Closed Bug 361025 Opened 19 years ago Closed 18 years ago

Support for Camellia Cipher Suites to TLS RFC4132

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Version:
3.11
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: okazaki, Assigned: rrelyea)

References

Details

Attachments

(2 files, 2 obsolete files)

patch for firefox-trunk
167.75 KB, patch
Details | Diff | Splinter Review
patch for NSS-trunk v3
158.17 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.1) Gecko/20061116 Firefox/2.0 Build Identifier: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.1) Gecko/20061116 Firefox/2.0 NTT and I would like to add support RFC4132 to NSS and Mozilla Firefox. The details for Camellia are in http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html RFC4132 is in http://www.ietf.org/rfc/rfc4132.txt Camellia is proposed for PKCS#11 v2.20 Amendant 3 draft 2. http://www.rsasecurity.com/rsalabs/node.asp?id=2133 We made a patch for NSS-trunk and Firefox-trunk. Please review it. Reproducible: Always
Attached patch patch for NSS trunk (obsolete) — Splinter Review
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment on attachment 245822 [details] [diff] [review] patch for NSS trunk r+ = relyea for the NSS trunk with the following changes: 1. The following files need to move the to mozilla patch: nsNSSComponent.cpp security-prefs.js 2. The patches for selfserve, strsclnt.c and tstclnt.c should be dropped. Since ECC we are using the :XXXX syntax for new ciphers. 3. The SSL test vectors should change with the appropriate :XXXX for Camillia. 4. We can submit bugs to the author for issues dealing with camellia. General comments: This is a very complete and well thought out patch. It's clear that time was taken to understand what code should go at what level, and the appropriate work with the standards committee to get PKCS #11, SSL, and OID values was completed. Thanks.
Attachment #245822 - Flags: review+
Attached patch patch for NSS-trunk v2 (obsolete) — Splinter Review
Thanks for review. 1. deleted patch for nsNSSComponent.cpp and security-prefs.js. 2. patch for selfserv, strsclnt, tstclnt, and vfyserv was dropped.(also shell scripts) 3. Since I dropped patch for SSL cmds, SSL test vectors was also deleted. 4. Would you send me bugs? I'll fix it. Thanks.
Attachment #245822 - Attachment is obsolete: true
Comment on attachment 251906 [details] [diff] [review] patch for NSS-trunk v2 I agree with Bob that, over all, this patch is very complete and very well done. Having said that, I have 3 specific issues with this patch. 1. Order of Preference of cipher suites. There are several tables in lib/ssl that list the cipher suites in order by decreasing preference. The are found in ssl3con.c, sslenum.c and sslinfo.c. They are approximately in order by decreasing strength of symmetric cipher. As I recall, all the 256-bit symmetric ciphers come before all the 128-bit ciphers. This patch changes that, putting the 128-bit camellia ciphers ahead of all other non-comellia ciphers. I think that is not appropriate, especially for servers. I invite discussion of this subject. It may be that server operated by certain governments wish their countries cipher suites to be given absolute preference, even over weaker ciphers from other countries. If only those servers ever used Camellia, and all other servers everywhere never used Camellia, then (a) it would not be a problem for Camellia 128 bit ciphers to be given preference (when enabled) to other ciphers, and also (b) Camellia would not be accepted into NSS. But if some server wishes to offer both camellia and non-camellia ciphers, and is not subject to some governmentally imposed mandate to use Camellia, they will not (in general) prefer 128-bit camellia over non-camellia 265-bit ciphers. NSS must offer a preference ordering that is acceptable to all (or a majority) of its users. 2. This patch appears to do NO testing of the camellia cipher suites in SSL. It contains no diffs for nss/test/ssl/* It should. We don't want to release untested cipher suites. The way to add testing of new cipher suites, without modifying the various test programs (tstclnt, strsclnt, selfserv, etc.) is to add the cipher suites by their suite numbers, rather than by letters. e.g. in nss/tests/ssl/sslcov.txt, add lines like these: noECC noTLS y SSL3_RSA_WITH_AES_256_CBC_SHA noECC noTLS z SSL3_RSA_WITH_NULL_SHA + noECC noTLS :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + noECC noTLS :0042 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA + noECC noTLS :0043 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA + noECC noTLS :0044 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA + noECC noTLS :0045 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + noECC noTLS :0046 TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA + noECC noTLS :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + noECC noTLS :0085 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA + noECC noTLS :0086 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA + noECC noTLS :0087 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA + noECC noTLS :0088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + noECC noTLS :0089 TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA # ... noECC TLS y TLS_RSA_WITH_AES_256_CBC_SHA noECC TLS z TLS_RSA_WITH_NULL_SHA + noECC TLS :0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + noECC TLS :0042 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA + noECC TLS :0043 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA + noECC TLS :0044 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA + noECC TLS :0045 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + noECC TLS :0046 TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA + noECC TLS :0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + noECC TLS :0085 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA + noECC TLS :0086 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA + noECC TLS :0087 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA + noECC TLS :0088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + noECC TLS :0089 TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA # And in file nss/tests/ssl/ssl.sh, in the line that reads: CLONG="-c ABCDEF:C001:C002:C003:C004:C005:C006:C007:C008:C009:C00A:C00B:C00C:C00D:C00E:C00F:C010:C011:C012:C013:C014cdefgijklmnvyz" append this string: :0041:0042:0043:0044:0045:0046:0084:0085:0086:0087:0088:0089 3. OID string name nit. In file nss/lib/util/secoid.c, the patch adds >+/* for Camellia */ >+#define CAMELLIA_OID 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01,0x01 >+#define CAMELLIA_WRAP_OID 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01,0x03 These OIDs are: 1.2.392.200011.61.1.1.1 1.2.392.200011.61.1.1.3 According to RFC 2994, 1.2.392.200011.61.1.1.1 stands for {iso(1) member-body(2) jisc(392) mitsubishi-electric-corporation(200011) isl(61) security(1) algorithm(1) symmetric-encryption-algorithm(1) and there are other non-camellia ciphers that are subordinate to this arc. According to RFC 3657, 1.2.392.200011.61.1.1.3 stands for {iso(1) member-body(2) jisc(392) mitsubishi-electric-corporation(200011) isl(61) security(1) algorithm(1) key-wrap-algorithm(3) So, I suggest changing the three lines shown above to: /* for Camellia: iso(1) member-body(2) jisc(392) * mitsubishi(200011) isl(61) security(1) algorithm(1) */ #define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01 #define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1 #define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3 and then change the subsequent occurrences of CAMELLIA_OID to CAMELLIA_ENCRYPT_OID
Attachment #251906 - Flags: review-
Comment on attachment 251906 [details] [diff] [review] patch for NSS-trunk v2 In my previous review comments, I should have mentioned that I did not review any files outside of nss, nor any entirely new files. I only reviewed changes to existing NSS files. I just noticed one more issue with this patch that I somehow overlooked in the previosu review. It adds DH_ANON cipher suites to libSSL. In the past we have not supported DH_ANON cipher suites, as a matter of policy (if I'm not mistaken). We should not add DH_ANON cipher suites for Camellia unless we are willing to do so for non-Camellia suites, too.
I made new patch with Nelson's suggestions. 1. order of preference cipher suites I agreed. 2. SSL coverage tests add only 2 cipher suites to sslcov.txt since cipher suites with *_DHE_* and *_DH_* is not passed with current ssl.sh. (e.g.TLS_DHE_RSA_WITH_AES_128_CBC_SHA ) 3.Camellia OID I agreed. 4. DH_anon only added to sslproto.h but not implemented.(also TLS_DH_*CAMELLIA*) v2 patch was not deleted security/manager/ssl/src/nsNSSComponent.cpp. Thanks.
Attachment #251906 - Attachment is obsolete: true
Hi Nelson, could you let Mr. Okazaki know what next steps are required? Thank you in advance.
Comment on attachment 252050 [details] [diff] [review] patch for NSS-trunk v3 r+ = relyea. The new patch appears to address nelson's comments. If nelson has no objections, we should land this on the NSS 3.12 branch.
Attachment #252050 - Flags: review+
Thanks for review. If no one has objection, I would like someone to commit this patch.
no objections. thanks for the patches.
