openssl/patches/channelid.patch - Issue 2072073002: Delete bundled copy of OpenSSL and replace with README.

Side by Side Diff: openssl/patches/channelid.patch

Issue 2072073002: Delete bundled copy of OpenSSL and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master

Patch Set: Delete bundled copy of OpenSSL and replace with README. Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 --- openssl-1.0.1e.orig/crypto/evp/evp.h 2013-03-05 18:49:33.183296743 +0 000

2 +++ openssl-1.0.1e/crypto/evp/evp.h 2013-03-05 18:49:33.373298798 +0000

3 @@ -921,6 +921,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(E

4 #endif

5

6 EVP_PKEY * EVP_PKEY_new(void);

7 +EVP_PKEY * EVP_PKEY_dup(EVP_PKEY *pkey);

8 void EVP_PKEY_free(EVP_PKEY *pkey);

9

10 EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY a, const unsigned char pp,

11 --- openssl-1.0.1e.orig/crypto/evp/p_lib.c 2013-03-05 18:49:33.183296743 +0 000

12 +++ openssl-1.0.1e/crypto/evp/p_lib.c 2013-03-05 18:49:33.373298798 +0000

13 @@ -200,6 +200,12 @@ EVP_PKEY *EVP_PKEY_new(void)

14 return(ret);

15 }

16

17 +EVP_PKEY EVP_PKEY_dup(EVP_PKEY pkey)

18 + {

19 + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);

20 + return pkey;

21 + }

22 +

23 /* Setup a public key ASN1 method and ENGINE from a NID or a string.

24 * If pkey is NULL just return 1 or 0 if the algorithm exists.

25 */

26 --- openssl-1.0.1e.orig/ssl/s3_both.c 2013-03-05 18:49:33.233297282 +0000

27 +++ openssl-1.0.1e/ssl/s3_both.c 2013-03-05 18:49:33.413299231 +0000

28 @@ -555,7 +555,8 @@ long ssl3_get_message(SSL *s, int st1, i

29 #endif

30

31 /* Feed this message into MAC computation. */

32 - ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);

33 + if ((unsigned char)s->init_buf->data != SSL3_MT_ENCRYPTED_EXTENSIONS)

34 + ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_n um + 4);

35 if (s->msg_callback)

36 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d ata, (size_t)s->init_num + 4, s, s->msg_callback_arg);

37 *ok=1;

38 --- openssl-1.0.1e.orig/ssl/s3_clnt.c 2013-03-05 18:49:33.233297282 +0000

39 +++ openssl-1.0.1e/ssl/s3_clnt.c 2013-03-05 18:49:33.413299231 +0000

40 @@ -477,13 +477,14 @@ int ssl3_connect(SSL *s)

41 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);

42 if (ret <= 0) goto end;

43

44 -#if defined(OPENSSL_NO_TLSEXT) \|\| defined(OPENSSL_NO_NEXTPROTONEG)

45 s->state=SSL3_ST_CW_FINISHED_A;

46 -#else

47 +#if !defined(OPENSSL_NO_TLSEXT)

48 + if (s->s3->tlsext_channel_id_valid)

49 + s->state=SSL3_ST_CW_CHANNEL_ID_A;

50 +# if !defined(OPENSSL_NO_NEXTPROTONEG)

51 if (s->s3->next_proto_neg_seen)

52 s->state=SSL3_ST_CW_NEXT_PROTO_A;

53 - else

54 - s->state=SSL3_ST_CW_FINISHED_A;

55 +# endif

56 #endif

57 s->init_num=0;

58

59 @@ -517,6 +518,18 @@ int ssl3_connect(SSL *s)

60 case SSL3_ST_CW_NEXT_PROTO_B:

61 ret=ssl3_send_next_proto(s);

62 if (ret <= 0) goto end;

63 + if (s->s3->tlsext_channel_id_valid)

64 + s->state=SSL3_ST_CW_CHANNEL_ID_A;

65 + else

66 + s->state=SSL3_ST_CW_FINISHED_A;

67 + break;

68 +#endif

69 +

70 +#if !defined(OPENSSL_NO_TLSEXT)

71 + case SSL3_ST_CW_CHANNEL_ID_A:

72 + case SSL3_ST_CW_CHANNEL_ID_B:

73 + ret=ssl3_send_channel_id(s);

74 + if (ret <= 0) goto end;

75 s->state=SSL3_ST_CW_FINISHED_A;

76 break;

77 #endif

78 @@ -3362,7 +3375,8 @@ err:

79 return(0);

80 }

81

82 -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

83 +#if !defined(OPENSSL_NO_TLSEXT)

84 +# if !defined(OPENSSL_NO_NEXTPROTONEG)

85 int ssl3_send_next_proto(SSL *s)

86 {

87 unsigned int len, padding_len;

88 @@ -3386,7 +3400,116 @@ int ssl3_send_next_proto(SSL *s)

89

90 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);

91 }

92 -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */

93 +# endif /* !OPENSSL_NO_NEXTPROTONEG */

94 +

95 +int ssl3_send_channel_id(SSL *s)

96 + {

97 + unsigned char *d;

98 + int ret = -1, public_key_len;

99 + EVP_MD_CTX md_ctx;

100 + size_t sig_len;

101 + ECDSA_SIG *sig = NULL;

102 + unsigned char public_key = NULL, derp, *der_sig = NULL;

103 +

104 + if (s->state != SSL3_ST_CW_CHANNEL_ID_A)

105 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE);

106 +

107 + d = (unsigned char *)s->init_buf->data;

108 + *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;

109 + l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);

110 + s2n(TLSEXT_TYPE_channel_id, d);

111 + s2n(TLSEXT_CHANNEL_ID_SIZE, d);

112 +

113 + EVP_MD_CTX_init(&md_ctx);

114 +

115 + public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL);

116 + if (public_key_len <= 0)

117 + {

118 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_ KEY);

119 + goto err;

120 + }

121 + // i2d_PublicKey will produce an ANSI X9.62 public key which, for a

122 + // P-256 key, is 0x04 (meaning uncompressed) followed by the x and y

123 + // field elements as 32-byte, big-endian numbers.

124 + if (public_key_len != 65)

125 + {

126 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256);

127 + goto err;

128 + }

129 + public_key = OPENSSL_malloc(public_key_len);

130 + if (!public_key)

131 + {

132 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);

133 + goto err;

134 + }

135 +

136 + derp = public_key;

137 + i2d_PublicKey(s->tlsext_channel_id_private, &derp);

138 +

139 + if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL,

140 + s->tlsext_channel_id_private) != 1)

141 + {

142 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNINIT_FAILE D);

143 + goto err;

144 + }

145 +

146 + if (!tls1_channel_id_hash(&md_ctx, s))

147 + goto err;

148 +

149 + if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len))

150 + {

151 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAIL ED);

152 + goto err;

153 + }

154 +

155 + der_sig = OPENSSL_malloc(sig_len);

156 + if (!der_sig)

157 + {

158 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);

159 + goto err;

160 + }

161 +

162 + if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len))

163 + {

164 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAIL ED);

165 + goto err;

166 + }

167 +

168 + derp = der_sig;

169 + sig = d2i_ECDSA_SIG(NULL, (const unsigned char**)&derp, sig_len);

170 + if (sig == NULL)

171 + {

172 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG);

173 + goto err;

174 + }

175 +

176 + // The first byte of public_key will be 0x4, denoting an uncompressed ke y.

177 + memcpy(d, public_key + 1, 64);

178 + d += 64;

179 + memset(d, 0, 2 * 32);

180 + BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r));

181 + d += 32;

182 + BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s));

183 + d += 32;

184 +

185 + s->state = SSL3_ST_CW_CHANNEL_ID_B;

186 + s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE;

187 + s->init_off = 0;

188 +

189 + ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE);

190 +

191 +err:

192 + EVP_MD_CTX_cleanup(&md_ctx);

193 + if (public_key)

194 + OPENSSL_free(public_key);

195 + if (der_sig)

196 + OPENSSL_free(der_sig);

197 + if (sig)

198 + ECDSA_SIG_free(sig);

199 +

200 + return ret;

201 + }

202 +#endif /* !OPENSSL_NO_TLSEXT */

203

204 /* Check to see if handshake is full or resumed. Usually this is just a

205 * case of checking to see if a cache hit has occurred. In the case of

206 --- openssl-1.0.1e.orig/ssl/s3_lib.c 2013-03-05 18:49:33.223297173 +0000

207 +++ openssl-1.0.1e/ssl/s3_lib.c 2013-03-05 18:49:33.413299231 +0000

208 @@ -2951,6 +2951,11 @@ int ssl3_new(SSL *s)

209 #ifndef OPENSSL_NO_SRP

210 SSL_SRP_CTX_init(s);

211 #endif

212 +#if !defined(OPENSSL_NO_TLSEXT)

213 + s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled;

214 + if (s->ctx->tlsext_channel_id_private)

215 + s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_chann el_id_private);

216 +#endif

217 s->method->ssl_clear(s);

218 return(1);

219 err:

220 @@ -3074,6 +3079,10 @@ void ssl3_clear(SSL *s)

221 s->next_proto_negotiated_len = 0;

222 }

223 #endif

224 +

225 +#if !defined(OPENSSL_NO_TLSEXT)

226 + s->s3->tlsext_channel_id_valid = 0;

227 +#endif

228 }

229

230 #ifndef OPENSSL_NO_SRP

231 @@ -3348,6 +3357,35 @@ long ssl3_ctrl(SSL *s, int cmd, long lar

232 ret = 1;

233 break;

234 #endif

235 + case SSL_CTRL_CHANNEL_ID:

236 + if (!s->server)

237 + break;

238 + s->tlsext_channel_id_enabled = 1;

239 + ret = 1;

240 + break;

241 +

242 + case SSL_CTRL_SET_CHANNEL_ID:

243 + if (s->server)

244 + break;

245 + s->tlsext_channel_id_enabled = 1;

246 + if (EVP_PKEY_bits(parg) != 256)

247 + {

248 + SSLerr(SSL_F_SSL3_CTRL,SSL_R_CHANNEL_ID_NOT_P256);

249 + break;

250 + }

251 + if (s->tlsext_channel_id_private)

252 + EVP_PKEY_free(s->tlsext_channel_id_private);

253 + s->tlsext_channel_id_private = (EVP_PKEY*) parg;

254 + ret = 1;

255 + break;

