From 7d0cb8964b55b14442b86ab64f87351bae013618 Mon Sep 17 00:00:00 2001
From: Hakase <hakase@hakase.app>
Date: Sat, 12 May 2018 06:37:37 +0900
Subject: [PATCH] Edit pre7_test

---
 openssl-equal-pre7_test.patch | 43 ++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/openssl-equal-pre7_test.patch b/openssl-equal-pre7_test.patch
index a603d70..23bea5d 100644
--- a/openssl-equal-pre7_test.patch
+++ b/openssl-equal-pre7_test.patch
@@ -71,7 +71,7 @@ index 8e395cdd2d..700d7b7b4e 100644
  # define SSL_R_UNINITIALIZED                              276
  # define SSL_R_UNKNOWN_ALERT_TYPE                         246
 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index c5f22359d5..98cdb21ff0 100644
+index c5f22359d5..561535bd96 100644
 --- a/ssl/s3_lib.c
 +++ b/ssl/s3_lib.c
 @@ -4095,6 +4095,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
@@ -128,13 +128,13 @@ index c5f22359d5..98cdb21ff0 100644
  
      /* SUITE-B takes precedence over server preference and ChaCha priortiy */
 -    if (tls1_suiteb(s)) {
+-        prio = srvr;
+-        allow = clnt;
+-    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
 +    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
          prio = srvr;
 +        in_group_flags = server_pref->in_group_flags;
          allow = clnt;
--    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
--        prio = srvr;
--        allow = clnt;
 -#ifndef OPENSSL_NO_CHACHA
 -        /* If ChaCha20 is at the top of the client preference list,
 -           and there are ChaCha20 ciphers in the server list, then
@@ -243,13 +243,27 @@ index c5f22359d5..98cdb21ff0 100644
          }
          ii = sk_SSL_CIPHER_find(allow, c);
          if (ii >= 0) {
-@@ -4272,16 +4272,36 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+@@ -4272,14 +4272,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
              if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
                                c->strength_bits, 0, (void *)c))
                  continue;
 -#if !defined(OPENSSL_NO_EC)
 -            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
 -                && s->s3->is_probably_safari) {
+-                if (!ret)
+-                    ret = sk_SSL_CIPHER_value(allow, ii);
+-                continue;
+-            }
+-#endif
++
+             if (prefer_sha256) {
+                 const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
+ 
+@@ -4291,13 +4284,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+                     ret = tmp;
+                 continue;
+             }
+-            ret = sk_SSL_CIPHER_value(allow, ii);
 +
 +            if (in_group_flags != NULL && in_group_flags[i] == 1) {
 +                /* This element of |prio| is in a group. Update
@@ -274,23 +288,10 @@ index c5f22359d5..98cdb21ff0 100644
 +            /* We are about to leave a group, but we found a match
 +             * in it, so that's our answer. */
 +            if (safari_ec) {
-                 if (!ret)
--                    ret = sk_SSL_CIPHER_value(allow, ii);
++                if (!ret)
 +                    ret = sk_SSL_CIPHER_value(allow, group_min);
-                 continue;
-             }
--#endif
-             if (prefer_sha256) {
--                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
-+                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, group_min);
- 
-                 if (ssl_md(tmp->algorithm2) == mdsha256) {
-                     ret = tmp;
-@@ -4291,13 +4311,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
-                     ret = tmp;
-                 continue;
-             }
--            ret = sk_SSL_CIPHER_value(allow, ii);
++                continue;
++            }
 +            ret = sk_SSL_CIPHER_value(allow, group_min);
              break;
          }