OLD | NEW |
| (Empty) |
1 --- openssl-1.0.1e.orig/crypto/evp/evp.h 2013-03-05 18:49:33.183296743 +0
000 | |
2 +++ openssl-1.0.1e/crypto/evp/evp.h 2013-03-05 18:49:33.373298798 +0000 | |
3 @@ -921,6 +921,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(E | |
4 #endif | |
5 | |
6 EVP_PKEY * EVP_PKEY_new(void); | |
7 +EVP_PKEY * EVP_PKEY_dup(EVP_PKEY *pkey); | |
8 void EVP_PKEY_free(EVP_PKEY *pkey); | |
9 | |
10 EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, | |
11 --- openssl-1.0.1e.orig/crypto/evp/p_lib.c 2013-03-05 18:49:33.183296743 +0
000 | |
12 +++ openssl-1.0.1e/crypto/evp/p_lib.c 2013-03-05 18:49:33.373298798 +0000 | |
13 @@ -200,6 +200,12 @@ EVP_PKEY *EVP_PKEY_new(void) | |
14 return(ret); | |
15 } | |
16 | |
17 +EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) | |
18 + { | |
19 + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); | |
20 + return pkey; | |
21 + } | |
22 + | |
23 /* Setup a public key ASN1 method and ENGINE from a NID or a string. | |
24 * If pkey is NULL just return 1 or 0 if the algorithm exists. | |
25 */ | |
26 --- openssl-1.0.1e.orig/ssl/s3_both.c 2013-03-05 18:49:33.233297282 +0000 | |
27 +++ openssl-1.0.1e/ssl/s3_both.c 2013-03-05 18:49:33.413299231 +0000 | |
28 @@ -555,7 +555,8 @@ long ssl3_get_message(SSL *s, int st1, i | |
29 #endif | |
30 | |
31 /* Feed this message into MAC computation. */ | |
32 - ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); | |
33 + if (*(unsigned char*)s->init_buf->data != SSL3_MT_ENCRYPTED_EXTENSIONS) | |
34 + ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_n
um + 4); | |
35 if (s->msg_callback) | |
36 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d
ata, (size_t)s->init_num + 4, s, s->msg_callback_arg); | |
37 *ok=1; | |
38 --- openssl-1.0.1e.orig/ssl/s3_clnt.c 2013-03-05 18:49:33.233297282 +0000 | |
39 +++ openssl-1.0.1e/ssl/s3_clnt.c 2013-03-05 18:49:33.413299231 +0000 | |
40 @@ -477,13 +477,14 @@ int ssl3_connect(SSL *s) | |
41 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); | |
42 if (ret <= 0) goto end; | |
43 | |
44 -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
45 s->state=SSL3_ST_CW_FINISHED_A; | |
46 -#else | |
47 +#if !defined(OPENSSL_NO_TLSEXT) | |
48 + if (s->s3->tlsext_channel_id_valid) | |
49 + s->state=SSL3_ST_CW_CHANNEL_ID_A; | |
50 +# if !defined(OPENSSL_NO_NEXTPROTONEG) | |
51 if (s->s3->next_proto_neg_seen) | |
52 s->state=SSL3_ST_CW_NEXT_PROTO_A; | |
53 - else | |
54 - s->state=SSL3_ST_CW_FINISHED_A; | |
55 +# endif | |
56 #endif | |
57 s->init_num=0; | |
58 | |
59 @@ -517,6 +518,18 @@ int ssl3_connect(SSL *s) | |
60 case SSL3_ST_CW_NEXT_PROTO_B: | |
61 ret=ssl3_send_next_proto(s); | |
62 if (ret <= 0) goto end; | |
63 + if (s->s3->tlsext_channel_id_valid) | |
64 + s->state=SSL3_ST_CW_CHANNEL_ID_A; | |
65 + else | |
66 + s->state=SSL3_ST_CW_FINISHED_A; | |
67 + break; | |
68 +#endif | |
69 + | |
70 +#if !defined(OPENSSL_NO_TLSEXT) | |
71 + case SSL3_ST_CW_CHANNEL_ID_A: | |
72 + case SSL3_ST_CW_CHANNEL_ID_B: | |
73 + ret=ssl3_send_channel_id(s); | |
74 + if (ret <= 0) goto end; | |
75 s->state=SSL3_ST_CW_FINISHED_A; | |
76 break; | |
77 #endif | |
78 @@ -3362,7 +3375,8 @@ err: | |
79 return(0); | |
80 } | |
81 | |
82 -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
83 +#if !defined(OPENSSL_NO_TLSEXT) | |
84 +# if !defined(OPENSSL_NO_NEXTPROTONEG) | |
85 int ssl3_send_next_proto(SSL *s) | |
86 { | |
87 unsigned int len, padding_len; | |
88 @@ -3386,7 +3400,116 @@ int ssl3_send_next_proto(SSL *s) | |
89 | |
90 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); | |
91 } | |
92 -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ | |
93 +# endif /* !OPENSSL_NO_NEXTPROTONEG */ | |
94 + | |
95 +int ssl3_send_channel_id(SSL *s) | |
96 + { | |
97 + unsigned char *d; | |
98 + int ret = -1, public_key_len; | |
99 + EVP_MD_CTX md_ctx; | |
100 + size_t sig_len; | |
101 + ECDSA_SIG *sig = NULL; | |
102 + unsigned char *public_key = NULL, *derp, *der_sig = NULL; | |
103 + | |
104 + if (s->state != SSL3_ST_CW_CHANNEL_ID_A) | |
105 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE); | |
106 + | |
107 + d = (unsigned char *)s->init_buf->data; | |
108 + *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; | |
109 + l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); | |
110 + s2n(TLSEXT_TYPE_channel_id, d); | |
111 + s2n(TLSEXT_CHANNEL_ID_SIZE, d); | |
112 + | |
113 + EVP_MD_CTX_init(&md_ctx); | |
114 + | |
115 + public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL); | |
116 + if (public_key_len <= 0) | |
117 + { | |
118 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_
KEY); | |
119 + goto err; | |
120 + } | |
121 + // i2d_PublicKey will produce an ANSI X9.62 public key which, for a | |
122 + // P-256 key, is 0x04 (meaning uncompressed) followed by the x and y | |
123 + // field elements as 32-byte, big-endian numbers. | |
124 + if (public_key_len != 65) | |
125 + { | |
126 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256); | |
127 + goto err; | |
128 + } | |
129 + public_key = OPENSSL_malloc(public_key_len); | |
130 + if (!public_key) | |
131 + { | |
132 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE); | |
133 + goto err; | |
134 + } | |
135 + | |
136 + derp = public_key; | |
137 + i2d_PublicKey(s->tlsext_channel_id_private, &derp); | |
138 + | |
139 + if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, | |
140 + s->tlsext_channel_id_private) != 1) | |
141 + { | |
142 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNINIT_FAILE
D); | |
143 + goto err; | |
144 + } | |
145 + | |
146 + if (!tls1_channel_id_hash(&md_ctx, s)) | |
147 + goto err; | |
148 + | |
149 + if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) | |
150 + { | |
151 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAIL
ED); | |
152 + goto err; | |
153 + } | |
154 + | |
155 + der_sig = OPENSSL_malloc(sig_len); | |
156 + if (!der_sig) | |
157 + { | |
158 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE); | |
159 + goto err; | |
160 + } | |
161 + | |
162 + if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len)) | |
163 + { | |
164 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAIL
ED); | |
165 + goto err; | |
166 + } | |
167 + | |
168 + derp = der_sig; | |
169 + sig = d2i_ECDSA_SIG(NULL, (const unsigned char**)&derp, sig_len); | |
170 + if (sig == NULL) | |
171 + { | |
172 + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG); | |
173 + goto err; | |
174 + } | |
175 + | |
176 + // The first byte of public_key will be 0x4, denoting an uncompressed ke
y. | |
177 + memcpy(d, public_key + 1, 64); | |
178 + d += 64; | |
179 + memset(d, 0, 2 * 32); | |
180 + BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r)); | |
181 + d += 32; | |
182 + BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s)); | |
183 + d += 32; | |
184 + | |
185 + s->state = SSL3_ST_CW_CHANNEL_ID_B; | |
186 + s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE; | |
187 + s->init_off = 0; | |
188 + | |
189 + ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE); | |
190 + | |
191 +err: | |
192 + EVP_MD_CTX_cleanup(&md_ctx); | |
193 + if (public_key) | |
194 + OPENSSL_free(public_key); | |
195 + if (der_sig) | |
196 + OPENSSL_free(der_sig); | |
197 + if (sig) | |
198 + ECDSA_SIG_free(sig); | |
199 + | |
200 + return ret; | |
201 + } | |
202 +#endif /* !OPENSSL_NO_TLSEXT */ | |
203 | |
204 /* Check to see if handshake is full or resumed. Usually this is just a | |
205 * case of checking to see if a cache hit has occurred. In the case of | |
206 --- openssl-1.0.1e.orig/ssl/s3_lib.c 2013-03-05 18:49:33.223297173 +0000 | |
207 +++ openssl-1.0.1e/ssl/s3_lib.c 2013-03-05 18:49:33.413299231 +0000 | |
208 @@ -2951,6 +2951,11 @@ int ssl3_new(SSL *s) | |
209 #ifndef OPENSSL_NO_SRP | |
210 SSL_SRP_CTX_init(s); | |
211 #endif | |
212 +#if !defined(OPENSSL_NO_TLSEXT) | |
213 + s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled; | |
214 + if (s->ctx->tlsext_channel_id_private) | |
215 + s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_chann
el_id_private); | |
216 +#endif | |
217 s->method->ssl_clear(s); | |
218 return(1); | |
219 err: | |
220 @@ -3074,6 +3079,10 @@ void ssl3_clear(SSL *s) | |
221 s->next_proto_negotiated_len = 0; | |
222 } | |
223 #endif | |
224 + | |
225 +#if !defined(OPENSSL_NO_TLSEXT) | |
226 + s->s3->tlsext_channel_id_valid = 0; | |
227 +#endif | |
228 } | |
229 | |
230 #ifndef OPENSSL_NO_SRP | |
231 @@ -3348,6 +3357,35 @@ long ssl3_ctrl(SSL *s, int cmd, long lar | |
232 ret = 1; | |
233 break; | |
234 #endif | |
235 + case SSL_CTRL_CHANNEL_ID: | |
236 + if (!s->server) | |
237 + break; | |
238 + s->tlsext_channel_id_enabled = 1; | |
239 + ret = 1; | |
240 + break; | |
241 + | |
242 + case SSL_CTRL_SET_CHANNEL_ID: | |
243 + if (s->server) | |
244 + break; | |
245 + s->tlsext_channel_id_enabled = 1; | |
246 + if (EVP_PKEY_bits(parg) != 256) | |
247 + { | |
248 + SSLerr(SSL_F_SSL3_CTRL,SSL_R_CHANNEL_ID_NOT_P256); | |
249 + break; | |
250 + } | |
251 + if (s->tlsext_channel_id_private) | |
252 + EVP_PKEY_free(s->tlsext_channel_id_private); | |
253 + s->tlsext_channel_id_private = (EVP_PKEY*) parg; | |
254 + ret = 1; | |
255 + break; | |
256 + | |
257 + case SSL_CTRL_GET_CHANNEL_ID: | |
258 + if (!s->server) | |
259 + break; | |
260 + if (!s->s3->tlsext_channel_id_valid) | |
261 + break; | |
262 + memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64); | |
263 + return 64; | |
264 | |
265 #endif /* !OPENSSL_NO_TLSEXT */ | |
266 default: | |
267 @@ -3569,6 +3607,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd | |
268 } | |
269 return 1; | |
270 } | |
271 + case SSL_CTRL_CHANNEL_ID: | |
272 + /* must be called on a server */ | |
273 + if (ctx->method->ssl_accept == ssl_undefined_function) | |
274 + return 0; | |
275 + ctx->tlsext_channel_id_enabled=1; | |
276 + return 1; | |
277 | |
278 #ifdef TLSEXT_TYPE_opaque_prf_input | |
279 case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: | |
280 @@ -3637,6 +3681,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd | |
281 } | |
282 break; | |
283 | |
284 + case SSL_CTRL_SET_CHANNEL_ID: | |
285 + ctx->tlsext_channel_id_enabled = 1; | |
286 + if (EVP_PKEY_bits(parg) != 256) | |
287 + { | |
288 + SSLerr(SSL_F_SSL3_CTX_CTRL,SSL_R_CHANNEL_ID_NOT_P256); | |
289 + break; | |
290 + } | |
291 + if (ctx->tlsext_channel_id_private) | |
292 + EVP_PKEY_free(ctx->tlsext_channel_id_private); | |
293 + ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; | |
294 + break; | |
295 + | |
296 default: | |
297 return(0); | |
298 } | |
299 --- openssl-1.0.1e.orig/ssl/s3_srvr.c 2013-03-05 18:49:33.233297282 +0000 | |
300 +++ openssl-1.0.1e/ssl/s3_srvr.c 2013-03-05 18:49:33.413299231 +0000 | |
301 @@ -157,8 +157,11 @@ | |
302 #include <openssl/buffer.h> | |
303 #include <openssl/rand.h> | |
304 #include <openssl/objects.h> | |
305 +#include <openssl/ec.h> | |
306 +#include <openssl/ecdsa.h> | |
307 #include <openssl/evp.h> | |
308 #include <openssl/hmac.h> | |
309 +#include <openssl/sha.h> | |
310 #include <openssl/x509.h> | |
311 #ifndef OPENSSL_NO_DH | |
312 #include <openssl/dh.h> | |
313 @@ -609,15 +612,8 @@ int ssl3_accept(SSL *s) | |
314 * the client uses its key from the certificate | |
315 * for key exchange. | |
316 */ | |
317 -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
318 - s->state=SSL3_ST_SR_FINISHED_A; | |
319 -#else | |
320 - if (s->s3->next_proto_neg_seen) | |
321 - s->state=SSL3_ST_SR_NEXT_PROTO_A; | |
322 - else | |
323 - s->state=SSL3_ST_SR_FINISHED_A; | |
324 -#endif | |
325 s->init_num = 0; | |
326 + s->state=SSL3_ST_SR_POST_CLIENT_CERT; | |
327 } | |
328 else if (TLS1_get_version(s) >= TLS1_2_VERSION) | |
329 { | |
330 @@ -677,16 +673,28 @@ int ssl3_accept(SSL *s) | |
331 ret=ssl3_get_cert_verify(s); | |
332 if (ret <= 0) goto end; | |
333 | |
334 -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
335 - s->state=SSL3_ST_SR_FINISHED_A; | |
336 -#else | |
337 - if (s->s3->next_proto_neg_seen) | |
338 + s->state=SSL3_ST_SR_POST_CLIENT_CERT; | |
339 + s->init_num=0; | |
340 + break; | |
341 + | |
342 + case SSL3_ST_SR_POST_CLIENT_CERT: { | |
343 + char next_proto_neg = 0; | |
344 + char channel_id = 0; | |
345 +#if !defined(OPENSSL_NO_TLSEXT) | |
346 +# if !defined(OPENSSL_NO_NEXTPROTONEG) | |
347 + next_proto_neg = s->s3->next_proto_neg_seen; | |
348 +# endif | |
349 + channel_id = s->s3->tlsext_channel_id_valid; | |
350 +#endif | |
351 + | |
352 + if (next_proto_neg) | |
353 s->state=SSL3_ST_SR_NEXT_PROTO_A; | |
354 + else if (channel_id) | |
355 + s->state=SSL3_ST_SR_CHANNEL_ID_A; | |
356 else | |
357 s->state=SSL3_ST_SR_FINISHED_A; | |
358 -#endif | |
359 - s->init_num=0; | |
360 break; | |
361 + } | |
362 | |
363 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
364 case SSL3_ST_SR_NEXT_PROTO_A: | |
365 @@ -694,6 +702,19 @@ int ssl3_accept(SSL *s) | |
366 ret=ssl3_get_next_proto(s); | |
367 if (ret <= 0) goto end; | |
368 s->init_num = 0; | |
369 + if (s->s3->tlsext_channel_id_valid) | |
370 + s->state=SSL3_ST_SR_CHANNEL_ID_A; | |
371 + else | |
372 + s->state=SSL3_ST_SR_FINISHED_A; | |
373 + break; | |
374 +#endif | |
375 + | |
376 +#if !defined(OPENSSL_NO_TLSEXT) | |
377 + case SSL3_ST_SR_CHANNEL_ID_A: | |
378 + case SSL3_ST_SR_CHANNEL_ID_B: | |
379 + ret=ssl3_get_channel_id(s); | |
380 + if (ret <= 0) goto end; | |
381 + s->init_num = 0; | |
382 s->state=SSL3_ST_SR_FINISHED_A; | |
383 break; | |
384 #endif | |
385 @@ -765,16 +786,7 @@ int ssl3_accept(SSL *s) | |
386 if (ret <= 0) goto end; | |
387 s->state=SSL3_ST_SW_FLUSH; | |
388 if (s->hit) | |
389 - { | |
390 -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
391 - s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | |
392 -#else | |
393 - if (s->s3->next_proto_neg_seen) | |
394 - s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PR
OTO_A; | |
395 - else | |
396 - s->s3->tmp.next_state=SSL3_ST_SR_FINISHE
D_A; | |
397 -#endif | |
398 - } | |
399 + s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CER
T; | |
400 else | |
401 s->s3->tmp.next_state=SSL_ST_OK; | |
402 s->init_num=0; | |
403 @@ -3610,4 +3622,140 @@ int ssl3_get_next_proto(SSL *s) | |
404 return 1; | |
405 } | |
406 # endif | |
407 + | |
408 +/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */ | |
409 +int ssl3_get_channel_id(SSL *s) | |
410 + { | |
411 + int ret = -1, ok; | |
412 + long n; | |
413 + const unsigned char *p; | |
414 + unsigned short extension_type, extension_len; | |
415 + EC_GROUP* p256 = NULL; | |
416 + EC_KEY* key = NULL; | |
417 + EC_POINT* point = NULL; | |
418 + ECDSA_SIG sig; | |
419 + BIGNUM x, y; | |
420 + | |
421 + if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0) | |
422 + { | |
423 + /* The first time that we're called we take the current | |
424 + * handshake hash and store it. */ | |
425 + EVP_MD_CTX md_ctx; | |
426 + unsigned int len; | |
427 + | |
428 + EVP_MD_CTX_init(&md_ctx); | |
429 + EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL); | |
430 + if (!tls1_channel_id_hash(&md_ctx, s)) | |
431 + return -1; | |
432 + len = sizeof(s->s3->tlsext_channel_id); | |
433 + EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len); | |
434 + EVP_MD_CTX_cleanup(&md_ctx); | |
435 + } | |
436 + | |
437 + n = s->method->ssl_get_message(s, | |
438 + SSL3_ST_SR_CHANNEL_ID_A, | |
439 + SSL3_ST_SR_CHANNEL_ID_B, | |
440 + SSL3_MT_ENCRYPTED_EXTENSIONS, | |
441 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE, | |
442 + &ok); | |
443 + | |
444 + if (!ok) | |
445 + return((int)n); | |
446 + | |
447 + ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4); | |
448 + | |
449 + /* s->state doesn't reflect whether ChangeCipherSpec has been received | |
450 + * in this handshake, but s->s3->change_cipher_spec does (will be reset | |
451 + * by ssl3_get_finished). */ | |
452 + if (!s->s3->change_cipher_spec) | |
453 + { | |
454 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_GOT_CHANNEL_ID_BEFORE_A_C
CS); | |
455 + return -1; | |
456 + } | |
457 + | |
458 + if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE) | |
459 + { | |
460 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE); | |
461 + return -1; | |
462 + } | |
463 + | |
464 + p = (unsigned char *)s->init_msg; | |
465 + | |
466 + /* The payload looks like: | |
467 + * uint16 extension_type | |
468 + * uint16 extension_len; | |
469 + * uint8 x[32]; | |
470 + * uint8 y[32]; | |
471 + * uint8 r[32]; | |
472 + * uint8 s[32]; | |
473 + */ | |
474 + n2s(p, extension_type); | |
475 + n2s(p, extension_len); | |
476 + | |
477 + if (extension_type != TLSEXT_TYPE_channel_id || | |
478 + extension_len != TLSEXT_CHANNEL_ID_SIZE) | |
479 + { | |
480 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE); | |
481 + return -1; | |
482 + } | |
483 + | |
484 + p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); | |
485 + if (!p256) | |
486 + { | |
487 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_NO_P256_SUPPORT); | |
488 + return -1; | |
489 + } | |
490 + | |
491 + BN_init(&x); | |
492 + BN_init(&y); | |
493 + sig.r = BN_new(); | |
494 + sig.s = BN_new(); | |
495 + | |
496 + if (BN_bin2bn(p + 0, 32, &x) == NULL || | |
497 + BN_bin2bn(p + 32, 32, &y) == NULL || | |
498 + BN_bin2bn(p + 64, 32, sig.r) == NULL || | |
499 + BN_bin2bn(p + 96, 32, sig.s) == NULL) | |
500 + goto err; | |
501 + | |
502 + point = EC_POINT_new(p256); | |
503 + if (!point || | |
504 + !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL)) | |
505 + goto err; | |
506 + | |
507 + key = EC_KEY_new(); | |
508 + if (!key || | |
509 + !EC_KEY_set_group(key, p256) || | |
510 + !EC_KEY_set_public_key(key, point)) | |
511 + goto err; | |
512 + | |
513 + /* We stored the handshake hash in |tlsext_channel_id| the first time | |
514 + * that we were called. */ | |
515 + switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH,
&sig, key)) { | |
516 + case 1: | |
517 + break; | |
518 + case 0: | |
519 + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_CHANNEL_ID_SIGNATURE_INVA
LID); | |
520 + s->s3->tlsext_channel_id_valid = 0; | |
521 + goto err; | |
522 + default: | |
523 + s->s3->tlsext_channel_id_valid = 0; | |
524 + goto err; | |
525 + } | |
526 + | |
527 + memcpy(s->s3->tlsext_channel_id, p, 64); | |
528 + ret = 1; | |
529 + | |
530 +err: | |
531 + BN_free(&x); | |
532 + BN_free(&y); | |
533 + BN_free(sig.r); | |
534 + BN_free(sig.s); | |
535 + if (key) | |
536 + EC_KEY_free(key); | |
537 + if (point) | |
538 + EC_POINT_free(point); | |
539 + if (p256) | |
540 + EC_GROUP_free(p256); | |
541 + return ret; | |
542 + } | |
543 #endif | |
544 --- openssl-1.0.1e.orig/ssl/ssl.h 2013-03-05 18:49:33.233297282 +0000 | |
545 +++ openssl-1.0.1e/ssl/ssl.h 2013-03-05 18:49:33.413299231 +0000 | |
546 @@ -981,6 +981,12 @@ struct ssl_ctx_st | |
547 # endif | |
548 /* SRTP profiles we are willing to do from RFC 5764 */ | |
549 STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; | |
550 + | |
551 + /* If true, a client will advertise the Channel ID extension and a | |
552 + * server will echo it. */ | |
553 + char tlsext_channel_id_enabled; | |
554 + /* The client's Channel ID private key. */ | |
555 + EVP_PKEY *tlsext_channel_id_private; | |
556 #endif | |
557 }; | |
558 | |
559 @@ -1022,6 +1028,10 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions( | |
560 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) | |
561 #define SSL_CTX_sess_cache_full(ctx) \ | |
562 SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) | |
563 +/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client | |
564 + * IDs from clients. Returns 1 on success. */ | |
565 +#define SSL_CTX_enable_tls_channel_id(ctx) \ | |
566 + SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) | |
567 | |
568 void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st
*ssl,SSL_SESSION *sess)); | |
569 int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *s
ess); | |
570 @@ -1348,6 +1358,13 @@ struct ssl_st | |
571 */ | |
572 unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in
flight */ | |
573 unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ | |
574 + | |
575 + /* Copied from the SSL_CTX. For a server, means that we'll accept | |
576 + * Channel IDs from clients. For a client, means that we'll advertise | |
577 + * support. */ | |
578 + char tlsext_channel_id_enabled; | |
579 + /* The client's Channel ID private key. */ | |
580 + EVP_PKEY *tlsext_channel_id_private; | |
581 #else | |
582 #define session_ctx ctx | |
583 #endif /* OPENSSL_NO_TLSEXT */ | |
584 @@ -1605,6 +1622,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |
585 #define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 | |
586 #define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 | |
587 #endif | |
588 +#define SSL_CTRL_CHANNEL_ID 88 | |
589 +#define SSL_CTRL_GET_CHANNEL_ID 89 | |
590 +#define SSL_CTRL_SET_CHANNEL_ID 90 | |
591 #endif | |
592 | |
593 #define DTLS_CTRL_GET_TIMEOUT 73 | |
594 @@ -1652,6 +1672,25 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) | |
595 #define SSL_set_tmp_ecdh(ssl,ecdh) \ | |
596 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
597 | |
598 +/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client | |
599 + * IDs from clients. Returns 1 on success. */ | |
600 +#define SSL_enable_tls_channel_id(ctx) \ | |
601 + SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) | |
602 +/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
603 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
604 + * success. */ | |
605 +#define SSL_set1_tls_channel_id(s, private_key) \ | |
606 + SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key) | |
607 +#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \ | |
608 + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key) | |
609 +/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL* | |
610 + * and copies up to the first |channel_id_len| bytes into |channel_id|. The | |
611 + * Channel ID consists of the client's P-256 public key as an (x,y) pair where | |
612 + * each is a 32-byte, big-endian field element. Returns 0 if the client didn't | |
613 + * offer a Channel ID and the length of the complete Channel ID otherwise. */ | |
614 +#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \ | |
615 + SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id) | |
616 + | |
617 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ | |
618 SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) | |
619 #define SSL_CTX_get_extra_chain_certs(ctx,px509) \ | |
620 @@ -1686,6 +1725,7 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER | |
621 char * SSL_CIPHER_get_version(const SSL_CIPHER *c); | |
622 const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); | |
623 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); | |
624 +const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher); | |
625 | |
626 int SSL_get_fd(const SSL *s); | |
627 int SSL_get_rfd(const SSL *s); | |
628 @@ -2149,6 +2189,7 @@ void ERR_load_SSL_strings(void); | |
629 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 | |
630 #define SSL_F_SSL3_GET_CERT_STATUS 289 | |
631 #define SSL_F_SSL3_GET_CERT_VERIFY 136 | |
632 +#define SSL_F_SSL3_GET_CHANNEL_ID 317 | |
633 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 | |
634 #define SSL_F_SSL3_GET_CLIENT_HELLO 138 | |
635 #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 | |
636 @@ -2168,6 +2209,7 @@ void ERR_load_SSL_strings(void); | |
637 #define SSL_F_SSL3_READ_BYTES 148 | |
638 #define SSL_F_SSL3_READ_N 149 | |
639 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 | |
640 +#define SSL_F_SSL3_SEND_CHANNEL_ID 318 | |
641 #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 | |
642 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 | |
643 #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 | |
644 @@ -2335,12 +2377,15 @@ void ERR_load_SSL_strings(void); | |
645 #define SSL_R_BIO_NOT_SET 128 | |
646 #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 | |
647 #define SSL_R_BN_LIB 130 | |
648 +#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 376 | |
649 #define SSL_R_CA_DN_LENGTH_MISMATCH 131 | |
650 #define SSL_R_CA_DN_TOO_LONG 132 | |
651 #define SSL_R_CCS_RECEIVED_EARLY 133 | |
652 #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 | |
653 #define SSL_R_CERT_LENGTH_MISMATCH 135 | |
654 #define SSL_R_CHALLENGE_IS_DIFFERENT 136 | |
655 +#define SSL_R_CHANNEL_ID_NOT_P256 375 | |
656 +#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 371 | |
657 #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 | |
658 #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 | |
659 #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 | |
660 @@ -2353,6 +2398,7 @@ void ERR_load_SSL_strings(void); | |
661 #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 | |
662 #define SSL_R_CONNECTION_TYPE_NOT_SET 144 | |
663 #define SSL_R_COOKIE_MISMATCH 308 | |
664 +#define SSL_R_D2I_ECDSA_SIG 379 | |
665 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 | |
666 #define SSL_R_DATA_LENGTH_TOO_LONG 146 | |
667 #define SSL_R_DECRYPTION_FAILED 147 | |
668 @@ -2370,9 +2416,12 @@ void ERR_load_SSL_strings(void); | |
669 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 | |
670 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 | |
671 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 | |
672 +#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 377 | |
673 +#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 378 | |
674 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 | |
675 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 | |
676 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 | |
677 +#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 372 | |
678 #define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 | |
679 #define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 | |
680 #define SSL_R_HTTPS_PROXY_REQUEST 155 | |
681 @@ -2382,6 +2431,7 @@ void ERR_load_SSL_strings(void); | |
682 #define SSL_R_INVALID_CHALLENGE_LENGTH 158 | |
683 #define SSL_R_INVALID_COMMAND 280 | |
684 #define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 | |
685 +#define SSL_R_INVALID_MESSAGE 374 | |
686 #define SSL_R_INVALID_PURPOSE 278 | |
687 #define SSL_R_INVALID_SRP_USERNAME 357 | |
688 #define SSL_R_INVALID_STATUS_RESPONSE 328 | |
689 @@ -2436,6 +2486,7 @@ void ERR_load_SSL_strings(void); | |
690 #define SSL_R_NO_COMPRESSION_SPECIFIED 187 | |
691 #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 | |
692 #define SSL_R_NO_METHOD_SPECIFIED 188 | |
693 +#define SSL_R_NO_P256_SUPPORT 373 | |
694 #define SSL_R_NO_PRIVATEKEY 189 | |
695 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 | |
696 #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 | |
697 --- openssl-1.0.1e.orig/ssl/ssl3.h 2013-03-05 18:49:33.223297173 +0000 | |
698 +++ openssl-1.0.1e/ssl/ssl3.h 2013-03-05 18:49:33.413299231 +0000 | |
699 @@ -539,6 +539,17 @@ typedef struct ssl3_state_st | |
700 /* Set if we saw the Next Protocol Negotiation extension from our peer.
*/ | |
701 int next_proto_neg_seen; | |
702 #endif | |
703 + | |
704 + /* In a client, this means that the server supported Channel ID and that | |
705 + * a Channel ID was sent. In a server it means that we echoed support | |
706 + * for Channel IDs and that tlsext_channel_id will be valid after the | |
707 + * handshake. */ | |
708 + char tlsext_channel_id_valid; | |
709 + /* For a server: | |
710 + * If |tlsext_channel_id_valid| is true, then this contains the | |
711 + * verified Channel ID from the client: a P256 point, (x,y), where | |
712 + * each are big-endian values. */ | |
713 + unsigned char tlsext_channel_id[64]; | |
714 } SSL3_STATE; | |
715 | |
716 #endif | |
717 @@ -583,6 +594,8 @@ typedef struct ssl3_state_st | |
718 #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) | |
719 #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) | |
720 #endif | |
721 +#define SSL3_ST_CW_CHANNEL_ID_A (0x210|SSL_ST_CONNECT) | |
722 +#define SSL3_ST_CW_CHANNEL_ID_B (0x211|SSL_ST_CONNECT) | |
723 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) | |
724 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) | |
725 /* read from server */ | |
726 @@ -632,10 +645,13 @@ typedef struct ssl3_state_st | |
727 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) | |
728 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) | |
729 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) | |
730 +#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT) | |
731 #ifndef OPENSSL_NO_NEXTPROTONEG | |
732 #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) | |
733 #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) | |
734 #endif | |
735 +#define SSL3_ST_SR_CHANNEL_ID_A (0x220|SSL_ST_ACCEPT) | |
736 +#define SSL3_ST_SR_CHANNEL_ID_B (0x221|SSL_ST_ACCEPT) | |
737 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) | |
738 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) | |
739 /* write to client */ | |
740 @@ -663,6 +679,7 @@ typedef struct ssl3_state_st | |
741 #ifndef OPENSSL_NO_NEXTPROTONEG | |
742 #define SSL3_MT_NEXT_PROTO 67 | |
743 #endif | |
744 +#define SSL3_MT_ENCRYPTED_EXTENSIONS 203 | |
745 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | |
746 | |
747 | |
748 --- openssl-1.0.1e.orig/ssl/ssl_err.c 2013-03-05 18:49:33.243297392 +0000 | |
749 +++ openssl-1.0.1e/ssl/ssl_err.c 2013-03-05 18:49:33.413299231 +0000 | |
750 @@ -151,6 +151,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |
751 {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, | |
752 {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, | |
753 {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, | |
754 +{ERR_FUNC(SSL_F_SSL3_GET_CHANNEL_ID), "SSL3_GET_CHANNEL_ID"}, | |
755 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, | |
756 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, | |
757 {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, | |
758 @@ -170,6 +171,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |
759 {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, | |
760 {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, | |
761 {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_R
EQUEST"}, | |
762 +{ERR_FUNC(SSL_F_SSL3_SEND_CHANNEL_ID), "SSL3_SEND_CHANNEL_ID"}, | |
763 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, | |
764 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EX
CHANGE"}, | |
765 {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, | |
766 @@ -339,12 +341,15 @@ static ERR_STRING_DATA SSL_str_reasons[] | |
767 {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, | |
768 {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, | |
769 {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, | |
770 +{ERR_REASON(SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY),"cannot serialize public key"}, | |
771 {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, | |
772 {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, | |
773 {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, | |
774 {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, | |
775 {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, | |
776 {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, | |
777 +{ERR_REASON(SSL_R_CHANNEL_ID_NOT_P256) ,"channel id not p256"}, | |
778 +{ERR_REASON(SSL_R_CHANNEL_ID_SIGNATURE_INVALID),"Channel ID signature invalid"}
, | |
779 {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, | |
780 {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, | |
781 {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, | |
782 @@ -357,6 +362,7 @@ static ERR_STRING_DATA SSL_str_reasons[] | |
783 {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, | |
784 {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, | |
785 {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, | |
786 +{ERR_REASON(SSL_R_D2I_ECDSA_SIG) ,"d2i ecdsa sig"}, | |
787 {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished
"}, | |
788 {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, | |
789 {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, | |
790 @@ -374,9 +380,12 @@ static ERR_STRING_DATA SSL_str_reasons[] | |
791 {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, | |
792 {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}
, | |
793 {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list
"}, | |
794 +{ERR_REASON(SSL_R_EVP_DIGESTSIGNFINAL_FAILED),"evp digestsignfinal failed"}, | |
795 +{ERR_REASON(SSL_R_EVP_DIGESTSIGNINIT_FAILED),"evp digestsigninit failed"}, | |
796 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, | |
797 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, | |
798 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, | |
799 +{ERR_REASON(SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS),"got Channel ID before a ccs"}, | |
800 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, | |
801 {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without see
ing extension"}, | |
802 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, | |
803 @@ -386,6 +395,7 @@ static ERR_STRING_DATA SSL_str_reasons[] | |
804 {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, | |
805 {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, | |
806 {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm
"}, | |
807 +{ERR_REASON(SSL_R_INVALID_MESSAGE) ,"invalid message"}, | |
808 {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, | |
809 {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, | |
810 {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, | |
811 @@ -440,6 +450,7 @@ static ERR_STRING_DATA SSL_str_reasons[] | |
812 {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, | |
813 {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST cer
tificate, required for selected ciphersuite"}, | |
814 {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, | |
815 +{ERR_REASON(SSL_R_NO_P256_SUPPORT) ,"no p256 support"}, | |
816 {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, | |
817 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, | |
818 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, | |
819 --- openssl-1.0.1e.orig/ssl/ssl_lib.c 2013-03-05 18:49:33.243297392 +0000 | |
820 +++ openssl-1.0.1e/ssl/ssl_lib.c 2013-03-05 18:49:33.413299231 +0000 | |
821 @@ -579,6 +579,8 @@ void SSL_free(SSL *s) | |
822 sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | |
823 if (s->tlsext_ocsp_resp) | |
824 OPENSSL_free(s->tlsext_ocsp_resp); | |
825 + if (s->tlsext_channel_id_private) | |
826 + EVP_PKEY_free(s->tlsext_channel_id_private); | |
827 #endif | |
828 | |
829 if (s->client_CA != NULL) | |
830 @@ -2005,6 +2007,11 @@ void SSL_CTX_free(SSL_CTX *a) | |
831 ssl_buf_freelist_free(a->rbuf_freelist); | |
832 #endif | |
833 | |
834 +#ifndef OPENSSL_NO_TLSEXT | |
835 + if (a->tlsext_channel_id_private) | |
836 + EVP_PKEY_free(a->tlsext_channel_id_private); | |
837 +#endif | |
838 + | |
839 OPENSSL_free(a); | |
840 } | |
841 | |
842 --- openssl-1.0.1e.orig/ssl/ssl_locl.h 2013-03-05 18:49:33.243297392 +0000 | |
843 +++ openssl-1.0.1e/ssl/ssl_locl.h 2013-03-05 18:49:33.413299231 +0000 | |
844 @@ -378,6 +378,7 @@ | |
845 * (currently this also goes into algorithm2) */ | |
846 #define TLS1_STREAM_MAC 0x04 | |
847 | |
848 +#define TLSEXT_CHANNEL_ID_SIZE 128 | |
849 | |
850 | |
851 /* | |
852 @@ -1004,6 +1005,7 @@ int ssl3_check_cert_and_algorithm(SSL *s | |
853 int ssl3_check_finished(SSL *s); | |
854 # ifndef OPENSSL_NO_NEXTPROTONEG | |
855 int ssl3_send_next_proto(SSL *s); | |
856 +int ssl3_send_channel_id(SSL *s); | |
857 # endif | |
858 #endif | |
859 | |
860 @@ -1026,6 +1028,7 @@ int ssl3_get_cert_verify(SSL *s); | |
861 #ifndef OPENSSL_NO_NEXTPROTONEG | |
862 int ssl3_get_next_proto(SSL *s); | |
863 #endif | |
864 +int ssl3_get_channel_id(SSL *s); | |
865 | |
866 int dtls1_send_hello_request(SSL *s); | |
867 int dtls1_send_server_hello(SSL *s); | |
868 @@ -1123,7 +1126,9 @@ int tls12_get_sigandhash(unsigned char * | |
869 int tls12_get_sigid(const EVP_PKEY *pk); | |
870 const EVP_MD *tls12_get_hash(unsigned char hash_alg); | |
871 | |
872 +int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); | |
873 #endif | |
874 + | |
875 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; | |
876 void ssl_clear_hash_ctx(EVP_MD_CTX **hash); | |
877 int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, | |
878 --- openssl-1.0.1e.orig/ssl/t1_lib.c 2013-03-05 18:49:33.173296633 +0000 | |
879 +++ openssl-1.0.1e/ssl/t1_lib.c 2013-03-05 18:49:33.413299231 +0000 | |
880 @@ -649,6 +649,16 @@ unsigned char *ssl_add_clienthello_tlsex | |
881 } | |
882 #endif | |
883 | |
884 + if (s->tlsext_channel_id_enabled) | |
885 + { | |
886 + /* The client advertises an emtpy extension to indicate its | |
887 + * support for Channel ID. */ | |
888 + if (limit - ret - 4 < 0) | |
889 + return NULL; | |
890 + s2n(TLSEXT_TYPE_channel_id,ret); | |
891 + s2n(0,ret); | |
892 + } | |
893 + | |
894 #ifndef OPENSSL_NO_SRTP | |
895 if(SSL_get_srtp_profiles(s)) | |
896 { | |
897 @@ -859,6 +869,16 @@ unsigned char *ssl_add_serverhello_tlsex | |
898 } | |
899 #endif | |
900 | |
901 + /* If the client advertised support for Channel ID, and we have it | |
902 + * enabled, then we want to echo it back. */ | |
903 + if (s->s3->tlsext_channel_id_valid) | |
904 + { | |
905 + if (limit - ret - 4 < 0) | |
906 + return NULL; | |
907 + s2n(TLSEXT_TYPE_channel_id,ret); | |
908 + s2n(0,ret); | |
909 + } | |
910 + | |
911 if ((extdatalen = ret-p-2)== 0) | |
912 return p; | |
913 | |
914 @@ -1332,6 +1352,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, | |
915 } | |
916 #endif | |
917 | |
918 + else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_
enabled) | |
919 + s->s3->tlsext_channel_id_valid = 1; | |
920 + | |
921 /* session ticket processed earlier */ | |
922 #ifndef OPENSSL_NO_SRTP | |
923 else if (type == TLSEXT_TYPE_use_srtp) | |
924 @@ -1562,6 +1585,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, | |
925 s->s3->next_proto_neg_seen = 1; | |
926 } | |
927 #endif | |
928 + else if (type == TLSEXT_TYPE_channel_id) | |
929 + s->s3->tlsext_channel_id_valid = 1; | |
930 + | |
931 else if (type == TLSEXT_TYPE_renegotiate) | |
932 { | |
933 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size,
al)) | |
934 @@ -2621,3 +2647,37 @@ tls1_heartbeat(SSL *s) | |
935 return ret; | |
936 } | |
937 #endif | |
938 + | |
939 +#if !defined(OPENSSL_NO_TLSEXT) | |
940 +/* tls1_channel_id_hash calculates the signed data for a Channel ID on the give
n | |
941 + * SSL connection and writes it to |md|. | |
942 + */ | |
943 +int | |
944 +tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) | |
945 + { | |
946 + EVP_MD_CTX ctx; | |
947 + unsigned char temp_digest[EVP_MAX_MD_SIZE]; | |
948 + unsigned temp_digest_len; | |
949 + int i; | |
950 + static const char kClientIDMagic[] = "TLS Channel ID signature"; | |
951 + | |
952 + if (s->s3->handshake_buffer) | |
953 + if (!ssl3_digest_cached_records(s)) | |
954 + return 0; | |
955 + | |
956 + EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); | |
957 + | |
958 + EVP_MD_CTX_init(&ctx); | |
959 + for (i = 0; i < SSL_MAX_DIGEST; i++) | |
960 + { | |
961 + if (s->s3->handshake_dgst[i] == NULL) | |
962 + continue; | |
963 + EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]); | |
964 + EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len); | |
965 + EVP_DigestUpdate(md, temp_digest, temp_digest_len); | |
966 + } | |
967 + EVP_MD_CTX_cleanup(&ctx); | |
968 + | |
969 + return 1; | |
970 + } | |
971 +#endif | |
972 --- openssl-1.0.1e.orig/ssl/tls1.h 2013-03-05 18:49:33.173296633 +0000 | |
973 +++ openssl-1.0.1e/ssl/tls1.h 2013-03-05 18:49:33.413299231 +0000 | |
974 @@ -248,6 +248,9 @@ extern "C" { | |
975 #define TLSEXT_TYPE_next_proto_neg 13172 | |
976 #endif | |
977 | |
978 +/* This is not an IANA defined extension number */ | |
979 +#define TLSEXT_TYPE_channel_id 30031 | |
980 + | |
981 /* NameType value from RFC 3546 */ | |
982 #define TLSEXT_NAMETYPE_host_name 0 | |
983 /* status request value from RFC 3546 */ | |
OLD | NEW |