wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

wrap SNI-related code with HAVE_SNI

Browse Source 
perhaps some of this code should additionally be wrapped in
-  #ifndef NO_WOLFSSL_SERVER

It is fragile and ugly to litter the code with the likes of
-  #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
-                               defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
-                               defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
while it is much clearer and much more maintainable to wrap SNI-related
code with an SNI-specific feature-define HAVE_SNI (and possibly further
restrict with feature-define #ifndef NO_WOLFSSL_SERVER).
This commit is contained in:
Glenn Strauss
2020-12-05 17:09:19 -05:00
parent 034248b964
commit 9d095066eb
7 changed files with 36 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/internal.c
View File

@@ -27868,7 +27868,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
goto out; goto out;
} }
#endif #endif
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) #ifdef HAVE_SNI
if((ret=SNI_Callback(ssl))) if((ret=SNI_Callback(ssl)))
goto out; goto out;
ssl->options.side = WOLFSSL_SERVER_END; ssl->options.side = WOLFSSL_SERVER_END;
@@ -30327,8 +30327,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#endif /* !WOLFSSL_NO_TLS12 */ #endif /* !WOLFSSL_NO_TLS12 */
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ #ifdef HAVE_SNI
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
int SNI_Callback(WOLFSSL* ssl) int SNI_Callback(WOLFSSL* ssl)
{ {
/* Stunnel supports a custom sni callback to switch an SSL's ctx /* Stunnel supports a custom sni callback to switch an SSL's ctx
@@ -30344,7 +30343,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
} }
return 0; return 0;
} }
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif /* HAVE_SNI */
#endif /* NO_WOLFSSL_SERVER */ #endif /* NO_WOLFSSL_SERVER */

10
src/ssl.c
View File

@@ -41283,17 +41283,14 @@ long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
switch (cmd) { switch (cmd) {
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
#ifdef HAVE_SNI
case SSL_CTRL_SET_TLSEXT_HOSTNAME: case SSL_CTRL_SET_TLSEXT_HOSTNAME:
WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME."); WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME.");
#ifdef HAVE_SNI
if (pt == NULL) { if (pt == NULL) {
WOLFSSL_MSG("Passed in NULL Host Name."); WOLFSSL_MSG("Passed in NULL Host Name.");
break; break;
} }
return wolfSSL_set_tlsext_host_name(ssl, (const char*) pt); return wolfSSL_set_tlsext_host_name(ssl, (const char*) pt);
#else
WOLFSSL_MSG("SNI not enabled.");
break;
#endif /* HAVE_SNI */ #endif /* HAVE_SNI */
#endif /* WOLFSSL_NGINX || WOLFSSL_QT || OPENSSL_ALL */ #endif /* WOLFSSL_NGINX || WOLFSSL_QT || OPENSSL_ALL */
default: default:
@@ -42750,6 +42747,8 @@ VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx)
} }
#ifdef HAVE_SNI
void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb) void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb)
{ {
WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback"); WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback");
@@ -42778,6 +42777,9 @@ int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
#endif /* HAVE_SNI */
#ifndef NO_BIO #ifndef NO_BIO
void wolfSSL_ERR_load_BIO_strings(void) { void wolfSSL_ERR_load_BIO_strings(void) {
WOLFSSL_ENTER("ERR_load_BIO_strings"); WOLFSSL_ENTER("ERR_load_BIO_strings");

