Index: third_party/tlslite/patches/fallback_scsv.patch |
diff --git a/third_party/tlslite/patches/fallback_scsv.patch b/third_party/tlslite/patches/fallback_scsv.patch |
index e4fb3d86c03fb5eba5d2c89241678fe7d58d9cf5..9a64f11b9d53df5caa0043d0bda107ebacc04137 100644 |
--- a/third_party/tlslite/patches/fallback_scsv.patch |
+++ b/third_party/tlslite/patches/fallback_scsv.patch |
@@ -1,29 +1,55 @@ |
-diff --git a/third_party/tlslite/tlslite/TLSConnection.py b/third_party/tlslite/tlslite/TLSConnection.py |
-index d2270a9..e6ce187 100644 |
---- a/third_party/tlslite/tlslite/TLSConnection.py |
-+++ b/third_party/tlslite/tlslite/TLSConnection.py |
-@@ -937,7 +937,8 @@ class TLSConnection(TLSRecordLayer): |
- certChain=None, privateKey=None, reqCert=False, |
- sessionCache=None, settings=None, checker=None, |
- reqCAs=None, tlsIntolerant=0, |
-- signedCertTimestamps=None): |
-+ signedCertTimestamps=None, |
+diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py |
+index b3bad2d..d132b78 100755 |
+--- a/third_party/tlslite/tlslite/constants.py |
++++ b/third_party/tlslite/tlslite/constants.py |
+@@ -106,6 +106,7 @@ class AlertDescription: |
+ protocol_version = 70 |
+ insufficient_security = 71 |
+ internal_error = 80 |
++ inappropriate_fallback = 86 |
+ user_canceled = 90 |
+ no_renegotiation = 100 |
+ unknown_psk_identity = 115 |
+@@ -117,6 +118,9 @@ class CipherSuite: |
+ # We actually don't do any renegotiation, but this |
+ # prevents renegotiation attacks |
+ TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF |
++ |
++ # draft-bmoeller-tls-downgrade-scsv-01 |
++ TLS_FALLBACK_SCSV = 0x5600 |
+ |
+ TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A |
+ TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D |
+diff --git a/third_party/tlslite/tlslite/errors.py b/third_party/tlslite/tlslite/errors.py |
+index 22c298c..001ef33 100755 |
+--- a/third_party/tlslite/tlslite/errors.py |
++++ b/third_party/tlslite/tlslite/errors.py |
+@@ -63,6 +63,7 @@ class TLSAlert(TLSError): |
+ AlertDescription.protocol_version: "protocol_version",\ |
+ AlertDescription.insufficient_security: "insufficient_security",\ |
+ AlertDescription.internal_error: "internal_error",\ |
++ AlertDescription.inappropriate_fallback: "inappropriate_fallback",\ |
+ AlertDescription.user_canceled: "user_canceled",\ |
+ AlertDescription.no_renegotiation: "no_renegotiation",\ |
+ AlertDescription.unknown_psk_identity: "unknown_psk_identity"} |
+diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
+index 45b0bbb..bd92161 100755 |
+--- a/third_party/tlslite/tlslite/tlsconnection.py |
++++ b/third_party/tlslite/tlslite/tlsconnection.py |
+@@ -966,7 +966,8 @@ class TLSConnection(TLSRecordLayer): |
+ reqCAs = None, |
+ tacks=None, activationFlags=0, |
+ nextProtos=None, anon=False, |
+- tlsIntolerant=None, signedCertTimestamps=None): |
++ tlsIntolerant=None, signedCertTimestamps=None, |
+ fallbackSCSV=False): |
"""Perform a handshake in the role of server. |
This function performs an SSL or TLS handshake. Depending on |
-@@ -1014,6 +1014,19 @@ class TLSConnection(TLSRecordLayer): |
+@@ -1045,6 +1046,11 @@ class TLSConnection(TLSRecordLayer): |
binary 8-bit string) that will be sent as a TLS extension whenever |
the client announces support for the extension. |
-+ @type tlsIntolerant: int |
-+ @param tlsIntolerant: if non-zero, the server will simulate TLS |
-+ version intolerance by returning a fatal, handshake_failure alert. |
-+ The versions to which it's intolerant vary depending on the value: |
-+ 1: reject all TLS versions. |
-+ 2: reject TLS 1.1 or higher. |
-+ 3: reject TLS 1.2 or higher. |
-+ |
+ @type fallbackSCSV: bool |
+ @param fallbackSCSV: if true, the server will implement |
+ TLS_FALLBACK_SCSV and thus reject connections using less than the |
@@ -32,29 +58,29 @@ index d2270a9..e6ce187 100644 |
@raise socket.error: If a socket error occurs. |
@raise tlslite.errors.TLSAbruptCloseError: If the socket is closed |
without a preceding alert. |
-@@ -1022,7 +1023,8 @@ class TLSConnection(TLSRecordLayer): |
- """ |
- for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, |
- certChain, privateKey, reqCert, sessionCache, settings, |
-- checker, reqCAs, tlsIntolerant, signedCertTimestamps): |
-+ checker, reqCAs, tlsIntolerant, signedCertTimestamps, |
-+ fallbackSCSV): |
+@@ -1057,7 +1063,8 @@ class TLSConnection(TLSRecordLayer): |
+ checker, reqCAs, |
+ tacks=tacks, activationFlags=activationFlags, |
+ nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant, |
+- signedCertTimestamps=signedCertTimestamps): |
++ signedCertTimestamps=signedCertTimestamps, |
++ fallbackSCSV=fallbackSCSV): |
pass |
-@@ -1030,7 +1032,8 @@ class TLSConnection(TLSRecordLayer): |
