Remove draft 26, 27

openssl-1.1.1
Hakase 2018-05-25 04:18:48 +09:00
parent c4437b6b7d
commit 692bc2e890
2 changed files with 30 additions and 24 deletions

View File

@ -12,5 +12,5 @@ OpenSSL 1.1.0 patch is [here](https://gitlab.com/buik/openssl/blob/openssl-patch
### OpenSSL-1.1.1-pre6~pre7 ciphers (draft 26 ~ 28)
`[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES`
### OpenSSL-1.1.1-pre7 (Latest) ciphers (draft 23, 26 ~ 28)
### OpenSSL-1.1.1-pre7 (Latest) ciphers (draft 23, 28)
`[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA`

View File

@ -71,21 +71,23 @@ index 8e395cdd2d..700d7b7b4e 100644
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 37bdc7da43..894801bb4a 100644
index 37bdc7da43..d8dc34a8a0 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -31,9 +31,11 @@ extern "C" {
@@ -31,11 +31,9 @@ extern "C" {
# define TLS_MAX_VERSION TLS1_3_VERSION
/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
-# define TLS1_3_VERSION_DRAFT_26 0x7f1a
-# define TLS1_3_VERSION_DRAFT_27 0x7f1b
+# define TLS1_3_VERSION_DRAFT_23 0x7f17
# define TLS1_3_VERSION_DRAFT_26 0x7f1a
# define TLS1_3_VERSION_DRAFT_27 0x7f1b
# define TLS1_3_VERSION_DRAFT 0x7f1c
-# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
-# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
/* Special value for method supporting multiple versions */
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index 8822ca25c3..63ecafe373 100644
--- a/ssl/record/ssl3_record_tls13.c
@ -1032,25 +1034,25 @@ index 4aec810179..d251ee178f 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index cc4563b357..4fb02935e9 100644
index cc4563b357..05681cd399 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -540,7 +540,8 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
@@ -539,8 +539,7 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
/* TODO(TLS1.3): Remove this first if clause prior to release!! */
if (currv == TLS1_3_VERSION) {
if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
|| !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
- || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
- || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) {
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
@@ -1793,8 +1794,11 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
@@ -1792,9 +1791,10 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
/* TODO(TLS1.3): Remove this before release */
if (version == TLS1_3_VERSION_DRAFT
|| version == TLS1_3_VERSION_DRAFT_27
- || version == TLS1_3_VERSION_DRAFT_27
- || version == TLS1_3_VERSION_DRAFT_26)
+ || version == TLS1_3_VERSION_DRAFT_26
+ || version == TLS1_3_VERSION_DRAFT_23) {
+ s->version_draft = version;
version = TLS1_3_VERSION;
@ -1059,15 +1061,15 @@ index cc4563b357..4fb02935e9 100644
/*
* The only protocol version we support which is valid in this extension in
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 91d304e2b4..ed62a0590b 100644
index 91d304e2b4..1f2eecad0b 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1709,7 +1709,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1708,8 +1708,7 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
/* TODO(TLS1.3): Remove this before release */
if (candidate_vers == TLS1_3_VERSION_DRAFT
|| candidate_vers == TLS1_3_VERSION_DRAFT_27
- || candidate_vers == TLS1_3_VERSION_DRAFT_27
- || candidate_vers == TLS1_3_VERSION_DRAFT_26) {
+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
if (best_vers == TLS1_3_VERSION
&& orig_candidate > candidate_vers)
@ -1116,22 +1118,26 @@ index ce8cec185a..1a12a9c1a0 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 4d052d0705..15f7f76e6e 100644
index 4d052d0705..b6abd6d9d7 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -66,6 +66,7 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
@@ -66,8 +66,7 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
{TLS1_2_VERSION, "TLS 1.2"},
{TLS1_3_VERSION, "TLS 1.3"},
/* TODO(TLS1.3): Remove these lines before release */
- {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
- {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
{TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
{TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
{TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
@@ -645,6 +646,7 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
{DTLS1_VERSION, "DTLS 1.0"},
{DTLS1_2_VERSION, "DTLS 1.2"},
@@ -645,8 +644,8 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
if (version != NULL) {
/* TODO(TLS1.3): Remove the draft conditional here before release */
switch(vers) {
+ case TLS1_3_VERSION_DRAFT_23:
case TLS1_3_VERSION_DRAFT_26:
case TLS1_3_VERSION_DRAFT_27:
- case TLS1_3_VERSION_DRAFT_27:
case TLS1_3_VERSION_DRAFT:
*version = TLS1_3_VERSION;
break;