Bug 1309054 - Don't attempt resumption if we don't have the right cip…

…her suite, r=ttaubert --HG-- extra : rebase_source : 5c86e46ec1c6f490189f0462081c6d9a54e89c7f extra : amend_source : 969163ab659140fc35c0be5d0e7e1ff754b56d32
sailfishos-mirror · Oct 12, 2016 · 8412b5b · 8412b5b
1 parent 93d191f
commit 8412b5b
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 11 deletions.
diff --git a/external_tests/ssl_gtest/ssl_resumption_unittest.cc b/external_tests/ssl_gtest/ssl_resumption_unittest.cc
@@ -350,8 +350,17 @@ TEST_P(TlsConnectGeneric, TestResumeClientDifferentCipher) {
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   ExpectResumption(RESUME_NONE);
   client_->EnableSingleCipher(ChooseAnotherCipher(version_));
+  uint16_t ticket_extension;
+  if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) {
+    ticket_extension = ssl_tls13_pre_shared_key_xtn;
+  } else {
+    ticket_extension = ssl_session_ticket_xtn;
+  }
+  auto ticket_capture = new TlsExtensionCapture(ticket_extension);
+  client_->SetPacketFilter(ticket_capture);
   Connect();
   CheckKeys(ssl_kea_ecdh, ssl_auth_rsa_sign);
+  EXPECT_EQ(0U, ticket_capture->extension().len());
 }
 
 // Test that we don't resume when we can't negotiate the same cipher.
@@ -411,7 +420,8 @@ TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
 
   Reset();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
-  server_->SetPacketFilter(new SelectedCipherSuiteReplacer(ChooseAnotherCipher(version_)));
+  server_->SetPacketFilter(
+      new SelectedCipherSuiteReplacer(ChooseAnotherCipher(version_)));
 
   ConnectExpectFail();
   client_->CheckErrorCode(SSL_ERROR_RX_MALFORMED_SERVER_HELLO);
@@ -427,6 +437,7 @@ TEST_P(TlsConnectStream, TestResumptionOverrideCipher) {
 class SelectedVersionReplacer : public TlsHandshakeFilter {
  public:
   SelectedVersionReplacer(uint16_t version) : version_(version) {}
+
  protected:
   PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                        const DataBuffer& input,
@@ -451,7 +462,7 @@ TEST_P(TlsConnectGenericPre13, TestResumptionOverrideVersion) {
   if (mode_ == STREAM) {
     switch (version_) {
       case SSL_LIBRARY_VERSION_TLS_1_0:
-        return; // Skip the test.
+        return;  // Skip the test.
       case SSL_LIBRARY_VERSION_TLS_1_1:
         override_version = SSL_LIBRARY_VERSION_TLS_1_0;
         break;
@@ -466,7 +477,7 @@ TEST_P(TlsConnectGenericPre13, TestResumptionOverrideVersion) {
       override_version = SSL_LIBRARY_VERSION_DTLS_1_0_WIRE;
     } else {
       ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, version_);
-      return; // Skip the test.
+      return;  // Skip the test.
     }
   }
 

diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
@@ -962,7 +962,7 @@ ssl3_config_match_init(sslSocket *ss)
  * enabled, has a certificate (as needed), has a viable key agreement method, is
  * usable with the negotiated TLS version, and is otherwise usable. */
 static PRBool
-config_match(ssl3CipherSuiteCfg *suite, int policy,
+config_match(const ssl3CipherSuiteCfg *suite, int policy,
              const SSLVersionRange *vrange, const sslSocket *ss)
 {
     const ssl3CipherSuiteDef *cipher_def;
@@ -4989,6 +4989,12 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
     ss->ssl3.hs.receivedNewSessionTicket = PR_FALSE;
     PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
 
+    /* How many suites does our PKCS11 support (regardless of policy)? */
+    num_suites = ssl3_config_match_init(ss);
+    if (!num_suites) {
+        return SECFailure; /* ssl3_config_match_init has set error code. */
+    }
+
     /*
      * During a renegotiation, ss->clientHelloVersion will be used again to
      * work around a Windows SChannel bug. Ensure that it is still enabled.
@@ -5022,7 +5028,18 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
      */
     if (sid) {
         PRBool sidOK = PR_TRUE;
-        if (sid->u.ssl3.keys.msIsWrapped) {
+        const ssl3CipherSuiteCfg *suite;
+
+        /* Check that the cipher suite we need is enabled. */
+        suite = ssl_LookupCipherSuiteCfg(sid->u.ssl3.cipherSuite,
+                                         ss->cipherSuites);
+        PORT_Assert(suite);
+        if (!suite || !config_match(suite, ss->ssl3.policy, &ss->vrange, ss)) {
+            sidOK = PR_FALSE;
+        }
+
+        /* Check that we can recover the master secret. */
+        if (sidOK && sid->u.ssl3.keys.msIsWrapped) {
             PK11SlotInfo *slot = NULL;
             if (sid->u.ssl3.masterValid) {
                 slot = SECMOD_LookupSlot(sid->u.ssl3.masterModuleID,
@@ -5148,11 +5165,6 @@ ssl3_SendClientHello(sslSocket *ss, sslClientHelloType type)
     }
     ss->sec.ci.sid = sid;
 
-    /* how many suites does our PKCS11 support (regardless of policy)? */
-    num_suites = ssl3_config_match_init(ss);
-    if (!num_suites)
-        return SECFailure; /* ssl3_config_match_init has set error code. */
-
     /* HACK for SCSV in SSL 3.0.  On initial handshake, prepend SCSV,
      * only if TLS is disabled.
      */
@@ -8513,7 +8525,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
         ss->sec.ci.sid = NULL;
     }
 
-
     if (sid != NULL) {
         /* We've found a session cache entry for this client.
          * Now, if we're going to require a client-auth cert,