Add the initial framework for the TLSv1.3 server.

ok beck@
author: jsing <> 2019-11-17 06:35:30 +0000
committer: jsing <> 2019-11-17 06:35:30 +0000
commit: 409fa0d28febaa4ac29449f82e464e5bdb785ac6 (patch)
tree: 64b268783159e5f32378776acd8d4e6c753a419b
parent: 45bbbfd098329712115368b9fab20a0605ef4bde (diff)
download: openbsd-409fa0d28febaa4ac29449f82e464e5bdb785ac6.tar.gz
openbsd-409fa0d28febaa4ac29449f82e464e5bdb785ac6.tar.bz2
openbsd-409fa0d28febaa4ac29449f82e464e5bdb785ac6.zip
3 files changed, 84 insertions, 3 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 2ede8a77b0..778b525224 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.56 2019/02/09 15:30:52 jsing Exp $
+# $OpenBSD: Makefile,v 1.57 2019/11/17 06:35:30 jsing Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -72,7 +72,8 @@ SRCS= \
        tls13_key_schedule.c \
        tls13_lib.c \
        tls13_record.c \
-        tls13_record_layer.c
+        tls13_record_layer.c \
+        tls13_server.c
 HDRS=   dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 7288ca3448..9ab72f4f3a 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.29 2019/11/17 00:10:47 beck Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.30 2019/11/17 06:35:30 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -176,6 +176,7 @@ const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
 /*
 * Legacy interfaces.
 */
+int tls13_legacy_accept(SSL *ssl);
 int tls13_legacy_connect(SSL *ssl);
 int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
 ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
new file mode 100644
index 0000000000..8d484fcb45
--- /dev/null
+++ b/src/lib/libssl/tls13_server.c
@@ -0,0 +1,79 @@
+/* $OpenBSD: tls13_server.c,v 1.1 2019/11/17 06:35:30 jsing Exp $ */
+/*
+ * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "ssl_locl.h"
+#include "tls13_handshake.h"
+#include "tls13_internal.h"
+static int
+tls13_accept(struct tls13_ctx *ctx)
+{
+        if (ctx->mode != TLS13_HS_SERVER)
+                return TLS13_IO_FAILURE;
+        return tls13_handshake_perform(ctx);
+}
+static int
+tls13_server_init(struct tls13_ctx *ctx)
+{
+        SSL *s = ctx->ssl;
+        if (!ssl_supported_version_range(s, &ctx->hs->min_version,
+            &ctx->hs->max_version)) {
+                SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
+                return 0;
+        }
+        /* XXX implement. */
+        return 1;
+}
+int
+tls13_legacy_accept(SSL *ssl)
+{
+        struct tls13_ctx *ctx = ssl->internal->tls13;
+        int ret;
+        if (ctx == NULL) {
+                if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) {
+                        SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
+                        return -1;
+                }
+                ssl->internal->tls13 = ctx;
+                ctx->ssl = ssl;
+                ctx->hs = &S3I(ssl)->hs_tls13;
+                if (!tls13_server_init(ctx)) {
+                        if (ERR_peek_error() == 0)
+                                SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
+                        return -1;
+                }
+        }
+        S3I(ssl)->hs.state = SSL_ST_ACCEPT;
+        ret = tls13_accept(ctx);
+        if (ret == TLS13_IO_USE_LEGACY)
+                return ssl->method->internal->ssl_accept(ssl);
+        if (ret == TLS13_IO_SUCCESS)
+                S3I(ssl)->hs.state = SSL_ST_OK;
+        return tls13_legacy_return_code(ssl, ret);
+}
author	jsing <>	2019-11-17 06:35:30 +0000
committer	jsing <>	2019-11-17 06:35:30 +0000
commit	409fa0d28febaa4ac29449f82e464e5bdb785ac6 (patch)
tree	64b268783159e5f32378776acd8d4e6c753a419b
parent	45bbbfd098329712115368b9fab20a0605ef4bde (diff)
download	openbsd-409fa0d28febaa4ac29449f82e464e5bdb785ac6.tar.gz openbsd-409fa0d28febaa4ac29449f82e464e5bdb785ac6.tar.bz2 openbsd-409fa0d28febaa4ac29449f82e464e5bdb785ac6.zip

