Update Channel ID API to use a callback.
R=agl@chromium.org, rsleevi@chromium.org
Review URL: https://codereview.chromium.org/35493002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@230363 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
diff --git a/import_from_android.sh b/import_from_android.sh
index e7b5f55..fe40e3e 100755
--- a/import_from_android.sh
+++ b/import_from_android.sh
@@ -339,7 +339,7 @@
#
dump "Saving .svn subdirectories"
SAVED_SVN_TARBALL=$BUILD_DIR/saved-svn-subdirs.tar.gz
-#run tar czf $SAVED_SVN_TARBALL $(find . -type d -name ".svn")
+run tar czf $SAVED_SVN_TARBALL $(find . -type d -name ".svn")
# Re-run the import_openssl.sh script.
dump "Re-running the 'import_openssl.sh' script to reconfigure all sources."
@@ -360,7 +360,7 @@
run rm -rf "$PROGDIR/openssl.old"
dump "Restoring .svn subdirectores"
-# run tar xzf $SAVED_SVN_TARBALL
+run tar xzf $SAVED_SVN_TARBALL
# Extract list of source files or compiler defines from openssl.config
# variable definition. This assumes that the lists are in variables that
diff --git a/openssl/include/openssl/ssl.h b/openssl/include/openssl/ssl.h
index 4d893a1..f72d891 100644
--- a/openssl/include/openssl/ssl.h
+++ b/openssl/include/openssl/ssl.h
@@ -848,6 +848,9 @@
/* get client cert callback */
int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ /* get channel id callback */
+ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
+
/* cookie generate callback */
int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
@@ -1043,6 +1046,8 @@
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
+void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
#ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
#endif
diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c
index edbf6d0..1c2731f 100644
--- a/openssl/ssl/s3_clnt.c
+++ b/openssl/ssl/s3_clnt.c
@@ -3414,12 +3414,21 @@
if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
- if (s->tlsext_channel_id_private == NULL)
- {
- s->rwstate=SSL_CHANNEL_ID_LOOKUP;
- return (-1);
- }
- s->rwstate=SSL_NOTHING;
+ if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb)
+ {
+ EVP_PKEY* key = NULL;
+ s->ctx->channel_id_cb(s, &key);
+ if (key != NULL)
+ {
+ s->tlsext_channel_id_private = key;
+ }
+ }
+ if (!s->tlsext_channel_id_private)
+ {
+ s->rwstate=SSL_CHANNEL_ID_LOOKUP;
+ return (-1);
+ }
+ s->rwstate=SSL_NOTHING;
d = (unsigned char *)s->init_buf->data;
*(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
diff --git a/openssl/ssl/ssl.h b/openssl/ssl/ssl.h
index 4d893a1..f72d891 100644
--- a/openssl/ssl/ssl.h
+++ b/openssl/ssl/ssl.h
@@ -848,6 +848,9 @@
/* get client cert callback */
int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ /* get channel id callback */
+ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
+
/* cookie generate callback */
int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
@@ -1043,6 +1046,8 @@
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
+void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
#ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
#endif
diff --git a/openssl/ssl/ssl_sess.c b/openssl/ssl/ssl_sess.c
index 920b763..85360af 100644
--- a/openssl/ssl/ssl_sess.c
+++ b/openssl/ssl/ssl_sess.c
@@ -1132,6 +1132,17 @@
return ctx->client_cert_cb;
}
+void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,
+ void (*cb)(SSL *ssl, EVP_PKEY **pkey))
+ {
+ ctx->channel_id_cb=cb;
+ }
+
+void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey)
+ {
+ return ctx->channel_id_cb;
+ }
+
#ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
{
diff --git a/patches.chromium/channelid.patch b/patches.chromium/channelid.patch
index 0c761c6..73c425d 100644
--- a/patches.chromium/channelid.patch
+++ b/patches.chromium/channelid.patch
@@ -1,7 +1,7 @@
diff -burN android-openssl.orig/crypto/bio/bio.h android-openssl/crypto/bio/bio.h
---- android-openssl.orig/crypto/bio/bio.h 2013-10-18 16:41:41.052291400 +0200
-+++ android-openssl/crypto/bio/bio.h 2013-10-18 16:42:58.772982447 +0200
-@@ -266,6 +266,8 @@
+--- android-openssl.orig/crypto/bio/bio.h 2013-02-11 16:26:04.000000000 +0100
++++ android-openssl/crypto/bio/bio.h 2013-10-22 18:22:42.080337200 +0200
+@@ -266,6 +266,9 @@
#define BIO_RR_CONNECT 0x02
/* Returned from the accept BIO when an accept would have blocked */
#define BIO_RR_ACCEPT 0x03
@@ -12,8 +12,8 @@
/* These are passed by the BIO callback */
#define BIO_CB_FREE 0x01
diff -burN android-openssl.orig/include/openssl/bio.h android-openssl/include/openssl/bio.h
---- android-openssl.orig/include/openssl/bio.h 2013-10-18 16:41:41.162292378 +0200
-+++ android-openssl/include/openssl/bio.h 2013-10-18 16:42:58.772982447 +0200
+--- android-openssl.orig/include/openssl/bio.h 2013-10-22 18:20:42.249270230 +0200
++++ android-openssl/include/openssl/bio.h 2013-10-22 18:22:42.080337200 +0200
@@ -266,6 +266,9 @@
#define BIO_RR_CONNECT 0x02
/* Returned from the accept BIO when an accept would have blocked */
@@ -25,9 +25,28 @@
/* These are passed by the BIO callback */
#define BIO_CB_FREE 0x01
diff -burN android-openssl.orig/include/openssl/ssl.h android-openssl/include/openssl/ssl.h
---- android-openssl.orig/include/openssl/ssl.h 2013-10-18 16:41:41.252293178 +0200
-+++ android-openssl/include/openssl/ssl.h 2013-10-18 16:42:58.772982447 +0200
-@@ -1104,12 +1104,14 @@
+--- android-openssl.orig/include/openssl/ssl.h 2013-10-22 18:20:42.259270320 +0200
++++ android-openssl/include/openssl/ssl.h 2013-10-22 18:24:14.771162612 +0200
+@@ -848,6 +848,9 @@
+ /* get client cert callback */
+ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
++ /* get channel id callback */
++ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
++
+ /* cookie generate callback */
+ int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len);
+@@ -1043,6 +1046,8 @@
+ void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
+ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
+ #ifndef OPENSSL_NO_ENGINE
+ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+ #endif
+@@ -1104,12 +1109,14 @@
#define SSL_WRITING 2
#define SSL_READING 3
#define SSL_X509_LOOKUP 4
@@ -42,7 +61,7 @@
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-@@ -1535,6 +1537,7 @@
+@@ -1535,6 +1542,7 @@
#define SSL_ERROR_ZERO_RETURN 6
#define SSL_ERROR_WANT_CONNECT 7
#define SSL_ERROR_WANT_ACCEPT 8
@@ -50,7 +69,7 @@
#define SSL_CTRL_NEED_TMP_RSA 1
#define SSL_CTRL_SET_TMP_RSA 2
-@@ -1672,10 +1675,11 @@
+@@ -1672,10 +1680,11 @@
#define SSL_set_tmp_ecdh(ssl,ecdh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
@@ -67,8 +86,8 @@
* compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
* success. */
diff -burN android-openssl.orig/ssl/bio_ssl.c android-openssl/ssl/bio_ssl.c
---- android-openssl.orig/ssl/bio_ssl.c 2013-10-18 16:41:41.172292466 +0200
-+++ android-openssl/ssl/bio_ssl.c 2013-10-18 16:42:58.772982447 +0200
+--- android-openssl.orig/ssl/bio_ssl.c 2013-02-11 16:26:04.000000000 +0100
++++ android-openssl/ssl/bio_ssl.c 2013-10-22 18:22:42.090337290 +0200
@@ -206,6 +206,10 @@
BIO_set_retry_special(b);
retry_reason=BIO_RR_SSL_X509_LOOKUP;
@@ -92,25 +111,34 @@
BIO_set_retry_special(b);
retry_reason=BIO_RR_CONNECT;
diff -burN android-openssl.orig/ssl/s3_clnt.c android-openssl/ssl/s3_clnt.c
---- android-openssl.orig/ssl/s3_clnt.c 2013-10-18 16:41:41.262293266 +0200
-+++ android-openssl/ssl/s3_clnt.c 2013-10-18 16:42:58.772982447 +0200
-@@ -3414,6 +3414,13 @@
+--- android-openssl.orig/ssl/s3_clnt.c 2013-10-22 18:20:40.289252781 +0200
++++ android-openssl/ssl/s3_clnt.c 2013-10-22 18:22:42.090337290 +0200
+@@ -3414,6 +3414,22 @@
if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-+ if (s->tlsext_channel_id_private == NULL)
-+ {
-+ s->rwstate=SSL_CHANNEL_ID_LOOKUP;
-+ return (-1);
-+ }
-+ s->rwstate=SSL_NOTHING;
++ if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb)
++ {
++ EVP_PKEY* key = NULL;
++ s->ctx->channel_id_cb(s, &key);
++ if (key != NULL)
++ {
++ s->tlsext_channel_id_private = key;
++ }
++ }
++ if (!s->tlsext_channel_id_private)
++ {
++ s->rwstate=SSL_CHANNEL_ID_LOOKUP;
++ return (-1);
++ }
++ s->rwstate=SSL_NOTHING;
+
d = (unsigned char *)s->init_buf->data;
*(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
diff -burN android-openssl.orig/ssl/s3_lib.c android-openssl/ssl/s3_lib.c
---- android-openssl.orig/ssl/s3_lib.c 2013-10-18 16:41:41.262293266 +0200
-+++ android-openssl/ssl/s3_lib.c 2013-10-18 16:42:58.772982447 +0200
+--- android-openssl.orig/ssl/s3_lib.c 2013-10-22 18:20:40.289252781 +0200
++++ android-openssl/ssl/s3_lib.c 2013-10-22 18:22:42.090337290 +0200
@@ -3358,8 +3358,6 @@
break;
#endif
@@ -139,9 +167,28 @@
default:
diff -burN android-openssl.orig/ssl/ssl.h android-openssl/ssl/ssl.h
---- android-openssl.orig/ssl/ssl.h 2013-10-18 16:41:41.262293266 +0200
-+++ android-openssl/ssl/ssl.h 2013-10-18 16:42:58.772982447 +0200
-@@ -1104,12 +1104,14 @@
+--- android-openssl.orig/ssl/ssl.h 2013-10-22 18:20:40.299252871 +0200
++++ android-openssl/ssl/ssl.h 2013-10-22 18:24:24.121245879 +0200
+@@ -848,6 +848,9 @@
+ /* get client cert callback */
+ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
++ /* get channel id callback */
++ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
++
+ /* cookie generate callback */
+ int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len);
+@@ -1043,6 +1046,8 @@
+ void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
+ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
+ #ifndef OPENSSL_NO_ENGINE
+ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+ #endif
+@@ -1104,12 +1109,14 @@
#define SSL_WRITING 2
#define SSL_READING 3
#define SSL_X509_LOOKUP 4
@@ -156,7 +203,7 @@
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-@@ -1535,6 +1537,7 @@
+@@ -1535,6 +1542,7 @@
#define SSL_ERROR_ZERO_RETURN 6
#define SSL_ERROR_WANT_CONNECT 7
#define SSL_ERROR_WANT_ACCEPT 8
@@ -164,7 +211,7 @@
#define SSL_CTRL_NEED_TMP_RSA 1
#define SSL_CTRL_SET_TMP_RSA 2
-@@ -1672,10 +1675,11 @@
+@@ -1672,10 +1680,11 @@
#define SSL_set_tmp_ecdh(ssl,ecdh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
@@ -181,8 +228,8 @@
* compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
* success. */
diff -burN android-openssl.orig/ssl/ssl_lib.c android-openssl/ssl/ssl_lib.c
---- android-openssl.orig/ssl/ssl_lib.c 2013-10-18 16:41:41.262293266 +0200
-+++ android-openssl/ssl/ssl_lib.c 2013-10-18 16:42:58.772982447 +0200
+--- android-openssl.orig/ssl/ssl_lib.c 2013-10-22 18:20:40.299252871 +0200
++++ android-openssl/ssl/ssl_lib.c 2013-10-22 18:22:42.090337290 +0200
@@ -2561,6 +2561,10 @@
{
return(SSL_ERROR_WANT_X509_LOOKUP);
@@ -194,3 +241,24 @@
if (i == 0)
{
+diff -burN android-openssl.orig/ssl/ssl_sess.c android-openssl/ssl/ssl_sess.c
+--- android-openssl.orig/ssl/ssl_sess.c 2013-10-22 18:20:40.289252781 +0200
++++ android-openssl/ssl/ssl_sess.c 2013-10-22 18:22:42.090337290 +0200
+@@ -1132,6 +1132,17 @@
+ return ctx->client_cert_cb;
+ }
+
++void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,
++ void (*cb)(SSL *ssl, EVP_PKEY **pkey))
++ {
++ ctx->channel_id_cb=cb;
++ }
++
++void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey)
++ {
++ return ctx->channel_id_cb;
++ }
++
+ #ifndef OPENSSL_NO_ENGINE
+ int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+ {