Google Git
Sign in
boringssl/boringssl.git/861f384d7bc59241a9df1634ae938d8e75be2d30^!/./ssl/ssl_versions.cc
commit
861f384d7bc59241a9df1634ae938d8e75be2d30
[log]
author
Steven Valdez <svaldez@google.com>
Tue Mar 27 13:15:26 2018 -0400
committer
CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Thu Apr 05 03:36:11 2018 +0000
tree
a031e0b48be39ad227689cd625c0235224d43b7d
parent
eda47f5d98d46cca612152c648ad98c74619d946 [diff] [blame]
Implement TLS 1.3 draft28.

Change-Id: I7298c878bd2c8187dbd25903e397e8f0c2575aa4
Reviewed-on: https://boringssl-review.googlesource.com/26846
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
index aeb41d3..73ea26f 100644
--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc

@@ -35,6 +35,7 @@
       return true;
 
     case TLS1_3_DRAFT23_VERSION:
+    case TLS1_3_DRAFT28_VERSION:
       *out = TLS1_3_VERSION;
       return true;
 
@@ -57,6 +58,7 @@
 
 static const uint16_t kTLSVersions[] = {
     TLS1_3_DRAFT23_VERSION,
+    TLS1_3_DRAFT28_VERSION,
     TLS1_2_VERSION,
     TLS1_1_VERSION,
     TLS1_VERSION,
@@ -100,6 +102,7 @@
 static const char *ssl_version_to_string(uint16_t version) {
   switch (version) {
     case TLS1_3_DRAFT23_VERSION:
+    case TLS1_3_DRAFT28_VERSION:
       return "TLSv1.3";
 
     case TLS1_2_VERSION:
@@ -129,6 +132,7 @@
   switch (version) {
     // Report TLS 1.3 draft versions as TLS 1.3 in the public API.
     case TLS1_3_DRAFT23_VERSION:
+    case TLS1_3_DRAFT28_VERSION:
       return TLS1_3_VERSION;
     default:
       return version;
@@ -139,7 +143,8 @@
 // particular, it picks an arbitrary TLS 1.3 representative. This should only be
 // used in context where that does not matter.
 static bool api_version_to_wire(uint16_t *out, uint16_t version) {
-  if (version == TLS1_3_DRAFT23_VERSION) {
+  if (version == TLS1_3_DRAFT23_VERSION ||
+      version == TLS1_3_DRAFT28_VERSION) {
     return false;
   }
   if (version == TLS1_3_VERSION) {
@@ -295,20 +300,15 @@
   }
 
   // This logic is part of the TLS 1.3 variants mechanism used in TLS 1.3
-  // experimentation. Although we currently only have one variant, TLS 1.3 does
-  // not a final stable deployment yet, so leave the logic in place for now.
+  // experimentation. TLS 1.3 variants must match the enabled |tls13_variant|.
   if (protocol_version != TLS1_3_VERSION ||
+      (ssl->tls13_variant == tls13_draft28 &&
+       version == TLS1_3_DRAFT28_VERSION) ||
       (ssl->tls13_variant == tls13_default &&
        version == TLS1_3_DRAFT23_VERSION)) {
     return true;
   }
 
-  // The server, when not configured at |tls13_default|, should additionally
-  // enable all variants.
-  if (ssl->server && ssl->tls13_variant != tls13_default) {
-    return true;
-  }
-
   return false;
 }
 
@@ -356,6 +356,10 @@
   return false;
 }
 
+bool ssl_is_draft28(uint16_t version) {
+  return version == TLS1_3_DRAFT28_VERSION;
+}
+
 }  // namespace bssl
 
 using namespace bssl;