From 118ec82b436a2f852ebcdf17c5f109cad067434f Mon Sep 17 00:00:00 2001 From: Benjamin Beurdouche Date: Sat, 24 Jul 2021 19:17:58 +0200 Subject: Documentation: update and release notes for NSS 3.64 to 3.68 --- doc/rst/build_artifacts.rst | 177 ++++++++++++++++++++++++++++++++++++++++++ doc/rst/community.rst | 70 +++++++++++++++++ doc/rst/getting_started.rst | 62 +++++++++++++++ doc/rst/index.rst | 175 ++--------------------------------------- doc/rst/more.rst | 153 ++++++++++++++++++++++++++++++++++++ doc/rst/releases/index.rst | 37 +++++++++ doc/rst/releases/nss_3_64.rst | 69 ++++++++++++++++ doc/rst/releases/nss_3_65.rst | 77 ++++++++++++++++++ doc/rst/releases/nss_3_66.rst | 79 +++++++++++++++++++ doc/rst/releases/nss_3_67.rst | 70 +++++++++++++++++ doc/rst/releases/nss_3_68.rst | 61 +++++++++++++++ 11 files changed, 862 insertions(+), 168 deletions(-) create mode 100644 doc/rst/build_artifacts.rst create mode 100644 doc/rst/community.rst create mode 100644 doc/rst/getting_started.rst create mode 100644 doc/rst/more.rst create mode 100644 doc/rst/releases/index.rst create mode 100644 doc/rst/releases/nss_3_64.rst create mode 100644 doc/rst/releases/nss_3_65.rst create mode 100644 doc/rst/releases/nss_3_66.rst create mode 100644 doc/rst/releases/nss_3_67.rst create mode 100644 doc/rst/releases/nss_3_68.rst (limited to 'doc/rst') diff --git a/doc/rst/build_artifacts.rst b/doc/rst/build_artifacts.rst new file mode 100644 index 000000000..ba7a48bb5 --- /dev/null +++ b/doc/rst/build_artifacts.rst @@ -0,0 +1,177 @@ +.. _mozilla_projects_nss_build_artifacts: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. + +Build artifacts +=============== + +.. container:: + + **Network Security Services (NSS)** is a set of libraries designed to support cross-platform + development of communications applications that support TLS, S/MIME, and other Internet security + standards. For a general overview of NSS and the standards it supports, see + :ref:`mozilla_projects_nss_overview`. + +.. _shared_libraries: + +`Shared libraries <#shared_libraries>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Network Security Services provides both static libraries and shared libraries. Applications that + use the shared libraries must use only the APIs that they export. Three shared libraries export + public functions: + + - The SSL/TLS library supports core TLS operations. + - The S/MIME library supports core S/MIME operations. + - The freebl library supports core crypto operations. + +.. note:: + + We guarantee that applications using the exported APIs will remain compatible with future + versions of those libraries until deprecated. + +.. container:: + + .. + For a complete list of public functions exported by these shared + libraries in NSS 3.2, see :ref:`mozilla_projects_nss_reference_nss_functions`. + + .. + For information on which static libraries in NSS 3.1.1 are replaced by each of the above shared + libraries in NSS 3.2 , see `Migration from NSS + 3.1.1 `__. + + .. + Figure 1, below, shows a simplified view of the relationships among the three shared libraries + listed above and NSPR, which provides low-level cross platform support for operations such as + threading and I/O. (Note that NSPR is a separate Mozilla project; see `Netscape Portable + Runtime `__ for details.) + + .. image:: /en-US/docs/Mozilla/Projects/NSS/Introduction_to_Network_Security_Services/nss.gif + :alt: Diagram showing the relationships among core NSS libraries and NSPR. + :width: 429px + :height: 196px + +.. _naming_conventions_and_special_libraries: + +`Naming conventions <#naming_conventions_and_special_libraries>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Windows and Unix use different naming conventions for static and dynamic libraries: + + ======= ======== =============================== +   Windows Unix + static ``.lib`` ``.a`` + dynamic ``.dll`` ``.so`` or ``.dylib`` or ``.sl`` + ======= ======== =============================== + + In addition, Windows has "import" libraries that bind to dynamic libraries. So the NSS library + has the following forms: + + - ``libnss3.so`` - Linux shared library + - ``libnss3.dylib`` - MacOS shared library + - ``libnss3.sl`` - HP-UX shared library + - ``libnss.a`` - Unix static library + - ``nss3.dll`` - Windows shared library + - ``nss3.lib`` - Windows import library binding to ``nss3.dll`` + - ``nss.lib`` - Windows static library + + NSS, SSL, and S/MIME