Checked in to tip: Checking in lib/util/secoid.c; /cvsroot/mozilla/security/nss/lib/util/secoid.c,v <-- secoid.c new revision: 1.34; previous revision: 1.33 done Checking in lib/util/secoidt.h; /cvsroot/mozilla/security/nss/lib/util/secoidt.h,v <-- secoidt.h new revision: 1.21; previous revision: 1.20 done Checking in lib/freebl/blapi.h; /cvsroot/mozilla/security/nss/lib/freebl/blapi.h,v <-- blapi.h new revision: 1.26; previous revision: 1.25 done Checking in lib/freebl/blapit.h; /cvsroot/mozilla/security/nss/lib/freebl/blapit.h,v <-- blapit.h new revision: 1.20; previous revision: 1.19 done RCS file: /cvsroot/mozilla/security/nss/lib/freebl/camellia.c,v done Checking in lib/freebl/camellia.c; /cvsroot/mozilla/security/nss/lib/freebl/camellia.c,v <-- camellia.c initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/lib/freebl/camellia.h,v done Checking in lib/freebl/camellia.h; /cvsroot/mozilla/security/nss/lib/freebl/camellia.h,v <-- camellia.h initial revision: 1.1 done Checking in lib/freebl/ldvector.c; /cvsroot/mozilla/security/nss/lib/freebl/ldvector.c,v <-- ldvector.c new revision: 1.15; previous revision: 1.14 done Checking in lib/freebl/loader.c; /cvsroot/mozilla/security/nss/lib/freebl/loader.c,v <-- loader.c new revision: 1.32; previous revision: 1.31 done Checking in lib/freebl/loader.h; /cvsroot/mozilla/security/nss/lib/freebl/loader.h,v <-- loader.h new revision: 1.19; previous revision: 1.18 done Checking in lib/freebl/manifest.mn; /cvsroot/mozilla/security/nss/lib/freebl/manifest.mn,v <-- manifest.mn new revision: 1.50; previous revision: 1.49 done Checking in lib/softoken/pk11pars.h; /cvsroot/mozilla/security/nss/lib/softoken/pk11pars.h,v <-- pk11pars.h new revision: 1.22; previous revision: 1.21 done Checking in lib/softoken/pkcs11.c; /cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v <-- pkcs11.c new revision: 1.140; previous revision: 1.139 done Checking in lib/softoken/pkcs11c.c; /cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v <-- pkcs11c.c new revision: 1.93; previous revision: 1.92 done Checking in lib/softoken/pkcs11t.h; /cvsroot/mozilla/security/nss/lib/softoken/pkcs11t.h,v <-- pkcs11t.h new revision: 1.16; previous revision: 1.15 done Checking in lib/pk11wrap/pk11mech.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11mech.c,v <-- pk11mech.c new revision: 1.6; previous revision: 1.5 done Checking in lib/pk11wrap/pk11slot.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11slot.c,v <-- pk11slot.c new revision: 1.89; previous revision: 1.88 done Checking in lib/pk11wrap/secmod.h; /cvsroot/mozilla/security/nss/lib/pk11wrap/secmod.h,v <-- secmod.h new revision: 1.24; previous revision: 1.23 done Checking in lib/pk11wrap/secmodt.h; /cvsroot/mozilla/security/nss/lib/pk11wrap/secmodt.h,v <-- secmodt.h new revision: 1.32; previous revision: 1.31 done Checking in lib/ssl/ssl3con.c; /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v <-- ssl3con.c new revision: 1.100; previous revision: 1.99 done Checking in lib/ssl/sslenum.c; /cvsroot/mozilla/security/nss/lib/ssl/sslenum.c,v <-- sslenum.c new revision: 1.14; previous revision: 1.13 done Checking in lib/ssl/sslimpl.h; /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v <-- sslimpl.h new revision: 1.55; previous revision: 1.54 done Checking in lib/ssl/sslinfo.c; /cvsroot/mozilla/security/nss/lib/ssl/sslinfo.c,v <-- sslinfo.c new revision: 1.16; previous revision: 1.15 done Checking in lib/ssl/sslproto.h; /cvsroot/mozilla/security/nss/lib/ssl/sslproto.h,v <-- sslproto.h new revision: 1.12; previous revision: 1.11 done Checking in lib/ssl/sslsock.c; /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v <-- sslsock.c new revision: 1.52; previous revision: 1.51 done Checking in lib/ssl/sslt.h; /cvsroot/mozilla/security/nss/lib/ssl/sslt.h,v <-- sslt.h new revision: 1.10; previous revision: 1.9 done Checking in cmd/bltest/blapitest.c; /cvsroot/mozilla/security/nss/cmd/bltest/blapitest.c,v <-- blapitest.c new revision: 1.50; previous revision: 1.49 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0,v done Checking in cmd/bltest/tests/camellia_cbc/ciphertext0; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext0,v <-- ciphertext0 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1,v done Checking in cmd/bltest/tests/camellia_cbc/ciphertext1; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext1,v <-- ciphertext1 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2,v done Checking in cmd/bltest/tests/camellia_cbc/ciphertext2; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/ciphertext2,v <-- ciphertext2 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/iv0,v done Checking in cmd/bltest/tests/camellia_cbc/iv0; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/iv0,v <-- iv0 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key0,v done Checking in cmd/bltest/tests/camellia_cbc/key0; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key0,v <-- key0 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key1,v done Checking in cmd/bltest/tests/camellia_cbc/key1; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key1,v <-- key1 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key2,v done Checking in cmd/bltest/tests/camellia_cbc/key2; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/key2,v <-- key2 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/numtests,v done Checking in cmd/bltest/tests/camellia_cbc/numtests; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/numtests,v <-- numtests initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0,v done Checking in cmd/bltest/tests/camellia_cbc/plaintext0; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_cbc/plaintext0,v <-- plaintext0 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0,v done Checking in cmd/bltest/tests/camellia_ecb/ciphertext0; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext0,v <-- ciphertext0 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1,v done Checking in cmd/bltest/tests/camellia_ecb/ciphertext1; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext1,v <-- ciphertext1 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2,v done Checking in cmd/bltest/tests/camellia_ecb/ciphertext2; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/ciphertext2,v <-- ciphertext2 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key0,v done Checking in cmd/bltest/tests/camellia_ecb/key0; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key0,v <-- key0 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key1,v done Checking in cmd/bltest/tests/camellia_ecb/key1; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key1,v <-- key1 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key2,v done Checking in cmd/bltest/tests/camellia_ecb/key2; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/key2,v <-- key2 initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/numtests,v done Checking in cmd/bltest/tests/camellia_ecb/numtests; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/numtests,v <-- numtests initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0,v done Checking in cmd/bltest/tests/camellia_ecb/plaintext0; /cvsroot/mozilla/security/nss/cmd/bltest/tests/camellia_ecb/plaintext0,v <-- plaintext0 initial revision: 1.1 done Checking in cmd/modutil/modutil.c; /cvsroot/mozilla/security/nss/cmd/modutil/modutil.c,v <-- modutil.c new revision: 1.26; previous revision: 1.25 done Checking in cmd/modutil/pk11.c; /cvsroot/mozilla/security/nss/cmd/modutil/pk11.c,v <-- pk11.c new revision: 1.26; previous revision: 1.25 done Checking in cmd/pk11util/pk11table.c; /cvsroot/mozilla/security/nss/cmd/pk11util/pk11table.c,v <-- pk11table.c new revision: 1.8; previous revision: 1.7 done Checking in tests/cipher/cipher.txt; /cvsroot/mozilla/security/nss/tests/cipher/cipher.txt,v <-- cipher.txt new revision: 1.4; previous revision: 1.3 done Checking in tests/cipher/performance.sh; /cvsroot/mozilla/security/nss/tests/cipher/performance.sh,v <-- performance.sh new revision: 1.4; previous revision: 1.3 done Checking in tests/cipher/symmkey.txt; /cvsroot/mozilla/security/nss/tests/cipher/symmkey.txt,v <-- symmkey.txt new revision: 1.3; previous revision: 1.2 done Checking in tests/ssl/ssl.sh; /cvsroot/mozilla/security/nss/tests/ssl/ssl.sh,v <-- ssl.sh new revision: 1.75; previous revision: 1.74 done Checking in tests/ssl/sslcov.txt; /cvsroot/mozilla/security/nss/tests/ssl/sslcov.txt,v <-- sslcov.txt new revision: 1.12; previous revision: 1.11 done
Thanks for committing. BTW, I would like to use Camellia with Firefox-3. What should I do for it? Should I wait for NSS 3.12 BRANCH and submit patch for firefox-trunk?
Since NSS 3.12 hasn't branched from the NSS trunk yet, the NSS patch will automatically be part of NSS 3.12. I assume the plan is to use NSS 3.12 for Firefox 3 (Gecko 1.9). Current mozilla trunk still uses the NSS_3_11_5_RTM tag, but that will change over time. I guess you need to make a patch for nsNSSComponent.cpp and security-prefs.js, if you still need it.
Since Bob did the reviews and the checkin on the trunk, I'm giving this bug to him. I'm not sure why it is still open. Bob, are you ready to mark it resolved? If not, please summarize why not here. If further work is needed (e.g. in PSM) then a separate request for enhancement should be filed for PSM (product: core, component: security/PSM).
Assignee: nobody → rrelyea
Target Milestone: --- → 3.12
Version: unspecified → 3.11
Just another request for Bob's attention :) Thank you!
yes, the NSS portion is in, The PSM portion still needs to be added. Of course only a PSM that uses some version of NSS 3.12 will work. Reassigning to PSM
Assignee: rrelyea → kengert
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Target Milestone: 3.12 → ---
Version: 3.11 → unspecified
Depends on: nss312
I'm waiting for NSS 3.12 is branched and PSM uses NSS 3.12. I'll submit a patch soon when PSM uses NSS 3.12. Is this ok? If Camellia can be committed in NSS_3_11_BRANCH, I'll make a patch again.
I would like to ask that a new separate bug be filed for PSM, and a separate patch for PSM be attached to it, and this bug should revert to being an NSS RFE that is resolved/fixed in NSS 3.12. Since the NSS work is done, I really want to be able to find it in a resoled bug list, and also to find what release it will first appear in.
Camellia team, please file a separate bug for PSM with associated patch. Thank you in advance.
I submitted a new bug 382223 for PSM, and 2 patches are attached.
-> back to NSS per comment 19.
Assignee: kengert → rrelyea
Blocks: 382223
Component: Security: PSM → Libraries
Product: Core → NSS
QA Contact: psm → libraries
Target Milestone: --- → 3.12
Version: unspecified → 3.11
And marking fixed per comment 17.
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: