Delete the variants/draft code.

Change-Id: I84abfedc30e4c34e42285f3c366c2f504a3b9cf2 Reviewed-on: https://boringssl-review.googlesource.com/c/34144 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com>
6 år sedan · b84674b2d2
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -619,9 +619,6 @@ OPENSSL_EXPORT int DTLSv1_handle_timeout(SSL *ssl);
 #define DTLS1_VERSION 0xfeff
 #define DTLS1_2_VERSION 0xfefd

 #define TLS1_3_DRAFT23_VERSION 0x7f17
 #define TLS1_3_DRAFT28_VERSION 0x7f1c

 // SSL_CTX_set_min_proto_version sets the minimum protocol version for |ctx| to
 // |version|. If |version| is zero, the default minimum version is used. It
 // returns one on success and zero if |version| is invalid.
@@ -3518,28 +3515,6 @@ OPENSSL_EXPORT int SSL_renegotiate_pending(SSL *ssl);
 // performed by |ssl|. This includes the pending renegotiation, if any.
 OPENSSL_EXPORT int SSL_total_renegotiations(const SSL *ssl);

 // tls13_variant_t determines what TLS 1.3 variant to negotiate.
 enum tls13_variant_t {
  tls13_rfc = 0,
  tls13_draft23,
  tls13_draft28,
  // tls13_all enables all variants of TLS 1.3, to keep the transition smooth as
  // early adopters move to the final version.
  tls13_all,
 };

 // SSL_CTX_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
 // server, if |variant| is not |tls13_default|, all variants are enabled. On the
 // client, only the configured variant is enabled.
 OPENSSL_EXPORT void SSL_CTX_set_tls13_variant(SSL_CTX *ctx,
                                              enum tls13_variant_t variant);

 // SSL_set_tls13_variant sets which variant of TLS 1.3 we negotiate. On the
 // server, if |variant| is not |tls13_default|, all variants are enabled. On the
 // client, only the configured variant is enabled.
 OPENSSL_EXPORT void SSL_set_tls13_variant(SSL *ssl,
                                          enum tls13_variant_t variant);

 // SSL_MAX_CERT_LIST_DEFAULT is the default maximum length, in bytes, of a peer
 // certificate chain.
 #define SSL_MAX_CERT_LIST_DEFAULT (1024 * 100)
--- a/ssl/handshake_client.cc
+++ b/ssl/handshake_client.cc
@@ -416,8 +416,6 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
    return ssl_hs_error;
  }

  // Initialize a random session ID for the experimental TLS 1.3 variant
  // requiring a session id.
  if (ssl->session != nullptr &&
      !ssl->s3->initial_handshake_complete &&
      ssl->session->session_id_length > 0) {
@@ -425,6 +423,7 @@ static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
    OPENSSL_memcpy(hs->session_id, ssl->session->session_id,
                   hs->session_id_len);
  } else if (hs->max_version >= TLS1_3_VERSION) {
    // Initialize a random session ID.
    hs->session_id_len = sizeof(hs->session_id);
    if (!RAND_bytes(hs->session_id, hs->session_id_len)) {
      return ssl_hs_error;
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -359,8 +359,7 @@ OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out);

 // Protocol versions.
 //
 // Due to DTLS's historical wire version differences and to support multiple
 // variants of the same protocol during development, we maintain two notions of
 // Due to DTLS's historical wire version differences, we maintain two notions of
 // version.
 //
 // The "version" or "wire version" is the actual 16-bit value that appears on
@@ -369,9 +368,8 @@ OPENSSL_EXPORT bool CBBFinishArray(CBB *cbb, Array<uint8_t> *out);
 // versions are opaque values and may not be compared numerically.
 //
 // The "protocol version" identifies the high-level handshake variant being
 // used. DTLS versions map to the corresponding TLS versions. Draft TLS 1.3
 // variants all map to TLS 1.3. Protocol versions are sequential and may be
 // compared numerically.
 // used. DTLS versions map to the corresponding TLS versions. Protocol versions
 // are sequential and may be compared numerically.

 // ssl_protocol_version_from_wire sets |*out| to the protocol version
 // corresponding to wire version |version| and returns true. If |version| is not
@@ -408,10 +406,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
 // call this function before the version is determined.
 uint16_t ssl_protocol_version(const SSL *ssl);

 // ssl_is_draft28 returns whether the version corresponds to a draft28 TLS 1.3
 // variant.
 bool ssl_is_draft28(uint16_t version);

 // Cipher suites.

