diff options
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 106 |
1 files changed, 4 insertions, 102 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 5bd7681f19..79318d9313 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.53 2020/04/28 20:30:40 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.54 2020/04/28 20:37:22 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -24,7 +24,7 @@ | |||
| 24 | #include "tls13_handshake.h" | 24 | #include "tls13_handshake.h" |
| 25 | #include "tls13_internal.h" | 25 | #include "tls13_internal.h" |
| 26 | 26 | ||
| 27 | static int | 27 | int |
| 28 | tls13_client_init(struct tls13_ctx *ctx) | 28 | tls13_client_init(struct tls13_ctx *ctx) |
| 29 | { | 29 | { |
| 30 | const uint16_t *groups; | 30 | const uint16_t *groups; |
| @@ -71,8 +71,8 @@ tls13_client_init(struct tls13_ctx *ctx) | |||
| 71 | return 1; | 71 | return 1; |
| 72 | } | 72 | } |
| 73 | 73 | ||
| 74 | static int | 74 | int |
| 75 | tls13_connect(struct tls13_ctx *ctx) | 75 | tls13_client_connect(struct tls13_ctx *ctx) |
| 76 | { | 76 | { |
| 77 | if (ctx->mode != TLS13_HS_CLIENT) | 77 | if (ctx->mode != TLS13_HS_CLIENT) |
| 78 | return TLS13_IO_FAILURE; | 78 | return TLS13_IO_FAILURE; |
| @@ -80,104 +80,6 @@ tls13_connect(struct tls13_ctx *ctx) | |||
| 80 | return tls13_handshake_perform(ctx); | 80 | return tls13_handshake_perform(ctx); |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | int | ||
| 84 | tls13_legacy_connect(SSL *ssl) | ||
| 85 | { | ||
| 86 | struct tls13_ctx *ctx = ssl->internal->tls13; | ||
| 87 | int ret; | ||
| 88 | |||
| 89 | #ifdef TLS13_USE_LEGACY_CLIENT_AUTH | ||
| 90 | /* XXX drop back to legacy for client auth for now */ | ||
| 91 | if (ssl->cert->key->privatekey != NULL) { | ||
| 92 | ssl->method = tls_legacy_client_method(); | ||
| 93 | return ssl->method->internal->ssl_connect(ssl); | ||
| 94 | } | ||
| 95 | #endif | ||
| 96 | |||
| 97 | if (ctx == NULL) { | ||
| 98 | if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) { | ||
| 99 | SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ | ||
| 100 | return -1; | ||
| 101 | } | ||
| 102 | ssl->internal->tls13 = ctx; | ||
| 103 | ctx->ssl = ssl; | ||
| 104 | ctx->hs = &S3I(ssl)->hs_tls13; | ||
| 105 | |||
| 106 | if (!tls13_client_init(ctx)) { | ||
| 107 | if (ERR_peek_error() == 0) | ||
| 108 | SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ | ||
| 109 | return -1; | ||
| 110 | } | ||
| 111 | } | ||
| 112 | |||
| 113 | ERR_clear_error(); | ||
| 114 | S3I(ssl)->hs.state = SSL_ST_CONNECT; | ||
| 115 | |||
| 116 | ret = tls13_connect(ctx); | ||
| 117 | if (ret == TLS13_IO_USE_LEGACY) | ||
| 118 | return ssl->method->internal->ssl_connect(ssl); | ||
| 119 | if (ret == TLS13_IO_SUCCESS) | ||
| 120 | S3I(ssl)->hs.state = SSL_ST_OK; | ||
| 121 | |||
| 122 | return tls13_legacy_return_code(ssl, ret); | ||
| 123 | } | ||
| 124 | |||
| 125 | int | ||
| 126 | tls13_use_legacy_client(struct tls13_ctx *ctx) | ||
| 127 | { | ||
| 128 | SSL *s = ctx->ssl; | ||
| 129 | CBS cbs; | ||
| 130 | |||
| 131 | s->method = tls_legacy_client_method(); | ||
| 132 | s->internal->handshake_func = s->method->internal->ssl_connect; | ||
| 133 | s->client_version = s->version = s->method->internal->max_version; | ||
| 134 | |||
| 135 | if (!ssl3_setup_init_buffer(s)) | ||
| 136 | goto err; | ||
| 137 | if (!ssl3_setup_buffers(s)) | ||
| 138 | goto err; | ||
| 139 | if (!ssl_init_wbio_buffer(s, 0)) | ||
| 140 | goto err; | ||
| 141 | |||
| 142 | if (s->bbio != s->wbio) | ||
| 143 | s->wbio = BIO_push(s->bbio, s->wbio); | ||
| 144 | |||
| 145 | /* Stash any unprocessed data from the last record. */ | ||
| 146 | tls13_record_layer_rbuf(ctx->rl, &cbs); | ||
| 147 | if (CBS_len(&cbs) > 0) { | ||
| 148 | if (!CBS_write_bytes(&cbs, | ||
| 149 | S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH, | ||
| 150 | S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL)) | ||
| 151 | goto err; | ||
| 152 | |||
| 153 | S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH; | ||
| 154 | S3I(s)->rbuf.left = CBS_len(&cbs); | ||
| 155 | S3I(s)->rrec.type = SSL3_RT_HANDSHAKE; | ||
| 156 | S3I(s)->rrec.length = CBS_len(&cbs); | ||
| 157 | s->internal->rstate = SSL_ST_READ_BODY; | ||
| 158 | s->internal->packet = S3I(s)->rbuf.buf; | ||
| 159 | s->internal->packet_length = SSL3_RT_HEADER_LENGTH; | ||
| 160 | s->internal->mac_packet = 1; | ||
| 161 | } | ||
| 162 | |||
| 163 | /* Stash the current handshake message. */ | ||
| 164 | tls13_handshake_msg_data(ctx->hs_msg, &cbs); | ||
| 165 | if (!CBS_write_bytes(&cbs, s->internal->init_buf->data, | ||
| 166 | s->internal->init_buf->length, NULL)) | ||
| 167 | goto err; | ||
| 168 | |||
| 169 | S3I(s)->tmp.reuse_message = 1; | ||
| 170 | S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg); | ||
| 171 | S3I(s)->tmp.message_size = CBS_len(&cbs); | ||
| 172 | |||
| 173 | S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; | ||
| 174 | |||
| 175 | return 1; | ||
| 176 | |||
| 177 | err: | ||
| 178 | return 0; | ||
| 179 | } | ||
| 180 | |||
| 181 | static int | 83 | static int |
| 182 | tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) | 84 | tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) |
| 183 | { | 85 | { |