1 files changed, 54 insertions, 419 deletions
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index ddfb8dfdba..23c7e97b57 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.17 2020/10/03 17:54:27 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -59,45 +59,6 @@
 #include "ssl_locl.h"
 #include "tls13_internal.h"
-static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
-        .version = DTLS1_VERSION,
-        .min_version = DTLS1_VERSION,
-        .max_version = DTLS1_VERSION,
-        .ssl_new = dtls1_new,
-        .ssl_clear = dtls1_clear,
-        .ssl_free = dtls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = dtls1_read_bytes,
-        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .ssl3_enc = &TLSv1_1_enc_data,
-};
-static const SSL_METHOD DTLSv1_client_method_data = {
-        .ssl_dispatch_alert = dtls1_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = dtls1_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &DTLSv1_client_method_internal_data,
-};
-const SSL_METHOD *
-DTLSv1_client_method(void)
-{
-        return &DTLSv1_client_method_data;
-}
-const SSL_METHOD *
-DTLS_client_method(void)
-{
-        return DTLSv1_client_method();
-}
 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
        .version = DTLS1_VERSION,
        .min_version = DTLS1_VERSION,
@@ -126,231 +87,39 @@ static const SSL_METHOD DTLSv1_method_data = {
 };
 const SSL_METHOD *
-DTLSv1_method(void)
+DTLSv1_client_method(void)
 {
        return &DTLSv1_method_data;
 }
 const SSL_METHOD *
-DTLS_method(void)
+DTLSv1_method(void)
 {
-        return DTLSv1_method();
+        return &DTLSv1_method_data;
 }
-static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
-        .version = DTLS1_VERSION,
-        .min_version = DTLS1_VERSION,
-        .max_version = DTLS1_VERSION,
-        .ssl_new = dtls1_new,
-        .ssl_clear = dtls1_clear,
-        .ssl_free = dtls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl_undefined_function,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = dtls1_read_bytes,
-        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .ssl3_enc = &TLSv1_1_enc_data,
-};
-static const SSL_METHOD DTLSv1_server_method_data = {
-        .ssl_dispatch_alert = dtls1_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = dtls1_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &DTLSv1_server_method_internal_data,
-};
 const SSL_METHOD *
 DTLSv1_server_method(void)
 {
-        return &DTLSv1_server_method_data;
+        return &DTLSv1_method_data;
-}
-const SSL_METHOD *
-DTLS_server_method(void)
-{
-        return DTLSv1_server_method();
-}
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
-static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
-        .version = TLS1_3_VERSION,
-        .min_version = TLS1_VERSION,
-        .max_version = TLS1_3_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = tls13_legacy_connect,
-        .ssl_shutdown = tls13_legacy_shutdown,
-        .ssl_renegotiate = ssl_undefined_function,
-        .ssl_renegotiate_check = ssl_ok,
-        .ssl_pending = tls13_legacy_pending,
-        .ssl_read_bytes = tls13_legacy_read_bytes,
-        .ssl_write_bytes = tls13_legacy_write_bytes,
-        .ssl3_enc = &TLSv1_3_enc_data,
-};
-static const SSL_METHOD TLS_client_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLS_client_method_internal_data,
-};
-#endif
-static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
-        .version = TLS1_2_VERSION,
-        .min_version = TLS1_VERSION,
-        .max_version = TLS1_2_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl_undefined_function,
-        .ssl_renegotiate_check = ssl_ok,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_2_enc_data,
-};
-static const SSL_METHOD TLS_legacy_client_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLS_legacy_client_method_internal_data,
-};
-static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
-        .version = TLS1_VERSION,
-        .min_version = TLS1_VERSION,
-        .max_version = TLS1_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_enc_data,
-};
-static const SSL_METHOD TLSv1_client_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLSv1_client_method_internal_data,
-};
-static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
-        .version = TLS1_1_VERSION,
-        .min_version = TLS1_1_VERSION,
-        .max_version = TLS1_1_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_1_enc_data,
-};
-static const SSL_METHOD TLSv1_1_client_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLSv1_1_client_method_internal_data,
-};
-static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
-        .version = TLS1_2_VERSION,
-        .min_version = TLS1_2_VERSION,
-        .max_version = TLS1_2_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_2_enc_data,
-};
-static const SSL_METHOD TLSv1_2_client_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLSv1_2_client_method_internal_data,
-};
-const SSL_METHOD *
-SSLv23_client_method(void)
-{
-        return (TLS_client_method());
-}
-const SSL_METHOD *
-TLS_client_method(void)
-{
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
-        return (&TLS_client_method_data);
-#else
-        return tls_legacy_client_method();
-#endif
-}
-const SSL_METHOD *
-tls_legacy_client_method(void)
-{
-        return (&TLS_legacy_client_method_data);
 }
 const SSL_METHOD *
-TLSv1_client_method(void)
+DTLS_client_method(void)
 {
-        return (&TLSv1_client_method_data);
+        return DTLSv1_method();
 }
 const SSL_METHOD *
-TLSv1_1_client_method(void)
+DTLS_method(void)
 {
-        return (&TLSv1_1_client_method_data);
+        return DTLSv1_method();
 }
 const SSL_METHOD *
-TLSv1_2_client_method(void)
+DTLS_server_method(void)
 {
-        return (&TLSv1_2_client_method_data);
+        return DTLSv1_method();
 }
 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -491,9 +260,9 @@ static const SSL_METHOD TLSv1_2_method_data = {
 };
 const SSL_METHOD *
-SSLv23_method(void)
+TLS_client_method(void)
 {
-        return (TLS_method());
+        return TLS_method();
 }
 const SSL_METHOD *
@@ -507,236 +276,102 @@ TLS_method(void)
 }
 const SSL_METHOD *
+TLS_server_method(void)
+{
+        return TLS_method();
+}
+const SSL_METHOD *
 tls_legacy_method(void)
 {
        return (&TLS_legacy_method_data);
 }
 const SSL_METHOD *
-TLSv1_method(void)
+SSLv23_client_method(void)
 {
-        return (&TLSv1_method_data);
+        return TLS_method();
 }
 const SSL_METHOD *
-TLSv1_1_method(void)
+SSLv23_method(void)
 {
-        return (&TLSv1_1_method_data);
+        return TLS_method();
 }
 const SSL_METHOD *
-TLSv1_2_method(void)
+SSLv23_server_method(void)
 {
-        return (&TLSv1_2_method_data);
+        return TLS_method();
 }
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
+const SSL_METHOD *
-static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
+TLSv1_client_method(void)
-        .version = TLS1_3_VERSION,
+{
-        .min_version = TLS1_VERSION,
+        return (&TLSv1_method_data);
-        .max_version = TLS1_3_VERSION,
+}
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = tls13_legacy_accept,
-        .ssl_connect = ssl_undefined_function,
-        .ssl_shutdown = tls13_legacy_shutdown,
-        .ssl_renegotiate = ssl_undefined_function,
-        .ssl_renegotiate_check = ssl_ok,
-        .ssl_pending = tls13_legacy_pending,
-        .ssl_read_bytes = tls13_legacy_read_bytes,
-        .ssl_write_bytes = tls13_legacy_write_bytes,
-        .ssl3_enc = &TLSv1_3_enc_data,
-};
-static const SSL_METHOD TLS_server_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLS_server_method_internal_data,
-};
-#endif
-static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
-        .version = TLS1_2_VERSION,
-        .min_version = TLS1_VERSION,
-        .max_version = TLS1_2_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl_undefined_function,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl_undefined_function,
-        .ssl_renegotiate_check = ssl_ok,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_2_enc_data,
-};
-static const SSL_METHOD TLS_legacy_server_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLS_legacy_server_method_internal_data,
-};
-static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
-        .version = TLS1_VERSION,
-        .min_version = TLS1_VERSION,
-        .max_version = TLS1_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl_undefined_function,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_enc_data,
-};
-static const SSL_METHOD TLSv1_server_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLSv1_server_method_internal_data,
-};
-static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
-        .version = TLS1_1_VERSION,
-        .min_version = TLS1_1_VERSION,
-        .max_version = TLS1_1_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl_undefined_function,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_1_enc_data,
-};
-static const SSL_METHOD TLSv1_1_server_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLSv1_1_server_method_internal_data,
-};
-static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
-        .version = TLS1_2_VERSION,
-        .min_version = TLS1_2_VERSION,
-        .max_version = TLS1_2_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl_undefined_function,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .ssl3_enc = &TLSv1_2_enc_data,
-};
-static const SSL_METHOD TLSv1_2_server_method_data = {
-        .ssl_dispatch_alert = ssl3_dispatch_alert,
-        .num_ciphers = ssl3_num_ciphers,
-        .get_cipher = ssl3_get_cipher,
-        .get_cipher_by_char = ssl3_get_cipher_by_char,
-        .put_cipher_by_char = ssl3_put_cipher_by_char,
-        .internal = &TLSv1_2_server_method_internal_data,
-};
 const SSL_METHOD *
-SSLv23_server_method(void)
+TLSv1_method(void)
 {
-        return (TLS_server_method());
+        return (&TLSv1_method_data);
 }
 const SSL_METHOD *
-TLS_server_method(void)
+TLSv1_server_method(void)
 {
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
+        return (&TLSv1_method_data);
-        return (&TLS_server_method_data);
-#else
-        return tls_legacy_server_method();
-#endif
 }
 const SSL_METHOD *
-tls_legacy_server_method(void)
+TLSv1_1_client_method(void)
 {
-        return (&TLS_legacy_server_method_data);
+        return (&TLSv1_1_method_data);
 }
 const SSL_METHOD *
-TLSv1_server_method(void)
+TLSv1_1_method(void)
 {
-        return (&TLSv1_server_method_data);
+        return (&TLSv1_1_method_data);
 }
 const SSL_METHOD *
 TLSv1_1_server_method(void)
 {
-        return (&TLSv1_1_server_method_data);
+        return (&TLSv1_1_method_data);
 }
 const SSL_METHOD *
-TLSv1_2_server_method(void)
+TLSv1_2_client_method(void)
 {
-        return (&TLSv1_2_server_method_data);
+        return (&TLSv1_2_method_data);
 }
 const SSL_METHOD *
-ssl_get_client_method(uint16_t version)
+TLSv1_2_method(void)
 {
-        if (version == TLS1_3_VERSION)
+        return (&TLSv1_2_method_data);
-                return (TLS_client_method());
+}
-        if (version == TLS1_2_VERSION)
-                return (TLSv1_2_client_method());
-        if (version == TLS1_1_VERSION)
-                return (TLSv1_1_client_method());
-        if (version == TLS1_VERSION)
-                return (TLSv1_client_method());
-        if (version == DTLS1_VERSION)
-                return (DTLSv1_client_method());
-        return (NULL);
+const SSL_METHOD *
+TLSv1_2_server_method(void)
+{
+        return (&TLSv1_2_method_data);
 }
 const SSL_METHOD *
