xref: /openbsd/lib/libssl/ssl_methods.c (revision 970acf87) 
1*970acf87Sjsing /* $OpenBSD: ssl_methods.c,v 1.23 2021/02/25 17:06:05 jsing Exp $ */
29158af98Sjsing /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
39158af98Sjsing  * All rights reserved.
49158af98Sjsing  *
59158af98Sjsing  * This package is an SSL implementation written
69158af98Sjsing  * by Eric Young (eay@cryptsoft.com).
79158af98Sjsing  * The implementation was written so as to conform with Netscapes SSL.
89158af98Sjsing  *
99158af98Sjsing  * This library is free for commercial and non-commercial use as long as
109158af98Sjsing  * the following conditions are aheared to.  The following conditions
119158af98Sjsing  * apply to all code found in this distribution, be it the RC4, RSA,
129158af98Sjsing  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
139158af98Sjsing  * included with this distribution is covered by the same copyright terms
149158af98Sjsing  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
159158af98Sjsing  *
169158af98Sjsing  * Copyright remains Eric Young's, and as such any Copyright notices in
179158af98Sjsing  * the code are not to be removed.
189158af98Sjsing  * If this package is used in a product, Eric Young should be given attribution
199158af98Sjsing  * as the author of the parts of the library used.
209158af98Sjsing  * This can be in the form of a textual message at program startup or
219158af98Sjsing  * in documentation (online or textual) provided with the package.
229158af98Sjsing  *
239158af98Sjsing  * Redistribution and use in source and binary forms, with or without
249158af98Sjsing  * modification, are permitted provided that the following conditions
259158af98Sjsing  * are met:
269158af98Sjsing  * 1. Redistributions of source code must retain the copyright
279158af98Sjsing  *    notice, this list of conditions and the following disclaimer.
289158af98Sjsing  * 2. Redistributions in binary form must reproduce the above copyright
299158af98Sjsing  *    notice, this list of conditions and the following disclaimer in the
309158af98Sjsing  *    documentation and/or other materials provided with the distribution.
319158af98Sjsing  * 3. All advertising materials mentioning features or use of this software
329158af98Sjsing  *    must display the following acknowledgement:
339158af98Sjsing  *    "This product includes cryptographic software written by
349158af98Sjsing  *     Eric Young (eay@cryptsoft.com)"
359158af98Sjsing  *    The word 'cryptographic' can be left out if the rouines from the library
369158af98Sjsing  *    being used are not cryptographic related :-).
379158af98Sjsing  * 4. If you include any Windows specific code (or a derivative thereof) from
389158af98Sjsing  *    the apps directory (application code) you must include an acknowledgement:
399158af98Sjsing  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
409158af98Sjsing  *
419158af98Sjsing  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
429158af98Sjsing  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
439158af98Sjsing  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
449158af98Sjsing  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
459158af98Sjsing  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
469158af98Sjsing  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
479158af98Sjsing  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
489158af98Sjsing  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
499158af98Sjsing  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
509158af98Sjsing  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
519158af98Sjsing  * SUCH DAMAGE.
529158af98Sjsing  *
539158af98Sjsing  * The licence and distribution terms for any publically available version or
549158af98Sjsing  * derivative of this code cannot be changed.  i.e. this code cannot simply be
559158af98Sjsing  * copied and put under another distribution licence
569158af98Sjsing  * [including the GNU Public Licence.]
579158af98Sjsing  */
589158af98Sjsing 
599158af98Sjsing #include "ssl_locl.h"
60efee3f2fSjsing #include "tls13_internal.h"
619158af98Sjsing 
62a48e0dedSjsing #ifdef LIBRESSL_HAS_DTLS1_2
63a48e0dedSjsing static const SSL_METHOD_INTERNAL DTLS_method_internal_data = {
64a48e0dedSjsing 	.dtls = 1,
65a48e0dedSjsing 	.server = 1,
66a48e0dedSjsing 	.version = DTLS1_2_VERSION,
67*970acf87Sjsing 	.min_tls_version = TLS1_1_VERSION,
68*970acf87Sjsing 	.max_tls_version = TLS1_2_VERSION,
69a48e0dedSjsing 	.ssl_new = dtls1_new,
70a48e0dedSjsing 	.ssl_clear = dtls1_clear,
71a48e0dedSjsing 	.ssl_free = dtls1_free,
72a48e0dedSjsing 	.ssl_accept = ssl3_accept,
73a48e0dedSjsing 	.ssl_connect = ssl3_connect,
74a48e0dedSjsing 	.ssl_shutdown = ssl3_shutdown,
75a48e0dedSjsing 	.ssl_renegotiate = ssl3_renegotiate,
76a48e0dedSjsing 	.ssl_renegotiate_check = ssl3_renegotiate_check,
77a48e0dedSjsing 	.ssl_pending = ssl3_pending,
78a48e0dedSjsing 	.ssl_read_bytes = dtls1_read_bytes,
79a48e0dedSjsing 	.ssl_write_bytes = dtls1_write_app_data_bytes,
80a48e0dedSjsing 	.enc_flags = TLSV1_2_ENC_FLAGS,
81a48e0dedSjsing };
82a48e0dedSjsing 
83a48e0dedSjsing static const SSL_METHOD DTLS_method_data = {
84a48e0dedSjsing 	.ssl_dispatch_alert = dtls1_dispatch_alert,
85a48e0dedSjsing 	.num_ciphers = ssl3_num_ciphers,
86a48e0dedSjsing 	.get_cipher = dtls1_get_cipher,
87a48e0dedSjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
88a48e0dedSjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
89a48e0dedSjsing 	.internal = &DTLS_method_internal_data,
90a48e0dedSjsing };
91a48e0dedSjsing 
92a48e0dedSjsing static const SSL_METHOD_INTERNAL DTLS_client_method_internal_data = {
93a48e0dedSjsing 	.dtls = 1,
94a48e0dedSjsing 	.server = 0,
95a48e0dedSjsing 	.version = DTLS1_2_VERSION,
96*970acf87Sjsing 	.min_tls_version = TLS1_1_VERSION,
97*970acf87Sjsing 	.max_tls_version = TLS1_2_VERSION,
98a48e0dedSjsing 	.ssl_new = dtls1_new,
99a48e0dedSjsing 	.ssl_clear = dtls1_clear,
100a48e0dedSjsing 	.ssl_free = dtls1_free,
101a48e0dedSjsing 	.ssl_accept = ssl_undefined_function,
102a48e0dedSjsing 	.ssl_connect = ssl3_connect,
103a48e0dedSjsing 	.ssl_shutdown = ssl3_shutdown,
104a48e0dedSjsing 	.ssl_renegotiate = ssl3_renegotiate,
105a48e0dedSjsing 	.ssl_renegotiate_check = ssl3_renegotiate_check,
106a48e0dedSjsing 	.ssl_pending = ssl3_pending,
107a48e0dedSjsing 	.ssl_read_bytes = dtls1_read_bytes,
108a48e0dedSjsing 	.ssl_write_bytes = dtls1_write_app_data_bytes,
109a48e0dedSjsing 	.enc_flags = TLSV1_2_ENC_FLAGS,
110a48e0dedSjsing };
111a48e0dedSjsing 
112a48e0dedSjsing static const SSL_METHOD DTLS_client_method_data = {
113a48e0dedSjsing 	.ssl_dispatch_alert = dtls1_dispatch_alert,
114a48e0dedSjsing 	.num_ciphers = ssl3_num_ciphers,
115a48e0dedSjsing 	.get_cipher = dtls1_get_cipher,
116a48e0dedSjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
117a48e0dedSjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
118a48e0dedSjsing 	.internal = &DTLS_client_method_internal_data,
119a48e0dedSjsing };
120a48e0dedSjsing #endif
121a48e0dedSjsing 
1229158af98Sjsing static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
123354e02d3Sjsing 	.dtls = 1,
124d1294899Stb 	.server = 1,
1259158af98Sjsing 	.version = DTLS1_VERSION,
126*970acf87Sjsing 	.min_tls_version = TLS1_1_VERSION,
127*970acf87Sjsing 	.max_tls_version = TLS1_1_VERSION,
1289158af98Sjsing 	.ssl_new = dtls1_new,
1299158af98Sjsing 	.ssl_clear = dtls1_clear,
1309158af98Sjsing 	.ssl_free = dtls1_free,
1319158af98Sjsing 	.ssl_accept = ssl3_accept,
1329158af98Sjsing 	.ssl_connect = ssl3_connect,
1331a6e1177Sjsing 	.ssl_shutdown = ssl3_shutdown,
1349158af98Sjsing 	.ssl_renegotiate = ssl3_renegotiate,
1359158af98Sjsing 	.ssl_renegotiate_check = ssl3_renegotiate_check,
1368dc90bbaSjsing 	.ssl_pending = ssl3_pending,
1379158af98Sjsing 	.ssl_read_bytes = dtls1_read_bytes,
1389158af98Sjsing 	.ssl_write_bytes = dtls1_write_app_data_bytes,
1391d2a9be2Sguenther 	.enc_flags = TLSV1_1_ENC_FLAGS,
1409158af98Sjsing };
1419158af98Sjsing 
1429158af98Sjsing static const SSL_METHOD DTLSv1_method_data = {
1439158af98Sjsing 	.ssl_dispatch_alert = dtls1_dispatch_alert,
1449158af98Sjsing 	.num_ciphers = ssl3_num_ciphers,
1459158af98Sjsing 	.get_cipher = dtls1_get_cipher,
1469158af98Sjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
1479158af98Sjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
1489158af98Sjsing 	.internal = &DTLSv1_method_internal_data,
1499158af98Sjsing };
1509158af98Sjsing 
151d1294899Stb static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
152d1294899Stb 	.dtls = 1,
153d1294899Stb 	.server = 0,
154d1294899Stb 	.version = DTLS1_VERSION,
155*970acf87Sjsing 	.min_tls_version = TLS1_1_VERSION,
156*970acf87Sjsing 	.max_tls_version = TLS1_1_VERSION,
157d1294899Stb 	.ssl_new = dtls1_new,
158d1294899Stb 	.ssl_clear = dtls1_clear,
159d1294899Stb 	.ssl_free = dtls1_free,
160d1294899Stb 	.ssl_accept = ssl_undefined_function,
161d1294899Stb 	.ssl_connect = ssl3_connect,
162d1294899Stb 	.ssl_shutdown = ssl3_shutdown,
163d1294899Stb 	.ssl_renegotiate = ssl3_renegotiate,
164d1294899Stb 	.ssl_renegotiate_check = ssl3_renegotiate_check,
165d1294899Stb 	.ssl_pending = ssl3_pending,
166d1294899Stb 	.ssl_read_bytes = dtls1_read_bytes,
167d1294899Stb 	.ssl_write_bytes = dtls1_write_app_data_bytes,
168d1294899Stb 	.enc_flags = TLSV1_1_ENC_FLAGS,
169d1294899Stb };
170d1294899Stb 
171d1294899Stb static const SSL_METHOD DTLSv1_client_method_data = {
172d1294899Stb 	.ssl_dispatch_alert = dtls1_dispatch_alert,
173d1294899Stb 	.num_ciphers = ssl3_num_ciphers,
174d1294899Stb 	.get_cipher = dtls1_get_cipher,
175d1294899Stb 	.get_cipher_by_char = ssl3_get_cipher_by_char,
176d1294899Stb 	.put_cipher_by_char = ssl3_put_cipher_by_char,
177d1294899Stb 	.internal = &DTLSv1_client_method_internal_data,
178d1294899Stb };
179d1294899Stb 
180a48e0dedSjsing static const SSL_METHOD_INTERNAL DTLSv1_2_method_internal_data = {
181a48e0dedSjsing 	.dtls = 1,
182a48e0dedSjsing 	.server = 1,
183a48e0dedSjsing 	.version = DTLS1_2_VERSION,
184*970acf87Sjsing 	.min_tls_version = TLS1_2_VERSION,
185*970acf87Sjsing 	.max_tls_version = TLS1_2_VERSION,
186a48e0dedSjsing 	.ssl_new = dtls1_new,
187a48e0dedSjsing 	.ssl_clear = dtls1_clear,
188a48e0dedSjsing 	.ssl_free = dtls1_free,
189a48e0dedSjsing 	.ssl_accept = ssl3_accept,
190a48e0dedSjsing 	.ssl_connect = ssl3_connect,
191a48e0dedSjsing 	.ssl_shutdown = ssl3_shutdown,
192a48e0dedSjsing 	.ssl_renegotiate = ssl3_renegotiate,
193a48e0dedSjsing 	.ssl_renegotiate_check = ssl3_renegotiate_check,
194a48e0dedSjsing 	.ssl_pending = ssl3_pending,
195a48e0dedSjsing 	.ssl_read_bytes = dtls1_read_bytes,
196a48e0dedSjsing 	.ssl_write_bytes = dtls1_write_app_data_bytes,
197a48e0dedSjsing 	.enc_flags = TLSV1_2_ENC_FLAGS,
198a48e0dedSjsing };
199a48e0dedSjsing 
200a48e0dedSjsing static const SSL_METHOD DTLSv1_2_method_data = {
201a48e0dedSjsing 	.ssl_dispatch_alert = dtls1_dispatch_alert,
202a48e0dedSjsing 	.num_ciphers = ssl3_num_ciphers,
203a48e0dedSjsing 	.get_cipher = dtls1_get_cipher,
204a48e0dedSjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
205a48e0dedSjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
206a48e0dedSjsing 	.internal = &DTLSv1_2_method_internal_data,
207a48e0dedSjsing };
208a48e0dedSjsing 
209a48e0dedSjsing static const SSL_METHOD_INTERNAL DTLSv1_2_client_method_internal_data = {
210a48e0dedSjsing 	.dtls = 1,
211a48e0dedSjsing 	.server = 0,
212a48e0dedSjsing 	.version = DTLS1_2_VERSION,
213*970acf87Sjsing 	.min_tls_version = TLS1_2_VERSION,
214*970acf87Sjsing 	.max_tls_version = TLS1_2_VERSION,
215a48e0dedSjsing 	.ssl_new = dtls1_new,
216a48e0dedSjsing 	.ssl_clear = dtls1_clear,
217a48e0dedSjsing 	.ssl_free = dtls1_free,
218a48e0dedSjsing 	.ssl_accept = ssl_undefined_function,
219a48e0dedSjsing 	.ssl_connect = ssl3_connect,
220a48e0dedSjsing 	.ssl_shutdown = ssl3_shutdown,
221a48e0dedSjsing 	.ssl_renegotiate = ssl3_renegotiate,
222a48e0dedSjsing 	.ssl_renegotiate_check = ssl3_renegotiate_check,
223a48e0dedSjsing 	.ssl_pending = ssl3_pending,
224a48e0dedSjsing 	.ssl_read_bytes = dtls1_read_bytes,
225a48e0dedSjsing 	.ssl_write_bytes = dtls1_write_app_data_bytes,
226a48e0dedSjsing 	.enc_flags = TLSV1_2_ENC_FLAGS,
227a48e0dedSjsing };
228a48e0dedSjsing 
229a48e0dedSjsing static const SSL_METHOD DTLSv1_2_client_method_data = {
230a48e0dedSjsing 	.ssl_dispatch_alert = dtls1_dispatch_alert,
231a48e0dedSjsing 	.num_ciphers = ssl3_num_ciphers,
232a48e0dedSjsing 	.get_cipher = dtls1_get_cipher,
233a48e0dedSjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
234a48e0dedSjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
235a48e0dedSjsing 	.internal = &DTLSv1_2_client_method_internal_data,
236a48e0dedSjsing };
237a48e0dedSjsing 
2389158af98Sjsing const SSL_METHOD *
2399fef1c44Sjsing DTLSv1_client_method(void)
2409fef1c44Sjsing {
241d1294899Stb 	return &DTLSv1_client_method_data;
2429fef1c44Sjsing }
2439fef1c44Sjsing 
2449fef1c44Sjsing const SSL_METHOD *
2459158af98Sjsing DTLSv1_method(void)
2469158af98Sjsing {
2479158af98Sjsing 	return &DTLSv1_method_data;
2489158af98Sjsing }
2499158af98Sjsing 
25071023d34Sjsing const SSL_METHOD *
2519fef1c44Sjsing DTLSv1_server_method(void)
2529fef1c44Sjsing {
2539fef1c44Sjsing 	return &DTLSv1_method_data;
2549fef1c44Sjsing }
2559fef1c44Sjsing 
2569fef1c44Sjsing const SSL_METHOD *
257a48e0dedSjsing DTLSv1_2_client_method(void)
258a48e0dedSjsing {
259a48e0dedSjsing 	return &DTLSv1_2_client_method_data;
260a48e0dedSjsing }
261a48e0dedSjsing 
262a48e0dedSjsing const SSL_METHOD *
263a48e0dedSjsing DTLSv1_2_method(void)
264a48e0dedSjsing {
265a48e0dedSjsing 	return &DTLSv1_2_method_data;
266a48e0dedSjsing }
267a48e0dedSjsing 
268a48e0dedSjsing const SSL_METHOD *
269a48e0dedSjsing DTLSv1_2_server_method(void)
270a48e0dedSjsing {
271a48e0dedSjsing 	return &DTLSv1_2_method_data;
272a48e0dedSjsing }
273a48e0dedSjsing 
274a48e0dedSjsing const SSL_METHOD *
2759fef1c44Sjsing DTLS_client_method(void)
2769fef1c44Sjsing {
277a48e0dedSjsing #ifdef LIBRESSL_HAS_DTLS1_2
278a48e0dedSjsing 	return &DTLS_client_method_data;
279a48e0dedSjsing #else
280d1294899Stb 	return DTLSv1_client_method();
281a48e0dedSjsing #endif
2829fef1c44Sjsing }
2839fef1c44Sjsing 
2849fef1c44Sjsing const SSL_METHOD *
28571023d34Sjsing DTLS_method(void)
28671023d34Sjsing {
287a48e0dedSjsing #ifdef LIBRESSL_HAS_DTLS1_2
288a48e0dedSjsing 	return &DTLS_method_data;
289a48e0dedSjsing #else
29071023d34Sjsing 	return DTLSv1_method();
291a48e0dedSjsing #endif
29271023d34Sjsing }
29371023d34Sjsing 
2949158af98Sjsing const SSL_METHOD *
29571023d34Sjsing DTLS_server_method(void)
29671023d34Sjsing {
297a48e0dedSjsing #ifdef LIBRESSL_HAS_DTLS1_2
298a48e0dedSjsing 	return &DTLS_method_data;
299a48e0dedSjsing #else
300a48e0dedSjsing 	return DTLSv1_server_method();
301a48e0dedSjsing #endif
3029158af98Sjsing }
3039158af98Sjsing 
30494149d15Sjsing #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
3059158af98Sjsing static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
306354e02d3Sjsing 	.dtls = 0,
307d1294899Stb 	.server = 1,
30894149d15Sjsing 	.version = TLS1_3_VERSION,
309*970acf87Sjsing 	.min_tls_version = TLS1_VERSION,
310*970acf87Sjsing 	.max_tls_version = TLS1_3_VERSION,
31194149d15Sjsing 	.ssl_new = tls1_new,
31294149d15Sjsing 	.ssl_clear = tls1_clear,
31394149d15Sjsing 	.ssl_free = tls1_free,
31494149d15Sjsing 	.ssl_accept = tls13_legacy_accept,
31594149d15Sjsing 	.ssl_connect = tls13_legacy_connect,
31694149d15Sjsing 	.ssl_shutdown = tls13_legacy_shutdown,
31794149d15Sjsing 	.ssl_renegotiate = ssl_undefined_function,
31894149d15Sjsing 	.ssl_renegotiate_check = ssl_ok,
31994149d15Sjsing 	.ssl_pending = tls13_legacy_pending,
32094149d15Sjsing 	.ssl_read_bytes = tls13_legacy_read_bytes,
32194149d15Sjsing 	.ssl_write_bytes = tls13_legacy_write_bytes,
3221d2a9be2Sguenther 	.enc_flags = TLSV1_3_ENC_FLAGS,
32394149d15Sjsing };
32494149d15Sjsing 
32594149d15Sjsing static const SSL_METHOD TLS_method_data = {
32694149d15Sjsing 	.ssl_dispatch_alert = ssl3_dispatch_alert,
32794149d15Sjsing 	.num_ciphers = ssl3_num_ciphers,
32894149d15Sjsing 	.get_cipher = ssl3_get_cipher,
32994149d15Sjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
33094149d15Sjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
33194149d15Sjsing 	.internal = &TLS_method_internal_data,
33294149d15Sjsing };
33394149d15Sjsing #endif
33494149d15Sjsing 
33594149d15Sjsing static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = {
336354e02d3Sjsing 	.dtls = 0,
337d1294899Stb 	.server = 1,
3389158af98Sjsing 	.version = TLS1_2_VERSION,
339*970acf87Sjsing 	.min_tls_version = TLS1_VERSION,
340*970acf87Sjsing 	.max_tls_version = TLS1_2_VERSION,
3419158af98Sjsing 	.ssl_new = tls1_new,
3429158af98Sjsing 	.ssl_clear = tls1_clear,
3439158af98Sjsing 	.ssl_free = tls1_free,
3449158af98Sjsing 	.ssl_accept = ssl3_accept,
3459158af98Sjsing 	.ssl_connect = ssl3_connect,
3461a6e1177Sjsing 	.ssl_shutdown = ssl3_shutdown,
3479158af98Sjsing 	.ssl_renegotiate = ssl_undefined_function,
3489158af98Sjsing 	.ssl_renegotiate_check = ssl_ok,
3498dc90bbaSjsing 	.ssl_pending = ssl3_pending,
3509158af98Sjsing 	.ssl_read_bytes = ssl3_read_bytes,
3519158af98Sjsing 	.ssl_write_bytes = ssl3_write_bytes,
3521d2a9be2Sguenther 	.enc_flags = TLSV1_2_ENC_FLAGS,
3539158af98Sjsing };
3549158af98Sjsing 
35594149d15Sjsing static const SSL_METHOD TLS_legacy_method_data = {
3569158af98Sjsing 	.ssl_dispatch_alert = ssl3_dispatch_alert,
3579158af98Sjsing 	.num_ciphers = ssl3_num_ciphers,
3589158af98Sjsing 	.get_cipher = ssl3_get_cipher,
3599158af98Sjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
3609158af98Sjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
36194149d15Sjsing 	.internal = &TLS_legacy_method_internal_data,
3629158af98Sjsing };
3639158af98Sjsing 
364d1294899Stb #if defined(LIBRESSL_HAS_TLS1_3_CLIENT)
365d1294899Stb static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
366d1294899Stb 	.dtls = 0,
367d1294899Stb 	.server = 0,
368d1294899Stb 	.version = TLS1_3_VERSION,
369*970acf87Sjsing 	.min_tls_version = TLS1_VERSION,
370*970acf87Sjsing 	.max_tls_version = TLS1_3_VERSION,
371d1294899Stb 	.ssl_new = tls1_new,
372d1294899Stb 	.ssl_clear = tls1_clear,
373d1294899Stb 	.ssl_free = tls1_free,
374d1294899Stb 	.ssl_accept = tls13_legacy_accept,
375d1294899Stb 	.ssl_connect = tls13_legacy_connect,
376d1294899Stb 	.ssl_shutdown = tls13_legacy_shutdown,
377d1294899Stb 	.ssl_renegotiate = ssl_undefined_function,
378d1294899Stb 	.ssl_renegotiate_check = ssl_ok,
379d1294899Stb 	.ssl_pending = tls13_legacy_pending,
380d1294899Stb 	.ssl_read_bytes = tls13_legacy_read_bytes,
381d1294899Stb 	.ssl_write_bytes = tls13_legacy_write_bytes,
382d1294899Stb 	.enc_flags = TLSV1_3_ENC_FLAGS,
383d1294899Stb };
384d1294899Stb 
385d1294899Stb static const SSL_METHOD TLS_client_method_data = {
386d1294899Stb 	.ssl_dispatch_alert = ssl3_dispatch_alert,
387d1294899Stb 	.num_ciphers = ssl3_num_ciphers,
388d1294899Stb 	.get_cipher = ssl3_get_cipher,
389d1294899Stb 	.get_cipher_by_char = ssl3_get_cipher_by_char,
390d1294899Stb 	.put_cipher_by_char = ssl3_put_cipher_by_char,
391d1294899Stb 	.internal = &TLS_client_method_internal_data,
392d1294899Stb };
393d1294899Stb 
394d1294899Stb #else
395d1294899Stb 
396d1294899Stb static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
397d1294899Stb 	.dtls = 0,
398d1294899Stb 	.server = 0,
399d1294899Stb 	.version = TLS1_2_VERSION,
400*970acf87Sjsing 	.min_tls_version = TLS1_VERSION,
401*970acf87Sjsing 	.max_tls_version = TLS1_2_VERSION,
402d1294899Stb 	.ssl_new = tls1_new,
403d1294899Stb 	.ssl_clear = tls1_clear,
404d1294899Stb 	.ssl_free = tls1_free,
405d1294899Stb 	.ssl_accept = ssl3_accept,
406d1294899Stb 	.ssl_connect = ssl3_connect,
407d1294899Stb 	.ssl_shutdown = ssl3_shutdown,
408d1294899Stb 	.ssl_renegotiate = ssl_undefined_function,
409d1294899Stb 	.ssl_renegotiate_check = ssl_ok,
410d1294899Stb 	.ssl_pending = ssl3_pending,
411d1294899Stb 	.ssl_read_bytes = ssl3_read_bytes,
412d1294899Stb 	.ssl_write_bytes = ssl3_write_bytes,
413d1294899Stb 	.enc_flags = TLSV1_2_ENC_FLAGS,
414d1294899Stb };
415d1294899Stb 
416d1294899Stb static const SSL_METHOD TLS_legacy_client_method_data = {
417d1294899Stb 	.ssl_dispatch_alert = ssl3_dispatch_alert,
418d1294899Stb 	.num_ciphers = ssl3_num_ciphers,
419d1294899Stb 	.get_cipher = ssl3_get_cipher,
420d1294899Stb 	.get_cipher_by_char = ssl3_get_cipher_by_char,
421d1294899Stb 	.put_cipher_by_char = ssl3_put_cipher_by_char,
422d1294899Stb 	.internal = &TLS_legacy_client_method_internal_data,
423d1294899Stb };
424d1294899Stb #endif
425d1294899Stb 
4269158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
427354e02d3Sjsing 	.dtls = 0,
428d1294899Stb 	.server = 1,
4299158af98Sjsing 	.version = TLS1_VERSION,
430*970acf87Sjsing 	.min_tls_version = TLS1_VERSION,
431*970acf87Sjsing 	.max_tls_version = TLS1_VERSION,
4329158af98Sjsing 	.ssl_new = tls1_new,
4339158af98Sjsing 	.ssl_clear = tls1_clear,
4349158af98Sjsing 	.ssl_free = tls1_free,
4359158af98Sjsing 	.ssl_accept = ssl3_accept,
4369158af98Sjsing 	.ssl_connect = ssl3_connect,
4371a6e1177Sjsing 	.ssl_shutdown = ssl3_shutdown,
4389158af98Sjsing 	.ssl_renegotiate = ssl3_renegotiate,
4399158af98Sjsing 	.ssl_renegotiate_check = ssl3_renegotiate_check,
4408dc90bbaSjsing 	.ssl_pending = ssl3_pending,
4419158af98Sjsing 	.ssl_read_bytes = ssl3_read_bytes,
4429158af98Sjsing 	.ssl_write_bytes = ssl3_write_bytes,
4431d2a9be2Sguenther 	.enc_flags = TLSV1_ENC_FLAGS,
4449158af98Sjsing };
4459158af98Sjsing 
4469158af98Sjsing static const SSL_METHOD TLSv1_method_data = {
4479158af98Sjsing 	.ssl_dispatch_alert = ssl3_dispatch_alert,
4489158af98Sjsing 	.num_ciphers = ssl3_num_ciphers,
4499158af98Sjsing 	.get_cipher = ssl3_get_cipher,
4509158af98Sjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
4519158af98Sjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
4529158af98Sjsing 	.internal = &TLSv1_method_internal_data,
4539158af98Sjsing };
4549158af98Sjsing 
455d1294899Stb static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
456d1294899Stb 	.dtls = 0,
457d1294899Stb 	.server = 0,
458d1294899Stb 	.version = TLS1_VERSION,
459*970acf87Sjsing 	.min_tls_version = TLS1_VERSION,
460*970acf87Sjsing 	.max_tls_version = TLS1_VERSION,
461d1294899Stb 	.ssl_new = tls1_new,
462d1294899Stb 	.ssl_clear = tls1_clear,
463d1294899Stb 	.ssl_free = tls1_free,
464d1294899Stb 	.ssl_accept = ssl_undefined_function,
465d1294899Stb 	.ssl_connect = ssl3_connect,
466d1294899Stb 	.ssl_shutdown = ssl3_shutdown,
467d1294899Stb 	.ssl_renegotiate = ssl3_renegotiate,
468d1294899Stb 	.ssl_renegotiate_check = ssl3_renegotiate_check,
469d1294899Stb 	.ssl_pending = ssl3_pending,
470d1294899Stb 	.ssl_read_bytes = ssl3_read_bytes,
471d1294899Stb 	.ssl_write_bytes = ssl3_write_bytes,
472d1294899Stb 	.enc_flags = TLSV1_ENC_FLAGS,
473d1294899Stb };
474d1294899Stb 
475d1294899Stb static const SSL_METHOD TLSv1_client_method_data = {
476d1294899Stb 	.ssl_dispatch_alert = ssl3_dispatch_alert,
477d1294899Stb 	.num_ciphers = ssl3_num_ciphers,
478d1294899Stb 	.get_cipher = ssl3_get_cipher,
479d1294899Stb 	.get_cipher_by_char = ssl3_get_cipher_by_char,
480d1294899Stb 	.put_cipher_by_char = ssl3_put_cipher_by_char,
481d1294899Stb 	.internal = &TLSv1_client_method_internal_data,
482d1294899Stb };
483d1294899Stb 
4849158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
485354e02d3Sjsing 	.dtls = 0,
486d1294899Stb 	.server = 1,
4879158af98Sjsing 	.version = TLS1_1_VERSION,
488*970acf87Sjsing 	.min_tls_version = TLS1_1_VERSION,
489*970acf87Sjsing 	.max_tls_version = TLS1_1_VERSION,
4909158af98Sjsing 	.ssl_new = tls1_new,
4919158af98Sjsing 	.ssl_clear = tls1_clear,
4929158af98Sjsing 	.ssl_free = tls1_free,
4939158af98Sjsing 	.ssl_accept = ssl3_accept,
4949158af98Sjsing 	.ssl_connect = ssl3_connect,
4951a6e1177Sjsing 	.ssl_shutdown = ssl3_shutdown,
4969158af98Sjsing 	.ssl_renegotiate = ssl3_renegotiate,
4979158af98Sjsing 	.ssl_renegotiate_check = ssl3_renegotiate_check,
4988dc90bbaSjsing 	.ssl_pending = ssl3_pending,
4999158af98Sjsing 	.ssl_read_bytes = ssl3_read_bytes,
5009158af98Sjsing 	.ssl_write_bytes = ssl3_write_bytes,
5011d2a9be2Sguenther 	.enc_flags = TLSV1_1_ENC_FLAGS,
5029158af98Sjsing };
5039158af98Sjsing 
5049158af98Sjsing static const SSL_METHOD TLSv1_1_method_data = {
5059158af98Sjsing 	.ssl_dispatch_alert = ssl3_dispatch_alert,
5069158af98Sjsing 	.num_ciphers = ssl3_num_ciphers,
5079158af98Sjsing 	.get_cipher = ssl3_get_cipher,
5089158af98Sjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
5099158af98Sjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
5109158af98Sjsing 	.internal = &TLSv1_1_method_internal_data,
5119158af98Sjsing };
5129158af98Sjsing 
513d1294899Stb static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
514d1294899Stb 	.dtls = 0,
515d1294899Stb 	.server = 0,
516d1294899Stb 	.version = TLS1_1_VERSION,
517*970acf87Sjsing 	.min_tls_version = TLS1_1_VERSION,
518*970acf87Sjsing 	.max_tls_version = TLS1_1_VERSION,
519d1294899Stb 	.ssl_new = tls1_new,
520d1294899Stb 	.ssl_clear = tls1_clear,
521d1294899Stb 	.ssl_free = tls1_free,
522d1294899Stb 	.ssl_accept = ssl_undefined_function,
523d1294899Stb 	.ssl_connect = ssl3_connect,
524d1294899Stb 	.ssl_shutdown = ssl3_shutdown,
525d1294899Stb 	.ssl_renegotiate = ssl3_renegotiate,
526d1294899Stb 	.ssl_renegotiate_check = ssl3_renegotiate_check,
527d1294899Stb 	.ssl_pending = ssl3_pending,
528d1294899Stb 	.ssl_read_bytes = ssl3_read_bytes,
529d1294899Stb 	.ssl_write_bytes = ssl3_write_bytes,
530d1294899Stb 	.enc_flags = TLSV1_1_ENC_FLAGS,
531d1294899Stb };
532d1294899Stb 
533d1294899Stb static const SSL_METHOD TLSv1_1_client_method_data = {
534d1294899Stb 	.ssl_dispatch_alert = ssl3_dispatch_alert,
535d1294899Stb 	.num_ciphers = ssl3_num_ciphers,
536d1294899Stb 	.get_cipher = ssl3_get_cipher,
537d1294899Stb 	.get_cipher_by_char = ssl3_get_cipher_by_char,
538d1294899Stb 	.put_cipher_by_char = ssl3_put_cipher_by_char,
539d1294899Stb 	.internal = &TLSv1_1_client_method_internal_data,
540d1294899Stb };
541d1294899Stb 
5429158af98Sjsing static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
543354e02d3Sjsing 	.dtls = 0,
544d1294899Stb 	.server = 1,
5459158af98Sjsing 	.version = TLS1_2_VERSION,
546*970acf87Sjsing 	.min_tls_version = TLS1_2_VERSION,
547*970acf87Sjsing 	.max_tls_version = TLS1_2_VERSION,
5489158af98Sjsing 	.ssl_new = tls1_new,
5499158af98Sjsing 	.ssl_clear = tls1_clear,
5509158af98Sjsing 	.ssl_free = tls1_free,
5519158af98Sjsing 	.ssl_accept = ssl3_accept,
5529158af98Sjsing 	.ssl_connect = ssl3_connect,
5531a6e1177Sjsing 	.ssl_shutdown = ssl3_shutdown,
5549158af98Sjsing 	.ssl_renegotiate = ssl3_renegotiate,
5559158af98Sjsing 	.ssl_renegotiate_check = ssl3_renegotiate_check,
5568dc90bbaSjsing 	.ssl_pending = ssl3_pending,
5579158af98Sjsing 	.ssl_read_bytes = ssl3_read_bytes,
5589158af98Sjsing 	.ssl_write_bytes = ssl3_write_bytes,
5591d2a9be2Sguenther 	.enc_flags = TLSV1_2_ENC_FLAGS,
5609158af98Sjsing };
5619158af98Sjsing 
5629158af98Sjsing static const SSL_METHOD TLSv1_2_method_data = {
5639158af98Sjsing 	.ssl_dispatch_alert = ssl3_dispatch_alert,
5649158af98Sjsing 	.num_ciphers = ssl3_num_ciphers,
5659158af98Sjsing 	.get_cipher = ssl3_get_cipher,
5669158af98Sjsing 	.get_cipher_by_char = ssl3_get_cipher_by_char,
5679158af98Sjsing 	.put_cipher_by_char = ssl3_put_cipher_by_char,
5689158af98Sjsing 	.internal = &TLSv1_2_method_internal_data,
5699158af98Sjsing };
5709158af98Sjsing 
571d1294899Stb static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
572d1294899Stb 	.dtls = 0,
573d1294899Stb 	.server = 0,
574d1294899Stb 	.version = TLS1_2_VERSION,
575*970acf87Sjsing 	.min_tls_version = TLS1_2_VERSION,
576*970acf87Sjsing 	.max_tls_version = TLS1_2_VERSION,
577d1294899Stb 	.ssl_new = tls1_new,
578d1294899Stb 	.ssl_clear = tls1_clear,
579d1294899Stb 	.ssl_free = tls1_free,
580d1294899Stb 	.ssl_accept = ssl_undefined_function,
581d1294899Stb 	.ssl_connect = ssl3_connect,
582d1294899Stb 	.ssl_shutdown = ssl3_shutdown,
583d1294899Stb 	.ssl_renegotiate = ssl3_renegotiate,
584d1294899Stb 	.ssl_renegotiate_check = ssl3_renegotiate_check,
585d1294899Stb 	.ssl_pending = ssl3_pending,
586d1294899Stb 	.ssl_read_bytes = ssl3_read_bytes,
587d1294899Stb 	.ssl_write_bytes = ssl3_write_bytes,
588d1294899Stb 	.enc_flags = TLSV1_2_ENC_FLAGS,
589d1294899Stb };
590d1294899Stb 
591d1294899Stb static const SSL_METHOD TLSv1_2_client_method_data = {
592d1294899Stb 	.ssl_dispatch_alert = ssl3_dispatch_alert,
593d1294899Stb 	.num_ciphers = ssl3_num_ciphers,
594d1294899Stb 	.get_cipher = ssl3_get_cipher,
595d1294899Stb 	.get_cipher_by_char = ssl3_get_cipher_by_char,
596d1294899Stb 	.put_cipher_by_char = ssl3_put_cipher_by_char,
597d1294899Stb 	.internal = &TLSv1_2_client_method_internal_data,
598d1294899Stb };
599d1294899Stb 
6009158af98Sjsing const SSL_METHOD *
6019fef1c44Sjsing TLS_client_method(void)
6029158af98Sjsing {
603d1294899Stb #if defined(LIBRESSL_HAS_TLS1_3_CLIENT)
604d1294899Stb 	return (&TLS_client_method_data);
605d1294899Stb #else
606d1294899Stb 	return (&TLS_legacy_client_method_data);
607d1294899Stb #endif
6089158af98Sjsing }
6099158af98Sjsing 
6109158af98Sjsing const SSL_METHOD *
6119158af98Sjsing TLS_method(void)
6129158af98Sjsing {
61394149d15Sjsing #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
61494149d15Sjsing 	return (&TLS_method_data);
61594149d15Sjsing #else
61694149d15Sjsing 	return tls_legacy_method();
61794149d15Sjsing #endif
61894149d15Sjsing }
61994149d15Sjsing 
62094149d15Sjsing const SSL_METHOD *
6219fef1c44Sjsing TLS_server_method(void)
6229fef1c44Sjsing {
6239fef1c44Sjsing 	return TLS_method();
6249fef1c44Sjsing }
6259fef1c44Sjsing 
6269fef1c44Sjsing const SSL_METHOD *
62794149d15Sjsing tls_legacy_method(void)
62894149d15Sjsing {
62994149d15Sjsing 	return (&TLS_legacy_method_data);
6309158af98Sjsing }
6319158af98Sjsing 
6329158af98Sjsing const SSL_METHOD *
6339fef1c44Sjsing SSLv23_client_method(void)
6349fef1c44Sjsing {
635d1294899Stb 	return TLS_client_method();
6369fef1c44Sjsing }
6379fef1c44Sjsing 
6389fef1c44Sjsing const SSL_METHOD *
6399fef1c44Sjsing SSLv23_method(void)
6409fef1c44Sjsing {
6419fef1c44Sjsing 	return TLS_method();
6429fef1c44Sjsing }
6439fef1c44Sjsing 
6449fef1c44Sjsing const SSL_METHOD *
6459fef1c44Sjsing SSLv23_server_method(void)
6469fef1c44Sjsing {
6479fef1c44Sjsing 	return TLS_method();
6489fef1c44Sjsing }
6499fef1c44Sjsing 
6509fef1c44Sjsing const SSL_METHOD *
6519fef1c44Sjsing TLSv1_client_method(void)
6529fef1c44Sjsing {
653d1294899Stb 	return (&TLSv1_client_method_data);
6549fef1c44Sjsing }
6559fef1c44Sjsing 
6569fef1c44Sjsing const SSL_METHOD *
6579158af98Sjsing TLSv1_method(void)
6589158af98Sjsing {
6599158af98Sjsing 	return (&TLSv1_method_data);
6609158af98Sjsing }
6619158af98Sjsing 
6629158af98Sjsing const SSL_METHOD *
6639fef1c44Sjsing TLSv1_server_method(void)
6649fef1c44Sjsing {
6659fef1c44Sjsing 	return (&TLSv1_method_data);
6669fef1c44Sjsing }
6679fef1c44Sjsing 
6689fef1c44Sjsing const SSL_METHOD *
6699fef1c44Sjsing TLSv1_1_client_method(void)
6709fef1c44Sjsing {
671d1294899Stb 	return (&TLSv1_1_client_method_data);
6729fef1c44Sjsing }
6739fef1c44Sjsing 
6749fef1c44Sjsing const SSL_METHOD *
6759158af98Sjsing TLSv1_1_method(void)
6769158af98Sjsing {
6779158af98Sjsing 	return (&TLSv1_1_method_data);
6789158af98Sjsing }
6799158af98Sjsing 
6809158af98Sjsing const SSL_METHOD *
6819fef1c44Sjsing TLSv1_1_server_method(void)
6829fef1c44Sjsing {
6839fef1c44Sjsing 	return (&TLSv1_1_method_data);
6849fef1c44Sjsing }
6859fef1c44Sjsing 
6869fef1c44Sjsing const SSL_METHOD *
6879fef1c44Sjsing TLSv1_2_client_method(void)
6889fef1c44Sjsing {
689d1294899Stb 	return (&TLSv1_2_client_method_data);
6909fef1c44Sjsing }
6919fef1c44Sjsing 
6929fef1c44Sjsing const SSL_METHOD *
6939158af98Sjsing TLSv1_2_method(void)
6949158af98Sjsing {
6959158af98Sjsing 	return (&TLSv1_2_method_data);
6969158af98Sjsing }
6979158af98Sjsing 
6989158af98Sjsing const SSL_METHOD *
6999158af98Sjsing TLSv1_2_server_method(void)
7009158af98Sjsing {
7019fef1c44Sjsing 	return (&TLSv1_2_method_data);
7029158af98Sjsing }
703bfc125deSjsing 
704bfc125deSjsing const SSL_METHOD *
7059fef1c44Sjsing ssl_get_method(uint16_t version)
706bfc125deSjsing {
707bfc125deSjsing 	if (version == TLS1_3_VERSION)
7089fef1c44Sjsing 		return (TLS_method());
709bfc125deSjsing 	if (version == TLS1_2_VERSION)
7109fef1c44Sjsing 		return (TLSv1_2_method());
711bfc125deSjsing 	if (version == TLS1_1_VERSION)
7129fef1c44Sjsing 		return (TLSv1_1_method());
713bfc125deSjsing 	if (version == TLS1_VERSION)
7149fef1c44Sjsing 		return (TLSv1_method());
715bfc125deSjsing 	if (version == DTLS1_VERSION)
7169fef1c44Sjsing 		return (DTLSv1_method());
717a48e0dedSjsing 	if (version == DTLS1_2_VERSION)
718a48e0dedSjsing 		return (DTLSv1_2_method());
719bfc125deSjsing 
720bfc125deSjsing 	return (NULL);
721bfc125deSjsing }
722