8
src/tls.c
View File

@@ -9186,9 +9186,11 @@ void TLSX_FreeAll(TLSX* list, void* heap)
switch (extension->type) { switch (extension->type) {
#ifdef HAVE_SNI
case TLSX_SERVER_NAME: case TLSX_SERVER_NAME:
SNI_FREE_ALL((SNI*)extension->data, heap); SNI_FREE_ALL((SNI*)extension->data, heap);
break; break;
#endif
case TLSX_TRUSTED_CA_KEYS: case TLSX_TRUSTED_CA_KEYS:
TCA_FREE_ALL((TCA*)extension->data, heap); TCA_FREE_ALL((TCA*)extension->data, heap);
@@ -9316,11 +9318,13 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType,
switch (extension->type) { switch (extension->type) {
#ifdef HAVE_SNI
case TLSX_SERVER_NAME: case TLSX_SERVER_NAME:
/* SNI only sends the name on the request. */ /* SNI only sends the name on the request. */
if (isRequest) if (isRequest)
length += SNI_GET_SIZE((SNI*)extension->data); length += SNI_GET_SIZE((SNI*)extension->data);
break; break;
#endif
case TLSX_TRUSTED_CA_KEYS: case TLSX_TRUSTED_CA_KEYS:
/* TCA only sends the list on the request. */ /* TCA only sends the list on the request. */
@@ -9464,12 +9468,14 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore,
/* extension data should be written internally. */ /* extension data should be written internally. */
switch (extension->type) { switch (extension->type) {
#ifdef HAVE_SNI
case TLSX_SERVER_NAME: case TLSX_SERVER_NAME:
if (isRequest) { if (isRequest) {
WOLFSSL_MSG("SNI extension to write"); WOLFSSL_MSG("SNI extension to write");
offset += SNI_WRITE((SNI*)extension->data, output + offset); offset += SNI_WRITE((SNI*)extension->data, output + offset);
} }
break; break;
#endif
case TLSX_TRUSTED_CA_KEYS: case TLSX_TRUSTED_CA_KEYS:
WOLFSSL_MSG("Trusted CA Indication extension to write"); WOLFSSL_MSG("Trusted CA Indication extension to write");
@@ -10871,6 +10877,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
return BUFFER_ERROR; return BUFFER_ERROR;
switch (type) { switch (type) {
#ifdef HAVE_SNI
case TLSX_SERVER_NAME: case TLSX_SERVER_NAME:
WOLFSSL_MSG("SNI extension received"); WOLFSSL_MSG("SNI extension received");
#ifdef WOLFSSL_DEBUG_TLS #ifdef WOLFSSL_DEBUG_TLS
@@ -10891,6 +10898,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
#endif #endif
ret = SNI_PARSE(ssl, input + offset, size, isRequest); ret = SNI_PARSE(ssl, input + offset, size, isRequest);
break; break;
#endif
case TLSX_TRUSTED_CA_KEYS: case TLSX_TRUSTED_CA_KEYS:
WOLFSSL_MSG("Trusted CA extension received"); WOLFSSL_MSG("Trusted CA extension received");

5
src/tls13.c
View File

@@ -4001,12 +4001,11 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
} }
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ #ifdef HAVE_SNI
defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)
if ((ret = SNI_Callback(ssl)) != 0) if ((ret = SNI_Callback(ssl)) != 0)
return ret; return ret;
ssl->options.side = WOLFSSL_SERVER_END; ssl->options.side = WOLFSSL_SERVER_END;
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #endif
i += totalExtSz; i += totalExtSz;
*inOutIdx = i; *inOutIdx = i;

10
wolfssl/internal.h
View File

@@ -1713,9 +1713,11 @@ WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
int ivSz); int ivSz);
WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz); WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) #ifdef HAVE_SNI
#ifndef NO_WOLFSSL_SERVER
WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl); WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
#endif #endif
#endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
word16 sz, const byte* aad, word16 aadSz); word16 sz, const byte* aad, word16 aadSz);
@@ -2163,7 +2165,9 @@ typedef struct Keys {
#ifdef HAVE_TLS_EXTENSIONS #ifdef HAVE_TLS_EXTENSIONS
typedef enum { typedef enum {
#ifdef HAVE_SNI
TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */ TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
#endif
TLSX_MAX_FRAGMENT_LENGTH = 0x0001, TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
TLSX_TRUSTED_CA_KEYS = 0x0003, TLSX_TRUSTED_CA_KEYS = 0x0003,
TLSX_TRUNCATED_HMAC = 0x0004, TLSX_TRUNCATED_HMAC = 0x0004,
@@ -2818,9 +2822,7 @@ struct WOLFSSL_CTX {
CallbackALPNSelect alpnSelect; CallbackALPNSelect alpnSelect;
void* alpnSelectArg; void* alpnSelectArg;
#endif #endif
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ #ifdef HAVE_SNI
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
CallbackSniRecv sniRecvCb; CallbackSniRecv sniRecvCb;
void* sniRecvCbArg; void* sniRecvCbArg;
#endif #endif

13
wolfssl/ssl.h
View File

@@ -3544,9 +3544,6 @@ WOLFSSL_API int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req,
#include <wolfssl/openssl/crypto.h> #include <wolfssl/openssl/crypto.h>
/* SNI received callback type */
typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
@@ -3677,12 +3674,22 @@ WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*);
WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*);
#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */
#ifdef HAVE_SNI
/* SNI received callback type */
typedef int (*CallbackSniRecv)(WOLFSSL *ssl, int *ret, void* exArg);
WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *,
CallbackSniRecv); CallbackSniRecv);
WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *,
CallbackSniRecv); CallbackSniRecv);
WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); WOLFSSL_API int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*);
#endif
#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) \
|| defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*);

3
wolfssl/wolfcrypt/settings.h
View File

@@ -2195,8 +2195,7 @@ extern void uITRON4_free(void *p) ;
#endif #endif
#endif #endif
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) \ #ifdef HAVE_SNI
|| defined(HAVE_LIGHTY)
#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
#endif #endif