OLD | NEW |
| (Empty) |
1 --- openssl-1.0.0b.orig/apps/apps.c 2010-11-11 14:42:19.000000000 +0000 | |
2 +++ openssl-1.0.0b/apps/apps.c 2010-11-29 19:56:04.902465346 +0000 | |
3 @@ -3012,3 +3012,46 @@ int raw_write_stdout(const void *buf,int | |
4 int raw_write_stdout(const void *buf,int siz) | |
5 { return write(fileno(stdout),buf,siz); } | |
6 #endif | |
7 + | |
8 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
9 +/* next_protos_parse parses a comma separated list of strings into a string | |
10 + * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. | |
11 + * outlen: (output) set to the length of the resulting buffer on success. | |
12 + * in: a NUL termianted string like "abc,def,ghi" | |
13 + * | |
14 + * returns: a malloced buffer or NULL on failure. | |
15 + */ | |
16 +unsigned char *next_protos_parse(unsigned short *outlen, const char *in) | |
17 + { | |
18 + size_t len; | |
19 + unsigned char *out; | |
20 + size_t i, start = 0; | |
21 + | |
22 + len = strlen(in); | |
23 + if (len >= 65535) | |
24 + return NULL; | |
25 + | |
26 + out = OPENSSL_malloc(strlen(in) + 1); | |
27 + if (!out) | |
28 + return NULL; | |
29 + | |
30 + for (i = 0; i <= len; ++i) | |
31 + { | |
32 + if (i == len || in[i] == ',') | |
33 + { | |
34 + if (i - start > 255) | |
35 + { | |
36 + OPENSSL_free(out); | |
37 + return NULL; | |
38 + } | |
39 + out[start] = i - start; | |
40 + start = i + 1; | |
41 + } | |
42 + else | |
43 + out[i+1] = in[i]; | |
44 + } | |
45 + | |
46 + *outlen = len + 1; | |
47 + return out; | |
48 + } | |
49 +#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */ | |
50 --- openssl-1.0.0b.orig/apps/apps.h 2009-10-31 13:34:19.000000000 +0000 | |
51 +++ openssl-1.0.0b/apps/apps.h 2010-11-29 19:56:04.902465346 +0000 | |
52 @@ -358,3 +358,7 @@ int raw_write_stdout(const void *,int); | |
53 #define TM_STOP 1 | |
54 double app_tminterval (int stop,int usertime); | |
55 #endif | |
56 + | |
57 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
58 +unsigned char *next_protos_parse(unsigned short *outlen, const char *in); | |
59 +#endif | |
60 --- openssl-1.0.0b.orig/apps/s_client.c 2010-11-29 19:56:04.832465351 +0000 | |
61 +++ openssl-1.0.0b/apps/s_client.c 2010-11-29 19:56:04.902465346 +0000 | |
62 @@ -342,6 +342,9 @@ static void sc_usage(void) | |
63 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions
received\n"); | |
64 BIO_printf(bio_err," -status - request certificate status from
server\n"); | |
65 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis sessi
on tickets\n"); | |
66 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
67 + BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, consideri
ng named protocols supported (comma-separated list)\n"); | |
68 +# endif | |
69 BIO_printf(bio_err," -cutthrough - enable 1-RTT full-handshake for
strong ciphers\n"); | |
70 #endif | |
71 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); | |
72 @@ -367,6 +370,40 @@ static int MS_CALLBACK ssl_servername_cb | |
73 | |
74 return SSL_TLSEXT_ERR_OK; | |
75 } | |
76 + | |
77 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
78 +/* This the context that we pass to next_proto_cb */ | |
79 +typedef struct tlsextnextprotoctx_st { | |
80 + unsigned char *data; | |
81 + unsigned short len; | |
82 + int status; | |
83 +} tlsextnextprotoctx; | |
84 + | |
85 +static tlsextnextprotoctx next_proto; | |
86 + | |
87 +static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, co
nst unsigned char *in, unsigned int inlen, void *arg) | |
88 + { | |
89 + tlsextnextprotoctx *ctx = arg; | |
90 + | |
91 + if (!c_quiet) | |
92 + { | |
93 + /* We can assume that |in| is syntactically valid. */ | |
94 + unsigned i; | |
95 + BIO_printf(bio_c_out, "Protocols advertised by server: "); | |
96 + for (i = 0; i < inlen; ) | |
97 + { | |
98 + if (i) | |
99 + BIO_write(bio_c_out, ", ", 2); | |
100 + BIO_write(bio_c_out, &in[i + 1], in[i]); | |
101 + i += in[i] + 1; | |
102 + } | |
103 + BIO_write(bio_c_out, "\n", 1); | |
104 + } | |
105 + | |
106 + ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, c
tx->len); | |
107 + return SSL_TLSEXT_ERR_OK; | |
108 + } | |
109 +# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ | |
110 #endif | |
111 | |
112 enum | |
113 @@ -431,6 +468,9 @@ int MAIN(int argc, char **argv) | |
114 char *servername = NULL; | |
115 tlsextctx tlsextcbp = | |
116 {NULL,0}; | |
117 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
118 + const char *next_proto_neg_in = NULL; | |
119 +# endif | |
120 #endif | |
121 char *sess_in = NULL; | |
122 char *sess_out = NULL; | |
123 @@ -658,6 +698,13 @@ int MAIN(int argc, char **argv) | |
124 #ifndef OPENSSL_NO_TLSEXT | |
125 else if (strcmp(*argv,"-no_ticket") == 0) | |
126 { off|=SSL_OP_NO_TICKET; } | |
127 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
128 + else if (strcmp(*argv,"-nextprotoneg") == 0) | |
129 + { | |
130 + if (--argc < 1) goto bad; | |
131 + next_proto_neg_in = *(++argv); | |
132 + } | |
133 +# endif | |
134 #endif | |
135 else if (strcmp(*argv,"-cutthrough") == 0) | |
136 cutthrough=1; | |
137 @@ -766,6 +813,21 @@ bad: | |
138 OpenSSL_add_ssl_algorithms(); | |
139 SSL_load_error_strings(); | |
140 | |
141 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
142 + next_proto.status = -1; | |
143 + if (next_proto_neg_in) | |
144 + { | |
145 + next_proto.data = next_protos_parse(&next_proto.len, next_proto_
neg_in); | |
146 + if (next_proto.data == NULL) | |
147 + { | |
148 + BIO_printf(bio_err, "Error parsing -nextprotoneg argumen
t\n"); | |
149 + goto end; | |
150 + } | |
151 + } | |
152 + else | |
153 + next_proto.data = NULL; | |
154 +#endif | |
155 + | |
156 #ifndef OPENSSL_NO_ENGINE | |
157 e = setup_engine(bio_err, engine_id, 1); | |
158 if (ssl_client_engine_id) | |
159 @@ -896,6 +958,11 @@ bad: | |
160 SSL_CTX_set_mode(ctx, ssl_mode); | |
161 } | |
162 | |
163 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
164 + if (next_proto.data) | |
165 + SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto
); | |
166 +#endif | |
167 + | |
168 if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback); | |
169 if (cipher != NULL) | |
170 if(!SSL_CTX_set_cipher_list(ctx,cipher)) { | |
171 @@ -1755,6 +1822,18 @@ static void print_stuff(BIO *bio, SSL *s | |
172 BIO_printf(bio,"Expansion: %s\n", | |
173 expansion ? SSL_COMP_get_name(expansion) : "NONE"); | |
174 #endif | |
175 + | |
176 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
177 + if (next_proto.status != -1) { | |
178 + const unsigned char *proto; | |
179 + unsigned int proto_len; | |
180 + SSL_get0_next_proto_negotiated(s, &proto, &proto_len); | |
181 + BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); | |
182 + BIO_write(bio, proto, proto_len); | |
183 + BIO_write(bio, "\n", 1); | |
184 + } | |
185 +#endif | |
186 + | |
187 SSL_SESSION_print(bio,SSL_get_session(s)); | |
188 BIO_printf(bio,"---\n"); | |
189 if (peer != NULL) | |
190 --- openssl-1.0.0b.orig/apps/s_server.c 2010-06-15 17:25:02.000000000 +0000 | |
191 +++ openssl-1.0.0b/apps/s_server.c 2010-11-29 19:56:04.902465346 +0000 | |
192 @@ -492,6 +492,9 @@ static void sv_usage(void) | |
193 BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions rece
ived\n"); | |
194 BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session t
ickets\n"); | |
195 BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renego
tiation (dangerous)\n"); | |
196 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
197 + BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols fo
r the NPN extension (comma-separated list)\n"); | |
198 +# endif | |
199 #endif | |
200 } | |
201 | |
202 @@ -826,6 +829,24 @@ BIO_printf(err, "cert_status: received % | |
203 ret = SSL_TLSEXT_ERR_ALERT_FATAL; | |
204 goto done; | |
205 } | |
206 + | |
207 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
208 +/* This is the context that we pass to next_proto_cb */ | |
209 +typedef struct tlsextnextprotoctx_st { | |
210 + unsigned char *data; | |
211 + unsigned int len; | |
212 +} tlsextnextprotoctx; | |
213 + | |
214 +static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
void *arg) | |
215 + { | |
216 + tlsextnextprotoctx *next_proto = arg; | |
217 + | |
218 + *data = next_proto->data; | |
219 + *len = next_proto->len; | |
220 + | |
221 + return SSL_TLSEXT_ERR_OK; | |
222 + } | |
223 +# endif /* ndef OPENSSL_NO_NPN */ | |
224 #endif | |
225 | |
226 int MAIN(int, char **); | |
227 @@ -867,6 +888,10 @@ int MAIN(int argc, char *argv[]) | |
228 #endif | |
229 #ifndef OPENSSL_NO_TLSEXT | |
230 tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; | |
231 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
232 + const char *next_proto_neg_in = NULL; | |
233 + tlsextnextprotoctx next_proto; | |
234 +# endif | |
235 #endif | |
236 #ifndef OPENSSL_NO_PSK | |
237 /* by default do not send a PSK identity hint */ | |
238 @@ -1191,7 +1216,13 @@ int MAIN(int argc, char *argv[]) | |
239 if (--argc < 1) goto bad; | |
240 s_key_file2= *(++argv); | |
241 } | |
242 - | |
243 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
244 + else if (strcmp(*argv,"-nextprotoneg") == 0) | |
245 + { | |
246 + if (--argc < 1) goto bad; | |
247 + next_proto_neg_in = *(++argv); | |
248 + } | |
249 +# endif | |
250 #endif | |
251 #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) | |
252 else if (strcmp(*argv,"-jpake") == 0) | |
253 @@ -1476,6 +1507,11 @@ bad: | |
254 if (vpm) | |
255 SSL_CTX_set1_param(ctx2, vpm); | |
256 } | |
257 + | |
258 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
259 + if (next_proto.data) | |
260 + SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_
proto); | |
261 +# endif | |
262 #endif | |
263 | |
264 #ifndef OPENSSL_NO_DH | |
265 @@ -1617,6 +1653,21 @@ bad: | |
266 goto end; | |
267 } | |
268 } | |
269 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
270 + if (next_proto_neg_in) | |
271 + { | |
272 + unsigned short len; | |
273 + next_proto.data = next_protos_parse(&len, | |
274 + next_proto_neg_in); | |
275 + if (next_proto.data == NULL) | |
276 + goto end; | |
277 + next_proto.len = len; | |
278 + } | |
279 + else | |
280 + { | |
281 + next_proto.data = NULL; | |
282 + } | |
283 +# endif | |
284 #endif | |
285 RSA_free(rsa); | |
286 BIO_printf(bio_s_out,"\n"); | |
287 @@ -2159,6 +2210,10 @@ static int init_ssl_connection(SSL *con) | |
288 X509 *peer; | |
289 long verify_error; | |
290 MS_STATIC char buf[BUFSIZ]; | |
291 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
292 + const unsigned char *next_proto_neg; | |
293 + unsigned next_proto_neg_len; | |
294 +#endif | |
295 | |
296 if ((i=SSL_accept(con)) <= 0) | |
297 { | |
298 @@ -2198,6 +2253,15 @@ static int init_ssl_connection(SSL *con) | |
299 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf); | |
300 str=SSL_CIPHER_get_name(SSL_get_current_cipher(con)); | |
301 BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)"); | |
302 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
303 + SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len
); | |
304 + if (next_proto_neg) | |
305 + { | |
306 + BIO_printf(bio_s_out,"NEXTPROTO is "); | |
307 + BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); | |
308 + BIO_printf(bio_s_out, "\n"); | |
309 + } | |
310 +#endif | |
311 if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n"); | |
312 if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & | |
313 TLS1_FLAGS_TLS_PADDING_BUG) | |
314 --- openssl-1.0.0b.orig/include/openssl/ssl.h 2010-11-29 19:56:04.846517045 +0
000 | |
315 +++ openssl-1.0.0b/include/openssl/ssl.h 2010-11-29 19:56:04.965928855 +0
000 | |
316 @@ -857,6 +857,25 @@ struct ssl_ctx_st | |
317 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ | |
318 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t l
en, void *arg); | |
319 void *tlsext_opaque_prf_input_callback_arg; | |
320 + | |
321 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
322 + /* Next protocol negotiation information */ | |
323 + /* (for experimental NPN extension). */ | |
324 + | |
325 + /* For a server, this contains a callback function by which the set of | |
326 + * advertised protocols can be provided. */ | |
327 + int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, | |
328 + unsigned int *len, void *arg); | |
329 + void *next_protos_advertised_cb_arg; | |
330 + /* For a client, this contains a callback function that selects the | |
331 + * next protocol from the list provided by the server. */ | |
332 + int (*next_proto_select_cb)(SSL *s, unsigned char **out, | |
333 + unsigned char *outlen, | |
334 + const unsigned char *in, | |
335 + unsigned int inlen, | |
336 + void *arg); | |
337 + void *next_proto_select_cb_arg; | |
338 +# endif | |
339 #endif | |
340 | |
341 #ifndef OPENSSL_NO_PSK | |
342 @@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C | |
343 #endif | |
344 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL
*ssl, unsigned char *cookie, unsigned int *cookie_len)); | |
345 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL
*ssl, unsigned char *cookie, unsigned int cookie_len)); | |
346 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
347 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, | |
348 + int (*cb) (SSL *ssl, | |
349 + const unsigned char **out, | |
350 + unsigned int *outlen, | |
351 + void *arg), void *arg); | |
352 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, | |
353 + int (*cb) (SSL *ssl, unsigned char **out, | |
354 + unsigned char *outlen, | |
355 + const unsigned char *in, | |
356 + unsigned int inlen, void *arg), | |
357 + void *arg); | |
358 + | |
359 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, | |
360 + const unsigned char *in, unsigned int inlen, | |
361 + const unsigned char *client, unsigned int client_len); | |
362 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, | |
363 + unsigned *len); | |
364 + | |
365 +#define OPENSSL_NPN_UNSUPPORTED 0 | |
366 +#define OPENSSL_NPN_NEGOTIATED 1 | |
367 +#define OPENSSL_NPN_NO_OVERLAP 2 | |
368 + | |
369 +#endif | |
370 | |
371 #ifndef OPENSSL_NO_PSK | |
372 /* the maximum length of the buffer given to callbacks containing the | |
373 @@ -1187,6 +1230,19 @@ struct ssl_st | |
374 void *tls_session_secret_cb_arg; | |
375 | |
376 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ | |
377 + | |
378 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
379 + /* Next protocol negotiation. For the client, this is the protocol that | |
380 + * we sent in NextProtocol and is set when handling ServerHello | |
381 + * extensions. | |
382 + * | |
383 + * For a server, this is the client's selected_protocol from | |
384 + * NextProtocol and is set when handling the NextProtocol message, | |
385 + * before the Finished message. */ | |
386 + unsigned char *next_proto_negotiated; | |
387 + unsigned char next_proto_negotiated_len; | |
388 +#endif | |
389 + | |
390 #define session_ctx initial_ctx | |
391 #else | |
392 #define session_ctx ctx | |
393 @@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void); | |
394 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 | |
395 #define SSL_F_SSL3_GET_MESSAGE 142 | |
396 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 | |
397 +#define SSL_F_SSL3_GET_NEXT_PROTO 304 | |
398 #define SSL_F_SSL3_GET_RECORD 143 | |
399 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 | |
400 #define SSL_F_SSL3_GET_SERVER_DONE 145 | |
401 @@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void); | |
402 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 | |
403 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 | |
404 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 | |
405 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346 | |
406 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347 | |
407 #define SSL_R_HTTPS_PROXY_REQUEST 155 | |
408 #define SSL_R_HTTP_REQUEST 156 | |
409 #define SSL_R_ILLEGAL_PADDING 283 | |
410 --- openssl-1.0.0b.orig/include/openssl/ssl3.h 2010-11-29 19:56:04.832465351 +0
000 | |
411 +++ openssl-1.0.0b/include/openssl/ssl3.h 2010-11-29 19:56:04.965928855 +0
000 | |
412 @@ -465,6 +465,12 @@ typedef struct ssl3_state_st | |
413 void *server_opaque_prf_input; | |
414 size_t server_opaque_prf_input_len; | |
415 | |
416 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
417 + /* Set if we saw the Next Protocol Negotiation extension from | |
418 + our peer. */ | |
419 + int next_proto_neg_seen; | |
420 +#endif | |
421 + | |
422 struct { | |
423 /* actually only needs to be 16+20 */ | |
424 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | |
425 @@ -557,6 +563,10 @@ typedef struct ssl3_state_st | |
426 #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) | |
427 #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) | |
428 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) | |
429 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
430 +#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) | |
431 +#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) | |
432 +#endif | |
433 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) | |
434 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) | |
435 /* read from server */ | |
436 @@ -602,6 +612,10 @@ typedef struct ssl3_state_st | |
437 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) | |
438 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) | |
439 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) | |
440 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
441 +#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) | |
442 +#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) | |
443 +#endif | |
444 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) | |
445 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) | |
446 /* write to client */ | |
447 @@ -626,6 +640,9 @@ typedef struct ssl3_state_st | |
448 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 | |
449 #define SSL3_MT_FINISHED 20 | |
450 #define SSL3_MT_CERTIFICATE_STATUS 22 | |
451 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
452 +#define SSL3_MT_NEXT_PROTO 67 | |
453 +#endif | |
454 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | |
455 | |
456 | |
457 --- openssl-1.0.0b.orig/include/openssl/tls1.h 2009-11-11 14:51:29.000000000 +0
000 | |
458 +++ openssl-1.0.0b/include/openssl/tls1.h 2010-11-29 19:56:04.965928855 +0
000 | |
459 @@ -204,6 +204,11 @@ extern "C" { | |
460 /* Temporary extension type */ | |
461 #define TLSEXT_TYPE_renegotiate 0xff01 | |
462 | |
463 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
464 +/* This is not an IANA defined extension number */ | |
465 +#define TLSEXT_TYPE_next_proto_neg 13172 | |
466 +#endif | |
467 + | |
468 /* NameType value from RFC 3546 */ | |
469 #define TLSEXT_NAMETYPE_host_name 0 | |
470 /* status request value from RFC 3546 */ | |
471 --- openssl-1.0.0b.orig/ssl/s3_both.c 2010-11-29 19:56:04.846517045 +0000 | |
472 +++ openssl-1.0.0b/ssl/s3_both.c 2010-11-29 19:56:04.965928855 +0000 | |
473 @@ -202,15 +202,40 @@ int ssl3_send_finished(SSL *s, int a, in | |
474 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | |
475 } | |
476 | |
477 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
478 +/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen t
o far. */ | |
479 +static void ssl3_take_mac(SSL *s) | |
480 + { | |
481 + const char *sender; | |
482 + int slen; | |
483 + | |
484 + if (s->state & SSL_ST_CONNECT) | |
485 + { | |
486 + sender=s->method->ssl3_enc->server_finished_label; | |
