openssl/openssl-0.9.8j-eap-fast.patch

   1 diff -up openssl-0.9.8j/ssl/t1_lib.c.eap-fast openssl-0.9.8j/ssl/t1_lib.c
   2 --- openssl-0.9.8j/ssl/t1_lib.c.eap-fast        2009-01-14 16:39:41.000000000 +0100
   3 +++ openssl-0.9.8j/ssl/t1_lib.c 2009-01-14 21:35:38.000000000 +0100
   4 @@ -106,6 +106,12 @@ int tls1_new(SSL *s)
   5
   6  void tls1_free(SSL *s)
   7         {
   8 +#ifndef OPENSSL_NO_TLSEXT
   9 +       if (s && s->tlsext_session_ticket)
  10 +               {
  11 +               OPENSSL_free(s->tlsext_session_ticket);
  12 +               }
  13 +#endif /* OPENSSL_NO_TLSEXT */
  14         ssl3_free(s);
  15         }
  16
  17 @@ -180,8 +186,23 @@ unsigned char *ssl_add_clienthello_tlsex
  18                 int ticklen;
  19                 if (s->session && s->session->tlsext_tick)
  20                         ticklen = s->session->tlsext_ticklen;
  21 +               else if (s->session && s->tlsext_session_ticket &&
  22 +                        s->tlsext_session_ticket->data)
  23 +                       {
  24 +                       ticklen = s->tlsext_session_ticket->length;
  25 +                       s->session->tlsext_tick = OPENSSL_malloc(ticklen);
  26 +                       if (!s->session->tlsext_tick)
  27 +                               return NULL;
  28 +                       memcpy(s->session->tlsext_tick,
  29 +                              s->tlsext_session_ticket->data,
  30 +                              ticklen);
  31 +                       s->session->tlsext_ticklen = ticklen;
  32 +                       }
  33                 else
  34                         ticklen = 0;
  35 +               if (ticklen == 0 && s->tlsext_session_ticket &&
  36 +                   s->tlsext_session_ticket->data == NULL)
  37 +                       goto skip_ext;
  38                 /* Check for enough room 2 for extension type, 2 for len
  39                  * rest for ticket
  40                  */
  41 @@ -195,6 +216,7 @@ unsigned char *ssl_add_clienthello_tlsex
  42                         ret += ticklen;
  43                         }
  44                 }
  45 +               skip_ext:
  46
  47         if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
  48                 {
  49 @@ -417,6 +439,15 @@ int ssl_parse_clienthello_tlsext(SSL *s,
  50                                 }
  51
  52                         }
  53 +               else if (type == TLSEXT_TYPE_session_ticket)
  54 +                       {
  55 +                       if (s->tls_session_ticket_ext_cb &&
  56 +                           !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
  57 +                               {
  58 +                               *al = TLS1_AD_INTERNAL_ERROR;
  59 +                               return 0;
  60 +                               }
  61 +                       }
  62                 else if (type == TLSEXT_TYPE_status_request
  63                                                 && s->ctx->tlsext_status_cb)
  64                         {
  65 @@ -563,6 +594,12 @@ int ssl_parse_serverhello_tlsext(SSL *s,
  66                         }
  67                 else if (type == TLSEXT_TYPE_session_ticket)
  68                         {
  69 +                       if (s->tls_session_ticket_ext_cb &&
  70 +                           !s->tls_session_ticket_ext_cb(s, data, size, s->tls_session_ticket_ext_cb_arg))
  71 +                               {
  72 +                               *al = TLS1_AD_INTERNAL_ERROR;
  73 +                               return 0;
  74 +                               }
  75                         if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
  76                                 || (size > 0))
  77                                 {
  78 @@ -786,6 +823,15 @@ int tls1_process_ticket(SSL *s, unsigned
  79                                 s->tlsext_ticket_expected = 1;
  80                                 return 0;       /* Cache miss */
  81                                 }
  82 +                       if (s->tls_session_secret_cb)
  83 +                               {
  84 +                               /* Indicate cache miss here and instead of
  85 +                                * generating the session from ticket now,
  86 +                                * trigger abbreviated handshake based on
  87 +                                * external mechanism to calculate the master
  88 +                                * secret later. */
  89 +                               return 0;
  90 +                               }
  91                         return tls_decrypt_ticket(s, p, size, session_id, len,
  92                                                                         ret);
  93                         }
  94 diff -up openssl-0.9.8j/ssl/s3_clnt.c.eap-fast openssl-0.9.8j/ssl/s3_clnt.c
  95 --- openssl-0.9.8j/ssl/s3_clnt.c.eap-fast       2009-01-07 11:48:23.000000000 +0100
  96 +++ openssl-0.9.8j/ssl/s3_clnt.c        2009-01-14 21:13:47.000000000 +0100
  97 @@ -759,6 +759,23 @@ int ssl3_get_server_hello(SSL *s)
  98                 goto f_err;
  99                 }
 100
 101 +#ifndef OPENSSL_NO_TLSEXT
 102 +       /* check if we want to resume the session based on external pre-shared secret */
 103 +       if (s->version >= TLS1_VERSION && s->tls_session_secret_cb)
 104 +               {
 105 +               SSL_CIPHER *pref_cipher=NULL;
 106 +               s->session->master_key_length=sizeof(s->session->master_key);
 107 +               if (s->tls_session_secret_cb(s, s->session->master_key,
 108 +                                            &s->session->master_key_length,
 109 +                                            NULL, &pref_cipher,
 110 +                                            s->tls_session_secret_cb_arg))
 111 +                       {
 112 +                       s->session->cipher = pref_cipher ?
