From: Matt Caswell <matt@openssl.org>
Date: Thu, 3 Aug 2017 09:13:31 +0000 (+0100)
Subject: Add functions for getting/setting SNI/ALPN info in SSL_SESSION
X-Git-Tag: OpenSSL_1_1_1-pre1~721
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=67738645dc0b044fc7d120a3c67af5635d0d78ec

Add functions for getting/setting SNI/ALPN info in SSL_SESSION

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)
---

diff --git a/doc/man3/SSL_SESSION_get0_hostname.pod b/doc/man3/SSL_SESSION_get0_hostname.pod
index 4ed7e40a86..642daaa531 100644
--- a/doc/man3/SSL_SESSION_get0_hostname.pod
+++ b/doc/man3/SSL_SESSION_get0_hostname.pod
@@ -2,13 +2,24 @@
 
 =head1 NAME
 
-SSL_SESSION_get0_hostname - retrieve the SNI hostname associated with a session
+SSL_SESSION_get0_hostname,
+SSL_SESSION_set1_hostname,
+SSL_SESSION_get0_alpn_selected,
+SSL_SESSION_set1_alpn_selected
+- get and set SNI and ALPN data ssociated with a session
 
 =head1 SYNOPSIS
 
  #include <openssl/ssl.h>
 
  const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+ int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+
+ void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                     const unsigned char **alpn,
+                                     size_t *len);
+ int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                    size_t len);
 
 =head1 DESCRIPTION
 
@@ -18,6 +29,17 @@ client when the session was created, or NULL if no value was sent.
 The value returned is a pointer to memory maintained within B<s> and
 should not be free'd.
 
+SSL_SESSION_set1_hostname() sets the SNI value for the hostname to a copy of
+the string provided in hostname.
+
+SSL_SESSION_get0_alpn_selected() retrieves the selected ALPN protocol for this
+session and its associated length in bytes. The returned value of B<*alpn> is a
+pointer to memory maintained within B<s> and should not be free'd.
+
+SSL_SESSION_set1_alpn_selected() sets the ALPN protocol for this session to the
+value in B<*alpn> which should be of length B<len> bytes. A copy of this value
+is taken.
+
 =head1 SEE ALSO
 
 L<ssl(7)>,
@@ -25,9 +47,14 @@ L<d2i_SSL_SESSION(3)>,
 L<SSL_SESSION_get_time(3)>,
 L<SSL_SESSION_free(3)>
 
+=head1 HISTORY
+
+SSL_SESSION_set1_hostname(), SSL_SESSION_get0_alpn_selected() and
+SSL_SESSION_set1_alpn_selected() were added in OpenSSL 1.1.1.
+
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 077e8513b0..248408f691 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1535,6 +1535,13 @@ __owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
 __owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
 
 __owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len);
+__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s,
+                                          const unsigned char *alpn,
+                                          size_t len);
 __owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
 __owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
 __owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 6292d01126..1482a3e7c7 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -906,6 +906,18 @@ const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
     return s->ext.hostname;
 }
 
+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
+{
+    OPENSSL_free(s->ext.hostname);
+    if (hostname == NULL) {
+        s->ext.hostname = NULL;
+        return 1;
+    }
+    s->ext.hostname = OPENSSL_strdup(hostname);
+
+    return s->ext.hostname != NULL;
+}
+
 int SSL_SESSION_has_ticket(const SSL_SESSION *s)
 {
     return (s->ext.ticklen > 0) ? 1 : 0;
@@ -936,6 +948,33 @@ int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
     return 1;
 }
 
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len)
+{
+    *alpn = s->ext.alpn_selected;
+    *len = s->ext.alpn_selected_len;
+}
+
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                   size_t len)
+{
+    OPENSSL_free(s->ext.alpn_selected);
+    if (alpn == NULL || len == 0) {
+        s->ext.alpn_selected = NULL;
+        s->ext.alpn_selected_len = 0;
+        return 1;
+    }
+    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
+    if (s->ext.alpn_selected == NULL) {
+        s->ext.alpn_selected_len = 0;
+        return 0;
+    }
+    s->ext.alpn_selected_len = len;
+
+    return 1;
+}
+
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
 {
     return s->peer;
diff --git a/util/libssl.num b/util/libssl.num
index f3d1baacb5..14a70234e3 100644
--- a/util/libssl.num
+++ b/util/libssl.num
@@ -466,3 +466,6 @@ SSL_SESSION_dup                         466	1_1_1	EXIST::FUNCTION:
 SSL_get_pending_cipher                  467	1_1_1	EXIST::FUNCTION:
 SSL_CIPHER_get_protocol_id              468	1_1_1	EXIST::FUNCTION:
 SSL_SESSION_set_max_early_data          469	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set1_alpn_selected          470	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_set1_hostname               471	1_1_1	EXIST::FUNCTION:
+SSL_SESSION_get0_alpn_selected          472	1_1_1	EXIST::FUNCTION: