diff options
author | Elio Maldonado <emaldona@redhat.com> | 2016-04-27 18:00:30 -0700 |
---|---|---|
committer | Elio Maldonado <emaldona@redhat.com> | 2016-04-27 18:00:30 -0700 |
commit | da087b5c5d4a81c2e85968437bae16d90ef6948c (patch) | |
tree | f643201b5bb75e2a6698515207394b322e9fd559 | |
parent | 4b83891959de1b620511fa05bf4571e147094e70 (diff) | |
download | nss-hg-da087b5c5d4a81c2e85968437bae16d90ef6948c.tar.gz |
extrenal-test like in default
-rw-r--r-- | external_tests/common/scoped_ptrs.h | 20 | ||||
-rw-r--r-- | external_tests/ssl_gtest/libssl_internals.c | 7 | ||||
-rw-r--r-- | external_tests/ssl_gtest/ssl_extension_unittest.cc | 4 | ||||
-rw-r--r-- | external_tests/ssl_gtest/ssl_loopback_unittest.cc | 184 | ||||
-rw-r--r-- | external_tests/ssl_gtest/ssl_skip_unittest.cc | 6 | ||||
-rw-r--r-- | external_tests/ssl_gtest/tls_agent.cc | 132 | ||||
-rw-r--r-- | external_tests/ssl_gtest/tls_agent.h | 38 | ||||
-rw-r--r-- | external_tests/ssl_gtest/tls_connect.cc | 48 | ||||
-rw-r--r-- | external_tests/ssl_gtest/tls_connect.h | 14 | ||||
-rw-r--r-- | lib/ssl/ssl3con.c | 99 |
10 files changed, 335 insertions, 217 deletions
diff --git a/external_tests/common/scoped_ptrs.h b/external_tests/common/scoped_ptrs.h index 374ad2a04..261ff7a9c 100644 --- a/external_tests/common/scoped_ptrs.h +++ b/external_tests/common/scoped_ptrs.h @@ -7,20 +7,23 @@ #ifndef scoped_ptrs_h__ #define scoped_ptrs_h__ +#include "cert.h" #include "keyhi.h" +#include "pk11pub.h" namespace nss_test { struct ScopedDelete { + void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); } + void operator()(CERTSubjectPublicKeyInfo* spki) { + SECKEY_DestroySubjectPublicKeyInfo(spki); + } void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); } - void operator()(SECItem* item) { SECITEM_FreeItem(item, true); } void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); } + void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); } + void operator()(SECItem* item) { SECITEM_FreeItem(item, true); } void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); } void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); } - void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); } - void operator()(CERTSubjectPublicKeyInfo* spki) { - SECKEY_DestroySubjectPublicKeyInfo(spki); - } }; template<class T> @@ -30,13 +33,14 @@ struct ScopedMaybeDelete { #define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped ## x +SCOPED(CERTCertificate); +SCOPED(CERTSubjectPublicKeyInfo); SCOPED(PK11SlotInfo); -SCOPED(SECItem); SCOPED(PK11SymKey); +SCOPED(SECAlgorithmID); +SCOPED(SECItem); SCOPED(SECKEYPublicKey); SCOPED(SECKEYPrivateKey); -SCOPED(SECAlgorithmID); -SCOPED(CERTSubjectPublicKeyInfo); #undef SCOPED diff --git a/external_tests/ssl_gtest/libssl_internals.c b/external_tests/ssl_gtest/libssl_internals.c index 48d4412f8..17580ad67 100644 --- a/external_tests/ssl_gtest/libssl_internals.c +++ b/external_tests/ssl_gtest/libssl_internals.c @@ -29,11 +29,14 @@ PRUint32 SSLInt_DetermineKEABits(PRUint16 serverKeyBits, SSLAuthType authAlgorithm) { // For ECDSA authentication we expect a curve for key exchange with the // same strength as the one used for the certificate's signature. - if (authAlgorithm == ssl_auth_ecdsa) { + if (authAlgorithm == ssl_auth_ecdsa || + authAlgorithm == ssl_auth_ecdh_rsa || + authAlgorithm == ssl_auth_ecdh_ecdsa) { return serverKeyBits; } - PORT_Assert(authAlgorithm == ssl_auth_rsa); + PORT_Assert(authAlgorithm == ssl_auth_rsa_decrypt || + authAlgorithm == ssl_auth_rsa_sign); PRUint32 minKeaBits; #ifdef NSS_ECC_MORE_THAN_SUITE_B // P-192 is the smallest curve we want to use. diff --git a/external_tests/ssl_gtest/ssl_extension_unittest.cc b/external_tests/ssl_gtest/ssl_extension_unittest.cc index a9e235e36..acbf6859f 100644 --- a/external_tests/ssl_gtest/ssl_extension_unittest.cc +++ b/external_tests/ssl_gtest/ssl_extension_unittest.cc @@ -555,7 +555,7 @@ TEST_P(TlsExtensionTestPre13, SignedCertificateTimestampsHandshake) { server_->StartConnect(); ASSERT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(), - &si_timestamps, server_->kea())); + &si_timestamps, ssl_kea_rsa)); client_->StartConnect(); ASSERT_EQ(SECSuccess, @@ -577,7 +577,7 @@ TEST_P(TlsExtensionTestPre13, SignedCertificateTimestampsInactiveClient) { server_->StartConnect(); ASSERT_EQ(SECSuccess, SSL_SetSignedCertTimestamps(server_->ssl_fd(), - &si_timestamps, server_->kea())); + &si_timestamps, ssl_kea_rsa)); client_->StartConnect(); diff --git a/external_tests/ssl_gtest/ssl_loopback_unittest.cc b/external_tests/ssl_gtest/ssl_loopback_unittest.cc index c5b0174af..d4db35676 100644 --- a/external_tests/ssl_gtest/ssl_loopback_unittest.cc +++ b/external_tests/ssl_gtest/ssl_loopback_unittest.cc @@ -16,6 +16,7 @@ extern "C" { #include "libssl_internals.h" } +#include "scoped_ptrs.h" #include "tls_parser.h" #include "tls_filter.h" #include "tls_connect.h" @@ -109,44 +110,46 @@ class TlsServerKeyExchangeEcdhe { DataBuffer public_key_; }; -class TlsChaCha20Poly1305Test : public TlsConnectTls12 { - public: - void ConnectSendReceive(PRUint32 