diff options
| author | Martin Thomson <martin.thomson@gmail.com> | 2017-11-20 21:20:00 +1100 |
|---|---|---|
| committer | Martin Thomson <martin.thomson@gmail.com> | 2017-11-20 21:20:00 +1100 |
| commit | f415f902eac3ee4dfb678079ffd8a073fc80646a (patch) | |
| tree | 23b16fc3fe62e016cc2c6ec58575c03f6200a964 | |
| parent | 1ed84672937a2e2d8c1d28568a22337ec6561809 (diff) | |
| download | nss-hg-f415f902eac3ee4dfb678079ffd8a073fc80646a.tar.gz | |
Bug 1418943 - Properly handle absent cookie on second ClientHello, r=ekr
| -rw-r--r-- | gtests/ssl_gtest/ssl_hrr_unittest.cc | 14 | ||||
| -rw-r--r-- | lib/ssl/SSLerrs.h | 3 | ||||
| -rw-r--r-- | lib/ssl/sslerr.h | 1 | ||||
| -rw-r--r-- | lib/ssl/tls13con.c | 7 |
4 files changed, 24 insertions, 1 deletions
diff --git a/gtests/ssl_gtest/ssl_hrr_unittest.cc b/gtests/ssl_gtest/ssl_hrr_unittest.cc index 844e08c48..2251584c1 100644 --- a/gtests/ssl_gtest/ssl_hrr_unittest.cc +++ b/gtests/ssl_gtest/ssl_hrr_unittest.cc @@ -595,6 +595,20 @@ TEST_P(TlsConnectTls13, RetryStateless) { SendReceive(); } +TEST_P(TlsConnectTls13, RetryStatefulDropCookie) { + ConfigureSelfEncrypt(); + EnsureTlsSetup(); + + TriggerHelloRetryRequest(client_, server_); + client_->SetPacketFilter( + std::make_shared<TlsExtensionDropper>(ssl_tls13_cookie_xtn)); + + ExpectAlert(server_, kTlsAlertMissingExtension); + Handshake(); + client_->CheckErrorCode(SSL_ERROR_MISSING_EXTENSION_ALERT); + server_->CheckErrorCode(SSL_ERROR_MISSING_COOKIE_EXTENSION); +} + // Stream only because DTLS drops bad packets. TEST_F(TlsConnectStreamTls13, RetryStatelessDamageFirstClientHello) { ConfigureSelfEncrypt(); diff --git a/lib/ssl/SSLerrs.h b/lib/ssl/SSLerrs.h index e93025aa7..160204201 100644 --- a/lib/ssl/SSLerrs.h +++ b/lib/ssl/SSLerrs.h @@ -528,3 +528,6 @@ ER3(SSL_ERROR_APP_CALLBACK_ERROR, (SSL_ERROR_BASE + 166), ER3(SSL_ERROR_NO_TIMERS_ERROR, (SSL_ERROR_BASE + 167), "No timers are currently running.") + +ER3(SSL_ERROR_MISSING_COOKIE_EXTENSION, (SSL_ERROR_BASE + 168), + "A second ClientHello was received without a cookie extension.") diff --git a/lib/ssl/sslerr.h b/lib/ssl/sslerr.h index 275905a42..00e580ab3 100644 --- a/lib/ssl/sslerr.h +++ b/lib/ssl/sslerr.h @@ -255,6 +255,7 @@ typedef enum { SSL_ERROR_APPLICATION_ABORT = (SSL_ERROR_BASE + 165), SSL_ERROR_APP_CALLBACK_ERROR = (SSL_ERROR_BASE + 166), SSL_ERROR_NO_TIMERS_FOUND = (SSL_ERROR_BASE + 167), + SSL_ERROR_MISSING_COOKIE_EXTENSION = (SSL_ERROR_BASE + 168), SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 7a7134416..18a330eba 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -1375,7 +1375,12 @@ tls13_HandleClientHelloPart2(sslSocket *ss, ssl_ReleaseSpecWriteLock(ss); } - PORT_Assert(ss->xtnData.cookie.len); + if (!ssl3_ExtensionNegotiated(ss, ssl_tls13_cookie_xtn) || + !ss->xtnData.cookie.len) { + FATAL_ERROR(ss, SSL_ERROR_MISSING_COOKIE_EXTENSION, + missing_extension); + goto loser; + } PRINT_BUF(50, (ss, "Client sent cookie", ss->xtnData.cookie.data, ss->xtnData.cookie.len)); |