jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Latest update - CHACHA20-DRAFT

pull/17/head
Hakase 2019-02-19 15:30:26 +09:00
parent d087771dc0
commit 6c606b09f8
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
4 changed files with 69 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
openssl-1.1.1b-chacha_draft.patch
View File

@ -220,7 +220,7 @@ index c1917bb86a..ea64c6b70e 100644
# endif
#endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 9ab1a14b9e..5c141b9011 100644
index 9ab1a14b9e..ba3e602186 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
@ -236,7 +236,7 @@ index 9ab1a14b9e..5c141b9011 100644
{"magma-mac", "magma-mac", NID_magma_mac},
{"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
{"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
};
-#define NUM_SN 1186
@ -248,7 +248,7 @@ index 9ab1a14b9e..5c141b9011 100644
417, /* "CSPName" */
1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */
+ 1195, /* "chacha20-poly1305-draft" */
+ 1195, /* "ChaCha20-Poly1305-D" */
367, /* "CrlID" */
391, /* "DC" */
31, /* "DES-CBC" */
@ -265,7 +265,7 @@ index 9ab1a14b9e..5c141b9011 100644
883, /* "certificateRevocationList" */
1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */
+ 1195, /* "ChaCha20-Poly1305-D" */
+ 1195, /* "chacha20-poly1305-draft" */
54, /* "challengePassword" */
407, /* "characteristic-two-field" */
395, /* "clearance" */
@ -291,7 +291,7 @@ index 6dbc41ce37..581169eda8 100644
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index cfc33f6a8c..ea097d8105 100644
index e2416724e6..de1cb8c7c1 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -915,6 +915,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
@ -303,22 +303,22 @@ index cfc33f6a8c..ea097d8105 100644
# endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 31fad4640f..47ff8270c9 100644
index 31fad4640f..f3669a46c9 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4811,6 +4811,10 @@
@@ -4807,6 +4807,10 @@
#define LN_chacha20_poly1305 "chacha20-poly1305"
#define NID_chacha20_poly1305 1018
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1195
+
#define SN_chacha20 "ChaCha20"
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1195
+
#define SN_dhpublicnumber "dhpublicnumber"
#define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index d6b1b4e6a6..6d166c94f0 100644
index 4b7757395f..a625ce46e3 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" {
@ -499,11 +499,11 @@ index 307131de93..0b1c345b93 100644
# define SSL_ARIA (SSL_ARIAGCM)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 32c64cb2c7..c577257d5d 100644
index 32c64cb2c7..86cb7a994b 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4579,3 +4579,4 @@ EVP_PKEY_meth_set_digest_custom 4532 1_1_1 EXIST::FUNCTION:
EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION:
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
+EVP_chacha20_poly1305_draft 4536 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305_DRAFT
+EVP_chacha20_poly1305_draft 4536 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305

45
openssl-3.0.0-dev-chacha_draft.patch
View File

@ -11,7 +11,7 @@ index a97eaa1685..24112723f0 100644
#endif
}
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index 0d4612f314..5a3516d642 100644
index e8a323f3be..9b1b36f832 100644
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -154,6 +154,7 @@ typedef struct {
@ -220,7 +220,7 @@ index 0d4612f314..5a3516d642 100644
# endif
#endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 78a9e7acaf..15c712b291 100644
index 78a9e7acaf..134d7b8c70 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
@ -236,7 +236,7 @@ index 78a9e7acaf..15c712b291 100644
{"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
{"BLAKE2BMAC", "blake2bmac", NID_blake2bmac},
{"BLAKE2SMAC", "blake2smac", NID_blake2smac},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
};
-#define NUM_SN 1194
@ -248,7 +248,7 @@ index 78a9e7acaf..15c712b291 100644
417, /* "CSPName" */
1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */
+ 1203, /* "chacha20-poly1305-draft" */
+ 1203, /* "ChaCha20-Poly1305-D" */
367, /* "CrlID" */
391, /* "DC" */
31, /* "DES-CBC" */
@ -265,7 +265,7 @@ index 78a9e7acaf..15c712b291 100644
883, /* "certificateRevocationList" */
1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */
+ 1203, /* "ChaCha20-Poly1305-D" */
+ 1203, /* "chacha20-poly1305-draft" */
54, /* "challengePassword" */
407, /* "characteristic-two-field" */
395, /* "clearance" */
@ -303,22 +303,22 @@ index 23f07eaa05..c90c6435bd 100644
# endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 97b2204ba6..a9b341243a 100644
index 97b2204ba6..fc254cfa61 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4832,6 +4832,10 @@
@@ -4828,6 +4828,10 @@
#define LN_chacha20_poly1305 "chacha20-poly1305"
#define NID_chacha20_poly1305 1018
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1203
+
#define SN_chacha20 "ChaCha20"
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1203
+
#define SN_dhpublicnumber "dhpublicnumber"
#define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 35311acaf4..c2bce6822d 100644
index 9d6e1c5024..5692cfab31 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" {
@ -499,12 +499,11 @@ index bd0d4210f4..709badc0b4 100644
# define SSL_ARIA (SSL_ARIAGCM)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index cc88ac4652..7391b6f4e1 100644
index 560f47fb66..d0e6f40b68 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4631,3 +4631,5 @@ CMS_add1_signing_cert_v2 4586 3_0_0 EXIST::FUNCTION:CMS
ESS_SIGNING_CERT_new_init 4587 3_0_0 EXIST::FUNCTION:
ESS_SIGNING_CERT_V2_new_init 4588 3_0_0 EXIST::FUNCTION:
ERR_load_ESS_strings 4589 3_0_0 EXIST::FUNCTION:
+EVP_chacha20_poly1305_draft 4590 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305_DRAFT
+
@@ -4643,3 +4643,4 @@ EC_GROUP_get0_field 4598 3_0_0 EXIST::FUNCTION:EC
CRYPTO_alloc_ex_data 4599 3_0_0 EXIST::FUNCTION:
OPENSSL_CTX_new 4600 3_0_0 EXIST::FUNCTION:
OPENSSL_CTX_free 4601 3_0_0 EXIST::FUNCTION:
+EVP_chacha20_poly1305_draft 4602 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305

30
openssl-equal-3.0.0-dev.patch
View File

@ -25,7 +25,7 @@ index e29c5d7ced..b5bca974c9 100644
The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index c7a830445b..f538b6a41b 100644
index 9d6e1c5024..cee7db9a25 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -173,12 +173,12 @@ extern "C" {
@ -787,7 +787,7 @@ index 7b06878cef..4e03448e95 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6d6060a212..e8e2e1890f 100644
index 322a4381b0..ac33c35560 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@ -895,7 +895,7 @@ index 6d6060a212..e8e2e1890f 100644
return NULL;
}
@@ -3006,7 +3072,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
@@ -3026,7 +3092,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -904,7 +904,7 @@ index 6d6060a212..e8e2e1890f 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -3182,7 +3248,7 @@ void SSL_CTX_free(SSL_CTX *a)
@@ -3202,7 +3268,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store);
#endif
@ -913,7 +913,7 @@ index 6d6060a212..e8e2e1890f 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
@@ -3860,13 +3926,15 @@ SSL *SSL_dup(SSL *s)
@@ -3880,13 +3946,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) {
@ -934,7 +934,7 @@ index 6d6060a212..e8e2e1890f 100644
/* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index bd0d4210f4..2c96db0618 100644
index bd0d4210f4..8973b7b3a1 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st {
@ -985,7 +985,7 @@ index bd0d4210f4..2c96db0618 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1146,7 +1185,7 @@ struct ssl_st {
@@ -1146,7 +1183,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
@ -994,7 +994,7 @@ index bd0d4210f4..2c96db0618 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2277,7 +2316,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
@@ -2277,7 +2314,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1003,7 +1003,7 @@ index bd0d4210f4..2c96db0618 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
@@ -2287,6 +2326,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
@@ -2287,6 +2324,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
@ -1017,7 +1017,7 @@ index bd0d4210f4..2c96db0618 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp,
@@ -2370,7 +2416,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
@@ -2370,7 +2414,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt,
@ -1027,10 +1027,10 @@ index bd0d4210f4..2c96db0618 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b0dd54903d..1d096858f8 100644
index bf1819d356..ebb6224b5e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1744,7 +1744,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1750,7 +1750,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
if (SSL_IS_TLS13(s)) {
const SSL_CIPHER *cipher =
@ -1039,7 +1039,7 @@ index b0dd54903d..1d096858f8 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@@ -1925,7 +1925,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1931,7 +1931,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* check if some cipher was preferred by call back */
if (pref_cipher == NULL)
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@ -1048,7 +1048,7 @@ index b0dd54903d..1d096858f8 100644
if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@@ -1934,8 +1934,9 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1940,8 +1940,9 @@ static int tls_early_post_process_client_hello(SSL *s)
}
s->session->cipher = pref_cipher;
@ -1060,7 +1060,7 @@ index b0dd54903d..1d096858f8 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
}
@@ -2249,7 +2250,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
@@ -2255,7 +2256,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) {
cipher =

28
openssl-equal-3.0.0-dev_ciphers.patch
View File

@ -822,7 +822,7 @@ index 7b06878cef..4e03448e95 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6d6060a212..e8e2e1890f 100644
index 322a4381b0..ac33c35560 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@ -930,7 +930,7 @@ index 6d6060a212..e8e2e1890f 100644
return NULL;
}
@@ -3006,7 +3072,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
@@ -3026,7 +3092,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -939,7 +939,7 @@ index 6d6060a212..e8e2e1890f 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -3182,7 +3248,7 @@ void SSL_CTX_free(SSL_CTX *a)
@@ -3202,7 +3268,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store);
#endif
@ -948,7 +948,7 @@ index 6d6060a212..e8e2e1890f 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
@@ -3860,13 +3926,15 @@ SSL *SSL_dup(SSL *s)
@@ -3880,13 +3946,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) {
@ -969,7 +969,7 @@ index 6d6060a212..e8e2e1890f 100644
/* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index bd0d4210f4..2c96db0618 100644
index bd0d4210f4..8973b7b3a1 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st {
@ -1020,7 +1020,7 @@ index bd0d4210f4..2c96db0618 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1146,7 +1185,7 @@ struct ssl_st {
@@ -1146,7 +1183,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
@ -1029,7 +1029,7 @@ index bd0d4210f4..2c96db0618 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2277,7 +2316,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
@@ -2277,7 +2314,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1038,7 +1038,7 @@ index bd0d4210f4..2c96db0618 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
@@ -2287,6 +2326,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
@@ -2287,6 +2324,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
@ -1052,7 +1052,7 @@ index bd0d4210f4..2c96db0618 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp,
@@ -2370,7 +2416,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
@@ -2370,7 +2414,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt,
@ -1062,10 +1062,10 @@ index bd0d4210f4..2c96db0618 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index b0dd54903d..1d096858f8 100644
index bf1819d356..ebb6224b5e 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1744,7 +1744,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1750,7 +1750,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
if (SSL_IS_TLS13(s)) {
const SSL_CIPHER *cipher =
@ -1074,7 +1074,7 @@ index b0dd54903d..1d096858f8 100644
if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@@ -1925,7 +1925,7 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1931,7 +1931,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* check if some cipher was preferred by call back */
if (pref_cipher == NULL)
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@ -1083,7 +1083,7 @@ index b0dd54903d..1d096858f8 100644
if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@@ -1934,8 +1934,9 @@ static int tls_early_post_process_client_hello(SSL *s)
@@ -1940,8 +1940,9 @@ static int tls_early_post_process_client_hello(SSL *s)
}
s->session->cipher = pref_cipher;
@ -1095,7 +1095,7 @@ index b0dd54903d..1d096858f8 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
}
@@ -2249,7 +2250,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
@@ -2255,7 +2256,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) {
cipher =