From 9fef1c44a60220d617ce7edb2d07c208216a8adb Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 11 Oct 2020 02:22:27 +0000
Subject: Condense and simplify TLS methods.

Historically, OpenSSL has had client and server specific methods - the only
difference between these is that the .ssl_connect or .ssl_accept function
pointer is set to ssl_undefined_function, with the intention of reducing
code size for a statically linked binary that was only a client or server.
These days the difference is minimal or non-existant in many cases and
we can reduce the amount of code and complexity by having single method.

Internally remove all of the client and server specific methods,
simplifying code in the process. The external client/server specific API
remain, however these now return the same thing as TLS_method() does.

ok tb@
---
 lib/libssl/ssl_methods.c | 473 ++++++-----------------------------------------
 1 file changed, 54 insertions(+), 419 deletions(-)

(limited to 'lib/libssl/ssl_methods.c')

diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c
index ddfb8dfdba2..23c7e97b574 100644
--- a/lib/libssl/ssl_methods.c
+++ b/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.17 2020/10/03 17:54:27 jsing Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.18 2020/10/11 02:22:27 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -59,45 +59,6 @@
 #include "ssl_locl.h"
 #include "tls13_internal.h"
 
-static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
-	.version = DTLS1_VERSION,
-	.min_version = DTLS1_VERSION,
-	.max_version = DTLS1_VERSION,
-	.ssl_new = dtls1_new,
-	.ssl_clear = dtls1_clear,
-	.ssl_free = dtls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = dtls1_read_bytes,
-	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_client_method_data = {
-	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &DTLSv1_client_method_internal_data,
-};
-
-const SSL_METHOD *
-DTLSv1_client_method(void)
-{
-	return &DTLSv1_client_method_data;
-}
-
-const SSL_METHOD *
-DTLS_client_method(void)
-{
-	return DTLSv1_client_method();
-}
-
 static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
 	.version = DTLS1_VERSION,
 	.min_version = DTLS1_VERSION,
@@ -126,231 +87,39 @@ static const SSL_METHOD DTLSv1_method_data = {
 };
 
 const SSL_METHOD *
-DTLSv1_method(void)
+DTLSv1_client_method(void)
 {
 	return &DTLSv1_method_data;
 }
 
 const SSL_METHOD *
-DTLS_method(void)
+DTLSv1_method(void)
 {
-	return DTLSv1_method();
+	return &DTLSv1_method_data;
 }
 
-static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
-	.version = DTLS1_VERSION,
-	.min_version = DTLS1_VERSION,
-	.max_version = DTLS1_VERSION,
-	.ssl_new = dtls1_new,
-	.ssl_clear = dtls1_clear,
-	.ssl_free = dtls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = dtls1_read_bytes,
-	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_server_method_data = {
-	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &DTLSv1_server_method_internal_data,
-};
-
 const SSL_METHOD *
 DTLSv1_server_method(void)
 {
-	return &DTLSv1_server_method_data;
-}
-
-const SSL_METHOD *
-DTLS_server_method(void)
-{
-	return DTLSv1_server_method();
-}
-
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
-static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
-	.version = TLS1_3_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_3_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = tls13_legacy_connect,
-	.ssl_shutdown = tls13_legacy_shutdown,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_pending = tls13_legacy_pending,
-	.ssl_read_bytes = tls13_legacy_read_bytes,
-	.ssl_write_bytes = tls13_legacy_write_bytes,
-	.ssl3_enc = &TLSv1_3_enc_data,
-};
-
-static const SSL_METHOD TLS_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_client_method_internal_data,
-};
-#endif
-
-static const SSL_METHOD_INTERNAL TLS_legacy_client_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_legacy_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_legacy_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
-	.version = TLS1_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
-	.version = TLS1_1_VERSION,
-	.min_version = TLS1_1_VERSION,
-	.max_version = TLS1_1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_1_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_2_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_2_client_method_internal_data,
-};
-
-const SSL_METHOD *
-SSLv23_client_method(void)
-{
-	return (TLS_client_method());
-}
-
-const SSL_METHOD *
-TLS_client_method(void)
-{
-#ifdef LIBRESSL_HAS_TLS1_3_CLIENT
-	return (&TLS_client_method_data);
-#else
-	return tls_legacy_client_method();
-#endif
-}
-
-const SSL_METHOD *
-tls_legacy_client_method(void)
-{
-	return (&TLS_legacy_client_method_data);
+	return &DTLSv1_method_data;
 }
 
 const SSL_METHOD *
-TLSv1_client_method(void)
+DTLS_client_method(void)
 {
-	return (&TLSv1_client_method_data);
+	return DTLSv1_method();
 }
 
 const SSL_METHOD *
-TLSv1_1_client_method(void)
+DTLS_method(void)
 {
-	return (&TLSv1_1_client_method_data);
+	return DTLSv1_method();
 }
 
 const SSL_METHOD *
-TLSv1_2_client_method(void)
+DTLS_server_method(void)
 {
-	return (&TLSv1_2_client_method_data);
+	return DTLSv1_method();
 }
 
 #if defined(LIBRESSL_HAS_TLS1_3_CLIENT) && defined(LIBRESSL_HAS_TLS1_3_SERVER)
@@ -491,9 +260,9 @@ static const SSL_METHOD TLSv1_2_method_data = {
 };
 
 const SSL_METHOD *
-SSLv23_method(void)
+TLS_client_method(void)
 {
-	return (TLS_method());
+	return TLS_method();
 }
 
 const SSL_METHOD *
@@ -506,6 +275,12 @@ TLS_method(void)
 #endif
 }
 
+const SSL_METHOD *
+TLS_server_method(void)
+{
+	return TLS_method();
+}
+
 const SSL_METHOD *
 tls_legacy_method(void)
 {
@@ -513,230 +288,90 @@ tls_legacy_method(void)
 }
 
 const SSL_METHOD *
-TLSv1_method(void)
+SSLv23_client_method(void)
 {
-	return (&TLSv1_method_data);
+	return TLS_method();
 }
 
 const SSL_METHOD *
-TLSv1_1_method(void)
+SSLv23_method(void)
 {
-	return (&TLSv1_1_method_data);
+	return TLS_method();
 }
 
 const SSL_METHOD *
-TLSv1_2_method(void)
+SSLv23_server_method(void)
 {
-	return (&TLSv1_2_method_data);
+	return TLS_method();
 }
 
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
-static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
-	.version = TLS1_3_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_3_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = tls13_legacy_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = tls13_legacy_shutdown,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_pending = tls13_legacy_pending,
-	.ssl_read_bytes = tls13_legacy_read_bytes,
-	.ssl_write_bytes = tls13_legacy_write_bytes,
-	.ssl3_enc = &TLSv1_3_enc_data,
-};
-
-static const SSL_METHOD TLS_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_server_method_internal_data,
-};
-#endif
-
-static const SSL_METHOD_INTERNAL TLS_legacy_server_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_legacy_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_legacy_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
-	.version = TLS1_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
-	.version = TLS1_1_VERSION,
-	.min_version = TLS1_1_VERSION,
-	.max_version = TLS1_1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_1_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_2_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.ssl_shutdown = ssl3_shutdown,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_pending = ssl3_pending,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_2_server_method_internal_data,
-};
+const SSL_METHOD *
+TLSv1_client_method(void)
+{
+	return (&TLSv1_method_data);
+}
 
 const SSL_METHOD *
-SSLv23_server_method(void)
+TLSv1_method(void)
 {
-	return (TLS_server_method());
+	return (&TLSv1_method_data);
 }
 
 const SSL_METHOD *
-TLS_server_method(void)
+TLSv1_server_method(void)
 {
-#ifdef LIBRESSL_HAS_TLS1_3_SERVER
-	return (&TLS_server_method_data);
-#else
-	return tls_legacy_server_method();
-#endif
+	return (&TLSv1_method_data);
 }
 
 const SSL_METHOD *
-tls_legacy_server_method(void)
+TLSv1_1_client_method(void)
 {
-	return (&TLS_legacy_server_method_data);
+	return (&TLSv1_1_method_data);
 }
 
 const SSL_METHOD *
-TLSv1_server_method(void)
+TLSv1_1_method(void)
 {
-	return (&TLSv1_server_method_data);
+	return (&TLSv1_1_method_data);
 }
 
 const SSL_METHOD *
 TLSv1_1_server_method(void)
 {
-	return (&TLSv1_1_server_method_data);
+	return (&TLSv1_1_method_data);
 }
 
 const SSL_METHOD *
-TLSv1_2_server_method(void)
+TLSv1_2_client_method(void)
 {
-	return (&TLSv1_2_server_method_data);
+	return (&TLSv1_2_method_data);
 }
 
 const SSL_METHOD *
-ssl_get_client_method(uint16_t version)
+TLSv1_2_method(void)
 {
-	if (version == TLS1_3_VERSION)
-		return (TLS_client_method());
-	if (version == TLS1_2_VERSION)
-		return (TLSv1_2_client_method());
-	if (version == TLS1_1_VERSION)
-		return (TLSv1_1_client_method());
-	if (version == TLS1_VERSION)
-		return (TLSv1_client_method());
-	if (version == DTLS1_VERSION)
-		return (DTLSv1_client_method());
+	return (&TLSv1_2_method_data);
+}
 
-	return (NULL);
+const SSL_METHOD *
+TLSv1_2_server_method(void)
+{
+	return (&TLSv1_2_method_data);
 }
 
 const SSL_METHOD *
-ssl_get_server_method(uint16_t version)
+ssl_get_method(uint16_t version)
 {
 	if (version == TLS1_3_VERSION)
-		return (TLS_server_method());
+		return (TLS_method());
 	if (version == TLS1_2_VERSION)
-		return (TLSv1_2_server_method());
+		return (TLSv1_2_method());
 	if (version == TLS1_1_VERSION)
-		return (TLSv1_1_server_method());
+		return (TLSv1_1_method());
 	if (version == TLS1_VERSION)
-		return (TLSv1_server_method());
+		return (TLSv1_method());
 	if (version == DTLS1_VERSION)
-		return (DTLSv1_server_method());
+		return (DTLSv1_method());
 
 	return (NULL);
 }
-- 
cgit v1.2.3-59-g8ed1b