]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
fecb3aae | 2 | * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. |
61ae935a | 3 | * |
2c18d164 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
61ae935a MC |
8 | */ |
9 | ||
10 | /***************************************************************************** | |
11 | * * | |
12 | * The following definitions are PRIVATE to the state machine. They should * | |
13 | * NOT be used outside of the state machine. * | |
14 | * * | |
15 | *****************************************************************************/ | |
16 | ||
17 | /* Max message length definitions */ | |
18 | ||
19 | /* The spec allows for a longer length than this, but we limit it */ | |
20 | #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 | |
ef6c191b | 21 | #define END_OF_EARLY_DATA_MAX_LENGTH 0 |
3847d426 | 22 | #define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 |
e46f2334 | 23 | #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 |
e54f0c9b MC |
24 | #define SESSION_TICKET_MAX_LENGTH_TLS13 131338 |
25 | #define SESSION_TICKET_MAX_LENGTH_TLS12 65541 | |
61ae935a MC |
26 | #define SERVER_KEY_EXCH_MAX_LENGTH 102400 |
27 | #define SERVER_HELLO_DONE_MAX_LENGTH 0 | |
e1c3de44 | 28 | #define KEY_UPDATE_MAX_LENGTH 1 |
61ae935a | 29 | #define CCS_MAX_LENGTH 1 |
3aff5b4b MB |
30 | |
31 | /* Max ServerHello size permitted by RFC 8446 */ | |
32 | #define SERVER_HELLO_MAX_LENGTH 65607 | |
33 | ||
61ae935a MC |
34 | /* Max should actually be 36 but we are generous */ |
35 | #define FINISHED_MAX_LENGTH 64 | |
36 | ||
f7e393be MC |
37 | /* Dummy message type */ |
38 | #define SSL3_MT_DUMMY -1 | |
39 | ||
597c51bc MC |
40 | extern const unsigned char hrrrandom[]; |
41 | ||
61ae935a | 42 | /* Message processing return codes */ |
be3583fa | 43 | typedef enum { |
61ae935a MC |
44 | /* Something bad happened */ |
45 | MSG_PROCESS_ERROR, | |
46 | /* We've finished reading - swap to writing */ | |
47 | MSG_PROCESS_FINISHED_READING, | |
48 | /* | |
49 | * We've completed the main processing of this message but there is some | |
50 | * post processing to be done. | |
51 | */ | |
52 | MSG_PROCESS_CONTINUE_PROCESSING, | |
53 | /* We've finished this message - read the next message */ | |
54 | MSG_PROCESS_CONTINUE_READING | |
be3583fa | 55 | } MSG_PROCESS_RETURN; |
61ae935a | 56 | |
38b051a1 | 57 | typedef int (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt); |
a15c953f | 58 | |
38b051a1 TM |
59 | int ssl3_take_mac(SSL_CONNECTION *s); |
60 | int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, | |
aff9929b | 61 | size_t num_groups, int checkallow); |
38b051a1 TM |
62 | int create_synthetic_message_hash(SSL_CONNECTION *s, |
63 | const unsigned char *hashval, | |
43054d3d MC |
64 | size_t hashlen, const unsigned char *hrr, |
65 | size_t hrrlen); | |
38b051a1 TM |
66 | int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt); |
67 | const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s); | |
68 | int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, | |
69 | WPACKET *pkt); | |
70 | size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, | |
72ceb6a6 | 71 | const void *param, size_t paramlen); |
5d6cca05 | 72 | |
61ae935a MC |
73 | /* |
74 | * TLS/DTLS client state machine functions | |
75 | */ | |
38b051a1 TM |
76 | int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt); |
77 | WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s); | |
78 | WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst); | |
79 | WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst); | |
80 | int ossl_statem_client_construct_message(SSL_CONNECTION *s, | |
a15c953f | 81 | confunc_f *confunc, int *mt); |
38b051a1 TM |
82 | size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s); |
83 | MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s, | |
84 | PACKET *pkt); | |
85 | WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s, | |
86 | WORK_STATE wst); | |
61ae935a MC |
87 | |
88 | /* | |
89 | * TLS/DTLS server state machine functions | |
90 | */ | |
38b051a1 TM |
91 | int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt); |
92 | WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s); | |
93 | WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst); | |
94 | WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst); | |
95 | int ossl_statem_server_construct_message(SSL_CONNECTION *s, | |
a15c953f | 96 | confunc_f *confunc,int *mt); |
38b051a1 TM |
97 | size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s); |
98 | MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, | |
99 | PACKET *pkt); | |
100 | WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s, | |
101 | WORK_STATE wst); | |
61ae935a MC |
102 | |
103 | /* Functions for getting new message data */ | |
38b051a1 TM |
104 | __owur int tls_get_message_header(SSL_CONNECTION *s, int *mt); |
105 | __owur int tls_get_message_body(SSL_CONNECTION *s, size_t *len); | |