487 + slen=s->method->ssl3_enc->server_finished_label_len; | |
488 + } | |
489 + else | |
490 + { | |
491 + sender=s->method->ssl3_enc->client_finished_label; | |
492 + slen=s->method->ssl3_enc->client_finished_label_len; | |
493 + } | |
494 + | |
495 + s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | |
496 + sender,slen,s->s3->tmp.peer_finish_md); | |
497 + } | |
498 +#endif | |
499 + | |
500 int ssl3_get_finished(SSL *s, int a, int b) | |
501 { | |
502 int al,i,ok; | |
503 long n; | |
504 unsigned char *p; | |
505 | |
506 +#ifdef OPENSSL_NO_NEXTPROTONEG | |
507 /* the mac has already been generated when we received the | |
508 * change cipher spec message and is in s->s3->tmp.peer_finish_md | |
509 */ | |
510 +#endif | |
511 | |
512 n=s->method->ssl_get_message(s, | |
513 a, | |
514 @@ -521,6 +546,15 @@ long ssl3_get_message(SSL *s, int st1, i | |
515 s->init_num += i; | |
516 n -= i; | |
517 } | |
518 + | |
519 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
520 + /* If receiving Finished, record MAC of prior handshake messages for | |
521 + * Finished verification. */ | |
522 + if (*s->init_buf->data == SSL3_MT_FINISHED) | |
523 + ssl3_take_mac(s); | |
524 +#endif | |
525 + | |
526 + /* Feed this message into MAC computation. */ | |
527 ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); | |
528 if (s->msg_callback) | |
529 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->d
ata, (size_t)s->init_num + 4, s, s->msg_callback_arg); | |
530 --- openssl-1.0.0b.orig/ssl/s3_clnt.c 2010-11-29 19:56:04.846517045 +0000 | |
531 +++ openssl-1.0.0b/ssl/s3_clnt.c 2010-11-29 19:56:04.965928855 +0000 | |
532 @@ -435,7 +435,16 @@ int ssl3_connect(SSL *s) | |
533 ret=ssl3_send_change_cipher_spec(s, | |
534 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); | |
535 if (ret <= 0) goto end; | |
536 + | |
537 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
538 s->state=SSL3_ST_CW_FINISHED_A; | |
539 +#else | |
540 + if (s->next_proto_negotiated) | |
541 + s->state=SSL3_ST_CW_NEXT_PROTO_A; | |
542 + else | |
543 + s->state=SSL3_ST_CW_FINISHED_A; | |
544 +#endif | |
545 + | |
546 s->init_num=0; | |
547 | |
548 s->session->cipher=s->s3->tmp.new_cipher; | |
549 @@ -463,6 +472,15 @@ int ssl3_connect(SSL *s) | |
550 | |
551 break; | |
552 | |
553 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
554 + case SSL3_ST_CW_NEXT_PROTO_A: | |
555 + case SSL3_ST_CW_NEXT_PROTO_B: | |
556 + ret=ssl3_send_next_proto(s); | |
557 + if (ret <= 0) goto end; | |
558 + s->state=SSL3_ST_CW_FINISHED_A; | |
559 + break; | |
560 +#endif | |
561 + | |
562 case SSL3_ST_CW_FINISHED_A: | |
563 case SSL3_ST_CW_FINISHED_B: | |
564 ret=ssl3_send_finished(s, | |
565 @@ -3060,6 +3078,32 @@ err: | |
566 */ | |
567 | |
568 #ifndef OPENSSL_NO_TLSEXT | |
569 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
570 +int ssl3_send_next_proto(SSL *s) | |
571 + { | |
572 + unsigned int len, padding_len; | |
573 + unsigned char *d; | |
574 + | |
575 + if (s->state == SSL3_ST_CW_NEXT_PROTO_A) | |
576 + { | |
577 + len = s->next_proto_negotiated_len; | |
578 + padding_len = 32 - ((len + 2) % 32); | |
579 + d = (unsigned char *)s->init_buf->data; | |
580 + d[4] = len; | |
581 + memcpy(d + 5, s->next_proto_negotiated, len); | |
582 + d[5 + len] = padding_len; | |
583 + memset(d + 6 + len, 0, padding_len); | |
584 + *(d++)=SSL3_MT_NEXT_PROTO; | |
585 + l2n3(2 + len + padding_len, d); | |
586 + s->state = SSL3_ST_CW_NEXT_PROTO_B; | |
587 + s->init_num = 4 + 2 + len + padding_len; | |
588 + s->init_off = 0; | |
589 + } | |
590 + | |
591 + return ssl3_do_write(s, SSL3_RT_HANDSHAKE); | |
592 + } | |
593 +# endif | |
594 + | |
595 int ssl3_check_finished(SSL *s) | |
596 { | |
597 int ok; | |
598 --- openssl-1.0.0b.orig/ssl/s3_lib.c 2010-11-29 19:56:04.832465351 +0000 | |
599 +++ openssl-1.0.0b/ssl/s3_lib.c 2010-11-29 19:56:04.965928855 +0000 | |
600 @@ -2230,6 +2230,15 @@ void ssl3_clear(SSL *s) | |
601 s->s3->num_renegotiations=0; | |
602 s->s3->in_read_app_data=0; | |
603 s->version=SSL3_VERSION; | |
604 + | |
605 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
606 + if (s->next_proto_negotiated) | |
607 + { | |
608 + OPENSSL_free(s->next_proto_negotiated); | |
609 + s->next_proto_negotiated = NULL; | |
610 + s->next_proto_negotiated_len = 0; | |
611 + } | |
612 +#endif | |
613 } | |
614 | |
615 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) | |
616 --- openssl-1.0.0b.orig/ssl/s3_pkt.c 2010-11-29 19:56:04.832465351 +0000 | |
617 +++ openssl-1.0.0b/ssl/s3_pkt.c 2010-11-29 19:56:04.965928855 +0000 | |
618 @@ -1394,8 +1394,10 @@ err: | |
619 int ssl3_do_change_cipher_spec(SSL *s) | |
620 { | |
621 int i; | |
622 +#ifdef OPENSSL_NO_NEXTPROTONEG | |
623 const char *sender; | |
624 int slen; | |
625 +#endif | |
626 | |
627 if (s->state & SSL_ST_ACCEPT) | |
628 i=SSL3_CHANGE_CIPHER_SERVER_READ; | |
629 @@ -1418,6 +1420,7 @@ int ssl3_do_change_cipher_spec(SSL *s) | |
630 if (!s->method->ssl3_enc->change_cipher_state(s,i)) | |
631 return(0); | |
632 | |
633 +#ifdef OPENSSL_NO_NEXTPROTONEG | |
634 /* we have to record the message digest at | |
635 * this point so we can get it before we read | |
636 * the finished message */ | |
637 @@ -1434,6 +1437,7 @@ int ssl3_do_change_cipher_spec(SSL *s) | |
638 | |
639 s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, | |
640 sender,slen,s->s3->tmp.peer_finish_md); | |
641 +#endif | |
642 | |
643 return(1); | |
644 } | |
645 --- openssl-1.0.0b.orig/ssl/s3_srvr.c 2010-11-29 19:56:04.846517045 +0000 | |
646 +++ openssl-1.0.0b/ssl/s3_srvr.c 2010-11-29 19:56:04.965928855 +0000 | |
647 @@ -538,7 +538,14 @@ int ssl3_accept(SSL *s) | |
648 * the client uses its key from the certificate | |
649 * for key exchange. | |
650 */ | |
651 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
652 s->state=SSL3_ST_SR_FINISHED_A; | |
653 +#else | |
654 + if (s->s3->next_proto_neg_seen) | |
655 + s->state=SSL3_ST_SR_NEXT_PROTO_A; | |
656 + else | |
657 + s->state=SSL3_ST_SR_FINISHED_A; | |
658 +#endif | |
659 s->init_num = 0; | |
660 } | |
661 else | |
662 @@ -581,10 +588,27 @@ int ssl3_accept(SSL *s) | |
663 ret=ssl3_get_cert_verify(s); | |
664 if (ret <= 0) goto end; | |
665 | |
666 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
667 s->state=SSL3_ST_SR_FINISHED_A; | |
668 +#else | |
669 + if (s->s3->next_proto_neg_seen) | |
670 + s->state=SSL3_ST_SR_NEXT_PROTO_A; | |
671 + else | |
672 + s->state=SSL3_ST_SR_FINISHED_A; | |
673 +#endif | |
674 s->init_num=0; | |
675 break; | |
676 | |
677 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
678 + case SSL3_ST_SR_NEXT_PROTO_A: | |
679 + case SSL3_ST_SR_NEXT_PROTO_B: | |
680 + ret=ssl3_get_next_proto(s); | |
681 + if (ret <= 0) goto end; | |
682 + s->init_num = 0; | |
683 + s->state=SSL3_ST_SR_FINISHED_A; | |
684 + break; | |
685 +#endif | |
686 + | |
687 case SSL3_ST_SR_FINISHED_A: | |
688 case SSL3_ST_SR_FINISHED_B: | |
689 ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, | |
690 @@ -655,7 +679,16 @@ int ssl3_accept(SSL *s) | |
691 if (ret <= 0) goto end; | |
692 s->state=SSL3_ST_SW_FLUSH; | |
693 if (s->hit) | |
694 + { | |
695 +#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) | |
696 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; | |
697 +#else | |
698 + if (s->s3->next_proto_neg_seen) | |
699 + s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PR
OTO_A; | |
700 + else | |
701 + s->s3->tmp.next_state=SSL3_ST_SR_FINISHE
D_A; | |
702 +#endif | |
703 + } | |
704 else | |
705 s->s3->tmp.next_state=SSL_ST_OK; | |
706 s->init_num=0; | |
707 @@ -3196,4 +3229,72 @@ int ssl3_send_cert_status(SSL *s) | |
708 /* SSL3_ST_SW_CERT_STATUS_B */ | |
709 return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | |
710 } | |
711 + | |
712 +# ifndef OPENSSL_NO_NPN | |
713 +/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It | |
714 + * sets the next_proto member in s if found */ | |
715 +int ssl3_get_next_proto(SSL *s) | |
716 + { | |
717 + int ok; | |
718 + unsigned proto_len, padding_len; | |
719 + long n; | |
720 + const unsigned char *p; | |
721 + | |
722 + /* Clients cannot send a NextProtocol message if we didn't see the | |
723 + * extension in their ClientHello */ | |
724 + if (!s->s3->next_proto_neg_seen) | |
725 + { | |
726 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EX
TENSION); | |
727 + return -1; | |
728 + } | |
729 + | |
730 + n=s->method->ssl_get_message(s, | |
731 + SSL3_ST_SR_NEXT_PROTO_A, | |
732 + SSL3_ST_SR_NEXT_PROTO_B, | |
733 + SSL3_MT_NEXT_PROTO, | |
734 + 514, /* See the payload format below */ | |
735 + &ok); | |
736 + | |
737 + if (!ok) | |
738 + return((int)n); | |
739 + | |
740 + /* s->state doesn't reflect whether ChangeCipherSpec has been received | |
741 + * in this handshake, but s->s3->change_cipher_spec does (will be reset | |
742 + * by ssl3_get_finished). */ | |
743 + if (!s->s3->change_cipher_spec) | |
744 + { | |
745 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_C
CS); | |
746 + return -1; | |
747 + } | |
748 + | |
749 + if (n < 2) | |
750 + return 0; /* The body must be > 1 bytes long */ | |
751 + | |
752 + p=(unsigned char *)s->init_msg; | |
753 + | |
754 + /* The payload looks like: | |
755 + * uint8 proto_len; | |
756 + * uint8 proto[proto_len]; | |
757 + * uint8 padding_len; | |
758 + * uint8 padding[padding_len]; | |
759 + */ | |
760 + proto_len = p[0]; | |
761 + if (proto_len + 2 > s->init_num) | |
762 + return 0; | |
763 + padding_len = p[proto_len + 1]; | |
764 + if (proto_len + padding_len + 2 != s->init_num) | |
765 + return 0; | |
766 + | |
767 + s->next_proto_negotiated = OPENSSL_malloc(proto_len); | |
768 + if (!s->next_proto_negotiated) | |
769 + { | |
770 + SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE); | |
771 + return 0; | |
772 + } | |
773 + memcpy(s->next_proto_negotiated, p + 1, proto_len); | |
774 + s->next_proto_negotiated_len = proto_len; | |
775 + | |
776 + return 1; | |
777 + } | |
778 +# endif | |
779 #endif | |
780 --- openssl-1.0.0b.orig/ssl/ssl.h 2010-11-29 19:56:04.846517045 +0000 | |
781 +++ openssl-1.0.0b/ssl/ssl.h 2010-11-29 19:56:04.965928855 +0000 | |
782 @@ -857,6 +857,25 @@ struct ssl_ctx_st | |
783 /* draft-rescorla-tls-opaque-prf-input-00.txt information */ | |
784 int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t l
en, void *arg); | |
785 void *tlsext_opaque_prf_input_callback_arg; | |
786 + | |
787 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
788 + /* Next protocol negotiation information */ | |
789 + /* (for experimental NPN extension). */ | |
790 + | |
791 + /* For a server, this contains a callback function by which the set of | |
792 + * advertised protocols can be provided. */ | |
793 + int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf, | |
794 + unsigned int *len, void *arg); | |
795 + void *next_protos_advertised_cb_arg; | |
796 + /* For a client, this contains a callback function that selects the | |
797 + * next protocol from the list provided by the server. */ | |
798 + int (*next_proto_select_cb)(SSL *s, unsigned char **out, | |
799 + unsigned char *outlen, | |
800 + const unsigned char *in, | |
801 + unsigned int inlen, | |
802 + void *arg); | |
803 + void *next_proto_select_cb_arg; | |
804 +# endif | |
805 #endif | |
806 | |
807 #ifndef OPENSSL_NO_PSK | |
808 @@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C | |
809 #endif | |
810 void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL
*ssl, unsigned char *cookie, unsigned int *cookie_len)); | |
811 void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL
*ssl, unsigned char *cookie, unsigned int cookie_len)); | |
812 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
813 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, | |
814 + int (*cb) (SSL *ssl, | |
815 + const unsigned char **out, | |
816 + unsigned int *outlen, | |
817 + void *arg), void *arg); | |
818 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, | |
819 + int (*cb) (SSL *ssl, unsigned char **out, | |
820 + unsigned char *outlen, | |
821 + const unsigned char *in, | |
822 + unsigned int inlen, void *arg), | |
823 + void *arg); | |
824 + | |
825 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, | |
826 + const unsigned char *in, unsigned int inlen, | |
827 + const unsigned char *client, unsigned int client_len); | |
828 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, | |
829 + unsigned *len); | |
830 + | |
831 +#define OPENSSL_NPN_UNSUPPORTED 0 | |
832 +#define OPENSSL_NPN_NEGOTIATED 1 | |
833 +#define OPENSSL_NPN_NO_OVERLAP 2 | |
834 + | |
835 +#endif | |
836 | |
837 #ifndef OPENSSL_NO_PSK | |
838 /* the maximum length of the buffer given to callbacks containing the | |
839 @@ -1187,6 +1230,19 @@ struct ssl_st | |
840 void *tls_session_secret_cb_arg; | |
841 | |
842 SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */ | |
843 + | |
844 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
845 + /* Next protocol negotiation. For the client, this is the protocol that | |
846 + * we sent in NextProtocol and is set when handling ServerHello | |
847 + * extensions. | |
848 + * | |
849 + * For a server, this is the client's selected_protocol from | |
850 + * NextProtocol and is set when handling the NextProtocol message, | |
851 + * before the Finished message. */ | |
852 + unsigned char *next_proto_negotiated; | |
853 + unsigned char next_proto_negotiated_len; | |
854 +#endif | |
855 + | |
856 #define session_ctx initial_ctx | |
857 #else | |
858 #define session_ctx ctx | |
859 @@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void); | |
860 #define SSL_F_SSL3_GET_KEY_EXCHANGE 141 | |
861 #define SSL_F_SSL3_GET_MESSAGE 142 | |
862 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 | |
863 +#define SSL_F_SSL3_GET_NEXT_PROTO 304 | |
864 #define SSL_F_SSL3_GET_RECORD 143 | |
865 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 | |
866 #define SSL_F_SSL3_GET_SERVER_DONE 145 | |
867 @@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void); | |
868 #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 | |
869 #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 | |
870 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 | |
871 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 346 | |
872 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 347 | |
873 #define SSL_R_HTTPS_PROXY_REQUEST 155 | |
874 #define SSL_R_HTTP_REQUEST 156 | |
875 #define SSL_R_ILLEGAL_PADDING 283 | |
876 --- openssl-1.0.0b.orig/ssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000 | |
877 +++ openssl-1.0.0b/ssl/ssl3.h 2010-11-29 19:56:04.965928855 +0000 | |
878 @@ -465,6 +465,12 @@ typedef struct ssl3_state_st | |
879 void *server_opaque_prf_input; | |
880 size_t server_opaque_prf_input_len; | |
881 | |
882 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
883 + /* Set if we saw the Next Protocol Negotiation extension from | |
884 + our peer. */ | |
885 + int next_proto_neg_seen; | |
886 +#endif | |
887 + | |
888 struct { | |
889 /* actually only needs to be 16+20 */ | |
890 unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | |
891 @@ -557,6 +563,10 @@ typedef struct ssl3_state_st | |
892 #define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) | |
893 #define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) | |
894 #define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) | |
895 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
896 +#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) | |
897 +#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) | |
898 +#endif | |
899 #define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) | |
900 #define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) | |
901 /* read from server */ | |
902 @@ -602,6 +612,10 @@ typedef struct ssl3_state_st | |
903 #define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) | |
904 #define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) | |
905 #define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) | |
906 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
907 +#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) | |
908 +#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) | |
909 +#endif | |
910 #define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) | |
911 #define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) | |
912 /* write to client */ | |
913 @@ -626,6 +640,9 @@ typedef struct ssl3_state_st | |
914 #define SSL3_MT_CLIENT_KEY_EXCHANGE 16 | |
915 #define SSL3_MT_FINISHED 20 | |
916 #define SSL3_MT_CERTIFICATE_STATUS 22 | |
917 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
918 +#define SSL3_MT_NEXT_PROTO 67 | |
919 +#endif | |
920 #define DTLS1_MT_HELLO_VERIFY_REQUEST 3 | |
921 | |
922 | |
923 --- openssl-1.0.0b.orig/ssl/ssl_err.c 2010-11-29 19:56:04.846517045 +0000 | |
924 +++ openssl-1.0.0b/ssl/ssl_err.c 2010-11-29 19:56:04.965928855 +0000 | |
925 @@ -155,6 +155,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |
926 {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"}, | |
927 {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"}, | |
928 {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"}, | |
929 +{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"}, | |
930 {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"}, | |
931 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"}, | |
932 {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"}, | |
933 @@ -355,6 +356,8 @@ static ERR_STRING_DATA SSL_str_reasons[] | |
934 {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"}, | |
935 {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"}, | |
936 {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"}, | |
937 +{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"}, | |
938 +{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without see
ing extension"}, | |
939 {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"}, | |
940 {ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"}, | |
941 {ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"}, | |
942 --- openssl-1.0.0b.orig/ssl/ssl_lib.c 2010-11-29 19:56:04.846517045 +0000 | |
943 +++ openssl-1.0.0b/ssl/ssl_lib.c 2010-11-29 19:56:04.965928855 +0000 | |
944 @@ -354,6 +354,9 @@ SSL *SSL_new(SSL_CTX *ctx) | |
945 s->tlsext_ocsp_resplen = -1; | |
946 CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | |
947 s->initial_ctx=ctx; | |
948 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
949 + s->next_proto_negotiated = NULL; | |
950 +# endif | |
951 #endif | |
952 | |
953 s->verify_result=X509_V_OK; | |
954 @@ -587,6 +590,11 @@ void SSL_free(SSL *s) | |
955 kssl_ctx_free(s->kssl_ctx); | |
956 #endif /* OPENSSL_NO_KRB5 */ | |
957 | |
958 +#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) | |
959 + if (s->next_proto_negotiated) | |
960 + OPENSSL_free(s->next_proto_negotiated); | |
961 +#endif | |
962 + | |
963 OPENSSL_free(s); | |
964 } | |
965 | |
966 @@ -1503,6 +1511,124 @@ int SSL_get_servername_type(const SSL *s | |
967 return TLSEXT_NAMETYPE_host_name; | |
968 return -1; | |
969 } | |
970 + | |
971 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
972 +/* SSL_select_next_proto implements the standard protocol selection. It is | |
973 + * expected that this function is called from the callback set by | |
974 + * SSL_CTX_set_next_proto_select_cb. | |
975 + * | |
976 + * The protocol data is assumed to be a vector of 8-bit, length prefixed byte | |
