1*9fef1c44Sjsing /* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */ 29158af98Sjsing /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 39158af98Sjsing * All rights reserved. 49158af98Sjsing * 59158af98Sjsing * This package is an SSL implementation written 69158af98Sjsing * by Eric Young (eay@cryptsoft.com). 79158af98Sjsing * The implementation was written so as to conform with Netscapes SSL. 89158af98Sjsing * 99158af98Sjsing * This library is free for commercial and non-commercial use as long as 109158af98Sjsing * the following conditions are aheared to. The following conditions 119158af98Sjsing * apply to all code found in this distribution, be it the RC4, RSA, 129158af98Sjsing * lhash, DES, etc., code; not just the SSL code. The SSL documentation 139158af98Sjsing * included with this distribution is covered by the same copyright terms 149158af98Sjsing * except that the holder is Tim Hudson (tjh@cryptsoft.com). 159158af98Sjsing * 169158af98Sjsing * Copyright remains Eric Young's, and as such any Copyright notices in 179158af98Sjsing * the code are not to be removed. 189158af98Sjsing * If this package is used in a product, Eric Young should be given attribution 199158af98Sjsing * as the author of the parts of the library used. 209158af98Sjsing * This can be in the form of a textual message at program startup or 219158af98Sjsing * in documentation (online or textual) provided with the package. 229158af98Sjsing * 239158af98Sjsing * Redistribution and use in source and binary forms, with or without 249158af98Sjsing * modification, are permitted provided that the following conditions 259158af98Sjsing * are met: 269158af98Sjsing * 1. Redistributions of source code must retain the copyright 279158af98Sjsing * notice, this list of conditions and the following disclaimer. 289158af98Sjsing * 2. Redistributions in binary form must reproduce the above copyright 299158af98Sjsing * notice, this list of conditions and the following disclaimer in the 309158af98Sjsing * documentation and/or other materials provided with the distribution. 319158af98Sjsing * 3. All advertising materials mentioning features or use of this software 329158af98Sjsing * must display the following acknowledgement: 339158af98Sjsing * "This product includes cryptographic software written by 349158af98Sjsing * Eric Young (eay@cryptsoft.com)" 359158af98Sjsing * The word 'cryptographic' can be left out if the rouines from the library 369158af98Sjsing * being used are not cryptographic related :-). 379158af98Sjsing * 4. If you include any Windows specific code (or a derivative thereof) from 389158af98Sjsing * the apps directory (application code) you must include an acknowledgement: 399158af98Sjsing * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 409158af98Sjsing * 419158af98Sjsing * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 429158af98Sjsing * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 439158af98Sjsing * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 449158af98Sjsing * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 459158af98Sjsing * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 469158af98Sjsing * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 479158af98Sjsing * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 489158af98Sjsing * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 499158af98Sjsing * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 509158af98Sjsing * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 519158af98Sjsing * SUCH DAMAGE. 529158af98Sjsing * 539158af98Sjsing * The licence and distribution terms for any publically available version or 549158af98Sjsing * derivative of this code cannot be changed. i.e. this code cannot simply be 559158af98Sjsing * copied and put under another distribution licence 569158af98Sjsing * [including the GNU Public Licence.] 579158af98Sjsing */ 589158af98Sjsing 599158af98Sjsing #include "ssl_locl.h" 60efee3f2fSjsing #include "tls13_internal.h" 619158af98Sjsing 629158af98Sjsing static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 639158af98Sjsing .version = DTLS1_VERSION, 649158af98Sjsing .min_version = DTLS1_VERSION, 659158af98Sjsing .max_version = DTLS1_VERSION, 669158af98Sjsing .ssl_new = dtls1_new, 679158af98Sjsing .ssl_clear = dtls1_clear, 689158af98Sjsing .ssl_free = dtls1_free, 699158af98Sjsing .ssl_accept = ssl3_accept, 709158af98Sjsing .ssl_connect = ssl3_connect, 711a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 729158af98Sjsing .ssl_renegotiate = ssl3_renegotiate, 739158af98Sjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 748dc90bbaSjsing .ssl_pending = ssl3_pending, 759158af98Sjsing .ssl_read_bytes = dtls1_read_bytes, 769158af98Sjsing .ssl_write_bytes = dtls1_write_app_data_bytes, 7758d5599bSjsing .ssl3_enc = &TLSv1_1_enc_data, 789158af98Sjsing }; 799158af98Sjsing 809158af98Sjsing static const SSL_METHOD DTLSv1_method_data = { 819158af98Sjsing .ssl_dispatch_alert = dtls1_dispatch_alert, 829158af98Sjsing .num_ciphers = ssl3_num_ciphers, 839158af98Sjsing .get_cipher = dtls1_get_cipher, 849158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 859158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 869158af98Sjsing .internal = &DTLSv1_method_internal_data, 879158af98Sjsing }; 889158af98Sjsing 899158af98Sjsing const SSL_METHOD * 90*9fef1c44Sjsing DTLSv1_client_method(void) 91*9fef1c44Sjsing { 92*9fef1c44Sjsing return &DTLSv1_method_data; 93*9fef1c44Sjsing } 94*9fef1c44Sjsing 95*9fef1c44Sjsing const SSL_METHOD * 969158af98Sjsing DTLSv1_method(void) 979158af98Sjsing { 989158af98Sjsing return &DTLSv1_method_data; 999158af98Sjsing } 1009158af98Sjsing 10171023d34Sjsing const SSL_METHOD * 102*9fef1c44Sjsing DTLSv1_server_method(void) 103*9fef1c44Sjsing { 104*9fef1c44Sjsing return &DTLSv1_method_data; 105*9fef1c44Sjsing } 106*9fef1c44Sjsing 107*9fef1c44Sjsing const SSL_METHOD * 108*9fef1c44Sjsing DTLS_client_method(void) 109*9fef1c44Sjsing { 110*9fef1c44Sjsing return DTLSv1_method(); 111*9fef1c44Sjsing } 112*9fef1c44Sjsing 113*9fef1c44Sjsing const SSL_METHOD * 11471023d34Sjsing DTLS_method(void) 11571023d34Sjsing { 11671023d34Sjsing return DTLSv1_method(); 11771023d34Sjsing } 11871023d34Sjsing 1199158af98Sjsing const SSL_METHOD * 12071023d34Sjsing DTLS_server_method(void) 12171023d34Sjsing { 122*9fef1c44Sjsing return DTLSv1_method(); 1239158af98Sjsing } 1249158af98Sjsing 12594149d15Sjsing #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 1269158af98Sjsing static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 12794149d15Sjsing .version = TLS1_3_VERSION, 12894149d15Sjsing .min_version = TLS1_VERSION, 12994149d15Sjsing .max_version = TLS1_3_VERSION, 13094149d15Sjsing .ssl_new = tls1_new, 