-/* $OpenBSD: ssl_tlsext.c,v 1.127 2022/07/24 10:52:51 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.128 2022/08/04 09:27:36 tb Exp $ */
/*
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
* Supported Application-Layer Protocol Negotiation - RFC 7301
*/
-int
+static int
tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)
{
/* ALPN protos have been specified and this is the initial handshake */
s->s3->hs.finished_len == 0;
}
-int
+static int
tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB protolist;
return 1;
}
-int
+static int
tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)
{
CBS alpn;
return 0;
}
-int
+static int
tlsext_alpn_server_needs(SSL *s, uint16_t msg_type)
{
return s->s3->alpn_selected != NULL;
}
-int
+static int
tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB list, selected;
return 1;
}
-int
+static int
tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS list, proto;
/*
* Supported Groups - RFC 7919 section 2
*/
-int
+static int
tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type)
{
return ssl_has_ecc_ciphers(s) ||
(s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
-int
+static int
tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
const uint16_t *groups;
return 1;
}
-int
+static int
tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
int *alert)
{
}
/* This extension is never used by the server. */
-int
+static int
tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type)
{
return 0;
}
-int
+static int
tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
return 0;
}
-int
+static int
tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
int *alert)
{
return 1;
}
-int
+static int
tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type)
{
return ssl_has_ecc_ciphers(s);
}
-int
+static int
tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
return tlsext_ecpf_build(s, msg_type, cbb);
}
-int
+static int
tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
return tlsext_ecpf_parse(s, msg_type, cbs, alert);
}
-int
+static int
tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type)
{
return ssl_using_ecc_cipher(s);
}
-int
+static int
tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
return tlsext_ecpf_build(s, msg_type, cbb);
}
-int
+static int
tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
return tlsext_ecpf_parse(s, msg_type, cbs, alert);
/*
* Renegotiation Indication - RFC 5746.
*/
-int
+static int
tlsext_ri_client_needs(SSL *s, uint16_t msg_type)
{
return (s->internal->renegotiate);
}
-int
+static int
tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB reneg;
return 1;
}
-int
+static int
tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS reneg;
return 1;
}
-int
+static int
tlsext_ri_server_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
s->s3->send_connection_binding);
}
-int
+static int
tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB reneg;
return 1;
}
-int
+static int
tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS reneg, prev_client, prev_server;
/*
* Signature Algorithms - RFC 5246 section 7.4.1.4.1.
*/
-int
+static int
tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION);
}
-int
+static int
tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
uint16_t tls_version = s->s3->hs.negotiated_tls_version;
return 1;
}
-int
+static int
tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS sigalgs;
return 1;
}
-int
+static int
tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
}
-int
+static int
tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB sigalgs;
return 1;
}
-int
+static int
tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS sigalgs;
/*
* Server Name Indication - RFC 6066, section 3.
*/
-int
+static int
tlsext_sni_client_needs(SSL *s, uint16_t msg_type)
{
return (s->tlsext_hostname != NULL);
}
-int
+static int
tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB server_name_list, host_name;
return 1;
}
-int
+static int
tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS server_name_list, host_name;
return 0;
}
-int
+static int
tlsext_sni_server_needs(SSL *s, uint16_t msg_type)
{
if (s->internal->hit)
return (s->session->tlsext_hostname != NULL);
}
-int
+static int
tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
return 1;
}
-int
+static int
tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {
return 1;
}
-
/*
* Certificate Status Request - RFC 6066 section 8.
*/
-int
+static int
tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type)
{
if (msg_type != SSL_TLSEXT_MSG_CH)
return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp);
}
-int
+static int
tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB respid_list, respid, exts;
return 1;
}
-int
+static int
tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
int alert_desc = SSL_AD_DECODE_ERROR;
return ret;
}
-int
+static int
tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)
{
if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
return s->internal->tlsext_status_expected;
}
-int
+static int
tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB ocsp_response;
return 1;
}
-int
+static int
tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
uint8_t status_type;
/*
* SessionTicket extension - RFC 5077 section 3.2
*/
-int
+static int
tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)
{
/*
return 1;
}
-int
+static int
tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
/*
return 1;
}
-int
+static int
tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
int *alert)
{
return 1;
}
-int
+static int
tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)
{
return (s->internal->tlsext_ticket_expected &&
ssl_security_tickets(s));
}
-int
+static int
tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
/* Empty ticket */
return 1;
}
-int
+static int
tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
int *alert)
{
#ifndef OPENSSL_NO_SRTP
-int
+static int
tlsext_srtp_client_needs(SSL *s, uint16_t msg_type)
{
return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL;
}
-int
+static int
tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB profiles, mki;
return 1;
}
-int
+static int
tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
const SRTP_PROTECTION_PROFILE *cprof, *sprof;
return ret;
}
-int
+static int
tlsext_srtp_server_needs(SSL *s, uint16_t msg_type)
{
return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL;
}
-int
+static int
tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
SRTP_PROTECTION_PROFILE *profile;
return 1;
}
-int
+static int
tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
/*
* TLSv1.3 Key Share - RFC 8446 section 4.2.8.
*/
-int
+static int
tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
-int
+static int
tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB client_shares, key_exchange;
return 1;
}
-int
+static int
tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS client_shares, key_exchange;
return 1;
}
-int
+static int
tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
tlsext_extension_seen(s, TLSEXT_TYPE_key_share));
}
-int
+static int
tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB key_exchange;
return 1;
}
-int
+static int
tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS key_exchange;
/*
* Supported Versions - RFC 8446 section 4.2.1.
*/
-int
+static int
tlsext_versions_client_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
-int
+static int
tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
uint16_t max, min;
return 1;
}
-int
+static int
tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS versions;
return 0;
}
-int
+static int
tlsext_versions_server_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
}
-int
+static int
tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
return CBB_add_u16(cbb, TLS1_3_VERSION);
}
-int
+static int
tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
uint16_t selected_version;
* Cookie - RFC 8446 section 4.2.2.
*/
-int
+static int
tlsext_cookie_client_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&
s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
}
-int
+static int
tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB cookie;
return 1;
}
-int
+static int
tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS cookie;
return 1;
}
-int
+static int
tlsext_cookie_server_needs(SSL *s, uint16_t msg_type)
{
/*
s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
}
-int
+static int
tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB cookie;
return 1;
}
-int
+static int
tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
CBS cookie;
* Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9.
*/
-int
+static int
tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type)
{
return (s->s3->hs.tls13.use_psk_dhe_ke &&
s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
}
-int
+static int
tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
CBB ke_modes;
return 1;
}
-int
+static int
tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
int *alert)
{
return 1;
}
-int
+static int
tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type)
{
/* Servers MUST NOT send this extension. */
return 0;
}
-int
+static int
tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
return 0;
}
-int
+static int
tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
int *alert)
{
* Pre-Shared Key Extension - RFC 8446, 4.2.11
*/
-int
+static int
tlsext_psk_client_needs(SSL *s, uint16_t msg_type)
{
return 0;
}
-int
+static int
tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
return 0;
}
-int
+static int
tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
return CBS_skip(cbs, CBS_len(cbs));
}
-int
+static int
tlsext_psk_server_needs(SSL *s, uint16_t msg_type)
{
return 0;
}
-int
+static int
tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
{
return 0;
}
-int
+static int
tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
{
return CBS_skip(cbs, CBS_len(cbs));
* QUIC transport parameters extension - RFC 9001 section 8.2.
*/
-int
+static int
tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
{
return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
}
-int
+static int
tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
CBB *cbb)
{
return 1;
}
-int
+static int
tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
CBS *cbs, int *alert)
{
return 1;
}
-int
+static int
tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
{
return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;
}
-int
+static int
tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
CBB *cbb)
{
return 1;
}
-int
+static int
tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
CBS *cbs, int *alert)
{
return ((s->s3->hs.extensions_seen & (1 << idx)) != 0);
}
-static const struct tls_extension_funcs *
+const struct tls_extension_funcs *
tlsext_funcs(const struct tls_extension *tlsext, int is_server)
{
if (is_server)
-/* $OpenBSD: ssl_tlsext.h,v 1.31 2022/07/20 13:35:05 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.32 2022/08/04 09:27:36 tb Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
__BEGIN_HIDDEN_DECLS
int tlsext_alpn_check_format(CBS *cbs);
-int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_alpn_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-
-int tlsext_ri_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_ri_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-
-int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-
-int tlsext_sni_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_sni_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip);
-int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-
-int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-
-int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-
-int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-
-int tlsext_versions_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-int tlsext_versions_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-
-int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-
-int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-
-int tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-int tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
- int *alert);
-
-int tlsext_psk_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_psk_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-
-#ifndef OPENSSL_NO_SRTP
-int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-#endif
-
-int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type);
-int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
- CBB *cbb);
-int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
- CBS *cbs, int *alert);
-int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type);
-int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
- CBB *cbb);
-int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
- CBS *cbs, int *alert);
-
int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-const struct tls_extension *tls_extension_find(uint16_t, size_t *);
int tlsext_extension_seen(SSL *s, uint16_t);
+
__END_HIDDEN_DECLS
#endif
projects / openbsd / commitdiff