Closed Bug 1351314 Opened 7 years ago Closed 7 years ago

TLS exporter: reject contexts that are longer than 2^16

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mt, Assigned: kmckinley)

Details

(Keywords: good-first-bug)

Attachments

(1 file, 2 obsolete files)

Add a length check to conform to RFC 5705 and tests
6.07 KB, patch
Details | Diff | Splinter Review 
In TLS 1.2 and earlier, there is a size limit on the context that is passed to SSL_ExportKeyingMaterial.  We don't enforce this limit.
Assignee: nobody → kmckinley
Status: NEW → ASSIGNED

        Attachment #8865675 -
        Flags: review?(franziskuskiefer)

    
    

    
  
Comment on attachment 8865675 [details] [diff] [review]
Add a length check to conform to RFC 5705 and tests

Review of attachment 8865675 [details] [diff] [review]:
-----------------------------------------------------------------

You should be putting these up on phabricator.  https://nss-review.dev.mozaws.net/

::: gtests/ssl_gtest/ssl_exporter_unittest.cc
@@ +94,5 @@
> +  EXPECT_EQ(SECFailure,
> +            SSL_ExportKeyingMaterial(
> +                server->ssl_fd(), kExporterLabel, strlen(kExporterLabel),
> +                PR_TRUE, kExporterContextTooLong,
> +                sizeof(kExporterContextTooLong), server_value, sizeof(server_value)));

You need to check the value returned by PORT_GetError() as well.

@@ +110,5 @@
> +TEST_P(TlsConnectPre12, ExporterContextLengthTooLongPreTls12) {
> +  EnsureTlsSetup();
> +  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
> +  Connect();
> +  CheckKeys();

You shouldn't need to split this test into two, you are only doing that to get a different cipher suite, which is an unnecessary step.

::: lib/ssl/sslinfo.c
@@ +1,5 @@
>  /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
>  /* This Source Code Form is subject to the terms of the Mozilla Public
>   * License, v. 2.0. If a copy of the MPL was not distributed with this
>   * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
> +#include <limits.h>

NSPR has its own limits, which you should use here.  I know, crappy.

    
    

    
  


  
* Change limits.h/climits to stdint.h to compile on Windows
* Use TlsConnectGenericPre13
* clang-format

        Attachment #8865675 -
        Attachment is obsolete: true

        Attachment #8865675 -
        Flags: review?(franziskuskiefer)

        Attachment #8865686 -
        Flags: review?(franziskuskiefer)

    
    

    
  


  
Waiting for Phabricator access

        Attachment #8865686 -
        Attachment is obsolete: true

        Attachment #8865686 -
        Flags: review?(franziskuskiefer)

    
    

    
  
Comment on attachment 8865691 [details] [diff] [review]
Add a length check to conform to RFC 5705 and tests

Review of attachment 8865691 [details] [diff] [review]:
-----------------------------------------------------------------

::: gtests/ssl_gtest/ssl_exporter_unittest.cc
@@ +106,5 @@
> +  server_->EnableSingleCipher(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
> +  Connect();
> +  CheckKeys();
> +
> +  TooLongContextLengthShouldFail(client_, server_);

You can inline this when it's not used anywhere else.
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.31

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: