Merge early_data_info extension into early_data

[openssl.git] / ssl / statem / extensions_clnt.c

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 0af4d1b5888ac839761f908ce8db558440c86964..59bc97421939b5d507c08d4be289280cb3ff87a7 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -102,10 +102,10 @@ static int use_ecc(SSL *s)
         if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
                 || (alg_a & SSL_aECDSA)
                 || c->min_tls >= TLS1_3_VERSION)
-            break;
+            return 1;
     }
 
-    return i < end;
+    return 0;
 }
 
 int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,
@@ -146,7 +146,6 @@ int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
      * Add TLS extension supported_groups to the ClientHello message
      */
     /* TODO(TLS1.3): Add support for DHE groups */
-    pcurves = s->ext.supportedgroups;
     if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
                ERR_R_INTERNAL_ERROR);
@@ -590,7 +589,6 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, unsigned int context,
         return 0;
     }
 
-    pcurves = s->ext.supportedgroups;
     if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, ERR_R_INTERNAL_ERROR);
         return 0;
@@ -636,6 +634,34 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, unsigned int context,
     return 1;
 }
 
+int tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx, int *al)
+{
+    int ret = 0;
+
+    /* Should only be set if we've had an HRR */
+    if (s->ext.tls13_cookie_len == 0)
+        return 1;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie)
+               /* Extension data sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie,
+                                       s->ext.tls13_cookie_len)
+            || !WPACKET_close(pkt)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_CTOS_COOKIE, ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+
+    ret = 1;
+ end:
+    OPENSSL_free(s->ext.tls13_cookie);
+    s->ext.tls13_cookie = NULL;
+    s->ext.tls13_cookie_len = 0;
+
+    return ret;
+}
+
 int tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx, int *al)
 {
@@ -905,24 +931,6 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
     return 1;
 }
 
-int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
-                                   X509 *x, size_t chainidx, int *al)
-{
-    unsigned long max_early_data;
-
-    if (!PACKET_get_net_4(pkt, &max_early_data)
-            || PACKET_remaining(pkt) != 0) {
-        SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO,
-               SSL_R_INVALID_MAX_EARLY_DATA);
-        *al = SSL_AD_DECODE_ERROR;
-        return 0;
-    }
-
-    s->session->ext.max_early_data = max_early_data;
-
-    return 1;
-}
-
 #ifndef OPENSSL_NO_EC
 int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
                                  X509 *x, size_t chainidx, int *al)
@@ -988,7 +996,7 @@ int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
      * MUST only be sent if we've requested a status
      * request message. In TLS <= 1.2 it must also be empty.
      */
-    if (s->ext.status_type == TLSEXT_STATUSTYPE_nothing
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp
             || (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0)) {
         *al = SSL_AD_UNSUPPORTED_EXTENSION;
         return 0;
@@ -1273,7 +1281,6 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
         }
 
         /* Validate the selected group is one we support */
-        pcurves = s->ext.supportedgroups;
         if (!tls1_get_curvelist(s, 0, &pcurves, &num_curves)) {
             SSLerr(SSL_F_TLS_PARSE_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
             return 0;
@@ -1338,9 +1345,41 @@ int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
     return 1;
 }
 
+int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx, int *al)
+{
+    PACKET cookie;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &cookie)
+            || !PACKET_memdup(&cookie, &s->ext.tls13_cookie,
+                              &s->ext.tls13_cookie_len)) {
+        *al = SSL_AD_DECODE_ERROR;
+        SSLerr(SSL_F_TLS_PARSE_STOC_COOKIE, SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
 int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
                               X509 *x, size_t chainidx, int *al)
 {
+    if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
+        unsigned long max_early_data;
+
+        if (!PACKET_get_net_4(pkt, &max_early_data)
+                || PACKET_remaining(pkt) != 0) {
+            SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                   SSL_R_INVALID_MAX_EARLY_DATA);
+            *al = SSL_AD_DECODE_ERROR;
+            return 0;
+        }
+
+        s->session->ext.max_early_data = max_early_data;
+
+        return 1;
+    }
+
     if (PACKET_remaining(pkt) != 0) {
         *al = SSL_AD_DECODE_ERROR;
         return 0;