Implement pending for TLSv1.3.

Makes `openssl s_client -peekaboo` work with TLSv1.3.

ok beck@ tb@

4 files changed, 42 insertions, 6 deletions

diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 355cd8823a..8e4b678d3a 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.9 2020/01/23 03:17:40 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.10 2020/01/23 05:08:30 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -231,7 +231,7 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
         .ssl_renegotiate = ssl_undefined_function,
         .ssl_renegotiate_check = ssl_ok,
         .ssl_get_message = ssl3_get_message,
-        .ssl_pending = ssl3_pending,
+        .ssl_pending = tls13_legacy_pending,
         .ssl_read_bytes = tls13_legacy_read_bytes,
         .ssl_write_bytes = tls13_legacy_write_bytes,
         .ssl3_enc = &TLSv1_2_enc_data,
@@ -608,7 +608,7 @@ static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
         .ssl_renegotiate = ssl_undefined_function,
         .ssl_renegotiate_check = ssl_ok,
         .ssl_get_message = ssl3_get_message,
-        .ssl_pending = ssl3_pending,
+        .ssl_pending = tls13_legacy_pending,
         .ssl_read_bytes = tls13_legacy_read_bytes,
         .ssl_write_bytes = tls13_legacy_write_bytes,
         .ssl3_enc = &TLSv1_2_enc_data,
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 4d6d626433..12ba5750a0 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.47 2020/01/23 02:49:38 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.48 2020/01/23 05:08:30 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -138,6 +138,7 @@ ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
 ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
     size_t n);
+ssize_t tls13_pending_application_data(struct tls13_record_layer *rl);
 ssize_t tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
@@ -223,6 +224,7 @@ int tls13_legacy_connect(SSL *ssl);
 int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
 ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
 ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
+int tls13_legacy_pending(const SSL *ssl);
 int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len,
     int peek);
 int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 727f617471..de3e840a84 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.22 2020/01/23 02:49:38 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.23 2020/01/23 05:08:30 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -411,6 +411,22 @@ tls13_legacy_return_code(SSL *ssl, ssize_t ret)
 }
 
 int
+tls13_legacy_pending(const SSL *ssl)
+{
+        struct tls13_ctx *ctx = ssl->internal->tls13;
+        ssize_t ret;
+
+        if (ctx == NULL)
+                return 0;
+
+        ret = tls13_pending_application_data(ctx->rl);
+        if (ret < 0 || ret > INT_MAX)
+                return 0;
+
+        return ret;
+}
+
+int
 tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek)
 {
         struct tls13_ctx *ctx = ssl->internal->tls13;
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index f6dbbf1550..aa8968484b 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.23 2020/01/23 02:49:38 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.24 2020/01/23 05:08:30 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -815,6 +815,15 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
 }
 
 ssize_t
+tls13_record_layer_pending(struct tls13_record_layer *rl, uint8_t content_type)
+{
+        if (rl->rbuf_content_type != content_type)
+                return 0;
+
+        return CBS_len(&rl->rbuf_cbs);
+}
+
+static ssize_t
 tls13_record_layer_read_internal(struct tls13_record_layer *rl,
     uint8_t content_type, uint8_t *buf, size_t n, int peek)
 {
@@ -1026,6 +1035,15 @@ tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
 }
 
 ssize_t
+tls13_pending_application_data(struct tls13_record_layer *rl)
+{
+        if (!rl->handshake_completed)
+                return 0;
+
+        return tls13_record_layer_pending(rl, SSL3_RT_APPLICATION_DATA);
+}
+
+ssize_t
 tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
 {
         if (!rl->handshake_completed)