Update to NSS 3.59
This commit is contained in:
parent
97a26627f0
commit
ba08eea9a6
|
@ -55,3 +55,4 @@ TestUser51.cert
|
|||
/nss-3.56.tar.gz
|
||||
/nss-3.57.tar.gz
|
||||
/nss-3.58.tar.gz
|
||||
/nss-3.59.tar.gz
|
||||
|
|
132
nss-ccs.patch
132
nss-ccs.patch
|
@ -1,132 +0,0 @@
|
|||
# HG changeset patch
|
||||
# User Daiki Ueno <dueno@redhat.com>
|
||||
# Date 1603691171 -3600
|
||||
# Mon Oct 26 06:46:11 2020 +0100
|
||||
# Node ID b03a4fc5b902498414b02640dcb2717dfef9682f
|
||||
# Parent 6f79a76958129dc09c353c288f115fd9a51ab7d4
|
||||
Bug 1672703, always tolerate the first CCS in TLS 1.3, r=mt
|
||||
|
||||
Summary:
|
||||
This flips the meaning of the flag for checking excessive CCS
|
||||
messages, so it only rejects multiple CCS messages while the first CCS
|
||||
message is always accepted.
|
||||
|
||||
Reviewers: mt
|
||||
|
||||
Reviewed By: mt
|
||||
|
||||
Bug #: 1672703
|
||||
|
||||
Differential Revision: https://phabricator.services.mozilla.com/D94603
|
||||
|
||||
diff -r 6f79a7695812 -r b03a4fc5b902 gtests/ssl_gtest/ssl_tls13compat_unittest.cc
|
||||
--- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc Fri Oct 23 16:14:36 2020 -0700
|
||||
+++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc Mon Oct 26 06:46:11 2020 +0100
|
||||
@@ -348,8 +348,8 @@
|
||||
client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
|
||||
}
|
||||
|
||||
-// The server rejects a ChangeCipherSpec if the client advertises an
|
||||
-// empty session ID.
|
||||
+// The server accepts a ChangeCipherSpec even if the client advertises
|
||||
+// an empty session ID.
|
||||
TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
|
||||
EnsureTlsSetup();
|
||||
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
|
||||
@@ -358,9 +358,8 @@
|
||||
client_->Handshake(); // Send ClientHello
|
||||
client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS
|
||||
|
||||
- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
|
||||
- server_->Handshake(); // Consume ClientHello and CCS
|
||||
- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
|
||||
+ Handshake();
|
||||
+ CheckConnected();
|
||||
}
|
||||
|
||||
// The server rejects multiple ChangeCipherSpec even if the client
|
||||
@@ -381,7 +380,7 @@
|
||||
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
|
||||
}
|
||||
|
||||
-// The client rejects a ChangeCipherSpec if it advertises an empty
|
||||
+// The client accepts a ChangeCipherSpec even if it advertises an empty
|
||||
// session ID.
|
||||
TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
|
||||
EnsureTlsSetup();
|
||||
@@ -398,9 +397,10 @@
|
||||
// send ServerHello..CertificateVerify
|
||||
// Send CCS
|
||||
server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
|
||||
- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
|
||||
- client_->Handshake(); // Consume ClientHello and CCS
|
||||
- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
|
||||
+
|
||||
+ // No alert is sent from the client. As Finished is dropped, we
|
||||
+ // can't use Handshake() and CheckConnected().
|
||||
+ client_->Handshake();
|
||||
}
|
||||
|
||||
// The client rejects multiple ChangeCipherSpec in a row even if the
|
||||
diff -r 6f79a7695812 -r b03a4fc5b902 lib/ssl/ssl3con.c
|
||||
--- a/lib/ssl/ssl3con.c Fri Oct 23 16:14:36 2020 -0700
|
||||
+++ b/lib/ssl/ssl3con.c Mon Oct 26 06:46:11 2020 +0100
|
||||
@@ -6645,11 +6645,7 @@
|
||||
|
||||
/* TLS 1.3: We sent a session ID. The server's should match. */
|
||||
if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
|
||||
- if (sidMatch) {
|
||||
- ss->ssl3.hs.allowCcs = PR_TRUE;
|
||||
- return PR_TRUE;
|
||||
- }
|
||||
- return PR_FALSE;
|
||||
+ return sidMatch;
|
||||
}
|
||||
|
||||
/* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
|
||||
@@ -8696,7 +8692,6 @@
|
||||
errCode = PORT_GetError();
|
||||
goto alert_loser;
|
||||
}
|
||||
- ss->ssl3.hs.allowCcs = PR_TRUE;
|
||||
}
|
||||
|
||||
/* TLS 1.3 requires that compression include only null. */
|
||||
@@ -13066,15 +13061,14 @@
|
||||
ss->ssl3.hs.ws != idle_handshake &&
|
||||
cText->buf->len == 1 &&
|
||||
cText->buf->buf[0] == change_cipher_spec_choice) {
|
||||
- if (ss->ssl3.hs.allowCcs) {
|
||||
- /* Ignore the first CCS. */
|
||||
- ss->ssl3.hs.allowCcs = PR_FALSE;
|
||||
+ if (!ss->ssl3.hs.rejectCcs) {
|
||||
+ /* Allow only the first CCS. */
|
||||
+ ss->ssl3.hs.rejectCcs = PR_TRUE;
|
||||
return SECSuccess;
|
||||
- }
|
||||
-
|
||||
- /* Compatibility mode is not negotiated. */
|
||||
- alert = unexpected_message;
|
||||
- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
|
||||
+ } else {
|
||||
+ alert = unexpected_message;
|
||||
+ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
|
||||
+ }
|
||||
}
|
||||
|
||||
if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||
|
||||
diff -r 6f79a7695812 -r b03a4fc5b902 lib/ssl/sslimpl.h
|
||||
--- a/lib/ssl/sslimpl.h Fri Oct 23 16:14:36 2020 -0700
|
||||
+++ b/lib/ssl/sslimpl.h Mon Oct 26 06:46:11 2020 +0100
|
||||
@@ -710,10 +710,7 @@
|
||||
* or received. */
|
||||
PRBool receivedCcs; /* A server received ChangeCipherSpec
|
||||
* before the handshake started. */
|
||||
- PRBool allowCcs; /* A server allows ChangeCipherSpec
|
||||
- * as the middlebox compatibility mode
|
||||
- * is explicitly indicarted by
|
||||
- * legacy_session_id in TLS 1.3 ClientHello. */
|
||||
+ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */
|
||||
PRBool clientCertRequested; /* True if CertificateRequest received. */
|
||||
PRBool endOfFlight; /* Processed a full flight (DTLS 1.3). */
|
||||
ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def
|
9
nss.spec
9
nss.spec
|
@ -1,5 +1,5 @@
|
|||
%global nspr_version 4.29.0
|
||||
%global nss_version 3.58.0
|
||||
%global nss_version 3.59.0
|
||||
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
|
||||
%global saved_files_dir %{_libdir}/nss/saved
|
||||
%global dracutlibdir %{_prefix}/lib/dracut
|
||||
|
@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
|
|||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: %{nss_version}
|
||||
Release: 3%{?dist}
|
||||
Release: 1%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Requires: nspr >= %{nspr_version}
|
||||
|
@ -106,8 +106,6 @@ Patch2: nss-539183.patch
|
|||
# Once the buildroot aha been bootstrapped the patch may be removed
|
||||
# but it doesn't hurt to keep it.
|
||||
Patch4: iquote.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
|
||||
Patch5: nss-ccs.patch
|
||||
Patch12: nss-signtool-format.patch
|
||||
%if 0%{?fedora} < 34
|
||||
%if 0%{?rhel} < 9
|
||||
|
@ -904,6 +902,9 @@ update-crypto-policies &> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Dec 11 2020 Daiki Ueno <dueno@redhat.com> - 3.59.0-1
|
||||
- Update to NSS 3.59
|
||||
|
||||
* Mon Oct 26 2020 Daiki Ueno <dueno@redhat.com> - 3.58.0-3
|
||||
- Revert the last change, always tolerate the first CCS in TLS 1.3
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -3,4 +3,4 @@ SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403
|
|||
SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
|
||||
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
|
||||
SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
|
||||
SHA512 (nss-3.58.tar.gz) = 03d2ab1517ac07620ea3f02dcf680cf019e0129006ff2559b2d0a047036340c20b98c9679b17a594e5502aa30e158caf309f046901b9ec7c7adeeaa13ec50b80
|
||||
SHA512 (nss-3.59.tar.gz) = 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
|
||||
|
|
Loading…
Reference in New Issue