From f261e651fffcdcd8c74128c7c6622170d4593553 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 13 Aug 2018 20:46:21 +0200
Subject: protocols: bumped TLS1.3 version number to RFC8446 value

This adds support of the final RFC numbers.

Resolves #542

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 NEWS                             |  2 ++
 devel/openssl                    |  2 +-
 lib/algorithms/protocols.c       | 22 ----------------------
 tests/tls13/prf.c                |  8 ++++----
 tests/tls13/supported_versions.c |  4 ----
 5 files changed, 7 insertions(+), 31 deletions(-)

diff --git a/NEWS b/NEWS
index 57d2703903..96fac0299d 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@ See the end for copying conditions.
 
 * Version 3.6.4 (unreleased)
 
+** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
+
 ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with
    gnutls_certificate_set_retrieve_function() which could not handle the case where
    no certificates were returned, or the callbacks were set to NULL (see #528).
diff --git a/devel/openssl b/devel/openssl
index 09fb65d5e4..2805ee1e09 160000
--- a/devel/openssl
+++ b/devel/openssl
@@ -1 +1 @@
-Subproject commit 09fb65d5e413b7b87bf26f01ec441b44a03d4ee2
+Subproject commit 2805ee1e095a78f596dc7adf778441e2edb9f15c
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index e1093a9ced..12907190df 100644
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -93,7 +93,6 @@ static const version_entry_st sup_versions[] = {
 	 .tls_sig_sem = SIG_SEM_PRE_TLS12,
 	 .false_start = 1
 	},
-#ifdef TLS13_FINAL_VERSION
 	{.name = "TLS1.3",
 	 .id = GNUTLS_TLS1_3,
 	 .age = 5,
@@ -113,27 +112,6 @@ static const version_entry_st sup_versions[] = {
 	 .false_start = 0, /* doesn't make sense */
 	 .tls_sig_sem = SIG_SEM_TLS13
 	},
-#else
-	{.name = "TLS1.3",
-	 .id = GNUTLS_TLS1_3,
-	 .age = 5,
-	 .major = 0x7f,
-	 .minor = 28,
-	 .transport = GNUTLS_STREAM,
-	 .supported = 1,
-	 .explicit_iv = 0,
-	 .extensions = 1,
-	 .selectable_sighash = 1,
-	 .selectable_prf = 1,
-	 .tls13_sem = 1,
-	 .obsolete = 0,
-	 .only_extension = 1,
-	 .post_handshake_auth = 1,
-	 .key_shares = 1,
-	 .false_start = 0, /* doesn't make sense */
-	 .tls_sig_sem = SIG_SEM_TLS13
-	},
-#endif
 	{.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
 	 .id = GNUTLS_DTLS0_9,
 	 .age = 200,
diff --git a/tests/tls13/prf.c b/tests/tls13/prf.c
index dc34973e8f..eb2d0e6096 100644
--- a/tests/tls13/prf.c
+++ b/tests/tls13/prf.c
@@ -126,10 +126,10 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size)
 	} \
 	}
 
-#define KEY_EXP_VALUE "\x42\xba\x1d\x14\x6d\x09\x4f\x64\x7a\x65\xc0\x39\xf8\xd6\x98\xa7\x71\xcd\xb5\xd1\x8d\xf7\x70\xca\x22\x2d\xad\x3f\xac\x47\xe9\x13\xfa\xd0"
-#define HELLO_VALUE "\x0a\xc9\xa4\x5b\xf8\x19\x07\x1c\x56\x61\x7f\xcf\x71\x8b\xff\x0d\xc3\x74\xd7\xf3\x12\xd8\xde\xa8\x33\xcb\x3d\xf3\xc2\x78\x51"
-#define CONTEXT_VALUE "\x7c\x89\xaf\x6f\x98\xbd\xa4\xc4\xad\x10\x54\xc2\x6d\x87\xb3\x94\x02\x62\x2f\x1f\x64\x82\x10\x30\xb6\x49\x08\x2f\x0d\x82\xc1"
-#define NULL_CONTEXT_VALUE "\xa6\xf4\x67\x86\x16\x06\xd0\x53\xcf\x19\xc7\x26\xa4\x94\xc4\x78\xea\xeb\x51\x8e\x04\x0b\x53\xaf\x9f\xde\x0b\xe8\xc3\x08\x04"
+#define KEY_EXP_VALUE "\xfb\xcb\x96\x87\x8c\x64\x8b\x60\xef\xdc\x76\xb0\x7c\x3b\xd1\x50\x1e\xb1\x3f\x39\xb2\x20\x74\x2c\xb2\x76\x12\x9f\xfc\xad\xb9\xce\x1d\x9a"
+#define HELLO_VALUE "\x61\x32\x14\x81\x9b\xa0\x43\xcd\x39\xbf\x63\x18\x7c\xb7\xf3\x02\x65\xab\x2c\xa4\xaf\xbc\x1c\x7a\x1d\xa4\xc5\x28\x8f\x45\x68"
+#define CONTEXT_VALUE "\xa7\x3c\xa7\x59\x94\x33\xb4\x97\x90\x92\x8c\xe2\x39\xda\x56\x42\x4a\xeb\xeb\xab\x73\xc4\x20\xf0\x34\x4f\xda\xf8\x17\xf5\xbd"
+#define NULL_CONTEXT_VALUE "\x66\xa1\x0a\xcb\xfa\x28\x85\x79\xa3\x30\xeb\xc5\xd5\x50\x62\xdd\xb4\x9c\xa7\x0b\x0b\xe0\x28\x03\x18\xfb\x32\x3d\x37\xf2\xe5"
 static void check_prfs(gnutls_session_t session)
 {
 	unsigned char key_material[512];
diff --git a/tests/tls13/supported_versions.c b/tests/tls13/supported_versions.c
index 49ba87212a..dbcc33d903 100644
--- a/tests/tls13/supported_versions.c
+++ b/tests/tls13/supported_versions.c
@@ -221,11 +221,7 @@ static int client_hello_callback(gnutls_session_t session, unsigned int htype,
 				(int)msg->data[pos+2], (int)msg->data[pos+3], 
 				(int)msg->data[pos+4], (int)msg->data[pos+5]);
 
-#ifdef TLS13_FINAL_VERSION
 			if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) {
-#else
-			if (msg->data[pos] != 0x7f || msg->data[pos+1] != 28) {
-#endif
 				fail("fail expected TLS 1.3, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]);
 			}
 			pos+=2;
-- 
cgit v1.2.1