jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Latest update.

pull/34/head
Hakase 2019-10-09 22:25:17 +09:00
parent 36464cea00
commit 95e30192f0
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
4 changed files with 84 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -31,7 +31,7 @@ Default support is in bold type.
- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final**
- [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
[Compatible OpenSSL-3.0.0-dev (OpenSSL, 24488 commits)](https://github.com/openssl/openssl/tree/20bf3d8b22f8c1a3529034007d3618fd1fc4fa16)
[Compatible OpenSSL-3.0.0-dev (OpenSSL, 24721 commits)](https://github.com/openssl/openssl/tree/6f02932edba62186a6866e8c9f0f0714674f6bab)
## Patch files

102
openssl-3.0.0-dev-chacha_draft.patch
View File

@ -1,5 +1,5 @@
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index a97eaa1685..24112723f0 100644
index df8e5a5bcb..81bab72bcf 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -265,6 +265,7 @@ void openssl_add_all_ciphers_int(void)
@ -11,7 +11,7 @@ index a97eaa1685..24112723f0 100644
#endif
}
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index 570378b1af..46eb33910a 100644
index b7340b147d..4080db7554 100644
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -156,6 +156,7 @@ typedef struct {
@ -220,69 +220,69 @@ index 570378b1af..46eb33910a 100644
# endif
#endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 0beeacfa40..8b3737f363 100644
index a719df8e3d..fa1690cc7c 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1084,7 +1084,7 @@ static const unsigned char so[7813] = {
0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7804] OBJ_SM2_with_SM3 */
@@ -1087,7 +1087,7 @@ static const unsigned char so[7837] = {
0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x07, /* [ 7828] OBJ_SRVName */
};
-#define NUM_NID 1208
+#define NUM_NID 1209
-#define NUM_NID 1211
+#define NUM_NID 1212
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2294,9 +2294,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"SSKDF", "sskdf", NID_sskdf},
{"X963KDF", "x963kdf", NID_x963kdf},
{"X942KDF", "x942kdf", NID_x942kdf},
@@ -2300,9 +2300,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"id-on-SmtpUTF8Mailbox", "Smtp UTF8 Mailbox", NID_id_on_SmtpUTF8Mailbox, 8, &so[7812]},
{"id-on-xmppAddr", "XmppAddr", NID_XmppAddr, 8, &so[7820]},
{"id-on-dnsSRV", "SRVName", NID_SRVName, 8, &so[7828]},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
};
-#define NUM_SN 1199
+#define NUM_SN 1200
-#define NUM_SN 1202
+#define NUM_SN 1203
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@@ -2419,6 +2420,7 @@ static const unsigned int sn_objs[NUM_SN] = {
@@ -2425,6 +2426,7 @@ static const unsigned int sn_objs[NUM_SN] = {
417, /* "CSPName" */
1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */
+ 1208, /* "ChaCha20-Poly1305-D" */
+ 1211, /* "ChaCha20-Poly1305-D" */
367, /* "CrlID" */
391, /* "DC" */
31, /* "DES-CBC" */
@@ -3499,7 +3501,7 @@ static const unsigned int sn_objs[NUM_SN] = {
@@ -3508,7 +3510,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
-#define NUM_LN 1199
+#define NUM_LN 1200
-#define NUM_LN 1202
+#define NUM_LN 1203
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@@ -3884,6 +3886,7 @@ static const unsigned int ln_objs[NUM_LN] = {
@@ -3896,6 +3898,7 @@ static const unsigned int ln_objs[NUM_LN] = {
883, /* "certificateRevocationList" */
1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */
+ 1208, /* "chacha20-poly1305-draft" */
+ 1211, /* "chacha20-poly1305-draft" */
54, /* "challengePassword" */
407, /* "characteristic-two-field" */
395, /* "clearance" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 022e64277c..4751e56115 100644
index 3ab2524244..4e801247be 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1205,3 +1205,4 @@ SM2_with_SM3 1204
sskdf 1205
x963kdf 1206
x942kdf 1207
+chacha20_poly1305_draft 1208
@@ -1208,3 +1208,4 @@ x942kdf 1207
id_on_SmtpUTF8Mailbox 1208
XmppAddr 1209
SRVName 1210
+chacha20_poly1305_draft 1211
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 47cf2f183d..660bcd8521 100644
index 8833acd500..340c0e67be 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1545,6 +1545,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
@@ -1548,6 +1548,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
: ChaCha20-Poly1305 : chacha20-poly1305
@ -291,10 +291,10 @@ index 47cf2f183d..660bcd8521 100644
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index bbdc2b75c1..0c4b51d6c5 100644
index 99eef2461d..fb3fd5dca2 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -959,6 +959,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
@@ -976,6 +976,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
const EVP_CIPHER *EVP_chacha20(void);
# ifndef OPENSSL_NO_POLY1305
const EVP_CIPHER *EVP_chacha20_poly1305(void);
@ -303,25 +303,25 @@ index bbdc2b75c1..0c4b51d6c5 100644
# endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 930a7a919e..d08a9e3b26 100644
index 4fb8601bf1..ff6c268ebc 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4837,6 +4837,10 @@
@@ -4852,6 +4852,10 @@
#define LN_chacha20_poly1305 "chacha20-poly1305"
#define NID_chacha20_poly1305 1018
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1208
+#define NID_chacha20_poly1305_draft 1211
+
#define SN_chacha20 "ChaCha20"
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 93f6bbc8f8..f11e312b54 100644
index 35477d9cb7..e94eaafb9a 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" {
@@ -131,6 +131,7 @@ extern "C" {
# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
# define SSL_TXT_CAMELLIA "CAMELLIA"
# define SSL_TXT_CHACHA20 "CHACHA20"
@ -330,10 +330,10 @@ index 93f6bbc8f8..f11e312b54 100644
# define SSL_TXT_ARIA "ARIA"
# define SSL_TXT_ARIA_GCM "ARIAGCM"
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index f587f2a488..37ea3bdca4 100644
index 62a1763623..8e5c35daeb 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -567,7 +567,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -573,7 +573,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B
@ -347,7 +347,7 @@ index f587f2a488..37ea3bdca4 100644
# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8
# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9
# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA
@@ -732,6 +737,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -738,6 +743,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
@ -357,7 +357,7 @@ index f587f2a488..37ea3bdca4 100644
# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
@@ -1060,7 +1068,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@@ -1066,7 +1074,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384"
@ -372,7 +372,7 @@ index f587f2a488..37ea3bdca4 100644
# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d23f932ce9..b02cc2d895 100644
index a329915ac9..6c68e257e1 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2083,6 +2083,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
@ -431,7 +431,7 @@ index d23f932ce9..b02cc2d895 100644
1,
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index e427c407fc..0eb10f35b1 100644
index d047b8ff5d..1f8e19b7a2 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -44,7 +44,8 @@
@ -479,10 +479,10 @@ index e427c407fc..0eb10f35b1 100644
out = 16;
} else if (c->algorithm_mac & SSL_AEAD) {
/* We're supposed to have handled all the AEAD modes above */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index b66979b4da..195267cb5e 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index c6f0af7922..b5034d5fa3 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -234,12 +234,13 @@
# define SSL_CHACHA20POLY1305 0x00080000U
# define SSL_ARIA128GCM 0x00100000U
@ -499,11 +499,11 @@ index b66979b4da..195267cb5e 100644
# define SSL_ARIA (SSL_ARIAGCM)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 1b14b440dc..0c27ed1138 100644
index 90c355bfbe..3c3134dff3 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4764,3 +4764,4 @@ ERR_peek_last_error_data 4880 3_0_0 EXIST::FUNCTION:
ERR_peek_last_error_all 4881 3_0_0 EXIST::FUNCTION:
EVP_CIPHER_is_a 4882 3_0_0 EXIST::FUNCTION:
EVP_MAC_is_a 4883 3_0_0 EXIST::FUNCTION:
+EVP_chacha20_poly1305_draft 4884 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305
@@ -4826,3 +4826,4 @@ EVP_DigestSignInit_ex 4942 3_0_0 EXIST::FUNCTION:
EVP_DigestSignUpdate 4943 3_0_0 EXIST::FUNCTION:
EVP_DigestVerifyInit_ex 4944 3_0_0 EXIST::FUNCTION:
EVP_DigestVerifyUpdate 4945 3_0_0 EXIST::FUNCTION:
+EVP_chacha20_poly1305_draft 4946 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305

32
openssl-equal-3.0.0-dev.patch
View File

@ -1,8 +1,8 @@
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 700f1da20f..fc9001fb76 100644
index ac170dea6a..a6238dabb1 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -3000,6 +3000,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
@@ -3016,6 +3016,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
mixed handshake and non handshake data
@ -11,7 +11,7 @@ index 700f1da20f..fc9001fb76 100644
SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
SSL_R_NOT_SERVER:284:not server
@@ -3106,7 +3108,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
@@ -3122,7 +3124,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
@ -22,10 +22,10 @@ index 700f1da20f..fc9001fb76 100644
SSL_R_UNINITIALIZED:276:uninitialized
SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
diff --git a/doc/man1/openssl-ciphers.pod b/doc/man1/openssl-ciphers.pod
index 7e498333c6..1d4e0a894e 100644
index e0fd549b96..a37a3e1384 100644
--- a/doc/man1/openssl-ciphers.pod
+++ b/doc/man1/openssl-ciphers.pod
@@ -399,6 +399,21 @@ permissible.
@@ -401,6 +401,21 @@ permissible.
=back
@ -48,10 +48,10 @@ index 7e498333c6..1d4e0a894e 100644
The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index d8d3cea5d8..d260e0bcde 100644
index 87c6465edc..6042bc4b61 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -603,6 +603,8 @@ int ERR_load_SSL_strings(void);
@@ -609,6 +609,8 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
@ -60,7 +60,7 @@ index d8d3cea5d8..d260e0bcde 100644
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182
# define SSL_R_NOT_REPLACING_CERTIFICATE 289
# define SSL_R_NOT_SERVER 284
@@ -733,7 +735,9 @@ int ERR_load_SSL_strings(void);
@@ -739,7 +741,9 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
@ -71,7 +71,7 @@ index d8d3cea5d8..d260e0bcde 100644
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d23f932ce9..8ec4166c6d 100644
index a329915ac9..4a45bbc990 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -168,7 +168,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
@ -315,7 +315,7 @@ index d23f932ce9..8ec4166c6d 100644
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index e427c407fc..7b6c78fbe8 100644
index d047b8ff5d..c0cff5da78 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -193,6 +193,7 @@ typedef struct cipher_order_st {
@ -793,7 +793,7 @@ index fc81948815..b703f8c8ad 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 0d40ecaec9..1f1ed9b714 100644
index 120566d8e6..cbe6b9e6b2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1127,6 +1127,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@ -939,10 +939,10 @@ index 0d40ecaec9..1f1ed9b714 100644
/* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index b66979b4da..80109b925c 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index c6f0af7922..23e748dea9 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -737,9 +737,46 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE;
@ -1033,7 +1033,7 @@ index b66979b4da..80109b925c 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index acd3e27087..840006dd47 100644
index 5f709e5f99..961c0157bb 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1749,7 +1749,7 @@ static int tls_early_post_process_client_hello(SSL *s)

32
openssl-equal-3.0.0-dev_ciphers.patch
View File

@ -1,8 +1,8 @@
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 700f1da20f..fc9001fb76 100644
index ac170dea6a..a6238dabb1 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -3000,6 +3000,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
@@ -3016,6 +3016,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
mixed handshake and non handshake data
@ -11,7 +11,7 @@ index 700f1da20f..fc9001fb76 100644
SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
SSL_R_NOT_SERVER:284:not server
@@ -3106,7 +3108,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
@@ -3122,7 +3124,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
@ -22,10 +22,10 @@ index 700f1da20f..fc9001fb76 100644
SSL_R_UNINITIALIZED:276:uninitialized
SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
diff --git a/doc/man1/openssl-ciphers.pod b/doc/man1/openssl-ciphers.pod
index 7e498333c6..1d4e0a894e 100644
index e0fd549b96..a37a3e1384 100644
--- a/doc/man1/openssl-ciphers.pod
+++ b/doc/man1/openssl-ciphers.pod
@@ -399,6 +399,21 @@ permissible.
@@ -401,6 +401,21 @@ permissible.
=back
@ -48,10 +48,10 @@ index 7e498333c6..1d4e0a894e 100644
The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index d8d3cea5d8..d260e0bcde 100644
index 87c6465edc..6042bc4b61 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -603,6 +603,8 @@ int ERR_load_SSL_strings(void);
@@ -609,6 +609,8 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
@ -60,7 +60,7 @@ index d8d3cea5d8..d260e0bcde 100644
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182
# define SSL_R_NOT_REPLACING_CERTIFICATE 289
# define SSL_R_NOT_SERVER 284
@@ -733,7 +735,9 @@ int ERR_load_SSL_strings(void);
@@ -739,7 +741,9 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
@ -71,7 +71,7 @@ index d8d3cea5d8..d260e0bcde 100644
# define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index d23f932ce9..16240d337b 100644
index a329915ac9..3575a5b14e 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -32,7 +32,25 @@ const unsigned char tls12downgrade[] = {
@ -391,7 +391,7 @@ index d23f932ce9..16240d337b 100644
}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index e427c407fc..7b6c78fbe8 100644
index d047b8ff5d..c0cff5da78 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -193,6 +193,7 @@ typedef struct cipher_order_st {
@ -869,7 +869,7 @@ index fc81948815..b703f8c8ad 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 0d40ecaec9..1f1ed9b714 100644
index 120566d8e6..cbe6b9e6b2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1127,6 +1127,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
@ -1015,10 +1015,10 @@ index 0d40ecaec9..1f1ed9b714 100644
/* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index b66979b4da..80109b925c 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index c6f0af7922..23e748dea9 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -737,9 +737,46 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE;
@ -1109,7 +1109,7 @@ index b66979b4da..80109b925c 100644
__owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index acd3e27087..840006dd47 100644
index 5f709e5f99..961c0157bb 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1749,7 +1749,7 @@ static int tls_early_post_process_client_hello(SSL *s)