This commit was manufactured by cvs2git to create tag 'tb_20230422'.tb_20230422

author: cvs2svn <admin@example.com> 2023-04-23 13:43:47 +0000
committer: cvs2svn <admin@example.com> 2023-04-23 13:43:47 +0000
commit: e2496982472bdf233be95c5ea72d1c4dc6c91db3 (patch)
tree: 316488e5daf86864d8466bce0e5b000d85768378 /src/lib/libssl/tls13_legacy.c
parent: 097d0cf840b9007212bcd2516ed5e18939e6da3d (diff)
download: openbsd-tb_20230422.tar.gz
openbsd-tb_20230422.tar.bz2
openbsd-tb_20230422.zip
1 files changed, 0 insertions, 556 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
deleted file mode 100644
index 1d6a5a1299..0000000000
--- a/src/lib/libssl/tls13_legacy.c
+++ /dev/null
@@ -1,556 +0,0 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.40 2022/11/26 16:08:56 tb Exp $ */
-/*
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <limits.h>
-#include "ssl_local.h"
-#include "tls13_internal.h"
-static ssize_t
-tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
-{
-        int n;
-        if (ssl->rbio == NULL) {
-                SSLerror(ssl, SSL_R_BIO_NOT_SET);
-                return TLS13_IO_FAILURE;
-        }
-        ssl->rwstate = SSL_READING;
-        errno = 0;
-        if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
-                if (BIO_should_read(ssl->rbio))
-                        return TLS13_IO_WANT_POLLIN;
-                if (n == 0)
-                        return TLS13_IO_EOF;
-                if (ERR_peek_error() == 0 && errno != 0)
-                        SYSerror(errno);
-                return TLS13_IO_FAILURE;
-        }
-        if (n == len)
-                ssl->rwstate = SSL_NOTHING;
-        return n;
-}
-ssize_t
-tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        return tls13_legacy_wire_read(ctx->ssl, buf, n);
-}
-static ssize_t
-tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
-{
-        int n;
-        if (ssl->wbio == NULL) {
-                SSLerror(ssl, SSL_R_BIO_NOT_SET);
-                return TLS13_IO_FAILURE;
-        }
-        ssl->rwstate = SSL_WRITING;
-        errno = 0;
-        if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
-                if (BIO_should_write(ssl->wbio))
-                        return TLS13_IO_WANT_POLLOUT;
-                if (ERR_peek_error() == 0 && errno != 0)
-                        SYSerror(errno);
-                return TLS13_IO_FAILURE;
-        }
-        if (n == len)
-                ssl->rwstate = SSL_NOTHING;
-        return n;
-}
-ssize_t
-tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        return tls13_legacy_wire_write(ctx->ssl, buf, n);
-}
-static ssize_t
-tls13_legacy_wire_flush(SSL *ssl)
-{
-        if (BIO_flush(ssl->wbio) <= 0) {
-                if (BIO_should_write(ssl->wbio))
-                        return TLS13_IO_WANT_POLLOUT;
-                if (ERR_peek_error() == 0 && errno != 0)
-                        SYSerror(errno);
-                return TLS13_IO_FAILURE;
-        }
-        return TLS13_IO_SUCCESS;
-}
-ssize_t
-tls13_legacy_wire_flush_cb(void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        return tls13_legacy_wire_flush(ctx->ssl);
-}
-static void
-tls13_legacy_error(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        int reason = SSL_R_UNKNOWN;
-        /* If we received a fatal alert we already put an error on the stack. */
-        if (ssl->s3->fatal_alert != 0)
-                return;
-        switch (ctx->error.code) {
-        case TLS13_ERR_VERIFY_FAILED:
-                reason = SSL_R_CERTIFICATE_VERIFY_FAILED;
-                break;
-        case TLS13_ERR_HRR_FAILED:
-                reason = SSL_R_NO_CIPHERS_AVAILABLE;
-                break;
-        case TLS13_ERR_TRAILING_DATA:
-                reason = SSL_R_EXTRA_DATA_IN_MESSAGE;
-                break;
-        case TLS13_ERR_NO_SHARED_CIPHER:
-                reason = SSL_R_NO_SHARED_CIPHER;
-                break;
-        case TLS13_ERR_NO_CERTIFICATE:
-                reason = SSL_R_MISSING_RSA_CERTIFICATE; /* XXX */
-                break;
-        case TLS13_ERR_NO_PEER_CERTIFICATE:
-                reason = SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE;
-                break;
-        }
-        /* Something (probably libcrypto) already pushed an error on the stack. */
-        if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0)
-                return;
-        ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
-            ctx->error.line);
-}
-int
-tls13_legacy_return_code(SSL *ssl, ssize_t ret)
-{
-        if (ret > INT_MAX) {
-                SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-        /* A successful read, write or other operation. */
-        if (ret > 0)
-                return ret;
-        ssl->rwstate = SSL_NOTHING;
-        switch (ret) {
-        case TLS13_IO_EOF:
-                return 0;
-        case TLS13_IO_FAILURE:
-                tls13_legacy_error(ssl);
-                return -1;
-        case TLS13_IO_ALERT:
-                tls13_legacy_error(ssl);
-                return -1;
-        case TLS13_IO_WANT_POLLIN:
-                BIO_set_retry_read(ssl->rbio);
-                ssl->rwstate = SSL_READING;
-                return -1;
-        case TLS13_IO_WANT_POLLOUT:
-                BIO_set_retry_write(ssl->wbio);
-                ssl->rwstate = SSL_WRITING;
-                return -1;
-        case TLS13_IO_WANT_RETRY:
-                SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-        return -1;
-}
-int
-tls13_legacy_pending(const SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        ssize_t ret;
-        if (ctx == NULL)
-                return 0;
-        ret = tls13_pending_application_data(ctx->rl);
-        if (ret < 0 || ret > INT_MAX)
-                return 0;
-        return ret;
-}
-int
-tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        ssize_t ret;
-        if (ctx == NULL || !ctx->handshake_completed) {
-                if ((ret = ssl->handshake_func(ssl)) <= 0)
-                        return ret;
-                if (len == 0)
-                        return 0;
-                return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN);
-        }
-        tls13_record_layer_set_retry_after_phh(ctx->rl,
-            (ctx->ssl->mode & SSL_MODE_AUTO_RETRY) != 0);
-        if (type != SSL3_RT_APPLICATION_DATA) {
-                SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
-        }
-        if (len < 0) {
-                SSLerror(ssl, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-        if (peek)
-                ret = tls13_peek_application_data(ctx->rl, buf, len);
-        else
-                ret = tls13_read_application_data(ctx->rl, buf, len);
-        return tls13_legacy_return_code(ssl, ret);
-}
-int
-tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        const uint8_t *buf = vbuf;
-        size_t n, sent;
-        ssize_t ret;
-        if (ctx == NULL || !ctx->handshake_completed) {
-                if ((ret = ssl->handshake_func(ssl)) <= 0)
-                        return ret;
-                if (len == 0)
-                        return 0;
-                return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLOUT);
-        }
-        if (type != SSL3_RT_APPLICATION_DATA) {
-                SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
-        }
-        if (len < 0) {
-                SSLerror(ssl, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-        /*
-         * The TLSv1.3 record layer write behaviour is the same as
-         * SSL_MODE_ENABLE_PARTIAL_WRITE.
-         */
-        if (ssl->mode & SSL_MODE_ENABLE_PARTIAL_WRITE) {
-                ret = tls13_write_application_data(ctx->rl, buf, len);
-                return tls13_legacy_return_code(ssl, ret);
-        }
-        /*
-         * In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until
-         * we have written out all of the requested data.
