2 files changed, 159 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index ec9544acc5..e7ff6cec2a 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.181 2021/02/20 08:11:57 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.182 2021/02/20 08:33:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1528,6 +1528,12 @@ const SSL_METHOD *DTLSv1_method(void);		/* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_server_method(void);   /* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_client_method(void);   /* DTLSv1.0 */
+#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL)
+const SSL_METHOD *DTLSv1_2_method(void);        /* DTLSv1.2 */
+const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */
+const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */
+#endif
 const SSL_METHOD *DTLS_method(void);            /* DTLS v1.0 or later */
 const SSL_METHOD *DTLS_server_method(void);     /* DTLS v1.0 or later */
 const SSL_METHOD *DTLS_client_method(void);     /* DTLS v1.0 or later */
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index ea67403d5d..ae532ba16d 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.21 2020/12/01 07:46:02 tb Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.22 2021/02/20 08:33:17 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -59,6 +59,66 @@
 #include "ssl_locl.h"
 #include "tls13_internal.h"
+#ifdef LIBRESSL_HAS_DTLS1_2
+static const SSL_METHOD_INTERNAL DTLS_method_internal_data = {
+        .dtls = 1,
+        .server = 1,
+        .version = DTLS1_2_VERSION,
+        .min_version = DTLS1_VERSION,
+        .max_version = DTLS1_2_VERSION,
+        .ssl_new = dtls1_new,
+        .ssl_clear = dtls1_clear,
+        .ssl_free = dtls1_free,
+        .ssl_accept = ssl3_accept,
+        .ssl_connect = ssl3_connect,
+        .ssl_shutdown = ssl3_shutdown,
+        .ssl_renegotiate = ssl3_renegotiate,
+        .ssl_renegotiate_check = ssl3_renegotiate_check,
+        .ssl_pending = ssl3_pending,
+        .ssl_read_bytes = dtls1_read_bytes,
+        .ssl_write_bytes = dtls1_write_app_data_bytes,
+        .enc_flags = TLSV1_2_ENC_FLAGS,
+};
+static const SSL_METHOD DTLS_method_data = {
+        .ssl_dispatch_alert = dtls1_dispatch_alert,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = dtls1_get_cipher,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .internal = &DTLS_method_internal_data,
+};
+static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = {
+        .dtls = 1,
+        .server = 0,
+        .version = DTLS1_2_VERSION,
+        .min_version = DTLS1_VERSION,
+        .max_version = DTLS1_2_VERSION,
+        .ssl_new = dtls1_new,
+        .ssl_clear = dtls1_clear,
+        .ssl_free = dtls1_free,
+        .ssl_accept = ssl_undefined_function,
+        .ssl_connect = ssl3_connect,
+        .ssl_shutdown = ssl3_shutdown,
+        .ssl_renegotiate = ssl3_renegotiate,
+        .ssl_renegotiate_check = ssl3_renegotiate_check,
+        .ssl_pending = ssl3_pending,
+        .ssl_read_bytes = dtls1_read_bytes,
+        .ssl_write_bytes = dtls1_write_app_data_bytes,
+        .enc_flags = TLSV1_2_ENC_FLAGS,
+};
+static const SSL_METHOD DTLS_client_method_data = {
+        .ssl_dispatch_alert = dtls1_dispatch_alert,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = dtls1_get_cipher,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .internal = &DTLS_client_method_internal_data,
+};
+#endif
 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
        .dtls = 1,
        .server = 1,
@@ -117,6 +177,64 @@ static const SSL_METHOD DTLSv1_client_method_data = {
        .internal = &DTLSv1_client_method_internal_data,
 };
+static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = {
+        .dtls = 1,
+        .server = 1,
+        .version = DTLS1_2_VERSION,
+        .min_version = DTLS1_2_VERSION,
+        .max_version = DTLS1_2_VERSION,
+        .ssl_new = dtls1_new,
+        .ssl_clear = dtls1_clear,
+        .ssl_free = dtls1_free,
+        .ssl_accept = ssl3_accept,
+        .ssl_connect = ssl3_connect,
+        .ssl_shutdown = ssl3_shutdown,
+        .ssl_renegotiate = ssl3_renegotiate,
+        .ssl_renegotiate_check = ssl3_renegotiate_check,
+        .ssl_pending = ssl3_pending,
+        .ssl_read_bytes = dtls1_read_bytes,
+        .ssl_write_bytes = dtls1_write_app_data_bytes,
+        .enc_flags = TLSV1_2_ENC_FLAGS,
+};
+static const SSL_METHOD DTLSv1_2_method_data = {
+        .ssl_dispatch_alert = dtls1_dispatch_alert,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = dtls1_get_cipher,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .internal = &DTLSv1_2_method_internal_data,
+};
+static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = {
+        .dtls = 1,
+        .server = 0,
+        .version = DTLS1_2_VERSION,
+        .min_version = DTLS1_2_VERSION,
+        .max_version = DTLS1_2_VERSION,
+        .ssl_new = dtls1_new,
+        .ssl_clear = dtls1_clear,
+        .ssl_free = dtls1_free,
+        .ssl_accept = ssl_undefined_function,
+        .ssl_connect = ssl3_connect,
+        .ssl_shutdown = ssl3_shutdown,
+        .ssl_renegotiate = ssl3_renegotiate,
+        .ssl_renegotiate_check = ssl3_renegotiate_check,
+        .ssl_pending = ssl3_pending,
+        .ssl_read_bytes = dtls1_read_bytes,
+        .ssl_write_bytes = dtls1_write_app_data_bytes,
+        .enc_flags = TLSV1_2_ENC_FLAGS,
+};
+static const SSL_METHOD DTLSv1_2_client_method_data = {
+        .ssl_dispatch_alert = dtls1_dispatch_alert,
+        .num_ciphers = ssl3_num_ciphers,
+        .get_cipher = dtls1_get_cipher,
+        .get_cipher_by_char = ssl3_get_cipher_by_char,
+        .put_cipher_by_char = ssl3_put_cipher_by_char,
+        .internal = &DTLSv1_2_client_method_internal_data,
+};
 const SSL_METHOD *
 DTLSv1_client_method(void)
 {
@@ -136,21 +254,51 @@ DTLSv1_server_method(void)
 }
 const SSL_METHOD *
+DTLSv1_2_client_method(void)
+{
+        return &DTLSv1_2_client_method_data;
+}
+const SSL_METHOD *
+DTLSv1_2_method(void)
+{
+        return &DTLSv1_2_method_data;
+}
+const SSL_METHOD *
+DTLSv1_2_server_method(void)
+{
+        return &DTLSv1_2_method_data;
+}
+const SSL_METHOD *
 DTLS_client_method(void)
 {
+#ifdef LIBRESSL_HAS_DTLS1_2
+        return &DTLS_client_method_data;
+#else
        return DTLSv1_client_method();
+#endif
 }
 const SSL_METHOD *
 DTLS_method(void)
 {
+#ifdef LIBRESSL_HAS_DTLS1_2
+        return &DTLS_method_data;
+#else
        return DTLSv1_method();
+#endif
 }
 const SSL_METHOD *
 DTLS_server_method(void)
 {
-        return DTLSv1_method();
+#ifdef LIBRESSL_HAS_DTLS1_2
+        return &DTLS_method_data;
+#else
+        return DTLSv1_server_method();
+#endif
 }
 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -566,6 +714,8 @@ ssl_get_method(uint16_t version)
                return (TLSv1_method());
        if (version == DTLS1_VERSION)
                return (DTLSv1_method());
+        if (version == DTLS1_2_VERSION)
+                return (DTLSv1_2_method());
        return (NULL);
 }

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index ec9544acc5..e7ff6cec2a 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.181 2021/02/20 08:11:57 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.182 2021/02/20 08:33:17 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1528,6 +1528,12 @@ const SSL_METHOD DTLSv1_method(void); / DTLSv1.0 */
1528	const SSL_METHOD DTLSv1_server_method(void); / DTLSv1.0 */	1528	const SSL_METHOD DTLSv1_server_method(void); / DTLSv1.0 */
1529	const SSL_METHOD DTLSv1_client_method(void); / DTLSv1.0 */	1529	const SSL_METHOD DTLSv1_client_method(void); / DTLSv1.0 */
1530		1530
		1531	#if defined(LIBRESSL_HAS_DTLS1_2) \|\| defined(LIBRESSL_INTERNAL)
		1532	const SSL_METHOD DTLSv1_2_method(void); / DTLSv1.2 */
		1533	const SSL_METHOD DTLSv1_2_server_method(void); / DTLSv1.2 */
		1534	const SSL_METHOD DTLSv1_2_client_method(void); / DTLSv1.2 */
		1535	#endif
		1536
1531	const SSL_METHOD DTLS_method(void); / DTLS v1.0 or later */	1537	const SSL_METHOD DTLS_method(void); / DTLS v1.0 or later */
1532	const SSL_METHOD DTLS_server_method(void); / DTLS v1.0 or later */	1538	const SSL_METHOD DTLS_server_method(void); / DTLS v1.0 or later */
1533	const SSL_METHOD DTLS_client_method(void); / DTLS v1.0 or later */	1539	const SSL_METHOD DTLS_client_method(void); / DTLS v1.0 or later */


diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index ea67403d5d..ae532ba16d 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_methods.c,v 1.21 2020/12/01 07:46:02 tb Exp $ */	1	/* $OpenBSD: ssl_methods.c,v 1.22 2021/02/20 08:33:17 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -59,6 +59,66 @@
59	#include "ssl_locl.h"	59	#include "ssl_locl.h"
60	#include "tls13_internal.h"	60	#include "tls13_internal.h"
61		61
		62	#ifdef LIBRESSL_HAS_DTLS1_2
		63	static const SSL_METHOD_INTERNAL DTLS_method_internal_data = {
		64	.dtls = 1,
		65	.server = 1,
		66	.version = DTLS1_2_VERSION,
		67	.min_version = DTLS1_VERSION,
		68	.max_version = DTLS1_2_VERSION,
		69	.ssl_new = dtls1_new,
		70	.ssl_clear = dtls1_clear,
		71	.ssl_free = dtls1_free,
		72	.ssl_accept = ssl3_accept,
		73	.ssl_connect = ssl3_connect,
		74	.ssl_shutdown = ssl3_shutdown,
		75	.ssl_renegotiate = ssl3_renegotiate,
		76	.ssl_renegotiate_check = ssl3_renegotiate_check,
		77	.ssl_pending = ssl3_pending,
		78	.ssl_read_bytes = dtls1_read_bytes,
		79	.ssl_write_bytes = dtls1_write_app_data_bytes,
		80	.enc_flags = TLSV1_2_ENC_FLAGS,
		81	};
		82
		83	static const SSL_METHOD DTLS_method_data = {
		84	.ssl_dispatch_alert = dtls1_dispatch_alert,
		85	.num_ciphers = ssl3_num_ciphers,
		86	.get_cipher = dtls1_get_cipher,
		87	.get_cipher_by_char = ssl3_get_cipher_by_char,
		88	.put_cipher_by_char = ssl3_put_cipher_by_char,
		89	.internal = &DTLS_method_internal_data,
		90	};
		91
		92	static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = {
		93	.dtls = 1,
		94	.server = 0,
		95	.version = DTLS1_2_VERSION,
		96	.min_version = DTLS1_VERSION,
		97	.max_version = DTLS1_2_VERSION,
		98	.ssl_new = dtls1_new,
		99	.ssl_clear = dtls1_clear,
		100	.ssl_free = dtls1_free,
		101	.ssl_accept = ssl_undefined_function,
		102	.ssl_connect = ssl3_connect,
		103	.ssl_shutdown = ssl3_shutdown,
		104	.ssl_renegotiate = ssl3_renegotiate,
		105	.ssl_renegotiate_check = ssl3_renegotiate_check,
		106	.ssl_pending = ssl3_pending,
		107	.ssl_read_bytes = dtls1_read_bytes,
		108	.ssl_write_bytes = dtls1_write_app_data_bytes,
		109	.enc_flags = TLSV1_2_ENC_FLAGS,
		110	};
		111
		112	static const SSL_METHOD DTLS_client_method_data = {
		113	.ssl_dispatch_alert = dtls1_dispatch_alert,
		114	.num_ciphers = ssl3_num_ciphers,
		115	.get_cipher = dtls1_get_cipher,
		116	.get_cipher_by_char = ssl3_get_cipher_by_char,
		117	.put_cipher_by_char = ssl3_put_cipher_by_char,
		118	.internal = &DTLS_client_method_internal_data,
		119	};
		120	#endif
		121
62	static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {	122	static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
63	.dtls = 1,	123	.dtls = 1,
64	.server = 1,	124	.server = 1,
@@ -117,6 +177,64 @@ static const SSL_METHOD DTLSv1_client_method_data = {
117	.internal = &DTLSv1_client_method_internal_data,	177	.internal = &DTLSv1_client_method_internal_data,
118	};	178	};
119		179
		180	static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = {
		181	.dtls = 1,
		182	.server = 1,
		183	.version = DTLS1_2_VERSION,
		184	.min_version = DTLS1_2_VERSION,
		185	.max_version = DTLS1_2_VERSION,
		186	.ssl_new = dtls1_new,
		187	.ssl_clear = dtls1_clear,
		188	.ssl_free = dtls1_free,
		189	.ssl_accept = ssl3_accept,
		190	.ssl_connect = ssl3_connect,
		191	.ssl_shutdown = ssl3_shutdown,
		192	.ssl_renegotiate = ssl3_renegotiate,
		193	.ssl_renegotiate_check = ssl3_renegotiate_check,
		194	.ssl_pending = ssl3_pending,
		195	.ssl_read_bytes = dtls1_read_bytes,
		196	.ssl_write_bytes = dtls1_write_app_data_bytes,
		197	.enc_flags = TLSV1_2_ENC_FLAGS,
		198	};
		199
		200	static const SSL_METHOD DTLSv1_2_method_data = {
		201	.ssl_dispatch_alert = dtls1_dispatch_alert,
		202	.num_ciphers = ssl3_num_ciphers,
		203	.get_cipher = dtls1_get_cipher,
		204	.get_cipher_by_char = ssl3_get_cipher_by_char,
		205	.put_cipher_by_char = ssl3_put_cipher_by_char,
		206	.internal = &DTLSv1_2_method_internal_data,
		207	};
		208
		209	static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = {
		210	.dtls = 1,
		211	.server = 0,
		212	.version = DTLS1_2_VERSION,
		213	.min_version = DTLS1_2_VERSION,
		214	.max_version = DTLS1_2_VERSION,
		215	.ssl_new = dtls1_new,
		216	.ssl_clear = dtls1_clear,
		217	.ssl_free = dtls1_free,
		218	.ssl_accept = ssl_undefined_function,
		219	.ssl_connect = ssl3_connect,
		220	.ssl_shutdown = ssl3_shutdown,
		221	.ssl_renegotiate = ssl3_renegotiate,
		222	.ssl_renegotiate_check = ssl3_renegotiate_check,
		223	.ssl_pending = ssl3_pending,
		224	.ssl_read_bytes = dtls1_read_bytes,
		225	.ssl_write_bytes = dtls1_write_app_data_bytes,
		226	.enc_flags = TLSV1_2_ENC_FLAGS,
		227	};
		228
		229	static const SSL_METHOD DTLSv1_2_client_method_data = {
		230	.ssl_dispatch_alert = dtls1_dispatch_alert,
		231	.num_ciphers = ssl3_num_ciphers,
		232	.get_cipher = dtls1_get_cipher,
		233	.get_cipher_by_char = ssl3_get_cipher_by_char,
		234	.put_cipher_by_char = ssl3_put_cipher_by_char,
		235	.internal = &DTLSv1_2_client_method_internal_data,
		236	};
		237
120	const SSL_METHOD *	238	const SSL_METHOD *
121	DTLSv1_client_method(void)	239	DTLSv1_client_method(void)
122	{	240	{
@@ -136,21 +254,51 @@ DTLSv1_server_method(void)
136	}	254	}
137		255
138	const SSL_METHOD *	256	const SSL_METHOD *
		257	DTLSv1_2_client_method(void)
		258	{
		259	return &DTLSv1_2_client_method_data;
		260	}
		261
		262	const SSL_METHOD *
		263	DTLSv1_2_method(void)
		264	{
		265	return &DTLSv1_2_method_data;
		266	}
		267
		268	const SSL_METHOD *
		269	DTLSv1_2_server_method(void)
		270	{
		271	return &DTLSv1_2_method_data;
		272	}
		273
		274	const SSL_METHOD *
139	DTLS_client_method(void)	275	DTLS_client_method(void)
140	{	276	{
		277	#ifdef LIBRESSL_HAS_DTLS1_2
		278	return &DTLS_client_method_data;
		279	#else
141	return DTLSv1_client_method();	280	return DTLSv1_client_method();
		281	#endif
142	}	282	}
143		283
144	const SSL_METHOD *	284	const SSL_METHOD *
145	DTLS_method(void)	285	DTLS_method(void)
146	{	286	{
		287	#ifdef LIBRESSL_HAS_DTLS1_2
		288	return &DTLS_method_data;
		289	#else
147	return DTLSv1_method();	290	return DTLSv1_method();
		291	#endif
148	}	292	}
149		293
150	const SSL_METHOD *	294	const SSL_METHOD *
151	DTLS_server_method(void)	295	DTLS_server_method(void)
152	{	296	{
153	return DTLSv1_method();	297	#ifdef LIBRESSL_HAS_DTLS1_2
		298	return &DTLS_method_data;
		299	#else
		300	return DTLSv1_server_method();
		301	#endif
154	}	302	}
155		303
156	#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)	304	#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -566,6 +714,8 @@ ssl_get_method(uint16_t version)
566	return (TLSv1_method());	714	return (TLSv1_method());
567	if (version == DTLS1_VERSION)	715	if (version == DTLS1_VERSION)
568	return (DTLSv1_method());	716	return (DTLSv1_method());
		717	if (version == DTLS1_2_VERSION)
		718	return (DTLSv1_2_method());
569		719
570	return (NULL);	720	return (NULL);
571	}	721	}