106 | __owur int dtls_get_message(SSL_CONNECTION *s, int *mt); | |
107 | __owur int dtls_get_message_body(SSL_CONNECTION *s, size_t *len); | |
61ae935a MC |
108 | |
109 | /* Message construction and processing functions */ | |
38b051a1 TM |
110 | __owur int tls_process_initial_server_flight(SSL_CONNECTION *s); |
111 | __owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, | |
112 | PACKET *pkt); | |
113 | __owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt); | |
114 | __owur int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt); | |
115 | __owur int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt); | |
61ae935a | 116 | |
38b051a1 TM |
117 | __owur int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt); |
118 | __owur int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt); | |
119 | __owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, | |
120 | PACKET *pkt); | |
121 | __owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst, | |
122 | int clearbufs, int stop); | |
123 | __owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s); | |
61ae935a MC |
124 | |
125 | /* some client-only functions */ | |
38b051a1 TM |
126 | __owur int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt); |
127 | __owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, | |
128 | PACKET *pkt); | |
129 | __owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, | |
130 | PACKET *pkt); | |
131 | __owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, | |
132 | PACKET *pkt); | |
133 | __owur int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt); | |
134 | __owur MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s, | |
135 | PACKET *pkt); | |
136 | __owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s, | |
137 | PACKET *pkt); | |
138 | __owur int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt); | |
139 | __owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, | |
140 | WORK_STATE wst); | |
141 | __owur int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt); | |
142 | __owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, | |
143 | EVP_PKEY **ppkey); | |
144 | __owur int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt); | |
145 | __owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s); | |
146 | __owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt); | |
147 | __owur int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt); | |
148 | __owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, | |
149 | PACKET *pkt); | |
150 | __owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, | |
151 | PACKET *pkt); | |
152 | __owur WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, | |
153 | WORK_STATE wst); | |
154 | __owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s); | |
a230b26e | 155 | #ifndef OPENSSL_NO_NEXTPROTONEG |
38b051a1 | 156 | __owur int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt); |
a230b26e | 157 | #endif |
38b051a1 TM |
158 | __owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt); |
159 | __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt); | |
160 | __owur int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt); | |
61ae935a MC |
161 | |
162 | /* some server-only functions */ | |
38b051a1 TM |
163 | __owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, |
164 | PACKET *pkt); | |
165 | __owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, | |
166 | WORK_STATE wst); | |
167 | __owur int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt); | |
168 | __owur int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt); | |
169 | __owur int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt); | |
170 | __owur int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt); | |
171 | __owur int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt); | |
172 | __owur int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt); | |
173 | __owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, | |
174 | PACKET *pkt); | |
175 | __owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, | |
176 | PACKET *pkt); | |
177 | __owur WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, | |
178 | WORK_STATE wst); | |
179 | __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, | |
180 | PACKET *pkt); | |
a230b26e | 181 | #ifndef OPENSSL_NO_NEXTPROTONEG |
38b051a1 TM |
182 | __owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s, |
183 | PACKET *pkt); | |
a230b26e | 184 | #endif |
38b051a1 TM |
185 | __owur int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt); |
186 | MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, | |
187 | PACKET *pkt); | |
6b473aca | 188 | |
5a5530a2 DB |
189 | #ifndef OPENSSL_NO_GOST |
190 | /* These functions are used in GOST18 CKE, both for client and server */ | |
38b051a1 TM |
191 | int ossl_gost18_cke_cipher_nid(const SSL_CONNECTION *s); |
192 | int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf); | |
5a5530a2 | 193 | #endif |
70af3d8e MC |
194 | |
195 | /* Extension processing */ | |
196 | ||
355a0d10 | 197 | typedef enum ext_return_en { |
b186a592 MC |
198 | EXT_RETURN_FAIL, |
199 | EXT_RETURN_SENT, | |
200 | EXT_RETURN_NOT_SENT | |
201 | } EXT_RETURN; | |
202 | ||
38b051a1 | 203 | __owur int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, |
88050dd1 | 204 | RAW_EXTENSION *exts); |
38b051a1 | 205 | __owur int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, |
43ae5eed | 206 | unsigned int thisctx); |
38b051a1 TM |
207 | __owur int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, |
208 | unsigned int context, | |
f63a17d6 | 209 | RAW_EXTENSION **res, size_t *len, int init); |
38b051a1 | 210 | __owur int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, |
f63a17d6 | 211 | RAW_EXTENSION *exts, X509 *x, size_t chainidx); |
38b051a1 TM |
212 | __owur int tls_parse_all_extensions(SSL_CONNECTION *s, int context, |
213 | RAW_EXTENSION *exts, | |
f63a17d6 | 214 | X509 *x, size_t chainidx, int fin); |
38b051a1 | 215 | __owur int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, |
43ae5eed | 216 | unsigned int thisctx, int max_version); |
38b051a1 TM |
217 | __owur int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, |
218 | unsigned int context, | |
f63a17d6 | 219 | X509 *x, size_t chainidx); |
25670f3e | 220 | |
38b051a1 | 221 | __owur int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, |
1053a6e2 MC |
222 | const unsigned char *msgstart, |
223 | size_t binderoffset, const unsigned char *binderin, | |
224 | unsigned char *binderout, | |
3a7c56b2 | 225 | SSL_SESSION *sess, int sign, int external); |
1053a6e2 | 226 | |
25670f3e | 227 | /* Server Extension processing */ |
38b051a1 TM |
228 | int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, |
229 | unsigned int context, | |
f63a17d6 | 230 | X509 *x, size_t chainidx); |
38b051a1 TM |
231 | int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, |
232 | unsigned int context, | |
f63a17d6 | 233 | X509 *x, size_t chainidx); |
38b051a1 TM |
234 | int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, |
235 | unsigned int context, | |
f63a17d6 | 236 | X509 *x, size_t chainidx); |
25670f3e | 237 | #ifndef OPENSSL_NO_SRP |
38b051a1 TM |
238 | int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
239 | X509 *x, size_t chainidx); | |
25670f3e | 240 | #endif |
38b051a1 TM |
241 | int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, |
242 | unsigned int context, | |
f63a17d6 | 243 | X509 *x, size_t chainidx); |
38b051a1 TM |
244 | int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, |
245 | unsigned int context, | |
f63a17d6 | 246 | X509 *x, size_t chainidx); |
38b051a1 TM |
247 | int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, |
248 | unsigned int context, | |
f63a17d6 | 249 | X509 *x, size_t chainidxl); |
38b051a1 TM |
250 | int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, |
251 | unsigned int context, | |
f63a17d6 | 252 | X509 *x, size_t chainidx); |
38b051a1 TM |
253 | int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, |
254 | unsigned int context, | |
c589c34e | 255 | X509 *x, size_t chainidx); |
38b051a1 TM |
256 | int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, |
257 | unsigned int context, X509 *x, size_t chainidx); | |
ab83e314 | 258 | #ifndef OPENSSL_NO_OCSP |
38b051a1 TM |
259 | int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, |
260 | unsigned int context, | |
f63a17d6 | 261 | X509 *x, size_t chainidx); |
ab83e314 | 262 | #endif |
25670f3e | 263 | #ifndef OPENSSL_NO_NEXTPROTONEG |
38b051a1 TM |
264 | int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
265 | X509 *x, size_t chainidx); | |
25670f3e | 266 | #endif |
38b051a1 TM |
267 | int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
268 | X509 *x, size_t chainidx); | |
25670f3e | 269 | #ifndef OPENSSL_NO_SRTP |
38b051a1 TM |
270 | int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, |
271 | unsigned int context, X509 *x, size_t chainidx); | |
25670f3e | 272 | #endif |
38b051a1 TM |
273 | int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
274 | X509 *x, size_t chainidx); | |
275 | int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, | |
276 | unsigned int context, X509 *x, size_t chainidx); | |
277 | int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
278 | X509 *x, size_t chainidx); | |
279 | int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
280 | X509 *x, size_t chainidx); | |
281 | int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, | |
282 | unsigned int context, | |
f63a17d6 | 283 | X509 *x, size_t chainidx); |
38b051a1 TM |
284 | int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
285 | X509 *x, size_t chainidx); | |
286 | int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *, PACKET *pkt, | |
287 | unsigned int context, | |
9d75dce3 | 288 | X509 *x, size_t chainidx); |
7da160b0 | 289 | |
38b051a1 | 290 | EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 291 | unsigned int context, X509 *x, |
f63a17d6 | 292 | size_t chainidx); |
38b051a1 | 293 | EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 294 | unsigned int context, X509 *x, |
f63a17d6 | 295 | size_t chainidx); |
38b051a1 | 296 | EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 297 | unsigned int context, X509 *x, |
f63a17d6 | 298 | size_t chainidx); |
38b051a1 | 299 | EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, |
cf72c757 | 300 | unsigned int context, X509 *x, |
f63a17d6 | 301 | size_t chainidx); |
38b051a1 | 302 | EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 303 | unsigned int context, X509 *x, |
f63a17d6 | 304 | size_t chainidx); |
38b051a1 | 305 | EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 306 | unsigned int context, X509 *x, |
f63a17d6 | 307 | size_t chainidx); |
38b051a1 | 308 | EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 309 | unsigned int context, X509 *x, |
f63a17d6 | 310 | size_t chainidx); |
ab83e314 | 311 | #ifndef OPENSSL_NO_OCSP |
38b051a1 | 312 | EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 313 | unsigned int context, X509 *x, |
f63a17d6 | 314 | size_t chainidx); |
ab83e314 MC |
315 | #endif |
316 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
38b051a1 | 317 | EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 318 | unsigned int context, X509 *x, |
f63a17d6 | 319 | size_t chainidx); |
ab83e314 | 320 | #endif |
38b051a1 TM |
321 | EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, |
322 | unsigned int context, | |
f63a17d6 | 323 | X509 *x, size_t chainidx); |
ab83e314 | 324 | #ifndef OPENSSL_NO_SRTP |
38b051a1 TM |
325 | EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, |
326 | unsigned int context, | |
327 | X509 *x, size_t chainidx); | |
ab83e314 | 328 | #endif |
38b051a1 TM |
329 | EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, |
330 | unsigned int context, | |
f63a17d6 | 331 | X509 *x, size_t chainidx); |
38b051a1 TM |
332 | EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, |
333 | unsigned int context, | |
f63a17d6 | 334 | X509 *x, size_t chainidx); |
38b051a1 | 335 | EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, |
88050dd1 MC |
336 | unsigned int context, X509 *x, |
337 | size_t chainidx); | |
38b051a1 | 338 | EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 339 | unsigned int context, X509 *x, |
f63a17d6 | 340 | size_t chainidx); |
38b051a1 TM |
341 | EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, |
342 | unsigned int context, | |
43054d3d | 343 | X509 *x, size_t chainidx); |
7da160b0 MC |
344 | /* |
345 | * Not in public headers as this is not an official extension. Only used when | |
346 | * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. | |
347 | */ | |
348 | #define TLSEXT_TYPE_cryptopro_bug 0xfde8 | |
38b051a1 | 349 | EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 350 | unsigned int context, X509 *x, |
f63a17d6 | 351 | size_t chainidx); |
38b051a1 TM |
352 | EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, |
353 | unsigned int context, | |
f63a17d6 | 354 | X509 *x, size_t chainidx); |
6dd083fd MC |
355 | |
356 | /* Client Extension processing */ | |
38b051a1 TM |
357 | EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, |
358 | unsigned int context, | |
359 | X509 *x, size_t chainidx); | |
360 | EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt, | |
361 | unsigned int context, | |
362 | X509 *x, size_t chainidx); | |
363 | EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, | |
364 | unsigned int context, | |
f63a17d6 | 365 | X509 *x, size_t chainidx); |
ab83e314 | 366 | #ifndef OPENSSL_NO_SRP |
38b051a1 TM |
367 | EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt, |
368 | unsigned int context, X509 *x, | |
369 | size_t chainidx); | |
ab83e314 | 370 | #endif |
38b051a1 | 371 | EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 372 | unsigned int context, X509 *x, |
f63a17d6 | 373 | size_t chainidx); |
38b051a1 | 374 | EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 375 | unsigned int context, X509 *x, |
f63a17d6 | 376 | size_t chainidx); |
dbc6268f | 377 | |
38b051a1 | 378 | EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 379 | unsigned int context, X509 *x, |
f63a17d6 | 380 | size_t chainidx); |
38b051a1 | 381 | EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 382 | unsigned int context, X509 *x, |
f63a17d6 | 383 | size_t chainidx); |
38b051a1 | 384 | EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 385 | unsigned int context, X509 *x, |
f63a17d6 | 386 | size_t chainidx); |
ab83e314 | 387 | #ifndef OPENSSL_NO_OCSP |
38b051a1 | 388 | EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 389 | unsigned int context, X509 *x, |
f63a17d6 | 390 | size_t chainidx); |
ab83e314 MC |
391 | #endif |
392 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
38b051a1 TM |
393 | EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, |
394 | unsigned int context, | |
f63a17d6 | 395 | X509 *x, size_t chainidx); |
ab83e314 | 396 | #endif |
38b051a1 TM |
397 | EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, |
398 | unsigned int context, | |
f63a17d6 | 399 | X509 *x, size_t chainidx); |
ab83e314 | 400 | #ifndef OPENSSL_NO_SRTP |
38b051a1 TM |
401 | EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, |
402 | unsigned int context, | |
f63a17d6 | 403 | X509 *x, size_t chainidx); |
ab83e314 | 404 | #endif |
38b051a1 TM |
405 | EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt, |
406 | unsigned int context, | |
f63a17d6 | 407 | X509 *x, size_t chainidx); |
ab83e314 | 408 | #ifndef OPENSSL_NO_CT |
38b051a1 TM |
409 | EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, |
410 | unsigned int context, | |
f63a17d6 | 411 | X509 *x, size_t chainidx); |
ab83e314 | 412 | #endif |
38b051a1 TM |
413 | EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt, |
414 | unsigned int context, | |
f63a17d6 | 415 | X509 *x, size_t chainidx); |
38b051a1 | 416 | EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 417 | unsigned int context, X509 *x, |
f63a17d6 | 418 | size_t chainidx); |
38b051a1 | 419 | EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 420 | unsigned int context, X509 *x, |
f63a17d6 | 421 | size_t chainidx); |
38b051a1 | 422 | EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 423 | unsigned int context, X509 *x, |
f63a17d6 | 424 | size_t chainidx); |
38b051a1 TM |
425 | EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, |
426 | unsigned int context, | |
f63a17d6 | 427 | X509 *x, size_t chainidx); |
38b051a1 | 428 | EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 429 | unsigned int context, X509 *x, |
f63a17d6 | 430 | size_t chainidx); |
38b051a1 TM |
431 | EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, |
432 | unsigned int context, | |
f63a17d6 | 433 | X509 *x, size_t chainidx); |
38b051a1 TM |
434 | EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt, |
435 | unsigned int context, | |
9d75dce3 TS |
436 | X509 *x, size_t chainidx); |
437 | ||
38b051a1 TM |
438 | int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, |
439 | unsigned int context, | |
f63a17d6 | 440 | X509 *x, size_t chainidx); |
38b051a1 TM |
441 | int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt, |
442 | unsigned int context, | |
f63a17d6 | 443 | X509 *x, size_t chainidx); |
38b051a1 TM |
444 | int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, |
445 | unsigned int context, | |
f63a17d6 | 446 | X509 *x, size_t chainidx); |
38b051a1 TM |
447 | int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, |
448 | unsigned int context, | |
f63a17d6 | 449 | X509 *x, size_t chainidx); |
38b051a1 TM |
450 | int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, |
451 | unsigned int context, | |
f63a17d6 | 452 | X509 *x, size_t chainidx); |
38b051a1 TM |
453 | int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, |
454 | unsigned int context, | |
f63a17d6 | 455 | X509 *x, size_t chainidx); |
ab83e314 | 456 | #ifndef OPENSSL_NO_OCSP |
38b051a1 TM |
457 | int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt, |
458 | unsigned int context, | |
f63a17d6 | 459 | X509 *x, size_t chainidx); |
ab83e314 | 460 | #endif |
6dd083fd | 461 | #ifndef OPENSSL_NO_CT |
38b051a1 TM |
462 | int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
463 | X509 *x, size_t chainidx); | |
6dd083fd MC |
464 | #endif |
465 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
38b051a1 TM |
466 | int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
467 | X509 *x, size_t chainidx); | |
6dd083fd | 468 | #endif |
38b051a1 TM |
469 | int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
470 | X509 *x, size_t chainidx); | |
6dd083fd | 471 | #ifndef OPENSSL_NO_SRTP |
38b051a1 TM |
472 | int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, |
473 | unsigned int context, X509 *x, size_t chainidx); | |
6dd083fd | 474 | #endif |
38b051a1 TM |
475 | int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
476 | X509 *x, size_t chainidx); | |
477 | int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
478 | X509 *x, size_t chainidx); | |
479 | int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, | |
480 | unsigned int context, | |
88050dd1 | 481 | X509 *x, size_t chainidx); |
38b051a1 TM |
482 | int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, |
483 | unsigned int context, X509 *x, size_t chainidx); | |
484 | int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
485 | X509 *x, size_t chainidx); | |
486 | int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
487 | X509 *x, size_t chainidx); | |
630369d9 | 488 | |
38b051a1 | 489 | int tls_handle_alpn(SSL_CONNECTION *s); |
9d75dce3 | 490 | |
38b051a1 TM |
491 | int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s); |
492 | int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s); |