[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Thu Aug 9 09:56:48 UTC 2018 

The branch master has been updated
       via  9b287d53db2596a62fc0b94557d521a43f067e81 (commit)
       via  5df2206048d812c493d441701d55f75bdde2995d (commit)
      from  f460e8396f8cb1be1bbd6a8a22d7e24b80d8a607 (commit)


- Log -----------------------------------------------------------------
commit 9b287d53db2596a62fc0b94557d521a43f067e81
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Aug 8 15:29:33 2018 +0100

    Add a test for TLSv1.3 fallback
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6894)

commit 5df2206048d812c493d441701d55f75bdde2995d
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Aug 8 14:21:33 2018 +0100

    Improve fallback protection
    
    A client that has fallen back could detect an inappropriate fallback if
    the TLSv1.3 downgrade protection sentinels are present.
    
    Fixes #6756
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/6894)

-----------------------------------------------------------------------

Summary of changes:
 ssl/statem/statem_lib.c               |  3 +++
 test/recipes/70-test_tls13downgrade.t | 42 ++++++++++++++++++++++++++---------
 util/perl/TLSProxy/Message.pm         |  2 ++
 3 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 8a7d178..74a2ec1 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1914,6 +1914,9 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
         if (highver != 0 && s->version != vent->version)
             continue;
 
+        if (highver == 0 && (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) != 0)
+            highver = vent->version;
+
         method = vent->cmeth();
         err = ssl_method_error(s, method);
         if (err != 0) {
diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t
index dbf011c..cc5fb16 100644
--- a/test/recipes/70-test_tls13downgrade.t
+++ b/test/recipes/70-test_tls13downgrade.t
@@ -41,14 +41,15 @@ my $proxy = TLSProxy::Proxy->new(
 
 use constant {
     DOWNGRADE_TO_TLS_1_2 => 0,
-    DOWNGRADE_TO_TLS_1_1 => 1
+    DOWNGRADE_TO_TLS_1_1 => 1,
+    FALLBACK_FROM_TLS_1_3 => 2,
 };
 
 #Test 1: Downgrade from TLSv1.3 to TLSv1.2
 $proxy->filter(\&downgrade_filter);
 my $testtype = DOWNGRADE_TO_TLS_1_2;
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 3;
+plan tests => 4;
 ok(TLSProxy::Message->fail(), "Downgrade TLSv1.3 to TLSv1.2");
 
 #Test 2: Downgrade from TLSv1.3 to TLSv1.1
@@ -64,6 +65,18 @@ $proxy->serverflags("-no_tls1_3");
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Downgrade TLSv1.2 to TLSv1.1");
 
+#Test 4: Client falls back from TLSv1.3 (server does not support the fallback
+#        SCSV)
+$proxy->clear();
+$testtype = FALLBACK_FROM_TLS_1_3;
+$proxy->clientflags("-fallback_scsv -no_tls1_3");
+$proxy->start();
+my $alert = TLSProxy::Message->alert();
+ok(TLSProxy::Message->fail()
+   && !$alert->server()
+   && $alert->description() == TLSProxy::Message::AL_DESC_ILLEGAL_PARAMETER,
+   "Fallback from TLSv1.3");
+
 sub downgrade_filter
 {
     my $proxy = shift;
@@ -76,18 +89,25 @@ sub downgrade_filter
     my $message = ${$proxy->message_list}[0];
 
     my $ext;
-    if ($testtype == DOWNGRADE_TO_TLS_1_2) {
-        $ext = pack "C3",
-            0x02, # Length
-            0x03, 0x03; #TLSv1.2
+    if ($testtype == FALLBACK_FROM_TLS_1_3) {
+        #The default ciphersuite we use for TLSv1.2 without any SCSV
+        my @ciphersuites = (TLSProxy::Message::CIPHER_RSA_WITH_AES_128_CBC_SHA);
+        $message->ciphersuite_len(2 * scalar @ciphersuites);
+        $message->ciphersuites(\@ciphersuites);
     } else {
-        $ext = pack "C3",
-            0x02, # Length
-            0x03, 0x02; #TLSv1.1
+        if ($testtype == DOWNGRADE_TO_TLS_1_2) {
+            $ext = pack "C3",
+                0x02, # Length
+                0x03, 0x03; #TLSv1.2
+        } else {
+            $ext = pack "C3",
+                0x02, # Length
+                0x03, 0x02; #TLSv1.1
+        }
+
+        $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext);
     }
 
-    $message->set_extension(TLSProxy::Message::EXT_SUPPORTED_VERSIONS, $ext);
-
     $message->repack();
 }
 
diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm
index 44952ad..dae6daa 100644
--- a/util/perl/TLSProxy/Message.pm
+++ b/util/perl/TLSProxy/Message.pm
@@ -41,6 +41,7 @@ use constant {
 use constant {
     AL_DESC_CLOSE_NOTIFY => 0,
     AL_DESC_UNEXPECTED_MESSAGE => 10,
+    AL_DESC_ILLEGAL_PARAMETER => 47,
     AL_DESC_NO_RENEGOTIATION => 100
 };
 
@@ -125,6 +126,7 @@ use constant {
 };
 
 use constant {
+    CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f,
     CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
     CIPHER_ADH_AES_128_SHA => 0x0034,
     CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,

More information about the openssl-commits mailing list