src - OpenBSD base system

diff options


context:
space:
mode:

author	Theo Buehler <tb@cvs.openbsd.org>	2022-08-04 09:27:37 +0000
committer	Theo Buehler <tb@cvs.openbsd.org>	2022-08-04 09:27:37 +0000
commit	634ab44e2e00a601c73f558ad0d3f85163556db3 (patch)
tree	863fda499bf661806ecf308bdaf7c5aae071b009 /lib
parent	6289c8bb9b80420454a6a5a296896be5d8aab7b2 (diff)

Make tlsext_*_{build,needs,parse}() functions static

None of these functions are used outside of ssl_tlsext.c. The only reason they are prototyped in the header is for the use of tlsexttest.c. Rather than having a big pile of useless copy-paste in the header, we can adapt the test to avoid using these functions directly. ok jsing

Diffstat (limited to 'lib')

-rw-r--r--

lib/libssl/ssl_tlsext.c

185

-rw-r--r--

lib/libssl/ssl_tlsext.h

126

2 files changed, 94 insertions, 217 deletions

diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index 033608e03eb..f417f59b8e7 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_tlsext.c,v 1.127 2022/07/24 10:52:51 tb Exp $ */

+/* $OpenBSD: ssl_tlsext.c,v 1.128 2022/08/04 09:27:36 tb Exp $ */

@@ -36,7 +36,7 @@

* Supported Application-Layer Protocol Negotiation - RFC 7301

-int

+static int

tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)

{

/* ALPN protos have been specified and this is the initial handshake */

@@ -44,7 +44,7 @@ tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)

s->s3->hs.finished_len == 0;

}

-int

+static int

tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB protolist;

@@ -83,7 +83,7 @@ tlsext_alpn_check_format(CBS *cbs)

return 1;

}

-int

+static int

tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)

{

CBS alpn;

@@ -134,13 +134,13 @@ tlsext_alpn_server_parse(SSL *s, uint16_t msg_types, CBS *cbs, int *alert)

return 0;

}

-int

+static int

tlsext_alpn_server_needs(SSL *s, uint16_t msg_type)

{

return s->s3->alpn_selected != NULL;

}

-int

+static int

tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB list, selected;

@@ -161,7 +161,7 @@ tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS list, proto;

@@ -191,14 +191,14 @@ tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* Supported Groups - RFC 7919 section 2

-int

+static int

tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type)

{

return ssl_has_ecc_ciphers(s) ||

(s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);

}

-int

+static int

tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

const uint16_t *groups;

@@ -228,7 +228,7 @@ tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

int *alert)

{

@@ -289,19 +289,19 @@ tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

}

/* This extension is never used by the server. */

-int

+static int

tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type)

{

return 0;

}

-int

+static int

tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

return 0;

}

-int

+static int

tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

int *alert)

{

@@ -378,37 +378,37 @@ tlsext_ecpf_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return 1;

}

-int

+static int

tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type)

{

return ssl_has_ecc_ciphers(s);

}

-int

+static int

tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

return tlsext_ecpf_build(s, msg_type, cbb);

}

-int

+static int

tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

return tlsext_ecpf_parse(s, msg_type, cbs, alert);

}

-int

+static int

tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type)

{

return ssl_using_ecc_cipher(s);

}

-int

+static int

tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

return tlsext_ecpf_build(s, msg_type, cbb);

}

-int

+static int

tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

return tlsext_ecpf_parse(s, msg_type, cbs, alert);

@@ -417,13 +417,13 @@ tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* Renegotiation Indication - RFC 5746.

-int

+static int

tlsext_ri_client_needs(SSL *s, uint16_t msg_type)

{

return (s->internal->renegotiate);

}

-int

+static int

tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB reneg;

@@ -439,7 +439,7 @@ tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS reneg;

@@ -462,14 +462,14 @@ tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return 1;

}

-int

+static int

tlsext_ri_server_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&

s->s3->send_connection_binding);

}

-int

+static int

tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB reneg;

@@ -488,7 +488,7 @@ tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS reneg, prev_client, prev_server;

@@ -546,13 +546,13 @@ tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* Signature Algorithms - RFC 5246 section 7.4.1.4.1.

-int

+static int

tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION);

}

-int

+static int

tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

uint16_t tls_version = s->s3->hs.negotiated_tls_version;

@@ -571,7 +571,7 @@ tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS sigalgs;

@@ -586,13 +586,13 @@ tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return 1;

}

-int

+static int

tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);

}

-int

+static int

tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB sigalgs;

@@ -608,7 +608,7 @@ tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS sigalgs;

@@ -629,13 +629,13 @@ tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* Server Name Indication - RFC 6066, section 3.

-int

+static int

tlsext_sni_client_needs(SSL *s, uint16_t msg_type)

{

return (s->tlsext_hostname != NULL);

}

-int

+static int

tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB server_name_list, host_name;

@@ -735,7 +735,7 @@ tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip)

return 1;

}

-int

+static int

tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS server_name_list, host_name;

@@ -816,7 +816,7 @@ tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return 0;

}

-int

+static int

tlsext_sni_server_needs(SSL *s, uint16_t msg_type)

{

if (s->internal->hit)

@@ -825,13 +825,13 @@ tlsext_sni_server_needs(SSL *s, uint16_t msg_type)

return (s->session->tlsext_hostname != NULL);

}

-int

+static int

tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

return 1;

}

-int

+static int

tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {

@@ -862,12 +862,11 @@ tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return 1;

}

* Certificate Status Request - RFC 6066 section 8.

-int

+static int

tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type)

{

if (msg_type != SSL_TLSEXT_MSG_CH)

@@ -876,7 +875,7 @@ tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type)

return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp);

}

-int

+static int

tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB respid_list, respid, exts;

@@ -920,7 +919,7 @@ tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

int alert_desc = SSL_AD_DECODE_ERROR;

@@ -993,7 +992,7 @@ tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return ret;

}

-int

+static int

tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)

{

if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&

@@ -1008,7 +1007,7 @@ tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)

return s->internal->tlsext_status_expected;

}

-int

+static int

tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB ocsp_response;

@@ -1028,7 +1027,7 @@ tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

uint8_t status_type;

@@ -1081,7 +1080,7 @@ tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* SessionTicket extension - RFC 5077 section 3.2

-int

+static int

tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)

{

@@ -1105,7 +1104,7 @@ tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)

return 1;

}

-int

+static int

tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

@@ -1148,7 +1147,7 @@ tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

int *alert)

{

@@ -1170,7 +1169,7 @@ tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

return 1;

}

-int

+static int

tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)

{

return (s->internal->tlsext_ticket_expected &&

@@ -1178,14 +1177,14 @@ tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)

ssl_security_tickets(s));

}

-int

+static int

tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

/* Empty ticket */

return 1;

}

-int

+static int

tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

int *alert)

{

@@ -1214,13 +1213,13 @@ tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

#ifndef OPENSSL_NO_SRTP

-int

+static int

tlsext_srtp_client_needs(SSL *s, uint16_t msg_type)

{

return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL;

}

-int

+static int

tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB profiles, mki;

@@ -1257,7 +1256,7 @@ tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

const SRTP_PROTECTION_PROFILE *cprof, *sprof;

@@ -1332,13 +1331,13 @@ tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return ret;

}

-int

+static int

tlsext_srtp_server_needs(SSL *s, uint16_t msg_type)

{

return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL;

}

-int

+static int

tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

SRTP_PROTECTION_PROFILE *profile;

@@ -1362,7 +1361,7 @@ tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;

@@ -1415,13 +1414,13 @@ tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* TLSv1.3 Key Share - RFC 8446 section 4.2.8.

-int

+static int

tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);

}

-int

+static int

tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB client_shares, key_exchange;

@@ -1443,7 +1442,7 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS client_shares, key_exchange;

@@ -1495,14 +1494,14 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return 1;

}

-int

+static int

tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&

tlsext_extension_seen(s, TLSEXT_TYPE_key_share));

}

-int

+static int

tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB key_exchange;

@@ -1530,7 +1529,7 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS key_exchange;

@@ -1574,13 +1573,13 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* Supported Versions - RFC 8446 section 4.2.1.

-int

+static int

tlsext_versions_client_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);

}

-int

+static int

tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

uint16_t max, min;

@@ -1605,7 +1604,7 @@ tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS versions;

@@ -1640,19 +1639,19 @@ tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return 0;

}

-int

+static int

tlsext_versions_server_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);

}

-int

+static int

tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

return CBB_add_u16(cbb, TLS1_3_VERSION);

}

-int

+static int

tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

uint16_t selected_version;

@@ -1677,14 +1676,14 @@ tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* Cookie - RFC 8446 section 4.2.2.

