcZrIFWeJHVhlPlIBQformN6nv8vzp7a9/hqIudPY/uHv001e9ryEuczmG36
+cgjmxOTEca2X

security/nss/cmd/bltest/tests/ecdsa/sigseed17

@@ -1 +1,2 @@
-fjQwN2JpdHNPZlRleHQwMTAyMDMwNDA1MDYwNzA4MDkwYTBiMGMwZDBlMGYxMDExMTIx
+AKdGyvpvfzX4pI3TBFsTbVyLLlOoVQXpvz8xYLGB6n/bMEe3pLpsb8lRCbVuS/9agXzY3XZN27PX
+tf3CclGx4rbW

security/nss/cmd/bltest/tests/ecdsa/sigseed18

@@ -1,2 +1,2 @@
-PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
-MTQxNTE2MTcxODE5MWExYjE=
+AUr+RxF9oCVYkIwufo/WMRy6x4ftZlTojmEwUIQ3XS/tEtsqOJmvSKB304R1P6hpdghAYUVQ5Lf0
+P8BheUDuOLE5

security/nss/cmd/bltest/tests/ecdsa/sigseed19

@@ -1,2 +1,2 @@
-PjU2NmJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
-MTQxNTE2MTcxODE5MWExYjE=
+AJWl5lI4w6SWNnOAIM5JG2/zJlLmG8KtuVy0LALG0geNHjNuh6WOjmBMOB0Ru14m/nvVp/AOXOaD
+NXbhZaCuuwoX

security/nss/cmd/bltest/tests/ecdsa/sigseed2

@@ -1 +1 @@
-aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
+a5F2DtjzM797shbFrp7g4O/tBT9jdtljEWKhnldZOak=

security/nss/cmd/bltest/tests/ecdsa/sigseed20

@@ -1,2 +1,2 @@
-/jUyMGJpdHNPZlRleHQwMDAxMDIwMzA0MDUwNjA3MDgwOTBhMGIwYzBkMGUwZjEwMTExMjEz
-MTQxNTE2MTcxODE=
+ABJ+5ak5x4Npkzxcq1hRKJjhKjIy4jVkVDhgZ9+3p+1ItpbJxsWMlVD835yQyeW/lFOENrcLo2Qw
+RyNEPndnPG5D

security/nss/cmd/bltest/tests/ecdsa/sigseed3

@@ -1 +1 @@
-aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
+IV8M637yzsL+KYLyALkf92O+euGBw9PrMopiHcb/SJU=

security/nss/cmd/bltest/tests/ecdsa/sigseed4

@@ -1 +1 @@
-aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
+ZxclhYSFGNGLM7tZ1Z5k39ZVXiWCnd/PnsVUza3O/WQ=

security/nss/cmd/bltest/tests/ecdsa/sigseed5

@@ -1 +1 @@
-aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
+gbPop+RXoXIuYeNAb+IGgLwdTE1AnhG7LsPkfETvayQ=

security/nss/cmd/bltest/tests/ecdsa/sigseed6

@@ -1 +1 @@
-/jE5MmJpdHNPZlRleHQwMDAwMDAwMDAw
+WAHT3XYcVbT0ZB5MxfUo9636BVA4JkEKcYBFhQvIWkQ=

security/nss/cmd/bltest/tests/ecdsa/sigseed8

@@ -1 +1 @@
-/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
+LLGTvUo3kUNR3qdAVcvKCDEFPT/ialozxy0RY3aJJxkJJ3NpuXl3l7v6dUo51/qg

security/nss/cmd/bltest/tests/ecdsa/sigseed9

@@ -1 +1 @@
-/jIyNGJpdHNPZlRleHQwMDAwMDAwMDAwMDAwMA==
+3pch8aH8+9zNR8+8P8gS0ftX0dqTkzExF1x4TkKfnYUfttwtkU0D1ge62Hg0tiVr

security/nss/cmd/crlutil/crlutil.c

@@ -1044,7 +1044,10 @@ main(int argc, char **argv)
     PK11_SetPasswordFunc(SECU_GetModulePassword);
 
     if (showFileCRL) {
-        NSS_NoDB_Init(NULL);
+        rv = NSS_NoDB_Init(NULL);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
     } else {
         secstatus = NSS_Initialize(SECU_ConfigDirectory(NULL), dbPrefix, dbPrefix,
                                    "secmod.db", readonly ? NSS_INIT_READONLY : 0);

security/nss/cmd/makepqg/makepqg.c

@@ -295,7 +295,9 @@ main(int argc, char **argv)
         outFile = stdout;
     }
 
-    NSS_NoDB_Init(NULL);
+    if (NSS_NoDB_Init(NULL) != SECSuccess) {
+        return 1;
+    }
 
     if (keySizeInBits > 1024 || qSizeInBits != 0) {
         rv = PK11_PQG_ParamGenV2((unsigned)keySizeInBits,
@@ -340,6 +342,9 @@ main(int argc, char **argv)
 
     PK11_PQG_DestroyParams(pqgParams);
     PK11_PQG_DestroyVerify(pqgVerify);
+    if (NSS_Shutdown() != SECSuccess) {
+        return 1;
+    }
     return 0;
 
 loser:

security/nss/cmd/pk11gcmtest/pk11gcmtest.c

@@ -439,10 +439,13 @@ loser:
 int
 main(int argc, char **argv)
 {
-    if (argc < 2)
-        exit(1);
+    if (argc < 2) {
+        return 1;
+    }
 
-    NSS_NoDB_Init(NULL);
+    if (NSS_NoDB_Init(NULL) != SECSuccess) {
+        return 1;
+    }
 
     /*************/
     /*   AES     */
@@ -455,6 +458,8 @@ main(int argc, char **argv)
         }
     }
 
