From 5b46ea706824f271994a8e6eb2da25b4001fd4e7 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 31 Mar 2021 16:59:32 +0000
Subject: Expose various DTLSv1.2 specific functions and defines

ok bcook inoguchi jsing
---
 src/lib/libcrypto/opensslfeatures.h |  1 +
 src/lib/libssl/Symbols.list         |  4 ++++
 src/lib/libssl/dtls1.h              |  4 +---
 src/lib/libssl/ssl.h                | 10 +---------
 src/lib/libssl/ssl_methods.c        | 16 +---------------
 5 files changed, 8 insertions(+), 27 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/opensslfeatures.h b/src/lib/libcrypto/opensslfeatures.h
index 9684276b72..20696d3d91 100644
--- a/src/lib/libcrypto/opensslfeatures.h
+++ b/src/lib/libcrypto/opensslfeatures.h
@@ -4,6 +4,7 @@
  * enabled (or possibly not yet not implemented, or removed!).
  */
 /* #define LIBRESSL_HAS_TLS1_3 */
+/* #define LIBRESSL_HAS_DTLS1_2 */
 
 #define OPENSSL_THREADS
 
diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index 9234cf6e51..15d43f891e 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -13,6 +13,9 @@ DTLS_server_method
 DTLSv1_client_method
 DTLSv1_method
 DTLSv1_server_method
+DTLSv1_2_client_method
+DTLSv1_2_method
+DTLSv1_2_server_method
 SSLv23_client_method
 SSLv23_method
 SSLv23_server_method
@@ -244,6 +247,7 @@ SSL_get_version
 SSL_get_wbio
 SSL_get_wfd
 SSL_has_matching_session_id
+SSL_is_dtls
 SSL_is_server
 SSL_library_init
 SSL_load_client_CA_file
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index b822f659ab..fe8c5864dd 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dtls1.h,v 1.24 2021/02/20 08:11:57 jsing Exp $ */
+/* $OpenBSD: dtls1.h,v 1.25 2021/03/31 16:59:32 tb Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -74,10 +74,8 @@ extern "C" {
 #endif
 
 #define DTLS1_VERSION			0xFEFF
-#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL)
 #define DTLS1_2_VERSION			0xFEFD
 #define DTLS1_VERSION_MAJOR		0xFE
-#endif
 
 /* lengths of messages */
 #define DTLS1_COOKIE_LENGTH                     256
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 5665a09179..5ed2198b38 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.185 2021/03/31 16:55:04 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.186 2021/03/31 16:59:32 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -301,9 +301,7 @@ extern "C" {
 #define SSL_TXT_STREEBOG512		"STREEBOG512"
 
 #define SSL_TXT_DTLS1		"DTLSv1"
-#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL)
 #define SSL_TXT_DTLS1_2		"DTLSv1.2"
-#endif
 #define SSL_TXT_SSLV2		"SSLv2"
 #define SSL_TXT_SSLV3		"SSLv3"
 #define SSL_TXT_TLSV1		"TLSv1"
@@ -523,10 +521,8 @@ struct ssl_session_st {
 #define SSL_OP_NO_TLSv1_3				0x20000000L
 #endif
 
-#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL)
 #define SSL_OP_NO_DTLSv1				0x40000000L
 #define SSL_OP_NO_DTLSv1_2				0x80000000L
-#endif
 
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
 #define SSL_OP_ALL \
@@ -1465,9 +1461,7 @@ void	SSL_free(SSL *ssl);
 int	SSL_up_ref(SSL *ssl);
 int 	SSL_accept(SSL *ssl);
 int 	SSL_connect(SSL *ssl);
-#ifdef LIBRESSL_INTERNAL
 int	SSL_is_dtls(const SSL *s);
-#endif
 int	SSL_is_server(const SSL *s);
 int 	SSL_read(SSL *ssl, void *buf, int num);
 int 	SSL_peek(SSL *ssl, void *buf, int num);
@@ -1527,11 +1521,9 @@ const SSL_METHOD *DTLSv1_method(void);		/* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_server_method(void);	/* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_client_method(void);	/* DTLSv1.0 */
 
-#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL)
 const SSL_METHOD *DTLSv1_2_method(void);	/* DTLSv1.2 */
 const SSL_METHOD *DTLSv1_2_server_method(void);	/* DTLSv1.2 */
 const SSL_METHOD *DTLSv1_2_client_method(void);	/* DTLSv1.2 */
-#endif
 
 const SSL_METHOD *DTLS_method(void);		/* DTLS v1.0 or later */
 const SSL_METHOD *DTLS_server_method(void);	/* DTLS v1.0 or later */
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index 084f533f5e..a3e51ac0d0 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.23 2021/02/25 17:06:05 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.24 2021/03/31 16:59:32 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -59,7 +59,6 @@
 #include "ssl_locl.h"
 #include "tls13_internal.h"
 
-#ifdef LIBRESSL_HAS_DTLS1_2
 static const SSL_METHOD_INTERNAL DTLS_method_internal_data = {
 	.dtls = 1,
 	.server = 1,
@@ -117,7 +116,6 @@ static const SSL_METHOD DTLS_client_method_data = {
 	.put_cipher_by_char = ssl3_put_cipher_by_char,
 	.internal = &DTLS_client_method_internal_data,
 };
-#endif
 
 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
 	.dtls = 1,
@@ -274,31 +272,19 @@ DTLSv1_2_server_method(void)
 const SSL_METHOD *
 DTLS_client_method(void)
 {
-#ifdef LIBRESSL_HAS_DTLS1_2
 	return &DTLS_client_method_data;
-#else
-	return DTLSv1_client_method();
-#endif
 }
 
 const SSL_METHOD *
 DTLS_method(void)
 {
-#ifdef LIBRESSL_HAS_DTLS1_2
 	return &DTLS_method_data;
-#else
-	return DTLSv1_method();
-#endif
 }
 
 const SSL_METHOD *
 DTLS_server_method(void)
 {
-#ifdef LIBRESSL_HAS_DTLS1_2
 	return &DTLS_method_data;
-#else
-	return DTLSv1_server_method();
-#endif
 }
 
 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
-- 
cgit v1.2.3-55-g6feb