Prepare to provide stubbed out versions for reading/writing 0-RTT data

We do not support this feature but need to provide OpenSSL's API since
software assumes it's available whenever TLS1_3_VERSION is available.
These are minimal stubs that should have a decent chance to interact
reasonably with software expecting the tricky upstream semantics, but
this will have to be sorted out with runtime testing, so will likely
have to be refined and revisited.

ok beck jsing

2 files changed, 41 insertions, 2 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index b01c426c9c..093c4bde2d 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.175 2020/09/19 10:05:00 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.176 2020/09/19 10:12:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1465,6 +1465,17 @@ int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
 
 uint32_t SSL_get_max_early_data(const SSL *s);
 int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+
+#define SSL_EARLY_DATA_NOT_SENT         0
+#define SSL_EARLY_DATA_REJECTED         1
+#define SSL_EARLY_DATA_ACCEPTED         2
+int SSL_get_early_data_status(const SSL *s);
+
+#define SSL_READ_EARLY_DATA_ERROR       0
+#define SSL_READ_EARLY_DATA_SUCCESS     1
+#define SSL_READ_EARLY_DATA_FINISH      2
+int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes);
+int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written);
 #endif
 
 long    SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 3c62f39a57..b04b67df41 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.231 2020/09/19 10:05:00 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.232 2020/09/19 10:12:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1023,6 +1023,34 @@ SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
 {
         return 1;
 }
+
+int
+SSL_get_early_data_status(const SSL *s)
+{
+        return SSL_EARLY_DATA_REJECTED;
+}
+
+int
+SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+        *readbytes = 0;
+
+        if (!s->server) {
+                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                return SSL_READ_EARLY_DATA_ERROR;
+        }
+
+        return SSL_READ_EARLY_DATA_FINISH;
+}
+
+int
+SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
+{
+        *written = 0;
+        SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+}
+
 int
 SSL_shutdown(SSL *s)
 {