David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 1 | --- openssl-1.0.1e.orig/crypto/evp/evp.h 2013-03-05 18:49:33.183296743 +0000 |
| 2 | +++ openssl-1.0.1e/crypto/evp/evp.h 2013-03-05 18:49:33.373298798 +0000 |
| 3 | @@ -921,6 +921,7 @@ struct ec_key_st *EVP_PKEY_get1_EC_KEY(E |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 4 | #endif |
| 5 | |
| 6 | EVP_PKEY * EVP_PKEY_new(void); |
| 7 | +EVP_PKEY * EVP_PKEY_dup(EVP_PKEY *pkey); |
| 8 | void EVP_PKEY_free(EVP_PKEY *pkey); |
| 9 | |
| 10 | EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 11 | --- openssl-1.0.1e.orig/crypto/evp/p_lib.c 2013-03-05 18:49:33.183296743 +0000 |
| 12 | +++ openssl-1.0.1e/crypto/evp/p_lib.c 2013-03-05 18:49:33.373298798 +0000 |
| 13 | @@ -200,6 +200,12 @@ EVP_PKEY *EVP_PKEY_new(void) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 14 | return(ret); |
| 15 | } |
| 16 | |
| 17 | +EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) |
| 18 | + { |
| 19 | + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 20 | + return pkey; |
| 21 | + } |
| 22 | + |
| 23 | /* Setup a public key ASN1 method and ENGINE from a NID or a string. |
| 24 | * If pkey is NULL just return 1 or 0 if the algorithm exists. |
| 25 | */ |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 26 | --- openssl-1.0.1e.orig/ssl/s3_both.c 2013-03-05 18:49:33.233297282 +0000 |
| 27 | +++ openssl-1.0.1e/ssl/s3_both.c 2013-03-05 18:49:33.413299231 +0000 |
| 28 | @@ -555,7 +555,8 @@ long ssl3_get_message(SSL *s, int st1, i |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 29 | #endif |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 30 | |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 31 | /* Feed this message into MAC computation. */ |
| 32 | - ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 33 | + if (*(unsigned char*)s->init_buf->data != SSL3_MT_ENCRYPTED_EXTENSIONS) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 34 | + ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); |
| 35 | if (s->msg_callback) |
| 36 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); |
| 37 | *ok=1; |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 38 | --- openssl-1.0.1e.orig/ssl/s3_clnt.c 2013-03-05 18:49:33.233297282 +0000 |
| 39 | +++ openssl-1.0.1e/ssl/s3_clnt.c 2013-03-05 18:49:33.413299231 +0000 |
| 40 | @@ -477,13 +477,14 @@ int ssl3_connect(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 41 | SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); |
| 42 | if (ret <= 0) goto end; |
| 43 | |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 44 | -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 45 | s->state=SSL3_ST_CW_FINISHED_A; |
| 46 | -#else |
| 47 | +#if !defined(OPENSSL_NO_TLSEXT) |
| 48 | + if (s->s3->tlsext_channel_id_valid) |
| 49 | + s->state=SSL3_ST_CW_CHANNEL_ID_A; |
| 50 | +# if !defined(OPENSSL_NO_NEXTPROTONEG) |
| 51 | if (s->s3->next_proto_neg_seen) |
| 52 | s->state=SSL3_ST_CW_NEXT_PROTO_A; |
| 53 | - else |
| 54 | - s->state=SSL3_ST_CW_FINISHED_A; |
| 55 | +# endif |
| 56 | #endif |
| 57 | s->init_num=0; |
| 58 | |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 59 | @@ -517,6 +518,18 @@ int ssl3_connect(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 60 | case SSL3_ST_CW_NEXT_PROTO_B: |
| 61 | ret=ssl3_send_next_proto(s); |
| 62 | if (ret <= 0) goto end; |
| 63 | + if (s->s3->tlsext_channel_id_valid) |
| 64 | + s->state=SSL3_ST_CW_CHANNEL_ID_A; |
| 65 | + else |
| 66 | + s->state=SSL3_ST_CW_FINISHED_A; |
| 67 | + break; |
| 68 | +#endif |
| 69 | + |
| 70 | +#if !defined(OPENSSL_NO_TLSEXT) |
| 71 | + case SSL3_ST_CW_CHANNEL_ID_A: |
| 72 | + case SSL3_ST_CW_CHANNEL_ID_B: |
| 73 | + ret=ssl3_send_channel_id(s); |
| 74 | + if (ret <= 0) goto end; |
| 75 | s->state=SSL3_ST_CW_FINISHED_A; |
| 76 | break; |
| 77 | #endif |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 78 | @@ -3362,7 +3375,8 @@ err: |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 79 | return(0); |
| 80 | } |
| 81 | |
| 82 | -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 83 | +#if !defined(OPENSSL_NO_TLSEXT) |
| 84 | +# if !defined(OPENSSL_NO_NEXTPROTONEG) |
| 85 | int ssl3_send_next_proto(SSL *s) |
| 86 | { |
| 87 | unsigned int len, padding_len; |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 88 | @@ -3386,7 +3400,116 @@ int ssl3_send_next_proto(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 89 | |
| 90 | return ssl3_do_write(s, SSL3_RT_HANDSHAKE); |
| 91 | } |
| 92 | -#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ |
| 93 | +# endif /* !OPENSSL_NO_NEXTPROTONEG */ |
| 94 | + |
| 95 | +int ssl3_send_channel_id(SSL *s) |
| 96 | + { |
| 97 | + unsigned char *d; |
| 98 | + int ret = -1, public_key_len; |
| 99 | + EVP_MD_CTX md_ctx; |
| 100 | + size_t sig_len; |
| 101 | + ECDSA_SIG *sig = NULL; |
| 102 | + unsigned char *public_key = NULL, *derp, *der_sig = NULL; |
| 103 | + |
| 104 | + if (s->state != SSL3_ST_CW_CHANNEL_ID_A) |
| 105 | + return ssl3_do_write(s, SSL3_RT_HANDSHAKE); |
| 106 | + |
| 107 | + d = (unsigned char *)s->init_buf->data; |
| 108 | + *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS; |
| 109 | + l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d); |
| 110 | + s2n(TLSEXT_TYPE_channel_id, d); |
| 111 | + s2n(TLSEXT_CHANNEL_ID_SIZE, d); |
| 112 | + |
| 113 | + EVP_MD_CTX_init(&md_ctx); |
| 114 | + |
| 115 | + public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL); |
| 116 | + if (public_key_len <= 0) |
| 117 | + { |
| 118 | + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY); |
| 119 | + goto err; |
| 120 | + } |
| 121 | + // i2d_PublicKey will produce an ANSI X9.62 public key which, for a |
| 122 | + // P-256 key, is 0x04 (meaning uncompressed) followed by the x and y |
| 123 | + // field elements as 32-byte, big-endian numbers. |
| 124 | + if (public_key_len != 65) |
| 125 | + { |
| 126 | + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_CHANNEL_ID_NOT_P256); |
