1 /* $OpenBSD: ssl_methods.c,v 1.25 2021/05/16 13:56:31 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "dtls_locl.h" 60 #include "ssl_locl.h" 61 #include "tls13_internal.h" 62 63 static const SSL_METHOD_INTERNAL DTLS_method_internal_data = { 64 .dtls = 1, 65 .server = 1, 66 .version = DTLS1_2_VERSION, 67 .min_tls_version = TLS1_1_VERSION, 68 .max_tls_version = TLS1_2_VERSION, 69 .ssl_new = dtls1_new, 70 .ssl_clear = dtls1_clear, 71 .ssl_free = dtls1_free, 72 .ssl_accept = ssl3_accept, 73 .ssl_connect = ssl3_connect, 74 .ssl_shutdown = ssl3_shutdown, 75 .ssl_renegotiate = ssl3_renegotiate, 76 .ssl_renegotiate_check = ssl3_renegotiate_check, 77 .ssl_pending = ssl3_pending, 78 .ssl_read_bytes = dtls1_read_bytes, 79 .ssl_write_bytes = dtls1_write_app_data_bytes, 80 .enc_flags = TLSV1_2_ENC_FLAGS, 81 }; 82 83 static const SSL_METHOD DTLS_method_data = { 84 .ssl_dispatch_alert = dtls1_dispatch_alert, 85 .num_ciphers = ssl3_num_ciphers, 86 .get_cipher = dtls1_get_cipher, 87 .get_cipher_by_char = ssl3_get_cipher_by_char, 88 .put_cipher_by_char = ssl3_put_cipher_by_char, 89 .internal = &DTLS_method_internal_data, 90 }; 91 92 static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = { 93 .dtls = 1, 94 .server = 0, 95 .version = DTLS1_2_VERSION, 96 .min_tls_version = TLS1_1_VERSION, 97 .max_tls_version = TLS1_2_VERSION, 98 .ssl_new = dtls1_new, 99 .ssl_clear = dtls1_clear, 100 .ssl_free = dtls1_free, 101 .ssl_accept = ssl_undefined_function, 102 .ssl_connect = ssl3_connect, 103 .ssl_shutdown = ssl3_shutdown, 104 .ssl_renegotiate = ssl3_renegotiate, 105 .ssl_renegotiate_check = ssl3_renegotiate_check, 106 .ssl_pending = ssl3_pending, 107 .ssl_read_bytes = dtls1_read_bytes, 108 .ssl_write_bytes = dtls1_write_app_data_bytes, 109 .enc_flags = TLSV1_2_ENC_FLAGS, 110 }; 111 112 static const SSL_METHOD DTLS_client_method_data = { 113 .ssl_dispatch_alert = dtls1_dispatch_alert, 114 .num_ciphers = ssl3_num_ciphers, 115 .get_cipher = dtls1_get_cipher, 116 .get_cipher_by_char = ssl3_get_cipher_by_char, 117 .put_cipher_by_char = ssl3_put_cipher_by_char, 118 .internal = &DTLS_client_method_internal_data, 119 }; 120 121 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 122 .dtls = 1, 123 .server = 1, 124 .version = DTLS1_VERSION, 125 .min_tls_version = TLS1_1_VERSION, 126 .max_tls_version = TLS1_1_VERSION, 127 .ssl_new = dtls1_new, 128 .ssl_clear = dtls1_clear, 129 .ssl_free = dtls1_free, 130 .ssl_accept = ssl3_accept, 131 .ssl_connect = ssl3_connect, 132 .ssl_shutdown = ssl3_shutdown, 133 .ssl_renegotiate = ssl3_renegotiate, 134 .ssl_renegotiate_check = ssl3_renegotiate_check, 135 .ssl_pending = ssl3_pending, 136 .ssl_read_bytes = dtls1_read_bytes, 137 .ssl_write_bytes = dtls1_write_app_data_bytes, 138 .enc_flags = TLSV1_1_ENC_FLAGS, 139 }; 140 141 static const SSL_METHOD DTLSv1_method_data = { 142 .ssl_dispatch_alert = dtls1_dispatch_alert, 143 .num_ciphers = ssl3_num_ciphers, 144 .get_cipher = dtls1_get_cipher, 145 .get_cipher_by_char = ssl3_get_cipher_by_char, 146 .put_cipher_by_char = ssl3_put_cipher_by_char, 147 .internal = &DTLSv1_method_internal_data, 148 }; 149 150 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 151 .dtls = 1, 152 .server = 0, 153 .version = DTLS1_VERSION, 154 .min_tls_version = TLS1_1_VERSION, 155 .max_tls_version = TLS1_1_VERSION, 156 .ssl_new = dtls1_new, 157 .ssl_clear = dtls1_clear, 158 .ssl_free = dtls1_free, 159 .ssl_accept = ssl_undefined_function, 160 .ssl_connect = ssl3_connect, 161 .ssl_shutdown = ssl3_shutdown, 162 .ssl_renegotiate = ssl3_renegotiate, 163 .ssl_renegotiate_check = ssl3_renegotiate_check, 164 .ssl_pending = ssl3_pending, 165 .ssl_read_bytes = dtls1_read_bytes, 166 .ssl_write_bytes = dtls1_write_app_data_bytes, 167 .enc_flags = TLSV1_1_ENC_FLAGS, 168 }; 169 170 static const SSL_METHOD DTLSv1_client_method_data = { 171 .ssl_dispatch_alert = dtls1_dispatch_alert, 172 .num_ciphers = ssl3_num_ciphers, 173 .get_cipher = dtls1_get_cipher, 174 .get_cipher_by_char = ssl3_get_cipher_by_char, 175 .put_cipher_by_char = ssl3_put_cipher_by_char, 176 .internal = &DTLSv1_client_method_internal_data, 177 }; 178 179 static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = { 180 .dtls = 1, 181 .server = 1, 182 .version = DTLS1_2_VERSION, 183 .min_tls_version = TLS1_2_VERSION, 184 .max_tls_version = TLS1_2_VERSION, 185 .ssl_new = dtls1_new, 186 .ssl_clear = dtls1_clear, 187 .ssl_free = dtls1_free, 188 .ssl_accept = ssl3_accept, 189 .ssl_connect = ssl3_connect, 190 .ssl_shutdown = ssl3_shutdown, 191 .ssl_renegotiate = ssl3_renegotiate, 192 .ssl_renegotiate_check = ssl3_renegotiate_check, 193 .ssl_pending = ssl3_pending, 194 .ssl_read_bytes = dtls1_read_bytes, 195 .ssl_write_bytes = dtls1_write_app_data_bytes, 196 .enc_flags = TLSV1_2_ENC_FLAGS, 197 }; 198 199 static const SSL_METHOD DTLSv1_2_method_data = { 200 .ssl_dispatch_alert = dtls1_dispatch_alert, 201 .num_ciphers = ssl3_num_ciphers, 202 .get_cipher = dtls1_get_cipher, 203 .get_cipher_by_char = ssl3_get_cipher_by_char, 204 .put_cipher_by_char = ssl3_put_cipher_by_char, 205 .internal = &DTLSv1_2_method_internal_data, 206 }; 207 208 static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = { 209 .dtls = 1, 210 .server = 0, 211 .version = DTLS1_2_VERSION, 212 .min_tls_version = TLS1_2_VERSION, 213 .max_tls_version = TLS1_2_VERSION, 214 .ssl_new = dtls1_new, 215 .ssl_clear = dtls1_clear, 216 .ssl_free = dtls1_free, 217 .ssl_accept = ssl_undefined_function, 218 .ssl_connect = ssl3_connect, 219 .ssl_shutdown = ssl3_shutdown, 220 .ssl_renegotiate = ssl3_renegotiate, 221 .ssl_renegotiate_check = ssl3_renegotiate_check, 222 .ssl_pending = ssl3_pending, 223 .ssl_read_bytes = dtls1_read_bytes, 224 .ssl_write_bytes = dtls1_write_app_data_bytes, 225 .enc_flags = TLSV1_2_ENC_FLAGS, 226 }; 227 228 static const SSL_METHOD DTLSv1_2_client_method_data = { 229 .ssl_dispatch_alert = dtls1_dispatch_alert, 230 .num_ciphers = ssl3_num_ciphers, 231 .get_cipher = dtls1_get_cipher, 232 .get_cipher_by_char = ssl3_get_cipher_by_char, 233 .put_cipher_by_char = ssl3_put_cipher_by_char, 234 .internal = &DTLSv1_2_client_method_internal_data, 235 }; 236 237 const SSL_METHOD * 238 DTLSv1_client_method(void) 239 { 240 return &DTLSv1_client_method_data; 241 } 242 243 const SSL_METHOD * 244 DTLSv1_method(void) 245 { 246 return &DTLSv1_method_data; 247 } 248 249 const SSL_METHOD * 250 DTLSv1_server_method(void) 251 { 252 return &DTLSv1_method_data; 253 } 254 255 