1 /* $OpenBSD: ssl_methods.c,v 1.14 2020/07/07 19:31:11 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 63 .version = DTLS1_VERSION, 64 .min_version = DTLS1_VERSION, 65 .max_version = DTLS1_VERSION, 66 .ssl_new = dtls1_new, 67 .ssl_clear = dtls1_clear, 68 .ssl_free = dtls1_free, 69 .ssl_accept = ssl_undefined_function, 70 .ssl_connect = ssl3_connect, 71 .ssl_shutdown = ssl3_shutdown, 72 .get_ssl_method = dtls1_get_client_method, 73 .ssl_renegotiate = ssl3_renegotiate, 74 .ssl_renegotiate_check = ssl3_renegotiate_check, 75 .ssl_pending = ssl3_pending, 76 .ssl_read_bytes = dtls1_read_bytes, 77 .ssl_write_bytes = dtls1_write_app_data_bytes, 78 .ssl3_enc = &DTLSv1_enc_data, 79 }; 80 81 static const SSL_METHOD DTLSv1_client_method_data = { 82 .ssl_dispatch_alert = dtls1_dispatch_alert, 83 .num_ciphers = ssl3_num_ciphers, 84 .get_cipher = dtls1_get_cipher, 85 .get_cipher_by_char = ssl3_get_cipher_by_char, 86 .put_cipher_by_char = ssl3_put_cipher_by_char, 87 .internal = &DTLSv1_client_method_internal_data, 88 }; 89 90 const SSL_METHOD * 91 DTLSv1_client_method(void) 92 { 93 return &DTLSv1_client_method_data; 94 } 95 96 const SSL_METHOD * 97 DTLS_client_method(void) 98 { 99 return DTLSv1_client_method(); 100 } 101 102 const SSL_METHOD * 103 dtls1_get_client_method(int ver) 104 { 105 if (ver == DTLS1_VERSION) 106 return (DTLSv1_client_method()); 107 return (NULL); 108 } 109 110 static const SSL_METHOD *dtls1_get_method(int ver); 111 112 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 113 .version = DTLS1_VERSION, 114 .min_version = DTLS1_VERSION, 115 .max_version = DTLS1_VERSION, 116 .ssl_new = dtls1_new, 117 .ssl_clear = dtls1_clear, 118 .ssl_free = dtls1_free, 119 .ssl_accept = ssl3_accept, 120 .ssl_connect = ssl3_connect, 121 .ssl_shutdown = ssl3_shutdown, 122 .get_ssl_method = dtls1_get_method, 123 .ssl_renegotiate = ssl3_renegotiate, 124 .ssl_renegotiate_check = ssl3_renegotiate_check, 125 .ssl_pending = ssl3_pending, 126 .ssl_read_bytes = dtls1_read_bytes, 127 .ssl_write_bytes = dtls1_write_app_data_bytes, 128 .ssl3_enc = &DTLSv1_enc_data, 129 }; 130 131 static const SSL_METHOD DTLSv1_method_data = { 132 .ssl_dispatch_alert = dtls1_dispatch_alert, 133 .num_ciphers = ssl3_num_ciphers, 134 .get_cipher = dtls1_get_cipher, 135 .get_cipher_by_char = ssl3_get_cipher_by_char, 136 .put_cipher_by_char = ssl3_put_cipher_by_char, 137 .internal = &DTLSv1_method_internal_data, 138 }; 139 140 const SSL_METHOD * 141 DTLSv1_method(void) 142 { 143 return &DTLSv1_method_data; 144 } 145 146 const SSL_METHOD * 147 DTLS_method(void) 148 { 149 return DTLSv1_method(); 150 } 151 152 static const SSL_METHOD * 153 dtls1_get_method(int ver) 154 { 155 if (ver == DTLS1_VERSION) 156 return (DTLSv1_method()); 157 return (NULL); 158 } 159 160 static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = { 161 .version = DTLS1_VERSION, 162 .min_version = DTLS1_VERSION, 163 .max_version = DTLS1_VERSION, 164 .ssl_new = dtls1_new, 165 .ssl_clear = dtls1_clear, 166 .ssl_free = dtls1_free, 167 .ssl_accept = ssl3_accept, 168 .ssl_connect = ssl_undefined_function, 169 .ssl_shutdown = ssl3_shutdown, 170 .get_ssl_method = dtls1_get_server_method, 171 .ssl_renegotiate = ssl3_renegotiate, 172 .ssl_renegotiate_check = ssl3_renegotiate_check, 173 .ssl_pending = ssl3_pending, 174 .ssl_read_bytes = dtls1_read_bytes, 175 .ssl_write_bytes = dtls1_write_app_data_bytes, 176 .ssl3_enc = &DTLSv1_enc_data, 177 }; 178 179 static const SSL_METHOD DTLSv1_server_method_data = { 180 .ssl_dispatch_alert = dtls1_dispatch_alert, 181 .num_ciphers = ssl3_num_ciphers, 182 .get_cipher = dtls1_get_cipher, 183 .get_cipher_by_char = ssl3_get_cipher_by_char, 184 .put_cipher_by_char = ssl3_put_cipher_by_char, 185 .internal = &DTLSv1_server_method_internal_data, 186 }; 187 188 const SSL_METHOD * 189 DTLSv1_server_method(void) 190 { 191 return &DTLSv1_server_method_data; 192 } 193 194 const SSL_METHOD * 195 DTLS_server_method(void) 196 { 197 return DTLSv1_server_method(); 198 } 199 200 const SSL_METHOD * 201 dtls1_get_server_method(int ver) 202 { 203 if (ver == DTLS1_VERSION) 204 return (DTLSv1_server_method()); 205 return (NULL); 206 } 207 208 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 209 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 210 .version = TLS1_3_VERSION, 211 .min_version = TLS1_VERSION, 212 .max_version = TLS1_3_VERSION, 213 .ssl_new = tls1_new, 214 .ssl_clear = tls1_clear, 215 .ssl_free = tls1_free, 216 .ssl_accept = ssl_undefined_function, 217 .ssl_connect = tls13_legacy_connect, 218 .ssl_shutdown = tls13_legacy_shutdown, 219 .get_ssl_method = tls1_get_client_method, 220 .ssl_renegotiate = ssl_undefined_function, 221 .ssl_renegotiate_check = ssl_ok, 222 .ssl_pending = tls13_legacy_pending, 223 .ssl_read_bytes = tls13_legacy_read_bytes, 224 .ssl_write_bytes = tls13_legacy_write_bytes, 225 .ssl3_enc = &TLSv1_3_enc_data, 226 }; 227 228 static const SSL_METHOD TLS_client_method_data = { 229 .ssl_dispatch_alert = ssl3_dispatch_alert, 230 .num_ciphers = ssl3_num_ciphers, 231 .get_cipher = ssl3_get_cipher, 232 .get_cipher_by_char = ssl3_get_cipher_by_char, 233 .put_cipher_by_char = ssl3_put_cipher_by_char, 234 .internal = &TLS_client_method_internal_data, 235 }; 236 #endif 237 238 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 239 .version = TLS1_2_VERSION, 240 .min_version = TLS1_VERSION, 241 .max_version = TLS1_2_VERSION, 242 .ssl_new = tls1_new, 243 .ssl_clear = tls1_clear, 244 .ssl_free = tls1_free, 245 .ssl_accept = ssl_undefined_function, 246 .ssl_connect = ssl3_connect, 247 .ssl_shutdown = ssl3_shutdown, 248 .get_ssl_method = tls1_get_client_method, 249 .ssl_renegotiate = ssl_undefined_function, 250 .ssl_renegotiate_check = ssl_ok, 251 .ssl_pending = ssl3_pending, 252 .ssl_read_bytes = ssl3_read_bytes, 253 .ssl_write_bytes = ssl3_write_bytes, 254 .ssl3_enc = &TLSv1_2_enc_data, 255 }; 256 257 static const SSL_METHOD TLS_legacy_client_method_data = { 258 .ssl_dispatch_alert = ssl3_dispatch_alert, 259 .num_ciphers = ssl3_num_ciphers, 260 .get_cipher = ssl3_get_cipher, 261 .get_cipher_by_char = ssl3_get_cipher_by_char, 262 .put_cipher_by_char = ssl3_put_cipher_by_char, 263 .internal = &TLS_legacy_client_method_internal_data, 264 }; 265 266 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 267 .version = TLS1_VERSION, 268 .min_version = TLS1_VERSION, 269 .max_version = TLS1_VERSION, 270 .ssl_new = tls1_new, 271 .ssl_clear = tls1_clear, 272 .ssl_free = tls1_free, 273 .ssl_accept = ssl_undefined_function, 274 .ssl_connect = ssl3_connect, 275 .ssl_shutdown = ssl3_shutdown, 276 .get_ssl_method = tls1_get_client_method, 277 .ssl_renegotiate = ssl3_renegotiate, 278 .ssl_renegotiate_check = ssl3_renegotiate_check, 279 .ssl_pending = ssl3_pending, 280 .ssl_read_bytes = ssl3_read_bytes, 281 .ssl_write_bytes = ssl3_write_bytes, 282 .ssl3_enc = &TLSv1_enc_data, 283 }; 284 285 static const SSL_METHOD TLSv1_client_method_data = { 286 .ssl_dispatch_alert = ssl3_dispatch_alert, 287 .num_ciphers = ssl3_num_ciphers, 288 .get_cipher = ssl3_get_cipher, 289 .get_cipher_by_char = ssl3_get_cipher_by_char, 290 .put_cipher_by_char = ssl3_put_cipher_by_char, 291 .internal = &TLSv1_client_method_internal_data, 292 }; 293 294 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 295 .version = TLS1_1_VERSION, 296 .min_version = TLS1_1_VERSION, 297 .max_version = TLS1_1_VERSION, 298 .ssl_new = tls1_new, 299 .ssl_clear = tls1_clear, 300 .ssl_free = tls1_free, 301 .ssl_accept = ssl_undefined_function, 302 .ssl_connect = ssl3_connect, 303 .ssl_shutdown = ssl3_shutdown, 304 .get_ssl_method = tls1_get_client_method, 305 .ssl_renegotiate = ssl3_renegotiate, 306 .ssl_renegotiate_check = ssl3_renegotiate_check, 307 .ssl_pending = ssl3_pending, 308 .ssl_read_bytes = ssl3_read_bytes, 309 .ssl_write_bytes = ssl3_write_bytes, 310 .ssl3_enc = &TLSv1_1_enc_data, 311 }; 312 313 static const SSL_METHOD TLSv1_1_client_method_data = { 314 .ssl_dispatch_alert = ssl3_dispatch_alert, 315 .num_ciphers = ssl3_num_ciphers, 316 .get_cipher = ssl3_get_cipher, 317 .get_cipher_by_char = ssl3_get_cipher_by_char, 318 .put_cipher_by_char = ssl3_put_cipher_by_char, 319 .internal = &TLSv1_1_client_method_internal_data, 320 }; 321 322 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 323 .version = TLS1_2_VERSION, 324 .min_version = TLS1_2_VERSION, 325 .max_version = TLS1_2_VERSION, 326 .ssl_new = tls1_new, 327 .ssl_clear = tls1_clear, 328 .ssl_free = tls1_free, 329 .ssl_accept = ssl_undefined_function, 330 .ssl_connect = ssl3_connect, 331 .ssl_shutdown = ssl3_shutdown, 332 .get_ssl_method = tls1_get_client_method, 333 .ssl_renegotiate = ssl3_renegotiate, 334 .ssl_renegotiate_check = ssl3_renegotiate_check, 335 .ssl_pending = ssl3_pending, 336 .ssl_read_bytes = ssl3_read_bytes, 337 .ssl_write_bytes = ssl3_write_bytes, 338 .ssl3_enc = &TLSv1_2_enc_data, 339 }; 340 341 static const SSL_METHOD TLSv1_2_client_method_data = { 342 .ssl_dispatch_alert = ssl3_dispatch_alert, 343 .num_ciphers = ssl3_num_ciphers, 344 .get_cipher = ssl3_get_cipher, 345 .get_cipher_by_char = ssl3_get_cipher_by_char, 346 .put_cipher_by_char = ssl3_put_cipher_by_char, 347 .internal = &TLSv1_2_client_method_internal_data, 348 }; 349 350 const SSL_METHOD * 351 tls1_get_client_method(int ver) 352 { 353 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 354 if (ver == TLS1_3_VERSION) 355 return (TLS_client_method()); 356 #endif 357 if (ver == TLS1_2_VERSION) 358 return (TLSv1_2_client_method()); 359 if (ver == TLS1_1_VERSION) 360 return (TLSv1_1_client_method()); 361 if (ver == TLS1_VERSION) 362 return (TLSv1_client_method()); 363 return (NULL); 364 } 365 366 const SSL_METHOD * 367 SSLv23_client_method(void) 368 { 369 return (TLS_client_method()); 370 } 371 372 const SSL_METHOD * 373 TLS_client_method(void) 374 { 375 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 376 return (&TLS_client_method_data); 377 #else 378 return tls_legacy_client_method(); 379 #endif 380 } 381 382 const SSL_METHOD * 383 tls_legacy_client_method(void) 384 { 385 return (&TLS_legacy_client_method_data); 386 } 387 388 const SSL_METHOD * 389 TLSv1_client_method(void) 390 { 391 return (&TLSv1_client_method_data); 392 } 393 394 const SSL_METHOD * 395 TLSv1_1_client_method(void) 396 { 397 return (&TLSv1_1_client_method_data); 398 } 399 400 const SSL_METHOD * 401 TLSv1_2_client_method(void) 402 { 403 return (&TLSv1_2_client_method_data); 404 } 405 406 static const SSL_METHOD *tls1_get_method(int ver); 407 408 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 409 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 410 .version = TLS1_3_VERSION, 411 .min_version = TLS1_VERSION, 412 .max_version = TLS1_3_VERSION, 413 .ssl_new = tls1_new, 414 .ssl_clear = tls1_clear, 415 .ssl_free = tls1_free, 416 .ssl_accept = tls13_legacy_accept, 417 .ssl_connect = tls13_legacy_connect, 418 .ssl_shutdown = tls13_legacy_shutdown, 419 .get_ssl_method = tls1_get_client_method, 420 .ssl_renegotiate = ssl_undefined_function, 421 .ssl_renegotiate_check = ssl_ok, 422 .ssl_pending = tls13_legacy_pending, 423 .ssl_read_bytes = tls13_legacy_read_bytes, 424 .ssl_write_bytes = tls13_legacy_write_bytes, 425 .ssl3_enc = &TLSv1_3_enc_data, 426 }; 427 428 static const SSL_METHOD TLS_method_data = { 429 .ssl_dispatch_alert = ssl3_dispatch_alert, 430 .num_ciphers = ssl3_num_ciphers, 431 .get_cipher = ssl3_get_cipher, 432 .get_cipher_by_char = ssl3_get_cipher_by_char, 433 .put_cipher_by_char = ssl3_put_cipher_by_char, 434 .internal = &TLS_method_internal_data, 435 }; 436 #endif 437 438 static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 439 .version = TLS1_2_VERSION, 440 .min_version = TLS1_VERSION, 441 .max_version = TLS1_2_VERSION, 442 .ssl_new = tls1_new, 443 .ssl_clear = tls1_clear, 444 .ssl_free = tls1_free, 445 .ssl_accept = ssl3_accept, 446 .ssl_connect = ssl3_connect, 447 .ssl_shutdown = ssl3_shutdown, 448 .get_ssl_method = tls1_get_method, 449 .ssl_renegotiate = ssl_undefined_function, 450 .ssl_renegotiate_check = ssl_ok, 451 .ssl_pending = ssl3_pending, 452 .ssl_read_bytes = ssl3_read_bytes, 453 .ssl_write_bytes = ssl3_write_bytes, 454 .ssl3_enc = &TLSv1_2_enc_data, 455 }; 456 457 static const SSL_METHOD TLS_legacy_method_data = { 458 .ssl_dispatch_alert = ssl3_dispatch_alert, 459 .num_ciphers = ssl3_num_ciphers, 460 .get_cipher = ssl3_get_cipher, 461 .get_cipher_by_char = ssl3_get_cipher_by_char, 462 .put_cipher_by_char = ssl3_put_cipher_by_char, 463 .internal = &TLS_legacy_method_internal_data, 464 }; 465 466 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 467 .version = TLS1_VERSION, 468 .min_version = TLS1_VERSION, 469 .max_version = TLS1_VERSION, 470 .ssl_new = tls1_new, 471 .ssl_clear = tls1_clear, 472 .ssl_free = tls1_free, 473 .ssl_accept = ssl3_accept, 474 .ssl_connect = ssl3_connect, 475 .ssl_shutdown = ssl3_shutdown, 476 .get_ssl_method = tls1_get_method, 477 .ssl_renegotiate = ssl3_renegotiate, 478 .ssl_renegotiate_check = ssl3_renegotiate_check, 479 .ssl_pending = ssl3_pending, 480 .ssl_read_bytes = ssl3_read_bytes, 481 .ssl_write_bytes = ssl3_write_bytes, 482 .ssl3_enc = &TLSv1_enc_data, 483 }; 484 485 static const SSL_METHOD TLSv1_method_data = { 486 .ssl_dispatch_alert = ssl3_dispatch_alert, 487 .num_ciphers = ssl3_num_ciphers, 488 .get_cipher = ssl3_get_cipher, 489 .get_cipher_by_char = ssl3_get_cipher_by_char, 490 .put_cipher_by_char = ssl3_put_cipher_by_char, 491 .internal = &TLSv1_method_internal_data, 492 }; 493 494 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 495 .version = TLS1_1_VERSION, 496 .min_version = TLS1_1_VERSION, 497 .max_version = TLS1_1_VERSION, 498 .ssl_new = tls1_new, 499 .ssl_clear = tls1_clear, 500 .ssl_free = tls1_free, 501 .ssl_accept = ssl3_accept, 502 .ssl_connect = ssl3_connect, 503 .ssl_shutdown = ssl3_shutdown, 504 .get_ssl_method = tls1_get_method, 505 .ssl_renegotiate = ssl3_renegotiate, 506 .ssl_renegotiate_check = ssl3_renegotiate_check, 507 .ssl_pending = ssl3_pending, 508 .ssl_read_bytes = ssl3_read_bytes, 509 .ssl_write_bytes = ssl3_write_bytes, 510 .ssl3_enc = &TLSv1_1_enc_data, 511 }; 512 513 static const SSL_METHOD TLSv1_1_method_data = { 514 .ssl_dispatch_alert = ssl3_dispatch_alert, 515 .num_ciphers = ssl3_num_ciphers, 516 .get_cipher = ssl3_get_cipher, 517 .get_cipher_by_char = ssl3_get_cipher_by_char, 518 .put_cipher_by_char = ssl3_put_cipher_by_char, 519 .internal = &TLSv1_1_method_internal_data, 520 }; 521 522 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 523 .version = TLS1_2_VERSION, 524 .min_version = TLS1_2_VERSION, 525 .max_version = TLS1_2_VERSION, 526 .ssl_new = tls1_new, 527 .ssl_clear = tls1_clear, 528 .ssl_free = tls1_free, 529 .ssl_accept = ssl3_accept, 530 .ssl_connect = ssl3_connect, 531 .ssl_shutdown = ssl3_shutdown, 532 .get_ssl_method = tls1_get_method, 533 .ssl_renegotiate = ssl3_renegotiate, 534 .ssl_renegotiate_check = ssl3_renegotiate_check, 535 .ssl_pending = ssl3_pending, 536 .ssl_read_bytes = ssl3_read_bytes, 537 .ssl_write_bytes = ssl3_write_bytes, 538 .ssl3_enc = &TLSv1_2_enc_data, 539 }; 540 541 static const SSL_METHOD TLSv1_2_method_data = { 542 .ssl_dispatch_alert = ssl3_dispatch_alert, 543 .num_ciphers = ssl3_num_ciphers, 544 .get_cipher = ssl3_get_cipher, 545 .get_cipher_by_char = ssl3_get_cipher_by_char, 546 .put_cipher_by_char = ssl3_put_cipher_by_char, 547 .internal = &TLSv1_2_method_internal_data, 548 }; 549 550 static const SSL_METHOD * 551 tls1_get_method(int ver) 552 { 553 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 554 if (ver == TLS1_3_VERSION) 555 return (TLS_method()); 556 #endif 557 if (ver == TLS1_2_VERSION) 558 return (TLSv1_2_method()); 559 if (ver == TLS1_1_VERSION) 560 return (TLSv1_1_method()); 561 if (ver == TLS1_VERSION) 562 return (TLSv1_method()); 563 return (NULL); 564 } 565 566 const SSL_METHOD * 567 SSLv23_method(void) 568 { 569 return (TLS_method()); 570 } 571 572 const SSL_METHOD * 573 TLS_method(void) 574 { 575 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 576 return (&TLS_method_data); 577 #else 578 return tls_legacy_method(); 579 #endif 580 } 581 582 const SSL_METHOD * 583 tls_legacy_method(void) 584 { 585 return (&TLS_legacy_method_data); 586 } 587 588 const SSL_METHOD * 589 TLSv1_method(void) 590 { 591 return (&TLSv1_method_data); 