| OLD | NEW |
|---|
| (Empty) |
| 1 diff -urN android-openssl.orig/openssl.config android-openssl/openssl.config | |
| 2 --- android-openssl.orig/openssl.config 2013-10-28 13:39:11.618121779 -0400 | |
| 3 +++ android-openssl/openssl.config 2013-10-28 14:40:32.642178484 -0400 | |
| 4 @@ -992,6 +992,7 @@ | |
| 5 handshake_cutthrough.patch \ | |
| 6 jsse.patch \ | |
| 7 channelid.patch \ | |
| 8 +channelidchromium.patch \ | |
| 9 eng_dyn_dirs.patch \ | |
| 10 fix_clang_build.patch \ | |
| 11 x509_hash_name_algorithm_change.patch \ | |
| 12 diff -urN android-openssl.orig/patches/channelidchromium.patch android-openssl/p
atches/channelidchromium.patch | |
| 13 --- android-openssl.orig/patches/channelidchromium.patch 1969-12-31 19:00
:00.000000000 -0500 | |
| 14 +++ android-openssl/patches/channelidchromium.patch 2013-10-28 14:34:42.9455
88394 -0400 | |
| 15 @@ -0,0 +1,264 @@ | |
| 16 +diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio
.h | |
| 17 +--- android-openssl.orig/crypto/bio/bio.h 2013-02-11 16:26:04.000000000 +0
100 | |
| 18 ++++ android-openssl/crypto/bio/bio.h 2013-10-22 18:22:42.080337200 +0200 | |
| 19 +@@ -266,6 +266,9 @@ | |
| 20 + #define BIO_RR_CONNECT 0x02 | |
| 21 + /* Returned from the accept BIO when an accept would have blocked */ | |
| 22 + #define BIO_RR_ACCEPT 0x03 | |
| 23 ++/* Returned from the SSL bio when the channel id retrieval code cannot find th
e | |
| 24 ++ * private key. */ | |
| 25 ++#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 | |
| 26 + | |
| 27 + /* These are passed by the BIO callback */ | |
| 28 + #define BIO_CB_FREE 0x01 | |
| 29 +diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/o
penssl/bio.h | |
| 30 +--- android-openssl.orig/include/openssl/bio.h 2013-10-22 18:20:42.249270230 +0
200 | |
| 31 ++++ android-openssl/include/openssl/bio.h 2013-10-22 18:22:42.080337200 +0
200 | |
| 32 +@@ -266,6 +266,9 @@ | |
| 33 + #define BIO_RR_CONNECT 0x02 | |
| 34 + /* Returned from the accept BIO when an accept would have blocked */ | |
| 35 + #define BIO_RR_ACCEPT 0x03 | |
| 36 ++/* Returned from the SSL bio when the channel id retrieval code cannot find th
e | |
| 37 ++ * private key. */ | |
| 38 ++#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 | |
| 39 + | |
| 40 + /* These are passed by the BIO callback */ | |
| 41 + #define BIO_CB_FREE 0x01 | |
| 42 +diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/o
penssl/ssl.h | |
| 43 +--- android-openssl.orig/include/openssl/ssl.h 2013-10-22 18:20:42.259270320 +0
200 | |
| 44 ++++ android-openssl/include/openssl/ssl.h 2013-10-22 18:24:14.771162612 +0
200 | |
| 45 +@@ -848,6 +848,9 @@ | |
| 46 + /* get client cert callback */ | |
| 47 + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | |
| 48 + | |
| 49 ++ /* get channel id callback */ | |
| 50 ++ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); | |
| 51 ++ | |
| 52 + /* cookie generate callback */ | |
| 53 + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | |
| 54 + unsigned int *cookie_len); | |
| 55 +@@ -1043,6 +1046,8 @@ | |
| 56 + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int va
l); | |
| 57 + void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl,
X509 **x509, EVP_PKEY **pkey)); | |
| 58 + int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKE
Y **pkey); | |
| 59 ++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, E
VP_PKEY **pkey)); | |
| 60 ++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); | |
| 61 + #ifndef OPENSSL_NO_ENGINE | |
| 62 + int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); | |
| 63 + #endif | |
| 64 +@@ -1104,12 +1109,14 @@ | |
| 65 + #define SSL_WRITING 2 | |
| 66 + #define SSL_READING 3 | |
| 67 + #define SSL_X509_LOOKUP 4 | |
| 68 ++#define SSL_CHANNEL_ID_LOOKUP 5 | |
| 69 + | |
| 70 + /* These will only be used when doing non-blocking IO */ | |
| 71 + #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) | |
| 72 + #define SSL_want_read(s) (SSL_want(s) == SSL_READING) | |
| 73 + #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) | |
| 74 + #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) | |
| 75 ++#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) | |
| 76 + | |
| 77 + #define SSL_MAC_FLAG_READ_MAC_STREAM 1 | |
| 78 + #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 | |
| 79 +@@ -1535,6 +1542,7 @@ | |
| 80 + #define SSL_ERROR_ZERO_RETURN 6 | |
| 81 + #define SSL_ERROR_WANT_CONNECT 7 | |
| 82 + #define SSL_ERROR_WANT_ACCEPT 8 | |
| 83 ++#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 | |
| 84 + | |
| 85 + #define SSL_CTRL_NEED_TMP_RSA 1 | |
| 86 + #define SSL_CTRL_SET_TMP_RSA 2 | |
| 87 +@@ -1672,10 +1680,11 @@ | |
| 88 + #define SSL_set_tmp_ecdh(ssl,ecdh) \ | |
| 89 + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
| 90 + | |
| 91 +-/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client | |
| 92 +- * IDs from clients. Returns 1 on success. */ | |
| 93 +-#define SSL_enable_tls_channel_id(ctx) \ | |
| 94 +- SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) | |
| 95 ++/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clie
nt | |
| 96 ++ * IDs from clients, or configure a client to send TLS client IDs to server. | |
| 97 ++ * Returns 1 on success. */ | |
| 98 ++#define SSL_enable_tls_channel_id(s) \ | |
| 99 ++ SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | |
| 100 + /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
| 101 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
| 102 + * success. */ | |
| 103 +diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c | |
| 104 +--- android-openssl.orig/ssl/bio_ssl.c 2013-02-11 16:26:04.000000000 +0100 | |
| 105 ++++ android-openssl/ssl/bio_ssl.c 2013-10-22 18:22:42.090337290 +0200 | |
| 106 +@@ -206,6 +206,10 @@ | |
| 107 + BIO_set_retry_special(b); | |
| 108 + retry_reason=BIO_RR_SSL_X509_LOOKUP; | |
| 109 + break; | |
| 110 ++ case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: | |
| 111 ++ BIO_set_retry_special(b); | |
| 112 ++ retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; | |
| 113 ++ break; | |
| 114 + case SSL_ERROR_WANT_ACCEPT: | |
| 115 + BIO_set_retry_special(b); | |
| 116 + retry_reason=BIO_RR_ACCEPT; | |
| 117 +@@ -280,6 +284,10 @@ | |
| 118 + BIO_set_retry_special(b); | |
| 119 + retry_reason=BIO_RR_SSL_X509_LOOKUP; | |
| 120 + break; | |
| 121 ++ case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: | |
| 122 ++ BIO_set_retry_special(b); | |
| 123 ++ retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; | |
| 124 ++ break; | |
| 125 + case SSL_ERROR_WANT_CONNECT: | |
| 126 + BIO_set_retry_special(b); | |
| 127 + retry_reason=BIO_RR_CONNECT; | |
| 128 +diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c | |
| 129 +--- android-openssl.orig/ssl/s3_clnt.c 2013-10-22 18:20:40.289252781 +0200 | |
| 130 ++++ android-openssl/ssl/s3_clnt.c 2013-10-22 18:22:42.090337290 +0200 | |
| 131 +@@ -3414,6 +3414,22 @@ | |
| 132 + if (s->state != SSL3_ST_CW_CHANNEL_ID_A) | |
| 133 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE); | |
| 134 + | |
| 135 ++ if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb) | |
| 136 ++ { | |
| 137 ++ EVP_PKEY *key = NULL; | |
| 138 ++ s->ctx->channel_id_cb(s, &key); | |
| 139 ++ if (key != NULL) | |
| 140 ++ { | |
| 141 ++ s->tlsext_channel_id_private = key; | |
| 142 ++ } | |
| 143 ++ } | |
| 144 ++ if (!s->tlsext_channel_id_private) | |
| 145 ++ { | |
| 146 ++ s->rwstate=SSL_CHANNEL_ID_LOOKUP; | |
| 147 ++ return (-1); | |
| 148 ++ } | |
| 149 ++ s->rwstate=SSL_NOTHING; | |
| 150 ++ | |
| 151 + d = (unsigned char *)s->init_buf->data; | |
| 152 + *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; | |
| 153 + l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); | |
| 154 +diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c | |
| 155 +--- android-openssl.orig/ssl/s3_lib.c 2013-10-22 18:20:40.289252781 +0200 | |
| 156 ++++ android-openssl/ssl/s3_lib.c 2013-10-22 18:22:42.090337290 +0200 | |
| 157 +@@ -3358,8 +3358,6 @@ | |
| 158 + break; | |
| 159 + #endif | |
| 160 + case SSL_CTRL_CHANNEL_ID: | |
| 161 +- if (!s->server) | |
| 162 +- break; | |
| 163 + s->tlsext_channel_id_enabled = 1; | |
| 164 + ret = 1; | |
| 165 + break; | |
| 166 +@@ -3375,7 +3373,7 @@ | |
| 167 + } | |
| 168 + if (s->tlsext_channel_id_private) | |
| 169 + EVP_PKEY_free(s->tlsext_channel_id_private); | |
| 170 +- s->tlsext_channel_id_private = (EVP_PKEY*) parg; | |
| 171 ++ s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); | |
| 172 + ret = 1; | |
| 173 + break; | |
| 174 + | |
| 175 +@@ -3690,7 +3688,7 @@ | |
| 176 + } | |
| 177 + if (ctx->tlsext_channel_id_private) | |
| 178 + EVP_PKEY_free(ctx->tlsext_channel_id_private); | |
| 179 +- ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; | |
| 180 ++ ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); | |
| 181 + break; | |
| 182 + | |
| 183 + default: | |
| 184 +diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h | |
| 185 +--- android-openssl.orig/ssl/ssl.h 2013-10-22 18:20:40.299252871 +0200 | |
| 186 ++++ android-openssl/ssl/ssl.h 2013-10-22 18:24:24.121245879 +0200 | |
| 187 +@@ -848,6 +848,9 @@ | |
| 188 + /* get client cert callback */ | |
| 189 + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); | |
| 190 + | |
| 191 ++ /* get channel id callback */ | |
| 192 ++ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); | |
| 193 ++ | |
| 194 + /* cookie generate callback */ | |
| 195 + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, | |
| 196 + unsigned int *cookie_len); | |
| 197 +@@ -1043,6 +1046,8 @@ | |
| 198 + void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int va
l); | |
| 199 + void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl,
X509 **x509, EVP_PKEY **pkey)); | |
| 200 + int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKE
Y **pkey); | |
| 201 ++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, E
VP_PKEY **pkey)); | |
| 202 ++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); | |
| 203 + #ifndef OPENSSL_NO_ENGINE | |
| 204 + int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); | |
| 205 + #endif | |
| 206 +@@ -1104,12 +1109,14 @@ | |
| 207 + #define SSL_WRITING 2 | |
| 208 + #define SSL_READING 3 | |
| 209 + #define SSL_X509_LOOKUP 4 | |
| 210 ++#define SSL_CHANNEL_ID_LOOKUP 5 | |
| 211 + | |
| 212 + /* These will only be used when doing non-blocking IO */ | |
| 213 + #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) | |
| 214 + #define SSL_want_read(s) (SSL_want(s) == SSL_READING) | |
| 215 + #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) | |
| 216 + #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) | |
| 217 ++#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) | |
| 218 + | |
| 219 + #define SSL_MAC_FLAG_READ_MAC_STREAM 1 | |
| 220 + #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 | |
| 221 +@@ -1535,6 +1542,7 @@ | |
| 222 + #define SSL_ERROR_ZERO_RETURN 6 | |
| 223 + #define SSL_ERROR_WANT_CONNECT 7 | |
| 224 + #define SSL_ERROR_WANT_ACCEPT 8 | |
| 225 ++#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 | |
| 226 + | |
| 227 + #define SSL_CTRL_NEED_TMP_RSA 1 | |
| 228 + #define SSL_CTRL_SET_TMP_RSA 2 | |
| 229 +@@ -1672,10 +1680,11 @@ | |
| 230 + #define SSL_set_tmp_ecdh(ssl,ecdh) \ | |
| 231 + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | |
| 232 + | |
| 233 +-/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client | |
| 234 +- * IDs from clients. Returns 1 on success. */ | |
| 235 +-#define SSL_enable_tls_channel_id(ctx) \ | |
| 236 +- SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) | |
| 237 ++/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clie
nt | |
| 238 ++ * IDs from clients, or configure a client to send TLS client IDs to server. | |
| 239 ++ * Returns 1 on success. */ | |
| 240 ++#define SSL_enable_tls_channel_id(s) \ | |
| 241 ++ SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | |
| 242 + /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | |
| 243 + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | |
| 244 + * success. */ | |
| 245 +diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c | |
| 246 +--- android-openssl.orig/ssl/ssl_lib.c 2013-10-22 18:20:40.299252871 +0200 | |
| 247 ++++ android-openssl/ssl/ssl_lib.c 2013-10-22 18:22:42.090337290 +0200 | |
| 248 +@@ -2561,6 +2561,10 @@ | |
| 249 + { | |
| 250 + return(SSL_ERROR_WANT_X509_LOOKUP); | |
| 251 + } | |
| 252 ++ if ((i < 0) && SSL_want_channel_id_lookup(s)) | |
| 253 ++ { | |
| 254 ++ return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP); | |
| 255 ++ } | |
| 256 + | |
| 257 + if (i == 0) | |
| 258 + { | |
| 259 +diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl/ssl/ssl_sess.c | |
| 260 +--- android-openssl.orig/ssl/ssl_sess.c 2013-10-22 18:20:40.289252781 +0
200 | |
| 261 ++++ android-openssl/ssl/ssl_sess.c 2013-10-22 18:22:42.090337290 +0200 | |
| 262 +@@ -1132,6 +1132,17 @@ | |
| 263 + return ctx->client_cert_cb; | |
| 264 + } | |
| 265 + | |
| 266 ++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, | |
| 267 ++ void (*cb)(SSL *ssl, EVP_PKEY **pkey)) | |
| 268 ++ { | |
| 269 ++ ctx->channel_id_cb=cb; | |
| 270 ++ } | |
| 271 ++ | |
| 272 ++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey) | |
| 273 ++ { | |
| 274 ++ return ctx->channel_id_cb; | |
| 275 ++ } | |
| 276 ++ | |
| 277 + #ifndef OPENSSL_NO_ENGINE | |
| 278 + int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) | |
| 279 + { | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master