Implement TLS_FALLBACK_SCSV for SSLClientSocketOpenSSL.

In doing so, fix a bug in tlslite's TLS_FALLBACK_SCSV support; the fallback
alert should be sent with the client's version. Otherwise OpenSSL reports
SSL_R_UNSUPPORTED_PROTOCOL and doesn't report the alert. This behavior is
probably not wrong as, if the server responds with a TLS version higher than
what is supported, we can't really be sure of the parse.

BUG=388425

Review URL: https://codereview.chromium.org/418553003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@285764 0039d316-1c4b-4281-b951-d872f2087c98

net/socket/openssl_ssl_util.cc

@@ -148,6 +148,8 @@ int MapOpenSSLErrorSSL(unsigned long error_code) {
       // The only way that the certificate verify callback can fail is if
       // the leaf certificate changed during a renegotiation.
       return ERR_SSL_SERVER_CERT_CHANGED;
+    case SSL_AD_REASON_OFFSET + SSL3_AD_INAPPROPRIATE_FALLBACK:
+      return ERR_SSL_INAPPROPRIATE_FALLBACK;
     default:
       LOG(WARNING) << "Unmapped error reason: " << ERR_GET_REASON(error_code);
       return ERR_FAILED;

net/socket/ssl_client_socket_openssl.cc

@@ -759,6 +759,9 @@ int SSLClientSocketOpenSSL::Init() {
   LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
                               "returned " << rv;
 
+  if (ssl_config_.version_fallback)
+    SSL_enable_fallback_scsv(ssl_);
+
   // TLS channel ids.
   if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) {
     SSL_enable_tls_channel_id(ssl_);

net/url_request/url_request_unittest.cc

@@ -7048,11 +7048,7 @@ TEST_F(HTTPSFallbackTest, TLSv1FallbackReset) {
 
 // Tests that we don't fallback on handshake failure with servers that implement
 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported.
-#if defined(USE_OPENSSL)
-TEST_F(HTTPSFallbackTest, DISABLED_FallbackSCSV) {
-#else
 TEST_F(HTTPSFallbackTest, FallbackSCSV) {
-#endif
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
   // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger
@@ -7074,11 +7070,7 @@ TEST_F(HTTPSFallbackTest, FallbackSCSV) {
 
 // Tests that we don't fallback on connection closed with servers that implement
 // TLS_FALLBACK_SCSV. Also ensure that the original error code is reported.
-#if defined(USE_OPENSSL)
-TEST_F(HTTPSFallbackTest, DISABLED_FallbackSCSVClosed) {
-#else
 TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) {
-#endif
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
   // Configure HTTPS server to be intolerant of TLS >= 1.0 in order to trigger

third_party/tlslite/patches/fallback_scsv.patch

@@ -115,12 +115,13 @@ index 45b0bbb..bd92161 100755
          #Initialize acceptable cipher suites
          cipherSuites = []
          if verifierDB:
-@@ -1280,6 +1289,13 @@ class TLSConnection(TLSRecordLayer):
+@@ -1280,6 +1289,14 @@ class TLSConnection(TLSRecordLayer):
          elif clientHello.client_version > settings.maxVersion:
              self.version = settings.maxVersion
  
 +        #Detect if the client performed an inappropriate fallback.
 +        elif fallbackSCSV and clientHello.client_version < settings.maxVersion:
++            self.version = clientHello.client_version
 +            if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites:
 +                for result in self._sendError(\
 +                        AlertDescription.inappropriate_fallback):

third_party/tlslite/tlslite/tlsconnection.py

@@ -1428,6 +1428,7 @@ class TLSConnection(TLSRecordLayer):
 
         #Detect if the client performed an inappropriate fallback.
         elif fallbackSCSV and clientHello.client_version < settings.maxVersion:
+            self.version = clientHello.client_version
             if CipherSuite.TLS_FALLBACK_SCSV in clientHello.cipher_suites:
                 for result in self._sendError(\
                         AlertDescription.inappropriate_fallback):