1 /* $OpenBSD: ssl_methods.c,v 1.22 2021/02/20 08:33:17 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 #ifdef LIBRESSL_HAS_DTLS1_2 63 static const SSL_METHOD_INTERNAL DTLS_method_internal_data = { 64 .dtls = 1, 65 .server = 1, 66 .version = DTLS1_2_VERSION, 67 .min_version = DTLS1_VERSION, 68 .max_version = DTLS1_2_VERSION, 69 .ssl_new = dtls1_new, 70 .ssl_clear = dtls1_clear, 71 .ssl_free = dtls1_free, 72 .ssl_accept = ssl3_accept, 73 .ssl_connect = ssl3_connect, 74 .ssl_shutdown = ssl3_shutdown, 75 .ssl_renegotiate = ssl3_renegotiate, 76 .ssl_renegotiate_check = ssl3_renegotiate_check, 77 .ssl_pending = ssl3_pending, 78 .ssl_read_bytes = dtls1_read_bytes, 79 .ssl_write_bytes = dtls1_write_app_data_bytes, 80 .enc_flags = TLSV1_2_ENC_FLAGS, 81 }; 82 83 static const SSL_METHOD DTLS_method_data = { 84 .ssl_dispatch_alert = dtls1_dispatch_alert, 85 .num_ciphers = ssl3_num_ciphers, 86 .get_cipher = dtls1_get_cipher, 87 .get_cipher_by_char = ssl3_get_cipher_by_char, 88 .put_cipher_by_char = ssl3_put_cipher_by_char, 89 .internal = &DTLS_method_internal_data, 90 }; 91 92 static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = { 93 .dtls = 1, 94 .server = 0, 95 .version = DTLS1_2_VERSION, 96 .min_version = DTLS1_VERSION, 97 .max_version = DTLS1_2_VERSION, 98 .ssl_new = dtls1_new, 99 .ssl_clear = dtls1_clear, 100 .ssl_free = dtls1_free, 101 .ssl_accept = ssl_undefined_function, 102 .ssl_connect = ssl3_connect, 103 .ssl_shutdown = ssl3_shutdown, 104 .ssl_renegotiate = ssl3_renegotiate, 105 .ssl_renegotiate_check = ssl3_renegotiate_check, 106 .ssl_pending = ssl3_pending, 107 .ssl_read_bytes = dtls1_read_bytes, 108 .ssl_write_bytes = dtls1_write_app_data_bytes, 109 .enc_flags = TLSV1_2_ENC_FLAGS, 110 }; 111 112 static const SSL_METHOD DTLS_client_method_data = { 113 .ssl_dispatch_alert = dtls1_dispatch_alert, 114 .num_ciphers = ssl3_num_ciphers, 115 .get_cipher = dtls1_get_cipher, 116 .get_cipher_by_char = ssl3_get_cipher_by_char, 117 .put_cipher_by_char = ssl3_put_cipher_by_char, 118 .internal = &DTLS_client_method_internal_data, 119 }; 120 #endif 121 122 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 123 .dtls = 1, 124 .server = 1, 125 .version = DTLS1_VERSION, 126 .min_version = DTLS1_VERSION, 127 .max_version = DTLS1_VERSION, 128 .ssl_new = dtls1_new, 129 .ssl_clear = dtls1_clear, 130 .ssl_free = dtls1_free, 131 .ssl_accept = ssl3_accept, 132 .ssl_connect = ssl3_connect, 133 .ssl_shutdown = ssl3_shutdown, 134 .ssl_renegotiate = ssl3_renegotiate, 135 .ssl_renegotiate_check = ssl3_renegotiate_check, 136 .ssl_pending = ssl3_pending, 137 .ssl_read_bytes = dtls1_read_bytes, 138 .ssl_write_bytes = dtls1_write_app_data_bytes, 139 .enc_flags = TLSV1_1_ENC_FLAGS, 140 }; 141 142 static const SSL_METHOD DTLSv1_method_data = { 143 .ssl_dispatch_alert = dtls1_dispatch_alert, 144 .num_ciphers = ssl3_num_ciphers, 145 .get_cipher = dtls1_get_cipher, 146 .get_cipher_by_char = ssl3_get_cipher_by_char, 147 .put_cipher_by_char = ssl3_put_cipher_by_char, 148 .internal = &DTLSv1_method_internal_data, 149 }; 150 151 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 152 .dtls = 1, 153 .server = 0, 154 .version = DTLS1_VERSION, 155 .min_version = DTLS1_VERSION, 156 .max_version = DTLS1_VERSION, 157 .ssl_new = dtls1_new, 158 .ssl_clear = dtls1_clear, 159 .ssl_free = dtls1_free, 160 .ssl_accept = ssl_undefined_function, 161 .ssl_connect = ssl3_connect, 162 .ssl_shutdown = ssl3_shutdown, 163 .ssl_renegotiate = ssl3_renegotiate, 164 .ssl_renegotiate_check = ssl3_renegotiate_check, 165 .ssl_pending = ssl3_pending, 166 .ssl_read_bytes = dtls1_read_bytes, 167 .ssl_write_bytes = dtls1_write_app_data_bytes, 168 .enc_flags = TLSV1_1_ENC_FLAGS, 169 }; 170 171 static const SSL_METHOD DTLSv1_client_method_data = { 172 .ssl_dispatch_alert = dtls1_dispatch_alert, 173 .num_ciphers = ssl3_num_ciphers, 174 .get_cipher = dtls1_get_cipher, 175 .get_cipher_by_char = ssl3_get_cipher_by_char, 176 .put_cipher_by_char = ssl3_put_cipher_by_char, 177 .internal = &DTLSv1_client_method_internal_data, 178 }; 179 180 static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = { 181 .dtls = 1, 182 .server = 1, 183 .version = DTLS1_2_VERSION, 184 .min_version = DTLS1_2_VERSION, 185 .max_version = DTLS1_2_VERSION, 186 .ssl_new = dtls1_new, 187 .ssl_clear = dtls1_clear, 188 .ssl_free = dtls1_free, 189 .ssl_accept = ssl3_accept, 190 .ssl_connect = ssl3_connect, 191 .ssl_shutdown = ssl3_shutdown, 192 .ssl_renegotiate = ssl3_renegotiate, 193 .ssl_renegotiate_check = ssl3_renegotiate_check, 194 .ssl_pending = ssl3_pending, 195 .ssl_read_bytes = dtls1_read_bytes, 196 .ssl_write_bytes = dtls1_write_app_data_bytes, 197 .enc_flags = TLSV1_2_ENC_FLAGS, 198 }; 199 200 static const SSL_METHOD DTLSv1_2_method_data = { 201 .ssl_dispatch_alert = dtls1_dispatch_alert, 202 .num_ciphers = ssl3_num_ciphers, 203 .get_cipher = dtls1_get_cipher, 204 .get_cipher_by_char = ssl3_get_cipher_by_char, 205 .put_cipher_by_char = ssl3_put_cipher_by_char, 206 .internal = &DTLSv1_2_method_internal_data, 207 }; 208 209 static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = { 210 .dtls = 1, 211 .server = 0, 212 .version = DTLS1_2_VERSION, 213 .min_version = DTLS1_2_VERSION, 214 .max_version = DTLS1_2_VERSION, 215 .ssl_new = dtls1_new, 216 .ssl_clear = dtls1_clear, 217 .ssl_free = dtls1_free, 218 .ssl_accept = ssl_undefined_function, 219 .ssl_connect = ssl3_connect, 220 .ssl_shutdown = ssl3_shutdown, 221 .ssl_renegotiate = ssl3_renegotiate, 222 .ssl_renegotiate_check = ssl3_renegotiate_check, 223 .ssl_pending = ssl3_pending, 224 .ssl_read_bytes = dtls1_read_bytes, 225 .ssl_write_bytes = dtls1_write_app_data_bytes, 226 .enc_flags = TLSV1_2_ENC_FLAGS, 227 }; 228 229 static const SSL_METHOD DTLSv1_2_client_method_data = { 230 .ssl_dispatch_alert = dtls1_dispatch_alert, 231 .num_ciphers = ssl3_num_ciphers, 232 .get_cipher = dtls1_get_cipher, 233 .get_cipher_by_char = ssl3_get_cipher_by_char, 234 .put_cipher_by_char = ssl3_put_cipher_by_char, 235 .internal = &DTLSv1_2_client_method_internal_data, 236 }; 237 238 const SSL_METHOD * 239 DTLSv1_client_method(void) 240 { 241 return &DTLSv1_client_method_data; 242 } 243 244 const SSL_METHOD * 245 DTLSv1_method(void) 246 { 247 return &DTLSv1_method_data; 248 } 249 250 const SSL_METHOD * 251 DTLSv1_server_method(void) 252 { 253 return &DTLSv1_method_data; 254 } 255 256 const SSL_METHOD * 257 DTLSv1_2_client_method(void) 258 { 259 return &DTLSv1_2_client_method_data; 260 } 261 262 