Removing OpenSSL-1.1.1 patch files and patch OpenSSL-1.1.1a files.

openssl-1.1.2-dev
Hakase 2018-12-03 19:39:13 +09:00
parent 4bc9a625b6
commit 4416999a70
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
6 changed files with 121 additions and 129 deletions

View File

@ -31,7 +31,7 @@ Default support is in bold type.
- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ draft 23, 28, **final**
- [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
[Compatible OpenSSL-1.1.1 (OpenSSL, 22764 commits)](https://github.com/openssl/openssl/tree/1708e3e85b4a86bae26860aa5d2913fc8eff6086)
[Compatible OpenSSL-1.1.1a (OpenSSL, 22932 commits)](https://github.com/openssl/openssl/tree/d1c28d791a7391a8dc101713cd8646df96491d03)
## Patch files
@ -46,12 +46,12 @@ Here is the basic patch content.
| Patch file name | Patch list |
| :--- | :--- |
| openssl-1.1.1-tls13_draft.patch | Only for TLS 1.3 draft 23, 26, 28, final support patch. |
| openssl-equal-1.1.1.patch<br>openssl-equal-1.1.2-dev.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can not_** be changed on _nginx_. |
| openssl-equal-1.1.1_ciphers.patch<br>openssl-equal-1.1.2-dev_ciphers.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can_** be changed on _nginx_. |
| openssl-1.1.1-chacha_draft.patch | A draft version of chacha20-poly1305 is available. [View issue](https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427554824) |
| openssl-1.1.1-tls13_draft.patch | Enable TLS 1.3 draft 23, 26, 28, final. |
| openssl-1.1.1-tls13_nginx_config.patch | You can set TLS 1.3 ciphere in nginx. ex) TLS13+AESGCM+AES128 |
| openssl-1.1.1a-tls13_draft.patch | Only for TLS 1.3 draft 23, 26, 28, final support patch. |
| openssl-equal-1.1.1a.patch<br>openssl-equal-1.1.2-dev.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can not_** be changed on _nginx_. |
| openssl-equal-1.1.1a_ciphers.patch<br>openssl-equal-1.1.2-dev_ciphers.patch | Support **final (TLS 1.3)**, TLS 1.3 cipher settings **_can_** be changed on _nginx_. |
| openssl-1.1.1a-chacha_draft.patch | A draft version of chacha20-poly1305 is available. [View issue](https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427554824) |
| openssl-1.1.1a-tls13_draft.patch | Enable TLS 1.3 draft 23, 26, 28, final. |
| openssl-1.1.1a-tls13_nginx_config.patch | You can set TLS 1.3 ciphere in nginx. ex) TLS13+AESGCM+AES128 |
**The "_ciphers" patch file is a temporary change to the TLS 1.3 configuration.**
@ -97,7 +97,7 @@ Thanks [@JemmyLoveJenny](https://github.com/JemmyLoveJenny)!
git clone https://github.com/openssl/openssl.git
git clone https://github.com/hakasenyang/openssl-patch.git
cd openssl
patch -p1 < ../openssl-patch/openssl-1.1.1-chacha_draft.patch
patch -p1 < ../openssl-patch/openssl-1.1.1a-chacha_draft.patch
```
### nginx HPACK Patch
@ -157,12 +157,12 @@ ssl_ecdh_curve X25519:P-256:P-384;
ssl_prefer_server_ciphers on;
```
### OpenSSL-1.1.x (> 1.1.1) ciphers (draft 23, 26, 28, final)
### OpenSSL-1.1.x (>= 1.1.1a) ciphers (draft 23, 26, 28, final)
```
[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
```
### OpenSSL-1.1.x_ciphers (> 1.1.1) ciphers (draft 23, 26, 28, final)
### OpenSSL-1.1.x_ciphers (>= 1.1.1a) ciphers (draft 23, 26, 28, final)
```
[TLS13+AESGCM+AES128|TLS13+AESGCM+AES256|TLS13+CHACHA20]:[EECDH+ECDSA+AESGCM+AES128|EECDH+ECDSA+CHACHA20]:EECDH+ECDSA+AESGCM+AES256:EECDH+ECDSA+AES128+SHA:EECDH+ECDSA+AES256+SHA:[EECDH+aRSA+AESGCM+AES128|EECDH+aRSA+CHACHA20]:EECDH+aRSA+AESGCM+AES256:EECDH+aRSA+AES128+SHA:EECDH+aRSA+AES256+SHA:RSA+AES128+SHA:RSA+AES256+SHA:RSA+3DES
```

View File

@ -1,11 +1,3 @@
Issue: https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-427554824
Original source : https://github.com/JemmyLoveJenny/ngx_ossl_patches/blob/master/ossl_enable_chacha20-poly1305-draft.patch
After using this patch, you can use it as is.
If necessary, use it with "EECDH+CHACHA20-D".
If you use EECDH+CHACHA20, the OLD version is also used at the same time.
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 086b3c4d51..5699901f7d 100644
--- a/crypto/evp/c_allc.c
@ -278,14 +270,14 @@ index e931f7f516..c1cf32b2b0 100644
407, /* "characteristic-two-field" */
395, /* "clearance" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 1b6a9c61a1..a55fc456ee 100644
index 1b6a9c61a1..c81ca25a53 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1192,3 +1192,4 @@ magma_cfb 1191
magma_mac 1192
hmacWithSHA512_224 1193
hmacWithSHA512_256 1194
+chacha20_poly1305_draft 1195
+chacha20_poly1305_draft 1195
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 6dbc41ce37..581169eda8 100644
--- a/crypto/objects/objects.txt
@ -326,7 +318,7 @@ index 80ff5a7c86..456e05ffea 100644
#define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ffe158388d..54dcd2702f 100644
index d6b1b4e6a6..6d166c94f0 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" {
@ -338,10 +330,10 @@ index ffe158388d..54dcd2702f 100644
# define SSL_TXT_ARIA "ARIA"
# define SSL_TXT_ARIA_GCM "ARIAGCM"
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 2e46cf80d3..cc750bf735 100644
index e13b5dd4bc..53d43c121e 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -596,7 +596,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -597,7 +597,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B
@ -355,7 +347,7 @@ index 2e46cf80d3..cc750bf735 100644
# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8
# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9
# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA
@@ -761,6 +766,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -762,6 +767,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
@ -365,7 +357,7 @@ index 2e46cf80d3..cc750bf735 100644
# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
@@ -1089,7 +1097,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -1090,7 +1098,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384"
@ -380,7 +372,7 @@ index 2e46cf80d3..cc750bf735 100644
# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7713f767b2..cb37dd6e6f 100644
index 866ca4dfa9..40b0205e52 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2082,6 +2082,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
@ -488,7 +480,7 @@ index 14066d0ea4..0ded2bd6b6 100644
} else if (c->algorithm_mac & SSL_AEAD) {
/* We're supposed to have handled all the AEAD modes above */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index c22c1f9ee8..6c4595c49b 100644
index 70e5a1740f..d75ba89a40 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -230,12 +230,13 @@
@ -507,7 +499,7 @@ index c22c1f9ee8..6c4595c49b 100644
# define SSL_ARIA (SSL_ARIAGCM)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index ecece3824f..678b04c9ed 100644
index bad3a3814e..c4166b784b 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4577,3 +4577,4 @@ OCSP_resp_get0_respdata 4530 1_1_0j EXIST::FUNCTION:OCSP

View File

@ -1,5 +1,5 @@
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0a18a43544..c31597584b 100644
index d6b1b4e6a6..173dbb1ef8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -173,12 +173,12 @@ extern "C" {
@ -20,13 +20,13 @@ index 0a18a43544..c31597584b 100644
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 2e46cf80d3..0accc837a3 100644
index e13b5dd4bc..779341c948 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -30,6 +30,16 @@ extern "C" {
# define TLS1_3_VERSION 0x0304
# define TLS_MAX_VERSION TLS1_3_VERSION
+/* TODO(TLS1.3) REMOVE ME: Version indicators for draft version */
+# define TLS1_3_VERSION_DRAFT_23 0x7f17
+# define TLS1_3_VERSION_DRAFT_26 0x7f1a
@ -39,7 +39,7 @@ index 2e46cf80d3..0accc837a3 100644
+
/* Special value for method supporting multiple versions */
# define TLS_ANY_VERSION 0x10000
diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c
index a11ed483e6..4fd583dd03 100644
--- a/ssl/record/ssl3_record_tls13.c
@ -57,10 +57,10 @@ index a11ed483e6..4fd583dd03 100644
(unsigned int)rec->length) <= 0
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e8819e7a28..9afa488822 100644
index 70e5a1740f..7b3b270ffc 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1074,6 +1111,8 @@ struct ssl_st {
@@ -1080,6 +1080,8 @@ struct ssl_st {
* DTLS1_VERSION)
*/
int version;
@ -70,13 +70,13 @@ index e8819e7a28..9afa488822 100644
const SSL_METHOD *method;
/*
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 4b5e6fe2b8..99981c9e37 100644
index ab4dbf6713..745897b638 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -530,8 +530,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
+ /*
+ * TODO(TLS1.3): There is some discussion on the TLS list as to whether
+ * we should include versions <TLS1.2. For the moment we do. To be
@ -100,10 +100,10 @@ index 4b5e6fe2b8..99981c9e37 100644
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
@@ -1760,6 +1777,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 0;
}
+ /* TODO(TLS1.3): Remove this before release */
+ if (version == TLS1_3_VERSION_DRAFT
+ || version == TLS1_3_VERSION_DRAFT_27
@ -131,7 +131,7 @@ index 0f2b22392b..6c1ce9813f 100644
WPACKET_cleanup(&hrrpkt);
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
@@ -1652,7 +1653,8 @@ EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
|| !WPACKET_start_sub_packet_u16(pkt)
- || !WPACKET_put_bytes_u16(pkt, s->version)
@ -141,21 +141,21 @@ index 0f2b22392b..6c1ce9813f 100644
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 508bb88767..ee927baf64 100644
index 4324896f50..d0de7ffe3d 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1753,6 +1753,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
+ /* TODO(TLS1.3): Remove this before release */
+ unsigned int orig_candidate = 0;
suppversions->parsed = 1;
@@ -1774,6 +1776,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+ /* TODO(TLS1.3): Remove this before release */
+ if (candidate_vers == TLS1_3_VERSION
@ -177,7 +177,7 @@ index 508bb88767..ee927baf64 100644
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
@@ -1796,6 +1815,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;

View File

@ -1,5 +1,5 @@
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7713f767b2..c1725bd3a3 100644
index 866ca4dfa9..4654becf1d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -31,7 +31,25 @@ const unsigned char tls12downgrade[] = {

View File

@ -25,7 +25,7 @@ index 3aea982384..3c93eba0bf 100644
The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0a18a43544..c31597584b 100644
index d6b1b4e6a6..173dbb1ef8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -173,12 +173,12 @@ extern "C" {
@ -71,7 +71,7 @@ index 87b295c9f9..d118d8e864 100644
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 2e46cf80d3..0accc837a3 100644
index e13b5dd4bc..779341c948 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -30,6 +30,16 @@ extern "C" {
@ -108,7 +108,7 @@ index a11ed483e6..4fd583dd03 100644
(unsigned int)rec->length) <= 0
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7713f767b2..5a3f9e2c27 100644
index 866ca4dfa9..7b98b670d2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -167,7 +167,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
@ -138,7 +138,7 @@ index 7713f767b2..5a3f9e2c27 100644
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -4104,6 +4104,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -4124,6 +4124,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
return 1;
}
@ -156,7 +156,7 @@ index 7713f767b2..5a3f9e2c27 100644
/*
* ssl3_choose_cipher - choose a cipher from those offered by the client
* @s: SSL connection
@@ -4113,16 +4124,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -4133,16 +4144,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
* Returns the selected cipher or NULL when no common ciphers.
*/
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@ -187,7 +187,7 @@ index 7713f767b2..5a3f9e2c27 100644
/* Let's see which ciphers we can support */
@@ -4149,54 +4168,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4169,54 +4188,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif
/* SUITE-B takes precedence over server preference and ChaCha priortiy */
@ -245,7 +245,7 @@ index 7713f767b2..5a3f9e2c27 100644
allow = srvr;
}
@@ -4227,14 +4205,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4247,14 +4225,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
@ -264,7 +264,7 @@ index 7713f767b2..5a3f9e2c27 100644
/*
* Since TLS 1.3 ciphersuites can be used with any auth or
@@ -4256,10 +4236,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4276,10 +4256,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
@ -277,7 +277,7 @@ index 7713f767b2..5a3f9e2c27 100644
#ifdef CIPHER_DEBUG
fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
alg_a, mask_k, mask_a, (void *)c, c->name);
@@ -4276,6 +4256,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4296,6 +4276,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ok)
continue;
@ -292,7 +292,7 @@ index 7713f767b2..5a3f9e2c27 100644
}
ii = sk_SSL_CIPHER_find(allow, c);
if (ii >= 0) {
@@ -4283,14 +4271,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4303,14 +4291,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
c->strength_bits, 0, (void *)c))
continue;
@ -308,7 +308,7 @@ index 7713f767b2..5a3f9e2c27 100644
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
@@ -4302,13 +4283,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4322,13 +4303,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
ret = tmp;
continue;
}
@ -352,7 +352,7 @@ index 7713f767b2..5a3f9e2c27 100644
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b60cc79a2f..e028151423 100644
index 14066d0ea4..165f1c83b1 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -190,6 +190,7 @@ typedef struct cipher_order_st {
@ -824,10 +824,10 @@ index 11331ce41f..cfc770b8d6 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d75158e30c..926a7a04c5 100644
index 61a0ea2cc9..66e29ecba5 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1113,6 +1113,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@@ -1117,6 +1117,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
}
@ -899,7 +899,7 @@ index d75158e30c..926a7a04c5 100644
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{
return ctx->param;
@@ -1153,7 +1218,8 @@ void SSL_free(SSL *s)
@@ -1157,7 +1222,8 @@ void SSL_free(SSL *s)
BUF_MEM_free(s->init_buf);
/* add extra stuff */
@ -909,7 +909,7 @@ index d75158e30c..926a7a04c5 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
@@ -2422,9 +2488,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
@@ -2427,9 +2493,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
{
if (s != NULL) {
if (s->cipher_list != NULL) {
@ -921,7 +921,7 @@ index d75158e30c..926a7a04c5 100644
}
}
return NULL;
@@ -2498,8 +2564,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
@@ -2503,8 +2569,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
* preference */
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
{
@ -932,7 +932,7 @@ index d75158e30c..926a7a04c5 100644
return NULL;
}
@@ -2930,7 +2996,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
@@ -2935,7 +3001,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -941,7 +941,7 @@ index d75158e30c..926a7a04c5 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -3103,7 +3169,7 @@ void SSL_CTX_free(SSL_CTX *a)
@@ -3111,7 +3177,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store);
#endif
@ -950,7 +950,7 @@ index d75158e30c..926a7a04c5 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
@@ -3752,13 +3818,15 @@ SSL *SSL_dup(SSL *s)
@@ -3789,13 +3855,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) {
@ -969,12 +969,12 @@ index d75158e30c..926a7a04c5 100644
+ }
/* Dup the client_CA list */
if (s->ca_names != NULL) {
if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e8819e7a28..9afa488822 100644
index 70e5a1740f..d583840984 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -737,9 +737,46 @@ typedef struct ssl_ctx_ext_secure_st {
@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE;
@ -1022,7 +1022,7 @@ index e8819e7a28..9afa488822 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1074,6 +1111,8 @@ struct ssl_st {
@@ -1080,6 +1117,8 @@ struct ssl_st {
* DTLS1_VERSION)
*/
int version;
@ -1031,7 +1031,7 @@ index e8819e7a28..9afa488822 100644
/* SSLv3 */
const SSL_METHOD *method;
/*
@@ -1132,7 +1171,7 @@ struct ssl_st {
@@ -1138,7 +1177,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
@ -1040,8 +1040,8 @@ index e8819e7a28..9afa488822 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2254,7 +2293,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
@@ -2265,7 +2304,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
- STACK_OF(SSL_CIPHER) **cipher_list,
@ -1049,7 +1049,7 @@ index e8819e7a28..9afa488822 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
@@ -2264,6 +2303,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
@@ -2275,6 +2314,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
@ -1063,7 +1063,7 @@ index e8819e7a28..9afa488822 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp,
@@ -2347,7 +2393,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
@@ -2358,7 +2404,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt,
@ -1073,10 +1073,10 @@ index e8819e7a28..9afa488822 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 4b5e6fe2b8..99981c9e37 100644
index ab4dbf6713..745897b638 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -530,8 +530,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
@ -1103,7 +1103,7 @@ index 4b5e6fe2b8..99981c9e37 100644
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
@@ -1760,6 +1777,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 0;
}
@ -1144,10 +1144,10 @@ index 0f2b22392b..6c1ce9813f 100644
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 508bb88767..ee927baf64 100644
index 4324896f50..d0de7ffe3d 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1753,6 +1753,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
@ -1156,7 +1156,7 @@ index 508bb88767..ee927baf64 100644
suppversions->parsed = 1;
@@ -1774,6 +1776,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
@ -1180,7 +1180,7 @@ index 508bb88767..ee927baf64 100644
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
@@ -1796,6 +1815,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
@ -1191,10 +1191,10 @@ index 508bb88767..ee927baf64 100644
return 0;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 346b1e3989..0a747f39ce 100644
index e7c11c4bea..a2a6c1e44e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1742,7 +1742,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1744,7 +1744,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
if (SSL_IS_TLS13(s)) {
const SSL_CIPHER *cipher =
@ -1203,7 +1203,7 @@ index 346b1e3989..0a747f39ce 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@@ -1923,7 +1923,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1925,7 +1925,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* check if some cipher was preferred by call back */
if (pref_cipher == NULL)
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@ -1212,7 +1212,7 @@ index 346b1e3989..0a747f39ce 100644
if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@@ -1932,8 +1932,9 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1934,8 +1934,9 @@ static int tls_early_post_process_client_hello(SSL *s)
}
s->session->cipher = pref_cipher;
@ -1224,7 +1224,7 @@ index 346b1e3989..0a747f39ce 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
}
@@ -2245,7 +2246,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
@@ -2249,7 +2250,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) {
cipher =

View File

@ -50,7 +50,7 @@ index 87b295c9f9..d118d8e864 100644
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 2e46cf80d3..0accc837a3 100644
index e13b5dd4bc..779341c948 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -30,6 +30,16 @@ extern "C" {
@ -87,7 +87,7 @@ index a11ed483e6..4fd583dd03 100644
(unsigned int)rec->length) <= 0
|| EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 7713f767b2..a0af8ac001 100644
index 866ca4dfa9..1b6b99cb19 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -31,7 +31,25 @@ const unsigned char tls12downgrade[] = {
@ -166,7 +166,7 @@ index 7713f767b2..a0af8ac001 100644
DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -4104,6 +4110,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -4124,6 +4130,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
return 1;
}
@ -184,7 +184,7 @@ index 7713f767b2..a0af8ac001 100644
/*
* ssl3_choose_cipher - choose a cipher from those offered by the client
* @s: SSL connection
@@ -4113,16 +4130,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -4133,16 +4150,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
* Returns the selected cipher or NULL when no common ciphers.
*/
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@ -215,7 +215,7 @@ index 7713f767b2..a0af8ac001 100644
/* Let's see which ciphers we can support */
@@ -4149,54 +4174,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4169,54 +4194,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif
/* SUITE-B takes precedence over server preference and ChaCha priortiy */
@ -273,7 +273,7 @@ index 7713f767b2..a0af8ac001 100644
allow = srvr;
}
@@ -4227,14 +4211,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4247,14 +4231,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
@ -292,7 +292,7 @@ index 7713f767b2..a0af8ac001 100644
/*
* Since TLS 1.3 ciphersuites can be used with any auth or
@@ -4256,10 +4242,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4276,10 +4262,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
@ -305,7 +305,7 @@ index 7713f767b2..a0af8ac001 100644
#ifdef CIPHER_DEBUG
fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
alg_a, mask_k, mask_a, (void *)c, c->name);
@@ -4276,6 +4262,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4296,6 +4282,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ok)
continue;
@ -320,7 +320,7 @@ index 7713f767b2..a0af8ac001 100644
}
ii = sk_SSL_CIPHER_find(allow, c);
if (ii >= 0) {
@@ -4283,14 +4277,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4303,14 +4297,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
c->strength_bits, 0, (void *)c))
continue;
@ -336,7 +336,7 @@ index 7713f767b2..a0af8ac001 100644
if (prefer_sha256) {
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
@@ -4302,13 +4289,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@@ -4322,13 +4309,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
ret = tmp;
continue;
}
@ -380,7 +380,7 @@ index 7713f767b2..a0af8ac001 100644
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b60cc79a2f..205f868a05 100644
index 14066d0ea4..dc190fa334 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -190,6 +190,7 @@ typedef struct cipher_order_st {
@ -859,10 +859,10 @@ index 11331ce41f..cfc770b8d6 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d75158e30c..926a7a04c5 100644
index 61a0ea2cc9..66e29ecba5 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1113,6 +1113,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@@ -1117,6 +1117,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
}
@ -934,7 +934,7 @@ index d75158e30c..926a7a04c5 100644
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{
return ctx->param;
@@ -1153,7 +1218,8 @@ void SSL_free(SSL *s)
@@ -1157,7 +1222,8 @@ void SSL_free(SSL *s)
BUF_MEM_free(s->init_buf);
/* add extra stuff */
@ -944,7 +944,7 @@ index d75158e30c..926a7a04c5 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
@@ -2422,9 +2488,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
@@ -2427,9 +2493,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
{
if (s != NULL) {
if (s->cipher_list != NULL) {
@ -956,7 +956,7 @@ index d75158e30c..926a7a04c5 100644
}
}
return NULL;
@@ -2498,8 +2564,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
@@ -2503,8 +2569,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
* preference */
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
{
@ -967,7 +967,7 @@ index d75158e30c..926a7a04c5 100644
return NULL;
}
@@ -2930,7 +2996,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
@@ -2935,7 +3001,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -976,7 +976,7 @@ index d75158e30c..926a7a04c5 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -3103,7 +3169,7 @@ void SSL_CTX_free(SSL_CTX *a)
@@ -3111,7 +3177,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store);
#endif
@ -985,7 +985,7 @@ index d75158e30c..926a7a04c5 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
@@ -3752,13 +3818,15 @@ SSL *SSL_dup(SSL *s)
@@ -3789,13 +3855,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) {
@ -1004,12 +1004,12 @@ index d75158e30c..926a7a04c5 100644
+ }
/* Dup the client_CA list */
if (s->ca_names != NULL) {
if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e8819e7a28..9afa488822 100644
index 70e5a1740f..d583840984 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -737,9 +737,46 @@ typedef struct ssl_ctx_ext_secure_st {
@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE;
@ -1057,7 +1057,7 @@ index e8819e7a28..9afa488822 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1074,6 +1111,8 @@ struct ssl_st {
@@ -1080,6 +1117,8 @@ struct ssl_st {
* DTLS1_VERSION)
*/
int version;
@ -1066,7 +1066,7 @@ index e8819e7a28..9afa488822 100644
/* SSLv3 */
const SSL_METHOD *method;
/*
@@ -1132,7 +1171,7 @@ struct ssl_st {
@@ -1138,7 +1177,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
@ -1075,8 +1075,8 @@ index e8819e7a28..9afa488822 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2254,7 +2293,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
@@ -2265,7 +2304,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
- STACK_OF(SSL_CIPHER) **cipher_list,
@ -1084,7 +1084,7 @@ index e8819e7a28..9afa488822 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
@@ -2264,6 +2303,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
@@ -2275,6 +2314,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
@ -1098,7 +1098,7 @@ index e8819e7a28..9afa488822 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp,
@@ -2347,7 +2393,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
@@ -2358,7 +2404,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt,
@ -1108,10 +1108,10 @@ index e8819e7a28..9afa488822 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 4b5e6fe2b8..99981c9e37 100644
index ab4dbf6713..745897b638 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -530,8 +530,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
@@ -533,8 +533,25 @@ EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
return EXT_RETURN_FAIL;
}
@ -1138,7 +1138,7 @@ index 4b5e6fe2b8..99981c9e37 100644
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
ERR_R_INTERNAL_ERROR);
@@ -1760,6 +1777,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
@@ -1763,6 +1780,15 @@ int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
return 0;
}
@ -1179,10 +1179,10 @@ index 0f2b22392b..6c1ce9813f 100644
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 508bb88767..ee927baf64 100644
index 4324896f50..d0de7ffe3d 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1753,6 +1753,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
unsigned int best_vers = 0;
const SSL_METHOD *best_method = NULL;
PACKET versionslist;
@ -1191,7 +1191,7 @@ index 508bb88767..ee927baf64 100644
suppversions->parsed = 1;
@@ -1774,6 +1776,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
return SSL_R_BAD_LEGACY_VERSION;
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
@ -1215,7 +1215,7 @@ index 508bb88767..ee927baf64 100644
if (version_cmp(s, candidate_vers, best_vers) <= 0)
continue;
if (ssl_version_supported(s, candidate_vers, &best_method))
@@ -1796,6 +1815,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
}
check_for_downgrade(s, best_vers, dgrd);
s->version = best_vers;
@ -1226,10 +1226,10 @@ index 508bb88767..ee927baf64 100644
return 0;
}
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 346b1e3989..0a747f39ce 100644
index e7c11c4bea..a2a6c1e44e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1742,7 +1742,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1744,7 +1744,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
if (SSL_IS_TLS13(s)) {
const SSL_CIPHER *cipher =
@ -1238,7 +1238,7 @@ index 346b1e3989..0a747f39ce 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@@ -1923,7 +1923,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1925,7 +1925,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* check if some cipher was preferred by call back */
if (pref_cipher == NULL)
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@ -1247,7 +1247,7 @@ index 346b1e3989..0a747f39ce 100644
if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@@ -1932,8 +1932,9 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1934,8 +1934,9 @@ static int tls_early_post_process_client_hello(SSL *s)
}
s->session->cipher = pref_cipher;
@ -1259,7 +1259,7 @@ index 346b1e3989..0a747f39ce 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
}
@@ -2245,7 +2246,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
@@ -2249,7 +2250,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) {
cipher =