1 files changed, 45 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 8e544f6e93..30838f7407 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.7 2020/01/22 02:34:39 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.8 2020/01/22 15:47:22 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -579,7 +579,39 @@ TLSv1_2_method(void)
        return (&TLSv1_2_method_data);
 }
+#ifdef LIBRESSL_HAS_TLS1_3_SERVER
 static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
+        .version = TLS1_3_VERSION,
+        .min_version = TLS1_VERSION,
+        .max_version = TLS1_3_VERSION,
+        .ssl_new = tls1_new,
+        .ssl_clear = tls1_clear,
+        .ssl_free = tls1_free,
+        .ssl_accept = tls13_legacy_accept,
+        .ssl_connect = ssl_undefined_function,
+        .ssl_shutdown = tls13_legacy_shutdown,
+        .get_ssl_method = tls1_get_server_method,
+        .get_timeout = tls1_default_timeout,
+        .ssl_version = ssl_undefined_void_function,
+        .ssl_renegotiate = ssl_undefined_function,
+        .ssl_renegotiate_check = ssl_ok,
+        .ssl_get_message = ssl3_get_message,
+        .ssl_read_bytes = tls13_legacy_read_bytes,
+        .ssl_write_bytes = tls13_legacy_write_bytes,
+        .ssl3_enc = &TLSv1_2_enc_data,
+};
+static const SSL_METHOD TLS_server_method_data = {
+        .ssl_dispatch_alert = ssl3_dispatch_alert,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = ssl3_get_cipher,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .internal = &TLS_server_method_internal_data,
+};
+#endif
+static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
        .version = TLS1_2_VERSION,
        .min_version = TLS1_VERSION,
        .max_version = TLS1_2_VERSION,
@@ -600,13 +632,13 @@ static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
        .ssl3_enc = &TLSv1_2_enc_data,
 };
-static const SSL_METHOD TLS_server_method_data = {
+static const SSL_METHOD TLS_legacy_server_method_data = {
        .ssl_dispatch_alert = ssl3_dispatch_alert,
        .num_ciphers = ssl3_num_ciphers,
        .get_cipher = ssl3_get_cipher,
        .get_cipher_by_char = ssl3_get_cipher_by_char,
        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLS_server_method_internal_data,
+        .internal = &TLS_legacy_server_method_internal_data,
 };
 static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
@@ -720,7 +752,17 @@ SSLv23_server_method(void)
 const SSL_METHOD *
 TLS_server_method(void)
 {
+#ifdef LIBRESSL_HAS_TLS1_3_SERVER
        return (&TLS_server_method_data);
+#else
+        return tls_legacy_server_method();
+#endif
+}
+const SSL_METHOD *
+tls_legacy_server_method(void)
+{
+        return (&TLS_legacy_server_method_data);
 }
 const SSL_METHOD *

diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index 8e544f6e93..30838f7407 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_methods.c,v 1.7 2020/01/22 02:34:39 jsing Exp $ */	1	/* $OpenBSD: ssl_methods.c,v 1.8 2020/01/22 15:47:22 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -579,7 +579,39 @@ TLSv1_2_method(void)
579	return (&TLSv1_2_method_data);	579	return (&TLSv1_2_method_data);
580	}	580	}
581		581
		582	#ifdef LIBRESSL_HAS_TLS1_3_SERVER
582	static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {	583	static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
		584	.version = TLS1_3_VERSION,
		585	.min_version = TLS1_VERSION,
		586	.max_version = TLS1_3_VERSION,
		587	.ssl_new = tls1_new,
		588	.ssl_clear = tls1_clear,
		589	.ssl_free = tls1_free,
		590	.ssl_accept = tls13_legacy_accept,
		591	.ssl_connect = ssl_undefined_function,
		592	.ssl_shutdown = tls13_legacy_shutdown,
		593	.get_ssl_method = tls1_get_server_method,
		594	.get_timeout = tls1_default_timeout,
		595	.ssl_version = ssl_undefined_void_function,
		596	.ssl_renegotiate = ssl_undefined_function,
		597	.ssl_renegotiate_check = ssl_ok,
		598	.ssl_get_message = ssl3_get_message,
		599	.ssl_read_bytes = tls13_legacy_read_bytes,
		600	.ssl_write_bytes = tls13_legacy_write_bytes,
		601	.ssl3_enc = &TLSv1_2_enc_data,
		602	};
		603
		604	static const SSL_METHOD TLS_server_method_data = {
		605	.ssl_dispatch_alert = ssl3_dispatch_alert,
		606	.num_ciphers = ssl3_num_ciphers,
		607	.get_cipher = ssl3_get_cipher,
		608	.get_cipher_by_char = ssl3_get_cipher_by_char,
		609	.put_cipher_by_char = ssl3_put_cipher_by_char,
		610	.internal = &TLS_server_method_internal_data,
		611	};
		612	#endif
		613
		614	static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
583	.version = TLS1_2_VERSION,	615	.version = TLS1_2_VERSION,
584	.min_version = TLS1_VERSION,	616	.min_version = TLS1_VERSION,
585	.max_version = TLS1_2_VERSION,	617	.max_version = TLS1_2_VERSION,
@@ -600,13 +632,13 @@ static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
600	.ssl3_enc = &TLSv1_2_enc_data,	632	.ssl3_enc = &TLSv1_2_enc_data,
601	};	633	};
602		634
603	static const SSL_METHOD TLS_server_method_data = {	635	static const SSL_METHOD TLS_legacy_server_method_data = {
604	.ssl_dispatch_alert = ssl3_dispatch_alert,	636	.ssl_dispatch_alert = ssl3_dispatch_alert,
605	.num_ciphers = ssl3_num_ciphers,	637	.num_ciphers = ssl3_num_ciphers,
606	.get_cipher = ssl3_get_cipher,	638	.get_cipher = ssl3_get_cipher,
607	.get_cipher_by_char = ssl3_get_cipher_by_char,	639	.get_cipher_by_char = ssl3_get_cipher_by_char,
608	.put_cipher_by_char = ssl3_put_cipher_by_char,	640	.put_cipher_by_char = ssl3_put_cipher_by_char,
609	.internal = &TLS_server_method_internal_data,	641	.internal = &TLS_legacy_server_method_internal_data,
610	};	642	};
611		643
612	static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {	644	static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
@@ -720,7 +752,17 @@ SSLv23_server_method(void)
720	const SSL_METHOD *	752	const SSL_METHOD *
721	TLS_server_method(void)	753	TLS_server_method(void)
722	{	754	{
		755	#ifdef LIBRESSL_HAS_TLS1_3_SERVER
723	return (&TLS_server_method_data);	756	return (&TLS_server_method_data);
		757	#else
		758	return tls_legacy_server_method();
		759	#endif
		760	}
		761
		762	const SSL_METHOD *
		763	tls_legacy_server_method(void)
		764	{
		765	return (&TLS_legacy_server_method_data);
724	}	766	}
725		767
726	const SSL_METHOD *	768	const SSL_METHOD *