Browse Source

Update Patch

master
Hakase 1 week ago
parent
commit
9f21151c15
Signed by: Hakase <hakase@hakase.app> GPG Key ID: BB2821A9E0DF48C9

+ 1
- 1
README.md View File

@@ -29,7 +29,7 @@ Default support is in bold type.
29 29
 - [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final**
30 30
 - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
31 31
 
32
-[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23431 commits)](https://github.com/openssl/openssl/tree/4089b4340701e3c13e07169e67a7d14519c98658)
32
+[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23495 commits)](https://github.com/openssl/openssl/tree/ebb7823e14596ad07fdc7d2ed0a267815f545927)
33 33
 
34 34
 ## Patch files
35 35
 

+ 509
- 0
openssl-1.1.1c-chacha_draft.patch View File

@@ -0,0 +1,509 @@
1
+diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
2
+index 086b3c4d51..5699901f7d 100644
3
+--- a/crypto/evp/c_allc.c
4
++++ b/crypto/evp/c_allc.c
5
+@@ -261,6 +261,7 @@ void openssl_add_all_ciphers_int(void)
6
+     EVP_add_cipher(EVP_chacha20());
7
+ # ifndef OPENSSL_NO_POLY1305
8
+     EVP_add_cipher(EVP_chacha20_poly1305());
9
++    EVP_add_cipher(EVP_chacha20_poly1305_draft());
10
+ # endif
11
+ #endif
12
+ }
13
+diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
14
+index d3e2c622a1..ef679522d1 100644
15
+--- a/crypto/evp/e_chacha20_poly1305.c
16
++++ b/crypto/evp/e_chacha20_poly1305.c
17
+@@ -156,6 +156,7 @@ typedef struct {
18
+     struct { uint64_t aad, text; } len;
19
+     int aad, mac_inited, tag_len, nonce_len;
20
+     size_t tls_payload_length;
21
++    unsigned char draft:1;
22
+ } EVP_CHACHA_AEAD_CTX;
23
+ 
24
+ #  define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
25
+@@ -176,6 +177,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
26
+     actx->aad = 0;
27
+     actx->mac_inited = 0;
28
+     actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
29
++    actx->draft = 0;
30
+ 
31
+     if (iv != NULL) {
32
+         unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
33
+@@ -197,6 +199,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
34
+     return 1;
35
+ }
36
+ 
37
++static int chacha20_poly1305_draft_init_key(EVP_CIPHER_CTX *ctx,
38
++   const unsigned char *inkey,
39
++   const unsigned char *iv, int enc)
40
++{
41
++    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
42
++
43
++    if (!inkey)
44
++        return 1;
45
++
46
++    actx->len.aad = 0;
47
++    actx->len.text = 0;
48
++    actx->aad = 0;
49
++    actx->mac_inited = 0;
50
++    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
51
++    actx->draft = 1;
52
++
53
++    chacha_init_key(ctx, inkey, NULL, enc);
54
++
55
++    return 1;
56
++}
57
++
58
+ #  if !defined(OPENSSL_SMALL_FOOTPRINT)
59
+ 
60
+ #   if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
61
+@@ -367,10 +390,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
62
+ {
63
+     EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
64
+     size_t rem, plen = actx->tls_payload_length;
65
++    uint64_t thirteen = EVP_AEAD_TLS1_AAD_LEN;
66
+ 
67
+     if (!actx->mac_inited) {
68
+ #  if !defined(OPENSSL_SMALL_FOOTPRINT)
69
+-        if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
70
++        if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL && !actx->draft)
71
+             return chacha20_poly1305_tls_cipher(ctx, out, in, len);
72
+ #  endif
73
+         actx->key.counter[0] = 0;
74
+@@ -397,9 +421,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
75
+             return len;
76
+         } else {                                /* plain- or ciphertext */
77
+             if (actx->aad) {                    /* wrap up aad */
78
+-                if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
79
+-                    Poly1305_Update(POLY1305_ctx(actx), zero,
80
+-                                    POLY1305_BLOCK_SIZE - rem);
81
++                if (actx->draft) {
82
++                    thirteen = actx->len.aad;
83
++                    Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
84
++                } else {
85
++                    if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
86
++                        Poly1305_Update(POLY1305_ctx(actx), zero,
87
++                                        POLY1305_BLOCK_SIZE - rem);
88
++                }
89
+                 actx->aad = 0;
90
+             }
91
+ 
92
+@@ -432,40 +461,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
93
+         } is_endian = { 1 };
94
+         unsigned char temp[POLY1305_BLOCK_SIZE];
95
+ 
96
++        if (actx->draft) {
97
++            thirteen = actx->len.text;
98
++            Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
99
++        }
100
++
101
+         if (actx->aad) {                        /* wrap up aad */
102
+-            if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
103
+-                Poly1305_Update(POLY1305_ctx(actx), zero,
104
+-                                POLY1305_BLOCK_SIZE - rem);
105
++            if (actx->draft) {
106
++               thirteen = actx->len.aad;
107
++               Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
108
++            } else {
109
++                if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
110
++                    Poly1305_Update(POLY1305_ctx(actx), zero,
111
++                                    POLY1305_BLOCK_SIZE - rem);
112
++            }
113
+             actx->aad = 0;
114
+         }
115
+ 
116
+-        if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
117
+-            Poly1305_Update(POLY1305_ctx(actx), zero,
118
+-                            POLY1305_BLOCK_SIZE - rem);
119
++        if (!actx->draft) {
120
++            if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
121
++                Poly1305_Update(POLY1305_ctx(actx), zero,
122
++                                POLY1305_BLOCK_SIZE - rem);
123
+ 
124
+-        if (is_endian.little) {
125
+-            Poly1305_Update(POLY1305_ctx(actx),
126
+-                            (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
127
+-        } else {
128
+-            temp[0]  = (unsigned char)(actx->len.aad);
129
+-            temp[1]  = (unsigned char)(actx->len.aad>>8);
130
+-            temp[2]  = (unsigned char)(actx->len.aad>>16);
131
+-            temp[3]  = (unsigned char)(actx->len.aad>>24);
132
+-            temp[4]  = (unsigned char)(actx->len.aad>>32);
133
+-            temp[5]  = (unsigned char)(actx->len.aad>>40);
134
+-            temp[6]  = (unsigned char)(actx->len.aad>>48);
135
+-            temp[7]  = (unsigned char)(actx->len.aad>>56);
136
+-
137
+-            temp[8]  = (unsigned char)(actx->len.text);
138
+-            temp[9]  = (unsigned char)(actx->len.text>>8);
139
+-            temp[10] = (unsigned char)(actx->len.text>>16);
140
+-            temp[11] = (unsigned char)(actx->len.text>>24);
141
+-            temp[12] = (unsigned char)(actx->len.text>>32);
142
+-            temp[13] = (unsigned char)(actx->len.text>>40);
143
+-            temp[14] = (unsigned char)(actx->len.text>>48);
144
+-            temp[15] = (unsigned char)(actx->len.text>>56);
145
+-
146
+-            Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
147
++            if (is_endian.little) {
148
++                Poly1305_Update(POLY1305_ctx(actx),
149
++                                (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
150
++            } else {
151
++                temp[0]  = (unsigned char)(actx->len.aad);
152
++                temp[1]  = (unsigned char)(actx->len.aad>>8);
153
++                temp[2]  = (unsigned char)(actx->len.aad>>16);
154
++                temp[3]  = (unsigned char)(actx->len.aad>>24);
155
++                temp[4]  = (unsigned char)(actx->len.aad>>32);
156
++                temp[5]  = (unsigned char)(actx->len.aad>>40);
157
++                temp[6]  = (unsigned char)(actx->len.aad>>48);
158
++                temp[7]  = (unsigned char)(actx->len.aad>>56);
159
++
160
++                temp[8]  = (unsigned char)(actx->len.text);
161
++                temp[9]  = (unsigned char)(actx->len.text>>8);
162
++                temp[10] = (unsigned char)(actx->len.text>>16);
163
++                temp[11] = (unsigned char)(actx->len.text>>24);
164
++                temp[12] = (unsigned char)(actx->len.text>>32);
165
++                temp[13] = (unsigned char)(actx->len.text>>40);
166
++                temp[14] = (unsigned char)(actx->len.text>>48);
167
++                temp[15] = (unsigned char)(actx->len.text>>56);
168
++
169
++                Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
170
++            }
171
+         }
172
+         Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
173
+                                                         : temp);
174
+@@ -535,12 +576,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
175
+         return 1;
176
+ 
177
+     case EVP_CTRL_AEAD_SET_IVLEN:
178
++        if (actx->draft) return -1;
179
+         if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
180
+             return 0;
181
+         actx->nonce_len = arg;
182
+         return 1;
183
+ 
184
+     case EVP_CTRL_AEAD_SET_IV_FIXED:
185
++        if (actx->draft) return -1;
186
+         if (arg != 12)
187
+             return 0;
188
+         actx->nonce[0] = actx->key.counter[1]
189
+@@ -624,9 +667,32 @@ static EVP_CIPHER chacha20_poly1305 = {
190
+     NULL        /* app_data */
191
+ };
192
+ 
193
++static EVP_CIPHER chacha20_poly1305_draft = {
194
++    NID_chacha20_poly1305_draft,
195
++    1,                  /* block_size */
196
++    CHACHA_KEY_SIZE,    /* key_len */
197
++    0,                 /* iv_len, none */
198
++    EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
199
++    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
200
++    EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
201
++    chacha20_poly1305_draft_init_key,
202
++    chacha20_poly1305_cipher,
203
++    chacha20_poly1305_cleanup,
204
++    0,          /* 0 moves context-specific structure allocation to ctrl */
205
++    NULL,       /* set_asn1_parameters */
206
++    NULL,       /* get_asn1_parameters */
207
++    chacha20_poly1305_ctrl,
208
++    NULL        /* app_data */
209
++};
210
++
211
+ const EVP_CIPHER *EVP_chacha20_poly1305(void)
212
+ {
213
+     return(&chacha20_poly1305);
214
+ }
215
++
216
++const EVP_CIPHER *EVP_chacha20_poly1305_draft(void)
217
++{
218
++    return(&chacha20_poly1305_draft);
219
++}
220
+ # endif
221
+ #endif
222
+diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
223
+index 9ab1a14b9e..ba3e602186 100644
224
+--- a/crypto/objects/obj_dat.h
225
++++ b/crypto/objects/obj_dat.h
226
+@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
227
+     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
228
+ };
229
+ 
230
+-#define NUM_NID 1195
231
++#define NUM_NID 1196
232
+ static const ASN1_OBJECT nid_objs[NUM_NID] = {
233
+     {"UNDEF", "undefined", NID_undef},
234
+     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
235
+@@ -2275,9 +2275,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
236
+     {"magma-mac", "magma-mac", NID_magma_mac},
237
+     {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
238
+     {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
239
++    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
240
+ };
241
+ 
242
+-#define NUM_SN 1186
243
++#define NUM_SN 1187
244
+ static const unsigned int sn_objs[NUM_SN] = {
245
+      364,    /* "AD_DVCS" */
246
+      419,    /* "AES-128-CBC" */
247
+@@ -2395,6 +2396,7 @@ static const unsigned int sn_objs[NUM_SN] = {
248
+      417,    /* "CSPName" */
249
+     1019,    /* "ChaCha20" */
250
+     1018,    /* "ChaCha20-Poly1305" */
251
++    1195,    /* "ChaCha20-Poly1305-D" */
252
+      367,    /* "CrlID" */
253
+      391,    /* "DC" */
254
+       31,    /* "DES-CBC" */
255
+@@ -3467,7 +3469,7 @@ static const unsigned int sn_objs[NUM_SN] = {
256
+     1093,    /* "x509ExtAdmission" */
257
+ };
258
+ 
259
+-#define NUM_LN 1186
260
++#define NUM_LN 1187
261
+ static const unsigned int ln_objs[NUM_LN] = {
262
+      363,    /* "AD Time Stamping" */
263
+      405,    /* "ANSI X9.62" */
264
+@@ -3846,6 +3848,7 @@ static const unsigned int ln_objs[NUM_LN] = {
265
+      883,    /* "certificateRevocationList" */
266
+     1019,    /* "chacha20" */
267
+     1018,    /* "chacha20-poly1305" */
268
++    1195,    /* "chacha20-poly1305-draft" */
269
+       54,    /* "challengePassword" */
270
+      407,    /* "characteristic-two-field" */
271
+      395,    /* "clearance" */
272
+diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
273
+index 1b6a9c61a1..c81ca25a53 100644
274
+--- a/crypto/objects/obj_mac.num
275
++++ b/crypto/objects/obj_mac.num
276
+@@ -1192,3 +1192,4 @@ magma_cfb		1191
277
+ magma_mac		1192
278
+ hmacWithSHA512_224		1193
279
+ hmacWithSHA512_256		1194
280
++chacha20_poly1305_draft		1195
281
+diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
282
+index 6dbc41ce37..581169eda8 100644
283
+--- a/crypto/objects/objects.txt
284
++++ b/crypto/objects/objects.txt
285
+@@ -1534,6 +1534,7 @@ sm-scheme 104 7         : SM4-CTR             : sm4-ctr
286
+ 			: AES-192-CBC-HMAC-SHA256	: aes-192-cbc-hmac-sha256
287
+ 			: AES-256-CBC-HMAC-SHA256	: aes-256-cbc-hmac-sha256
288
+ 			: ChaCha20-Poly1305		: chacha20-poly1305
289
++			: ChaCha20-Poly1305-D		: chacha20-poly1305-draft
290
+ 			: ChaCha20			: chacha20
291
+ 
292
+ ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
293
+diff --git a/include/openssl/evp.h b/include/openssl/evp.h
294
+index 9f05b5a3b7..020895c022 100644
295
+--- a/include/openssl/evp.h
296
++++ b/include/openssl/evp.h
297
+@@ -915,6 +915,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
298
+ const EVP_CIPHER *EVP_chacha20(void);
299
+ #  ifndef OPENSSL_NO_POLY1305
300
+ const EVP_CIPHER *EVP_chacha20_poly1305(void);
301
++const EVP_CIPHER *EVP_chacha20_poly1305_draft(void);
302
+ #  endif
303
+ # endif
304
+ 
305
+diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
306
+index 31fad4640f..f3669a46c9 100644
307
+--- a/include/openssl/obj_mac.h
308
++++ b/include/openssl/obj_mac.h
309
+@@ -4807,6 +4807,10 @@
310
+ #define LN_chacha20_poly1305            "chacha20-poly1305"
311
+ #define NID_chacha20_poly1305           1018
312
+ 
313
++#define SN_chacha20_poly1305_draft              "ChaCha20-Poly1305-D"
314
++#define LN_chacha20_poly1305_draft              "chacha20-poly1305-draft"
315
++#define NID_chacha20_poly1305_draft             1195
316
++
317
+ #define SN_chacha20             "ChaCha20"
318
+ #define LN_chacha20             "chacha20"
319
+ #define NID_chacha20            1019
320
+diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
321
+index 48e1152a27..524614cca2 100644
322
+--- a/include/openssl/ssl.h
323
++++ b/include/openssl/ssl.h
324
+@@ -125,6 +125,7 @@ extern "C" {
325
+ # define SSL_TXT_CAMELLIA256     "CAMELLIA256"
326
+ # define SSL_TXT_CAMELLIA        "CAMELLIA"
327
+ # define SSL_TXT_CHACHA20        "CHACHA20"
328
++# define SSL_TXT_CHACHA20_D      "CHACHA20-D"
329
+ # define SSL_TXT_GOST            "GOST89"
330
+ # define SSL_TXT_ARIA            "ARIA"
331
+ # define SSL_TXT_ARIA_GCM        "ARIAGCM"
332
+diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
333
+index e13b5dd4bc..53d43c121e 100644
334
+--- a/include/openssl/tls1.h
335
++++ b/include/openssl/tls1.h
336
+@@ -597,7 +597,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
337
+ # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0x0300C09A
338
+ # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0x0300C09B
339
+ 
340
+-/* draft-ietf-tls-chacha20-poly1305-03 */
341
++/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */
342
++# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D       0x0300CC13
343
++# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D     0x0300CC14
344
++# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D         0x0300CC15
345
++
346
++/* Chacha20-Poly1305 ciphersuites from RFC7905 */
347
+ # define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305         0x0300CCA8
348
+ # define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       0x0300CCA9
349
+ # define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305           0x0300CCAA
350
+@@ -762,6 +767,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
351
+ # define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305         "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
352
+ # define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305       "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
353
+ # define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305     "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
354
++# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D       "OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
355
++# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D     "OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
356
++# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D   "OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
357
+ # define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305             "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
358
+ # define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305       "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
359
+ # define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305         "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
360
+@@ -1090,7 +1098,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
361
+ # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    "ECDH-RSA-CAMELLIA128-SHA256"
362
+ # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    "ECDH-RSA-CAMELLIA256-SHA384"
363
+ 
364
+-/* draft-ietf-tls-chacha20-poly1305-03 */
365
++/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */
366
++# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D       "ECDHE-RSA-CHACHA20-POLY1305-OLD"
367
++# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D     "ECDHE-ECDSA-CHACHA20-POLY1305-OLD"
368
++# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D         "DHE-RSA-CHACHA20-POLY1305-OLD"
369
++
370
++/* Chacha20-Poly1305 ciphersuites from RFC7905 */
371
+ # define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305         "ECDHE-RSA-CHACHA20-POLY1305"
372
+ # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       "ECDHE-ECDSA-CHACHA20-POLY1305"
373
+ # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305           "DHE-RSA-CHACHA20-POLY1305"
374
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
375
+index 99ae48199c..7e36a0d7ea 100644
376
+--- a/ssl/s3_lib.c
377
++++ b/ssl/s3_lib.c
378
+@@ -2082,6 +2082,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
379
+      256,
380
+      256,
381
+      },
382
++    {
383
++      1,
384
++      TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D,
385
++      TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D,
386
++      TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D,
387
++      SSL_kDHE,
388
++      SSL_aRSA,
389
++      SSL_CHACHA20POLY1305_D,
390
++      SSL_AEAD,
391
++      TLS1_2_VERSION, TLS1_2_VERSION,
392
++      DTLS1_2_VERSION, DTLS1_2_VERSION,
393
++      SSL_HIGH,
394
++      SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
395
++      256,
396
++      256,
397
++     },
398
++    {
399
++     1,
400
++     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
401
++     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
402
++     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
403
++     SSL_kECDHE,
404
++     SSL_aRSA,
405
++     SSL_CHACHA20POLY1305_D,
406
++     SSL_AEAD,
407
++     TLS1_2_VERSION, TLS1_2_VERSION,
408
++     DTLS1_2_VERSION, DTLS1_2_VERSION,
409
++     SSL_HIGH,
410
++     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
411
++     256,
412
++     256,
413
++     },
414
++    {
415
++     1,
416
++     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
417
++     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
418
++     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
419
++     SSL_kECDHE,
420
++     SSL_aECDSA,
421
++     SSL_CHACHA20POLY1305_D,
422
++     SSL_AEAD,
423
++     TLS1_2_VERSION, TLS1_2_VERSION,
424
++     DTLS1_2_VERSION, DTLS1_2_VERSION,
425
++     SSL_HIGH,
426
++     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
427
++     256,
428
++     256,
429
++     },
430
+     {
431
+      1,
432
+      TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
433
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
434
+index b60d67aa0d..ce750c4425 100644
435
+--- a/ssl/ssl_ciph.c
436
++++ b/ssl/ssl_ciph.c
437
+@@ -43,7 +43,8 @@
438
+ #define SSL_ENC_CHACHA_IDX      19
439
+ #define SSL_ENC_ARIA128GCM_IDX  20
440
+ #define SSL_ENC_ARIA256GCM_IDX  21
441
+-#define SSL_ENC_NUM_IDX         22
442
++#define SSL_ENC_CHACHA20_D_IDX  22
443
++#define SSL_ENC_NUM_IDX         23
444
+ 
445
+ /* NB: make sure indices in these tables match values above */
446
+ 
447
+@@ -76,6 +77,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
448
+     {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
449
+     {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
450
+     {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
451
++    {SSL_CHACHA20POLY1305_D, NID_chacha20_poly1305_draft}, /* SSL_ENC_CHACHA20POLY1305_IDX 22 */
452
+ };
453
+ 
454
+ static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
455
+@@ -275,6 +277,7 @@ static const SSL_CIPHER cipher_aliases[] = {
456
+     {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
457
+     {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
458
+     {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
459
++    {0, SSL_TXT_CHACHA20_D, NULL, 0, 0, 0, SSL_CHACHA20POLY1305_D},
460
+ 
461
+     {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
462
+     {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
463
+@@ -1791,6 +1794,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
464
+     case SSL_CHACHA20POLY1305:
465
+         enc = "CHACHA20/POLY1305(256)";
466
+         break;
467
++    case SSL_CHACHA20POLY1305_D:
468
++        enc = "CHACHA20/POLY1305-Draft(256)";
469
++        break;
470
+     default:
471
+         enc = "unknown";
472
+         break;
473
+@@ -2115,7 +2121,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
474
+         out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
475
+     } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
476
+         out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
477
+-    } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) {
478
++    } else if (c->algorithm_enc & (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)) {
479
+         out = 16;
480
+     } else if (c->algorithm_mac & SSL_AEAD) {
481
+         /* We're supposed to have handled all the AEAD modes above */
482
+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
483
+index 33db1460ab..00c5ee4cff 100644
484
+--- a/ssl/ssl_locl.h
485
++++ b/ssl/ssl_locl.h
486
+@@ -230,12 +230,13 @@
487
+ # define SSL_CHACHA20POLY1305    0x00080000U
488
+ # define SSL_ARIA128GCM          0x00100000U
489
+ # define SSL_ARIA256GCM          0x00200000U
490
++# define SSL_CHACHA20POLY1305_D  0x00400000U
491
+ 
492
+ # define SSL_AESGCM              (SSL_AES128GCM | SSL_AES256GCM)
493
+ # define SSL_AESCCM              (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
494
+ # define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
495
+ # define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
496
+-# define SSL_CHACHA20            (SSL_CHACHA20POLY1305)
497
++# define SSL_CHACHA20            (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)
498
+ # define SSL_ARIAGCM             (SSL_ARIA128GCM | SSL_ARIA256GCM)
499
+ # define SSL_ARIA                (SSL_ARIAGCM)
500
+ 
501
+diff --git a/util/libcrypto.num b/util/libcrypto.num
502
+index 32c64cb2c7..86cb7a994b 100644
503
+--- a/util/libcrypto.num
504
++++ b/util/libcrypto.num
505
+@@ -4579,3 +4579,4 @@ EVP_PKEY_meth_set_digest_custom         4532	1_1_1	EXIST::FUNCTION:
506
+ EVP_PKEY_meth_get_digest_custom         4533	1_1_1	EXIST::FUNCTION:
507
+ OPENSSL_INIT_set_config_filename        4534	1_1_1b	EXIST::FUNCTION:STDIO
508
+ OPENSSL_INIT_set_config_file_flags      4535	1_1_1b	EXIST::FUNCTION:STDIO
509
++EVP_chacha20_poly1305_draft             4536	1_1_0	EXIST::FUNCTION:CHACHA,POLY1305

+ 48
- 58
openssl-3.0.0-dev-chacha_draft.patch View File

@@ -11,10 +11,10 @@ index a97eaa1685..24112723f0 100644
11 11
  #endif
12 12
  }
13 13
 diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
14
-index e8a323f3be..9b1b36f832 100644
14
+index 37902000a0..56832b63a0 100644
15 15
 --- a/crypto/evp/e_chacha20_poly1305.c
16 16
 +++ b/crypto/evp/e_chacha20_poly1305.c
17
-@@ -154,6 +154,7 @@ typedef struct {
17
+@@ -156,6 +156,7 @@ typedef struct {
18 18
      struct { uint64_t aad, text; } len;
19 19
      int aad, mac_inited, tag_len, nonce_len;
20 20
      size_t tls_payload_length;
@@ -22,7 +22,7 @@ index e8a323f3be..9b1b36f832 100644
22 22
  } EVP_CHACHA_AEAD_CTX;
23 23
  
24 24
  #  define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
25
-@@ -174,6 +175,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
25
+@@ -176,6 +177,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
26 26
      actx->aad = 0;
27 27
      actx->mac_inited = 0;
28 28
      actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
@@ -30,7 +30,7 @@ index e8a323f3be..9b1b36f832 100644
30 30
  
31 31
      if (iv != NULL) {
32 32
          unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
33
-@@ -195,6 +197,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
33
+@@ -197,6 +199,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
34 34
      return 1;
35 35
  }
36 36
  
@@ -58,7 +58,7 @@ index e8a323f3be..9b1b36f832 100644
58 58
  #  if !defined(OPENSSL_SMALL_FOOTPRINT)
59 59
  
