1 /* $OpenBSD: ssl_methods.c,v 1.10 2020/01/23 05:08:30 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 63 .version = DTLS1_VERSION, 64 .min_version = DTLS1_VERSION, 65 .max_version = DTLS1_VERSION, 66 .ssl_new = dtls1_new, 67 .ssl_clear = dtls1_clear, 68 .ssl_free = dtls1_free, 69 .ssl_accept = ssl_undefined_function, 70 .ssl_connect = ssl3_connect, 71 .ssl_shutdown = ssl3_shutdown, 72 .get_ssl_method = dtls1_get_client_method, 73 .get_timeout = dtls1_default_timeout, 74 .ssl_version = ssl_undefined_void_function, 75 .ssl_renegotiate = ssl3_renegotiate, 76 .ssl_renegotiate_check = ssl3_renegotiate_check, 77 .ssl_get_message = dtls1_get_message, 78 .ssl_pending = ssl3_pending, 79 .ssl_read_bytes = dtls1_read_bytes, 80 .ssl_write_bytes = dtls1_write_app_data_bytes, 81 .ssl3_enc = &DTLSv1_enc_data, 82 }; 83 84 static const SSL_METHOD DTLSv1_client_method_data = { 85 .ssl_dispatch_alert = dtls1_dispatch_alert, 86 .num_ciphers = ssl3_num_ciphers, 87 .get_cipher = dtls1_get_cipher, 88 .get_cipher_by_char = ssl3_get_cipher_by_char, 89 .put_cipher_by_char = ssl3_put_cipher_by_char, 90 .internal = &DTLSv1_client_method_internal_data, 91 }; 92 93 const SSL_METHOD * 94 DTLSv1_client_method(void) 95 { 96 return &DTLSv1_client_method_data; 97 } 98 99 const SSL_METHOD * 100 DTLS_client_method(void) 101 { 102 return DTLSv1_client_method(); 103 } 104 105 const SSL_METHOD * 106 dtls1_get_client_method(int ver) 107 { 108 if (ver == DTLS1_VERSION) 109 return (DTLSv1_client_method()); 110 return (NULL); 111 } 112 113 static const SSL_METHOD *dtls1_get_method(int ver); 114 115 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 116 .version = DTLS1_VERSION, 117 .min_version = DTLS1_VERSION, 118 .max_version = DTLS1_VERSION, 119 .ssl_new = dtls1_new, 120 .ssl_clear = dtls1_clear, 121 .ssl_free = dtls1_free, 122 .ssl_accept = ssl3_accept, 123 .ssl_connect = ssl3_connect, 124 .ssl_shutdown = ssl3_shutdown, 125 .get_ssl_method = dtls1_get_method, 126 .get_timeout = dtls1_default_timeout, 127 .ssl_version = ssl_undefined_void_function, 128 .ssl_renegotiate = ssl3_renegotiate, 129 .ssl_renegotiate_check = ssl3_renegotiate_check, 130 .ssl_get_message = dtls1_get_message, 131 .ssl_pending = ssl3_pending, 132 .ssl_read_bytes = dtls1_read_bytes, 133 .ssl_write_bytes = dtls1_write_app_data_bytes, 134 .ssl3_enc = &DTLSv1_enc_data, 135 }; 136 137 static const SSL_METHOD DTLSv1_method_data = { 138 .ssl_dispatch_alert = dtls1_dispatch_alert, 139 .num_ciphers = ssl3_num_ciphers, 140 .get_cipher = dtls1_get_cipher, 141 .get_cipher_by_char = ssl3_get_cipher_by_char, 142 .put_cipher_by_char = ssl3_put_cipher_by_char, 143 .internal = &DTLSv1_method_internal_data, 144 }; 145 146 const SSL_METHOD * 147 DTLSv1_method(void) 148 { 149 return &DTLSv1_method_data; 150 } 151 152 const SSL_METHOD * 153 DTLS_method(void) 154 { 155 return DTLSv1_method(); 156 } 157 158 static const SSL_METHOD * 159 dtls1_get_method(int ver) 160 { 161 if (ver == DTLS1_VERSION) 162 return (DTLSv1_method()); 163 return (NULL); 164 } 165 166 static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = { 167 .version = DTLS1_VERSION, 168 .min_version = DTLS1_VERSION, 169 .max_version = DTLS1_VERSION, 170 .ssl_new = dtls1_new, 171 .ssl_clear = dtls1_clear, 172 .ssl_free = dtls1_free, 173 .ssl_accept = ssl3_accept, 174 .ssl_connect = ssl_undefined_function, 175 .ssl_shutdown = ssl3_shutdown, 176 .get_ssl_method = dtls1_get_server_method, 177 .get_timeout = dtls1_default_timeout, 178 .ssl_version = ssl_undefined_void_function, 179 .ssl_renegotiate = ssl3_renegotiate, 180 .ssl_renegotiate_check = ssl3_renegotiate_check, 181 .ssl_get_message = dtls1_get_message, 182 .ssl_pending = ssl3_pending, 183 .ssl_read_bytes = dtls1_read_bytes, 184 .ssl_write_bytes = dtls1_write_app_data_bytes, 185 .ssl3_enc = &DTLSv1_enc_data, 186 }; 187 188 static const SSL_METHOD DTLSv1_server_method_data = { 189 .ssl_dispatch_alert = dtls1_dispatch_alert, 190 .num_ciphers = ssl3_num_ciphers, 191 .get_cipher = dtls1_get_cipher, 192 .get_cipher_by_char = ssl3_get_cipher_by_char, 193 .put_cipher_by_char = ssl3_put_cipher_by_char, 194 .internal = &DTLSv1_server_method_internal_data, 195 }; 196 197 const SSL_METHOD * 198 DTLSv1_server_method(void) 199 { 200 return &DTLSv1_server_method_data; 201 } 202 203 const SSL_METHOD * 204 DTLS_server_method(void) 205 { 206 return DTLSv1_server_method(); 207 } 208 209 const SSL_METHOD * 210 dtls1_get_server_method(int ver) 211 { 212 if (ver == DTLS1_VERSION) 213 return (DTLSv1_server_method()); 214 return (NULL); 215 } 216 217 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 218 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 219 .version = TLS1_3_VERSION, 220 .min_version = TLS1_VERSION, 221 .max_version = TLS1_3_VERSION, 222 .ssl_new = tls1_new, 223 .ssl_clear = tls1_clear, 224 .ssl_free = tls1_free, 225 .ssl_accept = ssl_undefined_function, 226 .ssl_connect = tls13_legacy_connect, 227 .ssl_shutdown = tls13_legacy_shutdown, 228 .get_ssl_method = tls1_get_client_method, 229 .get_timeout = tls1_default_timeout, 230 .ssl_version = ssl_undefined_void_function, 231 .ssl_renegotiate = ssl_undefined_function, 232 .ssl_renegotiate_check = ssl_ok, 233 .ssl_get_message = ssl3_get_message, 234 .ssl_pending = tls13_legacy_pending, 235 .ssl_read_bytes = tls13_legacy_read_bytes, 236 .ssl_write_bytes = tls13_legacy_write_bytes, 237 .ssl3_enc = &TLSv1_2_enc_data, 238 }; 239 240 static const SSL_METHOD TLS_client_method_data = { 241 .ssl_dispatch_alert = ssl3_dispatch_alert, 242 .num_ciphers = ssl3_num_ciphers, 243 .get_cipher = ssl3_get_cipher, 244 .get_cipher_by_char = ssl3_get_cipher_by_char, 245 .put_cipher_by_char = ssl3_put_cipher_by_char, 246 .internal = &TLS_client_method_internal_data, 247 }; 248 #endif 249 250 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 251 .version = TLS1_2_VERSION, 252 .min_version = TLS1_VERSION, 253 .max_version = TLS1_2_VERSION, 254 .ssl_new = tls1_new, 255 .ssl_clear = tls1_clear, 256 .ssl_free = tls1_free, 257 .ssl_accept = ssl_undefined_function, 258 .ssl_connect = ssl3_connect, 259 .ssl_shutdown = ssl3_shutdown, 260 .get_ssl_method = tls1_get_client_method, 261 .get_timeout = tls1_default_timeout, 262 .ssl_version = ssl_undefined_void_function, 263 .ssl_renegotiate = ssl_undefined_function, 264 .ssl_renegotiate_check = ssl_ok, 265 .ssl_get_message = ssl3_get_message, 266 .ssl_pending = ssl3_pending, 267 .ssl_read_bytes = ssl3_read_bytes, 268 .ssl_write_bytes = ssl3_write_bytes, 269 .ssl3_enc = &TLSv1_2_enc_data, 270 }; 271 272 static const SSL_METHOD TLS_legacy_client_method_data = { 273 .ssl_dispatch_alert = ssl3_dispatch_alert, 274 .num_ciphers = ssl3_num_ciphers, 275 .get_cipher = ssl3_get_cipher, 276 .get_cipher_by_char = ssl3_get_cipher_by_char, 277 .put_cipher_by_char = ssl3_put_cipher_by_char, 278 .internal = &TLS_legacy_client_method_internal_data, 279 }; 280 281 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 282 .version = TLS1_VERSION, 283 .min_version = TLS1_VERSION, 284 .max_version = TLS1_VERSION, 285 .ssl_new = tls1_new, 286 .ssl_clear = tls1_clear, 287 .ssl_free = tls1_free, 288 .ssl_accept = ssl_undefined_function, 289 .ssl_connect = ssl3_connect, 290 .ssl_shutdown = ssl3_shutdown, 291 .get_ssl_method = tls1_get_client_method, 292 .get_timeout = tls1_default_timeout, 293 .ssl_version = ssl_undefined_void_function, 294 .ssl_renegotiate = ssl3_renegotiate, 295 .ssl_renegotiate_check = ssl3_renegotiate_check, 296 .ssl_get_message = ssl3_get_message, 297 .ssl_pending = ssl3_pending, 298 .ssl_read_bytes = ssl3_read_bytes, 299 .ssl_write_bytes = ssl3_write_bytes, 300 .ssl3_enc = &TLSv1_enc_data, 301 }; 302 303 static const SSL_METHOD TLSv1_client_method_data = { 304 .ssl_dispatch_alert = ssl3_dispatch_alert, 305 .num_ciphers = ssl3_num_ciphers, 306 .get_cipher = ssl3_get_cipher, 307 .get_cipher_by_char = ssl3_get_cipher_by_char, 308 .put_cipher_by_char = ssl3_put_cipher_by_char, 309 .internal = &TLSv1_client_method_internal_data, 310 }; 311 312 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 313 .version = TLS1_1_VERSION, 314 .min_version = TLS1_1_VERSION, 315 .max_version = TLS1_1_VERSION, 316 .ssl_new = tls1_new, 317 .ssl_clear = tls1_clear, 318 .ssl_free = tls1_free, 319 .ssl_accept = ssl_undefined_function, 320 .ssl_connect = ssl3_connect, 321 .ssl_shutdown = ssl3_shutdown, 322 .get_ssl_method = tls1_get_client_method, 323 .get_timeout = tls1_default_timeout, 324 .ssl_version = ssl_undefined_void_function, 325 .ssl_renegotiate = ssl3_renegotiate, 326 .ssl_renegotiate_check = ssl3_renegotiate_check, 327 .ssl_get_message = ssl3_get_message, 328 .ssl_pending = ssl3_pending, 329 .ssl_read_bytes = ssl3_read_bytes, 330 .ssl_write_bytes = ssl3_write_bytes, 331 .ssl3_enc = &TLSv1_1_enc_data, 332 }; 333 334 static const SSL_METHOD TLSv1_1_client_method_data = { 335 .ssl_dispatch_alert = ssl3_dispatch_alert, 336 .num_ciphers = ssl3_num_ciphers, 337 .get_cipher = ssl3_get_cipher, 338 .get_cipher_by_char = ssl3_get_cipher_by_char, 339 .put_cipher_by_char = ssl3_put_cipher_by_char, 340 .internal = &TLSv1_1_client_method_internal_data, 341 }; 342 343 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 344 .version = TLS1_2_VERSION, 345 .min_version = TLS1_2_VERSION, 346 .max_version = TLS1_2_VERSION, 347 .ssl_new = tls1_new, 348 .ssl_clear = tls1_clear, 349 .ssl_free = tls1_free, 350 .ssl_accept = ssl_undefined_function, 351 .ssl_connect = ssl3_connect, 352 .ssl_shutdown = ssl3_shutdown, 353 .get_ssl_method = tls1_get_client_method, 354 .get_timeout = tls1_default_timeout, 355 .ssl_version = ssl_undefined_void_function, 356 .ssl_renegotiate = ssl3_renegotiate, 357 .ssl_renegotiate_check = ssl3_renegotiate_check, 358 .ssl_get_message = ssl3_get_message, 359 .ssl_pending = ssl3_pending, 360 .ssl_read_bytes = ssl3_read_bytes, 361 .ssl_write_bytes = ssl3_write_bytes, 362 .ssl3_enc = &TLSv1_2_enc_data, 363 }; 364 365 static const SSL_METHOD TLSv1_2_client_method_data = { 366 .ssl_dispatch_alert = ssl3_dispatch_alert, 367 .num_ciphers = ssl3_num_ciphers, 368 .get_cipher = ssl3_get_cipher, 369 .get_cipher_by_char = ssl3_get_cipher_by_char, 370 .put_cipher_by_char = ssl3_put_cipher_by_char, 371 .internal = &TLSv1_2_client_method_internal_data, 372 }; 373 374 const SSL_METHOD * 375 tls1_get_client_method(int ver) 376 { 377 if (ver == TLS1_2_VERSION) 378 return (TLSv1_2_client_method()); 379 if (ver == TLS1_1_VERSION) 380 return (TLSv1_1_client_method()); 381 if (ver == TLS1_VERSION) 382 return (TLSv1_client_method()); 383 return (NULL); 384 } 385 386 const SSL_METHOD * 387 SSLv23_client_method(void) 388 { 389 return (TLS_client_method()); 390 } 391 392 const SSL_METHOD * 393 TLS_client_method(void) 394 { 395 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 396 return (&TLS_client_method_data); 397 #else 398 return tls_legacy_client_method(); 399 #endif 400 } 401 402 const SSL_METHOD * 403 tls_legacy_client_method(void) 404 { 405 return (&TLS_legacy_client_method_data); 406 } 407 408 const SSL_METHOD * 409 TLSv1_client_method(void) 410 { 411 return (&TLSv1_client_method_data); 412 } 413 414 const SSL_METHOD * 415 TLSv1_1_client_method(void) 416 { 417 return (&TLSv1_1_client_method_data); 418 } 419 420 const SSL_METHOD * 421 TLSv1_2_client_method(void) 422 { 423 return (&TLSv1_2_client_method_data); 424 } 425 426 static const SSL_METHOD *tls1_get_method(int ver); 427 428 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 429 .version = TLS1_2_VERSION, 430 .min_version = TLS1_VERSION, 431 .max_version = TLS1_2_VERSION, 432 .ssl_new = tls1_new, 433 .ssl_clear = tls1_clear, 434 .ssl_free = tls1_free, 435 .ssl_accept = ssl3_accept, 436 .ssl_connect = ssl3_connect, 437 .ssl_shutdown = ssl3_shutdown, 438 .get_ssl_method = tls1_get_method, 439 .get_timeout = tls1_default_timeout, 440 .ssl_version = ssl_undefined_void_function, 441 .ssl_renegotiate = ssl_undefined_function, 442 .ssl_renegotiate_check = ssl_ok, 443 .ssl_get_message = ssl3_get_message, 444 .ssl_pending = ssl3_pending, 445 .ssl_read_bytes = ssl3_read_bytes, 446 .ssl_write_bytes = ssl3_write_bytes, 447 .ssl3_enc = &TLSv1_2_enc_data, 448 }; 449 450 static const SSL_METHOD TLS_method_data = { 451 .ssl_dispatch_alert = ssl3_dispatch_alert, 452 .num_ciphers = ssl3_num_ciphers, 453 .get_cipher = ssl3_get_cipher, 454 .get_cipher_by_char = ssl3_get_cipher_by_char, 455 .put_cipher_by_char = ssl3_put_cipher_by_char, 456 .internal = &TLS_method_internal_data, 457 }; 458 459 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 460 .version = TLS1_VERSION, 461 .min_version = TLS1_VERSION, 462 .max_version = TLS1_VERSION, 463 .ssl_new = tls1_new, 464 .ssl_clear = tls1_clear, 465 .ssl_free = tls1_free, 466 .ssl_accept = ssl3_accept, 467 .ssl_connect = ssl3_connect, 468 .ssl_shutdown = ssl3_shutdown, 469 .get_ssl_method = tls1_get_method, 470 .get_timeout = tls1_default_timeout, 471 .ssl_version = ssl_undefined_void_function, 472 .ssl_renegotiate = ssl3_renegotiate, 473 .ssl_renegotiate_check = ssl3_renegotiate_check, 474 .ssl_get_message = ssl3_get_message, 475 .ssl_pending = ssl3_pending, 476 .ssl_read_bytes = ssl3_read_bytes, 477 .ssl_write_bytes = ssl3_write_bytes, 478 .ssl3_enc = &TLSv1_enc_data, 479 }; 480 481 static const SSL_METHOD TLSv1_method_data = { 482 .ssl_dispatch_alert = ssl3_dispatch_alert, 483 .num_ciphers = ssl3_num_ciphers, 484 .get_cipher = ssl3_get_cipher, 485 .get_cipher_by_char = ssl3_get_cipher_by_char, 486 .put_cipher_by_char = ssl3_put_cipher_by_char, 487 .internal = &TLSv1_method_internal_data, 488 }; 489 490 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 491 .version = TLS1_1_VERSION, 492 .min_version = TLS1_1_VERSION, 493 .max_version = TLS1_1_VERSION, 494 .ssl_new = tls1_new, 495 .ssl_clear = tls1_clear, 496 .ssl_free = tls1_free, 497 .ssl_accept = ssl3_accept, 498 .ssl_connect = ssl3_connect, 499 .ssl_shutdown = ssl3_shutdown, 500 .get_ssl_method = tls1_get_method, 501 .get_timeout = tls1_default_timeout, 502 .ssl_version = ssl_undefined_void_function, 503 .ssl_renegotiate = ssl3_renegotiate, 504 .ssl_renegotiate_check = ssl3_renegotiate_check, 505 .ssl_get_message = ssl3_get_message, 506 .ssl_pending = ssl3_pending, 507 .ssl_read_bytes = ssl3_read_bytes, 508 .ssl_write_bytes = ssl3_write_bytes, 509 .ssl3_enc = &TLSv1_1_enc_data, 510 }; 511 512 static const SSL_METHOD TLSv1_1_method_data = { 513 .ssl_dispatch_alert = ssl3_dispatch_alert, 514 .num_ciphers = ssl3_num_ciphers, 515 .get_cipher = ssl3_get_cipher, 516 .get_cipher_by_char = ssl3_get_cipher_by_char, 517 .put_cipher_by_char = ssl3_put_cipher_by_char, 518 .internal = &TLSv1_1_method_internal_data, 519 }; 520 521 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 522 .version = TLS1_2_VERSION, 523 .min_version = TLS1_2_VERSION, 524 .max_version = TLS1_2_VERSION, 525 .ssl_new = tls1_new, 526 .ssl_clear = tls1_clear, 527 .ssl_free = tls1_free, 528 .ssl_accept = ssl3_accept, 529 .ssl_connect = ssl3_connect, 530 .ssl_shutdown = ssl3_shutdown, 531 .get_ssl_method = tls1_get_method, 532 .get_timeout = tls1_default_timeout, 533 .ssl_version = ssl_undefined_void_function, 534 .ssl_renegotiate = ssl3_renegotiate, 535 .ssl_renegotiate_check = ssl3_renegotiate_check, 536 .ssl_get_message = ssl3_get_message, 537 .ssl_pending = ssl3_pending, 538 .ssl_read_bytes = ssl3_read_bytes, 539 .ssl_write_bytes = ssl3_write_bytes, 540 .ssl3_enc = &TLSv1_2_enc_data, 541 }; 542 543 static const SSL_METHOD TLSv1_2_method_data = { 544 .ssl_dispatch_alert = ssl3_dispatch_alert, 545 .num_ciphers = ssl3_num_ciphers, 546 .get_cipher = ssl3_get_cipher, 547 .get_cipher_by_char = ssl3_get_cipher_by_char, 548 .put_cipher_by_char = ssl3_put_cipher_by_char, 549 .internal = &TLSv1_2_method_internal_data, 550 }; 551 552 static const SSL_METHOD * 553 tls1_get_method(int ver) 554 { 555 if (ver == TLS1_2_VERSION) 556 return (TLSv1_2_method()); 557 if (ver == TLS1_1_VERSION) 558 return (TLSv1_1_method()); 559 if (ver == TLS1_VERSION) 560 return (TLSv1_method()); 561 return (NULL); 562 } 563 564 const SSL_METHOD * 565 SSLv23_method(void) 566 { 567 return (TLS_method()); 568 } 569 570 const SSL_METHOD * 571 TLS_method(void) 572 { 573 return &TLS_method_data; 574 } 575 576 const SSL_METHOD * 577 TLSv1_method(void) 578 { 579 return (&TLSv1_method_data); 580 } 581 582 const SSL_METHOD * 583 TLSv1_1_method(void) 584 { 585 return (&TLSv1_1_method_data); 586 } 587 588 const SSL_METHOD * 589 TLSv1_2_method(void) 590 { 591 return (&TLSv1_2_method_data); 592 } 593 594 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 595 static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { 596 .version = TLS1_3_VERSION, 597 .min_version = TLS1_VERSION, 598 .max_version = TLS1_3_VERSION, 599 .ssl_new = tls1_new, 600 .ssl_clear = tls1_clear, 601 .ssl_free = tls1_free, 602 .ssl_accept = tls13_legacy_accept, 603 .ssl_connect = ssl_undefined_function, 604 .ssl_shutdown = tls13_legacy_shutdown, 605 .get_ssl_method = tls1_get_server_method, 606 .get_timeout = tls1_default_timeout, 607 .ssl_version = ssl_undefined_void_function, 608 .ssl_renegotiate = ssl_undefined_function, 609 .ssl_renegotiate_check = ssl_ok, 610 .ssl_get_message = ssl3_get_message, 611 .ssl_pending = tls13_legacy_pending, 612 .ssl_read_bytes = tls13_legacy_read_bytes, 613 .ssl_write_bytes = tls13_legacy_write_bytes, 614 .ssl3_enc = &TLSv1_2_enc_data, 615 }; 616 617 static const SSL_METHOD TLS_server_method_data = { 618 .ssl_dispatch_alert = ssl3_dispatch_alert, 619 .num_ciphers = ssl3_num_ciphers, 620 .get_cipher = ssl3_get_cipher, 621 .get_cipher_by_char = ssl3_get_cipher_by_char, 622 .put_cipher_by_char = ssl3_put_cipher_by_char, 623 .internal = &TLS_server_method_internal_data, 624 }; 625 #endif 626 627 static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = { 628 .version = TLS1_2_VERSION, 629 .min_version = TLS1_VERSION, 630 .max_version = TLS1_2_VERSION, 631 .ssl_new = tls1_new, 632 .ssl_clear = tls1_clear, 633 .ssl_free = tls1_free, 634 .ssl_accept = ssl3_accept, 635 .ssl_connect = ssl_undefined_function, 636 .ssl_shutdown = ssl3_shutdown, 637 .get_ssl_method = tls1_get_server_method, 638 .get_timeout = tls1_default_timeout, 639 .ssl_version = ssl_undefined_void_function, 640 .ssl_renegotiate = ssl_undefined_function, 641 .ssl_renegotiate_check = ssl_ok, 642 .ssl_get_message = ssl3_get_message, 643 .ssl_pending = ssl3_pending, 644 .ssl_read_bytes = ssl3_read_bytes, 645 .ssl_write_bytes = ssl3_write_bytes, 646 .ssl3_enc = &TLSv1_2_enc_data, 647 }; 648 649 static const SSL_METHOD TLS_legacy_server_method_data = { 650 .ssl_dispatch_alert = ssl3_dispatch_alert, 651 .num_ciphers = ssl3_num_ciphers, 652 .get_cipher = ssl3_get_cipher, 653 .get_cipher_by_char = ssl3_get_cipher_by_char, 654 .put_cipher_by_char = ssl3_put_cipher_by_char, 655 .internal = &TLS_legacy_server_method_internal_data, 656 }; 657 658 static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = { 659 .version = TLS1_VERSION, 660 .min_version = TLS1_VERSION, 661 .max_version = TLS1_VERSION, 662 .ssl_new = tls1_new, 663 .ssl_clear = tls1_clear, 664 .ssl_free = tls1_free, 665 .ssl_accept = ssl3_accept, 666 .ssl_connect = ssl_undefined_function, 667 .ssl_shutdown = ssl3_shutdown, 668 .get_ssl_method = tls1_get_server_method, 669 .get_timeout = tls1_default_timeout, 670 .ssl_version = ssl_undefined_void_function, 671 .ssl_renegotiate = ssl3_renegotiate, 672 .ssl_renegotiate_check = ssl3_renegotiate_check, 673 .ssl_get_message = ssl3_get_message, 674 .ssl_pending = ssl3_pending, 675 .ssl_read_bytes = ssl3_read_bytes, 676 .ssl_write_bytes = ssl3_write_bytes, 677 .ssl3_enc = &TLSv1_enc_data, 678 }; 679 680 static const SSL_METHOD TLSv1_server_method_data = { 681 .ssl_dispatch_alert = ssl3_dispatch_alert, 682 .num_ciphers = ssl3_num_ciphers, 683 .get_cipher = ssl3_get_cipher, 684 .get_cipher_by_char = ssl3_get_cipher_by_char, 685 .put_cipher_by_char = ssl3_put_cipher_by_char, 686 .internal = &TLSv1_server_method_internal_data, 687 }; 688 689 static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = { 690 .version = TLS1_1_VERSION, 691 .min_version = TLS1_1_VERSION, 692 .max_version = TLS1_1_VERSION, 693 .ssl_new = tls1_new, 694 .ssl_clear = tls1_clear, 695 .ssl_free = tls1_free, 696 .ssl_accept = ssl3_accept, 697 .ssl_connect = ssl_undefined_function, 698 .ssl_shutdown = ssl3_shutdown, 699 .get_ssl_method = tls1_get_server_method, 700 .get_timeout = tls1_default_timeout, 701 .ssl_version = ssl_undefined_void_function, 702 .ssl_renegotiate = ssl3_renegotiate, 703 .ssl_renegotiate_check = ssl3_renegotiate_check, 704 .ssl_get_message = ssl3_get_message, 705 .ssl_pending = ssl3_pending, 706 .ssl_read_bytes = ssl3_read_bytes, 707 .ssl_write_bytes = ssl3_write_bytes, 708 .ssl3_enc = &TLSv1_1_enc_data, 709 }; 710 711 static const SSL_METHOD TLSv1_1_server_method_data = { 712 .ssl_dispatch_alert = ssl3_dispatch_alert, 713 .num_ciphers = ssl3_num_ciphers, 714 .get_cipher = ssl3_get_cipher, 715 .get_cipher_by_char = ssl3_get_cipher_by_char, 716 .put_cipher_by_char = ssl3_put_cipher_by_char, 717 .internal = &TLSv1_1_server_method_internal_data, 718 }; 719 720 static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = { 721 .version = TLS1_2_VERSION, 722 .min_version = TLS1_2_VERSION, 723 .max_version = TLS1_2_VERSION, 724 .ssl_new = tls1_new, 725 .ssl_clear = tls1_clear, 726 .ssl_free = tls1_free, 727 .ssl_accept = ssl3_accept, 728 .ssl_connect = ssl_undefined_function, 729 .ssl_shutdown = ssl3_shutdown, 730 .get_ssl_method = tls1_get_server_method, 731 .get_timeout = tls1_default_timeout, 732 .ssl_version = ssl_undefined_void_function, 733 .ssl_renegotiate = ssl3_renegotiate, 734 .ssl_renegotiate_check = ssl3_renegotiate_check, 735 .ssl_get_message = ssl3_get_message, 736 .ssl_pending = ssl3_pending, 737 .ssl_read_bytes = ssl3_read_bytes, 738 .ssl_write_bytes = ssl3_write_bytes, 739 .ssl3_enc = &TLSv1_2_enc_data, 740 }; 741 742 static const SSL_METHOD TLSv1_2_server_method_data = { 743 .ssl_dispatch_alert = ssl3_dispatch_alert, 744 .num_ciphers = ssl3_num_ciphers, 745 .get_cipher = ssl3_get_cipher, 746 .get_cipher_by_char = ssl3_get_cipher_by_char, 747 .put_cipher_by_char = ssl3_put_cipher_by_char, 748 .internal = &TLSv1_2_server_method_internal_data, 749 }; 750 751 const SSL_METHOD * 752 tls1_get_server_method(int ver) 753 { 754 if (ver == TLS1_2_VERSION) 755 return (TLSv1_2_server_method()); 756 if (ver == TLS1_1_VERSION) 757 return (TLSv1_1_server_method()); 758 if (ver == TLS1_VERSION) 759 return (TLSv1_server_method()); 760 return (NULL); 761 } 762 763 const SSL_METHOD * 764 SSLv23_server_method(void) 765 { 766 return (TLS_server_method()); 767 } 768 769 const SSL_METHOD * 770 TLS_server_method(void) 771 { 772 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 773 return (&TLS_server_method_data); 774 #else 775 return tls_legacy_server_method(); 776 #endif 777 } 778 779 const SSL_METHOD * 780 tls_legacy_server_method(void) 781 { 782 return (&TLS_legacy_server_method_data); 783 } 784 785 const SSL_METHOD * 786 TLSv1_server_method(void) 787 { 788 return (&TLSv1_server_method_data); 789 } 790 791 const SSL_METHOD * 792 TLSv1_1_server_method(void) 793 { 794 return (&TLSv1_1_server_method_data); 795 } 796 797 const SSL_METHOD * 798 TLSv1_2_server_method(void) 799 { 800 return (&TLSv1_2_server_method_data); 801 } 802