 113 +                               pref_cipher : ssl_get_cipher_by_char(s, p+j);
 114 +                       }
 115 +               }
 116 +#endif /* OPENSSL_NO_TLSEXT */
 117 +
 118         if (j != 0 && j == s->session->session_id_length
 119             && memcmp(p,s->session->session_id,j) == 0)
 120             {
 121 @@ -2701,11 +2718,8 @@ static int ssl3_check_finished(SSL *s)
 122         {
 123         int ok;
 124         long n;
 125 -       /* If we have no ticket or session ID is non-zero length (a match of
 126 -        * a non-zero session length would never reach here) it cannot be a
 127 -        * resumed session.
 128 -        */
 129 -       if (!s->session->tlsext_tick || s->session->session_id_length)
 130 +       /* If we have no ticket it cannot be a resumed session. */
 131 +       if (!s->session->tlsext_tick)
 132                 return 1;
 133         /* this function is called when we really expect a Certificate
 134          * message, so permit appropriate message length */
 135 diff -up openssl-0.9.8j/ssl/ssl_sess.c.eap-fast openssl-0.9.8j/ssl/ssl_sess.c
 136 --- openssl-0.9.8j/ssl/ssl_sess.c.eap-fast      2008-06-04 20:35:27.000000000 +0200
 137 +++ openssl-0.9.8j/ssl/ssl_sess.c       2009-01-14 21:13:47.000000000 +0100
 138 @@ -707,6 +707,61 @@ long SSL_CTX_get_timeout(const SSL_CTX *
 139         return(s->session_timeout);
 140         }
 141
 142 +#ifndef OPENSSL_NO_TLSEXT
 143 +int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s, void *secret, int *secret_len,
 144 +       STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg), void *arg)
 145 +       {
 146 +       if (s == NULL) return(0);
 147 +       s->tls_session_secret_cb = tls_session_secret_cb;
 148 +       s->tls_session_secret_cb_arg = arg;
 149 +       return(1);
 150 +       }
 151 +
 152 +int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 153 +                                 void *arg)
 154 +       {
 155 +       if (s == NULL) return(0);
 156 +       s->tls_session_ticket_ext_cb = cb;
 157 +       s->tls_session_ticket_ext_cb_arg = arg;
 158 +       return(1);
 159 +       }
 160 +
 161 +int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
 162 +       {
 163 +       if (s->version >= TLS1_VERSION)
 164 +               {
 165 +               if (s->tlsext_session_ticket)
 166 +                       {
 167 +                       OPENSSL_free(s->tlsext_session_ticket);
 168 +                       s->tlsext_session_ticket = NULL;
 169 +                       }
 170 +
 171 +               s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
 172 +               if (!s->tlsext_session_ticket)
 173 +                       {
 174 +                       SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
 175 +                       return 0;
 176 +                       }
 177 +
 178 +               if (ext_data)
 179 +                       {
 180 +                       s->tlsext_session_ticket->length = ext_len;
 181 +                       s->tlsext_session_ticket->data = s->tlsext_session_ticket + 1;
 182 +                       memcpy(s->tlsext_session_ticket->data, ext_data, ext_len);
 183 +                       }
 184 +               else
 185 +                       {
 186 +                       s->tlsext_session_ticket->length = 0;
 187 +                       s->tlsext_session_ticket->data = NULL;
 188 +                       }
 189 +
 190 +               return 1;
 191 +               }
 192 +
 193 +       return 0;
 194 +       }
 195 +#endif /* OPENSSL_NO_TLSEXT */
 196 +
 197  typedef struct timeout_param_st
 198         {
 199         SSL_CTX *ctx;
 200 diff -up openssl-0.9.8j/ssl/s3_srvr.c.eap-fast openssl-0.9.8j/ssl/s3_srvr.c
 201 --- openssl-0.9.8j/ssl/s3_srvr.c.eap-fast       2009-01-07 11:48:23.000000000 +0100
 202 +++ openssl-0.9.8j/ssl/s3_srvr.c        2009-01-14 21:22:37.000000000 +0100
 203 @@ -965,6 +965,59 @@ int ssl3_get_client_hello(SSL *s)
