diff --git a/configure.ac b/configure.ac index 3ceb2df2e..c2da7e6d6 100644 --- a/configure.ac +++ b/configure.ac @@ -266,7 +266,7 @@ AC_ARG_ENABLE([tls13-draft18], ) if test "$ENABLED_TLS13_DRAFT18" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_18 $AM_CFLAGS" fi @@ -278,7 +278,7 @@ AC_ARG_ENABLE([tls13-draft22], ) if test "$ENABLED_TLS13_DRAFT22" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_22 $AM_CFLAGS" fi @@ -290,7 +290,7 @@ AC_ARG_ENABLE([tls13-draft23], ) if test "$ENABLED_TLS13_DRAFT23" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_23 $AM_CFLAGS" fi @@ -302,7 +302,19 @@ AC_ARG_ENABLE([tls13-draft26], ) if test "$ENABLED_TLS13_DRAFT26" = "yes" then - AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS" + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT -DWOLFSSL_TLS13_DRAFT_26 $AM_CFLAGS" +fi + + +# TLS v1.3 Draft 28 +AC_ARG_ENABLE([tls13-draft28], + [AS_HELP_STRING([--enable-tls13-draft28],[Enable wolfSSL TLS v1.3 Draft 28 (default: disabled)])], + [ ENABLED_TLS13_DRAFT28=$enableval ], + [ ENABLED_TLS13_DRAFT28=no ] + ) +if test "$ENABLED_TLS13_DRAFT28" = "yes" +then + AM_CFLAGS="-DWOLFSSL_TLS13_DRAFT $AM_CFLAGS" fi @@ -313,7 +325,7 @@ AC_ARG_ENABLE([tls13], [ ENABLED_TLS13=no ] ) -if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" +if test "$ENABLED_TLS13_DRAFT18" = "yes" || test "$ENABLED_TLS13_DRAFT22" = "yes" || test "$ENABLED_TLS13_DRAFT23" = "yes" || test "$ENABLED_TLS13_DRAFT26" = "yes" || test "$ENABLED_TLS13_DRAFT28" = "yes" then ENABLED_TLS13="yes" fi @@ -4572,6 +4584,7 @@ echo " * TLS v1.3 Draft 18: $ENABLED_TLS13_DRAFT18" echo " * TLS v1.3 Draft 22: $ENABLED_TLS13_DRAFT22" echo " * TLS v1.3 Draft 23: $ENABLED_TLS13_DRAFT23" echo " * TLS v1.3 Draft 26: $ENABLED_TLS13_DRAFT26" +echo " * TLS v1.3 Draft 28: $ENABLED_TLS13_DRAFT28" echo " * Post-handshake Auth: $ENABLED_TLS13_POST_AUTH" echo " * Early Data: $ENABLED_TLS13_EARLY_DATA" echo " * Send State in HRR Cookie: $ENABLED_SEND_HRR_COOKIE" diff --git a/src/internal.c b/src/internal.c index ff46899e8..a5d8be466 100644 --- a/src/internal.c +++ b/src/internal.c @@ -16959,17 +16959,12 @@ exit_dpk: */ int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv) { -#ifdef WOLFSSL_TLS13 - #ifndef WOLFSSL_TLS13_FINAL - /* TODO: [TLS13] Remove this. - * Translate the draft TLS v1.3 version to final version. - */ + #ifdef WOLFSSL_TLS13_DRAFT if (pv.major == TLS_DRAFT_MAJOR) { pv.major = SSLv3_MAJOR; pv.minor = TLSv1_3_MINOR; } #endif -#endif #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { diff --git a/src/ssl.c b/src/ssl.c index f1dc89c4e..0aa2dc6f3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15544,8 +15544,7 @@ const char* wolfSSL_get_version(WOLFSSL* ssl) return "TLSv1.2"; #ifdef WOLFSSL_TLS13 case TLSv1_3_MINOR : - /* TODO: [TLS13] Remove draft versions. */ - #ifndef WOLFSSL_TLS13_FINAL + #ifdef WOLFSSL_TLS13_DRAFT #ifdef WOLFSSL_TLS13_DRAFT_18 return "TLSv1.3 (Draft 18)"; #elif defined(WOLFSSL_TLS13_DRAFT_22) diff --git a/src/tls.c b/src/tls.c index 3d037af10..185cb0cef 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5233,8 +5233,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, *(output++) = (byte)(cnt * OPAQUE16_LEN); for (i = 0; i < cnt; i++) { -#ifndef WOLFSSL_TLS13_FINAL - /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ +#ifdef WOLFSSL_TLS13_DRAFT if (pv.minor - i == TLSv1_3_MINOR) { /* The TLS draft major number. */ *(output++) = TLS_DRAFT_MAJOR; @@ -5252,7 +5251,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, } #ifndef WOLFSSL_TLS13_DRAFT_18 else if (msgType == server_hello || msgType == hello_retry_request) { - #ifndef WOLFSSL_TLS13_FINAL + #ifdef WOLFSSL_TLS13_DRAFT if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor == TLSv1_3_MINOR) { output[0] = TLS_DRAFT_MAJOR; @@ -5309,8 +5308,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, major = input[i]; minor = input[i + OPAQUE8_LEN]; -#ifndef WOLFSSL_TLS13_FINAL - /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ +#ifdef WOLFSSL_TLS13_DRAFT if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { major = SSLv3_MAJOR; minor = TLSv1_3_MINOR; @@ -5364,8 +5362,7 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL* ssl, byte* input, major = input[0]; minor = input[OPAQUE8_LEN]; - #ifndef WOLFSSL_TLS13_FINAL - /* TODO: [TLS13] Remove code when TLS v1.3 becomes an RFC. */ + #ifdef WOLFSSL_TLS13_DRAFT if (major == TLS_DRAFT_MAJOR && minor == TLS_DRAFT_MINOR) { major = SSLv3_MAJOR; minor = TLSv1_3_MINOR; diff --git a/src/tls13.c b/src/tls13.c index eab07a241..37963a453 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1416,6 +1416,7 @@ static void AddTls13RecordHeader(byte* output, word32 length, byte type, #ifdef WOLFSSL_TLS13_DRAFT_18 rl->pvMinor = TLSv1_MINOR; #else + /* NOTE: May be TLSv1_MINOR when sending first ClientHello. */ rl->pvMinor = TLSv1_2_MINOR; #endif c16toa((word16)length, rl->length); @@ -3665,13 +3666,6 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) idx += hashSz; hrrIdx = HANDSHAKE_HEADER_SZ; - /* TODO: [TLS13] Replace existing code with code in comment. - * Use the TLS v1.3 draft version for now. - * - * Change to: - * hrr[hrrIdx++] = ssl->version.major; - * hrr[hrrIdx++] = ssl->version.minor; - */ /* The negotiated protocol version. */ hrr[hrrIdx++] = TLS_DRAFT_MAJOR; hrr[hrrIdx++] = TLS_DRAFT_MINOR; @@ -3730,13 +3724,12 @@ static int RestartHandshakeHashWithCookie(WOLFSSL* ssl, Cookie* cookie) hrrIdx += 2; c16toa(OPAQUE16_LEN, hrr + hrrIdx); hrrIdx += 2; - /* TODO: [TLS13] Change to ssl->version.major and minor once final. */ - #ifdef WOLFSSL_TLS13_FINAL - hrr[hrrIdx++] = ssl->version.major; - hrr[hrrIdx++] = ssl->version.minor; - #else + #ifdef WOLFSSL_TLS13_DRAFT hrr[hrrIdx++] = TLS_DRAFT_MAJOR; hrr[hrrIdx++] = TLS_DRAFT_MINOR; + #else + hrr[hrrIdx++] = ssl->version.major; + hrr[hrrIdx++] = ssl->version.minor; #endif #endif /* Mandatory Cookie Extension */ @@ -4074,13 +4067,6 @@ int SendTls13HelloRetryRequest(WOLFSSL* ssl) /* Add record and hanshake headers. */ AddTls13Headers(output, length, hello_retry_request, ssl); - /* TODO: [TLS13] Replace existing code with code in comment. - * Use the TLS v1.3 draft version for now. - * - * Change to: - * output[idx++] = ssl->version.major; - * output[idx++] = ssl->version.minor; - */ /* The negotiated protocol version. */ output[idx++] = TLS_DRAFT_MAJOR; output[idx++] = TLS_DRAFT_MINOR; @@ -4171,13 +4157,6 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) AddTls13Headers(output, length, server_hello, ssl); #ifdef WOLFSSL_TLS13_DRAFT_18 - /* TODO: [TLS13] Replace existing code with code in comment. - * Use the TLS v1.3 draft version for now. - * - * Change to: - * output[idx++] = ssl->version.major; - * output[idx++] = ssl->version.minor; - */ /* The negotiated protocol version. */ output[idx++] = TLS_DRAFT_MAJOR; output[idx++] = TLS_DRAFT_MINOR; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 44a0641dd..4bb3319a5 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1138,7 +1138,7 @@ enum Misc { TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */ TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */ TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */ -#ifndef WOLFSSL_TLS13_FINAL +#ifdef WOLFSSL_TLS13_DRAFT TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */ #ifdef WOLFSSL_TLS13_DRAFT_18 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */