diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/Makefile | 5 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_internal.h | 3 | ||||
| -rw-r--r-- | src/lib/libssl/tls13_server.c | 79 |
3 files changed, 84 insertions, 3 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 2ede8a77b0..778b525224 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.56 2019/02/09 15:30:52 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.57 2019/11/17 06:35:30 jsing Exp $ |
| 2 | 2 | ||
| 3 | .include <bsd.own.mk> | 3 | .include <bsd.own.mk> |
| 4 | .ifndef NOMAN | 4 | .ifndef NOMAN |
| @@ -72,7 +72,8 @@ SRCS= \ | |||
| 72 | tls13_key_schedule.c \ | 72 | tls13_key_schedule.c \ |
| 73 | tls13_lib.c \ | 73 | tls13_lib.c \ |
| 74 | tls13_record.c \ | 74 | tls13_record.c \ |
| 75 | tls13_record_layer.c | 75 | tls13_record_layer.c \ |
| 76 | tls13_server.c | ||
| 76 | 77 | ||
| 77 | HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h | 78 | HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h |
| 78 | 79 | ||
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 7288ca3448..9ab72f4f3a 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_internal.h,v 1.29 2019/11/17 00:10:47 beck Exp $ */ | 1 | /* $OpenBSD: tls13_internal.h,v 1.30 2019/11/17 06:35:30 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -176,6 +176,7 @@ const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher); | |||
| 176 | /* | 176 | /* |
| 177 | * Legacy interfaces. | 177 | * Legacy interfaces. |
| 178 | */ | 178 | */ |
| 179 | int tls13_legacy_accept(SSL *ssl); | ||
| 179 | int tls13_legacy_connect(SSL *ssl); | 180 | int tls13_legacy_connect(SSL *ssl); |
| 180 | int tls13_legacy_return_code(SSL *ssl, ssize_t ret); | 181 | int tls13_legacy_return_code(SSL *ssl, ssize_t ret); |
| 181 | ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); | 182 | ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); |
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c new file mode 100644 index 0000000000..8d484fcb45 --- /dev/null +++ b/src/lib/libssl/tls13_server.c | |||
| @@ -0,0 +1,79 @@ | |||
| 1 | /* $OpenBSD: tls13_server.c,v 1.1 2019/11/17 06:35:30 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #include "ssl_locl.h" | ||
| 19 | |||
| 20 | #include "tls13_handshake.h" | ||
| 21 | #include "tls13_internal.h" | ||
| 22 | |||
| 23 | static int | ||
| 24 | tls13_accept(struct tls13_ctx *ctx) | ||
| 25 | { | ||
| 26 | if (ctx->mode != TLS13_HS_SERVER) | ||
| 27 | return TLS13_IO_FAILURE; | ||
| 28 | |||
| 29 | return tls13_handshake_perform(ctx); | ||
| 30 | } | ||
| 31 | |||
| 32 | static int | ||
| 33 | tls13_server_init(struct tls13_ctx *ctx) | ||
| 34 | { | ||
| 35 | SSL *s = ctx->ssl; | ||
| 36 | |||
| 37 | if (!ssl_supported_version_range(s, &ctx->hs->min_version, | ||
| 38 | &ctx->hs->max_version)) { | ||
| 39 | SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE); | ||
| 40 | return 0; | ||
| 41 | } | ||
| 42 | |||
| 43 | /* XXX implement. */ | ||
| 44 | |||
| 45 | return 1; | ||
| 46 | } | ||
| 47 | |||
| 48 | int | ||
| 49 | tls13_legacy_accept(SSL *ssl) | ||
| 50 | { | ||
| 51 | struct tls13_ctx *ctx = ssl->internal->tls13; | ||
| 52 | int ret; | ||
| 53 | |||
| 54 | if (ctx == NULL) { | ||
| 55 | if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) { | ||
| 56 | SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ | ||
| 57 | return -1; | ||
| 58 | } | ||
| 59 | ssl->internal->tls13 = ctx; | ||
| 60 | ctx->ssl = ssl; | ||
| 61 | ctx->hs = &S3I(ssl)->hs_tls13; | ||
| 62 | |||
| 63 | if (!tls13_server_init(ctx)) { | ||
| 64 | if (ERR_peek_error() == 0) | ||
| 65 | SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ | ||
| 66 | return -1; | ||
| 67 | } | ||
| 68 | } | ||
| 69 | |||
| 70 | S3I(ssl)->hs.state = SSL_ST_ACCEPT; | ||
| 71 | |||
| 72 | ret = tls13_accept(ctx); | ||
| 73 | if (ret == TLS13_IO_USE_LEGACY) | ||
| 74 | return ssl->method->internal->ssl_accept(ssl); | ||
| 75 | if (ret == TLS13_IO_SUCCESS) | ||
| 76 | S3I(ssl)->hs.state = SSL_ST_OK; | ||
| 77 | |||
| 78 | return tls13_legacy_return_code(ssl, ret); | ||
| 79 | } | ||