Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / 98d58bb80c64b02a33662f0ea80351d4a1535267^! / . / ssl / s3_clnt.c
commit98d58bb80c64b02a33662f0ea80351d4a1535267[log] [tgz]
authorBrian Carlstrom <bdc@google.com>Tue Mar 09 09:56:55 2010 -0800
committerBrian Carlstrom <bdc@google.com>Tue Mar 09 09:56:55 2010 -0800
tree888bb3c433b6adb3778f6c3539e67ba6e6fc2639
parent1ddd788de7dc2f73716b032bdaeb988dccd95ab5 [diff] [blame]
Summary: upgrading to openssl-0.9.8m and adding new testssl.sh

Testing Summary:
- Passed new android.testssl/testssl.sh
- General testing with BrowserActivity based program

Details:

Expanded detail in README.android about how to build and test openssl
upgrades based on my first experience.

	modified:   README.android

    Significant rework of import_openssl.sh script that does most of
    the work of the upgrade. Most of the existing code became the main
    and import functions. The newly regenerate code helps regenerate
    patch files, building on the fact that import now keeps and
    original unmodified read-only source tree for use for patch
    generation. Patch generation relies on additions to openssl.config
    for defining which patches include which files. Note that
    sometimes a file may be patched multiple times, in that case
    manual review is still necessary to prune the patch after
    auto-regeneration. Other enhancements to import_openssl.sh include
    generating android.testssl and printing Makefile defines for
    android-config.mk review.

	modified:   import_openssl.sh

Test support files for openssl/

   Add support for building /system/bin/ssltest as test executible for
   use by testssl script. Need confirmation that this is the right way
   to define such a test binary.

	modified:   patches/ssl_Android.mk

    Driver script that generates user and CA keys and certs on the
    device with /system/bin/openssl before running testssl. Based on
    openssl/test/testss for generation and openssl/test/Makefile
    test_ssl for test execution.

	new file:   patches/testssl.sh

  Note all following android.testssl files are automatically
  imported from openssl, although possible with modifications by
  import_openssl.sh

    testssl script imported from openssl/test that does the bulk of
    the testing. Includes new tests patched in for our additions.

	new file:   android.testssl/testssl

    CA and user certificate configuration files from openssl.
    Automatically imported from openssl/test/

 	new file:   android.testssl/CAss.cnf
	new file:   android.testssl/Uss.cnf

    certificate and key test file imported from openssl/apps

	new file:   android.testssl/server2.pem

Actual 0.9.8m upgrade specific bits

    Trying to bring ngm's small records support into 0.9.8m. Needs
    signoff by ngm although it does pass testing.

	modified:   patches/small_records.patch

    Update openssl.config for 0.9.8m. Expanded lists of undeeded
    directories and files for easier update and review, adding new
    excludes. Also added new definitions to support "import_openssl.sh
    regenerate" for patch updating.

	modified:   openssl.config

    Updated OPENSSL_VERSION to 0.9.8m

	modified:   openssl.version

    Automatically imported/patched files. Seems like it could be
    further pruned in by openssl.config UNNEEDED_SOURCES, but extra
    stuff doesn't end up impacting device.

	modified:   apps/...
	modified:   crypto/...
	modified:   include/...
	modified:   ssl/...

Other Android build stuff.

   Note for these patches/... is source, .../Android.mk is derived.

    Split LOCAL_CFLAGS additions into lines based on openssl/Makefile
    source for easier comparison when upgrading. I knowingly left the
    lines long and unwrapped for easy vdiff with openssl/Makefile

	modified:   android-config.mk

    Removed local -DOPENSSL_NO_ECDH already in android-config.mk.

	modified:   patches/apps_Android.mk

    Sync up with changes that had crept into derived crypto/Android.mk

	modified:   patches/crypto_Android.mk

Change-Id: I73204c56cdaccfc45d03a9c8088a6a93003d7ce6

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 95f7c12..5893064 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -144,9 +144,6 @@
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-#ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s);
-#endif
 
 #ifndef OPENSSL_NO_ECDH
 static int curve_id2nid(int curve_id);
@@ -170,7 +167,6 @@
 	{
 	BUF_MEM *buf=NULL;
 	unsigned long Time=(unsigned long)time(NULL),l;
-	long num1;
 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state,skip=0;
@@ -521,16 +517,13 @@
 			break;
 
 		case SSL3_ST_CW_FLUSH:
-			/* number of bytes to be flushed */
-			num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-			if (num1 > 0)
+			s->rwstate=SSL_WRITING;
+			if (BIO_flush(s->wbio) <= 0)
 				{
-				s->rwstate=SSL_WRITING;
-				num1=BIO_flush(s->wbio);
-				if (num1 <= 0) { ret= -1; goto end; }
-				s->rwstate=SSL_NOTHING;
+				ret= -1;
+				goto end;
 				}
-
+			s->rwstate=SSL_NOTHING;
 			s->state=s->s3->tmp.next_state;
 			break;
 
@@ -634,9 +627,15 @@
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
 		{
-		if ((s->session == NULL) ||
-			(s->session->ssl_version != s->version) ||
-			(s->session->not_resumable))
+		SSL_SESSION *sess = s->session;
+		if ((sess == NULL) ||
+			(sess->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+			!sess->session_id_length ||
+#else
+			(!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
+			(sess->not_resumable))
 			{
 			if (!ssl_get_new_session(s,0))
 				goto err;
@@ -748,7 +747,7 @@
 
 	if (!ok) return((int)n);
 
-	if ( SSL_version(s) == DTLS1_VERSION)
+	if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
 		{
 		if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
 			{
@@ -895,7 +894,7 @@
 #endif
 #ifndef OPENSSL_NO_TLSEXT
 	/* TLS extensions*/
-	if (s->version > SSL3_VERSION)
+	if (s->version >= SSL3_VERSION)
 		{
 		if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
 			{
@@ -1755,6 +1754,7 @@
 		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
 		goto f_err;
 		}
+
 	p=d=(unsigned char *)s->init_msg;
 	n2l(p, s->session->tlsext_tick_lifetime_hint);
 	n2s(p, ticklen);
@@ -1778,7 +1778,28 @@
 		}
 	memcpy(s->session->tlsext_tick, p, ticklen);
 	s->session->tlsext_ticklen = ticklen;
-	
+	/* There are two ways to detect a resumed ticket sesion.
+	 * One is to set an appropriate session ID and then the server
+	 * must return a match in ServerHello. This allows the normal
+	 * client session ID matching to work and we know much 
+	 * earlier that the ticket has been accepted.
+	 * 
+	 * The other way is to set zero length session ID when the
+	 * ticket is presented and rely on the handshake to determine
+	 * session resumption.
+	 *
+	 * We choose the former approach because this fits in with
+	 * assumptions elsewhere in OpenSSL. The session ID is set
+	 * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
+	 * ticket.
+	 */ 
+	EVP_Digest(p, ticklen,
+			s->session->session_id, &s->session->session_id_length,
+#ifndef OPENSSL_NO_SHA256
+							EVP_sha256(), NULL);
+#else
+							EVP_sha1(), NULL);
+#endif
 	ret=1;
 	return(ret);
 f_err:
@@ -2737,7 +2758,7 @@
  */
 
 #ifndef OPENSSL_NO_TLSEXT
-static int ssl3_check_finished(SSL *s)
+int ssl3_check_finished(SSL *s)
 	{
 	int ok;
 	long n;