Rename the chain variable to chainidx

     */

    int (*init)(SSL *s, unsigned int context);

    /* Parse extension sent from client to server */

    int (*parse_ctos)(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);

    int (*parse_ctos)(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);

    /* Parse extension send from server to client */

    int (*parse_stoc)(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al);

    int (*parse_stoc)(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al);

    /* Construct extension sent from server to client */

    int (*construct_stoc)(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

    int (*construct_stoc)(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                          int *al);

    /* Construct extension sent from client to server */

    int (*construct_ctos)(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al);

    int (*construct_ctos)(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                          int *al);

    /*

     * Finalise extension after parsing. Always called where an extensions was

     * initialised even if the extension was not present. |sent| is set to 1 if

 * tls_collect_extensions(). The parser is only run if it is applicable for the

 * given |context| and the parser has not already been run. If this is for a

 * Certificate message, then we also provide the parser with the relevant

 * Certificate |x| and its position in the |chain| with 0 being the first

 * Certificate |x| and its position in the |chainidx| with 0 being the first

 * Certificate. Returns 1 on success or 0 on failure. In the event of a failure

 * |*al| is populated with a suitable alert code. If an extension is not present

 * this counted as success.

 */

int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,

                        RAW_EXTENSION *exts, X509 *x, size_t chain, int *al)

                        RAW_EXTENSION *exts, X509 *x, size_t chainidx, int *al)

{

    RAW_EXTENSION *currext = &exts[idx];

    int (*parser)(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al) = NULL;

    int (*parser)(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al) = NULL;

    /* Skip if the extension is not present */

    if (!currext->present)

        parser = s->server ? extdef->parse_ctos : extdef->parse_stoc;

        if (parser != NULL)

            return parser(s, &currext->data, x, chain, al);

            return parser(s, &currext->data, x, chainidx, al);

        /*

         * If the parser is NULL we fall through to the custom extension

    /*

     * This is a custom extension. We only allow this if it is a non

     * resumed session on the server side.

     *

     *chain

     * TODO(TLS1.3): We only allow old style <=TLS1.2 custom extensions.

     * We're going to need a new mechanism for TLS1.3 to specify which

     * messages to add the custom extensions to.

 * finalisation for all extensions at the end, whether we collected them or not.

 * Returns 1 for success or 0 for failure. If we are working on a Certificate

 * message then we also pass the Certificate |x| and its position in the

 * |chain|, with 0 being the first certificate. On failure, |*al| is populated

 * with a suitable alert code.

 * |chainidx|, with 0 being the first certificate. On failure, |*al| is

 * populated with a suitable alert code.

 */

int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,

                             size_t chain, int *al)

                             size_t chainidx, int *al)

{

    size_t i, numexts = OSSL_NELEM(ext_defs);

    const EXTENSION_DEFINITION *thisexd;

    /* Parse each extension in turn */

    for (i = 0; i < numexts; i++) {

        if (!tls_parse_extension(s, i, context, exts, x, chain, al))

        if (!tls_parse_extension(s, i, context, exts, x, chainidx, al))

            return 0;

    }

/*

 * Construct all the extensions relevant to the current |context| and write

 * them to |pkt|. If this is an extension for a Certificate in a Certificate

 * message, then |x| will be set to the Certificate we are handling, and |chain|

 * will indicate the position in the chain we are processing (with 0 being the

 * first in the chain). Returns 1 on success or 0 on failure. If a failure

 * occurs then |al| is populated with a suitable alert code. On a failure

 * construction stops at the first extension to fail to construct.

 * message, then |x| will be set to the Certificate we are handling, and

 * |chainidx| will indicate the position in the chainidx we are processing (with

 * 0 being the first in the chain). Returns 1 on success or 0 on failure. If a

 * failure occurs then |al| is populated with a suitable alert code. On a

 * failure construction stops at the first extension to fail to construct.

 */

int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,

                             X509 *x, size_t chain, int *al)

                             X509 *x, size_t chainidx, int *al)

{

    size_t i;

    int addcustom = 0, min_version, max_version = 0, reason, tmpal;

    }

    for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {

        int (*construct)(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al);

        int (*construct)(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                         int *al);

        /* Skip if not relevant for our context */

        if ((thisexd->context & context) == 0)

                || construct == NULL)

            continue;

        if (!construct(s, pkt, x, chain, &tmpal))

        if (!construct(s, pkt, x, chainidx, &tmpal))

            goto err;

    }

#include "../ssl_locl.h"

#include "statem_locl.h"

int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

                                   int *al)

int tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, X509 *x,

                                   size_t chainidx, int *al)

{

    /* Add RI if renegotiating */

    if (!s->renegotiate)

    return 1;

}

int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

                                   int *al)

int tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, X509 *x,

                                   size_t chainidx, int *al)

{

    if (s->tlsext_hostname == NULL)

        return 1;

}

#ifndef OPENSSL_NO_SRP

int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)

int tls_construct_ctos_srp(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                           int *al)

{

    /* Add SRP username if there is one */

    if (s->srp_ctx.login == NULL)

}

int tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, X509 *x,

                                     size_t chain, int *al)

                                     size_t chainidx, int *al)

{

    const unsigned char *pformats;

    size_t num_formats;

}

int tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt, X509 *x,

                                        size_t chain, int *al)

                                        size_t chainidx, int *al)

{

    const unsigned char *pcurves = NULL, *pcurvestmp;

    size_t num_curves = 0, i;

#endif

int tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt, X509 *x,

                                      size_t chain, int *al)

                                      size_t chainidx, int *al)

{

    size_t ticklen;

    return 1;

}

int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

int tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                                int *al)

{

    size_t salglen;

#ifndef OPENSSL_NO_OCSP

int tls_construct_ctos_status_request(SSL *s, WPACKET *pkt, X509 *x,

                                      size_t chain, int *al)

                                      size_t chainidx, int *al)

{

    int i;

#endif

#ifndef OPENSSL_NO_NEXTPROTONEG

int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)

int tls_construct_ctos_npn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                           int *al)

{

    if (s->ctx->next_proto_select_cb == NULL || s->s3->tmp.finish_md_len != 0)

        return 1;

}

#endif

int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

int tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                            int *al)

{

    s->s3->alpn_sent = 0;

#ifndef OPENSSL_NO_SRTP

int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

int tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                                int *al)

{

    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);

}

#endif

int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)

int tls_construct_ctos_etm(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                           int *al)

{

    if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)

        return 1;

}

#ifndef OPENSSL_NO_CT

int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)

int tls_construct_ctos_sct(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                           int *al)

{

    if (s->ct_validation_callback == NULL)

        return 1;

}

#endif

int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chain, int *al)

int tls_construct_ctos_ems(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                           int *al)

{

    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)

            || !WPACKET_put_bytes_u16(pkt, 0)) {

}

int tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt, X509 *x,

                                          size_t chain, int *al)

                                          size_t chainidx, int *al)

{

    int currv, min_version, max_version, reason;

    return 1;

}

int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

int tls_construct_ctos_key_share(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                                 int *al)

{

#ifndef OPENSSL_NO_TLS1_3

#define F5_WORKAROUND_MIN_MSG_LEN   0xff

#define F5_WORKAROUND_MAX_MSG_LEN   0x200

int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

int tls_construct_ctos_padding(SSL *s, WPACKET *pkt, X509 *x, size_t chainidx,

                               int *al)

{

    unsigned char *padbytes;

/*

 * Parse the server's renegotiation binding and abort if it's not right

 */

int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                               int *al)

{

    size_t expected_len = s->s3->previous_client_finished_len

    return 1;

}

int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                               int *al)

{

    if (s->tlsext_hostname == NULL || PACKET_remaining(pkt) > 0) {

}

#ifndef OPENSSL_NO_EC

int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                                 int *al)

{

    unsigned int ecpointformatlist_length;

}

#endif

int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                                  int *al)

{

    if (s->tls_session_ticket_ext_cb != NULL &&

}

#ifndef OPENSSL_NO_OCSP

int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                                  int *al)

{

    /*

        /* We only know how to handle this if it's for the first Certificate in

         * the chain. We ignore any other repsonses.

