Skip to content

Instantly share code, notes, and snippets.

@h-yamamo
Created September 10, 2016 14:14
Show Gist options
  • Save h-yamamo/62c1fc1783b74d820b1c225e7acda258 to your computer and use it in GitHub Desktop.
Save h-yamamo/62c1fc1783b74d820b1c225e7acda258 to your computer and use it in GitHub Desktop.
Support equal preference cipher suites group for ubuntu xenial openssl package
Support equal preference group
* This patch requires the preceding chacha20poly1305.patch.
* Ciphersuites in equal preference group are hard coded.
The following ciphersuites:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_CHACHA20_POLY1305_OLD
TLS_ECDHE_ECDSA_CHACHA20_POLY1305_OLD
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
If you want to add or delete ciphersuites then add or remove
SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP macro.
diff -ur openssl-1.0.2g-1ubuntu4.3+ore1 +equal-preference-group
--- a/ssl/s3_lib.c 2016-08-29 20:00:00.000000000 +0900
+++ b/ssl/s3_lib.c 2016-09-10 19:04:58.000000000 +0900
@@ -2774,7 +2774,8 @@
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP,
128,
128,
},
@@ -2790,7 +2791,8 @@
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP,
256,
256,
},
@@ -2838,7 +2840,8 @@
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+ SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP,
128,
128,
},
@@ -2854,7 +2857,8 @@
SSL_AEAD,
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
- SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP,
256,
256,
},
@@ -2963,7 +2967,7 @@
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
- FIXED_NONCE_LEN(0),
+ FIXED_NONCE_LEN(0) | SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP,
256,
0,
},
@@ -2980,7 +2984,7 @@
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
- FIXED_NONCE_LEN(0),
+ FIXED_NONCE_LEN(0) | SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP,
256,
0,
},
@@ -3014,7 +3018,8 @@
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
- SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE | FIXED_NONCE_LEN(12),
+ SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE | FIXED_NONCE_LEN(12) |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP,
256,
256,
},
@@ -3031,7 +3036,8 @@
SSL_TLSV1_2,
SSL_NOT_EXP | SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
- SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE | FIXED_NONCE_LEN(12),
+ SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE | FIXED_NONCE_LEN(12) |
+ SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP,
256,
256,
},
@@ -4199,6 +4205,15 @@
int i, ii, ok;
CERT *cert;
unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
+ /*
+ * group_min contains the minimal index so far found in a group, or -1 if
+ * no such value exists yet.
+ */
+ int group_min = -1;
+ /* cipher index: found first and for old Safari */
+ int i_first = -1, i_bad_safari = -1;
+ /* flag that use equal preference group */
+ int equal_pr_group = 0;
/* Let's see which ciphers we can support */
cert = s->cert;
@@ -4232,6 +4247,7 @@
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
prio = srvr;
allow = clnt;
+ equal_pr_group = 1;
} else {
prio = clnt;
allow = srvr;
@@ -4242,6 +4258,12 @@
for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
c = sk_SSL_CIPHER_value(prio, i);
+#define IS_EQUAL_PREFERENCE_GROUP(cipher) \
+ (cipher->algorithm2 & SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP)
+ /* Skip ciphers not in group if already found a prefer group cipher */
+ if (equal_pr_group && group_min >= 0 && !(IS_EQUAL_PREFERENCE_GROUP(c)))
+ continue;
+
/* Skip TLS v1.2 only ciphersuites if not supported */
if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
continue;
@@ -4316,15 +4338,27 @@
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA)
&& s->s3->is_probably_safari) {
- if (!ret)
- ret = sk_SSL_CIPHER_value(allow, ii);
+ /* buggy old Safari does not support TLS v1.2 */
+ if (i_bad_safari < 0)
+ i_bad_safari = ii;
continue;
}
#endif
- ret = sk_SSL_CIPHER_value(allow, ii);
- break;
+ if (equal_pr_group && IS_EQUAL_PREFERENCE_GROUP(c))
+ if (group_min < 0 || ii < group_min)
+ group_min = ii;
+
+ if (i_first < 0)
+ i_first = ii;
+
+ if (!equal_pr_group)
+ break;
}
}
+ /* get available cipher index */
+ ii = group_min >= 0 ? group_min : (i_first >= 0 ? i_first : i_bad_safari);
+ if (ii >= 0)
+ ret = sk_SSL_CIPHER_value(allow, ii);
return (ret);
}
diff -ur openssl-1.0.2g-1ubuntu4.3+ore1 +equal-preference-group
--- a/ssl/ssl_locl.h 2016-08-29 20:00:00.000000000 +0900
+++ b/ssl/ssl_locl.h 2016-09-10 19:12:31.000000000 +0900
@@ -426,6 +426,10 @@
* which indicates that XOR the fixed nonce. (CHACHA20-POLY1305, for example) */
#define SSL_CIPHER_ALGORITHM2_XOR_FIXED_NONCE (1 << 24)
+/* SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP is a flag in SSL_CIPHER
+ * .algorithm2 which indicates that the cipher is in equal preference group. */
+# define SSL_CIPHER_ALGORITHM2_EQUAL_PREFERENCE_GROUP (1 << 28)
+
/*
* Export and cipher strength information. For each cipher we have to decide
* whether it is exportable or not. This information is likely to change
@h-yamamo
Copy link
Author

This patch requires the preceding chacha20poly1305.patch.
How to build packages:

apt-get -d source openssl
tar xf openssl_1.0.2g.orig.tar.gz
cd openssl-1.0.2g
tar xf ../openssl_1.0.2g-1ubuntu4.3.debian.tar.xz
cp -av (openssl-chacha20poly1305 repository)/xenial/debian/* debian/
cp (somewhere)/equal-preference-group.patch debian/patches/
echo equal-preference-group.patch >> debian/patches/series
vi debian/changelog  # add description about equal-preference-group
debuild -uc -us

This patch is also available for debian jessie-backports (openssl 1.0.2h-1~bpo8).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment