Move client construction of ClientHello extensions into new framework

# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE             407

# define SSL_F_TLS_CONSTRUCT_CKE_RSA                      409

# define SSL_F_TLS_CONSTRUCT_CKE_SRP                      410

# define SSL_F_TLS_CONSTRUCT_CLIENT_ALPN                  466

# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE           355

# define SSL_F_TLS_CONSTRUCT_CLIENT_EC_PT_FORMATS         467

# define SSL_F_TLS_CONSTRUCT_CLIENT_EMS                   468

# define SSL_F_TLS_CONSTRUCT_CLIENT_ETM                   469

# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO                 356

# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE          357

# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE             470

# define SSL_F_TLS_CONSTRUCT_CLIENT_NPN                   471

# define SSL_F_TLS_CONSTRUCT_CLIENT_PADDING               472

# define SSL_F_TLS_CONSTRUCT_CLIENT_RENEGOTIATE           473

# define SSL_F_TLS_CONSTRUCT_CLIENT_SCT                   474

# define SSL_F_TLS_CONSTRUCT_CLIENT_SERVER_NAME           475

# define SSL_F_TLS_CONSTRUCT_CLIENT_SESSION_TICKET        476

# define SSL_F_TLS_CONSTRUCT_CLIENT_SIG_ALGS              477

# define SSL_F_TLS_CONSTRUCT_CLIENT_SRP                   478

# define SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST        479

# define SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_GROUPS      480

# define SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS    481

# define SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP              482

# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                358

# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS         443

# define SSL_F_TLS_CONSTRUCT_EXTENSIONS                   447

     "tls_construct_cke_psk_preamble"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_RSA), "tls_construct_cke_rsa"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CKE_SRP), "tls_construct_cke_srp"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_ALPN), "tls_construct_client_alpn"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE),

     "tls_construct_client_certificate"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_EC_PT_FORMATS),

     "tls_construct_client_ec_pt_formats"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_EMS), "tls_construct_client_ems"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_ETM), "tls_construct_client_etm"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_HELLO),

     "tls_construct_client_hello"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE),

     "tls_construct_client_key_exchange"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_KEY_SHARE),

     "tls_construct_client_key_share"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_NPN), "tls_construct_client_npn"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_PADDING),

     "tls_construct_client_padding"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_RENEGOTIATE),

     "tls_construct_client_renegotiate"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SCT), "tls_construct_client_sct"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SERVER_NAME),

     "tls_construct_client_server_name"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SESSION_TICKET),

     "tls_construct_client_session_ticket"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SIG_ALGS),

     "tls_construct_client_sig_algs"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SRP), "tls_construct_client_srp"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_STATUS_REQUEST),

     "tls_construct_client_status_request"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_GROUPS),

     "tls_construct_client_supported_groups"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_SUPPORTED_VERSIONS),

     "tls_construct_client_supported_versions"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_USE_SRTP),

     "tls_construct_client_use_srtp"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY),

     "tls_construct_client_verify"},

    {ERR_FUNC(SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS),

__owur  int tls1_get_curvelist(SSL *s, int sess, const unsigned char **pcurves,

                               size_t *num_curves);

__owur int ssl_add_clienthello_tlsext(SSL *s, WPACKET *pkt, int *al);

void ssl_set_default_md(SSL *s);

__owur int tls1_set_server_sigalgs(SSL *s);

__owur int ssl_check_clienthello_tlsext_late(SSL *s, int *al);

__owur int ssl_parse_serverhello_tlsext(SSL *s, PACKET *pkt);

__owur int ssl_prepare_clienthello_tlsext(SSL *s);

__owur RAW_EXTENSION *tls_get_extension_by_type(RAW_EXTENSION *exts,

                                                size_t numexts,

                                                unsigned int type);

        tls_parse_client_renegotiate,

        tls_parse_server_renegotiate,

        tls_construct_server_renegotiate,

        NULL,

        tls_construct_client_renegotiate,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_SSL3_ALLOWED

        | EXT_TLS1_2_AND_BELOW_ONLY

    },

        tls_parse_client_server_name,

        tls_parse_server_server_name,

        tls_construct_server_server_name,

        NULL,

        tls_construct_client_server_name,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO

        | EXT_TLS1_3_ENCRYPTED_EXTENSIONS

    },

        tls_parse_client_srp,

        NULL,

        NULL,

        NULL,

        tls_construct_client_srp,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY

    },

#endif

        tls_parse_client_ec_pt_formats,

        tls_parse_server_ec_pt_formats,

        tls_construct_server_ec_pt_formats,

        NULL,

        tls_construct_client_ec_pt_formats,

        EXT_CLIENT_HELLO | EXT_TLS1_2_AND_BELOW_ONLY

    },

    {

        tls_parse_client_supported_groups,

        NULL,

        NULL /* TODO(TLS1.3): Need to add this */,

        NULL,

        tls_construct_client_supported_groups,

        EXT_CLIENT_HELLO

        | EXT_TLS1_3_ENCRYPTED_EXTENSIONS

    },

        tls_parse_client_session_ticket,

        tls_parse_server_session_ticket,

        tls_construct_server_session_ticket,

        NULL,

        tls_construct_client_session_ticket,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY

    },

    {

        tls_parse_client_sig_algs,

        NULL,

        NULL,

        NULL,

        tls_construct_client_sig_algs,

        EXT_CLIENT_HELLO

    },

#ifndef OPENSSL_NO_OCSP

    {

        TLSEXT_TYPE_status_request,

        tls_parse_client_status_request,

        tls_parse_server_status_request,

        tls_construct_server_status_request,

        NULL,

        tls_construct_client_status_request,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO

        | EXT_TLS1_3_CERTIFICATE

    },

#endif

#ifndef OPENSSL_NO_NEXTPROTONEG

    {

        TLSEXT_TYPE_next_proto_neg,

        tls_parse_client_npn,

        tls_parse_server_npn,

        tls_construct_server_next_proto_neg,

        NULL,

        tls_construct_client_npn,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY

    },

#endif

        tls_parse_client_alpn,

        tls_parse_server_alpn,

        tls_construct_server_alpn,

        NULL,

        tls_construct_client_alpn,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO

        | EXT_TLS1_3_ENCRYPTED_EXTENSIONS

    },

        tls_parse_client_use_srtp,

        tls_parse_server_use_srtp,

        tls_construct_server_use_srtp,

        NULL,

        tls_construct_client_use_srtp,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO

        | EXT_TLS1_3_ENCRYPTED_EXTENSIONS | EXT_DTLS_ONLY

    },

        tls_parse_client_etm,

        tls_parse_server_etm,

        tls_construct_server_etm,

        NULL,

        tls_construct_client_etm,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY

    },

#ifndef OPENSSL_NO_CT

        NULL,

        tls_parse_server_sct,

        NULL,

        NULL,

        tls_construct_client_sct,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO

        | EXT_TLS1_3_CERTIFICATE

    },

        tls_parse_client_ems,

        tls_parse_server_ems,

        tls_construct_server_ems,

        NULL,

        tls_construct_client_ems,

        EXT_CLIENT_HELLO | EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY

    },

    {

        NULL,

        NULL,

        NULL,

        NULL,

        EXT_CLIENT_HELLO | EXT_TLS_IMPLEMENTATION_ONLY

    },

    {

        TLSEXT_TYPE_padding,

        /* We send this, but don't read it */

        NULL,

        NULL,

        NULL,

        NULL,

        EXT_CLIENT_HELLO

        tls_construct_client_supported_versions,

        EXT_CLIENT_HELLO | EXT_TLS_IMPLEMENTATION_ONLY | EXT_TLS1_3_ONLY

    },

    {

        TLSEXT_TYPE_key_share,

        tls_parse_client_key_share,

        tls_parse_server_key_share,

        tls_construct_server_key_share,

        NULL,

        tls_construct_client_key_share,

        EXT_CLIENT_HELLO | EXT_TLS1_3_SERVER_HELLO

        | EXT_TLS1_3_HELLO_RETRY_REQUEST | EXT_TLS_IMPLEMENTATION_ONLY

        | EXT_TLS1_3_ONLY

        tls_construct_server_cryptopro_bug,

        NULL,

        EXT_TLS1_2_SERVER_HELLO | EXT_TLS1_2_AND_BELOW_ONLY

    },

    {

        /* Last in the list because it must be added as the last extension */

        TLSEXT_TYPE_padding,

        /* We send this, but don't read it */

        NULL,

        NULL,

        NULL,

        tls_construct_client_padding,

        EXT_CLIENT_HELLO

    }

};

{

    size_t loop;

    int addcustom = 0;

    int min_version, max_version = 0, reason;

    /*

     * Normally if something goes wrong during construction its an internal

        return 0;

    }

    if ((context & EXT_CLIENT_HELLO) != 0) {

        reason = ssl_get_client_min_max_version(s, &min_version, &max_version);

        if (reason != 0) {

            SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, reason);

            return 0;

        }

    }

    /* Add custom extensions first */

    if ((context & EXT_CLIENT_HELLO) != 0) {

        custom_ext_init(&s->cert->cli_ext);

        addcustom = 1;

    } else if ((context & EXT_TLS1_2_SERVER_HELLO) != 0) {

        /*

         * We already initialised the custom extensions during ClientHello

         * parsing.

         * 

         * TODO(TLS1.3): We're going to need a new custom extension mechanism

         * for TLS1.3, so that custom extensions can specify which of the

         * multiple message they wish to add themselves to.

         */

        addcustom = 1;

    }

    if (addcustom && !custom_ext_add(s, s->server, pkt, al)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR);

        return 0;

    }

    for (loop = 0; loop < OSSL_NELEM(ext_defs); loop++) {

        int (*construct)(SSL *s, WPACKET *pkt, int *al);

                || (!SSL_IS_TLS13(s)

                    && (ext_defs[loop].context & EXT_TLS1_3_ONLY) != 0

                    && (context & EXT_CLIENT_HELLO) == 0)

                || ((ext_defs[loop].context & EXT_TLS1_3_ONLY) != 0

                    && (context & EXT_CLIENT_HELLO) != 0

                    && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION))

                || construct == NULL)

            continue;

            return 0;

    }

    /* Add custom extensions */

    if ((context & EXT_CLIENT_HELLO) != 0) {

        custom_ext_init(&s->cert->cli_ext);

        addcustom = 1;

    } else if ((context & EXT_TLS1_2_SERVER_HELLO) != 0) {

        /*

         * We already initialised the custom extensions during ClientHello

         * parsing.

         * 

         * TODO(TLS1.3): We're going to need a new custom extension mechanism

         * for TLS1.3, so that custom extensions can specify which of the

         * multiple message they wish to add themselves to.

         */

        addcustom = 1;

    }

    if (addcustom && !custom_ext_add(s, s->server, pkt, al)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR);

        return 0;

    }

    if (!WPACKET_close(pkt)) {

        SSLerr(SSL_F_TLS_CONSTRUCT_EXTENSIONS, ERR_R_INTERNAL_ERROR);

        return 0;