OLD | NEW |
| (Empty) |
1 diff -urN android-openssl.orig/openssl.config android-openssl/openssl.config | |
2 --- android-openssl.orig/openssl.config 2013-10-28 13:39:11.618121779 -0400 | |
3 +++ android-openssl/openssl.config 2013-10-28 14:40:32.642178484 -0400 | |
4 @@ -992,6 +992,7 @@ | |
5 handshake_cutthrough.patch \ | |
6 jsse.patch \ | |
7 channelid.patch \ | |
8 +channelidchromium.patch \ | |
9 eng_dyn_dirs.patch \ | |
10 fix_clang_build.patch \ | |
11 x509_hash_name_algorithm_change.patch \ | |
12 diff -urN android-openssl.orig/patches/channelidchromium.patch android-openssl/p
atches/channelidchromium.patch | |
13 --- android-openssl.orig/patches/channelidchromium.patch 1969-12-31 19:00
:00.000000000 -0500 | |
14 +++ android-openssl/patches/channelidchromium.patch 2013-10-28 14:34:42.9455
88394 -0400 | |
15 @@ -0,0 +1,264 @@ | |
16 +diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio
.h | |
17 +--- android-openssl.orig/crypto/bio/bio.h 2013-02-11 16:26:04.000000000 +0
100 | |
18 ++++ android-openssl/crypto/bio/bio.h 2013-10-22 18:22:42.080337200 +0200 | |
19 +@@ -266,6 +266,9 @@ | |
20 + #define BIO_RR_CONNECT 0x02 | |
21 + /* Returned from the accept BIO when an accept would have blocked */ | |
22 + #define BIO_RR_ACCEPT 0x03 | |
23 ++/* Returned from the SSL bio when the channel id retrieval code cannot find th
e | |
24 ++ * private key. */ | |
25 ++#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 | |
26 + | |
27 + /* These are passed by the BIO callback */ | |
28 + #define BIO_CB_FREE 0x01 | |
29 +diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/o
penssl/bio.h | |
30 +--- android-openssl.orig/include/openssl/bio.h 2013-10-22 18:20:42.249270230 +0
200 | |
31 ++++ android-openssl/include/openssl/bio.h 2013-10-22 18:22:42.080337200 +0
200 | |
32 +@@ -266,6 +266,9 @@ | |
33 + #define BIO_RR_CONNECT 0x02 | |
34 + /* Returned from the accept BIO when an accept would have blocked */ | |
35 + #define BIO_RR_ACCEPT 0x03 | |
36 ++/* Returned from the SSL bio when the channel id retrieval code cannot find th
e | |
37 ++ * private key. */ | |
38 ++#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 | |
39 + | |
40 + /* These are passed by the BIO callback */ | |
41 + #define BIO_CB_FREE 0x01 | |
42 +diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/o
penssl/ssl.h | |
43 +--- android-openssl.orig/include/openssl/ssl.h 2013-10-22 18:20:42.259270320 +0
200 | |
44 ++++ android-openssl/include/openssl/ssl.h 2013-10-22 18:24:14.771162612 +0
200 | |
45 +@@ -848,6 +848,9 @@ | |
46 + /* get client cert callback */ | |
47 + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | |
48 + | |
49 ++ /* get channel id callback */ | |
50 ++ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); | |
51 ++ | |
52 + /* cookie generate callback */ | |
53 + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | |
54 + unsigned int *cookie_len); | |
55 +@@ -1043,6 +1046,8 @@ | |
56 + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int va
l); | |
57 + void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl,
X509 **x509, EVP_PKEY **pkey)); | |
58 + int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKE
Y **pkey); | |
59 ++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, E
VP_PKEY **pkey)); | |
60 ++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); | |
61 + #ifndef OPENSSL_NO_ENGINE | |
62 + int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); | |
63 + #endif | |
64 +@@ -1104,12 +1109,14 @@ | |
65 + #define SSL_WRITING 2 | |
66 + #define SSL_READING 3 | |
67 + #define SSL_X509_LOOKUP 4 | |
68 ++#define SSL_CHANNEL_ID_LOOKUP 5 | |
69 + | |
70 + /* These will only be used when doing non-blocking IO */ | |
71 + #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) | |
72 + #define SSL_want_read(s) (SSL_want(s) == SSL_READING) | |
73 + #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) | |
74 + #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) | |
75 ++#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) | |
76 + | |
77 + #define SSL_MAC_FLAG_READ_MAC_STREAM 1 | |
78 + #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 | |
79 +@@ -1535,6 +1542,7 @@ | |
80 + #define SSL_ERROR_ZERO_RETURN 6 | |
81 + #define SSL_ERROR_WANT_CONNECT 7 | |
82 + #define SSL_ERROR_WANT_ACCEPT 8 | |
83 ++#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 | |
84 + | |
85 + #define SSL_CTRL_NEED_TMP_RSA 1 | |
86 + #define SSL_CTRL_SET_TMP_RSA 2 | |
87 +@@ -1672,10 +1680,11 @@ | |
88 + #define SSL_set_tmp_ecdh(ssl,ecdh) \ | |
89 + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
90 + | |
91 +-/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client | |
92 +- * IDs from clients. Returns 1 on success. */ | |
93 +-#define SSL_enable_tls_channel_id(ctx) \ | |
94 +- SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) | |
95 ++/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clie
nt | |
96 ++ * IDs from clients, or configure a client to send TLS client IDs to server. | |
97 ++ * Returns 1 on success. */ | |
98 ++#define SSL_enable_tls_channel_id(s) \ | |
99 ++ SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | |
100 + /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
101 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
102 + * success. */ | |
103 +diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c | |
104 +--- android-openssl.orig/ssl/bio_ssl.c 2013-02-11 16:26:04.000000000 +0100 | |
105 ++++ android-openssl/ssl/bio_ssl.c 2013-10-22 18:22:42.090337290 +0200 | |
106 +@@ -206,6 +206,10 @@ | |
107 + BIO_set_retry_special(b); | |
108 + retry_reason=BIO_RR_SSL_X509_LOOKUP; | |
109 + break; | |
110 ++ case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: | |
111 ++ BIO_set_retry_special(b); | |
112 ++ retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; | |
113 ++ break; | |
114 + case SSL_ERROR_WANT_ACCEPT: | |
115 + BIO_set_retry_special(b); | |
116 + retry_reason=BIO_RR_ACCEPT; | |
117 +@@ -280,6 +284,10 @@ | |
118 + BIO_set_retry_special(b); | |
119 + retry_reason=BIO_RR_SSL_X509_LOOKUP; | |
120 + break; | |
121 ++ case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: | |
122 ++ BIO_set_retry_special(b); | |
123 ++ retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; | |
124 ++ break; | |
125 + case SSL_ERROR_WANT_CONNECT: | |
126 + BIO_set_retry_special(b); | |
127 + retry_reason=BIO_RR_CONNECT; | |
128 +diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c | |
129 +--- android-openssl.orig/ssl/s3_clnt.c 2013-10-22 18:20:40.289252781 +0200 | |
130 ++++ android-openssl/ssl/s3_clnt.c 2013-10-22 18:22:42.090337290 +0200 | |
131 +@@ -3414,6 +3414,22 @@ | |
132 + if (s->state != SSL3_ST_CW_CHANNEL_ID_A) | |
133 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE); | |
134 + | |
135 ++ if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb) | |
136 ++ { | |
137 ++ EVP_PKEY *key = NULL; | |
138 ++ s->ctx->channel_id_cb(s, &key); | |
139 ++ if (key != NULL) | |
140 ++ { | |
141 ++ s->tlsext_channel_id_private = key; | |
142 ++ } | |
143 ++ } | |
144 ++ if (!s->tlsext_channel_id_private) | |
145 ++ { | |
146 ++ s->rwstate=SSL_CHANNEL_ID_LOOKUP; | |
147 ++ return (-1); | |
148 ++ } | |
149 ++ s->rwstate=SSL_NOTHING; | |
150 ++ | |
151 + d = (unsigned char *)s->init_buf->data; | |
152 + *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; | |
153 + l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); | |
154 +diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c | |
155 +--- android-openssl.orig/ssl/s3_lib.c 2013-10-22 18:20:40.289252781 +0200 | |
156 ++++ android-openssl/ssl/s3_lib.c 2013-10-22 18:22:42.090337290 +0200 | |
157 +@@ -3358,8 +3358,6 @@ | |
158 + break; | |
159 + #endif | |
160 + case SSL_CTRL_CHANNEL_ID: | |
161 +- if (!s->server) | |
162 +- break; | |
163 + s->tlsext_channel_id_enabled = 1; | |
164 + ret = 1; | |
165 + break; | |
166 +@@ -3375,7 +3373,7 @@ | |
167 + } | |
168 + if (s->tlsext_channel_id_private) | |
169 + EVP_PKEY_free(s->tlsext_channel_id_private); | |
170 +- s->tlsext_channel_id_private = (EVP_PKEY*) parg; | |
171 ++ s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); | |
172 + ret = 1; | |
173 + break; | |
174 + | |
175 +@@ -3690,7 +3688,7 @@ | |
176 + } | |
177 + if (ctx->tlsext_channel_id_private) | |
178 + EVP_PKEY_free(ctx->tlsext_channel_id_private); | |
179 +- ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; | |
180 ++ ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); | |
181 + break; | |
182 + | |
183 + default: | |
184 +diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h | |
185 +--- android-openssl.orig/ssl/ssl.h 2013-10-22 18:20:40.299252871 +0200 | |
186 ++++ android-openssl/ssl/ssl.h 2013-10-22 18:24:24.121245879 +0200 | |
187 +@@ -848,6 +848,9 @@ | |
188 + /* get client cert callback */ | |
189 + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | |
190 + | |
191 ++ /* get channel id callback */ | |
192 ++ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); | |
193 ++ | |
194 + /* cookie generate callback */ | |
195 + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | |
196 + unsigned int *cookie_len); | |
197 +@@ -1043,6 +1046,8 @@ | |
198 + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int va
l); | |
199 + void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl,
X509 **x509, EVP_PKEY **pkey)); | |
200 + int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKE
Y **pkey); | |
201 ++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, E
VP_PKEY **pkey)); | |
202 ++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); | |
203 + #ifndef OPENSSL_NO_ENGINE | |
204 + int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); | |
205 + #endif | |
206 +@@ -1104,12 +1109,14 @@ | |
207 + #define SSL_WRITING 2 | |
208 + #define SSL_READING 3 | |
209 + #define SSL_X509_LOOKUP 4 | |
210 ++#define SSL_CHANNEL_ID_LOOKUP 5 | |
211 + | |
212 + /* These will only be used when doing non-blocking IO */ | |
213 + #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) | |
214 + #define SSL_want_read(s) (SSL_want(s) == SSL_READING) | |
215 + #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) | |
216 + #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) | |
217 ++#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) | |
218 + | |
219 + #define SSL_MAC_FLAG_READ_MAC_STREAM 1 | |
220 + #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 | |
221 +@@ -1535,6 +1542,7 @@ | |
222 + #define SSL_ERROR_ZERO_RETURN 6 | |
223 + #define SSL_ERROR_WANT_CONNECT 7 | |
224 + #define SSL_ERROR_WANT_ACCEPT 8 | |
225 ++#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 | |
226 + | |
227 + #define SSL_CTRL_NEED_TMP_RSA 1 | |
228 + #define SSL_CTRL_SET_TMP_RSA 2 | |
229 +@@ -1672,10 +1680,11 @@ | |
230 + #define SSL_set_tmp_ecdh(ssl,ecdh) \ | |
231 + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
232 + | |
233 +-/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client | |
234 +- * IDs from clients. Returns 1 on success. */ | |
235 +-#define SSL_enable_tls_channel_id(ctx) \ | |
236 +- SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) | |
237 ++/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clie
nt | |
238 ++ * IDs from clients, or configure a client to send TLS client IDs to server. | |
239 ++ * Returns 1 on success. */ | |
240 ++#define SSL_enable_tls_channel_id(s) \ | |
241 ++ SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | |
242 + /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
243 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
244 + * success. */ | |
245 +diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c | |
246 +--- android-openssl.orig/ssl/ssl_lib.c 2013-10-22 18:20:40.299252871 +0200 | |
247 ++++ android-openssl/ssl/ssl_lib.c 2013-10-22 18:22:42.090337290 +0200 | |
248 +@@ -2561,6 +2561,10 @@ | |
249 + { | |
250 + return(SSL_ERROR_WANT_X509_LOOKUP); | |
251 + } | |
252 ++ if ((i < 0) && SSL_want_channel_id_lookup(s)) | |
253 ++ { | |
254 ++ return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP); | |
255 ++ } | |
256 + | |
257 + if (i == 0) | |
258 + { | |
259 +diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl/ssl/ssl_sess.c | |
260 +--- android-openssl.orig/ssl/ssl_sess.c 2013-10-22 18:20:40.289252781 +0
200 | |
261 ++++ android-openssl/ssl/ssl_sess.c 2013-10-22 18:22:42.090337290 +0200 | |
262 +@@ -1132,6 +1132,17 @@ | |
263 + return ctx->client_cert_cb; | |
264 + } | |
265 + | |
266 ++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, | |
267 ++ void (*cb)(SSL *ssl, EVP_PKEY **pkey)) | |
268 ++ { | |
269 ++ ctx->channel_id_cb=cb; | |
270 ++ } | |
271 ++ | |
272 ++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey) | |
273 ++ { | |
274 ++ return ctx->channel_id_cb; | |
275 ++ } | |
276 ++ | |
277 + #ifndef OPENSSL_NO_ENGINE | |
278 + int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | |
279 + { | |
OLD | NEW |