[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: dev-libs/nss/files/, dev-libs/nss/
Date:	Fri, 23 Oct 2020 16:19:38
Message-Id:	`1603469946.0b684bfbdff41cbaab1a6c1969c931a1670395d7.whissi@gentoo`

1

commit:     0b684bfbdff41cbaab1a6c1969c931a1670395d7

2

Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

3

AuthorDate: Fri Oct 23 16:19:06 2020 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Fri Oct 23 16:19:06 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b684bfb

7

8

dev-libs/nss: always tolerate the first CCS in TLS 1.3

9

10

Bug: https://bugs.gentoo.org/750746

11

Package-Manager: Portage-3.0.8, Repoman-3.0.2

12

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

13

14

 ...8-always-tolerate-the-first-CCS-in-TLS1.3.patch | 111 +++++++++++++++++++++

15

 .../nss/{nss-3.58.ebuild => nss-3.58-r1.ebuild}    |   1 +

16

 2 files changed, 112 insertions(+)

17

18

diff --git a/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch

19

new file mode 100644

20

index 00000000000..f68b65c119c

21

--- /dev/null

22

+++ b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch

23

@@ -0,0 +1,111 @@

24

+https://bugzilla.mozilla.org/show_bug.cgi?id=1672703

25

+

26

+--- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc

27

++++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc

28

+@@ -348,8 +348,8 @@

29

+   client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);

30

+ }

31

+

32

+-// The server rejects a ChangeCipherSpec if the client advertises an

33

+-// empty session ID.

34

++// The server accepts a ChangeCipherSpec even if the client advertises

35

++// an empty session ID.

36

+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {

37

+   EnsureTlsSetup();

38

+   ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);

39

+@@ -358,9 +358,8 @@

40

+   client_->Handshake();  // Send ClientHello

41

+   client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));  // Send CCS

42

+

43

+-  server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);

44

+-  server_->Handshake();  // Consume ClientHello and CCS

45

+-  server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);

46

++  Handshake();

47

++  CheckConnected();

48

+ }

49

+

50

+ // The server rejects multiple ChangeCipherSpec even if the client

51

+@@ -381,7 +380,7 @@

52

+   server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);

53

+ }

54

+

55

+-// The client rejects a ChangeCipherSpec if it advertises an empty

56

++// The client accepts a ChangeCipherSpec even if it advertises an empty

57

+ // session ID.

58

+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {

59

+   EnsureTlsSetup();

60

+@@ -398,9 +397,10 @@

61

+                          // send ServerHello..CertificateVerify

62

+   // Send CCS

63

+   server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));

64

+-  client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);

65

+-  client_->Handshake();  // Consume ClientHello and CCS

66

+-  client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);

67

++

68

++  // No alert is sent from the client. As Finished is dropped, we

69

++  // can't use Handshake() and CheckConnected().

70

++  client_->Handshake();

71

+ }

72

+

73

+ // The client rejects multiple ChangeCipherSpec in a row even if the

74

+--- a/lib/ssl/ssl3con.c

75

++++ b/lib/ssl/ssl3con.c

76

+@@ -6645,11 +6645,7 @@

77

+

78

+     /* TLS 1.3: We sent a session ID.  The server's should match. */

79

+     if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {

80

+-        if (sidMatch) {

81

+-            ss->ssl3.hs.allowCcs = PR_TRUE;

82

+-            return PR_TRUE;

83

+-        }

84

+-        return PR_FALSE;

85

++        return sidMatch;

86

+     }

87

+

88

+     /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */

89

+@@ -8696,7 +8692,6 @@

90

+                 errCode = PORT_GetError();

91

+                 goto alert_loser;

92

+             }

93

+-            ss->ssl3.hs.allowCcs = PR_TRUE;

94

+         }

95

+

96

+         /* TLS 1.3 requires that compression include only null. */

97

+@@ -13066,15 +13061,14 @@

98

+             ss->ssl3.hs.ws != idle_handshake &&

99

+             cText->buf->len == 1 &&

100

+             cText->buf->buf[0] == change_cipher_spec_choice) {

101

+-            if (ss->ssl3.hs.allowCcs) {

102

+-                /* Ignore the first CCS. */

103

+-                ss->ssl3.hs.allowCcs = PR_FALSE;

104

++            if (!ss->ssl3.hs.rejectCcs) {

105

++                /* Allow only the first CCS. */

106

++                ss->ssl3.hs.rejectCcs = PR_TRUE;

107

+                 return SECSuccess;

108

+-            }

109

+-

110

+-            /* Compatibility mode is not negotiated. */

111

+-            alert = unexpected_message;

112

+-            PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);

113

++            } else {

114

++                alert = unexpected_message;

115

++                PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);

116

++            }

117

+         }

118

+

119

+         if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) ||

120

+--- a/lib/ssl/sslimpl.h

121

++++ b/lib/ssl/sslimpl.h

122

+@@ -710,10 +710,7 @@

123

+                                            * or received. */

124

+     PRBool receivedCcs;                   /* A server received ChangeCipherSpec

125

+                                            * before the handshake started. */

126

+-    PRBool allowCcs;                      /* A server allows ChangeCipherSpec

127

+-                                           * as the middlebox compatibility mode

128

+-                                           * is explicitly indicarted by

129

+-                                           * legacy_session_id in TLS 1.3 ClientHello. */

130

++    PRBool rejectCcs;                     /* Excessive ChangeCipherSpecs are rejected. */

131

+     PRBool clientCertRequested;           /* True if CertificateRequest received. */

132

+     PRBool endOfFlight;                   /* Processed a full flight (DTLS 1.3). */

133

+     ssl3KEADef kea_def_mutable;           /* Used to hold the writable kea_def

134

+

135

136

diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58-r1.ebuild

137

similarity index 99%

138

rename from dev-libs/nss/nss-3.58.ebuild

139

rename to dev-libs/nss/nss-3.58-r1.ebuild

140

index 37ab7c58696..9fd66130955 100644

141

--- a/dev-libs/nss/nss-3.58.ebuild

142

+++ b/dev-libs/nss/nss-3.58-r1.ebuild

143

@@ -40,6 +40,7 @@ PATCHES=(

144

 	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"

145

 	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"

146

 	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"

147

+	"${FILESDIR}/${PN}-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch"

148

)

149

150

 src_prepare() {

1	commit: 0b684bfbdff41cbaab1a6c1969c931a1670395d7
2	Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3	AuthorDate: Fri Oct 23 16:19:06 2020 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Fri Oct 23 16:19:06 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b684bfb
7
8	dev-libs/nss: always tolerate the first CCS in TLS 1.3
9
10	Bug: https://bugs.gentoo.org/750746
11	Package-Manager: Portage-3.0.8, Repoman-3.0.2
12	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
13
14	...8-always-tolerate-the-first-CCS-in-TLS1.3.patch \| 111 +++++++++++++++++++++
15	.../nss/{nss-3.58.ebuild => nss-3.58-r1.ebuild} \| 1 +
16	2 files changed, 112 insertions(+)
17
18	diff --git a/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch
19	new file mode 100644
20	index 00000000000..f68b65c119c
21	--- /dev/null
22	+++ b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch
23	@@ -0,0 +1,111 @@
24	+https://bugzilla.mozilla.org/show_bug.cgi?id=1672703
25	+
26	+--- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
27	++++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc
28	+@@ -348,8 +348,8 @@
29	+ client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
30	+ }
31	+
32	+-// The server rejects a ChangeCipherSpec if the client advertises an
33	+-// empty session ID.
34	++// The server accepts a ChangeCipherSpec even if the client advertises
35	++// an empty session ID.
36	+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) {
37	+ EnsureTlsSetup();
38	+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
39	+@@ -358,9 +358,8 @@
40	+ client_->Handshake(); // Send ClientHello
41	+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS
42	+
43	+- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
44	+- server_->Handshake(); // Consume ClientHello and CCS
45	+- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
46	++ Handshake();
47	++ CheckConnected();
48	+ }
49	+
50	+ // The server rejects multiple ChangeCipherSpec even if the client
51	+@@ -381,7 +380,7 @@
52	+ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
53	+ }
54	+
55	+-// The client rejects a ChangeCipherSpec if it advertises an empty
56	++// The client accepts a ChangeCipherSpec even if it advertises an empty
57	+ // session ID.
58	+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) {
59	+ EnsureTlsSetup();
60	+@@ -398,9 +397,10 @@
61	+ // send ServerHello..CertificateVerify
62	+ // Send CCS
63	+ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs)));
64	+- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
65	+- client_->Handshake(); // Consume ClientHello and CCS
66	+- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
67	++
68	++ // No alert is sent from the client. As Finished is dropped, we
69	++ // can't use Handshake() and CheckConnected().
70	++ client_->Handshake();
71	+ }
72	+
73	+ // The client rejects multiple ChangeCipherSpec in a row even if the
74	+--- a/lib/ssl/ssl3con.c
75	++++ b/lib/ssl/ssl3con.c
76	+@@ -6645,11 +6645,7 @@
77	+
78	+ /* TLS 1.3: We sent a session ID. The server's should match. */
79	+ if (!IS_DTLS(ss) && (sentRealSid \|\| sentFakeSid)) {
80	+- if (sidMatch) {
81	+- ss->ssl3.hs.allowCcs = PR_TRUE;
82	+- return PR_TRUE;
83	+- }
84	+- return PR_FALSE;
85	++ return sidMatch;
86	+ }
87	+
88	+ /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
89	+@@ -8696,7 +8692,6 @@
90	+ errCode = PORT_GetError();
91	+ goto alert_loser;
92	+ }
93	+- ss->ssl3.hs.allowCcs = PR_TRUE;
94	+ }
95	+
96	+ /* TLS 1.3 requires that compression include only null. */
97	+@@ -13066,15 +13061,14 @@
98	+ ss->ssl3.hs.ws != idle_handshake &&
99	+ cText->buf->len == 1 &&
100	+ cText->buf->buf[0] == change_cipher_spec_choice) {
101	+- if (ss->ssl3.hs.allowCcs) {
102	+- /* Ignore the first CCS. */
103	+- ss->ssl3.hs.allowCcs = PR_FALSE;
104	++ if (!ss->ssl3.hs.rejectCcs) {
105	++ /* Allow only the first CCS. */
106	++ ss->ssl3.hs.rejectCcs = PR_TRUE;
107	+ return SECSuccess;
108	+- }
109	+-
110	+- /* Compatibility mode is not negotiated. */
111	+- alert = unexpected_message;
112	+- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
113	++ } else {
114	++ alert = unexpected_message;
115	++ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER);
116	++ }
117	+ }
118	+
119	+ if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) \|\|
120	+--- a/lib/ssl/sslimpl.h
121	++++ b/lib/ssl/sslimpl.h
122	+@@ -710,10 +710,7 @@
123	+ * or received. */
124	+ PRBool receivedCcs; /* A server received ChangeCipherSpec
125	+ * before the handshake started. */
126	+- PRBool allowCcs; /* A server allows ChangeCipherSpec
127	+- * as the middlebox compatibility mode
128	+- * is explicitly indicarted by
129	+- * legacy_session_id in TLS 1.3 ClientHello. */
130	++ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */
131	+ PRBool clientCertRequested; /* True if CertificateRequest received. */
132	+ PRBool endOfFlight; /* Processed a full flight (DTLS 1.3). */
133	+ ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def
134	+
135
136	diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58-r1.ebuild
137	similarity index 99%
138	rename from dev-libs/nss/nss-3.58.ebuild
139	rename to dev-libs/nss/nss-3.58-r1.ebuild
140	index 37ab7c58696..9fd66130955 100644
141	--- a/dev-libs/nss/nss-3.58.ebuild
142	+++ b/dev-libs/nss/nss-3.58-r1.ebuild
143	@@ -40,6 +40,7 @@ PATCHES=(
144	"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch"
145	"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch"
146	"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch"
147	+ "${FILESDIR}/${PN}-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch"
148	)
149
150	src_prepare() {

Gentoo Archives: gentoo-commits