Fix some missing checks for TLS1_3_VERSION_DRAFT

There were a few places where we weren't checking to see if we were using the draft TLS1.3 version or not. Reviewed-by: N Rich Salz <rsalz@openssl.org>

Fix some missing checks for TLS1_3_VERSION_DRAFT
There were a few places where we weren't checking to see if we were using the draft TLS1.3 version or not. Reviewed-by: N Rich Salz <rsalz@openssl.org>
b97667ce · Matt Caswell · 54682aa3 · b97667ce · b97667ce · b97667ce
Showing with 11 addition and 2 deletion

include/openssl/tls1.h include/openssl/tls1.h +1 -0

ssl/statem/statem_lib.c ssl/statem/statem_lib.c +4 -0

ssl/statem/statem_srvr.c ssl/statem/statem_srvr.c +3 -1

ssl/t1_trce.c ssl/t1_trce.c +3 -1

未找到文件。
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -70,6 +70,7 @@ extern "C" {

 /* TODO(TLS1.3) REMOVE ME: Version indicator for draft -18 */
 # define TLS1_3_VERSION_DRAFT            0x7f12
+# define TLS1_3_VERSION_DRAFT_TXT        "TLS 1.3 (draft 18)"

 /* Special value for method supporting multiple versions */
 # define TLS_ANY_VERSION                 0x10000

--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1118,6 +1118,10 @@ int ssl_choose_client_version(SSL *s, int version)
    const version_info *vent;
    const version_info *table;

+    /* TODO(TLS1.3): Remove this before release */
+    if (version == TLS1_3_VERSION_DRAFT)
+        version = TLS1_3_VERSION;
+
    switch (s->method->version) {
    default:
        if (version != s->version)

--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1547,7 +1547,9 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
    int compm, al = SSL_AD_INTERNAL_ERROR;
    size_t sl, len;

-    if (!WPACKET_put_bytes_u16(pkt, s->version)
+    /* TODO(TLS1.3): Remove the DRAFT conditional before release */
+    if (!WPACKET_put_bytes_u16(pkt, (s->version == TLS1_3_VERSION)
+                                    ? TLS1_3_VERSION_DRAFT : s->version)
               /*
                * Random stuff. Filling of the server_random takes place in
                * tls_process_client_hello()

--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -62,6 +62,8 @@ static ssl_trace_tbl ssl_version_tbl[] = {
    {TLS1_1_VERSION, "TLS 1.1"},
    {TLS1_2_VERSION, "TLS 1.2"},
    {TLS1_3_VERSION, "TLS 1.3"},
+    /* TODO(TLS1.3): Remove this line before release */
+    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT},
    {DTLS1_VERSION, "DTLS 1.0"},
    {DTLS1_2_VERSION, "DTLS 1.2"},
    {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
@@ -571,7 +573,7 @@ static ssl_trace_tbl ssl_supp_versions_tbl[] = {
    {TLS1_1_VERSION, "TLSv1.1"},
    {TLS1_2_VERSION, "TLSv1.2"},
    {TLS1_3_VERSION, "TLSv1.3"},
-    {TLS1_3_VERSION_DRAFT, "TLSv1.3 draft 18"}
+    {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT}
 };

 static void ssl_print_hex(BIO *bio, int indent, const char *name,