summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/ssl_clnt.c4
-rw-r--r--lib/libssl/ssl_lib.c4
-rw-r--r--lib/libssl/ssl_locl.h8
-rw-r--r--lib/libssl/ssl_methods.c473
-rw-r--r--lib/libssl/ssl_sess.c4
-rw-r--r--lib/libssl/ssl_srvr.c4
-rw-r--r--lib/libssl/tls13_legacy.c18
7 files changed, 73 insertions, 442 deletions
diff --git a/lib/libssl/ssl_clnt.c b/lib/libssl/ssl_clnt.c
index 3d11aaaf363..88b82c44004 100644
--- a/lib/libssl/ssl_clnt.c
+++ b/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_clnt.c,v 1.74 2020/10/03 18:01:55 jsing Exp $ */
+/* $OpenBSD: ssl_clnt.c,v 1.75 2020/10/11 02:22:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -911,7 +911,7 @@ ssl3_get_server_hello(SSL *s)
}
s->version = server_version;
- if ((method = ssl_get_client_method(server_version)) == NULL) {
+ if ((method = ssl_get_method(server_version)) == NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 6e375e1c099..b306137c142 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.234 2020/09/24 18:12:00 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.235 2020/10/11 02:22:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -345,7 +345,7 @@ SSL_new(SSL_CTX *ctx)
goto err;
s->references = 1;
- s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1;
+ s->server = 0;
SSL_clear(s);
diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index e47f6191c20..e341e9eda2e 100644
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.301 2020/10/11 01:16:31 guenther Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.302 2020/10/11 02:22:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1121,11 +1121,7 @@ int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher,
uint16_t min_ver, uint16_t max_ver);
const SSL_METHOD *tls_legacy_method(void);
-const SSL_METHOD *tls_legacy_client_method(void);
-const SSL_METHOD *tls_legacy_server_method(void);
-
-const SSL_METHOD *ssl_get_client_method(uint16_t version);
-const SSL_METHOD *ssl_get_server_method(uint16_t version);
+const SSL_METHOD *ssl_get_method(uint16_t version);
extern SSL3_ENC_METHOD TLSv1_enc_data;
extern SSL3_ENC_METHOD TLSv1_1_enc_data;
diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c
index ddfb8dfdba2..23c7e97b574 100644
--- a/lib/libssl/ssl_methods.c
+++ b/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.17 2020/10/03 17:54:27 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -59,45 +59,6 @@
#include "ssl_locl.h"
#include "tls13_internal.h"
-static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
- .version = DTLS1_VERSION,
- .min_version = DTLS1_VERSION,
- .max_version = DTLS1_VERSION,
- .ssl_new = dtls1_new,
- .ssl_clear = dtls1_clear,
- .ssl_free = dtls1_free,
- .ssl_accept = ssl_undefined_function,
- .ssl_connect = ssl3_connect,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl3_renegotiate,
- .ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = dtls1_read_bytes,
- .ssl_write_bytes = dtls1_write_app_data_bytes,
- .ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_client_method_data = {
- .ssl_dispatch_alert = dtls1_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = dtls1_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &DTLSv1_client_method_internal_data,
-};
-
-const SSL_METHOD *
-DTLSv1_client_method(void)
-{
- return &DTLSv1_client_method_data;
-}
-
-const SSL_METHOD *
-DTLS_client_method(void)
-{
- return DTLSv1_client_method();
-}
-
static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
.version = DTLS1_VERSION,
.min_version = DTLS1_VERSION,
@@ -126,231 +87,39 @@ static const SSL_METHOD DTLSv1_method_data = {
};
const SSL_METHOD *
-DTLSv1_method(void)
+DTLSv1_client_method(void)
{
return &DTLSv1_method_data;
}
const SSL_METHOD *
-DTLS_method(void)
+DTLSv1_method(void)
{
- return DTLSv1_method();
+ return &DTLSv1_method_data;
}
-static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
- .version = DTLS1_VERSION,
- .min_version = DTLS1_VERSION,
- .max_version = DTLS1_VERSION,
- .ssl_new = dtls1_new,
- .ssl_clear = dtls1_clear,
- .ssl_free = dtls1_free,
- .ssl_accept = ssl3_accept,
- .ssl_connect = ssl_undefined_function,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl3_renegotiate,
- .ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = dtls1_read_bytes,
- .ssl_write_bytes = dtls1_write_app_data_bytes,
- .ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_server_method_data = {
- .ssl_dispatch_alert = dtls1_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = dtls1_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &DTLSv1_server_method_internal_data,
-};
-
const SSL_METHOD *
DTLSv1_server_method(void)
{
- return &DTLSv1_server_method_data;
-}
-
-const SSL_METHOD *
-DTLS_server_method(void)
-{
- return DTLSv1_server_method();
-}
-
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
-static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
- .version = TLS1_3_VERSION,
- .min_version = TLS1_VERSION,
- .max_version = TLS1_3_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl_undefined_function,
- .ssl_connect = tls13_legacy_connect,
- .ssl_shutdown = tls13_legacy_shutdown,
- .ssl_renegotiate = ssl_undefined_function,
- .ssl_renegotiate_check = ssl_ok,
- .ssl_pending = tls13_legacy_pending,
- .ssl_read_bytes = tls13_legacy_read_bytes,
- .ssl_write_bytes = tls13_legacy_write_bytes,
- .ssl3_enc = &TLSv1_3_enc_data,
-};
-
-static const SSL_METHOD TLS_client_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLS_client_method_internal_data,
-};
-#endif
-
-static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
- .version = TLS1_2_VERSION,
- .min_version = TLS1_VERSION,
- .max_version = TLS1_2_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl_undefined_function,
- .ssl_connect = ssl3_connect,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl_undefined_function,
- .ssl_renegotiate_check = ssl_ok,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = ssl3_read_bytes,
- .ssl_write_bytes = ssl3_write_bytes,
- .ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_legacy_client_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLS_legacy_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
- .version = TLS1_VERSION,
- .min_version = TLS1_VERSION,
- .max_version = TLS1_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl_undefined_function,
- .ssl_connect = ssl3_connect,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl3_renegotiate,
- .ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = ssl3_read_bytes,
- .ssl_write_bytes = ssl3_write_bytes,
- .ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_client_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLSv1_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
- .version = TLS1_1_VERSION,
- .min_version = TLS1_1_VERSION,
- .max_version = TLS1_1_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl_undefined_function,
- .ssl_connect = ssl3_connect,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl3_renegotiate,
- .ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = ssl3_read_bytes,
- .ssl_write_bytes = ssl3_write_bytes,
- .ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_client_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLSv1_1_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
- .version = TLS1_2_VERSION,
- .min_version = TLS1_2_VERSION,
- .max_version = TLS1_2_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl_undefined_function,
- .ssl_connect = ssl3_connect,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl3_renegotiate,
- .ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = ssl3_read_bytes,
- .ssl_write_bytes = ssl3_write_bytes,
- .ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_client_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLSv1_2_client_method_internal_data,
-};
-
-const SSL_METHOD *
-SSLv23_client_method(void)
-{
- return (TLS_client_method());
-}
-
-const SSL_METHOD *
-TLS_client_method(void)
-{
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
- return (&TLS_client_method_data);
-#else
- return tls_legacy_client_method();
-#endif
-}
-
-const SSL_METHOD *
-tls_legacy_client_method(void)
-{
- return (&TLS_legacy_client_method_data);
+ return &DTLSv1_method_data;
}
const SSL_METHOD *
-TLSv1_client_method(void)
+DTLS_client_method(void)
{
- return (&TLSv1_client_method_data);
+ return DTLSv1_method();
}
const SSL_METHOD *
-TLSv1_1_client_method(void)
+DTLS_method(void)
{
- return (&TLSv1_1_client_method_data);
+ return DTLSv1_method();
}
const SSL_METHOD *
-TLSv1_2_client_method(void)
+DTLS_server_method(void)
{
- return (&TLSv1_2_client_method_data);
+ return DTLSv1_method();
}
#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -491,9 +260,9 @@ static const SSL_METHOD TLSv1_2_method_data = {
};
const SSL_METHOD *
-SSLv23_method(void)
+TLS_client_method(void)
{
- return (TLS_method());
+ return TLS_method();
}
const SSL_METHOD *
@@ -507,236 +276,102 @@ TLS_method(void)
}
const SSL_METHOD *
+TLS_server_method(void)
+{
+ return TLS_method();
+}
+
+const SSL_METHOD *
tls_legacy_method(void)
{
return (&TLS_legacy_method_data);
}
const SSL_METHOD *
-TLSv1_method(void)
+SSLv23_client_method(void)
{
- return (&TLSv1_method_data);
+ return TLS_method();
}
const SSL_METHOD *
-TLSv1_1_method(void)
+SSLv23_method(void)
{
- return (&TLSv1_1_method_data);
+ return TLS_method();
}
const SSL_METHOD *
-TLSv1_2_method(void)
+SSLv23_server_method(void)
{
- return (&TLSv1_2_method_data);
+ return TLS_method();
}
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
-static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
- .version = TLS1_3_VERSION,
- .min_version = TLS1_VERSION,
- .max_version = TLS1_3_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = tls13_legacy_accept,
- .ssl_connect = ssl_undefined_function,
- .ssl_shutdown = tls13_legacy_shutdown,
- .ssl_renegotiate = ssl_undefined_function,
- .ssl_renegotiate_check = ssl_ok,
- .ssl_pending = tls13_legacy_pending,
- .ssl_read_bytes = tls13_legacy_read_bytes,
- .ssl_write_bytes = tls13_legacy_write_bytes,
- .ssl3_enc = &TLSv1_3_enc_data,
-};
-
-static const SSL_METHOD TLS_server_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLS_server_method_internal_data,
-};
-#endif
-
-static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
- .version = TLS1_2_VERSION,
- .min_version = TLS1_VERSION,
- .max_version = TLS1_2_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl3_accept,
- .ssl_connect = ssl_undefined_function,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl_undefined_function,
- .ssl_renegotiate_check = ssl_ok,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = ssl3_read_bytes,
- .ssl_write_bytes = ssl3_write_bytes,
- .ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_legacy_server_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLS_legacy_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
- .version = TLS1_VERSION,
- .min_version = TLS1_VERSION,
- .max_version = TLS1_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl3_accept,
- .ssl_connect = ssl_undefined_function,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl3_renegotiate,
- .ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = ssl3_read_bytes,
- .ssl_write_bytes = ssl3_write_bytes,
- .ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_server_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLSv1_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
- .version = TLS1_1_VERSION,
- .min_version = TLS1_1_VERSION,
- .max_version = TLS1_1_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl3_accept,
- .ssl_connect = ssl_undefined_function,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl3_renegotiate,
- .ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = ssl3_read_bytes,
- .ssl_write_bytes = ssl3_write_bytes,
- .ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_server_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLSv1_1_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
- .version = TLS1_2_VERSION,
- .min_version = TLS1_2_VERSION,
- .max_version = TLS1_2_VERSION,
- .ssl_new = tls1_new,
- .ssl_clear = tls1_clear,
- .ssl_free = tls1_free,
- .ssl_accept = ssl3_accept,
- .ssl_connect = ssl_undefined_function,
- .ssl_shutdown = ssl3_shutdown,
- .ssl_renegotiate = ssl3_renegotiate,
- .ssl_renegotiate_check = ssl3_renegotiate_check,
- .ssl_pending = ssl3_pending,
- .ssl_read_bytes = ssl3_read_bytes,
- .ssl_write_bytes = ssl3_write_bytes,
- .ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_server_method_data = {
- .ssl_dispatch_alert = ssl3_dispatch_alert,
- .num_ciphers = ssl3_num_ciphers,
- .get_cipher = ssl3_get_cipher,
- .get_cipher_by_char = ssl3_get_cipher_by_char,
- .put_cipher_by_char = ssl3_put_cipher_by_char,
- .internal = &TLSv1_2_server_method_internal_data,
-};
+const SSL_METHOD *
+TLSv1_client_method(void)
+{
+ return (&TLSv1_method_data);
+}
const SSL_METHOD *
-SSLv23_server_method(void)
+TLSv1_method(void)
{
- return (TLS_server_method());
+ return (&TLSv1_method_data);
}
const SSL_METHOD *
-TLS_server_method(void)
+TLSv1_server_method(void)
{
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
- return (&TLS_server_method_data);
-#else
- return tls_legacy_server_method();
-#endif
+ return (&TLSv1_method_data);
}
const SSL_METHOD *
-tls_legacy_server_method(void)
+TLSv1_1_client_method(void)
{
- return (&TLS_legacy_server_method_data);
+ return (&TLSv1_1_method_data);
}
const SSL_METHOD *
-TLSv1_server_method(void)
+TLSv1_1_method(void)
{
- return (&TLSv1_server_method_data);
+ return (&TLSv1_1_method_data);
}
const SSL_METHOD *
TLSv1_1_server_method(void)
{
- return (&TLSv1_1_server_method_data);
+ return (&TLSv1_1_method_data);
}
const SSL_METHOD *
-TLSv1_2_server_method(void)
+TLSv1_2_client_method(void)
{
- return (&TLSv1_2_server_method_data);
+ return (&TLSv1_2_method_data);
}
const SSL_METHOD *
-ssl_get_client_method(uint16_t version)
+TLSv1_2_method(void)
{
- if (version == TLS1_3_VERSION)
- return (TLS_client_method());
- if (version == TLS1_2_VERSION)
- return (TLSv1_2_client_method());
- if (version == TLS1_1_VERSION)
- return (TLSv1_1_client_method());
- if (version == TLS1_VERSION)
- return (TLSv1_client_method());
- if (version == DTLS1_VERSION)
- return (DTLSv1_client_method());
+ return (&TLSv1_2_method_data);
+}
- return (NULL);
+const SSL_METHOD *
+TLSv1_2_server_method(void)
+{
+ return (&TLSv1_2_method_data);
}
const SSL_METHOD *
-ssl_get_server_method(uint16_t version)
+ssl_get_method(uint16_t version)
{
if (version == TLS1_3_VERSION)
- return (TLS_server_method());
+ return (TLS_method());
if (version == TLS1_2_VERSION)
- return (TLSv1_2_server_method());
+ return (TLSv1_2_method());
if (version == TLS1_1_VERSION)
- return (TLSv1_1_server_method());
+ return (TLSv1_1_method());
if (version == TLS1_VERSION)
- return (TLSv1_server_method());
+ return (TLSv1_method());
if (version == DTLS1_VERSION)
- return (DTLSv1_server_method());
+ return (DTLSv1_method());
return (NULL);
}
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index d805419de43..be5cbbeec64 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.100 2020/09/19 09:56:35 tb Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.101 2020/10/11 02:22:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -797,7 +797,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
return SSL_set_ssl_method(s, s->ctx->method);
}
- if ((method = ssl_get_client_method(session->ssl_version)) == NULL) {
+ if ((method = ssl_get_method(session->ssl_version)) == NULL) {
SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
return (0);
}
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index 1e926408356..3b848f4b402 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.86 2020/10/03 18:01:55 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -868,7 +868,7 @@ ssl3_get_client_hello(SSL *s)
s->client_version = client_version;
s->version = shared_version;
- if ((method = ssl_get_server_method(shared_version)) == NULL) {
+ if ((method = ssl_get_method(shared_version)) == NULL) {
SSLerror(s, ERR_R_INTERNAL_ERROR);
goto err;
}
diff --git a/lib/libssl/tls13_legacy.c b/lib/libssl/tls13_legacy.c
index e9e17293e12..943e2db9a18 100644
--- a/lib/libssl/tls13_legacy.c
+++ b/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_legacy.c,v 1.15 2020/10/07 10:14:45 tb Exp $ */
+/* $OpenBSD: tls13_legacy.c,v 1.16 2020/10/11 02:22:27 jsing Exp $ */
/*
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
*
@@ -302,6 +302,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
memset(&cbb, 0, sizeof(cbb));
+ s->method = tls_legacy_method();
+
if (!ssl3_setup_init_buffer(s))
goto err;
if (!ssl3_setup_buffers(s))
@@ -359,13 +361,12 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
{
SSL *s = ctx->ssl;
- s->method = tls_legacy_client_method();
- s->internal->handshake_func = s->method->internal->ssl_connect;
- s->client_version = s->version = s->method->internal->max_version;
-
if (!tls13_use_legacy_stack(ctx))
return 0;
+ s->internal->handshake_func = s->method->internal->ssl_connect;
+ s->client_version = s->version = s->method->internal->max_version;
+
S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
return 1;
@@ -376,14 +377,13 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
{
SSL *s = ctx->ssl;
- s->method = tls_legacy_server_method();
+ if (!tls13_use_legacy_stack(ctx))
+ return 0;
+
s->internal->handshake_func = s->method->internal->ssl_accept;
s->client_version = s->version = s->method->internal->max_version;
s->server = 1;
- if (!tls13_use_legacy_stack(ctx))
- return 0;
-
S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
return 1;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.