summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_tlsext.h
diff options
context:
space:
mode:
authortb <>2020-07-03 04:51:59 +0000
committertb <>2020-07-03 04:51:59 +0000
commit3bdf1d142785d4eeff0cb42832ae293d224cee7a (patch)
tree238426180d2f295ca9e775611e0c201ee369a042 /src/lib/libssl/ssl_tlsext.h
parentdd32aaf237307de264cbc196e8825704c22c9b9e (diff)
downloadopenbsd-3bdf1d142785d4eeff0cb42832ae293d224cee7a.tar.gz
openbsd-3bdf1d142785d4eeff0cb42832ae293d224cee7a.tar.bz2
openbsd-3bdf1d142785d4eeff0cb42832ae293d224cee7a.zip
Make the message type available to the extension functions
Some TLS extensions need to be treated differently depending on the handshake message they appear in. Over time, various workarounds and hacks were used to deal with the unavailability of the message type in these functions, but this is getting fragile and unwieldy. Having the message type available will enable us to clean this code up and will allow simple fixes for a number of bugs in our handling of the status_request extension reported by Michael Forney. This approach was suggested a while ago by jsing. ok beck jsing
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.h')
-rw-r--r--src/lib/libssl/ssl_tlsext.h174
1 files changed, 92 insertions, 82 deletions
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index e2aafa7815..d98b387c5f 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.h,v 1.24 2020/07/03 04:12:51 tb Exp $ */ 1/* $OpenBSD: ssl_tlsext.h,v 1.25 2020/07/03 04:51:59 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -31,91 +31,101 @@
31 31
32__BEGIN_HIDDEN_DECLS 32__BEGIN_HIDDEN_DECLS
33 33
34int tlsext_alpn_client_needs(SSL *s); 34int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type);
35int tlsext_alpn_client_build(SSL *s, CBB *cbb); 35int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
36int tlsext_alpn_client_parse(SSL *s, CBS *cbs, int *alert); 36int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
37int tlsext_alpn_server_needs(SSL *s); 37int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type);
38int tlsext_alpn_server_build(SSL *s, CBB *cbb); 38int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
39int tlsext_alpn_server_parse(SSL *s, CBS *cbs, int *alert); 39int tlsext_alpn_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
40 40
41int tlsext_ri_client_needs(SSL *s); 41int tlsext_ri_client_needs(SSL *s, uint16_t msg_type);
42int tlsext_ri_client_build(SSL *s, CBB *cbb); 42int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
43int tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert); 43int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
44int tlsext_ri_server_needs(SSL *s); 44int tlsext_ri_server_needs(SSL *s, uint16_t msg_type);
45int tlsext_ri_server_build(SSL *s, CBB *cbb); 45int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
46int tlsext_ri_server_parse(SSL *s, CBS *cbs, int *alert); 46int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
47 47
48int tlsext_sigalgs_client_needs(SSL *s); 48int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type);
49int tlsext_sigalgs_client_build(SSL *s, CBB *cbb); 49int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
50int tlsext_sigalgs_client_parse(SSL *s, CBS *cbs, int *alert); 50int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
51int tlsext_sigalgs_server_needs(SSL *s); 51 int *alert);
52int tlsext_sigalgs_server_build(SSL *s, CBB *cbb); 52int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type);
53int tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert); 53int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
54 54int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
55int tlsext_sni_client_needs(SSL *s); 55 int *alert);
56int tlsext_sni_client_build(SSL *s, CBB *cbb); 56
57int tlsext_sni_client_parse(SSL *s, CBS *cbs, int *alert); 57int tlsext_sni_client_needs(SSL *s, uint16_t msg_type);
58int tlsext_sni_server_needs(SSL *s); 58int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
59int tlsext_sni_server_build(SSL *s, CBB *cbb); 59int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
60int tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert); 60int tlsext_sni_server_needs(SSL *s, uint16_t msg_type);
61int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
62int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
61int tlsext_sni_is_valid_hostname(CBS *cbs); 63int tlsext_sni_is_valid_hostname(CBS *cbs);
62 64
63int tlsext_supportedgroups_client_needs(SSL *s); 65int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type);
64int tlsext_supportedgroups_client_build(SSL *s, CBB *cbb); 66int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
65int tlsext_supportedgroups_client_parse(SSL *s, CBS *cbs, int *alert); 67int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
66int tlsext_supportedgroups_server_needs(SSL *s); 68 int *alert);
67int tlsext_supportedgroups_server_build(SSL *s, CBB *cbb); 69int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type);
68int tlsext_supportedgroups_server_parse(SSL *s, CBS *cbs, int *alert); 70int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
69 71int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
70int tlsext_ecpf_client_needs(SSL *s); 72 int *alert);
71int tlsext_ecpf_client_build(SSL *s, CBB *cbb); 73
72int tlsext_ecpf_client_parse(SSL *s, CBS *cbs, int *alert); 74int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type);
73int tlsext_ecpf_server_needs(SSL *s); 75int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
74int tlsext_ecpf_server_build(SSL *s, CBB *cbb); 76int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
75int tlsext_ecpf_server_parse(SSL *s, CBS *cbs, int *alert); 77int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type);
76 78int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
77int tlsext_ocsp_client_needs(SSL *s); 79int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
78int tlsext_ocsp_client_build(SSL *s, CBB *cbb); 80
79int tlsext_ocsp_client_parse(SSL *s, CBS *cbs, int *alert); 81int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type);
80int tlsext_ocsp_server_needs(SSL *s); 82int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
81int tlsext_ocsp_server_build(SSL *s, CBB *cbb); 83int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
82int tlsext_ocsp_server_parse(SSL *s, CBS *cbs, int *alert); 84int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type);
83 85int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
84int tlsext_sessionticket_client_needs(SSL *s); 86int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
85int tlsext_sessionticket_client_build(SSL *s, CBB *cbb); 87
86int tlsext_sessionticket_client_parse(SSL *s, CBS *cbs, int *alert); 88int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type);
87int tlsext_sessionticket_server_needs(SSL *s); 89int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
88int tlsext_sessionticket_server_build(SSL *s, CBB *cbb); 90int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
89int tlsext_sessionticket_server_parse(SSL *s, CBS *cbs, int *alert); 91 int *alert);
90 92int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type);
91int tlsext_versions_client_needs(SSL *s); 93int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
92int tlsext_versions_client_build(SSL *s, CBB *cbb); 94int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
93int tlsext_versions_client_parse(SSL *s, CBS *cbs, int *alert); 95 int *alert);
94int tlsext_versions_server_needs(SSL *s); 96
95int tlsext_versions_server_build(SSL *s, CBB *cbb); 97int tlsext_versions_client_needs(SSL *s, uint16_t msg_type);
96int tlsext_versions_server_parse(SSL *s, CBS *cbs, int *alert); 98int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
97 99int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
98int tlsext_keyshare_client_needs(SSL *s); 100 int *alert);
99int tlsext_keyshare_client_build(SSL *s, CBB *cbb); 101int tlsext_versions_server_needs(SSL *s, uint16_t msg_type);
100int tlsext_keyshare_client_parse(SSL *s, CBS *cbs, int *alert); 102int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
101int tlsext_keyshare_server_needs(SSL *s); 103int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
102int tlsext_keyshare_server_build(SSL *s, CBB *cbb); 104 int *alert);
103int tlsext_keyshare_server_parse(SSL *s, CBS *cbs, int *alert); 105
104 106int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type);
105int tlsext_cookie_client_needs(SSL *s); 107int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
106int tlsext_cookie_client_build(SSL *s, CBB *cbb); 108int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
107int tlsext_cookie_client_parse(SSL *s, CBS *cbs, int *alert); 109 int *alert);
108int tlsext_cookie_server_needs(SSL *s); 110int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type);
109int tlsext_cookie_server_build(SSL *s, CBB *cbb); 111int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
110int tlsext_cookie_server_parse(SSL *s, CBS *cbs, int *alert); 112int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
113 int *alert);
114
115int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type);
116int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
117int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
118int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type);
119int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
120int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
111 121
112#ifndef OPENSSL_NO_SRTP 122#ifndef OPENSSL_NO_SRTP
113int tlsext_srtp_client_needs(SSL *s); 123int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);
114int tlsext_srtp_client_build(SSL *s, CBB *cbb); 124int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
115int tlsext_srtp_client_parse(SSL *s, CBS *cbs, int *alert); 125int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
116int tlsext_srtp_server_needs(SSL *s); 126int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type);
117int tlsext_srtp_server_build(SSL *s, CBB *cbb); 127int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
118int tlsext_srtp_server_parse(SSL *s, CBS *cbs, int *alert); 128int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
119#endif 129#endif
120 130
121int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb); 131int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 12:30:36 +0000