external/boringssl: Sync to 9f0e7cb314ae64234b928fd379381ae9760a9a5f.
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/f11ea19043f2b3ee42e4a76d0645914347e1a36e..9f0e7cb314ae64234b928fd379381ae9760a9a5f
Test: BoringSSL CTS Presubmits.
Change-Id: I9296845fe9db4baae2afc03328c5bc17f76a752f
diff --git a/src/ssl/handoff.cc b/src/ssl/handoff.cc
index dd73c83..2cbbaeb 100644
--- a/src/ssl/handoff.cc
+++ b/src/ssl/handoff.cc
@@ -133,10 +133,6 @@
s3->session_reused ? ssl->session : s3->hs->new_session.get();
if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1_uint64(&seq, kHandbackVersion) ||
- !CBB_add_asn1_uint64(&seq, ssl->version) ||
- !CBB_add_asn1_uint64(&seq, ssl->conf_max_version) ||
- !CBB_add_asn1_uint64(&seq, ssl->conf_min_version) ||
- !CBB_add_asn1_uint64(&seq, ssl->max_send_fragment) ||
!CBB_add_asn1_octet_string(&seq, s3->read_sequence,
sizeof(s3->read_sequence)) ||
!CBB_add_asn1_octet_string(&seq, s3->write_sequence,
@@ -148,7 +144,6 @@
!CBB_add_asn1_octet_string(&seq, read_iv, iv_len) ||
!CBB_add_asn1_octet_string(&seq, write_iv, iv_len) ||
!CBB_add_asn1_bool(&seq, s3->session_reused) ||
- !CBB_add_asn1_bool(&seq, s3->send_connection_binding) ||
!CBB_add_asn1_bool(&seq, s3->tlsext_channel_id_valid) ||
!ssl_session_serialize(session, &seq) ||
!CBB_add_asn1_octet_string(&seq, s3->next_proto_negotiated.data(),
@@ -160,14 +155,8 @@
hostname_len) ||
!CBB_add_asn1_octet_string(&seq, s3->tlsext_channel_id,
sizeof(s3->tlsext_channel_id)) ||
- !CBB_add_asn1_uint64(&seq, ssl->options) ||
- !CBB_add_asn1_uint64(&seq, ssl->mode) ||
- !CBB_add_asn1_uint64(&seq, ssl->max_cert_list) ||
- !CBB_add_asn1_bool(&seq, ssl->quiet_shutdown) ||
- !CBB_add_asn1_bool(&seq, ssl->tlsext_channel_id_enabled) ||
- !CBB_add_asn1_bool(&seq, ssl->retain_only_sha256_of_client_certs) ||
- !CBB_add_asn1_bool(&seq, ssl->token_binding_negotiated) ||
- !CBB_add_asn1_uint64(&seq, ssl->negotiated_token_binding_param) ||
+ !CBB_add_asn1_bool(&seq, ssl->s3->token_binding_negotiated) ||
+ !CBB_add_asn1_uint64(&seq, ssl->s3->negotiated_token_binding_param) ||
!CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||
!CBB_add_asn1_bool(&seq, s3->hs->cert_request) ||
!CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) ||
@@ -191,16 +180,12 @@
}
SSL3_STATE *const s3 = ssl->s3;
- uint64_t handback_version, version, conf_max_version, conf_min_version,
- max_send_fragment, options, mode, max_cert_list,
- negotiated_token_binding_param, cipher;
+ uint64_t handback_version, negotiated_token_binding_param, cipher;
CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,
next_proto, alpn, hostname, channel_id, transcript, key_share;
- int session_reused, send_connection_binding, channel_id_valid, quiet_shutdown,
- channel_id_enabled, retain_only_sha256, cert_request,
- extended_master_secret, ticket_expected, token_binding_negotiated,
- next_proto_neg_seen;
+ int session_reused, channel_id_valid, cert_request, extended_master_secret,
+ ticket_expected, token_binding_negotiated, next_proto_neg_seen;
SSL_SESSION *session = nullptr;
CBS handback_cbs(handback);
@@ -210,11 +195,7 @@
return false;
}
- if (!CBS_get_asn1_uint64(&seq, &version) ||
- !CBS_get_asn1_uint64(&seq, &conf_max_version) ||
- !CBS_get_asn1_uint64(&seq, &conf_min_version) ||
- !CBS_get_asn1_uint64(&seq, &max_send_fragment) ||
- !CBS_get_asn1(&seq, &read_seq, CBS_ASN1_OCTETSTRING) ||
+ if (!CBS_get_asn1(&seq, &read_seq, CBS_ASN1_OCTETSTRING) ||
CBS_len(&read_seq) != sizeof(s3->read_sequence) ||
!CBS_get_asn1(&seq, &write_seq, CBS_ASN1_OCTETSTRING) ||
CBS_len(&write_seq) != sizeof(s3->write_sequence) ||
@@ -229,7 +210,6 @@
!CBS_get_asn1(&seq, &read_iv, CBS_ASN1_OCTETSTRING) ||
!CBS_get_asn1(&seq, &write_iv, CBS_ASN1_OCTETSTRING) ||
!CBS_get_asn1_bool(&seq, &session_reused) ||
- !CBS_get_asn1_bool(&seq, &send_connection_binding) ||
!CBS_get_asn1_bool(&seq, &channel_id_valid)) {
return false;
}
@@ -253,12 +233,6 @@
CBS_len(&channel_id) != sizeof(s3->tlsext_channel_id) ||
!CBS_copy_bytes(&channel_id, s3->tlsext_channel_id,
sizeof(s3->tlsext_channel_id)) ||
- !CBS_get_asn1_uint64(&seq, &options) ||
- !CBS_get_asn1_uint64(&seq, &mode) ||
- !CBS_get_asn1_uint64(&seq, &max_cert_list) ||
- !CBS_get_asn1_bool(&seq, &quiet_shutdown) ||
- !CBS_get_asn1_bool(&seq, &channel_id_enabled) ||
- !CBS_get_asn1_bool(&seq, &retain_only_sha256) ||
!CBS_get_asn1_bool(&seq, &token_binding_negotiated) ||
!CBS_get_asn1_uint64(&seq, &negotiated_token_binding_param) ||
!CBS_get_asn1_bool(&seq, &next_proto_neg_seen) ||
@@ -277,21 +251,14 @@
return false;
}
- ssl->version = version;
- ssl->conf_max_version = conf_max_version;
- ssl->conf_min_version = conf_min_version;
- ssl->max_send_fragment = max_send_fragment;
+ ssl->version = session->ssl_version;
ssl->do_handshake = ssl_server_handshake;
ssl->server = true;
- ssl->options = options;
- ssl->mode = mode;
- ssl->max_cert_list = max_cert_list;
s3->have_version = true;
s3->hs->state = CBS_len(&transcript) == 0 ? state12_finish_server_handshake
: state12_read_client_certificate;
s3->session_reused = session_reused;
- s3->send_connection_binding = send_connection_binding;
s3->tlsext_channel_id_valid = channel_id_valid;
s3->next_proto_negotiated.CopyFrom(next_proto);
s3->alpn_selected.CopyFrom(alpn);
@@ -307,11 +274,8 @@
s3->hostname.reset(hostname_str);
}
- ssl->quiet_shutdown = quiet_shutdown;
- ssl->tlsext_channel_id_enabled = channel_id_enabled;
- ssl->retain_only_sha256_of_client_certs = retain_only_sha256;
- ssl->token_binding_negotiated = token_binding_negotiated;
- ssl->negotiated_token_binding_param =
+ s3->token_binding_negotiated = token_binding_negotiated;
+ s3->negotiated_token_binding_param =
static_cast<uint8_t>(negotiated_token_binding_param);
s3->hs->next_proto_neg_seen = next_proto_neg_seen;
s3->hs->wait = ssl_hs_flush;