Created
September 10, 2016 14:14
-
-
Save h-yamamo/62c1fc1783b74d820b1c225e7acda258 to your computer and use it in GitHub Desktop.
Support equal preference cipher suites group for ubuntu xenial openssl package
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Support equal preference group | |
* This patch requires the preceding chacha20poly1305.patch. | |
* Ciphersuites in equal preference group are hard coded. | |
The following ciphersuites: | |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
TLS_ECDHE_RSA_CHACHA20_POLY1305_OLD | |
TLS_ECDHE_ECDSA_CHACHA20_POLY1305_OLD | |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | |
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | |
If you want to add or delete ciphersuites then add or remove | |
SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP macro. | |
diff -ur openssl-1.0.2g-1ubuntu4.3+ore1 +equal-preference-group | |
--- a/ssl/s3_lib.c 2016-08-29 20:00:00.000000000 +0900 | |
+++ b/ssl/s3_lib.c 2016-09-10 19:04:58.000000000 +0900 | |
@@ -2774,7 +2774,8 @@ | |
SSL_AEAD, | |
SSL_TLSV1_2, | |
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, | |
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, | |
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | | |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP, | |
128, | |
128, | |
}, | |
@@ -2790,7 +2791,8 @@ | |
SSL_AEAD, | |
SSL_TLSV1_2, | |
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, | |
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, | |
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | | |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP, | |
256, | |
256, | |
}, | |
@@ -2838,7 +2840,8 @@ | |
SSL_AEAD, | |
SSL_TLSV1_2, | |
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, | |
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, | |
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | | |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP, | |
128, | |
128, | |
}, | |
@@ -2854,7 +2857,8 @@ | |
SSL_AEAD, | |
SSL_TLSV1_2, | |
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, | |
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, | |
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | | |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP, | |
256, | |
256, | |
}, | |
@@ -2963,7 +2967,7 @@ | |
SSL_TLSV1_2, | |
SSL_NOT_EXP | SSL_HIGH, | |
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | | |
- FIXED_NONCE_LEN(0), | |
+ FIXED_NONCE_LEN(0) | SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP, | |
256, | |
0, | |
}, | |
@@ -2980,7 +2984,7 @@ | |
SSL_TLSV1_2, | |
SSL_NOT_EXP | SSL_HIGH, | |
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | | |
- FIXED_NONCE_LEN(0), | |
+ FIXED_NONCE_LEN(0) | SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP, | |
256, | |
0, | |
}, | |
@@ -3014,7 +3018,8 @@ | |
SSL_TLSV1_2, | |
SSL_NOT_EXP | SSL_HIGH, | |
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | | |
- SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE | FIXED_NONCE_LEN(12), | |
+ SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE | FIXED_NONCE_LEN(12) | | |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP, | |
256, | |
256, | |
}, | |
@@ -3031,7 +3036,8 @@ | |
SSL_TLSV1_2, | |
SSL_NOT_EXP | SSL_HIGH, | |
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD | | |
- SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE | FIXED_NONCE_LEN(12), | |
+ SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE | FIXED_NONCE_LEN(12) | | |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP, | |
256, | |
256, | |
}, | |
@@ -4199,6 +4205,15 @@ | |
int i, ii, ok; | |
CERT *cert; | |
unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; | |
+ /* | |
+ * group_min contains the minimal index so far found in a group, or -1 if | |
+ * no such value exists yet. | |
+ */ | |
+ int group_min = -1; | |
+ /* cipher index: found first and for old Safari */ | |
+ int i_first = -1, i_bad_safari = -1; | |
+ /* flag that use equal preference group */ | |
+ int equal_pr_group = 0; | |
/* Let's see which ciphers we can support */ | |
cert = s->cert; | |
@@ -4232,6 +4247,7 @@ | |
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) { | |
prio = srvr; | |
allow = clnt; | |
+ equal_pr_group = 1; | |
} else { | |
prio = clnt; | |
allow = srvr; | |
@@ -4242,6 +4258,12 @@ | |
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { | |
c = sk_SSL_CIPHER_value(prio, i); | |
+#define IS_EQUAL_PREFERENCE_GROUP(cipher) \ | |
+ (cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP) | |
+ /* Skip ciphers not in group if already found a prefer group cipher */ | |
+ if (equal_pr_group && group_min >= 0 && !(IS_EQUAL_PREFERENCE_GROUP(c))) | |
+ continue; | |
+ | |
/* Skip TLS v1.2 only ciphersuites if not supported */ | |
if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) | |
continue; | |
@@ -4316,15 +4338,27 @@ | |
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) | |
if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) | |
&& s->s3->is_probably_safari) { | |
- if (!ret) | |
- ret = sk_SSL_CIPHER_value(allow, ii); | |
+ /* buggy old Safari does not support TLS v1.2 */ | |
+ if (i_bad_safari < 0) | |
+ i_bad_safari = ii; | |
continue; | |
} | |
#endif | |
- ret = sk_SSL_CIPHER_value(allow, ii); | |
- break; | |
+ if (equal_pr_group && IS_EQUAL_PREFERENCE_GROUP(c)) | |
+ if (group_min < 0 || ii < group_min) | |
+ group_min = ii; | |
+ | |
+ if (i_first < 0) | |
+ i_first = ii; | |
+ | |
+ if (!equal_pr_group) | |
+ break; | |
} | |
} | |
+ /* get available cipher index */ | |
+ ii = group_min >= 0 ? group_min : (i_first >= 0 ? i_first : i_bad_safari); | |
+ if (ii >= 0) | |
+ ret = sk_SSL_CIPHER_value(allow, ii); | |
return (ret); | |
} | |
diff -ur openssl-1.0.2g-1ubuntu4.3+ore1 +equal-preference-group | |
--- a/ssl/ssl_locl.h 2016-08-29 20:00:00.000000000 +0900 | |
+++ b/ssl/ssl_locl.h 2016-09-10 19:12:31.000000000 +0900 | |
@@ -426,6 +426,10 @@ | |
* which indicates that XOR the fixed nonce. (CHACHA20-POLY1305, for example) */ | |
#define SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE (1 << 24) | |
+/* SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP is a flag in SSL_CIPHER | |
+ * .algorithm2 which indicates that the cipher is in equal preference group. */ | |
+# define SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP (1 << 28) | |
+ | |
/* | |
* Export and cipher strength information. For each cipher we have to decide | |
* whether it is exportable or not. This information is likely to change |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This patch requires the preceding chacha20poly1305.patch.
How to build packages:
This patch is also available for debian jessie-backports (openssl 1.0.2h-1~bpo8).