Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1315455 - Constify sslSocket for extension processing. r=mt.
Summary:
Extension handlers now take a const sslSocket* and a non-const xtnData.

Things aren't entirely clean yet. I had to do two things:

- Write a series of ssl_Ext* thunks for things that have innocuous
  side effects in sslSocket like updating the transcript or
  encrypting stuff.

- Add a CONST_CAST macro for the few cases where it's clear we're
  having real side effects but they weren't simple to unwind.
  them. The macro makes them easy to find.

Test Plan: None

Differential Revision: https://nss-review.dev.mozaws.net/D17
  • Loading branch information
ekr committed Nov 7, 2016
1 parent 26e5254 commit 3019153
Show file tree
Hide file tree
Showing 15 changed files with 1,011 additions and 815 deletions.
10 changes: 5 additions & 5 deletions gtests/ssl_gtest/libssl_internals.c
Expand Up @@ -179,12 +179,12 @@ SECStatus SSLInt_Set0RttAlpn(PRFileDesc *fd, PRUint8 *data, unsigned int len) {
return SECFailure;
}

ss->ssl3.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
if (ss->ssl3.nextProto.data) {
SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
ss->xtnData.nextProtoState = SSL_NEXT_PROTO_EARLY_VALUE;
if (ss->xtnData.nextProto.data) {
SECITEM_FreeItem(&ss->xtnData.nextProto, PR_FALSE);
}
if (!SECITEM_AllocItem(NULL, &ss->ssl3.nextProto, len)) return SECFailure;
PORT_Memcpy(ss->ssl3.nextProto.data, data, len);
if (!SECITEM_AllocItem(NULL, &ss->xtnData.nextProto, len)) return SECFailure;
PORT_Memcpy(ss->xtnData.nextProto.data, data, len);

return SECSuccess;
}
Expand Down
37 changes: 37 additions & 0 deletions gtests/ssl_gtest/ssl_extension_unittest.cc
Expand Up @@ -154,6 +154,25 @@ class TlsExtensionTestBase : public TlsConnectTestBase {
extension->Write(3, namelen, 2);
extension->Write(5, reinterpret_cast<const uint8_t*>(name), namelen);
}

void HrrThenRemoveExtensionsTest(SSLExtensionType type, PRInt32 client_error,
PRInt32 server_error) {
static const std::vector<SSLNamedGroup> client_groups = {
ssl_grp_ec_secp384r1, ssl_grp_ec_curve25519};
static const std::vector<SSLNamedGroup> server_groups = {
ssl_grp_ec_curve25519, ssl_grp_ec_secp384r1};
client_->ConfigNamedGroups(client_groups);
server_->ConfigNamedGroups(server_groups);
EnsureTlsSetup();
client_->StartConnect();
server_->StartConnect();
client_->Handshake(); // Send ClientHello
server_->Handshake(); // Send HRR.
client_->SetPacketFilter(new TlsExtensionDropper(type));
Handshake();
client_->CheckErrorCode(client_error);
server_->CheckErrorCode(server_error);
}
};

class TlsExtensionTestDtls : public TlsExtensionTestBase,
Expand Down Expand Up @@ -772,6 +791,24 @@ TEST_P(TlsExtensionTest13, RemoveTls13FromVersionListBothV12) {
#endif
}

TEST_P(TlsExtensionTest13, HrrThenRemoveSignatureAlgorithms) {
HrrThenRemoveExtensionsTest(ssl_signature_algorithms_xtn,
SSL_ERROR_MISSING_EXTENSION_ALERT,
SSL_ERROR_MISSING_SIGNATURE_ALGORITHMS_EXTENSION);
}

TEST_P(TlsExtensionTest13, HrrThenRemoveKeyShare) {
HrrThenRemoveExtensionsTest(ssl_tls13_key_share_xtn,
SSL_ERROR_ILLEGAL_PARAMETER_ALERT,
SSL_ERROR_BAD_2ND_CLIENT_HELLO);
}

TEST_P(TlsExtensionTest13, HrrThenRemoveSupportedGroups) {
HrrThenRemoveExtensionsTest(ssl_supported_groups_xtn,
SSL_ERROR_MISSING_EXTENSION_ALERT,
SSL_ERROR_MISSING_SUPPORTED_GROUPS_EXTENSION);
}

TEST_P(TlsExtensionTest13, EmptyVersionList) {
static const uint8_t ext[] = {0x00, 0x00};
ConnectWithBogusVersionList(ext, sizeof(ext));
Expand Down

0 comments on commit 3019153

Please sign in to comment.