Move ALPN processing into an extension finalisation function
[openssl.git] / ssl / statem / extensions.c
index 8aba321..4c8ad7f 100644 (file)
 #include "../ssl_locl.h"
 #include "statem_locl.h"
 
+static int tls_ext_final_renegotiate(SSL *s, unsigned int context, int sent,
+                                     int *al);
+static int tls_ext_init_server_name(SSL *s, unsigned int context);
+static int tls_ext_final_server_name(SSL *s, unsigned int context, int sent,
+                                     int *al);
+static int tls_ext_init_status_request(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int tls_ext_init_npn(SSL *s, unsigned int context);
+#endif
+static int tls_ext_init_alpn(SSL *s, unsigned int context);
+static int tls_ext_final_alpn(SSL *s, unsigned int context, int sent, int *al);
+static int tls_ext_init_sig_algs(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_SRP
+static int tls_ext_init_srp(SSL *s, unsigned int context);
+#endif
+static int tls_ext_init_etm(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_SRTP
+static int tls_ext_init_srtp(SSL *s, unsigned int context);
+#endif
+
 typedef struct {
     /* The ID for the extension */
     unsigned int type;
+    /*
+     * Initialise extension before parsing. Always called for relevant contexts
+     * even if extension not present
+     */
+    int (*init_ext)(SSL *s, unsigned int context);
     /* Parse extension received by server from client */
     int (*parse_client_ext)(SSL *s, PACKET *pkt, int *al);
     /* Parse extension received by client from server */
@@ -22,6 +47,12 @@ typedef struct {
     int (*construct_server_ext)(SSL *s, WPACKET *pkt, int *al);
     /* Construct extension sent by client */
     int (*construct_client_ext)(SSL *s, WPACKET *pkt, int *al);
+    /*
+     * Finalise extension after parsing. Always called where an extensions was
+     * initialised even if the extension was not present. |sent| is set to 1 if
+     * the extension was seen, or 0 otherwise.
+     */
+    int (*finalise_ext)(SSL *s, unsigned int context, int sent, int *al);
     unsigned int context;
 } EXTENSION_DEFINITION;
 
@@ -33,101 +64,128 @@ typedef struct {
 static const EXTENSION_DEFINITION ext_defs[] = {
     {
         TLSEXT_TYPE_renegotiate,
+        NULL,
         tls_parse_client_renegotiate,
         tls_parse_server_renegotiate,
         tls_construct_server_renegotiate,
-        NULL,
+        tls_construct_client_renegotiate,
+        tls_ext_final_renegotiate,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_SSL3_ALLOWED
         | EXT_TLS1_2_AND_BELOW_ONLY
     },
     {
         TLSEXT_TYPE_server_name,
+        tls_ext_init_server_name,
         tls_parse_client_server_name,
         tls_parse_server_server_name,
         tls_construct_server_server_name,
-        NULL,
+        tls_construct_client_server_name,
+        tls_ext_final_server_name,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
         | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
     },
 #ifndef OPENSSL_NO_SRP
     {
         TLSEXT_TYPE_srp,
+        tls_ext_init_srp,
         tls_parse_client_srp,
         NULL,
         NULL,
+        tls_construct_client_srp,
         NULL,
-        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY
+        EXT_CLIENT_HELLO | EXT_TLS1_2_AND_BELOW_ONLY
     },
 #endif
 #ifndef OPENSSL_NO_EC
     {
         TLSEXT_TYPE_ec_point_formats,
+        NULL,
         tls_parse_client_ec_pt_formats,
         tls_parse_server_ec_pt_formats,
         tls_construct_server_ec_pt_formats,
+        tls_construct_client_ec_pt_formats,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_2_AND_BELOW_ONLY
     },
     {
         TLSEXT_TYPE_supported_groups,
+        NULL,
         tls_parse_client_supported_groups,
         NULL,
         NULL /* TODO(TLS1.3): Need to add this */,
+        tls_construct_client_supported_groups,
         NULL,
-        EXT_CLIENT_HELLO
-        | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        EXT_CLIENT_HELLO | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
     },
 #endif
     {
         TLSEXT_TYPE_session_ticket,
+        NULL,
         tls_parse_client_session_ticket,
         tls_parse_server_session_ticket,
         tls_construct_server_session_ticket,
+        tls_construct_client_session_ticket,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY
     },
     {
         TLSEXT_TYPE_signature_algorithms,
+        tls_ext_init_sig_algs,
         tls_parse_client_sig_algs,
         NULL,
         NULL,
+        tls_construct_client_sig_algs,
         NULL,
         EXT_CLIENT_HELLO
     },
+#ifndef OPENSSL_NO_OCSP
     {
         TLSEXT_TYPE_status_request,
+        tls_ext_init_status_request,
         tls_parse_client_status_request,
         tls_parse_server_status_request,
         tls_construct_server_status_request,
+        tls_construct_client_status_request,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
         | EXT_TLS1_3_CERTIFICATE
     },
+#endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
     {
         TLSEXT_TYPE_next_proto_neg,
+        tls_ext_init_npn,
         tls_parse_client_npn,
         tls_parse_server_npn,
         tls_construct_server_next_proto_neg,
+        tls_construct_client_npn,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY
     },
 #endif
     {
+        /*
+         * Must appear in this list after server_name so that finalisation
+         * happens after server_name callbacks
+         */
         TLSEXT_TYPE_application_layer_protocol_negotiation,
+        tls_ext_init_alpn,
         tls_parse_client_alpn,
         tls_parse_server_alpn,
         tls_construct_server_alpn,
-        NULL,
+        tls_construct_client_alpn,
+        tls_ext_final_alpn,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
         | EXT_TLS1_3_ENCRYPTED_EXTENSIONS
     },
 #ifndef OPENSSL_NO_SRTP
     {
         TLSEXT_TYPE_use_srtp,
+        tls_ext_init_srtp,
         tls_parse_client_use_srtp,
         tls_parse_server_use_srtp,
         tls_construct_server_use_srtp,
+        tls_construct_client_use_srtp,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
         | EXT_TLS1_3_ENCRYPTED_EXTENSIONS | EXT_DTLS_ONLY
@@ -135,15 +193,18 @@ static const EXTENSION_DEFINITION ext_defs[] = {
 #endif
     {
         TLSEXT_TYPE_encrypt_then_mac,
+        tls_ext_init_etm,
         tls_parse_client_etm,
         tls_parse_server_etm,
         tls_construct_server_etm,
+        tls_construct_client_etm,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY
     },
 #ifndef OPENSSL_NO_CT
     {
         TLSEXT_TYPE_signed_certificate_timestamp,
+        NULL,
         /*
          * No server side support for this, but can be provided by a custom
          * extension. This is an exception to the rule that custom extensions
@@ -152,6 +213,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         NULL,
         tls_parse_server_sct,
         NULL,
+        tls_construct_client_sct,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO
         | EXT_TLS1_3_CERTIFICATE
@@ -159,35 +221,32 @@ static const EXTENSION_DEFINITION ext_defs[] = {
 #endif
     {
         TLSEXT_TYPE_extended_master_secret,
+        NULL,
         tls_parse_client_ems,
         tls_parse_server_ems,
         tls_construct_server_ems,
+        tls_construct_client_ems,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY
     },
     {
         TLSEXT_TYPE_supported_versions,
-        /* Processed inline as part of version selection */
         NULL,
+        /* Processed inline as part of version selection */
         NULL,
         NULL,
         NULL,
-        EXT_CLIENT_HELLO | EXT_TLS_IMPLEMENTATION_ONLY
-    },
-    {
-        TLSEXT_TYPE_padding,
-        /* We send this, but don't read it */
-        NULL,
-        NULL,
-        NULL,
+        tls_construct_client_supported_versions,
         NULL,
-        EXT_CLIENT_HELLO
+        EXT_CLIENT_HELLO | EXT_TLS_IMPLEMENTATION_ONLY | EXT_TLS1_3_ONLY
     },
     {
         TLSEXT_TYPE_key_share,
+        NULL,
         tls_parse_client_key_share,
         tls_parse_server_key_share,
         tls_construct_server_key_share,
+        tls_construct_client_key_share,
         NULL,
         EXT_CLIENT_HELLO | EXT_TLS1_3_SERVER_HELLO
         | EXT_TLS1_3_HELLO_RETRY_REQUEST | EXT_TLS_IMPLEMENTATION_ONLY
@@ -201,9 +260,23 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         TLSEXT_TYPE_cryptopro_bug,
         NULL,
         NULL,
+        NULL,
         tls_construct_server_cryptopro_bug,
         NULL,
+        NULL,
         EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY
+    },
+    {
+        /* Last in the list because it must be added as the last extension */
+        TLSEXT_TYPE_padding,
+        NULL,
+        /* We send this, but don't read it */
+        NULL,
+        NULL,
+        NULL,
+        tls_construct_client_padding,
+        NULL,
+        EXT_CLIENT_HELLO
     }
 };
 
