Merge pull request #1768 from SparkiDev/tls13_final

Use final TLS 1.3 version value by default.

configure.ac

@@ -266,7 +266,7 @@ AC_ARG_ENABLE([tls13-draft18],
     )
 if test "$ENABLED_TLS13_DRAFT18" = "yes"
 then
-  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS"
 fi
 
 
@@ -278,7 +278,7 @@ AC_ARG_ENABLE([tls13-draft22],
     )
 if test "$ENABLED_TLS13_DRAFT22" = "yes"
 then
-  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS"
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS"
 fi
 
 
@@ -290,7 +290,7 @@ AC_ARG_ENABLE([tls13-draft23],
     )
 if test "$ENABLED_TLS13_DRAFT23" = "yes"
 then
-  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS"
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS"
 fi
 
 
@@ -302,7 +302,19 @@ AC_ARG_ENABLE([tls13-draft26],
     )
 if test "$ENABLED_TLS13_DRAFT26" = "yes"
 then
-  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS"
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS"
+fi
+
+
+# TLS v1.3 Draft 28
+AC_ARG_ENABLE([tls13-draft28],
+    [AS_HELP_STRING([--enable-tls13-draft28],[Enable wolfSSL TLS v1.3 Draft 28 (default: disabled)])],
+    [ ENABLED_TLS13_DRAFT28=$enableval ],
+    [ ENABLED_TLS13_DRAFT28=no ]
+    )
+if test "$ENABLED_TLS13_DRAFT28" = "yes"
+then
+  AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT $AM_CFLAGS"
 fi
 
 
@@ -313,7 +325,7 @@ AC_ARG_ENABLE([tls13],
     [ ENABLED_TLS13=no ]
     )
 
-if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes"
+if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" || test "$ENABLED_TLS13_DRAFT28" = "yes"
 then
     ENABLED_TLS13="yes"
 fi
@@ -4572,6 +4584,7 @@ echo "   * TLS v1.3 Draft 18:          $ENABLED_TLS13_DRAFT18"
 echo "   * TLS v1.3 Draft 22:          $ENABLED_TLS13_DRAFT22"
 echo "   * TLS v1.3 Draft 23:          $ENABLED_TLS13_DRAFT23"
 echo "   * TLS v1.3 Draft 26:          $ENABLED_TLS13_DRAFT26"
+echo "   * TLS v1.3 Draft 28:          $ENABLED_TLS13_DRAFT28"
 echo "   * Post-handshake Auth:        $ENABLED_TLS13_POST_AUTH"
 echo "   * Early Data:                 $ENABLED_TLS13_EARLY_DATA"
 echo "   * Send State in HRR Cookie:   $ENABLED_SEND_HRR_COOKIE"

src/internal.c

@@ -16959,17 +16959,12 @@ exit_dpk:
      */
     int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv)
     {
-#ifdef WOLFSSL_TLS13
-    #ifndef WOLFSSL_TLS13_FINAL
-        /* TODO: [TLS13] Remove this.
-         * Translate the draft TLS v1.3 version to final version.
-         */
+    #ifdef WOLFSSL_TLS13_DRAFT
         if (pv.major == TLS_DRAFT_MAJOR) {
             pv.major = SSLv3_MAJOR;
             pv.minor = TLSv1_3_MINOR;
         }
     #endif
-#endif
 
         #ifdef OPENSSL_EXTRA
         if (ssl->CBIS != NULL) {

src/ssl.c

@@ -15544,8 +15544,7 @@ const char* wolfSSL_get_version(WOLFSSL* ssl)
                 return "TLSv1.2";
         #ifdef WOLFSSL_TLS13
             case TLSv1_3_MINOR :
-            /* TODO: [TLS13] Remove draft versions. */
-            #ifndef WOLFSSL_TLS13_FINAL
+            #ifdef WOLFSSL_TLS13_DRAFT
                 #ifdef WOLFSSL_TLS13_DRAFT_18
                     return "TLSv1.3 (Draft 18)";
                 #elif defined(WOLFSSL_TLS13_DRAFT_22)

src/tls.c

@@ -5233,8 +5233,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
 
         *(output++) = (byte)(cnt * OPAQUE16_LEN);
         for (i = 0; i < cnt; i++) {
-#ifndef WOLFSSL_TLS13_FINAL
-            /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
+#ifdef WOLFSSL_TLS13_DRAFT
             if (pv.minor - i == TLSv1_3_MINOR) {
                 /* The TLS draft major number. */
                 *(output++) = TLS_DRAFT_MAJOR;
@@ -5252,7 +5251,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output,
     }
 #ifndef WOLFSSL_TLS13_DRAFT_18
     else if (msgType == server_hello || msgType == hello_retry_request) {
-    #ifndef WOLFSSL_TLS13_FINAL
+    #ifdef WOLFSSL_TLS13_DRAFT
         if (ssl->version.major == SSLv3_MAJOR &&
                                           ssl->version.minor == TLSv1_3_MINOR) {
             output[0] = TLS_DRAFT_MAJOR;
@@ -5309,8 +5308,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
             major = input[i];
             minor = input[i + OPAQUE8_LEN];
 
