Provide a TLS 1.3 capable client method.

ok tb@
author: jsing <> 2019-02-14 17:50:07 +0000
committer: jsing <> 2019-02-14 17:50:07 +0000
commit: 32f29b79bba51350a105bc00734a01f2ec6ea051 (patch)
tree: 74724acb5470907464a064bd76fefda582607ab2 /src/lib/libssl/ssl_methods.c
parent: 6574d3689d17f42a35122ef4c9439970564fb314 (diff)
download: openbsd-32f29b79bba51350a105bc00734a01f2ec6ea051.tar.gz
openbsd-32f29b79bba51350a105bc00734a01f2ec6ea051.tar.bz2
openbsd-32f29b79bba51350a105bc00734a01f2ec6ea051.zip
1 files changed, 45 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 3e9f18bc40..636fed92a0 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.1 2018/11/05 05:45:15 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.2 2019/02/14 17:50:07 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -57,6 +57,7 @@
 */
 #include "ssl_locl.h"
+#include "tls13_internal.h"
 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
        .version = DTLS1_VERSION,
@@ -189,7 +190,38 @@ dtls1_get_server_method(int ver)
        return (NULL);
 }
+#ifdef LIBRESSL_HAS_TLS13
 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
+        .version = TLS1_3_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_3_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = ssl_undefined_function,
+        .ssl_connect = tls13_legacy_connect,
+        .get_ssl_method = tls1_get_client_method,
+        .get_timeout = tls1_default_timeout,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = tls13_legacy_read_bytes,
+        .ssl_write_bytes = tls13_legacy_write_bytes,
+        .ssl3_enc = &TLSv1_2_enc_data,
+};
+static const SSL_METHOD TLS_client_method_data = {
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .internal = &TLS_client_method_internal_data,
+};
+#endif
+static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
        .version = TLS1_2_VERSION,
        .min_version = TLS1_VERSION,
        .max_version = TLS1_2_VERSION,
@@ -209,13 +241,13 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
        .ssl3_enc = &TLSv1_2_enc_data,
 };
-static const SSL_METHOD TLS_client_method_data = {
+static const SSL_METHOD TLS_legacy_client_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
        .get_cipher_by_char = ssl3_get_cipher_by_char,
        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLS_client_method_internal_data,
+        .internal = &TLS_legacy_client_method_internal_data,
 };
 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
@@ -326,7 +358,17 @@ SSLv23_client_method(void)
 const SSL_METHOD *
 TLS_client_method(void)
 {
+#ifdef LIBRESSL_HAS_TLS13
        return (&TLS_client_method_data);
+#else
+        return tls_legacy_client_method();
+#endif
+}
+const SSL_METHOD *
+tls_legacy_client_method(void)
+{
+        return (&TLS_legacy_client_method_data);
 }
 const SSL_METHOD *
author	jsing <>	2019-02-14 17:50:07 +0000
committer	jsing <>	2019-02-14 17:50:07 +0000
commit	32f29b79bba51350a105bc00734a01f2ec6ea051 (patch)
tree	74724acb5470907464a064bd76fefda582607ab2 /src/lib/libssl/ssl_methods.c
parent	6574d3689d17f42a35122ef4c9439970564fb314 (diff)
download	openbsd-32f29b79bba51350a105bc00734a01f2ec6ea051.tar.gz openbsd-32f29b79bba51350a105bc00734a01f2ec6ea051.tar.bz2 openbsd-32f29b79bba51350a105bc00734a01f2ec6ea051.zip

diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index 3e9f18bc40..636fed92a0 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_methods.c,v 1.1 2018/11/05 05:45:15 jsing Exp $ */	1	/* $OpenBSD: ssl_methods.c,v 1.2 2019/02/14 17:50:07 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -57,6 +57,7 @@
57	*/	57	*/
58		58
59	#include "ssl_locl.h"	59	#include "ssl_locl.h"
		60	#include "tls13_internal.h"
60		61
61	static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {	62	static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
62	.version = DTLS1_VERSION,	63	.version = DTLS1_VERSION,
@@ -189,7 +190,38 @@ dtls1_get_server_method(int ver)
189	return (NULL);	190	return (NULL);
190	}	191	}
191		192
		193	#ifdef LIBRESSL_HAS_TLS13
192	static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {	194	static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
		195	.version = TLS1_3_VERSION,
		196	.min_version = TLS1_VERSION,
		197	.max_version = TLS1_3_VERSION,
		198	.ssl_new = tls1_new,
		199	.ssl_clear = tls1_clear,
		200	.ssl_free = tls1_free,
		201	.ssl_accept = ssl_undefined_function,
		202	.ssl_connect = tls13_legacy_connect,
		203	.get_ssl_method = tls1_get_client_method,
		204	.get_timeout = tls1_default_timeout,
		205	.ssl_version = ssl_undefined_void_function,
		206	.ssl_renegotiate = ssl_undefined_function,
		207	.ssl_renegotiate_check = ssl_ok,
		208	.ssl_get_message = ssl3_get_message,
		209	.ssl_read_bytes = tls13_legacy_read_bytes,
		210	.ssl_write_bytes = tls13_legacy_write_bytes,
		211	.ssl3_enc = &TLSv1_2_enc_data,
		212	};
		213
		214	static const SSL_METHOD TLS_client_method_data = {
		215	.ssl_dispatch_alert = ssl3_dispatch_alert,
		216	.num_ciphers = ssl3_num_ciphers,
		217	.get_cipher = ssl3_get_cipher,
		218	.get_cipher_by_char = ssl3_get_cipher_by_char,
		219	.put_cipher_by_char = ssl3_put_cipher_by_char,
		220	.internal = &TLS_client_method_internal_data,
		221	};
		222	#endif
		223
		224	static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
193	.version = TLS1_2_VERSION,	225	.version = TLS1_2_VERSION,
194	.min_version = TLS1_VERSION,	226	.min_version = TLS1_VERSION,
195	.max_version = TLS1_2_VERSION,	227	.max_version = TLS1_2_VERSION,
@@ -209,13 +241,13 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
209	.ssl3_enc = &TLSv1_2_enc_data,	241	.ssl3_enc = &TLSv1_2_enc_data,
210	};	242	};
211		243
212	static const SSL_METHOD TLS_client_method_data = {	244	static const SSL_METHOD TLS_legacy_client_method_data = {
213	.ssl_dispatch_alert = ssl3_dispatch_alert,	245	.ssl_dispatch_alert = ssl3_dispatch_alert,
214	.num_ciphers = ssl3_num_ciphers,	246	.num_ciphers = ssl3_num_ciphers,
215	.get_cipher = ssl3_get_cipher,	247	.get_cipher = ssl3_get_cipher,
216	.get_cipher_by_char = ssl3_get_cipher_by_char,	248	.get_cipher_by_char = ssl3_get_cipher_by_char,
217	.put_cipher_by_char = ssl3_put_cipher_by_char,	249	.put_cipher_by_char = ssl3_put_cipher_by_char,
218	.internal = &TLS_client_method_internal_data,	250	.internal = &TLS_legacy_client_method_internal_data,
219	};	251	};
220		252
221	static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {	253	static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
@@ -326,7 +358,17 @@ SSLv23_client_method(void)
326	const SSL_METHOD *	358	const SSL_METHOD *
327	TLS_client_method(void)	359	TLS_client_method(void)
328	{	360	{
		361	#ifdef LIBRESSL_HAS_TLS13
329	return (&TLS_client_method_data);	362	return (&TLS_client_method_data);
		363	#else
		364	return tls_legacy_client_method();
		365	#endif
		366	}
		367
		368	const SSL_METHOD *
		369	tls_legacy_client_method(void)
		370	{
		371	return (&TLS_legacy_client_method_data);
330	}	372	}
331		373
332	const SSL_METHOD *	374	const SSL_METHOD *