13194149d15Sjsing .ssl_clear = tls1_clear, 13294149d15Sjsing .ssl_free = tls1_free, 13394149d15Sjsing .ssl_accept = tls13_legacy_accept, 13494149d15Sjsing .ssl_connect = tls13_legacy_connect, 13594149d15Sjsing .ssl_shutdown = tls13_legacy_shutdown, 13694149d15Sjsing .ssl_renegotiate = ssl_undefined_function, 13794149d15Sjsing .ssl_renegotiate_check = ssl_ok, 13894149d15Sjsing .ssl_pending = tls13_legacy_pending, 13994149d15Sjsing .ssl_read_bytes = tls13_legacy_read_bytes, 14094149d15Sjsing .ssl_write_bytes = tls13_legacy_write_bytes, 14194149d15Sjsing .ssl3_enc = &TLSv1_3_enc_data, 14294149d15Sjsing }; 14394149d15Sjsing 14494149d15Sjsing static const SSL_METHOD TLS_method_data = { 14594149d15Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 14694149d15Sjsing .num_ciphers = ssl3_num_ciphers, 14794149d15Sjsing .get_cipher = ssl3_get_cipher, 14894149d15Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 14994149d15Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 15094149d15Sjsing .internal = &TLS_method_internal_data, 15194149d15Sjsing }; 15294149d15Sjsing #endif 15394149d15Sjsing 15494149d15Sjsing static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 1559158af98Sjsing .version = TLS1_2_VERSION, 1569158af98Sjsing .min_version = TLS1_VERSION, 1579158af98Sjsing .max_version = TLS1_2_VERSION, 1589158af98Sjsing .ssl_new = tls1_new, 1599158af98Sjsing .ssl_clear = tls1_clear, 1609158af98Sjsing .ssl_free = tls1_free, 1619158af98Sjsing .ssl_accept = ssl3_accept, 1629158af98Sjsing .ssl_connect = ssl3_connect, 1631a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 1649158af98Sjsing .ssl_renegotiate = ssl_undefined_function, 1659158af98Sjsing .ssl_renegotiate_check = ssl_ok, 1668dc90bbaSjsing .ssl_pending = ssl3_pending, 1679158af98Sjsing .ssl_read_bytes = ssl3_read_bytes, 1689158af98Sjsing .ssl_write_bytes = ssl3_write_bytes, 1699158af98Sjsing .ssl3_enc = &TLSv1_2_enc_data, 1709158af98Sjsing }; 1719158af98Sjsing 17294149d15Sjsing static const SSL_METHOD TLS_legacy_method_data = { 1739158af98Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 1749158af98Sjsing .num_ciphers = ssl3_num_ciphers, 1759158af98Sjsing .get_cipher = ssl3_get_cipher, 1769158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 1779158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 17894149d15Sjsing .internal = &TLS_legacy_method_internal_data, 1799158af98Sjsing }; 1809158af98Sjsing 1819158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 1829158af98Sjsing .version = TLS1_VERSION, 1839158af98Sjsing .min_version = TLS1_VERSION, 1849158af98Sjsing .max_version = TLS1_VERSION, 1859158af98Sjsing .ssl_new = tls1_new, 1869158af98Sjsing .ssl_clear = tls1_clear, 1879158af98Sjsing .ssl_free = tls1_free, 1889158af98Sjsing .ssl_accept = ssl3_accept, 1899158af98Sjsing .ssl_connect = ssl3_connect, 1901a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 1919158af98Sjsing .ssl_renegotiate = ssl3_renegotiate, 1929158af98Sjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 1938dc90bbaSjsing .ssl_pending = ssl3_pending, 1949158af98Sjsing .ssl_read_bytes = ssl3_read_bytes, 1959158af98Sjsing .ssl_write_bytes = ssl3_write_bytes, 1969158af98Sjsing .ssl3_enc = &TLSv1_enc_data, 1979158af98Sjsing }; 1989158af98Sjsing 1999158af98Sjsing static const SSL_METHOD TLSv1_method_data = { 2009158af98Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 