Browse Source

Remove TLSv1.3 draft.

master
Hakase 1 month ago
parent
commit
d087771dc0
Signed by: Hakase <hakase@hakase.app> GPG Key ID: BB2821A9E0DF48C9

+ 9
- 15
README.md View File

12
 
12
 
13
 ## Information
13
 ## Information
14
 
14
 
15
-- [Test Page - (TLS 1.3 draft 23, 26, 28, final)](https://ssl.hakase.io/)
15
+- [Test Page - (TLS 1.3 final)](https://ssl.hakase.io/)
16
 - [SSL Test Result - testssl.sh](https://ssl.hakase.io/ssltest/hakase.io.html)
16
 - [SSL Test Result - testssl.sh](https://ssl.hakase.io/ssltest/hakase.io.html)
17
 - [SSL Test Result - dev.ssllabs.com](https://dev.ssllabs.com/ssltest/analyze.html?d=hakase.io)
17
 - [SSL Test Result - dev.ssllabs.com](https://dev.ssllabs.com/ssltest/analyze.html?d=hakase.io)
18
-- **If you link site to a browser that supports draft 23 or 26 or 28 or final, you'll see a TLS 1.3 message.**
19
-
20
-**Support TLS 1.3 draft 28 browsers - _Chrome Canary, Firefox Nightly_**
18
+- **If you link site to a browser that supports final, you'll see a TLS 1.3 message.**
21
 
19
 
22
 Displays TLSv1.3 support for large sites.
20
 Displays TLSv1.3 support for large sites.
23
 
21
 
25
 - [Baidu(China)](https://baidu.cn/) : **TLSv1.2**
23
 - [Baidu(China)](https://baidu.cn/) : **TLSv1.2**
26
 - [Naver(Korea)](https://naver.com/) : **TLSv1.2**
24
 - [Naver(Korea)](https://naver.com/) : **TLSv1.2**
27
 - [Twitter](https://twitter.com/) : **TLSv1.2**
25
 - [Twitter](https://twitter.com/) : **TLSv1.2**
28
-- [**My Site**](https://hakase.io/) : _TLSv1.3_ draft 23, 26, 28, **final**
26
+- [**My Site**](https://hakase.io/) : _TLSv1.3_ **final**
29
 - [Facebook](https://facebook.com/) : _TLSv1.3_ draft 23, 26, 28, **final**
27
 - [Facebook](https://facebook.com/) : _TLSv1.3_ draft 23, 26, 28, **final**
30
-- [Cloudflare](https://cloudflare.com/) : _TLSv1.3_ draft 23, 28, **final**
31
-- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ draft 23, 28, **final**
28
+- [Cloudflare](https://cloudflare.com/) : _TLSv1.3_ **final**
29
+- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final**
32
 - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
30
 - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
33
 
31
 
34
-[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23204 commits)](https://github.com/openssl/openssl/tree/829800b0735ab99a0962418180cb076ff8081028)
32
+[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23340 commits)](https://github.com/openssl/openssl/tree/1980ce45d6bdd2b57df7003d6b56b5df560b9064)
35
 
33
 
36
 ## Patch files
34
 ## Patch files
37
 
35
 
40
 You can find the _OpenSSL 1.1.0h_ patch is [here.](https://gitlab.com/buik/openssl/blob/openssl-patch/openssl-1.1/OpenSSL1.1h-equal-preference-cipher-groups.patch)
38
 You can find the _OpenSSL 1.1.0h_ patch is [here.](https://gitlab.com/buik/openssl/blob/openssl-patch/openssl-1.1/OpenSSL1.1h-equal-preference-cipher-groups.patch)
41
 
39
 
42
 Here is the basic patch content.
40
 Here is the basic patch content.
43
-- Support TLS 1.3 draft 23 + 26 + 28 + final
44
-    - Server: draft 23 + 26 + 28 + final
45
-    - Client: draft 23 + 26 + 27 + 28 + final
46
 - BoringSSL's Equal Preference Patch
41
 - BoringSSL's Equal Preference Patch
47
 - Weak 3DES and not using ECDHE ciphers is not used in TLSv1.1 or later.
42
 - Weak 3DES and not using ECDHE ciphers is not used in TLSv1.1 or later.
48
 
43
 
49
 | Patch file name | Patch list |
44
 | Patch file name | Patch list |
50
 | :--- | :--- |
45
 | :--- | :--- |
51
-| openssl-1.1.1a-tls13_draft.patch | Only for TLS 1.3 draft 23, 26, 28, final support patch. |
52
 | openssl-equal-1.1.1a.patch<br>openssl-equal-3.0.0-dev.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can not_** be changed on _nginx_. |
46
 | openssl-equal-1.1.1a.patch<br>openssl-equal-3.0.0-dev.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can not_** be changed on _nginx_. |
53
 | openssl-equal-1.1.1a_ciphers.patch<br>openssl-equal-3.0.0-dev_ciphers.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can_** be changed on _nginx_. |
47
 | openssl-equal-1.1.1a_ciphers.patch<br>openssl-equal-3.0.0-dev_ciphers.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can_** be changed on _nginx_. |
54
 | openssl-1.1.1a-chacha_draft.patch<br>openssl-3.0.0-dev-chacha_draft.patch | A draft version of chacha20-poly1305 is available. [View issue](https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427554824) |
48
 | openssl-1.1.1a-chacha_draft.patch<br>openssl-3.0.0-dev-chacha_draft.patch | A draft version of chacha20-poly1305 is available. [View issue](https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427554824) |
55
-| openssl-1.1.1a-tls13_draft.patch | Enable TLS 1.3 draft 23, 26, 28, final. |
49
+| openssl-1.1.1a-tls13_draft.patch | Only for **TLS 1.3 draft 23, 26, 28, final support patch**. |
56
 | openssl-1.1.1a-tls13_nginx_config.patch | You can set TLS 1.3 ciphere in nginx. ex) TLS13+AESGCM+AES128 |
50
 | openssl-1.1.1a-tls13_nginx_config.patch | You can set TLS 1.3 ciphere in nginx. ex) TLS13+AESGCM+AES128 |
57
 | openssl-3.0.0-dev_version_error.patch | **TEST** This is a way to fix nginx when the following errors occur during the build:<br>Error: missing binary operator before token "("<br>Maybe patched: [https://github.com/openssl/openssl/pull/7839](https://github.com/openssl/openssl/pull/7839)<br>Patched : [https://github.com/openssl/openssl/commit/5d609f22d28615c45685d9da871d432e9cb81127](https://github.com/openssl/openssl/commit/5d609f22d28615c45685d9da871d432e9cb81127) |
51
 | openssl-3.0.0-dev_version_error.patch | **TEST** This is a way to fix nginx when the following errors occur during the build:<br>Error: missing binary operator before token "("<br>Maybe patched: [https://github.com/openssl/openssl/pull/7839](https://github.com/openssl/openssl/pull/7839)<br>Patched : [https://github.com/openssl/openssl/commit/5d609f22d28615c45685d9da871d432e9cb81127](https://github.com/openssl/openssl/commit/5d609f22d28615c45685d9da871d432e9cb81127) |
58
 
52
 
162
 ssl_prefer_server_ciphers on;
156
 ssl_prefer_server_ciphers on;
163
 ```
157
 ```
164
 
158
 
165
-### OpenSSL-1.1.1a, 3.0.0-dev ciphers (draft 23, 26, 28, final)
159
+### OpenSSL-1.1.1a, 3.0.0-dev ciphers
166
 ```
160
 ```
167
 [EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
161
 [EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
168
 ```
162
 ```
169
 
163
 
170
-### OpenSSL-1.1.1a_ciphers, 3.0.0-dev_ciphers ciphers (draft 23, 26, 28, final)
164
+### OpenSSL-1.1.1a_ciphers, 3.0.0-dev_ciphers ciphers
171
 ```
165
 ```
172
 [TLS13+AESGCM+AES128|TLS13+AESGCM+AES256|TLS13+CHACHA20]:[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
166
 [TLS13+AESGCM+AES128|TLS13+AESGCM+AES256|TLS13+CHACHA20]:[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
173
 ```
167
 ```

+ 27
- 27
openssl-3.0.0-dev-chacha_draft.patch View File

220
  # endif
220
  # endif
221
  #endif
221
  #endif
222
 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
222
 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
223
-index 859795fa50..550e794fca 100644
223
+index 78a9e7acaf..15c712b291 100644
224
 --- a/crypto/objects/obj_dat.h
224
 --- a/crypto/objects/obj_dat.h
225
 +++ b/crypto/objects/obj_dat.h
225
 +++ b/crypto/objects/obj_dat.h
226
 @@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
226
 @@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
227
      0x28,0xCC,0x45,0x03,0x04,                      /* [ 7761] OBJ_gmac */
227
      0x28,0xCC,0x45,0x03,0x04,                      /* [ 7761] OBJ_gmac */
228
  };
228
  };
229
  
229
  
230
--#define NUM_NID 1201
231
-+#define NUM_NID 1202
230
+-#define NUM_NID 1203
231
++#define NUM_NID 1204
232
  static const ASN1_OBJECT nid_objs[NUM_NID] = {
232
  static const ASN1_OBJECT nid_objs[NUM_NID] = {
233
      {"UNDEF", "undefined", NID_undef},
233
      {"UNDEF", "undefined", NID_undef},
234
      {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
234
      {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
235
-@@ -2282,9 +2282,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
236
-     {"AES-128-SIV", "aes-128-siv", NID_aes_128_siv},
237
-     {"AES-192-SIV", "aes-192-siv", NID_aes_192_siv},
235
+@@ -2284,9 +2284,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
238
      {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
236
      {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
237
+     {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac},
238
+     {"BLAKE2SMAC", "blake2smac", NID_blake2smac},
239
 +    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
239
 +    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
240
  };
240
  };
241
  
241
  
242
--#define NUM_SN 1192
243
-+#define NUM_SN 1193
242
+-#define NUM_SN 1194
243
++#define NUM_SN 1195
244
  static const unsigned int sn_objs[NUM_SN] = {
244
  static const unsigned int sn_objs[NUM_SN] = {
245
       364,    /* "AD_DVCS" */
245
       364,    /* "AD_DVCS" */
246
       419,    /* "AES-128-CBC" */
246
       419,    /* "AES-128-CBC" */
247
-@@ -2405,6 +2406,7 @@ static const unsigned int sn_objs[NUM_SN] = {
247
+@@ -2409,6 +2410,7 @@ static const unsigned int sn_objs[NUM_SN] = {
248
       417,    /* "CSPName" */
248
       417,    /* "CSPName" */
249
      1019,    /* "ChaCha20" */
249
      1019,    /* "ChaCha20" */
250
      1018,    /* "ChaCha20-Poly1305" */
250
      1018,    /* "ChaCha20-Poly1305" */
251
-+    1201,    /* "chacha20-poly1305-draft" */
251
++    1203,    /* "chacha20-poly1305-draft" */
252
       367,    /* "CrlID" */
252
       367,    /* "CrlID" */
253
       391,    /* "DC" */
253
       391,    /* "DC" */
254
        31,    /* "DES-CBC" */
254
        31,    /* "DES-CBC" */
255
-@@ -3480,7 +3482,7 @@ static const unsigned int sn_objs[NUM_SN] = {
255
+@@ -3484,7 +3486,7 @@ static const unsigned int sn_objs[NUM_SN] = {
256
      1093,    /* "x509ExtAdmission" */
256
      1093,    /* "x509ExtAdmission" */
257
  };
257
  };
258
  
258
  
259
--#define NUM_LN 1192
260
-+#define NUM_LN 1193
259
+-#define NUM_LN 1194
260
++#define NUM_LN 1195
261
  static const unsigned int ln_objs[NUM_LN] = {
261
  static const unsigned int ln_objs[NUM_LN] = {
262
       363,    /* "AD Time Stamping" */
262
       363,    /* "AD Time Stamping" */
263
       405,    /* "ANSI X9.62" */
263
       405,    /* "ANSI X9.62" */
264
-@@ -3862,6 +3864,7 @@ static const unsigned int ln_objs[NUM_LN] = {
264
+@@ -3868,6 +3870,7 @@ static const unsigned int ln_objs[NUM_LN] = {
265
       883,    /* "certificateRevocationList" */
265
       883,    /* "certificateRevocationList" */
266
      1019,    /* "chacha20" */
266
      1019,    /* "chacha20" */
267
      1018,    /* "chacha20-poly1305" */
267
      1018,    /* "chacha20-poly1305" */
268
-+    1201,    /* "ChaCha20-Poly1305-D" */
268
++    1203,    /* "ChaCha20-Poly1305-D" */
269
        54,    /* "challengePassword" */
269
        54,    /* "challengePassword" */
270
       407,    /* "characteristic-two-field" */
270
       407,    /* "characteristic-two-field" */
271
       395,    /* "clearance" */
271
       395,    /* "clearance" */
272
 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
272
 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
273
-index 021875d9e4..c13c751d74 100644
273
+index 87790200d4..94d033c158 100644
274
 --- a/crypto/objects/obj_mac.num
274
 --- a/crypto/objects/obj_mac.num
275
 +++ b/crypto/objects/obj_mac.num
275
 +++ b/crypto/objects/obj_mac.num
276
-@@ -1198,3 +1198,4 @@ kmac256		1197
277
- aes_128_siv		1198
278
- aes_192_siv		1199
276
+@@ -1200,3 +1200,4 @@ aes_192_siv		1199
279
  aes_256_siv		1200
277
  aes_256_siv		1200
280
-+chacha20_poly1305_draft		1201
278
+ blake2bmac		1201
279
+ blake2smac		1202
280
++chacha20_poly1305_draft		1203
281
 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
281
 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
282
-index 851e31e5aa..e5b288d999 100644
282
+index 344b67b395..21653d9b87 100644
283
 --- a/crypto/objects/objects.txt
283
 --- a/crypto/objects/objects.txt
284
 +++ b/crypto/objects/objects.txt
284
 +++ b/crypto/objects/objects.txt
285
-@@ -1541,6 +1541,7 @@ sm-scheme 104 7         : SM4-CTR             : sm4-ctr
285
+@@ -1543,6 +1543,7 @@ sm-scheme 104 7         : SM4-CTR             : sm4-ctr
286
  			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
286
  			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
287
  			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
287
  			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
288
  			: ChaCha20-Poly1305		: chacha20-poly1305
288
  			: ChaCha20-Poly1305		: chacha20-poly1305
291
  
291
  
292
  ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
292
  ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
293
 diff --git a/include/openssl/evp.h b/include/openssl/evp.h
293
 diff --git a/include/openssl/evp.h b/include/openssl/evp.h
294
-index 9f1dbd4b8b..774f102e48 100644
294
+index 23f07eaa05..c90c6435bd 100644
295
 --- a/include/openssl/evp.h
295
 --- a/include/openssl/evp.h
296
 +++ b/include/openssl/evp.h
296
 +++ b/include/openssl/evp.h
297
 @@ -928,6 +928,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
297
 @@ -928,6 +928,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
303
  # endif
303
  # endif
304
  