256 +

257 + case SSL_CTRL_GET_CHANNEL_ID:

258 + if (!s->server)

259 + break;

260 + if (!s->s3->tlsext_channel_id_valid)

261 + break;

262 + memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);

263 + return 64;

264

265 #endif /* !OPENSSL_NO_TLSEXT */

266 default:

267 @@ -3569,6 +3607,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd

268 }

269 return 1;

270 }

271 + case SSL_CTRL_CHANNEL_ID:

272 + /* must be called on a server */

273 + if (ctx->method->ssl_accept == ssl_undefined_function)

274 + return 0;

275 + ctx->tlsext_channel_id_enabled=1;

276 + return 1;

277

278 #ifdef TLSEXT_TYPE_opaque_prf_input

279 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:

280 @@ -3637,6 +3681,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd

281 }

282 break;

283

284 + case SSL_CTRL_SET_CHANNEL_ID:

285 + ctx->tlsext_channel_id_enabled = 1;

286 + if (EVP_PKEY_bits(parg) != 256)

287 + {

288 + SSLerr(SSL_F_SSL3_CTX_CTRL,SSL_R_CHANNEL_ID_NOT_P256);

289 + break;

290 + }

291 + if (ctx->tlsext_channel_id_private)

292 + EVP_PKEY_free(ctx->tlsext_channel_id_private);

293 + ctx->tlsext_channel_id_private = (EVP_PKEY*) parg;

294 + break;

295 +

296 default:

297 return(0);

298 }

299 --- openssl-1.0.1e.orig/ssl/s3_srvr.c 2013-03-05 18:49:33.233297282 +0000

300 +++ openssl-1.0.1e/ssl/s3_srvr.c 2013-03-05 18:49:33.413299231 +0000

301 @@ -157,8 +157,11 @@

302 #include <openssl/buffer.h>

303 #include <openssl/rand.h>

304 #include <openssl/objects.h>

305 +#include <openssl/ec.h>

306 +#include <openssl/ecdsa.h>

307 #include <openssl/evp.h>

308 #include <openssl/hmac.h>

309 +#include <openssl/sha.h>

310 #include <openssl/x509.h>

311 #ifndef OPENSSL_NO_DH

312 #include <openssl/dh.h>

313 @@ -609,15 +612,8 @@ int ssl3_accept(SSL *s)

314 * the client uses its key from the certificate

315 * for key exchange.

316 */

317 -#if defined(OPENSSL_NO_TLSEXT) \|\| defined(OPENSSL_NO_NEXTPROTONEG)

318 - s->state=SSL3_ST_SR_FINISHED_A;

319 -#else

320 - if (s->s3->next_proto_neg_seen)

321 - s->state=SSL3_ST_SR_NEXT_PROTO_A;

322 - else

323 - s->state=SSL3_ST_SR_FINISHED_A;

324 -#endif

325 s->init_num = 0;

326 + s->state=SSL3_ST_SR_POST_CLIENT_CERT;

327 }

328 else if (TLS1_get_version(s) >= TLS1_2_VERSION)

329 {

330 @@ -677,16 +673,28 @@ int ssl3_accept(SSL *s)

331 ret=ssl3_get_cert_verify(s);

332 if (ret <= 0) goto end;

333

334 -#if defined(OPENSSL_NO_TLSEXT) \|\| defined(OPENSSL_NO_NEXTPROTONEG)

335 - s->state=SSL3_ST_SR_FINISHED_A;

336 -#else

337 - if (s->s3->next_proto_neg_seen)

338 + s->state=SSL3_ST_SR_POST_CLIENT_CERT;

339 + s->init_num=0;

340 + break;

341 +

342 + case SSL3_ST_SR_POST_CLIENT_CERT: {

343 + char next_proto_neg = 0;

344 + char channel_id = 0;

345 +#if !defined(OPENSSL_NO_TLSEXT)

346 +# if !defined(OPENSSL_NO_NEXTPROTONEG)

347 + next_proto_neg = s->s3->next_proto_neg_seen;

348 +# endif

349 + channel_id = s->s3->tlsext_channel_id_valid;

350 +#endif

351 +

352 + if (next_proto_neg)

353 s->state=SSL3_ST_SR_NEXT_PROTO_A;

354 + else if (channel_id)

355 + s->state=SSL3_ST_SR_CHANNEL_ID_A;

356 else

357 s->state=SSL3_ST_SR_FINISHED_A;

358 -#endif

359 - s->init_num=0;

360 break;

361 + }

362

363 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

364 case SSL3_ST_SR_NEXT_PROTO_A:

365 @@ -694,6 +702,19 @@ int ssl3_accept(SSL *s)

366 ret=ssl3_get_next_proto(s);

367 if (ret <= 0) goto end;

368 s->init_num = 0;

369 + if (s->s3->tlsext_channel_id_valid)

370 + s->state=SSL3_ST_SR_CHANNEL_ID_A;

371 + else

372 + s->state=SSL3_ST_SR_FINISHED_A;

373 + break;

374 +#endif

375 +

376 +#if !defined(OPENSSL_NO_TLSEXT)

377 + case SSL3_ST_SR_CHANNEL_ID_A:

378 + case SSL3_ST_SR_CHANNEL_ID_B:

379 + ret=ssl3_get_channel_id(s);

