Update NSS to 3.21 RTM and NSPR to 4.11 RTM

nss/lib/util/pkcs11n.h

Index: nss/lib/util/pkcs11n.h
diff --git a/nss/lib/util/pkcs11n.h b/nss/lib/util/pkcs11n.h
index d48cef661a77d95c383786b0c057fa6d50f35a3e..86a396f38e29c84225fc444444ec1c6f50372ec6 100644
--- a/nss/lib/util/pkcs11n.h
+++ b/nss/lib/util/pkcs11n.h
@@ -28,7 +28,7 @@
 
 /*
  * NSS-defined object classes
- * 
+ *
  */
 #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
 
@@ -166,7 +166,7 @@
 #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10)
 
 /* J-PAKE round 2 key derivation mechanisms.
- * 
+ *
  * Required template attributes: CKA_NSS_JPAKE_PEERID
  * Input key type:  CKK_NSS_JPAKE_ROUND1
  * Output key type: CKK_NSS_JPAKE_ROUND2
@@ -178,14 +178,14 @@
 #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13)
 #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14)
 
-/* J-PAKE final key material derivation mechanisms 
+/* J-PAKE final key material derivation mechanisms
  *
  * Input key type:  CKK_NSS_JPAKE_ROUND2
  * Output key type: CKK_GENERIC_SECRET
  * Output key class: CKO_SECRET_KEY
  * Parameter type: CK_NSS_JPAKEFinalParams
  *
- * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material 
+ * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material
  * to get a key with uniformly distributed bits.
  */
 #define CKM_NSS_JPAKE_FINAL_SHA1    (CKM_NSS + 15)
@@ -216,8 +216,12 @@
 #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256   (CKM_NSS + 23)
 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
 
-#define CKM_NSS_CHACHA20_KEY_GEN                (CKM_NSS + 25)
-#define CKM_NSS_CHACHA20_POLY1305               (CKM_NSS + 26)
+/* TLS extended master secret derivation */
+#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE    (CKM_NSS + 25)
+#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26)
+
+#define CKM_NSS_CHACHA20_KEY_GEN                (CKM_NSS + 27)
+#define CKM_NSS_CHACHA20_POLY1305               (CKM_NSS + 28)

[davidben, 2015/12/11 22:10:58]

I assume we have no more consumers of these symbols that cared about ABI
stability?

(Did we ever? I dunno if we shipped the CHACHA20_POLY1305 patch on CrOS. I guess
CrOS hopefully doesn't mismatch the system headers and Chrome? Meh. Not a
problem now with the chimera.)

[Ryan Sleevi, 2015/12/11 22:20:44]

We actually don't ship the CHACHA20_POLY1305 patch on CrOS. That used to be
something that I wanted to work on, but didn't precisely because of the
ABI/landing timing issues.

I still want to land the CrOS fixes first and will be sending those out later
today :)

 
 /*
  * HISTORICAL:
@@ -305,7 +309,7 @@ typedef struct CK_NSS_AEAD_PARAMS {
 
 /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms.
    See RFC 5869.
-   
+
     bExtract: If set, HKDF-Extract will be applied to the input key. If
               the optional salt is given, it is used; otherwise, the salt is
               set to a sequence of zeros equal in length to the HMAC output.
@@ -331,6 +335,31 @@ typedef struct CK_NSS_HKDFParams {
 } CK_NSS_HKDFParams;
 
 /*
+ * Parameter for the TLS extended master secret key derivation mechanisms:
+ *
+ *  * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
+ *  * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
+ *
+ * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash
+ * function used. For earlier versions of the PRF, set the prfHashMechanism
+ * value to CKM_TLS_PRF.
+ *
+ * The session hash input is expected to be the output of the same hash
+ * function as the PRF uses (as required by draft-ietf-tls-session-hash).  So
+ * the ulSessionHashLen member must be equal the output length of the hash
+ * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF,
+ * the length of concatenated MD5 and SHA-1 digests).
+ *
+ */
+typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
+    CK_MECHANISM_TYPE prfHashMechanism;
+    CK_BYTE_PTR pSessionHash;
+    CK_ULONG ulSessionHashLen;
+    CK_VERSION_PTR pVersion;
+} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS;
+
+
+/*
  * Trust info
  *
  * This isn't part of the Cryptoki standard (yet), so I'm putting
@@ -354,7 +383,7 @@ typedef CK_ULONG          CK_TRUST;
 #define CKT_NSS_NOT_TRUSTED        (CKT_NSS + 10)
 #define CKT_NSS_TRUST_UNKNOWN      (CKT_NSS + 5) /* default */
 
-/* 
+/*
  * These may well remain NSS-specific; I'm only using them
  * to cache resolution data.
  */
@@ -465,7 +494,7 @@ typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated
 #define SECMOD_MODULE_DB_FUNCTION_FIND  0
 #define SECMOD_MODULE_DB_FUNCTION_ADD   1
 #define SECMOD_MODULE_DB_FUNCTION_DEL   2
-#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 
+#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
                                         char *parameters, void *moduleSpec);