diff --git a/README.md b/README.md index 450fa54..aa01040 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ **If you link site to a browser that supports draft 23 or 28, you'll see a TLS 1.3 message.** -**Latest patch : openssl-equal-pre8.patch** +**Latest patch : openssl-equal-pre8.patch, openssl-equal-pre8_ciphers.patch** -[View Tree (OpenSSL)](https://github.com/openssl/openssl/tree/02a7e0a9f63ec97e9671fec2bb8ce7c289fb4d66) +[View Tree (OpenSSL)](https://github.com/openssl/openssl/tree/f3a246c63eefc1e5da434df5dc7f48795a12c38b) [Original source](https://boringssl.googlesource.com/boringssl/+/858a88daf27975f67d9f63e18f95645be2886bfb%5E%21) by [BoringSSL](https://github.com/google/boringssl) & [CentminMod](https://centminmod.com/) diff --git a/openssl-equal-pre8.patch b/openssl-equal-pre8.patch index cc426d6..2da97bc 100644 --- a/openssl-equal-pre8.patch +++ b/openssl-equal-pre8.patch @@ -939,10 +939,10 @@ index 22f729c284..c57c56e39a 100644 /* Dup the client_CA list */ if (s->ca_names != NULL) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 4aec810179..d251ee178f 100644 +index 31e5cc8aa9..27374624df 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h -@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st { +@@ -736,9 +736,46 @@ typedef struct ssl_ctx_ext_secure_st { unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; } SSL_CTX_EXT_SECURE; @@ -990,7 +990,7 @@ index 4aec810179..d251ee178f 100644 /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ -@@ -1120,7 +1157,7 @@ struct ssl_st { +@@ -1115,7 +1152,7 @@ struct ssl_st { /* Per connection DANE state */ SSL_DANE dane; /* crypto */ @@ -999,7 +999,7 @@ index 4aec810179..d251ee178f 100644 STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ STACK_OF(SSL_CIPHER) *tls13_ciphersuites; -@@ -2224,7 +2261,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, +@@ -2219,7 +2256,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, @@ -1008,7 +1008,7 @@ index 4aec810179..d251ee178f 100644 STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); -@@ -2234,6 +2271,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, +@@ -2229,6 +2266,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, int fatal); void ssl_update_cache(SSL *s, int mode); @@ -1022,7 +1022,7 @@ index 4aec810179..d251ee178f 100644 __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, size_t *mac_secret_size, SSL_COMP **comp, -@@ -2316,7 +2360,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, +@@ -2311,7 +2355,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt, diff --git a/openssl-equal-pre8_ciphers.patch b/openssl-equal-pre8_ciphers.patch index 93a32ff..342b25e 100644 --- a/openssl-equal-pre8_ciphers.patch +++ b/openssl-equal-pre8_ciphers.patch @@ -972,10 +972,10 @@ index 22f729c284..c57c56e39a 100644 /* Dup the client_CA list */ if (s->ca_names != NULL) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 4aec810179..d251ee178f 100644 +index 31e5cc8aa9..27374624df 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h -@@ -741,9 +741,46 @@ typedef struct ssl_ctx_ext_secure_st { +@@ -736,9 +736,46 @@ typedef struct ssl_ctx_ext_secure_st { unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; } SSL_CTX_EXT_SECURE; @@ -1023,7 +1023,7 @@ index 4aec810179..d251ee178f 100644 /* same as above but sorted for lookup */ STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ -@@ -1120,7 +1157,7 @@ struct ssl_st { +@@ -1115,7 +1152,7 @@ struct ssl_st { /* Per connection DANE state */ SSL_DANE dane; /* crypto */ @@ -1032,7 +1032,7 @@ index 4aec810179..d251ee178f 100644 STACK_OF(SSL_CIPHER) *cipher_list_by_id; /* TLSv1.3 specific ciphersuites */ STACK_OF(SSL_CIPHER) *tls13_ciphersuites; -@@ -2224,7 +2261,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, +@@ -2219,7 +2256,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *tls13_ciphersuites, @@ -1041,7 +1041,7 @@ index 4aec810179..d251ee178f 100644 STACK_OF(SSL_CIPHER) **cipher_list_by_id, const char *rule_str, CERT *c); -@@ -2234,6 +2271,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, +@@ -2229,6 +2266,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, int fatal); void ssl_update_cache(SSL *s, int mode); @@ -1055,7 +1055,7 @@ index 4aec810179..d251ee178f 100644 __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, const EVP_MD **md, int *mac_pkey_type, size_t *mac_secret_size, SSL_COMP **comp, -@@ -2316,7 +2360,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, +@@ -2311,7 +2355,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk); __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,