1 /* $OpenBSD: ssl_methods.c,v 1.24 2021/03/31 16:59:32 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 static const SSL_METHOD_INTERNAL DTLS_method_internal_data = { 63 .dtls = 1, 64 .server = 1, 65 .version = DTLS1_2_VERSION, 66 .min_tls_version = TLS1_1_VERSION, 67 .max_tls_version = TLS1_2_VERSION, 68 .ssl_new = dtls1_new, 69 .ssl_clear = dtls1_clear, 70 .ssl_free = dtls1_free, 71 .ssl_accept = ssl3_accept, 72 .ssl_connect = ssl3_connect, 73 .ssl_shutdown = ssl3_shutdown, 74 .ssl_renegotiate = ssl3_renegotiate, 75 .ssl_renegotiate_check = ssl3_renegotiate_check, 76 .ssl_pending = ssl3_pending, 77 .ssl_read_bytes = dtls1_read_bytes, 78 .ssl_write_bytes = dtls1_write_app_data_bytes, 79 .enc_flags = TLSV1_2_ENC_FLAGS, 80 }; 81 82 static const SSL_METHOD DTLS_method_data = { 83 .ssl_dispatch_alert = dtls1_dispatch_alert, 84 .num_ciphers = ssl3_num_ciphers, 85 .get_cipher = dtls1_get_cipher, 86 .get_cipher_by_char = ssl3_get_cipher_by_char, 87 .put_cipher_by_char = ssl3_put_cipher_by_char, 88 .internal = &DTLS_method_internal_data, 89 }; 90 91 static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = { 92 .dtls = 1, 93 .server = 0, 94 .version = DTLS1_2_VERSION, 95 .min_tls_version = TLS1_1_VERSION, 96 .max_tls_version = TLS1_2_VERSION, 97 .ssl_new = dtls1_new, 98 .ssl_clear = dtls1_clear, 99 .ssl_free = dtls1_free, 100 .ssl_accept = ssl_undefined_function, 101 .ssl_connect = ssl3_connect, 102 .ssl_shutdown = ssl3_shutdown, 103 .ssl_renegotiate = ssl3_renegotiate, 104 .ssl_renegotiate_check = ssl3_renegotiate_check, 105 .ssl_pending = ssl3_pending, 106 .ssl_read_bytes = dtls1_read_bytes, 107 .ssl_write_bytes = dtls1_write_app_data_bytes, 108 .enc_flags = TLSV1_2_ENC_FLAGS, 109 }; 110 111 static const SSL_METHOD DTLS_client_method_data = { 112 .ssl_dispatch_alert = dtls1_dispatch_alert, 113 .num_ciphers = ssl3_num_ciphers, 114 .get_cipher = dtls1_get_cipher, 115 .get_cipher_by_char = ssl3_get_cipher_by_char, 116 .put_cipher_by_char = ssl3_put_cipher_by_char, 117 .internal = &DTLS_client_method_internal_data, 118 }; 119 120 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 121 .dtls = 1, 122 .server = 1, 123 .version = DTLS1_VERSION, 124 .min_tls_version = TLS1_1_VERSION, 125 .max_tls_version = TLS1_1_VERSION, 126 .ssl_new = dtls1_new, 127 .ssl_clear = dtls1_clear, 128 .ssl_free = dtls1_free, 129 .ssl_accept = ssl3_accept, 130 .ssl_connect = ssl3_connect, 131 .ssl_shutdown = ssl3_shutdown, 132 .ssl_renegotiate = ssl3_renegotiate, 133 .ssl_renegotiate_check = ssl3_renegotiate_check, 134 .ssl_pending = ssl3_pending, 135 .ssl_read_bytes = dtls1_read_bytes, 136 .ssl_write_bytes = dtls1_write_app_data_bytes, 137 .enc_flags = TLSV1_1_ENC_FLAGS, 138 }; 139 140 static const SSL_METHOD DTLSv1_method_data = { 141 .ssl_dispatch_alert = dtls1_dispatch_alert, 142 .num_ciphers = ssl3_num_ciphers, 143 .get_cipher = dtls1_get_cipher, 144 .get_cipher_by_char = ssl3_get_cipher_by_char, 145 .put_cipher_by_char = ssl3_put_cipher_by_char, 146 .internal = &DTLSv1_method_internal_data, 147 }; 148 149 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 150 .dtls = 1, 151 .server = 0, 152 .version = DTLS1_VERSION, 153 .min_tls_version = TLS1_1_VERSION, 154 .max_tls_version = TLS1_1_VERSION, 155 .ssl_new = dtls1_new, 156 .ssl_clear = dtls1_clear, 157 .ssl_free = dtls1_free, 158 .ssl_accept = ssl_undefined_function, 159 .ssl_connect = ssl3_connect, 160 .ssl_shutdown = ssl3_shutdown, 161 .ssl_renegotiate = ssl3_renegotiate, 162 .ssl_renegotiate_check = ssl3_renegotiate_check, 163 .ssl_pending = ssl3_pending, 164 .ssl_read_bytes = dtls1_read_bytes, 165 .ssl_write_bytes = dtls1_write_app_data_bytes, 166 .enc_flags = TLSV1_1_ENC_FLAGS, 167 }; 168 169 static const SSL_METHOD DTLSv1_client_method_data = { 170 .ssl_dispatch_alert = dtls1_dispatch_alert, 171 .num_ciphers = ssl3_num_ciphers, 172 .get_cipher = dtls1_get_cipher, 173 .get_cipher_by_char = ssl3_get_cipher_by_char, 174 .put_cipher_by_char = ssl3_put_cipher_by_char, 175 .internal = &DTLSv1_client_method_internal_data, 176 }; 177 178 static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = { 179 .dtls = 1, 180 .server = 1, 181 .version = DTLS1_2_VERSION, 182 .min_tls_version = TLS1_2_VERSION, 183 .max_tls_version = TLS1_2_VERSION, 184 .ssl_new = dtls1_new, 185 .ssl_clear = dtls1_clear, 186 .ssl_free = dtls1_free, 187 .ssl_accept = ssl3_accept, 188 .ssl_connect = ssl3_connect, 189 .ssl_shutdown = ssl3_shutdown, 190 .ssl_renegotiate = ssl3_renegotiate, 191 .ssl_renegotiate_check = ssl3_renegotiate_check, 192 .ssl_pending = ssl3_pending, 193 .ssl_read_bytes = dtls1_read_bytes, 194 .ssl_write_bytes = dtls1_write_app_data_bytes, 195 .enc_flags = TLSV1_2_ENC_FLAGS, 196 }; 197 198 static const SSL_METHOD DTLSv1_2_method_data = { 199 .ssl_dispatch_alert = dtls1_dispatch_alert, 200 .num_ciphers = ssl3_num_ciphers, 201 .get_cipher = dtls1_get_cipher, 202 .get_cipher_by_char = ssl3_get_cipher_by_char, 203 .put_cipher_by_char = ssl3_put_cipher_by_char, 204 .internal = &DTLSv1_2_method_internal_data, 205 }; 206 207 static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = { 208 .dtls = 1, 209 .server = 0, 210 .version = DTLS1_2_VERSION, 211 .min_tls_version = TLS1_2_VERSION, 212 .max_tls_version = TLS1_2_VERSION, 213 .ssl_new = dtls1_new, 214 .ssl_clear = dtls1_clear, 215 .ssl_free = dtls1_free, 216 .ssl_accept = ssl_undefined_function, 217 .ssl_connect = ssl3_connect, 218 .ssl_shutdown = ssl3_shutdown, 219 .ssl_renegotiate = ssl3_renegotiate, 220 .ssl_renegotiate_check = ssl3_renegotiate_check, 221 .ssl_pending = ssl3_pending, 222 .ssl_read_bytes = dtls1_read_bytes, 223 .ssl_write_bytes = dtls1_write_app_data_bytes, 224 .enc_flags = TLSV1_2_ENC_FLAGS, 225 }; 226 227 static const SSL_METHOD DTLSv1_2_client_method_data = { 228 .ssl_dispatch_alert = dtls1_dispatch_alert, 229 .num_ciphers = ssl3_num_ciphers, 230 .get_cipher = dtls1_get_cipher, 231 .get_cipher_by_char = ssl3_get_cipher_by_char, 232 .put_cipher_by_char = ssl3_put_cipher_by_char, 233 .internal = &DTLSv1_2_client_method_internal_data, 234 }; 235 236 const SSL_METHOD * 237 DTLSv1_client_method(void) 238 { 239 return &DTLSv1_client_method_data; 240 } 241 242 const SSL_METHOD * 243 DTLSv1_method(void) 244 { 245 return &DTLSv1_method_data; 246 } 247 248 const SSL_METHOD * 249 DTLSv1_server_method(void) 250 { 251 return &DTLSv1_method_data; 252 } 253 254 const SSL_METHOD * 255 DTLSv1_2_client_method(void) 256 { 257 return &DTLSv1_2_client_method_data; 258 } 259 260 const SSL_METHOD * 261 DTLSv1_2_method(void) 262 { 263 return &DTLSv1_2_method_data; 264 } 265 266 const SSL_METHOD * 267 DTLSv1_2_server_method(void) 268 { 269 return &DTLSv1_2_method_data; 270 } 271 272 const SSL_METHOD * 273 DTLS_client_method(void) 274 { 275 return &DTLS_client_method_data; 276 } 277 278 const SSL_METHOD * 279 DTLS_method(void) 280 { 281 return &DTLS_method_data; 282 } 283 284 const SSL_METHOD * 285 DTLS_server_method(void) 286 { 287 return &DTLS_method_data; 288 } 289 290 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 291 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 292 .dtls = 0, 293 .server = 1, 294 .version = TLS1_3_VERSION, 295 .min_tls_version = TLS1_VERSION, 296 .max_tls_version = TLS1_3_VERSION, 297 .ssl_new = tls1_new, 298 .ssl_clear = tls1_clear, 299 .ssl_free = tls1_free, 300 .ssl_accept = tls13_legacy_accept, 301 .ssl_connect = tls13_legacy_connect, 302 .ssl_shutdown = tls13_legacy_shutdown, 303 .ssl_renegotiate = ssl_undefined_function, 304 .ssl_renegotiate_check = ssl_ok, 305 .ssl_pending = tls13_legacy_pending, 306 .ssl_read_bytes = tls13_legacy_read_bytes, 307 .ssl_write_bytes = tls13_legacy_write_bytes, 308 .enc_flags = TLSV1_3_ENC_FLAGS, 309 }; 310 311 static const SSL_METHOD TLS_method_data = { 312 .ssl_dispatch_alert = ssl3_dispatch_alert, 313 .num_ciphers = ssl3_num_ciphers, 314 .get_cipher = ssl3_get_cipher, 315 .get_cipher_by_char = ssl3_get_cipher_by_char, 316 .put_cipher_by_char = ssl3_put_cipher_by_char, 317 .internal = &TLS_method_internal_data, 318 }; 319 #endif 320 321 static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 322 .dtls = 0, 323 .server = 1, 324 .version = TLS1_2_VERSION, 325 .min_tls_version = TLS1_VERSION, 326 .max_tls_version = TLS1_2_VERSION, 327 .ssl_new = tls1_new, 328 .ssl_clear = tls1_clear, 329 .ssl_free = tls1_free, 330 .ssl_accept = ssl3_accept, 331 .ssl_connect = ssl3_connect, 332 .ssl_shutdown = ssl3_shutdown, 333 .ssl_renegotiate = ssl_undefined_function, 334 .ssl_renegotiate_check = ssl_ok, 335 .ssl_pending = ssl3_pending, 336 .ssl_read_bytes = ssl3_read_bytes, 337 .ssl_write_bytes = ssl3_write_bytes, 338 .enc_flags = TLSV1_2_ENC_FLAGS, 339 }; 340 341 static const SSL_METHOD TLS_legacy_method_data = { 342 .ssl_dispatch_alert = ssl3_dispatch_alert, 343 .num_ciphers = ssl3_num_ciphers, 344 .get_cipher = ssl3_get_cipher, 345 .get_cipher_by_char = ssl3_get_cipher_by_char, 346 .put_cipher_by_char = ssl3_put_cipher_by_char, 347 .internal = &TLS_legacy_method_internal_data, 348 }; 349 350 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 351 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 352 .dtls = 0, 353 .server = 0, 354 .version = TLS1_3_VERSION, 355 .min_tls_version = TLS1_VERSION, 356 .max_tls_version = TLS1_3_VERSION, 357 .ssl_new = tls1_new, 358 .ssl_clear = tls1_clear, 359 .ssl_free = tls1_free, 360 .ssl_accept = tls13_legacy_accept, 361 .ssl_connect = tls13_legacy_connect, 362 .ssl_shutdown = tls13_legacy_shutdown, 363 .ssl_renegotiate = ssl_undefined_function, 364 .ssl_renegotiate_check = ssl_ok, 365 .ssl_pending = tls13_legacy_pending, 366 .ssl_read_bytes = tls13_legacy_read_bytes, 