From 2b3aa61f205a90c27719e616b45bd8bdb835048c Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 2 Jul 2018 16:10:47 +0200 Subject: [PATCH] Update to NSS 3.38 --- .gitignore | 1 + ...ls-discard-app-data-before-handshake.patch | 152 ------------------ nss-load-policy-file.patch | 79 +++++++++ nss-moz1458518.patch | 33 ---- nss.spec | 19 ++- sources | 2 +- 6 files changed, 90 insertions(+), 196 deletions(-) delete mode 100644 nss-dtls-discard-app-data-before-handshake.patch create mode 100644 nss-load-policy-file.patch delete mode 100644 nss-moz1458518.patch diff --git a/.gitignore b/.gitignore index 5f30238..ce1abc1 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,4 @@ TestUser51.cert /nss-3.36.1.tar.gz /nss-3.37.1.tar.gz /nss-3.37.3.tar.gz +/nss-3.38.0.tar.gz diff --git a/nss-dtls-discard-app-data-before-handshake.patch b/nss-dtls-discard-app-data-before-handshake.patch deleted file mode 100644 index fbdf523..0000000 --- a/nss-dtls-discard-app-data-before-handshake.patch +++ /dev/null @@ -1,152 +0,0 @@ -# HG changeset patch -# User Martin Thomson -# Date 1523260140 -36000 -# Mon Apr 09 17:49:00 2018 +1000 -# Node ID 350b7210e90758de454feb4339379ef7f6b9b470 -# Parent 5db9e969c74a2a02c4b1d918792827014d1a9d5e -Bug 1452549 - Discard application data that arrives before DTLS handshake completes, r=ekr - -diff --git a/gtests/ssl_gtest/ssl_drop_unittest.cc b/gtests/ssl_gtest/ssl_drop_unittest.cc ---- a/gtests/ssl_gtest/ssl_drop_unittest.cc -+++ b/gtests/ssl_gtest/ssl_drop_unittest.cc -@@ -884,6 +884,45 @@ TEST_P(TlsConnectDatagram12Plus, MissAWi - SendReceive(); - } - -+// This filter replaces the first record it sees with junk application data. -+class TlsReplaceFirstRecordWithJunk : public TlsRecordFilter { -+ public: -+ TlsReplaceFirstRecordWithJunk(const std::shared_ptr& a) -+ : TlsRecordFilter(a), replaced_(false) {} -+ -+ protected: -+ PacketFilter::Action FilterRecord(const TlsRecordHeader& header, -+ const DataBuffer& record, size_t* offset, -+ DataBuffer* output) override { -+ if (replaced_) { -+ return KEEP; -+ } -+ replaced_ = true; -+ TlsRecordHeader out_header(header.variant(), header.version(), -+ kTlsApplicationDataType, -+ header.sequence_number()); -+ -+ static const uint8_t junk[] = {1, 2, 3, 4}; -+ *offset = out_header.Write(output, *offset, DataBuffer(junk, sizeof(junk))); -+ return CHANGE; -+ } -+ -+ private: -+ bool replaced_; -+}; -+ -+// DTLS needs to discard application_data that it receives prior to handshake -+// completion, not generate an error. -+TEST_P(TlsConnectDatagram, ReplaceFirstServerRecordWithApplicationData) { -+ MakeTlsFilter(server_); -+ Connect(); -+} -+ -+TEST_P(TlsConnectDatagram, ReplaceFirstClientRecordWithApplicationData) { -+ MakeTlsFilter(client_); -+ Connect(); -+} -+ - INSTANTIATE_TEST_CASE_P(Datagram12Plus, TlsConnectDatagram12Plus, - TlsConnectTestBase::kTlsV12Plus); - INSTANTIATE_TEST_CASE_P(DatagramPre13, TlsConnectDatagramPre13, -diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c ---- a/lib/ssl/ssl3con.c -+++ b/lib/ssl/ssl3con.c -@@ -12216,23 +12216,33 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip - } - } - --#ifdef UNSAFE_FUZZER_MODE -+ /* Most record types aside from protected TLS 1.3 records carry the content -+ * type in the first octet. TLS 1.3 will override this value later. */ - rType = cText->hdr[0]; -- rv = Null_Cipher(NULL, plaintext->buf, (int *)&plaintext->len, -- plaintext->space, cText->buf->buf, cText->buf->len); -+ /* Encrypted application data records could arrive before the handshake -+ * completes in DTLS 1.3. These can look like valid TLS 1.2 application_data -+ * records in epoch 0, which is never valid. Pretend they didn't decrypt. */ -+ if (spec->epoch == 0 && rType == content_application_data) { -+ PORT_SetError(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA); -+ alert = unexpected_message; -+ rv = SECFailure; -+ } else { -+#ifdef UNSAFE_FUZZER_MODE -+ rv = Null_Cipher(NULL, plaintext->buf, (int *)&plaintext->len, -+ plaintext->space, cText->buf->buf, cText->buf->len); - #else -- /* IMPORTANT: Unprotect functions MUST NOT send alerts -- * because we still hold the spec read lock. Instead, if they -- * return SECFailure, they set *alert to the alert to be sent. */ -- if (spec->version < SSL_LIBRARY_VERSION_TLS_1_3 || -- spec->cipherDef->calg == ssl_calg_null) { -- /* Unencrypted