-int

+static int

tlsext_cookie_client_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&

s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);

}

-int

+static int

tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB cookie;

@@ -1702,7 +1701,7 @@ tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS cookie;

@@ -1728,7 +1727,7 @@ tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

return 1;

}

-int

+static int

tlsext_cookie_server_needs(SSL *s, uint16_t msg_type)

{

@@ -1739,7 +1738,7 @@ tlsext_cookie_server_needs(SSL *s, uint16_t msg_type)

s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);

}

-int

+static int

tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB cookie;

@@ -1759,7 +1758,7 @@ tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

CBS cookie;

@@ -1789,14 +1788,14 @@ tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9.

-int

+static int

tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type)

{

return (s->s3->hs.tls13.use_psk_dhe_ke &&

s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);

}

-int

+static int

tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

CBB ke_modes;

@@ -1814,7 +1813,7 @@ tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

return 1;

}

-int

+static int

tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

int *alert)

{

@@ -1835,20 +1834,20 @@ tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

return 1;

}

-int

+static int

tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type)

{

/* Servers MUST NOT send this extension. */

return 0;

}

-int

+static int

tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

return 0;

}

-int

+static int

tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

int *alert)

{

@@ -1859,37 +1858,37 @@ tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

* Pre-Shared Key Extension - RFC 8446, 4.2.11

-int

+static int

tlsext_psk_client_needs(SSL *s, uint16_t msg_type)

{

return 0;

}

-int

+static int

tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

return 0;

}

-int

+static int

tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

return CBS_skip(cbs, CBS_len(cbs));

}

-int

+static int

tlsext_psk_server_needs(SSL *s, uint16_t msg_type)

{

return 0;

}

-int

+static int

tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb)

{

return 0;

}

-int

+static int

tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

{

return CBS_skip(cbs, CBS_len(cbs));

@@ -1899,13 +1898,13 @@ tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)

* QUIC transport parameters extension - RFC 9001 section 8.2.

-int

+static int

tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)

{

return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;

}

-int

+static int

tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,

CBB *cbb)

{

@@ -1916,7 +1915,7 @@ tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,

return 1;

}

-int

+static int

tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,

CBS *cbs, int *alert)

{

@@ -1934,13 +1933,13 @@ tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,

return 1;

}

-int

+static int

tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)

{

return SSL_is_quic(s) && s->internal->quic_transport_params_len > 0;

}

-int

+static int

tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,

CBB *cbb)

{

@@ -1951,7 +1950,7 @@ tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,

return 1;

}

-int

+static int

tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,

CBS *cbs, int *alert)

{

@@ -2233,7 +2232,7 @@ tlsext_extension_seen(SSL *s, uint16_t type)

return ((s->s3->hs.extensions_seen & (1 << idx)) != 0);

}

-static const struct tls_extension_funcs *

+const struct tls_extension_funcs *

tlsext_funcs(const struct tls_extension *tlsext, int is_server)

{

if (is_server)

diff --git a/lib/libssl/ssl_tlsext.h b/lib/libssl/ssl_tlsext.h
index 393ee5d90df..7a41c8095db 100644
--- a/lib/libssl/ssl_tlsext.h
+++ b/lib/libssl/ssl_tlsext.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_tlsext.h,v 1.31 2022/07/20 13:35:05 tb Exp $ */

+/* $OpenBSD: ssl_tlsext.h,v 1.32 2022/08/04 09:27:36 tb Exp $ */

@@ -32,138 +32,16 @@

__BEGIN_HIDDEN_DECLS

int tlsext_alpn_check_format(CBS *cbs);

-int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_alpn_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_ri_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_ri_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_sni_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_sni_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

int tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip);

-int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_versions_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_versions_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_psk_kex_modes_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_psk_kex_modes_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,

- int *alert);

-int tlsext_psk_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_psk_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_psk_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-#ifndef OPENSSL_NO_SRTP

-int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

-int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-#endif

-int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type);

-int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,

- CBB *cbb);

-int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,

- CBS *cbs, int *alert);

-int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type);

-int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,

- CBB *cbb);

-int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,

- CBS *cbs, int *alert);

int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);

int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb);

int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

-const struct tls_extension *tls_extension_find(uint16_t, size_t *);

int tlsext_extension_seen(SSL *s, uint16_t);

__END_HIDDEN_DECLS

#endif