Browse Source

Update 3.0.0-dev patches.

master
Hakase 1 month ago
parent
commit
2ff4fd05f1
Signed by: Hakase <hakase@hakase.app> GPG Key ID: BB2821A9E0DF48C9

+ 9
- 8
openssl-3.0.0-dev-chacha_draft.patch View File

@@ -318,7 +318,7 @@ index 242eaeb6ce..c8960d0e5c 100644
318 318
  #define LN_dhpublicnumber               "X9.42 DH"
319 319
  #define NID_dhpublicnumber              920
320 320
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
321
-index ea41dd089e..212c6eae89 100644
321
+index c7a830445b..8aa020669d 100644
322 322
 --- a/include/openssl/ssl.h
323 323
 +++ b/include/openssl/ssl.h
324 324
 @@ -125,6 +125,7 @@ extern "C" {
@@ -480,7 +480,7 @@ index 461a9debab..84f90c1621 100644
480 480
      } else if (c->algorithm_mac & SSL_AEAD) {
481 481
          /* We're supposed to have handled all the AEAD modes above */
482 482
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
483
-index 2d68691a0f..441242e581 100644
483
+index bd0d4210f4..709badc0b4 100644
484 484
 --- a/ssl/ssl_locl.h
485 485
 +++ b/ssl/ssl_locl.h
486 486
 @@ -234,12 +234,13 @@
@@ -499,11 +499,12 @@ index 2d68691a0f..441242e581 100644
499 499
  # define SSL_ARIA                (SSL_ARIAGCM)
500 500
  
501 501
 diff --git a/util/libcrypto.num b/util/libcrypto.num
502
-index b8b19801b2..84db7a524a 100644
502
+index cc88ac4652..7391b6f4e1 100644
503 503
 --- a/util/libcrypto.num
504 504
 +++ b/util/libcrypto.num
505
-@@ -4622,3 +4622,4 @@ CRYPTO_siv128_cleanup                   4577	3_0_0	EXIST::FUNCTION:SIV
506
- CRYPTO_siv128_speed                     4578	3_0_0	EXIST::FUNCTION:SIV
507
- OPENSSL_INIT_set_config_filename        4579	3_0_0	EXIST::FUNCTION:STDIO
508
- OPENSSL_INIT_set_config_file_flags      4580	3_0_0	EXIST::FUNCTION:STDIO
509
-+EVP_chacha20_poly1305_draft             4581	3_0_0	EXIST::FUNCTION:CHACHA,POLY1305_DRAFT
505
+@@ -4631,3 +4631,5 @@ CMS_add1_signing_cert_v2                4586	3_0_0	EXIST::FUNCTION:CMS
506
+ ESS_SIGNING_CERT_new_init               4587	3_0_0	EXIST::FUNCTION:
507
+ ESS_SIGNING_CERT_V2_new_init            4588	3_0_0	EXIST::FUNCTION:
508
+ ERR_load_ESS_strings                    4589	3_0_0	EXIST::FUNCTION:
509
++EVP_chacha20_poly1305_draft             4590	3_0_0	EXIST::FUNCTION:CHACHA,POLY1305_DRAFT
510
++

+ 19
- 19
openssl-equal-3.0.0-dev.patch View File

@@ -25,7 +25,7 @@ index e29c5d7ced..b5bca974c9 100644
25 25
  
26 26
  The following lists give the SSL or TLS cipher suites names from the
27 27
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
28
-index ea41dd089e..d795857d16 100644
28
+index c7a830445b..f538b6a41b 100644
29 29
 --- a/include/openssl/ssl.h
30 30
 +++ b/include/openssl/ssl.h
31 31
 @@ -173,12 +173,12 @@ extern "C" {
@@ -824,10 +824,10 @@ index 7b06878cef..4e03448e95 100644
824 824
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
825 825
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
826 826
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
827
-index ba606e35ed..59ae36a554 100644
827
+index 6d6060a212..e8e2e1890f 100644
828 828
 --- a/ssl/ssl_lib.c
829 829
 +++ b/ssl/ssl_lib.c
830
-@@ -1116,6 +1116,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
830
+@@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
831 831
      return X509_VERIFY_PARAM_set1(ssl->param, vpm);
832 832
  }
833 833
  
@@ -899,7 +899,7 @@ index ba606e35ed..59ae36a554 100644
899 899
  X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
900 900
  {
901 901
      return ctx->param;
902
-@@ -1160,7 +1225,8 @@ void SSL_free(SSL *s)
902
+@@ -1163,7 +1228,8 @@ void SSL_free(SSL *s)
903 903
      BUF_MEM_free(s->init_buf);
904 904
  
905 905
      /* add extra stuff */
@@ -909,7 +909,7 @@ index ba606e35ed..59ae36a554 100644
909 909
      sk_SSL_CIPHER_free(s->cipher_list_by_id);
910 910
      sk_SSL_CIPHER_free(s->tls13_ciphersuites);
911 911
  
912
-@@ -2450,9 +2516,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
912
+@@ -2498,9 +2564,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
913 913
  {
914 914
      if (s != NULL) {
915 915
          if (s->cipher_list != NULL) {
@@ -921,7 +921,7 @@ index ba606e35ed..59ae36a554 100644
921 921
          }
922 922
      }
923 923
      return NULL;
924
-@@ -2526,8 +2592,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
924
+@@ -2574,8 +2640,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
925 925
   * preference */
926 926
  STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
927 927
  {
@@ -932,7 +932,7 @@ index ba606e35ed..59ae36a554 100644
932 932
      return NULL;
933 933
  }
934 934
  
935
-@@ -2958,7 +3024,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
935
+@@ -3006,7 +3072,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
936 936
                                  ret->tls13_ciphersuites,
937 937
                                  &ret->cipher_list, &ret->cipher_list_by_id,
938 938
                                  SSL_DEFAULT_CIPHER_LIST, ret->cert)
@@ -941,7 +941,7 @@ index ba606e35ed..59ae36a554 100644
941 941
          SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
942 942
          goto err2;
943 943
      }
944
-@@ -3134,7 +3200,7 @@ void SSL_CTX_free(SSL_CTX *a)
944
+@@ -3182,7 +3248,7 @@ void SSL_CTX_free(SSL_CTX *a)
945 945
  #ifndef OPENSSL_NO_CT
946 946
      CTLOG_STORE_free(a->ctlog_store);
947 947
  #endif
@@ -950,7 +950,7 @@ index ba606e35ed..59ae36a554 100644
950 950
      sk_SSL_CIPHER_free(a->cipher_list_by_id);
951 951
      sk_SSL_CIPHER_free(a->tls13_ciphersuites);
952 952
      ssl_cert_free(a->cert);
953
-@@ -3812,13 +3878,15 @@ SSL *SSL_dup(SSL *s)
953
+@@ -3860,13 +3926,15 @@ SSL *SSL_dup(SSL *s)
954 954
  
955 955
      /* dup the cipher_list and cipher_list_by_id stacks */
956 956
      if (s->cipher_list != NULL) {
@@ -971,7 +971,7 @@ index ba606e35ed..59ae36a554 100644
971 971
      /* Dup the client_CA list */
972 972
      if (!dup_ca_names(&ret->ca_names, s->ca_names)
973 973
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
974
-index 2d68691a0f..92821b7df0 100644
974
+index bd0d4210f4..2c96db0618 100644
975 975
 --- a/ssl/ssl_locl.h
976 976
 +++ b/ssl/ssl_locl.h
977 977
 @@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st {
@@ -1022,7 +1022,7 @@ index 2d68691a0f..92821b7df0 100644
1022 1022
      /* same as above but sorted for lookup */
1023 1023
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1024 1024
      /* TLSv1.3 specific ciphersuites */
1025
-@@ -1084,6 +1121,8 @@ struct ssl_st {
1025
+@@ -1088,6 +1125,8 @@ struct ssl_st {
1026 1026
       * DTLS1_VERSION)
1027 1027
       */
1028 1028
      int version;
@@ -1031,7 +1031,7 @@ index 2d68691a0f..92821b7df0 100644
1031 1031
      /* SSLv3 */
1032 1032
      const SSL_METHOD *method;
1033 1033
      /*
1034
-@@ -1142,7 +1181,7 @@ struct ssl_st {
1034
+@@ -1146,7 +1185,7 @@ struct ssl_st {
1035 1035
      /* Per connection DANE state */
1036 1036
      SSL_DANE dane;
1037 1037
      /* crypto */
@@ -1040,7 +1040,7 @@ index 2d68691a0f..92821b7df0 100644
1040 1040
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1041 1041
      /* TLSv1.3 specific ciphersuites */
1042 1042
      STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
1043
-@@ -2269,7 +2308,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1043
+@@ -2277,7 +2316,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1044 1044
                                   const SSL_CIPHER *const *bp);
1045 1045
  __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1046 1046
                                                      STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@@ -1049,7 +1049,7 @@ index 2d68691a0f..92821b7df0 100644
1049 1049
                                                      STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1050 1050
                                                      const char *rule_str,
1051 1051
                                                      CERT *c);
1052
-@@ -2279,6 +2318,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1052
+@@ -2287,6 +2326,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1053 1053
                                  STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
1054 1054
                                  int fatal);
1055 1055
  void ssl_update_cache(SSL *s, int mode);
@@ -1063,7 +1063,7 @@ index 2d68691a0f..92821b7df0 100644
1063 1063
  __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
1064 1064
                                const EVP_MD **md, int *mac_pkey_type,
1065 1065
                                size_t *mac_secret_size, SSL_COMP **comp,
1066
-@@ -2362,7 +2408,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1066
+@@ -2370,7 +2416,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1067 1067
                                              CERT_PKEY *cpk);
1068 1068
  __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
1069 1069
                                              STACK_OF(SSL_CIPHER) *clnt,
@@ -1144,10 +1144,10 @@ index 6545f5727d..15786a7bfc 100644
1144 1144
          SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1145 1145
                   SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
1146 1146
 diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
1147
-index 1a9aa41b99..a08f4fa013 100644
1147
+index 2f78a3f602..5d5121d12b 100644
1148 1148
 --- a/ssl/statem/statem_lib.c
1149 1149
 +++ b/ssl/statem/statem_lib.c
1150
-@@ -1788,6 +1788,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1150
+@@ -1770,6 +1770,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1151 1151
          unsigned int best_vers = 0;
1152 1152
          const SSL_METHOD *best_method = NULL;
1153 1153
          PACKET versionslist;
@@ -1156,7 +1156,7 @@ index 1a9aa41b99..a08f4fa013 100644
1156 1156
  
1157 1157
          suppversions->parsed = 1;
1158 1158
  
1159
-@@ -1809,6 +1811,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1159
+@@ -1791,6 +1793,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1160 1160
              return SSL_R_BAD_LEGACY_VERSION;
1161 1161
  
1162 1162
          while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
@@ -1180,7 +1180,7 @@ index 1a9aa41b99..a08f4fa013 100644
1180 1180
              if (version_cmp(s, candidate_vers, best_vers) <= 0)
1181 1181
                  continue;
1182 1182
              if (ssl_version_supported(s, candidate_vers, &best_method))
1183
-@@ -1831,6 +1850,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1183
+@@ -1813,6 +1832,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1184 1184
              }
1185 1185
              check_for_downgrade(s, best_vers, dgrd);
1186 1186
              s->version = best_vers;

+ 18
- 18
openssl-equal-3.0.0-dev_ciphers.patch View File

@@ -859,10 +859,10 @@ index 7b06878cef..4e03448e95 100644
859 859
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
860 860
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
861 861
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
862
-index ba606e35ed..59ae36a554 100644
862
+index 6d6060a212..e8e2e1890f 100644
863 863
 --- a/ssl/ssl_lib.c
864 864
 +++ b/ssl/ssl_lib.c
865
-@@ -1116,6 +1116,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
865
+@@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
866 866
      return X509_VERIFY_PARAM_set1(ssl->param, vpm);
867 867
  }
868 868
  
@@ -934,7 +934,7 @@ index ba606e35ed..59ae36a554 100644
934 934
  X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
935 935
  {
936 936
      return ctx->param;
937
-@@ -1160,7 +1225,8 @@ void SSL_free(SSL *s)
937
+@@ -1163,7 +1228,8 @@ void SSL_free(SSL *s)
938 938
      BUF_MEM_free(s->init_buf);
939 939
  
940 940
      /* add extra stuff */
@@ -944,7 +944,7 @@ index ba606e35ed..59ae36a554 100644
944 944
      sk_SSL_CIPHER_free(s->cipher_list_by_id);
945 945
      sk_SSL_CIPHER_free(s->tls13_ciphersuites);
946 946
  
947
-@@ -2450,9 +2516,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
947
+@@ -2498,9 +2564,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
948 948
  {
949 949
      if (s != NULL) {
950 950
          if (s->cipher_list != NULL) {
@@ -956,7 +956,7 @@ index ba606e35ed..59ae36a554 100644
956 956
          }
957 957
      }
958 958
      return NULL;
959
-@@ -2526,8 +2592,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
959
+@@ -2574,8 +2640,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
960 960
   * preference */
961 961
  STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
962 962
  {
@@ -967,7 +967,7 @@ index ba606e35ed..59ae36a554 100644
967 967
      return NULL;
968 968
  }
969 969
  
970
-@@ -2958,7 +3024,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
970
+@@ -3006,7 +3072,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
971 971
                                  ret->tls13_ciphersuites,
972 972
                                  &ret->cipher_list, &ret->cipher_list_by_id,
973 973
                                  SSL_DEFAULT_CIPHER_LIST, ret->cert)
@@ -976,7 +976,7 @@ index ba606e35ed..59ae36a554 100644
976 976
          SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
977 977
          goto err2;
978 978
      }
979
-@@ -3134,7 +3200,7 @@ void SSL_CTX_free(SSL_CTX *a)
979
+@@ -3182,7 +3248,7 @@ void SSL_CTX_free(SSL_CTX *a)
980 980
  #ifndef OPENSSL_NO_CT
981 981
      CTLOG_STORE_free(a->ctlog_store);
982 982
  #endif
@@ -985,7 +985,7 @@ index ba606e35ed..59ae36a554 100644
985 985
      sk_SSL_CIPHER_free(a->cipher_list_by_id);
986 986
      sk_SSL_CIPHER_free(a->tls13_ciphersuites);
987 987
      ssl_cert_free(a->cert);
988
-@@ -3812,13 +3878,15 @@ SSL *SSL_dup(SSL *s)
988
+@@ -3860,13 +3926,15 @@ SSL *SSL_dup(SSL *s)
989 989
  
990 990
      /* dup the cipher_list and cipher_list_by_id stacks */
991 991
      if (s->cipher_list != NULL) {
@@ -1006,7 +1006,7 @@ index ba606e35ed..59ae36a554 100644
1006 1006
      /* Dup the client_CA list */
1007 1007
      if (!dup_ca_names(&ret->ca_names, s->ca_names)
1008 1008
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
1009
-index 2d68691a0f..92821b7df0 100644
1009
+index bd0d4210f4..2c96db0618 100644
1010 1010
 --- a/ssl/ssl_locl.h
1011 1011
 +++ b/ssl/ssl_locl.h
1012 1012
 @@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st {
@@ -1057,7 +1057,7 @@ index 2d68691a0f..92821b7df0 100644
1057 1057
      /* same as above but sorted for lookup */
1058 1058
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1059 1059
      /* TLSv1.3 specific ciphersuites */
1060
-@@ -1084,6 +1121,8 @@ struct ssl_st {
1060
+@@ -1088,6 +1125,8 @@ struct ssl_st {
1061 1061
       * DTLS1_VERSION)
1062 1062
       */
1063 1063
      int version;
@@ -1066,7 +1066,7 @@ index 2d68691a0f..92821b7df0 100644
1066 1066
      /* SSLv3 */
1067 1067
      const SSL_METHOD *method;
1068 1068
      /*
1069
-@@ -1142,7 +1181,7 @@ struct ssl_st {
1069
+@@ -1146,7 +1185,7 @@ struct ssl_st {
1070 1070
      /* Per connection DANE state */
1071 1071
      SSL_DANE dane;
1072 1072
      /* crypto */
@@ -1075,7 +1075,7 @@ index 2d68691a0f..92821b7df0 100644
1075 1075
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1076 1076
      /* TLSv1.3 specific ciphersuites */
1077 1077
      STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
1078
-@@ -2269,7 +2308,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1078
+@@ -2277,7 +2316,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1079 1079
                                   const SSL_CIPHER *const *bp);
1080 1080
  __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1081 1081
                                                      STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@@ -1084,7 +1084,7 @@ index 2d68691a0f..92821b7df0 100644
1084 1084
                                                      STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1085 1085
                                                      const char *rule_str,
1086 1086
                                                      CERT *c);
1087
-@@ -2279,6 +2318,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1087
+@@ -2287,6 +2326,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1088 1088
                                  STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
1089 1089
                                  int fatal);
1090 1090
  void ssl_update_cache(SSL *s, int mode);
@@ -1098,7 +1098,7 @@ index 2d68691a0f..92821b7df0 100644
1098 1098
  __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
1099 1099
                                const EVP_MD **md, int *mac_pkey_type,
1100 1100
                                size_t *mac_secret_size, SSL_COMP **comp,
1101
-@@ -2362,7 +2408,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1101
+@@ -2370,7 +2416,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1102 1102
                                              CERT_PKEY *cpk);
1103 1103
  __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
1104 1104
                                              STACK_OF(SSL_CIPHER) *clnt,
@@ -1179,10 +1179,10 @@ index 6545f5727d..15786a7bfc 100644
1179 1179
          SSLfatal(s, SSL_AD_INTERNAL_ERROR,
1180 1180
                   SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
1181 1181
 diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
1182
-index 1a9aa41b99..a08f4fa013 100644
1182
+index 2f78a3f602..5d5121d12b 100644
1183 1183
 --- a/ssl/statem/statem_lib.c
1184 1184
 +++ b/ssl/statem/statem_lib.c
1185
-@@ -1788,6 +1788,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1185
+@@ -1770,6 +1770,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1186 1186
          unsigned int best_vers = 0;
1187 1187
          const SSL_METHOD *best_method = NULL;
1188 1188
          PACKET versionslist;
@@ -1191,7 +1191,7 @@ index 1a9aa41b99..a08f4fa013 100644
1191 1191
  
1192 1192
          suppversions->parsed = 1;
1193 1193
  
1194
-@@ -1809,6 +1811,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1194
+@@ -1791,6 +1793,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1195 1195
              return SSL_R_BAD_LEGACY_VERSION;
1196 1196
  
1197 1197
          while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
@@ -1215,7 +1215,7 @@ index 1a9aa41b99..a08f4fa013 100644
1215 1215
              if (version_cmp(s, candidate_vers, best_vers) <= 0)
1216 1216
                  continue;
1217 1217
              if (ssl_version_supported(s, candidate_vers, &best_method))
1218
-@@ -1831,6 +1850,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1218
+@@ -1813,6 +1832,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
1219 1219
              }
1220 1220
              check_for_downgrade(s, best_vers, dgrd);
1221 1221
              s->version = best_vers;

Loading…
Cancel
Save