Commit ecfa56ea authored by Kai Engert's avatar Kai Engert

Backout revision b33b017eede5, bug 1432144, r=franziskus

parent 87f6d274
......@@ -518,7 +518,7 @@ TEST_P(TlsConnectTls13, SendTooMuchEarlyData) {
TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
EnsureTlsSetup();
size_t limit = 5;
const size_t limit = 5;
EXPECT_EQ(SECSuccess, SSL_SetMaxEarlyDataSize(server_->ssl_fd(), limit));
SetupForZeroRtt();
......@@ -548,9 +548,6 @@ TEST_P(TlsConnectTls13, ReceiveTooMuchEarlyData) {
server_->Handshake(); // This reads the early data and maybe throws an error.
if (variant_ == ssl_variant_stream) {
server_->CheckErrorCode(SSL_ERROR_TOO_MUCH_EARLY_DATA);
// We drop the SID when sending the alert such that max_early_data_size is 0
// here.
limit = 0;
} else {
EXPECT_EQ(TlsAgent::STATE_CONNECTING, server_->state());
}
......
......@@ -532,11 +532,6 @@ INSTANTIATE_TEST_CASE_P(
TlsConnectTestBase::kTlsV11V12));
INSTANTIATE_TEST_CASE_P(Pre13StreamOnly, TlsConnectStreamPre13,
TlsConnectTestBase::kTlsV10ToV12);
INSTANTIATE_TEST_CASE_P(
Pre13Stream, TlsConnectStreamResumptionPre13,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV10ToV12,
::testing::Values(true, false)));
INSTANTIATE_TEST_CASE_P(Version12Plus, TlsConnectTls12Plus,
::testing::Combine(TlsConnectTestBase::kTlsVariantsAll,
......
......@@ -1028,27 +1028,4 @@ TEST_P(TlsConnectGenericResumption, ConnectResumeClientAuth) {
SendReceive();
}
// Renegotiate a resumed session.
TEST_P(TlsConnectStreamResumptionPre13, ConnectResumeRenegotiateClient) {
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
Connect();
SendReceive();
Reset();
ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH);
ExpectResumption(RESUME_TICKET);
Connect();
// Disable resumption and prepare for renegotiation.
server_->ExpectResumption(false);
server_->PrepareForRenegotiate();
client_->ExpectResumption(false);
client_->StartRenegotiate();
Handshake();
// Don't CheckConnected its logic doesn't work in this case.
// It assumes a certain number of SIDs, resumed sessions, and cache
// hits/misses.
SendReceive();
}
} // namespace nss_test
......@@ -589,9 +589,7 @@ void TlsAgent::EnableFalseStart() {
SetOption(SSL_ENABLE_FALSE_START, PR_TRUE);
}
void TlsAgent::ExpectResumption(bool expected) {
expect_resumption_ = expected;
}
void TlsAgent::ExpectResumption() { expect_resumption_ = true; }
void TlsAgent::EnableAlpn(const uint8_t* val, size_t len) {
EXPECT_TRUE(EnsureTlsSetup());
......
......@@ -129,7 +129,7 @@ class TlsAgent : public PollTarget {
void SetServerKeyBits(uint16_t bits);
void ExpectReadWriteError();
void EnableFalseStart();
void ExpectResumption(bool expected = true);
void ExpectResumption();
void SkipVersionChecks();
void SetSignatureSchemes(const SSLSignatureScheme* schemes, size_t count);
void EnableAlpn(const uint8_t* val, size_t len);
......
......@@ -313,7 +313,6 @@ class TlsConnectDatagramPre13 : public TlsConnectDatagram {
// A variant that is used only with Pre13.
class TlsConnectGenericPre13 : public TlsConnectGeneric {};
class TlsConnectStreamResumptionPre13 : public TlsConnectGenericResumption {};
class TlsKeyExchangeTest : public TlsConnectGeneric {
protected:
......
This diff is collapsed.
......@@ -667,7 +667,6 @@ ssl3_EncodeSessionTicket(sslSocket *ss, const NewSessionTicket *ticket,
SECStatus rv;
sslBuffer plaintext = SSL_BUFFER_EMPTY;
SECItem ticket_buf = { 0, NULL, 0 };
/* This SID is NOT the one in ss and only used in this function. */
sslSessionID sid;
unsigned char wrapped_ms[SSL3_MASTER_SECRET_LENGTH];
SECItem ms_item = { 0, NULL, 0 };
......@@ -1156,13 +1155,15 @@ ssl_ParseSessionTicket(sslSocket *ss, const SECItem *decryptedTicket,
static SECStatus
ssl_CreateSIDFromTicket(sslSocket *ss, const SECItem *rawTicket,
SessionTicket *parsedTicket)
SessionTicket *parsedTicket, sslSessionID **out)
{
SECStatus rv = ssl3_NewSessionID(ss, PR_TRUE);
if (rv != SECSuccess) {
return rv;
sslSessionID *sid;
SECStatus rv;
sid = ssl3_NewSessionID(ss, PR_TRUE);
if (sid == NULL) {
return SECFailure;
}
sslSessionID *sid = ss->sec.ci.sid;
/* Copy over parameters. */
sid->version = parsedTicket->ssl_version;
......@@ -1226,10 +1227,11 @@ ssl_CreateSIDFromTicket(sslSocket *ss, const SECItem *rawTicket,
}
}
*out = sid;
return SECSuccess;
loser:
ssl_UncacheSessionID(ss);
ssl_FreeSID(sid);
return SECFailure;
}
......@@ -1240,9 +1242,15 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
{
SECItem decryptedTicket = { siBuffer, NULL, 0 };
SessionTicket parsedTicket;
sslSessionID *sid = NULL;
SECStatus rv;
ssl_UncacheSessionID(ss);
if (ss->sec.ci.sid != NULL) {
ssl_UncacheSessionID(ss);
ssl_FreeSID(ss->sec.ci.sid);
ss->sec.ci.sid = NULL;
}
if (!SECITEM_AllocItem(NULL, &decryptedTicket, ticket->len)) {
return SECFailure;
}
......@@ -1281,7 +1289,7 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
if (parsedTicket.timestamp + ssl_ticket_lifetime * PR_USEC_PER_SEC >
ssl_TimeUsec()) {
rv = ssl_CreateSIDFromTicket(ss, ticket, &parsedTicket);
rv = ssl_CreateSIDFromTicket(ss, ticket, &parsedTicket, &sid);
if (rv != SECSuccess) {
goto loser; /* code already set */
}
......@@ -1294,6 +1302,7 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
}
ss->statelessResume = PR_TRUE;
ss->sec.ci.sid = sid;
/* We have the baseline value for the obfuscated ticket age here. Save
* that in xtnData temporarily. This value is updated in
......@@ -1306,7 +1315,9 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, const SECItem *ticket,
return SECSuccess;
loser:
ssl_UncacheSessionID(ss);
if (sid) {
ssl_FreeSID(sid);
}
SECITEM_ZfreeItem(&decryptedTicket, PR_FALSE);
PORT_Memset(&parsedTicket, 0, sizeof(parsedTicket));
return SECFailure;
......
......@@ -119,6 +119,7 @@ ssl_CheckConfigSanity(sslSocket *ss)
SECStatus
ssl_BeginClientHandshake(sslSocket *ss)
{
sslSessionID *sid = NULL;
SECStatus rv;
PORT_Assert(ss->opt.noLocks || ssl_Have1stHandshakeLock(ss));
......@@ -154,16 +155,14 @@ ssl_BeginClientHandshake(sslSocket *ss)
SSL_TRC(3, ("%d: SSL[%d]: sending client-hello", SSL_GETPID(), ss->fd));
sslSessionID *sid = NULL;
/* If there's an sid set from an external cache, use it. */
if (ss->sec.ci.sid && ss->sec.ci.sid->cached == in_external_cache) {
sid = ss->sec.ci.sid;
SSL_TRC(3, ("%d: SSL[%d]: using external token", SSL_GETPID(), ss->fd));
} else if (!ss->opt.noCache) {
/* Try to find server in our session-id cache */
ssl_UncacheSessionID(ss);
ss->sec.ci.sid = sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port,
ss->peerID, ss->url);
sid = ssl_LookupSID(&ss->sec.ci.peer, ss->sec.ci.port, ss->peerID,
ss->url);
}
if (sid) {
......@@ -172,11 +171,12 @@ ssl_BeginClientHandshake(sslSocket *ss)
ss->sec.localCert = CERT_DupCertificate(sid->localCert);
} else {
ssl_UncacheSessionID(ss);
ssl_FreeSID(sid);
sid = NULL;
}
}
if (!sid) {
ss->sec.ci.sid = sid = PORT_ZNew(sslSessionID);
sid = PORT_ZNew(sslSessionID);
if (!sid) {
goto loser;
}
......@@ -191,6 +191,7 @@ ssl_BeginClientHandshake(sslSocket *ss)
sid->urlSvrName = PORT_Strdup(ss->url);
}
}
ss->sec.ci.sid = sid;
PORT_Assert(sid != NULL);
......
......@@ -1157,7 +1157,7 @@ extern int ssl_Do1stHandshake(sslSocket *ss);
extern SECStatus ssl3_InitPendingCipherSpecs(sslSocket *ss, PK11SymKey *secret,
PRBool derive);
extern SECStatus ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
extern sslSessionID *ssl3_NewSessionID(sslSocket *ss, PRBool is_server);
extern sslSessionID *ssl_LookupSID(const PRIPv6Addr *addr, PRUint16 port,
const char *peerID, const char *urlSvrName);
extern void ssl_FreeSID(sslSessionID *sid);
......@@ -1621,7 +1621,8 @@ PK11SymKey *ssl3_GetWrappingKey(sslSocket *ss,
PK11SlotInfo *masterSecretSlot,
CK_MECHANISM_TYPE masterWrapMech,
void *pwArg);
SECStatus ssl3_FillInCachedSID(sslSocket *ss, PK11SymKey *secret);
SECStatus ssl3_FillInCachedSID(sslSocket *ss, sslSessionID *sid,
PK11SymKey *secret);
const ssl3CipherSuiteDef *ssl_LookupCipherSuiteDef(ssl3CipherSuite suite);
SECStatus ssl3_SelectServerCert(sslSocket *ss);
SECStatus ssl_PickSignatureScheme(sslSocket *ss,
......
......@@ -1127,21 +1127,19 @@ ssl_CacheSessionID(sslSocket *ss)
void
ssl_UncacheSessionID(sslSocket *ss)
{
if (ss->opt.noCache) {
return;
}
sslSecurityInfo *sec = &ss->sec;
PORT_Assert(sec);
if (sec->ci.sid) {
if (!ss->opt.noCache) {
if (sec->isServer) {
ssl_ServerUncacheSessionID(sec->ci.sid);
} else if (!ss->resumptionTokenCallback) {
LockAndUncacheSID(sec->ci.sid);
}
if (sec->isServer) {
ssl_ServerUncacheSessionID(sec->ci.sid);
} else if (!ss->resumptionTokenCallback) {
LockAndUncacheSID(sec->ci.sid);
}
PORT_Assert(sec->ci.sid->references == 1);
ssl_FreeSID(sec->ci.sid);
sec->ci.sid = NULL;
}
}
......
......@@ -4040,13 +4040,13 @@ SSLExp_SetResumptionToken(PRFileDesc *fd, const PRUint8 *token,
PRINT_BUF(50, (ss, "incoming resumption token", token, len));
SECStatus rv = ssl3_NewSessionID(ss, PR_FALSE);
if (rv != SECSuccess) {
ss->sec.ci.sid = ssl3_NewSessionID(ss, PR_FALSE);
if (!ss->sec.ci.sid) {
goto done;
}
/* Populate NewSessionTicket values */
rv = ssl_DecodeResumptionToken(ss->sec.ci.sid, token, len);
SECStatus rv = ssl_DecodeResumptionToken(ss->sec.ci.sid, token, len);
if (rv != SECSuccess) {
// If decoding fails, we assume the token is bad.
PORT_SetError(SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR);
......@@ -4066,7 +4066,8 @@ SSLExp_SetResumptionToken(PRFileDesc *fd, const PRUint8 *token,
/* Use the sid->cached as marker that this is from an external cache and
* we don't have to look up anything in the NSS internal cache. */
ss->sec.ci.sid->cached = in_external_cache;
ss->sec.ci.sid->references = 1;
// This has to be 2 to not free this in sendClientHello.
ss->sec.ci.sid->references = 2;
ss->sec.ci.sid->lastAccessTime = ssl_TimeSec();
ssl_ReleaseSSL3HandshakeLock(ss);
......
This diff is collapsed.
......@@ -70,6 +70,7 @@ PRBool tls13_PskSuiteEnabled(sslSocket *ss);
SECStatus tls13_WriteExtensionsWithBinder(sslSocket *ss, sslBuffer *extensions);
SECStatus tls13_HandleClientHelloPart2(sslSocket *ss,
const SECItem *suites,
sslSessionID *sid,
const PRUint8 *msg,
unsigned int len);
SECStatus tls13_HandleServerHelloPart2(sslSocket *ss);
......@@ -98,12 +99,12 @@ SECStatus tls13_ProtectRecord(sslSocket *ss,
sslBuffer *wrBuf);
PRInt32 tls13_Read0RttData(sslSocket *ss, void *buf, PRInt32 len);
SECStatus tls13_HandleEarlyApplicationData(sslSocket *ss, sslBuffer *origBuf);
PRBool tls13_ClientAllow0Rtt(const sslSocket *ss);
PRBool tls13_ClientAllow0Rtt(const sslSocket *ss, const sslSessionID *sid);
PRUint16 tls13_EncodeDraftVersion(SSL3ProtocolVersion version);
SECStatus tls13_NegotiateVersion(sslSocket *ss,
const TLSExtension *supported_versions);
PRBool tls13_IsReplay(const sslSocket *ss);
PRBool tls13_IsReplay(const sslSocket *ss, const sslSessionID *sid);
void tls13_AntiReplayRollover(PRTime now);
SECStatus SSLExp_SetupAntiReplay(PRTime window, unsigned int k,
......
......@@ -627,7 +627,7 @@ SECStatus
tls13_ClientSendEarlyDataXtn(const sslSocket *ss, TLSExtensionData *xtnData,
sslBuffer *buf, PRBool *added)
{
if (!tls13_ClientAllow0Rtt(ss)) {
if (!tls13_ClientAllow0Rtt(ss, ss->sec.ci.sid)) {
return SECSuccess;
}
......
......@@ -188,17 +188,16 @@ tls13_AntiReplayUpdate()
}
PRBool
tls13_InWindow(const sslSocket *ss)
tls13_InWindow(const sslSocket *ss, const sslSessionID *sid)
{
PRInt32 timeDelta;
PORT_Assert(ss->sec.ci.sid);
/* Calculate the difference between the client's view of the age of the
* ticket (in |ss->xtnData.ticketAge|) and the server's view, which we now
* calculate. The result should be close to zero. timeDelta is signed to
* make the comparisons below easier. */
timeDelta = ss->xtnData.ticketAge -
((ssl_TimeUsec() - ss->sec.ci.sid->creationTime) / PR_USEC_PER_MSEC);
((ssl_TimeUsec() - sid->creationTime) / PR_USEC_PER_MSEC);
/* Only allow the time delta to be at most half of our window. This is
* symmetrical, though it doesn't need to be; this assumes that clock errors
......@@ -231,7 +230,7 @@ tls13_InWindow(const sslSocket *ss)
* replay. In that case, we reject 0-RTT unnecessarily, but that's OK because
* no client expects 0-RTT to work every time. */
PRBool
tls13_IsReplay(const sslSocket *ss)
tls13_IsReplay(const sslSocket *ss, const sslSessionID *sid)
{
PRBool replay;
unsigned int size;
......@@ -246,7 +245,7 @@ tls13_IsReplay(const sslSocket *ss)
return PR_TRUE;
}
if (!tls13_InWindow(ss)) {
if (!tls13_InWindow(ss, sid)) {
return PR_TRUE;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment