diff --git a/.gitignore b/.gitignore index 9f715bd..8cd8873 100644 --- a/.gitignore +++ b/.gitignore @@ -10,7 +10,7 @@ SOURCES/cert8.db.xml SOURCES/cert9.db.xml SOURCES/key3.db.xml SOURCES/key4.db.xml -SOURCES/nss-3.36.0.tar.gz +SOURCES/nss-3.44.tar.gz SOURCES/nss-config.xml SOURCES/secmod.db.xml SOURCES/setup-nsssysinit.xml diff --git a/.nss.metadata b/.nss.metadata index 542343e..829bbd4 100644 --- a/.nss.metadata +++ b/.nss.metadata @@ -10,7 +10,7 @@ bd748cf6e1465a1bbe6e751b72ffc0076aff0b50 SOURCES/blank-secmod.db 7cbb7841b1aefe52534704bf2a4358bfea1aa477 SOURCES/cert9.db.xml 24c123810543ff0f6848647d6d910744e275fb01 SOURCES/key3.db.xml af51b16a56fda1f7525a0eed3ecbdcbb4133be0c SOURCES/key4.db.xml -e9d8137e035efed17bd0ca12db497dbeff9b828e SOURCES/nss-3.36.0.tar.gz +44a83b1bf4efd27605177ecdbf217e579ae8c8ae SOURCES/nss-3.44.tar.gz 2905c9b06e7e686c9e3c0b5736a218766d4ae4c2 SOURCES/nss-config.xml ca9ebf79c1437169a02527c18b1e3909943c4be9 SOURCES/secmod.db.xml bcbe05281b38d843273f91ae3f9f19f70c7d97b3 SOURCES/setup-nsssysinit.xml diff --git a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch index 527b312..99a0919 100644 --- a/SOURCES/Bug-1001841-disable-sslv2-libssl.patch +++ b/SOURCES/Bug-1001841-disable-sslv2-libssl.patch @@ -1,19 +1,21 @@ diff -up nss/lib/ssl/config.mk.disableSSL2libssl nss/lib/ssl/config.mk ---- nss/lib/ssl/config.mk.disableSSL2libssl 2017-01-04 15:24:24.000000000 +0100 -+++ nss/lib/ssl/config.mk 2017-01-16 10:53:47.629894929 +0100 -@@ -69,3 +69,8 @@ endif - ifdef NSS_DISABLE_TLS_1_3 +--- nss/lib/ssl/config.mk.disableSSL2libssl 2019-03-28 10:36:01.859196244 +0100 ++++ nss/lib/ssl/config.mk 2019-03-28 10:36:53.250120885 +0100 +@@ -61,6 +61,10 @@ ifdef NSS_DISABLE_TLS_1_3 DEFINES += -DNSS_DISABLE_TLS_1_3 endif -+ + +ifdef NSS_NO_SSL2 +DEFINES += -DNSS_NO_SSL2 +endif + + ifeq (,$(filter-out DragonFly FreeBSD Linux NetBSD OpenBSD, $(OS_TARGET))) + CFLAGS += -std=gnu99 + endif diff -up nss/lib/ssl/sslsock.c.disableSSL2libssl nss/lib/ssl/sslsock.c ---- nss/lib/ssl/sslsock.c.disableSSL2libssl 2017-01-16 10:53:47.615895344 +0100 -+++ nss/lib/ssl/sslsock.c 2017-01-16 10:54:16.088051233 +0100 -@@ -1221,6 +1221,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo +--- nss/lib/ssl/sslsock.c.disableSSL2libssl 2019-03-28 10:36:01.849196454 +0100 ++++ nss/lib/ssl/sslsock.c 2019-03-28 10:36:01.860196223 +0100 +@@ -1363,6 +1363,10 @@ SSLExp_SetMaxEarlyDataSize(PRFileDesc *f static PRBool ssl_IsRemovedCipherSuite(PRInt32 suite) { diff --git a/SOURCES/Bug-1001841-disable-sslv2-tests.patch b/SOURCES/Bug-1001841-disable-sslv2-tests.patch index 96569b2..093bb54 100644 --- a/SOURCES/Bug-1001841-disable-sslv2-tests.patch +++ b/SOURCES/Bug-1001841-disable-sslv2-tests.patch @@ -1,9 +1,9 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh ---- nss/tests/ssl/ssl.sh.disableSSL2tests 2018-03-05 16:58:32.000000000 +0100 -+++ nss/tests/ssl/ssl.sh 2018-03-09 17:24:07.047568191 +0100 +--- nss/tests/ssl/ssl.sh.disableSSL2tests 2019-03-16 01:25:08.000000000 +0100 ++++ nss/tests/ssl/ssl.sh 2019-03-28 10:39:14.254180729 +0100 @@ -68,9 +68,14 @@ ssl_init() NSS_SSL_RUN=${NSS_SSL_RUN:-$nss_ssl_run} - + # Test case files - SSLCOV=${QADIR}/ssl/sslcov.txt + if [ "${NSS_NO_SSL2}" = "1" ]; then @@ -42,8 +42,8 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh fi fi is_selfserv_alive -@@ -275,7 +288,7 @@ ssl_cov() - start_selfserv # Launch the server +@@ -278,7 +291,7 @@ ssl_cov() + start_selfserv $CIPHER_SUITES # Launch the server VMIN="ssl3" - VMAX="tls1.1" @@ -51,7 +51,7 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh ignore_blank_lines ${SSLCOV} | \ while read ectype testmax param testname -@@ -283,6 +296,12 @@ ssl_cov() +@@ -286,6 +299,12 @@ ssl_cov() echo "${testname}" | grep "EXPORT" > /dev/null EXP=$? @@ -61,6 +61,6 @@ diff -up nss/tests/ssl/ssl.sh.disableSSL2tests nss/tests/ssl/ssl.sh + continue + fi + - if [ "$ectype" = "ECC" ] ; then - echo "$SCRIPTNAME: skipping $testname (ECC only)" - else + # RSA-PSS tests are handled in a separate function + case $testname in + *RSA-PSS) diff --git a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch b/SOURCES/enable-fips-when-system-is-in-fips-mode.patch deleted file mode 100644 index dde5dcb..0000000 --- a/SOURCES/enable-fips-when-system-is-in-fips-mode.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff -up nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/pk11pars.c ---- nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode 2018-03-05 16:58:32.000000000 +0100 -+++ nss/lib/pk11wrap/pk11pars.c 2018-03-09 17:24:39.815838810 +0100 -@@ -671,6 +671,10 @@ SECMOD_CreateModuleEx(const char *librar - - mod->internal = NSSUTIL_ArgHasFlag("flags", "internal", nssc); - mod->isFIPS = NSSUTIL_ArgHasFlag("flags", "FIPS", nssc); -+ /* if the system FIPS mode is enabled, force FIPS to be on */ -+ if (SECMOD_GetSystemFIPSEnabled()) { -+ mod->isFIPS = PR_TRUE; -+ } - mod->isCritical = NSSUTIL_ArgHasFlag("flags", "critical", nssc); - slotParams = NSSUTIL_ArgGetParamValue("slotParams", nssc); - mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena, slotParams, -diff -up nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/pk11util.c ---- nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode 2018-03-05 16:58:32.000000000 +0100 -+++ nss/lib/pk11wrap/pk11util.c 2018-03-09 17:25:46.804347730 +0100 -@@ -95,6 +95,26 @@ SECMOD_Shutdown() - return SECSuccess; - } - -+int SECMOD_GetSystemFIPSEnabled(void) { -+#ifdef LINUX -+ FILE *f; -+ char d; -+ size_t size; -+ -+ f = fopen("/proc/sys/crypto/fips_enabled", "r"); -+ if (!f) -+ return 0; -+ -+ size = fread(&d, 1, 1, f); -+ fclose(f); -+ if (size != 1) -+ return 0; -+ if (d == '1') -+ return 1; -+#endif -+ return 0; -+} -+ - /* - * retrieve the internal module - */ -@@ -428,7 +448,7 @@ SECMOD_DeleteInternalModule(const char * - SECMODModuleList **mlpp; - SECStatus rv = SECFailure; - -- if (pendingModule) { -+ if (SECMOD_GetSystemFIPSEnabled() || pendingModule) { - PORT_SetError(SEC_ERROR_MODULE_STUCK); - return rv; - } -@@ -963,7 +983,7 @@ SECMOD_CanDeleteInternalModule(void) - #ifdef NSS_FIPS_DISABLED - return PR_FALSE; - #else -- return (PRBool)(pendingModule == NULL); -+ return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled()); - #endif - } - -diff -up nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/secmodi.h ---- nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode 2018-03-05 16:58:32.000000000 +0100 -+++ nss/lib/pk11wrap/secmodi.h 2018-03-09 17:24:39.816838788 +0100 -@@ -115,6 +115,13 @@ PK11SymKey *pk11_TokenKeyGenWithFlagsAnd - CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid, - SECItem **param, SECItem *pwd, PRBool faulty3DES); - -+/* Get the state of the system FIPS mode */ -+/* NSS uses this to force FIPS mode if the system bit is on. Applications which -+ * use the SECMOD_CanDeleteInteral() to check to see if they can switch to or -+ * from FIPS mode will automatically be told that they can't swith out of FIPS -+ * mode */ -+int SECMOD_GetSystemFIPSEnabled(); -+ - extern void pk11sdr_Init(void); - extern void pk11sdr_Shutdown(void); - diff --git a/SOURCES/nss-3.36-ipsec_cert_vfy.patch b/SOURCES/nss-3.36-ipsec_cert_vfy.patch deleted file mode 100644 index 50d71ad..0000000 --- a/SOURCES/nss-3.36-ipsec_cert_vfy.patch +++ /dev/null @@ -1,820 +0,0 @@ -# HG changeset patch -# User Robert Relyea -# Date 1541713180 28800 -# Thu Nov 08 13:39:40 2018 -0800 -# Node ID 0c8334a3b23372556ebedbdfe513417eb9ee55a0 -# Parent 070bebf39672054410437b0cf931e00a8920a1ff -try: -b do -p all -u all -t all - -diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c ---- a/cmd/certutil/certutil.c -+++ b/cmd/certutil/certutil.c -@@ -736,16 +736,19 @@ ValidateCert(CERTCertDBHandle *handle, c - usage = certificateUsageVerifyCA; - break; - case 'C': - usage = certificateUsageSSLClient; - break; - case 'V': - usage = certificateUsageSSLServer; - break; -+ case 'I': -+ usage = certificateUsageIPsec; -+ break; - case 'S': - usage = certificateUsageEmailSigner; - break; - case 'R': - usage = certificateUsageEmailRecipient; - break; - case 'J': - usage = certificateUsageObjectSigner; -@@ -1701,16 +1704,17 @@ luV(enum usage_level ul, const char *com - " -n cert-name"); - FPS "%-20s validity time (\"YYMMDDHHMMSS[+HHMM|-HHMM|Z]\")\n", - " -b time"); - FPS "%-20s Check certificate signature \n", - " -e "); - FPS "%-20s Specify certificate usage:\n", " -u certusage"); - FPS "%-25s C \t SSL Client\n", ""); - FPS "%-25s V \t SSL Server\n", ""); -+ FPS "%-25s I \t IPsec\n", ""); - FPS "%-25s L \t SSL CA\n", ""); - FPS "%-25s A \t Any CA\n", ""); - FPS "%-25s Y \t Verify CA\n", ""); - FPS "%-25s S \t Email signer\n", ""); - FPS "%-25s R \t Email Recipient\n", ""); - FPS "%-25s O \t OCSP status responder\n", ""); - FPS "%-25s J \t Object signer\n", ""); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", -diff --git a/cmd/dbck/dbrecover.c b/cmd/dbck/dbrecover.c ---- a/cmd/dbck/dbrecover.c -+++ b/cmd/dbck/dbrecover.c -@@ -283,17 +283,18 @@ addCertToDB(certDBEntryCert *certEntry, - userCert = (SEC_GET_TRUST_FLAGS(trust, trustSSL) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustEmail) & CERTDB_USER) || - (SEC_GET_TRUST_FLAGS(trust, trustObjectSigning) & CERTDB_USER); - if (userCert) - goto createcert; - - /* If user chooses so, ignore expired certificates. */ - allowOverride = (PRBool)((oldCert->keyUsage == certUsageSSLServer) || -- (oldCert->keyUsage == certUsageSSLServerWithStepUp)); -+ (oldCert->keyUsage == certUsageSSLServerWithStepUp) || -+ (oldCert->keyUsage == certUsageIPsec)); - validity = CERT_CheckCertValidTimes(oldCert, PR_Now(), allowOverride); - /* If cert expired and user wants to delete it, ignore it. */ - if ((validity != secCertTimeValid) && - userSaysDeleteCert(&oldCert, 1, dbInvalidCert, info, 0)) { - info->dbErrors[dbInvalidCert]++; - if (info->verbose) { - PR_fprintf(info->out, "Deleting expired certificate:\n"); - dumpCertificate(oldCert, -1, info->out); -diff --git a/cmd/ocspclnt/ocspclnt.c b/cmd/ocspclnt/ocspclnt.c ---- a/cmd/ocspclnt/ocspclnt.c -+++ b/cmd/ocspclnt/ocspclnt.c -@@ -129,16 +129,18 @@ long_usage(char *progname) - PR_fprintf(pr_stderr, - " %-13s Type of certificate usage for verification:\n", - "-u usage"); - PR_fprintf(pr_stderr, - "%-17s c SSL Client\n", ""); - PR_fprintf(pr_stderr, - "%-17s s SSL Server\n", ""); - PR_fprintf(pr_stderr, -+ "%-17s I IPsec\n", ""); -+ PR_fprintf(pr_stderr, - "%-17s e Email Recipient\n", ""); - PR_fprintf(pr_stderr, - "%-17s E Email Signer\n", ""); - PR_fprintf(pr_stderr, - "%-17s S Object Signer\n", ""); - PR_fprintf(pr_stderr, - "%-17s C CA\n", ""); - PR_fprintf(pr_stderr, -@@ -903,16 +905,19 @@ cert_usage_from_char(const char *cert_us - - switch (*cert_usage_str) { - case 'c': - *cert_usage = certUsageSSLClient; - break; - case 's': - *cert_usage = certUsageSSLServer; - break; -+ case 'I': -+ *cert_usage = certUsageIPsec; -+ break; - case 'e': - *cert_usage = certUsageEmailRecipient; - break; - case 'E': - *cert_usage = certUsageEmailSigner; - break; - case 'S': - *cert_usage = certUsageObjectSigner; -diff --git a/cmd/p7verify/p7verify.c b/cmd/p7verify/p7verify.c ---- a/cmd/p7verify/p7verify.c -+++ b/cmd/p7verify/p7verify.c -@@ -112,16 +112,17 @@ Usage(char *progName) - fprintf(stderr, "%-25s 4 - certUsageEmailSigner\n", " "); - fprintf(stderr, "%-25s 5 - certUsageEmailRecipient\n", " "); - fprintf(stderr, "%-25s 6 - certUsageObjectSigner\n", " "); - fprintf(stderr, "%-25s 7 - certUsageUserCertImport\n", " "); - fprintf(stderr, "%-25s 8 - certUsageVerifyCA\n", " "); - fprintf(stderr, "%-25s 9 - certUsageProtectedObjectSigner\n", " "); - fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " "); - fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " "); -+ fprintf(stderr, "%-25s 12 - certUsageIPsec\n", " "); - - exit(-1); - } - - static int - HashDecodeAndVerify(FILE *out, FILE *content, PRFileDesc *signature, - SECCertUsage usage, char *progName) - { -diff --git a/cmd/smimetools/cmsutil.c b/cmd/smimetools/cmsutil.c ---- a/cmd/smimetools/cmsutil.c -+++ b/cmd/smimetools/cmsutil.c -@@ -110,16 +110,17 @@ Usage(void) - fprintf(stderr, "%-25s 4 - certUsageEmailSigner\n", " "); - fprintf(stderr, "%-25s 5 - certUsageEmailRecipient\n", " "); - fprintf(stderr, "%-25s 6 - certUsageObjectSigner\n", " "); - fprintf(stderr, "%-25s 7 - certUsageUserCertImport\n", " "); - fprintf(stderr, "%-25s 8 - certUsageVerifyCA\n", " "); - fprintf(stderr, "%-25s 9 - certUsageProtectedObjectSigner\n", " "); - fprintf(stderr, "%-25s 10 - certUsageStatusResponder\n", " "); - fprintf(stderr, "%-25s 11 - certUsageAnyCA\n", " "); -+ fprintf(stderr, "%-25s 12 - certUsageIPsec\n", " "); - - exit(-1); - } - - struct optionsStr { - char *pwfile; - char *password; - SECCertUsage certUsage; -diff --git a/cmd/vfychain/vfychain.c b/cmd/vfychain/vfychain.c ---- a/cmd/vfychain/vfychain.c -+++ b/cmd/vfychain/vfychain.c -@@ -59,17 +59,18 @@ Usage(const char *progName) - "\t-o oid\t\t Set policy OID for cert validation(Format OID.1.2.3)\n" - "\t-p \t\t Use PKIX Library to validate certificate by calling:\n" - "\t\t\t * CERT_VerifyCertificate if specified once,\n" - "\t\t\t * CERT_PKIXVerifyCert if specified twice and more.\n" - "\t-r\t\t Following certfile is raw binary DER (default)\n" - "\t-t\t\t Following cert is explicitly trusted (overrides db trust).\n" - "\t-u usage \t 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,\n" - "\t\t\t 4=Email signer, 5=Email recipient, 6=Object signer,\n" -- "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA\n" -+ "\t\t\t 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA,\n" -+ "\t\t\t 12=IPsec\n" - "\t-T\t\t Trust both explicit trust anchors (-t) and the database.\n" - "\t\t\t (Default is to only trust certificates marked -t, if there are any,\n" - "\t\t\t or to trust the database if there are certificates marked -t.)\n" - "\t-v\t\t Verbose mode. Prints root cert subject(double the\n" - "\t\t\t argument for whole root cert info)\n" - "\t-w password\t Database password.\n" - "\t-W pwfile\t Password file.\n\n" - "\tRevocation options for PKIX API(invoked with -pp options) is a\n" -diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c ---- a/lib/certdb/certdb.c -+++ b/lib/certdb/certdb.c -@@ -441,16 +441,84 @@ cert_GetCertType(CERTCertificate *cert) - nsCertType = cert_ComputeCertType(cert); - - /* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */ - PORT_Assert(sizeof(cert->nsCertType) == sizeof(PRInt32)); - PR_ATOMIC_SET((PRInt32 *)&cert->nsCertType, nsCertType); - return SECSuccess; - } - -+PRBool -+cert_EKUAllowsIPsecIKE(CERTCertificate *cert, PRBool *isCritical) -+{ -+ SECStatus rv; -+ SECItem encodedExtKeyUsage; -+ CERTOidSequence *extKeyUsage = NULL; -+ PRBool result = PR_FALSE; -+ -+ rv = CERT_GetExtenCriticality(cert->extensions, -+ SEC_OID_X509_EXT_KEY_USAGE, -+ isCritical); -+ if (rv != SECSuccess) { -+ *isCritical = PR_FALSE; -+ } -+ -+ encodedExtKeyUsage.data = NULL; -+ rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE, -+ &encodedExtKeyUsage); -+ if (rv != SECSuccess) { -+ /* EKU not present, allowed. */ -+ result = PR_TRUE; -+ goto done; -+ } -+ -+ extKeyUsage = CERT_DecodeOidSequence(&encodedExtKeyUsage); -+ if (!extKeyUsage) { -+ /* failure */ -+ goto done; -+ } -+ -+ if (findOIDinOIDSeqByTagNum(extKeyUsage, -+ SEC_OID_X509_ANY_EXT_KEY_USAGE) == -+ SECSuccess) { -+ result = PR_TRUE; -+ goto done; -+ } -+ -+ if (findOIDinOIDSeqByTagNum(extKeyUsage, -+ SEC_OID_EXT_KEY_USAGE_IPSEC_IKE) == -+ SECSuccess) { -+ result = PR_TRUE; -+ goto done; -+ } -+ -+ if (findOIDinOIDSeqByTagNum(extKeyUsage, -+ SEC_OID_IPSEC_IKE_END) == -+ SECSuccess) { -+ result = PR_TRUE; -+ goto done; -+ } -+ -+ if (findOIDinOIDSeqByTagNum(extKeyUsage, -+ SEC_OID_IPSEC_IKE_INTERMEDIATE) == -+ SECSuccess) { -+ result = PR_TRUE; -+ goto done; -+ } -+ -+done: -+ if (encodedExtKeyUsage.data != NULL) { -+ PORT_Free(encodedExtKeyUsage.data); -+ } -+ if (extKeyUsage != NULL) { -+ CERT_DestroyOidSequence(extKeyUsage); -+ } -+ return result; -+} -+ - PRUint32 - cert_ComputeCertType(CERTCertificate *cert) - { - SECStatus rv; - SECItem tmpitem; - SECItem encodedExtKeyUsage; - CERTOidSequence *extKeyUsage = NULL; - PRBool basicConstraintPresent = PR_FALSE; -@@ -1078,16 +1146,20 @@ CERT_KeyUsageAndTypeForCertUsage(SECCert - case certUsageSSLClient: - requiredKeyUsage = KU_KEY_CERT_SIGN; - requiredCertType = NS_CERT_TYPE_SSL_CA; - break; - case certUsageSSLServer: - requiredKeyUsage = KU_KEY_CERT_SIGN; - requiredCertType = NS_CERT_TYPE_SSL_CA; - break; -+ case certUsageIPsec: -+ requiredKeyUsage = KU_KEY_CERT_SIGN; -+ requiredCertType = NS_CERT_TYPE_SSL_CA; -+ break; - case certUsageSSLCA: - requiredKeyUsage = KU_KEY_CERT_SIGN; - requiredCertType = NS_CERT_TYPE_SSL_CA; - break; - case certUsageEmailSigner: - requiredKeyUsage = KU_KEY_CERT_SIGN; - requiredCertType = NS_CERT_TYPE_EMAIL_CA; - break; -@@ -1120,16 +1192,21 @@ CERT_KeyUsageAndTypeForCertUsage(SECCert - */ - requiredKeyUsage = KU_DIGITAL_SIGNATURE; - requiredCertType = NS_CERT_TYPE_SSL_CLIENT; - break; - case certUsageSSLServer: - requiredKeyUsage = KU_KEY_AGREEMENT_OR_ENCIPHERMENT; - requiredCertType = NS_CERT_TYPE_SSL_SERVER; - break; -+ case certUsageIPsec: -+ /* RFC 4945 Section 5.1.3.2 */ -+ requiredKeyUsage = KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION; -+ requiredCertType = 0; -+ break; - case certUsageSSLServerWithStepUp: - requiredKeyUsage = - KU_KEY_AGREEMENT_OR_ENCIPHERMENT | KU_NS_GOVT_APPROVED; - requiredCertType = NS_CERT_TYPE_SSL_SERVER; - break; - case certUsageSSLCA: - requiredKeyUsage = KU_KEY_CERT_SIGN; - requiredCertType = NS_CERT_TYPE_SSL_CA; -diff --git a/lib/certdb/certi.h b/lib/certdb/certi.h ---- a/lib/certdb/certi.h -+++ b/lib/certdb/certi.h -@@ -289,16 +289,19 @@ SECStatus cert_DestroyLocks(void); - extern SECStatus cert_GetCertType(CERTCertificate* cert); - - /* - * compute and return the value of nsCertType for cert, but do not - * update the CERTCertificate. - */ - extern PRUint32 cert_ComputeCertType(CERTCertificate* cert); - -+extern PRBool cert_EKUAllowsIPsecIKE(CERTCertificate* cert, -+ PRBool* isCritical); -+ - void cert_AddToVerifyLog(CERTVerifyLog* log, CERTCertificate* cert, - long errorCode, unsigned int depth, void* arg); - - /* Insert a DER CRL into the CRL cache, and take ownership of it. - * - * cert_CacheCRLByGeneralName takes ownership of the memory in crl argument - * completely. crl must be freeable by SECITEM_FreeItem. It will be freed - * immediately if it is rejected from the CRL cache, or later during cache -diff --git a/lib/certdb/certt.h b/lib/certdb/certt.h ---- a/lib/certdb/certt.h -+++ b/lib/certdb/certt.h -@@ -442,17 +442,18 @@ typedef enum SECCertUsageEnum { - certUsageSSLCA = 3, - certUsageEmailSigner = 4, - certUsageEmailRecipient = 5, - certUsageObjectSigner = 6, - certUsageUserCertImport = 7, - certUsageVerifyCA = 8, - certUsageProtectedObjectSigner = 9, - certUsageStatusResponder = 10, -- certUsageAnyCA = 11 -+ certUsageAnyCA = 11, -+ certUsageIPsec = 12 - } SECCertUsage; - - typedef PRInt64 SECCertificateUsage; - - #define certificateUsageCheckAllUsages (0x0000) - #define certificateUsageSSLClient (0x0001) - #define certificateUsageSSLServer (0x0002) - #define certificateUsageSSLServerWithStepUp (0x0004) -@@ -460,18 +461,19 @@ typedef PRInt64 SECCertificateUsage; - #define certificateUsageEmailSigner (0x0010) - #define certificateUsageEmailRecipient (0x0020) - #define certificateUsageObjectSigner (0x0040) - #define certificateUsageUserCertImport (0x0080) - #define certificateUsageVerifyCA (0x0100) - #define certificateUsageProtectedObjectSigner (0x0200) - #define certificateUsageStatusResponder (0x0400) - #define certificateUsageAnyCA (0x0800) -+#define certificateUsageIPsec (0x1000) - --#define certificateUsageHighest certificateUsageAnyCA -+#define certificateUsageHighest certificateUsageIPsec - - /* - * Does the cert belong to the user, a peer, or a CA. - */ - typedef enum CERTCertOwnerEnum { - certOwnerUser = 0, - certOwnerPeer = 1, - certOwnerCA = 2 -diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c ---- a/lib/certhigh/certvfy.c -+++ b/lib/certhigh/certvfy.c -@@ -284,16 +284,20 @@ CERT_TrustFlagsForCACertUsage(SECCertUsa - requiredFlags = CERTDB_TRUSTED_CLIENT_CA; - trustType = trustSSL; - break; - case certUsageSSLServer: - case certUsageSSLCA: - requiredFlags = CERTDB_TRUSTED_CA; - trustType = trustSSL; - break; -+ case certUsageIPsec: -+ requiredFlags = CERTDB_TRUSTED_CA; -+ trustType = trustSSL; -+ break; - case certUsageSSLServerWithStepUp: - requiredFlags = CERTDB_TRUSTED_CA | CERTDB_GOVT_APPROVED_CA; - trustType = trustSSL; - break; - case certUsageEmailSigner: - case certUsageEmailRecipient: - requiredFlags = CERTDB_TRUSTED_CA; - trustType = trustEmail; -@@ -574,16 +578,17 @@ cert_VerifyCertChainOld(CERTCertDBHandle - EXIT_IF_NOT_LOGGING(log); - requiredCAKeyUsage = 0; - caCertType = 0; - } - - switch (certUsage) { - case certUsageSSLClient: - case certUsageSSLServer: -+ case certUsageIPsec: - case certUsageSSLCA: - case certUsageSSLServerWithStepUp: - case certUsageEmailSigner: - case certUsageEmailRecipient: - case certUsageObjectSigner: - case certUsageVerifyCA: - case certUsageAnyCA: - case certUsageStatusResponder: -@@ -640,17 +645,18 @@ cert_VerifyCertChainOld(CERTCertDBHandle - * certifcates (except leaf (EE) certs, root CAs, and self-issued - * intermediate CAs) to be verified against the name constraints - * extension of the issuer certificate. - */ - if (subjectCertIsSelfIssued == PR_FALSE) { - CERTGeneralName *subjectNameList; - int subjectNameListLen; - int i; -- PRBool getSubjectCN = (!count && certUsage == certUsageSSLServer); -+ PRBool getSubjectCN = (!count && -+ (certUsage == certUsageSSLServer || certUsage == certUsageIPsec)); - subjectNameList = - CERT_GetConstrainedCertificateNames(subjectCert, arena, - getSubjectCN); - if (!subjectNameList) - goto loser; - subjectNameListLen = CERT_GetNamesLength(subjectNameList); - if (!subjectNameListLen) - goto loser; -@@ -981,16 +987,17 @@ CERT_VerifyCACertForUsage(CERTCertDBHand - EXIT_IF_NOT_LOGGING(log); - requiredCAKeyUsage = 0; - caCertType = 0; - } - - switch (certUsage) { - case certUsageSSLClient: - case certUsageSSLServer: -+ case certUsageIPsec: - case certUsageSSLCA: - case certUsageSSLServerWithStepUp: - case certUsageEmailSigner: - case certUsageEmailRecipient: - case certUsageObjectSigner: - case certUsageVerifyCA: - case certUsageStatusResponder: - if (CERT_TrustFlagsForCACertUsage(certUsage, &requiredFlags, -@@ -1166,16 +1173,17 @@ cert_CheckLeafTrust(CERTCertificate *cer - *failedFlags = 0; - *trusted = PR_FALSE; - - /* check trust flags to see if this cert is directly trusted */ - if (CERT_GetCertTrust(cert, &trust) == SECSuccess) { - switch (certUsage) { - case certUsageSSLClient: - case certUsageSSLServer: -+ case certUsageIPsec: - flags = trust.sslFlags; - - /* is the cert directly trusted or not trusted ? */ - if (flags & CERTDB_TERMINAL_RECORD) { /* the trust record is - * authoritative */ - if (flags & CERTDB_TRUSTED) { /* trust this cert */ - *trusted = PR_TRUE; - return SECSuccess; -@@ -1342,45 +1350,48 @@ CERT_VerifyCertificate(CERTCertDBHandle - /* we don't have a place to return status for all usages, - so we can skip checks for usages that aren't required */ - checkAllUsages = PR_FALSE; - } - valid = SECSuccess; /* start off assuming cert is valid */ - - /* make sure that the cert is valid at time t */ - allowOverride = (PRBool)((requiredUsages & certificateUsageSSLServer) || -- (requiredUsages & certificateUsageSSLServerWithStepUp)); -+ (requiredUsages & certificateUsageSSLServerWithStepUp) || -+ (requiredUsages & certificateUsageIPsec)); - validity = CERT_CheckCertValidTimes(cert, t, allowOverride); - if (validity != secCertTimeValid) { - valid = SECFailure; - LOG_ERROR_OR_EXIT(log, cert, 0, validity); - } - - /* check key usage and netscape cert type */ - cert_GetCertType(cert); - certType = cert->nsCertType; - - for (i = 1; i <= certificateUsageHighest && - (SECSuccess == valid || returnedUsages || log);) { -+ PRBool typeAndEKUAllowed = PR_TRUE; - PRBool requiredUsage = (i & requiredUsages) ? PR_TRUE : PR_FALSE; - if (PR_FALSE == requiredUsage && PR_FALSE == checkAllUsages) { - NEXT_USAGE(); - } - if (returnedUsages) { - *returnedUsages |= i; /* start off assuming this usage is valid */ - } - switch (certUsage) { - case certUsageSSLClient: - case certUsageSSLServer: - case certUsageSSLServerWithStepUp: - case certUsageSSLCA: - case certUsageEmailSigner: - case certUsageEmailRecipient: - case certUsageObjectSigner: - case certUsageStatusResponder: -+ case certUsageIPsec: - rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE, - &requiredKeyUsage, - &requiredCertType); - if (rv != SECSuccess) { - PORT_Assert(0); - /* EXIT_IF_NOT_LOGGING(log); XXX ??? */ - requiredKeyUsage = 0; - requiredCertType = 0; -@@ -1403,17 +1414,29 @@ CERT_VerifyCertificate(CERTCertDBHandle - } - if (CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess) { - if (PR_TRUE == requiredUsage) { - PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE); - } - LOG_ERROR(log, cert, 0, requiredKeyUsage); - INVALID_USAGE(); - } -- if (!(certType & requiredCertType)) { -+ if (certUsage != certUsageIPsec) { -+ if (!(certType & requiredCertType)) { -+ typeAndEKUAllowed = PR_FALSE; -+ } -+ } else { -+ PRBool isCritical; -+ PRBool allowed = cert_EKUAllowsIPsecIKE(cert, &isCritical); -+ /* If the extension isn't critical, we allow any EKU value. */ -+ if (isCritical && !allowed) { -+ typeAndEKUAllowed = PR_FALSE; -+ } -+ } -+ if (!typeAndEKUAllowed) { - if (PR_TRUE == requiredUsage) { - PORT_SetError(SEC_ERROR_INADEQUATE_CERT_TYPE); - } - LOG_ERROR(log, cert, 0, requiredCertType); - INVALID_USAGE(); - } - - rv = cert_CheckLeafTrust(cert, certUsage, &flags, &trusted); -@@ -1503,29 +1526,31 @@ cert_VerifyCertWithFlags(CERTCertDBHandl - if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); - LOG_ERROR_OR_EXIT(log, cert, 0, 0); - } - #endif - - /* make sure that the cert is valid at time t */ - allowOverride = (PRBool)((certUsage == certUsageSSLServer) || -- (certUsage == certUsageSSLServerWithStepUp)); -+ (certUsage == certUsageSSLServerWithStepUp) || -+ (certUsage == certUsageIPsec)); - validity = CERT_CheckCertValidTimes(cert, t, allowOverride); - if (validity != secCertTimeValid) { - LOG_ERROR_OR_EXIT(log, cert, 0, validity); - } - - /* check key usage and netscape cert type */ - cert_GetCertType(cert); - certType = cert->nsCertType; - switch (certUsage) { - case certUsageSSLClient: - case certUsageSSLServer: - case certUsageSSLServerWithStepUp: -+ case certUsageIPsec: - case certUsageSSLCA: - case certUsageEmailSigner: - case certUsageEmailRecipient: - case certUsageObjectSigner: - case certUsageStatusResponder: - rv = CERT_KeyUsageAndTypeForCertUsage(certUsage, PR_FALSE, - &requiredKeyUsage, - &requiredCertType); -@@ -1628,16 +1653,17 @@ CERT_VerifyCertNow(CERTCertDBHandle *han - } - - /* [ FROM pcertdb.c ] */ - /* - * Supported usage values and types: - * certUsageSSLClient - * certUsageSSLServer - * certUsageSSLServerWithStepUp -+ * certUsageIPsec - * certUsageEmailSigner - * certUsageEmailRecipient - * certUsageObjectSigner - */ - - CERTCertificate * - CERT_FindMatchingCert(CERTCertDBHandle *handle, SECItem *derName, - CERTCertOwner owner, SECCertUsage usage, -diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c ---- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c -+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c -@@ -2909,17 +2909,18 @@ PKIX_PL_Cert_CheckValidity( - PKIX_DATEGETPRTIMEFAILED); - } else { - timeToCheck = PR_Now(); - } - - requiredUsages = ((PKIX_PL_NssContext*)plContext)->certificateUsage; - allowOverride = - (PRBool)((requiredUsages & certificateUsageSSLServer) || -- (requiredUsages & certificateUsageSSLServerWithStepUp)); -+ (requiredUsages & certificateUsageSSLServerWithStepUp) || -+ (requiredUsages & certificateUsageIPsec)); - val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride); - if (val != secCertTimeValid){ - PKIX_ERROR(PKIX_CERTCHECKCERTVALIDTIMESFAILED); - } - - cleanup: - PKIX_RETURN(CERT); - } -@@ -2996,18 +2997,27 @@ PKIX_PL_Cert_VerifyCertAndKeyType( - /* use this key usage and cert type for certUsageAnyCA and - * certUsageVerifyCA. */ - requiredKeyUsage = KU_KEY_CERT_SIGN; - requiredCertType = NS_CERT_TYPE_CA; - } - if (CERT_CheckKeyUsage(cert->nssCert, requiredKeyUsage) != SECSuccess) { - PKIX_ERROR(PKIX_CERTCHECKKEYUSAGEFAILED); - } -- if (!(certType & requiredCertType)) { -- PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED); -+ if (certUsage != certUsageIPsec) { -+ if (!(certType & requiredCertType)) { -+ PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED); -+ } -+ } else { -+ PRBool isCritical; -+ PRBool allowed = cert_EKUAllowsIPsecIKE(cert->nssCert, &isCritical); -+ /* If the extension isn't critical, we allow any EKU value. */ -+ if (isCritical && !allowed) { -+ PKIX_ERROR(PKIX_CERTCHECKCERTTYPEFAILED); -+ } - } - cleanup: - PKIX_DECREF(basicConstraints); - PKIX_RETURN(CERT); - } - - /* - * FUNCTION: PKIX_PL_Cert_VerifyKeyUsage (see comments in pkix_pl_pki.h) -diff --git a/tests/chains/chains.sh b/tests/chains/chains.sh ---- a/tests/chains/chains.sh -+++ b/tests/chains/chains.sh -@@ -347,16 +347,22 @@ create_cert_req() - OPTIONS= - - if [ "${TYPE}" != "EE" ]; then - CA_FLAG="-2" - EXT_DATA="y - -1 - y - " -+ else -+ CA_FLAG="-2" -+ EXT_DATA="n -+-1 -+y -+" - fi - - process_crldp - - echo "${EXT_DATA}" > ${CU_DATA} - - TESTNAME="Creating ${TYPE} certifiate request ${REQ}" - echo "${SCRIPTNAME}: ${TESTNAME}" -@@ -1253,16 +1259,22 @@ process_scenario() - - while read AIA_FILE - do - rm ${AIA_FILE} 2> /dev/null - done < ${AIA_FILES} - rm ${AIA_FILES} - } - -+# process ipsec.cfg separately -+chains_ipsec() -+{ -+ process_scenario "ipsec.cfg" -+} -+ - # process ocspd.cfg separately - chains_ocspd() - { - process_scenario "ocspd.cfg" - } - - # process ocsp.cfg separately - chains_method() -@@ -1274,29 +1286,31 @@ chains_method() - # local shell function to process all testing scenarios - ######################################################################## - chains_main() - { - while read LINE - do - [ `echo ${LINE} | cut -b 1` != "#" ] || continue - -+ [ ${LINE} != 'ipsec.cfg' ] || continue - [ ${LINE} != 'ocspd.cfg' ] || continue - [ ${LINE} != 'method.cfg' ] || continue - - process_scenario ${LINE} - done < "${CHAINS_SCENARIOS}" - } - - ################################ main ################################## - - chains_init - VERIFY_CLASSIC_ENGINE_TOO= - chains_ocspd - VERIFY_CLASSIC_ENGINE_TOO=1 -+chains_ipsec - chains_run_httpserv get - chains_method - chains_stop_httpserv - chains_run_httpserv post - chains_method - chains_stop_httpserv - VERIFY_CLASSIC_ENGINE_TOO= - chains_run_httpserv random -diff --git a/tests/chains/scenarios/ipsec.cfg b/tests/chains/scenarios/ipsec.cfg -new file mode 100644 ---- /dev/null -+++ b/tests/chains/scenarios/ipsec.cfg -@@ -0,0 +1,61 @@ -+# This Source Code Form is subject to the terms of the Mozilla Public -+# License, v. 2.0. If a copy of the MPL was not distributed with this -+# file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+scenario IPsec -+ -+entity Root -+ type Root -+ -+entity CA1 -+ type Intermediate -+ issuer Root -+ -+entity NoKU -+ type EE -+ issuer CA1 -+ -+entity DigSig -+ type EE -+ issuer CA1 -+ ku digitalSignature -+ -+entity NonRep -+ type EE -+ issuer CA1 -+ ku nonRepudiation -+ -+entity DigSigNonRepAndExtra -+ type EE -+ issuer CA1 -+ ku digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement -+ -+entity NoMatch -+ type EE -+ issuer CA1 -+ ku keyEncipherment,dataEncipherment,keyAgreement -+ -+db All -+ -+import Root::C,, -+import CA1:Root: -+ -+verify NoKU:CA1 -+ usage 12 -+ result pass -+ -+verify DigSig:CA1 -+ usage 12 -+ result pass -+ -+verify NonRep:CA1 -+ usage 12 -+ result pass -+ -+verify DigSigNonRepAndExtra:CA1 -+ usage 12 -+ result pass -+ -+verify NoMatch:CA1 -+ usage 12 -+ result fail -diff --git a/tests/chains/scenarios/scenarios b/tests/chains/scenarios/scenarios ---- a/tests/chains/scenarios/scenarios -+++ b/tests/chains/scenarios/scenarios -@@ -17,8 +17,9 @@ bridgewithhalfaia.cfg - bridgewithpolicyextensionandmapping.cfg - realcerts.cfg - dsa.cfg - revoc.cfg - ocsp.cfg - crldp.cfg - trustanchors.cfg - nameconstraints.cfg -+ipsec.cfg diff --git a/SOURCES/nss-add-ipsec-usage-to-manpage.patch b/SOURCES/nss-add-ipsec-usage-to-manpage.patch new file mode 100644 index 0000000..cedd6a3 --- /dev/null +++ b/SOURCES/nss-add-ipsec-usage-to-manpage.patch @@ -0,0 +1,13 @@ +diff -up ./nss/doc/certutil.xml.add_ipsec_usage ./nss/doc/certutil.xml +--- ./nss/doc/certutil.xml.add_ipsec_usage 2019-06-05 09:40:37.848895763 -0700 ++++ ./nss/doc/certutil.xml 2019-06-05 09:40:47.079891058 -0700 +@@ -428,6 +428,9 @@ of the attribute codes: + + J (as an object signer) + ++ ++I (as an IPSEC user) ++ + + + diff --git a/SOURCES/nss-check-policy-file.patch b/SOURCES/nss-check-policy-file.patch deleted file mode 100644 index 898ffef..0000000 --- a/SOURCES/nss-check-policy-file.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -up nss/lib/pk11wrap/pk11pars.c.check_policy_file nss/lib/pk11wrap/pk11pars.c ---- nss/lib/pk11wrap/pk11pars.c.check_policy_file 2017-02-28 10:49:53.811343156 +0100 -+++ nss/lib/pk11wrap/pk11pars.c 2017-02-28 10:59:41.178647490 +0100 -@@ -109,6 +109,7 @@ secmod_NewModule(void) - *other flags are set */ - #define SECMOD_FLAG_MODULE_DB_SKIP_FIRST 0x02 - #define SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB 0x04 -+#define SECMOD_FLAG_MODULE_DB_POLICY_ONLY 0x08 - - /* private flags for internal (field in SECMODModule). */ - /* The meaing of these flags is as follows: -@@ -704,6 +705,9 @@ SECMOD_CreateModuleEx(const char *librar - if (NSSUTIL_ArgHasFlag("flags", "defaultModDB", nssc)) { - flags |= SECMOD_FLAG_MODULE_DB_DEFAULT_MODDB; - } -+ if (NSSUTIL_ArgHasFlag("flags", "policyOnly", nssc)) { -+ flags |= SECMOD_FLAG_MODULE_DB_POLICY_ONLY; -+ } - /* additional moduleDB flags could be added here in the future */ - mod->isModuleDB = (PRBool)flags; - } -@@ -744,6 +748,14 @@ SECMOD_GetDefaultModDBFlag(SECMODModule - } - - PRBool -+secmod_PolicyOnly(SECMODModule *mod) -+{ -+ char flags = (char) mod->isModuleDB; -+ -+ return (flags & SECMOD_FLAG_MODULE_DB_POLICY_ONLY) ? PR_TRUE : PR_FALSE; -+} -+ -+PRBool - secmod_IsInternalKeySlot(SECMODModule *mod) - { - char flags = (char)mod->internal; -@@ -1661,6 +1673,12 @@ SECMOD_LoadModule(char *modulespec, SECM - if (!module) { - goto loser; - } -+ -+ /* a policy only stanza doesn't actually get 'loaded'. policy has already -+ * been parsed as a side effect of the CreateModuleEx call */ -+ if (secmod_PolicyOnly(module)) { -+ return module; -+ } - if (parent) { - module->parent = SECMOD_ReferenceModule(parent); - if (module->internal && secmod_IsInternalKeySlot(parent)) { diff --git a/SOURCES/nss-devslot-reinsert.patch b/SOURCES/nss-devslot-reinsert.patch deleted file mode 100644 index f68a81a..0000000 --- a/SOURCES/nss-devslot-reinsert.patch +++ /dev/null @@ -1,95 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1521731296 -3600 -# Thu Mar 22 16:08:16 2018 +0100 -# Node ID 6ae3ab8a1e7b4161f3f8eee90db7a745acced408 -# Parent dedf5290c679153e5b3555ba9c711fe62323c156 -Bug 1447628, devslot: avoid deadlock when re-inserting a token, r=rrelyea - -diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c ---- a/lib/dev/devslot.c -+++ b/lib/dev/devslot.c -@@ -96,10 +96,16 @@ nssSlot_ResetDelay( - } - - static PRBool --within_token_delay_period(const NSSSlot *slot) -+token_status_checked(const NSSSlot *slot) - { - PRIntervalTime time; - int lastPingState = slot->lastTokenPingState; -+ /* When called from the same thread, that means -+ * nssSlot_IsTokenPresent() is called recursively through -+ * nssSlot_Refresh(). Return immediately in that case. */ -+ if (slot->isPresentThread == PR_GetCurrentThread()) { -+ return PR_TRUE; -+ } - /* Set the delay time for checking the token presence */ - if (s_token_delay_time == 0) { - s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME); -@@ -130,7 +136,7 @@ nssSlot_IsTokenPresent( - - /* avoid repeated calls to check token status within set interval */ - PZ_Lock(slot->isPresentLock); -- if (within_token_delay_period(slot)) { -+ if (token_status_checked(slot)) { - CK_FLAGS ckFlags = slot->ckFlags; - PZ_Unlock(slot->isPresentLock); - return ((ckFlags & CKF_TOKEN_PRESENT) != 0); -@@ -146,12 +152,12 @@ nssSlot_IsTokenPresent( - - /* set up condition so only one thread is active in this part of the code at a time */ - PZ_Lock(slot->isPresentLock); -- while (slot->inIsPresent) { -+ while (slot->isPresentThread) { - PR_WaitCondVar(slot->isPresentCondition, 0); - } - /* if we were one of multiple threads here, the first thread will have - * given us the answer, no need to make more queries of the token. */ -- if (within_token_delay_period(slot)) { -+ if (token_status_checked(slot)) { - CK_FLAGS ckFlags = slot->ckFlags; - PZ_Unlock(slot->isPresentLock); - return ((ckFlags & CKF_TOKEN_PRESENT) != 0); -@@ -159,7 +165,7 @@ nssSlot_IsTokenPresent( - /* this is the winning thread, block all others until we've determined - * if the token is present and that it needs initialization. */ - slot->lastTokenPingState = nssSlotLastPingState_Update; -- slot->inIsPresent = PR_TRUE; -+ slot->isPresentThread = PR_GetCurrentThread(); - - PZ_Unlock(slot->isPresentLock); - -@@ -257,7 +263,7 @@ done: - slot->lastTokenPingTime = PR_IntervalNow(); - slot->lastTokenPingState = nssSlotLastPingState_Valid; - } -- slot->inIsPresent = PR_FALSE; -+ slot->isPresentThread = NULL; - PR_NotifyAllCondVar(slot->isPresentCondition); - PZ_Unlock(slot->isPresentLock); - return isPresent; -diff --git a/lib/dev/devt.h b/lib/dev/devt.h ---- a/lib/dev/devt.h -+++ b/lib/dev/devt.h -@@ -92,7 +92,7 @@ struct NSSSlotStr { - PK11SlotInfo *pk11slot; - PZLock *isPresentLock; - PRCondVar *isPresentCondition; -- PRBool inIsPresent; -+ PRThread *isPresentThread; - }; - - struct nssSessionStr { -diff --git a/lib/pk11wrap/dev3hack.c b/lib/pk11wrap/dev3hack.c ---- a/lib/pk11wrap/dev3hack.c -+++ b/lib/pk11wrap/dev3hack.c -@@ -122,7 +122,7 @@ nssSlot_CreateFromPK11SlotInfo(NSSTrustD - rvSlot->lock = (nss3slot->isThreadSafe) ? NULL : nss3slot->sessionLock; - rvSlot->isPresentLock = PZ_NewLock(nssiLockOther); - rvSlot->isPresentCondition = PR_NewCondVar(rvSlot->isPresentLock); -- rvSlot->inIsPresent = PR_FALSE; -+ rvSlot->isPresentThread = NULL; - rvSlot->lastTokenPingState = nssSlotLastPingState_Reset; - return rvSlot; - } diff --git a/SOURCES/nss-disable-cipher-suites.patch b/SOURCES/nss-disable-cipher-suites.patch index b593479..92a7472 100644 --- a/SOURCES/nss-disable-cipher-suites.patch +++ b/SOURCES/nss-disable-cipher-suites.patch @@ -1,7 +1,7 @@ diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c ---- nss/lib/ssl/ssl3con.c.disable-cipher-suites 2017-04-26 11:53:57.980039632 +0200 -+++ nss/lib/ssl/ssl3con.c 2017-04-26 11:55:56.374264466 +0200 -@@ -97,7 +97,10 @@ static ssl3CipherSuiteCfg cipherSuites[s +--- nss/lib/ssl/ssl3con.c.disable-cipher-suites 2019-03-21 14:24:14.660150519 +0100 ++++ nss/lib/ssl/ssl3con.c 2019-03-21 14:25:12.997929443 +0100 +@@ -96,7 +96,10 @@ static ssl3CipherSuiteCfg cipherSuites[s { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -12,8 +12,8 @@ diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -@@ -106,7 +109,10 @@ static ssl3CipherSuiteCfg cipherSuites[s + { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +@@ -105,7 +108,10 @@ static ssl3CipherSuiteCfg cipherSuites[s { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -24,4 +24,4 @@ diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, diff --git a/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch b/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch new file mode 100644 index 0000000..1b57e75 --- /dev/null +++ b/SOURCES/nss-disable-pkcs1-sigalgs-tls13.patch @@ -0,0 +1,202 @@ +# HG changeset patch +# User Daiki Ueno +# Date 1559031046 -7200 +# Tue May 28 10:10:46 2019 +0200 +# Node ID 0a4e8b72a92e144663c2f35d3836f7828cfc97f2 +# Parent 370a9e85f216f5f4ff277995a997c5c9b23a819f +Bug 1552208, prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3, r=mt + +Reviewers: mt + +Reviewed By: mt + +Subscribers: mt, jcj, ueno, rrelyea, HubertKario, KevinJacobs + +Tags: #secure-revision, #bmo-crypto-core-security + +Bug #: 1552208 + +Differential Revision: https://phabricator.services.mozilla.com/D32454 + +diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc +--- a/gtests/ssl_gtest/ssl_auth_unittest.cc ++++ b/gtests/ssl_gtest/ssl_auth_unittest.cc +@@ -701,6 +701,44 @@ TEST_P(TlsConnectTls12, ClientAuthIncons + ConnectExpectAlert(server_, kTlsAlertIllegalParameter); + } + ++TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureScheme) { ++ static const SSLSignatureScheme kSignatureScheme[] = { ++ ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pss_rsae_sha256}; ++ ++ Reset(TlsAgent::kServerRsa, "rsa"); ++ client_->SetSignatureSchemes(kSignatureScheme, ++ PR_ARRAY_SIZE(kSignatureScheme)); ++ server_->SetSignatureSchemes(kSignatureScheme, ++ PR_ARRAY_SIZE(kSignatureScheme)); ++ client_->SetupClientAuth(); ++ server_->RequestClientAuth(true); ++ ++ auto capture_cert_verify = MakeTlsFilter( ++ client_, kTlsHandshakeCertificateVerify); ++ capture_cert_verify->EnableDecryption(); ++ ++ Connect(); ++ CheckSigScheme(capture_cert_verify, 0, server_, ssl_sig_rsa_pss_rsae_sha256, ++ 1024); ++} ++ ++TEST_P(TlsConnectTls13, ClientAuthPkcs1SignatureSchemeOnly) { ++ static const SSLSignatureScheme kSignatureScheme[] = { ++ ssl_sig_rsa_pkcs1_sha256}; ++ ++ Reset(TlsAgent::kServerRsa, "rsa"); ++ client_->SetSignatureSchemes(kSignatureScheme, ++ PR_ARRAY_SIZE(kSignatureScheme)); ++ server_->SetSignatureSchemes(kSignatureScheme, ++ PR_ARRAY_SIZE(kSignatureScheme)); ++ client_->SetupClientAuth(); ++ server_->RequestClientAuth(true); ++ ++ ConnectExpectAlert(server_, kTlsAlertHandshakeFailure); ++ server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); ++ client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP); ++} ++ + class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter { + public: + TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr& a) +@@ -933,7 +971,7 @@ TEST_P(TlsConnectTls13, InconsistentSign + client_->CheckErrorCode(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); + } + +-TEST_P(TlsConnectTls12Plus, RequestClientAuthWithSha384) { ++TEST_P(TlsConnectTls12, RequestClientAuthWithSha384) { + server_->SetSignatureSchemes(kSignatureSchemeRsaSha384, + PR_ARRAY_SIZE(kSignatureSchemeRsaSha384)); + server_->RequestClientAuth(false); +@@ -1395,12 +1433,21 @@ TEST_P(TlsSignatureSchemeConfiguration, + INSTANTIATE_TEST_CASE_P( + SignatureSchemeRsa, TlsSignatureSchemeConfiguration, + ::testing::Combine( +- TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12Plus, ++ TlsConnectTestBase::kTlsVariantsAll, TlsConnectTestBase::kTlsV12, + ::testing::Values(TlsAgent::kServerRsaSign), + ::testing::Values(ssl_auth_rsa_sign), + ::testing::Values(ssl_sig_rsa_pkcs1_sha256, ssl_sig_rsa_pkcs1_sha384, + ssl_sig_rsa_pkcs1_sha512, ssl_sig_rsa_pss_rsae_sha256, + ssl_sig_rsa_pss_rsae_sha384))); ++// RSASSA-PKCS1-v1_5 is not allowed to be used in TLS 1.3 ++INSTANTIATE_TEST_CASE_P( ++ SignatureSchemeRsaTls13, TlsSignatureSchemeConfiguration, ++ ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, ++ TlsConnectTestBase::kTlsV13, ++ ::testing::Values(TlsAgent::kServerRsaSign), ++ ::testing::Values(ssl_auth_rsa_sign), ++ ::testing::Values(ssl_sig_rsa_pss_rsae_sha256, ++ ssl_sig_rsa_pss_rsae_sha384))); + // PSS with SHA-512 needs a bigger key to work. + INSTANTIATE_TEST_CASE_P( + SignatureSchemeBigRsa, TlsSignatureSchemeConfiguration, +diff --git a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc +--- a/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc ++++ b/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc +@@ -68,12 +68,6 @@ class TlsCipherSuiteTestBase : public Tl + virtual void SetupCertificate() { + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + switch (sig_scheme_) { +- case ssl_sig_rsa_pkcs1_sha256: +- case ssl_sig_rsa_pkcs1_sha384: +- case ssl_sig_rsa_pkcs1_sha512: +- Reset(TlsAgent::kServerRsaSign); +- auth_type_ = ssl_auth_rsa_sign; +- break; + case ssl_sig_rsa_pss_rsae_sha256: + case ssl_sig_rsa_pss_rsae_sha384: + Reset(TlsAgent::kServerRsaSign); +@@ -330,6 +324,12 @@ static SSLSignatureScheme kSignatureSche + ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_pss_sha384, + ssl_sig_rsa_pss_pss_sha512}; + ++static SSLSignatureScheme kSignatureSchemesParamsArrTls13[] = { ++ ssl_sig_ecdsa_secp256r1_sha256, ssl_sig_ecdsa_secp384r1_sha384, ++ ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_rsae_sha384, ++ ssl_sig_rsa_pss_rsae_sha512, ssl_sig_rsa_pss_pss_sha256, ++ ssl_sig_rsa_pss_pss_sha384, ssl_sig_rsa_pss_pss_sha512}; ++ + INSTANTIATE_CIPHER_TEST_P(RC4, Stream, V10ToV12, kDummyNamedGroupParams, + kDummySignatureSchemesParams, + TLS_RSA_WITH_RC4_128_SHA, +@@ -394,7 +394,7 @@ INSTANTIATE_CIPHER_TEST_P( + #ifndef NSS_DISABLE_TLS_1_3 + INSTANTIATE_CIPHER_TEST_P(TLS13, All, V13, + ::testing::ValuesIn(kFasterDHEGroups), +- ::testing::ValuesIn(kSignatureSchemesParamsArr), ++ ::testing::ValuesIn(kSignatureSchemesParamsArrTls13), + TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_256_GCM_SHA384); + INSTANTIATE_CIPHER_TEST_P(TLS13AllGroups, All, V13, +diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc +--- a/gtests/ssl_gtest/ssl_extension_unittest.cc ++++ b/gtests/ssl_gtest/ssl_extension_unittest.cc +@@ -436,14 +436,14 @@ TEST_P(TlsExtensionTest12Plus, Signature + } + + TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) { +- // 31 unknown signature algorithms followed by sha-256, rsa ++ // 31 unknown signature algorithms followed by sha-256, rsa-pss + const uint8_t val[] = { + 0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, +- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01}; ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x08, 0x04}; + DataBuffer extension(val, sizeof(val)); + MakeTlsFilter(client_, ssl_signature_algorithms_xtn, + extension); +diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c +--- a/lib/ssl/ssl3con.c ++++ b/lib/ssl/ssl3con.c +@@ -64,6 +64,7 @@ static SECStatus ssl3_FlushHandshakeMess + static CK_MECHANISM_TYPE ssl3_GetHashMechanismByHashType(SSLHashType hashType); + static CK_MECHANISM_TYPE ssl3_GetMgfMechanismByHashType(SSLHashType hash); + PRBool ssl_IsRsaPssSignatureScheme(SSLSignatureScheme scheme); ++PRBool ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme); + PRBool ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme); + + const PRUint8 ssl_hello_retry_random[] = { +@@ -4101,6 +4102,9 @@ ssl_SignatureSchemeValid(SSLSignatureSch + if (ssl_SignatureSchemeToHashType(scheme) == ssl_hash_sha1) { + return PR_FALSE; + } ++ if (ssl_IsRsaPkcs1SignatureScheme(scheme)) { ++ return PR_FALSE; ++ } + /* With TLS 1.3, EC keys should have been selected based on calling + * ssl_SignatureSchemeFromSpki(), reject them otherwise. */ + return spkiOid != SEC_OID_ANSIX962_EC_PUBLIC_KEY; +@@ -4351,6 +4355,22 @@ ssl_IsRsaPssSignatureScheme(SSLSignature + } + + PRBool ++ssl_IsRsaPkcs1SignatureScheme(SSLSignatureScheme scheme) ++{ ++ switch (scheme) { ++ case ssl_sig_rsa_pkcs1_sha256: ++ case ssl_sig_rsa_pkcs1_sha384: ++ case ssl_sig_rsa_pkcs1_sha512: ++ case ssl_sig_rsa_pkcs1_sha1: ++ return PR_TRUE; ++ ++ default: ++ return PR_FALSE; ++ } ++ return PR_FALSE; ++} ++ ++PRBool + ssl_IsDsaSignatureScheme(SSLSignatureScheme scheme) + { + switch (scheme) { diff --git a/SOURCES/nss-disable-tls13-gtests.patch b/SOURCES/nss-disable-tls13-gtests.patch deleted file mode 100644 index cc7b661..0000000 --- a/SOURCES/nss-disable-tls13-gtests.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up nss/gtests/ssl_gtest/ssl_skip_unittest.cc.disable-tls13-gtests nss/gtests/ssl_gtest/ssl_skip_unittest.cc ---- nss/gtests/ssl_gtest/ssl_skip_unittest.cc.disable-tls13-gtests 2017-10-16 17:13:51.798825185 +0200 -+++ nss/gtests/ssl_gtest/ssl_skip_unittest.cc 2017-10-16 17:14:08.238496409 +0200 -@@ -234,6 +234,8 @@ INSTANTIATE_TEST_CASE_P( - INSTANTIATE_TEST_CASE_P(SkipVariants, TlsSkipTest, - ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, - TlsConnectTestBase::kTlsV11V12)); -+#if 0 - INSTANTIATE_TEST_CASE_P(Skip13Variants, Tls13SkipTest, - TlsConnectTestBase::kTlsVariantsAll); -+#endif - } // namespace nss_test diff --git a/SOURCES/nss-dsa-policy.patch b/SOURCES/nss-dsa-policy.patch new file mode 100644 index 0000000..5a191ff --- /dev/null +++ b/SOURCES/nss-dsa-policy.patch @@ -0,0 +1,51 @@ +diff --git a/lib/certhigh/certvfy.c b/lib/certhigh/certvfy.c +--- a/lib/certhigh/certvfy.c ++++ b/lib/certhigh/certvfy.c +@@ -42,23 +42,16 @@ checkKeyParams(const SECAlgorithmID *sig + { + SECStatus rv; + SECOidTag sigAlg; + SECOidTag curve; + PRUint32 policyFlags = 0; + PRInt32 minLen, len; + + sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm); +- rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags); +- if (rv == SECSuccess && +- !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { +- PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); +- return SECFailure; +- } +- + switch (sigAlg) { + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + if (key->keyType != ecKey) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); +@@ -126,16 +119,23 @@ checkKeyParams(const SECAlgorithmID *sig + } + + if (len < minLen) { + return SECFailure; + } + + return SECSuccess; + case SEC_OID_ANSIX9_DSA_SIGNATURE: ++ rv = NSS_GetAlgorithmPolicy(sigAlg, &policyFlags); ++ if (rv == SECSuccess && ++ !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { ++ PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); ++ return SECFailure; ++ } ++ /* fall through */ + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_SDN702_DSA_SIGNATURE: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: + if (key->keyType != dsaKey) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return SECFailure; diff --git a/SOURCES/nss-enable-cipher-suites.patch b/SOURCES/nss-enable-cipher-suites.patch deleted file mode 100644 index 0e6aabd..0000000 --- a/SOURCES/nss-enable-cipher-suites.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up nss/lib/ssl/ssl3con.c.enable-cipher-suites nss/lib/ssl/ssl3con.c ---- nss/lib/ssl/ssl3con.c.enable-cipher-suites 2017-02-20 16:32:39.464067010 +0100 -+++ nss/lib/ssl/ssl3con.c 2017-02-20 16:37:00.506731989 +0100 -@@ -91,7 +91,7 @@ PRBool ssl_IsRsaPssSignatureScheme(SSLSi - /* clang-format off */ - static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { - /* cipher_suite policy enabled isPresent */ -- { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -@@ -102,7 +102,7 @@ static ssl3CipherSuiteCfg cipherSuites[s - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -@@ -113,7 +113,7 @@ static ssl3CipherSuiteCfg cipherSuites[s - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -@@ -140,7 +140,7 @@ static ssl3CipherSuiteCfg cipherSuites[s - { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, diff --git a/SOURCES/nss-fips-disable-tls13.patch b/SOURCES/nss-fips-disable-tls13.patch new file mode 100644 index 0000000..8b30bbc --- /dev/null +++ b/SOURCES/nss-fips-disable-tls13.patch @@ -0,0 +1,30 @@ +diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c +--- a/lib/ssl/sslsock.c ++++ b/lib/ssl/sslsock.c +@@ -2382,16 +2382,26 @@ ssl3_CreateOverlapWithPolicy(SSLProtocol + rv = ssl3_GetEffectiveVersionPolicy(protocolVariant, + &effectivePolicyBoundary); + if (rv == SECFailure) { + /* SECFailure means internal failure or invalid configuration. */ + overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE; + return SECFailure; + } + ++ /* TODO: TLSv1.3 doesn't work yet under FIPS mode */ ++ if (PK11_IsFIPS()) { ++ if (effectivePolicyBoundary.min >= SSL_LIBRARY_VERSION_TLS_1_3) { ++ effectivePolicyBoundary.min = SSL_LIBRARY_VERSION_TLS_1_2; ++ } ++ if (effectivePolicyBoundary.max >= SSL_LIBRARY_VERSION_TLS_1_3) { ++ effectivePolicyBoundary.max = SSL_LIBRARY_VERSION_TLS_1_2; ++ } ++ } ++ + vrange.min = PR_MAX(input->min, effectivePolicyBoundary.min); + vrange.max = PR_MIN(input->max, effectivePolicyBoundary.max); + + if (vrange.max < vrange.min) { + /* there was no overlap, turn off range altogether */ + overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE; + return SECFailure; + } diff --git a/SOURCES/nss-fix-public-key-from-priv.patch b/SOURCES/nss-fix-public-key-from-priv.patch new file mode 100644 index 0000000..275bfc7 --- /dev/null +++ b/SOURCES/nss-fix-public-key-from-priv.patch @@ -0,0 +1,299 @@ +diff -up ./nss/gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mechs ./nss/gtests/pk11_gtest/pk11_import_unittest.cc +--- ./nss/gtests/pk11_gtest/pk11_import_unittest.cc.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700 ++++ ./nss/gtests/pk11_gtest/pk11_import_unittest.cc 2019-06-05 12:01:13.728544204 -0700 +@@ -78,17 +78,40 @@ class Pk11KeyImportTestBase : public ::t + CK_MECHANISM_TYPE mech_; + + private: ++ SECItem GetPublicComponent(ScopedSECKEYPublicKey& pub_key) { ++ SECItem null = { siBuffer, NULL, 0}; ++ switch(SECKEY_GetPublicKeyType(pub_key.get())) { ++ case rsaKey: ++ case rsaPssKey: ++ case rsaOaepKey: ++ return pub_key->u.rsa.modulus; ++ case keaKey: ++ return pub_key->u.kea.publicValue; ++ case dsaKey: ++ return pub_key->u.dsa.publicValue; ++ case dhKey: ++ return pub_key->u.dh.publicValue; ++ case ecKey: ++ return pub_key->u.ec.publicValue; ++ case fortezzaKey: /* depricated */ ++ case nullKey: ++ /* didn't use default here so we can catch new key types at compile time */ ++ break; ++ } ++ return null; ++ } + void CheckForPublicKey(const ScopedSECKEYPrivateKey& priv_key, + const SECItem* expected_public) { + // Verify the public key exists. + StackSECItem priv_id; ++ KeyType type = SECKEY_GetPrivateKeyType(priv_key.get()); + SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, priv_key.get(), + CKA_ID, &priv_id); + ASSERT_EQ(SECSuccess, rv) << "Couldn't read CKA_ID from private key: " + << PORT_ErrorToName(PORT_GetError()); + + CK_ATTRIBUTE_TYPE value_type = CKA_VALUE; +- switch (SECKEY_GetPrivateKeyType(priv_key.get())) { ++ switch (type) { + case rsaKey: + value_type = CKA_MODULUS; + break; +@@ -106,6 +129,8 @@ class Pk11KeyImportTestBase : public ::t + FAIL() << "unknown key type"; + } + ++ // Scan public key objects until we find one with the same CKA_ID as ++ // priv_key + std::unique_ptr objs( + PK11_FindGenericObjects(slot_.get(), CKO_PUBLIC_KEY)); + ASSERT_NE(nullptr, objs); +@@ -128,20 +153,46 @@ class Pk11KeyImportTestBase : public ::t + ASSERT_EQ(1U, token.len); + ASSERT_NE(0, token.data[0]); + +- StackSECItem value; +- rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &value); ++ StackSECItem raw_value; ++ SECItem decoded_value; ++ rv = PK11_ReadRawAttribute(PK11_TypeGeneric, obj, value_type, &raw_value); + ASSERT_EQ(SECSuccess, rv); ++ SECItem value = raw_value; + ++ // Decode the EC_POINT and check the output against expected. + // CKA_EC_POINT isn't stable, see Bug 1520649. ++ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); ++ ASSERT_TRUE(arena); + if (value_type == CKA_EC_POINT) { +- continue; +- } + ++ // If this fails due to the noted inconsistency, we may need to ++ // check the whole raw_value, or remove a leading UNCOMPRESSED_POINT tag ++ rv = SEC_QuickDERDecodeItem(arena.get(), &decoded_value, ++ SEC_ASN1_GET(SEC_OctetStringTemplate), ++ &raw_value); ++ ASSERT_EQ(SECSuccess, rv); ++ value = decoded_value; ++ } + ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &value)) + << "expected: " + << DataBuffer(expected_public->data, expected_public->len) + << std::endl + << "actual: " << DataBuffer(value.data, value.len) << std::endl; ++ ++ // Finally, convert the private to public and ensure it matches. ++ ScopedSECKEYPublicKey pub_key( ++ SECKEY_ConvertToPublicKey(priv_key.get())); ++ ASSERT_TRUE(pub_key); ++ SECItem converted_public = GetPublicComponent(pub_key); ++ ASSERT_TRUE(converted_public.len != 0); ++ ++ ASSERT_TRUE(SECITEM_ItemsAreEqual(expected_public, &converted_public)) ++ << "expected: " ++ << DataBuffer(expected_public->data, expected_public->len) ++ << std::endl ++ << "actual: " ++ << DataBuffer(converted_public.data, converted_public.len) ++ << std::endl; + } + } + +diff -up ./nss/lib/cryptohi/seckey.c.pub-priv-mechs ./nss/lib/cryptohi/seckey.c +--- ./nss/lib/cryptohi/seckey.c.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700 ++++ ./nss/lib/cryptohi/seckey.c 2019-06-05 12:01:13.729544204 -0700 +@@ -1206,6 +1206,37 @@ SECKEY_CopyPublicKey(const SECKEYPublicK + return NULL; + } + ++/* ++ * Use the private key to find a public key handle. The handle will be on ++ * the same slot as the private key. ++ */ ++static CK_OBJECT_HANDLE ++seckey_FindPublicKeyHandle(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk) ++{ ++ CK_OBJECT_HANDLE keyID; ++ ++ /* this helper function is only used below. If we want to make this more ++ * general, we would need to free up any already cached handles if the ++ * slot doesn't match up with the private key slot */ ++ PORT_Assert(pubk->pkcs11ID == CK_INVALID_HANDLE); ++ ++ /* first look for a matching public key */ ++ keyID = PK11_MatchItem(privk->pkcs11Slot, privk->pkcs11ID, CKO_PUBLIC_KEY); ++ if (keyID != CK_INVALID_HANDLE) { ++ return keyID; ++ } ++ ++ /* none found, create a temp one, make the pubk the owner */ ++ pubk->pkcs11ID = PK11_DerivePubKeyFromPrivKey(privk); ++ if (pubk->pkcs11ID == CK_INVALID_HANDLE) { ++ /* end of the road. Token doesn't have matching public key, nor can ++ * token regenerate a new public key from and existing private key. */ ++ return CK_INVALID_HANDLE; ++ } ++ pubk->pkcs11Slot = PK11_ReferenceSlot(privk->pkcs11Slot); ++ return pubk->pkcs11ID; ++} ++ + SECKEYPublicKey * + SECKEY_ConvertToPublicKey(SECKEYPrivateKey *privk) + { +@@ -1213,6 +1244,8 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK + PLArenaPool *arena; + CERTCertificate *cert; + SECStatus rv; ++ CK_OBJECT_HANDLE pubKeyHandle; ++ SECItem decodedPoint; + + /* + * First try to look up the cert. +@@ -1243,11 +1276,47 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK + + switch (privk->keyType) { + case nullKey: +- case dhKey: +- case dsaKey: + /* Nothing to query, if the cert isn't there, we're done -- no way + * to get the public key */ + break; ++ case dsaKey: ++ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk); ++ if (pubKeyHandle == CK_INVALID_HANDLE) ++ break; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle, ++ CKA_BASE, arena, &pubk->u.dsa.params.base); ++ if (rv != SECSuccess) ++ break; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle, ++ CKA_PRIME, arena, &pubk->u.dsa.params.prime); ++ if (rv != SECSuccess) ++ break; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle, ++ CKA_SUBPRIME, arena, &pubk->u.dsa.params.subPrime); ++ if (rv != SECSuccess) ++ break; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle, ++ CKA_VALUE, arena, &pubk->u.dsa.publicValue); ++ if (rv != SECSuccess) ++ break; ++ return pubk; ++ case dhKey: ++ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk); ++ if (pubKeyHandle == CK_INVALID_HANDLE) ++ break; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle, ++ CKA_BASE, arena, &pubk->u.dh.base); ++ if (rv != SECSuccess) ++ break; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle, ++ CKA_PRIME, arena, &pubk->u.dh.prime); ++ if (rv != SECSuccess) ++ break; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle, ++ CKA_VALUE, arena, &pubk->u.dh.publicValue); ++ if (rv != SECSuccess) ++ break; ++ return pubk; + case rsaKey: + rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, + CKA_MODULUS, arena, &pubk->u.rsa.modulus); +@@ -1258,7 +1327,6 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK + if (rv != SECSuccess) + break; + return pubk; +- break; + case ecKey: + rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, + CKA_EC_PARAMS, arena, &pubk->u.ec.DEREncodedParams); +@@ -1268,7 +1336,23 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK + rv = PK11_ReadAttribute(privk->pkcs11Slot, privk->pkcs11ID, + CKA_EC_POINT, arena, &pubk->u.ec.publicValue); + if (rv != SECSuccess || pubk->u.ec.publicValue.len == 0) { +- break; ++ pubKeyHandle = seckey_FindPublicKeyHandle(privk, pubk); ++ if (pubKeyHandle == CK_INVALID_HANDLE) ++ break; ++ rv = PK11_ReadAttribute(privk->pkcs11Slot, pubKeyHandle, ++ CKA_EC_POINT, arena, &pubk->u.ec.publicValue); ++ if (rv != SECSuccess) ++ break; ++ } ++ /* ec.publicValue should be decoded, PKCS #11 defines CKA_EC_POINT ++ * as encoded, but it's not always. try do decoded it and if it ++ * succeeds store the decoded value */ ++ rv = SEC_QuickDERDecodeItem(arena, &decodedPoint, ++ SEC_ASN1_GET(SEC_OctetStringTemplate), &pubk->u.ec.publicValue); ++ if (rv == SECSuccess) { ++ /* both values are in the public key arena, so it's safe to ++ * overwrite the old value */ ++ pubk->u.ec.publicValue = decodedPoint; + } + pubk->u.ec.encoding = ECPoint_Undefined; + return pubk; +@@ -1276,7 +1360,9 @@ SECKEY_ConvertToPublicKey(SECKEYPrivateK + break; + } + +- PORT_FreeArena(arena, PR_FALSE); ++ /* must use Destroy public key here, because some paths create temporary ++ * PKCS #11 objects which need to be freed */ ++ SECKEY_DestroyPublicKey(pubk); + return NULL; + } + +diff -up ./nss/lib/pk11wrap/pk11priv.h.pub-priv-mechs ./nss/lib/pk11wrap/pk11priv.h +--- ./nss/lib/pk11wrap/pk11priv.h.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700 ++++ ./nss/lib/pk11wrap/pk11priv.h 2019-06-05 12:01:13.729544204 -0700 +@@ -111,6 +111,7 @@ CK_OBJECT_HANDLE PK11_FindObjectForCert( + PK11SymKey *pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, + CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey); + unsigned int pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType); ++CK_OBJECT_HANDLE PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey); + + /********************************************************************** + * Certs +diff -up ./nss/lib/pk11wrap/pk11skey.c.pub-priv-mechs ./nss/lib/pk11wrap/pk11skey.c +--- ./nss/lib/pk11wrap/pk11skey.c.pub-priv-mechs 2019-05-10 14:14:18.000000000 -0700 ++++ ./nss/lib/pk11wrap/pk11skey.c 2019-06-05 12:01:13.730544203 -0700 +@@ -1840,6 +1840,35 @@ loser: + } + + /* ++ * This regenerate a public key from a private key. This function is currently ++ * NSS private. If we want to make it public, we need to add and optional ++ * template or at least flags (a.la. PK11_DeriveWithFlags). ++ */ ++CK_OBJECT_HANDLE ++PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey) ++{ ++ PK11SlotInfo *slot = privKey->pkcs11Slot; ++ CK_MECHANISM mechanism; ++ CK_OBJECT_HANDLE objectID = CK_INVALID_HANDLE; ++ CK_RV crv; ++ ++ mechanism.mechanism = CKM_NSS_PUB_FROM_PRIV; ++ mechanism.pParameter = NULL; ++ mechanism.ulParameterLen = 0; ++ ++ PK11_EnterSlotMonitor(slot); ++ crv = PK11_GETTAB(slot)->C_DeriveKey(slot->session, &mechanism, ++ privKey->pkcs11ID, NULL, 0, ++ &objectID); ++ PK11_ExitSlotMonitor(slot); ++ if (crv != CKR_OK) { ++ PORT_SetError(PK11_MapError(crv)); ++ return CK_INVALID_HANDLE; ++ } ++ return objectID; ++} ++ ++/* + * This Generates a wrapping key based on a privateKey, publicKey, and two + * random numbers. For Mail usage RandomB should be NULL. In the Sender's + * case RandomA is generate, outherwize it is passed. diff --git a/SOURCES/nss-pkcs12-iterations-limit.patch b/SOURCES/nss-pkcs12-iterations-limit.patch deleted file mode 100644 index 8b035b8..0000000 --- a/SOURCES/nss-pkcs12-iterations-limit.patch +++ /dev/null @@ -1,24 +0,0 @@ -# HG changeset patch -# User J.C. Jones -# Date 1521824312 25200 -# Fri Mar 23 09:58:32 2018 -0700 -# Branch NSS_3_36_BRANCH -# Node ID ba3f1cc8a8e644ee6f8a763624d97e987816304d -# Parent 2355c9e3bba477c947a09a2fe8b1ed8971fab1cb -Bug 1278071 - Limit iterations for PKCS #12 export for Windows r=kaie - -Per Bug 1436873, Windows is limited on importing PKCS12 files of 600k rounds -or less. So for compatibility's sake, let's limit there, too. - -diff --git a/lib/pkcs7/p7create.c b/lib/pkcs7/p7create.c ---- a/lib/pkcs7/p7create.c -+++ b/lib/pkcs7/p7create.c -@@ -22,7 +22,7 @@ const int NSS_PBE_DEFAULT_ITERATION_COUN - #ifdef DEBUG - 10000 - #else -- 1000000 -+ 600000 - #endif - ; - diff --git a/SOURCES/nss-post-handshake-auth-with-tickets.patch b/SOURCES/nss-post-handshake-auth-with-tickets.patch new file mode 100644 index 0000000..ac51f07 --- /dev/null +++ b/SOURCES/nss-post-handshake-auth-with-tickets.patch @@ -0,0 +1,96 @@ +# HG changeset patch +# User Daiki Ueno +# Date 1559121620 -7200 +# Wed May 29 11:20:20 2019 +0200 +# Node ID 29a48b604602a523defd6f9322a5adeca7e284a5 +# Parent 43a7fb4f994a31222c308113b0fccdd5480d5b8e +Bug 1553443, send session ticket only after handshake is marked as finished + +Reviewers: mt + +Reviewed By: mt + +Bug #: 1553443 + +Differential Revision: https://phabricator.services.mozilla.com/D32128 + +diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc +--- a/gtests/ssl_gtest/ssl_auth_unittest.cc ++++ b/gtests/ssl_gtest/ssl_auth_unittest.cc +@@ -537,6 +537,40 @@ TEST_F(TlsConnectStreamTls13, PostHandsh + capture_cert_req->buffer().len())); + } + ++// Check if post-handshake auth still works when session tickets are enabled: ++// https://bugzilla.mozilla.org/show_bug.cgi?id=1553443 ++TEST_F(TlsConnectStreamTls13, PostHandshakeAuthWithSessionTicketsEnabled) { ++ EnsureTlsSetup(); ++ client_->SetupClientAuth(); ++ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), ++ SSL_ENABLE_POST_HANDSHAKE_AUTH, PR_TRUE)); ++ EXPECT_EQ(SECSuccess, SSL_OptionSet(client_->ssl_fd(), ++ SSL_ENABLE_SESSION_TICKETS, PR_TRUE)); ++ EXPECT_EQ(SECSuccess, SSL_OptionSet(server_->ssl_fd(), ++ SSL_ENABLE_SESSION_TICKETS, PR_TRUE)); ++ size_t called = 0; ++ server_->SetAuthCertificateCallback( ++ [&called](TlsAgent*, PRBool, PRBool) -> SECStatus { ++ called++; ++ return SECSuccess; ++ }); ++ Connect(); ++ EXPECT_EQ(0U, called); ++ // Send CertificateRequest. ++ EXPECT_EQ(SECSuccess, SSL_GetClientAuthDataHook( ++ client_->ssl_fd(), GetClientAuthDataHook, nullptr)); ++ EXPECT_EQ(SECSuccess, SSL_SendCertificateRequest(server_->ssl_fd())) ++ << "Unexpected error: " << PORT_ErrorToName(PORT_GetError()); ++ server_->SendData(50); ++ client_->ReadBytes(50); ++ client_->SendData(50); ++ server_->ReadBytes(50); ++ EXPECT_EQ(1U, called); ++ ScopedCERTCertificate cert1(SSL_PeerCertificate(server_->ssl_fd())); ++ ScopedCERTCertificate cert2(SSL_LocalCertificate(client_->ssl_fd())); ++ EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); ++} ++ + // In TLS 1.3, the client sends its cert rejection on the + // second flight, and since it has already received the + // server's Finished, it transitions to complete and +diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c +--- a/lib/ssl/tls13con.c ++++ b/lib/ssl/tls13con.c +@@ -4561,6 +4561,11 @@ tls13_ServerHandleFinished(sslSocket *ss + return SECFailure; + } + ++ rv = tls13_FinishHandshake(ss); ++ if (rv != SECSuccess) { ++ return SECFailure; ++ } ++ + ssl_GetXmitBufLock(ss); + if (ss->opt.enableSessionTickets) { + rv = tls13_SendNewSessionTicket(ss, NULL, 0); +@@ -4573,8 +4578,7 @@ tls13_ServerHandleFinished(sslSocket *ss + } + } + ssl_ReleaseXmitBufLock(ss); +- +- return tls13_FinishHandshake(ss); ++ return SECSuccess; + + loser: + ssl_ReleaseXmitBufLock(ss); +diff --git a/tests/ssl/sslauth.txt b/tests/ssl/sslauth.txt +--- a/tests/ssl/sslauth.txt ++++ b/tests/ssl/sslauth.txt +@@ -42,6 +42,7 @@ + noECC 0 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Require client auth on post hs (client auth) + noECC 0 -r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Request don't require client auth on post hs (client does not provide auth) + noECC 1 -r_-r_-r_-r_-E -V_tls1.3:tls1.3_-E_-n_none_-w_nss TLS 1.3 Require client auth on post hs (client does not provide auth) ++ noECC 0 -r_-r_-r_-E_-u -V_tls1.3:tls1.3_-E_-n_TestUser_-w_nss TLS 1.3 Request don't require client auth on post hs with session ticket (client auth) + # + # Use EC cert for client authentication + # diff --git a/SOURCES/nss-reorder-cipher-suites-gtests.patch b/SOURCES/nss-reorder-cipher-suites-gtests.patch index 0675959..73b049f 100644 --- a/SOURCES/nss-reorder-cipher-suites-gtests.patch +++ b/SOURCES/nss-reorder-cipher-suites-gtests.patch @@ -1,7 +1,7 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_auth_unittest.cc ---- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2018-03-05 16:58:32.000000000 +0100 -+++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc 2018-03-09 17:29:32.985313219 +0100 -@@ -231,7 +231,9 @@ static SSLNamedGroup NamedGroupForEcdsa3 +--- nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100 ++++ nss/gtests/ssl_gtest/ssl_auth_unittest.cc 2019-03-22 11:25:50.523173253 +0100 +@@ -728,7 +728,9 @@ static SSLNamedGroup NamedGroupForEcdsa3 // NSS tries to match the group size to the symmetric cipher. In TLS 1.1 and // 1.0, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is the highest priority suite, so // we use P-384. With TLS 1.2 on we pick AES-128 GCM so use x25519. @@ -12,7 +12,7 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests return ssl_grp_ec_secp384r1; } return ssl_grp_ec_curve25519; -@@ -870,20 +872,24 @@ INSTANTIATE_TEST_CASE_P( +@@ -1377,20 +1379,24 @@ INSTANTIATE_TEST_CASE_P( ::testing::Values(TlsAgent::kServerEcdsa256), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_secp256r1_sha256))); @@ -39,9 +39,63 @@ diff -up nss/gtests/ssl_gtest/ssl_auth_unittest.cc.reorder-cipher-suites-gtests INSTANTIATE_TEST_CASE_P( SignatureSchemeEcdsaSha1, TlsSignatureSchemeConfiguration, ::testing::Combine(TlsConnectTestBase::kTlsVariantsAll, -@@ -892,4 +898,5 @@ INSTANTIATE_TEST_CASE_P( +@@ -1399,4 +1405,5 @@ INSTANTIATE_TEST_CASE_P( TlsAgent::kServerEcdsa384), ::testing::Values(ssl_auth_ecdsa), ::testing::Values(ssl_sig_ecdsa_sha1))); +#endif } // namespace nss_test +diff -up nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc +--- nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100 ++++ nss/gtests/ssl_gtest/ssl_recordsize_unittest.cc 2019-03-22 11:25:50.523173253 +0100 +@@ -71,11 +71,13 @@ void CheckRecordSizes(const std::shared_ + break; + + case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: ++ case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: + expansion = 16; + iv = 8; + break; + + case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: ++ case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: + // Expansion is 20 for the MAC. Maximum block padding is 16. Maximum + // padding is added when the input plus the MAC is an exact multiple of + // the block size. +diff -up nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc +--- nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc.reorder-cipher-suites-gtests 2019-03-16 01:25:08.000000000 +0100 ++++ nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc 2019-03-22 11:29:30.452433420 +0100 +@@ -133,7 +133,19 @@ TEST_P(TlsConnectGenericPre13, TooLargeR + TEST_P(TlsConnectGeneric, ServerAuthBiggestRsa) { + Reset(TlsAgent::kRsa8192); + Connect(); +- CheckKeys(); ++ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { ++ CheckKeys(); ++ } else { ++ // in TLS 1.2 or TLS 1.1, AES-256 is selected by default, which ++ // needs a different kea setup ++ SSLSignatureScheme scheme; ++ if (version_ >= SSL_LIBRARY_VERSION_TLS_1_2) { ++ scheme = ssl_sig_rsa_pss_rsae_sha256; ++ } else { ++ scheme = ssl_sig_rsa_pkcs1_sha256; ++ } ++ CheckKeys(ssl_kea_ecdh, ssl_grp_ec_secp521r1, ssl_auth_rsa_sign, scheme); ++ } + } + + } // namespace nss_test +diff -up nss/gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests nss/gtests/ssl_gtest/tls_agent.cc +--- nss/gtests/ssl_gtest/tls_agent.cc.reorder-cipher-suites-gtests 2019-03-22 11:28:19.936944328 +0100 ++++ nss/gtests/ssl_gtest/tls_agent.cc 2019-03-22 11:29:58.712828287 +0100 +@@ -532,6 +532,9 @@ void TlsAgent::CheckKEA(SSLKEAType kea, + case ssl_grp_ec_secp384r1: + kea_size = 384; + break; ++ case ssl_grp_ec_secp521r1: ++ kea_size = 521; ++ break; + case ssl_grp_ffdhe_2048: + kea_size = 2048; + break; diff --git a/SOURCES/nss-reorder-cipher-suites.patch b/SOURCES/nss-reorder-cipher-suites.patch index 9806190..c295c1d 100644 --- a/SOURCES/nss-reorder-cipher-suites.patch +++ b/SOURCES/nss-reorder-cipher-suites.patch @@ -1,21 +1,16 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c ---- nss/lib/ssl/ssl3con.c.reorder-cipher-suites 2017-04-26 11:47:33.690047402 +0200 -+++ nss/lib/ssl/ssl3con.c 2017-04-26 11:51:51.103013632 +0200 -@@ -91,54 +91,44 @@ PRBool ssl_IsRsaPssSignatureScheme(SSLSi - /* clang-format off */ - static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { - /* cipher_suite policy enabled isPresent */ -- /* Special TLS 1.3 suites. */ -- { TLS_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE }, -- { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE }, -- { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE }, -- +--- nss/lib/ssl/ssl3con.c.reorder-cipher-suites 2019-03-16 01:25:08.000000000 +0100 ++++ nss/lib/ssl/ssl3con.c 2019-03-21 14:22:01.578936057 +0100 +@@ -90,49 +90,44 @@ static ssl3CipherSuiteCfg cipherSuites[s + { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE }, + { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE }, + - { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, +- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around - * bug 946147. - */ @@ -29,7 +24,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -42,7 +37,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c - { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - -+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, ++ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -53,7 +48,7 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, +- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -74,14 +69,14 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c { TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -@@ -147,27 +137,21 @@ static ssl3CipherSuiteCfg cipherSuites[s +@@ -141,27 +136,21 @@ static ssl3CipherSuiteCfg cipherSuites[s { TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - - /* RSA */ - { TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -106,27 +101,13 @@ diff -up nss/lib/ssl/ssl3con.c.reorder-cipher-suites nss/lib/ssl/ssl3con.c { TLS_ECDHE_ECDSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDH_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -@@ -175,6 +159,9 @@ static ssl3CipherSuiteCfg cipherSuites[s - { TLS_RSA_WITH_NULL_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_RSA_WITH_NULL_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE }, -+ { TLS_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE }, -+ { TLS_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE }, - }; - /* clang-format on */ - diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c ---- nss/lib/ssl/sslenum.c.reorder-cipher-suites 2017-04-26 11:46:50.215066457 +0200 -+++ nss/lib/ssl/sslenum.c 2017-04-26 11:47:09.362617638 +0200 -@@ -55,53 +55,44 @@ - * the third one. - */ - const PRUint16 SSL_ImplementedCiphers[] = { -- TLS_AES_128_GCM_SHA256, -- TLS_CHACHA20_POLY1305_SHA256, -- TLS_AES_256_GCM_SHA384, -- +--- nss/lib/ssl/sslenum.c.reorder-cipher-suites 2019-03-16 01:25:08.000000000 +0100 ++++ nss/lib/ssl/sslenum.c 2019-03-21 14:22:16.479624167 +0100 +@@ -59,49 +59,44 @@ const PRUint16 SSL_ImplementedCiphers[] + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_256_GCM_SHA384, + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, @@ -191,7 +172,7 @@ diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, -@@ -110,26 +101,21 @@ const PRUint16 SSL_ImplementedCiphers[] +@@ -110,26 +105,21 @@ const PRUint16 SSL_ImplementedCiphers[] TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, @@ -222,13 +203,3 @@ diff -up nss/lib/ssl/sslenum.c.reorder-cipher-suites nss/lib/ssl/sslenum.c TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, -@@ -137,6 +123,9 @@ const PRUint16 SSL_ImplementedCiphers[] - TLS_RSA_WITH_NULL_SHA, - TLS_RSA_WITH_NULL_SHA256, - TLS_RSA_WITH_NULL_MD5, -+ TLS_AES_128_GCM_SHA256, -+ TLS_CHACHA20_POLY1305_SHA256, -+ TLS_AES_256_GCM_SHA384, - - 0 - }; diff --git a/SOURCES/nss-rhel7.config b/SOURCES/nss-rhel7.config index be6d690..84e18ce 100644 --- a/SOURCES/nss-rhel7.config +++ b/SOURCES/nss-rhel7.config @@ -3,5 +3,5 @@ library= name=Policy NSS=flags=policyOnly,moduleDB -config="disallow=md5 allow=DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023" +config="disallow=MD5:RC4 allow=DH-MIN=1023:DSA-MIN=1023:RSA-MIN=1023:TLS-VERSION-MIN=tls1.0" diff --git a/SOURCES/nss-skip-sysinit-gtests.patch b/SOURCES/nss-skip-sysinit-gtests.patch new file mode 100644 index 0000000..4c3ea29 --- /dev/null +++ b/SOURCES/nss-skip-sysinit-gtests.patch @@ -0,0 +1,11 @@ +diff -up nss/gtests/manifest.mn.skip-sysinit-gtests nss/gtests/manifest.mn +--- nss/gtests/manifest.mn.skip-sysinit-gtests 2019-04-26 12:55:05.979302035 +0200 ++++ nss/gtests/manifest.mn 2019-04-26 12:55:09.507228984 +0200 +@@ -27,7 +27,6 @@ NSS_SRCDIRS = \ + smime_gtest \ + softoken_gtest \ + ssl_gtest \ +- $(SYSINIT_GTEST) \ + nss_bogo_shim \ + $(NULL) + endif diff --git a/SOURCES/nss-skip-tls13-fips-tests.sh b/SOURCES/nss-skip-tls13-fips-tests.sh new file mode 100644 index 0000000..2d4ff9c --- /dev/null +++ b/SOURCES/nss-skip-tls13-fips-tests.sh @@ -0,0 +1,16 @@ +diff -up nss/tests/ssl/ssl.sh.skip-tls13-fips-mode nss/tests/ssl/ssl.sh +--- nss/tests/ssl/ssl.sh.skip-tls13-fips-mode 2019-05-16 10:52:35.926904215 +0200 ++++ nss/tests/ssl/ssl.sh 2019-05-16 10:53:05.953281239 +0200 +@@ -412,6 +412,12 @@ ssl_auth() + echo "${testname}" | grep "TLS 1.3" > /dev/null + TLS13=$? + ++ if [ "${TLS13}" -eq 0 ] && \ ++ [ "$SERVER_MODE" = "fips" -o "$CLIENT_MODE" = "fips" ] ; then ++ echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" ++ continue ++ fi ++ + if [ "${CLIENT_MODE}" = "fips" -a "${CAUTH}" -eq 0 ] ; then + echo "$SCRIPTNAME: skipping $testname (non-FIPS only)" + elif [ "$ectype" = "SNI" -a "$NORM_EXT" = "Extended Test" ] ; then diff --git a/SOURCES/nss-skip-util-gtest.patch b/SOURCES/nss-skip-util-gtest.patch index 02bf308..2a914d3 100644 --- a/SOURCES/nss-skip-util-gtest.patch +++ b/SOURCES/nss-skip-util-gtest.patch @@ -1,7 +1,7 @@ diff -up nss/gtests/manifest.mn.skip-util-gtests nss/gtests/manifest.mn ---- nss/gtests/manifest.mn.skip-util-gtests 2017-09-20 08:47:27.000000000 +0200 -+++ nss/gtests/manifest.mn 2017-10-19 11:02:27.773910909 +0200 -@@ -32,6 +32,5 @@ endif +--- nss/gtests/manifest.mn.skip-util-gtests 2019-03-16 01:25:08.000000000 +0100 ++++ nss/gtests/manifest.mn 2019-03-21 12:41:02.264072681 +0100 +@@ -35,6 +35,5 @@ endif DIRS = \ $(LIB_SRCDIRS) \ @@ -9,9 +9,9 @@ diff -up nss/gtests/manifest.mn.skip-util-gtests nss/gtests/manifest.mn $(NSS_SRCDIRS) \ $(NULL) diff -up nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests nss/gtests/ssl_gtest/manifest.mn ---- nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests 2017-09-20 08:47:27.000000000 +0200 -+++ nss/gtests/ssl_gtest/manifest.mn 2017-10-19 11:02:27.773910909 +0200 -@@ -58,6 +58,7 @@ PROGRAM = ssl_gtest +--- nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests 2019-03-16 01:25:08.000000000 +0100 ++++ nss/gtests/ssl_gtest/manifest.mn 2019-03-21 12:41:02.265072660 +0100 +@@ -67,6 +67,7 @@ PROGRAM = ssl_gtest EXTRA_LIBS += \ $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) \ $(DIST)/lib/$(LIB_PREFIX)cpputil.$(LIB_SUFFIX) \ @@ -19,15 +19,3 @@ diff -up nss/gtests/ssl_gtest/manifest.mn.skip-util-gtests nss/gtests/ssl_gtest/ $(NULL) USE_STATIC_LIBS = 1 -diff -up nss/tests/gtests/gtests.sh.skip-util-gtests nss/tests/gtests/gtests.sh ---- nss/tests/gtests/gtests.sh.skip-util-gtests 2017-09-20 08:47:27.000000000 +0200 -+++ nss/tests/gtests/gtests.sh 2017-10-19 11:03:57.473976538 +0200 -@@ -83,7 +83,7 @@ gtest_cleanup() - } - - ################## main ################################################# --GTESTS="prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest blake2b_gtest" -+GTESTS="certhigh_gtest certdb_gtest der_gtest pk11_gtest softoken_gtest" - SOURCE_DIR="$PWD"/../.. - gtest_init $0 - gtest_start diff --git a/SOURCES/nss-ssl2-compatible-client-hello.patch b/SOURCES/nss-ssl2-compatible-client-hello.patch new file mode 100644 index 0000000..a1f5217 --- /dev/null +++ b/SOURCES/nss-ssl2-compatible-client-hello.patch @@ -0,0 +1,12 @@ +diff -up nss/lib/ssl/sslsock.c.ssl2hello nss/lib/ssl/sslsock.c +--- nss/lib/ssl/sslsock.c.ssl2hello 2019-04-26 11:31:02.139693304 +0200 ++++ nss/lib/ssl/sslsock.c 2019-04-26 11:31:36.842975724 +0200 +@@ -86,7 +86,7 @@ static sslOptions ssl_defaults = { + .enableTls13CompatMode = PR_FALSE, + .enableDtlsShortHeader = PR_FALSE, + .enableHelloDowngradeCheck = PR_FALSE, +- .enableV2CompatibleHello = PR_FALSE, ++ .enableV2CompatibleHello = PR_TRUE, + .enablePostHandshakeAuth = PR_FALSE + }; + diff --git a/SOURCES/nss-ssl2-server-random.patch b/SOURCES/nss-ssl2-server-random.patch deleted file mode 100644 index 0a242c8..0000000 --- a/SOURCES/nss-ssl2-server-random.patch +++ /dev/null @@ -1,177 +0,0 @@ -# HG changeset patch -# User Martin Thomson -# Date 1535458477 -7200 -# Tue Aug 28 14:14:37 2018 +0200 -# Branch NSS_3_36_BRANCH -# Node ID 14bfa8390396e18ba5b35c7fb299a2c2023f6448 -# Parent 42bc6956fda39f6afe81b8de7afb542f3216bc7e -Bug 1483128 - Move random generation, r?ekr - -Summary: This is the simpler fix. It's making the bug pretty obvious though. - -Reviewers: ekr, kaie - -Subscribers: HubertKario, mt, ekr, beurdouche, kaie, jcj, ueno, wtc, rrelyea - -Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3 - -Bug #: 1483128 - -Differential Revision: https://phabricator.services.mozilla.com/D4282 - -diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c ---- a/lib/ssl/ssl3con.c -+++ b/lib/ssl/ssl3con.c -@@ -8082,14 +8082,6 @@ ssl3_HandleClientHello(sslSocket *ss, PR - } - } - -- /* Generate the Server Random now so it is available -- * when we process the ClientKeyShare in TLS 1.3 */ -- rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random); -- if (rv != SECSuccess) { -- errCode = SSL_ERROR_GENERATE_RANDOM_FAILURE; -- goto loser; -- } -- - #ifndef TLS_1_3_DRAFT_VERSION - /* - * [draft-ietf-tls-tls13-11 Section 6.3.1.1]. -@@ -8878,6 +8870,7 @@ ssl_ConstructServerHello(sslSocket *ss, - SECStatus rv; - SSL3ProtocolVersion version; - sslSessionID *sid = ss->sec.ci.sid; -+ const PRUint8 *random; - - if (IS_DTLS(ss) && ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { - version = dtls_TLSVersionToDTLSVersion(ss->version); -@@ -8889,9 +8882,17 @@ ssl_ConstructServerHello(sslSocket *ss, - if (rv != SECSuccess) { - return SECFailure; - } -- /* Random already generated in ssl3_HandleClientHello */ -- rv = sslBuffer_Append(messageBuf, helloRetry ? ssl_hello_retry_random : ss->ssl3.hs.server_random, -- SSL3_RANDOM_LENGTH); -+ -+ if (helloRetry) { -+ random = ssl_hello_retry_random; -+ } else { -+ rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random); -+ if (rv != SECSuccess) { -+ return SECFailure; -+ } -+ random = ss->ssl3.hs.server_random; -+ } -+ rv = sslBuffer_Append(messageBuf, random, SSL3_RANDOM_LENGTH); - if (rv != SECSuccess) { - return SECFailure; - } -# HG changeset patch -# User Martin Thomson -# Date 1535458545 -7200 -# Tue Aug 28 14:15:45 2018 +0200 -# Node ID eee3954f57355ad04bc32f1c2dfe25d7e13a3382 -# Parent 4c7ffcfd43f613eb08ee7b4a75dbeb1a7fb540ce -Bug 1483128 - Test that randoms aren't fixed, r?ekr - -Summary: -We can't easily test that ClientHello.random and ServerHello.random are truly -random in these tests, but we can catch mistakes the likes of which produced -this bug. This just runs a few handshakes and tests that none of the random -values are equal to any other, or they are equal to zero. - -Reviewers: ekr - -Subscribers: mt, ekr, beurdouche, kaie, jcj, ueno, rrelyea, wtc, HubertKario - -Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3 - -Bug #: 1483128 - -Differential Revision: https://phabricator.services.mozilla.com/D4413 - -diff --git a/gtests/ssl_gtest/ssl_loopback_unittest.cc b/gtests/ssl_gtest/ssl_loopback_unittest.cc ---- a/gtests/ssl_gtest/ssl_loopback_unittest.cc -+++ b/gtests/ssl_gtest/ssl_loopback_unittest.cc -@@ -541,6 +541,47 @@ TEST_F(TlsConnectTest, OneNRecordSplitti - EXPECT_EQ(ExpectedCbcLen(20), records->record(2).buffer.len()); - } - -+// We can't test for randomness easily here, but we can test that we don't -+// produce a zero value, or produce the same value twice. There are 5 values -+// here: two ClientHello.random, two ServerHello.random, and one zero value. -+// Matrix them and fail if any are the same. -+TEST_P(TlsConnectGeneric, CheckRandoms) { -+ ConfigureSessionCache(RESUME_NONE, RESUME_NONE); -+ -+ static const size_t random_len = 32; -+ uint8_t crandom1[random_len], srandom1[random_len]; -+ uint8_t z[random_len] = {0}; -+ -+ auto ch = MakeTlsFilter(client_, ssl_hs_client_hello); -+ auto sh = MakeTlsFilter(server_, ssl_hs_server_hello); -+ Connect(); -+ ASSERT_TRUE(ch->buffer().len() > (random_len + 2)); -+ ASSERT_TRUE(sh->buffer().len() > (random_len + 2)); -+ memcpy(crandom1, ch->buffer().data() + 2, random_len); -+ memcpy(srandom1, sh->buffer().data() + 2, random_len); -+ EXPECT_NE(0, memcmp(crandom1, srandom1, random_len)); -+ EXPECT_NE(0, memcmp(crandom1, z, random_len)); -+ EXPECT_NE(0, memcmp(srandom1, z, random_len)); -+ -+ Reset(); -+ ch = MakeTlsFilter(client_, ssl_hs_client_hello); -+ sh = MakeTlsFilter(server_, ssl_hs_server_hello); -+ Connect(); -+ ASSERT_TRUE(ch->buffer().len() > (random_len + 2)); -+ ASSERT_TRUE(sh->buffer().len() > (random_len + 2)); -+ const uint8_t* crandom2 = ch->buffer().data() + 2; -+ const uint8_t* srandom2 = sh->buffer().data() + 2; -+ -+ EXPECT_NE(0, memcmp(crandom2, srandom2, random_len)); -+ EXPECT_NE(0, memcmp(crandom2, z, random_len)); -+ EXPECT_NE(0, memcmp(srandom2, z, random_len)); -+ -+ EXPECT_NE(0, memcmp(crandom1, crandom2, random_len)); -+ EXPECT_NE(0, memcmp(crandom1, srandom2, random_len)); -+ EXPECT_NE(0, memcmp(srandom1, crandom2, random_len)); -+ EXPECT_NE(0, memcmp(srandom1, srandom2, random_len)); -+} -+ - INSTANTIATE_TEST_CASE_P( - GenericStream, TlsConnectGeneric, - ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream, -diff --git a/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc b/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc ---- a/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc -+++ b/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc -@@ -350,6 +350,30 @@ TEST_P(SSLv2ClientHelloTest, RequireSafe - Connect(); - } - -+TEST_P(SSLv2ClientHelloTest, CheckServerRandom) { -+ ConfigureSessionCache(RESUME_NONE, RESUME_NONE); -+ SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA); -+ -+ static const size_t random_len = 32; -+ uint8_t srandom1[random_len]; -+ uint8_t z[random_len] = {0}; -+ -+ auto sh = MakeTlsFilter(server_, ssl_hs_server_hello); -+ Connect(); -+ ASSERT_TRUE(sh->buffer().len() > (random_len + 2)); -+ memcpy(srandom1, sh->buffer().data() + 2, random_len); -+ EXPECT_NE(0, memcmp(srandom1, z, random_len)); -+ -+ Reset(); -+ sh = MakeTlsFilter(server_, ssl_hs_server_hello); -+ Connect(); -+ ASSERT_TRUE(sh->buffer().len() > (random_len + 2)); -+ const uint8_t* srandom2 = sh->buffer().data() + 2; -+ -+ EXPECT_NE(0, memcmp(srandom2, z, random_len)); -+ EXPECT_NE(0, memcmp(srandom1, srandom2, random_len)); -+} -+ - // Connect to the server with TLS 1.1, signalling that this is a fallback from - // a higher version. As the server doesn't support anything higher than TLS 1.1 - // it must accept the connection. diff --git a/SOURCES/nss-sysinit-getenv.patch b/SOURCES/nss-sysinit-getenv.patch index d3f47bc..9352e33 100644 --- a/SOURCES/nss-sysinit-getenv.patch +++ b/SOURCES/nss-sysinit-getenv.patch @@ -1,7 +1,7 @@ -diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c ---- a/lib/sysinit/nsssysinit.c -+++ b/lib/sysinit/nsssysinit.c -@@ -1,11 +1,15 @@ +diff -up nss/lib/sysinit/nsssysinit.c.sysinit-getenv nss/lib/sysinit/nsssysinit.c +--- nss/lib/sysinit/nsssysinit.c.sysinit-getenv 2019-04-26 12:08:48.155862312 +0200 ++++ nss/lib/sysinit/nsssysinit.c 2019-04-26 12:09:13.228344780 +0200 +@@ -1,6 +1,10 @@ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ @@ -12,17 +12,7 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c #include "seccomon.h" #include "prio.h" #include "prprf.h" - #include "plhash.h" - #include "prenv.h" - - /* - * The following provides a default example for operating systems to set up -@@ -37,17 +41,17 @@ testdir(char *dir) - return S_ISDIR(buf.st_mode); - } - - #define NSS_USER_PATH1 "/.pki" - #define NSS_USER_PATH2 "/nssdb" +@@ -41,7 +45,7 @@ testdir(char *dir) static char * getUserDB(void) { @@ -31,17 +21,7 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c char *nssdir = NULL; if (userdir == NULL) { - return NULL; - } - - nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2)); - if (nssdir == NULL) { -@@ -129,17 +133,17 @@ userCanModifySystemDB() - #else - #error "Need to write getUserDB, SystemDB, userIsRoot, and userCanModifySystemDB functions" - #endif - #endif - +@@ -95,7 +99,7 @@ userCanModifySystemDB() static PRBool getFIPSEnv(void) { @@ -50,8 +30,3 @@ diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c if (!fipsEnv) { return PR_FALSE; } - if ((strcasecmp(fipsEnv, "fips") == 0) || - (strcasecmp(fipsEnv, "true") == 0) || - (strcasecmp(fipsEnv, "on") == 0) || - (strcasecmp(fipsEnv, "1") == 0)) { - return PR_TRUE; diff --git a/SOURCES/nss-sysinit-userdb.patch b/SOURCES/nss-sysinit-userdb.patch new file mode 100644 index 0000000..a88132a --- /dev/null +++ b/SOURCES/nss-sysinit-userdb.patch @@ -0,0 +1,132 @@ +# HG changeset patch +# User EdĂȘnis Freindorfer Azevedo +# Date 1547073505 -39600 +# Thu Jan 10 09:38:25 2019 +1100 +# Node ID da45424cb9a0b4d8e45e5040e2e3b574d994e254 +# Parent f7187a33fad7b9cafe0c2947c6d48618fdda57e4 +Bug 818686 - XDG Base Directory Specification support with fallback, r=mt + +Summary: +We check if $HOME/.pki and $HOME/.pki/nssdb exist; if they do, then we use +this path. Otherwise, use ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb + +Test Plan: +Create dummy empty dir and set HOME to it. Then, check if getUserDb returns: +1. $HOME/.pki/nssdb when this path exists; +2. $HOME/.local/share/pki/nssdb when $HOME/.pki/nssdb does not and XDG_DATA_HOME is not defined; +3. $XDG_DATA_HOME/pki/nssdb when $HOME/.pki/nssdb does not exist and XDG_DATA_HOME is defined. + +Reviewers: mt + +Reviewed By: mt + +Bug #: 818686 + +Differential Revision: https://phabricator.services.mozilla.com/D14007 + +diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c +--- a/lib/sysinit/nsssysinit.c ++++ b/lib/sysinit/nsssysinit.c +@@ -37,9 +37,41 @@ testdir(char *dir) + return S_ISDIR(buf.st_mode); + } + ++/** ++ * Append given @dir to @path and creates the directory with mode @mode. ++ * Returns 0 if successful, -1 otherwise. ++ * Assumes that the allocation for @path has sufficient space for @dir ++ * to be added. ++ */ ++static int ++appendDirAndCreate(char *path, char *dir, mode_t mode) ++{ ++ PORT_Strcat(path, dir); ++ if (!testdir(path)) { ++ if (mkdir(path, mode)) { ++ return -1; ++ } ++ } ++ return 0; ++} ++ ++#define XDG_NSS_USER_PATH1 "/.local" ++#define XDG_NSS_USER_PATH2 "/share" ++#define XDG_NSS_USER_PATH3 "/pki" ++ + #define NSS_USER_PATH1 "/.pki" + #define NSS_USER_PATH2 "/nssdb" +-static char * ++ ++/** ++ * Return the path to user's NSS database. ++ * We search in the following dirs in order: ++ * (1) $HOME/.pki/nssdb; ++ * (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set; ++ * (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value). ++ * If (1) does not exist, then the returned dir will be set to either ++ * (2) or (3), depending if XDG_DATA_HOME is set. ++ */ ++char * + getUserDB(void) + { + char *userdir = PR_GetEnvSecure("HOME"); +@@ -50,22 +82,47 @@ getUserDB(void) + } + + nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2)); ++ PORT_Strcpy(nssdir, userdir); ++ PORT_Strcat(nssdir, NSS_USER_PATH1 NSS_USER_PATH2); ++ if (testdir(nssdir)) { ++ /* $HOME/.pki/nssdb exists */ ++ return nssdir; ++ } else { ++ /* either $HOME/.pki or $HOME/.pki/nssdb does not exist */ ++ PORT_Free(nssdir); ++ } ++ int size = 0; ++ char *xdguserdatadir = PR_GetEnvSecure("XDG_DATA_HOME"); ++ if (xdguserdatadir) { ++ size = strlen(xdguserdatadir); ++ } else { ++ size = strlen(userdir) + sizeof(XDG_NSS_USER_PATH1) + sizeof(XDG_NSS_USER_PATH2); ++ } ++ size += sizeof(XDG_NSS_USER_PATH3) + sizeof(NSS_USER_PATH2); ++ ++ nssdir = PORT_Alloc(size); + if (nssdir == NULL) { + return NULL; + } +- PORT_Strcpy(nssdir, userdir); +- /* verify it exists */ +- if (!testdir(nssdir)) { +- PORT_Free(nssdir); +- return NULL; ++ ++ if (xdguserdatadir) { ++ PORT_Strcpy(nssdir, xdguserdatadir); ++ if (!testdir(nssdir)) { ++ PORT_Free(nssdir); ++ return NULL; ++ } ++ ++ } else { ++ PORT_Strcpy(nssdir, userdir); ++ if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH1, 0755) || ++ appendDirAndCreate(nssdir, XDG_NSS_USER_PATH2, 0755)) { ++ PORT_Free(nssdir); ++ return NULL; ++ } + } +- PORT_Strcat(nssdir, NSS_USER_PATH1); +- if (!testdir(nssdir) && mkdir(nssdir, 0760)) { +- PORT_Free(nssdir); +- return NULL; +- } +- PORT_Strcat(nssdir, NSS_USER_PATH2); +- if (!testdir(nssdir) && mkdir(nssdir, 0760)) { ++ /* ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb */ ++ if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH3, 0760) || ++ appendDirAndCreate(nssdir, NSS_USER_PATH2, 0760)) { + PORT_Free(nssdir); + return NULL; + } diff --git a/SOURCES/nss-tests-paypal-certs-v2.patch b/SOURCES/nss-tests-paypal-certs-v2.patch deleted file mode 100644 index 8f37f8c..0000000 --- a/SOURCES/nss-tests-paypal-certs-v2.patch +++ /dev/null @@ -1,29 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1541595734 -3600 -# Wed Nov 07 14:02:14 2018 +0100 -# Node ID 19fd907784e38a5febb54588353368af91b12551 -# Parent 3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8 -Bug 1505317, update PayPal test certs - -diff --git a/tests/chains/scenarios/realcerts.cfg b/tests/chains/scenarios/realcerts.cfg ---- a/tests/chains/scenarios/realcerts.cfg -+++ b/tests/chains/scenarios/realcerts.cfg -@@ -21,7 +21,7 @@ verify TestUser51:x - result pass - - verify PayPalEE:x -- policy OID.2.16.840.1.114412.1.1 -+ policy OID.2.16.840.1.114412.2.1 - result pass - - verify BrAirWaysBadSig:x -diff --git a/tests/libpkix/vfychain_test.lst b/tests/libpkix/vfychain_test.lst ---- a/tests/libpkix/vfychain_test.lst -+++ b/tests/libpkix/vfychain_test.lst -@@ -1,4 +1,4 @@ - # Status | Leaf Cert | Policies | Others(undef) - 0 TestUser50 undef - 0 TestUser51 undef --0 PayPalEE OID.2.16.840.1.114412.1.1 -+0 PayPalEE OID.2.16.840.1.114412.2.1 diff --git a/SOURCES/nss-tests-ssl-normal-normal.patch b/SOURCES/nss-tests-ssl-normal-normal.patch deleted file mode 100644 index aa5346a..0000000 --- a/SOURCES/nss-tests-ssl-normal-normal.patch +++ /dev/null @@ -1,20 +0,0 @@ -# HG changeset patch -# User Daiki Ueno -# Date 1520875743 -3600 -# Mon Mar 12 18:29:03 2018 +0100 -# Node ID 1053cc7b45a2dfe4a44558f0a0e7c4b3f0e9c6ec -# Parent be88b7a4fb599a367a13688a9790d3010f3b3692 -Bug 1444960, Exercise SSL tests which only run under non-FIPS, r=kaie - -diff --git a/tests/all.sh b/tests/all.sh ---- a/tests/all.sh -+++ b/tests/all.sh -@@ -309,7 +309,7 @@ TESTS=${NSS_TESTS:-$tests} - - ALL_TESTS=${TESTS} - --nss_ssl_tests="crl iopr policy" -+nss_ssl_tests="crl iopr policy normal_normal" - if [ $NO_INIT_SUPPORT -eq 0 ]; then - nss_ssl_tests="$nss_ssl_tests fips_normal normal_fips" - fi diff --git a/SOURCES/nss-version-range-set.patch b/SOURCES/nss-version-range-set.patch new file mode 100644 index 0000000..8b3b25a --- /dev/null +++ b/SOURCES/nss-version-range-set.patch @@ -0,0 +1,43 @@ +diff -up nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc +--- nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc.version-range-set 2019-04-26 16:56:32.753283497 +0200 ++++ nss/gtests/ssl_gtest/ssl_versionpolicy_unittest.cc 2019-04-26 16:56:51.096889439 +0200 +@@ -151,12 +151,6 @@ class TestPolicyVersionRange + } + + bool IsValidInputForVersionRangeSet(SSLVersionRange* expectedEffectiveRange) { +- if (input_.min() <= SSL_LIBRARY_VERSION_3_0 && +- input_.max() >= SSL_LIBRARY_VERSION_TLS_1_3) { +- // This is always invalid input, independent of policy +- return false; +- } +- + if (input_.min() < library_.min() || input_.max() > library_.max() || + input_.min() > input_.max()) { + // Asking for unsupported ranges is invalid input for VersionRangeSet +diff -up nss/lib/ssl/sslsock.c.version-range-set nss/lib/ssl/sslsock.c +--- nss/lib/ssl/sslsock.c.version-range-set 2019-04-26 16:56:11.810733383 +0200 ++++ nss/lib/ssl/sslsock.c 2019-04-26 16:56:11.813733319 +0200 +@@ -2542,13 +2542,6 @@ SSL_VersionRangeGetDefault(SSLProtocolVa + return ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange); + } + +-static PRBool +-ssl3_HasConflictingSSLVersions(const SSLVersionRange *vrange) +-{ +- return (vrange->min <= SSL_LIBRARY_VERSION_3_0 && +- vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3); +-} +- + static SECStatus + ssl3_CheckRangeValidAndConstrainByPolicy(SSLProtocolVariant protocolVariant, + SSLVersionRange *vrange) +@@ -2557,8 +2550,7 @@ ssl3_CheckRangeValidAndConstrainByPolicy + + if (vrange->min > vrange->max || + !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->min) || +- !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max) || +- ssl3_HasConflictingSSLVersions(vrange)) { ++ !ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max)) { + PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE); + return SECFailure; + } diff --git a/SPECS/nss.spec b/SPECS/nss.spec index 2ad67f6..8b7324e 100644 --- a/SPECS/nss.spec +++ b/SPECS/nss.spec @@ -1,16 +1,28 @@ -%global nspr_version 4.19.0 -%global nss_util_version 3.36.0 -%global nss_util_build -1.1 +%global nspr_version 4.21.0 +%global nss_util_version 3.44.0 +%global nss_util_build -3 # adjust to the version that gets submitted for FIPS validation -%global nss_softokn_fips_version 3.36.0 -%global nss_softokn_version 3.36.0 +%global nss_softokn_fips_version 3.44.0 +%global nss_softokn_version 3.44.0 # Attention: Separate softokn versions for build and runtime. %global runtime_required_softokn_build_version -1 # Building NSS doesn't require the same version of softokn built for runtime. %global build_required_softokn_build_version -1 +%global nss_version 3.44.0 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools -%global allTools "certutil cmsutil crlutil derdump modutil pk12util pp signtool signver ssltap vfychain vfyserv" +%global allTools "certutil cmsutil crlutil derdump modutil nss-policy-check pk12util pp signtool signver ssltap vfychain vfyserv" + +# The timestamp of our downstream manual pages, e.g., nss-config.1 +%global manual_date "Nov 13 2013" + +# The upstream omits the trailing ".0", while we need it for +# consistency with the pkg-config version: +# https://bugzilla.redhat.com/show_bug.cgi?id=1578106 +%{lua: +rpm.define(string.format("nss_archive_version %s", + string.gsub(rpm.expand("%nss_version"), "(.*)%.0$", "%1"))) +} # solution taken from icedtea-web.spec %define multilib_arches ppc64 s390x sparc64 x86_64 @@ -24,10 +36,12 @@ # To "disable", add "#" to start of line, AND a space after "%". #% define nss_ckbi_suffix .with.ckbi.1.93 +%bcond_without tests + Summary: Network Security Services Name: nss -Version: 3.36.0 -Release: 7.1%{?dist} +Version: %{nss_version} +Release: 4%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -63,7 +77,7 @@ Requires: nss-pem%{?_isa} %define full_nss_version %{version} %endif -Source0: %{name}-%{full_nss_version}.tar.gz +Source0: %{name}-%{nss_archive_version}.tar.gz Source1: nss.pc.in Source2: nss-config.in Source3: blank-cert8.db @@ -93,9 +107,6 @@ Source33: TestOldCA.p12 Patch2: add-relro-linker-option.patch Patch3: renegotiate-transitional.patch Patch16: nss-539183.patch -# Remove this patch on when we rebase to NSS 3.40, bug 1639404 -Patch17: nss-3.36-ipsec_cert_vfy.patch -Patch18: nss-tests-paypal-certs-v2.patch # TODO: Remove this patch when the ocsp test are fixed Patch40: nss-3.14.0.0-disble-ocsp-test.patch # Fedora / RHEL-only patch, the templates directory was originally introduced to support mod_revocator @@ -111,7 +122,6 @@ Patch49: nss-skip-bltest-and-fipstest.patch Patch50: iquote.patch Patch52: Bug-1001841-disable-sslv2-libssl.patch Patch53: Bug-1001841-disable-sslv2-tests.patch -Patch55: enable-fips-when-system-is-in-fips-mode.patch # rhbz: https://bugzilla.redhat.com/show_bug.cgi?id=1026677 Patch56: p-ignore-setpolicy.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=943144 @@ -121,27 +131,42 @@ Patch108: nss-sni-c-v-fix.patch Patch123: nss-skip-util-gtest.patch Patch126: nss-reorder-cipher-suites.patch Patch127: nss-disable-cipher-suites.patch -Patch128: nss-enable-cipher-suites.patch Patch130: nss-reorder-cipher-suites-gtests.patch -Patch131: nss-disable-tls13-gtests.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1279520 -Patch135: nss-check-policy-file.patch # To revert the change in: # https://bugzilla.mozilla.org/show_bug.cgi?id=1377940 Patch136: nss-sql-default.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1278071 -Patch137: nss-pkcs12-iterations-limit.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1447628 -Patch138: nss-devslot-reinsert.patch # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1453408 Patch139: nss-modutil-skip-changepw-fips.patch # Work around for yum # https://bugzilla.redhat.com/show_bug.cgi?id=1469526 Patch141: nss-sysinit-getenv.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1483128 -Patch142: nss-ssl2-server-random.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1444960 -Patch143: nss-tests-ssl-normal-normal.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1542207 +Patch147: nss-dsa-policy.patch +# To revert the change in: +# https://bugzilla.mozilla.org/show_bug.cgi?id=818686 +Patch148: nss-sysinit-userdb.patch +# Disable nss-sysinit test which is sorely to test the above change +Patch149: nss-skip-sysinit-gtests.patch +# Enable SSLv2 compatible ClientHello, disabled in the change: +# https://bugzilla.mozilla.org/show_bug.cgi?id=1483128 +Patch150: nss-ssl2-compatible-client-hello.patch +# TLS 1.3 currently doesn't work under FIPS mode: +# https://bugzilla.redhat.com/show_bug.cgi?id=1710372 +Patch151: nss-skip-tls13-fips-tests.sh +# For backward compatibility: make -V "ssl3:" continue working, while +# the minimum version is clamped to tls1.0 +Patch152: nss-version-range-set.patch +# TLS 1.3 currently doesn't work under FIPS mode: +# https://bugzilla.redhat.com/show_bug.cgi?id=1710372 +Patch153: nss-fips-disable-tls13.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1552208 +Patch154: nss-disable-pkcs1-sigalgs-tls13.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1553443 +Patch155: nss-post-handshake-auth-with-tickets.patch +# https://bugzilla.mozilla.org/show_bug.cgi?id=1473806 +Patch156: nss-fix-public-key-from-priv.patch +Patch157: nss-add-ipsec-usage-to-manpage.patch + %description Network Security Services (NSS) is a set of libraries designed to @@ -211,7 +236,7 @@ low level services. %prep -%setup -q +%setup -q -n %{name}-%{nss_archive_version} %{__cp} %{SOURCE10} -f ./nss/tests/libpkix/certs %{__cp} %{SOURCE17} -f ./nss/tests/libpkix/certs %{__cp} %{SOURCE18} -f ./nss/tests/libpkix/certs @@ -219,15 +244,10 @@ low level services. %{__cp} %{SOURCE30} -f ./nss/tests/libpkix/certs %{__cp} %{SOURCE31} -f ./nss/tests/libpkix/certs %{__cp} %{SOURCE33} -f ./nss/tests/tools -%setup -q -T -D -n %{name}-%{version} %patch2 -p0 -b .relro %patch3 -p0 -b .transitional %patch16 -p0 -b .539183 -pushd nss -%patch17 -p1 -b .ipsec_vfy -%patch18 -p1 -b .update_paypal -popd %patch40 -p0 -b .noocsptest %patch47 -p0 -b .templates %patch49 -p0 -b .skipthem @@ -235,7 +255,6 @@ popd pushd nss %patch52 -p1 -b .disableSSL2libssl %patch53 -p1 -b .disableSSL2tests -%patch55 -p1 -b .852023_enable_fips_when_in_fips_mode %patch56 -p1 -b .1026677_ignore_set_policy %patch62 -p1 -b .fix_deadlock %patch100 -p0 -b .1171318 @@ -245,18 +264,22 @@ pushd nss %patch123 -p1 -b .skip-util-gtests %patch126 -p1 -b .reorder-cipher-suites %patch127 -p1 -b .disable-cipher-suites -%patch128 -p1 -b .enable-cipher-suites %patch130 -p1 -b .reorder-cipher-suites-gtests -%patch131 -p1 -b .disable-tls13-gtests -%patch135 -p1 -b .check_policy_file %patch136 -p1 -R -b .sql-default -%patch137 -p1 -b .pkcs12-iterations-limit -%patch138 -p1 -b .devslot-reinsert %patch139 -p1 -b .modutil-skip-changepw-fips +%patch148 -R -p1 -b .sysinit-userdb %patch141 -p1 -b .sysinit-getenv -%patch142 -p1 -b .ssl2-server-random -%patch143 -p1 -b .tests-ssl-normal-normal +%patch147 -p1 -b .dsa-policy +%patch149 -p1 -b .skip-sysinit-gtests +%patch150 -p1 -b .ssl2hello +%patch151 -p1 -b .skip-tls13-fips-mode +%patch152 -p1 -b .version-range-set +%patch153 -p1 -b .fips-disable-tls13 +%patch154 -p1 -b .disable-pkcs1-sigalgs-tls13 +%patch155 -p1 -b .post-handshake-auth-with-tickets popd +%patch156 -p1 -b .pub-priv-mechs +%patch157 -p1 -b .ipsec-usage ######################################################### # Higher-level libraries and test tools need access to @@ -360,8 +383,6 @@ export IN_TREE_FREEBL_HEADERS_FIRST=1 ##### phase 2: build the rest of nss export NSS_BLTEST_NOT_AVAILABLE=1 -export NSS_DISABLE_TLS_1_3=1 - export NSS_FORCE_FIPS=1 %{__make} -C ./nss/coreconf @@ -383,8 +404,12 @@ export POLICY_PATH="/etc/pki/nss-legacy" unset NSS_BLTEST_NOT_AVAILABLE # build the man pages clean -pushd ./nss -%{__make} clean_docs build_docs +pushd ./nss/doc +rm -rf ./nroff +%{__make} clean +echo -n %{manual_date} > date.xml +echo -n %{version} > version.xml +%{__make} popd # and copy them to the dist directory for %%install to find them @@ -430,7 +455,7 @@ chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh %{__cp} ./nss/lib/ckfw/nssck.api ./dist/private/nss/ -date +"%e %B %Y" | tr -d '\n' > date.xml +echo -n %{manual_date} > date.xml echo -n %{version} > version.xml # configuration files and setup script @@ -451,6 +476,7 @@ done %check +%if %{with tests} if [ ${DISABLETEST:-0} -eq 1 ]; then echo "testing disabled" exit 0 @@ -475,8 +501,6 @@ export USE_64 export NSS_BLTEST_NOT_AVAILABLE=1 -export NSS_DISABLE_TLS_1_3=1 - export NSS_FORCE_FIPS=1 # needed for the fips mangling test @@ -484,6 +508,13 @@ export SOFTOKEN_LIB_DIR=%{_libdir} # End -- copied from the build section +export GTESTS="certhigh_gtest certdb_gtest der_gtest pk11_gtest softoken_gtest smime_gtest" +export GTESTFILTER='-TlsConnectTest.DisallowSSLv3HelloWithTLSv13Enabled' + +# This is necessary because the test suite tests algorithms that are +# disabled by the system policy. +export NSS_IGNORE_SYSTEM_POLICY=1 + # enable the following line to force a test failure # find ./nss -name \*.chk | xargs rm -f @@ -550,7 +581,7 @@ popd # GREP_EXIT_STATUS > 1 would indicate an error in grep such as failure to find the log file. killall $RANDSERV || : -TEST_FAILURES=$(grep -c FAILED ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$? +TEST_FAILURES=$(grep -c -- '- FAILED$' ./tests_results/security/localhost.1/output.log) || GREP_EXIT_STATUS=$? if [ ${GREP_EXIT_STATUS:-0} -eq 1 ]; then echo "okay: test suite detected no failures" else @@ -577,6 +608,7 @@ else %endif fi echo "test suite completed" +%endif %install @@ -621,13 +653,13 @@ do done # Copy the binaries we want -for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap +for file in certutil cmsutil crlutil modutil nss-policy-check pk12util signver ssltap do %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{_bindir} done # Copy the binaries we ship as unsupported -for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain +for file in atob btoa derdump listsuites ocspclnt pp selfserv signtool strsclnt symkeyutil tstclnt vfyserv vfychain do %{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory} done @@ -749,8 +781,8 @@ fi %{_bindir}/cmsutil %{_bindir}/crlutil %{_bindir}/modutil +%{_bindir}/nss-policy-check %{_bindir}/pk12util -%{_bindir}/signtool %{_bindir}/signver %{_bindir}/ssltap %{unsupported_tools_directory}/atob @@ -760,6 +792,7 @@ fi %{unsupported_tools_directory}/ocspclnt %{unsupported_tools_directory}/pp %{unsupported_tools_directory}/selfserv +%{unsupported_tools_directory}/signtool %{unsupported_tools_directory}/strsclnt %{unsupported_tools_directory}/symkeyutil %{unsupported_tools_directory}/tstclnt @@ -771,12 +804,13 @@ fi %attr(0644,root,root) %doc /usr/share/man/man1/cmsutil.1.gz %attr(0644,root,root) %doc /usr/share/man/man1/crlutil.1.gz %attr(0644,root,root) %doc /usr/share/man/man1/modutil.1.gz +%attr(0644,root,root) %doc /usr/share/man/man1/nss-policy-check.1.gz %attr(0644,root,root) %doc /usr/share/man/man1/pk12util.1.gz -%attr(0644,root,root) %doc /usr/share/man/man1/signtool.1.gz %attr(0644,root,root) %doc /usr/share/man/man1/signver.1.gz # unsupported tools %attr(0644,root,root) %doc /usr/share/man/man1/derdump.1.gz %attr(0644,root,root) %doc /usr/share/man/man1/pp.1.gz +%attr(0644,root,root) %doc /usr/share/man/man1/signtool.1.gz %attr(0644,root,root) %doc /usr/share/man/man1/ssltap.1.gz %attr(0644,root,root) %doc /usr/share/man/man1/vfychain.1.gz %attr(0644,root,root) %doc /usr/share/man/man1/vfyserv.1.gz @@ -856,7 +890,64 @@ fi %changelog -* Mon Nov 12 2018 Bob Relyea - 3.36.0-7.1 +* Wed Jun 5 2019 Bob Relyea - 3.44.0-4 +- Fix certutil man page +- Fix extracting a public key from a private key for dh, ec, and dsa + +* Thu May 30 2019 Daiki Ueno - 3.44.0-3 +- Disable TLS 1.3 under FIPS mode +- Disable RSASSA-PKCS1-v1_5 in TLS 1.3 +- Fix post-handshake auth transcript calculation if + SSL_ENABLE_SESSION_TICKETS is set + +* Thu May 16 2019 Daiki Ueno - 3.44.0-2 +- Skip sysinit gtests properly +- Fix shell syntax error in tests/ssl/ssl.sh +- Regenerate manual pages + +* Wed May 15 2019 Daiki Ueno - 3.44.0-1 +- Rebase to NSS 3.44 +- Restore fix-min-library-version-in-SSLVersionRange.patch to keep + SSL3 supported in the code level while it is disabled by policy +- Skip TLS 1.3 tests under FIPS mode + +* Fri May 10 2019 Daiki Ueno - 3.43.0-9 +- Ignore system policy when running %%check + +* Fri May 3 2019 Daiki Ueno - 3.43.0-8 +- Fix policy string + +* Fri Apr 26 2019 Daiki Ueno - 3.43.0-7 +- Don't override date in man-pages +- Revert the change to use XDG basedirs (mozilla#818686) +- Enable SSL2 compatible ClientHello by default +- Disable SSL3 and RC4 by default + +* Mon Apr 8 2019 Daiki Ueno - 3.43.0-6 +- Make "-V ssl3:" option work with tools + +* Fri Apr 5 2019 Daiki Ueno - 3.43.0-5 +- Fix regression in MD5 disablement + +* Mon Apr 1 2019 Bob Relyea - 3.43.0-4 +- add certutil documentation + +* Thu Mar 28 2019 Daiki Ueno - 3.43.0-3 +- Restore complete removal of SSLv2 +- Disable SSLv3 +- Move signtool to unsupported directory + +* Mon Mar 25 2019 Bob Relyea - 3.43.0-2 +- Expand IPSEC usage to include ssl and email certs. Remove special + processing of the usage based on the critical flag + +* Thu Mar 21 2019 Daiki Ueno - 3.43.0-1 +- Rebase to NSS 3.43 + +* Mon Feb 25 2019 Bob Relyea - 3.36.0-8.1 +- move key on unwrap failure and retry. + +* Mon Nov 12 2018 Bob Relyea - 3.36.0-8 - Update the cert verify code to allow a new ipsec usage and follow RFC 4945 * Wed Aug 29 2018 Daiki Ueno - 3.36.0-7