Add support for ALPN.

Based on OpenSSL and BoringSSL. ok bcook@
author: jsing <> 2014-12-10 14:58:56 +0000
committer: jsing <> 2014-12-10 14:58:56 +0000
commit: 73d0add4b5d2e01d460eb9eaa91dd531da22e21c (patch)
tree: e9391008296b8ff8be480e9f3e9eb1be0aab121a /src/lib/libssl/ssl_lib.c
parent: beadb77d202842e04b02ab287d37d0397108d0a3 (diff)
download: openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.tar.gz
openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.tar.bz2
openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.zip
1 files changed, 85 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index bdd47ff87f..a03ee735ad 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.90 2014/11/16 14:12:47 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.91 2014/12/10 14:58:56 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -337,6 +337,18 @@ SSL_new(SSL_CTX *ctx)
        s->next_proto_negotiated = NULL;
 # endif
+        if (s->ctx->alpn_client_proto_list != NULL) {
+                s->alpn_client_proto_list =
+                    malloc(s->ctx->alpn_client_proto_list_len);
+                if (s->alpn_client_proto_list == NULL)
+                        goto err;
+                memcpy(s->alpn_client_proto_list,
+                    s->ctx->alpn_client_proto_list,
+                    s->ctx->alpn_client_proto_list_len);
+                s->alpn_client_proto_list_len =
+                    s->ctx->alpn_client_proto_list_len;
+        }
        s->verify_result = X509_V_OK;
        s->method = ctx->method;
@@ -551,6 +563,7 @@ SSL_free(SSL *s)
 #ifndef OPENSSL_NO_NEXTPROTONEG
        free(s->next_proto_negotiated);
 #endif
+        free(s->alpn_client_proto_list);
 #ifndef OPENSSL_NO_SRTP
        if (s->srtp_profiles)
@@ -1629,6 +1642,75 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
 }
 # endif
+/*
+ * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
+ * protocols, which must be in wire-format (i.e. a series of non-empty,
+ * 8-bit length-prefixed strings). Returns 0 on success.
+ */
+int
+SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+    unsigned int protos_len)
+{
+        free(ctx->alpn_client_proto_list);
+        if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL)
+                return (1);
+        memcpy(ctx->alpn_client_proto_list, protos, protos_len);
+        ctx->alpn_client_proto_list_len = protos_len;
+        return (0);
+}
+/*
+ * SSL_set_alpn_protos sets the ALPN protocol list to the specified
+ * protocols, which must be in wire-format (i.e. a series of non-empty,
+ * 8-bit length-prefixed strings). Returns 0 on success.
+ */
+int
+SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
+    unsigned int protos_len)
+{
+        free(ssl->alpn_client_proto_list);
+        if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL)
+                return (1);
+        memcpy(ssl->alpn_client_proto_list, protos, protos_len);
+        ssl->alpn_client_proto_list_len = protos_len;
+        return (0);
+}
+/*
+ * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
+ * ClientHello processing in order to select an ALPN protocol from the
+ * client's list of offered protocols.
+ */
+void
+SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
+    int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
+    const unsigned char *in, unsigned int inlen, void *arg), void *arg)
+{
+        ctx->alpn_select_cb = cb;
+        ctx->alpn_select_cb_arg = arg;
+}
+/*
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
+ * it sets data to point to len bytes of protocol name (not including the
+ * leading length-prefix byte). If the server didn't respond with* a negotiated
+ * protocol then len will be zero.
+ */
+void
+SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+    unsigned *len)
+{
+        *data = NULL;
+        *len = 0;
+        if (ssl->s3 != NULL) {
+                *data = ssl->s3->alpn_selected;
+                *len = ssl->s3->alpn_selected_len;
+        }
+}
 int
 SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
    const char *label, size_t llen, const unsigned char *p, size_t plen,
@@ -1894,6 +1976,8 @@ SSL_CTX_free(SSL_CTX *a)
                ENGINE_finish(a->client_cert_engine);
 #endif
+        free(a->alpn_client_proto_list);
        free(a);
 }
author	jsing <>	2014-12-10 14:58:56 +0000
committer	jsing <>	2014-12-10 14:58:56 +0000
commit	73d0add4b5d2e01d460eb9eaa91dd531da22e21c (patch)
tree	e9391008296b8ff8be480e9f3e9eb1be0aab121a /src/lib/libssl/ssl_lib.c
parent	beadb77d202842e04b02ab287d37d0397108d0a3 (diff)
download	openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.tar.gz openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.tar.bz2 openbsd-73d0add4b5d2e01d460eb9eaa91dd531da22e21c.zip

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index bdd47ff87f..a03ee735ad 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.90 2014/11/16 14:12:47 jsing Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.91 2014/12/10 14:58:56 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -337,6 +337,18 @@ SSL_new(SSL_CTX *ctx)
337	s->next_proto_negotiated = NULL;	337	s->next_proto_negotiated = NULL;
338	# endif	338	# endif
339		339
		340	if (s->ctx->alpn_client_proto_list != NULL) {
		341	s->alpn_client_proto_list =
		342	malloc(s->ctx->alpn_client_proto_list_len);
		343	if (s->alpn_client_proto_list == NULL)
		344	goto err;
		345	memcpy(s->alpn_client_proto_list,
		346	s->ctx->alpn_client_proto_list,
		347	s->ctx->alpn_client_proto_list_len);
		348	s->alpn_client_proto_list_len =
		349	s->ctx->alpn_client_proto_list_len;
		350	}
		351
340	s->verify_result = X509_V_OK;	352	s->verify_result = X509_V_OK;
341		353
342	s->method = ctx->method;	354	s->method = ctx->method;
@@ -551,6 +563,7 @@ SSL_free(SSL *s)
551	#ifndef OPENSSL_NO_NEXTPROTONEG	563	#ifndef OPENSSL_NO_NEXTPROTONEG
552	free(s->next_proto_negotiated);	564	free(s->next_proto_negotiated);
553	#endif	565	#endif
		566	free(s->alpn_client_proto_list);
554		567
555	#ifndef OPENSSL_NO_SRTP	568	#ifndef OPENSSL_NO_SRTP
556	if (s->srtp_profiles)	569	if (s->srtp_profiles)
@@ -1629,6 +1642,75 @@ SSL_CTX_set_next_proto_select_cb(SSL_CTX ctx, int (cb) (SSL *s,
1629	}	1642	}
1630	# endif	1643	# endif
1631		1644
		1645	/*
		1646	* SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
		1647	* protocols, which must be in wire-format (i.e. a series of non-empty,
		1648	* 8-bit length-prefixed strings). Returns 0 on success.
		1649	*/
		1650	int
		1651	SSL_CTX_set_alpn_protos(SSL_CTX ctx, const unsigned char protos,
		1652	unsigned int protos_len)
		1653	{
		1654	free(ctx->alpn_client_proto_list);
		1655	if ((ctx->alpn_client_proto_list = malloc(protos_len)) == NULL)
		1656	return (1);
		1657	memcpy(ctx->alpn_client_proto_list, protos, protos_len);
		1658	ctx->alpn_client_proto_list_len = protos_len;
		1659
		1660	return (0);
		1661	}
		1662
		1663	/*
		1664	* SSL_set_alpn_protos sets the ALPN protocol list to the specified
		1665	* protocols, which must be in wire-format (i.e. a series of non-empty,
		1666	* 8-bit length-prefixed strings). Returns 0 on success.
		1667	*/
		1668	int
		1669	SSL_set_alpn_protos(SSL ssl, const unsigned char protos,
		1670	unsigned int protos_len)
		1671	{
		1672	free(ssl->alpn_client_proto_list);
		1673	if ((ssl->alpn_client_proto_list = malloc(protos_len)) == NULL)
		1674	return (1);
		1675	memcpy(ssl->alpn_client_proto_list, protos, protos_len);
		1676	ssl->alpn_client_proto_list_len = protos_len;
		1677
		1678	return (0);
		1679	}
		1680
		1681	/*
		1682	* SSL_CTX_set_alpn_select_cb sets a callback function that is called during
		1683	* ClientHello processing in order to select an ALPN protocol from the
		1684	* client's list of offered protocols.
		1685	*/
		1686	void
		1687	SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
		1688	int (cb) (SSL ssl, const unsigned char *out, unsigned char outlen,
		1689	const unsigned char in, unsigned int inlen, void arg), void *arg)
		1690	{
		1691	ctx->alpn_select_cb = cb;
		1692	ctx->alpn_select_cb_arg = arg;
		1693	}
		1694
		1695	/*
		1696	* SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
		1697	* it sets data to point to len bytes of protocol name (not including the
		1698	* leading length-prefix byte). If the server didn't respond with* a negotiated
		1699	* protocol then len will be zero.
		1700	*/
		1701	void
		1702	SSL_get0_alpn_selected(const SSL ssl, const unsigned char *data,
		1703	unsigned *len)
		1704	{
		1705	*data = NULL;
		1706	*len = 0;
		1707
		1708	if (ssl->s3 != NULL) {
		1709	*data = ssl->s3->alpn_selected;
		1710	*len = ssl->s3->alpn_selected_len;
		1711	}
		1712	}
		1713
1632	int	1714	int
1633	SSL_export_keying_material(SSL s, unsigned char out, size_t olen,	1715	SSL_export_keying_material(SSL s, unsigned char out, size_t olen,
1634	const char label, size_t llen, const unsigned char p, size_t plen,	1716	const char label, size_t llen, const unsigned char p, size_t plen,
@@ -1894,6 +1976,8 @@ SSL_CTX_free(SSL_CTX *a)
1894	ENGINE_finish(a->client_cert_engine);	1976	ENGINE_finish(a->client_cert_engine);
1895	#endif	1977	#endif
1896		1978
		1979	free(a->alpn_client_proto_list);
		1980
1897	free(a);	1981	free(a);
1898	}	1982	}
1899		1983