Closed Bug 1621350 Opened 4 months ago Closed 3 months ago

Upgrade Firefox 76 to use NSS 3.51.1

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla76
Tracking Status
firefox76 --- fixed

People

(Reporter: kjacobs, Assigned: kjacobs)

Details

(Whiteboard: [psm-assigned][nss])

Attachments

(5 files, 3 obsolete files)

Tracking NSS 3.51.1 for Firefox 76. Ultimate tag will be NSS_3_51_1_RTM.

Keywords: leave-open
Pushed by ccoroiu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/3d799e2b8919
land NSS 710d10a72934 UPGRADE_NSS_RELEASE, r=jcj

2020-02-18 Robert Relyea <rrelyea@redhat.com>

* cmd/bltest/blapitest.c, cmd/fipstest/fipstest.c,
cmd/lib/pk11table.c, cmd/pk11gcmtest/pk11gcmtest.c,
cmd/shlibsign/shlibsign.c,
gtests/pk11_gtest/pk11_aes_gcm_unittest.cc,
gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/certdb/crl.c,
lib/ckfw/dbm/db.c, lib/dev/devslot.c, lib/dev/devtoken.c,
lib/dev/devutil.c, lib/freebl/fipsfreebl.c, lib/freebl/gcm.c,
lib/freebl/intel-gcm-wrap.c, lib/pk11wrap/debug_module.c,
lib/pk11wrap/dev3hack.c, lib/pk11wrap/pk11akey.c,
lib/pk11wrap/pk11auth.c, lib/pk11wrap/pk11cert.c,
lib/pk11wrap/pk11err.c, lib/pk11wrap/pk11load.c,
lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11merge.c,
lib/pk11wrap/pk11nobj.c, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11pbe.c, lib/pk11wrap/pk11pk12.c,
lib/pk11wrap/pk11pqg.c, lib/pk11wrap/pk11skey.c,
lib/pk11wrap/pk11slot.c, lib/pk11wrap/pk11util.c, lib/pkcs12/p12d.c,
lib/pkcs12/p12e.c, lib/softoken/fipstokn.c,
lib/softoken/legacydb/lgattr.c, lib/softoken/legacydb/lgcreate.c,
lib/softoken/legacydb/lgfind.c, lib/softoken/legacydb/lginit.c,
lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11u.c, lib/softoken/sdb.c, lib/softoken/sftkdb.c,
lib/softoken/sftkpwd.c, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c,
lib/ssl/tls13con.c, lib/util/pkcs11.h, lib/util/pkcs11f.h,
lib/util/pkcs11n.h, lib/util/pkcs11t.h, lib/util/secoid.c, nss-
tool/enc/enctool.cc:
Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye


This patch implements the first phase: updating the headers.

lib/util/pkcs11.h lib/util/pkcs11f.h lib/util/pkcs11t.h

Were updated using the released OASIS PKCS #11 v3.0 header files.
lib/util/pkcs11n.h was updated to finally deprecate all uses of
CK?_NETSCAPE_?.

A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the
small semantic changes (including the removal of deprecated defines)
between the NSS PKCS #11 v2 header file and the new PKCS #11 v3 are
reverted in favor of the PKCS #11 v2 definitions. This include the
removal of CK?_NETSCAPE_? in favor of CK?_NSS_?.

One notable change was caused by an inconsistancy between the spec
and the released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an
extra field in the header that was not in the spec. OASIS considers
the header file to be normative, so PKCS #11 v3.0 resolved the issue
in favor of the header file definition. NSS had the spec definition,
so now there are 2 defines for this structure:

CK_NSS_GCM_PARAMS - the old nss define. Still used internally in
freebl. CK_GCM_PARAMS_V3 - the new define. CK_GCM_PARAMS - no longer
referenced in NSS itself. It's defined as CK_GCM_PARAMS_V3 if
NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as
CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined.

Softoken has been updated to accept either CK_NSS_GCM_PARAMS or
CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use
CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS.

One other semantic difference between the 3.0 version of pkcs11f.h
and the version here: In the oasis version of the header, you must
define CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In
our version you must define CK_PKCS11_3 to get the PCKS #11 v3
defines.

Most of this patch is to handle changing the deprecated defines that
have been removed in PCKS #11 v3 from NSS.

[b5d90a7fe217] [tip]

2020-03-16 Kevin Jacobs <kjacobs@mozilla.com>

* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h,
gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/SSLerrs.h,
lib/ssl/ssl.h, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c,
lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslimpl.h,
lib/ssl/sslt.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13subcerts.c,
tests/common/certsetup.sh, tests/ssl_gtests/ssl_gtests.sh:
Bug 1617968 - Update Delegated Credentials implementation to
draft-07 r=mt

Remove support for RSAE in delegated credentials (both in DC
signatures and SPKIs), add SignatureScheme list functionality to
initial DC extension.

[44eb9e27d946]

2020-03-13 Robert Relyea <rrelyea@redhat.com>

* cmd/fipstest/fipstest.c:
Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea
p=cipherboy


When testing Bug 1608245, I realized that I had inadvertently broken
fipstest.c's handling of KI and KI_len. This lead to it passing
bogus keys (with unusually large lengths exceeding the bounds of
sizeof KI) to kbkdf_Dispatch(...).

This uses Bob Relyea's suggestion on how to handle this: detect the
size of KI when processing the mech selection, storing KI_len there.
This simplifies reading of the KI value in later code.
[d7b12847a650]

* lib/softoken/kbkdf.c:
Bug 1608245 KBKDF - Consistently handle NULL slot/session r=kjacobs
Patch by cipherboy, review by kjacobs.


Per Bug 1607955, the KBKDF code introduced in Bug 1599603 confused
Coverity with a elided NULL check on
sftk_SlotFromSessionHandle(...). While Coverity is incorrect (and
the behavior is fine as-is), it isn't consistent with the KBKDF
code's handling of sftk_SessionFromHandle(...) (which is NULL
checked).

This brings these two call sites into internal consistency.
[4c43bc0998f3]

2020-03-23 Kevin Jacobs <kjacobs@mozilla.com>

* lib/softoken/pkcs11.c:
Bug 1624402 - Fix compilation error when NO_FORK_CHECK and
CHECK_FORK_* are defined r=rrelyea

[0225889e5292] [tip]

* lib/util/pkcs11.h:
Bug 1624130 - Require CK_FUNCTION_LIST structs to be packed.
r=rrelyea

[7ab62d3d0445]

2020-03-17 Robert Relyea <rrelyea@redhat.com>

* automation/abi-check/expected-report-libnss3.so.txt, automation/abi-
check/expected-report-libsoftokn3.so.txt, cmd/pk11mode/pk11mode.c,
lib/pk11wrap/pk11load.c, lib/pk11wrap/secmodi.h,
lib/pk11wrap/secmodt.h, lib/softoken/fipstokn.c,
lib/softoken/manifest.mn, lib/softoken/pkcs11.c,
lib/softoken/pkcs11c.c, lib/softoken/pkcs11i.h,
lib/softoken/sftkmessage.c, lib/softoken/softoken.gyp,
lib/softoken/softoken.h, lib/softoken/softokn.def,
lib/util/pkcs11.h, lib/util/pkcs11f.h, lib/util/pkcs11n.h,
nss/automation/abi-check/new-report-libnss3.so.txt, nss/automation
/abi-check/new-report-libsoftokn3.so.txt:
Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=ueno r=mt

Update to PKCS #11 v3.0 part 2.

Create the functions and switch to the C_Interface() function to
fetch the PKCS #11 function table. Also PKCS #11 v3.0 uses a new
fork safe interface. NSS can already handle the case if the PKCS #11
module happens to be fork safe (when asked by the application to
refresh the tokens in the child process, NSS can detect that such a
refresh is not necessary and continue. Softoken could also be put in
fork_safe mode with an environment variable. With this patch it's
the default, and NSS asks for the fork safe API by default.
Technically softoken should implement the old non-fork safe
interface when PKCS #11 v2.0 is called, but NSS no longer needs it,
and doing so would double the number of PKCS #11 interfaces are
needed. You can still compile with fork unsafe semantics, and the
PKCS #11 V3.0 module will do the right thing and not include the
fork safe flag. Firefox does not fork(), so for firefox this is
simply code that is no longer compilied.

We now use C_GetInterface, which allows us to specify what kind of
interface we want (PKCS #11 v3.0, PKCS #11 v2.0, fork safe, etc.).
Vendor specific functions can now be accessed through the
C_GetInterface. If the C_GetInterface function does not exists, we
fall bak to the old C_GetFunctionList.

There are 24 new functions in PKCS #11 v3.0: C_GetInterfaceList -
return a table of all the supported interfaces C_GetInterface -
return a specific interface. You can specify interface name, version
and flags separately. You can leave off any of these and you will
get what the token thinks is the best match of the interfaces that
meet the criteria. We do this in softoken by the order of the
interface list. C_SessionCancel - Cancel one or more multipart
operation C_LoginUser - Supply a user name to C_Login(). This
function has no meaning for softoken, so it just returns
CKR_OPERATION_NOT_INITIALIZED under the theory that if we in the
future want to support usernames, the NSS db would need special
initialization to make that happen. C_Message* and C_*Message* (20
functions in all) are the new AEAD interface (they are written
generally so that it can be used for things other than AEAD). In
this patch they are unimplemented (see the next patch).

This patch adds regular (NSC_) and FIPS (FC_) versions of these
functions. Also when creating the PKCS #11 v2.0 interface, we had to
create a 2.0 specific version of C_GetInfo so that it can return a
2.40 in the CK_VERSION field rather than 3.00. We do this with
#defines since all the function tables are generated automagically
with pkcs11f.h.

[2364598f8a36]

2020-03-18 Kevin Jacobs <kjacobs@mozilla.com>

* lib/freebl/mpi/mpcpucache.c:
Bug 1623184 - Clear ECX prior to cpuid, fixing query for Extended
Features r=bbeurdouche

While trying to benchmark the recent HACL* AVX2 code, I noticed that
it was not being called on two machines (that both support AVX2),
instead using only the AVX version.

In order to query for Extended Features (cpuid with EAX=7), we also
need to set ECX to 0: https://www.intel.com/content/www/us/en
/architecture-and-technology/64-ia-32-architectures-software-
developer-vol-2a-manual.html. The current code fails to do this,
resulting in flags that show no support.

Initially, I wrote a separate `freebl_cpuid_ex` function that
accepted a value for ECX as a separate input argument. However, some
definitions of `freebl_cpuid` already zero ECX, so making this
consistent is the simplest way to get the desired behavior.

With this patch, the two test machines (MacOS and Linux x64)
correctly use the AVX2 ChaCha20Poly1305 code.

[06d41fe87c58]

2020-02-18 Robert Relyea <rrelyea@redhat.com>

* cmd/bltest/blapitest.c, cmd/fipstest/fipstest.c,
cmd/lib/pk11table.c, cmd/pk11gcmtest/pk11gcmtest.c,
cmd/shlibsign/shlibsign.c,
gtests/pk11_gtest/pk11_aes_gcm_unittest.cc,
gtests/pk11_gtest/pk11_cbc_unittest.cc, lib/certdb/crl.c,
lib/ckfw/dbm/db.c, lib/dev/devslot.c, lib/dev/devtoken.c,
lib/dev/devutil.c, lib/freebl/fipsfreebl.c, lib/freebl/gcm.c,
lib/freebl/intel-gcm-wrap.c, lib/pk11wrap/debug_module.c,
lib/pk11wrap/dev3hack.c, lib/pk11wrap/pk11akey.c,
lib/pk11wrap/pk11auth.c, lib/pk11wrap/pk11cert.c,
lib/pk11wrap/pk11err.c, lib/pk11wrap/pk11load.c,
lib/pk11wrap/pk11mech.c, lib/pk11wrap/pk11merge.c,
lib/pk11wrap/pk11nobj.c, lib/pk11wrap/pk11obj.c,
lib/pk11wrap/pk11pbe.c, lib/pk11wrap/pk11pk12.c,
lib/pk11wrap/pk11pqg.c, lib/pk11wrap/pk11skey.c,
lib/pk11wrap/pk11slot.c, lib/pk11wrap/pk11util.c, lib/pkcs12/p12d.c,
lib/pkcs12/p12e.c, lib/softoken/fipstokn.c,
lib/softoken/legacydb/lgattr.c, lib/softoken/legacydb/lgcreate.c,
lib/softoken/legacydb/lgfind.c, lib/softoken/legacydb/lginit.c,
lib/softoken/pkcs11.c, lib/softoken/pkcs11c.c,
lib/softoken/pkcs11u.c, lib/softoken/sdb.c, lib/softoken/sftkdb.c,
lib/softoken/sftkpwd.c, lib/ssl/ssl3con.c, lib/ssl/sslprimitive.c,
lib/ssl/tls13con.c, lib/util/pkcs11.h, lib/util/pkcs11f.h,
lib/util/pkcs11n.h, lib/util/pkcs11t.h, lib/util/secoid.c, nss-
tool/enc/enctool.cc:
Bug 1603628 Update NSS to handle PKCS #11 v3.0 r=daiki r=mhoye


This patch implements the first phase: updating the headers.

lib/util/pkcs11.h lib/util/pkcs11f.h lib/util/pkcs11t.h

Were updated using the released OASIS PKCS #11 v3.0 header files.
lib/util/pkcs11n.h was updated to finally deprecate all uses of
CK?_NETSCAPE_?.

A new define as added: NSS_PKCS11_2_0_COMPAT. If it's defined, the
small semantic changes (including the removal of deprecated defines)
between the NSS PKCS #11 v2 header file and the new PKCS #11 v3 are
reverted in favor of the PKCS #11 v2 definitions. This include the
removal of CK?_NETSCAPE_? in favor of CK?_NSS_?.

One notable change was caused by an inconsistancy between the spec
and the released headers in PKCS #11 v2.40. CK_GCM_PARAMS had an
extra field in the header that was not in the spec. OASIS considers
the header file to be normative, so PKCS #11 v3.0 resolved the issue
in favor of the header file definition. NSS had the spec definition,
so now there are 2 defines for this structure:

CK_NSS_GCM_PARAMS - the old nss define. Still used internally in
freebl. CK_GCM_PARAMS_V3 - the new define. CK_GCM_PARAMS - no longer
referenced in NSS itself. It's defined as CK_GCM_PARAMS_V3 if
NSS_PKCS11_2_0_COMPAT is *not* defined, and it's defined as
CKM_NSS_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is defined.

Softoken has been updated to accept either CK_NSS_GCM_PARAMS or
CK_GCM_PARAMS_V3. In a future patch NSS will be updated to use
CK_GCM_PARAMS_V3 and fall back to CK_NSS_GMC_PARAMS.

One other semantic difference between the 3.0 version of pkcs11f.h
and the version here: In the oasis version of the header, you must
define CK_PKCS11_2_0_ONLY to get just the PKCS #11 v2 defines. In
our version you must define CK_PKCS11_3 to get the PCKS #11 v3
defines.

Most of this patch is to handle changing the deprecated defines that
have been removed in PCKS #11 v3 from NSS.

[b5d90a7fe217]

2020-03-16 Kevin Jacobs <kjacobs@mozilla.com>

* automation/abi-check/expected-report-libssl3.so.txt,
gtests/ssl_gtest/libssl_internals.c,
gtests/ssl_gtest/libssl_internals.h, gtests/ssl_gtest/tls_agent.cc,
gtests/ssl_gtest/tls_agent.h,
gtests/ssl_gtest/tls_subcerts_unittest.cc, lib/ssl/SSLerrs.h,
lib/ssl/ssl.h, lib/ssl/ssl3con.c, lib/ssl/ssl3ext.c,
lib/ssl/ssl3ext.h, lib/ssl/sslerr.h, lib/ssl/sslimpl.h,
lib/ssl/sslt.h, lib/ssl/tls13exthandle.c, lib/ssl/tls13subcerts.c,
tests/common/certsetup.sh, tests/ssl_gtests/ssl_gtests.sh:
Bug 1617968 - Update Delegated Credentials implementation to
draft-07 r=mt

Remove support for RSAE in delegated credentials (both in DC
signatures and SPKIs), add SignatureScheme list functionality to
initial DC extension.

[44eb9e27d946]

2020-03-13 Robert Relyea <rrelyea@redhat.com>

* cmd/fipstest/fipstest.c:
Bug 1608250 KBKDF - broken fipstest handling of KI_len r=rrelyea
p=cipherboy


When testing Bug 1608245, I realized that I had inadvertently broken
fipstest.c's handling of KI and KI_len. This lead to it passing
bogus keys (with unusually large lengths exceeding the bounds of
sizeof KI) to kbkdf_Dispatch(...).

This uses Bob Relyea's suggestion on how to handle this: detect the
size of KI when processing the mech selection, storing KI_len there.
This simplifies reading of the KI value in later code.
[d7b12847a650]

* lib/softoken/kbkdf.c:
Bug 1608245 KBKDF - Consistently handle NULL slot/session r=kjacobs
Patch by cipherboy, review by kjacobs.


Per Bug 1607955, the KBKDF code introduced in Bug 1599603 confused
Coverity with a elided NULL check on
sftk_SlotFromSessionHandle(...). While Coverity is incorrect (and
the behavior is fine as-is), it isn't consistent with the KBKDF
code's handling of sftk_SessionFromHandle(...) (which is NULL
checked).

This brings these two call sites into internal consistency.
[4c43bc0998f3]
Attachment #9133982 - Attachment is obsolete: true
Pushed by cbrindusan@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c72b367c6344
land NSS 0225889e5292 UPGRADE_NSS_RELEASE, r=jcj
Attachment #9136397 - Attachment is obsolete: true
Attachment #9136396 - Attachment is obsolete: true
Summary: Upgrade Firefox 76 to use NSS 3.52 → Upgrade Firefox 76 to use NSS 3.51.1
Pushed by dluca@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/23ed28f260bd
land NSS 581ed41d0a8d UPGRADE_NSS_RELEASE, r=jcj
Pushed by shindli@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a10269a71dad
land NSS NSS_3_51_1_BETA1 UPGRADE_NSS_RELEASE, r=jcj

2020-04-03 Kevin Jacobs <kjacobs@mozilla.com>

* lib/nss/nss.h, lib/softoken/softkver.h, lib/util/nssutil.h:
Set version numbers to 3.51.1 final
[81a16f9b6562] [NSS_3_51_1_RTM] <NSS_3_51_BRANCH>

2020-04-01 Kevin Jacobs <kjacobs@mozilla.com>

* .hgtags:
Added tag NSS_3_51_1_BETA1 for changeset 581ed41d0a8d
[99b5a3b50511] <NSS_3_51_BRANCH>
Keywords: leave-open
Pushed by opoprus@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9ebaee5f3b75
land NSS NSS_3_51_1_RTM UPGRADE_NSS_RELEASE, r=jcj
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla76

Firefox 76.0b1 cant be build using --with-system-nss, as it now requires 3.51.1 but no release is available at https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_51_1_RTM/src/ (404 as of now, linked from the relnotes at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.51.1_release_notes)

:jcj, can you make the tarball available ? thanks!

Flags: needinfo?(jjones)

It's uploaded now, I'm sorry about that.

Flags: needinfo?(jjones)
You need to log in before you can comment on or make changes to this bug.