| OLD | NEW |
|---|
| (Empty) | |
| 1 diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio.
h |
| 2 --- android-openssl.orig/crypto/bio/bio.h 2013-02-11 16:26:04.000000000 +0
100 |
| 3 +++ android-openssl/crypto/bio/bio.h 2013-10-22 18:22:42.080337200 +0200 |
| 4 @@ -266,6 +266,9 @@ |
| 5 #define BIO_RR_CONNECT 0x02 |
| 6 /* Returned from the accept BIO when an accept would have blocked */ |
| 7 #define BIO_RR_ACCEPT 0x03 |
| 8 +/* Returned from the SSL bio when the channel id retrieval code cannot find the |
| 9 + * private key. */ |
| 10 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 |
| 11 |
| 12 /* These are passed by the BIO callback */ |
| 13 #define BIO_CB_FREE 0x01 |
| 14 diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/op
enssl/bio.h |
| 15 --- android-openssl.orig/include/openssl/bio.h 2013-10-22 18:20:42.249270230 +0
200 |
| 16 +++ android-openssl/include/openssl/bio.h 2013-10-22 18:22:42.080337200 +0
200 |
| 17 @@ -266,6 +266,9 @@ |
| 18 #define BIO_RR_CONNECT 0x02 |
| 19 /* Returned from the accept BIO when an accept would have blocked */ |
| 20 #define BIO_RR_ACCEPT 0x03 |
| 21 +/* Returned from the SSL bio when the channel id retrieval code cannot find the |
| 22 + * private key. */ |
| 23 +#define BIO_RR_SSL_CHANNEL_ID_LOOKUP 0x04 |
| 24 |
| 25 /* These are passed by the BIO callback */ |
| 26 #define BIO_CB_FREE 0x01 |
| 27 diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/op
enssl/ssl.h |
| 28 --- android-openssl.orig/include/openssl/ssl.h 2013-10-22 18:20:42.259270320 +0
200 |
| 29 +++ android-openssl/include/openssl/ssl.h 2013-10-22 18:24:14.771162612 +0
200 |
| 30 @@ -848,6 +848,9 @@ |
| 31 /* get client cert callback */ |
| 32 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 33 |
| 34 + /* get channel id callback */ |
| 35 + void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); |
| 36 + |
| 37 /* cookie generate callback */ |
| 38 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, |
| 39 unsigned int *cookie_len); |
| 40 @@ -1043,6 +1046,8 @@ |
| 41 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val
); |
| 42 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X
509 **x509, EVP_PKEY **pkey)); |
| 43 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY
**pkey); |
| 44 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EV
P_PKEY **pkey)); |
| 45 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); |
| 46 #ifndef OPENSSL_NO_ENGINE |
| 47 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); |
| 48 #endif |
| 49 @@ -1104,12 +1109,14 @@ |
| 50 #define SSL_WRITING 2 |
| 51 #define SSL_READING 3 |
| 52 #define SSL_X509_LOOKUP 4 |
| 53 +#define SSL_CHANNEL_ID_LOOKUP 5 |
| 54 |
| 55 /* These will only be used when doing non-blocking IO */ |
| 56 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) |
| 57 #define SSL_want_read(s) (SSL_want(s) == SSL_READING) |
| 58 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) |
| 59 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) |
| 60 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) |
| 61 |
| 62 #define SSL_MAC_FLAG_READ_MAC_STREAM 1 |
| 63 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 |
| 64 @@ -1535,6 +1542,7 @@ |
| 65 #define SSL_ERROR_ZERO_RETURN 6 |
| 66 #define SSL_ERROR_WANT_CONNECT 7 |
| 67 #define SSL_ERROR_WANT_ACCEPT 8 |
| 68 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 |
| 69 |
| 70 #define SSL_CTRL_NEED_TMP_RSA 1 |
| 71 #define SSL_CTRL_SET_TMP_RSA 2 |
| 72 @@ -1672,10 +1680,11 @@ |
| 73 #define SSL_set_tmp_ecdh(ssl,ecdh) \ |
| 74 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
| 75 |
| 76 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client |
| 77 - * IDs from clients. Returns 1 on success. */ |
| 78 -#define SSL_enable_tls_channel_id(ctx) \ |
| 79 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 80 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien
t |