-         */
-        sent = ssl->s3->wnum;
-        if (len < sent) {
-                SSLerror(ssl, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-        n = len - sent;
-        for (;;) {
-                if (n == 0) {
-                        ssl->s3->wnum = 0;
-                        return sent;
-                }
-                if ((ret = tls13_write_application_data(ctx->rl,
-                    &buf[sent], n)) <= 0) {
-                        ssl->s3->wnum = sent;
-                        return tls13_legacy_return_code(ssl, ret);
-                }
-                sent += ret;
-                n -= ret;
-        }
-}
-static int
-tls13_use_legacy_stack(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-        CBB cbb, fragment;
-        CBS cbs;
-        memset(&cbb, 0, sizeof(cbb));
-        s->method = tls_legacy_method();
-        if (!ssl3_setup_init_buffer(s))
-                goto err;
-        if (!ssl3_setup_buffers(s))
-                goto err;
-        if (!ssl_init_wbio_buffer(s, 1))
-                goto err;
-        /* Stash any unprocessed data from the last record. */
-        tls13_record_layer_rcontent(ctx->rl, &cbs);
-        if (CBS_len(&cbs) > 0) {
-                if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf,
-                    s->s3->rbuf.len))
-                        goto err;
-                if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE))
-                        goto err;
-                if (!CBB_add_u16(&cbb, TLS1_2_VERSION))
-                        goto err;
-                if (!CBB_add_u16_length_prefixed(&cbb, &fragment))
-                        goto err;
-                if (!CBB_add_bytes(&fragment, CBS_data(&cbs), CBS_len(&cbs)))
-                        goto err;
-                if (!CBB_finish(&cbb, NULL, NULL))
-                        goto err;
-                s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH;
-                s->s3->rbuf.left = CBS_len(&cbs);
-                s->s3->rrec.type = SSL3_RT_HANDSHAKE;
-                s->s3->rrec.length = CBS_len(&cbs);
-                s->rstate = SSL_ST_READ_BODY;
-                s->packet = s->s3->rbuf.buf;
-                s->packet_length = SSL3_RT_HEADER_LENGTH;
-                s->mac_packet = 1;
-        }
-        /* Stash the current handshake message. */
-        tls13_handshake_msg_data(ctx->hs_msg, &cbs);
-        if (!BUF_MEM_grow_clean(s->init_buf, CBS_len(&cbs)))
-                goto err;
-        if (!CBS_write_bytes(&cbs, s->init_buf->data,
-            s->init_buf->length, NULL))
-                goto err;
-        s->s3->hs.tls12.reuse_message = 1;
-        s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
-        s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH;
-        return 1;
- err:
-        CBB_cleanup(&cbb);
-        return 0;
-}
-int
-tls13_use_legacy_client(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-        if (!tls13_use_legacy_stack(ctx))
-                return 0;
-        s->handshake_func = s->method->ssl_connect;
-        s->version = s->method->max_tls_version;
-        return 1;
-}
-int
-tls13_use_legacy_server(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-        if (!tls13_use_legacy_stack(ctx))
-                return 0;
-        s->handshake_func = s->method->ssl_accept;
-        s->version = s->method->max_tls_version;
-        s->server = 1;
-        return 1;
-}
-int
-tls13_legacy_accept(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        int ret;
-        if (ctx == NULL) {
-                if ((ctx = tls13_ctx_new(TLS13_HS_SERVER, ssl)) == NULL) {
-                        SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-                if (!tls13_server_init(ctx)) {
-                        if (ERR_peek_error() == 0)
-                                SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-        }
-        ERR_clear_error();
-        ret = tls13_server_accept(ctx);
-        if (ret == TLS13_IO_USE_LEGACY)
-                return ssl->method->ssl_accept(ssl);
-        ret = tls13_legacy_return_code(ssl, ret);
-        if (ctx->info_cb != NULL)
-                ctx->info_cb(ctx, TLS13_INFO_ACCEPT_EXIT, ret);
-        return ret;
-}
-int
-tls13_legacy_connect(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        int ret;
-        if (ctx == NULL) {
-                if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT, ssl)) == NULL) {
-                        SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-                if (!tls13_client_init(ctx)) {
-                        if (ERR_peek_error() == 0)
-                                SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-        }
-        ERR_clear_error();
-        ret = tls13_client_connect(ctx);
-        if (ret == TLS13_IO_USE_LEGACY)
-                return ssl->method->ssl_connect(ssl);
-        ret = tls13_legacy_return_code(ssl, ret);
-        if (ctx->info_cb != NULL)
-                ctx->info_cb(ctx, TLS13_INFO_CONNECT_EXIT, ret);
-        return ret;
-}
-int
-tls13_legacy_shutdown(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        uint8_t buf[512]; /* XXX */
-        ssize_t ret;
-        /*
-         * We need to return 0 at the point that we have completed sending a
-         * close-notify. We return 1 when we have sent and received close-notify
-         * alerts. All other cases, including EOF, return -1 and set internal
-         * state appropriately.
-         */
-        if (ctx == NULL || ssl->quiet_shutdown) {
-                ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
-                return 1;
-        }
-        if (!ctx->close_notify_sent) {
-                /* Enqueue and send close notify. */
-                if (!(ssl->shutdown & SSL_SENT_SHUTDOWN)) {
-                        ssl->shutdown |= SSL_SENT_SHUTDOWN;
-                        if ((ret = tls13_send_alert(ctx->rl,
-                            TLS13_ALERT_CLOSE_NOTIFY)) < 0)
-                                return tls13_legacy_return_code(ssl, ret);
-                }
-                ret = tls13_record_layer_send_pending(ctx->rl);
-                if (ret == TLS13_IO_EOF)
-                        return -1;
-                if (ret != TLS13_IO_SUCCESS)
-                        return tls13_legacy_return_code(ssl, ret);
-        } else if (!ctx->close_notify_recv) {
-                /*
-                 * If there is no application data pending, attempt to read more
-                 * data in order to receive a close-notify. This should trigger
-                 * a record to be read from the wire, which may be application
-                 * handshake or alert data. Only one attempt is made to match
-                 * previous semantics.
-                 */
-                if (tls13_pending_application_data(ctx->rl) == 0) {
-                        if ((ret = tls13_read_application_data(ctx->rl, buf,
-                            sizeof(buf))) < 0)
-                                return tls13_legacy_return_code(ssl, ret);
-                        if (!ctx->close_notify_recv)
-                                return -1;
-                }
-        }
-        if (ctx->close_notify_recv)
-                return 1;
-        return 0;
-}
-int
-tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert)
-{
-        int legacy_alert = SSL_AD_UNRECOGNIZED_NAME;
-        int ret = SSL_TLSEXT_ERR_NOACK;
-        SSL_CTX *ssl_ctx = ctx->ssl->ctx;
-        SSL *s = ctx->ssl;
-        if (ssl_ctx->tlsext_servername_callback == NULL)
-                ssl_ctx = s->initial_ctx;
-        if (ssl_ctx->tlsext_servername_callback == NULL)
-                return 1;
-        ret = ssl_ctx->tlsext_servername_callback(s, &legacy_alert,
-            ssl_ctx->tlsext_servername_arg);
-        /*
-         * Ignore SSL_TLSEXT_ERR_ALERT_WARNING returns to match OpenSSL's
-         * behavior: the only warning alerts in TLSv1.3 are close_notify and
-         * user_canceled, neither of which should be returned by the callback.
-         */
-        if (ret == SSL_TLSEXT_ERR_ALERT_FATAL) {
-                if (legacy_alert >= 0 && legacy_alert <= 255)
-                        *alert = legacy_alert;
-                return 0;
-        }
-        return 1;
-}
author	cvs2svn <admin@example.com>	2023-04-23 13:43:47 +0000
committer	cvs2svn <admin@example.com>	2023-04-23 13:43:47 +0000
commit	e2496982472bdf233be95c5ea72d1c4dc6c91db3 (patch)
tree	316488e5daf86864d8466bce0e5b000d85768378 /src/lib/libssl/tls13_legacy.c
parent	097d0cf840b9007212bcd2516ed5e18939e6da3d (diff)
download	openbsd-tb_20230422.tar.gz openbsd-tb_20230422.tar.bz2 openbsd-tb_20230422.zip

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c deleted file mode 100644 index 1d6a5a1299..0000000000 --- a/src/lib/libssl/tls13_legacy.c +++ /dev/null
@@ -1,556 +0,0 @@
1	/* $OpenBSD: tls13_legacy.c,v 1.40 2022/11/26 16:08:56 tb Exp $ */
2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <limits.h>
19
20	#include "ssl_local.h"
21	#include "tls13_internal.h"
22
23	static ssize_t
24	tls13_legacy_wire_read(SSL ssl, uint8_t buf, size_t len)
25	{
26	int n;
27
28	if (ssl->rbio == NULL) {
29	SSLerror(ssl, SSL_R_BIO_NOT_SET);
30	return TLS13_IO_FAILURE;
31	}
32
33	ssl->rwstate = SSL_READING;
34	errno = 0;
35
36	if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
37	if (BIO_should_read(ssl->rbio))
38	return TLS13_IO_WANT_POLLIN;
39	if (n == 0)
40	return TLS13_IO_EOF;
41
42	if (ERR_peek_error() == 0 && errno != 0)
43	SYSerror(errno);
44
45	return TLS13_IO_FAILURE;
46	}
47
48	if (n == len)
49	ssl->rwstate = SSL_NOTHING;
50
51	return n;
52	}
53
54	ssize_t
55	tls13_legacy_wire_read_cb(void buf, size_t n, void arg)
56	{
57	struct tls13_ctx *ctx = arg;
58
59	return tls13_legacy_wire_read(ctx->ssl, buf, n);
60	}
61
62	static ssize_t
63	tls13_legacy_wire_write(SSL ssl, const uint8_t buf, size_t len)
64	{
65	int n;
66
67	if (ssl->wbio == NULL) {
68	SSLerror(ssl, SSL_R_BIO_NOT_SET);
69	return TLS13_IO_FAILURE;
70	}
71
72	ssl->rwstate = SSL_WRITING;
73	errno = 0;
74
75	if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
76	if (BIO_should_write(ssl->wbio))
77	return TLS13_IO_WANT_POLLOUT;
78
79	if (ERR_peek_error() == 0 && errno != 0)
80	SYSerror(errno);
81
82	return TLS13_IO_FAILURE;
83	}
84
85	if (n == len)
86	ssl->rwstate = SSL_NOTHING;
87
88	return n;
89	}
90
91	ssize_t
92	tls13_legacy_wire_write_cb(const void buf, size_t n, void arg)
93	{
94	struct tls13_ctx *ctx = arg;
95
96	return tls13_legacy_wire_write(ctx->ssl, buf, n);
97	}
98
99	static ssize_t
100	tls13_legacy_wire_flush(SSL *ssl)
101	{
102	if (BIO_flush(ssl->wbio) <= 0) {
103	if (BIO_should_write(ssl->wbio))
104	return TLS13_IO_WANT_POLLOUT;
105
106	if (ERR_peek_error() == 0 && errno != 0)
107	SYSerror(errno);
108
109	return TLS13_IO_FAILURE;
110	}
111
112	return TLS13_IO_SUCCESS;
113	}
114
115	ssize_t
116	tls13_legacy_wire_flush_cb(void *arg)
117	{
118	struct tls13_ctx *ctx = arg;
119
120	return tls13_legacy_wire_flush(ctx->ssl);
121	}
122
123	static void
124	tls13_legacy_error(SSL *ssl)
125	{
126	struct tls13_ctx *ctx = ssl->tls13;
127	int reason = SSL_R_UNKNOWN;
128
129	/* If we received a fatal alert we already put an error on the stack. */
130	if (ssl->s3->fatal_alert != 0)
131	return;
132
133	switch (ctx->error.code) {
134	case TLS13_ERR_VERIFY_FAILED:
135	reason = SSL_R_CERTIFICATE_VERIFY_FAILED;
136	break;
137	case TLS13_ERR_HRR_FAILED:
138	reason = SSL_R_NO_CIPHERS_AVAILABLE;
139	break;
140	case TLS13_ERR_TRAILING_DATA:
141	reason = SSL_R_EXTRA_DATA_IN_MESSAGE;
142	break;
143	case TLS13_ERR_NO_SHARED_CIPHER:
144	reason = SSL_R_NO_SHARED_CIPHER;
145	break;
146	case TLS13_ERR_NO_CERTIFICATE:
147	reason = SSL_R_MISSING_RSA_CERTIFICATE; /* XXX */
148	break;
149	case TLS13_ERR_NO_PEER_CERTIFICATE:
150	reason = SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE;
151	break;
152	}
153
154	/* Something (probably libcrypto) already pushed an error on the stack. */
155	if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0)
156	return;
157
158	ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
159	ctx->error.line);
160	}
161
162	int
163	tls13_legacy_return_code(SSL *ssl, ssize_t ret)
164	{
165	if (ret > INT_MAX) {
166	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
167	return -1;
168	}
169
170	/* A successful read, write or other operation. */
171	if (ret > 0)
172	return ret;
173
174	ssl->rwstate = SSL_NOTHING;
175
176	switch (ret) {
177	case TLS13_IO_EOF:
178	return 0;
179
180	case TLS13_IO_FAILURE:
181	tls13_legacy_error(ssl);
182	return -1;
183
184	case TLS13_IO_ALERT:
185	tls13_legacy_error(ssl);
186	return -1;
187
188	case TLS13_IO_WANT_POLLIN:
189	BIO_set_retry_read(ssl->rbio);
190	ssl->rwstate = SSL_READING;
191	return -1;
192
193	case TLS13_IO_WANT_POLLOUT:
194	BIO_set_retry_write(ssl->wbio);
195	ssl->rwstate = SSL_WRITING;
196	return -1;
197
198	case TLS13_IO_WANT_RETRY:
199	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
200	return -1;
201	}
202
203	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
204	return -1;
205	}
206
207	int
208	tls13_legacy_pending(const SSL *ssl)
209	{
210	struct tls13_ctx *ctx = ssl->tls13;
211	ssize_t ret;
212
213	if (ctx == NULL)
214	return 0;
215
216	ret = tls13_pending_application_data(ctx->rl);
217	if (ret < 0 \|\| ret > INT_MAX)
218	return 0;
219
220	return ret;
221	}
222
223	int
224	tls13_legacy_read_bytes(SSL ssl, int type, unsigned char buf, int len, int peek)
225	{
226	struct tls13_ctx *ctx = ssl->tls13;
227	ssize_t ret;
228
229	if (ctx == NULL \|\| !ctx->handshake_completed) {
230	if ((ret = ssl->handshake_func(ssl)) <= 0)
231	return ret;
232	if (len == 0)
233	return 0;
234	return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN);
235	}
236
237	tls13_record_layer_set_retry_after_phh(ctx->rl,
238	(ctx->ssl->mode & SSL_MODE_AUTO_RETRY) != 0);
239
240	if (type != SSL3_RT_APPLICATION_DATA) {
241	SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
242	return -1;
243	}
244	if (len < 0) {
245	SSLerror(ssl, SSL_R_BAD_LENGTH);
246	return -1;
247	}
248
249	if (peek)
250	ret = tls13_peek_application_data(ctx->rl, buf, len);
251	else
252	ret = tls13_read_application_data(ctx->rl, buf, len);
253
254	return tls13_legacy_return_code(ssl, ret);
255	}
256
257	int
258	tls13_legacy_write_bytes(SSL ssl, int type, const void vbuf, int len)
259	{
260	struct tls13_ctx *ctx = ssl->tls13;
261	const uint8_t *buf = vbuf;
262	size_t n, sent;
263	ssize_t ret;
264
265	if (ctx == NULL \|\| !ctx->handshake_completed) {
266	if ((ret = ssl->handshake_func(ssl)) <= 0)
267	return ret;
268	if (len == 0)
269	return 0;
270	return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLOUT);
271	}
272
273	if (type != SSL3_RT_APPLICATION_DATA) {
274	SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
275	return -1;
276	}
277	if (len < 0) {
278	SSLerror(ssl, SSL_R_BAD_LENGTH);
279	return -1;
280	}
281
282	/*
283	* The TLSv1.3 record layer write behaviour is the same as
284	* SSL_MODE_ENABLE_PARTIAL_WRITE.
285	*/
286	if (ssl->mode & SSL_MODE_ENABLE_PARTIAL_WRITE) {
287	ret = tls13_write_application_data(ctx->rl, buf, len);
288	return tls13_legacy_return_code(ssl, ret);
289	}
290
291	/*
292	* In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until
293	* we have written out all of the requested data.
294	*/
295	sent = ssl->s3->wnum;
296	if (len < sent) {
297	SSLerror(ssl, SSL_R_BAD_LENGTH);
298	return -1;
299	}
300	n = len - sent;
301	for (;;) {
302	if (n == 0) {
303	ssl->s3->wnum = 0;
304	return sent;
305	}
306	if ((ret = tls13_write_application_data(ctx->rl,
307	&buf[sent], n)) <= 0) {
308	ssl->s3->wnum = sent;
309	return tls13_legacy_return_code(ssl, ret);
310	}
311	sent += ret;
312	n -= ret;
313	}
314	}
315
316	static int
317	tls13_use_legacy_stack(struct tls13_ctx *ctx)
318	{
319	SSL *s = ctx->ssl;
320	CBB cbb, fragment;
321	CBS cbs;
322
323	memset(&cbb, 0, sizeof(cbb));
324
325	s->method = tls_legacy_method();
326
327	if (!ssl3_setup_init_buffer(s))
328	goto err;
329	if (!ssl3_setup_buffers(s))
330	goto err;
331	if (!ssl_init_wbio_buffer(s, 1))
332	goto err;
333
334	/* Stash any unprocessed data from the last record. */
335	tls13_record_layer_rcontent(ctx->rl, &cbs);
336	if (CBS_len(&cbs) > 0) {
337	if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf,
338	s->s3->rbuf.len))
339	goto err;
340	if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE))
341	goto err;
342	if (!CBB_add_u16(&cbb, TLS1_2_VERSION))
343	goto err;
344	if (!CBB_add_u16_length_prefixed(&cbb, &fragment))
345	goto err;
346	if (!CBB_add_bytes(&fragment, CBS_data(&cbs), CBS_len(&cbs)))
347	goto err;
348	if (!CBB_finish(&cbb, NULL, NULL))
349	goto err;
350
351	s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH;
352	s->s3->rbuf.left = CBS_len(&cbs);
353	s->s3->rrec.type = SSL3_RT_HANDSHAKE;
354	s->s3->rrec.length = CBS_len(&cbs);
355	s->rstate = SSL_ST_READ_BODY;
356	s->packet = s->s3->rbuf.buf;
357	s->packet_length = SSL3_RT_HEADER_LENGTH;
358	s->mac_packet = 1;
359	}
360
361	/* Stash the current handshake message. */
362	tls13_handshake_msg_data(ctx->hs_msg, &cbs);
363	if (!BUF_MEM_grow_clean(s->init_buf, CBS_len(&cbs)))
364	goto err;
365	if (!CBS_write_bytes(&cbs, s->init_buf->data,
366	s->init_buf->length, NULL))
367	goto err;
368
369	s->s3->hs.tls12.reuse_message = 1;
370	s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
371	s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH;
372
373	return 1;
374
375	err:
376	CBB_cleanup(&cbb);
377
378	return 0;
379	}
380
381	int
382	tls13_use_legacy_client(struct tls13_ctx *ctx)
383	{
384	SSL *s = ctx->ssl;
385
386	if (!tls13_use_legacy_stack(ctx))
387	return 0;
388
389	s->handshake_func = s->method->ssl_connect;
390	s->version = s->method->max_tls_version;
391
392	return 1;
393	}
394
395	int
396	tls13_use_legacy_server(struct tls13_ctx *ctx)
397	{
398	SSL *s = ctx->ssl;
399
400	if (!tls13_use_legacy_stack(ctx))
401	return 0;
402
403	s->handshake_func = s->method->ssl_accept;
404	s->version = s->method->max_tls_version;
405	s->server = 1;
406
407	return 1;
408	}
409
410	int
411	tls13_legacy_accept(SSL *ssl)
412	{
413	struct tls13_ctx *ctx = ssl->tls13;
414	int ret;
415
416	if (ctx == NULL) {
417	if ((ctx = tls13_ctx_new(TLS13_HS_SERVER, ssl)) == NULL) {
418	SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
419	return -1;
420	}
421	if (!tls13_server_init(ctx)) {
422	if (ERR_peek_error() == 0)
423	SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
424	return -1;
425	}
426	}
427
428	ERR_clear_error();
429
430	ret = tls13_server_accept(ctx);
431	if (ret == TLS13_IO_USE_LEGACY)
432	return ssl->method->ssl_accept(ssl);
433
434	ret = tls13_legacy_return_code(ssl, ret);
435
436	if (ctx->info_cb != NULL)
437	ctx->info_cb(ctx, TLS13_INFO_ACCEPT_EXIT, ret);
438
439	return ret;
440	}
441
442	int
443	tls13_legacy_connect(SSL *ssl)
444	{
445	struct tls13_ctx *ctx = ssl->tls13;
446	int ret;
447
448	if (ctx == NULL) {
449	if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT, ssl)) == NULL) {
450	SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
451	return -1;
452	}
453	if (!tls13_client_init(ctx)) {
454	if (ERR_peek_error() == 0)
455	SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
456	return -1;
457	}
458	}
459
460	ERR_clear_error();
461
462	ret = tls13_client_connect(ctx);
463	if (ret == TLS13_IO_USE_LEGACY)
464	return ssl->method->ssl_connect(ssl);
465
466	ret = tls13_legacy_return_code(ssl, ret);
467
468	if (ctx->info_cb != NULL)
469	ctx->info_cb(ctx, TLS13_INFO_CONNECT_EXIT, ret);
470
471	return ret;
472	}
473
474	int
475	tls13_legacy_shutdown(SSL *ssl)
476	{
477	struct tls13_ctx *ctx = ssl->tls13;
478	uint8_t buf[512]; /* XXX */
479	ssize_t ret;
480
481	/*
482	* We need to return 0 at the point that we have completed sending a
483	* close-notify. We return 1 when we have sent and received close-notify
484	* alerts. All other cases, including EOF, return -1 and set internal
485	* state appropriately.
