summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEKR <ekr@rtfm.com>2018-06-02 11:10:37 -0700
committerEKR <ekr@rtfm.com>2018-06-02 11:10:37 -0700
commit3a0f03d7d95453adf56a43caf0e0b893a1516467 (patch)
treea3715e608b383178e8ebbe0e077d3cd1aaa4d135
parent1ee76b91c89ce6e6166d3631e07d23e836e9dc26 (diff)
downloadnss-hg-3a0f03d7d95453adf56a43caf0e0b893a1516467.tar.gz
Bug 1466365 - Add a missing test for MAC failure. r=mt
Reviewers: mt Tags: #secure-revision Differential Revision: https://phabricator.services.mozilla.com/D1517
Diffstat
-rw-r--r--gtests/ssl_gtest/ssl_record_unittest.cc19
-rw-r--r--gtests/ssl_gtest/tls_filter.h16
2 files changed, 35 insertions, 0 deletions
diff --git a/gtests/ssl_gtest/ssl_record_unittest.cc b/gtests/ssl_gtest/ssl_record_unittest.cc
index 4c33c1936..53b11c61a 100644
--- a/gtests/ssl_gtest/ssl_record_unittest.cc
+++ b/gtests/ssl_gtest/ssl_record_unittest.cc
@@ -126,6 +126,25 @@ class RecordReplacer : public TlsRecordFilter {
size_t size_;
};
+TEST_P(TlsConnectStream, BadRecordMac) {
+ EnsureTlsSetup();
+ Connect();
+ client_->SetFilter(std::make_shared<TlsRecordLastByteDamager>(client_));
+ ExpectAlert(server_, kTlsAlertBadRecordMac);
+ client_->SendData(10);
+
+ // Read from the client, get error.
+ uint8_t buf[10];
+ PRInt32 rv = PR_Read(server_->ssl_fd(), buf, sizeof(buf));
+ EXPECT_GT(0, rv);
+ EXPECT_EQ(SSL_ERROR_BAD_MAC_READ, PORT_GetError());
+
+ // Read the server alert.
+ rv = PR_Read(client_->ssl_fd(), buf, sizeof(buf));
+ EXPECT_GT(0, rv);
+ EXPECT_EQ(SSL_ERROR_BAD_MAC_ALERT, PORT_GetError());
+}
+
TEST_F(TlsConnectStreamTls13, LargeRecord) {
EnsureTlsSetup();
diff --git a/gtests/ssl_gtest/tls_filter.h b/gtests/ssl_gtest/tls_filter.h
index 80c60b42f..effda4aa0 100644
--- a/gtests/ssl_gtest/tls_filter.h
+++ b/gtests/ssl_gtest/tls_filter.h
@@ -507,6 +507,22 @@ class TlsClientHelloVersionChanger : public TlsHandshakeFilter {
std::weak_ptr<TlsAgent> server_;
};
+// Damage a record.
+class TlsRecordLastByteDamager : public TlsRecordFilter {
+ public:
+ TlsRecordLastByteDamager(const std::shared_ptr<TlsAgent>& a)
+ : TlsRecordFilter(a) {}
+
+ protected:
+ PacketFilter::Action FilterRecord(const TlsRecordHeader& header,
+ const DataBuffer& data,
+ DataBuffer* changed) override {
+ *changed = data;
+ changed->data()[changed->len() - 1]++;
+ return CHANGE;
+ }
+};
+
// This class selectively drops complete writes. This relies on the fact that
// writes in libssl are on record boundaries.
class SelectiveDropFilter : public PacketFilter {
View Lorry Controller Status