diff options
| author |   jsing <jsing@openbsd.org> | 2020-10-11 02:22:27 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2020-10-11 02:22:27 +0000 |
| commit | 9fef1c44a60220d617ce7edb2d07c208216a8adb (patch) | |
| tree | 41ca77d30fb3113c1770c03ca4e5c9e2e66abab1 /lib/libssl/tls13_legacy.c | |
| parent | Unbreak regress following SRTP_PROTECTION_PROFILE const change. (diff) | |
| download | wireguard-openbsd-9fef1c44a60220d617ce7edb2d07c208216a8adb.tar.xz wireguard-openbsd-9fef1c44a60220d617ce7edb2d07c208216a8adb.zip | |
Condense and simplify TLS methods.
Historically, OpenSSL has had client and server specific methods - the only
difference between these is that the .ssl_connect or .ssl_accept function
pointer is set to ssl_undefined_function, with the intention of reducing
code size for a statically linked binary that was only a client or server.
These days the difference is minimal or non-existant in many cases and
we can reduce the amount of code and complexity by having single method.
Internally remove all of the client and server specific methods,
simplifying code in the process. The external client/server specific API
remain, however these now return the same thing as TLS_method() does.
ok tb@
Diffstat (limited to 'lib/libssl/tls13_legacy.c')
| -rw-r--r-- | lib/libssl/tls13_legacy.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c index e9e17293e12..943e2db9a18 100644 --- a/lib/libssl/tls13_legacy.c +++ b/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.15 2020/10/07 10:14:45 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.16 2020/10/11 02:22:27 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -302,6 +302,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) memset(&cbb, 0, sizeof(cbb)); + s->method = tls_legacy_method(); + if (!ssl3_setup_init_buffer(s)) goto err; if (!ssl3_setup_buffers(s)) @@ -359,13 +361,12 @@ tls13_use_legacy_client(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; - s->method = tls_legacy_client_method(); - s->internal->handshake_func = s->method->internal->ssl_connect; - s->client_version = s->version = s->method->internal->max_version; - if (!tls13_use_legacy_stack(ctx)) return 0; + s->internal->handshake_func = s->method->internal->ssl_connect; + s->client_version = s->version = s->method->internal->max_version; + S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; return 1; @@ -376,14 +377,13 @@ tls13_use_legacy_server(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; - s->method = tls_legacy_server_method(); + if (!tls13_use_legacy_stack(ctx)) + return 0; + s->internal->handshake_func = s->method->internal->ssl_accept; s->client_version = s->version = s->method->internal->max_version; s->server = 1; - if (!tls13_use_legacy_stack(ctx)) - return 0; - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; return 1; |