Bug 1725938 - Stricter ClientHelloInner Decompression. r=mt.

Decompression is now a linear scan, ensuring the same CHO extension
is never considered for inclusion more than once. The added tests
check that duplicate or out of order references are now rejected.

Differential Revision: https://phabricator.services.mozilla.com/D122752

1 files changed, 49 insertions, 0 deletions

diff --git a/gtests/ssl_gtest/tls_ech_unittest.cc b/gtests/ssl_gtest/tls_ech_unittest.cc
index 18a13a7ea..9fba03725 100644
--- a/gtests/ssl_gtest/tls_ech_unittest.cc
+++ b/gtests/ssl_gtest/tls_ech_unittest.cc
@@ -664,6 +664,55 @@ TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchOuterExtensionsReferencesMissing) {
                              SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
 }
 
+TEST_F(TlsConnectStreamTls13Ech,
+       DISABLED_EchOuterExtensionsDuplicateReference) {
+  // Construct this by altering tls13_ConstructInnerExtensionsFromOuter to have
+  // each extension inserted in the reference list twice.
+  std::string ch =
+      "01000200030369b46d6cba0a22f27e00a5628ce5f6994c1e7a43d607f94240d5eb27eb"
+      "1f49e7000006130113031302010001d100000010000e00000b7075626c69632e6e616d"
+      "65ff01000100000a00140012001d001700180019010001010102010301040033002600"
+      "24001d002094db7cc55ed53e48fea26fde806eac58f7b7f77f1ceab1d0ab07501f3794"
+      "f61d002b0003020304000d001800160403050306030203080408050806040105010601"
+      "0201002d00020101001c00024001001500a00000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000000000"
+      "000000fe0a009f000100034d00201318b6de21d1cc072bc26bce479673f771e3e5a733"
+      "c4d410b9d05ad5a1cdb7760076ea70b30ed792666bcf92ede1efcfb4858f4ac6e8d585"
+      "31fc61b258a7296582104cb20c528cf41c25634a55b32c47241a33518d534f338991d9"
+      "9d0a49895945e482dbd2b494d417cd628f7ed19fc09924517a1572d8f489d2fcfaead0"
+      "a0117adab128b3d94c9c2de029ff3bb993648bb8e71a897f1cf6";
+  ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
+                             SSL_ERROR_RX_MALFORMED_ECH_EXTENSION,
+                             SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
+TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchOuterExtensionsOutOfOrder) {
+  // Construct this by altering tls13_ConstructInnerExtensionsFromOuter to leave
+  // a gap at the start and insert a 'late' extension there.
+  std::string ch =
+      "010002000303227a0224693498ab1f9bca756d27c553abcb0a67baad3c7b559ab32b88"
+      "418bbd000006130113031302010001d100000010000e00000b7075626c69632e6e616d"
+      "65ff01000100000a00140012001d001700180019010001010102010301040033002600"
+      "24001d0020df340fea8734b753cc7e85001b12f0f88dd9a4316ed43a950eda67e6b458"
+      "7b3e002b0003020304000d001800160403050306030203080408050806040105010601"
+      "0201002d00020101001c00024001001500aa0000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000000000"
+      "0000000000000000000000000000000000000000000000000000000000000000000000"
+      "00000000000000000000000000fe0a0095000100034d0020ba5ca0878f38f6ddcb0aed"
+      "b34192fb01c57be80069d01c3a6d07a7c1858cf508006c9441018d2ec0e6f726a1c0df"
+      "6a1d6f41730c638c242ddb0fe62bd357ca27ad836feac022cbb971aaf871d5eecfa21d"
+      "a4f34df2ce19f8e80522c0a46b7cdacd6f696ffb3b02d23116817f0fba459aa04609cd"
+      "3521629ac1af3525cd766bed413d56e12a3efb96376abad3ae6c";
+  ReplayChWithMalformedInner(ch, kTlsAlertIllegalParameter,
+                             SSL_ERROR_RX_MALFORMED_ECH_EXTENSION,
+                             SSL_ERROR_ILLEGAL_PARAMETER_ALERT);
+}
+
 // Drop supported_versions from CHInner, make sure we don't negotiate 1.2+ECH.
 TEST_F(TlsConnectStreamTls13Ech, DISABLED_EchVersion12Inner) {
   // Construct this by removing ssl_tls13_supported_versions_xtn entirely.