1 /* $OpenBSD: ssl_methods.c,v 1.4 2019/03/17 17:28:08 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 63 .version = DTLS1_VERSION, 64 .min_version = DTLS1_VERSION, 65 .max_version = DTLS1_VERSION, 66 .ssl_new = dtls1_new, 67 .ssl_clear = dtls1_clear, 68 .ssl_free = dtls1_free, 69 .ssl_accept = ssl_undefined_function, 70 .ssl_connect = ssl3_connect, 71 .get_ssl_method = dtls1_get_client_method, 72 .get_timeout = dtls1_default_timeout, 73 .ssl_version = ssl_undefined_void_function, 74 .ssl_renegotiate = ssl3_renegotiate, 75 .ssl_renegotiate_check = ssl3_renegotiate_check, 76 .ssl_get_message = dtls1_get_message, 77 .ssl_read_bytes = dtls1_read_bytes, 78 .ssl_write_bytes = dtls1_write_app_data_bytes, 79 .ssl3_enc = &DTLSv1_enc_data, 80 }; 81 82 static const SSL_METHOD DTLSv1_client_method_data = { 83 .ssl_dispatch_alert = dtls1_dispatch_alert, 84 .num_ciphers = ssl3_num_ciphers, 85 .get_cipher = dtls1_get_cipher, 86 .get_cipher_by_char = ssl3_get_cipher_by_char, 87 .put_cipher_by_char = ssl3_put_cipher_by_char, 88 .internal = &DTLSv1_client_method_internal_data, 89 }; 90 91 const SSL_METHOD * 92 DTLSv1_client_method(void) 93 { 94 return &DTLSv1_client_method_data; 95 } 96 97 const SSL_METHOD * 98 DTLS_client_method(void) 99 { 100 return DTLSv1_client_method(); 101 } 102 103 const SSL_METHOD * 104 dtls1_get_client_method(int ver) 105 { 106 if (ver == DTLS1_VERSION) 107 return (DTLSv1_client_method()); 108 return (NULL); 109 } 110 111 static const SSL_METHOD *dtls1_get_method(int ver); 112 113 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 114 .version = DTLS1_VERSION, 115 .min_version = DTLS1_VERSION, 116 .max_version = DTLS1_VERSION, 117 .ssl_new = dtls1_new, 118 .ssl_clear = dtls1_clear, 119 .ssl_free = dtls1_free, 120 .ssl_accept = ssl3_accept, 121 .ssl_connect = ssl3_connect, 122 .get_ssl_method = dtls1_get_method, 123 .get_timeout = dtls1_default_timeout, 124 .ssl_version = ssl_undefined_void_function, 125 .ssl_renegotiate = ssl3_renegotiate, 126 .ssl_renegotiate_check = ssl3_renegotiate_check, 127 .ssl_get_message = dtls1_get_message, 128 .ssl_read_bytes = dtls1_read_bytes, 129 .ssl_write_bytes = dtls1_write_app_data_bytes, 130 .ssl3_enc = &DTLSv1_enc_data, 131 }; 132 133 static const SSL_METHOD DTLSv1_method_data = { 134 .ssl_dispatch_alert = dtls1_dispatch_alert, 135 .num_ciphers = ssl3_num_ciphers, 136 .get_cipher = dtls1_get_cipher, 137 .get_cipher_by_char = ssl3_get_cipher_by_char, 138 .put_cipher_by_char = ssl3_put_cipher_by_char, 139 .internal = &DTLSv1_method_internal_data, 140 }; 141 142 const SSL_METHOD * 143 DTLSv1_method(void) 144 { 145 return &DTLSv1_method_data; 146 } 147 148 const SSL_METHOD * 149 DTLS_method(void) 150 { 151 return DTLSv1_method(); 152 } 153 154 static const SSL_METHOD * 155 dtls1_get_method(int ver) 156 { 157 if (ver == DTLS1_VERSION) 158 return (DTLSv1_method()); 159 return (NULL); 160 } 161 162 static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = { 163 .version = DTLS1_VERSION, 164 .min_version = DTLS1_VERSION, 165 .max_version = DTLS1_VERSION, 166 .ssl_new = dtls1_new, 167 .ssl_clear = dtls1_clear, 168 .ssl_free = dtls1_free, 169 .ssl_accept = ssl3_accept, 170 .ssl_connect = ssl_undefined_function, 171 .get_ssl_method = dtls1_get_server_method, 172 .get_timeout = dtls1_default_timeout, 173 .ssl_version = ssl_undefined_void_function, 174 .ssl_renegotiate = ssl3_renegotiate, 175 .ssl_renegotiate_check = ssl3_renegotiate_check, 176 .ssl_get_message = dtls1_get_message, 177 .ssl_read_bytes = dtls1_read_bytes, 178 .ssl_write_bytes = dtls1_write_app_data_bytes, 179 .ssl3_enc = &DTLSv1_enc_data, 180 }; 181 182 static const SSL_METHOD DTLSv1_server_method_data = { 183 .ssl_dispatch_alert = dtls1_dispatch_alert, 184 .num_ciphers = ssl3_num_ciphers, 185 .get_cipher = dtls1_get_cipher, 186 .get_cipher_by_char = ssl3_get_cipher_by_char, 187 .put_cipher_by_char = ssl3_put_cipher_by_char, 188 .internal = &DTLSv1_server_method_internal_data, 189 }; 190 191 const SSL_METHOD * 192 DTLSv1_server_method(void) 193 { 194 return &DTLSv1_server_method_data; 195 } 196 197 const SSL_METHOD * 198 DTLS_server_method(void) 199 { 200 return DTLSv1_server_method(); 201 } 202 203 const SSL_METHOD * 204 dtls1_get_server_method(int ver) 205 { 206 if (ver == DTLS1_VERSION) 207 return (DTLSv1_server_method()); 208 return (NULL); 209 } 210 211 #ifdef LIBRESSL_HAS_TLS1_3 212 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 213 .version = TLS1_3_VERSION, 214 .min_version = TLS1_VERSION, 215 .max_version = TLS1_3_VERSION, 216 .ssl_new = tls1_new, 217 .ssl_clear = tls1_clear, 218 .ssl_free = tls1_free, 219 .ssl_accept = ssl_undefined_function, 220 .ssl_connect = tls13_legacy_connect, 221 .get_ssl_method = tls1_get_client_method, 222 .get_timeout = tls1_default_timeout, 223 .ssl_version = ssl_undefined_void_function, 224 .ssl_renegotiate = ssl_undefined_function, 225 .ssl_renegotiate_check = ssl_ok, 226 .ssl_get_message = ssl3_get_message, 227 .ssl_read_bytes = tls13_legacy_read_bytes, 228 .ssl_write_bytes = tls13_legacy_write_bytes, 229 .ssl3_enc = &TLSv1_2_enc_data, 230 }; 231 232 static const SSL_METHOD TLS_client_method_data = { 233 .ssl_dispatch_alert = ssl3_dispatch_alert, 234 .num_ciphers = ssl3_num_ciphers, 235 .get_cipher = ssl3_get_cipher, 236 .get_cipher_by_char = ssl3_get_cipher_by_char, 237 .put_cipher_by_char = ssl3_put_cipher_by_char, 238 .internal = &TLS_client_method_internal_data, 239 }; 240 #endif 241 242 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 243 .version = TLS1_2_VERSION, 244 .min_version = TLS1_VERSION, 245 .max_version = TLS1_2_VERSION, 246 .ssl_new = tls1_new, 247 .ssl_clear = tls1_clear, 248 .ssl_free = tls1_free, 249 .ssl_accept = ssl_undefined_function, 250 .ssl_connect = ssl3_connect, 251 .get_ssl_method = tls1_get_client_method, 252 .get_timeout = tls1_default_timeout, 253 .ssl_version = ssl_undefined_void_function, 