Update NSS to 3.32.1-RTM

1 files changed, 61 insertions, 3 deletions

diff --git a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
index 9dadcbdf6..69fd00331 100644
--- a/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_damage_unittest.cc
@@ -33,12 +33,14 @@ TEST_F(TlsConnectTest, DamageSecretHandleClientFinished) {
   client_->StartConnect();
   client_->Handshake();
   server_->Handshake();
-  std::cerr << "Damaging HS secret\n";
+  std::cerr << "Damaging HS secret" << std::endl;
   SSLInt_DamageClientHsTrafficSecret(server_->ssl_fd());
   client_->Handshake();
-  server_->Handshake();
   // The client thinks it has connected.
   EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
+
+  ExpectAlert(server_, kTlsAlertDecryptError);
+  server_->Handshake();
   server_->CheckErrorCode(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
   client_->Handshake();
   client_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
@@ -49,7 +51,10 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
                            SSL_LIBRARY_VERSION_TLS_1_3);
   server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1,
                            SSL_LIBRARY_VERSION_TLS_1_3);
-  server_->SetPacketFilter(new AfterRecordN(
+  client_->ExpectSendAlert(kTlsAlertDecryptError);
+  // The server can't read the client's alert, so it also sends an alert.
+  server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+  server_->SetPacketFilter(std::make_shared<AfterRecordN>(
       server_, client_,
       0,  // ServerHello.
       [this]() { SSLInt_DamageServerHsTrafficSecret(client_->ssl_fd()); }));
@@ -58,4 +63,57 @@ TEST_F(TlsConnectTest, DamageSecretHandleServerFinished) {
   server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
 }
 
+TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
+  EnsureTlsSetup();
+  auto filter =
+      std::make_shared<TlsLastByteDamager>(kTlsHandshakeServerKeyExchange);
+  server_->SetTlsRecordFilter(filter);
+  ExpectAlert(client_, kTlsAlertDecryptError);
+  ConnectExpectFail();
+  client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+  server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
+}
+
+TEST_P(TlsConnectTls13, DamageServerSignature) {
+  EnsureTlsSetup();
+  auto filter =
+      std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
+  server_->SetTlsRecordFilter(filter);
+  filter->EnableDecryption();
+  client_->ExpectSendAlert(kTlsAlertDecryptError);
+  // The server can't read the client's alert, so it also sends an alert.
+  if (variant_ == ssl_variant_stream) {
+    server_->ExpectSendAlert(kTlsAlertBadRecordMac);
+    ConnectExpectFail();
+    server_->CheckErrorCode(SSL_ERROR_BAD_MAC_READ);
+  } else {
+    ConnectExpectFailOneSide(TlsAgent::CLIENT);
+  }
+  client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+}
+
+TEST_P(TlsConnectGeneric, DamageClientSignature) {
+  EnsureTlsSetup();
+  client_->SetupClientAuth();
+  server_->RequestClientAuth(true);
+  auto filter =
+      std::make_shared<TlsLastByteDamager>(kTlsHandshakeCertificateVerify);
+  client_->SetTlsRecordFilter(filter);
+  server_->ExpectSendAlert(kTlsAlertDecryptError);
+  filter->EnableDecryption();
+  // Do these handshakes by hand to avoid race condition on
+  // the client processing the server's alert.
+  client_->StartConnect();
+  server_->StartConnect();
+  client_->Handshake();
+  server_->Handshake();
+  client_->Handshake();
+  server_->Handshake();
+  EXPECT_EQ(version_ >= SSL_LIBRARY_VERSION_TLS_1_3
+                ? TlsAgent::STATE_CONNECTED
+                : TlsAgent::STATE_CONNECTING,
+            client_->state());
+  server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
+}
+
 }  // namespace nspr_test