Promote SNI macros to functions.
BUG=404754
Change-Id: I2b2e27f3db0c97f2db65ca5e226c6488d2bee2fc
Reviewed-on: https://boringssl-review.googlesource.com/4570
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata
index 7dbe199..0157072 100644
--- a/crypto/err/ssl.errordata
+++ b/crypto/err/ssl.errordata
@@ -38,6 +38,7 @@
SSL,function,133,SSL_set_fd
SSL,function,134,SSL_set_rfd
SSL,function,135,SSL_set_session_id_context
+SSL,function,274,SSL_set_tlsext_host_name
SSL,function,270,SSL_set_tmp_dh
SSL,function,271,SSL_set_tmp_ecdh
SSL,function,136,SSL_set_wfd
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9edc859..4ee2084 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1571,8 +1571,6 @@
#define SSL_CTRL_EXTRA_CHAIN_CERT 14
/* see tls1.h for macros based on these */
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
-#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
@@ -2415,6 +2413,8 @@
#define SSL_CTRL_SET_MAX_CERT_LIST doesnt_exist
#define SSL_CTRL_SET_MAX_SEND_FRAGMENT doesnt_exist
#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB doesnt_exist
+#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG doesnt_exist
+#define SSL_CTRL_SET_TLSEXT_HOSTNAME doesnt_exist
#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB doesnt_exist
#define DTLS_CTRL_GET_TIMEOUT doesnt_exist
#define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist
@@ -2462,6 +2462,8 @@
#define SSL_set_max_send_fragment SSL_set_max_send_fragment
#define SSL_CTX_set_tlsext_servername_callback \
SSL_CTX_set_tlsext_servername_callback
+#define SSL_CTX_set_tlsext_servername_arg SSL_CTX_set_tlsext_servername_arg
+#define SSL_set_tlsext_host_name SSL_set_tlsext_host_name
#define SSL_CTX_set_tlsext_ticket_key_cb SSL_CTX_set_tlsext_ticket_key_cb
#define DTLSv1_get_timeout DTLSv1_get_timeout
#define DTLSv1_handle_timeout DTLSv1_handle_timeout
@@ -2675,6 +2677,7 @@
#define SSL_F_SSL_set_tmp_ecdh 271
#define SSL_F_SSL_CTX_set1_tls_channel_id 272
#define SSL_F_SSL_set1_tls_channel_id 273
+#define SSL_F_SSL_set_tlsext_host_name 274
#define SSL_R_APP_DATA_IN_HANDSHAKE 100
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
#define SSL_R_BAD_ALERT 102
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 707bf80..94c79db 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -317,9 +317,9 @@
int *phash, int *psignandhash,
uint8_t *rsig, uint8_t *rhash);
-#define SSL_set_tlsext_host_name(s, name) \
- SSL_ctrl(s, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, \
- (char *)name)
+/* SSL_set_tlsext_host_name, for a client, configures |ssl| to advertise |name|
+ * in the server_name extension. It returns one on success and zero on error. */
+OPENSSL_EXPORT int SSL_set_tlsext_host_name(SSL *ssl, const char *name);
/* SSL_CTX_set_tlsext_servername_callback configures |callback| to be called on
* the server after ClientHello extensions have been parsed and returns one.
@@ -336,8 +336,9 @@
#define SSL_TLSEXT_ERR_ALERT_FATAL 2
#define SSL_TLSEXT_ERR_NOACK 3
-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG, 0, (void *)arg)
+/* SSL_CTX_set_tlsext_servername_arg sets the argument to the servername
+ * callback and returns one. See |SSL_CTX_set_tlsext_servername_callback|. */
+OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
SSL_CTX_ctrl((ctx), SSL_CTRL_GET_TLSEXT_TICKET_KEYS, (keylen), (keys))
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index fc3a3a6..1131ddb 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -686,35 +686,30 @@
return 64;
}
+int SSL_set_tlsext_host_name(SSL *ssl, const char *name) {
+ OPENSSL_free(ssl->tlsext_hostname);
+ ssl->tlsext_hostname = NULL;
+
+ if (name == NULL) {
+ return 1;
+ }
+ if (strlen(name) > TLSEXT_MAXLEN_host_name) {
+ OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name,
+ SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+ return 0;
+ }
+ ssl->tlsext_hostname = BUF_strdup(name);
+ if (ssl->tlsext_hostname == NULL) {
+ OPENSSL_PUT_ERROR(SSL, SSL_set_tlsext_host_name, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+}
+
long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) {
int ret = 0;
switch (cmd) {
- case SSL_CTRL_SET_TLSEXT_HOSTNAME:
- if (larg == TLSEXT_NAMETYPE_host_name) {
- OPENSSL_free(s->tlsext_hostname);
- s->tlsext_hostname = NULL;
-
- ret = 1;
- if (parg == NULL) {
- break;
- }
- if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
- OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
- return 0;
- }
- s->tlsext_hostname = BUF_strdup((char *) parg);
- if (s->tlsext_hostname == NULL) {
- OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- } else {
- OPENSSL_PUT_ERROR(SSL, ssl3_ctrl,
- SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
- return 0;
- }
- break;
-
case SSL_CTRL_CHAIN:
if (larg) {
return ssl_cert_set1_chain(s->cert, (STACK_OF(X509) *)parg);
@@ -842,10 +837,6 @@
cert = ctx->cert;
switch (cmd) {
- case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
- ctx->tlsext_servername_arg = parg;
- break;
-
case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: {
uint8_t *keys = parg;
@@ -947,6 +938,11 @@
return 1;
}
+int SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) {
+ ctx->tlsext_servername_arg = arg;
+ return 1;
+}
+
int SSL_CTX_set_tlsext_ticket_key_cb(
SSL_CTX *ctx, int (*callback)(SSL *ssl, uint8_t *key_name, uint8_t *iv,
EVP_CIPHER_CTX *ctx, HMAC_CTX *hmac_ctx,
