Fixes for Android GN build input/outputs
[chromium-blink-merge.git] / third_party / tlslite / patches / fallback_scsv.patch
blob460468b10060883dc2f0a9f201d2c46d46fb66e7
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlslite/constants.py
2 index 8720de6..69e6067 100644
3 --- a/third_party/tlslite/tlslite/constants.py
4 +++ b/third_party/tlslite/tlslite/constants.py
5 @@ -107,6 +107,7 @@ class AlertDescription:
6 protocol_version = 70
7 insufficient_security = 71
8 internal_error = 80
9 + inappropriate_fallback = 86
10 user_canceled = 90
11 no_renegotiation = 100
12 unknown_psk_identity = 115
13 @@ -118,6 +119,9 @@ class CipherSuite:
14 # We actually don't do any renegotiation, but this
15 # prevents renegotiation attacks
16 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF
18 + # draft-ietf-tls-downgrade-scsv-03
19 + TLS_FALLBACK_SCSV = 0x5600
21 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A
22 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D
23 diff --git a/third_party/tlslite/tlslite/errors.py b/third_party/tlslite/tlslite/errors.py
24 index 22c298c..001ef33 100644
25 --- a/third_party/tlslite/tlslite/errors.py
26 +++ b/third_party/tlslite/tlslite/errors.py
27 @@ -63,6 +63,7 @@ class TLSAlert(TLSError):
28 AlertDescription.protocol_version: "protocol_version",\
29 AlertDescription.insufficient_security: "insufficient_security",\
30 AlertDescription.internal_error: "internal_error",\
31 + AlertDescription.inappropriate_fallback: "inappropriate_fallback",\
32 AlertDescription.user_canceled: "user_canceled",\
33 AlertDescription.no_renegotiation: "no_renegotiation",\
34 AlertDescription.unknown_psk_identity: "unknown_psk_identity"}
35 diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py
36 index 4dedc5f..0563fb5f 100644
37 --- a/third_party/tlslite/tlslite/tlsconnection.py
38 +++ b/third_party/tlslite/tlslite/tlsconnection.py
39 @@ -969,7 +969,8 @@ class TLSConnection(TLSRecordLayer):
40 reqCAs = None,
41 tacks=None, activationFlags=0,
42 nextProtos=None, anon=False,
43 - tlsIntolerant=None, signedCertTimestamps=None):
44 + tlsIntolerant=None, signedCertTimestamps=None,
45 + fallbackSCSV=False):
46 """Perform a handshake in the role of server.
48 This function performs an SSL or TLS handshake. Depending on
49 @@ -1048,6 +1049,11 @@ class TLSConnection(TLSRecordLayer):
50 binary 8-bit string) that will be sent as a TLS extension whenever
51 the client announces support for the extension.
53 + @type fallbackSCSV: bool
54 + @param fallbackSCSV: if true, the server will implement
55 + TLS_FALLBACK_SCSV and thus reject connections using less than the
56 + server's maximum TLS version that include this cipher suite.
58 @raise socket.error: If a socket error occurs.
59 @raise tlslite.errors.TLSAbruptCloseError: If the socket is closed
60 without a preceding alert.
61 @@ -1060,7 +1066,8 @@ class TLSConnection(TLSRecordLayer):
62 checker, reqCAs,
63 tacks=tacks, activationFlags=activationFlags,
64 nextProtos=nextProtos, anon=anon, tlsIntolerant=tlsIntolerant,
65 - signedCertTimestamps=signedCertTimestamps):
66 + signedCertTimestamps=signedCertTimestamps,
67 + fallbackSCSV=fallbackSCSV):
68 pass
71 @@ -1071,7 +1078,8 @@ class TLSConnection(TLSRecordLayer):
72 tacks=None, activationFlags=0,
73 nextProtos=None, anon=False,
74 tlsIntolerant=None,
75 - signedCertTimestamps=None
76 + signedCertTimestamps=None,
77 + fallbackSCSV=False
79 """Start a server handshake operation on the TLS connection.
81 @@ -1092,7 +1100,8 @@ class TLSConnection(TLSRecordLayer):
82 tacks=tacks, activationFlags=activationFlags,
83 nextProtos=nextProtos, anon=anon,
84 tlsIntolerant=tlsIntolerant,
85 - signedCertTimestamps=signedCertTimestamps)
86 + signedCertTimestamps=signedCertTimestamps,
87 + fallbackSCSV=fallbackSCSV)
88 for result in self._handshakeWrapperAsync(handshaker, checker):
89 yield result
91 @@ -1102,7 +1111,7 @@ class TLSConnection(TLSRecordLayer):
92 settings, reqCAs,
93 tacks, activationFlags,
94 nextProtos, anon,
95 - tlsIntolerant, signedCertTimestamps):
96 + tlsIntolerant, signedCertTimestamps, fallbackSCSV):
98 self._handshakeStart(client=False)
100 @@ -1137,7 +1146,7 @@ class TLSConnection(TLSRecordLayer):
101 # Handle ClientHello and resumption
102 for result in self._serverGetClientHello(settings, certChain,\
103 verifierDB, sessionCache,
104 - anon, tlsIntolerant):
105 + anon, tlsIntolerant, fallbackSCSV):
106 if result in (0,1): yield result
107 elif result == None:
108 self._handshakeDone(resumed=True)
109 @@ -1237,7 +1246,7 @@ class TLSConnection(TLSRecordLayer):
112 def _serverGetClientHello(self, settings, certChain, verifierDB,
113 - sessionCache, anon, tlsIntolerant):
114 + sessionCache, anon, tlsIntolerant, fallbackSCSV):
115 #Initialize acceptable cipher suites
116 cipherSuites = []
117 if verifierDB:
118 @@ -1283,6 +1292,14 @@ class TLSConnection(TLSRecordLayer):
119 elif clientHello.client_version > settings.maxVersion:
120 self.version = settings.maxVersion
122 + #Detect if the client performed an inappropriate fallback.
123 + elif fallbackSCSV and clientHello.client_version < settings.maxVersion:
124 + self.version = clientHello.client_version
125 + if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites:
126 + for result in self._sendError(\
127 + AlertDescription.inappropriate_fallback):
128 + yield result
130 else:
131 #Set the version to the client's version
132 self.version = clientHello.client_version