60 60
  #   if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
61
-@@ -365,10 +388,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
61
+@@ -367,10 +390,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
62 62
  {
63 63
      EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
64 64
      size_t rem, plen = actx->tls_payload_length;
@@ -71,7 +71,7 @@ index e8a323f3be..9b1b36f832 100644
71 71
              return chacha20_poly1305_tls_cipher(ctx, out, in, len);
72 72
  #  endif
73 73
          actx->key.counter[0] = 0;
74
-@@ -395,9 +419,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
74
+@@ -397,9 +421,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
75 75
              return len;
76 76
          } else {                                /* plain- or ciphertext */
77 77
              if (actx->aad) {                    /* wrap up aad */
@@ -89,7 +89,7 @@ index e8a323f3be..9b1b36f832 100644
89 89
                  actx->aad = 0;
90 90
              }
91 91
  
92
-@@ -430,40 +459,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
92
+@@ -432,40 +461,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
93 93
          } is_endian = { 1 };
94 94
          unsigned char temp[POLY1305_BLOCK_SIZE];
95 95
  
@@ -171,12 +171,12 @@ index e8a323f3be..9b1b36f832 100644
171 171
          }
172 172
          Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
173 173
                                                          : temp);
174
-@@ -533,12 +574,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
174
+@@ -535,12 +576,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
175 175
          return 1;
176 176
  
177 177
      case EVP_CTRL_AEAD_SET_IVLEN:
178 178
 +        if (actx->draft) return -1;
179
-         if (arg <= 0 || arg > CHACHA_CTR_SIZE)
179
+         if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
180 180
              return 0;
181 181
          actx->nonce_len = arg;
182 182
          return 1;
@@ -186,7 +186,7 @@ index e8a323f3be..9b1b36f832 100644
186 186
          if (arg != 12)
187 187
              return 0;
188 188
          actx->nonce[0] = actx->key.counter[1]
189
-@@ -622,9 +665,32 @@ static EVP_CIPHER chacha20_poly1305 = {
189
+@@ -624,9 +667,32 @@ static EVP_CIPHER chacha20_poly1305 = {
190 190
      NULL        /* app_data */
191 191
  };
192 192
  
@@ -220,66 +220,66 @@ index e8a323f3be..9b1b36f832 100644
220 220
  # endif
221 221
  #endif
222 222
 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
223
-index 78a9e7acaf..134d7b8c70 100644
223
+index e7c59d610d..7ba1ecdacf 100644
224 224
 --- a/crypto/objects/obj_dat.h
225 225
 +++ b/crypto/objects/obj_dat.h
226 226
 @@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
227 227
      0x28,0xCC,0x45,0x03,0x04,                      /* [ 7761] OBJ_gmac */
228 228
  };
229 229
  
230
--#define NUM_NID 1203
231
-+#define NUM_NID 1204
230
+-#define NUM_NID 1204
231
++#define NUM_NID 1205
232 232
  static const ASN1_OBJECT nid_objs[NUM_NID] = {
233 233
      {"UNDEF", "undefined", NID_undef},
234 234
      {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
235
-@@ -2284,9 +2284,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
236
-     {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
235
+@@ -2285,9 +2285,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
237 236
      {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac},
238 237
      {"BLAKE2SMAC", "blake2smac", NID_blake2smac},
238
+     {"SSHKDF", "sshkdf", NID_sshkdf},
239 239
 +    {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
240 240
  };
241 241
  
242
--#define NUM_SN 1194
243
-+#define NUM_SN 1195
242
+-#define NUM_SN 1195
243
++#define NUM_SN 1196
244 244
  static const unsigned int sn_objs[NUM_SN] = {
245 245
       364,    /* "AD_DVCS" */
246 246
       419,    /* "AES-128-CBC" */
247
-@@ -2409,6 +2410,7 @@ static const unsigned int sn_objs[NUM_SN] = {
247
+@@ -2410,6 +2411,7 @@ static const unsigned int sn_objs[NUM_SN] = {
248 248
       417,    /* "CSPName" */
249 249
      1019,    /* "ChaCha20" */
250 250
      1018,    /* "ChaCha20-Poly1305" */
251
-+    1203,    /* "ChaCha20-Poly1305-D" */
251
++    1204,    /* "ChaCha20-Poly1305-D" */
252 252
       367,    /* "CrlID" */
253 253
       391,    /* "DC" */
254 254
        31,    /* "DES-CBC" */
255
-@@ -3484,7 +3486,7 @@ static const unsigned int sn_objs[NUM_SN] = {
255
+@@ -3486,7 +3488,7 @@ static const unsigned int sn_objs[NUM_SN] = {
256 256
      1093,    /* "x509ExtAdmission" */
257 257
  };
258 258
  
259
--#define NUM_LN 1194
260
-+#define NUM_LN 1195
259
+-#define NUM_LN 1195
260
++#define NUM_LN 1196
261 261
  static const unsigned int ln_objs[NUM_LN] = {
262 262
       363,    /* "AD Time Stamping" */
263 263
       405,    /* "ANSI X9.62" */
264
-@@ -3868,6 +3870,7 @@ static const unsigned int ln_objs[NUM_LN] = {
264
+@@ -3870,6 +3872,7 @@ static const unsigned int ln_objs[NUM_LN] = {
265 265
       883,    /* "certificateRevocationList" */
266 266
      1019,    /* "chacha20" */
267 267
      1018,    /* "chacha20-poly1305" */
268
-+    1203,    /* "chacha20-poly1305-draft" */
268
++    1204,    /* "chacha20-poly1305-draft" */
269 269
        54,    /* "challengePassword" */
270 270
       407,    /* "characteristic-two-field" */
271 271
       395,    /* "clearance" */
272 272
 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
273
-index 87790200d4..94d033c158 100644
273
+index 623e7e8623..0818547548 100644
274 274
 --- a/crypto/objects/obj_mac.num
275 275
 +++ b/crypto/objects/obj_mac.num
276
-@@ -1200,3 +1200,4 @@ aes_192_siv		1199
277
- aes_256_siv		1200
276
+@@ -1201,3 +1201,4 @@ aes_256_siv		1200
278 277
  blake2bmac		1201
279 278
  blake2smac		1202
280
-+chacha20_poly1305_draft		1203
279
+ sshkdf		1203
280
++chacha20_poly1305_draft		1204
281 281
 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
282
-index 344b67b395..21653d9b87 100644
282
+index cb0b99c47f..d480bd3800 100644
283 283
 --- a/crypto/objects/objects.txt
284 284
 +++ b/crypto/objects/objects.txt
285 285
 @@ -1543,6 +1543,7 @@ sm-scheme 104 7         : SM4-CTR             : sm4-ctr
@@ -291,10 +291,10 @@ index 344b67b395..21653d9b87 100644
291 291
  
292 292
  ISO-US 10046 2 1	: dhpublicnumber		: X9.42 DH
293 293
 diff --git a/include/openssl/evp.h b/include/openssl/evp.h
294
-index 23f07eaa05..c90c6435bd 100644
294
+index 72060e7e96..125bc1c425 100644
295 295
 --- a/include/openssl/evp.h
296 296
 +++ b/include/openssl/evp.h
297
-@@ -928,6 +928,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
297
+@@ -924,6 +924,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
298 298
  const EVP_CIPHER *EVP_chacha20(void);
299 299
  #  ifndef OPENSSL_NO_POLY1305
300 300
  const EVP_CIPHER *EVP_chacha20_poly1305(void);
@@ -303,7 +303,7 @@ index 23f07eaa05..c90c6435bd 100644
303 303
  # endif
304 304
  
305 305
 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
306
-index 97b2204ba6..fc254cfa61 100644
306
+index 80353ad4d7..e525a04b2c 100644
307 307
 --- a/include/openssl/obj_mac.h
308 308
 +++ b/include/openssl/obj_mac.h
309 309
 @@ -4828,6 +4828,10 @@
@@ -312,13 +312,13 @@ index 97b2204ba6..fc254cfa61 100644
312 312
  
313 313
 +#define SN_chacha20_poly1305_draft              "ChaCha20-Poly1305-D"
314 314
 +#define LN_chacha20_poly1305_draft              "chacha20-poly1305-draft"
315
-+#define NID_chacha20_poly1305_draft             1203
315
++#define NID_chacha20_poly1305_draft             1204
316 316
 +
317 317
  #define SN_chacha20             "ChaCha20"
318 318
  #define LN_chacha20             "chacha20"
319 319
  #define NID_chacha20            1019
320 320
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
321
-index 9d6e1c5024..5692cfab31 100644
321
+index 1091b1c8b9..fcfc428cd1 100644
322 322
 --- a/include/openssl/ssl.h
323 323
 +++ b/include/openssl/ssl.h
324 324
 @@ -125,6 +125,7 @@ extern "C" {
@@ -372,10 +372,10 @@ index 166f15ad5c..4fa1d8a32d 100644
372 372
  # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       "ECDHE-ECDSA-CHACHA20-POLY1305"
373 373
  # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305           "DHE-RSA-CHACHA20-POLY1305"
374 374
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
375
-index a5b3dbbfd5..a5a7993065 100644
375
+index a3639fd18c..c13137e1af 100644
376 376
 --- a/ssl/s3_lib.c
377 377
 +++ b/ssl/s3_lib.c
378
-@@ -2082,6 +2082,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
378
+@@ -2083,6 +2083,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
379 379
       256,
380 380
       256,
381 381
       },
@@ -431,10 +431,10 @@ index a5b3dbbfd5..a5a7993065 100644
431 431
       1,
432 432
       TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
433 433
 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
434
-index 461a9debab..84f90c1621 100644
434
+index 5aa04dbd53..71094c195e 100644
435 435
 --- a/ssl/ssl_ciph.c
436 436
 +++ b/ssl/ssl_ciph.c
437
-@@ -43,7 +43,8 @@
437
+@@ -44,7 +44,8 @@
438 438
  #define SSL_ENC_CHACHA_IDX      19
439 439
  #define SSL_ENC_ARIA128GCM_IDX  20
440 440
  #define SSL_ENC_ARIA256GCM_IDX  21
@@ -444,7 +444,7 @@ index 461a9debab..84f90c1621 100644
444 444
  
445 445
  /* NB: make sure indices in these tables match values above */
446 446
  
447
-@@ -76,6 +77,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
447
+@@ -77,6 +78,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
448 448
      {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
449 449
      {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
450 450
      {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
@@ -452,7 +452,7 @@ index 461a9debab..84f90c1621 100644
452 452
  };
453 453
  
454 454
  static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
455
-@@ -275,6 +277,7 @@ static const SSL_CIPHER cipher_aliases[] = {
455
+@@ -276,6 +278,7 @@ static const SSL_CIPHER cipher_aliases[] = {
456 456
      {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
457 457
      {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
458 458
      {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
@@ -460,17 +460,7 @@ index 461a9debab..84f90c1621 100644
460 460
  
461 461
      {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
462 462
      {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
463
-@@ -1791,6 +1794,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
464
-     case SSL_CHACHA20POLY1305:
465
-         enc = "CHACHA20/POLY1305(256)";
466
-         break;
467
-+    case SSL_CHACHA20POLY1305_D:
468
-+        enc = "CHACHA20/POLY1305-Draft(256)";
469
-+        break;
470
-     default:
471
-         enc = "unknown";
472
-         break;
473
-@@ -2115,7 +2121,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
463
+@@ -2122,7 +2125,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
474 464
          out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
475 465
      } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
476 466
          out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
@@ -480,7 +470,7 @@ index 461a9debab..84f90c1621 100644
480 470
      } else if (c->algorithm_mac & SSL_AEAD) {
481 471
          /* We're supposed to have handled all the AEAD modes above */
482 472
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
483
-index ae6417b592..c783031ea2 100644
473
+index 1d3397d880..d5ff8520b6 100644
484 474
 --- a/ssl/ssl_locl.h
485 475
 +++ b/ssl/ssl_locl.h
486 476
 @@ -234,12 +234,13 @@
@@ -499,11 +489,11 @@ index ae6417b592..c783031ea2 100644
499 489
  # define SSL_ARIA                (SSL_ARIAGCM)
500 490
  
501 491
 diff --git a/util/libcrypto.num b/util/libcrypto.num
502
-index 9957cf80f6..21ea627067 100644
492
+index cb0cb2279b..a5829966e7 100644
503 493
 --- a/util/libcrypto.num
504 494
 +++ b/util/libcrypto.num
505
-@@ -4646,3 +4646,4 @@ OPENSSL_CTX_free                        4601	3_0_0	EXIST::FUNCTION:
506
- OPENSSL_LH_flush                        4602	3_0_0	EXIST::FUNCTION:
507
- BN_native2bn                            4603	3_0_0	EXIST::FUNCTION:
508
- BN_bn2nativepad                         4604	3_0_0	EXIST::FUNCTION:
509
-+EVP_chacha20_poly1305_draft             4605	3_0_0	EXIST::FUNCTION:CHACHA,POLY1305
495
+@@ -4655,3 +4655,4 @@ OSSL_trace_set_callback                 4610	3_0_0	EXIST::FUNCTION:
496
+ OSSL_trace_enabled                      4611	3_0_0	EXIST::FUNCTION:
497
+ OSSL_trace_begin                        4612	3_0_0	EXIST::FUNCTION:
498
+ OSSL_trace_end                          4613	3_0_0	EXIST::FUNCTION:
499
++EVP_chacha20_poly1305_draft             4614	3_0_0	EXIST::FUNCTION:CHACHA,POLY1305

+ 147
- 146
openssl-equal-3.0.0-dev.patch View File

@@ -1,5 +1,28 @@
1
+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
2
+index aec6a8dac8..9dc9d183e7 100644
3
+--- a/crypto/err/openssl.txt
4
++++ b/crypto/err/openssl.txt
5
+@@ -2805,6 +2805,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
6
+ SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
7
+ SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
8
+ 	mixed handshake and non handshake data
9
++SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:294:mixed special operator with groups
10
++SSL_R_NESTED_GROUP:295:nested group
11
+ SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
12
+ SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
13
+ SSL_R_NOT_SERVER:284:not server
14
+@@ -2913,7 +2915,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
15
+ SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
16
+ SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
17
+ SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
18
++SSL_R_UNEXPECTED_GROUP_CLOSE:296:unexpected group close
19
+ SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
20
++SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:297:unexpected operator in group
21
+ SSL_R_UNEXPECTED_RECORD:245:unexpected record
22
+ SSL_R_UNINITIALIZED:276:uninitialized
23
+ SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
1 24
 diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
2
-index e29c5d7ced..b5bca974c9 100644
25
+index e29c5d7ced..7d795c390e 100644
3 26
 --- a/doc/man1/ciphers.pod
4 27
 +++ b/doc/man1/ciphers.pod
5 28
 @@ -400,6 +400,21 @@ permissible.
@@ -17,64 +40,41 @@ index e29c5d7ced..b5bca974c9 100644
17 40
 +brackets, combining multiple selectors separated by |. For example:
18 41
 +
19 42
 + [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]
20
-+ 
43
++
21 44
 + Once an equal-preference group is used, future directives must be
22 45
 + opcode-less.
23 46
 +
24 47
  =head1 CIPHER SUITE NAMES
25 48
  
26 49
  The following lists give the SSL or TLS cipher suites names from the
27
-diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
28
-index 9d6e1c5024..cee7db9a25 100644
29
---- a/include/openssl/ssl.h
30
-+++ b/include/openssl/ssl.h
31
-@@ -173,12 +173,12 @@ extern "C" {
32
- # define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
33
- /* This is the default set of TLSv1.3 ciphersuites */
34
- # if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
35
--#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
36
-+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \
37
-                                    "TLS_CHACHA20_POLY1305_SHA256:" \
38
--                                   "TLS_AES_128_GCM_SHA256"
39
-+                                   "TLS_AES_256_GCM_SHA384"
40
- # else
41
--#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
42
--                                   "TLS_AES_128_GCM_SHA256"
43
-+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \
44
-+                                   "TLS_AES_256_GCM_SHA384"
45
- #endif
46
- /*
47
-  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
48 50
 diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
49
-index 63057517dc..97ccb41d43 100644
51
+index 63057517dc..77910bad17 100644
50 52
 --- a/include/openssl/sslerr.h
51 53
 +++ b/include/openssl/sslerr.h
52
-@@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void);
53
- # define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
54
+@@ -597,6 +597,8 @@ int ERR_load_SSL_strings(void);
54 55
  # define SSL_R_MISSING_TMP_DH_KEY                         171
55 56
  # define SSL_R_MISSING_TMP_ECDH_KEY                       311
56
-+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS         101
57
-+# define SSL_R_NESTED_GROUP                               108
58 57
  # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA     293
58
++# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS         294
59
++# define SSL_R_NESTED_GROUP                               295
59 60
  # define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
60 61
  # define SSL_R_NOT_REPLACING_CERTIFICATE                  289
61
-@@ -727,9 +729,11 @@ int ERR_load_SSL_strings(void);
62
- # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
63
- # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
62
+ # define SSL_R_NOT_SERVER                                 284
63
+@@ -729,7 +731,9 @@ int ERR_load_SSL_strings(void);
64 64
  # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
65
-+# define SSL_R_UNEXPECTED_GROUP_CLOSE                     109
66 65
  # define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
67 66
  # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
67
++# define SSL_R_UNEXPECTED_GROUP_CLOSE                     296
68 68
  # define SSL_R_UNEXPECTED_MESSAGE                         244
69
-+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP               110
69
++# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP               297
70 70
  # define SSL_R_UNEXPECTED_RECORD                          245
71 71
  # define SSL_R_UNINITIALIZED                              276
72 72
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
73 73
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
74
-index a5b3dbbfd5..505c32d18e 100644
74
+index a3639fd18c..c24b5154ac 100644
75 75
 --- a/ssl/s3_lib.c
76 76
 +++ b/ssl/s3_lib.c
77
-@@ -167,7 +167,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
77
+@@ -168,7 +168,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
78 78
       SSL_aRSA,
79 79
       SSL_3DES,
80 80
       SSL_SHA1,
@@ -83,7 +83,7 @@ index a5b3dbbfd5..505c32d18e 100644
83 83
       DTLS1_BAD_VER, DTLS1_2_VERSION,
84 84
       SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
85 85
       SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
86
-@@ -232,7 +232,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
86
+@@ -233,7 +233,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
87 87
       SSL_aRSA,
88 88
       SSL_AES128,
89 89
       SSL_SHA1,
@@ -92,7 +92,7 @@ index a5b3dbbfd5..505c32d18e 100644
92 92
       DTLS1_BAD_VER, DTLS1_2_VERSION,
93 93
       SSL_HIGH | SSL_FIPS,
94 94
       SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
95
-@@ -296,7 +296,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
95
+@@ -297,7 +297,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
96 96
       SSL_aRSA,
97 97
       SSL_AES256,
98 98
       SSL_SHA1,
@@ -101,7 +101,7 @@ index a5b3dbbfd5..505c32d18e 100644
101 101
       DTLS1_BAD_VER, DTLS1_2_VERSION,
102 102
       SSL_HIGH | SSL_FIPS,
103 103
       SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
104
-@@ -4124,6 +4124,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
104
+@@ -4125,6 +4125,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
105 105
      return 1;
106 106
  }
107 107
  
@@ -119,7 +119,7 @@ index a5b3dbbfd5..505c32d18e 100644
119 119
  /*
120 120
   * ssl3_choose_cipher - choose a cipher from those offered by the client
121 121
   * @s: SSL connection
122
-@@ -4133,16 +4144,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
122
+@@ -4134,16 +4145,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
123 123
   * Returns the selected cipher or NULL when no common ciphers.
124 124
   */
125 125
  const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -150,8 +150,8 @@ index a5b3dbbfd5..505c32d18e 100644
150 150
  
151 151
      /* Let's see which ciphers we can support */
152 152
  
153
-@@ -4169,54 +4188,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
154
- #endif
153
+@@ -4170,54 +4189,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
154
+     } OSSL_TRACE_END(TLS_CIPHER);
155 155
  
156 156
      /* SUITE-B takes precedence over server preference and ChaCha priortiy */
157 157
 -    if (tls1_suiteb(s)) {
@@ -208,7 +208,7 @@ index a5b3dbbfd5..505c32d18e 100644
208 208
          allow = srvr;
209 209
      }
210 210
  
211
-@@ -4247,14 +4225,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
211
+@@ -4248,14 +4226,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
212 212
      for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
213 213
          c = sk_SSL_CIPHER_value(prio, i);
214 214
  
@@ -227,7 +227,7 @@ index a5b3dbbfd5..505c32d18e 100644
227 227
  
228 228
          /*
229 229
           * Since TLS 1.3 ciphersuites can be used with any auth or
230
-@@ -4276,10 +4256,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
230
+@@ -4277,10 +4257,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
231 231
  #ifndef OPENSSL_NO_PSK
232 232
              /* with PSK there must be server callback set */
233 233
              if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
@@ -237,9 +237,9 @@ index a5b3dbbfd5..505c32d18e 100644
237 237
  
238 238
 -            ok = (alg_k & mask_k) && (alg_a & mask_a);
239 239
 +            ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
240
- #ifdef CIPHER_DEBUG
241
-             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
242
-                     alg_a, mask_k, mask_a, (void *)c, c->name);
240
+             OSSL_TRACE7(TLS_CIPHER,
241
+                         "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
242
+                         ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
243 243
 @@ -4296,6 +4276,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
244 244
  
245 245
              if (!ok)
@@ -315,10 +315,10 @@ index a5b3dbbfd5..505c32d18e 100644
315 315
  }
316 316
  
317 317
 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
318
-index 461a9debab..c8d8517735 100644
318
+index 5aa04dbd53..dc238fc9c9 100644
319 319
 --- a/ssl/ssl_ciph.c
320 320
 +++ b/ssl/ssl_ciph.c
321
-@@ -192,6 +192,7 @@ typedef struct cipher_order_st {
321
+@@ -193,6 +193,7 @@ typedef struct cipher_order_st {
322 322
      const SSL_CIPHER *cipher;
323 323
      int active;
324 324
      int dead;
@@ -326,7 +326,15 @@ index 461a9debab..c8d8517735 100644
326 326
      struct cipher_order_st *next, *prev;
327 327
  } CIPHER_ORDER;
328 328
  
329
-@@ -681,6 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
329
+@@ -297,6 +298,7 @@ static const SSL_CIPHER cipher_aliases[] = {
330
+     {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
331
+     {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
332
+     {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
333
++    {0, "TLS13", NULL, 0, 0, 0, 0, 0, TLS1_3_VERSION},
334
+ 
335
+     /* strength classes */
336
+     {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
337
+@@ -682,6 +684,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
330 338
          co_list[co_list_num].next = NULL;
331 339
          co_list[co_list_num].prev = NULL;
332 340
          co_list[co_list_num].active = 0;
@@ -334,7 +342,7 @@ index 461a9debab..c8d8517735 100644
334 342
          co_list_num++;
335 343
      }
336 344
  
337
-@@ -774,8 +776,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
345
+@@ -775,8 +778,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
338 346
                                    uint32_t alg_auth, uint32_t alg_enc,
339 347
                                    uint32_t alg_mac, int min_tls,
340 348
                                    uint32_t algo_strength, int rule,
@@ -345,19 +353,19 @@ index 461a9debab..c8d8517735 100644
345 353
  {
346 354
      CIPHER_ORDER *head, *tail, *curr, *next, *last;
347 355
      const SSL_CIPHER *cp;
348
-@@ -783,9 +785,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
356
+@@ -784,9 +787,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
349 357
  
350
- #ifdef CIPHER_DEBUG
351
-     fprintf(stderr,
352
--            "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
353
-+            "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n",
354
-             rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
355
--            algo_strength, strength_bits);
356
-+            algo_strength, strength_bits, in_group);
357
- #endif
358
+     OSSL_TRACE_BEGIN(TLS_CIPHER){
359
+         BIO_printf(trc_out,
360
+-                   "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
361
++                   "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n",
362
+                    rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
363
+-                   algo_strength, strength_bits);
364
++                   algo_strength, strength_bits, in_group);
365
+     }
358 366
  
359 367
      if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
360
-@@ -862,6 +864,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
368
+@@ -863,6 +866,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
361 369
              if (!curr->active) {
362 370
                  ll_append_tail(&head, curr, &tail);
363 371
                  curr->active = 1;
@@ -365,7 +373,7 @@ index 461a9debab..c8d8517735 100644
365 373
              }
366 374
          }
367 375
          /* Move the added cipher to this location */
368
-@@ -869,6 +872,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
376
+@@ -870,6 +874,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
369 377
              /* reverse == 0 */
370 378
              if (curr->active) {
371 379
                  ll_append_tail(&head, curr, &tail);
@@ -373,7 +381,7 @@ index 461a9debab..c8d8517735 100644
373 381
              }
374 382
          } else if (rule == CIPHER_DEL) {
375 383
              /* reverse == 1 */
376
-@@ -880,6 +884,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
384
+@@ -881,6 +886,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
377 385
                   */
378 386
                  ll_append_head(&head, curr, &tail);
379 387
                  curr->active = 0;
@@ -381,7 +389,7 @@ index 461a9debab..c8d8517735 100644
381 389
              }
382 390
          } else if (rule == CIPHER_BUMP) {
383 391
              if (curr->active)
384
-@@ -947,8 +952,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
392
+@@ -950,8 +956,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
385 393
       */
386 394
      for (i = max_strength_bits; i >= 0; i--)
387 395
          if (number_uses[i] > 0)
@@ -392,7 +400,7 @@ index 461a9debab..c8d8517735 100644
392 400
  
393 401
      OPENSSL_free(number_uses);
394 402
      return 1;
395
-@@ -962,7 +967,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
403
+@@ -965,7 +971,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
396 404
      uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
397 405
      int min_tls;
398 406
      const char *l, *buf;
@@ -401,7 +409,7 @@ index 461a9debab..c8d8517735 100644
401 409
      uint32_t cipher_id = 0;
402 410
      char ch;
403 411
  
404
-@@ -973,18 +978,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
412
+@@ -976,18 +982,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
405 413
  
406 414
          if (ch == '\0')
407 415
              break;              /* done */
@@ -469,7 +477,16 @@ index 461a9debab..c8d8517735 100644
469 477
          } else {
470 478
              rule = CIPHER_ADD;
471 479
          }
472
-@@ -1026,7 +1079,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
480
+@@ -1012,7 +1066,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
481
+             while (((ch >= 'A') && (ch <= 'Z')) ||
482
+                    ((ch >= '0') && (ch <= '9')) ||
483
+                    ((ch >= 'a') && (ch <= 'z')) ||
484
+-                   (ch == '-') || (ch == '.') || (ch == '='))
485
++                   (ch == '-') || (ch == '.') || (ch == '=') || (ch == '_'))
486
+ #else
487
+             while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
488
+                    || (ch == '='))
489
+@@ -1029,7 +1083,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
473 490
                   * alphanumeric, so we call this an error.
474 491
                   */
475 492
                  SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
@@ -478,7 +495,7 @@ index 461a9debab..c8d8517735 100644
478 495
                  l++;
479 496
                  break;
480 497
              }
481
-@@ -1205,8 +1258,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
498
+@@ -1208,8 +1262,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
482 499
          } else if (found) {
483 500
              ssl_cipher_apply_rule(cipher_id,
484 501
                                    alg_mkey, alg_auth, alg_enc, alg_mac,
@@ -489,7 +506,7 @@ index 461a9debab..c8d8517735 100644
489 506
          } else {
490 507
              while ((*l != '\0') && !ITEM_SEP(*l))
491 508
                  l++;
492
-@@ -1215,6 +1268,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
509
+@@ -1218,6 +1272,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
493 510
              break;              /* done */
494 511
      }
495 512
  
@@ -501,7 +518,7 @@ index 461a9debab..c8d8517735 100644
501 518
      return retval;
502 519
  }
503 520
  
504
-@@ -1379,7 +1437,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
521
+@@ -1382,7 +1441,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
505 522
  
506 523
      if (ret && ctx->cipher_list != NULL) {
507 524
          /* We already have a cipher_list, so we need to update it */
@@ -510,7 +527,7 @@ index 461a9debab..c8d8517735 100644
510 527
                                    ctx->tls13_ciphersuites);
511 528
      }
512 529
  
513
-@@ -1392,7 +1450,7 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
530
+@@ -1395,7 +1454,7 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
514 531
  
515 532
      if (ret && s->cipher_list != NULL) {
516 533
          /* We already have a cipher_list, so we need to update it */
@@ -519,7 +536,7 @@ index 461a9debab..c8d8517735 100644
519 536
                                    s->tls13_ciphersuites);
520 537
      }
521 538
  
522
-@@ -1401,17 +1459,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
539
+@@ -1404,17 +1463,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
523 540
  
524 541
  STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
525 542
                                               STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@@ -530,21 +547,20 @@ index 461a9debab..c8d8517735 100644
530 547
                                               CERT *c)
531 548
  {
532 549
 -    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i;
533
-+    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i, tls13_len;
550
++    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
534 551
      uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
535 552
 -    STACK_OF(SSL_CIPHER) *cipherstack;
536 553
 +    STACK_OF(SSL_CIPHER) *cipherstack = NULL;
537 554
      const char *rule_p;
538 555
      CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
539
--    const SSL_CIPHER **ca_list = NULL;
540
-+    const SSL_CIPHER **ca_list = NULL, *tmp = NULL;
556
+     const SSL_CIPHER **ca_list = NULL;
541 557
 +    uint8_t *in_group_flags = NULL;
542 558
 +    unsigned int num_in_group_flags = 0;
543 559
 +    struct ssl_cipher_preference_list_st *pref_list = NULL;
544 560
  
545 561
      /*
546 562
       * Return with error if nothing to do.
547
-@@ -1460,16 +1521,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
563
+@@ -1463,16 +1525,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
548 564
       * preference).
549 565
       */
550 566
      ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
@@ -568,7 +584,7 @@ index 461a9debab..c8d8517735 100644
568 584
                            &head, &tail);
569 585
  
570 586
      /*
571
-@@ -1478,13 +1539,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
587
+@@ -1481,13 +1543,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
572 588
       * strength.
573 589
       */
574 590
      ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
@@ -585,7 +601,7 @@ index 461a9debab..c8d8517735 100644
585 601
                            &tail);
586 602
  
587 603
      /*
588
-@@ -1492,16 +1553,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
604
+@@ -1495,16 +1557,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
589 605
       * disabled. (For applications that allow them, they aren't too bad, but
590 606
       * we prefer authenticated ciphers.)
591 607
       */
@@ -606,7 +622,7 @@ index 461a9debab..c8d8517735 100644
606 622
                            &tail);
607 623
  
608 624
      /*
609
-@@ -1517,7 +1578,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
625
+@@ -1520,7 +1582,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
610 626
       * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
611 627
       * TODO(openssl-team): is there an easier way to accomplish all this?
612 628
       */
@@ -615,7 +631,7 @@ index 461a9debab..c8d8517735 100644
615 631
                            &head, &tail);
616 632
  
617 633
      /*
618
-@@ -1533,15 +1594,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
634
+@@ -1536,15 +1598,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
619 635
       * Because we now bump ciphers to the top of the list, we proceed in
620 636
       * reverse order of preference.
621 637
       */
@@ -628,6 +644,9 @@ index 461a9debab..c8d8517735 100644
628 644
      ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
629 645
 -                          CIPHER_BUMP, -1, &head, &tail);
630 646
 +                          CIPHER_BUMP, -1, 0, &head, &tail);
647
++
648
++    ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_3_VERSION, 0, CIPHER_BUMP, -1, 0,
649
++                          &head, &tail);
631 650
  
632 651
      /* Now disable everything (maintaining the ordering!) */
633 652
 -    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
@@ -635,7 +654,7 @@ index 461a9debab..c8d8517735 100644
635 654
  
636 655
      /*
637 656
       * We also need cipher aliases for selecting based on the rule_str.
638
-@@ -1555,9 +1616,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
657
+@@ -1558,9 +1623,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
639 658
      num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
640 659
      ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
641 660
      if (ca_list == NULL) {
@@ -646,7 +665,7 @@ index 461a9debab..c8d8517735 100644
646 665
      }
647 666
      ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
648 667
                                 disabled_mkey, disabled_auth, disabled_enc,
649
-@@ -1582,27 +1642,35 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
668
+@@ -1585,28 +1649,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
650 669
  
651 670
      OPENSSL_free(ca_list);      /* Not needed anymore */
652 671
  
@@ -666,52 +685,39 @@ index 461a9debab..c8d8517735 100644
666 685
 -        return NULL;
667 686
 -    }
668 687
 +    if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
669
-+        goto err;
670
-+
671
-+    in_group_flags = OPENSSL_malloc(num_of_ciphers);
672
-+    if (!in_group_flags)
673 688
 +        goto err;
674 689
  
675
-     /* Add TLSv1.3 ciphers first - we always prefer those if possible */
690
+-    /* Add TLSv1.3 ciphers first - we always prefer those if possible */
676 691
 -    for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
677
-+    tls13_len = sk_SSL_CIPHER_num(tls13_ciphersuites);
678
-+    for (i = 0; i < tls13_len; i++) {
679
-+        tmp = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
680
-         if (!sk_SSL_CIPHER_push(cipherstack,
692
+-        if (!sk_SSL_CIPHER_push(cipherstack,
681 693
 -                                sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
682 694
 -            sk_SSL_CIPHER_free(cipherstack);
683 695
 -            return NULL;
684
-+                                tmp))
685
-+            goto err;
686
-+        /* Temporary - AES128, CHACHA20 priority adjustment of TLS 1.3. */
687
-+        if (tmp->algorithm_enc == SSL_AES128GCM &&
688
-+            tls13_len > (i + 1)) {
689
-+            tmp = sk_SSL_CIPHER_value(tls13_ciphersuites, i + 1);
690
-+            in_group_flags[num_in_group_flags++] = (tmp->algorithm_enc == SSL_CHACHA20POLY1305) ? 1 : 0;
691
-         }
692
-+        else
693
-+            in_group_flags[num_in_group_flags++] = 0;
694
-     }
696
+-        }
697
+-    }
698
++    in_group_flags = OPENSSL_malloc(num_of_ciphers);
699
++    if (!in_group_flags)
700
++        goto err;
695 701
  
696
-     /*
697
-@@ -1611,26 +1679,50 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
698
-      */
702
+     OSSL_TRACE_BEGIN(TLS_CIPHER) {
703
+         BIO_printf(trc_out, "cipher selection:\n");
704
+@@ -1618,11 +1673,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
699 705
      for (curr = head; curr != NULL; curr = curr->next) {
700 706
          if (curr->active) {
701
--            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
707
+             if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
702 708
 -                OPENSSL_free(co_list);
703 709
 -                sk_SSL_CIPHER_free(cipherstack);
710
+                 OSSL_TRACE_CANCEL(TLS_CIPHER);
704 711
 -                return NULL;
705
--            }
706
-+            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher))
707 712
 +                goto err;
713
+             }
708 714
 +            in_group_flags[num_in_group_flags++] = curr->in_group;
709
- #ifdef CIPHER_DEBUG
710
-             fprintf(stderr, "<%s>\n", curr->cipher->name);
711
- #endif
715
+             if (trc_out != NULL)
716
+                 BIO_printf(trc_out, "<%s>\n", curr->cipher->name);
712 717
          }
713
-     }
714
--    OPENSSL_free(co_list);      /* Not needed any longer */
718
+@@ -1630,14 +1684,39 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
719
+     OPENSSL_free(co_list);      /* Not needed any longer */
720
+     OSSL_TRACE_END(TLS_CIPHER);
715 721
  
716 722
 -    if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
717 723
 -        sk_SSL_CIPHER_free(cipherstack);
@@ -719,9 +725,6 @@ index 461a9debab..c8d8517735 100644
719 725
 -    }
720 726
 -    sk_SSL_CIPHER_free(*cipher_list);
721 727
 -    *cipher_list = cipherstack;
722
-+    OPENSSL_free(co_list);      /* Not needed any longer */
723
-+    co_list = NULL;
724
-+
725 728
 +    if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack))
726 729
 +        goto err;
727 730
 +
@@ -754,32 +757,30 @@ index 461a9debab..c8d8517735 100644
754 757
 +    if (pref_list)
755 758
 +        OPENSSL_free(pref_list);
756 759
 +    return NULL;
760
++
757 761
  }
758 762
  
759 763
  char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
760 764
 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
761
-index ceae87bbc9..46521b7136 100644
765
+index ceae87bbc9..10836f3667 100644
762 766
 --- a/ssl/ssl_err.c
763 767
 +++ b/ssl/ssl_err.c
764
-@@ -965,6 +965,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
765
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
766
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),
768
+@@ -967,6 +967,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
767 769
      "missing tmp ecdh key"},
770
+     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
771
+     "mixed handshake and non handshake data"},
768 772
 +    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS),
769 773
 +    "mixed special operator with groups"},
770 774
 +    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "nested group"},
771
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
772
-     "mixed handshake and non handshake data"},
773 775
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
774
-@@ -1201,11 +1204,14 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
775
-     "unable to load ssl3 md5 routines"},
776
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
777
-     "unable to load ssl3 sha1 routines"},
778
-+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE), "unexpected group close"},
779
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE),
776
+     "not on record boundary"},
777
+     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
778
+@@ -1205,7 +1208,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
780 779
      "unexpected ccs message"},
781 780
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
782 781
      "unexpected end of early data"},
782
++    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE),
783
++    "unexpected group close"},
783 784
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
784 785
 +    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP),
785 786
 +    "unexpected operator in group"},
@@ -787,10 +788,10 @@ index ceae87bbc9..46521b7136 100644
787 788
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
788 789
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
789 790
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
790
-index 322a4381b0..ac33c35560 100644
791
+index f63e16b592..8f462b7108 100644
791 792
 --- a/ssl/ssl_lib.c
792 793
 +++ b/ssl/ssl_lib.c
793
-@@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
794
+@@ -1120,6 +1120,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
794 795
      return X509_VERIFY_PARAM_set1(ssl->param, vpm);
795 796
  }
796 797
  
@@ -862,7 +863,7 @@ index 322a4381b0..ac33c35560 100644
862 863
  X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
863 864
  {
864 865
      return ctx->param;
865
-@@ -1163,7 +1228,8 @@ void SSL_free(SSL *s)
866
+@@ -1164,7 +1229,8 @@ void SSL_free(SSL *s)
866 867
      BUF_MEM_free(s->init_buf);
867 868
  
868 869
      /* add extra stuff */
@@ -872,7 +873,7 @@ index 322a4381b0..ac33c35560 100644
872 873
      sk_SSL_CIPHER_free(s->cipher_list_by_id);
873 874
      sk_SSL_CIPHER_free(s->tls13_ciphersuites);
874 875
  
875
-@@ -2498,9 +2564,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
876
+@@ -2499,9 +2565,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
876 877
  {
877 878
      if (s != NULL) {
878 879
          if (s->cipher_list != NULL) {
@@ -884,7 +885,7 @@ index 322a4381b0..ac33c35560 100644
884 885
          }
885 886
      }
886 887
      return NULL;
887
-@@ -2574,8 +2640,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
888
+@@ -2575,8 +2641,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
888 889
   * preference */
889 890
  STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
890 891
  {
@@ -895,7 +896,7 @@ index 322a4381b0..ac33c35560 100644
895 896
      return NULL;
896 897
  }
897 898
  
898
-@@ -3026,7 +3092,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
899
+@@ -3027,7 +3093,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
899 900
                                  ret->tls13_ciphersuites,
900 901
                                  &ret->cipher_list, &ret->cipher_list_by_id,
901 902
                                  SSL_DEFAULT_CIPHER_LIST, ret->cert)
@@ -904,7 +905,7 @@ index 322a4381b0..ac33c35560 100644
904 905
          SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
905 906
          goto err2;
906 907
      }
907
-@@ -3202,7 +3268,7 @@ void SSL_CTX_free(SSL_CTX *a)
908
+@@ -3203,7 +3269,7 @@ void SSL_CTX_free(SSL_CTX *a)
908 909
  #ifndef OPENSSL_NO_CT
909 910
      CTLOG_STORE_free(a->ctlog_store);
910 911
  #endif
@@ -913,7 +914,7 @@ index 322a4381b0..ac33c35560 100644
913 914
      sk_SSL_CIPHER_free(a->cipher_list_by_id);
914 915
      sk_SSL_CIPHER_free(a->tls13_ciphersuites);
915 916
      ssl_cert_free(a->cert);
916
-@@ -3880,13 +3946,15 @@ SSL *SSL_dup(SSL *s)
917
+@@ -3879,13 +3945,15 @@ SSL *SSL_dup(SSL *s)
917 918
  
918 919
      /* dup the cipher_list and cipher_list_by_id stacks */
919 920
      if (s->cipher_list != NULL) {
@@ -934,10 +935,10 @@ index 322a4381b0..ac33c35560 100644
934 935
      /* Dup the client_CA list */
935 936
      if (!dup_ca_names(&ret->ca_names, s->ca_names)
936 937
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
937
-index ae6417b592..9f839acc74 100644
938
+index 1d3397d880..265c32d15e 100644
938 939
 --- a/ssl/ssl_locl.h
939 940
 +++ b/ssl/ssl_locl.h
940
-@@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st {
941
+@@ -744,9 +744,46 @@ typedef struct ssl_ctx_ext_secure_st {
941 942
      unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
942 943
  } SSL_CTX_EXT_SECURE;
943 944
  
@@ -985,7 +986,7 @@ index ae6417b592..9f839acc74 100644
985 986
      /* same as above but sorted for lookup */
986 987
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
987 988
      /* TLSv1.3 specific ciphersuites */
988
-@@ -1146,7 +1183,7 @@ struct ssl_st {
989
+@@ -1145,7 +1182,7 @@ struct ssl_st {
989 990
      /* Per connection DANE state */
990 991
      SSL_DANE dane;
991 992
      /* crypto */
@@ -994,7 +995,7 @@ index ae6417b592..9f839acc74 100644
994 995
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
995 996
      /* TLSv1.3 specific ciphersuites */
996 997
      STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
997
-@@ -2275,7 +2312,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
998
+@@ -2278,7 +2315,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
998 999
                                   const SSL_CIPHER *const *bp);
999 1000
  __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1000 1001
                                                      STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@@ -1003,7 +1004,7 @@ index ae6417b592..9f839acc74 100644
1003 1004
                                                      STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1004 1005
                                                      const char *rule_str,
1005 1006
                                                      CERT *c);
1006
-@@ -2285,6 +2322,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1007
+@@ -2288,6 +2325,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1007 1008
                                  STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
1008 1009
                                  int fatal);
1009 1010
  void ssl_update_cache(SSL *s, int mode);
@@ -1017,7 +1018,7 @@ index ae6417b592..9f839acc74 100644
1017 1018
  __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
1018 1019
                                const EVP_MD **md, int *mac_pkey_type,
1019 1020
                                size_t *mac_secret_size, SSL_COMP **comp,
1020
-@@ -2368,7 +2412,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1021
+@@ -2371,7 +2415,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1021 1022
                                              CERT_PKEY *cpk);
1022 1023
  __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
1023 1024
                                              STACK_OF(SSL_CIPHER) *clnt,
@@ -1027,10 +1028,10 @@ index ae6417b592..9f839acc74 100644
1027 1028
  __owur int ssl3_new(SSL *s);
1028 1029
  void ssl3_free(SSL *s);
1029 1030
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1030
-index bf1819d356..ebb6224b5e 100644
1031
+index e482e2d074..f81fe86291 100644
1031 1032
 --- a/ssl/statem/statem_srvr.c
1032 1033
 +++ b/ssl/statem/statem_srvr.c
1033
-@@ -1750,7 +1750,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1034
+@@ -1751,7 +1751,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1034 1035
      /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
1035 1036
      if (SSL_IS_TLS13(s)) {
1036 1037
          const SSL_CIPHER *cipher =
@@ -1039,7 +1040,7 @@ index bf1819d356..ebb6224b5e 100644
1039 1040
  
1040 1041
          if (cipher == NULL) {
1041 1042
              SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1042
-@@ -1931,7 +1931,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1043
+@@ -1934,7 +1934,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1043 1044
              /* check if some cipher was preferred by call back */
1044 1045
              if (pref_cipher == NULL)
1045 1046
                  pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@@ -1048,7 +1049,7 @@ index bf1819d356..ebb6224b5e 100644
1048 1049
              if (pref_cipher == NULL) {
1049 1050
                  SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1050 1051
                           SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
1051
-@@ -1940,8 +1940,9 @@ static int tls_early_post_process_client_hello(SSL *s)
1052
+@@ -1943,8 +1943,9 @@ static int tls_early_post_process_client_hello(SSL *s)
1052 1053
              }
1053 1054
  
1054 1055
              s->session->cipher = pref_cipher;
@@ -1060,7 +1061,7 @@ index bf1819d356..ebb6224b5e 100644
1060 1061
              sk_SSL_CIPHER_free(s->cipher_list_by_id);
1061 1062
              s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1062 1063
          }
1063
-@@ -2255,7 +2256,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
1064
+@@ -2258,7 +2259,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
1064 1065
              /* In TLSv1.3 we selected the ciphersuite before resumption */
1065 1066
              if (!SSL_IS_TLS13(s)) {
1066 1067
                  cipher =

+ 146
- 107
openssl-equal-3.0.0-dev_ciphers.patch View File

@@ -1,5 +1,28 @@
1
+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
2
+index aec6a8dac8..9dc9d183e7 100644
3
+--- a/crypto/err/openssl.txt
4
++++ b/crypto/err/openssl.txt
5
+@@ -2805,6 +2805,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
6
+ SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
7
+ SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
8
+ 	mixed handshake and non handshake data
9
++SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:294:mixed special operator with groups
10
++SSL_R_NESTED_GROUP:295:nested group
11
+ SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
12
+ SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
13
+ SSL_R_NOT_SERVER:284:not server
14
+@@ -2913,7 +2915,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
15
+ SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
16
+ SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
17
+ SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
18
++SSL_R_UNEXPECTED_GROUP_CLOSE:296:unexpected group close
19
+ SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
20
++SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:297:unexpected operator in group
21
+ SSL_R_UNEXPECTED_RECORD:245:unexpected record
22
+ SSL_R_UNINITIALIZED:276:uninitialized
23
+ SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
1 24
 diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
2
-index e29c5d7ced..b5bca974c9 100644
25
+index e29c5d7ced..7d795c390e 100644
3 26
 --- a/doc/man1/ciphers.pod
4 27
 +++ b/doc/man1/ciphers.pod
5 28
 @@ -400,6 +400,21 @@ permissible.
@@ -17,7 +40,7 @@ index e29c5d7ced..b5bca974c9 100644
17 40
 +brackets, combining multiple selectors separated by |. For example:
18 41
 +
19 42
 + [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]
20
-+ 
43
++
21 44
 + Once an equal-preference group is used, future directives must be
22 45
 + opcode-less.
23 46
 +
@@ -25,35 +48,33 @@ index e29c5d7ced..b5bca974c9 100644
25 48
  
26 49
  The following lists give the SSL or TLS cipher suites names from the
27 50
 diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
28
-index 63057517dc..97ccb41d43 100644
51
+index 63057517dc..77910bad17 100644
29 52
 --- a/include/openssl/sslerr.h
30 53
 +++ b/include/openssl/sslerr.h
31
-@@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void);
32
- # define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
54
+@@ -597,6 +597,8 @@ int ERR_load_SSL_strings(void);
33 55
  # define SSL_R_MISSING_TMP_DH_KEY                         171
34 56
  # define SSL_R_MISSING_TMP_ECDH_KEY                       311
35
-+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS         101
36
-+# define SSL_R_NESTED_GROUP                               108
37 57
  # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA     293
58
++# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS         294
59
++# define SSL_R_NESTED_GROUP                               295
38 60
  # define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
39 61
  # define SSL_R_NOT_REPLACING_CERTIFICATE                  289
40
-@@ -727,9 +729,11 @@ int ERR_load_SSL_strings(void);
41
- # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
42
- # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
62
+ # define SSL_R_NOT_SERVER                                 284
63
+@@ -729,7 +731,9 @@ int ERR_load_SSL_strings(void);
43 64
  # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
44
-+# define SSL_R_UNEXPECTED_GROUP_CLOSE                     109
45 65
  # define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
46 66
  # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
67
++# define SSL_R_UNEXPECTED_GROUP_CLOSE                     296
47 68
  # define SSL_R_UNEXPECTED_MESSAGE                         244
48
-+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP               110
69
++# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP               297
49 70
  # define SSL_R_UNEXPECTED_RECORD                          245
50 71
  # define SSL_R_UNINITIALIZED                              276
51 72
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
52 73
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
53
-index a5b3dbbfd5..6dd4ad4b68 100644
74
+index a3639fd18c..3f830c5d40 100644
54 75
 --- a/ssl/s3_lib.c
55 76
 +++ b/ssl/s3_lib.c
56
-@@ -31,7 +31,25 @@ const unsigned char tls12downgrade[] = {
77
+@@ -32,7 +32,25 @@ const unsigned char tls12downgrade[] = {
57 78
  };
58 79
  
59 80
  /* The list of available TLSv1.3 ciphers */
@@ -79,7 +100,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
79 100
      {
80 101
          1,
81 102
          TLS1_3_RFC_AES_128_GCM_SHA256,
82
-@@ -111,20 +129,8 @@ static SSL_CIPHER tls13_ciphers[] = {
103
+@@ -112,20 +130,8 @@ static SSL_CIPHER tls13_ciphers[] = {
83 104
          SSL_HANDSHAKE_MAC_SHA256,
84 105
          128,
85 106
          128,
@@ -102,7 +123,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
102 123
      {
103 124
       1,
104 125
       SSL3_TXT_RSA_NULL_MD5,
105
-@@ -167,7 +173,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
126
+@@ -168,7 +174,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
106 127
       SSL_aRSA,
107 128
       SSL_3DES,
108 129
       SSL_SHA1,
@@ -111,7 +132,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
111 132
       DTLS1_BAD_VER, DTLS1_2_VERSION,
112 133
       SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
113 134
       SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
114
-@@ -232,7 +238,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
135
+@@ -233,7 +239,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
115 136
       SSL_aRSA,
116 137
       SSL_AES128,
117 138
       SSL_SHA1,
@@ -120,7 +141,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
120 141
       DTLS1_BAD_VER, DTLS1_2_VERSION,
121 142
       SSL_HIGH | SSL_FIPS,
122 143
       SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
123
-@@ -296,7 +302,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
144
+@@ -297,7 +303,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
124 145
       SSL_aRSA,
125 146
       SSL_AES256,
126 147
       SSL_SHA1,
@@ -129,7 +150,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
129 150
       DTLS1_BAD_VER, DTLS1_2_VERSION,
130 151
       SSL_HIGH | SSL_FIPS,
131 152
       SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
132
-@@ -4124,6 +4130,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
153
+@@ -4125,6 +4131,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
133 154
      return 1;
134 155
  }
135 156
  
