From 716bfaab475a34676fe71453a2fda08a4b19fd10 Mon Sep 17 00:00:00 2001 From: Hakase Date: Mon, 6 May 2019 22:35:53 +0900 Subject: [PATCH] Latest update - v3.0.0-dev --- README.md | 2 +- openssl-3.0.0-dev-chacha_draft.patch | 14 +++++++------- openssl-equal-3.0.0-dev.patch | 24 ++++++++++++------------ openssl-equal-3.0.0-dev_ciphers.patch | 24 ++++++++++++------------ 4 files changed, 32 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 365941a..3ea93a2 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ Default support is in bold type. - [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final** - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final** -[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23791 commits)](https://github.com/openssl/openssl/tree/e8fb288cc5057bb198a7f1c6e46f3b64b5d7a476) +[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23804 commits)](https://github.com/openssl/openssl/tree/4679345149f04eece835593823932263d9421456) ## Patch files diff --git a/openssl-3.0.0-dev-chacha_draft.patch b/openssl-3.0.0-dev-chacha_draft.patch index adb94bf..345f6ab 100644 --- a/openssl-3.0.0-dev-chacha_draft.patch +++ b/openssl-3.0.0-dev-chacha_draft.patch @@ -372,7 +372,7 @@ index 4db2b6a0db..5b07fb3cba 100644 # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 4ed9894d52..64a0759274 100644 +index 5ea2c2d029..5877f6876c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2083,6 +2083,54 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -499,11 +499,11 @@ index 4a72864980..5da1a0f0c0 100644 # define SSL_ARIA (SSL_ARIAGCM) diff --git a/util/libcrypto.num b/util/libcrypto.num -index 8259ddbb5e..1869da0de5 100644 +index 010f8686d5..e6ae934b4d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num -@@ -4800,3 +4800,4 @@ EVP_CIPHER_upref 4747 3_0_0 EXIST::FUNCTION: - EVP_CIPHER_fetch 4748 3_0_0 EXIST::FUNCTION: - EVP_CIPHER_mode 4749 3_0_0 EXIST::FUNCTION: - OPENSSL_info 4750 3_0_0 EXIST::FUNCTION: -+EVP_chacha20_poly1305_draft 4751 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305 +@@ -4804,3 +4804,4 @@ EVP_KDF_CTX_new 4751 3_0_0 EXIST::FUNCTION: + EVP_KDF_CTX_kdf 4752 3_0_0 EXIST::FUNCTION: + EVP_KDF_nid 4753 3_0_0 EXIST::FUNCTION: + EVP_get_kdfbyname 4754 3_0_0 EXIST::FUNCTION: ++EVP_chacha20_poly1305_draft 4755 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305 diff --git a/openssl-equal-3.0.0-dev.patch b/openssl-equal-3.0.0-dev.patch index ca3989e..e430ff4 100644 --- a/openssl-equal-3.0.0-dev.patch +++ b/openssl-equal-3.0.0-dev.patch @@ -1,8 +1,8 @@ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 5c444f5ba7..fba529cfff 100644 +index 8ad85f5025..17de01ad22 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt -@@ -2922,6 +2922,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key +@@ -2925,6 +2925,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\ mixed handshake and non handshake data @@ -11,7 +11,7 @@ index 5c444f5ba7..fba529cfff 100644 SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate SSL_R_NOT_SERVER:284:not server -@@ -3028,7 +3030,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines +@@ -3031,7 +3033,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data @@ -71,7 +71,7 @@ index 7f776f97f7..bef78d6c2c 100644 # define SSL_R_UNINITIALIZED 276 # define SSL_R_UNKNOWN_ALERT_TYPE 246 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 4ed9894d52..a12372354a 100644 +index 5ea2c2d029..4c388ad992 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -168,7 +168,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -101,7 +101,7 @@ index 4ed9894d52..a12372354a 100644 DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, -@@ -4112,6 +4112,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +@@ -4109,6 +4109,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) return 1; } @@ -119,7 +119,7 @@ index 4ed9894d52..a12372354a 100644 /* * ssl3_choose_cipher - choose a cipher from those offered by the client * @s: SSL connection -@@ -4121,16 +4132,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +@@ -4118,16 +4129,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) * Returns the selected cipher or NULL when no common ciphers. */ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -150,7 +150,7 @@ index 4ed9894d52..a12372354a 100644 /* Let's see which ciphers we can support */ -@@ -4157,54 +4176,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4154,54 +4173,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } OSSL_TRACE_END(TLS_CIPHER); /* SUITE-B takes precedence over server preference and ChaCha priortiy */ @@ -208,7 +208,7 @@ index 4ed9894d52..a12372354a 100644 allow = srvr; } -@@ -4235,14 +4213,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4232,14 +4210,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { c = sk_SSL_CIPHER_value(prio, i); @@ -227,7 +227,7 @@ index 4ed9894d52..a12372354a 100644 /* * Since TLS 1.3 ciphersuites can be used with any auth or -@@ -4264,10 +4244,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4261,10 +4241,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) @@ -240,7 +240,7 @@ index 4ed9894d52..a12372354a 100644 OSSL_TRACE7(TLS_CIPHER, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); -@@ -4283,6 +4263,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4280,6 +4260,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ok) continue; @@ -255,7 +255,7 @@ index 4ed9894d52..a12372354a 100644 } ii = sk_SSL_CIPHER_find(allow, c); if (ii >= 0) { -@@ -4290,14 +4278,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4287,14 +4275,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, c->strength_bits, 0, (void *)c)) continue; @@ -271,7 +271,7 @@ index 4ed9894d52..a12372354a 100644 if (prefer_sha256) { const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); -@@ -4309,13 +4290,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4306,13 +4287,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ret = tmp; continue; } diff --git a/openssl-equal-3.0.0-dev_ciphers.patch b/openssl-equal-3.0.0-dev_ciphers.patch index d2a5ce0..8481414 100644 --- a/openssl-equal-3.0.0-dev_ciphers.patch +++ b/openssl-equal-3.0.0-dev_ciphers.patch @@ -1,8 +1,8 @@ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 5c444f5ba7..fba529cfff 100644 +index 8ad85f5025..17de01ad22 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt -@@ -2922,6 +2922,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key +@@ -2925,6 +2925,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\ mixed handshake and non handshake data @@ -11,7 +11,7 @@ index 5c444f5ba7..fba529cfff 100644 SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate SSL_R_NOT_SERVER:284:not server -@@ -3028,7 +3030,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines +@@ -3031,7 +3033,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data @@ -71,7 +71,7 @@ index 7f776f97f7..bef78d6c2c 100644 # define SSL_R_UNINITIALIZED 276 # define SSL_R_UNKNOWN_ALERT_TYPE 246 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 4ed9894d52..3c281c1ef5 100644 +index 5ea2c2d029..30361e6d58 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -32,7 +32,25 @@ const unsigned char tls12downgrade[] = { @@ -150,7 +150,7 @@ index 4ed9894d52..3c281c1ef5 100644 DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, -@@ -4112,6 +4118,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +@@ -4109,6 +4115,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) return 1; } @@ -168,7 +168,7 @@ index 4ed9894d52..3c281c1ef5 100644 /* * ssl3_choose_cipher - choose a cipher from those offered by the client * @s: SSL connection -@@ -4121,16 +4138,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +@@ -4118,16 +4135,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) * Returns the selected cipher or NULL when no common ciphers. */ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -199,7 +199,7 @@ index 4ed9894d52..3c281c1ef5 100644 /* Let's see which ciphers we can support */ -@@ -4157,54 +4182,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4154,54 +4179,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } OSSL_TRACE_END(TLS_CIPHER); /* SUITE-B takes precedence over server preference and ChaCha priortiy */ @@ -257,7 +257,7 @@ index 4ed9894d52..3c281c1ef5 100644 allow = srvr; } -@@ -4235,14 +4219,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4232,14 +4216,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { c = sk_SSL_CIPHER_value(prio, i); @@ -276,7 +276,7 @@ index 4ed9894d52..3c281c1ef5 100644 /* * Since TLS 1.3 ciphersuites can be used with any auth or -@@ -4264,10 +4250,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4261,10 +4247,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) @@ -289,7 +289,7 @@ index 4ed9894d52..3c281c1ef5 100644 OSSL_TRACE7(TLS_CIPHER, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); -@@ -4283,6 +4269,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4280,6 +4266,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ok) continue; @@ -304,7 +304,7 @@ index 4ed9894d52..3c281c1ef5 100644 } ii = sk_SSL_CIPHER_find(allow, c); if (ii >= 0) { -@@ -4290,14 +4284,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4287,14 +4281,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, c->strength_bits, 0, (void *)c)) continue; @@ -320,7 +320,7 @@ index 4ed9894d52..3c281c1ef5 100644 if (prefer_sha256) { const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); -@@ -4309,13 +4296,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4306,13 +4293,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ret = tmp; continue; }