diff --git a/build_linux/chromium-gost-env.sh b/build_linux/chromium-gost-env.sh index d9755fb..591ce9c 100755 --- a/build_linux/chromium-gost-env.sh +++ b/build_linux/chromium-gost-env.sh @@ -1,4 +1,4 @@ -export CHROMIUM_TAG=58.0.3029.110 +export CHROMIUM_TAG=59.0.3071.86 export CHROMIUM_PATH=/c/chromium/src export BORINGSSL_PATH=$CHROMIUM_PATH/third_party/boringssl/src export DEPOT_TOOLS_PATH=/c/depot_tools/ diff --git a/build_windows/chromium-gost-env.bat b/build_windows/chromium-gost-env.bat index 7ef3780..5ada03e 100644 --- a/build_windows/chromium-gost-env.bat +++ b/build_windows/chromium-gost-env.bat @@ -1,4 +1,4 @@ -set CHROMIUM_TAG=58.0.3029.110 +set CHROMIUM_TAG=59.0.3071.86 set CHROMIUM_PATH=u:\chromium\src set BORINGSSL_PATH=%CHROMIUM_PATH%\third_party\boringssl\src set DEPOT_TOOLS_PATH=u:\depot_tools\ diff --git a/patch/boringssl.patch b/patch/boringssl.patch index 193ccbf..6026281 100644 --- a/patch/boringssl.patch +++ b/patch/boringssl.patch @@ -1,18 +1,18 @@ -From fd9e23f9b1bf40b2874d046454b6bd22976b6f53 Mon Sep 17 00:00:00 2001 +From 0df0a5760c3d879a539e310042a22cde25a29520 Mon Sep 17 00:00:00 2001 From: Dmitrii Pichulin -Date: Mon, 24 Apr 2017 13:25:48 +0300 +Date: Tue, 6 Jun 2017 11:17:25 +0300 Subject: [PATCH] added GOSTSSL --- include/openssl/ssl.h | 8 ++++ ssl/handshake_client.c | 11 +++++ - ssl/internal.h | 68 +++++++++++++++++++++++++- + ssl/internal.h | 63 +++++++++++++++++++++++++ ssl/ssl_cipher.c | 36 ++++++++++++++ - ssl/ssl_lib.c | 128 +++++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 250 insertions(+), 1 deletion(-) + ssl/ssl_lib.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 243 insertions(+) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index 3131539..fcc1fd5 100644 +index 6a6cd85..c63a803 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -163,6 +163,10 @@ @@ -26,7 +26,7 @@ index 3131539..fcc1fd5 100644 #if defined(__cplusplus) extern "C" { #endif -@@ -4282,6 +4286,10 @@ BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) +@@ -4453,6 +4457,10 @@ BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) #endif @@ -38,10 +38,10 @@ index 3131539..fcc1fd5 100644 #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 101 #define SSL_R_BAD_ALERT 102 diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c -index c4f5e8e..477587c 100644 +index 7eddd35..5c320bd 100644 --- a/ssl/handshake_client.c +++ b/ssl/handshake_client.c -@@ -960,6 +960,17 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) { +@@ -985,6 +985,17 @@ static int ssl3_get_server_hello(SSL_HANDSHAKE *hs) { } hs->new_cipher = c; @@ -60,18 +60,10 @@ index c4f5e8e..477587c 100644 * ServerHello. */ if (!SSL_TRANSCRIPT_init_hash(&hs->transcript, ssl3_protocol_version(ssl), diff --git a/ssl/internal.h b/ssl/internal.h -index a6dfad5..e75b435 100644 +index 2504ca0..83dd886 100644 --- a/ssl/internal.h +++ b/ssl/internal.h -@@ -162,7 +162,6 @@ OPENSSL_MSVC_PRAGMA(warning(pop)) - extern "C" { - #endif - -- - /* Cipher suites. */ - - /* Bits for |algorithm_mkey| (key exchange algorithm). */ -@@ -173,6 +172,11 @@ extern "C" { +@@ -173,6 +173,11 @@ extern "C" { #define SSL_kPSK 0x00000008L #define SSL_kGENERIC 0x00000010L @@ -83,7 +75,7 @@ index a6dfad5..e75b435 100644 /* Bits for |algorithm_auth| (server authentication). */ #define SSL_aRSA 0x00000001L #define SSL_aECDSA 0x00000002L -@@ -180,6 +184,11 @@ extern "C" { +@@ -180,6 +185,11 @@ extern "C" { #define SSL_aPSK 0x00000004L #define SSL_aGENERIC 0x00000008L @@ -95,7 +87,7 @@ index a6dfad5..e75b435 100644 #define SSL_aCERT (SSL_aRSA | SSL_aECDSA) /* Bits for |algorithm_enc| (symmetric encryption). */ -@@ -191,6 +200,10 @@ extern "C" { +@@ -191,6 +201,10 @@ extern "C" { #define SSL_eNULL 0x00000020L #define SSL_CHACHA20POLY1305 0x00000040L @@ -106,7 +98,7 @@ index a6dfad5..e75b435 100644 #define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM) /* Bits for |algorithm_mac| (symmetric authentication). */ -@@ -200,6 +213,10 @@ extern "C" { +@@ -200,6 +214,10 @@ extern "C" { /* SSL_AEAD is set for all AEADs. */ #define SSL_AEAD 0x00000008L @@ -117,7 +109,7 @@ index a6dfad5..e75b435 100644 /* Bits for |algorithm_prf| (handshake digest). */ #define SSL_HANDSHAKE_MAC_DEFAULT 0x1 #define SSL_HANDSHAKE_MAC_SHA256 0x2 -@@ -2177,6 +2194,55 @@ void ssl_get_current_time(const SSL *ssl, struct timeval *out_clock); +@@ -2261,6 +2279,51 @@ void ssl_get_current_time(const SSL *ssl, struct OPENSSL_timeval *out_clock); /* ssl_reset_error_state resets state for |SSL_get_error|. */ void ssl_reset_error_state(SSL *ssl); @@ -142,15 +134,11 @@ index a6dfad5..e75b435 100644 + long ( EXPLICITSSL_CALL * BIO_ctrl )( BIO * bio, int cmd, long larg, void * parg ); + _STACK * ( EXPLICITSSL_CALL * sk_new_null )( void ); + size_t ( EXPLICITSSL_CALL * sk_push )( _STACK * sk, void * p ); -+ void * ( EXPLICITSSL_CALL * sk_value )( const _STACK * sk, size_t i ); -+ void ( EXPLICITSSL_CALL * sk_pop_free )( _STACK * sk, void( * free_func )( void * ) ); + int ( EXPLICITSSL_CALL * ssl_get_new_session )( SSL_HANDSHAKE * hs, int is_server ); -+ X509 * ( EXPLICITSSL_CALL * d2i_X509 )( X509 ** x, const unsigned char ** in, long len ); -+ int ( EXPLICITSSL_CALL * X509_up_ref )( X509 * x ); -+ void ( EXPLICITSSL_CALL * X509_free )( X509 * x ); + void ( EXPLICITSSL_CALL * ERR_clear_error )( void ); + void ( EXPLICITSSL_CALL * ERR_put_error )( int, int, int, const char * file, unsigned line ); + const SSL_CIPHER * ( EXPLICITSSL_CALL * SSL_get_cipher_by_value )( uint16_t value ); ++ CRYPTO_BUFFER * ( EXPLICITSSL_CALL * CRYPTO_BUFFER_new )( const uint8_t * data, size_t len, CRYPTO_BUFFER_POOL * pool ); +}; +// +typedef struct boringssl_method_st BORINGSSL_METHOD; @@ -174,12 +162,12 @@ index a6dfad5..e75b435 100644 #if defined(__cplusplus) } /* extern C */ diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c -index 4a7459f..2a51a8a 100644 +index a72b541..1048ad4 100644 --- a/ssl/ssl_cipher.c +++ b/ssl/ssl_cipher.c -@@ -273,6 +273,19 @@ static const SSL_CIPHER kCiphers[] = { - SSL_HANDSHAKE_MAC_SHA256, +@@ -279,6 +279,19 @@ static const SSL_CIPHER kCiphers[] = { }, + #endif +#if defined(GOSTSSL) + /* Cipher 81 (GOSTSSL) */ @@ -197,7 +185,7 @@ index 4a7459f..2a51a8a 100644 /* PSK cipher suites. */ /* Cipher 8C */ -@@ -575,6 +588,19 @@ static const SSL_CIPHER kCiphers[] = { +@@ -583,6 +596,19 @@ static const SSL_CIPHER kCiphers[] = { SSL_HANDSHAKE_MAC_SHA256, }, @@ -217,7 +205,7 @@ index 4a7459f..2a51a8a 100644 }; static const size_t kCiphersLen = OPENSSL_ARRAY_SIZE(kCiphers); -@@ -1321,6 +1347,13 @@ ssl_create_cipher_list(const SSL_PROTOCOL_METHOD *ssl_method, +@@ -1333,6 +1359,13 @@ int ssl_create_cipher_list( ssl_cipher_apply_rule(0, ~0u, ~0u, SSL_3DES, ~0u, 0, CIPHER_ADD, -1, 0, &head, &tail); @@ -231,7 +219,7 @@ index 4a7459f..2a51a8a 100644 /* Temporarily enable everything else for sorting */ ssl_cipher_apply_rule(0, ~0u, ~0u, ~0u, ~0u, 0, CIPHER_ADD, -1, 0, &head, &tail); -@@ -1644,6 +1677,9 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) { +@@ -1663,6 +1696,9 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) { case SSL_AES256: case SSL_AES256GCM: @@ -242,10 +230,10 @@ index 4a7459f..2a51a8a 100644 alg_bits = 256; strength_bits = 256; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index e37f9f9..b20c713 100644 +index 7adf103..7f2ce04 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -227,6 +227,88 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { +@@ -227,6 +227,85 @@ static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b) { return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length); } @@ -277,15 +265,12 @@ index e37f9f9..b20c713 100644 + BIO_ctrl, + sk_new_null, + sk_push, -+ sk_value, -+ sk_pop_free, + ssl_get_new_session, -+ d2i_X509, -+ X509_up_ref, -+ X509_free, ++ + ERR_clear_error, + ERR_put_error, + SSL_get_cipher_by_value, ++ CRYPTO_BUFFER_new, +}; + +GOSTSSL_METHOD * gostssl() @@ -334,7 +319,7 @@ index e37f9f9..b20c713 100644 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) { SSL_CTX *ret = NULL; -@@ -481,6 +563,13 @@ void SSL_free(SSL *ssl) { +@@ -464,6 +543,13 @@ void SSL_free(SSL *ssl) { return; } @@ -345,10 +330,10 @@ index e37f9f9..b20c713 100644 + } +#endif + - X509_VERIFY_PARAM_free(ssl->param); - + ssl->ctx->x509_method->ssl_free(ssl); CRYPTO_free_ex_data(&g_ex_data_class_ssl, ssl, &ssl->ex_data); -@@ -597,6 +686,19 @@ int SSL_do_handshake(SSL *ssl) { + +@@ -579,6 +665,19 @@ int SSL_do_handshake(SSL *ssl) { return -1; } @@ -368,7 +353,7 @@ index e37f9f9..b20c713 100644 /* Run the handshake. */ assert(ssl->s3->hs != NULL); int ret = ssl->handshake_func(ssl->s3->hs); -@@ -722,6 +824,19 @@ static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) { +@@ -712,6 +811,19 @@ static int ssl_read_impl(SSL *ssl, void *buf, int num, int peek) { } } @@ -388,7 +373,7 @@ index e37f9f9..b20c713 100644 int got_handshake; int ret = ssl->method->read_app_data(ssl, &got_handshake, buf, num, peek); if (ret > 0 || !got_handshake) { -@@ -770,6 +885,19 @@ int SSL_write(SSL *ssl, const void *buf, int num) { +@@ -766,6 +878,19 @@ int SSL_write(SSL *ssl, const void *buf, int num) { } } diff --git a/src/gostssl.cpp b/src/gostssl.cpp index 94c47aa..bc6a33e 100644 --- a/src/gostssl.cpp +++ b/src/gostssl.cpp @@ -655,14 +655,16 @@ int gostssl_connect( SSL * s, int * is_gost ) } } - // mimic ssl3_get_server_certificate (TODO: deprecated) + // mimic ssl3_get_server_certificate { - STACK_OF( X509 ) * sk; - sk = ( STACK_OF( X509 ) * )bssls->sk_new_null(); + STACK_OF( CRYPTO_BUFFER ) * sk; + sk = ( STACK_OF( CRYPTO_BUFFER ) * )bssls->sk_new_null(); if( !sk ) return 0; + s->s3->established_session->certs = sk; + std::vector bufs; std::vector lens; size_t count; @@ -679,31 +681,18 @@ int gostssl_connect( SSL * s, int * is_gost ) { for( size_t i = 0; i < count; i++ ) { - const unsigned char * buf = (const unsigned char *)bufs[i]; - X509 * x = bssls->d2i_X509( NULL, &buf, lens[i] ); + CRYPTO_BUFFER * buf = bssls->CRYPTO_BUFFER_new( (const uint8_t *)bufs[i], lens[i], s->ctx->pool ); - if( !x ) + if( !buf ) break; - bssls->sk_push( CHECKED_CAST( _STACK *, STACK_OF( X509 ) *, sk ), CHECKED_CAST( void *, X509 *, x ) ); + bssls->sk_push( CHECKED_CAST( _STACK *, STACK_OF( CRYPTO_BUFFER ) *, sk ), CHECKED_CAST( void *, CRYPTO_BUFFER *, buf ) ); is_OK = true; } } if( !is_OK ) return 0; - - { - X509 * leaf = (X509 *)bssls->sk_value( CHECKED_CAST( _STACK *, const STACK_OF( X509 ) *, sk ), ( 0 ) ); - - bssls->sk_pop_free( CHECKED_CAST( _STACK *, STACK_OF( X509 ) *, s->s3->established_session->x509_chain ), - CHECKED_CAST( void( *)( void * ), void( *)( X509 * ), bssls->X509_free ) ); - - s->s3->established_session->x509_chain = sk; - bssls->X509_free( s->s3->established_session->x509_peer ); - bssls->X509_up_ref( leaf ); - s->s3->established_session->x509_peer = leaf; - } } // callback SSL_CB_HANDSHAKE_DONE