Commit graph

101 commits

Author SHA1 Message Date
ryoon
29237125d9 Update to 3.46.1
Changelog:
* 1582343 - Soft token MAC verification not constant time
* 1577953 - Remove arbitrary HKDF output limit by allocating space as needed
2019-10-04 12:35:15 +00:00
tnn
e4924276d8 nss: aarch64 build fix
From OpenBSD. Similar to PR pkg/53353 for ARM. Although different symbols
missing in that case and that's believed to be fixed already.
2019-09-19 19:14:39 +00:00
ryoon
ca6ee61d14 Update to 3.46
Changelog:
Notable Changes:
 * The following CA certificates were Removed:
  - 1574670 - Remove expired Class 2 Primary root certificate
  - 1574670 - Remove expired UTN-USERFirst-Client root certificat
  - 1574670 - Remove expired Deutsche Telekom Root CA 2 root certificate
  - 1566569 - Remove Swisscom Root CA 2 root certificate
 * Significant improvements to AES-GCM performance on ARM

Bugs fixed in NSS 3.46:

 * 1572164 - Don't unnecessarily free session in NSC_WrapKey
 * 1574220 - Improve controls after errors in tstcln, selfserv and vfyserv
cmds
 * 1550636 - Upgrade SQLite in NSS to a 2019 version
 * 1572593 - Reset advertised extensions in ssl_ConstructExtensions
 * 1415118 - NSS build with ./build.sh --enable-libpkix fails
 * 1539788 - Add length checks for cryptographic primitives
 * 1542077 - mp_set_ulong and mp_set_int should return errors on bad values
 * 1572791 - Read out-of-bounds in DER_DecodeTimeChoice_Util from
SSLExp_DelegateCredential
 * 1560593 - Cleanup.sh script does not set error exit code for tests that
"Failed with core"
 * 1566601 - Add Wycheproof test vectors for AES-KW
 * 1571316 - curve25519_32.c:280: undefined reference to `PR_Assert' when
building NSS 3.45 on armhf-linux
 * 1516593 - Client to generate new random during renegotiation
 * 1563258 - fips.sh fails due to non-existent "resp" directories
 * 1561598 - Remove -Wmaybe-uninitialized warning in pqg.c
 * 1560806 - Increase softoken password max size to 500 characters
 * 1568776 - Output paths relative to repository in NSS coverity
 * 1453408 - modutil -changepw fails in FIPS mode if password is an empty
string
 * 1564727 - Use a PSS SPKI when possible for delegated credentials
 * 1493916 - fix ppc64 inline assembler for clang
 * 1561588 - Remove -Wmaybe-uninitialized warning in p7env.c
 * 1561548 - Remove -Wmaybe-uninitialized warning in
pkix_pl_ldapdefaultclient.c
 * 1512605 - Incorrect alert description after unencrypted Finished msg
 * 1564715 - Read /proc/cpuinfo when AT_HWCAP2 returns 0
 * 1532194 - Remove or fix -DDEBUG_$USER from make builds
 * 1565577 - Visual Studio's cl.exe -? hangs on Windows x64 when building nss
since changeset 9162c654d06915f0f15948fbf67d4103a229226f
 * 1564875 - Improve rebuilding with build.sh
 * 1565243 - Support TC_OWNER without email address in nss taskgraph
 * 1563778 - Increase maxRunTime on Mac taskcluster Tools, SSL tests
 * 1561591 - Remove -Wmaybe-uninitialized warning in tstclnt.c
 * 1561587 - Remove -Wmaybe-uninitialized warning in lgattr.c
 * 1561558 - Remove -Wmaybe-uninitialized warning in httpserv.c
 * 1561556 - Remove -Wmaybe-uninitialized warning in tls13esni.c
 * 1561332 - ec.c:28 warning: comparison of integers of different signs: 'int'
and 'unsigned long'
 * 1564714 - Print certutil commands during setup
 * 1565013 - HACL image builder times out while fetching gpg key
 * 1563786 - Update hacl-star docker image to pull specific commit
 * 1559012 - Improve GCM perfomance using PMULL2
 * 1528666 - Correct resumption validation checks
 * 1568803 - More tests for client certificate authentication
 * 1564284 - Support profile mobility across Windows and Linux
 * 1573942 - Gtest for pkcs11.txt with different breaking line formats
 * 1575968 - Add strsclnt option to enforce the use of either IPv4 or IPv6
 * 1549847 - Fix NSS builds on iOS
 * 1485533 - Enable NSS_SSL_TESTS on taskcluster
2019-09-06 02:54:47 +00:00
ryoon
12982d4c82 Update to 3.45
Changelog:
New Functions

    in pk11pub.h:
	PK11_FindRawCertsWithSubject - Finds all certificates on the given
slot with the given subject distinguished name and returns them as DER bytes.
If no such certificates can be found, returns SECSuccess and sets *results to
NULL. If a failure is encountered while fetching any of the matching
certificates, SECFailure is returned and *results will be NULL.

Notable Changes in NSS 3.45

    Bug 1540403 - Implement Delegated Credentials (draft-ietf-tls-subcerts)
	This adds a new experimental function: SSL_DelegateCredential
	Note: In 3.45, selfserv does not yet support delegated credentials.
See Bug 1548360.
	Note: In 3.45 the SSLChannelInfo is left unmodified, while an upcoming
change in 3.46 will set SSLChannelInfo.authKeyBits to that of the delegated
credential for better policy enforcement. See Bug 1563078.
    Bug 1550579 - Replace ARM32 Curve25519 implementation with one from
fiat-crypto
    Bug 1551129 - Support static linking on Windows
    Bug 1552262 - Expose a function PK11_FindRawCertsWithSubject for finding
certificates with a given subject on a given slot
    Bug 1546229 - Add IPSEC IKE support to softoken
    Bug 1554616 - Add support for the Elbrus lcc compiler (<=1.23)
    Bug 1543874 - Expose an external clock for SSL
	This adds new experimental functions: SSL_SetTimeFunc,
SSL_CreateAntiReplayContext, SSL_SetAntiReplayContext, and
SSL_ReleaseAntiReplayContext.
	The experimental function SSL_InitAntiReplay is removed.
    Bug 1546477 - Various changes in response to the ongoing FIPS review
	Note: The source package size has increased substantially due to the
new FIPS test vectors. This will likely prompt follow-on work, but please
accept our apologies in the meantime.

