openresty/patches/openssl-1.0.2h-sess_set_get_cb_yield.patch

diff -urp openssl-1.0.2h/ssl/s3_srvr.c openssl-1.0.2h-patched/ssl/s3_srvr.c
--- openssl-1.0.2h/ssl/s3_srvr.c	2016-05-03 06:44:42.000000000 -0700
+++ openssl-1.0.2h-patched/ssl/s3_srvr.c	2016-07-19 19:18:03.779159083 -0700
@@ -358,14 +358,20 @@ int ssl3_accept(SSL *s)
         case SSL3_ST_SR_CLNT_HELLO_A:
         case SSL3_ST_SR_CLNT_HELLO_B:
         case SSL3_ST_SR_CLNT_HELLO_C:
+        case SSL3_ST_SR_CLNT_HELLO_D:
 
             s->shutdown = 0;
             ret = ssl3_get_client_hello(s);
+            if (ret == PENDING_SESSION) {
+                s->state = SSL3_ST_SR_CLNT_HELLO_D;
+                s->rwstate = SSL_PENDING_SESSION;
+                goto end;
+            }
             if (ret <= 0)
                 goto end;
 #ifndef OPENSSL_NO_SRP
-            s->state = SSL3_ST_SR_CLNT_HELLO_D;
-        case SSL3_ST_SR_CLNT_HELLO_D:
+            s->state = SSL3_ST_SR_CLNT_HELLO_E;
+        case SSL3_ST_SR_CLNT_HELLO_E:
             {
                 int al;
                 if ((ret = ssl_check_srp_ext_ClientHello(s, &al)) < 0) {
@@ -925,16 +931,25 @@ int ssl3_get_client_hello(SSL *s)
     if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
         s->state = SSL3_ST_SR_CLNT_HELLO_B;
     }
-    s->first_packet = 1;
-    n = s->method->ssl_get_message(s,
-                                   SSL3_ST_SR_CLNT_HELLO_B,
-                                   SSL3_ST_SR_CLNT_HELLO_C,
-                                   SSL3_MT_CLIENT_HELLO,
-                                   SSL3_RT_MAX_PLAIN_LENGTH, &ok);
-
-    if (!ok)
-        return ((int)n);
-    s->first_packet = 0;
+
+    if (s->state != SSL3_ST_SR_CLNT_HELLO_D) {
+        s->first_packet = 1;
+        n = s->method->ssl_get_message(s,
+                                       SSL3_ST_SR_CLNT_HELLO_B,
+                                       SSL3_ST_SR_CLNT_HELLO_C,
+                                       SSL3_MT_CLIENT_HELLO,
+                                       SSL3_RT_MAX_PLAIN_LENGTH, &ok);
+ 
+        if (!ok)
+            return ((int)n);
+        s->first_packet = 0;
+    } else {
+        /* We have previously parsed the ClientHello message, and can't
+         * call ssl_get_message again without hashing the message into
+         * the Finished digest again. */
+        n = s->init_num;
+    }
+
     d = p = (unsigned char *)s->init_msg;
 
     /*
@@ -1041,15 +1056,26 @@ int ssl3_get_client_hello(SSL *s)
         if (i == 1 && s->version == s->session->ssl_version) { /* previous
                                                                 * session */
             s->hit = 1;
-        } else if (i == -1)
+        } else if (i == -1) {
+            goto err;
+        } else if (i == PENDING_SESSION) {
+            ret = PENDING_SESSION;
             goto err;
-        else {                  /* i == 0 */
+        } else {                /* i == 0 */
 
             if (!ssl_get_new_session(s, 1))
                 goto err;
         }
     }
 
+    /*
+     * Switch to server state ClientHello C once the session lookup
+     * is finished so it can proceed with original state loop.
+     */
+    if (s->state == SSL3_ST_SR_CLNT_HELLO_D) {
+        s->state = SSL3_ST_SR_CLNT_HELLO_C;
+    }
+
     p += j;
 
     if (SSL_IS_DTLS(s)) {
diff -urp openssl-1.0.2h/ssl/ssl3.h openssl-1.0.2h-patched/ssl/ssl3.h
--- openssl-1.0.2h/ssl/ssl3.h	2016-05-03 06:44:42.000000000 -0700
+++ openssl-1.0.2h-patched/ssl/ssl3.h	2016-07-19 19:15:54.117778328 -0700
@@ -698,6 +698,7 @@ typedef struct ssl3_state_st {
 # define SSL3_ST_SR_CLNT_HELLO_B         (0x111|SSL_ST_ACCEPT)
 # define SSL3_ST_SR_CLNT_HELLO_C         (0x112|SSL_ST_ACCEPT)
 # define SSL3_ST_SR_CLNT_HELLO_D         (0x115|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CLNT_HELLO_E         (0x116|SSL_ST_ACCEPT)
 /* write to client */
 # define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
 # define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
diff -urp openssl-1.0.2h/ssl/ssl.h openssl-1.0.2h-patched/ssl/ssl.h
--- openssl-1.0.2h/ssl/ssl.h	2016-05-03 06:44:42.000000000 -0700
+++ openssl-1.0.2h-patched/ssl/ssl.h	2016-07-19 19:19:44.699562938 -0700
@@ -1243,6 +1243,13 @@ void SSL_CTX_sess_set_get_cb(SSL_CTX *ct
 SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
                                                        unsigned char *Data,
                                                        int len, int *copy);
+
+/* SSL_magic_pending_session_ptr returns a magic SSL_SESSION* which indicates
+ * that the session isn't currently unavailable. SSL_get_error will then return
+ * SSL_ERROR_PENDING_SESSION and the handshake can be retried later when the
+ * lookup has completed. */
+SSL_SESSION *SSL_magic_pending_session_ptr(void);
+
 void SSL_CTX_set_info_callback(SSL_CTX *ctx,
                                void (*cb) (const SSL *ssl, int type,
                                            int val));
@@ -1408,11 +1415,14 @@ int SSL_extension_supported(unsigned int
 # define SSL_READING     3
 # define SSL_X509_LOOKUP 4
 
+# define SSL_PENDING_SESSION 7
+
 /* These will only be used when doing non-blocking IO */
 # define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
 # define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
 # define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
 # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
+# define SSL_want_session(s)     (SSL_want(s) == SSL_PENDING_SESSION)
 
 # define SSL_MAC_FLAG_READ_MAC_STREAM 1
 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
@@ -1865,6 +1875,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_ERROR_ZERO_RETURN           6
 # define SSL_ERROR_WANT_CONNECT          7
 # define SSL_ERROR_WANT_ACCEPT           8
+# define SSL_ERROR_PENDING_SESSION       11
 # define SSL_CTRL_NEED_TMP_RSA                   1
 # define SSL_CTRL_SET_TMP_RSA                    2
 # define SSL_CTRL_SET_TMP_DH                     3
diff -urp openssl-1.0.2h/ssl/ssl_lib.c openssl-1.0.2h-patched/ssl/ssl_lib.c
--- openssl-1.0.2h/ssl/ssl_lib.c	2016-05-03 06:44:42.000000000 -0700
+++ openssl-1.0.2h-patched/ssl/ssl_lib.c	2016-07-19 19:21:04.032021549 -0700
@@ -2709,6 +2709,9 @@ int SSL_get_error(const SSL *s, int i)
             return (SSL_ERROR_SSL);
     }
 
+    if ((i < 0) && SSL_want_session(s))
+        return (SSL_ERROR_PENDING_SESSION);
+
     if ((i < 0) && SSL_want_read(s)) {
         bio = SSL_get_rbio(s);
         if (BIO_should_read(bio))
diff -urp openssl-1.0.2h/ssl/ssl_locl.h openssl-1.0.2h-patched/ssl/ssl_locl.h
--- openssl-1.0.2h/ssl/ssl_locl.h	2016-05-03 06:44:42.000000000 -0700
+++ openssl-1.0.2h-patched/ssl/ssl_locl.h	2016-07-19 19:15:54.117778328 -0700
@@ -518,6 +518,8 @@
 #define CERT_PRIVATE_KEY        2
 */
 
+# define PENDING_SESSION        -10000
+
 # ifndef OPENSSL_NO_EC
 /*
  * From ECC-TLS draft, used in encoding the curve type in ECParameters
diff -urp openssl-1.0.2h/ssl/ssl_sess.c openssl-1.0.2h-patched/ssl/ssl_sess.c
--- openssl-1.0.2h/ssl/ssl_sess.c	2016-05-03 06:44:42.000000000 -0700
+++ openssl-1.0.2h-patched/ssl/ssl_sess.c	2016-07-19 19:15:54.118778298 -0700
@@ -143,10 +143,20 @@
 #endif
 #include "ssl_locl.h"
 
+/* The address of this is a magic value, a pointer to which is returned by
+ * SSL_magic_pending_session_ptr(). It allows a session callback to indicate
+ * that it needs to asynchronously fetch session information. */
+static char g_pending_session_magic;
+
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
 static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
 
+SSL_SESSION *SSL_magic_pending_session_ptr()
+{
+    return (SSL_SESSION*) &g_pending_session_magic;
+}
+
 SSL_SESSION *SSL_get_session(const SSL *ssl)
 /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
 {
@@ -626,6 +636,12 @@ int ssl_get_prev_session(SSL *s, unsigne
         int copy = 1;
 
         if ((ret = s->session_ctx->get_session_cb(s, session_id, len, &copy))) {
+            if (ret == SSL_magic_pending_session_ptr()) {
+                /* This is a magic value which indicates that
+                 * the callback needs to unwind the stack and
+                 * figure out the session asynchronously. */
+                return PENDING_SESSION;
+            }
             s->session_ctx->stats.sess_cb_hit++;
 
             /*
diff -urp openssl-1.0.2h/ssl/ssl_stat.c openssl-1.0.2h-patched/ssl/ssl_stat.c
--- openssl-1.0.2h/ssl/ssl_stat.c	2016-05-03 06:44:42.000000000 -0700
+++ openssl-1.0.2h-patched/ssl/ssl_stat.c	2016-07-19 19:15:54.118778298 -0700
@@ -353,6 +353,12 @@ const char *SSL_state_string_long(const
     case SSL3_ST_SR_CLNT_HELLO_C:
         str = "SSLv3 read client hello C";
         break;
+    case SSL3_ST_SR_CLNT_HELLO_D:
+        str = "SSLv3 read client hello D";
+        break;
+    case SSL3_ST_SR_CLNT_HELLO_E:
+        str = "SSLv3 read client hello E";
+        break;
     case SSL3_ST_SW_HELLO_REQ_A:
         str = "SSLv3 write hello request A";
         break;
@@ -737,6 +743,12 @@ const char *SSL_state_string(const SSL *
     case SSL3_ST_SR_CLNT_HELLO_C:
         str = "3RCH_C";
         break;
+    case SSL3_ST_SR_CLNT_HELLO_D:
+        str = "3RCH_D";
+        break;
+    case SSL3_ST_SR_CLNT_HELLO_E:
+        str = "3RCH_E";
+        break;
     case SSL3_ST_SW_SRVR_HELLO_A:
         str = "3WSH_A";
         break;