From: Matt Caswell <matt@openssl.org>
Date: Wed, 18 Jul 2018 15:13:14 +0000 (+0100)
Subject: Turn on TLSv1.3 downgrade protection by default
X-Git-Tag: OpenSSL_1_1_1-pre9~18
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9f22c527232d8babfa4827dff34a6707e8880dd9;p=oweals%2Fopenssl.git
Turn on TLSv1.3 downgrade protection by default
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
---
diff --git a/Configure b/Configure
index 059271275d..c9f6ea760b 100755
--- a/Configure
+++ b/Configure
@@ -405,7 +405,6 @@ my @disablables = (
"tests",
"threads",
"tls",
- "tls13downgrade",
"ts",
"ubsan",
"ui-console",
@@ -449,7 +448,6 @@ our %disabled = ( # "what" => "comment"
"ssl3" => "default",
"ssl3-method" => "default",
"ubsan" => "default",
- "tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
diff --git a/INSTALL b/INSTALL
index 34023dcd75..ff0aa6d127 100644
--- a/INSTALL
+++ b/INSTALL
@@ -476,16 +476,6 @@
require additional system-dependent options! See "Note on
multi-threading" below.
- enable-tls13downgrade
- TODO(TLS1.3): Make this enabled by default and remove the
- option when TLSv1.3 is out of draft
- TLSv1.3 offers a downgrade protection mechanism. This is
- implemented but disabled by default. It should not typically
- be enabled except for testing purposes. Otherwise this could
- cause problems if a pre-RFC version of OpenSSL talks to an
- RFC implementation (it will erroneously be detected as a
- downgrade).
-
no-ts
Don't build Time Stamping Authority support.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c170eed5e1..5ecbc3c554 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4568,7 +4568,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
} else {
ret = RAND_bytes(result, len);
}
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
+
if (ret > 0) {
if (!ossl_assert(sizeof(tls11downgrade) < len)
|| !ossl_assert(sizeof(tls12downgrade) < len))
@@ -4580,7 +4580,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
sizeof(tls11downgrade));
}
-#endif
+
return ret;
}
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index d04f8773de..38121b7fd2 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1914,7 +1914,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
if (s->version != vent->version)
continue;
-#ifndef OPENSSL_NO_TLS13DOWNGRADE
/* Check for downgrades */
if (s->version == TLS1_2_VERSION && highver > s->version) {
if (memcmp(tls12downgrade,
@@ -1941,7 +1940,6 @@ int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
return 0;
}
}
-#endif
s->method = method;
return 1;
diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t
index cc5fb16d2b..f7c8812345 100644
--- a/test/recipes/70-test_tls13downgrade.t
+++ b/test/recipes/70-test_tls13downgrade.t
@@ -26,10 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled"
plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled"
if disabled("tls1_3") || disabled("tls1_2");
-# TODO(TLS1.3): Enable this when TLSv1.3 comes out of draft
-plan skip_all => "$test_name not run in pre TLSv1.3 RFC implementation"
- if disabled("tls13downgrade");
-
$ENV{OPENSSL_ia32cap} = '~0x200000200000000';
my $proxy = TLSProxy::Proxy->new(