-ssl_get_server_method(uint16_t version)
+ssl_get_method(uint16_t version)
 {
        if (version == TLS1_3_VERSION)
-                return (TLS_server_method());
+                return (TLS_method());
        if (version == TLS1_2_VERSION)
-                return (TLSv1_2_server_method());
+                return (TLSv1_2_method());
        if (version == TLS1_1_VERSION)
-                return (TLSv1_1_server_method());
+                return (TLSv1_1_method());
        if (version == TLS1_VERSION)
-                return (TLSv1_server_method());
+                return (TLSv1_method());
        if (version == DTLS1_VERSION)
-                return (DTLSv1_server_method());
+                return (DTLSv1_method());
        return (NULL);
 }

diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index ddfb8dfdba..23c7e97b57 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_methods.c,v 1.17 2020/10/03 17:54:27 jsing Exp $ */	1	/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -59,45 +59,6 @@
59	#include "ssl_locl.h"	59	#include "ssl_locl.h"
60	#include "tls13_internal.h"	60	#include "tls13_internal.h"
61		61
62	static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
63	.version = DTLS1_VERSION,
64	.min_version = DTLS1_VERSION,
65	.max_version = DTLS1_VERSION,
66	.ssl_new = dtls1_new,
67	.ssl_clear = dtls1_clear,
68	.ssl_free = dtls1_free,
69	.ssl_accept = ssl_undefined_function,
70	.ssl_connect = ssl3_connect,
71	.ssl_shutdown = ssl3_shutdown,
72	.ssl_renegotiate = ssl3_renegotiate,
73	.ssl_renegotiate_check = ssl3_renegotiate_check,
74	.ssl_pending = ssl3_pending,
75	.ssl_read_bytes = dtls1_read_bytes,
76	.ssl_write_bytes = dtls1_write_app_data_bytes,
77	.ssl3_enc = &TLSv1_1_enc_data,
78	};
79
80	static const SSL_METHOD DTLSv1_client_method_data = {
81	.ssl_dispatch_alert = dtls1_dispatch_alert,
82	.num_ciphers = ssl3_num_ciphers,
83	.get_cipher = dtls1_get_cipher,
84	.get_cipher_by_char = ssl3_get_cipher_by_char,
85	.put_cipher_by_char = ssl3_put_cipher_by_char,
86	.internal = &DTLSv1_client_method_internal_data,
87	};
88
89	const SSL_METHOD *
90	DTLSv1_client_method(void)
91	{
92	return &DTLSv1_client_method_data;
93	}
94
95	const SSL_METHOD *
96	DTLS_client_method(void)
97	{
98	return DTLSv1_client_method();
99	}
100
101	static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {	62	static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
102	.version = DTLS1_VERSION,	63	.version = DTLS1_VERSION,
103	.min_version = DTLS1_VERSION,	64	.min_version = DTLS1_VERSION,
@@ -126,231 +87,39 @@ static const SSL_METHOD DTLSv1_method_data = {
126	};	87	};
127		88
128	const SSL_METHOD *	89	const SSL_METHOD *
129	DTLSv1_method(void)	90	DTLSv1_client_method(void)
130	{	91	{
131	return &DTLSv1_method_data;	92	return &DTLSv1_method_data;
132	}	93	}
133		94
134	const SSL_METHOD *	95	const SSL_METHOD *
135	DTLS_method(void)	96	DTLSv1_method(void)
136	{	97	{
137	return DTLSv1_method();	98	return &DTLSv1_method_data;
138	}	99	}
139		100
140	static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
141	.version = DTLS1_VERSION,
142	.min_version = DTLS1_VERSION,
143	.max_version = DTLS1_VERSION,
144	.ssl_new = dtls1_new,
145	.ssl_clear = dtls1_clear,
146	.ssl_free = dtls1_free,
147	.ssl_accept = ssl3_accept,
148	.ssl_connect = ssl_undefined_function,
149	.ssl_shutdown = ssl3_shutdown,
150	.ssl_renegotiate = ssl3_renegotiate,
151	.ssl_renegotiate_check = ssl3_renegotiate_check,
152	.ssl_pending = ssl3_pending,
153	.ssl_read_bytes = dtls1_read_bytes,
154	.ssl_write_bytes = dtls1_write_app_data_bytes,
155	.ssl3_enc = &TLSv1_1_enc_data,
156	};
157
158	static const SSL_METHOD DTLSv1_server_method_data = {
159	.ssl_dispatch_alert = dtls1_dispatch_alert,
160	.num_ciphers = ssl3_num_ciphers,
161	.get_cipher = dtls1_get_cipher,
162	.get_cipher_by_char = ssl3_get_cipher_by_char,
163	.put_cipher_by_char = ssl3_put_cipher_by_char,
