ChannelID support.
Implement ChannelID as both a client and server.
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index f49eab2..cdbcb66 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -473,7 +473,8 @@
#endif
/* Feed this message into MAC computation. */
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
+ if (*((unsigned char*) s->init_buf->data) != SSL3_MT_ENCRYPTED_EXTENSIONS)
+ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
if (s->msg_callback)
s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
*ok=1;
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index ba0410a..af664de 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -465,13 +465,14 @@
SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
if (ret <= 0) goto end;
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
- s->state=SSL3_ST_CW_FINISHED_A;
-#else
+ s->state=SSL3_ST_CW_FINISHED_A;
+#if !defined(OPENSSL_NO_TLSEXT)
+ if (s->s3->tlsext_channel_id_valid)
+ s->state=SSL3_ST_CW_CHANNEL_ID_A;
+# if !defined(OPENSSL_NO_NEXTPROTONEG)
if (s->s3->next_proto_neg_seen)
s->state=SSL3_ST_CW_NEXT_PROTO_A;
- else
- s->state=SSL3_ST_CW_FINISHED_A;
+# endif
#endif
s->init_num=0;
@@ -497,6 +498,18 @@
case SSL3_ST_CW_NEXT_PROTO_B:
ret=ssl3_send_next_proto(s);
if (ret <= 0) goto end;
+ if (s->s3->tlsext_channel_id_valid)
+ s->state=SSL3_ST_CW_CHANNEL_ID_A;
+ else
+ s->state=SSL3_ST_CW_FINISHED_A;
+ break;
+#endif
+
+#if !defined(OPENSSL_NO_TLSEXT)
+ case SSL3_ST_CW_CHANNEL_ID_A:
+ case SSL3_ST_CW_CHANNEL_ID_B:
+ ret=ssl3_send_channel_id(s);
+ if (ret <= 0) goto end;
s->state=SSL3_ST_CW_FINISHED_A;
break;
#endif
@@ -524,6 +537,18 @@
}
else
{
+ /* This is a non-resumption handshake. If it
+ * involves ChannelID, then record the
+ * handshake hashes at this point in the
+ * session so that any resumption of this
+ * session with ChannelID can sign those
+ * hashes. */
+ if (s->s3->tlsext_channel_id_new)
+ {
+ ret = tls1_record_handshake_hashes_for_channel_id(s);
+ if (ret <= 0)
+ goto end;
+ }
if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
&& ssl3_can_cutthrough(s)
&& s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
@@ -3135,7 +3160,8 @@
return(0);
}
-#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#if !defined(OPENSSL_NO_TLSEXT)
+# if !defined(OPENSSL_NO_NEXTPROTONEG)
int ssl3_send_next_proto(SSL *s)
{
unsigned int len, padding_len;
@@ -3159,7 +3185,136 @@
return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
}
-#endif /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
+
+# endif /* !OPENSSL_NO_NEXTPROTONEG */
+
+int ssl3_send_channel_id(SSL *s)
+ {
+ unsigned char *d;
+ int ret = -1, public_key_len;
+ EVP_MD_CTX md_ctx;
+ size_t sig_len;
+ ECDSA_SIG *sig = NULL;
+ unsigned char *public_key = NULL, *derp, *der_sig = NULL;
+
+ if (s->state != SSL3_ST_CW_CHANNEL_ID_A)
+ return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+
+ if (!s->tlsext_channel_id_private && s->ctx->channel_id_cb)
+ {
+ EVP_PKEY *key = NULL;
+ s->ctx->channel_id_cb(s, &key);
+ if (key != NULL)
+ {
+ s->tlsext_channel_id_private = key;
+ }
+ }
+ if (!s->tlsext_channel_id_private)
+ {
+ s->rwstate=SSL_CHANNEL_ID_LOOKUP;
+ return (-1);
+ }
+ s->rwstate=SSL_NOTHING;
+
+ d = (unsigned char *)s->init_buf->data;
+ *(d++)=SSL3_MT_ENCRYPTED_EXTENSIONS;
+ l2n3(2 + 2 + TLSEXT_CHANNEL_ID_SIZE, d);
+ if (s->s3->tlsext_channel_id_new)
+ s2n(TLSEXT_TYPE_channel_id_new, d);
+ else
+ s2n(TLSEXT_TYPE_channel_id, d);
+ s2n(TLSEXT_CHANNEL_ID_SIZE, d);
+
+ EVP_MD_CTX_init(&md_ctx);
+
+ public_key_len = i2d_PublicKey(s->tlsext_channel_id_private, NULL);
+ if (public_key_len <= 0)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_channel_id, SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY);
+ goto err;
+ }
+ /* i2d_PublicKey will produce an ANSI X9.62 public key which, for a
+ * P-256 key, is 0x04 (meaning uncompressed) followed by the x and y
+ * field elements as 32-byte, big-endian numbers. */
+ if (public_key_len != 65)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_channel_id, SSL_R_CHANNEL_ID_NOT_P256);
+ goto err;
+ }
+ public_key = OPENSSL_malloc(public_key_len);
+ if (!public_key)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_channel_id, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ derp = public_key;
+ i2d_PublicKey(s->tlsext_channel_id_private, &derp);
+
+ if (EVP_DigestSignInit(&md_ctx, NULL, EVP_sha256(), NULL,
+ s->tlsext_channel_id_private) != 1)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_channel_id, SSL_R_EVP_DIGESTSIGNINIT_FAILED);
+ goto err;
+ }
+
+ if (!tls1_channel_id_hash(&md_ctx, s))
+ goto err;
+
+ if (!EVP_DigestSignFinal(&md_ctx, NULL, &sig_len))
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_channel_id, SSL_R_EVP_DIGESTSIGNFINAL_FAILED);
+ goto err;
+ }
+
+ der_sig = OPENSSL_malloc(sig_len);
+ if (!der_sig)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_channel_id, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EVP_DigestSignFinal(&md_ctx, der_sig, &sig_len))
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_channel_id, SSL_R_EVP_DIGESTSIGNFINAL_FAILED);
+ goto err;
+ }
+
+ derp = der_sig;
+ sig = d2i_ECDSA_SIG(NULL, (const unsigned char**) &derp, sig_len);
+ if (sig == NULL)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_send_channel_id, SSL_R_D2I_ECDSA_SIG);
+ goto err;
+ }
+
+ /* The first byte of public_key will be 0x4, denoting an uncompressed key. */
+ memcpy(d, public_key + 1, 64);
+ d += 64;
+ memset(d, 0, 2 * 32);
+ BN_bn2bin(sig->r, d + 32 - BN_num_bytes(sig->r));
+ d += 32;
+ BN_bn2bin(sig->s, d + 32 - BN_num_bytes(sig->s));
+ d += 32;
+
+ s->state = SSL3_ST_CW_CHANNEL_ID_B;
+ s->init_num = 4 + 2 + 2 + TLSEXT_CHANNEL_ID_SIZE;
+ s->init_off = 0;
+
+ ret = ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+
+err:
+ EVP_MD_CTX_cleanup(&md_ctx);
+ if (public_key)
+ OPENSSL_free(public_key);
+ if (der_sig)
+ OPENSSL_free(der_sig);
+ if (sig)
+ ECDSA_SIG_free(sig);
+
+ return ret;
+ }
+#endif /* !OPENSSL_NO_TLSEXT */
/* Check to see if handshake is full or resumed. Usually this is just a
* case of checking to see if a cache hit has occurred. In the case of
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index edffd21..8835014 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2601,6 +2601,11 @@
s->s3=s3;
+#if !defined(OPENSSL_NO_TLSEXT)
+ s->tlsext_channel_id_enabled = s->ctx->tlsext_channel_id_enabled;
+ if (s->ctx->tlsext_channel_id_private)
+ s->tlsext_channel_id_private = EVP_PKEY_dup(s->ctx->tlsext_channel_id_private);
+#endif
s->method->ssl_clear(s);
return(1);
err:
@@ -2756,6 +2761,10 @@
s->next_proto_negotiated_len = 0;
}
#endif
+
+#if !defined(OPENSSL_NO_TLSEXT)
+ s->s3->tlsext_channel_id_valid = 0;
+#endif
}
static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
@@ -3192,6 +3201,35 @@
return (int)sess->tlsext_ecpointformatlist_length;
}
#endif
+
+ case SSL_CTRL_CHANNEL_ID:
+ s->tlsext_channel_id_enabled = 1;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_SET_CHANNEL_ID:
+ if (s->server)
+ break;
+ s->tlsext_channel_id_enabled = 1;
+ if (EVP_PKEY_bits(parg) != 256)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
+ break;
+ }
+ if (s->tlsext_channel_id_private)
+ EVP_PKEY_free(s->tlsext_channel_id_private);
+ s->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
+ ret = 1;
+ break;
+
+ case SSL_CTRL_GET_CHANNEL_ID:
+ if (!s->server)
+ break;
+ if (!s->s3->tlsext_channel_id_valid)
+ break;
+ memcpy(parg, s->s3->tlsext_channel_id, larg < 64 ? larg : 64);
+ return 64;
+
default:
break;
}
@@ -3500,6 +3538,25 @@
case SSL_CTRL_SELECT_CURRENT_CERT:
return ssl_cert_select_current(ctx->cert, (X509 *)parg);
+ case SSL_CTRL_CHANNEL_ID:
+ /* must be called on a server */
+ if (ctx->method->ssl_accept == ssl_undefined_function)
+ return 0;
+ ctx->tlsext_channel_id_enabled=1;
+ return 1;
+
+ case SSL_CTRL_SET_CHANNEL_ID:
+ ctx->tlsext_channel_id_enabled = 1;
+ if (EVP_PKEY_bits(parg) != 256)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_ctx_ctrl, SSL_R_CHANNEL_ID_NOT_P256);
+ break;
+ }
+ if (ctx->tlsext_channel_id_private)
+ EVP_PKEY_free(ctx->tlsext_channel_id_private);
+ ctx->tlsext_channel_id_private = EVP_PKEY_dup((EVP_PKEY*) parg);
+ break;
+
default:
return(0);
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 734a6b2..32d35ee 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -155,12 +155,15 @@
#include <openssl/buf.h>
#include <openssl/cipher.h>
#include <openssl/dh.h>
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
#include <openssl/evp.h>
#include <openssl/hmac.h>
#include <openssl/md5.h>
#include <openssl/mem.h>
#include <openssl/obj.h>
#include <openssl/rand.h>
+#include <openssl/sha.h>
#include <openssl/x509.h>
#include "ssl_locl.h"
@@ -573,15 +576,8 @@
* the client uses its key from the certificate
* for key exchange.
