1 /*
2 * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /* Custom extension utility functions */
11
12 #include <openssl/ct.h>
13 #include "../ssl_local.h"
14 #include "internal/cryptlib.h"
15 #include "internal/ssl_unwrap.h"
16 #include "statem_local.h"
17
18 typedef struct {
19 void *add_arg;
20 custom_ext_add_cb add_cb;
21 custom_ext_free_cb free_cb;
22 } custom_ext_add_cb_wrap;
23
24 typedef struct {
25 void *parse_arg;
26 custom_ext_parse_cb parse_cb;
27 } custom_ext_parse_cb_wrap;
28
29 /*
30 * Provide thin wrapper callbacks which convert new style arguments to old style
31 */
custom_ext_add_old_cb_wrap(SSL * s,unsigned int ext_type,unsigned int context,const unsigned char ** out,size_t * outlen,X509 * x,size_t chainidx,int * al,void * add_arg)32 static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
33 unsigned int context,
34 const unsigned char **out,
35 size_t *outlen, X509 *x, size_t chainidx,
36 int *al, void *add_arg)
37 {
38 custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
39
40 if (add_cb_wrap->add_cb == NULL)
41 return 1;
42
43 return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
44 add_cb_wrap->add_arg);
45 }
46
custom_ext_free_old_cb_wrap(SSL * s,unsigned int ext_type,unsigned int context,const unsigned char * out,void * add_arg)47 static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
48 unsigned int context,
49 const unsigned char *out, void *add_arg)
50 {
51 custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
52
53 if (add_cb_wrap->free_cb == NULL)
54 return;
55
56 add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
57 }
58
custom_ext_parse_old_cb_wrap(SSL * s,unsigned int ext_type,unsigned int context,const unsigned char * in,size_t inlen,X509 * x,size_t chainidx,int * al,void * parse_arg)59 static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
60 unsigned int context,
61 const unsigned char *in,
62 size_t inlen, X509 *x, size_t chainidx,
63 int *al, void *parse_arg)
64 {
65 custom_ext_parse_cb_wrap *parse_cb_wrap =
66 (custom_ext_parse_cb_wrap *)parse_arg;
67
68 if (parse_cb_wrap->parse_cb == NULL)
69 return 1;
70
71 return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
72 parse_cb_wrap->parse_arg);
73 }
74
75 /*
76 * Find a custom extension from the list. The |role| param is there to
77 * support the legacy API where custom extensions for client and server could
78 * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
79 * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
80 * client, or ENDPOINT_BOTH for either
81 */
custom_ext_find(const custom_ext_methods * exts,ENDPOINT role,unsigned int ext_type,size_t * idx)82 custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
83 ENDPOINT role, unsigned int ext_type,
84 size_t *idx)
85 {
86 size_t i;
87 custom_ext_method *meth = exts->meths;
88
89 for (i = 0; i < exts->meths_count; i++, meth++) {
90 if (ext_type == meth->ext_type
91 && (role == ENDPOINT_BOTH || role == meth->role
92 || meth->role == ENDPOINT_BOTH)) {
93 if (idx != NULL)
94 *idx = i;
95 return meth;
96 }
97 }
98 return NULL;
99 }
100
101 /*
102 * Initialise custom extensions flags to indicate neither sent nor received.
103 */
custom_ext_init(custom_ext_methods * exts)104 void custom_ext_init(custom_ext_methods *exts)
105 {
106 size_t i;
107 custom_ext_method *meth = exts->meths;
108
109 for (i = 0; i < exts->meths_count; i++, meth++)
110 meth->ext_flags &= ~(SSL_EXT_FLAG_SENT | SSL_EXT_FLAG_RECEIVED);
111 }
112
113 /* Pass received custom extension data to the application for parsing. */
custom_ext_parse(SSL_CONNECTION * s,unsigned int context,unsigned int ext_type,const unsigned char * ext_data,size_t ext_size,X509 * x,size_t chainidx)114 int custom_ext_parse(SSL_CONNECTION *s, unsigned int context,
115 unsigned int ext_type,
116 const unsigned char *ext_data, size_t ext_size, X509 *x,
117 size_t chainidx)
118 {
119 int al = 0;
120 custom_ext_methods *exts = &s->cert->custext;
121 custom_ext_method *meth;
122 ENDPOINT role = ENDPOINT_BOTH;
123
124 if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
125 role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
126
127 meth = custom_ext_find(exts, role, ext_type, NULL);
128 /* If not found return success */
129 if (!meth)
130 return 1;
131
132 /* Check if extension is defined for our protocol. If not, skip */
133 if (!extension_is_relevant(s, meth->context, context))
134 return 1;
135
136 if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
137 | SSL_EXT_TLS1_3_SERVER_HELLO
138 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
139 /*
140 * If it's ServerHello or EncryptedExtensions we can't have any
141 * extensions not sent in ClientHello.
142 */
143 if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
144 SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_R_BAD_EXTENSION);
145 return 0;
146 }
147 }
148
149 /*
150 * Extensions received in the ClientHello or CertificateRequest are marked
151 * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
152 * extensions in the response messages
153 */
154 if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST))
155 != 0)
156 meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
157
158 /* If no parse function set return success */
159 if (meth->parse_cb == NULL)
160 return 1;
161
162 if (meth->parse_cb(SSL_CONNECTION_GET_USER_SSL(s), ext_type, context, ext_data,
163 ext_size, x, chainidx, &al, meth->parse_arg) <= 0) {
164 SSLfatal(s, al, SSL_R_BAD_EXTENSION);
165 return 0;
166 }
167
168 return 1;
169 }
170
171 /*
172 * Request custom extension data from the application and add to the return
173 * buffer.
174 */
custom_ext_add(SSL_CONNECTION * s,int context,WPACKET * pkt,X509 * x,size_t chainidx,int maxversion)175 int custom_ext_add(SSL_CONNECTION *s, int context, WPACKET *pkt, X509 *x,
176 size_t chainidx, int maxversion)
177 {
178 custom_ext_methods *exts = &s->cert->custext;
179 custom_ext_method *meth;
180 size_t i;
181 int al;
182 int for_comp = (context & SSL_EXT_TLS1_3_CERTIFICATE_COMPRESSION) != 0;
183
184 for (i = 0; i < exts->meths_count; i++) {
185 const unsigned char *out = NULL;
186 size_t outlen = 0;
187
188 meth = exts->meths + i;
189
190 if (!should_add_extension(s, meth->context, context, maxversion))
191 continue;
192
193 if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
194 | SSL_EXT_TLS1_3_SERVER_HELLO
195 | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
196 | SSL_EXT_TLS1_3_CERTIFICATE
197 | SSL_EXT_TLS1_3_RAW_PUBLIC_KEY
198 | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
199 /* Only send extensions present in ClientHello/CertificateRequest */
200 if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
201 continue;
202 }
203 /*
204 * We skip it if the callback is absent - except for a ClientHello where
205 * we add an empty extension.
206 */
207 if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
208 continue;
209
210 if (meth->add_cb != NULL) {
211 int cb_retval = meth->add_cb(SSL_CONNECTION_GET_USER_SSL(s),
212 meth->ext_type, context, &out,
213 &outlen, x, chainidx, &al,
214 meth->add_arg);
215
216 if (cb_retval < 0) {
217 if (!for_comp)
218 SSLfatal(s, al, SSL_R_CALLBACK_FAILED);
219 return 0; /* error */
220 }
221 if (cb_retval == 0)
222 continue; /* skip this extension */
223 }
224
225 if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
226 || !WPACKET_start_sub_packet_u16(pkt)
227 || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
228 || !WPACKET_close(pkt)) {
229 if (meth->free_cb != NULL)
230 meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type,
231 context, out, meth->add_arg);
232 if (!for_comp)
233 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
234 return 0;
235 }
236 if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
237 /*
238 * We can't send duplicates: code logic should prevent this.
239 */
240 if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
241 if (meth->free_cb != NULL)
242 meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type,
243 context, out, meth->add_arg);
244 if (!for_comp)
245 SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
246 return 0;
247 }
248 /*
249 * Indicate extension has been sent: this is both a sanity check to
250 * ensure we don't send duplicate extensions and indicates that it
251 * is not an error if the extension is present in ServerHello.