486	*/
487	if (ctx == NULL \|\| ssl->quiet_shutdown) {
488	ssl->shutdown = SSL_SENT_SHUTDOWN \| SSL_RECEIVED_SHUTDOWN;
489	return 1;
490	}
491
492	if (!ctx->close_notify_sent) {
493	/* Enqueue and send close notify. */
494	if (!(ssl->shutdown & SSL_SENT_SHUTDOWN)) {
495	ssl->shutdown \|= SSL_SENT_SHUTDOWN;
496	if ((ret = tls13_send_alert(ctx->rl,
497	TLS13_ALERT_CLOSE_NOTIFY)) < 0)
498	return tls13_legacy_return_code(ssl, ret);
499	}
500	ret = tls13_record_layer_send_pending(ctx->rl);
501	if (ret == TLS13_IO_EOF)
502	return -1;
503	if (ret != TLS13_IO_SUCCESS)
504	return tls13_legacy_return_code(ssl, ret);
505	} else if (!ctx->close_notify_recv) {
506	/*
507	* If there is no application data pending, attempt to read more
508	* data in order to receive a close-notify. This should trigger
509	* a record to be read from the wire, which may be application
510	* handshake or alert data. Only one attempt is made to match
511	* previous semantics.
512	*/
513	if (tls13_pending_application_data(ctx->rl) == 0) {
514	if ((ret = tls13_read_application_data(ctx->rl, buf,
515	sizeof(buf))) < 0)
516	return tls13_legacy_return_code(ssl, ret);
517	if (!ctx->close_notify_recv)
518	return -1;
519	}
520	}
521
522	if (ctx->close_notify_recv)
523	return 1;
524
525	return 0;
526	}
527
528	int
529	tls13_legacy_servername_process(struct tls13_ctx ctx, uint8_t alert)
530	{
531	int legacy_alert = SSL_AD_UNRECOGNIZED_NAME;
532	int ret = SSL_TLSEXT_ERR_NOACK;
533	SSL_CTX *ssl_ctx = ctx->ssl->ctx;
534	SSL *s = ctx->ssl;
535
536	if (ssl_ctx->tlsext_servername_callback == NULL)
537	ssl_ctx = s->initial_ctx;
538	if (ssl_ctx->tlsext_servername_callback == NULL)
539	return 1;
540
541	ret = ssl_ctx->tlsext_servername_callback(s, &legacy_alert,
542	ssl_ctx->tlsext_servername_arg);
543
544	/*
545	* Ignore SSL_TLSEXT_ERR_ALERT_WARNING returns to match OpenSSL's
546	* behavior: the only warning alerts in TLSv1.3 are close_notify and
547	* user_canceled, neither of which should be returned by the callback.
548	*/
549	if (ret == SSL_TLSEXT_ERR_ALERT_FATAL) {
550	if (legacy_alert >= 0 && legacy_alert <= 255)
551	*alert = legacy_alert;
552	return 0;
553	}
554
555	return 1;
556	}