jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Update pre9 compatible

openssl-1.1.1
Hakase 2018-07-04 10:50:16 +09:00
parent 96cdc00d69
commit 8031759584
3 changed files with 36 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -17,7 +17,7 @@
**Support TLS 1.3 draft 28 browsers - _Chrome Canary, Firefox Nightly_**
[Compatible OpenSSL-1.1.1-pre9-dev (OpenSSL, 22444 commits)](https://github.com/openssl/openssl/tree/a091e212fc55244fe03a4c7db7d8978c5b5014cb)
[Compatible OpenSSL-1.1.1-pre9-dev (OpenSSL, 22461 commits)](https://github.com/openssl/openssl/tree/a9f3f1ccbbf84f4ef804ede82d4b072492b54c03)
## Patch files

36
openssl-equal-pre9.patch
View File

@ -1,5 +1,5 @@
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 3786e9a028..8dd0d2c028 100644
index e3278eb6db..8e43cdd028 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -418,6 +418,21 @@ permissible.
@ -25,7 +25,7 @@ index 3786e9a028..8dd0d2c028 100644
The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 943a8d6c9f..7cdb24fe53 100644
index bbcfb3c0b3..a4e0316980 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -173,12 +173,12 @@ extern "C" {
@ -819,10 +819,10 @@ index 9ce643ae8e..b88c534495 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6ced147ab8..1260b1dff3 100644
index 1387067b30..1dbc36139b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1108,6 +1108,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@@ -1111,6 +1111,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
}
@ -894,7 +894,7 @@ index 6ced147ab8..1260b1dff3 100644
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{
return ctx->param;
@@ -1148,7 +1213,8 @@ void SSL_free(SSL *s)
@@ -1151,7 +1216,8 @@ void SSL_free(SSL *s)
BUF_MEM_free(s->init_buf);
/* add extra stuff */
@ -904,7 +904,7 @@ index 6ced147ab8..1260b1dff3 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
@@ -2431,9 +2497,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
@@ -2434,9 +2500,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
{
if (s != NULL) {
if (s->cipher_list != NULL) {
@ -916,7 +916,7 @@ index 6ced147ab8..1260b1dff3 100644
}
}
return NULL;
@@ -2507,8 +2573,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
@@ -2510,8 +2576,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
* preference */
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
{
@ -927,7 +927,7 @@ index 6ced147ab8..1260b1dff3 100644
return NULL;
}
@@ -2932,7 +2998,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
@@ -2935,7 +3001,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -936,7 +936,7 @@ index 6ced147ab8..1260b1dff3 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -3095,7 +3161,7 @@ void SSL_CTX_free(SSL_CTX *a)
@@ -3098,7 +3164,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store);
#endif
@ -945,7 +945,7 @@ index 6ced147ab8..1260b1dff3 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
@@ -3750,13 +3816,15 @@ SSL *SSL_dup(SSL *s)
@@ -3754,13 +3820,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) {
@ -966,7 +966,7 @@ index 6ced147ab8..1260b1dff3 100644
/* Dup the client_CA list */
if (s->ca_names != NULL) {
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a4d1376cc3..cf5e252019 100644
index 6a2edeb190..53dbbd596c 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -736,9 +736,46 @@ typedef struct ssl_ctx_ext_secure_st {
@ -1017,7 +1017,7 @@ index a4d1376cc3..cf5e252019 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1115,7 +1152,7 @@ struct ssl_st {
@@ -1119,7 +1156,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
@ -1026,7 +1026,7 @@ index a4d1376cc3..cf5e252019 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2223,7 +2260,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
@@ -2232,7 +2269,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1035,7 +1035,7 @@ index a4d1376cc3..cf5e252019 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
@@ -2233,6 +2270,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
@@ -2242,6 +2279,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
@ -1049,7 +1049,7 @@ index a4d1376cc3..cf5e252019 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp,
@@ -2315,7 +2359,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
@@ -2324,7 +2368,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt,
@ -1086,10 +1086,10 @@ index cc4563b357..4fb02935e9 100644
/*
* The only protocol version we support which is valid in this extension in
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 91d304e2b4..38a1684793 100644
index 61fc3caa1c..68dd92a76c 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1708,8 +1708,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1717,8 +1717,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
/* TODO(TLS1.3): Remove this before release */
if (candidate_vers == TLS1_3_VERSION_DRAFT
@ -1101,7 +1101,7 @@ index 91d304e2b4..38a1684793 100644
&& orig_candidate > candidate_vers)
continue;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9c44be0301..d0a1600435 100644
index 5c59eb8b1e..92ff931982 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1710,7 +1710,7 @@ static int tls_early_post_process_client_hello(SSL *s)

34
openssl-equal-pre9_ciphers.patch
View File

@ -1,5 +1,5 @@
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 3786e9a028..8dd0d2c028 100644
index e3278eb6db..8e43cdd028 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -418,6 +418,21 @@ permissible.
@ -854,10 +854,10 @@ index 9ce643ae8e..b88c534495 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 6ced147ab8..1260b1dff3 100644
index 1387067b30..1dbc36139b 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1108,6 +1108,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@@ -1111,6 +1111,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
}
@ -929,7 +929,7 @@ index 6ced147ab8..1260b1dff3 100644
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{
return ctx->param;
@@ -1148,7 +1213,8 @@ void SSL_free(SSL *s)
@@ -1151,7 +1216,8 @@ void SSL_free(SSL *s)
BUF_MEM_free(s->init_buf);
/* add extra stuff */
@ -939,7 +939,7 @@ index 6ced147ab8..1260b1dff3 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
@@ -2431,9 +2497,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
@@ -2434,9 +2500,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
{
if (s != NULL) {
if (s->cipher_list != NULL) {
@ -951,7 +951,7 @@ index 6ced147ab8..1260b1dff3 100644
}
}
return NULL;
@@ -2507,8 +2573,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
@@ -2510,8 +2576,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
* preference */
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
{
@ -962,7 +962,7 @@ index 6ced147ab8..1260b1dff3 100644
return NULL;
}
@@ -2932,7 +2998,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
@@ -2935,7 +3001,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -971,7 +971,7 @@ index 6ced147ab8..1260b1dff3 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
}
@@ -3095,7 +3161,7 @@ void SSL_CTX_free(SSL_CTX *a)
@@ -3098,7 +3164,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store);
#endif
@ -980,7 +980,7 @@ index 6ced147ab8..1260b1dff3 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert);
@@ -3750,13 +3816,15 @@ SSL *SSL_dup(SSL *s)
@@ -3754,13 +3820,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) {
@ -1001,7 +1001,7 @@ index 6ced147ab8..1260b1dff3 100644
/* Dup the client_CA list */
if (s->ca_names != NULL) {
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index a4d1376cc3..cf5e252019 100644
index 6a2edeb190..53dbbd596c 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -736,9 +736,46 @@ typedef struct ssl_ctx_ext_secure_st {
@ -1052,7 +1052,7 @@ index a4d1376cc3..cf5e252019 100644
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
@@ -1115,7 +1152,7 @@ struct ssl_st {
@@ -1119,7 +1156,7 @@ struct ssl_st {
/* Per connection DANE state */
SSL_DANE dane;
/* crypto */
@ -1061,7 +1061,7 @@ index a4d1376cc3..cf5e252019 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2223,7 +2260,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
@@ -2232,7 +2269,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1070,7 +1070,7 @@ index a4d1376cc3..cf5e252019 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str,
CERT *c);
@@ -2233,6 +2270,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
@@ -2242,6 +2279,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal);
void ssl_update_cache(SSL *s, int mode);
@ -1084,7 +1084,7 @@ index a4d1376cc3..cf5e252019 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp,
@@ -2315,7 +2359,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
@@ -2324,7 +2368,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt,
@ -1121,10 +1121,10 @@ index cc4563b357..4fb02935e9 100644
/*
* The only protocol version we support which is valid in this extension in
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 91d304e2b4..38a1684793 100644
index 61fc3caa1c..68dd92a76c 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1708,8 +1708,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
@@ -1717,8 +1717,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
/* TODO(TLS1.3): Remove this before release */
if (candidate_vers == TLS1_3_VERSION_DRAFT
@ -1136,7 +1136,7 @@ index 91d304e2b4..38a1684793 100644
&& orig_candidate > candidate_vers)
continue;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 9c44be0301..d0a1600435 100644
index 5c59eb8b1e..92ff931982 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1710,7 +1710,7 @@ static int tls_early_post_process_client_hello(SSL *s)