Remove draft22 and experiment2.
Change-Id: I2486dc810ea842c534015fc04917712daa26cfde
Update-Note: Now that tls13_experiment2 is gone, the server should remove the set_tls13_variant call. To avoid further churn, we'll make the server default for future variants to be what we'd like to deploy.
Reviewed-on: https://boringssl-review.googlesource.com/25104
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index a6a3a0a..3bd6786 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -63,15 +63,10 @@
SSL *const ssl = hs->ssl;
*out_need_retry = false;
- uint16_t key_share_ext = TLSEXT_TYPE_old_key_share;
- if (ssl_is_draft23(ssl->version)) {
- key_share_ext = TLSEXT_TYPE_new_key_share;
- }
-
// We only support connections that include an ECDHE key exchange.
CBS key_share;
if (!ssl_client_hello_get_extension(client_hello, &key_share,
- key_share_ext)) {
+ TLSEXT_TYPE_key_share)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
return 0;
@@ -187,9 +182,8 @@
SSL3_MT_NEW_SESSION_TICKET) ||
!CBB_add_u32(&body, session->timeout) ||
!CBB_add_u32(&body, session->ticket_age_add) ||
- (ssl_is_draft22(ssl->version) &&
- (!CBB_add_u8_length_prefixed(&body, &nonce_cbb) ||
- !CBB_add_bytes(&nonce_cbb, nonce, sizeof(nonce)))) ||
+ !CBB_add_u8_length_prefixed(&body, &nonce_cbb) ||
+ !CBB_add_bytes(&nonce_cbb, nonce, sizeof(nonce)) ||
!CBB_add_u16_length_prefixed(&body, &ticket) ||
!tls13_derive_session_psk(session.get(), nonce) ||
!ssl_encrypt_ticket(ssl, &ticket, session.get()) ||
@@ -199,9 +193,7 @@
if (ssl->cert->enable_early_data) {
CBB early_data_info;
- if (!CBB_add_u16(&extensions, ssl_is_draft22(ssl->version)
- ? TLSEXT_TYPE_early_data
- : TLSEXT_TYPE_ticket_early_data_info) ||
+ if (!CBB_add_u16(&extensions, TLSEXT_TYPE_early_data) ||
!CBB_add_u16_length_prefixed(&extensions, &early_data_info) ||
!CBB_add_u32(&early_data_info, session->ticket_max_early_data) ||
!CBB_flush(&extensions)) {
@@ -479,8 +471,7 @@
ssl->s3->early_data_accepted = false;
ssl->s3->skip_early_data = true;
ssl->method->next_message(ssl);
- if (ssl_is_draft22(ssl->version) &&
- !hs->transcript.UpdateForHelloRetryRequest()) {
+ if (!hs->transcript.UpdateForHelloRetryRequest()) {
return ssl_hs_error;
}
hs->tls13_state = state_send_hello_retry_request;
@@ -498,52 +489,30 @@
SSL *const ssl = hs->ssl;
- if (ssl_is_draft22(ssl->version)) {
- ScopedCBB cbb;
- CBB body, session_id, extensions;
- uint16_t group_id;
- if (!ssl->method->init_message(ssl, cbb.get(), &body,
- SSL3_MT_SERVER_HELLO) ||
- !CBB_add_u16(&body, TLS1_2_VERSION) ||
- !CBB_add_bytes(&body, kHelloRetryRequest, SSL3_RANDOM_SIZE) ||
- !CBB_add_u8_length_prefixed(&body, &session_id) ||
- !CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
