[thirdparty/openssl.git] / ssl / t1_ext.c

/*
 * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* Custom extension utility functions */

#include <openssl/ct.h>
#include "ssl_locl.h"

/* Find a custom extension from the list. */
static custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
                                          unsigned int ext_type)
{
    size_t i;
    custom_ext_method *meth = exts->meths;
    for (i = 0; i < exts->meths_count; i++, meth++) {
        if (ext_type == meth->ext_type)
            return meth;
    }
    return NULL;
}

/*
 * Initialise custom extensions flags to indicate neither sent nor received.
 */
void custom_ext_init(custom_ext_methods *exts)
{
    size_t i;
    custom_ext_method *meth = exts->meths;
    for (i = 0; i < exts->meths_count; i++, meth++)
        meth->ext_flags = 0;
}

/* Pass received custom extension data to the application for parsing. */
int custom_ext_parse(SSL *s, int server,
                     unsigned int ext_type,
                     const unsigned char *ext_data, size_t ext_size, int *al)
{
    custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
    custom_ext_method *meth;
    meth = custom_ext_find(exts, ext_type);
    /* If not found return success */
    if (!meth)
        return 1;
    if (!server) {
        /*
         * If it's ServerHello we can't have any extensions not sent in
         * ClientHello.
         */
        if (!(meth->ext_flags & SSL_EXT_FLAG_SENT)) {
            *al = TLS1_AD_UNSUPPORTED_EXTENSION;
            return 0;
        }
    }
    /* If already present it's a duplicate */
    if (meth->ext_flags & SSL_EXT_FLAG_RECEIVED) {
        *al = TLS1_AD_DECODE_ERROR;
        return 0;
    }
    meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
    /* If no parse function set return success */
    if (!meth->parse_cb)
        return 1;

    return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg);
}

/*
 * Request custom extension data from the application and add to the return
 * buffer. This is the old style function signature prior to WPACKET. This is
 * here temporarily until the conversion to WPACKET is completed, i.e. it is
 * used by code that hasn't been converted yet.
 * TODO - REMOVE THIS FUNCTION
 */
int custom_ext_add_old(SSL *s, int server,
                       unsigned char **pret, unsigned char *limit, int *al)
{
    custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
    custom_ext_method *meth;
    unsigned char *ret = *pret;
    size_t i;

    for (i = 0; i < exts->meths_count; i++) {
        const unsigned char *out = NULL;
        size_t outlen = 0;
        meth = exts->meths + i;

        if (server) {
            /*
             * For ServerHello only send extensions present in ClientHello.
             */
            if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
                continue;
            /* If callback absent for server skip it */
            if (!meth->add_cb)
                continue;
        }
        if (meth->add_cb) {
            int cb_retval = 0;
            cb_retval = meth->add_cb(s, meth->ext_type,
                                     &out, &outlen, al, meth->add_arg);
            if (cb_retval < 0)
                return 0;       /* error */
            if (cb_retval == 0)
                continue;       /* skip this extension */
        }
        if (4 > limit - ret || outlen > (size_t)(limit - ret - 4))
            return 0;
        s2n(meth->ext_type, ret);
        s2n(outlen, ret);
        if (outlen) {
            memcpy(ret, out, outlen);
            ret += outlen;
        }
        /*
         * We can't send duplicates: code logic should prevent this.
         */
        OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT));
        /*
         * Indicate extension has been sent: this is both a sanity check to
         * ensure we don't send duplicate extensions and indicates that it is
         * not an error if the extension is present in ServerHello.
         */
        meth->ext_flags |= SSL_EXT_FLAG_SENT;
        if (meth->free_cb)
            meth->free_cb(s, meth->ext_type, out, meth->add_arg);
    }
    *pret = ret;
    return 1;
}


/*
 * Request custom extension data from the application and add to the return
 * buffer.
 */
int custom_ext_add(SSL *s, int server, WPACKET *pkt, int *al)
{
    custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
    custom_ext_method *meth;
    size_t i;

    for (i = 0; i < exts->meths_count; i++) {
        const unsigned char *out = NULL;
        size_t outlen = 0;

        meth = exts->meths + i;

        if (server) {
            /*
             * For ServerHello only send extensions present in ClientHello.
             */
            if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
                continue;
            /* If callback absent for server skip it */
            if (!meth->add_cb)
                continue;
        }
        if (meth->add_cb) {
            int cb_retval = 0;
            cb_retval = meth->add_cb(s, meth->ext_type,
                                     &out, &outlen, al, meth->add_arg);
            if (cb_retval < 0)
                return 0;       /* error */
            if (cb_retval == 0)
                continue;       /* skip this extension */
        }

        if (!WPACKET_put_bytes(pkt, meth->ext_type, 2)
                || !WPACKET_start_sub_packet_u16(pkt)
                || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
                || !WPACKET_close(pkt)) {
            *al = SSL_AD_INTERNAL_ERROR;
            return 0;
        }
        /*
         * We can't send duplicates: code logic should prevent this.
         */
        OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT));
        /*
         * Indicate extension has been sent: this is both a sanity check to
         * ensure we don't send duplicate extensions and indicates that it is
         * not an error if the extension is present in ServerHello.
         */
        meth->ext_flags |= SSL_EXT_FLAG_SENT;
        if (meth->free_cb)
            meth->free_cb(s, meth->ext_type, out, meth->add_arg);
    }
    return 1;
}

/* Copy table of custom extensions */
int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
{
    if (src->meths_count) {
        dst->meths =
            OPENSSL_memdup(src->meths,
                           sizeof(custom_ext_method) * src->meths_count);
        if (dst->meths == NULL)
            return 0;
        dst->meths_count = src->meths_count;
    }
    return 1;
}

void custom_exts_free(custom_ext_methods *exts)
{
    OPENSSL_free(exts->meths);
}

/* Set callbacks for a custom extension. */
static int custom_ext_meth_add(custom_ext_methods *exts,
                               unsigned int ext_type,
                               custom_ext_add_cb add_cb,
                               custom_ext_free_cb free_cb,
                               void *add_arg,
                               custom_ext_parse_cb parse_cb, void *parse_arg)
{
    custom_ext_method *meth, *tmp;
    /*
     * Check application error: if add_cb is not set free_cb will never be
     * called.
     */
    if (!add_cb && free_cb)
        return 0;
    /*
     * Don't add if extension supported internally, but make exception
     * for extension types that previously were not supported, but now are.
     */
    if (SSL_extension_supported(ext_type) &&
        ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
        return 0;
    /* Extension type must fit in 16 bits */
    if (ext_type > 0xffff)
        return 0;
    /* Search for duplicate */
    if (custom_ext_find(exts, ext_type))
        return 0;
    tmp = OPENSSL_realloc(exts->meths,
                          (exts->meths_count + 1) * sizeof(custom_ext_method));

    if (tmp == NULL) {
        OPENSSL_free(exts->meths);
        exts->meths = NULL;
        exts->meths_count = 0;
        return 0;
    }

    exts->meths = tmp;
    meth = exts->meths + exts->meths_count;
    memset(meth, 0, sizeof(*meth));
    meth->parse_cb = parse_cb;
    meth->add_cb = add_cb;
    meth->free_cb = free_cb;
    meth->ext_type = ext_type;
    meth->add_arg = add_arg;
    meth->parse_arg = parse_arg;
    exts->meths_count++;
    return 1;
}

/* Return true if a client custom extension exists, false otherwise */
int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
{
    return custom_ext_find(&ctx->cert->cli_ext, ext_type) != NULL;
}

/* Application level functions to add custom extension callbacks */
int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                  custom_ext_add_cb add_cb,
                                  custom_ext_free_cb free_cb,
                                  void *add_arg,
                                  custom_ext_parse_cb parse_cb, void *parse_arg)
{
#ifndef OPENSSL_NO_CT
    /*
     * We don't want applications registering callbacks for SCT extensions
     * whilst simultaneously using the built-in SCT validation features, as
     * these two things may not play well together.
     */
    if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp &&
        SSL_CTX_ct_is_enabled(ctx))
        return 0;
#endif
    return custom_ext_meth_add(&ctx->cert->cli_ext, ext_type, add_cb,
                               free_cb, add_arg, parse_cb, parse_arg);
}

int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                  custom_ext_add_cb add_cb,
                                  custom_ext_free_cb free_cb,
                                  void *add_arg,
                                  custom_ext_parse_cb parse_cb, void *parse_arg)
{
    return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type,
                               add_cb, free_cb, add_arg, parse_cb, parse_arg);
}

int SSL_extension_supported(unsigned int ext_type)
{
    switch (ext_type) {
        /* Internally supported extensions. */
    case TLSEXT_TYPE_application_layer_protocol_negotiation:
    case TLSEXT_TYPE_ec_point_formats:
    case TLSEXT_TYPE_elliptic_curves:
    case TLSEXT_TYPE_heartbeat:
#ifndef OPENSSL_NO_NEXTPROTONEG
    case TLSEXT_TYPE_next_proto_neg:
#endif
    case TLSEXT_TYPE_padding:
    case TLSEXT_TYPE_renegotiate:
    case TLSEXT_TYPE_server_name:
    case TLSEXT_TYPE_session_ticket:
    case TLSEXT_TYPE_signature_algorithms:
    case TLSEXT_TYPE_srp:
    case TLSEXT_TYPE_status_request:
    case TLSEXT_TYPE_signed_certificate_timestamp:
    case TLSEXT_TYPE_use_srtp:
#ifdef TLSEXT_TYPE_encrypt_then_mac
    case TLSEXT_TYPE_encrypt_then_mac:
#endif
        return 1;
    default:
        return 0;
    }
}
Commit	Line	Data
846e33c7 RS	1	/*
846e33c7 RS	2	* Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
ecf4d660	3	*
846e33c7 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
ecf4d660 DSH	8	*/
	9
	10	/* Custom extension utility functions */
	11
3c27208f	12	#include <openssl/ct.h>
ecf4d660 DSH	13	#include "ssl_locl.h"
ecf4d660 DSH	14
0cfefe4b	15	/* Find a custom extension from the list. */
ed29e82a	16	static custom_ext_method custom_ext_find(const custom_ext_methods exts,
0f113f3e MC	17	unsigned int ext_type)
	18	{
	19	size_t i;
	20	custom_ext_method *meth = exts->meths;
	21	for (i = 0; i < exts->meths_count; i++, meth++) {
	22	if (ext_type == meth->ext_type)
	23	return meth;
	24	}
	25	return NULL;
	26	}
	27
	28	/*
	29	* Initialise custom extensions flags to indicate neither sent nor received.
28ea0a0c DSH	30	*/
28ea0a0c DSH	31	void custom_ext_init(custom_ext_methods *exts)
0f113f3e MC	32	{
	33	size_t i;
	34	custom_ext_method *meth = exts->meths;
	35	for (i = 0; i < exts->meths_count; i++, meth++)
	36	meth->ext_flags = 0;
	37	}
ecf4d660	38
0cfefe4b	39	/* Pass received custom extension data to the application for parsing. */
ecf4d660	40	int custom_ext_parse(SSL *s, int server,
0f113f3e MC	41	unsigned int ext_type,
	42	const unsigned char ext_data, size_t ext_size, int al)
	43	{
	44	custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
	45	custom_ext_method *meth;
	46	meth = custom_ext_find(exts, ext_type);
	47	/* If not found return success */
	48	if (!meth)
	49	return 1;
	50	if (!server) {
	51	/*
	52	* If it's ServerHello we can't have any extensions not sent in
	53	* ClientHello.
	54	*/
	55	if (!(meth->ext_flags & SSL_EXT_FLAG_SENT)) {
	56	*al = TLS1_AD_UNSUPPORTED_EXTENSION;
	57	return 0;
	58	}
	59	}
	60	/* If already present it's a duplicate */
	61	if (meth->ext_flags & SSL_EXT_FLAG_RECEIVED) {
	62	*al = TLS1_AD_DECODE_ERROR;
	63	return 0;
	64	}
	65	meth->ext_flags \|= SSL_EXT_FLAG_RECEIVED;
	66	/* If no parse function set return success */
	67	if (!meth->parse_cb)
	68	return 1;
ecf4d660	69
a230b26e	70	return meth->parse_cb(s, ext_type, ext_data, ext_size, al, meth->parse_arg);
0f113f3e	71	}
ecf4d660	72
0f113f3e MC	73	/*
0f113f3e MC	74	* Request custom extension data from the application and add to the return
ae2f7b37 MC	75	* buffer. This is the old style function signature prior to WPACKET. This is
ae2f7b37 MC	76	* here temporarily until the conversion to WPACKET is completed, i.e. it is
2c7b4dbc MC	77	* used by code that hasn't been converted yet.
2c7b4dbc MC	78	* TODO - REMOVE THIS FUNCTION
ecf4d660	79	*/
2c7b4dbc MC	80	int custom_ext_add_old(SSL *s, int server,
2c7b4dbc MC	81	unsigned char *pret, unsigned char limit, int *al)
0f113f3e MC	82	{
	83	custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
	84	custom_ext_method *meth;
	85	unsigned char ret = pret;
	86	size_t i;
ecf4d660	87
0f113f3e MC	88	for (i = 0; i < exts->meths_count; i++) {
	89	const unsigned char *out = NULL;
	90	size_t outlen = 0;
	91	meth = exts->meths + i;
ecf4d660	92
0f113f3e MC	93	if (server) {
	94	/*
	95	* For ServerHello only send extensions present in ClientHello.
	96	*/
	97	if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
	98	continue;
	99	/* If callback absent for server skip it */
	100	if (!meth->add_cb)
	101	continue;
	102	}
	103	if (meth->add_cb) {
	104	int cb_retval = 0;
	105	cb_retval = meth->add_cb(s, meth->ext_type,
	106	&out, &outlen, al, meth->add_arg);
	107	if (cb_retval < 0)
	108	return 0; /* error */
	109	if (cb_retval == 0)
	110	continue; /* skip this extension */
	111	}
	112	if (4 > limit - ret \|\| outlen > (size_t)(limit - ret - 4))
	113	return 0;
	114	s2n(meth->ext_type, ret);
	115	s2n(outlen, ret);
	116	if (outlen) {
	117	memcpy(ret, out, outlen);
	118	ret += outlen;
	119	}
	120	/*
	121	* We can't send duplicates: code logic should prevent this.
	122	*/
	123	OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT));
	124	/*
	125	* Indicate extension has been sent: this is both a sanity check to
	126	* ensure we don't send duplicate extensions and indicates that it is
	127	* not an error if the extension is present in ServerHello.
	128	*/
	129	meth->ext_flags \|= SSL_EXT_FLAG_SENT;
	130	if (meth->free_cb)
	131	meth->free_cb(s, meth->ext_type, out, meth->add_arg);
	132	}
	133	*pret = ret;
	134	return 1;
	135	}
ecf4d660	136
2c7b4dbc MC	137
	138	/*
	139	* Request custom extension data from the application and add to the return
	140	* buffer.
