From 9052286dab3508855c130a5e8a9fd2c0857e7869 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Thu, 27 May 2021 14:50:31 -0400
Subject: [PATCH] Add a note about extension callback names.

For TLS 1.3, since the bulk of extensions move to EncryptedExtensions,
we made the extension callbacks apply to EncryptedExtensions and pulled
the few ServerHello extensions out of the callback system. This means
the ServerHello naming is a little confusing.

We probably should rename these callbacks, though parse_server is a bit
ambiguous as to whether this is "parse the extension from the server" or
"parse as a server". For now, add a comment.

Change-Id: If1aa0846426de2cc8dcb2253695a8dd3285f7b76
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47994
Reviewed-by: Adam Langley <agl@google.com>
---
 ssl/t1_lib.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index d46241e01..7f2c244a4 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -504,6 +504,10 @@ bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
 // the function is responsible for appending the type and length bytes too.
 // |add_clienthello| may be called multiple times and must not mutate |hs|.
 //
+// Note the |parse_serverhello| and |add_serverhello| callbacks refer to the
+// TLS 1.2 ServerHello. In TLS 1.3, these callbacks act on EncryptedExtensions,
+// with ServerHello extensions handled elsewhere in the handshake.
+//
 // All callbacks return true for success and false for error. If a parse
 // function returns zero then a fatal alert with value |*out_alert| will be
 // sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent.