Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update inc/openssl_install.inc OpenSSL 1.1.1 optional patch
- experimental OpenSSL 1.1.1 patch to backport TLS 1.3 draft 23, 26, 27 and 28 support when persistent config file /etc/centminmod/custom_config.inc set to OPENSSL_TLSONETHREE_BACKPORTDRAFTS='y' prior to nginx recompiles via centmin.sh menu option 4
- Loading branch information
1 parent
6cc3727
commit 884c0ab
Showing
2 changed files
with
253 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,227 @@ | ||
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h | ||
index 0a18a43544..c31597584b 100644 | ||
--- a/include/openssl/ssl.h | ||
+++ b/include/openssl/ssl.h | ||
@@ -173,12 +173,12 @@ extern "C" { | ||
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" | ||
/* This is the default set of TLSv1.3 ciphersuites */ | ||
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) | ||
-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ | ||
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \ | ||
"TLS_CHACHA20_POLY1305_SHA256:" \ | ||
- "TLS_AES_128_GCM_SHA256" | ||
+ "TLS_AES_256_GCM_SHA384" | ||
# else | ||
-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \ | ||
- "TLS_AES_128_GCM_SHA256" | ||
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \ | ||
+ "TLS_AES_256_GCM_SHA384" | ||
#endif | ||
/* | ||
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always | ||
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h | ||
index 2e46cf80d3..0accc837a3 100644 | ||
--- a/include/openssl/tls1.h | ||
+++ b/include/openssl/tls1.h | ||
@@ -30,6 +30,16 @@ extern "C" { | ||
# define TLS1_3_VERSION 0x0304 | ||
# define TLS_MAX_VERSION TLS1_3_VERSION | ||
|
||
+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */ | ||
+# define TLS1_3_VERSION_DRAFT_23 0x7f17 | ||
+# define TLS1_3_VERSION_DRAFT_26 0x7f1a | ||
+# define TLS1_3_VERSION_DRAFT_27 0x7f1b | ||
+# define TLS1_3_VERSION_DRAFT 0x7f1c | ||
+# define TLS1_3_VERSION_DRAFT_TXT_23 "TLS 1.3 (draft 23)" | ||
+# define TLS1_3_VERSION_DRAFT_TXT_26 "TLS 1.3 (draft 26)" | ||
+# define TLS1_3_VERSION_DRAFT_TXT_27 "TLS 1.3 (draft 27)" | ||
+# define TLS1_3_VERSION_DRAFT_TXT "TLS 1.3 (draft 28)" | ||
+ | ||
/* Special value for method supporting multiple versions */ | ||
# define TLS_ANY_VERSION 0x10000 | ||
|
||
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c | ||
index a11ed483e6..4fd583dd03 100644 | ||
--- a/ssl/record/ssl3_record_tls13.c | ||
+++ b/ssl/record/ssl3_record_tls13.c | ||
@@ -173,8 +173,9 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending) | ||
if (((alg_enc & SSL_AESCCM) != 0 | ||
&& EVP_CipherUpdate(ctx, NULL, &lenu, NULL, | ||
(unsigned int)rec->length) <= 0) | ||
- || EVP_CipherUpdate(ctx, NULL, &lenu, recheader, | ||
- sizeof(recheader)) <= 0 | ||
+ || (s->version_draft != TLS1_3_VERSION_DRAFT_23 | ||
+ && EVP_CipherUpdate(ctx, NULL, &lenu, recheader, | ||
+ sizeof(recheader)) <= 0) | ||
|| EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input, | ||
(unsigned int)rec->length) <= 0 | ||
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0 | ||
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h | ||
index e8819e7a28..9afa488822 100644 | ||
--- a/ssl/ssl_locl.h | ||
+++ b/ssl/ssl_locl.h | ||
@@ -1074,6 +1111,8 @@ struct ssl_st { | ||
* DTLS1_VERSION) | ||
*/ | ||
int version; | ||
+ /* TODO(TLS1.3): Remove this before release */ | ||
+ int version_draft; | ||
/* SSLv3 */ | ||
const SSL_METHOD *method; | ||
/* | ||
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c | ||
index 4b5e6fe2b8..99981c9e37 100644 | ||
--- a/ssl/statem/extensions_clnt.c | ||
+++ b/ssl/statem/extensions_clnt.c | ||
@@ -530,8 +530,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, | ||
return EXT_RETURN_FAIL; | ||
} | ||
|
||
+ /* | ||
+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether | ||
+ * we should include versions <TLS1.2. For the moment we do. To be | ||
+ * reviewed later. | ||
+ */ | ||
for (currv = max_version; currv >= min_version; currv--) { | ||
- if (!WPACKET_put_bytes_u16(pkt, currv)) { | ||
+ /* TODO(TLS1.3): Remove this first if clause prior to release!! */ | ||
+ if (currv == TLS1_3_VERSION) { | ||
+ if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION) | ||
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT) | ||
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27) | ||
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26) | ||
+ || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_23)) { | ||
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, | ||
+ SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, | ||
+ ERR_R_INTERNAL_ERROR); | ||
+ return EXT_RETURN_FAIL; | ||
+ } | ||
+ } else if (!WPACKET_put_bytes_u16(pkt, currv)) { | ||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, | ||
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, | ||
ERR_R_INTERNAL_ERROR); | ||
@@ -1760,6 +1777,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, | ||
return 0; | ||
} | ||
|
||
+ /* TODO(TLS1.3): Remove this before release */ | ||
+ if (version == TLS1_3_VERSION_DRAFT | ||
+ || version == TLS1_3_VERSION_DRAFT_27 | ||
+ || version == TLS1_3_VERSION_DRAFT_26 | ||
+ || version == TLS1_3_VERSION_DRAFT_23) { | ||
+ s->version_draft = version; | ||
+ version = TLS1_3_VERSION; | ||
+ } | ||
+ | ||
/* | ||
* The only protocol version we support which is valid in this extension in | ||
* a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else. | ||
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c | ||
index 0f2b22392b..6c1ce9813f 100644 | ||
--- a/ssl/statem/extensions_srvr.c | ||
+++ b/ssl/statem/extensions_srvr.c | ||
@@ -897,7 +897,8 @@ int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, | ||
} | ||
if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions) | ||
|| !WPACKET_start_sub_packet_u16(&hrrpkt) | ||
- || !WPACKET_put_bytes_u16(&hrrpkt, s->version) | ||
+ /* TODO(TLS1.3): Fix this before release */ | ||
+ || !WPACKET_put_bytes_u16(&hrrpkt, s->version_draft) | ||
|| !WPACKET_close(&hrrpkt)) { | ||
WPACKET_cleanup(&hrrpkt); | ||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE, | ||
@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, | ||
|
||
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions) | ||
|| !WPACKET_start_sub_packet_u16(pkt) | ||
- || !WPACKET_put_bytes_u16(pkt, s->version) | ||
+ /* TODO(TLS1.3): Update to remove the TLSv1.3 draft indicator */ | ||
+ || !WPACKET_put_bytes_u16(pkt, s->version_draft) | ||
|| !WPACKET_close(pkt)) { | ||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, | ||
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, | ||
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c | ||
index 508bb88767..ee927baf64 100644 | ||
--- a/ssl/statem/statem_lib.c | ||
+++ b/ssl/statem/statem_lib.c | ||
@@ -1753,6 +1753,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) | ||
unsigned int best_vers = 0; | ||
const SSL_METHOD *best_method = NULL; | ||
PACKET versionslist; | ||
+ /* TODO(TLS1.3): Remove this before release */ | ||
+ unsigned int orig_candidate = 0; | ||
|
||
suppversions->parsed = 1; | ||
|
||
@@ -1774,6 +1776,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) | ||
return SSL_R_BAD_LEGACY_VERSION; | ||
|
||
while (PACKET_get_net_2(&versionslist, &candidate_vers)) { | ||
+ /* TODO(TLS1.3): Remove this before release */ | ||
+ if (candidate_vers == TLS1_3_VERSION | ||
+ || candidate_vers == TLS1_3_VERSION_DRAFT | ||
+ || candidate_vers == TLS1_3_VERSION_DRAFT_26 | ||
+ || candidate_vers == TLS1_3_VERSION_DRAFT_23) { | ||
+ if (best_vers == TLS1_3_VERSION | ||
+ && (orig_candidate > candidate_vers | ||
+ || orig_candidate == TLS1_3_VERSION)) | ||
+ continue; | ||
+ orig_candidate = candidate_vers; | ||
+ candidate_vers = TLS1_3_VERSION; | ||
+ } | ||
+ /* | ||
+ * TODO(TLS1.3): There is some discussion on the TLS list about | ||
+ * whether to ignore versions <TLS1.2 in supported_versions. At the | ||
+ * moment we honour them if present. To be reviewed later | ||
+ */ | ||
if (version_cmp(s, candidate_vers, best_vers) <= 0) | ||
continue; | ||
if (ssl_version_supported(s, candidate_vers, &best_method)) | ||
@@ -1796,6 +1815,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) | ||
} | ||
check_for_downgrade(s, best_vers, dgrd); | ||
s->version = best_vers; | ||
+ /* TODO(TLS1.3): Remove this before release */ | ||
+ if (best_vers == TLS1_3_VERSION) | ||
+ s->version_draft = orig_candidate; | ||
s->method = best_method; | ||
return 0; | ||
} | ||
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c | ||
index be3039af38..99c4ddcb41 100644 | ||
--- a/ssl/t1_trce.c | ||
+++ b/ssl/t1_trce.c | ||
@@ -65,6 +65,11 @@ static const ssl_trace_tbl ssl_version_tbl[] = { | ||
{TLS1_1_VERSION, "TLS 1.1"}, | ||
{TLS1_2_VERSION, "TLS 1.2"}, | ||
{TLS1_3_VERSION, "TLS 1.3"}, | ||
+ /* TODO(TLS1.3): Remove these lines before release */ | ||
+ {TLS1_3_VERSION_DRAFT_23, TLS1_3_VERSION_DRAFT_TXT_23}, | ||
+ {TLS1_3_VERSION_DRAFT_26, TLS1_3_VERSION_DRAFT_TXT_26}, | ||
+ {TLS1_3_VERSION_DRAFT_27, TLS1_3_VERSION_DRAFT_TXT_27}, | ||
+ {TLS1_3_VERSION_DRAFT, TLS1_3_VERSION_DRAFT_TXT}, | ||
{DTLS1_VERSION, "DTLS 1.0"}, | ||
{DTLS1_2_VERSION, "DTLS 1.2"}, | ||
{DTLS1_BAD_VER, "DTLS 1.0 (bad)"} | ||
@@ -638,8 +643,19 @@ static int ssl_print_version(BIO *bio, int indent, const char *name, | ||
if (*pmsglen < 2) | ||
return 0; | ||
vers = ((*pmsg)[0] << 8) | (*pmsg)[1]; | ||
- if (version != NULL) | ||
- *version = vers; | ||
+ if (version != NULL) { | ||
+ /* TODO(TLS1.3): Remove the draft conditional here before release */ | ||
+ switch(vers) { | ||
+ case TLS1_3_VERSION_DRAFT_23: | ||
+ case TLS1_3_VERSION_DRAFT_26: | ||
+ case TLS1_3_VERSION_DRAFT_27: | ||
+ case TLS1_3_VERSION_DRAFT: | ||
+ *version = TLS1_3_VERSION; | ||
+ break; | ||
+ default: | ||
+ *version = vers; | ||
+ } | ||
+ } | ||
BIO_indent(bio, indent, 80); | ||
BIO_printf(bio, "%s=0x%x (%s)\n", | ||
name, vers, ssl_trace_str(vers, ssl_version_tbl)); |