164	.internal = &DTLSv1_server_method_internal_data,
165	};
166
167	const SSL_METHOD *	101	const SSL_METHOD *
168	DTLSv1_server_method(void)	102	DTLSv1_server_method(void)
169	{	103	{
170	return &DTLSv1_server_method_data;	104	return &DTLSv1_method_data;
171	}
172
173	const SSL_METHOD *
174	DTLS_server_method(void)
175	{
176	return DTLSv1_server_method();
177	}
178
179	#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
180	static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
181	.version = TLS1_3_VERSION,
182	.min_version = TLS1_VERSION,
183	.max_version = TLS1_3_VERSION,
184	.ssl_new = tls1_new,
185	.ssl_clear = tls1_clear,
186	.ssl_free = tls1_free,
187	.ssl_accept = ssl_undefined_function,
188	.ssl_connect = tls13_legacy_connect,
189	.ssl_shutdown = tls13_legacy_shutdown,
190	.ssl_renegotiate = ssl_undefined_function,
191	.ssl_renegotiate_check = ssl_ok,
192	.ssl_pending = tls13_legacy_pending,
193	.ssl_read_bytes = tls13_legacy_read_bytes,
194	.ssl_write_bytes = tls13_legacy_write_bytes,
195	.ssl3_enc = &TLSv1_3_enc_data,
196	};
197
198	static const SSL_METHOD TLS_client_method_data = {
199	.ssl_dispatch_alert = ssl3_dispatch_alert,
200	.num_ciphers = ssl3_num_ciphers,
201	.get_cipher = ssl3_get_cipher,
202	.get_cipher_by_char = ssl3_get_cipher_by_char,
203	.put_cipher_by_char = ssl3_put_cipher_by_char,
204	.internal = &TLS_client_method_internal_data,
205	};
206	#endif
207
208	static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
209	.version = TLS1_2_VERSION,
210	.min_version = TLS1_VERSION,
211	.max_version = TLS1_2_VERSION,
212	.ssl_new = tls1_new,
213	.ssl_clear = tls1_clear,
214	.ssl_free = tls1_free,
215	.ssl_accept = ssl_undefined_function,
216	.ssl_connect = ssl3_connect,
217	.ssl_shutdown = ssl3_shutdown,
218	.ssl_renegotiate = ssl_undefined_function,
219	.ssl_renegotiate_check = ssl_ok,
220	.ssl_pending = ssl3_pending,
221	.ssl_read_bytes = ssl3_read_bytes,
222	.ssl_write_bytes = ssl3_write_bytes,
223	.ssl3_enc = &TLSv1_2_enc_data,
224	};
225
226	static const SSL_METHOD TLS_legacy_client_method_data = {
227	.ssl_dispatch_alert = ssl3_dispatch_alert,
228	.num_ciphers = ssl3_num_ciphers,
229	.get_cipher = ssl3_get_cipher,
230	.get_cipher_by_char = ssl3_get_cipher_by_char,
231	.put_cipher_by_char = ssl3_put_cipher_by_char,
232	.internal = &TLS_legacy_client_method_internal_data,
233	};
234
235	static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
236	.version = TLS1_VERSION,
237	.min_version = TLS1_VERSION,
238	.max_version = TLS1_VERSION,
239	.ssl_new = tls1_new,
240	.ssl_clear = tls1_clear,
241	.ssl_free = tls1_free,
242	.ssl_accept = ssl_undefined_function,
243	.ssl_connect = ssl3_connect,
244	.ssl_shutdown = ssl3_shutdown,
245	.ssl_renegotiate = ssl3_renegotiate,
246	.ssl_renegotiate_check = ssl3_renegotiate_check,
247	.ssl_pending = ssl3_pending,
248	.ssl_read_bytes = ssl3_read_bytes,
249	.ssl_write_bytes = ssl3_write_bytes,
250	.ssl3_enc = &TLSv1_enc_data,
251	};
252
253	static const SSL_METHOD TLSv1_client_method_data = {
254	.ssl_dispatch_alert = ssl3_dispatch_alert,
255	.num_ciphers = ssl3_num_ciphers,
256	.get_cipher = ssl3_get_cipher,
257	.get_cipher_by_char = ssl3_get_cipher_by_char,
258	.put_cipher_by_char = ssl3_put_cipher_by_char,
259	.internal = &TLSv1_client_method_internal_data,
260	};
261
262	static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
263	.version = TLS1_1_VERSION,
264	.min_version = TLS1_1_VERSION,
265	.max_version = TLS1_1_VERSION,
266	.ssl_new = tls1_new,
267	.ssl_clear = tls1_clear,
268	.ssl_free = tls1_free,
269	.ssl_accept = ssl_undefined_function,
270	.ssl_connect = ssl3_connect,
271	.ssl_shutdown = ssl3_shutdown,
272	.ssl_renegotiate = ssl3_renegotiate,
273	.ssl_renegotiate_check = ssl3_renegotiate_check,
274	.ssl_pending = ssl3_pending,
275	.ssl_read_bytes = ssl3_read_bytes,
276	.ssl_write_bytes = ssl3_write_bytes,
