Update NSS to 3.38

- Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code.
author: wolfbeast <mcwerewolf@gmail.com> 2018-08-14 07:52:35 +0200
committer: wolfbeast <mcwerewolf@gmail.com> 2018-08-14 16:42:52 +0200
commit: ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch)
tree: 5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
parent: f44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff)
download: UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip
1 files changed, 19 insertions, 16 deletions
diff --git a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
index 0453dabdb..6965e9ca7 100644
--- a/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
+++ b/security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
@@ -19,9 +19,9 @@ namespace nss_test {
 
 class TlsExtensionTruncator : public TlsExtensionFilter {
  public:
-  TlsExtensionTruncator(const std::shared_ptr<TlsAgent>& agent,
-                        uint16_t extension, size_t length)
-      : TlsExtensionFilter(agent), extension_(extension), length_(length) {}
+  TlsExtensionTruncator(const std::shared_ptr<TlsAgent>& a, uint16_t extension,
+                        size_t length)
+      : TlsExtensionFilter(a), extension_(extension), length_(length) {}
   virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
                                                const DataBuffer& input,
                                                DataBuffer* output) {
@@ -43,9 +43,9 @@ class TlsExtensionTruncator : public TlsExtensionFilter {
 
 class TlsExtensionDamager : public TlsExtensionFilter {
  public:
-  TlsExtensionDamager(const std::shared_ptr<TlsAgent>& agent,
-                      uint16_t extension, size_t index)
-      : TlsExtensionFilter(agent), extension_(extension), index_(index) {}
+  TlsExtensionDamager(const std::shared_ptr<TlsAgent>& a, uint16_t extension,
+                      size_t index)
+      : TlsExtensionFilter(a), extension_(extension), index_(index) {}
   virtual PacketFilter::Action FilterExtension(uint16_t extension_type,
                                                const DataBuffer& input,
                                                DataBuffer* output) {
@@ -65,11 +65,9 @@ class TlsExtensionDamager : public TlsExtensionFilter {
 
 class TlsExtensionAppender : public TlsHandshakeFilter {
  public:
-  TlsExtensionAppender(const std::shared_ptr<TlsAgent>& agent,
+  TlsExtensionAppender(const std::shared_ptr<TlsAgent>& a,
                        uint8_t handshake_type, uint16_t ext, DataBuffer& data)
-      : TlsHandshakeFilter(agent, {handshake_type}),
-        extension_(ext),
-        data_(data) {}
+      : TlsHandshakeFilter(a, {handshake_type}), extension_(ext), data_(data) {}
 
   virtual PacketFilter::Action FilterHandshake(const HandshakeHeader& header,
                                                const DataBuffer& input,
@@ -323,7 +321,15 @@ TEST_P(TlsExtensionTestGeneric, AlpnMissingValue) {
 
 TEST_P(TlsExtensionTestGeneric, AlpnZeroLength) {
   EnableAlpn();
-  const uint8_t val[] = {0x01, 0x61, 0x00};
+  const uint8_t val[] = {0x00, 0x03, 0x01, 0x61, 0x00};
+  DataBuffer extension(val, sizeof(val));
+  ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
+      client_, ssl_app_layer_protocol_xtn, extension));
+}
+
+TEST_P(TlsExtensionTestGeneric, AlpnLengthOverflow) {
+  EnableAlpn();
+  const uint8_t val[] = {0x00, 0x03, 0x01, 0x61, 0x01};
   DataBuffer extension(val, sizeof(val));
   ClientHelloErrorTest(std::make_shared<TlsExtensionReplacer>(
       client_, ssl_app_layer_protocol_xtn, extension));
@@ -628,12 +634,9 @@ typedef std::function<void(TlsPreSharedKeyReplacer*)>
 
 class TlsPreSharedKeyReplacer : public TlsExtensionFilter {
  public:
-  TlsPreSharedKeyReplacer(const std::shared_ptr<TlsAgent>& agent,
+  TlsPreSharedKeyReplacer(const std::shared_ptr<TlsAgent>& a,
                           TlsPreSharedKeyReplacerFunc function)
-      : TlsExtensionFilter(agent),
-        identities_(),
-        binders_(),
-        function_(function) {}
+      : TlsExtensionFilter(a), identities_(), binders_(), function_(function) {}
 
   static size_t CopyAndMaybeReplace(TlsParser* parser, size_t size,
                                     const std::unique_ptr<DataBuffer>& replace,
author	wolfbeast <mcwerewolf@gmail.com>	2018-08-14 07:52:35 +0200
committer	wolfbeast <mcwerewolf@gmail.com>	2018-08-14 16:42:52 +0200
commit	ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch)
tree	5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/gtests/ssl_gtest/ssl_extension_unittest.cc
parent	f44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff)
download	UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip