Browse Source

Latest update - CHACHA20-DRAFT

master
Hakase 1 month ago
parent
commit
6c606b09f8
Signed by: Hakase <hakase@hakase.app> GPG Key ID: BB2821A9E0DF48C9

+ 18
- 18
openssl-1.1.1b-chacha_draft.patch View File

@@ -220,7 +220,7 @@ index c1917bb86a..ea64c6b70e 100644
220 220
  # endif
221 221
  #endif
222 222
 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
223
-index 9ab1a14b9e..5c141b9011 100644
223
+index 9ab1a14b9e..ba3e602186 100644
224 224
 --- a/crypto/objects/obj_dat.h
225 225
 +++ b/crypto/objects/obj_dat.h
226 226
 @@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
@@ -236,7 +236,7 @@ index 9ab1a14b9e..5c141b9011 100644
236 236
      {"magma-mac", "magma-mac", NID_magma_mac},
237 237
      {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
238 238
      {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
239
-+    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
239
++    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
240 240
  };
241 241
  
242 242
 -#define NUM_SN 1186
@@ -248,7 +248,7 @@ index 9ab1a14b9e..5c141b9011 100644
248 248
       417,    /* "CSPName" */
249 249
      1019,    /* "ChaCha20" */
250 250
      1018,    /* "ChaCha20-Poly1305" */
251
-+    1195,    /* "chacha20-poly1305-draft" */
251
++    1195,    /* "ChaCha20-Poly1305-D" */
252 252
       367,    /* "CrlID" */
253 253
       391,    /* "DC" */
254 254
        31,    /* "DES-CBC" */
@@ -265,7 +265,7 @@ index 9ab1a14b9e..5c141b9011 100644
265 265
       883,    /* "certificateRevocationList" */
266 266
      1019,    /* "chacha20" */
267 267
      1018,    /* "chacha20-poly1305" */
268
-+    1195,    /* "ChaCha20-Poly1305-D" */
268
++    1195,    /* "chacha20-poly1305-draft" */
269 269
        54,    /* "challengePassword" */
270 270
       407,    /* "characteristic-two-field" */
271 271
       395,    /* "clearance" */
@@ -291,7 +291,7 @@ index 6dbc41ce37..581169eda8 100644
291 291
  
292 292
  ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
293 293
 diff --git a/include/openssl/evp.h b/include/openssl/evp.h
294
-index cfc33f6a8c..ea097d8105 100644
294
+index e2416724e6..de1cb8c7c1 100644
295 295
 --- a/include/openssl/evp.h
296 296
 +++ b/include/openssl/evp.h
297 297
 @@ -915,6 +915,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
@@ -303,22 +303,22 @@ index cfc33f6a8c..ea097d8105 100644
303 303
  # endif
304 304
  
305 305
 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
306
-index 31fad4640f..47ff8270c9 100644
306
+index 31fad4640f..f3669a46c9 100644
307 307
 --- a/include/openssl/obj_mac.h
308 308
 +++ b/include/openssl/obj_mac.h
309
-@@ -4811,6 +4811,10 @@
310
- #define LN_chacha20             "chacha20"
311
- #define NID_chacha20            1019
309
+@@ -4807,6 +4807,10 @@
310
+ #define LN_chacha20_poly1305            "chacha20-poly1305"
311
+ #define NID_chacha20_poly1305           1018
312 312
  
313
-+#define SN_chacha20_poly1305_draft      "ChaCha20-Poly1305-D"
314
-+#define LN_chacha20_poly1305_draft      "chacha20-poly1305-draft"
315
-+#define NID_chacha20_poly1305_draft     1195
313
++#define SN_chacha20_poly1305_draft              "ChaCha20-Poly1305-D"
314
++#define LN_chacha20_poly1305_draft              "chacha20-poly1305-draft"
315
++#define NID_chacha20_poly1305_draft             1195
316 316
 +
317
- #define SN_dhpublicnumber               "dhpublicnumber"
318
- #define LN_dhpublicnumber               "X9.42 DH"
319
- #define NID_dhpublicnumber              920
317
+ #define SN_chacha20             "ChaCha20"
318
+ #define LN_chacha20             "chacha20"
319
+ #define NID_chacha20            1019
320 320
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
321
-index d6b1b4e6a6..6d166c94f0 100644
321
+index 4b7757395f..a625ce46e3 100644
322 322
 --- a/include/openssl/ssl.h
323 323
 +++ b/include/openssl/ssl.h
324 324
 @@ -125,6 +125,7 @@ extern "C" {
@@ -499,11 +499,11 @@ index 307131de93..0b1c345b93 100644
499 499
  # define SSL_ARIA                (SSL_ARIAGCM)
500 500
  
501 501
 diff --git a/util/libcrypto.num b/util/libcrypto.num
502
-index 32c64cb2c7..c577257d5d 100644
502
+index 32c64cb2c7..86cb7a994b 100644
503 503
 --- a/util/libcrypto.num
504 504
 +++ b/util/libcrypto.num
505 505
 @@ -4579,3 +4579,4 @@ EVP_PKEY_meth_set_digest_custom         4532	1_1_1	EXIST::FUNCTION:
506 506
  EVP_PKEY_meth_get_digest_custom         4533	1_1_1	EXIST::FUNCTION:
507 507
  OPENSSL_INIT_set_config_filename        4534	1_1_1b	EXIST::FUNCTION:STDIO
508 508
  OPENSSL_INIT_set_config_file_flags      4535	1_1_1b	EXIST::FUNCTION:STDIO
509
-+EVP_chacha20_poly1305_draft             4536	1_1_0	EXIST::FUNCTION:CHACHA,POLY1305_DRAFT
509
++EVP_chacha20_poly1305_draft             4536	1_1_0	EXIST::FUNCTION:CHACHA,POLY1305

+ 22
- 23
openssl-3.0.0-dev-chacha_draft.patch View File

@@ -11,7 +11,7 @@ index a97eaa1685..24112723f0 100644
11 11
  #endif
12 12
  }
13 13
 diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
14
-index 0d4612f314..5a3516d642 100644
14
+index e8a323f3be..9b1b36f832 100644
15 15
 --- a/crypto/evp/e_chacha20_poly1305.c
16 16
 +++ b/crypto/evp/e_chacha20_poly1305.c
17 17
 @@ -154,6 +154,7 @@ typedef struct {
@@ -220,7 +220,7 @@ index 0d4612f314..5a3516d642 100644
220 220
  # endif
221 221
  #endif
222 222
 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
223
-index 78a9e7acaf..15c712b291 100644
223
+index 78a9e7acaf..134d7b8c70 100644
224 224
 --- a/crypto/objects/obj_dat.h
225 225
 +++ b/crypto/objects/obj_dat.h
226 226
 @@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
@@ -236,7 +236,7 @@ index 78a9e7acaf..15c712b291 100644
236 236
      {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
237 237
      {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac},
238 238
      {"BLAKE2SMAC", "blake2smac", NID_blake2smac},
239
-+    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
239
++    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
240 240
  };
241 241
  
242 242
 -#define NUM_SN 1194
@@ -248,7 +248,7 @@ index 78a9e7acaf..15c712b291 100644
248 248
       417,    /* "CSPName" */
249 249
      1019,    /* "ChaCha20" */
250 250
      1018,    /* "ChaCha20-Poly1305" */
251
-+    1203,    /* "chacha20-poly1305-draft" */
251
++    1203,    /* "ChaCha20-Poly1305-D" */
252 252
       367,    /* "CrlID" */
253 253
       391,    /* "DC" */
254 254
        31,    /* "DES-CBC" */
@@ -265,7 +265,7 @@ index 78a9e7acaf..15c712b291 100644
265 265
       883,    /* "certificateRevocationList" */
266 266
      1019,    /* "chacha20" */
267 267
      1018,    /* "chacha20-poly1305" */
268
-+    1203,    /* "ChaCha20-Poly1305-D" */
268
++    1203,    /* "chacha20-poly1305-draft" */
269 269
        54,    /* "challengePassword" */
270 270
       407,    /* "characteristic-two-field" */
271 271
       395,    /* "clearance" */
@@ -303,22 +303,22 @@ index 23f07eaa05..c90c6435bd 100644
303 303
  # endif
304 304
  
305 305
 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
306
-index 97b2204ba6..a9b341243a 100644
306
+index 97b2204ba6..fc254cfa61 100644
307 307
 --- a/include/openssl/obj_mac.h
308 308
 +++ b/include/openssl/obj_mac.h
309
-@@ -4832,6 +4832,10 @@
310
- #define LN_chacha20             "chacha20"
311
- #define NID_chacha20            1019
309
+@@ -4828,6 +4828,10 @@
310
+ #define LN_chacha20_poly1305            "chacha20-poly1305"
311
+ #define NID_chacha20_poly1305           1018
312 312
  
313
-+#define SN_chacha20_poly1305_draft      "ChaCha20-Poly1305-D"
314
-+#define LN_chacha20_poly1305_draft      "chacha20-poly1305-draft"
315
-+#define NID_chacha20_poly1305_draft     1203
313
++#define SN_chacha20_poly1305_draft              "ChaCha20-Poly1305-D"
314
++#define LN_chacha20_poly1305_draft              "chacha20-poly1305-draft"
315
++#define NID_chacha20_poly1305_draft             1203
316 316
 +
317
- #define SN_dhpublicnumber               "dhpublicnumber"
318
- #define LN_dhpublicnumber               "X9.42 DH"
319
- #define NID_dhpublicnumber              920
317
+ #define SN_chacha20             "ChaCha20"
318
+ #define LN_chacha20             "chacha20"
319
+ #define NID_chacha20            1019
320 320
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
321
-index 35311acaf4..c2bce6822d 100644
321
+index 9d6e1c5024..5692cfab31 100644
322 322
 --- a/include/openssl/ssl.h
323 323
 +++ b/include/openssl/ssl.h
324 324
 @@ -125,6 +125,7 @@ extern "C" {
@@ -499,12 +499,11 @@ index bd0d4210f4..709badc0b4 100644
499 499
  # define SSL_ARIA                (SSL_ARIAGCM)
500 500
  
501 501
 diff --git a/util/libcrypto.num b/util/libcrypto.num
502
-index cc88ac4652..7391b6f4e1 100644
502
+index 560f47fb66..d0e6f40b68 100644
503 503
 --- a/util/libcrypto.num
504 504
 +++ b/util/libcrypto.num
505
-@@ -4631,3 +4631,5 @@ CMS_add1_signing_cert_v2                4586	3_0_0	EXIST::FUNCTION:CMS
506
- ESS_SIGNING_CERT_new_init               4587	3_0_0	EXIST::FUNCTION:
507
- ESS_SIGNING_CERT_V2_new_init            4588	3_0_0	EXIST::FUNCTION:
508
- ERR_load_ESS_strings                    4589	3_0_0	EXIST::FUNCTION:
509
-+EVP_chacha20_poly1305_draft             4590	3_0_0	EXIST::FUNCTION:CHACHA,POLY1305_DRAFT
510
-+
505
+@@ -4643,3 +4643,4 @@ EC_GROUP_get0_field                     4598	3_0_0	EXIST::FUNCTION:EC
506
+ CRYPTO_alloc_ex_data                    4599	3_0_0	EXIST::FUNCTION:
507
+ OPENSSL_CTX_new                         4600	3_0_0	EXIST::FUNCTION:
508
+ OPENSSL_CTX_free                        4601	3_0_0	EXIST::FUNCTION:
509
++EVP_chacha20_poly1305_draft             4602	3_0_0	EXIST::FUNCTION:CHACHA,POLY1305

+ 15
- 15
openssl-equal-3.0.0-dev.patch View File

@@ -25,7 +25,7 @@ index e29c5d7ced..b5bca974c9 100644
25 25
  
26 26
  The following lists give the SSL or TLS cipher suites names from the
27 27
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
28
-index c7a830445b..f538b6a41b 100644
28
+index 9d6e1c5024..cee7db9a25 100644
29 29
 --- a/include/openssl/ssl.h
30 30
 +++ b/include/openssl/ssl.h
31 31
 @@ -173,12 +173,12 @@ extern "C" {
@@ -787,7 +787,7 @@ index 7b06878cef..4e03448e95 100644
787 787
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
788 788
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
789 789
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
790
-index 6d6060a212..e8e2e1890f 100644
790
+index 322a4381b0..ac33c35560 100644
791 791
 --- a/ssl/ssl_lib.c
792 792
 +++ b/ssl/ssl_lib.c
793 793
 @@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@@ -895,7 +895,7 @@ index 6d6060a212..e8e2e1890f 100644
895 895
      return NULL;
896 896
  }
897 897
  
898
-@@ -3006,7 +3072,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
898
+@@ -3026,7 +3092,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
899 899
                                  ret->tls13_ciphersuites,
900 900
                                  &ret->cipher_list, &ret->cipher_list_by_id,
901 901
                                  SSL_DEFAULT_CIPHER_LIST, ret->cert)
@@ -904,7 +904,7 @@ index 6d6060a212..e8e2e1890f 100644
904 904
          SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
905 905
          goto err2;
906 906
      }
907
-@@ -3182,7 +3248,7 @@ void SSL_CTX_free(SSL_CTX *a)
907
+@@ -3202,7 +3268,7 @@ void SSL_CTX_free(SSL_CTX *a)
908 908
  #ifndef OPENSSL_NO_CT
909 909
      CTLOG_STORE_free(a->ctlog_store);
910 910
  #endif
@@ -913,7 +913,7 @@ index 6d6060a212..e8e2e1890f 100644
913 913
      sk_SSL_CIPHER_free(a->cipher_list_by_id);
914 914
      sk_SSL_CIPHER_free(a->tls13_ciphersuites);
915 915
      ssl_cert_free(a->cert);
916
-@@ -3860,13 +3926,15 @@ SSL *SSL_dup(SSL *s)
916
+@@ -3880,13 +3946,15 @@ SSL *SSL_dup(SSL *s)
917 917
  
918 918
      /* dup the cipher_list and cipher_list_by_id stacks */
919 919
      if (s->cipher_list != NULL) {
@@ -934,7 +934,7 @@ index 6d6060a212..e8e2e1890f 100644
934 934
      /* Dup the client_CA list */
935 935
      if (!dup_ca_names(&ret->ca_names, s->ca_names)
936 936
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
937
-index bd0d4210f4..2c96db0618 100644
937
+index bd0d4210f4..8973b7b3a1 100644
938 938
 --- a/ssl/ssl_locl.h
939 939
 +++ b/ssl/ssl_locl.h
940 940
 @@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st {
@@ -985,7 +985,7 @@ index bd0d4210f4..2c96db0618 100644
985 985
      /* same as above but sorted for lookup */
986 986
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
987 987
      /* TLSv1.3 specific ciphersuites */
988
-@@ -1146,7 +1185,7 @@ struct ssl_st {
988
+@@ -1146,7 +1183,7 @@ struct ssl_st {
989 989
      /* Per connection DANE state */
990 990
      SSL_DANE dane;
991 991
      /* crypto */
@@ -994,7 +994,7 @@ index bd0d4210f4..2c96db0618 100644
994 994
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
995 995
      /* TLSv1.3 specific ciphersuites */
996 996
      STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
997
-@@ -2277,7 +2316,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
997
+@@ -2277,7 +2314,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
998 998
                                   const SSL_CIPHER *const *bp);
999 999
  __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1000 1000
                                                      STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@@ -1003,7 +1003,7 @@ index bd0d4210f4..2c96db0618 100644
1003 1003
                                                      STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1004 1004
                                                      const char *rule_str,
1005 1005
                                                      CERT *c);
1006
-@@ -2287,6 +2326,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1006
+@@ -2287,6 +2324,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1007 1007
                                  STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
1008 1008
                                  int fatal);
1009 1009
  void ssl_update_cache(SSL *s, int mode);
@@ -1017,7 +1017,7 @@ index bd0d4210f4..2c96db0618 100644
1017 1017
  __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
1018 1018
                                const EVP_MD **md, int *mac_pkey_type,
1019 1019
                                size_t *mac_secret_size, SSL_COMP **comp,
1020
-@@ -2370,7 +2416,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1020
+@@ -2370,7 +2414,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1021 1021
                                              CERT_PKEY *cpk);
1022 1022
  __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
1023 1023
                                              STACK_OF(SSL_CIPHER) *clnt,
@@ -1027,10 +1027,10 @@ index bd0d4210f4..2c96db0618 100644
1027 1027
  __owur int ssl3_new(SSL *s);
1028 1028
  void ssl3_free(SSL *s);
1029 1029
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1030
-index b0dd54903d..1d096858f8 100644
1030
+index bf1819d356..ebb6224b5e 100644
1031 1031
 --- a/ssl/statem/statem_srvr.c
1032 1032
 +++ b/ssl/statem/statem_srvr.c
1033
-@@ -1744,7 +1744,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1033
+@@ -1750,7 +1750,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1034 1034
      /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
1035 1035
      if (SSL_IS_TLS13(s)) {
1036 1036
          const SSL_CIPHER *cipher =
@@ -1039,7 +1039,7 @@ index b0dd54903d..1d096858f8 100644
1039 1039
  
1040 1040
          if (cipher == NULL) {
1041 1041
              SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1042
-@@ -1925,7 +1925,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1042
+@@ -1931,7 +1931,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1043 1043
              /* check if some cipher was preferred by call back */
1044 1044
              if (pref_cipher == NULL)
1045 1045
                  pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@@ -1048,7 +1048,7 @@ index b0dd54903d..1d096858f8 100644
1048 1048
              if (pref_cipher == NULL) {
1049 1049
                  SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1050 1050
                           SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
1051
-@@ -1934,8 +1934,9 @@ static int tls_early_post_process_client_hello(SSL *s)
1051
+@@ -1940,8 +1940,9 @@ static int tls_early_post_process_client_hello(SSL *s)
1052 1052
              }
1053 1053
  
1054 1054
              s->session->cipher = pref_cipher;
@@ -1060,7 +1060,7 @@ index b0dd54903d..1d096858f8 100644
1060 1060
              sk_SSL_CIPHER_free(s->cipher_list_by_id);
1061 1061
              s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1062 1062
          }
1063
-@@ -2249,7 +2250,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
1063
+@@ -2255,7 +2256,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
1064 1064
              /* In TLSv1.3 we selected the ciphersuite before resumption */
1065 1065
              if (!SSL_IS_TLS13(s)) {
1066 1066
                  cipher =

+ 14
- 14
openssl-equal-3.0.0-dev_ciphers.patch View File

@@ -822,7 +822,7 @@ index 7b06878cef..4e03448e95 100644
822 822
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
823 823
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
824 824
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
825
-index 6d6060a212..e8e2e1890f 100644
825
+index 322a4381b0..ac33c35560 100644
826 826
 --- a/ssl/ssl_lib.c
827 827
 +++ b/ssl/ssl_lib.c
828 828
 @@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@@ -930,7 +930,7 @@ index 6d6060a212..e8e2e1890f 100644
930 930
      return NULL;
931 931
  }
932 932
  
933
-@@ -3006,7 +3072,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
933
+@@ -3026,7 +3092,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
934 934
                                  ret->tls13_ciphersuites,
935 935
                                  &ret->cipher_list, &ret->cipher_list_by_id,
936 936
                                  SSL_DEFAULT_CIPHER_LIST, ret->cert)
@@ -939,7 +939,7 @@ index 6d6060a212..e8e2e1890f 100644
939 939
          SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
940 940
          goto err2;
941 941
      }
942
-@@ -3182,7 +3248,7 @@ void SSL_CTX_free(SSL_CTX *a)
942
+@@ -3202,7 +3268,7 @@ void SSL_CTX_free(SSL_CTX *a)
943 943
  #ifndef OPENSSL_NO_CT
944 944
      CTLOG_STORE_free(a->ctlog_store);
945 945
  #endif
@@ -948,7 +948,7 @@ index 6d6060a212..e8e2e1890f 100644
948 948
      sk_SSL_CIPHER_free(a->cipher_list_by_id);
949 949
      sk_SSL_CIPHER_free(a->tls13_ciphersuites);
950 950
      ssl_cert_free(a->cert);
951
-@@ -3860,13 +3926,15 @@ SSL *SSL_dup(SSL *s)
951
+@@ -3880,13 +3946,15 @@ SSL *SSL_dup(SSL *s)
952 952
  
953 953
      /* dup the cipher_list and cipher_list_by_id stacks */
954 954
      if (s->cipher_list != NULL) {
@@ -969,7 +969,7 @@ index 6d6060a212..e8e2e1890f 100644
969 969
      /* Dup the client_CA list */
970 970
      if (!dup_ca_names(&ret->ca_names, s->ca_names)
971 971
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
972
-index bd0d4210f4..2c96db0618 100644
972
+index bd0d4210f4..8973b7b3a1 100644
973 973
 --- a/ssl/ssl_locl.h
974 974
 +++ b/ssl/ssl_locl.h
975 975
 @@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st {
@@ -1020,7 +1020,7 @@ index bd0d4210f4..2c96db0618 100644
1020 1020
      /* same as above but sorted for lookup */
1021 1021
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1022 1022
      /* TLSv1.3 specific ciphersuites */
1023
-@@ -1146,7 +1185,7 @@ struct ssl_st {
1023
+@@ -1146,7 +1183,7 @@ struct ssl_st {
1024 1024
      /* Per connection DANE state */
1025 1025
      SSL_DANE dane;
1026 1026
      /* crypto */
@@ -1029,7 +1029,7 @@ index bd0d4210f4..2c96db0618 100644
1029 1029
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1030 1030
      /* TLSv1.3 specific ciphersuites */
1031 1031
      STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
1032
-@@ -2277,7 +2316,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1032
+@@ -2277,7 +2314,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1033 1033
                                   const SSL_CIPHER *const *bp);
1034 1034
  __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1035 1035
                                                      STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@@ -1038,7 +1038,7 @@ index bd0d4210f4..2c96db0618 100644
1038 1038
                                                      STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1039 1039
                                                      const char *rule_str,
1040 1040
                                                      CERT *c);
1041
-@@ -2287,6 +2326,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1041
+@@ -2287,6 +2324,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1042 1042
                                  STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
1043 1043
                                  int fatal);
1044 1044
  void ssl_update_cache(SSL *s, int mode);
@@ -1052,7 +1052,7 @@ index bd0d4210f4..2c96db0618 100644
1052 1052
  __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
1053 1053
                                const EVP_MD **md, int *mac_pkey_type,
1054 1054
                                size_t *mac_secret_size, SSL_COMP **comp,
1055
-@@ -2370,7 +2416,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1055
+@@ -2370,7 +2414,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1056 1056
                                              CERT_PKEY *cpk);
1057 1057
  __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
1058 1058
                                              STACK_OF(SSL_CIPHER) *clnt,
@@ -1062,10 +1062,10 @@ index bd0d4210f4..2c96db0618 100644
1062 1062
  __owur int ssl3_new(SSL *s);
1063 1063
  void ssl3_free(SSL *s);
1064 1064
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1065
-index b0dd54903d..1d096858f8 100644
1065
+index bf1819d356..ebb6224b5e 100644
1066 1066
 --- a/ssl/statem/statem_srvr.c
1067 1067
 +++ b/ssl/statem/statem_srvr.c
1068
-@@ -1744,7 +1744,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1068
+@@ -1750,7 +1750,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1069 1069
      /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
1070 1070
      if (SSL_IS_TLS13(s)) {
1071 1071
          const SSL_CIPHER *cipher =
@@ -1074,7 +1074,7 @@ index b0dd54903d..1d096858f8 100644
1074 1074
  
1075 1075
          if (cipher == NULL) {
1076 1076
              SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1077
-@@ -1925,7 +1925,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1077
+@@ -1931,7 +1931,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1078 1078
              /* check if some cipher was preferred by call back */
1079 1079
              if (pref_cipher == NULL)
1080 1080
                  pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@@ -1083,7 +1083,7 @@ index b0dd54903d..1d096858f8 100644
1083 1083
              if (pref_cipher == NULL) {
1084 1084
                  SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1085 1085
                           SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
1086
-@@ -1934,8 +1934,9 @@ static int tls_early_post_process_client_hello(SSL *s)
1086
+@@ -1940,8 +1940,9 @@ static int tls_early_post_process_client_hello(SSL *s)
1087 1087
              }
1088 1088
  
1089 1089
              s->session->cipher = pref_cipher;
@@ -1095,7 +1095,7 @@ index b0dd54903d..1d096858f8 100644
1095 1095
              sk_SSL_CIPHER_free(s->cipher_list_by_id);
1096 1096
              s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1097 1097
          }
1098
-@@ -2249,7 +2250,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
1098
+@@ -2255,7 +2256,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
1099 1099
              /* In TLSv1.3 we selected the ciphersuite before resumption */
1100 1100
              if (!SSL_IS_TLS13(s)) {
1101 1101
                  cipher =

Loading…
Cancel
Save