1 /* $OpenBSD: ssl_methods.c,v 1.21 2020/12/01 07:46:02 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 63 .dtls = 1, 64 .server = 1, 65 .version = DTLS1_VERSION, 66 .min_version = DTLS1_VERSION, 67 .max_version = DTLS1_VERSION, 68 .ssl_new = dtls1_new, 69 .ssl_clear = dtls1_clear, 70 .ssl_free = dtls1_free, 71 .ssl_accept = ssl3_accept, 72 .ssl_connect = ssl3_connect, 73 .ssl_shutdown = ssl3_shutdown, 74 .ssl_renegotiate = ssl3_renegotiate, 75 .ssl_renegotiate_check = ssl3_renegotiate_check, 76 .ssl_pending = ssl3_pending, 77 .ssl_read_bytes = dtls1_read_bytes, 78 .ssl_write_bytes = dtls1_write_app_data_bytes, 79 .enc_flags = TLSV1_1_ENC_FLAGS, 80 }; 81 82 static const SSL_METHOD DTLSv1_method_data = { 83 .ssl_dispatch_alert = dtls1_dispatch_alert, 84 .num_ciphers = ssl3_num_ciphers, 85 .get_cipher = dtls1_get_cipher, 86 .get_cipher_by_char = ssl3_get_cipher_by_char, 87 .put_cipher_by_char = ssl3_put_cipher_by_char, 88 .internal = &DTLSv1_method_internal_data, 89 }; 90 91 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 92 .dtls = 1, 93 .server = 0, 94 .version = DTLS1_VERSION, 95 .min_version = DTLS1_VERSION, 96 .max_version = DTLS1_VERSION, 97 .ssl_new = dtls1_new, 98 .ssl_clear = dtls1_clear, 99 .ssl_free = dtls1_free, 100 .ssl_accept = ssl_undefined_function, 101 .ssl_connect = ssl3_connect, 102 .ssl_shutdown = ssl3_shutdown, 103 .ssl_renegotiate = ssl3_renegotiate, 104 .ssl_renegotiate_check = ssl3_renegotiate_check, 105 .ssl_pending = ssl3_pending, 106 .ssl_read_bytes = dtls1_read_bytes, 107 .ssl_write_bytes = dtls1_write_app_data_bytes, 108 .enc_flags = TLSV1_1_ENC_FLAGS, 109 }; 110 111 static const SSL_METHOD DTLSv1_client_method_data = { 112 .ssl_dispatch_alert = dtls1_dispatch_alert, 113 .num_ciphers = ssl3_num_ciphers, 114 .get_cipher = dtls1_get_cipher, 115 .get_cipher_by_char = ssl3_get_cipher_by_char, 116 .put_cipher_by_char = ssl3_put_cipher_by_char, 117 .internal = &DTLSv1_client_method_internal_data, 118 }; 119 120 const SSL_METHOD * 121 DTLSv1_client_method(void) 122 { 123 return &DTLSv1_client_method_data; 124 } 125 126 const SSL_METHOD * 127 DTLSv1_method(void) 128 { 129 return &DTLSv1_method_data; 130 } 131 132 const SSL_METHOD * 133 DTLSv1_server_method(void) 134 { 135 return &DTLSv1_method_data; 136 } 137 138 const SSL_METHOD * 139 DTLS_client_method(void) 140 { 141 return DTLSv1_client_method(); 142 } 143 144 const SSL_METHOD * 145 DTLS_method(void) 146 { 147 return DTLSv1_method(); 148 } 149 150 const SSL_METHOD * 151 DTLS_server_method(void) 152 { 153 return DTLSv1_method(); 154 } 155 156 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 157 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 158 .dtls = 0, 159 .server = 1, 160 .version = TLS1_3_VERSION, 161 .min_version = TLS1_VERSION, 162 .max_version = TLS1_3_VERSION, 163 .ssl_new = tls1_new, 164 .ssl_clear = tls1_clear, 165 .ssl_free = tls1_free, 166 .ssl_accept = tls13_legacy_accept, 167 .ssl_connect = tls13_legacy_connect, 168 .ssl_shutdown = tls13_legacy_shutdown, 169 .ssl_renegotiate = ssl_undefined_function, 170 .ssl_renegotiate_check = ssl_ok, 171 .ssl_pending = tls13_legacy_pending, 172 .ssl_read_bytes = tls13_legacy_read_bytes, 173 .ssl_write_bytes = tls13_legacy_write_bytes, 174 .enc_flags = TLSV1_3_ENC_FLAGS, 175 }; 176 177 static const SSL_METHOD TLS_method_data = { 178 .ssl_dispatch_alert = ssl3_dispatch_alert, 179 .num_ciphers = ssl3_num_ciphers, 180 .get_cipher = ssl3_get_cipher, 181 .get_cipher_by_char = ssl3_get_cipher_by_char, 182 .put_cipher_by_char = ssl3_put_cipher_by_char, 183 .internal = &TLS_method_internal_data, 184 }; 185 #endif 186 187 static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 188 .dtls = 0, 189 .server = 1, 190 .version = TLS1_2_VERSION, 191 .min_version = TLS1_VERSION, 192 .max_version = TLS1_2_VERSION, 193 .ssl_new = tls1_new, 194 .ssl_clear = tls1_clear, 195 .ssl_free = tls1_free, 196 .ssl_accept = ssl3_accept, 197 .ssl_connect = ssl3_connect, 198 .ssl_shutdown = ssl3_shutdown, 199 .ssl_renegotiate = ssl_undefined_function, 200 .ssl_renegotiate_check = ssl_ok, 201 .ssl_pending = ssl3_pending, 202 .ssl_read_bytes = ssl3_read_bytes, 203 .ssl_write_bytes = ssl3_write_bytes, 204 .enc_flags = TLSV1_2_ENC_FLAGS, 205 }; 206 207 static const SSL_METHOD TLS_legacy_method_data = { 208 .ssl_dispatch_alert = ssl3_dispatch_alert, 209 .num_ciphers = ssl3_num_ciphers, 210 .get_cipher = ssl3_get_cipher, 211 .get_cipher_by_char = ssl3_get_cipher_by_char, 212 .put_cipher_by_char = ssl3_put_cipher_by_char, 213 .internal = &TLS_legacy_method_internal_data, 214 }; 215 216 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 217 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 218 .dtls = 0, 219 .server = 0, 220 .version = TLS1_3_VERSION, 221 .min_version = TLS1_VERSION, 222 .max_version = TLS1_3_VERSION, 223 .ssl_new = tls1_new, 224 .ssl_clear = tls1_clear, 225 .ssl_free = tls1_free, 226 .ssl_accept = tls13_legacy_accept, 227 .ssl_connect = tls13_legacy_connect, 228 .ssl_shutdown = tls13_legacy_shutdown, 229 .ssl_renegotiate = ssl_undefined_function, 230 .ssl_renegotiate_check = ssl_ok, 231 .ssl_pending = tls13_legacy_pending, 232 .ssl_read_bytes = tls13_legacy_read_bytes, 233 .ssl_write_bytes = tls13_legacy_write_bytes, 234 .enc_flags = TLSV1_3_ENC_FLAGS, 235 }; 236 237 static const SSL_METHOD TLS_client_method_data = { 238 .ssl_dispatch_alert = ssl3_dispatch_alert, 239 .num_ciphers = ssl3_num_ciphers, 240 .get_cipher = ssl3_get_cipher, 241 .get_cipher_by_char = ssl3_get_cipher_by_char, 242 .put_cipher_by_char = ssl3_put_cipher_by_char, 243 .internal = &TLS_client_method_internal_data, 244 }; 245 246 #else 247 248 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 249 .dtls = 0, 250 .server = 0, 251 .version = TLS1_2_VERSION, 252 .min_version = TLS1_VERSION, 253 .max_version = TLS1_2_VERSION, 254 .ssl_new = tls1_new, 255 .ssl_clear = tls1_clear, 256 .ssl_free = tls1_free, 257 .ssl_accept = ssl3_accept, 258 .ssl_connect = ssl3_connect, 259 .ssl_shutdown = ssl3_shutdown, 260 .ssl_renegotiate = ssl_undefined_function, 261 .ssl_renegotiate_check = ssl_ok, 262 .ssl_pending = ssl3_pending, 263 .ssl_read_bytes = ssl3_read_bytes, 264 .ssl_write_bytes = ssl3_write_bytes, 265 .enc_flags = TLSV1_2_ENC_FLAGS, 266 }; 267 268 static const SSL_METHOD TLS_legacy_client_method_data = { 269 .ssl_dispatch_alert = ssl3_dispatch_alert, 270 .num_ciphers = ssl3_num_ciphers, 271 .get_cipher = ssl3_get_cipher, 272 .get_cipher_by_char = ssl3_get_cipher_by_char, 273 .put_cipher_by_char = ssl3_put_cipher_by_char, 274 .internal = &TLS_legacy_client_method_internal_data, 275 }; 276 #endif 277 278 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 279 .dtls = 0, 280 .server = 1, 281 .version = TLS1_VERSION, 282 .min_version = TLS1_VERSION, 283 .max_version = TLS1_VERSION, 284 .ssl_new = tls1_new, 285 .ssl_clear = tls1_clear, 286 .ssl_free = tls1_free, 287 .ssl_accept = ssl3_accept, 288 .ssl_connect = ssl3_connect, 289 .ssl_shutdown = ssl3_shutdown, 290 .ssl_renegotiate = ssl3_renegotiate, 291 .ssl_renegotiate_check = ssl3_renegotiate_check, 292 .ssl_pending = ssl3_pending, 293 .ssl_read_bytes = ssl3_read_bytes, 294 .ssl_write_bytes = ssl3_write_bytes, 295 .enc_flags = TLSV1_ENC_FLAGS, 296 }; 297 298 static const SSL_METHOD TLSv1_method_data = { 299 .ssl_dispatch_alert = ssl3_dispatch_alert, 300 .num_ciphers = ssl3_num_ciphers, 301 .get_cipher = ssl3_get_cipher, 302 .get_cipher_by_char = ssl3_get_cipher_by_char, 303 .put_cipher_by_char = ssl3_put_cipher_by_char, 304 .internal = &TLSv1_method_internal_data, 305 }; 306 307 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 308 .dtls = 0, 309 .server = 0, 310 .version = TLS1_VERSION, 311 .min_version = TLS1_VERSION, 312 .max_version = TLS1_VERSION, 313 .ssl_new = tls1_new, 314 .ssl_clear = tls1_clear, 315 .ssl_free = tls1_free, 316 .ssl_accept = ssl_undefined_function, 317 .ssl_connect = ssl3_connect, 318 .ssl_shutdown = ssl3_shutdown, 319 .ssl_renegotiate = ssl3_renegotiate, 320 .ssl_renegotiate_check = ssl3_renegotiate_check, 321 .ssl_pending = ssl3_pending, 322 .ssl_read_bytes = ssl3_read_bytes, 323 .ssl_write_bytes = ssl3_write_bytes, 324 .enc_flags = TLSV1_ENC_FLAGS, 325 }; 326 327 static const SSL_METHOD TLSv1_client_method_data = { 328 .ssl_dispatch_alert = ssl3_dispatch_alert, 329 .num_ciphers = ssl3_num_ciphers, 330 .get_cipher = ssl3_get_cipher, 331 .get_cipher_by_char = ssl3_get_cipher_by_char, 332 .put_cipher_by_char = ssl3_put_cipher_by_char, 333 .internal = &TLSv1_client_method_internal_data, 334 }; 335 336 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 337 .dtls = 0, 338 .server = 1, 339 .version = TLS1_1_VERSION, 340 .min_version = TLS1_1_VERSION, 341 .max_version = TLS1_1_VERSION, 342 .ssl_new = tls1_new, 343 .ssl_clear = tls1_clear, 344 .ssl_free = tls1_free, 345 .ssl_accept = ssl3_accept, 346 .ssl_connect = ssl3_connect, 347 .ssl_shutdown = ssl3_shutdown, 348 .ssl_renegotiate = ssl3_renegotiate, 349 .ssl_renegotiate_check = ssl3_renegotiate_check, 350 .ssl_pending = ssl3_pending, 351 .ssl_read_bytes = ssl3_read_bytes, 352 .ssl_write_bytes = ssl3_write_bytes, 353 .enc_flags = TLSV1_1_ENC_FLAGS, 354 }; 355 356 static const SSL_METHOD TLSv1_1_method_data = { 357 .ssl_dispatch_alert = ssl3_dispatch_alert, 358 .num_ciphers = ssl3_num_ciphers, 359 .get_cipher = ssl3_get_cipher, 360 .get_cipher_by_char = ssl3_get_cipher_by_char, 361 .put_cipher_by_char = ssl3_put_cipher_by_char, 362 .internal = &TLSv1_1_method_internal_data, 363 }; 364 365 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 366 .dtls = 0, 367 .server = 0, 368 .version = TLS1_1_VERSION, 369 .min_version = TLS1_1_VERSION, 370 .max_version = TLS1_1_VERSION, 371 .ssl_new = tls1_new, 372 .ssl_clear = tls1_clear, 373 .ssl_free = tls1_free, 374 .ssl_accept = ssl_undefined_function, 375 .ssl_connect = ssl3_connect, 376 .ssl_shutdown = ssl3_shutdown, 377 .ssl_renegotiate = ssl3_renegotiate, 378 .ssl_renegotiate_check = ssl3_renegotiate_check, 379 .ssl_pending = ssl3_pending, 380 .ssl_read_bytes = ssl3_read_bytes, 381 .ssl_write_bytes = ssl3_write_bytes, 382 .enc_flags = TLSV1_1_ENC_FLAGS, 383 }; 384 385 static const SSL_METHOD TLSv1_1_client_method_data = { 386 .ssl_dispatch_alert = ssl3_dispatch_alert, 387 .num_ciphers = ssl3_num_ciphers, 388 .get_cipher = ssl3_get_cipher, 389 .get_cipher_by_char = ssl3_get_cipher_by_char, 390 .put_cipher_by_char = ssl3_put_cipher_by_char, 391 .internal = &TLSv1_1_client_method_internal_data, 392 }; 393 394 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 395 .dtls = 0, 396 .server = 1, 397 .version = TLS1_2_VERSION, 398 .min_version = TLS1_2_VERSION, 399 .max_version = TLS1_2_VERSION, 400 .ssl_new = tls1_new, 401 .ssl_clear = tls1_clear, 402 .ssl_free = tls1_free, 403 .ssl_accept = ssl3_accept, 404 .ssl_connect = ssl3_connect, 405 .ssl_shutdown = ssl3_shutdown, 406 .ssl_renegotiate = ssl3_renegotiate, 407 .ssl_renegotiate_check = ssl3_renegotiate_check, 408 .ssl_pending = ssl3_pending, 409 .ssl_read_bytes = ssl3_read_bytes, 410 .ssl_write_bytes = ssl3_write_bytes, 411 .enc_flags = TLSV1_2_ENC_FLAGS, 412 }; 413 414 static const SSL_METHOD TLSv1_2_method_data = { 415 .ssl_dispatch_alert = ssl3_dispatch_alert, 416 .num_ciphers = ssl3_num_ciphers, 417 .get_cipher = ssl3_get_cipher, 418 .get_cipher_by_char = ssl3_get_cipher_by_char, 419 .put_cipher_by_char = ssl3_put_cipher_by_char, 420 .internal = &TLSv1_2_method_internal_data, 421 }; 422 423 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 424 .dtls = 0, 425 .server = 0, 426 .version = TLS1_2_VERSION, 427 .min_version = TLS1_2_VERSION, 428 .max_version = TLS1_2_VERSION, 429 .ssl_new = tls1_new, 430 .ssl_clear = tls1_clear, 431 .ssl_free = tls1_free, 432 .ssl_accept = ssl_undefined_function, 433 .ssl_connect = ssl3_connect, 434 .ssl_shutdown = ssl3_shutdown, 435 .ssl_renegotiate = ssl3_renegotiate, 436 .ssl_renegotiate_check = ssl3_renegotiate_check, 437 .ssl_pending = ssl3_pending, 438 .ssl_read_bytes = ssl3_read_bytes, 439 .ssl_write_bytes = ssl3_write_bytes, 440 .enc_flags = TLSV1_2_ENC_FLAGS, 441 }; 442 443 static const SSL_METHOD TLSv1_2_client_method_data = { 444 .ssl_dispatch_alert = ssl3_dispatch_alert, 445 .num_ciphers = ssl3_num_ciphers, 446 .get_cipher = ssl3_get_cipher, 447 .get_cipher_by_char = ssl3_get_cipher_by_char, 448 .put_cipher_by_char = ssl3_put_cipher_by_char, 449 .internal = &TLSv1_2_client_method_internal_data, 450 }; 451 452 const SSL_METHOD * 453 TLS_client_method(void) 454 { 455 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 456 return (&TLS_client_method_data); 457 #else 458 return (&TLS_legacy_client_method_data); 459 #endif 460 } 461 462 const SSL_METHOD * 463 TLS_method(void) 464 { 465 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 466 return (&TLS_method_data); 467 #else 468 return tls_legacy_method(); 469 #endif 470 } 471 472 const SSL_METHOD * 473 TLS_server_method(void) 474 { 475 return TLS_method(); 476 } 477 478 const SSL_METHOD * 479 tls_legacy_method(void) 480 { 481 return (&TLS_legacy_method_data); 482 } 483 484 const SSL_METHOD * 485 SSLv23_client_method(void) 486 { 487 return TLS_client_method(); 488 } 489 490 const SSL_METHOD * 491 SSLv23_method(void) 492 { 493 return TLS_method(); 494 } 495 496 const SSL_METHOD * 497 SSLv23_server_method(void) 498 { 499 return TLS_method(); 500 } 501 502 const SSL_METHOD * 503 TLSv1_client_method(void) 504 { 505 return (&TLSv1_client_method_data); 506 } 507 508 const SSL_METHOD * 509 TLSv1_method(void) 510 { 511 return (&TLSv1_method_data); 512 } 513 514 const SSL_METHOD * 515 TLSv1_server_method(void) 516 { 517 return (&TLSv1_method_data); 518 } 519 520 const SSL_METHOD * 521 TLSv1_1_client_method(void) 522 { 523 return (&TLSv1_1_client_method_data); 524 } 525 526 const SSL_METHOD * 527 TLSv1_1_method(void) 528 { 529 return (&TLSv1_1_method_data); 530 } 531 532 const SSL_METHOD * 533 TLSv1_1_server_method(void) 534 { 535 return (&TLSv1_1_method_data); 536 } 537 538 const SSL_METHOD * 539 TLSv1_2_client_method(void) 540 { 541 return (&TLSv1_2_client_method_data); 542 } 543 544 const SSL_METHOD * 545 TLSv1_2_method(void) 546 { 547 return (&TLSv1_2_method_data); 548 } 549 550 const SSL_METHOD * 551 TLSv1_2_server_method(void) 552 { 553 return (&TLSv1_2_method_data); 554 } 555 556 const SSL_METHOD * 557 ssl_get_method(uint16_t version) 558 { 559 if (version == TLS1_3_VERSION) 560 return (TLS_method()); 561 if (version == TLS1_2_VERSION) 562 return (TLSv1_2_method()); 563 if (version == TLS1_1_VERSION) 564 return (TLSv1_1_method()); 565 if (version == TLS1_VERSION) 566 return (TLSv1_method()); 567 if (version == DTLS1_VERSION) 568 return (DTLSv1_method()); 569 570 return (NULL); 571 } 572