const SSL_METHOD * 256 DTLSv1_2_client_method(void) 257 { 258 return &DTLSv1_2_client_method_data; 259 } 260 261 const SSL_METHOD * 262 DTLSv1_2_method(void) 263 { 264 return &DTLSv1_2_method_data; 265 } 266 267 const SSL_METHOD * 268 DTLSv1_2_server_method(void) 269 { 270 return &DTLSv1_2_method_data; 271 } 272 273 const SSL_METHOD * 274 DTLS_client_method(void) 275 { 276 return &DTLS_client_method_data; 277 } 278 279 const SSL_METHOD * 280 DTLS_method(void) 281 { 282 return &DTLS_method_data; 283 } 284 285 const SSL_METHOD * 286 DTLS_server_method(void) 287 { 288 return &DTLS_method_data; 289 } 290 291 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 292 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 293 .dtls = 0, 294 .server = 1, 295 .version = TLS1_3_VERSION, 296 .min_tls_version = TLS1_VERSION, 297 .max_tls_version = TLS1_3_VERSION, 298 .ssl_new = tls1_new, 299 .ssl_clear = tls1_clear, 300 .ssl_free = tls1_free, 301 .ssl_accept = tls13_legacy_accept, 302 .ssl_connect = tls13_legacy_connect, 303 .ssl_shutdown = tls13_legacy_shutdown, 304 .ssl_renegotiate = ssl_undefined_function, 305 .ssl_renegotiate_check = ssl_ok, 306 .ssl_pending = tls13_legacy_pending, 307 .ssl_read_bytes = tls13_legacy_read_bytes, 308 .ssl_write_bytes = tls13_legacy_write_bytes, 309 .enc_flags = TLSV1_3_ENC_FLAGS, 310 }; 311 312 static const SSL_METHOD TLS_method_data = { 313 .ssl_dispatch_alert = ssl3_dispatch_alert, 314 .num_ciphers = ssl3_num_ciphers, 315 .get_cipher = ssl3_get_cipher, 316 .get_cipher_by_char = ssl3_get_cipher_by_char, 317 .put_cipher_by_char = ssl3_put_cipher_by_char, 318 .internal = &TLS_method_internal_data, 319 }; 320 #endif 321 322 static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 323 .dtls = 0, 324 .server = 1, 325 .version = TLS1_2_VERSION, 326 .min_tls_version = TLS1_VERSION, 327 .max_tls_version = TLS1_2_VERSION, 328 .ssl_new = tls1_new, 329 .ssl_clear = tls1_clear, 330 .ssl_free = tls1_free, 331 .ssl_accept = ssl3_accept, 332 .ssl_connect = ssl3_connect, 333 .ssl_shutdown = ssl3_shutdown, 334 .ssl_renegotiate = ssl_undefined_function, 335 .ssl_renegotiate_check = ssl_ok, 336 .ssl_pending = ssl3_pending, 337 .ssl_read_bytes = ssl3_read_bytes, 338 .ssl_write_bytes = ssl3_write_bytes, 339 .enc_flags = TLSV1_2_ENC_FLAGS, 340 }; 341 342 static const SSL_METHOD TLS_legacy_method_data = { 343 .ssl_dispatch_alert = ssl3_dispatch_alert, 344 .num_ciphers = ssl3_num_ciphers, 345 .get_cipher = ssl3_get_cipher, 346 .get_cipher_by_char = ssl3_get_cipher_by_char, 347 .put_cipher_by_char = ssl3_put_cipher_by_char, 348 .internal = &TLS_legacy_method_internal_data, 349 }; 350 351 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 352 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 353 .dtls = 0, 354 .server = 0, 355 .version = TLS1_3_VERSION, 356 .min_tls_version = TLS1_VERSION, 357 .max_tls_version = TLS1_3_VERSION, 358 .ssl_new = tls1_new, 359 .ssl_clear = tls1_clear, 360 .ssl_free = tls1_free, 361 .ssl_accept = tls13_legacy_accept, 362 .ssl_connect = tls13_legacy_connect, 363 .ssl_shutdown = tls13_legacy_shutdown, 364 .ssl_renegotiate = ssl_undefined_function, 365 .ssl_renegotiate_check = ssl_ok, 366 .ssl_pending = tls13_legacy_pending, 