 204                         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
 205                         goto err;
 206                 }
 207 +
 208 +       /* Check if we want to use external pre-shared secret for this
 209 +        * handshake for not reused session only. We need to generate
 210 +        * server_random before calling tls_session_secret_cb in order to allow
 211 +        * SessionTicket processing to use it in key derivation. */
 212 +       {
 213 +               unsigned long Time;
 214 +               unsigned char *pos;
 215 +               Time=(unsigned long)time(NULL);                 /* Time */
 216 +               pos=s->s3->server_random;
 217 +               l2n(Time,pos);
 218 +               if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
 219 +                       {
 220 +                       al=SSL_AD_INTERNAL_ERROR;
 221 +                       goto f_err;
 222 +                       }
 223 +       }
 224 +
 225 +       if (!s->hit && s->version >= TLS1_VERSION && s->tls_session_secret_cb)
 226 +               {
 227 +               SSL_CIPHER *pref_cipher=NULL;
 228 +
 229 +               s->session->master_key_length=sizeof(s->session->master_key);
 230 +               if(s->tls_session_secret_cb(s, s->session->master_key, &s->session->master_key_length,
 231 +                       ciphers, &pref_cipher, s->tls_session_secret_cb_arg))
 232 +                       {
 233 +                       s->hit=1;
 234 +                       s->session->ciphers=ciphers;
 235 +                       s->session->verify_result=X509_V_OK;
 236 +
 237 +                       ciphers=NULL;
 238 +
 239 +                       /* check if some cipher was preferred by call back */
 240 +                       pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
 241 +                       if (pref_cipher == NULL)
 242 +                               {
 243 +                               al=SSL_AD_HANDSHAKE_FAILURE;
 244 +                               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
 245 +                               goto f_err;
 246 +                               }
 247 +
 248 +                       s->session->cipher=pref_cipher;
 249 +
 250 +                       if (s->cipher_list)
 251 +                               sk_SSL_CIPHER_free(s->cipher_list);
 252 +
 253 +                       if (s->cipher_list_by_id)
 254 +                               sk_SSL_CIPHER_free(s->cipher_list_by_id);
 255 +
 256 +                       s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
 257 +                       s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
 258 +                       }
 259 +               }
 260  #endif
 261         /* Worst case, we will use the NULL compression, but if we have other
 262          * options, we will now look for them.  We have i-1 compression
 263 @@ -1103,16 +1156,22 @@ int ssl3_send_server_hello(SSL *s)
 264         unsigned char *buf;
 265         unsigned char *p,*d;
 266         int i,sl;
 267 -       unsigned long l,Time;
 268 +       unsigned long l;
 269 +#ifdef OPENSSL_NO_TLSEXT
 270 +       unsigned long Time;
 271 +#endif
 272
 273         if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
 274                 {
 275                 buf=(unsigned char *)s->init_buf->data;
 276 +#ifdef OPENSSL_NO_TLSEXT
 277                 p=s->s3->server_random;
 278 +               /* Generate server_random if it was not needed previously */
 279                 Time=(unsigned long)time(NULL);                 /* Time */
 280                 l2n(Time,p);
 281                 if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
 282                         return -1;
 283 +#endif
 284                 /* Do the message type and length last */
 285                 d=p= &(buf[4]);
 286
 287 diff -up openssl-0.9.8j/ssl/tls1.h.eap-fast openssl-0.9.8j/ssl/tls1.h
