4 files changed, 29 insertions, 7 deletions

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 1729401505..a9f1b6bbd5 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.15 2019/04/04 16:53:57 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.16 2019/04/05 20:23:38 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -339,9 +339,6 @@ tls13_server_hello_recv(struct tls13_ctx *ctx)
         if (s->method->internal->version < TLS1_3_VERSION)
                 return 1;
 
-        if (ctx->handshake_stage.hs_type & WITH_HRR)
-                return 1;
-
         /* XXX - handle other key share types. */
         if (ctx->hs->x25519_peer_public == NULL) {
                 /* XXX - alert. */
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index fd49e03adc..542410bd39 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.34 2019/04/05 05:13:12 tb Exp $ */
+/*      $OpenBSD: tls13_handshake.c,v 1.35 2019/04/05 20:23:38 tb Exp $ */
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -98,6 +98,12 @@ struct tls13_handshake_action state_machine[] = {
                 .send = tls13_server_hello_send,
                 .recv = tls13_server_hello_recv,
         },
+        [SERVER_HELLO_RETRY] = {
+                .handshake_type = TLS13_MT_SERVER_HELLO,
+                .sender = TLS13_HS_SERVER,
+                .send = tls13_server_hello_retry_send,
+                .recv = tls13_server_hello_retry_recv,
+        },
         [SERVER_ENCRYPTED_EXTENSIONS] = {
                 .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS,
                 .sender = TLS13_HS_SERVER,
@@ -156,6 +162,7 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
                 CLIENT_HELLO,
                 SERVER_HELLO,
                 CLIENT_HELLO_RETRY,
+                SERVER_HELLO_RETRY,
                 SERVER_ENCRYPTED_EXTENSIONS,
                 SERVER_CERTIFICATE_REQUEST,
                 SERVER_CERTIFICATE,
@@ -179,6 +186,7 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
                 CLIENT_HELLO,
                 SERVER_HELLO,
                 CLIENT_HELLO_RETRY,
+                SERVER_HELLO_RETRY,
                 SERVER_ENCRYPTED_EXTENSIONS,
                 SERVER_CERTIFICATE,
                 SERVER_CERTIFICATE_VERIFY,
@@ -198,6 +206,7 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
                 CLIENT_HELLO,
                 SERVER_HELLO,
                 CLIENT_HELLO_RETRY,
+                SERVER_HELLO_RETRY,
                 SERVER_ENCRYPTED_EXTENSIONS,
                 SERVER_FINISHED,
                 CLIENT_FINISHED,
@@ -220,6 +229,7 @@ enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
                 CLIENT_HELLO,
                 SERVER_HELLO,
                 CLIENT_HELLO_RETRY,
+                SERVER_HELLO_RETRY,
                 SERVER_ENCRYPTED_EXTENSIONS,
                 SERVER_CERTIFICATE_REQUEST,
                 SERVER_CERTIFICATE,
@@ -404,6 +414,12 @@ tls13_client_hello_retry_send(struct tls13_ctx *ctx)
 }
 
 int
+tls13_server_hello_retry_recv(struct tls13_ctx *ctx)
+{
+        return 0;
+}
+
+int
 tls13_client_hello_retry_recv(struct tls13_ctx *ctx)
 {
         return 0;
@@ -473,6 +489,12 @@ tls13_server_hello_send(struct tls13_ctx *ctx)
 }
 
 int
+tls13_server_hello_retry_send(struct tls13_ctx *ctx)
+{
+        return 0;
+}
+
+int
 tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx)
 {
         return 0;
diff --git a/src/lib/libssl/tls13_handshake.h b/src/lib/libssl/tls13_handshake.h
index cbbec744d3..9910dab106 100644
--- a/src/lib/libssl/tls13_handshake.h
+++ b/src/lib/libssl/tls13_handshake.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_handshake.h,v 1.2 2019/01/20 22:36:19 tb Exp $ */
+/* $OpenBSD: tls13_handshake.h,v 1.3 2019/04/05 20:23:38 tb Exp $ */
 /*
  * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
  *
@@ -35,6 +35,7 @@ enum tls13_message_type {
         CLIENT_HELLO,
         SERVER_HELLO,
         CLIENT_HELLO_RETRY,
+        SERVER_HELLO_RETRY,
         SERVER_ENCRYPTED_EXTENSIONS,
         SERVER_CERTIFICATE_REQUEST,
         SERVER_CERTIFICATE,
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index c9ef37a39f..1d7a7eb699 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.27 2019/04/04 16:53:57 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.28 2019/04/05 20:23:38 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -229,6 +229,8 @@ int tls13_client_key_update_send(struct tls13_ctx *ctx);
 int tls13_client_key_update_recv(struct tls13_ctx *ctx);
 int tls13_server_hello_recv(struct tls13_ctx *ctx);
 int tls13_server_hello_send(struct tls13_ctx *ctx);
+int tls13_server_hello_retry_recv(struct tls13_ctx *ctx);
+int tls13_server_hello_retry_send(struct tls13_ctx *ctx);
 int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx);
 int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx);
 int tls13_server_certificate_recv(struct tls13_ctx *ctx);