diff options
| author | Matt Caswell <matt@openssl.org> | 2017-04-05 11:59:23 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2017-04-07 13:41:04 +0100 |
| commit | 43ae5eed6f8665b88f45445df666ab2688aae7b0 (patch) | |
| tree | 33413025b37f6fb6f4d406591c9fbbb066702d1b /include | |
| parent | fe874d27d33faa527b5e945137787bf6b0f5c253 (diff) | |
Implement a new custom extensions API
The old custom extensions API was not TLSv1.3 aware. Extensions are used
extensively in TLSv1.3 and they can appear in many different types of
messages. Therefore we need a new API to be able to cope with that.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
Diffstat (limited to 'include')
| -rw-r--r-- | include/openssl/ssl.h | 45 |
1 files changed, 36 insertions, 9 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 8e2d934fde..8dbfe91f63 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -259,19 +259,21 @@ typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, #define SSL_EXT_TLS_IMPLEMENTATION_ONLY 0x0004 /* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */ #define SSL_EXT_SSL3_ALLOWED 0x0008 -/* Extension is only defined for TLS1.2 and above */ +/* Extension is only defined for TLS1.2 and below */ #define SSL_EXT_TLS1_2_AND_BELOW_ONLY 0x0010 /* Extension is only defined for TLS1.3 and above */ #define SSL_EXT_TLS1_3_ONLY 0x0020 -#define SSL_EXT_CLIENT_HELLO 0x0040 +/* Ignore this extension during parsing if we are resuming */ +#define SSL_EXT_IGNORE_ON_RESUMPTION 0x0040 +#define SSL_EXT_CLIENT_HELLO 0x0080 /* Really means TLS1.2 or below */ -#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0080 -#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0100 -#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0200 -#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0400 -#define SSL_EXT_TLS1_3_CERTIFICATE 0x0800 -#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x1000 -#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x2000 +#define SSL_EXT_TLS1_2_SERVER_HELLO 0x0100 +#define SSL_EXT_TLS1_3_SERVER_HELLO 0x0200 +#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS 0x0400 +#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST 0x0800 +#define SSL_EXT_TLS1_3_CERTIFICATE 0x1000 +#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET 0x2000 +#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST 0x4000 /* Typedefs for handling custom extensions */ @@ -286,6 +288,23 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg); + +typedef int (*custom_ext_add_cb_ex) (SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char **out, + size_t *outlen, X509 *x, size_t chainidx, + int *al, void *add_arg); + +typedef void (*custom_ext_free_cb_ex) (SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *out, void *add_arg); + +typedef int (*custom_ext_parse_cb_ex) (SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, size_t chainidx, + int *al, void *parse_arg); + /* Typedef for verification callback */ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); @@ -779,6 +798,14 @@ __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, custom_ext_parse_cb parse_cb, void *parse_arg); +__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + unsigned int context, + custom_ext_add_cb_ex add_cb, + custom_ext_free_cb_ex free_cb, + void *add_arg, + custom_ext_parse_cb_ex parse_cb, + void *parse_arg); + __owur int SSL_extension_supported(unsigned int ext_type); # define SSL_NOTHING 1 |