Fix some missing checks for TLS1_3_VERSION_DRAFT
authorMatt Caswell <matt@openssl.org>
Mon, 7 Nov 2016 13:48:07 +0000 (13:48 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 9 Nov 2016 16:03:09 +0000 (16:03 +0000)
There were a few places where we weren't checking to see if we were using
the draft TLS1.3 version or not.

Reviewed-by: Rich Salz <rsalz@openssl.org>
include/openssl/tls1.h
ssl/statem/statem_lib.c
ssl/statem/statem_srvr.c
ssl/t1_trce.c

index 071aed6..d0cce09 100644 (file)
@@ -70,6 +70,7 @@ extern "C" {
 
 /* TODO(TLS1.3) REMOVE ME: Version indicator for draft -18 */
 # define TLS1_3_VERSION_DRAFT            0x7f12
+# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 18)"
 
 /* Special value for method supporting multiple versions */
 # define TLS_ANY_VERSION                 0x10000
index 6c51699..15dc6fd 100644 (file)
@@ -1118,6 +1118,10 @@ int ssl_choose_client_version(SSL *s, int version)
     const version_info *vent;
     const version_info *table;
 
+    /* TODO(TLS1.3): Remove this before release */
+    if (version == TLS1_3_VERSION_DRAFT)
+        version = TLS1_3_VERSION;
+
     switch (s->method->version) {
     default:
         if (version != s->version)
index 89de025..a33362d 100644 (file)
@@ -1547,7 +1547,9 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
     int compm, al = SSL_AD_INTERNAL_ERROR;
     size_t sl, len;
 
-    if (!WPACKET_put_bytes_u16(pkt, s->version)
+    /* TODO(TLS1.3): Remove the DRAFT conditional before release */
+    if (!WPACKET_put_bytes_u16(pkt, (s->version == TLS1_3_VERSION)
+                                    ? TLS1_3_VERSION_DRAFT : s->version)
                /*
                 * Random stuff. Filling of the server_random takes place in
                 * tls_process_client_hello()
index 431d449..c7a650c 100644 (file)
@@ -62,6 +62,8 @@ static ssl_trace_tbl ssl_version_tbl[] = {
     {TLS1_1_VERSION, "TLS 1.1"},
     {TLS1_2_VERSION, "TLS 1.2"},
     {TLS1_3_VERSION, "TLS 1.3"},
+    /* TODO(TLS1.3): Remove this line before release */
+    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
     {DTLS1_VERSION, "DTLS 1.0"},
     {DTLS1_2_VERSION, "DTLS 1.2"},
     {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -571,7 +573,7 @@ static ssl_trace_tbl ssl_supp_versions_tbl[] = {
     {TLS1_1_VERSION, "TLSv1.1"},
     {TLS1_2_VERSION, "TLSv1.2"},
     {TLS1_3_VERSION, "TLSv1.3"},
-    {TLS1_3_VERSION_DRAFT, "TLSv1.3 draft 18"}
+    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT}
 };
 
 static void ssl_print_hex(BIO *bio, int indent, const char *name,