Merge commit '50d3e596bbe89c95615f96eb71f6bc5be737a1db' into Basilisk-releasev2018.07.18

# Conflicts: # browser/app/profile/firefox.js # browser/components/preferences/jar.mn
author: wolfbeast <mcwerewolf@gmail.com> 2018-07-18 08:24:24 +0200
committer: wolfbeast <mcwerewolf@gmail.com> 2018-07-18 08:24:24 +0200
commit: fc61780b35af913801d72086456f493f63197da6 (patch)
tree: f85891288a7bd988da9f0f15ae64e5c63f00d493 /security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
parent: 69f7f9e5f1475891ce11cc4f431692f965b0cd30 (diff)
parent: 50d3e596bbe89c95615f96eb71f6bc5be737a1db (diff)
download: UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar
UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.gz
UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.lz
UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.xz
UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.zip
1 files changed, 15 insertions, 31 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
index 69fd00331..b8836d7fc 100644
--- a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -29,8 +29,7 @@ TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
                            SSL_LIBRARY_VERSION_TLS_1_3);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                            SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->StartConnect();
-  client_->StartConnect();
+  StartConnect();
   client_->Handshake();
   server_->Handshake();
   std::cerr << "Damaging HS secret" << std::endl;
@@ -51,23 +50,19 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
                            SSL_LIBRARY_VERSION_TLS_1_3);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                            SSL_LIBRARY_VERSION_TLS_1_3);
-  client_->ExpectSendAlert(kTlsAlertDecryptError);
-  // The server can't read the client's alert, so it also sends an alert.
-  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-  server_->SetPacketFilter(std::make_shared<AfterRecordN>(
+  MakeTlsFilter<AfterRecordN>(
       server_, client_,
       0,  // ServerHello.
-      [this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); }));
-  ConnectExpectFail();
+      [this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); });
+  ConnectExpectAlert(client_, kTlsAlertDecryptError);
   client_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
-  server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
 }
 
 TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
   EnsureTlsSetup();
-  auto filter =
-      std::make_shared<TlsLastByteDamager>(kTlsHandshakeServerKeyExchange);
-  server_->SetTlsRecordFilter(filter);
+  auto filter = MakeTlsFilter<TlsLastByteDamager>(
+      server_, kTlsHandshakeServerKeyExchange);
+  filter->EnableDecryption();
   ExpectAlert(client_, kTlsAlertDecryptError);
   ConnectExpectFail();
   client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
@@ -76,19 +71,10 @@ TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
 
 TEST_P(TlsConnectTls13, DamageServerSignature) {
   EnsureTlsSetup();
-  auto filter =
-      std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
-  server_->SetTlsRecordFilter(filter);
+  auto filter = MakeTlsFilter<TlsLastByteDamager>(
+      server_, kTlsHandshakeCertificateVerify);
   filter->EnableDecryption();
-  client_->ExpectSendAlert(kTlsAlertDecryptError);
-  // The server can't read the client's alert, so it also sends an alert.
-  if (variant_ == ssl_variant_stream) {
-    server_->ExpectSendAlert(kTlsAlertBadRecordMac);
-    ConnectExpectFail();
-    server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
-  } else {
-    ConnectExpectFailOneSide(TlsAgent::CLIENT);
-  }
+  ConnectExpectAlert(client_, kTlsAlertDecryptError);
   client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
 }
 
@@ -96,15 +82,13 @@ TEST_P(TlsConnectGeneric, DamageClientSignature) {
   EnsureTlsSetup();
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
-  auto filter =
-      std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
-  client_->SetTlsRecordFilter(filter);
-  server_->ExpectSendAlert(kTlsAlertDecryptError);
+  auto filter = MakeTlsFilter<TlsLastByteDamager>(
+      client_, kTlsHandshakeCertificateVerify);
   filter->EnableDecryption();
+  server_->ExpectSendAlert(kTlsAlertDecryptError);
   // Do these handshakes by hand to avoid race condition on
   // the client processing the server's alert.
-  client_->StartConnect();
-  server_->StartConnect();
+  StartConnect();
   client_->Handshake();
   server_->Handshake();
   client_->Handshake();
@@ -116,4 +100,4 @@ TEST_P(TlsConnectGeneric, DamageClientSignature) {
   server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
 }
 
-}  // namespace nspr_test
+}  // namespace nss_test
author	wolfbeast <mcwerewolf@gmail.com>	2018-07-18 08:24:24 +0200
committer	wolfbeast <mcwerewolf@gmail.com>	2018-07-18 08:24:24 +0200
commit	fc61780b35af913801d72086456f493f63197da6 (patch)
tree	f85891288a7bd988da9f0f15ae64e5c63f00d493 /security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
parent	69f7f9e5f1475891ce11cc4f431692f965b0cd30 (diff)
parent	50d3e596bbe89c95615f96eb71f6bc5be737a1db (diff)
download	UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.gz UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.lz UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.tar.xz UXP-9ccb235f04529c1ec345d87dad6521cb567d20bb.zip