[arch-commits] Commit in lib32-nss/trunk (2 files)
Jan Steffens
heftig at archlinux.org
Sat Nov 14 22:37:55 UTC 2020
Date: Saturday, November 14, 2020 @ 22:37:55
Author: heftig
Revision: 754221
3.59-1
Modified:
lib32-nss/trunk/PKGBUILD
Deleted:
lib32-nss/trunk/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch
-----------------------------------------------------------------+
0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch | 159 ----------
PKGBUILD | 11
2 files changed, 3 insertions(+), 167 deletions(-)
Deleted: 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch
===================================================================
--- 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch 2020-11-14 22:35:37 UTC (rev 754220)
+++ 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch 2020-11-14 22:37:55 UTC (rev 754221)
@@ -1,159 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno at redhat.com>
-Date: Mon, 26 Oct 2020 06:46:11 +0100
-Subject: [PATCH] Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt
-
-Summary:
-This flips the meaning of the flag for checking excessive CCS
-messages, so it only rejects multiple CCS messages while the first CCS
-message is always accepted.
-
-Reviewers: mt
-
-Reviewed By: mt
-
-Bug #: 1672703
-
-Differential Revision: https://phabricator.services.mozilla.com/D94603
----
- gtests/ssl_gtest/ssl_tls13compat_unittest.cc | 18 +++++++++---------
- lib/ssl/ssl3con.c | 20 +++++++-------------
- lib/ssl/sslimpl.h | 5 +----
- 3 files changed, 17 insertions(+), 26 deletions(-)
-
-diff --git a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-index dcede798cc..645f84ff02 100644
---- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-@@ -348,59 +348,59 @@ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHelloTwice) {
- client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
- }
-
--// The server rejects a ChangeCipherSpec if the client advertises an
--// empty session ID.
-+// The server accepts a ChangeCipherSpec even if the client advertises
-+// an empty session ID.
- TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
- EnsureTlsSetup();
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-
- StartConnect();
- client_->Handshake(); // Send ClientHello
- client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS
-
-- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
-- server_->Handshake(); // Consume ClientHello and CCS
-- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+ Handshake();
-+ CheckConnected();
- }
-
- // The server rejects multiple ChangeCipherSpec even if the client
- // indicates compatibility mode with non-empty session ID.
- TEST_F(Tls13CompatTest, ChangeCipherSpecAfterClientHelloTwice) {
- EnsureTlsSetup();
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- EnableCompatMode();
-
- StartConnect();
- client_->Handshake(); // Send ClientHello
- // Send CCS twice in a row
- client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
- client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-
- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
- server_->Handshake(); // Consume ClientHello and CCS.
- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- }
-
--// The client rejects a ChangeCipherSpec if it advertises an empty
-+// The client accepts a ChangeCipherSpec even if it advertises an empty
- // session ID.
- TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
- EnsureTlsSetup();
- ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-
- // To replace Finished with a CCS below
- auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
- filter->SetHandshakeTypes({kTlsHandshakeFinished});
- filter->EnableDecryption();
-
- StartConnect();
- client_->Handshake(); // Send ClientHello
- server_->Handshake(); // Consume ClientHello, and
- // send ServerHello..CertificateVerify
- // Send CCS
- server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
-- client_->Handshake(); // Consume ClientHello and CCS
-- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+
-+ // No alert is sent from the client. As Finished is dropped, we
-+ // can't use Handshake() and CheckConnected().
-+ client_->Handshake();
- }
-
- // The client rejects multiple ChangeCipherSpec in a row even if the
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index 767ffc30f1..b652dcea34 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -6645,11 +6645,7 @@ ssl_CheckServerSessionIdCorrectness(sslSocket *ss, SECItem *sidBytes)
-
- /* TLS 1.3: We sent a session ID. The server's should match. */
- if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
-- if (sidMatch) {
-- ss->ssl3.hs.allowCcs = PR_TRUE;
-- return PR_TRUE;
-- }
-- return PR_FALSE;
-+ return sidMatch;
- }
-
- /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
-@@ -8696,7 +8692,6 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
- errCode = PORT_GetError();
- goto alert_loser;
- }
-- ss->ssl3.hs.allowCcs = PR_TRUE;
- }
-
- /* TLS 1.3 requires that compression include only null. */
-@@ -13066,15 +13061,14 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText)
- ss->ssl3.hs.ws != idle_handshake &&
- cText->buf->len == 1 &&
- cText->buf->buf[0] == change_cipher_spec_choice) {
-- if (ss->ssl3.hs.allowCcs) {
-- /* Ignore the first CCS. */
-- ss->ssl3.hs.allowCcs = PR_FALSE;
-+ if (!ss->ssl3.hs.rejectCcs) {
-+ /* Allow only the first CCS. */
-+ ss->ssl3.hs.rejectCcs = PR_TRUE;
- return SECSuccess;
-+ } else {
-+ alert = unexpected_message;
-+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- }
--
-- /* Compatibility mode is not negotiated. */
-- alert = unexpected_message;
-- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- }
-
- if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index 44c43a0e6c..35d0c2d6bc 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -710,10 +710,7 @@ typedef struct SSL3HandshakeStateStr {
- * or received. */
- PRBool receivedCcs; /* A server received ChangeCipherSpec
- * before the handshake started. */
-- PRBool allowCcs; /* A server allows ChangeCipherSpec
-- * as the middlebox compatibility mode
-- * is explicitly indicarted by
-- * legacy_session_id in TLS 1.3 ClientHello. */
-+ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */
- PRBool clientCertRequested; /* True if CertificateRequest received. */
- PRBool endOfFlight; /* Processed a full flight (DTLS 1.3). */
- ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-11-14 22:35:37 UTC (rev 754220)
+++ PKGBUILD 2020-11-14 22:37:55 UTC (rev 754221)
@@ -4,8 +4,8 @@
# Contributor: Ionut Biru <ibiru at archlinux dot org>
pkgname=lib32-nss
-pkgver=3.58
-pkgrel=2
+pkgver=3.59
+pkgrel=1
pkgdesc="Network Security Services (32-bit)"
url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
arch=(x86_64)
@@ -13,18 +13,13 @@
depends=(lib32-nspr lib32-sqlite lib32-zlib 'lib32-p11-kit>=0.23.19')
makedepends=(perl python gyp)
source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
- 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch
no-plt.diff)
-sha256sums=('9f73cf789b5f109b978e5239551b609b0cafa88d18f0bc8ce3f976cb629353c0'
- '62ec84bbd366f8431b70430082306f78a4f8510c301f14494391d1fd3a173f4a'
+sha256sums=('e6298174caa8527beacdc2858f77ed098d7047c1792846040e27e420fed0ce24'
'ea8e1b871c0f1dd29cdea1b1a2e7f47bf4713e2ae7b947ec832dba7dfcc67daa')
prepare() {
cd nss-$pkgver/nss
- # https://bugs.archlinux.org/task/68357
- patch -Np1 -i "$srcdir/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch"
-
# https://bugzilla.mozilla.org/show_bug.cgi?id=1382942
patch -Np3 -i "$srcdir/no-plt.diff"
}
More information about the arch-commits
mailing list