jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove TLSv1.3 draft.

pull/17/head
Hakase 2019-02-09 20:31:04 +09:00
parent 2ff4fd05f1
commit d087771dc0
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
6 changed files with 36 additions and 850 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -12,12 +12,10 @@
## Information
- [Test Page - (TLS 1.3 draft 23, 26, 28, final)](https://ssl.hakase.io/)
- [Test Page - (TLS 1.3 final)](https://ssl.hakase.io/)
- [SSL Test Result - testssl.sh](https://ssl.hakase.io/ssltest/hakase.io.html)
- [SSL Test Result - dev.ssllabs.com](https://dev.ssllabs.com/ssltest/analyze.html?d=hakase.io)
- **If you link site to a browser that supports draft 23 or 26 or 28 or final, you'll see a TLS 1.3 message.**
**Support TLS 1.3 draft 28 browsers - _Chrome Canary, Firefox Nightly_**
- **If you link site to a browser that supports final, you'll see a TLS 1.3 message.**
Displays TLSv1.3 support for large sites.
@ -25,13 +23,13 @@ Default support is in bold type.
- [Baidu(China)](https://baidu.cn/) : **TLSv1.2**
- [Naver(Korea)](https://naver.com/) : **TLSv1.2**
- [Twitter](https://twitter.com/) : **TLSv1.2**
- [**My Site**](https://hakase.io/) : _TLSv1.3_ draft 23, 26, 28, **final**
- [**My Site**](https://hakase.io/) : _TLSv1.3_ **final**
- [Facebook](https://facebook.com/) : _TLSv1.3_ draft 23, 26, 28, **final**
- [Cloudflare](https://cloudflare.com/) : _TLSv1.3_ draft 23, 28, **final**
- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ draft 23, 28, **final**
- [Cloudflare](https://cloudflare.com/) : _TLSv1.3_ **final**
- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final**
- [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23204 commits)](https://github.com/openssl/openssl/tree/829800b0735ab99a0962418180cb076ff8081028)
[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23340 commits)](https://github.com/openssl/openssl/tree/1980ce45d6bdd2b57df7003d6b56b5df560b9064)
## Patch files
@ -40,19 +38,15 @@ Default support is in bold type.
You can find the _OpenSSL 1.1.0h_ patch is [here.](https://gitlab.com/buik/openssl/blob/openssl-patch/openssl-1.1/OpenSSL1.1h-equal-preference-cipher-groups.patch)
Here is the basic patch content.
- Support TLS 1.3 draft 23 + 26 + 28 + final
- Server: draft 23 + 26 + 28 + final
- Client: draft 23 + 26 + 27 + 28 + final
- BoringSSL's Equal Preference Patch
- Weak 3DES and not using ECDHE ciphers is not used in TLSv1.1 or later.
| Patch file name | Patch list |
| :--- | :--- |
| openssl-1.1.1a-tls13_draft.patch | Only for TLS 1.3 draft 23, 26, 28, final support patch. |
| openssl-equal-1.1.1a.patch<br>openssl-equal-3.0.0-dev.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can not_** be changed on _nginx_. |
| openssl-equal-1.1.1a_ciphers.patch<br>openssl-equal-3.0.0-dev_ciphers.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can_** be changed on _nginx_. |
| openssl-1.1.1a-chacha_draft.patch<br>openssl-3.0.0-dev-chacha_draft.patch | A draft version of chacha20-poly1305 is available. [View issue](https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427554824) |
| openssl-1.1.1a-tls13_draft.patch | Enable TLS 1.3 draft 23, 26, 28, final. |
| openssl-1.1.1a-tls13_draft.patch | Only for **TLS 1.3 draft 23, 26, 28, final support patch**. |
| openssl-1.1.1a-tls13_nginx_config.patch | You can set TLS 1.3 ciphere in nginx. ex) TLS13+AESGCM+AES128 |
| openssl-3.0.0-dev_version_error.patch | **TEST** This is a way to fix nginx when the following errors occur during the build:<br>Error: missing binary operator before token "("<br>Maybe patched: [https://github.com/openssl/openssl/pull/7839](https://github.com/openssl/openssl/pull/7839)<br>Patched : [https://github.com/openssl/openssl/commit/5d609f22d28615c45685d9da871d432e9cb81127](https://github.com/openssl/openssl/commit/5d609f22d28615c45685d9da871d432e9cb81127) |
@ -162,12 +156,12 @@ ssl_ecdh_curve X25519:P-256:P-384;
ssl_prefer_server_ciphers on;
```
### OpenSSL-1.1.1a, 3.0.0-dev ciphers (draft 23, 26, 28, final)
### OpenSSL-1.1.1a, 3.0.0-dev ciphers
```
