1 /* $OpenBSD: ssl_methods.c,v 1.20 2020/10/14 16:44:15 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 63 .dtls = 1, 64 .version = DTLS1_VERSION, 65 .min_version = DTLS1_VERSION, 66 .max_version = DTLS1_VERSION, 67 .ssl_new = dtls1_new, 68 .ssl_clear = dtls1_clear, 69 .ssl_free = dtls1_free, 70 .ssl_accept = ssl3_accept, 71 .ssl_connect = ssl3_connect, 72 .ssl_shutdown = ssl3_shutdown, 73 .ssl_renegotiate = ssl3_renegotiate, 74 .ssl_renegotiate_check = ssl3_renegotiate_check, 75 .ssl_pending = ssl3_pending, 76 .ssl_read_bytes = dtls1_read_bytes, 77 .ssl_write_bytes = dtls1_write_app_data_bytes, 78 .enc_flags = TLSV1_1_ENC_FLAGS, 79 }; 80 81 static const SSL_METHOD DTLSv1_method_data = { 82 .ssl_dispatch_alert = dtls1_dispatch_alert, 83 .num_ciphers = ssl3_num_ciphers, 84 .get_cipher = dtls1_get_cipher, 85 .get_cipher_by_char = ssl3_get_cipher_by_char, 86 .put_cipher_by_char = ssl3_put_cipher_by_char, 87 .internal = &DTLSv1_method_internal_data, 88 }; 89 90 const SSL_METHOD * 91 DTLSv1_client_method(void) 92 { 93 return &DTLSv1_method_data; 94 } 95 96 const SSL_METHOD * 97 DTLSv1_method(void) 98 { 99 return &DTLSv1_method_data; 100 } 101 102 const SSL_METHOD * 103 DTLSv1_server_method(void) 104 { 105 return &DTLSv1_method_data; 106 } 107 108 const SSL_METHOD * 109 DTLS_client_method(void) 110 { 111 return DTLSv1_method(); 112 } 113 114 const SSL_METHOD * 115 DTLS_method(void) 116 { 117 return DTLSv1_method(); 118 } 119 120 const SSL_METHOD * 121 DTLS_server_method(void) 122 { 123 return DTLSv1_method(); 124 } 125 126 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 127 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 128 .dtls = 0, 129 .version = TLS1_3_VERSION, 130 .min_version = TLS1_VERSION, 131 .max_version = TLS1_3_VERSION, 132 .ssl_new = tls1_new, 133 .ssl_clear = tls1_clear, 134 .ssl_free = tls1_free, 135 .ssl_accept = tls13_legacy_accept, 136 .ssl_connect = tls13_legacy_connect, 137 .ssl_shutdown = tls13_legacy_shutdown, 138 .ssl_renegotiate = ssl_undefined_function, 139 .ssl_renegotiate_check = ssl_ok, 140 .ssl_pending = tls13_legacy_pending, 141 .ssl_read_bytes = tls13_legacy_read_bytes, 142 .ssl_write_bytes = tls13_legacy_write_bytes, 143 .enc_flags = TLSV1_3_ENC_FLAGS, 144 }; 145 146 static const SSL_METHOD TLS_method_data = { 147 .ssl_dispatch_alert = ssl3_dispatch_alert, 148 .num_ciphers = ssl3_num_ciphers, 149 .get_cipher = ssl3_get_cipher, 150 .get_cipher_by_char = ssl3_get_cipher_by_char, 151 .put_cipher_by_char = ssl3_put_cipher_by_char, 152 .internal = &TLS_method_internal_data, 153 }; 154 #endif 155 156 static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 157 .dtls = 0, 158 .version = TLS1_2_VERSION, 159 .min_version = TLS1_VERSION, 160 .max_version = TLS1_2_VERSION, 161 .ssl_new = tls1_new, 162 .ssl_clear = tls1_clear, 163 .ssl_free = tls1_free, 164 .ssl_accept = ssl3_accept, 165 .ssl_connect = ssl3_connect, 166 .ssl_shutdown = ssl3_shutdown, 167 .ssl_renegotiate = ssl_undefined_function, 168 .ssl_renegotiate_check = ssl_ok, 169 .ssl_pending = ssl3_pending, 170 .ssl_read_bytes = ssl3_read_bytes, 171 .ssl_write_bytes = ssl3_write_bytes, 172 .enc_flags = TLSV1_2_ENC_FLAGS, 173 }; 174 175 static const SSL_METHOD TLS_legacy_method_data = { 176 .ssl_dispatch_alert = ssl3_dispatch_alert, 177 .num_ciphers = ssl3_num_ciphers, 178 .get_cipher = ssl3_get_cipher, 179 .get_cipher_by_char = ssl3_get_cipher_by_char, 180 .put_cipher_by_char = ssl3_put_cipher_by_char, 181 .internal = &TLS_legacy_method_internal_data, 182 }; 183 184 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 185 .dtls = 0, 186 .version = TLS1_VERSION, 187 .min_version = TLS1_VERSION, 188 .max_version = TLS1_VERSION, 189 .ssl_new = tls1_new, 190 .ssl_clear = tls1_clear, 191 .ssl_free = tls1_free, 192 .ssl_accept = ssl3_accept, 193 .ssl_connect = ssl3_connect, 194 .ssl_shutdown = ssl3_shutdown, 195 .ssl_renegotiate = ssl3_renegotiate, 196 .ssl_renegotiate_check = ssl3_renegotiate_check, 197 .ssl_pending = ssl3_pending, 198 .ssl_read_bytes = ssl3_read_bytes, 199 .ssl_write_bytes = ssl3_write_bytes, 200 .enc_flags = TLSV1_ENC_FLAGS, 201 }; 202 203 static const SSL_METHOD TLSv1_method_data = { 204 .ssl_dispatch_alert = ssl3_dispatch_alert, 205 .num_ciphers = ssl3_num_ciphers, 206 .get_cipher = ssl3_get_cipher, 207 .get_cipher_by_char = ssl3_get_cipher_by_char, 208 .put_cipher_by_char = ssl3_put_cipher_by_char, 209 .internal = &TLSv1_method_internal_data, 210 }; 211 212 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 213 .dtls = 0, 214 .version = TLS1_1_VERSION, 215 .min_version = TLS1_1_VERSION, 216 .max_version = TLS1_1_VERSION, 217 .ssl_new = tls1_new, 218 .ssl_clear = tls1_clear, 219 .ssl_free = tls1_free, 220 .ssl_accept = ssl3_accept, 221 .ssl_connect = ssl3_connect, 222 .ssl_shutdown = ssl3_shutdown, 223 .ssl_renegotiate = ssl3_renegotiate, 224 .ssl_renegotiate_check = ssl3_renegotiate_check, 225 .ssl_pending = ssl3_pending, 226 .ssl_read_bytes = ssl3_read_bytes, 227 .ssl_write_bytes = ssl3_write_bytes, 228 .enc_flags = TLSV1_1_ENC_FLAGS, 229 }; 230 231 static const SSL_METHOD TLSv1_1_method_data = { 232 .ssl_dispatch_alert = ssl3_dispatch_alert, 233 .num_ciphers = ssl3_num_ciphers, 234 .get_cipher = ssl3_get_cipher, 235 .get_cipher_by_char = ssl3_get_cipher_by_char, 236 .put_cipher_by_char = ssl3_put_cipher_by_char, 237 .internal = &TLSv1_1_method_internal_data, 238 }; 239 240 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 241 .dtls = 0, 242 .version = TLS1_2_VERSION, 243 .min_version = TLS1_2_VERSION, 244 .max_version = TLS1_2_VERSION, 245 .ssl_new = tls1_new, 246 .ssl_clear = tls1_clear, 247 .ssl_free = tls1_free, 248 .ssl_accept = ssl3_accept, 249 .ssl_connect = ssl3_connect, 250 .ssl_shutdown = ssl3_shutdown, 251 .ssl_renegotiate = ssl3_renegotiate, 252 .ssl_renegotiate_check = ssl3_renegotiate_check, 253 .ssl_pending = ssl3_pending, 254 .ssl_read_bytes = ssl3_read_bytes, 255 .ssl_write_bytes = ssl3_write_bytes, 256 .enc_flags = TLSV1_2_ENC_FLAGS, 257 }; 258 259 static const SSL_METHOD TLSv1_2_method_data = { 260 .ssl_dispatch_alert = ssl3_dispatch_alert, 261 .num_ciphers = ssl3_num_ciphers, 262 .get_cipher = ssl3_get_cipher, 263 .get_cipher_by_char = ssl3_get_cipher_by_char, 264 .put_cipher_by_char = ssl3_put_cipher_by_char, 265 .internal = &TLSv1_2_method_internal_data, 266 }; 267 268 const SSL_METHOD * 269 TLS_client_method(void) 270 { 271 return TLS_method(); 272 } 273 274 const SSL_METHOD * 275 TLS_method(void) 276 { 277 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 278 return (&TLS_method_data); 279 #else 280 return tls_legacy_method(); 281 #endif 282 } 283 284 const SSL_METHOD * 285 TLS_server_method(void) 286 { 287 return TLS_method(); 288 } 289 290 const SSL_METHOD * 291 tls_legacy_method(void) 292 { 293 return (&TLS_legacy_method_data); 294 } 295 296 const SSL_METHOD * 297 SSLv23_client_method(void) 298 { 299 return TLS_method(); 300 } 301 302 const SSL_METHOD * 303 SSLv23_method(void) 304 { 305 return TLS_method(); 306 } 307 308 const SSL_METHOD * 309 SSLv23_server_method(void) 310 { 311 return TLS_method(); 312 } 313 314 const SSL_METHOD * 315 TLSv1_client_method(void) 316 { 317 return (&TLSv1_method_data); 318 } 319 320 const SSL_METHOD * 321 TLSv1_method(void) 322 { 323 return (&TLSv1_method_data); 324 } 325 326 const SSL_METHOD * 327 TLSv1_server_method(void) 328 { 329 return (&TLSv1_method_data); 330 } 331 332 const SSL_METHOD * 333 TLSv1_1_client_method(void) 334 { 335 return (&TLSv1_1_method_data); 336 } 337 338 const SSL_METHOD * 339 TLSv1_1_method(void) 340 { 341 return (&TLSv1_1_method_data); 342 } 343 344 const SSL_METHOD * 345 TLSv1_1_server_method(void) 346 { 347 return (&TLSv1_1_method_data); 348 } 349 350 const SSL_METHOD * 351 TLSv1_2_client_method(void) 352 { 353 return (&TLSv1_2_method_data); 354 } 355 356 const SSL_METHOD * 357 TLSv1_2_method(void) 358 { 359 return (&TLSv1_2_method_data); 360 } 361 362 const SSL_METHOD * 363 TLSv1_2_server_method(void) 364 { 365 return (&TLSv1_2_method_data); 366 } 367 368 const SSL_METHOD * 369 ssl_get_method(uint16_t version) 370 { 371 if (version == TLS1_3_VERSION) 372 return (TLS_method()); 373 if (version == TLS1_2_VERSION) 374 return (TLSv1_2_method()); 375 if (version == TLS1_1_VERSION) 376 return (TLSv1_1_method()); 377 if (version == TLS1_VERSION) 378 return (TLSv1_method()); 379 if (version == DTLS1_VERSION) 380 return (DTLSv1_method()); 381 382 return (NULL); 383 } 384