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 2ede8a77b0..778b525224 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.56 2019/02/09 15:30:52 jsing Exp $	1	# $OpenBSD: Makefile,v 1.57 2019/11/17 06:35:30 jsing Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -72,7 +72,8 @@ SRCS= \
72	tls13_key_schedule.c \	72	tls13_key_schedule.c \
73	tls13_lib.c \	73	tls13_lib.c \
74	tls13_record.c \	74	tls13_record.c \
75	tls13_record_layer.c	75	tls13_record_layer.c \
		76	tls13_server.c
76		77
77	HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h	78	HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
78		79


diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 7288ca3448..9ab72f4f3a 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_internal.h,v 1.29 2019/11/17 00:10:47 beck Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.30 2019/11/17 06:35:30 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -176,6 +176,7 @@ const EVP_MD tls13_cipher_hash(const SSL_CIPHER cipher);
176	/*	176	/*
177	* Legacy interfaces.	177	* Legacy interfaces.
178	*/	178	*/
		179	int tls13_legacy_accept(SSL *ssl);
179	int tls13_legacy_connect(SSL *ssl);	180	int tls13_legacy_connect(SSL *ssl);
180	int tls13_legacy_return_code(SSL *ssl, ssize_t ret);	181	int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
181	ssize_t tls13_legacy_wire_read_cb(void buf, size_t n, void arg);	182	ssize_t tls13_legacy_wire_read_cb(void buf, size_t n, void arg);


diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c new file mode 100644 index 0000000000..8d484fcb45 --- /dev/null +++ b/src/lib/libssl/tls13_server.c
@@ -0,0 +1,79 @@
		1	/* $OpenBSD: tls13_server.c,v 1.1 2019/11/17 06:35:30 jsing Exp $ */
		2	/*
		3	* Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include "ssl_locl.h"
		19
		20	#include "tls13_handshake.h"
		21	#include "tls13_internal.h"
		22
		23	static int
		24	tls13_accept(struct tls13_ctx *ctx)
		25	{
		26	if (ctx->mode != TLS13_HS_SERVER)
		27	return TLS13_IO_FAILURE;
		28
		29	return tls13_handshake_perform(ctx);
		30	}
		31
		32	static int
		33	tls13_server_init(struct tls13_ctx *ctx)
		34	{
		35	SSL *s = ctx->ssl;
		36
		37	if (!ssl_supported_version_range(s, &ctx->hs->min_version,
		38	&ctx->hs->max_version)) {
		39	SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
		40	return 0;
		41	}
		42
		43	/* XXX implement. */
		44
		45	return 1;
		46	}
		47
		48	int
		49	tls13_legacy_accept(SSL *ssl)
		50	{
		51	struct tls13_ctx *ctx = ssl->internal->tls13;
		52	int ret;
		53
		54	if (ctx == NULL) {
		55	if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) {
		56	SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
		57	return -1;
		58	}
		59	ssl->internal->tls13 = ctx;
		60	ctx->ssl = ssl;
		61	ctx->hs = &S3I(ssl)->hs_tls13;
		62
		63	if (!tls13_server_init(ctx)) {
		64	if (ERR_peek_error() == 0)
		65	SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
		66	return -1;
		67	}
		68	}
		69
		70	S3I(ssl)->hs.state = SSL_ST_ACCEPT;
		71
		72	ret = tls13_accept(ctx);
		73	if (ret == TLS13_IO_USE_LEGACY)
		74	return ssl->method->internal->ssl_accept(ssl);
		75	if (ret == TLS13_IO_SUCCESS)
		76	S3I(ssl)->hs.state = SSL_ST_OK;
		77
		78	return tls13_legacy_return_code(ssl, ret);
		79	}