kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Remove the last remnants of key_exchange_info. 

DHE ciphers are gone, so we no longer need to clear drop the "group_id"
field there. That leaves static RSA, but:

- We mass-invalidated every serialized client session in
  364f7a6d21f73d099f4f80800973174a8f71e90f, long after we stopped
  filling in key_exchange_info on the client.

- Server sessions were not mass-invalidated, but static RSA
  key_exchange_info never worked on the server.

This means it is safe to remove this logic.

Change-Id: Id43b233cca066a81686be7c056c530ba8e89f761
Reviewed-on: https://boringssl-review.googlesource.com/15005
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
kris/onging/CECPQ3_patch15
David Benjamin 7 years ago
committed by CQ bot account: commit-bot@chromium.org
parent
a33e0fc932
commit
11fa70396b
1 changed files with 1 additions and 17 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -17
      ssl/ssl_asn1.c

+ 1
- 17
ssl/ssl_asn1.c View File

@@ -121,9 +121,6 @@
* -- stapled OCSP response from the server
* extendedMasterSecret [17] BOOLEAN OPTIONAL,
* groupID [18] INTEGER OPTIONAL,
* -- For historical reasons, for static RSA
-- ciphers, this field contains another
-- value to be discarded.
* certChain [19] SEQUENCE OF Certificate OPTIONAL,
* ticketAgeAdd [21] OCTET STRING OPTIONAL,
* isServer [22] BOOLEAN DEFAULT TRUE,
@@ -692,24 +689,11 @@ SSL_SESSION *SSL_SESSION_parse(CBS *cbs, const SSL_X509_METHOD *x509_method,
}
ret->extended_master_secret = !!extended_master_secret;

uint32_t value;
if (!SSL_SESSION_parse_u32(&session, &value, kGroupIDTag, 0)) {
if (!SSL_SESSION_parse_u16(&session, &ret->group_id, kGroupIDTag, 0)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
goto err;
}

/* Historically, the group_id field was used for key-exchange-specific
* information. Discard all but the group ID. */
if (ret->cipher->algorithm_mkey & SSL_kRSA) {
value = 0;
}

if (value > 0xffff) {
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
goto err;
}
ret->group_id = (uint16_t)value;

CBS cert_chain;
CBS_init(&cert_chain, NULL, 0);
int has_cert_chain;


Write Preview
Loading…
Cancel
Save