/* The maximum number of bytes that can be sent as early data */
uint32_t max_early_data;
+
+ /* TLS1.3 padding callback */
+ size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+ void *record_padding_arg;
+ size_t block_padding;
};
struct ssl_st {
*/
uint32_t early_data_count;
+ /* TLS1.3 padding callback */
+ size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+ void *record_padding_arg;
+ size_t block_padding;
+
CRYPTO_RWLOCK *lock;
};
# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
(SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
+typedef enum {
+ ENDPOINT_CLIENT = 0,
+ ENDPOINT_SERVER,
+ ENDPOINT_BOTH
+} ENDPOINT;
+
+
typedef struct {
unsigned short ext_type;
+ ENDPOINT role;
+ /* The context which this extension applies to */
+ unsigned int context;
/*
* Per-connection flags relating to this extension type: not used if
* part of an SSL_CTX structure.
*/
uint32_t ext_flags;
- custom_ext_add_cb add_cb;
- custom_ext_free_cb free_cb;
+ SSL_custom_ext_add_cb_ex add_cb;
+ SSL_custom_ext_free_cb_ex free_cb;
void *add_arg;
- custom_ext_parse_cb parse_cb;
+ SSL_custom_ext_parse_cb_ex parse_cb;
void *parse_arg;
} custom_ext_method;
*/
X509_STORE *chain_store;
X509_STORE *verify_store;
- /* Custom extension methods for server and client */
- custom_ext_methods cli_ext;
- custom_ext_methods srv_ext;
+ /* Custom extensions */
+ custom_ext_methods custext;
/* Security callback */
int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
void *other, void *ex);
DOWNGRADE *dgrd);
__owur int ssl_choose_client_version(SSL *s, int version, int checkdgrd,
int *al);
-int ssl_get_client_min_max_version(const SSL *s, int *min_version,
- int *max_version);
+int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version);
__owur long tls1_default_timeout(void);
__owur int dtls1_do_write(SSL *s, int type);
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
void ssl_set_client_disabled(SSL *s);
-__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op);
+__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
size_t *hashlen);
__owur int srp_generate_client_master_secret(SSL *s);
__owur int srp_verify_server_param(SSL *s, int *al);
-/* t1_ext.c */
+/* statem/extensions_cust.c */
+
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+ ENDPOINT role, unsigned int ext_type,
+ size_t *idx);
void custom_ext_init(custom_ext_methods *meths);
-__owur int custom_ext_parse(SSL *s, int server,
- unsigned int ext_type,
+__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
const unsigned char *ext_data, size_t ext_size,
- int *al);
-__owur int custom_ext_add(SSL *s, int server, WPACKET *pkt, int *al);
+ X509 *x, size_t chainidx, int *al);
+__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x,
+ size_t chainidx, int maxversion, int *al);
__owur int custom_exts_copy(custom_ext_methods *dst,
const custom_ext_methods *src);
+__owur int custom_exts_copy_flags(custom_ext_methods *dst,
+ const custom_ext_methods *src);
void custom_exts_free(custom_ext_methods *exts);
void ssl_comp_free_compression_methods_int(void);