jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Update latest version (3.0.0)

tls13_draft
Hakase 2018-12-12 23:48:30 +09:00
parent d388292c82
commit ad8e215e2e
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
4 changed files with 78 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -31,7 +31,7 @@ Default support is in bold type.
- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ draft 23, 28, **final** - [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ draft 23, 28, **final**
- [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final** - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23063 commits)](https://github.com/openssl/openssl/tree/3a63dbef15b62b121c5df8762f8cb915fb06b27a) [Compatible OpenSSL-3.0.0-dev (OpenSSL, 23204 commits)](https://github.com/openssl/openssl/tree/829800b0735ab99a0962418180cb076ff8081028)
## Patch files ## Patch files

80
openssl-3.0.0-dev-chacha_draft.patch
View File

@ -1,8 +1,8 @@
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 086b3c4d51..5699901f7d 100644 index a97eaa1685..24112723f0 100644
--- a/crypto/evp/c_allc.c --- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c
@@ -261,6 +261,7 @@ void openssl_add_all_ciphers_int(void) @@ -265,6 +265,7 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_chacha20()); EVP_add_cipher(EVP_chacha20());
# ifndef OPENSSL_NO_POLY1305 # ifndef OPENSSL_NO_POLY1305
EVP_add_cipher(EVP_chacha20_poly1305()); EVP_add_cipher(EVP_chacha20_poly1305());
@ -11,7 +11,7 @@ index 086b3c4d51..5699901f7d 100644
#endif #endif
} }
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index c1917bb86a..ea64c6b70e 100644 index 0d4612f314..5a3516d642 100644
--- a/crypto/evp/e_chacha20_poly1305.c --- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c
@@ -154,6 +154,7 @@ typedef struct { @@ -154,6 +154,7 @@ typedef struct {
@ -220,66 +220,66 @@ index c1917bb86a..ea64c6b70e 100644
# endif # endif
#endif #endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 7d058fce01..b8e6cc2c83 100644 index 86bcfcaee0..09c53e087a 100644
--- a/crypto/objects/obj_dat.h --- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h
@@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = { @@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */ 0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */
}; };
-#define NUM_NID 1198 -#define NUM_NID 1201
+#define NUM_NID 1199 +#define NUM_NID 1202
static const ASN1_OBJECT nid_objs[NUM_NID] = { static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef}, {"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2279,9 +2279,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { @@ -2282,9 +2282,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"GMAC", "gmac", NID_gmac, 5, &so[7761]}, {"AES-128-SIV", "aes-128-siv", NID_aes_128_siv},
{"KMAC128", "kmac128", NID_kmac128}, {"AES-192-SIV", "aes-192-siv", NID_aes_192_siv},
{"KMAC256", "kmac256", NID_kmac256}, {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft }, + {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft },
}; };
-#define NUM_SN 1189 -#define NUM_SN 1192
+#define NUM_SN 1190 +#define NUM_SN 1193
static const unsigned int sn_objs[NUM_SN] = { static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */ 364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */ 419, /* "AES-128-CBC" */
@@ -2399,6 +2400,7 @@ static const unsigned int sn_objs[NUM_SN] = { @@ -2405,6 +2406,7 @@ static const unsigned int sn_objs[NUM_SN] = {
417, /* "CSPName" */ 417, /* "CSPName" */
1019, /* "ChaCha20" */ 1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */ 1018, /* "ChaCha20-Poly1305" */
+ 1198, /* "chacha20-poly1305-draft" */ + 1201, /* "chacha20-poly1305-draft" */
367, /* "CrlID" */ 367, /* "CrlID" */
391, /* "DC" */ 391, /* "DC" */
31, /* "DES-CBC" */ 31, /* "DES-CBC" */
@@ -3474,7 +3476,7 @@ static const unsigned int sn_objs[NUM_SN] = { @@ -3480,7 +3482,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */ 1093, /* "x509ExtAdmission" */
}; };
-#define NUM_LN 1189 -#define NUM_LN 1192
+#define NUM_LN 1190 +#define NUM_LN 1193
static const unsigned int ln_objs[NUM_LN] = { static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */ 363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */ 405, /* "ANSI X9.62" */
@@ -3853,6 +3855,7 @@ static const unsigned int ln_objs[NUM_LN] = { @@ -3862,6 +3864,7 @@ static const unsigned int ln_objs[NUM_LN] = {
883, /* "certificateRevocationList" */ 883, /* "certificateRevocationList" */
1019, /* "chacha20" */ 1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */ 1018, /* "chacha20-poly1305" */
+ 1198, /* "ChaCha20-Poly1305-D" */ + 1201, /* "ChaCha20-Poly1305-D" */
54, /* "challengePassword" */ 54, /* "challengePassword" */
407, /* "characteristic-two-field" */ 407, /* "characteristic-two-field" */
395, /* "clearance" */ 395, /* "clearance" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index ad47750f5d..c6b6bd79cc 100644 index 021875d9e4..c13c751d74 100644
--- a/crypto/objects/obj_mac.num --- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num
@@ -1195,3 +1195,4 @@ hmacWithSHA512_256 1194 @@ -1198,3 +1198,4 @@ kmac256 1197
gmac 1195 aes_128_siv 1198
kmac128 1196 aes_192_siv 1199
kmac256 1197 aes_256_siv 1200
+chacha20_poly1305_draft 1198 +chacha20_poly1305_draft 1201
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 590bbe9a13..39a76eb2e1 100644 index 851e31e5aa..e5b288d999 100644
--- a/crypto/objects/objects.txt --- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt
@@ -1541,6 +1541,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr @@ -1541,6 +1541,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
@ -291,10 +291,10 @@ index 590bbe9a13..39a76eb2e1 100644
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
diff --git a/include/openssl/evp.h b/include/openssl/evp.h diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 36249b4201..4896155729 100644 index ede4b1429b..c04f51bd37 100644
--- a/include/openssl/evp.h --- a/include/openssl/evp.h
+++ b/include/openssl/evp.h +++ b/include/openssl/evp.h
@@ -918,6 +918,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); @@ -928,6 +928,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
const EVP_CIPHER *EVP_chacha20(void); const EVP_CIPHER *EVP_chacha20(void);
# ifndef OPENSSL_NO_POLY1305 # ifndef OPENSSL_NO_POLY1305
const EVP_CIPHER *EVP_chacha20_poly1305(void); const EVP_CIPHER *EVP_chacha20_poly1305(void);
@ -303,7 +303,7 @@ index 36249b4201..4896155729 100644
# endif # endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index e977a24c66..280efb665e 100644 index 8ad2728dde..8c1b7ab042 100644
--- a/include/openssl/obj_mac.h --- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h
@@ -4824,6 +4824,10 @@ @@ -4824,6 +4824,10 @@
@ -312,13 +312,13 @@ index e977a24c66..280efb665e 100644
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D" +#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft" +#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1198 +#define NID_chacha20_poly1305_draft 1201
+ +
#define SN_dhpublicnumber "dhpublicnumber" #define SN_dhpublicnumber "dhpublicnumber"
#define LN_dhpublicnumber "X9.42 DH" #define LN_dhpublicnumber "X9.42 DH"
#define NID_dhpublicnumber 920 #define NID_dhpublicnumber 920
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index fe2e479028..da1ff8f855 100644 index ea41dd089e..212c6eae89 100644
--- a/include/openssl/ssl.h --- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" { @@ -125,6 +125,7 @@ extern "C" {
@ -330,7 +330,7 @@ index fe2e479028..da1ff8f855 100644
# define SSL_TXT_ARIA "ARIA" # define SSL_TXT_ARIA "ARIA"
# define SSL_TXT_ARIA_GCM "ARIAGCM" # define SSL_TXT_ARIA_GCM "ARIAGCM"
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 434dff1500..e1603867d0 100644 index c57344ca0e..d219aa25ba 100644
--- a/include/openssl/tls1.h --- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h +++ b/include/openssl/tls1.h
@@ -597,7 +597,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) @@ -597,7 +597,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
@ -480,10 +480,10 @@ index bd97c0fdab..020ba7ac63 100644
} else if (c->algorithm_mac & SSL_AEAD) { } else if (c->algorithm_mac & SSL_AEAD) {
/* We're supposed to have handled all the AEAD modes above */ /* We're supposed to have handled all the AEAD modes above */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 98e8e8a46d..d64dd57d78 100644 index c2e6474f86..8452fe21da 100644
--- a/ssl/ssl_locl.h --- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -230,12 +230,13 @@ @@ -231,12 +231,13 @@
# define SSL_CHACHA20POLY1305 0x00080000U # define SSL_CHACHA20POLY1305 0x00080000U
# define SSL_ARIA128GCM 0x00100000U # define SSL_ARIA128GCM 0x00100000U
# define SSL_ARIA256GCM 0x00200000U # define SSL_ARIA256GCM 0x00200000U
@ -499,11 +499,11 @@ index 98e8e8a46d..d64dd57d78 100644
# define SSL_ARIA (SSL_ARIAGCM) # define SSL_ARIA (SSL_ARIAGCM)
diff --git a/util/libcrypto.num b/util/libcrypto.num diff --git a/util/libcrypto.num b/util/libcrypto.num
index 964f581667..66d7b47dc3 100644 index 59fc3470f1..5439eafc87 100644
--- a/util/libcrypto.num --- a/util/libcrypto.num
+++ b/util/libcrypto.num +++ b/util/libcrypto.num
@@ -4608,3 +4608,4 @@ OPENSSL_version_minor 4561 3_0_0 EXIST::FUNCTION: @@ -4620,3 +4620,4 @@ CRYPTO_siv128_set_tag 4575 3_0_0 EXIST::FUNCTION:SIV
OPENSSL_version_patch 4562 3_0_0 EXIST::FUNCTION: CRYPTO_siv128_get_tag 4576 3_0_0 EXIST::FUNCTION:SIV
OPENSSL_version_pre_release 4563 3_0_0 EXIST::FUNCTION: CRYPTO_siv128_cleanup 4577 3_0_0 EXIST::FUNCTION:SIV
OPENSSL_version_build_metadata 4564 3_0_0 EXIST::FUNCTION: CRYPTO_siv128_speed 4578 3_0_0 EXIST::FUNCTION:SIV
+EVP_chacha20_poly1305_draft 4565 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305_DRAFT +EVP_chacha20_poly1305_draft 4579 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305_DRAFT

38
openssl-equal-3.0.0-dev.patch
View File

@ -1,5 +1,5 @@
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 3aea982384..3c93eba0bf 100644 index 4a2deccd24..43680fb7ec 100644
--- a/doc/man1/ciphers.pod --- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod
@@ -400,6 +400,21 @@ permissible. @@ -400,6 +400,21 @@ permissible.
@ -25,7 +25,7 @@ index 3aea982384..3c93eba0bf 100644
The following lists give the SSL or TLS cipher suites names from the The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index fe2e479028..4d4ed0a0b8 100644 index ea41dd089e..d795857d16 100644
--- a/include/openssl/ssl.h --- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -173,12 +173,12 @@ extern "C" { @@ -173,12 +173,12 @@ extern "C" {
@ -46,7 +46,7 @@ index fe2e479028..4d4ed0a0b8 100644
/* /*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 87b295c9f9..d118d8e864 100644 index f8783717bc..0e7ad2818b 100644
--- a/include/openssl/sslerr.h --- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h
@@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void); @@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void);
@ -71,7 +71,7 @@ index 87b295c9f9..d118d8e864 100644
# define SSL_R_UNINITIALIZED 276 # define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246 # define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 434dff1500..f90230ff45 100644 index c57344ca0e..ca2c892ed6 100644
--- a/include/openssl/tls1.h --- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h +++ b/include/openssl/tls1.h
@@ -30,6 +30,16 @@ extern "C" { @@ -30,6 +30,16 @@ extern "C" {
@ -824,10 +824,10 @@ index 7b06878cef..4e03448e95 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a709792c21..7cb488d16e 100644 index ba606e35ed..59ae36a554 100644
--- a/ssl/ssl_lib.c --- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -1115,6 +1115,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) @@ -1116,6 +1116,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm); return X509_VERIFY_PARAM_set1(ssl->param, vpm);
} }
@ -899,7 +899,7 @@ index a709792c21..7cb488d16e 100644
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{ {
return ctx->param; return ctx->param;
@@ -1155,7 +1220,8 @@ void SSL_free(SSL *s) @@ -1160,7 +1225,8 @@ void SSL_free(SSL *s)
BUF_MEM_free(s->init_buf); BUF_MEM_free(s->init_buf);
/* add extra stuff */ /* add extra stuff */
@ -909,7 +909,7 @@ index a709792c21..7cb488d16e 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites); sk_SSL_CIPHER_free(s->tls13_ciphersuites);
@@ -2425,9 +2491,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) @@ -2450,9 +2516,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
{ {
if (s != NULL) { if (s != NULL) {
if (s->cipher_list != NULL) { if (s->cipher_list != NULL) {
@ -921,7 +921,7 @@ index a709792c21..7cb488d16e 100644
} }
} }
return NULL; return NULL;
@@ -2501,8 +2567,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) @@ -2526,8 +2592,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
* preference */ * preference */
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
{ {
@ -932,7 +932,7 @@ index a709792c21..7cb488d16e 100644
return NULL; return NULL;
} }
@@ -2933,7 +2999,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) @@ -2958,7 +3024,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites, ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id, &ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert) SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -941,7 +941,7 @@ index a709792c21..7cb488d16e 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2; goto err2;
} }
@@ -3109,7 +3175,7 @@ void SSL_CTX_free(SSL_CTX *a) @@ -3134,7 +3200,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store); CTLOG_STORE_free(a->ctlog_store);
#endif #endif
@ -950,7 +950,7 @@ index a709792c21..7cb488d16e 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites); sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert); ssl_cert_free(a->cert);
@@ -3787,13 +3853,15 @@ SSL *SSL_dup(SSL *s) @@ -3812,13 +3878,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */ /* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) { if (s->cipher_list != NULL) {
@ -971,10 +971,10 @@ index a709792c21..7cb488d16e 100644
/* Dup the client_CA list */ /* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names) if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 98e8e8a46d..674f820253 100644 index c2e6474f86..8fbede969c 100644
--- a/ssl/ssl_locl.h --- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st { @@ -742,9 +742,46 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE; } SSL_CTX_EXT_SECURE;
@ -1022,7 +1022,7 @@ index 98e8e8a46d..674f820253 100644
/* same as above but sorted for lookup */ /* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */ /* TLSv1.3 specific ciphersuites */
@@ -1080,6 +1117,8 @@ struct ssl_st { @@ -1081,6 +1118,8 @@ struct ssl_st {
* DTLS1_VERSION) * DTLS1_VERSION)
*/ */
int version; int version;
@ -1031,7 +1031,7 @@ index 98e8e8a46d..674f820253 100644
/* SSLv3 */ /* SSLv3 */
const SSL_METHOD *method; const SSL_METHOD *method;
/* /*
@@ -1138,7 +1177,7 @@ struct ssl_st { @@ -1139,7 +1178,7 @@ struct ssl_st {
/* Per connection DANE state */ /* Per connection DANE state */
SSL_DANE dane; SSL_DANE dane;
/* crypto */ /* crypto */
@ -1040,7 +1040,7 @@ index 98e8e8a46d..674f820253 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */ /* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites; STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2265,7 +2304,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, @@ -2266,7 +2305,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp); const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1049,7 +1049,7 @@ index 98e8e8a46d..674f820253 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id, STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str, const char *rule_str,
CERT *c); CERT *c);
@@ -2275,6 +2314,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, @@ -2276,6 +2315,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal); int fatal);
void ssl_update_cache(SSL *s, int mode); void ssl_update_cache(SSL *s, int mode);
@ -1063,7 +1063,7 @@ index 98e8e8a46d..674f820253 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type, const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp, size_t *mac_secret_size, SSL_COMP **comp,
@@ -2358,7 +2404,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, @@ -2359,7 +2405,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk); CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *clnt,

36
openssl-equal-3.0.0-dev_ciphers.patch
View File

@ -1,5 +1,5 @@
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 3aea982384..3c93eba0bf 100644 index 4a2deccd24..43680fb7ec 100644
--- a/doc/man1/ciphers.pod --- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod
@@ -400,6 +400,21 @@ permissible. @@ -400,6 +400,21 @@ permissible.
@ -25,7 +25,7 @@ index 3aea982384..3c93eba0bf 100644
The following lists give the SSL or TLS cipher suites names from the The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 87b295c9f9..d118d8e864 100644 index f8783717bc..0e7ad2818b 100644
--- a/include/openssl/sslerr.h --- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h
@@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void); @@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void);
@ -50,7 +50,7 @@ index 87b295c9f9..d118d8e864 100644
# define SSL_R_UNINITIALIZED 276 # define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246 # define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 434dff1500..f90230ff45 100644 index c57344ca0e..ca2c892ed6 100644
--- a/include/openssl/tls1.h --- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h +++ b/include/openssl/tls1.h
@@ -30,6 +30,16 @@ extern "C" { @@ -30,6 +30,16 @@ extern "C" {
@ -859,10 +859,10 @@ index 7b06878cef..4e03448e95 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index a709792c21..7cb488d16e 100644 index ba606e35ed..59ae36a554 100644
--- a/ssl/ssl_lib.c --- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -1115,6 +1115,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) @@ -1116,6 +1116,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm); return X509_VERIFY_PARAM_set1(ssl->param, vpm);
} }
@ -934,7 +934,7 @@ index a709792c21..7cb488d16e 100644
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{ {
return ctx->param; return ctx->param;
@@ -1155,7 +1220,8 @@ void SSL_free(SSL *s) @@ -1160,7 +1225,8 @@ void SSL_free(SSL *s)
BUF_MEM_free(s->init_buf); BUF_MEM_free(s->init_buf);
/* add extra stuff */ /* add extra stuff */
@ -944,7 +944,7 @@ index a709792c21..7cb488d16e 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites); sk_SSL_CIPHER_free(s->tls13_ciphersuites);
@@ -2425,9 +2491,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) @@ -2450,9 +2516,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
{ {
if (s != NULL) { if (s != NULL) {
if (s->cipher_list != NULL) { if (s->cipher_list != NULL) {
@ -956,7 +956,7 @@ index a709792c21..7cb488d16e 100644
} }
} }
return NULL; return NULL;
@@ -2501,8 +2567,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) @@ -2526,8 +2592,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
* preference */ * preference */
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
{ {
@ -967,7 +967,7 @@ index a709792c21..7cb488d16e 100644
return NULL; return NULL;
} }
@@ -2933,7 +2999,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) @@ -2958,7 +3024,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites, ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id, &ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert) SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -976,7 +976,7 @@ index a709792c21..7cb488d16e 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2; goto err2;
} }
@@ -3109,7 +3175,7 @@ void SSL_CTX_free(SSL_CTX *a) @@ -3134,7 +3200,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store); CTLOG_STORE_free(a->ctlog_store);
#endif #endif
@ -985,7 +985,7 @@ index a709792c21..7cb488d16e 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites); sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert); ssl_cert_free(a->cert);
@@ -3787,13 +3853,15 @@ SSL *SSL_dup(SSL *s) @@ -3812,13 +3878,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */ /* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) { if (s->cipher_list != NULL) {
@ -1006,10 +1006,10 @@ index a709792c21..7cb488d16e 100644
/* Dup the client_CA list */ /* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names) if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 98e8e8a46d..674f820253 100644 index c2e6474f86..8fbede969c 100644
--- a/ssl/ssl_locl.h --- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st { @@ -742,9 +742,46 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE; } SSL_CTX_EXT_SECURE;
@ -1057,7 +1057,7 @@ index 98e8e8a46d..674f820253 100644
/* same as above but sorted for lookup */ /* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */ /* TLSv1.3 specific ciphersuites */
@@ -1080,6 +1117,8 @@ struct ssl_st { @@ -1081,6 +1118,8 @@ struct ssl_st {
* DTLS1_VERSION) * DTLS1_VERSION)
*/ */
int version; int version;
@ -1066,7 +1066,7 @@ index 98e8e8a46d..674f820253 100644
/* SSLv3 */ /* SSLv3 */
const SSL_METHOD *method; const SSL_METHOD *method;
/* /*
@@ -1138,7 +1177,7 @@ struct ssl_st { @@ -1139,7 +1178,7 @@ struct ssl_st {
/* Per connection DANE state */ /* Per connection DANE state */
SSL_DANE dane; SSL_DANE dane;
/* crypto */ /* crypto */
@ -1075,7 +1075,7 @@ index 98e8e8a46d..674f820253 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */ /* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites; STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2265,7 +2304,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, @@ -2266,7 +2305,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp); const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1084,7 +1084,7 @@ index 98e8e8a46d..674f820253 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id, STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str, const char *rule_str,
CERT *c); CERT *c);
@@ -2275,6 +2314,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, @@ -2276,6 +2315,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal); int fatal);
void ssl_update_cache(SSL *s, int mode); void ssl_update_cache(SSL *s, int mode);
@ -1098,7 +1098,7 @@ index 98e8e8a46d..674f820253 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type, const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp, size_t *mac_secret_size, SSL_COMP **comp,
@@ -2358,7 +2404,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, @@ -2359,7 +2405,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk); CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *clnt,