TLS 1.3 records use the pre-TLS 1.3 format. */ -- rType = cText->hdr[0]; -- rv = ssl3_UnprotectRecord(ss, spec, cText, plaintext, &alert); -- } else { -- rv = tls13_UnprotectRecord(ss, spec, cText, plaintext, &rType, &alert); -- } -+ /* IMPORTANT: Unprotect functions MUST NOT send alerts -+ * because we still hold the spec read lock. Instead, if they -+ * return SECFailure, they set *alert to the alert to be sent. */ -+ if (spec->version < SSL_LIBRARY_VERSION_TLS_1_3 || -+ spec->epoch == 0) { -+ rv = ssl3_UnprotectRecord(ss, spec, cText, plaintext, &alert); -+ } else { -+ rv = tls13_UnprotectRecord(ss, spec, cText, plaintext, &rType, -+ &alert); -+ } - #endif -+ } - - if (rv != SECSuccess) { - ssl_ReleaseSpecReadLock(ss); /***************************/ -@@ -12242,10 +12252,10 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip - /* Ensure that we don't process this data again. */ - plaintext->len = 0; - -- /* Ignore a CCS if the alternative handshake is negotiated. Note that -- * this will fail if the server fails to negotiate the alternative -- * handshake type in a 0-RTT session that is resumed from a session that -- * did negotiate it. We don't care about that corner case right now. */ -+ /* Ignore a CCS if compatibility mode is negotiated. Note that this -+ * will fail if the server fails to negotiate compatibility mode in a -+ * 0-RTT session that is resumed from a session that did negotiate it. -+ * We don't care about that corner case right now. */ - if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3 && - cText->hdr[0] == content_change_cipher_spec && - ss->ssl3.hs.ws != idle_handshake && -@@ -12254,19 +12264,20 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Cip - /* Ignore the CCS. */ - return SECSuccess; - } -+ - if (IS_DTLS(ss) || - (ss->sec.isServer && - ss->ssl3.hs.zeroRttIgnore == ssl_0rtt_ignore_trial)) { - /* Silently drop the packet */ - return SECSuccess; -- } else { -- int errCode = PORT_GetError(); -- SSL3_SendAlert(ss, alert_fatal, alert); -- /* Reset the error code in case SSL3_SendAlert called -- * PORT_SetError(). */ -- PORT_SetError(errCode); -- return SECFailure; -- } -+ } -+ -+ int errCode = PORT_GetError(); -+ SSL3_SendAlert(ss, alert_fatal, alert); -+ /* Reset the error code in case SSL3_SendAlert called -+ * PORT_SetError(). */ -+ PORT_SetError(errCode); -+ return SECFailure; - } - - /* SECSuccess */ diff --git a/nss-load-policy-file.patch b/nss-load-policy-file.patch new file mode 100644 index 0000000..3d8691c --- /dev/null +++ b/nss-load-policy-file.patch @@ -0,0 +1,79 @@ +# HG changeset patch +# User David Woodhouse +# Date 1529655250 -7200 +# Fri Jun 22 10:14:10 2018 +0200 +# Node ID d99e54ca9b6df33025ee9a196b8b942428bbff91 +# Parent 1a13c19d7fab53fd62786e05d6546a4abf66e48d +Bug 1296263 - Fix loading of PKCS#11 modules from system policy file, r=rrelyea + +We currently load the policy file after calling +STAN_LoadDefaultNSS3TrustDomain(), which causes problems because any +tokens in the newly-added modules don't get initialised. + +Move it up by a few lines and fix up the indentation while we're at it. + +diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c +--- a/lib/nss/nssinit.c ++++ b/lib/nss/nssinit.c +@@ -702,6 +702,30 @@ nss_Init(const char *configdir, const ch + if (SECOID_Init() != SECSuccess) { + goto loser; + } ++#ifdef POLICY_FILE ++ /* Load the system crypto policy file if it exists, ++ * unless the NSS_IGNORE_SYSTEM_POLICY environment ++ * variable has been set to 1. */ ++ ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY"); ++ if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) { ++ if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) { ++ SECMODModule *module = SECMOD_LoadModule( ++ "name=\"Policy File\" " ++ "parameters=\"configdir='sql:" POLICY_PATH "' " ++ "secmod='" POLICY_FILE "' " ++ "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" " ++ "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"", ++ parent, PR_TRUE); ++ if (module) { ++ PRBool isLoaded = module->loaded; ++ SECMOD_DestroyModule(module); ++ if (!isLoaded) { ++ goto loser; ++ } ++ } ++ } ++ } ++#endif + if (STAN_LoadDefaultNSS3TrustDomain() != PR_SUCCESS) { + goto loser; + } +@@ -730,30 +754,6 @@ nss_Init(const char *configdir, const ch + } + } + } +-#ifdef POLICY_FILE +- /* Load the system crypto policy file if it exists, +- * unless the NSS_IGNORE_SYSTEM_POLICY environment +- * variable has been set to 1. */ +- ignoreVar = PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY"); +- if (ignoreVar == NULL || strncmp(ignoreVar, "1", sizeof("1")) != 0) { +- if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) { +- SECMODModule *module = SECMOD_LoadModule( +- "name=\"Policy File\" " +- "parameters=\"configdir='sql:" POLICY_PATH "' " +- "secmod='" POLICY_FILE "' " +- "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" " +- "NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"", +- parent, PR_TRUE); +- if (module) { +- PRBool isLoaded = module->loaded; +- SECMOD_DestroyModule(module); +- if (!isLoaded) { +- goto loser; +- } +- } +- } +- } +-#endif + pk11sdr_Init(); + cert_CreateSubjectKeyIDHashTable(); + diff --git a/nss-moz1458518.patch b/nss-moz1458518.patch deleted file mode 100644 index 516d756..0000000 --- a/nss-moz1458518.patch +++ /dev/null @@ -1,33 +0,0 @@ - -# HG changeset patch -# User Robert Relyea -# Date 1525268789 -7200 -# Node ID 2f1ee2b8f7a65ecae1a84c02dcf0167ce3b57ab4 -# Parent 5a210945d2486d6443556ec578b22c05949e1049 -Bug 1458518, Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts, r=kaie - -diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c ---- a/lib/dev/devtoken.c -+++ b/lib/dev/devtoken.c -@@ -523,17 +523,19 @@ nssToken_ImportCertificate( - } - /* according to PKCS#11, label, ID, issuer, and serial number - * may change after the object has been created. For PKIX, the - * last two attributes can't change, so for now we'll only worry - * about the first two. - */ - NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize); - NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id); -- NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); -+ if (!rvObject->label && nickname) { -+ NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname); -+ } - NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize); - /* reset the mutable attributes on the token */ - nssCKObject_SetAttributes(rvObject->handle, - cert_tmpl, ctsize, - session, slot); - if (!rvObject->label && nickname) { - rvObject->label = nssUTF8_Duplicate(nickname, NULL); - } - diff --git a/nss.spec b/nss.spec index 7bc3554..6b8d421 100644 --- a/nss.spec +++ b/nss.spec @@ -1,15 +1,15 @@ %global nspr_version 4.19.0 -%global nss_util_version 3.37.3 -%global nss_softokn_version 3.37.3 +%global nss_util_version 3.38.0 +%global nss_softokn_version 3.38.0 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global allTools "certutil cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain vfyserv" Summary: Network Security Services Name: nss -Version: 3.37.3 +Version: 3.38.0 # for Rawhide, please always use release >= 2 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...) -Release: 3%{?dist} +Release: 2%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -75,11 +75,8 @@ Patch50: iquote.patch Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520 Patch59: nss-check-policy-file.patch +Patch60: nss-load-policy-file.patch Patch62: nss-skip-util-gtest.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1458518 -Patch63: nss-moz1458518.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1452549 -Patch64: nss-dtls-discard-app-data-before-handshake.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -161,9 +158,8 @@ low level services. %patch58 -p0 -b .1185708_3des pushd nss %patch59 -p1 -b .check_policy_file +%patch60 -p1 -b .load_policy_file %patch62 -p1 -b .skip_util_gtest -%patch63 -p1 -b .moz1458518 -%patch64 -p1 -b .dtls-discard-app-data popd ######################################################### @@ -737,6 +733,9 @@ done %changelog +* Mon Jul 2 2018 Daiki Ueno - 3.38.0-2 +- Update to NSS 3.38 + * Wed Jun 6 2018 Daiki Ueno - 3.37.3-3 - Backport fix for handling DTLS application_data before handshake diff --git a/sources b/sources index 3eeef13..8c91f7f 100644 --- a/sources +++ b/sources @@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310 -SHA512 (nss-3.37.3.tar.gz) = 11b21818f9fcff11d0e7f4c066ae9fbce0052a30a6b30df9a20022792039b5348554834a472e1b1195e467b9902067f9719678d5ca32efb4e60f1df161feed6f +SHA512 (nss-3.38.0.tar.gz) = eb63f1c44adbbd97dc766e8545c72303f3cb18f1bfb2af67c33cdb1a1a9a1cc432a64afbafabd7a5bb3f08cb36db74ed81e5cfa1fc4bd35ae76e183f3205afed