 288 --- openssl-0.9.8j/ssl/tls1.h.eap-fast  2009-01-14 16:39:41.000000000 +0100
 289 +++ openssl-0.9.8j/ssl/tls1.h   2009-01-14 21:13:47.000000000 +0100
 290 @@ -398,6 +398,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T
 291  #define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
 292  #endif
 293
 294 +/* TLS Session Ticket extension struct */
 295 +struct tls_session_ticket_ext_st
 296 +       {
 297 +       unsigned short length;
 298 +       void *data;
 299 +       };
 300 +
 301  #ifdef  __cplusplus
 302  }
 303  #endif
 304 diff -up openssl-0.9.8j/ssl/ssl_err.c.eap-fast openssl-0.9.8j/ssl/ssl_err.c
 305 --- openssl-0.9.8j/ssl/ssl_err.c.eap-fast       2008-08-13 21:44:44.000000000 +0200
 306 +++ openssl-0.9.8j/ssl/ssl_err.c        2009-01-14 21:13:47.000000000 +0100
 307 @@ -253,6 +253,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 308  {ERR_FUNC(SSL_F_TLS1_ENC),     "TLS1_ENC"},
 309  {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
 310  {ERR_FUNC(SSL_F_WRITE_PENDING),        "WRITE_PENDING"},
 311 +{ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"},
 312  {0,NULL}
 313         };
 314
 315 diff -up openssl-0.9.8j/ssl/ssl.h.eap-fast openssl-0.9.8j/ssl/ssl.h
 316 --- openssl-0.9.8j/ssl/ssl.h.eap-fast   2009-01-14 16:39:41.000000000 +0100
 317 +++ openssl-0.9.8j/ssl/ssl.h    2009-01-14 21:26:45.000000000 +0100
 318 @@ -344,6 +344,7 @@ extern "C" {
 319   * 'struct ssl_st *' function parameters used to prototype callbacks
 320   * in SSL_CTX. */
 321  typedef struct ssl_st *ssl_crock_st;
 322 +typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
 323
 324  /* used to hold info on the particular ciphers used */
 325  typedef struct ssl_cipher_st
 326 @@ -362,6 +363,9 @@ typedef struct ssl_cipher_st
 327
 328  DECLARE_STACK_OF(SSL_CIPHER)
 329
 330 +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
 331 +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 332 +
 333  /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
 334  typedef struct ssl_method_st
 335         {
 336 @@ -1034,6 +1038,18 @@ struct ssl_st
 337
 338         /* RFC4507 session ticket expected to be received or sent */
 339         int tlsext_ticket_expected;
 340 +
 341 +       /* TLS Session Ticket extension override */
 342 +       TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
 343 +
 344 +       /* TLS Session Ticket extension callback */
 345 +       tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
 346 +       void *tls_session_ticket_ext_cb_arg;
 347 +
 348 +       /* TLS pre-shared secret session resumption */
 349 +       tls_session_secret_cb_fn tls_session_secret_cb;
 350 +       void *tls_session_secret_cb_arg;
 351 +
 352         SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
 353  #define session_ctx initial_ctx
 354  #else
 355 @@ -1624,6 +1640,15 @@ void *SSL_COMP_get_compression_methods(v
 356  int SSL_COMP_add_compression_method(int id,void *cm);
 357  #endif
 358
 359 +/* TLS extensions functions */
 360 +int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
 361 +
 362 +int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 363 +                                 void *arg);
 364 +
 365 +/* Pre-shared secret session resumption functions */
 366 +int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 367 +
 368  /* BEGIN ERROR CODES */
 369  /* The following lines are auto generated by the script mkerr.pl. Any changes
 370   * made after this point may be overwritten when the script is next run.
 371 @@ -1816,6 +1841,7 @@ void ERR_load_SSL_strings(void);
 372  #define SSL_F_TLS1_ENC                                  210
 373  #define SSL_F_TLS1_SETUP_KEY_BLOCK                      211
 374  #define SSL_F_WRITE_PENDING                             212
 375 +#define SSL_F_SSL_SET_SESSION_TICKET_EXT                213
 376
 377  /* Reason codes. */
 378  #define SSL_R_APP_DATA_IN_HANDSHAKE                     100