Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(214)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: patches/npn.patch

Issue 10911247: Upstream openssl to version 1.0.1c (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « patches/mips_private.patch ('k') | patches/openssl_no_dtls1.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 --- openssl-1.0.0b.orig/apps/apps.c 2010-11-11 14:42:19.000000000 +0000
2 +++ openssl-1.0.0b/apps/apps.c 2010-11-29 19:56:04.902465346 +0000
3 @@ -3012,3 +3012,46 @@ int raw_write_stdout(const void *buf,int
4 int raw_write_stdout(const void *buf,int siz)
5 { return write(fileno(stdout),buf,siz); }
6 #endif
7 +
8 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
9 +/* next_protos_parse parses a comma separated list of strings into a string
10 + * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
11 + * outlen: (output) set to the length of the resulting buffer on success.
12 + * in: a NUL termianted string like "abc,def,ghi"
13 + *
14 + * returns: a malloced buffer or NULL on failure.
15 + */
16 +unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
17 + {
18 + size_t len;
19 + unsigned char *out;
20 + size_t i, start = 0;
21 +
22 + len = strlen(in);
23 + if (len >= 65535)
24 + return NULL;
25 +
26 + out = OPENSSL_malloc(strlen(in) + 1);
27 + if (!out)
28 + return NULL;
29 +
30 + for (i = 0; i <= len; ++i)
31 + {
32 + if (i == len || in[i] == ',')
33 + {
34 + if (i - start > 255)
35 + {
36 + OPENSSL_free(out);
37 + return NULL;
38 + }
39 + out[start] = i - start;
40 + start = i + 1;
41 + }
42 + else
43 + out[i+1] = in[i];
44 + }
45 +
46 + *outlen = len + 1;
47 + return out;
48 + }
49 +#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
50 --- openssl-1.0.0b.orig/apps/apps.h 2009-10-31 13:34:19.000000000 +0000
51 +++ openssl-1.0.0b/apps/apps.h 2010-11-29 19:56:04.902465346 +0000
52 @@ -358,3 +358,7 @@ int raw_write_stdout(const void *,int);
53 #define TM_STOP 1
54 double app_tminterval (int stop,int usertime);
55 #endif
56 +
57 +#ifndef OPENSSL_NO_NEXTPROTONEG
58 +unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
59 +#endif
60 --- openssl-1.0.0b.orig/apps/s_client.c 2010-11-29 19:56:04.832465351 +0000
61 +++ openssl-1.0.0b/apps/s_client.c 2010-11-29 19:56:04.902465346 +0000
62 @@ -342,6 +342,9 @@ static void sc_usage(void)
63 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
64 BIO_printf(bio_err," -status - request certificate status from server\n");
65 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis sessi on tickets\n");
66 +# ifndef OPENSSL_NO_NEXTPROTONEG
67 + BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, consideri ng named protocols supported (comma-separated list)\n");
68 +# endif
69 BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n");
70 #endif
71 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego tiation (dangerous)\n");
72 @@ -367,6 +370,40 @@ static int MS_CALLBACK ssl_servername_cb
73
74 return SSL_TLSEXT_ERR_OK;
75 }
76 +
77 +# ifndef OPENSSL_NO_NEXTPROTONEG
78 +/* This the context that we pass to next_proto_cb */
79 +typedef struct tlsextnextprotoctx_st {
80 + unsigned char *data;
81 + unsigned short len;
82 + int status;
83 +} tlsextnextprotoctx;
84 +
85 +static tlsextnextprotoctx next_proto;
86 +
87 +static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, co nst unsigned char *in, unsigned int inlen, void *arg)
88 + {
89 + tlsextnextprotoctx *ctx = arg;
90 +
91 + if (!c_quiet)
92 + {
93 + /* We can assume that |in| is syntactically valid. */
94 + unsigned i;
95 + BIO_printf(bio_c_out, "Protocols advertised by server: ");
96 + for (i = 0; i < inlen; )
97 + {
98 + if (i)
99 + BIO_write(bio_c_out, ", ", 2);
100 + BIO_write(bio_c_out, &in[i + 1], in[i]);
101 + i += in[i] + 1;
102 + }
103 + BIO_write(bio_c_out, "\n", 1);
104 + }
105 +
106 + ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, c tx->len);
107 + return SSL_TLSEXT_ERR_OK;
108 + }
109 +# endif /* ndef OPENSSL_NO_NEXTPROTONEG */
110 #endif
111
112 enum
113 @@ -431,6 +468,9 @@ int MAIN(int argc, char **argv)
114 char *servername = NULL;
115 tlsextctx tlsextcbp =
116 {NULL,0};
117 +# ifndef OPENSSL_NO_NEXTPROTONEG
118 + const char *next_proto_neg_in = NULL;
119 +# endif
120 #endif
121 char *sess_in = NULL;
122 char *sess_out = NULL;
123 @@ -658,6 +698,13 @@ int MAIN(int argc, char **argv)
124 #ifndef OPENSSL_NO_TLSEXT
125 else if (strcmp(*argv,"-no_ticket") == 0)
126 { off|=SSL_OP_NO_TICKET; }
127 +# ifndef OPENSSL_NO_NEXTPROTONEG
128 + else if (strcmp(*argv,"-nextprotoneg") == 0)
129 + {
130 + if (--argc < 1) goto bad;
131 + next_proto_neg_in = *(++argv);
132 + }
133 +# endif
134 #endif
135 else if (strcmp(*argv,"-cutthrough") == 0)
136 cutthrough=1;
137 @@ -766,6 +813,21 @@ bad:
138 OpenSSL_add_ssl_algorithms();
139 SSL_load_error_strings();
140
141 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
142 + next_proto.status = -1;
143 + if (next_proto_neg_in)
144 + {
145 + next_proto.data = next_protos_parse(&next_proto.len, next_proto_ neg_in);
146 + if (next_proto.data == NULL)
147 + {
148 + BIO_printf(bio_err, "Error parsing -nextprotoneg argumen t\n");
149 + goto end;
150 + }
151 + }
152 + else
153 + next_proto.data = NULL;
154 +#endif
155 +
156 #ifndef OPENSSL_NO_ENGINE
157 e = setup_engine(bio_err, engine_id, 1);
158 if (ssl_client_engine_id)
159 @@ -896,6 +958,11 @@ bad:
160 SSL_CTX_set_mode(ctx, ssl_mode);
161 }
162
163 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
164 + if (next_proto.data)
165 + SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto );
166 +#endif
167 +
168 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
