NSS 3.12.5 release notes

2009-12-02 Newsgroup: mozilla.dev.tech.crypto

Introduction

Network Security Services (NSS) 3.12.5 is a patch release for NSS 3.12. The bug fixes in NSS 3.12.5 are described in the "Bugs Fixed" section below.

NSS 3.12.5 is tri-licensed under the MPL 1.1/GPL 2.0/LGPL 2.1.

Distribution Information

The CVS tag for the NSS 3.12.5 release is NSS_3_12_5_RTM

NSS 3.12.5 requires NSPR 4.8.

You can check out the source from CVS by

cvs co -r NSPR_4_8_RTM NSPR
cvs co -r NSS_3_12_5_RTM NSS

See the Documentation section for the build instructions.

NSS 3.12.5 source is also available on ftp.mozilla.org for secure HTTPS download:

New in NSS 3.12.5

SSL3 & TLS Renegotiation Vulnerability

See CVE-2009-3555 and US-CERT VU#120541 for more information about this security vulnerability.

All SSL/TLS renegotiation is disabled by default in NSS 3.12.5. This will cause programs that attempt to perform renegotiation to experience failures where they formerly experienced successes, and is necessary for them to not be vulnerable, until such time as a new safe renegotiation scheme is standardized by the IETF.

If an application depends on renegotiation feature, it can be enabled by setting the environment variable NSS_SSL_ENABLE_RENEGOTIATION to 1. By setting this environmental variable, the fix provided by these patches will have no effect and the application may become vulnerable to the issue.

This default setting can also be changed within the application by using the following existing API functions:

    • SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on)
    • SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on)
  • There is now a new value for "option", which is:
    • SSL_ENABLE_RENEGOTIATION
    The corresponding new values for SSL_ENABLE_RENEGOTIATION are:
    • SSL_RENEGOTIATE_NEVER: Never renegotiate at all (default).
    • SSL_RENEGOTIATE_UNRESTRICTED: Renegotiate without restriction, whether or not the peer's client hello bears the renegotiation info extension (as we always did in the past). UNSAFE.

TLS compression

  • Enable TLS compression with:
    • SSL_ENABLE_DEFLATE: Enable TLS compression with DEFLATE. Off by default. (See ssl.h)
    Error codes:
    • SSL_ERROR_DECOMPRESSION_FAILURE (see sslerr.h)
    • SSL_ERROR_RENEGOTIATION_NOT_ALLOWED (see sslerr.h)

New context initialization and shutdown functions

  • See nss.h for details. The 2 new functions are:
    • NSS_InitContext
    • NSS_ShutdownContext

    Parameters for these functions are used to initialize softoken. These are mostly strings used to internationalize softoken. Memory for the strings are owned by the caller, who is free to free them once NSS_ContextInit returns. If the string parameter is NULL (as opposed to empty, zero length), then the softoken default is used. These are equivalent to the parameters for PK11_ConfigurePKCS11().

    See the following struct in nss.h for details:
    • NSSInitParametersStr

Other new functions

  • In secmod.h:
    • SECMOD_GetSkipFirstFlag
    • SECMOD_GetDefaultModDBFlag
    In prlink.h
    • NSS_SecureMemcmp
    • PORT_LoadLibraryFromOrigin

Modified functions

  • SGN_Update (see cryptohi.h)
    • The parameter "input" of this function is changed from unsigned char * to const unsigned char *.
  • PK11_ConfigurePKCS11 (see nss.h)
    • The name of some parameters have been slightly changed ("des" became "desc").

Deprecated headers

  • The header file key.h is deprecated. Please use keyhi.h instead.

Additional documentation

  • In pk11pub.h:
    • The caller of PK11_DEREncodePublicKey should free the returned SECItem with a SECITEM_FreeItem(..., PR_TRUE) call.
    • PK11_ReadRawAttribute allocates the buffer for returning the attribute value. The caller of PK11_ReadRawAttribute should free the data buffer pointed to by item using a SECITEM_FreeItem(item, PR_FALSE) or PORT_Free(item->data) call.
    In secasn1.h:
    • If both pool and dest are NULL, the caller should free the returned SECItem with a SECITEM_FreeItem(..., PR_TRUE) call. If pool is NULL but dest is not NULL, the caller should free the data buffer pointed to by dest with a SECITEM_FreeItem(dest, PR_FALSE) or PORT_Free(dest->data) call.

Environment variables

  • NSS_FIPS
    • Will start NSS in FIPS mode.
  • NSS_SSL_ENABLE_RENEGOTIATION
  • NSS_SSL_REQUIRE_SAFE_NEGOTIATION
    • See SSL3 & TLS Renegotiation Vulnerability.

Bugs Fixed

The following bugs have been fixed in NSS 3.12.5.

Documentation

For a list of the primary NSS documentation pages on mozilla.org, see NSS Documentation. New and revised documents available since the release of NSS 3.11 include the following:

Compatibility

NSS 3.12.5 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.12.5 shared libraries without recompiling or relinking.  Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with mozilla.org Bugzilla (product NSS).

This document was generated by genma teruaki on November 28, 2010 using texi2html 1.82.