 BSSL_NAMESPACE_END
@@ -785,8 +779,6 @@ class SSLAEADContext {
  // omit_length_in_ad_ is true if the length should be omitted in the
  // AEAD's ad parameter.
  bool omit_length_in_ad_ : 1;
  // omit_ad_ is true if the AEAD's ad parameter should be omitted.
  bool omit_ad_ : 1;
  // ad_is_header_ is true if the AEAD's ad parameter is the record header.
  bool ad_is_header_ : 1;
 };
@@ -1613,8 +1605,7 @@ struct SSL_HANDSHAKE {
  // record layer.
  uint16_t early_data_written = 0;

  // session_id is the session ID in the ClientHello, used for the experimental
  // TLS 1.3 variant.
  // session_id is the session ID in the ClientHello.
  uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0};
  uint8_t session_id_len = 0;

@@ -2834,10 +2825,6 @@ struct ssl_ctx_st {
  // quic_method is the method table corresponding to the QUIC hooks.
  const SSL_QUIC_METHOD *quic_method = nullptr;

  // tls13_variant is the variant of TLS 1.3 we are using for this
  // configuration.
  tls13_variant_t tls13_variant = tls13_rfc;

  bssl::UniquePtr<bssl::SSLCipherPreferenceList> cipher_list;

  X509_STORE *cert_store = nullptr;
@@ -3163,10 +3150,6 @@ struct ssl_st {
  // second.
  unsigned initial_timeout_duration_ms = 1000;

  // tls13_variant is the variant of TLS 1.3 we are using for this
  // configuration.
  tls13_variant_t tls13_variant = tls13_rfc;

  // session is the configured session to be offered by the client. This session
  // is immutable.
  bssl::UniquePtr<SSL_SESSION> session;
--- a/ssl/s3_both.cc
+++ b/ssl/s3_both.cc
@@ -188,14 +188,12 @@ bool ssl3_add_message(SSL *ssl, Array<uint8_t> msg) {
  // unnecessary encryption overhead, notably in TLS 1.3 where we send several
  // encrypted messages in a row. For now, we do not do this for the null
  // cipher. The benefit is smaller and there is a risk of breaking buggy
  // implementations. Additionally, we tie this to draft-28 as a sanity check,
  // on the off chance middleboxes have fixated on sizes.
  // implementations.
  //
  // TODO(davidben): See if we can do this uniformly.
  Span<const uint8_t> rest = msg;
  if (ssl->ctx->quic_method == nullptr &&
      (ssl->s3->aead_write_ctx->is_null_cipher() ||
       ssl->version == TLS1_3_DRAFT23_VERSION)) {
      ssl->s3->aead_write_ctx->is_null_cipher()) {
    while (!rest.empty()) {
      Span<const uint8_t> chunk = rest.subspan(0, ssl->max_send_fragment);
      rest = rest.subspan(chunk.size());
--- a/ssl/ssl_aead_ctx.cc
+++ b/ssl/ssl_aead_ctx.cc
@@ -42,7 +42,6 @@ SSLAEADContext::SSLAEADContext(uint16_t version_arg, bool is_dtls_arg,
      random_variable_nonce_(false),
      xor_fixed_nonce_(false),
      omit_length_in_ad_(false),
      omit_ad_(false),
      ad_is_header_(false) {
  OPENSSL_memset(fixed_nonce_, 0, sizeof(fixed_nonce_));
 }
@@ -134,11 +133,7 @@ UniquePtr<SSLAEADContext> SSLAEADContext::Create(
      aead_ctx->xor_fixed_nonce_ = true;
      aead_ctx->variable_nonce_len_ = 8;
      aead_ctx->variable_nonce_included_in_record_ = false;
      if (ssl_is_draft28(version)) {
        aead_ctx->ad_is_header_ = true;
      } else {
        aead_ctx->omit_ad_ = true;
      }
      aead_ctx->ad_is_header_ = true;
      assert(fixed_iv.size() >= aead_ctx->variable_nonce_len_);
    }
  } else {
@@ -231,10 +226,6 @@ Span<const uint8_t> SSLAEADContext::GetAdditionalData(
    return header;
  }