169 if (cipher != NULL)
170 if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
171 @@ -1755,6 +1822,18 @@ static void print_stuff(BIO *bio, SSL *s
172 BIO_printf(bio,"Expansion: %s\n",
173 expansion ? SSL_COMP_get_name(expansion) : "NONE");
174 #endif
175 +
176 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
177 + if (next_proto.status != -1) {
178 + const unsigned char *proto;
179 + unsigned int proto_len;
180 + SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
181 + BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
182 + BIO_write(bio, proto, proto_len);
183 + BIO_write(bio, "\n", 1);
184 + }
185 +#endif
186 +
187 SSL_SESSION_print(bio,SSL_get_session(s));
188 BIO_printf(bio,"---\n");
189 if (peer != NULL)
190 --- openssl-1.0.0b.orig/apps/s_server.c 2010-06-15 17:25:02.000000000 +0000
191 +++ openssl-1.0.0b/apps/s_server.c 2010-11-29 19:56:04.902465346 +0000
192 @@ -492,6 +492,9 @@ static void sv_usage(void)
193 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions rece ived\n");
194 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session t ickets\n");
195 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego tiation (dangerous)\n");
196 +# ifndef OPENSSL_NO_NEXTPROTONEG
197 + BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols fo r the NPN extension (comma-separated list)\n");
198 +# endif
199 #endif
200 }
201
202 @@ -826,6 +829,24 @@ BIO_printf(err, "cert_status: received %
203 ret = SSL_TLSEXT_ERR_ALERT_FATAL;
204 goto done;
205 }
206 +
207 +# ifndef OPENSSL_NO_NEXTPROTONEG
208 +/* This is the context that we pass to next_proto_cb */
209 +typedef struct tlsextnextprotoctx_st {
210 + unsigned char *data;
211 + unsigned int len;
212 +} tlsextnextprotoctx;
213 +
214 +static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
215 + {
216 + tlsextnextprotoctx *next_proto = arg;
217 +
218 + *data = next_proto->data;
219 + *len = next_proto->len;
220 +
221 + return SSL_TLSEXT_ERR_OK;
222 + }
223 +# endif /* ndef OPENSSL_NO_NPN */
224 #endif
225
226 int MAIN(int, char **);
227 @@ -867,6 +888,10 @@ int MAIN(int argc, char *argv[])
228 #endif
229 #ifndef OPENSSL_NO_TLSEXT
230 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
231 +# ifndef OPENSSL_NO_NEXTPROTONEG
232 + const char *next_proto_neg_in = NULL;
233 + tlsextnextprotoctx next_proto;
234 +# endif
235 #endif
236 #ifndef OPENSSL_NO_PSK
237 /* by default do not send a PSK identity hint */
238 @@ -1191,7 +1216,13 @@ int MAIN(int argc, char *argv[])
239 if (--argc < 1) goto bad;
240 s_key_file2= *(++argv);
241 }
242 -
243 +# ifndef OPENSSL_NO_NEXTPROTONEG
244 + else if (strcmp(*argv,"-nextprotoneg") == 0)
245 + {
246 + if (--argc < 1) goto bad;
247 + next_proto_neg_in = *(++argv);
248 + }
249 +# endif
250 #endif
251 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
252 else if (strcmp(*argv,"-jpake") == 0)
253 @@ -1476,6 +1507,11 @@ bad:
254 if (vpm)
255 SSL_CTX_set1_param(ctx2, vpm);
256 }
257 +
258 +# ifndef OPENSSL_NO_NEXTPROTONEG
259 + if (next_proto.data)
260 + SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_ proto);
261 +# endif
262 #endif
263
264 #ifndef OPENSSL_NO_DH
265 @@ -1617,6 +1653,21 @@ bad:
266 goto end;
267 }
268 }
269 +# ifndef OPENSSL_NO_NEXTPROTONEG
270 + if (next_proto_neg_in)
271 + {
272 + unsigned short len;
273 + next_proto.data = next_protos_parse(&len,
274 + next_proto_neg_in);
275 + if (next_proto.data == NULL)
276 + goto end;
277 + next_proto.len = len;
278 + }
279 + else
280 + {
281 + next_proto.data = NULL;
282 + }
283 +# endif
284 #endif
285 RSA_free(rsa);
286 BIO_printf(bio_s_out,"\n");
287 @@ -2159,6 +2210,10 @@ static int init_ssl_connection(SSL *con)
288 X509 *peer;
289 long verify_error;
290 MS_STATIC char buf[BUFSIZ];
291 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
292 + const unsigned char *next_proto_neg;
293 + unsigned next_proto_neg_len;
294 +#endif
295
296 if ((i=SSL_accept(con)) <= 0)
297 {
298 @@ -2198,6 +2253,15 @@ static int init_ssl_connection(SSL *con)
299 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
300 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
301 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
302 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
303 + SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len );
304 + if (next_proto_neg)
305 + {
306 + BIO_printf(bio_s_out,"NEXTPROTO is ");
307 + BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
308 + BIO_printf(bio_s_out, "\n");
309 + }
310 +#endif
311 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
312 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
313 TLS1_FLAGS_TLS_PADDING_BUG)
314 --- openssl-1.0.0b.orig/include/openssl/ssl.h 2010-11-29 19:56:04.846517045 +0 000
315 +++ openssl-1.0.0b/include/openssl/ssl.h 2010-11-29 19:56:04.965928855 +0 000
316 @@ -857,6 +857,25 @@ struct ssl_ctx_st
317 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
318 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t l en, void *arg);
319 void *tlsext_opaque_prf_input_callback_arg;
320 +
321 +# ifndef OPENSSL_NO_NEXTPROTONEG
322 + /* Next protocol negotiation information */
323 + /* (for experimental NPN extension). */
324 +
325 + /* For a server, this contains a callback function by which the set of
326 + * advertised protocols can be provided. */
327 + int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
328 + unsigned int *len, void *arg);
329 + void *next_protos_advertised_cb_arg;
330 + /* For a client, this contains a callback function that selects the
331 + * next protocol from the list provided by the server. */
332 + int (*next_proto_select_cb)(SSL *s, unsigned char **out,
