Latest update - 22218
Hakase
parent
572470c777
commit
b82f18b495
|
|
@ -25,7 +25,7 @@ index 3786e9a028..8dd0d2c028 100644
|
||||||
|
|
||||||
The following lists give the SSL or TLS cipher suites names from the
|
The following lists give the SSL or TLS cipher suites names from the
|
||||||
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
|
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
|
||||||
index 1f4f2616b6..1d30aa7504 100644
|
index db0a2d5d82..a26cd1cd82 100644
|
||||||
--- a/include/openssl/ssl.h
|
--- a/include/openssl/ssl.h
|
||||||
+++ b/include/openssl/ssl.h
|
+++ b/include/openssl/ssl.h
|
||||||
@@ -174,12 +174,12 @@ extern "C" {
|
@@ -174,12 +174,12 @@ extern "C" {
|
||||||
|
|
@ -775,10 +775,10 @@ index bce203654a..31b55997a2 100644
|
||||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
|
||||||
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
|
||||||
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
||||||
index 41574c4bf2..6be6ffc648 100644
|
index c38fc58a5d..550049bf44 100644
|
||||||
--- a/ssl/ssl_lib.c
|
--- a/ssl/ssl_lib.c
|
||||||
+++ b/ssl/ssl_lib.c
|
+++ b/ssl/ssl_lib.c
|
||||||
@@ -1106,6 +1106,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
|
@@ -1108,6 +1108,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
|
||||||
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
|
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -850,7 +850,7 @@ index 41574c4bf2..6be6ffc648 100644
|
||||||
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
|
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
|
||||||
{
|
{
|
||||||
return ctx->param;
|
return ctx->param;
|
||||||
@@ -1146,7 +1211,8 @@ void SSL_free(SSL *s)
|
@@ -1148,7 +1213,8 @@ void SSL_free(SSL *s)
|
||||||
BUF_MEM_free(s->init_buf);
|
BUF_MEM_free(s->init_buf);
|
||||||
|
|
||||||
/* add extra stuff */
|
/* add extra stuff */
|
||||||
|
|
@ -860,7 +860,7 @@ index 41574c4bf2..6be6ffc648 100644
|
||||||
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
||||||
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
|
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
|
||||||
|
|
||||||
@@ -2429,9 +2495,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
|
@@ -2431,9 +2497,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
|
||||||
{
|
{
|
||||||
if (s != NULL) {
|
if (s != NULL) {
|
||||||
if (s->cipher_list != NULL) {
|
if (s->cipher_list != NULL) {
|
||||||
|
|
@ -872,7 +872,7 @@ index 41574c4bf2..6be6ffc648 100644
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
@@ -2505,8 +2571,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
|
@@ -2507,8 +2573,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
|
||||||
* preference */
|
* preference */
|
||||||
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
|
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
|
||||||
{
|
{
|
||||||
|
|
@ -883,7 +883,7 @@ index 41574c4bf2..6be6ffc648 100644
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2929,7 +2995,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
@@ -2931,7 +2997,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
|
||||||
ret->tls13_ciphersuites,
|
ret->tls13_ciphersuites,
|
||||||
&ret->cipher_list, &ret->cipher_list_by_id,
|
&ret->cipher_list, &ret->cipher_list_by_id,
|
||||||
SSL_DEFAULT_CIPHER_LIST, ret->cert)
|
SSL_DEFAULT_CIPHER_LIST, ret->cert)
|
||||||
|
|
@ -892,7 +892,7 @@ index 41574c4bf2..6be6ffc648 100644
|
||||||
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
||||||
goto err2;
|
goto err2;
|
||||||
}
|
}
|
||||||
@@ -3089,7 +3155,7 @@ void SSL_CTX_free(SSL_CTX *a)
|
@@ -3094,7 +3160,7 @@ void SSL_CTX_free(SSL_CTX *a)
|
||||||
#ifndef OPENSSL_NO_CT
|
#ifndef OPENSSL_NO_CT
|
||||||
CTLOG_STORE_free(a->ctlog_store);
|
CTLOG_STORE_free(a->ctlog_store);
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -901,7 +901,7 @@ index 41574c4bf2..6be6ffc648 100644
|
||||||
sk_SSL_CIPHER_free(a->cipher_list_by_id);
|
sk_SSL_CIPHER_free(a->cipher_list_by_id);
|
||||||
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
|
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
|
||||||
ssl_cert_free(a->cert);
|
ssl_cert_free(a->cert);
|
||||||
@@ -3721,13 +3787,15 @@ SSL *SSL_dup(SSL *s)
|
@@ -3726,13 +3792,15 @@ SSL *SSL_dup(SSL *s)
|
||||||
|
|
||||||
/* dup the cipher_list and cipher_list_by_id stacks */
|
/* dup the cipher_list and cipher_list_by_id stacks */
|
||||||
if (s->cipher_list != NULL) {
|
if (s->cipher_list != NULL) {
|
||||||
|
|
@ -922,7 +922,7 @@ index 41574c4bf2..6be6ffc648 100644
|
||||||
/* Dup the client_CA list */
|
/* Dup the client_CA list */
|
||||||
if (s->ca_names != NULL) {
|
if (s->ca_names != NULL) {
|
||||||
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
|
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
|
||||||
index e02f5a1839..c5ad96afd7 100644
|
index 4aec810179..ff5ba41d45 100644
|
||||||
--- a/ssl/ssl_locl.h
|
--- a/ssl/ssl_locl.h
|
||||||
+++ b/ssl/ssl_locl.h
|
+++ b/ssl/ssl_locl.h
|
||||||
@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st {
|
@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st {
|
||||||
|
|
@ -973,7 +973,7 @@ index e02f5a1839..c5ad96afd7 100644
|
||||||
/* same as above but sorted for lookup */
|
/* same as above but sorted for lookup */
|
||||||
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
|
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
|
||||||
/* TLSv1.3 specific ciphersuites */
|
/* TLSv1.3 specific ciphersuites */
|
||||||
@@ -1117,7 +1154,7 @@ struct ssl_st {
|
@@ -1120,7 +1157,7 @@ struct ssl_st {
|
||||||
/* Per connection DANE state */
|
/* Per connection DANE state */
|
||||||
SSL_DANE dane;
|
SSL_DANE dane;
|
||||||
/* crypto */
|
/* crypto */
|
||||||
|
|
@ -982,7 +982,7 @@ index e02f5a1839..c5ad96afd7 100644
|
||||||
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
|
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
|
||||||
/* TLSv1.3 specific ciphersuites */
|
/* TLSv1.3 specific ciphersuites */
|
||||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
|
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
|
||||||
@@ -2215,7 +2252,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
|
@@ -2224,7 +2261,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
|
||||||
__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
|
__owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str);
|
||||||
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
||||||
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
||||||
|
|
@ -991,7 +991,7 @@ index e02f5a1839..c5ad96afd7 100644
|
||||||
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
|
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
|
||||||
const char *rule_str,
|
const char *rule_str,
|
||||||
CERT *c);
|
CERT *c);
|
||||||
@@ -2225,6 +2262,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
|
@@ -2234,6 +2271,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
|
||||||
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
|
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
|
||||||
int fatal);
|
int fatal);
|
||||||
void ssl_update_cache(SSL *s, int mode);
|
void ssl_update_cache(SSL *s, int mode);
|
||||||
|
|
@ -1005,7 +1005,7 @@ index e02f5a1839..c5ad96afd7 100644
|
||||||
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
|
||||||
const EVP_MD **md, int *mac_pkey_type,
|
const EVP_MD **md, int *mac_pkey_type,
|
||||||
size_t *mac_secret_size, SSL_COMP **comp,
|
size_t *mac_secret_size, SSL_COMP **comp,
|
||||||
@@ -2306,8 +2350,8 @@ void ssl3_free_digest_list(SSL *s);
|
@@ -2315,8 +2359,8 @@ void ssl3_free_digest_list(SSL *s);
|
||||||
__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
|
__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
|
||||||
CERT_PKEY *cpk);
|
CERT_PKEY *cpk);
|
||||||
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
|
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
|
||||||
|
|
@ -1017,10 +1017,10 @@ index e02f5a1839..c5ad96afd7 100644
|
||||||
__owur int ssl3_new(SSL *s);
|
__owur int ssl3_new(SSL *s);
|
||||||
void ssl3_free(SSL *s);
|
void ssl3_free(SSL *s);
|
||||||
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
|
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
|
||||||
index 22786bed13..8c57621ab2 100644
|
index ce8cec185a..1a12a9c1a0 100644
|
||||||
--- a/ssl/statem/statem_srvr.c
|
--- a/ssl/statem/statem_srvr.c
|
||||||
+++ b/ssl/statem/statem_srvr.c
|
+++ b/ssl/statem/statem_srvr.c
|
||||||
@@ -1697,7 +1697,7 @@ static int tls_early_post_process_client_hello(SSL *s)
|
@@ -1708,7 +1708,7 @@ static int tls_early_post_process_client_hello(SSL *s)
|
||||||
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
|
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
|
||||||
if (SSL_IS_TLS13(s)) {
|
if (SSL_IS_TLS13(s)) {
|
||||||
const SSL_CIPHER *cipher =
|
const SSL_CIPHER *cipher =
|
||||||
|
|
@ -1029,7 +1029,7 @@ index 22786bed13..8c57621ab2 100644
|
||||||
|
|
||||||
if (cipher == NULL) {
|
if (cipher == NULL) {
|
||||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||||
@@ -1878,7 +1878,7 @@ static int tls_early_post_process_client_hello(SSL *s)
|
@@ -1889,7 +1889,7 @@ static int tls_early_post_process_client_hello(SSL *s)
|
||||||
/* check if some cipher was preferred by call back */
|
/* check if some cipher was preferred by call back */
|
||||||
if (pref_cipher == NULL)
|
if (pref_cipher == NULL)
|
||||||
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
|
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
|
||||||
|
|
@ -1038,7 +1038,7 @@ index 22786bed13..8c57621ab2 100644
|
||||||
if (pref_cipher == NULL) {
|
if (pref_cipher == NULL) {
|
||||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||||
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
|
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
|
||||||
@@ -1887,8 +1887,9 @@ static int tls_early_post_process_client_hello(SSL *s)
|
@@ -1898,8 +1898,9 @@ static int tls_early_post_process_client_hello(SSL *s)
|
||||||
}
|
}
|
||||||
|
|
||||||
s->session->cipher = pref_cipher;
|
s->session->cipher = pref_cipher;
|
||||||
|
|
@ -1050,7 +1050,7 @@ index 22786bed13..8c57621ab2 100644
|
||||||
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
||||||
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
|
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
|
||||||
}
|
}
|
||||||
@@ -2200,7 +2201,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
|
@@ -2211,7 +2212,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
|
||||||
/* In TLSv1.3 we selected the ciphersuite before resumption */
|
/* In TLSv1.3 we selected the ciphersuite before resumption */
|
||||||
if (!SSL_IS_TLS13(s)) {
|
if (!SSL_IS_TLS13(s)) {
|
||||||
cipher =
|
cipher =
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue