Reland http://crrev.com/209278

Update dependency to NSS >= 3.14.3 and NSPR >= 4.9.2

Technically NSS 3.14.3 depends on NSPR 4.9.5, but Debian stable still
ships 4.9.2 on stable, so this is the lower bound.

3.14.3 contains a number of important security fixes, and support for
older systems is no longer desirable.

BUG=245370
TBR=thestig@chromium.org, wtc@chromium.org

Review URL: https://chromiumcodereview.appspot.com/18332012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@209515 0039d316-1c4b-4281-b951-d872f2087c98

13 files changed, 16 insertions, 156 deletions

diff --git a/chrome/installer/linux/debian/build.sh b/chrome/installer/linux/debian/build.sh
index d9d98a1..48df8e9 100755
--- a/chrome/installer/linux/debian/build.sh
+++ b/chrome/installer/linux/debian/build.sh
@@ -295,7 +295,7 @@ ADDITION_DEPS="ca-certificates, libcurl3, \
 # exists, but it was moved to "universe" repository, which isn't installed by
 # default).
 DPKG_SHLIB_DEPS=$(sed \
-    's/\(libnspr4-0d ([^)]*)\), /\1 | libnspr4 (>= 4.8.7-0ubuntu1), /g' \
+    's/\(libnspr4-0d ([^)]*)\), /\1 | libnspr4 (>= 4.9.5-0ubuntu0), /g' \
     <<< $DPKG_SHLIB_DEPS)
 
 # Fix-up libudev dependency because Ubuntu 13.04 has libudev1 instead of
diff --git a/chrome/installer/linux/debian/expected_deps b/chrome/installer/linux/debian/expected_deps
index 0e16912..2668316 100644
--- a/chrome/installer/linux/debian/expected_deps
+++ b/chrome/installer/linux/debian/expected_deps
@@ -14,8 +14,8 @@ libgcrypt11 (>= 1.4.5)
 libgdk-pixbuf2.0-0 (>= 2.22.0)
 libglib2.0-0 (>= 2.18.0)
 libgtk2.0-0 (>= 2.24.0)
-libnspr4 (>= 1.8.0.10)
-libnss3 (>= 3.12.6)
+libnspr4 (>= 4.9.2)
+libnss3 (>= 3.14.3)
 libpango1.0-0 (>= 1.22.0)
 libstdc++6 (>= 4.6)
 libudev0 (>= 147)
diff --git a/chrome/installer/linux/rpm/build.sh b/chrome/installer/linux/rpm/build.sh
index 544a46a..7134e59 100755
--- a/chrome/installer/linux/rpm/build.sh
+++ b/chrome/installer/linux/rpm/build.sh
@@ -124,7 +124,7 @@ do_package() {
   # https://bugzilla.novell.com/show_bug.cgi?id=556248
   DEPENDS="lsb >= 4.0, \
   libcurl.so.4${EMPTY_VERSION}${PKG_ARCH}, \
-  libnss3.so(NSS_3.12.3)${PKG_ARCH}, \
+  libnss3.so(NSS_3.14.3)${PKG_ARCH}, \
   wget, \
   xdg-utils, \
   zlib, \
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index 850d47d..52bb054 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -384,23 +384,17 @@ class NSSInitSingleton {
     base::TimeTicks start_time = base::TimeTicks::Now();
     EnsureNSPRInit();
 
