Google Git
Sign in
boringssl/boringssl/5f0efe06e199a1bd96f161eb45f3dd76924cdc2a^!/.
commit
5f0efe06e199a1bd96f161eb45f3dd76924cdc2a
[log]
author
Adam Langley <agl@google.com>
Fri Feb 20 13:03:16 2015 -0800
committer
Adam Langley <agl@google.com>
Fri Feb 20 23:44:09 2015 +0000
tree
85e39dbf07a6d304a23b4765cf68a077e788ab5e
parent
93531bd70f48bc63ad7d4aedf32d69c8095170bd [diff]
Use SSL_MODE_SEND_FALLBACK_SCSV.

Upstream settled in this API, and it's also the one that we expect
internally and that third_party code will expect.

Change-Id: Id7af68cf0af1f2e4d9defd37bda2218d70e2aa7b
Reviewed-on: https://boringssl-review.googlesource.com/3542
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 8a9d686..0a01fd6 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -494,6 +494,16 @@
  * session resumption is used for a given SSL*. */
 #define SSL_MODE_NO_SESSION_CREATION 0x00000200L
 
+/* SSL_MODE_SEND_SERVERHELLO_TIME sends TLS_FALLBACK_SCSV in the ClientHello.
+ * To be set only by applications that reconnect with a downgraded protocol
+ * version; see https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-05
+ * for details.
+ *
+ * DO NOT ENABLE THIS if your application attempts a normal handshake. Only use
+ * this in explicit fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-05. */
+#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000400L
+
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
  * cannot be used to clear bits. */
 
@@ -1328,10 +1338,6 @@
                     * 2 if we are a server and are inside a handshake
                     * (i.e. not just sending a HelloRequest) */
 
-  /* fallback_scsv is non-zero iff we are sending the TLS_FALLBACK_SCSV cipher
-   * suite value. Only applies to a client. */
-  char fallback_scsv;
-
   /* fastradio_padding, if true, causes ClientHellos to be padded to 1024
    * bytes. This ensures that the cellular radio is fast forwarded to DCH (high
    * data rate) state in 3G networks. */
@@ -1618,8 +1624,6 @@
 #define SSL_CTRL_GET_CHANNEL_ID 118
 #define SSL_CTRL_SET_CHANNEL_ID 119
 
-#define SSL_CTRL_FALLBACK_SCSV 120
-
 /* DTLSv1_get_timeout queries the next DTLS handshake timeout. If there is a
  * timeout in progress, it sets |*((OPENSSL_timeval*)arg)| to the time remaining
  * and returns one. Otherwise, it returns zero.
@@ -1796,9 +1800,6 @@
 #define SSL_get0_ec_point_formats(s, plst) \
   SSL_ctrl(s, SSL_CTRL_GET_EC_POINT_FORMATS, 0, (char *)plst)
 
-#define SSL_enable_fallback_scsv(s) \
-  SSL_ctrl(s, SSL_CTRL_FALLBACK_SCSV, 0, NULL)
-
 OPENSSL_EXPORT int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
 OPENSSL_EXPORT int SSL_CTX_set_cipher_list_tls11(SSL_CTX *, const char *str);
 OPENSSL_EXPORT SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 700fbaf..72a02d4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -967,11 +967,6 @@
       memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
       return 64;
 
-    case SSL_CTRL_FALLBACK_SCSV:
-      s->fallback_scsv = 1;
-      ret = 1;
-      break;
-
     default:
       break;
   }

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d070e82..e81df08 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -1411,7 +1411,7 @@
     s2n(SSL3_CK_SCSV & 0xffff, p);
   }
 
-  if (s->fallback_scsv) {
+  if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
     s2n(SSL3_CK_FALLBACK_SCSV & 0xffff, p);
   }
 

diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 806c3cd..24ce1f9 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc

@@ -406,10 +406,9 @@
     return false;
   }
 
-  if (config->fallback_scsv) {
-    if (!SSL_enable_fallback_scsv(ssl.get())) {
-      return false;
-    }
+  if (config->fallback_scsv &&
+      !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) {
+    return false;
   }
   if (config->async) {
     // TODO(davidben): Also test |s->ctx->client_cert_cb| on the client and