Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(175)

Side by Side Diff: openssl/patches/channelidchromium.patch

Issue 59083010: third_party/openssl: add ChaCha20+Poly1305 support. Base URL: https://chromium.googlesource.com/chromium/deps/openssl.git@master
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « openssl/patches/chacha20poly1305.patch ('k') | openssl/patches/fix_lhash_iteration.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio. h
2 --- android-openssl.orig/crypto/bio/bio.h 2013-02-11 16:26:04.000000000 +0 100
3 +++ android-openssl/crypto/bio/bio.h 2013-10-22 18:22:42.080337200 +0200
4 @@ -266,6 +266,9 @@
5 #define BIO_RR_CONNECT 0x02
6 /* Returned from the accept BIO when an accept would have blocked */
7 #define BIO_RR_ACCEPT 0x03
8 +/* Returned from the SSL bio when the channel id retrieval code cannot find the
9 + * private key. */
10 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04
11
12 /* These are passed by the BIO callback */
13 #define BIO_CB_FREE 0x01
14 diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/op enssl/bio.h
15 --- android-openssl.orig/include/openssl/bio.h 2013-10-22 18:20:42.249270230 +0 200
16 +++ android-openssl/include/openssl/bio.h 2013-10-22 18:22:42.080337200 +0 200
17 @@ -266,6 +266,9 @@
18 #define BIO_RR_CONNECT 0x02
19 /* Returned from the accept BIO when an accept would have blocked */
20 #define BIO_RR_ACCEPT 0x03
21 +/* Returned from the SSL bio when the channel id retrieval code cannot find the
22 + * private key. */
23 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04
24
25 /* These are passed by the BIO callback */
26 #define BIO_CB_FREE 0x01
27 diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/op enssl/ssl.h
28 --- android-openssl.orig/include/openssl/ssl.h 2013-10-22 18:20:42.259270320 +0 200
29 +++ android-openssl/include/openssl/ssl.h 2013-10-22 18:24:14.771162612 +0 200
30 @@ -848,6 +848,9 @@
31 /* get client cert callback */
32 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
33
34 + /* get channel id callback */
35 + void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
36 +
37 /* cookie generate callback */
38 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
39 unsigned int *cookie_len);
40 @@ -1043,6 +1046,8 @@
41 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val );
42 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X 509 **x509, EVP_PKEY **pkey));
43 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
44 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EV P_PKEY **pkey));
45 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
46 #ifndef OPENSSL_NO_ENGINE
47 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
48 #endif
49 @@ -1104,12 +1109,14 @@
50 #define SSL_WRITING 2
51 #define SSL_READING 3
52 #define SSL_X509_LOOKUP 4
53 +#define SSL_CHANNEL_ID_LOOKUP 5
54
55 /* These will only be used when doing non-blocking IO */
56 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
57 #define SSL_want_read(s) (SSL_want(s) == SSL_READING)
58 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
59 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
60 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
61
62 #define SSL_MAC_FLAG_READ_MAC_STREAM 1
63 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
64 @@ -1535,6 +1542,7 @@
65 #define SSL_ERROR_ZERO_RETURN 6
66 #define SSL_ERROR_WANT_CONNECT 7
67 #define SSL_ERROR_WANT_ACCEPT 8
68 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
69
70 #define SSL_CTRL_NEED_TMP_RSA 1
71 #define SSL_CTRL_SET_TMP_RSA 2
72 @@ -1672,10 +1680,11 @@
73 #define SSL_set_tmp_ecdh(ssl,ecdh) \
74 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
75
76 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client
77 - * IDs from clients. Returns 1 on success. */
78 -#define SSL_enable_tls_channel_id(ctx) \
79 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
80 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien t
81 + * IDs from clients, or configure a client to send TLS client IDs to server.
82 + * Returns 1 on success. */
83 +#define SSL_enable_tls_channel_id(s) \
84 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
85 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
86 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
87 * success. */
88 diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c
89 --- android-openssl.orig/ssl/bio_ssl.c 2013-02-11 16:26:04.000000000 +0100
90 +++ android-openssl/ssl/bio_ssl.c 2013-10-22 18:22:42.090337290 +0200
91 @@ -206,6 +206,10 @@
92 BIO_set_retry_special(b);
93 retry_reason=BIO_RR_SSL_X509_LOOKUP;
94 break;
95 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
96 + BIO_set_retry_special(b);
97 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
98 + break;
99 case SSL_ERROR_WANT_ACCEPT:
100 BIO_set_retry_special(b);
101 retry_reason=BIO_RR_ACCEPT;
102 @@ -280,6 +284,10 @@
103 BIO_set_retry_special(b);
104 retry_reason=BIO_RR_SSL_X509_LOOKUP;
105 break;
106 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP:
107 + BIO_set_retry_special(b);
108 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP;
109 + break;
110 case SSL_ERROR_WANT_CONNECT:
111 BIO_set_retry_special(b);
112 retry_reason=BIO_RR_CONNECT;
113 diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c
114 --- android-openssl.orig/ssl/s3_clnt.c 2013-10-22 18:20:40.289252781 +0200
115 +++ android-openssl/ssl/s3_clnt.c 2013-10-22 18:22:42.090337290 +0200
116 @@ -3414,6 +3414,22 @@
117 if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
118 return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
119
120 + if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb)
121 + {
122 + EVP_PKEY *key = NULL;
123 + s->ctx->channel_id_cb(s, &key);
124 + if (key != NULL)
125 + {
126 + s->tlsext_channel_id_private = key;
127 + }
128 + }
129 + if (!s->tlsext_channel_id_private)
130 + {
131 + s->rwstate=SSL_CHANNEL_ID_LOOKUP;
132 + return (-1);
133 + }
134 + s->rwstate=SSL_NOTHING;
135 +
136 d = (unsigned char *)s->init_buf->data;
137 *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
138 l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
139 diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c
140 --- android-openssl.orig/ssl/s3_lib.c 2013-10-22 18:20:40.289252781 +0200
141 +++ android-openssl/ssl/s3_lib.c 2013-10-22 18:22:42.090337290 +0200
142 @@ -3358,8 +3358,6 @@
143 break;
144 #endif
145 case SSL_CTRL_CHANNEL_ID:
146 - if (!s->server)
147 - break;
148 s->tlsext_channel_id_enabled = 1;
149 ret = 1;
150 break;
151 @@ -3375,7 +3373,7 @@
152 }
153 if (s->tlsext_channel_id_private)
154 EVP_PKEY_free(s->tlsext_channel_id_private);
155 - s->tlsext_channel_id_private = (EVP_PKEY*) parg;
156 + s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
157 ret = 1;
158 break;
159
160 @@ -3690,7 +3688,7 @@
161 }
162 if (ctx->tlsext_channel_id_private)
163 EVP_PKEY_free(ctx->tlsext_channel_id_private);
164 - ctx->tlsext_channel_id_private = (EVP_PKEY*) parg;
165 + ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
166 break;
167
168 default:
169 diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h
170 --- android-openssl.orig/ssl/ssl.h 2013-10-22 18:20:40.299252871 +0200
171 +++ android-openssl/ssl/ssl.h 2013-10-22 18:24:24.121245879 +0200
172 @@ -848,6 +848,9 @@
173 /* get client cert callback */
174 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
175
176 + /* get channel id callback */
177 + void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
178 +
179 /* cookie generate callback */
180 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
181 unsigned int *cookie_len);
182 @@ -1043,6 +1046,8 @@
183 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val );
184 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X 509 **x509, EVP_PKEY **pkey));
185 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
186 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EV P_PKEY **pkey));
187 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
188 #ifndef OPENSSL_NO_ENGINE
189 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
190 #endif
191 @@ -1104,12 +1109,14 @@
192 #define SSL_WRITING 2
193 #define SSL_READING 3
194 #define SSL_X509_LOOKUP 4
195 +#define SSL_CHANNEL_ID_LOOKUP 5
196
197 /* These will only be used when doing non-blocking IO */
198 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
199 #define SSL_want_read(s) (SSL_want(s) == SSL_READING)
200 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
201 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
202 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
203
204 #define SSL_MAC_FLAG_READ_MAC_STREAM 1
205 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
206 @@ -1535,6 +1542,7 @@
207 #define SSL_ERROR_ZERO_RETURN 6
208 #define SSL_ERROR_WANT_CONNECT 7
209 #define SSL_ERROR_WANT_ACCEPT 8
210 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
211
212 #define SSL_CTRL_NEED_TMP_RSA 1
213 #define SSL_CTRL_SET_TMP_RSA 2
214 @@ -1672,10 +1680,11 @@
215 #define SSL_set_tmp_ecdh(ssl,ecdh) \
216 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
217
218 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client
219 - * IDs from clients. Returns 1 on success. */
220 -#define SSL_enable_tls_channel_id(ctx) \
221 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
222 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien t
223 + * IDs from clients, or configure a client to send TLS client IDs to server.
224 + * Returns 1 on success. */
225 +#define SSL_enable_tls_channel_id(s) \
226 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
227 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
228 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
229 * success. */
230 diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c
231 --- android-openssl.orig/ssl/ssl_lib.c 2013-10-22 18:20:40.299252871 +0200
232 +++ android-openssl/ssl/ssl_lib.c 2013-10-22 18:22:42.090337290 +0200
233 @@ -2561,6 +2561,10 @@
234 {
235 return(SSL_ERROR_WANT_X509_LOOKUP);
236 }
237 + if ((i < 0) && SSL_want_channel_id_lookup(s))
238 + {
239 + return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP);
240 + }
241
242 if (i == 0)
243 {
244 diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl/ssl/ssl_sess.c
245 --- android-openssl.orig/ssl/ssl_sess.c 2013-10-22 18:20:40.289252781 +0200
246 +++ android-openssl/ssl/ssl_sess.c 2013-10-22 18:22:42.090337290 +0200
247 @@ -1132,6 +1132,17 @@
248 return ctx->client_cert_cb;
249 }
250
251 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,
252 + void (*cb)(SSL *ssl, EVP_PKEY **pkey))
253 + {
254 + ctx->channel_id_cb=cb;
255 + }
256 +
257 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey)
258 + {
259 + return ctx->channel_id_cb;
260 + }
261 +
262 #ifndef OPENSSL_NO_ENGINE
263 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
264 {
OLDNEW
« no previous file with comments | « openssl/patches/chacha20poly1305.patch ('k') | openssl/patches/fix_lhash_iteration.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698