Commit 73cc84a1 authored by Matt Caswell's avatar Matt Caswell
Browse files

Suport TLSv1.3 draft 28 



Also retains support for drafts 27 and 26

Fixes #6257

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6258)
parent ba8b48e9

include/openssl/tls1.h

+7 −3
Original line number Diff line number Diff line
@@ -30,9 +30,13 @@ extern "C" { 
# define TLS1_3_VERSION                  0x0304

# define TLS_MAX_VERSION                 TLS1_3_VERSION



/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -26 */

# define TLS1_3_VERSION_DRAFT            0x7f1a

# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 26)"

/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */

# define TLS1_3_VERSION_DRAFT_26         0x7f1a

# define TLS1_3_VERSION_DRAFT_27         0x7f1b

# define TLS1_3_VERSION_DRAFT            0x7f1c

# define TLS1_3_VERSION_DRAFT_TXT_26     "TLS 1.3 (draft 26)"

# define TLS1_3_VERSION_DRAFT_TXT_27     "TLS 1.3 (draft 27)"

# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 28)"



/* Special value for method supporting multiple versions */

# define TLS_ANY_VERSION                 0x10000

ssl/ssl_locl.h

+2 −0
Original line number Diff line number Diff line
@@ -1057,6 +1057,8 @@ struct ssl_st { 
     * DTLS1_VERSION)

     */

    int version;

    /* TODO(TLS1.3): Remove this before release */

    int version_draft;

    /* SSLv3 */

    const SSL_METHOD *method;

    /*

ssl/statem/extensions_clnt.c

+6 −2
Original line number Diff line number Diff line
@@ -538,7 +538,9 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, 
    for (currv = max_version; currv >= min_version; currv--) {

        /* TODO(TLS1.3): Remove this first if clause prior to release!! */

        if (currv == TLS1_3_VERSION) {

            if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)) {

            if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)

                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)

                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) {

                SSLfatal(s, SSL_AD_INTERNAL_ERROR,

                         SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,

                         ERR_R_INTERNAL_ERROR);
@@ -1789,7 +1791,9 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, 
    }



    /* TODO(TLS1.3): Remove this before release */

    if (version == TLS1_3_VERSION_DRAFT)

    if (version == TLS1_3_VERSION_DRAFT

            || version == TLS1_3_VERSION_DRAFT_27

            || version == TLS1_3_VERSION_DRAFT_26)

        version = TLS1_3_VERSION;



    /*

ssl/statem/extensions_srvr.c

+2 −2
Original line number Diff line number Diff line
@@ -892,7 +892,7 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 
    if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)

            || !WPACKET_start_sub_packet_u16(&hrrpkt)

               /* TODO(TLS1.3): Fix this before release */

            || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_3_VERSION_DRAFT)

            || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)

            || !WPACKET_close(&hrrpkt)) {

        WPACKET_cleanup(&hrrpkt);

        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
@@ -1606,7 +1606,7 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, 
    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)

            || !WPACKET_start_sub_packet_u16(pkt)

                /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */

            || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)

            || !WPACKET_put_bytes_u16(pkt, s->version_draft)

            || !WPACKET_close(pkt)) {

        SSLfatal(s, SSL_AD_INTERNAL_ERROR,

                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,

ssl/statem/statem_lib.c

+16 −1
Original line number Diff line number Diff line
@@ -1695,6 +1695,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) 
        unsigned int best_vers = 0;

        const SSL_METHOD *best_method = NULL;

        PACKET versionslist;

        /* TODO(TLS1.3): Remove this before release */

        unsigned int orig_candidate = 0;



        suppversions->parsed = 1;
@@ -1705,8 +1707,18 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) 


        while (PACKET_get_net_2(&versionslist, &candidate_vers)) {

            /* TODO(TLS1.3): Remove this before release */

            if (candidate_vers == TLS1_3_VERSION_DRAFT)

            if (candidate_vers == TLS1_3_VERSION_DRAFT

                    || candidate_vers == TLS1_3_VERSION_DRAFT_27

                    || candidate_vers == TLS1_3_VERSION_DRAFT_26) {

                if (best_vers == TLS1_3_VERSION

                        && orig_candidate > candidate_vers)

                    continue;

                orig_candidate = candidate_vers;

                candidate_vers = TLS1_3_VERSION;

            } else if (candidate_vers == TLS1_3_VERSION) {

                /* Don't actually accept real TLSv1.3 */

                continue;

            }

            /*

             * TODO(TLS1.3): There is some discussion on the TLS list about

             * whether to ignore versions <TLS1.2 in supported_versions. At the
@@ -1745,6 +1757,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) 
            }

            check_for_downgrade(s, best_vers, dgrd);

            s->version = best_vers;

            /* TODO(TLS1.3): Remove this before release */

            if (best_vers == TLS1_3_VERSION)

                s->version_draft = orig_candidate;

            s->method = best_method;

            return 0;

        }