@@ -281,6 +354,21 @@ static int find_extension_definition(SSL *s, unsigned int type,
     return 0;
 }
 
+static int extension_is_relevant(SSL *s, unsigned int extctx,
+                                 unsigned int thisctx)
+{
+    if ((SSL_IS_DTLS(s)
+                && (extctx & EXT_TLS_IMPLEMENTATION_ONLY) != 0)
+            || (s->version == SSL3_VERSION
+                    && (extctx & EXT_SSL3_ALLOWED) == 0)
+            || (SSL_IS_TLS13(s)
+                && (extctx & EXT_TLS1_2_AND_BELOW_ONLY) != 0)
+            || (!SSL_IS_TLS13(s) && (extctx & EXT_TLS1_3_ONLY) != 0))
+        return 0;
+
+    return 1;
+}
+
 /*
  * Gather a list of all the extensions from the data in |packet]. |context|
  * tells us which message this extension is for. Ttls_parse_server_ec_pt_formatshe raw extension data is
@@ -359,6 +447,26 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
         }
     }
 
+    /*
+     * Initialise all known extensions relevant to this context, whether we have
+     * found them or not
+     */
+    for (i = 0; i < OSSL_NELEM(ext_defs); i++) {
+        if(ext_defs[i].init_ext != NULL && (ext_defs[i].context & context) != 0
+                && extension_is_relevant(s, ext_defs[i].context, context)
+                && !ext_defs[i].init_ext(s, context)) {
+            *ad = SSL_AD_INTERNAL_ERROR;
+            goto err;
+        }
+    }
+
+    /*
+     * Initialise server side custom extensions. Client side is done during
+     * construction of extensions for the ClientHello.
+     */
+    if ((context & (EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_3_SERVER_HELLO)) != 0)
+        custom_ext_init(&s->cert->srv_ext);
+
     *res = raw_extensions;
     *numfound = num_extensions;
     return 1;
@@ -368,8 +476,15 @@ int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
     return 0;
 }
 
-int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
-                             size_t numexts, int *al)
+/*
+ * Runs the parsers for all of the extensions in the given list |exts|, which
+ * should have |numexts| extensions in it. The parsers are only run if they are
+ * applicable for the given |context| and the parser has not already been run
+ * for that extension. Returns 1 on success or 0 on failure. In the event of a
+ * failure |*al| is populated with a suitable alert code.
+ */
+static int tls_parse_extension_list(SSL *s, int context, RAW_EXTENSION *exts,
+                                    size_t numexts, int *al)
 {
     size_t loop;
 
@@ -396,14 +511,7 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
                                : extdef->parse_server_ext;
 
             /* Check if extension is defined for our protocol. If not, skip */
-            if ((SSL_IS_DTLS(s)
-                        && (extdef->context & EXT_TLS_IMPLEMENTATION_ONLY) != 0)
-                    || (s->version == SSL3_VERSION
-                            && (extdef->context & EXT_SSL3_ALLOWED) == 0)
-                    || (SSL_IS_TLS13(s)
-                        && (extdef->context & EXT_TLS1_2_AND_BELOW_ONLY) != 0)
-                    || (!SSL_IS_TLS13(s)
-                        && (extdef->context & EXT_TLS1_3_ONLY) != 0))
+            if (!extension_is_relevant(s, extdef->context, context))
                 continue;
         }
 
@@ -435,6 +543,48 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
     return 1;
 }
 
