jinql
/
openssl-patch
mirror of https://github.com/hakasenyang/openssl-patch
1
0
Fork 0
Code Issues Releases Wiki Activity

Update Patch

pull/17/head
Hakase 2019-03-10 01:02:11 +09:00
parent 1f0a65b72a
commit 9f21151c15
No known key found for this signature in database
GPG Key ID: BB2821A9E0DF48C9
5 changed files with 853 additions and 314 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -29,7 +29,7 @@ Default support is in bold type.
- [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final** - [Google(Gmail)](https://gmail.com/) : _TLSv1.3_ **final**
- [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final** - [NSS TLS 1.3(Mozilla)](https://tls13.crypto.mozilla.org/) : _TLSv1.3_ **final**
[Compatible OpenSSL-3.0.0-dev (OpenSSL, 23431 commits)](https://github.com/openssl/openssl/tree/4089b4340701e3c13e07169e67a7d14519c98658) [Compatible OpenSSL-3.0.0-dev (OpenSSL, 23495 commits)](https://github.com/openssl/openssl/tree/ebb7823e14596ad07fdc7d2ed0a267815f545927)
## Patch files ## Patch files

509
openssl-1.1.1c-chacha_draft.patch Normal file
View File

@ -0,0 +1,509 @@
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 086b3c4d51..5699901f7d 100644
--- a/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
@@ -261,6 +261,7 @@ void openssl_add_all_ciphers_int(void)
EVP_add_cipher(EVP_chacha20());
# ifndef OPENSSL_NO_POLY1305
EVP_add_cipher(EVP_chacha20_poly1305());
+ EVP_add_cipher(EVP_chacha20_poly1305_draft());
# endif
#endif
}
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index d3e2c622a1..ef679522d1 100644
--- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c
@@ -156,6 +156,7 @@ typedef struct {
struct { uint64_t aad, text; } len;
int aad, mac_inited, tag_len, nonce_len;
size_t tls_payload_length;
+ unsigned char draft:1;
} EVP_CHACHA_AEAD_CTX;
# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
@@ -176,6 +177,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
actx->aad = 0;
actx->mac_inited = 0;
actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+ actx->draft = 0;
if (iv != NULL) {
unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
@@ -197,6 +199,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
return 1;
}
+static int chacha20_poly1305_draft_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *inkey,
+ const unsigned char *iv, int enc)
+{
+ EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+ if (!inkey)
+ return 1;
+
+ actx->len.aad = 0;
+ actx->len.text = 0;
+ actx->aad = 0;
+ actx->mac_inited = 0;
+ actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+ actx->draft = 1;
+
+ chacha_init_key(ctx, inkey, NULL, enc);
+
+ return 1;
+}
+
# if !defined(OPENSSL_SMALL_FOOTPRINT)
# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
@@ -367,10 +390,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{
EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
size_t rem, plen = actx->tls_payload_length;
+ uint64_t thirteen = EVP_AEAD_TLS1_AAD_LEN;
if (!actx->mac_inited) {
# if !defined(OPENSSL_SMALL_FOOTPRINT)
- if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
+ if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL && !actx->draft)
return chacha20_poly1305_tls_cipher(ctx, out, in, len);
# endif
actx->key.counter[0] = 0;
@@ -397,9 +421,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return len;
} else { /* plain- or ciphertext */
if (actx->aad) { /* wrap up aad */
- if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
- Poly1305_Update(POLY1305_ctx(actx), zero,
- POLY1305_BLOCK_SIZE - rem);
+ if (actx->draft) {
+ thirteen = actx->len.aad;
+ Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
+ } else {
+ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+ Poly1305_Update(POLY1305_ctx(actx), zero,
+ POLY1305_BLOCK_SIZE - rem);
+ }
actx->aad = 0;
}
@@ -432,40 +461,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
} is_endian = { 1 };
unsigned char temp[POLY1305_BLOCK_SIZE];
+ if (actx->draft) {
+ thirteen = actx->len.text;
+ Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
+ }
+
if (actx->aad) { /* wrap up aad */
- if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
- Poly1305_Update(POLY1305_ctx(actx), zero,
- POLY1305_BLOCK_SIZE - rem);
+ if (actx->draft) {
+ thirteen = actx->len.aad;
+ Poly1305_Update(POLY1305_ctx(actx), (const unsigned char *)&thirteen, sizeof(thirteen));
+ } else {
+ if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+ Poly1305_Update(POLY1305_ctx(actx), zero,
+ POLY1305_BLOCK_SIZE - rem);
+ }
actx->aad = 0;
}
- if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
- Poly1305_Update(POLY1305_ctx(actx), zero,
- POLY1305_BLOCK_SIZE - rem);
+ if (!actx->draft) {
+ if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
+ Poly1305_Update(POLY1305_ctx(actx), zero,
+ POLY1305_BLOCK_SIZE - rem);
- if (is_endian.little) {
- Poly1305_Update(POLY1305_ctx(actx),
- (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
- } else {
- temp[0] = (unsigned char)(actx->len.aad);
- temp[1] = (unsigned char)(actx->len.aad>>8);
- temp[2] = (unsigned char)(actx->len.aad>>16);
- temp[3] = (unsigned char)(actx->len.aad>>24);
- temp[4] = (unsigned char)(actx->len.aad>>32);
- temp[5] = (unsigned char)(actx->len.aad>>40);
- temp[6] = (unsigned char)(actx->len.aad>>48);
- temp[7] = (unsigned char)(actx->len.aad>>56);
-
- temp[8] = (unsigned char)(actx->len.text);
- temp[9] = (unsigned char)(actx->len.text>>8);
- temp[10] = (unsigned char)(actx->len.text>>16);
- temp[11] = (unsigned char)(actx->len.text>>24);
- temp[12] = (unsigned char)(actx->len.text>>32);
- temp[13] = (unsigned char)(actx->len.text>>40);
- temp[14] = (unsigned char)(actx->len.text>>48);
- temp[15] = (unsigned char)(actx->len.text>>56);
-
- Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
+ if (is_endian.little) {
+ Poly1305_Update(POLY1305_ctx(actx),
+ (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+ } else {
+ temp[0] = (unsigned char)(actx->len.aad);
+ temp[1] = (unsigned char)(actx->len.aad>>8);
+ temp[2] = (unsigned char)(actx->len.aad>>16);
+ temp[3] = (unsigned char)(actx->len.aad>>24);
+ temp[4] = (unsigned char)(actx->len.aad>>32);
+ temp[5] = (unsigned char)(actx->len.aad>>40);
+ temp[6] = (unsigned char)(actx->len.aad>>48);
+ temp[7] = (unsigned char)(actx->len.aad>>56);
+
+ temp[8] = (unsigned char)(actx->len.text);
+ temp[9] = (unsigned char)(actx->len.text>>8);
+ temp[10] = (unsigned char)(actx->len.text>>16);
+ temp[11] = (unsigned char)(actx->len.text>>24);
+ temp[12] = (unsigned char)(actx->len.text>>32);
+ temp[13] = (unsigned char)(actx->len.text>>40);
+ temp[14] = (unsigned char)(actx->len.text>>48);
+ temp[15] = (unsigned char)(actx->len.text>>56);
+
+ Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
+ }
}
Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
: temp);
@@ -535,12 +576,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
return 1;
case EVP_CTRL_AEAD_SET_IVLEN:
+ if (actx->draft) return -1;
if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
return 0;
actx->nonce_len = arg;
return 1;
case EVP_CTRL_AEAD_SET_IV_FIXED:
+ if (actx->draft) return -1;
if (arg != 12)
return 0;
actx->nonce[0] = actx->key.counter[1]
@@ -624,9 +667,32 @@ static EVP_CIPHER chacha20_poly1305 = {
NULL /* app_data */
};
+static EVP_CIPHER chacha20_poly1305_draft = {
+ NID_chacha20_poly1305_draft,
+ 1, /* block_size */
+ CHACHA_KEY_SIZE, /* key_len */
+ 0, /* iv_len, none */
+ EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
+ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
+ EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER,
+ chacha20_poly1305_draft_init_key,
+ chacha20_poly1305_cipher,
+ chacha20_poly1305_cleanup,
+ 0, /* 0 moves context-specific structure allocation to ctrl */
+ NULL, /* set_asn1_parameters */
+ NULL, /* get_asn1_parameters */
+ chacha20_poly1305_ctrl,
+ NULL /* app_data */
+};
+
const EVP_CIPHER *EVP_chacha20_poly1305(void)
{
return(&chacha20_poly1305);
}
+
+const EVP_CIPHER *EVP_chacha20_poly1305_draft(void)
+{
+ return(&chacha20_poly1305_draft);
+}
# endif
#endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 9ab1a14b9e..ba3e602186 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */
};
-#define NUM_NID 1195
+#define NUM_NID 1196
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2275,9 +2275,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"magma-mac", "magma-mac", NID_magma_mac},
{"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
{"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
};
-#define NUM_SN 1186
+#define NUM_SN 1187
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@@ -2395,6 +2396,7 @@ static const unsigned int sn_objs[NUM_SN] = {
417, /* "CSPName" */
1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */
+ 1195, /* "ChaCha20-Poly1305-D" */
367, /* "CrlID" */
391, /* "DC" */
31, /* "DES-CBC" */
@@ -3467,7 +3469,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */
};
-#define NUM_LN 1186
+#define NUM_LN 1187
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@@ -3846,6 +3848,7 @@ static const unsigned int ln_objs[NUM_LN] = {
883, /* "certificateRevocationList" */
1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */
+ 1195, /* "chacha20-poly1305-draft" */
54, /* "challengePassword" */
407, /* "characteristic-two-field" */
395, /* "clearance" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 1b6a9c61a1..c81ca25a53 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1192,3 +1192,4 @@ magma_cfb 1191
magma_mac 1192
hmacWithSHA512_224 1193
hmacWithSHA512_256 1194
+chacha20_poly1305_draft 1195
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 6dbc41ce37..581169eda8 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1534,6 +1534,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
: AES-192-CBC-HMAC-SHA256 : aes-192-cbc-hmac-sha256
: AES-256-CBC-HMAC-SHA256 : aes-256-cbc-hmac-sha256
: ChaCha20-Poly1305 : chacha20-poly1305
+ : ChaCha20-Poly1305-D : chacha20-poly1305-draft
: ChaCha20 : chacha20
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 9f05b5a3b7..020895c022 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -915,6 +915,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
const EVP_CIPHER *EVP_chacha20(void);
# ifndef OPENSSL_NO_POLY1305
const EVP_CIPHER *EVP_chacha20_poly1305(void);
+const EVP_CIPHER *EVP_chacha20_poly1305_draft(void);
# endif
# endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 31fad4640f..f3669a46c9 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4807,6 +4807,10 @@
#define LN_chacha20_poly1305 "chacha20-poly1305"
#define NID_chacha20_poly1305 1018
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1195
+
#define SN_chacha20 "ChaCha20"
#define LN_chacha20 "chacha20"
#define NID_chacha20 1019
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 48e1152a27..524614cca2 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" {
# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
# define SSL_TXT_CAMELLIA "CAMELLIA"
# define SSL_TXT_CHACHA20 "CHACHA20"
+# define SSL_TXT_CHACHA20_D "CHACHA20-D"
# define SSL_TXT_GOST "GOST89"
# define SSL_TXT_ARIA "ARIA"
# define SSL_TXT_ARIA_GCM "ARIAGCM"
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index e13b5dd4bc..53d43c121e 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -597,7 +597,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A
# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B
-/* draft-ietf-tls-chacha20-poly1305-03 */
+/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */
+# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D 0x0300CC13
+# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D 0x0300CC14
+# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D 0x0300CC15
+
+/* Chacha20-Poly1305 ciphersuites from RFC7905 */
# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8
# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9
# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA
@@ -762,6 +767,9 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305 "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D "OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305 "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305 "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305 "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
@@ -1090,7 +1098,12 @@ __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384"
-/* draft-ietf-tls-chacha20-poly1305-03 */
+/* Chacha20-Poly1305-Draft ciphersuites from draft-agl-tls-chacha20poly1305-04 */
+# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D "ECDHE-RSA-CHACHA20-POLY1305-OLD"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D "ECDHE-ECDSA-CHACHA20-POLY1305-OLD"
+# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D "DHE-RSA-CHACHA20-POLY1305-OLD"
+
+/* Chacha20-Poly1305 ciphersuites from RFC7905 */
# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305"
# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 99ae48199c..7e36a0d7ea 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2082,6 +2082,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305_D,
+ TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305_D,
+ TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305_D,
+ SSL_kDHE,
+ SSL_aRSA,
+ SSL_CHACHA20POLY1305_D,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
+ TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
+ TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_D,
+ SSL_kECDHE,
+ SSL_aRSA,
+ SSL_CHACHA20POLY1305_D,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
+ TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
+ TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_D,
+ SSL_kECDHE,
+ SSL_aECDSA,
+ SSL_CHACHA20POLY1305_D,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ 256,
+ 256,
+ },
{
1,
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b60d67aa0d..ce750c4425 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -43,7 +43,8 @@
#define SSL_ENC_CHACHA_IDX 19
#define SSL_ENC_ARIA128GCM_IDX 20
#define SSL_ENC_ARIA256GCM_IDX 21
-#define SSL_ENC_NUM_IDX 22
+#define SSL_ENC_CHACHA20_D_IDX 22
+#define SSL_ENC_NUM_IDX 23
/* NB: make sure indices in these tables match values above */
@@ -76,6 +77,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
{SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
{SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
+ {SSL_CHACHA20POLY1305_D, NID_chacha20_poly1305_draft}, /* SSL_ENC_CHACHA20POLY1305_IDX 22 */
};
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
@@ -275,6 +277,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
{0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
{0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
+ {0, SSL_TXT_CHACHA20_D, NULL, 0, 0, 0, SSL_CHACHA20POLY1305_D},
{0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
{0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
@@ -1791,6 +1794,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_CHACHA20POLY1305:
enc = "CHACHA20/POLY1305(256)";
break;
+ case SSL_CHACHA20POLY1305_D:
+ enc = "CHACHA20/POLY1305-Draft(256)";
+ break;
default:
enc = "unknown";
break;
@@ -2115,7 +2121,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
} else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
- } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) {
+ } else if (c->algorithm_enc & (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)) {
out = 16;
} else if (c->algorithm_mac & SSL_AEAD) {
/* We're supposed to have handled all the AEAD modes above */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 33db1460ab..00c5ee4cff 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -230,12 +230,13 @@
# define SSL_CHACHA20POLY1305 0x00080000U
# define SSL_ARIA128GCM 0x00100000U
# define SSL_ARIA256GCM 0x00200000U
+# define SSL_CHACHA20POLY1305_D 0x00400000U
# define SSL_AESGCM (SSL_AES128GCM | SSL_AES256GCM)
# define SSL_AESCCM (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
# define SSL_AES (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
-# define SSL_CHACHA20 (SSL_CHACHA20POLY1305)
+# define SSL_CHACHA20 (SSL_CHACHA20POLY1305 | SSL_CHACHA20POLY1305_D)
# define SSL_ARIAGCM (SSL_ARIA128GCM | SSL_ARIA256GCM)
# define SSL_ARIA (SSL_ARIAGCM)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 32c64cb2c7..86cb7a994b 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4579,3 +4579,4 @@ EVP_PKEY_meth_set_digest_custom 4532 1_1_1 EXIST::FUNCTION:
EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION:
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
+EVP_chacha20_poly1305_draft 4536 1_1_0 EXIST::FUNCTION:CHACHA,POLY1305

106
openssl-3.0.0-dev-chacha_draft.patch
View File

@ -11,10 +11,10 @@ index a97eaa1685..24112723f0 100644
#endif #endif
} }
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
index e8a323f3be..9b1b36f832 100644 index 37902000a0..56832b63a0 100644
--- a/crypto/evp/e_chacha20_poly1305.c --- a/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c
@@ -154,6 +154,7 @@ typedef struct { @@ -156,6 +156,7 @@ typedef struct {
struct { uint64_t aad, text; } len; struct { uint64_t aad, text; } len;
int aad, mac_inited, tag_len, nonce_len; int aad, mac_inited, tag_len, nonce_len;
size_t tls_payload_length; size_t tls_payload_length;
@ -22,7 +22,7 @@ index e8a323f3be..9b1b36f832 100644
} EVP_CHACHA_AEAD_CTX; } EVP_CHACHA_AEAD_CTX;
# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) # define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
@@ -174,6 +175,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, @@ -176,6 +177,7 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
actx->aad = 0; actx->aad = 0;
actx->mac_inited = 0; actx->mac_inited = 0;
actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
@ -30,7 +30,7 @@ index e8a323f3be..9b1b36f832 100644
if (iv != NULL) { if (iv != NULL) {
unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
@@ -195,6 +197,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, @@ -197,6 +199,27 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
return 1; return 1;
} }
@ -58,7 +58,7 @@ index e8a323f3be..9b1b36f832 100644
# if !defined(OPENSSL_SMALL_FOOTPRINT) # if !defined(OPENSSL_SMALL_FOOTPRINT)
# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ # if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
@@ -365,10 +388,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -367,10 +390,11 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
{ {
EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
size_t rem, plen = actx->tls_payload_length; size_t rem, plen = actx->tls_payload_length;
@ -71,7 +71,7 @@ index e8a323f3be..9b1b36f832 100644
return chacha20_poly1305_tls_cipher(ctx, out, in, len); return chacha20_poly1305_tls_cipher(ctx, out, in, len);
# endif # endif
actx->key.counter[0] = 0; actx->key.counter[0] = 0;
@@ -395,9 +419,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -397,9 +421,14 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
return len; return len;
} else { /* plain- or ciphertext */ } else { /* plain- or ciphertext */
if (actx->aad) { /* wrap up aad */ if (actx->aad) { /* wrap up aad */
@ -89,7 +89,7 @@ index e8a323f3be..9b1b36f832 100644
actx->aad = 0; actx->aad = 0;
} }
@@ -430,40 +459,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, @@ -432,40 +461,52 @@ static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
} is_endian = { 1 }; } is_endian = { 1 };
unsigned char temp[POLY1305_BLOCK_SIZE]; unsigned char temp[POLY1305_BLOCK_SIZE];
@ -171,12 +171,12 @@ index e8a323f3be..9b1b36f832 100644
} }
Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
: temp); : temp);
@@ -533,12 +574,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, @@ -535,12 +576,14 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
return 1; return 1;
case EVP_CTRL_AEAD_SET_IVLEN: case EVP_CTRL_AEAD_SET_IVLEN:
+ if (actx->draft) return -1; + if (actx->draft) return -1;
if (arg <= 0 || arg > CHACHA_CTR_SIZE) if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
return 0; return 0;
actx->nonce_len = arg; actx->nonce_len = arg;
return 1; return 1;
@ -186,7 +186,7 @@ index e8a323f3be..9b1b36f832 100644
if (arg != 12) if (arg != 12)
return 0; return 0;
actx->nonce[0] = actx->key.counter[1] actx->nonce[0] = actx->key.counter[1]
@@ -622,9 +665,32 @@ static EVP_CIPHER chacha20_poly1305 = { @@ -624,9 +667,32 @@ static EVP_CIPHER chacha20_poly1305 = {
NULL /* app_data */ NULL /* app_data */
}; };
@ -220,66 +220,66 @@ index e8a323f3be..9b1b36f832 100644
# endif # endif
#endif #endif
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 78a9e7acaf..134d7b8c70 100644 index e7c59d610d..7ba1ecdacf 100644
--- a/crypto/objects/obj_dat.h --- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h
@@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = { @@ -1079,7 +1079,7 @@ static const unsigned char so[7767] = {
0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */ 0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */
}; };
-#define NUM_NID 1203 -#define NUM_NID 1204
+#define NUM_NID 1204 +#define NUM_NID 1205
static const ASN1_OBJECT nid_objs[NUM_NID] = { static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef}, {"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2284,9 +2284,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { @@ -2285,9 +2285,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"AES-256-SIV", "aes-256-siv", NID_aes_256_siv},
{"BLAKE2BMAC", "blake2bmac", NID_blake2bmac}, {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac},
{"BLAKE2SMAC", "blake2smac", NID_blake2smac}, {"BLAKE2SMAC", "blake2smac", NID_blake2smac},
{"SSHKDF", "sshkdf", NID_sshkdf},
+ {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft}, + {"ChaCha20-Poly1305-D", "chacha20-poly1305-draft", NID_chacha20_poly1305_draft},
}; };
-#define NUM_SN 1194 -#define NUM_SN 1195
+#define NUM_SN 1195 +#define NUM_SN 1196
static const unsigned int sn_objs[NUM_SN] = { static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */ 364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */ 419, /* "AES-128-CBC" */
@@ -2409,6 +2410,7 @@ static const unsigned int sn_objs[NUM_SN] = { @@ -2410,6 +2411,7 @@ static const unsigned int sn_objs[NUM_SN] = {
417, /* "CSPName" */ 417, /* "CSPName" */
1019, /* "ChaCha20" */ 1019, /* "ChaCha20" */
1018, /* "ChaCha20-Poly1305" */ 1018, /* "ChaCha20-Poly1305" */
+ 1203, /* "ChaCha20-Poly1305-D" */ + 1204, /* "ChaCha20-Poly1305-D" */
367, /* "CrlID" */ 367, /* "CrlID" */
391, /* "DC" */ 391, /* "DC" */
31, /* "DES-CBC" */ 31, /* "DES-CBC" */
@@ -3484,7 +3486,7 @@ static const unsigned int sn_objs[NUM_SN] = { @@ -3486,7 +3488,7 @@ static const unsigned int sn_objs[NUM_SN] = {
1093, /* "x509ExtAdmission" */ 1093, /* "x509ExtAdmission" */
}; };
-#define NUM_LN 1194 -#define NUM_LN 1195
+#define NUM_LN 1195 +#define NUM_LN 1196
static const unsigned int ln_objs[NUM_LN] = { static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */ 363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */ 405, /* "ANSI X9.62" */
@@ -3868,6 +3870,7 @@ static const unsigned int ln_objs[NUM_LN] = { @@ -3870,6 +3872,7 @@ static const unsigned int ln_objs[NUM_LN] = {
883, /* "certificateRevocationList" */ 883, /* "certificateRevocationList" */
1019, /* "chacha20" */ 1019, /* "chacha20" */
1018, /* "chacha20-poly1305" */ 1018, /* "chacha20-poly1305" */
+ 1203, /* "chacha20-poly1305-draft" */ + 1204, /* "chacha20-poly1305-draft" */
54, /* "challengePassword" */ 54, /* "challengePassword" */
407, /* "characteristic-two-field" */ 407, /* "characteristic-two-field" */
395, /* "clearance" */ 395, /* "clearance" */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 87790200d4..94d033c158 100644 index 623e7e8623..0818547548 100644
--- a/crypto/objects/obj_mac.num --- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num
@@ -1200,3 +1200,4 @@ aes_192_siv 1199 @@ -1201,3 +1201,4 @@ aes_256_siv 1200
aes_256_siv 1200
blake2bmac 1201 blake2bmac 1201
blake2smac 1202 blake2smac 1202
+chacha20_poly1305_draft 1203 sshkdf 1203
+chacha20_poly1305_draft 1204
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 344b67b395..21653d9b87 100644 index cb0b99c47f..d480bd3800 100644
--- a/crypto/objects/objects.txt --- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt
@@ -1543,6 +1543,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr @@ -1543,6 +1543,7 @@ sm-scheme 104 7 : SM4-CTR : sm4-ctr
@ -291,10 +291,10 @@ index 344b67b395..21653d9b87 100644
ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH ISO-US 10046 2 1 : dhpublicnumber : X9.42 DH
diff --git a/include/openssl/evp.h b/include/openssl/evp.h diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 23f07eaa05..c90c6435bd 100644 index 72060e7e96..125bc1c425 100644
--- a/include/openssl/evp.h --- a/include/openssl/evp.h
+++ b/include/openssl/evp.h +++ b/include/openssl/evp.h
@@ -928,6 +928,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void); @@ -924,6 +924,7 @@ const EVP_CIPHER *EVP_camellia_256_ctr(void);
const EVP_CIPHER *EVP_chacha20(void); const EVP_CIPHER *EVP_chacha20(void);
# ifndef OPENSSL_NO_POLY1305 # ifndef OPENSSL_NO_POLY1305
const EVP_CIPHER *EVP_chacha20_poly1305(void); const EVP_CIPHER *EVP_chacha20_poly1305(void);
@ -303,7 +303,7 @@ index 23f07eaa05..c90c6435bd 100644
# endif # endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 97b2204ba6..fc254cfa61 100644 index 80353ad4d7..e525a04b2c 100644
--- a/include/openssl/obj_mac.h --- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h
@@ -4828,6 +4828,10 @@ @@ -4828,6 +4828,10 @@
@ -312,13 +312,13 @@ index 97b2204ba6..fc254cfa61 100644
+#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D" +#define SN_chacha20_poly1305_draft "ChaCha20-Poly1305-D"
+#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft" +#define LN_chacha20_poly1305_draft "chacha20-poly1305-draft"
+#define NID_chacha20_poly1305_draft 1203 +#define NID_chacha20_poly1305_draft 1204
+ +
#define SN_chacha20 "ChaCha20" #define SN_chacha20 "ChaCha20"
#define LN_chacha20 "chacha20" #define LN_chacha20 "chacha20"
#define NID_chacha20 1019 #define NID_chacha20 1019
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9d6e1c5024..5692cfab31 100644 index 1091b1c8b9..fcfc428cd1 100644
--- a/include/openssl/ssl.h --- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -125,6 +125,7 @@ extern "C" { @@ -125,6 +125,7 @@ extern "C" {
@ -372,10 +372,10 @@ index 166f15ad5c..4fa1d8a32d 100644
# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" # define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305"
# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" # define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305"
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a5b3dbbfd5..a5a7993065 100644 index a3639fd18c..c13137e1af 100644
--- a/ssl/s3_lib.c --- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -2082,6 +2082,54 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -2083,6 +2083,54 @@ static SSL_CIPHER ssl3_ciphers[] = {
256, 256,
256, 256,
}, },
@ -431,10 +431,10 @@ index a5b3dbbfd5..a5a7993065 100644
1, 1,
TLS1_TXT_PSK_WITH_CHACHA20_POLY1305, TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 461a9debab..84f90c1621 100644 index 5aa04dbd53..71094c195e 100644
--- a/ssl/ssl_ciph.c --- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c
@@ -43,7 +43,8 @@ @@ -44,7 +44,8 @@
#define SSL_ENC_CHACHA_IDX 19 #define SSL_ENC_CHACHA_IDX 19
#define SSL_ENC_ARIA128GCM_IDX 20 #define SSL_ENC_ARIA128GCM_IDX 20
#define SSL_ENC_ARIA256GCM_IDX 21 #define SSL_ENC_ARIA256GCM_IDX 21
@ -444,7 +444,7 @@ index 461a9debab..84f90c1621 100644
/* NB: make sure indices in these tables match values above */ /* NB: make sure indices in these tables match values above */
@@ -76,6 +77,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { @@ -77,6 +78,7 @@ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */ {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
{SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */ {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
{SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */ {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
@ -452,7 +452,7 @@ index 461a9debab..84f90c1621 100644
}; };
static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]; static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
@@ -275,6 +277,7 @@ static const SSL_CIPHER cipher_aliases[] = { @@ -276,6 +278,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256}, {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
{0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA}, {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
{0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20}, {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
@ -460,17 +460,7 @@ index 461a9debab..84f90c1621 100644
{0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA}, {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
{0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM}, {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
@@ -1791,6 +1794,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) @@ -2122,7 +2125,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
case SSL_CHACHA20POLY1305:
enc = "CHACHA20/POLY1305(256)";
break;
+ case SSL_CHACHA20POLY1305_D:
+ enc = "CHACHA20/POLY1305-Draft(256)";
+ break;
default:
enc = "unknown";
break;
@@ -2115,7 +2121,7 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16; out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
} else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) { } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8; out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
@ -480,7 +470,7 @@ index 461a9debab..84f90c1621 100644
} else if (c->algorithm_mac & SSL_AEAD) { } else if (c->algorithm_mac & SSL_AEAD) {
/* We're supposed to have handled all the AEAD modes above */ /* We're supposed to have handled all the AEAD modes above */
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ae6417b592..c783031ea2 100644 index 1d3397d880..d5ff8520b6 100644
--- a/ssl/ssl_locl.h --- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -234,12 +234,13 @@ @@ -234,12 +234,13 @@
@ -499,11 +489,11 @@ index ae6417b592..c783031ea2 100644
# define SSL_ARIA (SSL_ARIAGCM) # define SSL_ARIA (SSL_ARIAGCM)
diff --git a/util/libcrypto.num b/util/libcrypto.num diff --git a/util/libcrypto.num b/util/libcrypto.num
index 9957cf80f6..21ea627067 100644 index cb0cb2279b..a5829966e7 100644
--- a/util/libcrypto.num --- a/util/libcrypto.num
+++ b/util/libcrypto.num +++ b/util/libcrypto.num
@@ -4646,3 +4646,4 @@ OPENSSL_CTX_free 4601 3_0_0 EXIST::FUNCTION: @@ -4655,3 +4655,4 @@ OSSL_trace_set_callback 4610 3_0_0 EXIST::FUNCTION:
OPENSSL_LH_flush 4602 3_0_0 EXIST::FUNCTION: OSSL_trace_enabled 4611 3_0_0 EXIST::FUNCTION:
BN_native2bn 4603 3_0_0 EXIST::FUNCTION: OSSL_trace_begin 4612 3_0_0 EXIST::FUNCTION:
BN_bn2nativepad 4604 3_0_0 EXIST::FUNCTION: OSSL_trace_end 4613 3_0_0 EXIST::FUNCTION:
+EVP_chacha20_poly1305_draft 4605 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305 +EVP_chacha20_poly1305_draft 4614 3_0_0 EXIST::FUNCTION:CHACHA,POLY1305

285
openssl-equal-3.0.0-dev.patch
View File

@ -1,5 +1,28 @@
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index aec6a8dac8..9dc9d183e7 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2805,6 +2805,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
mixed handshake and non handshake data
+SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:294:mixed special operator with groups
+SSL_R_NESTED_GROUP:295:nested group
SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
SSL_R_NOT_SERVER:284:not server
@@ -2913,7 +2915,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_GROUP_CLOSE:296:unexpected group close
SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
+SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:297:unexpected operator in group
SSL_R_UNEXPECTED_RECORD:245:unexpected record
SSL_R_UNINITIALIZED:276:uninitialized
SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index e29c5d7ced..b5bca974c9 100644 index e29c5d7ced..7d795c390e 100644
--- a/doc/man1/ciphers.pod --- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod
@@ -400,6 +400,21 @@ permissible. @@ -400,6 +400,21 @@ permissible.
@ -24,57 +47,34 @@ index e29c5d7ced..b5bca974c9 100644
=head1 CIPHER SUITE NAMES =head1 CIPHER SUITE NAMES
The following lists give the SSL or TLS cipher suites names from the The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 9d6e1c5024..cee7db9a25 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -173,12 +173,12 @@ extern "C" {
# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
/* This is the default set of TLSv1.3 ciphersuites */
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \
"TLS_CHACHA20_POLY1305_SHA256:" \
- "TLS_AES_128_GCM_SHA256"
+ "TLS_AES_256_GCM_SHA384"
# else
-# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
- "TLS_AES_128_GCM_SHA256"
+# define TLS_DEFAULT_CIPHERSUITES "TLS_AES_128_GCM_SHA256:" \
+ "TLS_AES_256_GCM_SHA384"
#endif
/*
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 63057517dc..97ccb41d43 100644 index 63057517dc..77910bad17 100644
--- a/include/openssl/sslerr.h --- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h
@@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void); @@ -597,6 +597,8 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209
# define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_MISSING_TMP_ECDH_KEY 311
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 101
+# define SSL_R_NESTED_GROUP 108
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 294
+# define SSL_R_NESTED_GROUP 295
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 # define SSL_R_NOT_ON_RECORD_BOUNDARY 182
# define SSL_R_NOT_REPLACING_CERTIFICATE 289 # define SSL_R_NOT_REPLACING_CERTIFICATE 289
@@ -727,9 +729,11 @@ int ERR_load_SSL_strings(void); # define SSL_R_NOT_SERVER 284
# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 @@ -729,7 +731,9 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 109
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 # define SSL_R_UNEXPECTED_CCS_MESSAGE 262
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 296
# define SSL_R_UNEXPECTED_MESSAGE 244 # define SSL_R_UNEXPECTED_MESSAGE 244
+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 110 +# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 297
# define SSL_R_UNEXPECTED_RECORD 245 # define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276 # define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246 # define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a5b3dbbfd5..505c32d18e 100644 index a3639fd18c..c24b5154ac 100644
--- a/ssl/s3_lib.c --- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -167,7 +167,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -168,7 +168,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA, SSL_aRSA,
SSL_3DES, SSL_3DES,
SSL_SHA1, SSL_SHA1,
@ -83,7 +83,7 @@ index a5b3dbbfd5..505c32d18e 100644
DTLS1_BAD_VER, DTLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -232,7 +232,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -233,7 +233,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA, SSL_aRSA,
SSL_AES128, SSL_AES128,
SSL_SHA1, SSL_SHA1,
@ -92,7 +92,7 @@ index a5b3dbbfd5..505c32d18e 100644
DTLS1_BAD_VER, DTLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -296,7 +296,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -297,7 +297,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA, SSL_aRSA,
SSL_AES256, SSL_AES256,
SSL_SHA1, SSL_SHA1,
@ -101,7 +101,7 @@ index a5b3dbbfd5..505c32d18e 100644
DTLS1_BAD_VER, DTLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -4124,6 +4124,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) @@ -4125,6 +4125,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
return 1; return 1;
} }
@ -119,7 +119,7 @@ index a5b3dbbfd5..505c32d18e 100644
/* /*
* ssl3_choose_cipher - choose a cipher from those offered by the client * ssl3_choose_cipher - choose a cipher from those offered by the client
* @s: SSL connection * @s: SSL connection
@@ -4133,16 +4144,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) @@ -4134,16 +4145,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
* Returns the selected cipher or NULL when no common ciphers. * Returns the selected cipher or NULL when no common ciphers.
*/ */
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@ -150,8 +150,8 @@ index a5b3dbbfd5..505c32d18e 100644
/* Let's see which ciphers we can support */ /* Let's see which ciphers we can support */
@@ -4169,54 +4188,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -4170,54 +4189,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif } OSSL_TRACE_END(TLS_CIPHER);
/* SUITE-B takes precedence over server preference and ChaCha priortiy */ /* SUITE-B takes precedence over server preference and ChaCha priortiy */
- if (tls1_suiteb(s)) { - if (tls1_suiteb(s)) {
@ -208,7 +208,7 @@ index a5b3dbbfd5..505c32d18e 100644
allow = srvr; allow = srvr;
} }
@@ -4247,14 +4225,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -4248,14 +4226,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i); c = sk_SSL_CIPHER_value(prio, i);
@ -227,7 +227,7 @@ index a5b3dbbfd5..505c32d18e 100644
/* /*
* Since TLS 1.3 ciphersuites can be used with any auth or * Since TLS 1.3 ciphersuites can be used with any auth or
@@ -4276,10 +4256,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -4277,10 +4257,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */ /* with PSK there must be server callback set */
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
@ -237,9 +237,9 @@ index a5b3dbbfd5..505c32d18e 100644
- ok = (alg_k & mask_k) && (alg_a & mask_a); - ok = (alg_k & mask_k) && (alg_a & mask_a);
+ ok = ok && (alg_k & mask_k) && (alg_a & mask_a); + ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG OSSL_TRACE7(TLS_CIPHER,
fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
alg_a, mask_k, mask_a, (void *)c, c->name); ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
@@ -4296,6 +4276,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -4296,6 +4276,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ok) if (!ok)
@ -315,10 +315,10 @@ index a5b3dbbfd5..505c32d18e 100644
} }
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 461a9debab..c8d8517735 100644 index 5aa04dbd53..dc238fc9c9 100644
--- a/ssl/ssl_ciph.c --- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c
@@ -192,6 +192,7 @@ typedef struct cipher_order_st { @@ -193,6 +193,7 @@ typedef struct cipher_order_st {
const SSL_CIPHER *cipher; const SSL_CIPHER *cipher;
int active; int active;
int dead; int dead;
@ -326,7 +326,15 @@ index 461a9debab..c8d8517735 100644
struct cipher_order_st *next, *prev; struct cipher_order_st *next, *prev;
} CIPHER_ORDER; } CIPHER_ORDER;
@@ -681,6 +682,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, @@ -297,6 +298,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
+ {0, "TLS13", NULL, 0, 0, 0, 0, 0, TLS1_3_VERSION},
/* strength classes */
{0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
@@ -682,6 +684,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].next = NULL; co_list[co_list_num].next = NULL;
co_list[co_list_num].prev = NULL; co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0; co_list[co_list_num].active = 0;
@ -334,7 +342,7 @@ index 461a9debab..c8d8517735 100644
co_list_num++; co_list_num++;
} }
@@ -774,8 +776,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -775,8 +778,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
uint32_t alg_auth, uint32_t alg_enc, uint32_t alg_auth, uint32_t alg_enc,
uint32_t alg_mac, int min_tls, uint32_t alg_mac, int min_tls,
uint32_t algo_strength, int rule, uint32_t algo_strength, int rule,
@ -345,19 +353,19 @@ index 461a9debab..c8d8517735 100644
{ {
CIPHER_ORDER *head, *tail, *curr, *next, *last; CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp; const SSL_CIPHER *cp;
@@ -783,9 +785,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -784,9 +787,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
#ifdef CIPHER_DEBUG OSSL_TRACE_BEGIN(TLS_CIPHER){
fprintf(stderr, BIO_printf(trc_out,
- "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n", - "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
+ "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n", + "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n",
rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls, rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
- algo_strength, strength_bits); - algo_strength, strength_bits);
+ algo_strength, strength_bits, in_group); + algo_strength, strength_bits, in_group);
#endif }
if (rule == CIPHER_DEL || rule == CIPHER_BUMP) if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
@@ -862,6 +864,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -863,6 +866,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
if (!curr->active) { if (!curr->active) {
ll_append_tail(&head, curr, &tail); ll_append_tail(&head, curr, &tail);
curr->active = 1; curr->active = 1;
@ -365,7 +373,7 @@ index 461a9debab..c8d8517735 100644
} }
} }
/* Move the added cipher to this location */ /* Move the added cipher to this location */
@@ -869,6 +872,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -870,6 +874,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
/* reverse == 0 */ /* reverse == 0 */
if (curr->active) { if (curr->active) {
ll_append_tail(&head, curr, &tail); ll_append_tail(&head, curr, &tail);
@ -373,7 +381,7 @@ index 461a9debab..c8d8517735 100644
} }
} else if (rule == CIPHER_DEL) { } else if (rule == CIPHER_DEL) {
/* reverse == 1 */ /* reverse == 1 */
@@ -880,6 +884,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -881,6 +886,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
*/ */
ll_append_head(&head, curr, &tail); ll_append_head(&head, curr, &tail);
curr->active = 0; curr->active = 0;
@ -381,7 +389,7 @@ index 461a9debab..c8d8517735 100644
} }
} else if (rule == CIPHER_BUMP) { } else if (rule == CIPHER_BUMP) {
if (curr->active) if (curr->active)
@@ -947,8 +952,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, @@ -950,8 +956,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
*/ */
for (i = max_strength_bits; i >= 0; i--) for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0) if (number_uses[i] > 0)
@ -392,7 +400,7 @@ index 461a9debab..c8d8517735 100644
OPENSSL_free(number_uses); OPENSSL_free(number_uses);
return 1; return 1;
@@ -962,7 +967,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -965,7 +971,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength; uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
int min_tls; int min_tls;
const char *l, *buf; const char *l, *buf;
@ -401,7 +409,7 @@ index 461a9debab..c8d8517735 100644
uint32_t cipher_id = 0; uint32_t cipher_id = 0;
char ch; char ch;
@@ -973,18 +978,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -976,18 +982,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (ch == '\0') if (ch == '\0')
break; /* done */ break; /* done */
@ -469,7 +477,16 @@ index 461a9debab..c8d8517735 100644
} else { } else {
rule = CIPHER_ADD; rule = CIPHER_ADD;
} }
@@ -1026,7 +1079,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -1012,7 +1066,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) ||
- (ch == '-') || (ch == '.') || (ch == '='))
+ (ch == '-') || (ch == '.') || (ch == '=') || (ch == '_'))
#else
while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
|| (ch == '='))
@@ -1029,7 +1083,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* alphanumeric, so we call this an error. * alphanumeric, so we call this an error.
*/ */
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND); SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
@ -478,7 +495,7 @@ index 461a9debab..c8d8517735 100644
l++; l++;
break; break;
} }
@@ -1205,8 +1258,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -1208,8 +1262,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
} else if (found) { } else if (found) {
ssl_cipher_apply_rule(cipher_id, ssl_cipher_apply_rule(cipher_id,
alg_mkey, alg_auth, alg_enc, alg_mac, alg_mkey, alg_auth, alg_enc, alg_mac,
@ -489,7 +506,7 @@ index 461a9debab..c8d8517735 100644
} else { } else {
while ((*l != '\0') && !ITEM_SEP(*l)) while ((*l != '\0') && !ITEM_SEP(*l))
l++; l++;
@@ -1215,6 +1268,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -1218,6 +1272,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
break; /* done */ break; /* done */
} }
@ -501,7 +518,7 @@ index 461a9debab..c8d8517735 100644
return retval; return retval;
} }
@@ -1379,7 +1437,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) @@ -1382,7 +1441,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
if (ret && ctx->cipher_list != NULL) { if (ret && ctx->cipher_list != NULL) {
/* We already have a cipher_list, so we need to update it */ /* We already have a cipher_list, so we need to update it */
@ -510,7 +527,7 @@ index 461a9debab..c8d8517735 100644
ctx->tls13_ciphersuites); ctx->tls13_ciphersuites);
} }
@@ -1392,7 +1450,7 @@ int SSL_set_ciphersuites(SSL *s, const char *str) @@ -1395,7 +1454,7 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
if (ret && s->cipher_list != NULL) { if (ret && s->cipher_list != NULL) {
/* We already have a cipher_list, so we need to update it */ /* We already have a cipher_list, so we need to update it */
@ -519,7 +536,7 @@ index 461a9debab..c8d8517735 100644
s->tls13_ciphersuites); s->tls13_ciphersuites);
} }
@@ -1401,17 +1459,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str) @@ -1404,17 +1463,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -530,21 +547,20 @@ index 461a9debab..c8d8517735 100644
CERT *c) CERT *c)
{ {
- int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i; - int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i;
+ int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i, tls13_len; + int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac; uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
- STACK_OF(SSL_CIPHER) *cipherstack; - STACK_OF(SSL_CIPHER) *cipherstack;
+ STACK_OF(SSL_CIPHER) *cipherstack = NULL; + STACK_OF(SSL_CIPHER) *cipherstack = NULL;
const char *rule_p; const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr; CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
- const SSL_CIPHER **ca_list = NULL; const SSL_CIPHER **ca_list = NULL;
+ const SSL_CIPHER **ca_list = NULL, *tmp = NULL;
+ uint8_t *in_group_flags = NULL; + uint8_t *in_group_flags = NULL;
+ unsigned int num_in_group_flags = 0; + unsigned int num_in_group_flags = 0;
+ struct ssl_cipher_preference_list_st *pref_list = NULL; + struct ssl_cipher_preference_list_st *pref_list = NULL;
/* /*
* Return with error if nothing to do. * Return with error if nothing to do.
@@ -1460,16 +1521,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1463,16 +1525,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* preference). * preference).
*/ */
ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
@ -568,7 +584,7 @@ index 461a9debab..c8d8517735 100644
&head, &tail); &head, &tail);
/* /*
@@ -1478,13 +1539,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1481,13 +1543,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* strength. * strength.
*/ */
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD, ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
@ -585,7 +601,7 @@ index 461a9debab..c8d8517735 100644
&tail); &tail);
/* /*
@@ -1492,16 +1553,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1495,16 +1557,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* disabled. (For applications that allow them, they aren't too bad, but * disabled. (For applications that allow them, they aren't too bad, but
* we prefer authenticated ciphers.) * we prefer authenticated ciphers.)
*/ */
@ -606,7 +622,7 @@ index 461a9debab..c8d8517735 100644
&tail); &tail);
/* /*
@@ -1517,7 +1578,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1520,7 +1582,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs. * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
* TODO(openssl-team): is there an easier way to accomplish all this? * TODO(openssl-team): is there an easier way to accomplish all this?
*/ */
@ -615,7 +631,7 @@ index 461a9debab..c8d8517735 100644
&head, &tail); &head, &tail);
/* /*
@@ -1533,15 +1594,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1536,15 +1598,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Because we now bump ciphers to the top of the list, we proceed in * Because we now bump ciphers to the top of the list, we proceed in
* reverse order of preference. * reverse order of preference.
*/ */
@ -628,6 +644,9 @@ index 461a9debab..c8d8517735 100644
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0, ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
- CIPHER_BUMP, -1, &head, &tail); - CIPHER_BUMP, -1, &head, &tail);
+ CIPHER_BUMP, -1, 0, &head, &tail); + CIPHER_BUMP, -1, 0, &head, &tail);
+
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_3_VERSION, 0, CIPHER_BUMP, -1, 0,
+ &head, &tail);
/* Now disable everything (maintaining the ordering!) */ /* Now disable everything (maintaining the ordering!) */
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
@ -635,7 +654,7 @@ index 461a9debab..c8d8517735 100644
/* /*
* We also need cipher aliases for selecting based on the rule_str. * We also need cipher aliases for selecting based on the rule_str.
@@ -1555,9 +1616,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1558,9 +1623,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) { if (ca_list == NULL) {
@ -646,7 +665,7 @@ index 461a9debab..c8d8517735 100644
} }
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc, disabled_mkey, disabled_auth, disabled_enc,
@@ -1582,27 +1642,35 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1585,28 +1649,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
OPENSSL_free(ca_list); /* Not needed anymore */ OPENSSL_free(ca_list); /* Not needed anymore */
@ -667,51 +686,38 @@ index 461a9debab..c8d8517735 100644
- } - }
+ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) + if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
+ goto err; + goto err;
+
- /* Add TLSv1.3 ciphers first - we always prefer those if possible */
- for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
- if (!sk_SSL_CIPHER_push(cipherstack,
- sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
- sk_SSL_CIPHER_free(cipherstack);
- return NULL;
- }
- }
+ in_group_flags = OPENSSL_malloc(num_of_ciphers); + in_group_flags = OPENSSL_malloc(num_of_ciphers);
+ if (!in_group_flags) + if (!in_group_flags)
+ goto err; + goto err;
/* Add TLSv1.3 ciphers first - we always prefer those if possible */ OSSL_TRACE_BEGIN(TLS_CIPHER) {
- for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { BIO_printf(trc_out, "cipher selection:\n");
+ tls13_len = sk_SSL_CIPHER_num(tls13_ciphersuites); @@ -1618,11 +1673,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+ for (i = 0; i < tls13_len; i++) {
+ tmp = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
if (!sk_SSL_CIPHER_push(cipherstack,
- sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
- sk_SSL_CIPHER_free(cipherstack);
- return NULL;
+ tmp))
+ goto err;
+ /* Temporary - AES128, CHACHA20 priority adjustment of TLS 1.3. */
+ if (tmp->algorithm_enc == SSL_AES128GCM &&
+ tls13_len > (i + 1)) {
+ tmp = sk_SSL_CIPHER_value(tls13_ciphersuites, i + 1);
+ in_group_flags[num_in_group_flags++] = (tmp->algorithm_enc == SSL_CHACHA20POLY1305) ? 1 : 0;
}
+ else
+ in_group_flags[num_in_group_flags++] = 0;
}
/*
@@ -1611,26 +1679,50 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
for (curr = head; curr != NULL; curr = curr->next) { for (curr = head; curr != NULL; curr = curr->next) {
if (curr->active) { if (curr->active) {
- if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
- OPENSSL_free(co_list); - OPENSSL_free(co_list);
- sk_SSL_CIPHER_free(cipherstack); - sk_SSL_CIPHER_free(cipherstack);
OSSL_TRACE_CANCEL(TLS_CIPHER);
- return NULL; - return NULL;
- }
+ if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher))
+ goto err; + goto err;
}
+ in_group_flags[num_in_group_flags++] = curr->in_group; + in_group_flags[num_in_group_flags++] = curr->in_group;
#ifdef CIPHER_DEBUG if (trc_out != NULL)
fprintf(stderr, "<%s>\n", curr->cipher->name); BIO_printf(trc_out, "<%s>\n", curr->cipher->name);
#endif
} }
} @@ -1630,14 +1684,39 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
- OPENSSL_free(co_list); /* Not needed any longer */ OPENSSL_free(co_list); /* Not needed any longer */
OSSL_TRACE_END(TLS_CIPHER);
- if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) { - if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
- sk_SSL_CIPHER_free(cipherstack); - sk_SSL_CIPHER_free(cipherstack);
@ -719,9 +725,6 @@ index 461a9debab..c8d8517735 100644
- } - }
- sk_SSL_CIPHER_free(*cipher_list); - sk_SSL_CIPHER_free(*cipher_list);
- *cipher_list = cipherstack; - *cipher_list = cipherstack;
+ OPENSSL_free(co_list); /* Not needed any longer */
+ co_list = NULL;
+
+ if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) + if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack))
+ goto err; + goto err;
+ +
@ -754,32 +757,30 @@ index 461a9debab..c8d8517735 100644
+ if (pref_list) + if (pref_list)
+ OPENSSL_free(pref_list); + OPENSSL_free(pref_list);
+ return NULL; + return NULL;
+
} }
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index ceae87bbc9..46521b7136 100644 index ceae87bbc9..10836f3667 100644
--- a/ssl/ssl_err.c --- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c +++ b/ssl/ssl_err.c
@@ -965,6 +965,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { @@ -967,6 +967,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),
"missing tmp ecdh key"}, "missing tmp ecdh key"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
"mixed handshake and non handshake data"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS), + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS),
+ "mixed special operator with groups"}, + "mixed special operator with groups"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "nested group"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "nested group"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
"mixed handshake and non handshake data"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
@@ -1201,11 +1204,14 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "not on record boundary"},
"unable to load ssl3 md5 routines"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), @@ -1205,7 +1208,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"unable to load ssl3 sha1 routines"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE), "unexpected group close"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE),
"unexpected ccs message"}, "unexpected ccs message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
"unexpected end of early data"}, "unexpected end of early data"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE),
+ "unexpected group close"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP), + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP),
+ "unexpected operator in group"}, + "unexpected operator in group"},
@ -787,10 +788,10 @@ index ceae87bbc9..46521b7136 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 322a4381b0..ac33c35560 100644 index f63e16b592..8f462b7108 100644
--- a/ssl/ssl_lib.c --- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) @@ -1120,6 +1120,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm); return X509_VERIFY_PARAM_set1(ssl->param, vpm);
} }
@ -862,7 +863,7 @@ index 322a4381b0..ac33c35560 100644
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{ {
return ctx->param; return ctx->param;
@@ -1163,7 +1228,8 @@ void SSL_free(SSL *s) @@ -1164,7 +1229,8 @@ void SSL_free(SSL *s)
BUF_MEM_free(s->init_buf); BUF_MEM_free(s->init_buf);
/* add extra stuff */ /* add extra stuff */
@ -872,7 +873,7 @@ index 322a4381b0..ac33c35560 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites); sk_SSL_CIPHER_free(s->tls13_ciphersuites);
@@ -2498,9 +2564,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) @@ -2499,9 +2565,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
{ {
if (s != NULL) { if (s != NULL) {
if (s->cipher_list != NULL) { if (s->cipher_list != NULL) {
@ -884,7 +885,7 @@ index 322a4381b0..ac33c35560 100644
} }
} }
return NULL; return NULL;
@@ -2574,8 +2640,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) @@ -2575,8 +2641,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
* preference */ * preference */
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
{ {
@ -895,7 +896,7 @@ index 322a4381b0..ac33c35560 100644
return NULL; return NULL;
} }
@@ -3026,7 +3092,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) @@ -3027,7 +3093,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites, ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id, &ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert) SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -904,7 +905,7 @@ index 322a4381b0..ac33c35560 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2; goto err2;
} }
@@ -3202,7 +3268,7 @@ void SSL_CTX_free(SSL_CTX *a) @@ -3203,7 +3269,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store); CTLOG_STORE_free(a->ctlog_store);
#endif #endif
@ -913,7 +914,7 @@ index 322a4381b0..ac33c35560 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites); sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert); ssl_cert_free(a->cert);
@@ -3880,13 +3946,15 @@ SSL *SSL_dup(SSL *s) @@ -3879,13 +3945,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */ /* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) { if (s->cipher_list != NULL) {
@ -934,10 +935,10 @@ index 322a4381b0..ac33c35560 100644
/* Dup the client_CA list */ /* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names) if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ae6417b592..9f839acc74 100644 index 1d3397d880..265c32d15e 100644
--- a/ssl/ssl_locl.h --- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st { @@ -744,9 +744,46 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE; } SSL_CTX_EXT_SECURE;
@ -985,7 +986,7 @@ index ae6417b592..9f839acc74 100644
/* same as above but sorted for lookup */ /* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */ /* TLSv1.3 specific ciphersuites */
@@ -1146,7 +1183,7 @@ struct ssl_st { @@ -1145,7 +1182,7 @@ struct ssl_st {
/* Per connection DANE state */ /* Per connection DANE state */
SSL_DANE dane; SSL_DANE dane;
/* crypto */ /* crypto */
@ -994,7 +995,7 @@ index ae6417b592..9f839acc74 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */ /* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites; STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2275,7 +2312,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, @@ -2278,7 +2315,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp); const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1003,7 +1004,7 @@ index ae6417b592..9f839acc74 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id, STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str, const char *rule_str,
CERT *c); CERT *c);
@@ -2285,6 +2322,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, @@ -2288,6 +2325,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal); int fatal);
void ssl_update_cache(SSL *s, int mode); void ssl_update_cache(SSL *s, int mode);
@ -1017,7 +1018,7 @@ index ae6417b592..9f839acc74 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type, const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp, size_t *mac_secret_size, SSL_COMP **comp,
@@ -2368,7 +2412,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, @@ -2371,7 +2415,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk); CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *clnt,
@ -1027,10 +1028,10 @@ index ae6417b592..9f839acc74 100644
__owur int ssl3_new(SSL *s); __owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s); void ssl3_free(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index bf1819d356..ebb6224b5e 100644 index e482e2d074..f81fe86291 100644
--- a/ssl/statem/statem_srvr.c --- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c
@@ -1750,7 +1750,7 @@ static int tls_early_post_process_client_hello(SSL *s) @@ -1751,7 +1751,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */ /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
if (SSL_IS_TLS13(s)) { if (SSL_IS_TLS13(s)) {
const SSL_CIPHER *cipher = const SSL_CIPHER *cipher =
@ -1039,7 +1040,7 @@ index bf1819d356..ebb6224b5e 100644
if (cipher == NULL) { if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@@ -1931,7 +1931,7 @@ static int tls_early_post_process_client_hello(SSL *s) @@ -1934,7 +1934,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* check if some cipher was preferred by call back */ /* check if some cipher was preferred by call back */
if (pref_cipher == NULL) if (pref_cipher == NULL)
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@ -1048,7 +1049,7 @@ index bf1819d356..ebb6224b5e 100644
if (pref_cipher == NULL) { if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@@ -1940,8 +1940,9 @@ static int tls_early_post_process_client_hello(SSL *s) @@ -1943,8 +1943,9 @@ static int tls_early_post_process_client_hello(SSL *s)
} }
s->session->cipher = pref_cipher; s->session->cipher = pref_cipher;
@ -1060,7 +1061,7 @@ index bf1819d356..ebb6224b5e 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->cipher_list_by_id);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
} }
@@ -2255,7 +2256,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) @@ -2258,7 +2259,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* In TLSv1.3 we selected the ciphersuite before resumption */ /* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) { if (!SSL_IS_TLS13(s)) {
cipher = cipher =

241
openssl-equal-3.0.0-dev_ciphers.patch
View File

@ -1,5 +1,28 @@
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index aec6a8dac8..9dc9d183e7 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -2805,6 +2805,8 @@ SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key
SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key
SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\
mixed handshake and non handshake data
+SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS:294:mixed special operator with groups
+SSL_R_NESTED_GROUP:295:nested group
SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary
SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate
SSL_R_NOT_SERVER:284:not server
@@ -2913,7 +2915,9 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_GROUP_CLOSE:296:unexpected group close
SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
+SSL_R_UNEXPECTED_OPERATOR_IN_GROUP:297:unexpected operator in group
SSL_R_UNEXPECTED_RECORD:245:unexpected record
SSL_R_UNINITIALIZED:276:uninitialized
SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index e29c5d7ced..b5bca974c9 100644 index e29c5d7ced..7d795c390e 100644
--- a/doc/man1/ciphers.pod --- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod
@@ -400,6 +400,21 @@ permissible. @@ -400,6 +400,21 @@ permissible.
@ -25,35 +48,33 @@ index e29c5d7ced..b5bca974c9 100644
The following lists give the SSL or TLS cipher suites names from the The following lists give the SSL or TLS cipher suites names from the
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 63057517dc..97ccb41d43 100644 index 63057517dc..77910bad17 100644
--- a/include/openssl/sslerr.h --- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h
@@ -596,6 +596,8 @@ int ERR_load_SSL_strings(void); @@ -597,6 +597,8 @@ int ERR_load_SSL_strings(void);
# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION 209
# define SSL_R_MISSING_TMP_DH_KEY 171 # define SSL_R_MISSING_TMP_DH_KEY 171
# define SSL_R_MISSING_TMP_ECDH_KEY 311 # define SSL_R_MISSING_TMP_ECDH_KEY 311
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 101
+# define SSL_R_NESTED_GROUP 108
# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293 # define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA 293
+# define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 294
+# define SSL_R_NESTED_GROUP 295
# define SSL_R_NOT_ON_RECORD_BOUNDARY 182 # define SSL_R_NOT_ON_RECORD_BOUNDARY 182
# define SSL_R_NOT_REPLACING_CERTIFICATE 289 # define SSL_R_NOT_REPLACING_CERTIFICATE 289
@@ -727,9 +729,11 @@ int ERR_load_SSL_strings(void); # define SSL_R_NOT_SERVER 284
# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 @@ -729,7 +731,9 @@ int ERR_load_SSL_strings(void);
# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 109
# define SSL_R_UNEXPECTED_CCS_MESSAGE 262 # define SSL_R_UNEXPECTED_CCS_MESSAGE 262
# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178
+# define SSL_R_UNEXPECTED_GROUP_CLOSE 296
# define SSL_R_UNEXPECTED_MESSAGE 244 # define SSL_R_UNEXPECTED_MESSAGE 244
+# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 110 +# define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 297
# define SSL_R_UNEXPECTED_RECORD 245 # define SSL_R_UNEXPECTED_RECORD 245
# define SSL_R_UNINITIALIZED 276 # define SSL_R_UNINITIALIZED 276
# define SSL_R_UNKNOWN_ALERT_TYPE 246 # define SSL_R_UNKNOWN_ALERT_TYPE 246
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index a5b3dbbfd5..6dd4ad4b68 100644 index a3639fd18c..3f830c5d40 100644
--- a/ssl/s3_lib.c --- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c +++ b/ssl/s3_lib.c
@@ -31,7 +31,25 @@ const unsigned char tls12downgrade[] = { @@ -32,7 +32,25 @@ const unsigned char tls12downgrade[] = {
}; };
/* The list of available TLSv1.3 ciphers */ /* The list of available TLSv1.3 ciphers */
@ -79,7 +100,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
{ {
1, 1,
TLS1_3_RFC_AES_128_GCM_SHA256, TLS1_3_RFC_AES_128_GCM_SHA256,
@@ -111,20 +129,8 @@ static SSL_CIPHER tls13_ciphers[] = { @@ -112,20 +130,8 @@ static SSL_CIPHER tls13_ciphers[] = {
SSL_HANDSHAKE_MAC_SHA256, SSL_HANDSHAKE_MAC_SHA256,
128, 128,
128, 128,
@ -102,7 +123,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
{ {
1, 1,
SSL3_TXT_RSA_NULL_MD5, SSL3_TXT_RSA_NULL_MD5,
@@ -167,7 +173,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -168,7 +174,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA, SSL_aRSA,
SSL_3DES, SSL_3DES,
SSL_SHA1, SSL_SHA1,
@ -111,7 +132,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
DTLS1_BAD_VER, DTLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS, SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -232,7 +238,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -233,7 +239,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA, SSL_aRSA,
SSL_AES128, SSL_AES128,
SSL_SHA1, SSL_SHA1,
@ -120,7 +141,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
DTLS1_BAD_VER, DTLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -296,7 +302,7 @@ static SSL_CIPHER ssl3_ciphers[] = { @@ -297,7 +303,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
SSL_aRSA, SSL_aRSA,
SSL_AES256, SSL_AES256,
SSL_SHA1, SSL_SHA1,
@ -129,7 +150,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
DTLS1_BAD_VER, DTLS1_2_VERSION, DTLS1_BAD_VER, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
@@ -4124,6 +4130,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) @@ -4125,6 +4131,17 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
return 1; return 1;
} }
@ -147,7 +168,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
/* /*
* ssl3_choose_cipher - choose a cipher from those offered by the client * ssl3_choose_cipher - choose a cipher from those offered by the client
* @s: SSL connection * @s: SSL connection
@@ -4133,16 +4150,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len) @@ -4134,16 +4151,24 @@ int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
* Returns the selected cipher or NULL when no common ciphers. * Returns the selected cipher or NULL when no common ciphers.
*/ */
const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
@ -178,8 +199,8 @@ index a5b3dbbfd5..6dd4ad4b68 100644
/* Let's see which ciphers we can support */ /* Let's see which ciphers we can support */
@@ -4169,54 +4194,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -4170,54 +4195,13 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif } OSSL_TRACE_END(TLS_CIPHER);
/* SUITE-B takes precedence over server preference and ChaCha priortiy */ /* SUITE-B takes precedence over server preference and ChaCha priortiy */
- if (tls1_suiteb(s)) { - if (tls1_suiteb(s)) {
@ -236,7 +257,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
allow = srvr; allow = srvr;
} }
@@ -4247,14 +4231,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -4248,14 +4232,16 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i); c = sk_SSL_CIPHER_value(prio, i);
@ -255,7 +276,7 @@ index a5b3dbbfd5..6dd4ad4b68 100644
/* /*
* Since TLS 1.3 ciphersuites can be used with any auth or * Since TLS 1.3 ciphersuites can be used with any auth or
@@ -4276,10 +4262,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -4277,10 +4263,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_PSK #ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */ /* with PSK there must be server callback set */
if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL) if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
@ -265,9 +286,9 @@ index a5b3dbbfd5..6dd4ad4b68 100644
- ok = (alg_k & mask_k) && (alg_a & mask_a); - ok = (alg_k & mask_k) && (alg_a & mask_a);
+ ok = ok && (alg_k & mask_k) && (alg_a & mask_a); + ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG OSSL_TRACE7(TLS_CIPHER,
fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",
alg_a, mask_k, mask_a, (void *)c, c->name); ok, alg_k, alg_a, mask_k, mask_a, (void *)c, c->name);
@@ -4296,6 +4282,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, @@ -4296,6 +4282,14 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (!ok) if (!ok)
@ -343,10 +364,10 @@ index a5b3dbbfd5..6dd4ad4b68 100644
} }
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 461a9debab..8eb18f0e28 100644 index 5aa04dbd53..dc238fc9c9 100644
--- a/ssl/ssl_ciph.c --- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c
@@ -192,6 +192,7 @@ typedef struct cipher_order_st { @@ -193,6 +193,7 @@ typedef struct cipher_order_st {
const SSL_CIPHER *cipher; const SSL_CIPHER *cipher;
int active; int active;
int dead; int dead;
@ -354,7 +375,7 @@ index 461a9debab..8eb18f0e28 100644
struct cipher_order_st *next, *prev; struct cipher_order_st *next, *prev;
} CIPHER_ORDER; } CIPHER_ORDER;
@@ -296,6 +297,7 @@ static const SSL_CIPHER cipher_aliases[] = { @@ -297,6 +298,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION}, {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION}, {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
{0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION}, {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
@ -362,7 +383,7 @@ index 461a9debab..8eb18f0e28 100644
/* strength classes */ /* strength classes */
{0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW}, {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
@@ -681,6 +683,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, @@ -682,6 +684,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].next = NULL; co_list[co_list_num].next = NULL;
co_list[co_list_num].prev = NULL; co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0; co_list[co_list_num].active = 0;
@ -370,7 +391,7 @@ index 461a9debab..8eb18f0e28 100644
co_list_num++; co_list_num++;
} }
@@ -774,8 +777,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -775,8 +778,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
uint32_t alg_auth, uint32_t alg_enc, uint32_t alg_auth, uint32_t alg_enc,
uint32_t alg_mac, int min_tls, uint32_t alg_mac, int min_tls,
uint32_t algo_strength, int rule, uint32_t algo_strength, int rule,
@ -381,19 +402,19 @@ index 461a9debab..8eb18f0e28 100644
{ {
CIPHER_ORDER *head, *tail, *curr, *next, *last; CIPHER_ORDER *head, *tail, *curr, *next, *last;
const SSL_CIPHER *cp; const SSL_CIPHER *cp;
@@ -783,9 +786,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -784,9 +787,9 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
#ifdef CIPHER_DEBUG OSSL_TRACE_BEGIN(TLS_CIPHER){
fprintf(stderr, BIO_printf(trc_out,
- "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n", - "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
+ "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n", + "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d) g:%d\n",
rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls, rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
- algo_strength, strength_bits); - algo_strength, strength_bits);
+ algo_strength, strength_bits, in_group); + algo_strength, strength_bits, in_group);
#endif }
if (rule == CIPHER_DEL || rule == CIPHER_BUMP) if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
@@ -862,6 +865,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -863,6 +866,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
if (!curr->active) { if (!curr->active) {
ll_append_tail(&head, curr, &tail); ll_append_tail(&head, curr, &tail);
curr->active = 1; curr->active = 1;
@ -401,7 +422,7 @@ index 461a9debab..8eb18f0e28 100644
} }
} }
/* Move the added cipher to this location */ /* Move the added cipher to this location */
@@ -869,6 +873,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -870,6 +874,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
/* reverse == 0 */ /* reverse == 0 */
if (curr->active) { if (curr->active) {
ll_append_tail(&head, curr, &tail); ll_append_tail(&head, curr, &tail);
@ -409,7 +430,7 @@ index 461a9debab..8eb18f0e28 100644
} }
} else if (rule == CIPHER_DEL) { } else if (rule == CIPHER_DEL) {
/* reverse == 1 */ /* reverse == 1 */
@@ -880,6 +885,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey, @@ -881,6 +886,7 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
*/ */
ll_append_head(&head, curr, &tail); ll_append_head(&head, curr, &tail);
curr->active = 0; curr->active = 0;
@ -417,7 +438,7 @@ index 461a9debab..8eb18f0e28 100644
} }
} else if (rule == CIPHER_BUMP) { } else if (rule == CIPHER_BUMP) {
if (curr->active) if (curr->active)
@@ -947,8 +953,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, @@ -950,8 +956,8 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
*/ */
for (i = max_strength_bits; i >= 0; i--) for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0) if (number_uses[i] > 0)
@ -428,7 +449,7 @@ index 461a9debab..8eb18f0e28 100644
OPENSSL_free(number_uses); OPENSSL_free(number_uses);
return 1; return 1;
@@ -962,7 +968,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -965,7 +971,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength; uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
int min_tls; int min_tls;
const char *l, *buf; const char *l, *buf;
@ -437,7 +458,7 @@ index 461a9debab..8eb18f0e28 100644
uint32_t cipher_id = 0; uint32_t cipher_id = 0;
char ch; char ch;
@@ -973,18 +979,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -976,18 +982,66 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
if (ch == '\0') if (ch == '\0')
break; /* done */ break; /* done */
@ -505,7 +526,7 @@ index 461a9debab..8eb18f0e28 100644
} else { } else {
rule = CIPHER_ADD; rule = CIPHER_ADD;
} }
@@ -1009,7 +1063,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -1012,7 +1066,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
while (((ch >= 'A') && (ch <= 'Z')) || while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) || ((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) || ((ch >= 'a') && (ch <= 'z')) ||
@ -514,7 +535,7 @@ index 461a9debab..8eb18f0e28 100644
#else #else
while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.') while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
|| (ch == '=')) || (ch == '='))
@@ -1026,7 +1080,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -1029,7 +1083,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* alphanumeric, so we call this an error. * alphanumeric, so we call this an error.
*/ */
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND); SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
@ -523,7 +544,7 @@ index 461a9debab..8eb18f0e28 100644
l++; l++;
break; break;
} }
@@ -1205,8 +1259,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -1208,8 +1262,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
} else if (found) { } else if (found) {
ssl_cipher_apply_rule(cipher_id, ssl_cipher_apply_rule(cipher_id,
alg_mkey, alg_auth, alg_enc, alg_mac, alg_mkey, alg_auth, alg_enc, alg_mac,
@ -534,7 +555,7 @@ index 461a9debab..8eb18f0e28 100644
} else { } else {
while ((*l != '\0') && !ITEM_SEP(*l)) while ((*l != '\0') && !ITEM_SEP(*l))
l++; l++;
@@ -1215,6 +1269,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str, @@ -1218,6 +1272,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
break; /* done */ break; /* done */
} }
@ -546,7 +567,7 @@ index 461a9debab..8eb18f0e28 100644
return retval; return retval;
} }
@@ -1379,7 +1438,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str) @@ -1382,7 +1441,7 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
if (ret && ctx->cipher_list != NULL) { if (ret && ctx->cipher_list != NULL) {
/* We already have a cipher_list, so we need to update it */ /* We already have a cipher_list, so we need to update it */
@ -555,7 +576,7 @@ index 461a9debab..8eb18f0e28 100644
ctx->tls13_ciphersuites); ctx->tls13_ciphersuites);
} }
@@ -1392,7 +1451,7 @@ int SSL_set_ciphersuites(SSL *s, const char *str) @@ -1395,7 +1454,7 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
if (ret && s->cipher_list != NULL) { if (ret && s->cipher_list != NULL) {
/* We already have a cipher_list, so we need to update it */ /* We already have a cipher_list, so we need to update it */
@ -564,7 +585,7 @@ index 461a9debab..8eb18f0e28 100644
s->tls13_ciphersuites); s->tls13_ciphersuites);
} }
@@ -1401,17 +1460,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str) @@ -1404,17 +1463,20 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -588,7 +609,7 @@ index 461a9debab..8eb18f0e28 100644
/* /*
* Return with error if nothing to do. * Return with error if nothing to do.
@@ -1460,16 +1522,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1463,16 +1525,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* preference). * preference).
*/ */
ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
@ -612,7 +633,7 @@ index 461a9debab..8eb18f0e28 100644
&head, &tail); &head, &tail);
/* /*
@@ -1478,13 +1540,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1481,13 +1543,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* strength. * strength.
*/ */
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD, ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
@ -629,7 +650,7 @@ index 461a9debab..8eb18f0e28 100644
&tail); &tail);
/* /*
@@ -1492,16 +1554,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1495,16 +1557,16 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* disabled. (For applications that allow them, they aren't too bad, but * disabled. (For applications that allow them, they aren't too bad, but
* we prefer authenticated ciphers.) * we prefer authenticated ciphers.)
*/ */
@ -650,7 +671,7 @@ index 461a9debab..8eb18f0e28 100644
&tail); &tail);
/* /*
@@ -1517,7 +1579,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1520,7 +1582,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs. * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
* TODO(openssl-team): is there an easier way to accomplish all this? * TODO(openssl-team): is there an easier way to accomplish all this?
*/ */
@ -659,7 +680,7 @@ index 461a9debab..8eb18f0e28 100644
&head, &tail); &head, &tail);
/* /*
@@ -1533,15 +1595,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1536,15 +1598,18 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
* Because we now bump ciphers to the top of the list, we proceed in * Because we now bump ciphers to the top of the list, we proceed in
* reverse order of preference. * reverse order of preference.
*/ */
@ -682,7 +703,7 @@ index 461a9debab..8eb18f0e28 100644
/* /*
* We also need cipher aliases for selecting based on the rule_str. * We also need cipher aliases for selecting based on the rule_str.