254 .ssl_renegotiate = ssl_undefined_function, 255 .ssl_renegotiate_check = ssl_ok, 256 .ssl_get_message = ssl3_get_message, 257 .ssl_read_bytes = ssl3_read_bytes, 258 .ssl_write_bytes = ssl3_write_bytes, 259 .ssl3_enc = &TLSv1_2_enc_data, 260 }; 261 262 static const SSL_METHOD TLS_legacy_client_method_data = { 263 .ssl_dispatch_alert = ssl3_dispatch_alert, 264 .num_ciphers = ssl3_num_ciphers, 265 .get_cipher = ssl3_get_cipher, 266 .get_cipher_by_char = ssl3_get_cipher_by_char, 267 .put_cipher_by_char = ssl3_put_cipher_by_char, 268 .internal = &TLS_legacy_client_method_internal_data, 269 }; 270 271 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 272 .version = TLS1_VERSION, 273 .min_version = TLS1_VERSION, 274 .max_version = TLS1_VERSION, 275 .ssl_new = tls1_new, 276 .ssl_clear = tls1_clear, 277 .ssl_free = tls1_free, 278 .ssl_accept = ssl_undefined_function, 279 .ssl_connect = ssl3_connect, 280 .get_ssl_method = tls1_get_client_method, 281 .get_timeout = tls1_default_timeout, 282 .ssl_version = ssl_undefined_void_function, 283 .ssl_renegotiate = ssl3_renegotiate, 284 .ssl_renegotiate_check = ssl3_renegotiate_check, 285 .ssl_get_message = ssl3_get_message, 286 .ssl_read_bytes = ssl3_read_bytes, 287 .ssl_write_bytes = ssl3_write_bytes, 288 .ssl3_enc = &TLSv1_enc_data, 289 }; 290 291 static const SSL_METHOD TLSv1_client_method_data = { 292 .ssl_dispatch_alert = ssl3_dispatch_alert, 293 .num_ciphers = ssl3_num_ciphers, 294 .get_cipher = ssl3_get_cipher, 295 .get_cipher_by_char = ssl3_get_cipher_by_char, 296 .put_cipher_by_char = ssl3_put_cipher_by_char, 297 .internal = &TLSv1_client_method_internal_data, 298 }; 299 300 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 301 .version = TLS1_1_VERSION, 302 .min_version = TLS1_1_VERSION, 303 .max_version = TLS1_1_VERSION, 304 .ssl_new = tls1_new, 305 .ssl_clear = tls1_clear, 306 .ssl_free = tls1_free, 307 .ssl_accept = ssl_undefined_function, 308 .ssl_connect = ssl3_connect, 309 .get_ssl_method = tls1_get_client_method, 310 .get_timeout = tls1_default_timeout, 311 .ssl_version = ssl_undefined_void_function, 312 .ssl_renegotiate = ssl3_renegotiate, 313 .ssl_renegotiate_check = ssl3_renegotiate_check, 314 .ssl_get_message = ssl3_get_message, 315 .ssl_read_bytes = ssl3_read_bytes, 316 .ssl_write_bytes = ssl3_write_bytes, 317 .ssl3_enc = &TLSv1_1_enc_data, 318 }; 319 320 static const SSL_METHOD TLSv1_1_client_method_data = { 321 .ssl_dispatch_alert = ssl3_dispatch_alert, 322 .num_ciphers = ssl3_num_ciphers, 323 .get_cipher = ssl3_get_cipher, 324 .get_cipher_by_char = ssl3_get_cipher_by_char, 325 .put_cipher_by_char = ssl3_put_cipher_by_char, 326 .internal = &TLSv1_1_client_method_internal_data, 327 }; 328 329 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 330 .version = TLS1_2_VERSION, 331 .min_version = TLS1_2_VERSION, 332 .max_version = TLS1_2_VERSION, 333 .ssl_new = tls1_new, 334 .ssl_clear = tls1_clear, 335 .ssl_free = tls1_free, 336 .ssl_accept = ssl_undefined_function, 337 .ssl_connect = ssl3_connect, 338 .get_ssl_method = tls1_get_client_method, 339 .get_timeout = tls1_default_timeout, 340 .ssl_version = ssl_undefined_void_function, 341 .ssl_renegotiate = ssl3_renegotiate, 342 .ssl_renegotiate_check = ssl3_renegotiate_check, 343 .ssl_get_message = ssl3_get_message, 344 .ssl_read_bytes = ssl3_read_bytes, 345 .ssl_write_bytes = ssl3_write_bytes, 346 .ssl3_enc = &TLSv1_2_enc_data, 347 }; 348 349 static const SSL_METHOD TLSv1_2_client_method_data = { 350 .ssl_dispatch_alert = ssl3_dispatch_alert, 351 .num_ciphers = ssl3_num_ciphers, 352 .get_cipher = ssl3_get_cipher, 353 .get_cipher_by_char = ssl3_get_cipher_by_char, 354 .put_cipher_by_char = ssl3_put_cipher_by_char, 355 .internal = &TLSv1_2_client_method_internal_data, 356 }; 357 358 const SSL_METHOD * 359 tls1_get_client_method(int ver) 360 { 361 if (ver == TLS1_2_VERSION) 362 return (TLSv1_2_client_method()); 363 if (ver == TLS1_1_VERSION) 364 return (TLSv1_1_client_method()); 365 if (ver == TLS1_VERSION) 366 return (TLSv1_client_method()); 367 return (NULL); 368 } 369 370 const SSL_METHOD * 371 SSLv23_client_method(void) 372 { 373 return (TLS_client_method()); 374 } 375 376 const SSL_METHOD * 377 TLS_client_method(void) 378 { 379 #ifdef LIBRESSL_HAS_TLS1_3 380 return (&TLS_client_method_data); 381 #else 382 return tls_legacy_client_method(); 383 #endif 384 } 385 386 const SSL_METHOD * 387 tls_legacy_client_method(void) 388 { 389 return (&TLS_legacy_client_method_data); 390 } 391 392 const SSL_METHOD * 393 TLSv1_client_method(void) 394 { 395 return (&TLSv1_client_method_data); 396 } 397 398 const SSL_METHOD * 399 TLSv1_1_client_method(void) 400 { 401 return (&TLSv1_1_client_method_data); 402 } 403 404 const SSL_METHOD * 405 TLSv1_2_client_method(void) 406 { 407 return (&TLSv1_2_client_method_data); 408 } 409 410 static const SSL_METHOD *tls1_get_method(int ver); 411 412 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 413 .version = TLS1_2_VERSION, 414 .min_version = TLS1_VERSION, 415 .max_version = TLS1_2_VERSION, 416 .ssl_new = tls1_new, 417 .ssl_clear = tls1_clear, 418 .ssl_free = tls1_free, 419 .ssl_accept = ssl3_accept, 420 .ssl_connect = ssl3_connect, 421 .get_ssl_method = tls1_get_method, 422 .get_timeout = tls1_default_timeout, 423 .ssl_version = ssl_undefined_void_function, 424 .ssl_renegotiate = ssl_undefined_function, 425 .ssl_renegotiate_check = ssl_ok, 426 .ssl_get_message = ssl3_get_message, 427 .ssl_read_bytes = ssl3_read_bytes, 428 .ssl_write_bytes = ssl3_write_bytes, 429 .ssl3_enc = &TLSv1_2_enc_data, 430 }; 431 432 static const SSL_METHOD TLS_method_data = { 433 .ssl_dispatch_alert = ssl3_dispatch_alert, 434 .num_ciphers = ssl3_num_ciphers, 435 .get_cipher = ssl3_get_cipher, 436 .get_cipher_by_char = ssl3_get_cipher_by_char, 437 .put_cipher_by_char = ssl3_put_cipher_by_char, 438 .internal = &TLS_method_internal_data, 439 }; 440 441 