From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Tue, 10 Dec 2019 14:40:14 +0300 From: Paul Wolneykien To: devel@lists.altlinux.org Message-ID: <20191210144014.36cde9e2@rigel.localdomain> In-Reply-To: References: <20191205094407.enexdwzus2lhqjll@comp-core-i7-2640m-0182e6> <20191205125048.6fed1b74@rigel.localdomain> <20191205182910.4aa137ad@rigel.localdomain> <9e75a7c6-3fbc-a4aa-7631-c4b3a84463e9@basealt.ru> <20191205183604.GB13107@altlinux.org> Organization: BaseALT X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-alt-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="MP_/oy2=FlBq6affBlZqjh3sfua" Subject: Re: [devel] =?utf-8?b?bnNzLWdvc3Qg0LggZmlyZWZveC1nb3N0INCyINCh0Lg=?= =?utf-8?b?0LfQuNGE0LU=?= X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Dec 2019 11:40:17 -0000 Archived-At: List-Archive: List-Post: --MP_/oy2=FlBq6affBlZqjh3sfua Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline =D0=92 Thu, 5 Dec 2019 19:05:35 +0000 manowar@altlinux.org =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > =D0=A7=D0=B5=D1=82=D0=B2=D0=B5=D1=80=D0=B3, 5 =D0=B4=D0=B5=D0=BA=D0=B0=D0= =B1=D1=80=D1=8F 2019 =D0=B3 =D0=BF=D0=BE=D0=BB=D1=83=D1=87=D0=B5=D0=BD=D0= =BE =D0=BE=D1=82 Dmitry V. Levin: > >=20 > > =D0=9F=D0=BE=D0=BC=D0=B5=D1=81=D1=82=D0=B8=D1=82=D1=8C =D0=B2 gostcrypt= o =D0=B8=D0=BB=D0=B8 =D1=81=D0=BC=D0=B5=D0=BD=D0=B8=D1=82=D1=8C soname - = =D0=B4=D0=B2=D0=B0 =D1=80=D0=B0=D0=B7=D0=BD=D1=8B=D1=85 =D0=BF=D0=BE=D0=B4= =D1=85=D0=BE=D0=B4=D0=B0, > > =D0=B2=D1=8B=D0=B1=D0=BE=D1=80 =D0=B7=D0=B0=D0=B2=D0=B8=D1=81=D0=B8=D1= =82 =D0=BE=D1=82 =D1=80=D0=B5=D1=88=D0=B0=D0=B5=D0=BC=D0=BE=D0=B9 =D0=B7=D0= =B0=D0=B4=D0=B0=D1=87=D0=B8. =D0=95=D1=81=D0=BB=D0=B8 =D0=BD=D1=83=D0=B6= =D0=BD=D0=B0 =D0=B1=D0=B8=D0=B1=D0=BB=D0=B8=D0=BE=D1=82=D0=B5=D0=BA=D0=B0, = =D0=BA=D0=BE=D1=82=D0=BE=D1=80=D1=83=D1=8E > > =D0=BC=D0=BE=D0=B6=D0=BD=D0=BE =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0= =B7=D0=BE=D0=B2=D0=B0=D1=82=D1=8C =D0=BE=D0=B4=D0=BD=D0=BE=D0=B2=D1=80=D0= =B5=D0=BC=D0=B5=D0=BD=D0=BD=D0=BE =D1=81 =D0=BE=D0=B1=D1=8B=D1=87=D0=BD=D0= =BE=D0=B9, =D1=82=D0=BE =D1=81=D0=BC=D0=B5=D0=BD=D0=B0 soname =D0=B8 =D0=BF= =D0=BE=D0=BB=D0=BD=D1=8B=D0=B9 > > =D1=80=D0=B0=D0=B7=D0=B2=D0=BE=D0=B4 provides. =D0=95=D1=81=D0=BB=D0= =B8 =D0=BD=D1=83=D0=B6=D0=BD=D0=B0 =D0=B1=D0=B8=D0=B1=D0=BB=D0=B8=D0=BE=D1= =82=D0=B5=D0=BA=D0=B0, =D0=BA=D0=BE=D1=82=D0=BE=D1=80=D1=83=D1=8E =D0=BC=D0= =BE=D0=B6=D0=BD=D0=BE =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE=D0= =B2=D0=B0=D1=82=D1=8C > > =D0=B2=D0=BC=D0=B5=D1=81=D1=82=D0=BE =D0=BE=D0=B1=D1=8B=D1=87=D0=BD=D0= =BE=D0=B9, =D1=82=D0=BE =D1=81=D0=BE=D1=85=D1=80=D0=B0=D0=BD=D0=B5=D0=BD=D0= =B8=D0=B5 soname =D0=B8 =D0=BF=D0=BE=D0=BC=D0=B5=D1=89=D0=B5=D0=BD=D0=B8=D0= =B5 =D0=B2 gostcrypto. =20 >=20 > =D0=92=D0=B0=D1=80=D0=B8=D0=B0=D0=BD=D1=82 "=D0=B2=D0=BC=D0=B5=D1=81=D1= =82=D0=BE" (gostcrypto) =D0=B1=D1=83=D0=B4=D0=B5=D1=82 =D0=BE=D1=81=D0=BE= =D0=B1=D0=B5=D0=BD=D0=BD=D0=BE =D0=B8=D0=BD=D1=82=D0=B5=D1=80=D0=B5=D1=81= =D0=B5=D0=BD, =D0=B5=D1=81=D0=BB=D0=B8 =D0=BC=D1=8B > =D0=B4=D0=BE=D0=B3=D0=BE=D0=B2=D0=BE=D1=80=D0=B8=D0=BC=D1=81=D1=8F =D0=B2= =D0=BA=D0=BB=D1=8E=D1=87=D0=B8=D1=82=D1=8C =D0=BD=D0=BE=D0=BC=D0=B5=D1=80= =D0=B0 =D0=93=D0=9E=D0=A1=D0=A2=D0=BE=D0=B2=D1=8B=D1=85 =D1=88=D0=B8=D1=84= =D1=80=D0=BE=D0=BD=D0=B0=D0=B1=D0=BE=D1=80=D0=BE=D0=B2 =D0=B2 =D0=B1=D0=B0= =D0=B7=D0=BE=D0=B2=D1=83=D1=8E =D0=B2=D0=B5=D1=80=D1=81=D0=B8=D1=8E > Firefox. =D0=9F=D1=80=D0=B8=D0=BB=D0=B0=D0=B3=D0=B0=D1=8E =D0=BF=D0=B0=D1=82=D1=87= , =D0=BA=D0=BE=D1=82=D0=BE=D1=80=D1=8B=D0=B9 =D1=80=D0=B0=D0=B7=D1=80=D0=B5= =D1=88=D0=B0=D0=B5=D1=82 =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE= =D0=B2=D0=B0=D0=BD=D0=B8=D0=B5 =D1=88=D0=B8=D1=84=D1=80=D0=BE=D0=BD=D0=B0= =D0=B1=D0=BE=D1=80=D0=BE=D0=B2 =D1=81 =D0=BD=D0=BE=D0=BC=D0=B5=D1=80=D0=B0=D0=BC=D0=B8 C100--C102 =D0=B8 81 =D0= =B4=D0=BB=D1=8F HTTPS. =D0=A1=D0=BC=D1=8B=D1=81=D0=BB =D0=B5=D0=B3=D0=BE = =D0=B2 =D1=82=D0=BE=D0=BC, =D1=87=D1=82=D0=BE =D0=BE=D0=BD =D1=80=D0=B0=D0= =B7=D1=80=D0=B5=D1=88=D0=B0=D0=B5=D1=82 =D0=BF=D1=80=D0=B8=D0=BD=D1=8F=D1=82=D1=8C =D0=B4=D0=B0=D0=BD=D0=BD=D1=8B= =D0=B5 =D1=88=D0=B8=D1=84=D1=80=D0=BE=D0=BD=D0=B0=D0=B1=D0=BE=D1=80=D1=8B = =D0=BA =D1=80=D0=B0=D1=81=D1=81=D0=BC=D0=BE=D1=82=D1=80=D0=B5=D0=BD=D0=B8= =D1=8E =D0=B2 =D1=80=D0=B0=D0=BC=D0=BA=D0=B0=D1=85 =D0=BF=D1=80=D0=BE=D1=86= =D0=B5=D0=B4=D1=83=D1=80=D1=8B =D1=83=D1=81=D1=82=D0=B0=D0=BD=D0=BE=D0=B2= =D0=BA=D0=B8 =D1=81=D0=BE=D0=B5=D0=B4=D0=B8=D0=BD=D0=B5=D0=BD=D0=B8=D1=8F. =D0=9F=D1=80= =D0=B8 =D1=8D=D1=82=D0=BE=D0=BC =D1=84=D0=B0=D0=BA=D1=82=D0=B8=D1=87=D0=B5= =D1=81=D0=BA=D0=BE=D0=B5 =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE= =D0=B2=D0=B0=D0=BD=D0=B8=D0=B5 =D1=88=D0=B8=D1=84=D1=80=D0=BE=D0=BD=D0=B0= =D0=B1=D0=BE=D1=80=D0=B0 =D0=B7=D0=B0=D0=B2=D0=B8=D1=81=D0=B8=D1=82 =D0=BE= =D1=82 =D1=81=D0=BE=D0=B1=D0=BB=D1=8E=D0=B4=D0=B5=D0=BD=D0=B8=D1=8F =D0=B4=D0=B2= =D1=83=D1=85 =D1=83=D1=81=D0=BB=D0=BE=D0=B2=D0=B8=D0=B9: 1) =D1=88=D0=B8=D1= =84=D1=80=D0=BE=D0=BD=D0=B0=D0=B1=D0=BE=D1=80 =D0=BF=D0=BE=D0=B4=D0=B4=D0= =B5=D1=80=D0=B6=D0=B8=D0=B2=D0=B0=D0=B5=D1=82=D1=81=D1=8F =D0=BA=D0=B0=D0= =BA=D0=B8=D0=BC-=D0=BB=D0=B8=D0=B1=D0=BE =D0=BC=D0=BE=D0=B4=D1=83=D0=BB=D0=B5=D0=BC NSS; 2) =D1=88=D0=B8=D1=84=D1=80= =D0=BE=D0=BD=D0=B0=D0=B1=D0=BE=D1=80 =D0=BF=D0=BE=D0=B4=D0=B4=D0=B5=D1=80= =D0=B6=D0=B8=D0=B2=D0=B0=D0=B5=D1=82=D1=81=D1=8F =D1=81=D0=B0=D0=B9=D1=82= =D0=BE=D0=BC. =D0=A2=D0=B0=D0=BA=D0=B8=D0=BC =D0=BE=D0=B1=D1=80=D0=B0=D0=B7= =D0=BE=D0=BC, =D1=81 =D0=BE=D0=B1=D1=8B=D0=BA=D0=BD=D0=BE=D0=B2=D0=B5=D0=BD=D0=BD=D0=BE=D0=B9 = =D1=81=D0=B1=D0=BE=D1=80=D0=BA=D0=BE=D0=B9 NSS =D0=BF=D0=BE=D0=B2=D0=B5=D0= =B4=D0=B5=D0=BD=D0=B8=D0=B5 =D0=B1=D1=80=D0=B0=D1=83=D0=B7=D0=B5=D1=80=D0= =B0 =D0=BD=D0=B8=D0=BA=D0=B0=D0=BA =D0=BD=D0=B5 =D0=B8=D0=B7=D0=BC=D0=B5=D0= =BD=D0=B8=D1=82=D1=81=D1=8F, =D0=BF=D0=BE=D1=81=D0=BA=D0=BE=D0=BB=D1=8C=D0=BA=D1=83 =D0=BD=D0=B5 =D0=B1= =D1=83=D0=B4=D0=B5=D1=82 =D1=81=D0=BE=D0=B1=D0=BB=D1=8E=D0=B4=D0=B5=D0=BD= =D0=BE =D1=83=D1=81=D0=BB=D0=BE=D0=B2=D0=B8=D0=B5 (1). =D0=9D=D0=BE =D0=BF= =D1=80=D0=B8 =D0=B7=D0=B0=D0=BC=D0=B5=D0=BD=D0=B5 libnss =D0=BD=D0=B0 libnss-gostcrypto =D0=BE=D0=BD=D0=BE, =D0=BD=D0=B0=D0=BF=D1=80=D0=BE=D1=82= =D0=B8=D0=B2, =D0=B1=D1=83=D0=B4=D0=B5=D1=82 =D1=81=D0=BE=D0=B1=D0=BB=D1=8E= =D0=B4=D0=B5=D0=BD=D0=BE =D0=B8 =D1=82=D0=B5=D0=BC =D1=81=D0=B0=D0=BC=D1=8B= =D0=BC =D0=BE=D1=82=D0=BA=D1=80=D0=BE=D0=B5=D1=82=D1=81=D1=8F =D0=B4=D0=BE=D1=81=D1=82=D1=83=D0=BF =D0=BA =D1=81=D0=B0=D0=B9=D1=82=D0=B0= =D0=BC (2). 