Certificate Authority Changes

    The following CA certificates were Removed:
	Bug 1552374 - CN = Certinomis - Root CA
	    SHA-256 Fingerprint:
2A99F5BC1174B73CBB1D620884E01C34E51CCB3978DA125F0E33268883BF4158

Bugs fixed in NSS 3.45

    Bug 1540541 - Don't unnecessarily strip leading 0's from key material
during PKCS11 import (CVE-2019-11719)
    Bug 1515342 - More thorough input checking (CVE-2019-11729)
    Bug 1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
(CVE-2019-11727)
    Bug 1227090 - Fix a potential divide-by-zero in makePfromQandSeed from
lib/freebl/pqg.c (static analysis)
    Bug 1227096 - Fix a potential divide-by-zero in PQG_VerifyParams from
lib/freebl/pqg.c  (static analysis)
    Bug 1509432 - De-duplicate code between mp_set_long and mp_set_ulong
    Bug 1515011 - Fix a mistake with ChaCha20-Poly1305 test code where tags
could be faked. Only relevant for clients that might have copied the unit test
code verbatim
    Bug 1550022 - Ensure nssutil3 gets built on Android
    Bug 1528174 - ChaCha20Poly1305 should no longer modify output length on
failure
    Bug 1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo() returns
error
    Bug 1551041 - Fix builds using GCC < 4.3 on big-endian architectures
    Bug 1554659 - Add versioning to OpenBSD builds to fix link time errors
using NSS
    Bug 1553443 - Send session ticket only after handshake is marked as
finished
    Bug 1550708 - Fix gyp scripts on Solaris SPARC so that
libfreebl_64fpu_3.so builds
    Bug 1554336 - Optimize away unneeded loop in mpi.c
    Bug 1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor
specific mechanism
    Bug 1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible
    Bug 1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT
    Bug 1556591 - Eliminate races in uses of PK11_SetWrapKey
    Bug 1558681 - Stop using a global for anti-replay of TLS 1.3 early data
    Bug 1561510 - Fix a bug where removing -arch XXX args from CC didn't work
    Bug 1561523 - Add a string for the new-ish error
SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION
2019-07-30 12:18:43 +00:00
ryoon
86ebdff0d6 Update to 3.44.1
Changelog:
3.44.1:
* 1554336 - Optimize away unneeded loop in mpi.c
* 1515342 - More thorough input checking
* 1540541 - Don't unnecessarily strip leading 0's from key material during
PKCS11 import
* 1515236 - Add a SSLKEYLOGFILE enable/disable flag at build.sh
* 1546229 - Add IPSEC IKE support to softoken
* 1473806 - Fix SECKEY_ConvertToPublicKey handling of non-RSA keys
* 1546477 - Updates to testing for FIPS validation
* 1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3
* 1551041 - Unbreak build on GCC < 4.3 big-endian
2019-06-22 03:54:04 +00:00
ryoon
cf81c54b10 Update to 3.44
Changelog:
New Functions:

    in lib/certdb/cert.h
	CERT_GetCertificateDer - Access the DER-encoded form of a
CERTCertificate.

Notable Changes in NSS 3.44:

   * It is now possible to build NSS as a static library (Bug 1543545)
   * Initial support for building for iOS.

Bugs fixed in NSS 3.44:

   * 1501542 - Implement CheckARMSupport for Android
   * 1531244 - Use __builtin_bswap64 in crypto_primitives.h
   * 1533216 - CERT_DecodeCertPackage() crash with Netscape Certificate
Sequences
   * 1533616 - sdb_GetAttributeValueNoLock should make at most one sql query,
rather than one for each attribute
   * 1531236 - Provide accessor for CERTCertificate.derCert
   * 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine
   * 1532384 - In NSS test certificates, use @example.com (not @bogus.com)
   * 1538479 - Post-Handshake messages after async server authentication break
when using record layer separation
   * 1521578 - x25519 support in pk11pars.c
   * 1540205 - freebl build fails with -DNSS_DISABLE_CHACHAPOLY
   * 1532312 - post-handshake auth doesn't interoperate with OpenSSL
   * 1542741 - certutil -F crashes with segmentation fault
   * 1546925 - Allow preceding text in try comment
   * 1534468 - Expose ChaCha20 primitive
   * 1418944 - Quote CC/CXX variables passed to nspr
   * 1543545 - Allow to build NSS as a static library
   * 1487597 - Early data that arrives before the handshake completes can be
read afterwards
   * 1548398 - freebl_gtest not building on Linux/Mac
   * 1548722 - Fix some Coverity warnings
   * 1540652 - softoken/sdb.c: Logically dead code
   * 1549413 - Android log lib is not included in build
   * 1537927 - IPsec usage is too restrictive for existing deployments
   * 1549608 - Signature fails with dbm disabled
   * 1549848 - Allow building NSS for iOS using gyp
   * 1549847 - NSS's SQLite compilation warnings make the build fail on iOS
   * 1550041 - freebl not building on iOS simulator
   * 1542950 - MacOS cipher test timeouts
2019-05-16 14:08:16 +00:00
ryoon
15d6429d7a Do not conflict with MD5_Update from OpenSSL
Like SHA1_Update, define another name, NSS_MD5_Update and
use via CPP macto.
This change fixes PDF export of misc/libreoffice.

And make pkglint happier.
2019-05-05 22:47:27 +00:00
ryoon
4cc1ba65d4 Update to 3.43
Changelog:
New Functionality:
 * in sechash.h
    HASH_GetHashOidTagByHashType - convert type HASH_HashType to type
SECOidTag

 * in sslexp.h
    SSL_SendCertificateRequest - allow server to request post-handshake client
    authentication. To use this both peers need to enable the
    SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism is
    present, post-handshake authentication is currently not TLS 1.3 compliant
    due to Bug 1532312

Notable changes:
 * The following CA certificates were Added:
  - CN = emSign Root CA - G1
    SHA-256 Fingerprint:
40F6AF0346A99AA1CD1D555A4E9CCE62C7F9634603EE406615833DC8C8D00367

  - CN = emSign ECC Root CA - G3
    SHA-256 Fingerprint:
86A1ECBA089C4A8D3BBE2734C612BA341D813E043CF9E8A862CD5C57A36BBE6B

  - CN = emSign Root CA - C1
    SHA-256 Fingerprint:
125609AA301DA0A249B97A8239CB6A34216F44DCAC9F3954B14292F2E8C8608F

  - CN = emSign ECC Root CA - C3
    SHA-256 Fingerprint:
BC4D809B15189D78DB3E1D8CF4F9726A795DA1643CA5F1358E1DDB0EDC0D7EB3

  - CN = Hongkong Post Root CA 3
    SHA-256 Fingerprint:
5A2FC03F0C83B090BBFA40604B0988446C7636183DF9846E17101A447FB8EFD6

Bugs fixed in NSS 3.43
 * Bug 1528669 and Bug 1529308 - Improve Gyp build system handling

 * Bug 1529950 and Bug 1521174 - Improve NSS S/MIME tests for Thunderbird

 * Bug 1530134 - If Docker isn't installed, try running a local clang-format
		 as a fallback

 * Bug 1531267 - Enable FIPS mode automatically if the system FIPS mode flag
		 is set

 * Bug 1528262 - Add a -J option to the strsclnt command to specify sigschemes

 * Bug 1513909 - Add manual for nss-policy-check

 * Bug 1531074 - Fix a deref after a null check in SECKEY_SetPublicValue

 * Bug 1517714 - Properly handle ESNI with HRR

 * Bug 1529813 - Expose HKDF-Expand-Label with mechanism

 * Bug 1535122 - Align TLS 1.3 HKDF trace levels

 * Bug 1530102 - Use getentropy on compatible versions of FreeBSD
2019-03-22 15:50:34 +00:00
ryoon
540f96d4a2 Update to 3.42
Changelog:
New Functionality:
 * Bug 818686 - Support XDG basedir specification

Notable changes:
 * Added support for some of the testcases from the Wycheproof project:
   - Bug 1508666 - Added AES-GCM test cases
   - Bug 1508673 - Added ChaCha20-Poly1305 test cases
   - Bug 1514999 - Added the Curve25519 test cases
   - Thanks to Jonas Allmann for adapting these tests.

Bugs fixed in NSS 3.42:
 * Bug 1490006 - Reject invalid CH.legacy_version in TLS 1.3
 * Bug 1507135 and Bug 1507174 - Add additional null checks to several CMS
   functions to fix a rare CMS crash. Thanks to Hanno Böck and Damian Poddebniak
   for the discovery and fixes.
 * Bug 1513913 - A fix for Solaris where Firefox 60 core dumps during start when
   using profile from version 52
2019-01-29 13:07:36 +00:00
ryoon
ed75b797eb Update to 3.41
New functionality:
* Bug 1252891 - Implemented EKU handling for IPsec IKE.
* Bug 1423043 - Enable half-closed states for TLS.
* Bug 1493215 - Enabled the following ciphersuites by default:
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_256_GCM_SHA384

Notable changes:
* The following CA certificates were added:
    CN = Certigna Root CA
    CN = GTS Root R1
    CN = GTS Root R2
    CN = GTS Root R3
    CN = GTS Root R4
    CN = UCA Global G2 Root
    CN = UCA Extended Validation Root

* The following CA certificates were removed:
    CN = AC Raíz Certicámara S.A.
    CN = Certplus Root CA G1
    CN = Certplus Root CA G2
    CN = OpenTrust Root CA G1
    CN = OpenTrust Root CA G2
    CN = OpenTrust Root CA G3

Bugs fixed in NSS 3.41:
* Bug 1412829, Reject empty supported_signature_algorithms in Certificate
  Request in TLS 1.2
* Bug 1485864 - Cache side-channel variant of the Bleichenbacher attack
  (CVE-2018-12404)
* Bug 1481271 - Resend the same ticket in ClientHello after HelloRetryRequest
* Bug 1493769 - Set session_id for external resumption tokens
* Bug 1507179 - Reject CCS after handshake is complete in TLS 1.3
2018-12-12 14:02:01 +00:00
ryoon
fe7aa01790 Update to 3.40
Changelog:
Notable bug fixes:
* Bug 1478698 - FFDHE key exchange sometimes fails with decryption failure

New functionality:
* The draft-00 version of encrypted SNI support is implemented
* tstclnt now takes -N option to specify encrypted SNI key

Notable changes:
* The mozilla::pkix library has been ported from Mozilla PSM to NSS.
  This is a C++ library for building certification paths.
  mozilla::pkix APIs are not exposed in the libraries NSS builds.
* It is easier to build NSS on Windows in mozilla-build environments.
* The following CA certificates were Removed:
    CN = Visa eCommerce Root
2018-11-04 00:33:27 +00:00
ryoon
31f2e0c15a Update to 3.39
Changelog:
Notable bug fixes:
* Bug 1483128 - NSS responded to an SSLv2-compatible ClientHello
  with a ServerHello that had an all-zero random (CVE-2018-12384)

New functionality:
* The tstclnt and selfserv utilities added support for configuring
  the enabled TLS signature schemes using the -J parameter.
* NSS will use RSA-PSS keys to authenticate in TLS. Support for
  these keys is disabled by default but can be enabled using
  SSL_SignatureSchemePrefSet().
* certutil added the ability to delete an orphan private key from
  an NSS key database.
* Added the nss-policy-check utility, which can be used to check
  an NSS policy configuration for problems.
* A PKCS#11 URI can be used as an identifier for a PKCS#11 token.

Notable changes:
* The TLS 1.3 implementation uses the final version number from
  RFC 8446.
* Previous versions of NSS accepted an RSA PKCS#1 v1.5 signature
  where the DigestInfo structure was missing the NULL parameter.
  Starting with version 3.39, NSS requires the encoding to contain
  the NULL parameter.
* The tstclnt and selfserv test utilities no longer accept the -z
  parameter, as support for TLS compression was removed in a
  previous NSS version.
* The CA certificates list was updated to version 2.26.
* The following CA certificates were Added:
  - OU = GlobalSign Root CA - R6
  - CN = OISTE WISeKey Global Root GC CA
  The following CA certificate was Removed:
  - CN = ComSign
  The following CA certificates had the Websites trust bit disabled:
  - CN = Certplus Root CA G1
  - CN = Certplus Root CA G2
  - CN = OpenTrust Root CA G1
  - CN = OpenTrust Root CA G2
  - CN = OpenTrust Root CA G3
2018-09-05 15:19:03 +00:00
ryoon
64ec1261b3 Update to 3.37.3
Changelog:
No new functionality is introduced in these releases.

The following compatibility fixes are included. Users are encouraged to upgrade.

* Bug 1462303 - Connecting to a server that was recently upgraded to
  TLS 1.3 would result in a SSL_RX_MALFORMED_SERVER_HELLO error.
* Bug 1460673 - Fix a rare bug with PKCS#12 files.
2018-06-07 19:04:59 +00:00
ryoon
e30c812e0a Update to 3.37.1
Changelog:
No new functionality is introduced in these releases.

The following compatibility fixes are included. Users are encouraged
to upgrade.

* Bug 1462303 - Connecting to a server that was recently upgraded to TLS 1.3
  would result in a SSL_RX_MALFORMED_SERVER_HELLO error.
* Bug 1460673 - Fix a rare bug with PKCS#12 files.
2018-06-01 12:18:03 +00:00
ryoon
3cee61753f Update to 3.37
Changelog:
* The TLS 1.3 implementation was updated to Draft 28.
* An issue where NSS erroneously accepted HRR requests was resolved.
* Added HACL* Poly1305 32-bit
* The code to support the NPN protocol has been fully removed.
* NSS allows servers now to register ALPN handling callbacks to
  select a protocol.
* NSS supports opening SQL databases in read-only mode.
* On Linux, some build configurations can use glibc's function
  getentropy(), which uses the kernel's getrandom() function.
* The CA list was updated to version 2.24, which removed the
  following CA certificates:
  - CN = S-TRUST Universal Root CA
  - CN = TC TrustCenter Class 3 CA II
  - CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
2018-05-10 20:20:41 +00:00
bouyer
4a5aefe845 Ajust patch for 3.36.1 2018-04-12 14:32:51 +00:00
bouyer
eead2961bc !defined(__ANDROID__) doens't mean this is a linux host.
Check defined(__linux__) instead.

XXX do other systems have <sys/auxv.h> ?
2018-04-12 10:37:11 +00:00
maya
467466cbff nss: update to 3.36.1
No new functionality is introduced in this release.  This is a patch release to fix regression bugs.

In NSS version 3.35 the iteration count in optimized builds, which is used for password based encryption algorithm related to encrypted PKCS#7 or PKCS#12 data, was increased to one million iterations. That change had caused an interoperability regression with operating systems that are limited to 600 K iterations. NSS 3.36.1 has been changed to use the same 600 K limit.

Certain smartcard operations could result in a deadlock

This Bugzilla query returns all the bugs fixed in NSS 3.36.1:

https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.36.1
2018-04-10 15:21:29 +00:00
ryoon
b639352b0c Update to 3.36
* Require devel/nspr-4.19

Changelog:
The NSS team has released Network Security Services (NSS) 3.36,
which is a minor release.

Summary of the major changes included in this release:
- Replaced existing vectorized ChaCha20 code with verified
  HACL* implementation.
- Experimental APIs for TLS session cache handling.
2018-03-17 01:07:15 +00:00
ryoon
e376fcdfbc Change default file type back to DBM from SQL. Bump PKGREVISION
This back out fixes XML-based files open of misc/libreoffice.
The problem is reported by Mustafa Dogan via private e-mail.
2018-02-24 11:35:48 +00:00
ryoon
82fca04ce7 Update to 3.35
Changelog:
The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.

Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
  using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
  additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
  and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
  higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.
2018-01-24 16:23:52 +00:00
jperkin
0c52a80576 nss: Fix build on SunOS with clang. 2018-01-22 11:43:14 +00:00
ryoon
9edcc22c9f Update to 3.34.1
Changelog:
    The following CA certificate was Re-Added. It was removed in
    NSS 3.34, but has been re-added with only the Email trust bit
    set. (bug 1418678)
        CN = Certum CA, O=Unizeto Sp. z o.o.
            SHA-256 Fingerprint: D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24

    Removed entries from certdata.txt for actively distrusted
    certificates that have expired (bug 1409872).

    The version of the CA list was set to 2.20.
2017-11-27 23:49:06 +00:00
ryoon
655e79afb0 Update to 3.34
The following CA certificates were Added:

CN = GDCA TrustAUTH R5 ROOT
SHA-256 Fingerprint: BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93
Trust Flags: Websites

CN = SSL.com Root Certification Authority RSA
SHA-256 Fingerprint: 85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69
Trust Flags: Websites, Email

CN = SSL.com Root Certification Authority ECC
SHA-256 Fingerprint: 34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65
Trust Flags: Websites, Email

CN = SSL.com EV Root Certification Authority RSA R2
SHA-256 Fingerprint: 2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C
Trust Flags: Websites

CN = SSL.com EV Root Certification Authority ECC
SHA-256 Fingerprint: 22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8
Trust Flags: Websites

CN = TrustCor RootCert CA-1
SHA-256 Fingerprint: D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C
Trust Flags: Websites, Email

CN = TrustCor RootCert CA-2
SHA-256 Fingerprint: 07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65
Trust Flags: Websites, Email

CN = TrustCor ECA-1
SHA-256 Fingerprint: 5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C
Trust Flags: Websites, Email

The following CA certificates were Removed:

CN = Certum CA, O=Unizeto Sp. z o.o.
SHA-256 Fingerprint: D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24

CN = StartCom Certification Authority
SHA-256 Fingerprint: C7:66:A9:BE:F2:D4:07:1C:86:3A:31:AA:49:20:E8:13:B2:D1:98:60:8C:B7:B7:CF:E2:11:43:B8:36:DF:09:EA

CN = StartCom Certification Authority
SHA-256 Fingerprint: E1:78:90:EE:09:A3:FB:F4:F4:8B:9C:41:4A:17:D6:37:B7:A5:06:47:E9:BC:75:23:22:72:7F:CC:17:42:A9:11

CN = StartCom Certification Authority G2
SHA-256 Fingerprint: C7:BA:65:67:DE:93:A7:98:AE:1F:AA:79:1E:71:2D:37:8F:AE:1F:93:C4:39:7F:EA:44:1B:B7:CB:E6:FD:59:95

CN = TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
SHA-256 Fingerprint: E4:C7:34:30:D7:A5:B5:09:25:DF:43:37:0A:0D:21:6E:9A:79:B9:D6:DB:83:73:A0:C6:9E:B1:CC:31:C7:C5:2A

CN = ACEDICOM Root
SHA-256 Fingerprint: 03:95:0F:B4:9A:53:1F:3E:19:91:94:23:98:DF:A9:E0:EA:32:D7:BA:1C:DD:9B:C8:5D:B5:7E:D9:40:0B:43:4A

CN = Certinomis - Autorité Racine
SHA-256 Fingerprint: FC:BF:E2:88:62:06:F7:2B:27:59:3C:8B:07:02:97:E1:2D:76:9E:D1:0E:D7:93:07:05:A8:09:8E:FF:C1:4D:17

CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
SHA-256 Fingerprint: 97:8C:D9:66:F2:FA:A0:7B:A7:AA:95:00:D9:C0:2E:9D:77:F2:CD:AD:A6:AD:6B:A7:4A:F4:B9:1C:66:59:3C:50

CN = PSCProcert
SHA-256 Fingerprint: 3C:FC:3C:14:D1:F6:84:FF:17:E3:8C:43:CA:44:0C:00:B9:67:EC:93:3E:8B:FE:06:4C:A1:D7:2C:90:F2:AD:B0

CN = CA 沃通根证书, O=WoSign CA Limited
SHA-256 Fingerprint: D6:F0:34:BD:94:AA:23:3F:02:97:EC:A4:24:5B:28:39:73:E4:47:AA:59:0F:31:0C:77:F4:8F:DF:83:11:22:54

CN = Certification Authority of WoSign
SHA-256 Fingerprint: 4B:22:D5:A6:AE:C9:9F:3C:DB:79:AA:5E:C0:68:38:47:9C:D5:EC:BA:71:64:F7:F2:2D:C1:D6:5F:63:D8:57:08

CN = Certification Authority of WoSign G2
SHA-256 Fingerprint: D4:87:A5:6F:83:B0:74:82:E8:5E:96:33:94:C1:EC:C2:C9:E5:1D:09:03:EE:94:6B:02:C3:01:58:1E:D9:9E:16

CN = CA WoSign ECC Root
SHA-256 Fingerprint: 8B:45:DA:1C:06:F7:91:EB:0C:AB:F2:6B:E5:88:F5:FB:23:16:5C:2E:61:4B:F8:85:56:2D:0D:CE:50:B2:9B:02

libfreebl no longer requires SSE2 instructions.

New in NSS 3.34

New Functionality
When listing an NSS database using certutil -L, but the database
hasn't yet been initialized with any non-empty or empty password,
the text "Database needs user init" will be included in the listing.

When using certutil to set an inacceptable password in FIPS mode,
a correct explanation of acceptable passwords will be printed.

SSLKEYLOGFILE is now supported with TLS 1.3, see Bug 1287711 for details.

SSLChannelInfo has two new fields (Bug 1396525)

  SSLNamedGroup originalKeaGroup holds the key exchange group of the
  original handshake when the session was resumed.

  PRBool resumed is PR_TRUE when the session is resumed and PR_FALSE
  otherwise.

RSA-PSS signatures are now supported on certificates.  Certificates
with RSA-PSS or RSA-PKCS#1v1.5 keys can be used to create an RSA-PSS
signature on a certificate using the --pss-sign argument to certutil.

New Functions
Compatibility

NSS 3.34 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries
will work with NSS 3.34 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with
future versions of the NSS shared libraries.
2017-11-16 01:15:57 +00:00
jperkin
00c210dffb nss: Support SunOS byteswap macros. 2017-10-19 15:28:45 +00:00
ryoon
0504e116c0 Update to 3.33
Changelog:
Notable Changes in NSS 3.33

    TLS compression is no longer supported. API calls that attempt to enable compression are accepted without failure. However, TLS compression will remain disabled.
    This version of NSS uses a formally verified implementation of Curve25519 on 64-bit systems.
    The compile time flag DISABLE_ECC has been removed.
    When NSS is compiled without NSS_FORCE_FIPS=1 startup checks are not performed anymore.
    Various minor improvements and correctness fixes.
2017-09-26 10:59:39 +00:00
ryoon
6255eb25a7 Update to 3.32
Changelog:
Notable Changes:
================
* Various minor improvements and correctness fixes.
* The Code Signing trust bit was turned off for all included root certificates.
* The Websites (TLS/SSL) trust bit was turned off for the following root
  certificates:
  - CN = AddTrust Class 1 CA Root
  - CN = Swisscom Root CA 2
* The following CA certificates were Removed:
  - CN = AddTrust Public CA Root
  - CN = AddTrust Qualified CA Root
  - CN = China Internet Network Information Center EV Certificates Root
  - CN = CNNIC ROOT
  - CN = ComSign Secured CA
  - CN = GeoTrust Global CA 2
  - CN = Secure Certificate Services
  - CN = Swisscom Root CA 1
  - CN = Swisscom Root EV CA 2
  - CN = Trusted Certificate Services
  - CN = UTN-USERFirst-Hardware
  - CN = UTN-USERFirst-Object
2017-08-01 12:15:15 +00:00
ryoon
c6f0a4b71b Update to 3.31
Changelog:
New functionality:
==================
* Allow certificates to be specified by RFC7512 PKCS#11 URIs.
* Allow querying a certificate object for its temporary or permanent storage
  status in a thread safe way.

New Functions:
==============
* CERT_GetCertIsPerm - retrieve the permanent storage status attribute of a
  certificate in a thread safe way.
* CERT_GetCertIsTemp - retrieve the temporary storage status attribute of a
  certificate in a thread safe way.
* PK11_FindCertFromURI - find a certificate identified by the given URI.
* PK11_FindCertsFromURI - find a list of certificates identified by the given
  URI.
* PK11_GetModuleURI - retrieve the URI of the given module.
* PK11_GetTokenURI - retrieve the URI of a token based on the given slot
  information.
* PK11URI_CreateURI - create a new PK11URI object from a set of attributes.
* PK11URI_DestroyURI - destroy a PK11URI object.
* PK11URI_FormatURI - format a PK11URI object to a string.
* PK11URI_GetPathAttribute - retrieve a path attribute with the given name.
* PK11URI_GetQueryAttribute - retrieve a query attribute with the given name.
* PK11URI_ParseURI - parse PKCS#11 URI and return a new PK11URI object.

New Macros:
===========
* Several new macros that start with PK11URI_PATTR_ for path attributes defined
  in RFC7512.
* Several new macros that start with PK11URI_QATTR_ for query attributes defined
  in RFC7512.

Notable Changes:
================
* The APIs that set a TLS version range have been changed to trim the requested
  range to the overlap with a systemwide crypto policy, if configured.
  SSL_VersionRangeGetSupported can be used to query the overlap between the
  library's supported range of TLS versions and the systemwide policy.
* Previously, SSL_VersionRangeSet and SSL_VersionRangeSetDefault returned a
  failure if the requested version range wasn't fully allowed by the systemwide
  crypto policy. They have been changed to return success, if at least one TLS
  version overlaps between the requested range and the systemwide policy. An
  application may call SSL_VersionRangeGet and SSL_VersionRangeGetDefault to
  query the TLS version range that was effectively activated.
* Corrected the encoding of Domain Name Constraints extensions created by
  certutil.
* NSS supports a clean seeding mechanism for *NIX systems now using only
  /dev/urandom. This is used only when SEED_ONLY_DEV_URANDOM is set at compile
  time.
* CERT_AsciiToName can handle OIDs in dotted decimal form now.

The HG tag is NSS_3_31_RTM. NSS 3.31 requires NSPR 4.15 or newer.
2017-06-14 11:18:55 +00:00
ryoon
d28b526384 Update to 3.30.2
Changelog:
The NSS team has released Network Security Services (NSS) 3.30.2,
which is a patch release to update the list of root CA certificates.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA 
- CN = WellsSecure Public Root Certificate Authority 
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root 
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013 
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 
* The version number of the updated root CA list has been set to 2.14
  (Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
  NSS code (Bug 1349705)
2017-04-27 01:47:21 +00:00
ryoon
22e6f65028 Update to 3.30.1
Changelog:
Not available.
2017-04-13 03:21:05 +00:00
ryoon
81fcb1b844 Update to 3.30
Changelog:
New in NSS 3.30:
================
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust are
marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY, set to
true. Applications that need to distinguish them from other other root CAs
may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS alerts
that are sent or received.

Notable Changes:
================
* The TLS server code has been enhanced to support session tickets when no
RSA certificate is configured.
* RSA-PSS signatures produced by key pairs with a modulus bit length that
is not a multiple of 8 are now supported.
* The pk12util tool now supports importing and exporting data encrypted in
the AES based schemes defined in PKCS#5 v2.1.
2017-03-31 23:39:52 +00:00
ryoon
13a05f2ab1 Update to 3.29.3
Changelog:
The NSS team has released Network Security Services (NSS) 3.29.3

No new functionality is introduced in this release.
This is a patch release to fix a rare crash when initializing an SSL socket
fails.


The NSS team has released Network Security Services (NSS) 3.29.2

No new functionality is introduced in this release.
This is a patch release to fix an issue with TLS session tickets.
2017-03-07 20:53:22 +00:00
ryoon
5493101433 Update to 3.29.1
Changelog:
Fix binary compatibility issues in 3.29
2017-02-20 12:30:50 +00:00
ryoon
583000aaff Update to 3.29
Changelog:
Notable Changes:
================
* Fixed a NSS 3.28 regression in the signature scheme flexibility that
causes connectivity issues between iOS 8 clients and NSS servers with ECDSA
certificates (bug1334114
<https://bugzilla.mozilla.org/show_bug.cgi?id=1334114>).
2017-02-11 07:24:55 +00:00
ryoon
dfd0579ad9 Disable internal sqlite3. Bump PKGREVISION
It is my mistake.
Builds confirmed on NetBSD/amd64 current and macOS Sierra.
2017-02-05 02:41:13 +00:00
yyamano
8118392aed Always use the sqlite3 library in NSS to avoid installation error on Mac OS X,
just like other platforms.
2017-02-02 07:25:44 +00:00
ryoon
de7cc65ab0 Update to 3.28.1
* Bump nspr requirement

Changelog:
3.28.1:
The NSS team has released Network Security Services (NSS) 3.28.1,
which is a patch release.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

No new functionality is introduced in this release. This is a patch release to
update the list of root CA certificates and address a minor TLS compatibility
issue that some applications experienced with NSS 3.28.

Notable Changes:
* The following CA certificates were Removed
- CN = Buypass Class 2 CA 1
- CN = Root CA Generalitat Valenciana
- OU = RSA Security 2048 V3
* The following CA certificates were Added
- OU = AC RAIZ FNMT-RCM
- CN = Amazon Root CA 1
- CN = Amazon Root CA 2
- CN = Amazon Root CA 3
- CN = Amazon Root CA 4
- CN = LuxTrust Global Root 2
- CN = Symantec Class 1 Public Primary Certification Authority - G4
- CN = Symantec Class 1 Public Primary Certification Authority - G6
- CN = Symantec Class 2 Public Primary Certification Authority - G4
- CN = Symantec Class 2 Public Primary Certification Authority - G6
* The version number of the updated root CA list has been set to 2.11
* A misleading assertion/alert has been removed when NSS tries to flush data
  to the peer but the connection was already reset.


3.28:
The NSS team has released Network Security Services (NSS) 3.28,
which is a minor release.

Below is a summary of the changes.

Please refer to the full release notes for additional details:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28_release_notes


Request to test and prepare for TLS 1.3 (draft):
================================================
To prepare for a change of default build options, which is
planned for
the future NSS 3.29 release, we'd like to encourage all users of NSS
3.28
to override the standard NSS build configuration to enable support for
(draft
) TLS 1.3 by defining NSS_ENABLE_TLS_1_3=1 at build time.
We'd like to ask you to
please give feedback to the NSS developers for any
compatibility issues that you
might encounter in your tests.

For providing feedback, you may send a message to this mailing list, see:
  https://lists.mozilla.org/listinfo/dev-tech-crypto
or please report a bug here:
  https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS


New functionality:
==================
* NSS includes support for TLS 1.3 draft -18. This includes a number 
  of
improvements to TLS 1.3:
  - The signed certificate timestamp, used in
certificate transparency, 
    is supported in TLS 1.3.
  - Key exporters for TLS
1.3 are supported. This includes the early key
    exporter, which can be used if
0-RTT is enabled. Note that there is a
    difference between TLS 1.3 and key
exporters in older versions of TLS.
    TLS 1.3 does not distinguish between an
empty context and no context.
  - The TLS 1.3 (draft) protocol can be enabled, by
defining
    NSS_ENABLE_TLS_1_3=1 when building NSS.
* NSS includes support for
the X25519 key exchange algorithm, which is
  supported and enabled by default in
all versions of TLS.

New Functions:
==============
* SSL_ExportEarlyKeyingMaterial
* SSL_SendAdditionalKeyShares
* SSL_SignatureSchemePrefSet
* SSL_SignatureSchemePrefGet

Notable Changes:
================
* NSS can no longer be compiled with support for additional elliptic curves.
  This was previously possible by replacing certain NSS source files.
* NSS will now detect the presence of tokens that support additional
  elliptic curves and enable those curves for use in TLS.
  Note that this detection has a one-off performance cost, which can be
  avoided by using the SSL_NamedGroupConfig function to limit supported
  groups to those that NSS provides.
* PKCS#11 bypass for TLS is no longer supported and has been removed.
* Support for "export" grade SSL/TLS cipher suites has been removed.
* NSS now uses the signature schemes definition in TLS 1.3.
  This also affects TLS 1.2. NSS will now only generate signatures with the
  combinations of hash and signature scheme that are defined in TLS 1.3,
  even when negotiating TLS 1.2.
  - This means that SHA-256 will only be used with P-256 ECDSA certificates,
    SHA-384 with P-384 certificates, and SHA-512 with P-521 certificates.
    SHA-1 is permitted (in TLS 1.2 only) with any certificate for backward
    compatibility reasons.
  - New functions to configure signature schemes are provided:
    SSL_SignatureSchemePrefSet, SSL_SignatureSchemePrefGet.
    The old SSL_SignaturePrefSet and SSL_SignaturePrefSet functions are
    now deprecated.
  - NSS will now no longer assume that default signature schemes are 
    supported by a peer if there was no commonly supported signature scheme.
* NSS will now check if RSA-PSS signing is supported by the token that holds
  the private key prior to using it for TLS.
* The certificate validation code contains checks to no longer trust
  certificates that are issued by old WoSign and StartCom CAs after 
  October 21, 2016. This is equivalent to the behavior that Mozilla will
  release with Firefox 51.
2017-01-20 15:01:23 +00:00
ryoon
69ddd95d7c Update to 3.27.2
Changelog:
The NSS Development Team announces the release of NSS 3.27.2, which is a
patch release to address a memory leak in the TLS implementation.

No new functionality is introduced in this release.

Notable Changes:
* Bug 1318561 - SSL_SetTrustAnchors leaks
2016-11-29 22:51:12 +00:00
ryoon
7ee7834047 Update to 3.27.1
Changelog:
The NSS team has released Network Security Services (NSS) 3.27.1.

This is a patch release to address a TLS compatibility issue 
that some applications experienced with NSS 3.27.

Notable Changes:
Availability of the TLS 1.3 (draft) implementation has been re-disabled
in the default build.

Previous versions of NSS made TLS 1.3 (draft) available only when compiled
with NSS_ENABLE_TLS_1_3. NSS 3.27 set this value on by default, allowing
TLS 1.3 (draft) to be disabled using NSS_DISABLE_TLS_1_3, although the
maximum version used by default remained TLS 1.2.

However, some applications query the list of protocol versions that are
supported by the NSS library, and enable all supported TLS protocol versions.
Because NSS 3.27 enabled compilation of TLS 1.3 (draft) by default, it caused
those applications to enable TLS 1.3 (draft). This resulted in connectivity
failures, as some TLS servers are version 1.3 intolerant, and failed to
negotiate an earlier TLS version with NSS 3.27 clients.
2016-10-08 10:26:12 +00:00
ryoon
3e9c37065e Update to 3.27
Changelog:
The NSS team has released Network Security Services (NSS) 3.27,
which is a minor release.

Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.

New functionality:
* Allow custom named group priorities for TLS key exchange handshake
  (SSL_NamedGroupConfig).
* Added support for RSA-PSS signatures in TLS 1.2 and TLS 1.3

New Functions:
* SSL_NamedGroupConfig

Notable Changes:
* NPN can not be enabled anymore.
* Hard limits on the maximum number of TLS records encrypted with the same 
  key are enforced.
* Disabled renegotiation in DTLS.
* The following CA certificates were Removed
- CN = IGC/A, O = PM/SGDN, OU = DCSSI
- CN = Juur-SK, O = AS Sertifitseerimiskeskus
- CN = EBG Elektronik Sertifika Hizmet Sağlayıcısı
- CN = S-TRUST Authentication and Encryption Root CA 2005:PN
- O = VeriSign, Inc., OU = Class 1 Public Primary Certification Authority
- O = VeriSign, Inc., OU = Class 2 Public Primary Certification Authority - G2
- O = VeriSign, Inc., OU = Class 3 Public Primary Certification Authority
- O = Equifax, OU = Equifax Secure Certificate Authority
- CN = Equifax Secure eBusiness CA-1
- CN = Equifax Secure Global eBusiness CA-1

The full release notes are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.27_release_notes
2016-09-30 11:59:12 +00:00
ryoon
7b10c40773 Update to 3.25
Changelog:
The NSS team has released Network Security Services (NSS) 3.25, which is a minor
release.

Below is a short summary of the changes.
Please refer to the full release notes for additional details.

New functionality:
* Implemented DHE key agreement for TLS 1.3
* Added support for ChaCha with TLS 1.3
* Added support for TLS 1.2 ciphersuites that use SHA384 as the PRF
* In previous versions, when using client authentication with TLS 1.2, 
  NSS only supported certificate_verify messages that used the same
  signature hash algorithm as used by the PRF. 
  This limitation has been removed.
* Several functions have been added to the public API of the NSS
  Cryptoki Framework.

New Functions:
* NSSCKFWSlot_GetSlotID
* NSSCKFWSession_GetFWSlot
* NSSCKFWInstance_DestroySessionHandle
* NSSCKFWInstance_FindSessionHandle

Notable Changes:
* An SSL socket can no longer be configured to allow both TLS 1.3 and SSL v3
* Regression fix: NSS no longer reports a failure if an application attempts
  to disable the SSL v2 protocol.
* The list of trusted CA certificates has been updated to version 2.8
* The following CA certificate was Removed
- CN = Sonera Class1 CA
* The following CA certificates were Added 
- CN = Hellenic Academic and Research Institutions RootCA 2015
- CN = Hellenic Academic and Research Institutions ECC RootCA 2015
- CN = Certplus Root CA G1
- CN = Certplus Root CA G2
- CN = OpenTrust Root CA G1
- CN = OpenTrust Root CA G2
- CN = OpenTrust Root CA G3
2016-07-02 12:22:47 +00:00
ryoon
a5ef76080a Update to 3.24
* Require nspr 4.12 or later, from he@. Thank you.

