SSL_serialize_handoff: serialize fewer things.

In the handoff+handback case, bssl_shim.cc creates 3 |SSL| objects:
one to receive the ClientHello, one to receive the handoff, and a
third one to receive the handback.

Before 56986f9, only the first of these received any configuration.
Since that commit, all 3 of them receive the same configuration.  That
means that the handback message no longer needs to serialize as many
things.

N.B. even before 56986f9, not all of the fields were necessary.  For
example, there was no reason to serialize |conf_max_version| and
|conf_min_version| in the handback, so far as I can tell.

This commit is mechanical: it simply removes everything that doesn't
cause any tests to fail.  In the long run, I'll need to carefully
check for two possibilities:

- Knobs that affect the handshake after the server's first message it
  sent.  These are troublesome because that portion of the handshake
  may run on a different |SSL|, depending on whether the handback is
  early or late.

- Getters that may be called post-handshake, and that callers may
  reasonably expect to reflect the value that was used during
  handshake.

(I'm not sure that either case exists!)

Change-Id: Ibf6e0be6609ad6e83ab50e69199e9b2d51e59a87
Reviewed-on: https://boringssl-review.googlesource.com/27364
Commit-Queue: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

ssl/handoff.cc

@@ -133,10 +133,6 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
       s3->session_reused ? ssl->session : s3->hs->new_session.get();
   if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||
       !CBB_add_asn1_uint64(&seq, kHandbackVersion) ||
-      !CBB_add_asn1_uint64(&seq, ssl->version) ||
-      !CBB_add_asn1_uint64(&seq, ssl->conf_max_version) ||
-      !CBB_add_asn1_uint64(&seq, ssl->conf_min_version) ||
-      !CBB_add_asn1_uint64(&seq, ssl->max_send_fragment) ||
       !CBB_add_asn1_octet_string(&seq, s3->read_sequence,
                                  sizeof(s3->read_sequence)) ||
       !CBB_add_asn1_octet_string(&seq, s3->write_sequence,
@@ -148,7 +144,6 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
       !CBB_add_asn1_octet_string(&seq, read_iv, iv_len) ||
       !CBB_add_asn1_octet_string(&seq, write_iv, iv_len) ||
       !CBB_add_asn1_bool(&seq, s3->session_reused) ||
-      !CBB_add_asn1_bool(&seq, s3->send_connection_binding) ||
       !CBB_add_asn1_bool(&seq, s3->tlsext_channel_id_valid) ||
       !ssl_session_serialize(session, &seq) ||
       !CBB_add_asn1_octet_string(&seq, s3->next_proto_negotiated.data(),
@@ -160,12 +155,6 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
           hostname_len) ||
       !CBB_add_asn1_octet_string(&seq, s3->tlsext_channel_id,
                                  sizeof(s3->tlsext_channel_id)) ||
-      !CBB_add_asn1_uint64(&seq, ssl->options) ||
-      !CBB_add_asn1_uint64(&seq, ssl->mode) ||
-      !CBB_add_asn1_uint64(&seq, ssl->max_cert_list) ||
-      !CBB_add_asn1_bool(&seq, ssl->quiet_shutdown) ||
-      !CBB_add_asn1_bool(&seq, ssl->tlsext_channel_id_enabled) ||
-      !CBB_add_asn1_bool(&seq, ssl->retain_only_sha256_of_client_certs) ||
       !CBB_add_asn1_bool(&seq, ssl->token_binding_negotiated) ||
       !CBB_add_asn1_uint64(&seq, ssl->negotiated_token_binding_param) ||
       !CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||
@@ -191,16 +180,12 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
   }
 
   SSL3_STATE *const s3 = ssl->s3;
-  uint64_t handback_version, version, conf_max_version, conf_min_version,
-      max_send_fragment, options, mode, max_cert_list,
-      negotiated_token_binding_param, cipher;
+  uint64_t handback_version, negotiated_token_binding_param, cipher;
 
   CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,
       next_proto, alpn, hostname, channel_id, transcript, key_share;
-  int session_reused, send_connection_binding, channel_id_valid, quiet_shutdown,
-      channel_id_enabled, retain_only_sha256, cert_request,
-      extended_master_secret, ticket_expected, token_binding_negotiated,
-      next_proto_neg_seen;
+  int session_reused, channel_id_valid, cert_request, extended_master_secret,
+      ticket_expected, token_binding_negotiated, next_proto_neg_seen;
   SSL_SESSION *session = nullptr;
 
   CBS handback_cbs(handback);
@@ -210,11 +195,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
     return false;
   }
 
-  if (!CBS_get_asn1_uint64(&seq, &version) ||
-      !CBS_get_asn1_uint64(&seq, &conf_max_version) ||
-      !CBS_get_asn1_uint64(&seq, &conf_min_version) ||
-      !CBS_get_asn1_uint64(&seq, &max_send_fragment) ||
-      !CBS_get_asn1(&seq, &read_seq, CBS_ASN1_OCTETSTRING) ||
+  if (!CBS_get_asn1(&seq, &read_seq, CBS_ASN1_OCTETSTRING) ||
       CBS_len(&read_seq) != sizeof(s3->read_sequence) ||
       !CBS_get_asn1(&seq, &write_seq, CBS_ASN1_OCTETSTRING) ||
       CBS_len(&write_seq) != sizeof(s3->write_sequence) ||
@@ -229,7 +210,6 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
       !CBS_get_asn1(&seq, &read_iv, CBS_ASN1_OCTETSTRING) ||
       !CBS_get_asn1(&seq, &write_iv, CBS_ASN1_OCTETSTRING) ||
       !CBS_get_asn1_bool(&seq, &session_reused) ||
-      !CBS_get_asn1_bool(&seq, &send_connection_binding) ||
       !CBS_get_asn1_bool(&seq, &channel_id_valid)) {
     return false;
   }
@@ -253,12 +233,6 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
       CBS_len(&channel_id) != sizeof(s3->tlsext_channel_id) ||
       !CBS_copy_bytes(&channel_id, s3->tlsext_channel_id,
                       sizeof(s3->tlsext_channel_id)) ||
-      !CBS_get_asn1_uint64(&seq, &options) ||
-      !CBS_get_asn1_uint64(&seq, &mode) ||
-      !CBS_get_asn1_uint64(&seq, &max_cert_list) ||
-      !CBS_get_asn1_bool(&seq, &quiet_shutdown) ||
-      !CBS_get_asn1_bool(&seq, &channel_id_enabled) ||
-      !CBS_get_asn1_bool(&seq, &retain_only_sha256) ||
       !CBS_get_asn1_bool(&seq, &token_binding_negotiated) ||
       !CBS_get_asn1_uint64(&seq, &negotiated_token_binding_param) ||
       !CBS_get_asn1_bool(&seq, &next_proto_neg_seen) ||
@@ -277,24 +251,14 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
     return false;
   }
 
-  ssl->version = version;
-  ssl->conf_max_version = conf_max_version;
-  ssl->conf_min_version = conf_min_version;
-  ssl->max_send_fragment = max_send_fragment;
-  if (ssl->max_send_fragment == 0) {
-    return false;
-  }
+  ssl->version = session->ssl_version;
   ssl->do_handshake = ssl_server_handshake;
   ssl->server = true;
-  ssl->options = options;
-  ssl->mode = mode;
-  ssl->max_cert_list = max_cert_list;
 
   s3->have_version = true;
   s3->hs->state = CBS_len(&transcript) == 0 ? state12_finish_server_handshake
                                             : state12_read_client_certificate;
   s3->session_reused = session_reused;
-  s3->send_connection_binding = send_connection_binding;
   s3->tlsext_channel_id_valid = channel_id_valid;
   s3->next_proto_negotiated.CopyFrom(next_proto);
   s3->alpn_selected.CopyFrom(alpn);
@@ -310,9 +274,6 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
     s3->hostname.reset(hostname_str);
   }
 
-  ssl->quiet_shutdown = quiet_shutdown;
-  ssl->tlsext_channel_id_enabled = channel_id_enabled;
-  ssl->retain_only_sha256_of_client_certs = retain_only_sha256;
   ssl->token_binding_negotiated = token_binding_negotiated;
   ssl->negotiated_token_binding_param =
       static_cast<uint8_t>(negotiated_token_binding_param);