summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorjsing <>2020-09-17 15:23:29 +0000
committerjsing <>2020-09-17 15:23:29 +0000
commit8b329cf90019dcaa45de44d9c3b2eed853ec9429 (patch)
treeab0f21a1d37a85215ffbd688a792523e6b1b6726 /src/lib
parentc48a963f213a6f89d842f72d054aaa8907dee25f (diff)
downloadopenbsd-8b329cf90019dcaa45de44d9c3b2eed853ec9429.tar.gz
openbsd-8b329cf90019dcaa45de44d9c3b2eed853ec9429.tar.bz2
openbsd-8b329cf90019dcaa45de44d9c3b2eed853ec9429.zip
Simplify SSL method lookups.
There are three places where we call tls1_get_{client,server}_method() and if that returns NULL, call dtls1_get_{client,server}_method(). Simplify this by combining the lookup into a single function. While here also use uint16_t for version types. ok inoguchi@ millert@
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/ssl_clnt.c6
-rw-r--r--src/lib/libssl/ssl_locl.h8
-rw-r--r--src/lib/libssl/ssl_methods.c84
-rw-r--r--src/lib/libssl/ssl_sess.c6
-rw-r--r--src/lib/libssl/ssl_srvr.c6
5 files changed, 44 insertions, 66 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 68c7a83595..d62928a093 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.71 2020/09/11 17:36:27 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.72 2020/09/17 15:23:29 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -857,9 +857,7 @@ ssl3_get_server_hello(SSL *s)
857 } 857 }
858 s->version = server_version; 858 s->version = server_version;
859 859
860 if ((method = tls1_get_client_method(server_version)) == NULL) 860 if ((method = ssl_get_client_method(server_version)) == NULL) {
861 method = dtls1_get_client_method(server_version);
862 if (method == NULL) {
863 SSLerror(s, ERR_R_INTERNAL_ERROR); 861 SSLerror(s, ERR_R_INTERNAL_ERROR);
864 goto err; 862 goto err;
865 } 863 }
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 4ac6b76cd3..a3b8a80572 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.292 2020/09/15 09:41:24 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.293 2020/09/17 15:23:29 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1131,10 +1131,8 @@ const SSL_METHOD *tls_legacy_method(void);
1131const SSL_METHOD *tls_legacy_client_method(void); 1131const SSL_METHOD *tls_legacy_client_method(void);
1132const SSL_METHOD *tls_legacy_server_method(void); 1132const SSL_METHOD *tls_legacy_server_method(void);
1133 1133
1134const SSL_METHOD *dtls1_get_client_method(int ver); 1134const SSL_METHOD *ssl_get_client_method(uint16_t version);
1135const SSL_METHOD *dtls1_get_server_method(int ver); 1135const SSL_METHOD *ssl_get_server_method(uint16_t version);
1136const SSL_METHOD *tls1_get_client_method(int ver);
1137const SSL_METHOD *tls1_get_server_method(int ver);
1138 1136
1139extern SSL3_ENC_METHOD DTLSv1_enc_data; 1137extern SSL3_ENC_METHOD DTLSv1_enc_data;
1140extern SSL3_ENC_METHOD TLSv1_enc_data; 1138extern SSL3_ENC_METHOD TLSv1_enc_data;
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index c500d7ac06..ff8d17af06 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_methods.c,v 1.15 2020/09/15 09:41:24 jsing Exp $ */ 1/* $OpenBSD: ssl_methods.c,v 1.16 2020/09/17 15:23:29 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -98,14 +98,6 @@ DTLS_client_method(void)
98 return DTLSv1_client_method(); 98 return DTLSv1_client_method();
99} 99}
100 100
101const SSL_METHOD *
102dtls1_get_client_method(int ver)
103{
104 if (ver == DTLS1_VERSION)
105 return (DTLSv1_client_method());
106 return (NULL);
107}
108
109static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 101static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
110 .version = DTLS1_VERSION, 102 .version = DTLS1_VERSION,
111 .min_version = DTLS1_VERSION, 103 .min_version = DTLS1_VERSION,
@@ -184,14 +176,6 @@ DTLS_server_method(void)
184 return DTLSv1_server_method(); 176 return DTLSv1_server_method();
185} 177}
186 178
187const SSL_METHOD *
188dtls1_get_server_method(int ver)
189{
190 if (ver == DTLS1_VERSION)
191 return (DTLSv1_server_method());
192 return (NULL);
193}
194
195#ifdef LIBRESSL_HAS_TLS1_3_CLIENT 179#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
196static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 180static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
197 .version = TLS1_3_VERSION, 181 .version = TLS1_3_VERSION,
@@ -330,22 +314,6 @@ static const SSL_METHOD TLSv1_2_client_method_data = {
330}; 314};
331 315
332const SSL_METHOD * 316const SSL_METHOD *
333tls1_get_client_method(int ver)
334{
335#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
336 if (ver == TLS1_3_VERSION)
337 return (TLS_client_method());
338#endif
339 if (ver == TLS1_2_VERSION)
340 return (TLSv1_2_client_method());
341 if (ver == TLS1_1_VERSION)
342 return (TLSv1_1_client_method());
343 if (ver == TLS1_VERSION)
344 return (TLSv1_client_method());
345 return (NULL);
346}
347
348const SSL_METHOD *
349SSLv23_client_method(void) 317SSLv23_client_method(void)
350{ 318{
351 return (TLS_client_method()); 319 return (TLS_client_method());
@@ -700,22 +668,6 @@ static const SSL_METHOD TLSv1_2_server_method_data = {
700}; 668};
701 669
702const SSL_METHOD * 670const SSL_METHOD *
703tls1_get_server_method(int ver)
704{
705#ifdef LIBRESSL_HAS_TLS1_3_SERVER
706 if (ver == TLS1_3_VERSION)
707 return (TLS_server_method());
708#endif
709 if (ver == TLS1_2_VERSION)
710 return (TLSv1_2_server_method());
711 if (ver == TLS1_1_VERSION)
712 return (TLSv1_1_server_method());
713 if (ver == TLS1_VERSION)
714 return (TLSv1_server_method());
715 return (NULL);
716}
717
718const SSL_METHOD *
719SSLv23_server_method(void) 671SSLv23_server_method(void)
720{ 672{
721 return (TLS_server_method()); 673 return (TLS_server_method());
@@ -754,3 +706,37 @@ TLSv1_2_server_method(void)
754{ 706{
755 return (&TLSv1_2_server_method_data); 707 return (&TLSv1_2_server_method_data);
756} 708}
709
710const SSL_METHOD *
711ssl_get_client_method(uint16_t version)
712{
713 if (version == TLS1_3_VERSION)
714 return (TLS_client_method());
715 if (version == TLS1_2_VERSION)
716 return (TLSv1_2_client_method());
717 if (version == TLS1_1_VERSION)
718 return (TLSv1_1_client_method());
719 if (version == TLS1_VERSION)
720 return (TLSv1_client_method());
721 if (version == DTLS1_VERSION)
722 return (DTLSv1_client_method());
723
724 return (NULL);
725}
726
727const SSL_METHOD *
728ssl_get_server_method(uint16_t version)
729{
730 if (version == TLS1_3_VERSION)
731 return (TLS_server_method());
732 if (version == TLS1_2_VERSION)
733 return (TLSv1_2_server_method());
734 if (version == TLS1_1_VERSION)
735 return (TLSv1_1_server_method());
736 if (version == TLS1_VERSION)
737 return (TLSv1_server_method());
738 if (version == DTLS1_VERSION)
739 return (DTLSv1_server_method());
740
741 return (NULL);
742}
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 4f9252679a..191e43b74b 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.98 2020/09/14 18:25:23 jsing Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.99 2020/09/17 15:23:29 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -785,9 +785,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
785 return SSL_set_ssl_method(s, s->ctx->method); 785 return SSL_set_ssl_method(s, s->ctx->method);
786 } 786 }
787 787
788 if ((method = tls1_get_client_method(session->ssl_version)) == NULL) 788 if ((method = ssl_get_client_method(session->ssl_version)) == NULL) {
789 method = dtls1_get_client_method(session->ssl_version);
790 if (method == NULL) {
791 SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); 789 SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
792 return (0); 790 return (0);
793 } 791 }
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index eaaa57efb3..f69be70f04 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.83 2020/09/12 17:27:11 tb Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.84 2020/09/17 15:23:29 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -870,9 +870,7 @@ ssl3_get_client_hello(SSL *s)
870 s->client_version = client_version; 870 s->client_version = client_version;
871 s->version = shared_version; 871 s->version = shared_version;
872 872
873 if ((method = tls1_get_server_method(shared_version)) == NULL) 873 if ((method = ssl_get_server_method(shared_version)) == NULL) {
874 method = dtls1_get_server_method(shared_version);
875 if (method == NULL) {
876 SSLerror(s, ERR_R_INTERNAL_ERROR); 874 SSLerror(s, ERR_R_INTERNAL_ERROR);
877 goto err; 875 goto err;
878 } 876 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 07:53:50 +0000