| Index: openssl/patches/channelid.patch
|
| diff --git a/openssl/patches/channelid.patch b/openssl/patches/channelid.patch
|
| deleted file mode 100644
|
| index c8ebbfa857e4da899067c9d8f59aca7210a41c71..0000000000000000000000000000000000000000
|
| --- a/openssl/patches/channelid.patch
|
| +++ /dev/null
|
| @@ -1,983 +0,0 @@
|
| ---- openssl-1.0.1e.orig/crypto/evp/evp.h 2013-03-05 18:49:33.183296743 +0000
|
| -+++ openssl-1.0.1e/crypto/evp/evp.h 2013-03-05 18:49:33.373298798 +0000
|
| -@@ -921,6 +921,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(E
|
| - #endif
|
| -
|
| - EVP_PKEY * EVP_PKEY_new(void);
|
| -+EVP_PKEY * EVP_PKEY_dup(EVP_PKEY *pkey);
|
| - void EVP_PKEY_free(EVP_PKEY *pkey);
|
| -
|
| - EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
|
| ---- openssl-1.0.1e.orig/crypto/evp/p_lib.c 2013-03-05 18:49:33.183296743 +0000
|
| -+++ openssl-1.0.1e/crypto/evp/p_lib.c 2013-03-05 18:49:33.373298798 +0000
|
| -@@ -200,6 +200,12 @@ EVP_PKEY *EVP_PKEY_new(void)
|
| - return(ret);
|
| - }
|
| -
|
| -+EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey)
|
| -+ {
|
| -+ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
| -+ return pkey;
|
| -+ }
|
| -+
|
| - /* Setup a public key ASN1 method and ENGINE from a NID or a string.
|
| - * If pkey is NULL just return 1 or 0 if the algorithm exists.
|
| - */
|
| ---- openssl-1.0.1e.orig/ssl/s3_both.c 2013-03-05 18:49:33.233297282 +0000
|
| -+++ openssl-1.0.1e/ssl/s3_both.c 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -555,7 +555,8 @@ long ssl3_get_message(SSL *s, int st1, i
|
| - #endif
|
| -
|
| - /* Feed this message into MAC computation. */
|
| -- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
|
| -+ if (*(unsigned char*)s->init_buf->data != SSL3_MT_ENCRYPTED_EXTENSIONS)
|
| -+ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
|
| - if (s->msg_callback)
|
| - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
|
| - *ok=1;
|
| ---- openssl-1.0.1e.orig/ssl/s3_clnt.c 2013-03-05 18:49:33.233297282 +0000
|
| -+++ openssl-1.0.1e/ssl/s3_clnt.c 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -477,13 +477,14 @@ int ssl3_connect(SSL *s)
|
| - SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
|
| - if (ret <= 0) goto end;
|
| -
|
| --#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
|
| - s->state=SSL3_ST_CW_FINISHED_A;
|
| --#else
|
| -+#if !defined(OPENSSL_NO_TLSEXT)
|
| -+ if (s->s3->tlsext_channel_id_valid)
|
| -+ s->state=SSL3_ST_CW_CHANNEL_ID_A;
|
| -+# if !defined(OPENSSL_NO_NEXTPROTONEG)
|
| - if (s->s3->next_proto_neg_seen)
|
| - s->state=SSL3_ST_CW_NEXT_PROTO_A;
|
| -- else
|
| -- s->state=SSL3_ST_CW_FINISHED_A;
|
| -+# endif
|
| - #endif
|
| - s->init_num=0;
|
| -
|
| -@@ -517,6 +518,18 @@ int ssl3_connect(SSL *s)
|
| - case SSL3_ST_CW_NEXT_PROTO_B:
|
| - ret=ssl3_send_next_proto(s);
|
| - if (ret <= 0) goto end;
|
| -+ if (s->s3->tlsext_channel_id_valid)
|
| -+ s->state=SSL3_ST_CW_CHANNEL_ID_A;
|
| -+ else
|
| -+ s->state=SSL3_ST_CW_FINISHED_A;
|
| -+ break;
|
| -+#endif
|
| -+
|
| -+#if !defined(OPENSSL_NO_TLSEXT)
|
| -+ case SSL3_ST_CW_CHANNEL_ID_A:
|
| -+ case SSL3_ST_CW_CHANNEL_ID_B:
|
| -+ ret=ssl3_send_channel_id(s);
|
| -+ if (ret <= 0) goto end;
|
| - s->state=SSL3_ST_CW_FINISHED_A;
|
| - break;
|
| - #endif
|
| -@@ -3362,7 +3375,8 @@ err:
|
| - return(0);
|
| - }
|
| -
|
| --#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
| -+#if !defined(OPENSSL_NO_TLSEXT)
|
| -+# if !defined(OPENSSL_NO_NEXTPROTONEG)
|
| - int ssl3_send_next_proto(SSL *s)
|
| - {
|
| - unsigned int len, padding_len;
|
| -@@ -3386,7 +3400,116 @@ int ssl3_send_next_proto(SSL *s)
|
| -
|
| - return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
|
| - }
|
| --#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
|
| -+# endif /* !OPENSSL_NO_NEXTPROTONEG */
|
| -+
|
| -+int ssl3_send_channel_id(SSL *s)
|
| -+ {
|
| -+ unsigned char *d;
|
| -+ int ret = -1, public_key_len;
|
| -+ EVP_MD_CTX md_ctx;
|
| -+ size_t sig_len;
|
| -+ ECDSA_SIG *sig = NULL;
|
| -+ unsigned char *public_key = NULL, *derp, *der_sig = NULL;
|
| -+
|
| -+ if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
|
| -+ return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
|
| -+
|
| -+ d = (unsigned char *)s->init_buf->data;
|
| -+ *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
|
| -+ l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
|
| -+ s2n(TLSEXT_TYPE_channel_id, d);
|
| -+ s2n(TLSEXT_CHANNEL_ID_SIZE, d);
|
| -+
|
| -+ EVP_MD_CTX_init(&md_ctx);
|
| -+
|
| -+ public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL);
|
| -+ if (public_key_len <= 0)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY);
|
| -+ goto err;
|
| -+ }
|
| -+ // i2d_PublicKey will produce an ANSI X9.62 public key which, for a
|
| -+ // P-256 key, is 0x04 (meaning uncompressed) followed by the x and y
|
| -+ // field elements as 32-byte, big-endian numbers.
|
| -+ if (public_key_len != 65)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256);
|
| -+ goto err;
|
| -+ }
|
| -+ public_key = OPENSSL_malloc(public_key_len);
|
| -+ if (!public_key)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);
|
| -+ goto err;
|
| -+ }
|
| -+
|
| -+ derp = public_key;
|
| -+ i2d_PublicKey(s->tlsext_channel_id_private, &derp);
|
| -+
|
| -+ if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL,
|
| -+ s->tlsext_channel_id_private) != 1)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNINIT_FAILED);
|
| -+ goto err;
|
| -+ }
|
| -+
|
| -+ if (!tls1_channel_id_hash(&md_ctx, s))
|
| -+ goto err;
|
| -+
|
| -+ if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len))
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED);
|
| -+ goto err;
|
| -+ }
|
| -+
|
| -+ der_sig = OPENSSL_malloc(sig_len);
|
| -+ if (!der_sig)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE);
|
| -+ goto err;
|
| -+ }
|
| -+
|
| -+ if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len))
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED);
|
| -+ goto err;
|
| -+ }
|
| -+
|
| -+ derp = der_sig;
|
| -+ sig = d2i_ECDSA_SIG(NULL, (const unsigned char**)&derp, sig_len);
|
| -+ if (sig == NULL)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG);
|
| -+ goto err;
|
| -+ }
|
| -+
|
| -+ // The first byte of public_key will be 0x4, denoting an uncompressed key.
|
| -+ memcpy(d, public_key + 1, 64);
|
| -+ d += 64;
|
| -+ memset(d, 0, 2 * 32);
|
| -+ BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r));
|
| -+ d += 32;
|
| -+ BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s));
|
| -+ d += 32;
|
| -+
|
| -+ s->state = SSL3_ST_CW_CHANNEL_ID_B;
|
| -+ s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE;
|
| -+ s->init_off = 0;
|
| -+
|
| -+ ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE);
|
| -+
|
| -+err:
|
| -+ EVP_MD_CTX_cleanup(&md_ctx);
|
| -+ if (public_key)
|
| -+ OPENSSL_free(public_key);
|
| -+ if (der_sig)
|
| -+ OPENSSL_free(der_sig);
|
| -+ if (sig)
|
| -+ ECDSA_SIG_free(sig);
|
| -+
|
| -+ return ret;
|
| -+ }
|
| -+#endif /* !OPENSSL_NO_TLSEXT */
|
| -
|
| - /* Check to see if handshake is full or resumed. Usually this is just a
|
| - * case of checking to see if a cache hit has occurred. In the case of
|
| ---- openssl-1.0.1e.orig/ssl/s3_lib.c 2013-03-05 18:49:33.223297173 +0000
|
| -+++ openssl-1.0.1e/ssl/s3_lib.c 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -2951,6 +2951,11 @@ int ssl3_new(SSL *s)
|
| - #ifndef OPENSSL_NO_SRP
|
| - SSL_SRP_CTX_init(s);
|
| - #endif
|
| -+#if !defined(OPENSSL_NO_TLSEXT)
|
| -+ s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled;
|
| -+ if (s->ctx->tlsext_channel_id_private)
|
| -+ s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private);
|
| -+#endif
|
| - s->method->ssl_clear(s);
|
| - return(1);
|
| - err:
|
| -@@ -3074,6 +3079,10 @@ void ssl3_clear(SSL *s)
|
| - s->next_proto_negotiated_len = 0;
|
| - }
|
| - #endif
|
| -+
|
| -+#if !defined(OPENSSL_NO_TLSEXT)
|
| -+ s->s3->tlsext_channel_id_valid = 0;
|
| -+#endif
|
| - }
|
| -
|
| - #ifndef OPENSSL_NO_SRP
|
| -@@ -3348,6 +3357,35 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
|
| - ret = 1;
|
| - break;
|
| - #endif
|
| -+ case SSL_CTRL_CHANNEL_ID:
|
| -+ if (!s->server)
|
| -+ break;
|
| -+ s->tlsext_channel_id_enabled = 1;
|
| -+ ret = 1;
|
| -+ break;
|
| -+
|
| -+ case SSL_CTRL_SET_CHANNEL_ID:
|
| -+ if (s->server)
|
| -+ break;
|
| -+ s->tlsext_channel_id_enabled = 1;
|
| -+ if (EVP_PKEY_bits(parg) != 256)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_CTRL,SSL_R_CHANNEL_ID_NOT_P256);
|
| -+ break;
|
| -+ }
|
| -+ if (s->tlsext_channel_id_private)
|
| -+ EVP_PKEY_free(s->tlsext_channel_id_private);
|
| -+ s->tlsext_channel_id_private = (EVP_PKEY*) parg;
|
| -+ ret = 1;
|
| -+ break;
|
| -+
|
| -+ case SSL_CTRL_GET_CHANNEL_ID:
|
| -+ if (!s->server)
|
| -+ break;
|
| -+ if (!s->s3->tlsext_channel_id_valid)
|
| -+ break;
|
| -+ memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
|
| -+ return 64;
|
| -
|
| - #endif /* !OPENSSL_NO_TLSEXT */
|
| - default:
|
| -@@ -3569,6 +3607,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
|
| - }
|
| - return 1;
|
| - }
|
| -+ case SSL_CTRL_CHANNEL_ID:
|
| -+ /* must be called on a server */
|
| -+ if (ctx->method->ssl_accept == ssl_undefined_function)
|
| -+ return 0;
|
| -+ ctx->tlsext_channel_id_enabled=1;
|
| -+ return 1;
|
| -
|
| - #ifdef TLSEXT_TYPE_opaque_prf_input
|
| - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG:
|
| -@@ -3637,6 +3681,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
|
| - }
|
| - break;
|
| -
|
| -+ case SSL_CTRL_SET_CHANNEL_ID:
|
| -+ ctx->tlsext_channel_id_enabled = 1;
|
| -+ if (EVP_PKEY_bits(parg) != 256)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_CTX_CTRL,SSL_R_CHANNEL_ID_NOT_P256);
|
| -+ break;
|
| -+ }
|
| -+ if (ctx->tlsext_channel_id_private)
|
| -+ EVP_PKEY_free(ctx->tlsext_channel_id_private);
|
| -+ ctx->tlsext_channel_id_private = (EVP_PKEY*) parg;
|
| -+ break;
|
| -+
|
| - default:
|
| - return(0);
|
| - }
|
| ---- openssl-1.0.1e.orig/ssl/s3_srvr.c 2013-03-05 18:49:33.233297282 +0000
|
| -+++ openssl-1.0.1e/ssl/s3_srvr.c 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -157,8 +157,11 @@
|
| - #include <openssl/buffer.h>
|
| - #include <openssl/rand.h>
|
| - #include <openssl/objects.h>
|
| -+#include <openssl/ec.h>
|
| -+#include <openssl/ecdsa.h>
|
| - #include <openssl/evp.h>
|
| - #include <openssl/hmac.h>
|
| -+#include <openssl/sha.h>
|
| - #include <openssl/x509.h>
|
| - #ifndef OPENSSL_NO_DH
|
| - #include <openssl/dh.h>
|
| -@@ -609,15 +612,8 @@ int ssl3_accept(SSL *s)
|
| - * the client uses its key from the certificate
|
| - * for key exchange.
|
| - */
|
| --#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
|
| -- s->state=SSL3_ST_SR_FINISHED_A;
|
| --#else
|
| -- if (s->s3->next_proto_neg_seen)
|
| -- s->state=SSL3_ST_SR_NEXT_PROTO_A;
|
| -- else
|
| -- s->state=SSL3_ST_SR_FINISHED_A;
|
| --#endif
|
| - s->init_num = 0;
|
| -+ s->state=SSL3_ST_SR_POST_CLIENT_CERT;
|
| - }
|
| - else if (TLS1_get_version(s) >= TLS1_2_VERSION)
|
| - {
|
| -@@ -677,16 +673,28 @@ int ssl3_accept(SSL *s)
|
| - ret=ssl3_get_cert_verify(s);
|
| - if (ret <= 0) goto end;
|
| -
|
| --#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
|
| -- s->state=SSL3_ST_SR_FINISHED_A;
|
| --#else
|
| -- if (s->s3->next_proto_neg_seen)
|
| -+ s->state=SSL3_ST_SR_POST_CLIENT_CERT;
|
| -+ s->init_num=0;
|
| -+ break;
|
| -+
|
| -+ case SSL3_ST_SR_POST_CLIENT_CERT: {
|
| -+ char next_proto_neg = 0;
|
| -+ char channel_id = 0;
|
| -+#if !defined(OPENSSL_NO_TLSEXT)
|
| -+# if !defined(OPENSSL_NO_NEXTPROTONEG)
|
| -+ next_proto_neg = s->s3->next_proto_neg_seen;
|
| -+# endif
|
| -+ channel_id = s->s3->tlsext_channel_id_valid;
|
| -+#endif
|
| -+
|
| -+ if (next_proto_neg)
|
| - s->state=SSL3_ST_SR_NEXT_PROTO_A;
|
| -+ else if (channel_id)
|
| -+ s->state=SSL3_ST_SR_CHANNEL_ID_A;
|
| - else
|
| - s->state=SSL3_ST_SR_FINISHED_A;
|
| --#endif
|
| -- s->init_num=0;
|
| - break;
|
| -+ }
|
| -
|
| - #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
|
| - case SSL3_ST_SR_NEXT_PROTO_A:
|
| -@@ -694,6 +702,19 @@ int ssl3_accept(SSL *s)
|
| - ret=ssl3_get_next_proto(s);
|
| - if (ret <= 0) goto end;
|
| - s->init_num = 0;
|
| -+ if (s->s3->tlsext_channel_id_valid)
|
| -+ s->state=SSL3_ST_SR_CHANNEL_ID_A;
|
| -+ else
|
| -+ s->state=SSL3_ST_SR_FINISHED_A;
|
| -+ break;
|
| -+#endif
|
| -+
|
| -+#if !defined(OPENSSL_NO_TLSEXT)
|
| -+ case SSL3_ST_SR_CHANNEL_ID_A:
|
| -+ case SSL3_ST_SR_CHANNEL_ID_B:
|
| -+ ret=ssl3_get_channel_id(s);
|
| -+ if (ret <= 0) goto end;
|
| -+ s->init_num = 0;
|
| - s->state=SSL3_ST_SR_FINISHED_A;
|
| - break;
|
| - #endif
|
| -@@ -765,16 +786,7 @@ int ssl3_accept(SSL *s)
|
| - if (ret <= 0) goto end;
|
| - s->state=SSL3_ST_SW_FLUSH;
|
| - if (s->hit)
|
| -- {
|
| --#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
|
| -- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
|
| --#else
|
| -- if (s->s3->next_proto_neg_seen)
|
| -- s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
|
| -- else
|
| -- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
|
| --#endif
|
| -- }
|
| -+ s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT;
|
| - else
|
| - s->s3->tmp.next_state=SSL_ST_OK;
|
| - s->init_num=0;
|
| -@@ -3610,4 +3622,140 @@ int ssl3_get_next_proto(SSL *s)
|
| - return 1;
|
| - }
|
| - # endif
|
| -+
|
| -+/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */
|
| -+int ssl3_get_channel_id(SSL *s)
|
| -+ {
|
| -+ int ret = -1, ok;
|
| -+ long n;
|
| -+ const unsigned char *p;
|
| -+ unsigned short extension_type, extension_len;
|
| -+ EC_GROUP* p256 = NULL;
|
| -+ EC_KEY* key = NULL;
|
| -+ EC_POINT* point = NULL;
|
| -+ ECDSA_SIG sig;
|
| -+ BIGNUM x, y;
|
| -+
|
| -+ if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0)
|
| -+ {
|
| -+ /* The first time that we're called we take the current
|
| -+ * handshake hash and store it. */
|
| -+ EVP_MD_CTX md_ctx;
|
| -+ unsigned int len;
|
| -+
|
| -+ EVP_MD_CTX_init(&md_ctx);
|
| -+ EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL);
|
| -+ if (!tls1_channel_id_hash(&md_ctx, s))
|
| -+ return -1;
|
| -+ len = sizeof(s->s3->tlsext_channel_id);
|
| -+ EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len);
|
| -+ EVP_MD_CTX_cleanup(&md_ctx);
|
| -+ }
|
| -+
|
| -+ n = s->method->ssl_get_message(s,
|
| -+ SSL3_ST_SR_CHANNEL_ID_A,
|
| -+ SSL3_ST_SR_CHANNEL_ID_B,
|
| -+ SSL3_MT_ENCRYPTED_EXTENSIONS,
|
| -+ 2 + 2 + TLSEXT_CHANNEL_ID_SIZE,
|
| -+ &ok);
|
| -+
|
| -+ if (!ok)
|
| -+ return((int)n);
|
| -+
|
| -+ ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4);
|
| -+
|
| -+ /* s->state doesn't reflect whether ChangeCipherSpec has been received
|
| -+ * in this handshake, but s->s3->change_cipher_spec does (will be reset
|
| -+ * by ssl3_get_finished). */
|
| -+ if (!s->s3->change_cipher_spec)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS);
|
| -+ return -1;
|
| -+ }
|
| -+
|
| -+ if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
|
| -+ return -1;
|
| -+ }
|
| -+
|
| -+ p = (unsigned char *)s->init_msg;
|
| -+
|
| -+ /* The payload looks like:
|
| -+ * uint16 extension_type
|
| -+ * uint16 extension_len;
|
| -+ * uint8 x[32];
|
| -+ * uint8 y[32];
|
| -+ * uint8 r[32];
|
| -+ * uint8 s[32];
|
| -+ */
|
| -+ n2s(p, extension_type);
|
| -+ n2s(p, extension_len);
|
| -+
|
| -+ if (extension_type != TLSEXT_TYPE_channel_id ||
|
| -+ extension_len != TLSEXT_CHANNEL_ID_SIZE)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE);
|
| -+ return -1;
|
| -+ }
|
| -+
|
| -+ p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
|
| -+ if (!p256)
|
| -+ {
|
| -+ SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_NO_P256_SUPPORT);
|
| -+ return -1;
|
| -+ }
|
| -+
|
| -+ BN_init(&x);
|
| -+ BN_init(&y);
|
| -+ sig.r = BN_new();
|
| -+ sig.s = BN_new();
|
| -+
|
| -+ if (BN_bin2bn(p + 0, 32, &x) == NULL ||
|
| -+ BN_bin2bn(p + 32, 32, &y) == NULL ||
|
| -+ BN_bin2bn(p + 64, 32, sig.r) == NULL ||
|
| -+ BN_bin2bn(p + 96, 32, sig.s) == NULL)
|
| -+ goto err;
|
| -+
|
| -+ point = EC_POINT_new(p256);
|
| -+ if (!point ||
|
| -+ !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL))
|
| -+ goto err;
|
| -+
|
| -+ key = EC_KEY_new();
|
| -+ if (!key ||
|
| -+ !EC_KEY_set_group(key, p256) ||
|
| -+ !EC_KEY_set_public_key(key, point))
|
| -+ goto err;
|
| -+
|
| -+ /* We stored the handshake hash in |tlsext_channel_id| the first time
|
| -+ * that we were called. */
|
| -+ switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH, &sig, key)) {
|
| -+ case 1:
|
| -+ break;
|
| -+ case 0:
|
| -+ SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
|
| -+ s->s3->tlsext_channel_id_valid = 0;
|
| -+ goto err;
|
| -+ default:
|
| -+ s->s3->tlsext_channel_id_valid = 0;
|
| -+ goto err;
|
| -+ }
|
| -+
|
| -+ memcpy(s->s3->tlsext_channel_id, p, 64);
|
| -+ ret = 1;
|
| -+
|
| -+err:
|
| -+ BN_free(&x);
|
| -+ BN_free(&y);
|
| -+ BN_free(sig.r);
|
| -+ BN_free(sig.s);
|
| -+ if (key)
|
| -+ EC_KEY_free(key);
|
| -+ if (point)
|
| -+ EC_POINT_free(point);
|
| -+ if (p256)
|
| -+ EC_GROUP_free(p256);
|
| -+ return ret;
|
| -+ }
|
| - #endif
|
| ---- openssl-1.0.1e.orig/ssl/ssl.h 2013-03-05 18:49:33.233297282 +0000
|
| -+++ openssl-1.0.1e/ssl/ssl.h 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -981,6 +981,12 @@ struct ssl_ctx_st
|
| - # endif
|
| - /* SRTP profiles we are willing to do from RFC 5764 */
|
| - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
|
| -+
|
| -+ /* If true, a client will advertise the Channel ID extension and a
|
| -+ * server will echo it. */
|
| -+ char tlsext_channel_id_enabled;
|
| -+ /* The client's Channel ID private key. */
|
| -+ EVP_PKEY *tlsext_channel_id_private;
|
| - #endif
|
| - };
|
| -
|
| -@@ -1022,6 +1028,10 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(
|
| - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
|
| - #define SSL_CTX_sess_cache_full(ctx) \
|
| - SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
|
| -+/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client
|
| -+ * IDs from clients. Returns 1 on success. */
|
| -+#define SSL_CTX_enable_tls_channel_id(ctx) \
|
| -+ SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
|
| -
|
| - void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
|
| - int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
|
| -@@ -1348,6 +1358,13 @@ struct ssl_st
|
| - */
|
| - unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
|
| - unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
|
| -+
|
| -+ /* Copied from the SSL_CTX. For a server, means that we'll accept
|
| -+ * Channel IDs from clients. For a client, means that we'll advertise
|
| -+ * support. */
|
| -+ char tlsext_channel_id_enabled;
|
| -+ /* The client's Channel ID private key. */
|
| -+ EVP_PKEY *tlsext_channel_id_private;
|
| - #else
|
| - #define session_ctx ctx
|
| - #endif /* OPENSSL_NO_TLSEXT */
|
| -@@ -1605,6 +1622,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
| - #define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86
|
| - #define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87
|
| - #endif
|
| -+#define SSL_CTRL_CHANNEL_ID 88
|
| -+#define SSL_CTRL_GET_CHANNEL_ID 89
|
| -+#define SSL_CTRL_SET_CHANNEL_ID 90
|
| - #endif
|
| -
|
| - #define DTLS_CTRL_GET_TIMEOUT 73
|
| -@@ -1652,6 +1672,25 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
| - #define SSL_set_tmp_ecdh(ssl,ecdh) \
|
| - SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
|
| -
|
| -+/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client
|
| -+ * IDs from clients. Returns 1 on success. */
|
| -+#define SSL_enable_tls_channel_id(ctx) \
|
| -+ SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
|
| -+/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
|
| -+ * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
|
| -+ * success. */
|
| -+#define SSL_set1_tls_channel_id(s, private_key) \
|
| -+ SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
|
| -+#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \
|
| -+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
|
| -+/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*
|
| -+ * and copies up to the first |channel_id_len| bytes into |channel_id|. The
|
| -+ * Channel ID consists of the client's P-256 public key as an (x,y) pair where
|
| -+ * each is a 32-byte, big-endian field element. Returns 0 if the client didn't
|
| -+ * offer a Channel ID and the length of the complete Channel ID otherwise. */
|
| -+#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \
|
| -+ SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id)
|
| -+
|
| - #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
|
| - SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
|
| - #define SSL_CTX_get_extra_chain_certs(ctx,px509) \
|
| -@@ -1686,6 +1725,7 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER
|
| - char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
|
| - const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
|
| - unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c);
|
| -+const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher);
|
| -
|
| - int SSL_get_fd(const SSL *s);
|
| - int SSL_get_rfd(const SSL *s);
|
| -@@ -2149,6 +2189,7 @@ void ERR_load_SSL_strings(void);
|
| - #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
|
| - #define SSL_F_SSL3_GET_CERT_STATUS 289
|
| - #define SSL_F_SSL3_GET_CERT_VERIFY 136
|
| -+#define SSL_F_SSL3_GET_CHANNEL_ID 317
|
| - #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
|
| - #define SSL_F_SSL3_GET_CLIENT_HELLO 138
|
| - #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
|
| -@@ -2168,6 +2209,7 @@ void ERR_load_SSL_strings(void);
|
| - #define SSL_F_SSL3_READ_BYTES 148
|
| - #define SSL_F_SSL3_READ_N 149
|
| - #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
|
| -+#define SSL_F_SSL3_SEND_CHANNEL_ID 318
|
| - #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
|
| - #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
|
| - #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
|
| -@@ -2335,12 +2377,15 @@ void ERR_load_SSL_strings(void);
|
| - #define SSL_R_BIO_NOT_SET 128
|
| - #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
|
| - #define SSL_R_BN_LIB 130
|
| -+#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 376
|
| - #define SSL_R_CA_DN_LENGTH_MISMATCH 131
|
| - #define SSL_R_CA_DN_TOO_LONG 132
|
| - #define SSL_R_CCS_RECEIVED_EARLY 133
|
| - #define SSL_R_CERTIFICATE_VERIFY_FAILED 134
|
| - #define SSL_R_CERT_LENGTH_MISMATCH 135
|
| - #define SSL_R_CHALLENGE_IS_DIFFERENT 136
|
| -+#define SSL_R_CHANNEL_ID_NOT_P256 375
|
| -+#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 371
|
| - #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
|
| - #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
|
| - #define SSL_R_CIPHER_TABLE_SRC_ERROR 139
|
| -@@ -2353,6 +2398,7 @@ void ERR_load_SSL_strings(void);
|
| - #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
|
| - #define SSL_R_CONNECTION_TYPE_NOT_SET 144
|
| - #define SSL_R_COOKIE_MISMATCH 308
|
| -+#define SSL_R_D2I_ECDSA_SIG 379
|
| - #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
|
| - #define SSL_R_DATA_LENGTH_TOO_LONG 146
|
| - #define SSL_R_DECRYPTION_FAILED 147
|
| -@@ -2370,9 +2416,12 @@ void ERR_load_SSL_strings(void);
|
| - #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
|
| - #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
|
| - #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
|
| -+#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 377
|
| -+#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 378
|
| - #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
|
| - #define SSL_R_EXTRA_DATA_IN_MESSAGE 153
|
| - #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
|
| -+#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 372
|
| - #define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355
|
| - #define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356
|
| - #define SSL_R_HTTPS_PROXY_REQUEST 155
|
| -@@ -2382,6 +2431,7 @@ void ERR_load_SSL_strings(void);
|
| - #define SSL_R_INVALID_CHALLENGE_LENGTH 158
|
| - #define SSL_R_INVALID_COMMAND 280
|
| - #define SSL_R_INVALID_COMPRESSION_ALGORITHM 341
|
| -+#define SSL_R_INVALID_MESSAGE 374
|
| - #define SSL_R_INVALID_PURPOSE 278
|
| - #define SSL_R_INVALID_SRP_USERNAME 357
|
| - #define SSL_R_INVALID_STATUS_RESPONSE 328
|
| -@@ -2436,6 +2486,7 @@ void ERR_load_SSL_strings(void);
|
| - #define SSL_R_NO_COMPRESSION_SPECIFIED 187
|
| - #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
|
| - #define SSL_R_NO_METHOD_SPECIFIED 188
|
| -+#define SSL_R_NO_P256_SUPPORT 373
|
| - #define SSL_R_NO_PRIVATEKEY 189
|
| - #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
|
| - #define SSL_R_NO_PROTOCOLS_AVAILABLE 191
|
| ---- openssl-1.0.1e.orig/ssl/ssl3.h 2013-03-05 18:49:33.223297173 +0000
|
| -+++ openssl-1.0.1e/ssl/ssl3.h 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -539,6 +539,17 @@ typedef struct ssl3_state_st
|
| - /* Set if we saw the Next Protocol Negotiation extension from our peer. */
|
| - int next_proto_neg_seen;
|
| - #endif
|
| -+
|
| -+ /* In a client, this means that the server supported Channel ID and that
|
| -+ * a Channel ID was sent. In a server it means that we echoed support
|
| -+ * for Channel IDs and that tlsext_channel_id will be valid after the
|
| -+ * handshake. */
|
| -+ char tlsext_channel_id_valid;
|
| -+ /* For a server:
|
| -+ * If |tlsext_channel_id_valid| is true, then this contains the
|
| -+ * verified Channel ID from the client: a P256 point, (x,y), where
|
| -+ * each are big-endian values. */
|
| -+ unsigned char tlsext_channel_id[64];
|
| - } SSL3_STATE;
|
| -
|
| - #endif
|
| -@@ -583,6 +594,8 @@ typedef struct ssl3_state_st
|
| - #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
|
| - #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
|
| - #endif
|
| -+#define SSL3_ST_CW_CHANNEL_ID_A (0x210|SSL_ST_CONNECT)
|
| -+#define SSL3_ST_CW_CHANNEL_ID_B (0x211|SSL_ST_CONNECT)
|
| - #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
|
| - #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
|
| - /* read from server */
|
| -@@ -632,10 +645,13 @@ typedef struct ssl3_state_st
|
| - #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
|
| - #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
|
| - #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
|
| -+#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT)
|
| - #ifndef OPENSSL_NO_NEXTPROTONEG
|
| - #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
|
| - #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
|
| - #endif
|
| -+#define SSL3_ST_SR_CHANNEL_ID_A (0x220|SSL_ST_ACCEPT)
|
| -+#define SSL3_ST_SR_CHANNEL_ID_B (0x221|SSL_ST_ACCEPT)
|
| - #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
|
| - #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
|
| - /* write to client */
|
| -@@ -663,6 +679,7 @@ typedef struct ssl3_state_st
|
| - #ifndef OPENSSL_NO_NEXTPROTONEG
|
| - #define SSL3_MT_NEXT_PROTO 67
|
| - #endif
|
| -+#define SSL3_MT_ENCRYPTED_EXTENSIONS 203
|
| - #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
|
| -
|
| -
|
| ---- openssl-1.0.1e.orig/ssl/ssl_err.c 2013-03-05 18:49:33.243297392 +0000
|
| -+++ openssl-1.0.1e/ssl/ssl_err.c 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -151,6 +151,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
| - {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
|
| - {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
|
| - {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
|
| -+{ERR_FUNC(SSL_F_SSL3_GET_CHANNEL_ID), "SSL3_GET_CHANNEL_ID"},
|
| - {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
|
| - {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
|
| - {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
|
| -@@ -170,6 +171,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
|
| - {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
|
| - {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
|
| - {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
|
| -+{ERR_FUNC(SSL_F_SSL3_SEND_CHANNEL_ID), "SSL3_SEND_CHANNEL_ID"},
|
| - {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
|
| - {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
|
| - {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
|
| -@@ -339,12 +341,15 @@ static ERR_STRING_DATA SSL_str_reasons[]
|
| - {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
|
| - {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
|
| - {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
|
| -+{ERR_REASON(SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY),"cannot serialize public key"},
|
| - {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
|
| - {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
|
| - {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
|
| - {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
|
| - {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
|
| - {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
|
| -+{ERR_REASON(SSL_R_CHANNEL_ID_NOT_P256) ,"channel id not p256"},
|
| -+{ERR_REASON(SSL_R_CHANNEL_ID_SIGNATURE_INVALID),"Channel ID signature invalid"},
|
| - {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
|
| - {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
|
| - {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
|
| -@@ -357,6 +362,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
|
| - {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
|
| - {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
|
| - {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
|
| -+{ERR_REASON(SSL_R_D2I_ECDSA_SIG) ,"d2i ecdsa sig"},
|
| - {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
|
| - {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
|
| - {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
|
| -@@ -374,9 +380,12 @@ static ERR_STRING_DATA SSL_str_reasons[]
|
| - {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
|
| - {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
|
| - {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
|
| -+{ERR_REASON(SSL_R_EVP_DIGESTSIGNFINAL_FAILED),"evp digestsignfinal failed"},
|
| -+{ERR_REASON(SSL_R_EVP_DIGESTSIGNINIT_FAILED),"evp digestsigninit failed"},
|
| - {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
|
| - {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
|
| - {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
|
| -+{ERR_REASON(SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS),"got Channel ID before a ccs"},
|
| - {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},
|
| - {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"},
|
| - {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
|
| -@@ -386,6 +395,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
|
| - {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
|
| - {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
|
| - {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
|
| -+{ERR_REASON(SSL_R_INVALID_MESSAGE) ,"invalid message"},
|
| - {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
|
| - {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"},
|
| - {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
|
| -@@ -440,6 +450,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
|
| - {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
|
| - {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},
|
| - {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
|
| -+{ERR_REASON(SSL_R_NO_P256_SUPPORT) ,"no p256 support"},
|
| - {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
|
| - {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
|
| - {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
|
| ---- openssl-1.0.1e.orig/ssl/ssl_lib.c 2013-03-05 18:49:33.243297392 +0000
|
| -+++ openssl-1.0.1e/ssl/ssl_lib.c 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -579,6 +579,8 @@ void SSL_free(SSL *s)
|
| - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
|
| - if (s->tlsext_ocsp_resp)
|
| - OPENSSL_free(s->tlsext_ocsp_resp);
|
| -+ if (s->tlsext_channel_id_private)
|
| -+ EVP_PKEY_free(s->tlsext_channel_id_private);
|
| - #endif
|
| -
|
| - if (s->client_CA != NULL)
|
| -@@ -2005,6 +2007,11 @@ void SSL_CTX_free(SSL_CTX *a)
|
| - ssl_buf_freelist_free(a->rbuf_freelist);
|
| - #endif
|
| -
|
| -+#ifndef OPENSSL_NO_TLSEXT
|
| -+ if (a->tlsext_channel_id_private)
|
| -+ EVP_PKEY_free(a->tlsext_channel_id_private);
|
| -+#endif
|
| -+
|
| - OPENSSL_free(a);
|
| - }
|
| -
|
| ---- openssl-1.0.1e.orig/ssl/ssl_locl.h 2013-03-05 18:49:33.243297392 +0000
|
| -+++ openssl-1.0.1e/ssl/ssl_locl.h 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -378,6 +378,7 @@
|
| - * (currently this also goes into algorithm2) */
|
| - #define TLS1_STREAM_MAC 0x04
|
| -
|
| -+#define TLSEXT_CHANNEL_ID_SIZE 128
|
| -
|
| -
|
| - /*
|
| -@@ -1004,6 +1005,7 @@ int ssl3_check_cert_and_algorithm(SSL *s
|
| - int ssl3_check_finished(SSL *s);
|
| - # ifndef OPENSSL_NO_NEXTPROTONEG
|
| - int ssl3_send_next_proto(SSL *s);
|
| -+int ssl3_send_channel_id(SSL *s);
|
| - # endif
|
| - #endif
|
| -
|
| -@@ -1026,6 +1028,7 @@ int ssl3_get_cert_verify(SSL *s);
|
| - #ifndef OPENSSL_NO_NEXTPROTONEG
|
| - int ssl3_get_next_proto(SSL *s);
|
| - #endif
|
| -+int ssl3_get_channel_id(SSL *s);
|
| -
|
| - int dtls1_send_hello_request(SSL *s);
|
| - int dtls1_send_server_hello(SSL *s);
|
| -@@ -1123,7 +1126,9 @@ int tls12_get_sigandhash(unsigned char *
|
| - int tls12_get_sigid(const EVP_PKEY *pk);
|
| - const EVP_MD *tls12_get_hash(unsigned char hash_alg);
|
| -
|
| -+int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
|
| - #endif
|
| -+
|
| - EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
|
| - void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
|
| - int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
|
| ---- openssl-1.0.1e.orig/ssl/t1_lib.c 2013-03-05 18:49:33.173296633 +0000
|
| -+++ openssl-1.0.1e/ssl/t1_lib.c 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -649,6 +649,16 @@ unsigned char *ssl_add_clienthello_tlsex
|
| - }
|
| - #endif
|
| -
|
| -+ if (s->tlsext_channel_id_enabled)
|
| -+ {
|
| -+ /* The client advertises an emtpy extension to indicate its
|
| -+ * support for Channel ID. */
|
| -+ if (limit - ret - 4 < 0)
|
| -+ return NULL;
|
| -+ s2n(TLSEXT_TYPE_channel_id,ret);
|
| -+ s2n(0,ret);
|
| -+ }
|
| -+
|
| - #ifndef OPENSSL_NO_SRTP
|
| - if(SSL_get_srtp_profiles(s))
|
| - {
|
| -@@ -859,6 +869,16 @@ unsigned char *ssl_add_serverhello_tlsex
|
| - }
|
| - #endif
|
| -
|
| -+ /* If the client advertised support for Channel ID, and we have it
|
| -+ * enabled, then we want to echo it back. */
|
| -+ if (s->s3->tlsext_channel_id_valid)
|
| -+ {
|
| -+ if (limit - ret - 4 < 0)
|
| -+ return NULL;
|
| -+ s2n(TLSEXT_TYPE_channel_id,ret);
|
| -+ s2n(0,ret);
|
| -+ }
|
| -+
|
| - if ((extdatalen = ret-p-2)== 0)
|
| - return p;
|
| -
|
| -@@ -1332,6 +1352,9 @@ int ssl_parse_clienthello_tlsext(SSL *s,
|
| - }
|
| - #endif
|
| -
|
| -+ else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_enabled)
|
| -+ s->s3->tlsext_channel_id_valid = 1;
|
| -+
|
| - /* session ticket processed earlier */
|
| - #ifndef OPENSSL_NO_SRTP
|
| - else if (type == TLSEXT_TYPE_use_srtp)
|
| -@@ -1562,6 +1585,9 @@ int ssl_parse_serverhello_tlsext(SSL *s,
|
| - s->s3->next_proto_neg_seen = 1;
|
| - }
|
| - #endif
|
| -+ else if (type == TLSEXT_TYPE_channel_id)
|
| -+ s->s3->tlsext_channel_id_valid = 1;
|
| -+
|
| - else if (type == TLSEXT_TYPE_renegotiate)
|
| - {
|
| - if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
|
| -@@ -2621,3 +2647,37 @@ tls1_heartbeat(SSL *s)
|
| - return ret;
|
| - }
|
| - #endif
|
| -+
|
| -+#if !defined(OPENSSL_NO_TLSEXT)
|
| -+/* tls1_channel_id_hash calculates the signed data for a Channel ID on the given
|
| -+ * SSL connection and writes it to |md|.
|
| -+ */
|
| -+int
|
| -+tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s)
|
| -+ {
|
| -+ EVP_MD_CTX ctx;
|
| -+ unsigned char temp_digest[EVP_MAX_MD_SIZE];
|
| -+ unsigned temp_digest_len;
|
| -+ int i;
|
| -+ static const char kClientIDMagic[] = "TLS Channel ID signature";
|
| -+
|
| -+ if (s->s3->handshake_buffer)
|
| -+ if (!ssl3_digest_cached_records(s))
|
| -+ return 0;
|
| -+
|
| -+ EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic));
|
| -+
|
| -+ EVP_MD_CTX_init(&ctx);
|
| -+ for (i = 0; i < SSL_MAX_DIGEST; i++)
|
| -+ {
|
| -+ if (s->s3->handshake_dgst[i] == NULL)
|
| -+ continue;
|
| -+ EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]);
|
| -+ EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len);
|
| -+ EVP_DigestUpdate(md, temp_digest, temp_digest_len);
|
| -+ }
|
| -+ EVP_MD_CTX_cleanup(&ctx);
|
| -+
|
| -+ return 1;
|
| -+ }
|
| -+#endif
|
| ---- openssl-1.0.1e.orig/ssl/tls1.h 2013-03-05 18:49:33.173296633 +0000
|
| -+++ openssl-1.0.1e/ssl/tls1.h 2013-03-05 18:49:33.413299231 +0000
|
| -@@ -248,6 +248,9 @@ extern "C" {
|
| - #define TLSEXT_TYPE_next_proto_neg 13172
|
| - #endif
|
| -
|
| -+/* This is not an IANA defined extension number */
|
| -+#define TLSEXT_TYPE_channel_id 30031
|
| -+
|
| - /* NameType value from RFC 3546 */
|
| - #define TLSEXT_NAMETYPE_host_name 0
|
| - /* status request value from RFC 3546 */
|
|
|
Chromium Code Reviews
Issue 2072073002:
Delete bundled copy of OpenSSL and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/openssl@master