Update NSS to NSS 3.13.5 (from NSS 3.13.3).

nss/mozilla/security/nss/lib/freebl/blapi.h

Index: nss/mozilla/security/nss/lib/freebl/blapi.h
===================================================================
--- nss/mozilla/security/nss/lib/freebl/blapi.h	(revision 142244)
+++ nss/mozilla/security/nss/lib/freebl/blapi.h	(working copy)
@@ -37,7 +37,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: blapi.h,v 1.43 2011/10/29 23:28:45 wtc%google.com Exp $ */
+/* $Id: blapi.h,v 1.45 2012/03/28 22:38:27 rrelyea%redhat.com Exp $ */
 
 #ifndef _BLAPI_H_
 #define _BLAPI_H_
@@ -212,8 +212,13 @@
 ** the prime.   If successful, derivedSecret->data is set 
 ** to the address of the newly allocated buffer containing the derived 
 ** secret, and derivedSecret->len is the size of the secret produced.
-** The size of the secret produced will never be larger than the length
-** of the prime, and it may be smaller than maxOutBytes.
+** The size of the secret produced will depend on the value of outBytes.
+** If outBytes is 0, the key length will be all the significant bytes of
+** the derived secret (leading zeros are dropped). This length could be less
+** than the length of the prime. If outBytes is nonzero, the length of the
+** produced key will be outBytes long. If the key is truncated, the most
+** significant bytes are truncated. If it is expanded, zero bytes are added
+** at the beginning.
 ** It is the caller's responsibility to free the allocated buffer 
 ** containing the derived secret.
 */
@@ -221,7 +226,7 @@
 		           SECItem *    prime, 
 			   SECItem *    privateValue, 
 			   SECItem *    derivedSecret,
-			   unsigned int maxOutBytes);
+			   unsigned int outBytes);
 
 /* 
 ** KEA_CalcKey returns octet string with the private key for a dual