diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index 7dbe199f..0157072f 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata @@ -38,6 +38,7 @@ SSL,function,132,SSL_set_cipher_list SSL,function,133,SSL_set_fd SSL,function,134,SSL_set_rfd SSL,function,135,SSL_set_session_id_context +SSL,function,274,SSL_set_tlsext_host_name SSL,function,270,SSL_set_tmp_dh SSL,function,271,SSL_set_tmp_ecdh SSL,function,136,SSL_set_wfd diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9edc859e..4ee20843 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1571,8 +1571,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) #define SSL_CTRL_EXTRA_CHAIN_CERT 14 /* see tls1.h for macros based on these */ -#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 #define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 @@ -2415,6 +2413,8 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused); #define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist #define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist #define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist +#define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist #define DTLS_CTRL_GET_TIMEOUT doesnt_exist #define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist @@ -2462,6 +2462,8 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused); #define SSL_set_max_send_fragment SSL_set_max_send_fragment #define SSL_CTX_set_tlsext_servername_callback \ SSL_CTX_set_tlsext_servername_callback +#define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg +#define SSL_set_tlsext_host_name SSL_set_tlsext_host_name #define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb #define DTLSv1_get_timeout DTLSv1_get_timeout #define DTLSv1_handle_timeout DTLSv1_handle_timeout @@ -2675,6 +2677,7 @@ OPENSSL_EXPORT const char *SSLeay_version(int unused); #define SSL_F_SSL_set_tmp_ecdh 271 #define SSL_F_SSL_CTX_set1_tls_channel_id 272 #define SSL_F_SSL_set1_tls_channel_id 273 +#define SSL_F_SSL_set_tlsext_host_name 274 #define SSL_R_APP_DATA_IN_HANDSHAKE 100 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 #define SSL_R_BAD_ALERT 102 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 707bf805..94c79dbf 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -317,9 +317,9 @@ OPENSSL_EXPORT int SSL_get_shared_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignandhash, uint8_t *rsig, uint8_t *rhash); -#define SSL_set_tlsext_host_name(s, name) \ - SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \ - (char *)name) +/* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name| + * in the server_name extension. It returns one on success and zero on error. */ +OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name); /* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on * the server after ClientHello extensions have been parsed and returns one. @@ -336,8 +336,9 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( #define SSL_TLSEXT_ERR_ALERT_FATAL 2 #define SSL_TLSEXT_ERR_NOACK 3 -#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ - SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, (void *)arg) +/* SSL_CTX_set_tlsext_servername_arg sets the argument to the servername + * callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */ +OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg); #define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys)) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index fc3a3a6f..1131ddbc 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -686,35 +686,30 @@ size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out, size_t max_out) { return 64; } +int SSL_set_tlsext_host_name(SSL *ssl, const char *name) { + OPENSSL_free(ssl->tlsext_hostname); + ssl->tlsext_hostname = NULL; + + if (name == NULL) { + return 1; + } + if (strlen(name) > TLSEXT_MAXLEN_host_name) { + OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name, + SSL_R_SSL3_EXT_INVALID_SERVERNAME); + return 0; + } + ssl->tlsext_hostname = BUF_strdup(name); + if (ssl->tlsext_hostname == NULL) { + OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name, ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; +} + long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret = 0; switch (cmd) { - case SSL_CTRL_SET_TLSEXT_HOSTNAME: - if (larg == TLSEXT_NAMETYPE_host_name) { - OPENSSL_free(s->tlsext_hostname); - s->tlsext_hostname = NULL; - - ret = 1; - if (parg == NULL) { - break; - } - if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME); - return 0; - } - s->tlsext_hostname = BUF_strdup((char *) parg); - if (s->tlsext_hostname == NULL) { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR); - return 0; - } - } else { - OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, - SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); - return 0; - } - break; - case SSL_CTRL_CHAIN: if (larg) { return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg); @@ -842,10 +837,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { cert = ctx->cert; switch (cmd) { - case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: - ctx->tlsext_servername_arg = parg; - break; - case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: { uint8_t *keys = parg; @@ -947,6 +938,11 @@ int SSL_CTX_set_tlsext_servername_callback( return 1; } +int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) { + ctx->tlsext_servername_arg = arg; + return 1; +} + int SSL_CTX_set_tlsext_ticket_key_cb( SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,