- certChain=None, privateKey=None, reqCert=False, |
- sessionCache=None, settings=None, checker=None, |
- reqCAs=None, tlsIntolerant=0, |
-- signedCertTimestamps=None): |
+@@ -1068,7 +1075,8 @@ class TLSConnection(TLSRecordLayer): |
+ tacks=None, activationFlags=0, |
+ nextProtos=None, anon=False, |
+ tlsIntolerant=None, |
+- signedCertTimestamps=None |
+ signedCertTimestamps=None, |
-+ fallbackSCSV=False): |
++ fallbackSCSV=False |
+ ): |
"""Start a server handshake operation on the TLS connection. |
- This function returns a generator which behaves similarly to |
-@@ -1049,7 +1052,8 @@ class TLSConnection(TLSRecordLayer): |
- sessionCache=sessionCache, settings=settings, |
- reqCAs=reqCAs, |
+@@ -1089,7 +1097,8 @@ class TLSConnection(TLSRecordLayer): |
+ tacks=tacks, activationFlags=activationFlags, |
+ nextProtos=nextProtos, anon=anon, |
tlsIntolerant=tlsIntolerant, |
- signedCertTimestamps=signedCertTimestamps) |
+ signedCertTimestamps=signedCertTimestamps, |
@@ -62,58 +88,44 @@ index d2270a9..e6ce187 100644 |
for result in self._handshakeWrapperAsync(handshaker, checker): |
yield result |
-@@ -1057,7 +1061,8 @@ class TLSConnection(TLSRecordLayer): |
- def _handshakeServerAsyncHelper(self, sharedKeyDB, verifierDB, |
- certChain, privateKey, reqCert, |
- sessionCache, settings, reqCAs, |
-- tlsIntolerant, signedCertTimestamps): |
-+ tlsIntolerant, signedCertTimestamps, |
-+ fallbackSCSV): |
+@@ -1099,7 +1108,7 @@ class TLSConnection(TLSRecordLayer): |
+ settings, reqCAs, |
+ tacks, activationFlags, |
+ nextProtos, anon, |
+- tlsIntolerant, signedCertTimestamps): |
++ tlsIntolerant, signedCertTimestamps, fallbackSCSV): |
self._handshakeStart(client=False) |
-@@ -1141,12 +1146,18 @@ class TLSConnection(TLSRecordLayer): |
- yield result |
+@@ -1134,7 +1143,7 @@ class TLSConnection(TLSRecordLayer): |
+ # Handle ClientHello and resumption |
+ for result in self._serverGetClientHello(settings, certChain,\ |
+ verifierDB, sessionCache, |
+- anon, tlsIntolerant): |
++ anon, tlsIntolerant, fallbackSCSV): |
+ if result in (0,1): yield result |
+ elif result == None: |
+ self._handshakeDone(resumed=True) |
+@@ -1234,7 +1243,7 @@ class TLSConnection(TLSRecordLayer): |
+ |
- #If client's version is too high, propose my highest version |
-- elif clientHello.client_version > settings.maxVersion: |
-+ if clientHello.client_version > settings.maxVersion: |
+ def _serverGetClientHello(self, settings, certChain, verifierDB, |
+- sessionCache, anon, tlsIntolerant): |
++ sessionCache, anon, tlsIntolerant, fallbackSCSV): |
+ #Initialize acceptable cipher suites |
+ cipherSuites = [] |
+ if verifierDB: |
+@@ -1280,6 +1289,13 @@ class TLSConnection(TLSRecordLayer): |
+ elif clientHello.client_version > settings.maxVersion: |
self.version = settings.maxVersion |
-- |
+ |
++ #Detect if the client performed an inappropriate fallback. |
++ elif fallbackSCSV and clientHello.client_version < settings.maxVersion: |
++ if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites: |
++ for result in self._sendError(\ |
++ AlertDescription.inappropriate_fallback): |
++ yield result |
++ |
else: |
#Set the version to the client's version |
- self.version = clientHello.client_version |
-+ if (fallbackSCSV and |
-+ clientHello.client_version < settings.maxVersion): |
-+ for cipherSuite in clientHello.cipher_suites: |
-+ if cipherSuite == 0x5600: |
-+ for result in self._sendError(\ |
-+ AlertDescription.inappropriate_fallback): |
-+ yield result |
- |
- #Get the client nonce; create server nonce |
- clientRandom = clientHello.random |
-diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py |
-index b5a345a..23e3dcb 100644 |
---- a/third_party/tlslite/tlslite/constants.py |
-+++ b/third_party/tlslite/tlslite/constants.py |
-@@ -91,6 +91,7 @@ class AlertDescription: |
- protocol_version = 70 |
- insufficient_security = 71 |
- internal_error = 80 |
-+ inappropriate_fallback = 86 |
- user_canceled = 90 |
- no_renegotiation = 100 |
- unknown_srp_username = 120 |
-diff --git a/third_party/tlslite/tlslite/errors.py b/third_party/tlslite/tlslite/errors.py |
-index c7f7ba8..45087e6 100644 |
---- a/third_party/tlslite/tlslite/errors.py |
-+++ b/third_party/tlslite/tlslite/errors.py |
-@@ -48,6 +48,7 @@ class TLSAlert(TLSError): |
- AlertDescription.protocol_version: "protocol_version",\ |
- AlertDescription.insufficient_security: "insufficient_security",\ |
- AlertDescription.internal_error: "internal_error",\ |
-+ AlertDescription.inappropriate_fallback: "inappropriate_fallback",\ |
- AlertDescription.user_canceled: "user_canceled",\ |
- AlertDescription.no_renegotiation: "no_renegotiation",\ |
- AlertDescription.unknown_srp_username: "unknown_srp_username",\ |
+ self.version = clientHello.client_version |