]>
Commit | Line | Data |
---|---|---|
846e33c7 | 1 | /* |
3c95ef22 | 2 | * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. |
61ae935a | 3 | * |
2c18d164 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
61ae935a MC |
8 | */ |
9 | ||
10 | /***************************************************************************** | |
11 | * * | |
12 | * The following definitions are PRIVATE to the state machine. They should * | |
13 | * NOT be used outside of the state machine. * | |
14 | * * | |
15 | *****************************************************************************/ | |
16 | ||
17 | /* Max message length definitions */ | |
18 | ||
19 | /* The spec allows for a longer length than this, but we limit it */ | |
20 | #define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 | |
ef6c191b | 21 | #define END_OF_EARLY_DATA_MAX_LENGTH 0 |
3847d426 | 22 | #define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 |
e46f2334 | 23 | #define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 |
e54f0c9b MC |
24 | #define SESSION_TICKET_MAX_LENGTH_TLS13 131338 |
25 | #define SESSION_TICKET_MAX_LENGTH_TLS12 65541 | |
61ae935a MC |
26 | #define SERVER_KEY_EXCH_MAX_LENGTH 102400 |
27 | #define SERVER_HELLO_DONE_MAX_LENGTH 0 | |
e1c3de44 | 28 | #define KEY_UPDATE_MAX_LENGTH 1 |
61ae935a | 29 | #define CCS_MAX_LENGTH 1 |
3aff5b4b MB |
30 | |
31 | /* Max ServerHello size permitted by RFC 8446 */ | |
32 | #define SERVER_HELLO_MAX_LENGTH 65607 | |
33 | ||
c6d14bfd V |
34 | /* Max CertificateVerify size permitted by RFC 8446 */ |
35 | #define CERTIFICATE_VERIFY_MAX_LENGTH 65539 | |
36 | ||
61ae935a MC |
37 | /* Max should actually be 36 but we are generous */ |
38 | #define FINISHED_MAX_LENGTH 64 | |
39 | ||
f7e393be MC |
40 | /* Dummy message type */ |
41 | #define SSL3_MT_DUMMY -1 | |
42 | ||
ac44deaf TS |
43 | /* Invalid extension ID for non-supported extensions */ |
44 | #define TLSEXT_TYPE_invalid 0x10000 | |
45 | #define TLSEXT_TYPE_out_of_range 0x10001 | |
46 | unsigned int ossl_get_extension_type(size_t idx); | |
47 | ||
597c51bc MC |
48 | extern const unsigned char hrrrandom[]; |
49 | ||
61ae935a | 50 | /* Message processing return codes */ |
be3583fa | 51 | typedef enum { |
61ae935a MC |
52 | /* Something bad happened */ |
53 | MSG_PROCESS_ERROR, | |
54 | /* We've finished reading - swap to writing */ | |
55 | MSG_PROCESS_FINISHED_READING, | |
56 | /* | |
57 | * We've completed the main processing of this message but there is some | |
58 | * post processing to be done. | |
59 | */ | |
60 | MSG_PROCESS_CONTINUE_PROCESSING, | |
61 | /* We've finished this message - read the next message */ | |
62 | MSG_PROCESS_CONTINUE_READING | |
be3583fa | 63 | } MSG_PROCESS_RETURN; |
61ae935a | 64 | |
67ec6d2b | 65 | typedef CON_FUNC_RETURN (*confunc_f) (SSL_CONNECTION *s, WPACKET *pkt); |
a15c953f | 66 | |
38b051a1 TM |
67 | int ssl3_take_mac(SSL_CONNECTION *s); |
68 | int check_in_list(SSL_CONNECTION *s, uint16_t group_id, const uint16_t *groups, | |
aff9929b | 69 | size_t num_groups, int checkallow); |
38b051a1 TM |
70 | int create_synthetic_message_hash(SSL_CONNECTION *s, |
71 | const unsigned char *hashval, | |
43054d3d MC |
72 | size_t hashlen, const unsigned char *hrr, |
73 | size_t hrrlen); | |
38b051a1 TM |
74 | int parse_ca_names(SSL_CONNECTION *s, PACKET *pkt); |
75 | const STACK_OF(X509_NAME) *get_ca_names(SSL_CONNECTION *s); | |
76 | int construct_ca_names(SSL_CONNECTION *s, const STACK_OF(X509_NAME) *ca_sk, | |
77 | WPACKET *pkt); | |
78 | size_t construct_key_exchange_tbs(SSL_CONNECTION *s, unsigned char **ptbs, | |
72ceb6a6 | 79 | const void *param, size_t paramlen); |
5d6cca05 | 80 | |
61ae935a MC |
81 | /* |
82 | * TLS/DTLS client state machine functions | |
83 | */ | |
38b051a1 TM |
84 | int ossl_statem_client_read_transition(SSL_CONNECTION *s, int mt); |
85 | WRITE_TRAN ossl_statem_client_write_transition(SSL_CONNECTION *s); | |
86 | WORK_STATE ossl_statem_client_pre_work(SSL_CONNECTION *s, WORK_STATE wst); | |
87 | WORK_STATE ossl_statem_client_post_work(SSL_CONNECTION *s, WORK_STATE wst); | |
88 | int ossl_statem_client_construct_message(SSL_CONNECTION *s, | |
a15c953f | 89 | confunc_f *confunc, int *mt); |
38b051a1 TM |
90 | size_t ossl_statem_client_max_message_size(SSL_CONNECTION *s); |
91 | MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL_CONNECTION *s, | |
92 | PACKET *pkt); | |
93 | WORK_STATE ossl_statem_client_post_process_message(SSL_CONNECTION *s, | |
94 | WORK_STATE wst); | |
61ae935a MC |
95 | |
96 | /* | |
97 | * TLS/DTLS server state machine functions | |
98 | */ | |
38b051a1 TM |
99 | int ossl_statem_server_read_transition(SSL_CONNECTION *s, int mt); |
100 | WRITE_TRAN ossl_statem_server_write_transition(SSL_CONNECTION *s); | |
101 | WORK_STATE ossl_statem_server_pre_work(SSL_CONNECTION *s, WORK_STATE wst); | |
102 | WORK_STATE ossl_statem_server_post_work(SSL_CONNECTION *s, WORK_STATE wst); | |
103 | int ossl_statem_server_construct_message(SSL_CONNECTION *s, | |
a15c953f | 104 | confunc_f *confunc,int *mt); |
38b051a1 TM |
105 | size_t ossl_statem_server_max_message_size(SSL_CONNECTION *s); |
106 | MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL_CONNECTION *s, | |
107 | PACKET *pkt); | |
108 | WORK_STATE ossl_statem_server_post_process_message(SSL_CONNECTION *s, | |
109 | WORK_STATE wst); | |
61ae935a MC |
110 | |
111 | /* Functions for getting new message data */ | |
38b051a1 TM |
112 | __owur int tls_get_message_header(SSL_CONNECTION *s, int *mt); |
113 | __owur int tls_get_message_body(SSL_CONNECTION *s, size_t *len); | |
114 | __owur int dtls_get_message(SSL_CONNECTION *s, int *mt); | |
115 | __owur int dtls_get_message_body(SSL_CONNECTION *s, size_t *len); | |
61ae935a MC |
116 | |
117 | /* Message construction and processing functions */ | |
38b051a1 TM |
118 | __owur int tls_process_initial_server_flight(SSL_CONNECTION *s); |
119 | __owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL_CONNECTION *s, | |
120 | PACKET *pkt); | |
121 | __owur MSG_PROCESS_RETURN tls_process_finished(SSL_CONNECTION *s, PACKET *pkt); | |
67ec6d2b MC |
122 | __owur CON_FUNC_RETURN tls_construct_change_cipher_spec(SSL_CONNECTION *s, |
123 | WPACKET *pkt); | |
124 | __owur CON_FUNC_RETURN dtls_construct_change_cipher_spec(SSL_CONNECTION *s, | |
125 | WPACKET *pkt); | |
61ae935a | 126 | |
67ec6d2b MC |
127 | __owur CON_FUNC_RETURN tls_construct_finished(SSL_CONNECTION *s, WPACKET *pkt); |
128 | __owur CON_FUNC_RETURN tls_construct_key_update(SSL_CONNECTION *s, WPACKET *pkt); | |
38b051a1 TM |
129 | __owur MSG_PROCESS_RETURN tls_process_key_update(SSL_CONNECTION *s, |
130 | PACKET *pkt); | |
131 | __owur WORK_STATE tls_finish_handshake(SSL_CONNECTION *s, WORK_STATE wst, | |
132 | int clearbufs, int stop); | |
133 | __owur WORK_STATE dtls_wait_for_dry(SSL_CONNECTION *s); | |
61ae935a | 134 | |
b67cb09f TS |
135 | #ifndef OPENSSL_NO_COMP_ALG |
136 | __owur MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc, | |
137 | PACKET *pkt, | |
138 | PACKET *tmppkt, | |
139 | BUF_MEM *buf); | |
140 | #endif | |
141 | ||
61ae935a | 142 | /* some client-only functions */ |
67ec6d2b MC |
143 | __owur CON_FUNC_RETURN tls_construct_client_hello(SSL_CONNECTION *s, |
144 | WPACKET *pkt); | |
38b051a1 TM |
145 | __owur MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, |
146 | PACKET *pkt); | |
147 | __owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL_CONNECTION *s, | |
148 | PACKET *pkt); | |
149 | __owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL_CONNECTION *s, | |
150 | PACKET *pkt); | |
151 | __owur int tls_process_cert_status_body(SSL_CONNECTION *s, PACKET *pkt); | |
152 | __owur MSG_PROCESS_RETURN tls_process_cert_status(SSL_CONNECTION *s, | |
153 | PACKET *pkt); | |
154 | __owur MSG_PROCESS_RETURN tls_process_server_done(SSL_CONNECTION *s, | |
155 | PACKET *pkt); | |
67ec6d2b MC |
156 | __owur CON_FUNC_RETURN tls_construct_cert_verify(SSL_CONNECTION *s, |
157 | WPACKET *pkt); | |
38b051a1 TM |
158 | __owur WORK_STATE tls_prepare_client_certificate(SSL_CONNECTION *s, |
159 | WORK_STATE wst); | |
67ec6d2b MC |
160 | __owur CON_FUNC_RETURN tls_construct_client_certificate(SSL_CONNECTION *s, |
161 | WPACKET *pkt); | |
b67cb09f TS |
162 | #ifndef OPENSSL_NO_COMP_ALG |
163 | __owur CON_FUNC_RETURN tls_construct_client_compressed_certificate(SSL_CONNECTION *sc, | |
164 | WPACKET *pkt); | |
165 | #endif | |
38b051a1 TM |
166 | __owur int ssl_do_client_cert_cb(SSL_CONNECTION *s, X509 **px509, |
167 | EVP_PKEY **ppkey); | |
67ec6d2b MC |
168 | __owur CON_FUNC_RETURN tls_construct_client_key_exchange(SSL_CONNECTION *s, |
169 | WPACKET *pkt); | |
38b051a1 TM |
170 | __owur int tls_client_key_exchange_post_work(SSL_CONNECTION *s); |
171 | __owur int tls_construct_cert_status_body(SSL_CONNECTION *s, WPACKET *pkt); | |
67ec6d2b MC |
172 | __owur CON_FUNC_RETURN tls_construct_cert_status(SSL_CONNECTION *s, |
173 | WPACKET *pkt); | |
38b051a1 TM |
174 | __owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL_CONNECTION *s, |
175 | PACKET *pkt); | |
3c95ef22 TS |
176 | __owur MSG_PROCESS_RETURN tls_process_server_rpk(SSL_CONNECTION *sc, |
177 | PACKET *pkt); | |
178 | __owur MSG_PROCESS_RETURN tls_process_client_rpk(SSL_CONNECTION *sc, | |
179 | PACKET *pkt); | |
180 | __owur unsigned long tls_output_rpk(SSL_CONNECTION *sc, WPACKET *pkt, | |
181 | CERT_PKEY *cpk); | |
182 | __owur int tls_process_rpk(SSL_CONNECTION *s, PACKET *pkt, EVP_PKEY **peer_rpk); | |
38b051a1 TM |
183 | __owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL_CONNECTION *s, |
184 | PACKET *pkt); | |
185 | __owur WORK_STATE tls_post_process_server_certificate(SSL_CONNECTION *s, | |
186 | WORK_STATE wst); | |
b67cb09f TS |
187 | #ifndef OPENSSL_NO_COMP_ALG |
188 | __owur MSG_PROCESS_RETURN tls_process_server_compressed_certificate(SSL_CONNECTION *sc, | |
189 | PACKET *pkt); | |
190 | #endif | |
38b051a1 | 191 | __owur int ssl3_check_cert_and_algorithm(SSL_CONNECTION *s); |
a230b26e | 192 | #ifndef OPENSSL_NO_NEXTPROTONEG |
67ec6d2b | 193 | __owur CON_FUNC_RETURN tls_construct_next_proto(SSL_CONNECTION *s, WPACKET *pkt); |
a230b26e | 194 | #endif |
38b051a1 TM |
195 | __owur MSG_PROCESS_RETURN tls_process_hello_req(SSL_CONNECTION *s, PACKET *pkt); |
196 | __owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL_CONNECTION *s, PACKET *pkt); | |
67ec6d2b MC |
197 | __owur CON_FUNC_RETURN tls_construct_end_of_early_data(SSL_CONNECTION *s, |
198 | WPACKET *pkt); | |
61ae935a MC |
199 | |
200 | /* some server-only functions */ | |
38b051a1 TM |
201 | __owur MSG_PROCESS_RETURN tls_process_client_hello(SSL_CONNECTION *s, |
202 | PACKET *pkt); | |
203 | __owur WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, | |
204 | WORK_STATE wst); | |
67ec6d2b MC |
205 | __owur CON_FUNC_RETURN tls_construct_server_hello(SSL_CONNECTION *s, |
206 | WPACKET *pkt); | |
207 | __owur CON_FUNC_RETURN dtls_construct_hello_verify_request(SSL_CONNECTION *s, | |
208 | WPACKET *pkt); | |
209 | __owur CON_FUNC_RETURN tls_construct_server_certificate(SSL_CONNECTION *s, | |
210 | WPACKET *pkt); | |
b67cb09f TS |
211 | #ifndef OPENSSL_NO_COMP_ALG |
212 | __owur CON_FUNC_RETURN tls_construct_server_compressed_certificate(SSL_CONNECTION *sc, | |
213 | WPACKET *pkt); | |
214 | #endif | |
67ec6d2b MC |
215 | __owur CON_FUNC_RETURN tls_construct_server_key_exchange(SSL_CONNECTION *s, |
216 | WPACKET *pkt); | |
217 | __owur CON_FUNC_RETURN tls_construct_certificate_request(SSL_CONNECTION *s, | |
218 | WPACKET *pkt); | |
219 | __owur CON_FUNC_RETURN tls_construct_server_done(SSL_CONNECTION *s, | |
220 | WPACKET *pkt); | |
38b051a1 TM |
221 | __owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL_CONNECTION *s, |
222 | PACKET *pkt); | |
b67cb09f TS |
223 | #ifndef OPENSSL_NO_COMP_ALG |
224 | __owur MSG_PROCESS_RETURN tls_process_client_compressed_certificate(SSL_CONNECTION *sc, | |
225 | PACKET *pkt); | |
226 | #endif | |
38b051a1 TM |
227 | __owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL_CONNECTION *s, |
228 | PACKET *pkt); | |
229 | __owur WORK_STATE tls_post_process_client_key_exchange(SSL_CONNECTION *s, | |
230 | WORK_STATE wst); | |
231 | __owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL_CONNECTION *s, | |
232 | PACKET *pkt); | |
a230b26e | 233 | #ifndef OPENSSL_NO_NEXTPROTONEG |
38b051a1 TM |
234 | __owur MSG_PROCESS_RETURN tls_process_next_proto(SSL_CONNECTION *s, |
235 | PACKET *pkt); | |
a230b26e | 236 | #endif |
67ec6d2b MC |
237 | __owur CON_FUNC_RETURN tls_construct_new_session_ticket(SSL_CONNECTION *s, |
238 | WPACKET *pkt); | |
38b051a1 TM |
239 | MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL_CONNECTION *s, |
240 | PACKET *pkt); | |
6b473aca | 241 | |
5a5530a2 DB |
242 | #ifndef OPENSSL_NO_GOST |
243 | /* These functions are used in GOST18 CKE, both for client and server */ | |
38b051a1 TM |
244 | int ossl_gost18_cke_cipher_nid(const SSL_CONNECTION *s); |
245 | int ossl_gost_ukm(const SSL_CONNECTION *s, unsigned char *dgst_buf); | |
5a5530a2 | 246 | #endif |
70af3d8e MC |
247 | |
248 | /* Extension processing */ | |
249 | ||
355a0d10 | 250 | typedef enum ext_return_en { |
b186a592 MC |
251 | EXT_RETURN_FAIL, |
252 | EXT_RETURN_SENT, | |
253 | EXT_RETURN_NOT_SENT | |
254 | } EXT_RETURN; | |
255 | ||
38b051a1 | 256 | __owur int tls_validate_all_contexts(SSL_CONNECTION *s, unsigned int thisctx, |
88050dd1 | 257 | RAW_EXTENSION *exts); |
38b051a1 | 258 | __owur int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx, |
43ae5eed | 259 | unsigned int thisctx); |
38b051a1 TM |
260 | __owur int tls_collect_extensions(SSL_CONNECTION *s, PACKET *packet, |
261 | unsigned int context, | |
f63a17d6 | 262 | RAW_EXTENSION **res, size_t *len, int init); |
38b051a1 | 263 | __owur int tls_parse_extension(SSL_CONNECTION *s, TLSEXT_INDEX idx, int context, |
f63a17d6 | 264 | RAW_EXTENSION *exts, X509 *x, size_t chainidx); |
38b051a1 TM |
265 | __owur int tls_parse_all_extensions(SSL_CONNECTION *s, int context, |
266 | RAW_EXTENSION *exts, | |
f63a17d6 | 267 | X509 *x, size_t chainidx, int fin); |
38b051a1 | 268 | __owur int should_add_extension(SSL_CONNECTION *s, unsigned int extctx, |
43ae5eed | 269 | unsigned int thisctx, int max_version); |
38b051a1 TM |
270 | __owur int tls_construct_extensions(SSL_CONNECTION *s, WPACKET *pkt, |
271 | unsigned int context, | |
f63a17d6 | 272 | X509 *x, size_t chainidx); |
25670f3e | 273 | |
38b051a1 | 274 | __owur int tls_psk_do_binder(SSL_CONNECTION *s, const EVP_MD *md, |
1053a6e2 MC |
275 | const unsigned char *msgstart, |
276 | size_t binderoffset, const unsigned char *binderin, | |
277 | unsigned char *binderout, | |
3a7c56b2 | 278 | SSL_SESSION *sess, int sign, int external); |
1053a6e2 | 279 | |
25670f3e | 280 | /* Server Extension processing */ |
38b051a1 TM |
281 | int tls_parse_ctos_renegotiate(SSL_CONNECTION *s, PACKET *pkt, |
282 | unsigned int context, | |
f63a17d6 | 283 | X509 *x, size_t chainidx); |
38b051a1 TM |
284 | int tls_parse_ctos_server_name(SSL_CONNECTION *s, PACKET *pkt, |
285 | unsigned int context, | |
f63a17d6 | 286 | X509 *x, size_t chainidx); |
38b051a1 TM |
287 | int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, |
288 | unsigned int context, | |
f63a17d6 | 289 | X509 *x, size_t chainidx); |
25670f3e | 290 | #ifndef OPENSSL_NO_SRP |
38b051a1 TM |
291 | int tls_parse_ctos_srp(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
292 | X509 *x, size_t chainidx); | |
25670f3e | 293 | #endif |
38b051a1 TM |
294 | int tls_parse_ctos_early_data(SSL_CONNECTION *s, PACKET *pkt, |
295 | unsigned int context, | |
f63a17d6 | 296 | X509 *x, size_t chainidx); |
38b051a1 TM |
297 | int tls_parse_ctos_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, |
298 | unsigned int context, | |
f63a17d6 | 299 | X509 *x, size_t chainidx); |
38b051a1 TM |
300 | int tls_parse_ctos_supported_groups(SSL_CONNECTION *s, PACKET *pkt, |
301 | unsigned int context, | |
f63a17d6 | 302 | X509 *x, size_t chainidxl); |
38b051a1 TM |
303 | int tls_parse_ctos_session_ticket(SSL_CONNECTION *s, PACKET *pkt, |
304 | unsigned int context, | |
f63a17d6 | 305 | X509 *x, size_t chainidx); |
38b051a1 TM |
306 | int tls_parse_ctos_sig_algs_cert(SSL_CONNECTION *s, PACKET *pkt, |
307 | unsigned int context, | |
c589c34e | 308 | X509 *x, size_t chainidx); |
38b051a1 TM |
309 | int tls_parse_ctos_sig_algs(SSL_CONNECTION *s, PACKET *pkt, |
310 | unsigned int context, X509 *x, size_t chainidx); | |
ab83e314 | 311 | #ifndef OPENSSL_NO_OCSP |
38b051a1 TM |
312 | int tls_parse_ctos_status_request(SSL_CONNECTION *s, PACKET *pkt, |
313 | unsigned int context, | |
f63a17d6 | 314 | X509 *x, size_t chainidx); |
ab83e314 | 315 | #endif |
25670f3e | 316 | #ifndef OPENSSL_NO_NEXTPROTONEG |
38b051a1 TM |
317 | int tls_parse_ctos_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
318 | X509 *x, size_t chainidx); | |
25670f3e | 319 | #endif |
38b051a1 TM |
320 | int tls_parse_ctos_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
321 | X509 *x, size_t chainidx); | |
25670f3e | 322 | #ifndef OPENSSL_NO_SRTP |
38b051a1 TM |
323 | int tls_parse_ctos_use_srtp(SSL_CONNECTION *s, PACKET *pkt, |
324 | unsigned int context, X509 *x, size_t chainidx); | |
25670f3e | 325 | #endif |
38b051a1 TM |
326 | int tls_parse_ctos_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
327 | X509 *x, size_t chainidx); | |
328 | int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, | |
329 | unsigned int context, X509 *x, size_t chainidx); | |
330 | int tls_parse_ctos_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
331 | X509 *x, size_t chainidx); | |
332 | int tls_parse_ctos_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
333 | X509 *x, size_t chainidx); | |
334 | int tls_parse_ctos_psk_kex_modes(SSL_CONNECTION *s, PACKET *pkt, | |
335 | unsigned int context, | |
f63a17d6 | 336 | X509 *x, size_t chainidx); |
38b051a1 TM |
337 | int tls_parse_ctos_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
338 | X509 *x, size_t chainidx); | |
339 | int tls_parse_ctos_post_handshake_auth(SSL_CONNECTION *, PACKET *pkt, | |
340 | unsigned int context, | |
9d75dce3 | 341 | X509 *x, size_t chainidx); |
7da160b0 | 342 | |
38b051a1 | 343 | EXT_RETURN tls_construct_stoc_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 344 | unsigned int context, X509 *x, |
f63a17d6 | 345 | size_t chainidx); |
38b051a1 | 346 | EXT_RETURN tls_construct_stoc_server_name(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 347 | unsigned int context, X509 *x, |
f63a17d6 | 348 | size_t chainidx); |
38b051a1 | 349 | EXT_RETURN tls_construct_stoc_early_data(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 350 | unsigned int context, X509 *x, |
f63a17d6 | 351 | size_t chainidx); |
38b051a1 | 352 | EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, |
cf72c757 | 353 | unsigned int context, X509 *x, |
f63a17d6 | 354 | size_t chainidx); |
38b051a1 | 355 | EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 356 | unsigned int context, X509 *x, |
f63a17d6 | 357 | size_t chainidx); |
38b051a1 | 358 | EXT_RETURN tls_construct_stoc_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 359 | unsigned int context, X509 *x, |
f63a17d6 | 360 | size_t chainidx); |
38b051a1 | 361 | EXT_RETURN tls_construct_stoc_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 362 | unsigned int context, X509 *x, |
f63a17d6 | 363 | size_t chainidx); |
ab83e314 | 364 | #ifndef OPENSSL_NO_OCSP |
38b051a1 | 365 | EXT_RETURN tls_construct_stoc_status_request(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 366 | unsigned int context, X509 *x, |
f63a17d6 | 367 | size_t chainidx); |
ab83e314 MC |
368 | #endif |
369 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
38b051a1 | 370 | EXT_RETURN tls_construct_stoc_next_proto_neg(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 371 | unsigned int context, X509 *x, |
f63a17d6 | 372 | size_t chainidx); |
ab83e314 | 373 | #endif |
38b051a1 TM |
374 | EXT_RETURN tls_construct_stoc_alpn(SSL_CONNECTION *s, WPACKET *pkt, |
375 | unsigned int context, | |
f63a17d6 | 376 | X509 *x, size_t chainidx); |
ab83e314 | 377 | #ifndef OPENSSL_NO_SRTP |
38b051a1 TM |
378 | EXT_RETURN tls_construct_stoc_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, |
379 | unsigned int context, | |
380 | X509 *x, size_t chainidx); | |
ab83e314 | 381 | #endif |
38b051a1 TM |
382 | EXT_RETURN tls_construct_stoc_etm(SSL_CONNECTION *s, WPACKET *pkt, |
383 | unsigned int context, | |
f63a17d6 | 384 | X509 *x, size_t chainidx); |
38b051a1 TM |
385 | EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt, |
386 | unsigned int context, | |
f63a17d6 | 387 | X509 *x, size_t chainidx); |
38b051a1 | 388 | EXT_RETURN tls_construct_stoc_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, |
88050dd1 MC |
389 | unsigned int context, X509 *x, |
390 | size_t chainidx); | |
38b051a1 | 391 | EXT_RETURN tls_construct_stoc_key_share(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 392 | unsigned int context, X509 *x, |
f63a17d6 | 393 | size_t chainidx); |
38b051a1 TM |
394 | EXT_RETURN tls_construct_stoc_cookie(SSL_CONNECTION *s, WPACKET *pkt, |
395 | unsigned int context, | |
43054d3d | 396 | X509 *x, size_t chainidx); |
7da160b0 MC |
397 | /* |
398 | * Not in public headers as this is not an official extension. Only used when | |
399 | * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. | |
400 | */ | |
401 | #define TLSEXT_TYPE_cryptopro_bug 0xfde8 | |
38b051a1 | 402 | EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 403 | unsigned int context, X509 *x, |
f63a17d6 | 404 | size_t chainidx); |
38b051a1 TM |
405 | EXT_RETURN tls_construct_stoc_psk(SSL_CONNECTION *s, WPACKET *pkt, |
406 | unsigned int context, | |
f63a17d6 | 407 | X509 *x, size_t chainidx); |
6dd083fd MC |
408 | |
409 | /* Client Extension processing */ | |
38b051a1 TM |
410 | EXT_RETURN tls_construct_ctos_renegotiate(SSL_CONNECTION *s, WPACKET *pkt, |
411 | unsigned int context, | |
412 | X509 *x, size_t chainidx); | |
413 | EXT_RETURN tls_construct_ctos_server_name(SSL_CONNECTION *s, WPACKET *pkt, | |
414 | unsigned int context, | |
415 | X509 *x, size_t chainidx); | |
416 | EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL_CONNECTION *s, WPACKET *pkt, | |
417 | unsigned int context, | |
f63a17d6 | 418 | X509 *x, size_t chainidx); |
ab83e314 | 419 | #ifndef OPENSSL_NO_SRP |
38b051a1 TM |
420 | EXT_RETURN tls_construct_ctos_srp(SSL_CONNECTION *s, WPACKET *pkt, |
421 | unsigned int context, X509 *x, | |
422 | size_t chainidx); | |
ab83e314 | 423 | #endif |
38b051a1 | 424 | EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 425 | unsigned int context, X509 *x, |
f63a17d6 | 426 | size_t chainidx); |
38b051a1 | 427 | EXT_RETURN tls_construct_ctos_supported_groups(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 428 | unsigned int context, X509 *x, |
f63a17d6 | 429 | size_t chainidx); |
dbc6268f | 430 | |
38b051a1 | 431 | EXT_RETURN tls_construct_ctos_early_data(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 432 | unsigned int context, X509 *x, |
f63a17d6 | 433 | size_t chainidx); |
38b051a1 | 434 | EXT_RETURN tls_construct_ctos_session_ticket(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 435 | unsigned int context, X509 *x, |
f63a17d6 | 436 | size_t chainidx); |
38b051a1 | 437 | EXT_RETURN tls_construct_ctos_sig_algs(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 438 | unsigned int context, X509 *x, |
f63a17d6 | 439 | size_t chainidx); |
ab83e314 | 440 | #ifndef OPENSSL_NO_OCSP |
38b051a1 | 441 | EXT_RETURN tls_construct_ctos_status_request(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 442 | unsigned int context, X509 *x, |
f63a17d6 | 443 | size_t chainidx); |
ab83e314 MC |
444 | #endif |
445 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
38b051a1 TM |
446 | EXT_RETURN tls_construct_ctos_npn(SSL_CONNECTION *s, WPACKET *pkt, |
447 | unsigned int context, | |
f63a17d6 | 448 | X509 *x, size_t chainidx); |
ab83e314 | 449 | #endif |
38b051a1 TM |
450 | EXT_RETURN tls_construct_ctos_alpn(SSL_CONNECTION *s, WPACKET *pkt, |
451 | unsigned int context, | |
f63a17d6 | 452 | X509 *x, size_t chainidx); |
ab83e314 | 453 | #ifndef OPENSSL_NO_SRTP |
38b051a1 TM |
454 | EXT_RETURN tls_construct_ctos_use_srtp(SSL_CONNECTION *s, WPACKET *pkt, |
455 | unsigned int context, | |
f63a17d6 | 456 | X509 *x, size_t chainidx); |
ab83e314 | 457 | #endif |
38b051a1 TM |
458 | EXT_RETURN tls_construct_ctos_etm(SSL_CONNECTION *s, WPACKET *pkt, |
459 | unsigned int context, | |
f63a17d6 | 460 | X509 *x, size_t chainidx); |
ab83e314 | 461 | #ifndef OPENSSL_NO_CT |
38b051a1 TM |
462 | EXT_RETURN tls_construct_ctos_sct(SSL_CONNECTION *s, WPACKET *pkt, |
463 | unsigned int context, | |
f63a17d6 | 464 | X509 *x, size_t chainidx); |
ab83e314 | 465 | #endif |
38b051a1 TM |
466 | EXT_RETURN tls_construct_ctos_ems(SSL_CONNECTION *s, WPACKET *pkt, |
467 | unsigned int context, | |
f63a17d6 | 468 | X509 *x, size_t chainidx); |
38b051a1 | 469 | EXT_RETURN tls_construct_ctos_supported_versions(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 470 | unsigned int context, X509 *x, |
f63a17d6 | 471 | size_t chainidx); |
38b051a1 | 472 | EXT_RETURN tls_construct_ctos_key_share(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 473 | unsigned int context, X509 *x, |
f63a17d6 | 474 | size_t chainidx); |
38b051a1 | 475 | EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 476 | unsigned int context, X509 *x, |
f63a17d6 | 477 | size_t chainidx); |
38b051a1 TM |
478 | EXT_RETURN tls_construct_ctos_cookie(SSL_CONNECTION *s, WPACKET *pkt, |
479 | unsigned int context, | |
f63a17d6 | 480 | X509 *x, size_t chainidx); |
38b051a1 | 481 | EXT_RETURN tls_construct_ctos_padding(SSL_CONNECTION *s, WPACKET *pkt, |
b186a592 | 482 | unsigned int context, X509 *x, |
f63a17d6 | 483 | size_t chainidx); |
38b051a1 TM |
484 | EXT_RETURN tls_construct_ctos_psk(SSL_CONNECTION *s, WPACKET *pkt, |
485 | unsigned int context, | |
f63a17d6 | 486 | X509 *x, size_t chainidx); |
38b051a1 TM |
487 | EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL_CONNECTION *s, WPACKET *pkt, |
488 | unsigned int context, | |
9d75dce3 TS |
489 | X509 *x, size_t chainidx); |
490 | ||
38b051a1 TM |
491 | int tls_parse_stoc_renegotiate(SSL_CONNECTION *s, PACKET *pkt, |
492 | unsigned int context, | |
f63a17d6 | 493 | X509 *x, size_t chainidx); |
38b051a1 TM |
494 | int tls_parse_stoc_server_name(SSL_CONNECTION *s, PACKET *pkt, |
495 | unsigned int context, | |
f63a17d6 | 496 | X509 *x, size_t chainidx); |
38b051a1 TM |
497 | int tls_parse_stoc_early_data(SSL_CONNECTION *s, PACKET *pkt, |
498 | unsigned int context, | |
f63a17d6 | 499 | X509 *x, size_t chainidx); |
38b051a1 TM |
500 | int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt, |
501 | unsigned int context, | |
f63a17d6 | 502 | X509 *x, size_t chainidx); |
38b051a1 TM |
503 | int tls_parse_stoc_ec_pt_formats(SSL_CONNECTION *s, PACKET *pkt, |
504 | unsigned int context, | |
f63a17d6 | 505 | X509 *x, size_t chainidx); |
38b051a1 TM |
506 | int tls_parse_stoc_session_ticket(SSL_CONNECTION *s, PACKET *pkt, |
507 | unsigned int context, | |
f63a17d6 | 508 | X509 *x, size_t chainidx); |
ab83e314 | 509 | #ifndef OPENSSL_NO_OCSP |
38b051a1 TM |
510 | int tls_parse_stoc_status_request(SSL_CONNECTION *s, PACKET *pkt, |
511 | unsigned int context, | |
f63a17d6 | 512 | X509 *x, size_t chainidx); |
ab83e314 | 513 | #endif |
6dd083fd | 514 | #ifndef OPENSSL_NO_CT |
38b051a1 TM |
515 | int tls_parse_stoc_sct(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
516 | X509 *x, size_t chainidx); | |
6dd083fd MC |
517 | #endif |
518 | #ifndef OPENSSL_NO_NEXTPROTONEG | |
38b051a1 TM |
519 | int tls_parse_stoc_npn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
520 | X509 *x, size_t chainidx); | |
6dd083fd | 521 | #endif |
38b051a1 TM |
522 | int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
523 | X509 *x, size_t chainidx); | |
6dd083fd | 524 | #ifndef OPENSSL_NO_SRTP |
38b051a1 TM |
525 | int tls_parse_stoc_use_srtp(SSL_CONNECTION *s, PACKET *pkt, |
526 | unsigned int context, X509 *x, size_t chainidx); | |
6dd083fd | 527 | #endif |
38b051a1 TM |
528 | int tls_parse_stoc_etm(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, |
529 | X509 *x, size_t chainidx); | |
530 | int tls_parse_stoc_ems(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
531 | X509 *x, size_t chainidx); | |
532 | int tls_parse_stoc_supported_versions(SSL_CONNECTION *s, PACKET *pkt, | |
533 | unsigned int context, | |
88050dd1 | 534 | X509 *x, size_t chainidx); |
38b051a1 TM |
535 | int tls_parse_stoc_key_share(SSL_CONNECTION *s, PACKET *pkt, |
536 | unsigned int context, X509 *x, size_t chainidx); | |
537 | int tls_parse_stoc_cookie(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
538 | X509 *x, size_t chainidx); | |
539 | int tls_parse_stoc_psk(SSL_CONNECTION *s, PACKET *pkt, unsigned int context, | |
540 | X509 *x, size_t chainidx); | |
630369d9 | 541 | |
38b051a1 | 542 | int tls_handle_alpn(SSL_CONNECTION *s); |
9d75dce3 | 543 | |
38b051a1 TM |
544 | int tls13_save_handshake_digest_for_pha(SSL_CONNECTION *s); |
545 | int tls13_restore_handshake_digest_for_pha(SSL_CONNECTION *s); | |
3c95ef22 TS |
546 | |
547 | __owur EVP_PKEY* tls_get_peer_pkey(const SSL_CONNECTION *sc); | |
548 | /* RFC7250 */ | |
549 | EXT_RETURN tls_construct_ctos_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, | |
550 | unsigned int context, | |
551 | X509 *x, size_t chainidx); | |
552 | EXT_RETURN tls_construct_stoc_client_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, | |
553 | unsigned int context, | |
554 | X509 *x, size_t chainidx); | |
555 | int tls_parse_ctos_client_cert_type(SSL_CONNECTION *sc, PACKET *pkt, | |
556 | unsigned int context, | |
557 | X509 *x, size_t chainidx); | |
558 | int tls_parse_stoc_client_cert_type(SSL_CONNECTION *sc, PACKET *pkt, | |
559 | unsigned int context, | |
560 | X509 *x, size_t chainidx); | |
561 | EXT_RETURN tls_construct_ctos_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, | |
562 | unsigned int context, | |
563 | X509 *x, size_t chainidx); | |
564 | EXT_RETURN tls_construct_stoc_server_cert_type(SSL_CONNECTION *sc, WPACKET *pkt, | |
565 | unsigned int context, | |
566 | X509 *x, size_t chainidx); | |
567 | int tls_parse_ctos_server_cert_type(SSL_CONNECTION *sc, PACKET *pkt, | |
568 | unsigned int context, | |
569 | X509 *x, size_t chainidx); | |
570 | int tls_parse_stoc_server_cert_type(SSL_CONNECTION *s, PACKET *pkt, | |
571 | unsigned int context, | |
572 | X509 *x, size_t chainidx); |