diff options
author | Dennis Jackson <djackson@mozilla.com> | 2022-04-21 11:09:38 +0000 |
---|---|---|
committer | Dennis Jackson <djackson@mozilla.com> | 2022-04-21 11:09:38 +0000 |
commit | 9592ecb3971b6a46f4e79893b0ce1fd3602b57f5 (patch) | |
tree | 58d3de0658fd7931f9b299239276e17f026c0dc5 | |
parent | 095ec67cc8bdc8fee9709e8dd9fcc5983d920541 (diff) | |
download | nss-hg-9592ecb3971b6a46f4e79893b0ce1fd3602b57f5.tar.gz |
Bug 1763120 - Add ECH Grease Support to tstclnt r=nss-reviewers,jschanck
Differential Revision: https://phabricator.services.mozilla.com/D142942
-rw-r--r-- | cmd/tstclnt/tstclnt.c | 28 | ||||
-rw-r--r-- | lib/ssl/sslsock.c | 1 |
2 files changed, 27 insertions, 2 deletions
diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c index 8b9efa007..6d3359c03 100644 --- a/cmd/tstclnt/tstclnt.c +++ b/cmd/tstclnt/tstclnt.c @@ -233,6 +233,7 @@ PrintUsageHeader() " [-I groups] [-J signatureschemes]\n" " [-A requestfile] [-L totalconnections] [-P {client,server}]\n" " [-N echConfigs] [-Q] [-z externalPsk]\n" + " [-i echGreaseSize]\n" "\n", progName); } @@ -317,6 +318,7 @@ PrintParameterUsage() fprintf(stderr, "%-20s Use DTLS\n", "-P {client, server}"); fprintf(stderr, "%-20s Exit after handshake\n", "-Q"); fprintf(stderr, "%-20s Use Encrypted Client Hello with the given Base64-encoded ECHConfigs\n", "-N"); + fprintf(stderr, "%-20s Enable Encrypted Client Hello GREASEing with the given padding size (0-255) \n", "-i"); fprintf(stderr, "%-20s Enable post-handshake authentication\n" "%-20s for TLS 1.3; need to specify -n\n", "-E", ""); @@ -1013,6 +1015,7 @@ PRBool requestToExit = PR_FALSE; char *versionString = NULL; PRBool handshakeComplete = PR_FALSE; char *echConfigs = NULL; +PRUint16 echGreaseSize = 0; PRBool enablePostHandshakeAuth = PR_FALSE; PRBool enableDelegatedCredentials = PR_FALSE; const secuExporter *enabledExporters = NULL; @@ -1571,6 +1574,21 @@ run() } } + if (echGreaseSize) { + rv = SSL_EnableTls13GreaseEch(s, PR_TRUE); + if (rv != SECSuccess) { + SECU_PrintError(progName, "SSL_EnableTls13GreaseEch failed"); + error = 1; + goto done; + } + rv = SSL_SetTls13GreaseEchSize(s, echGreaseSize); + if (rv != SECSuccess) { + SECU_PrintError(progName, "SSL_SetTls13GreaseEchSize failed"); + error = 1; + goto done; + } + } + if (psk.data) { rv = importPsk(s); if (rv != SECSuccess) { @@ -1838,7 +1856,7 @@ main(int argc, char **argv) } optstate = PL_CreateOptState(argc, argv, - "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:efgh:m:n:op:qr:st:uvw:x:z:"); + "46A:BCDEFGHI:J:KL:M:N:OP:QR:STUV:W:X:YZa:bc:d:efgh:i:m:n:op:qr:st:uvw:x:z:"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -1927,6 +1945,14 @@ main(int argc, char **argv) echConfigs = PORT_Strdup(optstate->value); break; + case 'i': + echGreaseSize = PORT_Atoi(optstate->value); + if (!echGreaseSize || echGreaseSize > 255) { + fprintf(stderr, "ECH Grease size must be within 1..255 (inclusive).\n"); + exit(-1); + } + break; + case 'P': useDTLS = PR_TRUE; if (!strcmp(optstate->value, "server")) { diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index 6fc70500d..f8afb7627 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -4413,7 +4413,6 @@ SSLExp_SetTls13GreaseEchSize(PRFileDesc *fd, PRUint8 size) { sslSocket *ss = ssl_FindSocket(fd); if (!ss || size == 0) { - exit(-1); return SECFailure; } ssl_Get1stHandshakeLock(ss); |