Merge client/server SSL_METHODs into the generic one.
Supporting both schemes seems pointless. Now that s->server and s->state are
set appropriately late and get_ssl_method is gone, the only difference is that
the client/server ones have non-functional ssl_accept or ssl_connect hooks. We
can't lose the generic ones, so let's unify on that.
Note: this means a static linker will no longer drop the client or server
handshake code if unused by a consumer linking statically. However, Chromium
needs the server half anyway for DTLS and WebRTC, so that's probably a lost
cause. Android also exposes server APIs.
Change-Id: I290f5fb4ed558f59fadb5d1f84e9d9c405004c23
Reviewed-on: https://boringssl-review.googlesource.com/2440
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 8d1cceb..64c1775 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -128,24 +128,6 @@
static int dtls1_get_hello_verify(SSL *s);
-IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
- DTLSv1_client_method,
- ssl_undefined_function,
- dtls1_connect,
- DTLSv1_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
- DTLSv1_2_client_method,
- ssl_undefined_function,
- dtls1_connect,
- DTLSv1_2_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
- DTLS_client_method,
- ssl_undefined_function,
- dtls1_connect,
- DTLSv1_2_enc_data)
-
int dtls1_connect(SSL *s)
{
BUF_MEM *buf=NULL;
diff --git a/ssl/d1_meth.c b/ssl/d1_meth.c
index 172a745..15b2892 100644
--- a/ssl/d1_meth.c
+++ b/ssl/d1_meth.c
@@ -75,3 +75,33 @@
dtls1_accept,
dtls1_connect,
DTLSv1_2_enc_data)
+
+const SSL_METHOD *DTLSv1_2_server_method(void)
+ {
+ return DTLSv1_2_method();
+ }
+
+const SSL_METHOD *DTLSv1_server_method(void)
+ {
+ return DTLSv1_method();
+ }
+
+const SSL_METHOD *DTLS_server_method(void)
+ {
+ return DTLS_method();
+ }
+
+const SSL_METHOD *DTLSv1_2_client_method(void)
+ {
+ return DTLSv1_2_method();
+ }
+
+const SSL_METHOD *DTLSv1_client_method(void)
+ {
+ return DTLSv1_method();
+ }
+
+const SSL_METHOD *DTLS_client_method(void)
+ {
+ return DTLS_method();
+ }
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 2bad363..5da2fa8 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -128,24 +128,6 @@
static int dtls1_send_hello_verify_request(SSL *s);
-IMPLEMENT_dtls1_meth_func(DTLS1_VERSION,
- DTLSv1_server_method,
- dtls1_accept,
- ssl_undefined_function,
- DTLSv1_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION,
- DTLSv1_2_server_method,
- dtls1_accept,
- ssl_undefined_function,
- DTLSv1_2_enc_data)
-
-IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION,
- DTLS_server_method,
- dtls1_accept,
- ssl_undefined_function,
- DTLSv1_2_enc_data)
-
int dtls1_accept(SSL *s)
{
BUF_MEM *buf;
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index b8bef74..71b3936 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -120,7 +120,7 @@
static int ssl23_get_server_hello(SSL *s);
IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
- ssl_undefined_function,
+ ssl23_accept,
ssl23_connect)
int ssl23_connect(SSL *s)
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 2101a91..57adbd7 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -137,7 +137,7 @@
IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
ssl23_accept,
- ssl_undefined_function)
+ ssl23_connect)
int ssl23_accept(SSL *s)
{
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f766a82..2b39ad1 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -166,26 +166,6 @@
#include "ssl_locl.h"
#include "../crypto/dh/internal.h"
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method,
- ssl_undefined_function,
- ssl3_connect,
- TLSv1_2_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method,
- ssl_undefined_function,
- ssl3_connect,
- TLSv1_1_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method,
- ssl_undefined_function,
- ssl3_connect,
- TLSv1_enc_data)
-
-IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_client_method,
- ssl_undefined_function,
- ssl3_connect,
- SSLv3_enc_data)
-
int ssl3_connect(SSL *s)
{
BUF_MEM *buf=NULL;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 059f695..ad09cd2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1412,8 +1412,6 @@
break;
case SSL_CTRL_GET_CHANNEL_ID:
- if (!s->server)
- break;
if (!s->s3->tlsext_channel_id_valid)
break;
memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
@@ -1666,9 +1664,6 @@
return ssl_cert_select_current(ctx->cert, (X509 *)parg);
case SSL_CTRL_CHANNEL_ID:
- /* must be called on a server */
- if (ctx->method->ssl_accept == ssl_undefined_function)
- return 0;
ctx->tlsext_channel_id_enabled=1;
return 1;
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c
index 49bbc64..7c061a2 100644
--- a/ssl/s3_meth.c
+++ b/ssl/s3_meth.c
@@ -77,3 +77,43 @@
ssl3_accept,
ssl3_connect,
SSLv3_enc_data)
+
+const SSL_METHOD *TLSv1_2_server_method(void)
+ {
+ return TLSv1_2_method();
+ }
+
+const SSL_METHOD *TLSv1_1_server_method(void)
+ {
+ return TLSv1_1_method();
+ }
+
+const SSL_METHOD *TLSv1_server_method(void)
+ {
+ return TLSv1_method();
+ }
+
+const SSL_METHOD *SSLv3_server_method(void)
+ {
+ return SSLv3_method();
+ }
+
+const SSL_METHOD *TLSv1_2_client_method(void)
+ {
+ return TLSv1_2_method();
+ }
+
+const SSL_METHOD *TLSv1_1_client_method(void)
+ {
+ return TLSv1_1_method();
+ }
+
+const SSL_METHOD *TLSv1_client_method(void)
+ {
+ return TLSv1_method();
+ }
+
+const SSL_METHOD *SSLv3_client_method(void)
+ {
+ return SSLv3_method();
+ }
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 5a713a2..5ba5b42 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -172,26 +172,6 @@
#include "../crypto/internal.h"
#include "../crypto/dh/internal.h"
-IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method,
- ssl3_accept,
- ssl_undefined_function,
- TLSv1_2_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method,
- ssl3_accept,
- ssl_undefined_function,
- TLSv1_1_enc_data)
-
-IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method,
- ssl3_accept,
- ssl_undefined_function,
- TLSv1_enc_data)
-
-IMPLEMENT_tls_meth_func(SSL3_VERSION, SSLv3_server_method,
- ssl3_accept,
- ssl_undefined_function,
- SSLv3_enc_data)
-
int ssl3_accept(SSL *s)
{
BUF_MEM *buf;
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 76b6958..8f6ee8d 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -231,21 +231,7 @@
SSL_CTX *ssl_ctx = NULL;
DH *dh = NULL;
- const SSL_METHOD *method;
- if (config->is_dtls) {
- if (config->is_server) {
- method = DTLS_server_method();
- } else {
- method = DTLS_client_method();
- }
- } else {
- if (config->is_server) {
- method = SSLv23_server_method();
- } else {
- method = SSLv23_client_method();
- }
- }
- ssl_ctx = SSL_CTX_new(method);
+ ssl_ctx = SSL_CTX_new(config->is_dtls ? DTLS_method() : SSLv23_method());
if (ssl_ctx == NULL) {
goto err;
}