projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 846e33c7 | 1 | /* |
| fecb3aae | 2 | * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. |
| 61ae935a | 3 | * |
| 2c18d164 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at | |
| 7 | * https://www.openssl.org/source/license.html | |
| 61ae935a MC |
8 | */ |
| 9 | ||
| 10 | /***************************************************************************** | |
| 11 | * * | |
| 12 | * The following definitions are PRIVATE to the state machine. They should * | |
| 13 | * NOT be used outside of the state machine. * | |
| 14 | * * | |
| 15 | *****************************************************************************/ | |
| 16 | ||
| 17 | /* Max message length definitions */ | |
| 18 | ||
| 19 | /* The spec allows for a longer length than this, but we limit it */ | |
| 20 | #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 | |
| ef6c191b | 21 | #define END_OF_EARLY_DATA_MAX_LENGTH 0 |
| 3847d426 | 22 | #define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 |
| e46f2334 | 23 | #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 |
| e54f0c9b MC |
24 | #define SESSION_TICKET_MAX_LENGTH_TLS13 131338 |
| 25 | #define SESSION_TICKET_MAX_LENGTH_TLS12 65541 | |
| 61ae935a MC |
26 | #define SERVER_KEY_EXCH_MAX_LENGTH 102400 |
| 27 | #define SERVER_HELLO_DONE_MAX_LENGTH 0 | |
| e1c3de44 | 28 | #define KEY_UPDATE_MAX_LENGTH 1 |
| 61ae935a | 29 | #define CCS_MAX_LENGTH 1 |
| 3aff5b4b MB |
30 | |
| 31 | /* Max ServerHello size permitted by RFC 8446 */ | |
| 32 | #define SERVER_HELLO_MAX_LENGTH 65607 | |
| 33 | ||
| 61ae935a MC |
34 | /* Max should actually be 36 but we are generous */ |
| 35 | #define FINISHED_MAX_LENGTH 64 | |
| 36 | ||
| f7e393be MC |
37 | /* Dummy message type */ |
| 38 | #define SSL3_MT_DUMMY -1 | |
| 39 | ||
| 597c51bc MC |
40 | extern const unsigned char hrrrandom[]; |
| 41 | ||
| 61ae935a | 42 | /* Message processing return codes */ |
| be3583fa | 43 | typedef enum { |
| 61ae935a MC |
44 | /* Something bad happened */ |
| 45 | MSG_PROCESS_ERROR, | |
| 46 | /* We've finished reading - swap to writing */ | |
| 47 | MSG_PROCESS_FINISHED_READING, | |
| 48 | /* | |
| 49 | * We've completed the main processing of this message but there is some | |
| 50 | * post processing to be done. | |
| 51 | */ | |
| 52 | MSG_PROCESS_CONTINUE_PROCESSING, | |
| 53 | /* We've finished this message - read the next message */ | |
| 54 | MSG_PROCESS_CONTINUE_READING | |
| be3583fa | 55 | } MSG_PROCESS_RETURN; |
| 61ae935a | 56 | |
| 38b051a1 | 57 | typedef int (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt); |
| a15c953f | 58 | |
| 38b051a1 TM |
59 | int ssl3_take_mac(SSL_CONNECTION *s); |
| 60 | int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, | |
| aff9929b | 61 | size_t num_groups, int checkallow); |
| 38b051a1 TM |
62 | int create_synthetic_message_hash(SSL_CONNECTION *s, |
| 63 | const unsigned char *hashval, | |
| 43054d3d MC |
64 | size_t hashlen, const unsigned char *hrr, |
| 65 | size_t hrrlen); | |
| 38b051a1 TM |
66 | int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt); |
| 67 | const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s); | |
| 68 | int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, | |
| 69 | WPACKET *pkt); | |
| 70 | size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, | |
| 72ceb6a6 | 71 | const void *param, size_t paramlen); |
| 5d6cca05 | 72 | |
| 61ae935a MC |
73 | /* |
| 74 | * TLS/DTLS client state machine functions | |
| 75 | */ | |
| 38b051a1 TM |
76 | int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt); |
| 77 | WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s); | |
| 78 | WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst); | |
| 79 | WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst); | |
| 80 | int ossl_statem_client_construct_message(SSL_CONNECTION *s, | |
| a15c953f | 81 | confunc_f *confunc, int *mt); |
| 38b051a1 TM |
82 | size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s); |
| 83 | MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s, | |
| 84 | PACKET *pkt); | |
| 85 | WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s, | |
| 86 | WORK_STATE wst); | |
| 61ae935a MC |
87 | |
| 88 | /* | |
| 89 | * TLS/DTLS server state machine functions | |
| 90 | */ | |
| 38b051a1 TM |
