Wire up the TLSv1.3 server.

This currently only has enough code to handle fallback to the legacy TLS stack for TLSv1.2 or earlier, however allows for further development and testing. ok beck@
author: jsing <> 2020-01-22 15:47:22 +0000
committer: jsing <> 2020-01-22 15:47:22 +0000
commit: 10c7e6c36bf0dc3cca36f953f4d1a51e178aa2de (patch)
tree: 1108aa572ec1515fb5e57ca2cad76f6f6230b16c /src/lib/libssl/ssl_methods.c
parent: 7655835d7e1b8fa812246e1e652a1747a4f67b32 (diff)
download: openbsd-10c7e6c36bf0dc3cca36f953f4d1a51e178aa2de.tar.gz
openbsd-10c7e6c36bf0dc3cca36f953f4d1a51e178aa2de.tar.bz2
openbsd-10c7e6c36bf0dc3cca36f953f4d1a51e178aa2de.zip
1 files changed, 45 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 8e544f6e93..30838f7407 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.7 2020/01/22 02:34:39 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.8 2020/01/22 15:47:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -579,7 +579,39 @@ TLSv1_2_method(void)
        return (&TLSv1_2_method_data);
 }
+#ifdef LIBRESSL_HAS_TLS1_3_SERVER
 static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
+        .version = TLS1_3_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_3_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = tls13_legacy_accept,
+        .ssl_connect = ssl_undefined_function,
+        .ssl_shutdown = tls13_legacy_shutdown,
+        .get_ssl_method = tls1_get_server_method,
+        .get_timeout = tls1_default_timeout,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = tls13_legacy_read_bytes,
+        .ssl_write_bytes = tls13_legacy_write_bytes,
+        .ssl3_enc = &TLSv1_2_enc_data,
+};
+static const SSL_METHOD TLS_server_method_data = {
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .internal = &TLS_server_method_internal_data,
+};
+#endif
+static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
        .version = TLS1_2_VERSION,
        .min_version = TLS1_VERSION,
        .max_version = TLS1_2_VERSION,
@@ -600,13 +632,13 @@ static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
        .ssl3_enc = &TLSv1_2_enc_data,
 };
-static const SSL_METHOD TLS_server_method_data = {
+static const SSL_METHOD TLS_legacy_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
        .get_cipher_by_char = ssl3_get_cipher_by_char,
        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLS_server_method_internal_data,
+        .internal = &TLS_legacy_server_method_internal_data,
 };
 static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
@@ -720,7 +752,17 @@ SSLv23_server_method(void)
 const SSL_METHOD *
 TLS_server_method(void)
 {
+#ifdef LIBRESSL_HAS_TLS1_3_SERVER
        return (&TLS_server_method_data);
+#else
+        return tls_legacy_server_method();
+#endif
+}
+const SSL_METHOD *
+tls_legacy_server_method(void)
+{
+        return (&TLS_legacy_server_method_data);
 }
 const SSL_METHOD *
author	jsing <>	2020-01-22 15:47:22 +0000
committer	jsing <>	2020-01-22 15:47:22 +0000
commit	10c7e6c36bf0dc3cca36f953f4d1a51e178aa2de (patch)
tree	1108aa572ec1515fb5e57ca2cad76f6f6230b16c /src/lib/libssl/ssl_methods.c
parent	7655835d7e1b8fa812246e1e652a1747a4f67b32 (diff)
download	openbsd-10c7e6c36bf0dc3cca36f953f4d1a51e178aa2de.tar.gz openbsd-10c7e6c36bf0dc3cca36f953f4d1a51e178aa2de.tar.bz2 openbsd-10c7e6c36bf0dc3cca36f953f4d1a51e178aa2de.zip

diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index 8e544f6e93..30838f7407 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_methods.c,v 1.7 2020/01/22 02:34:39 jsing Exp $ */	1	/* $OpenBSD: ssl_methods.c,v 1.8 2020/01/22 15:47:22 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -579,7 +579,39 @@ TLSv1_2_method(void)
579	return (&TLSv1_2_method_data);	579	return (&TLSv1_2_method_data);
580	}	580	}
581		581
		582	#ifdef LIBRESSL_HAS_TLS1_3_SERVER
582	static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {	583	static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
		584	.version = TLS1_3_VERSION,
		585	.min_version = TLS1_VERSION,
		586	.max_version = TLS1_3_VERSION,
		587	.ssl_new = tls1_new,
		588	.ssl_clear = tls1_clear,
		589	.ssl_free = tls1_free,
		590	.ssl_accept = tls13_legacy_accept,
		591	.ssl_connect = ssl_undefined_function,
		592	.ssl_shutdown = tls13_legacy_shutdown,
		593	.get_ssl_method = tls1_get_server_method,
		594	.get_timeout = tls1_default_timeout,
		595	.ssl_version = ssl_undefined_void_function,
		596	.ssl_renegotiate = ssl_undefined_function,
		597	.ssl_renegotiate_check = ssl_ok,
		598	.ssl_get_message = ssl3_get_message,
		599	.ssl_read_bytes = tls13_legacy_read_bytes,
		600	.ssl_write_bytes = tls13_legacy_write_bytes,
		601	.ssl3_enc = &TLSv1_2_enc_data,
		602	};
		603
		604	static const SSL_METHOD TLS_server_method_data = {
		605	.ssl_dispatch_alert = ssl3_dispatch_alert,
		606	.num_ciphers = ssl3_num_ciphers,
		607	.get_cipher = ssl3_get_cipher,
		608	.get_cipher_by_char = ssl3_get_cipher_by_char,
		609	.put_cipher_by_char = ssl3_put_cipher_by_char,
		610	.internal = &TLS_server_method_internal_data,
		611	};
		612	#endif
		613
		614	static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
583	.version = TLS1_2_VERSION,	615	.version = TLS1_2_VERSION,
584	.min_version = TLS1_VERSION,	616	.min_version = TLS1_VERSION,
585	.max_version = TLS1_2_VERSION,	617	.max_version = TLS1_2_VERSION,
@@ -600,13 +632,13 @@ static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
600	.ssl3_enc = &TLSv1_2_enc_data,	632	.ssl3_enc = &TLSv1_2_enc_data,
601	};	633	};
602		634
603	static const SSL_METHOD TLS_server_method_data = {	635	static const SSL_METHOD TLS_legacy_server_method_data = {
604	.ssl_dispatch_alert = ssl3_dispatch_alert,	636	.ssl_dispatch_alert = ssl3_dispatch_alert,
605	.num_ciphers = ssl3_num_ciphers,	637	.num_ciphers = ssl3_num_ciphers,
606	.get_cipher = ssl3_get_cipher,	638	.get_cipher = ssl3_get_cipher,
607	.get_cipher_by_char = ssl3_get_cipher_by_char,	639	.get_cipher_by_char = ssl3_get_cipher_by_char,
608	.put_cipher_by_char = ssl3_put_cipher_by_char,	640	.put_cipher_by_char = ssl3_put_cipher_by_char,
609	.internal = &TLS_server_method_internal_data,	641	.internal = &TLS_legacy_server_method_internal_data,
610	};	642	};
611		643
612	static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {	644	static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
@@ -720,7 +752,17 @@ SSLv23_server_method(void)
720	const SSL_METHOD *	752	const SSL_METHOD *
721	TLS_server_method(void)	753	TLS_server_method(void)
722	{	754	{
		755	#ifdef LIBRESSL_HAS_TLS1_3_SERVER
723	return (&TLS_server_method_data);	756	return (&TLS_server_method_data);
		757	#else
		758	return tls_legacy_server_method();
		759	#endif
		760	}
		761
		762	const SSL_METHOD *
		763	tls_legacy_server_method(void)
		764	{
		765	return (&TLS_legacy_server_method_data);
724	}	766	}
725		767
726	const SSL_METHOD *	768	const SSL_METHOD *