| 81 + * IDs from clients, or configure a client to send TLS client IDs to server. |
| 82 + * Returns 1 on success. */ |
| 83 +#define SSL_enable_tls_channel_id(s) \ |
| 84 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 85 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to |
| 86 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on |
| 87 * success. */ |
| 88 diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c |
| 89 --- android-openssl.orig/ssl/bio_ssl.c 2013-02-11 16:26:04.000000000 +0100 |
| 90 +++ android-openssl/ssl/bio_ssl.c 2013-10-22 18:22:42.090337290 +0200 |
| 91 @@ -206,6 +206,10 @@ |
| 92 BIO_set_retry_special(b); |
| 93 retry_reason=BIO_RR_SSL_X509_LOOKUP; |
| 94 break; |
| 95 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: |
| 96 + BIO_set_retry_special(b); |
| 97 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; |
| 98 + break; |
| 99 case SSL_ERROR_WANT_ACCEPT: |
| 100 BIO_set_retry_special(b); |
| 101 retry_reason=BIO_RR_ACCEPT; |
| 102 @@ -280,6 +284,10 @@ |
| 103 BIO_set_retry_special(b); |
| 104 retry_reason=BIO_RR_SSL_X509_LOOKUP; |
| 105 break; |
| 106 + case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: |
| 107 + BIO_set_retry_special(b); |
| 108 + retry_reason=BIO_RR_SSL_CHANNEL_ID_LOOKUP; |
| 109 + break; |
| 110 case SSL_ERROR_WANT_CONNECT: |
| 111 BIO_set_retry_special(b); |
| 112 retry_reason=BIO_RR_CONNECT; |
| 113 diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c |
| 114 --- android-openssl.orig/ssl/s3_clnt.c 2013-10-22 18:20:40.289252781 +0200 |
| 115 +++ android-openssl/ssl/s3_clnt.c 2013-10-22 18:22:42.090337290 +0200 |
| 116 @@ -3414,6 +3414,22 @@ |
| 117 if (s->state != SSL3_ST_CW_CHANNEL_ID_A) |
| 118 return ssl3_do_write(s, SSL3_RT_HANDSHAKE); |
| 119 |
| 120 + if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb) |
| 121 + { |
| 122 + EVP_PKEY *key = NULL; |
| 123 + s->ctx->channel_id_cb(s, &key); |
| 124 + if (key != NULL) |
| 125 + { |
| 126 + s->tlsext_channel_id_private = key; |
| 127 + } |
| 128 + } |
| 129 + if (!s->tlsext_channel_id_private) |
| 130 + { |
| 131 + s->rwstate=SSL_CHANNEL_ID_LOOKUP; |
| 132 + return (-1); |
| 133 + } |
| 134 + s->rwstate=SSL_NOTHING; |
| 135 + |
| 136 d = (unsigned char *)s->init_buf->data; |
| 137 *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; |
| 138 l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); |
| 139 diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c |
| 140 --- android-openssl.orig/ssl/s3_lib.c 2013-10-22 18:20:40.289252781 +0200 |
| 141 +++ android-openssl/ssl/s3_lib.c 2013-10-22 18:22:42.090337290 +0200 |
| 142 @@ -3358,8 +3358,6 @@ |
| 143 break; |
| 144 #endif |
| 145 case SSL_CTRL_CHANNEL_ID: |
| 146 - if (!s->server) |
| 147 - break; |
| 148 s->tlsext_channel_id_enabled = 1; |
| 149 ret = 1; |
| 150 break; |
| 151 @@ -3375,7 +3373,7 @@ |
| 152 } |
| 153 if (s->tlsext_channel_id_private) |
| 154 EVP_PKEY_free(s->tlsext_channel_id_private); |
| 155 - s->tlsext_channel_id_private = (EVP_PKEY*) parg; |
| 156 + s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); |
| 157 ret = 1; |
| 158 break; |
| 159 |
| 160 @@ -3690,7 +3688,7 @@ |
| 161 } |
| 162 if (ctx->tlsext_channel_id_private) |
| 163 EVP_PKEY_free(ctx->tlsext_channel_id_private); |
| 164 - ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; |
| 165 + ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg); |
| 166 break; |
| 167 |
| 168 default: |
| 169 diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h |
| 170 --- android-openssl.orig/ssl/ssl.h 2013-10-22 18:20:40.299252871 +0200 |
| 171 +++ android-openssl/ssl/ssl.h 2013-10-22 18:24:24.121245879 +0200 |
| 172 @@ -848,6 +848,9 @@ |
| 173 /* get client cert callback */ |
| 174 int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 175 |
| 176 + /* get channel id callback */ |
| 177 + void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey); |
| 178 + |
| 179 /* cookie generate callback */ |
