jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Latest update (3.0.0-dev)

pull/38/head
Hakase 2020-02-07 01:29:07 +09:00
parent 3495b70412
commit 076468ca4a
No known key found for this signature in database
GPG Key ID: 8382B1500C3C61F5
4 changed files with 263 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -31,7 +31,7 @@ Default support is in bold type.
- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final**
- [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
[Compatible OpenSSL-3.0.0-dev (OpenSSL, 25302 commits)](https://github.com/openssl/openssl/tree/2ee4a50ab92020dc49383d5aa644397edac4a59a)
[Compatible OpenSSL-3.0.0-dev (OpenSSL, 25375 commits)](https://github.com/openssl/openssl/tree/7fa8bcfe4342df41919f5564b315f9c85d0a02d6)
## Patch files

108
openssl-3.0.0-dev-chacha_draft.patch
View File

@ -220,66 +220,66 @@ index b7340b147d..4080db7554 100644
# endif
#endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 80426896ba..c7cab61fe7 100644
index 77b4418cd4..6b3d7f9085 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1088,7 +1088,7 @@ static const unsigned char so[7845] = {
0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x08, /* [ 7836] OBJ_NAIRealm */
};
-#define NUM_NID 1212
+#define NUM_NID 1213
-#define NUM_NID 1218
+#define NUM_NID 1219
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2302,9 +2302,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"id-on-xmppAddr", "XmppAddr", NID_XmppAddr, 8, &so[7820]},
{"id-on-dnsSRV", "SRVName", NID_SRVName, 8, &so[7828]},
{"id-on-NAIRealm", "NAIRealm", NID_NAIRealm, 8, &so[7836]},
@@ -2308,9 +2308,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"modp_4096", "modp_4096", NID_modp_4096},
{"modp_6144", "modp_6144", NID_modp_6144},
{"modp_8192", "modp_8192", NID_modp_8192},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
};
-#define NUM_SN 1203
+#define NUM_SN 1204
-#define NUM_SN 1209
+#define NUM_SN 1210
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@@ -2427,6 +2428,7 @@ static const unsigned int sn_objs[NUM_SN] = {
@@ -2433,6 +2434,7 @@ static const unsigned int sn_objs[NUM_SN] = {
417, /* "CSPName" */
1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */
+ 1212, /* "ChaCha20-Poly1305-D" */
+ 1218, /* "ChaCha20-Poly1305-D" */
367, /* "CrlID" */
391, /* "DC" */
31, /* "DES-CBC" */
@@ -3511,7 +3513,7 @@ static const unsigned int sn_objs[NUM_SN] = {
@@ -3523,7 +3525,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
-#define NUM_LN 1203
+#define NUM_LN 1204
-#define NUM_LN 1209
+#define NUM_LN 1210
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@@ -3900,6 +3902,7 @@ static const unsigned int ln_objs[NUM_LN] = {
@@ -3912,6 +3914,7 @@ static const unsigned int ln_objs[NUM_LN] = {
883, /* "certificateRevocationList" */
1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */
+ 1212, /* "chacha20-poly1305-draft" */
+ 1218, /* "chacha20-poly1305-draft" */
54, /* "challengePassword" */
407, /* "characteristic-two-field" */
395, /* "clearance" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 541bb4eb3f..86e1fe2eae 100644
index 15aa1e9772..6fb028c1e8 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1209,3 +1209,4 @@ id_on_SmtpUTF8Mailbox 1208
XmppAddr 1209
SRVName 1210
NAIRealm 1211
+chacha20_poly1305_draft 1212
@@ -1215,3 +1215,4 @@ modp_3072 1214
modp_4096 1215
modp_6144 1216
modp_8192 1217
+chacha20_poly1305_draft 1218
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 693852aa3c..99b3b39640 100644
index 9819c539b7..bb4a9958d0 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1549,6 +1549,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
@ -291,7 +291,7 @@ index 693852aa3c..99b3b39640 100644
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 181c588f0f..a271b27af8 100644
index 7aa56b3e93..da87052bfa 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -985,6 +985,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
@ -303,7 +303,7 @@ index 181c588f0f..a271b27af8 100644
# endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 5d7611bc25..11a3b6a818 100644
index 0e564ac6d2..3a074d62cb 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4857,6 +4857,10 @@
@ -312,13 +312,13 @@ index 5d7611bc25..11a3b6a818 100644
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1212
+#define NID_chacha20_poly1305_draft 1218
+
#define SN_chacha20 "ChaCha20"
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 3b52f86412..e37959c22b 100644
index c1b6b8e5dc..4f1717c14d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -131,6 +131,7 @@ extern "C" {
@ -330,10 +330,10 @@ index 3b52f86412..e37959c22b 100644
# define SSL_TXT_ARIA "ARIA"
# define SSL_TXT_ARIA_GCM "ARIAGCM"
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 9a1683e0fd..552eec1f25 100644
index 9181e0d2c1..0244b1ab99 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -573,7 +573,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -578,7 +578,12 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B
@ -347,7 +347,7 @@ index 9a1683e0fd..552eec1f25 100644
# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8
# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9
# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA
@@ -738,6 +743,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -743,6 +748,9 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
@ -357,7 +357,7 @@ index 9a1683e0fd..552eec1f25 100644
# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
@@ -1066,7 +1074,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -1071,7 +1079,12 @@ int SSL_CTX_set_tlsext_ticket_key_evp_cb
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384"
@ -372,7 +372,7 @@ index 9a1683e0fd..552eec1f25 100644
# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 745bccc836..9c95f968b3 100644
index 706290be9b..9733581b0c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2083,6 +2083,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
@ -431,28 +431,18 @@ index 745bccc836..9c95f968b3 100644
1,
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index f9fbc5954f..4852097796 100644
index 64c791636a..55f744dc53 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -44,7 +44,8 @@
#define SSL_ENC_CHACHA_IDX 19
#define SSL_ENC_ARIA128GCM_IDX 20
#define SSL_ENC_ARIA256GCM_IDX 21
-#define SSL_ENC_NUM_IDX 22
+#define SSL_ENC_CHACHA20_D_IDX 22
+#define SSL_ENC_NUM_IDX 23
/* NB: make sure indices in these tables match values above */
@@ -77,6 +78,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
@@ -53,6 +53,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
{SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
{SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
+ {SSL_CHACHA20POLY1305_D, NID_chacha20_poly1305_draft}, /* SSL_ENC_CHACHA20POLY1305_IDX 22 */
};
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
@@ -276,6 +278,7 @@ static const SSL_CIPHER cipher_aliases[] = {
#define SSL_COMP_NULL_IDX 0
@@ -237,6 +238,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
{0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
{0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
@ -460,7 +450,7 @@ index f9fbc5954f..4852097796 100644
{0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
{0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
@@ -1797,6 +1800,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
@@ -1776,6 +1778,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_CHACHA20POLY1305:
enc = "CHACHA20/POLY1305(256)";
break;
@ -470,7 +460,7 @@ index f9fbc5954f..4852097796 100644
default:
enc = "unknown";
break;
@@ -2116,7 +2122,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
@@ -2095,7 +2100,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
} else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
@ -480,7 +470,7 @@ index f9fbc5954f..4852097796 100644
} else if (c->algorithm_mac & SSL_AEAD) {
/* We're supposed to have handled all the AEAD modes above */
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 43b0623a0b..ed6c0ef06e 100644
index 31c01328ce..d9aee332f1 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -234,12 +234,13 @@
@ -498,12 +488,22 @@ index 43b0623a0b..ed6c0ef06e 100644
# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM)
# define SSL_ARIA (SSL_ARIAGCM)
@@ -413,7 +414,8 @@
# define SSL_ENC_CHACHA_IDX 19
# define SSL_ENC_ARIA128GCM_IDX 20
# define SSL_ENC_ARIA256GCM_IDX 21
-# define SSL_ENC_NUM_IDX 22
+# define SSL_ENC_CHACHA20_D_IDX 22
+# define SSL_ENC_NUM_IDX 23
/*-
* SSL_kRSA <- RSA_ENC
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 64b2ed277c..83656b2367 100644
index dc6515cfc9..8d8fc45acf 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4915,3 +4915,4 @@ RAND_bytes_ex ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_get_default_digest_name ? 3_0_0 EXIST::FUNCTION:
PKCS8_pkey_add1_attr ? 3_0_0 EXIST::FUNCTION:
PKCS8_pkey_add1_attr_by_OBJ ? 3_0_0 EXIST::FUNCTION:
@@ -4918,3 +4918,4 @@ PKCS8_pkey_add1_attr_by_OBJ ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_private_check ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_pairwise_check ? 3_0_0 EXIST::FUNCTION:
ASN1_item_verify_ctx ? 3_0_0 EXIST::FUNCTION:
+EVP_chacha20_poly1305_draft ? 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305

181
openssl-equal-3.0.0-dev.patch
View File

@ -1,23 +1,38 @@
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 70dca14925..6acd341452 100644
index b59c8ba1c6..78f6009efd 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -3067,6 +3067,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
@@ -1824,13 +1824,13 @@ X509V3_F_X509_PURPOSE_SET:141:X509_PURPOSE_set
X509_F_ADD_CERT_DIR:100:add_cert_dir
X509_F_BUILD_CHAIN:106:build_chain
X509_F_BY_FILE_CTRL:101:by_file_ctrl
+X509_F_CACHE_OBJECTS:163:cache_objects
X509_F_CHECK_NAME_CONSTRAINTS:149:check_name_constraints
X509_F_CHECK_POLICY:145:check_policy
X509_F_COMMON_VERIFY_SM2:165:common_verify_sm2
X509_F_DANE_I2D:107:dane_i2d
X509_F_DIR_CTRL:102:dir_ctrl
X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject
-X509_F_CACHE_OBJECTS:163:cache_objects
X509_F_I2D_X509_AUX:151:i2d_X509_AUX
X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk
X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode
@@ -3068,6 +3068,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
mixed handshake and non handshake data
+SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:294:mixed special operator with groups
+SSL_R_NESTED_GROUP:295:nested group
+SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:295:mixed special operator with groups
+SSL_R_NESTED_GROUP:296:nested group
SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
SSL_R_NOT_SERVER:284:not server
@@ -3173,7 +3175,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
@@ -3175,7 +3177,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_GROUP_CLOSE:296:unexpected group close
SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
+SSL_R_UNEXPECTED_GROUP_CLOSE:297:unexpected group close
SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
+SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:297:unexpected operator in group
+SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:299:unexpected operator in group
SSL_R_UNEXPECTED_RECORD:245:unexpected record
SSL_R_UNINITIALIZED:276:uninitialized
SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
@ -48,30 +63,43 @@ index 8ba80ba15d..fcda3998bf 100644
The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 3f1c851349..e131c087a3 100644
index 25e304ed10..2d3418f595 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -609,6 +609,8 @@ int ERR_load_SSL_strings(void);
@@ -10,12 +10,6 @@
#ifndef OPENSSL_SSLERR_H
# define OPENSSL_SSLERR_H
-# pragma once
-
-# include <openssl/macros.h>
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-# define HEADER_SSLERR_H
-# endif
# include <openssl/opensslconf.h>
# include <openssl/symhacks.h>
@@ -609,6 +603,8 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 294
+# define SSL_R_NESTED_GROUP 295
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 295
+# define SSL_R_NESTED_GROUP 296
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182
# define SSL_R_NOT_REPLACING_CERTIFICATE 289
# define SSL_R_NOT_SERVER 284
@@ -739,7 +741,9 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
@@ -740,7 +736,9 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 296
# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 297
# define SSL_R_UNEXPECTED_MESSAGE 244
+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 297
+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 299
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 15aeae365e..c919a6b160 100644
index 706290be9b..fbc13c5a05 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -168,7 +168,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
@ -101,7 +129,7 @@ index 15aeae365e..c919a6b160 100644
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -4111,6 +4111,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -4124,6 +4124,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
return 1;
}
@ -119,7 +147,7 @@ index 15aeae365e..c919a6b160 100644
/*
* ssl3_choose_cipher - choose a cipher from those offered by the client
* @s: SSL connection
@@ -4120,16 +4131,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -4133,15 +4144,23 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
* Returns the selected cipher or NULL when no common ciphers.
*/
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@ -133,7 +161,6 @@ index 15aeae365e..c919a6b160 100644
+ STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
+ int i, ii, ok, prefer_sha256 = 0, safari_ec = 0;
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
const EVP_MD *mdsha256 = EVP_sha256();
-#ifndef OPENSSL_NO_CHACHA
- STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
-#endif
@ -150,7 +177,7 @@ index 15aeae365e..c919a6b160 100644
/* Let's see which ciphers we can support */
@@ -4156,54 +4175,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4168,54 +4187,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
} OSSL_TRACE_END(TLS_CIPHER);
/* SUITE-B takes precedence over server preference and ChaCha priortiy */
@ -208,7 +235,7 @@ index 15aeae365e..c919a6b160 100644
allow = srvr;
}
@@ -4234,14 +4212,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4246,14 +4224,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
@ -227,7 +254,7 @@ index 15aeae365e..c919a6b160 100644
/*
* Since TLS 1.3 ciphersuites can be used with any auth or
@@ -4263,10 +4243,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4275,10 +4255,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
@ -240,7 +267,7 @@ index 15aeae365e..c919a6b160 100644
OSSL_TRACE7(TLS_CIPHER,
"%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
@@ -4282,6 +4262,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4294,6 +4274,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ok)
continue;
@ -255,7 +282,7 @@ index 15aeae365e..c919a6b160 100644
}
ii = sk_SSL_CIPHER_find(allow, c);
if (ii >= 0) {
@@ -4289,14 +4277,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4301,14 +4289,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
c->strength_bits, 0, (void *)c))
continue;
@ -271,7 +298,7 @@ index 15aeae365e..c919a6b160 100644
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
@@ -4308,13 +4289,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4325,13 +4306,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
ret = tmp;
continue;
}
@ -315,10 +342,10 @@ index 15aeae365e..c919a6b160 100644
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index f9fbc5954f..0a3f88d61d 100644
index 64c791636a..2317b9e495 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -193,6 +193,7 @@ typedef struct cipher_order_st {
@@ -154,6 +154,7 @@ typedef struct cipher_order_st {
const SSL_CIPHER *cipher;
int active;
int dead;
@ -326,7 +353,7 @@ index f9fbc5954f..0a3f88d61d 100644
struct cipher_order_st *next, *prev;
} CIPHER_ORDER;
@@ -297,6 +298,7 @@ static const SSL_CIPHER cipher_aliases[] = {
@@ -258,6 +259,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
@ -334,7 +361,7 @@ index f9fbc5954f..0a3f88d61d 100644
/* strength classes */
{0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
@@ -680,6 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
@@ -659,6 +661,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].next = NULL;
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
@ -342,7 +369,7 @@ index f9fbc5954f..0a3f88d61d 100644
co_list_num++;
}
@@ -773,8 +776,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -752,8 +755,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
uint32_t alg_auth, uint32_t alg_enc,
uint32_t alg_mac, int min_tls,
uint32_t algo_strength, int rule,
@ -353,7 +380,7 @@ index f9fbc5954f..0a3f88d61d 100644
{
CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp;
@@ -782,9 +785,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -761,9 +764,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
OSSL_TRACE_BEGIN(TLS_CIPHER){
BIO_printf(trc_out,
@ -365,7 +392,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
@@ -861,6 +864,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -840,6 +843,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
if (!curr->active) {
ll_append_tail(&head, curr, &tail);
curr->active = 1;
@ -373,7 +400,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
}
/* Move the added cipher to this location */
@@ -868,6 +872,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -847,6 +851,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
/* reverse == 0 */
if (curr->active) {
ll_append_tail(&head, curr, &tail);
@ -381,7 +408,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
} else if (rule == CIPHER_DEL) {
/* reverse == 1 */
@@ -879,6 +884,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -858,6 +863,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
*/
ll_append_head(&head, curr, &tail);
curr->active = 0;
@ -389,7 +416,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
} else if (rule == CIPHER_BUMP) {
if (curr->active)
@@ -948,8 +954,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
@@ -927,8 +933,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
*/
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
@ -400,7 +427,7 @@ index f9fbc5954f..0a3f88d61d 100644
OPENSSL_free(number_uses);
return 1;
@@ -963,7 +969,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -942,7 +948,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
int min_tls;
const char *l, *buf;
@ -409,7 +436,7 @@ index f9fbc5954f..0a3f88d61d 100644
uint32_t cipher_id = 0;
char ch;
@@ -974,18 +980,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -953,18 +959,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (ch == '\0')
break; /* done */
@ -477,7 +504,7 @@ index f9fbc5954f..0a3f88d61d 100644
} else {
rule = CIPHER_ADD;
}
@@ -1010,7 +1064,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -989,7 +1043,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) ||
@ -486,7 +513,7 @@ index f9fbc5954f..0a3f88d61d 100644
#else
while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
|| (ch == '='))
@@ -1027,7 +1081,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -1006,7 +1060,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* alphanumeric, so we call this an error.
*/
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
@ -495,7 +522,7 @@ index f9fbc5954f..0a3f88d61d 100644
l++;
break;
}
@@ -1206,8 +1260,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -1185,8 +1239,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
} else if (found) {
ssl_cipher_apply_rule(cipher_id,
alg_mkey, alg_auth, alg_enc, alg_mac,
@ -506,7 +533,7 @@ index f9fbc5954f..0a3f88d61d 100644
} else {
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
@@ -1216,6 +1270,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -1195,6 +1249,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
break; /* done */
}
@ -518,7 +545,7 @@ index f9fbc5954f..0a3f88d61d 100644
return retval;
}
@@ -1379,7 +1438,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
@@ -1358,7 +1417,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
if (ret && ctx->cipher_list != NULL)
@ -527,7 +554,7 @@ index f9fbc5954f..0a3f88d61d 100644
ctx->tls13_ciphersuites);
return ret;
@@ -1392,10 +1451,10 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
@@ -1371,10 +1430,10 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
if (s->cipher_list == NULL) {
if ((cipher_list = SSL_get_ciphers(s)) != NULL)
@ -540,7 +567,7 @@ index f9fbc5954f..0a3f88d61d 100644
s->tls13_ciphersuites);
return ret;
@@ -1403,17 +1462,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
@@ -1382,17 +1441,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -564,7 +591,7 @@ index f9fbc5954f..0a3f88d61d 100644
/*
* Return with error if nothing to do.
@@ -1462,16 +1524,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1441,16 +1503,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* preference).
*/
ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
@ -588,7 +615,7 @@ index f9fbc5954f..0a3f88d61d 100644
&head, &tail);
/*
@@ -1480,13 +1542,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1459,13 +1521,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* strength.
*/
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
@ -605,7 +632,7 @@ index f9fbc5954f..0a3f88d61d 100644
&tail);
/*
@@ -1494,16 +1556,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1473,16 +1535,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* disabled. (For applications that allow them, they aren't too bad, but
* we prefer authenticated ciphers.)
*/
@ -626,7 +653,7 @@ index f9fbc5954f..0a3f88d61d 100644
&tail);
/*
@@ -1519,7 +1581,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1498,7 +1560,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
* TODO(openssl-team): is there an easier way to accomplish all this?
*/
@ -635,7 +662,7 @@ index f9fbc5954f..0a3f88d61d 100644
&head, &tail);
/*
@@ -1535,15 +1597,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1514,15 +1576,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Because we now bump ciphers to the top of the list, we proceed in
* reverse order of preference.
*/
@ -658,7 +685,7 @@ index f9fbc5954f..0a3f88d61d 100644
/*
* We also need cipher aliases for selecting based on the rule_str.
@@ -1557,9 +1622,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1536,9 +1601,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
@ -669,7 +696,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1584,28 +1648,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1563,28 +1627,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
OPENSSL_free(ca_list); /* Not needed anymore */
@ -705,7 +732,7 @@ index f9fbc5954f..0a3f88d61d 100644
OSSL_TRACE_BEGIN(TLS_CIPHER) {
BIO_printf(trc_out, "cipher selection:\n");
@@ -1617,26 +1672,51 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1596,26 +1651,51 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
for (curr = head; curr != NULL; curr = curr->next) {
if (curr->active) {
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
@ -767,7 +794,7 @@ index f9fbc5954f..0a3f88d61d 100644
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index fc81948815..b703f8c8ad 100644
index 517e90c141..7f578a25ff 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -255,6 +255,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
@ -780,10 +807,10 @@ index fc81948815..b703f8c8ad 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
"not on record boundary"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
@@ -489,7 +492,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"unexpected ccs message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
@@ -491,7 +494,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"unexpected end of early data"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
"unexpected eof while reading"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE),
+ "unexpected group close"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
@ -793,7 +820,7 @@ index fc81948815..b703f8c8ad 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 384c28e76b..f2e79fb94d 100644
index 977b599055..474a32e085 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1127,6 +1127,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@ -901,7 +928,7 @@ index 384c28e76b..f2e79fb94d 100644
return NULL;
}
@@ -3099,7 +3165,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
@@ -3157,7 +3223,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
OSSL_default_cipher_list(), ret->cert)
@ -910,7 +937,7 @@ index 384c28e76b..f2e79fb94d 100644
SSLerr(0, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -3280,7 +3346,7 @@ void SSL_CTX_free(SSL_CTX *a)
@@ -3336,7 +3402,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store);
#endif
@ -919,7 +946,7 @@ index 384c28e76b..f2e79fb94d 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
@@ -3958,13 +4024,15 @@ SSL *SSL_dup(SSL *s)
@@ -4022,13 +4088,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) {
@ -940,12 +967,12 @@ index 384c28e76b..f2e79fb94d 100644
/* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 14515cadfe..3f6d134d16 100644
index 31c01328ce..587c40df36 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -737,11 +737,48 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE;
@@ -789,11 +789,48 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len,
size_t max_size);
size_t ssl_hmac_size(const SSL_HMAC *ctx);
+/* ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with
+ * equal-preference groups. For TLS clients, the groups are moot because the
@ -993,7 +1020,7 @@ index 14515cadfe..3f6d134d16 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1318,7 +1355,7 @@ struct ssl_st {
@@ -1380,7 +1417,7 @@ struct ssl_st {
SSL_DANE dane;
/* crypto */
STACK_OF(SSL_CIPHER) *peer_ciphers;
@ -1002,7 +1029,7 @@ index 14515cadfe..3f6d134d16 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2291,7 +2328,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
@@ -2353,7 +2390,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1011,7 +1038,7 @@ index 14515cadfe..3f6d134d16 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
@@ -2301,6 +2338,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
@@ -2363,6 +2400,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
@ -1022,10 +1049,10 @@ index 14515cadfe..3f6d134d16 100644
+struct ssl_cipher_preference_list_st* ssl_cipher_preference_list_from_ciphers(
+ STACK_OF(SSL_CIPHER) *ciphers);
+struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s);
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp,
@@ -2386,7 +2430,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
__owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s,
const EVP_CIPHER **enc, const EVP_MD **md,
int *mac_pkey_type, size_t *mac_secret_size,
@@ -2448,7 +2492,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt,
@ -1035,10 +1062,10 @@ index 14515cadfe..3f6d134d16 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index c744bf64eb..b937bbddd7 100644
index ab032ae956..433f2fa2bf 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1765,7 +1765,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1764,7 +1764,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
if (SSL_IS_TLS13(s)) {
const SSL_CIPHER *cipher =
@ -1047,7 +1074,7 @@ index c744bf64eb..b937bbddd7 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@@ -1948,7 +1948,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1947,7 +1947,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* check if some cipher was preferred by call back */
if (pref_cipher == NULL)
pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers,
@ -1056,7 +1083,7 @@ index c744bf64eb..b937bbddd7 100644
if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@@ -1957,8 +1957,9 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1956,8 +1956,9 @@ static int tls_early_post_process_client_hello(SSL *s)
}
s->session->cipher = pref_cipher;
@ -1068,7 +1095,7 @@ index c744bf64eb..b937bbddd7 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers);
}
@@ -2270,7 +2271,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
@@ -2269,7 +2270,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) {
cipher =

181
openssl-equal-3.0.0-dev_ciphers.patch
View File

@ -1,23 +1,38 @@
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 70dca14925..6acd341452 100644
index b59c8ba1c6..78f6009efd 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -3067,6 +3067,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
@@ -1824,13 +1824,13 @@ X509V3_F_X509_PURPOSE_SET:141:X509_PURPOSE_set
X509_F_ADD_CERT_DIR:100:add_cert_dir
X509_F_BUILD_CHAIN:106:build_chain
X509_F_BY_FILE_CTRL:101:by_file_ctrl
+X509_F_CACHE_OBJECTS:163:cache_objects
X509_F_CHECK_NAME_CONSTRAINTS:149:check_name_constraints
X509_F_CHECK_POLICY:145:check_policy
X509_F_COMMON_VERIFY_SM2:165:common_verify_sm2
X509_F_DANE_I2D:107:dane_i2d
X509_F_DIR_CTRL:102:dir_ctrl
X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject
-X509_F_CACHE_OBJECTS:163:cache_objects
X509_F_I2D_X509_AUX:151:i2d_X509_AUX
X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk
X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode
@@ -3068,6 +3068,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
mixed handshake and non handshake data
+SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:294:mixed special operator with groups
+SSL_R_NESTED_GROUP:295:nested group
+SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:295:mixed special operator with groups
+SSL_R_NESTED_GROUP:296:nested group
SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
SSL_R_NOT_SERVER:284:not server
@@ -3173,7 +3175,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
@@ -3175,7 +3177,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_GROUP_CLOSE:296:unexpected group close
SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
+SSL_R_UNEXPECTED_GROUP_CLOSE:297:unexpected group close
SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
+SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:297:unexpected operator in group
+SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:299:unexpected operator in group
SSL_R_UNEXPECTED_RECORD:245:unexpected record
SSL_R_UNINITIALIZED:276:uninitialized
SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
@ -48,30 +63,43 @@ index 8ba80ba15d..fcda3998bf 100644
The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 3f1c851349..e131c087a3 100644
index 25e304ed10..2d3418f595 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -609,6 +609,8 @@ int ERR_load_SSL_strings(void);
@@ -10,12 +10,6 @@
#ifndef OPENSSL_SSLERR_H
# define OPENSSL_SSLERR_H
-# pragma once
-
-# include <openssl/macros.h>
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-# define HEADER_SSLERR_H
-# endif
# include <openssl/opensslconf.h>
# include <openssl/symhacks.h>
@@ -609,6 +603,8 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 294
+# define SSL_R_NESTED_GROUP 295
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 295
+# define SSL_R_NESTED_GROUP 296
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182
# define SSL_R_NOT_REPLACING_CERTIFICATE 289
# define SSL_R_NOT_SERVER 284
@@ -739,7 +741,9 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
@@ -740,7 +736,9 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 296
# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 297
# define SSL_R_UNEXPECTED_MESSAGE 244
+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 297
+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 299
# define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 15aeae365e..5644795c29 100644
index 706290be9b..6f8361037b 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -32,7 +32,25 @@ const unsigned char tls12downgrade[] = {
@ -177,7 +205,7 @@ index 15aeae365e..5644795c29 100644
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -4111,6 +4117,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -4124,6 +4130,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
return 1;
}
@ -195,7 +223,7 @@ index 15aeae365e..5644795c29 100644
/*
* ssl3_choose_cipher - choose a cipher from those offered by the client
* @s: SSL connection
@@ -4120,16 +4137,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -4133,15 +4150,23 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
* Returns the selected cipher or NULL when no common ciphers.
*/
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@ -209,7 +237,6 @@ index 15aeae365e..5644795c29 100644
+ STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
+ int i, ii, ok, prefer_sha256 = 0, safari_ec = 0;
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
const EVP_MD *mdsha256 = EVP_sha256();
-#ifndef OPENSSL_NO_CHACHA
- STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
-#endif
@ -226,7 +253,7 @@ index 15aeae365e..5644795c29 100644
/* Let's see which ciphers we can support */
@@ -4156,54 +4181,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4168,54 +4193,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
} OSSL_TRACE_END(TLS_CIPHER);
/* SUITE-B takes precedence over server preference and ChaCha priortiy */
@ -284,7 +311,7 @@ index 15aeae365e..5644795c29 100644
allow = srvr;
}
@@ -4234,14 +4218,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4246,14 +4230,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
@ -303,7 +330,7 @@ index 15aeae365e..5644795c29 100644
/*
* Since TLS 1.3 ciphersuites can be used with any auth or
@@ -4263,10 +4249,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4275,10 +4261,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
@ -316,7 +343,7 @@ index 15aeae365e..5644795c29 100644
OSSL_TRACE7(TLS_CIPHER,
"%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
@@ -4282,6 +4268,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4294,6 +4280,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ok)
continue;
@ -331,7 +358,7 @@ index 15aeae365e..5644795c29 100644
}
ii = sk_SSL_CIPHER_find(allow, c);
if (ii >= 0) {
@@ -4289,14 +4283,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4301,14 +4295,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
c->strength_bits, 0, (void *)c))
continue;
@ -347,7 +374,7 @@ index 15aeae365e..5644795c29 100644
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
@@ -4308,13 +4295,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4325,13 +4312,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
ret = tmp;
continue;
}
@ -391,10 +418,10 @@ index 15aeae365e..5644795c29 100644
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index f9fbc5954f..0a3f88d61d 100644
index 64c791636a..2317b9e495 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -193,6 +193,7 @@ typedef struct cipher_order_st {
