grpc 1.13.0 → 1.14.0

data/third_party/boringssl/crypto/x509/vpm_int.h

@@ -67,4 +67,5 @@ struct X509_VERIFY_PARAM_ID_st {
     size_t emaillen;
     unsigned char *ip;          /* If not NULL IP address to match */
     size_t iplen;               /* Length of IP address */
+    unsigned char poison;       /* Fail all verifications */
 };

data/third_party/boringssl/crypto/x509/x509_vfy.c

@@ -784,6 +784,10 @@ static int check_id(X509_STORE_CTX *ctx)
     X509_VERIFY_PARAM *vpm = ctx->param;
     X509_VERIFY_PARAM_ID *id = vpm->id;
     X509 *x = ctx->cert;
+    if (id->poison) {
+        if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
+            return 0;
+    }
     if (id->hosts && check_hosts(x, id) <= 0) {
         if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
             return 0;

data/third_party/boringssl/crypto/x509/x509_vpm.c

@@ -89,6 +89,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
 {
     char *copy;
 
+    if (name == NULL || namelen == 0) {
+        // Unlike OpenSSL, we reject trying to set or add an empty name.
+        return 0;
+    }
+
     /*
      * Refuse names with embedded NUL bytes.
      * XXX: Do we need to push an error onto the error stack?
@@ -100,8 +105,6 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
         string_stack_free(id->hosts);
         id->hosts = NULL;
     }
-    if (name == NULL || namelen == 0)
-        return 1;
 
     copy = BUF_strndup(name, namelen);
     if (copy == NULL)
@@ -162,7 +165,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
         paramid->ip = NULL;
         paramid->iplen = 0;
     }
-
+    paramid->poison = 0;
 }
 
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
@@ -316,6 +319,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
             return 0;
     }
 
+    dest->id->poison = src->id->poison;
+
     return 1;
 }
 
@@ -334,18 +339,17 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen,
                                const char *src, size_t srclen)
 {
     void *tmp;
-    if (src) {
-        if (srclen == 0) {
-            tmp = BUF_strdup(src);
-            srclen = strlen(src);
-        } else
-            tmp = BUF_memdup(src, srclen);
-        if (!tmp)
-            return 0;
-    } else {
-        tmp = NULL;
-        srclen = 0;
+    if (src == NULL || srclen == 0) {
+        // Unlike OpenSSL, we do not allow an empty string to disable previously
+        // configured checks.
+        return 0;
+    }
+
+    tmp = BUF_memdup(src, srclen);
+    if (!tmp) {
+        return 0;
     }
+
     if (*pdest)
         OPENSSL_free(*pdest);
     *pdest = tmp;
@@ -454,13 +458,21 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen)
 {
-    return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
+    if (!int_x509_param_set_hosts(param->id, SET_HOST, name, namelen)) {
+        param->id->poison = 1;
+        return 0;
+    }
+    return 1;
 }
 
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
                                 const char *name, size_t namelen)
 {
-    return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
+    if (!int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen)) {
+        param->id->poison = 1;
+        return 0;
+    }
+    return 1;
 }
 
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
@@ -477,17 +489,27 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
                                  const char *email, size_t emaillen)
 {
-    return int_x509_param_set1(&param->id->email, &param->id->emaillen,
-                               email, emaillen);
+    if (OPENSSL_memchr(email, '\0', emaillen) != NULL ||
+        !int_x509_param_set1(&param->id->email, &param->id->emaillen,
+                               email, emaillen)) {
+        param->id->poison = 1;
+        return 0;
+    }
+
+    return 1;
 }
 
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
                               const unsigned char *ip, size_t iplen)
 {
-    if (iplen != 0 && iplen != 4 && iplen != 16)
+    if ((iplen != 4 && iplen != 16) ||
+        !int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
+                             (char *)ip, iplen)) {
+        param->id->poison = 1;
         return 0;
-    return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
-                               (char *)ip, iplen);
+    }
+
+    return 1;
 }
 
 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
@@ -512,7 +534,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
 }
 
 static const X509_VERIFY_PARAM_ID _empty_id =
-    { NULL, 0U, NULL, NULL, 0, NULL, 0 };
+    { NULL, 0U, NULL, NULL, 0, NULL, 0, 0 };
 
 #define vpm_empty_id ((X509_VERIFY_PARAM_ID *)&_empty_id)
 

data/third_party/boringssl/include/openssl/aead.h

@@ -117,10 +117,16 @@ OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void);
 // https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-02
 OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void);
 
-// EVP_aead_aes_128_ccm_bluetooth is AES-128-CCM with M=4 and L=2, as decribed
-// in the Bluetooth Core Specification v5.0, Volume 6, Part E, Section 1.
+// EVP_aead_aes_128_ccm_bluetooth is AES-128-CCM with M=4 and L=2 (4-byte tags
+// and 13-byte nonces), as decribed in the Bluetooth Core Specification v5.0,
+// Volume 6, Part E, Section 1.
 OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void);
 
+// EVP_aead_aes_128_ccm_bluetooth_8 is AES-128-CCM with M=8 and L=2 (8-byte tags
+// and 13-byte nonces), as used in the Bluetooth Mesh Networking Specification
+// v1.0.
+OPENSSL_EXPORT const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth_8(void);
+
 // EVP_has_aes_hardware returns one if we enable hardware support for fast and
 // constant-time AES-GCM.
 OPENSSL_EXPORT int EVP_has_aes_hardware(void);

data/third_party/boringssl/include/openssl/asn1.h

@@ -976,5 +976,6 @@ BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free)
 #define ASN1_R_WRONG_PUBLIC_KEY_TYPE 189
 #define ASN1_R_WRONG_TAG 190
 #define ASN1_R_WRONG_TYPE 191
+#define ASN1_R_NESTED_TOO_DEEP 192
 
 #endif

data/third_party/boringssl/include/openssl/base.h

@@ -104,6 +104,10 @@ extern "C" {
 #elif defined(__pnacl__)
 #define OPENSSL_32_BIT
 #define OPENSSL_PNACL
+#elif defined(__wasm__)
+#define OPENSSL_32_BIT
+#elif defined(__asmjs__)
+#define OPENSSL_32_BIT
 #elif defined(__myriad2__)
 #define OPENSSL_32_BIT
 #else

data/third_party/boringssl/include/openssl/bn.h

@@ -237,7 +237,8 @@ OPENSSL_EXPORT BIGNUM *BN_bin2bn(const uint8_t *in, size_t len, BIGNUM *ret);
 
 // BN_bn2bin serialises the absolute value of |in| to |out| as a big-endian
 // integer, which must have |BN_num_bytes| of space available. It returns the
-// number of bytes written.
+// number of bytes written. Note this function leaks the magnitude of |in|. If
+// |in| is secret, use |BN_bn2bin_padded| instead.
 OPENSSL_EXPORT size_t BN_bn2bin(const BIGNUM *in, uint8_t *out);
 
 // BN_le2bn sets |*ret| to the value of |len| bytes from |in|, interpreted as
@@ -493,7 +494,12 @@ OPENSSL_EXPORT int BN_clear_bit(BIGNUM *a, int n);
 OPENSSL_EXPORT int BN_is_bit_set(const BIGNUM *a, int n);
 
 // BN_mask_bits truncates |a| so that it is only |n| bits long. It returns one
-// on success or zero if |n| is greater than the length of |a| already.
+// on success or zero if |n| is negative.
+//
+// This differs from OpenSSL which additionally returns zero if |a|'s word
+// length is less than or equal to |n|, rounded down to a number of words. Note
+// word size is platform-dependent, so this behavior is also difficult to rely
+// on in OpenSSL and not very useful.
 OPENSSL_EXPORT int BN_mask_bits(BIGNUM *a, int n);
 
 // BN_count_low_zero_bits returns the number of low-order zero bits in |bn|, or
@@ -700,7 +706,7 @@ enum bn_primality_result_t {
 // than the number-field sieve security level of |w| is used. It returns one on
 // success and zero on failure. If |cb| is not NULL, then it is called during
 // each iteration of the primality test.
-int BN_enhanced_miller_rabin_primality_test(
+OPENSSL_EXPORT int BN_enhanced_miller_rabin_primality_test(
     enum bn_primality_result_t *out_result, const BIGNUM *w, int iterations,
     BN_CTX *ctx, BN_GENCB *cb);
 
@@ -773,6 +779,10 @@ OPENSSL_EXPORT BIGNUM *BN_mod_inverse(BIGNUM *out, const BIGNUM *a,
 // value) to protect it against side-channel attacks. On failure, if the failure
 // was caused by |a| having no inverse mod |n| then |*out_no_inverse| will be
 // set to one; otherwise it will be set to zero.
+//
+// Note this function may incorrectly report |a| has no inverse if the random
+// blinding value has no inverse. It should only be used when |n| has few
+// non-invertible elements, such as an RSA modulus.
 int BN_mod_inverse_blinded(BIGNUM *out, int *out_no_inverse, const BIGNUM *a,
                            const BN_MONT_CTX *mont, BN_CTX *ctx);
 

data/third_party/boringssl/include/openssl/bytestring.h

@@ -240,10 +240,10 @@ OPENSSL_EXPORT int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
 OPENSSL_EXPORT int CBS_get_asn1_bool(CBS *cbs, int *out);
 
 // CBS_get_optional_asn1 gets an optional explicitly-tagged element from |cbs|
-// tagged with |tag| and sets |*out| to its contents. If present and if
-// |out_present| is not NULL, it sets |*out_present| to one, otherwise zero. It
-// returns one on success, whether or not the element was present, and zero on
-// decode failure.
+// tagged with |tag| and sets |*out| to its contents, or ignores it if |out| is
+// NULL. If present and if |out_present| is not NULL, it sets |*out_present| to
+// one, otherwise zero. It returns one on success, whether or not the element
+// was present, and zero on decode failure.
 OPENSSL_EXPORT int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
                                          unsigned tag);
 

data/third_party/boringssl/include/openssl/ec.h

@@ -105,10 +105,13 @@ typedef enum {
 // curve specified by |nid|, or NULL on error.
 //
 // The supported NIDs are:
-//   NID_secp224r1,
-//   NID_X9_62_prime256v1,
-//   NID_secp384r1,
-//   NID_secp521r1
+//   NID_secp224r1 (P-224),
+//   NID_X9_62_prime256v1 (P-256),
+//   NID_secp384r1 (P-384),
+//   NID_secp521r1 (P-521)
+//
+// If in doubt, use |NID_X9_62_prime256v1|, or see the curve25519.h header for
+// more modern primitives.
 OPENSSL_EXPORT EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
 
 // EC_GROUP_free frees |group| and the data that it points to.
@@ -209,6 +212,9 @@ OPENSSL_EXPORT int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
 // EC_POINT_get_affine_coordinates_GFp sets |x| and |y| to the affine value of
 // |point| using |ctx|, if it's not NULL. It returns one on success and zero
 // otherwise.
+//
+// Either |x| or |y| may be NULL to skip computing that coordinate. This is
+// slightly faster in the common case where only the x-coordinate is needed.
 OPENSSL_EXPORT int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
                                                        const EC_POINT *point,
                                                        BIGNUM *x, BIGNUM *y,

data/third_party/boringssl/include/openssl/ec_key.h

@@ -99,9 +99,6 @@ OPENSSL_EXPORT EC_KEY *EC_KEY_new_by_curve_name(int nid);
 // EC_KEY_free frees all the data owned by |key| and |key| itself.
 OPENSSL_EXPORT void EC_KEY_free(EC_KEY *key);
 
-// EC_KEY_copy sets |dst| equal to |src| and returns |dst| or NULL on error.
-OPENSSL_EXPORT EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
-
 // EC_KEY_dup returns a fresh copy of |src| or NULL on error.
 OPENSSL_EXPORT EC_KEY *EC_KEY_dup(const EC_KEY *src);
 

data/third_party/boringssl/include/openssl/rsa.h

@@ -751,5 +751,6 @@ BORINGSSL_MAKE_DELETER(RSA, RSA_free)
 #define RSA_R_VALUE_MISSING 144
 #define RSA_R_WRONG_SIGNATURE_LENGTH 145
 #define RSA_R_PUBLIC_KEY_VALIDATION_FAILED 146
+#define RSA_R_D_OUT_OF_RANGE 147
 
 #endif  // OPENSSL_HEADER_RSA_H

data/third_party/boringssl/include/openssl/ssl.h

@@ -2954,7 +2954,7 @@ OPENSSL_EXPORT int SSL_set_dummy_pq_padding_size(SSL *ssl, size_t num_bytes);
 
 // SSL_dummy_pq_padding_used returns one if the server echoed a dummy PQ padding
 // extension and zero otherwise. It may only be called on a client connection
-// once the handshake has completed, otherwise it'll return zero.
+// once the ServerHello has been processed, otherwise it'll return zero.
 OPENSSL_EXPORT int SSL_dummy_pq_padding_used(SSL *ssl);
 
 
@@ -3600,6 +3600,7 @@ OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
 OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher);
 
 typedef void COMP_METHOD;
+typedef struct ssl_comp_st SSL_COMP;
 
 // SSL_COMP_get_compression_methods returns NULL.
 OPENSSL_EXPORT STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
@@ -3610,6 +3611,12 @@ OPENSSL_EXPORT int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
 // SSL_COMP_get_name returns NULL.
 OPENSSL_EXPORT const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 
+// SSL_COMP_get0_name returns the |name| member of |comp|.
+OPENSSL_EXPORT const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+
+// SSL_COMP_get_id returns the |id| member of |comp|.
+OPENSSL_EXPORT int SSL_COMP_get_id(const SSL_COMP *comp);
+
 // SSL_COMP_free_compression_methods does nothing.
 OPENSSL_EXPORT void SSL_COMP_free_compression_methods(void);
 
@@ -3836,8 +3843,6 @@ OPENSSL_EXPORT void SSL_set_tmp_dh_callback(SSL *ssl,
 #define SSL_set_timeout(session, timeout) \
     SSL_SESSION_set_timeout((session), (timeout))
 
-typedef struct ssl_comp_st SSL_COMP;
-
 struct ssl_comp_st {
   int id;
   const char *name;

data/third_party/boringssl/include/openssl/ssl3.h

@@ -300,7 +300,6 @@ OPENSSL_COMPILE_ASSERT(
 #define SSL3_MT_SERVER_HELLO 2
 #define SSL3_MT_NEW_SESSION_TICKET 4
 #define SSL3_MT_END_OF_EARLY_DATA 5
-#define SSL3_MT_HELLO_RETRY_REQUEST 6
 #define SSL3_MT_ENCRYPTED_EXTENSIONS 8
 #define SSL3_MT_CERTIFICATE 11
 #define SSL3_MT_SERVER_KEY_EXCHANGE 12

data/third_party/boringssl/include/openssl/x509.h

@@ -1110,6 +1110,7 @@ extern "C++" {
 namespace bssl {
 
 BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free)
+BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free)
 BORINGSSL_MAKE_DELETER(X509, X509_free)
 BORINGSSL_MAKE_DELETER(X509_ALGOR, X509_ALGOR_free)
 BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free)

data/third_party/boringssl/include/openssl/x509v3.h

@@ -748,6 +748,7 @@ extern "C++" {
 
 namespace bssl {
 
+BORINGSSL_MAKE_DELETER(AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_ACCESS_free)
 BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free)
 BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free)
 BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free)

data/third_party/boringssl/ssl/handshake_client.cc

@@ -339,50 +339,21 @@ int ssl_write_client_hello(SSL_HANDSHAKE *hs) {
   return ssl->method->add_message(ssl, std::move(msg));
 }
 
