diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-18 15:35:21 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:33 +0100 |
commit | 442436372cf9e483fa6831fda190646207ad48c7 (patch) | |
tree | 64f6ea2abf166d5feae6383ec2abe9117edbacb2 | |
parent | ca8813f835343f51dfff2982cc6ead9a9f116db4 (diff) | |
download | gnutls-442436372cf9e483fa6831fda190646207ad48c7.tar.gz |
Negotiate draft-TLS1.3
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/algorithms/protocols.c | 29 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/handshake.c | 10 | ||||
-rw-r--r-- | tests/tls13/ext-parse.h | 4 | ||||
-rw-r--r-- | tests/tls13/supported_versions.c | 8 |
5 files changed, 44 insertions, 9 deletions
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 3937800cc3..ef753aa877 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -87,18 +87,39 @@ static const version_entry_st sup_versions[] = { .only_extension = 0, .false_start = 1 }, +#ifdef TLS13_FINAL_VERSION {.name = "TLS1.3", .id = GNUTLS_TLS1_3, - .age = 4, + .age = 5, .major = 3, .minor = 4, .transport = GNUTLS_STREAM, .supported = 1, - .explicit_iv = 1, + .explicit_iv = 0, + .extensions = 1, + .selectable_sighash = 1, + .selectable_prf = 1, + .tls13_sem = 1, + .obsolete = 0, + .only_extension = 1, + .post_handshake_auth = 1, + .key_shares = 1, + .false_start = 0, /* doesn't make sense */ + .tls_sig_sem = 1 + }, +#else + {.name = "TLS1.3", + .id = GNUTLS_TLS1_3, + .age = 5, + .major = 0x7f, + .minor = 21, + .transport = GNUTLS_STREAM, + .supported = 1, + .explicit_iv = 0, .extensions = 1, .selectable_sighash = 1, .selectable_prf = 1, - .compact_hello = 1, + .tls13_sem = 1, .obsolete = 0, .only_extension = 1, .post_handshake_auth = 1, @@ -106,6 +127,7 @@ static const version_entry_st sup_versions[] = { .false_start = 0, /* doesn't make sense */ .tls_sig_sem = 1 }, +#endif {.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */ .id = GNUTLS_DTLS0_9, .age = 200, @@ -300,6 +322,7 @@ int _gnutls_write_supported_versions(gnutls_session_t session, uint8_t *buffer, at_least_one_new = 1; if (buffer_size > 2) { + _gnutls_debug_log("Advertizing version %x.%x\n", (int)p->major, (int)p->minor); buffer[0] = p->major; buffer[1] = p->minor; written_bytes += 2; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index b16a98d1d8..8bd1df3163 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -527,7 +527,7 @@ typedef struct { /* if SSL3 is disabled this flag indicates that this protocol is a placeholder, * otherwise it prevents this protocol from being set as record version */ bool obsolete; - bool compact_hello; /* The TLS 1.3 client and server hello form */ + bool tls13_sem; /* The TLS 1.3 handshake semantics */ bool false_start; /* That version can be used with false start */ bool only_extension; /* negotiated only with an extension */ bool post_handshake_auth; /* Supports the TLS 1.3 post handshake auth */ diff --git a/lib/handshake.c b/lib/handshake.c index 93ac83950e..1a868ab198 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1542,7 +1542,7 @@ read_server_hello(gnutls_session_t session, pos += GNUTLS_RANDOM_SIZE; - if (!vers->compact_hello) { + if (!vers->tls13_sem) { /* Read session ID */ DECR_LEN(len, 1); @@ -1587,7 +1587,7 @@ read_server_hello(gnutls_session_t session, } pos += 2; - if (!vers->compact_hello) { + if (!vers->tls13_sem) { /* move to compression */ DECR_LEN(len, 1); @@ -1882,7 +1882,7 @@ static int send_server_hello(gnutls_session_t session, int again) goto fail; } - if (!vers->compact_hello) { + if (!vers->tls13_sem) { datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3 + extdata.length; } else { datalen = 2 + GNUTLS_RANDOM_SIZE + 2 + extdata.length; @@ -1905,7 +1905,7 @@ static int send_server_hello(gnutls_session_t session, int again) GNUTLS_RANDOM_SIZE); pos += GNUTLS_RANDOM_SIZE; - if (!vers->compact_hello) { + if (!vers->tls13_sem) { data[pos++] = session_id_len; if (session_id_len > 0) { memcpy(&data[pos], @@ -1925,7 +1925,7 @@ static int send_server_hello(gnutls_session_t session, int again) session->security_parameters.cs->id, 2); pos += 2; - if (!vers->compact_hello) { + if (!vers->tls13_sem) { data[pos++] = 0x00; } diff --git a/tests/tls13/ext-parse.h b/tests/tls13/ext-parse.h index 02ad08d921..7e0dd9b4be 100644 --- a/tests/tls13/ext-parse.h +++ b/tests/tls13/ext-parse.h @@ -112,7 +112,11 @@ static unsigned find_server_extension(const gnutls_datum_t *msg, unsigned extnr, success("server hello of %d bytes\n", msg->size); /* we expect the legacy version to be present */ /* ProtocolVersion legacy_version = 0x0303 */ +#ifdef TLS13_FINAL_VERSION if (msg->data[0] != 0x03) { +#else + if (msg->data[0] != 0x7f) { +#endif fail("ProtocolVersion contains %d.%d\n", (int)msg->data[0], (int)msg->data[1]); } diff --git a/tests/tls13/supported_versions.c b/tests/tls13/supported_versions.c index 17f65d7e5a..31eb4ddbb6 100644 --- a/tests/tls13/supported_versions.c +++ b/tests/tls13/supported_versions.c @@ -152,7 +152,11 @@ static int client_hello_callback(gnutls_session_t session, unsigned int htype, success("server hello:\n\t%d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]); +#ifdef TLS13_FINAL_VERSION if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) { +#else + if (msg->data[pos] != 0x7f || msg->data[pos+1] != 21) { +#endif fail("fail expected TLS 1.3 in server hello, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]); } @@ -221,7 +225,11 @@ static int client_hello_callback(gnutls_session_t session, unsigned int htype, (int)msg->data[pos+2], (int)msg->data[pos+3], (int)msg->data[pos+4], (int)msg->data[pos+5]); +#ifdef TLS13_FINAL_VERSION if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) { +#else + if (msg->data[pos] != 0x7f || msg->data[pos+1] != 21) { +#endif fail("fail expected TLS 1.3, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]); } pos+=2; |