cipher_suite) - { - // Disable all ciphers. - client_->DisableCiphersByKeyExchange(ssl_kea_rsa); - client_->DisableCiphersByKeyExchange(ssl_kea_dh); - client_->DisableCiphersByKeyExchange(ssl_kea_ecdh); - - // Re-enable ChaCha20/Poly1305. - SECStatus rv = SSL_CipherPrefSet(client_->ssl_fd(), cipher_suite, PR_TRUE); - EXPECT_EQ(SECSuccess, rv); - - Connect(); - SendReceive(); - - // Check that we used the right cipher suite. - uint16_t actual, expected = static_cast<int16_t>(cipher_suite); - EXPECT_TRUE(client_->cipher_suite(&actual) && actual == expected); - EXPECT_TRUE(server_->cipher_suite(&actual) && actual == expected); - } -}; +class TlsChaCha20Poly1305Test : public TlsConnectTls12 {}; TEST_P(TlsConnectGeneric, SetupOnly) {} TEST_P(TlsConnectGeneric, Connect) { SetExpectedVersion(std::get<1>(GetParam())); Connect(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); } TEST_P(TlsConnectGeneric, ConnectEcdsa) { SetExpectedVersion(std::get<1>(GetParam())); - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); Connect(); CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa); } +TEST_P(TlsConnectGenericPre13, ConnectEcdh) { + SetExpectedVersion(std::get<1>(GetParam())); + Reset(TlsAgent::kServerEcdhEcdsa); + DisableDheAndEcdheCiphers(); + EnableSomeEcdhCiphers(); + + Connect(); + CheckKeys(ssl_kea_ecdh, ssl_auth_ecdh_ecdsa); +} + +TEST_P(TlsConnectGenericPre13, ConnectEcdhWithoutDisablingSuites) { + SetExpectedVersion(std::get<1>(GetParam())); + Reset(TlsAgent::kServerEcdhEcdsa); + EnableSomeEcdhCiphers(); + + Connect(); + CheckKeys(ssl_kea_ecdh, ssl_auth_ecdh_ecdsa); +} + +TEST_P(TlsConnectStreamPre13, ConnectRC4) { + ConnectWithCipherSuite(TLS_RSA_WITH_RC4_128_SHA); +} + TEST_P(TlsConnectGenericPre13, ConnectFalseStart) { client_->EnableFalseStart(); Connect(); @@ -157,7 +160,7 @@ TEST_P(TlsConnectGenericPre13, ConnectResumed) { ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID); Connect(); - ResetRsa(); + Reset(); ExpectResumption(RESUME_SESSIONID); Connect(); } @@ -167,7 +170,7 @@ TEST_P(TlsConnectGeneric, ConnectClientCacheDisabled) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ExpectResumption(RESUME_NONE); Connect(); SendReceive(); @@ -178,7 +181,7 @@ TEST_P(TlsConnectGeneric, ConnectServerCacheDisabled) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ExpectResumption(RESUME_NONE); Connect(); SendReceive(); @@ -189,7 +192,7 @@ TEST_P(TlsConnectGeneric, ConnectSessionCacheDisabled) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ExpectResumption(RESUME_NONE); Connect(); SendReceive(); @@ -201,7 +204,7 @@ TEST_P(TlsConnectGeneric, ConnectResumeSupportBoth) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); ExpectResumption(RESUME_TICKET); Connect(); @@ -215,7 +218,7 @@ TEST_P(TlsConnectGeneric, ConnectResumeClientTicketServerBoth) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ConfigureSessionCache(RESUME_TICKET, RESUME_BOTH); ExpectResumption(RESUME_NONE); Connect(); @@ -228,7 +231,7 @@ TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicket) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); ExpectResumption(RESUME_TICKET); Connect(); @@ -242,7 +245,7 @@ TEST_P(TlsConnectGenericPre13, ConnectResumeClientServerTicketOnly) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET); ExpectResumption(RESUME_NONE); Connect(); @@ -254,7 +257,7 @@ TEST_P(TlsConnectGenericPre13, ConnectResumeClientBothServerNone) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_NONE); ExpectResumption(RESUME_NONE); Connect(); @@ -266,7 +269,7 @@ TEST_P(TlsConnectGenericPre13, ConnectResumeClientNoneServerBoth) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ConfigureSessionCache(RESUME_NONE, RESUME_BOTH); ExpectResumption(RESUME_NONE); Connect(); @@ -283,7 +286,7 @@ TEST_P(TlsConnectGenericPre13, ConnectResumeWithHigherVersion) { SSL_LIBRARY_VERSION_TLS_1_1); Connect(); - ResetRsa(); + Reset(); EnsureTlsSetup(); SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_2); client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, @@ -300,7 +303,7 @@ TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicketForget) { Connect(); SendReceive(); - ResetRsa(); + Reset(); ClearServerCache(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); ExpectResumption(RESUME_NONE); @@ -308,11 +311,56 @@ TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicketForget) { SendReceive(); } +// This callback switches out the "server" cert used on the server with +// the "client" certificate, which should be the same type. +static int32_t SwitchCertificates(TlsAgent& agent, const SECItem *srvNameArr, + uint32_t srvNameArrSize) { + bool ok = agent.ConfigServerCert("client"); + if (!ok) return SSL_SNI_SEND_ALERT; + + return 0; // first config +}; + +TEST_P(TlsConnectGeneric, ServerSNICertSwitch) { + Connect(); + ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd())); + + Reset(); + EnsureTlsSetup(); + ConfigureSessionCache(RESUME_NONE, RESUME_NONE); + + server_->SetSniCallback(SwitchCertificates); + + Connect(); + ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd())); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); + EXPECT_FALSE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); +} + +TEST_P(TlsConnectGeneric, ServerSNICertTypeSwitch) { + Reset(TlsAgent::kServerEcdsa); + Connect(); + ScopedCERTCertificate cert1(SSL_PeerCertificate(client_->ssl_fd())); + + Reset(); + EnsureTlsSetup(); + ConfigureSessionCache(RESUME_NONE, RESUME_NONE); + + // Because we configure an RSA certificate here, it only adds a second, unused + // certificate, which has no effect on what the server uses. + server_->SetSniCallback(SwitchCertificates); + + Connect(); + ScopedCERTCertificate cert2(SSL_PeerCertificate(client_->ssl_fd())); + CheckKeys(ssl_kea_ecdh, ssl_auth_ecdsa); + EXPECT_TRUE(SECITEM_ItemsAreEqual(&cert1->derCert, &cert2->derCert)); +} + TEST_P(TlsConnectGeneric, ClientAuth) { client_->SetupClientAuth(); server_->RequestClientAuth(true); Connect(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); } // In TLS 1.3, the client sends its cert rejection on the @@ -328,12 +376,12 @@ TEST_P(TlsConnectStream, DISABLED_ClientAuthRequiredRejected) { TEST_P(TlsConnectGeneric, ClientAuthRequestedRejected) { server_->RequestClientAuth(false); Connect(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); } TEST_P(TlsConnectGeneric, ClientAuthEcdsa) { - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); client_->SetupClientAuth(); server_->RequestClientAuth(true); Connect(); @@ -360,7 +408,7 @@ TEST_P(TlsConnectGeneric, SignatureAlgorithmServerAuth) { PR_ARRAY_SIZE(SignatureEcdsaSha384)); server_->SetSignatureAlgorithms(SignatureEcdsaSha384, PR_ARRAY_SIZE(SignatureEcdsaSha384)); - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); Connect(); } @@ -374,7 +422,7 @@ TEST_P(TlsConnectGeneric, SignatureAlgorithmClientOnly) { }; client_->SetSignatureAlgorithms(clientAlgorithms, PR_ARRAY_SIZE(clientAlgorithms)); - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); Connect(); } @@ -383,7 +431,7 @@ TEST_P(TlsConnectGeneric, SignatureAlgorithmClientOnly) { TEST_P(TlsConnectGeneric, SignatureAlgorithmServerOnly) { server_->SetSignatureAlgorithms(SignatureEcdsaSha384, PR_ARRAY_SIZE(SignatureEcdsaSha384)); - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); Connect(); } @@ -397,19 +445,19 @@ TEST_P(TlsConnectGenericPre13, SignatureAlgorithmNoOverlapStaticRsa) { PR_ARRAY_SIZE(SignatureRsaSha256)); DisableDheAndEcdheCiphers(); Connect(); - CheckKeys(ssl_kea_rsa, ssl_auth_rsa); + CheckKeys(ssl_kea_rsa, ssl_auth_rsa_decrypt); } TEST_P(TlsConnectGenericPre13, ConnectStaticRSA) { DisableDheAndEcdheCiphers(); Connect(); - CheckKeys(ssl_kea_rsa, ssl_auth_rsa); + CheckKeys(ssl_kea_rsa, ssl_auth_rsa_decrypt); } // Signature algorithms governs both verification and generation of signatures. // With ECDSA, we need to at least have a common signature algorithm configured. TEST_P(TlsConnectTls12, SignatureAlgorithmNoOverlapEcdsa) { - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); client_->SetSignatureAlgorithms(SignatureEcdsaSha384, PR_ARRAY_SIZE(SignatureEcdsaSha384)); server_->SetSignatureAlgorithms(SignatureEcdsaSha256, @@ -419,7 +467,7 @@ TEST_P(TlsConnectTls12, SignatureAlgorithmNoOverlapEcdsa) { // Pre 1.2, a mismatch on signature algorithms shouldn't affect anything. TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) { - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); client_->SetSignatureAlgorithms(SignatureEcdsaSha384, PR_ARRAY_SIZE(SignatureEcdsaSha384)); server_->SetSignatureAlgorithms(SignatureEcdsaSha256, @@ -538,7 +586,7 @@ TEST_P(TlsConnectStreamPre13, ConnectAndServerRenegotiate) { TEST_P(TlsConnectGenericPre13, ConnectDhe) { DisableEcdheCiphers(); Connect(); - CheckKeys(ssl_kea_dh, ssl_auth_rsa); + CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign); } // Test that a totally bogus EPMS is handled correctly. @@ -584,7 +632,7 @@ TEST_P(TlsConnectGenericPre13, ConnectStaticRSABogusPMSVersionIgnore) { TEST_P(TlsConnectGeneric, ConnectEcdhe) { Connect(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); } // Prior to TLS 1.3, we were not fully ephemeral; though 1.3 fixes that @@ -593,18 +641,18 @@ TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceReuseKey) { new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange); server_->SetPacketFilter(i1); Connect(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); TlsServerKeyExchangeEcdhe dhe1; EXPECT_TRUE(dhe1.Parse(i1->buffer())); // Restart - ResetRsa(); + Reset(); TlsInspectorRecordHandshakeMessage* i2 = new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange); server_->SetPacketFilter(i2); ConfigureSessionCache(RESUME_NONE, RESUME_NONE); Connect(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); TlsServerKeyExchangeEcdhe dhe2; EXPECT_TRUE(dhe2.Parse(i2->buffer())); @@ -625,12 +673,12 @@ TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceNewKey) { new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange); server_->SetPacketFilter(i1); Connect(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); TlsServerKeyExchangeEcdhe