Apply GREASE to the version extension.

BUG=106 Change-Id: Iaa12aeb67627f3c22fe4a917c89c646cb3dc1843 Reviewed-on: https://boringssl-review.googlesource.com/11325 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
google · Sep 27, 2016 · d9791bf · d9791bf
1 parent 9f16ce1
commit d9791bf
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/ssl/internal.h b/ssl/internal.h
@@ -1021,6 +1021,7 @@ enum ssl_grease_index_t {
   ssl_grease_group,
   ssl_grease_extension1,
   ssl_grease_extension2,
+  ssl_grease_version,
 };
 
 /* ssl_get_grease_value returns a GREASE value for |ssl|. For a given

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
@@ -2279,6 +2279,12 @@ static int ext_supported_versions_add_clienthello(SSL *ssl, CBB *out) {
     return 0;
   }
 
+  /* Add a fake version. See draft-davidben-tls-grease-01. */
+  if (ssl->ctx->grease_enabled &&
+      !CBB_add_u16(&versions, ssl_get_grease_value(ssl, ssl_grease_version))) {
+    return 0;
+  }
+
   for (uint16_t version = max_version; version >= min_version; version--) {
     if (!CBB_add_u16(&versions, ssl->method->version_to_wire(version))) {
       return 0;

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
@@ -233,13 +233,16 @@ func (hs *serverHandshakeState) readClientHello() error {
 		c.vers = config.Bugs.NegotiateVersionOnRenego
 	} else if len(hs.clientHello.supportedVersions) > 0 {
 		// Use the versions extension if supplied.
-		var foundVersion bool
+		var foundVersion, foundGREASE bool
 		for _, extVersion := range hs.clientHello.supportedVersions {
+			if isGREASEValue(extVersion) {
+				foundGREASE = true
+			}
 			extVersion, ok = wireToVersion(extVersion, c.isDTLS)
 			if !ok {
 				continue
 			}
-			if config.isSupportedVersion(extVersion, c.isDTLS) {
+			if config.isSupportedVersion(extVersion, c.isDTLS) && !foundVersion {
 				c.vers = extVersion
 				foundVersion = true
 				break
@@ -249,6 +252,9 @@ func (hs *serverHandshakeState) readClientHello() error {
 			c.sendAlert(alertProtocolVersion)
 			return errors.New("tls: client did not offer any supported protocol versions")
 		}
+		if config.Bugs.ExpectGREASE && !foundGREASE {
+			return errors.New("tls: no GREASE version value found")
+		}
 	} else {
 		// Otherwise, use the legacy ClientHello version.
 		version := clientVersion