2019158af98Sjsing .num_ciphers = ssl3_num_ciphers, 2029158af98Sjsing .get_cipher = ssl3_get_cipher, 2039158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 2049158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 2059158af98Sjsing .internal = &TLSv1_method_internal_data, 2069158af98Sjsing }; 2079158af98Sjsing 2089158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 2099158af98Sjsing .version = TLS1_1_VERSION, 2109158af98Sjsing .min_version = TLS1_1_VERSION, 2119158af98Sjsing .max_version = TLS1_1_VERSION, 2129158af98Sjsing .ssl_new = tls1_new, 2139158af98Sjsing .ssl_clear = tls1_clear, 2149158af98Sjsing .ssl_free = tls1_free, 2159158af98Sjsing .ssl_accept = ssl3_accept, 2169158af98Sjsing .ssl_connect = ssl3_connect, 2171a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 2189158af98Sjsing .ssl_renegotiate = ssl3_renegotiate, 2199158af98Sjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 2208dc90bbaSjsing .ssl_pending = ssl3_pending, 2219158af98Sjsing .ssl_read_bytes = ssl3_read_bytes, 2229158af98Sjsing .ssl_write_bytes = ssl3_write_bytes, 2239158af98Sjsing .ssl3_enc = &TLSv1_1_enc_data, 2249158af98Sjsing }; 2259158af98Sjsing 2269158af98Sjsing static const SSL_METHOD TLSv1_1_method_data = { 2279158af98Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 2289158af98Sjsing .num_ciphers = ssl3_num_ciphers, 2299158af98Sjsing .get_cipher = ssl3_get_cipher, 2309158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 2319158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 2329158af98Sjsing .internal = &TLSv1_1_method_internal_data, 2339158af98Sjsing }; 2349158af98Sjsing 2359158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 2369158af98Sjsing .version = TLS1_2_VERSION, 2379158af98Sjsing .min_version = TLS1_2_VERSION, 2389158af98Sjsing .max_version = TLS1_2_VERSION, 2399158af98Sjsing .ssl_new = tls1_new, 2409158af98Sjsing .ssl_clear = tls1_clear, 2419158af98Sjsing .ssl_free = tls1_free, 2429158af98Sjsing .ssl_accept = ssl3_accept, 2439158af98Sjsing .ssl_connect = ssl3_connect, 2441a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 2459158af98Sjsing .ssl_renegotiate = ssl3_renegotiate, 2469158af98Sjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 2478dc90bbaSjsing .ssl_pending = ssl3_pending, 2489158af98Sjsing .ssl_read_bytes = ssl3_read_bytes, 2499158af98Sjsing .ssl_write_bytes = ssl3_write_bytes, 2509158af98Sjsing .ssl3_enc = &TLSv1_2_enc_data, 2519158af98Sjsing }; 2529158af98Sjsing 2539158af98Sjsing static const SSL_METHOD TLSv1_2_method_data = { 2549158af98Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 2559158af98Sjsing .num_ciphers = ssl3_num_ciphers, 2569158af98Sjsing .get_cipher = ssl3_get_cipher, 2579158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 2589158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 2599158af98Sjsing .internal = &TLSv1_2_method_internal_data, 2609158af98Sjsing }; 2619158af98Sjsing 2629158af98Sjsing const SSL_METHOD * 263*9fef1c44Sjsing TLS_client_method(void) 2649158af98Sjsing { 265*9fef1c44Sjsing return TLS_method(); 2669158af98Sjsing } 2679158af98Sjsing 2689158af98Sjsing const SSL_METHOD * 2699158af98Sjsing TLS_method(void) 2709158af98Sjsing { 27194149d15Sjsing #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 27294149d15Sjsing return (&TLS_method_data); 27394149d15Sjsing #else 27494149d15Sjsing return