304
  
305
 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
305
 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
306
-index 242eaeb6ce..c8960d0e5c 100644
306
+index 97b2204ba6..a9b341243a 100644
307
 --- a/include/openssl/obj_mac.h
307
 --- a/include/openssl/obj_mac.h
308
 +++ b/include/openssl/obj_mac.h
308
 +++ b/include/openssl/obj_mac.h
309
-@@ -4824,6 +4824,10 @@
309
+@@ -4832,6 +4832,10 @@
310
  #define LN_chacha20             "chacha20"
310
  #define LN_chacha20             "chacha20"
311
  #define NID_chacha20            1019
311
  #define NID_chacha20            1019
312
  
312
  
313
 +#define SN_chacha20_poly1305_draft      "ChaCha20-Poly1305-D"
313
 +#define SN_chacha20_poly1305_draft      "ChaCha20-Poly1305-D"
314
 +#define LN_chacha20_poly1305_draft      "chacha20-poly1305-draft"
314
 +#define LN_chacha20_poly1305_draft      "chacha20-poly1305-draft"
315
-+#define NID_chacha20_poly1305_draft     1201
315
++#define NID_chacha20_poly1305_draft     1203
316
 +
316
 +
317
  #define SN_dhpublicnumber               "dhpublicnumber"
317
  #define SN_dhpublicnumber               "dhpublicnumber"
318
  #define LN_dhpublicnumber               "X9.42 DH"
318
  #define LN_dhpublicnumber               "X9.42 DH"
319
  #define NID_dhpublicnumber              920
319
  #define NID_dhpublicnumber              920
320
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
320
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
321
-index c7a830445b..8aa020669d 100644
321
+index 35311acaf4..c2bce6822d 100644
322
 --- a/include/openssl/ssl.h
322
 --- a/include/openssl/ssl.h
323
 +++ b/include/openssl/ssl.h
323
 +++ b/include/openssl/ssl.h
324
 @@ -125,6 +125,7 @@ extern "C" {
324
 @@ -125,6 +125,7 @@ extern "C" {

+ 0
- 202
openssl-equal-1.1.1a.patch View File

70
  # define SSL_R_UNEXPECTED_RECORD                          245
70
  # define SSL_R_UNEXPECTED_RECORD                          245
71
  # define SSL_R_UNINITIALIZED                              276
71
  # define SSL_R_UNINITIALIZED                              276
72
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
72
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
73
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
74
-index e13b5dd4bc..779341c948 100644
75
---- a/include/openssl/tls1.h
76
-+++ b/include/openssl/tls1.h
77
-@@ -30,6 +30,16 @@ extern "C" {
78
- # define TLS1_3_VERSION                  0x0304
79
- # define TLS_MAX_VERSION                 TLS1_3_VERSION
80
- 
81
-+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
82
-+# define TLS1_3_VERSION_DRAFT_23         0x7f17
83
-+# define TLS1_3_VERSION_DRAFT_26         0x7f1a
84
-+# define TLS1_3_VERSION_DRAFT_27         0x7f1b
85
-+# define TLS1_3_VERSION_DRAFT            0x7f1c
86
-+# define TLS1_3_VERSION_DRAFT_TXT_23     "TLS 1.3 (draft 23)"
87
-+# define TLS1_3_VERSION_DRAFT_TXT_26     "TLS 1.3 (draft 26)"
88
-+# define TLS1_3_VERSION_DRAFT_TXT_27     "TLS 1.3 (draft 27)"
89
-+# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 28)"
90
-+
91
- /* Special value for method supporting multiple versions */
92
- # define TLS_ANY_VERSION                 0x10000
93
- 
94
-diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
95
-index a11ed483e6..4fd583dd03 100644
96
---- a/ssl/record/ssl3_record_tls13.c
97
-+++ b/ssl/record/ssl3_record_tls13.c
98
-@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
99
-     if (((alg_enc & SSL_AESCCM) != 0
100
-                  && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
101
-                                      (unsigned int)rec->length) <= 0)
102
--            || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
103
--                                sizeof(recheader)) <= 0
104
-+            || (s->version_draft != TLS1_3_VERSION_DRAFT_23
105
-+                 && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
106
-+                                     sizeof(recheader)) <= 0)
107
-             || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
108
-                                 (unsigned int)rec->length) <= 0
109
-             || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
110
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
73
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
111
 index 866ca4dfa9..7b98b670d2 100644
74
 index 866ca4dfa9..7b98b670d2 100644
112
 --- a/ssl/s3_lib.c
75
 --- a/ssl/s3_lib.c
1022
      /* same as above but sorted for lookup */
985
      /* same as above but sorted for lookup */
1023
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
986
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1024
      /* TLSv1.3 specific ciphersuites */
987
      /* TLSv1.3 specific ciphersuites */
1025
-@@ -1080,6 +1117,8 @@ struct ssl_st {
1026
-      * DTLS1_VERSION)
1027
-      */
1028
-     int version;
1029
-+    /* TODO(TLS1.3): Remove this before release */
1030
-+    int version_draft;
1031
-     /* SSLv3 */
1032
-     const SSL_METHOD *method;
1033
-     /*
1034
 @@ -1138,7 +1177,7 @@ struct ssl_st {
988
 @@ -1138,7 +1177,7 @@ struct ssl_st {
1035
      /* Per connection DANE state */
989
      /* Per connection DANE state */
1036
      SSL_DANE dane;
990
      SSL_DANE dane;
1072
  __owur int ssl3_digest_cached_records(SSL *s, int keep);
1026
  __owur int ssl3_digest_cached_records(SSL *s, int keep);
1073
  __owur int ssl3_new(SSL *s);
1027
  __owur int ssl3_new(SSL *s);
1074
  void ssl3_free(SSL *s);
1028
  void ssl3_free(SSL *s);
1075
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
1076
-index ab4dbf6713..745897b638 100644
1077
---- a/ssl/statem/extensions_clnt.c
1078
-+++ b/ssl/statem/extensions_clnt.c
1079
-@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
1080
-         return EXT_RETURN_FAIL;
1081
-     }
1082
- 
1083
-+    /*
1084
-+     * TODO(TLS1.3): There is some discussion on the TLS list as to whether
1085
-+     * we should include versions <TLS1.2. For the moment we do. To be
1086
-+     * reviewed later.
1087
-+     */
1088
-     for (currv = max_version; currv >= min_version; currv--) {
1089
--        if (!WPACKET_put_bytes_u16(pkt, currv)) {
1090
-+        /* TODO(TLS1.3): Remove this first if clause prior to release!! */
1091
-+        if (currv == TLS1_3_VERSION) {
1092
-+            if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
1093
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
1094
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
1095
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
1096
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
1097
-+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1098
-+                         SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
1099
-+                         ERR_R_INTERNAL_ERROR);
1100
-+                return EXT_RETURN_FAIL;
1101
-+            }
1102
-+        } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
1103
-             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1104
-                      SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
1105
-                      ERR_R_INTERNAL_ERROR);
1106
-@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
1107
-         return 0;
1108
-     }
1109
- 
1110
-+    /* TODO(TLS1.3): Remove this before release */
1111
-+    if (version == TLS1_3_VERSION_DRAFT
1112
-+            || version == TLS1_3_VERSION_DRAFT_27
1113
-+            || version == TLS1_3_VERSION_DRAFT_26
1114
-+            || version == TLS1_3_VERSION_DRAFT_23) {
1115
-+        s->version_draft = version;
1116
-+        version = TLS1_3_VERSION;
1117
-+    }
1118
-+
1119
-     /*
1120
-      * The only protocol version we support which is valid in this extension in
1121
-      * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
1122
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
1123
-index 0f2b22392b..6c1ce9813f 100644
1124
---- a/ssl/statem/extensions_srvr.c
1125
-+++ b/ssl/statem/extensions_srvr.c
1126
-@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
1127
-     }
1128
-     if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
1129
-             || !WPACKET_start_sub_packet_u16(&hrrpkt)
1130
--            || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
1131
-+               /* TODO(TLS1.3): Fix this before release */
1132
-+            || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
1133
-             || !WPACKET_close(&hrrpkt)) {
1134
-         WPACKET_cleanup(&hrrpkt);
1135
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
1136
-@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
1137
- 
1138
-     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
1139
-             || !WPACKET_start_sub_packet_u16(pkt)
1140
--            || !WPACKET_put_bytes_u16(pkt, s->version)
1141
-+                /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
1142
-+            || !WPACKET_put_bytes_u16(pkt, s->version_draft)
1143
-             || !WPACKET_close(pkt)) {
1144
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1145
-                  SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
1146
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
1147
-index 4324896f50..d0de7ffe3d 100644
1148
---- a/ssl/statem/statem_lib.c
1149
-+++ b/ssl/statem/statem_lib.c
1150
-@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1151
-         unsigned int best_vers = 0;
1152
-         const SSL_METHOD *best_method = NULL;
1153
-         PACKET versionslist;
1154
-+        /* TODO(TLS1.3): Remove this before release */
1155
-+        unsigned int orig_candidate = 0;
1156
- 
1157
-         suppversions->parsed = 1;
1158
- 
1159
-@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1160
-             return SSL_R_BAD_LEGACY_VERSION;
1161
- 
1162
-         while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
1163
-+            /* TODO(TLS1.3): Remove this before release */
1164
-+            if (candidate_vers == TLS1_3_VERSION
1165
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT
1166
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT_26
1167
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
1168
-+                if (best_vers == TLS1_3_VERSION
1169
-+                        && (orig_candidate > candidate_vers
1170
-+                        || orig_candidate == TLS1_3_VERSION))
1171
-+                    continue;
1172
-+                orig_candidate = candidate_vers;
1173
-+                candidate_vers = TLS1_3_VERSION;
1174
-+            }
1175
-+            /*
1176
-+             * TODO(TLS1.3): There is some discussion on the TLS list about
1177
-+             * whether to ignore versions <TLS1.2 in supported_versions. At the
1178
-+             * moment we honour them if present. To be reviewed later
1179
-+             */
1180
-             if (version_cmp(s, candidate_vers, best_vers) <= 0)
1181
-                 continue;
1182
-             if (ssl_version_supported(s, candidate_vers, &best_method))
1183
-@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1184
-             }
1185
-             check_for_downgrade(s, best_vers, dgrd);
1186
-             s->version = best_vers;
1187
-+            /* TODO(TLS1.3): Remove this before release */
1188
-+            if (best_vers == TLS1_3_VERSION)
1189
-+                s->version_draft = orig_candidate;
1190
-             s->method = best_method;
1191
-             return 0;
1192
-         }
1193
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1029
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1194
 index e7c11c4bea..a2a6c1e44e 100644
1030
 index e7c11c4bea..a2a6c1e44e 100644
1195
 --- a/ssl/statem/statem_srvr.c
1031
 --- a/ssl/statem/statem_srvr.c
1233
  
1069
  
1234
                  if (cipher == NULL) {
1070
                  if (cipher == NULL) {
1235
                      SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1071
                      SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1236
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
1237
-index be3039af38..99c4ddcb41 100644
1238
---- a/ssl/t1_trce.c
1239
-+++ b/ssl/t1_trce.c
1240
-@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
1241
-     {TLS1_1_VERSION, "TLS 1.1"},
1242
-     {TLS1_2_VERSION, "TLS 1.2"},
1243
-     {TLS1_3_VERSION, "TLS 1.3"},
1244
-+    /* TODO(TLS1.3): Remove these lines before release */
1245
-+    {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
1246
-+    {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
1247
-+    {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
1248
-+    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
1249
-     {DTLS1_VERSION, "DTLS 1.0"},
1250
-     {DTLS1_2_VERSION, "DTLS 1.2"},
1251
-     {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
1252
-@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
1253
-     if (*pmsglen < 2)
1254
-         return 0;
1255
-     vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
1256
--    if (version != NULL)
1257
--        *version = vers;
1258
-+    if (version != NULL) {
1259
-+        /* TODO(TLS1.3): Remove the draft conditional here before release */
1260
-+        switch(vers) {
1261
-+        case TLS1_3_VERSION_DRAFT_23:
1262
-+        case TLS1_3_VERSION_DRAFT_26:
1263
-+        case TLS1_3_VERSION_DRAFT_27:
1264
-+        case TLS1_3_VERSION_DRAFT:
1265
-+            *version = TLS1_3_VERSION;
1266
-+            break;
1267
-+        default:
1268
-+            *version = vers;
1269
-+        }
1270
-+    }
1271
-     BIO_indent(bio, indent, 80);
1272
-     BIO_printf(bio, "%s=0x%x (%s)\n",
1273
-                name, vers, ssl_trace_str(vers, ssl_version_tbl));

+ 0
- 202
openssl-equal-1.1.1a_ciphers.patch View File

49
  # define SSL_R_UNEXPECTED_RECORD                          245
49
  # define SSL_R_UNEXPECTED_RECORD                          245
50
  # define SSL_R_UNINITIALIZED                              276
50
  # define SSL_R_UNINITIALIZED                              276
51
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
51
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
52
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
53
-index e13b5dd4bc..779341c948 100644
54
---- a/include/openssl/tls1.h
55
-+++ b/include/openssl/tls1.h
56
-@@ -30,6 +30,16 @@ extern "C" {
57
- # define TLS1_3_VERSION                  0x0304
58
- # define TLS_MAX_VERSION                 TLS1_3_VERSION
59
- 
60
-+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
61
-+# define TLS1_3_VERSION_DRAFT_23         0x7f17
62
-+# define TLS1_3_VERSION_DRAFT_26         0x7f1a
63
-+# define TLS1_3_VERSION_DRAFT_27         0x7f1b
64
-+# define TLS1_3_VERSION_DRAFT            0x7f1c
65
-+# define TLS1_3_VERSION_DRAFT_TXT_23     "TLS 1.3 (draft 23)"
66
-+# define TLS1_3_VERSION_DRAFT_TXT_26     "TLS 1.3 (draft 26)"
67
-+# define TLS1_3_VERSION_DRAFT_TXT_27     "TLS 1.3 (draft 27)"
68
-+# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 28)"
69
-+
70
- /* Special value for method supporting multiple versions */
71
- # define TLS_ANY_VERSION                 0x10000
72
- 
73
-diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
74
-index a11ed483e6..4fd583dd03 100644
75
---- a/ssl/record/ssl3_record_tls13.c
76
-+++ b/ssl/record/ssl3_record_tls13.c
77
-@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
78
-     if (((alg_enc & SSL_AESCCM) != 0
79
-                  && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
80
-                                      (unsigned int)rec->length) <= 0)
81
--            || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
82
--                                sizeof(recheader)) <= 0
83
-+            || (s->version_draft != TLS1_3_VERSION_DRAFT_23
84
-+                 && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
85
-+                                     sizeof(recheader)) <= 0)
86
-             || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
87
-                                 (unsigned int)rec->length) <= 0
88
-             || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
89
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
52
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
90
 index 866ca4dfa9..1b6b99cb19 100644
53
 index 866ca4dfa9..1b6b99cb19 100644
91
 --- a/ssl/s3_lib.c
54
 --- a/ssl/s3_lib.c
1057
      /* same as above but sorted for lookup */
1020
      /* same as above but sorted for lookup */
1058
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1021
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1059
      /* TLSv1.3 specific ciphersuites */
1022
      /* TLSv1.3 specific ciphersuites */
1060
-@@ -1080,6 +1117,8 @@ struct ssl_st {
1061
-      * DTLS1_VERSION)
1062
-      */
1063
-     int version;
1064
-+    /* TODO(TLS1.3): Remove this before release */
1065
-+    int version_draft;
1066
-     /* SSLv3 */
1067
-     const SSL_METHOD *method;
1068
-     /*
1069
 @@ -1138,7 +1177,7 @@ struct ssl_st {
1023
 @@ -1138,7 +1177,7 @@ struct ssl_st {
1070
      /* Per connection DANE state */
1024
      /* Per connection DANE state */
1071
      SSL_DANE dane;
1025
      SSL_DANE dane;
1107
  __owur int ssl3_digest_cached_records(SSL *s, int keep);
1061
  __owur int ssl3_digest_cached_records(SSL *s, int keep);
1108
  __owur int ssl3_new(SSL *s);
1062
  __owur int ssl3_new(SSL *s);
1109
  void ssl3_free(SSL *s);
1063
  void ssl3_free(SSL *s);
1110
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
1111
-index ab4dbf6713..745897b638 100644
1112
---- a/ssl/statem/extensions_clnt.c
1113
-+++ b/ssl/statem/extensions_clnt.c
1114
-@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
1115
-         return EXT_RETURN_FAIL;
1116
-     }
1117
- 
1118
-+    /*
1119
-+     * TODO(TLS1.3): There is some discussion on the TLS list as to whether
1120
-+     * we should include versions <TLS1.2. For the moment we do. To be
1121
-+     * reviewed later.
1122
-+     */
1123
-     for (currv = max_version; currv >= min_version; currv--) {
1124
--        if (!WPACKET_put_bytes_u16(pkt, currv)) {
1125
-+        /* TODO(TLS1.3): Remove this first if clause prior to release!! */
1126
-+        if (currv == TLS1_3_VERSION) {
1127
-+            if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
1128
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
1129
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
1130
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
1131
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
1132
-+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1133
-+                         SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
1134
-+                         ERR_R_INTERNAL_ERROR);
1135
-+                return EXT_RETURN_FAIL;
1136
-+            }
1137
-+        } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
1138
-             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1139
-                      SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
1140
-                      ERR_R_INTERNAL_ERROR);
1141
-@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
1142
-         return 0;
1143
-     }
1144
- 
1145
-+    /* TODO(TLS1.3): Remove this before release */
1146
-+    if (version == TLS1_3_VERSION_DRAFT
1147
-+            || version == TLS1_3_VERSION_DRAFT_27
1148
-+            || version == TLS1_3_VERSION_DRAFT_26
1149
-+            || version == TLS1_3_VERSION_DRAFT_23) {
1150
-+        s->version_draft = version;
1151
-+        version = TLS1_3_VERSION;
1152
-+    }
1153
-+
1154
-     /*
1155
-      * The only protocol version we support which is valid in this extension in
1156
-      * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
1157
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
1158
-index 0f2b22392b..6c1ce9813f 100644
1159
---- a/ssl/statem/extensions_srvr.c
1160
-+++ b/ssl/statem/extensions_srvr.c
1161
-@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
1162
-     }
1163
-     if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
1164
-             || !WPACKET_start_sub_packet_u16(&hrrpkt)
1165
--            || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
1166
-+               /* TODO(TLS1.3): Fix this before release */
1167
-+            || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
1168
-             || !WPACKET_close(&hrrpkt)) {
1169
-         WPACKET_cleanup(&hrrpkt);
1170
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
1171
-@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
1172
- 
1173
-     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
1174
-             || !WPACKET_start_sub_packet_u16(pkt)
1175
--            || !WPACKET_put_bytes_u16(pkt, s->version)
1176
-+                /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
1177
-+            || !WPACKET_put_bytes_u16(pkt, s->version_draft)
1178
-             || !WPACKET_close(pkt)) {
1179
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1180
-                  SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
1181
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
1182
-index 4324896f50..d0de7ffe3d 100644
1183
---- a/ssl/statem/statem_lib.c
1184
-+++ b/ssl/statem/statem_lib.c
1185
-@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1186
-         unsigned int best_vers = 0;
1187
-         const SSL_METHOD *best_method = NULL;
1188
-         PACKET versionslist;
1189
-+        /* TODO(TLS1.3): Remove this before release */
1190
-+        unsigned int orig_candidate = 0;
1191
- 
1192
-         suppversions->parsed = 1;
1193
- 
1194
-@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1195
-             return SSL_R_BAD_LEGACY_VERSION;
1196
- 
1197
-         while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
1198
-+            /* TODO(TLS1.3): Remove this before release */
1199
-+            if (candidate_vers == TLS1_3_VERSION
1200
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT
1201
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT_26
1202
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
1203
-+                if (best_vers == TLS1_3_VERSION
1204
-+                        && (orig_candidate > candidate_vers
1205
-+                        || orig_candidate == TLS1_3_VERSION))
1206
-+                    continue;
1207
-+                orig_candidate = candidate_vers;
1208
-+                candidate_vers = TLS1_3_VERSION;
1209
-+            }
1210
-+            /*
1211
-+             * TODO(TLS1.3): There is some discussion on the TLS list about
1212
-+             * whether to ignore versions <TLS1.2 in supported_versions. At the
1213
-+             * moment we honour them if present. To be reviewed later
1214
-+             */
1215
-             if (version_cmp(s, candidate_vers, best_vers) <= 0)
1216
-                 continue;
1217
-             if (ssl_version_supported(s, candidate_vers, &best_method))
1218
-@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1219
-             }
1220
-             check_for_downgrade(s, best_vers, dgrd);
1221
-             s->version = best_vers;
1222
-+            /* TODO(TLS1.3): Remove this before release */
1223
-+            if (best_vers == TLS1_3_VERSION)
1224
-+                s->version_draft = orig_candidate;
1225
-             s->method = best_method;
1226
-             return 0;
1227
-         }
1228
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1064
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1229
 index e7c11c4bea..a2a6c1e44e 100644
1065
 index e7c11c4bea..a2a6c1e44e 100644
1230
 --- a/ssl/statem/statem_srvr.c
1066
 --- a/ssl/statem/statem_srvr.c
1268
  
1104
  
1269
                  if (cipher == NULL) {
1105
                  if (cipher == NULL) {
1270
                      SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1106
                      SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1271
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
1272
-index be3039af38..99c4ddcb41 100644
1273
---- a/ssl/t1_trce.c
1274
-+++ b/ssl/t1_trce.c
1275
-@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
1276
-     {TLS1_1_VERSION, "TLS 1.1"},
1277
-     {TLS1_2_VERSION, "TLS 1.2"},
1278
-     {TLS1_3_VERSION, "TLS 1.3"},
1279
-+    /* TODO(TLS1.3): Remove these lines before release */
1280
-+    {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
1281
-+    {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
1282
-+    {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
1283
-+    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
1284
-     {DTLS1_VERSION, "DTLS 1.0"},
1285
-     {DTLS1_2_VERSION, "DTLS 1.2"},
1286
-     {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
1287
-@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
1288
-     if (*pmsglen < 2)
1289
-         return 0;
1290
-     vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
1291
--    if (version != NULL)
1292
--        *version = vers;
1293
-+    if (version != NULL) {
1294
-+        /* TODO(TLS1.3): Remove the draft conditional here before release */
1295
-+        switch(vers) {
1296
-+        case TLS1_3_VERSION_DRAFT_23:
1297
-+        case TLS1_3_VERSION_DRAFT_26:
1298
-+        case TLS1_3_VERSION_DRAFT_27:
1299
-+        case TLS1_3_VERSION_DRAFT:
1300
-+            *version = TLS1_3_VERSION;
1301
-+            break;
1302
-+        default:
1303
-+            *version = vers;
1304
-+        }
1305
-+    }
1306
-     BIO_indent(bio, indent, 80);
1307
-     BIO_printf(bio, "%s=0x%x (%s)\n",
1308
-                name, vers, ssl_trace_str(vers, ssl_version_tbl));

+ 0
- 202
openssl-equal-3.0.0-dev.patch View File

70
  # define SSL_R_UNEXPECTED_RECORD                          245
70
  # define SSL_R_UNEXPECTED_RECORD                          245
71
  # define SSL_R_UNINITIALIZED                              276
71
  # define SSL_R_UNINITIALIZED                              276
72
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
72
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
73
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
74
-index 166f15ad5c..3205f1cbfb 100644
75
---- a/include/openssl/tls1.h
76
-+++ b/include/openssl/tls1.h
77
-@@ -32,6 +32,16 @@ extern "C" {
78
- #  define TLS_MAX_VERSION                TLS1_3_VERSION
79
- # endif
80
- 
81
-+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
82
-+# define TLS1_3_VERSION_DRAFT_23         0x7f17
83
-+# define TLS1_3_VERSION_DRAFT_26         0x7f1a
84
-+# define TLS1_3_VERSION_DRAFT_27         0x7f1b
85
-+# define TLS1_3_VERSION_DRAFT            0x7f1c
86
-+# define TLS1_3_VERSION_DRAFT_TXT_23     "TLS 1.3 (draft 23)"
87
-+# define TLS1_3_VERSION_DRAFT_TXT_26     "TLS 1.3 (draft 26)"
88
-+# define TLS1_3_VERSION_DRAFT_TXT_27     "TLS 1.3 (draft 27)"
89
-+# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 28)"
90
-+
91
- /* Special value for method supporting multiple versions */
92
- # define TLS_ANY_VERSION                 0x10000
93
- 
94
-diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
95
-index 30e5dddf82..4f1c2f2bd1 100644
96
---- a/ssl/record/ssl3_record_tls13.c
97
-+++ b/ssl/record/ssl3_record_tls13.c
98
-@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
99
-     if (((alg_enc & SSL_AESCCM) != 0
100
-                  && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
101
-                                      (unsigned int)rec->length) <= 0)
102
--            || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
103
--                                sizeof(recheader)) <= 0
104
-+            || (s->version_draft != TLS1_3_VERSION_DRAFT_23
105
-+                 && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
106
-+                                     sizeof(recheader)) <= 0)
107
-             || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
108
-                                 (unsigned int)rec->length) <= 0
109
-             || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
110
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
73
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
111
 index a5b3dbbfd5..505c32d18e 100644
74
 index a5b3dbbfd5..505c32d18e 100644
112
 --- a/ssl/s3_lib.c
75
 --- a/ssl/s3_lib.c
1022
      /* same as above but sorted for lookup */
985
      /* same as above but sorted for lookup */
1023
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
986
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1024
      /* TLSv1.3 specific ciphersuites */
987
      /* TLSv1.3 specific ciphersuites */
1025
-@@ -1088,6 +1125,8 @@ struct ssl_st {
1026
-      * DTLS1_VERSION)
1027
-      */
1028
-     int version;
1029
-+    /* TODO(TLS1.3): Remove this before release */
1030
-+    int version_draft;
1031
-     /* SSLv3 */
1032
-     const SSL_METHOD *method;
1033
-     /*
1034
 @@ -1146,7 +1185,7 @@ struct ssl_st {
988
 @@ -1146,7 +1185,7 @@ struct ssl_st {
1035
      /* Per connection DANE state */
989
      /* Per connection DANE state */
1036
      SSL_DANE dane;
990
      SSL_DANE dane;
1072
  __owur int ssl3_digest_cached_records(SSL *s, int keep);
1026
  __owur int ssl3_digest_cached_records(SSL *s, int keep);
1073
  __owur int ssl3_new(SSL *s);
1027
  __owur int ssl3_new(SSL *s);
1074
  void ssl3_free(SSL *s);
1028
  void ssl3_free(SSL *s);
1075
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
1076
-index 6e133e026e..f26bc8e879 100644
1077
---- a/ssl/statem/extensions_clnt.c
1078
-+++ b/ssl/statem/extensions_clnt.c
1079
-@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
1080
-         return EXT_RETURN_FAIL;
1081
-     }
1082
- 
1083
-+    /*
1084
-+     * TODO(TLS1.3): There is some discussion on the TLS list as to whether
1085
-+     * we should include versions <TLS1.2. For the moment we do. To be
1086
-+     * reviewed later.
1087
-+     */
1088
-     for (currv = max_version; currv >= min_version; currv--) {
1089
--        if (!WPACKET_put_bytes_u16(pkt, currv)) {
1090
-+        /* TODO(TLS1.3): Remove this first if clause prior to release!! */
1091
-+        if (currv == TLS1_3_VERSION) {
1092
-+            if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
1093
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
1094
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
1095
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
1096
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
1097
-+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1098
-+                         SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
1099
-+                         ERR_R_INTERNAL_ERROR);
1100
-+                return EXT_RETURN_FAIL;
1101
-+            }
1102
-+        } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
1103
-             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1104
-                      SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
1105
-                      ERR_R_INTERNAL_ERROR);
1106
-@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
1107
-         return 0;
1108
-     }
1109
- 
1110
-+    /* TODO(TLS1.3): Remove this before release */
1111
-+    if (version == TLS1_3_VERSION_DRAFT
1112
-+            || version == TLS1_3_VERSION_DRAFT_27
1113
-+            || version == TLS1_3_VERSION_DRAFT_26
1114
-+            || version == TLS1_3_VERSION_DRAFT_23) {
1115
-+        s->version_draft = version;
1116
-+        version = TLS1_3_VERSION;
1117
-+    }
1118
-+
1119
-     /*
1120
-      * The only protocol version we support which is valid in this extension in
1121
-      * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
1122
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
1123
-index 6545f5727d..15786a7bfc 100644
1124
---- a/ssl/statem/extensions_srvr.c
1125
-+++ b/ssl/statem/extensions_srvr.c
1126
-@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
1127
-     }
1128
-     if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
1129
-             || !WPACKET_start_sub_packet_u16(&hrrpkt)
1130
--            || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
1131
-+               /* TODO(TLS1.3): Fix this before release */
1132
-+            || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
1133
-             || !WPACKET_close(&hrrpkt)) {
1134
-         WPACKET_cleanup(&hrrpkt);
1135
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
1136
-@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
1137
- 
1138
-     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
1139
-             || !WPACKET_start_sub_packet_u16(pkt)
1140
--            || !WPACKET_put_bytes_u16(pkt, s->version)
1141
-+                /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
1142
-+            || !WPACKET_put_bytes_u16(pkt, s->version_draft)
1143
-             || !WPACKET_close(pkt)) {
1144
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1145
-                  SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
1146
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
1147
-index 2f78a3f602..5d5121d12b 100644
1148
---- a/ssl/statem/statem_lib.c
1149
-+++ b/ssl/statem/statem_lib.c
1150
-@@ -1770,6 +1770,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1151
-         unsigned int best_vers = 0;
1152
-         const SSL_METHOD *best_method = NULL;
1153
-         PACKET versionslist;
1154
-+        /* TODO(TLS1.3): Remove this before release */
1155
-+        unsigned int orig_candidate = 0;
1156
- 
1157
-         suppversions->parsed = 1;
1158
- 
1159
-@@ -1791,6 +1793,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1160
-             return SSL_R_BAD_LEGACY_VERSION;
1161
- 
1162
-         while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
1163
-+            /* TODO(TLS1.3): Remove this before release */
1164
-+            if (candidate_vers == TLS1_3_VERSION
1165
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT
1166
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT_26
1167
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
1168
-+                if (best_vers == TLS1_3_VERSION
1169
-+                        && (orig_candidate > candidate_vers
1170
-+                        || orig_candidate == TLS1_3_VERSION))
1171
-+                    continue;
1172
-+                orig_candidate = candidate_vers;
1173
-+                candidate_vers = TLS1_3_VERSION;
1174
-+            }
1175
-+            /*
1176
-+             * TODO(TLS1.3): There is some discussion on the TLS list about
1177
-+             * whether to ignore versions <TLS1.2 in supported_versions. At the
1178
-+             * moment we honour them if present. To be reviewed later
1179
-+             */
1180
-             if (version_cmp(s, candidate_vers, best_vers) <= 0)
1181
-                 continue;
1182
-             if (ssl_version_supported(s, candidate_vers, &best_method))
1183
-@@ -1813,6 +1832,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1184
-             }
1185
-             check_for_downgrade(s, best_vers, dgrd);
1186
-             s->version = best_vers;
1187
-+            /* TODO(TLS1.3): Remove this before release */
1188
-+            if (best_vers == TLS1_3_VERSION)
1189
-+                s->version_draft = orig_candidate;
1190
-             s->method = best_method;
1191
-             return 0;
1192
-         }
1193
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1029
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1194
 index b0dd54903d..1d096858f8 100644
1030
 index b0dd54903d..1d096858f8 100644
1195
 --- a/ssl/statem/statem_srvr.c
1031
 --- a/ssl/statem/statem_srvr.c
1233
  