*/
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
- s->state=SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen)
- s->state=SSL3_ST_SR_NEXT_PROTO_A;
- else
- s->state=SSL3_ST_SR_FINISHED_A;
-#endif
s->init_num = 0;
+ s->state=SSL3_ST_SR_POST_CLIENT_CERT;
}
else if (SSL_USE_SIGALGS(s))
{
@@ -641,23 +637,48 @@
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
- s->state=SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen)
- s->state=SSL3_ST_SR_NEXT_PROTO_A;
- else
- s->state=SSL3_ST_SR_FINISHED_A;
-#endif
+ s->state=SSL3_ST_SR_POST_CLIENT_CERT;
s->init_num=0;
break;
+ case SSL3_ST_SR_POST_CLIENT_CERT: {
+ char next_proto_neg = 0;
+ char channel_id = 0;
+#if !defined(OPENSSL_NO_TLSEXT)
+# if !defined(OPENSSL_NO_NEXTPROTONEG)
+ next_proto_neg = s->s3->next_proto_neg_seen;
+# endif
+ channel_id = s->s3->tlsext_channel_id_valid;
+#endif
+
+ if (next_proto_neg)
+ s->state=SSL3_ST_SR_NEXT_PROTO_A;
+ else if (channel_id)
+ s->state=SSL3_ST_SR_CHANNEL_ID_A;
+ else
+ s->state=SSL3_ST_SR_FINISHED_A;
+ break;
+ }
+
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
ret=ssl3_get_next_proto(s);
if (ret <= 0) goto end;
s->init_num = 0;
+ if (s->s3->tlsext_channel_id_valid)
+ s->state=SSL3_ST_SR_CHANNEL_ID_A;
+ else
+ s->state=SSL3_ST_SR_FINISHED_A;
+ break;
+#endif
+
+#if !defined(OPENSSL_NO_TLSEXT)
+ case SSL3_ST_SR_CHANNEL_ID_A:
+ case SSL3_ST_SR_CHANNEL_ID_B:
+ ret=ssl3_get_channel_id(s);
+ if (ret <= 0) goto end;
+ s->init_num = 0;
s->state=SSL3_ST_SR_FINISHED_A;
break;
#endif
@@ -675,6 +696,15 @@
#endif
else
s->state=SSL3_ST_SW_CHANGE_A;
+ /* If this is a full handshake with ChannelID then
+ * record the hashshake hashes in |s->session| in case
+ * we need them to verify a ChannelID signature on a
+ * resumption of this session in the future. */
+ if (!s->hit && s->s3->tlsext_channel_id_new)
+ {
+ ret = tls1_record_handshake_hashes_for_channel_id(s);
+ if (ret <= 0) goto end;
+ }
s->init_num=0;
break;
@@ -729,16 +759,7 @@
if (ret <= 0) goto end;
s->state=SSL3_ST_SW_FLUSH;
if (s->hit)
- {
-#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
-#else
- if (s->s3->next_proto_neg_seen)
- s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
- else
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
-#endif
- }
+ s->s3->tmp.next_state=SSL3_ST_SR_POST_CLIENT_CERT;
else
s->s3->tmp.next_state=SSL_ST_OK;
s->init_num=0;
@@ -1378,6 +1399,22 @@
if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
{
+ /* We only accept ChannelIDs on connections with ECDHE in order
+ * to avoid a known attack while we fix ChannelID itself. */
+ if (s->s3 &&
+ s->s3->tlsext_channel_id_valid &&
+ (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kEECDH) == 0)
+ s->s3->tlsext_channel_id_valid = 0;
+
+ /* If this is a resumption and the original handshake didn't
+ * support ChannelID then we didn't record the original
+ * handshake hashes in the session and so cannot resume with
+ * ChannelIDs. */
+ if (s->hit &&
+ s->s3->tlsext_channel_id_new &&
+ s->session->original_handshake_hash_len == 0)
+ s->s3->tlsext_channel_id_valid = 0;
+
buf=(unsigned char *)s->init_buf->data;
#ifdef OPENSSL_NO_TLSEXT
p=s->s3->server_random;
@@ -3243,6 +3280,147 @@
}
# endif
+/* ssl3_get_channel_id reads and verifies a ClientID handshake message. */
+int ssl3_get_channel_id(SSL *s)
+ {
+ int ret = -1, ok;
+ long n;
+ const unsigned char *p;
+ unsigned short extension_type, extension_len;
+ EC_GROUP* p256 = NULL;
+ EC_KEY* key = NULL;
+ EC_POINT* point = NULL;
+ ECDSA_SIG sig;
+ BIGNUM x, y;
+ unsigned short expected_extension_type;
+
+ if (s->state == SSL3_ST_SR_CHANNEL_ID_A && s->init_num == 0)
+ {
+ /* The first time that we're called we take the current
+ * handshake hash and store it. */
+ EVP_MD_CTX md_ctx;
+ unsigned int len;
+
+ EVP_MD_CTX_init(&md_ctx);
+ EVP_DigestInit_ex(&md_ctx, EVP_sha256(), NULL);
+ if (!tls1_channel_id_hash(&md_ctx, s))
+ return -1;
+ len = sizeof(s->s3->tlsext_channel_id);
+ EVP_DigestFinal(&md_ctx, s->s3->tlsext_channel_id, &len);
+ EVP_MD_CTX_cleanup(&md_ctx);
+ }
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_SR_CHANNEL_ID_A,
+ SSL3_ST_SR_CHANNEL_ID_B,
+ SSL3_MT_ENCRYPTED_EXTENSIONS,
+ 2 + 2 + TLSEXT_CHANNEL_ID_SIZE,
+ &ok);
+
+ if (!ok)
+ return((int)n);
+
+ ssl3_finish_mac(s, (unsigned char*)s->init_buf->data, s->init_num + 4);
+
+ /* s->state doesn't reflect whether ChangeCipherSpec has been received
+ * in this handshake, but s->s3->change_cipher_spec does (will be reset
+ * by ssl3_get_finished). */
+ if (!s->s3->change_cipher_spec)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_get_channel_id, SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS);
+ return -1;
+ }
+
+ if (n != 2 + 2 + TLSEXT_CHANNEL_ID_SIZE)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_get_channel_id, SSL_R_INVALID_MESSAGE);
+ return -1;
+ }
+
+ p = (unsigned char *)s->init_msg;
+
+ /* The payload looks like:
+ * uint16 extension_type
+ * uint16 extension_len;
+ * uint8 x[32];
+ * uint8 y[32];
+ * uint8 r[32];
+ * uint8 s[32];
+ */
+ n2s(p, extension_type);
+ n2s(p, extension_len);
+
+ expected_extension_type = TLSEXT_TYPE_channel_id;
+ if (s->s3->tlsext_channel_id_new)
+ expected_extension_type = TLSEXT_TYPE_channel_id_new;
+
+ if (extension_type != expected_extension_type ||
+ extension_len != TLSEXT_CHANNEL_ID_SIZE)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_get_channel_id, SSL_R_INVALID_MESSAGE);
+ return -1;
+ }
+
+ p256 = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
+ if (!p256)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl3_get_channel_id, SSL_R_NO_P256_SUPPORT);
+ return -1;
+ }
+
+ BN_init(&x);
+ BN_init(&y);
+ sig.r = BN_new();
+ sig.s = BN_new();
+
+ if (BN_bin2bn(p + 0, 32, &x) == NULL ||
+ BN_bin2bn(p + 32, 32, &y) == NULL ||
+ BN_bin2bn(p + 64, 32, sig.r) == NULL ||
+ BN_bin2bn(p + 96, 32, sig.s) == NULL)
+ goto err;
+
+ point = EC_POINT_new(p256);
+ if (!point ||
+ !EC_POINT_set_affine_coordinates_GFp(p256, point, &x, &y, NULL))
+ goto err;
+
+ key = EC_KEY_new();
+ if (!key ||
+ !EC_KEY_set_group(key, p256) ||
+ !EC_KEY_set_public_key(key, point))
+ goto err;
+
+ /* We stored the handshake hash in |tlsext_channel_id| the first time
+ * that we were called. */
+ switch (ECDSA_do_verify(s->s3->tlsext_channel_id, SHA256_DIGEST_LENGTH, &sig, key)) {
+ case 1:
+ break;
+ case 0:
+ OPENSSL_PUT_ERROR(SSL, ssl3_get_channel_id, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
+ s->s3->tlsext_channel_id_valid = 0;
+ goto err;
+ default:
+ s->s3->tlsext_channel_id_valid = 0;
+ goto err;
+ }
+
+ memcpy(s->s3->tlsext_channel_id, p, 64);
+ ret = 1;
+
+err:
+ BN_free(&x);
+ BN_free(&y);
+ BN_free(sig.r);
+ BN_free(sig.s);
+ if (key)
+ EC_KEY_free(key);
+ if (point)
+ EC_POINT_free(point);
+ if (p256)
+ EC_GROUP_free(p256);
+ return ret;
+ }
+
int tls1_send_server_supplemental_data(SSL *s)
{
size_t length = 0;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index b7ec5cf..dac4c3e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -586,6 +586,13 @@
unsigned char *audit_proof;
size_t audit_proof_length;
#endif
+
+ /* original_handshake_hash contains the handshake hash (either
+ * SHA-1+MD5 or SHA-2, depending on TLS version) for the original, full
+ * handshake that created a session. This is used by Channel IDs during
+ * resumption. */
+ unsigned char original_handshake_hash[EVP_MAX_MD_SIZE];
+ unsigned int original_handshake_hash_len;
};
#endif
@@ -931,6 +938,9 @@
/* get client cert callback */
int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ /* get channel id callback */
+ void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey);
+
/* cookie generate callback */
int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len);
@@ -1106,6 +1116,17 @@
size_t custom_cli_ext_records_count;
custom_srv_ext_record *custom_srv_ext_records;
size_t custom_srv_ext_records_count;
+
+ /* If true, a client will advertise the Channel ID extension and a
+ * server will echo it. */
+ char tlsext_channel_id_enabled;
+ /* tlsext_channel_id_enabled_new is a hack to support both old and new
+ * ChannelID signatures. It indicates that a client should advertise the
+ * new ChannelID extension number. */
+ char tlsext_channel_id_enabled_new;
+ /* The client's Channel ID private key. */
+ EVP_PKEY *tlsext_channel_id_private;
+
};
#endif
@@ -1146,6 +1167,10 @@
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
#define SSL_CTX_sess_cache_full(ctx) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+/* SSL_CTX_enable_tls_channel_id configures a TLS server to accept TLS client
+ * IDs from clients. Returns 1 on success. */
+#define SSL_CTX_enable_tls_channel_id(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_CHANNEL_ID,0,NULL)
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
@@ -1162,6 +1187,8 @@
void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **pkey));
+void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL *ssl, EVP_PKEY **pkey);
#ifndef OPENSSL_NO_ENGINE
int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
#endif
@@ -1263,6 +1290,7 @@
#define SSL_WRITING 2
#define SSL_READING 3
#define SSL_X509_LOOKUP 4
+#define SSL_CHANNEL_ID_LOOKUP 5
#define SSL_PENDING_SESSION 7
/* These will only be used when doing non-blocking IO */
@@ -1270,6 +1298,7 @@
#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
+#define SSL_want_channel_id_lookup(s) (SSL_want(s) == SSL_CHANNEL_ID_LOOKUP)
#define SSL_want_session(s) (SSL_want(s) == SSL_PENDING_SESSION)
#define SSL_MAC_FLAG_READ_MAC_STREAM 1
@@ -1505,6 +1534,13 @@
unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
unsigned int tlsext_hb_seq; /* HeartbeatRequest sequence number */
+ /* Copied from the SSL_CTX. For a server, means that we'll accept
+ * Channel IDs from clients. For a client, means that we'll advertise
+ * support. */
+ char tlsext_channel_id_enabled;
+ /* The client's Channel ID private key. */
+ EVP_PKEY *tlsext_channel_id_private;
+
/* For a client, this contains the list of supported protocols in wire
* format. */
unsigned char* alpn_client_proto_list;
@@ -1680,6 +1716,7 @@
#define SSL_ERROR_ZERO_RETURN 6
#define SSL_ERROR_WANT_CONNECT 7
#define SSL_ERROR_WANT_ACCEPT 8
+#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
#define SSL_ERROR_PENDING_SESSION 11
#define SSL_CTRL_NEED_TMP_RSA 1
@@ -1814,6 +1851,10 @@
#define SSL_CTRL_GET_CHAIN_CERTS 115
#define SSL_CTRL_SELECT_CURRENT_CERT 116
+#define SSL_CTRL_CHANNEL_ID 117
+#define SSL_CTRL_GET_CHANNEL_ID 118
+#define SSL_CTRL_SET_CHANNEL_ID 119
+
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
#define DTLSv1_handle_timeout(ssl) \
@@ -1848,6 +1889,26 @@
#define SSL_set_tmp_ecdh(ssl,ecdh) \
SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+/* SSL_enable_tls_channel_id either configures a TLS server to accept TLS client
+ * IDs from clients, or configure a client to send TLS client IDs to server.