367 .ssl_write_bytes = tls13_legacy_write_bytes, 368 .enc_flags = TLSV1_3_ENC_FLAGS, 369 }; 370 371 static const SSL_METHOD TLS_client_method_data = { 372 .ssl_dispatch_alert = ssl3_dispatch_alert, 373 .num_ciphers = ssl3_num_ciphers, 374 .get_cipher = ssl3_get_cipher, 375 .get_cipher_by_char = ssl3_get_cipher_by_char, 376 .put_cipher_by_char = ssl3_put_cipher_by_char, 377 .internal = &TLS_client_method_internal_data, 378 }; 379 380 #else 381 382 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 383 .dtls = 0, 384 .server = 0, 385 .version = TLS1_2_VERSION, 386 .min_tls_version = TLS1_VERSION, 387 .max_tls_version = TLS1_2_VERSION, 388 .ssl_new = tls1_new, 389 .ssl_clear = tls1_clear, 390 .ssl_free = tls1_free, 391 .ssl_accept = ssl3_accept, 392 .ssl_connect = ssl3_connect, 393 .ssl_shutdown = ssl3_shutdown, 394 .ssl_renegotiate = ssl_undefined_function, 395 .ssl_renegotiate_check = ssl_ok, 396 .ssl_pending = ssl3_pending, 397 .ssl_read_bytes = ssl3_read_bytes, 398 .ssl_write_bytes = ssl3_write_bytes, 399 .enc_flags = TLSV1_2_ENC_FLAGS, 400 }; 401 402 static const SSL_METHOD TLS_legacy_client_method_data = { 403 .ssl_dispatch_alert = ssl3_dispatch_alert, 404 .num_ciphers = ssl3_num_ciphers, 405 .get_cipher = ssl3_get_cipher, 406 .get_cipher_by_char = ssl3_get_cipher_by_char, 407 .put_cipher_by_char = ssl3_put_cipher_by_char, 408 .internal = &TLS_legacy_client_method_internal_data, 409 }; 410 #endif 411 412 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 413 .dtls = 0, 414 .server = 1, 415 .version = TLS1_VERSION, 416 .min_tls_version = TLS1_VERSION, 417 .max_tls_version = TLS1_VERSION, 418 .ssl_new = tls1_new, 419 .ssl_clear = tls1_clear, 420 .ssl_free = tls1_free, 421 .ssl_accept = ssl3_accept, 422 .ssl_connect = ssl3_connect, 423 .ssl_shutdown = ssl3_shutdown, 424 .ssl_renegotiate = ssl3_renegotiate, 425 .ssl_renegotiate_check = ssl3_renegotiate_check, 426 .ssl_pending = ssl3_pending, 427 .ssl_read_bytes = ssl3_read_bytes, 428 .ssl_write_bytes = ssl3_write_bytes, 429 .enc_flags = TLSV1_ENC_FLAGS, 430 }; 431 432 static const SSL_METHOD TLSv1_method_data = { 433 .ssl_dispatch_alert = ssl3_dispatch_alert, 434 .num_ciphers = ssl3_num_ciphers, 435 .get_cipher = ssl3_get_cipher, 436 .get_cipher_by_char = ssl3_get_cipher_by_char, 437 .put_cipher_by_char = ssl3_put_cipher_by_char, 438 .internal = &TLSv1_method_internal_data, 439 }; 440 441 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 442 .dtls = 0, 443 .server = 0, 444 .version = TLS1_VERSION, 445 .min_tls_version = TLS1_VERSION, 446 .max_tls_version = TLS1_VERSION, 447 .ssl_new = tls1_new, 448 .ssl_clear = tls1_clear, 449 .ssl_free = tls1_free, 450 .ssl_accept = ssl_undefined_function, 451 .ssl_connect = ssl3_connect, 452 .ssl_shutdown = ssl3_shutdown, 453 .ssl_renegotiate = ssl3_renegotiate, 454 .ssl_renegotiate_check = ssl3_renegotiate_check, 455 .ssl_pending = ssl3_pending, 456 .ssl_read_bytes = ssl3_read_bytes, 457 .ssl_write_bytes = ssl3_write_bytes, 458 .enc_flags = TLSV1_ENC_FLAGS, 459 }; 460 461 static const SSL_METHOD TLSv1_client_method_data = { 462 .ssl_dispatch_alert = ssl3_dispatch_alert, 463 .num_ciphers = ssl3_num_ciphers, 464 .get_cipher = ssl3_get_cipher, 465 .get_cipher_by_char = ssl3_get_cipher_by_char, 466 .put_cipher_by_char = ssl3_put_cipher_by_char, 467 .internal = &TLSv1_client_method_internal_data, 468 }; 469 470 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 471 .dtls = 0, 472 .server = 1, 473 .version = TLS1_1_VERSION, 474 .min_tls_version = TLS1_1_VERSION, 475 .max_tls_version = TLS1_1_VERSION, 476 .ssl_new = tls1_new, 477 .ssl_clear = tls1_clear, 478 .ssl_free = tls1_free, 479 .ssl_accept = ssl3_accept, 480 .ssl_connect = ssl3_connect, 481 .ssl_shutdown = ssl3_shutdown, 482 .ssl_renegotiate = ssl3_renegotiate, 483 .ssl_renegotiate_check = ssl3_renegotiate_check, 484 .ssl_pending = ssl3_pending, 485 .ssl_read_bytes = ssl3_read_bytes, 486 .ssl_write_bytes = ssl3_write_bytes, 487 .enc_flags = TLSV1_1_ENC_FLAGS, 488 }; 489 490 static const SSL_METHOD TLSv1_1_method_data = { 491 .ssl_dispatch_alert = ssl3_dispatch_alert, 492 .num_ciphers = ssl3_num_ciphers, 493 .get_cipher = ssl3_get_cipher, 494 .get_cipher_by_char = ssl3_get_cipher_by_char, 495 .put_cipher_by_char = ssl3_put_cipher_by_char, 496 .internal = &TLSv1_1_method_internal_data, 497 }; 498 499 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 500 .dtls = 0, 501 .server = 0, 502 .version = TLS1_1_VERSION, 503 .min_tls_version = TLS1_1_VERSION, 504 .max_tls_version = TLS1_1_VERSION, 505 .ssl_new = tls1_new, 506 .ssl_clear = tls1_clear, 507 .ssl_free = tls1_free, 508 .ssl_accept = ssl_undefined_function, 509 .ssl_connect = ssl3_connect, 510 .ssl_shutdown = ssl3_shutdown, 511 .ssl_renegotiate = ssl3_renegotiate, 512 .ssl_renegotiate_check = ssl3_renegotiate_check, 513 .ssl_pending = ssl3_pending, 514 .ssl_read_bytes = ssl3_read_bytes, 515 .ssl_write_bytes = ssl3_write_bytes, 516 .enc_flags = TLSV1_1_ENC_FLAGS, 517 }; 518 519 static const SSL_METHOD TLSv1_1_client_method_data = { 520 .ssl_dispatch_alert = ssl3_dispatch_alert, 521 .num_ciphers = ssl3_num_ciphers, 522 .get_cipher = ssl3_get_cipher, 523 .get_cipher_by_char = ssl3_get_cipher_by_char, 524 .put_cipher_by_char = ssl3_put_cipher_by_char, 525 .internal = &TLSv1_1_client_method_internal_data, 526 }; 527 528 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 529 .dtls = 0, 530 .server = 1, 531 .version = TLS1_2_VERSION, 532 .min_tls_version = TLS1_2_VERSION, 533 .max_tls_version = TLS1_2_VERSION, 534 .ssl_new = tls1_new, 535 .ssl_clear = tls1_clear, 536 .ssl_free = tls1_free, 537 .ssl_accept = ssl3_accept, 538 .ssl_connect = ssl3_connect, 539 .ssl_shutdown = ssl3_shutdown, 540 .ssl_renegotiate = ssl3_renegotiate, 541 .ssl_renegotiate_check = ssl3_renegotiate_check, 542 .ssl_pending = ssl3_pending, 543 .ssl_read_bytes = ssl3_read_bytes, 544 .ssl_write_bytes = ssl3_write_bytes, 545 .enc_flags = TLSV1_2_ENC_FLAGS, 546 }; 547 548 static const SSL_METHOD TLSv1_2_method_data = { 549 .ssl_dispatch_alert = ssl3_dispatch_alert, 550 .num_ciphers = ssl3_num_ciphers, 551 .get_cipher = ssl3_get_cipher, 552 .get_cipher_by_char = ssl3_get_cipher_by_char, 553 .put_cipher_by_char = ssl3_put_cipher_by_char, 554 .internal = &TLSv1_2_method_internal_data, 555 }; 556 557 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 558 .dtls = 0, 559 .server = 0, 560 .version = TLS1_2_VERSION, 561 .min_tls_version = TLS1_2_VERSION, 562 .max_tls_version = TLS1_2_VERSION, 563 .ssl_new = tls1_new, 564 .ssl_clear = tls1_clear, 565 .ssl_free = tls1_free, 566 .ssl_accept = ssl_undefined_function, 567 .ssl_connect = ssl3_connect, 568 .ssl_shutdown = ssl3_shutdown, 569 .ssl_renegotiate = ssl3_renegotiate, 570 .ssl_renegotiate_check = ssl3_renegotiate_check, 571 .ssl_pending = ssl3_pending, 572 .ssl_read_bytes = ssl3_read_bytes, 573 .ssl_write_bytes = ssl3_write_bytes, 574 .enc_flags = TLSV1_2_ENC_FLAGS, 575 }; 576 577 static const SSL_METHOD TLSv1_2_client_method_data = { 578 .ssl_dispatch_alert = ssl3_dispatch_alert, 579 .num_ciphers = ssl3_num_ciphers, 580 .get_cipher = ssl3_get_cipher, 581 .get_cipher_by_char = ssl3_get_cipher_by_char, 582 .put_cipher_by_char = ssl3_put_cipher_by_char, 583 .internal = &TLSv1_2_client_method_internal_data, 584 }; 585 586 const SSL_METHOD * 587 TLS_client_method(void) 588 { 589 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 590 return (&TLS_client_method_data); 591 #else 592 return (&TLS_legacy_client_method_data); 593 #endif 594 } 595 596 const SSL_METHOD * 597 TLS_method(void) 598 { 599 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 600 return (&TLS_method_data); 601 #else 602 return tls_legacy_method(); 603 #endif 604 } 605 606 const SSL_METHOD * 607 TLS_server_method(void) 608 { 609 return TLS_method(); 610 } 611 612 const SSL_METHOD * 613 tls_legacy_method(void) 614 { 615 return (&TLS_legacy_method_data); 616 } 617 618 const SSL_METHOD * 619 SSLv23_client_method(void) 620 { 621 return TLS_client_method(); 622 } 623 624 const SSL_METHOD * 625 SSLv23_method(void) 626 { 627 return TLS_method(); 628 } 629 630 const SSL_METHOD * 631 SSLv23_server_method(void) 632 { 633 return TLS_method(); 634 } 635 636 const SSL_METHOD * 637 TLSv1_client_method(void) 638 { 639 return (&TLSv1_client_method_data); 640 } 641 642 const SSL_METHOD * 643 TLSv1_method(void) 644 { 645 return (&TLSv1_method_data); 646 } 647 648 const SSL_METHOD * 649 TLSv1_server_method(void) 650 { 651 return (&TLSv1_method_data); 652 } 653 654 const SSL_METHOD * 655 TLSv1_1_client_method(void) 656 { 657 return (&TLSv1_1_client_method_data); 658 } 659 660 const SSL_METHOD * 661 TLSv1_1_method(void) 662 { 663 return (&TLSv1_1_method_data); 664 } 665 666 const SSL_METHOD * 667 TLSv1_1_server_method(void) 668 { 669 return (&TLSv1_1_method_data); 670 } 671 672 const SSL_METHOD * 673 TLSv1_2_client_method(void) 674 { 675 return (&TLSv1_2_client_method_data); 676 } 677 678 const SSL_METHOD * 679 TLSv1_2_method(void) 680 { 681 return (&TLSv1_2_method_data); 682 } 683 684 const SSL_METHOD * 685 TLSv1_2_server_method(void) 686 { 687 return (&TLSv1_2_method_data); 688 } 689 690 const SSL_METHOD * 691 ssl_get_method(uint16_t version) 692 { 693 if (version == TLS1_3_VERSION) 694 return (TLS_method()); 695 if (version == TLS1_2_VERSION) 696 return (TLSv1_2_method()); 697 if (version == TLS1_1_VERSION) 698 return (TLSv1_1_method()); 699 if (version == TLS1_VERSION) 700 return (TLSv1_method()); 701 if (version == DTLS1_VERSION) 702 return (DTLSv1_method()); 703 if (version == DTLS1_2_VERSION) 704 return (DTLSv1_2_method()); 705 706 return (NULL); 707 } 708