Add client hello callback related functions

This exposes the OpenSSL functions SSL_CTX_set_client_hello_cb,
SSL_client_hello_get0_ext and SSL_client_hello_get1_extensions_present.

These are required to implement to the client hello callback
functionality in pyOpenSSL.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>

Author: schwabe

src/_cffi_src/openssl/ssl.py

@@ -31,6 +31,7 @@
 static const long Cryptography_HAS_SRTP;
 static const long Cryptography_HAS_DTLS_GET_DATA_MTU;
 static const long Cryptography_HAS_SSL_GET0_GROUP_NAME;
+static const long Cryptography_HAS_CLIENT_HELLO_CB;
 
 static const long SSL_FILETYPE_PEM;
 static const long SSL_FILETYPE_ASN1;
@@ -391,6 +392,18 @@
 int DTLSv1_listen(SSL *, BIO_ADDR *);
 size_t DTLS_get_data_mtu(SSL *);
 
+/* Client hello callback support */
+void SSL_CTX_set_client_hello_cb(
+    SSL_CTX *c,
+    int (*)(SSL *, int *, void *),
+    void *arg);
+int SSL_client_hello_get1_extensions_present(
+    SSL *s, int **out,
+    size_t *outlen);
+int SSL_client_hello_get0_ext(
+    SSL *s, unsigned int type,
+    const unsigned char **out,
+    size_t *outlen);
 
 /* Custom extensions. */
 typedef int (*custom_ext_add_cb)(SSL *, unsigned int,
@@ -685,4 +698,21 @@
 static const long Cryptography_HAS_SSL_GET0_GROUP_NAME = 0;
 const char *(*SSL_get0_group_name)(SSL *) = NULL;
 #endif
+
+#if CRYPTOGRAPHY_IS_LIBRESSL || CRYPTOGRAPHY_IS_BORINGSSL
+static const long Cryptography_HAS_CLIENT_HELLO_CB = 0;
+void (*SSL_CTX_set_client_hello_cb)(
+    SSL_CTX *c,
+    int (*)(SSL *, int *, void *),
+    void *arg) = NULL;
+int (*SSL_client_hello_get1_extensions_present)(
+    SSL *s, int **out,
+    size_t *outlen) = NULL;
+int (*SSL_client_hello_get0_ext)(
+    SSL *s, unsigned int type,
+    const unsigned char **out,
+    size_t *outlen) = NULL;
+#else
+static const long Cryptography_HAS_CLIENT_HELLO_CB = 1;
+#endif
 """

src/cryptography/hazmat/bindings/openssl/_conditional.py

@@ -164,6 +164,12 @@ def cryptography_has_get_extms_support() -> list[str]:
 def cryptography_has_ssl_get0_group_name() -> list[str]:
     return ["SSL_get0_group_name"]
 
+def cryptography_has_client_hello_cb() -> list[str]:
+    return [
+        "SSL_CTX_set_client_hello_cb",
+        "SSL_client_hello_get1_extensions_present",
+        "SSL_client_hello_get0_ext"
+    ]
 
 # This is a mapping of
 # {condition: function-returning-names-dependent-on-that-condition} so we can
@@ -204,4 +210,5 @@ def cryptography_has_ssl_get0_group_name() -> list[str]:
     "Cryptography_HAS_SSL_GET0_GROUP_NAME": (
         cryptography_has_ssl_get0_group_name
     ),
+    "Cryptography_HAS_CLIENT_HELLO_CB": cryptography_has_client_hello_cb,
 }