summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libssl/ssl_locl.h4
-rw-r--r--lib/libssl/ssl_methods.c48
-rw-r--r--lib/libssl/tls13_internal.h3
3 files changed, 50 insertions, 5 deletions
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index 65429a39253..67a2e04784d 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.235 2019/02/10 13:04:29 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.236 2019/02/14 17:50:07 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1065,6 +1065,8 @@ uint16_t ssl_max_server_version(SSL *s);
int ssl_cipher_is_permitted(const SSL_CIPHER *cipher, uint16_t min_ver,
uint16_t max_ver);
+const SSL_METHOD *tls_legacy_client_method(void);
+
const SSL_METHOD *dtls1_get_client_method(int ver);
const SSL_METHOD *dtls1_get_server_method(int ver);
const SSL_METHOD *tls1_get_client_method(int ver);
diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c
index 3e9f18bc40e..636fed92a06 100644
--- a/lib/libssl/ssl_methods.c
+++ b/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.1 2018/11/05 05:45:15 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.2 2019/02/14 17:50:07 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -57,6 +57,7 @@
*/
#include "ssl_locl.h"
+#include "tls13_internal.h"
static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
.version = DTLS1_VERSION,
@@ -189,7 +190,38 @@ dtls1_get_server_method(int ver)
return (NULL);
}
+#ifdef LIBRESSL_HAS_TLS13
static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
+ .version = TLS1_3_VERSION,
+ .min_version = TLS1_VERSION,
+ .max_version = TLS1_3_VERSION,
+ .ssl_new = tls1_new,
+ .ssl_clear = tls1_clear,
+ .ssl_free = tls1_free,
+ .ssl_accept = ssl_undefined_function,
+ .ssl_connect = tls13_legacy_connect,
+ .get_ssl_method = tls1_get_client_method,
+ .get_timeout = tls1_default_timeout,
+ .ssl_version = ssl_undefined_void_function,
+ .ssl_renegotiate = ssl_undefined_function,
+ .ssl_renegotiate_check = ssl_ok,
+ .ssl_get_message = ssl3_get_message,
+ .ssl_read_bytes = tls13_legacy_read_bytes,
+ .ssl_write_bytes = tls13_legacy_write_bytes,
+ .ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLS_client_method_data = {
+ .ssl_dispatch_alert = ssl3_dispatch_alert,
+ .num_ciphers = ssl3_num_ciphers,
+ .get_cipher = ssl3_get_cipher,
+ .get_cipher_by_char = ssl3_get_cipher_by_char,
+ .put_cipher_by_char = ssl3_put_cipher_by_char,
+ .internal = &TLS_client_method_internal_data,
+};
+#endif
+
+static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
.version = TLS1_2_VERSION,
.min_version = TLS1_VERSION,
.max_version = TLS1_2_VERSION,
@@ -209,13 +241,13 @@ static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
.ssl3_enc = &TLSv1_2_enc_data,
};
-static const SSL_METHOD TLS_client_method_data = {
+static const SSL_METHOD TLS_legacy_client_method_data = {
.ssl_dispatch_alert = ssl3_dispatch_alert,
.num_ciphers = ssl3_num_ciphers,
.get_cipher = ssl3_get_cipher,
.get_cipher_by_char = ssl3_get_cipher_by_char,
.put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLS_client_method_internal_data,
+ .internal = &TLS_legacy_client_method_internal_data,
};
static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
@@ -326,7 +358,17 @@ SSLv23_client_method(void)
const SSL_METHOD *
TLS_client_method(void)
{
+#ifdef LIBRESSL_HAS_TLS13
return (&TLS_client_method_data);
+#else
+ return tls_legacy_client_method();
+#endif
+}
+
+const SSL_METHOD *
+tls_legacy_client_method(void)
+{
+ return (&TLS_legacy_client_method_data);
}
const SSL_METHOD *
diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h
index 0637b34ff73..2d23e6609bd 100644
--- a/lib/libssl/tls13_internal.h
+++ b/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.17 2019/02/09 15:20:05 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.18 2019/02/14 17:50:07 jsing Exp $ */
/*
* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -171,6 +171,7 @@ const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
/*
* Legacy interfaces.
*/
+int tls13_legacy_connect(SSL *ssl);
int tls13_legacy_return_code(SSL *ssl, ssize_t ret);
ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);