Rebase to latest tls13-prototype

Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:

include/mbedtls/quic.h

@@ -11,7 +11,7 @@ extern "C" {
 #endif
 
 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
-typedef struct mbedtls_ssl_ticket  mbedtls_ssl_ticket;
+typedef struct mbedtls_ssl_session  mbedtls_ssl_session;
 typedef struct mbedtls_quic_input  mbedtls_quic_input;
 typedef struct quic_input_msg      quic_input_msg;
 typedef struct quic_input_queue    quic_input_queue;
@@ -176,7 +176,7 @@ typedef int mbedtls_quic_send_alert_t(
  */
 typedef void mbedtls_quic_process_new_session_t(
     void                     *param,
-    mbedtls_ssl_ticket       *session_ticket);
+    mbedtls_ssl_session       *session_ticket);
 /**
  * \brief QUIC method callbacks.
  */

include/mbedtls/quic_internal.h

@@ -1,11 +1,7 @@
 #ifndef MBEDTLS_SSL_QIUC_INTERNAL_H
 #define MBEDTLS_SSL_QIUC_INTERNAL_H
 
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif /* MBEDTLS_CONFIG_FILE */
+#include "mbedtls/build_info.h"
 
 #if defined(MBEDTLS_SSL_PROTO_QUIC)
 #include "mbedtls/quic.h"
@@ -307,15 +303,15 @@ static inline int quic_input_validate_last_hdr(mbedtls_ssl_context *ssl,
   if (!quic_input_hs_type_valid(hs_msg_type)) {
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "quic_input_validate_last_hdr: FATAL ERR "
           "invalid handshake message type %c", hs_msg_type));
-    return MBEDTLS_ERR_SSL_BAD_HS_UNKNOWN_MSG;
+    return MBEDTLS_ERR_SSL_INVALID_RECORD;
   }
 
   const size_t hs_msg_size = hs_msg_body_size(queue->tmp_hdr) + QUIC_HS_HDR_SIZE;
 
-  if (hs_msg_size > MBEDTLS_SSL_MAX_CONTENT_LEN) {
+  if (hs_msg_size > MBEDTLS_SSL_IN_CONTENT_LEN) {
     MBEDTLS_SSL_DEBUG_MSG( 1, ( "quic_input_validate_last_hdr: FATAL ERR "
           "handshake message size %u exceeds max %u",
-          hs_msg_type, MBEDTLS_SSL_MAX_CONTENT_LEN));
+          hs_msg_type, MBEDTLS_SSL_IN_CONTENT_LEN));
     return MBEDTLS_ERR_SSL_INVALID_RECORD;
   }
 

library/quic.c

@@ -27,11 +27,7 @@
  *  http://www.ietf.org/rfc/rfc4346.txt
  */
 
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
+#include "common.h"
 
 #if defined(MBEDTLS_SSL_PROTO_QUIC)
 

library/ssl_tls13_client.c

@@ -162,13 +162,11 @@ int ssl_write_early_data_process( mbedtls_ssl_context* ssl )
         MBEDTLS_SSL_PROC_CHK( ssl_write_early_data_postprocess( ssl ) );
 
 #else  /* MBEDTLS_SSL_USE_MPS */
+
 #if defined(MBEDTLS_SSL_PROTO_QUIC)
         if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_QUIC)
 #endif /* MBEDTLS_SSL_PROTO_QUIC */
         {
-            /* Make sure we can write a new message. */
-            MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
-
             /* Write early-data to message buffer. */
             MBEDTLS_SSL_PROC_CHK( ssl_write_early_data_write( ssl, ssl->out_msg,
                                                               MBEDTLS_SSL_OUT_CONTENT_LEN,
@@ -3068,8 +3066,8 @@ static int ssl_server_hello_session_id_check( mbedtls_ssl_context* ssl,
 }
 
 static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
-        const unsigned char* buf,
-        size_t buflen )
+                                   const unsigned char* buf,
+                                   size_t buflen )
 {
 
     int ret; /* return value */
@@ -3158,7 +3156,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
         SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
-                MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+                              MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
@@ -4061,9 +4059,19 @@ static int ssl_new_session_ticket_process( mbedtls_ssl_context* ssl )
 
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
 
+#if defined(MBEDTLS_SSL_PROTO_QUIC)
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_QUIC)
+    {
+        buf = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
+        buflen = ssl->in_hslen - mbedtls_ssl_hs_hdr_len( ssl );
+    }
+    else
+#endif /* MBEDTLS_SSL_PROTO_QUIC */
+    {
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_fetch_handshake_msg( ssl,
                                           MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
                                           &buf, &buflen ) );
+    }
 
     MBEDTLS_SSL_PROC_CHK( ssl_new_session_ticket_parse( ssl, buf, buflen ) );
 
@@ -4307,26 +4315,29 @@ int mbedtls_ssl_quic_post_handshake(mbedtls_ssl_context *ssl)
     {
         MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received"));
 
-        if ((ret = mbedtls_ssl_new_session_ticket_process(ssl)) != 0)
+        if ((ret = ssl_new_session_ticket_process(ssl)) != 0)
         {
             MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_parse_new_session_ticket", ret);
             return(ret);
         }
-        mbedtls_ssl_ticket* ticket = mbedtls_calloc(1, sizeof(mbedtls_ssl_ticket));
-        if (ticket == NULL)
+
+        mbedtls_ssl_session* session_ticket = mbedtls_calloc(1, sizeof(mbedtls_ssl_session));
+        if (session_ticket == NULL)
         {
             return (MBEDTLS_ERR_SSL_ALLOC_FAILED);
         }
-        if ((mbedtls_ssl_get_client_ticket(ssl, ticket) != 0))
+
+        if( ( ret = mbedtls_ssl_get_session( ssl, session_ticket ) ) != 0 )
         {
-            mbedtls_free(ticket->ticket);
-            mbedtls_free(ticket);
-            return (MBEDTLS_ERR_SSL_INTERNAL_ERROR);
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_session", ret);
+            mbedtls_ssl_session_free(session_ticket);
+            return(ret);
         }
+
         // the ticket will be transfered to and be released by the app
         ssl->quic_method->process_new_session(
                 ssl->p_quic_method,
-                ticket);
+                session_ticket);
         return (ret);
     }
 

library/ssl_tls13_generic.c

@@ -2186,6 +2186,11 @@ int mbedtls_ssl_finished_out_process( mbedtls_ssl_context* ssl )
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
                                               buf_len, msg_len ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_flush_output( ssl ) );
+#if defined(MBEDTLS_SSL_PROTO_QUIC)
+    if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_QUIC)
+      mbedtls_set_quic_traffic_key(ssl, MBEDTLS_SSL_CRYPTO_LEVEL_APPLICATION);
+#endif /* MBEDTLS_SSL_PROTO_QUIC */
+
 
 cleanup:
 
@@ -2229,10 +2234,6 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context* ssl )
             return ( ret );
         }
 
-#if defined(MBEDTLS_SSL_PROTO_QUIC)
-        if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_QUIC)
-            mbedtls_set_quic_traffic_key(ssl, MBEDTLS_SSL_CRYPTO_LEVEL_APPLICATION);
-#endif /* MBEDTLS_SSL_PROTO_QUIC */
         mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
     }
     else
@@ -2681,6 +2682,51 @@ int mbedtls_ssl_write_early_data_ext( mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_ZERO_RTT */
 
+#if defined(MBEDTLS_SSL_PROTO_QUIC)
+
+/* declared in ssl_internal.h */
+int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
+        const uint8_t *params, size_t len,
+        uint8_t **oparams, size_t *olen) 
+{
+    if (len > MBEDTLS_QUIC_TRANSPORT_PARAMS_MAX_LEN)
+    {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("ssl_set_quic_transport_params: bad transport_params length"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
+
+    if ((*oparams = mbedtls_calloc(1, len)) == NULL)
+    {
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+    }
+
+    memcpy(*oparams, params, len);
+    *olen = len;
+
+    return 0;
+}
+
+int mbedtls_ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
+        const uint8_t *params, size_t len)
+{
+    // Setting transport params more than once is not expected, but
+    // permitted.
+    mbedtls_free(ssl->quic_transport_params);
+    ssl->quic_transport_params = NULL;
+
+    return ssl_set_quic_transport_params(ssl, params, len,
+            &ssl->quic_transport_params, &ssl->quic_transport_params_len);
+}
+
+void mbedtls_ssl_get_peer_quic_transport_params(mbedtls_ssl_context *ssl,
+    const uint8_t **oparams, size_t *olen)
+{
+    *oparams = (const uint8_t*)(ssl->peer_quic_transport_params);
+    *olen = ssl->peer_quic_transport_params_len;
+}
+
+#endif /* MBEDTLS_SSL_PROTO_QUIC */
+
 
 #if defined(MBEDTLS_ECDH_C)
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
@@ -3028,52 +3074,6 @@ int mbedtls_ecp_tls_13_write_group( const mbedtls_ecp_group *grp, size_t *olen,
 }
 
 #endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_SSL_PROTO_QUIC)
-
-/* declared in ssl_internal.h */
-int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
-        const uint8_t *params, size_t len,
-        uint8_t **oparams, size_t *olen) 
-{
-    if (len > MBEDTLS_QUIC_TRANSPORT_PARAMS_MAX_LEN)
-    {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("ssl_set_quic_transport_params: bad transport_params length"));
-        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-    }
-
-    if ((*oparams = mbedtls_calloc(1, len)) == NULL)
-    {
-        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
-    }
-
-    memcpy(*oparams, params, len);
-    *olen = len;
-
-    return 0;
-}
-
-int mbedtls_ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
-        const uint8_t *params, size_t len)
-{
-    // Setting transport params more than once is not expected, but
-    // permitted.
-    mbedtls_free(ssl->quic_transport_params);
-    ssl->quic_transport_params = NULL;
-
-    return ssl_set_quic_transport_params(ssl, params, len,
-            &ssl->quic_transport_params, &ssl->quic_transport_params_len);
-}
-
-void mbedtls_ssl_get_peer_quic_transport_params(mbedtls_ssl_context *ssl,
-    const uint8_t **oparams, size_t *olen)
-{
-    *oparams = (const uint8_t*)(ssl->peer_quic_transport_params);
-    *olen = ssl->peer_quic_transport_params_len;
-}
-
-#endif /* MBEDTLS_SSL_PROTO_QUIC */
-
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_SSL_TLS_C */