Update latest version

openssl-1.1.2-dev-chacha_draft.patch

@@ -318,7 +318,7 @@ index e977a24c66..280efb665e 100644
  #define LN_dhpublicnumber               "X9.42 DH"
  #define NID_dhpublicnumber              920
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index cceb2d495a..fa16d42d79 100644
+index 1e9e8d5721..babce9025d 100644
 --- a/include/openssl/ssl.h
 +++ b/include/openssl/ssl.h
 @@ -125,6 +125,7 @@ extern "C" {
@@ -372,7 +372,7 @@ index e13b5dd4bc..53d43c121e 100644
  # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       "ECDHE-ECDSA-CHACHA20-POLY1305"
  # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305           "DHE-RSA-CHACHA20-POLY1305"
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 866ca4dfa9..40b0205e52 100644
+index 4b9906f215..4821bbf269 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
 @@ -2082,6 +2082,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
@@ -480,7 +480,7 @@ index 14066d0ea4..0ded2bd6b6 100644
      } else if (c->algorithm_mac & SSL_AEAD) {
          /* We're supposed to have handled all the AEAD modes above */
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index e9c5c5cf80..ebefd70f84 100644
+index 70e5a1740f..d75ba89a40 100644
 --- a/ssl/ssl_locl.h
 +++ b/ssl/ssl_locl.h
 @@ -230,12 +230,13 @@
@@ -499,11 +499,11 @@ index e9c5c5cf80..ebefd70f84 100644
  # define SSL_ARIA                (SSL_ARIAGCM)
  
 diff --git a/util/libcrypto.num b/util/libcrypto.num
-index c6de172f8e..bce7d37c8a 100644
+index f7d6cb5823..de1a6e7804 100644
 --- a/util/libcrypto.num
 +++ b/util/libcrypto.num
-@@ -4598,3 +4598,4 @@ EVP_MAC_do_all_sorted                   4551	1_1_2	EXIST::FUNCTION:
- EVP_str2ctrl                            4552	1_1_2	EXIST::FUNCTION:
- EVP_hex2ctrl                            4553	1_1_2	EXIST::FUNCTION:
- EVP_PKEY_supports_digest_nid            4554	1_1_2	EXIST::FUNCTION:
-+EVP_chacha20_poly1305_draft             4555	1_1_0	EXIST::FUNCTION:CHACHA,POLY1305_DRAFT
+@@ -4603,3 +4603,4 @@ SRP_user_pwd_new                        4556	1_1_2	EXIST::FUNCTION:SRP
+ SRP_user_pwd_set_gN                     4557	1_1_2	EXIST::FUNCTION:SRP
+ SRP_user_pwd_set1_ids                   4558	1_1_2	EXIST::FUNCTION:SRP
+ SRP_user_pwd_set0_sv                    4559	1_1_2	EXIST::FUNCTION:SRP
++EVP_chacha20_poly1305_draft             4560	1_1_0	EXIST::FUNCTION:CHACHA,POLY1305_DRAFT

openssl-equal-1.1.2-dev.patch

@@ -25,7 +25,7 @@ index 3aea982384..3c93eba0bf 100644
  
  The following lists give the SSL or TLS cipher suites names from the
 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
-index cceb2d495a..e3a0684c6f 100644
+index 1e9e8d5721..f49e049d90 100644
 --- a/include/openssl/ssl.h
 +++ b/include/openssl/ssl.h
 @@ -173,12 +173,12 @@ extern "C" {
@@ -108,7 +108,7 @@ index a11ed483e6..4fd583dd03 100644
                                  (unsigned int)rec->length) <= 0
              || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 866ca4dfa9..7b98b670d2 100644
+index 4b9906f215..d6739d97f7 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
 @@ -167,7 +167,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
@@ -971,7 +971,7 @@ index 087f768b0b..1cc5e6c3a9 100644
      /* Dup the client_CA list */
      if (!dup_ca_names(&ret->ca_names, s->ca_names)
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index e9c5c5cf80..fb153bf5bf 100644
+index 70e5a1740f..d583840984 100644
 --- a/ssl/ssl_locl.h
 +++ b/ssl/ssl_locl.h
 @@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st {
@@ -1144,10 +1144,10 @@ index 0f2b22392b..6c1ce9813f 100644
          SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                   SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
 diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 95c22062ba..645cfc2d90 100644
+index 4324896f50..d0de7ffe3d 100644
 --- a/ssl/statem/statem_lib.c
 +++ b/ssl/statem/statem_lib.c
-@@ -1779,6 +1779,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
          unsigned int best_vers = 0;
          const SSL_METHOD *best_method = NULL;
          PACKET versionslist;
@@ -1156,7 +1156,7 @@ index 95c22062ba..645cfc2d90 100644
  
          suppversions->parsed = 1;
  
-@@ -1800,6 +1802,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
              return SSL_R_BAD_LEGACY_VERSION;
  
          while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
@@ -1180,7 +1180,7 @@ index 95c22062ba..645cfc2d90 100644
              if (version_cmp(s, candidate_vers, best_vers) <= 0)
                  continue;
              if (ssl_version_supported(s, candidate_vers, &best_method))
-@@ -1822,6 +1841,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
              }
              check_for_downgrade(s, best_vers, dgrd);
              s->version = best_vers;

openssl-equal-1.1.2-dev_ciphers.patch

@@ -87,7 +87,7 @@ index a11ed483e6..4fd583dd03 100644
                                  (unsigned int)rec->length) <= 0
              || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 866ca4dfa9..1b6b99cb19 100644
+index 4b9906f215..de15b9e04e 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
 @@ -31,7 +31,25 @@ const unsigned char tls12downgrade[] = {
@@ -1006,7 +1006,7 @@ index 087f768b0b..1cc5e6c3a9 100644
      /* Dup the client_CA list */
      if (!dup_ca_names(&ret->ca_names, s->ca_names)
 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index e9c5c5cf80..fb153bf5bf 100644
+index 70e5a1740f..d583840984 100644
 --- a/ssl/ssl_locl.h
 +++ b/ssl/ssl_locl.h
 @@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st {
@@ -1179,10 +1179,10 @@ index 0f2b22392b..6c1ce9813f 100644
          SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                   SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
 diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
-index 95c22062ba..645cfc2d90 100644
+index 4324896f50..d0de7ffe3d 100644
 --- a/ssl/statem/statem_lib.c
 +++ b/ssl/statem/statem_lib.c
-@@ -1779,6 +1779,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+@@ -1786,6 +1786,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
          unsigned int best_vers = 0;
          const SSL_METHOD *best_method = NULL;
          PACKET versionslist;
@@ -1191,7 +1191,7 @@ index 95c22062ba..645cfc2d90 100644
  
          suppversions->parsed = 1;
  
-@@ -1800,6 +1802,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+@@ -1807,6 +1809,23 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
              return SSL_R_BAD_LEGACY_VERSION;
  
          while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
@@ -1215,7 +1215,7 @@ index 95c22062ba..645cfc2d90 100644
              if (version_cmp(s, candidate_vers, best_vers) <= 0)
                  continue;
              if (ssl_version_supported(s, candidate_vers, &best_method))
-@@ -1822,6 +1841,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+@@ -1829,6 +1848,9 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
              }
              check_for_downgrade(s, best_vers, dgrd);
              s->version = best_vers;