Add support for ALPN.

Based on OpenSSL and BoringSSL. ok bcook@
author: jsing <> 2014-12-10 14:58:56 +0000
committer: jsing <> 2014-12-10 14:58:56 +0000
commit: 73d0add4b5d2e01d460eb9eaa91dd531da22e21c (patch)
tree: e9391008296b8ff8be480e9f3e9eb1be0aab121a /src/lib/libssl/ssl.h
parent: beadb77d202842e04b02ab287d37d0397108d0a3 (diff)
download: openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.tar.gz
openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.tar.bz2
openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.zip
1 files changed, 39 insertions, 2 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index e8388923a4..0059da6791 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.74 2014/12/10 14:51:00 bcook Exp $ */
+/* $OpenBSD: ssl.h,v 1.75 2014/12/10 14:58:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -861,9 +861,33 @@ struct ssl_ctx_st {
            unsigned int inlen, void *arg);
        void *next_proto_select_cb_arg;
 # endif
+        /*
+         * ALPN information
+         * (we are in the process of transitioning from NPN to ALPN).
+         */
+        /*
+         * Server callback function that allows the server to select the
+         * protocol for the connection.
+         *   out: on successful return, this must point to the raw protocol
+         *       name (without the length prefix).
+         *   outlen: on successful return, this contains the length of out.
+         *   in: points to the client's list of supported protocols in
+         *       wire-format.
+         *   inlen: the length of in.
+         */
+        int (*alpn_select_cb)(SSL *s, const unsigned char **out,
+            unsigned char *outlen, const unsigned char *in, unsigned int inlen,
+            void *arg);
+        void *alpn_select_cb_arg;
+        /* Client list of supported protocols in wire format. */
+        unsigned char *alpn_client_proto_list;
+        unsigned int alpn_client_proto_list_len;
        /* SRTP profiles we are willing to do from RFC 5764 */
        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
 };
 #endif
@@ -954,6 +978,15 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
 #define OPENSSL_NPN_NO_OVERLAP  2
 #endif
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+    unsigned int protos_len);
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+    unsigned int protos_len);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+    int (*cb)(SSL *ssl, const unsigned char **out, unsigned char *outlen,
+    const unsigned char *in, unsigned int inlen, void *arg), void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+    unsigned int *len);
 #define SSL_NOTHING     1
 #define SSL_WRITING     2
@@ -1187,6 +1220,10 @@ struct ssl_st {
        unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
+        /* Client list of supported protocols in wire format. */
+        unsigned char *alpn_client_proto_list;
+        unsigned int alpn_client_proto_list_len;
        int renegotiate;/* 1 if we are renegotiating.
                         * 2 if we are a server and are inside a handshake
                         * (i.e. not just sending a HelloRequest) */
author	jsing <>	2014-12-10 14:58:56 +0000
committer	jsing <>	2014-12-10 14:58:56 +0000
commit	73d0add4b5d2e01d460eb9eaa91dd531da22e21c (patch)
tree	e9391008296b8ff8be480e9f3e9eb1be0aab121a /src/lib/libssl/ssl.h
parent	beadb77d202842e04b02ab287d37d0397108d0a3 (diff)
download	openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.tar.gz openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.tar.bz2 openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.zip

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index e8388923a4..0059da6791 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.74 2014/12/10 14:51:00 bcook Exp $ */	1	/* $OpenBSD: ssl.h,v 1.75 2014/12/10 14:58:56 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -861,9 +861,33 @@ struct ssl_ctx_st {
861	unsigned int inlen, void *arg);	861	unsigned int inlen, void *arg);
862	void *next_proto_select_cb_arg;	862	void *next_proto_select_cb_arg;
863	# endif	863	# endif
		864
		865	/*
		866	* ALPN information
		867	* (we are in the process of transitioning from NPN to ALPN).
		868	*/
		869
		870	/*
		871	* Server callback function that allows the server to select the
		872	* protocol for the connection.
		873	* out: on successful return, this must point to the raw protocol
		874	* name (without the length prefix).
		875	* outlen: on successful return, this contains the length of out.
		876	* in: points to the client's list of supported protocols in
		877	* wire-format.
		878	* inlen: the length of in.
		879	*/
		880	int (alpn_select_cb)(SSL s, const unsigned char **out,
		881	unsigned char outlen, const unsigned char in, unsigned int inlen,
		882	void *arg);
		883	void *alpn_select_cb_arg;
		884
		885	/* Client list of supported protocols in wire format. */
		886	unsigned char *alpn_client_proto_list;
		887	unsigned int alpn_client_proto_list_len;
		888
864	/* SRTP profiles we are willing to do from RFC 5764 */	889	/* SRTP profiles we are willing to do from RFC 5764 */
865	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;	890	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
866
867	};	891	};
868		892
869	#endif	893	#endif
@@ -954,6 +978,15 @@ void SSL_get0_next_proto_negotiated(const SSL s, const unsigned char *data,
954	#define OPENSSL_NPN_NO_OVERLAP 2	978	#define OPENSSL_NPN_NO_OVERLAP 2
955	#endif	979	#endif
956		980
		981	int SSL_CTX_set_alpn_protos(SSL_CTX ctx, const unsigned char protos,
		982	unsigned int protos_len);
		983	int SSL_set_alpn_protos(SSL ssl, const unsigned char protos,
		984	unsigned int protos_len);
		985	void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
		986	int (cb)(SSL ssl, const unsigned char *out, unsigned char outlen,
		987	const unsigned char in, unsigned int inlen, void arg), void *arg);
		988	void SSL_get0_alpn_selected(const SSL ssl, const unsigned char *data,
		989	unsigned int *len);
957		990
958	#define SSL_NOTHING 1	991	#define SSL_NOTHING 1
959	#define SSL_WRITING 2	992	#define SSL_WRITING 2
@@ -1187,6 +1220,10 @@ struct ssl_st {
1187	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */	1220	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1188	unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */	1221	unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
1189		1222
		1223	/* Client list of supported protocols in wire format. */
		1224	unsigned char *alpn_client_proto_list;
		1225	unsigned int alpn_client_proto_list_len;
		1226
1190	int renegotiate;/* 1 if we are renegotiating.	1227	int renegotiate;/* 1 if we are renegotiating.
1191	* 2 if we are a server and are inside a handshake	1228	* 2 if we are a server and are inside a handshake
1192	* (i.e. not just sending a HelloRequest) */	1229	* (i.e. not just sending a HelloRequest) */