commit 64cc121f419e137db6620a6955dd197edcc292e8
author Steven Valdez <svaldez@google.com> Mon Dec 04 11:15:37 2017 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Mon Dec 18 21:20:32 2017 +0000
tree 0f9026696e9244ff630c2ca0b6171e1d29241935
parent ea52ec98a56a40879b37493f3d1da1a1679e1fba

Remove deprecated TLS 1.3 variants.

Upgrade-Note: SSL_CTX_set_tls13_variant(tls13_experiment) on the server
should switch to SSL_CTX_set_tls13_variant(tls13_experiment2).
(Configuring any TLS 1.3 variants on the server enables all variants,
so this is a no-op. We're just retiring some old experiments.)
Change-Id: I60f0ca3f96ff84bdf59e1a282a46e51d99047462
Reviewed-on: https://boringssl-review.googlesource.com/23784
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

ssl/tls13_client.cc

diff --git a/ssl/tls13_client.cc b/ssl/tls13_client.cc
index f471a4e..c230afa 100644
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -104,7 +104,7 @@
     CBS body = msg.body;
     uint16_t server_version;
     if (!CBS_get_u16(&body, &server_version) ||
-        (ssl_is_draft21(ssl->version) &&
+        (ssl_is_draft22(ssl->version) &&
          !CBS_get_u16(&body, &cipher_suite)) ||
         !CBS_get_u16_length_prefixed(&body, &extensions) ||
         CBS_len(&body) != 0) {
@@ -114,7 +114,7 @@
     }
   }
 
-  if (ssl_is_draft21(ssl->version)) {
+  if (ssl_is_draft22(ssl->version)) {
     const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
     // Check if the cipher is a TLS 1.3 cipher.
     if (cipher == NULL ||
@@ -253,12 +253,11 @@
   uint8_t compression_method;
   if (!CBS_get_u16(&body, &server_version) ||
       !CBS_get_bytes(&body, &server_random, SSL3_RANDOM_SIZE) ||
-      (ssl_is_resumption_experiment(ssl->version) &&
-       (!CBS_get_u8_length_prefixed(&body, &session_id) ||
-        !CBS_mem_equal(&session_id, hs->session_id, hs->session_id_len))) ||
+      !CBS_get_u8_length_prefixed(&body, &session_id) ||
+      !CBS_mem_equal(&session_id, hs->session_id, hs->session_id_len) ||
       !CBS_get_u16(&body, &cipher_suite) ||
-      (ssl_is_resumption_experiment(ssl->version) &&
-       (!CBS_get_u8(&body, &compression_method) || compression_method != 0)) ||
+      !CBS_get_u8(&body, &compression_method) ||
+      compression_method != 0 ||
       !CBS_get_u16_length_prefixed(&body, &extensions) ||
       CBS_len(&body) != 0) {
     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
@@ -266,10 +265,7 @@
     return ssl_hs_error;
   }
 
-  uint16_t expected_version = ssl_is_resumption_experiment(ssl->version)
-                                  ? TLS1_2_VERSION
-                                  : ssl->version;
-  if (server_version != expected_version) {
+  if (server_version != TLS1_2_VERSION) {
     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
     OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_VERSION_NUMBER);
     return ssl_hs_error;
@@ -297,7 +293,7 @@
   }
 
   // Check that the cipher matches the one in the HelloRetryRequest.
-  if (ssl_is_draft21(ssl->version) &&
+  if (ssl_is_draft22(ssl->version) &&
       hs->received_hello_retry_request &&
       hs->new_cipher != cipher) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CIPHER_RETURNED);
@@ -324,14 +320,6 @@
     return ssl_hs_error;
   }
 
-  // supported_versions is parsed in handshake_client to select the experimental
-  // TLS 1.3 version.
-  if (have_supported_versions && !ssl_is_resumption_experiment(ssl->version)) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
-    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
-    return ssl_hs_error;
-  }
-
   alert = SSL_AD_DECODE_ERROR;
   if (have_pre_shared_key) {
     if (ssl->session == NULL) {
@@ -426,8 +414,7 @@
   if (!hs->early_data_offered) {
     // Earlier versions of the resumption experiment added ChangeCipherSpec just
     // before the Finished flight.
-    if (ssl_is_resumption_client_ccs_experiment(ssl->version) &&
-        !ssl_is_draft22(ssl->version) &&
+    if (!ssl_is_draft22(ssl->version) &&
         !ssl->method->add_change_cipher_spec(ssl)) {
       return ssl_hs_error;
     }
@@ -523,7 +510,7 @@
   }
 
 
-  if (ssl_is_draft21(ssl->version)) {
+  if (ssl_is_draft22(ssl->version)) {
     bool have_sigalgs = false, have_ca = false;
     CBS sigalgs, ca;
     const SSL_EXTENSION_TYPE ext_types[] = {
@@ -678,7 +665,7 @@
 
   if (ssl->early_data_accepted) {
     hs->can_early_write = false;
-    if (ssl_is_draft21(ssl->version)) {
+    if (ssl_is_draft22(ssl->version)) {
       ScopedCBB cbb;
       CBB body;
       if (!ssl->method->init_message(ssl, cbb.get(), &body,
@@ -917,7 +904,7 @@
   CBS body = msg.body, ticket_nonce, ticket, extensions;
   if (!CBS_get_u32(&body, &server_timeout) ||
       !CBS_get_u32(&body, &session->ticket_age_add) ||
-      (ssl_is_draft21(ssl->version) &&
+      (ssl_is_draft22(ssl->version) &&
        !CBS_get_u8_length_prefixed(&body, &ticket_nonce)) ||
       !CBS_get_u16_length_prefixed(&body, &ticket) ||
       !CBS_stow(&ticket, &session->tlsext_tick, &session->tlsext_ticklen) ||
@@ -941,7 +928,7 @@
   // Parse out the extensions.
   bool have_early_data_info = false;
   CBS early_data_info;
-  uint16_t ext_id = ssl_is_draft21(ssl->version)
+  uint16_t ext_id = ssl_is_draft22(ssl->version)
                         ? TLSEXT_TYPE_early_data
                         : TLSEXT_TYPE_ticket_early_data_info;
   const SSL_EXTENSION_TYPE ext_types[] = {