From ad8e215e2ec85281e5042b8c2a89fad986f1878d Mon Sep 17 00:00:00 2001 From: Hakase Date: Wed, 12 Dec 2018 23:48:30 +0900 Subject: [PATCH] Update latest version (3.0.0) --- README.md | 2 +- openssl-3.0.0-dev-chacha_draft.patch | 80 +++++++++++++-------------- openssl-equal-3.0.0-dev.patch | 38 ++++++------- openssl-equal-3.0.0-dev_ciphers.patch | 36 ++++++------ 4 files changed, 78 insertions(+), 78 deletions(-) diff --git a/README.md b/README.md index d21716b..e043ef2 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Default support is in bold type. - [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ draft 23, 28, **final** - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final** -[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23063 commits)](https://github.com/openssl/openssl/tree/3a63dbef15b62b121c5df8762f8cb915fb06b27a) +[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23204 commits)](https://github.com/openssl/openssl/tree/829800b0735ab99a0962418180cb076ff8081028) ## Patch files diff --git a/openssl-3.0.0-dev-chacha_draft.patch b/openssl-3.0.0-dev-chacha_draft.patch index d018445..0385d2a 100644 --- a/openssl-3.0.0-dev-chacha_draft.patch +++ b/openssl-3.0.0-dev-chacha_draft.patch @@ -1,8 +1,8 @@ diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c -index 086b3c4d51..5699901f7d 100644 +index a97eaa1685..24112723f0 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c -@@ -261,6 +261,7 @@ void openssl_add_all_ciphers_int(void) +@@ -265,6 +265,7 @@ void openssl_add_all_ciphers_int(void) EVP_add_cipher(EVP_chacha20()); # ifndef OPENSSL_NO_POLY1305 EVP_add_cipher(EVP_chacha20_poly1305()); @@ -11,7 +11,7 @@ index 086b3c4d51..5699901f7d 100644 #endif } diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c -index c1917bb86a..ea64c6b70e 100644 +index 0d4612f314..5a3516d642 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -154,6 +154,7 @@ typedef struct { @@ -220,66 +220,66 @@ index c1917bb86a..ea64c6b70e 100644 # endif #endif diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h -index 7d058fce01..b8e6cc2c83 100644 +index 86bcfcaee0..09c53e087a 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = { 0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */ }; --#define NUM_NID 1198 -+#define NUM_NID 1199 +-#define NUM_NID 1201 ++#define NUM_NID 1202 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, -@@ -2279,9 +2279,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"GMAC", "gmac", NID_gmac, 5, &so[7761]}, - {"KMAC128", "kmac128", NID_kmac128}, - {"KMAC256", "kmac256", NID_kmac256}, +@@ -2282,9 +2282,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { + {"AES-128-SIV", "aes-128-siv", NID_aes_128_siv}, + {"AES-192-SIV", "aes-192-siv", NID_aes_192_siv}, + {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv}, + {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft }, }; --#define NUM_SN 1189 -+#define NUM_SN 1190 +-#define NUM_SN 1192 ++#define NUM_SN 1193 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ -@@ -2399,6 +2400,7 @@ static const unsigned int sn_objs[NUM_SN] = { +@@ -2405,6 +2406,7 @@ static const unsigned int sn_objs[NUM_SN] = { 417, /* "CSPName" */ 1019, /* "ChaCha20" */ 1018, /* "ChaCha20-Poly1305" */ -+ 1198, /* "chacha20-poly1305-draft" */ ++ 1201, /* "chacha20-poly1305-draft" */ 367, /* "CrlID" */ 391, /* "DC" */ 31, /* "DES-CBC" */ -@@ -3474,7 +3476,7 @@ static const unsigned int sn_objs[NUM_SN] = { +@@ -3480,7 +3482,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; --#define NUM_LN 1189 -+#define NUM_LN 1190 +-#define NUM_LN 1192 ++#define NUM_LN 1193 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ -@@ -3853,6 +3855,7 @@ static const unsigned int ln_objs[NUM_LN] = { +@@ -3862,6 +3864,7 @@ static const unsigned int ln_objs[NUM_LN] = { 883, /* "certificateRevocationList" */ 1019, /* "chacha20" */ 1018, /* "chacha20-poly1305" */ -+ 1198, /* "ChaCha20-Poly1305-D" */ ++ 1201, /* "ChaCha20-Poly1305-D" */ 54, /* "challengePassword" */ 407, /* "characteristic-two-field" */ 395, /* "clearance" */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num -index ad47750f5d..c6b6bd79cc 100644 +index 021875d9e4..c13c751d74 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num -@@ -1195,3 +1195,4 @@ hmacWithSHA512_256 1194 - gmac 1195 - kmac128 1196 - kmac256 1197 -+chacha20_poly1305_draft 1198 +@@ -1198,3 +1198,4 @@ kmac256 1197 + aes_128_siv 1198 + aes_192_siv 1199 + aes_256_siv 1200 ++chacha20_poly1305_draft 1201 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt -index 590bbe9a13..39a76eb2e1 100644 +index 851e31e5aa..e5b288d999 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1541,6 +1541,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr @@ -291,10 +291,10 @@ index 590bbe9a13..39a76eb2e1 100644 ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH diff --git a/include/openssl/evp.h b/include/openssl/evp.h -index 36249b4201..4896155729 100644 +index ede4b1429b..c04f51bd37 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h -@@ -918,6 +918,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); +@@ -928,6 +928,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); const EVP_CIPHER *EVP_chacha20(void); # ifndef OPENSSL_NO_POLY1305 const EVP_CIPHER *EVP_chacha20_poly1305(void); @@ -303,7 +303,7 @@ index 36249b4201..4896155729 100644 # endif diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h -index e977a24c66..280efb665e 100644 +index 8ad2728dde..8c1b7ab042 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4824,6 +4824,10 @@ @@ -312,13 +312,13 @@ index e977a24c66..280efb665e 100644 +#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D" +#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft" -+#define NID_chacha20_poly1305_draft 1198 ++#define NID_chacha20_poly1305_draft 1201 + #define SN_dhpublicnumber "dhpublicnumber" #define LN_dhpublicnumber "X9.42 DH" #define NID_dhpublicnumber 920 diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index fe2e479028..da1ff8f855 100644 +index ea41dd089e..212c6eae89 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -125,6 +125,7 @@ extern "C" { @@ -330,7 +330,7 @@ index fe2e479028..da1ff8f855 100644 # define SSL_TXT_ARIA "ARIA" # define SSL_TXT_ARIA_GCM "ARIAGCM" diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h -index 434dff1500..e1603867d0 100644 +index c57344ca0e..d219aa25ba 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -597,7 +597,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) @@ -480,10 +480,10 @@ index bd97c0fdab..020ba7ac63 100644 } else if (c->algorithm_mac & SSL_AEAD) { /* We're supposed to have handled all the AEAD modes above */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 98e8e8a46d..d64dd57d78 100644 +index c2e6474f86..8452fe21da 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h -@@ -230,12 +230,13 @@ +@@ -231,12 +231,13 @@ # define SSL_CHACHA20POLY1305 0x00080000U # define SSL_ARIA128GCM 0x00100000U # define SSL_ARIA256GCM 0x00200000U @@ -499,11 +499,11 @@ index 98e8e8a46d..d64dd57d78 100644 # define SSL_ARIA (SSL_ARIAGCM) diff --git a/util/libcrypto.num b/util/libcrypto.num -index 964f581667..66d7b47dc3 100644 +index 59fc3470f1..5439eafc87 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num -@@ -4608,3 +4608,4 @@ OPENSSL_version_minor 4561 3_0_0 EXIST::FUNCTION: - OPENSSL_version_patch 4562 3_0_0 EXIST::FUNCTION: - OPENSSL_version_pre_release 4563 3_0_0 EXIST::FUNCTION: - OPENSSL_version_build_metadata 4564 3_0_0 EXIST::FUNCTION: -+EVP_chacha20_poly1305_draft 4565 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305_DRAFT +@@ -4620,3 +4620,4 @@ CRYPTO_siv128_set_tag 4575 3_0_0 EXIST::FUNCTION:SIV + CRYPTO_siv128_get_tag 4576 3_0_0 EXIST::FUNCTION:SIV + CRYPTO_siv128_cleanup 4577 3_0_0 EXIST::FUNCTION:SIV + CRYPTO_siv128_speed 4578 3_0_0 EXIST::FUNCTION:SIV ++EVP_chacha20_poly1305_draft 4579 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305_DRAFT diff --git a/openssl-equal-3.0.0-dev.patch b/openssl-equal-3.0.0-dev.patch index d585575..c21e468 100644 --- a/openssl-equal-3.0.0-dev.patch +++ b/openssl-equal-3.0.0-dev.patch @@ -1,5 +1,5 @@ diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod -index 3aea982384..3c93eba0bf 100644 +index 4a2deccd24..43680fb7ec 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -400,6 +400,21 @@ permissible. @@ -25,7 +25,7 @@ index 3aea982384..3c93eba0bf 100644 The following lists give the SSL or TLS cipher suites names from the diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h -index fe2e479028..4d4ed0a0b8 100644 +index ea41dd089e..d795857d16 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -173,12 +173,12 @@ extern "C" { @@ -46,7 +46,7 @@ index fe2e479028..4d4ed0a0b8 100644 /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index 87b295c9f9..d118d8e864 100644 +index f8783717bc..0e7ad2818b 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void); @@ -71,7 +71,7 @@ index 87b295c9f9..d118d8e864 100644 # define SSL_R_UNINITIALIZED 276 # define SSL_R_UNKNOWN_ALERT_TYPE 246 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h -index 434dff1500..f90230ff45 100644 +index c57344ca0e..ca2c892ed6 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -30,6 +30,16 @@ extern "C" { @@ -824,10 +824,10 @@ index 7b06878cef..4e03448e95 100644 {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index a709792c21..7cb488d16e 100644 +index ba606e35ed..59ae36a554 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -1115,6 +1115,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +@@ -1116,6 +1116,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) return X509_VERIFY_PARAM_set1(ssl->param, vpm); } @@ -899,7 +899,7 @@ index a709792c21..7cb488d16e 100644 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) { return ctx->param; -@@ -1155,7 +1220,8 @@ void SSL_free(SSL *s) +@@ -1160,7 +1225,8 @@ void SSL_free(SSL *s) BUF_MEM_free(s->init_buf); /* add extra stuff */ @@ -909,7 +909,7 @@ index a709792c21..7cb488d16e 100644 sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->tls13_ciphersuites); -@@ -2425,9 +2491,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) +@@ -2450,9 +2516,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s != NULL) { if (s->cipher_list != NULL) { @@ -921,7 +921,7 @@ index a709792c21..7cb488d16e 100644 } } return NULL; -@@ -2501,8 +2567,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) +@@ -2526,8 +2592,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) * preference */ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { @@ -932,7 +932,7 @@ index a709792c21..7cb488d16e 100644 return NULL; } -@@ -2933,7 +2999,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) +@@ -2958,7 +3024,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST, ret->cert) @@ -941,7 +941,7 @@ index a709792c21..7cb488d16e 100644 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } -@@ -3109,7 +3175,7 @@ void SSL_CTX_free(SSL_CTX *a) +@@ -3134,7 +3200,7 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_CT CTLOG_STORE_free(a->ctlog_store); #endif @@ -950,7 +950,7 @@ index a709792c21..7cb488d16e 100644 sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->tls13_ciphersuites); ssl_cert_free(a->cert); -@@ -3787,13 +3853,15 @@ SSL *SSL_dup(SSL *s) +@@ -3812,13 +3878,15 @@ SSL *SSL_dup(SSL *s) /* dup the cipher_list and cipher_list_by_id stacks */ if (s->cipher_list != NULL) { @@ -971,10 +971,10 @@ index a709792c21..7cb488d16e 100644 /* Dup the client_CA list */ if (!dup_ca_names(&ret->ca_names, s->ca_names) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 98e8e8a46d..674f820253 100644 +index c2e6474f86..8fbede969c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h -@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st { +@@ -742,9 +742,46 @@ typedef struct ssl_ctx_ext_secure_st { unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; } SSL_CTX_EXT_SECURE; @@ -1022,7 +1022,7 @@ index 98e8e8a46d..674f820253 100644 /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ -@@ -1080,6 +1117,8 @@ struct ssl_st { +@@ -1081,6 +1118,8 @@ struct ssl_st { * DTLS1_VERSION) */ int version; @@ -1031,7 +1031,7 @@ index 98e8e8a46d..674f820253 100644 /* SSLv3 */ const SSL_METHOD *method; /* -@@ -1138,7 +1177,7 @@ struct ssl_st { +@@ -1139,7 +1178,7 @@ struct ssl_st { /* Per connection DANE state */ SSL_DANE dane; /* crypto */ @@ -1040,7 +1040,7 @@ index 98e8e8a46d..674f820253 100644 STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ STACK_OF(SSL_CIPHER) *tls13_ciphersuites; -@@ -2265,7 +2304,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, +@@ -2266,7 +2305,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, @@ -1049,7 +1049,7 @@ index 98e8e8a46d..674f820253 100644 STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); -@@ -2275,6 +2314,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, +@@ -2276,6 +2315,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, int fatal); void ssl_update_cache(SSL *s, int mode); @@ -1063,7 +1063,7 @@ index 98e8e8a46d..674f820253 100644 __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, size_t *mac_secret_size, SSL_COMP **comp, -@@ -2358,7 +2404,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, +@@ -2359,7 +2405,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, diff --git a/openssl-equal-3.0.0-dev_ciphers.patch b/openssl-equal-3.0.0-dev_ciphers.patch index 1cae23c..558ed2c 100644 --- a/openssl-equal-3.0.0-dev_ciphers.patch +++ b/openssl-equal-3.0.0-dev_ciphers.patch @@ -1,5 +1,5 @@ diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod -index 3aea982384..3c93eba0bf 100644 +index 4a2deccd24..43680fb7ec 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -400,6 +400,21 @@ permissible. @@ -25,7 +25,7 @@ index 3aea982384..3c93eba0bf 100644 The following lists give the SSL or TLS cipher suites names from the diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index 87b295c9f9..d118d8e864 100644 +index f8783717bc..0e7ad2818b 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void); @@ -50,7 +50,7 @@ index 87b295c9f9..d118d8e864 100644 # define SSL_R_UNINITIALIZED 276 # define SSL_R_UNKNOWN_ALERT_TYPE 246 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h -index 434dff1500..f90230ff45 100644 +index c57344ca0e..ca2c892ed6 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -30,6 +30,16 @@ extern "C" { @@ -859,10 +859,10 @@ index 7b06878cef..4e03448e95 100644 {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index a709792c21..7cb488d16e 100644 +index ba606e35ed..59ae36a554 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -1115,6 +1115,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) +@@ -1116,6 +1116,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) return X509_VERIFY_PARAM_set1(ssl->param, vpm); } @@ -934,7 +934,7 @@ index a709792c21..7cb488d16e 100644 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) { return ctx->param; -@@ -1155,7 +1220,8 @@ void SSL_free(SSL *s) +@@ -1160,7 +1225,8 @@ void SSL_free(SSL *s) BUF_MEM_free(s->init_buf); /* add extra stuff */ @@ -944,7 +944,7 @@ index a709792c21..7cb488d16e 100644 sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->tls13_ciphersuites); -@@ -2425,9 +2491,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) +@@ -2450,9 +2516,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) { if (s != NULL) { if (s->cipher_list != NULL) { @@ -956,7 +956,7 @@ index a709792c21..7cb488d16e 100644 } } return NULL; -@@ -2501,8 +2567,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) +@@ -2526,8 +2592,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) * preference */ STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { @@ -967,7 +967,7 @@ index a709792c21..7cb488d16e 100644 return NULL; } -@@ -2933,7 +2999,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) +@@ -2958,7 +3024,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, SSL_DEFAULT_CIPHER_LIST, ret->cert) @@ -976,7 +976,7 @@ index a709792c21..7cb488d16e 100644 SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; } -@@ -3109,7 +3175,7 @@ void SSL_CTX_free(SSL_CTX *a) +@@ -3134,7 +3200,7 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_CT CTLOG_STORE_free(a->ctlog_store); #endif @@ -985,7 +985,7 @@ index a709792c21..7cb488d16e 100644 sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->tls13_ciphersuites); ssl_cert_free(a->cert); -@@ -3787,13 +3853,15 @@ SSL *SSL_dup(SSL *s) +@@ -3812,13 +3878,15 @@ SSL *SSL_dup(SSL *s) /* dup the cipher_list and cipher_list_by_id stacks */ if (s->cipher_list != NULL) { @@ -1006,10 +1006,10 @@ index a709792c21..7cb488d16e 100644 /* Dup the client_CA list */ if (!dup_ca_names(&ret->ca_names, s->ca_names) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 98e8e8a46d..674f820253 100644 +index c2e6474f86..8fbede969c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h -@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st { +@@ -742,9 +742,46 @@ typedef struct ssl_ctx_ext_secure_st { unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; } SSL_CTX_EXT_SECURE; @@ -1057,7 +1057,7 @@ index 98e8e8a46d..674f820253 100644 /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ -@@ -1080,6 +1117,8 @@ struct ssl_st { +@@ -1081,6 +1118,8 @@ struct ssl_st { * DTLS1_VERSION) */ int version; @@ -1066,7 +1066,7 @@ index 98e8e8a46d..674f820253 100644 /* SSLv3 */ const SSL_METHOD *method; /* -@@ -1138,7 +1177,7 @@ struct ssl_st { +@@ -1139,7 +1178,7 @@ struct ssl_st { /* Per connection DANE state */ SSL_DANE dane; /* crypto */ @@ -1075,7 +1075,7 @@ index 98e8e8a46d..674f820253 100644 STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ STACK_OF(SSL_CIPHER) *tls13_ciphersuites; -@@ -2265,7 +2304,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, +@@ -2266,7 +2305,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, @@ -1084,7 +1084,7 @@ index 98e8e8a46d..674f820253 100644 STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); -@@ -2275,6 +2314,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, +@@ -2276,6 +2315,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, int fatal); void ssl_update_cache(SSL *s, int mode); @@ -1098,7 +1098,7 @@ index 98e8e8a46d..674f820253 100644 __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, size_t *mac_secret_size, SSL_COMP **comp, -@@ -2358,7 +2404,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, +@@ -2359,7 +2405,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,