Bug 2211859

Rebase package(s) to version: NSS 3.90 Highlights, important fixes, or notable enhancements: Fixes that may have customer impact since the last rebase: Mozilla Bug 1820175 - PR_STATIC_ASSERT is cursed. Mozilla Bug 1767883 - Need to add policy control to keys lengths for signatures. Mozilla Bug 1820175 - Fix unreachable code warning in fuzz builds. Mozilla Bug 1820175 - Fix various compiler warnings in NSS. Mozilla Bug 1815136 - set PORT error after sftk_HMACCmp failure. Mozilla Bug 1804662 - remove data length assertion in sec_PKCS7Decrypt. Mozilla Bug 1804660 - Make high tag number assertion failure an error. Mozilla Bug 1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key length from 284 to 384. Mozilla Bug 1815167 - Tolerate certificate_authorities xtn in ClientHello. Mozilla Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. Mozilla Bug 1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag. Mozilla Bug 1212915 - Add check for ClientHello SID max length. This is tested by Bogo tests Mozilla Bug 1771100 - Added EarlyData ALPN test support to BoGo shim. Mozilla Bug 1714245 - On HRR skip PSK incompatible with negotiated ciphersuites hash algorithm. Mozilla Bug 1804091 NSS needs to move off of DSA for integrity checks Mozilla Bug 1803226 - NULL password encoding incorrect. Mozilla Bug 1804071 - Fix rng stub signature for fuzzing builds. Mozilla Bug 1774654 tstclnt crashes when accessing gnutls server without a user cert in the database. Mozilla Bug 1751705 - Update ECCKiila generated files. Mozilla Bug 1798823 - add checks for zero-length RSA modulus to avoid memory errors and failed assertions later. Mozilla Bug 1798823 - Additional zero-length RSA modulus checks. Mozilla Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates. Mozilla Bug 1799315 - Migrate nss from AWS to GCP. Mozilla Bug 1783231 - Initialising variables in the rsa blinding code. Mozilla Bug 320582 - Implementation of the double-signing of the message for ECDSA. Mozilla Bug 1783231 - Adding exponent blinding for RSA. Mozilla Bug 1735028 - Check for missing signedData field. Mozilla Bug 1737470 - Ensure DER encoded signatures are within size limits. Mozilla Bug 1792821 - Modification of the primes.c and dhe-params.c in order to have better looking tables. Mozilla Bug 1796407 - Fix -Wunused-but-set-variable warning from clang 15. Mozilla Bug 1796308 - Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings. Mozilla Bug 1796281 - Fix -Wint-to-void-pointer-cast warnings. Mozilla Bug 1796280 - Fix -Wunused-{function,variable,but-set-variable} warnings on Windows. Mozilla Bug 1796079 - Fix -Wstring-conversion warnings. Mozilla Bug 1796075 - Fix -Wempty-body warnings. Mozilla Bug 1795242 - Fix unused-but-set-parameter warning. Mozilla Bug 1795241 - Fix unreachable-code warnings. Mozilla Bug 1795668 - Remove redundant variable definitions in lowhashtest. Mozilla Bug 1788875 - Remove set-but-unused variables from SEC_PKCS12DecoderValidateBags Mozilla Bug 1779370 - Added Bogo shim client HRR test support. Fixed overwriting of CHInner.random on HRR Mozilla Bug 1771100 - Added ECH client support to BoGo shim. Changed CHInner creation to skip TLS 1.2 only extensions to comply with BoGo Mozilla Bug 1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH server accept_confirmationMozilla Bugs Mozilla Bug 1330271 - check for null template in sec_asn1{d,e}_push_state Mozilla Bug 1735925 - QuickDER: Forbid NULL tags with non-zero length Mozilla Bug 1784724 - Initialize local variables in TlsConnectTestBase::ConnectAndCheckCipherSuite Mozilla Bug 1681099 - pk11wrap: Tighten certificate lookup based on PKCS #11 URI Mozilla Bug 1775359 - make NSS_SecureMemcmp 0/1 valued. Mozilla Bug 1779285: Add no_application_protocol alert handler and test client error code is set. Mozilla Bug 1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Mozilla Bug 1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. Mozilla Bug 1617956 - Add support for asynchronous client auth hooks. Mozilla Bug 1497537 - nss-policy-check: make unknown keyword check optional. Mozilla Bug 1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. Mozilla Bug 1759794 - Protect SFTKSlot needLogin with slotLock. Mozilla Bug 1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. Mozilla Bug 1771497 - Uninitialized value in cert_VerifyCertChainOld. Mozilla Bug 1771495 - Unchecked return code in sec_DecodeSigAlg. Mozilla Bug 1771498 - Uninitialized value in cert_ComputeCertType. Mozilla Bug 1760998 - Avoid data race on primary password change. Mozilla Bug 1769063 - Replace ppc64 dcbzl intrinisic. Mozilla Bug 1735028 - Check for missing signedData field. Mozilla Bug 1737470 - Ensure DER encoded signatures are within size limits. Mozilla Bug 1729550 - NSS needs FiPS 140-3 version indicators. Mozilla Bug 1692132 - pkix_CacheCert_Lookup doesn’t return cached certs. Mozilla Bug 1729930 - Increase KDF cache size to mitigate perf regression in about:logins.