380 + if (ret <= 0) goto end;

381 + s->init_num = 0;

382 s->state=SSL3_ST_SR_FINISHED_A;

383 break;

384 #endif

385 @@ -765,16 +786,7 @@ int ssl3_accept(SSL *s)

386 if (ret <= 0) goto end;

387 s->state=SSL3_ST_SW_FLUSH;

388 if (s->hit)

389 - {

390 -#if defined(OPENSSL_NO_TLSEXT) \|\| defined(OPENSSL_NO_NEXTPROTONEG)

391 - s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;

392 -#else

393 - if (s->s3->next_proto_neg_seen)

394 - s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PR OTO_A;

395 - else

396 - s->s3->tmp.next_state=SSL3_ST_SR_FINISHE D_A;

397 -#endif

398 - }

399 + s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CER T;

400 else

401 s->s3->tmp.next_state=SSL_ST_OK;

402 s->init_num=0;

403 @@ -3610,4 +3622,140 @@ int ssl3_get_next_proto(SSL *s)

404 return 1;

405 }

406 # endif

407 +

408 +/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */

409 +int ssl3_get_channel_id(SSL *s)

410 + {

411 + int ret = -1, ok;

412 + long n;

413 + const unsigned char *p;

414 + unsigned short extension_type, extension_len;

415 + EC_GROUP* p256 = NULL;

416 + EC_KEY* key = NULL;

417 + EC_POINT* point = NULL;

418 + ECDSA_SIG sig;

419 + BIGNUM x, y;

420 +

421 + if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0)

422 + {

423 + /* The first time that we're called we take the current

424 + * handshake hash and store it. */

425 + EVP_MD_CTX md_ctx;

426 + unsigned int len;

427 +

428 + EVP_MD_CTX_init(&md_ctx);

429 + EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL);

430 + if (!tls1_channel_id_hash(&md_ctx, s))

431 + return -1;

432 + len = sizeof(s->s3->tlsext_channel_id);

433 + EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len);

434 + EVP_MD_CTX_cleanup(&md_ctx);

435 + }

436 +

437 + n = s->method->ssl_get_message(s,

438 + SSL3_ST_SR_CHANNEL_ID_A,

439 + SSL3_ST_SR_CHANNEL_ID_B,

440 + SSL3_MT_ENCRYPTED_EXTENSIONS,

441 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE,

442 + &ok);

443 +

444 + if (!ok)

445 + return((int)n);

446 +

447 + ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4);

448 +

449 + /* s->state doesn't reflect whether ChangeCipherSpec has been received

450 + * in this handshake, but s->s3->change_cipher_spec does (will be reset

451 + * by ssl3_get_finished). */

452 + if (!s->s3->change_cipher_spec)

453 + {

454 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_GOT_CHANNEL_ID_BEFORE_A_C CS);

455 + return -1;

456 + }

457 +

458 + if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE)

459 + {

460 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);

461 + return -1;

462 + }

463 +

464 + p = (unsigned char *)s->init_msg;

465 +

466 + /* The payload looks like:

467 + * uint16 extension_type

468 + * uint16 extension_len;

469 + * uint8 x[32];

470 + * uint8 y[32];

471 + * uint8 r[32];

472 + * uint8 s[32];

473 + */

474 + n2s(p, extension_type);

475 + n2s(p, extension_len);

476 +

477 + if (extension_type != TLSEXT_TYPE_channel_id \|\|

478 + extension_len != TLSEXT_CHANNEL_ID_SIZE)

479 + {

480 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);

481 + return -1;

482 + }

483 +

484 + p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);

485 + if (!p256)

486 + {

487 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_NO_P256_SUPPORT);

488 + return -1;

489 + }

490 +

491 + BN_init(&x);

492 + BN_init(&y);

493 + sig.r = BN_new();

494 + sig.s = BN_new();

495 +

496 + if (BN_bin2bn(p + 0, 32, &x) == NULL \|\|

497 + BN_bin2bn(p + 32, 32, &y) == NULL \|\|

498 + BN_bin2bn(p + 64, 32, sig.r) == NULL \|\|

499 + BN_bin2bn(p + 96, 32, sig.s) == NULL)

500 + goto err;

501 +

502 + point = EC_POINT_new(p256);

503 + if (!point \|\|

504 + !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL))

505 + goto err;

506 +

507 + key = EC_KEY_new();

508 + if (!key \|\|

509 + !EC_KEY_set_group(key, p256) \|\|

510 + !EC_KEY_set_public_key(key, point))

511 + goto err;

512 +

513 + /* We stored the handshake hash in \|tlsext_channel_id\| the first time

514 + * that we were called. */

515 + switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH, &sig, key)) {

516 + case 1:

517 + break;

518 + case 0:

519 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_CHANNEL_ID_SIGNATURE_INVA LID);

520 + s->s3->tlsext_channel_id_valid = 0;

521 + goto err;

522 + default:

523 + s->s3->tlsext_channel_id_valid = 0;

524 + goto err;

525 + }

526 +

527 + memcpy(s->s3->tlsext_channel_id, p, 64);

528 + ret = 1;

529 +

530 +err:

531 + BN_free(&x);

532 + BN_free(&y);

533 + BN_free(sig.r);

534 + BN_free(sig.s);

535 + if (key)

536 + EC_KEY_free(key);

537 + if (point)

538 + EC_POINT_free(point);

539 + if (p256)

540 + EC_GROUP_free(p256);

541 + return ret;

542 + }

543 #endif

544 --- openssl-1.0.1e.orig/ssl/ssl.h 2013-03-05 18:49:33.233297282 +0000

545 +++ openssl-1.0.1e/ssl/ssl.h 2013-03-05 18:49:33.413299231 +0000

546 @@ -981,6 +981,12 @@ struct ssl_ctx_st

547 # endif

548 /* SRTP profiles we are willing to do from RFC 5764 */

549 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;

550 +

551 + /* If true, a client will advertise the Channel ID extension and a

552 + * server will echo it. */

553 + char tlsext_channel_id_enabled;

554 + /* The client's Channel ID private key. */

555 + EVP_PKEY *tlsext_channel_id_private;

556 #endif

557 };

558

559 @@ -1022,6 +1028,10 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(

560 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)

561 #define SSL_CTX_sess_cache_full(ctx) \

562 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)

563 +/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client

564 + * IDs from clients. Returns 1 on success. */

565 +#define SSL_CTX_enable_tls_channel_id(ctx) \

566 + SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)

567

568 void SSL_CTX_sess_set_new_cb(SSL_CTX ctx, int (new_session_cb)(struct ssl_st ssl,SSL_SESSION sess));

569 int (SSL_CTX_sess_get_new_cb(SSL_CTX ctx))(struct ssl_st ssl, SSL_SESSION s ess);

570 @@ -1348,6 +1358,13 @@ struct ssl_st

571 */

572 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */

573 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */

574 +

575 + /* Copied from the SSL_CTX. For a server, means that we'll accept

576 + * Channel IDs from clients. For a client, means that we'll advertise

577 + * support. */

578 + char tlsext_channel_id_enabled;

579 + /* The client's Channel ID private key. */

580 + EVP_PKEY *tlsext_channel_id_private;

581 #else

582 #define session_ctx ctx

583 #endif /* OPENSSL_NO_TLSEXT */

584 @@ -1605,6 +1622,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)

585 #define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86

586 #define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87

587 #endif

588 +#define SSL_CTRL_CHANNEL_ID 88

589 +#define SSL_CTRL_GET_CHANNEL_ID 89

590 +#define SSL_CTRL_SET_CHANNEL_ID 90

591 #endif

592

593 #define DTLS_CTRL_GET_TIMEOUT 73

594 @@ -1652,6 +1672,25 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)

595 #define SSL_set_tmp_ecdh(ssl,ecdh) \

596 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)

597

598 +/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client

599 + * IDs from clients. Returns 1 on success. */

600 +#define SSL_enable_tls_channel_id(ctx) \

601 + SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)

602 +/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to

603 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on

604 + * success. */

605 +#define SSL_set1_tls_channel_id(s, private_key) \

606 + SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)

607 +#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \

608 + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)

609 +/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*

610 + * and copies up to the first \|channel_id_len\| bytes into \|channel_id\|. The

611 + * Channel ID consists of the client's P-256 public key as an (x,y) pair where

612 + * each is a 32-byte, big-endian field element. Returns 0 if the client didn't

613 + * offer a Channel ID and the length of the complete Channel ID otherwise. */

614 +#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \

615 + SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id)

616 +

617 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \

618 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)

619 #define SSL_CTX_get_extra_chain_certs(ctx,px509) \

620 @@ -1686,6 +1725,7 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER

621 char * SSL_CIPHER_get_version(const SSL_CIPHER *c);

622 const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);

623 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);

624 +const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher);

625

626 int SSL_get_fd(const SSL *s);

627 int SSL_get_rfd(const SSL *s);

628 @@ -2149,6 +2189,7 @@ void ERR_load_SSL_strings(void);

629 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135

630 #define SSL_F_SSL3_GET_CERT_STATUS 289

631 #define SSL_F_SSL3_GET_CERT_VERIFY 136

632 +#define SSL_F_SSL3_GET_CHANNEL_ID 317

633 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137

634 #define SSL_F_SSL3_GET_CLIENT_HELLO 138

635 #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139

636 @@ -2168,6 +2209,7 @@ void ERR_load_SSL_strings(void);

637 #define SSL_F_SSL3_READ_BYTES 148

638 #define SSL_F_SSL3_READ_N 149

639 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150

640 +#define SSL_F_SSL3_SEND_CHANNEL_ID 318

641 #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151

642 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152

643 #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153

644 @@ -2335,12 +2377,15 @@ void ERR_load_SSL_strings(void);

645 #define SSL_R_BIO_NOT_SET 128

646 #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129

647 #define SSL_R_BN_LIB 130

648 +#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 376

649 #define SSL_R_CA_DN_LENGTH_MISMATCH 131

650 #define SSL_R_CA_DN_TOO_LONG 132

651 #define SSL_R_CCS_RECEIVED_EARLY 133

652 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134

653 #define SSL_R_CERT_LENGTH_MISMATCH 135

654 #define SSL_R_CHALLENGE_IS_DIFFERENT 136

655 +#define SSL_R_CHANNEL_ID_NOT_P256 375

656 +#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 371

657 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137

658 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138

659 #define SSL_R_CIPHER_TABLE_SRC_ERROR 139

660 @@ -2353,6 +2398,7 @@ void ERR_load_SSL_strings(void);

661 #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143

662 #define SSL_R_CONNECTION_TYPE_NOT_SET 144

663 #define SSL_R_COOKIE_MISMATCH 308

664 +#define SSL_R_D2I_ECDSA_SIG 379

665 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145

666 #define SSL_R_DATA_LENGTH_TOO_LONG 146

667 #define SSL_R_DECRYPTION_FAILED 147

668 @@ -2370,9 +2416,12 @@ void ERR_load_SSL_strings(void);

669 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150

670 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282

671 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151

672 +#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 377

673 +#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 378

674 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152

675 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153

676 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154

677 +#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 372

678 #define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355

679 #define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356

680 #define SSL_R_HTTPS_PROXY_REQUEST 155

681 @@ -2382,6 +2431,7 @@ void ERR_load_SSL_strings(void);

682 #define SSL_R_INVALID_CHALLENGE_LENGTH 158

683 #define SSL_R_INVALID_COMMAND 280

684 #define SSL_R_INVALID_COMPRESSION_ALGORITHM 341

685 +#define SSL_R_INVALID_MESSAGE 374

686 #define SSL_R_INVALID_PURPOSE 278

687 #define SSL_R_INVALID_SRP_USERNAME 357

688 #define SSL_R_INVALID_STATUS_RESPONSE 328

689 @@ -2436,6 +2486,7 @@ void ERR_load_SSL_strings(void);

690 #define SSL_R_NO_COMPRESSION_SPECIFIED 187

691 #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330

692 #define SSL_R_NO_METHOD_SPECIFIED 188

693 +#define SSL_R_NO_P256_SUPPORT 373

694 #define SSL_R_NO_PRIVATEKEY 189

695 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190

696 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191

697 --- openssl-1.0.1e.orig/ssl/ssl3.h 2013-03-05 18:49:33.223297173 +0000

698 +++ openssl-1.0.1e/ssl/ssl3.h 2013-03-05 18:49:33.413299231 +0000

699 @@ -539,6 +539,17 @@ typedef struct ssl3_state_st

700 /* Set if we saw the Next Protocol Negotiation extension from our peer. */

701 int next_proto_neg_seen;

702 #endif

703 +

704 + /* In a client, this means that the server supported Channel ID and that

705 + * a Channel ID was sent. In a server it means that we echoed support

706 + * for Channel IDs and that tlsext_channel_id will be valid after the

707 + * handshake. */

708 + char tlsext_channel_id_valid;

709 + /* For a server:

710 + * If \|tlsext_channel_id_valid\| is true, then this contains the

711 + * verified Channel ID from the client: a P256 point, (x,y), where

712 + * each are big-endian values. */

713 + unsigned char tlsext_channel_id[64];

714 } SSL3_STATE;

715

716 #endif

717 @@ -583,6 +594,8 @@ typedef struct ssl3_state_st

718 #define SSL3_ST_CW_NEXT_PROTO_A (0x200\|SSL_ST_CONNECT)

719 #define SSL3_ST_CW_NEXT_PROTO_B (0x201\|SSL_ST_CONNECT)

720 #endif

721 +#define SSL3_ST_CW_CHANNEL_ID_A (0x210\|SSL_ST_CONNECT)

722 +#define SSL3_ST_CW_CHANNEL_ID_B (0x211\|SSL_ST_CONNECT)

723 #define SSL3_ST_CW_FINISHED_A (0x1B0\|SSL_ST_CONNECT)

724 #define SSL3_ST_CW_FINISHED_B (0x1B1\|SSL_ST_CONNECT)

725 /* read from server */

726 @@ -632,10 +645,13 @@ typedef struct ssl3_state_st

727 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1\|SSL_ST_ACCEPT)

728 #define SSL3_ST_SR_CHANGE_A (0x1B0\|SSL_ST_ACCEPT)

729 #define SSL3_ST_SR_CHANGE_B (0x1B1\|SSL_ST_ACCEPT)

730 +#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF\|SSL_ST_ACCEPT)

731 #ifndef OPENSSL_NO_NEXTPROTONEG

732 #define SSL3_ST_SR_NEXT_PROTO_A (0x210\|SSL_ST_ACCEPT)

733 #define SSL3_ST_SR_NEXT_PROTO_B (0x211\|SSL_ST_ACCEPT)

734 #endif

735 +#define SSL3_ST_SR_CHANNEL_ID_A (0x220\|SSL_ST_ACCEPT)

736 +#define SSL3_ST_SR_CHANNEL_ID_B (0x221\|SSL_ST_ACCEPT)

737 #define SSL3_ST_SR_FINISHED_A (0x1C0\|SSL_ST_ACCEPT)

738 #define SSL3_ST_SR_FINISHED_B (0x1C1\|SSL_ST_ACCEPT)

