OLD | NEW |
1 Name: Network Security Services (NSS) | 1 Name: Network Security Services (NSS) |
2 URL: http://www.mozilla.org/projects/security/pki/nss/ | 2 URL: http://www.mozilla.org/projects/security/pki/nss/ |
3 Version: 3.15.1 | 3 Version: 3.15.1 |
4 Security Critical: Yes | 4 Security Critical: Yes |
5 License: MPL 2 | 5 License: MPL 2 |
6 License File: NOT_SHIPPED | 6 License File: NOT_SHIPPED |
7 | 7 |
8 This directory includes a copy of NSS's libssl from the hg repo at: | 8 This directory includes a copy of NSS's libssl from the hg repo at: |
9 https://hg.mozilla.org/projects/nss | 9 https://hg.mozilla.org/projects/nss |
10 | 10 |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
67 patches/ecpointform.patch | 67 patches/ecpointform.patch |
68 | 68 |
69 * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock. | 69 * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock. |
70 This change was made in https://chromiumcodereview.appspot.com/10454066. | 70 This change was made in https://chromiumcodereview.appspot.com/10454066. |
71 patches/secretexporterlocks.patch | 71 patches/secretexporterlocks.patch |
72 | 72 |
73 * Allow the constant-time CBC processing code to be compiled against older | 73 * Allow the constant-time CBC processing code to be compiled against older |
74 NSS that doesn't contain the CBC constant-time changes. | 74 NSS that doesn't contain the CBC constant-time changes. |
75 patches/cbc.patch | 75 patches/cbc.patch |
76 https://code.google.com/p/chromium/issues/detail?id=172658#c12 | 76 https://code.google.com/p/chromium/issues/detail?id=172658#c12 |
| 77 TODO(wtc): remove this patch now that NSS 3.14.3 is the minimum |
| 78 compile-time and run-time version. |
77 | 79 |
78 * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS | 80 * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS |
79 versions older than 3.15 report an EC key size range of 112 bits to 571 | 81 versions older than 3.15 report an EC key size range of 112 bits to 571 |
80 bits, even when it is compiled to support only the NIST P-256, P-384, and | 82 bits, even when it is compiled to support only the NIST P-256, P-384, and |
81 P-521 curves. Remove this patch when all system NSS softoken packages are | 83 P-521 curves. Remove this patch when all system NSS softoken packages are |
82 NSS 3.15 or later. | 84 NSS 3.15 or later. |
83 patches/suitebonly.patch | 85 patches/suitebonly.patch |
84 | 86 |
85 * Define the SECItemArray type and declare the SECItemArray handling | 87 * Define the SECItemArray type and declare the SECItemArray handling |
86 functions, which were added in NSS 3.15. Remove this patch when all system | 88 functions, which were added in NSS 3.15. Remove this patch when all system |
87 NSS packages are NSS 3.15 or later. | 89 NSS packages are NSS 3.15 or later. |
88 patches/secitemarray.patch | 90 patches/secitemarray.patch |
89 | 91 |
90 * Update Chromium-specific code for TLS 1.2. | 92 * Update Chromium-specific code for TLS 1.2. |
91 patches/tls12chromium.patch | 93 patches/tls12chromium.patch |
92 | 94 |
93 * Add the Application Layer Protocol Negotiation extension. | 95 * Add the Application Layer Protocol Negotiation extension. |
94 patches/alpn.patch | 96 patches/alpn.patch |
95 | 97 |
96 * Fix an issue with allocating an SSL socket when under memory pressure. | 98 * Fix an issue with allocating an SSL socket when under memory pressure. |
97 https://bugzilla.mozilla.org/show_bug.cgi?id=903565 | 99 https://bugzilla.mozilla.org/show_bug.cgi?id=903565 |
98 patches/sslsock_903565.patch | 100 patches/sslsock_903565.patch |
99 | 101 |
| 102 * Implement the AES GCM cipher suites. |
| 103 https://bugzilla.mozilla.org/show_bug.cgi?id=880543 |
| 104 patches/aesgcm.patch |
| 105 |
| 106 * Add Chromium-specific code to detect AES GCM support in the system NSS |
| 107 libraries at run time. |
| 108 patches/aesgcmchromium.patch |
| 109 |
100 Apply the patches to NSS by running the patches/applypatches.sh script. Read | 110 Apply the patches to NSS by running the patches/applypatches.sh script. Read |
101 the comments at the top of patches/applypatches.sh for instructions. | 111 the comments at the top of patches/applypatches.sh for instructions. |
102 | 112 |
103 The ssl/bodge directory contains files taken from the NSS repo that we required | 113 The ssl/bodge directory contains files taken from the NSS repo that we required |
104 for building libssl outside of its usual build environment. | 114 for building libssl outside of its usual build environment. |
OLD | NEW |