1 files changed, 75 insertions, 66 deletions
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index b6108ea45a..e5c1628c98 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.14 2018/11/09 03:17:24 jsing Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.15 2019/01/18 00:54:42 jsing Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -19,78 +19,87 @@
 #ifndef HEADER_SSL_TLSEXT_H
 #define HEADER_SSL_TLSEXT_H
+/* TLSv1.3 - RFC 8446 Section 4.2. */
+#define SSL_TLSEXT_MSG_CH       0x0001  /* ClientHello */
+#define SSL_TLSEXT_MSG_SH       0x0002  /* ServerHello */
+#define SSL_TLSEXT_MSG_EE       0x0004  /* EncryptedExtension */
+#define SSL_TLSEXT_MSG_CT       0x0008  /* Certificate */
+#define SSL_TLSEXT_MSG_CR       0x0010  /* CertificateRequest */
+#define SSL_TLSEXT_MSG_NST      0x0020  /* NewSessionTicket */
+#define SSL_TLSEXT_MSG_HRR      0x0030  /* HelloRetryRequest */
 __BEGIN_HIDDEN_DECLS
-int tlsext_alpn_clienthello_needs(SSL *s);
+int tlsext_alpn_client_needs(SSL *s);
-int tlsext_alpn_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_alpn_client_build(SSL *s, CBB *cbb);
-int tlsext_alpn_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_alpn_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_alpn_serverhello_needs(SSL *s);
+int tlsext_alpn_server_needs(SSL *s);
-int tlsext_alpn_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_alpn_server_build(SSL *s, CBB *cbb);
-int tlsext_alpn_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_alpn_server_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ri_clienthello_needs(SSL *s);
+int tlsext_ri_client_needs(SSL *s);
-int tlsext_ri_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_ri_client_build(SSL *s, CBB *cbb);
-int tlsext_ri_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_ri_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ri_serverhello_needs(SSL *s);
+int tlsext_ri_server_needs(SSL *s);
-int tlsext_ri_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_ri_server_build(SSL *s, CBB *cbb);
-int tlsext_ri_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_ri_server_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_sigalgs_clienthello_needs(SSL *s);
+int tlsext_sigalgs_client_needs(SSL *s);
-int tlsext_sigalgs_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_sigalgs_client_build(SSL *s, CBB *cbb);
-int tlsext_sigalgs_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sigalgs_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_sigalgs_serverhello_needs(SSL *s);
+int tlsext_sigalgs_server_needs(SSL *s);
-int tlsext_sigalgs_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_sigalgs_server_build(SSL *s, CBB *cbb);
-int tlsext_sigalgs_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sigalgs_server_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_sni_clienthello_needs(SSL *s);
+int tlsext_sni_client_needs(SSL *s);
-int tlsext_sni_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_sni_client_build(SSL *s, CBB *cbb);
-int tlsext_sni_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sni_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_sni_serverhello_needs(SSL *s);
+int tlsext_sni_server_needs(SSL *s);
-int tlsext_sni_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_sni_server_build(SSL *s, CBB *cbb);
-int tlsext_sni_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sni_server_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_supportedgroups_clienthello_needs(SSL *s);
+int tlsext_supportedgroups_client_needs(SSL *s);
-int tlsext_supportedgroups_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_supportedgroups_client_build(SSL *s, CBB *cbb);
-int tlsext_supportedgroups_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_supportedgroups_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_supportedgroups_serverhello_needs(SSL *s);
+int tlsext_supportedgroups_server_needs(SSL *s);
-int tlsext_supportedgroups_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_supportedgroups_server_build(SSL *s, CBB *cbb);
-int tlsext_supportedgroups_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_supportedgroups_server_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ecpf_clienthello_needs(SSL *s);
+int tlsext_ecpf_client_needs(SSL *s);
-int tlsext_ecpf_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_ecpf_client_build(SSL *s, CBB *cbb);
-int tlsext_ecpf_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_ecpf_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ecpf_serverhello_needs(SSL *s);
+int tlsext_ecpf_server_needs(SSL *s);
-int tlsext_ecpf_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_ecpf_server_build(SSL *s, CBB *cbb);
-int tlsext_ecpf_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_ecpf_server_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ocsp_clienthello_needs(SSL *s);
+int tlsext_ocsp_client_needs(SSL *s);
-int tlsext_ocsp_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_ocsp_client_build(SSL *s, CBB *cbb);
-int tlsext_ocsp_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_ocsp_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_ocsp_serverhello_needs(SSL *s);
+int tlsext_ocsp_server_needs(SSL *s);
-int tlsext_ocsp_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_ocsp_server_build(SSL *s, CBB *cbb);
-int tlsext_ocsp_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_ocsp_server_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_sessionticket_clienthello_needs(SSL *s);
+int tlsext_sessionticket_client_needs(SSL *s);
-int tlsext_sessionticket_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_sessionticket_client_build(SSL *s, CBB *cbb);
-int tlsext_sessionticket_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sessionticket_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_sessionticket_serverhello_needs(SSL *s);
+int tlsext_sessionticket_server_needs(SSL *s);
-int tlsext_sessionticket_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_sessionticket_server_build(SSL *s, CBB *cbb);
-int tlsext_sessionticket_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_sessionticket_server_parse(SSL *s, CBS *cbs, int *alert);
 #ifndef OPENSSL_NO_SRTP
-int tlsext_srtp_clienthello_needs(SSL *s);
+int tlsext_srtp_client_needs(SSL *s);
-int tlsext_srtp_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_srtp_client_build(SSL *s, CBB *cbb);
-int tlsext_srtp_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_srtp_client_parse(SSL *s, CBS *cbs, int *alert);
-int tlsext_srtp_serverhello_needs(SSL *s);
+int tlsext_srtp_server_needs(SSL *s);
-int tlsext_srtp_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_srtp_server_build(SSL *s, CBB *cbb);
-int tlsext_srtp_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_srtp_server_parse(SSL *s, CBS *cbs, int *alert);
 #endif
-int tlsext_clienthello_build(SSL *s, CBB *cbb);
+int tlsext_client_build(SSL *s, CBB *cbb, uint16_t msg_type);
-int tlsext_clienthello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_client_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
-int tlsext_serverhello_build(SSL *s, CBB *cbb);
+int tlsext_server_build(SSL *s, CBB *cbb, uint16_t msg_type);
-int tlsext_serverhello_parse(SSL *s, CBS *cbs, int *alert);
+int tlsext_server_parse(SSL *s, CBS *cbs, int *alert, uint16_t msg_type);
 __END_HIDDEN_DECLS

diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index b6108ea45a..e5c1628c98 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.14 2018/11/09 03:17:24 jsing Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.15 2019/01/18 00:54:42 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -19,78 +19,87 @@
19	#ifndef HEADER_SSL_TLSEXT_H	19	#ifndef HEADER_SSL_TLSEXT_H
20	#define HEADER_SSL_TLSEXT_H	20	#define HEADER_SSL_TLSEXT_H
21		21
		22	/* TLSv1.3 - RFC 8446 Section 4.2. */
		23	#define SSL_TLSEXT_MSG_CH 0x0001 /* ClientHello */
		24	#define SSL_TLSEXT_MSG_SH 0x0002 /* ServerHello */
		25	#define SSL_TLSEXT_MSG_EE 0x0004 /* EncryptedExtension */
		26	#define SSL_TLSEXT_MSG_CT 0x0008 /* Certificate */
		27	#define SSL_TLSEXT_MSG_CR 0x0010 /* CertificateRequest */
		28	#define SSL_TLSEXT_MSG_NST 0x0020 /* NewSessionTicket */
		29	#define SSL_TLSEXT_MSG_HRR 0x0030 /* HelloRetryRequest */
		30
22	__BEGIN_HIDDEN_DECLS	31	__BEGIN_HIDDEN_DECLS
23		32
24	int tlsext_alpn_clienthello_needs(SSL *s);	33	int tlsext_alpn_client_needs(SSL *s);
25	int tlsext_alpn_clienthello_build(SSL s, CBB cbb);	34	int tlsext_alpn_client_build(SSL s, CBB cbb);
26	int tlsext_alpn_clienthello_parse(SSL s, CBS cbs, int *alert);	35	int tlsext_alpn_client_parse(SSL s, CBS cbs, int *alert);
27	int tlsext_alpn_serverhello_needs(SSL *s);	36	int tlsext_alpn_server_needs(SSL *s);
28	int tlsext_alpn_serverhello_build(SSL s, CBB cbb);	37	int tlsext_alpn_server_build(SSL s, CBB cbb);
29	int tlsext_alpn_serverhello_parse(SSL s, CBS cbs, int *alert);	38	int tlsext_alpn_server_parse(SSL s, CBS cbs, int *alert);
30		39
31	int tlsext_ri_clienthello_needs(SSL *s);	40	int tlsext_ri_client_needs(SSL *s);
32	int tlsext_ri_clienthello_build(SSL s, CBB cbb);	41	int tlsext_ri_client_build(SSL s, CBB cbb);
33	int tlsext_ri_clienthello_parse(SSL s, CBS cbs, int *alert);	42	int tlsext_ri_client_parse(SSL s, CBS cbs, int *alert);
34	int tlsext_ri_serverhello_needs(SSL *s);	43	int tlsext_ri_server_needs(SSL *s);
35	int tlsext_ri_serverhello_build(SSL s, CBB cbb);	44	int tlsext_ri_server_build(SSL s, CBB cbb);
36	int tlsext_ri_serverhello_parse(SSL s, CBS cbs, int *alert);	45	int tlsext_ri_server_parse(SSL s, CBS cbs, int *alert);
37		46
38	int tlsext_sigalgs_clienthello_needs(SSL *s);	47	int tlsext_sigalgs_client_needs(SSL *s);
39	int tlsext_sigalgs_clienthello_build(SSL s, CBB cbb);	48	int tlsext_sigalgs_client_build(SSL s, CBB cbb);
40	int tlsext_sigalgs_clienthello_parse(SSL s, CBS cbs, int *alert);	49	int tlsext_sigalgs_client_parse(SSL s, CBS cbs, int *alert);
41	int tlsext_sigalgs_serverhello_needs(SSL *s);	50	int tlsext_sigalgs_server_needs(SSL *s);
42	int tlsext_sigalgs_serverhello_build(SSL s, CBB cbb);	51	int tlsext_sigalgs_server_build(SSL s, CBB cbb);
43	int tlsext_sigalgs_serverhello_parse(SSL s, CBS cbs, int *alert);	52	int tlsext_sigalgs_server_parse(SSL s, CBS cbs, int *alert);
44		53
45	int tlsext_sni_clienthello_needs(SSL *s);	54	int tlsext_sni_client_needs(SSL *s);
46	int tlsext_sni_clienthello_build(SSL s, CBB cbb);	55	int tlsext_sni_client_build(SSL s, CBB cbb);
47	int tlsext_sni_clienthello_parse(SSL s, CBS cbs, int *alert);	56	int tlsext_sni_client_parse(SSL s, CBS cbs, int *alert);
48	int tlsext_sni_serverhello_needs(SSL *s);	57	int tlsext_sni_server_needs(SSL *s);
49	int tlsext_sni_serverhello_build(SSL s, CBB cbb);	58	int tlsext_sni_server_build(SSL s, CBB cbb);
50	int tlsext_sni_serverhello_parse(SSL s, CBS cbs, int *alert);	59	int tlsext_sni_server_parse(SSL s, CBS cbs, int *alert);
51		60
52	int tlsext_supportedgroups_clienthello_needs(SSL *s);	61	int tlsext_supportedgroups_client_needs(SSL *s);
53	int tlsext_supportedgroups_clienthello_build(SSL s, CBB cbb);	62	int tlsext_supportedgroups_client_build(SSL s, CBB cbb);
54	int tlsext_supportedgroups_clienthello_parse(SSL s, CBS cbs, int *alert);	63	int tlsext_supportedgroups_client_parse(SSL s, CBS cbs, int *alert);
55	int tlsext_supportedgroups_serverhello_needs(SSL *s);	64	int tlsext_supportedgroups_server_needs(SSL *s);
56	int tlsext_supportedgroups_serverhello_build(SSL s, CBB cbb);	65	int tlsext_supportedgroups_server_build(SSL s, CBB cbb);
57	int tlsext_supportedgroups_serverhello_parse(SSL s, CBS cbs, int *alert);	66	int tlsext_supportedgroups_server_parse(SSL s, CBS cbs, int *alert);
58		67
59	int tlsext_ecpf_clienthello_needs(SSL *s);	68	int tlsext_ecpf_client_needs(SSL *s);
60	int tlsext_ecpf_clienthello_build(SSL s, CBB cbb);	69	int tlsext_ecpf_client_build(SSL s, CBB cbb);
61	int tlsext_ecpf_clienthello_parse(SSL s, CBS cbs, int *alert);	70	int tlsext_ecpf_client_parse(SSL s, CBS cbs, int *alert);
62	int tlsext_ecpf_serverhello_needs(SSL *s);	71	int tlsext_ecpf_server_needs(SSL *s);
63	int tlsext_ecpf_serverhello_build(SSL s, CBB cbb);	72	int tlsext_ecpf_server_build(SSL s, CBB cbb);
64	int tlsext_ecpf_serverhello_parse(SSL s, CBS cbs, int *alert);	73	int tlsext_ecpf_server_parse(SSL s, CBS cbs, int *alert);
65		74
66	int tlsext_ocsp_clienthello_needs(SSL *s);	75	int tlsext_ocsp_client_needs(SSL *s);
67	int tlsext_ocsp_clienthello_build(SSL s, CBB cbb);	76	int tlsext_ocsp_client_build(SSL s, CBB cbb);
68	int tlsext_ocsp_clienthello_parse(SSL s, CBS cbs, int *alert);	77	int tlsext_ocsp_client_parse(SSL s, CBS cbs, int *alert);
69	int tlsext_ocsp_serverhello_needs(SSL *s);	78	int tlsext_ocsp_server_needs(SSL *s);
70	int tlsext_ocsp_serverhello_build(SSL s, CBB cbb);	79	int tlsext_ocsp_server_build(SSL s, CBB cbb);
71	int tlsext_ocsp_serverhello_parse(SSL s, CBS cbs, int *alert);	80	int tlsext_ocsp_server_parse(SSL s, CBS cbs, int *alert);
72		81
73	int tlsext_sessionticket_clienthello_needs(SSL *s);	82	int tlsext_sessionticket_client_needs(SSL *s);
74	int tlsext_sessionticket_clienthello_build(SSL s, CBB cbb);	83	int tlsext_sessionticket_client_build(SSL s, CBB cbb);
75	int tlsext_sessionticket_clienthello_parse(SSL s, CBS cbs, int *alert);	84	int tlsext_sessionticket_client_parse(SSL s, CBS cbs, int *alert);
76	int tlsext_sessionticket_serverhello_needs(SSL *s);	85	int tlsext_sessionticket_server_needs(SSL *s);
77	int tlsext_sessionticket_serverhello_build(SSL s, CBB cbb);	86	int tlsext_sessionticket_server_build(SSL s, CBB cbb);
78	int tlsext_sessionticket_serverhello_parse(SSL s, CBS cbs, int *alert);	87	int tlsext_sessionticket_server_parse(SSL s, CBS cbs, int *alert);
79		88
80	#ifndef OPENSSL_NO_SRTP	89	#ifndef OPENSSL_NO_SRTP
81	int tlsext_srtp_clienthello_needs(SSL *s);	90	int tlsext_srtp_client_needs(SSL *s);
82	int tlsext_srtp_clienthello_build(SSL s, CBB cbb);	91	int tlsext_srtp_client_build(SSL s, CBB cbb);
83	int tlsext_srtp_clienthello_parse(SSL s, CBS cbs, int *alert);	92	int tlsext_srtp_client_parse(SSL s, CBS cbs, int *alert);
84	int tlsext_srtp_serverhello_needs(SSL *s);	93	int tlsext_srtp_server_needs(SSL *s);
85	int tlsext_srtp_serverhello_build(SSL s, CBB cbb);	94	int tlsext_srtp_server_build(SSL s, CBB cbb);
86	int tlsext_srtp_serverhello_parse(SSL s, CBS cbs, int *alert);	95	int tlsext_srtp_server_parse(SSL s, CBS cbs, int *alert);
87	#endif	96	#endif
88		97
89	int tlsext_clienthello_build(SSL s, CBB cbb);	98	int tlsext_client_build(SSL s, CBB cbb, uint16_t msg_type);
90	int tlsext_clienthello_parse(SSL s, CBS cbs, int *alert);	99	int tlsext_client_parse(SSL s, CBS cbs, int *alert, uint16_t msg_type);
91		100
92	int tlsext_serverhello_build(SSL s, CBB cbb);	101	int tlsext_server_build(SSL s, CBB cbb, uint16_t msg_type);
93	int tlsext_serverhello_parse(SSL s, CBS cbs, int *alert);	102	int tlsext_server_parse(SSL s, CBS cbs, int *alert, uint16_t msg_type);
94		103
95	__END_HIDDEN_DECLS	104	__END_HIDDEN_DECLS
96		105