1 files changed, 50 insertions, 4 deletions

diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c
index 276fcc66d84..d679e3242f6 100644
--- a/lib/libssl/ssl_methods.c
+++ b/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.12 2020/02/06 16:05:58 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.13 2020/07/07 19:24:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -421,7 +421,39 @@ TLSv1_2_client_method(void)
 
 static const SSL_METHOD *tls1_get_method(int ver);
 
+#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
 static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
+	.version = TLS1_3_VERSION,
+	.min_version = TLS1_VERSION,
+	.max_version = TLS1_3_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = tls13_legacy_accept,
+	.ssl_connect = tls13_legacy_connect,
+	.ssl_shutdown = tls13_legacy_shutdown,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl_undefined_function,
+	.ssl_renegotiate_check = ssl_ok,
+	.ssl_pending = tls13_legacy_pending,
+	.ssl_read_bytes = tls13_legacy_read_bytes,
+	.ssl_write_bytes = tls13_legacy_write_bytes,
+	.ssl3_enc = &TLSv1_3_enc_data,
+};
+
+static const SSL_METHOD TLS_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLS_method_internal_data,
+};
+#endif
+
+static const SSL_METHOD_INTERNAL TLS_legacy_method_internal_data = {
 	.version = TLS1_2_VERSION,
 	.min_version = TLS1_VERSION,
 	.max_version = TLS1_2_VERSION,
@@ -442,13 +474,13 @@ static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
 	.ssl3_enc = &TLSv1_2_enc_data,
 };
 
-static const SSL_METHOD TLS_method_data = {
+static const SSL_METHOD TLS_legacy_method_data = {
 	.ssl_dispatch_alert = ssl3_dispatch_alert,
 	.num_ciphers = ssl3_num_ciphers,
 	.get_cipher = ssl3_get_cipher,
 	.get_cipher_by_char = ssl3_get_cipher_by_char,
 	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_method_internal_data,
+	.internal = &TLS_legacy_method_internal_data,
 };
 
 static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
@@ -544,6 +576,10 @@ static const SSL_METHOD TLSv1_2_method_data = {
 static const SSL_METHOD *
 tls1_get_method(int ver)
 {
+#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
+	if (ver == TLS1_3_VERSION)
+		return (TLS_method());
+#endif
 	if (ver == TLS1_2_VERSION)
 		return (TLSv1_2_method());
 	if (ver == TLS1_1_VERSION)
@@ -562,7 +598,17 @@ SSLv23_method(void)
 const SSL_METHOD *
 TLS_method(void)
 {
-	return &TLS_method_data;
+#if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
+	return (&TLS_method_data);
+#else
+	return tls_legacy_method();
+#endif
+}
+
+const SSL_METHOD *
+tls_legacy_method(void)
+{
+	return (&TLS_legacy_method_data);
 }
 
 const SSL_METHOD *