Changelog:
The NSS team has released Network Security Services (NSS) 3.24, which is
a minor release.

Below is a short summary of the changes.
Please refer to the full release notes for additional details.

New functionality:
* NSS softoken has been updated with the latest NIST guidance (as of 2015)
* NSS softoken has also been updated to allow NSS to run in FIPS level-1
  (no password).
* SSL_ConfigServerCert function has been added for configuring SSL/TLS
  server sockets with a certificate and private key. This method should be
  used in preference to SSL_ConfigSecureServer,
  SSL_ConfigSecureServerWithCertChain, SSL_SetStapledOCSPResponses, and
  SSL_SetSignedCertTimestamps.
* Added PORTCheapArena for temporary arenas allocated on the stack.

New Functions:
* SSL_ConfigServerCert - Configures an SSL/TLS socket with a certificate,
  private key and other information.
* PORT_InitCheapArena - This initializes an arena that was created on
  the stack. See PORTCheapArenaPool.
* PORT_DestroyCheapArena - This destroys an arena that was created on
  the stack. See PORTCheapArenaPool.

New Types
* SSLExtraServerCertData - This struct is optionally passed as an argument
  to SSL_ConfigServerCert. It contains supplementary information about a
  certificate, such as the intended type of the certificate, stapled OCSP
  responses, or signed certificate timestamps (used for certificate
  transparency).
* PORTCheapArenaPool - A stack-allocated arena pool, to be used for
  temporary arena allocations.

New Macros
* CKM_TLS12_MAC
* SEC_OID_TLS_ECDHE_PSK - This OID is used to govern use of the
  TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 cipher suite, which is only
  used for session resumption in TLS 1.3.

Notable Changes:
* The following functions have been deprecated (applications should use the
  new SSL_ConfigServerCert function instead):
  * SSL_SetStapledOCSPResponses
  * SSL_SetSignedCertTimestamps
  * SSL_ConfigSecureServer
  * SSL_ConfigSecureServerWithCertChain
* Function NSS_FindCertKEAType is now deprecated, as it reports a misleading
  value for certificates that might be used for signing rather than key
  exchange.
* SSLAuthType has been updated to define a larger number of authentication
  key types.
* The member attribute authAlgorithm of type SSLCipherSuiteInfo has been
  deprecated. Instead, applications should use the newly added attribute
  authType.
* ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt.
* On Linux platforms that define FREEBL_LOWHASH, a shared library has been
  added: libfreeblpriv3
* Most code related to the SSL v2 has been removed, including the ability to
  actively send a SSL v2 compatible client hello.
  However, the server side implementation of the SSL/TLS protocol continues to
  support processing of received v2 compatible client hello messages.
* NSS supports a mechanism to log SSL/TLS key material to a logfile if the
  environment variable named SSLKEYLOGFILE is set. NSS has been changed to
  disable this functionality in optimized builds by default. In order to enable
  the functionality in optimized builds, the symbol NSS_ALLOW_SSLKEYLOGFILE
  must be defined when building NSS.
* NSS has been updated to be protected against the Cachebleed attack.
* Support for DTLS compression has been disabled.
* Support for TLS 1.3 has been improved. This includes support for DTLS 1.3.
  Note that TLS 1.3 support is experimental and is not suitable for production
  use.
2016-05-25 13:17:13 +00:00
ryoon
2023189593 Update to 3.23
Changelog:
The NSS team has released Network Security Services (NSS) 3.23, which is a minor
release.

The following security-relevant bug has been resolved in NSS 3.23.
Users are encouraged to upgrade immediately.

* Bug 1245528 (CVE-2016-1950):
  Fixed a heap-based buffer overflow related to the parsing of certain ASN.1
  structures. An attacker could create a specially-crafted certificate which,
  when parsed by NSS, would cause a crash or execution of arbitrary code with
  the permissions of the user.

New functionality:
* ChaCha20/Poly1305 cipher and TLS cipher suites now supported
  (bug 917571, bug 1227905)
* Experimental-only support TLS 1.3 1-RTT mode (draft-11).
  This code is not ready for production use.

New Functions:
* SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom
  anti-downgrade mechanism

Notable Changes:
* The copy of SQLite shipped with NSS has been updated to version 3.10.2
  (bug 1234698)
* The list of TLS extensions sent in the TLS handshake has been reordered
  to improve compatibility of the Extended Master Secret feature
  with servers (bug 1243641)
* The build time environment variable NSS_ENABLE_ZLIB has been renamed
  to NSS_SSL_ENABLE_ZLIB (Bug 1243872).
* The build time environment variable NSS_DISABLE_CHACHAPOLY was added,
  which can be used to prevent compilation of the ChaCha20/Poly1305 code.
* The following CA certificates were Removed
- Staat der Nederlanden Root CA
- NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
- NetLock Kozjegyzoi (Class A) Tanusitvanykiado
- NetLock Uzleti (Class B) Tanusitvanykiado
- NetLock Expressz (Class C) Tanusitvanykiado
- VeriSign Class 1 Public PCA – G2
- VeriSign Class 3 Public PCA
- VeriSign Class 3 Public PCA – G2
- CA Disig
* The following CA certificates were Added
- SZAFIR ROOT CA2
- Certum Trusted Network CA 2
* The following CA certificate had the Email trust bit turned on
- Actalis Authentication Root CA

The full release notes, including the SHA256 fingerprints of the changed
CA certificates, are available at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
2016-04-17 19:27:10 +00:00
ryoon
fb0c15432d Update to 3.22.3
Changelog:
The NSS Development Team announces the release of NSS 3.22.3,
which is a patch release for NSS 3.22.

No new functionality is introduced in this release.

The following bugs have been resolved in NSS 3.22.3

* Bug 1243641 - Increase compatibility of TLS extended master secret,
  don't send an empty TLS extension last in the handshake
2016-03-15 03:12:06 +00:00
ryoon
a889e913c2 Update to 3.22.2
Changelog:
New root certificates backported from 3.23.
2016-03-07 12:31:17 +00:00
ryoon
8d5619dcb5 Update to 3.22.1
Changelog:
The NSS Development Team announces the release of NSS 3.22.1

No new functionality is introduced in this release.

Notable Changes:
* NSS has been changed to use the PR_GetEnvSecure function that
  was made available in NSPR 4.12
2016-02-17 22:00:14 +00:00
ryoon
3ba982c78e Update to 3.22
Changelog:
The NSS team has released Network Security Services (NSS) 3.22,
which is a minor release.

New functionality:
* RSA-PSS signatures are now supported (bug 1215295)
* Pseudorandom functions based on hashes other than SHA-1 are now supported
* Enforce an External Policy on NSS from a config file (bug 1009429)

New Functions:
* PK11_SignWithMechanism - an extended version PK11_Sign()
* PK11_VerifyWithMechanism - an extended version of PK11_Verify()
* SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp
  TLS extension data
* SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp
  TLS extension data

New Types:
* ssl_signed_cert_timestamp_xtn is added to SSLExtensionType
* Constants for several object IDs are added to SECOidTag

New Macros:
* SSL_ENABLE_SIGNED_CERT_TIMESTAMPS
* NSS_USE_ALG_IN_SSL
* NSS_USE_POLICY_IN_SSL
* NSS_RSA_MIN_KEY_SIZE
* NSS_DH_MIN_KEY_SIZE
* NSS_DSA_MIN_KEY_SIZE
* NSS_TLS_VERSION_MIN_POLICY
* NSS_TLS_VERSION_MAX_POLICY
* NSS_DTLS_VERSION_MIN_POLICY
* NSS_DTLS_VERSION_MAX_POLICY
* CKP_PKCS5_PBKD2_HMAC_SHA224
* CKP_PKCS5_PBKD2_HMAC_SHA256
* CKP_PKCS5_PBKD2_HMAC_SHA384
* CKP_PKCS5_PBKD2_HMAC_SHA512
* CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported)
* CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported)

table Changes:
* NSS C++ tests are built by default, requiring a C++11 compiler.
  Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests.

The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer.
2016-02-06 22:09:55 +00:00
ryoon
f4836944a2 Fix build under GCC 4.5.3 (NetBSD 6) 2015-12-17 13:39:59 +00:00
ryoon
57320c1f90 Update to 3.21
* Disable gtest option

Changelog:
The NSS team has released Network Security Services (NSS) 3.21,
which is a minor release.

New functionality:
* certutil now supports a --rename option to change a nickname (bug 1142209)
* TLS extended master secret extension (RFC 7627) is supported (bug 1117022)
* New info functions added for use during mid-handshake callbacks (bug 1084669)

New Functions:
* NSS_OptionSet - sets NSS global options
* NSS_OptionGet - gets the current value of NSS global options
* SECMOD_CreateModuleEx - Create a new SECMODModule structure from module name
  string, module parameters string, NSS specific parameters string, and NSS
  configuration parameter string. The module represented by the module
  structure is not loaded. The difference with SECMOD_CreateModule is the new
  function handles NSS configuration parameter strings.
* SSL_GetPreliminaryChannelInfo - obtains information about a TLS channel prior
  to the handshake being completed, for use with the callbacks that are invoked
  during the handshake
* SSL_SignaturePrefSet - configures the enabled signature and hash algorithms
  for TLS
* SSL_SignaturePrefGet - retrieves the currently configured signature and hash
  algorithms
* SSL_SignatureMaxCount - obtains the maximum number signature algorithms that
  can be configured with SSL_SignaturePrefSet
* NSSUTIL_ArgParseModuleSpecEx - takes a module spec and breaks it into shared
  library string, module name string, module parameters string, NSS specific
  parameters string, and NSS configuration parameter strings. The returned
  strings must be freed by the caller. The difference with
  NSS_ArgParseModuleSpec is the new function handles NSS configuration
  parameter strings.
* NSSUTIL_MkModuleSpecEx - take a shared library string, module name string,
  module parameters string, NSS specific parameters string, and NSS
  configuration parameter string and returns a module string which the caller
  must free when it is done. The difference with NSS_MkModuleSpec is the new
  function handles NSS configuration parameter strings.

New Types:
* CK_TLS12_MASTER_KEY_DERIVE_PARAMS{_PTR} - parameters {or pointer} for
  CKM_TLS12_MASTER_KEY_DERIVE
* CK_TLS12_KEY_MAT_PARAMS{_PTR} - parameters {or pointer} for
  CKM_TLS12_KEY_AND_MAC_DERIVE
* CK_TLS_KDF_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_KDF
* CK_TLS_MAC_PARAMS{_PTR} - parameters {or pointer} for CKM_TLS_MAC
* SSLHashType - identifies a hash function
* SSLSignatureAndHashAlg - identifies a signature and hash function
* SSLPreliminaryChannelInfo - provides information about the session state
  prior to handshake completion

New Macros:
* NSS_RSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum RSA key size
* NSS_DH_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum DH key size
* NSS_DSA_MIN_KEY_SIZE - used with NSS_OptionSet and NSS_OptionGet to set or
  get the minimum DSA key size
* CKM_TLS12_MASTER_KEY_DERIVE - derives TLS 1.2 master secret
* CKM_TLS12_KEY_AND_MAC_DERIVE - derives TLS 1.2 traffic key and IV
* CKM_TLS12_MASTER_KEY_DERIVE_DH - derives TLS 1.2 master secret for DH (and
  ECDH) cipher suites
* CKM_TLS12_KEY_SAFE_DERIVE and CKM_TLS_KDF are identifiers for additional
  PKCS#12 mechanisms for TLS 1.2 that are currently unused in NSS.
* CKM_TLS_MAC - computes TLS Finished MAC
* NSS_USE_ALG_IN_SSL_KX - policy flag indicating that keys are used in TLS key
  exchange
* SSL_ERROR_RX_SHORT_DTLS_READ - error code for failure to include a complete
  DTLS record in a UDP packet
* SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM - error code for when no valid
  signature and hash algorithm is available
* SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM - error code for when an
  unsupported signature and hash algorithm is configured
* SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET - error code for when the extended
  master secret is missing after having been negotiated
* SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET - error code for receiving an
  extended master secret when previously not negotiated
* SSL_ENABLE_EXTENDED_MASTER_SECRET - configuration to enable the TLS extended
  master secret extension (RFC 7627)
* ssl_preinfo_version - used with SSLPreliminaryChannelInfo to indicate that a
  TLS version has been selected
* ssl_preinfo_cipher_suite - used with SSLPreliminaryChannelInfo to indicate
  that a TLS cipher suite has been selected
* ssl_preinfo_all - used with SSLPreliminaryChannelInfo to indicate that all
  preliminary information has been set

Notable Changes:
* NSS now builds with elliptic curve ciphers enabled by default (bug 1205688)
* NSS now builds with warnings as errors (bug 1182667)
* The following CA certificates were Removed
- CN = VeriSign Class 4 Public Primary Certification Authority - G3
- CN = UTN-USERFirst-Network Applications
- CN = TC TrustCenter Universal CA III
- CN = A-Trust-nQual-03
- CN = USERTrust Legacy Secure Server CA
- Friendly Name: Digital Signature Trust Co. Global CA 1
- Friendly Name: Digital Signature Trust Co. Global CA 3
- CN = UTN - DATACorp SGC
- O = TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2\
005
* The following CA certificate had the Websites trust bit turned off
- OU = Equifax Secure Certificate Authority
* The following CA certificates were Added
- CN = Certification Authority of WoSign G2
- CN = CA WoSign ECC Root
- CN = OISTE WISeKey Global Root GB CA
2015-11-20 18:54:50 +00:00
ryoon
7d82596450 Update to 3.20.1
Changelog:
The following security-relevant bugs have been resolved in NSS 3.20.1.
Users are encouraged to upgrade immediately.

* Bug 1192028 (CVE-2015-7181) and
  Bug 1202868 (CVE-2015-7182):
  Several issues existed within the ASN.1 decoder used by NSS for handling
  streaming BER data. While the majority of NSS uses a separate, unaffected
  DER decoder, several public routines also accept BER data, and thus are
  affected. An attacker that successfully exploited these issues can overflow
  the heap and may be able to obtain remote code execution.
2015-11-03 16:55:07 +00:00