Update openssl-equal-pre6.patch

2018-04-23 12:09:25 +09:00 · 2018-04-23 12:09:25 +09:00 · 450f4219ab
parent ffc90faafe
commit 450f4219ab
1 changed files with 20 additions and 4 deletions
--- a/openssl-equal-pre6.patch
+++ b/openssl-equal-pre6.patch
@ -71,9 +71,25 @@ index 5c6718f..d079e32 100644
 # define SSL_R_UNINITIALIZED                              276
 # define SSL_R_UNKNOWN_ALERT_TYPE                         246
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 6193269..5a330d6 100644
+index 6193269..8f9262f 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
+@@ -37,12 +37,12 @@ static SSL_CIPHER tls13_ciphers[] = {
+         TLS1_3_RFC_AES_128_GCM_SHA256,
+         TLS1_3_RFC_AES_128_GCM_SHA256,
+         TLS1_3_CK_AES_128_GCM_SHA256,
+-        0, 0,
+        SSL_kANY,
+        SSL_aANY,
+         SSL_AES128GCM,
+         SSL_AEAD,
+         TLS1_3_VERSION, TLS1_3_VERSION,
+-        SSL_kANY,
+-        SSL_aANY,
+        0, 0,
+         SSL_HIGH,
+         SSL_HANDSHAKE_MAC_SHA256,
+         128,
@@ -4095,6 +4095,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
     return 1;
 }
@ -127,13 +143,13 @@ index 6193269..5a330d6 100644
 
     /* SUITE-B takes precedence over server preference and ChaCha priortiy */
 -    if (tls1_suiteb(s)) {
+-        prio = srvr;
+-        allow = clnt;
+-    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
 +    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
         prio = srvr;
 +        in_group_flags = server_pref->in_group_flags;
         allow = clnt;
-    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-        prio = srvr;
-        allow = clnt;
 -#ifndef OPENSSL_NO_CHACHA
 -        /* If ChaCha20 is at the top of the client preference list,
 -           and there are ChaCha20 ciphers in the server list, then