summaryrefslogtreecommitdiff
path: root/lib/libssl/ssl_tlsext.h
blob: 8e0742aa2ca20eb96d2be87794c7dc22fef4b2cb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
/* $OpenBSD: ssl_tlsext.h,v 1.26 2020/10/11 01:13:04 guenther Exp $ */
/*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#ifndef HEADER_SSL_TLSEXT_H
#define HEADER_SSL_TLSEXT_H

/* TLSv1.3 - RFC 8446 Section 4.2. */
#define SSL_TLSEXT_MSG_CH	0x0001	/* ClientHello */
#define SSL_TLSEXT_MSG_SH	0x0002	/* ServerHello */
#define SSL_TLSEXT_MSG_EE	0x0004	/* EncryptedExtension */
#define SSL_TLSEXT_MSG_CT	0x0008	/* Certificate */
#define SSL_TLSEXT_MSG_CR	0x0010	/* CertificateRequest */
#define SSL_TLSEXT_MSG_NST	0x0020	/* NewSessionTicket */
#define SSL_TLSEXT_MSG_HRR	0x0040	/* HelloRetryRequest */

__BEGIN_HIDDEN_DECLS

int tlsext_alpn_client_needs(SSL *s, uint16_t msg_type);
int tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_alpn_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_alpn_server_needs(SSL *s, uint16_t msg_type);
int tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_alpn_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

int tlsext_ri_client_needs(SSL *s, uint16_t msg_type);
int tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_ri_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_ri_server_needs(SSL *s, uint16_t msg_type);
int tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_ri_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

int tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type);
int tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_sigalgs_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);
int tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type);
int tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_sigalgs_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);

int tlsext_sni_client_needs(SSL *s, uint16_t msg_type);
int tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_sni_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_sni_server_needs(SSL *s, uint16_t msg_type);
int tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_sni_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_sni_is_valid_hostname(CBS *cbs);

int tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type);
int tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_supportedgroups_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);
int tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type);
int tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_supportedgroups_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);

int tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type);
int tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_ecpf_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type);
int tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_ecpf_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

int tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type);
int tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_ocsp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type);
int tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_ocsp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

int tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type);
int tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_sessionticket_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
     int *alert);
int tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type);
int tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_sessionticket_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);

int tlsext_versions_client_needs(SSL *s, uint16_t msg_type);
int tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_versions_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);
int tlsext_versions_server_needs(SSL *s, uint16_t msg_type);
int tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_versions_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);

int tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type);
int tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);
int tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type);
int tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs,
    int *alert);

int tlsext_cookie_client_needs(SSL *s, uint16_t msg_type);
int tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_cookie_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_cookie_server_needs(SSL *s, uint16_t msg_type);
int tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_cookie_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

#ifndef OPENSSL_NO_SRTP
int tlsext_srtp_client_needs(SSL *s, uint16_t msg_type);
int tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_srtp_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
int tlsext_srtp_server_needs(SSL *s, uint16_t msg_type);
int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
#endif

int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);

const struct tls_extension *tls_extension_find(uint16_t, size_t *);
int tlsext_extension_seen(SSL *s, uint16_t);
__END_HIDDEN_DECLS

#endif