333 + unsigned char *outlen,
334 + const unsigned char *in,
335 + unsigned int inlen,
336 + void *arg);
337 + void *next_proto_select_cb_arg;
338 +# endif
339 #endif
340
341 #ifndef OPENSSL_NO_PSK
342 @@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C
343 #endif
344 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
345 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
346 +#ifndef OPENSSL_NO_NEXTPROTONEG
347 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
348 + int (*cb) (SSL *ssl,
349 + const unsigned char **out,
350 + unsigned int *outlen,
351 + void *arg), void *arg);
352 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
353 + int (*cb) (SSL *ssl, unsigned char **out,
354 + unsigned char *outlen,
355 + const unsigned char *in,
356 + unsigned int inlen, void *arg),
357 + void *arg);
358 +
359 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
360 + const unsigned char *in, unsigned int inlen,
361 + const unsigned char *client, unsigned int client_len);
362 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
363 + unsigned *len);
364 +
365 +#define OPENSSL_NPN_UNSUPPORTED 0
366 +#define OPENSSL_NPN_NEGOTIATED 1
367 +#define OPENSSL_NPN_NO_OVERLAP 2
368 +
369 +#endif
370
371 #ifndef OPENSSL_NO_PSK
372 /* the maximum length of the buffer given to callbacks containing the
373 @@ -1187,6 +1230,19 @@ struct ssl_st
374 void *tls_session_secret_cb_arg;
375
376 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
377 +
378 +#ifndef OPENSSL_NO_NEXTPROTONEG
379 + /* Next protocol negotiation. For the client, this is the protocol that
380 + * we sent in NextProtocol and is set when handling ServerHello
381 + * extensions.
382 + *
383 + * For a server, this is the client's selected_protocol from
384 + * NextProtocol and is set when handling the NextProtocol message,
385 + * before the Finished message. */
386 + unsigned char *next_proto_negotiated;
387 + unsigned char next_proto_negotiated_len;
388 +#endif
389 +
390 #define session_ctx initial_ctx
391 #else
392 #define session_ctx ctx
393 @@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void);
394 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141
395 #define SSL_F_SSL3_GET_MESSAGE 142
396 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
397 +#define SSL_F_SSL3_GET_NEXT_PROTO 304
398 #define SSL_F_SSL3_GET_RECORD 143
399 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
400 #define SSL_F_SSL3_GET_SERVER_DONE 145
401 @@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void);
402 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
403 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153
404 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
405 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346
406 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347
407 #define SSL_R_HTTPS_PROXY_REQUEST 155
408 #define SSL_R_HTTP_REQUEST 156
409 #define SSL_R_ILLEGAL_PADDING 283
410 --- openssl-1.0.0b.orig/include/openssl/ssl3.h 2010-11-29 19:56:04.832465351 +0 000
411 +++ openssl-1.0.0b/include/openssl/ssl3.h 2010-11-29 19:56:04.965928855 +0 000
412 @@ -465,6 +465,12 @@ typedef struct ssl3_state_st
413 void *server_opaque_prf_input;
414 size_t server_opaque_prf_input_len;
415
416 +#ifndef OPENSSL_NO_NEXTPROTONEG
417 + /* Set if we saw the Next Protocol Negotiation extension from
418 + our peer. */
419 + int next_proto_neg_seen;
420 +#endif
421 +
422 struct {
423 /* actually only needs to be 16+20 */
424 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
425 @@ -557,6 +563,10 @@ typedef struct ssl3_state_st
426 #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
427 #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
428 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
429 +#ifndef OPENSSL_NO_NEXTPROTONEG
430 +#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
431 +#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
432 +#endif
433 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
434 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
435 /* read from server */
436 @@ -602,6 +612,10 @@ typedef struct ssl3_state_st
437 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
438 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
439 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
440 +#ifndef OPENSSL_NO_NEXTPROTONEG
441 +#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
442 +#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
443 +#endif
444 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
445 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
446 /* write to client */
447 @@ -626,6 +640,9 @@ typedef struct ssl3_state_st
448 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16
449 #define SSL3_MT_FINISHED 20
450 #define SSL3_MT_CERTIFICATE_STATUS 22
451 +#ifndef OPENSSL_NO_NEXTPROTONEG
452 +#define SSL3_MT_NEXT_PROTO 67
453 +#endif
454 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
455
456
457 --- openssl-1.0.0b.orig/include/openssl/tls1.h 2009-11-11 14:51:29.000000000 +0 000
458 +++ openssl-1.0.0b/include/openssl/tls1.h 2010-11-29 19:56:04.965928855 +0 000
459 @@ -204,6 +204,11 @@ extern "C" {
460 /* Temporary extension type */
461 #define TLSEXT_TYPE_renegotiate 0xff01
462
463 +#ifndef OPENSSL_NO_NEXTPROTONEG
464 +/* This is not an IANA defined extension number */
465 +#define TLSEXT_TYPE_next_proto_neg 13172
466 +#endif
467 +
468 /* NameType value from RFC 3546 */
469 #define TLSEXT_NAMETYPE_host_name 0
470 /* status request value from RFC 3546 */
471 --- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-29 19:56:04.846517045 +0000
