Update NSS libSSL to NSS_3_15_BETA2.

net/third_party/nss/README.chromium

 Name: Network Security Services (NSS)
 URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.14
+Version: 3.15 Beta 2
 Security Critical: Yes
 License: MPL 2
 License File: NOT_SHIPPED
 
-This directory includes a copy of NSS's libssl from the CVS repo at:
-  :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+This directory includes a copy of NSS's libssl from the hg repo at:
+  https://hg.mozilla.org/projects/nss
 
 The same module appears in crypto/third_party/nss (and third_party/nss on some
 platforms), so we don't repeat the license file here.
 
-The snapshot was updated to the CVS tag: NSS_3_14_RTM
+The snapshot was updated to the hg tag: NSS_3_15_BETA2
 
 Patches:
 
   * Commenting out a couple of functions because they need NSS symbols
     which may not exist in the system NSS library.
     patches/versionskew.patch
 
   * Send empty renegotiation info extension instead of SCSV unless TLS is
     disabled.
     patches/renegoscsv.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=549042
 
   * Cache the peer's intermediate CA certificates in session ID, so that
     they're available when we resume a session.
     patches/cachecerts.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=731478
 
   * Add the SSL_PeerCertificateChain function
     patches/peercertchain.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=731485
 
-  * Add OCSP stapling support
-    patches/ocspstapling.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=360420
-
   * Add support for client auth with native crypto APIs on Mac and Windows
     patches/clientauth.patch
     ssl/sslplatf.c
 
   * Add a function to export whether the last handshake on a socket resumed a
     previous session.
     patches/didhandshakeresume.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=731798
 
-  * Add a function to restart a handshake after a client certificate request.
-    patches/restartclientauth.patch
-
   * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake
     is finished.
     https://bugzilla.mozilla.org/show_bug.cgi?id=681839
     patches/negotiatedextension.patch
 
   * Add function to retrieve TLS client cert types requested by server.
     https://bugzilla.mozilla.org/show_bug.cgi?id=51413
     patches/getrequestedclientcerttypes.patch
 
-  * Enable False Start only when the server supports forward secrecy.
-    patches/falsestartnpn.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=810582
-    https://bugzilla.mozilla.org/show_bug.cgi?id=810583
+  * Add a function to restart a handshake after a client certificate request.
+    patches/restartclientauth.patch
 
   * Add support for TLS Channel IDs
     patches/channelid.patch
 
   * Add support for extracting the tls-unique channel binding value
     patches/tlsunique.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=563276
 
-  * Don't crash when the SSL keylog file cannot be opened.
-    patches/sslkeylogerror.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=810579
-
   * Define the EC_POINT_FORM_UNCOMPRESSED macro. In NSS 3.13.2 the macro
     definition was moved from the internal header ec.h to blapit.h. When
     compiling against older system NSS headers, we need to define the macro.
     patches/ecpointform.patch
 
   * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock.
     This change was made in https://chromiumcodereview.appspot.com/10454066.
     patches/secretexporterlocks.patch
 
-  * Implement CBC processing in constant-time to address the "Lucky Thirteen"
-    attack.
+  * Allow the constant-time CBC processing code to be compiled against older
+    NSS that doesn't contain the CBC constant-time changes.
     patches/cbc.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=822365
-
-  * Fix a crash in dtls_FreeHandshakeMessages.
-    patches/dtlsinitclist.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=822433 (fixed in NSS 3.14.2)
+    https://code.google.com/p/chromium/issues/detail?id=172658#c12
 
   * Define AES_256_KEY_LENGTH if the system blapit.h header doesn't define it.
     Remove this patch when all system NSS packages are NSS 3.12.10 or later.
     patches/aes256keylength.patch
 
+  * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS
+    versions older than 3.15 report an incorrect EC key size range. Remove
+    this patch when all system NSS softoken packages are NSS 3.15 or later.
+    patches/suitebonly.patch

[Ryan Sleevi, 2013/05/01 19:06:08]

Could you explain this more (if not here, then just for my own understanding)?

What does it mean to "report an incorrect EC key size range" - that is, how
would I measure whether or not I've got a bugged token?

[wtc, 2013/05/01 21:52:16]

Done. I added an explanation to the README.chromium file.

You can see the bug in this changeset:
https://hg.mozilla.org/projects/nss/rev/2380cf2250c4

Look at the original code in lib/softoken/pkcs11.c. The
key size range of (112, 571) is used whether
NSS_ECC_MORE_THAN_SUITE_B is defined or not.
The only reliable test, I think, is to query the NSS softoken
for its version. There is a PKCS #11 function to do that
(C_GetSlotInfo or C_GetTokenInfo), and I remember the
softoken reports an <major>.<minor> version, which in this
case is enough to disambiguate (the bug is fixed in 3.15).

+
+  * Define the SECItemArray type and declare the SECItemArray handling
+    functions, which were added in NSS 3.15. Remove this patch when all system
+    NSS packages are NSS 3.15 or later.
+    patches/secitemarray.patch
+
+  * Remove unused variables in ssl3_SendCertificateStatus.
+    patches/unusedvariables.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=866949
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 
 The ssl/bodge directory contains files taken from the NSS repo that we required
 for building libssl outside of its usual build environment.