Update to NSS 3.14.3 Beta 1 for the TLS CBC constant-time

mozilla/security/nss/lib/util/pkcs11n.h

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef _PKCS11N_H_
 #define _PKCS11N_H_
 
 #ifdef DEBUG
-static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.28 $ $Date: 2012/04/25 14:50:16 $";
+static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $ $Date: 2013/02/07 01:29:19 $";
 #endif /* DEBUG */
 
 /*
  * pkcs11n.h
  *
  * This file contains the NSS-specific type definitions for Cryptoki
  * (PKCS#11).
  */
 
 /*
@@ skipping 168 matching lines @@
  * Parameter type: CK_NSS_JPAKEFinalParams
  *
  * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material 
  * to get a key with uniformly distributed bits.
  */
 #define CKM_NSS_JPAKE_FINAL_SHA1    (CKM_NSS + 15)
 #define CKM_NSS_JPAKE_FINAL_SHA256  (CKM_NSS + 16)
 #define CKM_NSS_JPAKE_FINAL_SHA384  (CKM_NSS + 17)
 #define CKM_NSS_JPAKE_FINAL_SHA512  (CKM_NSS + 18)
 
+#define CKM_NSS_HMAC_CONSTANT_TIME      (CKM_NSS + 19)
+#define CKM_NSS_SSL3_MAC_CONSTANT_TIME  (CKM_NSS + 20)
+
 /*
  * HISTORICAL:
  * Do not attempt to use these. They are only used by NETSCAPE's internal
  * PKCS #11 interface. Most of these are place holders for other mechanism
  * and will change in the future.
  */
 #define CKM_NETSCAPE_PBE_SHA1_DES_CBC           0x80000002UL
 #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC    0x80000003UL
 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC    0x80000004UL
 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC   0x80000005UL
@@ skipping 25 matching lines @@
     CK_ULONG ulSharedKeyLen;     /* in */
     CK_NSS_JPAKEPublicValue gx3; /* in */
     CK_NSS_JPAKEPublicValue gx4; /* in */
     CK_NSS_JPAKEPublicValue A;   /* out */
 } CK_NSS_JPAKERound2Params;
 
 typedef struct CK_NSS_JPAKEFinalParams {
     CK_NSS_JPAKEPublicValue B; /* in */
 } CK_NSS_JPAKEFinalParams;
 
+/* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
+ * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen
+ * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an
+ * unsigned int variable to represent the length in bits. This should not
+ * be a problem because the SSL/TLS protocol limits the size of an SSL
+ * record to something considerably less than 2^32 bytes.
+ */
+typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
+    CK_MECHANISM_TYPE macAlg;   /* in */
+    CK_ULONG ulBodyTotalLen;    /* in */
+    CK_BYTE * pHeader;          /* in */
+    CK_ULONG ulHeaderLen;       /* in */
+} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
+
 /*
  * NSS-defined return values
  *
  */
 #define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
 
 #define CKR_NSS_CERTDB_FAILED      (CKR_NSS + 1)
 #define CKR_NSS_KEYDB_FAILED       (CKR_NSS + 2)
 
 /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms.
@@ skipping 163 matching lines @@
                                         char *parameters, void *moduleSpec);
 
 /* softoken slot ID's */
 #define SFTK_MIN_USER_SLOT_ID 4
 #define SFTK_MAX_USER_SLOT_ID 100
 #define SFTK_MIN_FIPS_USER_SLOT_ID 101
 #define SFTK_MAX_FIPS_USER_SLOT_ID 127
 
 
 #endif /* _PKCS11N_H_ */