commit f1af129fb4ddb44bfd1c4aeaa5e07676c43faf28
author Steven Valdez <svaldez@google.com> Mon Aug 13 10:54:48 2018 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Aug 15 15:23:43 2018 +0000
tree 677111c5910247302c4f267b0b3c02e3087beec8
parent ae3223957f1b6c31ef305b99e9d901849722f668

Implement TLS 1.3 anti-downgrade signal.

Change-Id: Ib4739350948ec339457d993daef582748ed8f100
Reviewed-on: https://boringssl-review.googlesource.com/30924
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

ssl/tls13_both.cc

diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index d6ebb4c..ce9dd3c 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -43,12 +43,11 @@
     0x8c, 0x5e, 0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c,
 };
 
-// This value was selected by truncating the SHA-256 hash of "Draft TLS 1.3
-// Downgrade" to 8 bytes:
-//
-//   echo -n 'Draft TLS 1.3 Downgrade' | sha256sum | head -c 16
-const uint8_t kDraftDowngradeRandom[8] = {0x95, 0xb9, 0x9f, 0x87,
-                                          0x22, 0xfe, 0x9b, 0x64};
+const uint8_t kTLS12DowngradeRandom[8] = {0x44, 0x4f, 0x57, 0x4e,
+                                          0x47, 0x52, 0x44, 0x00};
+
+const uint8_t kTLS13DowngradeRandom[8] = {0x44, 0x4f, 0x57, 0x4e,
+                                          0x47, 0x52, 0x44, 0x01};
 
 
 bool tls13_get_cert_verify_signature_input(