	141	*/
ae2f7b37	142	int custom_ext_add(SSL s, int server, WPACKET pkt, int *al)
2c7b4dbc MC	143	{
	144	custom_ext_methods *exts = server ? &s->cert->srv_ext : &s->cert->cli_ext;
	145	custom_ext_method *meth;
	146	size_t i;
	147
	148	for (i = 0; i < exts->meths_count; i++) {
	149	const unsigned char *out = NULL;
	150	size_t outlen = 0;
2c7b4dbc MC	151
	152	meth = exts->meths + i;
	153
	154	if (server) {
	155	/*
	156	* For ServerHello only send extensions present in ClientHello.
	157	*/
	158	if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
	159	continue;
	160	/* If callback absent for server skip it */
	161	if (!meth->add_cb)
	162	continue;
	163	}
	164	if (meth->add_cb) {
	165	int cb_retval = 0;
	166	cb_retval = meth->add_cb(s, meth->ext_type,
	167	&out, &outlen, al, meth->add_arg);
	168	if (cb_retval < 0)
	169	return 0; /* error */
	170	if (cb_retval == 0)
	171	continue; /* skip this extension */
	172	}
	173
ae2f7b37	174	if (!WPACKET_put_bytes(pkt, meth->ext_type, 2)
de451856	175	\|\| !WPACKET_start_sub_packet_u16(pkt)
0217dd19 MC	176	\|\| (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
0217dd19 MC	177	\|\| !WPACKET_close(pkt)) {
2c7b4dbc MC	178	*al = SSL_AD_INTERNAL_ERROR;
	179	return 0;
	180	}
	181	/*
	182	* We can't send duplicates: code logic should prevent this.
	183	*/
	184	OPENSSL_assert(!(meth->ext_flags & SSL_EXT_FLAG_SENT));
	185	/*
	186	* Indicate extension has been sent: this is both a sanity check to
	187	* ensure we don't send duplicate extensions and indicates that it is
	188	* not an error if the extension is present in ServerHello.
	189	*/
	190	meth->ext_flags \|= SSL_EXT_FLAG_SENT;
	191	if (meth->free_cb)
	192	meth->free_cb(s, meth->ext_type, out, meth->add_arg);
	193	}
	194	return 1;
	195	}
	196
ecf4d660	197	/* Copy table of custom extensions */
ecf4d660	198	int custom_exts_copy(custom_ext_methods dst, const custom_ext_methods src)
0f113f3e MC	199	{
	200	if (src->meths_count) {
	201	dst->meths =
7644a9ae	202	OPENSSL_memdup(src->meths,
a230b26e	203	sizeof(custom_ext_method) * src->meths_count);
0f113f3e MC	204	if (dst->meths == NULL)
	205	return 0;
	206	dst->meths_count = src->meths_count;
	207	}
	208	return 1;
	209	}
ecf4d660 DSH	210
ecf4d660 DSH	211	void custom_exts_free(custom_ext_methods *exts)
0f113f3e	212	{
b548a1f1	213	OPENSSL_free(exts->meths);
0f113f3e	214	}
ecf4d660	215
0cfefe4b	216	/* Set callbacks for a custom extension. */
8cafe9e8	217	static int custom_ext_meth_add(custom_ext_methods *exts,
0f113f3e MC	218	unsigned int ext_type,
	219	custom_ext_add_cb add_cb,
	220	custom_ext_free_cb free_cb,
	221	void *add_arg,
	222	custom_ext_parse_cb parse_cb, void *parse_arg)
	223	{
7c0ef843	224	custom_ext_method meth, tmp;
0f113f3e MC	225	/*
	226	* Check application error: if add_cb is not set free_cb will never be
	227	* called.
	228	*/
	229	if (!add_cb && free_cb)
	230	return 0;
ed29e82a RP	231	/*
	232	* Don't add if extension supported internally, but make exception
	233	* for extension types that previously were not supported, but now are.
	234	*/
	235	if (SSL_extension_supported(ext_type) &&
	236	ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
0f113f3e MC	237	return 0;
	238	/* Extension type must fit in 16 bits */
	239	if (ext_type > 0xffff)
	240	return 0;
	241	/* Search for duplicate */
	242	if (custom_ext_find(exts, ext_type))
	243	return 0;
7c0ef843 DSH	244	tmp = OPENSSL_realloc(exts->meths,
7c0ef843 DSH	245	(exts->meths_count + 1) * sizeof(custom_ext_method));
ecf4d660	246
7c0ef843 DSH	247	if (tmp == NULL) {
	248	OPENSSL_free(exts->meths);
	249	exts->meths = NULL;
0f113f3e MC	250	exts->meths_count = 0;
	251	return 0;
	252	}
ecf4d660	253
7c0ef843	254	exts->meths = tmp;
0f113f3e	255	meth = exts->meths + exts->meths_count;
16f8d4eb	256	memset(meth, 0, sizeof(*meth));
0f113f3e MC	257	meth->parse_cb = parse_cb;
	258	meth->add_cb = add_cb;
	259	meth->free_cb = free_cb;
	260	meth->ext_type = ext_type;
	261	meth->add_arg = add_arg;
	262	meth->parse_arg = parse_arg;
	263	exts->meths_count++;
	264	return 1;
	265	}
ecf4d660	266
ed29e82a RP	267	/* Return true if a client custom extension exists, false otherwise */
	268	int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
	269	{
	270	return custom_ext_find(&ctx->cert->cli_ext, ext_type) != NULL;
	271	}
	272
ecf4d660	273	/* Application level functions to add custom extension callbacks */
8cafe9e8	274	int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
0f113f3e MC	275	custom_ext_add_cb add_cb,
0f113f3e MC	276	custom_ext_free_cb free_cb,
0cfefe4b	277	void *add_arg,
a230b26e	278	custom_ext_parse_cb parse_cb, void *parse_arg)
0f113f3e	279	{
ed29e82a RP	280	#ifndef OPENSSL_NO_CT
	281	/*
	282	* We don't want applications registering callbacks for SCT extensions
	283	* whilst simultaneously using the built-in SCT validation features, as
	284	* these two things may not play well together.
	285	*/
	286	if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp &&
43341433 VD	287	SSL_CTX_ct_is_enabled(ctx))
43341433 VD	288	return 0;
ed29e82a	289	#endif
43341433 VD	290	return custom_ext_meth_add(&ctx->cert->cli_ext, ext_type, add_cb,
43341433 VD	291	free_cb, add_arg, parse_cb, parse_arg);
0f113f3e	292	}
ecf4d660	293
8cafe9e8	294	int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
0f113f3e MC	295	custom_ext_add_cb add_cb,
0f113f3e MC	296	custom_ext_free_cb free_cb,
0cfefe4b	297	void *add_arg,
a230b26e	298	custom_ext_parse_cb parse_cb, void *parse_arg)
0f113f3e MC	299	{
	300	return custom_ext_meth_add(&ctx->cert->srv_ext, ext_type,
	301	add_cb, free_cb, add_arg, parse_cb, parse_arg);
	302	}
c846a5f5 DSH	303
c846a5f5 DSH	304	int SSL_extension_supported(unsigned int ext_type)
0f113f3e MC	305	{
	306	switch (ext_type) {
	307	/* Internally supported extensions. */
	308	case TLSEXT_TYPE_application_layer_protocol_negotiation:
	309	case TLSEXT_TYPE_ec_point_formats:
	310	case TLSEXT_TYPE_elliptic_curves:
	311	case TLSEXT_TYPE_heartbeat:
1595ca02	312	#ifndef OPENSSL_NO_NEXTPROTONEG
0f113f3e	313	case TLSEXT_TYPE_next_proto_neg:
1595ca02	314	#endif
0f113f3e MC	315	case TLSEXT_TYPE_padding:
	316	case TLSEXT_TYPE_renegotiate:
	317	case TLSEXT_TYPE_server_name:
	318	case TLSEXT_TYPE_session_ticket:
	319	case TLSEXT_TYPE_signature_algorithms:
	320	case TLSEXT_TYPE_srp:
	321	case TLSEXT_TYPE_status_request:
ed29e82a	322	case TLSEXT_TYPE_signed_certificate_timestamp:
0f113f3e	323	case TLSEXT_TYPE_use_srtp:
e481f9b9	324	#ifdef TLSEXT_TYPE_encrypt_then_mac
0f113f3e	325	case TLSEXT_TYPE_encrypt_then_mac:
e481f9b9	326	#endif
0f113f3e MC	327	return 1;
	328	default:
	329	return 0;
	330	}
	331	}