Extend tls_construct_extensions() to enable passing of a certificate

The Certificate message in TLS1.3 has an extensions block for each
Certificate. Therefore we need to extend tls_construct_extensions() to pass
in the certificate we are working on. We also pass in the position in the
chain (with 0 being the first certificate).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2020)

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 8ccb76f09b26c92b5de2cf6c1e22bb6287210525..2dee62e9d59253f08b6827bde3387f900fe9701b 100644 (file)
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -60,9 +60,10 @@ typedef struct extensions_definition_st {
     /* Parse extension send from server to client */
     int (*parse_stoc)(SSL *s, PACKET *pkt, int *al);
     /* Construct extension sent from server to client */
-    int (*construct_stoc)(SSL *s, WPACKET *pkt, int *al);
+    int (*construct_stoc)(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                          int *al);
     /* Construct extension sent from client to server */
-    int (*construct_ctos)(SSL *s, WPACKET *pkt, int *al);
+    int (*construct_ctos)(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al);
     /*
      * Finalise extension after parsing. Always called where an extensions was
      * initialised even if the extension was not present. |sent| is set to 1 if
@@ -545,12 +546,15 @@ int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, int *al)
 
 /*
  * Construct all the extensions relevant to the current |context| and write
- * them to |pkt|. Returns 1 on success or 0 on failure. If a failure occurs then
- * |al| is populated with a suitable alert code. On a failure construction stops
- * at the first extension to fail to construct.
+ * them to |pkt|. If this is an extension for a Certificate in a Certificate
+ * message, then |x| will be set to the Certificate we are handling, and |chain|
+ * will indicate the position in the chain we are processing (with 0 being the
+ * first in the chain). Returns 1 on success or 0 on failure. If a failure
+ * occurs then |al| is populated with a suitable alert code. On a failure
+ * construction stops at the first extension to fail to construct.
  */
 int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
-                             int *al)
+                             X509 *x, size_t chain, int *al)
 {
     size_t i;
     int addcustom = 0, min_version, max_version = 0, reason, tmpal;
@@ -605,7 +609,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
     }
 
     for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {
-        int (*construct)(SSL *s, WPACKET *pkt, int *al);
+        int (*construct)(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al);
 
         /* Skip if not relevant for our context */
         if ((thisexd->context & context) == 0)
@@ -632,7 +636,7 @@ int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
                 || construct == NULL)
             continue;
 
-        if (!construct(s, pkt, &tmpal))
+        if (!construct(s, pkt, x, chain, &tmpal))
             goto err;
     }
 

diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index f291e5ff150e8d67dc4c9c8873737d23b76e474b..713999f190639c94a1d7929ad1b6f765ad13f0fe 100644 (file)
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -12,7 +12,8 @@
 #include "../ssl_locl.h"
 #include "statem_locl.h"
 
-int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al)
 {
     /* Add RI if renegotiating */
     if (!s->renegotiate)
@@ -30,7 +31,8 @@ int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al)
 {
     if (s->tlsext_hostname == NULL)
         return 1;
@@ -54,7 +56,7 @@ int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, int *al)
 }
 
 #ifndef OPENSSL_NO_SRP
-int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
 {
     /* Add SRP username if there is one */
     if (s->srp_ctx.login == NULL)
@@ -105,7 +107,8 @@ static int use_ecc(SSL *s)
     return i < end;
 }
 
-int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
+                                     size_t chain, int *al)
 {
     const unsigned char *pformats;
     size_t num_formats;
@@ -128,8 +131,8 @@ int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-
-int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, X509 *x,
+                                        size_t chain, int *al)
 {
     const unsigned char *pcurves = NULL, *pcurvestmp;
     size_t num_curves = 0, i;
@@ -178,7 +181,8 @@ int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, int *al)
 }
 #endif
 
-int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al)
 {
     size_t ticklen;
 
@@ -217,7 +221,8 @@ int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                int *al)
 {
     size_t salglen;
     const unsigned char *salg;
@@ -242,7 +247,8 @@ int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, int *al)
 }
 
 #ifndef OPENSSL_NO_OCSP
-int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al)
 {
     int i;
 
@@ -304,7 +310,7 @@ int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, int *al)
 #endif
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
-int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
 {
     if (s->ctx->next_proto_select_cb == NULL || s->s3->tmp.finish_md_len != 0)
         return 1;
@@ -323,7 +329,8 @@ int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, int *al)
 }
 #endif
 
-int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                            int *al)
 {
     s->s3->alpn_sent = 0;
 
@@ -351,7 +358,8 @@ int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, int *al)
 
 
 #ifndef OPENSSL_NO_SRTP
-int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                int *al)
 {
     STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
     int i, end;
@@ -390,7 +398,7 @@ int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, int *al)
 }
 #endif
 
-int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
 {
     if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
         return 1;
@@ -405,7 +413,7 @@ int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, int *al)
 }
 
 #ifndef OPENSSL_NO_CT
-int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
 {
     if (s->ct_validation_callback == NULL)
         return 1;
@@ -420,7 +428,7 @@ int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, int *al)
 }
 #endif
 
-int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
 {
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
             || !WPACKET_put_bytes_u16(pkt, 0)) {
@@ -431,7 +439,8 @@ int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, X509 *x,
+                                          size_t chain, int *al)
 {
     int currv, min_version, max_version, reason;
 
@@ -477,8 +486,8 @@ int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-
-int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                 int *al)
 {
 #ifndef OPENSSL_NO_TLS1_3
     size_t i, sharessent = 0, num_curves = 0;
@@ -568,7 +577,8 @@ int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al)
 #define F5_WORKAROUND_MIN_MSG_LEN   0xff
 #define F5_WORKAROUND_MAX_MSG_LEN   0x200
 
-int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                               int *al)
 {
     unsigned char *padbytes;
     size_t hlen;

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 74db91d291485da850074cf65c89f66ae3cd7de9..7f0b80c03979d6cd364eded7d51e50a378d7e1fc 100644 (file)
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -656,7 +656,8 @@ int tls_parse_ctos_ems(SSL *s, PACKET *pkt, int *al)
 /*
  * Add the server's renegotiation binding
  */
-int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al)
 {
     if (!s->s3->send_connection_binding)
         return 1;
@@ -677,7 +678,8 @@ int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al)
 {
     if (s->hit || s->servername_done != 1
             || s->session->tlsext_hostname == NULL)
@@ -693,7 +695,8 @@ int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, int *al)
 }
 
 #ifndef OPENSSL_NO_EC
-int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
+                                     size_t chain, int *al)
 {
     unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
     unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -718,7 +721,8 @@ int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, int *al)
 }
 #endif
 
-int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al)
 {
     if (!s->tlsext_ticket_expected || !tls_use_ticket(s)) {
         s->tlsext_ticket_expected = 0;
@@ -735,7 +739,8 @@ int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, int *al)
 }
 
 #ifndef OPENSSL_NO_OCSP
-int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, X509 *x,
+                                     size_t chain, int *al)
 {
     if (!s->tlsext_status_expected)
         return 1;
@@ -750,9 +755,9 @@ int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, int *al)
 }
 #endif
 
-
 #ifndef OPENSSL_NO_NEXTPROTONEG
-int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al)
 {
     const unsigned char *npa;
     unsigned int npalen;
@@ -779,7 +784,8 @@ int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, int *al)
 }
 #endif
 
-int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                            int *al)
 {
     if (s->s3->alpn_selected == NULL)
         return 1;
@@ -800,7 +806,8 @@ int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, int *al)
 }
 
 #ifndef OPENSSL_NO_SRTP
-int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                int *al)
 {
     if (s->srtp_profile == NULL)
         return 1;
@@ -819,7 +826,7 @@ int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, int *al)
 }
 #endif
 
-int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
 {
     if ((s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) == 0)
         return 1;
@@ -845,7 +852,7 @@ int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)
 {
     if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
         return 1;
@@ -859,7 +866,8 @@ int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                 int *al)
 {
 #ifndef OPENSSL_NO_TLS1_3
     unsigned char *encodedPoint;
@@ -915,7 +923,8 @@ int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, int *al)
     return 1;
 }
 
-int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, int *al)
+int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, X509 *x,
+                                     size_t chain, int *al)
 {
     const unsigned char cryptopro_ext[36] = {
         0xfd, 0xe8,         /* 65000 */

diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a80d670cbb6615bb7ca2d33ac8db0bb09c0577be..3d9fe79335b09c84906a880285acd49d3289d8ed 100644 (file)
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1011,7 +1011,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt)
     }
 
     /* TLS extensions */
-    if (!tls_construct_extensions(s, pkt, EXT_CLIENT_HELLO, &al)) {
+    if (!tls_construct_extensions(s, pkt, EXT_CLIENT_HELLO, NULL, 0, &al)) {
         ssl3_send_alert(s, SSL3_AL_FATAL, al);
         SSLerr(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
         return 0;

diff --git a/ssl/statem/statem_locl.h b/ssl/statem/statem_locl.h
index 94e64b577b140b6515085dacbe1283b5cf0c7038..7e34aade129fcd1c5ae64659af264e8166b54b05 100644 (file)
--- a/ssl/statem/statem_locl.h
+++ b/ssl/statem/statem_locl.h
@@ -160,7 +160,7 @@ __owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
 __owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
                                     int *al);
 __owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
-                                    int *al);
+                                    X509 *x, size_t chain, int *al);
 
 /* Server Extension processing */
 int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, int *al);
@@ -188,62 +188,91 @@ int tls_parse_ctos_etm(SSL *s, PACKET *pkt, int *al);
 int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, int *al);
 int tls_parse_ctos_ems(SSL *s, PACKET *pkt, int *al);
 
-int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al);
+int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al);
 #ifndef OPENSSL_NO_EC
-int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
+                                     size_t chain, int *al);
 #endif
-int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al);
 #ifndef OPENSSL_NO_OCSP
-int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_status_request(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al);
 #endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
-int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al);
 #endif
-int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                            int *al);
 #ifndef OPENSSL_NO_SRTP
-int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                int *al);
 #endif
-int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                           int *al);
+int tls_construct_stoc_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                           int *al);
+int tls_construct_stoc_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                 int *al);
 /*
  * Not in public headers as this is not an official extension. Only used when
  * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set.
  */
 #define TLSEXT_TYPE_cryptopro_bug      0xfde8
-int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, X509 *x,
+                                     size_t chain, int *al);
 
 /* Client Extension processing */
-int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al);
+int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al);
 #ifndef OPENSSL_NO_SRP
-int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                   int *al);
 #endif
 #ifndef OPENSSL_NO_EC
-int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,
+                                     size_t chain, int *al);
+int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, X509 *x,
+                                        size_t chain, int *al);
 #endif
-int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al);
+int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                int *al);
 #ifndef OPENSSL_NO_OCSP
-int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,
+                                      size_t chain, int *al);
 #endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
-int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                           int *al);
 #endif
-int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                            int *al);
 #ifndef OPENSSL_NO_SRTP
-int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                int *al);
 #endif
-int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                           int *al);
 #ifndef OPENSSL_NO_CT
-int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                           int *al);
 #endif
-int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, int *al);
-int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, int *al);
+int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                           int *al);
+int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, X509 *x,
+                                          size_t chain, int *al);
+int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                                 int *al);
+int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chain,
+                               int *al);
 int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, int *al);
 int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, int *al);
 #ifndef OPENSSL_NO_EC

diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 56f39987039547ecf3936a8acc513a7e513d9a03..d21628f28703c3405f7a8473eefd7ace0fdded45 100644 (file)
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1912,7 +1912,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt)
             || !tls_construct_extensions(s, pkt,
                                          SSL_IS_TLS13(s)
                                             ? EXT_TLS1_3_SERVER_HELLO
-                                            : EXT_TLS1_2_SERVER_HELLO, &al)) {
+                                            : EXT_TLS1_2_SERVER_HELLO,
+                                         NULL, 0, &al)) {
         SSLerr(SSL_F_TLS_CONSTRUCT_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
         goto err;
     }
@@ -3497,7 +3498,8 @@ static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt)
      * message.
      */
     if (!tls_construct_extensions(s, pkt, EXT_TLS1_3_ENCRYPTED_EXTENSIONS
-                                          | EXT_TLS1_3_CERTIFICATE, &al)) {
+                                          | EXT_TLS1_3_CERTIFICATE,
+                                  NULL, 0, &al)) {
         ssl3_send_alert(s, SSL3_AL_FATAL, al);
         SSLerr(SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS, ERR_R_INTERNAL_ERROR);
         ssl3_send_alert(s, SSL3_AL_FATAL, al);