Make tlsext_*_{build,needs,parse}() functions static

None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly. ok jsing
author: tb <> 2022-08-04 09:27:36 +0000
committer: tb <> 2022-08-04 09:27:36 +0000
commit: a65f4608fab82ca1a01fdae059ee762cb1626d69 (patch)
tree: 49cf56f0876a731f8625f44fad25bc2952a561ae /src
parent: 28e3b1222b3ca2332b57eabdb44e9133d6907f97 (diff)
download: openbsd-a65f4608fab82ca1a01fdae059ee762cb1626d69.tar.gz
openbsd-a65f4608fab82ca1a01fdae059ee762cb1626d69.tar.bz2
openbsd-a65f4608fab82ca1a01fdae059ee762cb1626d69.zip
2 files changed, 94 insertions, 217 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 033608e03e..f417f59b8e 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.127 2022/07/24 10:52:51 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.128 2022/08/04 09:27:36 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -36,7 +36,7 @@
 * Supported Application-Layer Protocol Negotiation - RFC 7301
 */
-int
+static int
 tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)
 {
        /* ALPN protos have been specified and this is the initial handshake */
@@ -44,7 +44,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)
            s->s3->hs.finished_len == 0;
 }
-int
+static int
 tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB protolist;
@@ -83,7 +83,7 @@ tlsext_alpn_check_format(CBS *cbs)
        return 1;
 }
-int
+static int
 tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
 {
        CBS alpn;
@@ -134,13 +134,13 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
        return 0;
 }
-int
+static int
 tlsext_alpn_server_needs(SSL *s, uint16_t msg_type)
 {
        return s->s3->alpn_selected != NULL;
 }
-int
+static int
 tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB list, selected;
@@ -161,7 +161,7 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS list, proto;
@@ -191,14 +191,14 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 /*
 * Supported Groups - RFC 7919 section 2
 */
-int
+static int
 tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type)
 {
        return ssl_has_ecc_ciphers(s) ||
            (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
 }
-int
+static int
 tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        const uint16_t *groups;
@@ -228,7 +228,7 @@ tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert)
 {
@@ -289,19 +289,19 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
 }
 /* This extension is never used by the server. */
-int
+static int
 tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type)
 {
        return 0;
 }
-int
+static int
 tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        return 0;
 }
-int
+static int
 tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert)
 {
@@ -378,37 +378,37 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 1;
 }
-int
+static int
 tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type)
 {
        return ssl_has_ecc_ciphers(s);
 }
-int
+static int
 tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        return tlsext_ecpf_build(s, msg_type, cbb);
 }
-int
+static int
 tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        return tlsext_ecpf_parse(s, msg_type, cbs, alert);
 }
-int
+static int
 tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type)
 {
        return ssl_using_ecc_cipher(s);
 }
-int
+static int
 tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        return tlsext_ecpf_build(s, msg_type, cbb);
 }
-int
+static int
 tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        return tlsext_ecpf_parse(s, msg_type, cbs, alert);
@@ -417,13 +417,13 @@ tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 /*
 * Renegotiation Indication - RFC 5746.
 */
-int
+static int
 tlsext_ri_client_needs(SSL *s, uint16_t msg_type)
 {
        return (s->internal->renegotiate);
 }
-int
+static int
 tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB reneg;
@@ -439,7 +439,7 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS reneg;
@@ -462,14 +462,14 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 1;
 }
-int
+static int
 tlsext_ri_server_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
            s->s3->send_connection_binding);
 }
-int
+static int
 tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB reneg;
@@ -488,7 +488,7 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS reneg, prev_client, prev_server;
@@ -546,13 +546,13 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 /*
 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
 */
-int
+static int
 tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION);
 }
-int
+static int
 tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        uint16_t tls_version = s->s3->hs.negotiated_tls_version;
@@ -571,7 +571,7 @@ tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS sigalgs;
@@ -586,13 +586,13 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 1;
 }
-int
+static int
 tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
 }
-int
+static int
 tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB sigalgs;
@@ -608,7 +608,7 @@ tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS sigalgs;
@@ -629,13 +629,13 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 /*
 * Server Name Indication - RFC 6066, section 3.
 */
-int
+static int
 tlsext_sni_client_needs(SSL *s, uint16_t msg_type)
 {
        return (s->tlsext_hostname != NULL);
 }
-int
+static int
 tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB server_name_list, host_name;
@@ -735,7 +735,7 @@ tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip)
        return 1;
 }
-int
+static int
 tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS server_name_list, host_name;
@@ -816,7 +816,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 0;
 }
-int
+static int
 tlsext_sni_server_needs(SSL *s, uint16_t msg_type)
 {
        if (s->internal->hit)
@@ -825,13 +825,13 @@ tlsext_sni_server_needs(SSL *s, uint16_t msg_type)
        return (s->session->tlsext_hostname != NULL);
 }
-int
+static int
 tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        return 1;
 }
-int
+static int
 tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {
@@ -862,12 +862,11 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 1;
 }
 /*
 * Certificate Status Request - RFC 6066 section 8.
 */
-int
+static int
 tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type)
 {
        if (msg_type != SSL_TLSEXT_MSG_CH)
@@ -876,7 +875,7 @@ tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type)
        return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp);
 }
-int
+static int
 tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB respid_list, respid, exts;
@@ -920,7 +919,7 @@ tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        int alert_desc = SSL_AD_DECODE_ERROR;
@@ -993,7 +992,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return ret;
 }
-int
+static int
 tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)
 {
        if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
@@ -1008,7 +1007,7 @@ tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)
        return s->internal->tlsext_status_expected;
 }
-int
+static int
 tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB ocsp_response;
@@ -1028,7 +1027,7 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        uint8_t status_type;
@@ -1081,7 +1080,7 @@ tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 /*
 * SessionTicket extension - RFC 5077 section 3.2
 */
-int
+static int
 tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)
 {
        /*
@@ -1105,7 +1104,7 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)
        return 1;
 }
-int
+static int
 tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        /*
@@ -1148,7 +1147,7 @@ tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert)
 {
@@ -1170,7 +1169,7 @@ tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
        return 1;
 }
-int
+static int
 tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)
 {
        return (s->internal->tlsext_ticket_expected &&
@@ -1178,14 +1177,14 @@ tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)
            ssl_security_tickets(s));
 }
-int
+static int
 tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        /* Empty ticket */
        return 1;
 }
-int
+static int
 tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert)
 {
@@ -1214,13 +1213,13 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
 #ifndef OPENSSL_NO_SRTP
-int
+static int
 tlsext_srtp_client_needs(SSL *s, uint16_t msg_type)
 {
        return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL;
 }
-int
+static int
 tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB profiles, mki;
@@ -1257,7 +1256,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        const SRTP_PROTECTION_PROFILE *cprof, *sprof;
@@ -1332,13 +1331,13 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return ret;
 }
-int
+static int
 tlsext_srtp_server_needs(SSL *s, uint16_t msg_type)
 {
        return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL;
 }
-int
+static int
 tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        SRTP_PROTECTION_PROFILE *profile;
@@ -1362,7 +1361,7 @@ tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
@@ -1415,13 +1414,13 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 /*
 * TLSv1.3 Key Share - RFC 8446 section 4.2.8.
 */
-int
+static int
 tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
 }
-int
+static int
 tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB client_shares, key_exchange;
@@ -1443,7 +1442,7 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS client_shares, key_exchange;
@@ -1495,14 +1494,14 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 1;
 }
-int
+static int
 tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
            tlsext_extension_seen(s, TLSEXT_TYPE_key_share));
 }
-int
+static int
 tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB key_exchange;
@@ -1530,7 +1529,7 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS key_exchange;
@@ -1574,13 +1573,13 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 /*
 * Supported Versions - RFC 8446 section 4.2.1.
 */
-int
+static int
 tlsext_versions_client_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
 }
-int
+static int
 tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        uint16_t max, min;
@@ -1605,7 +1604,7 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS versions;
@@ -1640,19 +1639,19 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 0;
 }
-int
+static int
 tlsext_versions_server_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
 }
-int
+static int
 tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        return CBB_add_u16(cbb, TLS1_3_VERSION);
 }
-int
+static int
 tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        uint16_t selected_version;
@@ -1677,14 +1676,14 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 * Cookie - RFC 8446 section 4.2.2.
 */
-int
+static int
 tlsext_cookie_client_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&
            s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
 }
-int
+static int
 tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB cookie;
@@ -1702,7 +1701,7 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS cookie;
@@ -1728,7 +1727,7 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return 1;
 }
-int
+static int
 tlsext_cookie_server_needs(SSL *s, uint16_t msg_type)
 {
        /*
@@ -1739,7 +1738,7 @@ tlsext_cookie_server_needs(SSL *s, uint16_t msg_type)
            s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
 }
-int
+static int
 tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB cookie;
@@ -1759,7 +1758,7 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        CBS cookie;
@@ -1789,14 +1788,14 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 * Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9.
 */
-int
+static int
 tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type)
 {
        return (s->s3->hs.tls13.use_psk_dhe_ke &&
            s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
 }
-int
+static int
 tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        CBB ke_modes;
@@ -1814,7 +1813,7 @@ tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
        return 1;
 }
-int
+static int
 tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert)
 {
@@ -1835,20 +1834,20 @@ tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
        return 1;
 }
-int
+static int
 tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type)
 {
        /* Servers MUST NOT send this extension. */
        return 0;
 }
-int
+static int
 tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        return 0;
 }
-int
+static int
 tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert)
 {
@@ -1859,37 +1858,37 @@ tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
 * Pre-Shared Key Extension - RFC 8446, 4.2.11
 */
-int
+static int
 tlsext_psk_client_needs(SSL *s, uint16_t msg_type)
 {
        return 0;
 }
-int
+static int
 tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        return 0;
 }
-int
+static int
 tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        return CBS_skip(cbs, CBS_len(cbs));
 }
-int
+static int
 tlsext_psk_server_needs(SSL *s, uint16_t msg_type)
 {
        return 0;
 }
-int
+static int
 tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
 {
        return 0;
 }
-int
+static int
 tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 {
        return CBS_skip(cbs, CBS_len(cbs));
@@ -1899,13 +1898,13 @@ tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 * QUIC transport parameters extension - RFC 9001 section 8.2.
 */
-int
+static int
 tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
 {
        return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
 }
-int
+static int
 tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
    CBB *cbb)
 {
@@ -1916,7 +1915,7 @@ tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
        return 1;
 }
-int
+static int
 tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
    CBS *cbs, int *alert)
 {
@@ -1934,13 +1933,13 @@ tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
        return 1;
 }
-int
+static int
 tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
 {
        return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
 }
-int
+static int
 tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
    CBB *cbb)
 {
@@ -1951,7 +1950,7 @@ tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
        return 1;
 }
-int
+static int
 tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
    CBS *cbs, int *alert)
 {
@@ -2233,7 +2232,7 @@ tlsext_extension_seen(SSL *s, uint16_t type)
        return ((s->s3->hs.extensions_seen & (1 << idx)) != 0);
 }
-static const struct tls_extension_funcs *
+const struct tls_extension_funcs *
 tlsext_funcs(const struct tls_extension *tlsext, int is_server)
 {
        if (is_server)
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 393ee5d90d..7a41c8095d 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.31 2022/07/20 13:35:05 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.32 2022/08/04 09:27:36 tb Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -32,138 +32,16 @@
 __BEGIN_HIDDEN_DECLS
 int tlsext_alpn_check_format(CBS *cbs);
-int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_alpn_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_ri_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_ri_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_sni_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_sni_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
 int tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip);
-int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-     int *alert);
-int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_versions_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_versions_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert);
-int tlsext_psk_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_psk_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-#ifndef OPENSSL_NO_SRTP
-int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-#endif
-int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
-    CBB *cbb);
-int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
-    CBS *cbs, int *alert);
-int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
-    CBB *cbb);
-int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
-    CBS *cbs, int *alert);
 int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
 int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-const struct tls_extension *tls_extension_find(uint16_t, size_t *);
 int tlsext_extension_seen(SSL *s, uint16_t);
 __END_HIDDEN_DECLS
 #endif
author	tb <>	2022-08-04 09:27:36 +0000
committer	tb <>	2022-08-04 09:27:36 +0000
commit	a65f4608fab82ca1a01fdae059ee762cb1626d69 (patch)
tree	49cf56f0876a731f8625f44fad25bc2952a561ae /src
parent	28e3b1222b3ca2332b57eabdb44e9133d6907f97 (diff)
download	openbsd-a65f4608fab82ca1a01fdae059ee762cb1626d69.tar.gz openbsd-a65f4608fab82ca1a01fdae059ee762cb1626d69.tar.bz2 openbsd-a65f4608fab82ca1a01fdae059ee762cb1626d69.zip