比較文本

尋找兩個文字檔案之間的差異

Real-time diff
Unified diff
Collapse lines
Highlight change
Syntax highlighting
工具
Diffchecker Desktop icon
Diffchecker Desktop The most secure way to run Diffchecker. Get the Diffchecker Desktop app: your diffs never leave your computer!Get Desktop

Untitled diff

Created Diff never expires
11 removals
Lines
Total
Removed
Words
Total
Removed
To continue using this feature, upgrade to
Diffchecker logo
Diffchecker Pro
60 lines
12 additions
Lines
Total
Added
Words
Total
Added
To continue using this feature, upgrade to
Diffchecker logo
Diffchecker Pro
60 lines
Index: ssl/s3_lib.c
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
===================================================================
index e94ee83..3cd7e3a 100644
--- a/ssl/s3_lib.c 2016-11-10 15:03:46.000000000 +0100
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c 2016-12-08 03:08:45.167225455 +0100
+++ b/ssl/s3_lib.c
@@ -3582,6 +3582,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL
@@ -3582,6 +3582,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
STACK_OF(SSL_CIPHER) *prio, *allow;
STACK_OF(SSL_CIPHER) *prio, *allow;
int i, ii, ok;
int i, ii, ok;
unsigned long alg_k, alg_a, mask_k, mask_a;
unsigned long alg_k, alg_a, mask_k, mask_a;
+ int use_chacha = 0;
+ int use_chacha = 0;
/* Let's see which ciphers we can support */
/* Let's see which ciphers we can support */
@@ -3610,13 +3611,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL
@@ -3610,13 +3611,20 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
fprintf(stderr, "%p:%s\n", (void *)c, c->name);
fprintf(stderr, "%p:%s\n", (void *)c, c->name);
}
}
#endif
#endif
-
-
+retry:
+retry:
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
prio = srvr;
prio = srvr;
allow = clnt;
allow = clnt;
+ /* Use ChaCha20+Poly1305 iff it's client's most preferred cipher suite */
+ /* Use ChaCha20+Poly1305 if it's client's most preferred cipher suite */
+ if (sk_SSL_CIPHER_num(clnt) > 0) {
+ if (sk_SSL_CIPHER_num(clnt) > 0) {
+ c = sk_SSL_CIPHER_value(clnt, 0);
+ c = sk_SSL_CIPHER_value(clnt, 0);
+ if (c->algorithm_enc == SSL_CHACHA20POLY1305)
+ if (c->algorithm_enc == SSL_CHACHA20POLY1305)
+ use_chacha = 1;
+ use_chacha = 1;
+ }
+ }
} else {
} else {
prio = clnt;
prio = clnt;
allow = srvr;
allow = srvr;
+ use_chacha = 1;
+ use_chacha = 1;
}
}
tls1_set_cert_validity(s);
tls1_set_cert_validity(s);
@@ -3634,6 +3642,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL
@@ -3634,6 +3642,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
DTLS_VERSION_GT(s->version, c->max_dtls)))
DTLS_VERSION_GT(s->version, c->max_dtls)))
continue;
continue;
+ /* Skip ChaCha unless top client priority */
+ /* Skip ChaCha unless top client priority */
+ if ((c->algorithm_enc == SSL_CHACHA20POLY1305) && !use_chacha)
+ if (c->algorithm_enc == SSL_CHACHA20POLY1305 && !use_chacha)
+ continue;
+ continue;
+
+
mask_k = s->s3->tmp.mask_k;
mask_k = s->s3->tmp.mask_k;
mask_a = s->s3->tmp.mask_a;
mask_a = s->s3->tmp.mask_a;
#ifndef OPENSSL_NO_SRP
#ifndef OPENSSL_NO_SRP
@@ -3687,6 +3699,15 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL
@@ -3687,6 +3699,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
break;
break;
}
}
}
}
+
+
+ if (ret == NULL && !use_chacha) {
+ if (ret == NULL && !use_chacha) {
+ /* If no shared cipher was found due to some unusual preferences, try
+ /* If no shared cipher was found due to some unusual preferences, try
+ * again with CHACHA enabled even if not top priority */
+ * again with CHACHA enabled even if not top priority */
+ use_chacha = 1;
+ use_chacha = 1;
+ goto retry;
+ goto retry;
+ }
+ }
+
+
+
return (ret);
return (ret);
}
}
已保存差異