diff options
author | Daiki Ueno <dueno@redhat.com> | 2019-09-23 14:55:05 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2019-09-23 14:55:05 +0200 |
commit | 5f3e723367fd59b942684c971e4204ace3dfa2d1 (patch) | |
tree | 23b3610ba962369024e46cbc8b28d35e33f4ff2e | |
parent | f15fce44c94b5f032aa652d14fa2bb37b59fc48c (diff) | |
download | nss-hg-5f3e723367fd59b942684c971e4204ace3dfa2d1.tar.gz |
Bug 1580286, account for IV size when checking TLS 1.2 records, r=mt
Summary:
This increases the limit of record expansion by 16 so that it doesn't
reject maximum block padding when HMAC-SHA384 is used.
To test this, tlsfuzzer is updated to the latest version
(commit 80d7932ead1d8dae6e555cfd2b1c4c5beb2847df).
Reviewers: mt
Reviewed By: mt
Bug #: 1580286
Differential Revision: https://phabricator.services.mozilla.com/D46760
-rw-r--r-- | gtests/ssl_gtest/ssl_recordsize_unittest.cc | 5 | ||||
-rw-r--r-- | lib/ssl/ssl3con.c | 5 | ||||
-rw-r--r-- | tests/tlsfuzzer/config.json.in | 20 | ||||
-rw-r--r-- | tests/tlsfuzzer/tlsfuzzer.sh | 6 |
4 files changed, 29 insertions, 7 deletions
diff --git a/gtests/ssl_gtest/ssl_recordsize_unittest.cc b/gtests/ssl_gtest/ssl_recordsize_unittest.cc index 566899420..f2003a358 100644 --- a/gtests/ssl_gtest/ssl_recordsize_unittest.cc +++ b/gtests/ssl_gtest/ssl_recordsize_unittest.cc @@ -230,14 +230,15 @@ TEST_P(TlsConnectTls13, RecordSizePlaintextExceed) { // Tweak the ciphertext of server records so that they greatly exceed the limit. // This requires a much larger expansion than for plaintext to trigger the -// guard, which runs before decryption (current allowance is 304 octets). +// guard, which runs before decryption (current allowance is 320 octets, +// see MAX_EXPANSION in ssl3con.c). TEST_P(TlsConnectTls13, RecordSizeCiphertextExceed) { EnsureTlsSetup(); client_->SetOption(SSL_RECORD_SIZE_LIMIT, 64); Connect(); - auto server_expand = MakeTlsFilter<TlsRecordExpander>(server_, 320); + auto server_expand = MakeTlsFilter<TlsRecordExpander>(server_, 336); server_->SendData(100); client_->ExpectReadWriteError(); diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index bac2f1e72..4646c94d3 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -12658,8 +12658,9 @@ ssl3_GetCipherSpec(sslSocket *ss, SSL3Ciphertext *cText) /* MAX_EXPANSION is the amount by which a record might plausibly be expanded * when protected. It's the worst case estimate, so the sum of block cipher - * padding (up to 256 octets) and HMAC (48 octets for SHA-384). */ -#define MAX_EXPANSION (256 + 48) + * padding (up to 256 octets), HMAC (48 octets for SHA-384), and IV (16 + * octets for AES). */ +#define MAX_EXPANSION (256 + 48 + 16) /* if cText is non-null, then decipher and check the MAC of the * SSL record from cText->buf (typically gs->inbuf) diff --git a/tests/tlsfuzzer/config.json.in b/tests/tlsfuzzer/config.json.in index 767734ca1..51d198c76 100644 --- a/tests/tlsfuzzer/config.json.in +++ b/tests/tlsfuzzer/config.json.in @@ -160,5 +160,25 @@ ] } ] + }, + { + "server_command": [ + "@SELFSERV@", "-w", "nss", "-d", "@SERVERDIR@", + "-V", "tls1.0:", "-H", "1", + "-n", "rsa", + "-c", ":C028", + "-p", "@PORT@" + ], + "server_hostname": "@HOSTADDR@", + "server_port": @PORT@, + "tests" : [ + { + "name" : "test-atypical-padding.py", + "arguments": [ + "-p", "@PORT@", + "2^14 bytes of AppData with 256 bytes of padding (SHA384)" + ] + } + ] } ] diff --git a/tests/tlsfuzzer/tlsfuzzer.sh b/tests/tlsfuzzer/tlsfuzzer.sh index ecc146c24..73dc6090b 100644 --- a/tests/tlsfuzzer/tlsfuzzer.sh +++ b/tests/tlsfuzzer/tlsfuzzer.sh @@ -44,11 +44,11 @@ tlsfuzzer_init() if [ ! -d "$TLSFUZZER" ]; then # Can't use git-copy.sh here, as tlsfuzzer doesn't have any tags git clone -q https://github.com/tomato42/tlsfuzzer/ "$TLSFUZZER" - git -C "$TLSFUZZER" checkout a40ce4085052a4da9a05f9149b835a76c194a0c6 + git -C "$TLSFUZZER" checkout 80d7932ead1d8dae6e555cfd2b1c4c5beb2847df # We could use tlslite-ng from pip, but the pip command installed # on TC is too old to support --pre - ${QADIR}/../fuzz/config/git-copy.sh https://github.com/tomato42/tlslite-ng/ v0.8.0-alpha18 tlslite-ng + ${QADIR}/../fuzz/config/git-copy.sh https://github.com/tomato42/tlslite-ng/ v0.8.0-alpha27 tlslite-ng pushd "$TLSFUZZER" ln -s ../tlslite-ng/tlslite tlslite @@ -99,7 +99,7 @@ tlsfuzzer_cleanup() tlsfuzzer_run_tests() { pushd "${HOSTDIR}/tlsfuzzer/${TLSFUZZER}" - PYTHONPATH=. python tests/scripts_retention.py config.json "${BINDIR}/selfserv" + PYTHONPATH=. python tests/scripts_retention.py config.json "${BINDIR}/selfserv" 512 html_msg $? 0 "tlsfuzzer" "Run successfully" popd } |