external/boringssl: Sync to 915c121bb5d424e09bf05c3aabf172a44e958e28.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/ea52ec98a56a40879b37493f3d1da1a1679e1fba..915c121bb5d424e09bf05c3aabf172a44e958e28
Test: BoringSSL CTS Presubmits
Change-Id: I3f5eba69372b484e19f4ca250c81f208aa5d3dc5
diff --git a/src/ssl/handshake_server.cc b/src/ssl/handshake_server.cc
index bb565e9..bcbd7e2 100644
--- a/src/ssl/handshake_server.cc
+++ b/src/ssl/handshake_server.cc
@@ -707,8 +707,16 @@
return ssl_hs_error;
}
- // TODO(davidben): Implement the TLS 1.1 and 1.2 downgrade sentinels once TLS
- // 1.3 is finalized and we are not implementing a draft version.
+ // Implement the TLS 1.3 anti-downgrade feature, but with a different value.
+ //
+ // For draft TLS 1.3 versions, it is not safe to deploy this feature. However,
+ // some TLS terminators are non-compliant and copy the origin server's value,
+ // so we wish to measure eventual compatibility impact.
+ if (hs->max_version >= TLS1_3_VERSION) {
+ OPENSSL_memcpy(ssl->s3->server_random + SSL3_RANDOM_SIZE -
+ sizeof(kDraftDowngradeRandom),
+ kDraftDowngradeRandom, sizeof(kDraftDowngradeRandom));
+ }
const SSL_SESSION *session = hs->new_session.get();
if (ssl->session != NULL) {