3 files changed, 213 insertions, 3 deletions

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index d23aaa7249..12cfd3d4f0 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.49 2019/01/20 10:31:54 jsing Exp $
+# $OpenBSD: Makefile,v 1.50 2019/01/20 12:27:34 jsing Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -63,6 +63,7 @@ SRCS= \
         t1_lib.c \
         tls13_buffer.c \
         tls13_handshake.c \
+        tls13_handshake_msg.c \
         tls13_key_schedule.c \
         tls13_record.c \
         tls13_record_layer.c
diff --git a/src/lib/libssl/tls13_handshake_msg.c b/src/lib/libssl/tls13_handshake_msg.c
new file mode 100644
index 0000000000..f85271a537
--- /dev/null
+++ b/src/lib/libssl/tls13_handshake_msg.c
@@ -0,0 +1,188 @@
+/* $OpenBSD: tls13_handshake_msg.c,v 1.1 2019/01/20 12:27:34 jsing Exp $ */
+/*
+ * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "bytestring.h"
+#include "ssl_locl.h"
+#include "tls13_internal.h"
+
+#define TLS13_HANDSHAKE_MSG_HEADER_LEN  4
+#define TLS13_HANDSHAKE_MSG_INITIAL_LEN 256
+#define TLS13_HANDSHAKE_MSG_MAX_LEN     (256 * 1024)
+
+struct tls13_handshake_msg {
+        uint8_t msg_type;
+        uint32_t msg_len;
+        uint8_t *data;
+        size_t data_len;
+
+        struct tls13_buffer *buf;
+        CBS cbs;
+        CBB cbb;
+};
+
+struct tls13_handshake_msg *
+tls13_handshake_msg_new()
+{
+        struct tls13_handshake_msg *msg = NULL;
+
+        if ((msg = calloc(1, sizeof(struct tls13_handshake_msg))) == NULL)
+                goto err;
+        if ((msg->buf = tls13_buffer_new(0)) == NULL)
+                goto err;
+
+        return msg;
+
+ err:
+        tls13_handshake_msg_free(msg);
+
+        return NULL;
+}
+
+void
+tls13_handshake_msg_free(struct tls13_handshake_msg *msg)
+{
+        if (msg == NULL)
+                return;
+
+        tls13_buffer_free(msg->buf);
+
+        CBB_cleanup(&msg->cbb);
+
+        freezero(msg->data, msg->data_len);
+        freezero(msg, sizeof(struct tls13_handshake_msg));
+}
+
+void
+tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs)
+{
+        CBS_init(cbs, msg->data, msg->data_len);
+}
+
+uint8_t
+tls13_handshake_msg_type(struct tls13_handshake_msg *msg)
+{
+        return msg->msg_type;
+}
+
+int
+tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs)
+{
+        tls13_handshake_msg_data(msg, cbs);
+
+        return CBS_skip(cbs, TLS13_HANDSHAKE_MSG_HEADER_LEN);
+}
+
+int
+tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
+    uint8_t msg_type)
+{
+        if (!CBB_init(&msg->cbb, TLS13_HANDSHAKE_MSG_INITIAL_LEN))
+                return 0;
+        if (!CBB_add_u8(&msg->cbb, msg_type))
+                return 0;
+        if (!CBB_add_u24_length_prefixed(&msg->cbb, body))
+                return 0;
+
+        return 1;
+}
+
+int
+tls13_handshake_msg_finish(struct tls13_handshake_msg *msg)
+{
+        if (!CBB_finish(&msg->cbb, &msg->data, &msg->data_len))
+                return 0;
+
+        CBS_init(&msg->cbs, msg->data, msg->data_len);
+
+        return 1;
+}
+
+static ssize_t
+tls13_handshake_msg_read_cb(void *buf, size_t n, void *cb_arg)
+{
+        struct tls13_record_layer *rl = cb_arg;
+
+        return tls13_read_handshake_data(rl, buf, n);
+}
+
+int
+tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
+    struct tls13_record_layer *rl)
+{
+        uint8_t msg_type;
+        uint32_t msg_len;
+        CBS cbs;
+        int ret;
+
+        if (msg->data != NULL)
+                return TLS13_IO_FAILURE;
+
+        if (msg->msg_type == 0) {
+                if ((ret = tls13_buffer_extend(msg->buf,
+                    TLS13_HANDSHAKE_MSG_HEADER_LEN,
+                    tls13_handshake_msg_read_cb, rl)) <= 0)
+                        return ret;
+
+                tls13_buffer_cbs(msg->buf, &cbs);
+
+                if (!CBS_get_u8(&cbs, &msg_type))
+                        return TLS13_IO_FAILURE;
+                if (!CBS_get_u24(&cbs, &msg_len))
+                        return TLS13_IO_FAILURE;
+
+                /* XXX - do we want to make this variable on message type? */
+                if (msg_len > TLS13_HANDSHAKE_MSG_MAX_LEN)
+                        return TLS13_IO_FAILURE;
+
+                msg->msg_type = msg_type;
+                msg->msg_len = msg_len;
+        }
+
+        if ((ret = tls13_buffer_extend(msg->buf,
+            TLS13_HANDSHAKE_MSG_HEADER_LEN + msg->msg_len,
+            tls13_handshake_msg_read_cb, rl)) <= 0)
+                return ret;
+
+        if (!tls13_buffer_finish(msg->buf, &msg->data, &msg->data_len))
+                return TLS13_IO_FAILURE;
+
+        return TLS13_IO_SUCCESS;
+}
+
+int
+tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
+    struct tls13_record_layer *rl)
+{
+        ssize_t ret;
+
+        if (msg->data == NULL)
+                return TLS13_IO_FAILURE;
+
+        if (CBS_len(&msg->cbs) == 0)
+                return TLS13_IO_FAILURE;
+
+        while (CBS_len(&msg->cbs) > 0) {
+                if ((ret = tls13_write_handshake_data(rl, CBS_data(&msg->cbs),
+                    CBS_len(&msg->cbs))) <= 0)
+                        return ret;
+
+                if (!CBS_skip(&msg->cbs, ret))
+                        return TLS13_IO_FAILURE;
+        }
+
+        return TLS13_IO_SUCCESS;
+}
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 496627c0cd..6b85cfdab9 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.9 2019/01/20 10:31:54 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.10 2019/01/20 12:27:34 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -97,6 +97,9 @@ int tls13_derive_application_secrets(struct tls13_secrets *secrets,
 
 struct tls13_ctx;
 
+/*
+ * Record Layer.
+ */
 struct tls13_record_layer;
 
 struct tls13_record_layer *tls13_record_layer_new(tls13_read_cb wire_read,
@@ -119,7 +122,25 @@ ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_
     size_t n);
 
 /*
- * RFC 8446, Section B.3
+ * Handshake Messages.
+ */
+struct tls13_handshake_msg;
+
+struct tls13_handshake_msg *tls13_handshake_msg_new(void);
+void tls13_handshake_msg_free(struct tls13_handshake_msg *msg);
+void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs);
+uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg);
+int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs);
+int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
+    uint8_t msg_type);
+int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg);
+int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
+    struct tls13_record_layer *rl);
+int tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
+    struct tls13_record_layer *rl);
+
+/*
+ * Message Types - RFC 8446, Section B.3.
  *
  * Values listed as "_RESERVED" were used in previous versions of TLS and are
  * listed here for completeness.  TLS 1.3 implementations MUST NOT send them but