From 95e30192f0d867158c2be592067da64ca38bb00f Mon Sep 17 00:00:00 2001 From: Hakase Date: Wed, 9 Oct 2019 22:25:17 +0900 Subject: [PATCH] Latest update. --- README.md | 2 +- openssl-3.0.0-dev-chacha_draft.patch | 102 +++++++++++++------------- openssl-equal-3.0.0-dev.patch | 32 ++++---- openssl-equal-3.0.0-dev_ciphers.patch | 32 ++++---- 4 files changed, 84 insertions(+), 84 deletions(-) diff --git a/README.md b/README.md index 3c260a9..c01a961 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Default support is in bold type. - [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final** - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final** -[Compatible OpenSSL-3.0.0-dev (OpenSSL, 24488 commits)](https://github.com/openssl/openssl/tree/20bf3d8b22f8c1a3529034007d3618fd1fc4fa16) +[Compatible OpenSSL-3.0.0-dev (OpenSSL, 24721 commits)](https://github.com/openssl/openssl/tree/6f02932edba62186a6866e8c9f0f0714674f6bab) ## Patch files diff --git a/openssl-3.0.0-dev-chacha_draft.patch b/openssl-3.0.0-dev-chacha_draft.patch index 0590574..c19028d 100644 --- a/openssl-3.0.0-dev-chacha_draft.patch +++ b/openssl-3.0.0-dev-chacha_draft.patch @@ -1,5 +1,5 @@ diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c -index a97eaa1685..24112723f0 100644 +index df8e5a5bcb..81bab72bcf 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -265,6 +265,7 @@ void openssl_add_all_ciphers_int(void) @@ -11,7 +11,7 @@ index a97eaa1685..24112723f0 100644 #endif } diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c -index 570378b1af..46eb33910a 100644 +index b7340b147d..4080db7554 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -156,6 +156,7 @@ typedef struct { @@ -220,69 +220,69 @@ index 570378b1af..46eb33910a 100644 # endif #endif diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index 0beeacfa40..8b3737f363 100644 +index a719df8e3d..fa1690cc7c 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h -@@ -1084,7 +1084,7 @@ static const unsigned char so[7813] = { - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7804] OBJ_SM2_with_SM3 */ +@@ -1087,7 +1087,7 @@ static const unsigned char so[7837] = { + 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x07, /* [ 7828] OBJ_SRVName */ }; --#define NUM_NID 1208 -+#define NUM_NID 1209 +-#define NUM_NID 1211 ++#define NUM_NID 1212 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -@@ -2294,9 +2294,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"SSKDF", "sskdf", NID_sskdf}, - {"X963KDF", "x963kdf", NID_x963kdf}, - {"X942KDF", "x942kdf", NID_x942kdf}, +@@ -2300,9 +2300,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { + {"id-on-SmtpUTF8Mailbox", "Smtp UTF8 Mailbox", NID_id_on_SmtpUTF8Mailbox, 8, &so[7812]}, + {"id-on-xmppAddr", "XmppAddr", NID_XmppAddr, 8, &so[7820]}, + {"id-on-dnsSRV", "SRVName", NID_SRVName, 8, &so[7828]}, + {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft}, }; --#define NUM_SN 1199 -+#define NUM_SN 1200 +-#define NUM_SN 1202 ++#define NUM_SN 1203 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ -@@ -2419,6 +2420,7 @@ static const unsigned int sn_objs[NUM_SN] = { +@@ -2425,6 +2426,7 @@ static const unsigned int sn_objs[NUM_SN] = { 417, /* "CSPName" */ 1019, /* "ChaCha20" */ 1018, /* "ChaCha20-Poly1305" */ -+ 1208, /* "ChaCha20-Poly1305-D" */ ++ 1211, /* "ChaCha20-Poly1305-D" */ 367, /* "CrlID" */ 391, /* "DC" */ 31, /* "DES-CBC" */ -@@ -3499,7 +3501,7 @@ static const unsigned int sn_objs[NUM_SN] = { +@@ -3508,7 +3510,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; --#define NUM_LN 1199 -+#define NUM_LN 1200 +-#define NUM_LN 1202 ++#define NUM_LN 1203 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ -@@ -3884,6 +3886,7 @@ static const unsigned int ln_objs[NUM_LN] = { +@@ -3896,6 +3898,7 @@ static const unsigned int ln_objs[NUM_LN] = { 883, /* "certificateRevocationList" */ 1019, /* "chacha20" */ 1018, /* "chacha20-poly1305" */ -+ 1208, /* "chacha20-poly1305-draft" */ ++ 1211, /* "chacha20-poly1305-draft" */ 54, /* "challengePassword" */ 407, /* "characteristic-two-field" */ 395, /* "clearance" */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index 022e64277c..4751e56115 100644 +index 3ab2524244..4e801247be 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num -@@ -1205,3 +1205,4 @@ SM2_with_SM3 1204 - sskdf 1205 - x963kdf 1206 - x942kdf 1207 -+chacha20_poly1305_draft 1208 +@@ -1208,3 +1208,4 @@ x942kdf 1207 + id_on_SmtpUTF8Mailbox 1208 + XmppAddr 1209 + SRVName 1210 ++chacha20_poly1305_draft 1211 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index 47cf2f183d..660bcd8521 100644 +index 8833acd500..340c0e67be 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt -@@ -1545,6 +1545,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr +@@ -1548,6 +1548,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr : AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256 : AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256 : ChaCha20-Poly1305 : chacha20-poly1305 @@ -291,10 +291,10 @@ index 47cf2f183d..660bcd8521 100644 ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index bbdc2b75c1..0c4b51d6c5 100644 +index 99eef2461d..fb3fd5dca2 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -959,6 +959,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); +@@ -976,6 +976,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); const EVP_CIPHER *EVP_chacha20(void); # ifndef OPENSSL_NO_POLY1305 const EVP_CIPHER *EVP_chacha20_poly1305(void); @@ -303,25 +303,25 @@ index bbdc2b75c1..0c4b51d6c5 100644 # endif diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h -index 930a7a919e..d08a9e3b26 100644 +index 4fb8601bf1..ff6c268ebc 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h -@@ -4837,6 +4837,10 @@ +@@ -4852,6 +4852,10 @@ #define LN_chacha20_poly1305 "chacha20-poly1305" #define NID_chacha20_poly1305 1018 +#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D" +#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft" -+#define NID_chacha20_poly1305_draft 1208 ++#define NID_chacha20_poly1305_draft 1211 + #define SN_chacha20 "ChaCha20" #define LN_chacha20 "chacha20" #define NID_chacha20 1019 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index 93f6bbc8f8..f11e312b54 100644 +index 35477d9cb7..e94eaafb9a 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h -@@ -125,6 +125,7 @@ extern "C" { +@@ -131,6 +131,7 @@ extern "C" { # define SSL_TXT_CAMELLIA256 "CAMELLIA256" # define SSL_TXT_CAMELLIA "CAMELLIA" # define SSL_TXT_CHACHA20 "CHACHA20" @@ -330,10 +330,10 @@ index 93f6bbc8f8..f11e312b54 100644 # define SSL_TXT_ARIA "ARIA" # define SSL_TXT_ARIA_GCM "ARIAGCM" diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h -index f587f2a488..37ea3bdca4 100644 +index 62a1763623..8e5c35daeb 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h -@@ -567,7 +567,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) +@@ -573,7 +573,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A # define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B @@ -347,7 +347,7 @@ index f587f2a488..37ea3bdca4 100644 # define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 # define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 # define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA -@@ -732,6 +737,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) +@@ -738,6 +743,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" @@ -357,7 +357,7 @@ index f587f2a488..37ea3bdca4 100644 # define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256" # define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256" -@@ -1060,7 +1068,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) +@@ -1066,7 +1074,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" # define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" @@ -372,7 +372,7 @@ index f587f2a488..37ea3bdca4 100644 # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index d23f932ce9..b02cc2d895 100644 +index a329915ac9..6c68e257e1 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2083,6 +2083,54 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -431,7 +431,7 @@ index d23f932ce9..b02cc2d895 100644 1, TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index e427c407fc..0eb10f35b1 100644 +index d047b8ff5d..1f8e19b7a2 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -44,7 +44,8 @@ @@ -479,10 +479,10 @@ index e427c407fc..0eb10f35b1 100644 out = 16; } else if (c->algorithm_mac & SSL_AEAD) { /* We're supposed to have handled all the AEAD modes above */ -diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index b66979b4da..195267cb5e 100644 ---- a/ssl/ssl_locl.h -+++ b/ssl/ssl_locl.h +diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h +index c6f0af7922..b5034d5fa3 100644 +--- a/ssl/ssl_local.h ++++ b/ssl/ssl_local.h @@ -234,12 +234,13 @@ # define SSL_CHACHA20POLY1305 0x00080000U # define SSL_ARIA128GCM 0x00100000U @@ -499,11 +499,11 @@ index b66979b4da..195267cb5e 100644 # define SSL_ARIA (SSL_ARIAGCM) diff --git a/util/libcrypto.num b/util/libcrypto.num -index 1b14b440dc..0c27ed1138 100644 +index 90c355bfbe..3c3134dff3 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num -@@ -4764,3 +4764,4 @@ ERR_peek_last_error_data 4880 3_0_0 EXIST::FUNCTION: - ERR_peek_last_error_all 4881 3_0_0 EXIST::FUNCTION: - EVP_CIPHER_is_a 4882 3_0_0 EXIST::FUNCTION: - EVP_MAC_is_a 4883 3_0_0 EXIST::FUNCTION: -+EVP_chacha20_poly1305_draft 4884 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305 +@@ -4826,3 +4826,4 @@ EVP_DigestSignInit_ex 4942 3_0_0 EXIST::FUNCTION: + EVP_DigestSignUpdate 4943 3_0_0 EXIST::FUNCTION: + EVP_DigestVerifyInit_ex 4944 3_0_0 EXIST::FUNCTION: + EVP_DigestVerifyUpdate 4945 3_0_0 EXIST::FUNCTION: ++EVP_chacha20_poly1305_draft 4946 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305 diff --git a/openssl-equal-3.0.0-dev.patch b/openssl-equal-3.0.0-dev.patch index 6a87206..41c5b24 100644 --- a/openssl-equal-3.0.0-dev.patch +++ b/openssl-equal-3.0.0-dev.patch @@ -1,8 +1,8 @@ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 700f1da20f..fc9001fb76 100644 +index ac170dea6a..a6238dabb1 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt -@@ -3000,6 +3000,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key +@@ -3016,6 +3016,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\ mixed handshake and non handshake data @@ -11,7 +11,7 @@ index 700f1da20f..fc9001fb76 100644 SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate SSL_R_NOT_SERVER:284:not server -@@ -3106,7 +3108,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines +@@ -3122,7 +3124,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data @@ -22,10 +22,10 @@ index 700f1da20f..fc9001fb76 100644 SSL_R_UNINITIALIZED:276:uninitialized SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type diff --git a/doc/man1/openssl-ciphers.pod b/doc/man1/openssl-ciphers.pod -index 7e498333c6..1d4e0a894e 100644 +index e0fd549b96..a37a3e1384 100644 --- a/doc/man1/openssl-ciphers.pod +++ b/doc/man1/openssl-ciphers.pod -@@ -399,6 +399,21 @@ permissible. +@@ -401,6 +401,21 @@ permissible. =back @@ -48,10 +48,10 @@ index 7e498333c6..1d4e0a894e 100644 The following lists give the SSL or TLS cipher suites names from the diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index d8d3cea5d8..d260e0bcde 100644 +index 87c6465edc..6042bc4b61 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h -@@ -603,6 +603,8 @@ int ERR_load_SSL_strings(void); +@@ -609,6 +609,8 @@ int ERR_load_SSL_strings(void); # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 @@ -60,7 +60,7 @@ index d8d3cea5d8..d260e0bcde 100644 # define SSL_R_NOT_ON_RECORD_BOUNDARY 182 # define SSL_R_NOT_REPLACING_CERTIFICATE 289 # define SSL_R_NOT_SERVER 284 -@@ -733,7 +735,9 @@ int ERR_load_SSL_strings(void); +@@ -739,7 +741,9 @@ int ERR_load_SSL_strings(void); # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 # define SSL_R_UNEXPECTED_CCS_MESSAGE 262 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 @@ -71,7 +71,7 @@ index d8d3cea5d8..d260e0bcde 100644 # define SSL_R_UNINITIALIZED 276 # define SSL_R_UNKNOWN_ALERT_TYPE 246 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index d23f932ce9..8ec4166c6d 100644 +index a329915ac9..4a45bbc990 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -168,7 +168,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -315,7 +315,7 @@ index d23f932ce9..8ec4166c6d 100644 } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index e427c407fc..7b6c78fbe8 100644 +index d047b8ff5d..c0cff5da78 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -193,6 +193,7 @@ typedef struct cipher_order_st { @@ -793,7 +793,7 @@ index fc81948815..b703f8c8ad 100644 {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 0d40ecaec9..1f1ed9b714 100644 +index 120566d8e6..cbe6b9e6b2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1127,6 +1127,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) @@ -939,10 +939,10 @@ index 0d40ecaec9..1f1ed9b714 100644 /* Dup the client_CA list */ if (!dup_ca_names(&ret->ca_names, s->ca_names) -diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index b66979b4da..80109b925c 100644 ---- a/ssl/ssl_locl.h -+++ b/ssl/ssl_locl.h +diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h +index c6f0af7922..23e748dea9 100644 +--- a/ssl/ssl_local.h ++++ b/ssl/ssl_local.h @@ -737,9 +737,46 @@ typedef struct ssl_ctx_ext_secure_st { unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; } SSL_CTX_EXT_SECURE; @@ -1033,7 +1033,7 @@ index b66979b4da..80109b925c 100644 __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index acd3e27087..840006dd47 100644 +index 5f709e5f99..961c0157bb 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1749,7 +1749,7 @@ static int tls_early_post_process_client_hello(SSL *s) diff --git a/openssl-equal-3.0.0-dev_ciphers.patch b/openssl-equal-3.0.0-dev_ciphers.patch index 3a73477..1f32d5a 100644 --- a/openssl-equal-3.0.0-dev_ciphers.patch +++ b/openssl-equal-3.0.0-dev_ciphers.patch @@ -1,8 +1,8 @@ diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index 700f1da20f..fc9001fb76 100644 +index ac170dea6a..a6238dabb1 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt -@@ -3000,6 +3000,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key +@@ -3016,6 +3016,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\ mixed handshake and non handshake data @@ -11,7 +11,7 @@ index 700f1da20f..fc9001fb76 100644 SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate SSL_R_NOT_SERVER:284:not server -@@ -3106,7 +3108,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines +@@ -3122,7 +3124,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data @@ -22,10 +22,10 @@ index 700f1da20f..fc9001fb76 100644 SSL_R_UNINITIALIZED:276:uninitialized SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type diff --git a/doc/man1/openssl-ciphers.pod b/doc/man1/openssl-ciphers.pod -index 7e498333c6..1d4e0a894e 100644 +index e0fd549b96..a37a3e1384 100644 --- a/doc/man1/openssl-ciphers.pod +++ b/doc/man1/openssl-ciphers.pod -@@ -399,6 +399,21 @@ permissible. +@@ -401,6 +401,21 @@ permissible. =back @@ -48,10 +48,10 @@ index 7e498333c6..1d4e0a894e 100644 The following lists give the SSL or TLS cipher suites names from the diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index d8d3cea5d8..d260e0bcde 100644 +index 87c6465edc..6042bc4b61 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h -@@ -603,6 +603,8 @@ int ERR_load_SSL_strings(void); +@@ -609,6 +609,8 @@ int ERR_load_SSL_strings(void); # define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 @@ -60,7 +60,7 @@ index d8d3cea5d8..d260e0bcde 100644 # define SSL_R_NOT_ON_RECORD_BOUNDARY 182 # define SSL_R_NOT_REPLACING_CERTIFICATE 289 # define SSL_R_NOT_SERVER 284 -@@ -733,7 +735,9 @@ int ERR_load_SSL_strings(void); +@@ -739,7 +741,9 @@ int ERR_load_SSL_strings(void); # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 # define SSL_R_UNEXPECTED_CCS_MESSAGE 262 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 @@ -71,7 +71,7 @@ index d8d3cea5d8..d260e0bcde 100644 # define SSL_R_UNINITIALIZED 276 # define SSL_R_UNKNOWN_ALERT_TYPE 246 diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index d23f932ce9..16240d337b 100644 +index a329915ac9..3575a5b14e 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -32,7 +32,25 @@ const unsigned char tls12downgrade[] = { @@ -391,7 +391,7 @@ index d23f932ce9..16240d337b 100644 } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index e427c407fc..7b6c78fbe8 100644 +index d047b8ff5d..c0cff5da78 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -193,6 +193,7 @@ typedef struct cipher_order_st { @@ -869,7 +869,7 @@ index fc81948815..b703f8c8ad 100644 {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 0d40ecaec9..1f1ed9b714 100644 +index 120566d8e6..cbe6b9e6b2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1127,6 +1127,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) @@ -1015,10 +1015,10 @@ index 0d40ecaec9..1f1ed9b714 100644 /* Dup the client_CA list */ if (!dup_ca_names(&ret->ca_names, s->ca_names) -diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index b66979b4da..80109b925c 100644 ---- a/ssl/ssl_locl.h -+++ b/ssl/ssl_locl.h +diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h +index c6f0af7922..23e748dea9 100644 +--- a/ssl/ssl_local.h ++++ b/ssl/ssl_local.h @@ -737,9 +737,46 @@ typedef struct ssl_ctx_ext_secure_st { unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; } SSL_CTX_EXT_SECURE; @@ -1109,7 +1109,7 @@ index b66979b4da..80109b925c 100644 __owur int ssl3_new(SSL *s); void ssl3_free(SSL *s); diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index acd3e27087..840006dd47 100644 +index 5f709e5f99..961c0157bb 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -1749,7 +1749,7 @@ static int tls_early_post_process_client_hello(SSL *s)