1 |
commit: 0b684bfbdff41cbaab1a6c1969c931a1670395d7 |
2 |
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Oct 23 16:19:06 2020 +0000 |
4 |
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Oct 23 16:19:06 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b684bfb |
7 |
|
8 |
dev-libs/nss: always tolerate the first CCS in TLS 1.3 |
9 |
|
10 |
Bug: https://bugs.gentoo.org/750746 |
11 |
Package-Manager: Portage-3.0.8, Repoman-3.0.2 |
12 |
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> |
13 |
|
14 |
...8-always-tolerate-the-first-CCS-in-TLS1.3.patch | 111 +++++++++++++++++++++ |
15 |
.../nss/{nss-3.58.ebuild => nss-3.58-r1.ebuild} | 1 + |
16 |
2 files changed, 112 insertions(+) |
17 |
|
18 |
diff --git a/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch |
19 |
new file mode 100644 |
20 |
index 00000000000..f68b65c119c |
21 |
--- /dev/null |
22 |
+++ b/dev-libs/nss/files/nss-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch |
23 |
@@ -0,0 +1,111 @@ |
24 |
+https://bugzilla.mozilla.org/show_bug.cgi?id=1672703 |
25 |
+ |
26 |
+--- a/gtests/ssl_gtest/ssl_tls13compat_unittest.cc |
27 |
++++ b/gtests/ssl_gtest/ssl_tls13compat_unittest.cc |
28 |
+@@ -348,8 +348,8 @@ |
29 |
+ client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT); |
30 |
+ } |
31 |
+ |
32 |
+-// The server rejects a ChangeCipherSpec if the client advertises an |
33 |
+-// empty session ID. |
34 |
++// The server accepts a ChangeCipherSpec even if the client advertises |
35 |
++// an empty session ID. |
36 |
+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterClientHelloEmptySid) { |
37 |
+ EnsureTlsSetup(); |
38 |
+ ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3); |
39 |
+@@ -358,9 +358,8 @@ |
40 |
+ client_->Handshake(); // Send ClientHello |
41 |
+ client_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); // Send CCS |
42 |
+ |
43 |
+- server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); |
44 |
+- server_->Handshake(); // Consume ClientHello and CCS |
45 |
+- server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); |
46 |
++ Handshake(); |
47 |
++ CheckConnected(); |
48 |
+ } |
49 |
+ |
50 |
+ // The server rejects multiple ChangeCipherSpec even if the client |
51 |
+@@ -381,7 +380,7 @@ |
52 |
+ server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); |
53 |
+ } |
54 |
+ |
55 |
+-// The client rejects a ChangeCipherSpec if it advertises an empty |
56 |
++// The client accepts a ChangeCipherSpec even if it advertises an empty |
57 |
+ // session ID. |
58 |
+ TEST_F(TlsConnectStreamTls13, ChangeCipherSpecAfterServerHelloEmptySid) { |
59 |
+ EnsureTlsSetup(); |
60 |
+@@ -398,9 +397,10 @@ |
61 |
+ // send ServerHello..CertificateVerify |
62 |
+ // Send CCS |
63 |
+ server_->SendDirect(DataBuffer(kCannedCcs, sizeof(kCannedCcs))); |
64 |
+- client_->ExpectSendAlert(kTlsAlertUnexpectedMessage); |
65 |
+- client_->Handshake(); // Consume ClientHello and CCS |
66 |
+- client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); |
67 |
++ |
68 |
++ // No alert is sent from the client. As Finished is dropped, we |
69 |
++ // can't use Handshake() and CheckConnected(). |
70 |
++ client_->Handshake(); |
71 |
+ } |
72 |
+ |
73 |
+ // The client rejects multiple ChangeCipherSpec in a row even if the |
74 |
+--- a/lib/ssl/ssl3con.c |
75 |
++++ b/lib/ssl/ssl3con.c |
76 |
+@@ -6645,11 +6645,7 @@ |
77 |
+ |
78 |
+ /* TLS 1.3: We sent a session ID. The server's should match. */ |
79 |
+ if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) { |
80 |
+- if (sidMatch) { |
81 |
+- ss->ssl3.hs.allowCcs = PR_TRUE; |
82 |
+- return PR_TRUE; |
83 |
+- } |
84 |
+- return PR_FALSE; |
85 |
++ return sidMatch; |
86 |
+ } |
87 |
+ |
88 |
+ /* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */ |
89 |
+@@ -8696,7 +8692,6 @@ |
90 |
+ errCode = PORT_GetError(); |
91 |
+ goto alert_loser; |
92 |
+ } |
93 |
+- ss->ssl3.hs.allowCcs = PR_TRUE; |
94 |
+ } |
95 |
+ |
96 |
+ /* TLS 1.3 requires that compression include only null. */ |
97 |
+@@ -13066,15 +13061,14 @@ |
98 |
+ ss->ssl3.hs.ws != idle_handshake && |
99 |
+ cText->buf->len == 1 && |
100 |
+ cText->buf->buf[0] == change_cipher_spec_choice) { |
101 |
+- if (ss->ssl3.hs.allowCcs) { |
102 |
+- /* Ignore the first CCS. */ |
103 |
+- ss->ssl3.hs.allowCcs = PR_FALSE; |
104 |
++ if (!ss->ssl3.hs.rejectCcs) { |
105 |
++ /* Allow only the first CCS. */ |
106 |
++ ss->ssl3.hs.rejectCcs = PR_TRUE; |
107 |
+ return SECSuccess; |
108 |
+- } |
109 |
+- |
110 |
+- /* Compatibility mode is not negotiated. */ |
111 |
+- alert = unexpected_message; |
112 |
+- PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); |
113 |
++ } else { |
114 |
++ alert = unexpected_message; |
115 |
++ PORT_SetError(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER); |
116 |
++ } |
117 |
+ } |
118 |
+ |
119 |
+ if ((IS_DTLS(ss) && !dtls13_AeadLimitReached(spec)) || |
120 |
+--- a/lib/ssl/sslimpl.h |
121 |
++++ b/lib/ssl/sslimpl.h |
122 |
+@@ -710,10 +710,7 @@ |
123 |
+ * or received. */ |
124 |
+ PRBool receivedCcs; /* A server received ChangeCipherSpec |
125 |
+ * before the handshake started. */ |
126 |
+- PRBool allowCcs; /* A server allows ChangeCipherSpec |
127 |
+- * as the middlebox compatibility mode |
128 |
+- * is explicitly indicarted by |
129 |
+- * legacy_session_id in TLS 1.3 ClientHello. */ |
130 |
++ PRBool rejectCcs; /* Excessive ChangeCipherSpecs are rejected. */ |
131 |
+ PRBool clientCertRequested; /* True if CertificateRequest received. */ |
132 |
+ PRBool endOfFlight; /* Processed a full flight (DTLS 1.3). */ |
133 |
+ ssl3KEADef kea_def_mutable; /* Used to hold the writable kea_def |
134 |
+ |
135 |
|
136 |
diff --git a/dev-libs/nss/nss-3.58.ebuild b/dev-libs/nss/nss-3.58-r1.ebuild |
137 |
similarity index 99% |
138 |
rename from dev-libs/nss/nss-3.58.ebuild |
139 |
rename to dev-libs/nss/nss-3.58-r1.ebuild |
140 |
index 37ab7c58696..9fd66130955 100644 |
141 |
--- a/dev-libs/nss/nss-3.58.ebuild |
142 |
+++ b/dev-libs/nss/nss-3.58-r1.ebuild |
143 |
@@ -40,6 +40,7 @@ PATCHES=( |
144 |
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
145 |
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
146 |
"${FILESDIR}/${PN}-3.53-fix-building-on-ppc.patch" |
147 |
+ "${FILESDIR}/${PN}-3.58-always-tolerate-the-first-CCS-in-TLS1.3.patch" |
148 |
) |
149 |
|
150 |
src_prepare() { |