dont omit padding(21) extension

patches/openssl.OpenSSL_1_1_1-stable.patch

@@ -31,10 +31,10 @@ index 76d9fda4..a29114f2 100644
  # define TLSEXT_TYPE_session_ticket              35
 
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 47adc321..da586733 100644
+index 47adc321..635b23b3 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -5219,6 +5219,106 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+@@ -5219,6 +5219,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
      return 0;
  }
 
@@ -84,15 +84,8 @@ index 47adc321..da586733 100644
 +    num = 0;
 +    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
 +        ext = s->clienthello->pre_proc_exts + i;
-+	if (ext->present) {
-+            // Ingore padding due to padding is null where reuse the session_ticket.
-+            if (ext->type== TLSEXT_TYPE_padding) {
-+	        // fprintf(stderr, "%d===%d\n",ext->type, TLSEXT_TYPE_padding);
-+                continue;
-+	    }
-+
++        if (ext->present)
 +            num++;
-+        }
 +    }
 +    *(uint16_t*)ptr = (uint16_t)num*2;
 +    ptr += 2;
@@ -101,10 +94,6 @@ index 47adc321..da586733 100644
 +        if (ext->present) {
 +            if (ext->received_order >= num)
 +                break;
-+	    // Ingore padding due to padding is null where reuse the session_ticket.
-+            if (ext->type== TLSEXT_TYPE_padding) {
-+                continue;
-+	    }
 +            if (ext->type== TLSEXT_TYPE_supported_groups)
 +                groups = &ext->data;
 +            if (ext->type== TLSEXT_TYPE_ec_point_formats)

patches/openssl.openssl-3.0.patch

@@ -1,5 +1,5 @@
 diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index 105b4a4a..6c7eb464 100644
+index 105b4a4a3c..6c7eb4643a 100644
 --- a/include/openssl/ssl.h.in
 +++ b/include/openssl/ssl.h.in
 @@ -1860,6 +1860,7 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
@@ -11,7 +11,7 @@ index 105b4a4a..6c7eb464 100644
                                const unsigned char **out, size_t *outlen);
 
 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index d6e9331f..b62b4e38 100644
+index d6e9331fa1..b62b4e380d 100644
 --- a/include/openssl/tls1.h
 +++ b/include/openssl/tls1.h
 @@ -134,6 +134,15 @@ extern "C" {
@@ -31,10 +31,10 @@ index d6e9331f..b62b4e38 100644
  # define TLSEXT_TYPE_session_ticket              35
 
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 2c8479eb..07fe1eb7 100644
+index 2c8479eb5f..4c62687258 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -5463,6 +5463,106 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+@@ -5463,6 +5463,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
      return 0;
  }
 
@@ -84,15 +84,8 @@ index 2c8479eb..07fe1eb7 100644
 +    num = 0;
 +    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
 +        ext = s->clienthello->pre_proc_exts + i;
-+   if (ext->present) {
-+            // Ingore padding due to padding is null where reuse the session_ticket.
-+            if (ext->type== TLSEXT_TYPE_padding) {
-+           // fprintf(stderr, "%d===%d\n",ext->type, TLSEXT_TYPE_padding);
-+                continue;
-+       }
-+
++        if (ext->present)
 +            num++;
-+        }
 +    }
 +    *(uint16_t*)ptr = (uint16_t)num*2;
 +    ptr += 2;
@@ -101,10 +94,6 @@ index 2c8479eb..07fe1eb7 100644
 +        if (ext->present) {
 +            if (ext->received_order >= num)
 +                break;
-+       // Ingore padding due to padding is null where reuse the session_ticket.
-+            if (ext->type== TLSEXT_TYPE_padding) {
-+                continue;
-+       }
 +            if (ext->type== TLSEXT_TYPE_supported_groups)
 +                groups = &ext->data;
 +            if (ext->type== TLSEXT_TYPE_ec_point_formats)
@@ -142,7 +131,7 @@ index 2c8479eb..07fe1eb7 100644
                         size_t *outlen)
  {
 diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
-index 5fb1feb8..99f1370e 100644
+index 5fb1feb801..99f1370ea3 100644
 --- a/ssl/ssl_local.h
 +++ b/ssl/ssl_local.h
 @@ -766,6 +766,10 @@ typedef enum tlsext_index_en {
@@ -157,7 +146,7 @@ index 5fb1feb8..99f1370e 100644
      TLSEXT_IDX_psk,
      /* Dummy index - must always be the last entry */
 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index 1518ca7f..66a83bcb 100644
+index 1518ca7f4e..66a83bcb16 100644
 --- a/ssl/statem/extensions.c
 +++ b/ssl/statem/extensions.c
 @@ -370,6 +370,38 @@ static const EXTENSION_DEFINITION ext_defs[] = {

patches/openssl.openssl-3.1.patch

@@ -1,5 +1,5 @@
 diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index f03f52fb..3140c3c5 100644
+index f03f52fbd8..3140c3c5c5 100644
 --- a/include/openssl/ssl.h.in
 +++ b/include/openssl/ssl.h.in
 @@ -1863,6 +1863,7 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
@@ -11,7 +11,7 @@ index f03f52fb..3140c3c5 100644
                                const unsigned char **out, size_t *outlen);
 
 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index 793155e1..ef1f187b 100644
+index 793155e186..ef1f187b15 100644
 --- a/include/openssl/tls1.h
 +++ b/include/openssl/tls1.h
 @@ -134,6 +134,15 @@ extern "C" {
@@ -31,10 +31,10 @@ index 793155e1..ef1f187b 100644
  # define TLSEXT_TYPE_session_ticket              35
 
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index b5cc4af2..c64c500e 100644
+index b5cc4af2f0..578598e664 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -5464,6 +5464,106 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+@@ -5464,6 +5464,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
      return 0;
  }
 
@@ -84,15 +84,8 @@ index b5cc4af2..c64c500e 100644
 +    num = 0;
 +    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
 +        ext = s->clienthello->pre_proc_exts + i;
-+   if (ext->present) {
-+            // Ingore padding due to padding is null where reuse the session_ticket.
-+            if (ext->type== TLSEXT_TYPE_padding) {
-+           // fprintf(stderr, "%d===%d\n",ext->type, TLSEXT_TYPE_padding);
-+                continue;
-+       }
-+
++        if (ext->present)
 +            num++;
-+        }
 +    }
 +    *(uint16_t*)ptr = (uint16_t)num*2;
 +    ptr += 2;
@@ -101,10 +94,6 @@ index b5cc4af2..c64c500e 100644
 +        if (ext->present) {
 +            if (ext->received_order >= num)
 +                break;
-+       // Ingore padding due to padding is null where reuse the session_ticket.
-+            if (ext->type== TLSEXT_TYPE_padding) {
-+                continue;
-+       }
 +            if (ext->type== TLSEXT_TYPE_supported_groups)
 +                groups = &ext->data;
 +            if (ext->type== TLSEXT_TYPE_ec_point_formats)
@@ -142,7 +131,7 @@ index b5cc4af2..c64c500e 100644
                         size_t *outlen)
  {
 diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
-index 845329a8..8fa0619f 100644
+index 845329a809..8fa0619feb 100644
 --- a/ssl/ssl_local.h
 +++ b/ssl/ssl_local.h
 @@ -766,6 +766,10 @@ typedef enum tlsext_index_en {
@@ -157,7 +146,7 @@ index 845329a8..8fa0619f 100644
      TLSEXT_IDX_psk,
      /* Dummy index - must always be the last entry */
 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index e182b5ab..7d5adbf8 100644
+index e182b5abac..7d5adbf845 100644
 --- a/ssl/statem/extensions.c
 +++ b/ssl/statem/extensions.c
 @@ -369,6 +369,38 @@ static const EXTENSION_DEFINITION ext_defs[] = {

patches/openssl.openssl-3.2.patch

@@ -1,5 +1,5 @@
 diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index 9f91039..81b9c51 100644
+index 9f91039f8a..81b9c51892 100644
 --- a/include/openssl/ssl.h.in
 +++ b/include/openssl/ssl.h.in
 @@ -1894,6 +1894,7 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
@@ -11,7 +11,7 @@ index 9f91039..81b9c51 100644
                                           size_t *num_exts);
  int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
-index 7e3d1a7..ecee15e 100644
+index 7e3d1a725b..ecee15e29f 100644
 --- a/include/openssl/tls1.h
 +++ b/include/openssl/tls1.h
 @@ -142,6 +142,13 @@ extern "C" {
@@ -29,10 +29,10 @@ index 7e3d1a7..ecee15e 100644
  # define TLSEXT_TYPE_compress_certificate        27
 
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 26cae27..9961509 100644
+index 26cae27dae..f5d1d8013a 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
-@@ -6572,6 +6572,110 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+@@ -6572,6 +6572,99 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
      return 0;
  }
 
@@ -86,15 +86,8 @@ index 26cae27..9961509 100644
 +    num = 0;
 +    for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) {
 +        ext = sc->clienthello->pre_proc_exts + i;
-+   if (ext->present) {
-+            // Ingore padding due to padding is null where reuse the session_ticket.
-+            if (ext->type== TLSEXT_TYPE_padding) {
-+           // fprintf(stderr, "%d===%d\n",ext->type, TLSEXT_TYPE_padding);
-+                continue;
-+       }
-+
++        if (ext->present)
 +            num++;
-+        }
 +    }
 +    *(uint16_t*)ptr = (uint16_t)num*2;
 +    ptr += 2;
@@ -103,10 +96,6 @@ index 26cae27..9961509 100644
 +        if (ext->present) {
 +            if (ext->received_order >= num)
 +                break;
-+       // Ingore padding due to padding is null where reuse the session_ticket.
-+            if (ext->type== TLSEXT_TYPE_padding) {
-+                continue;
-+       }
 +            if (ext->type== TLSEXT_TYPE_supported_groups)
 +                groups = &ext->data;
 +            if (ext->type== TLSEXT_TYPE_ec_point_formats)
@@ -144,7 +133,7 @@ index 26cae27..9961509 100644
  {
      RAW_EXTENSION *ext;
 diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
-index 0d3acfb..01ceec6 100644
+index 0d3acfbe66..01ceec6897 100644
 --- a/ssl/ssl_local.h
 +++ b/ssl/ssl_local.h
 @@ -707,6 +707,9 @@ typedef enum tlsext_index_en {
@@ -158,7 +147,7 @@ index 0d3acfb..01ceec6 100644
      TLSEXT_IDX_psk,
      /* Dummy index - must always be the last entry */
 diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
-index 0a64ca2..9460207 100644
+index 0a64ca2246..9460207d1f 100644
 --- a/ssl/statem/extensions.c
 +++ b/ssl/statem/extensions.c
 @@ -411,6 +411,30 @@ static const EXTENSION_DEFINITION ext_defs[] = {