diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-22 08:52:54 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-24 14:07:11 +0000 |
commit | f7f2a01d6364f10f353652e29555e6c66aec9b6d (patch) | |
tree | 717a2864e04c5a9dfb94907bae06ffbe5df1cdc5 /ssl/s3_lib.c | |
parent | a41815f05e71009d2a5148bd30b70f47186ed66b (diff) |
Add server side support for TLSv1.3 downgrade mechanism
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 1669652644..3feb628809 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -48,6 +48,7 @@ */ #include <stdio.h> +#include <assert.h> #include <openssl/objects.h> #include "ssl_locl.h" #include <openssl/md5.h> @@ -4007,9 +4008,10 @@ long ssl_get_algorithm2(SSL *s) * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on * failure, 1 on success. */ -int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len) +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len, + DOWNGRADE dgrd) { - int send_time = 0; + int send_time = 0, ret; if (len < 4) return 0; @@ -4022,9 +4024,29 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len) unsigned char *p = result; l2n(Time, p); /* TODO(size_t): Convert this */ - return RAND_bytes(p, (int)(len - 4)); - } else - return RAND_bytes(result, (int)len); + ret = RAND_bytes(p, (int)(len - 4)); + } else { + ret = RAND_bytes(result, (int)len); + } +#ifndef OPENSSL_NO_TLS13DOWNGRADE + if (ret) { + static const unsigned char tls11downgrade[] = { + 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00 + }; + static const unsigned char tls12downgrade[] = { + 0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01 + }; + + assert(sizeof(tls11downgrade) < len && sizeof(tls12downgrade) < len); + if (dgrd == DOWNGRADE_TO_1_2) + memcpy(result + len - sizeof(tls12downgrade), tls12downgrade, + sizeof(tls12downgrade)); + else if (dgrd == DOWNGRADE_TO_1_1) + memcpy(result + len - sizeof(tls11downgrade), tls11downgrade, + sizeof(tls11downgrade)); + } +#endif + return ret; } int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen, |