[arch-commits] Commit in lib32-nss/trunk (2 files)

Jan Steffens heftig at archlinux.org
Sat Nov 14 22:37:55 UTC 2020


    Date: Saturday, November 14, 2020 @ 22:37:55
  Author: heftig
Revision: 754221

3.59-1

Modified:
  lib32-nss/trunk/PKGBUILD
Deleted:
  lib32-nss/trunk/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch

-----------------------------------------------------------------+
 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch |  159 ----------
 PKGBUILD                                                        |   11 
 2 files changed, 3 insertions(+), 167 deletions(-)

Deleted: 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch
===================================================================
--- 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch	2020-11-14 22:35:37 UTC (rev 754220)
+++ 0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch	2020-11-14 22:37:55 UTC (rev 754221)
@@ -1,159 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <dueno at redhat.com>
-Date: Mon, 26 Oct 2020 06:46:11 +0100
-Subject: [PATCH] Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt
-
-Summary:
-This flips the meaning of the flag for checking excessive CCS
-messages, so it only rejects multiple CCS messages while the first CCS
-message is always accepted.
-
-Reviewers: mt
-
-Reviewed By: mt
-
-Bug #: 1672703
-
-Differential Revision: https://phabricator.services.mozilla.com/D94603
----
- gtests/ssl_gtest/ssl_tls13compat_unittest.cc | 18 +++++++++---------
- lib/ssl/ssl3con.c                            | 20 +++++++-------------
- lib/ssl/sslimpl.h                            |  5 +----
- 3 files changed, 17 insertions(+), 26 deletions(-)
-
-diff --git a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-index dcede798cc..645f84ff02 100644
---- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-+++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
-@@ -348,59 +348,59 @@ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecBeforeClientHelloTwice) {
-   client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
- }
- 
--// The server rejects a ChangeCipherSpec if the client advertises an
--// empty session ID.
-+// The server accepts a ChangeCipherSpec even if the client advertises
-+// an empty session ID.
- TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
-   EnsureTlsSetup();
-   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- 
-   StartConnect();
-   client_->Handshake();  // Send ClientHello
-   client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));  // Send CCS
- 
--  server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
--  server_->Handshake();  // Consume ClientHello and CCS
--  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+  Handshake();
-+  CheckConnected();
- }
- 
- // The server rejects multiple ChangeCipherSpec even if the client
- // indicates compatibility mode with non-empty session ID.
- TEST_F(Tls13CompatTest, ChangeCipherSpecAfterClientHelloTwice) {
-   EnsureTlsSetup();
-   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-   EnableCompatMode();
- 
-   StartConnect();
-   client_->Handshake();  // Send ClientHello
-   // Send CCS twice in a row
-   client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-   client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
- 
-   server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
-   server_->Handshake();  // Consume ClientHello and CCS.
-   server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- }
- 
--// The client rejects a ChangeCipherSpec if it advertises an empty
-+// The client accepts a ChangeCipherSpec even if it advertises an empty
- // session ID.
- TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
-   EnsureTlsSetup();
-   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
- 
-   // To replace Finished with a CCS below
-   auto filter = MakeTlsFilter<TlsHandshakeDropper>(server_);
-   filter->SetHandshakeTypes({kTlsHandshakeFinished});
-   filter->EnableDecryption();
- 
-   StartConnect();
-   client_->Handshake();  // Send ClientHello
-   server_->Handshake();  // Consume ClientHello, and
-                          // send ServerHello..CertificateVerify
-   // Send CCS
-   server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
--  client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
--  client_->Handshake();  // Consume ClientHello and CCS
--  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+
-+  // No alert is sent from the client. As Finished is dropped, we
-+  // can't use Handshake() and CheckConnected().
-+  client_->Handshake();
- }
- 
- // The client rejects multiple ChangeCipherSpec in a row even if the
-diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
-index 767ffc30f1..b652dcea34 100644
---- a/lib/ssl/ssl3con.c
-+++ b/lib/ssl/ssl3con.c
-@@ -6645,11 +6645,7 @@ ssl_CheckServerSessionIdCorrectness(sslSocket *ss, SECItem *sidBytes)
- 
-     /* TLS 1.3: We sent a session ID.  The server's should match. */
-     if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
--        if (sidMatch) {
--            ss->ssl3.hs.allowCcs = PR_TRUE;
--            return PR_TRUE;
--        }
--        return PR_FALSE;
-+        return sidMatch;
-     }
- 
-     /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
-@@ -8696,7 +8692,6 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
-                 errCode = PORT_GetError();
-                 goto alert_loser;
-             }
--            ss->ssl3.hs.allowCcs = PR_TRUE;
-         }
- 
-         /* TLS 1.3 requires that compression include only null. */
-@@ -13066,15 +13061,14 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText)
-             ss->ssl3.hs.ws != idle_handshake &&
-             cText->buf->len == 1 &&
-             cText->buf->buf[0] == change_cipher_spec_choice) {
--            if (ss->ssl3.hs.allowCcs) {
--                /* Ignore the first CCS. */
--                ss->ssl3.hs.allowCcs = PR_FALSE;
-+            if (!ss->ssl3.hs.rejectCcs) {
-+                /* Allow only the first CCS. */
-+                ss->ssl3.hs.rejectCcs = PR_TRUE;
-                 return SECSuccess;
-+            } else {
-+                alert = unexpected_message;
-+                PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-             }
--
--            /* Compatibility mode is not negotiated. */
--            alert = unexpected_message;
--            PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-         }
- 
-         if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||
-diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
-index 44c43a0e6c..35d0c2d6bc 100644
---- a/lib/ssl/sslimpl.h
-+++ b/lib/ssl/sslimpl.h
-@@ -710,10 +710,7 @@ typedef struct SSL3HandshakeStateStr {
-                                            * or received. */
-     PRBool receivedCcs;                   /* A server received ChangeCipherSpec
-                                            * before the handshake started. */
--    PRBool allowCcs;                      /* A server allows ChangeCipherSpec
--                                           * as the middlebox compatibility mode
--                                           * is explicitly indicarted by
--                                           * legacy_session_id in TLS 1.3 ClientHello. */
-+    PRBool rejectCcs;                     /* Excessive ChangeCipherSpecs are rejected. */
-     PRBool clientCertRequested;           /* True if CertificateRequest received. */
-     PRBool endOfFlight;                   /* Processed a full flight (DTLS 1.3). */
-     ssl3KEADef kea_def_mutable;           /* Used to hold the writable kea_def

