Opened 4 years ago
Closed 4 years ago
#13840 closed enhancement (fixed)
nss-3.55
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 10.0 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (4)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 4 years ago
| Priority: | normal → high |
|---|
comment:4 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Notable Changes in NSS 3.55 P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto and ECCKiila. Special thanks to the Network and Information Security Group (NISEC) at Tampere University. PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. See Bug 1649633 for more details. DTLS 1.3 implementation is updated to draft-38. See Bug 1647752 for details. NSPR dependency updated to 4.27. Known Issues On some platforms, using the Makefile builds fails to locate seccomon.h; a workaround is to use the gyp-based build.sh script. If this affects you, please help us narrow down the cause in Bug 1653975. Bugs fixed in NSS 3.55 Bug 1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. Bug 1649487 - Move overzealous assertion in VFY_EndWithSignature. Bug 1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. Bug 1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. Bug 1649648 - Don't memcpy zero bytes (sanitizer fix). Bug 1649316 - Don't memcpy zero bytes (sanitizer fix). Bug 1649322 - Don't memcpy zero bytes (sanitizer fix). Bug 1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. Bug 1646594 - Fix AVX2 detection in makefile builds. Bug 1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. Bug 1651520 - Fix slotLock race in NSC_GetTokenInfo. Bug 1647752 - Update DTLS 1.3 implementation to draft-38. Bug 1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. Bug 1649226 - Add Wycheproof ECDSA tests. Bug 1637222 - Consistently enforce IV requirements for DES and 3DES. Bug 1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. Bug 1643528 - Fix compilation error with -Werror=strict-prototypes. Bug 1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. Bug 1652331 - Update NSS 3.55 NSPR version to 4.27. This Bugzilla query returns all the bugs fixed in NSS 3.55: https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.55This contains security fixes for CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12403