367 .ssl_read_bytes = tls13_legacy_read_bytes, 368 .ssl_write_bytes = tls13_legacy_write_bytes, 369 .enc_flags = TLSV1_3_ENC_FLAGS, 370 }; 371 372 static const SSL_METHOD TLS_client_method_data = { 373 .ssl_dispatch_alert = ssl3_dispatch_alert, 374 .num_ciphers = ssl3_num_ciphers, 375 .get_cipher = ssl3_get_cipher, 376 .get_cipher_by_char = ssl3_get_cipher_by_char, 377 .put_cipher_by_char = ssl3_put_cipher_by_char, 378 .internal = &TLS_client_method_internal_data, 379 }; 380 381 #else 382 383 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 384 .dtls = 0, 385 .server = 0, 386 .version = TLS1_2_VERSION, 387 .min_tls_version = TLS1_VERSION, 388 .max_tls_version = TLS1_2_VERSION, 389 .ssl_new = tls1_new, 390 .ssl_clear = tls1_clear, 391 .ssl_free = tls1_free, 392 .ssl_accept = ssl3_accept, 393 .ssl_connect = ssl3_connect, 394 .ssl_shutdown = ssl3_shutdown, 395 .ssl_renegotiate = ssl_undefined_function, 396 .ssl_renegotiate_check = ssl_ok, 397 .ssl_pending = ssl3_pending, 398 .ssl_read_bytes = ssl3_read_bytes, 399 .ssl_write_bytes = ssl3_write_bytes, 400 .enc_flags = TLSV1_2_ENC_FLAGS, 401 }; 402 403 static const SSL_METHOD TLS_legacy_client_method_data = { 404 .ssl_dispatch_alert = ssl3_dispatch_alert, 405 .num_ciphers = ssl3_num_ciphers, 406 .get_cipher = ssl3_get_cipher, 407 .get_cipher_by_char = ssl3_get_cipher_by_char, 408 .put_cipher_by_char = ssl3_put_cipher_by_char, 409 .internal = &TLS_legacy_client_method_internal_data, 410 }; 411 #endif 412 413 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 414 .dtls = 0, 415 .server = 1, 416 .version = TLS1_VERSION, 417 .min_tls_version = TLS1_VERSION, 418 .max_tls_version = TLS1_VERSION, 419 .ssl_new = tls1_new, 420 .ssl_clear = tls1_clear, 421 .ssl_free = tls1_free, 422 .ssl_accept = ssl3_accept, 423 .ssl_connect = ssl3_connect, 424 .ssl_shutdown = ssl3_shutdown, 425 .ssl_renegotiate = ssl3_renegotiate, 426 .ssl_renegotiate_check = ssl3_renegotiate_check, 427 .ssl_pending = ssl3_pending, 428 .ssl_read_bytes = ssl3_read_bytes, 429 .ssl_write_bytes = ssl3_write_bytes, 430 .enc_flags = TLSV1_ENC_FLAGS, 431 }; 432 433 static const SSL_METHOD TLSv1_method_data = { 434 .ssl_dispatch_alert = ssl3_dispatch_alert, 435 .num_ciphers = ssl3_num_ciphers, 436 .get_cipher = ssl3_get_cipher, 437 .get_cipher_by_char = ssl3_get_cipher_by_char, 438 .put_cipher_by_char = ssl3_put_cipher_by_char, 439 .internal = &TLSv1_method_internal_data, 440 }; 441 442 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 443 .dtls = 0, 444 .server = 0, 445 .version = TLS1_VERSION, 446 .min_tls_version = TLS1_VERSION, 447 .max_tls_version = TLS1_VERSION, 448 .ssl_new = tls1_new, 449 .ssl_clear = tls1_clear, 450 .ssl_free = tls1_free, 451 .ssl_accept = ssl_undefined_function, 452 .ssl_connect = ssl3_connect, 453 .ssl_shutdown = ssl3_shutdown, 454 .ssl_renegotiate = ssl3_renegotiate, 455 .ssl_renegotiate_check = ssl3_renegotiate_check, 456 .ssl_pending = ssl3_pending, 457 .ssl_read_bytes = ssl3_read_bytes, 458 .ssl_write_bytes = ssl3_write_bytes, 459 .enc_flags = TLSV1_ENC_FLAGS, 460 }; 461 462 static const SSL_METHOD TLSv1_client_method_data = { 463 .ssl_dispatch_alert = ssl3_dispatch_alert, 464 .num_ciphers = ssl3_num_ciphers, 465 .get_cipher = ssl3_get_cipher, 466 .get_cipher_by_char = ssl3_get_cipher_by_char, 467 .put_cipher_by_char = ssl3_put_cipher_by_char, 468 .internal = &TLSv1_client_method_internal_data, 469 }; 470 471 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 472 .dtls = 0, 473 .server = 1, 474 .version = TLS1_1_VERSION, 475 .min_tls_version = TLS1_1_VERSION, 476 .max_tls_version = TLS1_1_VERSION, 477 .ssl_new = tls1_new, 478 .ssl_clear = tls1_clear, 479 .ssl_free = tls1_free, 480 .ssl_accept = ssl3_accept, 481 .ssl_connect = ssl3_connect, 482 .ssl_shutdown = ssl3_shutdown, 483 .ssl_renegotiate = ssl3_renegotiate, 484 .ssl_renegotiate_check = ssl3_renegotiate_check, 485 .ssl_pending = ssl3_pending, 486 .ssl_read_bytes = ssl3_read_bytes, 487 .ssl_write_bytes = ssl3_write_bytes, 488 .enc_flags = TLSV1_1_ENC_FLAGS, 489 }; 490 491 static const SSL_METHOD TLSv1_1_method_data = { 492 .ssl_dispatch_alert = ssl3_dispatch_alert, 493 .num_ciphers = ssl3_num_ciphers, 494 .get_cipher = ssl3_get_cipher, 495 .get_cipher_by_char = ssl3_get_cipher_by_char, 496 .put_cipher_by_char = ssl3_put_cipher_by_char, 497 .internal = &TLSv1_1_method_internal_data, 498 }; 499 500 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 501 .dtls = 0, 502 .server = 0, 503 .version = TLS1_1_VERSION, 504 .min_tls_version = TLS1_1_VERSION, 505 .max_tls_version = TLS1_1_VERSION, 506 .ssl_new = tls1_new, 507 .ssl_clear = tls1_clear, 508 .ssl_free = tls1_free, 509 .ssl_accept = ssl_undefined_function, 510 .ssl_connect = ssl3_connect, 511 .ssl_shutdown = ssl3_shutdown, 512 .ssl_renegotiate = ssl3_renegotiate, 513 .ssl_renegotiate_check = ssl3_renegotiate_check, 514 .ssl_pending = ssl3_pending, 515 .ssl_read_bytes = ssl3_read_bytes, 516 .ssl_write_bytes = ssl3_write_bytes, 517 .enc_flags = TLSV1_1_ENC_FLAGS, 518 }; 519 520 static const SSL_METHOD TLSv1_1_client_method_data = { 521 .ssl_dispatch_alert = ssl3_dispatch_alert, 522 .num_ciphers = ssl3_num_ciphers, 523 .get_cipher = ssl3_get_cipher, 524 .get_cipher_by_char = ssl3_get_cipher_by_char, 525 .put_cipher_by_char = ssl3_put_cipher_by_char, 526 .internal = &TLSv1_1_client_method_internal_data, 527 }; 528 529 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 530 .dtls = 0, 531 .server = 1, 532 .version = TLS1_2_VERSION, 533 .min_tls_version = TLS1_2_VERSION, 534 .max_tls_version = TLS1_2_VERSION, 535 .ssl_new = tls1_new, 536 .ssl_clear = tls1_clear, 537 .ssl_free = tls1_free, 538 .ssl_accept = ssl3_accept, 539 .ssl_connect = ssl3_connect, 540 .ssl_shutdown = ssl3_shutdown, 541 .ssl_renegotiate = ssl3_renegotiate, 542 .ssl_renegotiate_check = ssl3_renegotiate_check, 543 .ssl_pending = ssl3_pending, 544 .ssl_read_bytes = ssl3_read_bytes, 545 .ssl_write_bytes = ssl3_write_bytes, 546 .enc_flags = TLSV1_2_ENC_FLAGS, 547 }; 548 549 static const SSL_METHOD TLSv1_2_method_data = { 550 .ssl_dispatch_alert = ssl3_dispatch_alert, 551 .num_ciphers = ssl3_num_ciphers, 552 .get_cipher = ssl3_get_cipher, 553 .get_cipher_by_char = ssl3_get_cipher_by_char, 554 .put_cipher_by_char = ssl3_put_cipher_by_char, 555 .internal = &TLSv1_2_method_internal_data, 556 }; 557 558 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 559 .dtls = 0, 560 .server = 0, 561 .version = TLS1_2_VERSION, 