Index: patches.chromium/0014-new_channelid.patch |
diff --git a/patches.chromium/0014-new_channelid.patch b/patches.chromium/0014-new_channelid.patch |
deleted file mode 100644 |
index 7f607d0c2896b1a6e93b30982ac26989fd87b44e..0000000000000000000000000000000000000000 |
--- a/patches.chromium/0014-new_channelid.patch |
+++ /dev/null |
@@ -1,537 +0,0 @@ |
-diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/openssl/ssl.h |
---- android-openssl.orig/include/openssl/ssl.h 2014-05-05 16:45:02.685389339 +0200 |
-+++ android-openssl/include/openssl/ssl.h 2014-05-05 16:46:32.513390565 +0200 |
-@@ -544,6 +544,13 @@ |
- #ifndef OPENSSL_NO_SRP |
- char *srp_username; |
- #endif |
-+ |
-+ /* original_handshake_hash contains the handshake hash (either |
-+ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full |
-+ * handshake that created a session. This is used by Channel IDs during |
-+ * resumption. */ |
-+ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; |
-+ unsigned int original_handshake_hash_len; |
- }; |
- |
- #endif |
-diff -burN android-openssl.orig/include/openssl/tls1.h android-openssl/include/openssl/tls1.h |
---- android-openssl.orig/include/openssl/tls1.h 2014-05-05 16:45:02.689389339 +0200 |
-+++ android-openssl/include/openssl/tls1.h 2014-05-05 16:46:32.517390565 +0200 |
-@@ -249,7 +249,7 @@ |
- #endif |
- |
- /* This is not an IANA defined extension number */ |
--#define TLSEXT_TYPE_channel_id 30031 |
-+#define TLSEXT_TYPE_channel_id 30032 |
- |
- /* NameType value from RFC 3546 */ |
- #define TLSEXT_NAMETYPE_host_name 0 |
-diff -burN android-openssl.orig/patches/new_channelid.patch android-openssl/patches/new_channelid.patch |
---- android-openssl.orig/patches/new_channelid.patch 1970-01-01 01:00:00.000000000 +0100 |
-+++ android-openssl/patches/new_channelid.patch 2014-05-05 16:48:54.429392502 +0200 |
-@@ -0,0 +1,273 @@ |
-+diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h |
-+index a3944f1..fe92ccf 100644 |
-+--- a/include/openssl/ssl.h |
-++++ b/include/openssl/ssl.h |
-+@@ -547,6 +547,13 @@ struct ssl_session_st |
-+ #ifndef OPENSSL_NO_SRP |
-+ char *srp_username; |
-+ #endif |
-++ |
-++ /* original_handshake_hash contains the handshake hash (either |
-++ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full |
-++ * handshake that created a session. This is used by Channel IDs during |
-++ * resumption. */ |
-++ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; |
-++ unsigned int original_handshake_hash_len; |
-+ }; |
-+ |
-+ #endif |
-+diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h |
-+index c4f69aa..5559486 100644 |
-+--- a/include/openssl/tls1.h |
-++++ b/include/openssl/tls1.h |
-+@@ -255,7 +255,7 @@ extern "C" { |
-+ #endif |
-+ |
-+ /* This is not an IANA defined extension number */ |
-+-#define TLSEXT_TYPE_channel_id 30031 |
-++#define TLSEXT_TYPE_channel_id 30032 |
-+ |
-+ /* NameType value from RFC 3546 */ |
-+ #define TLSEXT_NAMETYPE_host_name 0 |
-+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c |
-+index 640df80..d6154c5 100644 |
-+--- a/ssl/s3_clnt.c |
-++++ b/ssl/s3_clnt.c |
-+@@ -583,6 +583,18 @@ int ssl3_connect(SSL *s) |
-+ #endif |
-+ s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; |
-+ } |
-++ if (s->s3->tlsext_channel_id_valid) |
-++ { |
-++ /* This is a non-resumption handshake. If it |
-++ * involves ChannelID, then record the |
-++ * handshake hashes at this point in the |
-++ * session so that any resumption of this |
-++ * session with ChannelID can sign those |
-++ * hashes. */ |
-++ ret = tls1_record_handshake_hashes_for_channel_id(s); |
-++ if (ret <= 0) |
-++ goto end; |
-++ } |
-+ } |
-+ s->init_num=0; |
-+ break; |
-+diff --git a/ssl/ssl.h b/ssl/ssl.h |
-+index a3944f1..fe92ccf 100644 |
-+--- a/ssl/ssl.h |
-++++ b/ssl/ssl.h |
-+@@ -547,6 +547,13 @@ struct ssl_session_st |
-+ #ifndef OPENSSL_NO_SRP |
-+ char *srp_username; |
-+ #endif |
-++ |
-++ /* original_handshake_hash contains the handshake hash (either |
-++ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full |
-++ * handshake that created a session. This is used by Channel IDs during |
-++ * resumption. */ |
-++ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; |
-++ unsigned int original_handshake_hash_len; |
-+ }; |
-+ |
-+ #endif |
-+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h |
-+index 531a291..c975d31 100644 |
-+--- a/ssl/ssl_locl.h |
-++++ b/ssl/ssl_locl.h |
-+@@ -1102,6 +1102,7 @@ void ssl_free_wbio_buffer(SSL *s); |
-+ int tls1_change_cipher_state(SSL *s, int which); |
-+ int tls1_setup_key_block(SSL *s); |
-+ int tls1_enc(SSL *s, int snd); |
-++int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len); |
-+ int tls1_final_finish_mac(SSL *s, |
-+ const char *str, int slen, unsigned char *p); |
-+ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); |
-+@@ -1158,6 +1159,7 @@ int tls12_get_sigid(const EVP_PKEY *pk); |
-+ const EVP_MD *tls12_get_hash(unsigned char hash_alg); |
-+ |
-+ int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); |
-++int tls1_record_handshake_hashes_for_channel_id(SSL *s); |
-+ #endif |
-+ |
-+ int ssl3_can_cutthrough(const SSL *s); |
-+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c |
-+index 87b7021..d30ce61 100644 |
-+--- a/ssl/t1_enc.c |
-++++ b/ssl/t1_enc.c |
-+@@ -1147,53 +1147,79 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) |
-+ return((int)ret); |
-+ } |
-+ |
-++/* tls1_handshake_digest calculates the current handshake hash and writes it to |
-++ * |out|, which has space for |out_len| bytes. It returns the number of bytes |
-++ * written or -1 in the event of an error. This function works on a copy of the |
-++ * underlying digests so can be called multiple times and prior to the final |
-++ * update etc. */ |
-++int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) |
-++ { |
-++ const EVP_MD *md; |
-++ EVP_MD_CTX ctx; |
-++ int i, err = 0, len = 0; |
-++ long mask; |
-++ |
-++ EVP_MD_CTX_init(&ctx); |
-++ |
-++ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) |
-++ { |
-++ int hash_size; |
-++ unsigned int digest_len; |
-++ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; |
-++ |
-++ if ((mask & ssl_get_algorithm2(s)) == 0) |
-++ continue; |
-++ |
-++ hash_size = EVP_MD_size(md); |
-++ if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) |
-++ { |
-++ err = 1; |
-++ break; |
-++ } |
-++ |
-++ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || |
-++ !EVP_DigestFinal_ex(&ctx, out, &digest_len) || |
-++ digest_len != (unsigned int)hash_size) /* internal error */ |
-++ { |
-++ err = 1; |
-++ break; |
-++ } |
-++ out += digest_len; |
-++ out_len -= digest_len; |
-++ len += digest_len; |
-++ } |
-++ |
-++ EVP_MD_CTX_cleanup(&ctx); |
-++ |
-++ if (err != 0) |
-++ return -1; |
-++ return len; |
-++ } |
-++ |
-+ int tls1_final_finish_mac(SSL *s, |
-+ const char *str, int slen, unsigned char *out) |
-+ { |
-+- unsigned int i; |
-+- EVP_MD_CTX ctx; |
-+ unsigned char buf[2*EVP_MAX_MD_SIZE]; |
-+- unsigned char *q,buf2[12]; |
-+- int idx; |
-+- long mask; |
-++ unsigned char buf2[12]; |
-+ int err=0; |
-+- const EVP_MD *md; |
-++ int digests_len; |
-+ |
-+- q=buf; |
-+- |
-+- if (s->s3->handshake_buffer) |
-++ if (s->s3->handshake_buffer) |
-+ if (!ssl3_digest_cached_records(s)) |
-+ return 0; |
-+ |
-+- EVP_MD_CTX_init(&ctx); |
-+- |
-+- for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) |
-++ digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); |
-++ if (digests_len < 0) |
-+ { |
-+- if (mask & ssl_get_algorithm2(s)) |
-+- { |
-+- int hashsize = EVP_MD_size(md); |
-+- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) |
-+- { |
-+- /* internal error: 'buf' is too small for this cipersuite! */ |
-+- err = 1; |
-+- } |
-+- else |
-+- { |
-+- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); |
-+- EVP_DigestFinal_ex(&ctx,q,&i); |
-+- if (i != (unsigned int)hashsize) /* can't really happen */ |
-+- err = 1; |
-+- q+=i; |
-+- } |
-+- } |
-++ err = 1; |
-++ digests_len = 0; |
-+ } |
-+- |
-++ |
-+ if (!tls1_PRF(ssl_get_algorithm2(s), |
-+- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, |
-++ str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, |
-+ s->session->master_key,s->session->master_key_length, |
-+ out,buf2,sizeof buf2)) |
-+ err = 1; |
-+- EVP_MD_CTX_cleanup(&ctx); |
-+ |
-+ if (err) |
-+ return 0; |
-+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c |
-+index ea7fefa..d7ea9a5 100644 |
-+--- a/ssl/t1_lib.c |
-++++ b/ssl/t1_lib.c |
-+@@ -2684,6 +2684,17 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) |
-+ |
-+ EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); |
-+ |
-++ if (s->hit) |
-++ { |
-++ static const char kResumptionMagic[] = "Resumption"; |
-++ EVP_DigestUpdate(md, kResumptionMagic, |
-++ sizeof(kResumptionMagic)); |
-++ if (s->session->original_handshake_hash_len == 0) |
-++ return 0; |
-++ EVP_DigestUpdate(md, s->session->original_handshake_hash, |
-++ s->session->original_handshake_hash_len); |
-++ } |
-++ |
-+ EVP_MD_CTX_init(&ctx); |
-+ for (i = 0; i < SSL_MAX_DIGEST; i++) |
-+ { |
-+@@ -2698,3 +2709,29 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) |
-+ return 1; |
-+ } |
-+ #endif |
-++ |
-++/* tls1_record_handshake_hashes_for_channel_id records the current handshake |
-++ * hashes in |s->session| so that Channel ID resumptions can sign that data. */ |
-++int tls1_record_handshake_hashes_for_channel_id(SSL *s) |
-++ { |
-++ int digest_len; |
-++ /* This function should never be called for a resumed session because |
-++ * the handshake hashes that we wish to record are for the original, |
-++ * full handshake. */ |
-++ if (s->hit) |
-++ return -1; |
-++ /* It only makes sense to call this function if Channel IDs have been |
-++ * negotiated. */ |
-++ if (!s->s3->tlsext_channel_id_valid) |
-++ return -1; |
-++ |
-++ digest_len = tls1_handshake_digest( |
-++ s, s->session->original_handshake_hash, |
-++ sizeof(s->session->original_handshake_hash)); |
-++ if (digest_len < 0) |
-++ return -1; |
-++ |
-++ s->session->original_handshake_hash_len = digest_len; |
-++ |
-++ return 1; |
-++ } |
-+diff --git a/ssl/tls1.h b/ssl/tls1.h |
-+index c4f69aa..5559486 100644 |
-+--- a/ssl/tls1.h |
-++++ b/ssl/tls1.h |
-+@@ -255,7 +255,7 @@ extern "C" { |
-+ #endif |
-+ |
-+ /* This is not an IANA defined extension number */ |
-+-#define TLSEXT_TYPE_channel_id 30031 |
-++#define TLSEXT_TYPE_channel_id 30032 |
-+ |
-+ /* NameType value from RFC 3546 */ |
-+ #define TLSEXT_NAMETYPE_host_name 0 |
-diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c |
---- android-openssl.orig/ssl/s3_clnt.c 2014-05-05 16:45:02.785389340 +0200 |
-+++ android-openssl/ssl/s3_clnt.c 2014-05-05 16:46:32.525390565 +0200 |
-@@ -583,6 +583,18 @@ |
- #endif |
- s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; |
- } |
-+ if (s->s3->tlsext_channel_id_valid) |
-+ { |
-+ /* This is a non-resumption handshake. If it |
-+ * involves ChannelID, then record the |
-+ * handshake hashes at this point in the |
-+ * session so that any resumption of this |
-+ * session with ChannelID can sign those |
-+ * hashes. */ |
-+ ret = tls1_record_handshake_hashes_for_channel_id(s); |
-+ if (ret <= 0) |
-+ goto end; |
-+ } |
- } |
- s->init_num=0; |
- break; |
-diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h |
---- android-openssl.orig/ssl/ssl.h 2014-05-05 16:45:02.693389339 +0200 |
-+++ android-openssl/ssl/ssl.h 2014-05-05 16:46:32.533390565 +0200 |
-@@ -544,6 +544,13 @@ |
- #ifndef OPENSSL_NO_SRP |
- char *srp_username; |
- #endif |
-+ |
-+ /* original_handshake_hash contains the handshake hash (either |
-+ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full |
-+ * handshake that created a session. This is used by Channel IDs during |
-+ * resumption. */ |
-+ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; |
-+ unsigned int original_handshake_hash_len; |
- }; |
- |
- #endif |
-diff -burN android-openssl.orig/ssl/ssl_locl.h android-openssl/ssl/ssl_locl.h |
---- android-openssl.orig/ssl/ssl_locl.h 2014-05-05 16:45:02.785389340 +0200 |
-+++ android-openssl/ssl/ssl_locl.h 2014-05-05 16:46:32.541390565 +0200 |
-@@ -1071,6 +1071,7 @@ |
- int tls1_change_cipher_state(SSL *s, int which); |
- int tls1_setup_key_block(SSL *s); |
- int tls1_enc(SSL *s, int snd); |
-+int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len); |
- int tls1_final_finish_mac(SSL *s, |
- const char *str, int slen, unsigned char *p); |
- int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); |
-@@ -1127,6 +1128,7 @@ |
- const EVP_MD *tls12_get_hash(unsigned char hash_alg); |
- |
- int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); |
-+int tls1_record_handshake_hashes_for_channel_id(SSL *s); |
- #endif |
- |
- int ssl3_can_cutthrough(const SSL *s); |
-diff -burN android-openssl.orig/ssl/t1_enc.c android-openssl/ssl/t1_enc.c |
---- android-openssl.orig/ssl/t1_enc.c 2014-05-05 16:45:02.697389339 +0200 |
-+++ android-openssl/ssl/t1_enc.c 2014-05-05 16:46:32.545390565 +0200 |
-@@ -890,53 +890,79 @@ |
- return((int)ret); |
- } |
- |
--int tls1_final_finish_mac(SSL *s, |
-- const char *str, int slen, unsigned char *out) |
-+/* tls1_handshake_digest calculates the current handshake hash and writes it to |
-+ * |out|, which has space for |out_len| bytes. It returns the number of bytes |
-+ * written or -1 in the event of an error. This function works on a copy of the |
-+ * underlying digests so can be called multiple times and prior to the final |
-+ * update etc. */ |
-+int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) |
- { |
-- unsigned int i; |
-+ const EVP_MD *md; |
- EVP_MD_CTX ctx; |
-- unsigned char buf[2*EVP_MAX_MD_SIZE]; |
-- unsigned char *q,buf2[12]; |
-- int idx; |
-+ int i, err = 0, len = 0; |
- long mask; |
-- int err=0; |
-- const EVP_MD *md; |
-- |
-- q=buf; |
-- |
-- if (s->s3->handshake_buffer) |
-- if (!ssl3_digest_cached_records(s)) |
-- return 0; |
- |
- EVP_MD_CTX_init(&ctx); |
- |
-- for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) |
-+ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) |
- { |
-- if (mask & ssl_get_algorithm2(s)) |
-- { |
-- int hashsize = EVP_MD_size(md); |
-- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) |
-+ int hash_size; |
-+ unsigned int digest_len; |
-+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; |
-+ |
-+ if ((mask & ssl_get_algorithm2(s)) == 0) |
-+ continue; |
-+ |
-+ hash_size = EVP_MD_size(md); |
-+ if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) |
- { |
-- /* internal error: 'buf' is too small for this cipersuite! */ |
- err = 1; |
-+ break; |
- } |
-- else |
-+ |
-+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || |
-+ !EVP_DigestFinal_ex(&ctx, out, &digest_len) || |
-+ digest_len != (unsigned int)hash_size) /* internal error */ |
- { |
-- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); |
-- EVP_DigestFinal_ex(&ctx,q,&i); |
-- if (i != (unsigned int)hashsize) /* can't really happen */ |
- err = 1; |
-- q+=i; |
-+ break; |
- } |
-+ out += digest_len; |
-+ out_len -= digest_len; |
-+ len += digest_len; |
- } |
-+ |
-+ EVP_MD_CTX_cleanup(&ctx); |
-+ |
-+ if (err != 0) |
-+ return -1; |
-+ return len; |
-+ } |
-+ |
-+int tls1_final_finish_mac(SSL *s, |
-+ const char *str, int slen, unsigned char *out) |
-+ { |
-+ unsigned char buf[2*EVP_MAX_MD_SIZE]; |
-+ unsigned char buf2[12]; |
-+ int err=0; |
-+ int digests_len; |
-+ |
-+ if (s->s3->handshake_buffer) |
-+ if (!ssl3_digest_cached_records(s)) |
-+ return 0; |
-+ |
-+ digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); |
-+ if (digests_len < 0) |
-+ { |
-+ err = 1; |
-+ digests_len = 0; |
- } |
- |
- if (!tls1_PRF(ssl_get_algorithm2(s), |
-- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, |
-+ str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, |
- s->session->master_key,s->session->master_key_length, |
- out,buf2,sizeof buf2)) |
- err = 1; |
-- EVP_MD_CTX_cleanup(&ctx); |
- |
- if (err) |
- return 0; |
-diff -burN android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c |
---- android-openssl.orig/ssl/t1_lib.c 2014-05-05 16:45:02.789389340 +0200 |
-+++ android-openssl/ssl/t1_lib.c 2014-05-05 16:46:32.549390565 +0200 |
-@@ -2672,6 +2672,17 @@ |
- |
- EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); |
- |
-+ if (s->hit) |
-+ { |
-+ static const char kResumptionMagic[] = "Resumption"; |
-+ EVP_DigestUpdate(md, kResumptionMagic, |
-+ sizeof(kResumptionMagic)); |
-+ if (s->session->original_handshake_hash_len == 0) |
-+ return 0; |
-+ EVP_DigestUpdate(md, s->session->original_handshake_hash, |
-+ s->session->original_handshake_hash_len); |
-+ } |
-+ |
- EVP_MD_CTX_init(&ctx); |
- for (i = 0; i < SSL_MAX_DIGEST; i++) |
- { |
-@@ -2686,3 +2697,29 @@ |
- return 1; |
- } |
- #endif |
-+ |
-+/* tls1_record_handshake_hashes_for_channel_id records the current handshake |
-+ * hashes in |s->session| so that Channel ID resumptions can sign that data. */ |
-+int tls1_record_handshake_hashes_for_channel_id(SSL *s) |
-+ { |
-+ int digest_len; |
-+ /* This function should never be called for a resumed session because |
-+ * the handshake hashes that we wish to record are for the original, |
-+ * full handshake. */ |
-+ if (s->hit) |
-+ return -1; |
-+ /* It only makes sense to call this function if Channel IDs have been |
-+ * negotiated. */ |
-+ if (!s->s3->tlsext_channel_id_valid) |
-+ return -1; |
-+ |
-+ digest_len = tls1_handshake_digest( |
-+ s, s->session->original_handshake_hash, |
-+ sizeof(s->session->original_handshake_hash)); |
-+ if (digest_len < 0) |
-+ return -1; |
-+ |
-+ s->session->original_handshake_hash_len = digest_len; |
-+ |
-+ return 1; |
-+ } |
-diff -burN android-openssl.orig/ssl/tls1.h android-openssl/ssl/tls1.h |
---- android-openssl.orig/ssl/tls1.h 2014-05-05 16:45:02.697389339 +0200 |
-+++ android-openssl/ssl/tls1.h 2014-05-05 16:46:32.553390566 +0200 |
-@@ -249,7 +249,7 @@ |
- #endif |
- |
- /* This is not an IANA defined extension number */ |
--#define TLSEXT_TYPE_channel_id 30031 |
-+#define TLSEXT_TYPE_channel_id 30032 |
- |
- /* NameType value from RFC 3546 */ |
- #define TLSEXT_NAMETYPE_host_name 0 |