Bug 1649545 - land NSS NSS_3_55_BETA1 UPGRADE_NSS_RELEASE, r=jcj

2020-07-21 Benjamin Beurdouche <bbeurdouche@mozilla.com> * cmd/bltest/blapitest.c: Bug 1653202 - Fix issue disabling other mechanisms when SEED is deprecated in cmd/bltest/blapitest.c. r=kjacobs [0768baa431e7] [NSS_3_55_BETA1] 2020-07-21 Kevin Jacobs <kjacobs@mozilla.com> * automation/release/nspr-version.txt: Bug 1652331 - NSS 3.55 should depend on NSPR 4.27. r=kaie [3deefc218cd9] 2020-07-20 Billy Brumley <bbrumley@gmail.com> * lib/freebl/ec.c: Bug 1631573: Remove unnecessary scalar padding in ec.c r=kjacobs,bbeurdouche Subsequent calls to ECPoints_mul and ECPoint_mul remove this padding. Timing attack countermeasures are now applied more generally deeper in the call stack. [aeb2e583ee95] 2020-07-20 Kai Engert <kaie@kuix.de> * lib/nss/nssinit.c: Bug 1653310 - On macOS check if nssckbi exists prior to loading it. r=kjacobs [ca207655b4b7] Differential Revision: https://phabricator.services.mozilla.com/D84420
2024-12-02 18:08:58 +00:00 · 2020-07-21 23:37:38 +00:00 · 2020-07-21 23:37:38 +00:00 · 99b3679870
commit 99b3679870
parent 406ebd614d
6 changed files with 19 additions and 27 deletions
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@ -1 +1 @@
-615362dff5ad
+NSS_3_55_BETA1
--- a/security/nss/automation/release/nspr-version.txt
+++ b/security/nss/automation/release/nspr-version.txt
@ -1,4 +1,4 @@
-4.26
+4.27

 # The first line of this file must contain the human readable NSPR
 # version number, which is the minimum required version of NSPR
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@ -2961,9 +2961,9 @@ get_params(PLArenaPool *arena, bltestParams *params,
        case bltestCAMELLIA_CBC:
 #ifndef NSS_DISABLE_DEPRECATED_SEED
        case bltestSEED_CBC:
+#endif
            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j);
            load_file_data(arena, &params->sk.iv, filename, bltestBinary);
-#endif
        case bltestDES_ECB:
        case bltestDES_EDE_ECB:
        case bltestRC2_ECB:
@ -2972,10 +2972,10 @@ get_params(PLArenaPool *arena, bltestParams *params,
        case bltestCAMELLIA_ECB:
 #ifndef NSS_DISABLE_DEPRECATED_SEED
        case bltestSEED_ECB:
+#endif
            sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
            load_file_data(arena, &params->sk.key, filename, bltestBinary);
            break;
-#endif
 #ifdef NSS_SOFTOKEN_DOES_RC5
        case bltestRC5_ECB:
        case bltestRC5_CBC:
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@ -10,3 +10,4 @@
 */

 #error "Do not include this header file."
+
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@ -723,27 +723,6 @@ ECDSA_SignDigestWithSeed(ECPrivateKey *key, SECItem *signature,
        goto cleanup;
    }

-    /*
-    ** We do not want timing information to leak the length of k,
-    ** so we compute k*G using an equivalent scalar of fixed
-    ** bit-length.
-    ** Fix based on patch for ECDSA timing attack in the paper
-    ** by Billy Bob Brumley and Nicola Tuveri at
-    **   http://eprint.iacr.org/2011/232
-    **
-    ** How do we convert k to a value of a fixed bit-length?
-    ** k starts off as an integer satisfying 0 <= k < n.  Hence,
-    ** n <= k+n < 2n, which means k+n has either the same number
-    ** of bits as n or one more bit than n.  If k+n has the same
-    ** number of bits as n, the second addition ensures that the
-    ** final value has exactly one more bit than n.  Thus, we
-    ** always end up with a value that exactly one more bit than n.
-    */
-    CHECK_MPI_OK(mp_add(&k, &n, &k));
-    if (mpl_significant_bits(&k) <= mpl_significant_bits(&n)) {
-        CHECK_MPI_OK(mp_add(&k, &n, &k));
-    }
-
    /*
    ** ANSI X9.62, Section 5.3.2, Step 2
    **
--- a/security/nss/lib/nss/nssinit.c
+++ b/security/nss/lib/nss/nssinit.c
@ -323,6 +323,18 @@ nss_FreeExternalRootPaths(char *oldpath, char *path)
    }
 }

+#if defined(DARWIN)
+static PRBool
+nss_fileExists(const char *path)
+{
+    return PR_Access(path, PR_ACCESS_EXISTS) == PR_SUCCESS;
+}
+
+#define CHECK_FILE_EXISTS_IF_NECESSARY(path) nss_fileExists(path)
+#else
+#define CHECK_FILE_EXISTS_IF_NECESSARY(path) PR_TRUE
+#endif
+
 static void
 nss_FindExternalRoot(const char *dbpath, const char *secmodprefix)
 {
@ -336,11 +348,11 @@ nss_FindExternalRoot(const char *dbpath, const char *secmodprefix)
     * module with the old path first.
     */
    nss_FindExternalRootPaths(dbpath, secmodprefix, &oldpath, &path);
-    if (oldpath) {
+    if (oldpath && CHECK_FILE_EXISTS_IF_NECESSARY(oldpath)) {
        (void)SECMOD_AddNewModule("Root Certs", oldpath, 0, 0);
        hasrootcerts = SECMOD_HasRootCerts();
    }
-    if (path && !hasrootcerts) {
+    if (path && !hasrootcerts && CHECK_FILE_EXISTS_IF_NECESSARY(path)) {
        (void)SECMOD_AddNewModule("Root Certs", path, 0, 0);
    }
    nss_FreeExternalRootPaths(oldpath, path);