- !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
- !CBB_add_u8(&body, 0 /* no compression */) ||
- !tls1_get_shared_group(hs, &group_id) ||
- !CBB_add_u16_length_prefixed(&body, &extensions) ||
- !CBB_add_u16(&extensions, TLSEXT_TYPE_supported_versions) ||
- !CBB_add_u16(&extensions, 2 /* length */) ||
- !CBB_add_u16(&extensions, ssl->version) ||
- !CBB_add_u16(&extensions, ssl_is_draft23(ssl->version)
- ? TLSEXT_TYPE_new_key_share
- : TLSEXT_TYPE_old_key_share) ||
- !CBB_add_u16(&extensions, 2 /* length */) ||
- !CBB_add_u16(&extensions, group_id) ||
- !ssl_add_message_cbb(ssl, cbb.get())) {
- return ssl_hs_error;
- }
+ ScopedCBB cbb;
+ CBB body, session_id, extensions;
+ uint16_t group_id;
+ if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_SERVER_HELLO) ||
+ !CBB_add_u16(&body, TLS1_2_VERSION) ||
+ !CBB_add_bytes(&body, kHelloRetryRequest, SSL3_RANDOM_SIZE) ||
+ !CBB_add_u8_length_prefixed(&body, &session_id) ||
+ !CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
+ !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher)) ||
+ !CBB_add_u8(&body, 0 /* no compression */) ||
+ !tls1_get_shared_group(hs, &group_id) ||
+ !CBB_add_u16_length_prefixed(&body, &extensions) ||
+ !CBB_add_u16(&extensions, TLSEXT_TYPE_supported_versions) ||
+ !CBB_add_u16(&extensions, 2 /* length */) ||
+ !CBB_add_u16(&extensions, ssl->version) ||
+ !CBB_add_u16(&extensions, TLSEXT_TYPE_key_share) ||
+ !CBB_add_u16(&extensions, 2 /* length */) ||
+ !CBB_add_u16(&extensions, group_id) ||
+ !ssl_add_message_cbb(ssl, cbb.get())) {
+ return ssl_hs_error;
+ }
- if (!ssl->method->add_change_cipher_spec(ssl)) {
- return ssl_hs_error;
- }
- } else {
- ScopedCBB cbb;
- CBB body, extensions;
- uint16_t group_id;
- if (!ssl->method->init_message(ssl, cbb.get(), &body,
- SSL3_MT_HELLO_RETRY_REQUEST) ||
- !CBB_add_u16(&body, ssl->version) ||
- (ssl_is_draft22(ssl->version) &&
- !CBB_add_u16(&body, ssl_cipher_get_value(hs->new_cipher))) ||
- !tls1_get_shared_group(hs, &group_id) ||
- !CBB_add_u16_length_prefixed(&body, &extensions) ||
- !CBB_add_u16(&extensions, TLSEXT_TYPE_old_key_share) ||
- !CBB_add_u16(&extensions, 2 /* length */) ||
- !CBB_add_u16(&extensions, group_id) ||
- !ssl_add_message_cbb(ssl, cbb.get())) {
- return ssl_hs_error;
- }
+ if (!ssl->method->add_change_cipher_spec(ssl)) {
+ return ssl_hs_error;
}
hs->sent_hello_retry_request = true;
@@ -608,7 +577,7 @@
return ssl_hs_error;
}
- if ((!ssl_is_draft22(ssl->version) || !hs->sent_hello_retry_request) &&
+ if (!hs->sent_hello_retry_request &&
!ssl->method->add_change_cipher_spec(ssl)) {
return ssl_hs_error;
}
@@ -640,48 +609,34 @@
// Send a CertificateRequest, if necessary.
