diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libssl/tls13_client.c | 106 | ||||
-rw-r--r-- | lib/libssl/tls13_internal.h | 9 | ||||
-rw-r--r-- | lib/libssl/tls13_legacy.c | 191 | ||||
-rw-r--r-- | lib/libssl/tls13_server.c | 99 |
4 files changed, 206 insertions, 199 deletions
diff --git a/lib/libssl/tls13_client.c b/lib/libssl/tls13_client.c index 5bd7681f190..79318d93135 100644 --- a/lib/libssl/tls13_client.c +++ b/lib/libssl/tls13_client.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_client.c,v 1.53 2020/04/28 20:30:40 jsing Exp $ */ +/* $OpenBSD: tls13_client.c,v 1.54 2020/04/28 20:37:22 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -24,7 +24,7 @@ #include "tls13_handshake.h" #include "tls13_internal.h" -static int +int tls13_client_init(struct tls13_ctx *ctx) { const uint16_t *groups; @@ -71,8 +71,8 @@ tls13_client_init(struct tls13_ctx *ctx) return 1; } -static int -tls13_connect(struct tls13_ctx *ctx) +int +tls13_client_connect(struct tls13_ctx *ctx) { if (ctx->mode != TLS13_HS_CLIENT) return TLS13_IO_FAILURE; @@ -80,104 +80,6 @@ tls13_connect(struct tls13_ctx *ctx) return tls13_handshake_perform(ctx); } -int -tls13_legacy_connect(SSL *ssl) -{ - struct tls13_ctx *ctx = ssl->internal->tls13; - int ret; - -#ifdef TLS13_USE_LEGACY_CLIENT_AUTH - /* XXX drop back to legacy for client auth for now */ - if (ssl->cert->key->privatekey != NULL) { - ssl->method = tls_legacy_client_method(); - return ssl->method->internal->ssl_connect(ssl); - } -#endif - - if (ctx == NULL) { - if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) { - SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ - return -1; - } - ssl->internal->tls13 = ctx; - ctx->ssl = ssl; - ctx->hs = &S3I(ssl)->hs_tls13; - - if (!tls13_client_init(ctx)) { - if (ERR_peek_error() == 0) - SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ - return -1; - } - } - - ERR_clear_error(); - S3I(ssl)->hs.state = SSL_ST_CONNECT; - - ret = tls13_connect(ctx); - if (ret == TLS13_IO_USE_LEGACY) - return ssl->method->internal->ssl_connect(ssl); - if (ret == TLS13_IO_SUCCESS) - S3I(ssl)->hs.state = SSL_ST_OK; - - return tls13_legacy_return_code(ssl, ret); -} - -int -tls13_use_legacy_client(struct tls13_ctx *ctx) -{ - SSL *s = ctx->ssl; - CBS cbs; - - s->method = tls_legacy_client_method(); - s->internal->handshake_func = s->method->internal->ssl_connect; - s->client_version = s->version = s->method->internal->max_version; - - if (!ssl3_setup_init_buffer(s)) - goto err; - if (!ssl3_setup_buffers(s)) - goto err; - if (!ssl_init_wbio_buffer(s, 0)) - goto err; - - if (s->bbio != s->wbio) - s->wbio = BIO_push(s->bbio, s->wbio); - - /* Stash any unprocessed data from the last record. */ - tls13_record_layer_rbuf(ctx->rl, &cbs); - if (CBS_len(&cbs) > 0) { - if (!CBS_write_bytes(&cbs, - S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH, - S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL)) - goto err; - - S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH; - S3I(s)->rbuf.left = CBS_len(&cbs); - S3I(s)->rrec.type = SSL3_RT_HANDSHAKE; - S3I(s)->rrec.length = CBS_len(&cbs); - s->internal->rstate = SSL_ST_READ_BODY; - s->internal->packet = S3I(s)->rbuf.buf; - s->internal->packet_length = SSL3_RT_HEADER_LENGTH; - s->internal->mac_packet = 1; - } - - /* Stash the current handshake message. */ - tls13_handshake_msg_data(ctx->hs_msg, &cbs); - if (!CBS_write_bytes(&cbs, s->internal->init_buf->data, - s->internal->init_buf->length, NULL)) - goto err; - - S3I(s)->tmp.reuse_message = 1; - S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg); - S3I(s)->tmp.message_size = CBS_len(&cbs); - - S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; - - return 1; - - err: - return 0; -} - static int tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb) { diff --git a/lib/libssl/tls13_internal.h b/lib/libssl/tls13_internal.h index d711f1a58dc..d53672dbfe5 100644 --- a/lib/libssl/tls13_internal.h +++ b/lib/libssl/tls13_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_internal.h,v 1.66 2020/04/28 20:30:40 jsing Exp $ */ +/* $OpenBSD: tls13_internal.h,v 1.67 2020/04/28 20:37:22 jsing Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -250,6 +250,8 @@ const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher); /* * Legacy interfaces. */ +int tls13_use_legacy_client(struct tls13_ctx *ctx); +int tls13_use_legacy_server(struct tls13_ctx *ctx); int tls13_legacy_accept(SSL *ssl); int tls13_legacy_connect(SSL *ssl); int tls13_legacy_return_code(SSL *ssl, ssize_t ret); @@ -292,6 +294,11 @@ int tls13_legacy_shutdown(SSL *ssl); int tls13_handshake_msg_record(struct tls13_ctx *ctx); int tls13_handshake_perform(struct tls13_ctx *ctx); +int tls13_client_init(struct tls13_ctx *ctx); +int tls13_server_init(struct tls13_ctx *ctx); +int tls13_client_connect(struct tls13_ctx *ctx); +int tls13_server_accept(struct tls13_ctx *ctx); + int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb); int tls13_client_hello_sent(struct tls13_ctx *ctx); int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs); diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c index 747bdc2728e..1e18a8258c3 100644 --- a/lib/libssl/tls13_legacy.c +++ b/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.2 2020/03/10 17:02:21 jsing Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.3 2020/04/28 20:37:22 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -277,6 +277,195 @@ tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len) } int +tls13_use_legacy_client(struct tls13_ctx *ctx) +{ + SSL *s = ctx->ssl; + CBS cbs; + + s->method = tls_legacy_client_method(); + s->internal->handshake_func = s->method->internal->ssl_connect; + s->client_version = s->version = s->method->internal->max_version; + + if (!ssl3_setup_init_buffer(s)) + goto err; + if (!ssl3_setup_buffers(s)) + goto err; + if (!ssl_init_wbio_buffer(s, 0)) + goto err; + + if (s->bbio != s->wbio) + s->wbio = BIO_push(s->bbio, s->wbio); + + /* Stash any unprocessed data from the last record. */ + tls13_record_layer_rbuf(ctx->rl, &cbs); + if (CBS_len(&cbs) > 0) { + if (!CBS_write_bytes(&cbs, + S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH, + S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL)) + goto err; + + S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH; + S3I(s)->rbuf.left = CBS_len(&cbs); + S3I(s)->rrec.type = SSL3_RT_HANDSHAKE; + S3I(s)->rrec.length = CBS_len(&cbs); + s->internal->rstate = SSL_ST_READ_BODY; + s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet_length = SSL3_RT_HEADER_LENGTH; + s->internal->mac_packet = 1; + } + + /* Stash the current handshake message. */ + tls13_handshake_msg_data(ctx->hs_msg, &cbs); + if (!CBS_write_bytes(&cbs, s->internal->init_buf->data, + s->internal->init_buf->length, NULL)) + goto err; + + S3I(s)->tmp.reuse_message = 1; + S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg); + S3I(s)->tmp.message_size = CBS_len(&cbs); + + S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; + + return 1; + + err: + return 0; +} + +int +tls13_use_legacy_server(struct tls13_ctx *ctx) +{ + SSL *s = ctx->ssl; + CBS cbs; + + s->method = tls_legacy_server_method(); + s->internal->handshake_func = s->method->internal->ssl_accept; + s->client_version = s->version = s->method->internal->max_version; + s->server = 1; + + if (!ssl3_setup_init_buffer(s)) + goto err; + if (!ssl3_setup_buffers(s)) + goto err; + if (!ssl_init_wbio_buffer(s, 0)) + goto err; + + if (s->bbio != s->wbio) + s->wbio = BIO_push(s->bbio, s->wbio); + + /* Stash any unprocessed data from the last record. */ + tls13_record_layer_rbuf(ctx->rl, &cbs); + if (CBS_len(&cbs) > 0) { + if (!CBS_write_bytes(&cbs, + S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH, + S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL)) + goto err; + + S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH; + S3I(s)->rbuf.left = CBS_len(&cbs); + S3I(s)->rrec.type = SSL3_RT_HANDSHAKE; + S3I(s)->rrec.length = CBS_len(&cbs); + s->internal->rstate = SSL_ST_READ_BODY; + s->internal->packet = S3I(s)->rbuf.buf; + s->internal->packet_length = SSL3_RT_HEADER_LENGTH; + s->internal->mac_packet = 1; + } + + /* Stash the current handshake message. */ + tls13_handshake_msg_data(ctx->hs_msg, &cbs); + if (!CBS_write_bytes(&cbs, s->internal->init_buf->data, + s->internal->init_buf->length, NULL)) + goto err; + + S3I(s)->tmp.reuse_message = 1; + S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg); + S3I(s)->tmp.message_size = CBS_len(&cbs); + + S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; + + return 1; + + err: + return 0; +} + +int +tls13_legacy_accept(SSL *ssl) +{ + struct tls13_ctx *ctx = ssl->internal->tls13; + int ret; + + if (ctx == NULL) { + if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) { + SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ + return -1; + } + ssl->internal->tls13 = ctx; + ctx->ssl = ssl; + ctx->hs = &S3I(ssl)->hs_tls13; + + if (!tls13_server_init(ctx)) { + if (ERR_peek_error() == 0) + SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ + return -1; + } + } + + ERR_clear_error(); + S3I(ssl)->hs.state = SSL_ST_ACCEPT; + + ret = tls13_server_accept(ctx); + if (ret == TLS13_IO_USE_LEGACY) + return ssl->method->internal->ssl_accept(ssl); + if (ret == TLS13_IO_SUCCESS) + S3I(ssl)->hs.state = SSL_ST_OK; + + return tls13_legacy_return_code(ssl, ret); +} + +int +tls13_legacy_connect(SSL *ssl) +{ + struct tls13_ctx *ctx = ssl->internal->tls13; + int ret; + +#ifdef TLS13_USE_LEGACY_CLIENT_AUTH + /* XXX drop back to legacy for client auth for now */ + if (ssl->cert->key->privatekey != NULL) { + ssl->method = tls_legacy_client_method(); + return ssl->method->internal->ssl_connect(ssl); + } +#endif + + if (ctx == NULL) { + if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT)) == NULL) { + SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ + return -1; + } + ssl->internal->tls13 = ctx; + ctx->ssl = ssl; + ctx->hs = &S3I(ssl)->hs_tls13; + + if (!tls13_client_init(ctx)) { + if (ERR_peek_error() == 0) + SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ + return -1; + } + } + + ERR_clear_error(); + S3I(ssl)->hs.state = SSL_ST_CONNECT; + + ret = tls13_client_connect(ctx); + if (ret == TLS13_IO_USE_LEGACY) + return ssl->method->internal->ssl_connect(ssl); + if (ret == TLS13_IO_SUCCESS) + S3I(ssl)->hs.state = SSL_ST_OK; + + return tls13_legacy_return_code(ssl, ret); +} + +int tls13_legacy_shutdown(SSL *ssl) { struct tls13_ctx *ctx = ssl->internal->tls13; diff --git a/lib/libssl/tls13_server.c b/lib/libssl/tls13_server.c index 864e434fda0..4fa1aba31de 100644 --- a/lib/libssl/tls13_server.c +++ b/lib/libssl/tls13_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_server.c,v 1.33 2020/04/27 20:15:17 jsing Exp $ */ +/* $OpenBSD: tls13_server.c,v 1.34 2020/04/28 20:37:22 jsing Exp $ */ /* * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> * Copyright (c) 2020 Bob Beck <beck@openbsd.org> @@ -22,7 +22,7 @@ #include "tls13_handshake.h" #include "tls13_internal.h" -static int +int tls13_server_init(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; @@ -45,8 +45,8 @@ tls13_server_init(struct tls13_ctx *ctx) return 1; } -static int -tls13_accept(struct tls13_ctx *ctx) +int +tls13_server_accept(struct tls13_ctx *ctx) { if (ctx->mode != TLS13_HS_SERVER) return TLS13_IO_FAILURE; @@ -54,97 +54,6 @@ tls13_accept(struct tls13_ctx *ctx) return tls13_handshake_perform(ctx); } -int -tls13_legacy_accept(SSL *ssl) -{ - struct tls13_ctx *ctx = ssl->internal->tls13; - int ret; - - if (ctx == NULL) { - if ((ctx = tls13_ctx_new(TLS13_HS_SERVER)) == NULL) { - SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ - return -1; - } - ssl->internal->tls13 = ctx; - ctx->ssl = ssl; - ctx->hs = &S3I(ssl)->hs_tls13; - - if (!tls13_server_init(ctx)) { - if (ERR_peek_error() == 0) - SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */ - return -1; - } - } - - ERR_clear_error(); - S3I(ssl)->hs.state = SSL_ST_ACCEPT; - - ret = tls13_accept(ctx); - if (ret == TLS13_IO_USE_LEGACY) - return ssl->method->internal->ssl_accept(ssl); - if (ret == TLS13_IO_SUCCESS) - S3I(ssl)->hs.state = SSL_ST_OK; - - return tls13_legacy_return_code(ssl, ret); -} - -int -tls13_use_legacy_server(struct tls13_ctx *ctx) -{ - SSL *s = ctx->ssl; - CBS cbs; - - s->method = tls_legacy_server_method(); - s->internal->handshake_func = s->method->internal->ssl_accept; - s->client_version = s->version = s->method->internal->max_version; - s->server = 1; - - if (!ssl3_setup_init_buffer(s)) - goto err; - if (!ssl3_setup_buffers(s)) - goto err; - if (!ssl_init_wbio_buffer(s, 0)) - goto err; - - if (s->bbio != s->wbio) - s->wbio = BIO_push(s->bbio, s->wbio); - - /* Stash any unprocessed data from the last record. */ - tls13_record_layer_rbuf(ctx->rl, &cbs); - if (CBS_len(&cbs) > 0) { - if (!CBS_write_bytes(&cbs, - S3I(s)->rbuf.buf + SSL3_RT_HEADER_LENGTH, - S3I(s)->rbuf.len - SSL3_RT_HEADER_LENGTH, NULL)) - goto err; - - S3I(s)->rbuf.offset = SSL3_RT_HEADER_LENGTH; - S3I(s)->rbuf.left = CBS_len(&cbs); - S3I(s)->rrec.type = SSL3_RT_HANDSHAKE; - S3I(s)->rrec.length = CBS_len(&cbs); - s->internal->rstate = SSL_ST_READ_BODY; - s->internal->packet = S3I(s)->rbuf.buf; - s->internal->packet_length = SSL3_RT_HEADER_LENGTH; - s->internal->mac_packet = 1; - } - - /* Stash the current handshake message. */ - tls13_handshake_msg_data(ctx->hs_msg, &cbs); - if (!CBS_write_bytes(&cbs, s->internal->init_buf->data, - s->internal->init_buf->length, NULL)) - goto err; - - S3I(s)->tmp.reuse_message = 1; - S3I(s)->tmp.message_type = tls13_handshake_msg_type(ctx->hs_msg); - S3I(s)->tmp.message_size = CBS_len(&cbs); - - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; - - return 1; - - err: - return 0; -} - static int tls13_client_hello_is_legacy(CBS *cbs) { |