1 /* $OpenBSD: ssl_methods.c,v 1.13 2020/07/07 19:24:23 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 63 .version = DTLS1_VERSION, 64 .min_version = DTLS1_VERSION, 65 .max_version = DTLS1_VERSION, 66 .ssl_new = dtls1_new, 67 .ssl_clear = dtls1_clear, 68 .ssl_free = dtls1_free, 69 .ssl_accept = ssl_undefined_function, 70 .ssl_connect = ssl3_connect, 71 .ssl_shutdown = ssl3_shutdown, 72 .get_ssl_method = dtls1_get_client_method, 73 .get_timeout = dtls1_default_timeout, 74 .ssl_version = ssl_undefined_void_function, 75 .ssl_renegotiate = ssl3_renegotiate, 76 .ssl_renegotiate_check = ssl3_renegotiate_check, 77 .ssl_pending = ssl3_pending, 78 .ssl_read_bytes = dtls1_read_bytes, 79 .ssl_write_bytes = dtls1_write_app_data_bytes, 80 .ssl3_enc = &DTLSv1_enc_data, 81 }; 82 83 static const SSL_METHOD DTLSv1_client_method_data = { 84 .ssl_dispatch_alert = dtls1_dispatch_alert, 85 .num_ciphers = ssl3_num_ciphers, 86 .get_cipher = dtls1_get_cipher, 87 .get_cipher_by_char = ssl3_get_cipher_by_char, 88 .put_cipher_by_char = ssl3_put_cipher_by_char, 89 .internal = &DTLSv1_client_method_internal_data, 90 }; 91 92 const SSL_METHOD * 93 DTLSv1_client_method(void) 94 { 95 return &DTLSv1_client_method_data; 96 } 97 98 const SSL_METHOD * 99 DTLS_client_method(void) 100 { 101 return DTLSv1_client_method(); 102 } 103 104 const SSL_METHOD * 105 dtls1_get_client_method(int ver) 106 { 107 if (ver == DTLS1_VERSION) 108 return (DTLSv1_client_method()); 109 return (NULL); 110 } 111 112 static const SSL_METHOD *dtls1_get_method(int ver); 113 114 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 115 .version = DTLS1_VERSION, 116 .min_version = DTLS1_VERSION, 117 .max_version = DTLS1_VERSION, 118 .ssl_new = dtls1_new, 119 .ssl_clear = dtls1_clear, 120 .ssl_free = dtls1_free, 121 .ssl_accept = ssl3_accept, 122 .ssl_connect = ssl3_connect, 123 .ssl_shutdown = ssl3_shutdown, 124 .get_ssl_method = dtls1_get_method, 125 .get_timeout = dtls1_default_timeout, 126 .ssl_version = ssl_undefined_void_function, 127 .ssl_renegotiate = ssl3_renegotiate, 128 .ssl_renegotiate_check = ssl3_renegotiate_check, 129 .ssl_pending = ssl3_pending, 130 .ssl_read_bytes = dtls1_read_bytes, 131 .ssl_write_bytes = dtls1_write_app_data_bytes, 132 .ssl3_enc = &DTLSv1_enc_data, 133 }; 134 135 static const SSL_METHOD DTLSv1_method_data = { 136 .ssl_dispatch_alert = dtls1_dispatch_alert, 137 .num_ciphers = ssl3_num_ciphers, 138 .get_cipher = dtls1_get_cipher, 139 .get_cipher_by_char = ssl3_get_cipher_by_char, 140 .put_cipher_by_char = ssl3_put_cipher_by_char, 141 .internal = &DTLSv1_method_internal_data, 142 }; 143 144 const SSL_METHOD * 145 DTLSv1_method(void) 146 { 147 return &DTLSv1_method_data; 148 } 149 150 const SSL_METHOD * 151 DTLS_method(void) 152 { 153 return DTLSv1_method(); 154 } 155 156 static const SSL_METHOD * 157 dtls1_get_method(int ver) 158 { 159 if (ver == DTLS1_VERSION) 160 return (DTLSv1_method()); 161 return (NULL); 162 } 163 164 static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = { 165 .version = DTLS1_VERSION, 