Adds initial dtls 1.3 structs and definitions

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259)

7 files changed, 67 insertions, 1 deletions

diff --git a/include/openssl/prov_ssl.h b/include/openssl/prov_ssl.h
index 76d01e1eb8..9f3e8197e3 100644
--- a/include/openssl/prov_ssl.h
+++ b/include/openssl/prov_ssl.h
@@ -27,6 +27,7 @@ extern "C" {
 # define TLS1_3_VERSION                  0x0304
 # define DTLS1_VERSION                   0xFEFF
 # define DTLS1_2_VERSION                 0xFEFD
+# define DTLS1_3_VERSION                 0xFEFC
 # define DTLS1_BAD_VER                   0x0100
 
 /* QUIC uses a 4 byte unsigned version number */
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 988e637dda..9c56b27e12 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -406,6 +406,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
 # define SSL_OP_NO_TLSv1_3                               SSL_OP_BIT(29)
 # define SSL_OP_NO_DTLSv1                                SSL_OP_BIT(26)
 # define SSL_OP_NO_DTLSv1_2                              SSL_OP_BIT(27)
+# define SSL_OP_NO_DTLSv1_3                              SSL_OP_BIT(29)
     /* Disallow all renegotiation */
 # define SSL_OP_NO_RENEGOTIATION                         SSL_OP_BIT(30)
     /*
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 1ac0975d0a..f36d5a3d5f 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -51,6 +51,21 @@ const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
     dtls1_handshake_write
 };
 
+const SSL3_ENC_METHOD DTLSv1_3_enc_data = {
+    tls13_setup_key_block,
+    tls13_generate_master_secret,
+    tls13_change_cipher_state,
+    tls13_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls13_alert_code,
+    tls13_export_keying_material,
+    SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF,
+    dtls1_set_handshake_header,
+    dtls1_close_construct_packet,
+    dtls1_handshake_write
+};
+
 OSSL_TIME dtls1_default_timeout(void)
 {
     /*
diff --git a/ssl/methods.c b/ssl/methods.c
index 525f59e912..836d859ec7 100644
--- a/ssl/methods.c
+++ b/ssl/methods.c
@@ -125,6 +125,12 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
                           ossl_statem_accept,
                           ossl_statem_connect, DTLSv1_2_enc_data)
 #endif
+#ifndef OPENSSL_NO_DTLS1_3_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_3_VERSION, 0, SSL_OP_NO_DTLSv1_3,
+                          dtlsv1_3_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_3_enc_data)
+#endif
 IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
                           DTLS_method,
                           ossl_statem_accept,
@@ -145,6 +151,12 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
                           ossl_statem_accept,
                           ssl_undefined_function, DTLSv1_2_enc_data)
 #endif
+#ifndef OPENSSL_NO_DTLS1_3_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_3_VERSION, 0, SSL_OP_NO_DTLSv1_3,
+                          dtlsv1_3_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_3_enc_data)
+#endif
 IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
                           DTLS_server_method,
                           ossl_statem_accept,
@@ -169,6 +181,12 @@ IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
                           ssl_undefined_function,
                           ossl_statem_connect, DTLSv1_2_enc_data)
 #endif
+#ifndef OPENSSL_NO_DTLS1_3_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_3_VERSION, 0, SSL_OP_NO_DTLSv1_3,
+                          dtlsv1_3_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_3_enc_data)
+#endif
 IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
                           DTLS_client_method,
                           ssl_undefined_function,
diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 1267f81385..74939ea174 100644
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -382,6 +382,7 @@ extern const struct record_functions_st tls_1_funcs;
 extern const struct record_functions_st tls_1_3_funcs;
 extern const struct record_functions_st tls_any_funcs;
 extern const struct record_functions_st dtls_1_funcs;
+extern const struct record_functions_st dtls_1_3_funcs;
 extern const struct record_functions_st dtls_any_funcs;
 
 void ossl_rlayer_fatal(OSSL_RECORD_LAYER *rl, int al, int reason,
diff --git a/ssl/record/methods/tls13_meth.c b/ssl/record/methods/tls13_meth.c
index fff81d3d08..b38bfefae9 100644
--- a/ssl/record/methods/tls13_meth.c
+++ b/ssl/record/methods/tls13_meth.c
@@ -323,3 +323,24 @@ const struct record_functions_st tls_1_3_funcs = {
     tls_post_encryption_processing_default,
     NULL
 };
+
+const struct record_functions_st dtls_1_3_funcs = {
+    tls13_set_crypto_state,
+    tls13_cipher,
+    NULL,
+    tls_default_set_protocol_version,
+    tls_default_read_n,
+    dtls_get_more_records,
+    NULL,
+    tls13_post_process_record,
+    NULL,
+    tls_write_records_default,
+    tls_allocate_write_buffers_default,
+    tls_initialise_write_packets_default,
+    tls13_get_record_type,
+    dtls_prepare_record_header,
+    tls13_add_record_padding,
+    tls_prepare_for_encryption_default,
+    dtls_post_encryption_processing,
+    NULL
+};
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index cae0c1202b..b4a10b7bfa 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -258,13 +258,18 @@
 # define SSL_CONNECTION_IS_DTLS(s) \
     (SSL_CONNECTION_GET_SSL(s)->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
 
+/* Check if we are using DTLSv1.3 */
+# define SSL_CONNECTION_IS_DTLS13(s) (SSL_CONNECTION_IS_DTLS(s) \
+    && DTLS_VERSION_GE(SSL_CONNECTION_GET_SSL(s)->method->version, DTLS1_3_VERSION) \
+    && SSL_CONNECTION_GET_SSL(s)->method->version != DTLS_ANY_VERSION)
+
 /* Check if we are using TLSv1.3 */
 # define SSL_CONNECTION_IS_TLS13(s) (!SSL_CONNECTION_IS_DTLS(s) \
     && SSL_CONNECTION_GET_SSL(s)->method->version >= TLS1_3_VERSION \
     && SSL_CONNECTION_GET_SSL(s)->method->version != TLS_ANY_VERSION)
 
 # define SSL_CONNECTION_TREAT_AS_TLS13(s) \
-    (SSL_CONNECTION_IS_TLS13(s) \
+    ((SSL_CONNECTION_IS_TLS13(s) || SSL_CONNECTION_IS_DTLS13(s)) \
      || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
      || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
      || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
@@ -2261,6 +2266,9 @@ __owur const SSL_METHOD *dtls_bad_ver_client_method(void);
 __owur const SSL_METHOD *dtlsv1_2_method(void);
 __owur const SSL_METHOD *dtlsv1_2_server_method(void);
 __owur const SSL_METHOD *dtlsv1_2_client_method(void);
+__owur const SSL_METHOD *dtlsv1_3_method(void);
+__owur const SSL_METHOD *dtlsv1_3_server_method(void);
+__owur const SSL_METHOD *dtlsv1_3_client_method(void);
 
 extern const SSL3_ENC_METHOD TLSv1_enc_data;
 extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
@@ -2269,6 +2277,7 @@ extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
 extern const SSL3_ENC_METHOD SSLv3_enc_data;
 extern const SSL3_ENC_METHOD DTLSv1_enc_data;
 extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_3_enc_data;
 
 /*
  * Flags for SSL methods