dhe1; EXPECT_TRUE(dhe1.Parse(i1->buffer())); // Restart - ResetRsa(); + Reset(); server_->EnsureTlsSetup(); rv = SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE); EXPECT_EQ(SECSuccess, rv); @@ -639,7 +687,7 @@ TEST_P(TlsConnectGenericPre13, ConnectEcdheTwiceNewKey) { server_->SetPacketFilter(i2); ConfigureSessionCache(RESUME_NONE, RESUME_NONE); Connect(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); TlsServerKeyExchangeEcdhe dhe2; EXPECT_TRUE(dhe2.Parse(i2->buffer())); @@ -656,16 +704,16 @@ TEST_P(TlsConnectGeneric, ConnectSendReceive) { } TEST_P(TlsChaCha20Poly1305Test, SendReceiveChaCha20Poly1305DheRsa) { - ConnectSendReceive(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256); + ConnectWithCipherSuite(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256); } TEST_P(TlsChaCha20Poly1305Test, SendReceiveChaCha20Poly1305EcdheRsa) { - ConnectSendReceive(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256); + ConnectWithCipherSuite(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256); } TEST_P(TlsChaCha20Poly1305Test, SendReceiveChaCha20Poly1305EcdheEcdsa) { - ResetEcdsa(); - ConnectSendReceive(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256); + Reset(TlsAgent::kServerEcdsa); + ConnectWithCipherSuite(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256); } // The next two tests takes advantage of the fact that we @@ -709,7 +757,7 @@ TEST_P(TlsConnectStream, ShortRead) { TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecret) { EnableExtendedMasterSecret(); Connect(); - ResetRsa(); + Reset(); ExpectResumption(RESUME_SESSIONID); EnableExtendedMasterSecret(); Connect(); @@ -764,7 +812,7 @@ TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretECDHE) { EnableExtendedMasterSecret(); Connect(); - ResetRsa(); + Reset(); EnableExtendedMasterSecret(); ExpectResumption(RESUME_SESSIONID); Connect(); @@ -775,7 +823,7 @@ TEST_P(TlsConnectGenericPre13, ConnectExtendedMasterSecretTicket) { EnableExtendedMasterSecret(); Connect(); - ResetRsa(); + Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); EnableExtendedMasterSecret(); @@ -802,7 +850,7 @@ TEST_P(TlsConnectGenericPre13, EnableExtendedMasterSecret(); Connect(); - ResetRsa(); + Reset(); server_->EnableExtendedMasterSecret(); auto alert_recorder = new TlsAlertRecorder(); server_->SetPacketFilter(alert_recorder); @@ -817,7 +865,7 @@ TEST_P(TlsConnectGenericPre13, ExpectExtendedMasterSecret(false); Connect(); - ResetRsa(); + Reset(); EnableExtendedMasterSecret(); ExpectResumption(RESUME_NONE); Connect(); @@ -955,11 +1003,11 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) { SSL_LIBRARY_VERSION_TLS_1_3); Connect(); SendReceive(); // Need to read so that we absorb the session ticket. - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); uint16_t original_suite; EXPECT_TRUE(client_->cipher_suite(&original_suite)); - ResetRsa(); + Reset(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); TlsExtensionCapture *c1 = new TlsExtensionCapture(kTlsExtensionPreSharedKey); @@ -970,12 +1018,12 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) { ExpectResumption(RESUME_TICKET); Connect(); SendReceive(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); DataBuffer psk1(c1->extension()); ASSERT_GE(psk1.len(), 0UL); ASSERT_TRUE(!!client_->peer_cert()); - ResetRsa(); + Reset(); ClearStats(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); TlsExtensionCapture *c2 = @@ -987,7 +1035,7 @@ TEST_F(TlsConnectTest, TestTls13ResumptionTwice) { ExpectResumption(RESUME_TICKET); Connect(); SendReceive(); - CheckKeys(ssl_kea_ecdh, ssl_auth_rsa); + CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign); DataBuffer psk2(c2->extension()); ASSERT_GE(psk2.len(), 0UL); ASSERT_TRUE(!!client_->peer_cert()); diff --git a/external_tests/ssl_gtest/ssl_skip_unittest.cc b/external_tests/ssl_gtest/ssl_skip_unittest.cc index 86d019da7..1730510ac 100644 --- a/external_tests/ssl_gtest/ssl_skip_unittest.cc +++ b/external_tests/ssl_gtest/ssl_skip_unittest.cc @@ -120,7 +120,7 @@ TEST_P(TlsSkipTest, SkipCertificateEcdhe) { } TEST_P(TlsSkipTest, SkipCertificateEcdsa) { - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate)); client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH); } @@ -131,7 +131,7 @@ TEST_P(TlsSkipTest, SkipServerKeyExchange) { } TEST_P(TlsSkipTest, SkipServerKeyExchangeEcdsa) { - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeServerKeyExchange)); client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); } @@ -145,7 +145,7 @@ TEST_P(TlsSkipTest, SkipCertAndKeyExch) { } TEST_P(TlsSkipTest, SkipCertAndKeyExchEcdsa) { - ResetEcdsa(); + Reset(TlsAgent::kServerEcdsa); auto chain = new ChainedPacketFilter(); chain->Add(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate)); chain->Add(new TlsHandshakeSkipFilter(kTlsHandshakeServerKeyExchange)); diff --git a/external_tests/ssl_gtest/tls_agent.cc b/external_tests/ssl_gtest/tls_agent.cc index c0af1ebb5..22d6828a7 100644 --- a/external_tests/ssl_gtest/tls_agent.cc +++ b/external_tests/ssl_gtest/tls_agent.cc @@ -20,16 +20,24 @@ extern "C" { #define GTEST_HAS_RTTI 0 #include "gtest/gtest.h" +#include "scoped_ptrs.h" namespace nss_test { const char* TlsAgent::states[] = {"INIT", "CONNECTING", "CONNECTED", "ERROR"}; -TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea) +const std::string TlsAgent::kClient = "client"; // both sign and encrypt +const std::string TlsAgent::kServerRsa = "rsa"; // both sign and encrypt +const std::string TlsAgent::kServerRsaSign = "rsa_sign"; +const std::string TlsAgent::kServerRsaDecrypt = "rsa_decrypt"; +const std::string TlsAgent::kServerEcdsa = "ecdsa"; +const std::string TlsAgent::kServerEcdhRsa = "ecdh_rsa"; // not supported yet +const std::string TlsAgent::kServerEcdhEcdsa = "ecdh_ecdsa"; + +TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode) : name_(name), mode_(mode), - kea_(kea), server_key_bits_(0), pr_fd_(nullptr), adapter_(nullptr), @@ -50,7 +58,8 @@ TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea recv_ctr_(0), expected_read_error_(false), handshake_callback_(), - auth_certificate_callback_() { + auth_certificate_callback_(), + sni_callback_() { memset(&info_, 0, sizeof(info_)); memset(&csinfo_, 0, sizeof(csinfo_)); @@ -77,6 +86,30 @@ TlsAgent::~TlsAgent() { } } +bool TlsAgent::ConfigServerCert(const std::string& name, bool updateKeyBits) { + ScopedCERTCertificate cert(PK11_FindCertFromNickname(name.c_str(), nullptr)); + EXPECT_NE(nullptr, cert.get()); + if (!cert.get()) return false; + + ScopedSECKEYPublicKey pub(CERT_ExtractPublicKey(cert.get())); + EXPECT_NE(nullptr, pub.get()); + if (!pub.get()) return false; + if (updateKeyBits) { + server_key_bits_ = SECKEY_PublicKeyStrengthInBits(pub.get()); + } + + ScopedSECKEYPrivateKey priv(PK11_FindKeyByAnyCert(cert.get(), nullptr)); + EXPECT_NE(nullptr, priv.get()); + if (!priv.get()) return false; + + SECStatus rv = SSL_ConfigSecureServer(ssl_fd_, nullptr, nullptr, ssl_kea_null); + EXPECT_EQ(SECFailure, rv); + rv = SSL_ConfigServerCert(ssl_fd_, cert.get(), priv.get(), nullptr, 0); + EXPECT_EQ(SECSuccess, rv); + + return rv == SECSuccess; +} + bool TlsAgent::EnsureTlsSetup() { // Don't set up twice if (ssl_fd_) return true; @@ -91,40 +124,22 @@ bool TlsAgent::EnsureTlsSetup() { if (!ssl_fd_) return false; pr_fd_ = nullptr; - if (role_ == SERVER) { - CERTCertificate* cert = PK11_FindCertFromNickname(name_.c_str(), nullptr); - EXPECT_NE(nullptr, cert); - if (!cert) return false; - - SECKEYPublicKey* pub = CERT_ExtractPublicKey(cert); - EXPECT_NE(nullptr, pub); - if (!pub) return false; // Leak cert. - server_key_bits_ = SECKEY_PublicKeyStrengthInBits(pub); - SECKEY_DestroyPublicKey(pub); - - SECKEYPrivateKey* priv = PK11_FindKeyByAnyCert(cert, nullptr); - EXPECT_NE(nullptr, priv); - if (!priv) return false; // Leak cert. - - SECStatus rv = SSL_ConfigSecureServer(ssl_fd_, cert, priv, kea_); - EXPECT_EQ(SECSuccess, rv); - if (rv != SECSuccess) return false; // Leak cert and key. + SECStatus rv = SSL_VersionRangeSet(ssl_fd_, &vrange_); + EXPECT_EQ(SECSuccess, rv); + if (rv != SECSuccess) return false; - SECKEY_DestroyPrivateKey(priv); - CERT_DestroyCertificate(cert); + if (role_ == SERVER) { + EXPECT_TRUE(ConfigServerCert(name_, true)); rv = SSL_SNISocketConfigHook(ssl_fd_, SniHook, this); - EXPECT_EQ(SECSuccess, rv); // don't abort, just fail + EXPECT_EQ(SECSuccess, rv); + if (rv != SECSuccess) return false; } else { - SECStatus rv = SSL_SetURL(ssl_fd_, "server"); + rv = SSL_SetURL(ssl_fd_, "server"); EXPECT_EQ(SECSuccess, rv); if (rv != SECSuccess) return false; } - SECStatus rv = SSL_VersionRangeSet(ssl_fd_, &vrange_); - EXPECT_EQ(SECSuccess, rv); - if (rv != SECSuccess) return false; - rv = SSL_AuthCertificateHook(ssl_fd_, AuthCertificateHook, this); EXPECT_EQ(SECSuccess, rv); if (rv != SECSuccess) return false; @@ -213,6 +228,30 @@ void TlsAgent::DisableCiphersByKeyExchange(SSLKEAType kea) { } } +void TlsAgent::EnableCiphersByAuthType(SSLAuthType authType) { + EXPECT_TRUE(EnsureTlsSetup()); + + for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) { + SSLCipherSuiteInfo csinfo; + + SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], + &csinfo, sizeof(csinfo)); + ASSERT_EQ(SECSuccess, rv); + + bool enable = csinfo.authType == authType; + rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], enable); + EXPECT_EQ(SECSuccess, rv); + } +} + +void TlsAgent::EnableSingleCipher(uint16_t cipher) { + for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) { + bool enable = SSL_ImplementedCiphers[i] == cipher; + SECStatus rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], enable); + EXPECT_EQ(SECSuccess, rv); + } +} + void TlsAgent::SetSessionTicketsEnabled(bool en) { EXPECT_TRUE(EnsureTlsSetup()); @@ -302,7 +341,7 @@ void TlsAgent::CheckKEAType(SSLKEAType type) const { EXPECT_EQ(type, csinfo_.keaType); PRUint32 ecKEAKeyBits = SSLInt_DetermineKEABits(server_key_bits_, - csinfo_.authAlgorithm); + csinfo_.authType); switch (type) { case ssl_kea_ecdh: @@ -321,14 +360,37 @@ void TlsAgent::CheckKEAType(SSLKEAType type) const { void TlsAgent::CheckAuthType(SSLAuthType type) const { EXPECT_EQ(STATE_CONNECTED, state_); - EXPECT_EQ(type, csinfo_.authAlgorithm); + EXPECT_EQ(type, csinfo_.authType); EXPECT_EQ(server_key_bits_, info_.authKeyBits); + + // Do some extra checks based on type. switch (type) { case ssl_auth_ecdsa: // extra check for P-256 EXPECT_EQ(256U, info_.authKeyBits); break; + default: + break; + } + + // Check authAlgorithm, which is the old value for authType. This is a second switch + // statement because default label is different. + switch (type) { + case ssl_auth_rsa_sign: + EXPECT_EQ(ssl_auth_rsa_decrypt, csinfo_.authAlgorithm) + << "authAlgorithm for RSA is always decrypt"; + break; + case ssl_auth_ecdh_rsa: + EXPECT_EQ(ssl_auth_rsa_decrypt, csinfo_.authAlgorithm) + << "authAlgorithm for ECDH_RSA is RSA decrypt (i.e., wrong)"; + break; + case ssl_auth_ecdh_ecdsa: + EXPECT_EQ(ssl_auth_ecdsa, csinfo_.authAlgorithm) + << "authAlgorithm for ECDH_ECDSA is ECDSA (i.e., wrong)"; + break; default: + EXPECT_EQ(type, csinfo_.authAlgorithm) + << "authAlgorithm is (usually) the same as authType"; break; } } @@ -472,7 +534,9 @@ void TlsAgent::CheckExtendedMasterSecret(bool expected) { if (version() >= SSL_LIBRARY_VERSION_TLS_1_3) { expected = PR_TRUE; } - ASSERT_EQ(expected, info_.extendedMasterSecretUsed != PR_FALSE) + ASSERT_TRUE(SSL_CHANNEL_INFO_FIELD_EXISTS(info_, extendedMasterSecretUsed)); + ASSERT_EQ(expected, + SSL_CHANNEL_INFO_FIELD_GET(info_, extendedMasterSecretUsed) != PR_FALSE) << "unexpected extended master secret state for " << name_; } @@ -639,8 +703,8 @@ static const std::string kTlsRolesAllArr[] = {"CLIENT", "SERVER"}; void TlsAgentTestBase::Init() { agent_ = new TlsAgent( - role_ == TlsAgent::CLIENT ? "client" : "server", - role_, mode_, kea_); + role_ == TlsAgent::CLIENT ? TlsAgent::kClient : TlsAgent::kServerRsa, + role_, mode_); agent_->Init(); fd_ = DummyPrSocket::CreateFD("dummy", mode_); agent_->adapter()->SetPeer( diff --git a/external_tests/ssl_gtest/tls_agent.h b/external_tests/ssl_gtest/tls_agent.h index ee4368217..5bc41e99a 100644 --- a/external_tests/ssl_gtest/tls_agent.h +++ b/external_tests/ssl_gtest/tls_agent.h @@ -39,12 +39,25 @@ typedef std::function<void(TlsAgent& agent)> HandshakeCallbackFunction; +typedef + std::function<int32_t(TlsAgent& agent, const SECItem *srvNameArr, + PRUint32 srvNameArrSize)> + SniCallbackFunction; + class TlsAgent : public PollTarget { public: enum Role { CLIENT, SERVER }; enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR }; - TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea); + static const std::string kClient; // the client key is sign only + static const std::string kServerRsa; // both sign and encrypt + static const std::string kServerRsaSign; + static const std::string kServerRsaDecrypt; + static const std::string kServerEcdsa; + static const std::string kServerEcdhEcdsa; + static const std::string kServerEcdhRsa; // not supported yet + + TlsAgent(const std::string& name, Role role, Mode mode); virtual ~TlsAgent(); bool Init() { @@ -74,6 +87,9 @@ class TlsAgent : public PollTarget { // Prepares for renegotiation, then actually triggers it. void StartRenegotiate(); void DisableCiphersByKeyExchange(SSLKEAType kea); + void EnableCiphersByAuthType(SSLAuthType authType); + void EnableSingleCipher(uint16_t cipher); + bool ConfigServerCert(const std::string& name, bool updateKeyBits = false); bool EnsureTlsSetup(); void SetupClientAuth(); @@ -118,8 +134,6 @@ class TlsAgent : public PollTarget { State state() const { return state_; } - SSLKEAType kea() const { return kea_; } - const CERTCertificate* peer_cert() const { return SSL_PeerCertificate(ssl_fd_); } @@ -174,6 +188,10 @@ class TlsAgent : public PollTarget { auth_certificate_callback_ = auth_certificate_callback; } + void SetSniCallback(SniCallbackFunction sni_callback) { + sni_callback_ = sni_callback; + } + private: const static char* states[]; @@ -204,7 +222,7 @@ class TlsAgent : public PollTarget { EXPECT_TRUE(agent->expect_client_auth_); EXPECT_TRUE(isServer); if (agent->auth_certificate_callback_) { - agent->auth_certificate_callback_(*agent, checksig, isServer); + return agent->auth_certificate_callback_(*agent, checksig, isServer); } return SECSuccess; } @@ -243,6 +261,9 @@ class TlsAgent : public PollTarget { agent->CheckPreliminaryInfo(); agent->sni_hook_called_ = true; EXPECT_EQ(1UL, srvNameArrSize); + if (agent->sni_callback_) { + return agent->sni_callback_(*agent, srvNameArr, srvNameArrSize); + } return 0; // First configuration. } @@ -271,7 +292,6 @@ class TlsAgent : public PollTarget { const std::string name_; Mode mode_; - SSLKEAType kea_; uint16_t server_key_bits_; PRFileDesc* pr_fd_; DummyPrSocket* adapter_; @@ -297,6 +317,7 @@ class TlsAgent : public PollTarget { bool expected_read_error_; HandshakeCallbackFunction handshake_callback_; AuthCertificateCallbackFunction auth_certificate_callback_; + SniCallbackFunction sni_callback_; }; class TlsAgentTestBase : public ::testing::Test { @@ -305,10 +326,9 @@ class TlsAgentTestBase : public ::testing::Test { TlsAgentTestBase(TlsAgent::Role role, Mode