-    // We *must* have NSS >= 3.12.3.  See bug 26448.
+    // We *must* have NSS >= 3.14.3.
     COMPILE_ASSERT(
-        (NSS_VMAJOR == 3 && NSS_VMINOR == 12 && NSS_VPATCH >= 3) ||
-        (NSS_VMAJOR == 3 && NSS_VMINOR > 12) ||
+        (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) ||
+        (NSS_VMAJOR == 3 && NSS_VMINOR > 14) ||
         (NSS_VMAJOR > 3),
         nss_version_check_failed);
     // Also check the run-time NSS version.
     // NSS_VersionCheck is a >= check, not strict equality.
-    if (!NSS_VersionCheck("3.12.3")) {
-      // It turns out many people have misconfigured NSS setups, where
-      // their run-time NSPR doesn't match the one their NSS was compiled
-      // against.  So rather than aborting, complain loudly.
-      LOG(ERROR) << "NSS_VersionCheck(\"3.12.3\") failed.  "
-                    "We depend on NSS >= 3.12.3, and this error is not fatal "
-                    "only because many people have busted NSS setups (for "
-                    "example, using the wrong version of NSPR). "
-                    "Please upgrade to the latest NSS and NSPR, and if you "
+    if (!NSS_VersionCheck("3.14.3")) {
+      LOG(FATAL) << "NSS_VersionCheck(\"3.14.3\") failed. NSS >= 3.14.3 is "
+                    "required. Please upgrade to the latest NSS, and if you "
                     "still get this error, contact your distribution "
                     "maintainer.";
     }
diff --git a/crypto/signature_creator_nss.cc b/crypto/signature_creator_nss.cc
index 3a30efb..82e4444 100644
--- a/crypto/signature_creator_nss.cc
+++ b/crypto/signature_creator_nss.cc
@@ -44,11 +44,7 @@ SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) {
 }
 
 bool SignatureCreator::Update(const uint8* data_part, int data_part_len) {
-  // TODO(wtc): Remove this const_cast when we require NSS 3.12.5.
-  // See NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=518255
-  SECStatus rv = SGN_Update(sign_context_,
-                            const_cast<unsigned char*>(data_part),
-                            data_part_len);
+  SECStatus rv = SGN_Update(sign_context_, data_part, data_part_len);
   if (rv != SECSuccess) {
     NOTREACHED();
     return false;
diff --git a/net/cert/cert_verify_proc_nss.cc b/net/cert/cert_verify_proc_nss.cc
index 2a944e6..c3b3ae8 100644
--- a/net/cert/cert_verify_proc_nss.cc
+++ b/net/cert/cert_verify_proc_nss.cc
@@ -158,10 +158,6 @@ CertStatus MapCertErrorToCertStatus(int err) {
 void GetCertChainInfo(CERTCertList* cert_list,
                       CERTCertificate* root_cert,
                       CertVerifyResult* verify_result) {
-  // NOTE: Using a NSS library before 3.12.3.1 will crash below.  To see the
-  // NSS version currently in use:
-  // 1. use ldd on the chrome executable for NSS's location (ie. libnss3.so*)
-  // 2. use ident libnss3.so* for the library's version
   DCHECK(cert_list);
 
   CERTCertificate* verified_cert = NULL;
@@ -346,31 +342,6 @@ SECStatus PKIXVerifyCert(CERTCertificate* cert_handle,
   bool use_crl = check_revocation;
   bool use_ocsp = check_revocation;
 
-  // These CAs have multiple keys, which trigger two bugs in NSS's CRL code.
-  // 1. NSS may use one key to verify a CRL signed with another key,
-  //    incorrectly concluding that the CRL's signature is invalid.
-  //    Hopefully this bug will be fixed in NSS 3.12.9.
-  // 2. NSS considers all certificates issued by the CA as revoked when it
-  //    receives a CRL with an invalid signature.  This overly strict policy
-  //    has been relaxed in NSS 3.12.7.  See
-  //    https://bugzilla.mozilla.org/show_bug.cgi?id=562542.
-  // So we have to turn off CRL checking for these CAs.  See
-  // http://crbug.com/55695.
-  static const char* const kMultipleKeyCA[] = {
-    "CN=Microsoft Secure Server Authority,"
-    "DC=redmond,DC=corp,DC=microsoft,DC=com",
-    "CN=Microsoft Secure Server Authority",
-  };
-
-  if (!NSS_VersionCheck("3.12.7")) {
-    for (size_t i = 0; i < arraysize(kMultipleKeyCA); ++i) {
-      if (strcmp(cert_handle->issuerName, kMultipleKeyCA[i]) == 0) {
-        use_crl = false;
-        break;
-      }
-    }
-  }
-
   PRUint64 revocation_method_flags =
       CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD |
       CERT_REV_M_ALLOW_NETWORK_FETCHING |
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index bffadfa..ca71836 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1274,7 +1274,6 @@ SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(
     PRFileDesc* socket,
     PRBool checksig,
     PRBool is_server) {
-#ifdef SSL_ENABLE_FALSE_START
   Core* core = reinterpret_cast<Core*>(arg);
   if (!core->handshake_callback_called_) {
     // Only need to turn off False Start in the initial handshake. Also, it is
@@ -1291,7 +1290,6 @@ SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(
       SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE);
     }
   }
-#endif
 