@@ -154,6 +154,7 @@ typedef struct cipher_order_st {
const SSL_CIPHER *cipher;
int active;
int dead;
@ -402,7 +429,7 @@ index f9fbc5954f..0a3f88d61d 100644
struct cipher_order_st *next, *prev;
} CIPHER_ORDER;
@@ -297,6 +298,7 @@ static const SSL_CIPHER cipher_aliases[] = {
@@ -258,6 +259,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
@ -410,7 +437,7 @@ index f9fbc5954f..0a3f88d61d 100644
/* strength classes */
{0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
@@ -680,6 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
@@ -659,6 +661,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].next = NULL;
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
@ -418,7 +445,7 @@ index f9fbc5954f..0a3f88d61d 100644
co_list_num++;
}
@@ -773,8 +776,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -752,8 +755,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
uint32_t alg_auth, uint32_t alg_enc,
uint32_t alg_mac, int min_tls,
uint32_t algo_strength, int rule,
@ -429,7 +456,7 @@ index f9fbc5954f..0a3f88d61d 100644
{
CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp;
@@ -782,9 +785,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -761,9 +764,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
OSSL_TRACE_BEGIN(TLS_CIPHER){
BIO_printf(trc_out,
@ -441,7 +468,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
@@ -861,6 +864,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -840,6 +843,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
if (!curr->active) {
ll_append_tail(&head, curr, &tail);
curr->active = 1;
@ -449,7 +476,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
}
/* Move the added cipher to this location */
@@ -868,6 +872,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -847,6 +851,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
/* reverse == 0 */
if (curr->active) {
ll_append_tail(&head, curr, &tail);
@ -457,7 +484,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
} else if (rule == CIPHER_DEL) {
/* reverse == 1 */
@@ -879,6 +884,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
@@ -858,6 +863,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
*/
ll_append_head(&head, curr, &tail);
curr->active = 0;
@ -465,7 +492,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
} else if (rule == CIPHER_BUMP) {
if (curr->active)
@@ -948,8 +954,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
@@ -927,8 +933,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
*/
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
@ -476,7 +503,7 @@ index f9fbc5954f..0a3f88d61d 100644
OPENSSL_free(number_uses);
return 1;
@@ -963,7 +969,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -942,7 +948,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
int min_tls;
const char *l, *buf;
@ -485,7 +512,7 @@ index f9fbc5954f..0a3f88d61d 100644
uint32_t cipher_id = 0;
char ch;
@@ -974,18 +980,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -953,18 +959,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (ch == '\0')
break; /* done */
@ -553,7 +580,7 @@ index f9fbc5954f..0a3f88d61d 100644
} else {
rule = CIPHER_ADD;
}
@@ -1010,7 +1064,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -989,7 +1043,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) ||
@ -562,7 +589,7 @@ index f9fbc5954f..0a3f88d61d 100644
#else
while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
|| (ch == '='))
@@ -1027,7 +1081,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -1006,7 +1060,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* alphanumeric, so we call this an error.
*/
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
@ -571,7 +598,7 @@ index f9fbc5954f..0a3f88d61d 100644
l++;
break;
}
@@ -1206,8 +1260,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -1185,8 +1239,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
} else if (found) {
ssl_cipher_apply_rule(cipher_id,
alg_mkey, alg_auth, alg_enc, alg_mac,
@ -582,7 +609,7 @@ index f9fbc5954f..0a3f88d61d 100644
} else {
while ((*l != '\0') && !ITEM_SEP(*l))
l++;
@@ -1216,6 +1270,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
@@ -1195,6 +1249,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
break; /* done */
}
@ -594,7 +621,7 @@ index f9fbc5954f..0a3f88d61d 100644
return retval;
}
@@ -1379,7 +1438,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
@@ -1358,7 +1417,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
if (ret && ctx->cipher_list != NULL)
@ -603,7 +630,7 @@ index f9fbc5954f..0a3f88d61d 100644
ctx->tls13_ciphersuites);
return ret;
@@ -1392,10 +1451,10 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
@@ -1371,10 +1430,10 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
if (s->cipher_list == NULL) {
if ((cipher_list = SSL_get_ciphers(s)) != NULL)
@ -616,7 +643,7 @@ index f9fbc5954f..0a3f88d61d 100644
s->tls13_ciphersuites);
return ret;
@@ -1403,17 +1462,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
@@ -1382,17 +1441,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -640,7 +667,7 @@ index f9fbc5954f..0a3f88d61d 100644
/*
* Return with error if nothing to do.
@@ -1462,16 +1524,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1441,16 +1503,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* preference).
*/
ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
@ -664,7 +691,7 @@ index f9fbc5954f..0a3f88d61d 100644
&head, &tail);
/*
@@ -1480,13 +1542,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1459,13 +1521,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* strength.
*/
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
@ -681,7 +708,7 @@ index f9fbc5954f..0a3f88d61d 100644
&tail);
/*
@@ -1494,16 +1556,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1473,16 +1535,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* disabled. (For applications that allow them, they aren't too bad, but
* we prefer authenticated ciphers.)
*/
@ -702,7 +729,7 @@ index f9fbc5954f..0a3f88d61d 100644
&tail);
/*
@@ -1519,7 +1581,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1498,7 +1560,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
* TODO(openssl-team): is there an easier way to accomplish all this?
*/
@ -711,7 +738,7 @@ index f9fbc5954f..0a3f88d61d 100644
&head, &tail);
/*
@@ -1535,15 +1597,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1514,15 +1576,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Because we now bump ciphers to the top of the list, we proceed in
* reverse order of preference.
*/
@ -734,7 +761,7 @@ index f9fbc5954f..0a3f88d61d 100644
/*
* We also need cipher aliases for selecting based on the rule_str.
@@ -1557,9 +1622,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1536,9 +1601,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) {
@ -745,7 +772,7 @@ index f9fbc5954f..0a3f88d61d 100644
}
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc,
@@ -1584,28 +1648,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1563,28 +1627,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
OPENSSL_free(ca_list); /* Not needed anymore */
@ -781,7 +808,7 @@ index f9fbc5954f..0a3f88d61d 100644
OSSL_TRACE_BEGIN(TLS_CIPHER) {
BIO_printf(trc_out, "cipher selection:\n");
@@ -1617,26 +1672,51 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
@@ -1596,26 +1651,51 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
for (curr = head; curr != NULL; curr = curr->next) {
if (curr->active) {
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
@ -843,7 +870,7 @@ index f9fbc5954f..0a3f88d61d 100644
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index fc81948815..b703f8c8ad 100644
index 517e90c141..7f578a25ff 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -255,6 +255,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
@ -856,10 +883,10 @@ index fc81948815..b703f8c8ad 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
"not on record boundary"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
@@ -489,7 +492,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"unexpected ccs message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
@@ -491,7 +494,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"unexpected end of early data"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
"unexpected eof while reading"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE),
+ "unexpected group close"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
@ -869,7 +896,7 @@ index fc81948815..b703f8c8ad 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 384c28e76b..f2e79fb94d 100644
index 977b599055..474a32e085 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1127,6 +1127,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@ -977,7 +1004,7 @@ index 384c28e76b..f2e79fb94d 100644
return NULL;
}
@@ -3099,7 +3165,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
@@ -3157,7 +3223,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
OSSL_default_cipher_list(), ret->cert)
@ -986,7 +1013,7 @@ index 384c28e76b..f2e79fb94d 100644
SSLerr(0, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -3280,7 +3346,7 @@ void SSL_CTX_free(SSL_CTX *a)
@@ -3336,7 +3402,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store);
#endif
@ -995,7 +1022,7 @@ index 384c28e76b..f2e79fb94d 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
@@ -3958,13 +4024,15 @@ SSL *SSL_dup(SSL *s)
@@ -4022,13 +4088,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) {
@ -1016,12 +1043,12 @@ index 384c28e76b..f2e79fb94d 100644
/* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 14515cadfe..3f6d134d16 100644
index 31c01328ce..587c40df36 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -737,11 +737,48 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE;
@@ -789,11 +789,48 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len,
size_t max_size);
size_t ssl_hmac_size(const SSL_HMAC *ctx);
+/* ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with
+ * equal-preference groups. For TLS clients, the groups are moot because the
@ -1069,7 +1096,7 @@ index 14515cadfe..3f6d134d16 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1318,7 +1355,7 @@ struct ssl_st {
@@ -1380,7 +1417,7 @@ struct ssl_st {
SSL_DANE dane;
/* crypto */
STACK_OF(SSL_CIPHER) *peer_ciphers;
@ -1078,7 +1105,7 @@ index 14515cadfe..3f6d134d16 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2291,7 +2328,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
@@ -2353,7 +2390,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1087,7 +1114,7 @@ index 14515cadfe..3f6d134d16 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
@@ -2301,6 +2338,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
@@ -2363,6 +2400,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
@ -1098,10 +1125,10 @@ index 14515cadfe..3f6d134d16 100644
+struct ssl_cipher_preference_list_st* ssl_cipher_preference_list_from_ciphers(
+ STACK_OF(SSL_CIPHER) *ciphers);
+struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s);
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp,
@@ -2386,7 +2430,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
__owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s,
const EVP_CIPHER **enc, const EVP_MD **md,
int *mac_pkey_type, size_t *mac_secret_size,
@@ -2448,7 +2492,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt,
@ -1111,10 +1138,10 @@ index 14515cadfe..3f6d134d16 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index c744bf64eb..b937bbddd7 100644
index ab032ae956..433f2fa2bf 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1765,7 +1765,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1764,7 +1764,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
if (SSL_IS_TLS13(s)) {
const SSL_CIPHER *cipher =
@ -1123,7 +1150,7 @@ index c744bf64eb..b937bbddd7 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@@ -1948,7 +1948,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1947,7 +1947,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* check if some cipher was preferred by call back */
if (pref_cipher == NULL)
pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers,
@ -1132,7 +1159,7 @@ index c744bf64eb..b937bbddd7 100644
if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@@ -1957,8 +1957,9 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1956,8 +1956,9 @@ static int tls_early_post_process_client_hello(SSL *s)
}
s->session->cipher = pref_cipher;
@ -1144,7 +1171,7 @@ index c744bf64eb..b937bbddd7 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers);
}
@@ -2270,7 +2271,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
@@ -2269,7 +2270,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) {
cipher =