Google Git
Sign in
boringssl/boringssl.git/c06c4d5ea6dc3118c2851e0010aa441161e2a983^!/.
commit
c06c4d5ea6dc3118c2851e0010aa441161e2a983
[log]
author
David Benjamin <davidben@google.com>
Tue Feb 13 23:02:14 2024 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Feb 22 22:03:36 2024 +0000
tree
be898639309b327e6ae192022f750f11d41b995f
parent
4fe29ebc759e482891e96fc4170eb3db26c0bc13 [diff]
Remove redundant piece of DC state

Now that delegated credentials comes with its own sigalg list (hooray
for wasted ClientHello bytes), we don't need a
delegated_credential_requested. It's already implicit in whether we
parsed any sigalgs.

Change-Id: I5169e4b24a41dd4973fc581087c881d34b5075fa
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66373
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

diff --git a/ssl/extensions.cc b/ssl/extensions.cc
index 73adf74..029533f 100644
--- a/ssl/extensions.cc
+++ b/ssl/extensions.cc

@@ -2779,7 +2779,6 @@
     return false;
   }
 
-  hs->delegated_credential_requested = true;
   return true;
 }
 

diff --git a/ssl/handshake.cc b/ssl/handshake.cc
index 8d5a238..ceb8eac 100644
--- a/ssl/handshake.cc
+++ b/ssl/handshake.cc

@@ -134,7 +134,6 @@
       cert_request(false),
       certificate_status_expected(false),
       ocsp_stapling_requested(false),
-      delegated_credential_requested(false),
       should_ack_sni(false),
       in_false_start(false),
       in_early_data(false),

diff --git a/ssl/internal.h b/ssl/internal.h
index 35233af..1b30690 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h

@@ -1925,7 +1925,8 @@
   Array<uint16_t> peer_supported_group_list;
 
   // peer_delegated_credential_sigalgs are the signature algorithms the peer
-  // supports with delegated credentials.
+  // supports with delegated credentials, or empty if the peer does not support
+  // delegated credentials.
   Array<uint16_t> peer_delegated_credential_sigalgs;
 
   // peer_key is the peer's ECDH key for a TLS 1.2 client.
@@ -2035,10 +2036,6 @@
   // ocsp_stapling_requested is true if a client requested OCSP stapling.
   bool ocsp_stapling_requested : 1;
 
-  // delegated_credential_requested is true if the peer indicated support for
-  // the delegated credential extension.
-  bool delegated_credential_requested : 1;
-
   // should_ack_sni is used by a server and indicates that the SNI extension
   // should be echoed in the ServerHello.
   bool should_ack_sni : 1;

diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
index 80426d8..d635fb3 100644
--- a/ssl/ssl_cert.cc
+++ b/ssl/ssl_cert.cc

@@ -810,9 +810,7 @@
 
 bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) {
   // We only support delegated credentials as a server.
-  return hs->ssl->server &&
-         hs->delegated_credential_requested &&
-         ssl_can_serve_dc(hs);
+  return hs->ssl->server && ssl_can_serve_dc(hs);
 }
 
 static int cert_set_dc(CERT *cert, CRYPTO_BUFFER *const raw, EVP_PKEY *privkey,