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-11-14 22:35:37 UTC (rev 754220)
+++ PKGBUILD	2020-11-14 22:37:55 UTC (rev 754221)
@@ -4,8 +4,8 @@
 # Contributor: Ionut Biru <ibiru at archlinux dot org>
 
 pkgname=lib32-nss
-pkgver=3.58
-pkgrel=2
+pkgver=3.59
+pkgrel=1
 pkgdesc="Network Security Services (32-bit)"
 url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 arch=(x86_64)
@@ -13,18 +13,13 @@
 depends=(lib32-nspr lib32-sqlite lib32-zlib 'lib32-p11-kit>=0.23.19')
 makedepends=(perl python gyp)
 source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
-        0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch
         no-plt.diff)
-sha256sums=('9f73cf789b5f109b978e5239551b609b0cafa88d18f0bc8ce3f976cb629353c0'
-            '62ec84bbd366f8431b70430082306f78a4f8510c301f14494391d1fd3a173f4a'
+sha256sums=('e6298174caa8527beacdc2858f77ed098d7047c1792846040e27e420fed0ce24'
             'ea8e1b871c0f1dd29cdea1b1a2e7f47bf4713e2ae7b947ec832dba7dfcc67daa')
 
 prepare() {
   cd nss-$pkgver/nss
 
-  # https://bugs.archlinux.org/task/68357
-  patch -Np1 -i "$srcdir/0001-Bug-1672703-always-tolerate-the-first-CCS-in-TLS-1.3.patch"
-
   # https://bugzilla.mozilla.org/show_bug.cgi?id=1382942
   patch -Np3 -i "$srcdir/no-plt.diff"
 }



More information about the arch-commits mailing list