Add the initial framework for the TLSv1.3 server.

ok beck@

3 files changed, 84 insertions, 3 deletions

diff --git a/lib/libssl/Makefile b/lib/libssl/Makefile
index 2ede8a77b07..778b525224a 100644
--- a/lib/libssl/Makefile
+++ b/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.56 2019/02/09 15:30:52 jsing Exp $
+# $OpenBSD: Makefile,v 1.57 2019/11/17 06:35:30 jsing Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -72,7 +72,8 @@ SRCS= \
 	tls13_key_schedule.c \
 	tls13_lib.c \
 	tls13_record.c \
-	tls13_record_layer.c
+	tls13_record_layer.c \
+	tls13_server.c
 
 HDRS=	dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
 
diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h
index 7288ca3448d..9ab72f4f3a7 100644
--- a/lib/libssl/tls13_internal.h
+++ b/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.29 2019/11/17 00:10:47 beck Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.30 2019/11/17 06:35:30 jsing Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -176,6 +176,7 @@ const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
 /*
  * Legacy interfaces.
  */
+int tls13_legacy_accept(SSL *ssl);
 int tls13_legacy_connect(SSL *ssl);
 int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
 ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c
new file mode 100644
index 00000000000..8d484fcb459
--- /dev/null
+++ b/lib/libssl/tls13_server.c
@@ -0,0 +1,79 @@
+/* $OpenBSD: tls13_server.c,v 1.1 2019/11/17 06:35:30 jsing Exp $ */
+/*
+ * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "ssl_locl.h"
+
+#include "tls13_handshake.h"
+#include "tls13_internal.h"
+
+static int
+tls13_accept(struct tls13_ctx *ctx)
+{
+	if (ctx->mode != TLS13_HS_SERVER)
+		return TLS13_IO_FAILURE;
+
+	return tls13_handshake_perform(ctx);
+}
+
+static int
+tls13_server_init(struct tls13_ctx *ctx)
+{
+	SSL *s = ctx->ssl;
+
+	if (!ssl_supported_version_range(s, &ctx->hs->min_version,
+	    &ctx->hs->max_version)) {
+		SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
+		return 0;
+	}
+
+	/* XXX implement. */
+
+	return 1;
+}
+
+int
+tls13_legacy_accept(SSL *ssl)
+{
+	struct tls13_ctx *ctx = ssl->internal->tls13;
+	int ret;
+
+	if (ctx == NULL) {
+		if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) {
+			SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
+			return -1;
+		}
+		ssl->internal->tls13 = ctx;
+		ctx->ssl = ssl;
+		ctx->hs = &S3I(ssl)->hs_tls13;
+
+		if (!tls13_server_init(ctx)) {
+			if (ERR_peek_error() == 0)
+				SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
+			return -1;
+		}
+	}
+
+	S3I(ssl)->hs.state = SSL_ST_ACCEPT;
+
+	ret = tls13_accept(ctx);
+	if (ret == TLS13_IO_USE_LEGACY)
+		return ssl->method->internal->ssl_accept(ssl);
+	if (ret == TLS13_IO_SUCCESS)
+		S3I(ssl)->hs.state = SSL_ST_OK;
+
+	return tls13_legacy_return_code(ssl, ret);
+}