NSS 3.94 release notes

Introduction

Network Security Services (NSS) 3.94 was released on 2nd October 2023*.

Distribution Information

The HG tag is NSS_3_94_RTM. NSS 3.94 requires NSPR 4.35 or newer.

NSS 3.94 source distributions are available on ftp.mozilla.org for secure HTTPS download:

• Source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_94_RTM/src/

Other releases are available Releases.

Changes in NSS 3.94

• Bug 1853737 - Updated code and commit ID for HACL*.

• Bug 1840510 - update ACVP fuzzed test vector: refuzzed with current NSS

• Bug 1827303 - Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants.

• Bug 1774659 - NSS needs a database tool that can dump the low level representation of the database.

• Bug 1852179 - declare string literals using char in pkixnames_tests.cpp.

• Bug 1852179 - avoid implicit conversion for ByteString.

• Bug 1818766 - update rust version for acvp docker.

• Bug 1852011 - Moving the init function of the mpi_ints before clean-up in ec.c

• Bug 1615555 - P-256 ECDH and ECDSA from HACL*.

• Bug 1840510 - Add ACVP test vectors to the repository

• Bug 1849077 - Stop relying on std::basic_string<uint8_t>.

• Bug 1847845 - Transpose the PPC_ABI check from Makefile to gyp.

Compatibility

NSS 3.94 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with this new version of the shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report on bugzilla.mozilla.org (product NSS).