252 */
253 meth->ext_flags |= SSL_EXT_FLAG_SENT;
254 }
255 if (meth->free_cb != NULL)
256 meth->free_cb(SSL_CONNECTION_GET_USER_SSL(s), meth->ext_type,
257 context, out, meth->add_arg);
258 }
259 return 1;
260 }
261
262 /* Copy the flags from src to dst for any extensions that exist in both */
custom_exts_copy_flags(custom_ext_methods * dst,const custom_ext_methods * src)263 int custom_exts_copy_flags(custom_ext_methods *dst,
264 const custom_ext_methods *src)
265 {
266 size_t i;
267 custom_ext_method *methsrc = src->meths;
268
269 for (i = 0; i < src->meths_count; i++, methsrc++) {
270 custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
271 methsrc->ext_type, NULL);
272
273 if (methdst == NULL)
274 continue;
275
276 methdst->ext_flags = methsrc->ext_flags;
277 }
278
279 return 1;
280 }
281
282 /* Copy old style API wrapper arguments */
custom_ext_copy_old_cb(custom_ext_method * methdst,const custom_ext_method * methsrc,int * err)283 static void custom_ext_copy_old_cb(custom_ext_method *methdst,
284 const custom_ext_method *methsrc,
285 int *err)
286 {
287 if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
288 return;
289
290 if (*err) {
291 methdst->add_arg = NULL;
292 methdst->parse_arg = NULL;
293 return;
294 }
295
296 methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
297 sizeof(custom_ext_add_cb_wrap));
298 methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
299 sizeof(custom_ext_parse_cb_wrap));
300
301 if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
302 *err = 1;
303
304 return;
305 }
306
307 /* Copy table of custom extensions */
custom_exts_copy(custom_ext_methods * dst,const custom_ext_methods * src)308 int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
309 {
310 size_t i;
311 int err = 0;
312
313 if (src->meths_count > 0) {
314 dst->meths =
315 OPENSSL_memdup(src->meths,
316 sizeof(*src->meths) * src->meths_count);
317 if (dst->meths == NULL)
318 return 0;
319 dst->meths_count = src->meths_count;
320
321 for (i = 0; i < src->meths_count; i++)
322 custom_ext_copy_old_cb(&dst->meths[i], &src->meths[i], &err);
323 }
324
325 if (err) {
326 custom_exts_free(dst);
327 return 0;
328 }
329
330 return 1;
331 }
332
333 /* Copy custom extensions that were set on connection */
custom_exts_copy_conn(custom_ext_methods * dst,const custom_ext_methods * src)334 int custom_exts_copy_conn(custom_ext_methods *dst,
335 const custom_ext_methods *src)
336 {
337 size_t i;
338 int err = 0;
339
340 if (src->meths_count > 0) {
341 size_t meths_count = 0;
342
343 for (i = 0; i < src->meths_count; i++)
344 if ((src->meths[i].ext_flags & SSL_EXT_FLAG_CONN) != 0)
345 meths_count++;
346
347 if (meths_count > 0) {
348 custom_ext_method *methdst =
349 OPENSSL_realloc(dst->meths,
350 (dst->meths_count + meths_count) *
351 sizeof(custom_ext_method));
352
353 if (methdst == NULL)
354 return 0;
355
356 for (i = 0; i < dst->meths_count; i++)
357 custom_ext_copy_old_cb(&methdst[i], &dst->meths[i], &err);
358
359 dst->meths = methdst;
360 methdst += dst->meths_count;
361
362 for (i = 0; i < src->meths_count; i++) {
363 custom_ext_method *methsrc = &src->meths[i];
364
365 if ((methsrc->ext_flags & SSL_EXT_FLAG_CONN) == 0)
366 continue;
367
368 memcpy(methdst, methsrc, sizeof(custom_ext_method));
369 custom_ext_copy_old_cb(methdst, methsrc, &err);
370 methdst++;
371 }
372
373 dst->meths_count += meths_count;
374 }
375 }
376
377 if (err) {
378 custom_exts_free(dst);
379 return 0;
380 }
381
382 return 1;
383 }
384
custom_exts_free(custom_ext_methods * exts)385 void custom_exts_free(custom_ext_methods *exts)
386 {
387 size_t i;
388 custom_ext_method *meth;
389
390 for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
391 if (meth->add_cb != custom_ext_add_old_cb_wrap)
392 continue;
393
394 /* Old style API wrapper. Need to free the arguments too */
395 OPENSSL_free(meth->add_arg);
396 OPENSSL_free(meth->parse_arg);
397 }
398 OPENSSL_free(exts->meths);
399 exts->meths = NULL;
400 exts->meths_count = 0;
401 }
402
403 /* Return true if a client custom extension exists, false otherwise */
SSL_CTX_has_client_custom_ext(const SSL_CTX * ctx,unsigned int ext_type)404 int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
405 {
406 return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
407 NULL) != NULL;
408 }
409
ossl_tls_add_custom_ext_intern(SSL_CTX * ctx,custom_ext_methods * exts,ENDPOINT role,unsigned int ext_type,unsigned int context,SSL_custom_ext_add_cb_ex add_cb,SSL_custom_ext_free_cb_ex free_cb,void * add_arg,SSL_custom_ext_parse_cb_ex parse_cb,void * parse_arg)410 int ossl_tls_add_custom_ext_intern(SSL_CTX *ctx, custom_ext_methods *exts,
411 ENDPOINT role, unsigned int ext_type,
412 unsigned int context,
413 SSL_custom_ext_add_cb_ex add_cb,
414 SSL_custom_ext_free_cb_ex free_cb,
415 void *add_arg,
416 SSL_custom_ext_parse_cb_ex parse_cb,
417 void *parse_arg)
418 {
419 custom_ext_method *meth, *tmp;
420
421 /*
422 * Check application error: if add_cb is not set free_cb will never be
423 * called.
424 */
425 if (add_cb == NULL && free_cb != NULL)
426 return 0;
427
428 if (exts == NULL)
429 exts = &ctx->cert->custext;
430
431 #ifndef OPENSSL_NO_CT
432 /*
433 * We don't want applications registering callbacks for SCT extensions
434 * whilst simultaneously using the built-in SCT validation features, as
435 * these two things may not play well together.
436 */
437 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
438 && (context & SSL_EXT_CLIENT_HELLO) != 0
439 && ctx != NULL
440 && SSL_CTX_ct_is_enabled(ctx))
441 return 0;
442 #endif
443
444 /*
445 * Don't add if extension supported internally, but make exception
446 * for extension types that previously were not supported, but now are.
447 */
448 if (SSL_extension_supported(ext_type)
449 && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
450 return 0;
451
452 /* Extension type must fit in 16 bits */
453 if (ext_type > 0xffff)
454 return 0;
455 /* Search for duplicate */
456 if (custom_ext_find(exts, role, ext_type, NULL))
457 return 0;
458 tmp = OPENSSL_realloc(exts->meths,
459 (exts->meths_count + 1) * sizeof(custom_ext_method));
460 if (tmp == NULL)
461 return 0;
462
463 exts->meths = tmp;
464 meth = exts->meths + exts->meths_count;
465 memset(meth, 0, sizeof(*meth));
466 meth->role = role;
467 meth->context = context;
468 meth->parse_cb = parse_cb;
469 meth->add_cb = add_cb;
470 meth->free_cb = free_cb;
471 meth->ext_type = ext_type;
472 meth->ext_flags = (ctx == NULL) ? SSL_EXT_FLAG_CONN : 0;
473 meth->add_arg = add_arg;
474 meth->parse_arg = parse_arg;
475 exts->meths_count++;
476 return 1;
477 }
478
add_old_custom_ext(SSL_CTX * ctx,ENDPOINT role,unsigned int ext_type,unsigned int context,custom_ext_add_cb add_cb,custom_ext_free_cb free_cb,void * add_arg,custom_ext_parse_cb parse_cb,void * parse_arg)479 static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
480 unsigned int ext_type,
481 unsigned int context,
482 custom_ext_add_cb add_cb,
483 custom_ext_free_cb free_cb,
484 void *add_arg,
485 custom_ext_parse_cb parse_cb, void *parse_arg)
486 {
487 custom_ext_add_cb_wrap *add_cb_wrap
488 = OPENSSL_malloc(sizeof(*add_cb_wrap));
489 custom_ext_parse_cb_wrap *parse_cb_wrap
490 = OPENSSL_malloc(sizeof(*parse_cb_wrap));
491 int ret;
492
493 if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
494 OPENSSL_free(add_cb_wrap);
495 OPENSSL_free(parse_cb_wrap);
496 return 0;
497 }
498
499 add_cb_wrap->add_arg = add_arg;
500 add_cb_wrap->add_cb = add_cb;
501 add_cb_wrap->free_cb = free_cb;
502 parse_cb_wrap->parse_arg = parse_arg;
503 parse_cb_wrap->parse_cb = parse_cb;
504
505 ret = ossl_tls_add_custom_ext_intern(ctx, NULL, role, ext_type,
506 context,
507 custom_ext_add_old_cb_wrap,
508 custom_ext_free_old_cb_wrap,
509 add_cb_wrap,
510 custom_ext_parse_old_cb_wrap,
511 parse_cb_wrap);
512
513 if (!ret) {
514 OPENSSL_free(add_cb_wrap);
515 OPENSSL_free(parse_cb_wrap);
516 }
517
518 return ret;
519 }
520
521 /* Application level functions to add the old custom extension callbacks */
SSL_CTX_add_client_custom_ext(SSL_CTX * ctx,unsigned int ext_type,custom_ext_add_cb add_cb,custom_ext_free_cb free_cb,void * add_arg,custom_ext_parse_cb parse_cb,void * parse_arg)522 int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
