kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Promote SNI macros to functions.

Browse Source 
BUG=404754

Change-Id: I2b2e27f3db0c97f2db65ca5e226c6488d2bee2fc
Reviewed-on: https://boringssl-review.googlesource.com/4570
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2015-04-28 00:43:39 -04:00 committed by Adam Langley
parent c2807582fd
commit 7133d428dd
4 changed files with 37 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
crypto/err/ssl.errordata
View File

@ -38,6 +38,7 @@ SSL,function,132,SSL_set_cipher_list
SSL,function,133,SSL_set_fd
SSL,function,134,SSL_set_rfd
SSL,function,135,SSL_set_session_id_context
SSL,function,274,SSL_set_tlsext_host_name
SSL,function,270,SSL_set_tmp_dh
SSL,function,271,SSL_set_tmp_ecdh
SSL,function,136,SSL_set_wfd

7
include/openssl/ssl.h
View File

@ -1571,8 +1571,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_EXTRA_CHAIN_CERT 14
/* see tls1.h for macros based on these */
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
@ -2415,6 +2413,8 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist
#define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist
#define DTLS_CTRL_GET_TIMEOUT doesnt_exist
#define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist
@ -2462,6 +2462,8 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_set_max_send_fragment SSL_set_max_send_fragment
#define SSL_CTX_set_tlsext_servername_callback \
SSL_CTX_set_tlsext_servername_callback
#define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg
#define SSL_set_tlsext_host_name SSL_set_tlsext_host_name
#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb
#define DTLSv1_get_timeout DTLSv1_get_timeout
#define DTLSv1_handle_timeout DTLSv1_handle_timeout
@ -2675,6 +2677,7 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused);
#define SSL_F_SSL_set_tmp_ecdh 271
#define SSL_F_SSL_CTX_set1_tls_channel_id 272
#define SSL_F_SSL_set1_tls_channel_id 273
#define SSL_F_SSL_set_tlsext_host_name 274
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
#define SSL_R_BAD_ALERT 102

11
include/openssl/tls1.h
View File

@ -317,9 +317,9 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign,
int *phash, int *psignandhash,
uint8_t *rsig, uint8_t *rhash);
#define SSL_set_tlsext_host_name(s, name) \
SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \
(char *)name)
/* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name|
* in the server_name extension. It returns one on success and zero on error. */
OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name);
/* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on
* the server after ClientHello extensions have been parsed and returns one.
@ -336,8 +336,9 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback(
#define SSL_TLSEXT_ERR_ALERT_FATAL 2
#define SSL_TLSEXT_ERR_NOACK 3
#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, (void *)arg)
/* SSL_CTX_set_tlsext_servername_arg sets the argument to the servername
* callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */
OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys))

54
ssl/s3_lib.c
View File

@ -686,35 +686,30 @@ size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) {
return 64;
}
int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
OPENSSL_free(ssl->tlsext_hostname);
ssl->tlsext_hostname = NULL;
if (name == NULL) {
return 1;
}
if (strlen(name) > TLSEXT_MAXLEN_host_name) {
OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name,
SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
ssl->tlsext_hostname = BUF_strdup(name);
if (ssl->tlsext_hostname == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name, ERR_R_MALLOC_FAILURE);
return 0;
}
return 1;
}
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {
int ret = 0;
switch (cmd) {
case SSL_CTRL_SET_TLSEXT_HOSTNAME:
if (larg == TLSEXT_NAMETYPE_host_name) {
OPENSSL_free(s->tlsext_hostname);
s->tlsext_hostname = NULL;
ret = 1;
if (parg == NULL) {
break;
}
if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
return 0;
}
s->tlsext_hostname = BUF_strdup((char *) parg);
if (s->tlsext_hostname == NULL) {
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR);
return 0;
}
} else {
OPENSSL_PUT_ERROR(SSL, ssl3_ctrl,
SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
return 0;
}
break;
case SSL_CTRL_CHAIN:
if (larg) {
return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);
@ -842,10 +837,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) {
cert = ctx->cert;
switch (cmd) {
case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
ctx->tlsext_servername_arg = parg;
break;
case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: {
uint8_t *keys = parg;
@ -947,6 +938,11 @@ int SSL_CTX_set_tlsext_servername_callback(
return 1;
}
int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {
ctx->tlsext_servername_arg = arg;
return 1;
}
int SSL_CTX_set_tlsext_ticket_key_cb(
SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,