feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1768 from SparkiDev/tls13_final

Browse Source 
Use final TLS 1.3 version value by default.
This commit is contained in:
toddouska
2018-08-21 12:29:51 -07:00
committed by GitHub
parent e635e49635 20950ffde8
commit 776fd51720
6 changed files with 30 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
configure.ac
View File

@@ -266,7 +266,7 @@ AC_ARG_ENABLE([tls13-draft18],
) )
if test "$ENABLED_TLS13_DRAFT18" = "yes" if test "$ENABLED_TLS13_DRAFT18" = "yes"
then then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
fi fi
@@ -278,7 +278,7 @@ AC_ARG_ENABLE([tls13-draft22],
) )
if test "$ENABLED_TLS13_DRAFT22" = "yes" if test "$ENABLED_TLS13_DRAFT22" = "yes"
then then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS"
fi fi
@@ -290,7 +290,7 @@ AC_ARG_ENABLE([tls13-draft23],
) )
if test "$ENABLED_TLS13_DRAFT23" = "yes" if test "$ENABLED_TLS13_DRAFT23" = "yes"
then then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS"
fi fi
@@ -302,7 +302,19 @@ AC_ARG_ENABLE([tls13-draft26],
) )
if test "$ENABLED_TLS13_DRAFT26" = "yes" if test "$ENABLED_TLS13_DRAFT26" = "yes"
then then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS" AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS"
fi
# TLS v1.3 Draft 28
AC_ARG_ENABLE([tls13-draft28],
[AS_HELP_STRING([--enable-tls13-draft28],[Enable wolfSSL TLS v1.3 Draft 28 (default: disabled)])],
[ ENABLED_TLS13_DRAFT28=$enableval ],
[ ENABLED_TLS13_DRAFT28=no ]
)
if test "$ENABLED_TLS13_DRAFT28" = "yes"
then
AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT $AM_CFLAGS"
fi fi
@@ -313,7 +325,7 @@ AC_ARG_ENABLE([tls13],
[ ENABLED_TLS13=no ] [ ENABLED_TLS13=no ]
) )
if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" || test "$ENABLED_TLS13_DRAFT28" = "yes"
then then
ENABLED_TLS13="yes" ENABLED_TLS13="yes"
fi fi
@@ -4572,6 +4584,7 @@ echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18"
echo " * TLS v1.3 Draft 22: $ENABLED_TLS13_DRAFT22" echo " * TLS v1.3 Draft 22: $ENABLED_TLS13_DRAFT22"
echo " * TLS v1.3 Draft 23: $ENABLED_TLS13_DRAFT23" echo " * TLS v1.3 Draft 23: $ENABLED_TLS13_DRAFT23"
echo " * TLS v1.3 Draft 26: $ENABLED_TLS13_DRAFT26" echo " * TLS v1.3 Draft 26: $ENABLED_TLS13_DRAFT26"
echo " * TLS v1.3 Draft 28: $ENABLED_TLS13_DRAFT28"
echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH" echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH"
echo " * Early Data: $ENABLED_TLS13_EARLY_DATA" echo " * Early Data: $ENABLED_TLS13_EARLY_DATA"
echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE" echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE"

7
src/internal.c
View File

@@ -16959,17 +16959,12 @@ exit_dpk:
*/ */
int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv) int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv)
{ {
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13_DRAFT
#ifndef WOLFSSL_TLS13_FINAL
/* TODO: [TLS13] Remove this.
* Translate the draft TLS v1.3 version to final version.
*/
if (pv.major == TLS_DRAFT_MAJOR) { if (pv.major == TLS_DRAFT_MAJOR) {
pv.major = SSLv3_MAJOR; pv.major = SSLv3_MAJOR;
pv.minor = TLSv1_3_MINOR; pv.minor = TLSv1_3_MINOR;
} }
#endif #endif
#endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
if (ssl->CBIS != NULL) { if (ssl->CBIS != NULL) {

3
src/ssl.c
View File

@@ -15544,8 +15544,7 @@ const char* wolfSSL_get_version(WOLFSSL* ssl)
return "TLSv1.2"; return "TLSv1.2";
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
case TLSv1_3_MINOR : case TLSv1_3_MINOR :
/* TODO: [TLS13] Remove draft versions. */ #ifdef WOLFSSL_TLS13_DRAFT
#ifndef WOLFSSL_TLS13_FINAL
#ifdef WOLFSSL_TLS13_DRAFT_18 #ifdef WOLFSSL_TLS13_DRAFT_18
return "TLSv1.3 (Draft 18)"; return "TLSv1.3 (Draft 18)";
#elif defined(WOLFSSL_TLS13_DRAFT_22) #elif defined(WOLFSSL_TLS13_DRAFT_22)

11
src/tls.c
View File

@@ -5233,8 +5233,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
*(output++) = (byte)(cnt * OPAQUE16_LEN); *(output++) = (byte)(cnt * OPAQUE16_LEN);
for (i = 0; i < cnt; i++) { for (i = 0; i < cnt; i++) {
#ifndef WOLFSSL_TLS13_FINAL #ifdef WOLFSSL_TLS13_DRAFT
/* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
if (pv.minor - i == TLSv1_3_MINOR) { if (pv.minor - i == TLSv1_3_MINOR) {
/* The TLS draft major number. */ /* The TLS draft major number. */
*(output++) = TLS_DRAFT_MAJOR; *(output++) = TLS_DRAFT_MAJOR;
@@ -5252,7 +5251,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
} }
#ifndef WOLFSSL_TLS13_DRAFT_18 #ifndef WOLFSSL_TLS13_DRAFT_18
else if (msgType == server_hello || msgType == hello_retry_request) { else if (msgType == server_hello || msgType == hello_retry_request) {
#ifndef WOLFSSL_TLS13_FINAL #ifdef WOLFSSL_TLS13_DRAFT
if (ssl->version.major == SSLv3_MAJOR && if (ssl->version.major == SSLv3_MAJOR &&
ssl->version.minor == TLSv1_3_MINOR) { ssl->version.minor == TLSv1_3_MINOR) {
output[0] = TLS_DRAFT_MAJOR; output[0] = TLS_DRAFT_MAJOR;
@@ -5309,8 +5308,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
major = input[i]; major = input[i];
minor = input[i + OPAQUE8_LEN]; minor = input[i + OPAQUE8_LEN];
#ifndef WOLFSSL_TLS13_FINAL #ifdef WOLFSSL_TLS13_DRAFT
/* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
major = SSLv3_MAJOR; major = SSLv3_MAJOR;
minor = TLSv1_3_MINOR; minor = TLSv1_3_MINOR;
@@ -5364,8 +5362,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
major = input[0]; major = input[0];
minor = input[OPAQUE8_LEN]; minor = input[OPAQUE8_LEN];
#ifndef WOLFSSL_TLS13_FINAL #ifdef WOLFSSL_TLS13_DRAFT
/* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
major = SSLv3_MAJOR; major = SSLv3_MAJOR;
minor = TLSv1_3_MINOR; minor = TLSv1_3_MINOR;

