SUSE-SU-2022:2595-1

This update for mozilla-nss fixes the following issues:

Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4:

• Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079).
• FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
• FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298).
• FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325).
• Run test suite at build time, and make it pass (bsc#1198486).
• FIPS: skip algorithms that are hard disabled in FIPS mode.
• Prevent expired PayPalEE cert from failing the tests.
• Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc.
• FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
• Update FIPS validation string to version-release format.
• FIPS: remove XCBC MAC from list of FIPS approved algorithms.
• Enable NSSENABLEFIPSINDICATORS and set NSSFIPSMODULEID for build.
• FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
• FIPS: allow testing of unapproved algorithms (bsc#1192228).
• FIPS: add version indicators. (bmo#1729550, bsc#1192086).
• FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).

Version update to NSS 3.79:

• Use PK11GetSlotInfo instead of raw CGetSlotInfo calls.
• Update mercurial in clang-format docker image.
• Use of uninitialized pointer in lg_init after alloc fail.
• selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
• Add SECMOD_LockedModuleHasRemovableSlots.
• Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
• Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
• TLS 1.3 Server: Send protocolversion alert on unsupported ClientHello.legacyversion.
• Correct invalid record inner and outer content type alerts.
• NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
• improve error handling after nssCKFWInstance_CreateObjectHandle.
• Initialize pointers passed to NSSCMSDigestContextFinishMultiple.
• NSS 3.79 should depend on NSPR 4.34

Version update to NSS 3.78.1:

• Initialize pointers passed to NSSCMSDigestContextFinishMultiple

Version update to NSS 3.78:

• Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
• Reworked overlong record size checks and added TLS1.3 specific boundaries.
• Add ECH Grease Support to tstclnt
• Add a strict variant of moz::pkix::CheckCertHostname.
• Change SSLREUSESERVERECDHEKEY default to false.
• Make SEC_PKCS12EnableCipher succeed
• Update zlib in NSS to 1.2.12.

Version update to NSS 3.77:

• Fix link to TLS page on wireshark wiki
• Add two D-TRUST 2020 root certificates.
• Add Telia Root CA v2 root certificate.
• Remove expired explicitly distrusted certificates from certdata.txt.
• support specific RSA-PSS parameters in mozilla::pkix
• Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
• Remove token member from NSSSlot struct.
• Provide secure variants of mpppprime and mppmake_prime.
• Support UTF-8 library path in the module spec string.
• Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
• Update googletest to 1.11.0
• Add SetTls13GreaseEchSize to experimental API.
• TLS 1.3 Illegal legacy_version handling/alerts.
• Fix calculation of ECH HRR Transcript.
• Allow ld path to be set as environment variable.
• Ensure we don't read uninitialized memory in ssl gtests.
• Fix DataBuffer Move Assignment.
• internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
• rework signature verification in mozilla::pkix

Version update to NSS 3.76.1

• Remove token member from NSSSlot struct.
• Hold tokensLock through nssTokenGetSlot calls in nssTrustDomainGetActiveSlots.
• Check return value of PK11Slot_GetNSSToken.
• Use Wycheproof JSON for RSASSA-PSS
• Add SHA256 fingerprint comments to old certdata.txt entries.
• Avoid truncating files in nss-release-helper.py.
• Throw illegal_parameter alert for illegal extensions in handshake message.

Version update to NSS 3.75

• Make DottedOIDToCode.py compatible with python3.
• Avoid undefined shift in SSLCERTIS while fuzzing.
• Remove redundant key type check.
• Update ABI expectations to match ECH changes.
• Enable CKM_CHACHA20.
• check return on NSSNoDBInit and NSS_Shutdown.
• Run ECDSA test vectors from bltest as part of the CI tests.
• Add ECDSA test vectors to the bltest command line tool.
• Allow to build using clang's integrated assembler.
• Allow to override python for the build.
• test HKDF output rather than input.
• Use ASSERT macros to end failed tests early.
• move assignment operator for DataBuffer.
• Add test cases for ECH compression and unexpected extensions in SH.
• Update tests for ECH-13.
• Tidy up error handling.
• Add tests for ECH HRR Changes.
• Server only sends GREASE HRR extension if enabled by preference.
• Update generation of the Associated Data for ECH-13.
• When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
• Allow for compressed, non-contiguous, extensions.
• Scramble the PSK extension in CHOuter.
• Split custom extension handling for ECH.
• Add ECH-13 HRR Handling.
• Client side ECH padding.
• Stricter ClientHelloInner Decompression.
• Remove ECH_inner extension, use new enum format.
• Update the version number for ECH-13 and adjust the ECHConfig size.

Version update to NSS 3.74

• mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
• Ensure clients offer consistent ciphersuites after HRR
• NSS does not properly restrict server keys based on policy
• Set nssckbi version number to 2.54
• Replace Google Trust Services LLC (GTS) R4 root certificate
• Replace Google Trust Services LLC (GTS) R3 root certificate
• Replace Google Trust Services LLC (GTS) R2 root certificate
• Replace Google Trust Services LLC (GTS) R1 root certificate
• Replace GlobalSign ECC Root CA R4
• Remove Expired Root Certificates - DST Root CA X3
• Remove Expiring Cybertrust Global Root and GlobalSign root certificates
• Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
• Add iTrusChina ECC root certificate
• Add iTrusChina RSA root certificate
• Add ISRG Root X2 root certificate
• Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
• Avoid a clang 13 unused variable warning in opt build
• Check for missing signedData field

• Ensure DER encoded signatures are within size limits

• enable key logging option (boo#1195040)

Version update to NSS 3.73.1:

• Add SHA-2 support to mozilla::pkix's OSCP implementation

Version update to NSS 3.73

• check for missing signedData field.
• Ensure DER encoded signatures are within size limits.
• NSS needs FiPS 140-3 version indicators.
• pkixCacheCertLookup doesn't return cached certs
• sunset Coverity from NSS

Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures

Version update to NSS 3.72

• Fix nsinstall parallel failure.
• Increase KDF cache size to mitigate perf regression in about:logins

Version update to NSS 3.71

• Set nssckbi version number to 2.52.
• Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
• Import of PKCS#12 files with Camellia encryption is not supported
• Add HARICA Client ECC Root CA 2021.
• Add HARICA Client RSA Root CA 2021.
• Add HARICA TLS ECC Root CA 2021.
• Add HARICA TLS RSA Root CA 2021.
• Add TunTrust Root CA certificate to NSS.

Version update to NSS 3.70

• Update test case to verify fix.
• Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
• Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
• Avoid using a lookup table in nssb64d.
• Use HW accelerated SHA2 on AArch64 Big Endian.
• Change default value of enableHelloDowngradeCheck to true.
• Cache additional PBE entries.
• Read HPKE vectors from official JSON.

Version update to NSS 3.69.1:

• Disable DTLS 1.0 and 1.1 by default
• integrity checks in key4.db not happening on private components with AES_CBC

NSS 3.69:

• Disable DTLS 1.0 and 1.1 by default (backed out again)
• integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
• SSL handling of signature algorithms ignores environmental invalid algorithms.
• sqlite 3.34 changed it's open semantics, causing nss failures.
• Gtest update changed the gtest reports, losing gtest details in all.sh reports.
• NSS incorrectly accepting 1536 bit DH primes in FIPS mode
• SQLite calls could timeout in starvation situations.
• Coverity/cpp scanner errors found in nss 3.67
• Import the NSS documentation from MDN in nss/doc.
• NSS using a tempdir to measure sql performance not active

Version Update to 3.68.4 (bsc#1200027)

• CVE-2022-31741: Initialize pointers passed to NSSCMSDigestContextFinishMultiple. (bmo#1767590)