OLD | NEW |
1 diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio.
h | 1 diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio.
h |
2 --- android-openssl.orig/crypto/bio/bio.h» 2013-10-18 16:41:41.052291400 +0
200 | 2 --- android-openssl.orig/crypto/bio/bio.h» 2013-02-11 16:26:04.000000000 +0
100 |
3 +++ android-openssl/crypto/bio/bio.h» 2013-10-18 16:42:58.772982447 +0200 | 3 +++ android-openssl/crypto/bio/bio.h» 2013-10-22 18:22:42.080337200 +0200 |
4 @@ -266,6 +266,8 @@ | 4 @@ -266,6 +266,9 @@ |
5 #define BIO_RR_CONNECT 0x02 | 5 #define BIO_RR_CONNECT 0x02 |
6 /* Returned from the accept BIO when an accept would have blocked */ | 6 /* Returned from the accept BIO when an accept would have blocked */ |
7 #define BIO_RR_ACCEPT 0x03 | 7 #define BIO_RR_ACCEPT 0x03 |
8 +/* Returned from the SSL bio when the channel id retrieval code cannot find the | 8 +/* Returned from the SSL bio when the channel id retrieval code cannot find the |
9 + * private key. */ | 9 + * private key. */ |
10 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 | 10 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 |
11 | 11 |
12 /* These are passed by the BIO callback */ | 12 /* These are passed by the BIO callback */ |
13 #define BIO_CB_FREE 0x01 | 13 #define BIO_CB_FREE 0x01 |
14 diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/op
enssl/bio.h | 14 diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/op
enssl/bio.h |
15 --- android-openssl.orig/include/openssl/bio.h» 2013-10-18 16:41:41.162292378 +0
200 | 15 --- android-openssl.orig/include/openssl/bio.h» 2013-10-22 18:20:42.249270230 +0
200 |
16 +++ android-openssl/include/openssl/bio.h» 2013-10-18 16:42:58.772982447 +0
200 | 16 +++ android-openssl/include/openssl/bio.h» 2013-10-22 18:22:42.080337200 +0
200 |
17 @@ -266,6 +266,9 @@ | 17 @@ -266,6 +266,9 @@ |
18 #define BIO_RR_CONNECT 0x02 | 18 #define BIO_RR_CONNECT 0x02 |
19 /* Returned from the accept BIO when an accept would have blocked */ | 19 /* Returned from the accept BIO when an accept would have blocked */ |
20 #define BIO_RR_ACCEPT 0x03 | 20 #define BIO_RR_ACCEPT 0x03 |
21 +/* Returned from the SSL bio when the channel id retrieval code cannot find the | 21 +/* Returned from the SSL bio when the channel id retrieval code cannot find the |
22 + * private key. */ | 22 + * private key. */ |
23 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 | 23 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 |
24 | 24 |
25 /* These are passed by the BIO callback */ | 25 /* These are passed by the BIO callback */ |
26 #define BIO_CB_FREE 0x01 | 26 #define BIO_CB_FREE 0x01 |
27 diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/op
enssl/ssl.h | 27 diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/op
enssl/ssl.h |
28 --- android-openssl.orig/include/openssl/ssl.h» 2013-10-18 16:41:41.252293178 +0
200 | 28 --- android-openssl.orig/include/openssl/ssl.h» 2013-10-22 18:20:42.259270320 +0
200 |
29 +++ android-openssl/include/openssl/ssl.h» 2013-10-18 16:42:58.772982447 +0
200 | 29 +++ android-openssl/include/openssl/ssl.h» 2013-10-22 18:24:14.771162612 +0
200 |
30 @@ -1104,12 +1104,14 @@ | 30 @@ -848,6 +848,9 @@ |
| 31 » /* get client cert callback */ |
| 32 » int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 33 |
| 34 +» /* get channel id callback */ |
| 35 +» void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); |
| 36 + |
| 37 /* cookie generate callback */ |
| 38 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, |
| 39 unsigned int *cookie_len); |
| 40 @@ -1043,6 +1046,8 @@ |
| 41 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val
); |
| 42 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X
509 **x509, EVP_PKEY **pkey)); |
| 43 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY
**pkey); |
| 44 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EV
P_PKEY **pkey)); |
| 45 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); |
