Equal preference cipher groups.
This change implements equal-preference groups of cipher suites. This
allows, for example, a server to prefer one of AES-GCM or ChaCha20
ciphers, but to allow the client to pick which one. When coupled with
clients that will boost AES-GCM in their preferences when AES-NI is
present, this allows us to use AES-GCM when the hardware exists and
ChaCha20 otherwise.
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index dce8021..8cc710c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3737,15 +3737,40 @@
return(2);
}
+struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s)
+ {
+ if (s->cipher_list != NULL)
+ return(s->cipher_list);
+
+ if (s->version >= TLS1_1_VERSION)
+ {
+ if (s->ctx != NULL && s->ctx->cipher_list_tls11 != NULL)
+ return s->ctx->cipher_list_tls11;
+ }
+
+ if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL))
+ return(s->ctx->cipher_list);
+
+ return NULL;
+ }
+
SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
- STACK_OF(SSL_CIPHER) *srvr)
+ struct ssl_cipher_preference_list_st *server_pref)
{
SSL_CIPHER *c,*ret=NULL;
- STACK_OF(SSL_CIPHER) *prio, *allow;
+ STACK_OF(SSL_CIPHER) *srvr = server_pref->ciphers, *prio, *allow;
int i,ok;
size_t cipher_index;
CERT *cert;
unsigned long alg_k,alg_a,mask_k,mask_a,emask_k,emask_a;
+ /* in_group_flags will either be NULL, or will point to an array of
+ * bytes which indicate equal-preference groups in the |prio| stack.
+ * See the comment about |in_group_flags| in the
+ * |ssl_cipher_preference_list_st| struct. */
+ const unsigned char *in_group_flags;
+ /* group_min contains the minimal index so far found in a group, or -1
+ * if no such value exists yet. */
+ int group_min = -1;
/* Let's see which ciphers we can support */
cert=s->cert;
@@ -3778,11 +3803,13 @@
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s))
{
prio = srvr;
+ in_group_flags = server_pref->in_group_flags;
allow = clnt;
}
else
{
prio = clnt;
+ in_group_flags = NULL;
allow = srvr;
}
@@ -3792,10 +3819,12 @@
{
c=sk_SSL_CIPHER_value(prio,i);
+ ok = 1;
+
/* Skip TLS v1.2 only ciphersuites if not supported */
- if ((c->algorithm_ssl & SSL_TLSV1_2) &&
+ if ((c->algorithm_ssl & SSL_TLSV1_2) &&
!SSL_USE_TLS1_2_CIPHERS(s))
- continue;
+ ok = 0;
ssl_set_cert_masks(cert,c);
mask_k = cert->mask_k;
@@ -3813,12 +3842,12 @@
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
if ((alg_a & SSL_aPSK) && s->psk_server_callback == NULL)
- continue;
+ ok = 0;
#endif /* OPENSSL_NO_PSK */
if (SSL_C_IS_EXPORT(c))
{
- ok = (alg_k & emask_k) && (alg_a & emask_a);
+ ok = ok && (alg_k & emask_k) && (alg_a & emask_a);
#ifdef CIPHER_DEBUG
printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
(void *)c,c->name);
@@ -3826,7 +3855,7 @@
}
else
{
- ok = (alg_k & mask_k) && (alg_a & mask_a);
+ ok = ok && (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG
printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
c->name);
@@ -3842,17 +3871,32 @@
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
- if (!ok) continue;
- if (sk_SSL_CIPHER_find(allow, &cipher_index, c))
+ if (ok && sk_SSL_CIPHER_find(allow, &cipher_index, c))
{
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
- if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+ if (in_group_flags != NULL && in_group_flags[i] == 1)
{
- if (!ret) ret=sk_SSL_CIPHER_value(allow, cipher_index);
- continue;
+ /* This element of |prio| is in a group. Update
+ * the minimum index found so far and continue
+ * looking. */
+ if (group_min == -1 || group_min > cipher_index)
+ group_min = cipher_index;
}
-#endif
- ret=sk_SSL_CIPHER_value(allow, cipher_index);
+ else
+ {
+ if (group_min != -1 && group_min < cipher_index)
+ cipher_index = group_min;
+ ret=sk_SSL_CIPHER_value(allow,cipher_index);
+ break;
+ }
+ }
+
+ if (in_group_flags != NULL &&
+ in_group_flags[i] == 0 &&
+ group_min != -1)
+ {
+ /* We are about to leave a group, but we found a match
+ * in it, so that's our answer. */
+ ret=sk_SSL_CIPHER_value(allow,group_min);
break;
}
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 72538a0..1cbc26c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1249,7 +1249,7 @@
ciphers=NULL;
/* check if some cipher was preferred by call back */
- pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
+ pref_cipher=pref_cipher ? pref_cipher : ssl3_choose_cipher(s, s->session->ciphers, ssl_get_cipher_preferences(s));
if (pref_cipher == NULL)
{
al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1260,12 +1260,12 @@
s->session->cipher=pref_cipher;
if (s->cipher_list)
- sk_SSL_CIPHER_free(s->cipher_list);
+ ssl_cipher_preference_list_free(s->cipher_list);
if (s->cipher_list_by_id)
sk_SSL_CIPHER_free(s->cipher_list_by_id);
- s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
+ s->cipher_list = ssl_cipher_preference_list_from_ciphers(s->session->ciphers);
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
}
}
@@ -1319,7 +1319,7 @@
s->rwstate = SSL_NOTHING;
}
c=ssl3_choose_cipher(s,s->session->ciphers,
- SSL_get_ciphers(s));
+ ssl_get_cipher_preferences(s));
if (c == NULL)
{
diff --git a/ssl/ssl.h b/ssl/ssl.h
index b478bbd..4aa6d22 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -879,18 +879,55 @@
DECLARE_STACK_OF(SSL_COMP)
DECLARE_LHASH_OF(SSL_SESSION);
+/* ssl_cipher_preference_list_st contains a list of SSL_CIPHERs with
+ * equal-preference groups. For TLS clients, the groups are moot because the
+ * server picks the cipher and groups cannot be expressed on the wire. However,
+ * for servers, the equal-preference groups allow the client's preferences to
+ * be partially respected. (This only has an effect with
+ * SSL_OP_CIPHER_SERVER_PREFERENCE).
+ *
+ * The equal-preference groups are expressed by grouping SSL_CIPHERs together.
+ * All elements of a group have the same priority: no ordering is expressed
+ * within a group.
+ *
+ * The values in |ciphers| are in one-to-one correspondence with
+ * |in_group_flags|. (That is, sk_SSL_CIPHER_num(ciphers) is the number of
+ * bytes in |in_group_flags|.) The bytes in |in_group_flags| are either 1, to
+ * indicate that the corresponding SSL_CIPHER is not the last element of a
+ * group, or 0 to indicate that it is.
+ *
+ * For example, if |in_group_flags| contains all zeros then that indicates a
+ * traditional, fully-ordered preference. Every SSL_CIPHER is the last element
+ * of the group (i.e. they are all in a one-element group).
+ *
+ * For a more complex example, consider:
+ * ciphers: A B C D E F
+ * in_group_flags: 1 1 0 0 1 0
+ *
+ * That would express the following, order:
+ *
+ * A E
+ * B -> D -> F
+ * C
+ */
+struct ssl_cipher_preference_list_st
+ {
+ STACK_OF(SSL_CIPHER) *ciphers;
+ unsigned char *in_group_flags;
+ };
+
struct ssl_ctx_st
{
const SSL_METHOD *method;
- STACK_OF(SSL_CIPHER) *cipher_list;
+ struct ssl_cipher_preference_list_st *cipher_list;
/* same as above but sorted for lookup */
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* cipher_list_tls11 is the list of ciphers when TLS 1.1 or greater is
* in use. This only applies to server connections as, for clients, the
* version number is known at connect time and so the cipher list can
* be set then. */
- STACK_OF(SSL_CIPHER) *cipher_list_tls11;
+ struct ssl_cipher_preference_list_st *cipher_list_tls11;
struct x509_store_st /* X509_STORE */ *cert_store;
LHASH_OF(SSL_SESSION) *sessions;
@@ -1414,7 +1451,7 @@
#endif
/* crypto */
- STACK_OF(SSL_CIPHER) *cipher_list;
+ struct ssl_cipher_preference_list_st *cipher_list;
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
/* These are the ones being used, the ones in SSL_SESSION are
@@ -3016,5 +3053,9 @@
#define SSL_R_DTLS_MESSAGE_TOO_BIG 429
#define SSL_R_INVALID_SRP_USERNAME 430
#define SSL_R_TOO_MANY_EMPTY_FRAGMENTS 431
+#define SSL_R_NESTED_GROUP 432
+#define SSL_R_UNEXPECTED_GROUP_CLOSE 433
+#define SSL_R_UNEXPECTED_OPERATOR_IN_GROUP 434
+#define SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS 435
#endif
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index e8f04d8..a10aa8f 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -218,6 +218,7 @@
const SSL_CIPHER *cipher;
int active;
int dead;
+ int in_group;
struct cipher_order_st *next,*prev;
} CIPHER_ORDER;
@@ -697,6 +698,7 @@
co_list[co_list_num].next = NULL;
co_list[co_list_num].prev = NULL;
co_list[co_list_num].active = 0;
+ co_list[co_list_num].in_group = 0;
co_list_num++;
#ifdef KSSL_DEBUG
printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
@@ -808,7 +810,7 @@
unsigned long alg_enc, unsigned long alg_mac,
unsigned long alg_ssl,
unsigned long algo_strength,
- int rule, int strength_bits,
+ int rule, int strength_bits, int in_group,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
{
CIPHER_ORDER *head, *tail, *curr, *curr2, *last;
@@ -816,8 +818,8 @@
int reverse = 0;
#ifdef CIPHER_DEBUG
- printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
- rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
+ printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d) in_group:%d\n",
+ rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits, in_group);
#endif
if (rule == CIPHER_DEL)
@@ -892,6 +894,7 @@
{
ll_append_tail(&head, curr, &tail);
curr->active = 1;
+ curr->in_group = in_group;
}
}
/* Move the added cipher to this location */
@@ -901,6 +904,7 @@
if (curr->active)
{
ll_append_tail(&head, curr, &tail);
+ curr->in_group = 0;
}
}
else if (rule == CIPHER_DEL)
@@ -913,6 +917,7 @@
* works in reverse to maintain the order) */
ll_append_head(&head, curr, &tail);
curr->active = 0;
+ curr->in_group = 0;
}
}
else if (rule == CIPHER_KILL)
@@ -983,7 +988,7 @@
*/
for (i = max_strength_bits; i >= 0; i--)
if (number_uses[i] > 0)
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, 0, head_p, tail_p);
OPENSSL_free(number_uses);
return(1);
@@ -995,7 +1000,8 @@
{
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
const char *l, *buf;
- int j, multi, found, rule, retval, ok, buflen;
+ int j, multi, found, rule, retval, ok, buflen, in_group = 0,
+ has_group = 0;
unsigned long cipher_id = 0;
char ch;
@@ -1007,14 +1013,68 @@
if (ch == '\0')
break; /* done */
- if (ch == '-')
+ if (in_group)
+ {
+ if (ch == ']')
+ {
+ if (!in_group)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_UNEXPECTED_GROUP_CLOSE);
+ retval = found = in_group = 0;
+ break;
+ }
+ if (*tail_p)
+ (*tail_p)->in_group = 0;
+ in_group = 0;
+ l++;
+ continue;
+ }
+ if (ch == '|')
+ { rule = CIPHER_ADD; l++; continue; }
+ else if (!(ch >= 'a' && ch <= 'z') &&
+ !(ch >= 'A' && ch <= 'Z') &&
+ !(ch >= '0' && ch <= '9'))
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP);
+ retval = found = in_group = 0;
+ break;
+ }
+ else
+ rule = CIPHER_ADD;
+ }
+ else if (ch == '-')
{ rule = CIPHER_DEL; l++; }
else if (ch == '+')
{ rule = CIPHER_ORD; l++; }
+ else if (ch == '!' && has_group)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS);
+ retval = found = in_group = 0;
+ break;
+ }
else if (ch == '!')
{ rule = CIPHER_KILL; l++; }
+ else if (ch == '@' && has_group)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS);
+ retval = found = in_group = 0;
+ break;
+ }
else if (ch == '@')
{ rule = CIPHER_SPECIAL; l++; }
+ else if (ch == '[')
+ {
+ if (in_group)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_NESTED_GROUP);
+ retval = found = in_group = 0;
+ break;
+ }
+ in_group = 1;
+ has_group = 1;
+ l++;
+ continue;
+ }
else
{ rule = CIPHER_ADD; }
@@ -1057,7 +1117,7 @@
* alphanumeric, so we call this an error.
