diff options
| author | jsing <> | 2019-02-14 17:50:07 +0000 |
|---|---|---|
| committer | jsing <> | 2019-02-14 17:50:07 +0000 |
| commit | 5518a6b41f13c34882ea1415c4f1e65ba5678603 (patch) | |
| tree | 74724acb5470907464a064bd76fefda582607ab2 /src | |
| parent | f59a6b307b949a6f6dd255652788878092223956 (diff) | |
| download | openbsd-5518a6b41f13c34882ea1415c4f1e65ba5678603.tar.gz openbsd-5518a6b41f13c34882ea1415c4f1e65ba5678603.tar.bz2 openbsd-5518a6b41f13c34882ea1415c4f1e65ba5678603.zip | |
Provide a TLS 1.3 capable client method.
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_methods.c | 48 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 3 |
3 files changed, 50 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 65429a3925..67a2e04784 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_locl.h,v 1.235 2019/02/10 13:04:29 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_locl.h,v 1.236 2019/02/14 17:50:07 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1065,6 +1065,8 @@ uint16_t ssl_max_server_version(SSL *s); | |||
| 1065 | int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver, | 1065 | int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver, |
| 1066 | uint16_t max_ver); | 1066 | uint16_t max_ver); |
| 1067 | 1067 | ||
| 1068 | const SSL_METHOD *tls_legacy_client_method(void); | ||
| 1069 | |||
| 1068 | const SSL_METHOD *dtls1_get_client_method(int ver); | 1070 | const SSL_METHOD *dtls1_get_client_method(int ver); |
| 1069 | const SSL_METHOD *dtls1_get_server_method(int ver); | 1071 | const SSL_METHOD *dtls1_get_server_method(int ver); |
| 1070 | const SSL_METHOD *tls1_get_client_method(int ver); | 1072 | const SSL_METHOD *tls1_get_client_method(int ver); |
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index 3e9f18bc40..636fed92a0 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_methods.c,v 1.1 2018/11/05 05:45:15 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_methods.c,v 1.2 2019/02/14 17:50:07 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -57,6 +57,7 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "ssl_locl.h" | 59 | #include "ssl_locl.h" |
| 60 | #include "tls13_internal.h" | ||
| 60 | 61 | ||
| 61 | static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { | 62 | static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { |
| 62 | .version = DTLS1_VERSION, | 63 | .version = DTLS1_VERSION, |
| @@ -189,7 +190,38 @@ dtls1_get_server_method(int ver) | |||
| 189 | return (NULL); | 190 | return (NULL); |
| 190 | } | 191 | } |
| 191 | 192 | ||
| 193 | #ifdef LIBRESSL_HAS_TLS13 | ||
| 192 | static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { | 194 | static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { |
| 195 | .version = TLS1_3_VERSION, | ||
| 196 | .min_version = TLS1_VERSION, | ||
| 197 | .max_version = TLS1_3_VERSION, | ||
| 198 | .ssl_new = tls1_new, | ||
| 199 | .ssl_clear = tls1_clear, | ||
| 200 | .ssl_free = tls1_free, | ||
| 201 | .ssl_accept = ssl_undefined_function, | ||
| 202 | .ssl_connect = tls13_legacy_connect, | ||
| 203 | .get_ssl_method = tls1_get_client_method, | ||
| 204 | .get_timeout = tls1_default_timeout, | ||
| 205 | .ssl_version = ssl_undefined_void_function, | ||
| 206 | .ssl_renegotiate = ssl_undefined_function, | ||
| 207 | .ssl_renegotiate_check = ssl_ok, | ||
| 208 | .ssl_get_message = ssl3_get_message, | ||
| 209 | .ssl_read_bytes = tls13_legacy_read_bytes, | ||
| 210 | .ssl_write_bytes = tls13_legacy_write_bytes, | ||
| 211 | .ssl3_enc = &TLSv1_2_enc_data, | ||
| 212 | }; | ||
| 213 | |||
| 214 | static const SSL_METHOD TLS_client_method_data = { | ||
| 215 | .ssl_dispatch_alert = ssl3_dispatch_alert, | ||
| 216 | .num_ciphers = ssl3_num_ciphers, | ||
| 217 | .get_cipher = ssl3_get_cipher, | ||
| 218 | .get_cipher_by_char = ssl3_get_cipher_by_char, | ||
| 219 | .put_cipher_by_char = ssl3_put_cipher_by_char, | ||
| 220 | .internal = &TLS_client_method_internal_data, | ||
| 221 | }; | ||
| 222 | #endif | ||
| 223 | |||
| 224 | static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { | ||
| 193 | .version = TLS1_2_VERSION, | 225 | .version = TLS1_2_VERSION, |
| 194 | .min_version = TLS1_VERSION, | 226 | .min_version = TLS1_VERSION, |
| 195 | .max_version = TLS1_2_VERSION, | 227 | .max_version = TLS1_2_VERSION, |
| @@ -209,13 +241,13 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { | |||
| 209 | .ssl3_enc = &TLSv1_2_enc_data, | 241 | .ssl3_enc = &TLSv1_2_enc_data, |
| 210 | }; | 242 | }; |
| 211 | 243 | ||
| 212 | static const SSL_METHOD TLS_client_method_data = { | 244 | static const SSL_METHOD TLS_legacy_client_method_data = { |
| 213 | .ssl_dispatch_alert = ssl3_dispatch_alert, | 245 | .ssl_dispatch_alert = ssl3_dispatch_alert, |
| 214 | .num_ciphers = ssl3_num_ciphers, | 246 | .num_ciphers = ssl3_num_ciphers, |
| 215 | .get_cipher = ssl3_get_cipher, | 247 | .get_cipher = ssl3_get_cipher, |
| 216 | .get_cipher_by_char = ssl3_get_cipher_by_char, | 248 | .get_cipher_by_char = ssl3_get_cipher_by_char, |
| 217 | .put_cipher_by_char = ssl3_put_cipher_by_char, | 249 | .put_cipher_by_char = ssl3_put_cipher_by_char, |
| 218 | .internal = &TLS_client_method_internal_data, | 250 | .internal = &TLS_legacy_client_method_internal_data, |
| 219 | }; | 251 | }; |
| 220 | 252 | ||
| 221 | static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { | 253 | static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { |
| @@ -326,7 +358,17 @@ SSLv23_client_method(void) | |||
| 326 | const SSL_METHOD * | 358 | const SSL_METHOD * |
| 327 | TLS_client_method(void) | 359 | TLS_client_method(void) |
| 328 | { | 360 | { |
| 361 | #ifdef LIBRESSL_HAS_TLS13 | ||
| 329 | return (&TLS_client_method_data); | 362 | return (&TLS_client_method_data); |
| 363 | #else | ||
| 364 | return tls_legacy_client_method(); | ||
| 365 | #endif | ||
| 366 | } | ||
| 367 | |||
| 368 | const SSL_METHOD * | ||
| 369 | tls_legacy_client_method(void) | ||
| 370 | { | ||
| 371 | return (&TLS_legacy_client_method_data); | ||
| 330 | } | 372 | } |
| 331 | 373 | ||
| 332 | const SSL_METHOD * | 374 | const SSL_METHOD * |
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 0637b34ff7..2d23e6609b 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.17 2019/02/09 15:20:05 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.18 2019/02/14 17:50:07 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -171,6 +171,7 @@ const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher); | |||
| 171 | /* | 171 | /* |
| 172 | * Legacy interfaces. | 172 | * Legacy interfaces. |
| 173 | */ | 173 | */ |
| 174 | int tls13_legacy_connect(SSL *ssl); | ||
| 174 | int tls13_legacy_return_code(SSL *ssl, ssize_t ret); | 175 | int tls13_legacy_return_code(SSL *ssl, ssize_t ret); |
| 175 | ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); | 176 | ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); |
| 176 | ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg); | 177 | ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg); |