739 /* write to client */

740 @@ -663,6 +679,7 @@ typedef struct ssl3_state_st

741 #ifndef OPENSSL_NO_NEXTPROTONEG

742 #define SSL3_MT_NEXT_PROTO 67

743 #endif

744 +#define SSL3_MT_ENCRYPTED_EXTENSIONS 203

745 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3

746

747

748 --- openssl-1.0.1e.orig/ssl/ssl_err.c 2013-03-05 18:49:33.243297392 +0000

749 +++ openssl-1.0.1e/ssl/ssl_err.c 2013-03-05 18:49:33.413299231 +0000

750 @@ -151,6 +151,7 @@ static ERR_STRING_DATA SSL_str_functs[]=

751 {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},

752 {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},

753 {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},

754 +{ERR_FUNC(SSL_F_SSL3_GET_CHANNEL_ID), "SSL3_GET_CHANNEL_ID"},

755 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},

756 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},

757 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},

758 @@ -170,6 +171,7 @@ static ERR_STRING_DATA SSL_str_functs[]=

759 {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},

760 {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},

761 {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_R EQUEST"},

762 +{ERR_FUNC(SSL_F_SSL3_SEND_CHANNEL_ID), "SSL3_SEND_CHANNEL_ID"},

763 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},

764 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EX CHANGE"},

765 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},

766 @@ -339,12 +341,15 @@ static ERR_STRING_DATA SSL_str_reasons[]

767 {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},

768 {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},

769 {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},

770 +{ERR_REASON(SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY),"cannot serialize public key"},

771 {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},

772 {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},

773 {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},

774 {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},

775 {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},

776 {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},

777 +{ERR_REASON(SSL_R_CHANNEL_ID_NOT_P256) ,"channel id not p256"},

778 +{ERR_REASON(SSL_R_CHANNEL_ID_SIGNATURE_INVALID),"Channel ID signature invalid"} ,

779 {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},

780 {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},

781 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},

782 @@ -357,6 +362,7 @@ static ERR_STRING_DATA SSL_str_reasons[]

783 {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},

784 {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},

785 {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},

786 +{ERR_REASON(SSL_R_D2I_ECDSA_SIG) ,"d2i ecdsa sig"},

787 {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished "},

788 {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},

789 {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},

790 @@ -374,9 +380,12 @@ static ERR_STRING_DATA SSL_str_reasons[]

791 {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},

792 {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"} ,

793 {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list "},

794 +{ERR_REASON(SSL_R_EVP_DIGESTSIGNFINAL_FAILED),"evp digestsignfinal failed"},

795 +{ERR_REASON(SSL_R_EVP_DIGESTSIGNINIT_FAILED),"evp digestsigninit failed"},

796 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},

797 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},

798 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},

799 +{ERR_REASON(SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS),"got Channel ID before a ccs"},

800 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},

801 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without see ing extension"},

802 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},

803 @@ -386,6 +395,7 @@ static ERR_STRING_DATA SSL_str_reasons[]

804 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},

805 {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},

806 {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm "},

807 +{ERR_REASON(SSL_R_INVALID_MESSAGE) ,"invalid message"},

808 {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},

809 {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"},

810 {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},

811 @@ -440,6 +450,7 @@ static ERR_STRING_DATA SSL_str_reasons[]

812 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},

813 {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST cer tificate, required for selected ciphersuite"},

814 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},

815 +{ERR_REASON(SSL_R_NO_P256_SUPPORT) ,"no p256 support"},

816 {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},

817 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},

818 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},

819 --- openssl-1.0.1e.orig/ssl/ssl_lib.c 2013-03-05 18:49:33.243297392 +0000

820 +++ openssl-1.0.1e/ssl/ssl_lib.c 2013-03-05 18:49:33.413299231 +0000

821 @@ -579,6 +579,8 @@ void SSL_free(SSL *s)

822 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);

823 if (s->tlsext_ocsp_resp)

824 OPENSSL_free(s->tlsext_ocsp_resp);

825 + if (s->tlsext_channel_id_private)

826 + EVP_PKEY_free(s->tlsext_channel_id_private);

827 #endif

828

829 if (s->client_CA != NULL)

830 @@ -2005,6 +2007,11 @@ void SSL_CTX_free(SSL_CTX *a)

831 ssl_buf_freelist_free(a->rbuf_freelist);

832 #endif

833

834 +#ifndef OPENSSL_NO_TLSEXT

835 + if (a->tlsext_channel_id_private)

836 + EVP_PKEY_free(a->tlsext_channel_id_private);

837 +#endif

838 +

839 OPENSSL_free(a);

840 }

841

842 --- openssl-1.0.1e.orig/ssl/ssl_locl.h 2013-03-05 18:49:33.243297392 +0000

843 +++ openssl-1.0.1e/ssl/ssl_locl.h 2013-03-05 18:49:33.413299231 +0000

844 @@ -378,6 +378,7 @@

845 * (currently this also goes into algorithm2) */

846 #define TLS1_STREAM_MAC 0x04

847

848 +#define TLSEXT_CHANNEL_ID_SIZE 128

849

850

851 /*

852 @@ -1004,6 +1005,7 @@ int ssl3_check_cert_and_algorithm(SSL *s

853 int ssl3_check_finished(SSL *s);

854 # ifndef OPENSSL_NO_NEXTPROTONEG

855 int ssl3_send_next_proto(SSL *s);

856 +int ssl3_send_channel_id(SSL *s);

857 # endif

858 #endif

859

860 @@ -1026,6 +1028,7 @@ int ssl3_get_cert_verify(SSL *s);

861 #ifndef OPENSSL_NO_NEXTPROTONEG

862 int ssl3_get_next_proto(SSL *s);

863 #endif

864 +int ssl3_get_channel_id(SSL *s);

865

866 int dtls1_send_hello_request(SSL *s);

867 int dtls1_send_server_hello(SSL *s);

868 @@ -1123,7 +1126,9 @@ int tls12_get_sigandhash(unsigned char *

869 int tls12_get_sigid(const EVP_PKEY *pk);

870 const EVP_MD *tls12_get_hash(unsigned char hash_alg);

871

872 +int tls1_channel_id_hash(EVP_MD_CTX ctx, SSL s);

873 #endif

874 +

875 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX *hash,const EVP_MD md) ;

876 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);

877 int ssl_add_serverhello_renegotiate_ext(SSL s, unsigned char p, int *len,

878 --- openssl-1.0.1e.orig/ssl/t1_lib.c 2013-03-05 18:49:33.173296633 +0000

879 +++ openssl-1.0.1e/ssl/t1_lib.c 2013-03-05 18:49:33.413299231 +0000

880 @@ -649,6 +649,16 @@ unsigned char *ssl_add_clienthello_tlsex

881 }

882 #endif

883

884 + if (s->tlsext_channel_id_enabled)

885 + {

886 + /* The client advertises an emtpy extension to indicate its

887 + * support for Channel ID. */

888 + if (limit - ret - 4 < 0)

889 + return NULL;

890 + s2n(TLSEXT_TYPE_channel_id,ret);

891 + s2n(0,ret);

892 + }

893 +

894 #ifndef OPENSSL_NO_SRTP

895 if(SSL_get_srtp_profiles(s))

896 {

897 @@ -859,6 +869,16 @@ unsigned char *ssl_add_serverhello_tlsex

898 }

899 #endif

900

901 + /* If the client advertised support for Channel ID, and we have it

902 + * enabled, then we want to echo it back. */

903 + if (s->s3->tlsext_channel_id_valid)

904 + {

905 + if (limit - ret - 4 < 0)

906 + return NULL;

907 + s2n(TLSEXT_TYPE_channel_id,ret);

908 + s2n(0,ret);

909 + }

910 +

911 if ((extdatalen = ret-p-2)== 0)

912 return p;

913

914 @@ -1332,6 +1352,9 @@ int ssl_parse_clienthello_tlsext(SSL *s,

915 }

916 #endif

917

918 + else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_ enabled)

919 + s->s3->tlsext_channel_id_valid = 1;

920 +

921 /* session ticket processed earlier */

922 #ifndef OPENSSL_NO_SRTP

923 else if (type == TLSEXT_TYPE_use_srtp)

924 @@ -1562,6 +1585,9 @@ int ssl_parse_serverhello_tlsext(SSL *s,

925 s->s3->next_proto_neg_seen = 1;

926 }

927 #endif

928 + else if (type == TLSEXT_TYPE_channel_id)

929 + s->s3->tlsext_channel_id_valid = 1;

930 +

931 else if (type == TLSEXT_TYPE_renegotiate)

932 {

933 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))

934 @@ -2621,3 +2647,37 @@ tls1_heartbeat(SSL *s)

935 return ret;

936 }

937 #endif

938 +

939 +#if !defined(OPENSSL_NO_TLSEXT)

940 +/* tls1_channel_id_hash calculates the signed data for a Channel ID on the give n

941 + * SSL connection and writes it to \|md\|.

942 + */

943 +int

944 +tls1_channel_id_hash(EVP_MD_CTX md, SSL s)

945 + {

946 + EVP_MD_CTX ctx;

947 + unsigned char temp_digest[EVP_MAX_MD_SIZE];

948 + unsigned temp_digest_len;

949 + int i;

950 + static const char kClientIDMagic[] = "TLS Channel ID signature";

951 +

952 + if (s->s3->handshake_buffer)

953 + if (!ssl3_digest_cached_records(s))

954 + return 0;

955 +

956 + EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic));

957 +

958 + EVP_MD_CTX_init(&ctx);

959 + for (i = 0; i < SSL_MAX_DIGEST; i++)

960 + {

961 + if (s->s3->handshake_dgst[i] == NULL)

962 + continue;

963 + EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]);

964 + EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len);

965 + EVP_DigestUpdate(md, temp_digest, temp_digest_len);

966 + }

967 + EVP_MD_CTX_cleanup(&ctx);

968 +

969 + return 1;

970 + }

971 +#endif

972 --- openssl-1.0.1e.orig/ssl/tls1.h 2013-03-05 18:49:33.173296633 +0000

973 +++ openssl-1.0.1e/ssl/tls1.h 2013-03-05 18:49:33.413299231 +0000

974 @@ -248,6 +248,9 @@ extern "C" {

975 #define TLSEXT_TYPE_next_proto_neg 13172

976 #endif

977

978 +/* This is not an IANA defined extension number */

979 +#define TLSEXT_TYPE_channel_id 30031

980 +

981 /* NameType value from RFC 3546 */

982 #define TLSEXT_NAMETYPE_host_name 0

983 /* status request value from RFC 3546 */

OLD	NEW

« no previous file with comments | « openssl/patches/chacha20poly1305.patch ('k') | openssl/patches/channelidchromium.patch » ('j') | no next file with comments »