diff options
author | Leander Schwarz <lschwarz@mozilla.com> | 2022-05-17 10:44:16 +0000 |
---|---|---|
committer | Leander Schwarz <lschwarz@mozilla.com> | 2022-05-17 10:44:16 +0000 |
commit | b0fe7525df0feb7d1d007b238833f6a0d2ca7af0 (patch) | |
tree | 78a734a60bbb823f50569b218624e6ae298b5cc3 /lib/ssl | |
parent | 8a4c47577fc0faa85539f8d02c27f987d75d51e5 (diff) | |
download | nss-hg-b0fe7525df0feb7d1d007b238833f6a0d2ca7af0.tar.gz |
Bug 1764788 - Correct invalid record inner and outter content type alerts. r=djackson
Added test cases for alerts during and pre handshake as well as TLS 1.3 only after handshake (application data) cases due to unsupported de- and encryption of lower TLS version records in gtest.
Adjusted some test cases that expect failed connections to the updated alerts.
Differential Revision: https://phabricator.services.mozilla.com/D144029
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/ssl3con.c | 19 | ||||
-rw-r--r-- | lib/ssl/ssl3gthr.c | 10 | ||||
-rw-r--r-- | lib/ssl/tls13con.c | 9 |
3 files changed, 34 insertions, 4 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 27847f0f9..09d7f098b 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -13197,10 +13197,25 @@ ssl3_HandleNonApplicationData(sslSocket *ss, SSLContentType rType, } /* Fall through. */ default: + /* If a TLS implementation receives an unexpected record type, + * it MUST terminate the connection with an "unexpected_message" + * alert [RFC8446, Section 5]. + * + * For TLS 1.3 the outer content type is checked before in + * tls13con.c/tls13_UnprotectRecord(), + * For DTLS 1.3 the outer content type is checked before in + * ssl3gthr.c/dtls_GatherData. + * The inner content types will be checked here. + * + * In DTLS generally invalid records SHOULD be silently discarded, + * no alert is sent [RFC6347, Section 4.1.2.7]. + */ + if (!IS_DTLS(ss)) { + SSL3_SendAlert(ss, alert_fatal, unexpected_message); + } + PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE); SSL_DBG(("%d: SSL3[%d]: bogus content type=%d", SSL_GETPID(), ss->fd, rType)); - PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE); - ssl3_DecodeError(ss); rv = SECFailure; break; } diff --git a/lib/ssl/ssl3gthr.c b/lib/ssl/ssl3gthr.c index 101241f0a..08cbe7fd8 100644 --- a/lib/ssl/ssl3gthr.c +++ b/lib/ssl/ssl3gthr.c @@ -348,7 +348,15 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags) } else if (contentType == ssl_ct_application_data) { headerLen = 7; } else if (dtls_IsDtls13Ciphertext(ss->version, contentType)) { - /* We don't support CIDs. */ + /* We don't support CIDs. + * + * This condition is met on all invalid outer content types. + * For lower DTLS versions as well as the inner content types, + * this is checked in ssl3con.c/ssl3_HandleNonApplicationData(). + * + * In DTLS generally invalid records SHOULD be silently discarded, + * no alert is sent [RFC6347, Section 4.1.2.7]. + */ if (contentType & 0x10) { PORT_Assert(PR_FALSE); PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE); diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 8c54555d3..0188ac1d9 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -5817,7 +5817,14 @@ tls13_UnprotectRecord(sslSocket *ss, SSL_GETPID(), ss->fd, spec, spec->epoch, spec->phase, cText->seqNum, cText->buf->len)); - /* Verify that the content type is right. + /* Verify that the outer content type is right. + * + * For the inner content type as well as lower TLS versions this is checked + * in ssl3con.c/ssl3_HandleNonApllicationData(). + * + * For DTLS 1.3 this is checked in ssl3gthr.c/dtls_GatherData(). DTLS drops + * invalid records silently [RFC6347, Section 4.1.2.7]. + * * Also allow the DTLS short header in TLS 1.3. */ if (!(cText->hdr[0] == ssl_ct_application_data || (IS_DTLS(ss) && |