[arch-commits] Commit in lib32-nss/repos (4 files)

Jan Steffens heftig at archlinux.org
Mon Nov 2 15:41:38 UTC 2020


    Date: Monday, November 2, 2020 @ 15:41:38
  Author: heftig
Revision: 739893

archrelease: copy trunk to multilib-testing-x86_64

Added:
  lib32-nss/repos/multilib-testing-x86_64/
  lib32-nss/repos/multilib-testing-x86_64/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch
    (from rev 739892, lib32-nss/trunk/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch)
  lib32-nss/repos/multilib-testing-x86_64/PKGBUILD
    (from rev 739892, lib32-nss/trunk/PKGBUILD)
  lib32-nss/repos/multilib-testing-x86_64/no-plt.diff
    (from rev 739892, lib32-nss/trunk/no-plt.diff)

-----------------------------------------------------------------+
 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch |  159 ++++++++++
 PKGBUILD                                                        |   69 ++++
 no-plt.diff                                                     |   48 +++
 3 files changed, 276 insertions(+)

Copied: lib32-nss/repos/multilib-testing-x86_64/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch (from rev 739892, lib32-nss/trunk/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch)
===================================================================
--- multilib-testing-x86_64/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch	                        (rev 0)
+++ multilib-testing-x86_64/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch	2020-11-02 15:41:38 UTC (rev 739893)
@@ -0,0 +1,159 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <dueno at redhat.com>
+Date: Mon, 26 Oct 2020 06:46:11 +0100
+Subject: [PATCH] Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt
+
+Summary:
+This flips the meaning of the flag for checking excessive CCS
+messages, so it only rejects multiple CCS messages while the first CCS
+message is always accepted.
+
+Reviewers: mt
+
+Reviewed By: mt
+
+Bug #: 1672703
+
+Differential Revision: https://phabricator.services.mozilla.com/D94603
+---
+ gtests/ssl_gtest/ssl_tls13compat_unittest.cc | 18 +++++++++---------
+ lib/ssl/ssl3con.c                            | 20 +++++++-------------
+ lib/ssl/sslimpl.h                            |  5 +----
+ 3 files changed, 17 insertions(+), 26 deletions(-)
+
+diff --git a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
+index dcede798cc..645f84ff02 100644
+--- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
++++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
+@@ -348,59 +348,59 @@ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHelloTwice) {
+   client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+ }
+ 
+-// The server rejects a ChangeCipherSpec if the client advertises an
+-// empty session ID.
++// The server accepts a ChangeCipherSpec even if the client advertises
++// an empty session ID.
+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
+   EnsureTlsSetup();
+   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+ 
+   StartConnect();
+   client_->Handshake();  // Send ClientHello
+   client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));  // Send CCS
+ 
+-  server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
+-  server_->Handshake();  // Consume ClientHello and CCS
+-  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++  Handshake();
++  CheckConnected();
+ }
+ 
+ // The server rejects multiple ChangeCipherSpec even if the client
+ // indicates compatibility mode with non-empty session ID.
+ TEST_F(Tls13CompatTest, ChangeCipherSpecAfterClientHelloTwice) {
+   EnsureTlsSetup();
+   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+   EnableCompatMode();
+ 
+   StartConnect();
+   client_->Handshake();  // Send ClientHello
+   // Send CCS twice in a row
+   client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
+   client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
+ 
+   server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
+   server_->Handshake();  // Consume ClientHello and CCS.
+   server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
+ }
+ 
+-// The client rejects a ChangeCipherSpec if it advertises an empty
++// The client accepts a ChangeCipherSpec even if it advertises an empty
+ // session ID.
+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
+   EnsureTlsSetup();
+   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
+ 
+   // To replace Finished with a CCS below
+   auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
+   filter->SetHandshakeTypes({kTlsHandshakeFinished});
+   filter->EnableDecryption();
+ 
+   StartConnect();
+   client_->Handshake();  // Send ClientHello
+   server_->Handshake();  // Consume ClientHello, and
+                          // send ServerHello..CertificateVerify
+   // Send CCS
+   server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
+-  client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
+-  client_->Handshake();  // Consume ClientHello and CCS
+-  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
++
++  // No alert is sent from the client. As Finished is dropped, we
++  // can't use Handshake() and CheckConnected().
++  client_->Handshake();
+ }
+ 
+ // The client rejects multiple ChangeCipherSpec in a row even if the
+diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
+index 767ffc30f1..b652dcea34 100644
+--- a/lib/ssl/ssl3con.c
++++ b/lib/ssl/ssl3con.c
+@@ -6645,11 +6645,7 @@ ssl_CheckServerSessionIdCorrectness(sslSocket *ss, SECItem *sidBytes)
+ 
+     /* TLS 1.3: We sent a session ID.  The server's should match. */
+     if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
+-        if (sidMatch) {
+-            ss->ssl3.hs.allowCcs = PR_TRUE;
+-            return PR_TRUE;
+-        }
+-        return PR_FALSE;
++        return sidMatch;
+     }
+ 
+     /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
+@@ -8696,7 +8692,6 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
+                 errCode = PORT_GetError();
+                 goto alert_loser;
+             }
+-            ss->ssl3.hs.allowCcs = PR_TRUE;
+         }
+ 
+         /* TLS 1.3 requires that compression include only null. */
+@@ -13066,15 +13061,14 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText)
+             ss->ssl3.hs.ws != idle_handshake &&
+             cText->buf->len == 1 &&
+             cText->buf->buf[0] == change_cipher_spec_choice) {
+-            if (ss->ssl3.hs.allowCcs) {
+-                /* Ignore the first CCS. */
+-                ss->ssl3.hs.allowCcs = PR_FALSE;
++            if (!ss->ssl3.hs.rejectCcs) {
++                /* Allow only the first CCS. */
++                ss->ssl3.hs.rejectCcs = PR_TRUE;
+                 return SECSuccess;
++            } else {
++                alert = unexpected_message;
++                PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
+             }
+-
+-            /* Compatibility mode is not negotiated. */
+-            alert = unexpected_message;
+-            PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
+         }
+ 
+         if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||
+diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
+index 44c43a0e6c..35d0c2d6bc 100644
+--- a/lib/ssl/sslimpl.h
++++ b/lib/ssl/sslimpl.h
+@@ -710,10 +710,7 @@ typedef struct SSL3HandshakeStateStr {
+                                            * or received. */
+     PRBool receivedCcs;                   /* A server received ChangeCipherSpec
+                                            * before the handshake started. */
+-    PRBool allowCcs;                      /* A server allows ChangeCipherSpec
+-                                           * as the middlebox compatibility mode
+-                                           * is explicitly indicarted by
+-                                           * legacy_session_id in TLS 1.3 ClientHello. */
++    PRBool rejectCcs;                     /* Excessive ChangeCipherSpecs are rejected. */
+     PRBool clientCertRequested;           /* True if CertificateRequest received. */
+     PRBool endOfFlight;                   /* Processed a full flight (DTLS 1.3). */
+     ssl3KEADef kea_def_mutable;           /* Used to hold the writable kea_def

Copied: lib32-nss/repos/multilib-testing-x86_64/PKGBUILD (from rev 739892, lib32-nss/trunk/PKGBUILD)
===================================================================
--- multilib-testing-x86_64/PKGBUILD	                        (rev 0)
+++ multilib-testing-x86_64/PKGBUILD	2020-11-02 15:41:38 UTC (rev 739893)
@@ -0,0 +1,69 @@
+# Maintainer: Jan Alexander Steffens (heftig) <heftig at archlinux.org>
+# Contributor: Daniel Wallace <danielwallace at gtmanfred dot com>
+# Contributor: kfgz <kfgz at interia pl>
+# Contributor: Ionut Biru <ibiru at archlinux dot org>
+
+pkgname=lib32-nss
+pkgver=3.58
+pkgrel=2
+pkgdesc="Network Security Services (32-bit)"
+url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
+arch=(x86_64)
+license=(MPL GPL)
+depends=(lib32-nspr lib32-sqlite lib32-zlib 'lib32-p11-kit>=0.23.19')
+makedepends=(perl python gyp)
+source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
+        0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch
+        no-plt.diff)
+sha256sums=('9f73cf789b5f109b978e5239551b609b0cafa88d18f0bc8ce3f976cb629353c0'
+            '62ec84bbd366f8431b70430082306f78a4f8510c301f14494391d1fd3a173f4a'
+            'ea8e1b871c0f1dd29cdea1b1a2e7f47bf4713e2ae7b947ec832dba7dfcc67daa')
+
+prepare() {
+  cd nss-$pkgver/nss
+
+  # https://bugs.archlinux.org/task/68357
+  patch -Np1 -i "$srcdir/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch"
+
+  # https://bugzilla.mozilla.org/show_bug.cgi?id=1382942
+  patch -Np3 -i "$srcdir/no-plt.diff"
+}
+
+build() {
+  cd nss-$pkgver/nss
+  ./build.sh \
+    --target ia32 \
+    --opt \
+    --system-sqlite \
+    --system-nspr \
+    --enable-libpkix \
+    --disable-tests
+}
+
+package() {
+  depends+=(nss)
+
+  cd nss-$pkgver
+
+  local libdir=/usr/lib32 nsprver="$(i686-pc-linux-gnu-pkg-config --modversion nspr)"
+  sed nss/pkg/pkg-config/nss.pc.in \
+    -e "s,%libdir%,$libdir,g" \
+    -e "s,%prefix%,/usr,g" \
+    -e "s,%exec_prefix%,/usr/bin,g" \
+    -e "s,%includedir%,/usr/include/nss,g" \
+    -e "s,%NSPR_VERSION%,$nsprver,g" \
+    -e "s,%NSS_VERSION%,$pkgver,g" |
+    install -Dm644 /dev/stdin "$pkgdir$libdir/pkgconfig/nss.pc"
+
+  ln -s nss.pc "$pkgdir$libdir/pkgconfig/mozilla-nss.pc"
+
+  install -Dt "$pkgdir$libdir" dist/Release/lib/*.so
+  install -Dt "$pkgdir$libdir" -m644 dist/Release/lib/*.chk
+
+
+  # Replace built-in trust with p11-kit connection
+  ln -s pkcs11/p11-kit-trust.so "$pkgdir$libdir/p11-kit-trust.so"
+  ln -sf p11-kit-trust.so "$pkgdir$libdir/libnssckbi.so"
+}
+
+# vim:set sw=2 et:

Copied: lib32-nss/repos/multilib-testing-x86_64/no-plt.diff (from rev 739892, lib32-nss/trunk/no-plt.diff)
===================================================================
--- multilib-testing-x86_64/no-plt.diff	                        (rev 0)
+++ multilib-testing-x86_64/no-plt.diff	2020-11-02 15:41:38 UTC (rev 739893)
@@ -0,0 +1,48 @@
+diff --git i/security/nss/lib/freebl/mpi/mpi_x86.s w/security/nss/lib/freebl/mpi/mpi_x86.s
+index 8f7e2130c3264754..b3ca1ce5b41b3771 100644
+--- i/security/nss/lib/freebl/mpi/mpi_x86.s
++++ w/security/nss/lib/freebl/mpi/mpi_x86.s
+@@ -22,22 +22,41 @@ is_sse: .long	-1
+ #
+ .ifndef NO_PIC
+ .macro GET   var,reg
+-    movl   \var at GOTOFF(%ebx),\reg
++    call   thunk.ax
++    addl   $_GLOBAL_OFFSET_TABLE_, %eax
++    movl   \var at GOTOFF(%eax),\reg
+ .endm
+ .macro PUT   reg,var
+-    movl   \reg,\var at GOTOFF(%ebx)
++    call   thunk.dx
++    addl   $_GLOBAL_OFFSET_TABLE_, %edx
++    movl   \reg,\var at GOTOFF(%edx)
+ .endm
+ .else
+ .macro GET   var,reg
+     movl   \var,\reg
+ .endm
+ .macro PUT   reg,var
+     movl   \reg,\var
+ .endm
+ .endif
+ 
+ .text
+ 
++.ifndef NO_PIC
++.globl	thunk.ax
++.hidden	thunk.ax
++.type	thunk.ax, @function
++thunk.ax:
++       movl   (%esp),%eax
++       ret
++
++.globl	thunk.dx
++.hidden	thunk.dx
++.type	thunk.dx, @function
++thunk.dx:
++       movl   (%esp),%edx
++       ret
++.endif
+ 
+  #  ebp - 36:	caller's esi
+  #  ebp - 32:	caller's edi



More information about the arch-commits mailing list