1 /* $OpenBSD: ssl_methods.c,v 1.16 2020/09/17 15:23:29 jsing Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include "ssl_locl.h" 60 #include "tls13_internal.h" 61 62 static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 63 .version = DTLS1_VERSION, 64 .min_version = DTLS1_VERSION, 65 .max_version = DTLS1_VERSION, 66 .ssl_new = dtls1_new, 67 .ssl_clear = dtls1_clear, 68 .ssl_free = dtls1_free, 69 .ssl_accept = ssl_undefined_function, 70 .ssl_connect = ssl3_connect, 71 .ssl_shutdown = ssl3_shutdown, 72 .ssl_renegotiate = ssl3_renegotiate, 73 .ssl_renegotiate_check = ssl3_renegotiate_check, 74 .ssl_pending = ssl3_pending, 75 .ssl_read_bytes = dtls1_read_bytes, 76 .ssl_write_bytes = dtls1_write_app_data_bytes, 77 .ssl3_enc = &DTLSv1_enc_data, 78 }; 79 80 static const SSL_METHOD DTLSv1_client_method_data = { 81 .ssl_dispatch_alert = dtls1_dispatch_alert, 82 .num_ciphers = ssl3_num_ciphers, 83 .get_cipher = dtls1_get_cipher, 84 .get_cipher_by_char = ssl3_get_cipher_by_char, 85 .put_cipher_by_char = ssl3_put_cipher_by_char, 86 .internal = &DTLSv1_client_method_internal_data, 87 }; 88 89 const SSL_METHOD * 90 DTLSv1_client_method(void) 91 { 92 return &DTLSv1_client_method_data; 93 } 94 95 const SSL_METHOD * 96 DTLS_client_method(void) 97 { 98 return DTLSv1_client_method(); 99 } 100 101 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 102 .version = DTLS1_VERSION, 103 .min_version = DTLS1_VERSION, 104 .max_version = DTLS1_VERSION, 105 .ssl_new = dtls1_new, 106 .ssl_clear = dtls1_clear, 107 .ssl_free = dtls1_free, 108 .ssl_accept = ssl3_accept, 109 .ssl_connect = ssl3_connect, 110 .ssl_shutdown = ssl3_shutdown, 111 .ssl_renegotiate = ssl3_renegotiate, 112 .ssl_renegotiate_check = ssl3_renegotiate_check, 113 .ssl_pending = ssl3_pending, 114 .ssl_read_bytes = dtls1_read_bytes, 115 .ssl_write_bytes = dtls1_write_app_data_bytes, 116 .ssl3_enc = &DTLSv1_enc_data, 117 }; 118 119 static const SSL_METHOD DTLSv1_method_data = { 120 .ssl_dispatch_alert = dtls1_dispatch_alert, 121 .num_ciphers = ssl3_num_ciphers, 122 .get_cipher = dtls1_get_cipher, 123 .get_cipher_by_char = ssl3_get_cipher_by_char, 124 .put_cipher_by_char = ssl3_put_cipher_by_char, 125 .internal = &DTLSv1_method_internal_data, 126 }; 127 128 const SSL_METHOD * 129 DTLSv1_method(void) 130 { 131 return &DTLSv1_method_data; 132 } 133 134 const SSL_METHOD * 135 DTLS_method(void) 136 { 137 return DTLSv1_method(); 138 } 139 140 static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = { 141 .version = DTLS1_VERSION, 142 .min_version = DTLS1_VERSION, 143 .max_version = DTLS1_VERSION, 144 .ssl_new = dtls1_new, 145 .ssl_clear = dtls1_clear, 146 .ssl_free = dtls1_free, 147 .ssl_accept = ssl3_accept, 148 .ssl_connect = ssl_undefined_function, 149 .ssl_shutdown = ssl3_shutdown, 150 .ssl_renegotiate = ssl3_renegotiate, 151 .ssl_renegotiate_check = ssl3_renegotiate_check, 152 .ssl_pending = ssl3_pending, 153 .ssl_read_bytes = dtls1_read_bytes, 154 .ssl_write_bytes = dtls1_write_app_data_bytes, 155 .ssl3_enc = &DTLSv1_enc_data, 156 }; 157 158 static const SSL_METHOD DTLSv1_server_method_data = { 159 .ssl_dispatch_alert = dtls1_dispatch_alert, 160 .num_ciphers = ssl3_num_ciphers, 161 .get_cipher = dtls1_get_cipher, 162 .get_cipher_by_char = ssl3_get_cipher_by_char, 163 .put_cipher_by_char = ssl3_put_cipher_by_char, 164 .internal = &DTLSv1_server_method_internal_data, 165 }; 166 167 const SSL_METHOD * 168 DTLSv1_server_method(void) 169 { 170 return &DTLSv1_server_method_data; 171 } 172 173 const SSL_METHOD * 174 DTLS_server_method(void) 175 { 176 return DTLSv1_server_method(); 177 } 178 179 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 180 static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 181 .version = TLS1_3_VERSION, 182 .min_version = TLS1_VERSION, 183 .max_version = TLS1_3_VERSION, 184 .ssl_new = tls1_new, 185 .ssl_clear = tls1_clear, 186 .ssl_free = tls1_free, 187 .ssl_accept = ssl_undefined_function, 188 .ssl_connect = tls13_legacy_connect, 189 .ssl_shutdown = tls13_legacy_shutdown, 190 .ssl_renegotiate = ssl_undefined_function, 191 .ssl_renegotiate_check = ssl_ok, 192 .ssl_pending = tls13_legacy_pending, 193 .ssl_read_bytes = tls13_legacy_read_bytes, 194 .ssl_write_bytes = tls13_legacy_write_bytes, 195 .ssl3_enc = &TLSv1_3_enc_data, 196 }; 197 198 static const SSL_METHOD TLS_client_method_data = { 199 .ssl_dispatch_alert = ssl3_dispatch_alert, 200 .num_ciphers = ssl3_num_ciphers, 201 .get_cipher = ssl3_get_cipher, 202 .get_cipher_by_char = ssl3_get_cipher_by_char, 203 .put_cipher_by_char = ssl3_put_cipher_by_char, 204 .internal = &TLS_client_method_internal_data, 205 }; 206 #endif 207 208 static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 209 .version = TLS1_2_VERSION, 210 .min_version = TLS1_VERSION, 211 .max_version = TLS1_2_VERSION, 212 .ssl_new = tls1_new, 213 .ssl_clear = tls1_clear, 214 .ssl_free = tls1_free, 215 .ssl_accept = ssl_undefined_function, 216 .ssl_connect = ssl3_connect, 217 .ssl_shutdown = ssl3_shutdown, 218 .ssl_renegotiate = ssl_undefined_function, 219 .ssl_renegotiate_check = ssl_ok, 220 .ssl_pending = ssl3_pending, 221 .ssl_read_bytes = ssl3_read_bytes, 222 .ssl_write_bytes = ssl3_write_bytes, 223 .ssl3_enc = &TLSv1_2_enc_data, 224 }; 225 226 static const SSL_METHOD TLS_legacy_client_method_data = { 227 .ssl_dispatch_alert = ssl3_dispatch_alert, 228 .num_ciphers = ssl3_num_ciphers, 229 .get_cipher = ssl3_get_cipher, 230 .get_cipher_by_char = ssl3_get_cipher_by_char, 231 .put_cipher_by_char = ssl3_put_cipher_by_char, 232 .internal = &TLS_legacy_client_method_internal_data, 233 }; 234 235 static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 236 .version = TLS1_VERSION, 237 .min_version = TLS1_VERSION, 238 .max_version = TLS1_VERSION, 239 .ssl_new = tls1_new, 240 .ssl_clear = tls1_clear, 241 .ssl_free = tls1_free, 242 .ssl_accept = ssl_undefined_function, 243 .ssl_connect = ssl3_connect, 244 .ssl_shutdown = ssl3_shutdown, 245 .ssl_renegotiate = ssl3_renegotiate, 246 .ssl_renegotiate_check = ssl3_renegotiate_check, 247 .ssl_pending = ssl3_pending, 248 .ssl_read_bytes = ssl3_read_bytes, 249 .ssl_write_bytes = ssl3_write_bytes, 250 .ssl3_enc = &TLSv1_enc_data, 251 }; 252 253 static const SSL_METHOD TLSv1_client_method_data = { 254 .ssl_dispatch_alert = ssl3_dispatch_alert, 255 .num_ciphers = ssl3_num_ciphers, 256 .get_cipher = ssl3_get_cipher, 257 .get_cipher_by_char = ssl3_get_cipher_by_char, 258 .put_cipher_by_char = ssl3_put_cipher_by_char, 259 .internal = &TLSv1_client_method_internal_data, 260 }; 261 262 static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 263 .version = TLS1_1_VERSION, 264 .min_version = TLS1_1_VERSION, 265 .max_version = TLS1_1_VERSION, 266 .ssl_new = tls1_new, 267 .ssl_clear = tls1_clear, 268 .ssl_free = tls1_free, 269 .ssl_accept = ssl_undefined_function, 270 .ssl_connect = ssl3_connect, 271 .ssl_shutdown = ssl3_shutdown, 272 .ssl_renegotiate = ssl3_renegotiate, 273 .ssl_renegotiate_check = ssl3_renegotiate_check, 274 .ssl_pending = ssl3_pending, 275 .ssl_read_bytes = ssl3_read_bytes, 276 .ssl_write_bytes = ssl3_write_bytes, 277 .ssl3_enc = &TLSv1_1_enc_data, 278 }; 279 280 static const SSL_METHOD TLSv1_1_client_method_data = { 281 .ssl_dispatch_alert = ssl3_dispatch_alert, 282 .num_ciphers = ssl3_num_ciphers, 283 .get_cipher = ssl3_get_cipher, 284 .get_cipher_by_char = ssl3_get_cipher_by_char, 285 .put_cipher_by_char = ssl3_put_cipher_by_char, 286 .internal = &TLSv1_1_client_method_internal_data, 287 }; 288 289 static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 290 .version = TLS1_2_VERSION, 291 .min_version = TLS1_2_VERSION, 292 .max_version = TLS1_2_VERSION, 293 .ssl_new = tls1_new, 294 .ssl_clear = tls1_clear, 295 .ssl_free = tls1_free, 296 .ssl_accept = ssl_undefined_function, 297 .ssl_connect = ssl3_connect, 298 .ssl_shutdown = ssl3_shutdown, 299 .ssl_renegotiate = ssl3_renegotiate, 300 .ssl_renegotiate_check = ssl3_renegotiate_check, 301 .ssl_pending = ssl3_pending, 302 .ssl_read_bytes = ssl3_read_bytes, 303 .ssl_write_bytes = ssl3_write_bytes, 304 .ssl3_enc = &TLSv1_2_enc_data, 305 }; 306 307 static const SSL_METHOD TLSv1_2_client_method_data = { 308 .ssl_dispatch_alert = ssl3_dispatch_alert, 309 .num_ciphers = ssl3_num_ciphers, 310 .get_cipher = ssl3_get_cipher, 311 .get_cipher_by_char = ssl3_get_cipher_by_char, 312 .put_cipher_by_char = ssl3_put_cipher_by_char, 313 .internal = &TLSv1_2_client_method_internal_data, 314 }; 315 316 const SSL_METHOD * 317 SSLv23_client_method(void) 318 { 319 return (TLS_client_method()); 320 } 321 322 const SSL_METHOD * 323 TLS_client_method(void) 324 { 325 #ifdef LIBRESSL_HAS_TLS1_3_CLIENT 326 return (&TLS_client_method_data); 327 #else 328 return tls_legacy_client_method(); 329 #endif 330 } 331 332 const SSL_METHOD * 333 tls_legacy_client_method(void) 334 { 335 return (&TLS_legacy_client_method_data); 336 } 337 338 const SSL_METHOD * 339 TLSv1_client_method(void) 340 { 341 return (&TLSv1_client_method_data); 342 } 343 344 const SSL_METHOD * 345 TLSv1_1_client_method(void) 346 { 347 return (&TLSv1_1_client_method_data); 348 } 349 350 const SSL_METHOD * 351 TLSv1_2_client_method(void) 352 { 353 return (&TLSv1_2_client_method_data); 354 } 355 356 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 357 static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 358 .version = TLS1_3_VERSION, 359 .min_version = TLS1_VERSION, 360 .max_version = TLS1_3_VERSION, 361 .ssl_new = tls1_new, 362 .ssl_clear = tls1_clear, 363 .ssl_free = tls1_free, 364 .ssl_accept = tls13_legacy_accept, 365 .ssl_connect = tls13_legacy_connect, 366 .ssl_shutdown = tls13_legacy_shutdown, 367 .ssl_renegotiate = ssl_undefined_function, 368 .ssl_renegotiate_check = ssl_ok, 369 .ssl_pending = tls13_legacy_pending, 370 .ssl_read_bytes = tls13_legacy_read_bytes, 371 .ssl_write_bytes = tls13_legacy_write_bytes, 372 .ssl3_enc = &TLSv1_3_enc_data, 373 }; 374 375 static const SSL_METHOD TLS_method_data = { 376 .ssl_dispatch_alert = ssl3_dispatch_alert, 377 .num_ciphers = ssl3_num_ciphers, 378 .get_cipher = ssl3_get_cipher, 379 .get_cipher_by_char = ssl3_get_cipher_by_char, 380 .put_cipher_by_char = ssl3_put_cipher_by_char, 381 .internal = &TLS_method_internal_data, 382 }; 383 #endif 384 385 static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 386 .version = TLS1_2_VERSION, 387 .min_version = TLS1_VERSION, 388 .max_version = TLS1_2_VERSION, 389 .ssl_new = tls1_new, 390 .ssl_clear = tls1_clear, 391 .ssl_free = tls1_free, 392 .ssl_accept = ssl3_accept, 393 .ssl_connect = ssl3_connect, 394 .ssl_shutdown = ssl3_shutdown, 395 .ssl_renegotiate = ssl_undefined_function, 396 .ssl_renegotiate_check = ssl_ok, 397 .ssl_pending = ssl3_pending, 398 .ssl_read_bytes = ssl3_read_bytes, 399 .ssl_write_bytes = ssl3_write_bytes, 400 .ssl3_enc = &TLSv1_2_enc_data, 401 }; 402 403 static const SSL_METHOD TLS_legacy_method_data = { 404 .ssl_dispatch_alert = ssl3_dispatch_alert, 405 .num_ciphers = ssl3_num_ciphers, 406 .get_cipher = ssl3_get_cipher, 407 .get_cipher_by_char = ssl3_get_cipher_by_char, 408 .put_cipher_by_char = ssl3_put_cipher_by_char, 409 .internal = &TLS_legacy_method_internal_data, 410 }; 411 412 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 413 .version = TLS1_VERSION, 414 .min_version = TLS1_VERSION, 415 .max_version = TLS1_VERSION, 416 .ssl_new = tls1_new, 417 .ssl_clear = tls1_clear, 418 .ssl_free = tls1_free, 419 .ssl_accept = ssl3_accept, 420 .ssl_connect = ssl3_connect, 421 .ssl_shutdown = ssl3_shutdown, 422 .ssl_renegotiate = ssl3_renegotiate, 423 .ssl_renegotiate_check = ssl3_renegotiate_check, 424 .ssl_pending = ssl3_pending, 425 .ssl_read_bytes = ssl3_read_bytes, 426 .ssl_write_bytes = ssl3_write_bytes, 427 .ssl3_enc = &TLSv1_enc_data, 428 }; 429 430 static const SSL_METHOD TLSv1_method_data = { 431 .ssl_dispatch_alert = ssl3_dispatch_alert, 432 .num_ciphers = ssl3_num_ciphers, 433 .get_cipher = ssl3_get_cipher, 434 .get_cipher_by_char = ssl3_get_cipher_by_char, 435 .put_cipher_by_char = ssl3_put_cipher_by_char, 436 .internal = &TLSv1_method_internal_data, 437 }; 438 439 static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 440 .version = TLS1_1_VERSION, 441 .min_version = TLS1_1_VERSION, 442 .max_version = TLS1_1_VERSION, 443 .ssl_new = tls1_new, 444 .ssl_clear = tls1_clear, 445 .ssl_free = tls1_free, 446 .ssl_accept = ssl3_accept, 447 .ssl_connect = ssl3_connect, 448 .ssl_shutdown = ssl3_shutdown, 449 .ssl_renegotiate = ssl3_renegotiate, 450 .ssl_renegotiate_check = ssl3_renegotiate_check, 451 .ssl_pending = ssl3_pending, 452 .ssl_read_bytes = ssl3_read_bytes, 453 .ssl_write_bytes = ssl3_write_bytes, 454 .ssl3_enc = &TLSv1_1_enc_data, 455 }; 456 457 static const SSL_METHOD TLSv1_1_method_data = { 458 .ssl_dispatch_alert = ssl3_dispatch_alert, 459 .num_ciphers = ssl3_num_ciphers, 460 .get_cipher = ssl3_get_cipher, 461 .get_cipher_by_char = ssl3_get_cipher_by_char, 462 .put_cipher_by_char = ssl3_put_cipher_by_char, 463 .internal = &TLSv1_1_method_internal_data, 464 }; 465 466 static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 467 .version = TLS1_2_VERSION, 468 .min_version = TLS1_2_VERSION, 469 .max_version = TLS1_2_VERSION, 470 .ssl_new = tls1_new, 471 .ssl_clear = tls1_clear, 472 .ssl_free = tls1_free, 473 .ssl_accept = ssl3_accept, 474 .ssl_connect = ssl3_connect, 475 .ssl_shutdown = ssl3_shutdown, 476 .ssl_renegotiate = ssl3_renegotiate, 477 .ssl_renegotiate_check = ssl3_renegotiate_check, 478 .ssl_pending = ssl3_pending, 479 .ssl_read_bytes = ssl3_read_bytes, 480 .ssl_write_bytes = ssl3_write_bytes, 481 .ssl3_enc = &TLSv1_2_enc_data, 482 }; 483 484 static const SSL_METHOD TLSv1_2_method_data = { 485 .ssl_dispatch_alert = ssl3_dispatch_alert, 486 .num_ciphers = ssl3_num_ciphers, 487 .get_cipher = ssl3_get_cipher, 488 .get_cipher_by_char = ssl3_get_cipher_by_char, 489 .put_cipher_by_char = ssl3_put_cipher_by_char, 490 .internal = &TLSv1_2_method_internal_data, 491 }; 492 493 const SSL_METHOD * 494 SSLv23_method(void) 495 { 496 return (TLS_method()); 497 } 498 499 const SSL_METHOD * 500 TLS_method(void) 501 { 502 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 503 return (&TLS_method_data); 504 #else 505 return tls_legacy_method(); 506 #endif 507 } 508 509 const SSL_METHOD * 510 tls_legacy_method(void) 511 { 512 return (&TLS_legacy_method_data); 513 } 514 515 const SSL_METHOD * 516 TLSv1_method(void) 517 { 518 return (&TLSv1_method_data); 519 } 520 521 const SSL_METHOD * 522 TLSv1_1_method(void) 523 { 524 return (&TLSv1_1_method_data); 525 } 526 527 const SSL_METHOD * 528 TLSv1_2_method(void) 529 { 530 return (&TLSv1_2_method_data); 531 } 532 533 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 534 static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { 535 .version = TLS1_3_VERSION, 536 .min_version = TLS1_VERSION, 537 .max_version = TLS1_3_VERSION, 538 .ssl_new = tls1_new, 539 .ssl_clear = tls1_clear, 540 .ssl_free = tls1_free, 541 .ssl_accept = tls13_legacy_accept, 542 .ssl_connect = ssl_undefined_function, 543 .ssl_shutdown = tls13_legacy_shutdown, 544 .ssl_renegotiate = ssl_undefined_function, 545 .ssl_renegotiate_check = ssl_ok, 546 .ssl_pending = tls13_legacy_pending, 547 .ssl_read_bytes = tls13_legacy_read_bytes, 548 .ssl_write_bytes = tls13_legacy_write_bytes, 549 .ssl3_enc = &TLSv1_3_enc_data, 550 }; 551 552 static const SSL_METHOD TLS_server_method_data = { 553 .ssl_dispatch_alert = ssl3_dispatch_alert, 554 .num_ciphers = ssl3_num_ciphers, 555 .get_cipher = ssl3_get_cipher, 556 .get_cipher_by_char = ssl3_get_cipher_by_char, 557 .put_cipher_by_char = ssl3_put_cipher_by_char, 558 .internal = &TLS_server_method_internal_data, 559 }; 560 #endif 561 562 static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = { 563 .version = TLS1_2_VERSION, 564 .min_version = TLS1_VERSION, 565 .max_version = TLS1_2_VERSION, 566 .ssl_new = tls1_new, 567 .ssl_clear = tls1_clear, 568 .ssl_free = tls1_free, 569 .ssl_accept = ssl3_accept, 570 .ssl_connect = ssl_undefined_function, 571 .ssl_shutdown = ssl3_shutdown, 572 .ssl_renegotiate = ssl_undefined_function, 573 .ssl_renegotiate_check = ssl_ok, 574 .ssl_pending = ssl3_pending, 575 .ssl_read_bytes = ssl3_read_bytes, 576 .ssl_write_bytes = ssl3_write_bytes, 577 .ssl3_enc = &TLSv1_2_enc_data, 578 }; 579 580 static const SSL_METHOD TLS_legacy_server_method_data = { 581 .ssl_dispatch_alert = ssl3_dispatch_alert, 582 .num_ciphers = ssl3_num_ciphers, 583 .get_cipher = ssl3_get_cipher, 584 .get_cipher_by_char = ssl3_get_cipher_by_char, 585 .put_cipher_by_char = ssl3_put_cipher_by_char, 586 .internal = &TLS_legacy_server_method_internal_data, 587 }; 588 589 static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = { 590 .version = TLS1_VERSION, 591 .min_version = TLS1_VERSION, 592 .max_version = TLS1_VERSION, 593 .ssl_new = tls1_new, 594 .ssl_clear = tls1_clear, 595 .ssl_free = tls1_free, 596 .ssl_accept = ssl3_accept, 597 .ssl_connect = ssl_undefined_function, 598 .ssl_shutdown = ssl3_shutdown, 599 .ssl_renegotiate = ssl3_renegotiate, 600 .ssl_renegotiate_check = ssl3_renegotiate_check, 601 .ssl_pending = ssl3_pending, 602 .ssl_read_bytes = ssl3_read_bytes, 603 .ssl_write_bytes = ssl3_write_bytes, 604 .ssl3_enc = &TLSv1_enc_data, 605 }; 606 607 static const SSL_METHOD TLSv1_server_method_data = { 608 .ssl_dispatch_alert = ssl3_dispatch_alert, 609 .num_ciphers = ssl3_num_ciphers, 610 .get_cipher = ssl3_get_cipher, 611 .get_cipher_by_char = ssl3_get_cipher_by_char, 612 .put_cipher_by_char = ssl3_put_cipher_by_char, 613 .internal = &TLSv1_server_method_internal_data, 614 }; 615 616 static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = { 617 .version = TLS1_1_VERSION, 618 .min_version = TLS1_1_VERSION, 619 .max_version = TLS1_1_VERSION, 620 .ssl_new = tls1_new, 621 .ssl_clear = tls1_clear, 622 .ssl_free = tls1_free, 623 .ssl_accept = ssl3_accept, 624 .ssl_connect = ssl_undefined_function, 625 .ssl_shutdown = ssl3_shutdown, 626 .ssl_renegotiate = ssl3_renegotiate, 627 .ssl_renegotiate_check = ssl3_renegotiate_check, 628 .ssl_pending = ssl3_pending, 629 .ssl_read_bytes = ssl3_read_bytes, 630 .ssl_write_bytes = ssl3_write_bytes, 631 .ssl3_enc = &TLSv1_1_enc_data, 632 }; 633 634 static const SSL_METHOD TLSv1_1_server_method_data = { 635 .ssl_dispatch_alert = ssl3_dispatch_alert, 636 .num_ciphers = ssl3_num_ciphers, 637 .get_cipher = ssl3_get_cipher, 638 .get_cipher_by_char = ssl3_get_cipher_by_char, 639 .put_cipher_by_char = ssl3_put_cipher_by_char, 640 .internal = &TLSv1_1_server_method_internal_data, 641 }; 642 643 static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = { 644 .version = TLS1_2_VERSION, 645 .min_version = TLS1_2_VERSION, 646 .max_version = TLS1_2_VERSION, 647 .ssl_new = tls1_new, 648 .ssl_clear = tls1_clear, 649 .ssl_free = tls1_free, 650 .ssl_accept = ssl3_accept, 651 .ssl_connect = ssl_undefined_function, 652 .ssl_shutdown = ssl3_shutdown, 653 .ssl_renegotiate = ssl3_renegotiate, 654 .ssl_renegotiate_check = ssl3_renegotiate_check, 655 .ssl_pending = ssl3_pending, 656 .ssl_read_bytes = ssl3_read_bytes, 657 .ssl_write_bytes = ssl3_write_bytes, 658 .ssl3_enc = &TLSv1_2_enc_data, 659 }; 660 661 static const SSL_METHOD TLSv1_2_server_method_data = { 662 .ssl_dispatch_alert = ssl3_dispatch_alert, 663 .num_ciphers = ssl3_num_ciphers, 664 .get_cipher = ssl3_get_cipher, 665 .get_cipher_by_char = ssl3_get_cipher_by_char, 666 .put_cipher_by_char = ssl3_put_cipher_by_char, 667 .internal = &TLSv1_2_server_method_internal_data, 668 }; 669 670 const SSL_METHOD * 671 SSLv23_server_method(void) 672 { 673 return (TLS_server_method()); 674 } 675 676 const SSL_METHOD * 677 TLS_server_method(void) 678 { 679 #ifdef LIBRESSL_HAS_TLS1_3_SERVER 680 return (&TLS_server_method_data); 681 #else 682 return tls_legacy_server_method(); 683 #endif 684 } 685 686 const SSL_METHOD * 687 tls_legacy_server_method(void) 688 { 689 return (&TLS_legacy_server_method_data); 690 } 691 692 const SSL_METHOD * 693 TLSv1_server_method(void) 694 { 695 return (&TLSv1_server_method_data); 696 } 697 698 const SSL_METHOD * 699 TLSv1_1_server_method(void) 700 { 701 return (&TLSv1_1_server_method_data); 702 } 703 704 const SSL_METHOD * 705 TLSv1_2_server_method(void) 706 { 707 return (&TLSv1_2_server_method_data); 708 } 709 710 const SSL_METHOD * 711 ssl_get_client_method(uint16_t version) 712 { 713 if (version == TLS1_3_VERSION) 714 return (TLS_client_method()); 715 if (version == TLS1_2_VERSION) 716 return (TLSv1_2_client_method()); 717 if (version == TLS1_1_VERSION) 718 return (TLSv1_1_client_method()); 719 if (version == TLS1_VERSION) 720 return (TLSv1_client_method()); 721 if (version == DTLS1_VERSION) 722 return (DTLSv1_client_method()); 723 724 return (NULL); 725 } 726 727 const SSL_METHOD * 728 ssl_get_server_method(uint16_t version) 729 { 730 if (version == TLS1_3_VERSION) 731 return (TLS_server_method()); 732 if (version == TLS1_2_VERSION) 733 return (TLSv1_2_server_method()); 734 if (version == TLS1_1_VERSION) 735 return (TLSv1_1_server_method()); 736 if (version == TLS1_VERSION) 737 return (TLSv1_server_method()); 738 if (version == DTLS1_VERSION) 739 return (DTLSv1_server_method()); 740 741 return (NULL); 742 } 743