Remove redundant piece of DC state

Now that delegated credentials comes with its own sigalg list (hooray for wasted ClientHello bytes), we don't need a delegated_credential_requested. It's already implicit in whether we parsed any sigalgs. Change-Id: I5169e4b24a41dd4973fc581087c881d34b5075fa Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66373 Commit-Queue: David Benjamin <[email protected]> Reviewed-by: Bob Beck <[email protected]> (cherry picked from commit c06c4d5ea6dc3118c2851e0010aa441161e2a983)
justsmth · Nov 4, 2024 · 1503226 · 1503226
1 parent 11353ef
commit 1503226
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 10 deletions.
diff --git a/ssl/extensions.cc b/ssl/extensions.cc
@@ -2782,7 +2782,6 @@ static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs,
     return false;
   }
 
-  hs->delegated_credential_requested = true;
   return true;
 }
 

diff --git a/ssl/handshake.cc b/ssl/handshake.cc
@@ -135,7 +135,6 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
       cert_request(false),
       certificate_status_expected(false),
       ocsp_stapling_requested(false),
-      delegated_credential_requested(false),
       should_ack_sni(false),
       in_false_start(false),
       in_early_data(false),

diff --git a/ssl/internal.h b/ssl/internal.h
@@ -2058,7 +2058,8 @@ struct SSL_HANDSHAKE {
   Array<uint16_t> peer_supported_group_list;
 
   // peer_delegated_credential_sigalgs are the signature algorithms the peer
-  // supports with delegated credentials.
+  // supports with delegated credentials, or empty if the peer does not support
+  // delegated credentials.
   Array<uint16_t> peer_delegated_credential_sigalgs;
 
   // peer_key is the peer's ECDH key for a TLS 1.2 client.
@@ -2170,10 +2171,6 @@ struct SSL_HANDSHAKE {
   // ocsp_stapling_requested is true if a client requested OCSP stapling.
   bool ocsp_stapling_requested : 1;
 
-  // delegated_credential_requested is true if the peer indicated support for
-  // the delegated credential extension.
-  bool delegated_credential_requested : 1;
-
   // should_ack_sni is used by a server and indicates that the SNI extension
   // should be echoed in the ServerHello.
   bool should_ack_sni : 1;

diff --git a/ssl/ssl_cert.cc b/ssl/ssl_cert.cc
@@ -892,9 +892,7 @@ static bool ssl_can_serve_dc(const SSL_HANDSHAKE *hs) {
 
 bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs) {
   // We only support delegated credentials as a server.
-  return hs->ssl->server &&
-         hs->delegated_credential_requested &&
-         ssl_can_serve_dc(hs);
+  return hs->ssl->server && ssl_can_serve_dc(hs);
 }
 
 static int cert_set_dc(CERT *cert, CRYPTO_BUFFER *const raw, EVP_PKEY *privkey,