   // Tell NSS to not verify the certificate.
   return SECSuccess;
@@ -2419,8 +2417,8 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
          SSL_CONNECTION_COMPRESSION_MASK) <<
         SSL_CONNECTION_COMPRESSION_SHIFT;
 
-    // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS
-    // doesn't support them yet), so we use 0x0302 and 0x0303 directly.
+    // NSS 3.14.x doesn't have a version macro for TLS 1.2 (because NSS didn't
+    // support it yet), so use 0x0303 directly.
     int version = SSL_CONNECTION_VERSION_UNKNOWN;
     if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) {
       // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL
@@ -2430,7 +2428,7 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
       version = SSL_CONNECTION_VERSION_SSL3;
     } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) {
       version = SSL_CONNECTION_VERSION_TLS1;
-    } else if (channel_info.protocolVersion == 0x0302) {
+    } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_1) {
       version = SSL_CONNECTION_VERSION_TLS1_1;
     } else if (channel_info.protocolVersion == 0x0303) {
       version = SSL_CONNECTION_VERSION_TLS1_2;
@@ -2440,10 +2438,6 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
         SSL_CONNECTION_VERSION_SHIFT;
   }
 
-  // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6.
-  // Since SSL_MAX_EXTENSIONS was added at the same time, we can test
-  // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension.
-#if defined(SSL_MAX_EXTENSIONS)
   PRBool peer_supports_renego_ext;
   ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
                                         &peer_supports_renego_ext);
@@ -2477,7 +2471,6 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
                             peer_supports_renego_ext == PR_TRUE);
     }
   }
-#endif
 
   if (ssl_config_.version_fallback) {
     nss_handshake_state_.ssl_connection_status |=
@@ -3153,25 +3146,18 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
     SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
   }
 
-#ifdef SSL_ENABLE_SESSION_TICKETS
   // Support RFC 5077
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(
         net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
   }
-#else
-  #error "You need to install NSS-3.12 or later to build chromium"
-#endif
 
-#ifdef SSL_ENABLE_FALSE_START
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
                      ssl_config_.false_start_enabled);
   if (rv != SECSuccess)
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
-#endif
 
-#ifdef SSL_ENABLE_RENEGOTIATION
   // We allow servers to request renegotiation. Since we're a client,
   // prohibiting this is rather a waste of time. Only servers are in a
   // position to prevent renegotiation attacks.
@@ -3183,14 +3169,12 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
     LogFailedNSSFunction(
         net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
   }
-#endif  // SSL_ENABLE_RENEGOTIATION
 
-#ifdef SSL_CBC_RANDOM_IV
   rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, PR_TRUE);
   if (rv != SECSuccess)
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV");
-#endif
 
+// Added in NSS 3.15
 #ifdef SSL_ENABLE_OCSP_STAPLING
   if (IsOCSPStaplingSupported()) {
     rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
@@ -3201,6 +3185,7 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
   }
 #endif
 
+// Chromium patch to libssl
 #ifdef SSL_ENABLE_CACHED_INFO
   rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO,
                      ssl_config_.cached_info_enabled);
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index 197c2d6..4c7e137 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -75,10 +75,6 @@ Patches:
     patches/cbc.patch
     https://code.google.com/p/chromium/issues/detail?id=172658#c12
 
-  * Define AES_256_KEY_LENGTH if the system blapit.h header doesn't define it.
-    Remove this patch when all system NSS packages are NSS 3.12.10 or later.
-    patches/aes256keylength.patch
-
   * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS
     versions older than 3.15 report an EC key size range of 112 bits to 571
     bits, even when it is compiled to support only the NIST P-256, P-384, and
diff --git a/net/third_party/nss/patches/aes256keylength.patch b/net/third_party/nss/patches/aes256keylength.patch
deleted file mode 100644
index e77e16e..0000000
--- a/net/third_party/nss/patches/aes256keylength.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -pu a/nss/lib/ssl/sslsnce.c b/nss/lib/ssl/sslsnce.c
---- a/nss/lib/ssl/sslsnce.c	2013-04-27 09:17:17.216390477 -0700
-+++ b/nss/lib/ssl/sslsnce.c	2013-04-27 09:41:36.887048239 -0700
-@@ -87,6 +87,11 @@
- #include "nspr.h"
- #include "sslmutex.h"
- 
-+/* AES_256_KEY_LENGTH was added to blapit.h in NSS 3.12.10. */
-+#ifndef AES_256_KEY_LENGTH
-+#define AES_256_KEY_LENGTH      32  /* bytes */
-+#endif
-+
- /*
- ** Format of a cache entry in the shared memory.
- */ 
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index e8d9f5f..aee9fb0 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -38,8 +38,6 @@ patch -p4 < $patches_dir/secretexporterlocks.patch
 
 patch -p4 < $patches_dir/cbc.patch
 
-patch -p4 < $patches_dir/aes256keylength.patch
-
 patch -p4 < $patches_dir/suitebonly.patch
 
 patch -p4 < $patches_dir/secitemarray.patch
diff --git a/net/third_party/nss/ssl.gyp b/net/third_party/nss/ssl.gyp
index 31567c2..c5d7ede 100644
--- a/net/third_party/nss/ssl.gyp
+++ b/net/third_party/nss/ssl.gyp
@@ -68,7 +68,6 @@
         'ssl/win32err.c',
         'ssl/win32err.h',
         'ssl/bodge/secitem_array.c',
-        'ssl/bodge/secure_memcmp.c',
       ],
       'sources!': [
         'ssl/os2_err.c',
diff --git a/net/third_party/nss/ssl/bodge/secure_memcmp.c b/net/third_party/nss/ssl/bodge/secure_memcmp.c
deleted file mode 100644
index b18579c..0000000
--- a/net/third_party/nss/ssl/bodge/secure_memcmp.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-// This file exists to provide the secure memcmp function. This was added in
-// NSS 3.12.5.
-
-#include <stdlib.h>
-
-/*
- * Perform a constant-time compare of two memory regions. The return value is
- * 0 if the memory regions are equal and non-zero otherwise.
- */
-int
-NSS_SecureMemcmp(const void *ia, const void *ib, size_t n)
-{
-    const unsigned char *a = (const unsigned char*) ia;
-    const unsigned char *b = (const unsigned char*) ib;
-    size_t i;
-    unsigned char r = 0;
-
-    for (i = 0; i < n; ++i) {
-        r |= *a++ ^ *b++;
-    }
-
-    return r;
-}
diff --git a/net/third_party/nss/ssl/sslsnce.c b/net/third_party/nss/ssl/sslsnce.c
index 6b30f7d..eb39b5d 100644
--- a/net/third_party/nss/ssl/sslsnce.c
+++ b/net/third_party/nss/ssl/sslsnce.c
@@ -87,11 +87,6 @@
 #include "nspr.h"
 #include "sslmutex.h"
 
-/* AES_256_KEY_LENGTH was added to blapit.h in NSS 3.12.10. */
-#ifndef AES_256_KEY_LENGTH
-#define AES_256_KEY_LENGTH      32  /* bytes */
-#endif
-
 /*
 ** Format of a cache entry in the shared memory.
 */