*/
OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_INVALID_COMMAND);
- retval = found = 0;
+ retval = found = in_group = 0;
l++;
break;
}
@@ -1224,7 +1284,7 @@
{
ssl_cipher_apply_rule(cipher_id,
alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength,
- rule, -1, head_p, tail_p);
+ rule, -1, in_group, head_p, tail_p);
}
else
{
@@ -1234,6 +1294,12 @@
if (*l == '\0') break; /* done */
}
+ if (in_group)
+ {
+ OPENSSL_PUT_ERROR(SSL, ssl_cipher_process_rulestr, SSL_R_INVALID_COMMAND);
+ retval = 0;
+ }
+
return(retval);
}
#ifndef OPENSSL_NO_EC
@@ -1297,16 +1363,19 @@
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
- STACK_OF(SSL_CIPHER) **cipher_list,
+ struct ssl_cipher_preference_list_st **cipher_list,
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
const char *rule_str, CERT *c)
{
int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
+ STACK_OF(SSL_CIPHER) *cipherstack = NULL, *tmp_cipher_list = NULL;
const char *rule_p;
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
const SSL_CIPHER **ca_list = NULL;
+ unsigned char *in_group_flags = NULL;
+ unsigned int num_in_group_flags = 0;
+ struct ssl_cipher_preference_list_st *pref_list = NULL;
/*
* Return with error if nothing to do.
@@ -1348,32 +1417,32 @@
/* Now arrange all ciphers by preference: */
/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0, &head, &tail);
/* AES is our preferred symmetric cipher */
- ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, 0, &head, &tail);
/* Temporarily enable everything else for sorting */
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head, &tail);
/* Low priority for MD5 */
- ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, 0, &head, &tail);
/* Move anonymous ciphers to the end. Usually, these will remain disabled.
* (For applications that allow them, they aren't too bad, but we prefer
* authenticated ciphers.) */
- ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, 0, &head, &tail);
/* Move ciphers without forward secrecy to the end */
- ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
- /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); */
- ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, 0, SSL_aECDH, 0, 0, 0, 0, CIPHER_ORD, -1, 0, &head, &tail);
+ /* ssl_cipher_apply_rule(0, 0, SSL_aDH, 0, 0, 0, 0, CIPHER_ORD, -1, 0, &head, &tail); */
+ ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, 0, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kPSK, 0,0, 0, 0, 0, CIPHER_ORD, -1, 0, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kKRB5, 0,0, 0, 0, 0, CIPHER_ORD, -1, 0, &head, &tail);
/* RC4 is sort-of broken -- move the the end */
- ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, 0, &head, &tail);
/* Now sort by symmetric encryption strength. The above ordering remains
* in force within each class */
@@ -1384,7 +1453,7 @@
}
/* Now disable everything (maintaining the ordering!) */
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0, &head, &tail);
/*
@@ -1429,21 +1498,18 @@
OPENSSL_free((void *)ca_list); /* Not needed anymore */
if (!ok)
- { /* Rule processing failure */
- OPENSSL_free(co_list);
- return(NULL);
- }
+ goto err;
/*
* Allocate new "cipherstack" for the result, return with error
* if we cannot get one.
*/
if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
- {
- OPENSSL_free(co_list);
- return(NULL);
- }
+ goto err;
+ in_group_flags = OPENSSL_malloc(num_of_ciphers);
+ if (!in_group_flags)
+ goto err;
/*
* The cipher selection for the list is done. The ciphers are added
* to the resulting precedence to the STACK_OF(SSL_CIPHER).