tls_legacy_method(); 27594149d15Sjsing #endif 27694149d15Sjsing } 27794149d15Sjsing 27894149d15Sjsing const SSL_METHOD * 279*9fef1c44Sjsing TLS_server_method(void) 280*9fef1c44Sjsing { 281*9fef1c44Sjsing return TLS_method(); 282*9fef1c44Sjsing } 283*9fef1c44Sjsing 284*9fef1c44Sjsing const SSL_METHOD * 28594149d15Sjsing tls_legacy_method(void) 28694149d15Sjsing { 28794149d15Sjsing return (&TLS_legacy_method_data); 2889158af98Sjsing } 2899158af98Sjsing 2909158af98Sjsing const SSL_METHOD * 291*9fef1c44Sjsing SSLv23_client_method(void) 292*9fef1c44Sjsing { 293*9fef1c44Sjsing return TLS_method(); 294*9fef1c44Sjsing } 295*9fef1c44Sjsing 296*9fef1c44Sjsing const SSL_METHOD * 297*9fef1c44Sjsing SSLv23_method(void) 298*9fef1c44Sjsing { 299*9fef1c44Sjsing return TLS_method(); 300*9fef1c44Sjsing } 301*9fef1c44Sjsing 302*9fef1c44Sjsing const SSL_METHOD * 303*9fef1c44Sjsing SSLv23_server_method(void) 304*9fef1c44Sjsing { 305*9fef1c44Sjsing return TLS_method(); 306*9fef1c44Sjsing } 307*9fef1c44Sjsing 308*9fef1c44Sjsing const SSL_METHOD * 309*9fef1c44Sjsing TLSv1_client_method(void) 310*9fef1c44Sjsing { 311*9fef1c44Sjsing return (&TLSv1_method_data); 312*9fef1c44Sjsing } 313*9fef1c44Sjsing 314*9fef1c44Sjsing const SSL_METHOD * 3159158af98Sjsing TLSv1_method(void) 3169158af98Sjsing { 3179158af98Sjsing return (&TLSv1_method_data); 3189158af98Sjsing } 3199158af98Sjsing 3209158af98Sjsing const SSL_METHOD * 321*9fef1c44Sjsing TLSv1_server_method(void) 322*9fef1c44Sjsing { 323*9fef1c44Sjsing return (&TLSv1_method_data); 324*9fef1c44Sjsing } 325*9fef1c44Sjsing 326*9fef1c44Sjsing const SSL_METHOD * 327*9fef1c44Sjsing TLSv1_1_client_method(void) 328*9fef1c44Sjsing { 329*9fef1c44Sjsing return (&TLSv1_1_method_data); 330*9fef1c44Sjsing } 331*9fef1c44Sjsing 332*9fef1c44Sjsing const SSL_METHOD * 3339158af98Sjsing TLSv1_1_method(void) 3349158af98Sjsing { 3359158af98Sjsing return (&TLSv1_1_method_data); 3369158af98Sjsing } 3379158af98Sjsing 3389158af98Sjsing const SSL_METHOD * 339*9fef1c44Sjsing TLSv1_1_server_method(void) 340*9fef1c44Sjsing { 341*9fef1c44Sjsing return (&TLSv1_1_method_data); 342*9fef1c44Sjsing } 343*9fef1c44Sjsing 344*9fef1c44Sjsing const SSL_METHOD * 345*9fef1c44Sjsing TLSv1_2_client_method(void) 346*9fef1c44Sjsing { 347*9fef1c44Sjsing return (&TLSv1_2_method_data); 348*9fef1c44Sjsing } 349*9fef1c44Sjsing 350*9fef1c44Sjsing const SSL_METHOD * 3519158af98Sjsing TLSv1_2_method(void) 3529158af98Sjsing { 3539158af98Sjsing return (&TLSv1_2_method_data); 3549158af98Sjsing } 3559158af98Sjsing 3569158af98Sjsing const SSL_METHOD * 3579158af98Sjsing TLSv1_2_server_method(void) 3589158af98Sjsing { 359*9fef1c44Sjsing return (&TLSv1_2_method_data); 3609158af98Sjsing } 361bfc125deSjsing 362bfc125deSjsing const SSL_METHOD * 363*9fef1c44Sjsing ssl_get_method(uint16_t version) 364bfc125deSjsing { 365bfc125deSjsing if (version == TLS1_3_VERSION) 366*9fef1c44Sjsing return (TLS_method()); 367bfc125deSjsing if (version == TLS1_2_VERSION) 368*9fef1c44Sjsing return (TLSv1_2_method()); 369bfc125deSjsing if (version == TLS1_1_VERSION) 370*9fef1c44Sjsing return (TLSv1_1_method()); 371bfc125deSjsing if (version == TLS1_VERSION) 372*9fef1c44Sjsing return (TLSv1_method()); 373bfc125deSjsing if (version == DTLS1_VERSION) 374*9fef1c44Sjsing return (DTLSv1_method()); 375bfc125deSjsing 376bfc125deSjsing return (NULL); 377bfc125deSjsing } 378