Skip to content

Commit

Permalink
chromium 59.0.3071.86
Browse files Browse the repository at this point in the history
  • Loading branch information
deemru committed Jun 7, 2017
1 parent 17d94ed commit cf1e003
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 68 deletions.
2 changes: 1 addition & 1 deletion build_linux/chromium-gost-env.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
export CHROMIUM_TAG=58.0.3029.110
export CHROMIUM_TAG=59.0.3071.86
export CHROMIUM_PATH=/c/chromium/src
export BORINGSSL_PATH=$CHROMIUM_PATH/third_party/boringssl/src
export DEPOT_TOOLS_PATH=/c/depot_tools/
Expand Down
2 changes: 1 addition & 1 deletion build_windows/chromium-gost-env.bat
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
set CHROMIUM_TAG=58.0.3029.110
set CHROMIUM_TAG=59.0.3071.86
set CHROMIUM_PATH=u:\chromium\src
set BORINGSSL_PATH=%CHROMIUM_PATH%\third_party\boringssl\src
set DEPOT_TOOLS_PATH=u:\depot_tools\
Expand Down
79 changes: 32 additions & 47 deletions patch/boringssl.patch
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
From fd9e23f9b1bf40b2874d046454b6bd22976b6f53 Mon Sep 17 00:00:00 2001
From 0df0a5760c3d879a539e310042a22cde25a29520 Mon Sep 17 00:00:00 2001
From: Dmitrii Pichulin <[email protected]>
Date: Mon, 24 Apr 2017 13:25:48 +0300
Date: Tue, 6 Jun 2017 11:17:25 +0300
Subject: [PATCH] added GOSTSSL

---
include/openssl/ssl.h | 8 ++++
ssl/handshake_client.c | 11 +++++
ssl/internal.h | 68 +++++++++++++++++++++++++-
ssl/internal.h | 63 +++++++++++++++++++++++++
ssl/ssl_cipher.c | 36 ++++++++++++++
ssl/ssl_lib.c | 128 +++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 250 insertions(+), 1 deletion(-)
ssl/ssl_lib.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 243 insertions(+)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 3131539..fcc1fd5 100644
index 6a6cd85..c63a803 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -163,6 +163,10 @@
Expand All @@ -26,7 +26,7 @@ index 3131539..fcc1fd5 100644
#if defined(__cplusplus)
extern "C" {
#endif
@@ -4282,6 +4286,10 @@ BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
@@ -4453,6 +4457,10 @@ BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)

#endif

Expand All @@ -38,10 +38,10 @@ index 3131539..fcc1fd5 100644
#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101
#define SSL_R_BAD_ALERT 102
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index c4f5e8e..477587c 100644
index 7eddd35..5c320bd 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -960,6 +960,17 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) {
@@ -985,6 +985,17 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) {
}
hs->new_cipher = c;

Expand All @@ -60,18 +60,10 @@ index c4f5e8e..477587c 100644
* ServerHello. */
if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl),
diff --git a/ssl/internal.h b/ssl/internal.h
index a6dfad5..e75b435 100644
index 2504ca0..83dd886 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -162,7 +162,6 @@ OPENSSL_MSVC_PRAGMA(warning(pop))
extern "C" {
#endif

-
/* Cipher suites. */

/* Bits for |algorithm_mkey| (key exchange algorithm). */
@@ -173,6 +172,11 @@ extern "C" {
@@ -173,6 +173,11 @@ extern "C" {
#define SSL_kPSK 0x00000008L
#define SSL_kGENERIC 0x00000010L

Expand All @@ -83,7 +75,7 @@ index a6dfad5..e75b435 100644
/* Bits for |algorithm_auth| (server authentication). */
#define SSL_aRSA 0x00000001L
#define SSL_aECDSA 0x00000002L
@@ -180,6 +184,11 @@ extern "C" {
@@ -180,6 +185,11 @@ extern "C" {
#define SSL_aPSK 0x00000004L
#define SSL_aGENERIC 0x00000008L

Expand All @@ -95,7 +87,7 @@ index a6dfad5..e75b435 100644
#define SSL_aCERT (SSL_aRSA | SSL_aECDSA)

/* Bits for |algorithm_enc| (symmetric encryption). */
@@ -191,6 +200,10 @@ extern "C" {
@@ -191,6 +201,10 @@ extern "C" {
#define SSL_eNULL 0x00000020L
#define SSL_CHACHA20POLY1305 0x00000040L

Expand All @@ -106,7 +98,7 @@ index a6dfad5..e75b435 100644
#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM)

/* Bits for |algorithm_mac| (symmetric authentication). */
@@ -200,6 +213,10 @@ extern "C" {
@@ -200,6 +214,10 @@ extern "C" {
/* SSL_AEAD is set for all AEADs. */
#define SSL_AEAD 0x00000008L

Expand All @@ -117,7 +109,7 @@ index a6dfad5..e75b435 100644
/* Bits for |algorithm_prf| (handshake digest). */
#define SSL_HANDSHAKE_MAC_DEFAULT 0x1
#define SSL_HANDSHAKE_MAC_SHA256 0x2
@@ -2177,6 +2194,55 @@ void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock);
@@ -2261,6 +2279,51 @@ void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock);
/* ssl_reset_error_state resets state for |SSL_get_error|. */
void ssl_reset_error_state(SSL *ssl);

Expand All @@ -142,15 +134,11 @@ index a6dfad5..e75b435 100644
+ long ( EXPLICITSSL_CALL * BIO_ctrl )( BIO * bio, int cmd, long larg, void * parg );
+ _STACK * ( EXPLICITSSL_CALL * sk_new_null )( void );
+ size_t ( EXPLICITSSL_CALL * sk_push )( _STACK * sk, void * p );
+ void * ( EXPLICITSSL_CALL * sk_value )( const _STACK * sk, size_t i );
+ void ( EXPLICITSSL_CALL * sk_pop_free )( _STACK * sk, void( * free_func )( void * ) );
+ int ( EXPLICITSSL_CALL * ssl_get_new_session )( SSL_HANDSHAKE * hs, int is_server );
+ X509 * ( EXPLICITSSL_CALL * d2i_X509 )( X509 ** x, const unsigned char ** in, long len );
+ int ( EXPLICITSSL_CALL * X509_up_ref )( X509 * x );
+ void ( EXPLICITSSL_CALL * X509_free )( X509 * x );
+ void ( EXPLICITSSL_CALL * ERR_clear_error )( void );
+ void ( EXPLICITSSL_CALL * ERR_put_error )( int, int, int, const char * file, unsigned line );
+ const SSL_CIPHER * ( EXPLICITSSL_CALL * SSL_get_cipher_by_value )( uint16_t value );
+ CRYPTO_BUFFER * ( EXPLICITSSL_CALL * CRYPTO_BUFFER_new )( const uint8_t * data, size_t len, CRYPTO_BUFFER_POOL * pool );
+};
+//
+typedef struct boringssl_method_st BORINGSSL_METHOD;
Expand All @@ -174,12 +162,12 @@ index a6dfad5..e75b435 100644
#if defined(__cplusplus)
} /* extern C */
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 4a7459f..2a51a8a 100644
index a72b541..1048ad4 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -273,6 +273,19 @@ static const SSL_CIPHER kCiphers[] = {
SSL_HANDSHAKE_MAC_SHA256,
@@ -279,6 +279,19 @@ static const SSL_CIPHER kCiphers[] = {
},
#endif

+#if defined(GOSTSSL)
+ /* Cipher 81 (GOSTSSL) */
Expand All @@ -197,7 +185,7 @@ index 4a7459f..2a51a8a 100644
/* PSK cipher suites. */

/* Cipher 8C */
@@ -575,6 +588,19 @@ static const SSL_CIPHER kCiphers[] = {
@@ -583,6 +596,19 @@ static const SSL_CIPHER kCiphers[] = {
SSL_HANDSHAKE_MAC_SHA256,
},

Expand All @@ -217,7 +205,7 @@ index 4a7459f..2a51a8a 100644
};

static const size_t kCiphersLen = OPENSSL_ARRAY_SIZE(kCiphers);
@@ -1321,6 +1347,13 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method,
@@ -1333,6 +1359,13 @@ int ssl_create_cipher_list(
ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head,
&tail);

Expand All @@ -231,7 +219,7 @@ index 4a7459f..2a51a8a 100644
/* Temporarily enable everything else for sorting */
ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head,
&tail);
@@ -1644,6 +1677,9 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) {
@@ -1663,6 +1696,9 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) {

case SSL_AES256:
case SSL_AES256GCM:
Expand All @@ -242,10 +230,10 @@ index 4a7459f..2a51a8a 100644
alg_bits = 256;
strength_bits = 256;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e37f9f9..b20c713 100644
index 7adf103..7f2ce04 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -227,6 +227,88 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
@@ -227,6 +227,85 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) {
return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
}

Expand Down Expand Up @@ -277,15 +265,12 @@ index e37f9f9..b20c713 100644
+ BIO_ctrl,
+ sk_new_null,
+ sk_push,
+ sk_value,
+ sk_pop_free,
+ ssl_get_new_session,
+ d2i_X509,
+ X509_up_ref,
+ X509_free,
+
+ ERR_clear_error,
+ ERR_put_error,
+ SSL_get_cipher_by_value,
+ CRYPTO_BUFFER_new,
+};
+
+GOSTSSL_METHOD * gostssl()
Expand Down Expand Up @@ -334,7 +319,7 @@ index e37f9f9..b20c713 100644
SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
SSL_CTX *ret = NULL;

@@ -481,6 +563,13 @@ void SSL_free(SSL *ssl) {
@@ -464,6 +543,13 @@ void SSL_free(SSL *ssl) {
return;
}

Expand All @@ -345,10 +330,10 @@ index e37f9f9..b20c713 100644
+ }
+#endif
+
X509_VERIFY_PARAM_free(ssl->param);

ssl->ctx->x509_method->ssl_free(ssl);
CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data);
@@ -597,6 +686,19 @@ int SSL_do_handshake(SSL *ssl) {

@@ -579,6 +665,19 @@ int SSL_do_handshake(SSL *ssl) {
return -1;
}

Expand All @@ -368,7 +353,7 @@ index e37f9f9..b20c713 100644
/* Run the handshake. */
assert(ssl->s3->hs != NULL);
int ret = ssl->handshake_func(ssl->s3->hs);
@@ -722,6 +824,19 @@ static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) {
@@ -712,6 +811,19 @@ static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) {
}
}

Expand All @@ -388,7 +373,7 @@ index e37f9f9..b20c713 100644
int got_handshake;
int ret = ssl->method->read_app_data(ssl, &got_handshake, buf, num, peek);
if (ret > 0 || !got_handshake) {
@@ -770,6 +885,19 @@ int SSL_write(SSL *ssl, const void *buf, int num) {
@@ -766,6 +878,19 @@ int SSL_write(SSL *ssl, const void *buf, int num) {
}
}

Expand Down
27 changes: 8 additions & 19 deletions src/gostssl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -655,14 +655,16 @@ int gostssl_connect( SSL * s, int * is_gost )
}
}

// mimic ssl3_get_server_certificate (TODO: deprecated)
// mimic ssl3_get_server_certificate
{
STACK_OF( X509 ) * sk;
sk = ( STACK_OF( X509 ) * )bssls->sk_new_null();
STACK_OF( CRYPTO_BUFFER ) * sk;
sk = ( STACK_OF( CRYPTO_BUFFER ) * )bssls->sk_new_null();

if( !sk )
return 0;

s->s3->established_session->certs = sk;

std::vector<const char *> bufs;
std::vector<int> lens;
size_t count;
Expand All @@ -679,31 +681,18 @@ int gostssl_connect( SSL * s, int * is_gost )
{
for( size_t i = 0; i < count; i++ )
{
const unsigned char * buf = (const unsigned char *)bufs[i];
X509 * x = bssls->d2i_X509( NULL, &buf, lens[i] );
CRYPTO_BUFFER * buf = bssls->CRYPTO_BUFFER_new( (const uint8_t *)bufs[i], lens[i], s->ctx->pool );

if( !x )
if( !buf )
break;

bssls->sk_push( CHECKED_CAST( _STACK *, STACK_OF( X509 ) *, sk ), CHECKED_CAST( void *, X509 *, x ) );
bssls->sk_push( CHECKED_CAST( _STACK *, STACK_OF( CRYPTO_BUFFER ) *, sk ), CHECKED_CAST( void *, CRYPTO_BUFFER *, buf ) );
is_OK = true;
}
}

if( !is_OK )
return 0;

{
X509 * leaf = (X509 *)bssls->sk_value( CHECKED_CAST( _STACK *, const STACK_OF( X509 ) *, sk ), ( 0 ) );

bssls->sk_pop_free( CHECKED_CAST( _STACK *, STACK_OF( X509 ) *, s->s3->established_session->x509_chain ),
CHECKED_CAST( void( *)( void * ), void( *)( X509 * ), bssls->X509_free ) );

s->s3->established_session->x509_chain = sk;
bssls->X509_free( s->s3->established_session->x509_peer );
bssls->X509_up_ref( leaf );
s->s3->established_session->x509_peer = leaf;
}
}

// callback SSL_CB_HANDSHAKE_DONE
Expand Down

0 comments on commit cf1e003

Please sign in to comment.