From 9e9db88c593e9fe3ec46a015b783a8903db297c3 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Wed, 22 Jan 2020 06:23:00 +0000
Subject: Implement support for SSL_peek() in the TLSv1.3 record layer.

ok beck@ tb@
---
 src/lib/libssl/tls13_internal.h     |  3 ++-
 src/lib/libssl/tls13_lib.c          | 14 ++++++--------
 src/lib/libssl/tls13_record_layer.c | 36 +++++++++++++++++++++++++++++++-----
 3 files changed, 39 insertions(+), 14 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index fc1d6c1889..68a129a634 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.43 2020/01/22 05:06:23 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.44 2020/01/22 06:23:00 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -136,6 +136,7 @@ ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
 ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
     size_t n);
+ssize_t tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
 ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
     size_t n);
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index d92d3cb8b6..73d936ac3f 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_lib.c,v 1.19 2020/01/22 03:15:43 beck Exp $ */
+/*	$OpenBSD: tls13_lib.c,v 1.20 2020/01/22 06:23:00 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -412,12 +412,6 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee
 		return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN);
 	}
 
-	if (peek) {
-		/* XXX - support peek... */
-		SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-		return -1;
-	}
-
 	if (type != SSL3_RT_APPLICATION_DATA) {
 		SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 		return -1;
@@ -427,7 +421,11 @@ tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int pee
 		return -1;
 	}
 
-	ret = tls13_read_application_data(ctx->rl, buf, len);
+	if (peek)
+		ret = tls13_peek_application_data(ctx->rl, buf, len);
+	else
+		ret = tls13_read_application_data(ctx->rl, buf, len);
+
 	return tls13_legacy_return_code(ssl, ret);
 }
 
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index ef558d52df..4de7340999 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.21 2020/01/22 05:06:23 tb Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.22 2020/01/22 06:23:00 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -812,8 +812,8 @@ tls13_record_layer_read_record(struct tls13_record_layer *rl)
 }
 
 ssize_t
-tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
-    uint8_t *buf, size_t n)
+tls13_record_layer_read_internal(struct tls13_record_layer *rl,
+    uint8_t content_type, uint8_t *buf, size_t n, int peek)
 {
 	ssize_t ret;
 
@@ -898,8 +898,11 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
 
 	/* XXX - CBS_memcpy? CBS_copy_bytes? */
 	memcpy(buf, CBS_data(&rl->rbuf_cbs), n);
-	if (!CBS_skip(&rl->rbuf_cbs, n))
-		goto err;
+
+	if (!peek) {
+		if (!CBS_skip(&rl->rbuf_cbs, n))
+			goto err;
+	}
 
 	if (CBS_len(&rl->rbuf_cbs) == 0)
 		tls13_record_layer_rbuf_free(rl);
@@ -910,6 +913,20 @@ tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
 	return TLS13_IO_FAILURE;
 }
 
+ssize_t
+tls13_record_layer_peek(struct tls13_record_layer *rl, uint8_t content_type,
+    uint8_t *buf, size_t n)
+{
+	return tls13_record_layer_read_internal(rl, content_type, buf, n, 1);
+}
+
+ssize_t
+tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
+    uint8_t *buf, size_t n)
+{
+	return tls13_record_layer_read_internal(rl, content_type, buf, n, 0);
+}
+
 static ssize_t
 tls13_record_layer_write_record(struct tls13_record_layer *rl,
     uint8_t content_type, const uint8_t *content, size_t content_len)
@@ -1005,6 +1022,15 @@ tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
 	return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n);
 }
 
+ssize_t
+tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
+{
+	if (!rl->handshake_completed)
+		return TLS13_IO_FAILURE;
+
+	return tls13_record_layer_peek(rl, SSL3_RT_APPLICATION_DATA, buf, n);
+}
+
 ssize_t
 tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
 {
-- 
cgit v1.2.3-55-g6feb