Rebase to latest tls13-prototype

Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags:
hannestschofenig · Jun 25, 2021 · 04aff58 · 04aff58
1 parent a5ce12d
commit 04aff58
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 71 deletions.
diff --git a/include/mbedtls/quic.h b/include/mbedtls/quic.h
@@ -11,7 +11,7 @@ extern "C" {
 #endif
 
 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
-typedef struct mbedtls_ssl_ticket  mbedtls_ssl_ticket;
+typedef struct mbedtls_ssl_session  mbedtls_ssl_session;
 typedef struct mbedtls_quic_input  mbedtls_quic_input;
 typedef struct quic_input_msg      quic_input_msg;
 typedef struct quic_input_queue    quic_input_queue;
@@ -176,7 +176,7 @@ typedef int mbedtls_quic_send_alert_t(
  */
 typedef void mbedtls_quic_process_new_session_t(
     void                     *param,
-    mbedtls_ssl_ticket       *session_ticket);
+    mbedtls_ssl_session       *session_ticket);
 /**
  * \brief QUIC method callbacks.
  */

diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
@@ -1879,6 +1879,14 @@ int mbedtls_ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+
+#if defined(MBEDTLS_SSL_PROTO_QUIC)
+int mbedtls_set_quic_traffic_key(mbedtls_ssl_context *ssl, mbedtls_ssl_crypto_level level);
+/* Shared implementation for the QUIC transport params setting */
+int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
+    const uint8_t *params, size_t len,
+    uint8_t **oparams, size_t *olen);
+#endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 #if defined(MBEDTLS_ECDH_C)
 /**
@@ -2075,11 +2083,4 @@ int mbedtls_ecp_tls_13_write_group( const mbedtls_ecp_group *grp,
 #endif /* MBEDTLS_ECP_C */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
-#if defined(MBEDTLS_SSL_PROTO_QUIC)
-int mbedtls_set_quic_traffic_key(mbedtls_ssl_context *ssl, mbedtls_ssl_crypto_level level);
-/* Shared implementation for the QUIC transport params setting */
-int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
-    const uint8_t *params, size_t len,
-    uint8_t **oparams, size_t *olen);
-#endif
 #endif /* ssl_internal.h */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
@@ -3298,8 +3298,8 @@ static int ssl_server_hello_session_id_check( mbedtls_ssl_context* ssl,
 }
 
 static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
-        const unsigned char* buf,
-        size_t buflen )
+                                   const unsigned char* buf,
+                                   size_t buflen )
 {
 
     int ret; /* return value */
@@ -3399,7 +3399,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
         SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
-                MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
+                              MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
@@ -3412,7 +3412,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
         SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
-                MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+                              MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
 
@@ -3429,12 +3429,12 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
             SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR,
-                    MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+                                  MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
             return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
         }
 
         if( ssl->conf->ciphersuite_list[ssl->minor_ver][i++] ==
-                ssl->session_negotiate->ciphersuite )
+            ssl->session_negotiate->ciphersuite )
         {
             break;
         }
@@ -3457,7 +3457,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
         SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+                              MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
 
@@ -3469,7 +3469,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
         SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+                              MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
         return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
     }
 
@@ -3488,7 +3488,7 @@ static int ssl_server_hello_parse( mbedtls_ssl_context* ssl,
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
             SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
-                    MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
+                                  MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
             return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
         }
 
@@ -4535,21 +4535,24 @@ int mbedtls_ssl_quic_post_handshake(mbedtls_ssl_context *ssl)
             MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_parse_new_session_ticket", ret);
             return(ret);
         }
-        mbedtls_ssl_ticket* ticket = mbedtls_calloc(1, sizeof(mbedtls_ssl_ticket));
-        if (ticket == NULL)
+
+        mbedtls_ssl_session* session_ticket = mbedtls_calloc(1, sizeof(mbedtls_ssl_session));
+        if (session_ticket == NULL)
         {
             return (MBEDTLS_ERR_SSL_ALLOC_FAILED);
         }
-        if ((mbedtls_ssl_get_client_ticket(ssl, ticket) != 0))
+
+        if( ( ret = mbedtls_ssl_get_session( ssl, session_ticket ) ) != 0 )
         {
-            mbedtls_free(ticket->ticket);
-            mbedtls_free(ticket);
-            return (MBEDTLS_ERR_SSL_INTERNAL_ERROR);
+            MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_session", ret);
+            mbedtls_ssl_session_free(session_ticket);
+            return(ret);
         }
+
         // the ticket will be transfered to and be released by the app
         ssl->quic_method->process_new_session(
                 ssl->p_quic_method,
-                ticket);
+                session_ticket);
         return (ret);
     }
 

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
@@ -2376,6 +2376,7 @@ static int ssl_finished_out_postprocess( mbedtls_ssl_context* ssl )
         if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_QUIC)
             mbedtls_set_quic_traffic_key(ssl, MBEDTLS_SSL_CRYPTO_LEVEL_APPLICATION);
 #endif /* MBEDTLS_SSL_PROTO_QUIC */
+
         mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_FLUSH_BUFFERS );
     }
     else
@@ -3185,6 +3186,51 @@ int mbedtls_ssl_write_early_data_ext( mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_ZERO_RTT */
 
+#if defined(MBEDTLS_SSL_PROTO_QUIC)
+
+/* declared in ssl_internal.h */
+int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
+        const uint8_t *params, size_t len,
+        uint8_t **oparams, size_t *olen) 
+{
+    if (len > MBEDTLS_QUIC_TRANSPORT_PARAMS_MAX_LEN)
+    {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("ssl_set_quic_transport_params: bad transport_params length"));
+        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
+    }
+
+    if ((*oparams = mbedtls_calloc(1, len)) == NULL)
+    {
+        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+    }
+
+    memcpy(*oparams, params, len);
+    *olen = len;
+
+    return 0;
+}
+
+int mbedtls_ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
+        const uint8_t *params, size_t len)
+{
+    // Setting transport params more than once is not expected, but
+    // permitted.
+    mbedtls_free(ssl->quic_transport_params);
+    ssl->quic_transport_params = NULL;
+
+    return ssl_set_quic_transport_params(ssl, params, len,
+            &ssl->quic_transport_params, &ssl->quic_transport_params_len);
+}
+
+void mbedtls_ssl_get_peer_quic_transport_params(mbedtls_ssl_context *ssl,
+    const uint8_t **oparams, size_t *olen)
+{
+    *oparams = (const uint8_t*)(ssl->peer_quic_transport_params);
+    *olen = ssl->peer_quic_transport_params_len;
+}
+
+#endif /* MBEDTLS_SSL_PROTO_QUIC */
+
 
 #if defined(MBEDTLS_ECDH_C)
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
@@ -3569,52 +3615,6 @@ int mbedtls_ecp_tls_13_write_group( const mbedtls_ecp_group *grp, size_t *olen,
 }
 
 #endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_SSL_PROTO_QUIC)
-
-/* declared in ssl_internal.h */
-int ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
-        const uint8_t *params, size_t len,
-        uint8_t **oparams, size_t *olen) 
-{
-    if (len > MBEDTLS_QUIC_TRANSPORT_PARAMS_MAX_LEN)
-    {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("ssl_set_quic_transport_params: bad transport_params length"));
-        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-    }
-
-    if ((*oparams = mbedtls_calloc(1, len)) == NULL)
-    {
-        return MBEDTLS_ERR_SSL_ALLOC_FAILED;
-    }
-
-    memcpy(*oparams, params, len);
-    *olen = len;
-
-    return 0;
-}
-
-int mbedtls_ssl_set_quic_transport_params(mbedtls_ssl_context *ssl,
-        const uint8_t *params, size_t len)
-{
-    // Setting transport params more than once is not expected, but
-    // permitted.
-    mbedtls_free(ssl->quic_transport_params);
-    ssl->quic_transport_params = NULL;
-
-    return ssl_set_quic_transport_params(ssl, params, len,
-            &ssl->quic_transport_params, &ssl->quic_transport_params_len);
-}
-
-void mbedtls_ssl_get_peer_quic_transport_params(mbedtls_ssl_context *ssl,
-    const uint8_t **oparams, size_t *olen)
-{
-    *oparams = (const uint8_t*)(ssl->peer_quic_transport_params);
-    *olen = ssl->peer_quic_transport_params_len;
-}
-
-#endif /* MBEDTLS_SSL_PROTO_QUIC */
-
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 
 #endif /* MBEDTLS_SSL_TLS_C */