Update NSS to 3.21 RTM and NSPR to 4.11 RTM

nss/lib/freebl/ec.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifdef FREEBL_NO_DEPEND
 #include "stubs.h"
 #endif
 
 
 #include "blapi.h"
@@ skipping 525 matching lines @@
 #if EC_DEBUG
     int i;
 #endif
 
     if (!publicValue || !ecParams || !privateValue || 
         !derivedSecret) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
 
+    /*
+     * We fail if the public value is the point at infinity, since
+     * this produces predictable results.
+     */
+    if (ec_point_at_infinity(publicValue)) {

[Ryan Sleevi, 2015/12/11 01:26:14]

Of interest

[davidben, 2015/12/11 22:10:58]

Pretty sure this was a no-op since then pointQ would have been infinity and line
576 would have tripped it up. ECDH can't handle the point at infinity as an
output to begin with. But okay.

This also came from https://bugzilla.mozilla.org/show_bug.cgi?id=1160139, so I'm
not surprised.

+        PORT_SetError(SEC_ERROR_BAD_KEY);
+        return SECFailure;
+    }
+
     MP_DIGITS(&k) = 0;
     memset(derivedSecret, 0, sizeof *derivedSecret);
     len = (ecParams->fieldID.size + 7) >> 3;  
     pointQ.len = 2*len + 1;
     if ((pointQ.data = PORT_Alloc(2*len + 1)) == NULL) goto cleanup;
 
     CHECK_MPI_OK( mp_init(&k) );
     CHECK_MPI_OK( mp_read_unsigned_octets(&k, privateValue->data, 
                                           (mp_size) privateValue->len) );
 
@@ skipping 520 matching lines @@
     printf("ECDSA verification %s\n",
         (rv == SECSuccess) ? "succeeded" : "failed");
 #endif
 #else
     PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG);
 #endif /* NSS_DISABLE_ECC */
 
     return rv;
 }