[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
```
### OpenSSL-1.1.1a_ciphers, 3.0.0-dev_ciphers ciphers (draft 23, 26, 28, final)
### OpenSSL-1.1.1a_ciphers, 3.0.0-dev_ciphers ciphers
```
[TLS13+AESGCM+AES128|TLS13+AESGCM+AES256|TLS13+CHACHA20]:[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
```

54
openssl-3.0.0-dev-chacha_draft.patch
View File

@ -220,69 +220,69 @@ index 0d4612f314..5a3516d642 100644
# endif
#endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 859795fa50..550e794fca 100644
index 78a9e7acaf..15c712b291 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */
};
-#define NUM_NID 1201
+#define NUM_NID 1202
-#define NUM_NID 1203
+#define NUM_NID 1204
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2282,9 +2282,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"AES-128-SIV", "aes-128-siv", NID_aes_128_siv},
{"AES-192-SIV", "aes-192-siv", NID_aes_192_siv},
@@ -2284,9 +2284,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
{"BLAKE2BMAC", "blake2bmac", NID_blake2bmac},
{"BLAKE2SMAC", "blake2smac", NID_blake2smac},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
};
-#define NUM_SN 1192
+#define NUM_SN 1193
-#define NUM_SN 1194
+#define NUM_SN 1195
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@@ -2405,6 +2406,7 @@ static const unsigned int sn_objs[NUM_SN] = {
@@ -2409,6 +2410,7 @@ static const unsigned int sn_objs[NUM_SN] = {
417, /* "CSPName" */
1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */
+ 1201, /* "chacha20-poly1305-draft" */
+ 1203, /* "chacha20-poly1305-draft" */
367, /* "CrlID" */
391, /* "DC" */
31, /* "DES-CBC" */
@@ -3480,7 +3482,7 @@ static const unsigned int sn_objs[NUM_SN] = {
@@ -3484,7 +3486,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
-#define NUM_LN 1192
+#define NUM_LN 1193
-#define NUM_LN 1194
+#define NUM_LN 1195
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@@ -3862,6 +3864,7 @@ static const unsigned int ln_objs[NUM_LN] = {
@@ -3868,6 +3870,7 @@ static const unsigned int ln_objs[NUM_LN] = {
883, /* "certificateRevocationList" */
1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */
+ 1201, /* "ChaCha20-Poly1305-D" */
+ 1203, /* "ChaCha20-Poly1305-D" */
54, /* "challengePassword" */
407, /* "characteristic-two-field" */
395, /* "clearance" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 021875d9e4..c13c751d74 100644
index 87790200d4..94d033c158 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1198,3 +1198,4 @@ kmac256 1197
aes_128_siv 1198
aes_192_siv 1199
@@ -1200,3 +1200,4 @@ aes_192_siv 1199
aes_256_siv 1200
+chacha20_poly1305_draft 1201
blake2bmac 1201
blake2smac 1202
+chacha20_poly1305_draft 1203
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 851e31e5aa..e5b288d999 100644
index 344b67b395..21653d9b87 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1541,6 +1541,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
@@ -1543,6 +1543,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
: ChaCha20-Poly1305 : chacha20-poly1305
@ -291,7 +291,7 @@ index 851e31e5aa..e5b288d999 100644
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9f1dbd4b8b..774f102e48 100644
index 23f07eaa05..c90c6435bd 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -928,6 +928,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
@ -303,22 +303,22 @@ index 9f1dbd4b8b..774f102e48 100644
# endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 242eaeb6ce..c8960d0e5c 100644
index 97b2204ba6..a9b341243a 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4824,6 +4824,10 @@
@@ -4832,6 +4832,10 @@
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1201
+#define NID_chacha20_poly1305_draft 1203
+
#define SN_dhpublicnumber "dhpublicnumber"
#define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c7a830445b..8aa020669d 100644
index 35311acaf4..c2bce6822d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" {

202
openssl-equal-1.1.1a.patch
View File

@ -70,43 +70,6 @@ index 87b295c9f9..d118d8e864 100644
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index e13b5dd4bc..779341c948 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -30,6 +30,16 @@ extern "C" {
