Remove now unnecessary BORINGSSL_API_VERSION ifdefs
At the time these codepaths were added, the APIs were new and we still needed to accommodate older BoringSSL. This is no longer a concern.
While I'm here, switch the supported groups test from Kyber (pre-standard) to ML-KEM (standard).
PiperOrigin-RevId: 747990095
diff --git a/quiche/quic/core/crypto/quic_crypto_client_config.h b/quiche/quic/core/crypto/quic_crypto_client_config.h
index b58a546..6020294 100644
--- a/quiche/quic/core/crypto/quic_crypto_client_config.h
+++ b/quiche/quic/core/crypto/quic_crypto_client_config.h
@@ -403,12 +403,10 @@
bool pad_full_hello() const { return pad_full_hello_; }
void set_pad_full_hello(bool new_value) { pad_full_hello_ = new_value; }
-#if BORINGSSL_API_VERSION >= 27
bool alps_use_new_codepoint() const { return alps_use_new_codepoint_; }
void set_alps_use_new_codepoint(bool new_value) {
alps_use_new_codepoint_ = new_value;
}
-#endif // BORINGSSL_API_VERSION
const QuicSSLConfig& ssl_config() const { return ssl_config_; }
QuicSSLConfig& ssl_config() { return ssl_config_; }
@@ -485,10 +483,8 @@
bool pad_inchoate_hello_ = true;
bool pad_full_hello_ = true;
-#if BORINGSSL_API_VERSION >= 27
// Set whether ALPS uses the new codepoint or not.
bool alps_use_new_codepoint_ = false;
-#endif // BORINGSSL_API_VERSION
// Configs applied to BoringSSL's SSL object. TLS only.
QuicSSLConfig ssl_config_;
diff --git a/quiche/quic/core/tls_client_handshaker.cc b/quiche/quic/core/tls_client_handshaker.cc
index 744910d..4f18e59 100644
--- a/quiche/quic/core/tls_client_handshaker.cc
+++ b/quiche/quic/core/tls_client_handshaker.cc
@@ -58,18 +58,14 @@
cert_and_key->private_key.private_key());
}
}
-#if BORINGSSL_API_VERSION >= 22
if (!crypto_config->preferred_groups().empty()) {
SSL_set1_group_ids(ssl(), crypto_config->preferred_groups().data(),
crypto_config->preferred_groups().size());
}
-#endif // BORINGSSL_API_VERSION
-#if BORINGSSL_API_VERSION >= 27
// Make sure we use the right ALPS codepoint.
SSL_set_alps_use_new_codepoint(ssl(),
crypto_config->alps_use_new_codepoint());
-#endif // BORINGSSL_API_VERSION
}
TlsClientHandshaker::~TlsClientHandshaker() {}
diff --git a/quiche/quic/core/tls_client_handshaker_test.cc b/quiche/quic/core/tls_client_handshaker_test.cc
index fd40e63..06fe577 100644
--- a/quiche/quic/core/tls_client_handshaker_test.cc
+++ b/quiche/quic/core/tls_client_handshaker_test.cc
@@ -867,7 +867,6 @@
EXPECT_FALSE(stream()->crypto_negotiated_params().encrypted_client_hello);
}
-#if BORINGSSL_API_VERSION >= 22
TEST_P(TlsClientHandshakerTest, EnableKyber) {
crypto_config_->set_preferred_groups({SSL_GROUP_X25519_KYBER768_DRAFT00});
server_crypto_config_->set_preferred_groups(
@@ -881,9 +880,7 @@
EXPECT_EQ(SSL_GROUP_X25519_KYBER768_DRAFT00,
SSL_get_group_id(stream()->GetSsl()));
}
-#endif // BORINGSSL_API_VERSION
-#if BORINGSSL_API_VERSION >= 27
TEST_P(TlsClientHandshakerTest, EnableClientAlpsUseNewCodepoint) {
// The intent of this test is to demonstrate the handshake should complete
// successfully.
@@ -910,7 +907,6 @@
EXPECT_EQ(PROTOCOL_TLS1_3, stream()->handshake_protocol());
EXPECT_TRUE(callback_ran);
}
-#endif // BORINGSSL_API_VERSION
} // namespace
} // namespace test
diff --git a/quiche/quic/core/tls_handshaker.cc b/quiche/quic/core/tls_handshaker.cc
index 4c4fb1f..4a64c7c 100644
--- a/quiche/quic/core/tls_handshaker.cc
+++ b/quiche/quic/core/tls_handshaker.cc
@@ -224,11 +224,7 @@
}
const EVP_MD* TlsHandshaker::Prf(const SSL_CIPHER* cipher) {
-#if BORINGSSL_API_VERSION >= 23
return SSL_CIPHER_get_handshake_digest(cipher);
-#else
- return EVP_get_digestbynid(SSL_CIPHER_get_prf_nid(cipher));
-#endif
}
enum ssl_verify_result_t TlsHandshaker::VerifyCert(uint8_t* out_alert) {
@@ -420,7 +416,6 @@
void TlsHandshaker::MessageCallback(bool is_write, int /*version*/,
int content_type, absl::string_view data) {
-#if BORINGSSL_API_VERSION >= 17
if (content_type == SSL3_RT_CLIENT_HELLO_INNER) {
// Notify QuicConnectionDebugVisitor. Most TLS messages can be seen in
// CRYPTO frames, but, with ECH enabled, the ClientHelloInner is encrypted
@@ -431,11 +426,6 @@
handshaker_delegate_->OnEncryptedClientHelloReceived(data);
}
}
-#else // BORINGSSL_API_VERSION
- (void)is_write;
- (void)content_type;
- (void)data;
-#endif // BORINGSSL_API_VERSION
}
} // namespace quic
diff --git a/quiche/quic/core/tls_server_handshaker.cc b/quiche/quic/core/tls_server_handshaker.cc
index 1660c29..8e84d57 100644
--- a/quiche/quic/core/tls_server_handshaker.cc
+++ b/quiche/quic/core/tls_server_handshaker.cc
@@ -236,12 +236,10 @@
if (session->connection()->context()->tracer) {
tls_connection_.EnableInfoCallback();
}
-#if BORINGSSL_API_VERSION >= 22
if (!crypto_config->preferred_groups().empty()) {
SSL_set1_group_ids(ssl(), crypto_config->preferred_groups().data(),
crypto_config->preferred_groups().size());
}
-#endif // BORINGSSL_API_VERSION
}
TlsServerHandshaker::~TlsServerHandshaker() { CancelOutstandingCallbacks(); }
diff --git a/quiche/quic/core/tls_server_handshaker_test.cc b/quiche/quic/core/tls_server_handshaker_test.cc
index 893b2a6..2284938 100644
--- a/quiche/quic/core/tls_server_handshaker_test.cc
+++ b/quiche/quic/core/tls_server_handshaker_test.cc
@@ -1217,12 +1217,10 @@
ExpectHandshakeSuccessful();
}
-#if BORINGSSL_API_VERSION >= 22
-TEST_P(TlsServerHandshakerTest, EnableKyber) {
- server_crypto_config_->set_preferred_groups(
- {SSL_GROUP_X25519_KYBER768_DRAFT00});
+TEST_P(TlsServerHandshakerTest, EnableMLKEM) {
+ server_crypto_config_->set_preferred_groups({SSL_GROUP_X25519_MLKEM768});
client_crypto_config_->set_preferred_groups(
- {SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_X25519, SSL_GROUP_SECP256R1,
+ {SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519, SSL_GROUP_SECP256R1,
SSL_GROUP_SECP384R1});
InitializeServer();
@@ -1230,12 +1228,10 @@
CompleteCryptoHandshake();
ExpectHandshakeSuccessful();
EXPECT_EQ(PROTOCOL_TLS1_3, server_stream()->handshake_protocol());
- EXPECT_EQ(SSL_GROUP_X25519_KYBER768_DRAFT00,
+ EXPECT_EQ(SSL_GROUP_X25519_MLKEM768,
SSL_get_group_id(server_stream()->GetSsl()));
}
-#endif // BORINGSSL_API_VERSION
-#if BORINGSSL_API_VERSION >= 27
TEST_P(TlsServerHandshakerTest, AlpsUseNewCodepoint) {
const struct {
bool client_use_alps_new_codepoint;
@@ -1270,7 +1266,6 @@
EXPECT_EQ(PROTOCOL_TLS1_3, server_stream()->handshake_protocol());
}
}
-#endif // BORINGSSL_API_VERSION
} // namespace
} // namespace test
