From 3e4d8f433239c40311037616b1b8833a06651ae0 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 16 Apr 2012 19:21:14 +0200 Subject: Initial import --- openssl/patches/README | 39 + openssl/patches/apps_Android.mk | 87 ++ openssl/patches/crypto_Android.mk | 559 ++++++++++++ openssl/patches/handshake_cutthrough.patch | 275 ++++++ openssl/patches/jsse.patch | 426 +++++++++ openssl/patches/npn.patch | 1293 ++++++++++++++++++++++++++++ openssl/patches/progs.patch | 54 ++ openssl/patches/sha1_armv4_large.patch | 21 + openssl/patches/small_records.patch | 337 ++++++++ openssl/patches/ssl_Android.mk | 98 +++ openssl/patches/sslv3_uninit_padding.patch | 14 + openssl/patches/testssl.sh | 77 ++ 12 files changed, 3280 insertions(+) create mode 100644 openssl/patches/README create mode 100644 openssl/patches/apps_Android.mk create mode 100644 openssl/patches/crypto_Android.mk create mode 100644 openssl/patches/handshake_cutthrough.patch create mode 100644 openssl/patches/jsse.patch create mode 100644 openssl/patches/npn.patch create mode 100644 openssl/patches/progs.patch create mode 100644 openssl/patches/sha1_armv4_large.patch create mode 100644 openssl/patches/small_records.patch create mode 100644 openssl/patches/ssl_Android.mk create mode 100644 openssl/patches/sslv3_uninit_padding.patch create mode 100755 openssl/patches/testssl.sh (limited to 'openssl/patches') diff --git a/openssl/patches/README b/openssl/patches/README new file mode 100644 index 00000000..54b6e068 --- /dev/null +++ b/openssl/patches/README @@ -0,0 +1,39 @@ +progs.patch: + +Fixup sources under the apps/ directory that are not built under the android environment. + + +small_records.patch: + +Reduce OpenSSL memory consumption. +SSL records may be as large as 16K, but are typically < 2K. In +addition, a historic bug in Windows allowed records to be as large +32K. OpenSSL statically allocates read and write buffers (34K and +18K respectively) used for processing records. +With this patch, OpenSSL statically allocates 4K + 4K buffers, with +the option of dynamically growing buffers to 34K + 4K, which is a +saving of 44K per connection for the typical case. + + +handshake_cutthrough.patch + +Enables SSL3+ clients to send application data immediately following the +Finished message even when negotiating full-handshakes. With this patch, +clients can negotiate SSL connections in 1-RTT even when performing +full-handshakes. + +jsse.patch + +Support for JSSE implementation based on OpenSSL. + +npn.patch + +Transport Layer Security (TLS) Next Protocol Negotiation Extension + +sslv3_uninit_padding.patch + +This patch sets the padding for SSLv3 block ciphers to zero. + +sha1_armv4_large.patch + +This patch eliminates memory stores to addresses below SP. diff --git a/openssl/patches/apps_Android.mk b/openssl/patches/apps_Android.mk new file mode 100644 index 00000000..20cc5a9d --- /dev/null +++ b/openssl/patches/apps_Android.mk @@ -0,0 +1,87 @@ +# Copyright 2006 The Android Open Source Project + +LOCAL_PATH:= $(call my-dir) + +local_src_files:= \ + app_rand.c \ + apps.c \ + asn1pars.c \ + ca.c \ + ciphers.c \ + crl.c \ + crl2p7.c \ + dgst.c \ + dh.c \ + dhparam.c \ + dsa.c \ + dsaparam.c \ + ecparam.c \ + ec.c \ + enc.c \ + engine.c \ + errstr.c \ + gendh.c \ + gendsa.c \ + genpkey.c \ + genrsa.c \ + nseq.c \ + ocsp.c \ + openssl.c \ + passwd.c \ + pkcs12.c \ + pkcs7.c \ + pkcs8.c \ + pkey.c \ + pkeyparam.c \ + pkeyutl.c \ + prime.c \ + rand.c \ + req.c \ + rsa.c \ + rsautl.c \ + s_cb.c \ + s_client.c \ + s_server.c \ + s_socket.c \ + s_time.c \ + sess_id.c \ + smime.c \ + speed.c \ + spkac.c \ + verify.c \ + version.c \ + x509.c + +local_shared_libraries := \ + libssl \ + libcrypto + +local_c_includes := \ + external/openssl \ + external/openssl/include + +local_cflags := -DMONOLITH + +# These flags omit whole features from the commandline "openssl". +# However, portions of these features are actually turned on. +local_cflags += -DOPENSSL_NO_DTLS1 + +include $(CLEAR_VARS) +LOCAL_MODULE:= openssl +LOCAL_MODULE_TAGS := optional +LOCAL_SRC_FILES := $(local_src_files) +LOCAL_SHARED_LIBRARIES := $(local_shared_libraries) +LOCAL_C_INCLUDES := $(local_c_includes) +LOCAL_CFLAGS := $(local_cflags) +include $(LOCAL_PATH)/../android-config.mk +include $(BUILD_EXECUTABLE) + +include $(CLEAR_VARS) +LOCAL_MODULE:= openssl +LOCAL_MODULE_TAGS := optional +LOCAL_SRC_FILES := $(local_src_files) +LOCAL_SHARED_LIBRARIES := $(local_shared_libraries) +LOCAL_C_INCLUDES := $(local_c_includes) +LOCAL_CFLAGS := $(local_cflags) +include $(LOCAL_PATH)/../android-config.mk +include $(BUILD_HOST_EXECUTABLE) diff --git a/openssl/patches/crypto_Android.mk b/openssl/patches/crypto_Android.mk new file mode 100644 index 00000000..6f09fa53 --- /dev/null +++ b/openssl/patches/crypto_Android.mk @@ -0,0 +1,559 @@ +LOCAL_PATH:= $(call my-dir) + +arm_cflags := -DOPENSSL_BN_ASM_MONT -DAES_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM +arm_src_files := \ + aes/asm/aes-armv4.s \ + bn/asm/armv4-mont.s \ + sha/asm/sha1-armv4-large.s \ + sha/asm/sha256-armv4.s \ + sha/asm/sha512-armv4.s +non_arm_src_files := aes/aes_core.c + +local_src_files := \ + cryptlib.c \ + mem.c \ + mem_clr.c \ + mem_dbg.c \ + cversion.c \ + ex_data.c \ + cpt_err.c \ + ebcdic.c \ + uid.c \ + o_time.c \ + o_str.c \ + o_dir.c \ + aes/aes_cbc.c \ + aes/aes_cfb.c \ + aes/aes_ctr.c \ + aes/aes_ecb.c \ + aes/aes_misc.c \ + aes/aes_ofb.c \ + aes/aes_wrap.c \ + asn1/a_bitstr.c \ + asn1/a_bool.c \ + asn1/a_bytes.c \ + asn1/a_d2i_fp.c \ + asn1/a_digest.c \ + asn1/a_dup.c \ + asn1/a_enum.c \ + asn1/a_gentm.c \ + asn1/a_i2d_fp.c \ + asn1/a_int.c \ + asn1/a_mbstr.c \ + asn1/a_object.c \ + asn1/a_octet.c \ + asn1/a_print.c \ + asn1/a_set.c \ + asn1/a_sign.c \ + asn1/a_strex.c \ + asn1/a_strnid.c \ + asn1/a_time.c \ + asn1/a_type.c \ + asn1/a_utctm.c \ + asn1/a_utf8.c \ + asn1/a_verify.c \ + asn1/ameth_lib.c \ + asn1/asn1_err.c \ + asn1/asn1_gen.c \ + asn1/asn1_lib.c \ + asn1/asn1_par.c \ + asn1/asn_mime.c \ + asn1/asn_moid.c \ + asn1/asn_pack.c \ + asn1/bio_asn1.c \ + asn1/bio_ndef.c \ + asn1/d2i_pr.c \ + asn1/d2i_pu.c \ + asn1/evp_asn1.c \ + asn1/f_enum.c \ + asn1/f_int.c \ + asn1/f_string.c \ + asn1/i2d_pr.c \ + asn1/i2d_pu.c \ + asn1/n_pkey.c \ + asn1/nsseq.c \ + asn1/p5_pbe.c \ + asn1/p5_pbev2.c \ + asn1/p8_pkey.c \ + asn1/t_bitst.c \ + asn1/t_crl.c \ + asn1/t_pkey.c \ + asn1/t_req.c \ + asn1/t_spki.c \ + asn1/t_x509.c \ + asn1/t_x509a.c \ + asn1/tasn_dec.c \ + asn1/tasn_enc.c \ + asn1/tasn_fre.c \ + asn1/tasn_new.c \ + asn1/tasn_prn.c \ + asn1/tasn_typ.c \ + asn1/tasn_utl.c \ + asn1/x_algor.c \ + asn1/x_attrib.c \ + asn1/x_bignum.c \ + asn1/x_crl.c \ + asn1/x_exten.c \ + asn1/x_info.c \ + asn1/x_long.c \ + asn1/x_name.c \ + asn1/x_nx509.c \ + asn1/x_pkey.c \ + asn1/x_pubkey.c \ + asn1/x_req.c \ + asn1/x_sig.c \ + asn1/x_spki.c \ + asn1/x_val.c \ + asn1/x_x509.c \ + asn1/x_x509a.c \ + bf/bf_cfb64.c \ + bf/bf_ecb.c \ + bf/bf_enc.c \ + bf/bf_ofb64.c \ + bf/bf_skey.c \ + bio/b_dump.c \ + bio/b_print.c \ + bio/b_sock.c \ + bio/bf_buff.c \ + bio/bf_nbio.c \ + bio/bf_null.c \ + bio/bio_cb.c \ + bio/bio_err.c \ + bio/bio_lib.c \ + bio/bss_acpt.c \ + bio/bss_bio.c \ + bio/bss_conn.c \ + bio/bss_dgram.c \ + bio/bss_fd.c \ + bio/bss_file.c \ + bio/bss_log.c \ + bio/bss_mem.c \ + bio/bss_null.c \ + bio/bss_sock.c \ + bn/bn_add.c \ + bn/bn_asm.c \ + bn/bn_blind.c \ + bn/bn_const.c \ + bn/bn_ctx.c \ + bn/bn_div.c \ + bn/bn_err.c \ + bn/bn_exp.c \ + bn/bn_exp2.c \ + bn/bn_gcd.c \ + bn/bn_gf2m.c \ + bn/bn_kron.c \ + bn/bn_lib.c \ + bn/bn_mod.c \ + bn/bn_mont.c \ + bn/bn_mpi.c \ + bn/bn_mul.c \ + bn/bn_nist.c \ + bn/bn_prime.c \ + bn/bn_print.c \ + bn/bn_rand.c \ + bn/bn_recp.c \ + bn/bn_shift.c \ + bn/bn_sqr.c \ + bn/bn_sqrt.c \ + bn/bn_word.c \ + buffer/buf_err.c \ + buffer/buffer.c \ + comp/c_rle.c \ + comp/c_zlib.c \ + comp/comp_err.c \ + comp/comp_lib.c \ + conf/conf_api.c \ + conf/conf_def.c \ + conf/conf_err.c \ + conf/conf_lib.c \ + conf/conf_mall.c \ + conf/conf_mod.c \ + conf/conf_sap.c \ + des/cbc_cksm.c \ + des/cbc_enc.c \ + des/cfb64ede.c \ + des/cfb64enc.c \ + des/cfb_enc.c \ + des/des_enc.c \ + des/des_old.c \ + des/des_old2.c \ + des/ecb3_enc.c \ + des/ecb_enc.c \ + des/ede_cbcm_enc.c \ + des/enc_read.c \ + des/enc_writ.c \ + des/fcrypt.c \ + des/fcrypt_b.c \ + des/ofb64ede.c \ + des/ofb64enc.c \ + des/ofb_enc.c \ + des/pcbc_enc.c \ + des/qud_cksm.c \ + des/rand_key.c \ + des/read2pwd.c \ + des/rpc_enc.c \ + des/set_key.c \ + des/str2key.c \ + des/xcbc_enc.c \ + dh/dh_ameth.c \ + dh/dh_asn1.c \ + dh/dh_check.c \ + dh/dh_depr.c \ + dh/dh_err.c \ + dh/dh_gen.c \ + dh/dh_key.c \ + dh/dh_lib.c \ + dh/dh_pmeth.c \ + dsa/dsa_ameth.c \ + dsa/dsa_asn1.c \ + dsa/dsa_depr.c \ + dsa/dsa_err.c \ + dsa/dsa_gen.c \ + dsa/dsa_key.c \ + dsa/dsa_lib.c \ + dsa/dsa_ossl.c \ + dsa/dsa_pmeth.c \ + dsa/dsa_prn.c \ + dsa/dsa_sign.c \ + dsa/dsa_vrf.c \ + dso/dso_dl.c \ + dso/dso_dlfcn.c \ + dso/dso_err.c \ + dso/dso_lib.c \ + dso/dso_null.c \ + dso/dso_openssl.c \ + ec/ec2_mult.c \ + ec/ec2_smpl.c \ + ec/ec_ameth.c \ + ec/ec_asn1.c \ + ec/ec_check.c \ + ec/ec_curve.c \ + ec/ec_cvt.c \ + ec/ec_err.c \ + ec/ec_key.c \ + ec/ec_lib.c \ + ec/ec_mult.c \ + ec/ec_pmeth.c \ + ec/ec_print.c \ + ec/eck_prn.c \ + ec/ecp_mont.c \ + ec/ecp_nist.c \ + ec/ecp_smpl.c \ + ecdh/ech_err.c \ + ecdh/ech_key.c \ + ecdh/ech_lib.c \ + ecdh/ech_ossl.c \ + ecdsa/ecs_asn1.c \ + ecdsa/ecs_err.c \ + ecdsa/ecs_lib.c \ + ecdsa/ecs_ossl.c \ + ecdsa/ecs_sign.c \ + ecdsa/ecs_vrf.c \ + err/err.c \ + err/err_all.c \ + err/err_prn.c \ + evp/bio_b64.c \ + evp/bio_enc.c \ + evp/bio_md.c \ + evp/bio_ok.c \ + evp/c_all.c \ + evp/c_allc.c \ + evp/c_alld.c \ + evp/digest.c \ + evp/e_aes.c \ + evp/e_bf.c \ + evp/e_des.c \ + evp/e_des3.c \ + evp/e_null.c \ + evp/e_old.c \ + evp/e_rc2.c \ + evp/e_rc4.c \ + evp/e_rc5.c \ + evp/e_xcbc_d.c \ + evp/encode.c \ + evp/evp_acnf.c \ + evp/evp_enc.c \ + evp/evp_err.c \ + evp/evp_key.c \ + evp/evp_lib.c \ + evp/evp_pbe.c \ + evp/evp_pkey.c \ + evp/m_dss.c \ + evp/m_dss1.c \ + evp/m_ecdsa.c \ + evp/m_md4.c \ + evp/m_md5.c \ + evp/m_mdc2.c \ + evp/m_null.c \ + evp/m_ripemd.c \ + evp/m_sha1.c \ + evp/m_sigver.c \ + evp/m_wp.c \ + evp/names.c \ + evp/p5_crpt.c \ + evp/p5_crpt2.c \ + evp/p_dec.c \ + evp/p_enc.c \ + evp/p_lib.c \ + evp/p_open.c \ + evp/p_seal.c \ + evp/p_sign.c \ + evp/p_verify.c \ + evp/pmeth_fn.c \ + evp/pmeth_gn.c \ + evp/pmeth_lib.c \ + hmac/hm_ameth.c \ + hmac/hm_pmeth.c \ + hmac/hmac.c \ + krb5/krb5_asn.c \ + lhash/lh_stats.c \ + lhash/lhash.c \ + md4/md4_dgst.c \ + md4/md4_one.c \ + md5/md5_dgst.c \ + md5/md5_one.c \ + modes/cbc128.c \ + modes/cfb128.c \ + modes/ctr128.c \ + modes/ofb128.c \ + objects/o_names.c \ + objects/obj_dat.c \ + objects/obj_err.c \ + objects/obj_lib.c \ + objects/obj_xref.c \ + ocsp/ocsp_asn.c \ + ocsp/ocsp_cl.c \ + ocsp/ocsp_err.c \ + ocsp/ocsp_ext.c \ + ocsp/ocsp_ht.c \ + ocsp/ocsp_lib.c \ + ocsp/ocsp_prn.c \ + ocsp/ocsp_srv.c \ + ocsp/ocsp_vfy.c \ + pem/pem_all.c \ + pem/pem_err.c \ + pem/pem_info.c \ + pem/pem_lib.c \ + pem/pem_oth.c \ + pem/pem_pk8.c \ + pem/pem_pkey.c \ + pem/pem_seal.c \ + pem/pem_sign.c \ + pem/pem_x509.c \ + pem/pem_xaux.c \ + pem/pvkfmt.c \ + pkcs12/p12_add.c \ + pkcs12/p12_asn.c \ + pkcs12/p12_attr.c \ + pkcs12/p12_crpt.c \ + pkcs12/p12_crt.c \ + pkcs12/p12_decr.c \ + pkcs12/p12_init.c \ + pkcs12/p12_key.c \ + pkcs12/p12_kiss.c \ + pkcs12/p12_mutl.c \ + pkcs12/p12_npas.c \ + pkcs12/p12_p8d.c \ + pkcs12/p12_p8e.c \ + pkcs12/p12_utl.c \ + pkcs12/pk12err.c \ + pkcs7/pk7_asn1.c \ + pkcs7/pk7_attr.c \ + pkcs7/pk7_doit.c \ + pkcs7/pk7_lib.c \ + pkcs7/pk7_mime.c \ + pkcs7/pk7_smime.c \ + pkcs7/pkcs7err.c \ + rand/md_rand.c \ + rand/rand_egd.c \ + rand/rand_err.c \ + rand/rand_lib.c \ + rand/rand_unix.c \ + rand/randfile.c \ + rc2/rc2_cbc.c \ + rc2/rc2_ecb.c \ + rc2/rc2_skey.c \ + rc2/rc2cfb64.c \ + rc2/rc2ofb64.c \ + rc4/rc4_enc.c \ + rc4/rc4_skey.c \ + ripemd/rmd_dgst.c \ + ripemd/rmd_one.c \ + rsa/rsa_ameth.c \ + rsa/rsa_asn1.c \ + rsa/rsa_chk.c \ + rsa/rsa_eay.c \ + rsa/rsa_err.c \ + rsa/rsa_gen.c \ + rsa/rsa_lib.c \ + rsa/rsa_none.c \ + rsa/rsa_null.c \ + rsa/rsa_oaep.c \ + rsa/rsa_pk1.c \ + rsa/rsa_pmeth.c \ + rsa/rsa_prn.c \ + rsa/rsa_pss.c \ + rsa/rsa_saos.c \ + rsa/rsa_sign.c \ + rsa/rsa_ssl.c \ + rsa/rsa_x931.c \ + sha/sha1_one.c \ + sha/sha1dgst.c \ + sha/sha256.c \ + sha/sha512.c \ + sha/sha_dgst.c \ + stack/stack.c \ + ts/ts_err.c \ + txt_db/txt_db.c \ + ui/ui_compat.c \ + ui/ui_err.c \ + ui/ui_lib.c \ + ui/ui_openssl.c \ + ui/ui_util.c \ + x509/by_dir.c \ + x509/by_file.c \ + x509/x509_att.c \ + x509/x509_cmp.c \ + x509/x509_d2.c \ + x509/x509_def.c \ + x509/x509_err.c \ + x509/x509_ext.c \ + x509/x509_lu.c \ + x509/x509_obj.c \ + x509/x509_r2x.c \ + x509/x509_req.c \ + x509/x509_set.c \ + x509/x509_trs.c \ + x509/x509_txt.c \ + x509/x509_v3.c \ + x509/x509_vfy.c \ + x509/x509_vpm.c \ + x509/x509cset.c \ + x509/x509name.c \ + x509/x509rset.c \ + x509/x509spki.c \ + x509/x509type.c \ + x509/x_all.c \ + x509v3/pcy_cache.c \ + x509v3/pcy_data.c \ + x509v3/pcy_lib.c \ + x509v3/pcy_map.c \ + x509v3/pcy_node.c \ + x509v3/pcy_tree.c \ + x509v3/v3_akey.c \ + x509v3/v3_akeya.c \ + x509v3/v3_alt.c \ + x509v3/v3_bcons.c \ + x509v3/v3_bitst.c \ + x509v3/v3_conf.c \ + x509v3/v3_cpols.c \ + x509v3/v3_crld.c \ + x509v3/v3_enum.c \ + x509v3/v3_extku.c \ + x509v3/v3_genn.c \ + x509v3/v3_ia5.c \ + x509v3/v3_info.c \ + x509v3/v3_int.c \ + x509v3/v3_lib.c \ + x509v3/v3_ncons.c \ + x509v3/v3_ocsp.c \ + x509v3/v3_pci.c \ + x509v3/v3_pcia.c \ + x509v3/v3_pcons.c \ + x509v3/v3_pku.c \ + x509v3/v3_pmaps.c \ + x509v3/v3_prn.c \ + x509v3/v3_purp.c \ + x509v3/v3_skey.c \ + x509v3/v3_sxnet.c \ + x509v3/v3_utl.c \ + x509v3/v3err.c + +local_c_includes := \ + external/openssl \ + external/openssl/crypto/asn1 \ + external/openssl/crypto/evp \ + external/openssl/include \ + external/openssl/include/openssl \ + external/zlib + +local_c_flags := -DNO_WINDOWS_BRAINDEATH + +####################################### +# target static library +include $(CLEAR_VARS) +include $(LOCAL_PATH)/../android-config.mk + +ifneq ($(TARGET_ARCH),x86) +LOCAL_NDK_VERSION := 5 +LOCAL_SDK_VERSION := 9 +endif + +LOCAL_SRC_FILES += $(local_src_files) +LOCAL_CFLAGS += $(local_c_flags) +LOCAL_C_INCLUDES += $(local_c_includes) +ifeq ($(TARGET_ARCH),arm) + LOCAL_SRC_FILES += $(arm_src_files) + LOCAL_CFLAGS += $(arm_cflags) +else + LOCAL_SRC_FILES += $(non_arm_src_files) +endif +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE:= libcrypto_static +include $(BUILD_STATIC_LIBRARY) + +####################################### +# target shared library +include $(CLEAR_VARS) +include $(LOCAL_PATH)/../android-config.mk + +ifneq ($(TARGET_ARCH),x86) +LOCAL_NDK_VERSION := 5 +LOCAL_SDK_VERSION := 9 +# Use the NDK prebuilt libz and libdl. +LOCAL_LDFLAGS += -lz -ldl +else +LOCAL_SHARED_LIBRARIES += libz libdl +endif + +LOCAL_SRC_FILES += $(local_src_files) +LOCAL_CFLAGS += $(local_c_flags) +LOCAL_C_INCLUDES += $(local_c_includes) +ifeq ($(TARGET_ARCH),arm) + LOCAL_SRC_FILES += $(arm_src_files) + LOCAL_CFLAGS += $(arm_cflags) +else + LOCAL_SRC_FILES += $(non_arm_src_files) +endif +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE:= libcrypto +include $(BUILD_SHARED_LIBRARY) + +####################################### +# host shared library +include $(CLEAR_VARS) +include $(LOCAL_PATH)/../android-config.mk +LOCAL_SRC_FILES += $(local_src_files) +LOCAL_CFLAGS += $(local_c_flags) -DPURIFY +LOCAL_C_INCLUDES += $(local_c_includes) +LOCAL_SRC_FILES += $(non_arm_src_files) +LOCAL_STATIC_LIBRARIES += libz +LOCAL_LDLIBS += -ldl +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE:= libcrypto +include $(BUILD_HOST_SHARED_LIBRARY) + +######################################## +# host static library, which is used by some SDK tools. + +include $(CLEAR_VARS) +include $(LOCAL_PATH)/../android-config.mk +LOCAL_SRC_FILES += $(local_src_files) +LOCAL_CFLAGS += $(local_c_flags) -DPURIFY +LOCAL_C_INCLUDES += $(local_c_includes) +LOCAL_SRC_FILES += $(non_arm_src_files) +LOCAL_STATIC_LIBRARIES += libz +LOCAL_LDLIBS += -ldl +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE:= libcrypto_static +include $(BUILD_HOST_STATIC_LIBRARY) diff --git a/openssl/patches/handshake_cutthrough.patch b/openssl/patches/handshake_cutthrough.patch new file mode 100644 index 00000000..4f298399 --- /dev/null +++ b/openssl/patches/handshake_cutthrough.patch @@ -0,0 +1,275 @@ +diff -uarp openssl-1.0.0.orig/apps/s_client.c openssl-1.0.0/apps/s_client.c +--- openssl-1.0.0.orig/apps/s_client.c 2009-12-16 15:28:28.000000000 -0500 ++++ openssl-1.0.0/apps/s_client.c 2010-04-21 14:39:49.000000000 -0400 +@@ -248,6 +248,7 @@ static void sc_usage(void) + BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err," -status - request certificate status from server\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); ++ BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n"); + #endif + } + +@@ -304,6 +305,7 @@ int MAIN(int argc, char **argv) + EVP_PKEY *key = NULL; + char *CApath=NULL,*CAfile=NULL,*cipher=NULL; + int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0; ++ int cutthrough=0; + int crlf=0; + int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending; + SSL_CTX *ctx=NULL; +@@ -533,6 +535,8 @@ int MAIN(int argc, char **argv) + else if (strcmp(*argv,"-no_ticket") == 0) + { off|=SSL_OP_NO_TICKET; } + #endif ++ else if (strcmp(*argv,"-cutthrough") == 0) ++ cutthrough=1; + else if (strcmp(*argv,"-serverpref") == 0) + off|=SSL_OP_CIPHER_SERVER_PREFERENCE; + else if (strcmp(*argv,"-cipher") == 0) +@@ -714,6 +718,15 @@ bad: + */ + if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1); + ++ /* Enable handshake cutthrough for client connections using ++ * strong ciphers. */ ++ if (cutthrough) ++ { ++ int ssl_mode = SSL_CTX_get_mode(ctx); ++ ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH; ++ SSL_CTX_set_mode(ctx, ssl_mode); ++ } ++ + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (cipher != NULL) + if(!SSL_CTX_set_cipher_list(ctx,cipher)) { +diff -uarp openssl-1.0.0.orig/ssl/s3_clnt.c openssl-1.0.0/ssl/s3_clnt.c +--- openssl-1.0.0.orig/ssl/s3_clnt.c 2010-02-27 19:24:24.000000000 -0500 ++++ openssl-1.0.0/ssl/s3_clnt.c 2010-04-21 14:39:49.000000000 -0400 +@@ -186,6 +186,18 @@ int ssl3_connect(SSL *s) + + s->in_handshake++; + if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); ++#if 0 /* Send app data in separate packet, otherwise, some particular site ++ * (only one site so far) closes the socket. ++ * Note: there is a very small chance that two TCP packets ++ * could be arriving at server combined into a single TCP packet, ++ * then trigger that site to break. We haven't encounter that though. ++ */ ++ if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) ++ { ++ /* Send app data along with CCS/Finished */ ++ s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED; ++ } ++#endif + + for (;;) + { +@@ -454,14 +468,31 @@ int ssl3_connect(SSL *s) + } + else + { +-#ifndef OPENSSL_NO_TLSEXT +- /* Allow NewSessionTicket if ticket expected */ +- if (s->tlsext_ticket_expected) +- s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; ++ if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128 ++ && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */ ++ ) ++ { ++ if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) ++ { ++ s->state=SSL3_ST_CUTTHROUGH_COMPLETE; ++ s->s3->flags|=SSL3_FLAGS_POP_BUFFER; ++ s->s3->delay_buf_pop_ret=0; ++ } ++ else ++ { ++ s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE; ++ } ++ } + else ++ { ++#ifndef OPENSSL_NO_TLSEXT ++ /* Allow NewSessionTicket if ticket expected */ ++ if (s->tlsext_ticket_expected) ++ s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A; ++ else + #endif +- +- s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; ++ s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; ++ } + } + s->init_num=0; + break; +@@ -512,6 +541,24 @@ int ssl3_connect(SSL *s) + s->state=s->s3->tmp.next_state; + break; + ++ case SSL3_ST_CUTTHROUGH_COMPLETE: ++#ifndef OPENSSL_NO_TLSEXT ++ /* Allow NewSessionTicket if ticket expected */ ++ if (s->tlsext_ticket_expected) ++ s->state=SSL3_ST_CR_SESSION_TICKET_A; ++ else ++#endif ++ s->state=SSL3_ST_CR_FINISHED_A; ++ ++ /* SSL_write() will take care of flushing buffered data if ++ * DELAY_CLIENT_FINISHED is set. ++ */ ++ if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)) ++ ssl_free_wbio_buffer(s); ++ ret = 1; ++ goto end; ++ /* break; */ ++ + case SSL_ST_OK: + /* clean a few things up */ + ssl3_cleanup_key_block(s); +diff -uarp openssl-1.0.0.orig/ssl/s3_lib.c openssl-1.0.0/ssl/s3_lib.c +-- openssl-1.0.0.orig/ssl/s3_lib.c 2009-10-16 11:24:19.000000000 -0400 ++++ openssl-1.0.0/ssl/s3_lib.c 2010-04-21 14:39:49.000000000 -0400 +@@ -2551,9 +2551,22 @@ int ssl3_write(SSL *s, const void *buf, + + static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) + { +- int ret; ++ int n,ret; + + clear_sys_error(); ++ if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) ++ { ++ /* Deal with an application that calls SSL_read() when handshake data ++ * is yet to be written. ++ */ ++ if (BIO_wpending(s->wbio) > 0) ++ { ++ s->rwstate=SSL_WRITING; ++ n=BIO_flush(s->wbio); ++ if (n <= 0) return(n); ++ s->rwstate=SSL_NOTHING; ++ } ++ } + if (s->s3->renegotiate) ssl3_renegotiate_check(s); + s->s3->in_read_app_data=1; + ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); +diff -uarp openssl-1.0.0.orig/ssl/ssl.h openssl-1.0.0/ssl/ssl.h +--- openssl-1.0.0.orig/ssl/ssl.h 2010-01-06 12:37:38.000000000 -0500 ++++ openssl-1.0.0/ssl/ssl.h 2010-04-21 16:57:49.000000000 -0400 +@@ -605,6 +605,10 @@ typedef struct ssl_session_st + /* Use small read and write buffers: (a) lazy allocate read buffers for + * large incoming records, and (b) limit the size of outgoing records. */ + #define SSL_MODE_SMALL_BUFFERS 0x00000020L ++/* When set, clients may send application data before receipt of CCS ++ * and Finished. This mode enables full-handshakes to 'complete' in ++ * one RTT. */ ++#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000040L + + /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, + * they cannot be used to clear bits. */ +@@ -1097,10 +1101,12 @@ extern "C" { + /* Is the SSL_connection established? */ + #define SSL_get_state(a) SSL_state(a) + #define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) +-#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) ++#define SSL_in_init(a) ((SSL_state(a)&SSL_ST_INIT) && \ ++ !SSL_cutthrough_complete(a)) + #define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) + #define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) + #define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) ++int SSL_cutthrough_complete(const SSL *s); + + /* The following 2 states are kept in ssl->rstate when reads fail, + * you should not need these */ +Only in openssl-1.0.0/ssl: ssl.h.orig +diff -uarp openssl-1.0.0.orig/ssl/ssl3.h openssl-1.0.0/ssl/ssl3.h +-- openssl-1.0.0.orig/ssl/ssl3.h 2010-01-06 12:37:38.000000000 -0500 ++++ openssl-1.0.0/ssl/ssl3.h 2010-04-21 14:39:49.000000000 -0400 +@@ -456,6 +456,7 @@ typedef struct ssl3_state_st + /*client */ + /* extra state */ + #define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) ++#define SSL3_ST_CUTTHROUGH_COMPLETE (0x101|SSL_ST_CONNECT) + /* write to server */ + #define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) + #define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) +diff -uarp openssl-1.0.0.orig/ssl/ssl_lib.c openssl-1.0.0/ssl/ssl_lib.c +--- openssl-1.0.0.orig/ssl/ssl_lib.c 2010-02-17 14:43:46.000000000 -0500 ++++ openssl-1.0.0/ssl/ssl_lib.c 2010-04-21 17:02:45.000000000 -0400 +@@ -3031,6 +3031,19 @@ void SSL_set_msg_callback(SSL *ssl, void + SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb); + } + ++int SSL_cutthrough_complete(const SSL *s) ++ { ++ return (!s->server && /* cutthrough only applies to clients */ ++ !s->hit && /* full-handshake */ ++ s->version >= SSL3_VERSION && ++ s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */ ++ (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */ ++ SSL_get_cipher_bits(s, NULL) >= 128 && /* strong cipher choosen */ ++ s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */ ++ (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/ ++ s->state == SSL3_ST_CR_FINISHED_A)); ++ } ++ + /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer + * vairable, freeing EVP_MD_CTX previously stored in that variable, if + * any. If EVP_MD pointer is passed, initializes ctx with this md +diff -uarp openssl-1.0.0.orig/ssl/ssltest.c openssl-1.0.0/ssl/ssltest.c +--- openssl-1.0.0.orig/ssl/ssltest.c 2010-01-24 11:57:38.000000000 -0500 ++++ openssl-1.0.0/ssl/ssltest.c 2010-04-21 17:06:35.000000000 -0400 +@@ -279,6 +279,7 @@ static void sv_usage(void) + fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); + fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n"); + fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n"); ++ fprintf(stderr," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n"); + } + + static void print_details(SSL *c_ssl, const char *prefix) +@@ -436,6 +437,7 @@ int main(int argc, char *argv[]) + int ssl_mode = 0; + int c_small_records=0; + int s_small_records=0; ++ int cutthrough = 0; + + verbose = 0; + debug = 0; +@@ -632,6 +634,10 @@ int main(int argc, char *argv[]) + { + s_small_records = 1; + } ++ else if (strcmp(*argv, "-cutthrough") == 0) ++ { ++ cutthrough = 1; ++ } + else + { + fprintf(stderr,"unknown option %s\n",*argv); +@@ -782,6 +788,13 @@ bad: + ssl_mode |= SSL_MODE_SMALL_BUFFERS; + SSL_CTX_set_mode(s_ctx, ssl_mode); + } ++ ssl_mode = 0; ++ if (cutthrough) ++ { ++ ssl_mode = SSL_CTX_get_mode(c_ctx); ++ ssl_mode = SSL_MODE_HANDSHAKE_CUTTHROUGH; ++ SSL_CTX_set_mode(c_ctx, ssl_mode); ++ } + + #ifndef OPENSSL_NO_DH + if (!no_dhe) +diff -uarp openssl-1.0.0.orig/test/testssl openssl-1.0.0/test/testssl +--- openssl-1.0.0.orig/test/testssl 2006-03-10 18:06:27.000000000 -0500 ++++ openssl-1.0.0/test/testssl 2010-04-21 16:50:13.000000000 -0400 +@@ -79,6 +79,8 @@ $ssltest -server_auth -client_auth -s_sm + echo test sslv2/sslv3 with both client and server authentication and small client and server buffers + $ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1 + ++echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough ++$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1 + + echo test sslv2 via BIO pair + $ssltest -bio_pair -ssl2 $extra || exit 1 diff --git a/openssl/patches/jsse.patch b/openssl/patches/jsse.patch new file mode 100644 index 00000000..249fb5b2 --- /dev/null +++ b/openssl/patches/jsse.patch @@ -0,0 +1,426 @@ +--- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-30 00:03:46.000000000 +0000 ++++ openssl-1.0.0b/ssl/ssl.h 2010-11-30 00:03:47.000000000 +0000 +@@ -1133,6 +1133,9 @@ struct ssl_st + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + ++ /* This can be disabled to prevent the use of uncached sessions */ ++ int session_creation_enabled; ++ + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + +@@ -1546,6 +1549,7 @@ const SSL_CIPHER *SSL_get_current_cipher + int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits); + char * SSL_CIPHER_get_version(const SSL_CIPHER *c); + const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); ++const char * SSL_CIPHER_authentication_method(const SSL_CIPHER *c); + + int SSL_get_fd(const SSL *s); + int SSL_get_rfd(const SSL *s); +@@ -1554,6 +1558,7 @@ const char * SSL_get_cipher_list(const + char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); + int SSL_get_read_ahead(const SSL * s); + int SSL_pending(const SSL *s); ++const char * SSL_authentication_method(const SSL *c); + #ifndef OPENSSL_NO_SOCK + int SSL_set_fd(SSL *s, int fd); + int SSL_set_rfd(SSL *s, int fd); +@@ -1565,6 +1570,7 @@ BIO * SSL_get_rbio(const SSL *s); + BIO * SSL_get_wbio(const SSL *s); + #endif + int SSL_set_cipher_list(SSL *s, const char *str); ++int SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk); + void SSL_set_read_ahead(SSL *s, int yes); + int SSL_get_verify_mode(const SSL *s); + int SSL_get_verify_depth(const SSL *s); +@@ -1580,6 +1586,8 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKE + int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len); + int SSL_use_certificate(SSL *ssl, X509 *x); + int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); ++int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain); ++STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x); + + #ifndef OPENSSL_NO_STDIO + int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +@@ -1615,6 +1623,7 @@ void SSL_copy_session_id(SSL *to,const S + SSL_SESSION *SSL_SESSION_new(void); + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); ++const char * SSL_SESSION_get_version(const SSL_SESSION *s); + #ifndef OPENSSL_NO_FP_API + int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); + #endif +@@ -1624,6 +1633,7 @@ int SSL_SESSION_print(BIO *fp,const SSL_ + void SSL_SESSION_free(SSL_SESSION *ses); + int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); + int SSL_set_session(SSL *to, SSL_SESSION *session); ++void SSL_set_session_creation_enabled(SSL *, int); + int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); + int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); + int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); +@@ -2066,6 +2076,7 @@ void ERR_load_SSL_strings(void); + #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 + #define SSL_F_SSL_USE_CERTIFICATE 198 + #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 ++#define SSL_F_SSL_USE_CERTIFICATE_CHAIN 2000 + #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 + #define SSL_F_SSL_USE_PRIVATEKEY 201 + #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +@@ -2272,6 +2283,7 @@ void ERR_load_SSL_strings(void); + #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 + #define SSL_R_SERVERHELLO_TLSEXT 275 + #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 ++#define SSL_R_SESSION_MAY_NOT_BE_CREATED 2000 + #define SSL_R_SHORT_READ 219 + #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 + #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +--- openssl-1.0.0b.orig/ssl/d1_clnt.c 2010-01-26 19:46:29.000000000 +0000 ++++ openssl-1.0.0b/ssl/d1_clnt.c 2010-11-30 00:03:47.000000000 +0000 +@@ -613,6 +613,12 @@ int dtls1_client_hello(SSL *s) + #endif + (s->session->not_resumable)) + { ++ if (!s->session_creation_enabled) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); ++ goto err; ++ } + if (!ssl_get_new_session(s,0)) + goto err; + } +--- openssl-1.0.0b.orig/ssl/s23_clnt.c 2010-02-16 14:20:40.000000000 +0000 ++++ openssl-1.0.0b/ssl/s23_clnt.c 2010-11-30 00:03:47.000000000 +0000 +@@ -687,6 +687,13 @@ static int ssl23_get_server_hello(SSL *s + + /* Since, if we are sending a ssl23 client hello, we are not + * reusing a session-id */ ++ if (!s->session_creation_enabled) ++ { ++ if (!(s->client_version == SSL2_VERSION)) ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); ++ goto err; ++ } + if (!ssl_get_new_session(s,0)) + goto err; + +--- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-30 00:03:46.000000000 +0000 ++++ openssl-1.0.0b/ssl/s3_both.c 2010-11-30 00:03:47.000000000 +0000 +@@ -347,8 +347,11 @@ unsigned long ssl3_output_cert_chain(SSL + unsigned long l=7; + BUF_MEM *buf; + int no_chain; ++ STACK_OF(X509) *cert_chain; + +- if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs) ++ cert_chain = SSL_get_certificate_chain(s, x); ++ ++ if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_chain) + no_chain = 1; + else + no_chain = 0; +@@ -400,6 +403,10 @@ unsigned long ssl3_output_cert_chain(SSL + return(0); + } + ++ for (i=0; idata[4]); + l2n3(l,p); +--- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-30 00:03:46.000000000 +0000 ++++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-30 00:03:47.000000000 +0000 +@@ -686,6 +686,12 @@ int ssl3_client_hello(SSL *s) + #endif + (sess->not_resumable)) + { ++ if (!s->session_creation_enabled) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); ++ goto err; ++ } + if (!ssl_get_new_session(s,0)) + goto err; + } +@@ -894,6 +900,12 @@ int ssl3_get_server_hello(SSL *s) + s->hit=0; + if (s->session->session_id_length > 0) + { ++ if (!s->session_creation_enabled) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); ++ goto err; ++ } + if (!ssl_get_new_session(s,0)) + { + al=SSL_AD_INTERNAL_ERROR; +--- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-30 00:03:46.000000000 +0000 ++++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-30 00:03:47.000000000 +0000 +@@ -902,6 +902,12 @@ int ssl3_get_client_hello(SSL *s) + */ + if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) + { ++ if (!s->session_creation_enabled) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); ++ goto err; ++ } + if (!ssl_get_new_session(s,1)) + goto err; + } +@@ -916,6 +922,12 @@ int ssl3_get_client_hello(SSL *s) + goto err; + else /* i == 0 */ + { ++ if (!s->session_creation_enabled) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); ++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED); ++ goto err; ++ } + if (!ssl_get_new_session(s,1)) + goto err; + } +--- openssl-1.0.0b.orig/ssl/ssl_ciph.c 2010-06-15 17:25:14.000000000 +0000 ++++ openssl-1.0.0b/ssl/ssl_ciph.c 2010-11-30 00:03:47.000000000 +0000 +@@ -1652,6 +1652,52 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER + return(ret); + } + ++/* return string version of key exchange algorithm */ ++const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher) ++ { ++ switch (cipher->algorithm_mkey) ++ { ++ case SSL_kRSA: ++ return SSL_TXT_RSA; ++ case SSL_kDHr: ++ return SSL_TXT_DH "_" SSL_TXT_RSA; ++ case SSL_kDHd: ++ return SSL_TXT_DH "_" SSL_TXT_DSS; ++ case SSL_kEDH: ++ switch (cipher->algorithm_auth) ++ { ++ case SSL_aDSS: ++ return "DHE_" SSL_TXT_DSS; ++ case SSL_aRSA: ++ return "DHE_" SSL_TXT_RSA; ++ case SSL_aNULL: ++ return SSL_TXT_DH "_anon"; ++ default: ++ return "UNKNOWN"; ++ } ++ case SSL_kKRB5: ++ return SSL_TXT_KRB5; ++ case SSL_kECDHr: ++ return SSL_TXT_ECDH "_" SSL_TXT_RSA; ++ case SSL_kECDHe: ++ return SSL_TXT_ECDH "_" SSL_TXT_ECDSA; ++ case SSL_kEECDH: ++ switch (cipher->algorithm_auth) ++ { ++ case SSL_aECDSA: ++ return "ECDHE_" SSL_TXT_ECDSA; ++ case SSL_aRSA: ++ return "ECDHE_" SSL_TXT_RSA; ++ case SSL_aNULL: ++ return SSL_TXT_ECDH "_anon"; ++ default: ++ return "UNKNOWN"; ++ } ++ default: ++ return "UNKNOWN"; ++ } ++ } ++ + SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) + { + SSL_COMP *ctmp; +--- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-30 00:03:46.000000000 +0000 ++++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-30 00:03:47.000000000 +0000 +@@ -465,6 +465,7 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"}, + {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"}, + {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"}, ++{ERR_REASON(SSL_R_SESSION_MAY_NOT_BE_CREATED),"session may not be created"}, + {ERR_REASON(SSL_R_SHORT_READ) ,"short read"}, + {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"}, + {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"}, +--- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-30 00:03:46.000000000 +0000 ++++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-30 00:03:47.000000000 +0000 +@@ -326,6 +326,7 @@ SSL *SSL_new(SSL_CTX *ctx) + OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx); + memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); + s->verify_callback=ctx->default_verify_callback; ++ s->session_creation_enabled=1; + s->generate_session_id=ctx->generate_session_id; + + s->param = X509_VERIFY_PARAM_new(); +@@ -1311,6 +1312,32 @@ int SSL_set_cipher_list(SSL *s,const cha + return 1; + } + ++/** specify the ciphers to be used by the SSL */ ++int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk) ++ { ++ STACK_OF(SSL_CIPHER) *tmp_cipher_list; ++ ++ if (sk == NULL) ++ return 0; ++ ++ /* Based on end of ssl_create_cipher_list */ ++ tmp_cipher_list = sk_SSL_CIPHER_dup(sk); ++ if (tmp_cipher_list == NULL) ++ { ++ return 0; ++ } ++ if (s->cipher_list != NULL) ++ sk_SSL_CIPHER_free(s->cipher_list); ++ s->cipher_list = sk; ++ if (s->cipher_list_by_id != NULL) ++ sk_SSL_CIPHER_free(s->cipher_list_by_id); ++ s->cipher_list_by_id = tmp_cipher_list; ++ (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp); ++ ++ sk_SSL_CIPHER_sort(s->cipher_list_by_id); ++ return 1; ++ } ++ + /* works well for SSLv2, not so good for SSLv3 */ + char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) + { +@@ -2551,18 +2578,45 @@ SSL_METHOD *ssl_bad_method(int ver) + return(NULL); + } + +-const char *SSL_get_version(const SSL *s) ++static const char *ssl_get_version(int version) + { +- if (s->version == TLS1_VERSION) ++ if (version == TLS1_VERSION) + return("TLSv1"); +- else if (s->version == SSL3_VERSION) ++ else if (version == SSL3_VERSION) + return("SSLv3"); +- else if (s->version == SSL2_VERSION) ++ else if (version == SSL2_VERSION) + return("SSLv2"); + else + return("unknown"); + } + ++const char *SSL_get_version(const SSL *s) ++ { ++ return ssl_get_version(s->version); ++ } ++ ++const char *SSL_SESSION_get_version(const SSL_SESSION *s) ++ { ++ return ssl_get_version(s->ssl_version); ++ } ++ ++const char* SSL_authentication_method(const SSL* ssl) ++ { ++ if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL) ++ return SSL_TXT_RSA "_" SSL_TXT_EXPORT; ++ switch (ssl->version) ++ { ++ case SSL2_VERSION: ++ return SSL_TXT_RSA; ++ case SSL3_VERSION: ++ case TLS1_VERSION: ++ case DTLS1_VERSION: ++ return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher); ++ default: ++ return "UNKNOWN"; ++ } ++ } ++ + SSL *SSL_dup(SSL *s) + { + STACK_OF(X509_NAME) *sk; +--- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-30 00:03:46.000000000 +0000 ++++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-30 00:03:47.000000000 +0000 +@@ -456,6 +456,7 @@ + typedef struct cert_pkey_st + { + X509 *x509; ++ STACK_OF(X509) *cert_chain; + EVP_PKEY *privatekey; + } CERT_PKEY; + +--- openssl-1.0.0b.orig/ssl/ssl_rsa.c 2009-09-12 23:09:26.000000000 +0000 ++++ openssl-1.0.0b/ssl/ssl_rsa.c 2010-11-30 00:03:47.000000000 +0000 +@@ -697,6 +697,42 @@ int SSL_CTX_use_PrivateKey_ASN1(int type + } + + ++int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain) ++ { ++ if (ssl == NULL) ++ { ++ SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,ERR_R_PASSED_NULL_PARAMETER); ++ return(0); ++ } ++ if (ssl->cert == NULL) ++ { ++ SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED); ++ return(0); ++ } ++ if (ssl->cert->key == NULL) ++ { ++ SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED); ++ return(0); ++ } ++ ssl->cert->key->cert_chain = cert_chain; ++ return(1); ++ } ++ ++STACK_OF(X509) *SSL_get_certificate_chain(SSL *ssl, X509 *x) ++ { ++ int i; ++ if (x == NULL) ++ return NULL; ++ if (ssl == NULL) ++ return NULL; ++ if (ssl->cert == NULL) ++ return NULL; ++ for (i = 0; i < SSL_PKEY_NUM; i++) ++ if (ssl->cert->pkeys[i].x509 == x) ++ return ssl->cert->pkeys[i].cert_chain; ++ return NULL; ++ } ++ + #ifndef OPENSSL_NO_STDIO + /* Read a file that contains our certificate in "PEM" format, + * possibly followed by a sequence of CA certificates that should be +--- openssl-1.0.0b.orig/ssl/ssl_sess.c 2010-02-01 16:49:42.000000000 +0000 ++++ openssl-1.0.0b/ssl/ssl_sess.c 2010-11-30 00:03:47.000000000 +0000 +@@ -261,6 +261,11 @@ static int def_generate_session_id(const + return 0; + } + ++void SSL_set_session_creation_enabled (SSL *s, int creation_enabled) ++ { ++ s->session_creation_enabled = creation_enabled; ++ } ++ + int ssl_get_new_session(SSL *s, int session) + { + /* This gets used by clients and servers. */ +@@ -269,6 +274,8 @@ int ssl_get_new_session(SSL *s, int sess + SSL_SESSION *ss=NULL; + GEN_SESSION_CB cb = def_generate_session_id; + ++ /* caller should check this if they can do better error handling */ ++ if (!s->session_creation_enabled) return(0); + if ((ss=SSL_SESSION_new()) == NULL) return(0); + + /* If the context has a default timeout, use it */ diff --git a/openssl/patches/npn.patch b/openssl/patches/npn.patch new file mode 100644 index 00000000..46b7a7df --- /dev/null +++ b/openssl/patches/npn.patch @@ -0,0 +1,1293 @@ +--- openssl-1.0.0b.orig/apps/apps.c 2010-11-11 14:42:19.000000000 +0000 ++++ openssl-1.0.0b/apps/apps.c 2010-11-29 19:56:04.902465346 +0000 +@@ -3012,3 +3012,46 @@ int raw_write_stdout(const void *buf,int + int raw_write_stdout(const void *buf,int siz) + { return write(fileno(stdout),buf,siz); } + #endif ++ ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++/* next_protos_parse parses a comma separated list of strings into a string ++ * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. ++ * outlen: (output) set to the length of the resulting buffer on success. ++ * in: a NUL termianted string like "abc,def,ghi" ++ * ++ * returns: a malloced buffer or NULL on failure. ++ */ ++unsigned char *next_protos_parse(unsigned short *outlen, const char *in) ++ { ++ size_t len; ++ unsigned char *out; ++ size_t i, start = 0; ++ ++ len = strlen(in); ++ if (len >= 65535) ++ return NULL; ++ ++ out = OPENSSL_malloc(strlen(in) + 1); ++ if (!out) ++ return NULL; ++ ++ for (i = 0; i <= len; ++i) ++ { ++ if (i == len || in[i] == ',') ++ { ++ if (i - start > 255) ++ { ++ OPENSSL_free(out); ++ return NULL; ++ } ++ out[start] = i - start; ++ start = i + 1; ++ } ++ else ++ out[i+1] = in[i]; ++ } ++ ++ *outlen = len + 1; ++ return out; ++ } ++#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ +--- openssl-1.0.0b.orig/apps/apps.h 2009-10-31 13:34:19.000000000 +0000 ++++ openssl-1.0.0b/apps/apps.h 2010-11-29 19:56:04.902465346 +0000 +@@ -358,3 +358,7 @@ int raw_write_stdout(const void *,int); + #define TM_STOP 1 + double app_tminterval (int stop,int usertime); + #endif ++ ++#ifndef OPENSSL_NO_NEXTPROTONEG ++unsigned char *next_protos_parse(unsigned short *outlen, const char *in); ++#endif +--- openssl-1.0.0b.orig/apps/s_client.c 2010-11-29 19:56:04.832465351 +0000 ++++ openssl-1.0.0b/apps/s_client.c 2010-11-29 19:56:04.902465346 +0000 +@@ -342,6 +342,9 @@ static void sc_usage(void) + BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err," -status - request certificate status from server\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); ++# endif + BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n"); + #endif + BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +@@ -367,6 +370,40 @@ static int MS_CALLBACK ssl_servername_cb + + return SSL_TLSEXT_ERR_OK; + } ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++/* This the context that we pass to next_proto_cb */ ++typedef struct tlsextnextprotoctx_st { ++ unsigned char *data; ++ unsigned short len; ++ int status; ++} tlsextnextprotoctx; ++ ++static tlsextnextprotoctx next_proto; ++ ++static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) ++ { ++ tlsextnextprotoctx *ctx = arg; ++ ++ if (!c_quiet) ++ { ++ /* We can assume that |in| is syntactically valid. */ ++ unsigned i; ++ BIO_printf(bio_c_out, "Protocols advertised by server: "); ++ for (i = 0; i < inlen; ) ++ { ++ if (i) ++ BIO_write(bio_c_out, ", ", 2); ++ BIO_write(bio_c_out, &in[i + 1], in[i]); ++ i += in[i] + 1; ++ } ++ BIO_write(bio_c_out, "\n", 1); ++ } ++ ++ ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); ++ return SSL_TLSEXT_ERR_OK; ++ } ++# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ + #endif + + enum +@@ -431,6 +468,9 @@ int MAIN(int argc, char **argv) + char *servername = NULL; + tlsextctx tlsextcbp = + {NULL,0}; ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ const char *next_proto_neg_in = NULL; ++# endif + #endif + char *sess_in = NULL; + char *sess_out = NULL; +@@ -658,6 +698,13 @@ int MAIN(int argc, char **argv) + #ifndef OPENSSL_NO_TLSEXT + else if (strcmp(*argv,"-no_ticket") == 0) + { off|=SSL_OP_NO_TICKET; } ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ else if (strcmp(*argv,"-nextprotoneg") == 0) ++ { ++ if (--argc < 1) goto bad; ++ next_proto_neg_in = *(++argv); ++ } ++# endif + #endif + else if (strcmp(*argv,"-cutthrough") == 0) + cutthrough=1; +@@ -766,6 +813,21 @@ bad: + OpenSSL_add_ssl_algorithms(); + SSL_load_error_strings(); + ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ next_proto.status = -1; ++ if (next_proto_neg_in) ++ { ++ next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); ++ if (next_proto.data == NULL) ++ { ++ BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); ++ goto end; ++ } ++ } ++ else ++ next_proto.data = NULL; ++#endif ++ + #ifndef OPENSSL_NO_ENGINE + e = setup_engine(bio_err, engine_id, 1); + if (ssl_client_engine_id) +@@ -896,6 +958,11 @@ bad: + SSL_CTX_set_mode(ctx, ssl_mode); + } + ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ if (next_proto.data) ++ SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); ++#endif ++ + if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); + if (cipher != NULL) + if(!SSL_CTX_set_cipher_list(ctx,cipher)) { +@@ -1755,6 +1822,18 @@ static void print_stuff(BIO *bio, SSL *s + BIO_printf(bio,"Expansion: %s\n", + expansion ? SSL_COMP_get_name(expansion) : "NONE"); + #endif ++ ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ if (next_proto.status != -1) { ++ const unsigned char *proto; ++ unsigned int proto_len; ++ SSL_get0_next_proto_negotiated(s, &proto, &proto_len); ++ BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); ++ BIO_write(bio, proto, proto_len); ++ BIO_write(bio, "\n", 1); ++ } ++#endif ++ + SSL_SESSION_print(bio,SSL_get_session(s)); + BIO_printf(bio,"---\n"); + if (peer != NULL) +--- openssl-1.0.0b.orig/apps/s_server.c 2010-06-15 17:25:02.000000000 +0000 ++++ openssl-1.0.0b/apps/s_server.c 2010-11-29 19:56:04.902465346 +0000 +@@ -492,6 +492,9 @@ static void sv_usage(void) + BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n"); + BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n"); + BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); ++# endif + #endif + } + +@@ -826,6 +829,24 @@ BIO_printf(err, "cert_status: received % + ret = SSL_TLSEXT_ERR_ALERT_FATAL; + goto done; + } ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++/* This is the context that we pass to next_proto_cb */ ++typedef struct tlsextnextprotoctx_st { ++ unsigned char *data; ++ unsigned int len; ++} tlsextnextprotoctx; ++ ++static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) ++ { ++ tlsextnextprotoctx *next_proto = arg; ++ ++ *data = next_proto->data; ++ *len = next_proto->len; ++ ++ return SSL_TLSEXT_ERR_OK; ++ } ++# endif /* ndef OPENSSL_NO_NPN */ + #endif + + int MAIN(int, char **); +@@ -867,6 +888,10 @@ int MAIN(int argc, char *argv[]) + #endif + #ifndef OPENSSL_NO_TLSEXT + tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ const char *next_proto_neg_in = NULL; ++ tlsextnextprotoctx next_proto; ++# endif + #endif + #ifndef OPENSSL_NO_PSK + /* by default do not send a PSK identity hint */ +@@ -1191,7 +1216,13 @@ int MAIN(int argc, char *argv[]) + if (--argc < 1) goto bad; + s_key_file2= *(++argv); + } +- ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ else if (strcmp(*argv,"-nextprotoneg") == 0) ++ { ++ if (--argc < 1) goto bad; ++ next_proto_neg_in = *(++argv); ++ } ++# endif + #endif + #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) + else if (strcmp(*argv,"-jpake") == 0) +@@ -1476,6 +1507,11 @@ bad: + if (vpm) + SSL_CTX_set1_param(ctx2, vpm); + } ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ if (next_proto.data) ++ SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); ++# endif + #endif + + #ifndef OPENSSL_NO_DH +@@ -1617,6 +1653,21 @@ bad: + goto end; + } + } ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ if (next_proto_neg_in) ++ { ++ unsigned short len; ++ next_proto.data = next_protos_parse(&len, ++ next_proto_neg_in); ++ if (next_proto.data == NULL) ++ goto end; ++ next_proto.len = len; ++ } ++ else ++ { ++ next_proto.data = NULL; ++ } ++# endif + #endif + RSA_free(rsa); + BIO_printf(bio_s_out,"\n"); +@@ -2159,6 +2210,10 @@ static int init_ssl_connection(SSL *con) + X509 *peer; + long verify_error; + MS_STATIC char buf[BUFSIZ]; ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ const unsigned char *next_proto_neg; ++ unsigned next_proto_neg_len; ++#endif + + if ((i=SSL_accept(con)) <= 0) + { +@@ -2198,6 +2253,15 @@ static int init_ssl_connection(SSL *con) + BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); + str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); + BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); ++ if (next_proto_neg) ++ { ++ BIO_printf(bio_s_out,"NEXTPROTO is "); ++ BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); ++ BIO_printf(bio_s_out, "\n"); ++ } ++#endif + if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); + if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & + TLS1_FLAGS_TLS_PADDING_BUG) +--- openssl-1.0.0b.orig/include/openssl/ssl.h 2010-11-29 19:56:04.846517045 +0000 ++++ openssl-1.0.0b/include/openssl/ssl.h 2010-11-29 19:56:04.965928855 +0000 +@@ -857,6 +857,25 @@ struct ssl_ctx_st + /* draft-rescorla-tls-opaque-prf-input-00.txt information */ + int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); + void *tlsext_opaque_prf_input_callback_arg; ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* Next protocol negotiation information */ ++ /* (for experimental NPN extension). */ ++ ++ /* For a server, this contains a callback function by which the set of ++ * advertised protocols can be provided. */ ++ int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, ++ unsigned int *len, void *arg); ++ void *next_protos_advertised_cb_arg; ++ /* For a client, this contains a callback function that selects the ++ * next protocol from the list provided by the server. */ ++ int (*next_proto_select_cb)(SSL *s, unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, ++ void *arg); ++ void *next_proto_select_cb_arg; ++# endif + #endif + + #ifndef OPENSSL_NO_PSK +@@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C + #endif + void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); + void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); ++#ifndef OPENSSL_NO_NEXTPROTONEG ++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, ++ int (*cb) (SSL *ssl, ++ const unsigned char **out, ++ unsigned int *outlen, ++ void *arg), void *arg); ++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, ++ int (*cb) (SSL *ssl, unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, void *arg), ++ void *arg); ++ ++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, ++ const unsigned char *in, unsigned int inlen, ++ const unsigned char *client, unsigned int client_len); ++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, ++ unsigned *len); ++ ++#define OPENSSL_NPN_UNSUPPORTED 0 ++#define OPENSSL_NPN_NEGOTIATED 1 ++#define OPENSSL_NPN_NO_OVERLAP 2 ++ ++#endif + + #ifndef OPENSSL_NO_PSK + /* the maximum length of the buffer given to callbacks containing the +@@ -1187,6 +1230,19 @@ struct ssl_st + void *tls_session_secret_cb_arg; + + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ ++ ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ /* Next protocol negotiation. For the client, this is the protocol that ++ * we sent in NextProtocol and is set when handling ServerHello ++ * extensions. ++ * ++ * For a server, this is the client's selected_protocol from ++ * NextProtocol and is set when handling the NextProtocol message, ++ * before the Finished message. */ ++ unsigned char *next_proto_negotiated; ++ unsigned char next_proto_negotiated_len; ++#endif ++ + #define session_ctx initial_ctx + #else + #define session_ctx ctx +@@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void); + #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 + #define SSL_F_SSL3_GET_MESSAGE 142 + #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 ++#define SSL_F_SSL3_GET_NEXT_PROTO 304 + #define SSL_F_SSL3_GET_RECORD 143 + #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 + #define SSL_F_SSL3_GET_SERVER_DONE 145 +@@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void); + #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 + #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 + #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 ++#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346 ++#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347 + #define SSL_R_HTTPS_PROXY_REQUEST 155 + #define SSL_R_HTTP_REQUEST 156 + #define SSL_R_ILLEGAL_PADDING 283 +--- openssl-1.0.0b.orig/include/openssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000 ++++ openssl-1.0.0b/include/openssl/ssl3.h 2010-11-29 19:56:04.965928855 +0000 +@@ -465,6 +465,12 @@ typedef struct ssl3_state_st + void *server_opaque_prf_input; + size_t server_opaque_prf_input_len; + ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ /* Set if we saw the Next Protocol Negotiation extension from ++ our peer. */ ++ int next_proto_neg_seen; ++#endif ++ + struct { + /* actually only needs to be 16+20 */ + unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; +@@ -557,6 +563,10 @@ typedef struct ssl3_state_st + #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) + #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) + #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) ++#ifndef OPENSSL_NO_NEXTPROTONEG ++#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) ++#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) ++#endif + #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) + #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) + /* read from server */ +@@ -602,6 +612,10 @@ typedef struct ssl3_state_st + #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) + #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) + #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) ++#ifndef OPENSSL_NO_NEXTPROTONEG ++#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) ++#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) ++#endif + #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) + #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) + /* write to client */ +@@ -626,6 +640,9 @@ typedef struct ssl3_state_st + #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 + #define SSL3_MT_FINISHED 20 + #define SSL3_MT_CERTIFICATE_STATUS 22 ++#ifndef OPENSSL_NO_NEXTPROTONEG ++#define SSL3_MT_NEXT_PROTO 67 ++#endif + #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + + +--- openssl-1.0.0b.orig/include/openssl/tls1.h 2009-11-11 14:51:29.000000000 +0000 ++++ openssl-1.0.0b/include/openssl/tls1.h 2010-11-29 19:56:04.965928855 +0000 +@@ -204,6 +204,11 @@ extern "C" { + /* Temporary extension type */ + #define TLSEXT_TYPE_renegotiate 0xff01 + ++#ifndef OPENSSL_NO_NEXTPROTONEG ++/* This is not an IANA defined extension number */ ++#define TLSEXT_TYPE_next_proto_neg 13172 ++#endif ++ + /* NameType value from RFC 3546 */ + #define TLSEXT_NAMETYPE_host_name 0 + /* status request value from RFC 3546 */ +--- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-29 19:56:04.846517045 +0000 ++++ openssl-1.0.0b/ssl/s3_both.c 2010-11-29 19:56:04.965928855 +0000 +@@ -202,15 +202,40 @@ int ssl3_send_finished(SSL *s, int a, in + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } + ++#ifndef OPENSSL_NO_NEXTPROTONEG ++/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */ ++static void ssl3_take_mac(SSL *s) ++ { ++ const char *sender; ++ int slen; ++ ++ if (s->state & SSL_ST_CONNECT) ++ { ++ sender=s->method->ssl3_enc->server_finished_label; ++ slen=s->method->ssl3_enc->server_finished_label_len; ++ } ++ else ++ { ++ sender=s->method->ssl3_enc->client_finished_label; ++ slen=s->method->ssl3_enc->client_finished_label_len; ++ } ++ ++ s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, ++ sender,slen,s->s3->tmp.peer_finish_md); ++ } ++#endif ++ + int ssl3_get_finished(SSL *s, int a, int b) + { + int al,i,ok; + long n; + unsigned char *p; + ++#ifdef OPENSSL_NO_NEXTPROTONEG + /* the mac has already been generated when we received the + * change cipher spec message and is in s->s3->tmp.peer_finish_md + */ ++#endif + + n=s->method->ssl_get_message(s, + a, +@@ -521,6 +546,15 @@ long ssl3_get_message(SSL *s, int st1, i + s->init_num += i; + n -= i; + } ++ ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ /* If receiving Finished, record MAC of prior handshake messages for ++ * Finished verification. */ ++ if (*s->init_buf->data == SSL3_MT_FINISHED) ++ ssl3_take_mac(s); ++#endif ++ ++ /* Feed this message into MAC computation. */ + ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); +--- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-29 19:56:04.846517045 +0000 ++++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-29 19:56:04.965928855 +0000 +@@ -435,7 +435,16 @@ int ssl3_connect(SSL *s) + ret=ssl3_send_change_cipher_spec(s, + SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); + if (ret <= 0) goto end; ++ ++#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) + s->state=SSL3_ST_CW_FINISHED_A; ++#else ++ if (s->next_proto_negotiated) ++ s->state=SSL3_ST_CW_NEXT_PROTO_A; ++ else ++ s->state=SSL3_ST_CW_FINISHED_A; ++#endif ++ + s->init_num=0; + + s->session->cipher=s->s3->tmp.new_cipher; +@@ -463,6 +472,15 @@ int ssl3_connect(SSL *s) + + break; + ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ case SSL3_ST_CW_NEXT_PROTO_A: ++ case SSL3_ST_CW_NEXT_PROTO_B: ++ ret=ssl3_send_next_proto(s); ++ if (ret <= 0) goto end; ++ s->state=SSL3_ST_CW_FINISHED_A; ++ break; ++#endif ++ + case SSL3_ST_CW_FINISHED_A: + case SSL3_ST_CW_FINISHED_B: + ret=ssl3_send_finished(s, +@@ -3060,6 +3078,32 @@ err: + */ + + #ifndef OPENSSL_NO_TLSEXT ++# ifndef OPENSSL_NO_NEXTPROTONEG ++int ssl3_send_next_proto(SSL *s) ++ { ++ unsigned int len, padding_len; ++ unsigned char *d; ++ ++ if (s->state == SSL3_ST_CW_NEXT_PROTO_A) ++ { ++ len = s->next_proto_negotiated_len; ++ padding_len = 32 - ((len + 2) % 32); ++ d = (unsigned char *)s->init_buf->data; ++ d[4] = len; ++ memcpy(d + 5, s->next_proto_negotiated, len); ++ d[5 + len] = padding_len; ++ memset(d + 6 + len, 0, padding_len); ++ *(d++)=SSL3_MT_NEXT_PROTO; ++ l2n3(2 + len + padding_len, d); ++ s->state = SSL3_ST_CW_NEXT_PROTO_B; ++ s->init_num = 4 + 2 + len + padding_len; ++ s->init_off = 0; ++ } ++ ++ return ssl3_do_write(s, SSL3_RT_HANDSHAKE); ++ } ++# endif ++ + int ssl3_check_finished(SSL *s) + { + int ok; +--- openssl-1.0.0b.orig/ssl/s3_lib.c 2010-11-29 19:56:04.832465351 +0000 ++++ openssl-1.0.0b/ssl/s3_lib.c 2010-11-29 19:56:04.965928855 +0000 +@@ -2230,6 +2230,15 @@ void ssl3_clear(SSL *s) + s->s3->num_renegotiations=0; + s->s3->in_read_app_data=0; + s->version=SSL3_VERSION; ++ ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ if (s->next_proto_negotiated) ++ { ++ OPENSSL_free(s->next_proto_negotiated); ++ s->next_proto_negotiated = NULL; ++ s->next_proto_negotiated_len = 0; ++ } ++#endif + } + + long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) +--- openssl-1.0.0b.orig/ssl/s3_pkt.c 2010-11-29 19:56:04.832465351 +0000 ++++ openssl-1.0.0b/ssl/s3_pkt.c 2010-11-29 19:56:04.965928855 +0000 +@@ -1394,8 +1394,10 @@ err: + int ssl3_do_change_cipher_spec(SSL *s) + { + int i; ++#ifdef OPENSSL_NO_NEXTPROTONEG + const char *sender; + int slen; ++#endif + + if (s->state & SSL_ST_ACCEPT) + i=SSL3_CHANGE_CIPHER_SERVER_READ; +@@ -1418,6 +1420,7 @@ int ssl3_do_change_cipher_spec(SSL *s) + if (!s->method->ssl3_enc->change_cipher_state(s,i)) + return(0); + ++#ifdef OPENSSL_NO_NEXTPROTONEG + /* we have to record the message digest at + * this point so we can get it before we read + * the finished message */ +@@ -1434,6 +1437,7 @@ int ssl3_do_change_cipher_spec(SSL *s) + + s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, + sender,slen,s->s3->tmp.peer_finish_md); ++#endif + + return(1); + } +--- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-29 19:56:04.846517045 +0000 ++++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-29 19:56:04.965928855 +0000 +@@ -538,7 +538,14 @@ int ssl3_accept(SSL *s) + * the client uses its key from the certificate + * for key exchange. + */ ++#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) + s->state=SSL3_ST_SR_FINISHED_A; ++#else ++ if (s->s3->next_proto_neg_seen) ++ s->state=SSL3_ST_SR_NEXT_PROTO_A; ++ else ++ s->state=SSL3_ST_SR_FINISHED_A; ++#endif + s->init_num = 0; + } + else +@@ -581,10 +588,27 @@ int ssl3_accept(SSL *s) + ret=ssl3_get_cert_verify(s); + if (ret <= 0) goto end; + ++#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) + s->state=SSL3_ST_SR_FINISHED_A; ++#else ++ if (s->s3->next_proto_neg_seen) ++ s->state=SSL3_ST_SR_NEXT_PROTO_A; ++ else ++ s->state=SSL3_ST_SR_FINISHED_A; ++#endif + s->init_num=0; + break; + ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ case SSL3_ST_SR_NEXT_PROTO_A: ++ case SSL3_ST_SR_NEXT_PROTO_B: ++ ret=ssl3_get_next_proto(s); ++ if (ret <= 0) goto end; ++ s->init_num = 0; ++ s->state=SSL3_ST_SR_FINISHED_A; ++ break; ++#endif ++ + case SSL3_ST_SR_FINISHED_A: + case SSL3_ST_SR_FINISHED_B: + ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, +@@ -655,7 +679,16 @@ int ssl3_accept(SSL *s) + if (ret <= 0) goto end; + s->state=SSL3_ST_SW_FLUSH; + if (s->hit) ++ { ++#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) + s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; ++#else ++ if (s->s3->next_proto_neg_seen) ++ s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; ++ else ++ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; ++#endif ++ } + else + s->s3->tmp.next_state=SSL_ST_OK; + s->init_num=0; +@@ -3196,4 +3229,72 @@ int ssl3_send_cert_status(SSL *s) + /* SSL3_ST_SW_CERT_STATUS_B */ + return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); + } ++ ++# ifndef OPENSSL_NO_NPN ++/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It ++ * sets the next_proto member in s if found */ ++int ssl3_get_next_proto(SSL *s) ++ { ++ int ok; ++ unsigned proto_len, padding_len; ++ long n; ++ const unsigned char *p; ++ ++ /* Clients cannot send a NextProtocol message if we didn't see the ++ * extension in their ClientHello */ ++ if (!s->s3->next_proto_neg_seen) ++ { ++ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); ++ return -1; ++ } ++ ++ n=s->method->ssl_get_message(s, ++ SSL3_ST_SR_NEXT_PROTO_A, ++ SSL3_ST_SR_NEXT_PROTO_B, ++ SSL3_MT_NEXT_PROTO, ++ 514, /* See the payload format below */ ++ &ok); ++ ++ if (!ok) ++ return((int)n); ++ ++ /* s->state doesn't reflect whether ChangeCipherSpec has been received ++ * in this handshake, but s->s3->change_cipher_spec does (will be reset ++ * by ssl3_get_finished). */ ++ if (!s->s3->change_cipher_spec) ++ { ++ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); ++ return -1; ++ } ++ ++ if (n < 2) ++ return 0; /* The body must be > 1 bytes long */ ++ ++ p=(unsigned char *)s->init_msg; ++ ++ /* The payload looks like: ++ * uint8 proto_len; ++ * uint8 proto[proto_len]; ++ * uint8 padding_len; ++ * uint8 padding[padding_len]; ++ */ ++ proto_len = p[0]; ++ if (proto_len + 2 > s->init_num) ++ return 0; ++ padding_len = p[proto_len + 1]; ++ if (proto_len + padding_len + 2 != s->init_num) ++ return 0; ++ ++ s->next_proto_negotiated = OPENSSL_malloc(proto_len); ++ if (!s->next_proto_negotiated) ++ { ++ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ memcpy(s->next_proto_negotiated, p + 1, proto_len); ++ s->next_proto_negotiated_len = proto_len; ++ ++ return 1; ++ } ++# endif + #endif +--- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-29 19:56:04.846517045 +0000 ++++ openssl-1.0.0b/ssl/ssl.h 2010-11-29 19:56:04.965928855 +0000 +@@ -857,6 +857,25 @@ struct ssl_ctx_st + /* draft-rescorla-tls-opaque-prf-input-00.txt information */ + int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg); + void *tlsext_opaque_prf_input_callback_arg; ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* Next protocol negotiation information */ ++ /* (for experimental NPN extension). */ ++ ++ /* For a server, this contains a callback function by which the set of ++ * advertised protocols can be provided. */ ++ int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, ++ unsigned int *len, void *arg); ++ void *next_protos_advertised_cb_arg; ++ /* For a client, this contains a callback function that selects the ++ * next protocol from the list provided by the server. */ ++ int (*next_proto_select_cb)(SSL *s, unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, ++ void *arg); ++ void *next_proto_select_cb_arg; ++# endif + #endif + + #ifndef OPENSSL_NO_PSK +@@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C + #endif + void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)); + void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)); ++#ifndef OPENSSL_NO_NEXTPROTONEG ++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, ++ int (*cb) (SSL *ssl, ++ const unsigned char **out, ++ unsigned int *outlen, ++ void *arg), void *arg); ++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, ++ int (*cb) (SSL *ssl, unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, void *arg), ++ void *arg); ++ ++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, ++ const unsigned char *in, unsigned int inlen, ++ const unsigned char *client, unsigned int client_len); ++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, ++ unsigned *len); ++ ++#define OPENSSL_NPN_UNSUPPORTED 0 ++#define OPENSSL_NPN_NEGOTIATED 1 ++#define OPENSSL_NPN_NO_OVERLAP 2 ++ ++#endif + + #ifndef OPENSSL_NO_PSK + /* the maximum length of the buffer given to callbacks containing the +@@ -1187,6 +1230,19 @@ struct ssl_st + void *tls_session_secret_cb_arg; + + SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ ++ ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ /* Next protocol negotiation. For the client, this is the protocol that ++ * we sent in NextProtocol and is set when handling ServerHello ++ * extensions. ++ * ++ * For a server, this is the client's selected_protocol from ++ * NextProtocol and is set when handling the NextProtocol message, ++ * before the Finished message. */ ++ unsigned char *next_proto_negotiated; ++ unsigned char next_proto_negotiated_len; ++#endif ++ + #define session_ctx initial_ctx + #else + #define session_ctx ctx +@@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void); + #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 + #define SSL_F_SSL3_GET_MESSAGE 142 + #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 ++#define SSL_F_SSL3_GET_NEXT_PROTO 304 + #define SSL_F_SSL3_GET_RECORD 143 + #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 + #define SSL_F_SSL3_GET_SERVER_DONE 145 +@@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void); + #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 + #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 + #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 ++#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346 ++#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347 + #define SSL_R_HTTPS_PROXY_REQUEST 155 + #define SSL_R_HTTP_REQUEST 156 + #define SSL_R_ILLEGAL_PADDING 283 +--- openssl-1.0.0b.orig/ssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000 ++++ openssl-1.0.0b/ssl/ssl3.h 2010-11-29 19:56:04.965928855 +0000 +@@ -465,6 +465,12 @@ typedef struct ssl3_state_st + void *server_opaque_prf_input; + size_t server_opaque_prf_input_len; + ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ /* Set if we saw the Next Protocol Negotiation extension from ++ our peer. */ ++ int next_proto_neg_seen; ++#endif ++ + struct { + /* actually only needs to be 16+20 */ + unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; +@@ -557,6 +563,10 @@ typedef struct ssl3_state_st + #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) + #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) + #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) ++#ifndef OPENSSL_NO_NEXTPROTONEG ++#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) ++#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) ++#endif + #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) + #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) + /* read from server */ +@@ -602,6 +612,10 @@ typedef struct ssl3_state_st + #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) + #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) + #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) ++#ifndef OPENSSL_NO_NEXTPROTONEG ++#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) ++#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) ++#endif + #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) + #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) + /* write to client */ +@@ -626,6 +640,9 @@ typedef struct ssl3_state_st + #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 + #define SSL3_MT_FINISHED 20 + #define SSL3_MT_CERTIFICATE_STATUS 22 ++#ifndef OPENSSL_NO_NEXTPROTONEG ++#define SSL3_MT_NEXT_PROTO 67 ++#endif + #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + + +--- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-29 19:56:04.846517045 +0000 ++++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-29 19:56:04.965928855 +0000 +@@ -155,6 +155,7 @@ static ERR_STRING_DATA SSL_str_functs[]= + {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, + {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, + {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, ++{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, + {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, + {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, + {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, +@@ -355,6 +356,8 @@ static ERR_STRING_DATA SSL_str_reasons[] + {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, + {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, + {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, ++{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, ++{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"}, + {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, + {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, + {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, +--- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-29 19:56:04.846517045 +0000 ++++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-29 19:56:04.965928855 +0000 +@@ -354,6 +354,9 @@ SSL *SSL_new(SSL_CTX *ctx) + s->tlsext_ocsp_resplen = -1; + CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + s->initial_ctx=ctx; ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ s->next_proto_negotiated = NULL; ++# endif + #endif + + s->verify_result=X509_V_OK; +@@ -587,6 +590,11 @@ void SSL_free(SSL *s) + kssl_ctx_free(s->kssl_ctx); + #endif /* OPENSSL_NO_KRB5 */ + ++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) ++ if (s->next_proto_negotiated) ++ OPENSSL_free(s->next_proto_negotiated); ++#endif ++ + OPENSSL_free(s); + } + +@@ -1503,6 +1511,124 @@ int SSL_get_servername_type(const SSL *s + return TLSEXT_NAMETYPE_host_name; + return -1; + } ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++/* SSL_select_next_proto implements the standard protocol selection. It is ++ * expected that this function is called from the callback set by ++ * SSL_CTX_set_next_proto_select_cb. ++ * ++ * The protocol data is assumed to be a vector of 8-bit, length prefixed byte ++ * strings. The length byte itself is not included in the length. A byte ++ * string of length 0 is invalid. No byte string may be truncated. ++ * ++ * The current, but experimental algorithm for selecting the protocol is: ++ * ++ * 1) If the server doesn't support NPN then this is indicated to the ++ * callback. In this case, the client application has to abort the connection ++ * or have a default application level protocol. ++ * ++ * 2) If the server supports NPN, but advertises an empty list then the ++ * client selects the first protcol in its list, but indicates via the ++ * API that this fallback case was enacted. ++ * ++ * 3) Otherwise, the client finds the first protocol in the server's list ++ * that it supports and selects this protocol. This is because it's ++ * assumed that the server has better information about which protocol ++ * a client should use. ++ * ++ * 4) If the client doesn't support any of the server's advertised ++ * protocols, then this is treated the same as case 2. ++ * ++ * It returns either ++ * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or ++ * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. ++ */ ++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len) ++ { ++ unsigned int i, j; ++ const unsigned char *result; ++ int status = OPENSSL_NPN_UNSUPPORTED; ++ ++ /* For each protocol in server preference order, see if we support it. */ ++ for (i = 0; i < server_len; ) ++ { ++ for (j = 0; j < client_len; ) ++ { ++ if (server[i] == client[j] && ++ memcmp(&server[i+1], &client[j+1], server[i]) == 0) ++ { ++ /* We found a match */ ++ result = &server[i]; ++ status = OPENSSL_NPN_NEGOTIATED; ++ goto found; ++ } ++ j += client[j]; ++ j++; ++ } ++ i += server[i]; ++ i++; ++ } ++ ++ /* There's no overlap between our protocols and the server's list. */ ++ result = client; ++ status = OPENSSL_NPN_NO_OVERLAP; ++ ++ found: ++ *out = (unsigned char *) result + 1; ++ *outlen = result[0]; ++ return status; ++ } ++ ++/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's ++ * requested protocol for this connection and returns 0. If the client didn't ++ * request any protocol, then *data is set to NULL. ++ * ++ * Note that the client can request any protocol it chooses. The value returned ++ * from this function need not be a member of the list of supported protocols ++ * provided by the callback. ++ */ ++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len) ++ { ++ *data = s->next_proto_negotiated; ++ if (!*data) { ++ *len = 0; ++ } else { ++ *len = s->next_proto_negotiated_len; ++ } ++} ++ ++/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a ++ * TLS server needs a list of supported protocols for Next Protocol ++ * Negotiation. The returned list must be in wire format. The list is returned ++ * by setting |out| to point to it and |outlen| to its length. This memory will ++ * not be modified, but one should assume that the SSL* keeps a reference to ++ * it. ++ * ++ * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no ++ * such extension will be included in the ServerHello. */ ++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg) ++ { ++ ctx->next_protos_advertised_cb = cb; ++ ctx->next_protos_advertised_cb_arg = arg; ++ } ++ ++/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a ++ * client needs to select a protocol from the server's provided list. |out| ++ * must be set to point to the selected protocol (which may be within |in|). ++ * The length of the protocol name must be written into |outlen|. The server's ++ * advertised protocols are provided in |in| and |inlen|. The callback can ++ * assume that |in| is syntactically valid. ++ * ++ * The client must select a protocol. It is fatal to the connection if this ++ * callback returns a value other than SSL_TLSEXT_ERR_OK. ++ */ ++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg) ++ { ++ ctx->next_proto_select_cb = cb; ++ ctx->next_proto_select_cb_arg = arg; ++ } ++ ++# endif + #endif + + static unsigned long ssl_session_hash(const SSL_SESSION *a) +@@ -1667,6 +1793,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m + ret->tlsext_status_cb = 0; + ret->tlsext_status_arg = NULL; + ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ ret->next_protos_advertised_cb = 0; ++ ret->next_proto_select_cb = 0; ++# endif + #endif + #ifndef OPENSSL_NO_PSK + ret->psk_identity_hint=NULL; +--- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-29 19:56:04.846517045 +0000 ++++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-29 19:56:04.965928855 +0000 +@@ -968,6 +968,9 @@ int ssl3_get_server_certificate(SSL *s); + int ssl3_check_cert_and_algorithm(SSL *s); + #ifndef OPENSSL_NO_TLSEXT + int ssl3_check_finished(SSL *s); ++# ifndef OPENSSL_NO_NEXTPROTONEG ++int ssl3_send_next_proto(SSL *s); ++# endif + #endif + + int dtls1_client_hello(SSL *s); +@@ -986,6 +989,9 @@ int ssl3_check_client_hello(SSL *s); + int ssl3_get_client_certificate(SSL *s); + int ssl3_get_client_key_exchange(SSL *s); + int ssl3_get_cert_verify(SSL *s); ++#ifndef OPENSSL_NO_NEXTPROTONEG ++int ssl3_get_next_proto(SSL *s); ++#endif + + int dtls1_send_hello_request(SSL *s); + int dtls1_send_server_hello(SSL *s); +--- openssl-1.0.0b.orig/ssl/t1_lib.c 2010-11-16 13:26:24.000000000 +0000 ++++ openssl-1.0.0b/ssl/t1_lib.c 2010-11-29 19:56:04.965928855 +0000 +@@ -494,6 +494,18 @@ unsigned char *ssl_add_clienthello_tlsex + i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); + } + ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) ++ { ++ /* The client advertises an emtpy extension to indicate its ++ * support for Next Protocol Negotiation */ ++ if (limit - ret - 4 < 0) ++ return NULL; ++ s2n(TLSEXT_TYPE_next_proto_neg,ret); ++ s2n(0,ret); ++ } ++#endif ++ + if ((extdatalen = ret-p-2)== 0) + return p; + +@@ -505,6 +517,9 @@ unsigned char *ssl_add_serverhello_tlsex + { + int extdatalen=0; + unsigned char *ret = p; ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ int next_proto_neg_seen; ++#endif + + /* don't add extensions for SSLv3, unless doing secure renegotiation */ + if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) +@@ -618,6 +633,28 @@ unsigned char *ssl_add_serverhello_tlsex + + } + ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ next_proto_neg_seen = s->s3->next_proto_neg_seen; ++ s->s3->next_proto_neg_seen = 0; ++ if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) ++ { ++ const unsigned char *npa; ++ unsigned int npalen; ++ int r; ++ ++ r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg); ++ if (r == SSL_TLSEXT_ERR_OK) ++ { ++ if ((long)(limit - ret - 4 - npalen) < 0) return NULL; ++ s2n(TLSEXT_TYPE_next_proto_neg,ret); ++ s2n(npalen,ret); ++ memcpy(ret, npa, npalen); ++ ret += npalen; ++ s->s3->next_proto_neg_seen = 1; ++ } ++ } ++#endif ++ + if ((extdatalen = ret-p-2)== 0) + return p; + +@@ -982,6 +1019,28 @@ int ssl_parse_clienthello_tlsext(SSL *s, + else + s->tlsext_status_type = -1; + } ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ else if (type == TLSEXT_TYPE_next_proto_neg && ++ s->s3->tmp.finish_md_len == 0) ++ { ++ /* We shouldn't accept this extension on a ++ * renegotiation. ++ * ++ * s->new_session will be set on renegotiation, but we ++ * probably shouldn't rely that it couldn't be set on ++ * the initial renegotation too in certain cases (when ++ * there's some other reason to disallow resuming an ++ * earlier session -- the current code won't be doing ++ * anything like that, but this might change). ++ ++ * A valid sign that there's been a previous handshake ++ * in this connection is if s->s3->tmp.finish_md_len > ++ * 0. (We are talking about a check that will happen ++ * in the Hello protocol round, well before a new ++ * Finished message could have been computed.) */ ++ s->s3->next_proto_neg_seen = 1; ++ } ++#endif + + /* session ticket processed earlier */ + data+=size; +@@ -1005,6 +1064,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, + return 1; + } + ++#ifndef OPENSSL_NO_NEXTPROTONEG ++/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No ++ * elements of zero length are allowed and the set of elements must exactly fill ++ * the length of the block. */ ++static int ssl_next_proto_validate(unsigned char *d, unsigned len) ++ { ++ unsigned int off = 0; ++ ++ while (off < len) ++ { ++ if (d[off] == 0) ++ return 0; ++ off += d[off]; ++ off++; ++ } ++ ++ return off == len; ++ } ++#endif ++ + int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) + { + unsigned short length; +@@ -1139,6 +1218,39 @@ int ssl_parse_serverhello_tlsext(SSL *s, + /* Set flag to expect CertificateStatus message */ + s->tlsext_status_expected = 1; + } ++#ifndef OPENSSL_NO_NEXTPROTONEG ++ else if (type == TLSEXT_TYPE_next_proto_neg) ++ { ++ unsigned char *selected; ++ unsigned char selected_len; ++ ++ /* We must have requested it. */ ++ if ((s->ctx->next_proto_select_cb == NULL)) ++ { ++ *al = TLS1_AD_UNSUPPORTED_EXTENSION; ++ return 0; ++ } ++ /* The data must be valid */ ++ if (!ssl_next_proto_validate(data, size)) ++ { ++ *al = TLS1_AD_DECODE_ERROR; ++ return 0; ++ } ++ if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) ++ { ++ *al = TLS1_AD_INTERNAL_ERROR; ++ return 0; ++ } ++ s->next_proto_negotiated = OPENSSL_malloc(selected_len); ++ if (!s->next_proto_negotiated) ++ { ++ *al = TLS1_AD_INTERNAL_ERROR; ++ return 0; ++ } ++ memcpy(s->next_proto_negotiated, selected, selected_len); ++ s->next_proto_negotiated_len = selected_len; ++ } ++#endif + else if (type == TLSEXT_TYPE_renegotiate) + { + if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) +--- openssl-1.0.0b.orig/ssl/tls1.h 2009-11-11 14:51:29.000000000 +0000 ++++ openssl-1.0.0b/ssl/tls1.h 2010-11-29 19:56:04.965928855 +0000 +@@ -204,6 +204,11 @@ extern "C" { + /* Temporary extension type */ + #define TLSEXT_TYPE_renegotiate 0xff01 + ++#ifndef OPENSSL_NO_NEXTPROTONEG ++/* This is not an IANA defined extension number */ ++#define TLSEXT_TYPE_next_proto_neg 13172 ++#endif ++ + /* NameType value from RFC 3546 */ + #define TLSEXT_NAMETYPE_host_name 0 + /* status request value from RFC 3546 */ diff --git a/openssl/patches/progs.patch b/openssl/patches/progs.patch new file mode 100644 index 00000000..16fd9b0b --- /dev/null +++ b/openssl/patches/progs.patch @@ -0,0 +1,54 @@ +--- openssl-1.0.0.orig/apps/openssl.c 2009-10-04 09:43:21.000000000 -0700 ++++ openssl-1.0.0/apps/openssl.c 2010-05-18 14:05:14.000000000 -0700 +@@ -275,8 +275,10 @@ int main(int Argc, char *Argv[]) + if (ERR_GET_REASON(ERR_peek_last_error()) + == CONF_R_NO_SUCH_FILE) + { ++#if 0 /* ANDROID */ + BIO_printf(bio_err, + "WARNING: can't open config file: %s\n",p); ++#endif + ERR_clear_error(); + NCONF_free(config); + config = NULL; +--- openssl-1.0.0.orig/apps/progs.h 2009-06-30 08:08:38.000000000 -0700 ++++ openssl-1.0.0/apps/progs.h 2010-05-18 14:05:38.000000000 -0700 +@@ -146,7 +152,9 @@ FUNCTION functions[] = { + {FUNC_TYPE_GENERAL,"ocsp",ocsp_main}, + #endif + {FUNC_TYPE_GENERAL,"prime",prime_main}, ++#if 0 /* ANDROID */ + {FUNC_TYPE_GENERAL,"ts",ts_main}, ++#endif + #ifndef OPENSSL_NO_MD2 + {FUNC_TYPE_MD,"md2",dgst_main}, + #endif +--- openssl-1.0.0.orig/apps/speed.c 2010-03-03 11:56:17.000000000 -0800 ++++ openssl-1.0.0/apps/speed.c 2010-05-18 14:05:57.000000000 -0700 +@@ -1718,6 +1718,7 @@ int MAIN(int argc, char **argv) + } + } + ++#if 0 /* ANDROID */ + if (doit[D_IGE_128_AES]) + { + for (j=0; jlength > s->s3->rbuf.len - DTLS1_RT_HEADER_LENGTH) ++ { ++ unsigned char *pp; ++ unsigned int newlen = rr->length + DTLS1_RT_HEADER_LENGTH; ++ if ((pp=OPENSSL_realloc(s->s3->rbuf.buf, newlen))==NULL) ++ { ++ SSLerr(SSL_F_DTLS1_GET_RECORD,ERR_R_MALLOC_FAILURE); ++ return(-1); ++ } ++ p = pp + (p - s->s3->rbuf.buf); ++ s->s3->rbuf.buf=pp; ++ s->s3->rbuf.len=newlen; ++ s->packet= &(s->s3->rbuf.buf[0]); ++ } ++ + /* now s->rstate == SSL_ST_READ_BODY */ + } + +@@ -1342,6 +1360,7 @@ int do_dtls1_write(SSL *s, int type, con + SSL3_BUFFER *wb; + SSL_SESSION *sess; + int bs; ++ unsigned int len_with_overhead = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD; + + /* first check if there is a SSL3_BUFFER still being written + * out. This will happen with non blocking IO */ +@@ -1351,6 +1370,16 @@ int do_dtls1_write(SSL *s, int type, con + return(ssl3_write_pending(s,type,buf,len)); + } + ++ if (s->s3->wbuf.len < len_with_overhead) ++ { ++ if ((p=OPENSSL_realloc(s->s3->wbuf.buf, len_with_overhead)) == NULL) { ++ SSLerr(SSL_F_DO_DTLS1_WRITE,ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ s->s3->wbuf.buf = p; ++ s->s3->wbuf.len = len_with_overhead; ++ } ++ + /* If we have an alert to send, lets send it */ + if (s->s3->alert_dispatch) + { +--- openssl-1.0.0a.orig/ssl/s23_srvr.c 2010-02-16 14:20:40.000000000 +0000 ++++ openssl-1.0.0a/ssl/s23_srvr.c 2010-08-25 21:12:39.000000000 +0000 +@@ -403,8 +403,13 @@ int ssl23_get_client_hello(SSL *s) + v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ + v[1] = p[4]; + ++/* The SSL2 protocol allows n to be larger, just pick ++ * a reasonable buffer size. */ ++#if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD ++#error "SSL3_RT_DEFAULT_PACKET_SIZE is too small." ++#endif + n=((p[0]&0x7f)<<8)|p[1]; +- if (n > (1024*4)) ++ if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2) + { + SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); + goto err; +--- openssl-1.0.0a.orig/ssl/s3_both.c 2010-03-24 23:16:49.000000000 +0000 ++++ openssl-1.0.0a/ssl/s3_both.c 2010-08-25 21:12:39.000000000 +0000 +@@ -715,13 +722,20 @@ int ssl3_setup_read_buffer(SSL *s) + + if (s->s3->rbuf.buf == NULL) + { +- len = SSL3_RT_MAX_PLAIN_LENGTH +- + SSL3_RT_MAX_ENCRYPTED_OVERHEAD +- + headerlen + align; +- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) ++ if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) + { +- s->s3->init_extra = 1; +- len += SSL3_RT_MAX_EXTRA; ++ len = SSL3_RT_DEFAULT_PACKET_SIZE; ++ } ++ else ++ { ++ len = SSL3_RT_MAX_PLAIN_LENGTH ++ + SSL3_RT_MAX_ENCRYPTED_OVERHEAD ++ + headerlen + align; ++ if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) ++ { ++ s->s3->init_extra = 1; ++ len += SSL3_RT_MAX_EXTRA; ++ } + } + #ifndef OPENSSL_NO_COMP + if (!(s->options & SSL_OP_NO_COMPRESSION)) +@@ -757,7 +771,15 @@ int ssl3_setup_write_buffer(SSL *s) + + if (s->s3->wbuf.buf == NULL) + { +- len = s->max_send_fragment ++ if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) ++ { ++ len = SSL3_RT_DEFAULT_PACKET_SIZE; ++ } ++ else ++ { ++ len = s->max_send_fragment; ++ } ++ len += 0 + + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + + headerlen + align; + #ifndef OPENSSL_NO_COMP +@@ -767,7 +789,6 @@ int ssl3_setup_write_buffer(SSL *s) + if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + len += headerlen + align + + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; +- + if ((p=freelist_extract(s->ctx, 0, len)) == NULL) + goto err; + s->s3->wbuf.buf = p; +@@ -810,4 +831,3 @@ int ssl3_release_read_buffer(SSL *s) + } + return 1; + } +- +--- openssl-1.0.0a.orig/ssl/s3_pkt.c 2010-03-25 11:22:42.000000000 +0000 ++++ openssl-1.0.0a/ssl/s3_pkt.c 2010-08-25 21:12:39.000000000 +0000 +@@ -293,6 +293,11 @@ static int ssl3_get_record(SSL *s) + size_t extra; + int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; ++#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 ++ long align=SSL3_ALIGN_PAYLOAD; ++#else ++ long align=0; ++#endif + + rr= &(s->s3->rrec); + sess=s->session; +@@ -301,7 +306,8 @@ static int ssl3_get_record(SSL *s) + extra=SSL3_RT_MAX_EXTRA; + else + extra=0; +- if (extra && !s->s3->init_extra) ++ if (!(SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) && ++ extra && !s->s3->init_extra) + { + /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER + * set after ssl3_setup_buffers() was done */ +@@ -350,6 +356,21 @@ fprintf(stderr, "Record type=%d, Length= + goto err; + } + ++ /* If we receive a valid record larger than the current buffer size, ++ * allocate some memory for it. ++ */ ++ if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align) ++ { ++ if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL3_RT_HEADER_LENGTH + align))==NULL) ++ { ++ SSLerr(SSL_F_SSL3_GET_RECORD,ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ s->s3->rbuf.buf=p; ++ s->s3->rbuf.len=rr->length + SSL3_RT_HEADER_LENGTH + align; ++ s->packet= &(s->s3->rbuf.buf[0]); ++ } ++ + if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH) + { + al=SSL_AD_RECORD_OVERFLOW; +@@ -576,6 +597,7 @@ int ssl3_write_bytes(SSL *s, int type, c + const unsigned char *buf=buf_; + unsigned int tot,n,nw; + int i; ++ unsigned int max_plain_length; + + s->rwstate=SSL_NOTHING; + tot=s->s3->wnum; +@@ -595,8 +617,13 @@ int ssl3_write_bytes(SSL *s, int type, c + n=(len-tot); + for (;;) + { +- if (n > s->max_send_fragment) +- nw=s->max_send_fragment; ++ if (type == SSL3_RT_APPLICATION_DATA && (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS)) ++ max_plain_length = SSL3_RT_DEFAULT_PLAIN_LENGTH; ++ else ++ max_plain_length = s->max_send_fragment; ++ ++ if (n > max_plain_length) ++ nw = max_plain_length; + else + nw=n; + +@@ -727,6 +727,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + s->s3->empty_fragment_done = 1; + } + ++ /* resize if necessary to hold the data. */ ++ if (len + SSL3_RT_DEFAULT_WRITE_OVERHEAD > wb->len) ++ { ++ if ((p=OPENSSL_realloc(wb->buf, len + SSL3_RT_DEFAULT_WRITE_OVERHEAD))==NULL) ++ { ++ SSLerr(SSL_F_DO_SSL3_WRITE,ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ wb->buf = p; ++ wb->len = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD; ++ } ++ + if (create_empty_fragment) + { + #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0 +--- openssl-1.0.0a.orig/ssl/ssl.h 2010-01-06 17:37:38.000000000 +0000 ++++ openssl-1.0.0a/ssl/ssl.h 2010-08-25 21:12:39.000000000 +0000 +@@ -602,6 +602,9 @@ typedef struct ssl_session_st + * TLS only.) "Released" buffers are put onto a free-list in the context + * or just freed (depending on the context's setting for freelist_max_len). */ + #define SSL_MODE_RELEASE_BUFFERS 0x00000010L ++/* Use small read and write buffers: (a) lazy allocate read buffers for ++ * large incoming records, and (b) limit the size of outgoing records. */ ++#define SSL_MODE_SMALL_BUFFERS 0x00000020L + + /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, + * they cannot be used to clear bits. */ +--- openssl-1.0.0a.orig/ssl/ssl3.h 2010-01-06 17:37:38.000000000 +0000 ++++ openssl-1.0.0a/ssl/ssl3.h 2010-08-25 21:12:39.000000000 +0000 +@@ -280,6 +280,9 @@ extern "C" { + + #define SSL3_RT_MAX_EXTRA (16384) + ++/* Default buffer length used for writen records. Thus a generated record ++ * will contain plaintext no larger than this value. */ ++#define SSL3_RT_DEFAULT_PLAIN_LENGTH 2048 + /* Maximum plaintext length: defined by SSL/TLS standards */ + #define SSL3_RT_MAX_PLAIN_LENGTH 16384 + /* Maximum compression overhead: defined by SSL/TLS standards */ +@@ -311,6 +314,13 @@ extern "C" { + #define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + ++/* Extra space for empty fragment, headers, MAC, and padding. */ ++#define SSL3_RT_DEFAULT_WRITE_OVERHEAD 256 ++#define SSL3_RT_DEFAULT_PACKET_SIZE 4096 - SSL3_RT_DEFAULT_WRITE_OVERHEAD ++#if SSL3_RT_DEFAULT_PLAIN_LENGTH + SSL3_RT_DEFAULT_WRITE_OVERHEAD > SSL3_RT_DEFAULT_PACKET_SIZE ++#error "Insufficient space allocated for write buffers." ++#endif ++ + #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" + #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +@@ -634,4 +645,3 @@ typedef struct ssl3_state_st + } + #endif + #endif +- +--- openssl-1.0.0a.orig/ssl/ssltest.c 2010-01-24 16:57:38.000000000 +0000 ++++ openssl-1.0.0a/ssl/ssltest.c 2010-08-25 21:12:39.000000000 +0000 +@@ -316,6 +316,8 @@ static void sv_usage(void) + " (default is sect163r2).\n"); + #endif + fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); ++ fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n"); ++ fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n"); + } + + static void print_details(SSL *c_ssl, const char *prefix) +@@ -444,6 +447,9 @@ int opaque_prf_input_cb(SSL *ssl, void * + return arg->ret; + } + #endif ++ int ssl_mode = 0; ++ int c_small_records=0; ++ int s_small_records=0; + + int main(int argc, char *argv[]) + { +@@ -680,6 +687,14 @@ int main(int argc, char *argv[]) + { + test_cipherlist = 1; + } ++ else if (strcmp(*argv, "-c_small_records") == 0) ++ { ++ c_small_records = 1; ++ } ++ else if (strcmp(*argv, "-s_small_records") == 0) ++ { ++ s_small_records = 1; ++ } + else + { + fprintf(stderr,"unknown option %s\n",*argv); +@@ -802,6 +821,21 @@ bad: + SSL_CTX_set_cipher_list(s_ctx,cipher); + } + ++ ssl_mode = 0; ++ if (c_small_records) ++ { ++ ssl_mode = SSL_CTX_get_mode(c_ctx); ++ ssl_mode |= SSL_MODE_SMALL_BUFFERS; ++ SSL_CTX_set_mode(c_ctx, ssl_mode); ++ } ++ ssl_mode = 0; ++ if (s_small_records) ++ { ++ ssl_mode = SSL_CTX_get_mode(s_ctx); ++ ssl_mode |= SSL_MODE_SMALL_BUFFERS; ++ SSL_CTX_set_mode(s_ctx, ssl_mode); ++ } ++ + #ifndef OPENSSL_NO_DH + if (!no_dhe) + { +--- openssl-1.0.0.orig/test/testssl 2006-03-10 15:06:27.000000000 -0800 ++++ openssl-1.0.0/test/testssl 2010-04-26 10:24:55.000000000 -0700 +@@ -70,6 +70,16 @@ $ssltest -client_auth $CA $extra || exit + echo test sslv2/sslv3 with both client and server authentication + $ssltest -server_auth -client_auth $CA $extra || exit 1 + ++echo test sslv2/sslv3 with both client and server authentication and small client buffers ++$ssltest -server_auth -client_auth -c_small_records $CA $extra || exit 1 ++ ++echo test sslv2/sslv3 with both client and server authentication and small server buffers ++$ssltest -server_auth -client_auth -s_small_records $CA $extra || exit 1 ++ ++echo test sslv2/sslv3 with both client and server authentication and small client and server buffers ++$ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1 ++ ++ + echo test sslv2 via BIO pair + $ssltest -bio_pair -ssl2 $extra || exit 1 + diff --git a/openssl/patches/ssl_Android.mk b/openssl/patches/ssl_Android.mk new file mode 100644 index 00000000..487aabbc --- /dev/null +++ b/openssl/patches/ssl_Android.mk @@ -0,0 +1,98 @@ +LOCAL_PATH:= $(call my-dir) + +local_c_includes := \ + external/openssl \ + external/openssl/include \ + external/openssl/crypto + +local_src_files:= \ + s2_meth.c \ + s2_srvr.c \ + s2_clnt.c \ + s2_lib.c \ + s2_enc.c \ + s2_pkt.c \ + s3_meth.c \ + s3_srvr.c \ + s3_clnt.c \ + s3_lib.c \ + s3_enc.c \ + s3_pkt.c \ + s3_both.c \ + s23_meth.c \ + s23_srvr.c \ + s23_clnt.c \ + s23_lib.c \ + s23_pkt.c \ + t1_meth.c \ + t1_srvr.c \ + t1_clnt.c \ + t1_lib.c \ + t1_enc.c \ + t1_reneg.c \ + ssl_lib.c \ + ssl_err2.c \ + ssl_cert.c \ + ssl_sess.c \ + ssl_ciph.c \ + ssl_stat.c \ + ssl_rsa.c \ + ssl_asn1.c \ + ssl_txt.c \ + ssl_algs.c \ + bio_ssl.c \ + ssl_err.c \ + kssl.c + +####################################### +# target static library +include $(CLEAR_VARS) +include $(LOCAL_PATH)/../android-config.mk + +ifneq ($(TARGET_ARCH),x86) +LOCAL_NDK_VERSION := 5 +LOCAL_SDK_VERSION := 9 +endif +LOCAL_SRC_FILES += $(local_src_files) +LOCAL_C_INCLUDES += $(local_c_includes) +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE:= libssl_static +include $(BUILD_STATIC_LIBRARY) + +####################################### +# target shared library +include $(CLEAR_VARS) +include $(LOCAL_PATH)/../android-config.mk + +ifneq ($(TARGET_ARCH),x86) +LOCAL_NDK_VERSION := 5 +LOCAL_SDK_VERSION := 9 +endif +LOCAL_SRC_FILES += $(local_src_files) +LOCAL_C_INCLUDES += $(local_c_includes) +LOCAL_SHARED_LIBRARIES += libcrypto +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE:= libssl +include $(BUILD_SHARED_LIBRARY) + +####################################### +# host shared library +include $(CLEAR_VARS) +include $(LOCAL_PATH)/../android-config.mk +LOCAL_SRC_FILES += $(local_src_files) +LOCAL_C_INCLUDES += $(local_c_includes) +LOCAL_SHARED_LIBRARIES += libcrypto +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE:= libssl +include $(BUILD_HOST_SHARED_LIBRARY) + +####################################### +# ssltest +include $(CLEAR_VARS) +include $(LOCAL_PATH)/../android-config.mk +LOCAL_SRC_FILES:= ssltest.c +LOCAL_C_INCLUDES += $(local_c_includes) +LOCAL_SHARED_LIBRARIES := libssl libcrypto +LOCAL_MODULE:= ssltest +LOCAL_MODULE_TAGS := optional +include $(BUILD_EXECUTABLE) diff --git a/openssl/patches/sslv3_uninit_padding.patch b/openssl/patches/sslv3_uninit_padding.patch new file mode 100644 index 00000000..89fff7b5 --- /dev/null +++ b/openssl/patches/sslv3_uninit_padding.patch @@ -0,0 +1,14 @@ +diff --git a/ssl/s3_enc.c b/google3/third_party/openssl/openssl/ssl/s3_enc.c +index 58386e1..b145970 100644 +--- a/ssl/s3_enc.c ++++ b/ssl/s3_enc.c +@@ -511,6 +511,9 @@ int ssl3_enc(SSL *s, int send) + + /* we need to add 'i-1' padding bytes */ + l+=i; ++ /* the last of these zero bytes will be overwritten ++ * with the padding length. */ ++ memset(&rec->input[rec->length], 0, i); + rec->length+=i; + rec->input[l-1]=(i-1); + } diff --git a/openssl/patches/testssl.sh b/openssl/patches/testssl.sh new file mode 100755 index 00000000..cd560928 --- /dev/null +++ b/openssl/patches/testssl.sh @@ -0,0 +1,77 @@ +#!/bin/bash +# +# Copyright (C) 2010 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# Android testssl.sh driver script for openssl's testssl +# +# based on openssl's test/testss script and test/Makefile's test_ssl target +# + +set -e +trap "echo Exiting on unexpected error." ERR + +device=/sdcard/android.testssl + +digest='-sha1' +reqcmd="adb shell /system/bin/openssl req" +x509cmd="adb shell /system/bin/openssl x509 $digest" + +CAkey="$device/keyCA.ss" +CAcert="$device/certCA.ss" +CAreq="$device/reqCA.ss" +CAconf="$device/CAss.cnf" + +Uconf="$device/Uss.cnf" +Ureq="$device/reqU.ss" +Ukey="$device/keyU.ss" +Ucert="$device/certU.ss" + +echo +echo "setting up" +adb remount +adb shell rm -r $device +adb shell mkdir $device + +echo +echo "pushing test files to device" +adb push . $device + +echo +echo "make a certificate request using 'req'" +adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd" +req_new='-new' +$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new + +echo +echo "convert the certificate request into a self signed certificate using 'x509'" +$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca + +echo +echo "make a user certificate request using 'req'" +$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new + +echo +echo "sign user certificate request with the just created CA via 'x509'" +$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee + +echo +echo "running testssl" +./testssl $Ukey $Ucert $CAcert + +echo +echo "cleaning up" +adb shell rm -r $device -- cgit v1.2.3