feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #3548 from gstrauss/HAVE_SNI

Browse Source 
put all SNI code behind simpler preprocessor directive HAVE_SNI
This commit is contained in:
toddouska
2020-12-14 16:08:53 -08:00
committed by GitHub
parent bd871280d7 59cefd2c99
commit 43182b9389
7 changed files with 45 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/internal.c
View File

@@ -27982,7 +27982,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
goto out; goto out;
} }
#endif #endif
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) #ifdef HAVE_SNI
if((ret=SNI_Callback(ssl))) if((ret=SNI_Callback(ssl)))
goto out; goto out;
ssl->options.side = WOLFSSL_SERVER_END; ssl->options.side = WOLFSSL_SERVER_END;
@@ -30441,8 +30441,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif /* !WOLFSSL_NO_TLS12 */ #endif /* !WOLFSSL_NO_TLS12 */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ #ifdef HAVE_SNI
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
int SNI_Callback(WOLFSSL* ssl) int SNI_Callback(WOLFSSL* ssl)
{ {
/* Stunnel supports a custom sni callback to switch an SSL's ctx /* Stunnel supports a custom sni callback to switch an SSL's ctx
@@ -30458,7 +30457,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
return 0; return 0;
} }
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif /* HAVE_SNI */
#endif /* NO_WOLFSSL_SERVER */ #endif /* NO_WOLFSSL_SERVER */

10
src/ssl.c
View File

@@ -41400,17 +41400,14 @@ long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
switch (cmd) { switch (cmd) {
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
#ifdef HAVE_SNI
case SSL_CTRL_SET_TLSEXT_HOSTNAME: case SSL_CTRL_SET_TLSEXT_HOSTNAME:
WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME."); WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME.");
#ifdef HAVE_SNI
if (pt == NULL) { if (pt == NULL) {
WOLFSSL_MSG("Passed in NULL Host Name."); WOLFSSL_MSG("Passed in NULL Host Name.");
break; break;
} }
return wolfSSL_set_tlsext_host_name(ssl, (const char*) pt); return wolfSSL_set_tlsext_host_name(ssl, (const char*) pt);
#else
WOLFSSL_MSG("SNI not enabled.");
break;
#endif /* HAVE_SNI */ #endif /* HAVE_SNI */
#endif /* WOLFSSL_NGINX || WOLFSSL_QT || OPENSSL_ALL */ #endif /* WOLFSSL_NGINX || WOLFSSL_QT || OPENSSL_ALL */
default: default:
@@ -42867,6 +42864,8 @@ VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx)
} }
#ifdef HAVE_SNI
void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb) void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb)
{ {
WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback"); WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback");
@@ -42895,6 +42894,9 @@ int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
#endif /* HAVE_SNI */
#ifndef NO_BIO #ifndef NO_BIO
void wolfSSL_ERR_load_BIO_strings(void) { void wolfSSL_ERR_load_BIO_strings(void) {
WOLFSSL_ENTER("ERR_load_BIO_strings"); WOLFSSL_ENTER("ERR_load_BIO_strings");

8
src/tls.c
View File

@@ -9178,9 +9178,11 @@ void TLSX_FreeAll(TLSX* list, void* heap)
switch (extension->type) { switch (extension->type) {
#ifdef HAVE_SNI
case TLSX_SERVER_NAME: case TLSX_SERVER_NAME:
SNI_FREE_ALL((SNI*)extension->data, heap); SNI_FREE_ALL((SNI*)extension->data, heap);
break; break;
#endif
case TLSX_TRUSTED_CA_KEYS: case TLSX_TRUSTED_CA_KEYS:
TCA_FREE_ALL((TCA*)extension->data, heap); TCA_FREE_ALL((TCA*)extension->data, heap);
@@ -9312,11 +9314,13 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
switch (extension->type) { switch (extension->type) {
#ifdef HAVE_SNI
case TLSX_SERVER_NAME: case TLSX_SERVER_NAME:
/* SNI only sends the name on the request. */ /* SNI only sends the name on the request. */
if (isRequest) if (isRequest)
length += SNI_GET_SIZE((SNI*)extension->data); length += SNI_GET_SIZE((SNI*)extension->data);
break; break;
#endif
case TLSX_TRUSTED_CA_KEYS: case TLSX_TRUSTED_CA_KEYS:
/* TCA only sends the list on the request. */ /* TCA only sends the list on the request. */
@@ -9464,12 +9468,14 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
/* extension data should be written internally. */ /* extension data should be written internally. */
switch (extension->type) { switch (extension->type) {
#ifdef HAVE_SNI
case TLSX_SERVER_NAME: case TLSX_SERVER_NAME:
if (isRequest) { if (isRequest) {
WOLFSSL_MSG("SNI extension to write"); WOLFSSL_MSG("SNI extension to write");
offset += SNI_WRITE((SNI*)extension->data, output + offset); offset += SNI_WRITE((SNI*)extension->data, output + offset);
} }
break; break;
#endif
case TLSX_TRUSTED_CA_KEYS: case TLSX_TRUSTED_CA_KEYS:
WOLFSSL_MSG("Trusted CA Indication extension to write"); WOLFSSL_MSG("Trusted CA Indication extension to write");
@@ -10909,6 +10915,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
return BUFFER_ERROR; return BUFFER_ERROR;
switch (type) { switch (type) {
#ifdef HAVE_SNI
case TLSX_SERVER_NAME: case TLSX_SERVER_NAME:
WOLFSSL_MSG("SNI extension received"); WOLFSSL_MSG("SNI extension received");
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_DEBUG_TLS
@@ -10929,6 +10936,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
#endif #endif
ret = SNI_PARSE(ssl, input + offset, size, isRequest); ret = SNI_PARSE(ssl, input + offset, size, isRequest);
break; break;
#endif
case TLSX_TRUSTED_CA_KEYS: case TLSX_TRUSTED_CA_KEYS:
WOLFSSL_MSG("Trusted CA extension received"); WOLFSSL_MSG("Trusted CA extension received");

5
src/tls13.c
View File

@@ -3987,12 +3987,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
} }
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ #ifdef HAVE_SNI
defined(WOLFSSL_HAPROXY)
if ((ret = SNI_Callback(ssl)) != 0) if ((ret = SNI_Callback(ssl)) != 0)
return ret; return ret;
ssl->options.side = WOLFSSL_SERVER_END; ssl->options.side = WOLFSSL_SERVER_END;
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif
i += totalExtSz; i += totalExtSz;
*inOutIdx = i; *inOutIdx = i;

10
wolfssl/internal.h
View File

@@ -1718,9 +1718,11 @@ WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
int ivSz); int ivSz);
WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) #ifdef HAVE_SNI
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
#endif #endif
#endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
word16 sz, const byte* aad, word16 aadSz); word16 sz, const byte* aad, word16 aadSz);
@@ -2168,7 +2170,9 @@ typedef struct Keys {
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
typedef enum { typedef enum {
#ifdef HAVE_SNI
TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
#endif
TLSX_MAX_FRAGMENT_LENGTH = 0x0001, TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
TLSX_TRUSTED_CA_KEYS = 0x0003, TLSX_TRUSTED_CA_KEYS = 0x0003,
TLSX_TRUNCATED_HMAC = 0x0004, TLSX_TRUNCATED_HMAC = 0x0004,
@@ -2828,9 +2832,7 @@ struct WOLFSSL_CTX {
CallbackALPNSelect alpnSelect; CallbackALPNSelect alpnSelect;
void* alpnSelectArg; void* alpnSelectArg;
#endif #endif
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ #ifdef HAVE_SNI
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
CallbackSniRecv sniRecvCb; CallbackSniRecv sniRecvCb;
void* sniRecvCbArg; void* sniRecvCbArg;
#endif #endif

19
wolfssl/ssl.h
View File

@@ -3323,7 +3323,6 @@ WOLFSSL_LOCAL int NIDToEccEnum(int n);
/* end of object functions */ /* end of object functions */
WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line);
WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt);
WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void)); WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void));
WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx); WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx);
@@ -3353,6 +3352,11 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
|| defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
#endif
#ifdef WOLFSSL_WPAS_SMALL #ifdef WOLFSSL_WPAS_SMALL
/* WPA Supplicant requires GEN_ values */ /* WPA Supplicant requires GEN_ values */
#include <wolfssl/openssl/x509v3.h> #include <wolfssl/openssl/x509v3.h>
@@ -3557,9 +3561,6 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
#include <wolfssl/openssl/crypto.h> #include <wolfssl/openssl/crypto.h>
/* SNI received callback type */
typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
@@ -3690,12 +3691,22 @@ WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
#ifdef HAVE_SNI
/* SNI received callback type */
typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
CallbackSniRecv); CallbackSniRecv);
WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
CallbackSniRecv); CallbackSniRecv);
WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
#endif
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);

8
wolfssl/wolfcrypt/settings.h
View File

@@ -2189,7 +2189,8 @@ extern void uITRON4_free(void *p) ;
#undef HAVE_GMTIME_R /* don't trust macro with windows */ #undef HAVE_GMTIME_R /* don't trust macro with windows */
#endif /* WOLFSSL_MYSQL_COMPATIBLE */ #endif /* WOLFSSL_MYSQL_COMPATIBLE */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(HAVE_LIGHTY)
#define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION #define SSL_OP_NO_COMPRESSION SSL_OP_NO_COMPRESSION
#define OPENSSL_NO_ENGINE #define OPENSSL_NO_ENGINE
#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
@@ -2210,7 +2211,7 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#endif #endif
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) #ifdef HAVE_SNI
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
#endif #endif
@@ -2283,7 +2284,8 @@ extern void uITRON4_free(void *p) ;
#endif #endif
/* Parts of the openssl compatibility layer require peer certs */ /* Parts of the openssl compatibility layer require peer certs */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(HAVE_LIGHTY)
#undef KEEP_PEER_CERT #undef KEEP_PEER_CERT
#define KEEP_PEER_CERT #define KEEP_PEER_CERT
#endif #endif