+/*
+ * Parse all remaining extensions that have not yet been parsed. Also calls the
+ * finalisation for all extensions at the end. The given extensions must be in
+ * order of type (which happens by default during collection). Returns 1 for
+ * success or 0 for failure. On failure, |*al| is populated with a suitable
+ * alert code.
+ */
+int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
+                             size_t numexts, int *al)
+{
+    size_t loop;
+
+    if (!tls_parse_extension_list(s, context, exts, numexts, al))
+        return 0;
+
+    /*
+     * Finalise all known extensions relevant to this context, whether we have
+     * found them or not
+     */
+    for (loop = 0; loop < OSSL_NELEM(ext_defs); loop++) {
+        if(ext_defs[loop].finalise_ext != NULL
+                && (ext_defs[loop].context & context) != 0) {
+            size_t curr;
+
+            /*
+             * Work out whether this extension was sent or not. The sent
+             * extensions in |exts| are sorted by order of type
+             */
+            for (curr = 0; curr < numexts
+                           && exts[curr].type < ext_defs[loop].type; curr++)
+                continue;
+
+            if (!ext_defs[loop].finalise_ext(s, context,
+                    (curr < numexts && exts[curr].type == ext_defs[loop].type),
+                    al))
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
 /*
  * Find a specific extension by |type| in the list |exts| containing |numexts|
  * extensions, and the parse it immediately. Returns 1 on success, or 0 on
@@ -449,7 +599,7 @@ int tls_parse_extension(SSL *s, int type, int context, RAW_EXTENSION *exts,
     if (ext == NULL)
         return 1;
 
-    return tls_parse_all_extensions(s, context, ext, 1, al);
+    return tls_parse_extension_list(s, context, ext, 1, al);
 }
 
 int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
@@ -457,6 +607,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
 {
     size_t loop;
     int addcustom = 0;
+    int min_version, max_version = 0, reason;
 
     /*
      * Normally if something goes wrong during construction its an internal
@@ -477,6 +628,35 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
         return 0;
     }
 
+    if ((context & EXT_CLIENT_HELLO) != 0) {
+        reason = ssl_get_client_min_max_version(s, &min_version, &max_version);
+        if (reason != 0) {
+            SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, reason);
+            return 0;
+        }
+    }
+
+    /* Add custom extensions first */
+    if ((context & EXT_CLIENT_HELLO) != 0) {
+        custom_ext_init(&s->cert->cli_ext);
+        addcustom = 1;
+    } else if ((context & EXT_TLS1_2_SERVER_HELLO) != 0) {
+        /*
+         * We already initialised the custom extensions during ClientHello
+         * parsing.
+         * 
+         * TODO(TLS1.3): We're going to need a new custom extension mechanism
+         * for TLS1.3, so that custom extensions can specify which of the
+         * multiple message they wish to add themselves to.
+         */
+        addcustom = 1;
+    }
+
+    if (addcustom && !custom_ext_add(s, s->server, pkt, al)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
     for (loop = 0; loop < OSSL_NELEM(ext_defs); loop++) {
         int (*construct)(SSL *s, WPACKET *pkt, int *al);
 
@@ -499,6 +679,9 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
                 || (!SSL_IS_TLS13(s)
                     && (ext_defs[loop].context & EXT_TLS1_3_ONLY) != 0
                     && (context & EXT_CLIENT_HELLO) == 0)
+                || ((ext_defs[loop].context & EXT_TLS1_3_ONLY) != 0
+                    && (context & EXT_CLIENT_HELLO) != 0
+                    && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))
                 || construct == NULL)
             continue;
 
@@ -506,31 +689,184 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
             return 0;
     }
 
-    /* Add custom extensions */
-    if ((context & EXT_CLIENT_HELLO) != 0) {
-        custom_ext_init(&s->cert->cli_ext);
-        addcustom = 1;
-    } else if ((context & EXT_TLS1_2_SERVER_HELLO) != 0) {
-        /*
-         * We already initialised the custom extensions during ClientHello
-         * parsing.
-         * 
-         * TODO(TLS1.3): We're going to need a new custom extension mechanism
-         * for TLS1.3, so that custom extensions can specify which of the
-         * multiple message they wish to add themselves to.
-         */
-        addcustom = 1;
+    if (!WPACKET_close(pkt)) {
+        SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR);
+        return 0;
     }
 
