Update code for the final RFC version of TLSv1.3 (RFC8446)

Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
author: Matt Caswell <matt@openssl.org> 2018-07-18 17:05:49 +0200
committer: Matt Caswell <matt@openssl.org> 2018-08-15 13:33:30 +0200
commit: 35e742ecac9239539db016e1282b4cbdf501509c (patch)
tree: 69505449d87cb5902f7db623738266782bb98ac2 /ssl/statem/extensions_clnt.c
parent: Add SHA3 HMAC test vectors from NIST. (diff)
download: openssl-35e742ecac9239539db016e1282b4cbdf501509c.tar.xz
openssl-35e742ecac9239539db016e1282b4cbdf501509c.zip
1 files changed, 1 insertions, 22 deletions
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index cc4563b357..86d6189ea1 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -530,23 +530,8 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
         return EXT_RETURN_FAIL;
     }
 
-    /*
-     * TODO(TLS1.3): There is some discussion on the TLS list as to whether
-     * we should include versions <TLS1.2. For the moment we do. To be
-     * reviewed later.
-     */
     for (currv = max_version; currv >= min_version; currv--) {
-        /* TODO(TLS1.3): Remove this first if clause prior to release!! */
-        if (currv == TLS1_3_VERSION) {
-            if (!WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT)
-                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_27)
-                    || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION_DRAFT_26)) {
-                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
-                         SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
-                         ERR_R_INTERNAL_ERROR);
-                return EXT_RETURN_FAIL;
-            }
-        } else if (!WPACKET_put_bytes_u16(pkt, currv)) {
+        if (!WPACKET_put_bytes_u16(pkt, currv)) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
                      ERR_R_INTERNAL_ERROR);
@@ -1790,12 +1775,6 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
         return 0;
     }
 
-    /* TODO(TLS1.3): Remove this before release */
-    if (version == TLS1_3_VERSION_DRAFT
-            || version == TLS1_3_VERSION_DRAFT_27
-            || version == TLS1_3_VERSION_DRAFT_26)
-        version = TLS1_3_VERSION;
-
     /*
      * The only protocol version we support which is valid in this extension in
      * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
author	Matt Caswell <matt@openssl.org>	2018-07-18 17:05:49 +0200
committer	Matt Caswell <matt@openssl.org>	2018-08-15 13:33:30 +0200
commit	35e742ecac9239539db016e1282b4cbdf501509c (patch)
tree	69505449d87cb5902f7db623738266782bb98ac2 /ssl/statem/extensions_clnt.c
parent	Add SHA3 HMAC test vectors from NIST. (diff)
download	openssl-35e742ecac9239539db016e1282b4cbdf501509c.tar.xz openssl-35e742ecac9239539db016e1282b4cbdf501509c.zip