-static int parse_server_version(SSL_HANDSHAKE *hs, uint16_t *out,
-                                const SSLMessage &msg) {
-  SSL *const ssl = hs->ssl;
-  if (msg.type != SSL3_MT_SERVER_HELLO &&
-      msg.type != SSL3_MT_HELLO_RETRY_REQUEST) {
-    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-    OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_MESSAGE);
-    return 0;
-  }
-
-  CBS server_hello = msg.body;
-  if (!CBS_get_u16(&server_hello, out)) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-    return 0;
-  }
-
-  // The server version may also be in the supported_versions extension if
-  // applicable.
-  if (msg.type != SSL3_MT_SERVER_HELLO || *out != TLS1_2_VERSION) {
-    return 1;
-  }
-
-  uint8_t sid_length;
-  if (!CBS_skip(&server_hello, SSL3_RANDOM_SIZE) ||
-      !CBS_get_u8(&server_hello, &sid_length) ||
-      !CBS_skip(&server_hello, sid_length + 2 /* cipher_suite */ +
-                1 /* compression_method */)) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-    return 0;
-  }
-
-  // The extensions block may not be present.
-  if (CBS_len(&server_hello) == 0) {
-    return 1;
+static bool parse_supported_versions(SSL_HANDSHAKE *hs, uint16_t *version,
+                                     const CBS *in) {
+  // If the outer version is not TLS 1.2, or there is no extensions block, use
+  // the outer version.
+  if (*version != TLS1_2_VERSION || CBS_len(in) == 0) {
+    return true;
   }
 
-  CBS extensions;
-  if (!CBS_get_u16_length_prefixed(&server_hello, &extensions) ||
-      CBS_len(&server_hello) != 0) {
+  SSL *const ssl = hs->ssl;
+  CBS copy = *in, extensions;
+  if (!CBS_get_u16_length_prefixed(&copy, &extensions) ||
+      CBS_len(&copy) != 0) {
     OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-    return 0;
+    return false;
   }
 
   bool have_supported_versions;
@@ -397,17 +368,18 @@ static int parse_server_version(SSL_HANDSHAKE *hs, uint16_t *out,
                             OPENSSL_ARRAY_SIZE(ext_types),
                             1 /* ignore unknown */)) {
     ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
-    return 0;
+    return false;
   }
 
+  // Override the outer version with the extension, if present.
   if (have_supported_versions &&
-      (!CBS_get_u16(&supported_versions, out) ||
+      (!CBS_get_u16(&supported_versions, version) ||
        CBS_len(&supported_versions) != 0)) {
     ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-    return 0;
+    return false;
   }
 
-  return 1;
+  return true;
 }
 
 static enum ssl_hs_wait_t do_start_connect(SSL_HANDSHAKE *hs) {
@@ -567,8 +539,26 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
     return ssl_hs_read_server_hello;
   }
 
-  uint16_t server_version;
-  if (!parse_server_version(hs, &server_version, msg)) {
+  if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO)) {
+    return ssl_hs_error;
+  }
+
+  CBS server_hello = msg.body, server_random, session_id;
+  uint16_t server_version, cipher_suite;
+  uint8_t compression_method;
+  if (!CBS_get_u16(&server_hello, &server_version) ||
+      !CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE) ||
+      !CBS_get_u8_length_prefixed(&server_hello, &session_id) ||
+      CBS_len(&session_id) > SSL3_SESSION_ID_SIZE ||
+      !CBS_get_u16(&server_hello, &cipher_suite) ||
+      !CBS_get_u8(&server_hello, &compression_method)) {
+    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
+    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+    return ssl_hs_error;
+  }
+
+  // Use the supported_versions extension if applicable.
+  if (!parse_supported_versions(hs, &server_version, &server_hello)) {
     return ssl_hs_error;
   }
 
@@ -609,24 +599,6 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
     return ssl_hs_error;
   }
 
-  if (!ssl_check_message_type(ssl, msg, SSL3_MT_SERVER_HELLO)) {
-    return ssl_hs_error;
-  }
-
-  CBS server_hello = msg.body, server_random, session_id;
-  uint16_t cipher_suite;
-  uint8_t compression_method;
-  if (!CBS_skip(&server_hello, 2 /* version */) ||
-      !CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE) ||
-      !CBS_get_u8_length_prefixed(&server_hello, &session_id) ||
-      CBS_len(&session_id) > SSL3_SESSION_ID_SIZE ||
-      !CBS_get_u16(&server_hello, &cipher_suite) ||
-      !CBS_get_u8(&server_hello, &compression_method)) {
-    OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
-    ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-    return ssl_hs_error;
-  }
-
   // Copy over the server random.
   OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
                  SSL3_RANDOM_SIZE);