Commit b97667ce authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix some missing checks for TLS1_3_VERSION_DRAFT 



There were a few places where we weren't checking to see if we were using
the draft TLS1.3 version or not.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 54682aa3

include/openssl/tls1.h

+1 −0
Original line number Diff line number Diff line
@@ -70,6 +70,7 @@ extern "C" { 


/* TODO(TLS1.3) REMOVE ME: Version indicator for draft -18 */

# define TLS1_3_VERSION_DRAFT            0x7f12

# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 18)"



/* Special value for method supporting multiple versions */

# define TLS_ANY_VERSION                 0x10000

ssl/statem/statem_lib.c

+4 −0
Original line number Diff line number Diff line
@@ -1118,6 +1118,10 @@ int ssl_choose_client_version(SSL *s, int version) 
    const version_info *vent;

    const version_info *table;



    /* TODO(TLS1.3): Remove this before release */

    if (version == TLS1_3_VERSION_DRAFT)

        version = TLS1_3_VERSION;



    switch (s->method->version) {

    default:

        if (version != s->version)

ssl/statem/statem_srvr.c

+3 −1
Original line number Diff line number Diff line
@@ -1547,7 +1547,9 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) 
    int compm, al = SSL_AD_INTERNAL_ERROR;

    size_t sl, len;



    if (!WPACKET_put_bytes_u16(pkt, s->version)

    /* TODO(TLS1.3): Remove the DRAFT conditional before release */

    if (!WPACKET_put_bytes_u16(pkt, (s->version == TLS1_3_VERSION)

                                    ? TLS1_3_VERSION_DRAFT : s->version)

               /*

                * Random stuff. Filling of the server_random takes place in

                * tls_process_client_hello()

ssl/t1_trce.c

+3 −1
Original line number Diff line number Diff line
@@ -62,6 +62,8 @@ static ssl_trace_tbl ssl_version_tbl[] = { 
    {TLS1_1_VERSION, "TLS 1.1"},

    {TLS1_2_VERSION, "TLS 1.2"},

    {TLS1_3_VERSION, "TLS 1.3"},

    /* TODO(TLS1.3): Remove this line before release */

    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},

    {DTLS1_VERSION, "DTLS 1.0"},

    {DTLS1_2_VERSION, "DTLS 1.2"},

    {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -571,7 +573,7 @@ static ssl_trace_tbl ssl_supp_versions_tbl[] = { 
    {TLS1_1_VERSION, "TLSv1.1"},

    {TLS1_2_VERSION, "TLSv1.2"},

    {TLS1_3_VERSION, "TLSv1.3"},

    {TLS1_3_VERSION_DRAFT, "TLSv1.3 draft 18"}

    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT}

};



static void ssl_print_hex(BIO *bio, int indent, const char *name,