1069
  
1234
                  if (cipher == NULL) {
1070
                  if (cipher == NULL) {
1235
                      SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1071
                      SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1236
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
1237
-index 656fefe896..654271f368 100644
1238
---- a/ssl/t1_trce.c
1239
-+++ b/ssl/t1_trce.c
1240
-@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
1241
-     {TLS1_1_VERSION, "TLS 1.1"},
1242
-     {TLS1_2_VERSION, "TLS 1.2"},
1243
-     {TLS1_3_VERSION, "TLS 1.3"},
1244
-+    /* TODO(TLS1.3): Remove these lines before release */
1245
-+    {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
1246
-+    {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
1247
-+    {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
1248
-+    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
1249
-     {DTLS1_VERSION, "DTLS 1.0"},
1250
-     {DTLS1_2_VERSION, "DTLS 1.2"},
1251
-     {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
1252
-@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
1253
-     if (*pmsglen < 2)
1254
-         return 0;
1255
-     vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
1256
--    if (version != NULL)
1257
--        *version = vers;
1258
-+    if (version != NULL) {
1259
-+        /* TODO(TLS1.3): Remove the draft conditional here before release */
1260
-+        switch(vers) {
1261
-+        case TLS1_3_VERSION_DRAFT_23:
1262
-+        case TLS1_3_VERSION_DRAFT_26:
1263
-+        case TLS1_3_VERSION_DRAFT_27:
1264
-+        case TLS1_3_VERSION_DRAFT:
1265
-+            *version = TLS1_3_VERSION;
1266
-+            break;
1267
-+        default:
1268
-+            *version = vers;
1269
-+        }
1270
-+    }
1271
-     BIO_indent(bio, indent, 80);
1272
-     BIO_printf(bio, "%s=0x%x (%s)\n",
1273
-                name, vers, ssl_trace_str(vers, ssl_version_tbl));

+ 0
- 202
openssl-equal-3.0.0-dev_ciphers.patch View File

49
  # define SSL_R_UNEXPECTED_RECORD                          245
49
  # define SSL_R_UNEXPECTED_RECORD                          245
50
  # define SSL_R_UNINITIALIZED                              276
50
  # define SSL_R_UNINITIALIZED                              276
51
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
51
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
52
-diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
53
-index 166f15ad5c..3205f1cbfb 100644
54
---- a/include/openssl/tls1.h
55
-+++ b/include/openssl/tls1.h
56
-@@ -32,6 +32,16 @@ extern "C" {
57
- #  define TLS_MAX_VERSION                TLS1_3_VERSION
58
- # endif
59
- 
60
-+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
61
-+# define TLS1_3_VERSION_DRAFT_23         0x7f17
62
-+# define TLS1_3_VERSION_DRAFT_26         0x7f1a
63
-+# define TLS1_3_VERSION_DRAFT_27         0x7f1b
64
-+# define TLS1_3_VERSION_DRAFT            0x7f1c
65
-+# define TLS1_3_VERSION_DRAFT_TXT_23     "TLS 1.3 (draft 23)"
66
-+# define TLS1_3_VERSION_DRAFT_TXT_26     "TLS 1.3 (draft 26)"
67
-+# define TLS1_3_VERSION_DRAFT_TXT_27     "TLS 1.3 (draft 27)"
68
-+# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 28)"
69
-+
70
- /* Special value for method supporting multiple versions */
71
- # define TLS_ANY_VERSION                 0x10000
72
- 
73
-diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
74
-index 30e5dddf82..4f1c2f2bd1 100644
75
---- a/ssl/record/ssl3_record_tls13.c
76
-+++ b/ssl/record/ssl3_record_tls13.c
77
-@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
78
-     if (((alg_enc & SSL_AESCCM) != 0
79
-                  && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
80
-                                      (unsigned int)rec->length) <= 0)
81
--            || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
82
--                                sizeof(recheader)) <= 0
83
-+            || (s->version_draft != TLS1_3_VERSION_DRAFT_23
84
-+                 && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
85
-+                                     sizeof(recheader)) <= 0)
86
-             || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
87
-                                 (unsigned int)rec->length) <= 0
88
-             || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
89
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
52
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
90
 index a5b3dbbfd5..6dd4ad4b68 100644
53
 index a5b3dbbfd5..6dd4ad4b68 100644
91
 --- a/ssl/s3_lib.c
54
 --- a/ssl/s3_lib.c
1057
      /* same as above but sorted for lookup */
1020
      /* same as above but sorted for lookup */
1058
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1021
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1059
      /* TLSv1.3 specific ciphersuites */
1022
      /* TLSv1.3 specific ciphersuites */
1060
-@@ -1088,6 +1125,8 @@ struct ssl_st {
1061
-      * DTLS1_VERSION)
1062
-      */
1063
-     int version;
1064
-+    /* TODO(TLS1.3): Remove this before release */
1065
-+    int version_draft;
1066
-     /* SSLv3 */
1067
-     const SSL_METHOD *method;
1068
-     /*
1069
 @@ -1146,7 +1185,7 @@ struct ssl_st {
1023
 @@ -1146,7 +1185,7 @@ struct ssl_st {
1070
      /* Per connection DANE state */
1024
      /* Per connection DANE state */
1071
      SSL_DANE dane;
1025
      SSL_DANE dane;
1107
  __owur int ssl3_digest_cached_records(SSL *s, int keep);
1061
  __owur int ssl3_digest_cached_records(SSL *s, int keep);
1108
  __owur int ssl3_new(SSL *s);
1062
  __owur int ssl3_new(SSL *s);
1109
  void ssl3_free(SSL *s);
1063
  void ssl3_free(SSL *s);
1110
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
1111
-index 6e133e026e..f26bc8e879 100644
1112
---- a/ssl/statem/extensions_clnt.c
1113
-+++ b/ssl/statem/extensions_clnt.c
1114
-@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
1115
-         return EXT_RETURN_FAIL;
1116
-     }
1117
- 
1118
-+    /*
1119
-+     * TODO(TLS1.3): There is some discussion on the TLS list as to whether
1120
-+     * we should include versions <TLS1.2. For the moment we do. To be
1121
-+     * reviewed later.
1122
-+     */
1123
-     for (currv = max_version; currv >= min_version; currv--) {
1124
--        if (!WPACKET_put_bytes_u16(pkt, currv)) {
1125
-+        /* TODO(TLS1.3): Remove this first if clause prior to release!! */
1126
-+        if (currv == TLS1_3_VERSION) {
1127
-+            if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
1128
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
1129
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
1130
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
1131
-+                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
1132
-+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1133
-+                         SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
1134
-+                         ERR_R_INTERNAL_ERROR);
1135
-+                return EXT_RETURN_FAIL;
1136
-+            }
1137
-+        } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
1138
-             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1139
-                      SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
1140
-                      ERR_R_INTERNAL_ERROR);
1141
-@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
1142
-         return 0;
1143
-     }
1144
- 
1145
-+    /* TODO(TLS1.3): Remove this before release */
1146
-+    if (version == TLS1_3_VERSION_DRAFT
1147
-+            || version == TLS1_3_VERSION_DRAFT_27
1148
-+            || version == TLS1_3_VERSION_DRAFT_26
1149
-+            || version == TLS1_3_VERSION_DRAFT_23) {
1150
-+        s->version_draft = version;
1151
-+        version = TLS1_3_VERSION;
1152
-+    }
1153
-+
1154
-     /*
1155
-      * The only protocol version we support which is valid in this extension in
1156
-      * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
1157
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
1158
-index 6545f5727d..15786a7bfc 100644
1159
---- a/ssl/statem/extensions_srvr.c
1160
-+++ b/ssl/statem/extensions_srvr.c
1161
-@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
1162
-     }
1163
-     if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
1164
-             || !WPACKET_start_sub_packet_u16(&hrrpkt)
1165
--            || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
1166
-+               /* TODO(TLS1.3): Fix this before release */
1167
-+            || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
1168
-             || !WPACKET_close(&hrrpkt)) {
1169
-         WPACKET_cleanup(&hrrpkt);
1170
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
1171
-@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
1172
- 
1173
-     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
1174
-             || !WPACKET_start_sub_packet_u16(pkt)
1175
--            || !WPACKET_put_bytes_u16(pkt, s->version)
1176
-+                /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
1177
-+            || !WPACKET_put_bytes_u16(pkt, s->version_draft)
1178
-             || !WPACKET_close(pkt)) {
1179
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1180
-                  SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
1181
-diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
1182
-index 2f78a3f602..5d5121d12b 100644
1183
---- a/ssl/statem/statem_lib.c
1184
-+++ b/ssl/statem/statem_lib.c
1185
-@@ -1770,6 +1770,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1186
-         unsigned int best_vers = 0;
1187
-         const SSL_METHOD *best_method = NULL;
1188
-         PACKET versionslist;
1189
-+        /* TODO(TLS1.3): Remove this before release */
1190
-+        unsigned int orig_candidate = 0;
1191
- 
1192
-         suppversions->parsed = 1;
1193
- 
1194
-@@ -1791,6 +1793,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1195
-             return SSL_R_BAD_LEGACY_VERSION;
1196
- 
1197
-         while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
1198
-+            /* TODO(TLS1.3): Remove this before release */
1199
-+            if (candidate_vers == TLS1_3_VERSION
1200
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT
1201
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT_26
1202
-+                    || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
1203
-+                if (best_vers == TLS1_3_VERSION
1204
-+                        && (orig_candidate > candidate_vers
1205
-+                        || orig_candidate == TLS1_3_VERSION))
1206
-+                    continue;
1207
-+                orig_candidate = candidate_vers;
1208
-+                candidate_vers = TLS1_3_VERSION;
1209
-+            }
1210
-+            /*
1211
-+             * TODO(TLS1.3): There is some discussion on the TLS list about
1212
-+             * whether to ignore versions <TLS1.2 in supported_versions. At the
1213
-+             * moment we honour them if present. To be reviewed later
1214
-+             */
1215
-             if (version_cmp(s, candidate_vers, best_vers) <= 0)
1216
-                 continue;
1217
-             if (ssl_version_supported(s, candidate_vers, &best_method))
1218
-@@ -1813,6 +1832,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1219
-             }
1220
-             check_for_downgrade(s, best_vers, dgrd);
1221
-             s->version = best_vers;
1222
-+            /* TODO(TLS1.3): Remove this before release */
1223
-+            if (best_vers == TLS1_3_VERSION)
1224
-+                s->version_draft = orig_candidate;
1225
-             s->method = best_method;
1226
-             return 0;
1227
-         }
1228
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1064
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1229
 index b0dd54903d..1d096858f8 100644
1065
 index b0dd54903d..1d096858f8 100644
1230
 --- a/ssl/statem/statem_srvr.c
1066
 --- a/ssl/statem/statem_srvr.c
1268
  
1104
  
1269
                  if (cipher == NULL) {
1105
                  if (cipher == NULL) {
1270
                      SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1106
                      SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1271
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
1272
-index 656fefe896..654271f368 100644
1273
---- a/ssl/t1_trce.c
1274
-+++ b/ssl/t1_trce.c
1275
-@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
1276
-     {TLS1_1_VERSION, "TLS 1.1"},
1277
-     {TLS1_2_VERSION, "TLS 1.2"},
1278
-     {TLS1_3_VERSION, "TLS 1.3"},
1279
-+    /* TODO(TLS1.3): Remove these lines before release */
1280
-+    {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
1281
-+    {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
1282
-+    {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
1283
-+    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
1284
-     {DTLS1_VERSION, "DTLS 1.0"},
1285
-     {DTLS1_2_VERSION, "DTLS 1.2"},
1286
-     {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
1287
-@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
1288
-     if (*pmsglen < 2)
1289
-         return 0;
1290
-     vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
1291
--    if (version != NULL)
1292
--        *version = vers;
1293
-+    if (version != NULL) {
1294
-+        /* TODO(TLS1.3): Remove the draft conditional here before release */
1295
-+        switch(vers) {
1296
-+        case TLS1_3_VERSION_DRAFT_23:
1297
-+        case TLS1_3_VERSION_DRAFT_26:
1298
-+        case TLS1_3_VERSION_DRAFT_27:
1299
-+        case TLS1_3_VERSION_DRAFT:
1300
-+            *version = TLS1_3_VERSION;
1301
-+            break;
1302
-+        default:
1303
-+            *version = vers;
1304
-+        }
1305
-+    }
1306
-     BIO_indent(bio, indent, 80);
1307
-     BIO_printf(bio, "%s=0x%x (%s)\n",
1308
-                name, vers, ssl_trace_str(vers, ssl_version_tbl));

Loading…
Cancel
Save