From 6594189fa16e845df5565ca4c180220783a752d4 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 9 Mar 2017 15:31:55 +0000
Subject: [PATCH] Merge early_data_info extension into early_data

As per draft-19

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)
---
 include/openssl/ssl.h        |  1 +
 include/openssl/tls1.h       |  1 -
 ssl/ssl_err.c                |  1 +
 ssl/ssl_locl.h               |  1 -
 ssl/statem/extensions.c      |  9 ++-------
 ssl/statem/extensions_clnt.c | 34 ++++++++++++++++------------------
 ssl/statem/extensions_srvr.c | 33 +++++++++++++++------------------
 ssl/statem/statem_locl.h     |  5 -----
 ssl/t1_trce.c                |  5 +++--
 9 files changed, 38 insertions(+), 52 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index bf0dd6bdd7..e3e85d6165 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -2413,6 +2413,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE                 464
 # define SSL_F_TLS_PARSE_CTOS_USE_SRTP                    465
 # define SSL_F_TLS_PARSE_STOC_COOKIE                      534
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA                  538
 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO             528
 # define SSL_F_TLS_PARSE_STOC_KEY_SHARE                   445
 # define SSL_F_TLS_PARSE_STOC_PSK                         502
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 8e890bf8b4..f2af3abb06 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -184,7 +184,6 @@ extern "C" {
 # define TLSEXT_TYPE_supported_versions          43
 # define TLSEXT_TYPE_cookie                      44
 # define TLSEXT_TYPE_psk_kex_modes               45
-# define TLSEXT_TYPE_early_data_info             46
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index f8d344b563..c476b1e7e0 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -405,6 +405,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
      "tls_parse_ctos_renegotiate"},
     {ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"},
     {ERR_FUNC(SSL_F_TLS_PARSE_STOC_COOKIE), "tls_parse_stoc_cookie"},
+    {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA), "tls_parse_stoc_early_data"},
     {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO),
      "tls_parse_stoc_early_data_info"},
     {ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"},
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index b2e0f66638..9913548c88 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1791,7 +1791,6 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_renegotiate,
     TLSEXT_IDX_server_name,
     TLSEXT_IDX_srp,
-    TLSEXT_IDX_early_data_info,
     TLSEXT_IDX_ec_point_formats,
     TLSEXT_IDX_supported_groups,
     TLSEXT_IDX_session_ticket,
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 0ab1f0494c..f11f5e03b9 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -131,12 +131,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
 #else
     INVALID_EXTENSION,
 #endif
-    {
-        TLSEXT_TYPE_early_data_info,
-        EXT_TLS1_3_NEW_SESSION_TICKET,
-        NULL, NULL, tls_parse_stoc_early_data_info,
-        tls_construct_stoc_early_data_info, NULL, NULL
-    },
 #ifndef OPENSSL_NO_EC
     {
         TLSEXT_TYPE_ec_point_formats,
@@ -287,7 +281,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
     },
     {
         TLSEXT_TYPE_early_data,
-        EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        | EXT_TLS1_3_NEW_SESSION_TICKET,
         NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
         tls_construct_stoc_early_data, tls_construct_ctos_early_data,
         final_early_data
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index c6cd0ce8a3..59bc974219 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -931,24 +931,6 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
     return 1;
 }
 
-int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
-                                   X509 *x, size_t chainidx, int *al)
-{
-    unsigned long max_early_data;
-
-    if (!PACKET_get_net_4(pkt, &max_early_data)
-            || PACKET_remaining(pkt) != 0) {
-        SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO,
-               SSL_R_INVALID_MAX_EARLY_DATA);
-        *al = SSL_AD_DECODE_ERROR;
-        return 0;
-    }
-
-    s->session->ext.max_early_data = max_early_data;
-
-    return 1;
-}
-
 #ifndef OPENSSL_NO_EC
 int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
                                  X509 *x, size_t chainidx, int *al)
@@ -1382,6 +1364,22 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
 int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
                               X509 *x, size_t chainidx, int *al)
 {
+    if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
+        unsigned long max_early_data;
+
+        if (!PACKET_get_net_4(pkt, &max_early_data)
+                || PACKET_remaining(pkt) != 0) {
+            SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                   SSL_R_INVALID_MAX_EARLY_DATA);
+            *al = SSL_AD_DECODE_ERROR;
+            return 0;
+        }
+
+        s->session->ext.max_early_data = max_early_data;
+
+        return 1;
+    }
+
     if (PACKET_remaining(pkt) != 0) {
         *al = SSL_AD_DECODE_ERROR;
         return 0;
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index ab3ad468fb..076a635d24 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -841,24 +841,6 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context,
     return 1;
 }
 
-int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
-                                       unsigned int context, X509 *x,
-                                       size_t chainidx, int *al)
-{
-    if (s->max_early_data == 0)
-        return 1;
-
-    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data_info)
-            || !WPACKET_start_sub_packet_u16(pkt)
-            || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
-            || !WPACKET_close(pkt)) {
-        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-
-    return 1;
-}
-
 #ifndef OPENSSL_NO_EC
 int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,
                                      X509 *x, size_t chainidx, int *al)
@@ -1151,6 +1133,21 @@ int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, unsigned int context,
 int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx, int *al)
 {
+    if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
+        if (s->max_early_data == 0)
+            return 1;
+
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
+                || !WPACKET_close(pkt)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        return 1;
+    }
+
     if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
         return 1;
 
diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h
index daf8a5b192..2e9821caf9 100644
--- a/ssl/statem/statem_locl.h
+++ b/ssl/statem/statem_locl.h
@@ -238,9 +238,6 @@ int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx, int *al);
 int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx, int *al);
-int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
-                                       unsigned int context, X509 *x,
-                                       size_t chainidx, int *al);
 int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx, int *al);
 #ifndef OPENSSL_NO_EC
@@ -345,8 +342,6 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
                                X509 *x, size_t chainidx, int *al);
 int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
                                X509 *x, size_t chainidx, int *al);
-int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
-                              X509 *x, size_t chainidx, int *al);
 int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
                               X509 *x, size_t chainidx, int *al);
 #ifndef OPENSSL_NO_EC
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 5cfaacd398..3968509eb7 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -476,7 +476,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
     {TLSEXT_TYPE_padding, "padding"},
     {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
     {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"},
-    {TLSEXT_TYPE_early_data_info, "ticket_early_data_info"},
     {TLSEXT_TYPE_early_data, "early_data"}
 };
 
@@ -833,7 +832,9 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
         return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1,
                               ssl_psk_kex_modes_tbl);
 
-    case TLSEXT_TYPE_early_data_info:
+    case TLSEXT_TYPE_early_data:
+        if (mt != SSL3_MT_NEWSESSION_TICKET)
+            break;
         if (extlen != 4)
             return 0;
         max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8)
-- 
2.34.1