3 files changed, 58 insertions, 2 deletions

diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index d49a6890c1..d9a0d6b7ef 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -19,9 +19,9 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.99"
+#define NSSUTIL_VERSION "3.100"
 #define NSSUTIL_VMAJOR 3
-#define NSSUTIL_VMINOR 99
+#define NSSUTIL_VMINOR 100
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
 #define NSSUTIL_BETA PR_FALSE
diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c
index 05208eeffa..a2dc5a6a6d 100644
--- a/security/nss/lib/util/secoid.c
+++ b/security/nss/lib/util/secoid.c
@@ -159,6 +159,9 @@ const char __nss_util_version[] = "Version: NSS " NSSUTIL_VERSION _DEBUG_STRING;
 #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04
 #define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03
 
+#define X9_63_SCHEME 0x2B, 0x81, 0x05, 0x10, 0x86, 0x48, 0x3F, 0x00
+#define SECG_SCHEME CERTICOM_OID, 0x01
+
 /* for Camellia: iso(1) member-body(2) jisc(392)
  *    mitsubishi(200011) isl(61) security(1) algorithm(1)
  */
@@ -602,6 +605,18 @@ CONST_OID secgECsect409r1[] = { SECG_OID, 0x25 }; /* unsupported by freebl */
 CONST_OID secgECsect571k1[] = { SECG_OID, 0x26 }; /* unsupported by freebl */
 CONST_OID secgECsect571r1[] = { SECG_OID, 0x27 }; /* unsupported by freebl */
 
+/* Diffie-Hellman key agreement algorithms */
+CONST_OID dhSinglePassstdDHsha1kdfscheme[] = { X9_63_SCHEME, 0x02 };
+CONST_OID dhSinglePassstdDHsha224kdfscheme[] = { SECG_SCHEME, 0x0B, 0x00 };
+CONST_OID dhSinglePassstdDHsha256kdfscheme[] = { SECG_SCHEME, 0x0B, 0x01 };
+CONST_OID dhSinglePassstdDHsha384kdfscheme[] = { SECG_SCHEME, 0x0B, 0x02 };
+CONST_OID dhSinglePassstdDHsha512kdfscheme[] = { SECG_SCHEME, 0x0B, 0x03 };
+CONST_OID dhSinglePasscofactorDHsha1kdfscheme[] = { X9_63_SCHEME, 0x03 };
+CONST_OID dhSinglePasscofactorDHsha224kdfscheme[] = { SECG_SCHEME, 0x0E, 0x00 };
+CONST_OID dhSinglePasscofactorDHsha256kdfscheme[] = { SECG_SCHEME, 0x0E, 0x01 };
+CONST_OID dhSinglePasscofactorDHsha384kdfscheme[] = { SECG_SCHEME, 0x0E, 0x02 };
+CONST_OID dhSinglePasscofactorDHsha512kdfscheme[] = { SECG_SCHEME, 0x0E, 0x03 };
+
 CONST_OID seed_CBC[] = { SEED_OID, 4 };
 
 CONST_OID evIncorporationLocality[] = { EV_NAME_ATTRIBUTE, 1 };
@@ -1842,6 +1857,36 @@ const static SECOidData oids[SEC_OID_TOTAL] = {
     OD(ed25519PublicKey, SEC_OID_ED25519_PUBLIC_KEY,
        "X9.62 elliptic edwards curve public key", CKM_EC_EDWARDS_KEY_PAIR_GEN, INVALID_CERT_EXTENSION),
 
+    OD(dhSinglePassstdDHsha1kdfscheme, SEC_OID_DHSINGLEPASS_STDDH_SHA1KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Standard with SHA1 KDF", CKM_ECDH1_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePassstdDHsha224kdfscheme, SEC_OID_DHSINGLEPASS_STDDH_SHA224KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Standard with SHA224 KDF", CKM_ECDH1_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePassstdDHsha256kdfscheme, SEC_OID_DHSINGLEPASS_STDDH_SHA256KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Standard with SHA256 KDF", CKM_ECDH1_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePassstdDHsha384kdfscheme, SEC_OID_DHSINGLEPASS_STDDH_SHA384KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Standard with SHA384 KDF", CKM_ECDH1_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePassstdDHsha512kdfscheme, SEC_OID_DHSINGLEPASS_STDDH_SHA512KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Standard with SHA512 KDF", CKM_ECDH1_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePasscofactorDHsha1kdfscheme, SEC_OID_DHSINGLEPASS_COFACTORDH_SHA1KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Cofactor with SHA1 KDF", CKM_ECDH1_COFACTOR_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePasscofactorDHsha224kdfscheme, SEC_OID_DHSINGLEPASS_COFACTORDH_SHA224KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Cofactor with SHA224 KDF", CKM_ECDH1_COFACTOR_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePasscofactorDHsha256kdfscheme, SEC_OID_DHSINGLEPASS_COFACTORDH_SHA256KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Cofactor with SHA256 KDF", CKM_ECDH1_COFACTOR_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePasscofactorDHsha384kdfscheme, SEC_OID_DHSINGLEPASS_COFACTORDH_SHA384KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Cofactor with SHA384 KDF", CKM_ECDH1_COFACTOR_DERIVE,
+       INVALID_CERT_EXTENSION),
+    OD(dhSinglePasscofactorDHsha512kdfscheme, SEC_OID_DHSINGLEPASS_COFACTORDH_SHA512KDF_SCHEME,
+       "Eliptic Curve Diffie-Hellman Single Pass Cofactor with SHA512 KDF", CKM_ECDH1_COFACTOR_DERIVE,
+       INVALID_CERT_EXTENSION),
 };
 
 /* PRIVATE EXTENDED SECOID Table
diff --git a/security/nss/lib/util/secoidt.h b/security/nss/lib/util/secoidt.h
index f2618d62cb..24fb880f78 100644
--- a/security/nss/lib/util/secoidt.h
+++ b/security/nss/lib/util/secoidt.h
@@ -517,6 +517,17 @@ typedef enum {
     SEC_OID_ED25519_SIGNATURE = 373,
     SEC_OID_ED25519_PUBLIC_KEY = 374,
 
+    SEC_OID_DHSINGLEPASS_STDDH_SHA1KDF_SCHEME = 375,
+    SEC_OID_DHSINGLEPASS_STDDH_SHA224KDF_SCHEME = 376,
+    SEC_OID_DHSINGLEPASS_STDDH_SHA256KDF_SCHEME = 377,
+    SEC_OID_DHSINGLEPASS_STDDH_SHA384KDF_SCHEME = 378,
+    SEC_OID_DHSINGLEPASS_STDDH_SHA512KDF_SCHEME = 379,
+    SEC_OID_DHSINGLEPASS_COFACTORDH_SHA1KDF_SCHEME = 380,
+    SEC_OID_DHSINGLEPASS_COFACTORDH_SHA224KDF_SCHEME = 381,
+    SEC_OID_DHSINGLEPASS_COFACTORDH_SHA256KDF_SCHEME = 382,
+    SEC_OID_DHSINGLEPASS_COFACTORDH_SHA384KDF_SCHEME = 383,
+    SEC_OID_DHSINGLEPASS_COFACTORDH_SHA512KDF_SCHEME = 384,
+
     SEC_OID_TOTAL
 } SECOidTag;