2019-03-09 16:02:11 +00:00
|
|
|
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
2020-04-06 12:52:36 +00:00
|
|
|
index f467ea909f..76cc311ba8 100644
|
2019-03-09 16:02:11 +00:00
|
|
|
--- a/crypto/err/openssl.txt
|
|
|
|
|
+++ b/crypto/err/openssl.txt
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -3009,6 +3009,7 @@ SM2_R_INVALID_ENCODING:104:invalid encoding
|
|
|
|
|
SM2_R_INVALID_FIELD:105:invalid field
|
|
|
|
|
SM2_R_NO_PARAMETERS_SET:109:no parameters set
|
|
|
|
|
SM2_R_USER_ID_TOO_LARGE:106:user id too large
|
|
|
|
|
+SSL_R_ALGORITHM_FETCH_FAILED:295:algorithm fetch failed
|
|
|
|
|
SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\
|
|
|
|
|
application data after close notify
|
|
|
|
|
SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake
|
|
|
|
|
@@ -3115,7 +3116,6 @@ SSL_R_EXTENSION_NOT_RECEIVED:279:extension not received
|
|
|
|
|
SSL_R_EXTRA_DATA_IN_MESSAGE:153:extra data in message
|
|
|
|
|
SSL_R_EXT_LENGTH_MISMATCH:163:ext length mismatch
|
|
|
|
|
SSL_R_FAILED_TO_INIT_ASYNC:405:failed to init async
|
|
|
|
|
-SSL_R_ALGORITHM_FETCH_FAILED:295:algorithm fetch failed
|
|
|
|
|
SSL_R_FRAGMENTED_CLIENT_HELLO:401:fragmented client hello
|
|
|
|
|
SSL_R_GOT_A_FIN_BEFORE_A_CCS:154:got a fin before a ccs
|
|
|
|
|
SSL_R_HTTPS_PROXY_REQUEST:155:https proxy request
|
|
|
|
|
@@ -3166,6 +3166,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
|
2019-03-09 16:02:11 +00:00
|
|
|
SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
|
|
|
|
|
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
|
|
|
|
|
mixed handshake and non handshake data
|
2020-04-06 12:52:36 +00:00
|
|
|
+SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:296:mixed special operator with groups
|
|
|
|
|
+SSL_R_NESTED_GROUP:297:nested group
|
2019-03-09 16:02:11 +00:00
|
|
|
SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
|
|
|
|
|
SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
|
|
|
|
|
SSL_R_NOT_SERVER:284:not server
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -3273,7 +3275,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
|
2019-03-09 16:02:11 +00:00
|
|
|
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
|
|
|
|
|
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
|
2020-02-06 16:29:07 +00:00
|
|
|
SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
|
2020-04-06 12:52:36 +00:00
|
|
|
+SSL_R_UNEXPECTED_GROUP_CLOSE:299:unexpected group close
|
2019-03-09 16:02:11 +00:00
|
|
|
SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
|
2020-04-06 12:52:36 +00:00
|
|
|
+SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:305:unexpected operator in group
|
2019-03-09 16:02:11 +00:00
|
|
|
SSL_R_UNEXPECTED_RECORD:245:unexpected record
|
|
|
|
|
SSL_R_UNINITIALIZED:276:uninitialized
|
|
|
|
|
SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
|
2020-04-06 12:52:36 +00:00
|
|
|
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
|
|
|
|
|
index 9e5224579a..020bdcbcb9 100644
|
|
|
|
|
--- a/doc/man1/openssl-ciphers.pod.in
|
|
|
|
|
+++ b/doc/man1/openssl-ciphers.pod.in
|
|
|
|
|
@@ -405,6 +405,21 @@ permissible.
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
|
|
+=head1 EQUAL PREFERENCE GROUPS
|
|
|
|
|
+
|
|
|
|
|
+If configuring a server, one may also configure equal-preference groups to
|
|
|
|
|
+partially respect the client's preferences when
|
|
|
|
|
+B<SSL_OP_CIPHER_SERVER_PREFERENCE> is enabled. Ciphers in an equal-preference
|
|
|
|
|
+group have equal priority and use the client order. This may be used to
|
|
|
|
|
+enforce that AEADs are preferred but select AES-GCM vs. ChaCha20-Poly1305
|
|
|
|
|
+based on client preferences. An equal-preference is specified with square
|
|
|
|
|
+brackets, combining multiple selectors separated by |. For example:
|
|
|
|
|
+
|
|
|
|
|
+ [ECDHE-ECDSA-CHACHA20-POLY1305|ECDHE-ECDSA-AES128-GCM-SHA256]
|
2019-03-09 16:02:11 +00:00
|
|
|
+
|
2018-09-26 17:31:20 +00:00
|
|
|
+ Once an equal-preference group is used, future directives must be
|
|
|
|
|
+ opcode-less.
|
|
|
|
|
+
|
|
|
|
|
=head1 CIPHER SUITE NAMES
|
|
|
|
|
|
|
|
|
|
The following lists give the SSL or TLS cipher suites names from the
|
|
|
|
|
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
|
2020-04-06 12:52:36 +00:00
|
|
|
index e1617aae45..a04a3e1552 100644
|
2018-09-26 17:31:20 +00:00
|
|
|
--- a/include/openssl/sslerr.h
|
|
|
|
|
+++ b/include/openssl/sslerr.h
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -10,12 +10,6 @@
|
|
|
|
|
|
|
|
|
|
#ifndef OPENSSL_SSLERR_H
|
|
|
|
|
# define OPENSSL_SSLERR_H
|
|
|
|
|
-# pragma once
|
|
|
|
|
-
|
|
|
|
|
-# include <openssl/macros.h>
|
|
|
|
|
-# ifndef OPENSSL_NO_DEPRECATED_3_0
|
|
|
|
|
-# define HEADER_SSLERR_H
|
|
|
|
|
-# endif
|
|
|
|
|
|
|
|
|
|
# include <openssl/opensslconf.h>
|
|
|
|
|
# include <openssl/symhacks.h>
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -462,6 +456,7 @@ int ERR_load_SSL_strings(void);
|
|
|
|
|
/*
|
|
|
|
|
* SSL reason codes.
|
|
|
|
|
*/
|
|
|
|
|
+# define SSL_R_ALGORITHM_FETCH_FAILED 295
|
|
|
|
|
# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 291
|
|
|
|
|
# define SSL_R_APP_DATA_IN_HANDSHAKE 100
|
|
|
|
|
# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
|
|
|
|
|
@@ -561,7 +556,6 @@ int ERR_load_SSL_strings(void);
|
|
|
|
|
# define SSL_R_EXTRA_DATA_IN_MESSAGE 153
|
|
|
|
|
# define SSL_R_EXT_LENGTH_MISMATCH 163
|
|
|
|
|
# define SSL_R_FAILED_TO_INIT_ASYNC 405
|
|
|
|
|
-# define SSL_R_ALGORITHM_FETCH_FAILED 295
|
|
|
|
|
# define SSL_R_FRAGMENTED_CLIENT_HELLO 401
|
|
|
|
|
# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
|
|
|
|
|
# define SSL_R_HTTPS_PROXY_REQUEST 155
|
|
|
|
|
@@ -611,6 +605,8 @@ int ERR_load_SSL_strings(void);
|
2018-09-26 17:31:20 +00:00
|
|
|
# define SSL_R_MISSING_TMP_DH_KEY 171
|
|
|
|
|
# define SSL_R_MISSING_TMP_ECDH_KEY 311
|
2019-02-26 07:31:31 +00:00
|
|
|
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
|
2020-04-06 12:52:36 +00:00
|
|
|
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 296
|
|
|
|
|
+# define SSL_R_NESTED_GROUP 297
|
2018-09-26 17:31:20 +00:00
|
|
|
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182
|
|
|
|
|
# define SSL_R_NOT_REPLACING_CERTIFICATE 289
|
2019-03-09 16:02:11 +00:00
|
|
|
# define SSL_R_NOT_SERVER 284
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -742,7 +738,9 @@ int ERR_load_SSL_strings(void);
|
2018-09-26 17:31:20 +00:00
|
|
|
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262
|
|
|
|
|
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
|
2020-02-06 16:29:07 +00:00
|
|
|
# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294
|
2020-04-06 12:52:36 +00:00
|
|
|
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 299
|
2018-09-26 17:31:20 +00:00
|
|
|
# define SSL_R_UNEXPECTED_MESSAGE 244
|
2020-04-06 12:52:36 +00:00
|
|
|
+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 305
|
2018-09-26 17:31:20 +00:00
|
|
|
# define SSL_R_UNEXPECTED_RECORD 245
|
|
|
|
|
# define SSL_R_UNINITIALIZED 276
|
|
|
|
|
# define SSL_R_UNKNOWN_ALERT_TYPE 246
|
|
|
|
|
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
|
2020-04-06 12:52:36 +00:00
|
|
|
index 9902fa3811..3033ba3b3a 100644
|
2018-09-26 17:31:20 +00:00
|
|
|
--- a/ssl/s3_lib.c
|
|
|
|
|
+++ b/ssl/s3_lib.c
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -169,7 +169,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
2018-09-26 17:31:20 +00:00
|
|
|
SSL_aRSA,
|
|
|
|
|
SSL_3DES,
|
|
|
|
|
SSL_SHA1,
|
|
|
|
|
- SSL3_VERSION, TLS1_2_VERSION,
|
|
|
|
|
+ SSL3_VERSION, TLS1_VERSION,
|
|
|
|
|
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
|
|
|
|
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
|
|
|
|
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -234,7 +234,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
2018-09-26 17:31:20 +00:00
|
|
|
SSL_aRSA,
|
|
|
|
|
SSL_AES128,
|
|
|
|
|
SSL_SHA1,
|
|
|
|
|
- SSL3_VERSION, TLS1_2_VERSION,
|
|
|
|
|
+ SSL3_VERSION, TLS1_VERSION,
|
|
|
|
|
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
|
|
|
|
SSL_HIGH | SSL_FIPS,
|
|
|
|
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -298,7 +298,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
|
2018-09-26 17:31:20 +00:00
|
|
|
SSL_aRSA,
|
|
|
|
|
SSL_AES256,
|
|
|
|
|
SSL_SHA1,
|
|
|
|
|
- SSL3_VERSION, TLS1_2_VERSION,
|
|
|
|
|
+ SSL3_VERSION, TLS1_VERSION,
|
|
|
|
|
DTLS1_BAD_VER, DTLS1_2_VERSION,
|
|
|
|
|
SSL_HIGH | SSL_FIPS,
|
|
|
|
|
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -4145,6 +4145,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
|
2018-09-26 17:31:20 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s)
|
|
|
|
|
+{
|
|
|
|
|
+ if (s->cipher_list != NULL)
|
|
|
|
|
+ return (s->cipher_list);
|
|
|
|
|
+
|
|
|
|
|
+ if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL))
|
|
|
|
|
+ return (s->ctx->cipher_list);
|
|
|
|
|
+
|
|
|
|
|
+ return NULL;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
/*
|
|
|
|
|
* ssl3_choose_cipher - choose a cipher from those offered by the client
|
|
|
|
|
* @s: SSL connection
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -4154,15 +4165,23 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
|
2018-09-26 17:31:20 +00:00
|
|
|
* Returns the selected cipher or NULL when no common ciphers.
|
|
|
|
|
*/
|
|
|
|
|
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
|
|
|
|
- STACK_OF(SSL_CIPHER) *srvr)
|
|
|
|
|
+ struct ssl_cipher_preference_list_st
|
|
|
|
|
+ *server_pref)
|
|
|
|
|
{
|
|
|
|
|
const SSL_CIPHER *c, *ret = NULL;
|
|
|
|
|
- STACK_OF(SSL_CIPHER) *prio, *allow;
|
|
|
|
|
- int i, ii, ok, prefer_sha256 = 0;
|
|
|
|
|
+ STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
|
|
|
|
|
+ int i, ii, ok, prefer_sha256 = 0, safari_ec = 0;
|
|
|
|
|
unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
|
|
|
|
|
-#ifndef OPENSSL_NO_CHACHA
|
|
|
|
|
- STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
|
|
|
|
|
-#endif
|
|
|
|
|
+
|
|
|
|
|
+ /* in_group_flags will either be NULL, or will point to an array of
|
|
|
|
|
+ * bytes which indicate equal-preference groups in the |prio| stack.
|
|
|
|
|
+ * See the comment about |in_group_flags| in the
|
|
|
|
|
+ * |ssl_cipher_preference_list_st| struct. */
|
|
|
|
|
+ const uint8_t *in_group_flags;
|
|
|
|
|
+
|
|
|
|
|
+ /* group_min contains the minimal index so far found in a group, or -1
|
|
|
|
|
+ * if no such value exists yet. */
|
|
|
|
|
+ int group_min = -1;
|
|
|
|
|
|
|
|
|
|
/* Let's see which ciphers we can support */
|
|
|
|
|
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -4189,54 +4208,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
2019-03-09 16:02:11 +00:00
|
|
|
} OSSL_TRACE_END(TLS_CIPHER);
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
/* SUITE-B takes precedence over server preference and ChaCha priortiy */
|
|
|
|
|
- if (tls1_suiteb(s)) {
|
|
|
|
|
+ if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
|
|
|
|
|
prio = srvr;
|
|
|
|
|
+ in_group_flags = server_pref->in_group_flags;
|
|
|
|
|
allow = clnt;
|
|
|
|
|
- } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
|
|
|
|
|
- prio = srvr;
|
|
|
|
|
- allow = clnt;
|
|
|
|
|
-#ifndef OPENSSL_NO_CHACHA
|
|
|
|
|
- /* If ChaCha20 is at the top of the client preference list,
|
|
|
|
|
- and there are ChaCha20 ciphers in the server list, then
|
|
|
|
|
- temporarily prioritize all ChaCha20 ciphers in the servers list. */
|
|
|
|
|
- if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
|
|
|
|
|
- c = sk_SSL_CIPHER_value(clnt, 0);
|
|
|
|
|
- if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
|
|
|
|
|
- /* ChaCha20 is client preferred, check server... */
|
|
|
|
|
- int num = sk_SSL_CIPHER_num(srvr);
|
|
|
|
|
- int found = 0;
|
|
|
|
|
- for (i = 0; i < num; i++) {
|
|
|
|
|
- c = sk_SSL_CIPHER_value(srvr, i);
|
|
|
|
|
- if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
|
|
|
|
|
- found = 1;
|
|
|
|
|
- break;
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- if (found) {
|
|
|
|
|
- prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
|
|
|
|
|
- /* if reserve fails, then there's likely a memory issue */
|
|
|
|
|
- if (prio_chacha != NULL) {
|
|
|
|
|
- /* Put all ChaCha20 at the top, starting with the one we just found */
|
|
|
|
|
- sk_SSL_CIPHER_push(prio_chacha, c);
|
|
|
|
|
- for (i++; i < num; i++) {
|
|
|
|
|
- c = sk_SSL_CIPHER_value(srvr, i);
|
|
|
|
|
- if (c->algorithm_enc == SSL_CHACHA20POLY1305)
|
|
|
|
|
- sk_SSL_CIPHER_push(prio_chacha, c);
|
|
|
|
|
- }
|
|
|
|
|
- /* Pull in the rest */
|
|
|
|
|
- for (i = 0; i < num; i++) {
|
|
|
|
|
- c = sk_SSL_CIPHER_value(srvr, i);
|
|
|
|
|
- if (c->algorithm_enc != SSL_CHACHA20POLY1305)
|
|
|
|
|
- sk_SSL_CIPHER_push(prio_chacha, c);
|
|
|
|
|
- }
|
|
|
|
|
- prio = prio_chacha;
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
-# endif
|
|
|
|
|
} else {
|
|
|
|
|
prio = clnt;
|
|
|
|
|
+ in_group_flags = NULL;
|
|
|
|
|
allow = srvr;
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -4267,14 +4245,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
2018-09-26 17:31:20 +00:00
|
|
|
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
|
|
|
|
|
c = sk_SSL_CIPHER_value(prio, i);
|
|
|
|
|
|
|
|
|
|
+ ok = 1;
|
|
|
|
|
+
|
|
|
|
|
/* Skip ciphers not supported by the protocol version */
|
|
|
|
|
if (!SSL_IS_DTLS(s) &&
|
|
|
|
|
((s->version < c->min_tls) || (s->version > c->max_tls)))
|
|
|
|
|
- continue;
|
|
|
|
|
+ ok = 0;
|
|
|
|
|
if (SSL_IS_DTLS(s) &&
|
|
|
|
|
(DTLS_VERSION_LT(s->version, c->min_dtls) ||
|
|
|
|
|
DTLS_VERSION_GT(s->version, c->max_dtls)))
|
|
|
|
|
- continue;
|
|
|
|
|
+ ok = 0;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Since TLS 1.3 ciphersuites can be used with any auth or
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -4296,10 +4276,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
2018-09-26 17:31:20 +00:00
|
|
|
#ifndef OPENSSL_NO_PSK
|
|
|
|
|
/* with PSK there must be server callback set */
|
|
|
|
|
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
|
|
|
|
|
- continue;
|
|
|
|
|
+ ok = 0;
|
|
|
|
|
#endif /* OPENSSL_NO_PSK */
|
|
|
|
|
|
|
|
|
|
- ok = (alg_k & mask_k) && (alg_a & mask_a);
|
|
|
|
|
+ ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
|
2019-03-09 16:02:11 +00:00
|
|
|
OSSL_TRACE7(TLS_CIPHER,
|
|
|
|
|
"%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
|
|
|
|
|
ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -4315,6 +4295,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
if (!ok)
|
|
|
|
|
continue;
|
|
|
|
|
+
|
|
|
|
|
+ safari_ec = 0;
|
|
|
|
|
+#if !defined(OPENSSL_NO_EC)
|
|
|
|
|
+ if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)) {
|
2019-05-02 08:39:20 +00:00
|
|
|
+ if (s->s3.is_probably_safari)
|
2018-09-26 17:31:20 +00:00
|
|
|
+ safari_ec = 1;
|
|
|
|
|
+ }
|
|
|
|
|
+#endif
|
|
|
|
|
}
|
|
|
|
|
ii = sk_SSL_CIPHER_find(allow, c);
|
|
|
|
|
if (ii >= 0) {
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -4322,14 +4310,7 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
2018-09-26 17:31:20 +00:00
|
|
|
if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
|
|
|
|
|
c->strength_bits, 0, (void *)c))
|
|
|
|
|
continue;
|
|
|
|
|
-#if !defined(OPENSSL_NO_EC)
|
|
|
|
|
- if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
|
2019-05-02 08:39:20 +00:00
|
|
|
- && s->s3.is_probably_safari) {
|
2018-09-26 17:31:20 +00:00
|
|
|
- if (!ret)
|
|
|
|
|
- ret = sk_SSL_CIPHER_value(allow, ii);
|
|
|
|
|
- continue;
|
|
|
|
|
- }
|
|
|
|
|
-#endif
|
|
|
|
|
+
|
|
|
|
|
if (prefer_sha256) {
|
|
|
|
|
const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
|
|
|
|
|
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -4346,13 +4327,38 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
|
2018-09-26 17:31:20 +00:00
|
|
|
ret = tmp;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
- ret = sk_SSL_CIPHER_value(allow, ii);
|
|
|
|
|
+
|
|
|
|
|
+ if (in_group_flags != NULL && in_group_flags[i] == 1) {
|
|
|
|
|
+ /* This element of |prio| is in a group. Update
|
|
|
|
|
+ * the minimum index found so far and continue
|
|
|
|
|
+ * looking. */
|
|
|
|
|
+ if (group_min == -1 || group_min > ii)
|
|
|
|
|
+ group_min = ii;
|
|
|
|
|
+ } else {
|
|
|
|
|
+ if (group_min != -1 && group_min < ii)
|
|
|
|
|
+ ii = group_min;
|
|
|
|
|
+ if (safari_ec) {
|
|
|
|
|
+ if (!ret)
|
|
|
|
|
+ ret = sk_SSL_CIPHER_value(allow, ii);
|
|
|
|
|
+ continue;
|
|
|
|
|
+ }
|
|
|
|
|
+ ret = sk_SSL_CIPHER_value(allow, ii);
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (in_group_flags != NULL && !in_group_flags[i] && group_min != -1) {
|
|
|
|
|
+ /* We are about to leave a group, but we found a match
|
|
|
|
|
+ * in it, so that's our answer. */
|
|
|
|
|
+ if (safari_ec) {
|
|
|
|
|
+ if (!ret)
|
|
|
|
|
+ ret = sk_SSL_CIPHER_value(allow, group_min);
|
|
|
|
|
+ continue;
|
|
|
|
|
+ }
|
|
|
|
|
+ ret = sk_SSL_CIPHER_value(allow, group_min);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
-#ifndef OPENSSL_NO_CHACHA
|
|
|
|
|
- sk_SSL_CIPHER_free(prio_chacha);
|
|
|
|
|
-#endif
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
|
2020-04-06 12:52:36 +00:00
|
|
|
index 066c38a7cc..f1e3d1cbe2 100644
|
2018-09-26 17:31:20 +00:00
|
|
|
--- a/ssl/ssl_ciph.c
|
|
|
|
|
+++ b/ssl/ssl_ciph.c
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -154,6 +154,7 @@ typedef struct cipher_order_st {
|
2018-09-26 17:31:20 +00:00
|
|
|
const SSL_CIPHER *cipher;
|
|
|
|
|
int active;
|
|
|
|
|
int dead;
|
|
|
|
|
+ int in_group;
|
|
|
|
|
struct cipher_order_st *next, *prev;
|
|
|
|
|
} CIPHER_ORDER;
|
|
|
|
|
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -259,6 +260,7 @@ static const SSL_CIPHER cipher_aliases[] = {
|
2019-03-09 16:02:11 +00:00
|
|
|
{0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
|
|
|
|
|
{0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
|
|
|
|
|
{0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
|
|
|
|
|
+ {0, "TLS13", NULL, 0, 0, 0, 0, 0, TLS1_3_VERSION},
|
|
|
|
|
|
|
|
|
|
/* strength classes */
|
|
|
|
|
{0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -673,6 +675,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
co_list[co_list_num].next = NULL;
|
|
|
|
|
co_list[co_list_num].prev = NULL;
|
|
|
|
|
co_list[co_list_num].active = 0;
|
|
|
|
|
+ co_list[co_list_num].in_group = 0;
|
|
|
|
|
co_list_num++;
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -766,8 +769,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
|
2018-09-26 17:31:20 +00:00
|
|
|
uint32_t alg_auth, uint32_t alg_enc,
|
|
|
|
|
uint32_t alg_mac, int min_tls,
|
|
|
|
|
uint32_t algo_strength, int rule,
|
|
|
|
|
- int32_t strength_bits, CIPHER_ORDER **head_p,
|
|
|
|
|
- CIPHER_ORDER **tail_p)
|
|
|
|
|
+ int32_t strength_bits, int in_group,
|
|
|
|
|
+ CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
|
|
|
|
|
{
|
|
|
|
|
CIPHER_ORDER *head, *tail, *curr, *next, *last;
|
|
|
|
|
const SSL_CIPHER *cp;
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -775,9 +778,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
|
2018-09-26 17:31:20 +00:00
|
|
|
|
2019-03-09 16:02:11 +00:00
|
|
|
OSSL_TRACE_BEGIN(TLS_CIPHER){
|
|
|
|
|
BIO_printf(trc_out,
|
|
|
|
|
- "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
|
|
|
|
|
+ "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n",
|
|
|
|
|
rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
|
|
|
|
|
- algo_strength, strength_bits);
|
|
|
|
|
+ algo_strength, strength_bits, in_group);
|
|
|
|
|
}
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -854,6 +857,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
|
2018-09-26 17:31:20 +00:00
|
|
|
if (!curr->active) {
|
|
|
|
|
ll_append_tail(&head, curr, &tail);
|
|
|
|
|
curr->active = 1;
|
|
|
|
|
+ curr->in_group = in_group;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* Move the added cipher to this location */
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -861,6 +865,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
|
2018-09-26 17:31:20 +00:00
|
|
|
/* reverse == 0 */
|
|
|
|
|
if (curr->active) {
|
|
|
|
|
ll_append_tail(&head, curr, &tail);
|
|
|
|
|
+ curr->in_group = 0;
|
|
|
|
|
}
|
|
|
|
|
} else if (rule == CIPHER_DEL) {
|
|
|
|
|
/* reverse == 1 */
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -872,6 +877,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
|
2018-09-26 17:31:20 +00:00
|
|
|
*/
|
|
|
|
|
ll_append_head(&head, curr, &tail);
|
|
|
|
|
curr->active = 0;
|
|
|
|
|
+ curr->in_group = 0;
|
|
|
|
|
}
|
|
|
|
|
} else if (rule == CIPHER_BUMP) {
|
|
|
|
|
if (curr->active)
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -941,8 +947,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
|
2018-09-26 17:31:20 +00:00
|
|
|
*/
|
|
|
|
|
for (i = max_strength_bits; i >= 0; i--)
|
|
|
|
|
if (number_uses[i] > 0)
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p,
|
|
|
|
|
- tail_p);
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0,
|
|
|
|
|
+ head_p, tail_p);
|
|
|
|
|
|
|
|
|
|
OPENSSL_free(number_uses);
|
|
|
|
|
return 1;
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -956,7 +962,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
2018-09-26 17:31:20 +00:00
|
|
|
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
|
|
|
|
|
int min_tls;
|
|
|
|
|
const char *l, *buf;
|
|
|
|
|
- int j, multi, found, rule, retval, ok, buflen;
|
|
|
|
|
+ int j, multi, found, rule, retval, ok, buflen, in_group = 0, has_group = 0;
|
|
|
|
|
uint32_t cipher_id = 0;
|
|
|
|
|
char ch;
|
|
|
|
|
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -967,18 +973,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
if (ch == '\0')
|
|
|
|
|
break; /* done */
|
|
|
|
|
- if (ch == '-') {
|
|
|
|
|
+ if (in_group) {
|
|
|
|
|
+ if (ch == ']') {
|
|
|
|
|
+ if (!in_group) {
|
|
|
|
|
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
|
|
|
|
|
+ SSL_R_UNEXPECTED_GROUP_CLOSE);
|
|
|
|
|
+ retval = found = in_group = 0;
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+ if (*tail_p)
|
|
|
|
|
+ (*tail_p)->in_group = 0;
|
|
|
|
|
+ in_group = 0;
|
|
|
|
|
+ l++;
|
|
|
|
|
+ continue;
|
|
|
|
|
+ }
|
|
|
|
|
+ if (ch == '|') {
|
|
|
|
|
+ rule = CIPHER_ADD;
|
|
|
|
|
+ l++;
|
|
|
|
|
+ continue;
|
|
|
|
|
+ } else if (!(ch >= 'a' && ch <= 'z')
|
|
|
|
|
+ && !(ch >= 'A' && ch <= 'Z')
|
|
|
|
|
+ && !(ch >= '0' && ch <= '9')) {
|
|
|
|
|
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
|
|
|
|
|
+ SSL_R_UNEXPECTED_OPERATOR_IN_GROUP);
|
|
|
|
|
+ retval = found = in_group = 0;
|
|
|
|
|
+ break;
|
|
|
|
|
+ } else {
|
|
|
|
|
+ rule = CIPHER_ADD;
|
|
|
|
|
+ }
|
|
|
|
|
+ } else if (ch == '-') {
|
|
|
|
|
rule = CIPHER_DEL;
|
|
|
|
|
l++;
|
|
|
|
|
} else if (ch == '+') {
|
|
|
|
|
rule = CIPHER_ORD;
|
|
|
|
|
l++;
|
|
|
|
|
+ } else if (ch == '!' && has_group) {
|
|
|
|
|
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
|
|
|
|
|
+ SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS);
|
|
|
|
|
+ retval = found = in_group = 0;
|
|
|
|
|
+ break;
|
|
|
|
|
} else if (ch == '!') {
|
|
|
|
|
rule = CIPHER_KILL;
|
|
|
|
|
l++;
|
|
|
|
|
+ } else if (ch == '@' && has_group) {
|
|
|
|
|
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
|
|
|
|
|
+ SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS);
|
|
|
|
|
+ retval = found = in_group = 0;
|
|
|
|
|
+ break;
|
|
|
|
|
} else if (ch == '@') {
|
|
|
|
|
rule = CIPHER_SPECIAL;
|
|
|
|
|
l++;
|
|
|
|
|
+ } else if (ch == '[') {
|
|
|
|
|
+ if (in_group) {
|
|
|
|
|
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_NESTED_GROUP);
|
|
|
|
|
+ retval = found = in_group = 0;
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+ in_group = 1;
|
|
|
|
|
+ has_group = 1;
|
|
|
|
|
+ l++;
|
|
|
|
|
+ continue;
|
|
|
|
|
} else {
|
|
|
|
|
rule = CIPHER_ADD;
|
|
|
|
|
}
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1003,7 +1057,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
2019-03-09 16:02:11 +00:00
|
|
|
while (((ch >= 'A') && (ch <= 'Z')) ||
|
|
|
|
|
((ch >= '0') && (ch <= '9')) ||
|
|
|
|
|
((ch >= 'a') && (ch <= 'z')) ||
|
|
|
|
|
- (ch == '-') || (ch == '.') || (ch == '='))
|
|
|
|
|
+ (ch == '-') || (ch == '.') || (ch == '=') || (ch == '_'))
|
|
|
|
|
#else
|
|
|
|
|
while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
|
|
|
|
|
|| (ch == '='))
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1020,7 +1074,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
2018-09-26 17:31:20 +00:00
|
|
|
* alphanumeric, so we call this an error.
|
|
|
|
|
*/
|
|
|
|
|
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
|
|
|
|
|
- retval = found = 0;
|
|
|
|
|
+ retval = found = in_group = 0;
|
|
|
|
|
l++;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1199,8 +1253,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
2018-09-26 17:31:20 +00:00
|
|
|
} else if (found) {
|
|
|
|
|
ssl_cipher_apply_rule(cipher_id,
|
|
|
|
|
alg_mkey, alg_auth, alg_enc, alg_mac,
|
|
|
|
|
- min_tls, algo_strength, rule, -1, head_p,
|
|
|
|
|
- tail_p);
|
|
|
|
|
+ min_tls, algo_strength, rule, -1, in_group,
|
|
|
|
|
+ head_p, tail_p);
|
|
|
|
|
} else {
|
|
|
|
|
while ((*l != '\0') && !ITEM_SEP(*l))
|
|
|
|
|
l++;
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1209,6 +1263,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
|
2018-09-26 17:31:20 +00:00
|
|
|
break; /* done */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+ if (in_group) {
|
|
|
|
|
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
|
|
|
|
|
+ retval = 0;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
return retval;
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1372,7 +1431,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
|
2019-09-17 15:56:26 +00:00
|
|
|
int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
|
2018-09-26 17:31:20 +00:00
|
|
|
|
2019-09-20 11:34:40 +00:00
|
|
|
if (ret && ctx->cipher_list != NULL)
|
2018-09-26 17:31:20 +00:00
|
|
|
- return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id,
|
|
|
|
|
+ return update_cipher_list(&ctx->cipher_list->ciphers, &ctx->cipher_list_by_id,
|
|
|
|
|
ctx->tls13_ciphersuites);
|
|
|
|
|
|
2019-09-17 15:56:26 +00:00
|
|
|
return ret;
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1385,10 +1444,10 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
|
2018-09-26 17:31:20 +00:00
|
|
|
|
2019-09-20 11:34:40 +00:00
|
|
|
if (s->cipher_list == NULL) {
|
2019-09-17 15:56:26 +00:00
|
|
|
if ((cipher_list = SSL_get_ciphers(s)) != NULL)
|
|
|
|
|
- s->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
|
|
|
|
|
+ s->cipher_list->ciphers = sk_SSL_CIPHER_dup(cipher_list);
|
|
|
|
|
}
|
2019-09-20 11:34:40 +00:00
|
|
|
if (ret && s->cipher_list != NULL)
|
2018-09-26 17:31:20 +00:00
|
|
|
- return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id,
|
|
|
|
|
+ return update_cipher_list(&s->cipher_list->ciphers, &s->cipher_list_by_id,
|
|
|
|
|
s->tls13_ciphersuites);
|
|
|
|
|
|
2019-09-17 15:56:26 +00:00
|
|
|
return ret;
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1396,17 +1455,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
|
|
|
|
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
|
|
|
|
- STACK_OF(SSL_CIPHER) **cipher_list,
|
|
|
|
|
+ struct ssl_cipher_preference_list_st **cipher_list,
|
|
|
|
|
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
|
|
|
|
|
const char *rule_str,
|
|
|
|
|
CERT *c)
|
|
|
|
|
{
|
|
|
|
|
- int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i;
|
2019-03-09 16:02:11 +00:00
|
|
|
+ int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
|
2018-09-26 17:31:20 +00:00
|
|
|
uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
|
|
|
|
|
- STACK_OF(SSL_CIPHER) *cipherstack;
|
|
|
|
|
+ STACK_OF(SSL_CIPHER) *cipherstack = NULL;
|
|
|
|
|
const char *rule_p;
|
|
|
|
|
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
2019-03-09 16:02:11 +00:00
|
|
|
const SSL_CIPHER **ca_list = NULL;
|
2018-09-26 17:31:20 +00:00
|
|
|
+ uint8_t *in_group_flags = NULL;
|
|
|
|
|
+ unsigned int num_in_group_flags = 0;
|
|
|
|
|
+ struct ssl_cipher_preference_list_st *pref_list = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Return with error if nothing to do.
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1455,16 +1517,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
* preference).
|
|
|
|
|
*/
|
|
|
|
|
ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
|
|
|
|
|
- -1, &head, &tail);
|
|
|
|
|
- ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
|
|
|
|
|
- &tail);
|
|
|
|
|
- ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
|
|
|
|
|
- &tail);
|
|
|
|
|
+ -1, 0, &head, &tail);
|
|
|
|
|
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0,
|
|
|
|
|
+ &head, &tail);
|
|
|
|
|
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0,
|
|
|
|
|
+ &head, &tail);
|
|
|
|
|
|
|
|
|
|
/* Within each strength group, we prefer GCM over CHACHA... */
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1, 0,
|
|
|
|
|
&head, &tail);
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1, 0,
|
|
|
|
|
&head, &tail);
|
|
|
|
|
|
|
|
|
|
/*
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1473,13 +1535,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
* strength.
|
|
|
|
|
*/
|
|
|
|
|
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
|
|
|
|
|
- -1, &head, &tail);
|
|
|
|
|
+ -1, 0, &head, &tail);
|
|
|
|
|
|
|
|
|
|
/* Temporarily enable everything else for sorting */
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head, &tail);
|
|
|
|
|
|
|
|
|
|
/* Low priority for MD5 */
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, 0, &head,
|
|
|
|
|
&tail);
|
|
|
|
|
|
|
|
|
|
/*
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1487,16 +1549,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
* disabled. (For applications that allow them, they aren't too bad, but
|
|
|
|
|
* we prefer authenticated ciphers.)
|
|
|
|
|
*/
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, 0, &head,
|
|
|
|
|
&tail);
|
|
|
|
|
|
|
|
|
|
- ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, 0, &head,
|
|
|
|
|
&tail);
|
|
|
|
|
- ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, 0, &head,
|
|
|
|
|
&tail);
|
|
|
|
|
|
|
|
|
|
/* RC4 is sort-of broken -- move to the end */
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, 0, &head,
|
|
|
|
|
&tail);
|
|
|
|
|
|
|
|
|
|
/*
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1512,7 +1574,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
* Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
|
|
|
|
|
* TODO(openssl-team): is there an easier way to accomplish all this?
|
|
|
|
|
*/
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1, 0,
|
|
|
|
|
&head, &tail);
|
|
|
|
|
|
|
|
|
|
/*
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1528,15 +1590,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
* Because we now bump ciphers to the top of the list, we proceed in
|
|
|
|
|
* reverse order of preference.
|
|
|
|
|
*/
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1, 0,
|
|
|
|
|
&head, &tail);
|
|
|
|
|
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
|
|
|
|
|
- CIPHER_BUMP, -1, &head, &tail);
|
|
|
|
|
+ CIPHER_BUMP, -1, 0, &head, &tail);
|
|
|
|
|
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
|
|
|
|
|
- CIPHER_BUMP, -1, &head, &tail);
|
|
|
|
|
+ CIPHER_BUMP, -1, 0, &head, &tail);
|
2019-03-09 16:02:11 +00:00
|
|
|
+
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_3_VERSION, 0, CIPHER_BUMP, -1, 0,
|
|
|
|
|
+ &head, &tail);
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
/* Now disable everything (maintaining the ordering!) */
|
|
|
|
|
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
|
|
|
|
|
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0, &head, &tail);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We also need cipher aliases for selecting based on the rule_str.
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1550,9 +1615,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
|
|
|
|
|
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
|
|
|
|
|
if (ca_list == NULL) {
|
|
|
|
|
- OPENSSL_free(co_list);
|
|
|
|
|
SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
- return NULL; /* Failure */
|
|
|
|
|
+ goto err; /* Failure */
|
|
|
|
|
}
|
|
|
|
|
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
|
|
|
|
|
disabled_mkey, disabled_auth, disabled_enc,
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1577,28 +1641,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
OPENSSL_free(ca_list); /* Not needed anymore */
|
|
|
|
|
|
|
|
|
|
- if (!ok) { /* Rule processing failure */
|
|
|
|
|
- OPENSSL_free(co_list);
|
|
|
|
|
- return NULL;
|
|
|
|
|
- }
|
|
|
|
|
+ if (!ok)
|
|
|
|
|
+ goto err; /* Rule processing failure */
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Allocate new "cipherstack" for the result, return with error
|
|
|
|
|
* if we cannot get one.
|
|
|
|
|
*/
|
|
|
|
|
- if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
|
|
|
|
|
- OPENSSL_free(co_list);
|
|
|
|
|
- return NULL;
|
|
|
|
|
- }
|
|
|
|
|
+ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
|
|
|
|
|
+ goto err;
|
|
|
|
|
|
2019-03-09 16:02:11 +00:00
|
|
|
- /* Add TLSv1.3 ciphers first - we always prefer those if possible */
|
2018-09-26 17:31:20 +00:00
|
|
|
- for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
|
2019-03-09 16:02:11 +00:00
|
|
|
- if (!sk_SSL_CIPHER_push(cipherstack,
|
2018-09-26 17:31:20 +00:00
|
|
|
- sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
|
|
|
|
|
- sk_SSL_CIPHER_free(cipherstack);
|
|
|
|
|
- return NULL;
|
2019-03-09 16:02:11 +00:00
|
|
|
- }
|
|
|
|
|
- }
|
|
|
|
|
+ in_group_flags = OPENSSL_malloc(num_of_ciphers);
|
|
|
|
|
+ if (!in_group_flags)
|
|
|
|
|
+ goto err;
|
2018-09-26 17:31:20 +00:00
|
|
|
|
2019-03-09 16:02:11 +00:00
|
|
|
OSSL_TRACE_BEGIN(TLS_CIPHER) {
|
|
|
|
|
BIO_printf(trc_out, "cipher selection:\n");
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1610,26 +1665,51 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
2018-09-26 17:31:20 +00:00
|
|
|
for (curr = head; curr != NULL; curr = curr->next) {
|
|
|
|
|
if (curr->active) {
|
2019-03-09 16:02:11 +00:00
|
|
|
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
|
2018-09-26 17:31:20 +00:00
|
|
|
- OPENSSL_free(co_list);
|
|
|
|
|
- sk_SSL_CIPHER_free(cipherstack);
|
2019-03-09 16:02:11 +00:00
|
|
|
OSSL_TRACE_CANCEL(TLS_CIPHER);
|
2018-09-26 17:31:20 +00:00
|
|
|
- return NULL;
|
|
|
|
|
+ goto err;
|
2019-03-09 16:02:11 +00:00
|
|
|
}
|
2018-09-26 17:31:20 +00:00
|
|
|
+ in_group_flags[num_in_group_flags++] = curr->in_group;
|
2019-03-09 16:02:11 +00:00
|
|
|
if (trc_out != NULL)
|
|
|
|
|
BIO_printf(trc_out, "<%s>\n", curr->cipher->name);
|
2018-09-26 17:31:20 +00:00
|
|
|
}
|
2019-03-15 16:06:40 +00:00
|
|
|
}
|
2019-03-09 16:02:11 +00:00
|
|
|
OPENSSL_free(co_list); /* Not needed any longer */
|
2019-03-15 16:06:40 +00:00
|
|
|
+ co_list = NULL;
|
2019-03-09 16:02:11 +00:00
|
|
|
OSSL_TRACE_END(TLS_CIPHER);
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
- if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
|
|
|
|
|
- sk_SSL_CIPHER_free(cipherstack);
|
|
|
|
|
- return NULL;
|
|
|
|
|
- }
|
|
|
|
|
- sk_SSL_CIPHER_free(*cipher_list);
|
|
|
|
|
- *cipher_list = cipherstack;
|
|
|
|
|
+ if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack))
|
|
|
|
|
+ goto err;
|
|
|
|
|
+
|
|
|
|
|
+ pref_list = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
|
|
|
|
|
+ if (!pref_list)
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ pref_list->ciphers = cipherstack;
|
|
|
|
|
+ pref_list->in_group_flags = OPENSSL_malloc(num_in_group_flags);
|
|
|
|
|
+ if (!pref_list->in_group_flags)
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags);
|
|
|
|
|
+ OPENSSL_free(in_group_flags);
|
|
|
|
|
+ in_group_flags = NULL;
|
|
|
|
|
+ if (*cipher_list != NULL)
|
|
|
|
|
+ ssl_cipher_preference_list_free(*cipher_list);
|
|
|
|
|
+ *cipher_list = pref_list;
|
|
|
|
|
+ pref_list = NULL;
|
|
|
|
|
|
|
|
|
|
return cipherstack;
|
|
|
|
|
+
|
|
|
|
|
+err:
|
|
|
|
|
+ if (co_list)
|
|
|
|
|
+ OPENSSL_free(co_list);
|
|
|
|
|
+ if (in_group_flags)
|
|
|
|
|
+ OPENSSL_free(in_group_flags);
|
|
|
|
|
+ if (cipherstack)
|
|
|
|
|
+ sk_SSL_CIPHER_free(cipherstack);
|
|
|
|
|
+ if (pref_list && pref_list->in_group_flags)
|
|
|
|
|
+ OPENSSL_free(pref_list->in_group_flags);
|
|
|
|
|
+ if (pref_list)
|
|
|
|
|
+ OPENSSL_free(pref_list);
|
|
|
|
|
+ return NULL;
|
2019-03-09 16:02:11 +00:00
|
|
|
+
|
2018-09-26 17:31:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
|
|
|
|
|
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
|
2020-04-06 12:52:36 +00:00
|
|
|
index 85d9dd8448..64f7577a90 100644
|
2018-09-26 17:31:20 +00:00
|
|
|
--- a/ssl/ssl_err.c
|
|
|
|
|
+++ b/ssl/ssl_err.c
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -14,6 +14,8 @@
|
|
|
|
|
#ifndef OPENSSL_NO_ERR
|
|
|
|
|
|
|
|
|
|
static const ERR_STRING_DATA SSL_str_reasons[] = {
|
|
|
|
|
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ALGORITHM_FETCH_FAILED),
|
|
|
|
|
+ "algorithm fetch failed"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY),
|
|
|
|
|
"application data after close notify"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE),
|
|
|
|
|
@@ -171,8 +173,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
|
|
|
|
|
"ext length mismatch"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC),
|
|
|
|
|
"failed to init async"},
|
|
|
|
|
- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ALGORITHM_FETCH_FAILED),
|
|
|
|
|
- "algorithm fetch failed"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO),
|
|
|
|
|
"fragmented client hello"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS),
|
|
|
|
|
@@ -257,6 +257,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
|
2018-09-26 17:31:20 +00:00
|
|
|
"missing tmp ecdh key"},
|
2019-03-09 16:02:11 +00:00
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
|
|
|
|
|
"mixed handshake and non handshake data"},
|
2018-09-26 17:31:20 +00:00
|
|
|
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS),
|
2019-02-26 07:31:31 +00:00
|
|
|
+ "mixed special operator with groups"},
|
2018-09-26 17:31:20 +00:00
|
|
|
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "nested group"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
|
2019-03-09 16:02:11 +00:00
|
|
|
"not on record boundary"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -493,7 +496,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
|
2018-09-26 17:31:20 +00:00
|
|
|
"unexpected end of early data"},
|
2020-02-06 16:29:07 +00:00
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
|
|
|
|
|
"unexpected eof while reading"},
|
2019-03-09 16:02:11 +00:00
|
|
|
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE),
|
|
|
|
|
+ "unexpected group close"},
|
2018-09-26 17:31:20 +00:00
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
|
|
|
|
|
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP),
|
2019-02-26 07:31:31 +00:00
|
|
|
+ "unexpected operator in group"},
|
2018-09-26 17:31:20 +00:00
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
|
|
|
|
|
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
|
|
|
|
|
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
2020-04-06 12:52:36 +00:00
|
|
|
index a08ddb138b..fc6d1ac2a3 100644
|
2018-09-26 17:31:20 +00:00
|
|
|
--- a/ssl/ssl_lib.c
|
|
|
|
|
+++ b/ssl/ssl_lib.c
|
2019-09-17 15:56:26 +00:00
|
|
|
@@ -1127,6 +1127,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
|
2018-09-26 17:31:20 +00:00
|
|
|
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
+void ssl_cipher_preference_list_free(struct ssl_cipher_preference_list_st
|
|
|
|
|
+ *cipher_list)
|
|
|
|
|
+{
|
|
|
|
|
+ sk_SSL_CIPHER_free(cipher_list->ciphers);
|
|
|
|
|
+ OPENSSL_free(cipher_list->in_group_flags);
|
|
|
|
|
+ OPENSSL_free(cipher_list);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+struct ssl_cipher_preference_list_st*
|
|
|
|
|
+ssl_cipher_preference_list_dup(struct ssl_cipher_preference_list_st
|
|
|
|
|
+ *cipher_list)
|
|
|
|
|
+{
|
|
|
|
|
+ struct ssl_cipher_preference_list_st* ret = NULL;
|
|
|
|
|
+ size_t n = sk_SSL_CIPHER_num(cipher_list->ciphers);
|
|
|
|
|
+
|
|
|
|
|
+ ret = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
|
|
|
|
|
+ if (!ret)
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ ret->ciphers = NULL;
|
|
|
|
|
+ ret->in_group_flags = NULL;
|
|
|
|
|
+ ret->ciphers = sk_SSL_CIPHER_dup(cipher_list->ciphers);
|
|
|
|
|
+ if (!ret->ciphers)
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ ret->in_group_flags = OPENSSL_malloc(n);
|
|
|
|
|
+ if (!ret->in_group_flags)
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ memcpy(ret->in_group_flags, cipher_list->in_group_flags, n);
|
|
|
|
|
+ return ret;
|
|
|
|
|
+
|
|
|
|
|
+err:
|
|
|
|
|
+ if (ret->ciphers)
|
|
|
|
|
+ sk_SSL_CIPHER_free(ret->ciphers);
|
|
|
|
|
+ if (ret)
|
|
|
|
|
+ OPENSSL_free(ret);
|
|
|
|
|
+ return NULL;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+struct ssl_cipher_preference_list_st*
|
|
|
|
|
+ssl_cipher_preference_list_from_ciphers(STACK_OF(SSL_CIPHER) *ciphers)
|
|
|
|
|
+{
|
|
|
|
|
+ struct ssl_cipher_preference_list_st* ret = NULL;
|
|
|
|
|
+ size_t n = sk_SSL_CIPHER_num(ciphers);
|
|
|
|
|
+
|
|
|
|
|
+ ret = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
|
|
|
|
|
+ if (!ret)
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ ret->ciphers = NULL;
|
|
|
|
|
+ ret->in_group_flags = NULL;
|
|
|
|
|
+ ret->ciphers = sk_SSL_CIPHER_dup(ciphers);
|
|
|
|
|
+ if (!ret->ciphers)
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ ret->in_group_flags = OPENSSL_malloc(n);
|
|
|
|
|
+ if (!ret->in_group_flags)
|
|
|
|
|
+ goto err;
|
|
|
|
|
+ memset(ret->in_group_flags, 0, n);
|
|
|
|
|
+ return ret;
|
|
|
|
|
+
|
|
|
|
|
+err:
|
|
|
|
|
+ if (ret->ciphers)
|
|
|
|
|
+ sk_SSL_CIPHER_free(ret->ciphers);
|
|
|
|
|
+ if (ret)
|
|
|
|
|
+ OPENSSL_free(ret);
|
|
|
|
|
+ return NULL;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
|
|
|
|
|
{
|
|
|
|
|
return ctx->param;
|
2019-09-17 15:56:26 +00:00
|
|
|
@@ -1171,7 +1236,8 @@ void SSL_free(SSL *s)
|
2018-09-26 17:31:20 +00:00
|
|
|
BUF_MEM_free(s->init_buf);
|
|
|
|
|
|
|
|
|
|
/* add extra stuff */
|
|
|
|
|
- sk_SSL_CIPHER_free(s->cipher_list);
|
|
|
|
|
+ if (s->cipher_list != NULL)
|
|
|
|
|
+ ssl_cipher_preference_list_free(s->cipher_list);
|
|
|
|
|
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
|
|
|
|
sk_SSL_CIPHER_free(s->tls13_ciphersuites);
|
2019-06-19 10:24:34 +00:00
|
|
|
sk_SSL_CIPHER_free(s->peer_ciphers);
|
2020-01-27 09:28:44 +00:00
|
|
|
@@ -2566,9 +2632,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
|
2018-09-26 17:31:20 +00:00
|
|
|
{
|
|
|
|
|
if (s != NULL) {
|
|
|
|
|
if (s->cipher_list != NULL) {
|
|
|
|
|
- return s->cipher_list;
|
|
|
|
|
+ return (s->cipher_list->ciphers);
|
|
|
|
|
} else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
|
|
|
|
|
- return s->ctx->cipher_list;
|
|
|
|
|
+ return (s->ctx->cipher_list->ciphers);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return NULL;
|
2020-01-27 09:28:44 +00:00
|
|
|
@@ -2642,8 +2708,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
|
2018-09-26 17:31:20 +00:00
|
|
|
* preference */
|
|
|
|
|
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
|
|
|
|
|
{
|
|
|
|
|
- if (ctx != NULL)
|
|
|
|
|
- return ctx->cipher_list;
|
|
|
|
|
+ if (ctx != NULL && ctx->cipher_list != NULL)
|
|
|
|
|
+ return ctx->cipher_list->ciphers;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -3157,7 +3223,7 @@ SSL_CTX *SSL_CTX_new_with_libctx(OPENSSL_CTX *libctx, const char *propq,
|
2018-09-26 17:31:20 +00:00
|
|
|
ret->tls13_ciphersuites,
|
|
|
|
|
&ret->cipher_list, &ret->cipher_list_by_id,
|
2019-06-19 10:24:34 +00:00
|
|
|
OSSL_default_cipher_list(), ret->cert)
|
2018-09-26 17:31:20 +00:00
|
|
|
- || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
|
|
|
|
|
+ || sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0) {
|
2020-01-27 09:28:44 +00:00
|
|
|
SSLerr(0, SSL_R_LIBRARY_HAS_NO_CIPHERS);
|
2018-09-26 17:31:20 +00:00
|
|
|
goto err2;
|
|
|
|
|
}
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -3336,7 +3402,7 @@ void SSL_CTX_free(SSL_CTX *a)
|
2018-09-26 17:31:20 +00:00
|
|
|
#ifndef OPENSSL_NO_CT
|
|
|
|
|
CTLOG_STORE_free(a->ctlog_store);
|
|
|
|
|
#endif
|
|
|
|
|
- sk_SSL_CIPHER_free(a->cipher_list);
|
|
|
|
|
+ ssl_cipher_preference_list_free(a->cipher_list);
|
|
|
|
|
sk_SSL_CIPHER_free(a->cipher_list_by_id);
|
|
|
|
|
sk_SSL_CIPHER_free(a->tls13_ciphersuites);
|
|
|
|
|
ssl_cert_free(a->cert);
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -4022,13 +4088,15 @@ SSL *SSL_dup(SSL *s)
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
/* dup the cipher_list and cipher_list_by_id stacks */
|
|
|
|
|
if (s->cipher_list != NULL) {
|
|
|
|
|
- if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
|
|
|
|
|
+ ret->cipher_list = ssl_cipher_preference_list_dup(s->cipher_list);
|
|
|
|
|
+ if (ret->cipher_list == NULL)
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
- if (s->cipher_list_by_id != NULL)
|
|
|
|
|
- if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
|
|
|
|
|
- == NULL)
|
|
|
|
|
+ if (s->cipher_list_by_id != NULL) {
|
|
|
|
|
+ ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id);
|
|
|
|
|
+ if (ret->cipher_list_by_id == NULL)
|
|
|
|
|
goto err;
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
/* Dup the client_CA list */
|
2018-11-14 02:06:16 +00:00
|
|
|
if (!dup_ca_names(&ret->ca_names, s->ca_names)
|
2019-10-09 13:25:17 +00:00
|
|
|
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
|
2020-04-06 12:52:36 +00:00
|
|
|
index c48bcb9a9a..dfb3e13464 100644
|
2019-10-09 13:25:17 +00:00
|
|
|
--- a/ssl/ssl_local.h
|
|
|
|
|
+++ b/ssl/ssl_local.h
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -789,11 +789,48 @@ int ssl_hmac_final(SSL_HMAC *ctx, unsigned char *md, size_t *len,
|
|
|
|
|
size_t max_size);
|
|
|
|
|
size_t ssl_hmac_size(const SSL_HMAC *ctx);
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
+/* ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with
|
|
|
|
|
+ * equal-preference groups. For TLS clients, the groups are moot because the
|
|
|
|
|
+ * server picks the cipher and groups cannot be expressed on the wire. However,
|
|
|
|
|
+ * for servers, the equal-preference groups allow the client's preferences to
|
|
|
|
|
+ * be partially respected. (This only has an effect with
|
|
|
|
|
+ * SSL_OP_CIPHER_SERVER_PREFERENCE).
|
|
|
|
|
+ *
|
|
|
|
|
+ * The equal-preference groups are expressed by grouping SSL_CIPHERs together.
|
|
|
|
|
+ * All elements of a group have the same priority: no ordering is expressed
|
|
|
|
|
+ * within a group.
|
|
|
|
|
+ *
|
|
|
|
|
+ * The values in |ciphers| are in one-to-one correspondence with
|
|
|
|
|
+ * |in_group_flags|. (That is, sk_SSL_CIPHER_num(ciphers) is the number of
|
|
|
|
|
+ * bytes in |in_group_flags|.) The bytes in |in_group_flags| are either 1, to
|
|
|
|
|
+ * indicate that the corresponding SSL_CIPHER is not the last element of a
|
|
|
|
|
+ * group, or 0 to indicate that it is.
|
|
|
|
|
+ *
|
|
|
|
|
+ * For example, if |in_group_flags| contains all zeros then that indicates a
|
|
|
|
|
+ * traditional, fully-ordered preference. Every SSL_CIPHER is the last element
|
|
|
|
|
+ * of the group (i.e. they are all in a one-element group).
|
|
|
|
|
+ *
|
|
|
|
|
+ * For a more complex example, consider:
|
|
|
|
|
+ * ciphers: A B C D E F
|
|
|
|
|
+ * in_group_flags: 1 1 0 0 1 0
|
|
|
|
|
+ *
|
|
|
|
|
+ * That would express the following, order:
|
|
|
|
|
+ *
|
|
|
|
|
+ * A E
|
|
|
|
|
+ * B -> D -> F
|
|
|
|
|
+ * C
|
|
|
|
|
+ */
|
|
|
|
|
+struct ssl_cipher_preference_list_st {
|
|
|
|
|
+ STACK_OF(SSL_CIPHER) *ciphers;
|
|
|
|
|
+ uint8_t *in_group_flags;
|
|
|
|
|
+};
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
struct ssl_ctx_st {
|
2020-01-27 09:28:44 +00:00
|
|
|
OPENSSL_CTX *libctx;
|
|
|
|
|
|
2018-09-26 17:31:20 +00:00
|
|
|
const SSL_METHOD *method;
|
|
|
|
|
- STACK_OF(SSL_CIPHER) *cipher_list;
|
|
|
|
|
+ struct ssl_cipher_preference_list_st *cipher_list;
|
|
|
|
|
/* same as above but sorted for lookup */
|
|
|
|
|
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
|
|
|
|
|
/* TLSv1.3 specific ciphersuites */
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -1380,7 +1417,7 @@ struct ssl_st {
|
2018-09-26 17:31:20 +00:00
|
|
|
SSL_DANE dane;
|
|
|
|
|
/* crypto */
|
2019-06-19 10:24:34 +00:00
|
|
|
STACK_OF(SSL_CIPHER) *peer_ciphers;
|
2018-09-26 17:31:20 +00:00
|
|
|
- STACK_OF(SSL_CIPHER) *cipher_list;
|
|
|
|
|
+ struct ssl_cipher_preference_list_st *cipher_list;
|
|
|
|
|
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
|
|
|
|
|
/* TLSv1.3 specific ciphersuites */
|
|
|
|
|
STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -2353,7 +2390,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
|
2018-09-26 17:31:20 +00:00
|
|
|
const SSL_CIPHER *const *bp);
|
|
|
|
|
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
|
|
|
|
|
STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
|
|
|
|
|
- STACK_OF(SSL_CIPHER) **cipher_list,
|
|
|
|
|
+ struct ssl_cipher_preference_list_st **cipher_list,
|
|
|
|
|
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
|
|
|
|
|
const char *rule_str,
|
|
|
|
|
CERT *c);
|
2020-02-06 16:29:07 +00:00
|
|
|
@@ -2363,6 +2400,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
|
2018-09-26 17:31:20 +00:00
|
|
|
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
|
|
|
|
|
int fatal);
|
|
|
|
|
void ssl_update_cache(SSL *s, int mode);
|
|
|
|
|
+struct ssl_cipher_preference_list_st* ssl_cipher_preference_list_dup(
|
|
|
|
|
+ struct ssl_cipher_preference_list_st *cipher_list);
|
|
|
|
|
+void ssl_cipher_preference_list_free(
|
|
|
|
|
+ struct ssl_cipher_preference_list_st *cipher_list);
|
|
|
|
|
+struct ssl_cipher_preference_list_st* ssl_cipher_preference_list_from_ciphers(
|
|
|
|
|
+ STACK_OF(SSL_CIPHER) *ciphers);
|
|
|
|
|
+struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s);
|
2020-04-06 12:52:36 +00:00
|
|
|
__owur int ssl_cipher_get_evp_cipher(SSL_CTX *ctx, const SSL_CIPHER *sslc,
|
|
|
|
|
const EVP_CIPHER **enc);
|
2020-02-06 16:29:07 +00:00
|
|
|
__owur int ssl_cipher_get_evp(SSL_CTX *ctxc, const SSL_SESSION *s,
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -2450,7 +2494,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
|
2018-09-26 17:31:20 +00:00
|
|
|
CERT_PKEY *cpk);
|
|
|
|
|
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
|
|
|
|
|
STACK_OF(SSL_CIPHER) *clnt,
|
|
|
|
|
- STACK_OF(SSL_CIPHER) *srvr);
|
|
|
|
|
+ struct ssl_cipher_preference_list_st *srvr);
|
|
|
|
|
__owur int ssl3_digest_cached_records(SSL *s, int keep);
|
|
|
|
|
__owur int ssl3_new(SSL *s);
|
|
|
|
|
void ssl3_free(SSL *s);
|
|
|
|
|
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
|
2020-04-06 12:52:36 +00:00
|
|
|
index 43f9811163..769f0c7eb6 100644
|
2018-09-26 17:31:20 +00:00
|
|
|
--- a/ssl/statem/statem_srvr.c
|
|
|
|
|
+++ b/ssl/statem/statem_srvr.c
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1774,7 +1774,7 @@ static int tls_early_post_process_client_hello(SSL *s)
|
2018-09-26 17:31:20 +00:00
|
|
|
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */
|
|
|
|
|
if (SSL_IS_TLS13(s)) {
|
|
|
|
|
const SSL_CIPHER *cipher =
|
|
|
|
|
- ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
|
|
|
|
|
+ ssl3_choose_cipher(s, ciphers, ssl_get_cipher_preferences(s));
|
|
|
|
|
|
|
|
|
|
if (cipher == NULL) {
|
|
|
|
|
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1957,7 +1957,7 @@ static int tls_early_post_process_client_hello(SSL *s)
|
2018-09-26 17:31:20 +00:00
|
|
|
/* check if some cipher was preferred by call back */
|
|
|
|
|
if (pref_cipher == NULL)
|
2019-06-19 10:24:34 +00:00
|
|
|
pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers,
|
2018-09-26 17:31:20 +00:00
|
|
|
- SSL_get_ciphers(s));
|
|
|
|
|
+ ssl_get_cipher_preferences(s));
|
|
|
|
|
if (pref_cipher == NULL) {
|
|
|
|
|
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
|
|
|
|
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -1966,8 +1966,9 @@ static int tls_early_post_process_client_hello(SSL *s)
|
2018-09-26 17:31:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
s->session->cipher = pref_cipher;
|
|
|
|
|
- sk_SSL_CIPHER_free(s->cipher_list);
|
2019-06-19 10:24:34 +00:00
|
|
|
- s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers);
|
2018-09-26 17:31:20 +00:00
|
|
|
+ ssl_cipher_preference_list_free(s->cipher_list);
|
|
|
|
|
+ s->cipher_list = ssl_cipher_preference_list_from_ciphers(
|
2019-06-24 06:21:54 +00:00
|
|
|
+ s->peer_ciphers);
|
2018-09-26 17:31:20 +00:00
|
|
|
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
2019-06-19 10:24:34 +00:00
|
|
|
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers);
|
2018-09-26 17:31:20 +00:00
|
|
|
}
|
2020-04-06 12:52:36 +00:00
|
|
|
@@ -2279,7 +2280,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
|
2018-09-26 17:31:20 +00:00
|
|
|
/* In TLSv1.3 we selected the ciphersuite before resumption */
|
|
|
|
|
if (!SSL_IS_TLS13(s)) {
|
|
|
|
|
cipher =
|
2019-06-19 10:24:34 +00:00
|
|
|
- ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s));
|
|
|
|
|
+ ssl3_choose_cipher(s, s->peer_ciphers, ssl_get_cipher_preferences(s));
|
2018-09-26 17:31:20 +00:00
|
|
|
|
|
|
|
|
if (cipher == NULL) {
|
|
|
|
|
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
