Index: patches.chromium/0016-send_client_verify_cleanup.patch |
diff --git a/patches.chromium/0016-send_client_verify_cleanup.patch b/patches.chromium/0016-send_client_verify_cleanup.patch |
deleted file mode 100644 |
index 6f728ed9214c7f51b4897d489ef072fab7a9d434..0000000000000000000000000000000000000000 |
--- a/patches.chromium/0016-send_client_verify_cleanup.patch |
+++ /dev/null |
@@ -1,187 +0,0 @@ |
-diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c |
-index d6154c5..2b094c9 100644 |
---- android-openssl.orig/ssl/s3_clnt.c |
-+++ android-openssl/ssl/s3_clnt.c |
-@@ -3022,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s) |
- unsigned char *p,*d; |
- unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
- EVP_PKEY *pkey; |
-- EVP_PKEY_CTX *pctx=NULL; |
-+ EVP_PKEY_CTX *pctx = NULL; |
- EVP_MD_CTX mctx; |
-- unsigned u=0; |
-+ unsigned signature_length = 0; |
- unsigned long n; |
-- int j; |
- |
- EVP_MD_CTX_init(&mctx); |
- |
- if (s->state == SSL3_ST_CW_CERT_VRFY_A) |
- { |
-- d=(unsigned char *)s->init_buf->data; |
-- p= &(d[4]); |
-- pkey=s->cert->key->privatekey; |
--/* Create context from key and test if sha1 is allowed as digest */ |
-- pctx = EVP_PKEY_CTX_new(pkey,NULL); |
-- EVP_PKEY_sign_init(pctx); |
-- if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) |
-- { |
-- if (TLS1_get_version(s) < TLS1_2_VERSION) |
-- s->method->ssl3_enc->cert_verify_mac(s, |
-- NID_sha1, |
-- &(data[MD5_DIGEST_LENGTH])); |
-- } |
-- else |
-- { |
-- ERR_clear_error(); |
-- } |
-+ d = (unsigned char *)s->init_buf->data; |
-+ p = &(d[4]); |
-+ pkey = s->cert->key->privatekey; |
- /* For TLS v1.2 send signature algorithm and signature |
- * using agreed digest and cached handshake records. |
- */ |
-@@ -3072,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s) |
- #endif |
- if (!EVP_SignInit_ex(&mctx, md, NULL) |
- || !EVP_SignUpdate(&mctx, hdata, hdatalen) |
-- || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) |
-+ || !EVP_SignFinal(&mctx, p + 2, |
-+ &signature_length, pkey)) |
- { |
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
- ERR_R_EVP_LIB); |
- goto err; |
- } |
-- s2n(u,p); |
-- n = u + 4; |
-+ s2n(signature_length, p); |
-+ n = signature_length + 4; |
- if (!ssl3_digest_cached_records(s)) |
- goto err; |
- } |
-@@ -3087,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s) |
- #ifndef OPENSSL_NO_RSA |
- if (pkey->type == EVP_PKEY_RSA) |
- { |
-+ s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data); |
- s->method->ssl3_enc->cert_verify_mac(s, |
-- NID_md5, |
-- &(data[0])); |
-+ NID_sha1, &(data[MD5_DIGEST_LENGTH])); |
- if (RSA_sign(NID_md5_sha1, data, |
-- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, |
-- &(p[2]), &u, pkey->pkey.rsa) <= 0 ) |
-+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, |
-+ &(p[2]), &signature_length, pkey->pkey.rsa) <= 0) |
- { |
-- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); |
-+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); |
- goto err; |
- } |
-- s2n(u,p); |
-- n=u+2; |
-+ s2n(signature_length, p); |
-+ n = signature_length + 2; |
- } |
- else |
- #endif |
- #ifndef OPENSSL_NO_DSA |
-- if (pkey->type == EVP_PKEY_DSA) |
-+ if (pkey->type == EVP_PKEY_DSA) |
- { |
-- if (!DSA_sign(pkey->save_type, |
-- &(data[MD5_DIGEST_LENGTH]), |
-- SHA_DIGEST_LENGTH,&(p[2]), |
-- (unsigned int *)&j,pkey->pkey.dsa)) |
-+ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); |
-+ if (!DSA_sign(pkey->save_type, data, |
-+ SHA_DIGEST_LENGTH, &(p[2]), |
-+ &signature_length, pkey->pkey.dsa)) |
- { |
-- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); |
-+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); |
- goto err; |
- } |
-- s2n(j,p); |
-- n=j+2; |
-+ s2n(signature_length, p); |
-+ n = signature_length + 2; |
- } |
- else |
- #endif |
- #ifndef OPENSSL_NO_ECDSA |
-- if (pkey->type == EVP_PKEY_EC) |
-+ if (pkey->type == EVP_PKEY_EC) |
- { |
-- if (!ECDSA_sign(pkey->save_type, |
-- &(data[MD5_DIGEST_LENGTH]), |
-- SHA_DIGEST_LENGTH,&(p[2]), |
-- (unsigned int *)&j,pkey->pkey.ec)) |
-+ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); |
-+ if (!ECDSA_sign(pkey->save_type, data, |
-+ SHA_DIGEST_LENGTH, &(p[2]), |
-+ &signature_length, pkey->pkey.ec)) |
- { |
-- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
-- ERR_R_ECDSA_LIB); |
-+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB); |
- goto err; |
- } |
-- s2n(j,p); |
-- n=j+2; |
-+ s2n(signature_length, p); |
-+ n = signature_length + 2; |
- } |
- else |
- #endif |
- if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) |
-- { |
-- unsigned char signbuf[64]; |
-- int i; |
-- size_t sigsize=64; |
-- s->method->ssl3_enc->cert_verify_mac(s, |
-- NID_id_GostR3411_94, |
-- data); |
-- if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { |
-- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
-- ERR_R_INTERNAL_ERROR); |
-- goto err; |
-- } |
-- for (i=63,j=0; i>=0; j++, i--) { |
-- p[2+j]=signbuf[i]; |
-- } |
-- s2n(j,p); |
-- n=j+2; |
-- } |
-+ { |
-+ unsigned char signbuf[64]; |
-+ int i, j; |
-+ size_t sigsize=64; |
-+ |
-+ s->method->ssl3_enc->cert_verify_mac(s, |
-+ NID_id_GostR3411_94, |
-+ data); |
-+ pctx = EVP_PKEY_CTX_new(pkey, NULL); |
-+ EVP_PKEY_sign_init(pctx); |
-+ if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { |
-+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, |
-+ ERR_R_INTERNAL_ERROR); |
-+ goto err; |
-+ } |
-+ for (i=63,j=0; i>=0; j++, i--) { |
-+ p[2+j]=signbuf[i]; |
-+ } |
-+ s2n(j,p); |
-+ n=j+2; |
-+ } |
- else |
-- { |
-+ { |
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); |
- goto err; |
-- } |
-+ } |
- *(d++)=SSL3_MT_CERTIFICATE_VERIFY; |
- l2n3(n,d); |
- |