Rename some functions

# define SSL_F_TLS_CONSTRUCT_SERVER_USE_SRTP              462

# define SSL_F_TLS_GET_MESSAGE_BODY                       351

# define SSL_F_TLS_GET_MESSAGE_HEADER                     387

# define SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE            445

# define SSL_F_TLS_PARSE_CLIENTHELLO_RENEGOTIATE          448

# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT               449

# define SSL_F_TLS_PARSE_CLIENTHELLO_USE_SRTP             446

# define SSL_F_TLS_PARSE_CLIENT_KEY_SHARE                 445

# define SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE               448

# define SSL_F_TLS_PARSE_CLIENT_USE_SRTP                  446

# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO              378

# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE       384

# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE             360

     "tls_construct_server_use_srtp"},

    {ERR_FUNC(SSL_F_TLS_GET_MESSAGE_BODY), "tls_get_message_body"},

    {ERR_FUNC(SSL_F_TLS_GET_MESSAGE_HEADER), "tls_get_message_header"},

    {ERR_FUNC(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE),

     "tls_parse_clienthello_key_share"},

    {ERR_FUNC(SSL_F_TLS_PARSE_CLIENTHELLO_RENEGOTIATE),

     "tls_parse_clienthello_renegotiate"},

    {ERR_FUNC(SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT),

     "tls_parse_clienthello_tlsext"},

    {ERR_FUNC(SSL_F_TLS_PARSE_CLIENTHELLO_USE_SRTP),

     "tls_parse_clienthello_use_srtp"},

    {ERR_FUNC(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE),

     "tls_parse_client_key_share"},

    {ERR_FUNC(SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE),

     "tls_parse_client_renegotiate"},

    {ERR_FUNC(SSL_F_TLS_PARSE_CLIENT_USE_SRTP), "tls_parse_client_use_srtp"},

    {ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_HELLO),

     "tls_post_process_client_hello"},

    {ERR_FUNC(SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE),

static const EXTENSION_DEFINITION ext_defs[] = {

    {

        TLSEXT_TYPE_renegotiate,

        tls_parse_clienthello_renegotiate,

        tls_parse_client_renegotiate,

        NULL,

        tls_construct_server_renegotiate,

        NULL,

    },

    {

        TLSEXT_TYPE_server_name,

        tls_parse_clienthello_server_name,

        tls_parse_client_server_name,

        NULL,

        tls_construct_server_server_name,

        NULL,

#ifndef OPENSSL_NO_SRP

    {

        TLSEXT_TYPE_srp,

        tls_parse_clienthello_srp,

        tls_parse_client_srp,

        NULL,

        NULL,

        NULL,

#ifndef OPENSSL_NO_EC

    {

        TLSEXT_TYPE_ec_point_formats,

        tls_parse_clienthello_ec_pt_formats,

        tls_parse_client_ec_pt_formats,

        NULL,

        tls_construct_server_ec_pt_formats,

        NULL,

    },

    {

        TLSEXT_TYPE_supported_groups,

        tls_parse_clienthello_supported_groups,

        tls_parse_client_supported_groups,

        NULL,

        NULL /* TODO(TLS1.3): Need to add this */,

        NULL,

#endif

    {

        TLSEXT_TYPE_session_ticket,

        tls_parse_clienthello_session_ticket,

        tls_parse_client_session_ticket,

        NULL,

        tls_construct_server_session_ticket,

        NULL,

    },

    {

        TLSEXT_TYPE_signature_algorithms,

        tls_parse_clienthello_sig_algs,

        tls_parse_client_sig_algs,

        NULL,

        NULL,

        NULL,

    },

    {

        TLSEXT_TYPE_status_request,

        tls_parse_clienthello_status_request,

        tls_parse_client_status_request,

        NULL,

        tls_construct_server_status_request,

        NULL,

#ifndef OPENSSL_NO_NEXTPROTONEG

    {

        TLSEXT_TYPE_next_proto_neg,

        tls_parse_clienthello_npn,

        tls_parse_client_npn,

        NULL,

        tls_construct_server_next_proto_neg,

        NULL,

#endif

    {

        TLSEXT_TYPE_application_layer_protocol_negotiation,

        tls_parse_clienthello_alpn,

        tls_parse_client_alpn,

        NULL,

        tls_construct_server_alpn,

        NULL,

#ifndef OPENSSL_NO_SRTP

    {

        TLSEXT_TYPE_use_srtp,

        tls_parse_clienthello_use_srtp,

        tls_parse_client_use_srtp,

        NULL,

        tls_construct_server_use_srtp,

        NULL,

#endif

    {

        TLSEXT_TYPE_encrypt_then_mac,

        tls_parse_clienthello_etm,

        tls_parse_client_etm,

        NULL,

        tls_construct_server_etm,

        NULL,

    },

    {

        TLSEXT_TYPE_extended_master_secret,

        tls_parse_clienthello_ems,

        tls_parse_client_ems,

        NULL,

        tls_construct_server_ems,

        NULL,

    },

    {

        TLSEXT_TYPE_key_share,

        tls_parse_clienthello_key_share,

        tls_parse_client_key_share,

        NULL,

        tls_construct_server_key_share,

        NULL,

/*

 * Parse the client's renegotiation binding and abort if it's not right

 */

int tls_parse_clienthello_renegotiate(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_renegotiate(SSL *s, PACKET *pkt, int *al)

{

    unsigned int ilen;

    const unsigned char *data;

    /* Parse the length byte */

    if (!PACKET_get_1(pkt, &ilen)

        || !PACKET_get_bytes(pkt, &data, ilen)) {

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_RENEGOTIATE,

        SSLerr(SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE,

               SSL_R_RENEGOTIATION_ENCODING_ERR);

        *al = SSL_AD_ILLEGAL_PARAMETER;

        return 0;

    /* Check that the extension matches */

    if (ilen != s->s3->previous_client_finished_len) {

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_RENEGOTIATE,

        SSLerr(SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE,

               SSL_R_RENEGOTIATION_MISMATCH);

        *al = SSL_AD_HANDSHAKE_FAILURE;

        return 0;

    if (memcmp(data, s->s3->previous_client_finished,

               s->s3->previous_client_finished_len)) {

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_RENEGOTIATE,

        SSLerr(SSL_F_TLS_PARSE_CLIENT_RENEGOTIATE,

               SSL_R_RENEGOTIATION_MISMATCH);

        *al = SSL_AD_HANDSHAKE_FAILURE;

        return 0;

    return 1;

}

int tls_parse_clienthello_server_name(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_server_name(SSL *s, PACKET *pkt, int *al)

{

    unsigned int servname_type;

    PACKET sni, hostname;

}

#ifndef OPENSSL_NO_SRP

int tls_parse_clienthello_srp(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_srp(SSL *s, PACKET *pkt, int *al)

{

    PACKET srp_I;

#endif

#ifndef OPENSSL_NO_EC

int tls_parse_clienthello_ec_pt_formats(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_ec_pt_formats(SSL *s, PACKET *pkt, int *al)

{

    PACKET ec_point_format_list;

}

#endif                          /* OPENSSL_NO_EC */

int tls_parse_clienthello_session_ticket(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_session_ticket(SSL *s, PACKET *pkt, int *al)

{

    if (s->tls_session_ticket_ext_cb &&

            !s->tls_session_ticket_ext_cb(s, PACKET_data(pkt),

    return 1;

}

int tls_parse_clienthello_sig_algs(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_sig_algs(SSL *s, PACKET *pkt, int *al)

{

    PACKET supported_sig_algs;

    return 1;

}

int tls_parse_clienthello_status_request(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_status_request(SSL *s, PACKET *pkt, int *al)

{

    if (!PACKET_get_1(pkt, (unsigned int *)&s->tlsext_status_type)) {

        *al = SSL_AD_DECODE_ERROR;

}

#ifndef OPENSSL_NO_NEXTPROTONEG

int tls_parse_clienthello_npn(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_npn(SSL *s, PACKET *pkt, int *al)

{

    if (s->s3->tmp.finish_md_len == 0) {

        /*-

 * al: a pointer to the  alert value to send in the event of a failure.

 * returns: 1 on success, 0 on error.

 */

int tls_parse_clienthello_alpn(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_alpn(SSL *s, PACKET *pkt, int *al)

{

    PACKET protocol_list, save_protocol_list, protocol;

}

#ifndef OPENSSL_NO_SRTP

int tls_parse_clienthello_use_srtp(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_use_srtp(SSL *s, PACKET *pkt, int *al)

{

    SRTP_PROTECTION_PROFILE *sprof;

    STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;

    /* Pull off the length of the cipher suite list  and check it is even */

    if (!PACKET_get_net_2(pkt, &ct)

        || (ct & 1) != 0 || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_USE_SRTP,

        SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP,

               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);

        *al = SSL_AD_DECODE_ERROR;

        return 0;

    while (PACKET_remaining(&subpkt)) {

        if (!PACKET_get_net_2(&subpkt, &id)) {

            SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_USE_SRTP,

            SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP,

                   SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);

            *al = SSL_AD_DECODE_ERROR;

            return 0;

     * Now extract the MKI value as a sanity check, but discard it for now

     */

    if (!PACKET_get_1(pkt, &mki_len)) {

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_USE_SRTP,

        SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP,

               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);

        *al = SSL_AD_DECODE_ERROR;

        return 0;

    if (!PACKET_forward(pkt, mki_len)

        || PACKET_remaining(pkt)) {

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_USE_SRTP, SSL_R_BAD_SRTP_MKI_VALUE);

        SSLerr(SSL_F_TLS_PARSE_CLIENT_USE_SRTP, SSL_R_BAD_SRTP_MKI_VALUE);

        *al = SSL_AD_DECODE_ERROR;

        return 0;

    }

}

#endif

int tls_parse_clienthello_etm(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_etm(SSL *s, PACKET *pkt, int *al)

{

    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))

        s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC;

 * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.

 * If a failure occurs then |*al| is set to an appropriate alert value.

 */

int tls_parse_clienthello_key_share(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_key_share(SSL *s, PACKET *pkt, int *al)

{

    unsigned int group_id;

    PACKET key_share_list, encoded_pt;

    /* Sanity check */

    if (s->s3->peer_tmp != NULL) {

        *al = SSL_AD_INTERNAL_ERROR;

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE, ERR_R_INTERNAL_ERROR);

        SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);

        return 0;

    }

    if (!PACKET_as_length_prefixed_2(pkt, &key_share_list)) {

        *al = SSL_AD_HANDSHAKE_FAILURE;

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE, SSL_R_LENGTH_MISMATCH);

        SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, SSL_R_LENGTH_MISMATCH);

        return 0;

    }

    /* Get our list of supported curves */

    if (!tls1_get_curvelist(s, 0, &srvrcurves, &srvr_num_curves)) {

        *al = SSL_AD_INTERNAL_ERROR;

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE, ERR_R_INTERNAL_ERROR);

        SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);

        return 0;

    }

    /* Get the clients list of supported curves */

    if (!tls1_get_curvelist(s, 1, &clntcurves, &clnt_num_curves)) {

        *al = SSL_AD_INTERNAL_ERROR;

        SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE, ERR_R_INTERNAL_ERROR);

        SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_INTERNAL_ERROR);

        return 0;

    }

                || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)

                || PACKET_remaining(&encoded_pt) == 0) {

            *al = SSL_AD_HANDSHAKE_FAILURE;

            SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE,

            SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE,

                   SSL_R_LENGTH_MISMATCH);

            return 0;

        }

        /* Check if this share is in supported_groups sent from client */

        if (!check_in_list(s, group_id, clntcurves, clnt_num_curves, 0)) {

            *al = SSL_AD_HANDSHAKE_FAILURE;

            SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE, SSL_R_BAD_KEY_SHARE);

            SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, SSL_R_BAD_KEY_SHARE);

            return 0;

        }

        if (group_nid == 0) {

            *al = SSL_AD_INTERNAL_ERROR;

            SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE,

            SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE,

                   SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);

            return 0;

        }

            if (key == NULL || !EVP_PKEY_set_type(key, group_nid)) {

                *al = SSL_AD_INTERNAL_ERROR;

                SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE, ERR_R_EVP_LIB);

                SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_EVP_LIB);

                EVP_PKEY_free(key);

                return 0;

            }

                                                              group_nid) <= 0

                    || EVP_PKEY_paramgen(pctx, &s->s3->peer_tmp) <= 0) {

                *al = SSL_AD_INTERNAL_ERROR;

                SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE, ERR_R_EVP_LIB);

                SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, ERR_R_EVP_LIB);

                EVP_PKEY_CTX_free(pctx);

                return 0;

            }

                PACKET_data(&encoded_pt),

                PACKET_remaining(&encoded_pt))) {

            *al = SSL_AD_DECODE_ERROR;

            SSLerr(SSL_F_TLS_PARSE_CLIENTHELLO_KEY_SHARE, SSL_R_BAD_ECPOINT);

            SSLerr(SSL_F_TLS_PARSE_CLIENT_KEY_SHARE, SSL_R_BAD_ECPOINT);

            return 0;

        }

}

#ifndef OPENSSL_NO_EC

int tls_parse_clienthello_supported_groups(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_supported_groups(SSL *s, PACKET *pkt, int *al)

{

    PACKET supported_groups_list;

}

#endif

int tls_parse_clienthello_ems(SSL *s, PACKET *pkt, int *al)

int tls_parse_client_ems(SSL *s, PACKET *pkt, int *al)

{

    /* The extension must always be empty */

    if (PACKET_remaining(pkt) != 0) {

                                    int *al);

/* Server Extension processing */

int tls_parse_clienthello_renegotiate(SSL *s, PACKET *pkt, int *al);

int tls_parse_clienthello_server_name(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_renegotiate(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_server_name(SSL *s, PACKET *pkt, int *al);

#ifndef OPENSSL_NO_SRP

int tls_parse_clienthello_srp(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_srp(SSL *s, PACKET *pkt, int *al);

#endif

#ifndef OPENSSL_NO_EC

int tls_parse_clienthello_ec_pt_formats(SSL *s, PACKET *pkt, int *al);

int tls_parse_clienthello_supported_groups(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_ec_pt_formats(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_supported_groups(SSL *s, PACKET *pkt, int *al);

#endif

int tls_parse_clienthello_session_ticket(SSL *s, PACKET *pkt, int *al);

int tls_parse_clienthello_sig_algs(SSL *s, PACKET *pkt, int *al);

int tls_parse_clienthello_status_request(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_session_ticket(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_sig_algs(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_status_request(SSL *s, PACKET *pkt, int *al);

#ifndef OPENSSL_NO_NEXTPROTONEG

int tls_parse_clienthello_npn(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_npn(SSL *s, PACKET *pkt, int *al);

#endif

int tls_parse_clienthello_alpn(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_alpn(SSL *s, PACKET *pkt, int *al);

#ifndef OPENSSL_NO_SRTP

int tls_parse_clienthello_use_srtp(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_use_srtp(SSL *s, PACKET *pkt, int *al);

#endif

int tls_parse_clienthello_etm(SSL *s, PACKET *pkt, int *al);

int tls_parse_clienthello_key_share(SSL *s, PACKET *pkt, int *al);

int tls_parse_clienthello_ems(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_etm(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_key_share(SSL *s, PACKET *pkt, int *al);

int tls_parse_client_ems(SSL *s, PACKET *pkt, int *al);

int tls_construct_server_renegotiate(SSL *s, WPACKET *pkt, int *al);

int tls_construct_server_server_name(SSL *s, WPACKET *pkt, int *al);