mode) : agent_(nullptr), - fd_(nullptr), - role_(role), - mode_(mode), - kea_(ssl_kea_rsa) {} + fd_(nullptr), + role_(role), + mode_(mode) {} ~TlsAgentTestBase() { delete agent_; if (fd_) { diff --git a/external_tests/ssl_gtest/tls_connect.cc b/external_tests/ssl_gtest/tls_connect.cc index 103da7ec7..97c42e8ad 100644 --- a/external_tests/ssl_gtest/tls_connect.cc +++ b/external_tests/ssl_gtest/tls_connect.cc @@ -105,8 +105,8 @@ static std::string VersionString(uint16_t version) { TlsConnectTestBase::TlsConnectTestBase(Mode mode, uint16_t version) : mode_(mode), - client_(new TlsAgent("client", TlsAgent::CLIENT, mode_, ssl_kea_rsa)), - server_(new TlsAgent("server", TlsAgent::SERVER, mode_, ssl_kea_rsa)), + client_(new TlsAgent(TlsAgent::kClient, TlsAgent::CLIENT, mode_)), + server_(new TlsAgent(TlsAgent::kServerRsa, TlsAgent::SERVER, mode_)), version_(version), expected_resumption_mode_(RESUME_NONE), session_ids_(), @@ -164,24 +164,22 @@ void TlsConnectTestBase::Init() { } } -void TlsConnectTestBase::Reset(const std::string& server_name, SSLKEAType kea) { +void TlsConnectTestBase::Reset() { + // Take a copy of the name because it's about to disappear. + std::string name = server_->name(); + Reset(name); +} + +void TlsConnectTestBase::Reset(const std::string& server_name) { delete client_; delete server_; - client_ = new TlsAgent("client", TlsAgent::CLIENT, mode_, kea); - server_ = new TlsAgent(server_name, TlsAgent::SERVER, mode_, kea); + client_ = new TlsAgent(TlsAgent::kClient, TlsAgent::CLIENT, mode_); + server_ = new TlsAgent(server_name, TlsAgent::SERVER, mode_); Init(); } -void TlsConnectTestBase::ResetRsa() { - Reset("server", ssl_kea_rsa); -} - -void TlsConnectTestBase::ResetEcdsa() { - Reset("ecdsa", ssl_kea_ecdh); -} - void TlsConnectTestBase::ExpectResumption(SessionResumptionMode expected) { expected_resumption_mode_ = expected; if (expected != RESUME_NONE) { @@ -219,6 +217,23 @@ void TlsConnectTestBase::Connect() { CheckConnected(); } +void TlsConnectTestBase::ConnectWithCipherSuite(uint16_t cipher_suite) +{ + EnsureTlsSetup(); + client_->EnableSingleCipher(cipher_suite); + + Connect(); + SendReceive(); + + // Check that we used the right cipher suite. + uint16_t actual; + EXPECT_TRUE(client_->cipher_suite(&actual)); + EXPECT_EQ(cipher_suite, actual); + EXPECT_TRUE(server_->cipher_suite(&actual)); + EXPECT_EQ(cipher_suite, actual); +} + + void TlsConnectTestBase::CheckConnected() { // Check the version is as expected EXPECT_EQ(client_->version(), server_->version()); @@ -291,6 +306,13 @@ void TlsConnectTestBase::DisableDheAndEcdheCiphers() { DisableEcdheCiphers(); } +void TlsConnectTestBase::EnableSomeEcdhCiphers() { + client_->EnableCiphersByAuthType(ssl_auth_ecdh_rsa); + client_->EnableCiphersByAuthType(ssl_auth_ecdh_ecdsa); + server_->EnableCiphersByAuthType(ssl_auth_ecdh_rsa); + server_->EnableCiphersByAuthType(ssl_auth_ecdh_ecdsa); +} + void TlsConnectTestBase::ConfigureSessionCache(SessionResumptionMode client, SessionResumptionMode server) { client_->ConfigureSessionCache(client); diff --git a/external_tests/ssl_gtest/tls_connect.h b/external_tests/ssl_gtest/tls_connect.h index ab9a5dc8b..98645aada 100644 --- a/external_tests/ssl_gtest/tls_connect.h +++ b/external_tests/ssl_gtest/tls_connect.h @@ -50,13 +50,12 @@ class TlsConnectTestBase : public ::testing::Test { void ClearStats(); // Clear the server session cache. void ClearServerCache(); - // Re-initialize client and server with the default RSA cert. - void ResetRsa(); - // Re-initialize client and server with an ECDSA cert on the server - // and some ECDHE suites. - void ResetEcdsa(); // Make sure TLS is configured for a connection. void EnsureTlsSetup(); + // Reset + void Reset(); + // Reset, and update the server name + void Reset(const std::string& server_name); // Run the handshake. void Handshake(); @@ -66,7 +65,8 @@ class TlsConnectTestBase : public ::testing::Test { void CheckConnected(); // Connect and expect it to fail. void ConnectExpectFail(); - void CheckKeys(SSLKEAType keyType, SSLAuthType authType) const; + void ConnectWithCipherSuite(uint16_t cipher_suite); + void CheckKeys(SSLKEAType akeyType, SSLAuthType authType) const; void SetExpectedVersion(uint16_t version); // Expect resumption of a particular type. @@ -74,6 +74,7 @@ class TlsConnectTestBase : public ::testing::Test { void DisableDheAndEcdheCiphers(); void DisableDheCiphers(); void DisableEcdheCiphers(); + void EnableSomeEcdhCiphers(); void EnableExtendedMasterSecret(); void ConfigureSessionCache(SessionResumptionMode client, SessionResumptionMode server); @@ -93,7 +94,6 @@ class TlsConnectTestBase : public ::testing::Test { std::vector<std::vector<uint8_t>> session_ids_; private: - void Reset(const std::string& server_name, SSLKEAType kea); void CheckResumption(SessionResumptionMode expected); void CheckExtendedMasterSecret(); diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 11f61820c..18f3ae477 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -3904,23 +3904,21 @@ ssl3_GetPrfHashMechanism(sslSocket *ss) return prf_alg; } -PRUint8 +SSLHashType ssl3_GetSuiteHashAlg(sslSocket *ss) { - SECOidData *hashOid = - SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); - if (hashOid == NULL) { - return -1; /* err set by AppendHandshake. */ + switch (ss->ssl3.hs.suite_def->prf_alg) { + case prf_sha384: + return ssl_hash_sha384; + case prf_sha256: + return ssl_hash_sha256; + default: + return (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) + ? ssl_hash_none + : ssl_hash_sha256; + return ssl_hash_sha256; } - - if (hashOid->offset == SEC_OID_SHA256) { - return ssl_hash_sha256; - } else if (hashOid->offset == SEC_OID_SHA384) { - return ssl_hash_sha384; - } - PORT_Assert(hashOid->offset == SEC_OID_SHA256 || - hashOid->offset == SEC_OID_SHA384); - return -1; /* err set by AppendHandshake. */ + return 0; /* it will never get here */ } /* This method completes the derivation of the MS from the PMS. @@ -4366,21 +4364,17 @@ ssl3_InitHandshakeHashes(sslSocket *ss) PORT_Assert(!ss->ssl3.hs.sha_obj && !ss->ssl3.hs.sha_clone); if (ss->version >= SSL_LIBRARY_VERSION_TLS_1_2) { /* we support ciphersuites where the PRF hash isn't SHA-256 */ - HASH_HashType ht; - CK_MECHANISM_TYPE hm; - SECOidTag ot; - SECOidData *hashOid; - - hm = ssl3_GetPrfHashMechanism(ss); - hashOid = SECOID_FindOIDByMechanism(hm); + const SECOidData *hashOid = + SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); if (hashOid == NULL) { + PORT_Assert(hashOid == NULL); ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); return SECFailure; } - ot = hashOid->offset; - ht = HASH_GetHashTypeByOidTag(ot); - ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(ht); + + ss->ssl3.hs.sha_obj = HASH_GetRawHashObject( + HASH_GetHashTypeByOidTag(hashOid->offset)); if (!ss->ssl3.hs.sha_obj) { ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); return SECFailure; @@ -4408,7 +4402,6 @@ ssl3_InitHandshakeHashes(sslSocket *ss) const SECOidData *hash_oid = SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); - PORT_Assert(ss->ssl3.hs.suite_def); /* Get the PKCS #11 mechanism for the Hash from the cipher suite (prf_alg) * Convert that to the OidTag. We can then use that OidTag to create our * PK11Context */ @@ -4864,7 +4857,7 @@ ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, * * Note for reviewers: The above species * { ssl_hash_sha224, SEC_OID_SHA224 } as one of the entries - * in which I haven't included as not recommended for TLS 1.3 + * in which isn't included as not recommended for TLS 1.3 * https://tools.ietf.org/html/draft-ietf-tls-tls13-08 which * we plan to support. We still need to work this out, see * also Bug 1179338. @@ -4896,23 +4889,6 @@ ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc) return SEC_OID_UNKNOWN; } -/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm - * identifier. If the hash is not recognised, zero is returned. - * - * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -static int -ssl3_OIDToTLSHashAlgorithm(SECOidTag oid) -{ - unsigned int i; - - for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) { - if (oid == tlsHashOIDMap[i].oid) { - return tlsHashOIDMap[i].tlsHash; - } - } - return 0; -} - /* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm * identifier for a given KeyType. */ static SECStatus @@ -5231,15 +5207,7 @@ ssl3_ComputeHandshakeHashes(sslSocket *ss, rv = SECFailure; goto tls12_loser; } - hashes->hashAlg = ssl3_OIDToTLSHashAlgorithm(hashOid->offset); - PORT_Assert(hashes->hashAlg == ssl_hash_sha256 || - hashes->hashAlg == ssl_hash_sha384); - if (hashes->hashAlg != ssl_hash_sha256 && - hashes->hashAlg != ssl_hash_sha384) { - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); - rv = SECFailure; - goto tls12_loser; - } + rv = SECSuccess; tls12_loser: @@ -7710,16 +7678,6 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, PRBool supportsHandshakeHash = PR_FALSE; PRBool needBackupHash = PR_FALSE; unsigned int i; - SECOidData *hashOid = - SECOID_FindOIDByMechanism(ssl3_GetPrfHashMechanism(ss)); - - SSLHashType suitePRFHash; - PRBool suitePRFIs256Or384 = PR_FALSE; - - if (hashOid == NULL) { - rv = SECFailure; - goto done; - } #ifndef NO_PKCS11_BYPASS /* Backup handshake hash is not supported in PKCS #11 bypass mode. */ @@ -7736,12 +7694,14 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, goto done; } - if (hashOid->offset == SEC_OID_SHA256) { - suitePRFHash = ssl_hash_sha256; - suitePRFIs256Or384 = PR_TRUE; - } else if (hashOid->offset == SEC_OID_SHA384) { - suitePRFHash = ssl_hash_sha384; - suitePRFIs256Or384 = PR_TRUE; + switch (ss->ssl3.hs.suite_def->prf_alg) { + case prf_sha384: + case prf_sha256: + supportsHandshakeHash = PR_TRUE; + break; + default: + supportsHandshakeHash = PR_FALSE; + break; } /* Determine the server's hash support for that signature algorithm. */ @@ -7749,9 +7709,6 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, if (algorithms->data[i + 1] == sigAlg) { if (algorithms->data[i] == ssl_hash_sha1) { supportsSha1 = PR_TRUE; - } else if (suitePRFIs256Or384 && - algorithms->data[i] == suitePRFHash) { - supportsHandshakeHash = PR_TRUE; } } } |