From: tb Date: Thu, 4 Aug 2022 09:27:36 +0000 (+0000) Subject: Make tlsext_*_{build,needs,parse}() functions static X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8b7f8f189aea4f1f46e678c3beff3b7cb3caeeb2;p=openbsd Make tlsext_*_{build,needs,parse}() functions static None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly. ok jsing --- diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 033608e03eb..f417f59b8e7 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.127 2022/07/24 10:52:51 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.128 2022/08/04 09:27:36 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -36,7 +36,7 @@ * Supported Application-Layer Protocol Negotiation - RFC 7301 */ -int +static int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) { /* ALPN protos have been specified and this is the initial handshake */ @@ -44,7 +44,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type) s->s3->hs.finished_len == 0; } -int +static int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB protolist; @@ -83,7 +83,7 @@ tlsext_alpn_check_format(CBS *cbs) return 1; } -int +static int tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) { CBS alpn; @@ -134,13 +134,13 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert) return 0; } -int +static int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type) { return s->s3->alpn_selected != NULL; } -int +static int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB list, selected; @@ -161,7 +161,7 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS list, proto; @@ -191,14 +191,14 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * Supported Groups - RFC 7919 section 2 */ -int +static int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type) { return ssl_has_ecc_ciphers(s) || (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { const uint16_t *groups; @@ -228,7 +228,7 @@ tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -289,19 +289,19 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, } /* This extension is never used by the server. */ -int +static int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type) { return 0; } -int +static int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return 0; } -int +static int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -378,37 +378,37 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 1; } -int +static int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type) { return ssl_has_ecc_ciphers(s); } -int +static int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { return tlsext_ecpf_build(s, msg_type, cbb); } -int +static int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { return tlsext_ecpf_parse(s, msg_type, cbs, alert); } -int +static int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type) { return ssl_using_ecc_cipher(s); } -int +static int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return tlsext_ecpf_build(s, msg_type, cbb); } -int +static int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { return tlsext_ecpf_parse(s, msg_type, cbs, alert); @@ -417,13 +417,13 @@ tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * Renegotiation Indication - RFC 5746. */ -int +static int tlsext_ri_client_needs(SSL *s, uint16_t msg_type) { return (s->internal->renegotiate); } -int +static int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB reneg; @@ -439,7 +439,7 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS reneg; @@ -462,14 +462,14 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 1; } -int +static int tlsext_ri_server_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION && s->s3->send_connection_binding); } -int +static int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB reneg; @@ -488,7 +488,7 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS reneg, prev_client, prev_server; @@ -546,13 +546,13 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * Signature Algorithms - RFC 5246 section 7.4.1.4.1. */ -int +static int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION); } -int +static int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { uint16_t tls_version = s->s3->hs.negotiated_tls_version; @@ -571,7 +571,7 @@ tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS sigalgs; @@ -586,13 +586,13 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 1; } -int +static int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB sigalgs; @@ -608,7 +608,7 @@ tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS sigalgs; @@ -629,13 +629,13 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * Server Name Indication - RFC 6066, section 3. */ -int +static int tlsext_sni_client_needs(SSL *s, uint16_t msg_type) { return (s->tlsext_hostname != NULL); } -int +static int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB server_name_list, host_name; @@ -735,7 +735,7 @@ tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip) return 1; } -int +static int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS server_name_list, host_name; @@ -816,7 +816,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; } -int +static int tlsext_sni_server_needs(SSL *s, uint16_t msg_type) { if (s->internal->hit) @@ -825,13 +825,13 @@ tlsext_sni_server_needs(SSL *s, uint16_t msg_type) return (s->session->tlsext_hostname != NULL); } -int +static int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return 1; } -int +static int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) { @@ -862,12 +862,11 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 1; } - /* * Certificate Status Request - RFC 6066 section 8. */ -int +static int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) { if (msg_type != SSL_TLSEXT_MSG_CH) @@ -876,7 +875,7 @@ tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type) return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp); } -int +static int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB respid_list, respid, exts; @@ -920,7 +919,7 @@ tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { int alert_desc = SSL_AD_DECODE_ERROR; @@ -993,7 +992,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return ret; } -int +static int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) { if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && @@ -1008,7 +1007,7 @@ tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type) return s->internal->tlsext_status_expected; } -int +static int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB ocsp_response; @@ -1028,7 +1027,7 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { uint8_t status_type; @@ -1081,7 +1080,7 @@ tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * SessionTicket extension - RFC 5077 section 3.2 */ -int +static int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type) { /* @@ -1105,7 +1104,7 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type) return 1; } -int +static int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { /* @@ -1148,7 +1147,7 @@ tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -1170,7 +1169,7 @@ tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, return 1; } -int +static int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type) { return (s->internal->tlsext_ticket_expected && @@ -1178,14 +1177,14 @@ tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type) ssl_security_tickets(s)); } -int +static int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { /* Empty ticket */ return 1; } -int +static int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -1214,13 +1213,13 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, #ifndef OPENSSL_NO_SRTP -int +static int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type) { return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL; } -int +static int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB profiles, mki; @@ -1257,7 +1256,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { const SRTP_PROTECTION_PROFILE *cprof, *sprof; @@ -1332,13 +1331,13 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return ret; } -int +static int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type) { return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL; } -int +static int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { SRTP_PROTECTION_PROFILE *profile; @@ -1362,7 +1361,7 @@ tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { STACK_OF(SRTP_PROTECTION_PROFILE) *clnt; @@ -1415,13 +1414,13 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * TLSv1.3 Key Share - RFC 8446 section 4.2.8. */ -int +static int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB client_shares, key_exchange; @@ -1443,7 +1442,7 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS client_shares, key_exchange; @@ -1495,14 +1494,14 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 1; } -int +static int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION && tlsext_extension_seen(s, TLSEXT_TYPE_key_share)); } -int +static int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB key_exchange; @@ -1530,7 +1529,7 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS key_exchange; @@ -1574,13 +1573,13 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) /* * Supported Versions - RFC 8446 section 4.2.1. */ -int +static int tlsext_versions_client_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { uint16_t max, min; @@ -1605,7 +1604,7 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS versions; @@ -1640,19 +1639,19 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 0; } -int +static int tlsext_versions_server_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return CBB_add_u16(cbb, TLS1_3_VERSION); } -int +static int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { uint16_t selected_version; @@ -1677,14 +1676,14 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Cookie - RFC 8446 section 4.2.2. */ -int +static int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION && s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); } -int +static int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB cookie; @@ -1702,7 +1701,7 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS cookie; @@ -1728,7 +1727,7 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) return 1; } -int +static int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type) { /* @@ -1739,7 +1738,7 @@ tlsext_cookie_server_needs(SSL *s, uint16_t msg_type) s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL); } -int +static int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB cookie; @@ -1759,7 +1758,7 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { CBS cookie; @@ -1789,14 +1788,14 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9. */ -int +static int tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type) { return (s->s3->hs.tls13.use_psk_dhe_ke && s->s3->hs.our_max_tls_version >= TLS1_3_VERSION); } -int +static int tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { CBB ke_modes; @@ -1814,7 +1813,7 @@ tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb) return 1; } -int +static int tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -1835,20 +1834,20 @@ tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, return 1; } -int +static int tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type) { /* Servers MUST NOT send this extension. */ return 0; } -int +static int tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return 0; } -int +static int tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -1859,37 +1858,37 @@ tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, * Pre-Shared Key Extension - RFC 8446, 4.2.11 */ -int +static int tlsext_psk_client_needs(SSL *s, uint16_t msg_type) { return 0; } -int +static int tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { return 0; } -int +static int tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { return CBS_skip(cbs, CBS_len(cbs)); } -int +static int tlsext_psk_server_needs(SSL *s, uint16_t msg_type) { return 0; } -int +static int tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { return 0; } -int +static int tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { return CBS_skip(cbs, CBS_len(cbs)); @@ -1899,13 +1898,13 @@ tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) * QUIC transport parameters extension - RFC 9001 section 8.2. */ -int +static int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type) { return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0; } -int +static int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type, CBB *cbb) { @@ -1916,7 +1915,7 @@ tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type, return 1; } -int +static int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -1934,13 +1933,13 @@ tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type, return 1; } -int +static int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type) { return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0; } -int +static int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type, CBB *cbb) { @@ -1951,7 +1950,7 @@ tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type, return 1; } -int +static int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert) { @@ -2233,7 +2232,7 @@ tlsext_extension_seen(SSL *s, uint16_t type) return ((s->s3->hs.extensions_seen & (1 << idx)) != 0); } -static const struct tls_extension_funcs * +const struct tls_extension_funcs * tlsext_funcs(const struct tls_extension *tlsext, int is_server) { if (is_server) diff --git a/lib/libssl/ssl_tlsext.h b/lib/libssl/ssl_tlsext.h index 393ee5d90df..7a41c8095db 100644 --- a/lib/libssl/ssl_tlsext.h +++ b/lib/libssl/ssl_tlsext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.h,v 1.31 2022/07/20 13:35:05 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.h,v 1.32 2022/08/04 09:27:36 tb Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -32,138 +32,16 @@ __BEGIN_HIDDEN_DECLS int tlsext_alpn_check_format(CBS *cbs); -int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type); -int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type); -int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_alpn_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_ri_client_needs(SSL *s, uint16_t msg_type); -int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_ri_server_needs(SSL *s, uint16_t msg_type); -int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type); -int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type); -int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_sni_client_needs(SSL *s, uint16_t msg_type); -int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_sni_server_needs(SSL *s, uint16_t msg_type); -int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); int tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip); -int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type); -int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type); -int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type); -int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type); -int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type); -int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type); -int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type); -int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type); -int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_versions_client_needs(SSL *s, uint16_t msg_type); -int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_versions_server_needs(SSL *s, uint16_t msg_type); -int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type); -int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type); -int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type); -int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type); -int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -int tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type); -int tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); -int tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type); -int tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, - int *alert); - -int tlsext_psk_client_needs(SSL *s, uint16_t msg_type); -int tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_psk_server_needs(SSL *s, uint16_t msg_type); -int tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); - -#ifndef OPENSSL_NO_SRTP -int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type); -int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type); -int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb); -int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -#endif - -int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type); -int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type, - CBB *cbb); -int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type, - CBS *cbs, int *alert); -int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type); -int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type, - CBB *cbb); -int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type, - CBS *cbs, int *alert); - int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb); int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb); int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); -const struct tls_extension *tls_extension_find(uint16_t, size_t *); int tlsext_extension_seen(SSL *s, uint16_t); + __END_HIDDEN_DECLS #endif