Merge pull request #1768 from SparkiDev/tls13_final

Use final TLS 1.3 version value by default.
2018-08-21 12:29:51 -07:00 · 2018-08-21 12:29:51 -07:00 · 776fd51720
commit 776fd51720
parent e635e49635 20950ffde8
6 changed files with 30 additions and 47 deletions
--- a/configure.ac
+++ b/configure.ac
@ -266,7 +266,7 @@ AC_ARG_ENABLE([tls13-draft18],
    )
 if test "$ENABLED_TLS13_DRAFT18" = "yes"
 then
-  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
 fi


@ -278,7 +278,7 @@ AC_ARG_ENABLE([tls13-draft22],
    )
 if test "$ENABLED_TLS13_DRAFT22" = "yes"
 then
-  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS"
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS"
 fi


@ -290,7 +290,7 @@ AC_ARG_ENABLE([tls13-draft23],
    )
 if test "$ENABLED_TLS13_DRAFT23" = "yes"
 then
-  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS"
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS"
 fi


@ -302,7 +302,19 @@ AC_ARG_ENABLE([tls13-draft26],
    )
 if test "$ENABLED_TLS13_DRAFT26" = "yes"
 then
-  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS"
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS"
+fi
+
+
+# TLS v1.3 Draft 28
+AC_ARG_ENABLE([tls13-draft28],
+    [AS_HELP_STRING([--enable-tls13-draft28],[Enable wolfSSL TLS v1.3 Draft 28 (default: disabled)])],
+    [ ENABLED_TLS13_DRAFT28=$enableval ],
+    [ ENABLED_TLS13_DRAFT28=no ]
+    )
+if test "$ENABLED_TLS13_DRAFT28" = "yes"
+then
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT $AM_CFLAGS"
 fi


@ -313,7 +325,7 @@ AC_ARG_ENABLE([tls13],
    [ ENABLED_TLS13=no ]
    )

-if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes"
+if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" || test "$ENABLED_TLS13_DRAFT28" = "yes"
 then
    ENABLED_TLS13="yes"
 fi
@ -4572,6 +4584,7 @@ echo "   * TLS v1.3 Draft 18:          $ENABLED_TLS13_DRAFT18"
 echo "   * TLS v1.3 Draft 22:          $ENABLED_TLS13_DRAFT22"
 echo "   * TLS v1.3 Draft 23:          $ENABLED_TLS13_DRAFT23"
 echo "   * TLS v1.3 Draft 26:          $ENABLED_TLS13_DRAFT26"
+echo "   * TLS v1.3 Draft 28:          $ENABLED_TLS13_DRAFT28"
 echo "   * Post-handshake Auth:        $ENABLED_TLS13_POST_AUTH"
 echo "   * Early Data:                 $ENABLED_TLS13_EARLY_DATA"
 echo "   * Send State in HRR Cookie:   $ENABLED_SEND_HRR_COOKIE"
--- a/src/internal.c
+++ b/src/internal.c
@ -16959,17 +16959,12 @@ exit_dpk:
     */
    int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv)
    {
-#ifdef WOLFSSL_TLS13
-    #ifndef WOLFSSL_TLS13_FINAL
-        /* TODO: [TLS13] Remove this.
-         * Translate the draft TLS v1.3 version to final version.
-         */
+    #ifdef WOLFSSL_TLS13_DRAFT
        if (pv.major == TLS_DRAFT_MAJOR) {
            pv.major = SSLv3_MAJOR;
            pv.minor = TLSv1_3_MINOR;
        }
    #endif
-#endif

        #ifdef OPENSSL_EXTRA
        if (ssl->CBIS != NULL) {
--- a/src/ssl.c
+++ b/src/ssl.c
@ -15544,8 +15544,7 @@ const char* wolfSSL_get_version(WOLFSSL* ssl)
                return "TLSv1.2";
        #ifdef WOLFSSL_TLS13
            case TLSv1_3_MINOR :
-            /* TODO: [TLS13] Remove draft versions. */
-            #ifndef WOLFSSL_TLS13_FINAL
+            #ifdef WOLFSSL_TLS13_DRAFT
                #ifdef WOLFSSL_TLS13_DRAFT_18
                    return "TLSv1.3 (Draft 18)";
                #elif defined(WOLFSSL_TLS13_DRAFT_22)
--- a/src/tls.c
+++ b/src/tls.c
@ -5233,8 +5233,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,

        *(output++) = (byte)(cnt * OPAQUE16_LEN);
        for (i = 0; i < cnt; i++) {
-#ifndef WOLFSSL_TLS13_FINAL
-            /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
+#ifdef WOLFSSL_TLS13_DRAFT
            if (pv.minor - i == TLSv1_3_MINOR) {
                /* The TLS draft major number. */
                *(output++) = TLS_DRAFT_MAJOR;
@ -5252,7 +5251,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
    }
 #ifndef WOLFSSL_TLS13_DRAFT_18
    else if (msgType == server_hello || msgType == hello_retry_request) {
-    #ifndef WOLFSSL_TLS13_FINAL
+    #ifdef WOLFSSL_TLS13_DRAFT
        if (ssl->version.major == SSLv3_MAJOR &&
                                          ssl->version.minor == TLSv1_3_MINOR) {
            output[0] = TLS_DRAFT_MAJOR;
@ -5309,8 +5308,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
            major = input[i];
            minor = input[i + OPAQUE8_LEN];

-#ifndef WOLFSSL_TLS13_FINAL
-            /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
+#ifdef WOLFSSL_TLS13_DRAFT
            if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
                major = SSLv3_MAJOR;
                minor = TLSv1_3_MINOR;
@ -5364,8 +5362,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
        major = input[0];
        minor = input[OPAQUE8_LEN];

-    #ifndef WOLFSSL_TLS13_FINAL
-        /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
+    #ifdef WOLFSSL_TLS13_DRAFT
        if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
            major = SSLv3_MAJOR;
            minor = TLSv1_3_MINOR;
--- a/src/tls13.c
+++ b/src/tls13.c
@ -1416,6 +1416,7 @@ static void AddTls13RecordHeader(byte* output, word32 length, byte type,
 #ifdef WOLFSSL_TLS13_DRAFT_18
    rl->pvMinor = TLSv1_MINOR;
 #else
+    /* NOTE: May be TLSv1_MINOR when sending first ClientHello. */
    rl->pvMinor = TLSv1_2_MINOR;
 #endif
    c16toa((word16)length, rl->length);
@ -3665,13 +3666,6 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)

    idx += hashSz;
    hrrIdx = HANDSHAKE_HEADER_SZ;
-    /* TODO: [TLS13] Replace existing code with code in comment.
-     * Use the TLS v1.3 draft version for now.
-     *
-     * Change to:
-     * hrr[hrrIdx++] = ssl->version.major;
-     * hrr[hrrIdx++] = ssl->version.minor;
-     */
    /* The negotiated protocol version. */
    hrr[hrrIdx++] = TLS_DRAFT_MAJOR;
    hrr[hrrIdx++] = TLS_DRAFT_MINOR;
@ -3730,13 +3724,12 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
    hrrIdx += 2;
    c16toa(OPAQUE16_LEN, hrr + hrrIdx);
    hrrIdx += 2;
-    /* TODO: [TLS13] Change to ssl->version.major and minor once final. */
-    #ifdef WOLFSSL_TLS13_FINAL
-        hrr[hrrIdx++] = ssl->version.major;
-        hrr[hrrIdx++] = ssl->version.minor;
-    #else
+    #ifdef WOLFSSL_TLS13_DRAFT
        hrr[hrrIdx++] = TLS_DRAFT_MAJOR;
        hrr[hrrIdx++] = TLS_DRAFT_MINOR;
+    #else
+        hrr[hrrIdx++] = ssl->version.major;
+        hrr[hrrIdx++] = ssl->version.minor;
    #endif
 #endif
    /* Mandatory Cookie Extension */
@ -4074,13 +4067,6 @@ int SendTls13HelloRetryRequest(WOLFSSL* ssl)
    /* Add record and hanshake headers. */
    AddTls13Headers(output, length, hello_retry_request, ssl);

-    /* TODO: [TLS13] Replace existing code with code in comment.
-     * Use the TLS v1.3 draft version for now.
-     *
-     * Change to:
-     * output[idx++] = ssl->version.major;
-     * output[idx++] = ssl->version.minor;
-     */
    /* The negotiated protocol version. */
    output[idx++] = TLS_DRAFT_MAJOR;
    output[idx++] = TLS_DRAFT_MINOR;
@ -4171,13 +4157,6 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
    AddTls13Headers(output, length, server_hello, ssl);

 #ifdef WOLFSSL_TLS13_DRAFT_18
-    /* TODO: [TLS13] Replace existing code with code in comment.
-     * Use the TLS v1.3 draft version for now.
-     *
-     * Change to:
-     * output[idx++] = ssl->version.major;
-     * output[idx++] = ssl->version.minor;
-     */
    /* The negotiated protocol version. */
    output[idx++] = TLS_DRAFT_MAJOR;
    output[idx++] = TLS_DRAFT_MINOR;
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -1138,7 +1138,7 @@ enum Misc {
    TLSv1_1_MINOR   = 2,        /* TLSv1_1 minor version number */
    TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
    TLSv1_3_MINOR   = 4,        /* TLSv1_3 minor version number */
-#ifndef WOLFSSL_TLS13_FINAL
+#ifdef WOLFSSL_TLS13_DRAFT
    TLS_DRAFT_MAJOR = 0x7f,     /* Draft TLS major version number */
 #ifdef WOLFSSL_TLS13_DRAFT_18
    TLS_DRAFT_MINOR = 0x12,     /* Minor version number of TLS draft */