Bug 1715772 - land NSS NSS_3_68_RTM UPGRADE_NSS_RELEASE, r=beurdouche

Differential Revision: https://phabricator.services.mozilla.com/D119577
dothq · Jul 11, 2021 · 5227b2b · 5227b2b
1 parent 81d28b5
commit 5227b2b
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 21 deletions.
diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO
@@ -1 +1 @@
-NSS_3_68_BETA1
+NSS_3_68_RTM
diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep
@@ -10,3 +10,4 @@
  */
 
 #error "Do not include this header file."
+
diff --git a/security/nss/gtests/ssl_gtest/tls_connect.cc b/security/nss/gtests/ssl_gtest/tls_connect.cc
@@ -248,38 +248,38 @@ void TlsConnectTestBase::ResetAntiReplay(PRTime window) {
   anti_replay_.reset(p_anti_replay);
 }
 
-void TlsConnectTestBase::MakeEcKeyParams(SECItem* params, SSLNamedGroup group) {
+ScopedSECItem TlsConnectTestBase::MakeEcKeyParams(SSLNamedGroup group) {
   auto groupDef = ssl_LookupNamedGroup(group);
-  ASSERT_NE(nullptr, groupDef);
+  EXPECT_NE(nullptr, groupDef);
 
   auto oidData = SECOID_FindOIDByTag(groupDef->oidTag);
-  ASSERT_NE(nullptr, oidData);
-  ASSERT_NE(nullptr,
-            SECITEM_AllocItem(nullptr, params, (2 + oidData->oid.len)));
+  EXPECT_NE(nullptr, oidData);
+  ScopedSECItem params(
+      SECITEM_AllocItem(nullptr, nullptr, (2 + oidData->oid.len)));
+  EXPECT_TRUE(!!params);
   params->data[0] = SEC_ASN1_OBJECT_ID;
   params->data[1] = oidData->oid.len;
   memcpy(params->data + 2, oidData->oid.data, oidData->oid.len);
+  return params;
 }
 
 void TlsConnectTestBase::GenerateEchConfig(
     HpkeKemId kem_id, const std::vector<HpkeSymmetricSuite>& cipher_suites,
     const std::string& public_name, uint16_t max_name_len, DataBuffer& record,
     ScopedSECKEYPublicKey& pubKey, ScopedSECKEYPrivateKey& privKey) {
   bool gen_keys = !pubKey && !privKey;
-  SECKEYECParams ecParams = {siBuffer, NULL, 0};
-  MakeEcKeyParams(&ecParams, ssl_grp_ec_curve25519);
 
   SECKEYPublicKey* pub = nullptr;
   SECKEYPrivateKey* priv = nullptr;
 
   if (gen_keys) {
-    priv = SECKEY_CreateECPrivateKey(&ecParams, &pub, nullptr);
+    ScopedSECItem ecParams = MakeEcKeyParams(ssl_grp_ec_curve25519);
+    priv = SECKEY_CreateECPrivateKey(ecParams.get(), &pub, nullptr);
   } else {
     priv = privKey.get();
     pub = pubKey.get();
   }
   ASSERT_NE(nullptr, priv);
-  SECITEM_FreeItem(&ecParams, PR_FALSE);
   PRUint8 encoded[1024];
   unsigned int encoded_len = 0;
   SECStatus rv = SSL_EncodeEchConfigId(

diff --git a/security/nss/gtests/ssl_gtest/tls_connect.h b/security/nss/gtests/ssl_gtest/tls_connect.h
@@ -146,7 +146,7 @@ class TlsConnectTestBase : public ::testing::Test {
   void SaveAlgorithmPolicy();
   void RestoreAlgorithmPolicy();
 
-  static void MakeEcKeyParams(SECItem* params, SSLNamedGroup group);
+  static ScopedSECItem MakeEcKeyParams(SSLNamedGroup group);
   static void GenerateEchConfig(
       HpkeKemId kem_id, const std::vector<HpkeSymmetricSuite>& cipher_suites,
       const std::string& public_name, uint16_t max_name_len, DataBuffer& record,

diff --git a/security/nss/gtests/ssl_gtest/tls_ech_unittest.cc b/security/nss/gtests/ssl_gtest/tls_ech_unittest.cc
@@ -182,14 +182,12 @@ class TlsConnectStreamTls13Ech : public TlsConnectTestBase {
     static const std::vector<HpkeSymmetricSuite> kSuites = {
         {HpkeKdfHkdfSha256, HpkeAeadAes128Gcm}};
 
-    SECKEYECParams ecParams = {siBuffer, NULL, 0};
-    MakeEcKeyParams(&ecParams, ssl_grp_ec_curve25519);
-
+    ScopedSECItem ecParams = MakeEcKeyParams(ssl_grp_ec_curve25519);
     ScopedSECKEYPublicKey pub;
     ScopedSECKEYPrivateKey priv;
     SECKEYPublicKey* pub_p = nullptr;
     SECKEYPrivateKey* priv_p =
-        SECKEY_CreateECPrivateKey(&ecParams, &pub_p, nullptr);
+        SECKEY_CreateECPrivateKey(ecParams.get(), &pub_p, nullptr);
     pub.reset(pub_p);
     priv.reset(priv_p);
     ASSERT_TRUE(!!pub);

diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
@@ -22,12 +22,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.68" _NSS_CUSTOMIZED " Beta"
+#define NSS_VERSION "3.68" _NSS_CUSTOMIZED
 #define NSS_VMAJOR 3
 #define NSS_VMINOR 68
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
-#define NSS_BETA PR_TRUE
+#define NSS_BETA PR_FALSE
 
 #ifndef RC_INVOKED
 

diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
@@ -17,11 +17,11 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.68" SOFTOKEN_ECC_STRING " Beta"
+#define SOFTOKEN_VERSION "3.68" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR 3
 #define SOFTOKEN_VMINOR 68
 #define SOFTOKEN_VPATCH 0
 #define SOFTOKEN_VBUILD 0
-#define SOFTOKEN_BETA PR_TRUE
+#define SOFTOKEN_BETA PR_FALSE
 
 #endif /* _SOFTKVER_H_ */
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
@@ -19,12 +19,12 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.68 Beta"
+#define NSSUTIL_VERSION "3.68"
 #define NSSUTIL_VMAJOR 3
 #define NSSUTIL_VMINOR 68
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
-#define NSSUTIL_BETA PR_TRUE
+#define NSSUTIL_BETA PR_FALSE
 
 SEC_BEGIN_PROTOS
Original file line number	Diff line number	Diff line change
Expand Up		@@ -10,3 +10,4 @@
		*/

		#error "Do not include this header file."