Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1459)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: patches.chromium/channelid.patch

Issue 35493002: Update Channel ID API to use a callback. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/openssl.git@master
Patch Set: Fix key ownsership Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « openssl/ssl/ssl_sess.c ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio. h 1 diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio. h
2 --- android-openssl.orig/crypto/bio/bio.h» 2013-10-18 16:41:41.052291400 +0 200 2 --- android-openssl.orig/crypto/bio/bio.h» 2013-02-11 16:26:04.000000000 +0 100
3 +++ android-openssl/crypto/bio/bio.h» 2013-10-18 16:42:58.772982447 +0200 3 +++ android-openssl/crypto/bio/bio.h» 2013-10-22 18:22:42.080337200 +0200
4 @@ -266,6 +266,8 @@ 4 @@ -266,6 +266,9 @@
5 #define BIO_RR_CONNECT 0x02 5 #define BIO_RR_CONNECT 0x02
6 /* Returned from the accept BIO when an accept would have blocked */ 6 /* Returned from the accept BIO when an accept would have blocked */
7 #define BIO_RR_ACCEPT 0x03 7 #define BIO_RR_ACCEPT 0x03
8 +/* Returned from the SSL bio when the channel id retrieval code cannot find the 8 +/* Returned from the SSL bio when the channel id retrieval code cannot find the
9 + * private key. */ 9 + * private key. */
10 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 10 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04
11 11
12 /* These are passed by the BIO callback */ 12 /* These are passed by the BIO callback */
13 #define BIO_CB_FREE 0x01 13 #define BIO_CB_FREE 0x01
14 diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/op enssl/bio.h 14 diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/op enssl/bio.h
15 --- android-openssl.orig/include/openssl/bio.h» 2013-10-18 16:41:41.162292378 +0 200 15 --- android-openssl.orig/include/openssl/bio.h» 2013-10-22 18:20:42.249270230 +0 200
16 +++ android-openssl/include/openssl/bio.h» 2013-10-18 16:42:58.772982447 +0 200 16 +++ android-openssl/include/openssl/bio.h» 2013-10-22 18:22:42.080337200 +0 200
17 @@ -266,6 +266,9 @@ 17 @@ -266,6 +266,9 @@
18 #define BIO_RR_CONNECT 0x02 18 #define BIO_RR_CONNECT 0x02
19 /* Returned from the accept BIO when an accept would have blocked */ 19 /* Returned from the accept BIO when an accept would have blocked */
20 #define BIO_RR_ACCEPT 0x03 20 #define BIO_RR_ACCEPT 0x03
21 +/* Returned from the SSL bio when the channel id retrieval code cannot find the 21 +/* Returned from the SSL bio when the channel id retrieval code cannot find the
22 + * private key. */ 22 + * private key. */
23 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 23 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04
24 24
25 /* These are passed by the BIO callback */ 25 /* These are passed by the BIO callback */
26 #define BIO_CB_FREE 0x01 26 #define BIO_CB_FREE 0x01
27 diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/op enssl/ssl.h 27 diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/op enssl/ssl.h
28 --- android-openssl.orig/include/openssl/ssl.h» 2013-10-18 16:41:41.252293178 +0 200 28 --- android-openssl.orig/include/openssl/ssl.h» 2013-10-22 18:20:42.259270320 +0 200
29 +++ android-openssl/include/openssl/ssl.h» 2013-10-18 16:42:58.772982447 +0 200 29 +++ android-openssl/include/openssl/ssl.h» 2013-10-22 18:24:14.771162612 +0 200
30 @@ -1104,12 +1104,14 @@ 30 @@ -848,6 +848,9 @@
31 » /* get client cert callback */
32 » int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
33
34 +» /* get channel id callback */
35 +» void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
36 +
37 /* cookie generate callback */
38 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
39 unsigned int *cookie_len);
40 @@ -1043,6 +1046,8 @@
41 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val );
42 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X 509 **x509, EVP_PKEY **pkey));
43 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
44 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EV P_PKEY **pkey));
45 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
46 #ifndef OPENSSL_NO_ENGINE
47 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
48 #endif
49 @@ -1104,12 +1109,14 @@
31 #define SSL_WRITING 2 50 #define SSL_WRITING 2
32 #define SSL_READING 3 51 #define SSL_READING 3
33 #define SSL_X509_LOOKUP 4 52 #define SSL_X509_LOOKUP 4
34 +#define SSL_CHANNEL_ID_LOOKUP 5 53 +#define SSL_CHANNEL_ID_LOOKUP 5
35 54
36 /* These will only be used when doing non-blocking IO */ 55 /* These will only be used when doing non-blocking IO */
37 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) 56 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
38 #define SSL_want_read(s) (SSL_want(s) == SSL_READING) 57 #define SSL_want_read(s) (SSL_want(s) == SSL_READING)
39 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 58 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
40 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 59 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
41 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) 60 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
42 61
43 #define SSL_MAC_FLAG_READ_MAC_STREAM 1 62 #define SSL_MAC_FLAG_READ_MAC_STREAM 1
44 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 63 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
45 @@ -1535,6 +1537,7 @@ 64 @@ -1535,6 +1542,7 @@
46 #define SSL_ERROR_ZERO_RETURN 6 65 #define SSL_ERROR_ZERO_RETURN 6
47 #define SSL_ERROR_WANT_CONNECT 7 66 #define SSL_ERROR_WANT_CONNECT 7
48 #define SSL_ERROR_WANT_ACCEPT 8 67 #define SSL_ERROR_WANT_ACCEPT 8
49 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 68 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
50 69
51 #define SSL_CTRL_NEED_TMP_RSA 1 70 #define SSL_CTRL_NEED_TMP_RSA 1
52 #define SSL_CTRL_SET_TMP_RSA 2 71 #define SSL_CTRL_SET_TMP_RSA 2
53 @@ -1672,10 +1675,11 @@ 72 @@ -1672,10 +1680,11 @@
54 #define SSL_set_tmp_ecdh(ssl,ecdh) \ 73 #define SSL_set_tmp_ecdh(ssl,ecdh) \
55 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 74 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
56 75
57 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client 76 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client
58 - * IDs from clients. Returns 1 on success. */ 77 - * IDs from clients. Returns 1 on success. */
59 -#define SSL_enable_tls_channel_id(ctx) \ 78 -#define SSL_enable_tls_channel_id(ctx) \
60 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) 79 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
61 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien t 80 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien t
62 + * IDs from clients, or configure a client to send TLS client IDs to server. 81 + * IDs from clients, or configure a client to send TLS client IDs to server.
63 + * Returns 1 on success. */ 82 + * Returns 1 on success. */
64 +#define SSL_enable_tls_channel_id(s) \ 83 +#define SSL_enable_tls_channel_id(s) \
65 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) 84 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
66 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to 85 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
67 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on 86 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
68 * success. */ 87 * success. */
69 diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c 88 diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c
70 --- android-openssl.orig/ssl/bio_ssl.c» 2013-10-18 16:41:41.172292466 +0200 89 --- android-openssl.orig/ssl/bio_ssl.c» 2013-02-11 16:26:04.000000000 +0100
71 +++ android-openssl/ssl/bio_ssl.c» 2013-10-18 16:42:58.772982447 +0200 90 +++ android-openssl/ssl/bio_ssl.c» 2013-10-22 18:22:42.090337290 +0200
72 @@ -206,6 +206,10 @@ 91 @@ -206,6 +206,10 @@
73 BIO_set_retry_special(b); 92 BIO_set_retry_special(b);
74 retry_reason=BIO_RR_SSL_X509_LOOKUP; 93 retry_reason=BIO_RR_SSL_X509_LOOKUP;
75 break; 94 break;
76 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: 95 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
77 + BIO_set_retry_special(b); 96 + BIO_set_retry_special(b);
78 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; 97 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
79 + break; 98 + break;
80 case SSL_ERROR_WANT_ACCEPT: 99 case SSL_ERROR_WANT_ACCEPT:
81 BIO_set_retry_special(b); 100 BIO_set_retry_special(b);
82 retry_reason=BIO_RR_ACCEPT; 101 retry_reason=BIO_RR_ACCEPT;
83 @@ -280,6 +284,10 @@ 102 @@ -280,6 +284,10 @@
84 BIO_set_retry_special(b); 103 BIO_set_retry_special(b);
85 retry_reason=BIO_RR_SSL_X509_LOOKUP; 104 retry_reason=BIO_RR_SSL_X509_LOOKUP;
86 break; 105 break;
87 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: 106 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
88 + BIO_set_retry_special(b); 107 + BIO_set_retry_special(b);
89 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; 108 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
90 + break; 109 + break;
91 case SSL_ERROR_WANT_CONNECT: 110 case SSL_ERROR_WANT_CONNECT:
92 BIO_set_retry_special(b); 111 BIO_set_retry_special(b);
93 retry_reason=BIO_RR_CONNECT; 112 retry_reason=BIO_RR_CONNECT;
94 diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c 113 diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c
95 --- android-openssl.orig/ssl/s3_clnt.c» 2013-10-18 16:41:41.262293266 +0200 114 --- android-openssl.orig/ssl/s3_clnt.c» 2013-10-22 18:20:40.289252781 +0200
96 +++ android-openssl/ssl/s3_clnt.c» 2013-10-18 16:42:58.772982447 +0200 115 +++ android-openssl/ssl/s3_clnt.c» 2013-10-22 18:22:42.090337290 +0200
97 @@ -3414,6 +3414,13 @@ 116 @@ -3414,6 +3414,22 @@
98 if (s->state != SSL3_ST_CW_CHANNEL_ID_A) 117 if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
99 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); 118 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
100 119
101 + if (s->tlsext_channel_id_private == NULL) 120 +» if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb)
102 + { 121 +» » {
103 + s->rwstate=SSL_CHANNEL_ID_LOOKUP; 122 +» » EVP_PKEY* key = NULL;
104 + return (-1); 123 +» » s->ctx->channel_id_cb(s, &key);
105 + } 124 +» » if (key != NULL)
106 + s->rwstate=SSL_NOTHING; 125 +» » » {
126 +» » » s->tlsext_channel_id_private = key;
127 +» » » }
128 +» » }
129 +» if (!s->tlsext_channel_id_private)
130 +» » {
131 +» » s->rwstate=SSL_CHANNEL_ID_LOOKUP;
132 +» » return (-1);
133 +» » }
134 +» s->rwstate=SSL_NOTHING;
107 + 135 +
108 d = (unsigned char *)s->init_buf->data; 136 d = (unsigned char *)s->init_buf->data;
109 *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; 137 *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
110 l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); 138 l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
111 diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c 139 diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c
112 --- android-openssl.orig/ssl/s3_lib.c» 2013-10-18 16:41:41.262293266 +0200 140 --- android-openssl.orig/ssl/s3_lib.c» 2013-10-22 18:20:40.289252781 +0200
113 +++ android-openssl/ssl/s3_lib.c» 2013-10-18 16:42:58.772982447 +0200 141 +++ android-openssl/ssl/s3_lib.c» 2013-10-22 18:22:42.090337290 +0200
114 @@ -3358,8 +3358,6 @@ 142 @@ -3358,8 +3358,6 @@
115 break; 143 break;
116 #endif 144 #endif
117 case SSL_CTRL_CHANNEL_ID: 145 case SSL_CTRL_CHANNEL_ID:
118 - if (!s->server) 146 - if (!s->server)
119 - break; 147 - break;
120 s->tlsext_channel_id_enabled = 1; 148 s->tlsext_channel_id_enabled = 1;
121 ret = 1; 149 ret = 1;
122 break; 150 break;
123 @@ -3375,7 +3373,7 @@ 151 @@ -3375,7 +3373,7 @@
124 } 152 }
125 if (s->tlsext_channel_id_private) 153 if (s->tlsext_channel_id_private)
126 EVP_PKEY_free(s->tlsext_channel_id_private); 154 EVP_PKEY_free(s->tlsext_channel_id_private);
127 - s->tlsext_channel_id_private = (EVP_PKEY*) parg; 155 - s->tlsext_channel_id_private = (EVP_PKEY*) parg;
128 + s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); 156 + s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
129 ret = 1; 157 ret = 1;
130 break; 158 break;
131 159
132 @@ -3690,7 +3688,7 @@ 160 @@ -3690,7 +3688,7 @@
133 } 161 }
134 if (ctx->tlsext_channel_id_private) 162 if (ctx->tlsext_channel_id_private)
135 EVP_PKEY_free(ctx->tlsext_channel_id_private); 163 EVP_PKEY_free(ctx->tlsext_channel_id_private);
136 - ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; 164 - ctx->tlsext_channel_id_private = (EVP_PKEY*) parg;
137 + ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); 165 + ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
138 break; 166 break;
139 167
140 default: 168 default:
141 diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h 169 diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h
142 --- android-openssl.orig/ssl/ssl.h» 2013-10-18 16:41:41.262293266 +0200 170 --- android-openssl.orig/ssl/ssl.h» 2013-10-22 18:20:40.299252871 +0200
143 +++ android-openssl/ssl/ssl.h» 2013-10-18 16:42:58.772982447 +0200 171 +++ android-openssl/ssl/ssl.h» 2013-10-22 18:24:24.121245879 +0200
144 @@ -1104,12 +1104,14 @@ 172 @@ -848,6 +848,9 @@
173 » /* get client cert callback */
174 » int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
175
176 +» /* get channel id callback */
177 +» void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
178 +
179 /* cookie generate callback */
180 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
181 unsigned int *cookie_len);
182 @@ -1043,6 +1046,8 @@
183 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val );
184 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X 509 **x509, EVP_PKEY **pkey));
185 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
186 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EV P_PKEY **pkey));
187 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
188 #ifndef OPENSSL_NO_ENGINE
189 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
190 #endif
191 @@ -1104,12 +1109,14 @@
145 #define SSL_WRITING 2 192 #define SSL_WRITING 2
146 #define SSL_READING 3 193 #define SSL_READING 3
147 #define SSL_X509_LOOKUP 4 194 #define SSL_X509_LOOKUP 4
148 +#define SSL_CHANNEL_ID_LOOKUP 5 195 +#define SSL_CHANNEL_ID_LOOKUP 5
149 196
150 /* These will only be used when doing non-blocking IO */ 197 /* These will only be used when doing non-blocking IO */
151 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) 198 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
152 #define SSL_want_read(s) (SSL_want(s) == SSL_READING) 199 #define SSL_want_read(s) (SSL_want(s) == SSL_READING)
153 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) 200 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
154 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) 201 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
155 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) 202 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
156 203
157 #define SSL_MAC_FLAG_READ_MAC_STREAM 1 204 #define SSL_MAC_FLAG_READ_MAC_STREAM 1
158 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 205 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
159 @@ -1535,6 +1537,7 @@ 206 @@ -1535,6 +1542,7 @@
160 #define SSL_ERROR_ZERO_RETURN 6 207 #define SSL_ERROR_ZERO_RETURN 6
161 #define SSL_ERROR_WANT_CONNECT 7 208 #define SSL_ERROR_WANT_CONNECT 7
162 #define SSL_ERROR_WANT_ACCEPT 8 209 #define SSL_ERROR_WANT_ACCEPT 8
163 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 210 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
164 211
165 #define SSL_CTRL_NEED_TMP_RSA 1 212 #define SSL_CTRL_NEED_TMP_RSA 1
166 #define SSL_CTRL_SET_TMP_RSA 2 213 #define SSL_CTRL_SET_TMP_RSA 2
167 @@ -1672,10 +1675,11 @@ 214 @@ -1672,10 +1680,11 @@
168 #define SSL_set_tmp_ecdh(ssl,ecdh) \ 215 #define SSL_set_tmp_ecdh(ssl,ecdh) \
169 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) 216 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
170 217
171 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client 218 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client
172 - * IDs from clients. Returns 1 on success. */ 219 - * IDs from clients. Returns 1 on success. */
173 -#define SSL_enable_tls_channel_id(ctx) \ 220 -#define SSL_enable_tls_channel_id(ctx) \
174 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) 221 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
175 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien t 222 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien t
176 + * IDs from clients, or configure a client to send TLS client IDs to server. 223 + * IDs from clients, or configure a client to send TLS client IDs to server.
177 + * Returns 1 on success. */ 224 + * Returns 1 on success. */
178 +#define SSL_enable_tls_channel_id(s) \ 225 +#define SSL_enable_tls_channel_id(s) \
179 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) 226 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
180 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to 227 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
181 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on 228 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
182 * success. */ 229 * success. */
183 diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c 230 diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c
184 --- android-openssl.orig/ssl/ssl_lib.c» 2013-10-18 16:41:41.262293266 +0200 231 --- android-openssl.orig/ssl/ssl_lib.c» 2013-10-22 18:20:40.299252871 +0200
185 +++ android-openssl/ssl/ssl_lib.c» 2013-10-18 16:42:58.772982447 +0200 232 +++ android-openssl/ssl/ssl_lib.c» 2013-10-22 18:22:42.090337290 +0200
186 @@ -2561,6 +2561,10 @@ 233 @@ -2561,6 +2561,10 @@
187 { 234 {
188 return(SSL_ERROR_WANT_X509_LOOKUP); 235 return(SSL_ERROR_WANT_X509_LOOKUP);
189 } 236 }
190 + if ((i < 0) && SSL_want_channel_id_lookup(s)) 237 + if ((i < 0) && SSL_want_channel_id_lookup(s))
191 + { 238 + {
192 + return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP); 239 + return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP);
193 + } 240 + }
194 241
195 if (i == 0) 242 if (i == 0)
196 { 243 {
244 diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl/ssl/ssl_sess.c
245 --- android-openssl.orig/ssl/ssl_sess.c 2013-10-22 18:20:40.289252781 +0200
246 +++ android-openssl/ssl/ssl_sess.c 2013-10-22 18:22:42.090337290 +0200
247 @@ -1132,6 +1132,17 @@
248 return ctx->client_cert_cb;
249 }
250
251 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,
252 + void (*cb)(SSL *ssl, EVP_PKEY **pkey))
253 + {
254 + ctx->channel_id_cb=cb;
255 + }
256 +
257 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey)
258 + {
259 + return ctx->channel_id_cb;
260 + }
261 +
262 #ifndef OPENSSL_NO_ENGINE
263 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
264 {
OLDNEW
« no previous file with comments | « openssl/ssl/ssl_sess.c ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698