[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Wed Nov 2 23:32:07 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  717f4026d593119cf493b3c1e045462c540f4cb3 (commit)
       via  e4815a0bd2bcb00abea63f651284100028e3436c (commit)
       via  77cd04bd27397161faa4ad0b211727bfd97e6a67 (commit)
      from  bfca0515b6977cba7b50215fc6d7d88250c9ca38 (commit)


- Log -----------------------------------------------------------------
commit 717f4026d593119cf493b3c1e045462c540f4cb3
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 2 22:23:16 2016 +0000

    Add a CHANGES entry for the unrecognised record type change
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit ce95f3b724f71f42dd57af4a0a8e2f571deaf94d)

commit e4815a0bd2bcb00abea63f651284100028e3436c
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 2 09:41:37 2016 +0000

    Add a test for unrecognised record types
    
    We should fail if we receive an unrecognised record type
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 1f3e70a450364e3152973380ea4d3bb6694f3980)

commit 77cd04bd27397161faa4ad0b211727bfd97e6a67
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Nov 2 09:14:51 2016 +0000

    Fail if an unrecognised record type is received
    
    TLS1.0 and TLS1.1 say you SHOULD ignore unrecognised record types, but
    TLS 1.2 says you MUST send an unexpected message alert. We swap to the
    TLS 1.2 behaviour for all protocol versions to prevent issues where no
    progress is being made and the peer continually sends unrecognised record
    types, using up resources processing them.
    
    Issue reported by 郭志攀
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (cherry picked from commit 436a2a0179416d2cc22b678b63e50c2638384d5f)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                           |  6 ++++-
 ssl/record/rec_layer_s3.c         | 12 ++++------
 test/recipes/70-test_sslrecords.t | 48 ++++++++++++++++++++++++++++++++++++++-
 util/TLSProxy/Record.pm           |  6 +++--
 4 files changed, 61 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9fc2b99..b04cf9c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,11 @@
 
  Changes between 1.1.0b and 1.1.0c [xx XXX xxxx]
 
-  *)
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+     prevent issues where no progress is being made and the peer continually
+     sends unrecognised record types, using up resources processing them.
+     [Matt Caswell]
 
   *) Removed automatic addition of RPATH in shared libraries and executables,
      as this was a remainder from OpenSSL 1.0.x and isn't needed any more.
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 4535f89..28de7c3 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1463,14 +1463,12 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
     switch (SSL3_RECORD_get_type(rr)) {
     default:
         /*
-         * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give
-         * an unexpected message alert.
+         * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
+         * TLS 1.2 says you MUST send an unexpected message alert. We use the
+         * TLS 1.2 behaviour for all protocol versions to prevent issues where
+         * no progress is being made and the peer continually sends unrecognised
+         * record types, using up resources processing them.
          */
-        if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION) {
-            SSL3_RECORD_set_length(rr, 0);
-            SSL3_RECORD_set_read(rr);
-            goto start;
-        }
         al = SSL_AD_UNEXPECTED_MESSAGE;
         SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
         goto f_err;
diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
index d1c8d3a..d3702f2 100644
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -38,7 +38,11 @@ my $proxy = TLSProxy::Proxy->new(
 my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
 my $inject_recs_num = 1;
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 9;
+my $num_tests = 10;
+if (!disabled("tls1_1")) {
+    $num_tests++;
+}
+plan tests => $num_tests;
 ok(TLSProxy::Message->fail(), "Out of context empty records test");
 
 #Test 2: Injecting in context empty records should succeed
@@ -107,6 +111,23 @@ $sslv2testtype = ALERT_BEFORE_SSLV2;
 $proxy->clear();
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test");
+
+#Unregcognised record type tests
+
+#Test 10: Sending an unrecognised record type in TLS1.2 should fail
+$proxy->clear();
+$proxy->filter(\&add_unknown_record_type);
+$proxy->start();
+ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.2");
+
+#Test 11: Sending an unrecognised record type in TLS1.1 should fail
+if (!disabled("tls1_1")) {
+    $proxy->clear();
+    $proxy->clientflags("-tls1_1");
+    $proxy->start();
+    ok(TLSProxy::Message->fail(), "Unrecognised record type in TLS1.1");
+}
+
 sub add_empty_recs_filter
 {
     my $proxy = shift;
@@ -333,3 +354,28 @@ sub add_sslv2_filter
     }
 
 }
+
+sub add_unknown_record_type
+{
+    my $proxy = shift;
+
+    # We'll change a record after the initial version neg has taken place
+    if ($proxy->flight != 2) {
+        return;
+    }
+
+    my $lastrec = ${$proxy->record_list}[-1];
+    my $record = TLSProxy::Record->new(
+        2,
+        TLSProxy::Record::RT_UNKNOWN,
+        $lastrec->version(),
+        1,
+        0,
+        1,
+        1,
+        "X",
+        "X"
+    );
+
+    unshift @{$proxy->record_list}, $record;
+}
diff --git a/util/TLSProxy/Record.pm b/util/TLSProxy/Record.pm
index 423bad3..a75d8cd 100644
--- a/util/TLSProxy/Record.pm
+++ b/util/TLSProxy/Record.pm
@@ -22,14 +22,16 @@ use constant {
     RT_APPLICATION_DATA => 23,
     RT_HANDSHAKE => 22,
     RT_ALERT => 21,
-    RT_CCS => 20
+    RT_CCS => 20,
+    RT_UNKNOWN => 100
 };
 
 my %record_type = (
     RT_APPLICATION_DATA, "APPLICATION DATA",
     RT_HANDSHAKE, "HANDSHAKE",
     RT_ALERT, "ALERT",
-    RT_CCS, "CCS"
+    RT_CCS, "CCS",
+    RT_UNKNOWN, "UNKNOWN"
 );
 
 use constant {


More information about the openssl-commits mailing list