1 /* $OpenBSD: ssl_methods.c,v 1.28 2021/07/26 03:17:38 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
59 #include "dtls_locl.h"
61 #include "tls13_internal.h"
63 static const SSL_METHOD DTLS_method_data
= {
66 .version
= DTLS1_2_VERSION
,
67 .min_tls_version
= TLS1_1_VERSION
,
68 .max_tls_version
= TLS1_2_VERSION
,
70 .ssl_clear
= dtls1_clear
,
71 .ssl_free
= dtls1_free
,
72 .ssl_accept
= ssl3_accept
,
73 .ssl_connect
= ssl3_connect
,
74 .ssl_shutdown
= ssl3_shutdown
,
75 .ssl_renegotiate
= ssl3_renegotiate
,
76 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
77 .ssl_pending
= ssl3_pending
,
78 .ssl_read_bytes
= dtls1_read_bytes
,
79 .ssl_write_bytes
= dtls1_write_app_data_bytes
,
80 .get_cipher
= dtls1_get_cipher
,
81 .enc_flags
= TLSV1_2_ENC_FLAGS
,
84 static const SSL_METHOD DTLS_client_method_data
= {
87 .version
= DTLS1_2_VERSION
,
88 .min_tls_version
= TLS1_1_VERSION
,
89 .max_tls_version
= TLS1_2_VERSION
,
91 .ssl_clear
= dtls1_clear
,
92 .ssl_free
= dtls1_free
,
93 .ssl_accept
= ssl_undefined_function
,
94 .ssl_connect
= ssl3_connect
,
95 .ssl_shutdown
= ssl3_shutdown
,
96 .ssl_renegotiate
= ssl3_renegotiate
,
97 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
98 .ssl_pending
= ssl3_pending
,
99 .ssl_read_bytes
= dtls1_read_bytes
,
100 .ssl_write_bytes
= dtls1_write_app_data_bytes
,
101 .get_cipher
= dtls1_get_cipher
,
102 .enc_flags
= TLSV1_2_ENC_FLAGS
,
105 static const SSL_METHOD DTLSv1_method_data
= {
108 .version
= DTLS1_VERSION
,
109 .min_tls_version
= TLS1_1_VERSION
,
110 .max_tls_version
= TLS1_1_VERSION
,
111 .ssl_new
= dtls1_new
,
112 .ssl_clear
= dtls1_clear
,
113 .ssl_free
= dtls1_free
,
114 .ssl_accept
= ssl3_accept
,
115 .ssl_connect
= ssl3_connect
,
116 .ssl_shutdown
= ssl3_shutdown
,
117 .ssl_renegotiate
= ssl3_renegotiate
,
118 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
119 .ssl_pending
= ssl3_pending
,
120 .ssl_read_bytes
= dtls1_read_bytes
,
121 .ssl_write_bytes
= dtls1_write_app_data_bytes
,
122 .get_cipher
= dtls1_get_cipher
,
123 .enc_flags
= TLSV1_1_ENC_FLAGS
,
126 static const SSL_METHOD DTLSv1_client_method_data
= {
129 .version
= DTLS1_VERSION
,
130 .min_tls_version
= TLS1_1_VERSION
,
131 .max_tls_version
= TLS1_1_VERSION
,
132 .ssl_new
= dtls1_new
,
133 .ssl_clear
= dtls1_clear
,
134 .ssl_free
= dtls1_free
,
135 .ssl_accept
= ssl_undefined_function
,
136 .ssl_connect
= ssl3_connect
,
137 .ssl_shutdown
= ssl3_shutdown
,
138 .ssl_renegotiate
= ssl3_renegotiate
,
139 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
140 .ssl_pending
= ssl3_pending
,
141 .ssl_read_bytes
= dtls1_read_bytes
,
142 .ssl_write_bytes
= dtls1_write_app_data_bytes
,
143 .get_cipher
= dtls1_get_cipher
,
144 .enc_flags
= TLSV1_1_ENC_FLAGS
,
147 static const SSL_METHOD DTLSv1_2_method_data
= {
150 .version
= DTLS1_2_VERSION
,
151 .min_tls_version
= TLS1_2_VERSION
,
152 .max_tls_version
= TLS1_2_VERSION
,
153 .ssl_new
= dtls1_new
,
154 .ssl_clear
= dtls1_clear
,
155 .ssl_free
= dtls1_free
,
156 .ssl_accept
= ssl3_accept
,
157 .ssl_connect
= ssl3_connect
,
158 .ssl_shutdown
= ssl3_shutdown
,
159 .ssl_renegotiate
= ssl3_renegotiate
,
160 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
161 .ssl_pending
= ssl3_pending
,
162 .ssl_read_bytes
= dtls1_read_bytes
,
163 .ssl_write_bytes
= dtls1_write_app_data_bytes
,
164 .get_cipher
= dtls1_get_cipher
,
165 .enc_flags
= TLSV1_2_ENC_FLAGS
,
168 static const SSL_METHOD DTLSv1_2_client_method_data
= {
171 .version
= DTLS1_2_VERSION
,
172 .min_tls_version
= TLS1_2_VERSION
,
173 .max_tls_version
= TLS1_2_VERSION
,
174 .ssl_new
= dtls1_new
,
175 .ssl_clear
= dtls1_clear
,
176 .ssl_free
= dtls1_free
,
177 .ssl_accept
= ssl_undefined_function
,
178 .ssl_connect
= ssl3_connect
,
179 .ssl_shutdown
= ssl3_shutdown
,
180 .ssl_renegotiate
= ssl3_renegotiate
,
181 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
182 .ssl_pending
= ssl3_pending
,
183 .ssl_read_bytes
= dtls1_read_bytes
,
184 .ssl_write_bytes
= dtls1_write_app_data_bytes
,
185 .get_cipher
= dtls1_get_cipher
,
186 .enc_flags
= TLSV1_2_ENC_FLAGS
,
190 DTLSv1_client_method(void)
192 return &DTLSv1_client_method_data
;
198 return &DTLSv1_method_data
;
202 DTLSv1_server_method(void)
204 return &DTLSv1_method_data
;
208 DTLSv1_2_client_method(void)
210 return &DTLSv1_2_client_method_data
;
214 DTLSv1_2_method(void)
216 return &DTLSv1_2_method_data
;
220 DTLSv1_2_server_method(void)
222 return &DTLSv1_2_method_data
;
226 DTLS_client_method(void)
228 return &DTLS_client_method_data
;
234 return &DTLS_method_data
;
238 DTLS_server_method(void)
240 return &DTLS_method_data
;
243 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
244 static const SSL_METHOD TLS_method_data
= {
247 .version
= TLS1_3_VERSION
,
248 .min_tls_version
= TLS1_VERSION
,
249 .max_tls_version
= TLS1_3_VERSION
,
251 .ssl_clear
= tls1_clear
,
252 .ssl_free
= tls1_free
,
253 .ssl_accept
= tls13_legacy_accept
,
254 .ssl_connect
= tls13_legacy_connect
,
255 .ssl_shutdown
= tls13_legacy_shutdown
,
256 .ssl_renegotiate
= ssl_undefined_function
,
257 .ssl_renegotiate_check
= ssl_ok
,
258 .ssl_pending
= tls13_legacy_pending
,
259 .ssl_read_bytes
= tls13_legacy_read_bytes
,
260 .ssl_write_bytes
= tls13_legacy_write_bytes
,
261 .get_cipher
= ssl3_get_cipher
,
262 .enc_flags
= TLSV1_3_ENC_FLAGS
,
266 static const SSL_METHOD TLS_legacy_method_data
= {
269 .version
= TLS1_2_VERSION
,
270 .min_tls_version
= TLS1_VERSION
,
271 .max_tls_version
= TLS1_2_VERSION
,
273 .ssl_clear
= tls1_clear
,
274 .ssl_free
= tls1_free
,
275 .ssl_accept
= ssl3_accept
,
276 .ssl_connect
= ssl3_connect
,
277 .ssl_shutdown
= ssl3_shutdown
,
278 .ssl_renegotiate
= ssl_undefined_function
,
279 .ssl_renegotiate_check
= ssl_ok
,
280 .ssl_pending
= ssl3_pending
,
281 .ssl_read_bytes
= ssl3_read_bytes
,
282 .ssl_write_bytes
= ssl3_write_bytes
,
283 .get_cipher
= ssl3_get_cipher
,
284 .enc_flags
= TLSV1_2_ENC_FLAGS
,
287 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT)
288 static const SSL_METHOD TLS_client_method_data
= {
291 .version
= TLS1_3_VERSION
,
292 .min_tls_version
= TLS1_VERSION
,
293 .max_tls_version
= TLS1_3_VERSION
,
295 .ssl_clear
= tls1_clear
,
296 .ssl_free
= tls1_free
,
297 .ssl_accept
= tls13_legacy_accept
,
298 .ssl_connect
= tls13_legacy_connect
,
299 .ssl_shutdown
= tls13_legacy_shutdown
,
300 .ssl_renegotiate
= ssl_undefined_function
,
301 .ssl_renegotiate_check
= ssl_ok
,
302 .ssl_pending
= tls13_legacy_pending
,
303 .ssl_read_bytes
= tls13_legacy_read_bytes
,
304 .ssl_write_bytes
= tls13_legacy_write_bytes
,
305 .get_cipher
= ssl3_get_cipher
,
306 .enc_flags
= TLSV1_3_ENC_FLAGS
,
311 static const SSL_METHOD TLS_legacy_client_method_data
= {
314 .version
= TLS1_2_VERSION
,
315 .min_tls_version
= TLS1_VERSION
,
316 .max_tls_version
= TLS1_2_VERSION
,
318 .ssl_clear
= tls1_clear
,
319 .ssl_free
= tls1_free
,
320 .ssl_accept
= ssl3_accept
,
321 .ssl_connect
= ssl3_connect
,
322 .ssl_shutdown
= ssl3_shutdown
,
323 .ssl_renegotiate
= ssl_undefined_function
,
324 .ssl_renegotiate_check
= ssl_ok
,
325 .ssl_pending
= ssl3_pending
,
326 .ssl_read_bytes
= ssl3_read_bytes
,
327 .ssl_write_bytes
= ssl3_write_bytes
,
328 .get_cipher
= ssl3_get_cipher
,
329 .enc_flags
= TLSV1_2_ENC_FLAGS
,
333 static const SSL_METHOD TLSv1_method_data
= {
336 .version
= TLS1_VERSION
,
337 .min_tls_version
= TLS1_VERSION
,
338 .max_tls_version
= TLS1_VERSION
,
340 .ssl_clear
= tls1_clear
,
341 .ssl_free
= tls1_free
,
342 .ssl_accept
= ssl3_accept
,
343 .ssl_connect
= ssl3_connect
,
344 .ssl_shutdown
= ssl3_shutdown
,
345 .ssl_renegotiate
= ssl3_renegotiate
,
346 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
347 .ssl_pending
= ssl3_pending
,
348 .ssl_read_bytes
= ssl3_read_bytes
,
349 .ssl_write_bytes
= ssl3_write_bytes
,
350 .get_cipher
= ssl3_get_cipher
,
351 .enc_flags
= TLSV1_ENC_FLAGS
,
354 static const SSL_METHOD TLSv1_client_method_data
= {
357 .version
= TLS1_VERSION
,
358 .min_tls_version
= TLS1_VERSION
,
359 .max_tls_version
= TLS1_VERSION
,
361 .ssl_clear
= tls1_clear
,
362 .ssl_free
= tls1_free
,
363 .ssl_accept
= ssl_undefined_function
,
364 .ssl_connect
= ssl3_connect
,
365 .ssl_shutdown
= ssl3_shutdown
,
366 .ssl_renegotiate
= ssl3_renegotiate
,
367 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
368 .ssl_pending
= ssl3_pending
,
369 .ssl_read_bytes
= ssl3_read_bytes
,
370 .ssl_write_bytes
= ssl3_write_bytes
,
371 .get_cipher
= ssl3_get_cipher
,
372 .enc_flags
= TLSV1_ENC_FLAGS
,
375 static const SSL_METHOD TLSv1_1_method_data
= {
378 .version
= TLS1_1_VERSION
,
379 .min_tls_version
= TLS1_1_VERSION
,
380 .max_tls_version
= TLS1_1_VERSION
,
382 .ssl_clear
= tls1_clear
,
383 .ssl_free
= tls1_free
,
384 .ssl_accept
= ssl3_accept
,
385 .ssl_connect
= ssl3_connect
,
386 .ssl_shutdown
= ssl3_shutdown
,
387 .ssl_renegotiate
= ssl3_renegotiate
,
388 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
389 .ssl_pending
= ssl3_pending
,
390 .ssl_read_bytes
= ssl3_read_bytes
,
391 .ssl_write_bytes
= ssl3_write_bytes
,
392 .get_cipher
= ssl3_get_cipher
,
393 .enc_flags
= TLSV1_1_ENC_FLAGS
,
396 static const SSL_METHOD TLSv1_1_client_method_data
= {
399 .version
= TLS1_1_VERSION
,
400 .min_tls_version
= TLS1_1_VERSION
,
401 .max_tls_version
= TLS1_1_VERSION
,
403 .ssl_clear
= tls1_clear
,
404 .ssl_free
= tls1_free
,
405 .ssl_accept
= ssl_undefined_function
,
406 .ssl_connect
= ssl3_connect
,
407 .ssl_shutdown
= ssl3_shutdown
,
408 .ssl_renegotiate
= ssl3_renegotiate
,
409 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
410 .ssl_pending
= ssl3_pending
,
411 .ssl_read_bytes
= ssl3_read_bytes
,
412 .ssl_write_bytes
= ssl3_write_bytes
,
413 .get_cipher
= ssl3_get_cipher
,
414 .enc_flags
= TLSV1_1_ENC_FLAGS
,
417 static const SSL_METHOD TLSv1_2_method_data
= {
420 .version
= TLS1_2_VERSION
,
421 .min_tls_version
= TLS1_2_VERSION
,
422 .max_tls_version
= TLS1_2_VERSION
,
424 .ssl_clear
= tls1_clear
,
425 .ssl_free
= tls1_free
,
426 .ssl_accept
= ssl3_accept
,
427 .ssl_connect
= ssl3_connect
,
428 .ssl_shutdown
= ssl3_shutdown
,
429 .ssl_renegotiate
= ssl3_renegotiate
,
430 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
431 .ssl_pending
= ssl3_pending
,
432 .ssl_read_bytes
= ssl3_read_bytes
,
433 .ssl_write_bytes
= ssl3_write_bytes
,
434 .get_cipher
= ssl3_get_cipher
,
435 .enc_flags
= TLSV1_2_ENC_FLAGS
,
438 static const SSL_METHOD TLSv1_2_client_method_data
= {
441 .version
= TLS1_2_VERSION
,
442 .min_tls_version
= TLS1_2_VERSION
,
443 .max_tls_version
= TLS1_2_VERSION
,
445 .ssl_clear
= tls1_clear
,
446 .ssl_free
= tls1_free
,
447 .ssl_accept
= ssl_undefined_function
,
448 .ssl_connect
= ssl3_connect
,
449 .ssl_shutdown
= ssl3_shutdown
,
450 .ssl_renegotiate
= ssl3_renegotiate
,
451 .ssl_renegotiate_check
= ssl3_renegotiate_check
,
452 .ssl_pending
= ssl3_pending
,
453 .ssl_read_bytes
= ssl3_read_bytes
,
454 .ssl_write_bytes
= ssl3_write_bytes
,
455 .get_cipher
= ssl3_get_cipher
,
456 .enc_flags
= TLSV1_2_ENC_FLAGS
,
460 TLS_client_method(void)
462 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT)
463 return (&TLS_client_method_data
);
465 return (&TLS_legacy_client_method_data
);
472 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
473 return (&TLS_method_data
);
475 return tls_legacy_method();
480 TLS_server_method(void)
486 tls_legacy_method(void)
488 return (&TLS_legacy_method_data
);
492 SSLv23_client_method(void)
494 return TLS_client_method();
504 SSLv23_server_method(void)
510 TLSv1_client_method(void)
512 return (&TLSv1_client_method_data
);
518 return (&TLSv1_method_data
);
522 TLSv1_server_method(void)
524 return (&TLSv1_method_data
);
528 TLSv1_1_client_method(void)
530 return (&TLSv1_1_client_method_data
);
536 return (&TLSv1_1_method_data
);
540 TLSv1_1_server_method(void)
542 return (&TLSv1_1_method_data
);
546 TLSv1_2_client_method(void)
548 return (&TLSv1_2_client_method_data
);
554 return (&TLSv1_2_method_data
);
558 TLSv1_2_server_method(void)
560 return (&TLSv1_2_method_data
);
564 ssl_get_method(uint16_t version
)
566 if (version
== TLS1_3_VERSION
)
567 return (TLS_method());
568 if (version
== TLS1_2_VERSION
)
569 return (TLSv1_2_method());
570 if (version
== TLS1_1_VERSION
)
571 return (TLSv1_1_method());
572 if (version
== TLS1_VERSION
)
573 return (TLSv1_method());
574 if (version
== DTLS1_VERSION
)
575 return (DTLSv1_method());
576 if (version
== DTLS1_2_VERSION
)
577 return (DTLSv1_2_method());