From a48e0ded4866e9e70a11237bb5a76c53453b830d Mon Sep 17 00:00:00 2001 From: jsing Date: Sat, 20 Feb 2021 08:33:17 +0000 Subject: [PATCH] Add DTLSv1.2 methods. These are currently guarded by LIBRESSL_HAS_DTLS1_2 and LIBRESSL_INTERNAL. ok tb@ --- lib/libssl/ssl.h | 8 +- lib/libssl/ssl_methods.c | 154 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 159 insertions(+), 3 deletions(-) diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h index ec9544acc5f..e7ff6cec2a0 100644 --- a/lib/libssl/ssl.h +++ b/lib/libssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.181 2021/02/20 08:11:57 jsing Exp $ */ +/* $OpenBSD: ssl.h,v 1.182 2021/02/20 08:33:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1528,6 +1528,12 @@ const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ +#if defined(LIBRESSL_HAS_DTLS1_2) || defined(LIBRESSL_INTERNAL) +const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ +#endif + const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */ const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */ const SSL_METHOD *DTLS_client_method(void); /* DTLS v1.0 or later */ diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index ea67403d5d5..ae532ba16de 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.21 2020/12/01 07:46:02 tb Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.22 2021/02/20 08:33:17 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,66 @@ #include "ssl_locl.h" #include "tls13_internal.h" +#ifdef LIBRESSL_HAS_DTLS1_2 +static const SSL_METHOD_INTERNAL DTLS_method_internal_data = { + .dtls = 1, + .server = 1, + .version = DTLS1_2_VERSION, + .min_version = DTLS1_VERSION, + .max_version = DTLS1_2_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl3_accept, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, + .enc_flags = TLSV1_2_ENC_FLAGS, +}; + +static const SSL_METHOD DTLS_method_data = { + .ssl_dispatch_alert = dtls1_dispatch_alert, + .num_ciphers = ssl3_num_ciphers, + .get_cipher = dtls1_get_cipher, + .get_cipher_by_char = ssl3_get_cipher_by_char, + .put_cipher_by_char = ssl3_put_cipher_by_char, + .internal = &DTLS_method_internal_data, +}; + +static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = { + .dtls = 1, + .server = 0, + .version = DTLS1_2_VERSION, + .min_version = DTLS1_VERSION, + .max_version = DTLS1_2_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, + .enc_flags = TLSV1_2_ENC_FLAGS, +}; + +static const SSL_METHOD DTLS_client_method_data = { + .ssl_dispatch_alert = dtls1_dispatch_alert, + .num_ciphers = ssl3_num_ciphers, + .get_cipher = dtls1_get_cipher, + .get_cipher_by_char = ssl3_get_cipher_by_char, + .put_cipher_by_char = ssl3_put_cipher_by_char, + .internal = &DTLS_client_method_internal_data, +}; +#endif + static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { .dtls = 1, .server = 1, @@ -117,6 +177,64 @@ static const SSL_METHOD DTLSv1_client_method_data = { .internal = &DTLSv1_client_method_internal_data, }; +static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = { + .dtls = 1, + .server = 1, + .version = DTLS1_2_VERSION, + .min_version = DTLS1_2_VERSION, + .max_version = DTLS1_2_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl3_accept, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, + .enc_flags = TLSV1_2_ENC_FLAGS, +}; + +static const SSL_METHOD DTLSv1_2_method_data = { + .ssl_dispatch_alert = dtls1_dispatch_alert, + .num_ciphers = ssl3_num_ciphers, + .get_cipher = dtls1_get_cipher, + .get_cipher_by_char = ssl3_get_cipher_by_char, + .put_cipher_by_char = ssl3_put_cipher_by_char, + .internal = &DTLSv1_2_method_internal_data, +}; + +static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = { + .dtls = 1, + .server = 0, + .version = DTLS1_2_VERSION, + .min_version = DTLS1_2_VERSION, + .max_version = DTLS1_2_VERSION, + .ssl_new = dtls1_new, + .ssl_clear = dtls1_clear, + .ssl_free = dtls1_free, + .ssl_accept = ssl_undefined_function, + .ssl_connect = ssl3_connect, + .ssl_shutdown = ssl3_shutdown, + .ssl_renegotiate = ssl3_renegotiate, + .ssl_renegotiate_check = ssl3_renegotiate_check, + .ssl_pending = ssl3_pending, + .ssl_read_bytes = dtls1_read_bytes, + .ssl_write_bytes = dtls1_write_app_data_bytes, + .enc_flags = TLSV1_2_ENC_FLAGS, +}; + +static const SSL_METHOD DTLSv1_2_client_method_data = { + .ssl_dispatch_alert = dtls1_dispatch_alert, + .num_ciphers = ssl3_num_ciphers, + .get_cipher = dtls1_get_cipher, + .get_cipher_by_char = ssl3_get_cipher_by_char, + .put_cipher_by_char = ssl3_put_cipher_by_char, + .internal = &DTLSv1_2_client_method_internal_data, +}; + const SSL_METHOD * DTLSv1_client_method(void) { @@ -135,22 +253,52 @@ DTLSv1_server_method(void) return &DTLSv1_method_data; } +const SSL_METHOD * +DTLSv1_2_client_method(void) +{ + return &DTLSv1_2_client_method_data; +} + +const SSL_METHOD * +DTLSv1_2_method(void) +{ + return &DTLSv1_2_method_data; +} + +const SSL_METHOD * +DTLSv1_2_server_method(void) +{ + return &DTLSv1_2_method_data; +} + const SSL_METHOD * DTLS_client_method(void) { +#ifdef LIBRESSL_HAS_DTLS1_2 + return &DTLS_client_method_data; +#else return DTLSv1_client_method(); +#endif } const SSL_METHOD * DTLS_method(void) { +#ifdef LIBRESSL_HAS_DTLS1_2 + return &DTLS_method_data; +#else return DTLSv1_method(); +#endif } const SSL_METHOD * DTLS_server_method(void) { - return DTLSv1_method(); +#ifdef LIBRESSL_HAS_DTLS1_2 + return &DTLS_method_data; +#else + return DTLSv1_server_method(); +#endif } #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) @@ -566,6 +714,8 @@ ssl_get_method(uint16_t version) return (TLSv1_method()); if (version == DTLS1_VERSION) return (DTLSv1_method()); + if (version == DTLS1_2_VERSION) + return (DTLSv1_2_method()); return (NULL); } -- 2.20.1