  if (omit_ad_) {
    return {};
  }

  OPENSSL_memcpy(storage, seqnum, 8);
  size_t len = 8;
  storage[len++] = type;
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -640,7 +640,6 @@ ssl_st::ssl_st(SSL_CTX *ctx_arg)
      max_send_fragment(ctx_arg->max_send_fragment),
      msg_callback(ctx_arg->msg_callback),
      msg_callback_arg(ctx_arg->msg_callback_arg),
      tls13_variant(ctx_arg->tls13_variant),
      ctx(UpRef(ctx_arg)),
      session_ctx(UpRef(ctx_arg)),
      options(ctx->options),
@@ -1261,14 +1260,6 @@ void SSL_CTX_set_early_data_enabled(SSL_CTX *ctx, int enabled) {
  ctx->enable_early_data = !!enabled;
 }

 void SSL_CTX_set_tls13_variant(SSL_CTX *ctx, enum tls13_variant_t variant) {
  ctx->tls13_variant = variant;
 }

 void SSL_set_tls13_variant(SSL *ssl, enum tls13_variant_t variant) {
  ssl->tls13_variant = variant;
 }

 void SSL_set_early_data_enabled(SSL *ssl, int enabled) {
  ssl->enable_early_data = !!enabled;
 }
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -2628,11 +2628,6 @@ TEST(SSLTest, SetVersion) {
  // SSL 3.0 is not available.
  EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), SSL3_VERSION));

  // TLS1_3_DRAFT_VERSION is not an API-level version.
  EXPECT_FALSE(
      SSL_CTX_set_max_proto_version(ctx.get(), TLS1_3_DRAFT23_VERSION));
  ERR_clear_error();

  ctx.reset(SSL_CTX_new(DTLS_method()));
  ASSERT_TRUE(ctx);

--- a/ssl/ssl_versions.cc
+++ b/ssl/ssl_versions.cc
@@ -34,11 +34,6 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {
      *out = version;
      return true;

    case TLS1_3_DRAFT23_VERSION:
    case TLS1_3_DRAFT28_VERSION:
      *out = TLS1_3_VERSION;
      return true;

    case DTLS1_VERSION:
      // DTLS 1.0 is analogous to TLS 1.1, not TLS 1.0.
      *out = TLS1_1_VERSION;
@@ -58,8 +53,6 @@ bool ssl_protocol_version_from_wire(uint16_t *out, uint16_t version) {

 static const uint16_t kTLSVersions[] = {
    TLS1_3_VERSION,
    TLS1_3_DRAFT28_VERSION,
    TLS1_3_DRAFT23_VERSION,
    TLS1_2_VERSION,
    TLS1_1_VERSION,
    TLS1_VERSION,
@@ -95,14 +88,10 @@ bool ssl_method_supports_version(const SSL_PROTOCOL_METHOD *method,
 }

 // The following functions map between API versions and wire versions. The
 // public API works on wire versions, except that TLS 1.3 draft versions all
 // appear as TLS 1.3. This will get collapsed back down when TLS 1.3 is
 // finalized.
 // public API works on wire versions.

 static const char *ssl_version_to_string(uint16_t version) {
  switch (version) {
    case TLS1_3_DRAFT23_VERSION:
    case TLS1_3_DRAFT28_VERSION:
    case TLS1_3_VERSION:
      return "TLSv1.3";

@@ -127,26 +116,11 @@ static const char *ssl_version_to_string(uint16_t version) {
 }

 static uint16_t wire_version_to_api(uint16_t version) {
  switch (version) {
    // Report TLS 1.3 draft versions as TLS 1.3 in the public API.
    case TLS1_3_DRAFT23_VERSION:
    case TLS1_3_DRAFT28_VERSION:
    case TLS1_3_VERSION:
      return TLS1_3_VERSION;
    default:
      return version;
  }
  return version;
 }

 // api_version_to_wire maps |version| to some representative wire version. In
 // particular, it picks an arbitrary TLS 1.3 representative. This should only be
 // used in context where that does not matter.
 // api_version_to_wire maps |version| to some representative wire version.
 static bool api_version_to_wire(uint16_t *out, uint16_t version) {
  if (version == TLS1_3_DRAFT23_VERSION ||
      version == TLS1_3_DRAFT28_VERSION) {
    return false;
  }

  // Check it is a real protocol version.
  uint16_t unused;
  if (!ssl_protocol_version_from_wire(&unused, version)) {
@@ -299,21 +273,6 @@ bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version) {
    return false;
  }

