Bug 1413634, If TLS server has no signature algorithm overlap with th…

…e client hello list, the NSS server sends an incorrect TLS alert, r=mt
sailfishos-mirror · Jan 18, 2018 · 11cb7fa · 11cb7fa
1 parent 2f59a06
commit 11cb7fa
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/gtests/ssl_gtest/ssl_extension_unittest.cc b/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -424,7 +424,16 @@ TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsEmpty) {
   const uint8_t val[] = {0x00, 0x00};
   DataBuffer extension(val, sizeof(val));
   ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
-      ssl_signature_algorithms_xtn, extension));
+                           ssl_signature_algorithms_xtn, extension),
+                       kTlsAlertHandshakeFailure);
+}
+
+TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsNoOverlap) {
+  const uint8_t val[] = {0x00, 0x02, 0xff, 0xff};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+                           ssl_signature_algorithms_xtn, extension),
+                       kTlsAlertHandshakeFailure);
 }
 
 TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmsOddLength) {

diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
@@ -8111,6 +8111,9 @@ ssl3_HandleClientHello(sslSocket *ss, PRUint8 *b, PRUint32 length)
     rv = ssl3_HandleParsedExtensions(ss, ssl_hs_client_hello);
     ssl3_DestroyRemoteExtensions(&ss->ssl3.hs.remoteExtensions);
     if (rv != SECSuccess) {
+        if (PORT_GetError() == SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM) {
+            errCode = SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM;
+        }
         goto loser; /* malformed */
     }
 

diff --git a/lib/ssl/ssl3exthandle.c b/lib/ssl/ssl3exthandle.c
@@ -1652,11 +1652,16 @@ ssl3_HandleSigAlgsXtn(const sslSocket *ss, TLSExtensionData *xtnData,
                                    &xtnData->sigSchemes,
                                    &xtnData->numSigSchemes,
                                    &data->data, &data->len);
-    if (rv != SECSuccess || xtnData->numSigSchemes == 0) {
+    if (rv != SECSuccess) {
         ssl3_ExtSendAlert(ss, alert_fatal, decode_error);
         PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO);
         return SECFailure;
     }
+    if (xtnData->numSigSchemes == 0) {
+        ssl3_ExtSendAlert(ss, alert_fatal, handshake_failure);
+        PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM);
+        return SECFailure;
+    }
     /* Check for trailing data. */
     if (data->len != 0) {
         ssl3_ExtSendAlert(ss, alert_fatal, decode_error);