summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2020-10-11 02:22:27 +0000
committerjsing <>2020-10-11 02:22:27 +0000
commitde4705827be90015506e4065c5fcaa759a5eeb2e (patch)
treea536d961ab89e5f295dc904ee7d6fcf5483675c9
parent4884af0400cb036042f4e33c5f8c58fb076986b4 (diff)
downloadopenbsd-de4705827be90015506e4065c5fcaa759a5eeb2e.tar.gz
openbsd-de4705827be90015506e4065c5fcaa759a5eeb2e.tar.bz2
openbsd-de4705827be90015506e4065c5fcaa759a5eeb2e.zip
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only difference between these is that the .ssl_connect or .ssl_accept function pointer is set to ssl_undefined_function, with the intention of reducing code size for a statically linked binary that was only a client or server. These days the difference is minimal or non-existant in many cases and we can reduce the amount of code and complexity by having single method. Internally remove all of the client and server specific methods, simplifying code in the process. The external client/server specific API remain, however these now return the same thing as TLS_method() does. ok tb@
Diffstat
-rw-r--r--src/lib/libssl/ssl_clnt.c4
-rw-r--r--src/lib/libssl/ssl_lib.c4
-rw-r--r--src/lib/libssl/ssl_locl.h8
-rw-r--r--src/lib/libssl/ssl_methods.c473
-rw-r--r--src/lib/libssl/ssl_sess.c4
-rw-r--r--src/lib/libssl/ssl_srvr.c4
-rw-r--r--src/lib/libssl/tls13_legacy.c18
7 files changed, 73 insertions, 442 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 3d11aaaf36..88b82c4400 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.74 2020/10/03 18:01:55 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.75 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -911,7 +911,7 @@ ssl3_get_server_hello(SSL *s)
911 } 911 }
912 s->version = server_version; 912 s->version = server_version;
913 913
914 if ((method = ssl_get_client_method(server_version)) == NULL) { 914 if ((method = ssl_get_method(server_version)) == NULL) {
915 SSLerror(s, ERR_R_INTERNAL_ERROR); 915 SSLerror(s, ERR_R_INTERNAL_ERROR);
916 goto err; 916 goto err;
917 } 917 }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6e375e1c09..b306137c14 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.234 2020/09/24 18:12:00 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.235 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -345,7 +345,7 @@ SSL_new(SSL_CTX *ctx)
345 goto err; 345 goto err;
346 346
347 s->references = 1; 347 s->references = 1;
348 s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1; 348 s->server = 0;
349 349
350 SSL_clear(s); 350 SSL_clear(s);
351 351
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index e47f6191c2..e341e9eda2 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.301 2020/10/11 01:16:31 guenther Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.302 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1121,11 +1121,7 @@ int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher,
1121 uint16_t min_ver, uint16_t max_ver); 1121 uint16_t min_ver, uint16_t max_ver);
1122 1122
1123const SSL_METHOD *tls_legacy_method(void); 1123const SSL_METHOD *tls_legacy_method(void);
1124const SSL_METHOD *tls_legacy_client_method(void); 1124const SSL_METHOD *ssl_get_method(uint16_t version);
1125const SSL_METHOD *tls_legacy_server_method(void);
1126
1127const SSL_METHOD *ssl_get_client_method(uint16_t version);
1128const SSL_METHOD *ssl_get_server_method(uint16_t version);
1129 1125
1130extern SSL3_ENC_METHOD TLSv1_enc_data; 1126extern SSL3_ENC_METHOD TLSv1_enc_data;
1131extern SSL3_ENC_METHOD TLSv1_1_enc_data; 1127extern SSL3_ENC_METHOD TLSv1_1_enc_data;
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index ddfb8dfdba..23c7e97b57 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_methods.c,v 1.17 2020/10/03 17:54:27 jsing Exp $ */ 1/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -59,45 +59,6 @@
59#include "ssl_locl.h" 59#include "ssl_locl.h"
60#include "tls13_internal.h" 60#include "tls13_internal.h"
61 61
62static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
63 .version = DTLS1_VERSION,
64 .min_version = DTLS1_VERSION,
65 .max_version = DTLS1_VERSION,
66 .ssl_new = dtls1_new,
67 .ssl_clear = dtls1_clear,
68 .ssl_free = dtls1_free,
69 .ssl_accept = ssl_undefined_function,
70 .ssl_connect = ssl3_connect,
71 .ssl_shutdown = ssl3_shutdown,
72 .ssl_renegotiate = ssl3_renegotiate,
73 .ssl_renegotiate_check = ssl3_renegotiate_check,
74 .ssl_pending = ssl3_pending,
75 .ssl_read_bytes = dtls1_read_bytes,
76 .ssl_write_bytes = dtls1_write_app_data_bytes,
77 .ssl3_enc = &TLSv1_1_enc_data,
78};
79
80static const SSL_METHOD DTLSv1_client_method_data = {
81 .ssl_dispatch_alert = dtls1_dispatch_alert,
82 .num_ciphers = ssl3_num_ciphers,
83 .get_cipher = dtls1_get_cipher,
84 .get_cipher_by_char = ssl3_get_cipher_by_char,
85 .put_cipher_by_char = ssl3_put_cipher_by_char,
86 .internal = &DTLSv1_client_method_internal_data,
87};
88
89const SSL_METHOD *
90DTLSv1_client_method(void)
91{
92 return &DTLSv1_client_method_data;
93}
94
95const SSL_METHOD *
96DTLS_client_method(void)
97{
98 return DTLSv1_client_method();
99}
100
101static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 62static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
102 .version = DTLS1_VERSION, 63 .version = DTLS1_VERSION,
103 .min_version = DTLS1_VERSION, 64 .min_version = DTLS1_VERSION,
@@ -126,231 +87,39 @@ static const SSL_METHOD DTLSv1_method_data = {
126}; 87};
127 88
128const SSL_METHOD * 89const SSL_METHOD *
129DTLSv1_method(void) 90DTLSv1_client_method(void)
130{ 91{
131 return &DTLSv1_method_data; 92 return &DTLSv1_method_data;
132} 93}
133 94
134const SSL_METHOD * 95const SSL_METHOD *
135DTLS_method(void) 96DTLSv1_method(void)
136{ 97{
137 return DTLSv1_method(); 98 return &DTLSv1_method_data;
138} 99}
139 100
140static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
141 .version = DTLS1_VERSION,
142 .min_version = DTLS1_VERSION,
143 .max_version = DTLS1_VERSION,
144 .ssl_new = dtls1_new,
145 .ssl_clear = dtls1_clear,
146 .ssl_free = dtls1_free,
147 .ssl_accept = ssl3_accept,
148 .ssl_connect = ssl_undefined_function,
149 .ssl_shutdown = ssl3_shutdown,
150 .ssl_renegotiate = ssl3_renegotiate,
151 .ssl_renegotiate_check = ssl3_renegotiate_check,
152 .ssl_pending = ssl3_pending,
153 .ssl_read_bytes = dtls1_read_bytes,
154 .ssl_write_bytes = dtls1_write_app_data_bytes,
155 .ssl3_enc = &TLSv1_1_enc_data,
