Remove the last remnants of key_exchange_info.
DHE ciphers are gone, so we no longer need to clear drop the "group_id"
field there. That leaves static RSA, but:
- We mass-invalidated every serialized client session in
364f7a6d21f73d099f4f80800973174a8f71e90f, long after we stopped
filling in key_exchange_info on the client.
- Server sessions were not mass-invalidated, but static RSA
key_exchange_info never worked on the server.
This means it is safe to remove this logic.
Change-Id: Id43b233cca066a81686be7c056c530ba8e89f761
Reviewed-on: https://boringssl-review.googlesource.com/15005
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 114eb8d..f368ff2 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -121,9 +121,6 @@
* -- stapled OCSP response from the server
* extendedMasterSecret [17] BOOLEAN OPTIONAL,
* groupID [18] INTEGER OPTIONAL,
- * -- For historical reasons, for static RSA
- -- ciphers, this field contains another
- -- value to be discarded.
* certChain [19] SEQUENCE OF Certificate OPTIONAL,
* ticketAgeAdd [21] OCTET STRING OPTIONAL,
* isServer [22] BOOLEAN DEFAULT TRUE,
@@ -692,24 +689,11 @@
}
ret->extended_master_secret = !!extended_master_secret;
- uint32_t value;
- if (!SSL_SESSION_parse_u32(&session, &value, kGroupIDTag, 0)) {
+ if (!SSL_SESSION_parse_u16(&session, &ret->group_id, kGroupIDTag, 0)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
goto err;
}
- /* Historically, the group_id field was used for key-exchange-specific
- * information. Discard all but the group ID. */
- if (ret->cipher->algorithm_mkey & SSL_kRSA) {
- value = 0;
- }
-
- if (value > 0xffff) {
- OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
- goto err;
- }
- ret->group_id = (uint16_t)value;
-
CBS cert_chain;
CBS_init(&cert_chain, NULL, 0);
int has_cert_chain;