1 files changed, 68 insertions, 1 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 63054ab1e9..e690b9ee76 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.24 2016/08/02 07:47:11 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.25 2016/08/12 15:10:59 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -166,6 +166,7 @@ tls_config_free(struct tls_config *config)
        free(config->error.msg);
+        free(config->alpn);
        free((char *)config->ca_file);
        free((char *)config->ca_mem);
        free((char *)config->ca_path);
@@ -249,6 +250,72 @@ tls_config_parse_protocols(uint32_t *protocols, const char *protostr)
        return (0);
 }
+static int
+tls_config_parse_alpn(struct tls_config *config, const char *alpn,
+    char **alpn_data, size_t *alpn_len)
+{
+        size_t buf_len, i, len;
+        char *buf = NULL;
+        char *s = NULL;
+        char *p, *q;
+        if ((buf_len = strlen(alpn) + 1) > 65535) {
+                tls_config_set_errorx(config, "alpn too large");
+                goto err;
+        }
+        if ((buf = malloc(buf_len)) == NULL) {
+                tls_config_set_errorx(config, "out of memory");
+                goto err;
+        }
+        if ((s = strdup(alpn)) == NULL) {
+                tls_config_set_errorx(config, "out of memory");
+                goto err;
+        }
+        i = 0;
+        q = s;
+        while ((p = strsep(&q, ",")) != NULL) {
+                if ((len = strlen(p)) == 0) {
+                        tls_config_set_errorx(config,
+                            "alpn protocol with zero length");
+                        goto err;
+                }
+                if (len > 255) {
+                        tls_config_set_errorx(config,
+                            "alpn protocol too long");
+                        goto err;
+                }
+                buf[i++] = len & 0xff;
+                memcpy(&buf[i], p, len);
+                i += len;
+        }
+        free(s);
+        *alpn_data = buf;
+        *alpn_len = buf_len;
+        return (0);
+ err:
+        free(buf);
+        free(s);
+        *alpn_data = NULL;
+        *alpn_len = 0;
+        return (-1);
+}
+int
+tls_config_set_alpn(struct tls_config *config, const char *alpn)
+{
+        return tls_config_parse_alpn(config, alpn, &config->alpn,
+            &config->alpn_len);
+}
 int
 tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
 {

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 63054ab1e9..e690b9ee76 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_config.c,v 1.24 2016/08/02 07:47:11 jsing Exp $ */	1	/* $OpenBSD: tls_config.c,v 1.25 2016/08/12 15:10:59 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -166,6 +166,7 @@ tls_config_free(struct tls_config *config)
166		166
167	free(config->error.msg);	167	free(config->error.msg);
168		168
		169	free(config->alpn);
169	free((char *)config->ca_file);	170	free((char *)config->ca_file);
170	free((char *)config->ca_mem);	171	free((char *)config->ca_mem);
171	free((char *)config->ca_path);	172	free((char *)config->ca_path);
@@ -249,6 +250,72 @@ tls_config_parse_protocols(uint32_t protocols, const char protostr)
249	return (0);	250	return (0);
250	}	251	}
251		252
		253	static int
		254	tls_config_parse_alpn(struct tls_config config, const char alpn,
		255	char *alpn_data, size_t alpn_len)
		256	{
		257	size_t buf_len, i, len;
		258	char *buf = NULL;
		259	char *s = NULL;
		260	char p, q;
		261
		262	if ((buf_len = strlen(alpn) + 1) > 65535) {
		263	tls_config_set_errorx(config, "alpn too large");
		264	goto err;
		265	}
		266
		267	if ((buf = malloc(buf_len)) == NULL) {
		268	tls_config_set_errorx(config, "out of memory");
		269	goto err;
		270	}
		271
		272	if ((s = strdup(alpn)) == NULL) {
		273	tls_config_set_errorx(config, "out of memory");
		274	goto err;
		275	}
		276
		277	i = 0;
		278	q = s;
		279	while ((p = strsep(&q, ",")) != NULL) {
		280	if ((len = strlen(p)) == 0) {
		281	tls_config_set_errorx(config,
		282	"alpn protocol with zero length");
		283	goto err;
		284	}
		285	if (len > 255) {
		286	tls_config_set_errorx(config,
		287	"alpn protocol too long");
		288	goto err;
		289	}
		290	buf[i++] = len & 0xff;
		291	memcpy(&buf[i], p, len);
		292	i += len;
		293	}
		294
		295	free(s);
		296
		297	*alpn_data = buf;
		298	*alpn_len = buf_len;
		299
		300	return (0);
		301
		302	err:
		303	free(buf);
		304	free(s);
		305
		306	*alpn_data = NULL;
		307	*alpn_len = 0;
		308
		309	return (-1);
		310	}
		311
		312	int
		313	tls_config_set_alpn(struct tls_config config, const char alpn)
		314	{
		315	return tls_config_parse_alpn(config, alpn, &config->alpn,
		316	&config->alpn_len);
		317	}
		318
252	int	319	int
253	tls_config_set_ca_file(struct tls_config config, const char ca_file)	320	tls_config_set_ca_file(struct tls_config config, const char ca_file)
254	{	321	{