Adding TLS 1.3 variant to SSL*.
Change-Id: I3de3c48a1de59c2b8de348253ce62a648aa6d6eb
Reviewed-on: https://boringssl-review.googlesource.com/17724
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ca1e9e8..256485c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3148,6 +3148,12 @@
OPENSSL_EXPORT void SSL_CTX_set_tls13_variant(SSL_CTX *ctx,
enum tls13_variant_t variant);
+/* SSL_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
+ * server, if |variant| is not |tls13_default|, all variants are enabled. On the
+ * client, only the configured variant is enabled. */
+OPENSSL_EXPORT void SSL_set_tls13_variant(SSL *ssl,
+ enum tls13_variant_t variant);
+
/* SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer
* certificate chain. */
#define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100)
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 0738e42..78bd1de 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -673,7 +673,7 @@
/* In TLS 1.3 experimental encodings, send a fake placeholder session ID
* when we do not otherwise have one to send. */
if (hs->max_version >= TLS1_3_VERSION &&
- ssl->ctx->tls13_variant != tls13_default &&
+ ssl->tls13_variant != tls13_default &&
!CBB_add_bytes(&child, hs->session_id, hs->session_id_len)) {
goto err;
}
@@ -762,7 +762,7 @@
}
/* Initialize a random session ID for the experimental TLS 1.3 variant. */
- if (ssl->ctx->tls13_variant != tls13_default) {
+ if (ssl->tls13_variant != tls13_default) {
hs->session_id_len = sizeof(hs->session_id);
if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
return -1;
diff --git a/ssl/internal.h b/ssl/internal.h
index 45f918e..3c9815e 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1902,6 +1902,10 @@
* further constrainted by |SSL_OP_NO_*|. */
uint16_t conf_min_version;
+ /* tls13_variant is the variant of TLS 1.3 we are using for this
+ * configuration. */
+ enum tls13_variant_t tls13_variant;
+
uint16_t max_send_fragment;
/* There are 2 BIO's even though they are normally both the same. This is so
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d8d3f4d..d88427a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -373,6 +373,7 @@
ssl->conf_min_version = ctx->conf_min_version;
ssl->conf_max_version = ctx->conf_max_version;
+ ssl->tls13_variant = ctx->tls13_variant;
/* RFC 6347 states that implementations SHOULD use an initial timer value of
* 1 second. */
@@ -849,6 +850,10 @@
ctx->tls13_variant = variant;
}
+void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) {
+ ssl->tls13_variant = variant;
+}
+
void SSL_set_early_data_enabled(SSL *ssl, int enabled) {
ssl->cert->enable_early_data = !!enabled;
}
diff --git a/ssl/ssl_versions.c b/ssl/ssl_versions.c
index 3945f7f..387eee7 100644
--- a/ssl/ssl_versions.c
+++ b/ssl/ssl_versions.c
@@ -300,14 +300,14 @@
* support all TLS 1.3 variants as long as tls13_variant is set to a
* non-default value. */
if (ssl->server) {
- if (ssl->ctx->tls13_variant == tls13_default &&
+ if (ssl->tls13_variant == tls13_default &&
version == TLS1_3_EXPERIMENT_VERSION) {
return 0;
}
} else {
- if ((ssl->ctx->tls13_variant != tls13_experiment &&
+ if ((ssl->tls13_variant != tls13_experiment &&
version == TLS1_3_EXPERIMENT_VERSION) ||
- (ssl->ctx->tls13_variant != tls13_default &&
+ (ssl->tls13_variant != tls13_default &&
version == TLS1_3_DRAFT_VERSION)) {
return 0;
}