31
src/tls13.c
View File

@@ -1416,6 +1416,7 @@ static void AddTls13RecordHeader(byte* output, word32 length, byte type,
#ifdef WOLFSSL_TLS13_DRAFT_18 #ifdef WOLFSSL_TLS13_DRAFT_18
rl->pvMinor = TLSv1_MINOR; rl->pvMinor = TLSv1_MINOR;
#else #else
/* NOTE: May be TLSv1_MINOR when sending first ClientHello. */
rl->pvMinor = TLSv1_2_MINOR; rl->pvMinor = TLSv1_2_MINOR;
#endif #endif
c16toa((word16)length, rl->length); c16toa((word16)length, rl->length);
@@ -3665,13 +3666,6 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
idx += hashSz; idx += hashSz;
hrrIdx = HANDSHAKE_HEADER_SZ; hrrIdx = HANDSHAKE_HEADER_SZ;
/* TODO: [TLS13] Replace existing code with code in comment.
* Use the TLS v1.3 draft version for now.
*
* Change to:
* hrr[hrrIdx++] = ssl->version.major;
* hrr[hrrIdx++] = ssl->version.minor;
*/
/* The negotiated protocol version. */ /* The negotiated protocol version. */
hrr[hrrIdx++] = TLS_DRAFT_MAJOR; hrr[hrrIdx++] = TLS_DRAFT_MAJOR;
hrr[hrrIdx++] = TLS_DRAFT_MINOR; hrr[hrrIdx++] = TLS_DRAFT_MINOR;
@@ -3730,13 +3724,12 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
hrrIdx += 2; hrrIdx += 2;
c16toa(OPAQUE16_LEN, hrr + hrrIdx); c16toa(OPAQUE16_LEN, hrr + hrrIdx);
hrrIdx += 2; hrrIdx += 2;
/* TODO: [TLS13] Change to ssl->version.major and minor once final. */ #ifdef WOLFSSL_TLS13_DRAFT
#ifdef WOLFSSL_TLS13_FINAL
hrr[hrrIdx++] = ssl->version.major;
hrr[hrrIdx++] = ssl->version.minor;
#else
hrr[hrrIdx++] = TLS_DRAFT_MAJOR; hrr[hrrIdx++] = TLS_DRAFT_MAJOR;
hrr[hrrIdx++] = TLS_DRAFT_MINOR; hrr[hrrIdx++] = TLS_DRAFT_MINOR;
#else
hrr[hrrIdx++] = ssl->version.major;
hrr[hrrIdx++] = ssl->version.minor;
#endif #endif
#endif #endif
/* Mandatory Cookie Extension */ /* Mandatory Cookie Extension */
@@ -4074,13 +4067,6 @@ int SendTls13HelloRetryRequest(WOLFSSL* ssl)
/* Add record and hanshake headers. */ /* Add record and hanshake headers. */
AddTls13Headers(output, length, hello_retry_request, ssl); AddTls13Headers(output, length, hello_retry_request, ssl);
/* TODO: [TLS13] Replace existing code with code in comment.
* Use the TLS v1.3 draft version for now.
*
* Change to:
* output[idx++] = ssl->version.major;
* output[idx++] = ssl->version.minor;
*/
/* The negotiated protocol version. */ /* The negotiated protocol version. */
output[idx++] = TLS_DRAFT_MAJOR; output[idx++] = TLS_DRAFT_MAJOR;
output[idx++] = TLS_DRAFT_MINOR; output[idx++] = TLS_DRAFT_MINOR;
@@ -4171,13 +4157,6 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
AddTls13Headers(output, length, server_hello, ssl); AddTls13Headers(output, length, server_hello, ssl);
#ifdef WOLFSSL_TLS13_DRAFT_18 #ifdef WOLFSSL_TLS13_DRAFT_18
/* TODO: [TLS13] Replace existing code with code in comment.
* Use the TLS v1.3 draft version for now.
*
* Change to:
* output[idx++] = ssl->version.major;
* output[idx++] = ssl->version.minor;
*/
/* The negotiated protocol version. */ /* The negotiated protocol version. */
output[idx++] = TLS_DRAFT_MAJOR; output[idx++] = TLS_DRAFT_MAJOR;
output[idx++] = TLS_DRAFT_MINOR; output[idx++] = TLS_DRAFT_MINOR;

2
wolfssl/internal.h
View File

@@ -1138,7 +1138,7 @@ enum Misc {
TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
#ifndef WOLFSSL_TLS13_FINAL #ifdef WOLFSSL_TLS13_DRAFT
TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
#ifdef WOLFSSL_TLS13_DRAFT_18 #ifdef WOLFSSL_TLS13_DRAFT_18
TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */ TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */