1*970acf87Sjsing /* $OpenBSD: ssl_methods.c,v 1.23 2021/02/25 17:06:05 jsing Exp $ */ 29158af98Sjsing /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 39158af98Sjsing * All rights reserved. 49158af98Sjsing * 59158af98Sjsing * This package is an SSL implementation written 69158af98Sjsing * by Eric Young (eay@cryptsoft.com). 79158af98Sjsing * The implementation was written so as to conform with Netscapes SSL. 89158af98Sjsing * 99158af98Sjsing * This library is free for commercial and non-commercial use as long as 109158af98Sjsing * the following conditions are aheared to. The following conditions 119158af98Sjsing * apply to all code found in this distribution, be it the RC4, RSA, 129158af98Sjsing * lhash, DES, etc., code; not just the SSL code. The SSL documentation 139158af98Sjsing * included with this distribution is covered by the same copyright terms 149158af98Sjsing * except that the holder is Tim Hudson (tjh@cryptsoft.com). 159158af98Sjsing * 169158af98Sjsing * Copyright remains Eric Young's, and as such any Copyright notices in 179158af98Sjsing * the code are not to be removed. 189158af98Sjsing * If this package is used in a product, Eric Young should be given attribution 199158af98Sjsing * as the author of the parts of the library used. 209158af98Sjsing * This can be in the form of a textual message at program startup or 219158af98Sjsing * in documentation (online or textual) provided with the package. 229158af98Sjsing * 239158af98Sjsing * Redistribution and use in source and binary forms, with or without 249158af98Sjsing * modification, are permitted provided that the following conditions 259158af98Sjsing * are met: 269158af98Sjsing * 1. Redistributions of source code must retain the copyright 279158af98Sjsing * notice, this list of conditions and the following disclaimer. 289158af98Sjsing * 2. Redistributions in binary form must reproduce the above copyright 299158af98Sjsing * notice, this list of conditions and the following disclaimer in the 309158af98Sjsing * documentation and/or other materials provided with the distribution. 319158af98Sjsing * 3. All advertising materials mentioning features or use of this software 329158af98Sjsing * must display the following acknowledgement: 339158af98Sjsing * "This product includes cryptographic software written by 349158af98Sjsing * Eric Young (eay@cryptsoft.com)" 359158af98Sjsing * The word 'cryptographic' can be left out if the rouines from the library 369158af98Sjsing * being used are not cryptographic related :-). 379158af98Sjsing * 4. If you include any Windows specific code (or a derivative thereof) from 389158af98Sjsing * the apps directory (application code) you must include an acknowledgement: 399158af98Sjsing * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 409158af98Sjsing * 419158af98Sjsing * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 429158af98Sjsing * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 439158af98Sjsing * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 449158af98Sjsing * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 459158af98Sjsing * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 469158af98Sjsing * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 479158af98Sjsing * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 489158af98Sjsing * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 499158af98Sjsing * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 509158af98Sjsing * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 519158af98Sjsing * SUCH DAMAGE. 529158af98Sjsing * 539158af98Sjsing * The licence and distribution terms for any publically available version or 549158af98Sjsing * derivative of this code cannot be changed. i.e. this code cannot simply be 559158af98Sjsing * copied and put under another distribution licence 569158af98Sjsing * [including the GNU Public Licence.] 579158af98Sjsing */ 589158af98Sjsing 599158af98Sjsing #include "ssl_locl.h" 60efee3f2fSjsing #include "tls13_internal.h" 619158af98Sjsing 62a48e0dedSjsing #ifdef LIBRESSL_HAS_DTLS1_2 63a48e0dedSjsing static const SSL_METHOD_INTERNAL DTLS_method_internal_data = { 64a48e0dedSjsing .dtls = 1, 65a48e0dedSjsing .server = 1, 66a48e0dedSjsing .version = DTLS1_2_VERSION, 67*970acf87Sjsing .min_tls_version = TLS1_1_VERSION, 68*970acf87Sjsing .max_tls_version = TLS1_2_VERSION, 69a48e0dedSjsing .ssl_new = dtls1_new, 70a48e0dedSjsing .ssl_clear = dtls1_clear, 71a48e0dedSjsing .ssl_free = dtls1_free, 72a48e0dedSjsing .ssl_accept = ssl3_accept, 73a48e0dedSjsing .ssl_connect = ssl3_connect, 74a48e0dedSjsing .ssl_shutdown = ssl3_shutdown, 75a48e0dedSjsing .ssl_renegotiate = ssl3_renegotiate, 76a48e0dedSjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 77a48e0dedSjsing .ssl_pending = ssl3_pending, 78a48e0dedSjsing .ssl_read_bytes = dtls1_read_bytes, 79a48e0dedSjsing .ssl_write_bytes = dtls1_write_app_data_bytes, 80a48e0dedSjsing .enc_flags = TLSV1_2_ENC_FLAGS, 81a48e0dedSjsing }; 82a48e0dedSjsing 83a48e0dedSjsing static const SSL_METHOD DTLS_method_data = { 84a48e0dedSjsing .ssl_dispatch_alert = dtls1_dispatch_alert, 85a48e0dedSjsing .num_ciphers = ssl3_num_ciphers, 86a48e0dedSjsing .get_cipher = dtls1_get_cipher, 87a48e0dedSjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 88a48e0dedSjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 89a48e0dedSjsing .internal = &DTLS_method_internal_data, 90a48e0dedSjsing }; 91a48e0dedSjsing 92a48e0dedSjsing static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = { 93a48e0dedSjsing .dtls = 1, 94a48e0dedSjsing .server = 0, 95a48e0dedSjsing .version = DTLS1_2_VERSION, 96*970acf87Sjsing .min_tls_version = TLS1_1_VERSION, 97*970acf87Sjsing .max_tls_version = TLS1_2_VERSION, 98a48e0dedSjsing .ssl_new = dtls1_new, 99a48e0dedSjsing .ssl_clear = dtls1_clear, 100a48e0dedSjsing .ssl_free = dtls1_free, 101a48e0dedSjsing .ssl_accept = ssl_undefined_function, 102a48e0dedSjsing .ssl_connect = ssl3_connect, 103a48e0dedSjsing .ssl_shutdown = ssl3_shutdown, 104a48e0dedSjsing .ssl_renegotiate = ssl3_renegotiate, 105a48e0dedSjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 106a48e0dedSjsing .ssl_pending = ssl3_pending, 107a48e0dedSjsing .ssl_read_bytes = dtls1_read_bytes, 108a48e0dedSjsing .ssl_write_bytes = dtls1_write_app_data_bytes, 109a48e0dedSjsing .enc_flags = TLSV1_2_ENC_FLAGS, 110a48e0dedSjsing }; 111a48e0dedSjsing 112a48e0dedSjsing static const SSL_METHOD DTLS_client_method_data = { 113a48e0dedSjsing .ssl_dispatch_alert = dtls1_dispatch_alert, 114a48e0dedSjsing .num_ciphers = ssl3_num_ciphers, 115a48e0dedSjsing .get_cipher = dtls1_get_cipher, 116a48e0dedSjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 117a48e0dedSjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 118a48e0dedSjsing .internal = &DTLS_client_method_internal_data, 119a48e0dedSjsing }; 120a48e0dedSjsing #endif 121a48e0dedSjsing 1229158af98Sjsing static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 123354e02d3Sjsing .dtls = 1, 124d1294899Stb .server = 1, 1259158af98Sjsing .version = DTLS1_VERSION, 126*970acf87Sjsing .min_tls_version = TLS1_1_VERSION, 127*970acf87Sjsing .max_tls_version = TLS1_1_VERSION, 1289158af98Sjsing .ssl_new = dtls1_new, 1299158af98Sjsing .ssl_clear = dtls1_clear, 1309158af98Sjsing .ssl_free = dtls1_free, 1319158af98Sjsing .ssl_accept = ssl3_accept, 1329158af98Sjsing .ssl_connect = ssl3_connect, 1331a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 1349158af98Sjsing .ssl_renegotiate = ssl3_renegotiate, 1359158af98Sjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 1368dc90bbaSjsing .ssl_pending = ssl3_pending, 1379158af98Sjsing .ssl_read_bytes = dtls1_read_bytes, 1389158af98Sjsing .ssl_write_bytes = dtls1_write_app_data_bytes, 1391d2a9be2Sguenther .enc_flags = TLSV1_1_ENC_FLAGS, 1409158af98Sjsing }; 1419158af98Sjsing 1429158af98Sjsing static const SSL_METHOD DTLSv1_method_data = { 1439158af98Sjsing .ssl_dispatch_alert = dtls1_dispatch_alert, 1449158af98Sjsing .num_ciphers = ssl3_num_ciphers, 1459158af98Sjsing .get_cipher = dtls1_get_cipher, 1469158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 1479158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 1489158af98Sjsing .internal = &DTLSv1_method_internal_data, 1499158af98Sjsing }; 1509158af98Sjsing 151d1294899Stb static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = { 152d1294899Stb .dtls = 1, 153d1294899Stb .server = 0, 154d1294899Stb .version = DTLS1_VERSION, 155*970acf87Sjsing .min_tls_version = TLS1_1_VERSION, 156*970acf87Sjsing .max_tls_version = TLS1_1_VERSION, 157d1294899Stb .ssl_new = dtls1_new, 158d1294899Stb .ssl_clear = dtls1_clear, 159d1294899Stb .ssl_free = dtls1_free, 160d1294899Stb .ssl_accept = ssl_undefined_function, 161d1294899Stb .ssl_connect = ssl3_connect, 162d1294899Stb .ssl_shutdown = ssl3_shutdown, 163d1294899Stb .ssl_renegotiate = ssl3_renegotiate, 164d1294899Stb .ssl_renegotiate_check = ssl3_renegotiate_check, 165d1294899Stb .ssl_pending = ssl3_pending, 166d1294899Stb .ssl_read_bytes = dtls1_read_bytes, 167d1294899Stb .ssl_write_bytes = dtls1_write_app_data_bytes, 168d1294899Stb .enc_flags = TLSV1_1_ENC_FLAGS, 169d1294899Stb }; 170d1294899Stb 171d1294899Stb static const SSL_METHOD DTLSv1_client_method_data = { 172d1294899Stb .ssl_dispatch_alert = dtls1_dispatch_alert, 173d1294899Stb .num_ciphers = ssl3_num_ciphers, 174d1294899Stb .get_cipher = dtls1_get_cipher, 175d1294899Stb .get_cipher_by_char = ssl3_get_cipher_by_char, 176d1294899Stb .put_cipher_by_char = ssl3_put_cipher_by_char, 177d1294899Stb .internal = &DTLSv1_client_method_internal_data, 178d1294899Stb }; 179d1294899Stb 180a48e0dedSjsing static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = { 181a48e0dedSjsing .dtls = 1, 182a48e0dedSjsing .server = 1, 183a48e0dedSjsing .version = DTLS1_2_VERSION, 184*970acf87Sjsing .min_tls_version = TLS1_2_VERSION, 185*970acf87Sjsing .max_tls_version = TLS1_2_VERSION, 186a48e0dedSjsing .ssl_new = dtls1_new, 187a48e0dedSjsing .ssl_clear = dtls1_clear, 188a48e0dedSjsing .ssl_free = dtls1_free, 189a48e0dedSjsing .ssl_accept = ssl3_accept, 190a48e0dedSjsing .ssl_connect = ssl3_connect, 191a48e0dedSjsing .ssl_shutdown = ssl3_shutdown, 192a48e0dedSjsing .ssl_renegotiate = ssl3_renegotiate, 193a48e0dedSjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 194a48e0dedSjsing .ssl_pending = ssl3_pending, 195a48e0dedSjsing .ssl_read_bytes = dtls1_read_bytes, 196a48e0dedSjsing .ssl_write_bytes = dtls1_write_app_data_bytes, 197a48e0dedSjsing .enc_flags = TLSV1_2_ENC_FLAGS, 198a48e0dedSjsing }; 199a48e0dedSjsing 200a48e0dedSjsing static const SSL_METHOD DTLSv1_2_method_data = { 201a48e0dedSjsing .ssl_dispatch_alert = dtls1_dispatch_alert, 202a48e0dedSjsing .num_ciphers = ssl3_num_ciphers, 203a48e0dedSjsing .get_cipher = dtls1_get_cipher, 204a48e0dedSjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 205a48e0dedSjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 206a48e0dedSjsing .internal = &DTLSv1_2_method_internal_data, 207a48e0dedSjsing }; 208a48e0dedSjsing 209a48e0dedSjsing static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = { 210a48e0dedSjsing .dtls = 1, 211a48e0dedSjsing .server = 0, 212a48e0dedSjsing .version = DTLS1_2_VERSION, 213*970acf87Sjsing .min_tls_version = TLS1_2_VERSION, 214*970acf87Sjsing .max_tls_version = TLS1_2_VERSION, 215a48e0dedSjsing .ssl_new = dtls1_new, 216a48e0dedSjsing .ssl_clear = dtls1_clear, 217a48e0dedSjsing .ssl_free = dtls1_free, 218a48e0dedSjsing .ssl_accept = ssl_undefined_function, 219a48e0dedSjsing .ssl_connect = ssl3_connect, 220a48e0dedSjsing .ssl_shutdown = ssl3_shutdown, 221a48e0dedSjsing .ssl_renegotiate = ssl3_renegotiate, 222a48e0dedSjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 223a48e0dedSjsing .ssl_pending = ssl3_pending, 224a48e0dedSjsing .ssl_read_bytes = dtls1_read_bytes, 225a48e0dedSjsing .ssl_write_bytes = dtls1_write_app_data_bytes, 226a48e0dedSjsing .enc_flags = TLSV1_2_ENC_FLAGS, 227a48e0dedSjsing }; 228a48e0dedSjsing 229a48e0dedSjsing static const SSL_METHOD DTLSv1_2_client_method_data = { 230a48e0dedSjsing .ssl_dispatch_alert = dtls1_dispatch_alert, 231a48e0dedSjsing .num_ciphers = ssl3_num_ciphers, 232a48e0dedSjsing .get_cipher = dtls1_get_cipher, 233a48e0dedSjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 234a48e0dedSjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 235a48e0dedSjsing .internal = &DTLSv1_2_client_method_internal_data, 236a48e0dedSjsing }; 237a48e0dedSjsing 2389158af98Sjsing const SSL_METHOD * 2399fef1c44Sjsing DTLSv1_client_method(void) 2409fef1c44Sjsing { 241d1294899Stb return &DTLSv1_client_method_data; 2429fef1c44Sjsing } 2439fef1c44Sjsing 2449fef1c44Sjsing const SSL_METHOD * 2459158af98Sjsing DTLSv1_method(void) 2469158af98Sjsing { 2479158af98Sjsing return &DTLSv1_method_data; 2489158af98Sjsing } 2499158af98Sjsing 25071023d34Sjsing const SSL_METHOD * 2519fef1c44Sjsing DTLSv1_server_method(void) 2529fef1c44Sjsing { 2539fef1c44Sjsing return &DTLSv1_method_data; 2549fef1c44Sjsing } 2559fef1c44Sjsing 2569fef1c44Sjsing const SSL_METHOD * 257a48e0dedSjsing DTLSv1_2_client_method(void) 258a48e0dedSjsing { 259a48e0dedSjsing return &DTLSv1_2_client_method_data; 260a48e0dedSjsing } 261a48e0dedSjsing 262a48e0dedSjsing const SSL_METHOD * 263a48e0dedSjsing DTLSv1_2_method(void) 264a48e0dedSjsing { 265a48e0dedSjsing return &DTLSv1_2_method_data; 266a48e0dedSjsing } 267a48e0dedSjsing 268a48e0dedSjsing const SSL_METHOD * 269a48e0dedSjsing DTLSv1_2_server_method(void) 270a48e0dedSjsing { 271a48e0dedSjsing return &DTLSv1_2_method_data; 272a48e0dedSjsing } 273a48e0dedSjsing 274a48e0dedSjsing const SSL_METHOD * 2759fef1c44Sjsing DTLS_client_method(void) 2769fef1c44Sjsing { 277a48e0dedSjsing #ifdef LIBRESSL_HAS_DTLS1_2 278a48e0dedSjsing return &DTLS_client_method_data; 279a48e0dedSjsing #else 280d1294899Stb return DTLSv1_client_method(); 281a48e0dedSjsing #endif 2829fef1c44Sjsing } 2839fef1c44Sjsing 2849fef1c44Sjsing const SSL_METHOD * 28571023d34Sjsing DTLS_method(void) 28671023d34Sjsing { 287a48e0dedSjsing #ifdef LIBRESSL_HAS_DTLS1_2 288a48e0dedSjsing return &DTLS_method_data; 289a48e0dedSjsing #else 29071023d34Sjsing return DTLSv1_method(); 291a48e0dedSjsing #endif 29271023d34Sjsing } 29371023d34Sjsing 2949158af98Sjsing const SSL_METHOD * 29571023d34Sjsing DTLS_server_method(void) 29671023d34Sjsing { 297a48e0dedSjsing #ifdef LIBRESSL_HAS_DTLS1_2 298a48e0dedSjsing return &DTLS_method_data; 299a48e0dedSjsing #else 300a48e0dedSjsing return DTLSv1_server_method(); 301a48e0dedSjsing #endif 3029158af98Sjsing } 3039158af98Sjsing 30494149d15Sjsing #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 3059158af98Sjsing static const SSL_METHOD_INTERNAL TLS_method_internal_data = { 306354e02d3Sjsing .dtls = 0, 307d1294899Stb .server = 1, 30894149d15Sjsing .version = TLS1_3_VERSION, 309*970acf87Sjsing .min_tls_version = TLS1_VERSION, 310*970acf87Sjsing .max_tls_version = TLS1_3_VERSION, 31194149d15Sjsing .ssl_new = tls1_new, 31294149d15Sjsing .ssl_clear = tls1_clear, 31394149d15Sjsing .ssl_free = tls1_free, 31494149d15Sjsing .ssl_accept = tls13_legacy_accept, 31594149d15Sjsing .ssl_connect = tls13_legacy_connect, 31694149d15Sjsing .ssl_shutdown = tls13_legacy_shutdown, 31794149d15Sjsing .ssl_renegotiate = ssl_undefined_function, 31894149d15Sjsing .ssl_renegotiate_check = ssl_ok, 31994149d15Sjsing .ssl_pending = tls13_legacy_pending, 32094149d15Sjsing .ssl_read_bytes = tls13_legacy_read_bytes, 32194149d15Sjsing .ssl_write_bytes = tls13_legacy_write_bytes, 3221d2a9be2Sguenther .enc_flags = TLSV1_3_ENC_FLAGS, 32394149d15Sjsing }; 32494149d15Sjsing 32594149d15Sjsing static const SSL_METHOD TLS_method_data = { 32694149d15Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 32794149d15Sjsing .num_ciphers = ssl3_num_ciphers, 32894149d15Sjsing .get_cipher = ssl3_get_cipher, 32994149d15Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 33094149d15Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 33194149d15Sjsing .internal = &TLS_method_internal_data, 33294149d15Sjsing }; 33394149d15Sjsing #endif 33494149d15Sjsing 33594149d15Sjsing static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = { 336354e02d3Sjsing .dtls = 0, 337d1294899Stb .server = 1, 3389158af98Sjsing .version = TLS1_2_VERSION, 339*970acf87Sjsing .min_tls_version = TLS1_VERSION, 340*970acf87Sjsing .max_tls_version = TLS1_2_VERSION, 3419158af98Sjsing .ssl_new = tls1_new, 3429158af98Sjsing .ssl_clear = tls1_clear, 3439158af98Sjsing .ssl_free = tls1_free, 3449158af98Sjsing .ssl_accept = ssl3_accept, 3459158af98Sjsing .ssl_connect = ssl3_connect, 3461a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 3479158af98Sjsing .ssl_renegotiate = ssl_undefined_function, 3489158af98Sjsing .ssl_renegotiate_check = ssl_ok, 3498dc90bbaSjsing .ssl_pending = ssl3_pending, 3509158af98Sjsing .ssl_read_bytes = ssl3_read_bytes, 3519158af98Sjsing .ssl_write_bytes = ssl3_write_bytes, 3521d2a9be2Sguenther .enc_flags = TLSV1_2_ENC_FLAGS, 3539158af98Sjsing }; 3549158af98Sjsing 35594149d15Sjsing static const SSL_METHOD TLS_legacy_method_data = { 3569158af98Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 3579158af98Sjsing .num_ciphers = ssl3_num_ciphers, 3589158af98Sjsing .get_cipher = ssl3_get_cipher, 3599158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 3609158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 36194149d15Sjsing .internal = &TLS_legacy_method_internal_data, 3629158af98Sjsing }; 3639158af98Sjsing 364d1294899Stb #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 365d1294899Stb static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = { 366d1294899Stb .dtls = 0, 367d1294899Stb .server = 0, 368d1294899Stb .version = TLS1_3_VERSION, 369*970acf87Sjsing .min_tls_version = TLS1_VERSION, 370*970acf87Sjsing .max_tls_version = TLS1_3_VERSION, 371d1294899Stb .ssl_new = tls1_new, 372d1294899Stb .ssl_clear = tls1_clear, 373d1294899Stb .ssl_free = tls1_free, 374d1294899Stb .ssl_accept = tls13_legacy_accept, 375d1294899Stb .ssl_connect = tls13_legacy_connect, 376d1294899Stb .ssl_shutdown = tls13_legacy_shutdown, 377d1294899Stb .ssl_renegotiate = ssl_undefined_function, 378d1294899Stb .ssl_renegotiate_check = ssl_ok, 379d1294899Stb .ssl_pending = tls13_legacy_pending, 380d1294899Stb .ssl_read_bytes = tls13_legacy_read_bytes, 381d1294899Stb .ssl_write_bytes = tls13_legacy_write_bytes, 382d1294899Stb .enc_flags = TLSV1_3_ENC_FLAGS, 383d1294899Stb }; 384d1294899Stb 385d1294899Stb static const SSL_METHOD TLS_client_method_data = { 386d1294899Stb .ssl_dispatch_alert = ssl3_dispatch_alert, 387d1294899Stb .num_ciphers = ssl3_num_ciphers, 388d1294899Stb .get_cipher = ssl3_get_cipher, 389d1294899Stb .get_cipher_by_char = ssl3_get_cipher_by_char, 390d1294899Stb .put_cipher_by_char = ssl3_put_cipher_by_char, 391d1294899Stb .internal = &TLS_client_method_internal_data, 392d1294899Stb }; 393d1294899Stb 394d1294899Stb #else 395d1294899Stb 396d1294899Stb static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = { 397d1294899Stb .dtls = 0, 398d1294899Stb .server = 0, 399d1294899Stb .version = TLS1_2_VERSION, 400*970acf87Sjsing .min_tls_version = TLS1_VERSION, 401*970acf87Sjsing .max_tls_version = TLS1_2_VERSION, 402d1294899Stb .ssl_new = tls1_new, 403d1294899Stb .ssl_clear = tls1_clear, 404d1294899Stb .ssl_free = tls1_free, 405d1294899Stb .ssl_accept = ssl3_accept, 406d1294899Stb .ssl_connect = ssl3_connect, 407d1294899Stb .ssl_shutdown = ssl3_shutdown, 408d1294899Stb .ssl_renegotiate = ssl_undefined_function, 409d1294899Stb .ssl_renegotiate_check = ssl_ok, 410d1294899Stb .ssl_pending = ssl3_pending, 411d1294899Stb .ssl_read_bytes = ssl3_read_bytes, 412d1294899Stb .ssl_write_bytes = ssl3_write_bytes, 413d1294899Stb .enc_flags = TLSV1_2_ENC_FLAGS, 414d1294899Stb }; 415d1294899Stb 416d1294899Stb static const SSL_METHOD TLS_legacy_client_method_data = { 417d1294899Stb .ssl_dispatch_alert = ssl3_dispatch_alert, 418d1294899Stb .num_ciphers = ssl3_num_ciphers, 419d1294899Stb .get_cipher = ssl3_get_cipher, 420d1294899Stb .get_cipher_by_char = ssl3_get_cipher_by_char, 421d1294899Stb .put_cipher_by_char = ssl3_put_cipher_by_char, 422d1294899Stb .internal = &TLS_legacy_client_method_internal_data, 423d1294899Stb }; 424d1294899Stb #endif 425d1294899Stb 4269158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = { 427354e02d3Sjsing .dtls = 0, 428d1294899Stb .server = 1, 4299158af98Sjsing .version = TLS1_VERSION, 430*970acf87Sjsing .min_tls_version = TLS1_VERSION, 431*970acf87Sjsing .max_tls_version = TLS1_VERSION, 4329158af98Sjsing .ssl_new = tls1_new, 4339158af98Sjsing .ssl_clear = tls1_clear, 4349158af98Sjsing .ssl_free = tls1_free, 4359158af98Sjsing .ssl_accept = ssl3_accept, 4369158af98Sjsing .ssl_connect = ssl3_connect, 4371a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 4389158af98Sjsing .ssl_renegotiate = ssl3_renegotiate, 4399158af98Sjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 4408dc90bbaSjsing .ssl_pending = ssl3_pending, 4419158af98Sjsing .ssl_read_bytes = ssl3_read_bytes, 4429158af98Sjsing .ssl_write_bytes = ssl3_write_bytes, 4431d2a9be2Sguenther .enc_flags = TLSV1_ENC_FLAGS, 4449158af98Sjsing }; 4459158af98Sjsing 4469158af98Sjsing static const SSL_METHOD TLSv1_method_data = { 4479158af98Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 4489158af98Sjsing .num_ciphers = ssl3_num_ciphers, 4499158af98Sjsing .get_cipher = ssl3_get_cipher, 4509158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 4519158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 4529158af98Sjsing .internal = &TLSv1_method_internal_data, 4539158af98Sjsing }; 4549158af98Sjsing 455d1294899Stb static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = { 456d1294899Stb .dtls = 0, 457d1294899Stb .server = 0, 458d1294899Stb .version = TLS1_VERSION, 459*970acf87Sjsing .min_tls_version = TLS1_VERSION, 460*970acf87Sjsing .max_tls_version = TLS1_VERSION, 461d1294899Stb .ssl_new = tls1_new, 462d1294899Stb .ssl_clear = tls1_clear, 463d1294899Stb .ssl_free = tls1_free, 464d1294899Stb .ssl_accept = ssl_undefined_function, 465d1294899Stb .ssl_connect = ssl3_connect, 466d1294899Stb .ssl_shutdown = ssl3_shutdown, 467d1294899Stb .ssl_renegotiate = ssl3_renegotiate, 468d1294899Stb .ssl_renegotiate_check = ssl3_renegotiate_check, 469d1294899Stb .ssl_pending = ssl3_pending, 470d1294899Stb .ssl_read_bytes = ssl3_read_bytes, 471d1294899Stb .ssl_write_bytes = ssl3_write_bytes, 472d1294899Stb .enc_flags = TLSV1_ENC_FLAGS, 473d1294899Stb }; 474d1294899Stb 475d1294899Stb static const SSL_METHOD TLSv1_client_method_data = { 476d1294899Stb .ssl_dispatch_alert = ssl3_dispatch_alert, 477d1294899Stb .num_ciphers = ssl3_num_ciphers, 478d1294899Stb .get_cipher = ssl3_get_cipher, 479d1294899Stb .get_cipher_by_char = ssl3_get_cipher_by_char, 480d1294899Stb .put_cipher_by_char = ssl3_put_cipher_by_char, 481d1294899Stb .internal = &TLSv1_client_method_internal_data, 482d1294899Stb }; 483d1294899Stb 4849158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = { 485354e02d3Sjsing .dtls = 0, 486d1294899Stb .server = 1, 4879158af98Sjsing .version = TLS1_1_VERSION, 488*970acf87Sjsing .min_tls_version = TLS1_1_VERSION, 489*970acf87Sjsing .max_tls_version = TLS1_1_VERSION, 4909158af98Sjsing .ssl_new = tls1_new, 4919158af98Sjsing .ssl_clear = tls1_clear, 4929158af98Sjsing .ssl_free = tls1_free, 4939158af98Sjsing .ssl_accept = ssl3_accept, 4949158af98Sjsing .ssl_connect = ssl3_connect, 4951a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 4969158af98Sjsing .ssl_renegotiate = ssl3_renegotiate, 4979158af98Sjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 4988dc90bbaSjsing .ssl_pending = ssl3_pending, 4999158af98Sjsing .ssl_read_bytes = ssl3_read_bytes, 5009158af98Sjsing .ssl_write_bytes = ssl3_write_bytes, 5011d2a9be2Sguenther .enc_flags = TLSV1_1_ENC_FLAGS, 5029158af98Sjsing }; 5039158af98Sjsing 5049158af98Sjsing static const SSL_METHOD TLSv1_1_method_data = { 5059158af98Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 5069158af98Sjsing .num_ciphers = ssl3_num_ciphers, 5079158af98Sjsing .get_cipher = ssl3_get_cipher, 5089158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 5099158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 5109158af98Sjsing .internal = &TLSv1_1_method_internal_data, 5119158af98Sjsing }; 5129158af98Sjsing 513d1294899Stb static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = { 514d1294899Stb .dtls = 0, 515d1294899Stb .server = 0, 516d1294899Stb .version = TLS1_1_VERSION, 517*970acf87Sjsing .min_tls_version = TLS1_1_VERSION, 518*970acf87Sjsing .max_tls_version = TLS1_1_VERSION, 519d1294899Stb .ssl_new = tls1_new, 520d1294899Stb .ssl_clear = tls1_clear, 521d1294899Stb .ssl_free = tls1_free, 522d1294899Stb .ssl_accept = ssl_undefined_function, 523d1294899Stb .ssl_connect = ssl3_connect, 524d1294899Stb .ssl_shutdown = ssl3_shutdown, 525d1294899Stb .ssl_renegotiate = ssl3_renegotiate, 526d1294899Stb .ssl_renegotiate_check = ssl3_renegotiate_check, 527d1294899Stb .ssl_pending = ssl3_pending, 528d1294899Stb .ssl_read_bytes = ssl3_read_bytes, 529d1294899Stb .ssl_write_bytes = ssl3_write_bytes, 530d1294899Stb .enc_flags = TLSV1_1_ENC_FLAGS, 531d1294899Stb }; 532d1294899Stb 533d1294899Stb static const SSL_METHOD TLSv1_1_client_method_data = { 534d1294899Stb .ssl_dispatch_alert = ssl3_dispatch_alert, 535d1294899Stb .num_ciphers = ssl3_num_ciphers, 536d1294899Stb .get_cipher = ssl3_get_cipher, 537d1294899Stb .get_cipher_by_char = ssl3_get_cipher_by_char, 538d1294899Stb .put_cipher_by_char = ssl3_put_cipher_by_char, 539d1294899Stb .internal = &TLSv1_1_client_method_internal_data, 540d1294899Stb }; 541d1294899Stb 5429158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = { 543354e02d3Sjsing .dtls = 0, 544d1294899Stb .server = 1, 5459158af98Sjsing .version = TLS1_2_VERSION, 546*970acf87Sjsing .min_tls_version = TLS1_2_VERSION, 547*970acf87Sjsing .max_tls_version = TLS1_2_VERSION, 5489158af98Sjsing .ssl_new = tls1_new, 5499158af98Sjsing .ssl_clear = tls1_clear, 5509158af98Sjsing .ssl_free = tls1_free, 5519158af98Sjsing .ssl_accept = ssl3_accept, 5529158af98Sjsing .ssl_connect = ssl3_connect, 5531a6e1177Sjsing .ssl_shutdown = ssl3_shutdown, 5549158af98Sjsing .ssl_renegotiate = ssl3_renegotiate, 5559158af98Sjsing .ssl_renegotiate_check = ssl3_renegotiate_check, 5568dc90bbaSjsing .ssl_pending = ssl3_pending, 5579158af98Sjsing .ssl_read_bytes = ssl3_read_bytes, 5589158af98Sjsing .ssl_write_bytes = ssl3_write_bytes, 5591d2a9be2Sguenther .enc_flags = TLSV1_2_ENC_FLAGS, 5609158af98Sjsing }; 5619158af98Sjsing 5629158af98Sjsing static const SSL_METHOD TLSv1_2_method_data = { 5639158af98Sjsing .ssl_dispatch_alert = ssl3_dispatch_alert, 5649158af98Sjsing .num_ciphers = ssl3_num_ciphers, 5659158af98Sjsing .get_cipher = ssl3_get_cipher, 5669158af98Sjsing .get_cipher_by_char = ssl3_get_cipher_by_char, 5679158af98Sjsing .put_cipher_by_char = ssl3_put_cipher_by_char, 5689158af98Sjsing .internal = &TLSv1_2_method_internal_data, 5699158af98Sjsing }; 5709158af98Sjsing 571d1294899Stb static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = { 572d1294899Stb .dtls = 0, 573d1294899Stb .server = 0, 574d1294899Stb .version = TLS1_2_VERSION, 575*970acf87Sjsing .min_tls_version = TLS1_2_VERSION, 576*970acf87Sjsing .max_tls_version = TLS1_2_VERSION, 577d1294899Stb .ssl_new = tls1_new, 578d1294899Stb .ssl_clear = tls1_clear, 579d1294899Stb .ssl_free = tls1_free, 580d1294899Stb .ssl_accept = ssl_undefined_function, 581d1294899Stb .ssl_connect = ssl3_connect, 582d1294899Stb .ssl_shutdown = ssl3_shutdown, 583d1294899Stb .ssl_renegotiate = ssl3_renegotiate, 584d1294899Stb .ssl_renegotiate_check = ssl3_renegotiate_check, 585d1294899Stb .ssl_pending = ssl3_pending, 586d1294899Stb .ssl_read_bytes = ssl3_read_bytes, 587d1294899Stb .ssl_write_bytes = ssl3_write_bytes, 588d1294899Stb .enc_flags = TLSV1_2_ENC_FLAGS, 589d1294899Stb }; 590d1294899Stb 591d1294899Stb static const SSL_METHOD TLSv1_2_client_method_data = { 592d1294899Stb .ssl_dispatch_alert = ssl3_dispatch_alert, 593d1294899Stb .num_ciphers = ssl3_num_ciphers, 594d1294899Stb .get_cipher = ssl3_get_cipher, 595d1294899Stb .get_cipher_by_char = ssl3_get_cipher_by_char, 596d1294899Stb .put_cipher_by_char = ssl3_put_cipher_by_char, 597d1294899Stb .internal = &TLSv1_2_client_method_internal_data, 598d1294899Stb }; 599d1294899Stb 6009158af98Sjsing const SSL_METHOD * 6019fef1c44Sjsing TLS_client_method(void) 6029158af98Sjsing { 603d1294899Stb #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) 604d1294899Stb return (&TLS_client_method_data); 605d1294899Stb #else 606d1294899Stb return (&TLS_legacy_client_method_data); 607d1294899Stb #endif 6089158af98Sjsing } 6099158af98Sjsing 6109158af98Sjsing const SSL_METHOD * 6119158af98Sjsing TLS_method(void) 6129158af98Sjsing { 61394149d15Sjsing #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 61494149d15Sjsing return (&TLS_method_data); 61594149d15Sjsing #else 61694149d15Sjsing return tls_legacy_method(); 61794149d15Sjsing #endif 61894149d15Sjsing } 61994149d15Sjsing 62094149d15Sjsing const SSL_METHOD * 6219fef1c44Sjsing TLS_server_method(void) 6229fef1c44Sjsing { 6239fef1c44Sjsing return TLS_method(); 6249fef1c44Sjsing } 6259fef1c44Sjsing 6269fef1c44Sjsing const SSL_METHOD * 62794149d15Sjsing tls_legacy_method(void) 62894149d15Sjsing { 62994149d15Sjsing return (&TLS_legacy_method_data); 6309158af98Sjsing } 6319158af98Sjsing 6329158af98Sjsing const SSL_METHOD * 6339fef1c44Sjsing SSLv23_client_method(void) 6349fef1c44Sjsing { 635d1294899Stb return TLS_client_method(); 6369fef1c44Sjsing } 6379fef1c44Sjsing 6389fef1c44Sjsing const SSL_METHOD * 6399fef1c44Sjsing SSLv23_method(void) 6409fef1c44Sjsing { 6419fef1c44Sjsing return TLS_method(); 6429fef1c44Sjsing } 6439fef1c44Sjsing 6449fef1c44Sjsing const SSL_METHOD * 6459fef1c44Sjsing SSLv23_server_method(void) 6469fef1c44Sjsing { 6479fef1c44Sjsing return TLS_method(); 6489fef1c44Sjsing } 6499fef1c44Sjsing 6509fef1c44Sjsing const SSL_METHOD * 6519fef1c44Sjsing TLSv1_client_method(void) 6529fef1c44Sjsing { 653d1294899Stb return (&TLSv1_client_method_data); 6549fef1c44Sjsing } 6559fef1c44Sjsing 6569fef1c44Sjsing const SSL_METHOD * 6579158af98Sjsing TLSv1_method(void) 6589158af98Sjsing { 6599158af98Sjsing return (&TLSv1_method_data); 6609158af98Sjsing } 6619158af98Sjsing 6629158af98Sjsing const SSL_METHOD * 6639fef1c44Sjsing TLSv1_server_method(void) 6649fef1c44Sjsing { 6659fef1c44Sjsing return (&TLSv1_method_data); 6669fef1c44Sjsing } 6679fef1c44Sjsing 6689fef1c44Sjsing const SSL_METHOD * 6699fef1c44Sjsing TLSv1_1_client_method(void) 6709fef1c44Sjsing { 671d1294899Stb return (&TLSv1_1_client_method_data); 6729fef1c44Sjsing } 6739fef1c44Sjsing 6749fef1c44Sjsing const SSL_METHOD * 6759158af98Sjsing TLSv1_1_method(void) 6769158af98Sjsing { 6779158af98Sjsing return (&TLSv1_1_method_data); 6789158af98Sjsing } 6799158af98Sjsing 6809158af98Sjsing const SSL_METHOD * 6819fef1c44Sjsing TLSv1_1_server_method(void) 6829fef1c44Sjsing { 6839fef1c44Sjsing return (&TLSv1_1_method_data); 6849fef1c44Sjsing } 6859fef1c44Sjsing 6869fef1c44Sjsing const SSL_METHOD * 6879fef1c44Sjsing TLSv1_2_client_method(void) 6889fef1c44Sjsing { 689d1294899Stb return (&TLSv1_2_client_method_data); 6909fef1c44Sjsing } 6919fef1c44Sjsing 6929fef1c44Sjsing const SSL_METHOD * 6939158af98Sjsing TLSv1_2_method(void) 6949158af98Sjsing { 6959158af98Sjsing return (&TLSv1_2_method_data); 6969158af98Sjsing } 6979158af98Sjsing 6989158af98Sjsing const SSL_METHOD * 6999158af98Sjsing TLSv1_2_server_method(void) 7009158af98Sjsing { 7019fef1c44Sjsing return (&TLSv1_2_method_data); 7029158af98Sjsing } 703bfc125deSjsing 704bfc125deSjsing const SSL_METHOD * 7059fef1c44Sjsing ssl_get_method(uint16_t version) 706bfc125deSjsing { 707bfc125deSjsing if (version == TLS1_3_VERSION) 7089fef1c44Sjsing return (TLS_method()); 709bfc125deSjsing if (version == TLS1_2_VERSION) 7109fef1c44Sjsing return (TLSv1_2_method()); 711bfc125deSjsing if (version == TLS1_1_VERSION) 7129fef1c44Sjsing return (TLSv1_1_method()); 713bfc125deSjsing if (version == TLS1_VERSION) 7149fef1c44Sjsing return (TLSv1_method()); 715bfc125deSjsing if (version == DTLS1_VERSION) 7169fef1c44Sjsing return (DTLSv1_method()); 717a48e0dedSjsing if (version == DTLS1_2_VERSION) 718a48e0dedSjsing return (DTLSv1_2_method()); 719bfc125deSjsing 720bfc125deSjsing return (NULL); 721bfc125deSjsing } 722