Closed Bug 1394956 Opened 3 years ago Closed 3 years ago

interaction of HelloRetryRequest and SSL_SendAdditionalKeyShares

Categories

(NSS :: Libraries, enhancement, P2)

All
Unspecified
enhancement

Tracking

(Not tracked)

RESOLVED FIXED
Future

People

(Reporter: mcmanus, Assigned: mt)

Details

Attachments

(1 file, 1 obsolete file)

using NSS_TLS13_DRAFT19_BRANCH

client does SSL_SendAdditionalKeyShares(mFD, 2) and makes a client hello in the usual way

and then the server generates an HRR off the first ClientHello, using SSL_HelloRetryRequestCallback() and sets a cookie..

according the log, the client sees the cookie and generates a second ClientHello with it and (I believe) multiple keyshares again

a new server context parses the second client hello and throws SSL_ERROR_RX_MALFORMED_CLIENT_HELLO based on tls13_ServerHandleKeyShareXtn() "Check that the client only offered one share if this is after HRR."

...

omitting the SSL_SendAdditionalKeyShares() call seems to make it all work ok.
https://nss-review.dev.mozaws.net/D423 fixes this.  We needed to move that check.
Attachment #8904116 - Attachment is obsolete: true
Priority: -- → P2
Comment on attachment 8904139 [details]
Bug 1394956 - key_share after HelloRetryRequest can have multiple shares, r?ekr

Eric Rescorla (:ekr) has approved the revision.

https://phabricator.services.mozilla.com/D26#1420
Attachment #8904139 - Flags: review+
https://hg.mozilla.org/projects/nss/rev/3efb83875558adc1674dfa2ddba0a47f85979ed5
Assignee: nobody → martin.thomson
Status: NEW → RESOLVED
Closed: 3 years ago
Hardware: Unspecified → All
Resolution: --- → FIXED
Target Milestone: --- → Future
You need to log in before you can comment on or make changes to this bug.