NSS 3.90 release notes

Introduction

Network Security Services (NSS) 3.90 was released on 4 June 2023*.

Distribution Information

The HG tag is NSS_3_90_RTM. NSS 3.90 requires NSPR 4.35 or newer.

NSS 3.90 source distributions are available on ftp.mozilla.org for secure HTTPS download:

Other releases are available Releases.

Changes in NSS 3.90

  • Bug 1623338 - ride along: remove a duplicated doc page

  • Bug 1623338 - remove a reference to IRC

  • Bug 1831983 - clang-format lib/freebl/stubs.c

  • Bug 1831983 - Add a constant time select function

  • Bug 1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.

  • Bug 1830973 - output early build errors by default

  • Bug 1804505 - Update the technical constraints for KamuSM

  • Bug 1822921 - Add BJCA Global Root CA1 and CA2 root certificates

  • Bug 1790763 - Enable default UBSan Checks

  • Bug 1786018 - Add explicit handling of zero length records

  • Bug 1829391 - Tidy up DTLS ACK Error Handling Path

  • Bug 1786018 - Refactor zero length record tests

  • Bug 1829112 - Fix compiler warning via correct assert

  • Bug 1755267 - run linux tests on nss-t/t-linux-xlarge-gcp

  • Bug 1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator

  • Bug 1784163 - Fix reading raw negative numbers

  • Bug 1748237 - Repairing unreachable code in clang built with gyp

  • Bug 1783647 - Integrate Vale Curve25519

  • Bug 1799468 - Removing unused flags for Hacl*

  • Bug 1748237 - Adding a better error message

  • Bug 1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6

  • Bug 1782980 - Fall back to the softokn when writing certificate trust

  • Bug 1806010 - FIPS-104-3 requires we restart post programmatically

  • Bug 1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13

  • Bug 1818766 - Update ACVP dockerfile for compatibility with debian package changes

  • Bug 1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files

  • Bug 1819958 - Removed deprecated sprintf function and replaced with snprintf

  • Bug 1822076 - fix rst warnings in nss doc

  • Bug 1821997 - Fix incorrect pygment style

  • Bug 1821292 - Change GYP directive to apply across platforms

  • Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag

Compatibility

NSS 3.90 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).