diff options
| author | Yishen Miao | 2017-04-26 12:36:28 +0000 |
|---|---|---|
| committer | Yishen Miao | 2017-04-26 12:36:28 +0000 |
| commit | 3d2c209b72a0908dad5122c848e1dacebb2c477f (patch) | |
| tree | 35c54079838498c1497306ac7e9ecd73d803327e /openssl__1.1.0_chacha20_poly1305.patch | |
| parent | fd0fc8f1222a2635ab9d92b20835efaeb83713ff (diff) | |
| download | aur-3d2c209b72a0908dad5122c848e1dacebb2c477f.tar.gz | |
Update to 1.1.0e
Update to 1.1.0e.
modified: .SRCINFO
modified: PKGBUILD
modified: ca-dir.patch
deleted: no-rpath.patch
new file: openssl__1.1.0_chacha20_poly1305.patch
deleted: openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch
deleted: ssl3-test-failure.patch
Diffstat (limited to 'openssl__1.1.0_chacha20_poly1305.patch')
| -rw-r--r-- | openssl__1.1.0_chacha20_poly1305.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/openssl__1.1.0_chacha20_poly1305.patch b/openssl__1.1.0_chacha20_poly1305.patch new file mode 100644 index 000000000000..34da57b4af1d --- /dev/null +++ b/openssl__1.1.0_chacha20_poly1305.patch @@ -0,0 +1,60 @@ +diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c +index e94ee83..3cd7e3a 100644 +--- a/ssl/s3_lib.c ++++ b/ssl/s3_lib.c +@@ -3582,6 +3582,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, + STACK_OF(SSL_CIPHER) *prio, *allow; + int i, ii, ok; + unsigned long alg_k, alg_a, mask_k, mask_a; ++ int use_chacha = 0; + + /* Let's see which ciphers we can support */ + +@@ -3610,13 +3611,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, + fprintf(stderr, "%p:%s\n", (void *)c, c->name); + } + #endif +- ++retry: + if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) { + prio = srvr; + allow = clnt; ++ /* Use ChaCha20+Poly1305 if it's client's most preferred cipher suite */ ++ if (sk_SSL_CIPHER_num(clnt) > 0) { ++ c = sk_SSL_CIPHER_value(clnt, 0); ++ if (c->algorithm_enc == SSL_CHACHA20POLY1305) ++ use_chacha = 1; ++ } + } else { + prio = clnt; + allow = srvr; ++ use_chacha = 1; + } + + tls1_set_cert_validity(s); +@@ -3634,6 +3642,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, + DTLS_VERSION_GT(s->version, c->max_dtls))) + continue; + ++ /* Skip ChaCha unless top client priority */ ++ if (c->algorithm_enc == SSL_CHACHA20POLY1305 && !use_chacha) ++ continue; ++ + mask_k = s->s3->tmp.mask_k; + mask_a = s->s3->tmp.mask_a; + #ifndef OPENSSL_NO_SRP +@@ -3687,6 +3699,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, + break; + } + } ++ ++ if (ret == NULL && !use_chacha) { ++ /* If no shared cipher was found due to some unusual preferences, try ++ * again with CHACHA enabled even if not top priority */ ++ use_chacha = 1; ++ goto retry; ++ } ++ + return (ret); + } + |