Merge early_data_info extension into early_data

As per draft-19
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2895)

include/openssl/ssl.h

@@ -2413,6 +2413,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE                 464
 # define SSL_F_TLS_PARSE_CTOS_USE_SRTP                    465
 # define SSL_F_TLS_PARSE_STOC_COOKIE                      534
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA                  538
 # define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO             528
 # define SSL_F_TLS_PARSE_STOC_KEY_SHARE                   445
 # define SSL_F_TLS_PARSE_STOC_PSK                         502

include/openssl/tls1.h

@@ -184,7 +184,6 @@ extern "C" {
 # define TLSEXT_TYPE_supported_versions          43
 # define TLSEXT_TYPE_cookie                      44
 # define TLSEXT_TYPE_psk_kex_modes               45
-# define TLSEXT_TYPE_early_data_info             46
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01

ssl/ssl_err.c

@@ -405,6 +405,7 @@ static ERR_STRING_DATA SSL_str_functs[] = {
      "tls_parse_ctos_renegotiate"},
     {ERR_FUNC(SSL_F_TLS_PARSE_CTOS_USE_SRTP), "tls_parse_ctos_use_srtp"},
     {ERR_FUNC(SSL_F_TLS_PARSE_STOC_COOKIE), "tls_parse_stoc_cookie"},
+    {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA), "tls_parse_stoc_early_data"},
     {ERR_FUNC(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO),
      "tls_parse_stoc_early_data_info"},
     {ERR_FUNC(SSL_F_TLS_PARSE_STOC_KEY_SHARE), "tls_parse_stoc_key_share"},

ssl/ssl_locl.h

@@ -1791,7 +1791,6 @@ typedef enum tlsext_index_en {
     TLSEXT_IDX_renegotiate,
     TLSEXT_IDX_server_name,
     TLSEXT_IDX_srp,
-    TLSEXT_IDX_early_data_info,
     TLSEXT_IDX_ec_point_formats,
     TLSEXT_IDX_supported_groups,
     TLSEXT_IDX_session_ticket,

ssl/statem/extensions.c

@@ -131,12 +131,6 @@ static const EXTENSION_DEFINITION ext_defs[] = {
 #else
     INVALID_EXTENSION,
 #endif
-    {
-        TLSEXT_TYPE_early_data_info,
-        EXT_TLS1_3_NEW_SESSION_TICKET,
-        NULL, NULL, tls_parse_stoc_early_data_info,
-        tls_construct_stoc_early_data_info, NULL, NULL
-    },
 #ifndef OPENSSL_NO_EC
     {
         TLSEXT_TYPE_ec_point_formats,
@@ -287,7 +281,8 @@ static const EXTENSION_DEFINITION ext_defs[] = {
     },
     {
         TLSEXT_TYPE_early_data,
-        EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        | EXT_TLS1_3_NEW_SESSION_TICKET,
         NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
         tls_construct_stoc_early_data, tls_construct_ctos_early_data,
         final_early_data

ssl/statem/extensions_clnt.c

@@ -931,24 +931,6 @@ int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
     return 1;
 }
 
-int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
-                                   X509 *x, size_t chainidx, int *al)
-{
-    unsigned long max_early_data;
-
-    if (!PACKET_get_net_4(pkt, &max_early_data)
-            || PACKET_remaining(pkt) != 0) {
-        SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO,
-               SSL_R_INVALID_MAX_EARLY_DATA);
-        *al = SSL_AD_DECODE_ERROR;
-        return 0;
-    }
-
-    s->session->ext.max_early_data = max_early_data;
-
-    return 1;
-}
-
 #ifndef OPENSSL_NO_EC
 int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
                                  X509 *x, size_t chainidx, int *al)
@@ -1382,6 +1364,22 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
 int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
                               X509 *x, size_t chainidx, int *al)
 {
+    if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
+        unsigned long max_early_data;
+
+        if (!PACKET_get_net_4(pkt, &max_early_data)
+                || PACKET_remaining(pkt) != 0) {
+            SSLerr(SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                   SSL_R_INVALID_MAX_EARLY_DATA);
+            *al = SSL_AD_DECODE_ERROR;
+            return 0;
+        }
+
+        s->session->ext.max_early_data = max_early_data;
+
+        return 1;
+    }
+
     if (PACKET_remaining(pkt) != 0) {
         *al = SSL_AD_DECODE_ERROR;
         return 0;

ssl/statem/extensions_srvr.c

@@ -841,24 +841,6 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context,
     return 1;
 }
 
-int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
-                                       unsigned int context, X509 *x,
-                                       size_t chainidx, int *al)
-{
-    if (s->max_early_data == 0)
-        return 1;
-
-    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data_info)
-            || !WPACKET_start_sub_packet_u16(pkt)
-            || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
-            || !WPACKET_close(pkt)) {
-        SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, ERR_R_INTERNAL_ERROR);
-        return 0;
-    }
-
-    return 1;
-}
-
 #ifndef OPENSSL_NO_EC
 int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, unsigned int context,
                                      X509 *x, size_t chainidx, int *al)
@@ -1151,6 +1133,21 @@ int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, unsigned int context,
 int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx, int *al)
 {
+    if (context == EXT_TLS1_3_NEW_SESSION_TICKET) {
+        if (s->max_early_data == 0)
+            return 1;
+
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
+                || !WPACKET_close(pkt)) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        return 1;
+    }
+
     if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
         return 1;
 

ssl/statem/statem_locl.h

@@ -238,9 +238,6 @@ int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx, int *al);
 int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, unsigned int context,
                                    X509 *x, size_t chainidx, int *al);
-int tls_construct_stoc_early_data_info(SSL *s, WPACKET *pkt,
-                                       unsigned int context, X509 *x,
-                                       size_t chainidx, int *al);
 int tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, unsigned int context,
                                   X509 *x, size_t chainidx, int *al);
 #ifndef OPENSSL_NO_EC
@@ -345,8 +342,6 @@ int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
                                X509 *x, size_t chainidx, int *al);
 int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
                                X509 *x, size_t chainidx, int *al);
-int tls_parse_stoc_early_data_info(SSL *s, PACKET *pkt, unsigned int context,
-                              X509 *x, size_t chainidx, int *al);
 int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
                               X509 *x, size_t chainidx, int *al);
 #ifndef OPENSSL_NO_EC

ssl/t1_trce.c

@@ -476,7 +476,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = {
     {TLSEXT_TYPE_padding, "padding"},
     {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
     {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"},
-    {TLSEXT_TYPE_early_data_info, "ticket_early_data_info"},
     {TLSEXT_TYPE_early_data, "early_data"}
 };
 
@@ -833,7 +832,9 @@ static int ssl_print_extension(BIO *bio, int indent, int server,
         return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1,
                               ssl_psk_kex_modes_tbl);
 
-    case TLSEXT_TYPE_early_data_info:
+    case TLSEXT_TYPE_early_data:
+        if (mt != SSL3_MT_NEWSESSION_TICKET)
+            break;
         if (extlen != 4)
             return 0;
         max_early_data = (ext[0] << 24) | (ext[1] << 16) | (ext[2] << 8)