diff --git a/patches/openssl.OpenSSL_1_1_1-stable.patch b/patches/openssl.OpenSSL_1_1_1-stable.patch index 10aeeb7..a8f08c3 100644 --- a/patches/openssl.OpenSSL_1_1_1-stable.patch +++ b/patches/openssl.OpenSSL_1_1_1-stable.patch @@ -31,10 +31,10 @@ index 76d9fda4..a29114f2 100644 # define TLSEXT_TYPE_session_ticket 35 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 47adc321..da586733 100644 +index 47adc321..635b23b3 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -5219,6 +5219,106 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) +@@ -5219,6 +5219,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) return 0; } @@ -84,15 +84,8 @@ index 47adc321..da586733 100644 + num = 0; + for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { + ext = s->clienthello->pre_proc_exts + i; -+ if (ext->present) { -+ // Ingore padding due to padding is null where reuse the session_ticket. -+ if (ext->type== TLSEXT_TYPE_padding) { -+ // fprintf(stderr, "%d===%d\n",ext->type, TLSEXT_TYPE_padding); -+ continue; -+ } -+ ++ if (ext->present) + num++; -+ } + } + *(uint16_t*)ptr = (uint16_t)num*2; + ptr += 2; @@ -101,10 +94,6 @@ index 47adc321..da586733 100644 + if (ext->present) { + if (ext->received_order >= num) + break; -+ // Ingore padding due to padding is null where reuse the session_ticket. -+ if (ext->type== TLSEXT_TYPE_padding) { -+ continue; -+ } + if (ext->type== TLSEXT_TYPE_supported_groups) + groups = &ext->data; + if (ext->type== TLSEXT_TYPE_ec_point_formats) diff --git a/patches/openssl.openssl-3.0.patch b/patches/openssl.openssl-3.0.patch index 4a6c3dc..a961abc 100644 --- a/patches/openssl.openssl-3.0.patch +++ b/patches/openssl.openssl-3.0.patch @@ -1,5 +1,5 @@ diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index 105b4a4a..6c7eb464 100644 +index 105b4a4a3c..6c7eb4643a 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1860,6 +1860,7 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); @@ -11,7 +11,7 @@ index 105b4a4a..6c7eb464 100644 const unsigned char **out, size_t *outlen); diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h -index d6e9331f..b62b4e38 100644 +index d6e9331fa1..b62b4e380d 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -134,6 +134,15 @@ extern "C" { @@ -31,10 +31,10 @@ index d6e9331f..b62b4e38 100644 # define TLSEXT_TYPE_session_ticket 35 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 2c8479eb..07fe1eb7 100644 +index 2c8479eb5f..4c62687258 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -5463,6 +5463,106 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) +@@ -5463,6 +5463,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) return 0; } @@ -84,15 +84,8 @@ index 2c8479eb..07fe1eb7 100644 + num = 0; + for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { + ext = s->clienthello->pre_proc_exts + i; -+ if (ext->present) { -+ // Ingore padding due to padding is null where reuse the session_ticket. -+ if (ext->type== TLSEXT_TYPE_padding) { -+ // fprintf(stderr, "%d===%d\n",ext->type, TLSEXT_TYPE_padding); -+ continue; -+ } -+ ++ if (ext->present) + num++; -+ } + } + *(uint16_t*)ptr = (uint16_t)num*2; + ptr += 2; @@ -101,10 +94,6 @@ index 2c8479eb..07fe1eb7 100644 + if (ext->present) { + if (ext->received_order >= num) + break; -+ // Ingore padding due to padding is null where reuse the session_ticket. -+ if (ext->type== TLSEXT_TYPE_padding) { -+ continue; -+ } + if (ext->type== TLSEXT_TYPE_supported_groups) + groups = &ext->data; + if (ext->type== TLSEXT_TYPE_ec_point_formats) @@ -142,7 +131,7 @@ index 2c8479eb..07fe1eb7 100644 size_t *outlen) { diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h -index 5fb1feb8..99f1370e 100644 +index 5fb1feb801..99f1370ea3 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -766,6 +766,10 @@ typedef enum tlsext_index_en { @@ -157,7 +146,7 @@ index 5fb1feb8..99f1370e 100644 TLSEXT_IDX_psk, /* Dummy index - must always be the last entry */ diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c -index 1518ca7f..66a83bcb 100644 +index 1518ca7f4e..66a83bcb16 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -370,6 +370,38 @@ static const EXTENSION_DEFINITION ext_defs[] = { diff --git a/patches/openssl.openssl-3.1.patch b/patches/openssl.openssl-3.1.patch index d70fd13..3c37f92 100644 --- a/patches/openssl.openssl-3.1.patch +++ b/patches/openssl.openssl-3.1.patch @@ -1,5 +1,5 @@ diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index f03f52fb..3140c3c5 100644 +index f03f52fbd8..3140c3c5c5 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1863,6 +1863,7 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); @@ -11,7 +11,7 @@ index f03f52fb..3140c3c5 100644 const unsigned char **out, size_t *outlen); diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h -index 793155e1..ef1f187b 100644 +index 793155e186..ef1f187b15 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -134,6 +134,15 @@ extern "C" { @@ -31,10 +31,10 @@ index 793155e1..ef1f187b 100644 # define TLSEXT_TYPE_session_ticket 35 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index b5cc4af2..c64c500e 100644 +index b5cc4af2f0..578598e664 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -5464,6 +5464,106 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) +@@ -5464,6 +5464,95 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) return 0; } @@ -84,15 +84,8 @@ index b5cc4af2..c64c500e 100644 + num = 0; + for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) { + ext = s->clienthello->pre_proc_exts + i; -+ if (ext->present) { -+ // Ingore padding due to padding is null where reuse the session_ticket. -+ if (ext->type== TLSEXT_TYPE_padding) { -+ // fprintf(stderr, "%d===%d\n",ext->type, TLSEXT_TYPE_padding); -+ continue; -+ } -+ ++ if (ext->present) + num++; -+ } + } + *(uint16_t*)ptr = (uint16_t)num*2; + ptr += 2; @@ -101,10 +94,6 @@ index b5cc4af2..c64c500e 100644 + if (ext->present) { + if (ext->received_order >= num) + break; -+ // Ingore padding due to padding is null where reuse the session_ticket. -+ if (ext->type== TLSEXT_TYPE_padding) { -+ continue; -+ } + if (ext->type== TLSEXT_TYPE_supported_groups) + groups = &ext->data; + if (ext->type== TLSEXT_TYPE_ec_point_formats) @@ -142,7 +131,7 @@ index b5cc4af2..c64c500e 100644 size_t *outlen) { diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h -index 845329a8..8fa0619f 100644 +index 845329a809..8fa0619feb 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -766,6 +766,10 @@ typedef enum tlsext_index_en { @@ -157,7 +146,7 @@ index 845329a8..8fa0619f 100644 TLSEXT_IDX_psk, /* Dummy index - must always be the last entry */ diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c -index e182b5ab..7d5adbf8 100644 +index e182b5abac..7d5adbf845 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -369,6 +369,38 @@ static const EXTENSION_DEFINITION ext_defs[] = { diff --git a/patches/openssl.openssl-3.2.patch b/patches/openssl.openssl-3.2.patch index dae8049..54b905d 100644 --- a/patches/openssl.openssl-3.2.patch +++ b/patches/openssl.openssl-3.2.patch @@ -1,5 +1,5 @@ diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in -index 9f91039..81b9c51 100644 +index 9f91039f8a..81b9c51892 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1894,6 +1894,7 @@ size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out); @@ -11,7 +11,7 @@ index 9f91039..81b9c51 100644 size_t *num_exts); int SSL_client_hello_get0_ext(SSL *s, unsigned int type, diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h -index 7e3d1a7..ecee15e 100644 +index 7e3d1a725b..ecee15e29f 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -142,6 +142,13 @@ extern "C" { @@ -29,10 +29,10 @@ index 7e3d1a7..ecee15e 100644 # define TLSEXT_TYPE_compress_certificate 27 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 26cae27..9961509 100644 +index 26cae27dae..f5d1d8013a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c -@@ -6572,6 +6572,110 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) +@@ -6572,6 +6572,99 @@ int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen) return 0; } @@ -86,15 +86,8 @@ index 26cae27..9961509 100644 + num = 0; + for (i = 0; i < sc->clienthello->pre_proc_exts_len; i++) { + ext = sc->clienthello->pre_proc_exts + i; -+ if (ext->present) { -+ // Ingore padding due to padding is null where reuse the session_ticket. -+ if (ext->type== TLSEXT_TYPE_padding) { -+ // fprintf(stderr, "%d===%d\n",ext->type, TLSEXT_TYPE_padding); -+ continue; -+ } -+ ++ if (ext->present) + num++; -+ } + } + *(uint16_t*)ptr = (uint16_t)num*2; + ptr += 2; @@ -103,10 +96,6 @@ index 26cae27..9961509 100644 + if (ext->present) { + if (ext->received_order >= num) + break; -+ // Ingore padding due to padding is null where reuse the session_ticket. -+ if (ext->type== TLSEXT_TYPE_padding) { -+ continue; -+ } + if (ext->type== TLSEXT_TYPE_supported_groups) + groups = &ext->data; + if (ext->type== TLSEXT_TYPE_ec_point_formats) @@ -144,7 +133,7 @@ index 26cae27..9961509 100644 { RAW_EXTENSION *ext; diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h -index 0d3acfb..01ceec6 100644 +index 0d3acfbe66..01ceec6897 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -707,6 +707,9 @@ typedef enum tlsext_index_en { @@ -158,7 +147,7 @@ index 0d3acfb..01ceec6 100644 TLSEXT_IDX_psk, /* Dummy index - must always be the last entry */ diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c -index 0a64ca2..9460207 100644 +index 0a64ca2246..9460207d1f 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -411,6 +411,30 @@ static const EXTENSION_DEFINITION ext_defs[] = {