Bug 1488622 - land NSS 8f6014565b91 UPGRADE_NSS_RELEASE, r=me

--HG--
extra : rebase_source : 1180690809ff920138698dd60c6c9177fa8d4331
This commit is contained in:
J.C. Jones 2018-09-06 10:42:40 -07:00
parent 2a86142e74
commit 80120fa560
7 changed files with 141 additions and 14 deletions

View File

@ -1 +1 @@
229a3a57f42a
8f6014565b91

View File

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."

View File

@ -171,23 +171,145 @@ TEST_P(TlsConnectGenericResumption, ConnectResumeClientNoneServerBoth) {
SendReceive();
}
TEST_P(TlsConnectGenericPre13, ConnectResumeWithHigherVersion) {
TEST_P(TlsConnectGenericPre13, ResumeWithHigherVersionTls13) {
uint16_t lower_version = version_;
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
Connect();
SendReceive();
CheckKeys();
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
EnsureTlsSetup();
auto psk_ext = std::make_shared<TlsExtensionCapture>(
client_, ssl_tls13_pre_shared_key_xtn);
auto ticket_ext =
std::make_shared<TlsExtensionCapture>(client_, ssl_session_ticket_xtn);
client_->SetFilter(std::make_shared<ChainedPacketFilter>(
ChainedPacketFilterInit({psk_ext, ticket_ext})));
SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_3);
client_->SetVersionRange(lower_version, SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(lower_version, SSL_LIBRARY_VERSION_TLS_1_3);
ExpectResumption(RESUME_NONE);
Connect();
// The client shouldn't have sent a PSK, though it will send a ticket.
EXPECT_FALSE(psk_ext->captured());
EXPECT_TRUE(ticket_ext->captured());
}
class CaptureSessionId : public TlsHandshakeFilter {
public:
CaptureSessionId(const std::shared_ptr<TlsAgent>& a)
: TlsHandshakeFilter(
a, {kTlsHandshakeClientHello, kTlsHandshakeServerHello}),
sid_() {}
const DataBuffer& sid() const { return sid_; }
protected:
PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
const DataBuffer& input,
DataBuffer* output) override {
// The session_id is in the same place in both Hello messages:
size_t offset = 2 + 32; // Version(2) + Random(32)
uint32_t len = 0;
EXPECT_TRUE(input.Read(offset, 1, &len));
offset++;
if (input.len() < offset + len) {
ADD_FAILURE() << "session_id overflows the Hello message";
return KEEP;
}
sid_.Assign(input.data() + offset, len);
return KEEP;
}
private:
DataBuffer sid_;
};
// Attempting to resume from TLS 1.2 when 1.3 is possible should not result in
// resumption, though it will appear to be TLS 1.3 compatibility mode if the
// server uses a session ID.
TEST_P(TlsConnectGenericPre13, ResumeWithHigherVersionTls13SessionId) {
uint16_t lower_version = version_;
ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_1);
SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1);
auto original_sid = MakeTlsFilter<CaptureSessionId>(server_);
Connect();
CheckKeys();
EXPECT_EQ(32U, original_sid->sid().len());
// The client should now attempt to resume with the session ID from the last
// connection. This looks like compatibility mode, we just want to ensure
// that we get TLS 1.3 rather than 1.2 (and no resumption).
Reset();
auto client_sid = MakeTlsFilter<CaptureSessionId>(client_);
auto server_sid = MakeTlsFilter<CaptureSessionId>(server_);
ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID);
SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_3);
client_->SetVersionRange(lower_version, SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(lower_version, SSL_LIBRARY_VERSION_TLS_1_3);
ExpectResumption(RESUME_NONE);
Connect();
SendReceive();
EXPECT_EQ(client_sid->sid(), original_sid->sid());
if (variant_ == ssl_variant_stream) {
EXPECT_EQ(client_sid->sid(), server_sid->sid());
} else {
// DTLS servers don't echo the session ID.
EXPECT_EQ(0U, server_sid->sid().len());
}
}
TEST_P(TlsConnectPre12, ResumeWithHigherVersionTls12) {
uint16_t lower_version = version_;
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
Connect();
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
EnsureTlsSetup();
SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_2);
client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_2);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_2);
SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_3);
client_->SetVersionRange(lower_version, SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(lower_version, SSL_LIBRARY_VERSION_TLS_1_3);
ExpectResumption(RESUME_NONE);
Connect();
}
TEST_P(TlsConnectGenericPre13, ResumeWithLowerVersionFromTls13) {
uint16_t original_version = version_;
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_3);
Connect();
SendReceive();
CheckKeys();
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
ConfigureVersion(original_version);
ExpectResumption(RESUME_NONE);
Connect();
SendReceive();
}
TEST_P(TlsConnectPre12, ResumeWithLowerVersionFromTls12) {
uint16_t original_version = version_;
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
ConfigureVersion(SSL_LIBRARY_VERSION_TLS_1_2);
Connect();
SendReceive();
CheckKeys();
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
ConfigureVersion(original_version);
ExpectResumption(RESUME_NONE);
Connect();
SendReceive();
}
TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicketForget) {
// This causes a ticket resumption.
ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);

View File

@ -114,8 +114,7 @@
'intel-gcm-x64-masm.asm',
],
}],
[ 'cc_use_gnu_ld!=1 and target_arch!="x64"', {
# not x64
[ 'cc_use_gnu_ld!=1 and target_arch=="ia32"', {
'sources': [
'mpi/mpi_x86_asm.c',
'intel-aes-x86-masm.asm',

View File

@ -6386,15 +6386,18 @@ ssl_CheckServerSessionIdCorrectness(sslSocket *ss, SECItem *sidBytes)
/* TLS 1.2: Session ID shouldn't match if we sent a fake. */
if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) {
return !sentFakeSid || !sidMatch;
if (sentFakeSid) {
return !sidMatch;
}
return PR_TRUE;
}
/* TLS 1.3: We sent a session ID. The server's should match. */
if (sentRealSid || sentFakeSid) {
if (!IS_DTLS(ss) && (sentRealSid || sentFakeSid)) {
return sidMatch;
}
/* TLS 1.3: The server shouldn't send a session ID. */
/* TLS 1.3 (no SID)/DTLS 1.3: The server shouldn't send a session ID. */
return sidBytes->len == 0;
}

View File

@ -2499,6 +2499,7 @@ tls13_HandleServerHelloPart2(sslSocket *ss)
}
if (ss->statelessResume) {
PORT_Assert(sid->version >= SSL_LIBRARY_VERSION_TLS_1_3);
if (tls13_GetHash(ss) !=
tls13_GetHashForCipherSuite(sid->u.ssl3.cipherSuite)) {
FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_SERVER_HELLO,

View File

@ -396,6 +396,7 @@ tls13_ClientSendPreSharedKeyXtn(const sslSocket *ss, TLSExtensionData *xtnData,
xtnData->lastXtnOffset = buf->len - 4;
PORT_Assert(ss->vrange.max >= SSL_LIBRARY_VERSION_TLS_1_3);
PORT_Assert(ss->sec.ci.sid->version >= SSL_LIBRARY_VERSION_TLS_1_3);
/* Send a single ticket identity. */
session_ticket = &ss->sec.ci.sid->u.ssl3.locked.sessionTicket;