# define TLS1_3_VERSION 0x0304
# define TLS_MAX_VERSION TLS1_3_VERSION
+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
+# define TLS1_3_VERSION_DRAFT_23 0x7f17
+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
+# define TLS1_3_VERSION_DRAFT 0x7f1c
+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
+
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index a11ed483e6..4fd583dd03 100644
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
if (((alg_enc & SSL_AESCCM) != 0
&& EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
(unsigned int)rec->length) <= 0)
- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
- sizeof(recheader)) <= 0
+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23
+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
+ sizeof(recheader)) <= 0)
|| EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
(unsigned int)rec->length) <= 0
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 866ca4dfa9..7b98b670d2 100644
--- a/ssl/s3_lib.c
@ -1022,15 +985,6 @@ index 70e5a1740f..d583840984 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1080,6 +1117,8 @@ struct ssl_st {
* DTLS1_VERSION)
*/
int version;
+ /* TODO(TLS1.3): Remove this before release */
+ int version_draft;
/* SSLv3 */
const SSL_METHOD *method;
/*
@@ -1138,7 +1177,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
@ -1072,124 +1026,6 @@ index 70e5a1740f..d583840984 100644
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index ab4dbf6713..745897b638 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
+ * we should include versions <TLS1.2. For the moment we do. To be
+ * reviewed later.
+ */
for (currv = max_version; currv >= min_version; currv--) {
- if (!WPACKET_put_bytes_u16(pkt, currv)) {
+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */
+ if (currv == TLS1_3_VERSION) {
+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+ ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 0;
}
+ /* TODO(TLS1.3): Remove this before release */
+ if (version == TLS1_3_VERSION_DRAFT
+ || version == TLS1_3_VERSION_DRAFT_27
+ || version == TLS1_3_VERSION_DRAFT_26
+ || version == TLS1_3_VERSION_DRAFT_23) {
+ s->version_draft = version;
+ version = TLS1_3_VERSION;
+ }
+
/*
* The only protocol version we support which is valid in this extension in
* a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 0f2b22392b..6c1ce9813f 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(&hrrpkt)
- || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
+ /* TODO(TLS1.3): Fix this before release */
+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
|| !WPACKET_close(&hrrpkt)) {
WPACKET_cleanup(&hrrpkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u16(pkt, s->version)
+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
+ || !WPACKET_put_bytes_u16(pkt, s->version_draft)
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 4324896f50..d0de7ffe3d 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
+ /* TODO(TLS1.3): Remove this before release */
+ unsigned int orig_candidate = 0;
suppversions->parsed = 1;
@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+ /* TODO(TLS1.3): Remove this before release */
+ if (candidate_vers == TLS1_3_VERSION
+ || candidate_vers == TLS1_3_VERSION_DRAFT
+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
+ if (best_vers == TLS1_3_VERSION
+ && (orig_candidate > candidate_vers
+ || orig_candidate == TLS1_3_VERSION))
+ continue;
+ orig_candidate = candidate_vers;
+ candidate_vers = TLS1_3_VERSION;
+ }
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list about
+ * whether to ignore versions <TLS1.2 in supported_versions. At the
+ * moment we honour them if present. To be reviewed later
+ */
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
+ /* TODO(TLS1.3): Remove this before release */
+ if (best_vers == TLS1_3_VERSION)
+ s->version_draft = orig_candidate;
s->method = best_method;
return 0;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e7c11c4bea..a2a6c1e44e 100644