2legion@: =D0=9D=D0=B0=D1=81=D0=BA=D0=BE=D0=BB=D1=8C=D0=BA=D0=BE =D0=B2= =D0=B5=D1=80=D0=BE=D1=8F=D1=82=D0=BD=D0=BE, =D0=BF=D0=BE =D0=B2=D0=B0=D1=88= =D0=B5=D0=BC=D1=83, =D0=BE=D0=B4=D0=BE=D0=B1=D1=80=D0=B5=D0=BD=D0=B8=D0=B5 = =D0=B4=D0=B0=D0=BD=D0=BD=D0=BE=D0=B3=D0=BE =D0=BF=D0=B0=D1=82=D1=87=D0=B0 Mozilla =D0=B4=D0=BB=D1=8F =D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=BE= =D0=B2=D0=B0=D0=BD=D0=B8=D1=8F =D0=B2 =D0=BD=D0=B0=D1=88=D0=B5=D0=B9 =D1=81= =D0=B1=D0=BE=D1=80=D0=BA=D0=B5 Firefox (=D1=82.=D0=B5. =D0=B2 =D0=A1=D0=B8= =D0=B7=D0=B8=D1=84=D0=B5)? > =D0=9F=D0=BE=D1=8F=D1=81=D0=BD=D1=8E. =D0=A1=D0=B5=D0=B9=D1=87=D0=B0=D1= =81 =D1=83 =D0=BC=D0=B5=D0=BD=D1=8F =D1=8D=D1=82=D0=B8 =D0=BD=D0=BE=D0=BC= =D0=B5=D1=80=D0=B0 =D0=B1=D0=B5=D1=80=D1=83=D1=82=D1=81=D1=8F =D0=B8=D0=B7 = =D0=BA=D0=BE=D0=BD=D1=81=D1=82=D0=B0=D0=BD=D1=82, > =D0=B4=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5=D0=BD=D0=BD=D1=8B=D1=85 =D0=B2= NSS. =D0=9D=D0=BE =D0=BD=D0=B8=D1=87=D1=82=D0=BE =D0=BD=D0=B5 =D0=BC=D0=B5= =D1=88=D0=B0=D0=B5=D1=82 =D0=BE=D0=BF=D1=80=D0=B5=D0=B4=D0=B5=D0=BB=D0=B8= =D1=82=D1=8C =D1=8D=D1=82=D0=B8 =D0=BD=D0=BE=D0=BC=D0=B5=D1=80=D0=B0 > =D0=BD=D0=B5=D0=BF=D0=BE=D1=81=D1=80=D0=B5=D0=B4=D1=81=D1=82=D0=B2=D0=B5= =D0=BD=D0=BD=D0=BE =D0=B2 =D0=BA=D0=BE=D0=B4=D0=B5 firefox, =D0=BF=D0=BE=D1= =82=D0=BE=D0=BC=D1=83 =D1=87=D1=82=D0=BE =D0=BE=D0=BD=D0=B8 =D0=BD=D0=B5 = =D1=81 =D0=BD=D0=B5=D0=B1=D0=B0 =D1=81=D0=B2=D0=B0=D0=BB=D0=B8=D0=BB=D0=B8= =D1=81=D1=8C, =D0=B0 > =D0=BE=D0=BF=D1=80=D0=B5=D0=B4=D0=B5=D0=BB=D0=B5=D0=BD=D1=8B =D0=B2 =D1= =81=D1=82=D0=B0=D0=BD=D0=B4=D0=B0=D1=80=D1=82=D0=B5. > =D0=98 =D1=82=D0=BE=D0=B3=D0=B4=D0=B0, =D0=B4=D0=B5=D0=B9=D1=81=D1=82= =D0=B2=D0=B8=D1=82=D0=B5=D0=BB=D1=8C=D0=BD=D0=BE, =D0=BC=D1=8B =D0=BF=D0=BE= =D0=BB=D1=83=D1=87=D0=B8=D0=BC =D1=81=D0=B8=D1=81=D1=82=D0=B5=D0=BC=D1=83, = =D0=B2 > =D0=BA=D0=BE=D1=82=D0=BE=D1=80=D0=BE=D0=B9 =D0=93=D0=9E=D0=A1=D0=A2 =D0= =B2=D0=BA=D0=BB=D1=8E=D1=87=D0=B0=D0=B5=D1=82=D1=81=D1=8F =D0=BF=D1=80=D0= =BE=D1=81=D1=82=D0=BE=D0=B9 =D0=B7=D0=B0=D0=BC=D0=B5=D0=BD=D0=BE=D0=B9 =D0= =BE=D0=B4=D0=BD=D0=BE=D0=B9 =D0=B1=D0=B8=D0=B1=D0=BB=D0=B8=D0=BE=D1=82=D0= =B5=D0=BA=D0=B8 =D0=BD=D0=B0 =D0=B4=D1=80=D1=83=D0=B3=D1=83=D1=8E, > =D0=B1=D0=B5=D0=B7 =D0=BF=D0=B5=D1=80=D0=B5=D1=83=D1=81=D1=82=D0=B0=D0=BD= =D0=BE=D0=B2=D0=BA=D0=B8 =D0=BF=D0=B0=D0=BA=D0=B5=D1=82=D0=BE=D0=B2. --MP_/oy2=FlBq6affBlZqjh3sfua Content-Type: text/x-patch Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=firefox-70.0.1-gost-ciphersuites.patch diff --git a/mozilla/security/manager/ssl/nsNSSComponent.cpp b/mozilla/security/manager/ssl/nsNSSComponent.cpp index c091ce7a763..5fd5a9bb549 100644 --- a/mozilla/security/manager/ssl/nsNSSComponent.cpp +++ b/mozilla/security/manager/ssl/nsNSSComponent.cpp @@ -903,6 +903,16 @@ nsresult LoadLoadableRootsTask::LoadLoadableRoots() { return NS_ERROR_FAILURE; } +// These cipher suites are already assigned to GOST by IANA --- see +// https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv . +#define TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC 0xC100 +#define TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC 0xC101 +#define TLS_GOSTR341112_256_WITH_28147_CNT_IMIT 0xC102 + +// This cipher suite is known to be used by https://eruz.zakupki.gov.ru/ +// for GOST-R-3411.94 with GOST-28147 IMIT mode cipher: +#define TLS_GOSTR341194_WITH_28147_CNT_IMIT 0x0081 + // Table of pref names and SSL cipher ID typedef struct { const char* pref; @@ -956,6 +966,18 @@ static const CipherPref sCipherPrefs[] = { {"security.ssl3.rsa_des_ede3_sha", TLS_RSA_WITH_3DES_EDE_CBC_SHA, true}, // deprecated (RSA key exchange, 3DES) + {"security.ssl3.ecdhe_gostr_3411_12_256_kuznyechik_ctr_omac", + TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC, true}, + + {"security.ssl3.ecdhe_gostr_3411_12_256_magma_ctr_omac", + TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC, true}, + + {"security.ssl3.ecdhe_gostr_3411_12_256_28147_cnt_imit", + TLS_GOSTR341112_256_WITH_28147_CNT_IMIT, true}, + + {"security.ssl3.ecdhe_gostr_3411_94_256_28147_cnt_imit", + TLS_GOSTR341194_WITH_28147_CNT_IMIT, true}, + // All the rest are disabled {nullptr, 0} // end marker --MP_/oy2=FlBq6affBlZqjh3sfua--