const SSL_METHOD * 263 DTLSv1_2_method(void) 264 { 265 return &DTLSv1_2_method_data; 266 } 267 268 const SSL_METHOD * 269 DTLSv1_2_server_method(void) 270 { 271 return &DTLSv1_2_method_data; 272 } 273 274 const SSL_METHOD * 275 DTLS_client_method(void) 276 { 277 #ifdef LIBRESSL_HAS_DTLS1_2 278 return &DTLS_client_method_data; 279 #else 280 return DTLSv1_client_method(); 281 #endif 282 } 283 284 const SSL_METHOD * 285 DTLS_method(void) 286 { 287 #ifdef LIBRESSL_HAS_DTLS1_2 288 return &DTLS_method_data; 289 #else 290 return DTLSv1_method(); 291 #endif 292 } 293 294 const SSL_METHOD * 295 DTLS_server_method(void) 296 { 297 #ifdef LIBRESSL_HAS_DTLS1_2 298 return &DTLS_method_data; 299 #else 300 return DTLSv1_server_method(); 301 #endif 302 } 303 304 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 305 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 306 .dtls = 0, 307 .server = 1, 308 .version = TLS1_3_VERSION, 309 .min_version = TLS1_VERSION, 310 .max_version = TLS1_3_VERSION, 311 .ssl_new = tls1_new, 312 .ssl_clear = tls1_clear, 313 .ssl_free = tls1_free, 314 .ssl_accept = tls13_legacy_accept, 315 .ssl_connect = tls13_legacy_connect, 316 .ssl_shutdown = tls13_legacy_shutdown, 317 .ssl_renegotiate = ssl_undefined_function, 318 .ssl_renegotiate_check = ssl_ok, 319 .ssl_pending = tls13_legacy_pending, 320 .ssl_read_bytes = tls13_legacy_read_bytes, 321 .ssl_write_bytes = tls13_legacy_write_bytes, 322 .enc_flags = TLSV1_3_ENC_FLAGS, 323 }; 324 325 static const SSL_METHOD TLS_method_data = { 326 .ssl_dispatch_alert = ssl3_dispatch_alert, 327 .num_ciphers = ssl3_num_ciphers, 328 .get_cipher = ssl3_get_cipher, 329 .get_cipher_by_char = ssl3_get_cipher_by_char, 330 .put_cipher_by_char = ssl3_put_cipher_by_char, 331 .internal = &TLS_method_internal_data, 332 }; 333 #endif 334 335 static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 336 .dtls = 0, 337 .server = 1, 338 .version = TLS1_2_VERSION, 339 .min_version = TLS1_VERSION, 340 .max_version = TLS1_2_VERSION, 341 .ssl_new = tls1_new, 342 .ssl_clear = tls1_clear, 343 .ssl_free = tls1_free, 344 .ssl_accept = ssl3_accept, 345 .ssl_connect = ssl3_connect, 346 .ssl_shutdown = ssl3_shutdown, 347 .ssl_renegotiate = ssl_undefined_function, 348 .ssl_renegotiate_check = ssl_ok, 349 .ssl_pending = ssl3_pending, 350 .ssl_read_bytes = ssl3_read_bytes, 351 .ssl_write_bytes = ssl3_write_bytes, 352 .enc_flags = TLSV1_2_ENC_FLAGS, 353 }; 354 355 static const SSL_METHOD TLS_legacy_method_data = { 356 .ssl_dispatch_alert = ssl3_dispatch_alert, 357 .num_ciphers = ssl3_num_ciphers, 358 .get_cipher = ssl3_get_cipher, 359 .get_cipher_by_char = ssl3_get_cipher_by_char, 360 .put_cipher_by_char = ssl3_put_cipher_by_char, 361 .internal = &TLS_legacy_method_internal_data, 362 }; 363 364 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 365 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 366 .dtls = 0, 367 .server = 0, 368 .version = TLS1_3_VERSION, 369 .min_version = TLS1_VERSION, 370 .max_version = TLS1_3_VERSION, 371 .ssl_new = tls1_new, 372 .ssl_clear = tls1_clear, 373 .ssl_free = tls1_free, 374 .ssl_accept = tls13_legacy_accept, 375 .ssl_connect = tls13_legacy_connect, 376 .ssl_shutdown = tls13_legacy_shutdown, 377 .ssl_renegotiate = ssl_undefined_function, 378 .ssl_renegotiate_check = ssl_ok, 379 .ssl_pending = tls13_legacy_pending, 380 .ssl_read_bytes = tls13_legacy_read_bytes, 381 .ssl_write_bytes = tls13_legacy_write_bytes, 382 .enc_flags = TLSV1_3_ENC_FLAGS, 383 }; 384 385 static const SSL_METHOD TLS_client_method_data = { 386 .ssl_dispatch_alert = ssl3_dispatch_alert, 387 .num_ciphers = ssl3_num_ciphers, 388 .get_cipher = ssl3_get_cipher, 389 .get_cipher_by_char = ssl3_get_cipher_by_char, 390 .put_cipher_by_char = ssl3_put_cipher_by_char, 391 .internal = &TLS_client_method_internal_data, 392 }; 393 394 #else 395 396 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 397 .dtls = 0, 398 .server = 0, 399 .version = TLS1_2_VERSION, 400 .min_version = TLS1_VERSION, 401 .max_version = TLS1_2_VERSION, 402 .ssl_new = tls1_new, 403 .ssl_clear = tls1_clear, 404 .ssl_free = tls1_free, 405 .ssl_accept = ssl3_accept, 406 .ssl_connect = ssl3_connect, 407 .ssl_shutdown = ssl3_shutdown, 408 .ssl_renegotiate = ssl_undefined_function, 409 .ssl_renegotiate_check = ssl_ok, 410 .ssl_pending = ssl3_pending, 411 .ssl_read_bytes = ssl3_read_bytes, 412 .ssl_write_bytes = ssl3_write_bytes, 413 .enc_flags = TLSV1_2_ENC_FLAGS, 414 }; 415 416 static const SSL_METHOD TLS_legacy_client_method_data = { 417 .ssl_dispatch_alert = ssl3_dispatch_alert, 418 .num_ciphers = ssl3_num_ciphers, 419 .get_cipher = ssl3_get_cipher, 420 .get_cipher_by_char = ssl3_get_cipher_by_char, 421 .put_cipher_by_char = ssl3_put_cipher_by_char, 422 .internal = &TLS_legacy_client_method_internal_data, 423 }; 424 #endif 425 426 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 427 .dtls = 0, 428 .server = 1, 429 .version = TLS1_VERSION, 430 .min_version = TLS1_VERSION, 431 .max_version = TLS1_VERSION, 432 .ssl_new = tls1_new, 433 .ssl_clear = tls1_clear, 434 .ssl_free = tls1_free, 435 .ssl_accept = ssl3_accept, 436 .ssl_connect = ssl3_connect, 437 .ssl_shutdown = ssl3_shutdown, 438 .ssl_renegotiate = ssl3_renegotiate, 439 .ssl_renegotiate_check = ssl3_renegotiate_check, 440 .ssl_pending = ssl3_pending, 441 .ssl_read_bytes = ssl3_read_bytes, 442 .ssl_write_bytes = ssl3_write_bytes, 443 .enc_flags = TLSV1_ENC_FLAGS, 444 }; 445 446 static const SSL_METHOD TLSv1_method_data = { 447 .ssl_dispatch_alert = ssl3_dispatch_alert, 448 .num_ciphers = ssl3_num_ciphers, 449 .get_cipher = ssl3_get_cipher, 450 .get_cipher_by_char = ssl3_get_cipher_by_char, 451 .put_cipher_by_char = ssl3_put_cipher_by_char, 452 .internal = &TLSv1_method_internal_data, 453 }; 454 455 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 456 .dtls = 0, 457 .server = 0, 458 .version = TLS1_VERSION, 459 .min_version = TLS1_VERSION, 460 .max_version = TLS1_VERSION, 461 .ssl_new = tls1_new, 462 .ssl_clear = tls1_clear, 463 .ssl_free = tls1_free, 464 .ssl_accept = ssl_undefined_function, 465 .ssl_connect = ssl3_connect, 466 .ssl_shutdown = ssl3_shutdown, 467 .ssl_renegotiate = ssl3_renegotiate, 468 .ssl_renegotiate_check = ssl3_renegotiate_check, 469 .ssl_pending = ssl3_pending, 470 .ssl_read_bytes = ssl3_read_bytes, 471 .ssl_write_bytes = ssl3_write_bytes, 472 .enc_flags = TLSV1_ENC_FLAGS, 473 }; 474 475 static const SSL_METHOD TLSv1_client_method_data = { 476 .ssl_dispatch_alert = ssl3_dispatch_alert, 477 .num_ciphers = ssl3_num_ciphers, 478 .get_cipher = ssl3_get_cipher, 479 .get_cipher_by_char = ssl3_get_cipher_by_char, 480 .put_cipher_by_char = ssl3_put_cipher_by_char, 481 .internal = &TLSv1_client_method_internal_data, 482 }; 483 484 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 485 .dtls = 0, 486 .server = 1, 487 .version = TLS1_1_VERSION, 488 .min_version = TLS1_1_VERSION, 489 .max_version = TLS1_1_VERSION, 490 .ssl_new = tls1_new, 491 .ssl_clear = tls1_clear, 492 .ssl_free = tls1_free, 493 .ssl_accept = ssl3_accept, 494 .ssl_connect = ssl3_connect, 495 .ssl_shutdown = ssl3_shutdown, 496 .ssl_renegotiate = ssl3_renegotiate, 497 .ssl_renegotiate_check = ssl3_renegotiate_check, 498 .ssl_pending = ssl3_pending, 499 .ssl_read_bytes = ssl3_read_bytes, 500 .ssl_write_bytes = ssl3_write_bytes, 501 .enc_flags = TLSV1_1_ENC_FLAGS, 502 }; 503 504 static const SSL_METHOD TLSv1_1_method_data = { 505 .ssl_dispatch_alert = ssl3_dispatch_alert, 506 .num_ciphers = ssl3_num_ciphers, 507 .get_cipher = ssl3_get_cipher, 508 .get_cipher_by_char = ssl3_get_cipher_by_char, 509 .put_cipher_by_char = ssl3_put_cipher_by_char, 510 .internal = &TLSv1_1_method_internal_data, 511 }; 512 513 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 514 .dtls = 0, 515 .server = 0, 516 .version = TLS1_1_VERSION, 517 .min_version = TLS1_1_VERSION, 518 .max_version = TLS1_1_VERSION, 519 .ssl_new = tls1_new, 520 .ssl_clear = tls1_clear, 521 .ssl_free = tls1_free, 522 .ssl_accept = ssl_undefined_function, 523 .ssl_connect = ssl3_connect, 524 .ssl_shutdown = ssl3_shutdown, 525 .ssl_renegotiate = ssl3_renegotiate, 526 .ssl_renegotiate_check = ssl3_renegotiate_check, 527 .ssl_pending = ssl3_pending, 528 .ssl_read_bytes = ssl3_read_bytes, 529 .ssl_write_bytes = ssl3_write_bytes, 530 .enc_flags = TLSV1_1_ENC_FLAGS, 531 }; 532 533 static const SSL_METHOD TLSv1_1_client_method_data = { 534 .ssl_dispatch_alert = ssl3_dispatch_alert, 535 .num_ciphers = ssl3_num_ciphers, 536 .get_cipher = ssl3_get_cipher, 537 .get_cipher_by_char = ssl3_get_cipher_by_char, 538 .put_cipher_by_char = ssl3_put_cipher_by_char, 539 .internal = &TLSv1_1_client_method_internal_data, 540 }; 541 542 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 543 .dtls = 0, 544 .server = 1, 545 .version = TLS1_2_VERSION, 546 .min_version = TLS1_2_VERSION, 547 .max_version = TLS1_2_VERSION, 548 .ssl_new = tls1_new, 549 .ssl_clear = tls1_clear, 550 .ssl_free = tls1_free, 551 .ssl_accept = ssl3_accept, 552 .ssl_connect = ssl3_connect, 553 .ssl_shutdown = ssl3_shutdown, 554 .ssl_renegotiate = ssl3_renegotiate, 555 .ssl_renegotiate_check = ssl3_renegotiate_check, 556 .ssl_pending = ssl3_pending, 557 .ssl_read_bytes = ssl3_read_bytes, 558 .ssl_write_bytes = ssl3_write_bytes, 559 .enc_flags = TLSV1_2_ENC_FLAGS, 560 }; 561 562 static const SSL_METHOD TLSv1_2_method_data = { 563 .ssl_dispatch_alert = ssl3_dispatch_alert, 564 .num_ciphers = ssl3_num_ciphers, 565 .get_cipher = ssl3_get_cipher, 566 .get_cipher_by_char = ssl3_get_cipher_by_char, 567 .put_cipher_by_char = ssl3_put_cipher_by_char, 568 .internal = &TLSv1_2_method_internal_data, 569 }; 570 571 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 572 .dtls = 0, 573 .server = 0, 574 .version = TLS1_2_VERSION, 575 .min_version = TLS1_2_VERSION, 576 .max_version = TLS1_2_VERSION, 577 .ssl_new = tls1_new, 578 .ssl_clear = tls1_clear, 579 .ssl_free = tls1_free, 580 .ssl_accept = ssl_undefined_function, 581 .ssl_connect = ssl3_connect, 582 .ssl_shutdown = ssl3_shutdown, 583 .ssl_renegotiate = ssl3_renegotiate, 584 .ssl_renegotiate_check = ssl3_renegotiate_check, 585 .ssl_pending = ssl3_pending, 586 .ssl_read_bytes = ssl3_read_bytes, 587 .ssl_write_bytes = ssl3_write_bytes, 588 .enc_flags = TLSV1_2_ENC_FLAGS, 589 }; 590 591 static const SSL_METHOD TLSv1_2_client_method_data = { 592 .ssl_dispatch_alert = ssl3_dispatch_alert, 593 .num_ciphers = ssl3_num_ciphers, 594 .get_cipher = ssl3_get_cipher, 595 .get_cipher_by_char = ssl3_get_cipher_by_char, 596 .put_cipher_by_char = ssl3_put_cipher_by_char, 597 .internal = &TLSv1_2_client_method_internal_data, 598 }; 599 600 const SSL_METHOD * 601 TLS_client_method(void) 602 { 603 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 604 return (&TLS_client_method_data); 605 #else 606 return (&TLS_legacy_client_method_data); 607 #endif 608 } 609 610 const SSL_METHOD * 611 TLS_method(void) 612 { 613 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 614 return (&TLS_method_data); 615 #else 616 return tls_legacy_method(); 617 #endif 618 } 619 620 const SSL_METHOD * 621 TLS_server_method(void) 622 { 623 return TLS_method(); 624 } 625 626 const SSL_METHOD * 627 tls_legacy_method(void) 628 { 629 return (&TLS_legacy_method_data); 630 } 631 632 const SSL_METHOD * 633 SSLv23_client_method(void) 634 { 635 return TLS_client_method(); 636 } 637 638 const SSL_METHOD * 639 SSLv23_method(void) 640 { 641 return TLS_method(); 642 } 643 644 const SSL_METHOD * 645 SSLv23_server_method(void) 646 { 647 return TLS_method(); 648 } 649 650 const SSL_METHOD * 651 TLSv1_client_method(void) 652 { 653 return (&TLSv1_client_method_data); 654 } 655 656 const SSL_METHOD * 657 TLSv1_method(void) 658 { 659 return (&TLSv1_method_data); 660 } 661 662 const SSL_METHOD * 663 TLSv1_server_method(void) 664 { 665 return (&TLSv1_method_data); 666 } 667 668 const SSL_METHOD * 669 TLSv1_1_client_method(void) 670 { 671 return (&TLSv1_1_client_method_data); 672 } 673 674 const SSL_METHOD * 675 TLSv1_1_method(void) 676 { 677 return (&TLSv1_1_method_data); 678 } 679 680 const SSL_METHOD * 681 TLSv1_1_server_method(void) 682 { 683 return (&TLSv1_1_method_data); 684 } 685 686 const SSL_METHOD * 687 TLSv1_2_client_method(void) 688 { 689 return (&TLSv1_2_client_method_data); 690 } 691 692 const SSL_METHOD * 693 TLSv1_2_method(void) 694 { 695 return (&TLSv1_2_method_data); 696 } 697 698 const SSL_METHOD * 699 TLSv1_2_server_method(void) 700 { 701 return (&TLSv1_2_method_data); 702 } 703 704 const SSL_METHOD * 705 ssl_get_method(uint16_t version) 706 { 707 if (version == TLS1_3_VERSION) 708 return (TLS_method()); 709 if (version == TLS1_2_VERSION) 710 return (TLSv1_2_method()); 711 if (version == TLS1_1_VERSION) 712 return (TLSv1_1_method()); 713 if (version == TLS1_VERSION) 714 return (TLSv1_method()); 715 if (version == DTLS1_VERSION) 716 return (DTLSv1_method()); 717 if (version == DTLS1_2_VERSION) 718 return (DTLSv1_2_method()); 719 720 return (NULL); 721 } 722