977 + * strings. The length byte itself is not included in the length. A byte | |
978 + * string of length 0 is invalid. No byte string may be truncated. | |
979 + * | |
980 + * The current, but experimental algorithm for selecting the protocol is: | |
981 + * | |
982 + * 1) If the server doesn't support NPN then this is indicated to the | |
983 + * callback. In this case, the client application has to abort the connection | |
984 + * or have a default application level protocol. | |
985 + * | |
986 + * 2) If the server supports NPN, but advertises an empty list then the | |
987 + * client selects the first protcol in its list, but indicates via the | |
988 + * API that this fallback case was enacted. | |
989 + * | |
990 + * 3) Otherwise, the client finds the first protocol in the server's list | |
991 + * that it supports and selects this protocol. This is because it's | |
992 + * assumed that the server has better information about which protocol | |
993 + * a client should use. | |
994 + * | |
995 + * 4) If the client doesn't support any of the server's advertised | |
996 + * protocols, then this is treated the same as case 2. | |
997 + * | |
998 + * It returns either | |
999 + * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or | |
1000 + * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached. | |
1001 + */ | |
1002 +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const uns
igned char *server, unsigned int server_len, const unsigned char *client, unsign
ed int client_len) | |
1003 + { | |
1004 + unsigned int i, j; | |
1005 + const unsigned char *result; | |
1006 + int status = OPENSSL_NPN_UNSUPPORTED; | |
1007 + | |
1008 + /* For each protocol in server preference order, see if we support it. *
/ | |
1009 + for (i = 0; i < server_len; ) | |
1010 + { | |
1011 + for (j = 0; j < client_len; ) | |
1012 + { | |
1013 + if (server[i] == client[j] && | |
1014 + memcmp(&server[i+1], &client[j+1], server[i]) == 0) | |
1015 + { | |
1016 + /* We found a match */ | |
1017 + result = &server[i]; | |
1018 + status = OPENSSL_NPN_NEGOTIATED; | |
1019 + goto found; | |
1020 + } | |
1021 + j += client[j]; | |
1022 + j++; | |
1023 + } | |
1024 + i += server[i]; | |
1025 + i++; | |
1026 + } | |
1027 + | |
1028 + /* There's no overlap between our protocols and the server's list. */ | |
1029 + result = client; | |
1030 + status = OPENSSL_NPN_NO_OVERLAP; | |
1031 + | |
1032 + found: | |
1033 + *out = (unsigned char *) result + 1; | |
1034 + *outlen = result[0]; | |
1035 + return status; | |
1036 + } | |
1037 + | |
1038 +/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's | |
1039 + * requested protocol for this connection and returns 0. If the client didn't | |
1040 + * request any protocol, then *data is set to NULL. | |
1041 + * | |
1042 + * Note that the client can request any protocol it chooses. The value returned | |
1043 + * from this function need not be a member of the list of supported protocols | |
1044 + * provided by the callback. | |
1045 + */ | |
1046 +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, u
nsigned *len) | |
1047 + { | |
1048 + *data = s->next_proto_negotiated; | |
1049 + if (!*data) { | |
1050 + *len = 0; | |
1051 + } else { | |
1052 + *len = s->next_proto_negotiated_len; | |
1053 + } | |
1054 +} | |
1055 + | |
1056 +/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a | |
1057 + * TLS server needs a list of supported protocols for Next Protocol | |
1058 + * Negotiation. The returned list must be in wire format. The list is returned | |
1059 + * by setting |out| to point to it and |outlen| to its length. This memory will | |
1060 + * not be modified, but one should assume that the SSL* keeps a reference to | |
1061 + * it. | |
1062 + * | |
1063 + * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Othe
rwise, no | |
1064 + * such extension will be included in the ServerHello. */ | |
1065 +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, c
onst unsigned char **out, unsigned int *outlen, void *arg), void *arg) | |
1066 + { | |
1067 + ctx->next_protos_advertised_cb = cb; | |
1068 + ctx->next_protos_advertised_cb_arg = arg; | |
1069 + } | |
1070 + | |
1071 +/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a | |
1072 + * client needs to select a protocol from the server's provided list. |out| | |
1073 + * must be set to point to the selected protocol (which may be within |in|). | |
1074 + * The length of the protocol name must be written into |outlen|. The server's | |
1075 + * advertised protocols are provided in |in| and |inlen|. The callback can | |
1076 + * assume that |in| is syntactically valid. | |
1077 + * | |
1078 + * The client must select a protocol. It is fatal to the connection if this | |
1079 + * callback returns a value other than SSL_TLSEXT_ERR_OK. | |
1080 + */ | |
1081 +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned
char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen,
void *arg), void *arg) | |
1082 + { | |
1083 + ctx->next_proto_select_cb = cb; | |
1084 + ctx->next_proto_select_cb_arg = arg; | |
1085 + } | |
1086 + | |
1087 +# endif | |
1088 #endif | |
1089 | |
1090 static unsigned long ssl_session_hash(const SSL_SESSION *a) | |
1091 @@ -1667,6 +1793,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m | |
1092 ret->tlsext_status_cb = 0; | |
1093 ret->tlsext_status_arg = NULL; | |
1094 | |
1095 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
1096 + ret->next_protos_advertised_cb = 0; | |
1097 + ret->next_proto_select_cb = 0; | |
1098 +# endif | |
1099 #endif | |
1100 #ifndef OPENSSL_NO_PSK | |
1101 ret->psk_identity_hint=NULL; | |
1102 --- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-29 19:56:04.846517045 +0000 | |
1103 +++ openssl-1.0.0b/ssl/ssl_locl.h 2010-11-29 19:56:04.965928855 +0000 | |
1104 @@ -968,6 +968,9 @@ int ssl3_get_server_certificate(SSL *s); | |
1105 int ssl3_check_cert_and_algorithm(SSL *s); | |
1106 #ifndef OPENSSL_NO_TLSEXT | |
1107 int ssl3_check_finished(SSL *s); | |
1108 +# ifndef OPENSSL_NO_NEXTPROTONEG | |
1109 +int ssl3_send_next_proto(SSL *s); | |
1110 +# endif | |
1111 #endif | |
1112 | |
1113 int dtls1_client_hello(SSL *s); | |
1114 @@ -986,6 +989,9 @@ int ssl3_check_client_hello(SSL *s); | |
1115 int ssl3_get_client_certificate(SSL *s); | |
1116 int ssl3_get_client_key_exchange(SSL *s); | |
1117 int ssl3_get_cert_verify(SSL *s); | |
1118 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
1119 +int ssl3_get_next_proto(SSL *s); | |
1120 +#endif | |
1121 | |
1122 int dtls1_send_hello_request(SSL *s); | |
1123 int dtls1_send_server_hello(SSL *s); | |
1124 --- openssl-1.0.0b.orig/ssl/t1_lib.c 2010-11-16 13:26:24.000000000 +0000 | |
1125 +++ openssl-1.0.0b/ssl/t1_lib.c 2010-11-29 19:56:04.965928855 +0000 | |
1126 @@ -494,6 +494,18 @@ unsigned char *ssl_add_clienthello_tlsex | |
1127 i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); | |
1128 } | |
1129 | |
1130 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
1131 + if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) | |
1132 + { | |
1133 + /* The client advertises an emtpy extension to indicate its | |
1134 + * support for Next Protocol Negotiation */ | |
1135 + if (limit - ret - 4 < 0) | |
1136 + return NULL; | |
1137 + s2n(TLSEXT_TYPE_next_proto_neg,ret); | |
1138 + s2n(0,ret); | |
1139 + } | |
1140 +#endif | |
1141 + | |
1142 if ((extdatalen = ret-p-2)== 0) | |
1143 return p; | |
1144 | |
1145 @@ -505,6 +517,9 @@ unsigned char *ssl_add_serverhello_tlsex | |
1146 { | |
1147 int extdatalen=0; | |
1148 unsigned char *ret = p; | |
1149 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
1150 + int next_proto_neg_seen; | |
1151 +#endif | |
1152 | |
1153 /* don't add extensions for SSLv3, unless doing secure renegotiation */ | |
1154 if (s->version == SSL3_VERSION && !s->s3->send_connection_binding) | |
1155 @@ -618,6 +633,28 @@ unsigned char *ssl_add_serverhello_tlsex | |
1156 | |
1157 } | |
1158 | |
1159 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
1160 + next_proto_neg_seen = s->s3->next_proto_neg_seen; | |
1161 + s->s3->next_proto_neg_seen = 0; | |
1162 + if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) | |
1163 + { | |
1164 + const unsigned char *npa; | |
1165 + unsigned int npalen; | |
1166 + int r; | |
1167 + | |
1168 + r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->
next_protos_advertised_cb_arg); | |
1169 + if (r == SSL_TLSEXT_ERR_OK) | |
1170 + { | |
1171 + if ((long)(limit - ret - 4 - npalen) < 0) return NULL; | |
1172 + s2n(TLSEXT_TYPE_next_proto_neg,ret); | |
1173 + s2n(npalen,ret); | |
1174 + memcpy(ret, npa, npalen); | |
1175 + ret += npalen; | |
1176 + s->s3->next_proto_neg_seen = 1; | |
1177 + } | |
1178 + } | |
1179 +#endif | |
1180 + | |
1181 if ((extdatalen = ret-p-2)== 0) | |
1182 return p; | |
1183 | |
1184 @@ -982,6 +1019,28 @@ int ssl_parse_clienthello_tlsext(SSL *s, | |
1185 else | |
1186 s->tlsext_status_type = -1; | |
1187 } | |
1188 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
1189 + else if (type == TLSEXT_TYPE_next_proto_neg && | |
1190 + s->s3->tmp.finish_md_len == 0) | |
1191 + { | |
1192 + /* We shouldn't accept this extension on a | |
1193 + * renegotiation. | |
1194 + * | |
1195 + * s->new_session will be set on renegotiation, but we | |
1196 + * probably shouldn't rely that it couldn't be set on | |
1197 + * the initial renegotation too in certain cases (when | |
1198 + * there's some other reason to disallow resuming an | |
1199 + * earlier session -- the current code won't be doing | |
1200 + * anything like that, but this might change). | |
1201 + | |
1202 + * A valid sign that there's been a previous handshake | |
1203 + * in this connection is if s->s3->tmp.finish_md_len > | |
1204 + * 0. (We are talking about a check that will happen | |
1205 + * in the Hello protocol round, well before a new | |
1206 + * Finished message could have been computed.) */ | |
1207 + s->s3->next_proto_neg_seen = 1; | |
1208 + } | |
1209 +#endif | |
1210 | |
1211 /* session ticket processed earlier */ | |
1212 data+=size; | |
1213 @@ -1005,6 +1064,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, | |
1214 return 1; | |
1215 } | |
1216 | |
1217 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
1218 +/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No | |
1219 + * elements of zero length are allowed and the set of elements must exactly fil
l | |
1220 + * the length of the block. */ | |
1221 +static int ssl_next_proto_validate(unsigned char *d, unsigned len) | |
1222 + { | |
1223 + unsigned int off = 0; | |
1224 + | |
1225 + while (off < len) | |
1226 + { | |
1227 + if (d[off] == 0) | |
1228 + return 0; | |
1229 + off += d[off]; | |
1230 + off++; | |
1231 + } | |
1232 + | |
1233 + return off == len; | |
1234 + } | |
1235 +#endif | |
1236 + | |
1237 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, i
nt n, int *al) | |
1238 { | |
1239 unsigned short length; | |
1240 @@ -1139,6 +1218,39 @@ int ssl_parse_serverhello_tlsext(SSL *s, | |
1241 /* Set flag to expect CertificateStatus message */ | |
1242 s->tlsext_status_expected = 1; | |
1243 } | |
1244 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
1245 + else if (type == TLSEXT_TYPE_next_proto_neg) | |
1246 + { | |
1247 + unsigned char *selected; | |
1248 + unsigned char selected_len; | |
1249 + | |
1250 + /* We must have requested it. */ | |
1251 + if ((s->ctx->next_proto_select_cb == NULL)) | |
1252 + { | |
1253 + *al = TLS1_AD_UNSUPPORTED_EXTENSION; | |
1254 + return 0; | |
1255 + } | |
1256 + /* The data must be valid */ | |
1257 + if (!ssl_next_proto_validate(data, size)) | |
1258 + { | |
1259 + *al = TLS1_AD_DECODE_ERROR; | |
1260 + return 0; | |
1261 + } | |
1262 + if (s->ctx->next_proto_select_cb(s, &selected, &selected
_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK) | |
1263 + { | |
1264 + *al = TLS1_AD_INTERNAL_ERROR; | |
1265 + return 0; | |
1266 + } | |
1267 + s->next_proto_negotiated = OPENSSL_malloc(selected_len); | |
1268 + if (!s->next_proto_negotiated) | |
1269 + { | |
1270 + *al = TLS1_AD_INTERNAL_ERROR; | |
1271 + return 0; | |
1272 + } | |
1273 + memcpy(s->next_proto_negotiated, selected, selected_len)
; | |
1274 + s->next_proto_negotiated_len = selected_len; | |
1275 + } | |
1276 +#endif | |
1277 else if (type == TLSEXT_TYPE_renegotiate) | |
1278 { | |
1279 if(!ssl_parse_serverhello_renegotiate_ext(s, data, size,
al)) | |
1280 --- openssl-1.0.0b.orig/ssl/tls1.h 2009-11-11 14:51:29.000000000 +0000 | |
1281 +++ openssl-1.0.0b/ssl/tls1.h 2010-11-29 19:56:04.965928855 +0000 | |
1282 @@ -204,6 +204,11 @@ extern "C" { | |
1283 /* Temporary extension type */ | |
1284 #define TLSEXT_TYPE_renegotiate 0xff01 | |
1285 | |
1286 +#ifndef OPENSSL_NO_NEXTPROTONEG | |
1287 +/* This is not an IANA defined extension number */ | |
1288 +#define TLSEXT_TYPE_next_proto_neg 13172 | |
1289 +#endif | |
1290 + | |
1291 /* NameType value from RFC 3546 */ | |
1292 #define TLSEXT_NAMETYPE_host_name 0 | |
1293 /* status request value from RFC 3546 */ | |
OLD | NEW |