diff options
author | Martin Thomson <martin.thomson@gmail.com> | 2018-01-04 11:35:03 +1100 |
---|---|---|
committer | Martin Thomson <martin.thomson@gmail.com> | 2018-01-04 11:35:03 +1100 |
commit | 8775dd62337b1d4f08896986244fa9de3bf7f0ea (patch) | |
tree | b133d897df7819e05b2e0f0135094384430e43ae | |
parent | a2e2392b1d3724ed27ad686ef6761bc932c87a05 (diff) | |
download | nss-hg-8775dd62337b1d4f08896986244fa9de3bf7f0ea.tar.gz |
Bug 1427921 - Update to TLS 1.3 draft-23, r=ekr
-rw-r--r-- | gtests/ssl_gtest/ssl_agent_unittest.cc | 4 | ||||
-rw-r--r-- | gtests/ssl_gtest/ssl_custext_unittest.cc | 1 | ||||
-rw-r--r-- | lib/ssl/ssl3prot.h | 2 | ||||
-rw-r--r-- | lib/ssl/sslt.h | 6 | ||||
-rw-r--r-- | lib/ssl/tls13con.c | 2 |
5 files changed, 10 insertions, 5 deletions
diff --git a/gtests/ssl_gtest/ssl_agent_unittest.cc b/gtests/ssl_gtest/ssl_agent_unittest.cc index d703e8e78..0aa9a4c78 100644 --- a/gtests/ssl_gtest/ssl_agent_unittest.cc +++ b/gtests/ssl_gtest/ssl_agent_unittest.cc @@ -31,7 +31,7 @@ const static uint8_t kCannedTls13ClientHello[] = { 0x00, 0x00, 0xa0, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x09, 0x00, 0x00, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x12, 0x00, 0x10, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x01, - 0x00, 0x01, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04, 0x00, 0x28, 0x00, + 0x00, 0x01, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04, 0x00, 0x33, 0x00, 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x86, 0x4a, 0xb9, 0xdc, 0x6a, 0x38, 0xa7, 0xce, 0xe7, 0xc2, 0x4f, 0xa6, 0x28, 0xb9, 0xdc, 0x65, 0xbf, 0x73, 0x47, 0x3c, 0x9c, 0x65, 0x8c, 0x47, 0x6d, 0x57, 0x22, 0x8a, @@ -47,7 +47,7 @@ const static uint8_t kCannedTls13ServerHello[] = { 0x03, 0x03, 0x9c, 0xbc, 0x14, 0x9b, 0x0e, 0x2e, 0xfa, 0x0d, 0xf3, 0xf0, 0x5c, 0x70, 0x7a, 0xe0, 0xd1, 0x9b, 0x3e, 0x5a, 0x44, 0x6b, 0xdf, 0xe5, 0xc2, 0x28, 0x64, 0xf7, 0x00, 0xc1, 0x9c, 0x08, 0x76, - 0x08, 0x00, 0x13, 0x01, 0x00, 0x00, 0x2e, 0x00, 0x28, 0x00, 0x24, + 0x08, 0x00, 0x13, 0x01, 0x00, 0x00, 0x2e, 0x00, 0x33, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xc2, 0xcf, 0x23, 0x17, 0x64, 0x23, 0x03, 0xf0, 0xfb, 0x45, 0x98, 0x26, 0xd1, 0x65, 0x24, 0xa1, 0x6c, 0xa9, 0x80, 0x8f, 0x2c, 0xac, 0x0a, 0xea, 0x53, 0x3a, 0xcb, 0xe3, 0x08, diff --git a/gtests/ssl_gtest/ssl_custext_unittest.cc b/gtests/ssl_gtest/ssl_custext_unittest.cc index 4a7769cea..dad944a1f 100644 --- a/gtests/ssl_gtest/ssl_custext_unittest.cc +++ b/gtests/ssl_gtest/ssl_custext_unittest.cc @@ -50,6 +50,7 @@ static const uint16_t kManyExtensions[] = { ssl_supported_groups_xtn, ssl_ec_point_formats_xtn, ssl_signature_algorithms_xtn, + ssl_signature_algorithms_cert_xtn, ssl_use_srtp_xtn, ssl_app_layer_protocol_xtn, ssl_signed_cert_timestamp_xtn, diff --git a/lib/ssl/ssl3prot.h b/lib/ssl/ssl3prot.h index 6d27dfd7c..d1f46db97 100644 --- a/lib/ssl/ssl3prot.h +++ b/lib/ssl/ssl3prot.h @@ -16,7 +16,7 @@ typedef PRUint16 SSL3ProtocolVersion; /* The TLS 1.3 draft version. Used to avoid negotiating * between incompatible pre-standard TLS 1.3 drafts. * TODO(ekr@rtfm.com): Remove when TLS 1.3 is published. */ -#define TLS_1_3_DRAFT_VERSION 22 +#define TLS_1_3_DRAFT_VERSION 23 typedef PRUint16 ssl3CipherSuite; /* The cipher suites are defined in sslproto.h */ diff --git a/lib/ssl/sslt.h b/lib/ssl/sslt.h index 177d24f7a..ce8f6e281 100644 --- a/lib/ssl/sslt.h +++ b/lib/ssl/sslt.h @@ -425,7 +425,7 @@ typedef enum { ssl_padding_xtn = 21, ssl_extended_master_secret_xtn = 23, ssl_session_ticket_xtn = 35, - ssl_tls13_key_share_xtn = 40, + /* 40 was used in draft versions of TLS 1.3; it is now reserved. */ ssl_tls13_pre_shared_key_xtn = 41, ssl_tls13_early_data_xtn = 42, ssl_tls13_supported_versions_xtn = 43, @@ -433,6 +433,8 @@ typedef enum { ssl_tls13_psk_key_exchange_modes_xtn = 45, ssl_tls13_ticket_early_data_info_xtn = 46, /* Deprecated. */ ssl_tls13_certificate_authorities_xtn = 47, + ssl_signature_algorithms_cert_xtn = 50, + ssl_tls13_key_share_xtn = 51, ssl_next_proto_nego_xtn = 13172, /* Deprecated. */ ssl_renegotiation_info_xtn = 0xff01, ssl_tls13_short_header_xtn = 0xff03 /* Deprecated. */ @@ -444,7 +446,7 @@ typedef enum { /* SSL_MAX_EXTENSIONS includes the maximum number of extensions that are * supported for any single message type. That is, a ClientHello; ServerHello * and TLS 1.3 NewSessionTicket and HelloRetryRequest extensions have fewer. */ -#define SSL_MAX_EXTENSIONS 19 +#define SSL_MAX_EXTENSIONS 20 /* Deprecated */ typedef enum { diff --git a/lib/ssl/tls13con.c b/lib/ssl/tls13con.c index 23082fdbf..1fecaf3f8 100644 --- a/lib/ssl/tls13con.c +++ b/lib/ssl/tls13con.c @@ -4725,6 +4725,8 @@ static const struct { { ssl_server_name_xtn, _M2(client_hello, encrypted_extensions) }, { ssl_supported_groups_xtn, _M2(client_hello, encrypted_extensions) }, { ssl_signature_algorithms_xtn, _M2(client_hello, certificate_request) }, + { ssl_signature_algorithms_cert_xtn, _M2(client_hello, + certificate_request) }, { ssl_use_srtp_xtn, _M2(client_hello, encrypted_extensions) }, { ssl_app_layer_protocol_xtn, _M2(client_hello, encrypted_extensions) }, { ssl_padding_xtn, _M1(client_hello) }, |