patches/npn.patch - Issue 10911247: Upstream openssl to version 1.0.1c

Side by Side Diff: patches/npn.patch

Issue 10911247: Upstream openssl to version 1.0.1c (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/

Patch Set: Created 8 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 --- openssl-1.0.0b.orig/apps/apps.c 2010-11-11 14:42:19.000000000 +0000

2 +++ openssl-1.0.0b/apps/apps.c 2010-11-29 19:56:04.902465346 +0000

3 @@ -3012,3 +3012,46 @@ int raw_write_stdout(const void *buf,int

4 int raw_write_stdout(const void *buf,int siz)

5 { return write(fileno(stdout),buf,siz); }

6 #endif

7 +

8 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

9 +/* next_protos_parse parses a comma separated list of strings into a string

10 + * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.

11 + * outlen: (output) set to the length of the resulting buffer on success.

12 + * in: a NUL termianted string like "abc,def,ghi"

13 + *

14 + * returns: a malloced buffer or NULL on failure.

15 + */

16 +unsigned char next_protos_parse(unsigned short outlen, const char *in)

17 + {

18 + size_t len;

19 + unsigned char *out;

20 + size_t i, start = 0;

21 +

22 + len = strlen(in);

23 + if (len >= 65535)

24 + return NULL;

25 +

26 + out = OPENSSL_malloc(strlen(in) + 1);

27 + if (!out)

28 + return NULL;

29 +

30 + for (i = 0; i <= len; ++i)

31 + {

32 + if (i == len \|\| in[i] == ',')

33 + {

34 + if (i - start > 255)

35 + {

36 + OPENSSL_free(out);

37 + return NULL;

38 + }

39 + out[start] = i - start;

40 + start = i + 1;

41 + }

42 + else

43 + out[i+1] = in[i];

44 + }

45 +

46 + *outlen = len + 1;

47 + return out;

48 + }

49 +#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */

50 --- openssl-1.0.0b.orig/apps/apps.h 2009-10-31 13:34:19.000000000 +0000

51 +++ openssl-1.0.0b/apps/apps.h 2010-11-29 19:56:04.902465346 +0000

52 @@ -358,3 +358,7 @@ int raw_write_stdout(const void *,int);

53 #define TM_STOP 1

54 double app_tminterval (int stop,int usertime);

55 #endif

56 +

57 +#ifndef OPENSSL_NO_NEXTPROTONEG

58 +unsigned char next_protos_parse(unsigned short outlen, const char *in);

59 +#endif

60 --- openssl-1.0.0b.orig/apps/s_client.c 2010-11-29 19:56:04.832465351 +0000

61 +++ openssl-1.0.0b/apps/s_client.c 2010-11-29 19:56:04.902465346 +0000

62 @@ -342,6 +342,9 @@ static void sc_usage(void)

63 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");

64 BIO_printf(bio_err," -status - request certificate status from server\n");

65 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis sessi on tickets\n");

66 +# ifndef OPENSSL_NO_NEXTPROTONEG

67 + BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, consideri ng named protocols supported (comma-separated list)\n");

68 +# endif

69 BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n");

70 #endif

71 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego tiation (dangerous)\n");

72 @@ -367,6 +370,40 @@ static int MS_CALLBACK ssl_servername_cb

73

74 return SSL_TLSEXT_ERR_OK;

75 }

76 +

77 +# ifndef OPENSSL_NO_NEXTPROTONEG

78 +/* This the context that we pass to next_proto_cb */

79 +typedef struct tlsextnextprotoctx_st {

80 + unsigned char *data;

81 + unsigned short len;

82 + int status;

83 +} tlsextnextprotoctx;

84 +

85 +static tlsextnextprotoctx next_proto;

86 +

87 +static int next_proto_cb(SSL s, unsigned char out, unsigned char outlen, co nst unsigned char in, unsigned int inlen, void arg)

88 + {

89 + tlsextnextprotoctx *ctx = arg;

90 +

91 + if (!c_quiet)

92 + {

93 + /* We can assume that \|in\| is syntactically valid. */

94 + unsigned i;

95 + BIO_printf(bio_c_out, "Protocols advertised by server: ");

96 + for (i = 0; i < inlen; )

97 + {

98 + if (i)

99 + BIO_write(bio_c_out, ", ", 2);

100 + BIO_write(bio_c_out, &in[i + 1], in[i]);

101 + i += in[i] + 1;

102 + }

103 + BIO_write(bio_c_out, "\n", 1);

104 + }

105 +

106 + ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, c tx->len);

107 + return SSL_TLSEXT_ERR_OK;

108 + }

109 +# endif /* ndef OPENSSL_NO_NEXTPROTONEG */

110 #endif

111

112 enum

113 @@ -431,6 +468,9 @@ int MAIN(int argc, char **argv)

114 char *servername = NULL;

115 tlsextctx tlsextcbp =

116 {NULL,0};

117 +# ifndef OPENSSL_NO_NEXTPROTONEG

118 + const char *next_proto_neg_in = NULL;

119 +# endif

120 #endif

121 char *sess_in = NULL;

122 char *sess_out = NULL;

123 @@ -658,6 +698,13 @@ int MAIN(int argc, char **argv)

124 #ifndef OPENSSL_NO_TLSEXT

125 else if (strcmp(*argv,"-no_ticket") == 0)

126 { off\|=SSL_OP_NO_TICKET; }

127 +# ifndef OPENSSL_NO_NEXTPROTONEG

128 + else if (strcmp(*argv,"-nextprotoneg") == 0)

129 + {

130 + if (--argc < 1) goto bad;

131 + next_proto_neg_in = *(++argv);

132 + }

133 +# endif

134 #endif

135 else if (strcmp(*argv,"-cutthrough") == 0)

136 cutthrough=1;

137 @@ -766,6 +813,21 @@ bad:

138 OpenSSL_add_ssl_algorithms();

139 SSL_load_error_strings();

140

141 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

142 + next_proto.status = -1;

143 + if (next_proto_neg_in)

144 + {

145 + next_proto.data = next_protos_parse(&next_proto.len, next_proto_ neg_in);

146 + if (next_proto.data == NULL)

147 + {

148 + BIO_printf(bio_err, "Error parsing -nextprotoneg argumen t\n");

149 + goto end;

150 + }

151 + }

152 + else

153 + next_proto.data = NULL;

154 +#endif

155 +

156 #ifndef OPENSSL_NO_ENGINE

157 e = setup_engine(bio_err, engine_id, 1);

158 if (ssl_client_engine_id)

159 @@ -896,6 +958,11 @@ bad:

160 SSL_CTX_set_mode(ctx, ssl_mode);

161 }

162

163 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

164 + if (next_proto.data)

165 + SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto );

166 +#endif

167 +

168 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);

169 if (cipher != NULL)

