Google Git
Sign in
boringssl / boringssl.git / a1d3bfb64fd7ef2cb178b5b515522ffd75d7b8c5^! / . / ssl
commita1d3bfb64fd7ef2cb178b5b515522ffd75d7b8c5[log] [tgz]
authorDavid Benjamin <davidben@google.com>Tue Jun 01 12:12:44 2021 -0400
committerAdam Langley <agl@google.com>Wed Jun 02 16:20:26 2021 +0000
tree6d2490ed60e98d6dc40886766a238bfd87c2c674
parentcf816d08252a63ed41c788d4a263b4e88aa9aa2b [diff]
Cite an RFC over 9000 (draft-ietf-quic-tls is now RFC 9001).

Also now that it's finalized, flip the default for
SSL_set_quic_use_legacy_codepoint.

Update-Note: QUIC APIs now default to the standard code point rather
than the draft one. QUICHE has already been calling
SSL_set_quic_use_legacy_codepoint, so this should not affect them. Once
callers implementing the draft versions cycle out, we can then drop
SSL_set_quic_use_legacy_codepoint altogether. I've also bumped
BORINGSSL_API_VERSION in case we end up needing an ifdef.

Change-Id: Id2cab66215f4ad4c1e31503d329c0febfdb4603e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47864
Reviewed-by: David Schinazi <dschinazi@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 5b06005..a05b9b1 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc

@@ -730,7 +730,7 @@
       handoff(false),
       shed_handshake_config(false),
       jdk11_workaround(false),
-      quic_use_legacy_codepoint(true) {
+      quic_use_legacy_codepoint(false) {
   assert(ssl);
 }
 

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 67f18fd..420b6ee 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc

@@ -2646,7 +2646,7 @@
     return true;
   }
 
-  uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
+  uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters;
   if (hs->config->quic_use_legacy_codepoint) {
     extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
   }
@@ -2782,7 +2782,7 @@
     return true;
   }
 
-  uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
+  uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters;
   if (hs->config->quic_use_legacy_codepoint) {
     extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
   }
@@ -3251,7 +3251,7 @@
     dont_add_serverhello,
   },
   {
-    TLSEXT_TYPE_quic_transport_parameters_standard,
+    TLSEXT_TYPE_quic_transport_parameters,
     NULL,
     ext_quic_transport_params_add_clienthello,
     ext_quic_transport_params_parse_serverhello,

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index fa2ba6c..4e84a0e 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go

@@ -119,7 +119,7 @@
 	extensionCertificateAuthorities     uint16 = 47
 	extensionSignatureAlgorithmsCert    uint16 = 50
 	extensionKeyShare                   uint16 = 51
-	extensionQUICTransportParams        uint16 = 57    // draft-ietf-quic-tls-33 and later
+	extensionQUICTransportParams        uint16 = 57
 	extensionCustom                     uint16 = 1234  // not IANA assigned
 	extensionNextProtoNeg               uint16 = 13172 // not IANA assigned
 	extensionApplicationSettings        uint16 = 17513 // not IANA assigned

diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index d23cf6c..8ba6b4d 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc

@@ -713,8 +713,7 @@
   SSL *const ssl = hs->ssl;
 
   if (ssl->s3->early_data_accepted) {
-    // QUIC omits the EndOfEarlyData message. See draft-ietf-quic-tls-22,
-    // section 8.3.
+    // QUIC omits the EndOfEarlyData message. See RFC 9001, section 8.3.
     if (ssl->quic_method == nullptr) {
       ScopedCBB cbb;
       CBB body;
@@ -1044,7 +1043,7 @@
     }
 
     // QUIC does not use the max_early_data_size parameter and always sets it to
-    // a fixed value. See draft-ietf-quic-tls-22, section 4.5.
+    // a fixed value. See RFC 9001, section 4.6.1.
     if (ssl->quic_method != nullptr &&
         session->ticket_max_early_data != 0xffffffff) {
       ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);

diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index cb14e7e..c2a66a8 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc

@@ -155,7 +155,7 @@
         (!ssl->quic_method || !ssl->config->quic_early_data_context.empty());
     if (enable_early_data) {
       // QUIC does not use the max_early_data_size parameter and always sets it
-      // to a fixed value. See draft-ietf-quic-tls-22, section 4.5.
+      // to a fixed value. See RFC 9001, section 4.6.1.
       session->ticket_max_early_data =
           ssl->quic_method != nullptr ? 0xffffffff : kMaxEarlyDataAccepted;
     }
@@ -979,9 +979,8 @@
     hs->in_early_data = true;
   }
 
-  // QUIC doesn't use an EndOfEarlyData message (draft-ietf-quic-tls-22,
-  // section 8.3), so we switch to client_handshake_secret before the early
-  // return.
+  // QUIC doesn't use an EndOfEarlyData message (RFC 9001, section 8.3), so we
+  // switch to client_handshake_secret before the early return.
   if (ssl->quic_method != nullptr) {
     if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
                                hs->new_session.get(),