| 180 int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, |
| 181 unsigned int *cookie_len); |
| 182 @@ -1043,6 +1046,8 @@ |
| 183 void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val
); |
| 184 void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X
509 **x509, EVP_PKEY **pkey)); |
| 185 int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY
**pkey); |
| 186 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EV
P_PKEY **pkey)); |
| 187 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey); |
| 188 #ifndef OPENSSL_NO_ENGINE |
| 189 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); |
| 190 #endif |
| 191 @@ -1104,12 +1109,14 @@ |
| 192 #define SSL_WRITING 2 |
| 193 #define SSL_READING 3 |
| 194 #define SSL_X509_LOOKUP 4 |
| 195 +#define SSL_CHANNEL_ID_LOOKUP 5 |
| 196 |
| 197 /* These will only be used when doing non-blocking IO */ |
| 198 #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) |
| 199 #define SSL_want_read(s) (SSL_want(s) == SSL_READING) |
| 200 #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) |
| 201 #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) |
| 202 +#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP) |
| 203 |
| 204 #define SSL_MAC_FLAG_READ_MAC_STREAM 1 |
| 205 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 |
| 206 @@ -1535,6 +1542,7 @@ |
| 207 #define SSL_ERROR_ZERO_RETURN 6 |
| 208 #define SSL_ERROR_WANT_CONNECT 7 |
| 209 #define SSL_ERROR_WANT_ACCEPT 8 |
| 210 +#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9 |
| 211 |
| 212 #define SSL_CTRL_NEED_TMP_RSA 1 |
| 213 #define SSL_CTRL_SET_TMP_RSA 2 |
| 214 @@ -1672,10 +1680,11 @@ |
| 215 #define SSL_set_tmp_ecdh(ssl,ecdh) \ |
| 216 SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
| 217 |
| 218 -/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client |
| 219 - * IDs from clients. Returns 1 on success. */ |
| 220 -#define SSL_enable_tls_channel_id(ctx) \ |
| 221 - SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 222 +/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS clien
t |
| 223 + * IDs from clients, or configure a client to send TLS client IDs to server. |
| 224 + * Returns 1 on success. */ |
| 225 +#define SSL_enable_tls_channel_id(s) \ |
| 226 + SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 227 /* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to |
| 228 * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on |
| 229 * success. */ |
| 230 diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c |
| 231 --- android-openssl.orig/ssl/ssl_lib.c 2013-10-22 18:20:40.299252871 +0200 |
| 232 +++ android-openssl/ssl/ssl_lib.c 2013-10-22 18:22:42.090337290 +0200 |
| 233 @@ -2561,6 +2561,10 @@ |
| 234 { |
| 235 return(SSL_ERROR_WANT_X509_LOOKUP); |
| 236 } |
| 237 + if ((i < 0) && SSL_want_channel_id_lookup(s)) |
| 238 + { |
| 239 + return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP); |
| 240 + } |
| 241 |
| 242 if (i == 0) |
| 243 { |
| 244 diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl/ssl/ssl_sess.c |
| 245 --- android-openssl.orig/ssl/ssl_sess.c 2013-10-22 18:20:40.289252781 +0200 |
| 246 +++ android-openssl/ssl/ssl_sess.c 2013-10-22 18:22:42.090337290 +0200 |
| 247 @@ -1132,6 +1132,17 @@ |
| 248 return ctx->client_cert_cb; |
| 249 } |
| 250 |
| 251 +void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, |
| 252 + void (*cb)(SSL *ssl, EVP_PKEY **pkey)) |
| 253 + { |
| 254 + ctx->channel_id_cb=cb; |
| 255 + } |
| 256 + |
| 257 +void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey) |
| 258 + { |
| 259 + return ctx->channel_id_cb; |
| 260 + } |
| 261 + |
| 262 #ifndef OPENSSL_NO_ENGINE |
| 263 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e) |
| 264 { |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 59083010:
third_party/openssl: add ChaCha20+Poly1305 support.
Base URL: https://chromium.googlesource.com/chromium/deps/openssl.git@master