diff options
author | Torne (Richard Coles) <torne@google.com> | 2014-06-03 10:59:18 +0100 |
---|---|---|
committer | Torne (Richard Coles) <torne@google.com> | 2014-06-03 10:59:18 +0100 |
commit | de3469808fd291318d632868c0f37618962e1c7a (patch) | |
tree | 6ead13b5f66beae3acb85d1ad2f840fcc3bb9331 | |
parent | cf9e44ef952b1a6a2ff9738a1cdd6283fb3f6898 (diff) | |
parent | 21ed393e0da597351a61be6df6134983fbe47ffe (diff) | |
download | openssl-de3469808fd291318d632868c0f37618962e1c7a.tar.gz |
Merge from Chromium at DEPS revision 273901
This commit was generated by merge_to_master.py.
Change-Id: I8a639c7a291feed376dfb255c14c27dfb0e8d364
27 files changed, 1427 insertions, 103 deletions
@@ -68,6 +68,10 @@ component("openssl") { sources -= gypi_values.openssl_x86_source_excludes defines += gypi_values.openssl_x86_defines } else if (cpu_arch == "arm") { + # The ARM sources do not compile with full warnings enabled. + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ "//build/config/compiler:no_chromium_code" ] + sources += gypi_values.openssl_arm_sources sources -= gypi_values.openssl_arm_source_excludes defines += gypi_values.openssl_arm_defines diff --git a/README.chromium b/README.chromium index 443a75d..4aee197 100644 --- a/README.chromium +++ b/README.chromium @@ -212,6 +212,13 @@ located in patches.chromium/. Currently this consists of: server bug. Some servers are intolerant to the last extension being empty. See https://crbug.com/363583 + export_certificate_types.patch + Export the certificate_types field in CertificateRequest. + + send_client_verify_cleanup.patch + Clean up ssl3_send_client_verify so the various cases (TLS 1.2, pre-TLS-1.2 + cases for each cipher suite) are less intertwined. + ************************************************************************** Adding new Chromium patches: diff --git a/openssl.target.darwin-arm.mk b/openssl.target.darwin-arm.mk index f1ebd9c..38cfe62 100644 --- a/openssl.target.darwin-arm.mk +++ b/openssl.target.darwin-arm.mk @@ -596,9 +596,16 @@ MY_CFLAGS_Debug := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -fno-tree-sra \ + -fno-partial-inlining \ + -fno-early-inlining \ + -fno-tree-copy-prop \ + -fno-tree-loop-optimize \ + -fno-move-loop-invariants \ + -fno-caller-saves \ -Wno-psabi \ -ffunction-sections \ -funwind-tables \ @@ -634,12 +641,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -700,9 +712,16 @@ MY_CFLAGS_Release := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -fno-tree-sra \ + -fno-partial-inlining \ + -fno-early-inlining \ + -fno-tree-copy-prop \ + -fno-tree-loop-optimize \ + -fno-move-loop-invariants \ + -fno-caller-saves \ -Wno-psabi \ -ffunction-sections \ -funwind-tables \ @@ -738,12 +757,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.darwin-arm64.mk b/openssl.target.darwin-arm64.mk index 093bfc9..d002920 100644 --- a/openssl.target.darwin-arm64.mk +++ b/openssl.target.darwin-arm64.mk @@ -622,12 +622,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -716,12 +721,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.darwin-mips.mk b/openssl.target.darwin-mips.mk index 52b0be8..aef592a 100644 --- a/openssl.target.darwin-mips.mk +++ b/openssl.target.darwin-mips.mk @@ -591,6 +591,7 @@ MY_CFLAGS_Debug := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -EL \ @@ -629,12 +630,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -693,6 +699,7 @@ MY_CFLAGS_Release := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -EL \ @@ -731,12 +738,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.darwin-x86.mk b/openssl.target.darwin-x86.mk index 5ebaa58..c7ff427 100644 --- a/openssl.target.darwin-x86.mk +++ b/openssl.target.darwin-x86.mk @@ -595,6 +595,7 @@ MY_CFLAGS_Debug := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -msse2 \ @@ -635,12 +636,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -705,6 +711,7 @@ MY_CFLAGS_Release := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -msse2 \ @@ -745,12 +752,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.darwin-x86_64.mk b/openssl.target.darwin-x86_64.mk index cf24e4b..68b2cbf 100644 --- a/openssl.target.darwin-x86_64.mk +++ b/openssl.target.darwin-x86_64.mk @@ -638,12 +638,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -748,12 +753,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.linux-arm.mk b/openssl.target.linux-arm.mk index f1ebd9c..38cfe62 100644 --- a/openssl.target.linux-arm.mk +++ b/openssl.target.linux-arm.mk @@ -596,9 +596,16 @@ MY_CFLAGS_Debug := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -fno-tree-sra \ + -fno-partial-inlining \ + -fno-early-inlining \ + -fno-tree-copy-prop \ + -fno-tree-loop-optimize \ + -fno-move-loop-invariants \ + -fno-caller-saves \ -Wno-psabi \ -ffunction-sections \ -funwind-tables \ @@ -634,12 +641,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -700,9 +712,16 @@ MY_CFLAGS_Release := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -fno-tree-sra \ + -fno-partial-inlining \ + -fno-early-inlining \ + -fno-tree-copy-prop \ + -fno-tree-loop-optimize \ + -fno-move-loop-invariants \ + -fno-caller-saves \ -Wno-psabi \ -ffunction-sections \ -funwind-tables \ @@ -738,12 +757,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.linux-arm64.mk b/openssl.target.linux-arm64.mk index 093bfc9..d002920 100644 --- a/openssl.target.linux-arm64.mk +++ b/openssl.target.linux-arm64.mk @@ -622,12 +622,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -716,12 +721,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.linux-mips.mk b/openssl.target.linux-mips.mk index 52b0be8..aef592a 100644 --- a/openssl.target.linux-mips.mk +++ b/openssl.target.linux-mips.mk @@ -591,6 +591,7 @@ MY_CFLAGS_Debug := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -EL \ @@ -629,12 +630,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -693,6 +699,7 @@ MY_CFLAGS_Release := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -EL \ @@ -731,12 +738,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.linux-x86.mk b/openssl.target.linux-x86.mk index 5ebaa58..c7ff427 100644 --- a/openssl.target.linux-x86.mk +++ b/openssl.target.linux-x86.mk @@ -595,6 +595,7 @@ MY_CFLAGS_Debug := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -msse2 \ @@ -635,12 +636,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -705,6 +711,7 @@ MY_CFLAGS_Release := \ -fvisibility=hidden \ -pipe \ -fPIC \ + -Wno-unused-local-typedefs \ -w \ -Wno-format \ -msse2 \ @@ -745,12 +752,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl.target.linux-x86_64.mk b/openssl.target.linux-x86_64.mk index cf24e4b..68b2cbf 100644 --- a/openssl.target.linux-x86_64.mk +++ b/openssl.target.linux-x86_64.mk @@ -638,12 +638,17 @@ MY_DEFS_Debug := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ @@ -748,12 +753,17 @@ MY_DEFS_Release := \ '-DENABLE_WEBRTC=1' \ '-DUSE_PROPRIETARY_CODECS' \ '-DENABLE_CONFIGURATION_POLICY' \ + '-DENABLE_NEW_GAMEPAD_API=1' \ '-DDISCARDABLE_MEMORY_ALWAYS_SUPPORTED_NATIVELY' \ '-DSYSTEM_NATIVELY_SIGNALS_MEMORY_PRESSURE' \ '-DENABLE_EGLIMAGE=1' \ '-DCLD_VERSION=1' \ '-DENABLE_PRINTING=1' \ '-DENABLE_MANAGED_USERS=1' \ + '-DDATA_REDUCTION_FALLBACK_HOST="http://compress.googlezip.net:80/"' \ + '-DDATA_REDUCTION_DEV_HOST="http://proxy-dev.googlezip.net:80/"' \ + '-DSPDY_PROXY_AUTH_ORIGIN="https://proxy.googlezip.net:443/"' \ + '-DDATA_REDUCTION_PROXY_PROBE_URL="http://check.googlezip.net/connect"' \ '-DVIDEO_HOLE=1' \ '-DNO_WINDOWS_BRAINDEATH' \ '-DPURIFY' \ diff --git a/openssl/include/openssl/ssl.h b/openssl/include/openssl/ssl.h index a3944f1..5faae95 100644 --- a/openssl/include/openssl/ssl.h +++ b/openssl/include/openssl/ssl.h @@ -547,6 +547,13 @@ struct ssl_session_st #ifndef OPENSSL_NO_SRP char *srp_username; #endif + + /* original_handshake_hash contains the handshake hash (either + * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full + * handshake that created a session. This is used by Channel IDs during + * resumption. */ + unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; + unsigned int original_handshake_hash_len; }; #endif @@ -1982,6 +1989,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); +void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, + size_t *ctype_num); + void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); diff --git a/openssl/include/openssl/ssl3.h b/openssl/include/openssl/ssl3.h index 899c8a8..019e8d8 100644 --- a/openssl/include/openssl/ssl3.h +++ b/openssl/include/openssl/ssl3.h @@ -508,7 +508,7 @@ typedef struct ssl3_state_st /* used for certificate requests */ int cert_req; int ctype_num; - char ctype[SSL3_CT_NUMBER]; + unsigned char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; int use_rsa_tmp; diff --git a/openssl/include/openssl/tls1.h b/openssl/include/openssl/tls1.h index c4f69aa..5559486 100644 --- a/openssl/include/openssl/tls1.h +++ b/openssl/include/openssl/tls1.h @@ -255,7 +255,7 @@ extern "C" { #endif /* This is not an IANA defined extension number */ -#define TLSEXT_TYPE_channel_id 30031 +#define TLSEXT_TYPE_channel_id 30032 /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 diff --git a/openssl/patches/new_channelid.patch b/openssl/patches/new_channelid.patch new file mode 100644 index 0000000..22a8fdd --- /dev/null +++ b/openssl/patches/new_channelid.patch @@ -0,0 +1,273 @@ +diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h +index a3944f1..fe92ccf 100644 +--- a/include/openssl/ssl.h ++++ b/include/openssl/ssl.h +@@ -547,6 +547,13 @@ struct ssl_session_st + #ifndef OPENSSL_NO_SRP + char *srp_username; + #endif ++ ++ /* original_handshake_hash contains the handshake hash (either ++ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full ++ * handshake that created a session. This is used by Channel IDs during ++ * resumption. */ ++ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; ++ unsigned int original_handshake_hash_len; + }; + + #endif +diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h +index c4f69aa..5559486 100644 +--- a/include/openssl/tls1.h ++++ b/include/openssl/tls1.h +@@ -255,7 +255,7 @@ extern "C" { + #endif + + /* This is not an IANA defined extension number */ +-#define TLSEXT_TYPE_channel_id 30031 ++#define TLSEXT_TYPE_channel_id 30032 + + /* NameType value from RFC 3546 */ + #define TLSEXT_NAMETYPE_host_name 0 +diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c +index 640df80..d6154c5 100644 +--- a/ssl/s3_clnt.c ++++ b/ssl/s3_clnt.c +@@ -583,6 +583,18 @@ int ssl3_connect(SSL *s) + #endif + s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; + } ++ if (s->s3->tlsext_channel_id_valid) ++ { ++ /* This is a non-resumption handshake. If it ++ * involves ChannelID, then record the ++ * handshake hashes at this point in the ++ * session so that any resumption of this ++ * session with ChannelID can sign those ++ * hashes. */ ++ ret = tls1_record_handshake_hashes_for_channel_id(s); ++ if (ret <= 0) ++ goto end; ++ } + } + s->init_num=0; + break; +diff --git a/ssl/ssl.h b/ssl/ssl.h +index a3944f1..fe92ccf 100644 +--- a/ssl/ssl.h ++++ b/ssl/ssl.h +@@ -547,6 +547,13 @@ struct ssl_session_st + #ifndef OPENSSL_NO_SRP + char *srp_username; + #endif ++ ++ /* original_handshake_hash contains the handshake hash (either ++ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full ++ * handshake that created a session. This is used by Channel IDs during ++ * resumption. */ ++ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; ++ unsigned int original_handshake_hash_len; + }; + + #endif +diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h +index 531a291..c975d31 100644 +--- a/ssl/ssl_locl.h ++++ b/ssl/ssl_locl.h +@@ -1102,6 +1102,7 @@ void ssl_free_wbio_buffer(SSL *s); + int tls1_change_cipher_state(SSL *s, int which); + int tls1_setup_key_block(SSL *s); + int tls1_enc(SSL *s, int snd); ++int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len); + int tls1_final_finish_mac(SSL *s, + const char *str, int slen, unsigned char *p); + int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); +@@ -1158,6 +1159,7 @@ int tls12_get_sigid(const EVP_PKEY *pk); + const EVP_MD *tls12_get_hash(unsigned char hash_alg); + + int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); ++int tls1_record_handshake_hashes_for_channel_id(SSL *s); + #endif + + int ssl3_can_cutthrough(const SSL *s); +diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c +index 87b7021..d30ce61 100644 +--- a/ssl/t1_enc.c ++++ b/ssl/t1_enc.c +@@ -1147,53 +1147,79 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) + return((int)ret); + } + ++/* tls1_handshake_digest calculates the current handshake hash and writes it to ++ * |out|, which has space for |out_len| bytes. It returns the number of bytes ++ * written or -1 in the event of an error. This function works on a copy of the ++ * underlying digests so can be called multiple times and prior to the final ++ * update etc. */ ++int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) ++ { ++ const EVP_MD *md; ++ EVP_MD_CTX ctx; ++ int i, err = 0, len = 0; ++ long mask; ++ ++ EVP_MD_CTX_init(&ctx); ++ ++ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) ++ { ++ int hash_size; ++ unsigned int digest_len; ++ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; ++ ++ if ((mask & ssl_get_algorithm2(s)) == 0) ++ continue; ++ ++ hash_size = EVP_MD_size(md); ++ if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) ++ { ++ err = 1; ++ break; ++ } ++ ++ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || ++ !EVP_DigestFinal_ex(&ctx, out, &digest_len) || ++ digest_len != (unsigned int)hash_size) /* internal error */ ++ { ++ err = 1; ++ break; ++ } ++ out += digest_len; ++ out_len -= digest_len; ++ len += digest_len; ++ } ++ ++ EVP_MD_CTX_cleanup(&ctx); ++ ++ if (err != 0) ++ return -1; ++ return len; ++ } ++ + int tls1_final_finish_mac(SSL *s, + const char *str, int slen, unsigned char *out) + { +- unsigned int i; +- EVP_MD_CTX ctx; + unsigned char buf[2*EVP_MAX_MD_SIZE]; +- unsigned char *q,buf2[12]; +- int idx; +- long mask; ++ unsigned char buf2[12]; + int err=0; +- const EVP_MD *md; ++ int digests_len; + +- q=buf; +- +- if (s->s3->handshake_buffer) ++ if (s->s3->handshake_buffer) + if (!ssl3_digest_cached_records(s)) + return 0; + +- EVP_MD_CTX_init(&ctx); +- +- for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) ++ digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); ++ if (digests_len < 0) + { +- if (mask & ssl_get_algorithm2(s)) +- { +- int hashsize = EVP_MD_size(md); +- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) +- { +- /* internal error: 'buf' is too small for this cipersuite! */ +- err = 1; +- } +- else +- { +- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); +- EVP_DigestFinal_ex(&ctx,q,&i); +- if (i != (unsigned int)hashsize) /* can't really happen */ +- err = 1; +- q+=i; +- } +- } ++ err = 1; ++ digests_len = 0; + } +- ++ + if (!tls1_PRF(ssl_get_algorithm2(s), +- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, ++ str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, + s->session->master_key,s->session->master_key_length, + out,buf2,sizeof buf2)) + err = 1; +- EVP_MD_CTX_cleanup(&ctx); + + if (err) + return 0; +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index ea7fefa..d7ea9a5 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2684,6 +2684,17 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) + + EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); + ++ if (s->hit) ++ { ++ static const char kResumptionMagic[] = "Resumption"; ++ EVP_DigestUpdate(md, kResumptionMagic, ++ sizeof(kResumptionMagic)); ++ if (s->session->original_handshake_hash_len == 0) ++ return 0; ++ EVP_DigestUpdate(md, s->session->original_handshake_hash, ++ s->session->original_handshake_hash_len); ++ } ++ + EVP_MD_CTX_init(&ctx); + for (i = 0; i < SSL_MAX_DIGEST; i++) + { +@@ -2698,3 +2709,29 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) + return 1; + } + #endif ++ ++/* tls1_record_handshake_hashes_for_channel_id records the current handshake ++ * hashes in |s->session| so that Channel ID resumptions can sign that data. */ ++int tls1_record_handshake_hashes_for_channel_id(SSL *s) ++ { ++ int digest_len; ++ /* This function should never be called for a resumed session because ++ * the handshake hashes that we wish to record are for the original, ++ * full handshake. */ ++ if (s->hit) ++ return -1; ++ /* It only makes sense to call this function if Channel IDs have been ++ * negotiated. */ ++ if (!s->s3->tlsext_channel_id_valid) ++ return -1; ++ ++ digest_len = tls1_handshake_digest( ++ s, s->session->original_handshake_hash, ++ sizeof(s->session->original_handshake_hash)); ++ if (digest_len < 0) ++ return -1; ++ ++ s->session->original_handshake_hash_len = digest_len; ++ ++ return 1; ++ } +diff --git a/ssl/tls1.h b/ssl/tls1.h +index c4f69aa..5559486 100644 +--- a/ssl/tls1.h ++++ b/ssl/tls1.h +@@ -255,7 +255,7 @@ extern "C" { + #endif + + /* This is not an IANA defined extension number */ +-#define TLSEXT_TYPE_channel_id 30031 ++#define TLSEXT_TYPE_channel_id 30032 + + /* NameType value from RFC 3546 */ + #define TLSEXT_NAMETYPE_host_name 0 diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c index 640df80..2b094c9 100644 --- a/openssl/ssl/s3_clnt.c +++ b/openssl/ssl/s3_clnt.c @@ -583,6 +583,18 @@ int ssl3_connect(SSL *s) #endif s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; } + if (s->s3->tlsext_channel_id_valid) + { + /* This is a non-resumption handshake. If it + * involves ChannelID, then record the + * handshake hashes at this point in the + * session so that any resumption of this + * session with ChannelID can sign those + * hashes. */ + ret = tls1_record_handshake_hashes_for_channel_id(s); + if (ret <= 0) + goto end; + } } s->init_num=0; break; @@ -3010,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s) unsigned char *p,*d; unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; EVP_PKEY *pkey; - EVP_PKEY_CTX *pctx=NULL; + EVP_PKEY_CTX *pctx = NULL; EVP_MD_CTX mctx; - unsigned u=0; + unsigned signature_length = 0; unsigned long n; - int j; EVP_MD_CTX_init(&mctx); if (s->state == SSL3_ST_CW_CERT_VRFY_A) { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - pkey=s->cert->key->privatekey; -/* Create context from key and test if sha1 is allowed as digest */ - pctx = EVP_PKEY_CTX_new(pkey,NULL); - EVP_PKEY_sign_init(pctx); - if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) - { - if (TLS1_get_version(s) < TLS1_2_VERSION) - s->method->ssl3_enc->cert_verify_mac(s, - NID_sha1, - &(data[MD5_DIGEST_LENGTH])); - } - else - { - ERR_clear_error(); - } + d = (unsigned char *)s->init_buf->data; + p = &(d[4]); + pkey = s->cert->key->privatekey; /* For TLS v1.2 send signature algorithm and signature * using agreed digest and cached handshake records. */ @@ -3060,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s) #endif if (!EVP_SignInit_ex(&mctx, md, NULL) || !EVP_SignUpdate(&mctx, hdata, hdatalen) - || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) + || !EVP_SignFinal(&mctx, p + 2, + &signature_length, pkey)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_EVP_LIB); goto err; } - s2n(u,p); - n = u + 4; + s2n(signature_length, p); + n = signature_length + 4; if (!ssl3_digest_cached_records(s)) goto err; } @@ -3075,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s) #ifndef OPENSSL_NO_RSA if (pkey->type == EVP_PKEY_RSA) { + s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data); s->method->ssl3_enc->cert_verify_mac(s, - NID_md5, - &(data[0])); + NID_sha1, &(data[MD5_DIGEST_LENGTH])); if (RSA_sign(NID_md5_sha1, data, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - &(p[2]), &u, pkey->pkey.rsa) <= 0 ) + MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, + &(p[2]), &signature_length, pkey->pkey.rsa) <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); goto err; } - s2n(u,p); - n=u+2; + s2n(signature_length, p); + n = signature_length + 2; } else #endif #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) + if (pkey->type == EVP_PKEY_DSA) { - if (!DSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.dsa)) + s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); + if (!DSA_sign(pkey->save_type, data, + SHA_DIGEST_LENGTH, &(p[2]), + &signature_length, pkey->pkey.dsa)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); goto err; } - s2n(j,p); - n=j+2; + s2n(signature_length, p); + n = signature_length + 2; } else #endif #ifndef OPENSSL_NO_ECDSA - if (pkey->type == EVP_PKEY_EC) + if (pkey->type == EVP_PKEY_EC) { - if (!ECDSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.ec)) + s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); + if (!ECDSA_sign(pkey->save_type, data, + SHA_DIGEST_LENGTH, &(p[2]), + &signature_length, pkey->pkey.ec)) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_ECDSA_LIB); + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB); goto err; } - s2n(j,p); - n=j+2; + s2n(signature_length, p); + n = signature_length + 2; } else #endif if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) - { - unsigned char signbuf[64]; - int i; - size_t sigsize=64; - s->method->ssl3_enc->cert_verify_mac(s, - NID_id_GostR3411_94, - data); - if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, - ERR_R_INTERNAL_ERROR); - goto err; - } - for (i=63,j=0; i>=0; j++, i--) { - p[2+j]=signbuf[i]; - } - s2n(j,p); - n=j+2; - } + { + unsigned char signbuf[64]; + int i, j; + size_t sigsize=64; + + s->method->ssl3_enc->cert_verify_mac(s, + NID_id_GostR3411_94, + data); + pctx = EVP_PKEY_CTX_new(pkey, NULL); + EVP_PKEY_sign_init(pctx); + if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_INTERNAL_ERROR); + goto err; + } + for (i=63,j=0; i>=0; j++, i--) { + p[2+j]=signbuf[i]; + } + s2n(j,p); + n=j+2; + } else - { + { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); goto err; - } + } *(d++)=SSL3_MT_CERTIFICATE_VERIFY; l2n3(n,d); diff --git a/openssl/ssl/ssl.h b/openssl/ssl/ssl.h index a3944f1..5faae95 100644 --- a/openssl/ssl/ssl.h +++ b/openssl/ssl/ssl.h @@ -547,6 +547,13 @@ struct ssl_session_st #ifndef OPENSSL_NO_SRP char *srp_username; #endif + + /* original_handshake_hash contains the handshake hash (either + * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full + * handshake that created a session. This is used by Channel IDs during + * resumption. */ + unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; + unsigned int original_handshake_hash_len; }; #endif @@ -1982,6 +1989,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); int SSL_add_client_CA(SSL *ssl,X509 *x); int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); +void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, + size_t *ctype_num); + void SSL_set_connect_state(SSL *s); void SSL_set_accept_state(SSL *s); diff --git a/openssl/ssl/ssl3.h b/openssl/ssl/ssl3.h index 899c8a8..019e8d8 100644 --- a/openssl/ssl/ssl3.h +++ b/openssl/ssl/ssl3.h @@ -508,7 +508,7 @@ typedef struct ssl3_state_st /* used for certificate requests */ int cert_req; int ctype_num; - char ctype[SSL3_CT_NUMBER]; + unsigned char ctype[SSL3_CT_NUMBER]; STACK_OF(X509_NAME) *ca_names; int use_rsa_tmp; diff --git a/openssl/ssl/ssl_cert.c b/openssl/ssl/ssl_cert.c index 5123a89..8a61650 100644 --- a/openssl/ssl/ssl_cert.c +++ b/openssl/ssl/ssl_cert.c @@ -655,6 +655,21 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) return(add_client_CA(&(ctx->client_CA),x)); } +void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, + size_t *ctype_num) + { + if (s->s3 == NULL) + { + *ctype = NULL; + *ctype_num = 0; + return; + } + + /* This always returns nothing for the server. */ + *ctype = s->s3->tmp.ctype; + *ctype_num = s->s3->tmp.ctype_num; + } + static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) { return(X509_NAME_cmp(*a,*b)); diff --git a/openssl/ssl/ssl_locl.h b/openssl/ssl/ssl_locl.h index 531a291..c975d31 100644 --- a/openssl/ssl/ssl_locl.h +++ b/openssl/ssl/ssl_locl.h @@ -1102,6 +1102,7 @@ void ssl_free_wbio_buffer(SSL *s); int tls1_change_cipher_state(SSL *s, int which); int tls1_setup_key_block(SSL *s); int tls1_enc(SSL *s, int snd); +int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len); int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p); int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); @@ -1158,6 +1159,7 @@ int tls12_get_sigid(const EVP_PKEY *pk); const EVP_MD *tls12_get_hash(unsigned char hash_alg); int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); +int tls1_record_handshake_hashes_for_channel_id(SSL *s); #endif int ssl3_can_cutthrough(const SSL *s); diff --git a/openssl/ssl/t1_enc.c b/openssl/ssl/t1_enc.c index 87b7021..d30ce61 100644 --- a/openssl/ssl/t1_enc.c +++ b/openssl/ssl/t1_enc.c @@ -1147,53 +1147,79 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) return((int)ret); } +/* tls1_handshake_digest calculates the current handshake hash and writes it to + * |out|, which has space for |out_len| bytes. It returns the number of bytes + * written or -1 in the event of an error. This function works on a copy of the + * underlying digests so can be called multiple times and prior to the final + * update etc. */ +int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) + { + const EVP_MD *md; + EVP_MD_CTX ctx; + int i, err = 0, len = 0; + long mask; + + EVP_MD_CTX_init(&ctx); + + for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) + { + int hash_size; + unsigned int digest_len; + EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; + + if ((mask & ssl_get_algorithm2(s)) == 0) + continue; + + hash_size = EVP_MD_size(md); + if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) + { + err = 1; + break; + } + + if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || + !EVP_DigestFinal_ex(&ctx, out, &digest_len) || + digest_len != (unsigned int)hash_size) /* internal error */ + { + err = 1; + break; + } + out += digest_len; + out_len -= digest_len; + len += digest_len; + } + + EVP_MD_CTX_cleanup(&ctx); + + if (err != 0) + return -1; + return len; + } + int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *out) { - unsigned int i; - EVP_MD_CTX ctx; unsigned char buf[2*EVP_MAX_MD_SIZE]; - unsigned char *q,buf2[12]; - int idx; - long mask; + unsigned char buf2[12]; int err=0; - const EVP_MD *md; + int digests_len; - q=buf; - - if (s->s3->handshake_buffer) + if (s->s3->handshake_buffer) if (!ssl3_digest_cached_records(s)) return 0; - EVP_MD_CTX_init(&ctx); - - for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) + digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); + if (digests_len < 0) { - if (mask & ssl_get_algorithm2(s)) - { - int hashsize = EVP_MD_size(md); - if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) - { - /* internal error: 'buf' is too small for this cipersuite! */ - err = 1; - } - else - { - EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); - EVP_DigestFinal_ex(&ctx,q,&i); - if (i != (unsigned int)hashsize) /* can't really happen */ - err = 1; - q+=i; - } - } + err = 1; + digests_len = 0; } - + if (!tls1_PRF(ssl_get_algorithm2(s), - str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, + str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, s->session->master_key,s->session->master_key_length, out,buf2,sizeof buf2)) err = 1; - EVP_MD_CTX_cleanup(&ctx); if (err) return 0; diff --git a/openssl/ssl/t1_lib.c b/openssl/ssl/t1_lib.c index ea7fefa..d7ea9a5 100644 --- a/openssl/ssl/t1_lib.c +++ b/openssl/ssl/t1_lib.c @@ -2684,6 +2684,17 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); + if (s->hit) + { + static const char kResumptionMagic[] = "Resumption"; + EVP_DigestUpdate(md, kResumptionMagic, + sizeof(kResumptionMagic)); + if (s->session->original_handshake_hash_len == 0) + return 0; + EVP_DigestUpdate(md, s->session->original_handshake_hash, + s->session->original_handshake_hash_len); + } + EVP_MD_CTX_init(&ctx); for (i = 0; i < SSL_MAX_DIGEST; i++) { @@ -2698,3 +2709,29 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) return 1; } #endif + +/* tls1_record_handshake_hashes_for_channel_id records the current handshake + * hashes in |s->session| so that Channel ID resumptions can sign that data. */ +int tls1_record_handshake_hashes_for_channel_id(SSL *s) + { + int digest_len; + /* This function should never be called for a resumed session because + * the handshake hashes that we wish to record are for the original, + * full handshake. */ + if (s->hit) + return -1; + /* It only makes sense to call this function if Channel IDs have been + * negotiated. */ + if (!s->s3->tlsext_channel_id_valid) + return -1; + + digest_len = tls1_handshake_digest( + s, s->session->original_handshake_hash, + sizeof(s->session->original_handshake_hash)); + if (digest_len < 0) + return -1; + + s->session->original_handshake_hash_len = digest_len; + + return 1; + } diff --git a/openssl/ssl/tls1.h b/openssl/ssl/tls1.h index c4f69aa..5559486 100644 --- a/openssl/ssl/tls1.h +++ b/openssl/ssl/tls1.h @@ -255,7 +255,7 @@ extern "C" { #endif /* This is not an IANA defined extension number */ -#define TLSEXT_TYPE_channel_id 30031 +#define TLSEXT_TYPE_channel_id 30032 /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 diff --git a/patches.chromium/0014-new_channelid.patch b/patches.chromium/0014-new_channelid.patch new file mode 100644 index 0000000..7f607d0 --- /dev/null +++ b/patches.chromium/0014-new_channelid.patch @@ -0,0 +1,537 @@ +diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/openssl/ssl.h +--- android-openssl.orig/include/openssl/ssl.h 2014-05-05 16:45:02.685389339 +0200 ++++ android-openssl/include/openssl/ssl.h 2014-05-05 16:46:32.513390565 +0200 +@@ -544,6 +544,13 @@ + #ifndef OPENSSL_NO_SRP + char *srp_username; + #endif ++ ++ /* original_handshake_hash contains the handshake hash (either ++ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full ++ * handshake that created a session. This is used by Channel IDs during ++ * resumption. */ ++ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; ++ unsigned int original_handshake_hash_len; + }; + + #endif +diff -burN android-openssl.orig/include/openssl/tls1.h android-openssl/include/openssl/tls1.h +--- android-openssl.orig/include/openssl/tls1.h 2014-05-05 16:45:02.689389339 +0200 ++++ android-openssl/include/openssl/tls1.h 2014-05-05 16:46:32.517390565 +0200 +@@ -249,7 +249,7 @@ + #endif + + /* This is not an IANA defined extension number */ +-#define TLSEXT_TYPE_channel_id 30031 ++#define TLSEXT_TYPE_channel_id 30032 + + /* NameType value from RFC 3546 */ + #define TLSEXT_NAMETYPE_host_name 0 +diff -burN android-openssl.orig/patches/new_channelid.patch android-openssl/patches/new_channelid.patch +--- android-openssl.orig/patches/new_channelid.patch 1970-01-01 01:00:00.000000000 +0100 ++++ android-openssl/patches/new_channelid.patch 2014-05-05 16:48:54.429392502 +0200 +@@ -0,0 +1,273 @@ ++diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h ++index a3944f1..fe92ccf 100644 ++--- a/include/openssl/ssl.h +++++ b/include/openssl/ssl.h ++@@ -547,6 +547,13 @@ struct ssl_session_st ++ #ifndef OPENSSL_NO_SRP ++ char *srp_username; ++ #endif +++ +++ /* original_handshake_hash contains the handshake hash (either +++ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full +++ * handshake that created a session. This is used by Channel IDs during +++ * resumption. */ +++ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; +++ unsigned int original_handshake_hash_len; ++ }; ++ ++ #endif ++diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h ++index c4f69aa..5559486 100644 ++--- a/include/openssl/tls1.h +++++ b/include/openssl/tls1.h ++@@ -255,7 +255,7 @@ extern "C" { ++ #endif ++ ++ /* This is not an IANA defined extension number */ ++-#define TLSEXT_TYPE_channel_id 30031 +++#define TLSEXT_TYPE_channel_id 30032 ++ ++ /* NameType value from RFC 3546 */ ++ #define TLSEXT_NAMETYPE_host_name 0 ++diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c ++index 640df80..d6154c5 100644 ++--- a/ssl/s3_clnt.c +++++ b/ssl/s3_clnt.c ++@@ -583,6 +583,18 @@ int ssl3_connect(SSL *s) ++ #endif ++ s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; ++ } +++ if (s->s3->tlsext_channel_id_valid) +++ { +++ /* This is a non-resumption handshake. If it +++ * involves ChannelID, then record the +++ * handshake hashes at this point in the +++ * session so that any resumption of this +++ * session with ChannelID can sign those +++ * hashes. */ +++ ret = tls1_record_handshake_hashes_for_channel_id(s); +++ if (ret <= 0) +++ goto end; +++ } ++ } ++ s->init_num=0; ++ break; ++diff --git a/ssl/ssl.h b/ssl/ssl.h ++index a3944f1..fe92ccf 100644 ++--- a/ssl/ssl.h +++++ b/ssl/ssl.h ++@@ -547,6 +547,13 @@ struct ssl_session_st ++ #ifndef OPENSSL_NO_SRP ++ char *srp_username; ++ #endif +++ +++ /* original_handshake_hash contains the handshake hash (either +++ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full +++ * handshake that created a session. This is used by Channel IDs during +++ * resumption. */ +++ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; +++ unsigned int original_handshake_hash_len; ++ }; ++ ++ #endif ++diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h ++index 531a291..c975d31 100644 ++--- a/ssl/ssl_locl.h +++++ b/ssl/ssl_locl.h ++@@ -1102,6 +1102,7 @@ void ssl_free_wbio_buffer(SSL *s); ++ int tls1_change_cipher_state(SSL *s, int which); ++ int tls1_setup_key_block(SSL *s); ++ int tls1_enc(SSL *s, int snd); +++int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len); ++ int tls1_final_finish_mac(SSL *s, ++ const char *str, int slen, unsigned char *p); ++ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); ++@@ -1158,6 +1159,7 @@ int tls12_get_sigid(const EVP_PKEY *pk); ++ const EVP_MD *tls12_get_hash(unsigned char hash_alg); ++ ++ int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); +++int tls1_record_handshake_hashes_for_channel_id(SSL *s); ++ #endif ++ ++ int ssl3_can_cutthrough(const SSL *s); ++diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c ++index 87b7021..d30ce61 100644 ++--- a/ssl/t1_enc.c +++++ b/ssl/t1_enc.c ++@@ -1147,53 +1147,79 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out) ++ return((int)ret); ++ } ++ +++/* tls1_handshake_digest calculates the current handshake hash and writes it to +++ * |out|, which has space for |out_len| bytes. It returns the number of bytes +++ * written or -1 in the event of an error. This function works on a copy of the +++ * underlying digests so can be called multiple times and prior to the final +++ * update etc. */ +++int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) +++ { +++ const EVP_MD *md; +++ EVP_MD_CTX ctx; +++ int i, err = 0, len = 0; +++ long mask; +++ +++ EVP_MD_CTX_init(&ctx); +++ +++ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) +++ { +++ int hash_size; +++ unsigned int digest_len; +++ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; +++ +++ if ((mask & ssl_get_algorithm2(s)) == 0) +++ continue; +++ +++ hash_size = EVP_MD_size(md); +++ if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) +++ { +++ err = 1; +++ break; +++ } +++ +++ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || +++ !EVP_DigestFinal_ex(&ctx, out, &digest_len) || +++ digest_len != (unsigned int)hash_size) /* internal error */ +++ { +++ err = 1; +++ break; +++ } +++ out += digest_len; +++ out_len -= digest_len; +++ len += digest_len; +++ } +++ +++ EVP_MD_CTX_cleanup(&ctx); +++ +++ if (err != 0) +++ return -1; +++ return len; +++ } +++ ++ int tls1_final_finish_mac(SSL *s, ++ const char *str, int slen, unsigned char *out) ++ { ++- unsigned int i; ++- EVP_MD_CTX ctx; ++ unsigned char buf[2*EVP_MAX_MD_SIZE]; ++- unsigned char *q,buf2[12]; ++- int idx; ++- long mask; +++ unsigned char buf2[12]; ++ int err=0; ++- const EVP_MD *md; +++ int digests_len; ++ ++- q=buf; ++- ++- if (s->s3->handshake_buffer) +++ if (s->s3->handshake_buffer) ++ if (!ssl3_digest_cached_records(s)) ++ return 0; ++ ++- EVP_MD_CTX_init(&ctx); ++- ++- for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) +++ digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); +++ if (digests_len < 0) ++ { ++- if (mask & ssl_get_algorithm2(s)) ++- { ++- int hashsize = EVP_MD_size(md); ++- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) ++- { ++- /* internal error: 'buf' is too small for this cipersuite! */ ++- err = 1; ++- } ++- else ++- { ++- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); ++- EVP_DigestFinal_ex(&ctx,q,&i); ++- if (i != (unsigned int)hashsize) /* can't really happen */ ++- err = 1; ++- q+=i; ++- } ++- } +++ err = 1; +++ digests_len = 0; ++ } ++- +++ ++ if (!tls1_PRF(ssl_get_algorithm2(s), ++- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, +++ str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, ++ s->session->master_key,s->session->master_key_length, ++ out,buf2,sizeof buf2)) ++ err = 1; ++- EVP_MD_CTX_cleanup(&ctx); ++ ++ if (err) ++ return 0; ++diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c ++index ea7fefa..d7ea9a5 100644 ++--- a/ssl/t1_lib.c +++++ b/ssl/t1_lib.c ++@@ -2684,6 +2684,17 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) ++ ++ EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); ++ +++ if (s->hit) +++ { +++ static const char kResumptionMagic[] = "Resumption"; +++ EVP_DigestUpdate(md, kResumptionMagic, +++ sizeof(kResumptionMagic)); +++ if (s->session->original_handshake_hash_len == 0) +++ return 0; +++ EVP_DigestUpdate(md, s->session->original_handshake_hash, +++ s->session->original_handshake_hash_len); +++ } +++ ++ EVP_MD_CTX_init(&ctx); ++ for (i = 0; i < SSL_MAX_DIGEST; i++) ++ { ++@@ -2698,3 +2709,29 @@ tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s) ++ return 1; ++ } ++ #endif +++ +++/* tls1_record_handshake_hashes_for_channel_id records the current handshake +++ * hashes in |s->session| so that Channel ID resumptions can sign that data. */ +++int tls1_record_handshake_hashes_for_channel_id(SSL *s) +++ { +++ int digest_len; +++ /* This function should never be called for a resumed session because +++ * the handshake hashes that we wish to record are for the original, +++ * full handshake. */ +++ if (s->hit) +++ return -1; +++ /* It only makes sense to call this function if Channel IDs have been +++ * negotiated. */ +++ if (!s->s3->tlsext_channel_id_valid) +++ return -1; +++ +++ digest_len = tls1_handshake_digest( +++ s, s->session->original_handshake_hash, +++ sizeof(s->session->original_handshake_hash)); +++ if (digest_len < 0) +++ return -1; +++ +++ s->session->original_handshake_hash_len = digest_len; +++ +++ return 1; +++ } ++diff --git a/ssl/tls1.h b/ssl/tls1.h ++index c4f69aa..5559486 100644 ++--- a/ssl/tls1.h +++++ b/ssl/tls1.h ++@@ -255,7 +255,7 @@ extern "C" { ++ #endif ++ ++ /* This is not an IANA defined extension number */ ++-#define TLSEXT_TYPE_channel_id 30031 +++#define TLSEXT_TYPE_channel_id 30032 ++ ++ /* NameType value from RFC 3546 */ ++ #define TLSEXT_NAMETYPE_host_name 0 +diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c +--- android-openssl.orig/ssl/s3_clnt.c 2014-05-05 16:45:02.785389340 +0200 ++++ android-openssl/ssl/s3_clnt.c 2014-05-05 16:46:32.525390565 +0200 +@@ -583,6 +583,18 @@ + #endif + s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; + } ++ if (s->s3->tlsext_channel_id_valid) ++ { ++ /* This is a non-resumption handshake. If it ++ * involves ChannelID, then record the ++ * handshake hashes at this point in the ++ * session so that any resumption of this ++ * session with ChannelID can sign those ++ * hashes. */ ++ ret = tls1_record_handshake_hashes_for_channel_id(s); ++ if (ret <= 0) ++ goto end; ++ } + } + s->init_num=0; + break; +diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h +--- android-openssl.orig/ssl/ssl.h 2014-05-05 16:45:02.693389339 +0200 ++++ android-openssl/ssl/ssl.h 2014-05-05 16:46:32.533390565 +0200 +@@ -544,6 +544,13 @@ + #ifndef OPENSSL_NO_SRP + char *srp_username; + #endif ++ ++ /* original_handshake_hash contains the handshake hash (either ++ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full ++ * handshake that created a session. This is used by Channel IDs during ++ * resumption. */ ++ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE]; ++ unsigned int original_handshake_hash_len; + }; + + #endif +diff -burN android-openssl.orig/ssl/ssl_locl.h android-openssl/ssl/ssl_locl.h +--- android-openssl.orig/ssl/ssl_locl.h 2014-05-05 16:45:02.785389340 +0200 ++++ android-openssl/ssl/ssl_locl.h 2014-05-05 16:46:32.541390565 +0200 +@@ -1071,6 +1071,7 @@ + int tls1_change_cipher_state(SSL *s, int which); + int tls1_setup_key_block(SSL *s); + int tls1_enc(SSL *s, int snd); ++int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len); + int tls1_final_finish_mac(SSL *s, + const char *str, int slen, unsigned char *p); + int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p); +@@ -1127,6 +1128,7 @@ + const EVP_MD *tls12_get_hash(unsigned char hash_alg); + + int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s); ++int tls1_record_handshake_hashes_for_channel_id(SSL *s); + #endif + + int ssl3_can_cutthrough(const SSL *s); +diff -burN android-openssl.orig/ssl/t1_enc.c android-openssl/ssl/t1_enc.c +--- android-openssl.orig/ssl/t1_enc.c 2014-05-05 16:45:02.697389339 +0200 ++++ android-openssl/ssl/t1_enc.c 2014-05-05 16:46:32.545390565 +0200 +@@ -890,53 +890,79 @@ + return((int)ret); + } + +-int tls1_final_finish_mac(SSL *s, +- const char *str, int slen, unsigned char *out) ++/* tls1_handshake_digest calculates the current handshake hash and writes it to ++ * |out|, which has space for |out_len| bytes. It returns the number of bytes ++ * written or -1 in the event of an error. This function works on a copy of the ++ * underlying digests so can be called multiple times and prior to the final ++ * update etc. */ ++int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len) + { +- unsigned int i; ++ const EVP_MD *md; + EVP_MD_CTX ctx; +- unsigned char buf[2*EVP_MAX_MD_SIZE]; +- unsigned char *q,buf2[12]; +- int idx; ++ int i, err = 0, len = 0; + long mask; +- int err=0; +- const EVP_MD *md; +- +- q=buf; +- +- if (s->s3->handshake_buffer) +- if (!ssl3_digest_cached_records(s)) +- return 0; + + EVP_MD_CTX_init(&ctx); + +- for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++) ++ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++) + { +- if (mask & ssl_get_algorithm2(s)) +- { +- int hashsize = EVP_MD_size(md); +- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) ++ int hash_size; ++ unsigned int digest_len; ++ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i]; ++ ++ if ((mask & ssl_get_algorithm2(s)) == 0) ++ continue; ++ ++ hash_size = EVP_MD_size(md); ++ if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len) + { +- /* internal error: 'buf' is too small for this cipersuite! */ + err = 1; ++ break; + } +- else ++ ++ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || ++ !EVP_DigestFinal_ex(&ctx, out, &digest_len) || ++ digest_len != (unsigned int)hash_size) /* internal error */ + { +- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); +- EVP_DigestFinal_ex(&ctx,q,&i); +- if (i != (unsigned int)hashsize) /* can't really happen */ + err = 1; +- q+=i; ++ break; + } ++ out += digest_len; ++ out_len -= digest_len; ++ len += digest_len; + } ++ ++ EVP_MD_CTX_cleanup(&ctx); ++ ++ if (err != 0) ++ return -1; ++ return len; ++ } ++ ++int tls1_final_finish_mac(SSL *s, ++ const char *str, int slen, unsigned char *out) ++ { ++ unsigned char buf[2*EVP_MAX_MD_SIZE]; ++ unsigned char buf2[12]; ++ int err=0; ++ int digests_len; ++ ++ if (s->s3->handshake_buffer) ++ if (!ssl3_digest_cached_records(s)) ++ return 0; ++ ++ digests_len = tls1_handshake_digest(s, buf, sizeof(buf)); ++ if (digests_len < 0) ++ { ++ err = 1; ++ digests_len = 0; + } + + if (!tls1_PRF(ssl_get_algorithm2(s), +- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0, ++ str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0, + s->session->master_key,s->session->master_key_length, + out,buf2,sizeof buf2)) + err = 1; +- EVP_MD_CTX_cleanup(&ctx); + + if (err) + return 0; +diff -burN android-openssl.orig/ssl/t1_lib.c android-openssl/ssl/t1_lib.c +--- android-openssl.orig/ssl/t1_lib.c 2014-05-05 16:45:02.789389340 +0200 ++++ android-openssl/ssl/t1_lib.c 2014-05-05 16:46:32.549390565 +0200 +@@ -2672,6 +2672,17 @@ + + EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic)); + ++ if (s->hit) ++ { ++ static const char kResumptionMagic[] = "Resumption"; ++ EVP_DigestUpdate(md, kResumptionMagic, ++ sizeof(kResumptionMagic)); ++ if (s->session->original_handshake_hash_len == 0) ++ return 0; ++ EVP_DigestUpdate(md, s->session->original_handshake_hash, ++ s->session->original_handshake_hash_len); ++ } ++ + EVP_MD_CTX_init(&ctx); + for (i = 0; i < SSL_MAX_DIGEST; i++) + { +@@ -2686,3 +2697,29 @@ + return 1; + } + #endif ++ ++/* tls1_record_handshake_hashes_for_channel_id records the current handshake ++ * hashes in |s->session| so that Channel ID resumptions can sign that data. */ ++int tls1_record_handshake_hashes_for_channel_id(SSL *s) ++ { ++ int digest_len; ++ /* This function should never be called for a resumed session because ++ * the handshake hashes that we wish to record are for the original, ++ * full handshake. */ ++ if (s->hit) ++ return -1; ++ /* It only makes sense to call this function if Channel IDs have been ++ * negotiated. */ ++ if (!s->s3->tlsext_channel_id_valid) ++ return -1; ++ ++ digest_len = tls1_handshake_digest( ++ s, s->session->original_handshake_hash, ++ sizeof(s->session->original_handshake_hash)); ++ if (digest_len < 0) ++ return -1; ++ ++ s->session->original_handshake_hash_len = digest_len; ++ ++ return 1; ++ } +diff -burN android-openssl.orig/ssl/tls1.h android-openssl/ssl/tls1.h +--- android-openssl.orig/ssl/tls1.h 2014-05-05 16:45:02.697389339 +0200 ++++ android-openssl/ssl/tls1.h 2014-05-05 16:46:32.553390566 +0200 +@@ -249,7 +249,7 @@ + #endif + + /* This is not an IANA defined extension number */ +-#define TLSEXT_TYPE_channel_id 30031 ++#define TLSEXT_TYPE_channel_id 30032 + + /* NameType value from RFC 3546 */ + #define TLSEXT_NAMETYPE_host_name 0 diff --git a/patches.chromium/0015-export_certificate_types.patch b/patches.chromium/0015-export_certificate_types.patch new file mode 100644 index 0000000..e5c7f76 --- /dev/null +++ b/patches.chromium/0015-export_certificate_types.patch @@ -0,0 +1,80 @@ +diff --git android-openssl.orig/include/openssl/ssl.h android-openssl/include/openssl/ssl.h +index a3944f1..e559608 100644 +--- android-openssl.orig/include/openssl/ssl.h ++++ android-openssl/include/openssl/ssl.h +@@ -1982,6 +1982,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); + int SSL_add_client_CA(SSL *ssl,X509 *x); + int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); + ++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, ++ size_t *ctype_num); ++ + void SSL_set_connect_state(SSL *s); + void SSL_set_accept_state(SSL *s); + +diff --git android-openssl.orig/include/openssl/ssl3.h android-openssl/include/openssl/ssl3.h +index 899c8a8..019e8d8 100644 +--- android-openssl.orig/include/openssl/ssl3.h ++++ android-openssl/include/openssl/ssl3.h +@@ -508,7 +508,7 @@ typedef struct ssl3_state_st + /* used for certificate requests */ + int cert_req; + int ctype_num; +- char ctype[SSL3_CT_NUMBER]; ++ unsigned char ctype[SSL3_CT_NUMBER]; + STACK_OF(X509_NAME) *ca_names; + + int use_rsa_tmp; +diff --git android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h +index a3944f1..e559608 100644 +--- android-openssl.orig/ssl/ssl.h ++++ android-openssl/ssl/ssl.h +@@ -1982,6 +1982,9 @@ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); + int SSL_add_client_CA(SSL *ssl,X509 *x); + int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); + ++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, ++ size_t *ctype_num); ++ + void SSL_set_connect_state(SSL *s); + void SSL_set_accept_state(SSL *s); + +diff --git android-openssl.orig/ssl/ssl3.h android-openssl/ssl/ssl3.h +index 899c8a8..019e8d8 100644 +--- android-openssl.orig/ssl/ssl3.h ++++ android-openssl/ssl/ssl3.h +@@ -508,7 +508,7 @@ typedef struct ssl3_state_st + /* used for certificate requests */ + int cert_req; + int ctype_num; +- char ctype[SSL3_CT_NUMBER]; ++ unsigned char ctype[SSL3_CT_NUMBER]; + STACK_OF(X509_NAME) *ca_names; + + int use_rsa_tmp; +diff --git android-openssl.orig/ssl/ssl_cert.c android-openssl/ssl/ssl_cert.c +index 5123a89..8a61650 100644 +--- android-openssl.orig/ssl/ssl_cert.c ++++ android-openssl/ssl/ssl_cert.c +@@ -655,6 +655,21 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) + return(add_client_CA(&(ctx->client_CA),x)); + } + ++void SSL_get_client_certificate_types(const SSL *s, const unsigned char **ctype, ++ size_t *ctype_num) ++ { ++ if (s->s3 == NULL) ++ { ++ *ctype = NULL; ++ *ctype_num = 0; ++ return; ++ } ++ ++ /* This always returns nothing for the server. */ ++ *ctype = s->s3->tmp.ctype; ++ *ctype_num = s->s3->tmp.ctype_num; ++ } ++ + static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) + { + return(X509_NAME_cmp(*a,*b)); diff --git a/patches.chromium/0016-send_client_verify_cleanup.patch b/patches.chromium/0016-send_client_verify_cleanup.patch new file mode 100644 index 0000000..6f728ed --- /dev/null +++ b/patches.chromium/0016-send_client_verify_cleanup.patch @@ -0,0 +1,187 @@ +diff --git android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c +index d6154c5..2b094c9 100644 +--- android-openssl.orig/ssl/s3_clnt.c ++++ android-openssl/ssl/s3_clnt.c +@@ -3022,33 +3022,18 @@ int ssl3_send_client_verify(SSL *s) + unsigned char *p,*d; + unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; + EVP_PKEY *pkey; +- EVP_PKEY_CTX *pctx=NULL; ++ EVP_PKEY_CTX *pctx = NULL; + EVP_MD_CTX mctx; +- unsigned u=0; ++ unsigned signature_length = 0; + unsigned long n; +- int j; + + EVP_MD_CTX_init(&mctx); + + if (s->state == SSL3_ST_CW_CERT_VRFY_A) + { +- d=(unsigned char *)s->init_buf->data; +- p= &(d[4]); +- pkey=s->cert->key->privatekey; +-/* Create context from key and test if sha1 is allowed as digest */ +- pctx = EVP_PKEY_CTX_new(pkey,NULL); +- EVP_PKEY_sign_init(pctx); +- if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0) +- { +- if (TLS1_get_version(s) < TLS1_2_VERSION) +- s->method->ssl3_enc->cert_verify_mac(s, +- NID_sha1, +- &(data[MD5_DIGEST_LENGTH])); +- } +- else +- { +- ERR_clear_error(); +- } ++ d = (unsigned char *)s->init_buf->data; ++ p = &(d[4]); ++ pkey = s->cert->key->privatekey; + /* For TLS v1.2 send signature algorithm and signature + * using agreed digest and cached handshake records. + */ +@@ -3072,14 +3057,15 @@ int ssl3_send_client_verify(SSL *s) + #endif + if (!EVP_SignInit_ex(&mctx, md, NULL) + || !EVP_SignUpdate(&mctx, hdata, hdatalen) +- || !EVP_SignFinal(&mctx, p + 2, &u, pkey)) ++ || !EVP_SignFinal(&mctx, p + 2, ++ &signature_length, pkey)) + { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, + ERR_R_EVP_LIB); + goto err; + } +- s2n(u,p); +- n = u + 4; ++ s2n(signature_length, p); ++ n = signature_length + 4; + if (!ssl3_digest_cached_records(s)) + goto err; + } +@@ -3087,78 +3073,80 @@ int ssl3_send_client_verify(SSL *s) + #ifndef OPENSSL_NO_RSA + if (pkey->type == EVP_PKEY_RSA) + { ++ s->method->ssl3_enc->cert_verify_mac(s, NID_md5, data); + s->method->ssl3_enc->cert_verify_mac(s, +- NID_md5, +- &(data[0])); ++ NID_sha1, &(data[MD5_DIGEST_LENGTH])); + if (RSA_sign(NID_md5_sha1, data, +- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, +- &(p[2]), &u, pkey->pkey.rsa) <= 0 ) ++ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, ++ &(p[2]), &signature_length, pkey->pkey.rsa) <= 0) + { +- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB); + goto err; + } +- s2n(u,p); +- n=u+2; ++ s2n(signature_length, p); ++ n = signature_length + 2; + } + else + #endif + #ifndef OPENSSL_NO_DSA +- if (pkey->type == EVP_PKEY_DSA) ++ if (pkey->type == EVP_PKEY_DSA) + { +- if (!DSA_sign(pkey->save_type, +- &(data[MD5_DIGEST_LENGTH]), +- SHA_DIGEST_LENGTH,&(p[2]), +- (unsigned int *)&j,pkey->pkey.dsa)) ++ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); ++ if (!DSA_sign(pkey->save_type, data, ++ SHA_DIGEST_LENGTH, &(p[2]), ++ &signature_length, pkey->pkey.dsa)) + { +- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB); + goto err; + } +- s2n(j,p); +- n=j+2; ++ s2n(signature_length, p); ++ n = signature_length + 2; + } + else + #endif + #ifndef OPENSSL_NO_ECDSA +- if (pkey->type == EVP_PKEY_EC) ++ if (pkey->type == EVP_PKEY_EC) + { +- if (!ECDSA_sign(pkey->save_type, +- &(data[MD5_DIGEST_LENGTH]), +- SHA_DIGEST_LENGTH,&(p[2]), +- (unsigned int *)&j,pkey->pkey.ec)) ++ s->method->ssl3_enc->cert_verify_mac(s, NID_sha1, data); ++ if (!ECDSA_sign(pkey->save_type, data, ++ SHA_DIGEST_LENGTH, &(p[2]), ++ &signature_length, pkey->pkey.ec)) + { +- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, +- ERR_R_ECDSA_LIB); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB); + goto err; + } +- s2n(j,p); +- n=j+2; ++ s2n(signature_length, p); ++ n = signature_length + 2; + } + else + #endif + if (pkey->type == NID_id_GostR3410_94 || pkey->type == NID_id_GostR3410_2001) +- { +- unsigned char signbuf[64]; +- int i; +- size_t sigsize=64; +- s->method->ssl3_enc->cert_verify_mac(s, +- NID_id_GostR3411_94, +- data); +- if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { +- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, +- ERR_R_INTERNAL_ERROR); +- goto err; +- } +- for (i=63,j=0; i>=0; j++, i--) { +- p[2+j]=signbuf[i]; +- } +- s2n(j,p); +- n=j+2; +- } ++ { ++ unsigned char signbuf[64]; ++ int i, j; ++ size_t sigsize=64; ++ ++ s->method->ssl3_enc->cert_verify_mac(s, ++ NID_id_GostR3411_94, ++ data); ++ pctx = EVP_PKEY_CTX_new(pkey, NULL); ++ EVP_PKEY_sign_init(pctx); ++ if (EVP_PKEY_sign(pctx, signbuf, &sigsize, data, 32) <= 0) { ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ++ ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ for (i=63,j=0; i>=0; j++, i--) { ++ p[2+j]=signbuf[i]; ++ } ++ s2n(j,p); ++ n=j+2; ++ } + else +- { ++ { + SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); + goto err; +- } ++ } + *(d++)=SSL3_MT_CERTIFICATE_VERIFY; + l2n3(n,d); + |