mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1345368 - land NSS 06158d335df0, r=me 

--HG--
extra : rebase_source : 75bb3b75d3bbbd4ba3a4e199fa0ad8c999ab38af
This commit is contained in:
Franziskus Kiefer 2017-03-24 08:38:05 +01:00
Родитель 3b3bf39b5a
Коммит c055a4757e
73 изменённых файлов: 969 добавлений и 423 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
security/nss/TAG-INFO
Просмотреть файл

@ -1 +1 @@
d621b1e53054
06158d335df0

30
security/nss/automation/taskcluster/docker-clang-3.9/Dockerfile Normal file
Просмотреть файл

@ -0,0 +1,30 @@
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Change user.
USER worker
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost
ENV DOMSUF localdomain
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]

20
security/nss/automation/taskcluster/docker-clang-3.9/bin/checkout.sh Normal file
Просмотреть файл

@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
# Default values for testing.
REVISION=${NSS_HEAD_REVISION:-default}
REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
# Clone NSS.
for i in 0 2 5; do
sleep $i
hg clone -r $REVISION $REPOSITORY nss && exit 0
rm -rf nss
done
exit 1

45
security/nss/automation/taskcluster/docker-clang-3.9/setup.sh Normal file
Просмотреть файл

@ -0,0 +1,45 @@
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Need this to add keys for PPAs below.
apt-get install -y --no-install-recommends apt-utils
apt_packages=()
apt_packages+=('ca-certificates')
apt_packages+=('curl')
apt_packages+=('xz-utils')
# Latest Mercurial.
apt_packages+=('mercurial')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
# Install packages.
apt-get -y update
apt-get install -y --no-install-recommends ${apt_packages[@]}
# Download clang.
curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
curl -LO http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
# Verify the signature.
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
gpg --verify *.tar.xz.sig
# Install into /usr/local/.
tar xJvf *.tar.xz -C /usr/local --strip-components=1
# Cleanup.
rm *.tar.xz*
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0

13
security/nss/automation/taskcluster/docker/setup.sh
Просмотреть файл

@ -49,9 +49,16 @@ apt-get install -y --no-install-recommends ${apt_packages[@]}
# 32-bit builds
ln -s /usr/include/x86_64-linux-gnu/zconf.h /usr/include
# Install clang-3.9 into /usr/local/.
# FIXME: verify signature
curl -L http://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz | tar xJv -C /usr/local --strip-components=1
# Download clang.
curl -LO http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz
curl -LO http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
# Verify the signature.
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
gpg --verify *.tar.xz.sig
# Install into /usr/local/.
tar xJvf *.tar.xz -C /usr/local --strip-components=1
# Cleanup.
rm *.tar.xz*
# Install latest Rust (stable).
su worker -c "curl https://sh.rustup.rs -sSf | sh -s -- -y"

32
security/nss/automation/taskcluster/graph/src/extend.js
Просмотреть файл

@ -5,8 +5,20 @@
import merge from "./merge";
import * as queue from "./queue";
const LINUX_IMAGE = {name: "linux", path: "automation/taskcluster/docker"};
const FUZZ_IMAGE = {name: "fuzz", path: "automation/taskcluster/docker-fuzz"};
const LINUX_IMAGE = {
name: "linux",
path: "automation/taskcluster/docker"
};
const LINUX_CLANG39_IMAGE = {
name: "linux-clang-3.9",
path: "automation/taskcluster/docker-clang-3.9"
};
const FUZZ_IMAGE = {
name: "fuzz",
path: "automation/taskcluster/docker-fuzz"
};
const WINDOWS_CHECKOUT_CMD =
"bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " +
@ -125,7 +137,8 @@ export default async function main() {
},
platform: "linux64",
collection: "asan",
image: LINUX_IMAGE
image: LINUX_IMAGE,
features: ["allowPtrace"],
});
await scheduleWindows("Windows 2012 64 (opt)", {
@ -221,12 +234,12 @@ async function scheduleLinux(name, base) {
// Extra builds.
let extra_base = merge({group: "Builds"}, build_base);
queue.scheduleTask(merge(extra_base, {
name: `${name} w/ clang-3.9`,
name: `${name} w/ clang-4.0`,
env: {
CC: "clang",
CCC: "clang++",
},
symbol: "clang-3.9"
symbol: "clang-4.0"
}));
queue.scheduleTask(merge(extra_base, {
@ -284,7 +297,7 @@ function scheduleFuzzingRun(base, name, target, max_len, symbol = null, corpus =
async function scheduleFuzzing() {
let base = {
env: {
ASAN_OPTIONS: "allocator_may_return_null=1",
ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1",
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
@ -563,7 +576,6 @@ function scheduleTests(task_build, task_cert, test_base) {
async function scheduleTools() {
let base = {
image: LINUX_IMAGE,
platform: "nss-tools",
kind: "test"
};
@ -571,6 +583,7 @@ async function scheduleTools() {
queue.scheduleTask(merge(base, {
symbol: "clang-format-3.9",
name: "clang-format-3.9",
image: LINUX_CLANG39_IMAGE,
command: [
"/bin/bash",
"-c",
@ -579,8 +592,9 @@ async function scheduleTools() {
}));
queue.scheduleTask(merge(base, {
symbol: "scan-build-3.9",
name: "scan-build-3.9",
symbol: "scan-build-4.0",
name: "scan-build-4.0",
image: LINUX_IMAGE,
env: {
USE_64: "1",
CC: "clang",

6
security/nss/cmd/ecperf/ecperf.c
Просмотреть файл

@ -482,7 +482,7 @@ ectest_curve_freebl(ECCurveName curve, int iterations, int numThreads,
rv = EC_NewKey(&ecParams, &ecPriv);
if (rv != SECSuccess) {
return SECFailure;
goto cleanup;
}
ecPub.ecParams = ecParams;
ecPub.publicValue = ecPriv->publicValue;
@ -515,7 +515,9 @@ ectest_curve_freebl(ECCurveName curve, int iterations, int numThreads,
cleanup:
SECITEM_FreeItem(&ecEncodedParams, PR_FALSE);
PORT_FreeArena(arena, PR_FALSE);
PORT_FreeArena(ecPriv->ecParams.arena, PR_FALSE);
if (ecPriv) {
PORT_FreeArena(ecPriv->ecParams.arena, PR_FALSE);
}
return rv;
}

5
security/nss/cmd/selfserv/selfserv.c
Просмотреть файл

@ -169,7 +169,8 @@ PrintUsageHeader(const char *progName)
" [-e ec_nickname]"
#endif /* NSS_DISABLE_ECC */
"\n"
" -U [0|1] -H [0|1|2] -W [0|1]\n",
" -U [0|1] -H [0|1|2] -W [0|1]\n"
"\n",
progName);
}
@ -219,7 +220,7 @@ PrintParameterUsage()
"-A <ca> Nickname of a CA used to sign a stapled cert status\n"
"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
"-H override default DHE server support, 0: disable, 1: enable, "
" 2: require DH named groups\n"
" 2: require DH named groups [RFC7919]\n"
"-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
"-c Restrict ciphers\n"
"-Y prints cipher values allowed for parameter -c and exits\n"

7
security/nss/cmd/tstclnt/tstclnt.c
Просмотреть файл

@ -178,7 +178,8 @@ PrintUsageHeader(const char *progName)
"[-n nickname] [-Bafosvx] [-c ciphers] [-Y] [-Z]\n"
"[-V [min-version]:[max-version]] [-K] [-T] [-U]\n"
"[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]] [-I groups]\n"
"[-A requestfile] [-L totalconnections]",
"[-A requestfile] [-L totalconnections]\n"
"\n",
progName);
}
@ -242,9 +243,7 @@ PrintParameterUsage(void)
fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6");
fprintf(stderr, "%-20s (Options -4 and -6 cannot be combined.)\n", "");
fprintf(stderr, "%-20s Enable the extended master secret extension [RFC7627]\n", "-G");
fprintf(stderr, "%-20s Require the use of FFDHE supported groups "
"[I-D.ietf-tls-negotiated-ff-dhe]\n",
"-H");
fprintf(stderr, "%-20s Require the use of FFDHE supported groups [RFC7919]\n", "-H");
fprintf(stderr, "%-20s Read from a file instead of stdin\n", "-A");
fprintf(stderr, "%-20s Allow 0-RTT data (TLS 1.3 only)\n", "-Z");
fprintf(stderr, "%-20s Disconnect and reconnect up to N times total\n", "-L");

8
security/nss/coreconf/config.gypi
Просмотреть файл

@ -223,14 +223,6 @@
'ldflags': [
'-Wl,-z,defs',
],
'conditions': [
['OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd"', {
# Bug 1321317 - unix_rand.c:880: undefined reference to `environ'
'ldflags': [
'-Wl,--warn-unresolved-symbols',
],
}],
],
}],
],
}],

1
security/nss/coreconf/coreconf.dep
Просмотреть файл

@ -10,4 +10,3 @@
*/
#error "Do not include this header file."

2
security/nss/coreconf/sanitizers.py
Просмотреть файл

@ -14,7 +14,7 @@ def main():
print('-fsanitize='+sys.argv[2]+' -fno-sanitize-recover=undefined ', end='')
return
if sanitizer == "asan":
print('-fsanitize=address ', end='')
print('-fsanitize=address -fsanitize-address-use-after-scope ', end='')
print('-fno-omit-frame-pointer -fno-optimize-sibling-calls ', end='')
return
if sanitizer == "msan":

2
security/nss/fuzz/tls_client_target.cc
Просмотреть файл

@ -81,7 +81,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
#ifdef UNSAFE_FUZZER_MODE
// Reset the RNG state.
assert(RNG_ResetForFuzzing() == SECSuccess);
assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
#endif
// Create and import dummy socket.

2
security/nss/fuzz/tls_server_target.cc
Просмотреть файл

@ -85,7 +85,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
#ifdef UNSAFE_FUZZER_MODE
// Reset the RNG state.
assert(RNG_ResetForFuzzing() == SECSuccess);
assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
#endif
// Create model socket.

2
security/nss/gtests/common/gtest.gypi
Просмотреть файл

@ -27,7 +27,7 @@
'-lstdc++',
],
}],
[ 'fuzz_tls==1', {
[ 'fuzz==1', {
'defines': [
'UNSAFE_FUZZER_MODE',
],

1
security/nss/gtests/der_gtest/der_gtest.gyp
Просмотреть файл

@ -13,6 +13,7 @@
'sources': [
'der_getint_unittest.cc',
'der_private_key_import_unittest.cc',
'der_quickder_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
],
'dependencies': [

83
security/nss/gtests/der_gtest/der_quickder_unittest.cc Normal file
Просмотреть файл

@ -0,0 +1,83 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <stdint.h>
#include "gtest/gtest.h"
#include "scoped_ptrs.h"
#include "nss.h"
#include "prerror.h"
#include "secasn1.h"
#include "secerr.h"
#include "secitem.h"
const SEC_ASN1Template mySEC_NullTemplate[] = {
{SEC_ASN1_NULL, 0, NULL, sizeof(SECItem)}};
namespace nss_test {
class QuickDERTest : public ::testing::Test,
public ::testing::WithParamInterface<SECItem> {};
static const uint8_t kNullTag = 0x05;
static const uint8_t kLongLength = 0x80;
// Length of zero wrongly encoded as 0x80 instead of 0x00.
static uint8_t kOverlongLength_0_0[] = {kNullTag, kLongLength | 0};
// Length of zero wrongly encoded as { 0x81, 0x00 } instead of 0x00.
static uint8_t kOverlongLength_1_0[] = {kNullTag, kLongLength | 1, 0x00};
// Length of zero wrongly encoded as:
//
// { 0x90, <arbitrary junk of 12 bytes>,
// 0x00, 0x00, 0x00, 0x00 }
//
// instead of 0x00. Note in particular that if there is an integer overflow
// then the arbitrary junk is likely get left-shifted away, as long as there
// are at least sizeof(length) bytes following it. This would be a good way to
// smuggle arbitrary input into DER-encoded data in a way that an non-careful
// parser would ignore.
static uint8_t kOverlongLength_16_0[] = {kNullTag, kLongLength | 0x10,
0x11, 0x22,
0x33, 0x44,
0x55, 0x66,
0x77, 0x88,
0x99, 0xAA,
0xBB, 0xCC,
0x00, 0x00,
0x00, 0x00};
static const SECItem kInvalidDER[] = {
{siBuffer, kOverlongLength_0_0, sizeof(kOverlongLength_0_0)},
{siBuffer, kOverlongLength_1_0, sizeof(kOverlongLength_1_0)},
{siBuffer, kOverlongLength_16_0, sizeof(kOverlongLength_16_0)},
};
TEST_P(QuickDERTest, InvalidLengths) {
const SECItem& original_input(GetParam());
ScopedSECItem copy_of_input(SECITEM_AllocItem(nullptr, nullptr, 0U));
ASSERT_TRUE(copy_of_input);
ASSERT_EQ(SECSuccess,
SECITEM_CopyItem(nullptr, copy_of_input.get(), &original_input));
PORTCheapArenaPool pool;
PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
ScopedSECItem parsed_value(SECITEM_AllocItem(nullptr, nullptr, 0U));
ASSERT_TRUE(parsed_value);
ASSERT_EQ(SECFailure,
SEC_QuickDERDecodeItem(&pool.arena, parsed_value.get(),
mySEC_NullTemplate, copy_of_input.get()));
ASSERT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
PORT_DestroyCheapArena(&pool);
}
INSTANTIATE_TEST_CASE_P(QuickderTestsInvalidLengths, QuickDERTest,
testing::ValuesIn(kInvalidDER));
} // namespace nss_test

1
security/nss/gtests/der_gtest/manifest.mn
Просмотреть файл

@ -9,6 +9,7 @@ MODULE = nss
CPPSRCS = \
der_getint_unittest.cc \
der_private_key_import_unittest.cc \
der_quickder_unittest.cc \
$(NULL)
INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \

51
security/nss/gtests/pk11_gtest/pk11_prng_unittest.cc
Просмотреть файл

@ -36,12 +36,12 @@ TEST_F(PK11PrngTest, Fuzz_DetPRNG_Reset) {
std::vector<uint8_t> rnd1(2048, 0);
std::vector<uint8_t> rnd2(2048, 0);
RNG_ResetForFuzzing();
EXPECT_EQ(SECSuccess, RNG_RandomUpdate(NULL, 0));
SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size());
EXPECT_EQ(rv, SECSuccess);
RNG_ResetForFuzzing();
EXPECT_EQ(SECSuccess, RNG_RandomUpdate(NULL, 0));
rv = PK11_GenerateRandom(rnd2.data(), rnd2.size());
EXPECT_EQ(rv, SECSuccess);
@ -54,7 +54,7 @@ TEST_F(PK11PrngTest, Fuzz_DetPRNG_StatefulReset) {
std::vector<uint8_t> rnd1(2048, 0);
std::vector<uint8_t> rnd2(2048, 0);
RNG_ResetForFuzzing();
EXPECT_EQ(SECSuccess, RNG_RandomUpdate(NULL, 0));
SECStatus rv = PK11_GenerateRandom(rnd1.data(), rnd1.size() - 1024);
EXPECT_EQ(rv, SECSuccess);
@ -62,7 +62,50 @@ TEST_F(PK11PrngTest, Fuzz_DetPRNG_StatefulReset) {
rv = PK11_GenerateRandom(rnd1.data() + 1024, rnd1.size() - 1024);
EXPECT_EQ(rv, SECSuccess);
RNG_ResetForFuzzing();
EXPECT_EQ(SECSuccess, RNG_RandomUpdate(NULL, 0));
rv = PK11_GenerateRandom(rnd2.data(), rnd2.size() - 1024);
EXPECT_EQ(rv, SECSuccess);
rv = PK11_GenerateRandom(rnd2.data() + 1024, rnd2.size() - 1024);
EXPECT_EQ(rv, SECSuccess);
EXPECT_EQ(rnd1, rnd2);
}
TEST_F(PK11PrngTest, Fuzz_DetPRNG_Seed) {
std::vector<uint8_t> rnd1(2048, 0);
std::vector<uint8_t> rnd2(2048, 0);
std::vector<uint8_t> seed = {0x01, 0x22, 0xAA, 0x45};
SECStatus rv = PK11_RandomUpdate(seed.data(), seed.size());
EXPECT_EQ(rv, SECSuccess);
rv = PK11_GenerateRandom(rnd1.data(), rnd1.size());
EXPECT_EQ(rv, SECSuccess);
rv = PK11_GenerateRandom(rnd2.data(), rnd2.size());
EXPECT_EQ(rv, SECSuccess);
EXPECT_NE(rnd1, rnd2);
}
TEST_F(PK11PrngTest, Fuzz_DetPRNG_StatefulReset_Seed) {
std::vector<uint8_t> rnd1(2048, 0);
std::vector<uint8_t> rnd2(2048, 0);
std::vector<uint8_t> seed = {0x01, 0x22, 0xAA, 0x45};
SECStatus rv = PK11_RandomUpdate(seed.data(), seed.size());
EXPECT_EQ(rv, SECSuccess);
rv = PK11_GenerateRandom(rnd1.data(), rnd1.size() - 1024);
EXPECT_EQ(rv, SECSuccess);
rv = PK11_GenerateRandom(rnd1.data() + 1024, rnd1.size() - 1024);
EXPECT_EQ(rv, SECSuccess);
rv = PK11_RandomUpdate(seed.data(), seed.size());
EXPECT_EQ(rv, SECSuccess);
rv = PK11_GenerateRandom(rnd2.data(), rnd2.size() - 1024);
EXPECT_EQ(rv, SECSuccess);

27
security/nss/gtests/ssl_gtest/ssl_0rtt_unittest.cc
Просмотреть файл

@ -24,8 +24,6 @@ namespace nss_test {
TEST_P(TlsConnectTls13, ZeroRtt) {
SetupForZeroRtt();
client_->SetExpectedAlertSentCount(1);
server_->SetExpectedAlertReceivedCount(1);
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
@ -105,8 +103,6 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttAlpn) {
EnableAlpn();
SetupForZeroRtt();
EnableAlpn();
client_->SetExpectedAlertSentCount(1);
server_->SetExpectedAlertReceivedCount(1);
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
@ -159,6 +155,7 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnServer) {
client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "a");
EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, sizeof(b)));
client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
ExpectAlert(client_, kTlsAlertIllegalParameter);
return true;
});
Handshake();
@ -178,6 +175,7 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttNoAlpnClient) {
PRUint8 b[] = {'b'};
EXPECT_EQ(SECSuccess, SSLInt_Set0RttAlpn(client_->ssl_fd(), b, 1));
client_->CheckAlpn(SSL_NEXT_PROTO_EARLY_VALUE, "b");
ExpectAlert(client_, kTlsAlertIllegalParameter);
return true;
});
Handshake();
@ -228,6 +226,10 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngrade) {
// client sends end_of_early_data only after reading the server's flight.
client_->Set0RttEnabled(true);
client_->ExpectSendAlert(kTlsAlertIllegalParameter);
if (mode_ == STREAM) {
server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
}
client_->Handshake();
server_->Handshake();
ASSERT_TRUE_WAIT(
@ -265,7 +267,13 @@ TEST_P(TlsConnectTls13, TestTls13ZeroRttDowngradeEarlyData) {
// Send the early data xtn in the CH, followed by early app data. The server
// will fail right after sending its flight, when receiving the early data.
client_->Set0RttEnabled(true);
ZeroRttSendReceive(true, false);
ZeroRttSendReceive(true, false, [this]() {
client_->ExpectSendAlert(kTlsAlertIllegalParameter);
if (mode_ == STREAM) {
server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
}
return true;
});
client_->Handshake();
server_->Handshake();
@ -301,9 +309,8 @@ TEST_P(TlsConnectTls13, SendTooMuchEarlyData) {
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
client_->SetExpectedAlertSentCount(1);
server_->SetExpectedAlertReceivedCount(1);
ExpectAlert(client_, kTlsAlertEndOfEarlyData);
client_->Handshake();
CheckEarlyDataLimit(client_, short_size);
@ -357,6 +364,7 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
client_->ExpectSendAlert(kTlsAlertEndOfEarlyData);
client_->Handshake(); // Send ClientHello
CheckEarlyDataLimit(client_, limit);
@ -369,6 +377,10 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
const PRInt32 message_len = static_cast<PRInt32>(strlen(message));
EXPECT_EQ(message_len, PR_Write(client_->ssl_fd(), message, message_len));
if (mode_ == STREAM) {
// This error isn't fatal for DTLS.
ExpectAlert(server_, kTlsAlertUnexpectedMessage);
}
server_->Handshake(); // Process ClientHello, send server flight.
server_->Handshake(); // Just to make sure that we don't read ahead.
CheckEarlyDataLimit(server_, limit);
@ -377,7 +389,6 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
std::vector<uint8_t> buf(strlen(message) + 1);
EXPECT_GT(0, PR_Read(server_->ssl_fd(), buf.data(), buf.capacity()));
if (mode_ == STREAM) {
// This error isn't fatal for DTLS.
server_->CheckErrorCode(SSL_ERROR_TOO_MUCH_EARLY_DATA);
}

7
security/nss/gtests/ssl_gtest/ssl_agent_unittest.cc
Просмотреть файл

@ -56,6 +56,7 @@ static const char *k0RttData = "ABCDEF";
TEST_P(TlsAgentTest, EarlyFinished) {
DataBuffer buffer;
MakeTrivialHandshakeRecord(kTlsHandshakeFinished, 0, &buffer);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_FINISHED);
}
@ -63,6 +64,7 @@ TEST_P(TlsAgentTest, EarlyFinished) {
TEST_P(TlsAgentTest, EarlyCertificateVerify) {
DataBuffer buffer;
MakeTrivialHandshakeRecord(kTlsHandshakeCertificateVerify, 0, &buffer);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
}
@ -90,6 +92,7 @@ TEST_P(TlsAgentTestClient13, EncryptedExtensionsInClear) {
MakeRecord(kTlsHandshakeType, SSL_LIBRARY_VERSION_TLS_1_3,
server_hello.data(), server_hello.len(), &buffer);
EnsureInit();
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
}
@ -114,6 +117,7 @@ TEST_F(TlsAgentStreamTestClient, EncryptedExtensionsInClearTwoPieces) {
agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
SSL_LIBRARY_VERSION_TLS_1_3);
ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
}
@ -144,6 +148,7 @@ TEST_F(TlsAgentDgramTestClient, EncryptedExtensionsInClearTwoPieces) {
agent_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_3,
SSL_LIBRARY_VERSION_TLS_1_3);
ProcessMessage(buffer, TlsAgent::STATE_CONNECTING);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer2, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE);
}
@ -174,6 +179,7 @@ TEST_F(TlsAgentStreamTestClient, Set0RttOptionThenRead) {
MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
&buffer);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(buffer, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA);
}
@ -194,6 +200,7 @@ TEST_F(TlsAgentStreamTestServer, Set0RttOptionClientHelloThenRead) {
MakeRecord(kTlsApplicationDataType, SSL_LIBRARY_VERSION_TLS_1_3,
reinterpret_cast<const uint8_t *>(k0RttData), strlen(k0RttData),
&buffer);
ExpectAlert(kTlsAlertBadRecordMac);
ProcessMessage(buffer, TlsAgent::STATE_ERROR, SSL_ERROR_BAD_MAC_READ);
}

12
security/nss/gtests/ssl_gtest/ssl_auth_unittest.cc
Просмотреть файл

@ -198,7 +198,7 @@ TEST_P(TlsConnectTls12, ClientAuthNoSigAlgsFallback) {
client_->SetupClientAuth();
server_->RequestClientAuth(true);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);
// We're expecting a bad signature here because we tampered with a handshake
// message (CertReq). Previously, without the SHA-1 fallback, we would've
@ -284,7 +284,7 @@ TEST_P(TlsConnectTls13, SignatureSchemeCurveMismatch) {
Reset(TlsAgent::kServerEcdsa256);
client_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
@ -302,7 +302,7 @@ TEST_P(TlsConnectTls13, SignatureSchemeBadConfig) {
Reset(TlsAgent::kServerEcdsa256); // P-256 cert can't be used.
server_->SetSignatureSchemes(SignatureSchemeEcdsaSha384,
PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
@ -325,7 +325,7 @@ TEST_P(TlsConnectTls12Plus, SignatureAlgorithmNoOverlapEcdsa) {
PR_ARRAY_SIZE(SignatureSchemeEcdsaSha384));
server_->SetSignatureSchemes(SignatureSchemeEcdsaSha256,
PR_ARRAY_SIZE(SignatureSchemeEcdsaSha256));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
}
@ -344,7 +344,7 @@ TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) {
TEST_P(TlsConnectTls13, SignatureAlgorithmDrop) {
client_->SetPacketFilter(
std::make_shared<TlsExtensionDropper>(ssl_signature_algorithms_xtn));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertMissingExtension);
client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
server_->CheckErrorCode(SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION);
}
@ -354,7 +354,7 @@ TEST_P(TlsConnectTls13, SignatureAlgorithmDrop) {
TEST_P(TlsConnectTls12, SignatureAlgorithmDrop) {
client_->SetPacketFilter(
std::make_shared<TlsExtensionDropper>(ssl_signature_algorithms_xtn));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
}

2
security/nss/gtests/ssl_gtest/ssl_cert_ext_unittest.cc
Просмотреть файл

@ -190,7 +190,7 @@ TEST_P(TlsConnectGenericPre13, OcspMangled) {
auto replacer = std::make_shared<TlsExtensionReplacer>(
ssl_cert_status_xtn, DataBuffer(val, sizeof(val)));
server_->SetPacketFilter(replacer);
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
}

9
security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
Просмотреть файл

@ -33,12 +33,14 @@ TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
client_->StartConnect();
client_->Handshake();
server_->Handshake();
std::cerr << "Damaging HS secret\n";
std::cerr << "Damaging HS secret" << std::endl;
SSLInt_DamageClientHsTrafficSecret(server_->ssl_fd());
client_->Handshake();
server_->Handshake();
// The client thinks it has connected.
EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
ExpectAlert(server_, kTlsAlertDecryptError);
server_->Handshake();
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
client_->Handshake();
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
@ -49,6 +51,9 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_3);
client_->ExpectSendAlert(kTlsAlertDecryptError);
// The server can't read the client's alert, so it also sends an alert.
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
server_->SetPacketFilter(std::make_shared<AfterRecordN>(
server_, client_,
0, // ServerHello.

26
security/nss/gtests/ssl_gtest/ssl_dhe_unittest.cc
Просмотреть файл

@ -97,7 +97,7 @@ TEST_P(TlsConnectGenericPre13, ConnectFfdheServer) {
Connect();
CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
} else {
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
@ -130,7 +130,7 @@ TEST_P(TlsConnectGenericPre13, DamageServerKeyShare) {
SSL_REQUIRE_DH_NAMED_GROUPS, PR_TRUE));
server_->SetPacketFilter(std::make_shared<TlsDheServerKeyExchangeDamager>());
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
@ -295,6 +295,11 @@ TEST_P(TlsDamageDHYTest, DamageServerY) {
server_->SetPacketFilter(
std::make_shared<TlsDheSkeChangeYServer>(change, true));
if (change == TlsDheSkeChangeY::kYZeroPad) {
ExpectAlert(client_, kTlsAlertDecryptError);
} else {
ExpectAlert(client_, kTlsAlertIllegalParameter);
}
ConnectExpectFail();
if (change == TlsDheSkeChangeY::kYZeroPad) {
// Zero padding Y only manifests in a signature failure.
@ -327,6 +332,11 @@ TEST_P(TlsDamageDHYTest, DamageClientY) {
client_->SetPacketFilter(
std::make_shared<TlsDheSkeChangeYClient>(change, server_filter));
if (change == TlsDheSkeChangeY::kYZeroPad) {
ExpectAlert(server_, kTlsAlertDecryptError);
} else {
ExpectAlert(server_, kTlsAlertHandshakeFailure);
}
ConnectExpectFail();
if (change == TlsDheSkeChangeY::kYZeroPad) {
// Zero padding Y only manifests in a finished error.
@ -385,7 +395,7 @@ TEST_P(TlsConnectGenericPre13, MakeDhePEven) {
EnableOnlyDheCiphers();
server_->SetPacketFilter(std::make_shared<TlsDheSkeMakePEven>());
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_DHE_KEY_SHARE);
server_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
@ -416,7 +426,7 @@ TEST_P(TlsConnectGenericPre13, PadDheP) {
EnableOnlyDheCiphers();
server_->SetPacketFilter(std::make_shared<TlsDheSkeZeroPadP>());
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertDecryptError);
// In TLS 1.0 and 1.1, the client reports a device error.
if (version_ < SSL_LIBRARY_VERSION_TLS_1_2) {
@ -475,7 +485,7 @@ TEST_P(TlsConnectTls13, NamedGroupMismatch13) {
server_->ConfigNamedGroups(server_groups);
client_->ConfigNamedGroups(client_groups);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
@ -493,7 +503,7 @@ TEST_P(TlsConnectGenericPre13, RequireNamedGroupsMismatchPre13) {
server_->ConfigNamedGroups(server_groups);
client_->ConfigNamedGroups(client_groups);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
@ -523,7 +533,7 @@ TEST_P(TlsConnectGenericPre13, MismatchDHE) {
EXPECT_EQ(SECSuccess, SSL_DHEGroupPrefSet(client_->ssl_fd(), clientGroups,
PR_ARRAY_SIZE(clientGroups)));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
@ -607,7 +617,7 @@ TEST_P(TlsConnectGenericPre13, InvalidDERSignatureFfdhe) {
server_->SetPacketFilter(std::make_shared<TlsDheSkeChangeSignature>(
version_, kBogusDheSignature, sizeof(kBogusDheSignature)));
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
}

10
security/nss/gtests/ssl_gtest/ssl_ecdh_unittest.cc
Просмотреть файл

@ -228,7 +228,7 @@ TEST_P(TlsConnectGenericPre13, DropSupportedGroupExtensionP256) {
auto group_capture = std::make_shared<TlsKeyExchangeGroupCapture>();
server_->SetPacketFilter(group_capture);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
@ -240,7 +240,7 @@ TEST_P(TlsConnectTls13, DropSupportedGroupExtension) {
EnsureTlsSetup();
client_->SetPacketFilter(
std::make_shared<TlsExtensionDropper>(ssl_supported_groups_xtn));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertMissingExtension);
client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
server_->CheckErrorCode(SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION);
}
@ -485,7 +485,7 @@ TEST_P(TlsConnectGeneric, P256ClientAndCurve25519Server) {
client_->ConfigNamedGroups(client_groups);
server_->ConfigNamedGroups(server_groups);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
@ -562,14 +562,14 @@ class ECCServerKEXFilter : public TlsHandshakeFilter {
TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyServerPoint) {
// add packet filter
server_->SetPacketFilter(std::make_shared<ECCServerKEXFilter>());
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH);
}
TEST_P(TlsConnectGenericPre13, ConnectECDHEmptyClientPoint) {
// add packet filter
client_->SetPacketFilter(std::make_shared<ECCClientKEXFilter>());
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH);
}

6
security/nss/gtests/ssl_gtest/ssl_ems_unittest.cc
Просмотреть файл

@ -79,11 +79,7 @@ TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretResumeWithout) {
Reset();
server_->EnableExtendedMasterSecret();
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertHandshakeFailure, alert_recorder->description());
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
}
TEST_P(TlsConnectGenericPre13, ConnectNormalResumeWithExtendedMasterSecret) {

3
security/nss/gtests/ssl_gtest/ssl_exporter_unittest.cc
Просмотреть файл

@ -91,8 +91,7 @@ int32_t RegularExporterShouldFail(TlsAgent* agent, const SECItem* srvNameArr,
TEST_P(TlsConnectTls13, EarlyExporter) {
SetupForZeroRtt();
client_->SetExpectedAlertSentCount(1);
server_->SetExpectedAlertReceivedCount(1);
ExpectAlert(client_, kTlsAlertEndOfEarlyData);
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);

94
security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
Просмотреть файл

@ -168,64 +168,14 @@ class TlsExtensionTestBase : public TlsConnectTestBase {
void ClientHelloErrorTest(std::shared_ptr<PacketFilter> filter,
uint8_t desc = kTlsAlertDecodeError) {
SSLAlert alert;
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
client_->SetPacketFilter(filter);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(desc, alert_recorder->description());
// verify no alerts received by the server
EXPECT_EQ(0U, server_->alert_received_count());
// verify the alert sent by the server
EXPECT_EQ(1U, server_->alert_sent_count());
EXPECT_TRUE(server_->GetLastAlertSent(&alert));
EXPECT_EQ(kTlsAlertFatal, alert.level);
EXPECT_EQ(desc, alert.description);
// verify the alert received by the client
EXPECT_EQ(1U, client_->alert_received_count());
EXPECT_TRUE(client_->GetLastAlertReceived(&alert));
EXPECT_EQ(kTlsAlertFatal, alert.level);
EXPECT_EQ(desc, alert.description);
// verify no alerts sent by the client
EXPECT_EQ(0U, client_->alert_sent_count());
ConnectExpectAlert(server_, desc);
}
void ServerHelloErrorTest(std::shared_ptr<PacketFilter> filter,
uint8_t desc = kTlsAlertDecodeError) {
SSLAlert alert;
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
client_->SetPacketFilter(alert_recorder);
server_->SetPacketFilter(filter);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(desc, alert_recorder->description());
// verify no alerts received by the client
EXPECT_EQ(0U, client_->alert_received_count());
// verify the alert sent by the client
EXPECT_EQ(1U, client_->alert_sent_count());
EXPECT_TRUE(client_->GetLastAlertSent(&alert));
EXPECT_EQ(kTlsAlertFatal, alert.level);
EXPECT_EQ(desc, alert.description);
// verify the alert received by the server
EXPECT_EQ(1U, server_->alert_received_count());
EXPECT_TRUE(server_->GetLastAlertReceived(&alert));
EXPECT_EQ(kTlsAlertFatal, alert.level);
EXPECT_EQ(desc, alert.description);
// verify no alerts sent by the server
EXPECT_EQ(0U, server_->alert_sent_count());
ConnectExpectAlert(client_, desc);
}
static void InitSimpleSni(DataBuffer* extension) {
@ -292,7 +242,7 @@ class TlsExtensionTest13 : public TlsExtensionTestBase,
DataBuffer versions_buf(buf, len);
client_->SetPacketFilter(std::make_shared<TlsExtensionReplacer>(
ssl_tls13_supported_versions_xtn, versions_buf));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}
@ -637,6 +587,8 @@ TEST_F(TlsExtensionTest13Stream, DropServerKeyShare) {
EnsureTlsSetup();
server_->SetPacketFilter(
std::make_shared<TlsExtensionDropper>(ssl_tls13_key_share_xtn));
client_->ExpectSendAlert(kTlsAlertMissingExtension);
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
EXPECT_EQ(SSL_ERROR_MISSING_KEY_SHARE, client_->error_code());
EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
@ -656,6 +608,8 @@ TEST_F(TlsExtensionTest13Stream, WrongServerKeyShare) {
EnsureTlsSetup();
server_->SetPacketFilter(
std::make_shared<TlsExtensionReplacer>(ssl_tls13_key_share_xtn, buf));
client_->ExpectSendAlert(kTlsAlertIllegalParameter);
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
EXPECT_EQ(SSL_ERROR_RX_MALFORMED_KEY_SHARE, client_->error_code());
EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
@ -676,6 +630,8 @@ TEST_F(TlsExtensionTest13Stream, UnknownServerKeyShare) {
EnsureTlsSetup();
server_->SetPacketFilter(
std::make_shared<TlsExtensionReplacer>(ssl_tls13_key_share_xtn, buf));
client_->ExpectSendAlert(kTlsAlertMissingExtension);
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
EXPECT_EQ(SSL_ERROR_MISSING_KEY_SHARE, client_->error_code());
EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
@ -686,6 +642,8 @@ TEST_F(TlsExtensionTest13Stream, AddServerSignatureAlgorithmsOnResumption) {
DataBuffer empty;
server_->SetPacketFilter(std::make_shared<TlsExtensionInjector>(
ssl_signature_algorithms_xtn, empty));
client_->ExpectSendAlert(kTlsAlertUnsupportedExtension);
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
EXPECT_EQ(SSL_ERROR_EXTENSION_DISALLOWED_FOR_VERSION, client_->error_code());
EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, server_->error_code());
@ -820,7 +778,7 @@ TEST_F(TlsExtensionTest13Stream, ResumeEmptyPskLabel) {
client_->SetPacketFilter(std::make_shared<TlsPreSharedKeyReplacer>([](
TlsPreSharedKeyReplacer* r) { r->identities_[0].identity.Truncate(0); }));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}
@ -833,7 +791,7 @@ TEST_F(TlsExtensionTest13Stream, ResumeIncorrectBinderValue) {
std::make_shared<TlsPreSharedKeyReplacer>([](TlsPreSharedKeyReplacer* r) {
r->binders_[0].Write(0, r->binders_[0].data()[0] ^ 0xff, 1);
}));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
}
@ -846,7 +804,7 @@ TEST_F(TlsExtensionTest13Stream, ResumeIncorrectBinderLength) {
std::make_shared<TlsPreSharedKeyReplacer>([](TlsPreSharedKeyReplacer* r) {
r->binders_[0].Write(r->binders_[0].len(), 0xff, 1);
}));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}
@ -857,7 +815,7 @@ TEST_F(TlsExtensionTest13Stream, ResumeBinderTooShort) {
client_->SetPacketFilter(std::make_shared<TlsPreSharedKeyReplacer>(
[](TlsPreSharedKeyReplacer* r) { r->binders_[0].Truncate(31); }));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}
@ -872,7 +830,7 @@ TEST_F(TlsExtensionTest13Stream, ResumeTwoPsks) {
r->identities_.push_back(r->identities_[0]);
r->binders_.push_back(r->binders_[0]);
}));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
}
@ -886,7 +844,7 @@ TEST_F(TlsExtensionTest13Stream, ResumeTwoIdentitiesOneBinder) {
std::make_shared<TlsPreSharedKeyReplacer>([](TlsPreSharedKeyReplacer* r) {
r->identities_.push_back(r->identities_[0]);
}));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}
@ -896,7 +854,7 @@ TEST_F(TlsExtensionTest13Stream, ResumeOneIdentityTwoBinders) {
client_->SetPacketFilter(std::make_shared<TlsPreSharedKeyReplacer>([](
TlsPreSharedKeyReplacer* r) { r->binders_.push_back(r->binders_[0]); }));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}
@ -909,7 +867,7 @@ TEST_F(TlsExtensionTest13Stream, ResumePskExtensionNotLast) {
client_->SetPacketFilter(
// Inject an unused extension.
std::make_shared<TlsExtensionAppender>(0xffff, empty));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
client_->CheckErrorCode(SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
}
@ -920,7 +878,7 @@ TEST_F(TlsExtensionTest13Stream, ResumeNoKeModes) {
DataBuffer empty;
client_->SetPacketFilter(std::make_shared<TlsExtensionDropper>(
ssl_tls13_psk_key_exchange_modes_xtn));
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertMissingExtension);
client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT);
server_->CheckErrorCode(SSL_ERROR_MISSING_PSK_KEY_EXCHANGE_MODES);
}
@ -936,6 +894,8 @@ TEST_F(TlsExtensionTest13Stream, ResumeBogusKeModes) {
DataBuffer modes(ke_modes, sizeof(ke_modes));
client_->SetPacketFilter(std::make_shared<TlsExtensionReplacer>(
ssl_tls13_psk_key_exchange_modes_xtn, modes));
client_->ExpectSendAlert(kTlsAlertBadRecordMac);
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
@ -955,6 +915,7 @@ TEST_P(TlsExtensionTest13, NoKeModesIfResumptionOff) {
// 1. Both sides only support TLS 1.3, so we get a cipher version
// error.
TEST_P(TlsExtensionTest13, RemoveTls13FromVersionList) {
ExpectAlert(server_, kTlsAlertProtocolVersion);
ConnectWithReplacementVersionList(SSL_LIBRARY_VERSION_TLS_1_2);
client_->CheckErrorCode(SSL_ERROR_PROTOCOL_VERSION_ALERT);
server_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_VERSION);
@ -965,6 +926,7 @@ TEST_P(TlsExtensionTest13, RemoveTls13FromVersionList) {
TEST_P(TlsExtensionTest13, RemoveTls13FromVersionListServerV12) {
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_3);
ExpectAlert(server_, kTlsAlertHandshakeFailure);
ConnectWithReplacementVersionList(SSL_LIBRARY_VERSION_TLS_1_2);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
@ -977,6 +939,11 @@ TEST_P(TlsExtensionTest13, RemoveTls13FromVersionListBothV12) {
SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_3);
#ifndef TLS_1_3_DRAFT_VERSION
ExpectAlert(server_, kTlsAlertIllegalParameter);
#else
ExpectAlert(server_, kTlsAlertDecryptError);
#endif
ConnectWithReplacementVersionList(SSL_LIBRARY_VERSION_TLS_1_2);
#ifndef TLS_1_3_DRAFT_VERSION
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
@ -988,18 +955,21 @@ TEST_P(TlsExtensionTest13, RemoveTls13FromVersionListBothV12) {
}
TEST_P(TlsExtensionTest13, HrrThenRemoveSignatureAlgorithms) {
ExpectAlert(server_, kTlsAlertMissingExtension);
HrrThenRemoveExtensionsTest(ssl_signature_algorithms_xtn,
SSL_ERROR_MISSING_EXTENSION_ALERT,
SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION);
}
TEST_P(TlsExtensionTest13, HrrThenRemoveKeyShare) {
ExpectAlert(server_, kTlsAlertIllegalParameter);
HrrThenRemoveExtensionsTest(ssl_tls13_key_share_xtn,
SSL_ERROR_ILLEGAL_PARAMETER_ALERT,
SSL_ERROR_BAD_2ND_CLIENT_HELLO);
}
TEST_P(TlsExtensionTest13, HrrThenRemoveSupportedGroups) {
ExpectAlert(server_, kTlsAlertMissingExtension);
HrrThenRemoveExtensionsTest(ssl_supported_groups_xtn,
SSL_ERROR_MISSING_EXTENSION_ALERT,
SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION);

9
security/nss/gtests/ssl_gtest/ssl_fuzz_unittest.cc
Просмотреть файл

@ -17,9 +17,6 @@ namespace nss_test {
#else
#define FUZZ_F(c, f) TEST_F(c, DISABLED_Fuzz_##f)
#define FUZZ_P(c, f) TEST_P(c, DISABLED_Fuzz_##f)
// RNG_ResetForFuzzing() isn't exported from the shared libraries, rather than
// fail to link to it, make it fail (we're not running it anyway).
#define RNG_ResetForFuzzing() SECFailure
#endif
const uint8_t kShortEmptyFinished[8] = {0};
@ -91,7 +88,7 @@ FUZZ_P(TlsConnectGeneric, DeterministicExporter) {
DisableECDHEServerKeyReuse();
// Reset the RNG state.
EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing());
EXPECT_EQ(SECSuccess, RNG_RandomUpdate(NULL, 0));
Connect();
// Export a key derived from the MS and nonces.
@ -105,7 +102,7 @@ FUZZ_P(TlsConnectGeneric, DeterministicExporter) {
DisableECDHEServerKeyReuse();
// Reset the RNG state.
EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing());
EXPECT_EQ(SECSuccess, RNG_RandomUpdate(NULL, 0));
Connect();
// Export another key derived from the MS and nonces.
@ -135,7 +132,7 @@ FUZZ_P(TlsConnectGeneric, DeterministicTranscript) {
server_->SetPacketFilter(std::make_shared<TlsConversationRecorder>(buffer));
// Reset the RNG state.
EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing());
EXPECT_EQ(SECSuccess, RNG_RandomUpdate(NULL, 0));
Connect();
// Ensure the filters go away before |buffer| does.

14
security/nss/gtests/ssl_gtest/ssl_gather_unittest.cc
Просмотреть файл

@ -15,18 +15,12 @@ class GatherV2ClientHelloTest : public TlsConnectTestBase {
void ConnectExpectMalformedClientHello(const DataBuffer &data) {
EnsureTlsSetup();
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
server_->ExpectSendAlert(kTlsAlertIllegalParameter);
client_->SendDirect(data);
server_->StartConnect();
server_->Handshake();
ASSERT_TRUE_WAIT(
(server_->error_code() == SSL_ERROR_RX_MALFORMED_CLIENT_HELLO), 2000);
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(illegal_parameter, alert_recorder->description());
}
};
@ -55,16 +49,12 @@ TEST_F(TlsConnectTest, GatherExcessiveV3Record) {
(void)buffer.Write(idx, MAX_FRAGMENT_LENGTH + 2048 + 1, 2); // length=max+1
EnsureTlsSetup();
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
server_->ExpectSendAlert(kTlsAlertRecordOverflow);
client_->SendDirect(buffer);
server_->StartConnect();
server_->Handshake();
ASSERT_TRUE_WAIT((server_->error_code() == SSL_ERROR_RX_RECORD_TOO_LONG),
2000);
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(record_overflow, alert_recorder->description());
}
// Gather a 3-byte v2 header, with a fragment length of 2.

7
security/nss/gtests/ssl_gtest/ssl_hrr_unittest.cc
Просмотреть файл

@ -144,6 +144,7 @@ TEST_P(TlsConnectTls13, SecondClientHelloRejectEarlyDataXtn) {
PRInt32 rv = PR_Write(client_->ssl_fd(), k0RttData, k0RttDataLen);
EXPECT_EQ(k0RttDataLen, rv);
ExpectAlert(server_, kTlsAlertUnsupportedExtension);
Handshake();
client_->CheckErrorCode(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT);
}
@ -181,7 +182,7 @@ TEST_P(TlsConnectTls13, RetryWithSameKeyShare) {
static const std::vector<SSLNamedGroup> groups = {ssl_grp_ec_secp384r1,
ssl_grp_ec_secp521r1};
server_->ConfigNamedGroups(groups);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
EXPECT_EQ(SSL_ERROR_BAD_2ND_CLIENT_HELLO, server_->error_code());
EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, client_->error_code());
}
@ -258,6 +259,7 @@ TEST_F(TlsConnectTest, Select12AfterHelloRetryRequest) {
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_2,
SSL_LIBRARY_VERSION_TLS_1_2);
server_->StartConnect();
ExpectAlert(client_, kTlsAlertIllegalParameter);
Handshake();
EXPECT_EQ(SSL_ERROR_ILLEGAL_PARAMETER_ALERT, server_->error_code());
EXPECT_EQ(SSL_ERROR_RX_MALFORMED_SERVER_HELLO, client_->error_code());
@ -309,6 +311,7 @@ TEST_P(HelloRetryRequestAgentTest, SendSecondHelloRetryRequest) {
MakeGroupHrr(ssl_grp_ec_secp384r1, &hrr, 0);
ProcessMessage(hrr, TlsAgent::STATE_CONNECTING);
MakeGroupHrr(ssl_grp_ec_secp521r1, &hrr, 1);
ExpectAlert(kTlsAlertUnexpectedMessage);
ProcessMessage(hrr, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_UNEXPECTED_HELLO_RETRY_REQUEST);
}
@ -318,6 +321,7 @@ TEST_P(HelloRetryRequestAgentTest, SendSecondHelloRetryRequest) {
TEST_P(HelloRetryRequestAgentTest, HandleBogusHelloRetryRequest) {
DataBuffer hrr;
MakeGroupHrr(ssl_grp_ec_curve25519, &hrr);
ExpectAlert(kTlsAlertIllegalParameter);
ProcessMessage(hrr, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
}
@ -325,6 +329,7 @@ TEST_P(HelloRetryRequestAgentTest, HandleBogusHelloRetryRequest) {
TEST_P(HelloRetryRequestAgentTest, HandleNoopHelloRetryRequest) {
DataBuffer hrr;
MakeCannedHrr(nullptr, 0U, &hrr);
ExpectAlert(kTlsAlertDecodeError);
ProcessMessage(hrr, TlsAgent::STATE_ERROR,
SSL_ERROR_RX_MALFORMED_HELLO_RETRY_REQUEST);
}

98
security/nss/gtests/ssl_gtest/ssl_loopback_unittest.cc
Просмотреть файл

@ -39,7 +39,7 @@ TEST_P(TlsConnectGeneric, ConnectEcdsa) {
CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa);
}
TEST_P(TlsConnectGenericPre13, CipherSuiteMismatch) {
TEST_P(TlsConnectGeneric, CipherSuiteMismatch) {
EnsureTlsSetup();
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
client_->EnableSingleCipher(TLS_AES_128_GCM_SHA256);
@ -48,11 +48,97 @@ TEST_P(TlsConnectGenericPre13, CipherSuiteMismatch) {
client_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
}
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
client_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
server_->CheckErrorCode(SSL_ERROR_NO_CYPHER_OVERLAP);
}
class TlsAlertRecorder : public TlsRecordFilter {
public:
TlsAlertRecorder() : level_(255), description_(255) {}
PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
const DataBuffer& input,
DataBuffer* output) override {
if (level_ != 255) { // Already captured.
return KEEP;
}
if (header.content_type() != kTlsAlertType) {
return KEEP;
}
std::cerr << "Alert: " << input << std::endl;
TlsParser parser(input);
EXPECT_TRUE(parser.Read(&level_));
EXPECT_TRUE(parser.Read(&description_));
return KEEP;
}
uint8_t level() const { return level_; }
uint8_t description() const { return description_; }
private:
uint8_t level_;
uint8_t description_;
};
class HelloTruncator : public TlsHandshakeFilter {
PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
const DataBuffer& input,
DataBuffer* output) override {
if (header.handshake_type() != kTlsHandshakeClientHello &&
header.handshake_type() != kTlsHandshakeServerHello) {
return KEEP;
}
output->Assign(input.data(), input.len() - 1);
return CHANGE;
}
};
// Verify that when NSS reports that an alert is sent, it is actually sent.
TEST_P(TlsConnectGeneric, CaptureAlertServer) {
client_->SetPacketFilter(std::make_shared<HelloTruncator>());
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertIllegalParameter, alert_recorder->description());
}
TEST_P(TlsConnectGenericPre13, CaptureAlertClient) {
server_->SetPacketFilter(std::make_shared<HelloTruncator>());
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
client_->SetPacketFilter(alert_recorder);
ConnectExpectAlert(client_, kTlsAlertDecodeError);
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertDecodeError, alert_recorder->description());
}
// In TLS 1.3, the server can't read the client alert.
TEST_P(TlsConnectTls13, CaptureAlertClient) {
server_->SetPacketFilter(std::make_shared<HelloTruncator>());
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
client_->SetPacketFilter(alert_recorder);
server_->StartConnect();
client_->StartConnect();
client_->Handshake();
client_->ExpectSendAlert(kTlsAlertDecodeError);
server_->Handshake();
client_->Handshake();
if (mode_ == STREAM) {
// DTLS just drops the alert it can't decrypt.
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
}
server_->Handshake();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertDecodeError, alert_recorder->description());
}
TEST_P(TlsConnectGenericPre13, ConnectFalseStart) {
client_->EnableFalseStart();
Connect();
@ -178,7 +264,7 @@ class TlsPreCCSHeaderInjector : public TlsRecordFilter {
TEST_P(TlsConnectStreamPre13, ClientFinishedHeaderBeforeCCS) {
client_->SetPacketFilter(std::make_shared<TlsPreCCSHeaderInjector>());
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertUnexpectedMessage);
client_->CheckErrorCode(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
server_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
}
@ -187,14 +273,18 @@ TEST_P(TlsConnectStreamPre13, ServerFinishedHeaderBeforeCCS) {
server_->SetPacketFilter(std::make_shared<TlsPreCCSHeaderInjector>());
client_->StartConnect();
server_->StartConnect();
ExpectAlert(client_, kTlsAlertUnexpectedMessage);
Handshake();
EXPECT_EQ(TlsAgent::STATE_ERROR, client_->state());
client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER);
EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
server_->Handshake(); // Make sure alert is consumed.
}
TEST_P(TlsConnectTls13, UnknownAlert) {
Connect();
server_->ExpectSendAlert(0xff, kTlsAlertWarning);
client_->ExpectReceiveAlert(0xff, kTlsAlertWarning);
SSLInt_SendAlert(server_->ssl_fd(), kTlsAlertWarning,
0xff); // Unknown value.
client_->ExpectReadWriteError();
@ -203,6 +293,8 @@ TEST_P(TlsConnectTls13, UnknownAlert) {
TEST_P(TlsConnectTls13, AlertWrongLevel) {
Connect();
server_->ExpectSendAlert(kTlsAlertUnexpectedMessage, kTlsAlertWarning);
client_->ExpectReceiveAlert(kTlsAlertUnexpectedMessage, kTlsAlertWarning);
SSLInt_SendAlert(server_->ssl_fd(), kTlsAlertWarning,
kTlsAlertUnexpectedMessage);
client_->ExpectReadWriteError();

