diff options
author | Leander Schwarz <lschwarz@mozilla.com> | 2022-03-22 14:12:38 +0000 |
---|---|---|
committer | Leander Schwarz <lschwarz@mozilla.com> | 2022-03-22 14:12:38 +0000 |
commit | 6101439d8c7597f4c9490c013265928d280b1276 (patch) | |
tree | 3a2cd4a53067974e69a427518d53eefced27a2e6 /gtests/ssl_gtest | |
parent | 2f49143ece2fb815d0b3a043b4b1c0035f4f519a (diff) | |
download | nss-hg-6101439d8c7597f4c9490c013265928d280b1276.tar.gz |
Bug 1755264 - TLS 1.3 Illegal legacy_version handling/alerts. r=djackson
Differential Revision: https://phabricator.services.mozilla.com/D138647
Diffstat (limited to 'gtests/ssl_gtest')
-rw-r--r-- | gtests/ssl_gtest/ssl_version_unittest.cc | 13 | ||||
-rw-r--r-- | gtests/ssl_gtest/tls_filter.cc | 8 | ||||
-rw-r--r-- | gtests/ssl_gtest/tls_filter.h | 15 |
3 files changed, 35 insertions, 1 deletions
diff --git a/gtests/ssl_gtest/ssl_version_unittest.cc b/gtests/ssl_gtest/ssl_version_unittest.cc index 7fc59d2c2..275972a39 100644 --- a/gtests/ssl_gtest/ssl_version_unittest.cc +++ b/gtests/ssl_gtest/ssl_version_unittest.cc @@ -329,13 +329,24 @@ TEST_F(TlsConnectStreamTls13, Tls14ClientHelloWithSupportedVersions) { ASSERT_LT(static_cast<uint32_t>(SSL_LIBRARY_VERSION_TLS_1_2), version); } -// Offer 1.3 but with ClientHello.legacy_version == SSL 3.0. This +// Offer 1.3 but with Server/ClientHello.legacy_version == SSL 3.0. This // causes a protocol version alert. See RFC 8446 Appendix D.5. TEST_F(TlsConnectStreamTls13, Ssl30ClientHelloWithSupportedVersions) { MakeTlsFilter<TlsClientHelloVersionSetter>(client_, SSL_LIBRARY_VERSION_3_0); ConnectExpectAlert(server_, kTlsAlertProtocolVersion); } +TEST_F(TlsConnectStreamTls13, Ssl30ServerHelloWithSupportedVersions) { + MakeTlsFilter<TlsServerHelloVersionSetter>(server_, SSL_LIBRARY_VERSION_3_0); + StartConnect(); + client_->ExpectSendAlert(kTlsAlertProtocolVersion); + /* Since the handshake is not finished the client will send an unencrypted + * alert. The server is expected to close the connection with a unexpected + * message alert. */ + server_->ExpectSendAlert(kTlsAlertUnexpectedMessage); + Handshake(); +} + // Verify the client sends only DTLS versions in supported_versions TEST_F(DtlsConnectTest, DtlsSupportedVersionsEncoding) { client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, diff --git a/gtests/ssl_gtest/tls_filter.cc b/gtests/ssl_gtest/tls_filter.cc index d018ab5f6..02fc3a303 100644 --- a/gtests/ssl_gtest/tls_filter.cc +++ b/gtests/ssl_gtest/tls_filter.cc @@ -1207,6 +1207,14 @@ PacketFilter::Action TlsClientHelloVersionSetter::FilterHandshake( return CHANGE; } +PacketFilter::Action TlsServerHelloVersionSetter::FilterHandshake( + const HandshakeHeader& header, const DataBuffer& input, + DataBuffer* output) { + *output = input; + output->Write(0, version_, 2); + return CHANGE; +} + PacketFilter::Action SelectedCipherSuiteReplacer::FilterHandshake( const HandshakeHeader& header, const DataBuffer& input, DataBuffer* output) { diff --git a/gtests/ssl_gtest/tls_filter.h b/gtests/ssl_gtest/tls_filter.h index 1cf34508c..decf4eaa2 100644 --- a/gtests/ssl_gtest/tls_filter.h +++ b/gtests/ssl_gtest/tls_filter.h @@ -799,6 +799,21 @@ class TlsClientHelloVersionSetter : public TlsHandshakeFilter { uint16_t version_; }; +// Set the version number in the ServerHello. +class TlsServerHelloVersionSetter : public TlsHandshakeFilter { + public: + TlsServerHelloVersionSetter(const std::shared_ptr<TlsAgent>& a, + uint16_t version) + : TlsHandshakeFilter(a, {kTlsHandshakeServerHello}), version_(version) {} + + virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header, + const DataBuffer& input, + DataBuffer* output); + + private: + uint16_t version_; +}; + // Damages the last byte of a handshake message. class TlsLastByteDamager : public TlsHandshakeFilter { public: |