From b0a0fdd8f4f847d0942e9a7f8464a7fb8ae94921 Mon Sep 17 00:00:00 2001
From: Kevin Jacobs <kjacobs@mozilla.com>
Date: Thu, 27 Feb 2020 02:39:11 +0000
Subject: Bug 1608892 - Update DTLS 1.3 to draft-34 r=mt

This patch updates the DTLS 1.3 implementation to draft-34. Notable changes:

1) Key separation via `ssl_protocol_variant`.
2) No longer apply sequence number masking when in `UNSAFE_FUZZER_MODE`. This allowed removal of workarounds for unpadded (<16B) ciphertexts being used as input to `SSL_CreateMask`.
3) Compile ssl_gtests in `UNSAFE_FUZZER_MODE` iff `--fuzz=tls` was specified. Currently all gtests are compiled this way if `--fuzz`, but lib/ssl only if `--fuzz=tls`. (See above, we can't have ssl_gtests in fuzzer mode, but not lib/ssl, since the masking mismatch will break filters).
4) Parameterize masking tests, as appropriate.
5) Reject non-empty legacy_cookie, and test.
6) Reject ciphertexts <16B in length in `dtls13_MaskSequenceNumber` (if not `UNSAFE_FUZZER_MODE`).

Differential Revision: https://phabricator.services.mozilla.com/D62488
---
 lib/ssl/sslsock.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/ssl/sslsock.c')

diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index 581f0c467..cf77c187b 100644
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -4222,6 +4222,7 @@ struct {
     EXP(CreateAntiReplayContext),
     EXP(CreateMask),
     EXP(CreateMaskingContext),
+    EXP(CreateVariantMaskingContext),
     EXP(DelegateCredential),
     EXP(DestroyAead),
     EXP(DestroyMaskingContext),
@@ -4236,8 +4237,11 @@ struct {
     EXP(HkdfExtract),
     EXP(HkdfExpandLabel),
     EXP(HkdfExpandLabelWithMech),
+    EXP(HkdfVariantExpandLabel),
+    EXP(HkdfVariantExpandLabelWithMech),
     EXP(KeyUpdate),
     EXP(MakeAead),
+    EXP(MakeVariantAead),
     EXP(RecordLayerData),
     EXP(RecordLayerWriteCallback),
     EXP(ReleaseAntiReplayContext),
-- 
cgit v1.2.1