472 +++ openssl-1.0.0b/ssl/s3_both.c 2010-11-29 19:56:04.965928855 +0000
473 @@ -202,15 +202,40 @@ int ssl3_send_finished(SSL *s, int a, in
474 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
475 }
476
477 +#ifndef OPENSSL_NO_NEXTPROTONEG
478 +/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen t o far. */
479 +static void ssl3_take_mac(SSL *s)
480 + {
481 + const char *sender;
482 + int slen;
483 +
484 + if (s->state & SSL_ST_CONNECT)
485 + {
486 + sender=s->method->ssl3_enc->server_finished_label;
487 + slen=s->method->ssl3_enc->server_finished_label_len;
488 + }
489 + else
490 + {
491 + sender=s->method->ssl3_enc->client_finished_label;
492 + slen=s->method->ssl3_enc->client_finished_label_len;
493 + }
494 +
495 + s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
496 + sender,slen,s->s3->tmp.peer_finish_md);
497 + }
498 +#endif
499 +
500 int ssl3_get_finished(SSL *s, int a, int b)
501 {
502 int al,i,ok;
503 long n;
504 unsigned char *p;
505
506 +#ifdef OPENSSL_NO_NEXTPROTONEG
507 /* the mac has already been generated when we received the
508 * change cipher spec message and is in s->s3->tmp.peer_finish_md
509 */
510 +#endif
511
512 n=s->method->ssl_get_message(s,
513 a,
514 @@ -521,6 +546,15 @@ long ssl3_get_message(SSL *s, int st1, i
515 s->init_num += i;
516 n -= i;
517 }
518 +
519 +#ifndef OPENSSL_NO_NEXTPROTONEG
520 + /* If receiving Finished, record MAC of prior handshake messages for
521 + * Finished verification. */
522 + if (*s->init_buf->data == SSL3_MT_FINISHED)
523 + ssl3_take_mac(s);
524 +#endif
525 +
526 + /* Feed this message into MAC computation. */
527 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
528 if (s->msg_callback)
529 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d ata, (size_t)s->init_num + 4, s, s->msg_callback_arg);
530 --- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-29 19:56:04.846517045 +0000
531 +++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-29 19:56:04.965928855 +0000
532 @@ -435,7 +435,16 @@ int ssl3_connect(SSL *s)
533 ret=ssl3_send_change_cipher_spec(s,
534 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
535 if (ret <= 0) goto end;
536 +
537 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
538 s->state=SSL3_ST_CW_FINISHED_A;
539 +#else
540 + if (s->next_proto_negotiated)
541 + s->state=SSL3_ST_CW_NEXT_PROTO_A;
542 + else
543 + s->state=SSL3_ST_CW_FINISHED_A;
544 +#endif
545 +
546 s->init_num=0;
547
548 s->session->cipher=s->s3->tmp.new_cipher;
549 @@ -463,6 +472,15 @@ int ssl3_connect(SSL *s)
550
551 break;
552
553 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
554 + case SSL3_ST_CW_NEXT_PROTO_A:
555 + case SSL3_ST_CW_NEXT_PROTO_B:
556 + ret=ssl3_send_next_proto(s);
557 + if (ret <= 0) goto end;
558 + s->state=SSL3_ST_CW_FINISHED_A;
559 + break;
560 +#endif
561 +
562 case SSL3_ST_CW_FINISHED_A:
563 case SSL3_ST_CW_FINISHED_B:
564 ret=ssl3_send_finished(s,
565 @@ -3060,6 +3078,32 @@ err:
566 */
567
568 #ifndef OPENSSL_NO_TLSEXT
569 +# ifndef OPENSSL_NO_NEXTPROTONEG
570 +int ssl3_send_next_proto(SSL *s)
571 + {
572 + unsigned int len, padding_len;
573 + unsigned char *d;
574 +
575 + if (s->state == SSL3_ST_CW_NEXT_PROTO_A)
576 + {
577 + len = s->next_proto_negotiated_len;
578 + padding_len = 32 - ((len + 2) % 32);
579 + d = (unsigned char *)s->init_buf->data;
580 + d[4] = len;
581 + memcpy(d + 5, s->next_proto_negotiated, len);
582 + d[5 + len] = padding_len;
583 + memset(d + 6 + len, 0, padding_len);
584 + *(d++)=SSL3_MT_NEXT_PROTO;
585 + l2n3(2 + len + padding_len, d);
586 + s->state = SSL3_ST_CW_NEXT_PROTO_B;
587 + s->init_num = 4 + 2 + len + padding_len;
588 + s->init_off = 0;
589 + }
590 +
591 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
592 + }
593 +# endif
594 +
595 int ssl3_check_finished(SSL *s)
596 {
597 int ok;
598 --- openssl-1.0.0b.orig/ssl/s3_lib.c 2010-11-29 19:56:04.832465351 +0000
599 +++ openssl-1.0.0b/ssl/s3_lib.c 2010-11-29 19:56:04.965928855 +0000
600 @@ -2230,6 +2230,15 @@ void ssl3_clear(SSL *s)
601 s->s3->num_renegotiations=0;
602 s->s3->in_read_app_data=0;
603 s->version=SSL3_VERSION;
604 +
605 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
606 + if (s->next_proto_negotiated)
607 + {
608 + OPENSSL_free(s->next_proto_negotiated);
609 + s->next_proto_negotiated = NULL;
610 + s->next_proto_negotiated_len = 0;
611 + }
612 +#endif
613 }
614
615 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
616 --- openssl-1.0.0b.orig/ssl/s3_pkt.c 2010-11-29 19:56:04.832465351 +0000
617 +++ openssl-1.0.0b/ssl/s3_pkt.c 2010-11-29 19:56:04.965928855 +0000
618 @@ -1394,8 +1394,10 @@ err:
619 int ssl3_do_change_cipher_spec(SSL *s)
620 {
621 int i;
622 +#ifdef OPENSSL_NO_NEXTPROTONEG
623 const char *sender;
624 int slen;
625 +#endif
626
627 if (s->state & SSL_ST_ACCEPT)
628 i=SSL3_CHANGE_CIPHER_SERVER_READ;
629 @@ -1418,6 +1420,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
630 if (!s->method->ssl3_enc->change_cipher_state(s,i))
631 return(0);
632
633 +#ifdef OPENSSL_NO_NEXTPROTONEG
634 /* we have to record the message digest at
635 * this point so we can get it before we read
636 * the finished message */
637 @@ -1434,6 +1437,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
638
639 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
640 sender,slen,s->s3->tmp.peer_finish_md);
641 +#endif
642
643 return(1);
644 }
645 --- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-29 19:56:04.846517045 +0000
646 +++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-29 19:56:04.965928855 +0000
647 @@ -538,7 +538,14 @@ int ssl3_accept(SSL *s)
648 * the client uses its key from the certificate
649 * for key exchange.
650 */
651 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
652 s->state=SSL3_ST_SR_FINISHED_A;
653 +#else
654 + if (s->s3->next_proto_neg_seen)
655 + s->state=SSL3_ST_SR_NEXT_PROTO_A;
656 + else
657 + s->state=SSL3_ST_SR_FINISHED_A;
658 +#endif
659 s->init_num = 0;
660 }
661 else
662 @@ -581,10 +588,27 @@ int ssl3_accept(SSL *s)
663 ret=ssl3_get_cert_verify(s);
664 if (ret <= 0) goto end;
665
666 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
667 s->state=SSL3_ST_SR_FINISHED_A;
668 +#else
669 + if (s->s3->next_proto_neg_seen)
670 + s->state=SSL3_ST_SR_NEXT_PROTO_A;
671 + else
672 + s->state=SSL3_ST_SR_FINISHED_A;
673 +#endif
674 s->init_num=0;
675 break;
676
677 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
678 + case SSL3_ST_SR_NEXT_PROTO_A:
679 + case SSL3_ST_SR_NEXT_PROTO_B:
680 + ret=ssl3_get_next_proto(s);
681 + if (ret <= 0) goto end;
682 + s->init_num = 0;
683 + s->state=SSL3_ST_SR_FINISHED_A;
684 + break;
685 +#endif
686 +
687 case SSL3_ST_SR_FINISHED_A:
688 case SSL3_ST_SR_FINISHED_B:
689 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
690 @@ -655,7 +679,16 @@ int ssl3_accept(SSL *s)
691 if (ret <= 0) goto end;
692 s->state=SSL3_ST_SW_FLUSH;
693 if (s->hit)
694 + {
695 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
696 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
697 +#else
698 + if (s->s3->next_proto_neg_seen)
699 + s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PR OTO_A;
700 + else
701 + s->s3->tmp.next_state=SSL3_ST_SR_FINISHE D_A;
702 +#endif
703 + }
704 else
705 s->s3->tmp.next_state=SSL_ST_OK;
706 s->init_num=0;
707 @@ -3196,4 +3229,72 @@ int ssl3_send_cert_status(SSL *s)
708 /* SSL3_ST_SW_CERT_STATUS_B */
709 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
710 }
711 +
712 +# ifndef OPENSSL_NO_NPN
713 +/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
714 + * sets the next_proto member in s if found */
715 +int ssl3_get_next_proto(SSL *s)
716 + {
717 + int ok;
718 + unsigned proto_len, padding_len;
719 + long n;
720 + const unsigned char *p;
721 +
722 + /* Clients cannot send a NextProtocol message if we didn't see the
723 + * extension in their ClientHello */
724 + if (!s->s3->next_proto_neg_seen)
725 + {
726 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EX TENSION);
727 + return -1;
728 + }
729 +
730 + n=s->method->ssl_get_message(s,
731 + SSL3_ST_SR_NEXT_PROTO_A,
732 + SSL3_ST_SR_NEXT_PROTO_B,
733 + SSL3_MT_NEXT_PROTO,
734 + 514, /* See the payload format below */
735 + &ok);
736 +
737 + if (!ok)
738 + return((int)n);
739 +
740 + /* s->state doesn't reflect whether ChangeCipherSpec has been received
741 + * in this handshake, but s->s3->change_cipher_spec does (will be reset
742 + * by ssl3_get_finished). */
743 + if (!s->s3->change_cipher_spec)
744 + {
745 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_C CS);
746 + return -1;
747 + }
748 +
749 + if (n < 2)
750 + return 0; /* The body must be > 1 bytes long */
751 +
752 + p=(unsigned char *)s->init_msg;
753 +
754 + /* The payload looks like:
755 + * uint8 proto_len;
756 + * uint8 proto[proto_len];
757 + * uint8 padding_len;
758 + * uint8 padding[padding_len];
759 + */
760 + proto_len = p[0];
761 + if (proto_len + 2 > s->init_num)
762 + return 0;
763 + padding_len = p[proto_len + 1];
764 + if (proto_len + padding_len + 2 != s->init_num)
765 + return 0;
766 +
767 + s->next_proto_negotiated = OPENSSL_malloc(proto_len);
768 + if (!s->next_proto_negotiated)
769 + {
770 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE);
771 + return 0;
772 + }
773 + memcpy(s->next_proto_negotiated, p + 1, proto_len);
774 + s->next_proto_negotiated_len = proto_len;
775 +
776 + return 1;
777 + }
778 +# endif
779 #endif
780 --- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-29 19:56:04.846517045 +0000
781 +++ openssl-1.0.0b/ssl/ssl.h 2010-11-29 19:56:04.965928855 +0000
782 @@ -857,6 +857,25 @@ struct ssl_ctx_st
783 /* draft-rescorla-tls-opaque-prf-input-00.txt information */
784 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t l en, void *arg);
785 void *tlsext_opaque_prf_input_callback_arg;
786 +
787 +# ifndef OPENSSL_NO_NEXTPROTONEG
788 + /* Next protocol negotiation information */
789 + /* (for experimental NPN extension). */
790 +
791 + /* For a server, this contains a callback function by which the set of
792 + * advertised protocols can be provided. */
793 + int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
794 + unsigned int *len, void *arg);
795 + void *next_protos_advertised_cb_arg;
796 + /* For a client, this contains a callback function that selects the
797 + * next protocol from the list provided by the server. */
798 + int (*next_proto_select_cb)(SSL *s, unsigned char **out,
799 + unsigned char *outlen,
800 + const unsigned char *in,
801 + unsigned int inlen,
802 + void *arg);
803 + void *next_proto_select_cb_arg;
804 +# endif
805 #endif
806
807 #ifndef OPENSSL_NO_PSK
808 @@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C
809 #endif
810 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
811 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
812 +#ifndef OPENSSL_NO_NEXTPROTONEG
813 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
814 + int (*cb) (SSL *ssl,
815 + const unsigned char **out,
816 + unsigned int *outlen,
817 + void *arg), void *arg);
818 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
819 + int (*cb) (SSL *ssl, unsigned char **out,
820 + unsigned char *outlen,
821 + const unsigned char *in,
822 + unsigned int inlen, void *arg),
823 + void *arg);
824 +
825 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
826 + const unsigned char *in, unsigned int inlen,
827 + const unsigned char *client, unsigned int client_len);
828 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
829 + unsigned *len);
830 +
831 +#define OPENSSL_NPN_UNSUPPORTED 0
832 +#define OPENSSL_NPN_NEGOTIATED 1
833 +#define OPENSSL_NPN_NO_OVERLAP 2
834 +
835 +#endif
836
837 #ifndef OPENSSL_NO_PSK
838 /* the maximum length of the buffer given to callbacks containing the
839 @@ -1187,6 +1230,19 @@ struct ssl_st
840 void *tls_session_secret_cb_arg;
841
842 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
843 +
844 +#ifndef OPENSSL_NO_NEXTPROTONEG
845 + /* Next protocol negotiation. For the client, this is the protocol that
846 + * we sent in NextProtocol and is set when handling ServerHello
847 + * extensions.
848 + *
849 + * For a server, this is the client's selected_protocol from
850 + * NextProtocol and is set when handling the NextProtocol message,
851 + * before the Finished message. */
852 + unsigned char *next_proto_negotiated;
853 + unsigned char next_proto_negotiated_len;
854 +#endif
855 +
856 #define session_ctx initial_ctx
857 #else
858 #define session_ctx ctx
859 @@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void);
860 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141
861 #define SSL_F_SSL3_GET_MESSAGE 142
862 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
863 +#define SSL_F_SSL3_GET_NEXT_PROTO 304
864 #define SSL_F_SSL3_GET_RECORD 143
865 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
866 #define SSL_F_SSL3_GET_SERVER_DONE 145
867 @@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void);
868 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
869 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153
870 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
871 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346
872 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347
873 #define SSL_R_HTTPS_PROXY_REQUEST 155
874 #define SSL_R_HTTP_REQUEST 156
875 #define SSL_R_ILLEGAL_PADDING 283
876 --- openssl-1.0.0b.orig/ssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000
877 +++ openssl-1.0.0b/ssl/ssl3.h 2010-11-29 19:56:04.965928855 +0000
878 @@ -465,6 +465,12 @@ typedef struct ssl3_state_st
879 void *server_opaque_prf_input;
880 size_t server_opaque_prf_input_len;
881
882 +#ifndef OPENSSL_NO_NEXTPROTONEG
883 + /* Set if we saw the Next Protocol Negotiation extension from
884 + our peer. */
885 + int next_proto_neg_seen;
886 +#endif
887 +
888 struct {
889 /* actually only needs to be 16+20 */
890 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
891 @@ -557,6 +563,10 @@ typedef struct ssl3_state_st
892 #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
893 #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
894 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
895 +#ifndef OPENSSL_NO_NEXTPROTONEG
896 +#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
897 +#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
898 +#endif
899 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
900 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
901 /* read from server */
902 @@ -602,6 +612,10 @@ typedef struct ssl3_state_st
903 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
904 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
905 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
906 +#ifndef OPENSSL_NO_NEXTPROTONEG
907 +#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
908 +#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
909 +#endif
910 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
911 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
912 /* write to client */
913 @@ -626,6 +640,9 @@ typedef struct ssl3_state_st
914 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16
915 #define SSL3_MT_FINISHED 20
916 #define SSL3_MT_CERTIFICATE_STATUS 22
917 +#ifndef OPENSSL_NO_NEXTPROTONEG
918 +#define SSL3_MT_NEXT_PROTO 67
919 +#endif
920 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3
921
922
923 --- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-29 19:56:04.846517045 +0000
924 +++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-29 19:56:04.965928855 +0000
925 @@ -155,6 +155,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
926 {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
927 {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
928 {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
929 +{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},
930 {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
931 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
932 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
933 @@ -355,6 +356,8 @@ static ERR_STRING_DATA SSL_str_reasons[]
934 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
935 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
936 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
937 +{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},
938 +{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without see ing extension"},
939 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
940 {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
941 {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
942 --- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-29 19:56:04.846517045 +0000
943 +++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-29 19:56:04.965928855 +0000
944 @@ -354,6 +354,9 @@ SSL *SSL_new(SSL_CTX *ctx)
945 s->tlsext_ocsp_resplen = -1;
946 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
947 s->initial_ctx=ctx;
948 +# ifndef OPENSSL_NO_NEXTPROTONEG
949 + s->next_proto_negotiated = NULL;
950 +# endif
951 #endif
952
953 s->verify_result=X509_V_OK;
954 @@ -587,6 +590,11 @@ void SSL_free(SSL *s)
955 kssl_ctx_free(s->kssl_ctx);
956 #endif /* OPENSSL_NO_KRB5 */
957
958 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
959 + if (s->next_proto_negotiated)
960 + OPENSSL_free(s->next_proto_negotiated);
961 +#endif
962 +
963 OPENSSL_free(s);
964 }
965
966 @@ -1503,6 +1511,124 @@ int SSL_get_servername_type(const SSL *s
967 return TLSEXT_NAMETYPE_host_name;
968 return -1;
969 }
970 +
971 +# ifndef OPENSSL_NO_NEXTPROTONEG
972 +/* SSL_select_next_proto implements the standard protocol selection. It is
973 + * expected that this function is called from the callback set by
974 + * SSL_CTX_set_next_proto_select_cb.
975 + *
976 + * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
977 + * strings. The length byte itself is not included in the length. A byte
978 + * string of length 0 is invalid. No byte string may be truncated.
979 + *
980 + * The current, but experimental algorithm for selecting the protocol is:
981 + *
982 + * 1) If the server doesn't support NPN then this is indicated to the
983 + * callback. In this case, the client application has to abort the connection
984 + * or have a default application level protocol.
985 + *
986 + * 2) If the server supports NPN, but advertises an empty list then the
987 + * client selects the first protcol in its list, but indicates via the
988 + * API that this fallback case was enacted.
989 + *
990 + * 3) Otherwise, the client finds the first protocol in the server's list
991 + * that it supports and selects this protocol. This is because it's
992 + * assumed that the server has better information about which protocol
993 + * a client should use.
994 + *
995 + * 4) If the client doesn't support any of the server's advertised
996 + * protocols, then this is treated the same as case 2.
997 + *
998 + * It returns either
999 + * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
1000 + * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
1001 + */
1002 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const uns igned char *server, unsigned int server_len, const unsigned char *client, unsign ed int client_len)
1003 + {
1004 + unsigned int i, j;
1005 + const unsigned char *result;
1006 + int status = OPENSSL_NPN_UNSUPPORTED;
1007 +
1008 + /* For each protocol in server preference order, see if we support it. * /
1009 + for (i = 0; i < server_len; )
1010 + {
1011 + for (j = 0; j < client_len; )
1012 + {
1013 + if (server[i] == client[j] &&
1014 + memcmp(&server[i+1], &client[j+1], server[i]) == 0)
1015 + {
1016 + /* We found a match */
1017 + result = &server[i];
1018 + status = OPENSSL_NPN_NEGOTIATED;
1019 + goto found;
1020 + }
1021 + j += client[j];
1022 + j++;
1023 + }
1024 + i += server[i];
1025 + i++;
1026 + }
1027 +
1028 + /* There's no overlap between our protocols and the server's list. */
1029 + result = client;
1030 + status = OPENSSL_NPN_NO_OVERLAP;
1031 +
1032 + found:
1033 + *out = (unsigned char *) result + 1;
1034 + *outlen = result[0];
1035 + return status;
1036 + }
1037 +
1038 +/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
1039 + * requested protocol for this connection and returns 0. If the client didn't
1040 + * request any protocol, then *data is set to NULL.
1041 + *
1042 + * Note that the client can request any protocol it chooses. The value returned
1043 + * from this function need not be a member of the list of supported protocols
1044 + * provided by the callback.
1045 + */
1046 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, u nsigned *len)
1047 + {
1048 + *data = s->next_proto_negotiated;
1049 + if (!*data) {
1050 + *len = 0;
1051 + } else {
1052 + *len = s->next_proto_negotiated_len;
1053 + }
1054 +}
1055 +
1056 +/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
1057 + * TLS server needs a list of supported protocols for Next Protocol
1058 + * Negotiation. The returned list must be in wire format. The list is returned
1059 + * by setting |out| to point to it and |outlen| to its length. This memory will
1060 + * not be modified, but one should assume that the SSL* keeps a reference to
1061 + * it.
1062 + *
1063 + * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Othe rwise, no
1064 + * such extension will be included in the ServerHello. */
1065 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, c onst unsigned char **out, unsigned int *outlen, void *arg), void *arg)
1066 + {
1067 + ctx->next_protos_advertised_cb = cb;
1068 + ctx->next_protos_advertised_cb_arg = arg;
1069 + }
1070 +
1071 +/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
1072 + * client needs to select a protocol from the server's provided list. |out|
1073 + * must be set to point to the selected protocol (which may be within |in|).
1074 + * The length of the protocol name must be written into |outlen|. The server's
1075 + * advertised protocols are provided in |in| and |inlen|. The callback can
1076 + * assume that |in| is syntactically valid.
1077 + *
1078 + * The client must select a protocol. It is fatal to the connection if this
1079 + * callback returns a value other than SSL_TLSEXT_ERR_OK.
1080 + */
1081 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
1082 + {
1083 + ctx->next_proto_select_cb = cb;
1084 + ctx->next_proto_select_cb_arg = arg;
1085 + }
1086 +
1087 +# endif
1088 #endif
1089
1090 static unsigned long ssl_session_hash(const SSL_SESSION *a)
1091 @@ -1667,6 +1793,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
1092 ret->tlsext_status_cb = 0;
1093 ret->tlsext_status_arg = NULL;
1094
1095 +# ifndef OPENSSL_NO_NEXTPROTONEG
1096 + ret->next_protos_advertised_cb = 0;
1097 + ret->next_proto_select_cb = 0;
1098 +# endif
1099 #endif
1100 #ifndef OPENSSL_NO_PSK
1101 ret->psk_identity_hint=NULL;
1102 --- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-29 19:56:04.846517045 +0000
1103 +++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-29 19:56:04.965928855 +0000
1104 @@ -968,6 +968,9 @@ int ssl3_get_server_certificate(SSL *s);
1105 int ssl3_check_cert_and_algorithm(SSL *s);
1106 #ifndef OPENSSL_NO_TLSEXT
1107 int ssl3_check_finished(SSL *s);
1108 +# ifndef OPENSSL_NO_NEXTPROTONEG
1109 +int ssl3_send_next_proto(SSL *s);
1110 +# endif
1111 #endif
1112
1113 int dtls1_client_hello(SSL *s);
1114 @@ -986,6 +989,9 @@ int ssl3_check_client_hello(SSL *s);
1115 int ssl3_get_client_certificate(SSL *s);
1116 int ssl3_get_client_key_exchange(SSL *s);
1117 int ssl3_get_cert_verify(SSL *s);
1118 +#ifndef OPENSSL_NO_NEXTPROTONEG
1119 +int ssl3_get_next_proto(SSL *s);
1120 +#endif
1121
1122 int dtls1_send_hello_request(SSL *s);
1123 int dtls1_send_server_hello(SSL *s);
1124 --- openssl-1.0.0b.orig/ssl/t1_lib.c 2010-11-16 13:26:24.000000000 +0000
1125 +++ openssl-1.0.0b/ssl/t1_lib.c 2010-11-29 19:56:04.965928855 +0000
1126 @@ -494,6 +494,18 @@ unsigned char *ssl_add_clienthello_tlsex
1127 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
1128 }
1129
1130 +#ifndef OPENSSL_NO_NEXTPROTONEG
1131 + if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
1132 + {
1133 + /* The client advertises an emtpy extension to indicate its
1134 + * support for Next Protocol Negotiation */
1135 + if (limit - ret - 4 < 0)
1136 + return NULL;
1137 + s2n(TLSEXT_TYPE_next_proto_neg,ret);
1138 + s2n(0,ret);
1139 + }
1140 +#endif
1141 +
1142 if ((extdatalen = ret-p-2)== 0)
1143 return p;
1144
1145 @@ -505,6 +517,9 @@ unsigned char *ssl_add_serverhello_tlsex
1146 {
1147 int extdatalen=0;
1148 unsigned char *ret = p;
1149 +#ifndef OPENSSL_NO_NEXTPROTONEG
1150 + int next_proto_neg_seen;
1151 +#endif
1152
1153 /* don't add extensions for SSLv3, unless doing secure renegotiation */
1154 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
1155 @@ -618,6 +633,28 @@ unsigned char *ssl_add_serverhello_tlsex
1156
1157 }
1158
1159 +#ifndef OPENSSL_NO_NEXTPROTONEG
1160 + next_proto_neg_seen = s->s3->next_proto_neg_seen;
1161 + s->s3->next_proto_neg_seen = 0;
1162 + if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb)
1163 + {
1164 + const unsigned char *npa;
1165 + unsigned int npalen;
1166 + int r;
1167 +
1168 + r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx-> next_protos_advertised_cb_arg);
1169 + if (r == SSL_TLSEXT_ERR_OK)
1170 + {
1171 + if ((long)(limit - ret - 4 - npalen) < 0) return NULL;
1172 + s2n(TLSEXT_TYPE_next_proto_neg,ret);
1173 + s2n(npalen,ret);
1174 + memcpy(ret, npa, npalen);
1175 + ret += npalen;
1176 + s->s3->next_proto_neg_seen = 1;
1177 + }
1178 + }
1179 +#endif
1180 +
1181 if ((extdatalen = ret-p-2)== 0)
1182 return p;
1183
1184 @@ -982,6 +1019,28 @@ int ssl_parse_clienthello_tlsext(SSL *s,
1185 else
1186 s->tlsext_status_type = -1;
1187 }
1188 +#ifndef OPENSSL_NO_NEXTPROTONEG
1189 + else if (type == TLSEXT_TYPE_next_proto_neg &&
1190 + s->s3->tmp.finish_md_len == 0)
1191 + {
1192 + /* We shouldn't accept this extension on a
1193 + * renegotiation.
1194 + *
1195 + * s->new_session will be set on renegotiation, but we
1196 + * probably shouldn't rely that it couldn't be set on
1197 + * the initial renegotation too in certain cases (when
1198 + * there's some other reason to disallow resuming an
1199 + * earlier session -- the current code won't be doing
1200 + * anything like that, but this might change).
1201 +
1202 + * A valid sign that there's been a previous handshake
1203 + * in this connection is if s->s3->tmp.finish_md_len >
1204 + * 0. (We are talking about a check that will happen
1205 + * in the Hello protocol round, well before a new
1206 + * Finished message could have been computed.) */
1207 + s->s3->next_proto_neg_seen = 1;
1208 + }
1209 +#endif
1210
1211 /* session ticket processed earlier */
1212 data+=size;
1213 @@ -1005,6 +1064,26 @@ int ssl_parse_clienthello_tlsext(SSL *s,
1214 return 1;
1215 }
1216
1217 +#ifndef OPENSSL_NO_NEXTPROTONEG
1218 +/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
1219 + * elements of zero length are allowed and the set of elements must exactly fil l
1220 + * the length of the block. */
1221 +static int ssl_next_proto_validate(unsigned char *d, unsigned len)
1222 + {
1223 + unsigned int off = 0;
1224 +
1225 + while (off < len)
1226 + {
1227 + if (d[off] == 0)
1228 + return 0;
1229 + off += d[off];
1230 + off++;
1231 + }
1232 +
1233 + return off == len;
1234 + }
1235 +#endif
1236 +
1237 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, i nt n, int *al)
1238 {
1239 unsigned short length;
1240 @@ -1139,6 +1218,39 @@ int ssl_parse_serverhello_tlsext(SSL *s,
1241 /* Set flag to expect CertificateStatus message */
1242 s->tlsext_status_expected = 1;
1243 }
1244 +#ifndef OPENSSL_NO_NEXTPROTONEG
1245 + else if (type == TLSEXT_TYPE_next_proto_neg)
1246 + {
1247 + unsigned char *selected;
1248 + unsigned char selected_len;
1249 +
1250 + /* We must have requested it. */
1251 + if ((s->ctx->next_proto_select_cb == NULL))
1252 + {
1253 + *al = TLS1_AD_UNSUPPORTED_EXTENSION;
1254 + return 0;
1255 + }
1256 + /* The data must be valid */
1257 + if (!ssl_next_proto_validate(data, size))
1258 + {
1259 + *al = TLS1_AD_DECODE_ERROR;
1260 + return 0;
1261 + }
1262 + if (s->ctx->next_proto_select_cb(s, &selected, &selected _len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK)
1263 + {
1264 + *al = TLS1_AD_INTERNAL_ERROR;
1265 + return 0;
1266 + }
1267 + s->next_proto_negotiated = OPENSSL_malloc(selected_len);
1268 + if (!s->next_proto_negotiated)
1269 + {
1270 + *al = TLS1_AD_INTERNAL_ERROR;
1271 + return 0;
1272 + }
1273 + memcpy(s->next_proto_negotiated, selected, selected_len) ;
1274 + s->next_proto_negotiated_len = selected_len;
1275 + }
1276 +#endif
1277 else if (type == TLSEXT_TYPE_renegotiate)
1278 {
1279 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
1280 --- openssl-1.0.0b.orig/ssl/tls1.h 2009-11-11 14:51:29.000000000 +0000
1281 +++ openssl-1.0.0b/ssl/tls1.h 2010-11-29 19:56:04.965928855 +0000
1282 @@ -204,6 +204,11 @@ extern "C" {
1283 /* Temporary extension type */
1284 #define TLSEXT_TYPE_renegotiate 0xff01
1285
1286 +#ifndef OPENSSL_NO_NEXTPROTONEG
1287 +/* This is not an IANA defined extension number */
1288 +#define TLSEXT_TYPE_next_proto_neg 13172
1289 +#endif
1290 +
1291 /* NameType value from RFC 3546 */
1292 #define TLSEXT_NAMETYPE_host_name 0
1293 /* status request value from RFC 3546 */
OLDNEW
« no previous file with comments | « patches/mips_private.patch ('k') | patches/openssl_no_dtls1.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698