Add TLSv1.3 post-handshake authentication (PHA)

[openssl.git] / ssl / statem / extensions.c

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 5ad86f20af74e1b2b4881415cb0b831c45edd723..2faba13fd018a1f66fe653337f0c969030d6bebb 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -56,6 +56,8 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent);
 static int final_early_data(SSL *s, unsigned int context, int sent);
 static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
 
+static int init_post_handshake_auth(SSL *s, unsigned int context);
+
 /* Structure to define a built-in extension */
 typedef struct extensions_definition_st {
     /* The defined type for the extension */
@@ -289,6 +291,14 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         /* We do not generate signature_algorithms_cert at present. */
         NULL, NULL, NULL
     },
+    {
+        TLSEXT_TYPE_post_handshake_auth,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY,
+        init_post_handshake_auth,
+        tls_parse_ctos_post_handshake_auth, NULL,
+        NULL, tls_construct_ctos_post_handshake_auth,
+        NULL,
+    },
     {
         TLSEXT_TYPE_signature_algorithms,
         SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
@@ -1653,3 +1663,10 @@ static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
 
     return 1;
 }
+
+static int init_post_handshake_auth(SSL *s, unsigned int context)
+{
+    s->post_handshake_auth = SSL_PHA_NONE;
+
+    return 1;
+}