| 127 | + goto err; |
| 128 | + } |
| 129 | + public_key = OPENSSL_malloc(public_key_len); |
| 130 | + if (!public_key) |
| 131 | + { |
| 132 | + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE); |
| 133 | + goto err; |
| 134 | + } |
| 135 | + |
| 136 | + derp = public_key; |
| 137 | + i2d_PublicKey(s->tlsext_channel_id_private, &derp); |
| 138 | + |
| 139 | + if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL, |
| 140 | + s->tlsext_channel_id_private) != 1) |
| 141 | + { |
| 142 | + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNINIT_FAILED); |
| 143 | + goto err; |
| 144 | + } |
| 145 | + |
| 146 | + if (!tls1_channel_id_hash(&md_ctx, s)) |
| 147 | + goto err; |
| 148 | + |
| 149 | + if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len)) |
| 150 | + { |
| 151 | + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED); |
| 152 | + goto err; |
| 153 | + } |
| 154 | + |
| 155 | + der_sig = OPENSSL_malloc(sig_len); |
| 156 | + if (!der_sig) |
| 157 | + { |
| 158 | + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,ERR_R_MALLOC_FAILURE); |
| 159 | + goto err; |
| 160 | + } |
| 161 | + |
| 162 | + if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len)) |
| 163 | + { |
| 164 | + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_EVP_DIGESTSIGNFINAL_FAILED); |
| 165 | + goto err; |
| 166 | + } |
| 167 | + |
| 168 | + derp = der_sig; |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 169 | + sig = d2i_ECDSA_SIG(NULL, (const unsigned char**)&derp, sig_len); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 170 | + if (sig == NULL) |
| 171 | + { |
| 172 | + SSLerr(SSL_F_SSL3_SEND_CHANNEL_ID,SSL_R_D2I_ECDSA_SIG); |
| 173 | + goto err; |
| 174 | + } |
| 175 | + |
| 176 | + // The first byte of public_key will be 0x4, denoting an uncompressed key. |
| 177 | + memcpy(d, public_key + 1, 64); |
| 178 | + d += 64; |
| 179 | + memset(d, 0, 2 * 32); |
| 180 | + BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r)); |
| 181 | + d += 32; |
| 182 | + BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s)); |
| 183 | + d += 32; |
| 184 | + |
| 185 | + s->state = SSL3_ST_CW_CHANNEL_ID_B; |
| 186 | + s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE; |
| 187 | + s->init_off = 0; |
| 188 | + |
| 189 | + ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE); |
| 190 | + |
| 191 | +err: |
| 192 | + EVP_MD_CTX_cleanup(&md_ctx); |
| 193 | + if (public_key) |
| 194 | + OPENSSL_free(public_key); |
| 195 | + if (der_sig) |
| 196 | + OPENSSL_free(der_sig); |
| 197 | + if (sig) |
| 198 | + ECDSA_SIG_free(sig); |
| 199 | + |
| 200 | + return ret; |
| 201 | + } |
| 202 | +#endif /* !OPENSSL_NO_TLSEXT */ |
| 203 | |
| 204 | /* Check to see if handshake is full or resumed. Usually this is just a |
| 205 | * case of checking to see if a cache hit has occurred. In the case of |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 206 | --- openssl-1.0.1e.orig/ssl/s3_lib.c 2013-03-05 18:49:33.223297173 +0000 |
| 207 | +++ openssl-1.0.1e/ssl/s3_lib.c 2013-03-05 18:49:33.413299231 +0000 |
| 208 | @@ -2951,6 +2951,11 @@ int ssl3_new(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 209 | #ifndef OPENSSL_NO_SRP |
| 210 | SSL_SRP_CTX_init(s); |
| 211 | #endif |
| 212 | +#if !defined(OPENSSL_NO_TLSEXT) |
| 213 | + s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled; |
| 214 | + if (s->ctx->tlsext_channel_id_private) |
| 215 | + s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private); |
| 216 | +#endif |
| 217 | s->method->ssl_clear(s); |
| 218 | return(1); |
| 219 | err: |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 220 | @@ -3074,6 +3079,10 @@ void ssl3_clear(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 221 | s->next_proto_negotiated_len = 0; |
| 222 | } |
| 223 | #endif |
| 224 | + |
| 225 | +#if !defined(OPENSSL_NO_TLSEXT) |
| 226 | + s->s3->tlsext_channel_id_valid = 0; |
| 227 | +#endif |
| 228 | } |
| 229 | |
| 230 | #ifndef OPENSSL_NO_SRP |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 231 | @@ -3348,6 +3357,35 @@ long ssl3_ctrl(SSL *s, int cmd, long lar |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 232 | ret = 1; |
| 233 | break; |
| 234 | #endif |
| 235 | + case SSL_CTRL_CHANNEL_ID: |
| 236 | + if (!s->server) |
| 237 | + break; |
| 238 | + s->tlsext_channel_id_enabled = 1; |
| 239 | + ret = 1; |
| 240 | + break; |
| 241 | + |
| 242 | + case SSL_CTRL_SET_CHANNEL_ID: |
| 243 | + if (s->server) |
| 244 | + break; |
| 245 | + s->tlsext_channel_id_enabled = 1; |
| 246 | + if (EVP_PKEY_bits(parg) != 256) |
| 247 | + { |
| 248 | + SSLerr(SSL_F_SSL3_CTRL,SSL_R_CHANNEL_ID_NOT_P256); |
| 249 | + break; |
| 250 | + } |
| 251 | + if (s->tlsext_channel_id_private) |
| 252 | + EVP_PKEY_free(s->tlsext_channel_id_private); |
| 253 | + s->tlsext_channel_id_private = (EVP_PKEY*) parg; |
| 254 | + ret = 1; |
| 255 | + break; |
| 256 | + |
| 257 | + case SSL_CTRL_GET_CHANNEL_ID: |
| 258 | + if (!s->server) |
| 259 | + break; |
| 260 | + if (!s->s3->tlsext_channel_id_valid) |
| 261 | + break; |
| 262 | + memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64); |
| 263 | + return 64; |
| 264 | |
| 265 | #endif /* !OPENSSL_NO_TLSEXT */ |
| 266 | default: |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 267 | @@ -3569,6 +3607,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 268 | } |
| 269 | return 1; |
| 270 | } |
| 271 | + case SSL_CTRL_CHANNEL_ID: |
| 272 | + /* must be called on a server */ |
| 273 | + if (ctx->method->ssl_accept == ssl_undefined_function) |
| 274 | + return 0; |
| 275 | + ctx->tlsext_channel_id_enabled=1; |
| 276 | + return 1; |
| 277 | |
| 278 | #ifdef TLSEXT_TYPE_opaque_prf_input |
| 279 | case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 280 | @@ -3637,6 +3681,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 281 | } |
| 282 | break; |
| 283 | |
| 284 | + case SSL_CTRL_SET_CHANNEL_ID: |
| 285 | + ctx->tlsext_channel_id_enabled = 1; |
| 286 | + if (EVP_PKEY_bits(parg) != 256) |
| 287 | + { |
| 288 | + SSLerr(SSL_F_SSL3_CTX_CTRL,SSL_R_CHANNEL_ID_NOT_P256); |
| 289 | + break; |
| 290 | + } |
| 291 | + if (ctx->tlsext_channel_id_private) |
| 292 | + EVP_PKEY_free(ctx->tlsext_channel_id_private); |
| 293 | + ctx->tlsext_channel_id_private = (EVP_PKEY*) parg; |
| 294 | + break; |
| 295 | + |
| 296 | default: |
| 297 | return(0); |
| 298 | } |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 299 | --- openssl-1.0.1e.orig/ssl/s3_srvr.c 2013-03-05 18:49:33.233297282 +0000 |
| 300 | +++ openssl-1.0.1e/ssl/s3_srvr.c 2013-03-05 18:49:33.413299231 +0000 |
| 301 | @@ -157,8 +157,11 @@ |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 302 | #include <openssl/buffer.h> |
| 303 | #include <openssl/rand.h> |
| 304 | #include <openssl/objects.h> |
| 305 | +#include <openssl/ec.h> |
| 306 | +#include <openssl/ecdsa.h> |
| 307 | #include <openssl/evp.h> |
| 308 | #include <openssl/hmac.h> |
| 309 | +#include <openssl/sha.h> |
| 310 | #include <openssl/x509.h> |
| 311 | #ifndef OPENSSL_NO_DH |
| 312 | #include <openssl/dh.h> |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 313 | @@ -609,15 +612,8 @@ int ssl3_accept(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 314 | * the client uses its key from the certificate |
| 315 | * for key exchange. |
| 316 | */ |
| 317 | -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 318 | - s->state=SSL3_ST_SR_FINISHED_A; |
| 319 | -#else |
| 320 | - if (s->s3->next_proto_neg_seen) |
| 321 | - s->state=SSL3_ST_SR_NEXT_PROTO_A; |
| 322 | - else |
| 323 | - s->state=SSL3_ST_SR_FINISHED_A; |
| 324 | -#endif |
| 325 | s->init_num = 0; |
| 326 | + s->state=SSL3_ST_SR_POST_CLIENT_CERT; |
| 327 | } |
| 328 | else if (TLS1_get_version(s) >= TLS1_2_VERSION) |
| 329 | { |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 330 | @@ -677,16 +673,28 @@ int ssl3_accept(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 331 | ret=ssl3_get_cert_verify(s); |
| 332 | if (ret <= 0) goto end; |
| 333 | |
| 334 | -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 335 | - s->state=SSL3_ST_SR_FINISHED_A; |
| 336 | -#else |
| 337 | - if (s->s3->next_proto_neg_seen) |
| 338 | + s->state=SSL3_ST_SR_POST_CLIENT_CERT; |
| 339 | + s->init_num=0; |
| 340 | + break; |
| 341 | + |
| 342 | + case SSL3_ST_SR_POST_CLIENT_CERT: { |
| 343 | + char next_proto_neg = 0; |
| 344 | + char channel_id = 0; |
| 345 | +#if !defined(OPENSSL_NO_TLSEXT) |
| 346 | +# if !defined(OPENSSL_NO_NEXTPROTONEG) |
| 347 | + next_proto_neg = s->s3->next_proto_neg_seen; |
| 348 | +# endif |
| 349 | + channel_id = s->s3->tlsext_channel_id_valid; |
| 350 | +#endif |
| 351 | + |
| 352 | + if (next_proto_neg) |
| 353 | s->state=SSL3_ST_SR_NEXT_PROTO_A; |
| 354 | + else if (channel_id) |
| 355 | + s->state=SSL3_ST_SR_CHANNEL_ID_A; |
| 356 | else |
| 357 | s->state=SSL3_ST_SR_FINISHED_A; |
| 358 | -#endif |
| 359 | - s->init_num=0; |
| 360 | break; |
| 361 | + } |
| 362 | |
| 363 | #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) |
| 364 | case SSL3_ST_SR_NEXT_PROTO_A: |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 365 | @@ -694,6 +702,19 @@ int ssl3_accept(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 366 | ret=ssl3_get_next_proto(s); |
| 367 | if (ret <= 0) goto end; |
| 368 | s->init_num = 0; |
| 369 | + if (s->s3->tlsext_channel_id_valid) |
| 370 | + s->state=SSL3_ST_SR_CHANNEL_ID_A; |
| 371 | + else |
| 372 | + s->state=SSL3_ST_SR_FINISHED_A; |
| 373 | + break; |
| 374 | +#endif |
| 375 | + |
| 376 | +#if !defined(OPENSSL_NO_TLSEXT) |
| 377 | + case SSL3_ST_SR_CHANNEL_ID_A: |
| 378 | + case SSL3_ST_SR_CHANNEL_ID_B: |
| 379 | + ret=ssl3_get_channel_id(s); |
| 380 | + if (ret <= 0) goto end; |
| 381 | + s->init_num = 0; |
| 382 | s->state=SSL3_ST_SR_FINISHED_A; |
| 383 | break; |
| 384 | #endif |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 385 | @@ -765,16 +786,7 @@ int ssl3_accept(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 386 | if (ret <= 0) goto end; |
| 387 | s->state=SSL3_ST_SW_FLUSH; |
| 388 | if (s->hit) |
| 389 | - { |
| 390 | -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) |
| 391 | - s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; |
| 392 | -#else |
| 393 | - if (s->s3->next_proto_neg_seen) |
| 394 | - s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; |
| 395 | - else |
| 396 | - s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; |
| 397 | -#endif |
| 398 | - } |
| 399 | + s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT; |
| 400 | else |
| 401 | s->s3->tmp.next_state=SSL_ST_OK; |
| 402 | s->init_num=0; |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 403 | @@ -3610,4 +3622,140 @@ int ssl3_get_next_proto(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 404 | return 1; |
| 405 | } |
| 406 | # endif |
| 407 | + |
| 408 | +/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */ |
| 409 | +int ssl3_get_channel_id(SSL *s) |
| 410 | + { |
| 411 | + int ret = -1, ok; |
| 412 | + long n; |
| 413 | + const unsigned char *p; |
| 414 | + unsigned short extension_type, extension_len; |
| 415 | + EC_GROUP* p256 = NULL; |
| 416 | + EC_KEY* key = NULL; |
| 417 | + EC_POINT* point = NULL; |
| 418 | + ECDSA_SIG sig; |
| 419 | + BIGNUM x, y; |
| 420 | + |
| 421 | + if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0) |
| 422 | + { |
| 423 | + /* The first time that we're called we take the current |
| 424 | + * handshake hash and store it. */ |
| 425 | + EVP_MD_CTX md_ctx; |
| 426 | + unsigned int len; |
| 427 | + |
| 428 | + EVP_MD_CTX_init(&md_ctx); |
| 429 | + EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL); |
| 430 | + if (!tls1_channel_id_hash(&md_ctx, s)) |
| 431 | + return -1; |
| 432 | + len = sizeof(s->s3->tlsext_channel_id); |
| 433 | + EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len); |
| 434 | + EVP_MD_CTX_cleanup(&md_ctx); |
| 435 | + } |
| 436 | + |
| 437 | + n = s->method->ssl_get_message(s, |
| 438 | + SSL3_ST_SR_CHANNEL_ID_A, |
| 439 | + SSL3_ST_SR_CHANNEL_ID_B, |
| 440 | + SSL3_MT_ENCRYPTED_EXTENSIONS, |
| 441 | + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE, |
| 442 | + &ok); |
| 443 | + |
| 444 | + if (!ok) |
| 445 | + return((int)n); |
| 446 | + |
| 447 | + ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4); |
| 448 | + |
| 449 | + /* s->state doesn't reflect whether ChangeCipherSpec has been received |
| 450 | + * in this handshake, but s->s3->change_cipher_spec does (will be reset |
| 451 | + * by ssl3_get_finished). */ |
| 452 | + if (!s->s3->change_cipher_spec) |
| 453 | + { |
| 454 | + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS); |
| 455 | + return -1; |
| 456 | + } |
| 457 | + |
| 458 | + if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE) |
| 459 | + { |
| 460 | + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE); |
| 461 | + return -1; |
| 462 | + } |
| 463 | + |
| 464 | + p = (unsigned char *)s->init_msg; |
| 465 | + |
| 466 | + /* The payload looks like: |
| 467 | + * uint16 extension_type |
| 468 | + * uint16 extension_len; |
| 469 | + * uint8 x[32]; |
| 470 | + * uint8 y[32]; |
| 471 | + * uint8 r[32]; |
| 472 | + * uint8 s[32]; |
| 473 | + */ |
| 474 | + n2s(p, extension_type); |
| 475 | + n2s(p, extension_len); |
| 476 | + |
| 477 | + if (extension_type != TLSEXT_TYPE_channel_id || |
| 478 | + extension_len != TLSEXT_CHANNEL_ID_SIZE) |
| 479 | + { |
| 480 | + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_INVALID_MESSAGE); |
| 481 | + return -1; |
| 482 | + } |
| 483 | + |
| 484 | + p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); |
| 485 | + if (!p256) |
| 486 | + { |
| 487 | + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_NO_P256_SUPPORT); |
| 488 | + return -1; |
| 489 | + } |
| 490 | + |
| 491 | + BN_init(&x); |
| 492 | + BN_init(&y); |
| 493 | + sig.r = BN_new(); |
| 494 | + sig.s = BN_new(); |
| 495 | + |
| 496 | + if (BN_bin2bn(p + 0, 32, &x) == NULL || |
| 497 | + BN_bin2bn(p + 32, 32, &y) == NULL || |
| 498 | + BN_bin2bn(p + 64, 32, sig.r) == NULL || |
| 499 | + BN_bin2bn(p + 96, 32, sig.s) == NULL) |
| 500 | + goto err; |
| 501 | + |
| 502 | + point = EC_POINT_new(p256); |
| 503 | + if (!point || |
| 504 | + !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL)) |
| 505 | + goto err; |
| 506 | + |
| 507 | + key = EC_KEY_new(); |
| 508 | + if (!key || |
| 509 | + !EC_KEY_set_group(key, p256) || |
| 510 | + !EC_KEY_set_public_key(key, point)) |
| 511 | + goto err; |
| 512 | + |
| 513 | + /* We stored the handshake hash in |tlsext_channel_id| the first time |
| 514 | + * that we were called. */ |
| 515 | + switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH, &sig, key)) { |
| 516 | + case 1: |
| 517 | + break; |
| 518 | + case 0: |
| 519 | + SSLerr(SSL_F_SSL3_GET_CHANNEL_ID,SSL_R_CHANNEL_ID_SIGNATURE_INVALID); |
| 520 | + s->s3->tlsext_channel_id_valid = 0; |
| 521 | + goto err; |
| 522 | + default: |
| 523 | + s->s3->tlsext_channel_id_valid = 0; |
| 524 | + goto err; |
| 525 | + } |
| 526 | + |
| 527 | + memcpy(s->s3->tlsext_channel_id, p, 64); |
| 528 | + ret = 1; |
| 529 | + |
| 530 | +err: |
| 531 | + BN_free(&x); |
| 532 | + BN_free(&y); |
| 533 | + BN_free(sig.r); |
| 534 | + BN_free(sig.s); |
| 535 | + if (key) |
| 536 | + EC_KEY_free(key); |
| 537 | + if (point) |
| 538 | + EC_POINT_free(point); |
| 539 | + if (p256) |
| 540 | + EC_GROUP_free(p256); |
| 541 | + return ret; |
| 542 | + } |
| 543 | #endif |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 544 | --- openssl-1.0.1e.orig/ssl/ssl.h 2013-03-05 18:49:33.233297282 +0000 |
| 545 | +++ openssl-1.0.1e/ssl/ssl.h 2013-03-05 18:49:33.413299231 +0000 |
| 546 | @@ -981,6 +981,12 @@ struct ssl_ctx_st |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 547 | # endif |
| 548 | /* SRTP profiles we are willing to do from RFC 5764 */ |
| 549 | STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; |
| 550 | + |
| 551 | + /* If true, a client will advertise the Channel ID extension and a |
| 552 | + * server will echo it. */ |
| 553 | + char tlsext_channel_id_enabled; |
| 554 | + /* The client's Channel ID private key. */ |
| 555 | + EVP_PKEY *tlsext_channel_id_private; |
| 556 | #endif |
| 557 | }; |
| 558 | |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 559 | @@ -1022,6 +1028,10 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions( |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 560 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) |
| 561 | #define SSL_CTX_sess_cache_full(ctx) \ |
| 562 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) |
| 563 | +/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client |
| 564 | + * IDs from clients. Returns 1 on success. */ |
| 565 | +#define SSL_CTX_enable_tls_channel_id(ctx) \ |
| 566 | + SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 567 | |
| 568 | void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess)); |
| 569 | int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 570 | @@ -1348,6 +1358,13 @@ struct ssl_st |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 571 | */ |
| 572 | unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */ |
| 573 | unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */ |
| 574 | + |
| 575 | + /* Copied from the SSL_CTX. For a server, means that we'll accept |
| 576 | + * Channel IDs from clients. For a client, means that we'll advertise |
| 577 | + * support. */ |
| 578 | + char tlsext_channel_id_enabled; |
| 579 | + /* The client's Channel ID private key. */ |
| 580 | + EVP_PKEY *tlsext_channel_id_private; |
| 581 | #else |
| 582 | #define session_ctx ctx |
| 583 | #endif /* OPENSSL_NO_TLSEXT */ |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 584 | @@ -1605,6 +1622,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 585 | #define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 |