@@ -1457,35 +1523,65 @@
#endif
{
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+ in_group_flags[num_in_group_flags++] = curr->in_group;
#ifdef CIPHER_DEBUG
printf("<%s>\n",curr->cipher->name);
#endif
}
}
OPENSSL_free(co_list); /* Not needed any longer */
+ co_list = NULL;
tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
if (tmp_cipher_list == NULL)
- {
- sk_SSL_CIPHER_free(cipherstack);
- return NULL;
- }
+ goto err;
+ pref_list = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
+ if (!pref_list)
+ goto err;
+ pref_list->ciphers = cipherstack;
+ pref_list->in_group_flags = OPENSSL_malloc(num_in_group_flags);
+ if (!pref_list->in_group_flags)
+ goto err;
+ memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags);
+ OPENSSL_free(in_group_flags);
+ in_group_flags = NULL;
if (*cipher_list != NULL)
- sk_SSL_CIPHER_free(*cipher_list);
- *cipher_list = cipherstack;
+ ssl_cipher_preference_list_free(*cipher_list);
+ *cipher_list = pref_list;
+ pref_list = NULL;
+
if (cipher_list_by_id != NULL)
{
if (*cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(*cipher_list_by_id);
*cipher_list_by_id = tmp_cipher_list;
+ tmp_cipher_list = NULL;
(void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
}
else
+ {
sk_SSL_CIPHER_free(tmp_cipher_list);
+ tmp_cipher_list = NULL;
+ }
return(cipherstack);
+
+err:
+ if (co_list)
+ OPENSSL_free(co_list);
+ if (in_group_flags)
+ OPENSSL_free(in_group_flags);
+ if (cipherstack)
+ sk_SSL_CIPHER_free(cipherstack);
+ if (tmp_cipher_list)
+ sk_SSL_CIPHER_free(tmp_cipher_list);
+ if (pref_list && pref_list->in_group_flags)
+ OPENSSL_free(pref_list->in_group_flags);
+ if (pref_list)
+ OPENSSL_free(pref_list);
+ return NULL;
}
char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
diff --git a/ssl/ssl_error.c b/ssl/ssl_error.c
index 76e2745..4271524 100644
--- a/ssl/ssl_error.c
+++ b/ssl/ssl_error.c
@@ -348,7 +348,9 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_RSA_KEY), "MISSING_TMP_RSA_KEY"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_RSA_PKEY), "MISSING_TMP_RSA_PKEY"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_VERIFY_MESSAGE), "MISSING_VERIFY_MESSAGE"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_SPECIAL_OPERATOR_WITH_GROUPS), "MIXED_SPECIAL_OPERATOR_WITH_GROUPS"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MULTIPLE_SGC_RESTARTS), "MULTIPLE_SGC_RESTARTS"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NESTED_GROUP), "NESTED_GROUP"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NON_SSLV2_INITIAL_PACKET), "NON_SSLV2_INITIAL_PACKET"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED), "NO_CERTIFICATES_RETURNED"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED), "NO_CERTIFICATE_ASSIGNED"},
@@ -491,7 +493,9 @@
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "UNABLE_TO_LOAD_SSL2_MD5_ROUTINES"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "UNABLE_TO_LOAD_SSL3_MD5_ROUTINES"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_GROUP_CLOSE), "UNEXPECTED_GROUP_CLOSE"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "UNEXPECTED_MESSAGE"},
+ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_OPERATOR_IN_GROUP), "UNEXPECTED_OPERATOR_IN_GROUP"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "UNEXPECTED_RECORD"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "UNINITIALIZED"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "UNKNOWN_ALERT_TYPE"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index c0e463c..46b3953 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -250,9 +250,13 @@
ctx->method=meth;
- sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
- &(ctx->cipher_list_by_id),
- meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ctx->cert);
+ sk=ssl_create_cipher_list(
+ ctx->method, &ctx->cipher_list, &ctx->cipher_list_by_id,
+ meth->version == SSL2_VERSION ?
+ "SSLv2" :
+ SSL_DEFAULT_CIPHER_LIST,
+ ctx->cert);
+
if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
{
OPENSSL_PUT_ERROR(SSL, SSL_CTX_set_ssl_version, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
@@ -520,6 +524,71 @@
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
}
+void ssl_cipher_preference_list_free(
+ struct ssl_cipher_preference_list_st *cipher_list)
+ {
+ sk_SSL_CIPHER_free(cipher_list->ciphers);
+ OPENSSL_free(cipher_list->in_group_flags);
+ OPENSSL_free(cipher_list);
+ }
+
+struct ssl_cipher_preference_list_st*
+ssl_cipher_preference_list_dup(