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 442 .version = TLS1_VERSION, 443 .min_version = TLS1_VERSION, 444 .max_version = TLS1_VERSION, 445 .ssl_new = tls1_new, 446 .ssl_clear = tls1_clear, 447 .ssl_free = tls1_free, 448 .ssl_accept = ssl3_accept, 449 .ssl_connect = ssl3_connect, 450 .get_ssl_method = tls1_get_method, 451 .get_timeout = tls1_default_timeout, 452 .ssl_version = ssl_undefined_void_function, 453 .ssl_renegotiate = ssl3_renegotiate, 454 .ssl_renegotiate_check = ssl3_renegotiate_check, 455 .ssl_get_message = ssl3_get_message, 456 .ssl_read_bytes = ssl3_read_bytes, 457 .ssl_write_bytes = ssl3_write_bytes, 458 .ssl3_enc = &TLSv1_enc_data, 459 }; 460 461 static const SSL_METHOD TLSv1_method_data = { 462 .ssl_dispatch_alert = ssl3_dispatch_alert, 463 .num_ciphers = ssl3_num_ciphers, 464 .get_cipher = ssl3_get_cipher, 465 .get_cipher_by_char = ssl3_get_cipher_by_char, 466 .put_cipher_by_char = ssl3_put_cipher_by_char, 467 .internal = &TLSv1_method_internal_data, 468 }; 469 470 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 471 .version = TLS1_1_VERSION, 472 .min_version = TLS1_1_VERSION, 473 .max_version = TLS1_1_VERSION, 474 .ssl_new = tls1_new, 475 .ssl_clear = tls1_clear, 476 .ssl_free = tls1_free, 477 .ssl_accept = ssl3_accept, 478 .ssl_connect = ssl3_connect, 479 .get_ssl_method = tls1_get_method, 480 .get_timeout = tls1_default_timeout, 481 .ssl_version = ssl_undefined_void_function, 482 .ssl_renegotiate = ssl3_renegotiate, 483 .ssl_renegotiate_check = ssl3_renegotiate_check, 484 .ssl_get_message = ssl3_get_message, 485 .ssl_read_bytes = ssl3_read_bytes, 486 .ssl_write_bytes = ssl3_write_bytes, 487 .ssl3_enc = &TLSv1_1_enc_data, 488 }; 489 490 static const SSL_METHOD TLSv1_1_method_data = { 491 .ssl_dispatch_alert = ssl3_dispatch_alert, 492 .num_ciphers = ssl3_num_ciphers, 493 .get_cipher = ssl3_get_cipher, 494 .get_cipher_by_char = ssl3_get_cipher_by_char, 495 .put_cipher_by_char = ssl3_put_cipher_by_char, 496 .internal = &TLSv1_1_method_internal_data, 497 }; 498 499 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 500 .version = TLS1_2_VERSION, 501 .min_version = TLS1_2_VERSION, 502 .max_version = TLS1_2_VERSION, 503 .ssl_new = tls1_new, 504 .ssl_clear = tls1_clear, 505 .ssl_free = tls1_free, 506 .ssl_accept = ssl3_accept, 507 .ssl_connect = ssl3_connect, 508 .get_ssl_method = tls1_get_method, 509 .get_timeout = tls1_default_timeout, 510 .ssl_version = ssl_undefined_void_function, 511 .ssl_renegotiate = ssl3_renegotiate, 512 .ssl_renegotiate_check = ssl3_renegotiate_check, 513 .ssl_get_message = ssl3_get_message, 514 .ssl_read_bytes = ssl3_read_bytes, 515 .ssl_write_bytes = ssl3_write_bytes, 516 .ssl3_enc = &TLSv1_2_enc_data, 517 }; 518 519 static const SSL_METHOD TLSv1_2_method_data = { 520 .ssl_dispatch_alert = ssl3_dispatch_alert, 521 .num_ciphers = ssl3_num_ciphers, 522 .get_cipher = ssl3_get_cipher, 523 .get_cipher_by_char = ssl3_get_cipher_by_char, 524 .put_cipher_by_char = ssl3_put_cipher_by_char, 525 .internal = &TLSv1_2_method_internal_data, 526 }; 527 528 static const SSL_METHOD * 529 tls1_get_method(int ver) 530 { 531 if (ver == TLS1_2_VERSION) 532 return (TLSv1_2_method()); 533 if (ver == TLS1_1_VERSION) 534 return (TLSv1_1_method()); 535 if (ver == TLS1_VERSION) 536 return (TLSv1_method()); 537 return (NULL); 538 } 539 540 const SSL_METHOD * 541 SSLv23_method(void) 542 { 543 return (TLS_method()); 544 } 545 546 const SSL_METHOD * 547 TLS_method(void) 548 { 549 return &TLS_method_data; 550 } 551 552 const SSL_METHOD * 553 TLSv1_method(void) 554 { 555 return (&TLSv1_method_data); 556 } 557 558 const SSL_METHOD * 559 TLSv1_1_method(void) 560 { 561 return (&TLSv1_1_method_data); 562 } 563 564 const SSL_METHOD * 565 TLSv1_2_method(void) 566 { 567 return (&TLSv1_2_method_data); 568 } 569 570 static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { 571 .version = TLS1_2_VERSION, 572 .min_version = TLS1_VERSION, 573 .max_version = TLS1_2_VERSION, 574 .ssl_new = tls1_new, 575 .ssl_clear = tls1_clear, 576 .ssl_free = tls1_free, 577 .ssl_accept = ssl3_accept, 578 .ssl_connect = ssl_undefined_function, 579 .get_ssl_method = tls1_get_server_method, 580 .get_timeout = tls1_default_timeout, 581 .ssl_version = ssl_undefined_void_function, 582 .ssl_renegotiate = ssl_undefined_function, 583 .ssl_renegotiate_check = ssl_ok, 584 .ssl_get_message = ssl3_get_message, 585 .ssl_read_bytes = ssl3_read_bytes, 586 .ssl_write_bytes = ssl3_write_bytes, 587 .ssl3_enc = &TLSv1_2_enc_data, 588 }; 589 590 static const SSL_METHOD TLS_server_method_data = { 591 .ssl_dispatch_alert = ssl3_dispatch_alert, 592 .num_ciphers = ssl3_num_ciphers, 593 .get_cipher = ssl3_get_cipher, 594 .get_cipher_by_char = ssl3_get_cipher_by_char, 595 .put_cipher_by_char = ssl3_put_cipher_by_char, 596 .internal = &TLS_server_method_internal_data, 597 }; 598 599 static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = { 600 .version = TLS1_VERSION, 601 .min_version = TLS1_VERSION, 602 .max_version = TLS1_VERSION, 603 .ssl_new = tls1_new, 604 .ssl_clear = tls1_clear, 605 .ssl_free = tls1_free, 606 .ssl_accept = ssl3_accept, 607 .ssl_connect = ssl_undefined_function, 608 .get_ssl_method = tls1_get_server_method, 609 .get_timeout = tls1_default_timeout, 610 .ssl_version = ssl_undefined_void_function, 611 .ssl_renegotiate = ssl3_renegotiate, 612 .ssl_renegotiate_check = ssl3_renegotiate_check, 613 .ssl_get_message = ssl3_get_message, 614 .ssl_read_bytes = ssl3_read_bytes, 615 .ssl_write_bytes = ssl3_write_bytes, 616 .ssl3_enc = &TLSv1_enc_data, 617 }; 618 619 static const SSL_METHOD TLSv1_server_method_data = { 620 .ssl_dispatch_alert = ssl3_dispatch_alert, 621 .num_ciphers = ssl3_num_ciphers, 622 .get_cipher = ssl3_get_cipher, 623 .get_cipher_by_char = ssl3_get_cipher_by_char, 624 .put_cipher_by_char = ssl3_put_cipher_by_char, 625 .internal = &TLSv1_server_method_internal_data, 626 }; 627 628 