have all of the above forms. + + The following static libraries aren't included in any shared libraries + + - ``libcrmf.a``/``crmf.lib`` provides an API for CRMF operations. + - ``libjar.a``/``jar.lib`` provides an API for creating JAR files. + + The following static libraries are included only in external loadable PKCS #11 modules: + + - ``libnssckfw.a``/``nssckfw.lib`` provides an API for writing PKCS #11 modules. + - ``libswfci.a``/``swfci.lib`` provides support for software FORTEZZA. + + The following shared libraries are standalone loadable modules, not meant to be linked with + directly: + + - ``libfort.so``/``libfort.sl``/``fort32.dll`` provides support for hardware FORTEZZA. + - ``libswft.so``/``libswft.sl``/``swft32.dll`` provides support for software FORTEZZA. + - ``libnssckbi.so``/``libnssckbi.sl``/``nssckbi.dll`` defines the default set of trusted root + certificates. + +.. + .. _support_for_ilp32: + + `Support for ILP32 <#support_for_ilp32>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + In NSS 3.2 and later versions, there are two new shared libraries for the platforms HP-UX for + PARisc CPUs and Solaris for (Ultra)Sparc (not x86) CPUs. These HP and Solaris platforms allow + programs that use the ILP32 program model to run on both 32-bit CPUs and 64-bit CPUs. The two + libraries exist to provide optimal performance on each of the two types of CPUs. + + These two extra shared libraries are not supplied on any other platforms. The names of these + libraries are platform-dependent, as shown in the following table. + + ================================== ============================ ============================ + Platform for 32-bit CPUs for 64-bit CPUs + Solaris/Sparc ``libfreebl_pure32_3.so`` ``libfreebl_hybrid_3.so`` + HPUX/PARisc ``libfreebl_pure32_3.sl`` ``libfreebl_hybrid_3.sl`` + AIX (planned for a future release) ``libfreebl_pure32_3_shr.a`` ``libfreebl_hybrid_3_shr.a`` + ================================== ============================ ============================ + + An application should not link against these libraries, because they are dynamically loaded by + NSS at run time. Linking the application against one or the other of these libraries may produce + an application program that can only run on one type of CPU (e.g. only on 64-bit CPUs, not on + 32-bit CPUs) or that doesn't use the more efficient 64-bit code on 64-bit CPUs, which defeats the + purpose of having these shared libraries. + + On platforms for which these shared libraries exist, NSS 3.2 will fail if these shared libs are + not present. So, an application must include these files in its distribution of NSS shared + libraries. These shared libraries should be installed in the same directory where the other NSS + shared libraries (such as ``libnss3.so``) are installed. Both shared libs should always be + installed whether the target system has a 32-bit CPU or a 64-bit CPU. NSS will pick the right one + for the local system at run time. + + Note that NSS 3.x is also available in the LP64 model for these platforms, but the LP64 model of + NSS 3.x does not have these two extra shared libraries. + +.. + .. _what_you_should_already_know: + + `What you should already know <#what_you_should_already_know>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + Before using NSS, you should be familiar with the following topics: + + - Concepts and techniques of public-key cryptography + - The Secure Sockets Layer (SSL) protocol + - The PKCS #11 standard for cryptographic token interfaces + - Cross-platform development issues and techniques + + .. _where_to_find_more_information: + + `Where to find more information <#where_to_find_more_information>`__ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + .. container:: + + For information about PKI and SSL that you should understand before using NSS, see the following: + + - `Introduction to Public-Key + Cryptography `__ + - `Introduction to + SSL `__ + + For links to API documentation, build instructions, and other useful information, see the + :ref:`mozilla_projects_nss`. + + As mentioned above, NSS is built on top of NSPR. The API documentation for NSPR is available at + `NSPR API + Reference `__. diff --git a/doc/rst/community.rst b/doc/rst/community.rst new file mode 100644 index 000000000..dce308741 --- /dev/null +++ b/doc/rst/community.rst @@ -0,0 +1,70 @@ +.. _Community: + +Community +--------- + +Network Security Services (NSS) is maintained by a group of engineers and researchers, +mainly RedHat and Mozilla. + +.. warning:: + + While the NSS team focuses mainly on supporting platforms and features needded by + Firefox and RHEL, we are happy to take contributions. + +Contributors can reach out the the core team and follow NSS related news through the +following mailing list, Google group and Element/Matrix channel: + +.. note:: + + Mailing list: `https://groups.google.com/a/mozilla.org/g/dev-tech-crypto `__ + + Matrix/Element: `https://app.element.io/#/room/#nss:mozilla.org `__ + +.. + - View Mozilla Security forums... + + - `Mailing list `__ + - `Newsgroup `__ + - `RSS feed `__ + +.. _how_to_contribute: + +`How to Contribute <#how_to_contribute>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Start by opening a **Bugzilla** account at `bugzilla.mozilla.org `__ if you don't have one. + + ``NSS :: Libraries`` is the component for issues you'd like to work on. + We maintain a list of `NSS bugs marked with a keyword "good-first-bug" `__. + +.. _creating_your_patch: + +`Creating your Patch <#creating_your_patch>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + See our section on :ref:`mozilla_projects_nss_nss_sources_building_testing` to get started + making your patch. When you're satisfied with it, you'll need code review. + +.. _code_review: + +`Code Review <#code_review>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + `http://phabricator.services.mozilla.com/ `__ is our + code review tool, which uses your Bugzilla account. + + Use our `Phabricator user instructions `__ to upload patches for review. + Some items that will be evaluated during code review are `listed in checklist form on + Github. `__ + + After passing review, your patch can be landed by a member of the NSS team. Note that we don't land code that isn't both reviewed and tested. + +.. warning:: + + Please reach out to the team before engaging in a lot of work to make ensure we are willing to accept your contributions. diff --git a/doc/rst/getting_started.rst b/doc/rst/getting_started.rst new file mode 100644 index 000000000..a3e54f881 --- /dev/null +++ b/doc/rst/getting_started.rst @@ -0,0 +1,62 @@ +.. _mozilla_projects_nss_getting_started: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. + +Getting Started +=============== + +.. _how_to_get_involved_with_nss: + +`How to get involved with NSS <#how_to_get_involved_with_nss>`__ +---------------------------------------------------------------- + +.. container:: + + | Network Security Services (NSS) is a base library for cryptographic algorithms and secure + network protocols used by Mozilla software. + | Would you like to get involved and help us to improve the core security of Mozilla Firefox and + other applications that make use of NSS? We are looking forward to your contributions! + + .. + | We have a large list of tasks waiting for attention, and we are happy to assist you in + identifying areas that match your interest or skills. You can find us on `Mozilla + IRC `__ in + channel `#nss `__ or you could ask your questions on the + `mozilla.dev.tech.crypto `__ newsgroup. + + + The NSS library and its supporting command line tools are written in the C programming language. + Its build system and the automated tests are based on makefiles and bash scripts. + + Over time, many documents have been produced that describe various aspects of NSS. You can start + with: + + .. + - the current `primary NSS documentation page `__ + from which we link to other documentation. + - a `General Overview `__ of the + applications that use NSS and the features it provides. + - a high level :ref:`mozilla_projects_nss_an_overview_of_nss_internals`. + - learn about getting the :ref:`mozilla_projects_nss_nss_sources_building_testing` + - `Old documentation `__ that is on + the archived mozilla.org website. + +.. + .. _nss_sample_code: + + `NSS Sample Code <#nss_sample_code>`__ + -------------------------------------- + + .. container:: + + A good place to start learning how to write NSS applications are the command line tools that are + maintained by the NSS developers. You can find them in subdirectory mozilla/security/nss/cmd + + Or have a look at some basic :ref:`mozilla_projects_nss_nss_sample_code`. + + A new set of samples is currently under development and review, see `Create new NSS + samples `__. + + You are welcome to download the samples via: hg clone https://hg.mozilla.org/projects/nss; cd + nss; hg update SAMPLES_BRANCH diff --git a/doc/rst/index.rst b/doc/rst/index.rst index a4eba24dd..a9e79947a 100644 --- a/doc/rst/index.rst +++ b/doc/rst/index.rst @@ -1,182 +1,21 @@ .. _mozilla_projects_nss: -Network Security Services -========================= +Network Security Services (NSS) +=============================== .. toctree:: :maxdepth: 2 :glob: :hidden: - getting_started_with_nss/index.rst - introduction_to_network_security_services/index.rst + getting_started.rst + build_artifacts.rst + releases/index.rst + community.rst + more.rst More documentation .. warning:: This NSS documentation was just imported from our legacy MDN repository. It currently is very deprecated and likely incorrect or broken in many places. -`Documentation <#documentation>`__ ----------------------------------- - -.. container:: - - **Network Security Services** (**NSS**) is a set of libraries designed to support cross-platform - development of security-enabled client and server applications. Applications built with NSS can - support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and - other security standards. - - For detailed information on standards supported, see :ref:`mozilla_projects_nss_overview`. For a - list of frequently asked questions, see the :ref:`mozilla_projects_nss_faq`. - - NSS is available under the Mozilla Public License. For information on downloading NSS releases as - tar files, see :ref:`mozilla_projects_nss_nss_sources_building_testing`. - - If you're a developer and would like to contribute to NSS, you might want to read the documents - :ref:`mozilla_projects_nss_an_overview_of_nss_internals` and - :ref:`mozilla_projects_nss_getting_started_with_nss`. - - .. rubric:: Background Information - :name: Background_Information - - :ref:`mozilla_projects_nss_overview` - Provides a brief summary of NSS and its capabilities. - :ref:`mozilla_projects_nss_faq` - Answers basic questions about NSS. - `Introduction to Public-Key Cryptography `__ - Explains the basic concepts of public-key cryptography that underlie NSS. - `Introduction to SSL `__ - Introduces the SSL protocol, including information about cryptographic ciphers supported by - SSL and the steps involved in the SSL handshake. - - .. rubric:: Getting Started - :name: Getting_Started - - :ref:`mozilla_projects_nss_nss_releases` - This page contains information about the current and past releases of NSS. - :ref:`mozilla_projects_nss_nss_sources_building_testing` - Instructions on how to build NSS on the different supported platforms. - `Get Mozilla Source Code Using Mercurial `__ - Information about with working with Mercurial. - `Get Mozilla Source Code Using CVS (deprecated) `__ - Old deprecated CVS documentation. - - .. rubric:: NSS APIs - :name: NSS_APIs - - :ref:`mozilla_projects_nss_introduction_to_network_security_services` - Provides an overview of the NSS libraries and what you need to know to use them. - :ref:`mozilla_projects_nss_ssl_functions` - Summarizes the SSL APIs exported by the NSS shared libraries. - :ref:`mozilla_projects_nss_reference` - API used to invoke SSL operations. - :ref:`mozilla_projects_nss_nss_api_guidelines` - Explains how the libraries and code are organized, and guidelines for developing code (naming - conventions, error handling, thread safety, etc.) - :ref:`mozilla_projects_nss_nss_tech_notes` - Links to NSS technical notes, which provide latest information about new NSS features and - supplementary documentation for advanced topics in programming with NSS. - - .. rubric:: Tools, testing, and other technical details - :name: Tools_testing_and_other_technical_details - - :ref:`mozilla_projects_nss_building` - Describe how to check out and build NSS releases. - - :ref:`mozilla_projects_nss_nss_developer_tutorial` - How to make changes in NSS. Coding style, maintaining ABI compatibility. - - :ref:`mozilla_projects_nss_tools` - Tools for developing, debugging, and managing applications that use NSS. - :ref:`mozilla_projects_nss_nss_sample_code` - Demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc. - :ref:`mozilla_projects_nss_nss_third-party_code` - A list of third-party code included in the NSS library. - `NSS 3.2 Test Suite `__ - **Archived version.** Describes how to run the standard NSS tests. - `NSS Performance Reports `__ - **Archived version.** Links to performance reports for NSS 3.2 and later releases. - `Encryption Technologies Available in NSS 3.11 `__ - **Archived version.** Lists the cryptographic algorithms used by NSS 3.11. - `NSS 3.1 Loadable Root Certificates `__ - **Archived version.** Describes the scheme for loading root CA certificates. - `cert7.db `__ - **Archived version.** General format of the cert7.db database. - - .. rubric:: PKCS #11 information - :name: PKCS_11_information - - - :ref:`mozilla_projects_nss_pkcs11` - - :ref:`mozilla_projects_nss_pkcs11_implement` - - :ref:`mozilla_projects_nss_pkcs11_module_specs` - - :ref:`mozilla_projects_nss_pkcs11_faq` - - `Using the JAR Installation Manager to Install a PKCS #11 Cryptographic - Module `__ - - `PKCS #11 Conformance Testing - Archived - version `__ - - .. rubric:: CA certificates pre-loaded into NSS - :name: CA_certificates_pre-loaded_into_NSS - - - `Mozilla CA certificate policy `__ - - `List of pre-loaded CA certificates `__ - - - Consumers of this list must consider the trust bit setting for each included root - certificate. `More - Information `__, `Extracting - roots and their trust bits `__ - - .. rubric:: NSS is built on top of Netscape Portable Runtime (NSPR) - :name: NSS_is_built_on_top_of_Netscape_Portable_Runtime_NSPR - - `Netscape Portable Runtime `__ - NSPR project page. - `NSPR Reference `__ - NSPR API documentation. - - .. rubric:: Additional Information - :name: Additional_Information - - - `Using the window.crypto object from - JavaScript `__ - - :ref:`mozilla_projects_nss_http_delegation` - - :ref:`mozilla_projects_nss_tls_cipher_suite_discovery` - - :ref:`mozilla_projects_nss_certificate_download_specification` - - :ref:`mozilla_projects_nss_fips_mode_-_an_explanation` - - :ref:`mozilla_projects_nss_key_log_format` - - .. rubric:: Planning - :name: Planning - - Information on NSS planning can be found at `wiki.mozilla.org `__, - including: - - - `FIPS Validation `__ - - `NSS Roadmap page `__ - - `NSS Improvement - Project `__ - -.. _Community: - -Community -~~~~~~~~~ - -- View Mozilla Security forums... - -- `Mailing list `__ -- `Newsgroup `__ -- `RSS feed `__ - -- View Mozilla Cryptography forums... - -- `Mailing list `__ -- `Newsgroup `__ -- `RSS feed `__ - -.. _Related_Topics: - -Related Topics -~~~~~~~~~~~~~~ - -- `Security `__ - diff --git a/doc/rst/more.rst b/doc/rst/more.rst new file mode 100644 index 000000000..1585a2397 --- /dev/null +++ b/doc/rst/more.rst @@ -0,0 +1,153 @@ +.. _more_documentation: + +.. warning:: + This NSS documentation was just imported from our legacy MDN repository. + It currently is very deprecated and likely incorrect or broken in many places. + +More Documentation +------------------ + +.. container:: + + **Network Security Services** (**NSS**) is a set of libraries designed to support cross-platform + development of security-enabled client and server applications. Applications built with NSS can + support SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and + other security standards. + + For detailed information on standards supported, see :ref:`mozilla_projects_nss_overview`. For a + list of frequently asked questions, see the :ref:`mozilla_projects_nss_faq`. + + NSS is available under the Mozilla Public License. For information on downloading NSS releases as + tar files, see :ref:`mozilla_projects_nss_nss_sources_building_testing`. + + If you're a developer and would like to contribute to NSS, you might want to read the documents + :ref:`mozilla_projects_nss_an_overview_of_nss_internals` and + :ref:`mozilla_projects_nss_getting_started_with_nss`. + + .. rubric:: Background Information + :name: Background_Information + + :ref:`mozilla_projects_nss_overview` + Provides a brief summary of NSS and its capabilities. + :ref:`mozilla_projects_nss_faq` + Answers basic questions about NSS. + `Introduction to Public-Key Cryptography `__ + Explains the basic concepts of public-key cryptography that underlie NSS. + `Introduction to SSL `__ + Introduces the SSL protocol, including information about cryptographic ciphers supported by + SSL and the steps involved in the SSL handshake. + + .. rubric:: Getting Started + :name: Getting_Started + + :ref:`mozilla_projects_nss_nss_releases` + This page contains information about the current and past releases of NSS. + :ref:`mozilla_projects_nss_nss_sources_building_testing` + Instructions on how to build NSS on the different supported platforms. + `Get Mozilla Source Code Using Mercurial `__ + Information about with working with Mercurial. + `Get Mozilla Source Code Using CVS (deprecated) `__ + Old deprecated CVS documentation. + + .. rubric:: NSS APIs + :name: NSS_APIs + + :ref:`mozilla_projects_nss_introduction_to_network_security_services` + Provides an overview of the NSS libraries and what you need to know to use them. + :ref:`mozilla_projects_nss_ssl_functions` + Summarizes the SSL APIs exported by the NSS shared libraries. + :ref:`mozilla_projects_nss_reference` + API used to invoke SSL operations. + :ref:`mozilla_projects_nss_nss_api_guidelines` + Explains how the libraries and code are organized, and guidelines for developing code (naming + conventions, error handling, thread safety, etc.) + :ref:`mozilla_projects_nss_nss_tech_notes` + Links to NSS technical notes, which provide latest information about new NSS features and + supplementary documentation for advanced topics in programming with NSS. + + .. rubric:: Tools, testing, and other technical details + :name: Tools_testing_and_other_technical_details + + :ref:`mozilla_projects_nss_building` + Describe how to check out and build NSS releases. + + :ref:`mozilla_projects_nss_nss_developer_tutorial` + How to make changes in NSS. Coding style, maintaining ABI compatibility. + + :ref:`mozilla_projects_nss_tools` + Tools for developing, debugging, and managing applications that use NSS. + :ref:`mozilla_projects_nss_nss_sample_code` + Demonstrates how NSS can be used for cryptographic operations, certificate handling, SSL, etc. + :ref:`mozilla_projects_nss_nss_third-party_code` + A list of third-party code included in the NSS library. + `NSS 3.2 Test Suite `__ + **Archived version.** Describes how to run the standard NSS tests. + `NSS Performance Reports `__ + **Archived version.** Links to performance reports for NSS 3.2 and later releases. + `Encryption Technologies Available in NSS 3.11 `__ + **Archived version.** Lists the cryptographic algorithms used by NSS 3.11. + `NSS 3.1 Loadable Root Certificates `__ + **Archived version.** Describes the scheme for loading root CA certificates. + `cert7.db `__ + **Archived version.** General format of the cert7.db database. + + .. rubric:: PKCS #11 information + :name: PKCS_11_information + + - :ref:`mozilla_projects_nss_pkcs11` + - :ref:`mozilla_projects_nss_pkcs11_implement` + - :ref:`mozilla_projects_nss_pkcs11_module_specs` + - :ref:`mozilla_projects_nss_pkcs11_faq` + - `Using the JAR Installation Manager to Install a PKCS #11 Cryptographic + Module `__ + - `PKCS #11 Conformance Testing - Archived + version `__ + + .. rubric:: CA certificates pre-loaded into NSS + :name: CA_certificates_pre-loaded_into_NSS + + - `Mozilla CA certificate policy `__ + - `List of pre-loaded CA certificates `__ + + - Consumers of this list must consider the trust bit setting for each included root + certificate. `More + Information `__, `Extracting + roots and their trust bits `__ + + .. rubric:: NSS is built on top of Netscape Portable Runtime (NSPR) + :name: NSS_is_built_on_top_of_Netscape_Portable_Runtime_NSPR + + `Netscape Portable Runtime `__ + NSPR project page. + `NSPR Reference `__ + NSPR API documentation. + + .. rubric:: Additional Information + :name: Additional_Information + + - `Using the window.crypto object from + JavaScript `__ + - :ref:`mozilla_projects_nss_http_delegation` + - :ref:`mozilla_projects_nss_tls_cipher_suite_discovery` + - :ref:`mozilla_projects_nss_certificate_download_specification` + - :ref:`mozilla_projects_nss_fips_mode_-_an_explanation` + - :ref:`mozilla_projects_nss_key_log_format` + + .. rubric:: Planning + :name: Planning + + Information on NSS planning can be found at `wiki.mozilla.org `__, + including: + + - `FIPS Validation `__ + - `NSS Roadmap page `__ + - `NSS Improvement + Project `__ + +.. _Related_Topics: + +Related Topics +~~~~~~~~~~~~~~ + +- `Security `__ + diff --git a/doc/rst/releases/index.rst b/doc/rst/releases/index.rst new file mode 100644 index 000000000..03b849ed4 --- /dev/null +++ b/doc/rst/releases/index.rst @@ -0,0 +1,37 @@ +.. _mozilla_projects_nss_releases: + +Releases +======== + +.. toctree:: + :maxdepth: 0 + :glob: + :hidden: + + nss_3_68.rst + nss_3_67.rst + nss_3_66.rst + nss_3_65.rst + nss_3_64.rst + +.. note:: + + **NSS 3.68** is the latest version of NSS. + + Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_68_release_notes` + +.. container:: + + Changes included in this release: + + - Bug 1709654 - Update for NetBSD configuration. + - Bug 1709750 - Disable HPKE test when fuzzing. + - Bug 1566124 - Optimize AES-GCM for ppc64le. + - Bug 1699021 - Add AES-256-GCM to HPKE. + - Bug 1698419 - ECH -10 updates. + - Bug 1692930 - Update HPKE to final version. + - Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. + - Bug 1703936 - New coverity/cpp scanner errors. + - Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. + - Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. + - Bug 1705119 - Deadlock when using GCM and non-thread safe tokens. diff --git a/doc/rst/releases/nss_3_64.rst b/doc/rst/releases/nss_3_64.rst new file mode 100644 index 000000000..a3c605e4c --- /dev/null +++ b/doc/rst/releases/nss_3_64.rst @@ -0,0 +1,69 @@ +.. _mozilla_projects_nss_nss_3_64_release_notes: + +NSS 3.64 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.64 was released on **15 April 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_64_RTM. NSS 3.64 requires NSPR 4.30 or newer. + + NSS 3.64 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_64_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_nss_releases`. + +.. _bugs_fixed_in_nss_3.64: + +`Bugs fixed in NSS 3.64 <#bugs_fixed_in_nss_3.64>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1705286 - Properly detect mips64. + - Bug 1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and disable_crypto_vsx. + - Bug 1698320 - replace \__builtin_cpu_supports("vsx") with ppc_crypto_support() for clang. + - Bug 1613235 - Add POWER ChaCha20 stream cipher vector acceleration. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.64 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.64 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This version of NSS contains a number of contributions for "unsupported platforms". We would like + to thank the authors and the reviewers for their contributions to NSS. + + Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release + notes.) \ No newline at end of file diff --git a/doc/rst/releases/nss_3_65.rst b/doc/rst/releases/nss_3_65.rst new file mode 100644 index 000000000..93754b87b --- /dev/null +++ b/doc/rst/releases/nss_3_65.rst @@ -0,0 +1,77 @@ +.. _mozilla_projects_nss_nss_3_65_release_notes: + +NSS 3.65 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.65 was released on **13 May 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_65_RTM. NSS 3.65 requires NSPR 4.30 or newer. + + NSS 3.65 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_65_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.65: + +`Bugs fixed in NSS 3.65 <#bugs_fixed_in_nss_3.65>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1709654 - Update for NetBSD configuration. + - Bug 1709750 - Disable HPKE test when fuzzing. + - Bug 1566124 - Optimize AES-GCM for ppc64le. + - Bug 1699021 - Add AES-256-GCM to HPKE. + - Bug 1698419 - ECH -10 updates. + - Bug 1692930 - Update HPKE to final version. + - Bug 1707130 - NSS should use modern algorithms in PKCS#12 files by default. + - Bug 1703936 - New coverity/cpp scanner errors. + - Bug 1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards. + - Bug 1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms. + - Bug 1705119 - Deadlock when using GCM and non-thread safe tokens. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.65 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.65 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + Due to some changes in the Firefox release cycle, NSS 3.67 has yet to be added + to the NSS release schedule (3.66 is not affected). I will announce the date to + this list once defined. + + Best, + Benjamin diff --git a/doc/rst/releases/nss_3_66.rst b/doc/rst/releases/nss_3_66.rst new file mode 100644 index 000000000..f4a93a7f3 --- /dev/null +++ b/doc/rst/releases/nss_3_66.rst @@ -0,0 +1,79 @@ +.. _mozilla_projects_nss_nss_3_66_release_notes: + +NSS 3.66 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.66 was released on **27 May 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_66_RTM. NSS 3.66 requires NSPR 4.30 or newer. + + NSS 3.66 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_66_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.66: + +`Bugs fixed in NSS 3.66 <#bugs_fixed_in_nss_3.66>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1710716 - Remove Expired Sonera Class2 CA from NSS. + - Bug 1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority. + - Bug 1708307 - Remove Trustis FPS Root CA from NSS. + - Bug 1707097 - Add Certum Trusted Root CA to NSS. + - Bug 1707097 - Add Certum EC-384 CA to NSS. + - Bug 1703942 - Add ANF Secure Server Root CA to NSS. + - Bug 1697071 - Add GLOBALTRUST 2020 root cert to NSS. + - Bug 1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database. + - Bug 1712230 - Don't build ppc-gcm.s with clang integrated assembler. + - Bug 1712211 - Strict prototype error when trying to compile nss code that includes blapi.h. + - Bug 1710773 - NSS needs FIPS 180-3 FIPS indicators. + - Bug 1709291 - Add VerifyCodeSigningCertificateChain. + - Use GNU tar for the release helper script. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.66 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.66 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + To realign the NSS and Firefox release schedules, the next cycle for + NSS 3.67 will be very short and the release happen on June 10th. + https://wiki.mozilla.org/NSS:Release_Versions + + Bug 1712230 introduced a correctness issue for GCM on ppcle64, the fix will + be part of NSS 3.67. diff --git a/doc/rst/releases/nss_3_67.rst b/doc/rst/releases/nss_3_67.rst new file mode 100644 index 000000000..65c63bb25 --- /dev/null +++ b/doc/rst/releases/nss_3_67.rst @@ -0,0 +1,70 @@ +.. _mozilla_projects_nss_nss_3_67_release_notes: + +NSS 3.67 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.67 was released on **10 June 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_67_RTM. NSS 3.67 requires NSPR 4.30 or newer. + + NSS 3.67 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_67_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.67: + +`Bugs fixed in NSS 3.67 <#bugs_fixed_in_nss_3.67>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1683710 - Add a means to disable ALPN. + - Bug 1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66). + - Bug 1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja. + - Bug 1566124 - Fix counter increase in ppc-gcm-wrap.c + - Bug 1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.67 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.67 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). + +`Notes <#notes>`__ +------------------ + +.. container:: + + This version of NSS contains a number of contributions for "unsupported platforms". We would like + to thank the authors and the reviewers for their contributions to NSS. + + Discussions about moving the documentation are still ongoing. (See discussion in the 3.62 release + notes.) diff --git a/doc/rst/releases/nss_3_68.rst b/doc/rst/releases/nss_3_68.rst new file mode 100644 index 000000000..b98786b55 --- /dev/null +++ b/doc/rst/releases/nss_3_68.rst @@ -0,0 +1,61 @@ +.. _mozilla_projects_nss_nss_3_68_release_notes: + +NSS 3.68 release notes +====================== + +`Introduction <#introduction>`__ +-------------------------------- + +.. container:: + + Network Security Services (NSS) 3.68 was released on **8 July 2021**. + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +-------------------------------------------------------- + +.. container:: + + The HG tag is NSS_3_68_RTM. NSS 3.68 requires NSPR 4.32 or newer. + + NSS 3.68 source distributions are available on ftp.mozilla.org for secure HTTPS download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_68_RTM/src/ + + Other releases are available :ref:`mozilla_projects_nss_releases`. + +.. _bugs_fixed_in_nss_3.68: + +`Bugs fixed in NSS 3.68 <#bugs_fixed_in_nss_3.68>`__ +---------------------------------------------------- + +.. container:: + + - Bug 1713562 - Fix test leak. + - Bug 1717452 - NSS 3.68 should depend on NSPR 4.32. + - Bug 1693206 - Implement PKCS8 export of ECDSA keys. + - Bug 1712883 - DTLS 1.3 draft-43. + - Bug 1655493 - Support SHA2 HW acceleration using Intel SHA Extension. + - Bug 1713562 - Validate ECH public names. + - Bug 1717610 - Add function to get seconds from epoch from pkix::Time. + +`Compatibility <#compatibility>`__ +---------------------------------- + +.. container:: + + NSS 3.68 shared libraries are backwards-compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.68 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in NSS Public Functions will remain compatible with future versions of + the NSS shared libraries. + +`Feedback <#feedback>`__ +------------------------ + +.. container:: + + Bugs discovered should be reported by filing a bug report on + `bugzilla.mozilla.org `__ (product NSS). -- cgit v1.2.1