diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2019-02-14 17:50:08 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2019-02-14 17:50:08 +0000 |
| commit | 7d0908f37f76db88c5a242b0ae6a8fcc634128a4 (patch) | |
| tree | beee248608221671a283523fa7b5f6a74cf83623 /lib | |
| parent | c9aeb6feb22c65b82cf8eb30b09768b99066ecbb (diff) | |
Provide a TLS 1.3 capable client method.
ok tb@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/ssl_locl.h | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_methods.c | 48 | ||||
| -rw-r--r-- | lib/libssl/tls13_internal.h | 3 |
3 files changed, 50 insertions, 5 deletions
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index 65429a39253..67a2e04784d 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.235 2019/02/10 13:04:29 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.236 2019/02/14 17:50:07 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1065,6 +1065,8 @@ uint16_t ssl_max_server_version(SSL *s); int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver, uint16_t max_ver); +const SSL_METHOD *tls_legacy_client_method(void); + const SSL_METHOD *dtls1_get_client_method(int ver); const SSL_METHOD *dtls1_get_server_method(int ver); const SSL_METHOD *tls1_get_client_method(int ver); diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index 3e9f18bc40e..636fed92a06 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.1 2018/11/05 05:45:15 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.2 2019/02/14 17:50:07 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include "ssl_locl.h" +#include "tls13_internal.h" static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { .version = DTLS1_VERSION, @@ -189,7 +190,38 @@ dtls1_get_server_method(int ver) return (NULL); } +#ifdef LIBRESSL_HAS_TLS13 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { + .version = TLS1_3_VERSION, + .min_version = TLS1_VERSION, + .max_version = TLS1_3_VERSION, + .ssl_new = tls1_new, + .ssl_clear = tls1_clear, + .ssl_free = tls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = tls13_legacy_connect, + .get_ssl_method = tls1_get_client_method, + .get_timeout = tls1_default_timeout, + .ssl_version = ssl_undefined_void_function, + .ssl_renegotiate = ssl_undefined_function, + .ssl_renegotiate_check = ssl_ok, + .ssl_get_message = ssl3_get_message, + .ssl_read_bytes = tls13_legacy_read_bytes, + .ssl_write_bytes = tls13_legacy_write_bytes, + .ssl3_enc = &TLSv1_2_enc_data, +}; + +static const SSL_METHOD TLS_client_method_data = { + .ssl_dispatch_alert = ssl3_dispatch_alert, + .num_ciphers = ssl3_num_ciphers, + .get_cipher = ssl3_get_cipher, + .get_cipher_by_char = ssl3_get_cipher_by_char, + .put_cipher_by_char = ssl3_put_cipher_by_char, + .internal = &TLS_client_method_internal_data, +}; +#endif + +static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { .version = TLS1_2_VERSION, .min_version = TLS1_VERSION, .max_version = TLS1_2_VERSION, @@ -209,13 +241,13 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { .ssl3_enc = &TLSv1_2_enc_data, }; -static const SSL_METHOD TLS_client_method_data = { +static const SSL_METHOD TLS_legacy_client_method_data = { .ssl_dispatch_alert = ssl3_dispatch_alert, .num_ciphers = ssl3_num_ciphers, .get_cipher = ssl3_get_cipher, .get_cipher_by_char = ssl3_get_cipher_by_char, .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_client_method_internal_data, + .internal = &TLS_legacy_client_method_internal_data, }; static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { @@ -326,7 +358,17 @@ SSLv23_client_method(void) const SSL_METHOD * TLS_client_method(void) { +#ifdef LIBRESSL_HAS_TLS13 return (&TLS_client_method_data); +#else + return tls_legacy_client_method(); +#endif +} + +const SSL_METHOD * +tls_legacy_client_method(void) +{ + return (&TLS_legacy_client_method_data); } const SSL_METHOD * diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h index 0637b34ff73..2d23e6609bd 100644 --- a/lib/libssl/tls13_internal.h +++ b/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.17 2019/02/09 15:20:05 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.18 2019/02/14 17:50:07 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -171,6 +171,7 @@ const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher); /* * Legacy interfaces. */ +int tls13_legacy_connect(SSL *ssl); int tls13_legacy_return_code(SSL *ssl, ssize_t ret); ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg); ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg); |