Attachment #661347 for bug #960082

View | Details | Raw Unified | Return to bug 960082
Collapse All | Expand All




	BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
	BIO_printf(bio_err," -status           - request certificate status from server\n");
	BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
# ifndef OPENSSL_NO_NEXTPROTONEG
	BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
	BIO_printf(bio_err," -alpn arg         - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
# endif
#endif
	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
#ifndef OPENSSL_NO_SRTP
	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");

	char *servername = NULL; 
        tlsextctx tlsextcbp = 
        {NULL,0};
# ifndef OPENSSL_NO_NEXTPROTONEG
	const char *next_proto_neg_in = NULL;
	const char *alpn_in = NULL;
# endif
#endif
	char *sess_in = NULL;
	char *sess_out = NULL;
	struct sockaddr peer;

		else if (strcmp(*argv,"-nextprotoneg") == 0)
			{
			if (--argc < 1) goto bad;
			next_proto_neg_in = *(++argv);
			}
		else if (strcmp(*argv,"-alpn") == 0)
			{
			if (--argc < 1) goto bad;
			alpn_in = *(++argv);
			}
# endif
#endif
		else if (strcmp(*argv,"-serverpref") == 0)
			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
		else if (strcmp(*argv,"-legacy_renegotiation") == 0)

	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
	 * Setting read ahead solves this problem.
	 */
	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);

#if !defined(OPENSSL_NO_TLSEXT)
# if !defined(OPENSSL_NO_NEXTPROTONEG)
	if (next_proto.data)
		SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
# endif
	if (alpn_in)
		{
		unsigned short alpn_len;
		unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);

		if (alpn == NULL)
			{
			BIO_printf(bio_err, "Error parsing -alpn argument\n");
			goto end;
			}
		SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
		}
#endif

	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
	if (cipher != NULL)
		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {

	getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
	BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
	}
#endif

#if !defined(OPENSSL_NO_TLSEXT)
# if !defined(OPENSSL_NO_NEXTPROTONEG)
	if (next_proto.status != -1) {
		const unsigned char *proto;
		unsigned int proto_len;
		SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
		BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
		BIO_write(bio, proto, proto_len);
		BIO_write(bio, "\n", 1);
	}
	{
		const unsigned char *proto;
		unsigned int proto_len;
		SSL_get0_alpn_selected(s, &proto, &proto_len);
		if (proto_len > 0)
			{
			BIO_printf(bio, "ALPN protocol: ");
			BIO_write(bio, proto, proto_len);
			BIO_write(bio, "\n", 1);
			}
		else
			BIO_printf(bio, "No ALPN negotiated\n");
	}
# endif
#endif

#ifndef OPENSSL_NO_SRTP
 	{
 	SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);

Lines 574-586 static void sv_usage(void) Link Here

(-)a/apps/s_server.c (-3 / +67 lines)
574	BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");	574	BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
575	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");	575	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
576	# ifndef OPENSSL_NO_NEXTPROTONEG	576	# ifndef OPENSSL_NO_NEXTPROTONEG
577	BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");	577	BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
578	# endif	578	# endif
		579	BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
		580	#endif
579	# ifndef OPENSSL_NO_SRTP	581	# ifndef OPENSSL_NO_SRTP
580	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");	582	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
581	# endif
582	#endif	583	#endif
583	BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");	584	BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
584	BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");	585	BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
585	BIO_printf(bio_err," -status - respond to certificate status requests\n");	586	BIO_printf(bio_err," -status - respond to certificate status requests\n");
586	BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n");	587	BIO_printf(bio_err," -status_verbose - enable status request verbose printout\n");
Lines 936-947 static int next_proto_cb(SSL s, const unsigned char data, unsigned int len, Link Here
936		937
937	return SSL_TLSEXT_ERR_OK;	938	return SSL_TLSEXT_ERR_OK;
938	}	939	}
939	# endif /* ndef OPENSSL_NO_NEXTPROTONEG */	940	# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
940		941
		942	/* This the context that we pass to alpn_cb */
		943	typedef struct tlsextalpnctx_st {
		944	unsigned char *data;
		945	unsigned short len;
		946	} tlsextalpnctx;
941		947
942	#endif	948	static int alpn_cb(SSL s, const unsigned char out, unsigned char outlen, const unsigned char in, unsigned int inlen, void arg)
		949	{
		950	tlsextalpnctx *alpn_ctx = arg;
		951
		952	if (!s_quiet)
		953	{
		954	/* We can assume that \|in\| is syntactically valid. */
		955	unsigned i;
		956	BIO_printf(bio_s_out, "ALPN protocols advertised by the client: ");
		957	for (i = 0; i < inlen; )
		958	{
		959	if (i)
		960	BIO_write(bio_s_out, ", ", 2);
		961	BIO_write(bio_s_out, &in[i + 1], in[i]);
		962	i += in[i] + 1;
		963	}
		964	BIO_write(bio_s_out, "\n", 1);
		965	}
		966
		967	if (SSL_select_next_proto((unsigned char**) out, outlen, alpn_ctx->data, alpn_ctx->len, in, inlen) !=
		968	OPENSSL_NPN_NEGOTIATED)
		969	{
		970	return SSL_TLSEXT_ERR_NOACK;
		971	}
		972
		973	if (!s_quiet)
		974	{
		975	BIO_printf(bio_s_out, "ALPN protocols selected: ");
		976	BIO_write(bio_s_out, out, outlen);
		977	BIO_write(bio_s_out, "\n", 1);
		978	}
		979
		980	return SSL_TLSEXT_ERR_OK;
		981	}
		982	#endif /* ndef OPENSSL_NO_TLSEXT */
943		983
944	int MAIN(int, char **);	984	int MAIN(int, char **);
945		985
946	#ifndef OPENSSL_NO_JPAKE	986	#ifndef OPENSSL_NO_JPAKE
947	static char *jpake_secret = NULL;	987	static char *jpake_secret = NULL;
Lines 985-994 int MAIN(int argc, char *argv[]) Link Here
985	X509 *s_cert2 = NULL;	1025	X509 *s_cert2 = NULL;
986	tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};	1026	tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
987	# ifndef OPENSSL_NO_NEXTPROTONEG	1027	# ifndef OPENSSL_NO_NEXTPROTONEG
988	const char *next_proto_neg_in = NULL;	1028	const char *next_proto_neg_in = NULL;
989	tlsextnextprotoctx next_proto;	1029	tlsextnextprotoctx next_proto;
		1030	const char *alpn_in = NULL;
		1031	tlsextalpnctx alpn_ctx = { NULL, 0};
990	# endif	1032	# endif
991	#endif	1033	#endif
992	#ifndef OPENSSL_NO_PSK	1034	#ifndef OPENSSL_NO_PSK
993	/* by default do not send a PSK identity hint */	1035	/* by default do not send a PSK identity hint */
994	static char *psk_identity_hint=NULL;	1036	static char *psk_identity_hint=NULL;
Lines 1335-1344 int MAIN(int argc, char *argv[]) Link Here
1335	else if (strcmp(*argv,"-nextprotoneg") == 0)	1377	else if (strcmp(*argv,"-nextprotoneg") == 0)
1336	{	1378	{
1337	if (--argc < 1) goto bad;	1379	if (--argc < 1) goto bad;
1338	next_proto_neg_in = *(++argv);	1380	next_proto_neg_in = *(++argv);
1339	}	1381	}
		1382	else if (strcmp(*argv,"-alpn") == 0)
		1383	{
		1384	if (--argc < 1) goto bad;
		1385	alpn_in = *(++argv);
		1386	}
1340	# endif	1387	# endif
1341	#endif	1388	#endif
1342	#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)	1389	#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1343	else if (strcmp(*argv,"-jpake") == 0)	1390	else if (strcmp(*argv,"-jpake") == 0)
1344	{	1391	{
Lines 1469-1479 bad: Link Here
1469	}	1516	}
1470	}	1517	}
1471	#endif	1518	#endif
1472	}	1519	}
1473		1520
1474	#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)	1521	#if !defined(OPENSSL_NO_TLSEXT)
		1522	# if !defined(OPENSSL_NO_NEXTPROTONEG)
1475	if (next_proto_neg_in)	1523	if (next_proto_neg_in)
1476	{	1524	{
1477	unsigned short len;	1525	unsigned short len;
1478	next_proto.data = next_protos_parse(&len, next_proto_neg_in);	1526	next_proto.data = next_protos_parse(&len, next_proto_neg_in);
1479	if (next_proto.data == NULL)	1527	if (next_proto.data == NULL)
Lines 1482-1491 bad: Link Here
1482	}	1530	}
1483	else	1531	else
1484	{	1532	{
1485	next_proto.data = NULL;	1533	next_proto.data = NULL;
1486	}	1534	}
		1535	# endif
		1536	alpn_ctx.data = NULL;
		1537	if (alpn_in)
		1538	{
		1539	unsigned short len;
		1540	alpn_ctx.data = next_protos_parse(&len, alpn_in);
		1541	if (alpn_ctx.data == NULL)
		1542	goto end;
		1543	alpn_ctx.len = len;
		1544	}
1487	#endif	1545	#endif
1488		1546
1489		1547
1490	if (s_dcert_file)	1548	if (s_dcert_file)
1491	{	1549	{
Lines 1682-1691 bad: Link Here
1682		1740
1683	# ifndef OPENSSL_NO_NEXTPROTONEG	1741	# ifndef OPENSSL_NO_NEXTPROTONEG
1684	if (next_proto.data)	1742	if (next_proto.data)
1685	SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);	1743	SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
1686	# endif	1744	# endif
		1745	if (alpn_ctx.data)
		1746	SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
1687	#endif	1747	#endif
1688		1748
1689	#ifndef OPENSSL_NO_DH	1749	#ifndef OPENSSL_NO_DH
1690	if (!no_dhe)	1750	if (!no_dhe)
1691	{	1751	{
Lines 1892-1901 bad: Link Here
1892	SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);	1952	SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
1893	SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);	1953	SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
1894	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);	1954	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
1895	SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);	1955	SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
1896	}	1956	}
		1957	if (next_proto.data)
		1958	OPENSSL_free(next_proto.data);
		1959	if (alpn_ctx.data)
		1960	OPENSSL_free(alpn_ctx.data);
1897	#endif	1961	#endif
1898		1962
1899	#ifndef OPENSSL_NO_SRP	1963	#ifndef OPENSSL_NO_SRP
1900	if (srp_verifier_file != NULL)	1964	if (srp_verifier_file != NULL)
1901	{	1965	{

Lines 2988-2997 void ssl3_free(SSL *s) Link Here

(-)a/ssl/s3_lib.c (+13 lines)
2988	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);	2988	sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
2989	if (s->s3->handshake_buffer) {	2989	if (s->s3->handshake_buffer) {
2990	BIO_free(s->s3->handshake_buffer);	2990	BIO_free(s->s3->handshake_buffer);
2991	}	2991	}
2992	if (s->s3->handshake_dgst) ssl3_free_digest_list(s);	2992	if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
		2993	#ifndef OPENSSL_NO_TLSEXT
		2994	if (s->s3->alpn_selected)
		2995	OPENSSL_free(s->s3->alpn_selected);
		2996	#endif
		2997
2993	#ifndef OPENSSL_NO_SRP	2998	#ifndef OPENSSL_NO_SRP
2994	SSL_SRP_CTX_free(s);	2999	SSL_SRP_CTX_free(s);
2995	#endif	3000	#endif
2996	OPENSSL_cleanse(s->s3,sizeof *s->s3);	3001	OPENSSL_cleanse(s->s3,sizeof *s->s3);
2997	OPENSSL_free(s->s3);	3002	OPENSSL_free(s->s3);
Lines 3052-3061 void ssl3_clear(SSL *s) Link Here
3052	s->s3->handshake_buffer = NULL;	3057	s->s3->handshake_buffer = NULL;
3053	}	3058	}
3054	if (s->s3->handshake_dgst) {	3059	if (s->s3->handshake_dgst) {
3055	ssl3_free_digest_list(s);	3060	ssl3_free_digest_list(s);
3056	}	3061	}
		3062
		3063	#if !defined(OPENSSL_NO_TLSEXT)
		3064	if (s->s3->alpn_selected)
		3065	{
		3066	free(s->s3->alpn_selected);
		3067	s->s3->alpn_selected = NULL;
		3068	}
		3069	#endif
3057	memset(s->s3,0,sizeof *s->s3);	3070	memset(s->s3,0,sizeof *s->s3);
3058	s->s3->rbuf.buf = rp;	3071	s->s3->rbuf.buf = rp;
3059	s->s3->wbuf.buf = wp;	3072	s->s3->wbuf.buf = wp;
3060	s->s3->rbuf.len = rlen;	3073	s->s3->rbuf.len = rlen;
3061	s->s3->wbuf.len = wlen;	3074	s->s3->wbuf.len = wlen;




				    const unsigned char *in,
				    unsigned int inlen,
				    void *arg);
	void *next_proto_select_cb_arg;
# endif

	/* ALPN information
	 * (we are in the process of transitioning from NPN to ALPN.) */

	/* For a server, this contains a callback function that allows the
	 * server to select the protocol for the connection.
	 *   out: on successful return, this must point to the raw protocol
	 *        name (without the length prefix).
	 *   outlen: on successful return, this contains the length of |*out|.
	 *   in: points to the client's list of supported protocols in
	 *       wire-format.
	 *   inlen: the length of |in|. */
	int (*alpn_select_cb)(SSL *s,
			      const unsigned char **out,
			      unsigned char *outlen,
			      const unsigned char* in,
			      unsigned int inlen,
			      void *arg);
	void *alpn_select_cb_arg;

	/* For a client, this contains the list of supported protocols in wire
	 * format. */
	unsigned char* alpn_client_proto_list;
	unsigned alpn_client_proto_list_len;

        /* SRTP profiles we are willing to do from RFC 5764 */
        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
#endif
	};


#define OPENSSL_NPN_UNSUPPORTED	0
#define OPENSSL_NPN_NEGOTIATED	1
#define OPENSSL_NPN_NO_OVERLAP	2
#endif

int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
			    unsigned protos_len);
int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
			unsigned protos_len);
void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
				int (*cb) (SSL *ssl,
					   const unsigned char **out,
					   unsigned char *outlen,
					   const unsigned char *in,
					   unsigned int inlen,
					   void *arg),
				void *arg);
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
			    unsigned *len);

#ifndef OPENSSL_NO_PSK
/* the maximum length of the buffer given to callbacks containing the
 * resulting identity/psk */
#define PSK_MAX_IDENTITY_LEN 128
#define PSK_MAX_PSK_LEN 256

	                                   1: enabled
	                                   2: enabled, but not allowed to send Requests
	                                 */
	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
	unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */

	/* For a client, this contains the list of supported protocols in wire
	 * format. */
	unsigned char* alpn_client_proto_list;
	unsigned alpn_client_proto_list_len;
#else
#define session_ctx ctx
#endif /* OPENSSL_NO_TLSEXT */

	int renegotiate;/* 1 if we are renegotiating.




	/* This is set to true if we believe that this is a version of Safari
	 * running on OS X 10.6 or newer. We wish to know this because Safari
	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
	char is_probably_safari;
#endif /* !OPENSSL_NO_EC */

	/* ALPN information
	 * (we are in the process of transitioning from NPN to ALPN.) */

	/* In a server these point to the selected ALPN protocol after the
	 * ClientHello has been processed. In a client these contain the
	 * protocol that the server selected once the ServerHello has been
	 * processed. */
	unsigned char *alpn_selected;
	unsigned alpn_selected_len;
#endif /* !OPENSSL_NO_TLSEXT */
	} SSL3_STATE;

#endif





	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
	s->initial_ctx=ctx;
# ifndef OPENSSL_NO_NEXTPROTONEG
	s->next_proto_negotiated = NULL;
# endif

	if (s->ctx->alpn_client_proto_list)
		{
		s->alpn_client_proto_list =
			OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
		if (s->alpn_client_proto_list == NULL)
			goto err;
		memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
		       s->ctx->alpn_client_proto_list_len);
		s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
		}
#endif

	s->verify_result=X509_V_OK;

	s->method=ctx->method;

						X509_EXTENSION_free);
	if (s->tlsext_ocsp_ids)
		sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
	if (s->tlsext_ocsp_resp)
		OPENSSL_free(s->tlsext_ocsp_resp);
	if (s->alpn_client_proto_list)
		OPENSSL_free(s->alpn_client_proto_list);
#endif

	if (s->client_CA != NULL)
		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);


	{
	ctx->next_proto_select_cb = cb;
	ctx->next_proto_select_cb_arg = arg;
	}
# endif

/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
 * length-prefixed strings).
 *
 * Returns 0 on success. */
int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char* protos,
			    unsigned protos_len)
	{
	if (ctx->alpn_client_proto_list)
		OPENSSL_free(ctx->alpn_client_proto_list);

	ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
	if (!ctx->alpn_client_proto_list)
		return 1;
	memcpy(ctx->alpn_client_proto_list, protos, protos_len);
	ctx->alpn_client_proto_list_len = protos_len;

	return 0;
	}

/* SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
 * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
 * length-prefixed strings).
 *
 * Returns 0 on success. */
int SSL_set_alpn_protos(SSL *ssl, const unsigned char* protos,
			unsigned protos_len)
	{
	if (ssl->alpn_client_proto_list)
		OPENSSL_free(ssl->alpn_client_proto_list);

	ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
	if (!ssl->alpn_client_proto_list)
		return 1;
	memcpy(ssl->alpn_client_proto_list, protos, protos_len);
	ssl->alpn_client_proto_list_len = protos_len;

	return 0;
	}

/* SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
 * during ClientHello processing in order to select an ALPN protocol from the
 * client's list of offered protocols. */
void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
				int (*cb) (SSL *ssl,
					   const unsigned char **out,
					   unsigned char *outlen,
					   const unsigned char *in,
					   unsigned int inlen,
					   void *arg),
				void *arg)
	{
	ctx->alpn_select_cb = cb;
	ctx->alpn_select_cb_arg = arg;
	}

/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
 * On return it sets |*data| to point to |*len| bytes of protocol name (not
 * including the leading length-prefix byte). If the server didn't respond with
 * a negotiated protocol then |*len| will be zero. */
void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
			    unsigned *len)
	{
	*data = NULL;
	if (ssl->s3)
		*data = ssl->s3->alpn_selected;
	if (*data == NULL)
		*len = 0;
	else
		*len = ssl->s3->alpn_selected_len;
	}
#endif /* !OPENSSL_NO_TLSEXT */

int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
	const char *label, size_t llen, const unsigned char *p, size_t plen,
	int use_context)
	{

	if (a->wbuf_freelist)
		ssl_buf_freelist_free(a->wbuf_freelist);
	if (a->rbuf_freelist)
		ssl_buf_freelist_free(a->rbuf_freelist);
#endif
#ifndef OPENSSL_NO_TLSEXT
	if (a->alpn_client_proto_list != NULL)
		OPENSSL_free(a->alpn_client_proto_list);
#endif

	OPENSSL_free(a);
	}

void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)




		s2n(TLSEXT_TYPE_next_proto_neg,ret);
		s2n(0,ret);
		}
#endif

	if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len)
		{
		if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
			return NULL;
		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
		s2n(2 + s->alpn_client_proto_list_len,ret);
		s2n(s->alpn_client_proto_list_len,ret);
		memcpy(ret, s->alpn_client_proto_list,
		       s->alpn_client_proto_list_len);
		ret += s->alpn_client_proto_list_len;
		}

#ifndef OPENSSL_NO_SRTP
	if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
                {
                int el;


			s->s3->next_proto_neg_seen = 1;
			}
		}
#endif

	if (s->s3->alpn_selected)
		{
		const unsigned char *selected = s->s3->alpn_selected;
		unsigned len = s->s3->alpn_selected_len;

		if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
			return NULL;
		s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
		s2n(3 + len,ret);
		s2n(1 + len,ret);
		*ret++ = len;
		memcpy(ret, selected, len);
		ret += len;
		}

	if ((extdatalen = ret-orig-2)== 0) 
		return orig;

	s2n(extdatalen, orig);
	return ret;
	}

/* tls1_alpn_handle_client_hello is called to process the ALPN extension in a
 * ClientHello.
 *   data: the contents of the extension, not including the type and length.
 *   data_len: the number of bytes in |data|
 *   al: a pointer to the alert value to send in the event of a non-zero
 *       return.
 *
 *   returns: 0 on success. */
static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data,
					 unsigned data_len, int *al)
	{
	unsigned i;
	unsigned proto_len;
	const unsigned char *selected;
	unsigned char selected_len;
	int r;

	if (s->ctx->alpn_select_cb == NULL)
		return 0;

	if (data_len < 2)
		goto parse_error;

	/* data should contain a uint16 length followed by a series of 8-bit,
	 * length-prefixed strings. */
	i = ((unsigned) data[0]) << 8 |
	    ((unsigned) data[1]);
	data_len -= 2;
	data += 2;
	if (data_len != i)
		goto parse_error;

	if (data_len < 2)
		goto parse_error;

	for (i = 0; i < data_len;)
		{
		proto_len = data[i];
		i++;

		if (proto_len == 0)
			goto parse_error;

		if (i + proto_len < i || i + proto_len > data_len)
			goto parse_error;

		i += proto_len;
		}

	r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len,
				   s->ctx->alpn_select_cb_arg);
	if (r == SSL_TLSEXT_ERR_OK) {
		if (s->s3->alpn_selected)
			OPENSSL_free(s->s3->alpn_selected);
		s->s3->alpn_selected = OPENSSL_malloc(selected_len);
		if (!s->s3->alpn_selected)
			{
			*al = SSL_AD_INTERNAL_ERROR;
			return -1;
			}
		memcpy(s->s3->alpn_selected, selected, selected_len);
		s->s3->alpn_selected_len = selected_len;
	}
	return 0;

parse_error:
	*al = SSL_AD_DECODE_ERROR;
	return -1;
	}

#ifndef OPENSSL_NO_EC
/* ssl_check_for_safari attempts to fingerprint Safari using OS X
 * SecureTransport using the TLS extension block in |d|, of length |n|.
 * Safari, since 10.6, sends exactly these extensions, in this order:
 *   SNI,

	s->tlsext_status_type = -1;
#ifndef OPENSSL_NO_NEXTPROTONEG
	s->s3->next_proto_neg_seen = 0;
#endif

	if (s->s3->alpn_selected)
		{
		OPENSSL_free(s->s3->alpn_selected);
		s->s3->alpn_selected = NULL;
		}

#ifndef OPENSSL_NO_HEARTBEATS
	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
#endif


				}
			}
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
		else if (type == TLSEXT_TYPE_next_proto_neg &&
			 s->s3->tmp.finish_md_len == 0 &&
			 s->s3->alpn_selected == NULL)
			{
			/* We shouldn't accept this extension on a
			 * renegotiation.
			 *
			 * s->new_session will be set on renegotiation, but we

			 * Finished message could have been computed.) */
			s->s3->next_proto_neg_seen = 1;
			}
#endif

		else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
			 s->ctx->alpn_select_cb &&
			 s->s3->tmp.finish_md_len == 0)
			{
			if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
				return 0;
			/* ALPN takes precedence over NPN. */
			s->s3->next_proto_neg_seen = 0;
			}

		/* session ticket processed earlier */
#ifndef OPENSSL_NO_SRTP
		else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
			 && type == TLSEXT_TYPE_use_srtp)
			{


#ifndef OPENSSL_NO_NEXTPROTONEG
	s->s3->next_proto_neg_seen = 0;
#endif

	if (s->s3->alpn_selected)
		{
		OPENSSL_free(s->s3->alpn_selected);
		s->s3->alpn_selected = NULL;
		}

#ifndef OPENSSL_NO_HEARTBEATS
	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
	                       SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
#endif


			memcpy(s->next_proto_negotiated, selected, selected_len);
			s->next_proto_negotiated_len = selected_len;
			s->s3->next_proto_neg_seen = 1;
			}
#endif

		else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation)
			{
			unsigned len;

			/* We must have requested it. */
			if (s->alpn_client_proto_list == NULL)
				{
				*al = TLS1_AD_UNSUPPORTED_EXTENSION;
				return 0;
				}
			if (size < 4)
				{
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
				}
			/* The extension data consists of:
			 *   uint16 list_length
			 *   uint8 proto_length;
			 *   uint8 proto[proto_length]; */
			len = data[0];
			len <<= 8;
			len |= data[1];
			if (len != (unsigned) size - 2)
				{
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
				}
			len = data[2];
			if (len != (unsigned) size - 3)
				{
				*al = TLS1_AD_DECODE_ERROR;
				return 0;
				}
			if (s->s3->alpn_selected)
				OPENSSL_free(s->s3->alpn_selected);
			s->s3->alpn_selected = OPENSSL_malloc(len);
			if (!s->s3->alpn_selected)
				{
				*al = TLS1_AD_INTERNAL_ERROR;
				return 0;
				}
			memcpy(s->s3->alpn_selected, data + 3, len);
			s->s3->alpn_selected_len = len;
			}

		else if (type == TLSEXT_TYPE_renegotiate)
			{
			if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
				return 0;
			renegotiate_seen = 1;

Lines 237-246 extern "C" { Link Here

(-)a/ssl/tls1.h (+3 lines)
237	* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml	237	* http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
238	* http://tools.ietf.org/html/draft-agl-tls-padding-03	238	* http://tools.ietf.org/html/draft-agl-tls-padding-03
239	*/	239	*/
240	#define TLSEXT_TYPE_padding 21	240	#define TLSEXT_TYPE_padding 21
241		241
		242	/* ExtensionType value from draft-ietf-tls-applayerprotoneg-00 */
		243	#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
		244
242	/* ExtensionType value from RFC4507 */	245	/* ExtensionType value from RFC4507 */
243	#define TLSEXT_TYPE_session_ticket 35	246	#define TLSEXT_TYPE_session_ticket 35
244		247
245	/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */	248	/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
246	#if 0 /* will have to be provided externally for now ,	249	#if 0 /* will have to be provided externally for now ,

Return to bug 960082

Lines 360-369 static void sc_usage(void) Link Here

(-)a/apps/s_client.c (-2 / +38 lines)
360	BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");	360	BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
361	BIO_printf(bio_err," -status - request certificate status from server\n");	361	BIO_printf(bio_err," -status - request certificate status from server\n");
362	BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");	362	BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
363	# ifndef OPENSSL_NO_NEXTPROTONEG	363	# ifndef OPENSSL_NO_NEXTPROTONEG
364	BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");	364	BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
		365	BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n");
365	# endif	366	# endif
366	#endif	367	#endif
367	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");	368	BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
368	#ifndef OPENSSL_NO_SRTP	369	#ifndef OPENSSL_NO_SRTP
369	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");	370	BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
Lines 610-619 int MAIN(int argc, char **argv) Link Here
610	char *servername = NULL;	611	char *servername = NULL;
611	tlsextctx tlsextcbp =	612	tlsextctx tlsextcbp =
612	{NULL,0};	613	{NULL,0};
613	# ifndef OPENSSL_NO_NEXTPROTONEG	614	# ifndef OPENSSL_NO_NEXTPROTONEG
614	const char *next_proto_neg_in = NULL;	615	const char *next_proto_neg_in = NULL;
		616	const char *alpn_in = NULL;
615	# endif	617	# endif
616	#endif	618	#endif
617	char *sess_in = NULL;	619	char *sess_in = NULL;
618	char *sess_out = NULL;	620	char *sess_out = NULL;
619	struct sockaddr peer;	621	struct sockaddr peer;
Lines 886-895 int MAIN(int argc, char **argv) Link Here
886	else if (strcmp(*argv,"-nextprotoneg") == 0)	888	else if (strcmp(*argv,"-nextprotoneg") == 0)
887	{	889	{
888	if (--argc < 1) goto bad;	890	if (--argc < 1) goto bad;
889	next_proto_neg_in = *(++argv);	891	next_proto_neg_in = *(++argv);
890	}	892	}
		893	else if (strcmp(*argv,"-alpn") == 0)
		894	{
		895	if (--argc < 1) goto bad;
		896	alpn_in = *(++argv);
		897	}
891	# endif	898	# endif
892	#endif	899	#endif
893	else if (strcmp(*argv,"-serverpref") == 0)	900	else if (strcmp(*argv,"-serverpref") == 0)
894	off\|=SSL_OP_CIPHER_SERVER_PREFERENCE;	901	off\|=SSL_OP_CIPHER_SERVER_PREFERENCE;
895	else if (strcmp(*argv,"-legacy_renegotiation") == 0)	902	else if (strcmp(*argv,"-legacy_renegotiation") == 0)
Lines 1158-1170 bad: Link Here
1158	/* DTLS: partial reads end up discarding unread UDP bytes :-(	1165	/* DTLS: partial reads end up discarding unread UDP bytes :-(
1159	* Setting read ahead solves this problem.	1166	* Setting read ahead solves this problem.
1160	*/	1167	*/
1161	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);	1168	if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
1162		1169
1163	#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)	1170	#if !defined(OPENSSL_NO_TLSEXT)
		1171	# if !defined(OPENSSL_NO_NEXTPROTONEG)
1164	if (next_proto.data)	1172	if (next_proto.data)
1165	SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);	1173	SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
		1174	# endif
		1175	if (alpn_in)
		1176	{
		1177	unsigned short alpn_len;
		1178	unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
		1179
		1180	if (alpn == NULL)
		1181	{
		1182	BIO_printf(bio_err, "Error parsing -alpn argument\n");
		1183	goto end;
		1184	}
		1185	SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len);
		1186	}
1166	#endif	1187	#endif
1167		1188
1168	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);	1189	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
1169	if (cipher != NULL)	1190	if (cipher != NULL)
1170	if(!SSL_CTX_set_cipher_list(ctx,cipher)) {	1191	if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
Lines 2080-2098 static void print_stuff(BIO bio, SSL s, int full) Link Here
2080	getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);	2101	getsockname(sock, (struct sockaddr *)&ladd, &ladd_size);
2081	BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));	2102	BIO_printf(bio_c_out, "LOCAL PORT is %u\n", ntohs(ladd.sin_port));
2082	}	2103	}
2083	#endif	2104	#endif
2084		2105
2085	#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)	2106	#if !defined(OPENSSL_NO_TLSEXT)
		2107	# if !defined(OPENSSL_NO_NEXTPROTONEG)
2086	if (next_proto.status != -1) {	2108	if (next_proto.status != -1) {
2087	const unsigned char *proto;	2109	const unsigned char *proto;
2088	unsigned int proto_len;	2110	unsigned int proto_len;
2089	SSL_get0_next_proto_negotiated(s, &proto, &proto_len);	2111	SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
2090	BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);	2112	BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
2091	BIO_write(bio, proto, proto_len);	2113	BIO_write(bio, proto, proto_len);
2092	BIO_write(bio, "\n", 1);	2114	BIO_write(bio, "\n", 1);
2093	}	2115	}
		2116	{
		2117	const unsigned char *proto;
		2118	unsigned int proto_len;
		2119	SSL_get0_alpn_selected(s, &proto, &proto_len);
		2120	if (proto_len > 0)
		2121	{
		2122	BIO_printf(bio, "ALPN protocol: ");
		2123	BIO_write(bio, proto, proto_len);
		2124	BIO_write(bio, "\n", 1);
		2125	}
		2126	else
		2127	BIO_printf(bio, "No ALPN negotiated\n");
		2128	}
		2129	# endif
2094	#endif	2130	#endif
2095		2131
2096	#ifndef OPENSSL_NO_SRTP	2132	#ifndef OPENSSL_NO_SRTP
2097	{	2133	{
2098	SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);	2134	SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);

Lines 551-560 typedef struct ssl3_state_st Link Here

(-)a/ssl/ssl3.h (+10 lines)
551	/* This is set to true if we believe that this is a version of Safari	551	/* This is set to true if we believe that this is a version of Safari
552	* running on OS X 10.6 or newer. We wish to know this because Safari	552	* running on OS X 10.6 or newer. We wish to know this because Safari
553	* on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */	553	* on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
554	char is_probably_safari;	554	char is_probably_safari;
555	#endif /* !OPENSSL_NO_EC */	555	#endif /* !OPENSSL_NO_EC */
		556
		557	/* ALPN information
		558	* (we are in the process of transitioning from NPN to ALPN.) */
		559
		560	/* In a server these point to the selected ALPN protocol after the
		561	* ClientHello has been processed. In a client these contain the
		562	* protocol that the server selected once the ServerHello has been
		563	* processed. */
		564	unsigned char *alpn_selected;
		565	unsigned alpn_selected_len;
556	#endif /* !OPENSSL_NO_TLSEXT */	566	#endif /* !OPENSSL_NO_TLSEXT */
557	} SSL3_STATE;	567	} SSL3_STATE;
558		568
559	#endif	569	#endif
560		570

Lines 992-1001 struct ssl_ctx_st Link Here

(-)a/ssl/ssl.h (+45 lines)
992	const unsigned char *in,	992	const unsigned char *in,
993	unsigned int inlen,	993	unsigned int inlen,
994	void *arg);	994	void *arg);
995	void *next_proto_select_cb_arg;	995	void *next_proto_select_cb_arg;
996	# endif	996	# endif
		997
		998	/* ALPN information
		999	* (we are in the process of transitioning from NPN to ALPN.) */
		1000
		1001	/* For a server, this contains a callback function that allows the
		1002	* server to select the protocol for the connection.
		1003	* out: on successful return, this must point to the raw protocol
		1004	* name (without the length prefix).
		1005	* outlen: on successful return, this contains the length of \|*out\|.
		1006	* in: points to the client's list of supported protocols in
		1007	* wire-format.
		1008	* inlen: the length of \|in\|. */
		1009	int (alpn_select_cb)(SSL s,
		1010	const unsigned char **out,
		1011	unsigned char *outlen,
		1012	const unsigned char* in,
		1013	unsigned int inlen,
		1014	void *arg);
		1015	void *alpn_select_cb_arg;
		1016
		1017	/* For a client, this contains the list of supported protocols in wire
		1018	* format. */
		1019	unsigned char* alpn_client_proto_list;
		1020	unsigned alpn_client_proto_list_len;
		1021
997	/* SRTP profiles we are willing to do from RFC 5764 */	1022	/* SRTP profiles we are willing to do from RFC 5764 */
998	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;	1023	STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
999	#endif	1024	#endif
1000	};	1025	};
1001		1026
Lines 1078-1087 void SSL_get0_next_proto_negotiated(const SSL *s, Link Here
1078	#define OPENSSL_NPN_UNSUPPORTED 0	1103	#define OPENSSL_NPN_UNSUPPORTED 0
1079	#define OPENSSL_NPN_NEGOTIATED 1	1104	#define OPENSSL_NPN_NEGOTIATED 1
1080	#define OPENSSL_NPN_NO_OVERLAP 2	1105	#define OPENSSL_NPN_NO_OVERLAP 2
1081	#endif	1106	#endif
1082		1107
		1108	int SSL_CTX_set_alpn_protos(SSL_CTX ctx, const unsigned char protos,
		1109	unsigned protos_len);
		1110	int SSL_set_alpn_protos(SSL ssl, const unsigned char protos,
		1111	unsigned protos_len);
		1112	void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
		1113	int (cb) (SSL ssl,
		1114	const unsigned char **out,
		1115	unsigned char *outlen,
		1116	const unsigned char *in,
		1117	unsigned int inlen,
		1118	void *arg),
		1119	void *arg);
		1120	void SSL_get0_alpn_selected(const SSL ssl, const unsigned char *data,
		1121	unsigned *len);
		1122
1083	#ifndef OPENSSL_NO_PSK	1123	#ifndef OPENSSL_NO_PSK
1084	/* the maximum length of the buffer given to callbacks containing the	1124	/* the maximum length of the buffer given to callbacks containing the
1085	* resulting identity/psk */	1125	* resulting identity/psk */
1086	#define PSK_MAX_IDENTITY_LEN 128	1126	#define PSK_MAX_IDENTITY_LEN 128
1087	#define PSK_MAX_PSK_LEN 256	1127	#define PSK_MAX_PSK_LEN 256
Lines 1358-1367 struct ssl_st Link Here
1358	1: enabled	1398	1: enabled
1359	2: enabled, but not allowed to send Requests	1399	2: enabled, but not allowed to send Requests
1360	*/	1400	*/
1361	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */	1401	unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
1362	unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */	1402	unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
		1403
		1404	/* For a client, this contains the list of supported protocols in wire
		1405	* format. */
		1406	unsigned char* alpn_client_proto_list;
		1407	unsigned alpn_client_proto_list_len;
1363	#else	1408	#else
1364	#define session_ctx ctx	1409	#define session_ctx ctx
1365	#endif /* OPENSSL_NO_TLSEXT */	1410	#endif /* OPENSSL_NO_TLSEXT */
1366		1411
1367	int renegotiate;/* 1 if we are renegotiating.	1412	int renegotiate;/* 1 if we are renegotiating.

Lines 356-365 SSL SSL_new(SSL_CTX ctx) Link Here

(-)a/ssl/ssl_lib.c (-1 / +90 lines)
356	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);	356	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
357	s->initial_ctx=ctx;	357	s->initial_ctx=ctx;
358	# ifndef OPENSSL_NO_NEXTPROTONEG	358	# ifndef OPENSSL_NO_NEXTPROTONEG
359	s->next_proto_negotiated = NULL;	359	s->next_proto_negotiated = NULL;
360	# endif	360	# endif
		361
		362	if (s->ctx->alpn_client_proto_list)
		363	{
		364	s->alpn_client_proto_list =
		365	OPENSSL_malloc(s->ctx->alpn_client_proto_list_len);
		366	if (s->alpn_client_proto_list == NULL)
		367	goto err;
		368	memcpy(s->alpn_client_proto_list, s->ctx->alpn_client_proto_list,
		369	s->ctx->alpn_client_proto_list_len);
		370	s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len;
		371	}
361	#endif	372	#endif
362		373
363	s->verify_result=X509_V_OK;	374	s->verify_result=X509_V_OK;
364		375
365	s->method=ctx->method;	376	s->method=ctx->method;
Lines 575-584 void SSL_free(SSL *s) Link Here
575	X509_EXTENSION_free);	586	X509_EXTENSION_free);
576	if (s->tlsext_ocsp_ids)	587	if (s->tlsext_ocsp_ids)
577	sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);	588	sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
578	if (s->tlsext_ocsp_resp)	589	if (s->tlsext_ocsp_resp)
579	OPENSSL_free(s->tlsext_ocsp_resp);	590	OPENSSL_free(s->tlsext_ocsp_resp);
		591	if (s->alpn_client_proto_list)
		592	OPENSSL_free(s->alpn_client_proto_list);
580	#endif	593	#endif
581		594
582	if (s->client_CA != NULL)	595	if (s->client_CA != NULL)
583	sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);	596	sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
584		597
Lines 1667-1677 void SSL_CTX_set_next_proto_select_cb(SSL_CTX ctx, int (cb) (SSL *s, unsigned Link Here
1667	{	1680	{
1668	ctx->next_proto_select_cb = cb;	1681	ctx->next_proto_select_cb = cb;
1669	ctx->next_proto_select_cb_arg = arg;	1682	ctx->next_proto_select_cb_arg = arg;
1670	}	1683	}
1671	# endif	1684	# endif
1672	#endif	1685
		1686	/* SSL_CTX_set_alpn_protos sets the ALPN protocol list on \|ctx\| to \|protos\|.
		1687	* \|protos\| must be in wire-format (i.e. a series of non-empty, 8-bit
		1688	* length-prefixed strings).
		1689	*
		1690	* Returns 0 on success. */
		1691	int SSL_CTX_set_alpn_protos(SSL_CTX ctx, const unsigned char protos,
		1692	unsigned protos_len)
		1693	{
		1694	if (ctx->alpn_client_proto_list)
		1695	OPENSSL_free(ctx->alpn_client_proto_list);
		1696
		1697	ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len);
		1698	if (!ctx->alpn_client_proto_list)
		1699	return 1;
		1700	memcpy(ctx->alpn_client_proto_list, protos, protos_len);
		1701	ctx->alpn_client_proto_list_len = protos_len;
		1702
		1703	return 0;
		1704	}
		1705
		1706	/* SSL_set_alpn_protos sets the ALPN protocol list on \|ssl\| to \|protos\|.
		1707	* \|protos\| must be in wire-format (i.e. a series of non-empty, 8-bit
		1708	* length-prefixed strings).
		1709	*
		1710	* Returns 0 on success. */
		1711	int SSL_set_alpn_protos(SSL ssl, const unsigned char protos,
		1712	unsigned protos_len)
		1713	{
		1714	if (ssl->alpn_client_proto_list)
		1715	OPENSSL_free(ssl->alpn_client_proto_list);
		1716
		1717	ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len);
		1718	if (!ssl->alpn_client_proto_list)
		1719	return 1;
		1720	memcpy(ssl->alpn_client_proto_list, protos, protos_len);
		1721	ssl->alpn_client_proto_list_len = protos_len;
		1722
		1723	return 0;
		1724	}
		1725
		1726	/* SSL_CTX_set_alpn_select_cb sets a callback function on \|ctx\| that is called
		1727	* during ClientHello processing in order to select an ALPN protocol from the
		1728	* client's list of offered protocols. */
		1729	void SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
		1730	int (cb) (SSL ssl,
		1731	const unsigned char **out,
		1732	unsigned char *outlen,
		1733	const unsigned char *in,
		1734	unsigned int inlen,
		1735	void *arg),
		1736	void *arg)
		1737	{
		1738	ctx->alpn_select_cb = cb;
		1739	ctx->alpn_select_cb_arg = arg;
		1740	}
		1741
		1742	/* SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from \|ssl\|.
		1743	* On return it sets \|data\| to point to \|len\| bytes of protocol name (not
		1744	* including the leading length-prefix byte). If the server didn't respond with
		1745	* a negotiated protocol then \|len\| will be zero. /
		1746	void SSL_get0_alpn_selected(const SSL ssl, const unsigned char *data,
		1747	unsigned *len)
		1748	{
		1749	*data = NULL;
1750	if (ssl->s3)
1751	*data = ssl->s3->alpn_selected;
1752	if (*data == NULL)
1753	*len = 0;
1754	else
1755	*len = ssl->s3->alpn_selected_len;
1756	}
1757	#endif /* !OPENSSL_NO_TLSEXT */
1673		1758
1674	int SSL_export_keying_material(SSL s, unsigned char out, size_t olen,	1759	int SSL_export_keying_material(SSL s, unsigned char out, size_t olen,
1675	const char label, size_t llen, const unsigned char p, size_t plen,	1760	const char label, size_t llen, const unsigned char p, size_t plen,
1676	int use_context)	1761	int use_context)
1677	{	1762	{
Lines 2017-2026 void SSL_CTX_free(SSL_CTX *a) Link Here
2017	if (a->wbuf_freelist)	2102	if (a->wbuf_freelist)
2018	ssl_buf_freelist_free(a->wbuf_freelist);	2103	ssl_buf_freelist_free(a->wbuf_freelist);
2019	if (a->rbuf_freelist)	2104	if (a->rbuf_freelist)
2020	ssl_buf_freelist_free(a->rbuf_freelist);	2105	ssl_buf_freelist_free(a->rbuf_freelist);
2021	#endif	2106	#endif
		2107	#ifndef OPENSSL_NO_TLSEXT
		2108	if (a->alpn_client_proto_list != NULL)
		2109	OPENSSL_free(a->alpn_client_proto_list);
		2110	#endif
2022		2111
2023	OPENSSL_free(a);	2112	OPENSSL_free(a);
2024	}	2113	}
2025		2114
2026	void SSL_CTX_set_default_passwd_cb(SSL_CTX ctx, pem_password_cb cb)	2115	void SSL_CTX_set_default_passwd_cb(SSL_CTX ctx, pem_password_cb cb)

Lines 646-655 unsigned char ssl_add_clienthello_tlsext(SSL s, unsigned char *buf, unsigned c Link Here

(-)a/ssl/t1_lib.c (-1 / +167 lines)
646	s2n(TLSEXT_TYPE_next_proto_neg,ret);	646	s2n(TLSEXT_TYPE_next_proto_neg,ret);
647	s2n(0,ret);	647	s2n(0,ret);
648	}	648	}
649	#endif	649	#endif
650		650
		651	if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len)
		652	{
		653	if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len)
		654	return NULL;
		655	s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
		656	s2n(2 + s->alpn_client_proto_list_len,ret);
		657	s2n(s->alpn_client_proto_list_len,ret);
		658	memcpy(ret, s->alpn_client_proto_list,
		659	s->alpn_client_proto_list_len);
		660	ret += s->alpn_client_proto_list_len;
		661	}
		662
651	#ifndef OPENSSL_NO_SRTP	663	#ifndef OPENSSL_NO_SRTP
652	if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))	664	if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s))
653	{	665	{
654	int el;	666	int el;
655		667
Lines 887-903 unsigned char ssl_add_serverhello_tlsext(SSL s, unsigned char *buf, unsigned c Link Here
887	s->s3->next_proto_neg_seen = 1;	899	s->s3->next_proto_neg_seen = 1;
888	}	900	}
889	}	901	}
890	#endif	902	#endif
891		903
		904	if (s->s3->alpn_selected)
		905	{
		906	const unsigned char *selected = s->s3->alpn_selected;
		907	unsigned len = s->s3->alpn_selected_len;
		908
		909	if ((long)(limit - ret - 4 - 2 - 1 - len) < 0)
		910	return NULL;
		911	s2n(TLSEXT_TYPE_application_layer_protocol_negotiation,ret);
		912	s2n(3 + len,ret);
		913	s2n(1 + len,ret);
		914	*ret++ = len;
		915	memcpy(ret, selected, len);
		916	ret += len;
		917	}
		918
892	if ((extdatalen = ret-orig-2)== 0)	919	if ((extdatalen = ret-orig-2)== 0)
893	return orig;	920	return orig;
894		921
895	s2n(extdatalen, orig);	922	s2n(extdatalen, orig);
896	return ret;	923	return ret;
897	}	924	}
898		925
		926	/* tls1_alpn_handle_client_hello is called to process the ALPN extension in a
		927	* ClientHello.
		928	* data: the contents of the extension, not including the type and length.
		929	* data_len: the number of bytes in \|data\|
		930	* al: a pointer to the alert value to send in the event of a non-zero
		931	* return.
		932	*
		933	* returns: 0 on success. */
		934	static int tls1_alpn_handle_client_hello(SSL s, const unsigned char data,
		935	unsigned data_len, int *al)
		936	{
		937	unsigned i;
		938	unsigned proto_len;
		939	const unsigned char *selected;
		940	unsigned char selected_len;
		941	int r;
		942
		943	if (s->ctx->alpn_select_cb == NULL)
		944	return 0;
		945
		946	if (data_len < 2)
		947	goto parse_error;
		948
		949	/* data should contain a uint16 length followed by a series of 8-bit,
		950	* length-prefixed strings. */
		951	i = ((unsigned) data[0]) << 8 \|
		952	((unsigned) data[1]);
		953	data_len -= 2;
		954	data += 2;
		955	if (data_len != i)
		956	goto parse_error;
		957
		958	if (data_len < 2)
		959	goto parse_error;
		960
		961	for (i = 0; i < data_len;)
		962	{
		963	proto_len = data[i];
		964	i++;
		965
		966	if (proto_len == 0)
		967	goto parse_error;
		968
		969	if (i + proto_len < i \|\| i + proto_len > data_len)
		970	goto parse_error;
		971
		972	i += proto_len;
		973	}
		974
		975	r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len,
		976	s->ctx->alpn_select_cb_arg);
		977	if (r == SSL_TLSEXT_ERR_OK) {
		978	if (s->s3->alpn_selected)
		979	OPENSSL_free(s->s3->alpn_selected);
		980	s->s3->alpn_selected = OPENSSL_malloc(selected_len);
		981	if (!s->s3->alpn_selected)
		982	{
		983	*al = SSL_AD_INTERNAL_ERROR;
		984	return -1;
		985	}
		986	memcpy(s->s3->alpn_selected, selected, selected_len);
		987	s->s3->alpn_selected_len = selected_len;
		988	}
		989	return 0;
990
991	parse_error:
992	*al = SSL_AD_DECODE_ERROR;
993	return -1;
994	}
995
899	#ifndef OPENSSL_NO_EC	996	#ifndef OPENSSL_NO_EC
900	/* ssl_check_for_safari attempts to fingerprint Safari using OS X	997	/* ssl_check_for_safari attempts to fingerprint Safari using OS X
901	* SecureTransport using the TLS extension block in \|d\|, of length \|n\|.	998	* SecureTransport using the TLS extension block in \|d\|, of length \|n\|.
902	* Safari, since 10.6, sends exactly these extensions, in this order:	999	* Safari, since 10.6, sends exactly these extensions, in this order:
903	* SNI,	1000	* SNI,
Lines 992-1001 int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in Link Here
992	s->tlsext_status_type = -1;	1089	s->tlsext_status_type = -1;
993	#ifndef OPENSSL_NO_NEXTPROTONEG	1090	#ifndef OPENSSL_NO_NEXTPROTONEG
994	s->s3->next_proto_neg_seen = 0;	1091	s->s3->next_proto_neg_seen = 0;
995	#endif	1092	#endif
996		1093
		1094	if (s->s3->alpn_selected)
		1095	{
		1096	OPENSSL_free(s->s3->alpn_selected);
		1097	s->s3->alpn_selected = NULL;
		1098	}
		1099
997	#ifndef OPENSSL_NO_HEARTBEATS	1100	#ifndef OPENSSL_NO_HEARTBEATS
998	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED \|	1101	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED \|
999	SSL_TLSEXT_HB_DONT_SEND_REQUESTS);	1102	SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
1000	#endif	1103	#endif
1001		1104
Lines 1425-1435 int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in Link Here
1425	}	1528	}
1426	}	1529	}
1427	#endif	1530	#endif
1428	#ifndef OPENSSL_NO_NEXTPROTONEG	1531	#ifndef OPENSSL_NO_NEXTPROTONEG
1429	else if (type == TLSEXT_TYPE_next_proto_neg &&	1532	else if (type == TLSEXT_TYPE_next_proto_neg &&
1430	s->s3->tmp.finish_md_len == 0)	1533	s->s3->tmp.finish_md_len == 0 &&
		1534	s->s3->alpn_selected == NULL)
1431	{	1535	{
1432	/* We shouldn't accept this extension on a	1536	/* We shouldn't accept this extension on a
1433	* renegotiation.	1537	* renegotiation.
1434	*	1538	*
1435	* s->new_session will be set on renegotiation, but we	1539	* s->new_session will be set on renegotiation, but we
Lines 1446-1455 int ssl_parse_clienthello_tlsext(SSL s, unsigned char p, unsigned char d, in Link Here
1446	* Finished message could have been computed.) */	1550	* Finished message could have been computed.) */
1447	s->s3->next_proto_neg_seen = 1;	1551	s->s3->next_proto_neg_seen = 1;
1448	}	1552	}
1449	#endif	1553	#endif
1450		1554
		1555	else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation &&
		1556	s->ctx->alpn_select_cb &&
		1557	s->s3->tmp.finish_md_len == 0)
		1558	{
		1559	if (tls1_alpn_handle_client_hello(s, data, size, al) != 0)
		1560	return 0;
		1561	/* ALPN takes precedence over NPN. */
		1562	s->s3->next_proto_neg_seen = 0;
		1563	}
		1564
1451	/* session ticket processed earlier */	1565	/* session ticket processed earlier */
1452	#ifndef OPENSSL_NO_SRTP	1566	#ifndef OPENSSL_NO_SRTP
1453	else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)	1567	else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)
1454	&& type == TLSEXT_TYPE_use_srtp)	1568	&& type == TLSEXT_TYPE_use_srtp)
1455	{	1569	{
Lines 1511-1520 int ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d, in Link Here
1511		1625
1512	#ifndef OPENSSL_NO_NEXTPROTONEG	1626	#ifndef OPENSSL_NO_NEXTPROTONEG
1513	s->s3->next_proto_neg_seen = 0;	1627	s->s3->next_proto_neg_seen = 0;
1514	#endif	1628	#endif
1515		1629
		1630	if (s->s3->alpn_selected)
		1631	{
		1632	OPENSSL_free(s->s3->alpn_selected);
		1633	s->s3->alpn_selected = NULL;
		1634	}
		1635
1516	#ifndef OPENSSL_NO_HEARTBEATS	1636	#ifndef OPENSSL_NO_HEARTBEATS
1517	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED \|	1637	s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED \|
1518	SSL_TLSEXT_HB_DONT_SEND_REQUESTS);	1638	SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
1519	#endif	1639	#endif
1520		1640
Lines 1679-1688 int ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d, in Link Here
1679	memcpy(s->next_proto_negotiated, selected, selected_len);	1799	memcpy(s->next_proto_negotiated, selected, selected_len);
1680	s->next_proto_negotiated_len = selected_len;	1800	s->next_proto_negotiated_len = selected_len;
1681	s->s3->next_proto_neg_seen = 1;	1801	s->s3->next_proto_neg_seen = 1;
1682	}	1802	}
1683	#endif	1803	#endif
		1804
		1805	else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation)
		1806	{
		1807	unsigned len;
		1808
		1809	/* We must have requested it. */
		1810	if (s->alpn_client_proto_list == NULL)
		1811	{
		1812	*al = TLS1_AD_UNSUPPORTED_EXTENSION;
		1813	return 0;
		1814	}
		1815	if (size < 4)
		1816	{
		1817	*al = TLS1_AD_DECODE_ERROR;
		1818	return 0;
		1819	}
		1820	/* The extension data consists of:
		1821	* uint16 list_length
		1822	* uint8 proto_length;
		1823	* uint8 proto[proto_length]; */
		1824	len = data[0];
		1825	len <<= 8;
		1826	len \|= data[1];
		1827	if (len != (unsigned) size - 2)
		1828	{
		1829	*al = TLS1_AD_DECODE_ERROR;
		1830	return 0;
		1831	}
		1832	len = data[2];
		1833	if (len != (unsigned) size - 3)
		1834	{
		1835	*al = TLS1_AD_DECODE_ERROR;
		1836	return 0;
		1837	}
		1838	if (s->s3->alpn_selected)
		1839	OPENSSL_free(s->s3->alpn_selected);
		1840	s->s3->alpn_selected = OPENSSL_malloc(len);
		1841	if (!s->s3->alpn_selected)
		1842	{
		1843	*al = TLS1_AD_INTERNAL_ERROR;
		1844	return 0;
		1845	}
		1846	memcpy(s->s3->alpn_selected, data + 3, len);
		1847	s->s3->alpn_selected_len = len;
		1848	}
		1849
1684	else if (type == TLSEXT_TYPE_renegotiate)	1850	else if (type == TLSEXT_TYPE_renegotiate)
1685	{	1851	{
1686	if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))	1852	if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
1687	return 0;	1853	return 0;
1688	renegotiate_seen = 1;	1854	renegotiate_seen = 1;