-#ifndef WOLFSSL_TLS13_FINAL
-            /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
+#ifdef WOLFSSL_TLS13_DRAFT
             if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
                 major = SSLv3_MAJOR;
                 minor = TLSv1_3_MINOR;
@@ -5364,8 +5362,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input,
         major = input[0];
         minor = input[OPAQUE8_LEN];
 
-    #ifndef WOLFSSL_TLS13_FINAL
-        /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */
+    #ifdef WOLFSSL_TLS13_DRAFT
         if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) {
             major = SSLv3_MAJOR;
             minor = TLSv1_3_MINOR;

src/tls13.c

@@ -1416,6 +1416,7 @@ static void AddTls13RecordHeader(byte* output, word32 length, byte type,
 #ifdef WOLFSSL_TLS13_DRAFT_18
     rl->pvMinor = TLSv1_MINOR;
 #else
+    /* NOTE: May be TLSv1_MINOR when sending first ClientHello. */
     rl->pvMinor = TLSv1_2_MINOR;
 #endif
     c16toa((word16)length, rl->length);
@@ -3665,13 +3666,6 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
 
     idx += hashSz;
     hrrIdx = HANDSHAKE_HEADER_SZ;
-    /* TODO: [TLS13] Replace existing code with code in comment.
-     * Use the TLS v1.3 draft version for now.
-     *
-     * Change to:
-     * hrr[hrrIdx++] = ssl->version.major;
-     * hrr[hrrIdx++] = ssl->version.minor;
-     */
     /* The negotiated protocol version. */
     hrr[hrrIdx++] = TLS_DRAFT_MAJOR;
     hrr[hrrIdx++] = TLS_DRAFT_MINOR;
@@ -3730,13 +3724,12 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie)
     hrrIdx += 2;
     c16toa(OPAQUE16_LEN, hrr + hrrIdx);
     hrrIdx += 2;
-    /* TODO: [TLS13] Change to ssl->version.major and minor once final. */
-    #ifdef WOLFSSL_TLS13_FINAL
-        hrr[hrrIdx++] = ssl->version.major;
-        hrr[hrrIdx++] = ssl->version.minor;
-    #else
+    #ifdef WOLFSSL_TLS13_DRAFT
         hrr[hrrIdx++] = TLS_DRAFT_MAJOR;
         hrr[hrrIdx++] = TLS_DRAFT_MINOR;
+    #else
+        hrr[hrrIdx++] = ssl->version.major;
+        hrr[hrrIdx++] = ssl->version.minor;
     #endif
 #endif
     /* Mandatory Cookie Extension */
@@ -4074,13 +4067,6 @@ int SendTls13HelloRetryRequest(WOLFSSL* ssl)
     /* Add record and hanshake headers. */
     AddTls13Headers(output, length, hello_retry_request, ssl);
 
-    /* TODO: [TLS13] Replace existing code with code in comment.
-     * Use the TLS v1.3 draft version for now.
-     *
-     * Change to:
-     * output[idx++] = ssl->version.major;
-     * output[idx++] = ssl->version.minor;
-     */
     /* The negotiated protocol version. */
     output[idx++] = TLS_DRAFT_MAJOR;
     output[idx++] = TLS_DRAFT_MINOR;
@@ -4171,13 +4157,6 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType)
     AddTls13Headers(output, length, server_hello, ssl);
 
 #ifdef WOLFSSL_TLS13_DRAFT_18
-    /* TODO: [TLS13] Replace existing code with code in comment.
-     * Use the TLS v1.3 draft version for now.
-     *
-     * Change to:
-     * output[idx++] = ssl->version.major;
-     * output[idx++] = ssl->version.minor;
-     */
     /* The negotiated protocol version. */
     output[idx++] = TLS_DRAFT_MAJOR;
     output[idx++] = TLS_DRAFT_MINOR;

wolfssl/internal.h

@@ -1138,7 +1138,7 @@ enum Misc {
     TLSv1_1_MINOR   = 2,        /* TLSv1_1 minor version number */
     TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
     TLSv1_3_MINOR   = 4,        /* TLSv1_3 minor version number */
-#ifndef WOLFSSL_TLS13_FINAL
+#ifdef WOLFSSL_TLS13_DRAFT
     TLS_DRAFT_MAJOR = 0x7f,     /* Draft TLS major version number */
 #ifdef WOLFSSL_TLS13_DRAFT_18
     TLS_DRAFT_MINOR = 0x12,     /* Minor version number of TLS draft */