From 72b24d2d255d57f886367d8479e0a96e1a12ea3c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 18 Jul 2017 15:35:21 +0200 Subject: Negotiate draft-TLS1.3 Signed-off-by: Nikos Mavrogiannopoulos --- lib/algorithms/protocols.c | 29 ++++++++++++++++++++++++++--- lib/gnutls_int.h | 2 +- lib/handshake.c | 10 +++++----- 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 7b3ca2a3a7..1219755256 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -87,18 +87,39 @@ static const version_entry_st sup_versions[] = { .only_extension = 0, .false_start = 1 }, +#if 0 {.name = "TLS1.3", .id = GNUTLS_TLS1_3, - .age = 4, + .age = 5, .major = 3, .minor = 4, .transport = GNUTLS_STREAM, .supported = 1, - .explicit_iv = 1, + .explicit_iv = 0, + .extensions = 1, + .selectable_sighash = 1, + .selectable_prf = 1, + .tls13_sem = 1, + .obsolete = 0, + .only_extension = 1, + .post_handshake_auth = 1, + .key_shares = 1, + .false_start = 0, /* doesn't make sense */ + .tls_sig_sem = 1 + }, +#else + {.name = "TLS1.3", + .id = GNUTLS_TLS1_3, + .age = 5, + .major = 0x7f, + .minor = 21, + .transport = GNUTLS_STREAM, + .supported = 1, + .explicit_iv = 0, .extensions = 1, .selectable_sighash = 1, .selectable_prf = 1, - .compact_hello = 1, + .tls13_sem = 1, .obsolete = 0, .only_extension = 1, .post_handshake_auth = 1, @@ -106,6 +127,7 @@ static const version_entry_st sup_versions[] = { .false_start = 0, /* doesn't make sense */ .tls_sig_sem = 1 }, +#endif {.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */ .id = GNUTLS_DTLS0_9, .age = 200, @@ -302,6 +324,7 @@ int _gnutls_write_supported_versions(gnutls_session_t session, uint8_t *buffer, at_least_one_new = 1; if (buffer_size > 2) { + _gnutls_debug_log("Advertizing version %x.%x\n", (int)p->major, (int)p->minor); buffer[0] = p->major; buffer[1] = p->minor; written_bytes += 2; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 8623ed0d2d..28b7cee671 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -527,7 +527,7 @@ typedef struct { /* if SSL3 is disabled this flag indicates that this protocol is a placeholder, * otherwise it prevents this protocol from being set as record version */ bool obsolete; - bool compact_hello; /* The TLS 1.3 client and server hello form */ + bool tls13_sem; /* The TLS 1.3 handshake semantics */ bool false_start; /* That version can be used with false start */ bool only_extension; /* negotiated only with an extension */ bool post_handshake_auth; /* Supports the TLS 1.3 post handshake auth */ diff --git a/lib/handshake.c b/lib/handshake.c index 234ab34725..e260aa5a20 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1528,7 +1528,7 @@ read_server_hello(gnutls_session_t session, pos += GNUTLS_RANDOM_SIZE; - if (!vers->compact_hello) { + if (!vers->tls13_sem) { /* Read session ID */ DECR_LEN(len, 1); @@ -1573,7 +1573,7 @@ read_server_hello(gnutls_session_t session, } pos += 2; - if (!vers->compact_hello) { + if (!vers->tls13_sem) { /* move to compression */ DECR_LEN(len, 1); @@ -1868,7 +1868,7 @@ static int send_server_hello(gnutls_session_t session, int again) goto fail; } - if (!vers->compact_hello) { + if (!vers->tls13_sem) { datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3 + extdata.length; } else { datalen = 2 + GNUTLS_RANDOM_SIZE + 2 + extdata.length; @@ -1891,7 +1891,7 @@ static int send_server_hello(gnutls_session_t session, int again) GNUTLS_RANDOM_SIZE); pos += GNUTLS_RANDOM_SIZE; - if (!vers->compact_hello) { + if (!vers->tls13_sem) { data[pos++] = session_id_len; if (session_id_len > 0) { memcpy(&data[pos], @@ -1911,7 +1911,7 @@ static int send_server_hello(gnutls_session_t session, int again) session->security_parameters.cs->id, 2); pos += 2; - if (!vers->compact_hello) { + if (!vers->tls13_sem) { data[pos++] = 0x00; } -- cgit v1.2.1