Switch to the actual DTLS 1.3 codepoint

I believe our implementation is interoperable at this point. Bug: 42290594 Change-Id: Id802b626a3028a3f2d4e89dfd3fcb69b51572b7d Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/73650 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Nick Harper <[email protected]>
google · Dec 6, 2024 · bbf03ea · bbf03ea
1 parent 80defe9
commit bbf03ea
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 37 deletions.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
@@ -672,17 +672,7 @@ OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
 
 #define DTLS1_VERSION 0xfeff
 #define DTLS1_2_VERSION 0xfefd
-// DTLS1_3_EXPERIMENTAL_VERSION gates experimental, in-progress code for DTLS
-// 1.3.
-//
-// WARNING: Do not use this value. BoringSSL's DTLS 1.3 implementation is still
-// under development. The code enabled by this value is neither stable nor
-// secure. It does not correspond to any real protocol. It is also incompatible
-// with other DTLS implementations, and it is not compatible with future or past
-// versions of BoringSSL.
-//
-// When the DTLS 1.3 implementation is complete, this symbol will be replaced.
-#define DTLS1_3_EXPERIMENTAL_VERSION 0xfc25
+#define DTLS1_3_VERSION 0xfefc
 
 // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
 // |version|. If |version| is zero, the default minimum version is used. It

diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
@@ -92,7 +92,7 @@ static const VersionParam kAllVersions[] = {
     {TLS1_3_VERSION, VersionParam::is_tls, "TLS1_3"},
     {DTLS1_VERSION, VersionParam::is_dtls, "DTLS1"},
     {DTLS1_2_VERSION, VersionParam::is_dtls, "DTLS1_2"},
-    {DTLS1_3_EXPERIMENTAL_VERSION, VersionParam::is_dtls, "DTLS1_3"},
+    {DTLS1_3_VERSION, VersionParam::is_dtls, "DTLS1_3"},
 };
 
 struct ExpectedCipher {
@@ -2765,8 +2765,7 @@ class SSLVersionTest : public ::testing::TestWithParam<VersionParam> {
   uint16_t version() const { return GetParam().version; }
 
   bool is_tls13() const {
-    return version() == TLS1_3_VERSION ||
-           version() == DTLS1_3_EXPERIMENTAL_VERSION;
+    return version() == TLS1_3_VERSION || version() == DTLS1_3_VERSION;
   }
 
   bool is_dtls() const {
@@ -2799,7 +2798,7 @@ TEST_P(SSLVersionTest, SequenceNumber) {
   uint64_t server_write_seq = SSL_get_write_sequence(server_.get());
 
   if (is_dtls()) {
-    if (version() == DTLS1_3_EXPERIMENTAL_VERSION) {
+    if (version() == DTLS1_3_VERSION) {
       // Both client and server must be at epoch 3 (application data).
       EXPECT_EQ(EpochFromSequence(client_write_seq), 3);
       EXPECT_EQ(EpochFromSequence(server_write_seq), 3);
@@ -2830,7 +2829,7 @@ TEST_P(SSLVersionTest, SequenceNumber) {
   EXPECT_EQ(SSL_write(client_.get(), &byte, 1), 1);
   EXPECT_EQ(SSL_read(server_.get(), &byte, 1), 1);
 
-  if (version() == DTLS1_3_EXPERIMENTAL_VERSION) {
+  if (version() == DTLS1_3_VERSION) {
     // TODO(crbug.com/42290608): Write an appropriate test for incrementing both
     // sequence number and epoch in the following test. The server read seq was
     // in epoch 2, but after the write it's in epoch 3, so adding 1 doesn't work
@@ -3985,7 +3984,7 @@ static const char *GetVersionName(uint16_t version) {
       return "DTLSv1";
     case DTLS1_2_VERSION:
       return "DTLSv1.2";
-    case DTLS1_3_EXPERIMENTAL_VERSION:
+    case DTLS1_3_VERSION:
       return "DTLSv1.3";
     default:
       return "???";
@@ -4376,7 +4375,7 @@ TEST_P(SSLVersionTest, SSLWriteRetry) {
 }
 
 TEST_P(SSLVersionTest, RecordCallback) {
-  if (version() == DTLS1_3_EXPERIMENTAL_VERSION) {
+  if (version() == DTLS1_3_VERSION) {
     // The DTLS 1.3 record header is vastly different than the TLS or DTLS < 1.3
     // header format. Instead of checking that the record header is formatted as
     // expected here, the runner implementation in dtls.go is strict about what
@@ -9749,14 +9748,10 @@ TEST(SSLTest, EarlyDataDisabledInDTLS13) {
   SSL_CTX_set_early_data_enabled(server_ctx.get(), true);
   SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_BOTH);
   SSL_CTX_set_session_cache_mode(server_ctx.get(), SSL_SESS_CACHE_BOTH);
-  ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(),
-                                            DTLS1_3_EXPERIMENTAL_VERSION));
-  ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(),
-                                            DTLS1_3_EXPERIMENTAL_VERSION));
-  ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(),
-                                            DTLS1_3_EXPERIMENTAL_VERSION));
-  ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(),
-                                            DTLS1_3_EXPERIMENTAL_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_min_proto_version(client_ctx.get(), DTLS1_3_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_max_proto_version(client_ctx.get(), DTLS1_3_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_min_proto_version(server_ctx.get(), DTLS1_3_VERSION));
+  ASSERT_TRUE(SSL_CTX_set_max_proto_version(server_ctx.get(), DTLS1_3_VERSION));
 
   bssl::UniquePtr<SSL_SESSION> session =
       CreateClientSession(client_ctx.get(), server_ctx.get());

diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
@@ -46,7 +46,7 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
       *out = TLS1_2_VERSION;
       return true;
 
-    case DTLS1_3_EXPERIMENTAL_VERSION:
+    case DTLS1_3_VERSION:
       *out = TLS1_3_VERSION;
       return true;
 
@@ -66,7 +66,7 @@ static const uint16_t kTLSVersions[] = {
 };
 
 static const uint16_t kDTLSVersions[] = {
-    DTLS1_3_EXPERIMENTAL_VERSION,
+    DTLS1_3_VERSION,
     DTLS1_2_VERSION,
     DTLS1_VERSION,
 };
@@ -104,7 +104,7 @@ static const VersionInfo kVersionNames[] = {
     {TLS1_VERSION, "TLSv1"},
     {DTLS1_VERSION, "DTLSv1"},
     {DTLS1_2_VERSION, "DTLSv1.2"},
-    {DTLS1_3_EXPERIMENTAL_VERSION, "DTLSv1.3"},
+    {DTLS1_3_VERSION, "DTLSv1.3"},
 };
 
 static const char *ssl_version_to_string(uint16_t version) {
@@ -156,6 +156,8 @@ static bool set_min_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
 static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
                             uint16_t version) {
   // Zero is interpreted as the default maximum version.
+  // TODO(crbug.com/42290594): Enable DTLS 1.3 by default, after it's
+  // successfully shipped in WebRTC.
   if (version == 0) {
     *out = method->is_dtls ? DTLS1_2_VERSION : TLS1_3_VERSION;
     return true;

diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
@@ -31,9 +31,9 @@ const (
 )
 
 const (
-	VersionDTLS10              = 0xfeff
-	VersionDTLS12              = 0xfefd
-	VersionDTLS125Experimental = 0xfc25
+	VersionDTLS10 = 0xfeff
+	VersionDTLS12 = 0xfefd
+	VersionDTLS13 = 0xfefc
 )
 
 var allTLSWireVersions = []uint16{
@@ -45,7 +45,7 @@ var allTLSWireVersions = []uint16{
 }
 
 var allDTLSWireVersions = []uint16{
-	VersionDTLS125Experimental,
+	VersionDTLS13,
 	VersionDTLS12,
 	VersionDTLS10,
 }
@@ -2126,7 +2126,7 @@ func (c *Config) echCipherSuitePreferences() []HPKECipherSuite {
 func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) {
 	if isDTLS {
 		switch vers {
-		case VersionDTLS125Experimental:
+		case VersionDTLS13:
 			return VersionTLS13, true
 		case VersionDTLS12:
 			return VersionTLS12, true

diff --git a/ssl/test/runner/handshake_client.go b/ssl/test/runner/handshake_client.go
@@ -848,7 +848,7 @@ func (hs *clientHandshakeState) createClientHello(innerHello *clientHelloMsg, ec
 		if session.vers < VersionTLS13 {
 			version = VersionTLS13
 			if c.isDTLS {
-				version = VersionDTLS125Experimental
+				version = VersionDTLS13
 			}
 		}
 		generatePSKBinders(version, c.isDTLS, hello, session, nil, nil, c.config)

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
@@ -1903,7 +1903,7 @@ var tlsVersions = []tlsVersion{
 		excludeFlag: "-no-tls13",
 		hasQUIC:     true,
 		hasDTLS:     true,
-		versionDTLS: VersionDTLS125Experimental,
+		versionDTLS: VersionDTLS13,
 		versionWire: VersionTLS13,
 	},
 }

diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
@@ -2316,8 +2316,9 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL(
       !SSL_set_min_proto_version(ssl.get(), min_version)) {
     return nullptr;
   }
+  // TODO(crbug.com/42290594): Remove this once DTLS 1.3 is enabled by default.
   if (is_dtls && max_version == 0 &&
-      !SSL_set_max_proto_version(ssl.get(), DTLS1_3_EXPERIMENTAL_VERSION)) {
+      !SSL_set_max_proto_version(ssl.get(), DTLS1_3_VERSION)) {
     return nullptr;
   }
   if (max_version != 0 &&