Support TLS_FALLBACK_SCSV. (6bfe5538) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+6 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,12 @@

		Changes between 1.0.1i and 1.0.1j [xx XXX xxxx]

		*) Add support for TLS_FALLBACK_SCSV.
		Client applications doing fallback retries should call
		SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
		(CVE-2014-3566)
		[Adam Langley, Bodo Moeller]

		*) Add additional DigestInfo checks.

		Reencode DigestInto in DER and check against the original when

+10 −0

Original line number	Diff line number	Diff line
		@@ -337,6 +337,7 @@ static void sc_usage(void)
		BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
		BIO_printf(bio_err," -tls1 - just use TLSv1\n");
		BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
		BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
		BIO_printf(bio_err," -mtu - set the link layer MTU\n");
		BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
		BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
		@@ -617,6 +618,7 @@ int MAIN(int argc, char **argv)
		char *sess_out = NULL;
		struct sockaddr peer;
		int peerlen = sizeof(peer);
		int fallback_scsv = 0;
		int enable_timeouts = 0 ;
		long socket_mtu = 0;
		#ifndef OPENSSL_NO_JPAKE
		@@ -823,6 +825,10 @@ int MAIN(int argc, char **argv)
		meth=DTLSv1_client_method();
		socket_type=SOCK_DGRAM;
		}
		else if (strcmp(*argv,"-fallback_scsv") == 0)
		{
		fallback_scsv = 1;
		}
		else if (strcmp(*argv,"-timeout") == 0)
		enable_timeouts=1;
		else if (strcmp(*argv,"-mtu") == 0)
		@@ -1235,6 +1241,10 @@ bad:
		SSL_set_session(con, sess);
		SSL_SESSION_free(sess);
		}

		if (fallback_scsv)
		SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);

		#ifndef OPENSSL_NO_TLSEXT
		if (servername != NULL)
		{

+1 −0

Original line number	Diff line number	Diff line
		@@ -71,6 +71,7 @@ R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
		R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
		R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
		R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
		R SSL_R_SSLV3_ALERT_INAPPROPRIATE_FALLBACK 1086
		R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
		R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
		R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110

+10 −0

Original line number	Diff line number	Diff line
		@@ -266,6 +266,16 @@ long dtls1_ctrl(SSL s, int cmd, long larg, void parg)
		case DTLS_CTRL_LISTEN:
		ret = dtls1_listen(s, parg);
		break;
		case SSL_CTRL_CHECK_PROTO_VERSION:
		/* For library-internal use; checks that the current protocol
		* is the highest enabled version (according to s->ctx->method,
		* as version negotiation may have changed s->method). */
		#if DTLS_MAX_VERSION != DTLS1_VERSION
		# error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
		#endif
		/* Just one protocol version is supported so far;
		* fail closed if the version is not as expected. */
		return s->version == DTLS_MAX_VERSION;

		default:
		ret = ssl3_ctrl(s, cmd, larg, parg);

+2 −1

Original line number	Diff line number	Diff line
		@@ -84,6 +84,8 @@ extern "C" {
		#endif

		#define DTLS1_VERSION 0xFEFF
		#define DTLS_MAX_VERSION DTLS1_VERSION

		#define DTLS1_BAD_VER 0x0100

		#if 0
		@@ -284,4 +286,3 @@ typedef struct dtls1_record_data_st
		}
		#endif
		#endif