11cb0ef41Sopenharmony_ci/* 21cb0ef41Sopenharmony_ci * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 31cb0ef41Sopenharmony_ci * 41cb0ef41Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 51cb0ef41Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 61cb0ef41Sopenharmony_ci * in the file LICENSE in the source distribution or at 71cb0ef41Sopenharmony_ci * https://www.openssl.org/source/license.html 81cb0ef41Sopenharmony_ci */ 91cb0ef41Sopenharmony_ci 101cb0ef41Sopenharmony_ci/***************************************************************************** 111cb0ef41Sopenharmony_ci * * 121cb0ef41Sopenharmony_ci * The following definitions are PRIVATE to the state machine. They should * 131cb0ef41Sopenharmony_ci * NOT be used outside of the state machine. * 141cb0ef41Sopenharmony_ci * * 151cb0ef41Sopenharmony_ci *****************************************************************************/ 161cb0ef41Sopenharmony_ci 171cb0ef41Sopenharmony_ci/* Max message length definitions */ 181cb0ef41Sopenharmony_ci 191cb0ef41Sopenharmony_ci/* The spec allows for a longer length than this, but we limit it */ 201cb0ef41Sopenharmony_ci#define HELLO_VERIFY_REQUEST_MAX_LENGTH 258 211cb0ef41Sopenharmony_ci#define END_OF_EARLY_DATA_MAX_LENGTH 0 221cb0ef41Sopenharmony_ci#define HELLO_RETRY_REQUEST_MAX_LENGTH 20000 231cb0ef41Sopenharmony_ci#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000 241cb0ef41Sopenharmony_ci#define SESSION_TICKET_MAX_LENGTH_TLS13 131338 251cb0ef41Sopenharmony_ci#define SESSION_TICKET_MAX_LENGTH_TLS12 65541 261cb0ef41Sopenharmony_ci#define SERVER_KEY_EXCH_MAX_LENGTH 102400 271cb0ef41Sopenharmony_ci#define SERVER_HELLO_DONE_MAX_LENGTH 0 281cb0ef41Sopenharmony_ci#define KEY_UPDATE_MAX_LENGTH 1 291cb0ef41Sopenharmony_ci#define CCS_MAX_LENGTH 1 301cb0ef41Sopenharmony_ci 311cb0ef41Sopenharmony_ci/* Max ServerHello size permitted by RFC 8446 */ 321cb0ef41Sopenharmony_ci#define SERVER_HELLO_MAX_LENGTH 65607 331cb0ef41Sopenharmony_ci 341cb0ef41Sopenharmony_ci/* Max should actually be 36 but we are generous */ 351cb0ef41Sopenharmony_ci#define FINISHED_MAX_LENGTH 64 361cb0ef41Sopenharmony_ci 371cb0ef41Sopenharmony_ci/* Dummy message type */ 381cb0ef41Sopenharmony_ci#define SSL3_MT_DUMMY -1 391cb0ef41Sopenharmony_ci 401cb0ef41Sopenharmony_ci/* Invalid extension ID for non-supported extensions */ 411cb0ef41Sopenharmony_ci#define TLSEXT_TYPE_invalid 0x10000 421cb0ef41Sopenharmony_ci#define TLSEXT_TYPE_out_of_range 0x10001 431cb0ef41Sopenharmony_ciunsigned int ossl_get_extension_type(size_t idx); 441cb0ef41Sopenharmony_ci 451cb0ef41Sopenharmony_ciextern const unsigned char hrrrandom[]; 461cb0ef41Sopenharmony_ci 471cb0ef41Sopenharmony_ci/* Message processing return codes */ 481cb0ef41Sopenharmony_citypedef enum { 491cb0ef41Sopenharmony_ci /* Something bad happened */ 501cb0ef41Sopenharmony_ci MSG_PROCESS_ERROR, 511cb0ef41Sopenharmony_ci /* We've finished reading - swap to writing */ 521cb0ef41Sopenharmony_ci MSG_PROCESS_FINISHED_READING, 531cb0ef41Sopenharmony_ci /* 541cb0ef41Sopenharmony_ci * We've completed the main processing of this message but there is some 551cb0ef41Sopenharmony_ci * post processing to be done. 561cb0ef41Sopenharmony_ci */ 571cb0ef41Sopenharmony_ci MSG_PROCESS_CONTINUE_PROCESSING, 581cb0ef41Sopenharmony_ci /* We've finished this message - read the next message */ 591cb0ef41Sopenharmony_ci MSG_PROCESS_CONTINUE_READING 601cb0ef41Sopenharmony_ci} MSG_PROCESS_RETURN; 611cb0ef41Sopenharmony_ci 621cb0ef41Sopenharmony_citypedef int (*confunc_f) (SSL *s, WPACKET *pkt); 631cb0ef41Sopenharmony_ci 641cb0ef41Sopenharmony_ciint ssl3_take_mac(SSL *s); 651cb0ef41Sopenharmony_ciint check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups, 661cb0ef41Sopenharmony_ci size_t num_groups, int checkallow); 671cb0ef41Sopenharmony_ciint create_synthetic_message_hash(SSL *s, const unsigned char *hashval, 681cb0ef41Sopenharmony_ci size_t hashlen, const unsigned char *hrr, 691cb0ef41Sopenharmony_ci size_t hrrlen); 701cb0ef41Sopenharmony_ciint parse_ca_names(SSL *s, PACKET *pkt); 711cb0ef41Sopenharmony_ciconst STACK_OF(X509_NAME) *get_ca_names(SSL *s); 721cb0ef41Sopenharmony_ciint construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt); 731cb0ef41Sopenharmony_cisize_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs, 741cb0ef41Sopenharmony_ci const void *param, size_t paramlen); 751cb0ef41Sopenharmony_ci 761cb0ef41Sopenharmony_ci/* 771cb0ef41Sopenharmony_ci * TLS/DTLS client state machine functions 781cb0ef41Sopenharmony_ci */ 791cb0ef41Sopenharmony_ciint ossl_statem_client_read_transition(SSL *s, int mt); 801cb0ef41Sopenharmony_ciWRITE_TRAN ossl_statem_client_write_transition(SSL *s); 811cb0ef41Sopenharmony_ciWORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst); 