summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/ssl_clnt.c4
-rw-r--r--src/lib/libssl/ssl_lib.c4
-rw-r--r--src/lib/libssl/ssl_locl.h8
-rw-r--r--src/lib/libssl/ssl_methods.c473
-rw-r--r--src/lib/libssl/ssl_sess.c4
-rw-r--r--src/lib/libssl/ssl_srvr.c4
-rw-r--r--src/lib/libssl/tls13_legacy.c18
7 files changed, 73 insertions, 442 deletions
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
index 3d11aaaf36..88b82c4400 100644
--- a/src/lib/libssl/ssl_clnt.c
+++ b/src/lib/libssl/ssl_clnt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_clnt.c,v 1.74 2020/10/03 18:01:55 jsing Exp $ */ 1/* $OpenBSD: ssl_clnt.c,v 1.75 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -911,7 +911,7 @@ ssl3_get_server_hello(SSL *s)
911 } 911 }
912 s->version = server_version; 912 s->version = server_version;
913 913
914 if ((method = ssl_get_client_method(server_version)) == NULL) { 914 if ((method = ssl_get_method(server_version)) == NULL) {
915 SSLerror(s, ERR_R_INTERNAL_ERROR); 915 SSLerror(s, ERR_R_INTERNAL_ERROR);
916 goto err; 916 goto err;
917 } 917 }
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 6e375e1c09..b306137c14 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_lib.c,v 1.234 2020/09/24 18:12:00 jsing Exp $ */ 1/* $OpenBSD: ssl_lib.c,v 1.235 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -345,7 +345,7 @@ SSL_new(SSL_CTX *ctx)
345 goto err; 345 goto err;
346 346
347 s->references = 1; 347 s->references = 1;
348 s->server = (ctx->method->internal->ssl_accept == ssl_undefined_function) ? 0 : 1; 348 s->server = 0;
349 349
350 SSL_clear(s); 350 SSL_clear(s);
351 351
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index e47f6191c2..e341e9eda2 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.301 2020/10/11 01:16:31 guenther Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.302 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1121,11 +1121,7 @@ int ssl_cipher_allowed_in_version_range(const SSL_CIPHER *cipher,
1121 uint16_t min_ver, uint16_t max_ver); 1121 uint16_t min_ver, uint16_t max_ver);
1122 1122
1123const SSL_METHOD *tls_legacy_method(void); 1123const SSL_METHOD *tls_legacy_method(void);
1124const SSL_METHOD *tls_legacy_client_method(void); 1124const SSL_METHOD *ssl_get_method(uint16_t version);
1125const SSL_METHOD *tls_legacy_server_method(void);
1126
1127const SSL_METHOD *ssl_get_client_method(uint16_t version);
1128const SSL_METHOD *ssl_get_server_method(uint16_t version);
1129 1125
1130extern SSL3_ENC_METHOD TLSv1_enc_data; 1126extern SSL3_ENC_METHOD TLSv1_enc_data;
1131extern SSL3_ENC_METHOD TLSv1_1_enc_data; 1127extern SSL3_ENC_METHOD TLSv1_1_enc_data;
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index ddfb8dfdba..23c7e97b57 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_methods.c,v 1.17 2020/10/03 17:54:27 jsing Exp $ */ 1/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -59,45 +59,6 @@
59#include "ssl_locl.h" 59#include "ssl_locl.h"
60#include "tls13_internal.h" 60#include "tls13_internal.h"
61 61
62static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
63 .version = DTLS1_VERSION,
64 .min_version = DTLS1_VERSION,
65 .max_version = DTLS1_VERSION,
66 .ssl_new = dtls1_new,
67 .ssl_clear = dtls1_clear,
68 .ssl_free = dtls1_free,
69 .ssl_accept = ssl_undefined_function,
70 .ssl_connect = ssl3_connect,
71 .ssl_shutdown = ssl3_shutdown,
72 .ssl_renegotiate = ssl3_renegotiate,
73 .ssl_renegotiate_check = ssl3_renegotiate_check,
74 .ssl_pending = ssl3_pending,
75 .ssl_read_bytes = dtls1_read_bytes,
76 .ssl_write_bytes = dtls1_write_app_data_bytes,
77 .ssl3_enc = &TLSv1_1_enc_data,
78};
79
80static const SSL_METHOD DTLSv1_client_method_data = {
81 .ssl_dispatch_alert = dtls1_dispatch_alert,
82 .num_ciphers = ssl3_num_ciphers,
83 .get_cipher = dtls1_get_cipher,
84 .get_cipher_by_char = ssl3_get_cipher_by_char,
85 .put_cipher_by_char = ssl3_put_cipher_by_char,
86 .internal = &DTLSv1_client_method_internal_data,
87};
88
89const SSL_METHOD *
90DTLSv1_client_method(void)
91{
92 return &DTLSv1_client_method_data;
93}
94
95const SSL_METHOD *
96DTLS_client_method(void)
97{
98 return DTLSv1_client_method();
99}
100
101static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = { 62static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
102 .version = DTLS1_VERSION, 63 .version = DTLS1_VERSION,
103 .min_version = DTLS1_VERSION, 64 .min_version = DTLS1_VERSION,
@@ -126,231 +87,39 @@ static const SSL_METHOD DTLSv1_method_data = {
126}; 87};
127 88
128const SSL_METHOD * 89const SSL_METHOD *
129DTLSv1_method(void) 90DTLSv1_client_method(void)
130{ 91{
131 return &DTLSv1_method_data; 92 return &DTLSv1_method_data;
132} 93}
133 94
134const SSL_METHOD * 95const SSL_METHOD *
135DTLS_method(void) 96DTLSv1_method(void)
136{ 97{
137 return DTLSv1_method(); 98 return &DTLSv1_method_data;
138} 99}
139 100
140static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
141 .version = DTLS1_VERSION,
142 .min_version = DTLS1_VERSION,
143 .max_version = DTLS1_VERSION,
144 .ssl_new = dtls1_new,
145 .ssl_clear = dtls1_clear,
146 .ssl_free = dtls1_free,
147 .ssl_accept = ssl3_accept,
148 .ssl_connect = ssl_undefined_function,
149 .ssl_shutdown = ssl3_shutdown,
150 .ssl_renegotiate = ssl3_renegotiate,
151 .ssl_renegotiate_check = ssl3_renegotiate_check,
152 .ssl_pending = ssl3_pending,
153 .ssl_read_bytes = dtls1_read_bytes,
154 .ssl_write_bytes = dtls1_write_app_data_bytes,
155 .ssl3_enc = &TLSv1_1_enc_data,
156};
157
158static const SSL_METHOD DTLSv1_server_method_data = {
159 .ssl_dispatch_alert = dtls1_dispatch_alert,
160 .num_ciphers = ssl3_num_ciphers,
161 .get_cipher = dtls1_get_cipher,
162 .get_cipher_by_char = ssl3_get_cipher_by_char,
163 .put_cipher_by_char = ssl3_put_cipher_by_char,
164 .internal = &DTLSv1_server_method_internal_data,
165};
166
167const SSL_METHOD * 101const SSL_METHOD *
168DTLSv1_server_method(void) 102DTLSv1_server_method(void)
169{ 103{
170 return &DTLSv1_server_method_data; 104 return &DTLSv1_method_data;
171}
172
173const SSL_METHOD *
174DTLS_server_method(void)
175{
176 return DTLSv1_server_method();
177}
178
179#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
180static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
181 .version = TLS1_3_VERSION,
182 .min_version = TLS1_VERSION,
183 .max_version = TLS1_3_VERSION,
184 .ssl_new = tls1_new,
185 .ssl_clear = tls1_clear,
186 .ssl_free = tls1_free,
187 .ssl_accept = ssl_undefined_function,
188 .ssl_connect = tls13_legacy_connect,
189 .ssl_shutdown = tls13_legacy_shutdown,
190 .ssl_renegotiate = ssl_undefined_function,
191 .ssl_renegotiate_check = ssl_ok,
192 .ssl_pending = tls13_legacy_pending,
193 .ssl_read_bytes = tls13_legacy_read_bytes,
194 .ssl_write_bytes = tls13_legacy_write_bytes,
195 .ssl3_enc = &TLSv1_3_enc_data,
196};
197
198static const SSL_METHOD TLS_client_method_data = {
199 .ssl_dispatch_alert = ssl3_dispatch_alert,
200 .num_ciphers = ssl3_num_ciphers,
201 .get_cipher = ssl3_get_cipher,
202 .get_cipher_by_char = ssl3_get_cipher_by_char,
203 .put_cipher_by_char = ssl3_put_cipher_by_char,
204 .internal = &TLS_client_method_internal_data,
205};
206#endif
207
208static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
209 .version = TLS1_2_VERSION,
210 .min_version = TLS1_VERSION,
211 .max_version = TLS1_2_VERSION,
212 .ssl_new = tls1_new,
213 .ssl_clear = tls1_clear,
214 .ssl_free = tls1_free,
215 .ssl_accept = ssl_undefined_function,
216 .ssl_connect = ssl3_connect,
217 .ssl_shutdown = ssl3_shutdown,
218 .ssl_renegotiate = ssl_undefined_function,
219 .ssl_renegotiate_check = ssl_ok,
220 .ssl_pending = ssl3_pending,
221 .ssl_read_bytes = ssl3_read_bytes,
222 .ssl_write_bytes = ssl3_write_bytes,
223 .ssl3_enc = &TLSv1_2_enc_data,
224};
225
226static const SSL_METHOD TLS_legacy_client_method_data = {
227 .ssl_dispatch_alert = ssl3_dispatch_alert,
228 .num_ciphers = ssl3_num_ciphers,
229 .get_cipher = ssl3_get_cipher,
230 .get_cipher_by_char = ssl3_get_cipher_by_char,
231 .put_cipher_by_char = ssl3_put_cipher_by_char,
232 .internal = &TLS_legacy_client_method_internal_data,
233};
234
235static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
236 .version = TLS1_VERSION,
237 .min_version = TLS1_VERSION,
238 .max_version = TLS1_VERSION,
239 .ssl_new = tls1_new,
240 .ssl_clear = tls1_clear,
241 .ssl_free = tls1_free,
242 .ssl_accept = ssl_undefined_function,
243 .ssl_connect = ssl3_connect,
244 .ssl_shutdown = ssl3_shutdown,
245 .ssl_renegotiate = ssl3_renegotiate,
246 .ssl_renegotiate_check = ssl3_renegotiate_check,
247 .ssl_pending = ssl3_pending,
248 .ssl_read_bytes = ssl3_read_bytes,
249 .ssl_write_bytes = ssl3_write_bytes,
250 .ssl3_enc = &TLSv1_enc_data,
251};
252
253static const SSL_METHOD TLSv1_client_method_data = {
254 .ssl_dispatch_alert = ssl3_dispatch_alert,
255 .num_ciphers = ssl3_num_ciphers,
256 .get_cipher = ssl3_get_cipher,
257 .get_cipher_by_char = ssl3_get_cipher_by_char,
258 .put_cipher_by_char = ssl3_put_cipher_by_char,
259 .internal = &TLSv1_client_method_internal_data,
260};
261
262static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
263 .version = TLS1_1_VERSION,
264 .min_version = TLS1_1_VERSION,
265 .max_version = TLS1_1_VERSION,
266 .ssl_new = tls1_new,
267 .ssl_clear = tls1_clear,
268 .ssl_free = tls1_free,
269 .ssl_accept = ssl_undefined_function,
270 .ssl_connect = ssl3_connect,
271 .ssl_shutdown = ssl3_shutdown,
272 .ssl_renegotiate = ssl3_renegotiate,
273 .ssl_renegotiate_check = ssl3_renegotiate_check,
274 .ssl_pending = ssl3_pending,
275 .ssl_read_bytes = ssl3_read_bytes,
276 .ssl_write_bytes = ssl3_write_bytes,
277 .ssl3_enc = &TLSv1_1_enc_data,
278};
279
280static const SSL_METHOD TLSv1_1_client_method_data = {
281 .ssl_dispatch_alert = ssl3_dispatch_alert,
282 .num_ciphers = ssl3_num_ciphers,
283 .get_cipher = ssl3_get_cipher,
284 .get_cipher_by_char = ssl3_get_cipher_by_char,
285 .put_cipher_by_char = ssl3_put_cipher_by_char,
286 .internal = &TLSv1_1_client_method_internal_data,
287};
288
289static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
290 .version = TLS1_2_VERSION,
291 .min_version = TLS1_2_VERSION,
292 .max_version = TLS1_2_VERSION,
293 .ssl_new = tls1_new,
294 .ssl_clear = tls1_clear,
295 .ssl_free = tls1_free,
296 .ssl_accept = ssl_undefined_function,
297 .ssl_connect = ssl3_connect,
298 .ssl_shutdown = ssl3_shutdown,
299 .ssl_renegotiate = ssl3_renegotiate,
300 .ssl_renegotiate_check = ssl3_renegotiate_check,
301 .ssl_pending = ssl3_pending,
302 .ssl_read_bytes = ssl3_read_bytes,
303 .ssl_write_bytes = ssl3_write_bytes,
304 .ssl3_enc = &TLSv1_2_enc_data,
305};
306
307static const SSL_METHOD TLSv1_2_client_method_data = {
308 .ssl_dispatch_alert = ssl3_dispatch_alert,
309 .num_ciphers = ssl3_num_ciphers,
310 .get_cipher = ssl3_get_cipher,
311 .get_cipher_by_char = ssl3_get_cipher_by_char,
312 .put_cipher_by_char = ssl3_put_cipher_by_char,
313 .internal = &TLSv1_2_client_method_internal_data,
314};
315
316const SSL_METHOD *
317SSLv23_client_method(void)
318{
319 return (TLS_client_method());
320}
321
322const SSL_METHOD *
323TLS_client_method(void)
324{
325#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
326 return (&TLS_client_method_data);
327#else
328 return tls_legacy_client_method();
329#endif
330}
331
332const SSL_METHOD *
333tls_legacy_client_method(void)
334{
335 return (&TLS_legacy_client_method_data);
336} 105}
337 106
338const SSL_METHOD * 107const SSL_METHOD *
339TLSv1_client_method(void) 108DTLS_client_method(void)
340{ 109{
341 return (&TLSv1_client_method_data); 110 return DTLSv1_method();
342} 111}
343 112
344const SSL_METHOD * 113const SSL_METHOD *
345TLSv1_1_client_method(void) 114DTLS_method(void)
346{ 115{
347 return (&TLSv1_1_client_method_data); 116 return DTLSv1_method();
348} 117}
349 118
350const SSL_METHOD * 119const SSL_METHOD *
351TLSv1_2_client_method(void) 120DTLS_server_method(void)
352{ 121{
353 return (&TLSv1_2_client_method_data); 122 return DTLSv1_method();
354} 123}
355 124
356#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER) 125#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -491,9 +260,9 @@ static const SSL_METHOD TLSv1_2_method_data = {
491}; 260};
492 261
493const SSL_METHOD * 262const SSL_METHOD *
494SSLv23_method(void) 263TLS_client_method(void)
495{ 264{
496 return (TLS_method()); 265 return TLS_method();
497} 266}
498 267
499const SSL_METHOD * 268const SSL_METHOD *
@@ -507,236 +276,102 @@ TLS_method(void)