@@ -1555,9 +1620,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1558,9 +1623,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
if (ca_list == NULL) { if (ca_list == NULL) {
@ -693,7 +714,7 @@ index 461a9debab..8eb18f0e28 100644
} }
ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
disabled_mkey, disabled_auth, disabled_enc, disabled_mkey, disabled_auth, disabled_enc,
@@ -1582,28 +1646,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1585,28 +1649,19 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
OPENSSL_free(ca_list); /* Not needed anymore */ OPENSSL_free(ca_list); /* Not needed anymore */
@ -727,26 +748,25 @@ index 461a9debab..8eb18f0e28 100644
+ if (!in_group_flags) + if (!in_group_flags)
+ goto err; + goto err;
/* OSSL_TRACE_BEGIN(TLS_CIPHER) {
* The cipher selection for the list is done. The ciphers are added BIO_printf(trc_out, "cipher selection:\n");
@@ -1611,26 +1666,50 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, @@ -1618,11 +1673,10 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
for (curr = head; curr != NULL; curr = curr->next) { for (curr = head; curr != NULL; curr = curr->next) {
if (curr->active) { if (curr->active) {
- if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) { if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
- OPENSSL_free(co_list); - OPENSSL_free(co_list);
- sk_SSL_CIPHER_free(cipherstack); - sk_SSL_CIPHER_free(cipherstack);
OSSL_TRACE_CANCEL(TLS_CIPHER);
- return NULL; - return NULL;
- }
+ if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher))
+ goto err; + goto err;
}
+ in_group_flags[num_in_group_flags++] = curr->in_group; + in_group_flags[num_in_group_flags++] = curr->in_group;
#ifdef CIPHER_DEBUG if (trc_out != NULL)
fprintf(stderr, "<%s>\n", curr->cipher->name); BIO_printf(trc_out, "<%s>\n", curr->cipher->name);
#endif
} }
} @@ -1630,14 +1684,39 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
- OPENSSL_free(co_list); /* Not needed any longer */ OPENSSL_free(co_list); /* Not needed any longer */
OSSL_TRACE_END(TLS_CIPHER);
- if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) { - if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
- sk_SSL_CIPHER_free(cipherstack); - sk_SSL_CIPHER_free(cipherstack);
@ -754,9 +774,6 @@ index 461a9debab..8eb18f0e28 100644
- } - }
- sk_SSL_CIPHER_free(*cipher_list); - sk_SSL_CIPHER_free(*cipher_list);
- *cipher_list = cipherstack; - *cipher_list = cipherstack;
+ OPENSSL_free(co_list); /* Not needed any longer */
+ co_list = NULL;
+
+ if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) + if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack))
+ goto err; + goto err;
+ +
@ -789,32 +806,30 @@ index 461a9debab..8eb18f0e28 100644
+ if (pref_list) + if (pref_list)
+ OPENSSL_free(pref_list); + OPENSSL_free(pref_list);
+ return NULL; + return NULL;
+
} }
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index ceae87bbc9..46521b7136 100644 index ceae87bbc9..10836f3667 100644
--- a/ssl/ssl_err.c --- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c +++ b/ssl/ssl_err.c
@@ -965,6 +965,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { @@ -967,6 +967,9 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),
"missing tmp ecdh key"}, "missing tmp ecdh key"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
"mixed handshake and non handshake data"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS), + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS),
+ "mixed special operator with groups"}, + "mixed special operator with groups"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "nested group"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "nested group"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
"mixed handshake and non handshake data"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY), {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
@@ -1201,11 +1204,14 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { "not on record boundary"},
"unable to load ssl3 md5 routines"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), @@ -1205,7 +1208,11 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"unable to load ssl3 sha1 routines"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE), "unexpected group close"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE),
"unexpected ccs message"}, "unexpected ccs message"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
"unexpected end of early data"}, "unexpected end of early data"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE),
+ "unexpected group close"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP), + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP),
+ "unexpected operator in group"}, + "unexpected operator in group"},
@ -822,10 +837,10 @@ index ceae87bbc9..46521b7136 100644
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 322a4381b0..ac33c35560 100644 index f63e16b592..9828b43b0c 100644
--- a/ssl/ssl_lib.c --- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -1119,6 +1119,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm) @@ -1120,6 +1120,71 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm); return X509_VERIFY_PARAM_set1(ssl->param, vpm);
} }
@ -897,7 +912,7 @@ index 322a4381b0..ac33c35560 100644
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx) X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{ {
return ctx->param; return ctx->param;
@@ -1163,7 +1228,8 @@ void SSL_free(SSL *s) @@ -1164,7 +1229,8 @@ void SSL_free(SSL *s)
BUF_MEM_free(s->init_buf); BUF_MEM_free(s->init_buf);
/* add extra stuff */ /* add extra stuff */
@ -907,7 +922,7 @@ index 322a4381b0..ac33c35560 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->cipher_list_by_id);
sk_SSL_CIPHER_free(s->tls13_ciphersuites); sk_SSL_CIPHER_free(s->tls13_ciphersuites);
@@ -2498,9 +2564,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) @@ -2499,9 +2565,9 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
{ {
if (s != NULL) { if (s != NULL) {
if (s->cipher_list != NULL) { if (s->cipher_list != NULL) {
@ -919,7 +934,7 @@ index 322a4381b0..ac33c35560 100644
} }
} }
return NULL; return NULL;
@@ -2574,8 +2640,8 @@ const char *SSL_get_cipher_list(const SSL *s, int n) @@ -2575,29 +2641,22 @@ const char *SSL_get_cipher_list(const SSL *s, int n)
* preference */ * preference */
STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
{ {
@ -930,7 +945,31 @@ index 322a4381b0..ac33c35560 100644
return NULL; return NULL;
} }
@@ -3026,7 +3092,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) /*
* Distinguish between ciphers controlled by set_ciphersuite() and
* set_cipher_list() when counting.
+ * Enabled "TLS13+AESGCM+AES128" or the others.
*/
static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
{
- int i, num = 0;
- const SSL_CIPHER *c;
-
if (sk == NULL)
return 0;
- for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
- c = sk_SSL_CIPHER_value(sk, i);
- if (c->min_tls >= TLS1_3_VERSION)
- continue;
- num++;
- }
- return num;
+ else
+ return sk_SSL_CIPHER_num(sk);
}
/** specify the ciphers to be used by default by the SSL_CTX */
@@ -3027,7 +3086,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
ret->tls13_ciphersuites, ret->tls13_ciphersuites,
&ret->cipher_list, &ret->cipher_list_by_id, &ret->cipher_list, &ret->cipher_list_by_id,
SSL_DEFAULT_CIPHER_LIST, ret->cert) SSL_DEFAULT_CIPHER_LIST, ret->cert)
@ -939,7 +978,7 @@ index 322a4381b0..ac33c35560 100644
SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2; goto err2;
} }
@@ -3202,7 +3268,7 @@ void SSL_CTX_free(SSL_CTX *a) @@ -3203,7 +3262,7 @@ void SSL_CTX_free(SSL_CTX *a)
#ifndef OPENSSL_NO_CT #ifndef OPENSSL_NO_CT
CTLOG_STORE_free(a->ctlog_store); CTLOG_STORE_free(a->ctlog_store);
#endif #endif
@ -948,7 +987,7 @@ index 322a4381b0..ac33c35560 100644
sk_SSL_CIPHER_free(a->cipher_list_by_id); sk_SSL_CIPHER_free(a->cipher_list_by_id);
sk_SSL_CIPHER_free(a->tls13_ciphersuites); sk_SSL_CIPHER_free(a->tls13_ciphersuites);
ssl_cert_free(a->cert); ssl_cert_free(a->cert);
@@ -3880,13 +3946,15 @@ SSL *SSL_dup(SSL *s) @@ -3879,13 +3938,15 @@ SSL *SSL_dup(SSL *s)
/* dup the cipher_list and cipher_list_by_id stacks */ /* dup the cipher_list and cipher_list_by_id stacks */
if (s->cipher_list != NULL) { if (s->cipher_list != NULL) {
@ -969,10 +1008,10 @@ index 322a4381b0..ac33c35560 100644
/* Dup the client_CA list */ /* Dup the client_CA list */
if (!dup_ca_names(&ret->ca_names, s->ca_names) if (!dup_ca_names(&ret->ca_names, s->ca_names)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ae6417b592..9f839acc74 100644 index 1d3397d880..265c32d15e 100644
--- a/ssl/ssl_locl.h --- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h
@@ -745,9 +745,46 @@ typedef struct ssl_ctx_ext_secure_st { @@ -744,9 +744,46 @@ typedef struct ssl_ctx_ext_secure_st {
unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH]; unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
} SSL_CTX_EXT_SECURE; } SSL_CTX_EXT_SECURE;
@ -1020,7 +1059,7 @@ index ae6417b592..9f839acc74 100644
/* same as above but sorted for lookup */ /* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */ /* TLSv1.3 specific ciphersuites */
@@ -1146,7 +1183,7 @@ struct ssl_st { @@ -1145,7 +1182,7 @@ struct ssl_st {
/* Per connection DANE state */ /* Per connection DANE state */
SSL_DANE dane; SSL_DANE dane;
/* crypto */ /* crypto */
@ -1029,7 +1068,7 @@ index ae6417b592..9f839acc74 100644
STACK_OF(SSL_CIPHER) *cipher_list_by_id; STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* TLSv1.3 specific ciphersuites */ /* TLSv1.3 specific ciphersuites */
STACK_OF(SSL_CIPHER) *tls13_ciphersuites; STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
@@ -2275,7 +2312,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, @@ -2278,7 +2315,7 @@ __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
const SSL_CIPHER *const *bp); const SSL_CIPHER *const *bp);
__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) *tls13_ciphersuites, STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
@ -1038,7 +1077,7 @@ index ae6417b592..9f839acc74 100644
STACK_OF(SSL_CIPHER) **cipher_list_by_id, STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str, const char *rule_str,
CERT *c); CERT *c);
@@ -2285,6 +2322,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites, @@ -2288,6 +2325,13 @@ __owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
STACK_OF(SSL_CIPHER) **scsvs, int sslv2format, STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
int fatal); int fatal);
void ssl_update_cache(SSL *s, int mode); void ssl_update_cache(SSL *s, int mode);
@ -1052,7 +1091,7 @@ index ae6417b592..9f839acc74 100644
__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
const EVP_MD **md, int *mac_pkey_type, const EVP_MD **md, int *mac_pkey_type,
size_t *mac_secret_size, SSL_COMP **comp, size_t *mac_secret_size, SSL_COMP **comp,
@@ -2368,7 +2412,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, @@ -2371,7 +2415,7 @@ __owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
CERT_PKEY *cpk); CERT_PKEY *cpk);
__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, __owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
STACK_OF(SSL_CIPHER) *clnt, STACK_OF(SSL_CIPHER) *clnt,
@ -1062,10 +1101,10 @@ index ae6417b592..9f839acc74 100644
__owur int ssl3_new(SSL *s); __owur int ssl3_new(SSL *s);
void ssl3_free(SSL *s); void ssl3_free(SSL *s);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index bf1819d356..ebb6224b5e 100644 index e482e2d074..f81fe86291 100644
--- a/ssl/statem/statem_srvr.c --- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c
@@ -1750,7 +1750,7 @@ static int tls_early_post_process_client_hello(SSL *s) @@ -1751,7 +1751,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* For TLSv1.3 we must select the ciphersuite *before* session resumption */ /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
if (SSL_IS_TLS13(s)) { if (SSL_IS_TLS13(s)) {
const SSL_CIPHER *cipher = const SSL_CIPHER *cipher =
@ -1074,7 +1113,7 @@ index bf1819d356..ebb6224b5e 100644
if (cipher == NULL) { if (cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
@@ -1931,7 +1931,7 @@ static int tls_early_post_process_client_hello(SSL *s) @@ -1934,7 +1934,7 @@ static int tls_early_post_process_client_hello(SSL *s)
/* check if some cipher was preferred by call back */ /* check if some cipher was preferred by call back */
if (pref_cipher == NULL) if (pref_cipher == NULL)
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers, pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
@ -1083,7 +1122,7 @@ index bf1819d356..ebb6224b5e 100644
if (pref_cipher == NULL) { if (pref_cipher == NULL) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
@@ -1940,8 +1940,9 @@ static int tls_early_post_process_client_hello(SSL *s) @@ -1943,8 +1943,9 @@ static int tls_early_post_process_client_hello(SSL *s)
} }
s->session->cipher = pref_cipher; s->session->cipher = pref_cipher;
@ -1095,7 +1134,7 @@ index bf1819d356..ebb6224b5e 100644
sk_SSL_CIPHER_free(s->cipher_list_by_id); sk_SSL_CIPHER_free(s->cipher_list_by_id);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
} }
@@ -2255,7 +2256,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst) @@ -2258,7 +2259,7 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/* In TLSv1.3 we selected the ciphersuite before resumption */ /* In TLSv1.3 we selected the ciphersuite before resumption */
if (!SSL_IS_TLS13(s)) { if (!SSL_IS_TLS13(s)) {
cipher = cipher =