821cb0ef41Sopenharmony_ciWORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst); 831cb0ef41Sopenharmony_ciint ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, 841cb0ef41Sopenharmony_ci confunc_f *confunc, int *mt); 851cb0ef41Sopenharmony_cisize_t ossl_statem_client_max_message_size(SSL *s); 861cb0ef41Sopenharmony_ciMSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt); 871cb0ef41Sopenharmony_ciWORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst); 881cb0ef41Sopenharmony_ci 891cb0ef41Sopenharmony_ci/* 901cb0ef41Sopenharmony_ci * TLS/DTLS server state machine functions 911cb0ef41Sopenharmony_ci */ 921cb0ef41Sopenharmony_ciint ossl_statem_server_read_transition(SSL *s, int mt); 931cb0ef41Sopenharmony_ciWRITE_TRAN ossl_statem_server_write_transition(SSL *s); 941cb0ef41Sopenharmony_ciWORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst); 951cb0ef41Sopenharmony_ciWORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst); 961cb0ef41Sopenharmony_ciint ossl_statem_server_construct_message(SSL *s, WPACKET *pkt, 971cb0ef41Sopenharmony_ci confunc_f *confunc,int *mt); 981cb0ef41Sopenharmony_cisize_t ossl_statem_server_max_message_size(SSL *s); 991cb0ef41Sopenharmony_ciMSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt); 1001cb0ef41Sopenharmony_ciWORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); 1011cb0ef41Sopenharmony_ci 1021cb0ef41Sopenharmony_ci/* Functions for getting new message data */ 1031cb0ef41Sopenharmony_ci__owur int tls_get_message_header(SSL *s, int *mt); 1041cb0ef41Sopenharmony_ci__owur int tls_get_message_body(SSL *s, size_t *len); 1051cb0ef41Sopenharmony_ci__owur int dtls_get_message(SSL *s, int *mt); 1061cb0ef41Sopenharmony_ci__owur int dtls_get_message_body(SSL *s, size_t *len); 1071cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_QUIC 1081cb0ef41Sopenharmony_ci__owur int quic_get_message(SSL *s, int *mt); 1091cb0ef41Sopenharmony_ci__owur int quic_get_message_body(SSL *s, size_t *len); 1101cb0ef41Sopenharmony_ci#endif 1111cb0ef41Sopenharmony_ci 1121cb0ef41Sopenharmony_ci/* Message construction and processing functions */ 1131cb0ef41Sopenharmony_ci__owur int tls_process_initial_server_flight(SSL *s); 1141cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt); 1151cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt); 1161cb0ef41Sopenharmony_ci__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); 1171cb0ef41Sopenharmony_ci__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt); 1181cb0ef41Sopenharmony_ci 1191cb0ef41Sopenharmony_ci__owur int tls_construct_finished(SSL *s, WPACKET *pkt); 1201cb0ef41Sopenharmony_ci__owur int tls_construct_key_update(SSL *s, WPACKET *pkt); 1211cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt); 1221cb0ef41Sopenharmony_ci__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, 1231cb0ef41Sopenharmony_ci int stop); 1241cb0ef41Sopenharmony_ci__owur WORK_STATE dtls_wait_for_dry(SSL *s); 1251cb0ef41Sopenharmony_ci 1261cb0ef41Sopenharmony_ci/* some client-only functions */ 1271cb0ef41Sopenharmony_ci__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt); 1281cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt); 1291cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt); 1301cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt); 1311cb0ef41Sopenharmony_ci__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt); 1321cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt); 1331cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt); 1341cb0ef41Sopenharmony_ci__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt); 1351cb0ef41Sopenharmony_ci__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst); 1361cb0ef41Sopenharmony_ci__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt); 1371cb0ef41Sopenharmony_ci__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey); 1381cb0ef41Sopenharmony_ci__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt); 1391cb0ef41Sopenharmony_ci__owur int tls_client_key_exchange_post_work(SSL *s); 1401cb0ef41Sopenharmony_ci__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt); 1411cb0ef41Sopenharmony_ci__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt); 1421cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt); 1431cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt); 1441cb0ef41Sopenharmony_ci__owur WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst); 1451cb0ef41Sopenharmony_ci__owur int ssl3_check_cert_and_algorithm(SSL *s); 1461cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_NEXTPROTONEG 1471cb0ef41Sopenharmony_ci__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt); 1481cb0ef41Sopenharmony_ci#endif 1491cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt); 1501cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt); 1511cb0ef41Sopenharmony_ci__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt); 1521cb0ef41Sopenharmony_ci 1531cb0ef41Sopenharmony_ci/* some server-only functions */ 1541cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt); 1551cb0ef41Sopenharmony_ci__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst); 1561cb0ef41Sopenharmony_ci__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt); 1571cb0ef41Sopenharmony_ci__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt); 1581cb0ef41Sopenharmony_ci__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt); 1591cb0ef41Sopenharmony_ci__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt); 1601cb0ef41Sopenharmony_ci__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt); 1611cb0ef41Sopenharmony_ci__owur int tls_construct_server_done(SSL *s, WPACKET *pkt); 1621cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt); 1631cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt); 1641cb0ef41Sopenharmony_ci__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst); 1651cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt); 1661cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_NEXTPROTONEG 1671cb0ef41Sopenharmony_ci__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt); 1681cb0ef41Sopenharmony_ci#endif 1691cb0ef41Sopenharmony_ci__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt); 1701cb0ef41Sopenharmony_ciMSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt); 1711cb0ef41Sopenharmony_ci 1721cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_GOST 1731cb0ef41Sopenharmony_ci/* These functions are used in GOST18 CKE, both for client and server */ 1741cb0ef41Sopenharmony_ciint ossl_gost18_cke_cipher_nid(const SSL *s); 1751cb0ef41Sopenharmony_ciint ossl_gost_ukm(const SSL *s, unsigned char *dgst_buf); 1761cb0ef41Sopenharmony_ci#endif 1771cb0ef41Sopenharmony_ci 1781cb0ef41Sopenharmony_ci/* Extension processing */ 1791cb0ef41Sopenharmony_ci 1801cb0ef41Sopenharmony_citypedef enum ext_return_en { 1811cb0ef41Sopenharmony_ci EXT_RETURN_FAIL, 1821cb0ef41Sopenharmony_ci EXT_RETURN_SENT, 1831cb0ef41Sopenharmony_ci EXT_RETURN_NOT_SENT 1841cb0ef41Sopenharmony_ci} EXT_RETURN; 1851cb0ef41Sopenharmony_ci 1861cb0ef41Sopenharmony_ci__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx, 1871cb0ef41Sopenharmony_ci RAW_EXTENSION *exts); 1881cb0ef41Sopenharmony_ci__owur int extension_is_relevant(SSL *s, unsigned int extctx, 1891cb0ef41Sopenharmony_ci unsigned int thisctx); 1901cb0ef41Sopenharmony_ci__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context, 1911cb0ef41Sopenharmony_ci RAW_EXTENSION **res, size_t *len, int init); 1921cb0ef41Sopenharmony_ci__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context, 1931cb0ef41Sopenharmony_ci RAW_EXTENSION *exts, X509 *x, size_t chainidx); 1941cb0ef41Sopenharmony_ci__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, 1951cb0ef41Sopenharmony_ci X509 *x, size_t chainidx, int fin); 1961cb0ef41Sopenharmony_ci__owur int should_add_extension(SSL *s, unsigned int extctx, 1971cb0ef41Sopenharmony_ci unsigned int thisctx, int max_version); 1981cb0ef41Sopenharmony_ci__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context, 1991cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2001cb0ef41Sopenharmony_ci 2011cb0ef41Sopenharmony_ci__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md, 2021cb0ef41Sopenharmony_ci const unsigned char *msgstart, 2031cb0ef41Sopenharmony_ci size_t binderoffset, const unsigned char *binderin, 2041cb0ef41Sopenharmony_ci unsigned char *binderout, 2051cb0ef41Sopenharmony_ci SSL_SESSION *sess, int sign, int external); 2061cb0ef41Sopenharmony_ci 2071cb0ef41Sopenharmony_ci/* Server Extension processing */ 2081cb0ef41Sopenharmony_ciint tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context, 2091cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2101cb0ef41Sopenharmony_ciint tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, 2111cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2121cb0ef41Sopenharmony_ciint tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, 2131cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2141cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_SRP 2151cb0ef41Sopenharmony_ciint tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2161cb0ef41Sopenharmony_ci size_t chainidx); 2171cb0ef41Sopenharmony_ci#endif 2181cb0ef41Sopenharmony_ciint tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, 2191cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2201cb0ef41Sopenharmony_ciint tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, 2211cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2221cb0ef41Sopenharmony_ciint tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context, 2231cb0ef41Sopenharmony_ci X509 *x, size_t chainidxl); 2241cb0ef41Sopenharmony_ciint tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context, 2251cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2261cb0ef41Sopenharmony_ciint tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context, 2271cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2281cb0ef41Sopenharmony_ciint tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2291cb0ef41Sopenharmony_ci size_t chainidx); 2301cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_OCSP 2311cb0ef41Sopenharmony_ciint tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context, 2321cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2331cb0ef41Sopenharmony_ci#endif 2341cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_NEXTPROTONEG 2351cb0ef41Sopenharmony_ciint tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2361cb0ef41Sopenharmony_ci size_t chainidx); 2371cb0ef41Sopenharmony_ci#endif 2381cb0ef41Sopenharmony_ciint tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2391cb0ef41Sopenharmony_ci size_t chainidx); 2401cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_SRTP 2411cb0ef41Sopenharmony_ciint tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2421cb0ef41Sopenharmony_ci size_t chainidx); 2431cb0ef41Sopenharmony_ci#endif 2441cb0ef41Sopenharmony_ciint tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2451cb0ef41Sopenharmony_ci size_t chainidx); 2461cb0ef41Sopenharmony_ciint tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2471cb0ef41Sopenharmony_ci size_t chainidx); 2481cb0ef41Sopenharmony_ciint tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2491cb0ef41Sopenharmony_ci size_t chainidx); 2501cb0ef41Sopenharmony_ciint tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2511cb0ef41Sopenharmony_ci size_t chainidx); 2521cb0ef41Sopenharmony_ciint tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context, 2531cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2541cb0ef41Sopenharmony_ciint tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 2551cb0ef41Sopenharmony_ci size_t chainidx); 2561cb0ef41Sopenharmony_ciint tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, 2571cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2581cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_QUIC 2591cb0ef41Sopenharmony_ciint tls_parse_ctos_quic_transport_params_draft(SSL *s, PACKET *pkt, 2601cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2611cb0ef41Sopenharmony_ci size_t chainidx); 2621cb0ef41Sopenharmony_ci 2631cb0ef41Sopenharmony_ciint tls_parse_ctos_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, 2641cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 2651cb0ef41Sopenharmony_ci#endif 2661cb0ef41Sopenharmony_ci 2671cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, 2681cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2691cb0ef41Sopenharmony_ci size_t chainidx); 2701cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, 2711cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2721cb0ef41Sopenharmony_ci size_t chainidx); 2731cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, 2741cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2751cb0ef41Sopenharmony_ci size_t chainidx); 2761cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt, 2771cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2781cb0ef41Sopenharmony_ci size_t chainidx); 2791cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, 2801cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2811cb0ef41Sopenharmony_ci size_t chainidx); 2821cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt, 2831cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2841cb0ef41Sopenharmony_ci size_t chainidx); 2851cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, 2861cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2871cb0ef41Sopenharmony_ci size_t chainidx); 2881cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_OCSP 2891cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, 2901cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2911cb0ef41Sopenharmony_ci size_t chainidx); 2921cb0ef41Sopenharmony_ci#endif 2931cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_NEXTPROTONEG 2941cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, 2951cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 2961cb0ef41Sopenharmony_ci size_t chainidx); 2971cb0ef41Sopenharmony_ci#endif 2981cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context, 2991cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3001cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_SRTP 3011cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, 3021cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3031cb0ef41Sopenharmony_ci#endif 3041cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context, 3051cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3061cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context, 3071cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3081cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt, 3091cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3101cb0ef41Sopenharmony_ci size_t chainidx); 3111cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, 3121cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3131cb0ef41Sopenharmony_ci size_t chainidx); 3141cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context, 3151cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3161cb0ef41Sopenharmony_ci/* 3171cb0ef41Sopenharmony_ci * Not in public headers as this is not an official extension. Only used when 3181cb0ef41Sopenharmony_ci * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. 3191cb0ef41Sopenharmony_ci */ 3201cb0ef41Sopenharmony_ci#define TLSEXT_TYPE_cryptopro_bug 0xfde8 3211cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, 3221cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3231cb0ef41Sopenharmony_ci size_t chainidx); 3241cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, 3251cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3261cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_QUIC 3271cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_quic_transport_params_draft(SSL *s, WPACKET *pkt, 3281cb0ef41Sopenharmony_ci unsigned int context, 3291cb0ef41Sopenharmony_ci X509 *x, 3301cb0ef41Sopenharmony_ci size_t chainidx); 3311cb0ef41Sopenharmony_ci 3321cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_stoc_quic_transport_params(SSL *s, WPACKET *pkt, 3331cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3341cb0ef41Sopenharmony_ci size_t chainidx); 3351cb0ef41Sopenharmony_ci#endif 3361cb0ef41Sopenharmony_ci 3371cb0ef41Sopenharmony_ci/* Client Extension processing */ 3381cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, 3391cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3401cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context, 3411cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3421cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context, 3431cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3441cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_SRP 3451cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, 3461cb0ef41Sopenharmony_ci size_t chainidx); 3471cb0ef41Sopenharmony_ci#endif 3481cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, 3491cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3501cb0ef41Sopenharmony_ci size_t chainidx); 3511cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, 3521cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3531cb0ef41Sopenharmony_ci size_t chainidx); 3541cb0ef41Sopenharmony_ci 3551cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt, 3561cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3571cb0ef41Sopenharmony_ci size_t chainidx); 3581cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, 3591cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3601cb0ef41Sopenharmony_ci size_t chainidx); 3611cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, 3621cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3631cb0ef41Sopenharmony_ci size_t chainidx); 3641cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_OCSP 3651cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, 3661cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3671cb0ef41Sopenharmony_ci size_t chainidx); 3681cb0ef41Sopenharmony_ci#endif 3691cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_NEXTPROTONEG 3701cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context, 3711cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3721cb0ef41Sopenharmony_ci#endif 3731cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context, 3741cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3751cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_SRTP 3761cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context, 3771cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3781cb0ef41Sopenharmony_ci#endif 3791cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context, 3801cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3811cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_CT 3821cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context, 3831cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3841cb0ef41Sopenharmony_ci#endif 3851cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context, 3861cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3871cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, 3881cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3891cb0ef41Sopenharmony_ci size_t chainidx); 3901cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, 3911cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3921cb0ef41Sopenharmony_ci size_t chainidx); 3931cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt, 3941cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 3951cb0ef41Sopenharmony_ci size_t chainidx); 3961cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context, 3971cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 3981cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt, 3991cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 4001cb0ef41Sopenharmony_ci size_t chainidx); 4011cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, 4021cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4031cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, 4041cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4051cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_QUIC 4061cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_quic_transport_params_draft(SSL *s, WPACKET *pkt, 4071cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 4081cb0ef41Sopenharmony_ci size_t chainidx); 4091cb0ef41Sopenharmony_ci 4101cb0ef41Sopenharmony_ciEXT_RETURN tls_construct_ctos_quic_transport_params(SSL *s, WPACKET *pkt, 4111cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 4121cb0ef41Sopenharmony_ci size_t chainidx); 4131cb0ef41Sopenharmony_ci#endif 4141cb0ef41Sopenharmony_ci 4151cb0ef41Sopenharmony_ciint tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, 4161cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4171cb0ef41Sopenharmony_ciint tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context, 4181cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4191cb0ef41Sopenharmony_ciint tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, 4201cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4211cb0ef41Sopenharmony_ciint tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context, 4221cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4231cb0ef41Sopenharmony_ciint tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context, 4241cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4251cb0ef41Sopenharmony_ciint tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context, 4261cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4271cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_OCSP 4281cb0ef41Sopenharmony_ciint tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context, 4291cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4301cb0ef41Sopenharmony_ci#endif 4311cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_CT 4321cb0ef41Sopenharmony_ciint tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4331cb0ef41Sopenharmony_ci size_t chainidx); 4341cb0ef41Sopenharmony_ci#endif 4351cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_NEXTPROTONEG 4361cb0ef41Sopenharmony_ciint tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4371cb0ef41Sopenharmony_ci size_t chainidx); 4381cb0ef41Sopenharmony_ci#endif 4391cb0ef41Sopenharmony_ciint tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4401cb0ef41Sopenharmony_ci size_t chainidx); 4411cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_SRTP 4421cb0ef41Sopenharmony_ciint tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4431cb0ef41Sopenharmony_ci size_t chainidx); 4441cb0ef41Sopenharmony_ci#endif 4451cb0ef41Sopenharmony_ciint tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4461cb0ef41Sopenharmony_ci size_t chainidx); 4471cb0ef41Sopenharmony_ciint tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4481cb0ef41Sopenharmony_ci size_t chainidx); 4491cb0ef41Sopenharmony_ciint tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context, 4501cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4511cb0ef41Sopenharmony_ciint tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4521cb0ef41Sopenharmony_ci size_t chainidx); 4531cb0ef41Sopenharmony_ciint tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4541cb0ef41Sopenharmony_ci size_t chainidx); 4551cb0ef41Sopenharmony_ciint tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, 4561cb0ef41Sopenharmony_ci size_t chainidx); 4571cb0ef41Sopenharmony_ci#ifndef OPENSSL_NO_QUIC 4581cb0ef41Sopenharmony_ciint tls_parse_stoc_quic_transport_params_draft(SSL *s, PACKET *pkt, 4591cb0ef41Sopenharmony_ci unsigned int context, X509 *x, 4601cb0ef41Sopenharmony_ci size_t chainidx); 4611cb0ef41Sopenharmony_ci 4621cb0ef41Sopenharmony_ciint tls_parse_stoc_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, 4631cb0ef41Sopenharmony_ci X509 *x, size_t chainidx); 4641cb0ef41Sopenharmony_ci#endif 4651cb0ef41Sopenharmony_ci 4661cb0ef41Sopenharmony_ciint tls_handle_alpn(SSL *s); 4671cb0ef41Sopenharmony_ci 4681cb0ef41Sopenharmony_ciint tls13_save_handshake_digest_for_pha(SSL *s); 4691cb0ef41Sopenharmony_ciint tls13_restore_handshake_digest_for_pha(SSL *s); 470