-    NSS_Shutdown();
+    if (NSS_Shutdown() != SECSuccess) {
+        return 1;
+    }
     return 0;
 }

security/nss/cmd/sdbthreadtst/sdbthreadtst.c

@@ -196,13 +196,17 @@ main(int argc, char **argv)
         if (status != PR_SUCCESS) {
             ERROR++;
             fprintf(stderr,
-                    "PR_CreateThread filed iteration %d, %s]n", i,
+                    "PR_CreateThread filed iteration %d, %s\n", i,
                     PORT_ErrorToString(PORT_GetError()));
         }
     }
+    if (NSS_Shutdown() != SECSuccess) {
+        ERROR++;
+        fprintf(stderr, "NSS_Shutdown failed: %s\n",
+                PORT_ErrorToString(PORT_GetError()));
+    }
     printf("%d failures and %d errors found\n", FAILED, ERROR);
     /* clean up */
-    NSS_Shutdown();
     if (FAILED) {
         exit(1);
     }

security/nss/cmd/ssltap/ssltap.c

@@ -2580,6 +2580,8 @@ main(int argc, char *argv[])
                    get_time_string());
     } while (looparound); /* accept connection and process it. */
     PR_Close(s_rend);
-    NSS_Shutdown();
+    if (NSS_Shutdown() != SECSuccess) {
+        return 1;
+    }
     return 0;
 }

security/nss/coreconf/config.gypi

@@ -136,6 +136,7 @@
     'coverage%': 0,
     'softfp_cflags%': '',
     'enable_draft_hpke%': 0,
+    'force_integrated_as%': 0,
   },
   'target_defaults': {
     # Settings specific to targets should go here.

security/nss/coreconf/coreconf.dep

@@ -10,3 +10,4 @@
  */
 
 #error "Do not include this header file."
+

security/nss/cpputil/databuffer.h

@@ -32,6 +32,15 @@ class DataBuffer {
     }
     return *this;
   }
+  DataBuffer& operator=(DataBuffer&& other) {
+    if (this == &other) {
+      data_ = other.data_;
+      len_ = other.len_;
+      other.data_ = nullptr;
+      other.len_ = 0;
+    }
+    return *this;
+  }
 
   void Allocate(size_t l) {
     delete[] data_;

security/nss/cpputil/nss_scoped_ptrs.h

@@ -8,8 +8,10 @@
 #define nss_scoped_ptrs_h__
 
 #include <memory>
+
 #include "cert.h"
 #include "keyhi.h"
+#include "nss.h"
 #include "p12.h"
 #include "pk11hpke.h"
 #include "pk11pqg.h"
@@ -54,6 +56,7 @@ struct ScopedDelete {
   void operator()(SEC_PKCS12DecoderContext* dcx) {
     SEC_PKCS12DecoderFinish(dcx);
   }
+  void operator()(NSSInitContext* init) { NSS_ShutdownContext(init); }
 };
 
 template <class T>
@@ -75,6 +78,7 @@ SCOPED(CERTDistNames);
 SCOPED(CERTName);
 SCOPED(CERTSubjectPublicKeyInfo);
 SCOPED(HpkeContext);
+SCOPED(NSSInitContext);
 SCOPED(PK11Context);
 SCOPED(PK11GenericObject);
 SCOPED(PK11SlotInfo);

security/nss/doc/rst/releases/nss_3_68_1.rst

@@ -0,0 +1,62 @@
+.. _mozilla_projects_nss_nss_3_68_1_release_notes:
+
+NSS 3.68.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.68.1 (ESR) was released on **1 December 2021**.
+
+   **This release contains an important security fix for CVE-2021-43527:**
+
+   https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_68_1_RTM. NSS 3.68.1 requires NSPR 4.32 or newer.
+
+   NSS 3.68.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.68.1:
+
+`Changes in NSS 3.68.1 <#changes_in_nss_3.68.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1735028 - Check for missing signedData field.
+   - Bug 1737470 - Ensure DER encoded signatures are within size limits.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.68.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/doc/rst/releases/nss_3_68_2.rst

@@ -0,0 +1,57 @@
+.. _mozilla_projects_nss_nss_3_68_2_release_notes:
+
+NSS 3.68.2 (ESR) release notes
+==============================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.68.2 (ESR) was released on **15 December 2021**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_68_2_RTM. NSS 3.68.2 requires NSPR 4.32 or newer.
+
+   NSS 3.68.2 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_2_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.68.2:
+
+`Changes in NSS 3.68.2 <#changes_in_nss_3.68.2>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.68.2 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/doc/rst/releases/nss_3_72_1.rst

@@ -0,0 +1,57 @@
+.. _mozilla_projects_nss_nss_3_72_1_release_notes:
+
+NSS 3.72.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.72.1 was released on **15 December 2021**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_72_1_RTM. NSS 3.72.1 requires NSPR 4.32 or newer.
+
+   NSS 3.72.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_72_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.72.1:
+
+`Changes in NSS 3.72.1 <#changes_in_nss_3.72.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.72.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/doc/rst/releases/nss_3_73.rst

@@ -0,0 +1,65 @@
+.. _mozilla_projects_nss_nss_3_73_release_notes:
+
+NSS 3.73 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.73 was released on **1 December 2021**.
+
+   **This release contains an important security fix for CVE-2021-43527:**
+
+   https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_73_RTM. NSS 3.73 requires NSPR 4.32 or newer.
+
+   NSS 3.73 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_73_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.73:
+
+`Changes in NSS 3.73 <#changes_in_nss_3.73>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 1735028 - Check for missing signedData field.
+   - Bug 1737470 - Ensure DER encoded signatures are within size limits.
+   - Bug 1729550 - NSS needs FiPS 140-3 version indicators.
+   - Bug 1692132 - pkix_CacheCert_Lookup doesn't return cached certs.
+   - Bug 1738600 - Sunset Coverity from NSS.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.73 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/doc/rst/releases/nss_3_73_1.rst

@@ -0,0 +1,57 @@
+.. _mozilla_projects_nss_nss_3_73_1_release_notes:
+
+NSS 3.73.1 release notes
+========================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.73.1 was released on **15 December 2021**.
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_73_1_RTM. NSS 3.73.1 requires NSPR 4.32 or newer.
+
+   NSS 3.73.1 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_73_1_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.73.1:
+
+`Changes in NSS 3.73.1 <#changes_in_nss_3.73.1>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 966856 - Add SHA-2 support to mozilla::pkix's OCSP implementation.
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.73.1 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/doc/rst/releases/nss_3_74.rst

@@ -0,0 +1,77 @@
+.. _mozilla_projects_nss_nss_3_74_release_notes:
+
+NSS 3.74 release notes
+======================
+
+`Introduction <#introduction>`__
+--------------------------------
+
+.. container::
+
+   Network Security Services (NSS) 3.74 was released on **6 January 2022**.
+
+
+.. _distribution_information:
+
+`Distribution Information <#distribution_information>`__
+--------------------------------------------------------
+
+.. container::
+
+   The HG tag is NSS_3_74_RTM. NSS 3.74 requires NSPR 4.32 or newer.
+
+   NSS 3.74 source distributions are available on ftp.mozilla.org for secure HTTPS download:
+
+   -  Source tarballs:
+      https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_74_RTM/src/
+
+   Other releases are available :ref:`mozilla_projects_nss_releases`.
+
+.. _changes_in_nss_3.74:
+
+`Changes in NSS 3.74 <#changes_in_nss_3.74>`__
+----------------------------------------------------
+
+.. container::
+
+   - Bug 966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses.
+   - Bug 1553612 - Ensure clients offer consistent ciphersuites after HRR.
+   - Bug 1721426 - NSS does not properly restrict server keys based on policy.
+   - Bug 1733003 - Set nssckbi version number to 2.54.
+   - Bug 1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate in NSS.
+   - Bug 1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate in NSS.
+   - Bug 1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate in NSS.
+   - Bug 1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate in NSS.
+   - Bug 1735407 - Replace GlobalSign ECC Root CA R4 in NSS.
+   - Bug 1733560 - Remove Expired Root Certificates from NSS - DST Root CA X3.
+   - Bug 1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates from NSS.
+   - Bug 1741930 - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate to NSS.
+   - Bug 1740095 - Add iTrusChina ECC root certificate to NSS.
+   - Bug 1740095 - Add iTrusChina RSA root certificate to NSS.
+   - Bug 1738805 - Add ISRG Root X2 root certificate to NSS.
+   - Bug 1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate to NSS.
+   - Bug 1738028 - Avoid a clang 13 unused variable warning in opt build.
+   - Bug 1735028 - Check for missing signedData field.
+   - Bug 1737470 - Ensure DER encoded signatures are within size limits.
+
+
+
+`Compatibility <#compatibility>`__
+----------------------------------
+
+.. container::
+
+   NSS 3.74 shared libraries are backwards-compatible with all older NSS 3.x shared
+   libraries. A program linked with older NSS 3.x shared libraries will work with
+   this new version of the shared libraries without recompiling or
+   relinking. Furthermore, applications that restrict their use of NSS APIs to the
+   functions listed in NSS Public Functions will remain compatible with future
+   versions of the NSS shared libraries.
+
+`Feedback <#feedback>`__
+------------------------
+
+.. container::
+
+   Bugs discovered should be reported by filing a bug report on
+   `bugzilla.mozilla.org <https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS>`__ (product NSS).

security/nss/gtests/pk11_gtest/pk11_chacha20poly1305_unittest.cc

@@ -19,53 +19,41 @@
 
 namespace nss_test {
 
-static const CK_MECHANISM_TYPE kMech = CKM_NSS_CHACHA20_POLY1305;
-static const CK_MECHANISM_TYPE kMechXor = CKM_NSS_CHACHA20_CTR;
+static const CK_MECHANISM_TYPE kMech = CKM_CHACHA20_POLY1305;
+static const CK_MECHANISM_TYPE kMechLegacy = CKM_NSS_CHACHA20_POLY1305;
+static const CK_MECHANISM_TYPE kMechXor = CKM_CHACHA20;
+static const CK_MECHANISM_TYPE kMechXorLegacy = CKM_NSS_CHACHA20_CTR;
 // Some test data for simple tests.
 static const uint8_t kKeyData[32] = {'k'};
-static const uint8_t kCtrNonce[16] = {'c', 0, 0, 0, 'n'};
+static const uint8_t kXorParamsLegacy[16] = {'c', 0, 0, 0, 'n'};
+static const uint8_t kCounter[4] = {'c', 0};
+static const uint8_t kNonce[12] = {'n', 0};
+static const CK_CHACHA20_PARAMS kXorParams{
+    /* pBlockCounter */ const_cast<CK_BYTE_PTR>(kCounter),
+    /* blockCounterBits */ sizeof(kCounter) * 8,
+    /* pNonce */ const_cast<CK_BYTE_PTR>(kNonce),
+    /* ulNonceBits */ sizeof(kNonce) * 8,
+};
 static const uint8_t kData[16] = {'d'};
+static const uint8_t kExpectedXor[sizeof(kData)] = {
+    0xd8, 0x15, 0xd3, 0xb3, 0xe9, 0x34, 0x3b, 0x7a,
+    0x24, 0xf6, 0x5f, 0xd7, 0x95, 0x3d, 0xd3, 0x51};
+static const size_t kTagLen = 16;
 
 class Pkcs11ChaCha20Poly1305Test
     : public ::testing::TestWithParam<ChaChaTestVector> {
  public:
   void EncryptDecrypt(const ScopedPK11SymKey& key, const bool invalid_iv,
                       const bool invalid_tag, const uint8_t* data,
-                      size_t data_len, const uint8_t* aad, size_t aad_len,
-                      const uint8_t* iv, size_t iv_len,
+                      size_t data_len, CK_MECHANISM_TYPE mech, SECItem* params,
+                      std::vector<uint8_t>* nonce, std::vector<uint8_t>* aad,
                       const uint8_t* ct = nullptr, size_t ct_len = 0) {
-    // Prepare AEAD params.
-    CK_NSS_AEAD_PARAMS aead_params;
-    aead_params.pNonce = toUcharPtr(iv);
-    aead_params.ulNonceLen = iv_len;
-    aead_params.pAAD = toUcharPtr(aad);
-    aead_params.ulAADLen = aad_len;
-    aead_params.ulTagLen = 16;
-
-    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
-                      sizeof(aead_params)};
-
-    // Encrypt with bad parameters (TagLen is too long).
+    std::vector<uint8_t> encrypted(data_len + kTagLen);
     unsigned int encrypted_len = 0;
-    std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
-    aead_params.ulTagLen = 158072;
-    SECStatus rv =
-        PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
-                     &encrypted_len, encrypted.size(), data, data_len);
-    EXPECT_EQ(SECFailure, rv);
-    EXPECT_EQ(0U, encrypted_len);
-
-    // Encrypt with bad parameters (TagLen is too short).
-    aead_params.ulTagLen = 2;
-    rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
-                      &encrypted_len, encrypted.size(), data, data_len);
-    EXPECT_EQ(SECFailure, rv);
-    EXPECT_EQ(0U, encrypted_len);
-
     // Encrypt.
-    aead_params.ulTagLen = 16;
-    rv = PK11_Encrypt(key.get(), kMech, &params, encrypted.data(),
-                      &encrypted_len, encrypted.size(), data, data_len);
+    SECStatus rv =
+        PK11_Encrypt(key.get(), mech, params, encrypted.data(), &encrypted_len,
+                     encrypted.size(), data, data_len);
 
     // Return if encryption failure was expected due to invalid IV.
     // Without valid ciphertext, all further tests can be skipped.
@@ -92,7 +80,7 @@ class Pkcs11ChaCha20Poly1305Test
     // passed to a subsequent decryption call (for AEAD we
     // must authenticate even when the pt is zero-length).
     unsigned int decrypt_bytes_needed = 0;
-    rv = PK11_Decrypt(key.get(), kMech, &params, nullptr, &decrypt_bytes_needed,
+    rv = PK11_Decrypt(key.get(), mech, params, nullptr, &decrypt_bytes_needed,
                       0, encrypted.data(), encrypted_len);
     EXPECT_EQ(rv, SECSuccess);
     EXPECT_GT(decrypt_bytes_needed, data_len);
@@ -100,9 +88,8 @@ class Pkcs11ChaCha20Poly1305Test
     // Now decrypt it
     std::vector<uint8_t> decrypted(decrypt_bytes_needed);
     unsigned int decrypted_len = 0;
-    rv = PK11_Decrypt(key.get(), kMech, &params, decrypted.data(),
-                      &decrypted_len, decrypted.size(), encrypted.data(),
-                      encrypted.size());
+    rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(), &decrypted_len,
+                      decrypted.size(), encrypted.data(), encrypted.size());
     EXPECT_EQ(rv, SECSuccess);
 
     // Check the plaintext.
@@ -115,7 +102,7 @@ class Pkcs11ChaCha20Poly1305Test
       decrypted_len = 0;
       std::vector<uint8_t> bogus_ciphertext(encrypted);
       bogus_ciphertext[0] ^= 0xff;
-      rv = PK11_Decrypt(key.get(), kMech, &params, decrypted.data(),
+      rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(),
                         &decrypted_len, decrypted.size(),
                         bogus_ciphertext.data(), encrypted_len);
       EXPECT_EQ(rv, SECFailure);
@@ -128,47 +115,32 @@ class Pkcs11ChaCha20Poly1305Test
       decrypted_len = 0;
       std::vector<uint8_t> bogus_tag(encrypted);
       bogus_tag[encrypted_len - 1] ^= 0xff;
-      rv = PK11_Decrypt(key.get(), kMech, &params, decrypted.data(),
+      rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(),
                         &decrypted_len, decrypted.size(), bogus_tag.data(),
                         encrypted_len);
       EXPECT_EQ(rv, SECFailure);
       EXPECT_EQ(0U, decrypted_len);
     }
 
-    // Decrypt with bogus IV.
-    // iv_len == 0 is invalid and should be caught earlier.
-    // Still skip, if there's no IV to modify.
-    if (iv_len != 0) {
-      decrypted_len = 0;
-      SECItem bogus_params(params);
-      CK_NSS_AEAD_PARAMS bogusAeadParams(aead_params);
-      bogus_params.data = reinterpret_cast<unsigned char*>(&bogusAeadParams);
-
-      std::vector<uint8_t> bogusIV(iv, iv + iv_len);
-      bogusAeadParams.pNonce = toUcharPtr(bogusIV.data());
-      bogusIV[0] ^= 0xff;
-
-      rv = PK11_Decrypt(key.get(), kMech, &bogus_params, decrypted.data(),
-                        &decrypted_len, data_len, encrypted.data(),
-                        encrypted.size());
-      EXPECT_EQ(rv, SECFailure);
-      EXPECT_EQ(0U, decrypted_len);
-    }
+    // Decrypt with bogus nonce.
+    // A nonce length of 0 is invalid and should be caught earlier.
+    ASSERT_NE(0U, nonce->size());
+    decrypted_len = 0;
+    nonce->data()[0] ^= 0xff;
+    rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(), &decrypted_len,
+                      data_len, encrypted.data(), encrypted.size());
+    EXPECT_EQ(rv, SECFailure);
+    EXPECT_EQ(0U, decrypted_len);
+    nonce->data()[0] ^= 0xff;  // restore value
 
     // Decrypt with bogus additional data.
     // Skip when AAD was empty and can't be modified.
     // Alternatively we could generate random aad.
-    if (aad_len != 0) {
+    if (aad->size() != 0) {
       decrypted_len = 0;
-      SECItem bogus_params(params);
-      CK_NSS_AEAD_PARAMS bogus_aead_params(aead_params);
-      bogus_params.data = reinterpret_cast<unsigned char*>(&bogus_aead_params);
+      aad->data()[0] ^= 0xff;
 
-      std::vector<uint8_t> bogus_aad(aad, aad + aad_len);
-      bogus_aead_params.pAAD = toUcharPtr(bogus_aad.data());
-      bogus_aad[0] ^= 0xff;
-
-      rv = PK11_Decrypt(key.get(), kMech, &bogus_params, decrypted.data(),
+      rv = PK11_Decrypt(key.get(), mech, params, decrypted.data(),
                         &decrypted_len, data_len, encrypted.data(),
                         encrypted.size());
       EXPECT_EQ(rv, SECFailure);
@@ -176,6 +148,69 @@ class Pkcs11ChaCha20Poly1305Test
     }
   }
 
+  void EncryptDecrypt(const ScopedPK11SymKey& key, const bool invalid_iv,
+                      const bool invalid_tag, const uint8_t* data,
+                      size_t data_len, const uint8_t* aad_ptr, size_t aad_len,
+                      const uint8_t* iv_ptr, size_t iv_len,
+                      const uint8_t* ct = nullptr, size_t ct_len = 0) {
+    std::vector<uint8_t> nonce(iv_ptr, iv_ptr + iv_len);
+    std::vector<uint8_t> aad(aad_ptr, aad_ptr + aad_len);
+    // Prepare AEAD params.
+    CK_SALSA20_CHACHA20_POLY1305_PARAMS aead_params;
+    aead_params.pNonce = toUcharPtr(nonce.data());
+    aead_params.ulNonceLen = nonce.size();
+    aead_params.pAAD = toUcharPtr(aad.data());
+    aead_params.ulAADLen = aad.size();
+
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+                      sizeof(aead_params)};
+
+    EncryptDecrypt(key, invalid_iv, invalid_tag, data, data_len, kMech, &params,
+                   &nonce, &aad, ct, ct_len);
+  }
+
+  void EncryptDecryptLegacy(const ScopedPK11SymKey& key, const bool invalid_iv,
+                            const bool invalid_tag, const uint8_t* data,
+                            size_t data_len, const uint8_t* aad_ptr,
+                            size_t aad_len, const uint8_t* iv_ptr,
+                            size_t iv_len, const uint8_t* ct = nullptr,
+                            size_t ct_len = 0) {
+    std::vector<uint8_t> nonce(iv_ptr, iv_ptr + iv_len);
+    std::vector<uint8_t> aad(aad_ptr, aad_ptr + aad_len);
+    // Prepare AEAD params.
+    CK_NSS_AEAD_PARAMS aead_params;
+    aead_params.pNonce = toUcharPtr(nonce.data());
+    aead_params.ulNonceLen = nonce.size();
+    aead_params.pAAD = toUcharPtr(aad.data());
+    aead_params.ulAADLen = aad.size();
+    aead_params.ulTagLen = kTagLen;
+
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&aead_params),
+                      sizeof(aead_params)};
+
+    // Encrypt with bad parameters (TagLen is too long).
+    unsigned int encrypted_len = 0;
+    std::vector<uint8_t> encrypted(data_len + aead_params.ulTagLen);
+    aead_params.ulTagLen = 158072;
+    SECStatus rv =
+        PK11_Encrypt(key.get(), kMechLegacy, &params, encrypted.data(),
+                     &encrypted_len, encrypted.size(), data, data_len);
+    EXPECT_EQ(SECFailure, rv);
+    EXPECT_EQ(0U, encrypted_len);
+
+    // Encrypt with bad parameters (TagLen is too short).
+    aead_params.ulTagLen = 2;
+    rv = PK11_Encrypt(key.get(), kMechLegacy, &params, encrypted.data(),
+                      &encrypted_len, encrypted.size(), data, data_len);
+    EXPECT_EQ(SECFailure, rv);
+    EXPECT_EQ(0U, encrypted_len);
+
+    // Encrypt.
+    aead_params.ulTagLen = kTagLen;
+    EncryptDecrypt(key, invalid_iv, invalid_tag, data, data_len, kMechLegacy,
+                   &params, &nonce, &aad, ct, ct_len);
+  }
+
   void EncryptDecrypt(const ChaChaTestVector testvector) {
     ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
     SECItem keyItem = {siBuffer, toUcharPtr(testvector.key.data()),
@@ -203,7 +238,7 @@ class Pkcs11ChaCha20Poly1305Test
         PK11_KeyGen(slot.get(), mech, nullptr, 32, nullptr));
     ASSERT_NE(nullptr, sym_key);
 
-    int tagSize = 16;
+    int tagSize = kTagLen;
     int cipher_simulated_size;
     int output_len_message = 0;
     int output_len_simulated = 0;
@@ -218,8 +253,8 @@ class Pkcs11ChaCha20Poly1305Test
     std::vector<uint8_t> cipher_simulated(33);
     std::vector<uint8_t> cipher_v24(33);
     std::vector<uint8_t> aad(16);
-    std::vector<uint8_t> tag_message(16);
-    std::vector<uint8_t> tag_simulated(16);
+    std::vector<uint8_t> tag_message(kTagLen);
+    std::vector<uint8_t> tag_simulated(kTagLen);
 
     // Prepare AEAD v2.40 params.
     CK_SALSA20_CHACHA20_POLY1305_PARAMS chacha_params;
@@ -387,10 +422,6 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateEncryptDecrypt) {
 }
 
 TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) {
-  static const uint8_t kExpected[sizeof(kData)] = {
-      0xd8, 0x15, 0xd3, 0xb3, 0xe9, 0x34, 0x3b, 0x7a,
-      0x24, 0xf6, 0x5f, 0xd7, 0x95, 0x3d, 0xd3, 0x51};
-
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   SECItem keyItem = {siBuffer, toUcharPtr(kKeyData),
                      static_cast<unsigned int>(sizeof(kKeyData))};
@@ -398,30 +429,66 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) {
       slot.get(), kMechXor, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
   EXPECT_TRUE(!!key);
 
-  SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce),
-                          static_cast<unsigned int>(sizeof(kCtrNonce))};
+  SECItem params = {siBuffer,
+                    toUcharPtr(reinterpret_cast<const uint8_t*>(&kXorParams)),
+                    static_cast<unsigned int>(sizeof(kXorParams))};
   uint8_t encrypted[sizeof(kData)];
   unsigned int encrypted_len = 88;  // This should be overwritten.
   SECStatus rv =
-      PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
-                   &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+      PK11_Encrypt(key.get(), kMechXor, &params, encrypted, &encrypted_len,
+                   sizeof(encrypted), kData, sizeof(kData));
   ASSERT_EQ(SECSuccess, rv);
-  ASSERT_EQ(sizeof(kExpected), static_cast<size_t>(encrypted_len));
-  EXPECT_EQ(0, memcmp(kExpected, encrypted, sizeof(kExpected)));
+  ASSERT_EQ(sizeof(kExpectedXor), static_cast<size_t>(encrypted_len));
+  EXPECT_EQ(0, memcmp(kExpectedXor, encrypted, sizeof(kExpectedXor)));
 
   // Decrypting has the same effect.
-  rv = PK11_Decrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
+  rv = PK11_Decrypt(key.get(), kMechXor, &params, encrypted, &encrypted_len,
+                    sizeof(encrypted), kData, sizeof(kData));
+  ASSERT_EQ(SECSuccess, rv);
+  ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
+  EXPECT_EQ(0, memcmp(kExpectedXor, encrypted, sizeof(kExpectedXor)));
+
+  // Operating in reverse too.
+  rv = PK11_Encrypt(key.get(), kMechXor, &params, encrypted, &encrypted_len,
+                    sizeof(encrypted), kExpectedXor, sizeof(kExpectedXor));
+  ASSERT_EQ(SECSuccess, rv);
+  ASSERT_EQ(sizeof(kExpectedXor), static_cast<size_t>(encrypted_len));
+  EXPECT_EQ(0, memcmp(kData, encrypted, sizeof(kData)));
+}
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, XorLegacy) {
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  SECItem keyItem = {siBuffer, toUcharPtr(kKeyData),
+                     static_cast<unsigned int>(sizeof(kKeyData))};
+  ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), kMechXorLegacy,
+                                         PK11_OriginUnwrap, CKA_ENCRYPT,
+                                         &keyItem, nullptr));
+  EXPECT_TRUE(!!key);
+
+  SECItem ctrNonceItem = {siBuffer, toUcharPtr(kXorParamsLegacy),
+                          static_cast<unsigned int>(sizeof(kXorParamsLegacy))};
+  uint8_t encrypted[sizeof(kData)];
+  unsigned int encrypted_len = 88;  // This should be overwritten.
+  SECStatus rv =
+      PK11_Encrypt(key.get(), kMechXorLegacy, &ctrNonceItem, encrypted,
+                   &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+  ASSERT_EQ(SECSuccess, rv);
+  ASSERT_EQ(sizeof(kExpectedXor), static_cast<size_t>(encrypted_len));
+  EXPECT_EQ(0, memcmp(kExpectedXor, encrypted, sizeof(kExpectedXor)));
+
+  // Decrypting has the same effect.
+  rv = PK11_Decrypt(key.get(), kMechXorLegacy, &ctrNonceItem, encrypted,
                     &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
   ASSERT_EQ(SECSuccess, rv);
   ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
-  EXPECT_EQ(0, memcmp(kExpected, encrypted, sizeof(kExpected)));
+  EXPECT_EQ(0, memcmp(kExpectedXor, encrypted, sizeof(kExpectedXor)));
 
   // Operating in reverse too.
-  rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
-                    &encrypted_len, sizeof(encrypted), kExpected,
-                    sizeof(kExpected));
+  rv = PK11_Encrypt(key.get(), kMechXorLegacy, &ctrNonceItem, encrypted,
+                    &encrypted_len, sizeof(encrypted), kExpectedXor,
+                    sizeof(kExpectedXor));
   ASSERT_EQ(SECSuccess, rv);
-  ASSERT_EQ(sizeof(kExpected), static_cast<size_t>(encrypted_len));
+  ASSERT_EQ(sizeof(kExpectedXor), static_cast<size_t>(encrypted_len));
   EXPECT_EQ(0, memcmp(kData, encrypted, sizeof(kData)));
 }
 
@@ -429,18 +496,45 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, Xor) {
 // function.  The result is random and therefore cannot be checked.
 TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateXor) {
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
-  ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
+  ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMechXor, nullptr, 32, nullptr));
   EXPECT_TRUE(!!key);
 
   std::vector<uint8_t> iv(16);
   SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), iv.data(), iv.size());
   EXPECT_EQ(SECSuccess, rv);
 
-  SECItem ctrNonceItem = {siBuffer, toUcharPtr(iv.data()),
-                          static_cast<unsigned int>(iv.size())};
+  CK_CHACHA20_PARAMS chacha_params;
+  chacha_params.pBlockCounter = iv.data();
+  chacha_params.blockCounterBits = 32;
+  chacha_params.pNonce = iv.data() + 4;
+  chacha_params.ulNonceBits = 96;
+
+  SECItem params = {
+      siBuffer, toUcharPtr(reinterpret_cast<const uint8_t*>(&chacha_params)),
+      static_cast<unsigned int>(sizeof(chacha_params))};
   uint8_t encrypted[sizeof(kData)];
   unsigned int encrypted_len = 88;  // This should be overwritten.
-  rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
+  rv = PK11_Encrypt(key.get(), kMechXor, &params, encrypted, &encrypted_len,
+                    sizeof(encrypted), kData, sizeof(kData));
+  ASSERT_EQ(SECSuccess, rv);
+  ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
+}
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, GenerateXorLegacy) {
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  ScopedPK11SymKey key(
+      PK11_KeyGen(slot.get(), kMechXorLegacy, nullptr, 32, nullptr));
+  EXPECT_TRUE(!!key);
+
+  std::vector<uint8_t> iv(16);
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), iv.data(), iv.size());
+  EXPECT_EQ(SECSuccess, rv);
+
+  SECItem params = {siBuffer, toUcharPtr(iv.data()),
+                    static_cast<unsigned int>(iv.size())};
+  uint8_t encrypted[sizeof(kData)];
+  unsigned int encrypted_len = 88;  // This should be overwritten.
+  rv = PK11_Encrypt(key.get(), kMechXorLegacy, &params, encrypted,
                     &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
   ASSERT_EQ(SECSuccess, rv);
   ASSERT_EQ(sizeof(kData), static_cast<size_t>(encrypted_len));
@@ -451,18 +545,40 @@ TEST_F(Pkcs11ChaCha20Poly1305Test, XorInvalidParams) {
   ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
   EXPECT_TRUE(!!key);
 
-  SECItem ctrNonceItem = {siBuffer, toUcharPtr(kCtrNonce),
-                          static_cast<unsigned int>(sizeof(kCtrNonce)) - 1};
+  SECItem params = {siBuffer,
+                    toUcharPtr(reinterpret_cast<const uint8_t*>(&kXorParams)),
+                    static_cast<unsigned int>(sizeof(kXorParams)) - 1};
   uint8_t encrypted[sizeof(kData)];
   unsigned int encrypted_len = 88;
   SECStatus rv =
-      PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
-                   &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+      PK11_Encrypt(key.get(), kMechXor, &params, encrypted, &encrypted_len,
+                   sizeof(encrypted), kData, sizeof(kData));
   EXPECT_EQ(SECFailure, rv);
 
-  ctrNonceItem.data = nullptr;
-  rv = PK11_Encrypt(key.get(), kMechXor, &ctrNonceItem, encrypted,
-                    &encrypted_len, sizeof(encrypted), kData, sizeof(kData));
+  params.data = nullptr;
+  rv = PK11_Encrypt(key.get(), kMechXor, &params, encrypted, &encrypted_len,
+                    sizeof(encrypted), kData, sizeof(kData));
+  EXPECT_EQ(SECFailure, rv);
+  EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
+}
+
+TEST_F(Pkcs11ChaCha20Poly1305Test, XorLegacyInvalidParams) {
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  ScopedPK11SymKey key(PK11_KeyGen(slot.get(), kMech, nullptr, 32, nullptr));
+  EXPECT_TRUE(!!key);
+
+  SECItem params = {siBuffer, toUcharPtr(kXorParamsLegacy),
+                    static_cast<unsigned int>(sizeof(kXorParamsLegacy)) - 1};
+  uint8_t encrypted[sizeof(kData)];
+  unsigned int encrypted_len = 88;
+  SECStatus rv =
+      PK11_Encrypt(key.get(), kMechXor, &params, encrypted, &encrypted_len,
+                   sizeof(encrypted), kData, sizeof(kData));
+  EXPECT_EQ(SECFailure, rv);
+
+  params.data = nullptr;
+  rv = PK11_Encrypt(key.get(), kMechXor, &params, encrypted, &encrypted_len,
+                    sizeof(encrypted), kData, sizeof(kData));
   EXPECT_EQ(SECFailure, rv);
   EXPECT_EQ(SEC_ERROR_BAD_DATA, PORT_GetError());
 }

security/nss/gtests/pk11_gtest/pk11_cipherop_unittest.cc

@@ -3,6 +3,7 @@
 // You can obtain one at http://mozilla.org/MPL/2.0/.
 
 #include "gtest/gtest.h"
+#include "nss_scoped_ptrs.h"
 
 #include <assert.h>
 #include <limits.h>
@@ -21,30 +22,29 @@ namespace nss_test {
 // cipher context with data that is not cipher block aligned.
 //
 
-static SECStatus GetBytes(PK11Context* ctx, uint8_t* bytes, size_t len) {
+static SECStatus GetBytes(const ScopedPK11Context& ctx, size_t len) {
   std::vector<uint8_t> in(len, 0);
 
+  uint8_t outbuf[128];
+  PORT_Assert(len <= sizeof(outbuf));
   int outlen;
-  SECStatus rv = PK11_CipherOp(ctx, bytes, &outlen, len, &in[0], len);
+  SECStatus rv = PK11_CipherOp(ctx.get(), outbuf, &outlen, len, in.data(), len);
   if (static_cast<size_t>(outlen) != len) {
-    return SECFailure;
+    EXPECT_EQ(rv, SECFailure);
   }
   return rv;
 }
 
 TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
-  PK11SlotInfo* slot;
-  PK11SymKey* key;
-  PK11Context* ctx;
-
-  NSSInitContext* globalctx =
-      NSS_InitContext("", "", "", "", NULL,
-                      NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
-                          NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
+  ScopedNSSInitContext globalctx(NSS_InitContext(
+      "", "", "", "", NULL, NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
+                                NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
+                                NSS_INIT_NOROOTINIT));
+  ASSERT_TRUE(globalctx);
 
   const CK_MECHANISM_TYPE cipher = CKM_AES_CTR;
 
-  slot = PK11_GetInternalSlot();
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   ASSERT_TRUE(slot);
 
   // Use arbitrary bytes for the AES key
@@ -61,35 +61,28 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOps) {
   SECItem paramItem = {siBuffer, reinterpret_cast<unsigned char*>(&param),
                        sizeof(CK_AES_CTR_PARAMS)};
 
-  key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
-                          &keyItem, NULL);
-  ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, &paramItem);
+  ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap,
+                                         CKA_ENCRYPT, &keyItem, NULL));
   ASSERT_TRUE(key);
+  ScopedPK11Context ctx(
+      PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key.get(), &paramItem));
   ASSERT_TRUE(ctx);
 
-  uint8_t outbuf[128];
-  ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECSuccess);
-  ASSERT_EQ(GetBytes(ctx, outbuf, 17), SECSuccess);
-
-  PK11_FreeSymKey(key);
-  PK11_FreeSlot(slot);
-  PK11_DestroyContext(ctx, PR_TRUE);
-  NSS_ShutdownContext(globalctx);
+  ASSERT_EQ(GetBytes(ctx, 7), SECSuccess);
+  ASSERT_EQ(GetBytes(ctx, 17), SECSuccess);
 }
 
-TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
-  PK11SlotInfo* slot;
-  PK11SymKey* key;
-  PK11Context* ctx;
+// A context can't be used for Chacha20 as the underlying
+// PK11_CipherOp operation is calling the C_EncryptUpdate function for
+// which multi-part is disabled for ChaCha20 in counter mode.
+void ChachaMulti(CK_MECHANISM_TYPE cipher, SECItem* param) {
+  ScopedNSSInitContext globalctx(NSS_InitContext(
+      "", "", "", "", NULL, NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
+                                NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
+                                NSS_INIT_NOROOTINIT));
+  ASSERT_TRUE(globalctx);
 
-  NSSInitContext* globalctx =
-      NSS_InitContext("", "", "", "", NULL,
-                      NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
-                          NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT);
-
-  const CK_MECHANISM_TYPE cipher = CKM_NSS_CHACHA20_CTR;
-
-  slot = PK11_GetInternalSlot();
+  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   ASSERT_TRUE(slot);
 
   // Use arbitrary bytes for the ChaCha20 key and IV
@@ -97,33 +90,42 @@ TEST(Pkcs11CipherOp, SingleCtxMultipleUnalignedCipherOpsChaCha20) {
   for (size_t i = 0; i < 32; i++) {
     key_bytes[i] = i;
   }
-  SECItem keyItem = {siBuffer, key_bytes, 32};
+  SECItem keyItem = {siBuffer, key_bytes, sizeof(key_bytes)};
 
-  uint8_t iv_bytes[16];
-  for (size_t i = 0; i < 16; i++) {
-    key_bytes[i] = i;
-  }
-  SECItem ivItem = {siBuffer, iv_bytes, 16};
-
-  SECItem* param = PK11_ParamFromIV(cipher, &ivItem);
-
-  key = PK11_ImportSymKey(slot, cipher, PK11_OriginUnwrap, CKA_ENCRYPT,
-                          &keyItem, NULL);
-  ctx = PK11_CreateContextBySymKey(cipher, CKA_ENCRYPT, key, param);
+  ScopedPK11SymKey key(PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap,
+                                         CKA_ENCRYPT, &keyItem, NULL));
   ASSERT_TRUE(key);
+  ScopedSECItem param_item(PK11_ParamFromIV(cipher, param));
+  ASSERT_TRUE(param_item);
+  ScopedPK11Context ctx(PK11_CreateContextBySymKey(
+      cipher, CKA_ENCRYPT, key.get(), param_item.get()));
   ASSERT_TRUE(ctx);
 
-  uint8_t outbuf[128];
-  // This is supposed to fail for Chacha20. This is because the underlying
-  // PK11_CipherOp operation is calling the C_EncryptUpdate function for
-  // which multi-part is disabled for ChaCha20 in counter mode.
-  ASSERT_EQ(GetBytes(ctx, outbuf, 7), SECFailure);
+  ASSERT_EQ(GetBytes(ctx, 7), SECFailure);
+}
 
-  PK11_FreeSymKey(key);
-  PK11_FreeSlot(slot);
-  SECITEM_FreeItem(param, PR_TRUE);
-  PK11_DestroyContext(ctx, PR_TRUE);
-  NSS_ShutdownContext(globalctx);
+TEST(Pkcs11CipherOp, ChachaMultiLegacy) {
+  uint8_t iv_bytes[16];
+  for (size_t i = 0; i < 16; i++) {
+    iv_bytes[i] = i;
+  }
+  SECItem param_item = {siBuffer, iv_bytes, sizeof(iv_bytes)};
+
+  ChachaMulti(CKM_NSS_CHACHA20_CTR, &param_item);
+}
+
+TEST(Pkcs11CipherOp, ChachaMulti) {
+  uint8_t iv_bytes[16];
+  for (size_t i = 0; i < 16; i++) {
+    iv_bytes[i] = i;
+  }
+  CK_CHACHA20_PARAMS chacha_params = {
+      iv_bytes, 32, iv_bytes + 4, 96,
+  };
+  SECItem param_item = {siBuffer, reinterpret_cast<uint8_t*>(&chacha_params),
+                        sizeof(chacha_params)};
+
+  ChachaMulti(CKM_CHACHA20, &param_item);
 }
 
 }  // namespace nss_test