170 if(!SSL_CTX_set_cipher_list(ctx,cipher)) {

171 @@ -1755,6 +1822,18 @@ static void print_stuff(BIO bio, SSL s

172 BIO_printf(bio,"Expansion: %s\n",

173 expansion ? SSL_COMP_get_name(expansion) : "NONE");

174 #endif

175 +

176 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

177 + if (next_proto.status != -1) {

178 + const unsigned char *proto;

179 + unsigned int proto_len;

180 + SSL_get0_next_proto_negotiated(s, &proto, &proto_len);

181 + BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);

182 + BIO_write(bio, proto, proto_len);

183 + BIO_write(bio, "\n", 1);

184 + }

185 +#endif

186 +

187 SSL_SESSION_print(bio,SSL_get_session(s));

188 BIO_printf(bio,"---\n");

189 if (peer != NULL)

190 --- openssl-1.0.0b.orig/apps/s_server.c 2010-06-15 17:25:02.000000000 +0000

191 +++ openssl-1.0.0b/apps/s_server.c 2010-11-29 19:56:04.902465346 +0000

192 @@ -492,6 +492,9 @@ static void sv_usage(void)

193 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions rece ived\n");

194 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session t ickets\n");

195 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego tiation (dangerous)\n");

196 +# ifndef OPENSSL_NO_NEXTPROTONEG

197 + BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols fo r the NPN extension (comma-separated list)\n");

198 +# endif

199 #endif

200 }

201

202 @@ -826,6 +829,24 @@ BIO_printf(err, "cert_status: received %

203 ret = SSL_TLSEXT_ERR_ALERT_FATAL;

204 goto done;

205 }

206 +

207 +# ifndef OPENSSL_NO_NEXTPROTONEG

208 +/* This is the context that we pass to next_proto_cb */

209 +typedef struct tlsextnextprotoctx_st {

210 + unsigned char *data;

211 + unsigned int len;

212 +} tlsextnextprotoctx;

213 +

214 +static int next_proto_cb(SSL s, const unsigned char data, unsigned int len, void *arg)

215 + {

216 + tlsextnextprotoctx *next_proto = arg;

217 +

218 + *data = next_proto->data;

219 + *len = next_proto->len;

220 +

221 + return SSL_TLSEXT_ERR_OK;

222 + }

223 +# endif /* ndef OPENSSL_NO_NPN */

224 #endif

225

226 int MAIN(int, char **);

227 @@ -867,6 +888,10 @@ int MAIN(int argc, char *argv[])

228 #endif

229 #ifndef OPENSSL_NO_TLSEXT

230 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};

231 +# ifndef OPENSSL_NO_NEXTPROTONEG

232 + const char *next_proto_neg_in = NULL;

233 + tlsextnextprotoctx next_proto;

234 +# endif

235 #endif

236 #ifndef OPENSSL_NO_PSK

237 /* by default do not send a PSK identity hint */

238 @@ -1191,7 +1216,13 @@ int MAIN(int argc, char *argv[])

239 if (--argc < 1) goto bad;

240 s_key_file2= *(++argv);

241 }

242 -

243 +# ifndef OPENSSL_NO_NEXTPROTONEG

244 + else if (strcmp(*argv,"-nextprotoneg") == 0)

245 + {

246 + if (--argc < 1) goto bad;

247 + next_proto_neg_in = *(++argv);

248 + }

249 +# endif

250 #endif

251 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)

252 else if (strcmp(*argv,"-jpake") == 0)

253 @@ -1476,6 +1507,11 @@ bad:

254 if (vpm)

255 SSL_CTX_set1_param(ctx2, vpm);

256 }

257 +

258 +# ifndef OPENSSL_NO_NEXTPROTONEG

259 + if (next_proto.data)

260 + SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_ proto);

261 +# endif

262 #endif

263

264 #ifndef OPENSSL_NO_DH

265 @@ -1617,6 +1653,21 @@ bad:

266 goto end;

267 }

268 }

269 +# ifndef OPENSSL_NO_NEXTPROTONEG

270 + if (next_proto_neg_in)

271 + {

272 + unsigned short len;

273 + next_proto.data = next_protos_parse(&len,

274 + next_proto_neg_in);

275 + if (next_proto.data == NULL)

276 + goto end;

277 + next_proto.len = len;

278 + }

279 + else

280 + {

281 + next_proto.data = NULL;

282 + }

283 +# endif

284 #endif

285 RSA_free(rsa);

286 BIO_printf(bio_s_out,"\n");

287 @@ -2159,6 +2210,10 @@ static int init_ssl_connection(SSL *con)

288 X509 *peer;

289 long verify_error;

290 MS_STATIC char buf[BUFSIZ];

291 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

292 + const unsigned char *next_proto_neg;

293 + unsigned next_proto_neg_len;

294 +#endif

295

296 if ((i=SSL_accept(con)) <= 0)

297 {

298 @@ -2198,6 +2253,15 @@ static int init_ssl_connection(SSL *con)

299 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);

300 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));

301 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");

302 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

303 + SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len );

304 + if (next_proto_neg)

305 + {

306 + BIO_printf(bio_s_out,"NEXTPROTO is ");

307 + BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);

308 + BIO_printf(bio_s_out, "\n");

309 + }

310 +#endif

311 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");

312 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &

313 TLS1_FLAGS_TLS_PADDING_BUG)

314 --- openssl-1.0.0b.orig/include/openssl/ssl.h 2010-11-29 19:56:04.846517045 +0 000

315 +++ openssl-1.0.0b/include/openssl/ssl.h 2010-11-29 19:56:04.965928855 +0 000

316 @@ -857,6 +857,25 @@ struct ssl_ctx_st

317 /* draft-rescorla-tls-opaque-prf-input-00.txt information */

318 int (tlsext_opaque_prf_input_callback)(SSL , void peerinput, size_t l en, void arg);

319 void *tlsext_opaque_prf_input_callback_arg;

320 +

321 +# ifndef OPENSSL_NO_NEXTPROTONEG

322 + /* Next protocol negotiation information */

323 + /* (for experimental NPN extension). */

324 +

325 + /* For a server, this contains a callback function by which the set of

326 + * advertised protocols can be provided. */

327 + int (next_protos_advertised_cb)(SSL s, const unsigned char **buf,

328 + unsigned int len, void arg);

329 + void *next_protos_advertised_cb_arg;

330 + /* For a client, this contains a callback function that selects the

331 + * next protocol from the list provided by the server. */

332 + int (next_proto_select_cb)(SSL s, unsigned char **out,

333 + unsigned char *outlen,

334 + const unsigned char *in,

335 + unsigned int inlen,

336 + void *arg);

337 + void *next_proto_select_cb_arg;

338 +# endif

339 #endif

340

341 #ifndef OPENSSL_NO_PSK

342 @@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C

343 #endif

344 void SSL_CTX_set_cookie_generate_cb(SSL_CTX ctx, int (app_gen_cookie_cb)(SSL ssl, unsigned char cookie, unsigned int *cookie_len));

345 void SSL_CTX_set_cookie_verify_cb(SSL_CTX ctx, int (app_verify_cookie_cb)(SSL ssl, unsigned char cookie, unsigned int cookie_len));

346 +#ifndef OPENSSL_NO_NEXTPROTONEG

347 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,

348 + int (cb) (SSL ssl,

349 + const unsigned char **out,

350 + unsigned int *outlen,

351 + void arg), void arg);

352 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,

353 + int (cb) (SSL ssl, unsigned char **out,

354 + unsigned char *outlen,

355 + const unsigned char *in,

356 + unsigned int inlen, void *arg),

357 + void *arg);

358 +

359 +int SSL_select_next_proto(unsigned char *out, unsigned char outlen,

360 + const unsigned char *in, unsigned int inlen,

361 + const unsigned char *client, unsigned int client_len);

362 +void SSL_get0_next_proto_negotiated(const SSL s, const unsigned char *data,

363 + unsigned *len);

364 +

365 +#define OPENSSL_NPN_UNSUPPORTED 0

366 +#define OPENSSL_NPN_NEGOTIATED 1

367 +#define OPENSSL_NPN_NO_OVERLAP 2

368 +

369 +#endif

370

371 #ifndef OPENSSL_NO_PSK

372 /* the maximum length of the buffer given to callbacks containing the

373 @@ -1187,6 +1230,19 @@ struct ssl_st

374 void *tls_session_secret_cb_arg;

375

376 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */

377 +

378 +#ifndef OPENSSL_NO_NEXTPROTONEG

379 + /* Next protocol negotiation. For the client, this is the protocol that

380 + * we sent in NextProtocol and is set when handling ServerHello

381 + * extensions.

382 + *

383 + * For a server, this is the client's selected_protocol from

384 + * NextProtocol and is set when handling the NextProtocol message,

385 + * before the Finished message. */

386 + unsigned char *next_proto_negotiated;

387 + unsigned char next_proto_negotiated_len;

388 +#endif

389 +

390 #define session_ctx initial_ctx

391 #else

392 #define session_ctx ctx

393 @@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void);

394 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141

395 #define SSL_F_SSL3_GET_MESSAGE 142

396 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283

397 +#define SSL_F_SSL3_GET_NEXT_PROTO 304

398 #define SSL_F_SSL3_GET_RECORD 143

399 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144

400 #define SSL_F_SSL3_GET_SERVER_DONE 145

401 @@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void);

402 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152

403 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153

404 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154

405 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346

406 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347

407 #define SSL_R_HTTPS_PROXY_REQUEST 155

408 #define SSL_R_HTTP_REQUEST 156

409 #define SSL_R_ILLEGAL_PADDING 283

410 --- openssl-1.0.0b.orig/include/openssl/ssl3.h 2010-11-29 19:56:04.832465351 +0 000

411 +++ openssl-1.0.0b/include/openssl/ssl3.h 2010-11-29 19:56:04.965928855 +0 000

412 @@ -465,6 +465,12 @@ typedef struct ssl3_state_st

413 void *server_opaque_prf_input;

414 size_t server_opaque_prf_input_len;

415

416 +#ifndef OPENSSL_NO_NEXTPROTONEG

417 + /* Set if we saw the Next Protocol Negotiation extension from

418 + our peer. */

419 + int next_proto_neg_seen;

420 +#endif

421 +

422 struct {

423 /* actually only needs to be 16+20 */

424 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];

425 @@ -557,6 +563,10 @@ typedef struct ssl3_state_st

426 #define SSL3_ST_CW_CERT_VRFY_B (0x191\|SSL_ST_CONNECT)

427 #define SSL3_ST_CW_CHANGE_A (0x1A0\|SSL_ST_CONNECT)

428 #define SSL3_ST_CW_CHANGE_B (0x1A1\|SSL_ST_CONNECT)

429 +#ifndef OPENSSL_NO_NEXTPROTONEG

430 +#define SSL3_ST_CW_NEXT_PROTO_A (0x200\|SSL_ST_CONNECT)

431 +#define SSL3_ST_CW_NEXT_PROTO_B (0x201\|SSL_ST_CONNECT)

432 +#endif

433 #define SSL3_ST_CW_FINISHED_A (0x1B0\|SSL_ST_CONNECT)

434 #define SSL3_ST_CW_FINISHED_B (0x1B1\|SSL_ST_CONNECT)

435 /* read from server */

436 @@ -602,6 +612,10 @@ typedef struct ssl3_state_st

437 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1\|SSL_ST_ACCEPT)

438 #define SSL3_ST_SR_CHANGE_A (0x1B0\|SSL_ST_ACCEPT)

439 #define SSL3_ST_SR_CHANGE_B (0x1B1\|SSL_ST_ACCEPT)

440 +#ifndef OPENSSL_NO_NEXTPROTONEG

441 +#define SSL3_ST_SR_NEXT_PROTO_A (0x210\|SSL_ST_ACCEPT)

442 +#define SSL3_ST_SR_NEXT_PROTO_B (0x211\|SSL_ST_ACCEPT)

443 +#endif

444 #define SSL3_ST_SR_FINISHED_A (0x1C0\|SSL_ST_ACCEPT)

445 #define SSL3_ST_SR_FINISHED_B (0x1C1\|SSL_ST_ACCEPT)

446 /* write to client */

447 @@ -626,6 +640,9 @@ typedef struct ssl3_state_st

448 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16

449 #define SSL3_MT_FINISHED 20

450 #define SSL3_MT_CERTIFICATE_STATUS 22

451 +#ifndef OPENSSL_NO_NEXTPROTONEG

452 +#define SSL3_MT_NEXT_PROTO 67

453 +#endif

454 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3

455

456

457 --- openssl-1.0.0b.orig/include/openssl/tls1.h 2009-11-11 14:51:29.000000000 +0 000

458 +++ openssl-1.0.0b/include/openssl/tls1.h 2010-11-29 19:56:04.965928855 +0 000

459 @@ -204,6 +204,11 @@ extern "C" {

460 /* Temporary extension type */

461 #define TLSEXT_TYPE_renegotiate 0xff01

462

463 +#ifndef OPENSSL_NO_NEXTPROTONEG

464 +/* This is not an IANA defined extension number */

465 +#define TLSEXT_TYPE_next_proto_neg 13172

466 +#endif

467 +

468 /* NameType value from RFC 3546 */

469 #define TLSEXT_NAMETYPE_host_name 0

470 /* status request value from RFC 3546 */

471 --- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-29 19:56:04.846517045 +0000

472 +++ openssl-1.0.0b/ssl/s3_both.c 2010-11-29 19:56:04.965928855 +0000

473 @@ -202,15 +202,40 @@ int ssl3_send_finished(SSL *s, int a, in

474 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

475 }

476

477 +#ifndef OPENSSL_NO_NEXTPROTONEG

478 +/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen t o far. */

479 +static void ssl3_take_mac(SSL *s)

480 + {

481 + const char *sender;

482 + int slen;

483 +

484 + if (s->state & SSL_ST_CONNECT)

485 + {

486 + sender=s->method->ssl3_enc->server_finished_label;

487 + slen=s->method->ssl3_enc->server_finished_label_len;

488 + }

489 + else

490 + {

491 + sender=s->method->ssl3_enc->client_finished_label;

492 + slen=s->method->ssl3_enc->client_finished_label_len;

493 + }

494 +

495 + s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,

496 + sender,slen,s->s3->tmp.peer_finish_md);

497 + }

498 +#endif

499 +

500 int ssl3_get_finished(SSL *s, int a, int b)

501 {

502 int al,i,ok;

503 long n;

504 unsigned char *p;

505

506 +#ifdef OPENSSL_NO_NEXTPROTONEG

507 /* the mac has already been generated when we received the

508 * change cipher spec message and is in s->s3->tmp.peer_finish_md

509 */

510 +#endif

511

512 n=s->method->ssl_get_message(s,

513 a,

514 @@ -521,6 +546,15 @@ long ssl3_get_message(SSL *s, int st1, i

515 s->init_num += i;

516 n -= i;

517 }

518 +

519 +#ifndef OPENSSL_NO_NEXTPROTONEG

520 + /* If receiving Finished, record MAC of prior handshake messages for

521 + * Finished verification. */

522 + if (*s->init_buf->data == SSL3_MT_FINISHED)

523 + ssl3_take_mac(s);

524 +#endif

525 +

526 + /* Feed this message into MAC computation. */

527 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);

528 if (s->msg_callback)

529 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d ata, (size_t)s->init_num + 4, s, s->msg_callback_arg);

530 --- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-29 19:56:04.846517045 +0000

531 +++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-29 19:56:04.965928855 +0000

532 @@ -435,7 +435,16 @@ int ssl3_connect(SSL *s)

533 ret=ssl3_send_change_cipher_spec(s,

534 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);

535 if (ret <= 0) goto end;

536 +

537 +#if defined(OPENSSL_NO_TLSEXT) \|\| defined(OPENSSL_NO_NEXTPROTONEG)

538 s->state=SSL3_ST_CW_FINISHED_A;

539 +#else

540 + if (s->next_proto_negotiated)

541 + s->state=SSL3_ST_CW_NEXT_PROTO_A;

542 + else

543 + s->state=SSL3_ST_CW_FINISHED_A;

544 +#endif

545 +

546 s->init_num=0;

547

548 s->session->cipher=s->s3->tmp.new_cipher;

549 @@ -463,6 +472,15 @@ int ssl3_connect(SSL *s)

550

551 break;

552

553 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

554 + case SSL3_ST_CW_NEXT_PROTO_A:

555 + case SSL3_ST_CW_NEXT_PROTO_B:

556 + ret=ssl3_send_next_proto(s);

557 + if (ret <= 0) goto end;

558 + s->state=SSL3_ST_CW_FINISHED_A;

559 + break;

560 +#endif

561 +

562 case SSL3_ST_CW_FINISHED_A:

563 case SSL3_ST_CW_FINISHED_B:

564 ret=ssl3_send_finished(s,

565 @@ -3060,6 +3078,32 @@ err:

566 */

567

568 #ifndef OPENSSL_NO_TLSEXT

569 +# ifndef OPENSSL_NO_NEXTPROTONEG

570 +int ssl3_send_next_proto(SSL *s)

571 + {

572 + unsigned int len, padding_len;

573 + unsigned char *d;

574 +

575 + if (s->state == SSL3_ST_CW_NEXT_PROTO_A)

576 + {

577 + len = s->next_proto_negotiated_len;

578 + padding_len = 32 - ((len + 2) % 32);

579 + d = (unsigned char *)s->init_buf->data;

580 + d[4] = len;

581 + memcpy(d + 5, s->next_proto_negotiated, len);

582 + d[5 + len] = padding_len;

583 + memset(d + 6 + len, 0, padding_len);

584 + *(d++)=SSL3_MT_NEXT_PROTO;

585 + l2n3(2 + len + padding_len, d);

586 + s->state = SSL3_ST_CW_NEXT_PROTO_B;

587 + s->init_num = 4 + 2 + len + padding_len;

588 + s->init_off = 0;

589 + }

590 +

591 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE);

592 + }

593 +# endif

594 +

595 int ssl3_check_finished(SSL *s)

596 {

597 int ok;

598 --- openssl-1.0.0b.orig/ssl/s3_lib.c 2010-11-29 19:56:04.832465351 +0000

599 +++ openssl-1.0.0b/ssl/s3_lib.c 2010-11-29 19:56:04.965928855 +0000

600 @@ -2230,6 +2230,15 @@ void ssl3_clear(SSL *s)

601 s->s3->num_renegotiations=0;

602 s->s3->in_read_app_data=0;

603 s->version=SSL3_VERSION;

604 +

605 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

606 + if (s->next_proto_negotiated)

607 + {

608 + OPENSSL_free(s->next_proto_negotiated);

609 + s->next_proto_negotiated = NULL;

610 + s->next_proto_negotiated_len = 0;

611 + }

612 +#endif

613 }

614

615 long ssl3_ctrl(SSL s, int cmd, long larg, void parg)

616 --- openssl-1.0.0b.orig/ssl/s3_pkt.c 2010-11-29 19:56:04.832465351 +0000

617 +++ openssl-1.0.0b/ssl/s3_pkt.c 2010-11-29 19:56:04.965928855 +0000

618 @@ -1394,8 +1394,10 @@ err:

619 int ssl3_do_change_cipher_spec(SSL *s)

620 {

621 int i;

622 +#ifdef OPENSSL_NO_NEXTPROTONEG

623 const char *sender;

624 int slen;

625 +#endif

626

627 if (s->state & SSL_ST_ACCEPT)

628 i=SSL3_CHANGE_CIPHER_SERVER_READ;

629 @@ -1418,6 +1420,7 @@ int ssl3_do_change_cipher_spec(SSL *s)

630 if (!s->method->ssl3_enc->change_cipher_state(s,i))

631 return(0);

632

633 +#ifdef OPENSSL_NO_NEXTPROTONEG

634 /* we have to record the message digest at

635 * this point so we can get it before we read

636 * the finished message */

637 @@ -1434,6 +1437,7 @@ int ssl3_do_change_cipher_spec(SSL *s)

638

639 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,

640 sender,slen,s->s3->tmp.peer_finish_md);

641 +#endif

642

643 return(1);

644 }

645 --- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-29 19:56:04.846517045 +0000

646 +++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-29 19:56:04.965928855 +0000

647 @@ -538,7 +538,14 @@ int ssl3_accept(SSL *s)

648 * the client uses its key from the certificate

649 * for key exchange.

650 */

651 +#if defined(OPENSSL_NO_TLSEXT) \|\| defined(OPENSSL_NO_NEXTPROTONEG)

652 s->state=SSL3_ST_SR_FINISHED_A;

653 +#else

654 + if (s->s3->next_proto_neg_seen)

655 + s->state=SSL3_ST_SR_NEXT_PROTO_A;

656 + else

657 + s->state=SSL3_ST_SR_FINISHED_A;

658 +#endif

659 s->init_num = 0;

660 }

661 else

662 @@ -581,10 +588,27 @@ int ssl3_accept(SSL *s)

663 ret=ssl3_get_cert_verify(s);

664 if (ret <= 0) goto end;

665

666 +#if defined(OPENSSL_NO_TLSEXT) \|\| defined(OPENSSL_NO_NEXTPROTONEG)

667 s->state=SSL3_ST_SR_FINISHED_A;

668 +#else

669 + if (s->s3->next_proto_neg_seen)

670 + s->state=SSL3_ST_SR_NEXT_PROTO_A;

671 + else

672 + s->state=SSL3_ST_SR_FINISHED_A;

673 +#endif

674 s->init_num=0;

675 break;

676

677 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

678 + case SSL3_ST_SR_NEXT_PROTO_A:

679 + case SSL3_ST_SR_NEXT_PROTO_B:

680 + ret=ssl3_get_next_proto(s);

681 + if (ret <= 0) goto end;

682 + s->init_num = 0;

683 + s->state=SSL3_ST_SR_FINISHED_A;

684 + break;

685 +#endif

686 +

687 case SSL3_ST_SR_FINISHED_A:

688 case SSL3_ST_SR_FINISHED_B:

689 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,

690 @@ -655,7 +679,16 @@ int ssl3_accept(SSL *s)

691 if (ret <= 0) goto end;

692 s->state=SSL3_ST_SW_FLUSH;

693 if (s->hit)

694 + {

695 +#if defined(OPENSSL_NO_TLSEXT) \|\| defined(OPENSSL_NO_NEXTPROTONEG)

696 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;

697 +#else

698 + if (s->s3->next_proto_neg_seen)

699 + s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PR OTO_A;

700 + else

701 + s->s3->tmp.next_state=SSL3_ST_SR_FINISHE D_A;

702 +#endif

703 + }

704 else

705 s->s3->tmp.next_state=SSL_ST_OK;

706 s->init_num=0;

707 @@ -3196,4 +3229,72 @@ int ssl3_send_cert_status(SSL *s)

708 /* SSL3_ST_SW_CERT_STATUS_B */

709 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));

710 }

711 +

712 +# ifndef OPENSSL_NO_NPN

713 +/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It

714 + * sets the next_proto member in s if found */

715 +int ssl3_get_next_proto(SSL *s)

716 + {

717 + int ok;

718 + unsigned proto_len, padding_len;

719 + long n;

720 + const unsigned char *p;

721 +

722 + /* Clients cannot send a NextProtocol message if we didn't see the

723 + * extension in their ClientHello */

724 + if (!s->s3->next_proto_neg_seen)

725 + {

726 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EX TENSION);

727 + return -1;

728 + }

729 +

730 + n=s->method->ssl_get_message(s,

731 + SSL3_ST_SR_NEXT_PROTO_A,

732 + SSL3_ST_SR_NEXT_PROTO_B,

733 + SSL3_MT_NEXT_PROTO,

734 + 514, /* See the payload format below */

735 + &ok);

736 +

737 + if (!ok)

738 + return((int)n);

739 +

740 + /* s->state doesn't reflect whether ChangeCipherSpec has been received

741 + * in this handshake, but s->s3->change_cipher_spec does (will be reset

742 + * by ssl3_get_finished). */

743 + if (!s->s3->change_cipher_spec)

744 + {

745 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_C CS);

746 + return -1;

747 + }

748 +

749 + if (n < 2)

750 + return 0; /* The body must be > 1 bytes long */

751 +

752 + p=(unsigned char *)s->init_msg;

753 +

754 + /* The payload looks like:

755 + * uint8 proto_len;

756 + * uint8 proto[proto_len];

757 + * uint8 padding_len;

758 + * uint8 padding[padding_len];

759 + */

760 + proto_len = p[0];

761 + if (proto_len + 2 > s->init_num)

762 + return 0;

763 + padding_len = p[proto_len + 1];

764 + if (proto_len + padding_len + 2 != s->init_num)

765 + return 0;

766 +

767 + s->next_proto_negotiated = OPENSSL_malloc(proto_len);

768 + if (!s->next_proto_negotiated)

769 + {

770 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE);

771 + return 0;

772 + }

773 + memcpy(s->next_proto_negotiated, p + 1, proto_len);

774 + s->next_proto_negotiated_len = proto_len;

775 +

776 + return 1;

777 + }

778 +# endif

779 #endif

780 --- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-29 19:56:04.846517045 +0000

781 +++ openssl-1.0.0b/ssl/ssl.h 2010-11-29 19:56:04.965928855 +0000

782 @@ -857,6 +857,25 @@ struct ssl_ctx_st

783 /* draft-rescorla-tls-opaque-prf-input-00.txt information */

784 int (tlsext_opaque_prf_input_callback)(SSL , void peerinput, size_t l en, void arg);

785 void *tlsext_opaque_prf_input_callback_arg;

786 +

787 +# ifndef OPENSSL_NO_NEXTPROTONEG

788 + /* Next protocol negotiation information */

789 + /* (for experimental NPN extension). */

790 +

791 + /* For a server, this contains a callback function by which the set of

792 + * advertised protocols can be provided. */

793 + int (next_protos_advertised_cb)(SSL s, const unsigned char **buf,

794 + unsigned int len, void arg);

795 + void *next_protos_advertised_cb_arg;

796 + /* For a client, this contains a callback function that selects the

797 + * next protocol from the list provided by the server. */

798 + int (next_proto_select_cb)(SSL s, unsigned char **out,

799 + unsigned char *outlen,

800 + const unsigned char *in,

801 + unsigned int inlen,

802 + void *arg);

803 + void *next_proto_select_cb_arg;

804 +# endif

805 #endif

806

807 #ifndef OPENSSL_NO_PSK

808 @@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C

809 #endif

810 void SSL_CTX_set_cookie_generate_cb(SSL_CTX ctx, int (app_gen_cookie_cb)(SSL ssl, unsigned char cookie, unsigned int *cookie_len));

811 void SSL_CTX_set_cookie_verify_cb(SSL_CTX ctx, int (app_verify_cookie_cb)(SSL ssl, unsigned char cookie, unsigned int cookie_len));

812 +#ifndef OPENSSL_NO_NEXTPROTONEG

813 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,

814 + int (cb) (SSL ssl,

815 + const unsigned char **out,

816 + unsigned int *outlen,

817 + void arg), void arg);

818 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,

819 + int (cb) (SSL ssl, unsigned char **out,

820 + unsigned char *outlen,

821 + const unsigned char *in,

822 + unsigned int inlen, void *arg),

823 + void *arg);

824 +

825 +int SSL_select_next_proto(unsigned char *out, unsigned char outlen,

826 + const unsigned char *in, unsigned int inlen,

827 + const unsigned char *client, unsigned int client_len);

828 +void SSL_get0_next_proto_negotiated(const SSL s, const unsigned char *data,

829 + unsigned *len);

830 +

831 +#define OPENSSL_NPN_UNSUPPORTED 0

832 +#define OPENSSL_NPN_NEGOTIATED 1

833 +#define OPENSSL_NPN_NO_OVERLAP 2

834 +

835 +#endif

836

837 #ifndef OPENSSL_NO_PSK

838 /* the maximum length of the buffer given to callbacks containing the

839 @@ -1187,6 +1230,19 @@ struct ssl_st

840 void *tls_session_secret_cb_arg;

841

842 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */

843 +

844 +#ifndef OPENSSL_NO_NEXTPROTONEG

845 + /* Next protocol negotiation. For the client, this is the protocol that

846 + * we sent in NextProtocol and is set when handling ServerHello

847 + * extensions.

848 + *

849 + * For a server, this is the client's selected_protocol from

850 + * NextProtocol and is set when handling the NextProtocol message,

851 + * before the Finished message. */

852 + unsigned char *next_proto_negotiated;

853 + unsigned char next_proto_negotiated_len;

854 +#endif

855 +

856 #define session_ctx initial_ctx

857 #else

858 #define session_ctx ctx

859 @@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void);

860 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141

861 #define SSL_F_SSL3_GET_MESSAGE 142

862 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283

863 +#define SSL_F_SSL3_GET_NEXT_PROTO 304

864 #define SSL_F_SSL3_GET_RECORD 143

865 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144

866 #define SSL_F_SSL3_GET_SERVER_DONE 145

867 @@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void);

868 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152

869 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153

870 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154

871 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346

872 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347

873 #define SSL_R_HTTPS_PROXY_REQUEST 155

874 #define SSL_R_HTTP_REQUEST 156

875 #define SSL_R_ILLEGAL_PADDING 283

876 --- openssl-1.0.0b.orig/ssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000

877 +++ openssl-1.0.0b/ssl/ssl3.h 2010-11-29 19:56:04.965928855 +0000

878 @@ -465,6 +465,12 @@ typedef struct ssl3_state_st

879 void *server_opaque_prf_input;

880 size_t server_opaque_prf_input_len;

881

882 +#ifndef OPENSSL_NO_NEXTPROTONEG

883 + /* Set if we saw the Next Protocol Negotiation extension from

884 + our peer. */

885 + int next_proto_neg_seen;

886 +#endif

887 +

888 struct {

889 /* actually only needs to be 16+20 */

890 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];

891 @@ -557,6 +563,10 @@ typedef struct ssl3_state_st

892 #define SSL3_ST_CW_CERT_VRFY_B (0x191\|SSL_ST_CONNECT)

893 #define SSL3_ST_CW_CHANGE_A (0x1A0\|SSL_ST_CONNECT)

894 #define SSL3_ST_CW_CHANGE_B (0x1A1\|SSL_ST_CONNECT)

895 +#ifndef OPENSSL_NO_NEXTPROTONEG

896 +#define SSL3_ST_CW_NEXT_PROTO_A (0x200\|SSL_ST_CONNECT)

897 +#define SSL3_ST_CW_NEXT_PROTO_B (0x201\|SSL_ST_CONNECT)

898 +#endif

899 #define SSL3_ST_CW_FINISHED_A (0x1B0\|SSL_ST_CONNECT)

900 #define SSL3_ST_CW_FINISHED_B (0x1B1\|SSL_ST_CONNECT)

901 /* read from server */

902 @@ -602,6 +612,10 @@ typedef struct ssl3_state_st

903 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1\|SSL_ST_ACCEPT)

904 #define SSL3_ST_SR_CHANGE_A (0x1B0\|SSL_ST_ACCEPT)

905 #define SSL3_ST_SR_CHANGE_B (0x1B1\|SSL_ST_ACCEPT)

906 +#ifndef OPENSSL_NO_NEXTPROTONEG

907 +#define SSL3_ST_SR_NEXT_PROTO_A (0x210\|SSL_ST_ACCEPT)

908 +#define SSL3_ST_SR_NEXT_PROTO_B (0x211\|SSL_ST_ACCEPT)

909 +#endif

910 #define SSL3_ST_SR_FINISHED_A (0x1C0\|SSL_ST_ACCEPT)

911 #define SSL3_ST_SR_FINISHED_B (0x1C1\|SSL_ST_ACCEPT)

912 /* write to client */

913 @@ -626,6 +640,9 @@ typedef struct ssl3_state_st

914 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16

915 #define SSL3_MT_FINISHED 20

916 #define SSL3_MT_CERTIFICATE_STATUS 22

917 +#ifndef OPENSSL_NO_NEXTPROTONEG

918 +#define SSL3_MT_NEXT_PROTO 67

919 +#endif

920 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3

921

922

923 --- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-29 19:56:04.846517045 +0000

924 +++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-29 19:56:04.965928855 +0000

925 @@ -155,6 +155,7 @@ static ERR_STRING_DATA SSL_str_functs[]=

926 {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},

927 {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},

928 {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},

929 +{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},

930 {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},

931 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},

932 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},

933 @@ -355,6 +356,8 @@ static ERR_STRING_DATA SSL_str_reasons[]

934 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},

935 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},

936 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},

937 +{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},

938 +{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without see ing extension"},

939 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},

940 {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},

941 {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},

942 --- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-29 19:56:04.846517045 +0000

943 +++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-29 19:56:04.965928855 +0000

944 @@ -354,6 +354,9 @@ SSL SSL_new(SSL_CTX ctx)

945 s->tlsext_ocsp_resplen = -1;

946 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);

947 s->initial_ctx=ctx;

948 +# ifndef OPENSSL_NO_NEXTPROTONEG

949 + s->next_proto_negotiated = NULL;

950 +# endif

951 #endif

952

953 s->verify_result=X509_V_OK;

954 @@ -587,6 +590,11 @@ void SSL_free(SSL *s)

955 kssl_ctx_free(s->kssl_ctx);

956 #endif /* OPENSSL_NO_KRB5 */

957

958 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

959 + if (s->next_proto_negotiated)

960 + OPENSSL_free(s->next_proto_negotiated);

961 +#endif

962 +

963 OPENSSL_free(s);

964 }

965

966 @@ -1503,6 +1511,124 @@ int SSL_get_servername_type(const SSL *s

967 return TLSEXT_NAMETYPE_host_name;

968 return -1;

969 }

970 +

971 +# ifndef OPENSSL_NO_NEXTPROTONEG

972 +/* SSL_select_next_proto implements the standard protocol selection. It is

973 + * expected that this function is called from the callback set by

974 + * SSL_CTX_set_next_proto_select_cb.

975 + *

976 + * The protocol data is assumed to be a vector of 8-bit, length prefixed byte

977 + * strings. The length byte itself is not included in the length. A byte

978 + * string of length 0 is invalid. No byte string may be truncated.

979 + *

980 + * The current, but experimental algorithm for selecting the protocol is:

981 + *

982 + * 1) If the server doesn't support NPN then this is indicated to the

983 + * callback. In this case, the client application has to abort the connection

984 + * or have a default application level protocol.

985 + *

986 + * 2) If the server supports NPN, but advertises an empty list then the

987 + * client selects the first protcol in its list, but indicates via the

988 + * API that this fallback case was enacted.

989 + *

990 + * 3) Otherwise, the client finds the first protocol in the server's list

991 + * that it supports and selects this protocol. This is because it's

992 + * assumed that the server has better information about which protocol

993 + * a client should use.

994 + *

995 + * 4) If the client doesn't support any of the server's advertised

996 + * protocols, then this is treated the same as case 2.

997 + *

998 + * It returns either

999 + * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or

1000 + * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.

1001 + */

1002 +int SSL_select_next_proto(unsigned char *out, unsigned char outlen, const uns igned char server, unsigned int server_len, const unsigned char client, unsign ed int client_len)

1003 + {

1004 + unsigned int i, j;

1005 + const unsigned char *result;

1006 + int status = OPENSSL_NPN_UNSUPPORTED;

1007 +

1008 + /* For each protocol in server preference order, see if we support it. * /

1009 + for (i = 0; i < server_len; )

1010 + {

1011 + for (j = 0; j < client_len; )

1012 + {

1013 + if (server[i] == client[j] &&

1014 + memcmp(&server[i+1], &client[j+1], server[i]) == 0)

1015 + {

1016 + /* We found a match */

1017 + result = &server[i];

1018 + status = OPENSSL_NPN_NEGOTIATED;

1019 + goto found;

1020 + }

1021 + j += client[j];

1022 + j++;

1023 + }

1024 + i += server[i];

1025 + i++;

1026 + }

1027 +

1028 + /* There's no overlap between our protocols and the server's list. */

1029 + result = client;

1030 + status = OPENSSL_NPN_NO_OVERLAP;

1031 +

1032 + found:

1033 + out = (unsigned char ) result + 1;

1034 + *outlen = result[0];

1035 + return status;

1036 + }

1037 +

1038 +/* SSL_get0_next_proto_negotiated sets data and len to point to the client's

1039 + * requested protocol for this connection and returns 0. If the client didn't

1040 + * request any protocol, then *data is set to NULL.

1041 + *

1042 + * Note that the client can request any protocol it chooses. The value returned

1043 + * from this function need not be a member of the list of supported protocols

1044 + * provided by the callback.

1045 + */

1046 +void SSL_get0_next_proto_negotiated(const SSL s, const unsigned char data, u nsigned len)

1047 + {

1048 + *data = s->next_proto_negotiated;

1049 + if (!*data) {

1050 + *len = 0;

1051 + } else {

1052 + *len = s->next_proto_negotiated_len;

1053 + }

1054 +}

1055 +

1056 +/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a

1057 + * TLS server needs a list of supported protocols for Next Protocol

1058 + * Negotiation. The returned list must be in wire format. The list is returned

1059 + * by setting \|out\| to point to it and \|outlen\| to its length. This memory will

1060 + * not be modified, but one should assume that the SSL* keeps a reference to

1061 + * it.

1062 + *

1063 + * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Othe rwise, no

1064 + * such extension will be included in the ServerHello. */

1065 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX ctx, int (cb) (SSL ssl, c onst unsigned char out, unsigned int outlen, void arg), void arg)

1066 + {

1067 + ctx->next_protos_advertised_cb = cb;

1068 + ctx->next_protos_advertised_cb_arg = arg;

1069 + }

1070 +

1071 +/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a

1072 + * client needs to select a protocol from the server's provided list. \|out\|

1073 + * must be set to point to the selected protocol (which may be within \|in\|).

1074 + * The length of the protocol name must be written into \|outlen\|. The server's

1075 + * advertised protocols are provided in \|in\| and \|inlen\|. The callback can

1076 + * assume that \|in\| is syntactically valid.

1077 + *

1078 + * The client must select a protocol. It is fatal to the connection if this

1079 + * callback returns a value other than SSL_TLSEXT_ERR_OK.

1080 + */

1081 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX ctx, int (cb) (SSL s, unsigned char out, unsigned char outlen, const unsigned char in, unsigned int inlen, void arg), void *arg)

1082 + {

1083 + ctx->next_proto_select_cb = cb;

1084 + ctx->next_proto_select_cb_arg = arg;

1085 + }

1086 +

1087 +# endif

1088 #endif

1089

1090 static unsigned long ssl_session_hash(const SSL_SESSION *a)

1091 @@ -1667,6 +1793,10 @@ SSL_CTX SSL_CTX_new(const SSL_METHOD m

1092 ret->tlsext_status_cb = 0;

1093 ret->tlsext_status_arg = NULL;

1094

1095 +# ifndef OPENSSL_NO_NEXTPROTONEG

1096 + ret->next_protos_advertised_cb = 0;

1097 + ret->next_proto_select_cb = 0;

1098 +# endif

1099 #endif

1100 #ifndef OPENSSL_NO_PSK

1101 ret->psk_identity_hint=NULL;

1102 --- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-29 19:56:04.846517045 +0000

1103 +++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-29 19:56:04.965928855 +0000

1104 @@ -968,6 +968,9 @@ int ssl3_get_server_certificate(SSL *s);

1105 int ssl3_check_cert_and_algorithm(SSL *s);

1106 #ifndef OPENSSL_NO_TLSEXT

1107 int ssl3_check_finished(SSL *s);

1108 +# ifndef OPENSSL_NO_NEXTPROTONEG

1109 +int ssl3_send_next_proto(SSL *s);

1110 +# endif

1111 #endif

1112

1113 int dtls1_client_hello(SSL *s);

1114 @@ -986,6 +989,9 @@ int ssl3_check_client_hello(SSL *s);

1115 int ssl3_get_client_certificate(SSL *s);

1116 int ssl3_get_client_key_exchange(SSL *s);

1117 int ssl3_get_cert_verify(SSL *s);

1118 +#ifndef OPENSSL_NO_NEXTPROTONEG

1119 +int ssl3_get_next_proto(SSL *s);

1120 +#endif

1121

1122 int dtls1_send_hello_request(SSL *s);

1123 int dtls1_send_server_hello(SSL *s);

1124 --- openssl-1.0.0b.orig/ssl/t1_lib.c 2010-11-16 13:26:24.000000000 +0000

1125 +++ openssl-1.0.0b/ssl/t1_lib.c 2010-11-29 19:56:04.965928855 +0000

1126 @@ -494,6 +494,18 @@ unsigned char *ssl_add_clienthello_tlsex

1127 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);

1128 }

1129

1130 +#ifndef OPENSSL_NO_NEXTPROTONEG

1131 + if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)

1132 + {

1133 + /* The client advertises an emtpy extension to indicate its

1134 + * support for Next Protocol Negotiation */

1135 + if (limit - ret - 4 < 0)

1136 + return NULL;

1137 + s2n(TLSEXT_TYPE_next_proto_neg,ret);

1138 + s2n(0,ret);

1139 + }

1140 +#endif

1141 +

1142 if ((extdatalen = ret-p-2)== 0)

1143 return p;

1144

1145 @@ -505,6 +517,9 @@ unsigned char *ssl_add_serverhello_tlsex

1146 {

1147 int extdatalen=0;

1148 unsigned char *ret = p;

1149 +#ifndef OPENSSL_NO_NEXTPROTONEG

1150 + int next_proto_neg_seen;

1151 +#endif

1152

1153 /* don't add extensions for SSLv3, unless doing secure renegotiation */

1154 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)

1155 @@ -618,6 +633,28 @@ unsigned char *ssl_add_serverhello_tlsex

1156

1157 }

1158

1159 +#ifndef OPENSSL_NO_NEXTPROTONEG

1160 + next_proto_neg_seen = s->s3->next_proto_neg_seen;

1161 + s->s3->next_proto_neg_seen = 0;

1162 + if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb)

1163 + {

1164 + const unsigned char *npa;

1165 + unsigned int npalen;

1166 + int r;

1167 +

1168 + r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx-> next_protos_advertised_cb_arg);

1169 + if (r == SSL_TLSEXT_ERR_OK)

1170 + {

1171 + if ((long)(limit - ret - 4 - npalen) < 0) return NULL;

1172 + s2n(TLSEXT_TYPE_next_proto_neg,ret);

1173 + s2n(npalen,ret);

1174 + memcpy(ret, npa, npalen);

1175 + ret += npalen;

1176 + s->s3->next_proto_neg_seen = 1;

1177 + }

1178 + }

1179 +#endif

1180 +

1181 if ((extdatalen = ret-p-2)== 0)

1182 return p;

1183

1184 @@ -982,6 +1019,28 @@ int ssl_parse_clienthello_tlsext(SSL *s,

1185 else

1186 s->tlsext_status_type = -1;

1187 }

1188 +#ifndef OPENSSL_NO_NEXTPROTONEG

1189 + else if (type == TLSEXT_TYPE_next_proto_neg &&

1190 + s->s3->tmp.finish_md_len == 0)

1191 + {

1192 + /* We shouldn't accept this extension on a

1193 + * renegotiation.

1194 + *

1195 + * s->new_session will be set on renegotiation, but we

1196 + * probably shouldn't rely that it couldn't be set on

1197 + * the initial renegotation too in certain cases (when

1198 + * there's some other reason to disallow resuming an

1199 + * earlier session -- the current code won't be doing

1200 + * anything like that, but this might change).

1201 +

1202 + * A valid sign that there's been a previous handshake

1203 + * in this connection is if s->s3->tmp.finish_md_len >

1204 + * 0. (We are talking about a check that will happen

1205 + * in the Hello protocol round, well before a new

1206 + * Finished message could have been computed.) */

1207 + s->s3->next_proto_neg_seen = 1;

1208 + }

1209 +#endif

1210

1211 /* session ticket processed earlier */

1212 data+=size;

1213 @@ -1005,6 +1064,26 @@ int ssl_parse_clienthello_tlsext(SSL *s,

1214 return 1;

1215 }

1216

1217 +#ifndef OPENSSL_NO_NEXTPROTONEG

1218 +/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No

1219 + * elements of zero length are allowed and the set of elements must exactly fil l

1220 + * the length of the block. */

1221 +static int ssl_next_proto_validate(unsigned char *d, unsigned len)

1222 + {

1223 + unsigned int off = 0;

1224 +

1225 + while (off < len)

1226 + {

1227 + if (d[off] == 0)

1228 + return 0;

1229 + off += d[off];

1230 + off++;

1231 + }

1232 +

1233 + return off == len;

1234 + }

1235 +#endif

1236 +

1237 int ssl_parse_serverhello_tlsext(SSL s, unsigned char p, unsigned char d, i nt n, int *al)

1238 {

1239 unsigned short length;

1240 @@ -1139,6 +1218,39 @@ int ssl_parse_serverhello_tlsext(SSL *s,

1241 /* Set flag to expect CertificateStatus message */

1242 s->tlsext_status_expected = 1;

1243 }

1244 +#ifndef OPENSSL_NO_NEXTPROTONEG

1245 + else if (type == TLSEXT_TYPE_next_proto_neg)

1246 + {

1247 + unsigned char *selected;

1248 + unsigned char selected_len;

1249 +

1250 + /* We must have requested it. */

1251 + if ((s->ctx->next_proto_select_cb == NULL))

1252 + {

1253 + *al = TLS1_AD_UNSUPPORTED_EXTENSION;

1254 + return 0;

1255 + }

1256 + /* The data must be valid */

1257 + if (!ssl_next_proto_validate(data, size))

1258 + {

1259 + *al = TLS1_AD_DECODE_ERROR;

1260 + return 0;

1261 + }

1262 + if (s->ctx->next_proto_select_cb(s, &selected, &selected _len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK)

1263 + {

1264 + *al = TLS1_AD_INTERNAL_ERROR;

1265 + return 0;

1266 + }

1267 + s->next_proto_negotiated = OPENSSL_malloc(selected_len);

1268 + if (!s->next_proto_negotiated)

1269 + {

1270 + *al = TLS1_AD_INTERNAL_ERROR;

1271 + return 0;

1272 + }

1273 + memcpy(s->next_proto_negotiated, selected, selected_len) ;

1274 + s->next_proto_negotiated_len = selected_len;

1275 + }

1276 +#endif

1277 else if (type == TLSEXT_TYPE_renegotiate)

1278 {

1279 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))

1280 --- openssl-1.0.0b.orig/ssl/tls1.h 2009-11-11 14:51:29.000000000 +0000

1281 +++ openssl-1.0.0b/ssl/tls1.h 2010-11-29 19:56:04.965928855 +0000

1282 @@ -204,6 +204,11 @@ extern "C" {

1283 /* Temporary extension type */

1284 #define TLSEXT_TYPE_renegotiate 0xff01

1285

1286 +#ifndef OPENSSL_NO_NEXTPROTONEG

1287 +/* This is not an IANA defined extension number */

1288 +#define TLSEXT_TYPE_next_proto_neg 13172

1289 +#endif

1290 +

1291 /* NameType value from RFC 3546 */

1292 #define TLSEXT_NAMETYPE_host_name 0

1293 /* status request value from RFC 3546 */

OLD	NEW

« patches/README ('K') | « patches/mips_private.patch ('k') | patches/openssl_no_dtls1.patch » ('j') | no next file with comments »