summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-25 23:08:37 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-25 23:08:37 +0200
commit42f8488a5f66d7c1e5324bd1755d7f693b16ee97 (patch)
tree54c7d2a62c4ea34b1250b5362c8e6f89d03f1a02 /security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
parent681c39a0ecc84fc918b2bec72cc69ad27d39903a (diff)
parent6c3f95480a191ce432ddfb2aa400a6d70c4884a8 (diff)
downloadUXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.tar
UXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.tar.gz
UXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.tar.lz
UXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.tar.xz
UXP-42f8488a5f66d7c1e5324bd1755d7f693b16ee97.zip
Merge branch 'master' into Basilisk-releasev2018.04.26
Diffstat (limited to 'security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc')
-rw-r--r--security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc24
1 files changed, 20 insertions, 4 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
index d1668b823..69fd00331 100644
--- a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -29,7 +29,8 @@ TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_3);
- StartConnect();
+ server_->StartConnect();
+ client_->StartConnect();
client_->Handshake();
server_->Handshake();
std::cerr << "Damaging HS secret" << std::endl;
@@ -50,12 +51,16 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
SSL_LIBRARY_VERSION_TLS_1_3);
server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
SSL_LIBRARY_VERSION_TLS_1_3);
+ client_->ExpectSendAlert(kTlsAlertDecryptError);
+ // The server can't read the client's alert, so it also sends an alert.
+ server_->ExpectSendAlert(kTlsAlertBadRecordMac);
server_->SetPacketFilter(std::make_shared<AfterRecordN>(
server_, client_,
0, // ServerHello.
[this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); }));
- ConnectExpectAlert(client_, kTlsAlertDecryptError);
+ ConnectExpectFail();
client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
+ server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
}
TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
@@ -74,7 +79,16 @@ TEST_P(TlsConnectTls13, DamageServerSignature) {
auto filter =
std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
server_->SetTlsRecordFilter(filter);
- ConnectExpectAlert(client_, kTlsAlertDecryptError);
+ filter->EnableDecryption();
+ client_->ExpectSendAlert(kTlsAlertDecryptError);
+ // The server can't read the client's alert, so it also sends an alert.
+ if (variant_ == ssl_variant_stream) {
+ server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+ ConnectExpectFail();
+ server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+ } else {
+ ConnectExpectFailOneSide(TlsAgent::CLIENT);
+ }
client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
}
@@ -86,9 +100,11 @@ TEST_P(TlsConnectGeneric, DamageClientSignature) {
std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
client_->SetTlsRecordFilter(filter);
server_->ExpectSendAlert(kTlsAlertDecryptError);
+ filter->EnableDecryption();
// Do these handshakes by hand to avoid race condition on
// the client processing the server's alert.
- StartConnect();
+ client_->StartConnect();
+ server_->StartConnect();
client_->Handshake();
server_->Handshake();
client_->Handshake();
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 14:33:00 +0000