156};
157
158static const SSL_METHOD DTLSv1_server_method_data = {
159 .ssl_dispatch_alert = dtls1_dispatch_alert,
160 .num_ciphers = ssl3_num_ciphers,
161 .get_cipher = dtls1_get_cipher,
162 .get_cipher_by_char = ssl3_get_cipher_by_char,
163 .put_cipher_by_char = ssl3_put_cipher_by_char,
164 .internal = &DTLSv1_server_method_internal_data,
165};
166
167const SSL_METHOD * 101const SSL_METHOD *
168DTLSv1_server_method(void) 102DTLSv1_server_method(void)
169{ 103{
170 return &DTLSv1_server_method_data; 104 return &DTLSv1_method_data;
171}
172
173const SSL_METHOD *
174DTLS_server_method(void)
175{
176 return DTLSv1_server_method();
177}
178
179#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
180static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
181 .version = TLS1_3_VERSION,
182 .min_version = TLS1_VERSION,
183 .max_version = TLS1_3_VERSION,
184 .ssl_new = tls1_new,
185 .ssl_clear = tls1_clear,
186 .ssl_free = tls1_free,
187 .ssl_accept = ssl_undefined_function,
188 .ssl_connect = tls13_legacy_connect,
189 .ssl_shutdown = tls13_legacy_shutdown,
190 .ssl_renegotiate = ssl_undefined_function,
191 .ssl_renegotiate_check = ssl_ok,
192 .ssl_pending = tls13_legacy_pending,
193 .ssl_read_bytes = tls13_legacy_read_bytes,
194 .ssl_write_bytes = tls13_legacy_write_bytes,
195 .ssl3_enc = &TLSv1_3_enc_data,
196};
197
198static const SSL_METHOD TLS_client_method_data = {
199 .ssl_dispatch_alert = ssl3_dispatch_alert,
200 .num_ciphers = ssl3_num_ciphers,
201 .get_cipher = ssl3_get_cipher,
202 .get_cipher_by_char = ssl3_get_cipher_by_char,
203 .put_cipher_by_char = ssl3_put_cipher_by_char,
204 .internal = &TLS_client_method_internal_data,
205};
206#endif
207
208static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
209 .version = TLS1_2_VERSION,
210 .min_version = TLS1_VERSION,
211 .max_version = TLS1_2_VERSION,
212 .ssl_new = tls1_new,
213 .ssl_clear = tls1_clear,
214 .ssl_free = tls1_free,
215 .ssl_accept = ssl_undefined_function,
216 .ssl_connect = ssl3_connect,
217 .ssl_shutdown = ssl3_shutdown,
218 .ssl_renegotiate = ssl_undefined_function,
219 .ssl_renegotiate_check = ssl_ok,
220 .ssl_pending = ssl3_pending,
221 .ssl_read_bytes = ssl3_read_bytes,
222 .ssl_write_bytes = ssl3_write_bytes,
223 .ssl3_enc = &TLSv1_2_enc_data,
224};
225
226static const SSL_METHOD TLS_legacy_client_method_data = {
227 .ssl_dispatch_alert = ssl3_dispatch_alert,
228 .num_ciphers = ssl3_num_ciphers,
229 .get_cipher = ssl3_get_cipher,
230 .get_cipher_by_char = ssl3_get_cipher_by_char,
231 .put_cipher_by_char = ssl3_put_cipher_by_char,
232 .internal = &TLS_legacy_client_method_internal_data,
233};
234
235static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
236 .version = TLS1_VERSION,
237 .min_version = TLS1_VERSION,
238 .max_version = TLS1_VERSION,
239 .ssl_new = tls1_new,
240 .ssl_clear = tls1_clear,
241 .ssl_free = tls1_free,
242 .ssl_accept = ssl_undefined_function,
243 .ssl_connect = ssl3_connect,
244 .ssl_shutdown = ssl3_shutdown,
245 .ssl_renegotiate = ssl3_renegotiate,
246 .ssl_renegotiate_check = ssl3_renegotiate_check,
247 .ssl_pending = ssl3_pending,
248 .ssl_read_bytes = ssl3_read_bytes,
249 .ssl_write_bytes = ssl3_write_bytes,
250 .ssl3_enc = &TLSv1_enc_data,
251};
252
253static const SSL_METHOD TLSv1_client_method_data = {
254 .ssl_dispatch_alert = ssl3_dispatch_alert,
255 .num_ciphers = ssl3_num_ciphers,
256 .get_cipher = ssl3_get_cipher,
257 .get_cipher_by_char = ssl3_get_cipher_by_char,
258 .put_cipher_by_char = ssl3_put_cipher_by_char,
259 .internal = &TLSv1_client_method_internal_data,
260};
261
262static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
263 .version = TLS1_1_VERSION,
264 .min_version = TLS1_1_VERSION,
265 .max_version = TLS1_1_VERSION,
266 .ssl_new = tls1_new,
267 .ssl_clear = tls1_clear,
268 .ssl_free = tls1_free,
269 .ssl_accept = ssl_undefined_function,
270 .ssl_connect = ssl3_connect,
271 .ssl_shutdown = ssl3_shutdown,
272 .ssl_renegotiate = ssl3_renegotiate,
273 .ssl_renegotiate_check = ssl3_renegotiate_check,
274 .ssl_pending = ssl3_pending,
275 .ssl_read_bytes = ssl3_read_bytes,
276 .ssl_write_bytes = ssl3_write_bytes,
277 .ssl3_enc = &TLSv1_1_enc_data,
278};
279
280static const SSL_METHOD TLSv1_1_client_method_data = {
281 .ssl_dispatch_alert = ssl3_dispatch_alert,
282 .num_ciphers = ssl3_num_ciphers,
283 .get_cipher = ssl3_get_cipher,
284 .get_cipher_by_char = ssl3_get_cipher_by_char,
285 .put_cipher_by_char = ssl3_put_cipher_by_char,
286 .internal = &TLSv1_1_client_method_internal_data,
287};
288
289static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
290 .version = TLS1_2_VERSION,
291 .min_version = TLS1_2_VERSION,
292 .max_version = TLS1_2_VERSION,
293 .ssl_new = tls1_new,
294 .ssl_clear = tls1_clear,
295 .ssl_free = tls1_free,
296 .ssl_accept = ssl_undefined_function,
297 .ssl_connect = ssl3_connect,
298 .ssl_shutdown = ssl3_shutdown,
299 .ssl_renegotiate = ssl3_renegotiate,
300 .ssl_renegotiate_check = ssl3_renegotiate_check,
301 .ssl_pending = ssl3_pending,
302 .ssl_read_bytes = ssl3_read_bytes,
303 .ssl_write_bytes = ssl3_write_bytes,
304 .ssl3_enc = &TLSv1_2_enc_data,
305};
306
307static const SSL_METHOD TLSv1_2_client_method_data = {
308 .ssl_dispatch_alert = ssl3_dispatch_alert,
309 .num_ciphers = ssl3_num_ciphers,
310 .get_cipher = ssl3_get_cipher,
311 .get_cipher_by_char = ssl3_get_cipher_by_char,
312 .put_cipher_by_char = ssl3_put_cipher_by_char,
313 .internal = &TLSv1_2_client_method_internal_data,
314};
315
316const SSL_METHOD *
317SSLv23_client_method(void)
318{
319 return (TLS_client_method());
320}
321
322const SSL_METHOD *
323TLS_client_method(void)
324{
325#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
326 return (&TLS_client_method_data);
327#else
328 return tls_legacy_client_method();
329#endif
330}
331
332const SSL_METHOD *
333tls_legacy_client_method(void)
334{
335 return (&TLS_legacy_client_method_data);
336} 105}
337 106
338const SSL_METHOD * 107const SSL_METHOD *
339TLSv1_client_method(void) 108DTLS_client_method(void)
340{ 109{
341 return (&TLSv1_client_method_data); 110 return DTLSv1_method();
342} 111}
343 112
344const SSL_METHOD * 113const SSL_METHOD *
345TLSv1_1_client_method(void) 114DTLS_method(void)
346{ 115{
347 return (&TLSv1_1_client_method_data); 116 return DTLSv1_method();
348} 117}
349 118
350const SSL_METHOD * 119const SSL_METHOD *
351TLSv1_2_client_method(void) 120DTLS_server_method(void)
352{ 121{
353 return (&TLSv1_2_client_method_data); 122 return DTLSv1_method();
354} 123}
355 124
356#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 125#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -491,9 +260,9 @@ static const SSL_METHOD TLSv1_2_method_data = {
491}; 260};
492 261
493const SSL_METHOD * 262const SSL_METHOD *
494SSLv23_method(void) 263TLS_client_method(void)
495{ 264{
496 return (TLS_method()); 265 return TLS_method();
497} 266}
498 267
499const SSL_METHOD * 268const SSL_METHOD *
@@ -507,236 +276,102 @@ TLS_method(void)
507} 276}
508 277
509const SSL_METHOD * 278const SSL_METHOD *
279TLS_server_method(void)
280{
281 return TLS_method();
282}
283
284const SSL_METHOD *
510tls_legacy_method(void) 285tls_legacy_method(void)
511{ 286{
512 return (&TLS_legacy_method_data); 287 return (&TLS_legacy_method_data);
513} 288}
514 289
515const SSL_METHOD * 290const SSL_METHOD *
516TLSv1_method(void) 291SSLv23_client_method(void)
517{ 292{
518 return (&TLSv1_method_data); 293 return TLS_method();
519} 294}
520 295
521const SSL_METHOD * 296const SSL_METHOD *
522TLSv1_1_method(void) 297SSLv23_method(void)
523{ 298{
524 return (&TLSv1_1_method_data); 299 return TLS_method();
525} 300}
526 301
527const SSL_METHOD * 302const SSL_METHOD *
528TLSv1_2_method(void) 303SSLv23_server_method(void)
529{ 304{
530 return (&TLSv1_2_method_data); 305 return TLS_method();
531} 306}
532 307
533#ifdef LIBRESSL_HAS_TLS1_3_SERVER 308const SSL_METHOD *
534static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { 309TLSv1_client_method(void)
535 .version = TLS1_3_VERSION, 310{
536 .min_version = TLS1_VERSION, 311 return (&TLSv1_method_data);
537 .max_version = TLS1_3_VERSION, 312}
538 .ssl_new = tls1_new,
539 .ssl_clear = tls1_clear,
540 .ssl_free = tls1_free,
541 .ssl_accept = tls13_legacy_accept,
542 .ssl_connect = ssl_undefined_function,
543 .ssl_shutdown = tls13_legacy_shutdown,
544 .ssl_renegotiate = ssl_undefined_function,
545 .ssl_renegotiate_check = ssl_ok,
546 .ssl_pending = tls13_legacy_pending,
547 .ssl_read_bytes = tls13_legacy_read_bytes,
548 .ssl_write_bytes = tls13_legacy_write_bytes,
549 .ssl3_enc = &TLSv1_3_enc_data,
550};
551
552static const SSL_METHOD TLS_server_method_data = {
553 .ssl_dispatch_alert = ssl3_dispatch_alert,
554 .num_ciphers = ssl3_num_ciphers,
555 .get_cipher = ssl3_get_cipher,
556 .get_cipher_by_char = ssl3_get_cipher_by_char,
557 .put_cipher_by_char = ssl3_put_cipher_by_char,
558 .internal = &TLS_server_method_internal_data,
559};
560#endif
561
562static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
563 .version = TLS1_2_VERSION,
564 .min_version = TLS1_VERSION,
565 .max_version = TLS1_2_VERSION,
566 .ssl_new = tls1_new,
567 .ssl_clear = tls1_clear,
568 .ssl_free = tls1_free,
569 .ssl_accept = ssl3_accept,
570 .ssl_connect = ssl_undefined_function,
571 .ssl_shutdown = ssl3_shutdown,
572 .ssl_renegotiate = ssl_undefined_function,
573 .ssl_renegotiate_check = ssl_ok,
574 .ssl_pending = ssl3_pending,
575 .ssl_read_bytes = ssl3_read_bytes,
576 .ssl_write_bytes = ssl3_write_bytes,
577 .ssl3_enc = &TLSv1_2_enc_data,
578};
579
580static const SSL_METHOD TLS_legacy_server_method_data = {
581 .ssl_dispatch_alert = ssl3_dispatch_alert,
582 .num_ciphers = ssl3_num_ciphers,
583 .get_cipher = ssl3_get_cipher,
584 .get_cipher_by_char = ssl3_get_cipher_by_char,
585 .put_cipher_by_char = ssl3_put_cipher_by_char,
586 .internal = &TLS_legacy_server_method_internal_data,
587};
588
589static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
590 .version = TLS1_VERSION,
591 .min_version = TLS1_VERSION,
592 .max_version = TLS1_VERSION,
593 .ssl_new = tls1_new,
594 .ssl_clear = tls1_clear,
595 .ssl_free = tls1_free,
596 .ssl_accept = ssl3_accept,
597 .ssl_connect = ssl_undefined_function,
598 .ssl_shutdown = ssl3_shutdown,
599 .ssl_renegotiate = ssl3_renegotiate,
600 .ssl_renegotiate_check = ssl3_renegotiate_check,
601 .ssl_pending = ssl3_pending,
602 .ssl_read_bytes = ssl3_read_bytes,
603 .ssl_write_bytes = ssl3_write_bytes,
604 .ssl3_enc = &TLSv1_enc_data,
605};
606
607static const SSL_METHOD TLSv1_server_method_data = {
608 .ssl_dispatch_alert = ssl3_dispatch_alert,
609 .num_ciphers = ssl3_num_ciphers,
610 .get_cipher = ssl3_get_cipher,
611 .get_cipher_by_char = ssl3_get_cipher_by_char,
612 .put_cipher_by_char = ssl3_put_cipher_by_char,
613 .internal = &TLSv1_server_method_internal_data,
614};
615
616static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
617 .version = TLS1_1_VERSION,
618 .min_version = TLS1_1_VERSION,
619 .max_version = TLS1_1_VERSION,
620 .ssl_new = tls1_new,
621 .ssl_clear = tls1_clear,
622 .ssl_free = tls1_free,
623 .ssl_accept = ssl3_accept,
624 .ssl_connect = ssl_undefined_function,
625 .ssl_shutdown = ssl3_shutdown,
626 .ssl_renegotiate = ssl3_renegotiate,
627 .ssl_renegotiate_check = ssl3_renegotiate_check,
628 .ssl_pending = ssl3_pending,
629 .ssl_read_bytes = ssl3_read_bytes,
630 .ssl_write_bytes = ssl3_write_bytes,
631 .ssl3_enc = &TLSv1_1_enc_data,
632};
633
634static const SSL_METHOD TLSv1_1_server_method_data = {
635 .ssl_dispatch_alert = ssl3_dispatch_alert,
636 .num_ciphers = ssl3_num_ciphers,
637 .get_cipher = ssl3_get_cipher,
638 .get_cipher_by_char = ssl3_get_cipher_by_char,
639 .put_cipher_by_char = ssl3_put_cipher_by_char,
640 .internal = &TLSv1_1_server_method_internal_data,
641};
642
643static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
644 .version = TLS1_2_VERSION,
645 .min_version = TLS1_2_VERSION,
646 .max_version = TLS1_2_VERSION,
647 .ssl_new = tls1_new,
648 .ssl_clear = tls1_clear,
649 .ssl_free = tls1_free,
650 .ssl_accept = ssl3_accept,
651 .ssl_connect = ssl_undefined_function,
652 .ssl_shutdown = ssl3_shutdown,
653 .ssl_renegotiate = ssl3_renegotiate,
654 .ssl_renegotiate_check = ssl3_renegotiate_check,
655 .ssl_pending = ssl3_pending,
656 .ssl_read_bytes = ssl3_read_bytes,
657 .ssl_write_bytes = ssl3_write_bytes,
658 .ssl3_enc = &TLSv1_2_enc_data,
659};
660
661static const SSL_METHOD TLSv1_2_server_method_data = {
662 .ssl_dispatch_alert = ssl3_dispatch_alert,
663 .num_ciphers = ssl3_num_ciphers,
664 .get_cipher = ssl3_get_cipher,
665 .get_cipher_by_char = ssl3_get_cipher_by_char,
666 .put_cipher_by_char = ssl3_put_cipher_by_char,
667 .internal = &TLSv1_2_server_method_internal_data,
668};
669 313
670const SSL_METHOD * 314const SSL_METHOD *
671SSLv23_server_method(void) 315TLSv1_method(void)
672{ 316{
673 return (TLS_server_method()); 317 return (&TLSv1_method_data);
674} 318}
675 319
676const SSL_METHOD * 320const SSL_METHOD *
677TLS_server_method(void) 321TLSv1_server_method(void)
678{ 322{
679#ifdef LIBRESSL_HAS_TLS1_3_SERVER 323 return (&TLSv1_method_data);
680 return (&TLS_server_method_data);
681#else
682 return tls_legacy_server_method();
683#endif
684} 324}
685 325
686const SSL_METHOD * 326const SSL_METHOD *
687tls_legacy_server_method(void) 327TLSv1_1_client_method(void)
688{ 328{
689 return (&TLS_legacy_server_method_data); 329 return (&TLSv1_1_method_data);
690} 330}
691 331
692const SSL_METHOD * 332const SSL_METHOD *
693TLSv1_server_method(void) 333TLSv1_1_method(void)
694{ 334{
695 return (&TLSv1_server_method_data); 335 return (&TLSv1_1_method_data);
696} 336}
697 337
698const SSL_METHOD * 338const SSL_METHOD *
699TLSv1_1_server_method(void) 339TLSv1_1_server_method(void)
700{ 340{
701 return (&TLSv1_1_server_method_data); 341 return (&TLSv1_1_method_data);
702} 342}
703 343
704const SSL_METHOD * 344const SSL_METHOD *
705TLSv1_2_server_method(void) 345TLSv1_2_client_method(void)
706{ 346{
707 return (&TLSv1_2_server_method_data); 347 return (&TLSv1_2_method_data);
708} 348}
709 349
710const SSL_METHOD * 350const SSL_METHOD *
711ssl_get_client_method(uint16_t version) 351TLSv1_2_method(void)
712{ 352{
713 if (version == TLS1_3_VERSION) 353 return (&TLSv1_2_method_data);
714 return (TLS_client_method()); 354}
715 if (version == TLS1_2_VERSION)
716 return (TLSv1_2_client_method());
717 if (version == TLS1_1_VERSION)
718 return (TLSv1_1_client_method());
719 if (version == TLS1_VERSION)
720 return (TLSv1_client_method());
721 if (version == DTLS1_VERSION)
722 return (DTLSv1_client_method());
723 355
724 return (NULL); 356const SSL_METHOD *
357TLSv1_2_server_method(void)
358{
359 return (&TLSv1_2_method_data);
725} 360}
726 361
727const SSL_METHOD * 362const SSL_METHOD *
728ssl_get_server_method(uint16_t version) 363ssl_get_method(uint16_t version)
729{ 364{
730 if (version == TLS1_3_VERSION) 365 if (version == TLS1_3_VERSION)
731 return (TLS_server_method()); 366 return (TLS_method());
732 if (version == TLS1_2_VERSION) 367 if (version == TLS1_2_VERSION)
733 return (TLSv1_2_server_method()); 368 return (TLSv1_2_method());
734 if (version == TLS1_1_VERSION) 369 if (version == TLS1_1_VERSION)
735 return (TLSv1_1_server_method()); 370 return (TLSv1_1_method());
736 if (version == TLS1_VERSION) 371 if (version == TLS1_VERSION)
737 return (TLSv1_server_method()); 372 return (TLSv1_method());
738 if (version == DTLS1_VERSION) 373 if (version == DTLS1_VERSION)
739 return (DTLSv1_server_method()); 374 return (DTLSv1_method());
740 375
741 return (NULL); 376 return (NULL);
742} 377}
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index d805419de4..be5cbbeec6 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.100 2020/09/19 09:56:35 tb Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.101 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -797,7 +797,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
797 return SSL_set_ssl_method(s, s->ctx->method); 797 return SSL_set_ssl_method(s, s->ctx->method);
798 } 798 }
799 799
800 if ((method = ssl_get_client_method(session->ssl_version)) == NULL) { 800 if ((method = ssl_get_method(session->ssl_version)) == NULL) {
801 SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); 801 SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
802 return (0); 802 return (0);
803 } 803 }
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 1e92640835..3b848f4b40 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.86 2020/10/03 18:01:55 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -868,7 +868,7 @@ ssl3_get_client_hello(SSL *s)
868 s->client_version = client_version; 868 s->client_version = client_version;
869 s->version = shared_version; 869 s->version = shared_version;
870 870
871 if ((method = ssl_get_server_method(shared_version)) == NULL) { 871 if ((method = ssl_get_method(shared_version)) == NULL) {
872 SSLerror(s, ERR_R_INTERNAL_ERROR); 872 SSLerror(s, ERR_R_INTERNAL_ERROR);
873 goto err; 873 goto err;
874 } 874 }
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index e9e17293e1..943e2db9a1 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_legacy.c,v 1.15 2020/10/07 10:14:45 tb Exp $ */ 1/* $OpenBSD: tls13_legacy.c,v 1.16 2020/10/11 02:22:27 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -302,6 +302,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
302 302
303 memset(&cbb, 0, sizeof(cbb)); 303 memset(&cbb, 0, sizeof(cbb));
304 304
305 s->method = tls_legacy_method();
306
305 if (!ssl3_setup_init_buffer(s)) 307 if (!ssl3_setup_init_buffer(s))
306 goto err; 308 goto err;
307 if (!ssl3_setup_buffers(s)) 309 if (!ssl3_setup_buffers(s))
@@ -359,13 +361,12 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
359{ 361{
360 SSL *s = ctx->ssl; 362 SSL *s = ctx->ssl;
361 363
362 s->method = tls_legacy_client_method();
363 s->internal->handshake_func = s->method->internal->ssl_connect;
364 s->client_version = s->version = s->method->internal->max_version;
365
366 if (!tls13_use_legacy_stack(ctx)) 364 if (!tls13_use_legacy_stack(ctx))
367 return 0; 365 return 0;
368 366
367 s->internal->handshake_func = s->method->internal->ssl_connect;
368 s->client_version = s->version = s->method->internal->max_version;
369
369 S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; 370 S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
370 371
371 return 1; 372 return 1;
@@ -376,14 +377,13 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
376{ 377{
377 SSL *s = ctx->ssl; 378 SSL *s = ctx->ssl;
378 379
379 s->method = tls_legacy_server_method(); 380 if (!tls13_use_legacy_stack(ctx))
381 return 0;
382
380 s->internal->handshake_func = s->method->internal->ssl_accept; 383 s->internal->handshake_func = s->method->internal->ssl_accept;
381 s->client_version = s->version = s->method->internal->max_version; 384 s->client_version = s->version = s->method->internal->max_version;
382 s->server = 1; 385 s->server = 1;
383 386
384 if (!tls13_use_legacy_stack(ctx))
385 return 0;
386
387 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; 387 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
388 388
389 return 1; 389 return 1;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 01:00:23 +0000