summaryrefslogtreecommitdiff
path: root/openssl/patches
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2012-04-16 19:21:14 +0200
committerArne Schwabe <arne@rfc2549.org>2012-04-16 19:21:14 +0200
commit3e4d8f433239c40311037616b1b8833a06651ae0 (patch)
tree98ab7fce0d011d34677b0beb762d389cb5c39199 /openssl/patches
Initial import
Diffstat (limited to 'openssl/patches')
-rw-r--r--openssl/patches/README39
-rw-r--r--openssl/patches/apps_Android.mk87
-rw-r--r--openssl/patches/crypto_Android.mk559
-rw-r--r--openssl/patches/handshake_cutthrough.patch275
-rw-r--r--openssl/patches/jsse.patch426
-rw-r--r--openssl/patches/npn.patch1293
-rw-r--r--openssl/patches/progs.patch54
-rw-r--r--openssl/patches/sha1_armv4_large.patch21
-rw-r--r--openssl/patches/small_records.patch337
-rw-r--r--openssl/patches/ssl_Android.mk98
-rw-r--r--openssl/patches/sslv3_uninit_padding.patch14
-rwxr-xr-xopenssl/patches/testssl.sh77
12 files changed, 3280 insertions, 0 deletions
diff --git a/openssl/patches/README b/openssl/patches/README
new file mode 100644
index 0000000..54b6e06
--- /dev/null
+++ b/openssl/patches/README
@@ -0,0 +1,39 @@
+progs.patch:
+
+Fixup sources under the apps/ directory that are not built under the android environment.
+
+
+small_records.patch:
+
+Reduce OpenSSL memory consumption.
+SSL records may be as large as 16K, but are typically < 2K. In
+addition, a historic bug in Windows allowed records to be as large
+32K. OpenSSL statically allocates read and write buffers (34K and
+18K respectively) used for processing records.
+With this patch, OpenSSL statically allocates 4K + 4K buffers, with
+the option of dynamically growing buffers to 34K + 4K, which is a
+saving of 44K per connection for the typical case.
+
+
+handshake_cutthrough.patch
+
+Enables SSL3+ clients to send application data immediately following the
+Finished message even when negotiating full-handshakes. With this patch,
+clients can negotiate SSL connections in 1-RTT even when performing
+full-handshakes.
+
+jsse.patch
+
+Support for JSSE implementation based on OpenSSL.
+
+npn.patch
+
+Transport Layer Security (TLS) Next Protocol Negotiation Extension
+
+sslv3_uninit_padding.patch
+
+This patch sets the padding for SSLv3 block ciphers to zero.
+
+sha1_armv4_large.patch
+
+This patch eliminates memory stores to addresses below SP.
diff --git a/openssl/patches/apps_Android.mk b/openssl/patches/apps_Android.mk
new file mode 100644
index 0000000..20cc5a9
--- /dev/null
+++ b/openssl/patches/apps_Android.mk
@@ -0,0 +1,87 @@
+# Copyright 2006 The Android Open Source Project
+
+LOCAL_PATH:= $(call my-dir)
+
+local_src_files:= \
+ app_rand.c \
+ apps.c \
+ asn1pars.c \
+ ca.c \
+ ciphers.c \
+ crl.c \
+ crl2p7.c \
+ dgst.c \
+ dh.c \
+ dhparam.c \
+ dsa.c \
+ dsaparam.c \
+ ecparam.c \
+ ec.c \
+ enc.c \
+ engine.c \
+ errstr.c \
+ gendh.c \
+ gendsa.c \
+ genpkey.c \
+ genrsa.c \
+ nseq.c \
+ ocsp.c \
+ openssl.c \
+ passwd.c \
+ pkcs12.c \
+ pkcs7.c \
+ pkcs8.c \
+ pkey.c \
+ pkeyparam.c \
+ pkeyutl.c \
+ prime.c \
+ rand.c \
+ req.c \
+ rsa.c \
+ rsautl.c \
+ s_cb.c \
+ s_client.c \
+ s_server.c \
+ s_socket.c \
+ s_time.c \
+ sess_id.c \
+ smime.c \
+ speed.c \
+ spkac.c \
+ verify.c \
+ version.c \
+ x509.c
+
+local_shared_libraries := \
+ libssl \
+ libcrypto
+
+local_c_includes := \
+ external/openssl \
+ external/openssl/include
+
+local_cflags := -DMONOLITH
+
+# These flags omit whole features from the commandline "openssl".
+# However, portions of these features are actually turned on.
+local_cflags += -DOPENSSL_NO_DTLS1
+
+include $(CLEAR_VARS)
+LOCAL_MODULE:= openssl
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := $(local_src_files)
+LOCAL_SHARED_LIBRARIES := $(local_shared_libraries)
+LOCAL_C_INCLUDES := $(local_c_includes)
+LOCAL_CFLAGS := $(local_cflags)
+include $(LOCAL_PATH)/../android-config.mk
+include $(BUILD_EXECUTABLE)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE:= openssl
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := $(local_src_files)
+LOCAL_SHARED_LIBRARIES := $(local_shared_libraries)
+LOCAL_C_INCLUDES := $(local_c_includes)
+LOCAL_CFLAGS := $(local_cflags)
+include $(LOCAL_PATH)/../android-config.mk
+include $(BUILD_HOST_EXECUTABLE)
diff --git a/openssl/patches/crypto_Android.mk b/openssl/patches/crypto_Android.mk
new file mode 100644
index 0000000..6f09fa5
--- /dev/null
+++ b/openssl/patches/crypto_Android.mk
@@ -0,0 +1,559 @@
+LOCAL_PATH:= $(call my-dir)
+
+arm_cflags := -DOPENSSL_BN_ASM_MONT -DAES_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
+arm_src_files := \
+ aes/asm/aes-armv4.s \
+ bn/asm/armv4-mont.s \
+ sha/asm/sha1-armv4-large.s \
+ sha/asm/sha256-armv4.s \
+ sha/asm/sha512-armv4.s
+non_arm_src_files := aes/aes_core.c
+
+local_src_files := \
+ cryptlib.c \
+ mem.c \
+ mem_clr.c \
+ mem_dbg.c \
+ cversion.c \
+ ex_data.c \
+ cpt_err.c \
+ ebcdic.c \
+ uid.c \
+ o_time.c \
+ o_str.c \
+ o_dir.c \
+ aes/aes_cbc.c \
+ aes/aes_cfb.c \
+ aes/aes_ctr.c \
+ aes/aes_ecb.c \
+ aes/aes_misc.c \
+ aes/aes_ofb.c \
+ aes/aes_wrap.c \
+ asn1/a_bitstr.c \
+ asn1/a_bool.c \
+ asn1/a_bytes.c \
+ asn1/a_d2i_fp.c \
+ asn1/a_digest.c \
+ asn1/a_dup.c \
+ asn1/a_enum.c \
+ asn1/a_gentm.c \
+ asn1/a_i2d_fp.c \
+ asn1/a_int.c \
+ asn1/a_mbstr.c \
+ asn1/a_object.c \
+ asn1/a_octet.c \
+ asn1/a_print.c \
+ asn1/a_set.c \
+ asn1/a_sign.c \
+ asn1/a_strex.c \
+ asn1/a_strnid.c \
+ asn1/a_time.c \
+ asn1/a_type.c \
+ asn1/a_utctm.c \
+ asn1/a_utf8.c \
+ asn1/a_verify.c \
+ asn1/ameth_lib.c \
+ asn1/asn1_err.c \
+ asn1/asn1_gen.c \
+ asn1/asn1_lib.c \
+ asn1/asn1_par.c \
+ asn1/asn_mime.c \
+ asn1/asn_moid.c \
+ asn1/asn_pack.c \
+ asn1/bio_asn1.c \
+ asn1/bio_ndef.c \
+ asn1/d2i_pr.c \
+ asn1/d2i_pu.c \
+ asn1/evp_asn1.c \
+ asn1/f_enum.c \
+ asn1/f_int.c \
+ asn1/f_string.c \
+ asn1/i2d_pr.c \
+ asn1/i2d_pu.c \
+ asn1/n_pkey.c \
+ asn1/nsseq.c \
+ asn1/p5_pbe.c \
+ asn1/p5_pbev2.c \
+ asn1/p8_pkey.c \
+ asn1/t_bitst.c \
+ asn1/t_crl.c \
+ asn1/t_pkey.c \
+ asn1/t_req.c \
+ asn1/t_spki.c \
+ asn1/t_x509.c \
+ asn1/t_x509a.c \
+ asn1/tasn_dec.c \
+ asn1/tasn_enc.c \
+ asn1/tasn_fre.c \
+ asn1/tasn_new.c \
+ asn1/tasn_prn.c \
+ asn1/tasn_typ.c \
+ asn1/tasn_utl.c \
+ asn1/x_algor.c \
+ asn1/x_attrib.c \
+ asn1/x_bignum.c \
+ asn1/x_crl.c \
+ asn1/x_exten.c \
+ asn1/x_info.c \
+ asn1/x_long.c \
+ asn1/x_name.c \
+ asn1/x_nx509.c \
+ asn1/x_pkey.c \
+ asn1/x_pubkey.c \
+ asn1/x_req.c \
+ asn1/x_sig.c \
+ asn1/x_spki.c \
+ asn1/x_val.c \
+ asn1/x_x509.c \
+ asn1/x_x509a.c \
+ bf/bf_cfb64.c \
+ bf/bf_ecb.c \
+ bf/bf_enc.c \
+ bf/bf_ofb64.c \
+ bf/bf_skey.c \
+ bio/b_dump.c \
+ bio/b_print.c \
+ bio/b_sock.c \
+ bio/bf_buff.c \
+ bio/bf_nbio.c \
+ bio/bf_null.c \
+ bio/bio_cb.c \
+ bio/bio_err.c \
+ bio/bio_lib.c \
+ bio/bss_acpt.c \
+ bio/bss_bio.c \
+ bio/bss_conn.c \
+ bio/bss_dgram.c \
+ bio/bss_fd.c \
+ bio/bss_file.c \
+ bio/bss_log.c \
+ bio/bss_mem.c \
+ bio/bss_null.c \
+ bio/bss_sock.c \
+ bn/bn_add.c \
+ bn/bn_asm.c \
+ bn/bn_blind.c \
+ bn/bn_const.c \
+ bn/bn_ctx.c \
+ bn/bn_div.c \
+ bn/bn_err.c \
+ bn/bn_exp.c \
+ bn/bn_exp2.c \
+ bn/bn_gcd.c \
+ bn/bn_gf2m.c \
+ bn/bn_kron.c \
+ bn/bn_lib.c \
+ bn/bn_mod.c \
+ bn/bn_mont.c \
+ bn/bn_mpi.c \
+ bn/bn_mul.c \
+ bn/bn_nist.c \
+ bn/bn_prime.c \
+ bn/bn_print.c \
+ bn/bn_rand.c \
+ bn/bn_recp.c \
+ bn/bn_shift.c \
+ bn/bn_sqr.c \
+ bn/bn_sqrt.c \
+ bn/bn_word.c \
+ buffer/buf_err.c \
+ buffer/buffer.c \
+ comp/c_rle.c \
+ comp/c_zlib.c \
+ comp/comp_err.c \
+ comp/comp_lib.c \
+ conf/conf_api.c \
+ conf/conf_def.c \
+ conf/conf_err.c \
+ conf/conf_lib.c \
+ conf/conf_mall.c \
+ conf/conf_mod.c \
+ conf/conf_sap.c \
+ des/cbc_cksm.c \
+ des/cbc_enc.c \
+ des/cfb64ede.c \
+ des/cfb64enc.c \
+ des/cfb_enc.c \
+ des/des_enc.c \
+ des/des_old.c \
+ des/des_old2.c \
+ des/ecb3_enc.c \
+ des/ecb_enc.c \
+ des/ede_cbcm_enc.c \
+ des/enc_read.c \
+ des/enc_writ.c \
+ des/fcrypt.c \
+ des/fcrypt_b.c \
+ des/ofb64ede.c \
+ des/ofb64enc.c \
+ des/ofb_enc.c \
+ des/pcbc_enc.c \
+ des/qud_cksm.c \
+ des/rand_key.c \
+ des/read2pwd.c \
+ des/rpc_enc.c \
+ des/set_key.c \
+ des/str2key.c \
+ des/xcbc_enc.c \
+ dh/dh_ameth.c \
+ dh/dh_asn1.c \
+ dh/dh_check.c \
+ dh/dh_depr.c \
+ dh/dh_err.c \
+ dh/dh_gen.c \
+ dh/dh_key.c \
+ dh/dh_lib.c \
+ dh/dh_pmeth.c \
+ dsa/dsa_ameth.c \
+ dsa/dsa_asn1.c \
+ dsa/dsa_depr.c \
+ dsa/dsa_err.c \
+ dsa/dsa_gen.c \
+ dsa/dsa_key.c \
+ dsa/dsa_lib.c \
+ dsa/dsa_ossl.c \
+ dsa/dsa_pmeth.c \
+ dsa/dsa_prn.c \
+ dsa/dsa_sign.c \
+ dsa/dsa_vrf.c \
+ dso/dso_dl.c \
+ dso/dso_dlfcn.c \
+ dso/dso_err.c \
+ dso/dso_lib.c \
+ dso/dso_null.c \
+ dso/dso_openssl.c \
+ ec/ec2_mult.c \
+ ec/ec2_smpl.c \
+ ec/ec_ameth.c \
+ ec/ec_asn1.c \
+ ec/ec_check.c \
+ ec/ec_curve.c \
+ ec/ec_cvt.c \
+ ec/ec_err.c \
+ ec/ec_key.c \
+ ec/ec_lib.c \
+ ec/ec_mult.c \
+ ec/ec_pmeth.c \
+ ec/ec_print.c \
+ ec/eck_prn.c \
+ ec/ecp_mont.c \
+ ec/ecp_nist.c \
+ ec/ecp_smpl.c \
+ ecdh/ech_err.c \
+ ecdh/ech_key.c \
+ ecdh/ech_lib.c \
+ ecdh/ech_ossl.c \
+ ecdsa/ecs_asn1.c \
+ ecdsa/ecs_err.c \
+ ecdsa/ecs_lib.c \
+ ecdsa/ecs_ossl.c \
+ ecdsa/ecs_sign.c \
+ ecdsa/ecs_vrf.c \
+ err/err.c \
+ err/err_all.c \
+ err/err_prn.c \
+ evp/bio_b64.c \
+ evp/bio_enc.c \
+ evp/bio_md.c \
+ evp/bio_ok.c \
+ evp/c_all.c \
+ evp/c_allc.c \
+ evp/c_alld.c \
+ evp/digest.c \
+ evp/e_aes.c \
+ evp/e_bf.c \
+ evp/e_des.c \
+ evp/e_des3.c \
+ evp/e_null.c \
+ evp/e_old.c \
+ evp/e_rc2.c \
+ evp/e_rc4.c \
+ evp/e_rc5.c \
+ evp/e_xcbc_d.c \
+ evp/encode.c \
+ evp/evp_acnf.c \
+ evp/evp_enc.c \
+ evp/evp_err.c \
+ evp/evp_key.c \
+ evp/evp_lib.c \
+ evp/evp_pbe.c \
+ evp/evp_pkey.c \
+ evp/m_dss.c \
+ evp/m_dss1.c \
+ evp/m_ecdsa.c \
+ evp/m_md4.c \
+ evp/m_md5.c \
+ evp/m_mdc2.c \
+ evp/m_null.c \
+ evp/m_ripemd.c \
+ evp/m_sha1.c \
+ evp/m_sigver.c \
+ evp/m_wp.c \
+ evp/names.c \
+ evp/p5_crpt.c \
+ evp/p5_crpt2.c \
+ evp/p_dec.c \
+ evp/p_enc.c \
+ evp/p_lib.c \
+ evp/p_open.c \
+ evp/p_seal.c \
+ evp/p_sign.c \
+ evp/p_verify.c \
+ evp/pmeth_fn.c \
+ evp/pmeth_gn.c \
+ evp/pmeth_lib.c \
+ hmac/hm_ameth.c \
+ hmac/hm_pmeth.c \
+ hmac/hmac.c \
+ krb5/krb5_asn.c \
+ lhash/lh_stats.c \
+ lhash/lhash.c \
+ md4/md4_dgst.c \
+ md4/md4_one.c \
+ md5/md5_dgst.c \
+ md5/md5_one.c \
+ modes/cbc128.c \
+ modes/cfb128.c \
+ modes/ctr128.c \
+ modes/ofb128.c \
+ objects/o_names.c \
+ objects/obj_dat.c \
+ objects/obj_err.c \
+ objects/obj_lib.c \
+ objects/obj_xref.c \
+ ocsp/ocsp_asn.c \
+ ocsp/ocsp_cl.c \
+ ocsp/ocsp_err.c \
+ ocsp/ocsp_ext.c \
+ ocsp/ocsp_ht.c \
+ ocsp/ocsp_lib.c \
+ ocsp/ocsp_prn.c \
+ ocsp/ocsp_srv.c \
+ ocsp/ocsp_vfy.c \
+ pem/pem_all.c \
+ pem/pem_err.c \
+ pem/pem_info.c \
+ pem/pem_lib.c \
+ pem/pem_oth.c \
+ pem/pem_pk8.c \
+ pem/pem_pkey.c \
+ pem/pem_seal.c \
+ pem/pem_sign.c \
+ pem/pem_x509.c \
+ pem/pem_xaux.c \
+ pem/pvkfmt.c \
+ pkcs12/p12_add.c \
+ pkcs12/p12_asn.c \
+ pkcs12/p12_attr.c \
+ pkcs12/p12_crpt.c \
+ pkcs12/p12_crt.c \
+ pkcs12/p12_decr.c \
+ pkcs12/p12_init.c \
+ pkcs12/p12_key.c \
+ pkcs12/p12_kiss.c \
+ pkcs12/p12_mutl.c \
+ pkcs12/p12_npas.c \
+ pkcs12/p12_p8d.c \
+ pkcs12/p12_p8e.c \
+ pkcs12/p12_utl.c \
+ pkcs12/pk12err.c \
+ pkcs7/pk7_asn1.c \
+ pkcs7/pk7_attr.c \
+ pkcs7/pk7_doit.c \
+ pkcs7/pk7_lib.c \
+ pkcs7/pk7_mime.c \
+ pkcs7/pk7_smime.c \
+ pkcs7/pkcs7err.c \
+ rand/md_rand.c \
+ rand/rand_egd.c \
+ rand/rand_err.c \
+ rand/rand_lib.c \
+ rand/rand_unix.c \
+ rand/randfile.c \
+ rc2/rc2_cbc.c \
+ rc2/rc2_ecb.c \
+ rc2/rc2_skey.c \
+ rc2/rc2cfb64.c \
+ rc2/rc2ofb64.c \
+ rc4/rc4_enc.c \
+ rc4/rc4_skey.c \
+ ripemd/rmd_dgst.c \
+ ripemd/rmd_one.c \
+ rsa/rsa_ameth.c \
+ rsa/rsa_asn1.c \
+ rsa/rsa_chk.c \
+ rsa/rsa_eay.c \
+ rsa/rsa_err.c \
+ rsa/rsa_gen.c \
+ rsa/rsa_lib.c \
+ rsa/rsa_none.c \
+ rsa/rsa_null.c \
+ rsa/rsa_oaep.c \
+ rsa/rsa_pk1.c \
+ rsa/rsa_pmeth.c \
+ rsa/rsa_prn.c \
+ rsa/rsa_pss.c \
+ rsa/rsa_saos.c \
+ rsa/rsa_sign.c \
+ rsa/rsa_ssl.c \
+ rsa/rsa_x931.c \
+ sha/sha1_one.c \
+ sha/sha1dgst.c \
+ sha/sha256.c \
+ sha/sha512.c \
+ sha/sha_dgst.c \
+ stack/stack.c \
+ ts/ts_err.c \
+ txt_db/txt_db.c \
+ ui/ui_compat.c \
+ ui/ui_err.c \
+ ui/ui_lib.c \
+ ui/ui_openssl.c \
+ ui/ui_util.c \
+ x509/by_dir.c \
+ x509/by_file.c \
+ x509/x509_att.c \
+ x509/x509_cmp.c \
+ x509/x509_d2.c \
+ x509/x509_def.c \
+ x509/x509_err.c \
+ x509/x509_ext.c \
+ x509/x509_lu.c \
+ x509/x509_obj.c \
+ x509/x509_r2x.c \
+ x509/x509_req.c \
+ x509/x509_set.c \
+ x509/x509_trs.c \
+ x509/x509_txt.c \
+ x509/x509_v3.c \
+ x509/x509_vfy.c \
+ x509/x509_vpm.c \
+ x509/x509cset.c \
+ x509/x509name.c \
+ x509/x509rset.c \
+ x509/x509spki.c \
+ x509/x509type.c \
+ x509/x_all.c \
+ x509v3/pcy_cache.c \
+ x509v3/pcy_data.c \
+ x509v3/pcy_lib.c \
+ x509v3/pcy_map.c \
+ x509v3/pcy_node.c \
+ x509v3/pcy_tree.c \
+ x509v3/v3_akey.c \
+ x509v3/v3_akeya.c \
+ x509v3/v3_alt.c \
+ x509v3/v3_bcons.c \
+ x509v3/v3_bitst.c \
+ x509v3/v3_conf.c \
+ x509v3/v3_cpols.c \
+ x509v3/v3_crld.c \
+ x509v3/v3_enum.c \
+ x509v3/v3_extku.c \
+ x509v3/v3_genn.c \
+ x509v3/v3_ia5.c \
+ x509v3/v3_info.c \
+ x509v3/v3_int.c \
+ x509v3/v3_lib.c \
+ x509v3/v3_ncons.c \
+ x509v3/v3_ocsp.c \
+ x509v3/v3_pci.c \
+ x509v3/v3_pcia.c \
+ x509v3/v3_pcons.c \
+ x509v3/v3_pku.c \
+ x509v3/v3_pmaps.c \
+ x509v3/v3_prn.c \
+ x509v3/v3_purp.c \
+ x509v3/v3_skey.c \
+ x509v3/v3_sxnet.c \
+ x509v3/v3_utl.c \
+ x509v3/v3err.c
+
+local_c_includes := \
+ external/openssl \
+ external/openssl/crypto/asn1 \
+ external/openssl/crypto/evp \
+ external/openssl/include \
+ external/openssl/include/openssl \
+ external/zlib
+
+local_c_flags := -DNO_WINDOWS_BRAINDEATH
+
+#######################################
+# target static library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+
+ifneq ($(TARGET_ARCH),x86)
+LOCAL_NDK_VERSION := 5
+LOCAL_SDK_VERSION := 9
+endif
+
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_CFLAGS += $(local_c_flags)
+LOCAL_C_INCLUDES += $(local_c_includes)
+ifeq ($(TARGET_ARCH),arm)
+ LOCAL_SRC_FILES += $(arm_src_files)
+ LOCAL_CFLAGS += $(arm_cflags)
+else
+ LOCAL_SRC_FILES += $(non_arm_src_files)
+endif
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libcrypto_static
+include $(BUILD_STATIC_LIBRARY)
+
+#######################################
+# target shared library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+
+ifneq ($(TARGET_ARCH),x86)
+LOCAL_NDK_VERSION := 5
+LOCAL_SDK_VERSION := 9
+# Use the NDK prebuilt libz and libdl.
+LOCAL_LDFLAGS += -lz -ldl
+else
+LOCAL_SHARED_LIBRARIES += libz libdl
+endif
+
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_CFLAGS += $(local_c_flags)
+LOCAL_C_INCLUDES += $(local_c_includes)
+ifeq ($(TARGET_ARCH),arm)
+ LOCAL_SRC_FILES += $(arm_src_files)
+ LOCAL_CFLAGS += $(arm_cflags)
+else
+ LOCAL_SRC_FILES += $(non_arm_src_files)
+endif
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libcrypto
+include $(BUILD_SHARED_LIBRARY)
+
+#######################################
+# host shared library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_CFLAGS += $(local_c_flags) -DPURIFY
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SRC_FILES += $(non_arm_src_files)
+LOCAL_STATIC_LIBRARIES += libz
+LOCAL_LDLIBS += -ldl
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libcrypto
+include $(BUILD_HOST_SHARED_LIBRARY)
+
+########################################
+# host static library, which is used by some SDK tools.
+
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_CFLAGS += $(local_c_flags) -DPURIFY
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SRC_FILES += $(non_arm_src_files)
+LOCAL_STATIC_LIBRARIES += libz
+LOCAL_LDLIBS += -ldl
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libcrypto_static
+include $(BUILD_HOST_STATIC_LIBRARY)
diff --git a/openssl/patches/handshake_cutthrough.patch b/openssl/patches/handshake_cutthrough.patch
new file mode 100644
index 0000000..4f29839
--- /dev/null
+++ b/openssl/patches/handshake_cutthrough.patch
@@ -0,0 +1,275 @@
+diff -uarp openssl-1.0.0.orig/apps/s_client.c openssl-1.0.0/apps/s_client.c
+--- openssl-1.0.0.orig/apps/s_client.c 2009-12-16 15:28:28.000000000 -0500
++++ openssl-1.0.0/apps/s_client.c 2010-04-21 14:39:49.000000000 -0400
+@@ -248,6 +248,7 @@ static void sc_usage(void)
+ BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err," -status - request certificate status from server\n");
+ BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
++ BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n");
+ #endif
+ }
+
+@@ -304,6 +305,7 @@ int MAIN(int argc, char **argv)
+ EVP_PKEY *key = NULL;
+ char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
+ int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
++ int cutthrough=0;
+ int crlf=0;
+ int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
+ SSL_CTX *ctx=NULL;
+@@ -533,6 +535,8 @@ int MAIN(int argc, char **argv)
+ else if (strcmp(*argv,"-no_ticket") == 0)
+ { off|=SSL_OP_NO_TICKET; }
+ #endif
++ else if (strcmp(*argv,"-cutthrough") == 0)
++ cutthrough=1;
+ else if (strcmp(*argv,"-serverpref") == 0)
+ off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
+ else if (strcmp(*argv,"-cipher") == 0)
+@@ -714,6 +718,15 @@ bad:
+ */
+ if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
+
++ /* Enable handshake cutthrough for client connections using
++ * strong ciphers. */
++ if (cutthrough)
++ {
++ int ssl_mode = SSL_CTX_get_mode(ctx);
++ ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH;
++ SSL_CTX_set_mode(ctx, ssl_mode);
++ }
++
+ if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+ if (cipher != NULL)
+ if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+diff -uarp openssl-1.0.0.orig/ssl/s3_clnt.c openssl-1.0.0/ssl/s3_clnt.c
+--- openssl-1.0.0.orig/ssl/s3_clnt.c 2010-02-27 19:24:24.000000000 -0500
++++ openssl-1.0.0/ssl/s3_clnt.c 2010-04-21 14:39:49.000000000 -0400
+@@ -186,6 +186,18 @@ int ssl3_connect(SSL *s)
+
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
++#if 0 /* Send app data in separate packet, otherwise, some particular site
++ * (only one site so far) closes the socket.
++ * Note: there is a very small chance that two TCP packets
++ * could be arriving at server combined into a single TCP packet,
++ * then trigger that site to break. We haven't encounter that though.
++ */
++ if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
++ {
++ /* Send app data along with CCS/Finished */
++ s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED;
++ }
++#endif
+
+ for (;;)
+ {
+@@ -454,14 +468,31 @@ int ssl3_connect(SSL *s)
+ }
+ else
+ {
+-#ifndef OPENSSL_NO_TLSEXT
+- /* Allow NewSessionTicket if ticket expected */
+- if (s->tlsext_ticket_expected)
+- s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
++ if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128
++ && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
++ )
++ {
++ if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
++ {
++ s->state=SSL3_ST_CUTTHROUGH_COMPLETE;
++ s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
++ s->s3->delay_buf_pop_ret=0;
++ }
++ else
++ {
++ s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE;
++ }
++ }
+ else
++ {
++#ifndef OPENSSL_NO_TLSEXT
++ /* Allow NewSessionTicket if ticket expected */
++ if (s->tlsext_ticket_expected)
++ s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
++ else
+ #endif
+-
+- s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
++ s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
++ }
+ }
+ s->init_num=0;
+ break;
+@@ -512,6 +541,24 @@ int ssl3_connect(SSL *s)
+ s->state=s->s3->tmp.next_state;
+ break;
+
++ case SSL3_ST_CUTTHROUGH_COMPLETE:
++#ifndef OPENSSL_NO_TLSEXT
++ /* Allow NewSessionTicket if ticket expected */
++ if (s->tlsext_ticket_expected)
++ s->state=SSL3_ST_CR_SESSION_TICKET_A;
++ else
++#endif
++ s->state=SSL3_ST_CR_FINISHED_A;
++
++ /* SSL_write() will take care of flushing buffered data if
++ * DELAY_CLIENT_FINISHED is set.
++ */
++ if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED))
++ ssl_free_wbio_buffer(s);
++ ret = 1;
++ goto end;
++ /* break; */
++
+ case SSL_ST_OK:
+ /* clean a few things up */
+ ssl3_cleanup_key_block(s);
+diff -uarp openssl-1.0.0.orig/ssl/s3_lib.c openssl-1.0.0/ssl/s3_lib.c
+-- openssl-1.0.0.orig/ssl/s3_lib.c 2009-10-16 11:24:19.000000000 -0400
++++ openssl-1.0.0/ssl/s3_lib.c 2010-04-21 14:39:49.000000000 -0400
+@@ -2551,9 +2551,22 @@ int ssl3_write(SSL *s, const void *buf,
+
+ static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
+ {
+- int ret;
++ int n,ret;
+
+ clear_sys_error();
++ if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
++ {
++ /* Deal with an application that calls SSL_read() when handshake data
++ * is yet to be written.
++ */
++ if (BIO_wpending(s->wbio) > 0)
++ {
++ s->rwstate=SSL_WRITING;
++ n=BIO_flush(s->wbio);
++ if (n <= 0) return(n);
++ s->rwstate=SSL_NOTHING;
++ }
++ }
+ if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+ s->s3->in_read_app_data=1;
+ ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+diff -uarp openssl-1.0.0.orig/ssl/ssl.h openssl-1.0.0/ssl/ssl.h
+--- openssl-1.0.0.orig/ssl/ssl.h 2010-01-06 12:37:38.000000000 -0500
++++ openssl-1.0.0/ssl/ssl.h 2010-04-21 16:57:49.000000000 -0400
+@@ -605,6 +605,10 @@ typedef struct ssl_session_st
+ /* Use small read and write buffers: (a) lazy allocate read buffers for
+ * large incoming records, and (b) limit the size of outgoing records. */
+ #define SSL_MODE_SMALL_BUFFERS 0x00000020L
++/* When set, clients may send application data before receipt of CCS
++ * and Finished. This mode enables full-handshakes to 'complete' in
++ * one RTT. */
++#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000040L
+
+ /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+ * they cannot be used to clear bits. */
+@@ -1097,10 +1101,12 @@ extern "C" {
+ /* Is the SSL_connection established? */
+ #define SSL_get_state(a) SSL_state(a)
+ #define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
+-#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
++#define SSL_in_init(a) ((SSL_state(a)&SSL_ST_INIT) && \
++ !SSL_cutthrough_complete(a))
+ #define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
+ #define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
+ #define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
++int SSL_cutthrough_complete(const SSL *s);
+
+ /* The following 2 states are kept in ssl->rstate when reads fail,
+ * you should not need these */
+Only in openssl-1.0.0/ssl: ssl.h.orig
+diff -uarp openssl-1.0.0.orig/ssl/ssl3.h openssl-1.0.0/ssl/ssl3.h
+-- openssl-1.0.0.orig/ssl/ssl3.h 2010-01-06 12:37:38.000000000 -0500
++++ openssl-1.0.0/ssl/ssl3.h 2010-04-21 14:39:49.000000000 -0400
+@@ -456,6 +456,7 @@ typedef struct ssl3_state_st
+ /*client */
+ /* extra state */
+ #define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
++#define SSL3_ST_CUTTHROUGH_COMPLETE (0x101|SSL_ST_CONNECT)
+ /* write to server */
+ #define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
+ #define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
+diff -uarp openssl-1.0.0.orig/ssl/ssl_lib.c openssl-1.0.0/ssl/ssl_lib.c
+--- openssl-1.0.0.orig/ssl/ssl_lib.c 2010-02-17 14:43:46.000000000 -0500
++++ openssl-1.0.0/ssl/ssl_lib.c 2010-04-21 17:02:45.000000000 -0400
+@@ -3031,6 +3031,19 @@ void SSL_set_msg_callback(SSL *ssl, void
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+ }
+
++int SSL_cutthrough_complete(const SSL *s)
++ {
++ return (!s->server && /* cutthrough only applies to clients */
++ !s->hit && /* full-handshake */
++ s->version >= SSL3_VERSION &&
++ s->s3->in_read_app_data == 0 && /* cutthrough only applies to write() */
++ (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && /* cutthrough enabled */
++ SSL_get_cipher_bits(s, NULL) >= 128 && /* strong cipher choosen */
++ s->s3->previous_server_finished_len == 0 && /* not a renegotiation handshake */
++ (s->state == SSL3_ST_CR_SESSION_TICKET_A || /* ready to write app-data*/
++ s->state == SSL3_ST_CR_FINISHED_A));
++ }
++
+ /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
+ * vairable, freeing EVP_MD_CTX previously stored in that variable, if
+ * any. If EVP_MD pointer is passed, initializes ctx with this md
+diff -uarp openssl-1.0.0.orig/ssl/ssltest.c openssl-1.0.0/ssl/ssltest.c
+--- openssl-1.0.0.orig/ssl/ssltest.c 2010-01-24 11:57:38.000000000 -0500
++++ openssl-1.0.0/ssl/ssltest.c 2010-04-21 17:06:35.000000000 -0400
+@@ -279,6 +279,7 @@ static void sv_usage(void)
+ fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
+ fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n");
+ fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n");
++ fprintf(stderr," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n");
+ }
+
+ static void print_details(SSL *c_ssl, const char *prefix)
+@@ -436,6 +437,7 @@ int main(int argc, char *argv[])
+ int ssl_mode = 0;
+ int c_small_records=0;
+ int s_small_records=0;
++ int cutthrough = 0;
+
+ verbose = 0;
+ debug = 0;
+@@ -632,6 +634,10 @@ int main(int argc, char *argv[])
+ {
+ s_small_records = 1;
+ }
++ else if (strcmp(*argv, "-cutthrough") == 0)
++ {
++ cutthrough = 1;
++ }
+ else
+ {
+ fprintf(stderr,"unknown option %s\n",*argv);
+@@ -782,6 +788,13 @@ bad:
+ ssl_mode |= SSL_MODE_SMALL_BUFFERS;
+ SSL_CTX_set_mode(s_ctx, ssl_mode);
+ }
++ ssl_mode = 0;
++ if (cutthrough)
++ {
++ ssl_mode = SSL_CTX_get_mode(c_ctx);
++ ssl_mode = SSL_MODE_HANDSHAKE_CUTTHROUGH;
++ SSL_CTX_set_mode(c_ctx, ssl_mode);
++ }
+
+ #ifndef OPENSSL_NO_DH
+ if (!no_dhe)
+diff -uarp openssl-1.0.0.orig/test/testssl openssl-1.0.0/test/testssl
+--- openssl-1.0.0.orig/test/testssl 2006-03-10 18:06:27.000000000 -0500
++++ openssl-1.0.0/test/testssl 2010-04-21 16:50:13.000000000 -0400
+@@ -79,6 +79,8 @@ $ssltest -server_auth -client_auth -s_sm
+ echo test sslv2/sslv3 with both client and server authentication and small client and server buffers
+ $ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1
+
++echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
++$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1
+
+ echo test sslv2 via BIO pair
+ $ssltest -bio_pair -ssl2 $extra || exit 1
diff --git a/openssl/patches/jsse.patch b/openssl/patches/jsse.patch
new file mode 100644
index 0000000..249fb5b
--- /dev/null
+++ b/openssl/patches/jsse.patch
@@ -0,0 +1,426 @@
+--- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-30 00:03:46.000000000 +0000
++++ openssl-1.0.0b/ssl/ssl.h 2010-11-30 00:03:47.000000000 +0000
+@@ -1133,6 +1133,9 @@ struct ssl_st
+ /* This can also be in the session once a session is established */
+ SSL_SESSION *session;
+
++ /* This can be disabled to prevent the use of uncached sessions */
++ int session_creation_enabled;
++
+ /* Default generate session ID callback. */
+ GEN_SESSION_CB generate_session_id;
+
+@@ -1546,6 +1549,7 @@ const SSL_CIPHER *SSL_get_current_cipher
+ int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
+ char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
+ const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
++const char * SSL_CIPHER_authentication_method(const SSL_CIPHER *c);
+
+ int SSL_get_fd(const SSL *s);
+ int SSL_get_rfd(const SSL *s);
+@@ -1554,6 +1558,7 @@ const char * SSL_get_cipher_list(const
+ char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
+ int SSL_get_read_ahead(const SSL * s);
+ int SSL_pending(const SSL *s);
++const char * SSL_authentication_method(const SSL *c);
+ #ifndef OPENSSL_NO_SOCK
+ int SSL_set_fd(SSL *s, int fd);
+ int SSL_set_rfd(SSL *s, int fd);
+@@ -1565,6 +1570,7 @@ BIO * SSL_get_rbio(const SSL *s);
+ BIO * SSL_get_wbio(const SSL *s);
+ #endif
+ int SSL_set_cipher_list(SSL *s, const char *str);
++int SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
+ void SSL_set_read_ahead(SSL *s, int yes);
+ int SSL_get_verify_mode(const SSL *s);
+ int SSL_get_verify_depth(const SSL *s);
+@@ -1580,6 +1586,8 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKE
+ int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
+ int SSL_use_certificate(SSL *ssl, X509 *x);
+ int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
++int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain);
++STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x);
+
+ #ifndef OPENSSL_NO_STDIO
+ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+@@ -1615,6 +1623,7 @@ void SSL_copy_session_id(SSL *to,const S
+ SSL_SESSION *SSL_SESSION_new(void);
+ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+ unsigned int *len);
++const char * SSL_SESSION_get_version(const SSL_SESSION *s);
+ #ifndef OPENSSL_NO_FP_API
+ int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
+ #endif
+@@ -1624,6 +1633,7 @@ int SSL_SESSION_print(BIO *fp,const SSL_
+ void SSL_SESSION_free(SSL_SESSION *ses);
+ int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+ int SSL_set_session(SSL *to, SSL_SESSION *session);
++void SSL_set_session_creation_enabled(SSL *, int);
+ int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+ int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+ int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
+@@ -2066,6 +2076,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
+ #define SSL_F_SSL_USE_CERTIFICATE 198
+ #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
++#define SSL_F_SSL_USE_CERTIFICATE_CHAIN 2000
+ #define SSL_F_SSL_USE_CERTIFICATE_FILE 200
+ #define SSL_F_SSL_USE_PRIVATEKEY 201
+ #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
+@@ -2272,6 +2283,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345
+ #define SSL_R_SERVERHELLO_TLSEXT 275
+ #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
++#define SSL_R_SESSION_MAY_NOT_BE_CREATED 2000
+ #define SSL_R_SHORT_READ 219
+ #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
+ #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+--- openssl-1.0.0b.orig/ssl/d1_clnt.c 2010-01-26 19:46:29.000000000 +0000
++++ openssl-1.0.0b/ssl/d1_clnt.c 2010-11-30 00:03:47.000000000 +0000
+@@ -613,6 +613,12 @@ int dtls1_client_hello(SSL *s)
+ #endif
+ (s->session->not_resumable))
+ {
++ if (!s->session_creation_enabled)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
++ SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
++ goto err;
++ }
+ if (!ssl_get_new_session(s,0))
+ goto err;
+ }
+--- openssl-1.0.0b.orig/ssl/s23_clnt.c 2010-02-16 14:20:40.000000000 +0000
++++ openssl-1.0.0b/ssl/s23_clnt.c 2010-11-30 00:03:47.000000000 +0000
+@@ -687,6 +687,13 @@ static int ssl23_get_server_hello(SSL *s
+
+ /* Since, if we are sending a ssl23 client hello, we are not
+ * reusing a session-id */
++ if (!s->session_creation_enabled)
++ {
++ if (!(s->client_version == SSL2_VERSION))
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
++ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
++ goto err;
++ }
+ if (!ssl_get_new_session(s,0))
+ goto err;
+
+--- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-30 00:03:46.000000000 +0000
++++ openssl-1.0.0b/ssl/s3_both.c 2010-11-30 00:03:47.000000000 +0000
+@@ -347,8 +347,11 @@ unsigned long ssl3_output_cert_chain(SSL
+ unsigned long l=7;
+ BUF_MEM *buf;
+ int no_chain;
++ STACK_OF(X509) *cert_chain;
+
+- if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
++ cert_chain = SSL_get_certificate_chain(s, x);
++
++ if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_chain)
+ no_chain = 1;
+ else
+ no_chain = 0;
+@@ -400,6 +403,10 @@ unsigned long ssl3_output_cert_chain(SSL
+ return(0);
+ }
+
++ for (i=0; i<sk_X509_num(cert_chain); i++)
++ if (ssl3_add_cert_to_buf(buf, &l, sk_X509_value(cert_chain,i)))
++ return(0);
++
+ l-=7;
+ p=(unsigned char *)&(buf->data[4]);
+ l2n3(l,p);
+--- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-30 00:03:46.000000000 +0000
++++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-30 00:03:47.000000000 +0000
+@@ -686,6 +686,12 @@ int ssl3_client_hello(SSL *s)
+ #endif
+ (sess->not_resumable))
+ {
++ if (!s->session_creation_enabled)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
++ SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
++ goto err;
++ }
+ if (!ssl_get_new_session(s,0))
+ goto err;
+ }
+@@ -894,6 +900,12 @@ int ssl3_get_server_hello(SSL *s)
+ s->hit=0;
+ if (s->session->session_id_length > 0)
+ {
++ if (!s->session_creation_enabled)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
++ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
++ goto err;
++ }
+ if (!ssl_get_new_session(s,0))
+ {
+ al=SSL_AD_INTERNAL_ERROR;
+--- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-30 00:03:46.000000000 +0000
++++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-30 00:03:47.000000000 +0000
+@@ -902,6 +902,12 @@ int ssl3_get_client_hello(SSL *s)
+ */
+ if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
+ {
++ if (!s->session_creation_enabled)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
++ goto err;
++ }
+ if (!ssl_get_new_session(s,1))
+ goto err;
+ }
+@@ -916,6 +922,12 @@ int ssl3_get_client_hello(SSL *s)
+ goto err;
+ else /* i == 0 */
+ {
++ if (!s->session_creation_enabled)
++ {
++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
++ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
++ goto err;
++ }
+ if (!ssl_get_new_session(s,1))
+ goto err;
+ }
+--- openssl-1.0.0b.orig/ssl/ssl_ciph.c 2010-06-15 17:25:14.000000000 +0000
++++ openssl-1.0.0b/ssl/ssl_ciph.c 2010-11-30 00:03:47.000000000 +0000
+@@ -1652,6 +1652,52 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER
+ return(ret);
+ }
+
++/* return string version of key exchange algorithm */
++const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
++ {
++ switch (cipher->algorithm_mkey)
++ {
++ case SSL_kRSA:
++ return SSL_TXT_RSA;
++ case SSL_kDHr:
++ return SSL_TXT_DH "_" SSL_TXT_RSA;
++ case SSL_kDHd:
++ return SSL_TXT_DH "_" SSL_TXT_DSS;
++ case SSL_kEDH:
++ switch (cipher->algorithm_auth)
++ {
++ case SSL_aDSS:
++ return "DHE_" SSL_TXT_DSS;
++ case SSL_aRSA:
++ return "DHE_" SSL_TXT_RSA;
++ case SSL_aNULL:
++ return SSL_TXT_DH "_anon";
++ default:
++ return "UNKNOWN";
++ }
++ case SSL_kKRB5:
++ return SSL_TXT_KRB5;
++ case SSL_kECDHr:
++ return SSL_TXT_ECDH "_" SSL_TXT_RSA;
++ case SSL_kECDHe:
++ return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
++ case SSL_kEECDH:
++ switch (cipher->algorithm_auth)
++ {
++ case SSL_aECDSA:
++ return "ECDHE_" SSL_TXT_ECDSA;
++ case SSL_aRSA:
++ return "ECDHE_" SSL_TXT_RSA;
++ case SSL_aNULL:
++ return SSL_TXT_ECDH "_anon";
++ default:
++ return "UNKNOWN";
++ }
++ default:
++ return "UNKNOWN";
++ }
++ }
++
+ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+ {
+ SSL_COMP *ctmp;
+--- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-30 00:03:46.000000000 +0000
++++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-30 00:03:47.000000000 +0000
+@@ -465,6 +465,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
+ {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
+ {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
+ {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
++{ERR_REASON(SSL_R_SESSION_MAY_NOT_BE_CREATED),"session may not be created"},
+ {ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
+ {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
+ {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
+--- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-30 00:03:46.000000000 +0000
++++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-30 00:03:47.000000000 +0000
+@@ -326,6 +326,7 @@ SSL *SSL_new(SSL_CTX *ctx)
+ OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+ memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
+ s->verify_callback=ctx->default_verify_callback;
++ s->session_creation_enabled=1;
+ s->generate_session_id=ctx->generate_session_id;
+
+ s->param = X509_VERIFY_PARAM_new();
+@@ -1311,6 +1312,32 @@ int SSL_set_cipher_list(SSL *s,const cha
+ return 1;
+ }
+
++/** specify the ciphers to be used by the SSL */
++int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
++ {
++ STACK_OF(SSL_CIPHER) *tmp_cipher_list;
++
++ if (sk == NULL)
++ return 0;
++
++ /* Based on end of ssl_create_cipher_list */
++ tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
++ if (tmp_cipher_list == NULL)
++ {
++ return 0;
++ }
++ if (s->cipher_list != NULL)
++ sk_SSL_CIPHER_free(s->cipher_list);
++ s->cipher_list = sk;
++ if (s->cipher_list_by_id != NULL)
++ sk_SSL_CIPHER_free(s->cipher_list_by_id);
++ s->cipher_list_by_id = tmp_cipher_list;
++ (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
++
++ sk_SSL_CIPHER_sort(s->cipher_list_by_id);
++ return 1;
++ }
++
+ /* works well for SSLv2, not so good for SSLv3 */
+ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
+ {
+@@ -2551,18 +2578,45 @@ SSL_METHOD *ssl_bad_method(int ver)
+ return(NULL);
+ }
+
+-const char *SSL_get_version(const SSL *s)
++static const char *ssl_get_version(int version)
+ {
+- if (s->version == TLS1_VERSION)
++ if (version == TLS1_VERSION)
+ return("TLSv1");
+- else if (s->version == SSL3_VERSION)
++ else if (version == SSL3_VERSION)
+ return("SSLv3");
+- else if (s->version == SSL2_VERSION)
++ else if (version == SSL2_VERSION)
+ return("SSLv2");
+ else
+ return("unknown");
+ }
+
++const char *SSL_get_version(const SSL *s)
++ {
++ return ssl_get_version(s->version);
++ }
++
++const char *SSL_SESSION_get_version(const SSL_SESSION *s)
++ {
++ return ssl_get_version(s->ssl_version);
++ }
++
++const char* SSL_authentication_method(const SSL* ssl)
++ {
++ if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL)
++ return SSL_TXT_RSA "_" SSL_TXT_EXPORT;
++ switch (ssl->version)
++ {
++ case SSL2_VERSION:
++ return SSL_TXT_RSA;
++ case SSL3_VERSION:
++ case TLS1_VERSION:
++ case DTLS1_VERSION:
++ return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
++ default:
++ return "UNKNOWN";
++ }
++ }
++
+ SSL *SSL_dup(SSL *s)
+ {
+ STACK_OF(X509_NAME) *sk;
+--- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-30 00:03:46.000000000 +0000
++++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-30 00:03:47.000000000 +0000
+@@ -456,6 +456,7 @@
+ typedef struct cert_pkey_st
+ {
+ X509 *x509;
++ STACK_OF(X509) *cert_chain;
+ EVP_PKEY *privatekey;
+ } CERT_PKEY;
+
+--- openssl-1.0.0b.orig/ssl/ssl_rsa.c 2009-09-12 23:09:26.000000000 +0000
++++ openssl-1.0.0b/ssl/ssl_rsa.c 2010-11-30 00:03:47.000000000 +0000
+@@ -697,6 +697,42 @@ int SSL_CTX_use_PrivateKey_ASN1(int type
+ }
+
+
++int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain)
++ {
++ if (ssl == NULL)
++ {
++ SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,ERR_R_PASSED_NULL_PARAMETER);
++ return(0);
++ }
++ if (ssl->cert == NULL)
++ {
++ SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
++ return(0);
++ }
++ if (ssl->cert->key == NULL)
++ {
++ SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
++ return(0);
++ }
++ ssl->cert->key->cert_chain = cert_chain;
++ return(1);
++ }
++
++STACK_OF(X509) *SSL_get_certificate_chain(SSL *ssl, X509 *x)
++ {
++ int i;
++ if (x == NULL)
++ return NULL;
++ if (ssl == NULL)
++ return NULL;
++ if (ssl->cert == NULL)
++ return NULL;
++ for (i = 0; i < SSL_PKEY_NUM; i++)
++ if (ssl->cert->pkeys[i].x509 == x)
++ return ssl->cert->pkeys[i].cert_chain;
++ return NULL;
++ }
++
+ #ifndef OPENSSL_NO_STDIO
+ /* Read a file that contains our certificate in "PEM" format,
+ * possibly followed by a sequence of CA certificates that should be
+--- openssl-1.0.0b.orig/ssl/ssl_sess.c 2010-02-01 16:49:42.000000000 +0000
++++ openssl-1.0.0b/ssl/ssl_sess.c 2010-11-30 00:03:47.000000000 +0000
+@@ -261,6 +261,11 @@ static int def_generate_session_id(const
+ return 0;
+ }
+
++void SSL_set_session_creation_enabled (SSL *s, int creation_enabled)
++ {
++ s->session_creation_enabled = creation_enabled;
++ }
++
+ int ssl_get_new_session(SSL *s, int session)
+ {
+ /* This gets used by clients and servers. */
+@@ -269,6 +274,8 @@ int ssl_get_new_session(SSL *s, int sess
+ SSL_SESSION *ss=NULL;
+ GEN_SESSION_CB cb = def_generate_session_id;
+
++ /* caller should check this if they can do better error handling */
++ if (!s->session_creation_enabled) return(0);
+ if ((ss=SSL_SESSION_new()) == NULL) return(0);
+
+ /* If the context has a default timeout, use it */
diff --git a/openssl/patches/npn.patch b/openssl/patches/npn.patch
new file mode 100644
index 0000000..46b7a7d
--- /dev/null
+++ b/openssl/patches/npn.patch
@@ -0,0 +1,1293 @@
+--- openssl-1.0.0b.orig/apps/apps.c 2010-11-11 14:42:19.000000000 +0000
++++ openssl-1.0.0b/apps/apps.c 2010-11-29 19:56:04.902465346 +0000
+@@ -3012,3 +3012,46 @@ int raw_write_stdout(const void *buf,int
+ int raw_write_stdout(const void *buf,int siz)
+ { return write(fileno(stdout),buf,siz); }
+ #endif
++
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++/* next_protos_parse parses a comma separated list of strings into a string
++ * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
++ * outlen: (output) set to the length of the resulting buffer on success.
++ * in: a NUL termianted string like "abc,def,ghi"
++ *
++ * returns: a malloced buffer or NULL on failure.
++ */
++unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
++ {
++ size_t len;
++ unsigned char *out;
++ size_t i, start = 0;
++
++ len = strlen(in);
++ if (len >= 65535)
++ return NULL;
++
++ out = OPENSSL_malloc(strlen(in) + 1);
++ if (!out)
++ return NULL;
++
++ for (i = 0; i <= len; ++i)
++ {
++ if (i == len || in[i] == ',')
++ {
++ if (i - start > 255)
++ {
++ OPENSSL_free(out);
++ return NULL;
++ }
++ out[start] = i - start;
++ start = i + 1;
++ }
++ else
++ out[i+1] = in[i];
++ }
++
++ *outlen = len + 1;
++ return out;
++ }
++#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+--- openssl-1.0.0b.orig/apps/apps.h 2009-10-31 13:34:19.000000000 +0000
++++ openssl-1.0.0b/apps/apps.h 2010-11-29 19:56:04.902465346 +0000
+@@ -358,3 +358,7 @@ int raw_write_stdout(const void *,int);
+ #define TM_STOP 1
+ double app_tminterval (int stop,int usertime);
+ #endif
++
++#ifndef OPENSSL_NO_NEXTPROTONEG
++unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
++#endif
+--- openssl-1.0.0b.orig/apps/s_client.c 2010-11-29 19:56:04.832465351 +0000
++++ openssl-1.0.0b/apps/s_client.c 2010-11-29 19:56:04.902465346 +0000
+@@ -342,6 +342,9 @@ static void sc_usage(void)
+ BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err," -status - request certificate status from server\n");
+ BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
++# endif
+ BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n");
+ #endif
+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+@@ -367,6 +370,40 @@ static int MS_CALLBACK ssl_servername_cb
+
+ return SSL_TLSEXT_ERR_OK;
+ }
++
++# ifndef OPENSSL_NO_NEXTPROTONEG
++/* This the context that we pass to next_proto_cb */
++typedef struct tlsextnextprotoctx_st {
++ unsigned char *data;
++ unsigned short len;
++ int status;
++} tlsextnextprotoctx;
++
++static tlsextnextprotoctx next_proto;
++
++static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
++ {
++ tlsextnextprotoctx *ctx = arg;
++
++ if (!c_quiet)
++ {
++ /* We can assume that |in| is syntactically valid. */
++ unsigned i;
++ BIO_printf(bio_c_out, "Protocols advertised by server: ");
++ for (i = 0; i < inlen; )
++ {
++ if (i)
++ BIO_write(bio_c_out, ", ", 2);
++ BIO_write(bio_c_out, &in[i + 1], in[i]);
++ i += in[i] + 1;
++ }
++ BIO_write(bio_c_out, "\n", 1);
++ }
++
++ ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
++ return SSL_TLSEXT_ERR_OK;
++ }
++# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
+ #endif
+
+ enum
+@@ -431,6 +468,9 @@ int MAIN(int argc, char **argv)
+ char *servername = NULL;
+ tlsextctx tlsextcbp =
+ {NULL,0};
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ const char *next_proto_neg_in = NULL;
++# endif
+ #endif
+ char *sess_in = NULL;
+ char *sess_out = NULL;
+@@ -658,6 +698,13 @@ int MAIN(int argc, char **argv)
+ #ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv,"-no_ticket") == 0)
+ { off|=SSL_OP_NO_TICKET; }
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ else if (strcmp(*argv,"-nextprotoneg") == 0)
++ {
++ if (--argc < 1) goto bad;
++ next_proto_neg_in = *(++argv);
++ }
++# endif
+ #endif
+ else if (strcmp(*argv,"-cutthrough") == 0)
+ cutthrough=1;
+@@ -766,6 +813,21 @@ bad:
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
+
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ next_proto.status = -1;
++ if (next_proto_neg_in)
++ {
++ next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
++ if (next_proto.data == NULL)
++ {
++ BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
++ goto end;
++ }
++ }
++ else
++ next_proto.data = NULL;
++#endif
++
+ #ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine_id, 1);
+ if (ssl_client_engine_id)
+@@ -896,6 +958,11 @@ bad:
+ SSL_CTX_set_mode(ctx, ssl_mode);
+ }
+
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ if (next_proto.data)
++ SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
++#endif
++
+ if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
+ if (cipher != NULL)
+ if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+@@ -1755,6 +1822,18 @@ static void print_stuff(BIO *bio, SSL *s
+ BIO_printf(bio,"Expansion: %s\n",
+ expansion ? SSL_COMP_get_name(expansion) : "NONE");
+ #endif
++
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ if (next_proto.status != -1) {
++ const unsigned char *proto;
++ unsigned int proto_len;
++ SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
++ BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
++ BIO_write(bio, proto, proto_len);
++ BIO_write(bio, "\n", 1);
++ }
++#endif
++
+ SSL_SESSION_print(bio,SSL_get_session(s));
+ BIO_printf(bio,"---\n");
+ if (peer != NULL)
+--- openssl-1.0.0b.orig/apps/s_server.c 2010-06-15 17:25:02.000000000 +0000
++++ openssl-1.0.0b/apps/s_server.c 2010-11-29 19:56:04.902465346 +0000
+@@ -492,6 +492,9 @@ static void sv_usage(void)
+ BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
++# endif
+ #endif
+ }
+
+@@ -826,6 +829,24 @@ BIO_printf(err, "cert_status: received %
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ goto done;
+ }
++
++# ifndef OPENSSL_NO_NEXTPROTONEG
++/* This is the context that we pass to next_proto_cb */
++typedef struct tlsextnextprotoctx_st {
++ unsigned char *data;
++ unsigned int len;
++} tlsextnextprotoctx;
++
++static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
++ {
++ tlsextnextprotoctx *next_proto = arg;
++
++ *data = next_proto->data;
++ *len = next_proto->len;
++
++ return SSL_TLSEXT_ERR_OK;
++ }
++# endif /* ndef OPENSSL_NO_NPN */
+ #endif
+
+ int MAIN(int, char **);
+@@ -867,6 +888,10 @@ int MAIN(int argc, char *argv[])
+ #endif
+ #ifndef OPENSSL_NO_TLSEXT
+ tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ const char *next_proto_neg_in = NULL;
++ tlsextnextprotoctx next_proto;
++# endif
+ #endif
+ #ifndef OPENSSL_NO_PSK
+ /* by default do not send a PSK identity hint */
+@@ -1191,7 +1216,13 @@ int MAIN(int argc, char *argv[])
+ if (--argc < 1) goto bad;
+ s_key_file2= *(++argv);
+ }
+-
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ else if (strcmp(*argv,"-nextprotoneg") == 0)
++ {
++ if (--argc < 1) goto bad;
++ next_proto_neg_in = *(++argv);
++ }
++# endif
+ #endif
+ #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
+ else if (strcmp(*argv,"-jpake") == 0)
+@@ -1476,6 +1507,11 @@ bad:
+ if (vpm)
+ SSL_CTX_set1_param(ctx2, vpm);
+ }
++
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ if (next_proto.data)
++ SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
++# endif
+ #endif
+
+ #ifndef OPENSSL_NO_DH
+@@ -1617,6 +1653,21 @@ bad:
+ goto end;
+ }
+ }
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ if (next_proto_neg_in)
++ {
++ unsigned short len;
++ next_proto.data = next_protos_parse(&len,
++ next_proto_neg_in);
++ if (next_proto.data == NULL)
++ goto end;
++ next_proto.len = len;
++ }
++ else
++ {
++ next_proto.data = NULL;
++ }
++# endif
+ #endif
+ RSA_free(rsa);
+ BIO_printf(bio_s_out,"\n");
+@@ -2159,6 +2210,10 @@ static int init_ssl_connection(SSL *con)
+ X509 *peer;
+ long verify_error;
+ MS_STATIC char buf[BUFSIZ];
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ const unsigned char *next_proto_neg;
++ unsigned next_proto_neg_len;
++#endif
+
+ if ((i=SSL_accept(con)) <= 0)
+ {
+@@ -2198,6 +2253,15 @@ static int init_ssl_connection(SSL *con)
+ BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
+ str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+ BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
++ if (next_proto_neg)
++ {
++ BIO_printf(bio_s_out,"NEXTPROTO is ");
++ BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
++ BIO_printf(bio_s_out, "\n");
++ }
++#endif
+ if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
+ if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
+ TLS1_FLAGS_TLS_PADDING_BUG)
+--- openssl-1.0.0b.orig/include/openssl/ssl.h 2010-11-29 19:56:04.846517045 +0000
++++ openssl-1.0.0b/include/openssl/ssl.h 2010-11-29 19:56:04.965928855 +0000
+@@ -857,6 +857,25 @@ struct ssl_ctx_st
+ /* draft-rescorla-tls-opaque-prf-input-00.txt information */
+ int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
+ void *tlsext_opaque_prf_input_callback_arg;
++
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ /* Next protocol negotiation information */
++ /* (for experimental NPN extension). */
++
++ /* For a server, this contains a callback function by which the set of
++ * advertised protocols can be provided. */
++ int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
++ unsigned int *len, void *arg);
++ void *next_protos_advertised_cb_arg;
++ /* For a client, this contains a callback function that selects the
++ * next protocol from the list provided by the server. */
++ int (*next_proto_select_cb)(SSL *s, unsigned char **out,
++ unsigned char *outlen,
++ const unsigned char *in,
++ unsigned int inlen,
++ void *arg);
++ void *next_proto_select_cb_arg;
++# endif
+ #endif
+
+ #ifndef OPENSSL_NO_PSK
+@@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C
+ #endif
+ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
+ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
++#ifndef OPENSSL_NO_NEXTPROTONEG
++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
++ int (*cb) (SSL *ssl,
++ const unsigned char **out,
++ unsigned int *outlen,
++ void *arg), void *arg);
++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
++ int (*cb) (SSL *ssl, unsigned char **out,
++ unsigned char *outlen,
++ const unsigned char *in,
++ unsigned int inlen, void *arg),
++ void *arg);
++
++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
++ const unsigned char *in, unsigned int inlen,
++ const unsigned char *client, unsigned int client_len);
++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
++ unsigned *len);
++
++#define OPENSSL_NPN_UNSUPPORTED 0
++#define OPENSSL_NPN_NEGOTIATED 1
++#define OPENSSL_NPN_NO_OVERLAP 2
++
++#endif
+
+ #ifndef OPENSSL_NO_PSK
+ /* the maximum length of the buffer given to callbacks containing the
+@@ -1187,6 +1230,19 @@ struct ssl_st
+ void *tls_session_secret_cb_arg;
+
+ SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
++
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ /* Next protocol negotiation. For the client, this is the protocol that
++ * we sent in NextProtocol and is set when handling ServerHello
++ * extensions.
++ *
++ * For a server, this is the client's selected_protocol from
++ * NextProtocol and is set when handling the NextProtocol message,
++ * before the Finished message. */
++ unsigned char *next_proto_negotiated;
++ unsigned char next_proto_negotiated_len;
++#endif
++
+ #define session_ctx initial_ctx
+ #else
+ #define session_ctx ctx
+@@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL3_GET_KEY_EXCHANGE 141
+ #define SSL_F_SSL3_GET_MESSAGE 142
+ #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
++#define SSL_F_SSL3_GET_NEXT_PROTO 304
+ #define SSL_F_SSL3_GET_RECORD 143
+ #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
+ #define SSL_F_SSL3_GET_SERVER_DONE 145
+@@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void);
+ #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
+ #define SSL_R_EXTRA_DATA_IN_MESSAGE 153
+ #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
++#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346
++#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347
+ #define SSL_R_HTTPS_PROXY_REQUEST 155
+ #define SSL_R_HTTP_REQUEST 156
+ #define SSL_R_ILLEGAL_PADDING 283
+--- openssl-1.0.0b.orig/include/openssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000
++++ openssl-1.0.0b/include/openssl/ssl3.h 2010-11-29 19:56:04.965928855 +0000
+@@ -465,6 +465,12 @@ typedef struct ssl3_state_st
+ void *server_opaque_prf_input;
+ size_t server_opaque_prf_input_len;
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ /* Set if we saw the Next Protocol Negotiation extension from
++ our peer. */
++ int next_proto_neg_seen;
++#endif
++
+ struct {
+ /* actually only needs to be 16+20 */
+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+@@ -557,6 +563,10 @@ typedef struct ssl3_state_st
+ #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
+ #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
+ #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
++#ifndef OPENSSL_NO_NEXTPROTONEG
++#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
++#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
++#endif
+ #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
+ #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
+ /* read from server */
+@@ -602,6 +612,10 @@ typedef struct ssl3_state_st
+ #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
+ #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
+ #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
++#ifndef OPENSSL_NO_NEXTPROTONEG
++#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
++#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
++#endif
+ #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
+ #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
+ /* write to client */
+@@ -626,6 +640,9 @@ typedef struct ssl3_state_st
+ #define SSL3_MT_CLIENT_KEY_EXCHANGE 16
+ #define SSL3_MT_FINISHED 20
+ #define SSL3_MT_CERTIFICATE_STATUS 22
++#ifndef OPENSSL_NO_NEXTPROTONEG
++#define SSL3_MT_NEXT_PROTO 67
++#endif
+ #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
+
+
+--- openssl-1.0.0b.orig/include/openssl/tls1.h 2009-11-11 14:51:29.000000000 +0000
++++ openssl-1.0.0b/include/openssl/tls1.h 2010-11-29 19:56:04.965928855 +0000
+@@ -204,6 +204,11 @@ extern "C" {
+ /* Temporary extension type */
+ #define TLSEXT_TYPE_renegotiate 0xff01
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
++/* This is not an IANA defined extension number */
++#define TLSEXT_TYPE_next_proto_neg 13172
++#endif
++
+ /* NameType value from RFC 3546 */
+ #define TLSEXT_NAMETYPE_host_name 0
+ /* status request value from RFC 3546 */
+--- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-29 19:56:04.846517045 +0000
++++ openssl-1.0.0b/ssl/s3_both.c 2010-11-29 19:56:04.965928855 +0000
+@@ -202,15 +202,40 @@ int ssl3_send_finished(SSL *s, int a, in
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+ }
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
++/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
++static void ssl3_take_mac(SSL *s)
++ {
++ const char *sender;
++ int slen;
++
++ if (s->state & SSL_ST_CONNECT)
++ {
++ sender=s->method->ssl3_enc->server_finished_label;
++ slen=s->method->ssl3_enc->server_finished_label_len;
++ }
++ else
++ {
++ sender=s->method->ssl3_enc->client_finished_label;
++ slen=s->method->ssl3_enc->client_finished_label_len;
++ }
++
++ s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
++ sender,slen,s->s3->tmp.peer_finish_md);
++ }
++#endif
++
+ int ssl3_get_finished(SSL *s, int a, int b)
+ {
+ int al,i,ok;
+ long n;
+ unsigned char *p;
+
++#ifdef OPENSSL_NO_NEXTPROTONEG
+ /* the mac has already been generated when we received the
+ * change cipher spec message and is in s->s3->tmp.peer_finish_md
+ */
++#endif
+
+ n=s->method->ssl_get_message(s,
+ a,
+@@ -521,6 +546,15 @@ long ssl3_get_message(SSL *s, int st1, i
+ s->init_num += i;
+ n -= i;
+ }
++
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ /* If receiving Finished, record MAC of prior handshake messages for
++ * Finished verification. */
++ if (*s->init_buf->data == SSL3_MT_FINISHED)
++ ssl3_take_mac(s);
++#endif
++
++ /* Feed this message into MAC computation. */
+ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
+--- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-29 19:56:04.846517045 +0000
++++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-29 19:56:04.965928855 +0000
+@@ -435,7 +435,16 @@ int ssl3_connect(SSL *s)
+ ret=ssl3_send_change_cipher_spec(s,
+ SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
+ if (ret <= 0) goto end;
++
++#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+ s->state=SSL3_ST_CW_FINISHED_A;
++#else
++ if (s->next_proto_negotiated)
++ s->state=SSL3_ST_CW_NEXT_PROTO_A;
++ else
++ s->state=SSL3_ST_CW_FINISHED_A;
++#endif
++
+ s->init_num=0;
+
+ s->session->cipher=s->s3->tmp.new_cipher;
+@@ -463,6 +472,15 @@ int ssl3_connect(SSL *s)
+
+ break;
+
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ case SSL3_ST_CW_NEXT_PROTO_A:
++ case SSL3_ST_CW_NEXT_PROTO_B:
++ ret=ssl3_send_next_proto(s);
++ if (ret <= 0) goto end;
++ s->state=SSL3_ST_CW_FINISHED_A;
++ break;
++#endif
++
+ case SSL3_ST_CW_FINISHED_A:
+ case SSL3_ST_CW_FINISHED_B:
+ ret=ssl3_send_finished(s,
+@@ -3060,6 +3078,32 @@ err:
+ */
+
+ #ifndef OPENSSL_NO_TLSEXT
++# ifndef OPENSSL_NO_NEXTPROTONEG
++int ssl3_send_next_proto(SSL *s)
++ {
++ unsigned int len, padding_len;
++ unsigned char *d;
++
++ if (s->state == SSL3_ST_CW_NEXT_PROTO_A)
++ {
++ len = s->next_proto_negotiated_len;
++ padding_len = 32 - ((len + 2) % 32);
++ d = (unsigned char *)s->init_buf->data;
++ d[4] = len;
++ memcpy(d + 5, s->next_proto_negotiated, len);
++ d[5 + len] = padding_len;
++ memset(d + 6 + len, 0, padding_len);
++ *(d++)=SSL3_MT_NEXT_PROTO;
++ l2n3(2 + len + padding_len, d);
++ s->state = SSL3_ST_CW_NEXT_PROTO_B;
++ s->init_num = 4 + 2 + len + padding_len;
++ s->init_off = 0;
++ }
++
++ return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
++ }
++# endif
++
+ int ssl3_check_finished(SSL *s)
+ {
+ int ok;
+--- openssl-1.0.0b.orig/ssl/s3_lib.c 2010-11-29 19:56:04.832465351 +0000
++++ openssl-1.0.0b/ssl/s3_lib.c 2010-11-29 19:56:04.965928855 +0000
+@@ -2230,6 +2230,15 @@ void ssl3_clear(SSL *s)
+ s->s3->num_renegotiations=0;
+ s->s3->in_read_app_data=0;
+ s->version=SSL3_VERSION;
++
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ if (s->next_proto_negotiated)
++ {
++ OPENSSL_free(s->next_proto_negotiated);
++ s->next_proto_negotiated = NULL;
++ s->next_proto_negotiated_len = 0;
++ }
++#endif
+ }
+
+ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+--- openssl-1.0.0b.orig/ssl/s3_pkt.c 2010-11-29 19:56:04.832465351 +0000
++++ openssl-1.0.0b/ssl/s3_pkt.c 2010-11-29 19:56:04.965928855 +0000
+@@ -1394,8 +1394,10 @@ err:
+ int ssl3_do_change_cipher_spec(SSL *s)
+ {
+ int i;
++#ifdef OPENSSL_NO_NEXTPROTONEG
+ const char *sender;
+ int slen;
++#endif
+
+ if (s->state & SSL_ST_ACCEPT)
+ i=SSL3_CHANGE_CIPHER_SERVER_READ;
+@@ -1418,6 +1420,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+ if (!s->method->ssl3_enc->change_cipher_state(s,i))
+ return(0);
+
++#ifdef OPENSSL_NO_NEXTPROTONEG
+ /* we have to record the message digest at
+ * this point so we can get it before we read
+ * the finished message */
+@@ -1434,6 +1437,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
+
+ s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+ sender,slen,s->s3->tmp.peer_finish_md);
++#endif
+
+ return(1);
+ }
+--- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-29 19:56:04.846517045 +0000
++++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-29 19:56:04.965928855 +0000
+@@ -538,7 +538,14 @@ int ssl3_accept(SSL *s)
+ * the client uses its key from the certificate
+ * for key exchange.
+ */
++#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+ s->state=SSL3_ST_SR_FINISHED_A;
++#else
++ if (s->s3->next_proto_neg_seen)
++ s->state=SSL3_ST_SR_NEXT_PROTO_A;
++ else
++ s->state=SSL3_ST_SR_FINISHED_A;
++#endif
+ s->init_num = 0;
+ }
+ else
+@@ -581,10 +588,27 @@ int ssl3_accept(SSL *s)
+ ret=ssl3_get_cert_verify(s);
+ if (ret <= 0) goto end;
+
++#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+ s->state=SSL3_ST_SR_FINISHED_A;
++#else
++ if (s->s3->next_proto_neg_seen)
++ s->state=SSL3_ST_SR_NEXT_PROTO_A;
++ else
++ s->state=SSL3_ST_SR_FINISHED_A;
++#endif
+ s->init_num=0;
+ break;
+
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ case SSL3_ST_SR_NEXT_PROTO_A:
++ case SSL3_ST_SR_NEXT_PROTO_B:
++ ret=ssl3_get_next_proto(s);
++ if (ret <= 0) goto end;
++ s->init_num = 0;
++ s->state=SSL3_ST_SR_FINISHED_A;
++ break;
++#endif
++
+ case SSL3_ST_SR_FINISHED_A:
+ case SSL3_ST_SR_FINISHED_B:
+ ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
+@@ -655,7 +679,16 @@ int ssl3_accept(SSL *s)
+ if (ret <= 0) goto end;
+ s->state=SSL3_ST_SW_FLUSH;
+ if (s->hit)
++ {
++#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
+ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
++#else
++ if (s->s3->next_proto_neg_seen)
++ s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
++ else
++ s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
++#endif
++ }
+ else
+ s->s3->tmp.next_state=SSL_ST_OK;
+ s->init_num=0;
+@@ -3196,4 +3229,72 @@ int ssl3_send_cert_status(SSL *s)
+ /* SSL3_ST_SW_CERT_STATUS_B */
+ return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
+ }
++
++# ifndef OPENSSL_NO_NPN
++/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
++ * sets the next_proto member in s if found */
++int ssl3_get_next_proto(SSL *s)
++ {
++ int ok;
++ unsigned proto_len, padding_len;
++ long n;
++ const unsigned char *p;
++
++ /* Clients cannot send a NextProtocol message if we didn't see the
++ * extension in their ClientHello */
++ if (!s->s3->next_proto_neg_seen)
++ {
++ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
++ return -1;
++ }
++
++ n=s->method->ssl_get_message(s,
++ SSL3_ST_SR_NEXT_PROTO_A,
++ SSL3_ST_SR_NEXT_PROTO_B,
++ SSL3_MT_NEXT_PROTO,
++ 514, /* See the payload format below */
++ &ok);
++
++ if (!ok)
++ return((int)n);
++
++ /* s->state doesn't reflect whether ChangeCipherSpec has been received
++ * in this handshake, but s->s3->change_cipher_spec does (will be reset
++ * by ssl3_get_finished). */
++ if (!s->s3->change_cipher_spec)
++ {
++ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
++ return -1;
++ }
++
++ if (n < 2)
++ return 0; /* The body must be > 1 bytes long */
++
++ p=(unsigned char *)s->init_msg;
++
++ /* The payload looks like:
++ * uint8 proto_len;
++ * uint8 proto[proto_len];
++ * uint8 padding_len;
++ * uint8 padding[padding_len];
++ */
++ proto_len = p[0];
++ if (proto_len + 2 > s->init_num)
++ return 0;
++ padding_len = p[proto_len + 1];
++ if (proto_len + padding_len + 2 != s->init_num)
++ return 0;
++
++ s->next_proto_negotiated = OPENSSL_malloc(proto_len);
++ if (!s->next_proto_negotiated)
++ {
++ SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE);
++ return 0;
++ }
++ memcpy(s->next_proto_negotiated, p + 1, proto_len);
++ s->next_proto_negotiated_len = proto_len;
++
++ return 1;
++ }
++# endif
+ #endif
+--- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-29 19:56:04.846517045 +0000
++++ openssl-1.0.0b/ssl/ssl.h 2010-11-29 19:56:04.965928855 +0000
+@@ -857,6 +857,25 @@ struct ssl_ctx_st
+ /* draft-rescorla-tls-opaque-prf-input-00.txt information */
+ int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
+ void *tlsext_opaque_prf_input_callback_arg;
++
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ /* Next protocol negotiation information */
++ /* (for experimental NPN extension). */
++
++ /* For a server, this contains a callback function by which the set of
++ * advertised protocols can be provided. */
++ int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
++ unsigned int *len, void *arg);
++ void *next_protos_advertised_cb_arg;
++ /* For a client, this contains a callback function that selects the
++ * next protocol from the list provided by the server. */
++ int (*next_proto_select_cb)(SSL *s, unsigned char **out,
++ unsigned char *outlen,
++ const unsigned char *in,
++ unsigned int inlen,
++ void *arg);
++ void *next_proto_select_cb_arg;
++# endif
+ #endif
+
+ #ifndef OPENSSL_NO_PSK
+@@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C
+ #endif
+ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
+ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
++#ifndef OPENSSL_NO_NEXTPROTONEG
++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
++ int (*cb) (SSL *ssl,
++ const unsigned char **out,
++ unsigned int *outlen,
++ void *arg), void *arg);
++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
++ int (*cb) (SSL *ssl, unsigned char **out,
++ unsigned char *outlen,
++ const unsigned char *in,
++ unsigned int inlen, void *arg),
++ void *arg);
++
++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
++ const unsigned char *in, unsigned int inlen,
++ const unsigned char *client, unsigned int client_len);
++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
++ unsigned *len);
++
++#define OPENSSL_NPN_UNSUPPORTED 0
++#define OPENSSL_NPN_NEGOTIATED 1
++#define OPENSSL_NPN_NO_OVERLAP 2
++
++#endif
+
+ #ifndef OPENSSL_NO_PSK
+ /* the maximum length of the buffer given to callbacks containing the
+@@ -1187,6 +1230,19 @@ struct ssl_st
+ void *tls_session_secret_cb_arg;
+
+ SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
++
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ /* Next protocol negotiation. For the client, this is the protocol that
++ * we sent in NextProtocol and is set when handling ServerHello
++ * extensions.
++ *
++ * For a server, this is the client's selected_protocol from
++ * NextProtocol and is set when handling the NextProtocol message,
++ * before the Finished message. */
++ unsigned char *next_proto_negotiated;
++ unsigned char next_proto_negotiated_len;
++#endif
++
+ #define session_ctx initial_ctx
+ #else
+ #define session_ctx ctx
+@@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void);
+ #define SSL_F_SSL3_GET_KEY_EXCHANGE 141
+ #define SSL_F_SSL3_GET_MESSAGE 142
+ #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
++#define SSL_F_SSL3_GET_NEXT_PROTO 304
+ #define SSL_F_SSL3_GET_RECORD 143
+ #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
+ #define SSL_F_SSL3_GET_SERVER_DONE 145
+@@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void);
+ #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
+ #define SSL_R_EXTRA_DATA_IN_MESSAGE 153
+ #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
++#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346
++#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347
+ #define SSL_R_HTTPS_PROXY_REQUEST 155
+ #define SSL_R_HTTP_REQUEST 156
+ #define SSL_R_ILLEGAL_PADDING 283
+--- openssl-1.0.0b.orig/ssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000
++++ openssl-1.0.0b/ssl/ssl3.h 2010-11-29 19:56:04.965928855 +0000
+@@ -465,6 +465,12 @@ typedef struct ssl3_state_st
+ void *server_opaque_prf_input;
+ size_t server_opaque_prf_input_len;
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ /* Set if we saw the Next Protocol Negotiation extension from
++ our peer. */
++ int next_proto_neg_seen;
++#endif
++
+ struct {
+ /* actually only needs to be 16+20 */
+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+@@ -557,6 +563,10 @@ typedef struct ssl3_state_st
+ #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
+ #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
+ #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
++#ifndef OPENSSL_NO_NEXTPROTONEG
++#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
++#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
++#endif
+ #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
+ #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
+ /* read from server */
+@@ -602,6 +612,10 @@ typedef struct ssl3_state_st
+ #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
+ #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
+ #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
++#ifndef OPENSSL_NO_NEXTPROTONEG
++#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
++#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
++#endif
+ #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
+ #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
+ /* write to client */
+@@ -626,6 +640,9 @@ typedef struct ssl3_state_st
+ #define SSL3_MT_CLIENT_KEY_EXCHANGE 16
+ #define SSL3_MT_FINISHED 20
+ #define SSL3_MT_CERTIFICATE_STATUS 22
++#ifndef OPENSSL_NO_NEXTPROTONEG
++#define SSL3_MT_NEXT_PROTO 67
++#endif
+ #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
+
+
+--- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-29 19:56:04.846517045 +0000
++++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-29 19:56:04.965928855 +0000
+@@ -155,6 +155,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
+ {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
++{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},
+ {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
+ {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
+@@ -355,6 +356,8 @@ static ERR_STRING_DATA SSL_str_reasons[]
+ {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
+ {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
+ {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
++{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},
++{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"},
+ {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
+ {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
+ {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
+--- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-29 19:56:04.846517045 +0000
++++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-29 19:56:04.965928855 +0000
+@@ -354,6 +354,9 @@ SSL *SSL_new(SSL_CTX *ctx)
+ s->tlsext_ocsp_resplen = -1;
+ CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+ s->initial_ctx=ctx;
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ s->next_proto_negotiated = NULL;
++# endif
+ #endif
+
+ s->verify_result=X509_V_OK;
+@@ -587,6 +590,11 @@ void SSL_free(SSL *s)
+ kssl_ctx_free(s->kssl_ctx);
+ #endif /* OPENSSL_NO_KRB5 */
+
++#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
++ if (s->next_proto_negotiated)
++ OPENSSL_free(s->next_proto_negotiated);
++#endif
++
+ OPENSSL_free(s);
+ }
+
+@@ -1503,6 +1511,124 @@ int SSL_get_servername_type(const SSL *s
+ return TLSEXT_NAMETYPE_host_name;
+ return -1;
+ }
++
++# ifndef OPENSSL_NO_NEXTPROTONEG
++/* SSL_select_next_proto implements the standard protocol selection. It is
++ * expected that this function is called from the callback set by
++ * SSL_CTX_set_next_proto_select_cb.
++ *
++ * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
++ * strings. The length byte itself is not included in the length. A byte
++ * string of length 0 is invalid. No byte string may be truncated.
++ *
++ * The current, but experimental algorithm for selecting the protocol is:
++ *
++ * 1) If the server doesn't support NPN then this is indicated to the
++ * callback. In this case, the client application has to abort the connection
++ * or have a default application level protocol.
++ *
++ * 2) If the server supports NPN, but advertises an empty list then the
++ * client selects the first protcol in its list, but indicates via the
++ * API that this fallback case was enacted.
++ *
++ * 3) Otherwise, the client finds the first protocol in the server's list
++ * that it supports and selects this protocol. This is because it's
++ * assumed that the server has better information about which protocol
++ * a client should use.
++ *
++ * 4) If the client doesn't support any of the server's advertised
++ * protocols, then this is treated the same as case 2.
++ *
++ * It returns either
++ * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
++ * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
++ */
++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
++ {
++ unsigned int i, j;
++ const unsigned char *result;
++ int status = OPENSSL_NPN_UNSUPPORTED;
++
++ /* For each protocol in server preference order, see if we support it. */
++ for (i = 0; i < server_len; )
++ {
++ for (j = 0; j < client_len; )
++ {
++ if (server[i] == client[j] &&
++ memcmp(&server[i+1], &client[j+1], server[i]) == 0)
++ {
++ /* We found a match */
++ result = &server[i];
++ status = OPENSSL_NPN_NEGOTIATED;
++ goto found;
++ }
++ j += client[j];
++ j++;
++ }
++ i += server[i];
++ i++;
++ }
++
++ /* There's no overlap between our protocols and the server's list. */
++ result = client;
++ status = OPENSSL_NPN_NO_OVERLAP;
++
++ found:
++ *out = (unsigned char *) result + 1;
++ *outlen = result[0];
++ return status;
++ }
++
++/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
++ * requested protocol for this connection and returns 0. If the client didn't
++ * request any protocol, then *data is set to NULL.
++ *
++ * Note that the client can request any protocol it chooses. The value returned
++ * from this function need not be a member of the list of supported protocols
++ * provided by the callback.
++ */
++void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
++ {
++ *data = s->next_proto_negotiated;
++ if (!*data) {
++ *len = 0;
++ } else {
++ *len = s->next_proto_negotiated_len;
++ }
++}
++
++/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
++ * TLS server needs a list of supported protocols for Next Protocol
++ * Negotiation. The returned list must be in wire format. The list is returned
++ * by setting |out| to point to it and |outlen| to its length. This memory will
++ * not be modified, but one should assume that the SSL* keeps a reference to
++ * it.
++ *
++ * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
++ * such extension will be included in the ServerHello. */
++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
++ {
++ ctx->next_protos_advertised_cb = cb;
++ ctx->next_protos_advertised_cb_arg = arg;
++ }
++
++/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
++ * client needs to select a protocol from the server's provided list. |out|
++ * must be set to point to the selected protocol (which may be within |in|).
++ * The length of the protocol name must be written into |outlen|. The server's
++ * advertised protocols are provided in |in| and |inlen|. The callback can
++ * assume that |in| is syntactically valid.
++ *
++ * The client must select a protocol. It is fatal to the connection if this
++ * callback returns a value other than SSL_TLSEXT_ERR_OK.
++ */
++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
++ {
++ ctx->next_proto_select_cb = cb;
++ ctx->next_proto_select_cb_arg = arg;
++ }
++
++# endif
+ #endif
+
+ static unsigned long ssl_session_hash(const SSL_SESSION *a)
+@@ -1667,6 +1793,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
+ ret->tlsext_status_cb = 0;
+ ret->tlsext_status_arg = NULL;
+
++# ifndef OPENSSL_NO_NEXTPROTONEG
++ ret->next_protos_advertised_cb = 0;
++ ret->next_proto_select_cb = 0;
++# endif
+ #endif
+ #ifndef OPENSSL_NO_PSK
+ ret->psk_identity_hint=NULL;
+--- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-29 19:56:04.846517045 +0000
++++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-29 19:56:04.965928855 +0000
+@@ -968,6 +968,9 @@ int ssl3_get_server_certificate(SSL *s);
+ int ssl3_check_cert_and_algorithm(SSL *s);
+ #ifndef OPENSSL_NO_TLSEXT
+ int ssl3_check_finished(SSL *s);
++# ifndef OPENSSL_NO_NEXTPROTONEG
++int ssl3_send_next_proto(SSL *s);
++# endif
+ #endif
+
+ int dtls1_client_hello(SSL *s);
+@@ -986,6 +989,9 @@ int ssl3_check_client_hello(SSL *s);
+ int ssl3_get_client_certificate(SSL *s);
+ int ssl3_get_client_key_exchange(SSL *s);
+ int ssl3_get_cert_verify(SSL *s);
++#ifndef OPENSSL_NO_NEXTPROTONEG
++int ssl3_get_next_proto(SSL *s);
++#endif
+
+ int dtls1_send_hello_request(SSL *s);
+ int dtls1_send_server_hello(SSL *s);
+--- openssl-1.0.0b.orig/ssl/t1_lib.c 2010-11-16 13:26:24.000000000 +0000
++++ openssl-1.0.0b/ssl/t1_lib.c 2010-11-29 19:56:04.965928855 +0000
+@@ -494,6 +494,18 @@ unsigned char *ssl_add_clienthello_tlsex
+ i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
+ }
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
++ {
++ /* The client advertises an emtpy extension to indicate its
++ * support for Next Protocol Negotiation */
++ if (limit - ret - 4 < 0)
++ return NULL;
++ s2n(TLSEXT_TYPE_next_proto_neg,ret);
++ s2n(0,ret);
++ }
++#endif
++
+ if ((extdatalen = ret-p-2)== 0)
+ return p;
+
+@@ -505,6 +517,9 @@ unsigned char *ssl_add_serverhello_tlsex
+ {
+ int extdatalen=0;
+ unsigned char *ret = p;
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ int next_proto_neg_seen;
++#endif
+
+ /* don't add extensions for SSLv3, unless doing secure renegotiation */
+ if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
+@@ -618,6 +633,28 @@ unsigned char *ssl_add_serverhello_tlsex
+
+ }
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ next_proto_neg_seen = s->s3->next_proto_neg_seen;
++ s->s3->next_proto_neg_seen = 0;
++ if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb)
++ {
++ const unsigned char *npa;
++ unsigned int npalen;
++ int r;
++
++ r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg);
++ if (r == SSL_TLSEXT_ERR_OK)
++ {
++ if ((long)(limit - ret - 4 - npalen) < 0) return NULL;
++ s2n(TLSEXT_TYPE_next_proto_neg,ret);
++ s2n(npalen,ret);
++ memcpy(ret, npa, npalen);
++ ret += npalen;
++ s->s3->next_proto_neg_seen = 1;
++ }
++ }
++#endif
++
+ if ((extdatalen = ret-p-2)== 0)
+ return p;
+
+@@ -982,6 +1019,28 @@ int ssl_parse_clienthello_tlsext(SSL *s,
+ else
+ s->tlsext_status_type = -1;
+ }
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ else if (type == TLSEXT_TYPE_next_proto_neg &&
++ s->s3->tmp.finish_md_len == 0)
++ {
++ /* We shouldn't accept this extension on a
++ * renegotiation.
++ *
++ * s->new_session will be set on renegotiation, but we
++ * probably shouldn't rely that it couldn't be set on
++ * the initial renegotation too in certain cases (when
++ * there's some other reason to disallow resuming an
++ * earlier session -- the current code won't be doing
++ * anything like that, but this might change).
++
++ * A valid sign that there's been a previous handshake
++ * in this connection is if s->s3->tmp.finish_md_len >
++ * 0. (We are talking about a check that will happen
++ * in the Hello protocol round, well before a new
++ * Finished message could have been computed.) */
++ s->s3->next_proto_neg_seen = 1;
++ }
++#endif
+
+ /* session ticket processed earlier */
+ data+=size;
+@@ -1005,6 +1064,26 @@ int ssl_parse_clienthello_tlsext(SSL *s,
+ return 1;
+ }
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
++/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
++ * elements of zero length are allowed and the set of elements must exactly fill
++ * the length of the block. */
++static int ssl_next_proto_validate(unsigned char *d, unsigned len)
++ {
++ unsigned int off = 0;
++
++ while (off < len)
++ {
++ if (d[off] == 0)
++ return 0;
++ off += d[off];
++ off++;
++ }
++
++ return off == len;
++ }
++#endif
++
+ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
+ {
+ unsigned short length;
+@@ -1139,6 +1218,39 @@ int ssl_parse_serverhello_tlsext(SSL *s,
+ /* Set flag to expect CertificateStatus message */
+ s->tlsext_status_expected = 1;
+ }
++#ifndef OPENSSL_NO_NEXTPROTONEG
++ else if (type == TLSEXT_TYPE_next_proto_neg)
++ {
++ unsigned char *selected;
++ unsigned char selected_len;
++
++ /* We must have requested it. */
++ if ((s->ctx->next_proto_select_cb == NULL))
++ {
++ *al = TLS1_AD_UNSUPPORTED_EXTENSION;
++ return 0;
++ }
++ /* The data must be valid */
++ if (!ssl_next_proto_validate(data, size))
++ {
++ *al = TLS1_AD_DECODE_ERROR;
++ return 0;
++ }
++ if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK)
++ {
++ *al = TLS1_AD_INTERNAL_ERROR;
++ return 0;
++ }
++ s->next_proto_negotiated = OPENSSL_malloc(selected_len);
++ if (!s->next_proto_negotiated)
++ {
++ *al = TLS1_AD_INTERNAL_ERROR;
++ return 0;
++ }
++ memcpy(s->next_proto_negotiated, selected, selected_len);
++ s->next_proto_negotiated_len = selected_len;
++ }
++#endif
+ else if (type == TLSEXT_TYPE_renegotiate)
+ {
+ if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
+--- openssl-1.0.0b.orig/ssl/tls1.h 2009-11-11 14:51:29.000000000 +0000
++++ openssl-1.0.0b/ssl/tls1.h 2010-11-29 19:56:04.965928855 +0000
+@@ -204,6 +204,11 @@ extern "C" {
+ /* Temporary extension type */
+ #define TLSEXT_TYPE_renegotiate 0xff01
+
++#ifndef OPENSSL_NO_NEXTPROTONEG
++/* This is not an IANA defined extension number */
++#define TLSEXT_TYPE_next_proto_neg 13172
++#endif
++
+ /* NameType value from RFC 3546 */
+ #define TLSEXT_NAMETYPE_host_name 0
+ /* status request value from RFC 3546 */
diff --git a/openssl/patches/progs.patch b/openssl/patches/progs.patch
new file mode 100644
index 0000000..16fd9b0
--- /dev/null
+++ b/openssl/patches/progs.patch
@@ -0,0 +1,54 @@
+--- openssl-1.0.0.orig/apps/openssl.c 2009-10-04 09:43:21.000000000 -0700
++++ openssl-1.0.0/apps/openssl.c 2010-05-18 14:05:14.000000000 -0700
+@@ -275,8 +275,10 @@ int main(int Argc, char *Argv[])
+ if (ERR_GET_REASON(ERR_peek_last_error())
+ == CONF_R_NO_SUCH_FILE)
+ {
++#if 0 /* ANDROID */
+ BIO_printf(bio_err,
+ "WARNING: can't open config file: %s\n",p);
++#endif
+ ERR_clear_error();
+ NCONF_free(config);
+ config = NULL;
+--- openssl-1.0.0.orig/apps/progs.h 2009-06-30 08:08:38.000000000 -0700
++++ openssl-1.0.0/apps/progs.h 2010-05-18 14:05:38.000000000 -0700
+@@ -146,7 +152,9 @@ FUNCTION functions[] = {
+ {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+ #endif
+ {FUNC_TYPE_GENERAL,"prime",prime_main},
++#if 0 /* ANDROID */
+ {FUNC_TYPE_GENERAL,"ts",ts_main},
++#endif
+ #ifndef OPENSSL_NO_MD2
+ {FUNC_TYPE_MD,"md2",dgst_main},
+ #endif
+--- openssl-1.0.0.orig/apps/speed.c 2010-03-03 11:56:17.000000000 -0800
++++ openssl-1.0.0/apps/speed.c 2010-05-18 14:05:57.000000000 -0700
+@@ -1718,6 +1718,7 @@ int MAIN(int argc, char **argv)
+ }
+ }
+
++#if 0 /* ANDROID */
+ if (doit[D_IGE_128_AES])
+ {
+ for (j=0; j<SIZE_NUM; j++)
+@@ -1763,6 +1764,7 @@ int MAIN(int argc, char **argv)
+
+
+ #endif
++#endif
+ #ifndef OPENSSL_NO_CAMELLIA
+ if (doit[D_CBC_128_CML])
+ {
+--- openssl-1.0.0.orig/crypto/ui/ui_openssl.c 2009-10-04 09:43:21.000000000 -0700
++++ openssl-1.0.0/crypto/ui/ui_openssl.c 2010-05-18 13:36:26.000000000 -0700
+@@ -184,7 +184,7 @@
+ # undef SGTTY
+ #endif
+
+-#if defined(linux) && !defined(TERMIO)
++#if defined(linux) && !defined(TERMIO) && !defined(__ANDROID__)
+ # undef TERMIOS
+ # define TERMIO
+ # undef SGTTY
diff --git a/openssl/patches/sha1_armv4_large.patch b/openssl/patches/sha1_armv4_large.patch
new file mode 100644
index 0000000..359ff94
--- /dev/null
+++ b/openssl/patches/sha1_armv4_large.patch
@@ -0,0 +1,21 @@
+diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl
+index 6e65fe3..79e3f61 100644
+--- a/crypto/sha/asm/sha1-armv4-large.pl
++++ b/crypto/sha/asm/sha1-armv4-large.pl
+@@ -161,6 +161,7 @@ for($i=0;$i<5;$i++) {
+ $code.=<<___;
+ teq $Xi,sp
+ bne .L_00_15 @ [((11+4)*5+2)*3]
++ sub sp,sp,#5*4
+ ___
+ &BODY_00_15(@V); unshift(@V,pop(@V));
+ &BODY_16_19(@V); unshift(@V,pop(@V));
+@@ -170,7 +171,7 @@ ___
+ $code.=<<___;
+
+ ldr $K,.LK_20_39 @ [+15+16*4]
+- sub sp,sp,#25*4
++ sub sp,sp,#20*4
+ cmn sp,#0 @ [+3], clear carry to denote 20_39
+ .L_20_39_or_60_79:
+ ___
diff --git a/openssl/patches/small_records.patch b/openssl/patches/small_records.patch
new file mode 100644
index 0000000..a2ea51c
--- /dev/null
+++ b/openssl/patches/small_records.patch
@@ -0,0 +1,337 @@
+--- openssl-1.0.0a.orig/ssl/d1_pkt.c 2010-04-14 00:09:55.000000000 +0000
++++ openssl-1.0.0a/ssl/d1_pkt.c 2010-08-25 21:12:39.000000000 +0000
+@@ -608,6 +608,24 @@ again:
+ goto again;
+ }
+
++ /* If we receive a valid record larger than the current buffer size,
++ * allocate some memory for it.
++ */
++ if (rr->length > s->s3->rbuf.len - DTLS1_RT_HEADER_LENGTH)
++ {
++ unsigned char *pp;
++ unsigned int newlen = rr->length + DTLS1_RT_HEADER_LENGTH;
++ if ((pp=OPENSSL_realloc(s->s3->rbuf.buf, newlen))==NULL)
++ {
++ SSLerr(SSL_F_DTLS1_GET_RECORD,ERR_R_MALLOC_FAILURE);
++ return(-1);
++ }
++ p = pp + (p - s->s3->rbuf.buf);
++ s->s3->rbuf.buf=pp;
++ s->s3->rbuf.len=newlen;
++ s->packet= &(s->s3->rbuf.buf[0]);
++ }
++
+ /* now s->rstate == SSL_ST_READ_BODY */
+ }
+
+@@ -1342,6 +1360,7 @@ int do_dtls1_write(SSL *s, int type, con
+ SSL3_BUFFER *wb;
+ SSL_SESSION *sess;
+ int bs;
++ unsigned int len_with_overhead = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD;
+
+ /* first check if there is a SSL3_BUFFER still being written
+ * out. This will happen with non blocking IO */
+@@ -1351,6 +1370,16 @@ int do_dtls1_write(SSL *s, int type, con
+ return(ssl3_write_pending(s,type,buf,len));
+ }
+
++ if (s->s3->wbuf.len < len_with_overhead)
++ {
++ if ((p=OPENSSL_realloc(s->s3->wbuf.buf, len_with_overhead)) == NULL) {
++ SSLerr(SSL_F_DO_DTLS1_WRITE,ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ s->s3->wbuf.buf = p;
++ s->s3->wbuf.len = len_with_overhead;
++ }
++
+ /* If we have an alert to send, lets send it */
+ if (s->s3->alert_dispatch)
+ {
+--- openssl-1.0.0a.orig/ssl/s23_srvr.c 2010-02-16 14:20:40.000000000 +0000
++++ openssl-1.0.0a/ssl/s23_srvr.c 2010-08-25 21:12:39.000000000 +0000
+@@ -403,8 +403,13 @@ int ssl23_get_client_hello(SSL *s)
+ v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
+ v[1] = p[4];
+
++/* The SSL2 protocol allows n to be larger, just pick
++ * a reasonable buffer size. */
++#if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD
++#error "SSL3_RT_DEFAULT_PACKET_SIZE is too small."
++#endif
+ n=((p[0]&0x7f)<<8)|p[1];
+- if (n > (1024*4))
++ if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2)
+ {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
+ goto err;
+--- openssl-1.0.0a.orig/ssl/s3_both.c 2010-03-24 23:16:49.000000000 +0000
++++ openssl-1.0.0a/ssl/s3_both.c 2010-08-25 21:12:39.000000000 +0000
+@@ -715,13 +722,20 @@ int ssl3_setup_read_buffer(SSL *s)
+
+ if (s->s3->rbuf.buf == NULL)
+ {
+- len = SSL3_RT_MAX_PLAIN_LENGTH
+- + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
+- + headerlen + align;
+- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
++ if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS)
+ {
+- s->s3->init_extra = 1;
+- len += SSL3_RT_MAX_EXTRA;
++ len = SSL3_RT_DEFAULT_PACKET_SIZE;
++ }
++ else
++ {
++ len = SSL3_RT_MAX_PLAIN_LENGTH
++ + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
++ + headerlen + align;
++ if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
++ {
++ s->s3->init_extra = 1;
++ len += SSL3_RT_MAX_EXTRA;
++ }
+ }
+ #ifndef OPENSSL_NO_COMP
+ if (!(s->options & SSL_OP_NO_COMPRESSION))
+@@ -757,7 +771,15 @@ int ssl3_setup_write_buffer(SSL *s)
+
+ if (s->s3->wbuf.buf == NULL)
+ {
+- len = s->max_send_fragment
++ if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS)
++ {
++ len = SSL3_RT_DEFAULT_PACKET_SIZE;
++ }
++ else
++ {
++ len = s->max_send_fragment;
++ }
++ len += 0
+ + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ + headerlen + align;
+ #ifndef OPENSSL_NO_COMP
+@@ -767,7 +789,6 @@ int ssl3_setup_write_buffer(SSL *s)
+ if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+ len += headerlen + align
+ + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+-
+ if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
+ goto err;
+ s->s3->wbuf.buf = p;
+@@ -810,4 +831,3 @@ int ssl3_release_read_buffer(SSL *s)
+ }
+ return 1;
+ }
+-
+--- openssl-1.0.0a.orig/ssl/s3_pkt.c 2010-03-25 11:22:42.000000000 +0000
++++ openssl-1.0.0a/ssl/s3_pkt.c 2010-08-25 21:12:39.000000000 +0000
+@@ -293,6 +293,11 @@ static int ssl3_get_record(SSL *s)
+ size_t extra;
+ int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
++#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
++ long align=SSL3_ALIGN_PAYLOAD;
++#else
++ long align=0;
++#endif
+
+ rr= &(s->s3->rrec);
+ sess=s->session;
+@@ -301,7 +306,8 @@ static int ssl3_get_record(SSL *s)
+ extra=SSL3_RT_MAX_EXTRA;
+ else
+ extra=0;
+- if (extra && !s->s3->init_extra)
++ if (!(SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) &&
++ extra && !s->s3->init_extra)
+ {
+ /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
+ * set after ssl3_setup_buffers() was done */
+@@ -350,6 +356,21 @@ fprintf(stderr, "Record type=%d, Length=
+ goto err;
+ }
+
++ /* If we receive a valid record larger than the current buffer size,
++ * allocate some memory for it.
++ */
++ if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align)
++ {
++ if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL3_RT_HEADER_LENGTH + align))==NULL)
++ {
++ SSLerr(SSL_F_SSL3_GET_RECORD,ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ s->s3->rbuf.buf=p;
++ s->s3->rbuf.len=rr->length + SSL3_RT_HEADER_LENGTH + align;
++ s->packet= &(s->s3->rbuf.buf[0]);
++ }
++
+ if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
+ {
+ al=SSL_AD_RECORD_OVERFLOW;
+@@ -576,6 +597,7 @@ int ssl3_write_bytes(SSL *s, int type, c
+ const unsigned char *buf=buf_;
+ unsigned int tot,n,nw;
+ int i;
++ unsigned int max_plain_length;
+
+ s->rwstate=SSL_NOTHING;
+ tot=s->s3->wnum;
+@@ -595,8 +617,13 @@ int ssl3_write_bytes(SSL *s, int type, c
+ n=(len-tot);
+ for (;;)
+ {
+- if (n > s->max_send_fragment)
+- nw=s->max_send_fragment;
++ if (type == SSL3_RT_APPLICATION_DATA && (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS))
++ max_plain_length = SSL3_RT_DEFAULT_PLAIN_LENGTH;
++ else
++ max_plain_length = s->max_send_fragment;
++
++ if (n > max_plain_length)
++ nw = max_plain_length;
+ else
+ nw=n;
+
+@@ -727,6 +727,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ s->s3->empty_fragment_done = 1;
+ }
+
++ /* resize if necessary to hold the data. */
++ if (len + SSL3_RT_DEFAULT_WRITE_OVERHEAD > wb->len)
++ {
++ if ((p=OPENSSL_realloc(wb->buf, len + SSL3_RT_DEFAULT_WRITE_OVERHEAD))==NULL)
++ {
++ SSLerr(SSL_F_DO_SSL3_WRITE,ERR_R_MALLOC_FAILURE);
++ goto err;
++ }
++ wb->buf = p;
++ wb->len = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD;
++ }
++
+ if (create_empty_fragment)
+ {
+ #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+--- openssl-1.0.0a.orig/ssl/ssl.h 2010-01-06 17:37:38.000000000 +0000
++++ openssl-1.0.0a/ssl/ssl.h 2010-08-25 21:12:39.000000000 +0000
+@@ -602,6 +602,9 @@ typedef struct ssl_session_st
+ * TLS only.) "Released" buffers are put onto a free-list in the context
+ * or just freed (depending on the context's setting for freelist_max_len). */
+ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
++/* Use small read and write buffers: (a) lazy allocate read buffers for
++ * large incoming records, and (b) limit the size of outgoing records. */
++#define SSL_MODE_SMALL_BUFFERS 0x00000020L
+
+ /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+ * they cannot be used to clear bits. */
+--- openssl-1.0.0a.orig/ssl/ssl3.h 2010-01-06 17:37:38.000000000 +0000
++++ openssl-1.0.0a/ssl/ssl3.h 2010-08-25 21:12:39.000000000 +0000
+@@ -280,6 +280,9 @@ extern "C" {
+
+ #define SSL3_RT_MAX_EXTRA (16384)
+
++/* Default buffer length used for writen records. Thus a generated record
++ * will contain plaintext no larger than this value. */
++#define SSL3_RT_DEFAULT_PLAIN_LENGTH 2048
+ /* Maximum plaintext length: defined by SSL/TLS standards */
+ #define SSL3_RT_MAX_PLAIN_LENGTH 16384
+ /* Maximum compression overhead: defined by SSL/TLS standards */
+@@ -311,6 +314,13 @@ extern "C" {
+ #define SSL3_RT_MAX_PACKET_SIZE \
+ (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+
++/* Extra space for empty fragment, headers, MAC, and padding. */
++#define SSL3_RT_DEFAULT_WRITE_OVERHEAD 256
++#define SSL3_RT_DEFAULT_PACKET_SIZE 4096 - SSL3_RT_DEFAULT_WRITE_OVERHEAD
++#if SSL3_RT_DEFAULT_PLAIN_LENGTH + SSL3_RT_DEFAULT_WRITE_OVERHEAD > SSL3_RT_DEFAULT_PACKET_SIZE
++#error "Insufficient space allocated for write buffers."
++#endif
++
+ #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
+ #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
+
+@@ -634,4 +645,3 @@ typedef struct ssl3_state_st
+ }
+ #endif
+ #endif
+-
+--- openssl-1.0.0a.orig/ssl/ssltest.c 2010-01-24 16:57:38.000000000 +0000
++++ openssl-1.0.0a/ssl/ssltest.c 2010-08-25 21:12:39.000000000 +0000
+@@ -316,6 +316,8 @@ static void sv_usage(void)
+ " (default is sect163r2).\n");
+ #endif
+ fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
++ fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n");
++ fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n");
+ }
+
+ static void print_details(SSL *c_ssl, const char *prefix)
+@@ -444,6 +447,9 @@ int opaque_prf_input_cb(SSL *ssl, void *
+ return arg->ret;
+ }
+ #endif
++ int ssl_mode = 0;
++ int c_small_records=0;
++ int s_small_records=0;
+
+ int main(int argc, char *argv[])
+ {
+@@ -680,6 +687,14 @@ int main(int argc, char *argv[])
+ {
+ test_cipherlist = 1;
+ }
++ else if (strcmp(*argv, "-c_small_records") == 0)
++ {
++ c_small_records = 1;
++ }
++ else if (strcmp(*argv, "-s_small_records") == 0)
++ {
++ s_small_records = 1;
++ }
+ else
+ {
+ fprintf(stderr,"unknown option %s\n",*argv);
+@@ -802,6 +821,21 @@ bad:
+ SSL_CTX_set_cipher_list(s_ctx,cipher);
+ }
+
++ ssl_mode = 0;
++ if (c_small_records)
++ {
++ ssl_mode = SSL_CTX_get_mode(c_ctx);
++ ssl_mode |= SSL_MODE_SMALL_BUFFERS;
++ SSL_CTX_set_mode(c_ctx, ssl_mode);
++ }
++ ssl_mode = 0;
++ if (s_small_records)
++ {
++ ssl_mode = SSL_CTX_get_mode(s_ctx);
++ ssl_mode |= SSL_MODE_SMALL_BUFFERS;
++ SSL_CTX_set_mode(s_ctx, ssl_mode);
++ }
++
+ #ifndef OPENSSL_NO_DH
+ if (!no_dhe)
+ {
+--- openssl-1.0.0.orig/test/testssl 2006-03-10 15:06:27.000000000 -0800
++++ openssl-1.0.0/test/testssl 2010-04-26 10:24:55.000000000 -0700
+@@ -70,6 +70,16 @@ $ssltest -client_auth $CA $extra || exit
+ echo test sslv2/sslv3 with both client and server authentication
+ $ssltest -server_auth -client_auth $CA $extra || exit 1
+
++echo test sslv2/sslv3 with both client and server authentication and small client buffers
++$ssltest -server_auth -client_auth -c_small_records $CA $extra || exit 1
++
++echo test sslv2/sslv3 with both client and server authentication and small server buffers
++$ssltest -server_auth -client_auth -s_small_records $CA $extra || exit 1
++
++echo test sslv2/sslv3 with both client and server authentication and small client and server buffers
++$ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1
++
++
+ echo test sslv2 via BIO pair
+ $ssltest -bio_pair -ssl2 $extra || exit 1
+
diff --git a/openssl/patches/ssl_Android.mk b/openssl/patches/ssl_Android.mk
new file mode 100644
index 0000000..487aabb
--- /dev/null
+++ b/openssl/patches/ssl_Android.mk
@@ -0,0 +1,98 @@
+LOCAL_PATH:= $(call my-dir)
+
+local_c_includes := \
+ external/openssl \
+ external/openssl/include \
+ external/openssl/crypto
+
+local_src_files:= \
+ s2_meth.c \
+ s2_srvr.c \
+ s2_clnt.c \
+ s2_lib.c \
+ s2_enc.c \
+ s2_pkt.c \
+ s3_meth.c \
+ s3_srvr.c \
+ s3_clnt.c \
+ s3_lib.c \
+ s3_enc.c \
+ s3_pkt.c \
+ s3_both.c \
+ s23_meth.c \
+ s23_srvr.c \
+ s23_clnt.c \
+ s23_lib.c \
+ s23_pkt.c \
+ t1_meth.c \
+ t1_srvr.c \
+ t1_clnt.c \
+ t1_lib.c \
+ t1_enc.c \
+ t1_reneg.c \
+ ssl_lib.c \
+ ssl_err2.c \
+ ssl_cert.c \
+ ssl_sess.c \
+ ssl_ciph.c \
+ ssl_stat.c \
+ ssl_rsa.c \
+ ssl_asn1.c \
+ ssl_txt.c \
+ ssl_algs.c \
+ bio_ssl.c \
+ ssl_err.c \
+ kssl.c
+
+#######################################
+# target static library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+
+ifneq ($(TARGET_ARCH),x86)
+LOCAL_NDK_VERSION := 5
+LOCAL_SDK_VERSION := 9
+endif
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libssl_static
+include $(BUILD_STATIC_LIBRARY)
+
+#######################################
+# target shared library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+
+ifneq ($(TARGET_ARCH),x86)
+LOCAL_NDK_VERSION := 5
+LOCAL_SDK_VERSION := 9
+endif
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SHARED_LIBRARIES += libcrypto
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libssl
+include $(BUILD_SHARED_LIBRARY)
+
+#######################################
+# host shared library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SHARED_LIBRARIES += libcrypto
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libssl
+include $(BUILD_HOST_SHARED_LIBRARY)
+
+#######################################
+# ssltest
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+LOCAL_SRC_FILES:= ssltest.c
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SHARED_LIBRARIES := libssl libcrypto
+LOCAL_MODULE:= ssltest
+LOCAL_MODULE_TAGS := optional
+include $(BUILD_EXECUTABLE)
diff --git a/openssl/patches/sslv3_uninit_padding.patch b/openssl/patches/sslv3_uninit_padding.patch
new file mode 100644
index 0000000..89fff7b
--- /dev/null
+++ b/openssl/patches/sslv3_uninit_padding.patch
@@ -0,0 +1,14 @@
+diff --git a/ssl/s3_enc.c b/google3/third_party/openssl/openssl/ssl/s3_enc.c
+index 58386e1..b145970 100644
+--- a/ssl/s3_enc.c
++++ b/ssl/s3_enc.c
+@@ -511,6 +511,9 @@ int ssl3_enc(SSL *s, int send)
+
+ /* we need to add 'i-1' padding bytes */
+ l+=i;
++ /* the last of these zero bytes will be overwritten
++ * with the padding length. */
++ memset(&rec->input[rec->length], 0, i);
+ rec->length+=i;
+ rec->input[l-1]=(i-1);
+ }
diff --git a/openssl/patches/testssl.sh b/openssl/patches/testssl.sh
new file mode 100755
index 0000000..cd56092
--- /dev/null
+++ b/openssl/patches/testssl.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+#
+# Copyright (C) 2010 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Android testssl.sh driver script for openssl's testssl
+#
+# based on openssl's test/testss script and test/Makefile's test_ssl target
+#
+
+set -e
+trap "echo Exiting on unexpected error." ERR
+
+device=/sdcard/android.testssl
+
+digest='-sha1'
+reqcmd="adb shell /system/bin/openssl req"
+x509cmd="adb shell /system/bin/openssl x509 $digest"
+
+CAkey="$device/keyCA.ss"
+CAcert="$device/certCA.ss"
+CAreq="$device/reqCA.ss"
+CAconf="$device/CAss.cnf"
+
+Uconf="$device/Uss.cnf"
+Ureq="$device/reqU.ss"
+Ukey="$device/keyU.ss"
+Ucert="$device/certU.ss"
+
+echo
+echo "setting up"
+adb remount
+adb shell rm -r $device
+adb shell mkdir $device
+
+echo
+echo "pushing test files to device"
+adb push . $device
+
+echo
+echo "make a certificate request using 'req'"
+adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd"
+req_new='-new'
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new
+
+echo
+echo "convert the certificate request into a self signed certificate using 'x509'"
+$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca
+
+echo
+echo "make a user certificate request using 'req'"
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new
+
+echo
+echo "sign user certificate request with the just created CA via 'x509'"
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee
+
+echo
+echo "running testssl"
+./testssl $Ukey $Ucert $CAcert
+
+echo
+echo "cleaning up"
+adb shell rm -r $device