summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_tlsext.h
diff options
context:
space:
mode:
authorjsing <>2019-01-18 00:54:42 +0000
committerjsing <>2019-01-18 00:54:42 +0000
commit66af95e693522ba3868191014eaca1fa0a95176d (patch)
treebcaae6c0e0f49e2bff1aa790059cf07ac8b504e5 /src/lib/libssl/ssl_tlsext.h
parent154e80a0b5a0c3c4a9d3390a220e96f0f8c36aab (diff)
downloadopenbsd-66af95e693522ba3868191014eaca1fa0a95176d.tar.gz
openbsd-66af95e693522ba3868191014eaca1fa0a95176d.tar.bz2
openbsd-66af95e693522ba3868191014eaca1fa0a95176d.zip
Rename TLS extension handling to use less "hello".
When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client. Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means: clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse ok beck@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_tlsext.h')
-rw-r--r--src/lib/libssl/ssl_tlsext.h141
1 files changed, 75 insertions, 66 deletions
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index b6108ea45a..e5c1628c98 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.h,v 1.14 2018/11/09 03:17:24 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.h,v 1.15 2019/01/18 00:54:42 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -19,78 +19,87 @@
19#ifndef HEADER_SSL_TLSEXT_H 19#ifndef HEADER_SSL_TLSEXT_H
20#define HEADER_SSL_TLSEXT_H 20#define HEADER_SSL_TLSEXT_H
21 21
22/* TLSv1.3 - RFC 8446 Section 4.2. */
23#define SSL_TLSEXT_MSG_CH 0x0001 /* ClientHello */
24#define SSL_TLSEXT_MSG_SH 0x0002 /* ServerHello */
25#define SSL_TLSEXT_MSG_EE 0x0004 /* EncryptedExtension */
26#define SSL_TLSEXT_MSG_CT 0x0008 /* Certificate */
27#define SSL_TLSEXT_MSG_CR 0x0010 /* CertificateRequest */
28#define SSL_TLSEXT_MSG_NST 0x0020 /* NewSessionTicket */
29#define SSL_TLSEXT_MSG_HRR 0x0030 /* HelloRetryRequest */
30
22__BEGIN_HIDDEN_DECLS 31__BEGIN_HIDDEN_DECLS
23 32
24int tlsext_alpn_clienthello_needs(SSL *s); 33int tlsext_alpn_client_needs(SSL *s);
25int tlsext_alpn_clienthello_build(SSL *s, CBB *cbb); 34int tlsext_alpn_client_build(SSL *s, CBB *cbb);
26int tlsext_alpn_clienthello_parse(SSL *s, CBS *cbs, int *alert); 35int tlsext_alpn_client_parse(SSL *s, CBS *cbs, int *alert);
27int tlsext_alpn_serverhello_needs(SSL *s); 36int tlsext_alpn_server_needs(SSL *s);
28int tlsext_alpn_serverhello_build(SSL *s, CBB *cbb); 37int tlsext_alpn_server_build(SSL *s, CBB *cbb);
29int tlsext_alpn_serverhello_parse(SSL *s, CBS *cbs, int *alert); 38int tlsext_alpn_server_parse(SSL *s, CBS *cbs, int *alert);
30 39
31int tlsext_ri_clienthello_needs(SSL *s); 40int tlsext_ri_client_needs(SSL *s);
32int tlsext_ri_clienthello_build(SSL *s, CBB *cbb); 41int tlsext_ri_client_build(SSL *s, CBB *cbb);
33int tlsext_ri_clienthello_parse(SSL *s, CBS *cbs, int *alert); 42int tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert);
34int tlsext_ri_serverhello_needs(SSL *s); 43int tlsext_ri_server_needs(SSL *s);
35int tlsext_ri_serverhello_build(SSL *s, CBB *cbb); 44int tlsext_ri_server_build(SSL *s, CBB *cbb);
36int tlsext_ri_serverhello_parse(SSL *s, CBS *cbs, int *alert); 45int tlsext_ri_server_parse(SSL *s, CBS *cbs, int *alert);
37 46
38int tlsext_sigalgs_clienthello_needs(SSL *s); 47int tlsext_sigalgs_client_needs(SSL *s);
39int tlsext_sigalgs_clienthello_build(SSL *s, CBB *cbb); 48int tlsext_sigalgs_client_build(SSL *s, CBB *cbb);
40int tlsext_sigalgs_clienthello_parse(SSL *s, CBS *cbs, int *alert); 49int tlsext_sigalgs_client_parse(SSL *s, CBS *cbs, int *alert);
41int tlsext_sigalgs_serverhello_needs(SSL *s); 50int tlsext_sigalgs_server_needs(SSL *s);
42int tlsext_sigalgs_serverhello_build(SSL *s, CBB *cbb); 51int tlsext_sigalgs_server_build(SSL *s, CBB *cbb);
43int tlsext_sigalgs_serverhello_parse(SSL *s, CBS *cbs, int *alert); 52int tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert);
44 53
45int tlsext_sni_clienthello_needs(SSL *s); 54int tlsext_sni_client_needs(SSL *s);
46int tlsext_sni_clienthello_build(SSL *s, CBB *cbb); 55int tlsext_sni_client_build(SSL *s, CBB *cbb);
47int tlsext_sni_clienthello_parse(SSL *s, CBS *cbs, int *alert); 56int tlsext_sni_client_parse(SSL *s, CBS *cbs, int *alert);
48int tlsext_sni_serverhello_needs(SSL *s); 57int tlsext_sni_server_needs(SSL *s);
49int tlsext_sni_serverhello_build(SSL *s, CBB *cbb); 58int tlsext_sni_server_build(SSL *s, CBB *cbb);
50int tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert); 59int tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert);
51 60
52int tlsext_supportedgroups_clienthello_needs(SSL *s); 61int tlsext_supportedgroups_client_needs(SSL *s);
53int tlsext_supportedgroups_clienthello_build(SSL *s, CBB *cbb); 62int tlsext_supportedgroups_client_build(SSL *s, CBB *cbb);
54int tlsext_supportedgroups_clienthello_parse(SSL *s, CBS *cbs, int *alert); 63int tlsext_supportedgroups_client_parse(SSL *s, CBS *cbs, int *alert);
55int tlsext_supportedgroups_serverhello_needs(SSL *s); 64int tlsext_supportedgroups_server_needs(SSL *s);
56int tlsext_supportedgroups_serverhello_build(SSL *s, CBB *cbb); 65int tlsext_supportedgroups_server_build(SSL *s, CBB *cbb);
57int tlsext_supportedgroups_serverhello_parse(SSL *s, CBS *cbs, int *alert); 66int tlsext_supportedgroups_server_parse(SSL *s, CBS *cbs, int *alert);
58 67
59int tlsext_ecpf_clienthello_needs(SSL *s); 68int tlsext_ecpf_client_needs(SSL *s);
60int tlsext_ecpf_clienthello_build(SSL *s, CBB *cbb); 69int tlsext_ecpf_client_build(SSL *s, CBB *cbb);
61int tlsext_ecpf_clienthello_parse(SSL *s, CBS *cbs, int *alert); 70int tlsext_ecpf_client_parse(SSL *s, CBS *cbs, int *alert);
62int tlsext_ecpf_serverhello_needs(SSL *s); 71int tlsext_ecpf_server_needs(SSL *s);
63int tlsext_ecpf_serverhello_build(SSL *s, CBB *cbb); 72int tlsext_ecpf_server_build(SSL *s, CBB *cbb);
64int tlsext_ecpf_serverhello_parse(SSL *s, CBS *cbs, int *alert); 73int tlsext_ecpf_server_parse(SSL *s, CBS *cbs, int *alert);
65 74
66int tlsext_ocsp_clienthello_needs(SSL *s); 75int tlsext_ocsp_client_needs(SSL *s);
67int tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb); 76int tlsext_ocsp_client_build(SSL *s, CBB *cbb);
68int tlsext_ocsp_clienthello_parse(SSL *s, CBS *cbs, int *alert); 77int tlsext_ocsp_client_parse(SSL *s, CBS *cbs, int *alert);
69int tlsext_ocsp_serverhello_needs(SSL *s); 78int tlsext_ocsp_server_needs(SSL *s);
70int tlsext_ocsp_serverhello_build(SSL *s, CBB *cbb); 79int tlsext_ocsp_server_build(SSL *s, CBB *cbb);
71int tlsext_ocsp_serverhello_parse(SSL *s, CBS *cbs, int *alert); 80int tlsext_ocsp_server_parse(SSL *s, CBS *cbs, int *alert);
72 81
73int tlsext_sessionticket_clienthello_needs(SSL *s); 82int tlsext_sessionticket_client_needs(SSL *s);
74int tlsext_sessionticket_clienthello_build(SSL *s, CBB *cbb); 83int tlsext_sessionticket_client_build(SSL *s, CBB *cbb);
75int tlsext_sessionticket_clienthello_parse(SSL *s, CBS *cbs, int *alert); 84int tlsext_sessionticket_client_parse(SSL *s, CBS *cbs, int *alert);
76int tlsext_sessionticket_serverhello_needs(SSL *s); 85int tlsext_sessionticket_server_needs(SSL *s);
77int tlsext_sessionticket_serverhello_build(SSL *s, CBB *cbb); 86int tlsext_sessionticket_server_build(SSL *s, CBB *cbb);
78int tlsext_sessionticket_serverhello_parse(SSL *s, CBS *cbs, int *alert); 87int tlsext_sessionticket_server_parse(SSL *s, CBS *cbs, int *alert);
79 88
80#ifndef OPENSSL_NO_SRTP 89#ifndef OPENSSL_NO_SRTP
81int tlsext_srtp_clienthello_needs(SSL *s); 90int tlsext_srtp_client_needs(SSL *s);
82int tlsext_srtp_clienthello_build(SSL *s, CBB *cbb); 91int tlsext_srtp_client_build(SSL *s, CBB *cbb);
83int tlsext_srtp_clienthello_parse(SSL *s, CBS *cbs, int *alert); 92int tlsext_srtp_client_parse(SSL *s, CBS *cbs, int *alert);
84int tlsext_srtp_serverhello_needs(SSL *s); 93int tlsext_srtp_server_needs(SSL *s);
85int tlsext_srtp_serverhello_build(SSL *s, CBB *cbb); 94int tlsext_srtp_server_build(SSL *s, CBB *cbb);
86int tlsext_srtp_serverhello_parse(SSL *s, CBS *cbs, int *alert); 95int tlsext_srtp_server_parse(SSL *s, CBS *cbs, int *alert);
87#endif 96#endif
88 97
89int tlsext_clienthello_build(SSL *s, CBB *cbb); 98int tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type);
90int tlsext_clienthello_parse(SSL *s, CBS *cbs, int *alert); 99int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
91 100
92int tlsext_serverhello_build(SSL *s, CBB *cbb); 101int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type);
93int tlsext_serverhello_parse(SSL *s, CBS *cbs, int *alert); 102int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
94 103
95__END_HIDDEN_DECLS 104__END_HIDDEN_DECLS
96 105
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 12:27:18 +0000