From 1245d2e0236d1b94eccfaefcec8630774aa90e46 Mon Sep 17 00:00:00 2001
From: Dmitri Tikhonov <dtikhonov@litespeedtech.com>
Date: Mon, 30 Sep 2019 09:56:13 -0400
Subject: [PATCH] Release 2.4.3

- Add GQUIC versions to the list of h3 ALPNs for Alt-Svc header.
  For example, h3-Q043.  Chrome will switch to using this format at
  some point in the future.
- [BUGFIX] Send correct value in max_streams_uni transport param
- [SPEC] Abort IETF QUIC connection if max_early_data_size is not set
  to 0xFFFFFFFF
---
 CHANGELOG                                     |  9 +++++
 include/lsquic.h                              |  2 +-
 src/liblsquic/CMakeLists.txt                  |  4 +--
 src/liblsquic/{gen-verstrs => gen-verstrs.pl} | 34 ++++++++++++-------
 src/liblsquic/lsquic_enc_sess.h               |  2 +-
 src/liblsquic/lsquic_enc_sess_ietf.c          | 23 +++++++++++--
 src/liblsquic/lsquic_full_conn_ietf.c         |  3 +-
 7 files changed, 56 insertions(+), 21 deletions(-)
 rename src/liblsquic/{gen-verstrs => gen-verstrs.pl} (71%)

diff --git a/CHANGELOG b/CHANGELOG
index 71389511e..c78b87cfc 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,12 @@
+2019-09-30
+    - 2.4.3
+    - Add GQUIC versions to the list of h3 ALPNs for Alt-Svc header.
+      For example, h3-Q043.  Chrome will switch to using this format at
+      some point in the future.
+    - [BUGFIX] Send correct value in max_streams_uni transport param
+    - [SPEC] Abort IETF QUIC connection if max_early_data_size is not set
+      to 0xFFFFFFFF
+
 2019-09-23
     - 2.4.2
     - [BUGFIX] H3 framing: fix zero-byte write when space is available
diff --git a/include/lsquic.h b/include/lsquic.h
index 9c7d65525..5537ff197 100644
--- a/include/lsquic.h
+++ b/include/lsquic.h
@@ -25,7 +25,7 @@ extern "C" {
 
 #define LSQUIC_MAJOR_VERSION 2
 #define LSQUIC_MINOR_VERSION 4
-#define LSQUIC_PATCH_VERSION 2
+#define LSQUIC_PATCH_VERSION 3
 
 /**
  * Engine flags:
diff --git a/src/liblsquic/CMakeLists.txt b/src/liblsquic/CMakeLists.txt
index e2b95937e..766141ab7 100644
--- a/src/liblsquic/CMakeLists.txt
+++ b/src/liblsquic/CMakeLists.txt
@@ -93,9 +93,9 @@ ENDIF()
 
 ADD_CUSTOM_COMMAND(
     OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/lsquic_versions_to_string.c
-    COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/gen-verstrs
+    COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/gen-verstrs.pl
     ARGS ${CMAKE_CURRENT_SOURCE_DIR}/../../include/lsquic.h ${CMAKE_CURRENT_SOURCE_DIR}/lsquic_versions_to_string.c
-    DEPENDS ./gen-verstrs ${CMAKE_CURRENT_SOURCE_DIR}/../../include/lsquic.h
+    DEPENDS ./gen-verstrs.pl ${CMAKE_CURRENT_SOURCE_DIR}/../../include/lsquic.h
 )
 SET(lsquic_STAT_SRCS ${lsquic_STAT_SRCS} lsquic_versions_to_string.c)
 
diff --git a/src/liblsquic/gen-verstrs b/src/liblsquic/gen-verstrs.pl
similarity index 71%
rename from src/liblsquic/gen-verstrs
rename to src/liblsquic/gen-verstrs.pl
index 3e0894acb..7cfbd40e7 100755
--- a/src/liblsquic/gen-verstrs
+++ b/src/liblsquic/gen-verstrs.pl
@@ -16,9 +16,13 @@
         if (/^\s*(LSQVER_0*(\d+)),\s*$/ && $1 ne 'LSQVER_098') {
             push @enums, $1;
             push @versions, $2;
+            push @all_versions, $1;
+            push @all_alpns, "h3-Q0$2";
         }
-        if (/^\s*LSQVER_ID(\d+)\b/) {
-            push @draft_versions, $1;
+        if (/^\s*(LSQVER_ID(\d+))\b/) {
+            push @draft_versions, $2;
+            push @all_versions, $1;
+            push @all_alpns, "h3-$2";
         }
     }
 }
@@ -74,31 +78,34 @@
 C_CODE
 
 
-$draft_version_count = @draft_versions;
-$draft_version_count_and_null = $draft_version_count + 1;
+$all_version_count_and_null = scalar(@all_versions) + 1;
 
 print OUT <<"C_CODE";
 static const struct {
     unsigned    versions;
-    const char *h3_alpns[$draft_version_count_and_null];
+    const char *h3_alpns[$all_version_count_and_null];
 } vers_2_h3_alnps[] = {
+    { 0, { NULL }},
 C_CODE
 
-for ($i = 0; $i < (1 << @draft_versions); ++$i)
+for ($i = 0; $i < (1 << @all_versions); ++$i)
 {
-    my @vers;
-    for ($j = 0; $j < @draft_versions; ++$j)
+    my (@vers, @alpns);
+    for ($j = 0; $j < @all_versions; ++$j)
     {
         if ($i & (1 << $j))
         {
-            push @vers, $draft_versions[$j];
+            push @vers, $all_versions[$j];
+            push @alpns, $all_alpns[$j];
         }
     }
-    print OUT "   {", join("|", 0, map "(1<<LSQVER_ID$_)", @vers), ", ",
-        "{ ", join(", ", map "\"h3-$_\"", @vers), @vers ? ", " : "", "NULL }},\n";
+    if (@vers) {
+        print OUT "    {", join("|", map "(1<<$_)", @vers), ", ",
+            "{ ", join(", ", (map qq("$_"), @alpns), "NULL"), " }},\n";
+    }
 }
 
-$draft_versions = join("|", map "(1<<LSQVER_ID$_)", @draft_versions);
+$all_versions = join "|", map "(1<<$_)", @all_versions;
 
 print OUT <<"C_CODE";
 };
@@ -108,7 +115,7 @@
 {
     unsigned i;
 
-    versions &= $draft_versions;
+    versions &= ($all_versions);
 
     for (i = 0; i < sizeof(vers_2_h3_alnps) / sizeof(vers_2_h3_alnps[0]); ++i)
         if (versions == vers_2_h3_alnps[i].versions)
@@ -119,4 +126,5 @@
 }
 C_CODE
 
+
 close OUT;
diff --git a/src/liblsquic/lsquic_enc_sess.h b/src/liblsquic/lsquic_enc_sess.h
index 266dd683e..b18b8e8c8 100644
--- a/src/liblsquic/lsquic_enc_sess.h
+++ b/src/liblsquic/lsquic_enc_sess.h
@@ -264,7 +264,7 @@ struct enc_session_funcs_iquic
                            const struct ver_neg *, void *(crypto_streams)[4],
                            const struct crypto_stream_if *,
                            const unsigned char *, size_t,
-                           struct lsquic_alarmset *);
+                           struct lsquic_alarmset *, unsigned);
 
     void
     (*esfi_destroy) (enc_session_t *);
diff --git a/src/liblsquic/lsquic_enc_sess_ietf.c b/src/liblsquic/lsquic_enc_sess_ietf.c
index 162bfc438..3e806f300 100644
--- a/src/liblsquic/lsquic_enc_sess_ietf.c
+++ b/src/liblsquic/lsquic_enc_sess_ietf.c
@@ -272,6 +272,7 @@ struct enc_sess_iquic
                          esi_peer_tp;
     struct lsquic_alarmset
                         *esi_alset;
+    unsigned             esi_max_streams_uni;
 };
 
 
@@ -516,7 +517,7 @@ gen_trans_params (struct enc_sess_iquic *enc_sess, unsigned char *buf,
     params.tp_init_max_stream_data_uni
                             = settings->es_init_max_stream_data_uni;
     params.tp_init_max_streams_uni
-                            = settings->es_init_max_streams_uni;
+                            = enc_sess->esi_max_streams_uni;
     params.tp_init_max_streams_bidi
                             = settings->es_init_max_streams_bidi;
     params.tp_ack_delay_exponent
@@ -660,7 +661,7 @@ iquic_esfi_create_client (const char *hostname,
             const lsquic_cid_t *dcid, const struct ver_neg *ver_neg,
             void *crypto_streams[4], const struct crypto_stream_if *cryst_if,
             const unsigned char *zero_rtt, size_t zero_rtt_sz,
-            struct lsquic_alarmset *alset)
+            struct lsquic_alarmset *alset, unsigned max_streams_uni)
 {
     struct enc_sess_iquic *enc_sess;
 
@@ -735,6 +736,8 @@ iquic_esfi_create_client (const char *hostname,
     lsquic_alarmset_init_alarm(enc_sess->esi_alset, AL_SESS_TICKET,
                                             no_sess_ticket, enc_sess);
 
+    enc_sess->esi_max_streams_uni = max_streams_uni;
+
     return enc_sess;
 }
 
@@ -800,6 +803,9 @@ iquic_esfi_create_server (struct lsquic_engine_public *enpub,
         return NULL;
     }
 
+    enc_sess->esi_max_streams_uni
+        = enpub->enp_settings.es_init_max_streams_uni;
+
     return enc_sess;
 }
 
@@ -1141,6 +1147,7 @@ iquic_new_session_cb (SSL *ssl, SSL_SESSION *session)
     size_t ticket_sz;
     lsquic_ver_tag_t tag;
     const uint8_t *trapa_buf;
+    SSL_CTX *ssl_ctx;
     size_t trapa_sz, buf_sz;
 
     enc_sess = SSL_get_ex_data(ssl, s_idx);
@@ -1148,8 +1155,18 @@ iquic_new_session_cb (SSL *ssl, SSL_SESSION *session)
 
     max_early_data_size = SSL_SESSION_get_max_early_data_size(session);
     if (0xFFFFFFFFu != max_early_data_size)
-        LSQ_WARN("max_early_data_size=0x%X, protocol violation",
+    {
+        /* See [draft-ietf-quic-tls-23], Section 4.5 */
+        LSQ_INFO("max_early_data_size=0x%X, protocol violation",
                                                         max_early_data_size);
+        enc_sess->esi_conn->cn_if->ci_abort_error(enc_sess->esi_conn, 0,
+            TEC_PROTOCOL_VIOLATION, "max_early_data_size is set to %u "
+                "instead of 0xFFFFFFFF as mandated by standard",
+                max_early_data_size);
+        ssl_ctx = SSL_get_SSL_CTX(ssl);
+        SSL_CTX_sess_set_new_cb(ssl_ctx, NULL);
+        return 0;
+    }
 
     SSL_get_peer_quic_transport_params(enc_sess->esi_ssl, &trapa_buf,
                                                                 &trapa_sz);
diff --git a/src/liblsquic/lsquic_full_conn_ietf.c b/src/liblsquic/lsquic_full_conn_ietf.c
index 99e36045d..4e91f9793 100644
--- a/src/liblsquic/lsquic_full_conn_ietf.c
+++ b/src/liblsquic/lsquic_full_conn_ietf.c
@@ -1037,7 +1037,8 @@ lsquic_ietf_full_conn_client_new (struct lsquic_engine_public *enpub,
                 conn->ifc_enpub, &conn->ifc_conn, CUR_DCID(conn),
                 &conn->ifc_u.cli.ifcli_ver_neg,
                 (void **) conn->ifc_u.cli.crypto_streams, &crypto_stream_if,
-                zero_rtt, zero_rtt_sz, &conn->ifc_alset);
+                zero_rtt, zero_rtt_sz, &conn->ifc_alset,
+                conn->ifc_max_streams_in[SD_UNI]);
     if (!conn->ifc_conn.cn_enc_session)
     {
         /* TODO: free other stuff */