10
security/nss/gtests/ssl_gtest/ssl_resumption_unittest.cc
Просмотреть файл

@ -481,6 +481,12 @@ TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
server_->SetPacketFilter(std::make_shared<SelectedCipherSuiteReplacer>(
ChooseAnotherCipher(version_)));
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
client_->ExpectSendAlert(kTlsAlertIllegalParameter);
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
} else {
ExpectAlert(client_, kTlsAlertHandshakeFailure);
}
ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
@ -553,7 +559,7 @@ TEST_P(TlsConnectGenericPre13, TestResumptionOverrideVersion) {
server_->SetPacketFilter(
std::make_shared<SelectedVersionReplacer>(override_version));
ConnectExpectFail();
ConnectExpectAlert(client_, kTlsAlertHandshakeFailure);
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
server_->CheckErrorCode(SSL_ERROR_HANDSHAKE_FAILURE_ALERT);
}
@ -691,6 +697,8 @@ TEST_F(TlsConnectTest, TestTls13ResumptionForcedDowngrade) {
std::make_shared<SelectedVersionReplacer>(SSL_LIBRARY_VERSION_TLS_1_2));
server_->SetPacketFilter(std::make_shared<ChainedPacketFilter>(filters));
client_->ExpectSendAlert(kTlsAlertDecodeError);
server_->ExpectSendAlert(kTlsAlertBadRecordMac); // Server can't read
ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);

13
security/nss/gtests/ssl_gtest/ssl_skip_unittest.cc
Просмотреть файл

@ -87,12 +87,8 @@ class TlsSkipTest
void ServerSkipTest(std::shared_ptr<PacketFilter> filter,
uint8_t alert = kTlsAlertUnexpectedMessage) {
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
client_->SetPacketFilter(alert_recorder);
server_->SetPacketFilter(filter);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(alert, alert_recorder->description());
ConnectExpectAlert(client_, alert);
}
};
@ -106,7 +102,9 @@ class Tls13SkipTest : public TlsConnectTestBase,
EnsureTlsSetup();
server_->SetTlsRecordFilter(filter);
filter->EnableDecryption();
client_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
if (mode_ == STREAM) {
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
} else {
ConnectExpectFailOneSide(TlsAgent::CLIENT);
@ -123,10 +121,13 @@ class Tls13SkipTest : public TlsConnectTestBase,
EnsureTlsSetup();
client_->SetTlsRecordFilter(filter);
filter->EnableDecryption();
server_->ExpectSendAlert(kTlsAlertUnexpectedMessage);
ConnectExpectFailOneSide(TlsAgent::SERVER);
server_->CheckErrorCode(error);
ASSERT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
client_->Handshake(); // Make sure to consume the alert the server sends.
}
};
@ -211,6 +212,7 @@ TEST_P(Tls13SkipTest, SkipServerCertificateVerify) {
TEST_P(Tls13SkipTest, SkipClientCertificate) {
client_->SetupClientAuth();
server_->RequestClientAuth(true);
client_->ExpectReceiveAlert(kTlsAlertUnexpectedMessage);
ClientSkipTest(
std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificate),
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
@ -219,6 +221,7 @@ TEST_P(Tls13SkipTest, SkipClientCertificate) {
TEST_P(Tls13SkipTest, SkipClientCertificateVerify) {
client_->SetupClientAuth();
server_->RequestClientAuth(true);
client_->ExpectReceiveAlert(kTlsAlertUnexpectedMessage);
ClientSkipTest(
std::make_shared<TlsHandshakeSkipFilter>(kTlsHandshakeCertificateVerify),
SSL_ERROR_RX_UNEXPECTED_FINISHED);

24
security/nss/gtests/ssl_gtest/ssl_staticrsa_unittest.cc
Просмотреть файл

@ -52,11 +52,7 @@ TEST_P(TlsConnectStreamPre13, ConnectStaticRSABogusCKE) {
kTlsHandshakeClientKeyExchange,
DataBuffer(kBogusClientKeyExchange, sizeof(kBogusClientKeyExchange)));
client_->SetPacketFilter(i1);
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
ConnectExpectAlert(server_, kTlsAlertBadRecordMac);
}
// Test that a PMS with a bogus version number is handled correctly.
@ -65,11 +61,7 @@ TEST_P(TlsConnectStreamPre13, ConnectStaticRSABogusPMSVersionDetect) {
EnableOnlyStaticRsaCiphers();
client_->SetPacketFilter(
std::make_shared<TlsInspectorClientHelloVersionChanger>(server_));
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
ConnectExpectAlert(server_, kTlsAlertBadRecordMac);
}
// Test that a PMS with a bogus version number is ignored when
@ -91,11 +83,7 @@ TEST_P(TlsConnectStreamPre13, ConnectExtendedMasterSecretStaticRSABogusCKE) {
kTlsHandshakeClientKeyExchange,
DataBuffer(kBogusClientKeyExchange, sizeof(kBogusClientKeyExchange)));
client_->SetPacketFilter(inspect);
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
ConnectExpectAlert(server_, kTlsAlertBadRecordMac);
}
// This test is stream so we can catch the bad_record_mac alert.
@ -105,11 +93,7 @@ TEST_P(TlsConnectStreamPre13,
EnableExtendedMasterSecret();
client_->SetPacketFilter(
std::make_shared<TlsInspectorClientHelloVersionChanger>(server_));
auto alert_recorder = std::make_shared<TlsAlertRecorder>();
server_->SetPacketFilter(alert_recorder);
ConnectExpectFail();
EXPECT_EQ(kTlsAlertFatal, alert_recorder->level());
EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description());
ConnectExpectAlert(server_, kTlsAlertBadRecordMac);
}
TEST_P(TlsConnectStreamPre13,

18
security/nss/gtests/ssl_gtest/ssl_v2_client_hello_unittest.cc
Просмотреть файл

@ -220,7 +220,7 @@ TEST_P(SSLv2ClientHelloTest, ConnectAfterEmptyV3Record) {
// as the record length.
SetPadding(255);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
EXPECT_EQ(SSL_ERROR_BAD_CLIENT, server_->error_code());
}
@ -233,7 +233,7 @@ TEST_F(SSLv2ClientHelloTestF, Connect13) {
std::vector<uint16_t> cipher_suites = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256};
SetAvailableCipherSuites(cipher_suites);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
}
@ -260,7 +260,7 @@ TEST_P(SSLv2ClientHelloTest, SendSecurityEscape) {
// Set a big padding so that the server fails instead of timing out.
SetPadding(255);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
}
// Invalid SSLv2 client hello padding must fail the handshake.
@ -270,7 +270,7 @@ TEST_P(SSLv2ClientHelloTest, AddErroneousPadding) {
// Append 5 bytes of padding but say it's only 4.
SetPadding(5, 4);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
}
@ -281,7 +281,7 @@ TEST_P(SSLv2ClientHelloTest, AddErroneousPadding2) {
// Append 5 bytes of padding but say it's 6.
SetPadding(5, 6);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
}
@ -292,7 +292,7 @@ TEST_P(SSLv2ClientHelloTest, SmallClientRandom) {
// Send a ClientRandom that's too small.
SetClientRandomLength(15);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
}
@ -310,7 +310,7 @@ TEST_P(SSLv2ClientHelloTest, BigClientRandom) {
// Send a ClientRandom that's too big.
SetClientRandomLength(33);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
EXPECT_EQ(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, server_->error_code());
}
@ -319,7 +319,7 @@ TEST_P(SSLv2ClientHelloTest, BigClientRandom) {
TEST_P(SSLv2ClientHelloTest, RequireSafeRenegotiation) {
RequireSafeRenegotiation();
SetAvailableCipherSuite(TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertHandshakeFailure);
EXPECT_EQ(SSL_ERROR_UNSAFE_NEGOTIATION, server_->error_code());
}
@ -361,7 +361,7 @@ TEST_F(SSLv2ClientHelloTestF, InappropriateFallbackSCSV) {
TLS_FALLBACK_SCSV};
SetAvailableCipherSuites(cipher_suites);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertInappropriateFallback);
EXPECT_EQ(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, server_->error_code());
}

20
security/nss/gtests/ssl_gtest/ssl_version_unittest.cc
Просмотреть файл

@ -135,7 +135,7 @@ TEST_P(TlsConnectGeneric, TestFallbackSCSVVersionMatch) {
TEST_P(TlsConnectGenericPre13, TestFallbackSCSVVersionMismatch) {
client_->SetFallbackSCSVEnabled(true);
server_->SetVersionRange(version_, version_ + 1);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertInappropriateFallback);
client_->CheckErrorCode(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT);
}
@ -177,6 +177,13 @@ TEST_P(TlsConnectStream, ConnectTls10AndServerRenegotiateHigher) {
// doesn't fail.
server_->ResetPreliminaryInfo();
server_->StartRenegotiate();
if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
ExpectAlert(server_, kTlsAlertUnexpectedMessage);
} else {
ExpectAlert(client_, kTlsAlertIllegalParameter);
}
Handshake();
if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
// In TLS 1.3, the server detects this problem.
@ -210,6 +217,11 @@ TEST_P(TlsConnectStream, ConnectTls10AndClientRenegotiateHigher) {
// doesn't fail.
server_->ResetPreliminaryInfo();
client_->StartRenegotiate();
if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
ExpectAlert(server_, kTlsAlertUnexpectedMessage);
} else {
ExpectAlert(client_, kTlsAlertIllegalParameter);
}
Handshake();
if (test_version >= SSL_LIBRARY_VERSION_TLS_1_3) {
// In TLS 1.3, the server detects this problem.
@ -241,7 +253,7 @@ TEST_F(TlsConnectTest, Tls13RejectsRehandshakeServer) {
TEST_P(TlsConnectGeneric, AlertBeforeServerHello) {
EnsureTlsSetup();
client_->SetExpectedAlertReceivedCount(1);
client_->ExpectReceiveAlert(kTlsAlertUnrecognizedName, kTlsAlertWarning);
client_->StartConnect();
server_->StartConnect();
client_->Handshake(); // Send ClientHello.
@ -268,7 +280,7 @@ class Tls13NoSupportedVersions : public TlsConnectStreamTls12 {
auto capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
kTlsHandshakeServerHello);
server_->SetPacketFilter(capture);
ConnectExpectFail();
ConnectExpectAlert(server_, kTlsAlertDecryptError);
client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
const DataBuffer& server_hello = capture->buffer();
@ -305,6 +317,8 @@ TEST_F(TlsConnectStreamTls13, Tls14ClientHelloWithSupportedVersions) {
auto capture = std::make_shared<TlsInspectorRecordHandshakeMessage>(
kTlsHandshakeServerHello);
server_->SetPacketFilter(capture);
client_->ExpectSendAlert(kTlsAlertBadRecordMac);
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);

70
security/nss/gtests/ssl_gtest/tls_agent.cc
Просмотреть файл

@ -60,12 +60,10 @@ TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode)
can_falsestart_hook_called_(false),
sni_hook_called_(false),
auth_certificate_hook_called_(false),
alert_received_count_(0),
expected_alert_received_count_(0),
last_alert_received_({0, 0}),
alert_sent_count_(0),
expected_alert_sent_count_(0),
last_alert_sent_({0, 0}),
expected_received_alert_(kTlsAlertCloseNotify),
expected_received_alert_level_(kTlsAlertWarning),
expected_sent_alert_(kTlsAlertCloseNotify),
expected_sent_alert_level_(kTlsAlertWarning),
handshake_callback_called_(false),
error_code_(0),
send_ctr_(0),
@ -90,6 +88,11 @@ TlsAgent::~TlsAgent() {
if (adapter_) {
Poller::Instance()->Cancel(READABLE_EVENT, adapter_);
}
EXPECT_EQ(expected_received_alert_, kTlsAlertCloseNotify);
EXPECT_EQ(expected_received_alert_level_, kTlsAlertWarning);
EXPECT_EQ(expected_sent_alert_, kTlsAlertCloseNotify);
EXPECT_EQ(expected_sent_alert_level_, kTlsAlertWarning);
}
void TlsAgent::SetState(State state) {
@ -607,9 +610,53 @@ void TlsAgent::CheckErrorCode(int32_t expected) const {
<< PORT_ErrorToName(expected) << std::endl;
}
void TlsAgent::CheckAlerts() const {
EXPECT_EQ(expected_alert_received_count_, alert_received_count_);
EXPECT_EQ(expected_alert_sent_count_, alert_sent_count_);
static uint8_t GetExpectedAlertLevel(uint8_t alert) {
switch (alert) {
case kTlsAlertCloseNotify:
case kTlsAlertEndOfEarlyData:
return kTlsAlertWarning;
default:
break;
}
return kTlsAlertFatal;
}
void TlsAgent::ExpectReceiveAlert(uint8_t alert, uint8_t level) {
expected_received_alert_ = alert;
if (level == 0) {
expected_received_alert_level_ = GetExpectedAlertLevel(alert);
} else {
expected_received_alert_level_ = level;
}
}
void TlsAgent::ExpectSendAlert(uint8_t alert, uint8_t level) {
expected_sent_alert_ = alert;
if (level == 0) {
expected_sent_alert_level_ = GetExpectedAlertLevel(alert);
} else {
expected_sent_alert_level_ = level;
}
}
void TlsAgent::CheckAlert(bool sent, const SSLAlert* alert) {
LOG(((alert->level == kTlsAlertWarning) ? "Warning" : "Fatal")
<< " alert " << (sent ? "sent" : "received") << ": "
<< static_cast<int>(alert->description));
auto& expected = sent ? expected_sent_alert_ : expected_received_alert_;
auto& expected_level =
sent ? expected_sent_alert_level_ : expected_received_alert_level_;
/* Silently pass close_notify in case the test has already ended. */
if (expected == kTlsAlertCloseNotify && expected_level == kTlsAlertWarning &&
alert->description == expected && alert->level == expected_level) {
return;
}
EXPECT_EQ(expected, alert->description);
EXPECT_EQ(expected_level, alert->level);
expected = kTlsAlertCloseNotify;
expected_level = kTlsAlertWarning;
}
void TlsAgent::WaitForErrorCode(int32_t expected, uint32_t delay) const {
@ -946,6 +993,11 @@ void TlsAgentTestBase::EnsureInit() {
agent_->ConfigNamedGroups(groups);
}
void TlsAgentTestBase::ExpectAlert(uint8_t alert) {
EnsureInit();
agent_->ExpectSendAlert(alert);
}
void TlsAgentTestBase::ProcessMessage(const DataBuffer& buffer,
TlsAgent::State expected_state,
int32_t error_code) {

62
security/nss/gtests/ssl_gtest/tls_agent.h
Просмотреть файл

@ -144,7 +144,6 @@ class TlsAgent : public PollTarget {
void EnableSrtp();
void CheckSrtp() const;
void CheckErrorCode(int32_t expected) const;
void CheckAlerts() const;
void WaitForErrorCode(int32_t expected, uint32_t delay) const;
// Send data on the socket, encrypting it.
void SendData(size_t bytes, size_t blocksize = 1024);
@ -246,33 +245,8 @@ class TlsAgent : public PollTarget {
sni_callback_ = sni_callback;
}
size_t alert_received_count() const { return alert_received_count_; }
void SetExpectedAlertReceivedCount(size_t count) {
expected_alert_received_count_ = count;
}
bool GetLastAlertReceived(SSLAlert* alert) const {
if (!alert_received_count_) {
return false;
}
*alert = last_alert_received_;
return true;
}
size_t alert_sent_count() const { return alert_sent_count_; }
void SetExpectedAlertSentCount(size_t count) {
expected_alert_sent_count_ = count;
}
bool GetLastAlertSent(SSLAlert* alert) const {
if (!alert_sent_count_) {
return false;
}
*alert = last_alert_sent_;
return true;
}
void ExpectReceiveAlert(uint8_t alert, uint8_t level = 0);
void ExpectSendAlert(uint8_t alert, uint8_t level = 0);
private:
const static char* states[];
@ -355,28 +329,16 @@ class TlsAgent : public PollTarget {
return SECSuccess;
}
void CheckAlert(bool sent, const SSLAlert* alert);
static void AlertReceivedCallback(const PRFileDesc* fd, void* arg,
const SSLAlert* alert) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
std::cerr << agent->role_str()
<< ": Alert received: level=" << static_cast<int>(alert->level)
<< " desc=" << static_cast<int>(alert->description) << std::endl;
++agent->alert_received_count_;
agent->last_alert_received_ = *alert;
reinterpret_cast<TlsAgent*>(arg)->CheckAlert(false, alert);
}
static void AlertSentCallback(const PRFileDesc* fd, void* arg,
const SSLAlert* alert) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
std::cerr << agent->role_str()
<< ": Alert sent: level=" << static_cast<int>(alert->level)
<< " desc=" << static_cast<int>(alert->description) << std::endl;
++agent->alert_sent_count_;
agent->last_alert_sent_ = *alert;
reinterpret_cast<TlsAgent*>(arg)->CheckAlert(true, alert);
}
static void HandshakeCallback(PRFileDesc* fd, void* arg) {
@ -410,12 +372,10 @@ class TlsAgent : public PollTarget {
bool can_falsestart_hook_called_;
bool sni_hook_called_;
bool auth_certificate_hook_called_;
size_t alert_received_count_;
size_t expected_alert_received_count_;
SSLAlert last_alert_received_;
size_t alert_sent_count_;
size_t expected_alert_sent_count_;
SSLAlert last_alert_sent_;
uint8_t expected_received_alert_;
uint8_t expected_received_alert_level_;
uint8_t expected_sent_alert_;
uint8_t expected_sent_alert_level_;
bool handshake_callback_called_;
SSLChannelInfo info_;
SSLCipherSuiteInfo csinfo_;
@ -450,6 +410,8 @@ class TlsAgentTestBase : public ::testing::Test {
void SetUp();
void TearDown();
void ExpectAlert(uint8_t alert);
static void MakeRecord(Mode mode, uint8_t type, uint16_t version,
const uint8_t* buf, size_t len, DataBuffer* out,
uint64_t seq_num = 0);

21
security/nss/gtests/ssl_gtest/tls_connect.cc
Просмотреть файл

@ -301,9 +301,6 @@ void TlsConnectTestBase::CheckConnected() {
CheckResumption(expected_resumption_mode_);
client_->CheckSecretsDestroyed();
server_->CheckSecretsDestroyed();
client_->CheckAlerts();
server_->CheckAlerts();
}
void TlsConnectTestBase::CheckKeys(SSLKEAType kea_type, SSLNamedGroup kea_group,
@ -375,6 +372,20 @@ void TlsConnectTestBase::ConnectExpectFail() {
ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state());
}
void TlsConnectTestBase::ExpectAlert(std::shared_ptr<TlsAgent>& sender,
uint8_t alert) {
EnsureTlsSetup();
auto receiver = (sender == client_) ? server_ : client_;
sender->ExpectSendAlert(alert);
receiver->ExpectReceiveAlert(alert);
}
void TlsConnectTestBase::ConnectExpectAlert(std::shared_ptr<TlsAgent>& sender,
uint8_t alert) {
ExpectAlert(sender, alert);
ConnectExpectFail();
}
void TlsConnectTestBase::ConnectExpectFailOneSide(TlsAgent::Role failing_side) {
server_->StartConnect();
client_->StartConnect();
@ -561,6 +572,10 @@ void TlsConnectTestBase::ZeroRttSendReceive(
const char* k0RttData = "ABCDEF";
const PRInt32 k0RttDataLen = static_cast<PRInt32>(strlen(k0RttData));
if (expect_writable && expect_readable) {
ExpectAlert(client_, kTlsAlertEndOfEarlyData);
}
client_->Handshake(); // Send ClientHello.
if (post_clienthello_check) {
if (!post_clienthello_check()) return;

2
security/nss/gtests/ssl_gtest/tls_connect.h
Просмотреть файл

@ -68,6 +68,8 @@ class TlsConnectTestBase : public ::testing::Test {
void CheckConnected();
// Connect and expect it to fail.
void ConnectExpectFail();
void ExpectAlert(std::shared_ptr<TlsAgent>& sender, uint8_t alert);
void ConnectExpectAlert(std::shared_ptr<TlsAgent>& sender, uint8_t alert);
void ConnectExpectFailOneSide(TlsAgent::Role failingSide);
void ConnectWithCipherSuite(uint16_t cipher_suite);
// Check that the keys used in the handshake match expectations.

25
security/nss/gtests/ssl_gtest/tls_filter.cc
Просмотреть файл

@ -369,31 +369,6 @@ PacketFilter::Action TlsConversationRecorder::FilterRecord(
return KEEP;
}
PacketFilter::Action TlsAlertRecorder::FilterRecord(
const TlsRecordHeader& header, const DataBuffer& input,
DataBuffer* output) {
if (level_ == kTlsAlertFatal) { // already fatal
return KEEP;
}
if (header.content_type() != kTlsAlertType) {
return KEEP;
}
std::cerr << "Alert: " << input << std::endl;
TlsParser parser(input);
uint8_t lvl;
if (!parser.Read(&lvl)) {
return KEEP;
}
if (lvl == kTlsAlertWarning) { // not strong enough
return KEEP;
}
level_ = lvl;
(void)parser.Read(&description_);
return KEEP;
}
PacketFilter::Action ChainedPacketFilter::Filter(const DataBuffer& input,
DataBuffer* output) {
DataBuffer in(input);

18
security/nss/gtests/ssl_gtest/tls_filter.h
Просмотреть файл

@ -232,24 +232,6 @@ class TlsConversationRecorder : public TlsRecordFilter {
DataBuffer& buffer_;
};
// Records an alert. If an alert has already been recorded, it won't save the
// new alert unless the old alert is a warning and the new one is fatal.
class TlsAlertRecorder : public TlsRecordFilter {
public:
TlsAlertRecorder() : level_(255), description_(255) {}
virtual PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
const DataBuffer& input,
DataBuffer* output);
uint8_t level() const { return level_; }
uint8_t description() const { return description_; }
private:
uint8_t level_;
uint8_t description_;
};
// Runs multiple packet filters in series.
class ChainedPacketFilter : public PacketFilter {
public:

5
security/nss/gtests/ssl_gtest/tls_parser.h
Просмотреть файл

@ -39,12 +39,17 @@ const uint8_t kTlsHandshakeFinished = 20;
const uint8_t kTlsAlertWarning = 1;
const uint8_t kTlsAlertFatal = 2;
const uint8_t kTlsAlertCloseNotify = 0;
const uint8_t kTlsAlertEndOfEarlyData = 1;
const uint8_t kTlsAlertUnexpectedMessage = 10;
const uint8_t kTlsAlertBadRecordMac = 20;
const uint8_t kTlsAlertRecordOverflow = 22;
const uint8_t kTlsAlertHandshakeFailure = 40;
const uint8_t kTlsAlertIllegalParameter = 47;
const uint8_t kTlsAlertDecodeError = 50;
const uint8_t kTlsAlertDecryptError = 51;
const uint8_t kTlsAlertProtocolVersion = 70;
const uint8_t kTlsAlertInappropriateFallback = 86;
const uint8_t kTlsAlertMissingExtension = 109;
const uint8_t kTlsAlertUnsupportedExtension = 110;
const uint8_t kTlsAlertUnrecognizedName = 112;

1
security/nss/gtests/util_gtest/manifest.mn
Просмотреть файл

@ -8,6 +8,7 @@ MODULE = nss
CPPSRCS = \
util_utf8_unittest.cc \
util_b64_unittest.cc \
$(NULL)
INCLUDES += \

79
security/nss/gtests/util_gtest/util_b64_unittest.cc Normal file
Просмотреть файл

@ -0,0 +1,79 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <climits>
#include <memory>
#include "nssb64.h"
#include "gtest/gtest.h"
#include "scoped_ptrs.h"
namespace nss_test {
class B64EncodeDecodeTest : public ::testing::Test {
public:
void TestDecodeStr(const std::string &str) {
ScopedSECItem tmp(
NSSBase64_DecodeBuffer(nullptr, nullptr, str.c_str(), str.size()));
ASSERT_TRUE(tmp);
char *out = NSSBase64_EncodeItem(nullptr, nullptr, 0, tmp.get());
ASSERT_TRUE(out);
ASSERT_EQ(std::string(out), str);
PORT_Free(out);
}
bool TestEncodeItem(SECItem *item) {
bool rv = true;
char *out = NSSBase64_EncodeItem(nullptr, nullptr, 0, item);
rv = !!out;
if (out) {
ScopedSECItem tmp(
NSSBase64_DecodeBuffer(nullptr, nullptr, out, strlen(out)));
EXPECT_TRUE(tmp);
EXPECT_EQ(SECEqual, SECITEM_CompareItem(item, tmp.get()));
PORT_Free(out);
}
return rv;
}
bool TestFakeDecode(size_t str_len) {
std::string str(str_len, 'A');
ScopedSECItem tmp(
NSSBase64_DecodeBuffer(nullptr, nullptr, str.c_str(), str.size()));
return !!tmp;
}
bool TestFakeEncode(size_t len) {
std::vector<uint8_t> data(len, 0x30);
SECItem tmp = {siBuffer, data.data(),
static_cast<unsigned int>(data.size())};
return TestEncodeItem(&tmp);
}
protected:
};
TEST_F(B64EncodeDecodeTest, DecEncTest) { TestDecodeStr("VGhpcyBpcyBOU1Mh"); }
TEST_F(B64EncodeDecodeTest, EncDecTest) {
uint8_t data[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09};
SECItem tmp = {siBuffer, data, sizeof(data)};
TestEncodeItem(&tmp);
}
TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); }
TEST_F(B64EncodeDecodeTest, FakeEncDecTest) {
EXPECT_TRUE(TestFakeEncode(100));
}
// These takes a while ...
TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) {
EXPECT_TRUE(TestFakeDecode(0x66666666));
}
TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) { TestFakeEncode(0x3fffffff); }
TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) {
EXPECT_FALSE(TestFakeEncode(0x40000000));
}
} // namespace nss_test

3
security/nss/gtests/util_gtest/util_gtest.gyp
Просмотреть файл

@ -12,7 +12,8 @@
'type': 'executable',
'sources': [
'util_utf8_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
'util_b64_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',

21
security/nss/lib/certdb/cert.h
Просмотреть файл

@ -1405,23 +1405,10 @@ void CERT_SetStatusConfig(CERTCertDBHandle *handle, CERTStatusConfig *config);
void CERT_LockCertRefCount(CERTCertificate *cert);
/*
* Free the cert reference count lock
* Release the cert reference count lock
*/
void CERT_UnlockCertRefCount(CERTCertificate *cert);
/*
* Acquire the cert trust lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
void CERT_LockCertTrust(const CERTCertificate *cert);
/*
* Free the cert trust lock
*/
void CERT_UnlockCertTrust(const CERTCertificate *cert);
/*
* Digest the cert's subject public key using the specified algorithm.
* NOTE: this digests the value of the BIT STRING subjectPublicKey (excluding
@ -1579,6 +1566,12 @@ extern CERTRevocationFlags *CERT_AllocCERTRevocationFlags(
*/
extern void CERT_DestroyCERTRevocationFlags(CERTRevocationFlags *flags);
/*
* Get istemp and isperm fields from a cert in a thread safe way.
*/
extern SECStatus CERT_GetCertIsTemp(const CERTCertificate *cert, PRBool *istemp);
extern SECStatus CERT_GetCertIsPerm(const CERTCertificate *cert, PRBool *isperm);
SEC_END_PROTOS
#endif /* _CERT_H_ */

50
security/nss/lib/certdb/certdb.c
Просмотреть файл

@ -2865,7 +2865,18 @@ CERT_LockCertTrust(const CERTCertificate *cert)
{
PORT_Assert(certTrustLock != NULL);
PZ_Lock(certTrustLock);
return;
}
static PZLock *certTempPermLock = NULL;
/*
* Acquire the cert temp/perm lock
*/
void
CERT_LockCertTempPerm(const CERTCertificate *cert)
{
PORT_Assert(certTempPermLock != NULL);
PZ_Lock(certTempPermLock);
}
SECStatus
@ -2889,6 +2900,18 @@ cert_InitLocks(void)
}
}
if (certTempPermLock == NULL) {
certTempPermLock = PZ_NewLock(nssILockCertDB);
PORT_Assert(certTempPermLock != NULL);
if (!certTempPermLock) {
PZ_DestroyLock(certTrustLock);
PZ_DestroyLock(certRefCountLock);
certRefCountLock = NULL;
certTrustLock = NULL;
return SECFailure;
}
}
return SECSuccess;
}
@ -2912,6 +2935,14 @@ cert_DestroyLocks(void)
} else {
rv = SECFailure;
}
PORT_Assert(certTempPermLock != NULL);
if (certTempPermLock) {
PZ_DestroyLock(certTempPermLock);
certTempPermLock = NULL;
} else {
rv = SECFailure;
}
return rv;
}
@ -2933,6 +2964,23 @@ CERT_UnlockCertTrust(const CERTCertificate *cert)
#endif
}
/*
* Free the temp/perm lock
*/
void
CERT_UnlockCertTempPerm(const CERTCertificate *cert)
{
PORT_Assert(certTempPermLock != NULL);
#ifdef DEBUG
{
PRStatus prstat = PZ_Unlock(certTempPermLock);
PORT_Assert(prstat == PR_SUCCESS);
}
#else
(void)PZ_Unlock(certTempPermLock);
#endif
}
/*
* Get the StatusConfig data for this handle
*/

23
security/nss/lib/certdb/certi.h
Просмотреть файл

@ -378,4 +378,27 @@ PRUint32 cert_CountDNSPatterns(CERTGeneralName* firstName);
SECStatus cert_CheckLeafTrust(CERTCertificate* cert, SECCertUsage usage,
unsigned int* failedFlags, PRBool* isTrusted);
/*
* Acquire the cert temp/perm lock
*/
void CERT_LockCertTempPerm(const CERTCertificate* cert);
/*
* Release the temp/perm lock
*/
void CERT_UnlockCertTempPerm(const CERTCertificate* cert);
/*
* Acquire the cert trust lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
void CERT_LockCertTrust(const CERTCertificate* cert);
/*
* Release the cert trust lock
*/
void CERT_UnlockCertTrust(const CERTCertificate* cert);
#endif /* _CERTI_H_ */

39
security/nss/lib/certdb/stanpcertdb.c
Просмотреть файл

@ -91,7 +91,7 @@ CERT_GetCertTrust(const CERTCertificate *cert, CERTCertTrust *trust)
{
SECStatus rv;
CERT_LockCertTrust(cert);
if (cert->trust == NULL) {
if (!cert || cert->trust == NULL) {
rv = SECFailure;
} else {
*trust = *cert->trust;
@ -304,8 +304,10 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
CERT_MapStanError();
return SECFailure;
}
CERT_LockCertTempPerm(cert);
cert->istemp = PR_FALSE;
cert->isperm = PR_TRUE;
CERT_UnlockCertTempPerm(cert);
if (!trust) {
return SECSuccess;
}
@ -436,8 +438,10 @@ CERT_NewTempCertificate(CERTCertDBHandle *handle, SECItem *derCert,
return NULL;
}
CERT_LockCertTempPerm(cc);
cc->istemp = PR_TRUE;
cc->isperm = PR_FALSE;
CERT_UnlockCertTempPerm(cc);
return cc;
loser:
/* Perhaps this should be nssCertificate_Destroy(c) */
@ -911,6 +915,7 @@ CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
{
const char *emailAddr;
SECStatus rv;
PRBool isperm = PR_FALSE;
if (!cert) {
return SECFailure;
@ -932,7 +937,11 @@ CERT_SaveSMimeProfile(CERTCertificate *cert, SECItem *emailProfile,
}
}
if (cert->slot && cert->isperm && CERT_IsUserCert(cert) &&
rv = CERT_GetCertIsPerm(cert, &isperm);
if (rv != SECSuccess) {
return SECFailure;
}
if (cert->slot && isperm && CERT_IsUserCert(cert) &&
(!emailProfile || !emailProfile->len)) {
/* Don't clobber emailProfile for user certs. */
return SECSuccess;
@ -986,6 +995,32 @@ CERT_FindSMimeProfile(CERTCertificate *cert)
return rvItem;
}
SECStatus
CERT_GetCertIsPerm(const CERTCertificate *cert, PRBool *isperm)
{
if (cert == NULL) {
return SECFailure;
}
CERT_LockCertTempPerm(cert);
*isperm = cert->isperm;
CERT_UnlockCertTempPerm(cert);
return SECSuccess;
}
SECStatus
CERT_GetCertIsTemp(const CERTCertificate *cert, PRBool *istemp)
{
if (cert == NULL) {
return SECFailure;
}
CERT_LockCertTempPerm(cert);
*istemp = cert->istemp;
CERT_UnlockCertTempPerm(cert);
return SECSuccess;
}
/*
* deprecated functions that are now just stubs.
*/

11
security/nss/lib/certhigh/certhigh.c
Просмотреть файл

@ -11,6 +11,7 @@
#include "cert.h"
#include "certxutl.h"
#include "certi.h"
#include "nsspki.h"
#include "pki.h"
#include "pkit.h"
@ -872,6 +873,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
PRBool isca;
char *nickname;
unsigned int certtype;
PRBool istemp = PR_FALSE;
handle = CERT_GetDefaultCertDB();
@ -949,7 +951,11 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
}
/* if the cert is temp, make it perm; otherwise we're done */
if (cert->istemp) {
rv = CERT_GetCertIsTemp(cert, &istemp);
if (rv != SECSuccess) {
goto loser;
}
if (istemp) {
/* get a default nickname for it */
nickname = CERT_MakeCANickname(cert);
@ -963,9 +969,6 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
rv = SECSuccess;
}
CERT_DestroyCertificate(cert);
cert = NULL;
if (rv != SECSuccess) {
goto loser;
}

2
security/nss/lib/freebl/blapi.h
Просмотреть файл

@ -1429,8 +1429,6 @@ extern SECStatus RNG_RandomUpdate(const void *data, size_t bytes);
*/
extern SECStatus RNG_GenerateGlobalRandomBytes(void *dest, size_t len);
extern SECStatus RNG_ResetForFuzzing(void);
/* Destroy the global RNG context. After a call to RNG_RNGShutdown()
** a call to RNG_RNGInit() is required in order to use the generator again,
** along with seed data (see the comment above RNG_RNGInit()).

82
security/nss/lib/freebl/det_rng.c
Просмотреть файл

@ -9,10 +9,32 @@
#include "seccomon.h"
#include "secerr.h"
#define GLOBAL_BYTES_SIZE 100
static PRUint8 globalBytes[GLOBAL_BYTES_SIZE];
static unsigned long globalNumCalls = 0;
static PZLock *rng_lock = NULL;
SECStatus
prng_ResetForFuzzing(PZLock *rng_lock)
RNG_RNGInit(void)
{
rng_lock = PZ_NewLock(nssILockOther);
if (!rng_lock) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* --- LOCKED --- */
PZ_Lock(rng_lock);
memset(globalBytes, 0, GLOBAL_BYTES_SIZE);
PZ_Unlock(rng_lock);
/* --- UNLOCKED --- */
return SECSuccess;
}
/* Take min(size, GLOBAL_BYTES_SIZE) bytes from data and use as seed and reset
* the rng state. */
SECStatus
RNG_RandomUpdate(const void *data, size_t bytes)
{
/* Check for a valid RNG lock. */
PORT_Assert(rng_lock != NULL);
@ -23,7 +45,11 @@ prng_ResetForFuzzing(PZLock *rng_lock)
/* --- LOCKED --- */
PZ_Lock(rng_lock);
memset(globalBytes, 0, GLOBAL_BYTES_SIZE);
globalNumCalls = 0;
if (data) {
memcpy(globalBytes, (PRUint8 *)data, PR_MIN(bytes, GLOBAL_BYTES_SIZE));
}
PZ_Unlock(rng_lock);
/* --- UNLOCKED --- */
@ -31,9 +57,9 @@ prng_ResetForFuzzing(PZLock *rng_lock)
}
SECStatus
prng_GenerateDeterministicRandomBytes(PZLock *rng_lock, void *dest, size_t len)
RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
{
static const uint8_t key[32];
static const uint8_t key[32] = { 0 };
uint8_t nonce[12] = { 0 };
/* Check for a valid RNG lock. */
@ -58,10 +84,60 @@ prng_GenerateDeterministicRandomBytes(PZLock *rng_lock, void *dest, size_t len)
}
memset(dest, 0, len);
memcpy(dest, globalBytes, PR_MIN(len, GLOBAL_BYTES_SIZE));
ChaCha20XOR(dest, dest, len, key, nonce, 0);
ChaCha20Poly1305_DestroyContext(cx, PR_TRUE);
PZ_Unlock(rng_lock);
/* --- UNLOCKED --- */
return SECSuccess;
}
void
RNG_RNGShutdown(void)
{
PZ_DestroyLock(rng_lock);
rng_lock = NULL;
}
/* Test functions are not implemented! */
SECStatus
PRNGTEST_Instantiate(const PRUint8 *entropy, unsigned int entropy_len,
const PRUint8 *nonce, unsigned int nonce_len,
const PRUint8 *personal_string, unsigned int ps_len)
{
return SECFailure;
}
SECStatus
PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
const PRUint8 *additional, unsigned int additional_len)
{
return SECFailure;
}
SECStatus
PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
const PRUint8 *additional, unsigned int additional_len)
{
return SECFailure;
}
SECStatus
PRNGTEST_Uninstantiate()
{
return SECFailure;
}
SECStatus
PRNGTEST_RunHealthTests()
{
return SECFailure;
}
SECStatus
PRNGTEST_Instantiate_Kat()
{
return SECFailure;
}

22
security/nss/lib/freebl/drbg.c
Просмотреть файл

@ -20,10 +20,6 @@
#include "secrng.h" /* for RNG_SystemRNG() */
#include "secmpi.h"
#ifdef UNSAFE_FUZZER_MODE
#include "det_rng.h"
#endif
/* PRNG_SEEDLEN defined in NIST SP 800-90 section 10.1
* for SHA-1, SHA-224, and SHA-256 it's 440 bits.
* for SHA-384 and SHA-512 it's 888 bits */
@ -401,10 +397,8 @@ static PRStatus
rng_init(void)
{
PRUint8 bytes[PRNG_SEEDLEN * 2]; /* entropy + nonce */
#ifndef UNSAFE_RNG_NO_URANDOM_SEED
unsigned int numBytes;
SECStatus rv = SECSuccess;
#endif
if (globalrng == NULL) {
/* bytes needs to have enough space to hold
@ -421,7 +415,6 @@ rng_init(void)
return PR_FAILURE;
}
#ifndef UNSAFE_RNG_NO_URANDOM_SEED
/* Try to get some seed data for the RNG */
numBytes = (unsigned int)RNG_SystemRNG(bytes, sizeof bytes);
PORT_Assert(numBytes == 0 || numBytes == sizeof bytes);
@ -444,7 +437,6 @@ rng_init(void)
if (rv != SECSuccess) {
return PR_FAILURE;
}
#endif
/* the RNG is in a valid state */
globalrng->isValid = PR_TRUE;
@ -662,21 +654,7 @@ prng_GenerateGlobalRandomBytes(RNGContext *rng,
SECStatus
RNG_GenerateGlobalRandomBytes(void *dest, size_t len)
{
#ifdef UNSAFE_FUZZER_MODE
return prng_GenerateDeterministicRandomBytes(globalrng->lock, dest, len);
#else
return prng_GenerateGlobalRandomBytes(globalrng, dest, len);
#endif
}
SECStatus
RNG_ResetForFuzzing(void)
{
#ifdef UNSAFE_FUZZER_MODE
return prng_ResetForFuzzing(globalrng->lock);
#else
return SECFailure;
#endif
}
void

17
security/nss/lib/freebl/ecl/ecl.c
Просмотреть файл

@ -267,31 +267,18 @@ ec_GetNamedCurveParams(const ECCurveName name)
ECGroup *
ECGroup_fromName(const ECCurveName name)
{
ECGroup *group = NULL;
const ECCurveBytes *params = NULL;
mp_err res = MP_OKAY;
/* This doesn't work with Curve25519 but it's not necessary to. */
PORT_Assert(name != ECCurve25519);
params = ec_GetNamedCurveParams(name);
if (params == NULL) {
res = MP_UNDEF;
goto CLEANUP;
return NULL;
}
/* construct actual group */
group = ecgroup_fromName(name, params);
if (group == NULL) {
res = MP_UNDEF;
}
CLEANUP:
if (group && res != MP_OKAY) {
ECGroup_free(group);
return NULL;
}
return group;
return ecgroup_fromName(name, params);
}
/* Validates an EC public key as described in Section 5.2.2 of X9.62. */

10
security/nss/lib/freebl/freebl_base.gypi
Просмотреть файл

@ -158,15 +158,11 @@
}],
],
}],
[ 'fuzz_oss==1', {
'defines': [
'UNSAFE_RNG_NO_URANDOM_SEED',
],
[ 'fuzz==1', {
'sources!': [ 'drbg.c' ],
'sources': [ 'det_rng.c' ],
}],
[ 'fuzz_tls==1', {
'sources': [
'det_rng.c',
],
'defines': [
'UNSAFE_FUZZER_MODE',
],

4
security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocsprequest.c
Просмотреть файл

@ -89,8 +89,8 @@ pkix_pl_OcspRequest_Hashcode(
PKIX_HASHCODE(ocspRq->signerCert, &signerHash, plContext,
PKIX_CERTHASHCODEFAILED);
*pHashcode = (((((extensionHash << 8) || certHash) << 8) ||
dateHash) << 8) || signerHash;
*pHashcode = (((((extensionHash << 8) | certHash) << 8) |
dateHash) << 8) | signerHash;
cleanup:

7
security/nss/lib/nss/nss.def
Просмотреть файл

@ -1104,3 +1104,10 @@ PK11_HasAttributeSet;
;+ local:
;+ *;
;+};
;+NSS_3.31 { # NSS 3.31 release
;+ global:
CERT_GetCertIsPerm;
CERT_GetCertIsTemp;
;+ local:
;+ *;
;+};

2
security/nss/lib/nss/nss.h
Просмотреть файл

@ -22,7 +22,7 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.30" _NSS_CUSTOMIZED " Beta"
#define NSS_VERSION "3.31" _NSS_CUSTOMIZED " Beta"
#define NSS_VMAJOR 3
#define NSS_VMINOR 31
#define NSS_VPATCH 0

2
security/nss/lib/pk11wrap/pk11cert.c
Просмотреть файл

@ -974,8 +974,10 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
nssCertificateStore_RemoveCertLOCKED(cc->certStore, c);
nssCertificateStore_Unlock(cc->certStore, &lockTrace, &unlockTrace);
c->object.cryptoContext = NULL;
CERT_LockCertTempPerm(cert);
cert->istemp = PR_FALSE;
cert->isperm = PR_TRUE;
CERT_UnlockCertTempPerm(cert);
}
/* add the new instance to the cert, force an update of the

2
security/nss/lib/pki/pki3hack.c
Просмотреть файл

@ -831,8 +831,10 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced
cc->dbhandle = c->object.trustDomain;
/* subjectList ? */
/* istemp and isperm are supported in NSS 3.4 */
CERT_LockCertTempPerm(cc);
cc->istemp = PR_FALSE; /* CERT_NewTemp will override this */
cc->isperm = PR_TRUE; /* by default */
CERT_UnlockCertTempPerm(cc);
/* pointer back */
cc->nssCertificate = c;
if (trust) {

11
security/nss/lib/softoken/legacydb/pcertdb.c
Просмотреть файл

@ -733,6 +733,12 @@ DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
entry->derCert.len += lenoff;
}
/* Is data long enough? */
if (dbentry->len < headerlen + entry->derCert.len) {
PORT_SetError(SEC_ERROR_BAD_DATABASE);
goto loser;
}
/* copy the dercert */
entry->derCert.data = pkcs11_copyStaticData(&dbentry->data[headerlen],
entry->derCert.len, entry->derCertSpace, sizeof(entry->derCertSpace));
@ -743,6 +749,11 @@ DecodeDBCertEntry(certDBEntryCert *entry, SECItem *dbentry)
/* copy the nickname */
if (nnlen > 1) {
/* Is data long enough? */
if (dbentry->len < headerlen + entry->derCert.len + nnlen) {
PORT_SetError(SEC_ERROR_BAD_DATABASE);
goto loser;
}
entry->nickname = (char *)pkcs11_copyStaticData(
&dbentry->data[headerlen + entry->derCert.len], nnlen,
(unsigned char *)entry->nicknameSpace,

2
security/nss/lib/softoken/softkver.h
Просмотреть файл

@ -21,7 +21,7 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.30" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VERSION "3.31" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 31
#define SOFTOKEN_VPATCH 0

2
security/nss/lib/softoken/softoken.h
Просмотреть файл

@ -183,7 +183,7 @@ extern PRBool sftk_fatalError;
#define CHECK_FORK_MIXED
#elif defined(LINUX) || defined(__GLIBC__)
#elif defined(LINUX) || defined(__GLIBC__) || defined(FREEBSD) || defined(OPENBSD)
#define CHECK_FORK_PTHREAD

29
security/nss/lib/ssl/ssl3con.c
Просмотреть файл

@ -1769,29 +1769,6 @@ ssl3_InitCompressionContext(ssl3CipherSpec *pwSpec)
return SECSuccess;
}
/* This function should probably be moved to pk11wrap and be named
* PK11_ParamFromIVAndEffectiveKeyBits
*/
static SECItem *
ssl3_ParamFromIV(CK_MECHANISM_TYPE mtype, SECItem *iv, CK_ULONG ulEffectiveBits)
{
SECItem *param = PK11_ParamFromIV(mtype, iv);
if (param && param->data && param->len >= sizeof(CK_RC2_PARAMS)) {
switch (mtype) {
case CKM_RC2_KEY_GEN:
case CKM_RC2_ECB:
case CKM_RC2_CBC:
case CKM_RC2_MAC:
case CKM_RC2_MAC_GENERAL:
case CKM_RC2_CBC_PAD:
*(CK_RC2_PARAMS *)param->data = ulEffectiveBits;
default:
break;
}
}
return param;
}
/* ssl3_BuildRecordPseudoHeader writes the SSL/TLS pseudo-header (the data
* which is included in the MAC or AEAD additional data) to |out| and returns
* its length. See https://tools.ietf.org/html/rfc5246#section-6.2.3.3 for the
@ -1973,7 +1950,6 @@ ssl3_InitPendingContexts(sslSocket *ss)
CK_MECHANISM_TYPE mechanism;
CK_MECHANISM_TYPE mac_mech;
CK_ULONG macLength;
CK_ULONG effKeyBits;
SECItem iv;
SECItem mac_param;
SSLCipherAlgorithm calg;
@ -2043,14 +2019,13 @@ ssl3_InitPendingContexts(sslSocket *ss)
return SECSuccess;
}
mechanism = ssl3_Alg2Mech(calg);
effKeyBits = cipher_def->key_size * BPB;
/*
* build the server context
*/
iv.data = pwSpec->server.write_iv;
iv.len = cipher_def->iv_size;
param = ssl3_ParamFromIV(mechanism, &iv, effKeyBits);
param = PK11_ParamFromIV(mechanism, &iv);
if (param == NULL) {
ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
goto fail;
@ -2074,7 +2049,7 @@ ssl3_InitPendingContexts(sslSocket *ss)
iv.data = pwSpec->client.write_iv;
iv.len = cipher_def->iv_size;
param = ssl3_ParamFromIV(mechanism, &iv, effKeyBits);
param = PK11_ParamFromIV(mechanism, &iv);
if (param == NULL) {
ssl_MapLowLevelError(SSL_ERROR_IV_PARAM_FAILURE);
goto fail;

10
security/nss/lib/ssl/ssl3ecc.c
Просмотреть файл

@ -257,16 +257,6 @@ loser:
return SECFailure;
}
/* This function returns the size of the key_exchange field in
* the KeyShareEntry structure, i.e.:
* opaque point <1..2^8-1>; */
unsigned int
tls13_SizeOfECDHEKeyShareKEX(const SECKEYPublicKey *pubKey)
{
PORT_Assert(pubKey->keyType == ecKey);
return pubKey->u.ec.publicValue.len;
}
/* This function encodes the key_exchange field in
* the KeyShareEntry structure. */
SECStatus

1
security/nss/lib/ssl/sslimpl.h
Просмотреть файл

@ -1644,7 +1644,6 @@ extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss);
extern SECStatus ssl_ImportECDHKeyShare(
sslSocket *ss, SECKEYPublicKey *peerKey,
SSL3Opaque *b, PRUint32 length, const sslNamedGroupDef *curve);
unsigned int tls13_SizeOfECDHEKeyShareKEX(const SECKEYPublicKey *pubKey);
SECStatus tls13_EncodeECDHEKeyShareKEX(const sslSocket *ss,
const SECKEYPublicKey *pubKey);

2
security/nss/lib/util/nssb64d.c
Просмотреть файл

@ -370,7 +370,7 @@ pl_base64_decode_flush(PLBase64Decoder *data)
static PRUint32
PL_Base64MaxDecodedLength(PRUint32 size)
{
return ((size * 3) / 4);
return size * 0.75;
}
/*

25
security/nss/lib/util/nssb64e.c
Просмотреть файл

@ -282,20 +282,28 @@ PL_Base64MaxEncodedLength(PRUint32 size, PRUint32 line_length)
{
PRUint32 tokens, tokens_per_line, full_lines, line_break_chars, remainder;
/* This is the maximum length we support. */
if (size > 0x3fffffff) {
return 0;
}
tokens = (size + 2) / 3;
if (line_length == 0)
if (line_length == 0) {
return tokens * 4;
}
if (line_length < 4) /* too small! */
if (line_length < 4) { /* too small! */
line_length = 4;
}
tokens_per_line = line_length / 4;
full_lines = tokens / tokens_per_line;
remainder = (tokens - (full_lines * tokens_per_line)) * 4;
line_break_chars = full_lines * 2;
if (remainder == 0)
if (remainder == 0) {
line_break_chars -= 2;
}
return (full_lines * tokens_per_line * 4) + line_break_chars + remainder;
}
@ -447,13 +455,18 @@ PL_Base64EncodeBuffer(const unsigned char *src, PRUint32 srclen,
PRStatus status;
PR_ASSERT(srclen > 0);
if (srclen == 0)
if (srclen == 0) {
return dest;
}
/*
* How much space could we possibly need for encoding this input?
*/
need_length = PL_Base64MaxEncodedLength(srclen, line_length);
if (need_length == 0) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
/*
* Make sure we have at least that much, if output buffer provided.
@ -631,6 +644,10 @@ NSSBase64_EncodeItem(PLArenaPool *arenaOpt, char *outStrOpt,
}
max_out_len = PL_Base64MaxEncodedLength(inItem->len, 64);
if (max_out_len == 0) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
if (arenaOpt != NULL)
mark = PORT_ArenaMark(arenaOpt);

2
security/nss/lib/util/nssutil.h
Просмотреть файл

@ -19,7 +19,7 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.30 Beta"
#define NSSUTIL_VERSION "3.31 Beta"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 31
#define NSSUTIL_VPATCH 0

6
security/nss/tests/all.sh
Просмотреть файл

@ -273,7 +273,11 @@ run_cycles()
cycles="standard pkix upgradedb sharedb"
CYCLES=${NSS_CYCLES:-$cycles}
tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits ec gtests ssl_gtests"
# Don't run chains tests when we have a gyp build.
if [ "$OBJDIR" != "Debug" -a "$OBJDIR" != "Release" ]; then
tests="$tests chains"
fi
TESTS=${NSS_TESTS:-$tests}
ALL_TESTS=${TESTS}