Closed
Bug 1386475
Opened 7 years ago
Closed 7 years ago
Deliver 0-RTT before the handshake callback
Categories
(NSS :: Libraries, enhancement)
Tracking
(Not tracked)
RESOLVED
FIXED
3.33
People
(Reporter: mt, Assigned: mt)
Details
(Keywords: sec-moderate)
In discussion in the HTTP WG, Subodh identified a potential problem with the way that early data is delivered at the server side. If an attacker could coalesce early data with the handshake, then they might be able to cause the server to be confused about the status of the early data. In this case, if the packet is processed in a chunk, then the application might be able to see that the handshake is complete while it is processing the early data. Servers using NSS are vulnerable to this manipulation because any early data that arrives at the same time as the final handshake message will be delivered after receiving the handshake callback. The callback is called synchronously from the call to PR_Recv, but early data is only delivered on the next invocation of the function. More seriously, I discovered that if you coalesce early data, handshake, and 1-RTT data, then any 1-RTT data is delivered BEFORE the early data. This is because the early data is put aside and only delivered at the start of the call to ssl_SecureRecv, if the packet that is being processed contains 1-RTT data, then that will be delivered inline, with the early data being delivered on the next invocation. I have a patch for this that should fix the problem.
Updated•7 years ago
|
Group: crypto-core-security
Assignee | ||
Comment 1•7 years ago
|
||
https://nss-review.dev.mozaws.net/D392 The main question being whether a simpler solution can be found.
Updated•7 years ago
|
Keywords: sec-moderate
Assignee | ||
Comment 2•7 years ago
|
||
Trunk: https://hg.mozilla.org/projects/nss/rev/f4a9de53fe5a6c0ed6ba5290b5901c0c2eeb56ce Trunk-only test fix: https://hg.mozilla.org/projects/nss/rev/d50a14c51077c38506ea2304c315b39ed1b739e6 NSS_TLS13_DRAFT19_BRANCH: https://hg.mozilla.org/projects/nss/rev/0f34fb88edaab713e44977f5c33ff69a742c8da2
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.33
Updated•7 years ago
|
Group: crypto-core-security → core-security-release
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•