Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(266)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: patches/channelid.patch

Issue 12459028: Restore the x509_hash_name_alpgorithm_change patch. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/openssl/
Patch Set: Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « patches/README ('k') | patches/clang.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff -ur openssl/crypto/evp/evp.h openssl.channelid/crypto/evp/evp.h
2 --- openssl/crypto/evp/evp.h 2012-05-16 12:44:09.000000000 -0400
3 +++ openssl.channelid/crypto/evp/evp.h 2012-08-28 16:19:15.195752493 -0400
4 @@ -922,6 +922,7 @@
5 #endif
6
7 EVP_PKEY * EVP_PKEY_new(void);
8 +EVP_PKEY * EVP_PKEY_dup(EVP_PKEY *pkey);
9 void EVP_PKEY_free(EVP_PKEY *pkey);
10
11 EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
12 diff -ur openssl/crypto/evp/p_lib.c openssl.channelid/crypto/evp/p_lib.c
13 --- openssl/crypto/evp/p_lib.c 2011-02-01 09:46:34.000000000 -0500
14 +++ openssl.channelid/crypto/evp/p_lib.c 2012-08-29 16:22:27.467810070 -0 400
15 @@ -200,6 +200,12 @@
16 return(ret);
17 }
18
19 +EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey)
20 + {
21 + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
22 + return pkey;
23 + }
24 +
25 /* Setup a public key ASN1 method and ENGINE from a NID or a string.
26 * If pkey is NULL just return 1 or 0 if the algorithm exists.
27 */
28 diff -ur openssl/ssl/s3_both.c openssl.channelid/ssl/s3_both.c
29 --- openssl/ssl/s3_both.c 2012-08-28 16:04:21.173349370 -0400
30 +++ openssl.channelid/ssl/s3_both.c 2012-08-28 16:04:40.583618671 -0400
31 @@ -544,7 +544,8 @@
32 ssl3_take_mac(s);
33 #endif
34 /* Feed this message into MAC computation. */
35 - ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
36 + if (*s->init_buf->data != SSL3_MT_ENCRYPTED_EXTENSIONS)
37 + ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_n um + 4);
38 if (s->msg_callback)
39 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d ata, (size_t)s->init_num + 4, s, s->msg_callback_arg);
40 *ok=1;
41 diff -ur openssl/ssl/s3_clnt.c openssl.channelid/ssl/s3_clnt.c
42 --- openssl/ssl/s3_clnt.c 2012-08-28 16:04:21.173349370 -0400
43 +++ openssl.channelid/ssl/s3_clnt.c 2012-08-28 16:04:42.563646142 -0400
44 @@ -465,14 +465,14 @@
45 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
46 if (ret <= 0) goto end;
47
48 -
49 -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
50 s->state=SSL3_ST_CW_FINISHED_A;
51 -#else
52 +#if !defined(OPENSSL_NO_TLSEXT)
53 + if (s->s3->tlsext_channel_id_valid)
54 + s->state=SSL3_ST_CW_CHANNEL_ID_A;
55 +# if !defined(OPENSSL_NO_NEXTPROTONEG)
56 if (s->s3->next_proto_neg_seen)
57 s->state=SSL3_ST_CW_NEXT_PROTO_A;
58 - else
59 - s->state=SSL3_ST_CW_FINISHED_A;
60 +# endif
61 #endif
62 s->init_num=0;
63
64 @@ -506,6 +506,18 @@
65 case SSL3_ST_CW_NEXT_PROTO_B:
66 ret=ssl3_send_next_proto(s);
67 if (ret <= 0) goto end;
68 + if (s->s3->tlsext_channel_id_valid)
69 + s->state=SSL3_ST_CW_CHANNEL_ID_A;
70 + else
71 + s->state=SSL3_ST_CW_FINISHED_A;
72 + break;
73 +#endif
74 +
75 +#if !defined(OPENSSL_NO_TLSEXT)
76 + case SSL3_ST_CW_CHANNEL_ID_A:
77 + case SSL3_ST_CW_CHANNEL_ID_B:
78 + ret=ssl3_send_channel_id(s);
79 + if (ret <= 0) goto end;
80 s->state=SSL3_ST_CW_FINISHED_A;
81 break;
82 #endif
83 @@ -3339,7 +3351,8 @@
84 return(0);
85 }
86
87 -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
88 +#if !defined(OPENSSL_NO_TLSEXT)
89 +# if !defined(OPENSSL_NO_NEXTPROTONEG)
90 int ssl3_send_next_proto(SSL *s)
91 {
92 unsigned int len, padding_len;
93 @@ -3363,7 +3376,116 @@
94
95 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
96 }
97 -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
98 +# endif /* !OPENSSL_NO_NEXTPROTONEG */
99 +
100 +int ssl3_send_channel_id(SSL *s)
101 + {
102 + unsigned char *d;
103 + int ret = -1, public_key_len;
104 + EVP_MD_CTX md_ctx;
105 + size_t sig_len;
106 + ECDSA_SIG *sig = NULL;
107 + unsigned char *public_key = NULL, *derp, *der_sig = NULL;
108 +
109 + if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
110 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
111 +
112 + d = (unsigned char *)s->init_buf->data;
113 + *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
114 + l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
115 + s2n(TLSEXT_TYPE_channel_id, d);
116 + s2n(TLSEXT_CHANNEL_ID_SIZE, d);
117 +
118 + EVP_MD_CTX_init(&md_ctx);
119 +
120 + public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL);
121 + if (public_key_len <= 0)
122 + {
123 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_ KEY);
124 + goto err;
125 + }
126 + // i2d_PublicKey will produce an ANSI X9.62 public key which, for a
127 + // P-256 key, is 0x04 (meaning uncompressed) followed by the x and y
128 + // field elements as 32-byte, big-endian numbers.
129 + if (public_key_len != 65)
130 + {
131 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256);
132 + goto err;
133 + }
134 + public_key = OPENSSL_malloc(public_key_len);
135 + if (!public_key)
136 + {
137 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);
138 + goto err;
139 + }
140 +
141 + derp = public_key;
142 + i2d_PublicKey(s->tlsext_channel_id_private, &derp);
143 +
144 + if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL,
145 + s->tlsext_channel_id_private) != 1)
146 + {
147 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNINIT_FAILE D);
148 + goto err;
149 + }
150 +
151 + if (!tls1_channel_id_hash(&md_ctx, s))
152 + goto err;
153 +
154 + if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len))
155 + {
156 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAIL ED);
157 + goto err;
158 + }
159 +
160 + der_sig = OPENSSL_malloc(sig_len);
161 + if (!der_sig)
162 + {
163 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);
164 + goto err;
165 + }
166 +
167 + if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len))
168 + {
169 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAIL ED);
170 + goto err;
171 + }
172 +
173 + derp = der_sig;
174 + sig = d2i_ECDSA_SIG(NULL, &derp, sig_len);
175 + if (sig == NULL)
176 + {
177 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG);
178 + goto err;
179 + }
180 +
181 + // The first byte of public_key will be 0x4, denoting an uncompressed ke y.
182 + memcpy(d, public_key + 1, 64);
183 + d += 64;
184 + memset(d, 0, 2 * 32);
185 + BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r));
186 + d += 32;
187 + BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s));
188 + d += 32;
189 +
190 + s->state = SSL3_ST_CW_CHANNEL_ID_B;
191 + s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE;
192 + s->init_off = 0;
193 +
194 + ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE);
195 +
196 +err:
197 + EVP_MD_CTX_cleanup(&md_ctx);
198 + if (public_key)
199 + OPENSSL_free(public_key);
200 + if (der_sig)
201 + OPENSSL_free(der_sig);
202 + if (sig)
203 + ECDSA_SIG_free(sig);
204 +
205 + return ret;
206 + }
207 +#endif /* !OPENSSL_NO_TLSEXT */
208
209 /* Check to see if handshake is full or resumed. Usually this is just a
210 * case of checking to see if a cache hit has occurred. In the case of
211 diff -ur openssl/ssl/s3_lib.c openssl.channelid/ssl/s3_lib.c
212 --- openssl/ssl/s3_lib.c 2012-08-28 16:04:21.173349370 -0400
213 +++ openssl.channelid/ssl/s3_lib.c 2012-08-28 16:19:15.195752493 -0400
214 @@ -2951,6 +2951,11 @@
215 #ifndef OPENSSL_NO_SRP
216 SSL_SRP_CTX_init(s);
217 #endif
218 +#if !defined(OPENSSL_NO_TLSEXT)
219 + s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled;
220 + if (s->ctx->tlsext_channel_id_private)
221 + s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_chann el_id_private);
222 +#endif
223 s->method->ssl_clear(s);
224 return(1);
225 err:
226 @@ -3074,6 +3079,10 @@
227 s->next_proto_negotiated_len = 0;
228 }
229 #endif
230 +
231 +#if !defined(OPENSSL_NO_TLSEXT)
232 + s->s3->tlsext_channel_id_valid = 0;
233 +#endif
234 }
235
236 #ifndef OPENSSL_NO_SRP
237 @@ -3348,6 +3357,35 @@
238 ret = 1;
239 break;
240 #endif
241 + case SSL_CTRL_CHANNEL_ID:
242 + if (!s->server)
243 + break;
244 + s->tlsext_channel_id_enabled = 1;
245 + ret = 1;
246 + break;
247 +
248 + case SSL_CTRL_SET_CHANNEL_ID:
249 + if (s->server)
250 + break;
251 + s->tlsext_channel_id_enabled = 1;
252 + if (EVP_PKEY_bits(parg) != 256)
253 + {
254 + SSLerr(SSL_F_SSL3_CTRL,SSL_R_CHANNEL_ID_NOT_P256);
255 + break;
256 + }
257 + if (s->tlsext_channel_id_private)
258 + EVP_PKEY_free(s->tlsext_channel_id_private);
259 + s->tlsext_channel_id_private = (EVP_PKEY*) parg;
260 + ret = 1;
261 + break;
262 +
263 + case SSL_CTRL_GET_CHANNEL_ID:
264 + if (!s->server)
265 + break;
266 + if (!s->s3->tlsext_channel_id_valid)
267 + break;
268 + memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
269 + return 64;
270
271 #endif /* !OPENSSL_NO_TLSEXT */
272 default:
273 @@ -3569,6 +3607,12 @@
274 }
275 return 1;
276 }
277 + case SSL_CTRL_CHANNEL_ID:
278 + /* must be called on a server */
279 + if (ctx->method->ssl_accept == ssl_undefined_function)
280 + return 0;
281 + ctx->tlsext_channel_id_enabled=1;
282 + return 1;
283
284 #ifdef TLSEXT_TYPE_opaque_prf_input
285 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
286 @@ -3637,6 +3681,18 @@
287 }
288 break;
289
290 + case SSL_CTRL_SET_CHANNEL_ID:
291 + ctx->tlsext_channel_id_enabled = 1;
292 + if (EVP_PKEY_bits(parg) != 256)
293 + {
294 + SSLerr(SSL_F_SSL3_CTX_CTRL,SSL_R_CHANNEL_ID_NOT_P256);
295 + break;
296 + }
297 + if (ctx->tlsext_channel_id_private)
298 + EVP_PKEY_free(ctx->tlsext_channel_id_private);
299 + ctx->tlsext_channel_id_private = (EVP_PKEY*) parg;
300 + break;
301 +
302 default:
303 return(0);
304 }
305 diff -ur openssl/ssl/s3_srvr.c openssl.channelid/ssl/s3_srvr.c
306 --- openssl/ssl/s3_srvr.c 2012-08-28 16:04:21.173349370 -0400
307 +++ openssl.channelid/ssl/s3_srvr.c 2012-08-28 16:04:40.593618810 -0400
308 @@ -158,8 +158,11 @@
309 #include <openssl/buffer.h>
310 #include <openssl/rand.h>
311 #include <openssl/objects.h>
312 +#include <openssl/ec.h>
313 +#include <openssl/ecdsa.h>
314 #include <openssl/evp.h>
315 #include <openssl/hmac.h>
316 +#include <openssl/sha.h>
317 #include <openssl/x509.h>
318 #ifndef OPENSSL_NO_DH
319 #include <openssl/dh.h>
320 @@ -621,15 +624,8 @@
321 * the client uses its key from the certificate
322 * for key exchange.
323 */
324 -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
325 - s->state=SSL3_ST_SR_FINISHED_A;
326 -#else
327 - if (s->s3->next_proto_neg_seen)
328 - s->state=SSL3_ST_SR_NEXT_PROTO_A;
329 - else
330 - s->state=SSL3_ST_SR_FINISHED_A;
331 -#endif
332 s->init_num = 0;
333 + s->state=SSL3_ST_SR_POST_CLIENT_CERT;
334 }
335 else if (TLS1_get_version(s) >= TLS1_2_VERSION)
336 {
337 @@ -689,16 +685,28 @@
338 ret=ssl3_get_cert_verify(s);
339 if (ret <= 0) goto end;
340
341 -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
342 - s->state=SSL3_ST_SR_FINISHED_A;
343 -#else
344 - if (s->s3->next_proto_neg_seen)
345 + s->state=SSL3_ST_SR_POST_CLIENT_CERT;
346 + s->init_num=0;
347 + break;
348 +
349 + case SSL3_ST_SR_POST_CLIENT_CERT: {
350 + char next_proto_neg = 0;
351 + char channel_id = 0;
352 +#if !defined(OPENSSL_NO_TLSEXT)
353 +# if !defined(OPENSSL_NO_NEXTPROTONEG)
354 + next_proto_neg = s->s3->next_proto_neg_seen;
355 +# endif
356 + channel_id = s->s3->tlsext_channel_id_valid;
357 +#endif
358 +
359 + if (next_proto_neg)
360 s->state=SSL3_ST_SR_NEXT_PROTO_A;
361 + else if (channel_id)
362 + s->state=SSL3_ST_SR_CHANNEL_ID_A;
363 else
364 s->state=SSL3_ST_SR_FINISHED_A;
365 -#endif
366 - s->init_num=0;
367 break;
368 + }
369
370 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
371 case SSL3_ST_SR_NEXT_PROTO_A:
372 @@ -706,6 +714,19 @@
373 ret=ssl3_get_next_proto(s);
374 if (ret <= 0) goto end;
375 s->init_num = 0;
376 + if (s->s3->tlsext_channel_id_valid)
377 + s->state=SSL3_ST_SR_CHANNEL_ID_A;
378 + else
379 + s->state=SSL3_ST_SR_FINISHED_A;
380 + break;
381 +#endif
382 +
383 +#if !defined(OPENSSL_NO_TLSEXT)
384 + case SSL3_ST_SR_CHANNEL_ID_A:
385 + case SSL3_ST_SR_CHANNEL_ID_B:
386 + ret=ssl3_get_channel_id(s);
387 + if (ret <= 0) goto end;
388 + s->init_num = 0;
389 s->state=SSL3_ST_SR_FINISHED_A;
390 break;
391 #endif
392 @@ -777,16 +798,7 @@
393 if (ret <= 0) goto end;
394 s->state=SSL3_ST_SW_FLUSH;
395 if (s->hit)
396 - {
397 -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
398 - s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
399 -#else
400 - if (s->s3->next_proto_neg_seen)
401 - s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PR OTO_A;
402 - else
403 - s->s3->tmp.next_state=SSL3_ST_SR_FINISHE D_A;
404 -#endif
405 - }
406 + s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CER T;
407 else
408 s->s3->tmp.next_state=SSL_ST_OK;
409 s->init_num=0;
410 @@ -3679,4 +3691,140 @@
411 return 1;
412 }
413 # endif
414 +
415 +/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */
416 +int ssl3_get_channel_id(SSL *s)
417 + {
418 + int ret = -1, ok;
419 + long n;
420 + const unsigned char *p;
421 + unsigned short extension_type, extension_len;
422 + EC_GROUP* p256 = NULL;
423 + EC_KEY* key = NULL;
424 + EC_POINT* point = NULL;
425 + ECDSA_SIG sig;
426 + BIGNUM x, y;
427 +
428 + if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0)
429 + {
430 + /* The first time that we're called we take the current
431 + * handshake hash and store it. */
432 + EVP_MD_CTX md_ctx;
433 + unsigned int len;
434 +
435 + EVP_MD_CTX_init(&md_ctx);
436 + EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL);
437 + if (!tls1_channel_id_hash(&md_ctx, s))
438 + return -1;
439 + len = sizeof(s->s3->tlsext_channel_id);
440 + EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len);
441 + EVP_MD_CTX_cleanup(&md_ctx);
442 + }
443 +
444 + n = s->method->ssl_get_message(s,
445 + SSL3_ST_SR_CHANNEL_ID_A,
446 + SSL3_ST_SR_CHANNEL_ID_B,
447 + SSL3_MT_ENCRYPTED_EXTENSIONS,
448 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE,
449 + &ok);
450 +
451 + if (!ok)
452 + return((int)n);
453 +
454 + ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4);
455 +
456 + /* s->state doesn't reflect whether ChangeCipherSpec has been received
457 + * in this handshake, but s->s3->change_cipher_spec does (will be reset
458 + * by ssl3_get_finished). */
459 + if (!s->s3->change_cipher_spec)
460 + {
461 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_GOT_CHANNEL_ID_BEFORE_A_C CS);
462 + return -1;
463 + }
464 +
465 + if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE)
466 + {
467 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
468 + return -1;
469 + }
470 +
471 + p = (unsigned char *)s->init_msg;
472 +
473 + /* The payload looks like:
474 + * uint16 extension_type
475 + * uint16 extension_len;
476 + * uint8 x[32];
477 + * uint8 y[32];
478 + * uint8 r[32];
479 + * uint8 s[32];
480 + */
481 + n2s(p, extension_type);
482 + n2s(p, extension_len);
483 +
484 + if (extension_type != TLSEXT_TYPE_channel_id ||
485 + extension_len != TLSEXT_CHANNEL_ID_SIZE)
486 + {
487 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
488 + return -1;
489 + }
490 +
491 + p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
492 + if (!p256)
493 + {
494 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_NO_P256_SUPPORT);
495 + return -1;
496 + }
497 +
498 + BN_init(&x);
499 + BN_init(&y);
500 + sig.r = BN_new();
501 + sig.s = BN_new();
502 +
503 + if (BN_bin2bn(p + 0, 32, &x) == NULL ||
504 + BN_bin2bn(p + 32, 32, &y) == NULL ||
505 + BN_bin2bn(p + 64, 32, sig.r) == NULL ||
506 + BN_bin2bn(p + 96, 32, sig.s) == NULL)
507 + goto err;
508 +
509 + point = EC_POINT_new(p256);
510 + if (!point ||
511 + !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL))
512 + goto err;
513 +
514 + key = EC_KEY_new();
515 + if (!key ||
516 + !EC_KEY_set_group(key, p256) ||
517 + !EC_KEY_set_public_key(key, point))
518 + goto err;
519 +
520 + /* We stored the handshake hash in |tlsext_channel_id| the first time
521 + * that we were called. */
522 + switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH, &sig, key)) {
523 + case 1:
524 + break;
525 + case 0:
526 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_CHANNEL_ID_SIGNATURE_INVA LID);
527 + s->s3->tlsext_channel_id_valid = 0;
528 + goto err;
529 + default:
530 + s->s3->tlsext_channel_id_valid = 0;
531 + goto err;
532 + }
533 +
534 + memcpy(s->s3->tlsext_channel_id, p, 64);
535 + ret = 1;
536 +
537 +err:
538 + BN_free(&x);
539 + BN_free(&y);
540 + BN_free(sig.r);
541 + BN_free(sig.s);
542 + if (key)
543 + EC_KEY_free(key);
544 + if (point)
545 + EC_POINT_free(point);
546 + if (p256)
547 + EC_GROUP_free(p256);
548 + return ret;
549 + }
550 #endif
551 diff -ur openssl/ssl/ssl.h openssl.channelid/ssl/ssl.h
552 --- openssl/ssl/ssl.h 2012-08-28 16:04:21.183349508 -0400
553 +++ openssl.channelid/ssl/ssl.h 2012-08-28 16:19:15.195752493 -0400
554 @@ -1016,6 +1016,12 @@
555 # endif
556 /* SRTP profiles we are willing to do from RFC 5764 */
557 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
558 +
559 + /* If true, a client will advertise the Channel ID extension and a
560 + * server will echo it. */
561 + char tlsext_channel_id_enabled;
562 + /* The client's Channel ID private key. */
563 + EVP_PKEY *tlsext_channel_id_private;
564 #endif
565 };
566
567 @@ -1057,6 +1063,10 @@
568 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
569 #define SSL_CTX_sess_cache_full(ctx) \
570 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
571 +/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client
572 + * IDs from clients. Returns 1 on success. */
573 +#define SSL_CTX_enable_tls_channel_id(ctx) \
574 + SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
575
576 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
577 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *s ess);
578 @@ -1400,6 +1410,13 @@
579 */
580 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
581 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
582 +
583 + /* Copied from the SSL_CTX. For a server, means that we'll accept
584 + * Channel IDs from clients. For a client, means that we'll advertise
585 + * support. */
586 + char tlsext_channel_id_enabled;
587 + /* The client's Channel ID private key. */
588 + EVP_PKEY *tlsext_channel_id_private;
589 #else
590 #define session_ctx ctx
591 #endif /* OPENSSL_NO_TLSEXT */
592 @@ -1659,6 +1676,9 @@
593 #define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
594 #define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
595 #endif
596 +#define SSL_CTRL_CHANNEL_ID 88
597 +#define SSL_CTRL_GET_CHANNEL_ID 89
598 +#define SSL_CTRL_SET_CHANNEL_ID 90
599 #endif
600
601 #define DTLS_CTRL_GET_TIMEOUT 73
602 @@ -1706,6 +1726,25 @@
603 #define SSL_set_tmp_ecdh(ssl,ecdh) \
604 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
605
606 +/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client
607 + * IDs from clients. Returns 1 on success. */
608 +#define SSL_enable_tls_channel_id(ctx) \
609 + SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
610 +/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
611 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
612 + * success. */
613 +#define SSL_set1_tls_channel_id(s, private_key) \
614 + SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
615 +#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \
616 + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
617 +/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*
618 + * and copies up to the first |channel_id_len| bytes into |channel_id|. The
619 + * Channel ID consists of the client's P-256 public key as an (x,y) pair where
620 + * each is a 32-byte, big-endian field element. Returns 0 if the client didn't
621 + * offer a Channel ID and the length of the complete Channel ID otherwise. */
622 +#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \
623 + SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id)
624 +
625 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
626 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
627 #define SSL_CTX_get_extra_chain_certs(ctx,px509) \
628 @@ -2207,6 +2246,7 @@
629 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
630 #define SSL_F_SSL3_GET_CERT_STATUS 289
631 #define SSL_F_SSL3_GET_CERT_VERIFY 136
632 +#define SSL_F_SSL3_GET_CHANNEL_ID 317
633 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
634 #define SSL_F_SSL3_GET_CLIENT_HELLO 138
635 #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
636 @@ -2226,6 +2266,7 @@
637 #define SSL_F_SSL3_READ_BYTES 148
638 #define SSL_F_SSL3_READ_N 149
639 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
640 +#define SSL_F_SSL3_SEND_CHANNEL_ID 318
641 #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
642 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
643 #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
644 @@ -2391,12 +2432,15 @@
645 #define SSL_R_BIO_NOT_SET 128
646 #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
647 #define SSL_R_BN_LIB 130
648 +#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 376
649 #define SSL_R_CA_DN_LENGTH_MISMATCH 131
650 #define SSL_R_CA_DN_TOO_LONG 132
651 #define SSL_R_CCS_RECEIVED_EARLY 133
652 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134
653 #define SSL_R_CERT_LENGTH_MISMATCH 135
654 #define SSL_R_CHALLENGE_IS_DIFFERENT 136
655 +#define SSL_R_CHANNEL_ID_NOT_P256 375
656 +#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 371
657 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
658 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
659 #define SSL_R_CIPHER_TABLE_SRC_ERROR 139
660 @@ -2409,6 +2453,7 @@
661 #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
662 #define SSL_R_CONNECTION_TYPE_NOT_SET 144
663 #define SSL_R_COOKIE_MISMATCH 308
664 +#define SSL_R_D2I_ECDSA_SIG 379
665 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
666 #define SSL_R_DATA_LENGTH_TOO_LONG 146
667 #define SSL_R_DECRYPTION_FAILED 147
668 @@ -2426,9 +2471,12 @@
669 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
670 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
671 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
672 +#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 377
673 +#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 378
674 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
675 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153
676 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
677 +#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 372
678 #define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
679 #define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
680 #define SSL_R_HTTPS_PROXY_REQUEST 155
681 @@ -2438,6 +2486,7 @@
682 #define SSL_R_INVALID_CHALLENGE_LENGTH 158
683 #define SSL_R_INVALID_COMMAND 280
684 #define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
685 +#define SSL_R_INVALID_MESSAGE 374
686 #define SSL_R_INVALID_PURPOSE 278
687 #define SSL_R_INVALID_SRP_USERNAME 357
688 #define SSL_R_INVALID_STATUS_RESPONSE 328
689 @@ -2492,6 +2541,7 @@
690 #define SSL_R_NO_COMPRESSION_SPECIFIED 187
691 #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
692 #define SSL_R_NO_METHOD_SPECIFIED 188
693 +#define SSL_R_NO_P256_SUPPORT 373
694 #define SSL_R_NO_PRIVATEKEY 189
695 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
696 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191
697 diff -ur openssl/ssl/ssl3.h openssl.channelid/ssl/ssl3.h
698 --- openssl/ssl/ssl3.h 2012-08-28 16:04:21.183349508 -0400
699 +++ openssl.channelid/ssl/ssl3.h 2012-08-28 16:04:40.593618810 -0400
700 @@ -539,6 +539,17 @@
701 /* Set if we saw the Next Protocol Negotiation extension from our peer. */
702 int next_proto_neg_seen;
703 #endif
704 +
705 + /* In a client, this means that the server supported Channel ID and that
706 + * a Channel ID was sent. In a server it means that we echoed support
707 + * for Channel IDs and that tlsext_channel_id will be valid after the
708 + * handshake. */
709 + char tlsext_channel_id_valid;
710 + /* For a server:
711 + * If |tlsext_channel_id_valid| is true, then this contains the
712 + * verified Channel ID from the client: a P256 point, (x,y), where
713 + * each are big-endian values. */
714 + unsigned char tlsext_channel_id[64];
715 } SSL3_STATE;
716
717 #endif
718 @@ -581,6 +592,8 @@
719 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
720 #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
721 #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
722 +#define SSL3_ST_CW_CHANNEL_ID_A (0x210|SSL_ST_CONNECT)
723 +#define SSL3_ST_CW_CHANNEL_ID_B (0x211|SSL_ST_CONNECT)
724 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
725 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
726 /* read from server */
727 @@ -631,8 +644,11 @@
728 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
729 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
730 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
731 +#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT)
732 #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
733 #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
734 +#define SSL3_ST_SR_CHANNEL_ID_A (0x220|SSL_ST_ACCEPT)
735 +#define SSL3_ST_SR_CHANNEL_ID_B (0x221|SSL_ST_ACCEPT)
736 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
737 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
738 /* write to client */
739 @@ -658,6 +674,7 @@
740 #define SSL3_MT_FINISHED 20
741 #define SSL3_MT_CERTIFICATE_STATUS 22
742 #define SSL3_MT_NEXT_PROTO 67
743 +#define SSL3_MT_ENCRYPTED_EXTENSIONS 203
744 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
745
746
747 diff -ur openssl/ssl/ssl_err.c openssl.channelid/ssl/ssl_err.c
748 --- openssl/ssl/ssl_err.c 2012-08-28 16:04:21.183349508 -0400
749 +++ openssl.channelid/ssl/ssl_err.c 2012-08-28 16:04:40.593618810 -0400
750 @@ -151,6 +151,7 @@
751 {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
752 {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
753 {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
754 +{ERR_FUNC(SSL_F_SSL3_GET_CHANNEL_ID), "SSL3_GET_CHANNEL_ID"},
755 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
756 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
757 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
758 @@ -170,6 +171,7 @@
759 {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
760 {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
761 {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_R EQUEST"},
762 +{ERR_FUNC(SSL_F_SSL3_SEND_CHANNEL_ID), "SSL3_SEND_CHANNEL_ID"},
763 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
764 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EX CHANGE"},
765 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
766 @@ -338,12 +340,15 @@
767 {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
768 {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
769 {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
770 +{ERR_REASON(SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY),"cannot serialize public key"},
771 {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
772 {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
773 {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
774 {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
775 {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
776 {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
777 +{ERR_REASON(SSL_R_CHANNEL_ID_NOT_P256) ,"channel id not p256"},
778 +{ERR_REASON(SSL_R_CHANNEL_ID_SIGNATURE_INVALID),"Channel ID signature invalid"} ,
779 {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
780 {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
781 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
782 @@ -356,6 +361,7 @@
783 {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
784 {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
785 {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
786 +{ERR_REASON(SSL_R_D2I_ECDSA_SIG) ,"d2i ecdsa sig"},
787 {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished "},
788 {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
789 {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
790 @@ -373,9 +379,12 @@
791 {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
792 {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"} ,
793 {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list "},
794 +{ERR_REASON(SSL_R_EVP_DIGESTSIGNFINAL_FAILED),"evp digestsignfinal failed"},
795 +{ERR_REASON(SSL_R_EVP_DIGESTSIGNINIT_FAILED),"evp digestsigninit failed"},
796 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
797 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
798 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
799 +{ERR_REASON(SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS),"got Channel ID before a ccs"},
800 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},
801 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without see ing extension"},
802 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
803 @@ -385,6 +394,7 @@
804 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
805 {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
806 {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm "},
807 +{ERR_REASON(SSL_R_INVALID_MESSAGE) ,"invalid message"},
808 {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
809 {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"},
810 {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
811 @@ -439,6 +449,7 @@
812 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
813 {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST cer tificate, required for selected ciphersuite"},
814 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
815 +{ERR_REASON(SSL_R_NO_P256_SUPPORT) ,"no p256 support"},
816 {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
817 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
818 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
819 diff -ur openssl/ssl/ssl_lib.c openssl.channelid/ssl/ssl_lib.c
820 --- openssl/ssl/ssl_lib.c 2012-08-28 16:04:21.183349508 -0400
821 +++ openssl.channelid/ssl/ssl_lib.c 2012-08-29 16:19:55.815717788 -0400
822 @@ -562,6 +562,8 @@
823 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
824 if (s->tlsext_ocsp_resp)
825 OPENSSL_free(s->tlsext_ocsp_resp);
826 + if (s->tlsext_channel_id_private)
827 + EVP_PKEY_free(s->tlsext_channel_id_private);
828 #endif
829
830 if (s->client_CA != NULL)
831 @@ -1946,6 +1948,11 @@
832 ssl_buf_freelist_free(a->rbuf_freelist);
833 #endif
834
835 +#ifndef OPENSSL_NO_TLSEXT
836 + if (a->tlsext_channel_id_private)
837 + EVP_PKEY_free(a->tlsext_channel_id_private);
838 +#endif
839 +
840 OPENSSL_free(a);
841 }
842
843 diff -ur openssl/ssl/ssl_locl.h openssl.channelid/ssl/ssl_locl.h
844 --- openssl/ssl/ssl_locl.h 2012-08-28 16:04:21.183349508 -0400
845 +++ openssl.channelid/ssl/ssl_locl.h 2012-08-28 16:04:40.603618948 -0400
846 @@ -369,6 +369,7 @@
847 * (currently this also goes into algorithm2) */
848 #define TLS1_STREAM_MAC 0x04
849
850 +#define TLSEXT_CHANNEL_ID_SIZE 128
851
852
853 /*
854 @@ -996,6 +997,7 @@
855 int ssl3_check_finished(SSL *s);
856 # ifndef OPENSSL_NO_NEXTPROTONEG
857 int ssl3_send_next_proto(SSL *s);
858 +int ssl3_send_channel_id(SSL *s);
859 # endif
860 #endif
861
862 @@ -1018,6 +1020,7 @@
863 #ifndef OPENSSL_NO_NEXTPROTONEG
864 int ssl3_get_next_proto(SSL *s);
865 #endif
866 +int ssl3_get_channel_id(SSL *s);
867
868 int dtls1_send_hello_request(SSL *s);
869 int dtls1_send_server_hello(SSL *s);
870 @@ -1114,7 +1117,9 @@
871 int tls12_get_sigid(const EVP_PKEY *pk);
872 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
873
874 +int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
875 #endif
876 +
877 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
878 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
879 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
880 diff -ur openssl/ssl/t1_lib.c openssl.channelid/ssl/t1_lib.c
881 --- openssl/ssl/t1_lib.c 2012-08-28 16:04:21.193349647 -0400
882 +++ openssl.channelid/ssl/t1_lib.c 2012-08-28 16:04:40.603618948 -0400
883 @@ -649,6 +649,16 @@
884 }
885 #endif
886
887 + if (s->tlsext_channel_id_enabled)
888 + {
889 + /* The client advertises an emtpy extension to indicate its
890 + * support for Channel ID. */
891 + if (limit - ret - 4 < 0)
892 + return NULL;
893 + s2n(TLSEXT_TYPE_channel_id,ret);
894 + s2n(0,ret);
895 + }
896 +
897 if(SSL_get_srtp_profiles(s))
898 {
899 int el;
900 @@ -855,6 +865,16 @@
901 }
902 #endif
903
904 + /* If the client advertised support for Channel ID, and we have it
905 + * enabled, then we want to echo it back. */
906 + if (s->s3->tlsext_channel_id_valid)
907 + {
908 + if (limit - ret - 4 < 0)
909 + return NULL;
910 + s2n(TLSEXT_TYPE_channel_id,ret);
911 + s2n(0,ret);
912 + }
913 +
914 if ((extdatalen = ret-p-2)== 0)
915 return p;
916
917 @@ -1331,6 +1351,9 @@
918 }
919 #endif
920
921 + else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_ enabled)
922 + s->s3->tlsext_channel_id_valid = 1;
923 +
924 /* session ticket processed earlier */
925 else if (type == TLSEXT_TYPE_use_srtp)
926 {
927 @@ -1558,6 +1581,9 @@
928 s->s3->next_proto_neg_seen = 1;
929 }
930 #endif
931 + else if (type == TLSEXT_TYPE_channel_id)
932 + s->s3->tlsext_channel_id_valid = 1;
933 +
934 else if (type == TLSEXT_TYPE_renegotiate)
935 {
936 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
937 @@ -2580,3 +2606,37 @@
938 return ret;
939 }
940 #endif
941 +
942 +#if !defined(OPENSSL_NO_TLSEXT)
943 +/* tls1_channel_id_hash calculates the signed data for a Channel ID on the give n
944 + * SSL connection and writes it to |md|.
945 + */
946 +int
947 +tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s)
948 + {
949 + EVP_MD_CTX ctx;
950 + unsigned char temp_digest[EVP_MAX_MD_SIZE];
951 + unsigned temp_digest_len;
952 + int i;
953 + static const char kClientIDMagic[] = "TLS Channel ID signature";
954 +
955 + if (s->s3->handshake_buffer)
956 + if (!ssl3_digest_cached_records(s))
957 + return 0;
958 +
959 + EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic));
960 +
961 + EVP_MD_CTX_init(&ctx);
962 + for (i = 0; i < SSL_MAX_DIGEST; i++)
963 + {
964 + if (s->s3->handshake_dgst[i] == NULL)
965 + continue;
966 + EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]);
967 + EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len);
968 + EVP_DigestUpdate(md, temp_digest, temp_digest_len);
969 + }
970 + EVP_MD_CTX_cleanup(&ctx);
971 +
972 + return 1;
973 + }
974 +#endif
975 diff -ur openssl/ssl/tls1.h openssl.channelid/ssl/tls1.h
976 --- openssl/ssl/tls1.h 2012-08-28 16:04:21.193349647 -0400
977 +++ openssl.channelid/ssl/tls1.h 2012-08-28 16:04:40.603618948 -0400
978 @@ -248,6 +248,9 @@
979 #define TLSEXT_TYPE_next_proto_neg 13172
980 #endif
981
982 +/* This is not an IANA defined extension number */
983 +#define TLSEXT_TYPE_channel_id 30031
984 +
985 /* NameType value from RFC 3546 */
986 #define TLSEXT_NAMETYPE_host_name 0
987 /* status request value from RFC 3546 */
OLDNEW
« no previous file with comments | « patches/README ('k') | patches/clang.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698