टेक्स्ट की तुलना करें

दो टेक्स्ट फ़ाइलों के बीच अंतर ढूंढें

रियल-टाइम एडिटर

अपरिवर्तित संक्षिप्त करें

लाइन रैप बंद

लेआउट

परिवर्तन हाइलाइट करें

सिंटैक्स हाइलाइटिंग

Diffchecker Desktop Diffchecker चलाने का सबसे सुरक्षित तरीका। Diffchecker Desktop ऐप पाएं: आपके diffs कभी आपके कंप्यूटर से बाहर नहीं जाते!Desktop पाएं

Untitled diff

बनाया गया 9 वर्ष पहलेDiff कभी समाप्त नहीं होता

11 हटाए गए

लाइनें
कुल
हटाया गया

अक्षर
कुल
हटाया गया

इस सुविधा का उपयोग जारी रखने के लिए, अपग्रेड करें Diffchecker Pro मूल्य देखें

60 लाइनें

9 जोड़े गए

लाइनें
कुल
जोड़ा गया

अक्षर
कुल
जोड़ा गया

इस सुविधा का उपयोग जारी रखने के लिए, अपग्रेड करें Diffchecker Pro मूल्य देखें

60 लाइनें

Index: ssl/s3_lib.c

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

===================================================================

index e94ee83..3cd7e3a 100644

--- a/ssl/s3_lib.c 2016-11-10 15:03:46.000000000 +0100

--- a/ssl/s3_lib.c

+++ b/ssl/s3_lib.c 2016-12-08 03:08:45.167225455 +0100

+++ b/ssl/s3_lib.c

@@ -3582,6 +3582,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL

@@ -3582,6 +3582,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

STACK_OF(SSL_CIPHER) *prio, *allow;

int i, ii, ok;

unsigned long alg_k, alg_a, mask_k, mask_a;

+ int use_chacha = 0;

/* Let's see which ciphers we can support */

@@ -3610,13 +3611,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL

@@ -3610,13 +3611,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

fprintf(stderr, "%p:%s\n", (void *)c, c->name);

}

#endif

+retry:

if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {

prio = srvr;

allow = clnt;

+ /* Use ChaCha20+Poly1305 iff it's client's most preferred cipher suite */

+ /* Use ChaCha20+Poly1305 if it's client's most preferred cipher suite */

+ if (sk_SSL_CIPHER_num(clnt) > 0) {

+ c = sk_SSL_CIPHER_value(clnt, 0);

+ if (c->algorithm_enc == SSL_CHACHA20POLY1305)

+ use_chacha = 1;

+ }

} else {

prio = clnt;

allow = srvr;

+ use_chacha = 1;

}

tls1_set_cert_validity(s);

@@ -3634,6 +3642,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL

@@ -3634,6 +3642,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

DTLS_VERSION_GT(s->version, c->max_dtls)))

continue;

+ /* Skip ChaCha unless top client priority */

+ if ((c->algorithm_enc == SSL_CHACHA20POLY1305) && !use_chacha)

+ if (c->algorithm_enc == SSL_CHACHA20POLY1305 && !use_chacha)

+ continue;

mask_k = s->s3->tmp.mask_k;

mask_a = s->s3->tmp.mask_a;

#ifndef OPENSSL_NO_SRP

@@ -3687,6 +3699,15 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL

@@ -3687,6 +3699,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

break;

}

+ if (ret == NULL && !use_chacha) {

+ /* If no shared cipher was found due to some unusual preferences, try

+ * again with CHACHA enabled even if not top priority */

+ use_chacha = 1;

+ goto retry;

+ }

return (ret);

}

सेव किए गए Diffs

ऑरिजनल टेक्स्ट

फ़ाइल खोलें

Index: ssl/s3_lib.c
===================================================================
--- a/ssl/s3_lib.c 2016-11-10 15:03:46.000000000 +0100
+++ b/ssl/s3_lib.c 2016-12-08 03:08:45.167225455 +0100
@@ -3582,6 +3582,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL
     STACK_OF(SSL_CIPHER) *prio, *allow;
     int i, ii, ok;
     unsigned long alg_k, alg_a, mask_k, mask_a;
+    int use_chacha = 0;
 
     /* Let's see which ciphers we can support */
 
@@ -3610,13 +3611,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL
         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
     }
 #endif
-
+retry:
     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
         prio = srvr;
         allow = clnt;
+    /* Use ChaCha20+Poly1305 iff it's client's most preferred cipher suite */
+        if (sk_SSL_CIPHER_num(clnt) > 0) {
+            c = sk_SSL_CIPHER_value(clnt, 0);
+            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
+                use_chacha = 1;
+        }
     } else {
         prio = clnt;
         allow = srvr;
+        use_chacha = 1;
     }
 
     tls1_set_cert_validity(s);
@@ -3634,6 +3642,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL
              DTLS_VERSION_GT(s->version, c->max_dtls)))
             continue;
 
+                /* Skip ChaCha unless top client priority */
+        if ((c->algorithm_enc == SSL_CHACHA20POLY1305) && !use_chacha)
+            continue;
+
         mask_k = s->s3->tmp.mask_k;
         mask_a = s->s3->tmp.mask_a;
 #ifndef OPENSSL_NO_SRP
@@ -3687,6 +3699,15 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL
             break;
         }
     }
+
+        if (ret == NULL && !use_chacha) {
+        /* If no shared cipher was found due to some unusual preferences, try
+         * again with CHACHA enabled even if not top priority */
+        use_chacha = 1;
+        goto retry;
+    }
+
+
     return (ret);
 }

परिवर्तित टेक्स्ट

फ़ाइल खोलें

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e94ee83..3cd7e3a 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3582,6 +3582,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
     STACK_OF(SSL_CIPHER) *prio, *allow;
     int i, ii, ok;
     unsigned long alg_k, alg_a, mask_k, mask_a;
+    int use_chacha = 0;
 
     /* Let's see which ciphers we can support */
 
@@ -3610,13 +3611,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
         fprintf(stderr, "%p:%s\n", (void *)c, c->name);
     }
 #endif
-
+retry:
     if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
         prio = srvr;
         allow = clnt;
+        /* Use ChaCha20+Poly1305 if it's client's most preferred cipher suite */
+        if (sk_SSL_CIPHER_num(clnt) > 0) {
+            c = sk_SSL_CIPHER_value(clnt, 0);
+            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
+                use_chacha = 1;
+        }
     } else {
         prio = clnt;
         allow = srvr;
+        use_chacha = 1;
     }
 
     tls1_set_cert_validity(s);
@@ -3634,6 +3642,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
              DTLS_VERSION_GT(s->version, c->max_dtls)))
             continue;
 
+        /* Skip ChaCha unless top client priority */
+        if (c->algorithm_enc == SSL_CHACHA20POLY1305 && !use_chacha)
+            continue;
+
         mask_k = s->s3->tmp.mask_k;
         mask_a = s->s3->tmp.mask_a;
 #ifndef OPENSSL_NO_SRP
@@ -3687,6 +3699,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
             break;
         }
     }
+
+    if (ret == NULL && !use_chacha) {
+        /* If no shared cipher was found due to some unusual preferences, try
+         * again with CHACHA enabled even if not top priority */
+        use_chacha = 1;
+        goto retry;
+    }
+
     return (ret);
 }