91 | int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt); |
| 92 | WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s); | |
| 93 | WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst); | |
| 94 | WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst); | |
| 95 | int ossl_statem_server_construct_message(SSL_CONNECTION *s, | |
| a15c953f | 96 | confunc_f *confunc,int *mt); |
| 38b051a1 TM |
97 | size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s); |
| 98 | MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, | |
| 99 | PACKET *pkt); | |
| 100 | WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s, | |
| 101 | WORK_STATE wst); | |
| 61ae935a MC |
102 | |
| 103 | /* Functions for getting new message data */ | |
| 38b051a1 TM |
104 | __owur int tls_get_message_header(SSL_CONNECTION *s, int *mt); |
| 105 | __owur int tls_get_message_body(SSL_CONNECTION *s, size_t *len); | |
| 106 | __owur int dtls_get_message(SSL_CONNECTION *s, int *mt); | |
| 107 | __owur int dtls_get_message_body(SSL_CONNECTION *s, size_t *len); | |
| 61ae935a MC |
108 | |
| 109 | /* Message construction and processing functions */ | |
| 38b051a1 TM |
110 | __owur int tls_process_initial_server_flight(SSL_CONNECTION *s); |
| 111 | __owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, | |
| 112 | PACKET *pkt); | |
| 113 | __owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt); | |
| 114 | __owur int tls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt); | |
| 115 | __owur int dtls_construct_change_cipher_spec(SSL_CONNECTION *s, WPACKET *pkt); | |
| 61ae935a | 116 | |
| 38b051a1 TM |
117 | __owur int tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt); |
| 118 | __owur int tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt); | |
| 119 | __owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, | |
| 120 | PACKET *pkt); | |
| 121 | __owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst, | |
| 122 | int clearbufs, int stop); | |
| 123 | __owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s); | |
| 61ae935a MC |
124 | |
| 125 | /* some client-only functions */ | |
| 38b051a1 TM |
126 | __owur int tls_construct_client_hello(SSL_CONNECTION *s, WPACKET *pkt); |
| 127 | __owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, | |
| 128 | PACKET *pkt); | |
| 129 | __owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, | |
| 130 | PACKET *pkt); | |
| 131 | __owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, | |
| 132 | PACKET *pkt); | |
| 133 | __owur int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt); | |
| 134 | __owur MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s, | |
| 135 | PACKET *pkt); | |
| 136 | __owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s, | |
| 137 | PACKET *pkt); | |
| 138 | __owur int tls_construct_cert_verify(SSL_CONNECTION *s, WPACKET *pkt); | |
| 139 | __owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, | |
| 140 | WORK_STATE wst); | |
| 141 | __owur int tls_construct_client_certificate(SSL_CONNECTION *s, WPACKET *pkt); | |
| 142 | __owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, | |
| 143 | EVP_PKEY **ppkey); | |
| 144 | __owur int tls_construct_client_key_exchange(SSL_CONNECTION *s, WPACKET *pkt); | |
| 145 | __owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s); | |
| 146 | __owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt); | |
| 147 | __owur int tls_construct_cert_status(SSL_CONNECTION *s, WPACKET *pkt); | |
| 148 | __owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, | |
| 149 | PACKET *pkt); | |
| 150 | __owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, | |
| 151 | PACKET *pkt); | |
| 152 | __owur WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, | |
| 153 | WORK_STATE wst); | |
| 154 | __owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s); | |
| a230b26e | 155 | #ifndef OPENSSL_NO_NEXTPROTONEG |
| 38b051a1 | 156 | __owur int tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt); |
| a230b26e | 157 | #endif |
| 38b051a1 TM |
158 | __owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt); |
| 159 | __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt); | |
| 160 | __owur int tls_construct_end_of_early_data(SSL_CONNECTION *s, WPACKET *pkt); | |
| 61ae935a MC |
161 | |
| 162 | /* some server-only functions */ | |
| 38b051a1 TM |
163 | __owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, |
| 164 | PACKET *pkt); | |
| 165 | __owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, | |
| 166 | WORK_STATE wst); | |
| 167 | __owur int tls_construct_server_hello(SSL_CONNECTION *s, WPACKET *pkt); | |
| 168 | __owur int dtls_construct_hello_verify_request(SSL_CONNECTION *s, WPACKET *pkt); | |
| 169 | __owur int tls_construct_server_certificate(SSL_CONNECTION *s, WPACKET *pkt); | |
| 170 | __owur int tls_construct_server_key_exchange(SSL_CONNECTION *s, WPACKET *pkt); | |
| 171 | __owur int tls_construct_certificate_request(SSL_CONNECTION *s, WPACKET *pkt); | |
| 172 | __owur int tls_construct_server_done(SSL_CONNECTION *s, WPACKET *pkt); | |
| 173 | __owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, | |
| 174 | PACKET *pkt); | |
| 175 | __owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, | |
| 176 | PACKET *pkt); | |
| 177 | __owur WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, | |
| 178 | WORK_STATE wst); | |
| 179 | __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, | |
| 180 | PACKET *pkt); | |
| a230b26e | 181 | #ifndef OPENSSL_NO_NEXTPROTONEG |
| 38b051a1 TM |
182 | __owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s, |
| 183 | PACKET *pkt); | |
| a230b26e | 184 | #endif |
| 38b051a1 TM |
185 | __owur int tls_construct_new_session_ticket(SSL_CONNECTION *s, WPACKET *pkt); |
| 186 | MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, | |
| 187 | PACKET *pkt); | |
| 6b473aca | 188 | |
| 5a5530a2 DB |
189 | #ifndef OPENSSL_NO_GOST |
| 190 | /* These functions are used in GOST18 CKE, both for client and server */ | |
| 38b051a1 TM |
191 | int ossl_gost18_cke_cipher_nid(const SSL_CONNECTION *s); |
| 192 | int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf); | |
| 5a5530a2 | 193 | #endif |
| 70af3d8e MC |
194 | |
| 195 | /* Extension processing */ | |
| 196 | ||
| 355a0d10 | 197 | typedef enum ext_return_en { |
| b186a592 MC |
198 | EXT_RETURN_FAIL, |
| 199 | EXT_RETURN_SENT, | |
| 200 | EXT_RETURN_NOT_SENT | |
| 201 | } EXT_RETURN; | |
| 202 | ||
| 38b051a1 | 203 | __owur int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, |
| 88050dd1 | 204 | RAW_EXTENSION *exts); |
| 38b051a1 | 205 | __owur int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, |
| 43ae5eed | 206 | unsigned int thisctx); |
| 38b051a1 TM |
207 | __owur int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, |
| 208 | unsigned int context, | |
| f63a17d6 | 209 | RAW_EXTENSION **res, size_t *len, int init); |
| 38b051a1 | 210 | __owur int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, |
| f63a17d6 | 211 | RAW_EXTENSION *exts, X509 *x, size_t chainidx); |
| 38b051a1 TM |
212 | __owur int tls_parse_all_extensions(SSL_CONNECTION *s, int context, |
| 213 | RAW_EXTENSION *exts, | |
| f63a17d6 | 214 | X509 *x, size_t chainidx, int fin); |
| 38b051a1 | 215 | __owur int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, |
| 43ae5eed | 216 | unsigned int thisctx, int max_version); |
| 38b051a1 TM |
217 | __owur int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, |
| 218 | unsigned int context, | |
| f63a17d6 | 219 | X509 *x, size_t chainidx); |
| 25670f3e | 220 | |
| 38b051a1 | 221 | __owur int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, |
| 1053a6e2 MC |
222 | const unsigned char *msgstart, |
| 223 | size_t binderoffset, const unsigned char *binderin, | |
| 224 | unsigned char *binderout, | |
| 3a7c56b2 | 225 | SSL_SESSION *sess, int sign, int external); |
| 1053a6e2 | 226 | |
| 25670f3e | 227 | /* Server Extension processing */ |
| 38b051a1 TM |
228 | int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, |
| 229 | unsigned int context, | |
| f63a17d6 | 230 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
231 | int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, |
| 232 | unsigned int context, | |
| f63a17d6 | 233 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
234 | int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, |
| 235 | unsigned int context, | |
| f63a17d6 | 236 | X509 *x, size_t chainidx); |
| 25670f3e | 237 | #ifndef OPENSSL_NO_SRP |
| 38b051a1 TM |
238 | int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 239 | X509 *x, size_t chainidx); | |
| 25670f3e | 240 | #endif |
| 38b051a1 TM |
241 | int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, |
| 242 | unsigned int context, | |
| f63a17d6 | 243 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
244 | int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, |
| 245 | unsigned int context, | |
| f63a17d6 | 246 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
247 | int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, |
| 248 | unsigned int context, | |
| f63a17d6 | 249 | X509 *x, size_t chainidxl); |
| 38b051a1 TM |
250 | int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, |
| 251 | unsigned int context, | |
| f63a17d6 | 252 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
253 | int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, |
| 254 | unsigned int context, | |
| c589c34e | 255 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
256 | int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, |
| 257 | unsigned int context, X509 *x, size_t chainidx); | |
| ab83e314 | 258 | #ifndef OPENSSL_NO_OCSP |
| 38b051a1 TM |
259 | int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, |
| 260 | unsigned int context, | |
| f63a17d6 | 261 | X509 *x, size_t chainidx); |
| ab83e314 | 262 | #endif |
| 25670f3e | 263 | #ifndef OPENSSL_NO_NEXTPROTONEG |
| 38b051a1 TM |
264 | int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 265 | X509 *x, size_t chainidx); | |
| 25670f3e | 266 | #endif |
| 38b051a1 TM |
267 | int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 268 | X509 *x, size_t chainidx); | |
| 25670f3e | 269 | #ifndef OPENSSL_NO_SRTP |
| 38b051a1 TM |
270 | int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, |
| 271 | unsigned int context, X509 *x, size_t chainidx); | |
| 25670f3e | 272 | #endif |
| 38b051a1 TM |
273 | int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 274 | X509 *x, size_t chainidx); | |
| 275 | int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, | |
| 276 | unsigned int context, X509 *x, size_t chainidx); | |
| 277 | int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
| 278 | X509 *x, size_t chainidx); | |
| 279 | int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
| 280 | X509 *x, size_t chainidx); | |
| 281 | int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, | |
| 282 | unsigned int context, | |
| f63a17d6 | 283 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
284 | int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 285 | X509 *x, size_t chainidx); | |
| 286 | int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *, PACKET *pkt, | |
| 287 | unsigned int context, | |
| 9d75dce3 | 288 | X509 *x, size_t chainidx); |
| 7da160b0 | 289 | |
| 38b051a1 | 290 | EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 291 | unsigned int context, X509 *x, |
| f63a17d6 | 292 | size_t chainidx); |
| 38b051a1 | 293 | EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 294 | unsigned int context, X509 *x, |
| f63a17d6 | 295 | size_t chainidx); |
| 38b051a1 | 296 | EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 297 | unsigned int context, X509 *x, |
| f63a17d6 | 298 | size_t chainidx); |
| 38b051a1 | 299 | EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, |
| cf72c757 | 300 | unsigned int context, X509 *x, |
| f63a17d6 | 301 | size_t chainidx); |
| 38b051a1 | 302 | EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 303 | unsigned int context, X509 *x, |
| f63a17d6 | 304 | size_t chainidx); |
| 38b051a1 | 305 | EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 306 | unsigned int context, X509 *x, |
| f63a17d6 | 307 | size_t chainidx); |
| 38b051a1 | 308 | EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 309 | unsigned int context, X509 *x, |
| f63a17d6 | 310 | size_t chainidx); |
| ab83e314 | 311 | #ifndef OPENSSL_NO_OCSP |
| 38b051a1 | 312 | EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 313 | unsigned int context, X509 *x, |
| f63a17d6 | 314 | size_t chainidx); |
| ab83e314 MC |
315 | #endif |
| 316 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
| 38b051a1 | 317 | EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 318 | unsigned int context, X509 *x, |
| f63a17d6 | 319 | size_t chainidx); |
| ab83e314 | 320 | #endif |
| 38b051a1 TM |
321 | EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, |
| 322 | unsigned int context, | |
| f63a17d6 | 323 | X509 *x, size_t chainidx); |
| ab83e314 | 324 | #ifndef OPENSSL_NO_SRTP |
| 38b051a1 TM |
325 | EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, |
| 326 | unsigned int context, | |
| 327 | X509 *x, size_t chainidx); | |
| ab83e314 | 328 | #endif |
| 38b051a1 TM |
329 | EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, |
| 330 | unsigned int context, | |
| f63a17d6 | 331 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
332 | EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, |
| 333 | unsigned int context, | |
| f63a17d6 | 334 | X509 *x, size_t chainidx); |
| 38b051a1 | 335 | EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, |
| 88050dd1 MC |
336 | unsigned int context, X509 *x, |
| 337 | size_t chainidx); | |
| 38b051a1 | 338 | EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 339 | unsigned int context, X509 *x, |
| f63a17d6 | 340 | size_t chainidx); |
| 38b051a1 TM |
341 | EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, |
| 342 | unsigned int context, | |
| 43054d3d | 343 | X509 *x, size_t chainidx); |
| 7da160b0 MC |
344 | /* |
| 345 | * Not in public headers as this is not an official extension. Only used when | |
| 346 | * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. | |
| 347 | */ | |
| 348 | #define TLSEXT_TYPE_cryptopro_bug 0xfde8 | |
| 38b051a1 | 349 | EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 350 | unsigned int context, X509 *x, |
| f63a17d6 | 351 | size_t chainidx); |
| 38b051a1 TM |
352 | EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, |
| 353 | unsigned int context, | |
| f63a17d6 | 354 | X509 *x, size_t chainidx); |
| 6dd083fd MC |
355 | |
| 356 | /* Client Extension processing */ | |
| 38b051a1 TM |
357 | EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, |
| 358 | unsigned int context, | |
| 359 | X509 *x, size_t chainidx); | |
| 360 | EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt, | |
| 361 | unsigned int context, | |
| 362 | X509 *x, size_t chainidx); | |
| 363 | EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, | |
| 364 | unsigned int context, | |
| f63a17d6 | 365 | X509 *x, size_t chainidx); |
| ab83e314 | 366 | #ifndef OPENSSL_NO_SRP |
| 38b051a1 TM |
367 | EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt, |
| 368 | unsigned int context, X509 *x, | |
| 369 | size_t chainidx); | |
| ab83e314 | 370 | #endif |
| 38b051a1 | 371 | EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 372 | unsigned int context, X509 *x, |
| f63a17d6 | 373 | size_t chainidx); |
| 38b051a1 | 374 | EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 375 | unsigned int context, X509 *x, |
| f63a17d6 | 376 | size_t chainidx); |
| dbc6268f | 377 | |
| 38b051a1 | 378 | EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 379 | unsigned int context, X509 *x, |
| f63a17d6 | 380 | size_t chainidx); |
| 38b051a1 | 381 | EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 382 | unsigned int context, X509 *x, |
| f63a17d6 | 383 | size_t chainidx); |
| 38b051a1 | 384 | EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 385 | unsigned int context, X509 *x, |
| f63a17d6 | 386 | size_t chainidx); |
| ab83e314 | 387 | #ifndef OPENSSL_NO_OCSP |
| 38b051a1 | 388 | EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 389 | unsigned int context, X509 *x, |
| f63a17d6 | 390 | size_t chainidx); |
| ab83e314 MC |
391 | #endif |
| 392 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
| 38b051a1 TM |
393 | EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, |
| 394 | unsigned int context, | |
| f63a17d6 | 395 | X509 *x, size_t chainidx); |
| ab83e314 | 396 | #endif |
| 38b051a1 TM |
397 | EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, |
| 398 | unsigned int context, | |
| f63a17d6 | 399 | X509 *x, size_t chainidx); |
| ab83e314 | 400 | #ifndef OPENSSL_NO_SRTP |
| 38b051a1 TM |
401 | EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, |
| 402 | unsigned int context, | |
| f63a17d6 | 403 | X509 *x, size_t chainidx); |
| ab83e314 | 404 | #endif |
| 38b051a1 TM |
405 | EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt, |
| 406 | unsigned int context, | |
| f63a17d6 | 407 | X509 *x, size_t chainidx); |
| ab83e314 | 408 | #ifndef OPENSSL_NO_CT |
| 38b051a1 TM |
409 | EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, |
| 410 | unsigned int context, | |
| f63a17d6 | 411 | X509 *x, size_t chainidx); |
| ab83e314 | 412 | #endif |
| 38b051a1 TM |
413 | EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt, |
| 414 | unsigned int context, | |
| f63a17d6 | 415 | X509 *x, size_t chainidx); |
| 38b051a1 | 416 | EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 417 | unsigned int context, X509 *x, |
| f63a17d6 | 418 | size_t chainidx); |
| 38b051a1 | 419 | EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 420 | unsigned int context, X509 *x, |
| f63a17d6 | 421 | size_t chainidx); |
| 38b051a1 | 422 | EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 423 | unsigned int context, X509 *x, |
| f63a17d6 | 424 | size_t chainidx); |
| 38b051a1 TM |
425 | EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, |
| 426 | unsigned int context, | |
| f63a17d6 | 427 | X509 *x, size_t chainidx); |
| 38b051a1 | 428 | EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, |
| b186a592 | 429 | unsigned int context, X509 *x, |
| f63a17d6 | 430 | size_t chainidx); |
| 38b051a1 TM |
431 | EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, |
| 432 | unsigned int context, | |
| f63a17d6 | 433 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
434 | EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt, |
| 435 | unsigned int context, | |
| 9d75dce3 TS |
436 | X509 *x, size_t chainidx); |
| 437 | ||
| 38b051a1 TM |
438 | int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, |
| 439 | unsigned int context, | |
| f63a17d6 | 440 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
441 | int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt, |
| 442 | unsigned int context, | |
| f63a17d6 | 443 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
444 | int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, |
| 445 | unsigned int context, | |
| f63a17d6 | 446 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
447 | int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, |
| 448 | unsigned int context, | |
| f63a17d6 | 449 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
450 | int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, |
| 451 | unsigned int context, | |
| f63a17d6 | 452 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
453 | int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, |
| 454 | unsigned int context, | |
| f63a17d6 | 455 | X509 *x, size_t chainidx); |
| ab83e314 | 456 | #ifndef OPENSSL_NO_OCSP |
| 38b051a1 TM |
457 | int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt, |
| 458 | unsigned int context, | |
| f63a17d6 | 459 | X509 *x, size_t chainidx); |
| ab83e314 | 460 | #endif |
| 6dd083fd | 461 | #ifndef OPENSSL_NO_CT |
| 38b051a1 TM |
462 | int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 463 | X509 *x, size_t chainidx); | |
| 6dd083fd MC |
464 | #endif |
| 465 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
| 38b051a1 TM |
466 | int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 467 | X509 *x, size_t chainidx); | |
| 6dd083fd | 468 | #endif |
| 38b051a1 TM |
469 | int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 470 | X509 *x, size_t chainidx); | |
| 6dd083fd | 471 | #ifndef OPENSSL_NO_SRTP |
| 38b051a1 TM |
472 | int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, |
| 473 | unsigned int context, X509 *x, size_t chainidx); | |
| 6dd083fd | 474 | #endif |
| 38b051a1 TM |
475 | int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
| 476 | X509 *x, size_t chainidx); | |
| 477 | int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
| 478 | X509 *x, size_t chainidx); | |
| 479 | int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, | |
| 480 | unsigned int context, | |
| 88050dd1 | 481 | X509 *x, size_t chainidx); |
| 38b051a1 TM |
482 | int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, |
| 483 | unsigned int context, X509 *x, size_t chainidx); | |
| 484 | int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
| 485 | X509 *x, size_t chainidx); | |
| 486 | int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
| 487 | X509 *x, size_t chainidx); | |
| 630369d9 | 488 | |
| 38b051a1 | 489 | int tls_handle_alpn(SSL_CONNECTION *s); |
| 9d75dce3 | 490 | |
| 38b051a1 TM |
491 | int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s); |
| 492 | int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s); |