diff options
author | Adam Langley <agl@google.com> | 2015-02-21 00:03:16 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-02-21 02:44:09 +0300 |
commit | 5f0efe06e199a1bd96f161eb45f3dd76924cdc2a (patch) | |
tree | 85e39dbf07a6d304a23b4765cf68a077e788ab5e | |
parent | 93531bd70f48bc63ad7d4aedf32d69c8095170bd (diff) |
Use SSL_MODE_SEND_FALLBACK_SCSV.
Upstream settled in this API, and it's also the one that we expect
internally and that third_party code will expect.
Change-Id: Id7af68cf0af1f2e4d9defd37bda2218d70e2aa7b
Reviewed-on: https://boringssl-review.googlesource.com/3542
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | include/openssl/ssl.h | 19 | ||||
-rw-r--r-- | ssl/s3_lib.c | 5 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 2 | ||||
-rw-r--r-- | ssl/test/bssl_shim.cc | 7 |
4 files changed, 14 insertions, 19 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 8a9d686f..0a01fd62 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -494,6 +494,16 @@ typedef struct timeval OPENSSL_timeval; * session resumption is used for a given SSL*. */ #define SSL_MODE_NO_SESSION_CREATION 0x00000200L +/* SSL_MODE_SEND_SERVERHELLO_TIME sends TLS_FALLBACK_SCSV in the ClientHello. + * To be set only by applications that reconnect with a downgraded protocol + * version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05 + * for details. + * + * DO NOT ENABLE THIS if your application attempts a normal handshake. Only use + * this in explicit fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-05. */ +#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L + /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they * cannot be used to clear bits. */ @@ -1328,10 +1338,6 @@ struct ssl_st { * 2 if we are a server and are inside a handshake * (i.e. not just sending a HelloRequest) */ - /* fallback_scsv is non-zero iff we are sending the TLS_FALLBACK_SCSV cipher - * suite value. Only applies to a client. */ - char fallback_scsv; - /* fastradio_padding, if true, causes ClientHellos to be padded to 1024 * bytes. This ensures that the cellular radio is fast forwarded to DCH (high * data rate) state in 3G networks. */ @@ -1618,8 +1624,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_GET_CHANNEL_ID 118 #define SSL_CTRL_SET_CHANNEL_ID 119 -#define SSL_CTRL_FALLBACK_SCSV 120 - /* DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a * timeout in progress, it sets |*((OPENSSL_timeval*)arg)| to the time remaining * and returns one. Otherwise, it returns zero. @@ -1796,9 +1800,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_get0_ec_point_formats(s, plst) \ SSL_ctrl(s, SSL_CTRL_GET_EC_POINT_FORMATS, 0, (char *)plst) -#define SSL_enable_fallback_scsv(s) \ - SSL_ctrl(s, SSL_CTRL_FALLBACK_SCSV, 0, NULL) - OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); OPENSSL_EXPORT int SSL_CTX_set_cipher_list_tls11(SSL_CTX *, const char *str); OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 700fbafa..72a02d4f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -967,11 +967,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64); return 64; - case SSL_CTRL_FALLBACK_SCSV: - s->fallback_scsv = 1; - ret = 1; - break; - default: break; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d070e82d..e81df08b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1411,7 +1411,7 @@ int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p) { s2n(SSL3_CK_SCSV & 0xffff, p); } - if (s->fallback_scsv) { + if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) { s2n(SSL3_CK_FALLBACK_SCSV & 0xffff, p); } diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc index 806c3cd7..24ce1f99 100644 --- a/ssl/test/bssl_shim.cc +++ b/ssl/test/bssl_shim.cc @@ -406,10 +406,9 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, return false; } - if (config->fallback_scsv) { - if (!SSL_enable_fallback_scsv(ssl.get())) { - return false; - } + if (config->fallback_scsv && + !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) { + return false; } if (config->async) { // TODO(davidben): Also test |s->ctx->client_cert_cb| on the client and |