592 } 593 594 const SSL_METHOD * 595 TLSv1_1_method(void) 596 { 597 return (&TLSv1_1_method_data); 598 } 599 600 const SSL_METHOD * 601 TLSv1_2_method(void) 602 { 603 return (&TLSv1_2_method_data); 604 } 605 606 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 607 static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { 608 .version = TLS1_3_VERSION, 609 .min_version = TLS1_VERSION, 610 .max_version = TLS1_3_VERSION, 611 .ssl_new = tls1_new, 612 .ssl_clear = tls1_clear, 613 .ssl_free = tls1_free, 614 .ssl_accept = tls13_legacy_accept, 615 .ssl_connect = ssl_undefined_function, 616 .ssl_shutdown = tls13_legacy_shutdown, 617 .get_ssl_method = tls1_get_server_method, 618 .ssl_renegotiate = ssl_undefined_function, 619 .ssl_renegotiate_check = ssl_ok, 620 .ssl_pending = tls13_legacy_pending, 621 .ssl_read_bytes = tls13_legacy_read_bytes, 622 .ssl_write_bytes = tls13_legacy_write_bytes, 623 .ssl3_enc = &TLSv1_3_enc_data, 624 }; 625 626 static const SSL_METHOD TLS_server_method_data = { 627 .ssl_dispatch_alert = ssl3_dispatch_alert, 628 .num_ciphers = ssl3_num_ciphers, 629 .get_cipher = ssl3_get_cipher, 630 .get_cipher_by_char = ssl3_get_cipher_by_char, 631 .put_cipher_by_char = ssl3_put_cipher_by_char, 632 .internal = &TLS_server_method_internal_data, 633 }; 634 #endif 635 636 static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = { 637 .version = TLS1_2_VERSION, 638 .min_version = TLS1_VERSION, 639 .max_version = TLS1_2_VERSION, 640 .ssl_new = tls1_new, 641 .ssl_clear = tls1_clear, 642 .ssl_free = tls1_free, 643 .ssl_accept = ssl3_accept, 644 .ssl_connect = ssl_undefined_function, 645 .ssl_shutdown = ssl3_shutdown, 646 .get_ssl_method = tls1_get_server_method, 647 .ssl_renegotiate = ssl_undefined_function, 648 .ssl_renegotiate_check = ssl_ok, 649 .ssl_pending = ssl3_pending, 650 .ssl_read_bytes = ssl3_read_bytes, 651 .ssl_write_bytes = ssl3_write_bytes, 652 .ssl3_enc = &TLSv1_2_enc_data, 653 }; 654 655 static const SSL_METHOD TLS_legacy_server_method_data = { 656 .ssl_dispatch_alert = ssl3_dispatch_alert, 657 .num_ciphers = ssl3_num_ciphers, 658 .get_cipher = ssl3_get_cipher, 659 .get_cipher_by_char = ssl3_get_cipher_by_char, 660 .put_cipher_by_char = ssl3_put_cipher_by_char, 661 .internal = &TLS_legacy_server_method_internal_data, 662 }; 663 664 static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = { 665 .version = TLS1_VERSION, 666 .min_version = TLS1_VERSION, 667 .max_version = TLS1_VERSION, 668 .ssl_new = tls1_new, 669 .ssl_clear = tls1_clear, 670 .ssl_free = tls1_free, 671 .ssl_accept = ssl3_accept, 672 .ssl_connect = ssl_undefined_function, 673 .ssl_shutdown = ssl3_shutdown, 674 .get_ssl_method = tls1_get_server_method, 675 .ssl_renegotiate = ssl3_renegotiate, 676 .ssl_renegotiate_check = ssl3_renegotiate_check, 677 .ssl_pending = ssl3_pending, 678 .ssl_read_bytes = ssl3_read_bytes, 679 .ssl_write_bytes = ssl3_write_bytes, 680 .ssl3_enc = &TLSv1_enc_data, 681 }; 682 683 static const SSL_METHOD TLSv1_server_method_data = { 684 .ssl_dispatch_alert = ssl3_dispatch_alert, 685 .num_ciphers = ssl3_num_ciphers, 686 .get_cipher = ssl3_get_cipher, 687 .get_cipher_by_char = ssl3_get_cipher_by_char, 688 .put_cipher_by_char = ssl3_put_cipher_by_char, 689 .internal = &TLSv1_server_method_internal_data, 690 }; 691 692 static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = { 693 .version = TLS1_1_VERSION, 694 .min_version = TLS1_1_VERSION, 695 .max_version = TLS1_1_VERSION, 696 .ssl_new = tls1_new, 697 .ssl_clear = tls1_clear, 698 .ssl_free = tls1_free, 699 .ssl_accept = ssl3_accept, 700 .ssl_connect = ssl_undefined_function, 701 .ssl_shutdown = ssl3_shutdown, 702 .get_ssl_method = tls1_get_server_method, 703 .ssl_renegotiate = ssl3_renegotiate, 704 .ssl_renegotiate_check = ssl3_renegotiate_check, 705 .ssl_pending = ssl3_pending, 706 .ssl_read_bytes = ssl3_read_bytes, 707 .ssl_write_bytes = ssl3_write_bytes, 708 .ssl3_enc = &TLSv1_1_enc_data, 709 }; 710 711 static const SSL_METHOD TLSv1_1_server_method_data = { 712 .ssl_dispatch_alert = ssl3_dispatch_alert, 713 .num_ciphers = ssl3_num_ciphers, 714 .get_cipher = ssl3_get_cipher, 715 .get_cipher_by_char = ssl3_get_cipher_by_char, 716 .put_cipher_by_char = ssl3_put_cipher_by_char, 717 .internal = &TLSv1_1_server_method_internal_data, 718 }; 719 720 static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = { 721 .version = TLS1_2_VERSION, 722 .min_version = TLS1_2_VERSION, 723 .max_version = TLS1_2_VERSION, 724 .ssl_new = tls1_new, 725 .ssl_clear = tls1_clear, 726 .ssl_free = tls1_free, 727 .ssl_accept = ssl3_accept, 728 .ssl_connect = ssl_undefined_function, 729 .ssl_shutdown = ssl3_shutdown, 730 .get_ssl_method = tls1_get_server_method, 731 .ssl_renegotiate = ssl3_renegotiate, 732 .ssl_renegotiate_check = ssl3_renegotiate_check, 733 .ssl_pending = ssl3_pending, 734 .ssl_read_bytes = ssl3_read_bytes, 735 .ssl_write_bytes = ssl3_write_bytes, 736 .ssl3_enc = &TLSv1_2_enc_data, 737 }; 738 739 static const SSL_METHOD TLSv1_2_server_method_data = { 740 .ssl_dispatch_alert = ssl3_dispatch_alert, 741 .num_ciphers = ssl3_num_ciphers, 742 .get_cipher = ssl3_get_cipher, 743 .get_cipher_by_char = ssl3_get_cipher_by_char, 744 .put_cipher_by_char = ssl3_put_cipher_by_char, 745 .internal = &TLSv1_2_server_method_internal_data, 746 }; 747 748 const SSL_METHOD * 749 tls1_get_server_method(int ver) 750 { 751 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 752 if (ver == TLS1_3_VERSION) 753 return (TLS_server_method()); 754 #endif 755 if (ver == TLS1_2_VERSION) 756 return (TLSv1_2_server_method()); 757 if (ver == TLS1_1_VERSION) 758 return (TLSv1_1_server_method()); 759 if (ver == TLS1_VERSION) 760 return (TLSv1_server_method()); 761 return (NULL); 762 } 763 764 const SSL_METHOD * 765 SSLv23_server_method(void) 766 { 767 return (TLS_server_method()); 768 } 769 770 const SSL_METHOD * 771 TLS_server_method(void) 772 { 773 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 774 return (&TLS_server_method_data); 775 #else 776 return tls_legacy_server_method(); 777 #endif 778 } 779 780 const SSL_METHOD * 781 tls_legacy_server_method(void) 782 { 783 return (&TLS_legacy_server_method_data); 784 } 785 786 const SSL_METHOD * 787 TLSv1_server_method(void) 788 { 789 return (&TLSv1_server_method_data); 790 } 791 792 const SSL_METHOD * 793 TLSv1_1_server_method(void) 794 { 795 return (&TLSv1_1_server_method_data); 796 } 797 798 const SSL_METHOD * 799 TLSv1_2_server_method(void) 800 { 801 return (&TLSv1_2_server_method_data); 802 } 803