+ struct ssl_cipher_preference_list_st *cipher_list)
+ {
+ struct ssl_cipher_preference_list_st* ret = NULL;
+ size_t n = sk_SSL_CIPHER_num(cipher_list->ciphers);
+
+ ret = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
+ if (!ret)
+ goto err;
+ ret->ciphers = NULL;
+ ret->in_group_flags = NULL;
+ ret->ciphers = sk_SSL_CIPHER_dup(cipher_list->ciphers);
+ if (!ret->ciphers)
+ goto err;
+ ret->in_group_flags = OPENSSL_malloc(n);
+ if (!ret->in_group_flags)
+ goto err;
+ memcpy(ret->in_group_flags, cipher_list->in_group_flags, n);
+ return ret;
+
+err:
+ if (ret->ciphers)
+ sk_SSL_CIPHER_free(ret->ciphers);
+ if (ret)
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
+struct ssl_cipher_preference_list_st*
+ssl_cipher_preference_list_from_ciphers(STACK_OF(SSL_CIPHER) *ciphers)
+ {
+ struct ssl_cipher_preference_list_st* ret = NULL;
+ size_t n = sk_SSL_CIPHER_num(ciphers);
+
+ ret = OPENSSL_malloc(sizeof(struct ssl_cipher_preference_list_st));
+ if (!ret)
+ goto err;
+ ret->ciphers = NULL;
+ ret->in_group_flags = NULL;
+ ret->ciphers = sk_SSL_CIPHER_dup(ciphers);
+ if (!ret->ciphers)
+ goto err;
+ ret->in_group_flags = OPENSSL_malloc(n);
+ if (!ret->in_group_flags)
+ goto err;
+ memset(ret->in_group_flags, 0, n);
+ return ret;
+
+err:
+ if (ret->ciphers)
+ sk_SSL_CIPHER_free(ret->ciphers);
+ if (ret)
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
{
return ctx->param;
@@ -578,7 +647,8 @@
if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
/* add extra stuff */
- if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
+ if (s->cipher_list != NULL)
+ ssl_cipher_preference_list_free(s->cipher_list);
if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
/* Make the next call work :-) */
@@ -1313,19 +1383,19 @@
if (s->cipher_list != NULL)
{
- return(s->cipher_list);
+ return(s->cipher_list->ciphers);
}
if (s->version >= TLS1_1_VERSION)
{
if (s->ctx != NULL && s->ctx->cipher_list_tls11 != NULL)
- return s->ctx->cipher_list_tls11;
+ return s->ctx->cipher_list_tls11->ciphers;
}
if ((s->ctx != NULL) &&
(s->ctx->cipher_list != NULL))
{
- return(s->ctx->cipher_list);
+ return(s->ctx->cipher_list->ciphers);
}
return(NULL);
@@ -1981,7 +2051,7 @@
&ret->cipher_list,&ret->cipher_list_by_id,
meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST, ret->cert);
if (ret->cipher_list == NULL
- || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
+ || sk_SSL_CIPHER_num(ret->cipher_list->ciphers) <= 0)
{
OPENSSL_PUT_ERROR(SSL, SSL_CTX_new, SSL_R_LIBRARY_HAS_NO_CIPHERS);
goto err2;
@@ -2145,11 +2215,11 @@
if (a->cert_store != NULL)
X509_STORE_free(a->cert_store);
if (a->cipher_list != NULL)
- sk_SSL_CIPHER_free(a->cipher_list);
+ ssl_cipher_preference_list_free(a->cipher_list);
if (a->cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(a->cipher_list_by_id);
if (a->cipher_list_tls11 != NULL)
- sk_SSL_CIPHER_free(a->cipher_list_tls11);
+ ssl_cipher_preference_list_free(a->cipher_list_tls11);
if (a->cert != NULL)
ssl_cert_free(a->cert);
if (a->client_CA != NULL)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index ea7e563..0084613 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1004,10 +1004,17 @@
int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
int (*put_cb)(const SSL_CIPHER *, unsigned char *));
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
- STACK_OF(SSL_CIPHER) **pref,
+ struct ssl_cipher_preference_list_st **pref,
STACK_OF(SSL_CIPHER) **sorted,
const char *rule_str, CERT *c);
void ssl_update_cache(SSL *s, int mode);
+struct ssl_cipher_preference_list_st* ssl_cipher_preference_list_dup(
+ struct ssl_cipher_preference_list_st *cipher_list);
+void ssl_cipher_preference_list_free(
+ struct ssl_cipher_preference_list_st *cipher_list);
+struct ssl_cipher_preference_list_st* ssl_cipher_preference_list_from_ciphers(
+ STACK_OF(SSL_CIPHER) *ciphers);
+struct ssl_cipher_preference_list_st* ssl_get_cipher_preferences(SSL *s);
int ssl_cipher_get_comp(const SSL_SESSION *s, SSL_COMP **comp);
int ssl_cipher_get_evp_aead(const SSL_SESSION *s, const EVP_AEAD **aead);
int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
@@ -1106,7 +1113,7 @@
void ssl3_free_digest_list(SSL *s);
unsigned long ssl3_output_cert_chain(SSL *s, CERT_PKEY *cpk);
SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
- STACK_OF(SSL_CIPHER) *srvr);
+ struct ssl_cipher_preference_list_st *srvr);
int ssl3_setup_buffers(SSL *s);
int ssl3_setup_read_buffer(SSL *s);
int ssl3_setup_write_buffer(SSL *s);