507} 276}
508 277
509const SSL_METHOD * 278const SSL_METHOD *
279TLS_server_method(void)
280{
281 return TLS_method();
282}
283
284const SSL_METHOD *
510tls_legacy_method(void) 285tls_legacy_method(void)
511{ 286{
512 return (&TLS_legacy_method_data); 287 return (&TLS_legacy_method_data);
513} 288}
514 289
515const SSL_METHOD * 290const SSL_METHOD *
516TLSv1_method(void) 291SSLv23_client_method(void)
517{ 292{
518 return (&TLSv1_method_data); 293 return TLS_method();
519} 294}
520 295
521const SSL_METHOD * 296const SSL_METHOD *
522TLSv1_1_method(void) 297SSLv23_method(void)
523{ 298{
524 return (&TLSv1_1_method_data); 299 return TLS_method();
525} 300}
526 301
527const SSL_METHOD * 302const SSL_METHOD *
528TLSv1_2_method(void) 303SSLv23_server_method(void)
529{ 304{
530 return (&TLSv1_2_method_data); 305 return TLS_method();
531} 306}
532 307
533#ifdef LIBRESSL_HAS_TLS1_3_SERVER 308const SSL_METHOD *
534static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = { 309TLSv1_client_method(void)
535 .version = TLS1_3_VERSION, 310{
536 .min_version = TLS1_VERSION, 311 return (&TLSv1_method_data);
537 .max_version = TLS1_3_VERSION, 312}
538 .ssl_new = tls1_new,
539 .ssl_clear = tls1_clear,
540 .ssl_free = tls1_free,
541 .ssl_accept = tls13_legacy_accept,
542 .ssl_connect = ssl_undefined_function,
543 .ssl_shutdown = tls13_legacy_shutdown,
544 .ssl_renegotiate = ssl_undefined_function,
545 .ssl_renegotiate_check = ssl_ok,
546 .ssl_pending = tls13_legacy_pending,
547 .ssl_read_bytes = tls13_legacy_read_bytes,
548 .ssl_write_bytes = tls13_legacy_write_bytes,
549 .ssl3_enc = &TLSv1_3_enc_data,
550};
551
552static const SSL_METHOD TLS_server_method_data = {
553 .ssl_dispatch_alert = ssl3_dispatch_alert,
554 .num_ciphers = ssl3_num_ciphers,
555 .get_cipher = ssl3_get_cipher,
556 .get_cipher_by_char = ssl3_get_cipher_by_char,
557 .put_cipher_by_char = ssl3_put_cipher_by_char,
558 .internal = &TLS_server_method_internal_data,
559};
560#endif
561
562static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
563 .version = TLS1_2_VERSION,
564 .min_version = TLS1_VERSION,
565 .max_version = TLS1_2_VERSION,
566 .ssl_new = tls1_new,
567 .ssl_clear = tls1_clear,
568 .ssl_free = tls1_free,
569 .ssl_accept = ssl3_accept,
570 .ssl_connect = ssl_undefined_function,
571 .ssl_shutdown = ssl3_shutdown,
572 .ssl_renegotiate = ssl_undefined_function,
573 .ssl_renegotiate_check = ssl_ok,
574 .ssl_pending = ssl3_pending,
575 .ssl_read_bytes = ssl3_read_bytes,
576 .ssl_write_bytes = ssl3_write_bytes,
577 .ssl3_enc = &TLSv1_2_enc_data,
578};
579
580static const SSL_METHOD TLS_legacy_server_method_data = {
581 .ssl_dispatch_alert = ssl3_dispatch_alert,
582 .num_ciphers = ssl3_num_ciphers,
583 .get_cipher = ssl3_get_cipher,
584 .get_cipher_by_char = ssl3_get_cipher_by_char,
585 .put_cipher_by_char = ssl3_put_cipher_by_char,
586 .internal = &TLS_legacy_server_method_internal_data,
587};
588
589static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
590 .version = TLS1_VERSION,
591 .min_version = TLS1_VERSION,
592 .max_version = TLS1_VERSION,
593 .ssl_new = tls1_new,
594 .ssl_clear = tls1_clear,
595 .ssl_free = tls1_free,
596 .ssl_accept = ssl3_accept,
597 .ssl_connect = ssl_undefined_function,
598 .ssl_shutdown = ssl3_shutdown,
599 .ssl_renegotiate = ssl3_renegotiate,
600 .ssl_renegotiate_check = ssl3_renegotiate_check,
601 .ssl_pending = ssl3_pending,
602 .ssl_read_bytes = ssl3_read_bytes,
603 .ssl_write_bytes = ssl3_write_bytes,
604 .ssl3_enc = &TLSv1_enc_data,
605};
606
607static const SSL_METHOD TLSv1_server_method_data = {
608 .ssl_dispatch_alert = ssl3_dispatch_alert,
609 .num_ciphers = ssl3_num_ciphers,
610 .get_cipher = ssl3_get_cipher,
611 .get_cipher_by_char = ssl3_get_cipher_by_char,
612 .put_cipher_by_char = ssl3_put_cipher_by_char,
613 .internal = &TLSv1_server_method_internal_data,
614};
615
616static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
617 .version = TLS1_1_VERSION,
618 .min_version = TLS1_1_VERSION,
619 .max_version = TLS1_1_VERSION,
620 .ssl_new = tls1_new,
621 .ssl_clear = tls1_clear,
622 .ssl_free = tls1_free,
623 .ssl_accept = ssl3_accept,
624 .ssl_connect = ssl_undefined_function,
625 .ssl_shutdown = ssl3_shutdown,
626 .ssl_renegotiate = ssl3_renegotiate,
627 .ssl_renegotiate_check = ssl3_renegotiate_check,
628 .ssl_pending = ssl3_pending,
629 .ssl_read_bytes = ssl3_read_bytes,
630 .ssl_write_bytes = ssl3_write_bytes,
631 .ssl3_enc = &TLSv1_1_enc_data,
632};
633
634static const SSL_METHOD TLSv1_1_server_method_data = {
635 .ssl_dispatch_alert = ssl3_dispatch_alert,
636 .num_ciphers = ssl3_num_ciphers,
637 .get_cipher = ssl3_get_cipher,
638 .get_cipher_by_char = ssl3_get_cipher_by_char,
639 .put_cipher_by_char = ssl3_put_cipher_by_char,
640 .internal = &TLSv1_1_server_method_internal_data,
641};
642
643static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
644 .version = TLS1_2_VERSION,
645 .min_version = TLS1_2_VERSION,
646 .max_version = TLS1_2_VERSION,
647 .ssl_new = tls1_new,
648 .ssl_clear = tls1_clear,
649 .ssl_free = tls1_free,
650 .ssl_accept = ssl3_accept,
651 .ssl_connect = ssl_undefined_function,
652 .ssl_shutdown = ssl3_shutdown,
653 .ssl_renegotiate = ssl3_renegotiate,
654 .ssl_renegotiate_check = ssl3_renegotiate_check,
655 .ssl_pending = ssl3_pending,
656 .ssl_read_bytes = ssl3_read_bytes,
657 .ssl_write_bytes = ssl3_write_bytes,
658 .ssl3_enc = &TLSv1_2_enc_data,
659};
660
661static const SSL_METHOD TLSv1_2_server_method_data = {
662 .ssl_dispatch_alert = ssl3_dispatch_alert,
663 .num_ciphers = ssl3_num_ciphers,
664 .get_cipher = ssl3_get_cipher,
665 .get_cipher_by_char = ssl3_get_cipher_by_char,
666 .put_cipher_by_char = ssl3_put_cipher_by_char,
667 .internal = &TLSv1_2_server_method_internal_data,
668};
669 313
670const SSL_METHOD * 314const SSL_METHOD *
671SSLv23_server_method(void) 315TLSv1_method(void)
672{ 316{
673 return (TLS_server_method()); 317 return (&TLSv1_method_data);
674} 318}
675 319
676const SSL_METHOD * 320const SSL_METHOD *
677TLS_server_method(void) 321TLSv1_server_method(void)
678{ 322{
679#ifdef LIBRESSL_HAS_TLS1_3_SERVER 323 return (&TLSv1_method_data);
680 return (&TLS_server_method_data);
681#else
682 return tls_legacy_server_method();
683#endif
684} 324}
685 325
686const SSL_METHOD * 326const SSL_METHOD *
687tls_legacy_server_method(void) 327TLSv1_1_client_method(void)
688{ 328{
689 return (&TLS_legacy_server_method_data); 329 return (&TLSv1_1_method_data);
690} 330}
691 331
692const SSL_METHOD * 332const SSL_METHOD *
693TLSv1_server_method(void) 333TLSv1_1_method(void)
694{ 334{
695 return (&TLSv1_server_method_data); 335 return (&TLSv1_1_method_data);
696} 336}
697 337
698const SSL_METHOD * 338const SSL_METHOD *
699TLSv1_1_server_method(void) 339TLSv1_1_server_method(void)
700{ 340{
701 return (&TLSv1_1_server_method_data); 341 return (&TLSv1_1_method_data);
702} 342}
703 343
704const SSL_METHOD * 344const SSL_METHOD *
705TLSv1_2_server_method(void) 345TLSv1_2_client_method(void)
706{ 346{
707 return (&TLSv1_2_server_method_data); 347 return (&TLSv1_2_method_data);
708} 348}
709 349
710const SSL_METHOD * 350const SSL_METHOD *
711ssl_get_client_method(uint16_t version) 351TLSv1_2_method(void)
712{ 352{
713 if (version == TLS1_3_VERSION) 353 return (&TLSv1_2_method_data);
714 return (TLS_client_method()); 354}
715 if (version == TLS1_2_VERSION)
716 return (TLSv1_2_client_method());
717 if (version == TLS1_1_VERSION)
718 return (TLSv1_1_client_method());
719 if (version == TLS1_VERSION)
720 return (TLSv1_client_method());
721 if (version == DTLS1_VERSION)
722 return (DTLSv1_client_method());
723 355
724 return (NULL); 356const SSL_METHOD *
357TLSv1_2_server_method(void)
358{
359 return (&TLSv1_2_method_data);
725} 360}
726 361
727const SSL_METHOD * 362const SSL_METHOD *
728ssl_get_server_method(uint16_t version) 363ssl_get_method(uint16_t version)
729{ 364{
730 if (version == TLS1_3_VERSION) 365 if (version == TLS1_3_VERSION)
731 return (TLS_server_method()); 366 return (TLS_method());
732 if (version == TLS1_2_VERSION) 367 if (version == TLS1_2_VERSION)
733 return (TLSv1_2_server_method()); 368 return (TLSv1_2_method());
734 if (version == TLS1_1_VERSION) 369 if (version == TLS1_1_VERSION)
735 return (TLSv1_1_server_method()); 370 return (TLSv1_1_method());
736 if (version == TLS1_VERSION) 371 if (version == TLS1_VERSION)
737 return (TLSv1_server_method()); 372 return (TLSv1_method());
738 if (version == DTLS1_VERSION) 373 if (version == DTLS1_VERSION)
739 return (DTLSv1_server_method()); 374 return (DTLSv1_method());
740 375
741 return (NULL); 376 return (NULL);
742} 377}
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index d805419de4..be5cbbeec6 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_sess.c,v 1.100 2020/09/19 09:56:35 tb Exp $ */ 1/* $OpenBSD: ssl_sess.c,v 1.101 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -797,7 +797,7 @@ SSL_set_session(SSL *s, SSL_SESSION *session)
797 return SSL_set_ssl_method(s, s->ctx->method); 797 return SSL_set_ssl_method(s, s->ctx->method);
798 } 798 }
799 799
800 if ((method = ssl_get_client_method(session->ssl_version)) == NULL) { 800 if ((method = ssl_get_method(session->ssl_version)) == NULL) {
801 SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD); 801 SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
802 return (0); 802 return (0);
803 } 803 }
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
index 1e92640835..3b848f4b40 100644
--- a/src/lib/libssl/ssl_srvr.c
+++ b/src/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_srvr.c,v 1.86 2020/10/03 18:01:55 jsing Exp $ */ 1/* $OpenBSD: ssl_srvr.c,v 1.87 2020/10/11 02:22:27 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -868,7 +868,7 @@ ssl3_get_client_hello(SSL *s)
868 s->client_version = client_version; 868 s->client_version = client_version;
869 s->version = shared_version; 869 s->version = shared_version;
870 870
871 if ((method = ssl_get_server_method(shared_version)) == NULL) { 871 if ((method = ssl_get_method(shared_version)) == NULL) {
872 SSLerror(s, ERR_R_INTERNAL_ERROR); 872 SSLerror(s, ERR_R_INTERNAL_ERROR);
873 goto err; 873 goto err;
874 } 874 }
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index e9e17293e1..943e2db9a1 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_legacy.c,v 1.15 2020/10/07 10:14:45 tb Exp $ */ 1/* $OpenBSD: tls13_legacy.c,v 1.16 2020/10/11 02:22:27 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -302,6 +302,8 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
302 302
303 memset(&cbb, 0, sizeof(cbb)); 303 memset(&cbb, 0, sizeof(cbb));
304 304
305 s->method = tls_legacy_method();
306
305 if (!ssl3_setup_init_buffer(s)) 307 if (!ssl3_setup_init_buffer(s))
306 goto err; 308 goto err;
307 if (!ssl3_setup_buffers(s)) 309 if (!ssl3_setup_buffers(s))
@@ -359,13 +361,12 @@ tls13_use_legacy_client(struct tls13_ctx *ctx)
359{ 361{
360 SSL *s = ctx->ssl; 362 SSL *s = ctx->ssl;
361 363
362 s->method = tls_legacy_client_method();
363 s->internal->handshake_func = s->method->internal->ssl_connect;
364 s->client_version = s->version = s->method->internal->max_version;
365
366 if (!tls13_use_legacy_stack(ctx)) 364 if (!tls13_use_legacy_stack(ctx))
367 return 0; 365 return 0;
368 366
367 s->internal->handshake_func = s->method->internal->ssl_connect;
368 s->client_version = s->version = s->method->internal->max_version;
369
369 S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A; 370 S3I(s)->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
370 371
371 return 1; 372 return 1;
@@ -376,14 +377,13 @@ tls13_use_legacy_server(struct tls13_ctx *ctx)
376{ 377{
377 SSL *s = ctx->ssl; 378 SSL *s = ctx->ssl;
378 379
379 s->method = tls_legacy_server_method(); 380 if (!tls13_use_legacy_stack(ctx))
381 return 0;
382
380 s->internal->handshake_func = s->method->internal->ssl_accept; 383 s->internal->handshake_func = s->method->internal->ssl_accept;
381 s->client_version = s->version = s->method->internal->max_version; 384 s->client_version = s->version = s->method->internal->max_version;
382 s->server = 1; 385 s->server = 1;
383 386
384 if (!tls13_use_legacy_stack(ctx))
385 return 0;
386
387 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A; 387 S3I(s)->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
388 388
389 return 1; 389 return 1;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 14:16:42 +0000