| 46 #ifndef OPENSSL_NO_ENGINE |
| 47 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); |
| 48 #endif |
| 49 @@ -1104,12 +1109,14 @@ |
31 #define SSL_WRITING 2 | 50 #define SSL_WRITING 2 |
32 #define SSL_READING 3 | 51 #define SSL_READING 3 |
33 #define SSL_X509_LOOKUP 4 | 52 #define SSL_X509_LOOKUP 4 |
34 +#define SSL_CHANNEL_ID_LOOKUP 5 | 53 +#define SSL_CHANNEL_ID_LOOKUP 5 |
35 | 54 |
36 /* These will only be used when doing non-blocking IO */ | 55 /* These will only be used when doing non-blocking IO */ |
37 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) | 56 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) |
38 #define SSL_want_read(s) (SSL_want(s) == SSL_READING) | 57 #define SSL_want_read(s) (SSL_want(s) == SSL_READING) |
39 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) | 58 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) |
40 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) | 59 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) |
41 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) | 60 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) |
42 | 61 |
43 #define SSL_MAC_FLAG_READ_MAC_STREAM 1 | 62 #define SSL_MAC_FLAG_READ_MAC_STREAM 1 |
44 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 | 63 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 |
45 @@ -1535,6 +1537,7 @@ | 64 @@ -1535,6 +1542,7 @@ |
46 #define SSL_ERROR_ZERO_RETURN 6 | 65 #define SSL_ERROR_ZERO_RETURN 6 |
47 #define SSL_ERROR_WANT_CONNECT 7 | 66 #define SSL_ERROR_WANT_CONNECT 7 |
48 #define SSL_ERROR_WANT_ACCEPT 8 | 67 #define SSL_ERROR_WANT_ACCEPT 8 |
49 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 | 68 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 |
50 | 69 |
51 #define SSL_CTRL_NEED_TMP_RSA 1 | 70 #define SSL_CTRL_NEED_TMP_RSA 1 |
52 #define SSL_CTRL_SET_TMP_RSA 2 | 71 #define SSL_CTRL_SET_TMP_RSA 2 |
53 @@ -1672,10 +1675,11 @@ | 72 @@ -1672,10 +1680,11 @@ |
54 #define SSL_set_tmp_ecdh(ssl,ecdh) \ | 73 #define SSL_set_tmp_ecdh(ssl,ecdh) \ |
55 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | 74 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
56 | 75 |
57 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client | 76 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client |
58 - * IDs from clients. Returns 1 on success. */ | 77 - * IDs from clients. Returns 1 on success. */ |
59 -#define SSL_enable_tls_channel_id(ctx) \ | 78 -#define SSL_enable_tls_channel_id(ctx) \ |
60 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) | 79 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) |
61 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien
t | 80 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien
t |
62 + * IDs from clients, or configure a client to send TLS client IDs to server. | 81 + * IDs from clients, or configure a client to send TLS client IDs to server. |
63 + * Returns 1 on success. */ | 82 + * Returns 1 on success. */ |
64 +#define SSL_enable_tls_channel_id(s) \ | 83 +#define SSL_enable_tls_channel_id(s) \ |
65 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | 84 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) |
66 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | 85 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to |
67 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | 86 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on |
68 * success. */ | 87 * success. */ |
69 diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c | 88 diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c |
70 --- android-openssl.orig/ssl/bio_ssl.c» 2013-10-18 16:41:41.172292466 +0200 | 89 --- android-openssl.orig/ssl/bio_ssl.c» 2013-02-11 16:26:04.000000000 +0100 |
71 +++ android-openssl/ssl/bio_ssl.c» 2013-10-18 16:42:58.772982447 +0200 | 90 +++ android-openssl/ssl/bio_ssl.c» 2013-10-22 18:22:42.090337290 +0200 |
72 @@ -206,6 +206,10 @@ | 91 @@ -206,6 +206,10 @@ |
73 BIO_set_retry_special(b); | 92 BIO_set_retry_special(b); |
74 retry_reason=BIO_RR_SSL_X509_LOOKUP; | 93 retry_reason=BIO_RR_SSL_X509_LOOKUP; |
75 break; | 94 break; |
76 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: | 95 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: |
77 + BIO_set_retry_special(b); | 96 + BIO_set_retry_special(b); |
78 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; | 97 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; |
79 + break; | 98 + break; |
80 case SSL_ERROR_WANT_ACCEPT: | 99 case SSL_ERROR_WANT_ACCEPT: |
81 BIO_set_retry_special(b); | 100 BIO_set_retry_special(b); |
82 retry_reason=BIO_RR_ACCEPT; | 101 retry_reason=BIO_RR_ACCEPT; |
83 @@ -280,6 +284,10 @@ | 102 @@ -280,6 +284,10 @@ |
84 BIO_set_retry_special(b); | 103 BIO_set_retry_special(b); |
85 retry_reason=BIO_RR_SSL_X509_LOOKUP; | 104 retry_reason=BIO_RR_SSL_X509_LOOKUP; |
86 break; | 105 break; |
87 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: | 106 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: |
88 + BIO_set_retry_special(b); | 107 + BIO_set_retry_special(b); |
89 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; | 108 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; |
90 + break; | 109 + break; |
91 case SSL_ERROR_WANT_CONNECT: | 110 case SSL_ERROR_WANT_CONNECT: |
92 BIO_set_retry_special(b); | 111 BIO_set_retry_special(b); |
93 retry_reason=BIO_RR_CONNECT; | 112 retry_reason=BIO_RR_CONNECT; |
94 diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c | 113 diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c |
95 --- android-openssl.orig/ssl/s3_clnt.c» 2013-10-18 16:41:41.262293266 +0200 | 114 --- android-openssl.orig/ssl/s3_clnt.c» 2013-10-22 18:20:40.289252781 +0200 |
96 +++ android-openssl/ssl/s3_clnt.c» 2013-10-18 16:42:58.772982447 +0200 | 115 +++ android-openssl/ssl/s3_clnt.c» 2013-10-22 18:22:42.090337290 +0200 |
97 @@ -3414,6 +3414,13 @@ | 116 @@ -3414,6 +3414,22 @@ |
98 if (s->state != SSL3_ST_CW_CHANNEL_ID_A) | 117 if (s->state != SSL3_ST_CW_CHANNEL_ID_A) |
99 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); | 118 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); |
100 | 119 |
101 + if (s->tlsext_channel_id_private == NULL) | 120 +» if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb) |
102 + { | 121 +» » { |
103 + s->rwstate=SSL_CHANNEL_ID_LOOKUP; | 122 +» » EVP_PKEY* key = NULL; |
104 + return (-1); | 123 +» » s->ctx->channel_id_cb(s, &key); |
105 + } | 124 +» » if (key != NULL) |
106 + s->rwstate=SSL_NOTHING; | 125 +» » » { |
| 126 +» » » s->tlsext_channel_id_private = key; |
| 127 +» » » } |
| 128 +» » } |
| 129 +» if (!s->tlsext_channel_id_private) |
| 130 +» » { |
| 131 +» » s->rwstate=SSL_CHANNEL_ID_LOOKUP; |
| 132 +» » return (-1); |
| 133 +» » } |
| 134 +» s->rwstate=SSL_NOTHING; |
107 + | 135 + |
108 d = (unsigned char *)s->init_buf->data; | 136 d = (unsigned char *)s->init_buf->data; |
109 *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; | 137 *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; |
110 l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); | 138 l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); |
111 diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c | 139 diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c |
112 --- android-openssl.orig/ssl/s3_lib.c» 2013-10-18 16:41:41.262293266 +0200 | 140 --- android-openssl.orig/ssl/s3_lib.c» 2013-10-22 18:20:40.289252781 +0200 |
113 +++ android-openssl/ssl/s3_lib.c» 2013-10-18 16:42:58.772982447 +0200 | 141 +++ android-openssl/ssl/s3_lib.c» 2013-10-22 18:22:42.090337290 +0200 |
114 @@ -3358,8 +3358,6 @@ | 142 @@ -3358,8 +3358,6 @@ |
115 break; | 143 break; |
116 #endif | 144 #endif |
117 case SSL_CTRL_CHANNEL_ID: | 145 case SSL_CTRL_CHANNEL_ID: |
118 - if (!s->server) | 146 - if (!s->server) |
119 - break; | 147 - break; |
120 s->tlsext_channel_id_enabled = 1; | 148 s->tlsext_channel_id_enabled = 1; |
121 ret = 1; | 149 ret = 1; |
122 break; | 150 break; |
123 @@ -3375,7 +3373,7 @@ | 151 @@ -3375,7 +3373,7 @@ |
124 } | 152 } |
125 if (s->tlsext_channel_id_private) | 153 if (s->tlsext_channel_id_private) |
126 EVP_PKEY_free(s->tlsext_channel_id_private); | 154 EVP_PKEY_free(s->tlsext_channel_id_private); |
127 - s->tlsext_channel_id_private = (EVP_PKEY*) parg; | 155 - s->tlsext_channel_id_private = (EVP_PKEY*) parg; |
128 + s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); | 156 + s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); |
129 ret = 1; | 157 ret = 1; |
130 break; | 158 break; |
131 | 159 |
132 @@ -3690,7 +3688,7 @@ | 160 @@ -3690,7 +3688,7 @@ |
133 } | 161 } |
134 if (ctx->tlsext_channel_id_private) | 162 if (ctx->tlsext_channel_id_private) |
135 EVP_PKEY_free(ctx->tlsext_channel_id_private); | 163 EVP_PKEY_free(ctx->tlsext_channel_id_private); |
136 - ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; | 164 - ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; |
137 + ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); | 165 + ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); |
138 break; | 166 break; |
139 | 167 |
140 default: | 168 default: |
141 diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h | 169 diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h |
142 --- android-openssl.orig/ssl/ssl.h» 2013-10-18 16:41:41.262293266 +0200 | 170 --- android-openssl.orig/ssl/ssl.h» 2013-10-22 18:20:40.299252871 +0200 |
143 +++ android-openssl/ssl/ssl.h» 2013-10-18 16:42:58.772982447 +0200 | 171 +++ android-openssl/ssl/ssl.h» 2013-10-22 18:24:24.121245879 +0200 |
144 @@ -1104,12 +1104,14 @@ | 172 @@ -848,6 +848,9 @@ |
| 173 » /* get client cert callback */ |
| 174 » int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 175 |
| 176 +» /* get channel id callback */ |
| 177 +» void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); |
| 178 + |
| 179 /* cookie generate callback */ |
| 180 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, |
| 181 unsigned int *cookie_len); |
| 182 @@ -1043,6 +1046,8 @@ |
| 183 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val
); |
| 184 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X
509 **x509, EVP_PKEY **pkey)); |
| 185 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY
**pkey); |
| 186 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EV
P_PKEY **pkey)); |
| 187 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); |
| 188 #ifndef OPENSSL_NO_ENGINE |
| 189 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); |
| 190 #endif |
| 191 @@ -1104,12 +1109,14 @@ |
145 #define SSL_WRITING 2 | 192 #define SSL_WRITING 2 |
146 #define SSL_READING 3 | 193 #define SSL_READING 3 |
147 #define SSL_X509_LOOKUP 4 | 194 #define SSL_X509_LOOKUP 4 |
148 +#define SSL_CHANNEL_ID_LOOKUP 5 | 195 +#define SSL_CHANNEL_ID_LOOKUP 5 |
149 | 196 |
150 /* These will only be used when doing non-blocking IO */ | 197 /* These will only be used when doing non-blocking IO */ |
151 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) | 198 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) |
152 #define SSL_want_read(s) (SSL_want(s) == SSL_READING) | 199 #define SSL_want_read(s) (SSL_want(s) == SSL_READING) |
153 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) | 200 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) |
154 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) | 201 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) |
155 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) | 202 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) |
156 | 203 |
157 #define SSL_MAC_FLAG_READ_MAC_STREAM 1 | 204 #define SSL_MAC_FLAG_READ_MAC_STREAM 1 |
158 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 | 205 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 |
159 @@ -1535,6 +1537,7 @@ | 206 @@ -1535,6 +1542,7 @@ |
160 #define SSL_ERROR_ZERO_RETURN 6 | 207 #define SSL_ERROR_ZERO_RETURN 6 |
161 #define SSL_ERROR_WANT_CONNECT 7 | 208 #define SSL_ERROR_WANT_CONNECT 7 |
162 #define SSL_ERROR_WANT_ACCEPT 8 | 209 #define SSL_ERROR_WANT_ACCEPT 8 |
163 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 | 210 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 |
164 | 211 |
165 #define SSL_CTRL_NEED_TMP_RSA 1 | 212 #define SSL_CTRL_NEED_TMP_RSA 1 |
166 #define SSL_CTRL_SET_TMP_RSA 2 | 213 #define SSL_CTRL_SET_TMP_RSA 2 |
167 @@ -1672,10 +1675,11 @@ | 214 @@ -1672,10 +1680,11 @@ |
168 #define SSL_set_tmp_ecdh(ssl,ecdh) \ | 215 #define SSL_set_tmp_ecdh(ssl,ecdh) \ |
169 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) | 216 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
170 | 217 |
171 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client | 218 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client |
172 - * IDs from clients. Returns 1 on success. */ | 219 - * IDs from clients. Returns 1 on success. */ |
173 -#define SSL_enable_tls_channel_id(ctx) \ | 220 -#define SSL_enable_tls_channel_id(ctx) \ |
174 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) | 221 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) |
175 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien
t | 222 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien
t |
176 + * IDs from clients, or configure a client to send TLS client IDs to server. | 223 + * IDs from clients, or configure a client to send TLS client IDs to server. |
177 + * Returns 1 on success. */ | 224 + * Returns 1 on success. */ |
178 +#define SSL_enable_tls_channel_id(s) \ | 225 +#define SSL_enable_tls_channel_id(s) \ |
179 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) | 226 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) |
180 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to | 227 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to |
181 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on | 228 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on |
182 * success. */ | 229 * success. */ |
183 diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c | 230 diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c |
184 --- android-openssl.orig/ssl/ssl_lib.c» 2013-10-18 16:41:41.262293266 +0200 | 231 --- android-openssl.orig/ssl/ssl_lib.c» 2013-10-22 18:20:40.299252871 +0200 |
185 +++ android-openssl/ssl/ssl_lib.c» 2013-10-18 16:42:58.772982447 +0200 | 232 +++ android-openssl/ssl/ssl_lib.c» 2013-10-22 18:22:42.090337290 +0200 |
186 @@ -2561,6 +2561,10 @@ | 233 @@ -2561,6 +2561,10 @@ |
187 { | 234 { |
188 return(SSL_ERROR_WANT_X509_LOOKUP); | 235 return(SSL_ERROR_WANT_X509_LOOKUP); |
189 } | 236 } |
190 + if ((i < 0) && SSL_want_channel_id_lookup(s)) | 237 + if ((i < 0) && SSL_want_channel_id_lookup(s)) |
191 + { | 238 + { |
192 + return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP); | 239 + return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP); |
193 + } | 240 + } |
194 | 241 |
195 if (i == 0) | 242 if (i == 0) |
196 { | 243 { |
| 244 diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl/ssl/ssl_sess.c |
| 245 --- android-openssl.orig/ssl/ssl_sess.c 2013-10-22 18:20:40.289252781 +0200 |
| 246 +++ android-openssl/ssl/ssl_sess.c 2013-10-22 18:22:42.090337290 +0200 |
| 247 @@ -1132,6 +1132,17 @@ |
| 248 return ctx->client_cert_cb; |
| 249 } |
| 250 |
| 251 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, |
| 252 + void (*cb)(SSL *ssl, EVP_PKEY **pkey)) |
| 253 + { |
| 254 + ctx->channel_id_cb=cb; |
| 255 + } |
| 256 + |
| 257 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey) |
| 258 + { |
| 259 + return ctx->channel_id_cb; |
| 260 + } |
| 261 + |
| 262 #ifndef OPENSSL_NO_ENGINE |
| 263 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) |
| 264 { |
OLD | NEW |