277	.ssl3_enc = &TLSv1_1_enc_data,
278	};
279
280	static const SSL_METHOD TLSv1_1_client_method_data = {
281	.ssl_dispatch_alert = ssl3_dispatch_alert,
282	.num_ciphers = ssl3_num_ciphers,
283	.get_cipher = ssl3_get_cipher,
284	.get_cipher_by_char = ssl3_get_cipher_by_char,
285	.put_cipher_by_char = ssl3_put_cipher_by_char,
286	.internal = &TLSv1_1_client_method_internal_data,
287	};
288
289	static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
290	.version = TLS1_2_VERSION,
291	.min_version = TLS1_2_VERSION,
292	.max_version = TLS1_2_VERSION,
293	.ssl_new = tls1_new,
294	.ssl_clear = tls1_clear,
295	.ssl_free = tls1_free,
296	.ssl_accept = ssl_undefined_function,
297	.ssl_connect = ssl3_connect,
298	.ssl_shutdown = ssl3_shutdown,
299	.ssl_renegotiate = ssl3_renegotiate,
300	.ssl_renegotiate_check = ssl3_renegotiate_check,
301	.ssl_pending = ssl3_pending,
302	.ssl_read_bytes = ssl3_read_bytes,
303	.ssl_write_bytes = ssl3_write_bytes,
304	.ssl3_enc = &TLSv1_2_enc_data,
305	};
306
307	static const SSL_METHOD TLSv1_2_client_method_data = {
308	.ssl_dispatch_alert = ssl3_dispatch_alert,
309	.num_ciphers = ssl3_num_ciphers,
310	.get_cipher = ssl3_get_cipher,
311	.get_cipher_by_char = ssl3_get_cipher_by_char,
312	.put_cipher_by_char = ssl3_put_cipher_by_char,
313	.internal = &TLSv1_2_client_method_internal_data,
314	};
315
316	const SSL_METHOD *
317	SSLv23_client_method(void)
318	{
319	return (TLS_client_method());
320	}
321
322	const SSL_METHOD *
323	TLS_client_method(void)
324	{
325	#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
326	return (&TLS_client_method_data);
327	#else
328	return tls_legacy_client_method();
329	#endif
330	}
331
332	const SSL_METHOD *
333	tls_legacy_client_method(void)
334	{
335	return (&TLS_legacy_client_method_data);
336	}	105	}
337		106
338	const SSL_METHOD *	107	const SSL_METHOD *
339	TLSv1_client_method(void)	108	DTLS_client_method(void)
340	{	109	{
341	return (&TLSv1_client_method_data);	110	return DTLSv1_method();
342	}	111	}
343		112
344	const SSL_METHOD *	113	const SSL_METHOD *
345	TLSv1_1_client_method(void)	114	DTLS_method(void)
346	{	115	{
347	return (&TLSv1_1_client_method_data);	116	return DTLSv1_method();
348	}	117	}
349		118
350	const SSL_METHOD *	119	const SSL_METHOD *
351	TLSv1_2_client_method(void)	120	DTLS_server_method(void)
352	{	121	{
353	return (&TLSv1_2_client_method_data);	122	return DTLSv1_method();
354	}	123	}
355		124
356	#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)	125	#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -491,9 +260,9 @@ static const SSL_METHOD TLSv1_2_method_data = {
491	};	260	};
492		261
493	const SSL_METHOD *	262	const SSL_METHOD *
494	SSLv23_method(void)	263	TLS_client_method(void)
495	{	264	{
496	return (TLS_method());	265	return TLS_method();
497	}	266	}
498		267
499	const SSL_METHOD *	268	const SSL_METHOD *
@@ -507,236 +276,102 @@ TLS_method(void)
507	}	276	}
508		277
509	const SSL_METHOD *	278	const SSL_METHOD *
		279	TLS_server_method(void)
		280	{
		281	return TLS_method();
		282	}
		283
		284	const SSL_METHOD *
510	tls_legacy_method(void)	285	tls_legacy_method(void)
511	{	286	{
512	return (&TLS_legacy_method_data);	287	return (&TLS_legacy_method_data);
513	}	288	}
514		289
515	const SSL_METHOD *	290	const SSL_METHOD *
516	TLSv1_method(void)	291	SSLv23_client_method(void)
517	{	292	{
518	return (&TLSv1_method_data);	293	return TLS_method();
519	}	294	}
520		295
521	const SSL_METHOD *	296	const SSL_METHOD *
522	TLSv1_1_method(void)	297	SSLv23_method(void)
523	{	298	{
524	return (&TLSv1_1_method_data);	299	return TLS_method();
525	}	300	}
526		301
527	const SSL_METHOD *	302	const SSL_METHOD *
528	TLSv1_2_method(void)	303	SSLv23_server_method(void)
529	{	304	{
530	return (&TLSv1_2_method_data);	305	return TLS_method();
531	}	306	}
532		307
533	#ifdef LIBRESSL_HAS_TLS1_3_SERVER	308	const SSL_METHOD *
