Change-Id: I84abfedc30e4c34e42285f3c366c2f504a3b9cf2 Reviewed-on: https://boringssl-review.googlesource.com/c/34144 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>kris/onging/CECPQ3_patch15
@@ -619,9 +619,6 @@ OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl); | |||
#define DTLS1_VERSION 0xfeff | |||
#define DTLS1_2_VERSION 0xfefd | |||
#define TLS1_3_DRAFT23_VERSION 0x7f17 | |||
#define TLS1_3_DRAFT28_VERSION 0x7f1c | |||
// SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to | |||
// |version|. If |version| is zero, the default minimum version is used. It | |||
// returns one on success and zero if |version| is invalid. | |||
@@ -3518,28 +3515,6 @@ OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl); | |||
// performed by |ssl|. This includes the pending renegotiation, if any. | |||
OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl); | |||
// tls13_variant_t determines what TLS 1.3 variant to negotiate. | |||
enum tls13_variant_t { | |||
tls13_rfc = 0, | |||
tls13_draft23, | |||
tls13_draft28, | |||
// tls13_all enables all variants of TLS 1.3, to keep the transition smooth as | |||
// early adopters move to the final version. | |||
tls13_all, | |||
}; | |||
// SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the | |||
// server, if |variant| is not |tls13_default|, all variants are enabled. On the | |||
// client, only the configured variant is enabled. | |||
OPENSSL_EXPORT void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, | |||
enum tls13_variant_t variant); | |||
// SSL_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the | |||
// server, if |variant| is not |tls13_default|, all variants are enabled. On the | |||
// client, only the configured variant is enabled. | |||
OPENSSL_EXPORT void SSL_set_tls13_variant(SSL *ssl, | |||
enum tls13_variant_t variant); | |||
// SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer | |||
// certificate chain. | |||
#define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100) | |||
@@ -416,8 +416,6 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) { | |||
return ssl_hs_error; | |||
} | |||
// Initialize a random session ID for the experimental TLS 1.3 variant | |||
// requiring a session id. | |||
if (ssl->session != nullptr && | |||
!ssl->s3->initial_handshake_complete && | |||
ssl->session->session_id_length > 0) { | |||
@@ -425,6 +423,7 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) { | |||
OPENSSL_memcpy(hs->session_id, ssl->session->session_id, | |||
hs->session_id_len); | |||
} else if (hs->max_version >= TLS1_3_VERSION) { | |||
// Initialize a random session ID. | |||
hs->session_id_len = sizeof(hs->session_id); | |||
if (!RAND_bytes(hs->session_id, hs->session_id_len)) { | |||
return ssl_hs_error; | |||
@@ -359,8 +359,7 @@ OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out); | |||
// Protocol versions. | |||
// | |||
// Due to DTLS's historical wire version differences and to support multiple | |||
// variants of the same protocol during development, we maintain two notions of | |||
// Due to DTLS's historical wire version differences, we maintain two notions of | |||
// version. | |||
// | |||
// The "version" or "wire version" is the actual 16-bit value that appears on | |||
@@ -369,9 +368,8 @@ OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out); | |||
// versions are opaque values and may not be compared numerically. | |||
// | |||
// The "protocol version" identifies the high-level handshake variant being | |||
// used. DTLS versions map to the corresponding TLS versions. Draft TLS 1.3 | |||
// variants all map to TLS 1.3. Protocol versions are sequential and may be | |||
// compared numerically. | |||
// used. DTLS versions map to the corresponding TLS versions. Protocol versions | |||
// are sequential and may be compared numerically. | |||
// ssl_protocol_version_from_wire sets |*out| to the protocol version | |||
// corresponding to wire version |version| and returns true. If |version| is not | |||
@@ -408,10 +406,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, | |||
// call this function before the version is determined. | |||
uint16_t ssl_protocol_version(const SSL *ssl); | |||
// ssl_is_draft28 returns whether the version corresponds to a draft28 TLS 1.3 | |||
// variant. | |||
bool ssl_is_draft28(uint16_t version); | |||
// Cipher suites. | |||
BSSL_NAMESPACE_END | |||
@@ -785,8 +779,6 @@ class SSLAEADContext { | |||
// omit_length_in_ad_ is true if the length should be omitted in the | |||
// AEAD's ad parameter. | |||
bool omit_length_in_ad_ : 1; | |||
// omit_ad_ is true if the AEAD's ad parameter should be omitted. | |||
bool omit_ad_ : 1; | |||
// ad_is_header_ is true if the AEAD's ad parameter is the record header. | |||
bool ad_is_header_ : 1; | |||
}; | |||
@@ -1613,8 +1605,7 @@ struct SSL_HANDSHAKE { | |||
// record layer. | |||
uint16_t early_data_written = 0; | |||
// session_id is the session ID in the ClientHello, used for the experimental | |||
// TLS 1.3 variant. | |||
// session_id is the session ID in the ClientHello. | |||
uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0}; | |||
uint8_t session_id_len = 0; | |||
@@ -2834,10 +2825,6 @@ struct ssl_ctx_st { | |||
// quic_method is the method table corresponding to the QUIC hooks. | |||
const SSL_QUIC_METHOD *quic_method = nullptr; | |||
// tls13_variant is the variant of TLS 1.3 we are using for this | |||
// configuration. | |||
tls13_variant_t tls13_variant = tls13_rfc; | |||
bssl::UniquePtr<bssl::SSLCipherPreferenceList> cipher_list; | |||
X509_STORE *cert_store = nullptr; | |||
@@ -3163,10 +3150,6 @@ struct ssl_st { | |||
// second. | |||
unsigned initial_timeout_duration_ms = 1000; | |||
// tls13_variant is the variant of TLS 1.3 we are using for this | |||
// configuration. | |||
tls13_variant_t tls13_variant = tls13_rfc; | |||
// session is the configured session to be offered by the client. This session | |||
// is immutable. | |||
bssl::UniquePtr<SSL_SESSION> session; | |||
@@ -188,14 +188,12 @@ bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg) { | |||
// unnecessary encryption overhead, notably in TLS 1.3 where we send several | |||
// encrypted messages in a row. For now, we do not do this for the null | |||
// cipher. The benefit is smaller and there is a risk of breaking buggy | |||
// implementations. Additionally, we tie this to draft-28 as a sanity check, | |||
// on the off chance middleboxes have fixated on sizes. | |||
// implementations. | |||
// | |||
// TODO(davidben): See if we can do this uniformly. | |||
Span<const uint8_t> rest = msg; | |||
if (ssl->ctx->quic_method == nullptr && | |||
(ssl->s3->aead_write_ctx->is_null_cipher() || | |||
ssl->version == TLS1_3_DRAFT23_VERSION)) { | |||
ssl->s3->aead_write_ctx->is_null_cipher()) { | |||
while (!rest.empty()) { | |||
Span<const uint8_t> chunk = rest.subspan(0, ssl->max_send_fragment); | |||
rest = rest.subspan(chunk.size()); | |||
@@ -42,7 +42,6 @@ SSLAEADContext::SSLAEADContext(uint16_t version_arg, bool is_dtls_arg, | |||
random_variable_nonce_(false), | |||
xor_fixed_nonce_(false), | |||
omit_length_in_ad_(false), | |||
omit_ad_(false), | |||
ad_is_header_(false) { | |||
OPENSSL_memset(fixed_nonce_, 0, sizeof(fixed_nonce_)); | |||
} | |||
@@ -134,11 +133,7 @@ UniquePtr<SSLAEADContext> SSLAEADContext::Create( | |||
aead_ctx->xor_fixed_nonce_ = true; | |||
aead_ctx->variable_nonce_len_ = 8; | |||
aead_ctx->variable_nonce_included_in_record_ = false; | |||
if (ssl_is_draft28(version)) { | |||
aead_ctx->ad_is_header_ = true; | |||
} else { | |||
aead_ctx->omit_ad_ = true; | |||
} | |||
aead_ctx->ad_is_header_ = true; | |||
assert(fixed_iv.size() >= aead_ctx->variable_nonce_len_); | |||
} | |||
} else { | |||
@@ -231,10 +226,6 @@ Span<const uint8_t> SSLAEADContext::GetAdditionalData( | |||
return header; | |||
} | |||
if (omit_ad_) { | |||
return {}; | |||
} | |||
OPENSSL_memcpy(storage, seqnum, 8); | |||
size_t len = 8; | |||
storage[len++] = type; | |||
@@ -640,7 +640,6 @@ ssl_st::ssl_st(SSL_CTX *ctx_arg) | |||
max_send_fragment(ctx_arg->max_send_fragment), | |||
msg_callback(ctx_arg->msg_callback), | |||
msg_callback_arg(ctx_arg->msg_callback_arg), | |||
tls13_variant(ctx_arg->tls13_variant), | |||
ctx(UpRef(ctx_arg)), | |||
session_ctx(UpRef(ctx_arg)), | |||
options(ctx->options), | |||
@@ -1261,14 +1260,6 @@ void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) { | |||
ctx->enable_early_data = !!enabled; | |||
} | |||
void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) { | |||
ctx->tls13_variant = variant; | |||
} | |||
void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) { | |||
ssl->tls13_variant = variant; | |||
} | |||
void SSL_set_early_data_enabled(SSL *ssl, int enabled) { | |||
ssl->enable_early_data = !!enabled; | |||
} | |||
@@ -2628,11 +2628,6 @@ TEST(SSLTest, SetVersion) { | |||
// SSL 3.0 is not available. | |||
EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION)); | |||
// TLS1_3_DRAFT_VERSION is not an API-level version. | |||
EXPECT_FALSE( | |||
SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT23_VERSION)); | |||
ERR_clear_error(); | |||
ctx.reset(SSL_CTX_new(DTLS_method())); | |||
ASSERT_TRUE(ctx); | |||
@@ -34,11 +34,6 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { | |||
*out = version; | |||
return true; | |||
case TLS1_3_DRAFT23_VERSION: | |||
case TLS1_3_DRAFT28_VERSION: | |||
*out = TLS1_3_VERSION; | |||
return true; | |||
case DTLS1_VERSION: | |||
// DTLS 1.0 is analogous to TLS 1.1, not TLS 1.0. | |||
*out = TLS1_1_VERSION; | |||
@@ -58,8 +53,6 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) { | |||
static const uint16_t kTLSVersions[] = { | |||
TLS1_3_VERSION, | |||
TLS1_3_DRAFT28_VERSION, | |||
TLS1_3_DRAFT23_VERSION, | |||
TLS1_2_VERSION, | |||
TLS1_1_VERSION, | |||
TLS1_VERSION, | |||
@@ -95,14 +88,10 @@ bool ssl_method_supports_version(const SSL_PROTOCOL_METHOD *method, | |||
} | |||
// The following functions map between API versions and wire versions. The | |||
// public API works on wire versions, except that TLS 1.3 draft versions all | |||
// appear as TLS 1.3. This will get collapsed back down when TLS 1.3 is | |||
// finalized. | |||
// public API works on wire versions. | |||
static const char *ssl_version_to_string(uint16_t version) { | |||
switch (version) { | |||
case TLS1_3_DRAFT23_VERSION: | |||
case TLS1_3_DRAFT28_VERSION: | |||
case TLS1_3_VERSION: | |||
return "TLSv1.3"; | |||
@@ -127,26 +116,11 @@ static const char *ssl_version_to_string(uint16_t version) { | |||
} | |||
static uint16_t wire_version_to_api(uint16_t version) { | |||
switch (version) { | |||
// Report TLS 1.3 draft versions as TLS 1.3 in the public API. | |||
case TLS1_3_DRAFT23_VERSION: | |||
case TLS1_3_DRAFT28_VERSION: | |||
case TLS1_3_VERSION: | |||
return TLS1_3_VERSION; | |||
default: | |||
return version; | |||
} | |||
return version; | |||
} | |||
// api_version_to_wire maps |version| to some representative wire version. In | |||
// particular, it picks an arbitrary TLS 1.3 representative. This should only be | |||
// used in context where that does not matter. | |||
// api_version_to_wire maps |version| to some representative wire version. | |||
static bool api_version_to_wire(uint16_t *out, uint16_t version) { | |||
if (version == TLS1_3_DRAFT23_VERSION || | |||
version == TLS1_3_DRAFT28_VERSION) { | |||
return false; | |||
} | |||
// Check it is a real protocol version. | |||
uint16_t unused; | |||
if (!ssl_protocol_version_from_wire(&unused, version)) { | |||
@@ -299,21 +273,6 @@ bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) { | |||
return false; | |||
} | |||
// If the TLS 1.3 variant is set to |tls13_default|, all variants are enabled, | |||
// otherwise only the matching version is enabled. | |||
if (protocol_version == TLS1_3_VERSION) { | |||
switch (ssl->tls13_variant) { | |||
case tls13_draft23: | |||
return version == TLS1_3_DRAFT23_VERSION; | |||
case tls13_draft28: | |||
return version == TLS1_3_DRAFT28_VERSION; | |||
case tls13_rfc: | |||
return version == TLS1_3_VERSION; | |||
case tls13_all: | |||
return true; | |||
} | |||
} | |||
return true; | |||
} | |||
@@ -373,10 +332,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert, | |||
return false; | |||
} | |||
bool ssl_is_draft28(uint16_t version) { | |||
return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION; | |||
} | |||
BSSL_NAMESPACE_END | |||
using namespace bssl; | |||
@@ -489,16 +489,6 @@ class TLSFuzzer { | |||
SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr); | |||
break; | |||
case kTLS13Variant: { | |||
uint8_t variant; | |||
if (!CBS_get_u8(cbs, &variant)) { | |||
return nullptr; | |||
} | |||
SSL_set_tls13_variant(ssl.get(), | |||
static_cast<tls13_variant_t>(variant)); | |||
break; | |||
} | |||
case kHandoffTag: { | |||
CBS handoff; | |||
if (!CBS_get_u24_length_prefixed(cbs, &handoff)) { | |||
@@ -39,13 +39,10 @@ static const uint16_t kSessionTag = 1; | |||
// certificates. | |||
static const uint16_t kRequestClientCert = 2; | |||
// kTLS13Variant is followed by a u8 denoting the TLS 1.3 variant to configure. | |||
static const uint16_t kTLS13Variant = 3; | |||
// kHandoffTag is followed by the output of |SSL_serialize_handoff|. | |||
static const uint16_t kHandoffTag = 4; | |||
static const uint16_t kHandoffTag = 3; | |||
// kHandbackTag is followed by te output of |SSL_serialize_handback|. | |||
static const uint16_t kHandbackTag = 5; | |||
static const uint16_t kHandbackTag = 4; | |||
#endif // HEADER_SSL_TEST_FUZZER_TAGS |
@@ -32,23 +32,8 @@ const ( | |||
VersionDTLS12 = 0xfefd | |||
) | |||
// A draft version of TLS 1.3 that is sent over the wire for the current draft. | |||
const ( | |||
tls13Draft23Version = 0x7f17 | |||
tls13Draft28Version = 0x7f1c | |||
) | |||
const ( | |||
TLS13RFC = 0 | |||
TLS13Draft23 = 1 | |||
TLS13Draft28 = 2 | |||
TLS13All = 3 | |||
) | |||
var allTLSWireVersions = []uint16{ | |||
VersionTLS13, | |||
tls13Draft28Version, | |||
tls13Draft23Version, | |||
VersionTLS12, | |||
VersionTLS11, | |||
VersionTLS10, | |||
@@ -447,9 +432,6 @@ type Config struct { | |||
// which is currently TLS 1.2. | |||
MaxVersion uint16 | |||
// TLS13Variant is the variant of TLS 1.3 to use. | |||
TLS13Variant int | |||
// CurvePreferences contains the elliptic curves that will be used in | |||
// an ECDHE handshake, in preference order. If empty, the default will | |||
// be used. | |||
@@ -1531,10 +1513,6 @@ type ProtocolBugs struct { | |||
// specified number of plaintext bytes per record. | |||
ExpectPackedEncryptedHandshake int | |||
// ForbidHandshakePacking, if true, requires the peer place a record | |||
// boundary after every handshake message. | |||
ForbidHandshakePacking bool | |||
// SendTicketLifetime, if non-zero, is the ticket lifetime to send in | |||
// NewSessionTicket messages. | |||
SendTicketLifetime time.Duration | |||
@@ -1770,18 +1748,12 @@ func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) { | |||
switch vers { | |||
case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13: | |||
return vers, true | |||
case tls13Draft23Version, tls13Draft28Version: | |||
return VersionTLS13, true | |||
} | |||
} | |||
return 0, false | |||
} | |||
func isDraft28(vers uint16) bool { | |||
return vers == tls13Draft28Version || vers == VersionTLS13 | |||
} | |||
// isSupportedVersion checks if the specified wire version is acceptable. If so, | |||
// it returns true and the corresponding protocol version. Otherwise, it returns | |||
// false. | |||
@@ -1790,26 +1762,6 @@ func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool) | |||
if !ok || c.minVersion(isDTLS) > vers || vers > c.maxVersion(isDTLS) { | |||
return 0, false | |||
} | |||
if vers == VersionTLS13 { | |||
switch c.TLS13Variant { | |||
case TLS13Draft23: | |||
if wireVers != tls13Draft23Version { | |||
return 0, false | |||
} | |||
case TLS13Draft28: | |||
if wireVers != tls13Draft28Version { | |||
return 0, false | |||
} | |||
case TLS13RFC: | |||
if wireVers != VersionTLS13 { | |||
return 0, false | |||
} | |||
case TLS13All: | |||
// Allow all of them. | |||
default: | |||
panic(c.TLS13Variant) | |||
} | |||
} | |||
return vers, true | |||
} | |||
@@ -454,7 +454,7 @@ func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, contentType recor | |||
n := len(payload) - c.Overhead() | |||
additionalData[11] = byte(n >> 8) | |||
additionalData[12] = byte(n) | |||
} else if isDraft28(hc.wireVersion) { | |||
} else { | |||
additionalData = b.data[:recordHeaderLen] | |||
} | |||
var err error | |||
@@ -620,7 +620,7 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int, typ recordType) (bool, | |||
copy(additionalData[8:], b.data[:3]) | |||
additionalData[11] = byte(payloadLen >> 8) | |||
additionalData[12] = byte(payloadLen) | |||
} else if isDraft28(hc.wireVersion) { | |||
} else { | |||
additionalData = make([]byte, 5) | |||
copy(additionalData, b.data[:3]) | |||
n := len(b.data) - recordHeaderLen | |||
@@ -1322,9 +1322,6 @@ func (c *Conn) doReadHandshake() ([]byte, error) { | |||
return nil, err | |||
} | |||
} | |||
if c.hand.Len() > 4+n && c.config.Bugs.ForbidHandshakePacking { | |||
return nil, errors.New("tls: forbidden trailing data after a handshake message") | |||
} | |||
return c.hand.Next(4 + n), nil | |||
} | |||
@@ -424,10 +424,9 @@ NextCipherSuite: | |||
if len(hello.pskIdentities) > 0 { | |||
version := session.wireVersion | |||
// We may have a pre-1.3 session if SendBothTickets is | |||
// set. Fill in an arbitrary TLS 1.3 version to compute | |||
// the binder. | |||
// set. | |||
if session.vers < VersionTLS13 { | |||
version = tls13Draft23Version | |||
version = VersionTLS13 | |||
} | |||
generatePSKBinders(version, hello, pskCipherSuite, session.masterSecret, []byte{}, []byte{}, c.config) | |||
} | |||
@@ -59,12 +59,6 @@ bool SettingsWriter::Init(int i, const TestConfig *config, | |||
return false; | |||
} | |||
if (config->tls13_variant != 0 && | |||
(!CBB_add_u16(cbb_.get(), kTLS13Variant) || | |||
!CBB_add_u8(cbb_.get(), static_cast<uint8_t>(config->tls13_variant)))) { | |||
return false; | |||
} | |||
return true; | |||
} | |||
@@ -218,7 +218,6 @@ const Flag<int> kIntFlags[] = { | |||
{ "-max-send-fragment", &TestConfig::max_send_fragment }, | |||
{ "-read-size", &TestConfig::read_size }, | |||
{ "-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew }, | |||
{ "-tls13-variant", &TestConfig::tls13_variant }, | |||
}; | |||
const Flag<std::vector<int>> kIntVectorFlags[] = { | |||
@@ -1247,9 +1246,6 @@ bssl::UniquePtr<SSL_CTX> TestConfig::SetupCtx(SSL_CTX *old_ctx) const { | |||
SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1); | |||
} | |||
SSL_CTX_set_tls13_variant(ssl_ctx.get(), | |||
static_cast<enum tls13_variant_t>(tls13_variant)); | |||
if (allow_unknown_alpn_protos) { | |||
SSL_CTX_set_allow_unknown_alpn_protos(ssl_ctx.get(), 1); | |||
} | |||
@@ -104,7 +104,6 @@ struct TestConfig { | |||
bool use_ticket_callback = false; | |||
bool renew_ticket = false; | |||
bool enable_early_data = false; | |||
int tls13_variant = 0; | |||
bool enable_client_custom_extension = false; | |||
bool enable_server_custom_extension = false; | |||
bool custom_extension_skip = false; | |||
@@ -294,16 +294,14 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) { | |||
return ssl_hs_error; | |||
} | |||
if (ssl_is_draft28(ssl->version)) { | |||
// Recheck supported_versions, in case this is the second ServerHello. | |||
uint16_t version; | |||
if (!have_supported_versions || | |||
!CBS_get_u16(&supported_versions, &version) || | |||
version != ssl->version) { | |||
OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH); | |||
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); | |||
return ssl_hs_error; | |||
} | |||
// Recheck supported_versions, in case this is the second ServerHello. | |||
uint16_t version; | |||
if (!have_supported_versions || | |||
!CBS_get_u16(&supported_versions, &version) || | |||
version != ssl->version) { | |||
OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH); | |||
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER); | |||
return ssl_hs_error; | |||
} | |||
alert = SSL_AD_DECODE_ERROR; | |||
@@ -125,10 +125,6 @@ static const struct argument kArguments[] = { | |||
"this flag is the early data to send or if it starts with '@', the " | |||
"file to read from for early data.", | |||
}, | |||
{ | |||
"-tls13-variant", kOptionalArgument, | |||
"Enable the specified experimental TLS 1.3 variant", | |||
}, | |||
{ | |||
"-ed25519", kBooleanArgument, "Advertise Ed25519 support", | |||
}, | |||
@@ -328,26 +324,6 @@ static bool DoConnection(SSL_CTX *ctx, | |||
return cb(ssl.get(), sock); | |||
} | |||
static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) { | |||
if (in == "draft23") { | |||
*out = tls13_draft23; | |||
return true; | |||
} | |||
if (in == "draft28") { | |||
*out = tls13_draft28; | |||
return true; | |||
} | |||
if (in == "rfc") { | |||
*out = tls13_rfc; | |||
return true; | |||
} | |||
if (in == "all") { | |||
*out = tls13_all; | |||
return true; | |||
} | |||
return false; | |||
} | |||
static void InfoCallback(const SSL *ssl, int type, int value) { | |||
switch (type) { | |||
case SSL_CB_HANDSHAKE_START: | |||
@@ -528,16 +504,6 @@ bool Client(const std::vector<std::string> &args) { | |||
SSL_CTX_set_early_data_enabled(ctx.get(), 1); | |||
} | |||
if (args_map.count("-tls13-variant") != 0) { | |||
tls13_variant_t variant; | |||
if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) { | |||
fprintf(stderr, "Unknown TLS 1.3 variant: %s\n", | |||
args_map["-tls13-variant"].c_str()); | |||
return false; | |||
} | |||
SSL_CTX_set_tls13_variant(ctx.get(), variant); | |||
} | |||
if (args_map.count("-ed25519") != 0) { | |||
SSL_CTX_set_ed25519_enabled(ctx.get(), 1); | |||
} | |||
@@ -67,10 +67,6 @@ static const struct argument kArguments[] = { | |||
{ | |||
"-early-data", kBooleanArgument, "Allow early data", | |||
}, | |||
{ | |||
"-tls13-variant", kOptionalArgument, | |||
"Enable the specified experimental TLS 1.3 variant", | |||
}, | |||
{ | |||
"-www", kBooleanArgument, | |||
"The server will print connection information in response to a " | |||
@@ -152,26 +148,6 @@ static bssl::UniquePtr<X509> MakeSelfSignedCert(EVP_PKEY *evp_pkey, | |||
return x509; | |||
} | |||
static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) { | |||
if (in == "draft23") { | |||
*out = tls13_draft23; | |||
return true; | |||
} | |||
if (in == "draft28") { | |||
*out = tls13_draft28; | |||
return true; | |||
} | |||
if (in == "rfc") { | |||
*out = tls13_rfc; | |||
return true; | |||
} | |||
if (in == "all") { | |||
*out = tls13_all; | |||
return true; | |||
} | |||
return false; | |||
} | |||
static void InfoCallback(const SSL *ssl, int type, int value) { | |||
switch (type) { | |||
case SSL_CB_HANDSHAKE_START: | |||
@@ -331,16 +307,6 @@ bool Server(const std::vector<std::string> &args) { | |||
SSL_CTX_set_early_data_enabled(ctx.get(), 1); | |||
} | |||
if (args_map.count("-tls13-variant") != 0) { | |||
tls13_variant_t variant; | |||
if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) { | |||
fprintf(stderr, "Unknown TLS 1.3 variant: %s\n", | |||
args_map["-tls13-variant"].c_str()); | |||
return false; | |||
} | |||
SSL_CTX_set_tls13_variant(ctx.get(), variant); | |||
} | |||
if (args_map.count("-debug") != 0) { | |||
SSL_CTX_set_info_callback(ctx.get(), InfoCallback); | |||
} | |||