diff --git a/README.md b/README.md index a959cd2..dd42214 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Default support is in bold type. - [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final** - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final** -[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23804 commits)](https://github.com/openssl/openssl/tree/4679345149f04eece835593823932263d9421456) +[Compatible OpenSSL-3.0.0-dev (OpenSSL, 24014 commits)](https://github.com/openssl/openssl/tree/4cdb302fef1f2160b74acbe1739f62c713fd99f5) ## Patch files diff --git a/openssl-3.0.0-dev-chacha_draft.patch b/openssl-3.0.0-dev-chacha_draft.patch index 345f6ab..1aeee82 100644 --- a/openssl-3.0.0-dev-chacha_draft.patch +++ b/openssl-3.0.0-dev-chacha_draft.patch @@ -220,66 +220,66 @@ index ccef031b89..083179398c 100644 # endif #endif diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index c778d45aa9..b761ad1e47 100644 +index 876bab2a7f..0e825e5b8b 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1080,7 +1080,7 @@ static const unsigned char so[7775] = { 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7766] OBJ_SM2_with_SM3 */ }; --#define NUM_NID 1206 -+#define NUM_NID 1207 +-#define NUM_NID 1207 ++#define NUM_NID 1208 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -@@ -2288,9 +2288,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"SSHKDF", "sshkdf", NID_sshkdf}, +@@ -2289,9 +2289,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7766]}, {"SSKDF", "sskdf", NID_sskdf}, + {"X963KDF", "x963kdf", NID_x963kdf}, + {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft}, }; --#define NUM_SN 1197 -+#define NUM_SN 1198 +-#define NUM_SN 1198 ++#define NUM_SN 1199 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ -@@ -2413,6 +2414,7 @@ static const unsigned int sn_objs[NUM_SN] = { +@@ -2414,6 +2415,7 @@ static const unsigned int sn_objs[NUM_SN] = { 417, /* "CSPName" */ 1019, /* "ChaCha20" */ 1018, /* "ChaCha20-Poly1305" */ -+ 1206, /* "ChaCha20-Poly1305-D" */ ++ 1207, /* "ChaCha20-Poly1305-D" */ 367, /* "CrlID" */ 391, /* "DC" */ 31, /* "DES-CBC" */ -@@ -3491,7 +3493,7 @@ static const unsigned int sn_objs[NUM_SN] = { +@@ -3493,7 +3495,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; --#define NUM_LN 1197 -+#define NUM_LN 1198 +-#define NUM_LN 1198 ++#define NUM_LN 1199 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ -@@ -3876,6 +3878,7 @@ static const unsigned int ln_objs[NUM_LN] = { +@@ -3878,6 +3880,7 @@ static const unsigned int ln_objs[NUM_LN] = { 883, /* "certificateRevocationList" */ 1019, /* "chacha20" */ 1018, /* "chacha20-poly1305" */ -+ 1206, /* "chacha20-poly1305-draft" */ ++ 1207, /* "chacha20-poly1305-draft" */ 54, /* "challengePassword" */ 407, /* "characteristic-two-field" */ 395, /* "clearance" */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 44820a7c8d..03c87d5b33 100644 +index e0969fe1fd..957a28d47a 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num -@@ -1203,3 +1203,4 @@ blake2smac 1202 - sshkdf 1203 +@@ -1204,3 +1204,4 @@ sshkdf 1203 SM2_with_SM3 1204 sskdf 1205 -+chacha20_poly1305_draft 1206 + x963kdf 1206 ++chacha20_poly1305_draft 1207 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index 2240916ff4..2a61f1a23a 100644 +index 566438948f..92f235d5d5 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1545,6 +1545,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr @@ -291,10 +291,10 @@ index 2240916ff4..2a61f1a23a 100644 ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 6fc0f35114..c26c6d0182 100644 +index 5fb04d15c3..0c35685846 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -933,6 +933,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); +@@ -936,6 +936,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); const EVP_CIPHER *EVP_chacha20(void); # ifndef OPENSSL_NO_POLY1305 const EVP_CIPHER *EVP_chacha20_poly1305(void); @@ -303,7 +303,7 @@ index 6fc0f35114..c26c6d0182 100644 # endif diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h -index a0d4eed358..6ab0a3bd3f 100644 +index 147bad12db..6e9f141ba5 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4833,6 +4833,10 @@ @@ -312,13 +312,13 @@ index a0d4eed358..6ab0a3bd3f 100644 +#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D" +#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft" -+#define NID_chacha20_poly1305_draft 1206 ++#define NID_chacha20_poly1305_draft 1207 + #define SN_chacha20 "ChaCha20" #define LN_chacha20 "chacha20" #define NID_chacha20 1019 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index f4b17f1beb..bb3fe66300 100644 +index 7219d83420..b569270f84 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -125,6 +125,7 @@ extern "C" { @@ -372,7 +372,7 @@ index 4db2b6a0db..5b07fb3cba 100644 # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 5ea2c2d029..5877f6876c 100644 +index 3238fd9b7e..c281fed428 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2083,6 +2083,54 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -431,7 +431,7 @@ index 5ea2c2d029..5877f6876c 100644 1, TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 5aa04dbd53..8b2b7e7b36 100644 +index 6cb8b33b5b..d94adfc6a2 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -44,7 +44,8 @@ @@ -480,7 +480,7 @@ index 5aa04dbd53..8b2b7e7b36 100644 } else if (c->algorithm_mac & SSL_AEAD) { /* We're supposed to have handled all the AEAD modes above */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 4a72864980..5da1a0f0c0 100644 +index a61987f327..898932910f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -234,12 +234,13 @@ @@ -499,11 +499,11 @@ index 4a72864980..5da1a0f0c0 100644 # define SSL_ARIA (SSL_ARIAGCM) diff --git a/util/libcrypto.num b/util/libcrypto.num -index 010f8686d5..e6ae934b4d 100644 +index 0b181070eb..c4b68ae6ca 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num -@@ -4804,3 +4804,4 @@ EVP_KDF_CTX_new 4751 3_0_0 EXIST::FUNCTION: - EVP_KDF_CTX_kdf 4752 3_0_0 EXIST::FUNCTION: - EVP_KDF_nid 4753 3_0_0 EXIST::FUNCTION: - EVP_get_kdfbyname 4754 3_0_0 EXIST::FUNCTION: -+EVP_chacha20_poly1305_draft 4755 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305 +@@ -4832,3 +4832,4 @@ OPENSSL_CTX_get0_private_drbg 4776 3_0_0 EXIST::FUNCTION: + BN_CTX_new_ex 4777 3_0_0 EXIST::FUNCTION: + BN_CTX_secure_new_ex 4778 3_0_0 EXIST::FUNCTION: + OPENSSL_thread_stop_ex 4779 3_0_0 EXIST::FUNCTION: ++EVP_chacha20_poly1305_draft 4780 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305 diff --git a/openssl-equal-3.0.0-dev.patch b/openssl-equal-3.0.0-dev.patch index e430ff4..5bf1615 100644 --- a/openssl-equal-3.0.0-dev.patch +++ b/openssl-equal-3.0.0-dev.patch @@ -1,8 +1,8 @@ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 8ad85f5025..17de01ad22 100644 +index 23c0ddae4f..f1663dec44 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt -@@ -2925,6 +2925,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key +@@ -2943,6 +2943,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\ mixed handshake and non handshake data @@ -11,7 +11,7 @@ index 8ad85f5025..17de01ad22 100644 SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate SSL_R_NOT_SERVER:284:not server -@@ -3031,7 +3033,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines +@@ -3049,7 +3051,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data @@ -48,10 +48,10 @@ index e29c5d7ced..7d795c390e 100644 The following lists give the SSL or TLS cipher suites names from the diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index 7f776f97f7..bef78d6c2c 100644 +index 385fda37a4..ece73c495c 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h -@@ -600,6 +600,8 @@ int ERR_load_SSL_strings(void); +@@ -601,6 +601,8 @@ int ERR_load_SSL_strings(void); # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 @@ -60,7 +60,7 @@ index 7f776f97f7..bef78d6c2c 100644 # define SSL_R_NOT_ON_RECORD_BOUNDARY 182 # define SSL_R_NOT_REPLACING_CERTIFICATE 289 # define SSL_R_NOT_SERVER 284 -@@ -730,7 +732,9 @@ int ERR_load_SSL_strings(void); +@@ -731,7 +733,9 @@ int ERR_load_SSL_strings(void); # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 # define SSL_R_UNEXPECTED_CCS_MESSAGE 262 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 @@ -71,7 +71,7 @@ index 7f776f97f7..bef78d6c2c 100644 # define SSL_R_UNINITIALIZED 276 # define SSL_R_UNKNOWN_ALERT_TYPE 246 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 5ea2c2d029..4c388ad992 100644 +index 3238fd9b7e..3bcb63886b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -168,7 +168,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -101,7 +101,7 @@ index 5ea2c2d029..4c388ad992 100644 DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, -@@ -4109,6 +4109,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +@@ -4110,6 +4110,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) return 1; } @@ -119,7 +119,7 @@ index 5ea2c2d029..4c388ad992 100644 /* * ssl3_choose_cipher - choose a cipher from those offered by the client * @s: SSL connection -@@ -4118,16 +4129,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +@@ -4119,16 +4130,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) * Returns the selected cipher or NULL when no common ciphers. */ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -150,7 +150,7 @@ index 5ea2c2d029..4c388ad992 100644 /* Let's see which ciphers we can support */ -@@ -4154,54 +4173,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4155,54 +4174,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } OSSL_TRACE_END(TLS_CIPHER); /* SUITE-B takes precedence over server preference and ChaCha priortiy */ @@ -208,7 +208,7 @@ index 5ea2c2d029..4c388ad992 100644 allow = srvr; } -@@ -4232,14 +4210,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4233,14 +4211,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { c = sk_SSL_CIPHER_value(prio, i); @@ -227,7 +227,7 @@ index 5ea2c2d029..4c388ad992 100644 /* * Since TLS 1.3 ciphersuites can be used with any auth or -@@ -4261,10 +4241,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4262,10 +4242,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) @@ -240,7 +240,7 @@ index 5ea2c2d029..4c388ad992 100644 OSSL_TRACE7(TLS_CIPHER, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); -@@ -4280,6 +4260,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4281,6 +4261,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ok) continue; @@ -255,7 +255,7 @@ index 5ea2c2d029..4c388ad992 100644 } ii = sk_SSL_CIPHER_find(allow, c); if (ii >= 0) { -@@ -4287,14 +4275,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4288,14 +4276,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, c->strength_bits, 0, (void *)c)) continue; @@ -271,7 +271,7 @@ index 5ea2c2d029..4c388ad992 100644 if (prefer_sha256) { const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); -@@ -4306,13 +4287,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4307,13 +4288,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ret = tmp; continue; } @@ -315,7 +315,7 @@ index 5ea2c2d029..4c388ad992 100644 } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 5aa04dbd53..655e259c9b 100644 +index 6cb8b33b5b..7cb418a0d6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -193,6 +193,7 @@ typedef struct cipher_order_st { @@ -763,10 +763,10 @@ index 5aa04dbd53..655e259c9b 100644 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c -index afe1b58214..f38ac1558c 100644 +index daeee1ecc4..485f8b7eb5 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c -@@ -966,6 +966,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { +@@ -967,6 +967,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "missing tmp ecdh key"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA), "mixed handshake and non handshake data"}, @@ -776,7 +776,7 @@ index afe1b58214..f38ac1558c 100644 {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), "not on record boundary"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE), -@@ -1200,7 +1203,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { +@@ -1201,7 +1204,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "unexpected ccs message"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), "unexpected end of early data"}, @@ -789,10 +789,10 @@ index afe1b58214..f38ac1558c 100644 {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 89a410057b..88a037e6c4 100644 +index d15b743f50..0759bc639b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -1120,6 +1120,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +@@ -1122,6 +1122,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) return X509_VERIFY_PARAM_set1(ssl->param, vpm); } @@ -864,7 +864,7 @@ index 89a410057b..88a037e6c4 100644 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) { return ctx->param; -@@ -1164,7 +1229,8 @@ void SSL_free(SSL *s) +@@ -1166,7 +1231,8 @@ void SSL_free(SSL *s) BUF_MEM_free(s->init_buf); /* add extra stuff */ @@ -873,8 +873,8 @@ index 89a410057b..88a037e6c4 100644 + ssl_cipher_preference_list_free(s->cipher_list); sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->tls13_ciphersuites); - -@@ -2492,9 +2558,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) + sk_SSL_CIPHER_free(s->peer_ciphers); +@@ -2563,9 +2629,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s != NULL) { if (s->cipher_list != NULL) { @@ -886,7 +886,7 @@ index 89a410057b..88a037e6c4 100644 } } return NULL; -@@ -2568,8 +2634,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) +@@ -2639,8 +2705,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) * preference */ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { @@ -897,16 +897,16 @@ index 89a410057b..88a037e6c4 100644 return NULL; } -@@ -3018,7 +3084,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) +@@ -3088,7 +3154,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, - SSL_DEFAULT_CIPHER_LIST, ret->cert) + OSSL_default_cipher_list(), ret->cert) - || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + || sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } -@@ -3194,7 +3260,7 @@ void SSL_CTX_free(SSL_CTX *a) +@@ -3264,7 +3330,7 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_CT CTLOG_STORE_free(a->ctlog_store); #endif @@ -915,7 +915,7 @@ index 89a410057b..88a037e6c4 100644 sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->tls13_ciphersuites); ssl_cert_free(a->cert); -@@ -3870,13 +3936,15 @@ SSL *SSL_dup(SSL *s) +@@ -3940,13 +4006,15 @@ SSL *SSL_dup(SSL *s) /* dup the cipher_list and cipher_list_by_id stacks */ if (s->cipher_list != NULL) { @@ -936,10 +936,10 @@ index 89a410057b..88a037e6c4 100644 /* Dup the client_CA list */ if (!dup_ca_names(&ret->ca_names, s->ca_names) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 4a72864980..20954aea62 100644 +index a61987f327..e03be541e1 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h -@@ -744,9 +744,46 @@ typedef struct ssl_ctx_ext_secure_st { +@@ -737,9 +737,46 @@ typedef struct ssl_ctx_ext_secure_st { unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; } SSL_CTX_EXT_SECURE; @@ -987,16 +987,16 @@ index 4a72864980..20954aea62 100644 /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ -@@ -1319,7 +1356,7 @@ struct ssl_st { - /* Per connection DANE state */ +@@ -1314,7 +1351,7 @@ struct ssl_st { SSL_DANE dane; /* crypto */ + STACK_OF(SSL_CIPHER) *peer_ciphers; - STACK_OF(SSL_CIPHER) *cipher_list; + struct ssl_cipher_preference_list_st *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ STACK_OF(SSL_CIPHER) *tls13_ciphersuites; -@@ -2278,7 +2315,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, +@@ -2287,7 +2324,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, @@ -1005,7 +1005,7 @@ index 4a72864980..20954aea62 100644 STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); -@@ -2288,6 +2325,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, +@@ -2297,6 +2334,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, int fatal); void ssl_update_cache(SSL *s, int mode); @@ -1019,7 +1019,7 @@ index 4a72864980..20954aea62 100644 __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, size_t *mac_secret_size, SSL_COMP **comp, -@@ -2371,7 +2415,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, +@@ -2382,7 +2426,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, @@ -1029,10 +1029,10 @@ index 4a72864980..20954aea62 100644 __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index fe495a3a68..cdfbfbd52b 100644 +index 79c2aa0ede..a39647431f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c -@@ -1755,7 +1755,7 @@ static int tls_early_post_process_client_hello(SSL *s) +@@ -1749,7 +1749,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* For TLSv1.3 we must select the ciphersuite *before* session resumption */ if (SSL_IS_TLS13(s)) { const SSL_CIPHER *cipher = @@ -1041,33 +1041,33 @@ index fe495a3a68..cdfbfbd52b 100644 if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -@@ -1938,7 +1938,7 @@ static int tls_early_post_process_client_hello(SSL *s) +@@ -1932,7 +1932,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* check if some cipher was preferred by call back */ if (pref_cipher == NULL) - pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, + pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers, - SSL_get_ciphers(s)); + ssl_get_cipher_preferences(s)); if (pref_cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, -@@ -1947,8 +1947,9 @@ static int tls_early_post_process_client_hello(SSL *s) +@@ -1941,8 +1941,9 @@ static int tls_early_post_process_client_hello(SSL *s) } s->session->cipher = pref_cipher; - sk_SSL_CIPHER_free(s->cipher_list); -- s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); +- s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers); + ssl_cipher_preference_list_free(s->cipher_list); + s->cipher_list = ssl_cipher_preference_list_from_ciphers( + s->session->ciphers); sk_SSL_CIPHER_free(s->cipher_list_by_id); - s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); + s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers); } -@@ -2262,7 +2263,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) +@@ -2256,7 +2257,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) /* In TLSv1.3 we selected the ciphersuite before resumption */ if (!SSL_IS_TLS13(s)) { cipher = -- ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); -+ ssl3_choose_cipher(s, s->session->ciphers, ssl_get_cipher_preferences(s)); +- ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); ++ ssl3_choose_cipher(s, s->peer_ciphers, ssl_get_cipher_preferences(s)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, diff --git a/openssl-equal-3.0.0-dev_ciphers.patch b/openssl-equal-3.0.0-dev_ciphers.patch index 8481414..585861f 100644 --- a/openssl-equal-3.0.0-dev_ciphers.patch +++ b/openssl-equal-3.0.0-dev_ciphers.patch @@ -1,8 +1,8 @@ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 8ad85f5025..17de01ad22 100644 +index 23c0ddae4f..f1663dec44 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt -@@ -2925,6 +2925,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key +@@ -2943,6 +2943,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\ mixed handshake and non handshake data @@ -11,7 +11,7 @@ index 8ad85f5025..17de01ad22 100644 SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate SSL_R_NOT_SERVER:284:not server -@@ -3031,7 +3033,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines +@@ -3049,7 +3051,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data @@ -48,10 +48,10 @@ index e29c5d7ced..7d795c390e 100644 The following lists give the SSL or TLS cipher suites names from the diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index 7f776f97f7..bef78d6c2c 100644 +index 385fda37a4..ece73c495c 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h -@@ -600,6 +600,8 @@ int ERR_load_SSL_strings(void); +@@ -601,6 +601,8 @@ int ERR_load_SSL_strings(void); # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 @@ -60,7 +60,7 @@ index 7f776f97f7..bef78d6c2c 100644 # define SSL_R_NOT_ON_RECORD_BOUNDARY 182 # define SSL_R_NOT_REPLACING_CERTIFICATE 289 # define SSL_R_NOT_SERVER 284 -@@ -730,7 +732,9 @@ int ERR_load_SSL_strings(void); +@@ -731,7 +733,9 @@ int ERR_load_SSL_strings(void); # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 # define SSL_R_UNEXPECTED_CCS_MESSAGE 262 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 @@ -71,7 +71,7 @@ index 7f776f97f7..bef78d6c2c 100644 # define SSL_R_UNINITIALIZED 276 # define SSL_R_UNKNOWN_ALERT_TYPE 246 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 5ea2c2d029..30361e6d58 100644 +index 3238fd9b7e..07136c6976 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -32,7 +32,25 @@ const unsigned char tls12downgrade[] = { @@ -128,6 +128,15 @@ index 5ea2c2d029..30361e6d58 100644 SSL_3DES, SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, ++ SSL3_VERSION, TLS1_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, +@@ -200,7 +206,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_aRSA, + SSL_3DES, + SSL_SHA1, +- SSL3_VERSION, TLS1_2_VERSION, + SSL3_VERSION, TLS1_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, @@ -137,6 +146,15 @@ index 5ea2c2d029..30361e6d58 100644 SSL_AES128, SSL_SHA1, - SSL3_VERSION, TLS1_2_VERSION, ++ SSL3_VERSION, TLS1_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, +@@ -265,7 +271,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_aRSA, + SSL_AES128, + SSL_SHA1, +- SSL3_VERSION, TLS1_2_VERSION, + SSL3_VERSION, TLS1_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, @@ -150,7 +168,16 @@ index 5ea2c2d029..30361e6d58 100644 DTLS1_BAD_VER, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, -@@ -4109,6 +4115,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +@@ -329,7 +335,7 @@ static SSL_CIPHER ssl3_ciphers[] = { + SSL_aRSA, + SSL_AES256, + SSL_SHA1, +- SSL3_VERSION, TLS1_2_VERSION, ++ SSL3_VERSION, TLS1_VERSION, + DTLS1_BAD_VER, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, +@@ -4110,6 +4116,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) return 1; } @@ -168,7 +195,7 @@ index 5ea2c2d029..30361e6d58 100644 /* * ssl3_choose_cipher - choose a cipher from those offered by the client * @s: SSL connection -@@ -4118,16 +4135,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) +@@ -4119,16 +4136,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) * Returns the selected cipher or NULL when no common ciphers. */ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -199,7 +226,7 @@ index 5ea2c2d029..30361e6d58 100644 /* Let's see which ciphers we can support */ -@@ -4154,54 +4179,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4155,54 +4180,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } OSSL_TRACE_END(TLS_CIPHER); /* SUITE-B takes precedence over server preference and ChaCha priortiy */ @@ -257,7 +284,7 @@ index 5ea2c2d029..30361e6d58 100644 allow = srvr; } -@@ -4232,14 +4216,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4233,14 +4217,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { c = sk_SSL_CIPHER_value(prio, i); @@ -276,7 +303,7 @@ index 5ea2c2d029..30361e6d58 100644 /* * Since TLS 1.3 ciphersuites can be used with any auth or -@@ -4261,10 +4247,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4262,10 +4248,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) @@ -289,7 +316,7 @@ index 5ea2c2d029..30361e6d58 100644 OSSL_TRACE7(TLS_CIPHER, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name); -@@ -4280,6 +4266,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4281,6 +4267,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ok) continue; @@ -304,7 +331,7 @@ index 5ea2c2d029..30361e6d58 100644 } ii = sk_SSL_CIPHER_find(allow, c); if (ii >= 0) { -@@ -4287,14 +4281,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4288,14 +4282,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, c->strength_bits, 0, (void *)c)) continue; @@ -320,7 +347,7 @@ index 5ea2c2d029..30361e6d58 100644 if (prefer_sha256) { const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); -@@ -4306,13 +4293,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4307,13 +4294,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, ret = tmp; continue; } @@ -364,7 +391,7 @@ index 5ea2c2d029..30361e6d58 100644 } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 5aa04dbd53..655e259c9b 100644 +index 6cb8b33b5b..7cb418a0d6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -193,6 +193,7 @@ typedef struct cipher_order_st { @@ -812,10 +839,10 @@ index 5aa04dbd53..655e259c9b 100644 char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c -index afe1b58214..f38ac1558c 100644 +index daeee1ecc4..485f8b7eb5 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c -@@ -966,6 +966,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { +@@ -967,6 +967,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "missing tmp ecdh key"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA), "mixed handshake and non handshake data"}, @@ -825,7 +852,7 @@ index afe1b58214..f38ac1558c 100644 {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), "not on record boundary"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE), -@@ -1200,7 +1203,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { +@@ -1201,7 +1204,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "unexpected ccs message"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), "unexpected end of early data"}, @@ -838,10 +865,10 @@ index afe1b58214..f38ac1558c 100644 {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 89a410057b..c81c7304a7 100644 +index d15b743f50..0759bc639b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -1120,6 +1120,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +@@ -1122,6 +1122,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) return X509_VERIFY_PARAM_set1(ssl->param, vpm); } @@ -913,7 +940,7 @@ index 89a410057b..c81c7304a7 100644 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) { return ctx->param; -@@ -1164,7 +1229,8 @@ void SSL_free(SSL *s) +@@ -1166,7 +1231,8 @@ void SSL_free(SSL *s) BUF_MEM_free(s->init_buf); /* add extra stuff */ @@ -922,8 +949,8 @@ index 89a410057b..c81c7304a7 100644 + ssl_cipher_preference_list_free(s->cipher_list); sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->tls13_ciphersuites); - -@@ -2492,9 +2558,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) + sk_SSL_CIPHER_free(s->peer_ciphers); +@@ -2563,9 +2629,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s != NULL) { if (s->cipher_list != NULL) { @@ -935,7 +962,7 @@ index 89a410057b..c81c7304a7 100644 } } return NULL; -@@ -2568,29 +2634,22 @@ const char *SSL_get_cipher_list(const SSL *s, int n) +@@ -2639,8 +2705,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) * preference */ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { @@ -946,40 +973,16 @@ index 89a410057b..c81c7304a7 100644 return NULL; } - /* - * Distinguish between ciphers controlled by set_ciphersuite() and - * set_cipher_list() when counting. -+ * Enabled "TLS13+AESGCM+AES128" or the others. - */ - static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk) - { -- int i, num = 0; -- const SSL_CIPHER *c; -- - if (sk == NULL) - return 0; -- for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { -- c = sk_SSL_CIPHER_value(sk, i); -- if (c->min_tls >= TLS1_3_VERSION) -- continue; -- num++; -- } -- return num; -+ else -+ return sk_SSL_CIPHER_num(sk); - } - - /** specify the ciphers to be used by default by the SSL_CTX */ -@@ -3018,7 +3077,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) +@@ -3088,7 +3154,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, - SSL_DEFAULT_CIPHER_LIST, ret->cert) + OSSL_default_cipher_list(), ret->cert) - || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { + || sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } -@@ -3194,7 +3253,7 @@ void SSL_CTX_free(SSL_CTX *a) +@@ -3264,7 +3330,7 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_CT CTLOG_STORE_free(a->ctlog_store); #endif @@ -988,7 +991,7 @@ index 89a410057b..c81c7304a7 100644 sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->tls13_ciphersuites); ssl_cert_free(a->cert); -@@ -3870,13 +3929,15 @@ SSL *SSL_dup(SSL *s) +@@ -3940,13 +4006,15 @@ SSL *SSL_dup(SSL *s) /* dup the cipher_list and cipher_list_by_id stacks */ if (s->cipher_list != NULL) { @@ -1009,10 +1012,10 @@ index 89a410057b..c81c7304a7 100644 /* Dup the client_CA list */ if (!dup_ca_names(&ret->ca_names, s->ca_names) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 4a72864980..20954aea62 100644 +index a61987f327..e03be541e1 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h -@@ -744,9 +744,46 @@ typedef struct ssl_ctx_ext_secure_st { +@@ -737,9 +737,46 @@ typedef struct ssl_ctx_ext_secure_st { unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; } SSL_CTX_EXT_SECURE; @@ -1060,16 +1063,16 @@ index 4a72864980..20954aea62 100644 /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ -@@ -1319,7 +1356,7 @@ struct ssl_st { - /* Per connection DANE state */ +@@ -1314,7 +1351,7 @@ struct ssl_st { SSL_DANE dane; /* crypto */ + STACK_OF(SSL_CIPHER) *peer_ciphers; - STACK_OF(SSL_CIPHER) *cipher_list; + struct ssl_cipher_preference_list_st *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ STACK_OF(SSL_CIPHER) *tls13_ciphersuites; -@@ -2278,7 +2315,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, +@@ -2287,7 +2324,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, @@ -1078,7 +1081,7 @@ index 4a72864980..20954aea62 100644 STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); -@@ -2288,6 +2325,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, +@@ -2297,6 +2334,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, int fatal); void ssl_update_cache(SSL *s, int mode); @@ -1092,7 +1095,7 @@ index 4a72864980..20954aea62 100644 __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, size_t *mac_secret_size, SSL_COMP **comp, -@@ -2371,7 +2415,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, +@@ -2382,7 +2426,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, @@ -1102,10 +1105,10 @@ index 4a72864980..20954aea62 100644 __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index fe495a3a68..cdfbfbd52b 100644 +index 79c2aa0ede..a39647431f 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c -@@ -1755,7 +1755,7 @@ static int tls_early_post_process_client_hello(SSL *s) +@@ -1749,7 +1749,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* For TLSv1.3 we must select the ciphersuite *before* session resumption */ if (SSL_IS_TLS13(s)) { const SSL_CIPHER *cipher = @@ -1114,33 +1117,33 @@ index fe495a3a68..cdfbfbd52b 100644 if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, -@@ -1938,7 +1938,7 @@ static int tls_early_post_process_client_hello(SSL *s) +@@ -1932,7 +1932,7 @@ static int tls_early_post_process_client_hello(SSL *s) /* check if some cipher was preferred by call back */ if (pref_cipher == NULL) - pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, + pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers, - SSL_get_ciphers(s)); + ssl_get_cipher_preferences(s)); if (pref_cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, -@@ -1947,8 +1947,9 @@ static int tls_early_post_process_client_hello(SSL *s) +@@ -1941,8 +1941,9 @@ static int tls_early_post_process_client_hello(SSL *s) } s->session->cipher = pref_cipher; - sk_SSL_CIPHER_free(s->cipher_list); -- s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); +- s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers); + ssl_cipher_preference_list_free(s->cipher_list); + s->cipher_list = ssl_cipher_preference_list_from_ciphers( + s->session->ciphers); sk_SSL_CIPHER_free(s->cipher_list_by_id); - s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); + s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers); } -@@ -2262,7 +2263,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) +@@ -2256,7 +2257,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) /* In TLSv1.3 we selected the ciphersuite before resumption */ if (!SSL_IS_TLS13(s)) { cipher = -- ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s)); -+ ssl3_choose_cipher(s, s->session->ciphers, ssl_get_cipher_preferences(s)); +- ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s)); ++ ssl3_choose_cipher(s, s->peer_ciphers, ssl_get_cipher_preferences(s)); if (cipher == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,