1 files changed, 4 insertions, 95 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 864e434fda..4fa1aba31d 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.33 2020/04/27 20:15:17 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.34 2020/04/28 20:37:22 jsing Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -22,7 +22,7 @@
 #include "tls13_handshake.h"
 #include "tls13_internal.h"
-static int
+int
 tls13_server_init(struct tls13_ctx *ctx)
 {
        SSL *s = ctx->ssl;
@@ -45,8 +45,8 @@ tls13_server_init(struct tls13_ctx *ctx)
        return 1;
 }
-static int
+int
-tls13_accept(struct tls13_ctx *ctx)
+tls13_server_accept(struct tls13_ctx *ctx)
 {
        if (ctx->mode != TLS13_HS_SERVER)
                return TLS13_IO_FAILURE;
@@ -54,97 +54,6 @@ tls13_accept(struct tls13_ctx *ctx)
        return tls13_handshake_perform(ctx);
 }
-int
-tls13_legacy_accept(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->internal->tls13;
-        int ret;
-        if (ctx == NULL) {
-                if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) {
-                        SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-                ssl->internal->tls13 = ctx;
-                ctx->ssl = ssl;
-                ctx->hs = &S3I(ssl)->hs_tls13;
-                if (!tls13_server_init(ctx)) {
-                        if (ERR_peek_error() == 0)
-                                SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-        }
-        ERR_clear_error();
-        S3I(ssl)->hs.state = SSL_ST_ACCEPT;
-        ret = tls13_accept(ctx);
-        if (ret == TLS13_IO_USE_LEGACY)
-                return ssl->method->internal->ssl_accept(ssl);
-        if (ret == TLS13_IO_SUCCESS)
-                S3I(ssl)->hs.state = SSL_ST_OK;
-        return tls13_legacy_return_code(ssl, ret);
-}
-int
-tls13_use_legacy_server(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-        CBS cbs;
-        s->method = tls_legacy_server_method();
-        s->internal->handshake_func = s->method->internal->ssl_accept;
-        s->client_version = s->version = s->method->internal->max_version;
-        s->server = 1;
-        if (!ssl3_setup_init_buffer(s))
-                goto err;
-        if (!ssl3_setup_buffers(s))
-                goto err;
-        if (!ssl_init_wbio_buffer(s, 0))
-                goto err;
-        if (s->bbio != s->wbio)
-                s->wbio = BIO_push(s->bbio, s->wbio);
-        /* Stash any unprocessed data from the last record. */
-        tls13_record_layer_rbuf(ctx->rl, &cbs);
-        if (CBS_len(&cbs) > 0) {
-                if (!CBS_write_bytes(&cbs,
-                    S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH,
-                    S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL))
-                        goto err;
-                S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH;
-                S3I(s)->rbuf.left = CBS_len(&cbs);
-                S3I(s)->rrec.type = SSL3_RT_HANDSHAKE;
-                S3I(s)->rrec.length = CBS_len(&cbs);
-                s->internal->rstate = SSL_ST_READ_BODY;
-                s->internal->packet = S3I(s)->rbuf.buf;
-                s->internal->packet_length = SSL3_RT_HEADER_LENGTH;
-                s->internal->mac_packet = 1;
-        }
-        /* Stash the current handshake message. */
-        tls13_handshake_msg_data(ctx->hs_msg, &cbs);
-        if (!CBS_write_bytes(&cbs, s->internal->init_buf->data,
-            s->internal->init_buf->length, NULL))
-                goto err;
-        S3I(s)->tmp.reuse_message = 1;
-        S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg);
-        S3I(s)->tmp.message_size = CBS_len(&cbs);
-        S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
-        return 1;
- err:
-        return 0;
-}
 static int
 tls13_client_hello_is_legacy(CBS *cbs)
 {

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 864e434fda..4fa1aba31d 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.33 2020/04/27 20:15:17 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.34 2020/04/28 20:37:22 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -22,7 +22,7 @@
22	#include "tls13_handshake.h"	22	#include "tls13_handshake.h"
23	#include "tls13_internal.h"	23	#include "tls13_internal.h"
24		24
25	static int	25	int
26	tls13_server_init(struct tls13_ctx *ctx)	26	tls13_server_init(struct tls13_ctx *ctx)
27	{	27	{
28	SSL *s = ctx->ssl;	28	SSL *s = ctx->ssl;
@@ -45,8 +45,8 @@ tls13_server_init(struct tls13_ctx *ctx)
45	return 1;	45	return 1;
46	}	46	}
47		47
48	static int	48	int
49	tls13_accept(struct tls13_ctx *ctx)	49	tls13_server_accept(struct tls13_ctx *ctx)
50	{	50	{
51	if (ctx->mode != TLS13_HS_SERVER)	51	if (ctx->mode != TLS13_HS_SERVER)
52	return TLS13_IO_FAILURE;	52	return TLS13_IO_FAILURE;
@@ -54,97 +54,6 @@ tls13_accept(struct tls13_ctx *ctx)
54	return tls13_handshake_perform(ctx);	54	return tls13_handshake_perform(ctx);
55	}	55	}
56		56
57	int
58	tls13_legacy_accept(SSL *ssl)
59	{
60	struct tls13_ctx *ctx = ssl->internal->tls13;
61	int ret;
62
63	if (ctx == NULL) {
64	if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) {
65	SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
66	return -1;
67	}
68	ssl->internal->tls13 = ctx;
69	ctx->ssl = ssl;
70	ctx->hs = &S3I(ssl)->hs_tls13;
71
72	if (!tls13_server_init(ctx)) {
73	if (ERR_peek_error() == 0)
74	SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
75	return -1;
76	}
77	}
78
79	ERR_clear_error();
80	S3I(ssl)->hs.state = SSL_ST_ACCEPT;
81
82	ret = tls13_accept(ctx);
83	if (ret == TLS13_IO_USE_LEGACY)
84	return ssl->method->internal->ssl_accept(ssl);
85	if (ret == TLS13_IO_SUCCESS)
86	S3I(ssl)->hs.state = SSL_ST_OK;
87
88	return tls13_legacy_return_code(ssl, ret);
89	}
90
91	int
92	tls13_use_legacy_server(struct tls13_ctx *ctx)
93	{
94	SSL *s = ctx->ssl;
95	CBS cbs;
96
97	s->method = tls_legacy_server_method();
98	s->internal->handshake_func = s->method->internal->ssl_accept;
99	s->client_version = s->version = s->method->internal->max_version;
100	s->server = 1;
101
102	if (!ssl3_setup_init_buffer(s))
103	goto err;
104	if (!ssl3_setup_buffers(s))
105	goto err;
106	if (!ssl_init_wbio_buffer(s, 0))
107	goto err;
108
109	if (s->bbio != s->wbio)
110	s->wbio = BIO_push(s->bbio, s->wbio);
111
112	/* Stash any unprocessed data from the last record. */
113	tls13_record_layer_rbuf(ctx->rl, &cbs);
114	if (CBS_len(&cbs) > 0) {
115	if (!CBS_write_bytes(&cbs,
116	S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH,
117	S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL))
118	goto err;
119
120	S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH;
121	S3I(s)->rbuf.left = CBS_len(&cbs);
122	S3I(s)->rrec.type = SSL3_RT_HANDSHAKE;
123	S3I(s)->rrec.length = CBS_len(&cbs);
124	s->internal->rstate = SSL_ST_READ_BODY;
125	s->internal->packet = S3I(s)->rbuf.buf;
126	s->internal->packet_length = SSL3_RT_HEADER_LENGTH;
127	s->internal->mac_packet = 1;
128	}
129
130	/* Stash the current handshake message. */
131	tls13_handshake_msg_data(ctx->hs_msg, &cbs);
132	if (!CBS_write_bytes(&cbs, s->internal->init_buf->data,
133	s->internal->init_buf->length, NULL))
134	goto err;
135
136	S3I(s)->tmp.reuse_message = 1;
137	S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg);
138	S3I(s)->tmp.message_size = CBS_len(&cbs);
139
140	S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
141
142	return 1;
143
144	err:
145	return 0;
146	}
147
148	static int	57	static int
149	tls13_client_hello_is_legacy(CBS *cbs)	58	tls13_client_hello_is_legacy(CBS *cbs)
150	{	59	{