static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = { 629 .version = TLS1_1_VERSION, 630 .min_version = TLS1_1_VERSION, 631 .max_version = TLS1_1_VERSION, 632 .ssl_new = tls1_new, 633 .ssl_clear = tls1_clear, 634 .ssl_free = tls1_free, 635 .ssl_accept = ssl3_accept, 636 .ssl_connect = ssl_undefined_function, 637 .get_ssl_method = tls1_get_server_method, 638 .get_timeout = tls1_default_timeout, 639 .ssl_version = ssl_undefined_void_function, 640 .ssl_renegotiate = ssl3_renegotiate, 641 .ssl_renegotiate_check = ssl3_renegotiate_check, 642 .ssl_get_message = ssl3_get_message, 643 .ssl_read_bytes = ssl3_read_bytes, 644 .ssl_write_bytes = ssl3_write_bytes, 645 .ssl3_enc = &TLSv1_1_enc_data, 646 }; 647 648 static const SSL_METHOD TLSv1_1_server_method_data = { 649 .ssl_dispatch_alert = ssl3_dispatch_alert, 650 .num_ciphers = ssl3_num_ciphers, 651 .get_cipher = ssl3_get_cipher, 652 .get_cipher_by_char = ssl3_get_cipher_by_char, 653 .put_cipher_by_char = ssl3_put_cipher_by_char, 654 .internal = &TLSv1_1_server_method_internal_data, 655 }; 656 657 static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = { 658 .version = TLS1_2_VERSION, 659 .min_version = TLS1_2_VERSION, 660 .max_version = TLS1_2_VERSION, 661 .ssl_new = tls1_new, 662 .ssl_clear = tls1_clear, 663 .ssl_free = tls1_free, 664 .ssl_accept = ssl3_accept, 665 .ssl_connect = ssl_undefined_function, 666 .get_ssl_method = tls1_get_server_method, 667 .get_timeout = tls1_default_timeout, 668 .ssl_version = ssl_undefined_void_function, 669 .ssl_renegotiate = ssl3_renegotiate, 670 .ssl_renegotiate_check = ssl3_renegotiate_check, 671 .ssl_get_message = ssl3_get_message, 672 .ssl_read_bytes = ssl3_read_bytes, 673 .ssl_write_bytes = ssl3_write_bytes, 674 .ssl3_enc = &TLSv1_2_enc_data, 675 }; 676 677 static const SSL_METHOD TLSv1_2_server_method_data = { 678 .ssl_dispatch_alert = ssl3_dispatch_alert, 679 .num_ciphers = ssl3_num_ciphers, 680 .get_cipher = ssl3_get_cipher, 681 .get_cipher_by_char = ssl3_get_cipher_by_char, 682 .put_cipher_by_char = ssl3_put_cipher_by_char, 683 .internal = &TLSv1_2_server_method_internal_data, 684 }; 685 686 const SSL_METHOD * 687 tls1_get_server_method(int ver) 688 { 689 if (ver == TLS1_2_VERSION) 690 return (TLSv1_2_server_method()); 691 if (ver == TLS1_1_VERSION) 692 return (TLSv1_1_server_method()); 693 if (ver == TLS1_VERSION) 694 return (TLSv1_server_method()); 695 return (NULL); 696 } 697 698 const SSL_METHOD * 699 SSLv23_server_method(void) 700 { 701 return (TLS_server_method()); 702 } 703 704 const SSL_METHOD * 705 TLS_server_method(void) 706 { 707 return (&TLS_server_method_data); 708 } 709 710 const SSL_METHOD * 711 TLSv1_server_method(void) 712 { 713 return (&TLSv1_server_method_data); 714 } 715 716 const SSL_METHOD * 717 TLSv1_1_server_method(void) 718 { 719 return (&TLSv1_1_server_method_data); 720 } 721 722 const SSL_METHOD * 723 TLSv1_2_server_method(void) 724 { 725 return (&TLSv1_2_server_method_data); 726 } 727