if (hs->cert_request) {
- if (ssl_is_draft22(ssl->version)) {
- CBB cert_request_extensions, sigalg_contents, sigalgs_cbb;
- if (!ssl->method->init_message(ssl, cbb.get(), &body,
- SSL3_MT_CERTIFICATE_REQUEST) ||
- !CBB_add_u8(&body, 0 /* no certificate_request_context. */) ||
- !CBB_add_u16_length_prefixed(&body, &cert_request_extensions) ||
- !CBB_add_u16(&cert_request_extensions,
- TLSEXT_TYPE_signature_algorithms) ||
+ CBB cert_request_extensions, sigalg_contents, sigalgs_cbb;
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
+ SSL3_MT_CERTIFICATE_REQUEST) ||
+ !CBB_add_u8(&body, 0 /* no certificate_request_context. */) ||
+ !CBB_add_u16_length_prefixed(&body, &cert_request_extensions) ||
+ !CBB_add_u16(&cert_request_extensions,
+ TLSEXT_TYPE_signature_algorithms) ||
+ !CBB_add_u16_length_prefixed(&cert_request_extensions,
+ &sigalg_contents) ||
+ !CBB_add_u16_length_prefixed(&sigalg_contents, &sigalgs_cbb) ||
+ !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb)) {
+ return ssl_hs_error;
+ }
+
+ if (ssl_has_client_CAs(ssl)) {
+ CBB ca_contents;
+ if (!CBB_add_u16(&cert_request_extensions,
+ TLSEXT_TYPE_certificate_authorities) ||
!CBB_add_u16_length_prefixed(&cert_request_extensions,
- &sigalg_contents) ||
- !CBB_add_u16_length_prefixed(&sigalg_contents, &sigalgs_cbb) ||
- !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb)) {
+ &ca_contents) ||
+ !ssl_add_client_CA_list(ssl, &ca_contents) ||
+ !CBB_flush(&cert_request_extensions)) {
return ssl_hs_error;
}
+ }
- if (ssl_has_client_CAs(ssl)) {
- CBB ca_contents;
- if (!CBB_add_u16(&cert_request_extensions,
- TLSEXT_TYPE_certificate_authorities) ||
- !CBB_add_u16_length_prefixed(&cert_request_extensions,
- &ca_contents) ||
- !ssl_add_client_CA_list(ssl, &ca_contents) ||
- !CBB_flush(&cert_request_extensions)) {
- return ssl_hs_error;
- }
- }
-
- if (!ssl_add_message_cbb(ssl, cbb.get())) {
- return ssl_hs_error;
- }
- } else {
- CBB sigalgs_cbb;
- if (!ssl->method->init_message(ssl, cbb.get(), &body,
- SSL3_MT_CERTIFICATE_REQUEST) ||
- !CBB_add_u8(&body, 0 /* no certificate_request_context. */) ||
- !CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) ||
- !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb) ||
- !ssl_add_client_CA_list(ssl, &body) ||
- !CBB_add_u16(&body, 0 /* empty certificate_extensions. */) ||
- !ssl_add_message_cbb(ssl, cbb.get())) {
- return ssl_hs_error;
- }
+ if (!ssl_add_message_cbb(ssl, cbb.get())) {
+ return ssl_hs_error;
}
}
@@ -738,13 +693,11 @@
// the wire sooner and also avoids triggering a write on |SSL_read| when
// processing the client Finished. This requires computing the client
// Finished early. See draft-ietf-tls-tls13-18, section 4.5.1.
- if (ssl_is_draft22(ssl->version)) {
- static const uint8_t kEndOfEarlyData[4] = {SSL3_MT_END_OF_EARLY_DATA, 0,
- 0, 0};
- if (!hs->transcript.Update(kEndOfEarlyData)) {
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
- return ssl_hs_error;
- }
+ static const uint8_t kEndOfEarlyData[4] = {SSL3_MT_END_OF_EARLY_DATA, 0,
+ 0, 0};
+ if (!hs->transcript.Update(kEndOfEarlyData)) {
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
+ return ssl_hs_error;
}
size_t finished_len;
@@ -801,22 +754,20 @@
// If early data was not accepted, the EndOfEarlyData and ChangeCipherSpec
// message will be in the discarded early data.
if (hs->ssl->s3->early_data_accepted) {
- if (ssl_is_draft22(ssl->version)) {
- SSLMessage msg;
- if (!ssl->method->get_message(ssl, &msg)) {
- return ssl_hs_read_message;
- }
-
- if (!ssl_check_message_type(ssl, msg, SSL3_MT_END_OF_EARLY_DATA)) {
- return ssl_hs_error;
- }
- if (CBS_len(&msg.body) != 0) {
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
- return ssl_hs_error;
- }
- ssl->method->next_message(ssl);
+ SSLMessage msg;
+ if (!ssl->method->get_message(ssl, &msg)) {
+ return ssl_hs_read_message;
}
+
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_END_OF_EARLY_DATA)) {
+ return ssl_hs_error;
+ }
+ if (CBS_len(&msg.body) != 0) {
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+ return ssl_hs_error;
+ }
+ ssl->method->next_message(ssl);
}
}
if (!tls13_set_traffic_key(ssl, evp_aead_open, hs->client_handshake_secret,
