Update NSS to NSS_3_15_BETA2.

nss/lib/softoken/pkcs11.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file implements PKCS 11 on top of our existing security modules
  *
  * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
  *   This implementation has two slots:
  *      slot 1 is our generic crypto support. It does not require login.
  *   It supports Public Key ops, and all they bulk ciphers and hashes. 
@@ skipping 286 matching lines @@
      {CKM_DSA_SHA1,             {DSA_MIN_P_BITS, DSA_MAX_P_BITS,
                                  CKF_SN_VR},              PR_TRUE},
      /* -------------------- Diffie Hellman Operations --------------------- */
      /* no diffie hellman yet */
      {CKM_DH_PKCS_KEY_PAIR_GEN, {DH_MIN_P_BITS, DH_MAX_P_BITS, 
                                  CKF_GENERATE_KEY_PAIR}, PR_TRUE}, 
      {CKM_DH_PKCS_DERIVE,       {DH_MIN_P_BITS, DH_MAX_P_BITS,
                                  CKF_DERIVE},   PR_TRUE}, 
 #ifdef NSS_ENABLE_ECC
      /* -------------------- Elliptic Curve Operations --------------------- */
-     {CKM_EC_KEY_PAIR_GEN,      {112, 571, CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE}, 
-     {CKM_ECDH1_DERIVE,         {112, 571, CKF_DERIVE|CKF_EC_BPNU}, PR_TRUE}, 
-     {CKM_ECDSA,                {112, 571, CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, 
-     {CKM_ECDSA_SHA1,           {112, 571, CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, 
+     {CKM_EC_KEY_PAIR_GEN,      {EC_MIN_KEY, EC_MAX_KEY, 
+                                 CKF_GENERATE_KEY_PAIR|CKF_EC_BPNU}, PR_TRUE}, 
+     {CKM_ECDH1_DERIVE,         {EC_MIN_KEY, EC_MAX_KEY,
+                                 CKF_DERIVE|CKF_EC_BPNU}, PR_TRUE}, 
+     {CKM_ECDSA,                {EC_MIN_KEY, EC_MAX_KEY,
+                                 CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, 
+     {CKM_ECDSA_SHA1,           {EC_MIN_KEY, EC_MAX_KEY,
+                                 CKF_SN_VR|CKF_EC_BPNU}, PR_TRUE}, 
 #endif /* NSS_ENABLE_ECC */
      /* ------------------------- RC2 Operations --------------------------- */
      {CKM_RC2_KEY_GEN,          {1, 128, CKF_GENERATE},         PR_TRUE},
      {CKM_RC2_ECB,              {1, 128, CKF_EN_DE_WR_UN},      PR_TRUE},
      {CKM_RC2_CBC,              {1, 128, CKF_EN_DE_WR_UN},      PR_TRUE},
      {CKM_RC2_MAC,              {1, 128, CKF_SN_VR},            PR_TRUE},
      {CKM_RC2_MAC_GENERAL,      {1, 128, CKF_SN_VR},            PR_TRUE},
      {CKM_RC2_CBC_PAD,          {1, 128, CKF_EN_DE_WR_UN},      PR_TRUE},
      /* ------------------------- RC4 Operations --------------------------- */
      {CKM_RC4_KEY_GEN,          {1, 256, CKF_GENERATE},         PR_FALSE},
@@ skipping 59 matching lines @@
      {CKM_SHA256,               {0,   0, CKF_DIGEST},           PR_FALSE},
      {CKM_SHA256_HMAC,          {1, 128, CKF_SN_VR},            PR_TRUE},
      {CKM_SHA256_HMAC_GENERAL,  {1, 128, CKF_SN_VR},            PR_TRUE},
      {CKM_SHA384,               {0,   0, CKF_DIGEST},           PR_FALSE},
      {CKM_SHA384_HMAC,          {1, 128, CKF_SN_VR},            PR_TRUE},
      {CKM_SHA384_HMAC_GENERAL,  {1, 128, CKF_SN_VR},            PR_TRUE},
      {CKM_SHA512,               {0,   0, CKF_DIGEST},           PR_FALSE},
      {CKM_SHA512_HMAC,          {1, 128, CKF_SN_VR},            PR_TRUE},
      {CKM_SHA512_HMAC_GENERAL,  {1, 128, CKF_SN_VR},            PR_TRUE},
      {CKM_TLS_PRF_GENERAL,      {0, 512, CKF_SN_VR},            PR_FALSE},
+     {CKM_NSS_TLS_PRF_GENERAL_SHA256,
+                                {0, 512, CKF_SN_VR},            PR_FALSE},
      /* ------------------------- HKDF Operations -------------------------- */
      {CKM_NSS_HKDF_SHA1,        {1, 128, CKF_DERIVE},           PR_TRUE},
      {CKM_NSS_HKDF_SHA256,      {1, 128, CKF_DERIVE},           PR_TRUE},
      {CKM_NSS_HKDF_SHA384,      {1, 128, CKF_DERIVE},           PR_TRUE},
      {CKM_NSS_HKDF_SHA512,      {1, 128, CKF_DERIVE},           PR_TRUE},
      /* ------------------------- CAST Operations --------------------------- */
 #ifdef NSS_SOFTOKEN_DOES_CAST
      /* Cast operations are not supported ( yet? ) */
      {CKM_CAST_KEY_GEN,         {1,  8, CKF_GENERATE},          PR_TRUE}, 
      {CKM_CAST_ECB,             {1,  8, CKF_EN_DE_WR_UN},       PR_TRUE}, 
@@ skipping 47 matching lines @@
      {CKM_SSL3_MD5_MAC,                 { 0, 16, CKF_DERIVE},   PR_FALSE}, 
      {CKM_SSL3_SHA1_MAC,                { 0, 20, CKF_DERIVE},   PR_FALSE}, 
      {CKM_MD5_KEY_DERIVATION,           { 0, 16, CKF_DERIVE},   PR_FALSE}, 
      {CKM_MD2_KEY_DERIVATION,           { 0, 16, CKF_DERIVE},   PR_FALSE}, 
      {CKM_SHA1_KEY_DERIVATION,          { 0, 20, CKF_DERIVE},   PR_FALSE}, 
      {CKM_SHA224_KEY_DERIVATION,        { 0, 28, CKF_DERIVE},   PR_FALSE}, 
      {CKM_SHA256_KEY_DERIVATION,        { 0, 32, CKF_DERIVE},   PR_FALSE}, 
      {CKM_SHA384_KEY_DERIVATION,        { 0, 48, CKF_DERIVE},   PR_FALSE}, 
      {CKM_SHA512_KEY_DERIVATION,        { 0, 64, CKF_DERIVE},   PR_FALSE}, 
      {CKM_TLS_MASTER_KEY_DERIVE,        {48, 48, CKF_DERIVE},   PR_FALSE}, 
+     {CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256,
+                                        {48, 48, CKF_DERIVE},   PR_FALSE},
      {CKM_TLS_MASTER_KEY_DERIVE_DH,     {8, 128, CKF_DERIVE},   PR_FALSE}, 
+     {CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256,
+                                        {8, 128, CKF_DERIVE},   PR_FALSE},
      {CKM_TLS_KEY_AND_MAC_DERIVE,       {48, 48, CKF_DERIVE},   PR_FALSE}, 
+     {CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
+                                        {48, 48, CKF_DERIVE},   PR_FALSE},
      /* ---------------------- PBE Key Derivations  ------------------------ */
      {CKM_PBE_MD2_DES_CBC,              {8, 8, CKF_DERIVE},   PR_TRUE},
      {CKM_PBE_MD5_DES_CBC,              {8, 8, CKF_DERIVE},   PR_TRUE},
      /* ------------------ NETSCAPE PBE Key Derivations  ------------------- */
      {CKM_NETSCAPE_PBE_SHA1_DES_CBC,         { 8, 8, CKF_GENERATE}, PR_TRUE},
      {CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC, {24,24, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_DES3_EDE_CBC,             {24,24, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_DES2_EDE_CBC,             {24,24, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_RC2_40_CBC,               {40,40, CKF_GENERATE}, PR_TRUE},
      {CKM_PBE_SHA1_RC2_128_CBC,              {128,128, CKF_GENERATE}, PR_TRUE},
@@ skipping 1418 matching lines @@
 
         if (sftk_hasAttribute(object, CKA_NETSCAPE_DB)) {
             crv = sftk_Attribute2SSecItem(arena, &privKey->u.ec.publicValue,
                                 object, CKA_NETSCAPE_DB);
             if (crv != CKR_OK) break;
             /* privKey was zero'd so public value is already set to NULL, 0
              * if we don't set it explicitly */
         }
         rv = DER_SetUInteger(privKey->arena, &privKey->u.ec.version,
                           NSSLOWKEY_EC_PRIVATE_KEY_VERSION);
-        if (rv != SECSuccess) crv = CKR_HOST_MEMORY;
+        if (rv != SECSuccess) {
+            crv = CKR_HOST_MEMORY;
+            /* The following ifdef is needed for Linux arm distros and
+             * Android as gcc 4.6 has a bug when targeting arm (but not
+             * thumb). The bug has been fixed in gcc 4.7.
+             * http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56561
+             */
+#if defined (__arm__) && !defined(__thumb__) && defined (__GNUC__)
+            *crvp = CKR_HOST_MEMORY;
+            break;
+#endif
+        }
         break;
 #endif /* NSS_ENABLE_ECC */
 
     default:
         crv = CKR_KEY_TYPE_INCONSISTENT;
         break;
     }
     if (crv == CKR_OK && itemTemplateCount != 0) {
         PORT_Assert(itemTemplateCount > 0);
         PORT_Assert(itemTemplateCount <= SFTK_MAX_ITEM_TEMPLATE);
@@ skipping 2791 matching lines @@
 
 
 CK_RV NSC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
                                                          CK_VOID_PTR pReserved)
 {
     CHECK_FORK();
 
     return CKR_FUNCTION_NOT_SUPPORTED;
 }