diff options
| author |   tb <tb@openbsd.org> | 2021-03-31 16:59:32 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2021-03-31 16:59:32 +0000 |
| commit | e6d88397616a72165a937474dab56c25efd3d032 (patch) | |
| tree | 85a429160068068851865b3a0a67896c34436fb7 | |
| parent | Document SSL_set_hostflags(3) and SSL_get0_peername(3) (diff) | |
| download | wireguard-openbsd-e6d88397616a72165a937474dab56c25efd3d032.tar.xz wireguard-openbsd-e6d88397616a72165a937474dab56c25efd3d032.zip | |
Expose various DTLSv1.2 specific functions and defines
ok bcook inoguchi jsing
| -rw-r--r-- | lib/libcrypto/opensslfeatures.h | 1 | ||||
| -rw-r--r-- | lib/libssl/Symbols.list | 4 | ||||
| -rw-r--r-- | lib/libssl/dtls1.h | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl.h | 10 | ||||
| -rw-r--r-- | lib/libssl/ssl_methods.c | 16 |
5 files changed, 8 insertions, 27 deletions
diff --git a/lib/libcrypto/opensslfeatures.h b/lib/libcrypto/opensslfeatures.h index 9684276b72d..20696d3d91c 100644 --- a/lib/libcrypto/opensslfeatures.h +++ b/lib/libcrypto/opensslfeatures.h @@ -4,6 +4,7 @@ * enabled (or possibly not yet not implemented, or removed!). */ /* #define LIBRESSL_HAS_TLS1_3 */ +/* #define LIBRESSL_HAS_DTLS1_2 */ #define OPENSSL_THREADS diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list index 9234cf6e51a..15d43f891e1 100644 --- a/lib/libssl/Symbols.list +++ b/lib/libssl/Symbols.list @@ -13,6 +13,9 @@ DTLS_server_method DTLSv1_client_method DTLSv1_method DTLSv1_server_method +DTLSv1_2_client_method +DTLSv1_2_method +DTLSv1_2_server_method SSLv23_client_method SSLv23_method SSLv23_server_method @@ -244,6 +247,7 @@ SSL_get_version SSL_get_wbio SSL_get_wfd SSL_has_matching_session_id +SSL_is_dtls SSL_is_server SSL_library_init SSL_load_client_CA_file diff --git a/lib/libssl/dtls1.h b/lib/libssl/dtls1.h index b822f659abb..fe8c5864dd9 100644 --- a/lib/libssl/dtls1.h +++ b/lib/libssl/dtls1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dtls1.h,v 1.24 2021/02/20 08:11:57 jsing Exp $ */ +/* $OpenBSD: dtls1.h,v 1.25 2021/03/31 16:59:32 tb Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -74,10 +74,8 @@ extern "C" { #endif #define DTLS1_VERSION 0xFEFF -#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL) #define DTLS1_2_VERSION 0xFEFD #define DTLS1_VERSION_MAJOR 0xFE -#endif /* lengths of messages */ #define DTLS1_COOKIE_LENGTH 256 diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index 5665a091798..5ed2198b38f 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.185 2021/03/31 16:55:04 tb Exp $ */ +/* $OpenBSD: ssl.h,v 1.186 2021/03/31 16:59:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -301,9 +301,7 @@ extern "C" { #define SSL_TXT_STREEBOG512 "STREEBOG512" #define SSL_TXT_DTLS1 "DTLSv1" -#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL) #define SSL_TXT_DTLS1_2 "DTLSv1.2" -#endif #define SSL_TXT_SSLV2 "SSLv2" #define SSL_TXT_SSLV3 "SSLv3" #define SSL_TXT_TLSV1 "TLSv1" @@ -523,10 +521,8 @@ struct ssl_session_st { #define SSL_OP_NO_TLSv1_3 0x20000000L #endif -#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL) #define SSL_OP_NO_DTLSv1 0x40000000L #define SSL_OP_NO_DTLSv1_2 0x80000000L -#endif /* SSL_OP_ALL: various bug workarounds that should be rather harmless. */ #define SSL_OP_ALL \ @@ -1465,9 +1461,7 @@ void SSL_free(SSL *ssl); int SSL_up_ref(SSL *ssl); int SSL_accept(SSL *ssl); int SSL_connect(SSL *ssl); -#ifdef LIBRESSL_INTERNAL int SSL_is_dtls(const SSL *s); -#endif int SSL_is_server(const SSL *s); int SSL_read(SSL *ssl, void *buf, int num); int SSL_peek(SSL *ssl, void *buf, int num); @@ -1527,11 +1521,9 @@ const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ -#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL) const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ -#endif const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */ const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */ diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index 084f533f5e8..a3e51ac0d01 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.23 2021/02/25 17:06:05 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.24 2021/03/31 16:59:32 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,7 +59,6 @@ #include "ssl_locl.h" #include "tls13_internal.h" -#ifdef LIBRESSL_HAS_DTLS1_2 static const SSL_METHOD_INTERNAL DTLS_method_internal_data = { .dtls = 1, .server = 1, @@ -117,7 +116,6 @@ static const SSL_METHOD DTLS_client_method_data = { .put_cipher_by_char = ssl3_put_cipher_by_char, .internal = &DTLS_client_method_internal_data, }; -#endif static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { .dtls = 1, @@ -274,31 +272,19 @@ DTLSv1_2_server_method(void) const SSL_METHOD * DTLS_client_method(void) { -#ifdef LIBRESSL_HAS_DTLS1_2 return &DTLS_client_method_data; -#else - return DTLSv1_client_method(); -#endif } const SSL_METHOD * DTLS_method(void) { -#ifdef LIBRESSL_HAS_DTLS1_2 return &DTLS_method_data; -#else - return DTLSv1_method(); -#endif } const SSL_METHOD * DTLS_server_method(void) { -#ifdef LIBRESSL_HAS_DTLS1_2 return &DTLS_method_data; -#else - return DTLSv1_server_method(); -#endif } #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) |