зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1470914, land NSS beta snapshot 6349fa699c3b UPGRADE_NSS_RELEASE, r=me
This commit is contained in:
Родитель
5f59918688
Коммит
fdf57fee14
|
@ -1 +1 @@
|
|||
01d970fe9048
|
||||
6349fa699c3b
|
||||
|
|
|
@ -10,3 +10,4 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -15,8 +15,6 @@
|
|||
"ServerCipherFilter*":"Add Ed25519 support (Bug 1325335)",
|
||||
"GarbageCertificate*":"Send bad_certificate alert when certificate parsing fails (Bug 1441565)",
|
||||
"SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)",
|
||||
"WrongMessageType-TLS13-EncryptedExtensions":"wrong boring expectedLocalError",
|
||||
"TrailingMessageData-TLS13-EncryptedExtensions":"wrong boring expectedLocalError",
|
||||
"Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)",
|
||||
"Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)",
|
||||
"CheckRecordVersion-TLS*":"Bug 1317634",
|
||||
|
@ -45,12 +43,14 @@
|
|||
"StrayHelloRequest*":"NSS doesn't disable renegotiation by default",
|
||||
"NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error",
|
||||
"FragmentedClientVersion":"received a malformed Client Hello handshake message",
|
||||
"UnofferedExtension-Client-TLS13":"wrong boring expectedLocalError",
|
||||
"UnknownExtension-Client-TLS13":"wrong boring expectedLocalError",
|
||||
"WrongMessageType-TLS13-CertificateRequest":"wrong boring expectedLocalError",
|
||||
"WrongMessageType-TLS13-ServerCertificateVerify":"wrong boring expectedLocalError",
|
||||
"WrongMessageType-TLS13-ServerCertificate":"wrong boring expectedLocalError",
|
||||
"WrongMessageType-TLS13-ServerFinished":"wrong boring expectedLocalError",
|
||||
"WrongMessageType-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)",
|
||||
"TrailingMessageData-TLS13-EncryptedExtensions":"Boring expects CCS (Bugs 1481209, 1304603)",
|
||||
"UnofferedExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)",
|
||||
"UnknownExtension-Client-TLS13":"Boring expects CCS (Bugs 1481209, 1304603)",
|
||||
"WrongMessageType-TLS13-CertificateRequest":"Boring expects CCS (Bugs 1481209, 1304603)",
|
||||
"WrongMessageType-TLS13-ServerCertificateVerify":"Boring expects CCS (Bugs 1481209, 1304603)",
|
||||
"WrongMessageType-TLS13-ServerCertificate":"Boring expects CCS (Bugs 1481209, 1304603)",
|
||||
"WrongMessageType-TLS13-ServerFinished":"Boring expects CCS (Bugs 1481209, 1304603)",
|
||||
"TrailingMessageData-*": "Bug 1304575",
|
||||
"DuplicateKeyShares":"Bug 1304578",
|
||||
"Resume-Server-TLS13-TLS13":"Bug 1314351",
|
||||
|
|
|
@ -197,6 +197,81 @@ TEST_P(TlsConnectTls12, ClientAuthBigRsaCheckSigAlg) {
|
|||
2048);
|
||||
}
|
||||
|
||||
// Replaces the signature scheme in a CertificateVerify message.
|
||||
class TlsReplaceSignatureSchemeFilter : public TlsHandshakeFilter {
|
||||
public:
|
||||
TlsReplaceSignatureSchemeFilter(const std::shared_ptr<TlsAgent>& a,
|
||||
SSLSignatureScheme scheme)
|
||||
: TlsHandshakeFilter(a, {kTlsHandshakeCertificateVerify}),
|
||||
scheme_(scheme) {
|
||||
EnableDecryption();
|
||||
}
|
||||
|
||||
protected:
|
||||
virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
|
||||
const DataBuffer& input,
|
||||
DataBuffer* output) {
|
||||
*output = input;
|
||||
output->Write(0, scheme_, 2);
|
||||
return CHANGE;
|
||||
}
|
||||
|
||||
private:
|
||||
SSLSignatureScheme scheme_;
|
||||
};
|
||||
|
||||
// Check if CertificateVerify signed with rsa_pss_rsae_* is properly
|
||||
// rejected when the certificate is RSA-PSS.
|
||||
//
|
||||
// This only works under TLS 1.2, because PSS doesn't work with TLS
|
||||
// 1.0 or TLS 1.1 and the TLS 1.3 1-RTT handshake is partially
|
||||
// successful at the client side.
|
||||
TEST_P(TlsConnectTls12, ClientAuthInconsistentRsaeSignatureScheme) {
|
||||
static const SSLSignatureScheme kSignatureSchemePss[] = {
|
||||
ssl_sig_rsa_pss_pss_sha256, ssl_sig_rsa_pss_rsae_sha256};
|
||||
|
||||
Reset(TlsAgent::kServerRsa, "rsa_pss");
|
||||
client_->SetSignatureSchemes(kSignatureSchemePss,
|
||||
PR_ARRAY_SIZE(kSignatureSchemePss));
|
||||
server_->SetSignatureSchemes(kSignatureSchemePss,
|
||||
PR_ARRAY_SIZE(kSignatureSchemePss));
|
||||
client_->SetupClientAuth();
|
||||
server_->RequestClientAuth(true);
|
||||
|
||||
EnsureTlsSetup();
|
||||
|
||||
MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(client_,
|
||||
ssl_sig_rsa_pss_rsae_sha256);
|
||||
|
||||
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
|
||||
}
|
||||
|
||||
// Check if CertificateVerify signed with rsa_pss_pss_* is properly
|
||||
// rejected when the certificate is RSA.
|
||||
//
|
||||
// This only works under TLS 1.2, because PSS doesn't work with TLS
|
||||
// 1.0 or TLS 1.1 and the TLS 1.3 1-RTT handshake is partially
|
||||
// successful at the client side.
|
||||
TEST_P(TlsConnectTls12, ClientAuthInconsistentPssSignatureScheme) {
|
||||
static const SSLSignatureScheme kSignatureSchemePss[] = {
|
||||
ssl_sig_rsa_pss_rsae_sha256, ssl_sig_rsa_pss_pss_sha256};
|
||||
|
||||
Reset(TlsAgent::kServerRsa, "rsa");
|
||||
client_->SetSignatureSchemes(kSignatureSchemePss,
|
||||
PR_ARRAY_SIZE(kSignatureSchemePss));
|
||||
server_->SetSignatureSchemes(kSignatureSchemePss,
|
||||
PR_ARRAY_SIZE(kSignatureSchemePss));
|
||||
client_->SetupClientAuth();
|
||||
server_->RequestClientAuth(true);
|
||||
|
||||
EnsureTlsSetup();
|
||||
|
||||
MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(client_,
|
||||
ssl_sig_rsa_pss_pss_sha256);
|
||||
|
||||
ConnectExpectAlert(server_, kTlsAlertIllegalParameter);
|
||||
}
|
||||
|
||||
class TlsZeroCertificateRequestSigAlgsFilter : public TlsHandshakeFilter {
|
||||
public:
|
||||
TlsZeroCertificateRequestSigAlgsFilter(const std::shared_ptr<TlsAgent>& a)
|
||||
|
@ -410,29 +485,6 @@ TEST_P(TlsConnectTls12, SignatureAlgorithmDrop) {
|
|||
server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
|
||||
}
|
||||
|
||||
// Replaces the signature scheme in a TLS 1.3 CertificateVerify message.
|
||||
class TlsReplaceSignatureSchemeFilter : public TlsHandshakeFilter {
|
||||
public:
|
||||
TlsReplaceSignatureSchemeFilter(const std::shared_ptr<TlsAgent>& a,
|
||||
SSLSignatureScheme scheme)
|
||||
: TlsHandshakeFilter(a, {kTlsHandshakeCertificateVerify}),
|
||||
scheme_(scheme) {
|
||||
EnableDecryption();
|
||||
}
|
||||
|
||||
protected:
|
||||
virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
|
||||
const DataBuffer& input,
|
||||
DataBuffer* output) {
|
||||
*output = input;
|
||||
output->Write(0, scheme_, 2);
|
||||
return CHANGE;
|
||||
}
|
||||
|
||||
private:
|
||||
SSLSignatureScheme scheme_;
|
||||
};
|
||||
|
||||
TEST_P(TlsConnectTls13, UnsupportedSignatureSchemeAlert) {
|
||||
EnsureTlsSetup();
|
||||
MakeTlsFilter<TlsReplaceSignatureSchemeFilter>(server_, ssl_sig_none);
|
||||
|
|
|
@ -643,4 +643,43 @@ TEST_P(TlsConnectGenericPre13, InvalidDERSignatureFfdhe) {
|
|||
client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
|
||||
}
|
||||
|
||||
// Replace SignatureAndHashAlgorithm of a SKE.
|
||||
class DHEServerKEXSigAlgReplacer : public TlsHandshakeFilter {
|
||||
public:
|
||||
DHEServerKEXSigAlgReplacer(const std::shared_ptr<TlsAgent>& server,
|
||||
SSLSignatureScheme sig_scheme)
|
||||
: TlsHandshakeFilter(server, {kTlsHandshakeServerKeyExchange}),
|
||||
sig_scheme_(sig_scheme) {}
|
||||
|
||||
protected:
|
||||
virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
|
||||
const DataBuffer& input,
|
||||
DataBuffer* output) {
|
||||
*output = input;
|
||||
|
||||
uint32_t len;
|
||||
uint32_t idx = 0;
|
||||
EXPECT_TRUE(output->Read(idx, 2, &len));
|
||||
idx += 2 + len;
|
||||
EXPECT_TRUE(output->Read(idx, 2, &len));
|
||||
idx += 2 + len;
|
||||
EXPECT_TRUE(output->Read(idx, 2, &len));
|
||||
idx += 2 + len;
|
||||
output->Write(idx, sig_scheme_, 2);
|
||||
|
||||
return CHANGE;
|
||||
}
|
||||
|
||||
private:
|
||||
SSLSignatureScheme sig_scheme_;
|
||||
};
|
||||
|
||||
TEST_P(TlsConnectTls12, ConnectInconsistentSigAlgDHE) {
|
||||
EnableOnlyDheCiphers();
|
||||
|
||||
MakeTlsFilter<DHEServerKEXSigAlgReplacer>(server_,
|
||||
ssl_sig_ecdsa_secp256r1_sha256);
|
||||
ConnectExpectAlert(client_, kTlsAlertIllegalParameter);
|
||||
}
|
||||
|
||||
} // namespace nss_test
|
||||
|
|
|
@ -454,6 +454,25 @@ TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsOddLength) {
|
|||
client_, ssl_signature_algorithms_xtn, extension));
|
||||
}
|
||||
|
||||
TEST_F(TlsExtensionTest13Stream, SignatureAlgorithmsPrecedingGarbage) {
|
||||
// 31 unknown signature algorithms followed by sha-256, rsa
|
||||
const uint8_t val[] = {
|
||||
0x00, 0x40, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x04, 0x01};
|
||||
DataBuffer extension(val, sizeof(val));
|
||||
MakeTlsFilter<TlsExtensionReplacer>(client_, ssl_signature_algorithms_xtn,
|
||||
extension);
|
||||
client_->ExpectSendAlert(kTlsAlertBadRecordMac);
|
||||
server_->ExpectSendAlert(kTlsAlertBadRecordMac);
|
||||
ConnectExpectFail();
|
||||
client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
|
||||
server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
|
||||
}
|
||||
|
||||
TEST_P(TlsExtensionTestGeneric, NoSupportedGroups) {
|
||||
ClientHelloErrorTest(
|
||||
std::make_shared<TlsExtensionDropper>(client_, ssl_supported_groups_xtn),
|
||||
|
|
|
@ -6961,12 +6961,12 @@ ssl_HandleDHServerKeyExchange(sslSocket *ss, PRUint8 *b, PRUint32 length)
|
|||
if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) {
|
||||
rv = ssl_ConsumeSignatureScheme(ss, &b, &length, &sigScheme);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser; /* malformed or unsupported. */
|
||||
goto alert_loser; /* malformed or unsupported. */
|
||||
}
|
||||
rv = ssl_CheckSignatureSchemeConsistency(ss, sigScheme,
|
||||
ss->sec.peerCert);
|
||||
if (rv != SECSuccess) {
|
||||
goto loser;
|
||||
goto alert_loser;
|
||||
}
|
||||
hashAlg = ssl_SignatureSchemeToHashType(sigScheme);
|
||||
} else {
|
||||
|
@ -7190,7 +7190,8 @@ ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena,
|
|||
SECStatus rv;
|
||||
SECItem buf;
|
||||
SSLSignatureScheme *schemes = NULL;
|
||||
unsigned int numSchemes = 0;
|
||||
unsigned int numSupported = 0;
|
||||
unsigned int numRemaining = 0;
|
||||
unsigned int max;
|
||||
|
||||
rv = ssl3_ExtConsumeHandshakeVariable(ss, &buf, 2, b, len);
|
||||
|
@ -7209,7 +7210,8 @@ ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena,
|
|||
}
|
||||
|
||||
/* Limit the number of schemes we read. */
|
||||
max = PR_MIN(buf.len / 2, MAX_SIGNATURE_SCHEMES);
|
||||
numRemaining = buf.len / 2;
|
||||
max = PR_MIN(numRemaining, MAX_SIGNATURE_SCHEMES);
|
||||
|
||||
if (arena) {
|
||||
schemes = PORT_ArenaZNewArray(arena, SSLSignatureScheme, max);
|
||||
|
@ -7221,7 +7223,7 @@ ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena,
|
|||
return SECFailure;
|
||||
}
|
||||
|
||||
for (; max; --max) {
|
||||
for (; numRemaining && numSupported < MAX_SIGNATURE_SCHEMES; --numRemaining) {
|
||||
PRUint32 tmp;
|
||||
rv = ssl3_ExtConsumeHandshakeNumber(ss, &tmp, 2, &buf.data, &buf.len);
|
||||
if (rv != SECSuccess) {
|
||||
|
@ -7230,11 +7232,11 @@ ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena,
|
|||
return SECFailure;
|
||||
}
|
||||
if (ssl_IsSupportedSignatureScheme((SSLSignatureScheme)tmp)) {
|
||||
schemes[numSchemes++] = (SSLSignatureScheme)tmp;
|
||||
schemes[numSupported++] = (SSLSignatureScheme)tmp;
|
||||
}
|
||||
}
|
||||
|
||||
if (!numSchemes) {
|
||||
if (!numSupported) {
|
||||
if (!arena) {
|
||||
PORT_Free(schemes);
|
||||
}
|
||||
|
@ -7243,7 +7245,7 @@ ssl_ParseSignatureSchemes(const sslSocket *ss, PLArenaPool *arena,
|
|||
|
||||
done:
|
||||
*schemesOut = schemes;
|
||||
*numSchemesOut = numSchemes;
|
||||
*numSchemesOut = numSupported;
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
|
@ -9570,7 +9572,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, PRUint8 *b, PRUint32 length)
|
|||
ss->sec.peerCert);
|
||||
if (rv != SECSuccess) {
|
||||
errCode = PORT_GetError();
|
||||
desc = decrypt_error;
|
||||
desc = illegal_parameter;
|
||||
goto alert_loser;
|
||||
}
|
||||
|
||||
|
|
|
@ -230,7 +230,7 @@ typedef struct {
|
|||
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
|
||||
|
||||
/* MAX_SIGNATURE_SCHEMES allows for all the values we support. */
|
||||
#define MAX_SIGNATURE_SCHEMES 15
|
||||
#define MAX_SIGNATURE_SCHEMES 18
|
||||
|
||||
typedef struct sslOptionsStr {
|
||||
/* If SSL_SetNextProtoNego has been called, then this contains the
|
||||
|
|
Загрузка…
Ссылка в новой задаче