Update to NSS 3.59

2020-12-11 11:27:37 +01:00 · 2020-12-11 11:27:37 +01:00 · ba08eea9a6
parent 97a26627f0
commit ba08eea9a6
4 changed files with 7 additions and 137 deletions
--- a/.gitignore
+++ b/.gitignore
@ -55,3 +55,4 @@ TestUser51.cert
 /nss-3.56.tar.gz
 /nss-3.57.tar.gz
 /nss-3.58.tar.gz
+/nss-3.59.tar.gz
--- a/nss-ccs.patch
+++ b/nss-ccs.patch
@ -1,132 +0,0 @@
-# HG changeset patch
-# User Daiki Ueno <dueno@redhat.com>
-# Date 1603691171 -3600
-#      Mon Oct 26 06:46:11 2020 +0100
-# Node ID b03a4fc5b902498414b02640dcb2717dfef9682f
-# Parent  6f79a76958129dc09c353c288f115fd9a51ab7d4
-Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt
-
-Summary:
-This flips the meaning of the flag for checking excessive CCS
-messages, so it only rejects multiple CCS messages while the first CCS
-message is always accepted.
-
-Reviewers: mt
-
-Reviewed By: mt
-
-Bug #: 1672703
-
-Differential Revision: https://phabricator.services.mozilla.com/D94603
-
-diff -r 6f79a7695812 -r b03a4fc5b902 gtests/ssl_gtest/ssl_tls13compat_unittest.cc
--- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc	Fri Oct 23 16:14:36 2020 -0700
-+++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc	Mon Oct 26 06:46:11 2020 +0100
-@@ -348,8 +348,8 @@
-   client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
- }
- 
-// The server rejects a ChangeCipherSpec if the client advertises an
-// empty session ID.
-+// The server accepts a ChangeCipherSpec even if the client advertises
-+// an empty session ID.
- TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
-   EnsureTlsSetup();
-   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
-@@ -358,9 +358,8 @@
-   client_->Handshake();  // Send ClientHello
-   client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));  // Send CCS
- 
-  server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
-  server_->Handshake();  // Consume ClientHello and CCS
-  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+  Handshake();
-+  CheckConnected();
- }
- 
- // The server rejects multiple ChangeCipherSpec even if the client
-@@ -381,7 +380,7 @@
-   server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
- }
- 
-// The client rejects a ChangeCipherSpec if it advertises an empty
-+// The client accepts a ChangeCipherSpec even if it advertises an empty
- // session ID.
- TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
-   EnsureTlsSetup();
-@@ -398,9 +397,10 @@
-                          // send ServerHello..CertificateVerify
-   // Send CCS
-   server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
-  client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
-  client_->Handshake();  // Consume ClientHello and CCS
-  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+
-+  // No alert is sent from the client. As Finished is dropped, we
-+  // can't use Handshake() and CheckConnected().
-+  client_->Handshake();
- }
- 
- // The client rejects multiple ChangeCipherSpec in a row even if the
-diff -r 6f79a7695812 -r b03a4fc5b902 lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c	Fri Oct 23 16:14:36 2020 -0700
-+++ b/lib/ssl/ssl3con.c	Mon Oct 26 06:46:11 2020 +0100
-@@ -6645,11 +6645,7 @@
- 
-     /* TLS 1.3: We sent a session ID.  The server's should match. */
-     if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
-        if (sidMatch) {
-            ss->ssl3.hs.allowCcs = PR_TRUE;
-            return PR_TRUE;
-        }
-        return PR_FALSE;
-+        return sidMatch;
-     }
- 
-     /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
-@@ -8696,7 +8692,6 @@
-                 errCode = PORT_GetError();
-                 goto alert_loser;
-             }
-            ss->ssl3.hs.allowCcs = PR_TRUE;
-         }
- 
-         /* TLS 1.3 requires that compression include only null. */
-@@ -13066,15 +13061,14 @@
-             ss->ssl3.hs.ws != idle_handshake &&
-             cText->buf->len == 1 &&
-             cText->buf->buf[0] == change_cipher_spec_choice) {
-            if (ss->ssl3.hs.allowCcs) {
-                /* Ignore the first CCS. */
-                ss->ssl3.hs.allowCcs = PR_FALSE;
-+            if (!ss->ssl3.hs.rejectCcs) {
-+                /* Allow only the first CCS. */
-+                ss->ssl3.hs.rejectCcs = PR_TRUE;
-                 return SECSuccess;
-            }
-
-            /* Compatibility mode is not negotiated. */
-            alert = unexpected_message;
-            PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+            } else {
-+                alert = unexpected_message;
-+                PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
-+            }
-         }
- 
-         if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||
-diff -r 6f79a7695812 -r b03a4fc5b902 lib/ssl/sslimpl.h
--- a/lib/ssl/sslimpl.h	Fri Oct 23 16:14:36 2020 -0700
-+++ b/lib/ssl/sslimpl.h	Mon Oct 26 06:46:11 2020 +0100
-@@ -710,10 +710,7 @@
-                                            * or received. */
-     PRBool receivedCcs;                   /* A server received ChangeCipherSpec
-                                            * before the handshake started. */
-    PRBool allowCcs;                      /* A server allows ChangeCipherSpec
-                                           * as the middlebox compatibility mode
-                                           * is explicitly indicarted by
-                                           * legacy_session_id in TLS 1.3 ClientHello. */
-+    PRBool rejectCcs;                     /* Excessive ChangeCipherSpecs are rejected. */
-     PRBool clientCertRequested;           /* True if CertificateRequest received. */
-     PRBool endOfFlight;                   /* Processed a full flight (DTLS 1.3). */
-     ssl3KEADef kea_def_mutable;           /* Used to hold the writable kea_def
--- a/nss.spec
+++ b/nss.spec
@ -1,5 +1,5 @@
 %global nspr_version 4.29.0
-%global nss_version 3.58.0
+%global nss_version 3.59.0
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 %global saved_files_dir %{_libdir}/nss/saved
 %global dracutlibdir %{_prefix}/lib/dracut
@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          3%{?dist}
+Release:          1%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Requires:         nspr >= %{nspr_version}
@ -106,8 +106,6 @@ Patch2:           nss-539183.patch
 # Once the buildroot aha been bootstrapped the patch may be removed
 # but it doesn't hurt to keep it.
 Patch4:           iquote.patch
-# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
-Patch5:		  nss-ccs.patch
 Patch12:          nss-signtool-format.patch
 %if 0%{?fedora} < 34
 %if 0%{?rhel} < 9
@ -904,6 +902,9 @@ update-crypto-policies &> /dev/null || :


 %changelog
+* Fri Dec 11 2020 Daiki Ueno <dueno@redhat.com> - 3.59.0-1
+- Update to NSS 3.59
+
 * Mon Oct 26 2020 Daiki Ueno <dueno@redhat.com> - 3.58.0-3
 - Revert the last change, always tolerate the first CCS in TLS 1.3

--- a/2
+++ b/2
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
-SHA512 (nss-3.58.tar.gz) = 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
+SHA512 (nss-3.59.tar.gz) = 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38