| 586 | #define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 |
| 587 | #endif |
| 588 | +#define SSL_CTRL_CHANNEL_ID 88 |
| 589 | +#define SSL_CTRL_GET_CHANNEL_ID 89 |
| 590 | +#define SSL_CTRL_SET_CHANNEL_ID 90 |
| 591 | #endif |
| 592 | |
| 593 | #define DTLS_CTRL_GET_TIMEOUT 73 |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 594 | @@ -1652,6 +1672,25 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 595 | #define SSL_set_tmp_ecdh(ssl,ecdh) \ |
| 596 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) |
| 597 | |
| 598 | +/* SSL_enable_tls_channel_id configures a TLS server to accept TLS client |
| 599 | + * IDs from clients. Returns 1 on success. */ |
| 600 | +#define SSL_enable_tls_channel_id(ctx) \ |
| 601 | + SSL_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL) |
| 602 | +/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to |
| 603 | + * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on |
| 604 | + * success. */ |
| 605 | +#define SSL_set1_tls_channel_id(s, private_key) \ |
| 606 | + SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key) |
| 607 | +#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \ |
| 608 | + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key) |
| 609 | +/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL* |
| 610 | + * and copies up to the first |channel_id_len| bytes into |channel_id|. The |
| 611 | + * Channel ID consists of the client's P-256 public key as an (x,y) pair where |
| 612 | + * each is a 32-byte, big-endian field element. Returns 0 if the client didn't |
| 613 | + * offer a Channel ID and the length of the complete Channel ID otherwise. */ |
| 614 | +#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \ |
| 615 | + SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id) |
| 616 | + |
| 617 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ |
| 618 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) |
| 619 | #define SSL_CTX_get_extra_chain_certs(ctx,px509) \ |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 620 | @@ -1686,6 +1725,7 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER |
| 621 | char * SSL_CIPHER_get_version(const SSL_CIPHER *c); |
| 622 | const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); |
| 623 | unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); |
| 624 | +const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher); |
| 625 | |
| 626 | int SSL_get_fd(const SSL *s); |
| 627 | int SSL_get_rfd(const SSL *s); |
| 628 | @@ -2149,6 +2189,7 @@ void ERR_load_SSL_strings(void); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 629 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 |
| 630 | #define SSL_F_SSL3_GET_CERT_STATUS 289 |
| 631 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 |
| 632 | +#define SSL_F_SSL3_GET_CHANNEL_ID 317 |
| 633 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 |
| 634 | #define SSL_F_SSL3_GET_CLIENT_HELLO 138 |
| 635 | #define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 636 | @@ -2168,6 +2209,7 @@ void ERR_load_SSL_strings(void); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 637 | #define SSL_F_SSL3_READ_BYTES 148 |
| 638 | #define SSL_F_SSL3_READ_N 149 |
| 639 | #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 |
| 640 | +#define SSL_F_SSL3_SEND_CHANNEL_ID 318 |
| 641 | #define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 |
| 642 | #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 |
| 643 | #define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 644 | @@ -2335,12 +2377,15 @@ void ERR_load_SSL_strings(void); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 645 | #define SSL_R_BIO_NOT_SET 128 |
| 646 | #define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 |
| 647 | #define SSL_R_BN_LIB 130 |
| 648 | +#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 376 |
| 649 | #define SSL_R_CA_DN_LENGTH_MISMATCH 131 |
| 650 | #define SSL_R_CA_DN_TOO_LONG 132 |
| 651 | #define SSL_R_CCS_RECEIVED_EARLY 133 |
| 652 | #define SSL_R_CERTIFICATE_VERIFY_FAILED 134 |
| 653 | #define SSL_R_CERT_LENGTH_MISMATCH 135 |
| 654 | #define SSL_R_CHALLENGE_IS_DIFFERENT 136 |
| 655 | +#define SSL_R_CHANNEL_ID_NOT_P256 375 |
| 656 | +#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 371 |
| 657 | #define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 |
| 658 | #define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 |
| 659 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 660 | @@ -2353,6 +2398,7 @@ void ERR_load_SSL_strings(void); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 661 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 |
| 662 | #define SSL_R_CONNECTION_TYPE_NOT_SET 144 |
| 663 | #define SSL_R_COOKIE_MISMATCH 308 |
| 664 | +#define SSL_R_D2I_ECDSA_SIG 379 |
| 665 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 |
| 666 | #define SSL_R_DATA_LENGTH_TOO_LONG 146 |
| 667 | #define SSL_R_DECRYPTION_FAILED 147 |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 668 | @@ -2370,9 +2416,12 @@ void ERR_load_SSL_strings(void); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 669 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 |
| 670 | #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 |
| 671 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 |
| 672 | +#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 377 |
| 673 | +#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 378 |
| 674 | #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 |
| 675 | #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 |
| 676 | #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 |
| 677 | +#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 372 |
| 678 | #define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 |
| 679 | #define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 |
| 680 | #define SSL_R_HTTPS_PROXY_REQUEST 155 |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 681 | @@ -2382,6 +2431,7 @@ void ERR_load_SSL_strings(void); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 682 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 |
| 683 | #define SSL_R_INVALID_COMMAND 280 |
| 684 | #define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 |
| 685 | +#define SSL_R_INVALID_MESSAGE 374 |
| 686 | #define SSL_R_INVALID_PURPOSE 278 |
| 687 | #define SSL_R_INVALID_SRP_USERNAME 357 |
| 688 | #define SSL_R_INVALID_STATUS_RESPONSE 328 |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 689 | @@ -2436,6 +2486,7 @@ void ERR_load_SSL_strings(void); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 690 | #define SSL_R_NO_COMPRESSION_SPECIFIED 187 |
| 691 | #define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 |
| 692 | #define SSL_R_NO_METHOD_SPECIFIED 188 |
| 693 | +#define SSL_R_NO_P256_SUPPORT 373 |
| 694 | #define SSL_R_NO_PRIVATEKEY 189 |
| 695 | #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 |
| 696 | #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 697 | --- openssl-1.0.1e.orig/ssl/ssl3.h 2013-03-05 18:49:33.223297173 +0000 |
| 698 | +++ openssl-1.0.1e/ssl/ssl3.h 2013-03-05 18:49:33.413299231 +0000 |
| 699 | @@ -539,6 +539,17 @@ typedef struct ssl3_state_st |
Kenny Root | ff41a4b | 2014-01-07 10:19:10 -0800 | [diff] [blame^] | 700 | char is_probably_safari; |
| 701 | #endif /* !OPENSSL_NO_EC */ |
| 702 | #endif /* !OPENSSL_NO_TLSEXT */ |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 703 | + |
| 704 | + /* In a client, this means that the server supported Channel ID and that |
| 705 | + * a Channel ID was sent. In a server it means that we echoed support |
| 706 | + * for Channel IDs and that tlsext_channel_id will be valid after the |
| 707 | + * handshake. */ |
| 708 | + char tlsext_channel_id_valid; |
| 709 | + /* For a server: |
| 710 | + * If |tlsext_channel_id_valid| is true, then this contains the |
| 711 | + * verified Channel ID from the client: a P256 point, (x,y), where |
| 712 | + * each are big-endian values. */ |
| 713 | + unsigned char tlsext_channel_id[64]; |
| 714 | } SSL3_STATE; |
| 715 | |
| 716 | #endif |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 717 | @@ -583,6 +594,8 @@ typedef struct ssl3_state_st |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 718 | #define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) |
| 719 | #define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) |
Brian Carlstrom | 04ef91b | 2013-02-05 09:20:38 -0800 | [diff] [blame] | 720 | #endif |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 721 | +#define SSL3_ST_CW_CHANNEL_ID_A (0x210|SSL_ST_CONNECT) |
| 722 | +#define SSL3_ST_CW_CHANNEL_ID_B (0x211|SSL_ST_CONNECT) |
| 723 | #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) |
| 724 | #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) |
| 725 | /* read from server */ |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 726 | @@ -632,10 +645,13 @@ typedef struct ssl3_state_st |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 727 | #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) |
| 728 | #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) |
| 729 | #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) |
| 730 | +#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT) |
Brian Carlstrom | 04ef91b | 2013-02-05 09:20:38 -0800 | [diff] [blame] | 731 | #ifndef OPENSSL_NO_NEXTPROTONEG |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 732 | #define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) |
| 733 | #define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) |
Brian Carlstrom | 04ef91b | 2013-02-05 09:20:38 -0800 | [diff] [blame] | 734 | #endif |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 735 | +#define SSL3_ST_SR_CHANNEL_ID_A (0x220|SSL_ST_ACCEPT) |
| 736 | +#define SSL3_ST_SR_CHANNEL_ID_B (0x221|SSL_ST_ACCEPT) |
| 737 | #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) |
| 738 | #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) |
| 739 | /* write to client */ |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 740 | @@ -663,6 +679,7 @@ typedef struct ssl3_state_st |
| 741 | #ifndef OPENSSL_NO_NEXTPROTONEG |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 742 | #define SSL3_MT_NEXT_PROTO 67 |
Brian Carlstrom | 04ef91b | 2013-02-05 09:20:38 -0800 | [diff] [blame] | 743 | #endif |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 744 | +#define SSL3_MT_ENCRYPTED_EXTENSIONS 203 |
| 745 | #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 |
| 746 | |
| 747 | |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 748 | --- openssl-1.0.1e.orig/ssl/ssl_err.c 2013-03-05 18:49:33.243297392 +0000 |
| 749 | +++ openssl-1.0.1e/ssl/ssl_err.c 2013-03-05 18:49:33.413299231 +0000 |
| 750 | @@ -151,6 +151,7 @@ static ERR_STRING_DATA SSL_str_functs[]= |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 751 | {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 752 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"}, |
| 753 | {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"}, |
| 754 | +{ERR_FUNC(SSL_F_SSL3_GET_CHANNEL_ID), "SSL3_GET_CHANNEL_ID"}, |
| 755 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"}, |
| 756 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"}, |
| 757 | {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"}, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 758 | @@ -170,6 +171,7 @@ static ERR_STRING_DATA SSL_str_functs[]= |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 759 | {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"}, |
| 760 | {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"}, |
| 761 | {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"}, |
| 762 | +{ERR_FUNC(SSL_F_SSL3_SEND_CHANNEL_ID), "SSL3_SEND_CHANNEL_ID"}, |
| 763 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"}, |
| 764 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"}, |
| 765 | {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"}, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 766 | @@ -339,12 +341,15 @@ static ERR_STRING_DATA SSL_str_reasons[] |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 767 | {ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"}, |
| 768 | {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"}, |
| 769 | {ERR_REASON(SSL_R_BN_LIB) ,"bn lib"}, |
| 770 | +{ERR_REASON(SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY),"cannot serialize public key"}, |
| 771 | {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"}, |
| 772 | {ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"}, |
| 773 | {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"}, |
| 774 | {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"}, |
| 775 | {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"}, |
| 776 | {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"}, |
| 777 | +{ERR_REASON(SSL_R_CHANNEL_ID_NOT_P256) ,"channel id not p256"}, |
| 778 | +{ERR_REASON(SSL_R_CHANNEL_ID_SIGNATURE_INVALID),"Channel ID signature invalid"}, |
| 779 | {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"}, |
| 780 | {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"}, |
| 781 | {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"}, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 782 | @@ -357,6 +362,7 @@ static ERR_STRING_DATA SSL_str_reasons[] |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 783 | {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"}, |
| 784 | {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"}, |
| 785 | {ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"}, |
| 786 | +{ERR_REASON(SSL_R_D2I_ECDSA_SIG) ,"d2i ecdsa sig"}, |
| 787 | {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"}, |
| 788 | {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"}, |
| 789 | {ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"}, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 790 | @@ -374,9 +380,12 @@ static ERR_STRING_DATA SSL_str_reasons[] |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 791 | {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, |
| 792 | {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"}, |
| 793 | {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"}, |
| 794 | +{ERR_REASON(SSL_R_EVP_DIGESTSIGNFINAL_FAILED),"evp digestsignfinal failed"}, |
| 795 | +{ERR_REASON(SSL_R_EVP_DIGESTSIGNINIT_FAILED),"evp digestsigninit failed"}, |
| 796 | {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, |
| 797 | {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, |
| 798 | {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, |
| 799 | +{ERR_REASON(SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS),"got Channel ID before a ccs"}, |
| 800 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, |
| 801 | {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, |
| 802 | {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 803 | @@ -386,6 +395,7 @@ static ERR_STRING_DATA SSL_str_reasons[] |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 804 | {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"}, |
| 805 | {ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"}, |
| 806 | {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"}, |
| 807 | +{ERR_REASON(SSL_R_INVALID_MESSAGE) ,"invalid message"}, |
| 808 | {ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"}, |
| 809 | {ERR_REASON(SSL_R_INVALID_SRP_USERNAME) ,"invalid srp username"}, |
| 810 | {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"}, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 811 | @@ -440,6 +450,7 @@ static ERR_STRING_DATA SSL_str_reasons[] |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 812 | {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"}, |
| 813 | {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"}, |
| 814 | {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"}, |
| 815 | +{ERR_REASON(SSL_R_NO_P256_SUPPORT) ,"no p256 support"}, |
| 816 | {ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"}, |
| 817 | {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"}, |
| 818 | {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"}, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 819 | --- openssl-1.0.1e.orig/ssl/ssl_lib.c 2013-03-05 18:49:33.243297392 +0000 |
| 820 | +++ openssl-1.0.1e/ssl/ssl_lib.c 2013-03-05 18:49:33.413299231 +0000 |
| 821 | @@ -579,6 +579,8 @@ void SSL_free(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 822 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); |
| 823 | if (s->tlsext_ocsp_resp) |
| 824 | OPENSSL_free(s->tlsext_ocsp_resp); |
| 825 | + if (s->tlsext_channel_id_private) |
| 826 | + EVP_PKEY_free(s->tlsext_channel_id_private); |
| 827 | #endif |
| 828 | |
| 829 | if (s->client_CA != NULL) |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 830 | @@ -2005,6 +2007,11 @@ void SSL_CTX_free(SSL_CTX *a) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 831 | ssl_buf_freelist_free(a->rbuf_freelist); |
| 832 | #endif |
| 833 | |
| 834 | +#ifndef OPENSSL_NO_TLSEXT |
| 835 | + if (a->tlsext_channel_id_private) |
| 836 | + EVP_PKEY_free(a->tlsext_channel_id_private); |
| 837 | +#endif |
| 838 | + |
| 839 | OPENSSL_free(a); |
| 840 | } |
| 841 | |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 842 | --- openssl-1.0.1e.orig/ssl/ssl_locl.h 2013-03-05 18:49:33.243297392 +0000 |
| 843 | +++ openssl-1.0.1e/ssl/ssl_locl.h 2013-03-05 18:49:33.413299231 +0000 |
| 844 | @@ -378,6 +378,7 @@ |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 845 | * (currently this also goes into algorithm2) */ |
| 846 | #define TLS1_STREAM_MAC 0x04 |
| 847 | |
| 848 | +#define TLSEXT_CHANNEL_ID_SIZE 128 |
| 849 | |
| 850 | |
| 851 | /* |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 852 | @@ -1004,6 +1005,7 @@ int ssl3_check_cert_and_algorithm(SSL *s |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 853 | int ssl3_check_finished(SSL *s); |
| 854 | # ifndef OPENSSL_NO_NEXTPROTONEG |
| 855 | int ssl3_send_next_proto(SSL *s); |
| 856 | +int ssl3_send_channel_id(SSL *s); |
| 857 | # endif |
| 858 | #endif |
| 859 | |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 860 | @@ -1026,6 +1028,7 @@ int ssl3_get_cert_verify(SSL *s); |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 861 | #ifndef OPENSSL_NO_NEXTPROTONEG |
| 862 | int ssl3_get_next_proto(SSL *s); |
| 863 | #endif |
| 864 | +int ssl3_get_channel_id(SSL *s); |
| 865 | |
| 866 | int dtls1_send_hello_request(SSL *s); |
| 867 | int dtls1_send_server_hello(SSL *s); |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 868 | @@ -1123,7 +1126,9 @@ int tls12_get_sigandhash(unsigned char * |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 869 | int tls12_get_sigid(const EVP_PKEY *pk); |
| 870 | const EVP_MD *tls12_get_hash(unsigned char hash_alg); |
| 871 | |
| 872 | +int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); |
| 873 | #endif |
| 874 | + |
| 875 | EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ; |
| 876 | void ssl_clear_hash_ctx(EVP_MD_CTX **hash); |
| 877 | int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 878 | --- openssl-1.0.1e.orig/ssl/t1_lib.c 2013-03-05 18:49:33.173296633 +0000 |
| 879 | +++ openssl-1.0.1e/ssl/t1_lib.c 2013-03-05 18:49:33.413299231 +0000 |
| 880 | @@ -649,6 +649,16 @@ unsigned char *ssl_add_clienthello_tlsex |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 881 | } |
| 882 | #endif |
| 883 | |
| 884 | + if (s->tlsext_channel_id_enabled) |
| 885 | + { |
| 886 | + /* The client advertises an emtpy extension to indicate its |
| 887 | + * support for Channel ID. */ |
| 888 | + if (limit - ret - 4 < 0) |
| 889 | + return NULL; |
| 890 | + s2n(TLSEXT_TYPE_channel_id,ret); |
| 891 | + s2n(0,ret); |
| 892 | + } |
| 893 | + |
Brian Carlstrom | eefface | 2013-02-11 09:54:43 -0800 | [diff] [blame] | 894 | #ifndef OPENSSL_NO_SRTP |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 895 | if(SSL_get_srtp_profiles(s)) |
| 896 | { |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 897 | @@ -859,6 +869,16 @@ unsigned char *ssl_add_serverhello_tlsex |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 898 | } |
| 899 | #endif |
| 900 | |
| 901 | + /* If the client advertised support for Channel ID, and we have it |
| 902 | + * enabled, then we want to echo it back. */ |
| 903 | + if (s->s3->tlsext_channel_id_valid) |
| 904 | + { |
| 905 | + if (limit - ret - 4 < 0) |
| 906 | + return NULL; |
| 907 | + s2n(TLSEXT_TYPE_channel_id,ret); |
| 908 | + s2n(0,ret); |
| 909 | + } |
| 910 | + |
| 911 | if ((extdatalen = ret-p-2)== 0) |
| 912 | return p; |
| 913 | |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 914 | @@ -1332,6 +1352,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 915 | } |
| 916 | #endif |
| 917 | |
| 918 | + else if (type == TLSEXT_TYPE_channel_id && s->tlsext_channel_id_enabled) |
| 919 | + s->s3->tlsext_channel_id_valid = 1; |
| 920 | + |
| 921 | /* session ticket processed earlier */ |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 922 | #ifndef OPENSSL_NO_SRTP |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 923 | else if (type == TLSEXT_TYPE_use_srtp) |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 924 | @@ -1562,6 +1585,9 @@ int ssl_parse_serverhello_tlsext(SSL *s, |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 925 | s->s3->next_proto_neg_seen = 1; |
| 926 | } |
| 927 | #endif |
| 928 | + else if (type == TLSEXT_TYPE_channel_id) |
| 929 | + s->s3->tlsext_channel_id_valid = 1; |
| 930 | + |
| 931 | else if (type == TLSEXT_TYPE_renegotiate) |
| 932 | { |
| 933 | if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 934 | @@ -2621,3 +2647,37 @@ tls1_heartbeat(SSL *s) |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 935 | return ret; |
| 936 | } |
| 937 | #endif |
| 938 | + |
| 939 | +#if !defined(OPENSSL_NO_TLSEXT) |
| 940 | +/* tls1_channel_id_hash calculates the signed data for a Channel ID on the given |
| 941 | + * SSL connection and writes it to |md|. |
| 942 | + */ |
| 943 | +int |
| 944 | +tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) |
| 945 | + { |
| 946 | + EVP_MD_CTX ctx; |
| 947 | + unsigned char temp_digest[EVP_MAX_MD_SIZE]; |
| 948 | + unsigned temp_digest_len; |
| 949 | + int i; |
| 950 | + static const char kClientIDMagic[] = "TLS Channel ID signature"; |
| 951 | + |
| 952 | + if (s->s3->handshake_buffer) |
| 953 | + if (!ssl3_digest_cached_records(s)) |
| 954 | + return 0; |
| 955 | + |
| 956 | + EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); |
| 957 | + |
| 958 | + EVP_MD_CTX_init(&ctx); |
| 959 | + for (i = 0; i < SSL_MAX_DIGEST; i++) |
| 960 | + { |
| 961 | + if (s->s3->handshake_dgst[i] == NULL) |
| 962 | + continue; |
| 963 | + EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]); |
| 964 | + EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len); |
| 965 | + EVP_DigestUpdate(md, temp_digest, temp_digest_len); |
| 966 | + } |
| 967 | + EVP_MD_CTX_cleanup(&ctx); |
| 968 | + |
| 969 | + return 1; |
| 970 | + } |
| 971 | +#endif |
David 'Digit' Turner | 365d7e8 | 2013-03-05 19:52:51 +0100 | [diff] [blame] | 972 | --- openssl-1.0.1e.orig/ssl/tls1.h 2013-03-05 18:49:33.173296633 +0000 |
| 973 | +++ openssl-1.0.1e/ssl/tls1.h 2013-03-05 18:49:33.413299231 +0000 |
| 974 | @@ -248,6 +248,9 @@ extern "C" { |
Adam Langley | 45bcfbc | 2013-01-16 13:43:53 -0800 | [diff] [blame] | 975 | #define TLSEXT_TYPE_next_proto_neg 13172 |
| 976 | #endif |
| 977 | |
| 978 | +/* This is not an IANA defined extension number */ |
| 979 | +#define TLSEXT_TYPE_channel_id 30031 |
| 980 | + |
| 981 | /* NameType value from RFC 3546 */ |
| 982 | #define TLSEXT_NAMETYPE_host_name 0 |
| 983 | /* status request value from RFC 3546 */ |