@@ -147,7 +168,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
147 168
  /*
148 169
   * ssl3_choose_cipher - choose a cipher from those offered by the client
149 170
   * @s: SSL connection
150
-@@ -4133,16 +4150,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
171
+@@ -4134,16 +4151,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
151 172
   * Returns the selected cipher or NULL when no common ciphers.
152 173
   */
153 174
  const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -178,8 +199,8 @@ index a5b3dbbfd5..6dd4ad4b68 100644
178 199
  
179 200
      /* Let's see which ciphers we can support */
180 201
  
181
-@@ -4169,54 +4194,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
182
- #endif
202
+@@ -4170,54 +4195,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
203
+     } OSSL_TRACE_END(TLS_CIPHER);
183 204
  
184 205
      /* SUITE-B takes precedence over server preference and ChaCha priortiy */
185 206
 -    if (tls1_suiteb(s)) {
@@ -236,7 +257,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
236 257
          allow = srvr;
237 258
      }
238 259
  
239
-@@ -4247,14 +4231,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
260
+@@ -4248,14 +4232,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
240 261
      for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
241 262
          c = sk_SSL_CIPHER_value(prio, i);
242 263
  
@@ -255,7 +276,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
255 276
  
256 277
          /*
257 278
           * Since TLS 1.3 ciphersuites can be used with any auth or
258
-@@ -4276,10 +4262,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
279
+@@ -4277,10 +4263,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
259 280
  #ifndef OPENSSL_NO_PSK
260 281
              /* with PSK there must be server callback set */
261 282
              if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
@@ -265,9 +286,9 @@ index a5b3dbbfd5..6dd4ad4b68 100644
265 286
  
266 287
 -            ok = (alg_k & mask_k) && (alg_a & mask_a);
267 288
 +            ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
268
- #ifdef CIPHER_DEBUG
269
-             fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
270
-                     alg_a, mask_k, mask_a, (void *)c, c->name);
289
+             OSSL_TRACE7(TLS_CIPHER,
290
+                         "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
291
+                         ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
271 292
 @@ -4296,6 +4282,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
272 293
  
273 294
              if (!ok)
@@ -343,10 +364,10 @@ index a5b3dbbfd5..6dd4ad4b68 100644
343 364
  }
344 365
  
345 366
 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
346
-index 461a9debab..8eb18f0e28 100644
367
+index 5aa04dbd53..dc238fc9c9 100644
347 368
 --- a/ssl/ssl_ciph.c
348 369
 +++ b/ssl/ssl_ciph.c
349
-@@ -192,6 +192,7 @@ typedef struct cipher_order_st {
370
+@@ -193,6 +193,7 @@ typedef struct cipher_order_st {
350 371
      const SSL_CIPHER *cipher;
351 372
      int active;
352 373
      int dead;
@@ -354,7 +375,7 @@ index 461a9debab..8eb18f0e28 100644
354 375
      struct cipher_order_st *next, *prev;
355 376
  } CIPHER_ORDER;
356 377
  
357
-@@ -296,6 +297,7 @@ static const SSL_CIPHER cipher_aliases[] = {
378
+@@ -297,6 +298,7 @@ static const SSL_CIPHER cipher_aliases[] = {
358 379
      {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
359 380
      {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
360 381
      {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
@@ -362,7 +383,7 @@ index 461a9debab..8eb18f0e28 100644
362 383
  
363 384
      /* strength classes */
364 385
      {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
365
-@@ -681,6 +683,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
386
+@@ -682,6 +684,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
366 387
          co_list[co_list_num].next = NULL;
367 388
          co_list[co_list_num].prev = NULL;
368 389
          co_list[co_list_num].active = 0;
@@ -370,7 +391,7 @@ index 461a9debab..8eb18f0e28 100644
370 391
          co_list_num++;
371 392
      }
372 393
  
373
-@@ -774,8 +777,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
394
+@@ -775,8 +778,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
374 395
                                    uint32_t alg_auth, uint32_t alg_enc,
375 396
                                    uint32_t alg_mac, int min_tls,
376 397
                                    uint32_t algo_strength, int rule,
@@ -381,19 +402,19 @@ index 461a9debab..8eb18f0e28 100644
381 402
  {
382 403
      CIPHER_ORDER *head, *tail, *curr, *next, *last;
383 404
      const SSL_CIPHER *cp;
384
-@@ -783,9 +786,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
405
+@@ -784,9 +787,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
385 406
  
386
- #ifdef CIPHER_DEBUG
387
-     fprintf(stderr,
388
--            "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
389
-+            "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n",
390
-             rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
391
--            algo_strength, strength_bits);
392
-+            algo_strength, strength_bits, in_group);
393
- #endif
407
+     OSSL_TRACE_BEGIN(TLS_CIPHER){
408
+         BIO_printf(trc_out,
409
+-                   "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
410
++                   "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n",
411
+                    rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
412
+-                   algo_strength, strength_bits);
413
++                   algo_strength, strength_bits, in_group);
414
+     }
394 415
  
395 416
      if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
396
-@@ -862,6 +865,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
417
+@@ -863,6 +866,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
397 418
              if (!curr->active) {
398 419
                  ll_append_tail(&head, curr, &tail);
399 420
                  curr->active = 1;
@@ -401,7 +422,7 @@ index 461a9debab..8eb18f0e28 100644
401 422
              }
402 423
          }
403 424
          /* Move the added cipher to this location */
404
-@@ -869,6 +873,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
425
+@@ -870,6 +874,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
405 426
              /* reverse == 0 */
406 427
              if (curr->active) {
407 428
                  ll_append_tail(&head, curr, &tail);
@@ -409,7 +430,7 @@ index 461a9debab..8eb18f0e28 100644
409 430
              }
410 431
          } else if (rule == CIPHER_DEL) {
411 432
              /* reverse == 1 */
412
-@@ -880,6 +885,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
433
+@@ -881,6 +886,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
413 434
                   */
414 435
                  ll_append_head(&head, curr, &tail);
415 436
                  curr->active = 0;
@@ -417,7 +438,7 @@ index 461a9debab..8eb18f0e28 100644
417 438
              }
418 439
          } else if (rule == CIPHER_BUMP) {
419 440
              if (curr->active)
420
-@@ -947,8 +953,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
441
+@@ -950,8 +956,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
421 442
       */
422 443
      for (i = max_strength_bits; i >= 0; i--)
423 444
          if (number_uses[i] > 0)
@@ -428,7 +449,7 @@ index 461a9debab..8eb18f0e28 100644
428 449
  
429 450
      OPENSSL_free(number_uses);
430 451
      return 1;
431
-@@ -962,7 +968,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
452
+@@ -965,7 +971,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
432 453
      uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
433 454
      int min_tls;
434 455
      const char *l, *buf;
@@ -437,7 +458,7 @@ index 461a9debab..8eb18f0e28 100644
437 458
      uint32_t cipher_id = 0;
438 459
      char ch;
439 460
  
440
-@@ -973,18 +979,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
461
+@@ -976,18 +982,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
441 462
  
442 463
          if (ch == '\0')
443 464
              break;              /* done */
@@ -505,7 +526,7 @@ index 461a9debab..8eb18f0e28 100644
505 526
          } else {
506 527
              rule = CIPHER_ADD;
507 528
          }
508
-@@ -1009,7 +1063,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
529
+@@ -1012,7 +1066,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
509 530
              while (((ch >= 'A') && (ch <= 'Z')) ||
510 531
                     ((ch >= '0') && (ch <= '9')) ||
511 532
                     ((ch >= 'a') && (ch <= 'z')) ||
@@ -514,7 +535,7 @@ index 461a9debab..8eb18f0e28 100644
514 535
  #else
515 536
              while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
516 537
                     || (ch == '='))
517
-@@ -1026,7 +1080,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
538
+@@ -1029,7 +1083,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
518 539
                   * alphanumeric, so we call this an error.
519 540
                   */
520 541
                  SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
@@ -523,7 +544,7 @@ index 461a9debab..8eb18f0e28 100644
523 544
                  l++;
524 545
                  break;
525 546
              }
526
-@@ -1205,8 +1259,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
547
+@@ -1208,8 +1262,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
527 548
          } else if (found) {
528 549
              ssl_cipher_apply_rule(cipher_id,
529 550
                                    alg_mkey, alg_auth, alg_enc, alg_mac,
@@ -534,7 +555,7 @@ index 461a9debab..8eb18f0e28 100644
534 555
          } else {
535 556
              while ((*l != '\0') && !ITEM_SEP(*l))
536 557
                  l++;
537
-@@ -1215,6 +1269,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
558
+@@ -1218,6 +1272,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
538 559
              break;              /* done */
539 560
      }
540 561
  
@@ -546,7 +567,7 @@ index 461a9debab..8eb18f0e28 100644
546 567
      return retval;
547 568
  }
548 569
  
549
-@@ -1379,7 +1438,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
570
+@@ -1382,7 +1441,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
550 571
  
551 572
      if (ret && ctx->cipher_list != NULL) {
552 573
          /* We already have a cipher_list, so we need to update it */
@@ -555,7 +576,7 @@ index 461a9debab..8eb18f0e28 100644
555 576
                                    ctx->tls13_ciphersuites);
556 577
      }
557 578
  
558
-@@ -1392,7 +1451,7 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
579
+@@ -1395,7 +1454,7 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
559 580
  
560 581
      if (ret && s->cipher_list != NULL) {
561 582
          /* We already have a cipher_list, so we need to update it */
@@ -564,7 +585,7 @@ index 461a9debab..8eb18f0e28 100644
564 585
                                    s->tls13_ciphersuites);
565 586
      }
566 587
  
567
-@@ -1401,17 +1460,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
588
+@@ -1404,17 +1463,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
568 589
  
569 590
  STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
570 591
                                               STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@@ -588,7 +609,7 @@ index 461a9debab..8eb18f0e28 100644
588 609
  
589 610
      /*
590 611
       * Return with error if nothing to do.
591
-@@ -1460,16 +1522,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
612
+@@ -1463,16 +1525,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
592 613
       * preference).
593 614
       */
594 615
      ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
@@ -612,7 +633,7 @@ index 461a9debab..8eb18f0e28 100644
612 633
                            &head, &tail);
613 634
  
614 635
      /*
615
-@@ -1478,13 +1540,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
636
+@@ -1481,13 +1543,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
616 637
       * strength.
617 638
       */
618 639
      ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
@@ -629,7 +650,7 @@ index 461a9debab..8eb18f0e28 100644
629 650
                            &tail);
630 651
  
631 652
      /*
632
-@@ -1492,16 +1554,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
653
+@@ -1495,16 +1557,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
633 654
       * disabled. (For applications that allow them, they aren't too bad, but
634 655
       * we prefer authenticated ciphers.)
635 656
       */
@@ -650,7 +671,7 @@ index 461a9debab..8eb18f0e28 100644
650 671
                            &tail);
651 672
  
652 673
      /*
653
-@@ -1517,7 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
674
+@@ -1520,7 +1582,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
654 675
       * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
655 676
       * TODO(openssl-team): is there an easier way to accomplish all this?
656 677
       */
@@ -659,7 +680,7 @@ index 461a9debab..8eb18f0e28 100644
659 680
                            &head, &tail);
660 681
  
661 682
      /*
662
-@@ -1533,15 +1595,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
683
+@@ -1536,15 +1598,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
663 684
       * Because we now bump ciphers to the top of the list, we proceed in
664 685
       * reverse order of preference.
665 686
       */
@@ -682,7 +703,7 @@ index 461a9debab..8eb18f0e28 100644
682 703
  
683 704
      /*
684 705
       * We also need cipher aliases for selecting based on the rule_str.
685
-@@ -1555,9 +1620,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
706
+@@ -1558,9 +1623,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
686 707
      num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
687 708
      ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
688 709
      if (ca_list == NULL) {
@@ -693,7 +714,7 @@ index 461a9debab..8eb18f0e28 100644
693 714
      }
694 715
      ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
695 716
                                 disabled_mkey, disabled_auth, disabled_enc,
696
-@@ -1582,28 +1646,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
717
+@@ -1585,28 +1649,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
697 718
  
698 719
      OPENSSL_free(ca_list);      /* Not needed anymore */
699 720
  
@@ -727,26 +748,25 @@ index 461a9debab..8eb18f0e28 100644
727 748
 +    if (!in_group_flags)
728 749
 +        goto err;
729 750
  
730
-     /*
731
-      * The cipher selection for the list is done. The ciphers are added
732
-@@ -1611,26 +1666,50 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
733
-      */
751
+     OSSL_TRACE_BEGIN(TLS_CIPHER) {
752
+         BIO_printf(trc_out, "cipher selection:\n");
753
+@@ -1618,11 +1673,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
734 754
      for (curr = head; curr != NULL; curr = curr->next) {
735 755
          if (curr->active) {
736
--            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
756
+             if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
737 757
 -                OPENSSL_free(co_list);
738 758
 -                sk_SSL_CIPHER_free(cipherstack);
759
+                 OSSL_TRACE_CANCEL(TLS_CIPHER);
739 760
 -                return NULL;
740
--            }
741
-+            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher))
742 761
 +                goto err;
762
+             }
743 763
 +            in_group_flags[num_in_group_flags++] = curr->in_group;
744
- #ifdef CIPHER_DEBUG
745
-             fprintf(stderr, "<%s>\n", curr->cipher->name);
746
- #endif
764
+             if (trc_out != NULL)
765
+                 BIO_printf(trc_out, "<%s>\n", curr->cipher->name);
747 766
          }
748
-     }
749
--    OPENSSL_free(co_list);      /* Not needed any longer */
767
+@@ -1630,14 +1684,39 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
768
+     OPENSSL_free(co_list);      /* Not needed any longer */
769
+     OSSL_TRACE_END(TLS_CIPHER);
750 770
  
751 771
 -    if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
752 772
 -        sk_SSL_CIPHER_free(cipherstack);
@@ -754,9 +774,6 @@ index 461a9debab..8eb18f0e28 100644
754 774
 -    }
755 775
 -    sk_SSL_CIPHER_free(*cipher_list);
756 776
 -    *cipher_list = cipherstack;
757
-+    OPENSSL_free(co_list);      /* Not needed any longer */
758
-+    co_list = NULL;
759
-+
760 777
 +    if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack))
761 778
 +        goto err;
762 779
 +
@@ -789,32 +806,30 @@ index 461a9debab..8eb18f0e28 100644
789 806
 +    if (pref_list)
790 807
 +        OPENSSL_free(pref_list);
791 808
 +    return NULL;
809
++
792 810
  }
793 811
  
794 812
  char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
795 813
 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
796
-index ceae87bbc9..46521b7136 100644
814
+index ceae87bbc9..10836f3667 100644
797 815
 --- a/ssl/ssl_err.c
798 816
 +++ b/ssl/ssl_err.c
799
-@@ -965,6 +965,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
800
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
801
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),
817
+@@ -967,6 +967,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
802 818
      "missing tmp ecdh key"},
819
+     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
820
+     "mixed handshake and non handshake data"},
803 821
 +    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS),
804 822
 +    "mixed special operator with groups"},
805 823
 +    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "nested group"},
806
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
807
-     "mixed handshake and non handshake data"},
808 824
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
809
-@@ -1201,11 +1204,14 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
810
-     "unable to load ssl3 md5 routines"},
811
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
812
-     "unable to load ssl3 sha1 routines"},
813
-+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE), "unexpected group close"},
814
-     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE),
825
+     "not on record boundary"},
826
+     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
827
+@@ -1205,7 +1208,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
815 828
      "unexpected ccs message"},
816 829
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
817 830
      "unexpected end of early data"},
831
++    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE),
832
++    "unexpected group close"},
818 833
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
819 834
 +    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP),
820 835
 +    "unexpected operator in group"},
@@ -822,10 +837,10 @@ index ceae87bbc9..46521b7136 100644
822 837
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
823 838
      {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
824 839
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
825
-index 322a4381b0..ac33c35560 100644
840
+index f63e16b592..9828b43b0c 100644
826 841
 --- a/ssl/ssl_lib.c
827 842
 +++ b/ssl/ssl_lib.c
828
-@@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
843
+@@ -1120,6 +1120,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
829 844
      return X509_VERIFY_PARAM_set1(ssl->param, vpm);
830 845
  }
831 846
  
@@ -897,7 +912,7 @@ index 322a4381b0..ac33c35560 100644
897 912
  X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
898 913
  {
899 914
      return ctx->param;
900
-@@ -1163,7 +1228,8 @@ void SSL_free(SSL *s)
915
+@@ -1164,7 +1229,8 @@ void SSL_free(SSL *s)
901 916
      BUF_MEM_free(s->init_buf);
902 917
  
903 918
      /* add extra stuff */
@@ -907,7 +922,7 @@ index 322a4381b0..ac33c35560 100644
907 922
      sk_SSL_CIPHER_free(s->cipher_list_by_id);
908 923
      sk_SSL_CIPHER_free(s->tls13_ciphersuites);
909 924
  
910
-@@ -2498,9 +2564,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
925
+@@ -2499,9 +2565,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
911 926
  {
912 927
      if (s != NULL) {
913 928
          if (s->cipher_list != NULL) {
@@ -919,7 +934,7 @@ index 322a4381b0..ac33c35560 100644
919 934
          }
920 935
      }
921 936
      return NULL;
922
-@@ -2574,8 +2640,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
937
+@@ -2575,29 +2641,22 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
923 938
   * preference */
924 939
  STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
925 940
  {
@@ -930,7 +945,31 @@ index 322a4381b0..ac33c35560 100644
930 945
      return NULL;
931 946
  }
932 947
  
933
-@@ -3026,7 +3092,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
948
+ /*
949
+  * Distinguish between ciphers controlled by set_ciphersuite() and
950
+  * set_cipher_list() when counting.
951
++ * Enabled "TLS13+AESGCM+AES128" or the others.
952
+  */
953
+ static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
954
+ {
955
+-    int i, num = 0;
956
+-    const SSL_CIPHER *c;
957
+-
958
+     if (sk == NULL)
959
+         return 0;
960
+-    for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
961
+-        c = sk_SSL_CIPHER_value(sk, i);
962
+-        if (c->min_tls >= TLS1_3_VERSION)
963
+-            continue;
964
+-        num++;
965
+-    }
966
+-    return num;
967
++    else
968
++        return sk_SSL_CIPHER_num(sk);
969
+ }
970
+ 
971
+ /** specify the ciphers to be used by default by the SSL_CTX */
972
+@@ -3027,7 +3086,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
934 973
                                  ret->tls13_ciphersuites,
935 974
                                  &ret->cipher_list, &ret->cipher_list_by_id,
936 975
                                  SSL_DEFAULT_CIPHER_LIST, ret->cert)
@@ -939,7 +978,7 @@ index 322a4381b0..ac33c35560 100644
939 978
          SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
940 979
          goto err2;
941 980
      }
942
-@@ -3202,7 +3268,7 @@ void SSL_CTX_free(SSL_CTX *a)
981
+@@ -3203,7 +3262,7 @@ void SSL_CTX_free(SSL_CTX *a)
943 982
  #ifndef OPENSSL_NO_CT
944 983
      CTLOG_STORE_free(a->ctlog_store);
945 984
  #endif
@@ -948,7 +987,7 @@ index 322a4381b0..ac33c35560 100644
948 987
      sk_SSL_CIPHER_free(a->cipher_list_by_id);
949 988
      sk_SSL_CIPHER_free(a->tls13_ciphersuites);
950 989
      ssl_cert_free(a->cert);
951
-@@ -3880,13 +3946,15 @@ SSL *SSL_dup(SSL *s)
990
+@@ -3879,13 +3938,15 @@ SSL *SSL_dup(SSL *s)
952 991
  
953 992
      /* dup the cipher_list and cipher_list_by_id stacks */
954 993
      if (s->cipher_list != NULL) {
@@ -969,10 +1008,10 @@ index 322a4381b0..ac33c35560 100644
969 1008
      /* Dup the client_CA list */
970 1009
      if (!dup_ca_names(&ret->ca_names, s->ca_names)
971 1010
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
972
-index ae6417b592..9f839acc74 100644
1011
+index 1d3397d880..265c32d15e 100644
973 1012
 --- a/ssl/ssl_locl.h
974 1013
 +++ b/ssl/ssl_locl.h
975
-@@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st {
1014
+@@ -744,9 +744,46 @@ typedef struct ssl_ctx_ext_secure_st {
976 1015
      unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
977 1016
  } SSL_CTX_EXT_SECURE;
978 1017
  
@@ -1020,7 +1059,7 @@ index ae6417b592..9f839acc74 100644
1020 1059
      /* same as above but sorted for lookup */
1021 1060
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1022 1061
      /* TLSv1.3 specific ciphersuites */
1023
-@@ -1146,7 +1183,7 @@ struct ssl_st {
1062
+@@ -1145,7 +1182,7 @@ struct ssl_st {
1024 1063
      /* Per connection DANE state */
1025 1064
      SSL_DANE dane;
1026 1065
      /* crypto */
@@ -1029,7 +1068,7 @@ index ae6417b592..9f839acc74 100644
1029 1068
      STACK_OF(SSL_CIPHER) *cipher_list_by_id;
1030 1069
      /* TLSv1.3 specific ciphersuites */
1031 1070
      STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
1032
-@@ -2275,7 +2312,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1071
+@@ -2278,7 +2315,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
1033 1072
                                   const SSL_CIPHER *const *bp);
1034 1073
  __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1035 1074
                                                      STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@@ -1038,7 +1077,7 @@ index ae6417b592..9f839acc74 100644
1038 1077
                                                      STACK_OF(SSL_CIPHER) **cipher_list_by_id,
1039 1078
                                                      const char *rule_str,
1040 1079
                                                      CERT *c);
1041
-@@ -2285,6 +2322,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1080
+@@ -2288,6 +2325,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
1042 1081
                                  STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
1043 1082
                                  int fatal);
1044 1083
  void ssl_update_cache(SSL *s, int mode);
@@ -1052,7 +1091,7 @@ index ae6417b592..9f839acc74 100644
1052 1091
  __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
1053 1092
                                const EVP_MD **md, int *mac_pkey_type,
1054 1093
                                size_t *mac_secret_size, SSL_COMP **comp,
1055
-@@ -2368,7 +2412,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1094
+@@ -2371,7 +2415,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
1056 1095
                                              CERT_PKEY *cpk);
1057 1096
  __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
1058 1097
                                              STACK_OF(SSL_CIPHER) *clnt,
@@ -1062,10 +1101,10 @@ index ae6417b592..9f839acc74 100644
1062 1101
  __owur int ssl3_new(SSL *s);
1063 1102
  void ssl3_free(SSL *s);
1064 1103
 diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
1065
-index bf1819d356..ebb6224b5e 100644
1104
+index e482e2d074..f81fe86291 100644
1066 1105
 --- a/ssl/statem/statem_srvr.c
1067 1106
 +++ b/ssl/statem/statem_srvr.c
1068
-@@ -1750,7 +1750,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1107
+@@ -1751,7 +1751,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1069 1108
      /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
1070 1109
      if (SSL_IS_TLS13(s)) {
1071 1110
          const SSL_CIPHER *cipher =
@@ -1074,7 +1113,7 @@ index bf1819d356..ebb6224b5e 100644
1074 1113
  
1075 1114
          if (cipher == NULL) {
1076 1115
              SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1077
-@@ -1931,7 +1931,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1116
+@@ -1934,7 +1934,7 @@ static int tls_early_post_process_client_hello(SSL *s)
1078 1117
              /* check if some cipher was preferred by call back */
1079 1118
              if (pref_cipher == NULL)
1080 1119
                  pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@@ -1083,7 +1122,7 @@ index bf1819d356..ebb6224b5e 100644
1083 1122
              if (pref_cipher == NULL) {
1084 1123
                  SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
1085 1124
                           SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
1086
-@@ -1940,8 +1940,9 @@ static int tls_early_post_process_client_hello(SSL *s)
1125
+@@ -1943,8 +1943,9 @@ static int tls_early_post_process_client_hello(SSL *s)
1087 1126
              }
1088 1127
  
1089 1128
              s->session->cipher = pref_cipher;
@@ -1095,7 +1134,7 @@ index bf1819d356..ebb6224b5e 100644
1095 1134
              sk_SSL_CIPHER_free(s->cipher_list_by_id);
1096 1135
              s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
1097 1136
          }
1098
-@@ -2255,7 +2256,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
1137
+@@ -2258,7 +2259,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
1099 1138
              /* In TLSv1.3 we selected the ciphersuite before resumption */
1100 1139
              if (!SSL_IS_TLS13(s)) {
1101 1140
                  cipher =

Loading…
Cancel
Save