523 custom_ext_add_cb add_cb,
524 custom_ext_free_cb free_cb,
525 void *add_arg,
526 custom_ext_parse_cb parse_cb, void *parse_arg)
527 {
528 return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
529 SSL_EXT_TLS1_2_AND_BELOW_ONLY
530 | SSL_EXT_CLIENT_HELLO
531 | SSL_EXT_TLS1_2_SERVER_HELLO
532 | SSL_EXT_IGNORE_ON_RESUMPTION,
533 add_cb, free_cb, add_arg, parse_cb, parse_arg);
534 }
535
SSL_CTX_add_server_custom_ext(SSL_CTX * ctx,unsigned int ext_type,custom_ext_add_cb add_cb,custom_ext_free_cb free_cb,void * add_arg,custom_ext_parse_cb parse_cb,void * parse_arg)536 int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
537 custom_ext_add_cb add_cb,
538 custom_ext_free_cb free_cb,
539 void *add_arg,
540 custom_ext_parse_cb parse_cb, void *parse_arg)
541 {
542 return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
543 SSL_EXT_TLS1_2_AND_BELOW_ONLY
544 | SSL_EXT_CLIENT_HELLO
545 | SSL_EXT_TLS1_2_SERVER_HELLO
546 | SSL_EXT_IGNORE_ON_RESUMPTION,
547 add_cb, free_cb, add_arg, parse_cb, parse_arg);
548 }
549
SSL_CTX_add_custom_ext(SSL_CTX * ctx,unsigned int ext_type,unsigned int context,SSL_custom_ext_add_cb_ex add_cb,SSL_custom_ext_free_cb_ex free_cb,void * add_arg,SSL_custom_ext_parse_cb_ex parse_cb,void * parse_arg)550 int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
551 unsigned int context,
552 SSL_custom_ext_add_cb_ex add_cb,
553 SSL_custom_ext_free_cb_ex free_cb,
554 void *add_arg,
555 SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
556 {
557 return ossl_tls_add_custom_ext_intern(ctx, NULL, ENDPOINT_BOTH, ext_type,
558 context, add_cb, free_cb, add_arg,
559 parse_cb, parse_arg);
560 }
561
SSL_extension_supported(unsigned int ext_type)562 int SSL_extension_supported(unsigned int ext_type)
563 {
564 switch (ext_type) {
565 /* Internally supported extensions. */
566 case TLSEXT_TYPE_application_layer_protocol_negotiation:
567 case TLSEXT_TYPE_ec_point_formats:
568 case TLSEXT_TYPE_supported_groups:
569 case TLSEXT_TYPE_key_share:
570 #ifndef OPENSSL_NO_NEXTPROTONEG
571 case TLSEXT_TYPE_next_proto_neg:
572 #endif
573 case TLSEXT_TYPE_padding:
574 case TLSEXT_TYPE_renegotiate:
575 case TLSEXT_TYPE_max_fragment_length:
576 case TLSEXT_TYPE_server_name:
577 case TLSEXT_TYPE_session_ticket:
578 case TLSEXT_TYPE_signature_algorithms:
579 #ifndef OPENSSL_NO_SRP
580 case TLSEXT_TYPE_srp:
581 #endif
582 #ifndef OPENSSL_NO_OCSP
583 case TLSEXT_TYPE_status_request:
584 #endif
585 #ifndef OPENSSL_NO_CT
586 case TLSEXT_TYPE_signed_certificate_timestamp:
587 #endif
588 #ifndef OPENSSL_NO_SRTP
589 case TLSEXT_TYPE_use_srtp:
590 #endif
591 case TLSEXT_TYPE_encrypt_then_mac:
592 case TLSEXT_TYPE_supported_versions:
593 case TLSEXT_TYPE_extended_master_secret:
594 case TLSEXT_TYPE_psk_kex_modes:
595 case TLSEXT_TYPE_cookie:
596 case TLSEXT_TYPE_early_data:
597 case TLSEXT_TYPE_certificate_authorities:
598 case TLSEXT_TYPE_psk:
599 case TLSEXT_TYPE_post_handshake_auth:
600 case TLSEXT_TYPE_compress_certificate:
601 case TLSEXT_TYPE_client_cert_type:
602 case TLSEXT_TYPE_server_cert_type:
603 return 1;
604 default:
605 return 0;
606 }
607 }
608