166 .min_version = DTLS1_VERSION, 167 .max_version = DTLS1_VERSION, 168 .ssl_new = dtls1_new, 169 .ssl_clear = dtls1_clear, 170 .ssl_free = dtls1_free, 171 .ssl_accept = ssl3_accept, 172 .ssl_connect = ssl_undefined_function, 173 .ssl_shutdown = ssl3_shutdown, 174 .get_ssl_method = dtls1_get_server_method, 175 .get_timeout = dtls1_default_timeout, 176 .ssl_version = ssl_undefined_void_function, 177 .ssl_renegotiate = ssl3_renegotiate, 178 .ssl_renegotiate_check = ssl3_renegotiate_check, 179 .ssl_pending = ssl3_pending, 180 .ssl_read_bytes = dtls1_read_bytes, 181 .ssl_write_bytes = dtls1_write_app_data_bytes, 182 .ssl3_enc = &DTLSv1_enc_data, 183 }; 184 185 static const SSL_METHOD DTLSv1_server_method_data = { 186 .ssl_dispatch_alert = dtls1_dispatch_alert, 187 .num_ciphers = ssl3_num_ciphers, 188 .get_cipher = dtls1_get_cipher, 189 .get_cipher_by_char = ssl3_get_cipher_by_char, 190 .put_cipher_by_char = ssl3_put_cipher_by_char, 191 .internal = &DTLSv1_server_method_internal_data, 192 }; 193 194 const SSL_METHOD * 195 DTLSv1_server_method(void) 196 { 197 return &DTLSv1_server_method_data; 198 } 199 200 const SSL_METHOD * 201 DTLS_server_method(void) 202 { 203 return DTLSv1_server_method(); 204 } 205 206 const SSL_METHOD * 207 dtls1_get_server_method(int ver) 208 { 209 if (ver == DTLS1_VERSION) 210 return (DTLSv1_server_method()); 211 return (NULL); 212 } 213 214 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 215 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 216 .version = TLS1_3_VERSION, 217 .min_version = TLS1_VERSION, 218 .max_version = TLS1_3_VERSION, 219 .ssl_new = tls1_new, 220 .ssl_clear = tls1_clear, 221 .ssl_free = tls1_free, 222 .ssl_accept = ssl_undefined_function, 223 .ssl_connect = tls13_legacy_connect, 224 .ssl_shutdown = tls13_legacy_shutdown, 225 .get_ssl_method = tls1_get_client_method, 226 .get_timeout = tls1_default_timeout, 227 .ssl_version = ssl_undefined_void_function, 228 .ssl_renegotiate = ssl_undefined_function, 229 .ssl_renegotiate_check = ssl_ok, 230 .ssl_pending = tls13_legacy_pending, 231 .ssl_read_bytes = tls13_legacy_read_bytes, 232 .ssl_write_bytes = tls13_legacy_write_bytes, 233 .ssl3_enc = &TLSv1_3_enc_data, 234 }; 235 236 static const SSL_METHOD TLS_client_method_data = { 237 .ssl_dispatch_alert = ssl3_dispatch_alert, 238 .num_ciphers = ssl3_num_ciphers, 239 .get_cipher = ssl3_get_cipher, 240 .get_cipher_by_char = ssl3_get_cipher_by_char, 241 .put_cipher_by_char = ssl3_put_cipher_by_char, 242 .internal = &TLS_client_method_internal_data, 243 }; 244 #endif 245 246 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 247 .version = TLS1_2_VERSION, 248 .min_version = TLS1_VERSION, 249 .max_version = TLS1_2_VERSION, 250 .ssl_new = tls1_new, 251 .ssl_clear = tls1_clear, 252 .ssl_free = tls1_free, 253 .ssl_accept = ssl_undefined_function, 254 .ssl_connect = ssl3_connect, 255 .ssl_shutdown = ssl3_shutdown, 256 .get_ssl_method = tls1_get_client_method, 257 .get_timeout = tls1_default_timeout, 258 .ssl_version = ssl_undefined_void_function, 259 .ssl_renegotiate = ssl_undefined_function, 260 .ssl_renegotiate_check = ssl_ok, 261 .ssl_pending = ssl3_pending, 262 .ssl_read_bytes = ssl3_read_bytes, 263 .ssl_write_bytes = ssl3_write_bytes, 264 .ssl3_enc = &TLSv1_2_enc_data, 265 }; 266 267 static const SSL_METHOD TLS_legacy_client_method_data = { 268 .ssl_dispatch_alert = ssl3_dispatch_alert, 269 .num_ciphers = ssl3_num_ciphers, 270 .get_cipher = ssl3_get_cipher, 271 .get_cipher_by_char = ssl3_get_cipher_by_char, 272 .put_cipher_by_char = ssl3_put_cipher_by_char, 273 .internal = &TLS_legacy_client_method_internal_data, 274 }; 275 276 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 277 .version = TLS1_VERSION, 278 .min_version = TLS1_VERSION, 279 .max_version = TLS1_VERSION, 280 .ssl_new = tls1_new, 281 .ssl_clear = tls1_clear, 282 .ssl_free = tls1_free, 283 .ssl_accept = ssl_undefined_function, 284 .ssl_connect = ssl3_connect, 285 .ssl_shutdown = ssl3_shutdown, 286 .get_ssl_method = tls1_get_client_method, 287 .get_timeout = tls1_default_timeout, 288 .ssl_version = ssl_undefined_void_function, 289 .ssl_renegotiate = ssl3_renegotiate, 290 .ssl_renegotiate_check = ssl3_renegotiate_check, 291 .ssl_pending = ssl3_pending, 292 .ssl_read_bytes = ssl3_read_bytes, 293 .ssl_write_bytes = ssl3_write_bytes, 294 .ssl3_enc = &TLSv1_enc_data, 295 }; 296 297 static const SSL_METHOD TLSv1_client_method_data = { 298 .ssl_dispatch_alert = ssl3_dispatch_alert, 299 .num_ciphers = ssl3_num_ciphers, 300 .get_cipher = ssl3_get_cipher, 301 .get_cipher_by_char = ssl3_get_cipher_by_char, 302 .put_cipher_by_char = ssl3_put_cipher_by_char, 303 .internal = &TLSv1_client_method_internal_data, 304 }; 305 306 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 307 .version = TLS1_1_VERSION, 308 .min_version = TLS1_1_VERSION, 309 .max_version = TLS1_1_VERSION, 310 .ssl_new = tls1_new, 311 .ssl_clear = tls1_clear, 312 .ssl_free = tls1_free, 313 .ssl_accept = ssl_undefined_function, 314 .ssl_connect = ssl3_connect, 315 .ssl_shutdown = ssl3_shutdown, 316 .get_ssl_method = tls1_get_client_method, 317 .get_timeout = tls1_default_timeout, 318 .ssl_version = ssl_undefined_void_function, 319 .ssl_renegotiate = ssl3_renegotiate, 320 .ssl_renegotiate_check = ssl3_renegotiate_check, 321 .ssl_pending = ssl3_pending, 322 .ssl_read_bytes = ssl3_read_bytes, 323 .ssl_write_bytes = ssl3_write_bytes, 324 .ssl3_enc = &TLSv1_1_enc_data, 325 }; 326 327 static const SSL_METHOD TLSv1_1_client_method_data = { 328 .ssl_dispatch_alert = ssl3_dispatch_alert, 329 .num_ciphers = ssl3_num_ciphers, 330 .get_cipher = ssl3_get_cipher, 331 .get_cipher_by_char = ssl3_get_cipher_by_char, 332 .put_cipher_by_char = ssl3_put_cipher_by_char, 333 .internal = &TLSv1_1_client_method_internal_data, 334 }; 335 336 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 337 .version = TLS1_2_VERSION, 338 .min_version = TLS1_2_VERSION, 339 .max_version = TLS1_2_VERSION, 340 .ssl_new = tls1_new, 341 .ssl_clear = tls1_clear, 342 .ssl_free = tls1_free, 343 .ssl_accept = ssl_undefined_function, 344 .ssl_connect = ssl3_connect, 345 .ssl_shutdown = ssl3_shutdown, 346 .get_ssl_method = tls1_get_client_method, 347 .get_timeout = tls1_default_timeout, 348 .ssl_version = ssl_undefined_void_function, 349 .ssl_renegotiate = ssl3_renegotiate, 350 .ssl_renegotiate_check = ssl3_renegotiate_check, 351 .ssl_pending = ssl3_pending, 352 .ssl_read_bytes = ssl3_read_bytes, 353 .ssl_write_bytes = ssl3_write_bytes, 354 .ssl3_enc = &TLSv1_2_enc_data, 355 }; 356 357 static const SSL_METHOD TLSv1_2_client_method_data = { 358 .ssl_dispatch_alert = ssl3_dispatch_alert, 359 .num_ciphers = ssl3_num_ciphers, 360 .get_cipher = ssl3_get_cipher, 361 .get_cipher_by_char = ssl3_get_cipher_by_char, 362 .put_cipher_by_char = ssl3_put_cipher_by_char, 363 .internal = &TLSv1_2_client_method_internal_data, 364 }; 365 366 const SSL_METHOD * 367 tls1_get_client_method(int ver) 368 { 369 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 370 if (ver == TLS1_3_VERSION) 371 return (TLS_client_method()); 372 #endif 373 if (ver == TLS1_2_VERSION) 374 return (TLSv1_2_client_method()); 375 if (ver == TLS1_1_VERSION) 376 return (TLSv1_1_client_method()); 377 if (ver == TLS1_VERSION) 378 return (TLSv1_client_method()); 379 return (NULL); 380 } 381 382 const SSL_METHOD * 383 SSLv23_client_method(void) 384 { 385 return (TLS_client_method()); 386 } 387 388 const SSL_METHOD * 389 TLS_client_method(void) 390 { 391 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 392 return (&TLS_client_method_data); 393 #else 394 return tls_legacy_client_method(); 395 #endif 396 } 397 398 const SSL_METHOD * 399 tls_legacy_client_method(void) 400 { 401 return (&TLS_legacy_client_method_data); 402 } 403 404 const SSL_METHOD * 405 TLSv1_client_method(void) 406 { 407 return (&TLSv1_client_method_data); 408 } 409 410 const SSL_METHOD * 411 TLSv1_1_client_method(void) 412 { 413 return (&TLSv1_1_client_method_data); 414 } 415 416 const SSL_METHOD * 417 TLSv1_2_client_method(void) 418 { 419 return (&TLSv1_2_client_method_data); 420 } 421 422 static const SSL_METHOD *tls1_get_method(int ver); 423 424 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 425 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 426 .version = TLS1_3_VERSION, 427 .min_version = TLS1_VERSION, 428 .max_version = TLS1_3_VERSION, 429 .ssl_new = tls1_new, 430 .ssl_clear = tls1_clear, 431 .ssl_free = tls1_free, 432 .ssl_accept = tls13_legacy_accept, 433 .ssl_connect = tls13_legacy_connect, 434 .ssl_shutdown = tls13_legacy_shutdown, 435 .get_ssl_method = tls1_get_client_method, 436 .get_timeout = tls1_default_timeout, 437 .ssl_version = ssl_undefined_void_function, 438 .ssl_renegotiate = ssl_undefined_function, 439 .ssl_renegotiate_check = ssl_ok, 440 .ssl_pending = tls13_legacy_pending, 441 .ssl_read_bytes = tls13_legacy_read_bytes, 442 .ssl_write_bytes = tls13_legacy_write_bytes, 443 .ssl3_enc = &TLSv1_3_enc_data, 444 }; 445 446 static const SSL_METHOD TLS_method_data = { 447 .ssl_dispatch_alert = ssl3_dispatch_alert, 448 .num_ciphers = ssl3_num_ciphers, 449 .get_cipher = ssl3_get_cipher, 450 .get_cipher_by_char = ssl3_get_cipher_by_char, 451 .put_cipher_by_char = ssl3_put_cipher_by_char, 452 .internal = &TLS_method_internal_data, 453 }; 454 #endif 455 456 static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 457 .version = TLS1_2_VERSION, 458 .min_version = TLS1_VERSION, 459 .max_version = TLS1_2_VERSION, 460 .ssl_new = tls1_new, 461 .ssl_clear = tls1_clear, 462 .ssl_free = tls1_free, 463 .ssl_accept = ssl3_accept, 464 .ssl_connect = ssl3_connect, 465 .ssl_shutdown = ssl3_shutdown, 466 .get_ssl_method = tls1_get_method, 467 .get_timeout = tls1_default_timeout, 468 .ssl_version = ssl_undefined_void_function, 469 .ssl_renegotiate = ssl_undefined_function, 470 .ssl_renegotiate_check = ssl_ok, 471 .ssl_pending = ssl3_pending, 472 .ssl_read_bytes = ssl3_read_bytes, 473 .ssl_write_bytes = ssl3_write_bytes, 474 .ssl3_enc = &TLSv1_2_enc_data, 475 }; 476 477 static const SSL_METHOD TLS_legacy_method_data = { 478 .ssl_dispatch_alert = ssl3_dispatch_alert, 479 .num_ciphers = ssl3_num_ciphers, 480 .get_cipher = ssl3_get_cipher, 481 .get_cipher_by_char = ssl3_get_cipher_by_char, 482 .put_cipher_by_char = ssl3_put_cipher_by_char, 483 .internal = &TLS_legacy_method_internal_data, 484 }; 485 486 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 487 .version = TLS1_VERSION, 488 .min_version = TLS1_VERSION, 489 .max_version = TLS1_VERSION, 490 .ssl_new = tls1_new, 491 .ssl_clear = tls1_clear, 492 .ssl_free = tls1_free, 493 .ssl_accept = ssl3_accept, 494 .ssl_connect = ssl3_connect, 495 .ssl_shutdown = ssl3_shutdown, 496 .get_ssl_method = tls1_get_method, 497 .get_timeout = tls1_default_timeout, 498 .ssl_version = ssl_undefined_void_function, 499 .ssl_renegotiate = ssl3_renegotiate, 500 .ssl_renegotiate_check = ssl3_renegotiate_check, 501 .ssl_pending = ssl3_pending, 502 .ssl_read_bytes = ssl3_read_bytes, 503 .ssl_write_bytes = ssl3_write_bytes, 504 .ssl3_enc = &TLSv1_enc_data, 505 }; 506 507 static const SSL_METHOD TLSv1_method_data = { 508 .ssl_dispatch_alert = ssl3_dispatch_alert, 509 .num_ciphers = ssl3_num_ciphers, 510 .get_cipher = ssl3_get_cipher, 511 .get_cipher_by_char = ssl3_get_cipher_by_char, 512 .put_cipher_by_char = ssl3_put_cipher_by_char, 513 .internal = &TLSv1_method_internal_data, 514 }; 515 516 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 517 .version = TLS1_1_VERSION, 518 .min_version = TLS1_1_VERSION, 519 .max_version = TLS1_1_VERSION, 520 .ssl_new = tls1_new, 521 .ssl_clear = tls1_clear, 522 .ssl_free = tls1_free, 523 .ssl_accept = ssl3_accept, 524 .ssl_connect = ssl3_connect, 525 .ssl_shutdown = ssl3_shutdown, 526 .get_ssl_method = tls1_get_method, 527 .get_timeout = tls1_default_timeout, 528 .ssl_version = ssl_undefined_void_function, 529 .ssl_renegotiate = ssl3_renegotiate, 530 .ssl_renegotiate_check = ssl3_renegotiate_check, 531 .ssl_pending = ssl3_pending, 532 .ssl_read_bytes = ssl3_read_bytes, 533 .ssl_write_bytes = ssl3_write_bytes, 534 .ssl3_enc = &TLSv1_1_enc_data, 535 }; 536 537 static const SSL_METHOD TLSv1_1_method_data = { 538 .ssl_dispatch_alert = ssl3_dispatch_alert, 539 .num_ciphers = ssl3_num_ciphers, 540 .get_cipher = ssl3_get_cipher, 541 .get_cipher_by_char = ssl3_get_cipher_by_char, 542 .put_cipher_by_char = ssl3_put_cipher_by_char, 543 .internal = &TLSv1_1_method_internal_data, 544 }; 545 546 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 547 .version = TLS1_2_VERSION, 548 .min_version = TLS1_2_VERSION, 549 .max_version = TLS1_2_VERSION, 550 .ssl_new = tls1_new, 551 .ssl_clear = tls1_clear, 552 .ssl_free = tls1_free, 553 .ssl_accept = ssl3_accept, 554 .ssl_connect = ssl3_connect, 555 .ssl_shutdown = ssl3_shutdown, 556 .get_ssl_method = tls1_get_method, 557 .get_timeout = tls1_default_timeout, 558 .ssl_version = ssl_undefined_void_function, 559 .ssl_renegotiate = ssl3_renegotiate, 560 .ssl_renegotiate_check = ssl3_renegotiate_check, 561 .ssl_pending = ssl3_pending, 562 .ssl_read_bytes = ssl3_read_bytes, 563 .ssl_write_bytes = ssl3_write_bytes, 564 .ssl3_enc = &TLSv1_2_enc_data, 565 }; 566 567 static const SSL_METHOD TLSv1_2_method_data = { 568 .ssl_dispatch_alert = ssl3_dispatch_alert, 569 .num_ciphers = ssl3_num_ciphers, 570 .get_cipher = ssl3_get_cipher, 571 .get_cipher_by_char = ssl3_get_cipher_by_char, 572 .put_cipher_by_char = ssl3_put_cipher_by_char, 573 .internal = &TLSv1_2_method_internal_data, 574 }; 575 576 static const SSL_METHOD * 577 tls1_get_method(int ver) 578 { 579 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 580 if (ver == TLS1_3_VERSION) 581 return (TLS_method()); 582 #endif 583 if (ver == TLS1_2_VERSION) 584 return (TLSv1_2_method()); 585 if (ver == TLS1_1_VERSION) 586 return (TLSv1_1_method()); 587 if (ver == TLS1_VERSION) 588 return (TLSv1_method()); 589 return (NULL); 590 } 591 592 const SSL_METHOD * 593 SSLv23_method(void) 594 { 595 return (TLS_method()); 596 } 597 598 const SSL_METHOD * 599 TLS_method(void) 600 { 601 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 602 return (&TLS_method_data); 603 #else 604 return tls_legacy_method(); 605 #endif 606 } 607 608 const SSL_METHOD * 609 tls_legacy_method(void) 610 { 611 return (&TLS_legacy_method_data); 612 } 613 614 const SSL_METHOD * 615 TLSv1_method(void) 616 { 617 return (&TLSv1_method_data); 618 } 619 620 const SSL_METHOD * 621 TLSv1_1_method(void) 622 { 623 return (&TLSv1_1_method_data); 624 } 625 626 const SSL_METHOD * 627 TLSv1_2_method(void) 628 { 629 return (&TLSv1_2_method_data); 630 } 631 632 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 633 static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { 634 .version = TLS1_3_VERSION, 635 .min_version = TLS1_VERSION, 636 .max_version = TLS1_3_VERSION, 637 .ssl_new = tls1_new, 638 .ssl_clear = tls1_clear, 639 .ssl_free = tls1_free, 640 .ssl_accept = tls13_legacy_accept, 641 .ssl_connect = ssl_undefined_function, 642 .ssl_shutdown = tls13_legacy_shutdown, 643 .get_ssl_method = tls1_get_server_method, 644 .get_timeout = tls1_default_timeout, 645 .ssl_version = ssl_undefined_void_function, 646 .ssl_renegotiate = ssl_undefined_function, 647 .ssl_renegotiate_check = ssl_ok, 648 .ssl_pending = tls13_legacy_pending, 649 .ssl_read_bytes = tls13_legacy_read_bytes, 650 .ssl_write_bytes = tls13_legacy_write_bytes, 651 .ssl3_enc = &TLSv1_3_enc_data, 652 }; 653 654 static const SSL_METHOD TLS_server_method_data = { 655 .ssl_dispatch_alert = ssl3_dispatch_alert, 656 .num_ciphers = ssl3_num_ciphers, 657 .get_cipher = ssl3_get_cipher, 658 .get_cipher_by_char = ssl3_get_cipher_by_char, 659 .put_cipher_by_char = ssl3_put_cipher_by_char, 660 .internal = &TLS_server_method_internal_data, 661 }; 662 #endif 663 664 static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = { 665 .version = TLS1_2_VERSION, 666 .min_version = TLS1_VERSION, 667 .max_version = TLS1_2_VERSION, 668 .ssl_new = tls1_new, 669 .ssl_clear = tls1_clear, 670 .ssl_free = tls1_free, 671 .ssl_accept = ssl3_accept, 672 .ssl_connect = ssl_undefined_function, 673 .ssl_shutdown = ssl3_shutdown, 674 .get_ssl_method = tls1_get_server_method, 675 .get_timeout = tls1_default_timeout, 676 .ssl_version = ssl_undefined_void_function, 677 .ssl_renegotiate = ssl_undefined_function, 678 .ssl_renegotiate_check = ssl_ok, 679 .ssl_pending = ssl3_pending, 680 .ssl_read_bytes = ssl3_read_bytes, 681 .ssl_write_bytes = ssl3_write_bytes, 682 .ssl3_enc = &TLSv1_2_enc_data, 683 }; 684 685 static const SSL_METHOD TLS_legacy_server_method_data = { 686 .ssl_dispatch_alert = ssl3_dispatch_alert, 687 .num_ciphers = ssl3_num_ciphers, 688 .get_cipher = ssl3_get_cipher, 689 .get_cipher_by_char = ssl3_get_cipher_by_char, 690 .put_cipher_by_char = ssl3_put_cipher_by_char, 691 .internal = &TLS_legacy_server_method_internal_data, 692 }; 693 694 static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = { 695 .version = TLS1_VERSION, 696 .min_version = TLS1_VERSION, 697 .max_version = TLS1_VERSION, 698 .ssl_new = tls1_new, 699 .ssl_clear = tls1_clear, 700 .ssl_free = tls1_free, 701 .ssl_accept = ssl3_accept, 702 .ssl_connect = ssl_undefined_function, 703 .ssl_shutdown = ssl3_shutdown, 704 .get_ssl_method = tls1_get_server_method, 705 .get_timeout = tls1_default_timeout, 706 .ssl_version = ssl_undefined_void_function, 707 .ssl_renegotiate = ssl3_renegotiate, 708 .ssl_renegotiate_check = ssl3_renegotiate_check, 709 .ssl_pending = ssl3_pending, 710 .ssl_read_bytes = ssl3_read_bytes, 711 .ssl_write_bytes = ssl3_write_bytes, 712 .ssl3_enc = &TLSv1_enc_data, 713 }; 714 715 static const SSL_METHOD TLSv1_server_method_data = { 716 .ssl_dispatch_alert = ssl3_dispatch_alert, 717 .num_ciphers = ssl3_num_ciphers, 718 .get_cipher = ssl3_get_cipher, 719 .get_cipher_by_char = ssl3_get_cipher_by_char, 720 .put_cipher_by_char = ssl3_put_cipher_by_char, 721 .internal = &TLSv1_server_method_internal_data, 722 }; 723 724 static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = { 725 .version = TLS1_1_VERSION, 726 .min_version = TLS1_1_VERSION, 727 .max_version = TLS1_1_VERSION, 728 .ssl_new = tls1_new, 729 .ssl_clear = tls1_clear, 730 .ssl_free = tls1_free, 731 .ssl_accept = ssl3_accept, 732 .ssl_connect = ssl_undefined_function, 733 .ssl_shutdown = ssl3_shutdown, 734 .get_ssl_method = tls1_get_server_method, 735 .get_timeout = tls1_default_timeout, 736 .ssl_version = ssl_undefined_void_function, 737 .ssl_renegotiate = ssl3_renegotiate, 738 .ssl_renegotiate_check = ssl3_renegotiate_check, 739 .ssl_pending = ssl3_pending, 740 .ssl_read_bytes = ssl3_read_bytes, 741 .ssl_write_bytes = ssl3_write_bytes, 742 .ssl3_enc = &TLSv1_1_enc_data, 743 }; 744 745 static const SSL_METHOD TLSv1_1_server_method_data = { 746 .ssl_dispatch_alert = ssl3_dispatch_alert, 747 .num_ciphers = ssl3_num_ciphers, 748 .get_cipher = ssl3_get_cipher, 749 .get_cipher_by_char = ssl3_get_cipher_by_char, 750 .put_cipher_by_char = ssl3_put_cipher_by_char, 751 .internal = &TLSv1_1_server_method_internal_data, 752 }; 753 754 static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = { 755 .version = TLS1_2_VERSION, 756 .min_version = TLS1_2_VERSION, 757 .max_version = TLS1_2_VERSION, 758 .ssl_new = tls1_new, 759 .ssl_clear = tls1_clear, 760 .ssl_free = tls1_free, 761 .ssl_accept = ssl3_accept, 762 .ssl_connect = ssl_undefined_function, 763 .ssl_shutdown = ssl3_shutdown, 764 .get_ssl_method = tls1_get_server_method, 765 .get_timeout = tls1_default_timeout, 766 .ssl_version = ssl_undefined_void_function, 767 .ssl_renegotiate = ssl3_renegotiate, 768 .ssl_renegotiate_check = ssl3_renegotiate_check, 769 .ssl_pending = ssl3_pending, 770 .ssl_read_bytes = ssl3_read_bytes, 771 .ssl_write_bytes = ssl3_write_bytes, 772 .ssl3_enc = &TLSv1_2_enc_data, 773 }; 774 775 static const SSL_METHOD TLSv1_2_server_method_data = { 776 .ssl_dispatch_alert = ssl3_dispatch_alert, 777 .num_ciphers = ssl3_num_ciphers, 778 .get_cipher = ssl3_get_cipher, 779 .get_cipher_by_char = ssl3_get_cipher_by_char, 780 .put_cipher_by_char = ssl3_put_cipher_by_char, 781 .internal = &TLSv1_2_server_method_internal_data, 782 }; 783 784 const SSL_METHOD * 785 tls1_get_server_method(int ver) 786 { 787 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 788 if (ver == TLS1_3_VERSION) 789 return (TLS_server_method()); 790 #endif 791 if (ver == TLS1_2_VERSION) 792 return (TLSv1_2_server_method()); 793 if (ver == TLS1_1_VERSION) 794 return (TLSv1_1_server_method()); 795 if (ver == TLS1_VERSION) 796 return (TLSv1_server_method()); 797 return (NULL); 798 } 799 800 const SSL_METHOD * 801 SSLv23_server_method(void) 802 { 803 return (TLS_server_method()); 804 } 805 806 const SSL_METHOD * 807 TLS_server_method(void) 808 { 809 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 810 return (&TLS_server_method_data); 811 #else 812 return tls_legacy_server_method(); 813 #endif 814 } 815 816 const SSL_METHOD * 817 tls_legacy_server_method(void) 818 { 819 return (&TLS_legacy_server_method_data); 820 } 821 822 const SSL_METHOD * 823 TLSv1_server_method(void) 824 { 825 return (&TLSv1_server_method_data); 826 } 827 828 const SSL_METHOD * 829 TLSv1_1_server_method(void) 830 { 831 return (&TLSv1_1_server_method_data); 832 } 833 834 const SSL_METHOD * 835 TLSv1_2_server_method(void) 836 { 837 return (&TLSv1_2_server_method_data); 838 } 839