You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

openssl-1.1.1a-tls13_draft.patch 10KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227
  1. diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
  2. index d6b1b4e6a6..173dbb1ef8 100644
  3. --- a/include/openssl/ssl.h
  4. +++ b/include/openssl/ssl.h
  5. @@ -173,12 +173,12 @@ extern "C" {
  6. # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
  7. /* This is the default set of TLSv1.3 ciphersuites */
  8. # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  9. -# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
  10. +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \
  11. "TLS_CHACHA20_POLY1305_SHA256:" \
  12. - "TLS_AES_128_GCM_SHA256"
  13. + "TLS_AES_256_GCM_SHA384"
  14. # else
  15. -# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
  16. - "TLS_AES_128_GCM_SHA256"
  17. +# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \
  18. + "TLS_AES_256_GCM_SHA384"
  19. #endif
  20. /*
  21. * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  22. diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
  23. index e13b5dd4bc..779341c948 100644
  24. --- a/include/openssl/tls1.h
  25. +++ b/include/openssl/tls1.h
  26. @@ -30,6 +30,16 @@ extern "C" {
  27. # define TLS1_3_VERSION 0x0304
  28. # define TLS_MAX_VERSION TLS1_3_VERSION
  29. +/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
  30. +# define TLS1_3_VERSION_DRAFT_23 0x7f17
  31. +# define TLS1_3_VERSION_DRAFT_26 0x7f1a
  32. +# define TLS1_3_VERSION_DRAFT_27 0x7f1b
  33. +# define TLS1_3_VERSION_DRAFT 0x7f1c
  34. +# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
  35. +# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
  36. +# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
  37. +# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
  38. +
  39. /* Special value for method supporting multiple versions */
  40. # define TLS_ANY_VERSION 0x10000
  41. diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
  42. index a11ed483e6..4fd583dd03 100644
  43. --- a/ssl/record/ssl3_record_tls13.c
  44. +++ b/ssl/record/ssl3_record_tls13.c
  45. @@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
  46. if (((alg_enc & SSL_AESCCM) != 0
  47. && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
  48. (unsigned int)rec->length) <= 0)
  49. - || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
  50. - sizeof(recheader)) <= 0
  51. + || (s->version_draft != TLS1_3_VERSION_DRAFT_23
  52. + && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
  53. + sizeof(recheader)) <= 0)
  54. || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
  55. (unsigned int)rec->length) <= 0
  56. || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
  57. diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
  58. index 70e5a1740f..7b3b270ffc 100644
  59. --- a/ssl/ssl_locl.h
  60. +++ b/ssl/ssl_locl.h
  61. @@ -1080,6 +1080,8 @@ struct ssl_st {
  62. * DTLS1_VERSION)
  63. */
  64. int version;
  65. + /* TODO(TLS1.3): Remove this before release */
  66. + int version_draft;
  67. /* SSLv3 */
  68. const SSL_METHOD *method;
  69. /*
  70. diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
  71. index ab4dbf6713..745897b638 100644
  72. --- a/ssl/statem/extensions_clnt.c
  73. +++ b/ssl/statem/extensions_clnt.c
  74. @@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
  75. return EXT_RETURN_FAIL;
  76. }
  77. + /*
  78. + * TODO(TLS1.3): There is some discussion on the TLS list as to whether
  79. + * we should include versions <TLS1.2. For the moment we do. To be
  80. + * reviewed later.