         */

        if (chain != 0)

        if (chainidx != 0)

            return 1;

        return tls_process_cert_status_body(s, pkt, al);

    }

#ifndef OPENSSL_NO_CT

int tls_parse_stoc_sct(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_stoc_sct(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    /*

     * Only take it if we asked for it - i.e if there is no CT validation

    return 1;

}

int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_stoc_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    unsigned char *selected;

    unsigned char selected_len;

}

#endif

int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    size_t len;

}

#ifndef OPENSSL_NO_SRTP

int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                            int *al)

{

    unsigned int id, ct, mki;

    int i;

}

#endif

int tls_parse_stoc_etm(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_stoc_etm(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    /* Ignore if inappropriate ciphersuite */

    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)

    return 1;

}

int tls_parse_stoc_ems(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_stoc_ems(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;

    if (!s->hit)

    return 1;

}

int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                             int *al)

{

#ifndef OPENSSL_NO_TLS1_3

/*

 * Parse the client's renegotiation binding and abort if it's not right

 */

int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                               int *al)

{

    unsigned int ilen;

 *   extension.

 * - On session reconnect, the servername extension may be absent.

 */

int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                               int *al)

{

    unsigned int servname_type;

}

#ifndef OPENSSL_NO_SRP

int tls_parse_ctos_srp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_ctos_srp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    PACKET srp_I;

#endif

#ifndef OPENSSL_NO_EC

int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                                 int *al)

{

    PACKET ec_point_format_list;

}

#endif                          /* OPENSSL_NO_EC */

int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                                  int *al)

{

    if (s->tls_session_ticket_ext_cb &&

    return 1;

}

int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                            int *al)

{

    PACKET supported_sig_algs;

}

#ifndef OPENSSL_NO_OCSP

int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                                  int *al)

{

    PACKET responder_id_list, exts;

#endif

#ifndef OPENSSL_NO_NEXTPROTONEG

int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_ctos_npn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    /*

     * We shouldn't accept this extension on a

 * extension, not including type and length. |al| is a pointer to the alert

 * value to send in the event of a failure. Returns: 1 on success, 0 on error.

 */

int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    PACKET protocol_list, save_protocol_list, protocol;

}

#ifndef OPENSSL_NO_SRTP

int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                            int *al)

{

    STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;

    unsigned int ct, mki_len, id;

}

#endif

int tls_parse_ctos_etm(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_ctos_etm(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))

        s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;

 * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.

 * If a failure occurs then |*al| is set to an appropriate alert value.

 */

int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chain,

int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, X509 *x, size_t chainidx,

                             int *al)

{

#ifndef OPENSSL_NO_TLS1_3

}

#ifndef OPENSSL_NO_EC

int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x, size_t chain,

                                    int *al)

int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, X509 *x,

                                    size_t chainidx, int *al)

{

    PACKET supported_groups_list;

}

#endif

int tls_parse_ctos_ems(SSL *s, PACKET *pkt, X509 *x, size_t chain, int *al)

int tls_parse_ctos_ems(SSL *s, PACKET *pkt, X509 *x, size_t chainidx, int *al)

{

    /* The extension must always be empty */

    if (PACKET_remaining(pkt) != 0) {

/*

 * Add the server's renegotiation binding

 */

int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

                                   int *al)

int tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, X509 *x, size_t

                                   chainidx, int *al)

{

    if (!s->s3->send_connection_binding)

        return 1;

    return 1;

}

int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x, size_t chain,

                                   int *al)

int tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, X509 *x,