  // If the TLS 1.3 variant is set to |tls13_default|, all variants are enabled,
  // otherwise only the matching version is enabled.
  if (protocol_version == TLS1_3_VERSION) {
    switch (ssl->tls13_variant) {
      case tls13_draft23:
        return version == TLS1_3_DRAFT23_VERSION;
      case tls13_draft28:
        return version == TLS1_3_DRAFT28_VERSION;
      case tls13_rfc:
        return version == TLS1_3_VERSION;
      case tls13_all:
        return true;
    }
  }

  return true;
 }

@@ -373,10 +332,6 @@ bool ssl_negotiate_version(SSL_HANDSHAKE *hs, uint8_t *out_alert,
  return false;
 }

 bool ssl_is_draft28(uint16_t version) {
  return version == TLS1_3_DRAFT28_VERSION || version == TLS1_3_VERSION;
 }

 BSSL_NAMESPACE_END

 using namespace bssl;
--- a/ssl/test/fuzzer.h
+++ b/ssl/test/fuzzer.h
@@ -489,16 +489,6 @@ class TLSFuzzer {
          SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
          break;

        case kTLS13Variant: {
          uint8_t variant;
          if (!CBS_get_u8(cbs, &variant)) {
            return nullptr;
          }
          SSL_set_tls13_variant(ssl.get(),
                                static_cast<tls13_variant_t>(variant));
          break;
        }

        case kHandoffTag: {
          CBS handoff;
          if (!CBS_get_u24_length_prefixed(cbs, &handoff)) {
--- a/ssl/test/fuzzer_tags.h
+++ b/ssl/test/fuzzer_tags.h
@@ -39,13 +39,10 @@ static const uint16_t kSessionTag = 1;
 // certificates.
 static const uint16_t kRequestClientCert = 2;

 // kTLS13Variant is followed by a u8 denoting the TLS 1.3 variant to configure.
 static const uint16_t kTLS13Variant = 3;

 // kHandoffTag is followed by the output of |SSL_serialize_handoff|.
 static const uint16_t kHandoffTag = 4;
 static const uint16_t kHandoffTag = 3;

 // kHandbackTag is followed by te output of |SSL_serialize_handback|.
 static const uint16_t kHandbackTag = 5;
 static const uint16_t kHandbackTag = 4;

 #endif  // HEADER_SSL_TEST_FUZZER_TAGS
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -32,23 +32,8 @@ const (
 	VersionDTLS12 = 0xfefd
 )

 // A draft version of TLS 1.3 that is sent over the wire for the current draft.
 const (
 	tls13Draft23Version = 0x7f17
 	tls13Draft28Version = 0x7f1c
 )

 const (
 	TLS13RFC     = 0
 	TLS13Draft23 = 1
 	TLS13Draft28 = 2
 	TLS13All     = 3
 )

 var allTLSWireVersions = []uint16{
 	VersionTLS13,
 	tls13Draft28Version,
 	tls13Draft23Version,
 	VersionTLS12,
 	VersionTLS11,
 	VersionTLS10,
@@ -447,9 +432,6 @@ type Config struct {
 	// which is currently TLS 1.2.
 	MaxVersion uint16

 	// TLS13Variant is the variant of TLS 1.3 to use.
 	TLS13Variant int

 	// CurvePreferences contains the elliptic curves that will be used in
 	// an ECDHE handshake, in preference order. If empty, the default will
 	// be used.
@@ -1531,10 +1513,6 @@ type ProtocolBugs struct {
 	// specified number of plaintext bytes per record.
 	ExpectPackedEncryptedHandshake int

 	// ForbidHandshakePacking, if true, requires the peer place a record
 	// boundary after every handshake message.
 	ForbidHandshakePacking bool

 	// SendTicketLifetime, if non-zero, is the ticket lifetime to send in
 	// NewSessionTicket messages.
 	SendTicketLifetime time.Duration
@@ -1770,18 +1748,12 @@ func wireToVersion(vers uint16, isDTLS bool) (uint16, bool) {
 		switch vers {
 		case VersionSSL30, VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13:
 			return vers, true
 		case tls13Draft23Version, tls13Draft28Version:
 			return VersionTLS13, true
 		}
 	}

 	return 0, false
 }

 func isDraft28(vers uint16) bool {
 	return vers == tls13Draft28Version || vers == VersionTLS13
 }