-    if (addcustom && !custom_ext_add(s, s->server, pkt, al)) {
-        SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR);
+    return 1;
+}
+
+static int tls_ext_final_renegotiate(SSL *s, unsigned int context, int sent,
+                                     int *al)
+{
+    if (!s->server)
+        return 1;
+
+    /* Need RI if renegotiating */
+    if (s->renegotiate
+            && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+            && !sent) {
+        *al = SSL_AD_HANDSHAKE_FAILURE;
+        SSLerr(SSL_F_TLS_EXT_FINAL_RENEGOTIATE,
+               SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
         return 0;
     }
 
-    if (!WPACKET_close(pkt)) {
-        SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR);
+    return 1;
+}
+
+static int tls_ext_init_server_name(SSL *s, unsigned int context)
+{
+    if (s->server)
+        s->servername_done = 0;
+
+    return 1;
+}
+
+/* Call the servername callback. Returns 1 for success or 0 for failure. */
+static int tls_ext_final_server_name(SSL *s, unsigned int context, int sent,
+                                     int *al)
+{
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int altmp = SSL_AD_UNRECOGNIZED_NAME;
+
+    if (!s->server)
+        return 1;
+
+    if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+        ret = s->ctx->tlsext_servername_callback(s, &altmp,
+                                                 s->ctx->tlsext_servername_arg);
+    else if (s->initial_ctx != NULL
+             && s->initial_ctx->tlsext_servername_callback != 0)
+        ret = s->initial_ctx->tlsext_servername_callback(s, &altmp,
+                                       s->initial_ctx->tlsext_servername_arg);
+
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        *al = altmp;
         return 0;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        *al = altmp;
+        return 1;
+
+    case SSL_TLSEXT_ERR_NOACK:
+        s->servername_done = 0;
+        return 1;
+
+    default:
+        return 1;
     }
+}
+
+static int tls_ext_init_status_request(SSL *s, unsigned int context)
+{
+    if (s->server)
+        s->tlsext_status_type = -1;
 
     return 1;
 }
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int tls_ext_init_npn(SSL *s, unsigned int context)
+{
+    if (s->server)
+        s->s3->next_proto_neg_seen = 0;
+
+    return 1;
+}
+#endif
+
+static int tls_ext_init_alpn(SSL *s, unsigned int context)
+{
+    if (s->server) {
+        OPENSSL_free(s->s3->alpn_selected);
+        s->s3->alpn_selected = NULL;
+        s->s3->alpn_selected_len = 0;
+        OPENSSL_free(s->s3->alpn_proposed);
+        s->s3->alpn_proposed = NULL;
+        s->s3->alpn_proposed_len = 0;
+    }
+
+    return 1;
+}
+
+
+
+/*
+ * Process the ALPN extension in a ClientHello.
+ * al: a pointer to the alert value to send in the event of a failure.
+ * returns 1 on success, 0 on error.
+ */
+static int tls_ext_final_alpn(SSL *s, unsigned int context, int sent, int *al)
+{
+    const unsigned char *selected = NULL;
+    unsigned char selected_len = 0;
+
+    if (!s->server)
+        return 1;
+
+    if (s->ctx->alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
+        int r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
+                                       s->s3->alpn_proposed,
+                                       (unsigned int)s->s3->alpn_proposed_len,
+                                       s->ctx->alpn_select_cb_arg);
+
+        if (r == SSL_TLSEXT_ERR_OK) {
+            OPENSSL_free(s->s3->alpn_selected);
+            s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
+            if (s->s3->alpn_selected == NULL) {
+                *al = SSL_AD_INTERNAL_ERROR;
+                return 0;
+            }
+            s->s3->alpn_selected_len = selected_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+            /* ALPN takes precedence over NPN. */
+            s->s3->next_proto_neg_seen = 0;
+#endif
+        } else {
+            *al = SSL_AD_NO_APPLICATION_PROTOCOL;
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+static int tls_ext_init_sig_algs(SSL *s, unsigned int context)
+{
+    /* Clear any signature algorithms extension received */
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    s->s3->tmp.peer_sigalgs = NULL;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+static int tls_ext_init_srp(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->srp_ctx.login);
+    s->srp_ctx.login = NULL;
+
+    return 1;
+}
+#endif
+
+static int tls_ext_init_etm(SSL *s, unsigned int context)
+{
+    if (s->server)
+        s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+static int tls_ext_init_srtp(SSL *s, unsigned int context)
+{
+    if (s->server)
+        s->srtp_profile = NULL;
+
+    return 1;
+}
+#endif