From: Matt Caswell Date: Mon, 7 Nov 2016 13:48:07 +0000 (+0000) Subject: Fix some missing checks for TLS1_3_VERSION_DRAFT X-Git-Tag: OpenSSL_1_1_1-pre1~3119 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b97667ce679d439a5620c326e0e9fefea3186bdc;p=oweals%2Fopenssl.git Fix some missing checks for TLS1_3_VERSION_DRAFT There were a few places where we weren't checking to see if we were using the draft TLS1.3 version or not. Reviewed-by: Rich Salz --- diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 071aed6c78..d0cce09263 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -70,6 +70,7 @@ extern "C" { /* TODO(TLS1.3) REMOVE ME: Version indicator for draft -18 */ # define TLS1_3_VERSION_DRAFT 0x7f12 +# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 18)" /* Special value for method supporting multiple versions */ # define TLS_ANY_VERSION 0x10000 diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 6c51699d33..15dc6fd35b 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1118,6 +1118,10 @@ int ssl_choose_client_version(SSL *s, int version) const version_info *vent; const version_info *table; + /* TODO(TLS1.3): Remove this before release */ + if (version == TLS1_3_VERSION_DRAFT) + version = TLS1_3_VERSION; + switch (s->method->version) { default: if (version != s->version) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 89de0257ac..a33362d57f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1547,7 +1547,9 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) int compm, al = SSL_AD_INTERNAL_ERROR; size_t sl, len; - if (!WPACKET_put_bytes_u16(pkt, s->version) + /* TODO(TLS1.3): Remove the DRAFT conditional before release */ + if (!WPACKET_put_bytes_u16(pkt, (s->version == TLS1_3_VERSION) + ? TLS1_3_VERSION_DRAFT : s->version) /* * Random stuff. Filling of the server_random takes place in * tls_process_client_hello() diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 431d4494e8..c7a650c48a 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -62,6 +62,8 @@ static ssl_trace_tbl ssl_version_tbl[] = { {TLS1_1_VERSION, "TLS 1.1"}, {TLS1_2_VERSION, "TLS 1.2"}, {TLS1_3_VERSION, "TLS 1.3"}, + /* TODO(TLS1.3): Remove this line before release */ + {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT}, {DTLS1_VERSION, "DTLS 1.0"}, {DTLS1_2_VERSION, "DTLS 1.2"}, {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} @@ -571,7 +573,7 @@ static ssl_trace_tbl ssl_supp_versions_tbl[] = { {TLS1_1_VERSION, "TLSv1.1"}, {TLS1_2_VERSION, "TLSv1.2"}, {TLS1_3_VERSION, "TLSv1.3"}, - {TLS1_3_VERSION_DRAFT, "TLSv1.3 draft 18"} + {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT} }; static void ssl_print_hex(BIO *bio, int indent, const char *name,