 // isSupportedVersion checks if the specified wire version is acceptable. If so,
 // it returns true and the corresponding protocol version. Otherwise, it returns
 // false.
@@ -1790,26 +1762,6 @@ func (c *Config) isSupportedVersion(wireVers uint16, isDTLS bool) (uint16, bool)
 	if !ok || c.minVersion(isDTLS) > vers || vers > c.maxVersion(isDTLS) {
 		return 0, false
 	}
 	if vers == VersionTLS13 {
 		switch c.TLS13Variant {
 		case TLS13Draft23:
 			if wireVers != tls13Draft23Version {
 				return 0, false
 			}
 		case TLS13Draft28:
 			if wireVers != tls13Draft28Version {
 				return 0, false
 			}
 		case TLS13RFC:
 			if wireVers != VersionTLS13 {
 				return 0, false
 			}
 		case TLS13All:
 			// Allow all of them.
 		default:
 			panic(c.TLS13Variant)
 		}
 	}
 	return vers, true
 }

--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -454,7 +454,7 @@ func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, contentType recor
 				n := len(payload) - c.Overhead()
 				additionalData[11] = byte(n >> 8)
 				additionalData[12] = byte(n)
 			} else if isDraft28(hc.wireVersion) {
 			} else {
 				additionalData = b.data[:recordHeaderLen]
 			}
 			var err error
@@ -620,7 +620,7 @@ func (hc *halfConn) encrypt(b *block, explicitIVLen int, typ recordType) (bool,
 				copy(additionalData[8:], b.data[:3])
 				additionalData[11] = byte(payloadLen >> 8)
 				additionalData[12] = byte(payloadLen)
 			} else if isDraft28(hc.wireVersion) {
 			} else {
 				additionalData = make([]byte, 5)
 				copy(additionalData, b.data[:3])
 				n := len(b.data) - recordHeaderLen
@@ -1322,9 +1322,6 @@ func (c *Conn) doReadHandshake() ([]byte, error) {
 			return nil, err
 		}
 	}
 	if c.hand.Len() > 4+n && c.config.Bugs.ForbidHandshakePacking {
 		return nil, errors.New("tls: forbidden trailing data after a handshake message")
 	}
 	return c.hand.Next(4 + n), nil
 }

--- a/ssl/test/runner/handshake_client.go
+++ b/ssl/test/runner/handshake_client.go
@@ -424,10 +424,9 @@ NextCipherSuite:
 		if len(hello.pskIdentities) > 0 {
 			version := session.wireVersion
 			// We may have a pre-1.3 session if SendBothTickets is
 			// set. Fill in an arbitrary TLS 1.3 version to compute
 			// the binder.
 			// set.
 			if session.vers < VersionTLS13 {
 				version = tls13Draft23Version
 				version = VersionTLS13
 			}
 			generatePSKBinders(version, hello, pskCipherSuite, session.masterSecret, []byte{}, []byte{}, c.config)
 		}
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
--- a/ssl/test/settings_writer.cc
+++ b/ssl/test/settings_writer.cc
@@ -59,12 +59,6 @@ bool SettingsWriter::Init(int i, const TestConfig *config,
    return false;
  }

  if (config->tls13_variant != 0 &&
      (!CBB_add_u16(cbb_.get(), kTLS13Variant) ||
       !CBB_add_u8(cbb_.get(), static_cast<uint8_t>(config->tls13_variant)))) {
    return false;
  }

  return true;
 }

--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -218,7 +218,6 @@ const Flag<int> kIntFlags[] = {
  { "-max-send-fragment", &TestConfig::max_send_fragment },
  { "-read-size", &TestConfig::read_size },
  { "-expect-ticket-age-skew", &TestConfig::expect_ticket_age_skew },
  { "-tls13-variant", &TestConfig::tls13_variant },
 };

 const Flag<std::vector<int>> kIntVectorFlags[] = {
@@ -1247,9 +1246,6 @@ bssl::UniquePtr<SSL_CTX> TestConfig::SetupCtx(SSL_CTX *old_ctx) const {
    SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1);
  }

  SSL_CTX_set_tls13_variant(ssl_ctx.get(),
                            static_cast<enum tls13_variant_t>(tls13_variant));

  if (allow_unknown_alpn_protos) {
    SSL_CTX_set_allow_unknown_alpn_protos(ssl_ctx.get(), 1);
  }
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -104,7 +104,6 @@ struct TestConfig {
  bool use_ticket_callback = false;
  bool renew_ticket = false;
  bool enable_early_data = false;
  int tls13_variant = 0;
  bool enable_client_custom_extension = false;
  bool enable_server_custom_extension = false;
  bool custom_extension_skip = false;
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -294,16 +294,14 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
    return ssl_hs_error;
  }

  if (ssl_is_draft28(ssl->version)) {
    // Recheck supported_versions, in case this is the second ServerHello.
    uint16_t version;
    if (!have_supported_versions ||
        !CBS_get_u16(&supported_versions, &version) ||
        version != ssl->version) {
      OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH);
      ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
      return ssl_hs_error;
    }
  // Recheck supported_versions, in case this is the second ServerHello.
  uint16_t version;
  if (!have_supported_versions ||
      !CBS_get_u16(&supported_versions, &version) ||
      version != ssl->version) {
    OPENSSL_PUT_ERROR(SSL, SSL_R_SECOND_SERVERHELLO_VERSION_MISMATCH);
    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
    return ssl_hs_error;
  }

  alert = SSL_AD_DECODE_ERROR;
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -125,10 +125,6 @@ static const struct argument kArguments[] = {
        "this flag is the early data to send or if it starts with '@', the "
        "file to read from for early data.",
    },
    {
        "-tls13-variant", kOptionalArgument,
        "Enable the specified experimental TLS 1.3 variant",
    },
    {
        "-ed25519", kBooleanArgument, "Advertise Ed25519 support",
    },
@@ -328,26 +324,6 @@ static bool DoConnection(SSL_CTX *ctx,
  return cb(ssl.get(), sock);
 }

 static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) {
  if (in == "draft23") {
    *out = tls13_draft23;
    return true;
  }
  if (in == "draft28") {
    *out = tls13_draft28;
    return true;
  }
  if (in == "rfc") {
    *out = tls13_rfc;
    return true;
  }
  if (in == "all") {
    *out = tls13_all;
    return true;
  }
  return false;
 }

 static void InfoCallback(const SSL *ssl, int type, int value) {
  switch (type) {
    case SSL_CB_HANDSHAKE_START:
@@ -528,16 +504,6 @@ bool Client(const std::vector<std::string> &args) {
    SSL_CTX_set_early_data_enabled(ctx.get(), 1);
  }

  if (args_map.count("-tls13-variant") != 0) {
    tls13_variant_t variant;
    if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) {
      fprintf(stderr, "Unknown TLS 1.3 variant: %s\n",
              args_map["-tls13-variant"].c_str());
      return false;
    }
    SSL_CTX_set_tls13_variant(ctx.get(), variant);
  }

  if (args_map.count("-ed25519") != 0) {
    SSL_CTX_set_ed25519_enabled(ctx.get(), 1);
  }
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -67,10 +67,6 @@ static const struct argument kArguments[] = {
    {
        "-early-data", kBooleanArgument, "Allow early data",
    },
    {
        "-tls13-variant", kOptionalArgument,
        "Enable the specified experimental TLS 1.3 variant",
    },
    {
        "-www", kBooleanArgument,
        "The server will print connection information in response to a "
@@ -152,26 +148,6 @@ static bssl::UniquePtr<X509> MakeSelfSignedCert(EVP_PKEY *evp_pkey,
  return x509;
 }

 static bool GetTLS13Variant(tls13_variant_t *out, const std::string &in) {
  if (in == "draft23") {
    *out = tls13_draft23;
    return true;
  }
  if (in == "draft28") {
    *out = tls13_draft28;
    return true;
  }
  if (in == "rfc") {
    *out = tls13_rfc;
    return true;
  }
  if (in == "all") {
    *out = tls13_all;
    return true;
  }
  return false;
 }

 static void InfoCallback(const SSL *ssl, int type, int value) {
  switch (type) {
    case SSL_CB_HANDSHAKE_START:
@@ -331,16 +307,6 @@ bool Server(const std::vector<std::string> &args) {
    SSL_CTX_set_early_data_enabled(ctx.get(), 1);
  }

  if (args_map.count("-tls13-variant") != 0) {
    tls13_variant_t variant;
    if (!GetTLS13Variant(&variant, args_map["-tls13-variant"])) {
      fprintf(stderr, "Unknown TLS 1.3 variant: %s\n",
              args_map["-tls13-variant"].c_str());
      return false;
    }
    SSL_CTX_set_tls13_variant(ctx.get(), variant);
  }

  if (args_map.count("-debug") != 0) {
    SSL_CTX_set_info_callback(ctx.get(), InfoCallback);
  }