Last Comment Bug 361025 - Support for Camellia Cipher Suites to TLS RFC4132
: Support for Camellia Cipher Suites to TLS RFC4132
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.11
: All All
: -- enhancement (vote)
: 3.12
Assigned To: Robert Relyea
:
:
Mentors:
Depends on: nss312
Blocks: 382223
  Show dependency treegraph
 
Reported: 2006-11-16 23:15 PST by okazaki
Modified: 2008-07-17 00:05 PDT (History)
10 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
patch for firefox-trunk (167.75 KB, patch)
2006-11-16 23:19 PST, okazaki
no flags Details | Diff | Splinter Review
patch for NSS trunk (166.68 KB, patch)
2006-11-16 23:32 PST, okazaki
rrelyea: review+
Details | Diff | Splinter Review
patch for NSS-trunk v2 (156.46 KB, patch)
2007-01-18 03:09 PST, okazaki
nelson: review-
Details | Diff | Splinter Review
patch for NSS-trunk v3 (158.17 KB, patch)
2007-01-19 05:36 PST, okazaki
rrelyea: review+
Details | Diff | Splinter Review

Description okazaki 2006-11-16 23:15:57 PST
User-Agent:       Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.1) Gecko/20061116 Firefox/2.0
Build Identifier: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.1) Gecko/20061116 Firefox/2.0

NTT and I would like to add support RFC4132 to NSS and Mozilla Firefox.

The details for Camellia are in
http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html

RFC4132 is in
http://www.ietf.org/rfc/rfc4132.txt

Camellia is proposed for PKCS#11 v2.20 Amendant 3 draft 2.
http://www.rsasecurity.com/rsalabs/node.asp?id=2133

We made a patch for NSS-trunk and Firefox-trunk.
Please review it.


Reproducible: Always
Comment 1 okazaki 2006-11-16 23:19:53 PST
Created attachment 245821 [details] [diff] [review]
patch for firefox-trunk
Comment 2 okazaki 2006-11-16 23:32:10 PST
Created attachment 245822 [details] [diff] [review]
patch for NSS trunk
Comment 3 Robert Relyea 2007-01-03 15:35:05 PST
Comment on attachment 245822 [details] [diff] [review]
patch for NSS trunk

r+ = relyea for the NSS trunk with the following changes:

1. The following files need to move the to mozilla patch:

nsNSSComponent.cpp
security-prefs.js

2. The patches for selfserve, strsclnt.c and tstclnt.c should be dropped. Since ECC we are using the :XXXX syntax for new ciphers.

3. The SSL test vectors should change with the appropriate :XXXX for Camillia.

4. We can submit bugs to the author  for issues dealing with camellia.


General comments:

This is a very complete and well thought out patch. It's clear that time was taken to understand what code should go at what level, and the appropriate work with the standards committee to get PKCS #11, SSL, and OID values was completed. Thanks.
Comment 4 okazaki 2007-01-18 03:09:57 PST
Created attachment 251906 [details] [diff] [review]
patch for NSS-trunk v2

Thanks for review.

1. deleted patch for nsNSSComponent.cpp and security-prefs.js.
2. patch for selfserv, strsclnt, tstclnt, and vfyserv was dropped.(also shell scripts)
3. Since I dropped patch for SSL cmds, SSL test vectors was also deleted.
4. Would you send me bugs? I'll fix it.

Thanks.
Comment 5 Nelson Bolyard (seldom reads bugmail) 2007-01-18 11:57:05 PST
Comment on attachment 251906 [details] [diff] [review]
patch for NSS-trunk v2

I agree with Bob that, over all, this patch is very complete 
and very well done.  Having said that, I have 3 specific issues 
with this patch.  

1. Order of Preference of cipher suites.

There are several tables in lib/ssl that list the cipher suites in 
order by decreasing preference.  The are found in ssl3con.c, 
sslenum.c and sslinfo.c.  They are approximately in order by 
decreasing strength of symmetric cipher.  As I recall, all the
256-bit symmetric ciphers come before all the 128-bit ciphers.
This patch changes that, putting the 128-bit camellia ciphers 
ahead of all other non-comellia ciphers.  I think that is not 
appropriate, especially for servers.  I invite discussion of this 
subject.

It may be that server operated by certain governments wish their
countries cipher suites to be given absolute preference, even 
over weaker ciphers from other countries.  If only those servers
ever used Camellia, and all other servers everywhere never used
Camellia, then (a) it would not be a problem for Camellia 128 
bit ciphers to be given preference (when enabled) to other 
ciphers, and also (b) Camellia would not be accepted into NSS.

But if some server wishes to offer both camellia and non-camellia 
ciphers, and is not subject to some governmentally imposed mandate
to use Camellia, they will not (in general) prefer 128-bit camellia 
over non-camellia 265-bit ciphers.  NSS must offer a preference 
ordering that is acceptable to all (or a majority) of its users.

2. This patch appears to do NO testing of the camellia cipher 
suites in SSL.  It contains no diffs for nss/test/ssl/* 
It should.  We don't want to release untested cipher suites.

The way to add testing of new cipher suites, without modifying
the various test programs (tstclnt, strsclnt, selfserv, etc.) is to 
add the cipher suites by their suite numbers, rather than by letters.
e.g. in nss/tests/ssl/sslcov.txt, add lines like these:

   noECC  noTLS   y    SSL3_RSA_WITH_AES_256_CBC_SHA
   noECC  noTLS   z    SSL3_RSA_WITH_NULL_SHA
+  noECC  noTLS :0041  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+  noECC  noTLS :0042  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
+  noECC  noTLS :0043  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
+  noECC  noTLS :0044  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
+  noECC  noTLS :0045  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+  noECC  noTLS :0046  TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
+  noECC  noTLS :0084  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+  noECC  noTLS :0085  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
+  noECC  noTLS :0086  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
+  noECC  noTLS :0087  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
+  noECC  noTLS :0088  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+  noECC  noTLS :0089  TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
#
...
   noECC   TLS    y    TLS_RSA_WITH_AES_256_CBC_SHA
   noECC   TLS    z    TLS_RSA_WITH_NULL_SHA
+  noECC   TLS  :0041  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+  noECC   TLS  :0042  TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
+  noECC   TLS  :0043  TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
+  noECC   TLS  :0044  TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
+  noECC   TLS  :0045  TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+  noECC   TLS  :0046  TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
+  noECC   TLS  :0084  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+  noECC   TLS  :0085  TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
+  noECC   TLS  :0086  TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
+  noECC   TLS  :0087  TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
+  noECC   TLS  :0088  TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+  noECC   TLS  :0089  TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
 #

And in file nss/tests/ssl/ssl.sh, in the line that reads:

CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz"

append this string: 

:0041:0042:0043:0044:0045:0046:0084:0085:0086:0087:0088:0089

3. OID string name nit.  
In file nss/lib/util/secoid.c, the patch adds

>+/* for Camellia */
>+#define CAMELLIA_OID 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01,0x01
>+#define CAMELLIA_WRAP_OID 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01,0x03

These OIDs are:
  1.2.392.200011.61.1.1.1
  1.2.392.200011.61.1.1.3

According to RFC 2994, 1.2.392.200011.61.1.1.1 stands for
     {iso(1) member-body(2) jisc(392)
      mitsubishi-electric-corporation(200011) isl(61) security(1)
      algorithm(1) symmetric-encryption-algorithm(1) 
and there are other non-camellia ciphers that are subordinate to
this arc.  

According to RFC 3657, 1.2.392.200011.61.1.1.3 stands for
     {iso(1) member-body(2) jisc(392)
      mitsubishi-electric-corporation(200011) isl(61) security(1)
      algorithm(1) key-wrap-algorithm(3)

So, I suggest changing the three lines shown above to:

/* for Camellia: iso(1) member-body(2) jisc(392)
 *    mitsubishi(200011) isl(61) security(1) algorithm(1)
 */
#define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01
#define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1
#define CAMELLIA_WRAP_OID    MITSUBISHI_ALG,3

and then change the subsequent occurrences of CAMELLIA_OID to 
CAMELLIA_ENCRYPT_OID
Comment 6 Nelson Bolyard (seldom reads bugmail) 2007-01-18 12:20:24 PST
Comment on attachment 251906 [details] [diff] [review]
patch for NSS-trunk v2

In my previous review comments, I should have mentioned that I did not 
review any files outside of nss, nor any entirely new files.  I only
reviewed changes to existing NSS files.

