summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/ssl_locl.h3
-rw-r--r--src/lib/libssl/ssl_methods.c54
2 files changed, 52 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index bf1f846d13..f7a8b0786d 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.280 2020/06/06 01:40:09 beck Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.281 2020/07/07 19:24:23 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1104,6 +1104,7 @@ int ssl_downgrade_max_version(SSL *s, uint16_t *max_ver);
1104int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver, 1104int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver,
1105 uint16_t max_ver); 1105 uint16_t max_ver);
1106 1106
1107const SSL_METHOD *tls_legacy_method(void);
1107const SSL_METHOD *tls_legacy_client_method(void); 1108const SSL_METHOD *tls_legacy_client_method(void);
1108const SSL_METHOD *tls_legacy_server_method(void); 1109const SSL_METHOD *tls_legacy_server_method(void);
1109 1110
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 276fcc66d8..d679e3242f 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_methods.c,v 1.12 2020/02/06 16:05:58 jsing Exp $ */ 1/* $OpenBSD: ssl_methods.c,v 1.13 2020/07/07 19:24:23 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -421,7 +421,39 @@ TLSv1_2_client_method(void)
421 421
422static const SSL_METHOD *tls1_get_method(int ver); 422static const SSL_METHOD *tls1_get_method(int ver);
423 423
424#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
424static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 425static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
426 .version = TLS1_3_VERSION,
427 .min_version = TLS1_VERSION,
428 .max_version = TLS1_3_VERSION,
429 .ssl_new = tls1_new,
430 .ssl_clear = tls1_clear,
431 .ssl_free = tls1_free,
432 .ssl_accept = tls13_legacy_accept,
433 .ssl_connect = tls13_legacy_connect,
434 .ssl_shutdown = tls13_legacy_shutdown,
435 .get_ssl_method = tls1_get_client_method,
436 .get_timeout = tls1_default_timeout,
437 .ssl_version = ssl_undefined_void_function,
438 .ssl_renegotiate = ssl_undefined_function,
439 .ssl_renegotiate_check = ssl_ok,
440 .ssl_pending = tls13_legacy_pending,
441 .ssl_read_bytes = tls13_legacy_read_bytes,
442 .ssl_write_bytes = tls13_legacy_write_bytes,
443 .ssl3_enc = &TLSv1_3_enc_data,
444};
445
446static const SSL_METHOD TLS_method_data = {
447 .ssl_dispatch_alert = ssl3_dispatch_alert,
448 .num_ciphers = ssl3_num_ciphers,
449 .get_cipher = ssl3_get_cipher,
450 .get_cipher_by_char = ssl3_get_cipher_by_char,
451 .put_cipher_by_char = ssl3_put_cipher_by_char,
452 .internal = &TLS_method_internal_data,
453};
454#endif
455
456static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = {
425 .version = TLS1_2_VERSION, 457 .version = TLS1_2_VERSION,
426 .min_version = TLS1_VERSION, 458 .min_version = TLS1_VERSION,
427 .max_version = TLS1_2_VERSION, 459 .max_version = TLS1_2_VERSION,
@@ -442,13 +474,13 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
442 .ssl3_enc = &TLSv1_2_enc_data, 474 .ssl3_enc = &TLSv1_2_enc_data,
443}; 475};
444 476
445static const SSL_METHOD TLS_method_data = { 477static const SSL_METHOD TLS_legacy_method_data = {
446 .ssl_dispatch_alert = ssl3_dispatch_alert, 478 .ssl_dispatch_alert = ssl3_dispatch_alert,
447 .num_ciphers = ssl3_num_ciphers, 479 .num_ciphers = ssl3_num_ciphers,
448 .get_cipher = ssl3_get_cipher, 480 .get_cipher = ssl3_get_cipher,
449 .get_cipher_by_char = ssl3_get_cipher_by_char, 481 .get_cipher_by_char = ssl3_get_cipher_by_char,
450 .put_cipher_by_char = ssl3_put_cipher_by_char, 482 .put_cipher_by_char = ssl3_put_cipher_by_char,
451 .internal = &TLS_method_internal_data, 483 .internal = &TLS_legacy_method_internal_data,
452}; 484};
453 485
454static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 486static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
@@ -544,6 +576,10 @@ static const SSL_METHOD TLSv1_2_method_data = {
544static const SSL_METHOD * 576static const SSL_METHOD *
545tls1_get_method(int ver) 577tls1_get_method(int ver)
546{ 578{
579#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
580 if (ver == TLS1_3_VERSION)
581 return (TLS_method());
582#endif
547 if (ver == TLS1_2_VERSION) 583 if (ver == TLS1_2_VERSION)
548 return (TLSv1_2_method()); 584 return (TLSv1_2_method());
549 if (ver == TLS1_1_VERSION) 585 if (ver == TLS1_1_VERSION)
@@ -562,7 +598,17 @@ SSLv23_method(void)
562const SSL_METHOD * 598const SSL_METHOD *
563TLS_method(void) 599TLS_method(void)
564{ 600{
565 return &TLS_method_data; 601#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
602 return (&TLS_method_data);
603#else
604 return tls_legacy_method();
605#endif
606}
607
608const SSL_METHOD *
609tls_legacy_method(void)
610{
611 return (&TLS_legacy_method_data);
566} 612}
567 613
568const SSL_METHOD * 614const SSL_METHOD *
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 06:29:53 +0000