public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow cipher strings to be given using its standard name

Browse source 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16179)
This commit is contained in:
Erik Lax 2021-07-30 00:47:46 +02:00 committed by Tomas Mraz
parent 398ae82316
commit d1b26ddbf6
4 changed files with 30 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES.md
View file

@ -24,6 +24,11 @@ OpenSSL 3.1
### Changes between 3.0 and 3.1 [xx XXX xxxx] ### Changes between 3.0 and 3.1 [xx XXX xxxx]
* The SSL_CTX_set_cipher_list family functions now accept ciphers using their
IANA standard names.
*Erik Lax*
* The PVK key derivation function has been moved from b2i_PVK_bio_ex() into * The PVK key derivation function has been moved from b2i_PVK_bio_ex() into
the legacy crypto provider as an EVP_KDF. Applications requiring this KDF the legacy crypto provider as an EVP_KDF. Applications requiring this KDF
will need to load the legacy crypto provider. will need to load the legacy crypto provider.

2
doc/man1/openssl-ciphers.pod.in
View file

@ -115,6 +115,8 @@ used. The format is described below.
The cipher list consists of one or more I<cipher strings> separated by colons. The cipher list consists of one or more I<cipher strings> separated by colons.
Commas or spaces are also acceptable separators but colons are normally used. Commas or spaces are also acceptable separators but colons are normally used.
The cipher string may reference a cipher using its standard name.
The actual cipher string can take several different forms. The actual cipher string can take several different forms.
It can consist of a single cipher suite such as B<RC4-SHA>. It can consist of a single cipher suite such as B<RC4-SHA>.

9
ssl/ssl_ciph.c
View file

@ -1042,9 +1042,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
while (((ch >= 'A') && (ch <= 'Z')) || while (((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) || ((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) || ((ch >= 'a') && (ch <= 'z')) ||
(ch == '-') || (ch == '.') || (ch == '=')) (ch == '-') || (ch == '_') || (ch == '.') || (ch == '='))
#else #else
while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.') while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '_') || (ch == '.')
|| (ch == '=')) || (ch == '='))
#endif #endif
{ {
@ -1095,6 +1095,11 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
&& (ca_list[j]->name[buflen] == '\0')) { && (ca_list[j]->name[buflen] == '\0')) {
found = 1; found = 1;
break; break;
} else if (ca_list[j]->stdname != NULL
&& strncmp(buf, ca_list[j]->stdname, buflen) == 0
&& ca_list[j]->stdname[buflen] == '\0') {
found = 1;
break;
} else } else
j++; j++;
} }

16
test/cipherlist_test.c
View file

@ -244,10 +244,26 @@ end:
return result; return result;
} }
/* SSL_CTX_set_cipher_list matching with cipher standard name */
static int test_stdname_cipherlist(void)
{
SETUP_CIPHERLIST_TEST_FIXTURE();
if (!TEST_true(SSL_CTX_set_cipher_list(fixture->server, TLS1_RFC_RSA_WITH_AES_128_SHA))
|| !TEST_true(SSL_CTX_set_cipher_list(fixture->client, TLS1_RFC_RSA_WITH_AES_128_SHA))) {
goto end;
}
result = 1;
end:
tear_down(fixture);
fixture = NULL;
return result;
}
int setup_tests(void) int setup_tests(void)
{ {
ADD_TEST(test_default_cipherlist_implicit); ADD_TEST(test_default_cipherlist_implicit);
ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_explicit);
ADD_TEST(test_default_cipherlist_clear); ADD_TEST(test_default_cipherlist_clear);
ADD_TEST(test_stdname_cipherlist);
return 1; return 1;
} }