diff options
| -rw-r--r-- | lib/libssl/ssl_clnt.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_lib.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_locl.h | 8 | ||||
| -rw-r--r-- | lib/libssl/ssl_methods.c | 473 | ||||
| -rw-r--r-- | lib/libssl/ssl_sess.c | 4 | ||||
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 4 | ||||
| -rw-r--r-- | lib/libssl/tls13_legacy.c | 18 |
7 files changed, 73 insertions, 442 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c index 3d11aaaf363..88b82c44004 100644 --- a/lib/libssl/ssl_clnt.c +++ b/lib/libssl/ssl_clnt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_clnt.c,v 1.74 2020/10/03 18:01:55 jsing Exp $ */ +/* $OpenBSD: ssl_clnt.c,v 1.75 2020/10/11 02:22:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -911,7 +911,7 @@ ssl3_get_server_hello(SSL *s) } s->version = server_version; - if ((method = ssl_get_client_method(server_version)) == NULL) { + if ((method = ssl_get_method(server_version)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c index 6e375e1c099..b306137c142 100644 --- a/lib/libssl/ssl_lib.c +++ b/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.234 2020/09/24 18:12:00 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.235 2020/10/11 02:22:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -345,7 +345,7 @@ SSL_new(SSL_CTX *ctx) goto err; s->references = 1; - s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1; + s->server = 0; SSL_clear(s); diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index e47f6191c20..e341e9eda2e 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.301 2020/10/11 01:16:31 guenther Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.302 2020/10/11 02:22:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1121,11 +1121,7 @@ int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher, uint16_t min_ver, uint16_t max_ver); const SSL_METHOD *tls_legacy_method(void); -const SSL_METHOD *tls_legacy_client_method(void); -const SSL_METHOD *tls_legacy_server_method(void); - -const SSL_METHOD *ssl_get_client_method(uint16_t version); -const SSL_METHOD *ssl_get_server_method(uint16_t version); +const SSL_METHOD *ssl_get_method(uint16_t version); extern SSL3_ENC_METHOD TLSv1_enc_data; extern SSL3_ENC_METHOD TLSv1_1_enc_data; diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index ddfb8dfdba2..23c7e97b574 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.17 2020/10/03 17:54:27 jsing Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,45 +59,6 @@ #include "ssl_locl.h" #include "tls13_internal.h" -static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { - .version = DTLS1_VERSION, - .min_version = DTLS1_VERSION, - .max_version = DTLS1_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .ssl3_enc = &TLSv1_1_enc_data, -}; - -static const SSL_METHOD DTLSv1_client_method_data = { - .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_client_method_internal_data, -}; - -const SSL_METHOD * -DTLSv1_client_method(void) -{ - return &DTLSv1_client_method_data; -} - -const SSL_METHOD * -DTLS_client_method(void) -{ - return DTLSv1_client_method(); -} - static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { .version = DTLS1_VERSION, .min_version = DTLS1_VERSION, @@ -126,231 +87,39 @@ static const SSL_METHOD DTLSv1_method_data = { }; const SSL_METHOD * -DTLSv1_method(void) +DTLSv1_client_method(void) { return &DTLSv1_method_data; } const SSL_METHOD * -DTLS_method(void) +DTLSv1_method(void) { - return DTLSv1_method(); + return &DTLSv1_method_data; } -static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = { - .version = DTLS1_VERSION, - .min_version = DTLS1_VERSION, - .max_version = DTLS1_VERSION, - .ssl_new = dtls1_new, - .ssl_clear = dtls1_clear, - .ssl_free = dtls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = dtls1_read_bytes, - .ssl_write_bytes = dtls1_write_app_data_bytes, - .ssl3_enc = &TLSv1_1_enc_data, -}; - -static const SSL_METHOD DTLSv1_server_method_data = { - .ssl_dispatch_alert = dtls1_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = dtls1_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &DTLSv1_server_method_internal_data, -}; - const SSL_METHOD * DTLSv1_server_method(void) { - return &DTLSv1_server_method_data; -} - -const SSL_METHOD * -DTLS_server_method(void) -{ - return DTLSv1_server_method(); -} - -#ifdef LIBRESSL_HAS_TLS1_3_CLIENT -static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { - .version = TLS1_3_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_3_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = tls13_legacy_connect, - .ssl_shutdown = tls13_legacy_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = tls13_legacy_pending, - .ssl_read_bytes = tls13_legacy_read_bytes, - .ssl_write_bytes = tls13_legacy_write_bytes, - .ssl3_enc = &TLSv1_3_enc_data, -}; - -static const SSL_METHOD TLS_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_client_method_internal_data, -}; -#endif - -static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLS_legacy_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_legacy_client_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { - .version = TLS1_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_enc_data, -}; - -static const SSL_METHOD TLSv1_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_client_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { - .version = TLS1_1_VERSION, - .min_version = TLS1_1_VERSION, - .max_version = TLS1_1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_1_enc_data, -}; - -static const SSL_METHOD TLSv1_1_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_1_client_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_2_VERSION, - .max_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl_undefined_function, - .ssl_connect = ssl3_connect, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLSv1_2_client_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_2_client_method_internal_data, -}; - -const SSL_METHOD * -SSLv23_client_method(void) -{ - return (TLS_client_method()); -} - -const SSL_METHOD * -TLS_client_method(void) -{ -#ifdef LIBRESSL_HAS_TLS1_3_CLIENT - return (&TLS_client_method_data); -#else - return tls_legacy_client_method(); -#endif -} - -const SSL_METHOD * -tls_legacy_client_method(void) -{ - return (&TLS_legacy_client_method_data); + return &DTLSv1_method_data; } const SSL_METHOD * -TLSv1_client_method(void) +DTLS_client_method(void) { - return (&TLSv1_client_method_data); + return DTLSv1_method(); } const SSL_METHOD * -TLSv1_1_client_method(void) +DTLS_method(void) { - return (&TLSv1_1_client_method_data); + return DTLSv1_method(); } const SSL_METHOD * -TLSv1_2_client_method(void) +DTLS_server_method(void) { - return (&TLSv1_2_client_method_data); + return DTLSv1_method(); } #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) @@ -491,9 +260,9 @@ static const SSL_METHOD TLSv1_2_method_data = { }; const SSL_METHOD * -SSLv23_method(void) +TLS_client_method(void) { - return (TLS_method()); + return TLS_method(); } const SSL_METHOD * @@ -507,236 +276,102 @@ TLS_method(void) } const SSL_METHOD * +TLS_server_method(void) +{ + return TLS_method(); +} + +const SSL_METHOD * tls_legacy_method(void) { return (&TLS_legacy_method_data); } const SSL_METHOD * -TLSv1_method(void) +SSLv23_client_method(void) { - return (&TLSv1_method_data); + return TLS_method(); } const SSL_METHOD * -TLSv1_1_method(void) +SSLv23_method(void) { - return (&TLSv1_1_method_data); + return TLS_method(); } const SSL_METHOD * -TLSv1_2_method(void) +SSLv23_server_method(void) { - return (&TLSv1_2_method_data); + return TLS_method(); } -#ifdef LIBRESSL_HAS_TLS1_3_SERVER -static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { - .version = TLS1_3_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_3_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = tls13_legacy_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = tls13_legacy_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = tls13_legacy_pending, - .ssl_read_bytes = tls13_legacy_read_bytes, - .ssl_write_bytes = tls13_legacy_write_bytes, - .ssl3_enc = &TLSv1_3_enc_data, -}; - -static const SSL_METHOD TLS_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_server_method_internal_data, -}; -#endif - -static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl_undefined_function, - .ssl_renegotiate_check = ssl_ok, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLS_legacy_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLS_legacy_server_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = { - .version = TLS1_VERSION, - .min_version = TLS1_VERSION, - .max_version = TLS1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_enc_data, -}; - -static const SSL_METHOD TLSv1_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_server_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = { - .version = TLS1_1_VERSION, - .min_version = TLS1_1_VERSION, - .max_version = TLS1_1_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_1_enc_data, -}; - -static const SSL_METHOD TLSv1_1_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_1_server_method_internal_data, -}; - -static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = { - .version = TLS1_2_VERSION, - .min_version = TLS1_2_VERSION, - .max_version = TLS1_2_VERSION, - .ssl_new = tls1_new, - .ssl_clear = tls1_clear, - .ssl_free = tls1_free, - .ssl_accept = ssl3_accept, - .ssl_connect = ssl_undefined_function, - .ssl_shutdown = ssl3_shutdown, - .ssl_renegotiate = ssl3_renegotiate, - .ssl_renegotiate_check = ssl3_renegotiate_check, - .ssl_pending = ssl3_pending, - .ssl_read_bytes = ssl3_read_bytes, - .ssl_write_bytes = ssl3_write_bytes, - .ssl3_enc = &TLSv1_2_enc_data, -}; - -static const SSL_METHOD TLSv1_2_server_method_data = { - .ssl_dispatch_alert = ssl3_dispatch_alert, - .num_ciphers = ssl3_num_ciphers, - .get_cipher = ssl3_get_cipher, - .get_cipher_by_char = ssl3_get_cipher_by_char, - .put_cipher_by_char = ssl3_put_cipher_by_char, - .internal = &TLSv1_2_server_method_internal_data, -}; +const SSL_METHOD * +TLSv1_client_method(void) +{ + return (&TLSv1_method_data); +} const SSL_METHOD * -SSLv23_server_method(void) +TLSv1_method(void) { - return (TLS_server_method()); + return (&TLSv1_method_data); } const SSL_METHOD * -TLS_server_method(void) +TLSv1_server_method(void) { -#ifdef LIBRESSL_HAS_TLS1_3_SERVER - return (&TLS_server_method_data); -#else - return tls_legacy_server_method(); -#endif + return (&TLSv1_method_data); } const SSL_METHOD * -tls_legacy_server_method(void) +TLSv1_1_client_method(void) { - return (&TLS_legacy_server_method_data); + return (&TLSv1_1_method_data); } const SSL_METHOD * -TLSv1_server_method(void) +TLSv1_1_method(void) { - return (&TLSv1_server_method_data); + return (&TLSv1_1_method_data); } const SSL_METHOD * TLSv1_1_server_method(void) { - return (&TLSv1_1_server_method_data); + return (&TLSv1_1_method_data); } const SSL_METHOD * -TLSv1_2_server_method(void) +TLSv1_2_client_method(void) { - return (&TLSv1_2_server_method_data); + return (&TLSv1_2_method_data); } const SSL_METHOD * -ssl_get_client_method(uint16_t version) +TLSv1_2_method(void) { - if (version == TLS1_3_VERSION) - return (TLS_client_method()); - if (version == TLS1_2_VERSION) - return (TLSv1_2_client_method()); - if (version == TLS1_1_VERSION) - return (TLSv1_1_client_method()); - if (version == TLS1_VERSION) - return (TLSv1_client_method()); - if (version == DTLS1_VERSION) - return (DTLSv1_client_method()); + return (&TLSv1_2_method_data); +} - return (NULL); +const SSL_METHOD * +TLSv1_2_server_method(void) +{ + return (&TLSv1_2_method_data); } const SSL_METHOD * -ssl_get_server_method(uint16_t version) +ssl_get_method(uint16_t version) { if (version == TLS1_3_VERSION) - return (TLS_server_method()); + return (TLS_method()); if (version == TLS1_2_VERSION) - return (TLSv1_2_server_method()); + return (TLSv1_2_method()); if (version == TLS1_1_VERSION) - return (TLSv1_1_server_method()); + return (TLSv1_1_method()); if (version == TLS1_VERSION) - return (TLSv1_server_method()); + return (TLSv1_method()); if (version == DTLS1_VERSION) - return (DTLSv1_server_method()); + return (DTLSv1_method()); return (NULL); } diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index d805419de43..be5cbbeec64 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.100 2020/09/19 09:56:35 tb Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.101 2020/10/11 02:22:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -797,7 +797,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session) return SSL_set_ssl_method(s, s->ctx->method); } - if ((method = ssl_get_client_method(session->ssl_version)) == NULL) { + if ((method = ssl_get_method(session->ssl_version)) == NULL) { SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); return (0); } diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index 1e926408356..3b848f4b402 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.86 2020/10/03 18:01:55 jsing Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -868,7 +868,7 @@ ssl3_get_client_hello(SSL *s) s->client_version = client_version; s->version = shared_version; - if ((method = ssl_get_server_method(shared_version)) == NULL) { + if ((method = ssl_get_method(shared_version)) == NULL) { SSLerror(s, ERR_R_INTERNAL_ERROR); goto err; } diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c index e9e17293e12..943e2db9a18 100644 --- a/lib/libssl/tls13_legacy.c +++ b/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.15 2020/10/07 10:14:45 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.16 2020/10/11 02:22:27 jsing Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * @@ -302,6 +302,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx) memset(&cbb, 0, sizeof(cbb)); + s->method = tls_legacy_method(); + if (!ssl3_setup_init_buffer(s)) goto err; if (!ssl3_setup_buffers(s)) @@ -359,13 +361,12 @@ tls13_use_legacy_client(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; - s->method = tls_legacy_client_method(); - s->internal->handshake_func = s->method->internal->ssl_connect; - s->client_version = s->version = s->method->internal->max_version; - if (!tls13_use_legacy_stack(ctx)) return 0; + s->internal->handshake_func = s->method->internal->ssl_connect; + s->client_version = s->version = s->method->internal->max_version; + S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; return 1; @@ -376,14 +377,13 @@ tls13_use_legacy_server(struct tls13_ctx *ctx) { SSL *s = ctx->ssl; - s->method = tls_legacy_server_method(); + if (!tls13_use_legacy_stack(ctx)) + return 0; + s->internal->handshake_func = s->method->internal->ssl_accept; s->client_version = s->version = s->method->internal->max_version; s->server = 1; - if (!tls13_use_legacy_stack(ctx)) - return 0; - S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; return 1; |