+ * Returns 1 on success. */
+#define SSL_enable_tls_channel_id(s) \
+ SSL_ctrl(s,SSL_CTRL_CHANNEL_ID,0,NULL)
+/* SSL_set1_tls_channel_id configures a TLS client to send a TLS Channel ID to
+ * compatible servers. private_key must be a P-256 EVP_PKEY*. Returns 1 on
+ * success. */
+#define SSL_set1_tls_channel_id(s, private_key) \
+ SSL_ctrl(s,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
+#define SSL_CTX_set1_tls_channel_id(ctx, private_key) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHANNEL_ID,0,(void*)private_key)
+/* SSL_get_tls_channel_id gets the client's TLS Channel ID from a server SSL*
+ * and copies up to the first |channel_id_len| bytes into |channel_id|. The
+ * Channel ID consists of the client's P-256 public key as an (x,y) pair where
+ * each is a 32-byte, big-endian field element. Returns 0 if the client didn't
+ * offer a Channel ID and the length of the complete Channel ID otherwise. */
+#define SSL_get_tls_channel_id(ctx, channel_id, channel_id_len) \
+ SSL_ctrl(ctx,SSL_CTRL_GET_CHANNEL_ID,channel_id_len,(void*)channel_id)
+
#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
@@ -2580,6 +2641,8 @@
#define SSL_F_ssl3_setup_key_block 272
#define SSL_F_SSL_new 273
#define SSL_F_ssl_parse_serverhello_tlsext 274
+#define SSL_F_ssl3_get_channel_id 275
+#define SSL_F_ssl3_send_channel_id 276
#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 100
#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 101
#define SSL_R_INVALID_NULL_CMD_NAME 102
@@ -2669,238 +2732,247 @@
#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 186
#define SSL_R_UNKNOWN_STATE 187
#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 188
-#define SSL_R_BAD_WRITE_RETRY 189
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 190
-#define SSL_R_BAD_AUTHENTICATION_TYPE 191
-#define SSL_R_BAD_MAC_DECODE 192
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 193
-#define SSL_R_UNKNOWN_DIGEST 194
-#define SSL_R_INVALID_AUTHZ_DATA 195
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 196
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 197
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 198
-#define SSL_R_NO_PUBLICKEY 199
-#define SSL_R_MISSING_TMP_RSA_PKEY 200
-#define SSL_R_INVALID_AUDIT_PROOF 201
-#define SSL_R_BAD_DH_G_LENGTH 202
-#define SSL_R_BAD_RSA_ENCRYPT 203
-#define SSL_R_PACKET_LENGTH_TOO_LONG 204
-#define SSL_R_BAD_DECOMPRESSION 205
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 206
-#define SSL_R_BAD_RSA_SIGNATURE 207
-#define SSL_R_TLSV1_UNRECOGNIZED_NAME 208
-#define SSL_R_SRP_A_CALC 209
-#define SSL_R_ILLEGAL_PADDING 210
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 211
-#define SSL_R_PEM_NAME_BAD_PREFIX 212
-#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 213
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 214
-#define SSL_R_BAD_SSL_FILETYPE 215
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 216
-#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 217
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 218
-#define SSL_R_KRB5_S_TKT_EXPIRED 219
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS 220
-#define SSL_R_NO_CIPHERS_SPECIFIED 221
-#define SSL_R_BAD_SIGNATURE 222
-#define SSL_R_MISSING_DH_DSA_CERT 223
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 224
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 225
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 226
-#define SSL_R_NO_CLIENT_CERT_METHOD 227
-#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 228
-#define SSL_R_CERTIFICATE_VERIFY_FAILED 229
-#define SSL_R_BAD_RSA_E_LENGTH 230
-#define SSL_R_KRB5_C_CC_PRINC 231
-#define SSL_R_CCS_RECEIVED_EARLY 232
-#define SSL_R_RENEGOTIATION_MISMATCH 233
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT 234
-#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 235
-#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 236
-#define SSL_R_COMPRESSION_FAILURE 237
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 238
-#define SSL_R_BAD_RESPONSE_ARGUMENT 239
-#define SSL_R_READ_BIO_NOT_SET 240
-#define SSL_R_PEER_ERROR_CERTIFICATE 241
-#define SSL_R_BAD_ALERT_RECORD 242
-#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 243
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 244
-#define SSL_R_HTTPS_PROXY_REQUEST 245
-#define SSL_R_RECORD_LENGTH_MISMATCH 246
-#define SSL_R_INVALID_SERVERINFO_DATA 247
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 248
-#define SSL_R_BAD_CHECKSUM 249
-#define SSL_R_INVALID_CHALLENGE_LENGTH 250
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 251
-#define SSL_R_INVALID_STATUS_RESPONSE 252
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE 253
-#define SSL_R_SHORT_READ 254
-#define SSL_R_KRB5_S_TKT_SKEW 255
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 256
-#define SSL_R_MISSING_TMP_DH_KEY 257
-#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 258
-#define SSL_R_NO_CERTIFICATES_RETURNED 259
-#define SSL_R_X509_LIB 260
-#define SSL_R_CIPHER_TABLE_SRC_ERROR 261
-#define SSL_R_ILLEGAL_SUITEB_DIGEST 262
-#define SSL_R_UNKNOWN_CIPHER_RETURNED 263
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 264
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 265
-#define SSL_R_INVALID_SRP_USERNAME 266
-#define SSL_R_BAD_SRP_S_LENGTH 267
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 268
-#define SSL_R_BAD_MESSAGE_TYPE 269
-#define SSL_R_LENGTH_TOO_SHORT 270
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 271
-#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 272
-#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 273
-#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 274
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 275
-#define SSL_R_PSK_IDENTITY_NOT_FOUND 276
-#define SSL_R_UNSUPPORTED_STATUS_TYPE 277
-#define SSL_R_BAD_ECC_CERT 278
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 279
-#define SSL_R_KRB5_C_INIT 280
-#define SSL_R_WRONG_CURVE 281
-#define SSL_R_CONNECTION_TYPE_NOT_SET 282
-#define SSL_R_MISSING_ECDH_CERT 283
-#define SSL_R_PATH_TOO_LONG 284
-#define SSL_R_PUBLIC_KEY_NOT_RSA 285
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 286
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 287
-#define SSL_R_MISSING_TMP_RSA_KEY 288
-#define SSL_R_BN_LIB 289
-#define SSL_R_CA_DN_LENGTH_MISMATCH 290
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 291
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 292
-#define SSL_R_UNKNOWN_CMD_NAME 293
-#define SSL_R_TLS_HEARTBEAT_PENDING 294
-#define SSL_R_DECRYPTION_FAILED 295
-#define SSL_R_PEER_ERROR_NO_CIPHER 296
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 297
-#define SSL_R_NO_COMPRESSION_SPECIFIED 298
-#define SSL_R_RENEGOTIATION_ENCODING_ERR 299
-#define SSL_R_UNSUPPORTED_DIGEST_TYPE 300
-#define SSL_R_KRB5 301
-#define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 302
-#define SSL_R_MISSING_VERIFY_MESSAGE 303
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 304
-#define SSL_R_BAD_ECPOINT 305
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 306
-#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 307
-#define SSL_R_UNKNOWN_AUTHZ_DATA_TYPE 308
-#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 309
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 310
-#define SSL_R_INVALID_PURPOSE 311
-#define SSL_R_MISSING_DH_KEY 312
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 313
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 314
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 315
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 316
-#define SSL_R_NO_VERIFY_CALLBACK 317
-#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 318
-#define SSL_R_COMPRESSION_DISABLED 319
-#define SSL_R_HTTP_REQUEST 320
-#define SSL_R_MISSING_TMP_ECDH_KEY 321
-#define SSL_R_BAD_DSA_SIGNATURE 322
-#define SSL_R_NO_REQUIRED_DIGEST 323
-#define SSL_R_WRITE_BIO_NOT_SET 324
-#define SSL_R_COMPRESSION_LIBRARY_ERROR 325
-#define SSL_R_NO_CIPHERS_PASSED 326
-#define SSL_R_MISSING_RSA_CERTIFICATE 327
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 328
-#define SSL_R_NO_RENEGOTIATION 329
-#define SSL_R_AUTHZ_DATA_TOO_LARGE 330
-#define SSL_R_KRB5_C_MK_REQ 331
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 332
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 333
-#define SSL_R_BAD_SRTP_MKI_VALUE 334
-#define SSL_R_KRB5_S_BAD_TICKET 335
-#define SSL_R_SERVERHELLO_TLSEXT 336
-#define SSL_R_BAD_DH_P_LENGTH 337
-#define SSL_R_CA_DN_TOO_LONG 338
-#define SSL_R_DTLS_MESSAGE_TOO_BIG 339
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 340
-#define SSL_R_BAD_VALUE 341
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE 342
-#define SSL_R_NO_CERTIFICATE_SET 343
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 344
-#define SSL_R_NO_CIPHER_LIST 345
-#define SSL_R_UNSUPPORTED_PROTOCOL 346
-#define SSL_R_UNKNOWN_SSL_VERSION 347
-#define SSL_R_CLIENTHELLO_TLSEXT 348
-#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 349
-#define SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE 350
-#define SSL_R_UNKNOWN_PROTOCOL 351
-#define SSL_R_INVALID_COMPRESSION_ALGORITHM 352
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 353
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 354
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 355
-#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 356
-#define SSL_R_BAD_SRP_A_LENGTH 357
-#define SSL_R_NO_CERTIFICATE_SPECIFIED 358
-#define SSL_R_USE_SRTP_NOT_NEGOTIATED 359
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 360
-#define SSL_R_DIGEST_CHECK_FAILED 361
-#define SSL_R_KRB5_S_INIT 362
-#define SSL_R_NO_CIPHER_MATCH 363
-#define SSL_R_WRONG_SIGNATURE_SIZE 364
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 365
-#define SSL_R_KEY_ARG_TOO_LONG 366
-#define SSL_R_REQUIRED_CIPHER_MISSING 367
-#define SSL_R_MULTIPLE_SGC_RESTARTS 368
-#define SSL_R_LENGTH_MISMATCH 369
-#define SSL_R_BAD_LENGTH 370
-#define SSL_R_BAD_STATE 371
-#define SSL_R_READ_WRONG_PACKET_TYPE 372
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 373
-#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 374
-#define SSL_R_PSK_NO_CLIENT_CB 375
-#define SSL_R_MESSAGE_TOO_LONG 376
-#define SSL_R_GOST_NOT_SUPPORTED 377
-#define SSL_R_BAD_DATA 378
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 379
-#define SSL_R_BAD_MAC_LENGTH 380
-#define SSL_R_WRONG_SSL_VERSION 381
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 382
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 383
-#define SSL_R_KRB5_S_TKT_NYV 384
-#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 385
-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 386
-#define SSL_R_NO_CIPHERS_AVAILABLE 387
-#define SSL_R_BAD_PACKET_LENGTH 388
-#define SSL_R_MISSING_ECDSA_SIGNING_CERT 389
-#define SSL_R_MISSING_DH_RSA_CERT 390
-#define SSL_R_BAD_HANDSHAKE_LENGTH 391
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 392
-#define SSL_R_NO_METHOD_SPECIFIED 393
-#define SSL_R_CHALLENGE_IS_DIFFERENT 394
-#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 395
-#define SSL_R_WRONG_CIPHER_RETURNED 396
-#define SSL_R_WRONG_CERTIFICATE_TYPE 397
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 398
-#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 399
-#define SSL_R_UNKNOWN_CIPHER_TYPE 400
-#define SSL_R_UNSUPPORTED_SSL_VERSION 401
-#define SSL_R_BAD_SRP_N_LENGTH 402
-#define SSL_R_KRB5_S_RD_REQ 403
-#define SSL_R_TLSV1_ALERT_USER_CANCELLED 404
-#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 405
-#define SSL_R_EXTRA_DATA_IN_MESSAGE 406
-#define SSL_R_RECORD_TOO_SMALL 407
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 408
-#define SSL_R_UNKNOWN_ALERT_TYPE 409
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 410
-#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 411
-#define SSL_R_NON_SSLV2_INITIAL_PACKET 412
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 413
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 414
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 415
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 416
-#define SSL_R_CERT_CB_ERROR 417
-#define SSL_R_NO_CERTIFICATE_RETURNED 418
-#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 419
-#define SSL_R_NO_PRIVATEKEY 420
-#define SSL_R_UNEXPECTED_MESSAGE 421
+#define SSL_R_WRONG_CIPHER_RETURNED 189
+#define SSL_R_BAD_DH_G_LENGTH 190
+#define SSL_R_BAD_ALERT_RECORD 191
+#define SSL_R_CIPHER_TABLE_SRC_ERROR 192
+#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 193
+#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 194
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 195
+#define SSL_R_MESSAGE_TOO_LONG 196
+#define SSL_R_BAD_RSA_SIGNATURE 197
+#define SSL_R_X509_LIB 198
+#define SSL_R_BAD_SRP_N_LENGTH 199
+#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 200
+#define SSL_R_UNKNOWN_CIPHER_TYPE 201
+#define SSL_R_BAD_DH_P_LENGTH 202
+#define SSL_R_MISSING_DH_RSA_CERT 203
+#define SSL_R_NO_METHOD_SPECIFIED 204
+#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 205
+#define SSL_R_MULTIPLE_SGC_RESTARTS 206
+#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 207
+#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 208
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 209
+#define SSL_R_BAD_SRP_S_LENGTH 210
+#define SSL_R_MISSING_TMP_RSA_KEY 211
+#define SSL_R_PSK_NO_CLIENT_CB 212
+#define SSL_R_PEM_NAME_BAD_PREFIX 213
+#define SSL_R_BAD_CHECKSUM 214
+#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 215
+#define SSL_R_NO_CIPHER_MATCH 216
+#define SSL_R_MISSING_TMP_DH_KEY 217
+#define SSL_R_UNSUPPORTED_STATUS_TYPE 218
+#define SSL_R_UNKNOWN_AUTHZ_DATA_TYPE 219
+#define SSL_R_CONNECTION_TYPE_NOT_SET 220
+#define SSL_R_MISSING_DH_KEY 221
+#define SSL_R_CHANNEL_ID_NOT_P256 222
+#define SSL_R_UNKNOWN_SUPPLEMENTAL_DATA_TYPE 223
+#define SSL_R_UNKNOWN_PROTOCOL 224
+#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 225
+#define SSL_R_KRB5_S_TKT_SKEW 226
+#define SSL_R_PUBLIC_KEY_NOT_RSA 227
+#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 228
+#define SSL_R_GOST_NOT_SUPPORTED 229
+#define SSL_R_KRB5_C_CC_PRINC 230
+#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 231
+#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 232
+#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 233
+#define SSL_R_INVALID_PURPOSE 234
+#define SSL_R_KRB5_C_MK_REQ 235
+#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 236
+#define SSL_R_BAD_SRTP_MKI_VALUE 237
+#define SSL_R_EVP_DIGESTSIGNINIT_FAILED 238
+#define SSL_R_DIGEST_CHECK_FAILED 239
+#define SSL_R_BAD_SRP_A_LENGTH 240
+#define SSL_R_SERVERHELLO_TLSEXT 241
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 242
+#define SSL_R_NO_CIPHERS_AVAILABLE 243
+#define SSL_R_COMPRESSION_FAILURE 244
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 245
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 246
+#define SSL_R_BAD_RSA_ENCRYPT 247
+#define SSL_R_EXCESSIVE_MESSAGE_SIZE 248
+#define SSL_R_INVALID_COMPRESSION_ALGORITHM 249
+#define SSL_R_SHORT_READ 250
+#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 251
+#define SSL_R_CA_DN_LENGTH_MISMATCH 252
+#define SSL_R_BAD_ECC_CERT 253
+#define SSL_R_NON_SSLV2_INITIAL_PACKET 254
+#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 255
+#define SSL_R_MISSING_TMP_RSA_PKEY 256
+#define SSL_R_BN_LIB 257
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 258
+#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 259
+#define SSL_R_NO_RENEGOTIATION 260
+#define SSL_R_NO_COMPRESSION_SPECIFIED 261
+#define SSL_R_WRONG_CERTIFICATE_TYPE 262
+#define SSL_R_TLSV1_UNRECOGNIZED_NAME 263
+#define SSL_R_CHANNEL_ID_SIGNATURE_INVALID 264
+#define SSL_R_READ_BIO_NOT_SET 265
+#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 266
+#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 267
+#define SSL_R_INVALID_CHALLENGE_LENGTH 268
+#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 269
+#define SSL_R_LIBRARY_HAS_NO_CIPHERS 270
+#define SSL_R_WRONG_CURVE 271
+#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 272
+#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 273
+#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 274
+#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 275
+#define SSL_R_MISSING_RSA_CERTIFICATE 276
+#define SSL_R_NO_P256_SUPPORT 277
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 278
+#define SSL_R_INVALID_SERVERINFO_DATA 279
+#define SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS 280
+#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 281
+#define SSL_R_KRB5_S_BAD_TICKET 282
+#define SSL_R_EVP_DIGESTSIGNFINAL_FAILED 283
+#define SSL_R_PACKET_LENGTH_TOO_LONG 284
+#define SSL_R_BAD_STATE 285
+#define SSL_R_USE_SRTP_NOT_NEGOTIATED 286
+#define SSL_R_BAD_RSA_E_LENGTH 287
+#define SSL_R_ILLEGAL_PADDING 288
+#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 289
+#define SSL_R_BAD_VALUE 290
+#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 291
+#define SSL_R_COMPRESSION_DISABLED 292
+#define SSL_R_BAD_DECOMPRESSION 293
+#define SSL_R_CHALLENGE_IS_DIFFERENT 294