--- a/ssl/statem/statem_srvr.c
@ -1233,41 +1069,3 @@ index e7c11c4bea..a2a6c1e44e 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index be3039af38..99c4ddcb41 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
{TLS1_3_VERSION, "TLS 1.3"},
+ /* TODO(TLS1.3): Remove these lines before release */
+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
{DTLS1_VERSION, "DTLS 1.0"},
{DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
if (*pmsglen < 2)
return 0;
vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
- if (version != NULL)
- *version = vers;
+ if (version != NULL) {
+ /* TODO(TLS1.3): Remove the draft conditional here before release */
+ switch(vers) {
+ case TLS1_3_VERSION_DRAFT_23:
+ case TLS1_3_VERSION_DRAFT_26:
+ case TLS1_3_VERSION_DRAFT_27:
+ case TLS1_3_VERSION_DRAFT:
+ *version = TLS1_3_VERSION;
+ break;
+ default:
+ *version = vers;
+ }
+ }
BIO_indent(bio, indent, 80);
BIO_printf(bio, "%s=0x%x (%s)\n",
name, vers, ssl_trace_str(vers, ssl_version_tbl));

202
openssl-equal-1.1.1a_ciphers.patch
View File

@ -49,43 +49,6 @@ index 87b295c9f9..d118d8e864 100644
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index e13b5dd4bc..779341c948 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -30,6 +30,16 @@ extern "C" {
# define TLS1_3_VERSION 0x0304
# define TLS_MAX_VERSION TLS1_3_VERSION
+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
+# define TLS1_3_VERSION_DRAFT_23 0x7f17
+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
+# define TLS1_3_VERSION_DRAFT 0x7f1c
+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
+
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index a11ed483e6..4fd583dd03 100644
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
if (((alg_enc & SSL_AESCCM) != 0
&& EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
(unsigned int)rec->length) <= 0)
- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
- sizeof(recheader)) <= 0
+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23
+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
+ sizeof(recheader)) <= 0)
|| EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
(unsigned int)rec->length) <= 0
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 866ca4dfa9..1b6b99cb19 100644
--- a/ssl/s3_lib.c
@ -1057,15 +1020,6 @@ index 70e5a1740f..d583840984 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1080,6 +1117,8 @@ struct ssl_st {
* DTLS1_VERSION)
*/
int version;
+ /* TODO(TLS1.3): Remove this before release */
+ int version_draft;
/* SSLv3 */
const SSL_METHOD *method;
/*
@@ -1138,7 +1177,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
@ -1107,124 +1061,6 @@ index 70e5a1740f..d583840984 100644
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index ab4dbf6713..745897b638 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
+ * we should include versions <TLS1.2. For the moment we do. To be
+ * reviewed later.
+ */
for (currv = max_version; currv >= min_version; currv--) {
- if (!WPACKET_put_bytes_u16(pkt, currv)) {
+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */
+ if (currv == TLS1_3_VERSION) {
+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+ ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 0;
}
+ /* TODO(TLS1.3): Remove this before release */
+ if (version == TLS1_3_VERSION_DRAFT
+ || version == TLS1_3_VERSION_DRAFT_27
+ || version == TLS1_3_VERSION_DRAFT_26
+ || version == TLS1_3_VERSION_DRAFT_23) {
+ s->version_draft = version;
+ version = TLS1_3_VERSION;
+ }
+
/*
* The only protocol version we support which is valid in this extension in
* a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 0f2b22392b..6c1ce9813f 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(&hrrpkt)
- || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
+ /* TODO(TLS1.3): Fix this before release */
+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
|| !WPACKET_close(&hrrpkt)) {
WPACKET_cleanup(&hrrpkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u16(pkt, s->version)
+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
+ || !WPACKET_put_bytes_u16(pkt, s->version_draft)
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 4324896f50..d0de7ffe3d 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
+ /* TODO(TLS1.3): Remove this before release */
+ unsigned int orig_candidate = 0;
suppversions->parsed = 1;
@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+ /* TODO(TLS1.3): Remove this before release */
+ if (candidate_vers == TLS1_3_VERSION
+ || candidate_vers == TLS1_3_VERSION_DRAFT
+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
+ if (best_vers == TLS1_3_VERSION
+ && (orig_candidate > candidate_vers
+ || orig_candidate == TLS1_3_VERSION))
+ continue;
+ orig_candidate = candidate_vers;
+ candidate_vers = TLS1_3_VERSION;
+ }
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list about
+ * whether to ignore versions <TLS1.2 in supported_versions. At the
+ * moment we honour them if present. To be reviewed later
+ */
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
+ /* TODO(TLS1.3): Remove this before release */
+ if (best_vers == TLS1_3_VERSION)
+ s->version_draft = orig_candidate;
s->method = best_method;
return 0;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e7c11c4bea..a2a6c1e44e 100644
--- a/ssl/statem/statem_srvr.c
@ -1268,41 +1104,3 @@ index e7c11c4bea..a2a6c1e44e 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index be3039af38..99c4ddcb41 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
{TLS1_3_VERSION, "TLS 1.3"},
+ /* TODO(TLS1.3): Remove these lines before release */
+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
{DTLS1_VERSION, "DTLS 1.0"},
{DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
if (*pmsglen < 2)
return 0;
vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
- if (version != NULL)
- *version = vers;
+ if (version != NULL) {
+ /* TODO(TLS1.3): Remove the draft conditional here before release */
+ switch(vers) {
+ case TLS1_3_VERSION_DRAFT_23:
+ case TLS1_3_VERSION_DRAFT_26:
+ case TLS1_3_VERSION_DRAFT_27:
+ case TLS1_3_VERSION_DRAFT:
+ *version = TLS1_3_VERSION;
+ break;
+ default:
+ *version = vers;
+ }
+ }
BIO_indent(bio, indent, 80);
BIO_printf(bio, "%s=0x%x (%s)\n",
name, vers, ssl_trace_str(vers, ssl_version_tbl));

202
openssl-equal-3.0.0-dev.patch
View File

@ -70,43 +70,6 @@ index f8783717bc..0e7ad2818b 100644
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 166f15ad5c..3205f1cbfb 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -32,6 +32,16 @@ extern "C" {
# define TLS_MAX_VERSION TLS1_3_VERSION
# endif
+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
+# define TLS1_3_VERSION_DRAFT_23 0x7f17
+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
+# define TLS1_3_VERSION_DRAFT 0x7f1c
+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
+
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index 30e5dddf82..4f1c2f2bd1 100644
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
if (((alg_enc & SSL_AESCCM) != 0
&& EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
(unsigned int)rec->length) <= 0)
- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
- sizeof(recheader)) <= 0
+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23
+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
+ sizeof(recheader)) <= 0)
|| EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
(unsigned int)rec->length) <= 0
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a5b3dbbfd5..505c32d18e 100644
--- a/ssl/s3_lib.c
@ -1022,15 +985,6 @@ index bd0d4210f4..2c96db0618 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1088,6 +1125,8 @@ struct ssl_st {
* DTLS1_VERSION)
*/
int version;
+ /* TODO(TLS1.3): Remove this before release */
+ int version_draft;
/* SSLv3 */
const SSL_METHOD *method;
/*
@@ -1146,7 +1185,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
@ -1072,124 +1026,6 @@ index bd0d4210f4..2c96db0618 100644
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 6e133e026e..f26bc8e879 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
+ * we should include versions <TLS1.2. For the moment we do. To be
+ * reviewed later.
+ */
for (currv = max_version; currv >= min_version; currv--) {
- if (!WPACKET_put_bytes_u16(pkt, currv)) {
+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */
+ if (currv == TLS1_3_VERSION) {
+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+ ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 0;
}
+ /* TODO(TLS1.3): Remove this before release */
+ if (version == TLS1_3_VERSION_DRAFT
+ || version == TLS1_3_VERSION_DRAFT_27
+ || version == TLS1_3_VERSION_DRAFT_26
+ || version == TLS1_3_VERSION_DRAFT_23) {
+ s->version_draft = version;
+ version = TLS1_3_VERSION;
+ }
+
/*
* The only protocol version we support which is valid in this extension in
* a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 6545f5727d..15786a7bfc 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(&hrrpkt)
- || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
+ /* TODO(TLS1.3): Fix this before release */
+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
|| !WPACKET_close(&hrrpkt)) {
WPACKET_cleanup(&hrrpkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u16(pkt, s->version)
+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
+ || !WPACKET_put_bytes_u16(pkt, s->version_draft)
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 2f78a3f602..5d5121d12b 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1770,6 +1770,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
+ /* TODO(TLS1.3): Remove this before release */
+ unsigned int orig_candidate = 0;
suppversions->parsed = 1;
@@ -1791,6 +1793,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+ /* TODO(TLS1.3): Remove this before release */
+ if (candidate_vers == TLS1_3_VERSION
+ || candidate_vers == TLS1_3_VERSION_DRAFT
+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
+ if (best_vers == TLS1_3_VERSION
+ && (orig_candidate > candidate_vers
+ || orig_candidate == TLS1_3_VERSION))
+ continue;
+ orig_candidate = candidate_vers;
+ candidate_vers = TLS1_3_VERSION;
+ }
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list about
+ * whether to ignore versions <TLS1.2 in supported_versions. At the
+ * moment we honour them if present. To be reviewed later
+ */
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
@@ -1813,6 +1832,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
+ /* TODO(TLS1.3): Remove this before release */
+ if (best_vers == TLS1_3_VERSION)
+ s->version_draft = orig_candidate;
s->method = best_method;
return 0;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b0dd54903d..1d096858f8 100644
--- a/ssl/statem/statem_srvr.c
@ -1233,41 +1069,3 @@ index b0dd54903d..1d096858f8 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 656fefe896..654271f368 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
{TLS1_3_VERSION, "TLS 1.3"},
+ /* TODO(TLS1.3): Remove these lines before release */
+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
{DTLS1_VERSION, "DTLS 1.0"},
{DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
if (*pmsglen < 2)
return 0;
vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
- if (version != NULL)
- *version = vers;
+ if (version != NULL) {
+ /* TODO(TLS1.3): Remove the draft conditional here before release */
+ switch(vers) {
+ case TLS1_3_VERSION_DRAFT_23:
+ case TLS1_3_VERSION_DRAFT_26:
+ case TLS1_3_VERSION_DRAFT_27:
+ case TLS1_3_VERSION_DRAFT:
+ *version = TLS1_3_VERSION;
+ break;
+ default:
+ *version = vers;
+ }
+ }
BIO_indent(bio, indent, 80);
BIO_printf(bio, "%s=0x%x (%s)\n",
name, vers, ssl_trace_str(vers, ssl_version_tbl));

202
openssl-equal-3.0.0-dev_ciphers.patch
View File

@ -49,43 +49,6 @@ index f8783717bc..0e7ad2818b 100644
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 166f15ad5c..3205f1cbfb 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -32,6 +32,16 @@ extern "C" {
# define TLS_MAX_VERSION TLS1_3_VERSION
# endif
+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
+# define TLS1_3_VERSION_DRAFT_23 0x7f17
+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
+# define TLS1_3_VERSION_DRAFT_27 0x7f1b
+# define TLS1_3_VERSION_DRAFT 0x7f1c
+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)"
+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)"
+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)"
+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)"
+
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index 30e5dddf82..4f1c2f2bd1 100644
--- a/ssl/record/ssl3_record_tls13.c
+++ b/ssl/record/ssl3_record_tls13.c
@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
if (((alg_enc & SSL_AESCCM) != 0
&& EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
(unsigned int)rec->length) <= 0)
- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
- sizeof(recheader)) <= 0
+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23
+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
+ sizeof(recheader)) <= 0)
|| EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
(unsigned int)rec->length) <= 0
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a5b3dbbfd5..6dd4ad4b68 100644
--- a/ssl/s3_lib.c
@ -1057,15 +1020,6 @@ index bd0d4210f4..2c96db0618 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1088,6 +1125,8 @@ struct ssl_st {
* DTLS1_VERSION)
*/
int version;
+ /* TODO(TLS1.3): Remove this before release */
+ int version_draft;
/* SSLv3 */
const SSL_METHOD *method;
/*
@@ -1146,7 +1185,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
@ -1107,124 +1061,6 @@ index bd0d4210f4..2c96db0618 100644
__owur int ssl3_digest_cached_records(SSL *s, int keep);
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 6e133e026e..f26bc8e879 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
+ * we should include versions <TLS1.2. For the moment we do. To be
+ * reviewed later.
+ */
for (currv = max_version; currv >= min_version; currv--) {
- if (!WPACKET_put_bytes_u16(pkt, currv)) {
+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */
+ if (currv == TLS1_3_VERSION) {
+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+ ERR_R_INTERNAL_ERROR);
+ return EXT_RETURN_FAIL;
+ }
+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 0;
}
+ /* TODO(TLS1.3): Remove this before release */
+ if (version == TLS1_3_VERSION_DRAFT
+ || version == TLS1_3_VERSION_DRAFT_27
+ || version == TLS1_3_VERSION_DRAFT_26
+ || version == TLS1_3_VERSION_DRAFT_23) {
+ s->version_draft = version;
+ version = TLS1_3_VERSION;
+ }
+
/*
* The only protocol version we support which is valid in this extension in
* a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 6545f5727d..15786a7bfc 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
}
if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(&hrrpkt)
- || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
+ /* TODO(TLS1.3): Fix this before release */
+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft)
|| !WPACKET_close(&hrrpkt)) {
WPACKET_cleanup(&hrrpkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u16(pkt, s->version)
+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */
+ || !WPACKET_put_bytes_u16(pkt, s->version_draft)
|| !WPACKET_close(pkt)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 2f78a3f602..5d5121d12b 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1770,6 +1770,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
+ /* TODO(TLS1.3): Remove this before release */
+ unsigned int orig_candidate = 0;
suppversions->parsed = 1;
@@ -1791,6 +1793,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+ /* TODO(TLS1.3): Remove this before release */
+ if (candidate_vers == TLS1_3_VERSION
+ || candidate_vers == TLS1_3_VERSION_DRAFT
+ || candidate_vers == TLS1_3_VERSION_DRAFT_26
+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) {
+ if (best_vers == TLS1_3_VERSION
+ && (orig_candidate > candidate_vers
+ || orig_candidate == TLS1_3_VERSION))
+ continue;
+ orig_candidate = candidate_vers;
+ candidate_vers = TLS1_3_VERSION;
+ }
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list about
+ * whether to ignore versions <TLS1.2 in supported_versions. At the
+ * moment we honour them if present. To be reviewed later
+ */
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
@@ -1813,6 +1832,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
+ /* TODO(TLS1.3): Remove this before release */
+ if (best_vers == TLS1_3_VERSION)
+ s->version_draft = orig_candidate;
s->method = best_method;
return 0;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b0dd54903d..1d096858f8 100644
--- a/ssl/statem/statem_srvr.c
@ -1268,41 +1104,3 @@ index b0dd54903d..1d096858f8 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 656fefe896..654271f368 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = {
{TLS1_1_VERSION, "TLS 1.1"},
{TLS1_2_VERSION, "TLS 1.2"},
{TLS1_3_VERSION, "TLS 1.3"},
+ /* TODO(TLS1.3): Remove these lines before release */
+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23},
+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26},
+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27},
+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
{DTLS1_VERSION, "DTLS 1.0"},
{DTLS1_2_VERSION, "DTLS 1.2"},
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name,
if (*pmsglen < 2)
return 0;
vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
- if (version != NULL)
- *version = vers;
+ if (version != NULL) {
+ /* TODO(TLS1.3): Remove the draft conditional here before release */
+ switch(vers) {
+ case TLS1_3_VERSION_DRAFT_23:
+ case TLS1_3_VERSION_DRAFT_26:
+ case TLS1_3_VERSION_DRAFT_27:
+ case TLS1_3_VERSION_DRAFT:
+ *version = TLS1_3_VERSION;
+ break;
+ default:
+ *version = vers;
+ }
+ }
BIO_indent(bio, indent, 80);
BIO_printf(bio, "%s=0x%x (%s)\n",
name, vers, ssl_trace_str(vers, ssl_version_tbl));