534	static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {	309	TLSv1_client_method(void)
535	.version = TLS1_3_VERSION,	310	{
536	.min_version = TLS1_VERSION,	311	return (&TLSv1_method_data);
537	.max_version = TLS1_3_VERSION,	312	}
538	.ssl_new = tls1_new,
539	.ssl_clear = tls1_clear,
540	.ssl_free = tls1_free,
541	.ssl_accept = tls13_legacy_accept,
542	.ssl_connect = ssl_undefined_function,
543	.ssl_shutdown = tls13_legacy_shutdown,
544	.ssl_renegotiate = ssl_undefined_function,
545	.ssl_renegotiate_check = ssl_ok,
546	.ssl_pending = tls13_legacy_pending,
547	.ssl_read_bytes = tls13_legacy_read_bytes,
548	.ssl_write_bytes = tls13_legacy_write_bytes,
549	.ssl3_enc = &TLSv1_3_enc_data,
550	};
551
552	static const SSL_METHOD TLS_server_method_data = {
553	.ssl_dispatch_alert = ssl3_dispatch_alert,
554	.num_ciphers = ssl3_num_ciphers,
555	.get_cipher = ssl3_get_cipher,
556	.get_cipher_by_char = ssl3_get_cipher_by_char,
557	.put_cipher_by_char = ssl3_put_cipher_by_char,
558	.internal = &TLS_server_method_internal_data,
559	};
560	#endif
561
562	static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
563	.version = TLS1_2_VERSION,
564	.min_version = TLS1_VERSION,
565	.max_version = TLS1_2_VERSION,
566	.ssl_new = tls1_new,
567	.ssl_clear = tls1_clear,
568	.ssl_free = tls1_free,
569	.ssl_accept = ssl3_accept,
570	.ssl_connect = ssl_undefined_function,
571	.ssl_shutdown = ssl3_shutdown,
572	.ssl_renegotiate = ssl_undefined_function,
573	.ssl_renegotiate_check = ssl_ok,
574	.ssl_pending = ssl3_pending,
575	.ssl_read_bytes = ssl3_read_bytes,
576	.ssl_write_bytes = ssl3_write_bytes,
577	.ssl3_enc = &TLSv1_2_enc_data,
578	};
579
580	static const SSL_METHOD TLS_legacy_server_method_data = {
581	.ssl_dispatch_alert = ssl3_dispatch_alert,
582	.num_ciphers = ssl3_num_ciphers,
583	.get_cipher = ssl3_get_cipher,
584	.get_cipher_by_char = ssl3_get_cipher_by_char,
585	.put_cipher_by_char = ssl3_put_cipher_by_char,
586	.internal = &TLS_legacy_server_method_internal_data,
587	};
588
589	static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
590	.version = TLS1_VERSION,
591	.min_version = TLS1_VERSION,
592	.max_version = TLS1_VERSION,
593	.ssl_new = tls1_new,
594	.ssl_clear = tls1_clear,
595	.ssl_free = tls1_free,
596	.ssl_accept = ssl3_accept,
597	.ssl_connect = ssl_undefined_function,
598	.ssl_shutdown = ssl3_shutdown,
599	.ssl_renegotiate = ssl3_renegotiate,
600	.ssl_renegotiate_check = ssl3_renegotiate_check,
601	.ssl_pending = ssl3_pending,
602	.ssl_read_bytes = ssl3_read_bytes,
603	.ssl_write_bytes = ssl3_write_bytes,
604	.ssl3_enc = &TLSv1_enc_data,
605	};
606
607	static const SSL_METHOD TLSv1_server_method_data = {
608	.ssl_dispatch_alert = ssl3_dispatch_alert,
609	.num_ciphers = ssl3_num_ciphers,
610	.get_cipher = ssl3_get_cipher,
611	.get_cipher_by_char = ssl3_get_cipher_by_char,
612	.put_cipher_by_char = ssl3_put_cipher_by_char,
613	.internal = &TLSv1_server_method_internal_data,
614	};
615
616	static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
617	.version = TLS1_1_VERSION,
618	.min_version = TLS1_1_VERSION,
619	.max_version = TLS1_1_VERSION,
620	.ssl_new = tls1_new,
621	.ssl_clear = tls1_clear,
622	.ssl_free = tls1_free,
623	.ssl_accept = ssl3_accept,
624	.ssl_connect = ssl_undefined_function,
625	.ssl_shutdown = ssl3_shutdown,
626	.ssl_renegotiate = ssl3_renegotiate,
627	.ssl_renegotiate_check = ssl3_renegotiate_check,
628	.ssl_pending = ssl3_pending,
629	.ssl_read_bytes = ssl3_read_bytes,
630	.ssl_write_bytes = ssl3_write_bytes,
631	.ssl3_enc = &TLSv1_1_enc_data,
632	};
633
634	static const SSL_METHOD TLSv1_1_server_method_data = {
635	.ssl_dispatch_alert = ssl3_dispatch_alert,
636	.num_ciphers = ssl3_num_ciphers,
637	.get_cipher = ssl3_get_cipher,
638	.get_cipher_by_char = ssl3_get_cipher_by_char,
639	.put_cipher_by_char = ssl3_put_cipher_by_char,
640	.internal = &TLSv1_1_server_method_internal_data,
641	};
642
643	static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
644	.version = TLS1_2_VERSION,
645	.min_version = TLS1_2_VERSION,
646	.max_version = TLS1_2_VERSION,
647	.ssl_new = tls1_new,
648	.ssl_clear = tls1_clear,
649	.ssl_free = tls1_free,
650	.ssl_accept = ssl3_accept,
651	.ssl_connect = ssl_undefined_function,
652	.ssl_shutdown = ssl3_shutdown,
653	.ssl_renegotiate = ssl3_renegotiate,
654	.ssl_renegotiate_check = ssl3_renegotiate_check,
655	.ssl_pending = ssl3_pending,
656	.ssl_read_bytes = ssl3_read_bytes,
657	.ssl_write_bytes = ssl3_write_bytes,
658	.ssl3_enc = &TLSv1_2_enc_data,
659	};
660
661	static const SSL_METHOD TLSv1_2_server_method_data = {
662	.ssl_dispatch_alert = ssl3_dispatch_alert,
663	.num_ciphers = ssl3_num_ciphers,
664	.get_cipher = ssl3_get_cipher,
665	.get_cipher_by_char = ssl3_get_cipher_by_char,
666	.put_cipher_by_char = ssl3_put_cipher_by_char,
667	.internal = &TLSv1_2_server_method_internal_data,
668	};
669		313
670	const SSL_METHOD *	314	const SSL_METHOD *
671	SSLv23_server_method(void)	315	TLSv1_method(void)
672	{	316	{
673	return (TLS_server_method());	317	return (&TLSv1_method_data);
674	}	318	}
675		319
676	const SSL_METHOD *	320	const SSL_METHOD *
677	TLS_server_method(void)	321	TLSv1_server_method(void)
678	{	322	{
679	#ifdef LIBRESSL_HAS_TLS1_3_SERVER	323	return (&TLSv1_method_data);
680	return (&TLS_server_method_data);
681	#else
682	return tls_legacy_server_method();
683	#endif
684	}	324	}
685		325
686	const SSL_METHOD *	326	const SSL_METHOD *
687	tls_legacy_server_method(void)	327	TLSv1_1_client_method(void)
688	{	328	{
689	return (&TLS_legacy_server_method_data);	329	return (&TLSv1_1_method_data);
690	}	330	}
691		331
692	const SSL_METHOD *	332	const SSL_METHOD *
693	TLSv1_server_method(void)	333	TLSv1_1_method(void)
694	{	334	{
695	return (&TLSv1_server_method_data);	335	return (&TLSv1_1_method_data);
696	}	336	}
697		337
698	const SSL_METHOD *	338	const SSL_METHOD *
699	TLSv1_1_server_method(void)	339	TLSv1_1_server_method(void)
700	{	340	{
701	return (&TLSv1_1_server_method_data);	341	return (&TLSv1_1_method_data);
702	}	342	}
703		343
704	const SSL_METHOD *	344	const SSL_METHOD *
705	TLSv1_2_server_method(void)	345	TLSv1_2_client_method(void)
706	{	346	{
707	return (&TLSv1_2_server_method_data);	347	return (&TLSv1_2_method_data);
708	}	348	}
709		349
710	const SSL_METHOD *	350	const SSL_METHOD *
711	ssl_get_client_method(uint16_t version)	351	TLSv1_2_method(void)
712	{	352	{
713	if (version == TLS1_3_VERSION)	353	return (&TLSv1_2_method_data);
714	return (TLS_client_method());	354	}
715	if (version == TLS1_2_VERSION)
716	return (TLSv1_2_client_method());
717	if (version == TLS1_1_VERSION)
718	return (TLSv1_1_client_method());
719	if (version == TLS1_VERSION)
720	return (TLSv1_client_method());
721	if (version == DTLS1_VERSION)
722	return (DTLSv1_client_method());
723		355
724	return (NULL);	356	const SSL_METHOD *
		357	TLSv1_2_server_method(void)
		358	{
		359	return (&TLSv1_2_method_data);
725	}	360	}
726		361
727	const SSL_METHOD *	362	const SSL_METHOD *
728	ssl_get_server_method(uint16_t version)	363	ssl_get_method(uint16_t version)
729	{	364	{
730	if (version == TLS1_3_VERSION)	365	if (version == TLS1_3_VERSION)
731	return (TLS_server_method());	366	return (TLS_method());
732	if (version == TLS1_2_VERSION)	367	if (version == TLS1_2_VERSION)
733	return (TLSv1_2_server_method());	368	return (TLSv1_2_method());
734	if (version == TLS1_1_VERSION)	369	if (version == TLS1_1_VERSION)
735	return (TLSv1_1_server_method());	370	return (TLSv1_1_method());
736	if (version == TLS1_VERSION)	371	if (version == TLS1_VERSION)
737	return (TLSv1_server_method());	372	return (TLSv1_method());
738	if (version == DTLS1_VERSION)	373	if (version == DTLS1_VERSION)
739	return (DTLSv1_server_method());	374	return (DTLSv1_method());
740		375
741	return (NULL);	376	return (NULL);
742	}	377	}