diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-08-13 20:46:21 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-08-20 21:49:28 +0200 |
| commit | f261e651fffcdcd8c74128c7c6622170d4593553 (patch) | |
| tree | 41c81c4144bd7877f86658ba417fdcd6626b6a90 | |
| parent | a46e3d3a3aab8957934b949d05177ed1503b5f5e (diff) | |
| download | gnutls-f261e651fffcdcd8c74128c7c6622170d4593553.tar.gz | |
protocols: bumped TLS1.3 version number to RFC8446 value
This adds support of the final RFC numbers.
Resolves #542
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | NEWS | 2 | ||||
| m--------- | devel/openssl | 0 | ||||
| -rw-r--r-- | lib/algorithms/protocols.c | 22 | ||||
| -rw-r--r-- | tests/tls13/prf.c | 8 | ||||
| -rw-r--r-- | tests/tls13/supported_versions.c | 4 |
5 files changed, 6 insertions, 30 deletions
@@ -7,6 +7,8 @@ See the end for copying conditions. * Version 3.6.4 (unreleased) +** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. + ** libgnutls: Corrected regression since 3.6.3 in the callbacks set with gnutls_certificate_set_retrieve_function() which could not handle the case where no certificates were returned, or the callbacks were set to NULL (see #528). diff --git a/devel/openssl b/devel/openssl -Subproject 09fb65d5e413b7b87bf26f01ec441b44a03d4ee +Subproject 2805ee1e095a78f596dc7adf778441e2edb9f15 diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index e1093a9ced..12907190df 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -93,7 +93,6 @@ static const version_entry_st sup_versions[] = { .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 1 }, -#ifdef TLS13_FINAL_VERSION {.name = "TLS1.3", .id = GNUTLS_TLS1_3, .age = 5, @@ -113,27 +112,6 @@ static const version_entry_st sup_versions[] = { .false_start = 0, /* doesn't make sense */ .tls_sig_sem = SIG_SEM_TLS13 }, -#else - {.name = "TLS1.3", - .id = GNUTLS_TLS1_3, - .age = 5, - .major = 0x7f, - .minor = 28, - .transport = GNUTLS_STREAM, - .supported = 1, - .explicit_iv = 0, - .extensions = 1, - .selectable_sighash = 1, - .selectable_prf = 1, - .tls13_sem = 1, - .obsolete = 0, - .only_extension = 1, - .post_handshake_auth = 1, - .key_shares = 1, - .false_start = 0, /* doesn't make sense */ - .tls_sig_sem = SIG_SEM_TLS13 - }, -#endif {.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */ .id = GNUTLS_DTLS0_9, .age = 200, diff --git a/tests/tls13/prf.c b/tests/tls13/prf.c index dc34973e8f..eb2d0e6096 100644 --- a/tests/tls13/prf.c +++ b/tests/tls13/prf.c @@ -126,10 +126,10 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size) } \ } -#define KEY_EXP_VALUE "\x42\xba\x1d\x14\x6d\x09\x4f\x64\x7a\x65\xc0\x39\xf8\xd6\x98\xa7\x71\xcd\xb5\xd1\x8d\xf7\x70\xca\x22\x2d\xad\x3f\xac\x47\xe9\x13\xfa\xd0" -#define HELLO_VALUE "\x0a\xc9\xa4\x5b\xf8\x19\x07\x1c\x56\x61\x7f\xcf\x71\x8b\xff\x0d\xc3\x74\xd7\xf3\x12\xd8\xde\xa8\x33\xcb\x3d\xf3\xc2\x78\x51" -#define CONTEXT_VALUE "\x7c\x89\xaf\x6f\x98\xbd\xa4\xc4\xad\x10\x54\xc2\x6d\x87\xb3\x94\x02\x62\x2f\x1f\x64\x82\x10\x30\xb6\x49\x08\x2f\x0d\x82\xc1" -#define NULL_CONTEXT_VALUE "\xa6\xf4\x67\x86\x16\x06\xd0\x53\xcf\x19\xc7\x26\xa4\x94\xc4\x78\xea\xeb\x51\x8e\x04\x0b\x53\xaf\x9f\xde\x0b\xe8\xc3\x08\x04" +#define KEY_EXP_VALUE "\xfb\xcb\x96\x87\x8c\x64\x8b\x60\xef\xdc\x76\xb0\x7c\x3b\xd1\x50\x1e\xb1\x3f\x39\xb2\x20\x74\x2c\xb2\x76\x12\x9f\xfc\xad\xb9\xce\x1d\x9a" +#define HELLO_VALUE "\x61\x32\x14\x81\x9b\xa0\x43\xcd\x39\xbf\x63\x18\x7c\xb7\xf3\x02\x65\xab\x2c\xa4\xaf\xbc\x1c\x7a\x1d\xa4\xc5\x28\x8f\x45\x68" +#define CONTEXT_VALUE "\xa7\x3c\xa7\x59\x94\x33\xb4\x97\x90\x92\x8c\xe2\x39\xda\x56\x42\x4a\xeb\xeb\xab\x73\xc4\x20\xf0\x34\x4f\xda\xf8\x17\xf5\xbd" +#define NULL_CONTEXT_VALUE "\x66\xa1\x0a\xcb\xfa\x28\x85\x79\xa3\x30\xeb\xc5\xd5\x50\x62\xdd\xb4\x9c\xa7\x0b\x0b\xe0\x28\x03\x18\xfb\x32\x3d\x37\xf2\xe5" static void check_prfs(gnutls_session_t session) { unsigned char key_material[512]; diff --git a/tests/tls13/supported_versions.c b/tests/tls13/supported_versions.c index 49ba87212a..dbcc33d903 100644 --- a/tests/tls13/supported_versions.c +++ b/tests/tls13/supported_versions.c @@ -221,11 +221,7 @@ static int client_hello_callback(gnutls_session_t session, unsigned int htype, (int)msg->data[pos+2], (int)msg->data[pos+3], (int)msg->data[pos+4], (int)msg->data[pos+5]); -#ifdef TLS13_FINAL_VERSION if (msg->data[pos] != 0x03 || msg->data[pos+1] != 0x04) { -#else - if (msg->data[pos] != 0x7f || msg->data[pos+1] != 28) { -#endif fail("fail expected TLS 1.3, got %d.%d\n", (int)msg->data[pos], (int)msg->data[pos+1]); } pos+=2; |