commit 7e5dd25d47face6deb452823ae4f40c4c7ca375a
author Steven Valdez <svaldez@google.com> Mon Jan 22 15:20:31 2018 -0500
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Jan 31 18:07:53 2018 +0000
tree 0d4c4b607bf7a7b3647ed248fc8635b90dbb3683
parent 3c034b2cf386b3131f75520705491871a2e0cafe

Remove draft22 and experiment2.

Change-Id: I2486dc810ea842c534015fc04917712daa26cfde
Update-Note: Now that tls13_experiment2 is gone, the server should remove the set_tls13_variant call. To avoid further churn, we'll make the server default for future variants to be what we'd like to deploy.
Reviewed-on: https://boringssl-review.googlesource.com/25104
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

ssl/t1_lib.cc

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index d972949..02ed22b 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -551,10 +551,6 @@
   return true;
 }
 
-static bool dont_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
-  return true;
-}
-
 static bool ignore_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
                                     CBS *contents) {
   // This extension from the client is handled elsewhere.
@@ -1821,7 +1817,6 @@
   // selected cipher in HelloRetryRequest does not match. This avoids performing
   // the transcript hash transformation for multiple hashes.
   if (hs->received_hello_retry_request &&
-      ssl_is_draft22(ssl->version) &&
       ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
     return true;
   }
@@ -2091,9 +2086,7 @@
   }
 
   CBB contents, kse_bytes;
-  if (!CBB_add_u16(out, ssl_is_draft23_variant(ssl->tls13_variant)
-                            ? TLSEXT_TYPE_new_key_share
-                            : TLSEXT_TYPE_old_key_share) ||
+  if (!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
       !CBB_add_u16_length_prefixed(out, &contents) ||
       !CBB_add_u16_length_prefixed(&contents, &kse_bytes)) {
     return false;
@@ -2250,9 +2243,7 @@
   uint16_t group_id;
   CBB kse_bytes, public_key;
   if (!tls1_get_shared_group(hs, &group_id) ||
-      !CBB_add_u16(out, ssl_is_draft23(hs->ssl->version)
-                            ? TLSEXT_TYPE_new_key_share
-                            : TLSEXT_TYPE_old_key_share) ||
+      !CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
       !CBB_add_u16_length_prefixed(out, &kse_bytes) ||
       !CBB_add_u16(&kse_bytes, group_id) ||
       !CBB_add_u16_length_prefixed(&kse_bytes, &public_key) ||
@@ -2760,16 +2751,7 @@
     ext_ec_point_add_serverhello,
   },
   {
-    TLSEXT_TYPE_old_key_share,
-    // This is added by TLSEXT_TYPE_new_key_share's callback.
-    NULL,
-    dont_add_clienthello,
-    forbid_parse_serverhello,
-    ignore_parse_clienthello,
-    dont_add_serverhello,
-  },
-  {
-    TLSEXT_TYPE_new_key_share,
+    TLSEXT_TYPE_key_share,
     NULL,
     ext_key_share_add_clienthello,
     forbid_parse_serverhello,