Add server side sanity checks of SNI/ALPN for use with early_data

[openssl.git] / ssl / statem / statem_locl.h

diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h
index 13fe5bfd674cbaf3d3834f1f869a7747e7cb99db..ae33fe5e5c2eba7735e67b46c70e023bad7c2ea7 100644 (file)
--- a/ssl/statem/statem_locl.h
+++ b/ssl/statem/statem_locl.h
@@ -63,6 +63,8 @@ int check_in_list(SSL *s, unsigned int group_id, const unsigned char *groups,
 int create_synthetic_message_hash(SSL *s);
 int parse_ca_names(SSL *s, PACKET *pkt, int *al);
 int construct_ca_names(SSL *s, WPACKET *pkt);
+size_t construct_key_exchange_tbs(const SSL *s, unsigned char **ptbs,
+                                  const void *param, size_t paramlen);
 
 /*
  * TLS/DTLS client state machine functions
@@ -156,7 +158,7 @@ MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt);
 
 /* Extension processing */
 
-typedef enum {
+typedef enum ext_return_en {
     EXT_RETURN_FAIL,
     EXT_RETURN_SENT,
     EXT_RETURN_NOT_SENT
@@ -181,7 +183,7 @@ __owur int tls_psk_do_binder(SSL *s, const EVP_MD *md,
                              const unsigned char *msgstart,
                              size_t binderoffset, const unsigned char *binderin,
                              unsigned char *binderout,
-                             SSL_SESSION *sess, int sign);
+                             SSL_SESSION *sess, int sign, int external);
 
 /* Server Extension processing */
 int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
@@ -388,3 +390,5 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                        size_t chainidx, int *al);
 int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
                        size_t chainidx, int *al);
+
+int tls_handle_alpn(SSL *s, int *al);