Add the SSL_METHOD for TLSv1.3 and all other base changes required Includes addition of the various options to s_server/s_client. Also adds one of the new TLS1.3 ciphersuites. This isn't "real" TLS1.3!! It's identical to TLS1.2 apart from the protocol and the ciphersuite...and the ciphersuite is just a renamed TLS1.2 one (not a "real" TLS1.3 ciphersuite). Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/ssl/methods.c b/ssl/methods.c index c846143..f0926b7 100644 --- a/ssl/methods.c +++ b/ssl/methods.c
@@ -19,6 +19,12 @@ TLS_method, ossl_statem_accept, ossl_statem_connect, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_method, + ossl_statem_accept, + ossl_statem_connect, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_method, @@ -46,6 +52,12 @@ TLS_server_method, ossl_statem_accept, ssl_undefined_function, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_server_method, + ossl_statem_accept, + ssl_undefined_function, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_server_method, @@ -75,6 +87,12 @@ TLS_client_method, ssl_undefined_function, ossl_statem_connect, TLSv1_2_enc_data) +#ifndef OPENSSL_NO_TLS1_3_METHOD +IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3, + tlsv1_3_client_method, + ssl_undefined_function, + ossl_statem_connect, TLSv1_3_enc_data) +#endif #ifndef OPENSSL_NO_TLS1_2_METHOD IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2, tlsv1_2_client_method,
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index d19b97a..ffdb454 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -834,6 +834,21 @@ 256, 256, }, + { + 1, + TLS1_3_TXT_AES_128_GCM_SHA256, + TLS1_3_CK_AES_128_GCM_SHA256, + SSL_kRSA, + SSL_aRSA, + SSL_AES128GCM, + SSL_AEAD, + TLS1_3_VERSION, TLS1_3_VERSION, + 0, 0, + SSL_HIGH, + SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, + 128, + 128, + }, #ifndef OPENSSL_NO_EC {
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 3957946..63687b5 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c
@@ -257,6 +257,7 @@ SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1), SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2), + SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3), SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1), SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2) }; @@ -282,6 +283,7 @@ {"TLSv1", TLS1_VERSION}, {"TLSv1.1", TLS1_1_VERSION}, {"TLSv1.2", TLS1_2_VERSION}, + {"TLSv1.3", TLS1_3_VERSION}, {"DTLSv1", DTLS1_VERSION}, {"DTLSv1.2", DTLS1_2_VERSION} }; @@ -526,6 +528,7 @@ SSL_CONF_CMD_SWITCH("no_tls1", 0), SSL_CONF_CMD_SWITCH("no_tls1_1", 0), SSL_CONF_CMD_SWITCH("no_tls1_2", 0), + SSL_CONF_CMD_SWITCH("no_tls1_3", 0), SSL_CONF_CMD_SWITCH("bugs", 0), SSL_CONF_CMD_SWITCH("no_comp", 0), SSL_CONF_CMD_SWITCH("comp", 0), @@ -583,6 +586,7 @@ {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */ {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ + {SSL_OP_NO_TLSv1_3, 0}, /* no_tls1_3 */ {SSL_OP_ALL, 0}, /* bugs */ {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8bf872b..84dd393 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -3072,7 +3072,9 @@ const char *ssl_protocol_to_string(int version) { - if (version == TLS1_2_VERSION) + if (version == TLS1_3_VERSION) + return "TLSv1.3"; + else if (version == TLS1_2_VERSION) return "TLSv1.2"; else if (version == TLS1_1_VERSION) return "TLSv1.1";
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 8a7e1a9..d5a6fe2 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -1641,6 +1641,9 @@ __owur const SSL_METHOD *tlsv1_2_method(void); __owur const SSL_METHOD *tlsv1_2_server_method(void); __owur const SSL_METHOD *tlsv1_2_client_method(void); +__owur const SSL_METHOD *tlsv1_3_method(void); +__owur const SSL_METHOD *tlsv1_3_server_method(void); +__owur const SSL_METHOD *tlsv1_3_client_method(void); __owur const SSL_METHOD *dtlsv1_method(void); __owur const SSL_METHOD *dtlsv1_server_method(void); __owur const SSL_METHOD *dtlsv1_client_method(void); @@ -1652,6 +1655,7 @@ extern const SSL3_ENC_METHOD TLSv1_enc_data; extern const SSL3_ENC_METHOD TLSv1_1_enc_data; extern const SSL3_ENC_METHOD TLSv1_2_enc_data; +extern const SSL3_ENC_METHOD TLSv1_3_enc_data; extern const SSL3_ENC_METHOD SSLv3_enc_data; extern const SSL3_ENC_METHOD DTLSv1_enc_data; extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index eee1ca1..e0ec918 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c
@@ -320,6 +320,9 @@ } else if (s->version == TLS1_2_VERSION) { ss->ssl_version = TLS1_2_VERSION; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; + } else if (s->version == TLS1_3_VERSION) { + ss->ssl_version = TLS1_3_VERSION; + ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; } else if (s->version == DTLS1_BAD_VER) { ss->ssl_version = DTLS1_BAD_VER; ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index c185d7c..a3d8d1e 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c
@@ -647,11 +647,16 @@ const SSL_METHOD *(*smeth) (void); } version_info; -#if TLS_MAX_VERSION != TLS1_2_VERSION -# error Code needs update for TLS_method() support beyond TLS1_2_VERSION. +#if TLS_MAX_VERSION != TLS1_3_VERSION +# error Code needs update for TLS_method() support beyond TLS1_3_VERSION. #endif static const version_info tls_version_table[] = { +#ifndef OPENSSL_NO_TLS1_3 + {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method}, +#else + {TLS1_3_VERSION, NULL, NULL}, +#endif #ifndef OPENSSL_NO_TLS1_2 {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method}, #else
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 87ebbf3..e19f93d 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -84,6 +84,26 @@ ssl3_handshake_write }; +SSL3_ENC_METHOD const TLSv1_3_enc_data = { + tls1_enc, + tls1_mac, + tls1_setup_key_block, + tls1_generate_master_secret, + tls1_change_cipher_state, + tls1_final_finish_mac, + TLS1_FINISH_MAC_LENGTH, + TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE, + TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE, + tls1_alert_code, + tls1_export_keying_material, + SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF + | SSL_ENC_FLAG_TLS1_2_CIPHERS, + SSL3_HM_HEADER_LENGTH, + ssl3_set_handshake_header, + tls_close_construct_packet, + ssl3_handshake_write +}; + long tls1_default_timeout(void) { /*
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 4577f03..ab5d2da 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c
@@ -61,6 +61,7 @@ {TLS1_VERSION, "TLS 1.0"}, {TLS1_1_VERSION, "TLS 1.1"}, {TLS1_2_VERSION, "TLS 1.2"}, + {TLS1_3_VERSION, "TLS 1.3"}, {DTLS1_VERSION, "DTLS 1.0"}, {DTLS1_2_VERSION, "DTLS 1.2"}, {DTLS1_BAD_VER, "DTLS 1.0 (bad)"} @@ -422,6 +423,7 @@ {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305"}, {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305"}, {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305"}, + {0x0D01, "TLS_AES_128_GCM_SHA256"}, {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"}, {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"}, };