I just noticed one more issue with this patch that I somehow overlooked
in the previosu review.  It adds DH_ANON cipher suites to libSSL.  
In the past we have not supported DH_ANON cipher suites, as a matter of 
policy (if I'm not mistaken).  We should not add DH_ANON cipher suites 
for Camellia unless we are willing to do so for non-Camellia suites, too.
Comment 7 okazaki 2007-01-19 05:36:45 PST
Created attachment 252050 [details] [diff] [review]
patch for NSS-trunk v3

I made new patch with Nelson's suggestions.

1. order of preference cipher suites
I agreed.

2. SSL coverage tests
add only 2 cipher suites to sslcov.txt since cipher suites with *_DHE_* and *_DH_* is not passed with current ssl.sh. (e.g.TLS_DHE_RSA_WITH_AES_128_CBC_SHA )

3.Camellia OID
I agreed.

4. DH_anon
only added to sslproto.h but not implemented.(also TLS_DH_*CAMELLIA*)

v2 patch was not deleted security/manager/ssl/src/nsNSSComponent.cpp.

Thanks.
Comment 8 Gen Kanai [:gen] 2007-02-13 21:50:21 PST
Hi Nelson, could you let Mr. Okazaki know what next steps are required?  Thank you in advance.
Comment 9 Robert Relyea 2007-02-20 14:10:32 PST
Comment on attachment 252050 [details] [diff] [review]
patch for NSS-trunk v3

r+ = relyea.

The new patch appears to address nelson's comments. If nelson has no objections, we should land this on the NSS 3.12 branch.
Comment 10 okazaki 2007-02-27 21:20:34 PST
Thanks for review.
If no one has objection, I would like someone to commit this patch.
Comment 11 Nelson Bolyard (seldom reads bugmail) 2007-02-27 22:59:26 PST
no objections.  thanks for the patches.  
Comment 12 Robert Relyea 2007-02-28 11:51:42 PST
Checked in to tip:

Checking in lib/util/secoid.c;
/cvsroot/mozilla/security/nss/lib/util/secoid.c,v  <--  secoid.c
new revision: 1.34; previous revision: 1.33
done
Checking in lib/util/secoidt.h;
/cvsroot/mozilla/security/nss/lib/util/secoidt.h,v  <--  secoidt.h
new revision: 1.21; previous revision: 1.20
done
Checking in lib/freebl/blapi.h;
/cvsroot/mozilla/security/nss/lib/freebl/blapi.h,v  <--  blapi.h
new revision: 1.26; previous revision: 1.25
done
Checking in lib/freebl/blapit.h;
/cvsroot/mozilla/security/nss/lib/freebl/blapit.h,v  <--  blapit.h
new revision: 1.20; previous revision: 1.19
done
RCS file: /cvsroot/mozilla/security/nss/lib/freebl/camellia.c,v
done
Checking in lib/freebl/camellia.c;
/cvsroot/mozilla/security/nss/lib/freebl/camellia.c,v  <--  camellia.c
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/lib/freebl/camellia.h,v
done
Checking in lib/freebl/camellia.h;
/cvsroot/mozilla/security/nss/lib/freebl/camellia.h,v  <--  camellia.h
initial revision: 1.1
done
Checking in lib/freebl/ldvector.c;
/cvsroot/mozilla/security/nss/lib/freebl/ldvector.c,v  <--  ldvector.c
new revision: 1.15; previous revision: 1.14
done
Checking in lib/freebl/loader.c;
/cvsroot/mozilla/security/nss/lib/freebl/loader.c,v  <--  loader.c
new revision: 1.32; previous revision: 1.31
done
Checking in lib/freebl/loader.h;
/cvsroot/mozilla/security/nss/lib/freebl/loader.h,v  <--  loader.h
new revision: 1.19; previous revision: 1.18
done
Checking in lib/freebl/manifest.mn;
/cvsroot/mozilla/security/nss/lib/freebl/manifest.mn,v  <--  manifest.mn
new revision: 1.50; previous revision: 1.49
done
Checking in lib/softoken/pk11pars.h;
/cvsroot/mozilla/security/nss/lib/softoken/pk11pars.h,v  <--  pk11pars.h
new revision: 1.22; previous revision: 1.21
done
Checking in lib/softoken/pkcs11.c;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v  <--  pkcs11.c
new revision: 1.140; previous revision: 1.139
done
Checking in lib/softoken/pkcs11c.c;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v  <--  pkcs11c.c
new revision: 1.93; previous revision: 1.92
done
Checking in lib/softoken/pkcs11t.h;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11t.h,v  <--  pkcs11t.h
new revision: 1.16; previous revision: 1.15
done
Checking in lib/pk11wrap/pk11mech.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11mech.c,v  <--  pk11mech.c
new revision: 1.6; previous revision: 1.5
done
Checking in lib/pk11wrap/pk11slot.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v  <--  pk11slot.c
new revision: 1.89; previous revision: 1.88
done
Checking in lib/pk11wrap/secmod.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmod.h,v  <--  secmod.h
new revision: 1.24; previous revision: 1.23
done
Checking in lib/pk11wrap/secmodt.h;
/cvsroot/mozilla/security/nss/lib/pk11wrap/secmodt.h,v  <--  secmodt.h
new revision: 1.32; previous revision: 1.31
done
Checking in lib/ssl/ssl3con.c;
/cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v  <--  ssl3con.c
new revision: 1.100; previous revision: 1.99
done
Checking in lib/ssl/sslenum.c;
/cvsroot/mozilla/security/nss/lib/ssl/sslenum.c,v  <--  sslenum.c
new revision: 1.14; previous revision: 1.13
done
Checking in lib/ssl/sslimpl.h;
/cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v  <--  sslimpl.h
new revision: 1.55; previous revision: 1.54
done
Checking in lib/ssl/sslinfo.c;
/cvsroot/mozilla/security/nss/lib/ssl/sslinfo.c,v  <--  sslinfo.c
new revision: 1.16; previous revision: 1.15
done
Checking in lib/ssl/sslproto.h;
/cvsroot/mozilla/security/nss/lib/ssl/sslproto.h,v  <--  sslproto.h
new revision: 1.12; previous revision: 1.11
done
Checking in lib/ssl/sslsock.c;
/cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v  <--  sslsock.c
new revision: 1.52; previous revision: 1.51
done
Checking in lib/ssl/sslt.h;
/cvsroot/mozilla/security/nss/lib/ssl/sslt.h,v  <--  sslt.h
new revision: 1.10; previous revision: 1.9
done
Checking in cmd/bltest/blapitest.c;
/cvsroot/mozilla/security/nss/cmd/bltest/blapitest.c,v  <--  blapitest.c
new revision: 1.50; previous revision: 1.49
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0,v
done
Checking in cmd/bltest/tests/camellia_cbc/ciphertext0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0,v  <--  ciphertext0
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1,v
done
Checking in cmd/bltest/tests/camellia_cbc/ciphertext1;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1,v  <--  ciphertext1
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2,v
done
Checking in cmd/bltest/tests/camellia_cbc/ciphertext2;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2,v  <--  ciphertext2
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/iv0,v
done
Checking in cmd/bltest/tests/camellia_cbc/iv0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/iv0,v  <--  iv0
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key0,v
done
Checking in cmd/bltest/tests/camellia_cbc/key0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key0,v  <--  key0
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key1,v
done
Checking in cmd/bltest/tests/camellia_cbc/key1;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key1,v  <--  key1
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key2,v
done
Checking in cmd/bltest/tests/camellia_cbc/key2;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key2,v  <--  key2
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/numtests,v
done
Checking in cmd/bltest/tests/camellia_cbc/numtests;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/numtests,v  <--  numtests
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0,v
done
Checking in cmd/bltest/tests/camellia_cbc/plaintext0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0,v  <--  plaintext0
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0,v
done
Checking in cmd/bltest/tests/camellia_ecb/ciphertext0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0,v  <--  ciphertext0
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1,v
done
Checking in cmd/bltest/tests/camellia_ecb/ciphertext1;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1,v  <--  ciphertext1
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2,v
done
Checking in cmd/bltest/tests/camellia_ecb/ciphertext2;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2,v  <--  ciphertext2
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key0,v
done
Checking in cmd/bltest/tests/camellia_ecb/key0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key0,v  <--  key0
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key1,v
done
Checking in cmd/bltest/tests/camellia_ecb/key1;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key1,v  <--  key1
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key2,v
done
Checking in cmd/bltest/tests/camellia_ecb/key2;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key2,v  <--  key2
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/numtests,v
done
Checking in cmd/bltest/tests/camellia_ecb/numtests;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/numtests,v  <--  numtests
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0,v
done
Checking in cmd/bltest/tests/camellia_ecb/plaintext0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0,v  <--  plaintext0
initial revision: 1.1
done
Checking in cmd/modutil/modutil.c;
/cvsroot/mozilla/security/nss/cmd/modutil/modutil.c,v  <--  modutil.c
new revision: 1.26; previous revision: 1.25
done
Checking in cmd/modutil/pk11.c;
/cvsroot/mozilla/security/nss/cmd/modutil/pk11.c,v  <--  pk11.c
new revision: 1.26; previous revision: 1.25
done
Checking in cmd/pk11util/pk11table.c;
/cvsroot/mozilla/security/nss/cmd/pk11util/pk11table.c,v  <--  pk11table.c
new revision: 1.8; previous revision: 1.7
done
Checking in tests/cipher/cipher.txt;
/cvsroot/mozilla/security/nss/tests/cipher/cipher.txt,v  <--  cipher.txt
new revision: 1.4; previous revision: 1.3
done
Checking in tests/cipher/performance.sh;
/cvsroot/mozilla/security/nss/tests/cipher/performance.sh,v  <--  performance.sh
new revision: 1.4; previous revision: 1.3
done
Checking in tests/cipher/symmkey.txt;
/cvsroot/mozilla/security/nss/tests/cipher/symmkey.txt,v  <--  symmkey.txt
new revision: 1.3; previous revision: 1.2
done
Checking in tests/ssl/ssl.sh;
/cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v  <--  ssl.sh
new revision: 1.75; previous revision: 1.74
done
Checking in tests/ssl/sslcov.txt;
/cvsroot/mozilla/security/nss/tests/ssl/sslcov.txt,v  <--  sslcov.txt
new revision: 1.12; previous revision: 1.11
done
Comment 13 okazaki 2007-03-01 00:09:03 PST
Thanks for committing.
BTW, I would like to use Camellia with Firefox-3.
What should I do for it?
Should I wait for NSS 3.12 BRANCH and submit patch for firefox-trunk?

Comment 14 Steffen Wilberg 2007-03-05 04:25:22 PST
Since NSS 3.12 hasn't branched from the NSS trunk yet, the NSS patch will automatically be part of NSS 3.12. I assume the plan is to use NSS 3.12 for Firefox 3 (Gecko 1.9). Current mozilla trunk still uses the NSS_3_11_5_RTM tag, but that will change over time.

I guess you need to make a patch for nsNSSComponent.cpp and security-prefs.js, if you still need it.
Comment 15 Nelson Bolyard (seldom reads bugmail) 2007-04-29 17:55:19 PDT
Since Bob did the reviews and the checkin on the trunk, I'm giving this 
bug to him.  I'm not sure why it is still open.  Bob, are you ready to 
mark it resolved?  If not, please summarize why not here.

If further work is needed (e.g. in PSM) then a separate request for 
enhancement should be filed for PSM (product: core, component: security/PSM).
Comment 16 Gen Kanai [:gen] 2007-04-30 21:54:31 PDT
Just another request for Bob's attention :)  Thank you!
Comment 17 Robert Relyea 2007-05-01 17:20:50 PDT
yes, the NSS portion is in, The PSM portion still needs to be added. Of course only a PSM that uses some version of NSS 3.12 will work. Reassigning to PSM
Comment 18 okazaki 2007-05-07 01:50:08 PDT
I'm waiting for  NSS 3.12 is branched and PSM uses NSS 3.12.
I'll submit a patch soon when PSM uses NSS 3.12.
Is this ok?

If Camellia can be committed in NSS_3_11_BRANCH, I'll make a patch again.
Comment 19 Nelson Bolyard (seldom reads bugmail) 2007-05-24 22:00:19 PDT
I would like to ask that a new separate bug be filed for PSM, and a separate 
patch for PSM be attached to it, and this bug should revert to being an NSS 
RFE that is resolved/fixed in NSS 3.12.  

Since the NSS work is done, I really want to be able to find it in a resoled
bug list, and also to find what release it will first appear in.  
Comment 20 Gen Kanai [:gen] 2007-05-24 22:15:41 PDT
Camellia team, please file a separate bug for PSM with associated patch.  Thank you in advance.
Comment 21 okazaki 2007-05-28 03:04:28 PDT
I submitted a new bug 382223 for PSM, and 2 patches are attached.

Comment 22 Steffen Wilberg 2007-05-28 03:24:52 PDT
-> back to NSS per comment 19.
Comment 23 Steffen Wilberg 2007-05-28 03:26:15 PDT
And marking fixed per comment 17.

Note You need to log in before you can comment on or make changes to this bug.