Bug 1815167: Tolerate certificate_authorities xtn in ClientHello. r=mt,nss-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D169918
author: Dennis Jackson <djackson@mozilla.com> 2023-02-22 10:08:17 +0000
committer: Dennis Jackson <djackson@mozilla.com> 2023-02-22 10:08:17 +0000
commit: 21b01575d99ae1872b999683807ab5ae1b654cd9 (patch)
tree: 840d3091fed7c297469daf048d57e760d472a42e
parent: a785cec7d1c4abeb60ea1f521c2cdb4d3b2563fb (diff)
download: nss-hg-21b01575d99ae1872b999683807ab5ae1b654cd9.tar.gz
5 files changed, 31 insertions, 1 deletions
diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
index 1f115ea0f..0d7a77cfa 100644
--- a/gtests/ssl_gtest/ssl_extension_unittest.cc
+++ b/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -1440,6 +1440,24 @@ TEST_F(TlsConnectStreamTls13,
   PR_ASSERT(inequal >= 1);
 }
 
+// The certificate_authorities xtn can be included in a ClientHello [RFC 8446,
+// Section 4.2]
+TEST_F(TlsConnectStreamTls13, ClientHelloCertAuthXtnToleration) {
+  EnsureTlsSetup();
+  uint8_t bodyBuf[3] = {0x00,0x01,0xff};
+  DataBuffer body(bodyBuf,sizeof(bodyBuf));
+  auto ch = MakeTlsFilter<TlsExtensionAppender>(
+      client_, kTlsHandshakeClientHello, ssl_tls13_certificate_authorities_xtn,
+      body);
+  // The Connection will fail because the added extension isn't in the client's
+  // transcript  not because the extension is unsupported (Bug 1815167).
+  server_->ExpectSendAlert(bad_record_mac);
+  client_->ExpectSendAlert(bad_record_mac);
+  ConnectExpectFail();
+  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  client_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+}
+
 INSTANTIATE_TEST_SUITE_P(
     ExtensionStream, TlsExtensionTestGeneric,
     ::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
index de7523566..0bc7b955b 100644
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -45,6 +45,7 @@ static const ssl3ExtensionHandler clientHelloHandlers[] = {
     { ssl_app_layer_protocol_xtn, &ssl3_ServerHandleAppProtoXtn },
     { ssl_use_srtp_xtn, &ssl3_ServerHandleUseSRTPXtn },
     { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn },
+    { ssl_tls13_certificate_authorities_xtn, &tls13_ServerHandleCertAuthoritiesXtn },
     { ssl_signature_algorithms_xtn, &ssl3_HandleSigAlgsXtn },
     { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn },
     { ssl_signed_cert_timestamp_xtn, &ssl3_ServerHandleSignedCertTimestampXtn },
diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c
index 144731982..fbbc510f1 100644
--- a/lib/ssl/tls13con.c
+++ b/lib/ssl/tls13con.c
@@ -5654,7 +5654,7 @@ static const struct {
                                certificate) },
     { ssl_delegated_credentials_xtn, _M2(client_hello, certificate) },
     { ssl_tls13_cookie_xtn, _M2(client_hello, hello_retry_request) },
-    { ssl_tls13_certificate_authorities_xtn, _M1(certificate_request) },
+    { ssl_tls13_certificate_authorities_xtn, _M2(client_hello, certificate_request) },
     { ssl_tls13_supported_versions_xtn, _M3(client_hello, server_hello,
                                             hello_retry_request) },
     { ssl_record_size_limit_xtn, _M2(client_hello, encrypted_extensions) },
diff --git a/lib/ssl/tls13exthandle.c b/lib/ssl/tls13exthandle.c
index 4d24b37d6..4d8c711bd 100644
--- a/lib/ssl/tls13exthandle.c
+++ b/lib/ssl/tls13exthandle.c
@@ -1217,6 +1217,15 @@ loser:
 }
 
 SECStatus
+tls13_ServerHandleCertAuthoritiesXtn(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data)
+{
+    SSL_TRC(3, ("%d: TLS13[%d]: ignore certificate_authorities extension",
+                SSL_GETPID(), ss->fd));
+    /* NSS ignores certificate_authorities in the ClientHello */
+    return SECSuccess;
+}
+
+SECStatus
 tls13_ServerSendHrrKeyShareXtn(const sslSocket *ss, TLSExtensionData *xtnData,
                                sslBuffer *buf, PRBool *added)
 {
diff --git a/lib/ssl/tls13exthandle.h b/lib/ssl/tls13exthandle.h
index fb4a18965..e4247e295 100644
--- a/lib/ssl/tls13exthandle.h
+++ b/lib/ssl/tls13exthandle.h
@@ -75,6 +75,8 @@ SECStatus tls13_SendCertAuthoritiesXtn(const sslSocket *ss,
 SECStatus tls13_ClientHandleCertAuthoritiesXtn(const sslSocket *ss,
                                                TLSExtensionData *xtnData,
                                                SECItem *data);
+SECStatus tls13_ServerHandleCertAuthoritiesXtn(const sslSocket *ss, TLSExtensionData *xtnData, SECItem *data);
+
 SECStatus tls13_ServerHandleCookieXtn(const sslSocket *ss,
                                       TLSExtensionData *xtnData,
                                       SECItem *data);
author	Dennis Jackson <djackson@mozilla.com>	2023-02-22 10:08:17 +0000
committer	Dennis Jackson <djackson@mozilla.com>	2023-02-22 10:08:17 +0000
commit	21b01575d99ae1872b999683807ab5ae1b654cd9 (patch)
tree	840d3091fed7c297469daf048d57e760d472a42e
parent	a785cec7d1c4abeb60ea1f521c2cdb4d3b2563fb (diff)
download	nss-hg-21b01575d99ae1872b999683807ab5ae1b654cd9.tar.gz