  81. + */
  82. for (currv = max_version; currv >= min_version; currv--) {
  83. - if (!WPACKET_put_bytes_u16(pkt, currv)) {
  84. + /* TODO(TLS1.3): Remove this first if clause prior to release!! */
  85. + if (currv == TLS1_3_VERSION) {
  86. + if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
  87. + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
  88. + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
  89. + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
  90. + || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
  91. + SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  92. + SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
  93. + ERR_R_INTERNAL_ERROR);
  94. + return EXT_RETURN_FAIL;
  95. + }
  96. + } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
  97. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  98. SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
  99. ERR_R_INTERNAL_ERROR);
  100. @@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
  101. return 0;
  102. }
  103. + /* TODO(TLS1.3): Remove this before release */
  104. + if (version == TLS1_3_VERSION_DRAFT
  105. + || version == TLS1_3_VERSION_DRAFT_27
  106. + || version == TLS1_3_VERSION_DRAFT_26
  107. + || version == TLS1_3_VERSION_DRAFT_23) {
  108. + s->version_draft = version;
  109. + version = TLS1_3_VERSION;
  110. + }
  111. +
  112. /*
  113. * The only protocol version we support which is valid in this extension in
  114. * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
  115. diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
  116. index 0f2b22392b..6c1ce9813f 100644
  117. --- a/ssl/statem/extensions_srvr.c
  118. +++ b/ssl/statem/extensions_srvr.c
  119. @@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
  120. }
  121. if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
  122. || !WPACKET_start_sub_packet_u16(&hrrpkt)
  123. - || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
  124. + /* TODO(TLS1.3): Fix this before release */
  125. + || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
  126. || !WPACKET_close(&hrrpkt)) {
  127. WPACKET_cleanup(&hrrpkt);
  128. SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
  129. @@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
  130. if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
  131. || !WPACKET_start_sub_packet_u16(pkt)
  132. - || !WPACKET_put_bytes_u16(pkt, s->version)
  133. + /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
  134. + || !WPACKET_put_bytes_u16(pkt, s->version_draft)
  135. || !WPACKET_close(pkt)) {
  136. SSLfatal(s, SSL_AD_INTERNAL_ERROR,
  137. SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
  138. diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
  139. index 4324896f50..d0de7ffe3d 100644
  140. --- a/ssl/statem/statem_lib.c
  141. +++ b/ssl/statem/statem_lib.c
  142. @@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
  143. unsigned int best_vers = 0;
  144. const SSL_METHOD *best_method = NULL;
  145. PACKET versionslist;
  146. + /* TODO(TLS1.3): Remove this before release */
  147. + unsigned int orig_candidate = 0;
  148. suppversions->parsed = 1;
  149. @@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
  150. return SSL_R_BAD_LEGACY_VERSION;
  151. while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
  152. + /* TODO(TLS1.3): Remove this before release */
  153. + if (candidate_vers == TLS1_3_VERSION
  154. + || candidate_vers == TLS1_3_VERSION_DRAFT
  155. + || candidate_vers == TLS1_3_VERSION_DRAFT_26
  156. + || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
  157. + if (best_vers == TLS1_3_VERSION
  158. + && (orig_candidate > candidate_vers
  159. + || orig_candidate == TLS1_3_VERSION))
  160. + continue;
  161. + orig_candidate = candidate_vers;
  162. + candidate_vers = TLS1_3_VERSION;
  163. + }
  164. + /*
  165. + * TODO(TLS1.3): There is some discussion on the TLS list about
  166. + * whether to ignore versions <TLS1.2 in supported_versions. At the
  167. + * moment we honour them if present. To be reviewed later
  168. + */
  169. if (version_cmp(s, candidate_vers, best_vers) <= 0)
  170. continue;
  171. if (ssl_version_supported(s, candidate_vers, &best_method))
  172. @@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
  173. }
  174. check_for_downgrade(s, best_vers, dgrd);
  175. s->version = best_vers;
  176. + /* TODO(TLS1.3): Remove this before release */
  177. + if (best_vers == TLS1_3_VERSION)
  178. + s->version_draft = orig_candidate;
  179. s->method = best_method;
  180. return 0;
  181. }
  182. diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
  183. index be3039af38..99c4ddcb41 100644
  184. --- a/ssl/t1_trce.c
  185. +++ b/ssl/t1_trce.c
  186. @@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
  187. {TLS1_1_VERSION, "TLS 1.1"},
  188. {TLS1_2_VERSION, "TLS 1.2"},
  189. {TLS1_3_VERSION, "TLS 1.3"},
  190. + /* TODO(TLS1.3): Remove these lines before release */
  191. + {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
  192. + {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
  193. + {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
  194. + {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
  195. {DTLS1_VERSION, "DTLS 1.0"},
  196. {DTLS1_2_VERSION, "DTLS 1.2"},
  197. {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
  198. @@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
  199. if (*pmsglen < 2)
  200. return 0;
  201. vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
  202. - if (version != NULL)
  203. - *version = vers;
  204. + if (version != NULL) {
  205. + /* TODO(TLS1.3): Remove the draft conditional here before release */
  206. + switch(vers) {
  207. + case TLS1_3_VERSION_DRAFT_23:
  208. + case TLS1_3_VERSION_DRAFT_26:
  209. + case TLS1_3_VERSION_DRAFT_27:
  210. + case TLS1_3_VERSION_DRAFT:
  211. + *version = TLS1_3_VERSION;
  212. + break;
  213. + default:
  214. + *version = vers;
  215. + }
  216. + }
  217. BIO_indent(bio, indent, 80);
  218. BIO_printf(bio, "%s=0x%x (%s)\n",
  219. name, vers, ssl_trace_str(vers, ssl_version_tbl));