+#define SSL_R_NO_CLIENT_CERT_METHOD 295
+#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 296
+#define SSL_R_INVALID_MESSAGE 297
+#define SSL_R_HTTPS_PROXY_REQUEST 298
+#define SSL_R_AUTHZ_DATA_TOO_LARGE 299
+#define SSL_R_KRB5_S_TKT_EXPIRED 300
+#define SSL_R_NO_CERTIFICATE_SPECIFIED 301
+#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 302
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 303
+#define SSL_R_INVALID_STATUS_RESPONSE 304
+#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 305
+#define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 306
+#define SSL_R_MISSING_TMP_ECDH_KEY 307
+#define SSL_R_CERTIFICATE_VERIFY_FAILED 308
+#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 309
+#define SSL_R_RENEGOTIATION_ENCODING_ERR 310
+#define SSL_R_NO_PRIVATEKEY 311
+#define SSL_R_TLS_HEARTBEAT_PENDING 312
+#define SSL_R_READ_WRONG_PACKET_TYPE 313
+#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 314
+#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 315
+#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 316
+#define SSL_R_HTTP_REQUEST 317
+#define SSL_R_KRB5_S_INIT 318
+#define SSL_R_TLSV1_ALERT_USER_CANCELLED 319
+#define SSL_R_RECORD_LENGTH_MISMATCH 320
+#define SSL_R_BAD_LENGTH 321
+#define SSL_R_NO_REQUIRED_DIGEST 322
+#define SSL_R_KRB5 323
+#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 324
+#define SSL_R_CCS_RECEIVED_EARLY 325
+#define SSL_R_MISSING_ECDSA_SIGNING_CERT 326
+#define SSL_R_D2I_ECDSA_SIG 327
+#define SSL_R_PATH_TOO_LONG 328
+#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 329
+#define SSL_R_UNSUPPORTED_DIGEST_TYPE 330
+#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 331
+#define SSL_R_PEER_ERROR_CERTIFICATE 332
+#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 333
+#define SSL_R_NO_CERTIFICATE_SET 334
+#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 335
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 336
+#define SSL_R_NO_CERTIFICATES_RETURNED 337
+#define SSL_R_BAD_WRITE_RETRY 338
+#define SSL_R_BAD_SSL_FILETYPE 339
+#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 340
+#define SSL_R_NO_CIPHERS_SPECIFIED 341
+#define SSL_R_LENGTH_MISMATCH 342
+#define SSL_R_NO_CIPHERS_PASSED 343
+#define SSL_R_NO_VERIFY_CALLBACK 344
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 345
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 346
+#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 347
+#define SSL_R_UNEXPECTED_MESSAGE 348
+#define SSL_R_MISSING_DH_DSA_CERT 349
+#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 350
+#define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 351
+#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 352
+#define SSL_R_ILLEGAL_SUITEB_DIGEST 353
+#define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 354
+#define SSL_R_CLIENTHELLO_TLSEXT 355
+#define SSL_R_INVALID_AUTHZ_DATA 356
+#define SSL_R_BAD_RESPONSE_ARGUMENT 357
+#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 358
+#define SSL_R_REQUIRED_CIPHER_MISSING 359
+#define SSL_R_INVALID_AUDIT_PROOF 360
+#define SSL_R_PSK_IDENTITY_NOT_FOUND 361
+#define SSL_R_UNKNOWN_ALERT_TYPE 362
+#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 363
+#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 364
+#define SSL_R_BAD_AUTHENTICATION_TYPE 365
+#define SSL_R_DECRYPTION_FAILED 366
+#define SSL_R_WRONG_SSL_VERSION 367
+#define SSL_R_NO_CERTIFICATE_RETURNED 368
+#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 369
+#define SSL_R_CA_DN_TOO_LONG 370
+#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 371
+#define SSL_R_COMPRESSION_LIBRARY_ERROR 372
+#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 373
+#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 374
+#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 375
+#define SSL_R_BAD_ECPOINT 376
+#define SSL_R_BAD_HANDSHAKE_LENGTH 377
+#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 378
+#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 379
+#define SSL_R_KRB5_S_RD_REQ 380
+#define SSL_R_PEER_ERROR_NO_CERTIFICATE 381
+#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 382
+#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 383
+#define SSL_R_UNKNOWN_DIGEST 384
+#define SSL_R_WRONG_SIGNATURE_SIZE 385
+#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 386
+#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 387
+#define SSL_R_BAD_SIGNATURE 388
+#define SSL_R_BAD_PACKET_LENGTH 389
+#define SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY 390
+#define SSL_R_RENEGOTIATION_MISMATCH 391
+#define SSL_R_BAD_MAC_LENGTH 392
+#define SSL_R_NO_PUBLICKEY 393
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 394
+#define SSL_R_BAD_MAC_DECODE 395
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 396
+#define SSL_R_EXTRA_DATA_IN_MESSAGE 397
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 398
+#define SSL_R_CONNECTION_ID_IS_DIFFERENT 399
+#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 400
+#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 401
+#define SSL_R_MISSING_VERIFY_MESSAGE 402
+#define SSL_R_BAD_DSA_SIGNATURE 403
+#define SSL_R_UNKNOWN_SSL_VERSION 404
+#define SSL_R_KEY_ARG_TOO_LONG 405
+#define SSL_R_KRB5_C_INIT 406
+#define SSL_R_NO_CIPHER_LIST 407
+#define SSL_R_PEER_ERROR_NO_CIPHER 408
+#define SSL_R_UNKNOWN_CMD_NAME 409
+#define SSL_R_UNKNOWN_CIPHER_RETURNED 410
+#define SSL_R_RECORD_TOO_SMALL 411
+#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 412
+#define SSL_R_UNSUPPORTED_SSL_VERSION 413
+#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 414
+#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 415
+#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 416
+#define SSL_R_BAD_DATA 417
+#define SSL_R_KRB5_S_TKT_NYV 418
+#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 419
+#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 420
+#define SSL_R_BAD_MESSAGE_TYPE 421
+#define SSL_R_MISSING_ECDH_CERT 422
+#define SSL_R_UNSUPPORTED_PROTOCOL 423
+#define SSL_R_SRP_A_CALC 424
+#define SSL_R_WRITE_BIO_NOT_SET 425
+#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 426
+#define SSL_R_LENGTH_TOO_SHORT 427
+#define SSL_R_CERT_CB_ERROR 428
+#define SSL_R_DTLS_MESSAGE_TOO_BIG 429
+#define SSL_R_INVALID_SRP_USERNAME 430
#endif
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index eb179e2..04d2e0c 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -589,6 +589,22 @@
unsigned char *alpn_selected;
unsigned alpn_selected_len;
#endif /* OPENSSL_NO_TLSEXT */
+
+ /* In a client, this means that the server supported Channel ID and that
+ * a Channel ID was sent. In a server it means that we echoed support
+ * for Channel IDs and that tlsext_channel_id will be valid after the
+ * handshake. */
+ char tlsext_channel_id_valid;
+ /* tlsext_channel_id_new means that the updated Channel ID extension
+ * was negotiated. This is a temporary hack in the code to support both
+ * forms of Channel ID extension while we transition to the new format,
+ * which fixed a security issue. */
+ char tlsext_channel_id_new;
+ /* For a server:
+ * If |tlsext_channel_id_valid| is true, then this contains the
+ * verified Channel ID from the client: a P256 point, (x,y), where
+ * each are big-endian values. */
+ unsigned char tlsext_channel_id[64];
} SSL3_STATE;
#endif
@@ -631,6 +647,8 @@
#define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT)
#define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT)
#endif
+#define SSL3_ST_CW_CHANNEL_ID_A (0x220|SSL_ST_CONNECT)
+#define SSL3_ST_CW_CHANNEL_ID_B (0x221|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
/* read from server */
@@ -681,6 +699,9 @@
#define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT)
#define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT)
#endif
+#define SSL3_ST_SR_POST_CLIENT_CERT (0x1BF|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANNEL_ID_A (0x230|SSL_ST_ACCEPT)
+#define SSL3_ST_SR_CHANNEL_ID_B (0x231|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
/* write to client */
@@ -711,6 +732,7 @@
#ifndef OPENSSL_NO_NEXTPROTONEG
#define SSL3_MT_NEXT_PROTO 67
#endif
+#define SSL3_MT_ENCRYPTED_EXTENSIONS 203
#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 45fad03..36e4579 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -122,12 +122,13 @@
ASN1_OCTET_STRING psk_identity;
#endif /* OPENSSL_NO_PSK */
ASN1_OCTET_STRING peer_sha256;
+ ASN1_OCTET_STRING original_handshake_hash;
} SSL_SESSION_ASN1;
int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
{
#define LSIZE2 (sizeof(long)*2)
- int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0,v13=0;
+ int v1=0,v2=0,v3=0,v4=0,v5=0,v7=0,v8=0,v13=0,v14=0;
unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
#ifndef OPENSSL_NO_TLSEXT
@@ -259,6 +260,13 @@
a.peer_sha256.type = V_ASN1_OCTET_STRING;
a.peer_sha256.data = in->peer_sha256;
}
+
+ if (in->original_handshake_hash_len > 0)
+ {
+ a.original_handshake_hash.length = in->original_handshake_hash_len;
+ a.original_handshake_hash.type = V_ASN1_OCTET_STRING;
+ a.original_handshake_hash.data = in->original_handshake_hash;
+ }
#endif /* OPENSSL_NO_PSK */
M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
@@ -294,6 +302,8 @@
#endif /* OPENSSL_NO_PSK */
if (in->peer_sha256_valid)
M_ASN1_I2D_len_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13);
+ if (in->original_handshake_hash_len > 0)
+ M_ASN1_I2D_len_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
M_ASN1_I2D_seq_total();
@@ -332,6 +342,9 @@
#endif /* OPENSSL_NO_TLSEXT */
if (in->peer_sha256_valid)
M_ASN1_I2D_put_EXP_opt(&(a.peer_sha256),i2d_ASN1_OCTET_STRING,13,v13);
+ if (in->original_handshake_hash_len > 0)
+ M_ASN1_I2D_put_EXP_opt(&(a.original_handshake_hash),i2d_ASN1_OCTET_STRING,14,v14);
+
M_ASN1_I2D_finish();
}
@@ -564,5 +577,16 @@
os.data = NULL;
}
+ os.length=0;
+ os.data=NULL;
+ M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,14);
+ if (os.data && os.length < (int)sizeof(ret->original_handshake_hash))
+ {
+ memcpy(ret->original_handshake_hash, os.data, os.length);
+ ret->original_handshake_hash_len = os.length;
+ OPENSSL_free(os.data);
+ os.data = NULL;
+ }
+
M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
}
diff --git a/ssl/ssl_error.c b/ssl/ssl_error.c
index ac8f6e8..1d84012 100644
--- a/ssl/ssl_error.c
+++ b/ssl/ssl_error.c
@@ -113,6 +113,7 @@
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_cert_status, 0), "ssl3_get_cert_status"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_cert_verify, 0), "ssl3_get_cert_verify"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_certificate_request, 0), "ssl3_get_certificate_request"},
+ {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_channel_id, 0), "ssl3_get_channel_id"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_client_certificate, 0), "ssl3_get_client_certificate"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_client_hello, 0), "ssl3_get_client_hello"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_get_client_key_exchange, 0), "ssl3_get_client_key_exchange"},
@@ -129,6 +130,7 @@
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_read_bytes, 0), "ssl3_read_bytes"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_read_n, 0), "ssl3_read_n"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_certificate_request, 0), "ssl3_send_certificate_request"},
+ {ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_channel_id, 0), "ssl3_send_channel_id"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_client_certificate, 0), "ssl3_send_client_certificate"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_client_key_exchange, 0), "ssl3_send_client_key_exchange"},
{ERR_PACK(ERR_LIB_SSL, SSL_F_ssl3_send_client_verify, 0), "ssl3_send_client_verify"},
@@ -241,6 +243,7 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "BIO_NOT_SET"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "BLOCK_CIPHER_PAD_IS_WRONG"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "BN_LIB"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_SERIALIZE_PUBLIC_KEY), "CANNOT_SERIALIZE_PUBLIC_KEY"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH), "CA_DN_LENGTH_MISMATCH"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_TOO_LONG), "CA_DN_TOO_LONG"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "CCS_RECEIVED_EARLY"},
@@ -248,6 +251,8 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "CERT_CB_ERROR"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH), "CERT_LENGTH_MISMATCH"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CHALLENGE_IS_DIFFERENT), "CHALLENGE_IS_DIFFERENT"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CHANNEL_ID_NOT_P256), "CHANNEL_ID_NOT_P256"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CHANNEL_ID_SIGNATURE_INVALID), "CHANNEL_ID_SIGNATURE_INVALID"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH), "CIPHER_CODE_WRONG_LENGTH"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "CIPHER_OR_HASH_UNAVAILABLE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_TABLE_SRC_ERROR), "CIPHER_TABLE_SRC_ERROR"},
@@ -260,6 +265,7 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_ID_IS_DIFFERENT), "CONNECTION_ID_IS_DIFFERENT"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET), "CONNECTION_TYPE_NOT_SET"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "COOKIE_MISMATCH"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_D2I_ECDSA_SIG), "D2I_ECDSA_SIG"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "DATA_BETWEEN_CCS_AND_FINISHED"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG), "DATA_LENGTH_TOO_LONG"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "DECRYPTION_FAILED"},
@@ -277,10 +283,13 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "ENCRYPTED_LENGTH_TOO_LONG"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "ERROR_GENERATING_TMP_RSA_KEY"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "ERROR_IN_RECEIVED_CIPHER_LIST"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EVP_DIGESTSIGNFINAL_FAILED), "EVP_DIGESTSIGNFINAL_FAILED"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EVP_DIGESTSIGNINIT_FAILED), "EVP_DIGESTSIGNINIT_FAILED"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE), "EXCESSIVE_MESSAGE_SIZE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE), "EXTRA_DATA_IN_MESSAGE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOST_NOT_SUPPORTED), "GOST_NOT_SUPPORTED"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS), "GOT_A_FIN_BEFORE_A_CCS"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_CHANNEL_ID_BEFORE_A_CCS), "GOT_CHANNEL_ID_BEFORE_A_CCS"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "GOT_NEXT_PROTO_BEFORE_A_CCS"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "GOT_NEXT_PROTO_WITHOUT_EXTENSION"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST), "HTTPS_PROXY_REQUEST"},
@@ -293,6 +302,7 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CHALLENGE_LENGTH), "INVALID_CHALLENGE_LENGTH"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "INVALID_COMMAND"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM), "INVALID_COMPRESSION_ALGORITHM"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MESSAGE), "INVALID_MESSAGE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME), "INVALID_NULL_CMD_NAME"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_PURPOSE), "INVALID_PURPOSE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA), "INVALID_SERVERINFO_DATA"},
@@ -351,6 +361,7 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED), "NO_COMPRESSION_SPECIFIED"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "NO_GOST_CERTIFICATE_SENT_BY_PEER"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED), "NO_METHOD_SPECIFIED"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_P256_SUPPORT), "NO_P256_SUPPORT"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "NO_PEM_EXTENSIONS"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATEKEY), "NO_PRIVATEKEY"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED), "NO_PRIVATE_KEY_ASSIGNED"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 042d93b..85e33e7 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -616,6 +616,8 @@
OPENSSL_free(s->tlsext_ocsp_resp);
if (s->alpn_client_proto_list)
OPENSSL_free(s->alpn_client_proto_list);
+ if (s->tlsext_channel_id_private)
+ EVP_PKEY_free(s->tlsext_channel_id_private);
#endif
if (s->client_CA != NULL)
@@ -2173,6 +2175,11 @@
OPENSSL_free(a->alpn_client_proto_list);
#endif
+#ifndef OPENSSL_NO_TLSEXT
+ if (a->tlsext_channel_id_private)
+ EVP_PKEY_free(a->tlsext_channel_id_private);
+#endif
+
OPENSSL_free(a);
}
@@ -2761,6 +2768,10 @@
{
return(SSL_ERROR_WANT_X509_LOOKUP);
}
+ if ((i < 0) && SSL_want_channel_id_lookup(s))
+ {
+ return(SSL_ERROR_WANT_CHANNEL_ID_LOOKUP);
+ }
if (i == 0)
{
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 91c8c1c..fe2c7ea 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -365,6 +365,7 @@
* (currently this also goes into algorithm2) */
#define TLS1_STREAM_MAC 0x04
+#define TLSEXT_CHANNEL_ID_SIZE 128
/*
@@ -1168,6 +1169,7 @@
int ssl3_check_finished(SSL *s);
# ifndef OPENSSL_NO_NEXTPROTONEG
int ssl3_send_next_proto(SSL *s);
+int ssl3_send_channel_id(SSL *s);
# endif
#endif
@@ -1186,6 +1188,7 @@
int ssl3_get_cert_verify(SSL *s);
#ifndef OPENSSL_NO_NEXTPROTONEG
int ssl3_get_next_proto(SSL *s);
+int ssl3_get_channel_id(SSL *s);
#endif
int ssl23_accept(SSL *s);
@@ -1220,6 +1223,7 @@
int tls1_change_cipher_state(SSL *s, int which);
int tls1_setup_key_block(SSL *s);
int tls1_enc(SSL *s, int snd);
+int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len);
int tls1_final_finish_mac(SSL *s,
const char *str, int slen, unsigned char *p);
int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
@@ -1289,6 +1293,9 @@
int tls12_get_sigid(const EVP_PKEY *pk);
const EVP_MD *tls12_get_hash(unsigned char hash_alg);
+int tls1_channel_id_hash(EVP_MD_CTX *ctx, SSL *s);
+int tls1_record_handshake_hashes_for_channel_id(SSL *s);
+
int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen, int client);
int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 5d8b054..206f0b1 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -1120,4 +1120,15 @@
ctx->app_verify_cookie_cb=cb;
}
+void SSL_CTX_set_channel_id_cb(SSL_CTX *ctx,
+ void (*cb)(SSL *ssl, EVP_PKEY **pkey))
+ {
+ ctx->channel_id_cb=cb;
+ }
+
+void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(SSL * ssl, EVP_PKEY **pkey)
+ {
+ return ctx->channel_id_cb;
+ }
+
IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index a0bfda0..7a38545 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -861,54 +861,79 @@
return((int)ret);
}
-int tls1_final_finish_mac(SSL *s,
- const char *str, int slen, unsigned char *out)
+/* tls1_handshake_digest calculates the current handshake hash and writes it to
+ * |out|, which has space for |out_len| bytes. It returns the number of bytes
+ * written or -1 in the event of an error. This function works on a copy of the
+ * underlying digests so can be called multiple times and prior to the final
+ * update etc. */
+int tls1_handshake_digest(SSL *s, unsigned char *out, size_t out_len)
{
- unsigned int i;
+ const EVP_MD *md;
EVP_MD_CTX ctx;
- unsigned char buf[2*EVP_MAX_MD_SIZE];
- unsigned char *q,buf2[12];
- int idx;
+ int i, err = 0, len = 0;
long mask;
- int err=0;
- const EVP_MD *md;
-
- q=buf;
-
- if (s->s3->handshake_buffer)
- if (!ssl3_digest_cached_records(s))
- return 0;
EVP_MD_CTX_init(&ctx);
- for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
+ for (i = 0; ssl_get_handshake_digest(i, &mask, &md); i++)
{
- if (mask & ssl_get_algorithm2(s))
+ int hash_size;
+ unsigned int digest_len;
+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[i];
+
+ if ((mask & ssl_get_algorithm2(s)) == 0)
+ continue;
+
+ hash_size = EVP_MD_size(md);
+ if (!hdgst || hash_size < 0 || (size_t)hash_size > out_len)
{
- int hashsize = EVP_MD_size(md);
- EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
- if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
- {
- /* internal error: 'buf' is too small for this cipersuite! */
- err = 1;
- }
- else
- {
- if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
- !EVP_DigestFinal_ex(&ctx,q,&i) ||
- (i != (unsigned int)hashsize))
- err = 1;
- q+=hashsize;
- }
+ err = 1;
+ break;
}
+
+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
+ !EVP_DigestFinal_ex(&ctx, out, &digest_len) ||
+ digest_len != (unsigned int)hash_size) /* internal error */
+ {
+ err = 1;
+ break;
+ }
+ out += digest_len;
+ out_len -= digest_len;
+ len += digest_len;
+ }
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ if (err != 0)
+ return -1;
+ return len;
+ }
+
+int tls1_final_finish_mac(SSL *s,
+ const char *str, int slen, unsigned char *out)
+ {
+ unsigned char buf[2*EVP_MAX_MD_SIZE];
+ unsigned char buf2[12];
+ int err=0;
+ int digests_len;
+
+ if (s->s3->handshake_buffer)
+ if (!ssl3_digest_cached_records(s))
+ return 0;
+
+ digests_len = tls1_handshake_digest(s, buf, sizeof(buf));
+ if (digests_len < 0)
+ {
+ err = 1;
+ digests_len = 0;
}
if (!tls1_PRF(ssl_get_algorithm2(s),
- str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
+ str,slen, buf, digests_len, NULL,0, NULL,0, NULL,0,
s->session->master_key,s->session->master_key_length,
out,buf2,sizeof buf2))
err = 1;
- EVP_MD_CTX_cleanup(&ctx);
if (err)
return 0;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 644d70b..ec4137f 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1401,6 +1401,19 @@
ret += s->alpn_client_proto_list_len;
}
+ if (s->tlsext_channel_id_enabled)
+ {
+ /* The client advertises an emtpy extension to indicate its
+ * support for Channel ID. */
+ if (limit - ret - 4 < 0)
+ return NULL;
+ if (s->ctx->tlsext_channel_id_enabled_new)
+ s2n(TLSEXT_TYPE_channel_id_new,ret);
+ else
+ s2n(TLSEXT_TYPE_channel_id,ret);
+ s2n(0,ret);
+ }
+
if(SSL_get_srtp_profiles(s))
{
int el;
@@ -1826,6 +1839,19 @@
ret += len;
}
+ /* If the client advertised support for Channel ID, and we have it
+ * enabled, then we want to echo it back. */
+ if (s->s3->tlsext_channel_id_valid)
+ {
+ if (limit - ret - 4 < 0)
+ return NULL;
+ if (s->s3->tlsext_channel_id_new)
+ s2n(TLSEXT_TYPE_channel_id_new,ret);
+ else
+ s2n(TLSEXT_TYPE_channel_id,ret);
+ s2n(0,ret);
+ }
+
if ((extdatalen = ret-p-2)== 0)
return p;
@@ -2488,6 +2514,18 @@
#endif
}
+ else if (type == TLSEXT_TYPE_channel_id &&
+ s->tlsext_channel_id_enabled)
+ s->s3->tlsext_channel_id_valid = 1;
+
+ else if (type == TLSEXT_TYPE_channel_id_new &&
+ s->tlsext_channel_id_enabled)
+ {
+ s->s3->tlsext_channel_id_valid = 1;
+ s->s3->tlsext_channel_id_new = 1;
+ }
+
+
/* session ticket processed earlier */
else if (type == TLSEXT_TYPE_use_srtp)
{
@@ -2890,6 +2928,15 @@
s->s3->alpn_selected_len = len;
}
+ else if (type == TLSEXT_TYPE_channel_id)
+ s->s3->tlsext_channel_id_valid = 1;
+
+ else if (type == TLSEXT_TYPE_channel_id_new)
+ {
+ s->s3->tlsext_channel_id_valid = 1;
+ s->s3->tlsext_channel_id_new = 1;
+ }
+
else if (type == TLSEXT_TYPE_renegotiate)
{
if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
@@ -4124,6 +4171,76 @@
}
#endif
+#if !defined(OPENSSL_NO_TLSEXT)
+/* tls1_channel_id_hash calculates the signed data for a Channel ID on the given
+ * SSL connection and writes it to |md|. */
+int
+tls1_channel_id_hash(EVP_MD_CTX *md, SSL *s)
+ {
+ EVP_MD_CTX ctx;
+ unsigned char temp_digest[EVP_MAX_MD_SIZE];
+ unsigned temp_digest_len;
+ int i;
+ static const char kClientIDMagic[] = "TLS Channel ID signature";
+
+ if (s->s3->handshake_buffer)
+ if (!ssl3_digest_cached_records(s))
+ return 0;
+
+ EVP_DigestUpdate(md, kClientIDMagic, sizeof(kClientIDMagic));
+
+ if (s->hit && s->s3->tlsext_channel_id_new)
+ {
+ static const char kResumptionMagic[] = "Resumption";
+ EVP_DigestUpdate(md, kResumptionMagic,
+ sizeof(kResumptionMagic));
+ if (s->session->original_handshake_hash_len == 0)
+ return 0;
+ EVP_DigestUpdate(md, s->session->original_handshake_hash,
+ s->session->original_handshake_hash_len);
+ }
+
+ EVP_MD_CTX_init(&ctx);
+ for (i = 0; i < SSL_MAX_DIGEST; i++)
+ {
+ if (s->s3->handshake_dgst[i] == NULL)
+ continue;
+ EVP_MD_CTX_copy_ex(&ctx, s->s3->handshake_dgst[i]);
+ EVP_DigestFinal_ex(&ctx, temp_digest, &temp_digest_len);
+ EVP_DigestUpdate(md, temp_digest, temp_digest_len);
+ }
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return 1;
+ }
+#endif
+
+/* tls1_record_handshake_hashes_for_channel_id records the current handshake
+ * hashes in |s->session| so that Channel ID resumptions can sign that data. */
+int tls1_record_handshake_hashes_for_channel_id(SSL *s)
+ {
+ int digest_len;
+ /* This function should never be called for a resumed session because
+ * the handshake hashes that we wish to record are for the original,
+ * full handshake. */
+ if (s->hit)
+ return -1;
+ /* It only makes sense to call this function if Channel IDs have been
+ * negotiated. */
+ if (!s->s3->tlsext_channel_id_new)
+ return -1;
+
+ digest_len = tls1_handshake_digest(
+ s, s->session->original_handshake_hash,
+ sizeof(s->session->original_handshake_hash));
+ if (digest_len < 0)
+ return -1;
+
+ s->session->original_handshake_hash_len = digest_len;
+
+ return 1;
+ }
+
/* TODO(fork): remove */
#if 0
#define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num * 2)
diff --git a/ssl/tls1.h b/ssl/tls1.h
index c2976f6..75de4c4 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -252,6 +252,10 @@
#define TLSEXT_TYPE_next_proto_neg 13172
#endif
+/* This is not an IANA defined extension number */
+#define TLSEXT_TYPE_channel_id 30031
+#define TLSEXT_TYPE_channel_id_new 30032
+
/* NameType value from RFC 3546 */
#define TLSEXT_NAMETYPE_host_name 0
/* status request value from RFC 3546 */