diff --git a/.gitignore b/.gitignore index 38fb549..cf54e0d 100644 --- a/.gitignore +++ b/.gitignore @@ -55,3 +55,4 @@ TestUser51.cert /nss-3.56.tar.gz /nss-3.57.tar.gz /nss-3.58.tar.gz +/nss-3.59.tar.gz diff --git a/nss-ccs.patch b/nss-ccs.patch deleted file mode 100644 index 4841a5a..0000000 --- a/nss-ccs.patch +++ /dev/null @@ -1,132 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1603691171 -3600 -# Mon Oct 26 06:46:11 2020 +0100 -# Node ID b03a4fc5b902498414b02640dcb2717dfef9682f -# Parent 6f79a76958129dc09c353c288f115fd9a51ab7d4 -Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt - -Summary: -This flips the meaning of the flag for checking excessive CCS -messages, so it only rejects multiple CCS messages while the first CCS -message is always accepted. - -Reviewers: mt - -Reviewed By: mt - -Bug #: 1672703 - -Differential Revision: https://phabricator.services.mozilla.com/D94603 - -diff -r 6f79a7695812 -r b03a4fc5b902 gtests/ssl_gtest/ssl_tls13compat_unittest.cc ---- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc Fri Oct 23 16:14:36 2020 -0700 -+++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc Mon Oct 26 06:46:11 2020 +0100 -@@ -348,8 +348,8 @@ - client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); - } - --// The server rejects a ChangeCipherSpec if the client advertises an --// empty session ID. -+// The server accepts a ChangeCipherSpec even if the client advertises -+// an empty session ID. - TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) { - EnsureTlsSetup(); - ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); -@@ -358,9 +358,8 @@ - client_->Handshake(); // Send ClientHello - client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS - -- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); -- server_->Handshake(); // Consume ClientHello and CCS -- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+ Handshake(); -+ CheckConnected(); - } - - // The server rejects multiple ChangeCipherSpec even if the client -@@ -381,7 +380,7 @@ - server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); - } - --// The client rejects a ChangeCipherSpec if it advertises an empty -+// The client accepts a ChangeCipherSpec even if it advertises an empty - // session ID. - TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) { - EnsureTlsSetup(); -@@ -398,9 +397,10 @@ - // send ServerHello..CertificateVerify - // Send CCS - server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); -- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage); -- client_->Handshake(); // Consume ClientHello and CCS -- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+ -+ // No alert is sent from the client. As Finished is dropped, we -+ // can't use Handshake() and CheckConnected(). -+ client_->Handshake(); - } - - // The client rejects multiple ChangeCipherSpec in a row even if the -diff -r 6f79a7695812 -r b03a4fc5b902 lib/ssl/ssl3con.c ---- a/lib/ssl/ssl3con.c Fri Oct 23 16:14:36 2020 -0700 -+++ b/lib/ssl/ssl3con.c Mon Oct 26 06:46:11 2020 +0100 -@@ -6645,11 +6645,7 @@ - - /* TLS 1.3: We sent a session ID. The server's should match. */ - if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) { -- if (sidMatch) { -- ss->ssl3.hs.allowCcs = PR_TRUE; -- return PR_TRUE; -- } -- return PR_FALSE; -+ return sidMatch; - } - - /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */ -@@ -8696,7 +8692,6 @@ - errCode = PORT_GetError(); - goto alert_loser; - } -- ss->ssl3.hs.allowCcs = PR_TRUE; - } - - /* TLS 1.3 requires that compression include only null. */ -@@ -13066,15 +13061,14 @@ - ss->ssl3.hs.ws != idle_handshake && - cText->buf->len == 1 && - cText->buf->buf[0] == change_cipher_spec_choice) { -- if (ss->ssl3.hs.allowCcs) { -- /* Ignore the first CCS. */ -- ss->ssl3.hs.allowCcs = PR_FALSE; -+ if (!ss->ssl3.hs.rejectCcs) { -+ /* Allow only the first CCS. */ -+ ss->ssl3.hs.rejectCcs = PR_TRUE; - return SECSuccess; -- } -- -- /* Compatibility mode is not negotiated. */ -- alert = unexpected_message; -- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+ } else { -+ alert = unexpected_message; -+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); -+ } - } - - if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) || -diff -r 6f79a7695812 -r b03a4fc5b902 lib/ssl/sslimpl.h ---- a/lib/ssl/sslimpl.h Fri Oct 23 16:14:36 2020 -0700 -+++ b/lib/ssl/sslimpl.h Mon Oct 26 06:46:11 2020 +0100 -@@ -710,10 +710,7 @@ - * or received. */ - PRBool receivedCcs; /* A server received ChangeCipherSpec - * before the handshake started. */ -- PRBool allowCcs; /* A server allows ChangeCipherSpec -- * as the middlebox compatibility mode -- * is explicitly indicarted by -- * legacy_session_id in TLS 1.3 ClientHello. */ -+ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */ - PRBool clientCertRequested; /* True if CertificateRequest received. */ - PRBool endOfFlight; /* Processed a full flight (DTLS 1.3). */ - ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def diff --git a/nss.spec b/nss.spec index cb2e818..341fdfd 100644 --- a/nss.spec +++ b/nss.spec @@ -1,5 +1,5 @@ %global nspr_version 4.29.0 -%global nss_version 3.58.0 +%global nss_version 3.59.0 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global saved_files_dir %{_libdir}/nss/saved %global dracutlibdir %{_prefix}/lib/dracut @@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 3%{?dist} +Release: 1%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -106,8 +106,6 @@ Patch2: nss-539183.patch # Once the buildroot aha been bootstrapped the patch may be removed # but it doesn't hurt to keep it. Patch4: iquote.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1672703 -Patch5: nss-ccs.patch Patch12: nss-signtool-format.patch %if 0%{?fedora} < 34 %if 0%{?rhel} < 9 @@ -904,6 +902,9 @@ update-crypto-policies &> /dev/null || : %changelog +* Fri Dec 11 2020 Daiki Ueno - 3.59.0-1 +- Update to NSS 3.59 + * Mon Oct 26 2020 Daiki Ueno - 3.58.0-3 - Revert the last change, always tolerate the first CCS in TLS 1.3 diff --git a/sources b/sources index d5ad023..da88737 100644 --- a/sources +++ b/sources @@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403 SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7 SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310 -SHA512 (nss-3.58.tar.gz) = 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80 +SHA512 (nss-3.59.tar.gz) = 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38