562 .min_tls_version = TLS1_2_VERSION, 563 .max_tls_version = TLS1_2_VERSION, 564 .ssl_new = tls1_new, 565 .ssl_clear = tls1_clear, 566 .ssl_free = tls1_free, 567 .ssl_accept = ssl_undefined_function, 568 .ssl_connect = ssl3_connect, 569 .ssl_shutdown = ssl3_shutdown, 570 .ssl_renegotiate = ssl3_renegotiate, 571 .ssl_renegotiate_check = ssl3_renegotiate_check, 572 .ssl_pending = ssl3_pending, 573 .ssl_read_bytes = ssl3_read_bytes, 574 .ssl_write_bytes = ssl3_write_bytes, 575 .enc_flags = TLSV1_2_ENC_FLAGS, 576 }; 577 578 static const SSL_METHOD TLSv1_2_client_method_data = { 579 .ssl_dispatch_alert = ssl3_dispatch_alert, 580 .num_ciphers = ssl3_num_ciphers, 581 .get_cipher = ssl3_get_cipher, 582 .get_cipher_by_char = ssl3_get_cipher_by_char, 583 .put_cipher_by_char = ssl3_put_cipher_by_char, 584 .internal = &TLSv1_2_client_method_internal_data, 585 }; 586 587 const SSL_METHOD * 588 TLS_client_method(void) 589 { 590 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 591 return (&TLS_client_method_data); 592 #else 593 return (&TLS_legacy_client_method_data); 594 #endif 595 } 596 597 const SSL_METHOD * 598 TLS_method(void) 599 { 600 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 601 return (&TLS_method_data); 602 #else 603 return tls_legacy_method(); 604 #endif 605 } 606 607 const SSL_METHOD * 608 TLS_server_method(void) 609 { 610 return TLS_method(); 611 } 612 613 const SSL_METHOD * 614 tls_legacy_method(void) 615 { 616 return (&TLS_legacy_method_data); 617 } 618 619 const SSL_METHOD * 620 SSLv23_client_method(void) 621 { 622 return TLS_client_method(); 623 } 624 625 const SSL_METHOD * 626 SSLv23_method(void) 627 { 628 return TLS_method(); 629 } 630 631 const SSL_METHOD * 632 SSLv23_server_method(void) 633 { 634 return TLS_method(); 635 } 636 637 const SSL_METHOD * 638 TLSv1_client_method(void) 639 { 640 return (&TLSv1_client_method_data); 641 } 642 643 const SSL_METHOD * 644 TLSv1_method(void) 645 { 646 return (&TLSv1_method_data); 647 } 648 649 const SSL_METHOD * 650 TLSv1_server_method(void) 651 { 652 return (&TLSv1_method_data); 653 } 654 655 const SSL_METHOD * 656 TLSv1_1_client_method(void) 657 { 658 return (&TLSv1_1_client_method_data); 659 } 660 661 const SSL_METHOD * 662 TLSv1_1_method(void) 663 { 664 return (&TLSv1_1_method_data); 665 } 666 667 const SSL_METHOD * 668 TLSv1_1_server_method(void) 669 { 670 return (&TLSv1_1_method_data); 671 } 672 673 const SSL_METHOD * 674 TLSv1_2_client_method(void) 675 { 676 return (&TLSv1_2_client_method_data); 677 } 678 679 const SSL_METHOD * 680 TLSv1_2_method(void) 681 { 682 return (&TLSv1_2_method_data); 683 } 684 685 const SSL_METHOD * 686 TLSv1_2_server_method(void) 687 { 688 return (&TLSv1_2_method_data); 689 } 690 691 const SSL_METHOD * 692 ssl_get_method(uint16_t version) 693 { 694 if (version == TLS1_3_VERSION) 695 return (TLS_method()); 696 if (version == TLS1_2_VERSION) 697 return (TLSv1_2_method()); 698 if (version == TLS1_1_VERSION) 699 return (TLSv1_1_method()); 700 if (version == TLS1_VERSION) 701 return (TLSv1_method()); 702 if (version == DTLS1_VERSION) 703 return (DTLSv1_method()); 704 if (version == DTLS1_2_VERSION) 705 return (DTLSv1_2_method()); 706 707 return (NULL); 708 } 709