Handle GOST ciphers in pr_cipher_quality()

This PR modifes pr_cipher_quality() as proposed in #1548 so that GOST ciphers are handled correctly. It changes pr_cipher_quality() so that the OpenSSL name is used in cases in which no RFC name is defined. It also adds a case statement for GOST so that GOST ciphers (that do not use MD5 or Null encryption) are marked as pr_svrty_low (as they are in run_cipherlists) rather than just being assigned the default rating (5).
This commit is contained in:
David Cooper 2020-04-01 11:18:50 -04:00
parent 061732a5fb
commit 40dfd8b53b
1 changed files with 5 additions and 2 deletions

View File

@ -5937,6 +5937,7 @@ pr_ecdh_curve_quality() {
pr_cipher_quality() {
local cipher="$1"
local text="$2"
local ossl_cipher
[[ -z "$1" ]] && return 0
[[ -z "$text" ]] && text="$cipher"
@ -5983,7 +5984,7 @@ pr_cipher_quality() {
pr_svrty_best "$text"
return 7
;; #best ones
*AES*SHA*|*CAMELLIA*SHA*|*SEED*SHA*|*CBC*)
*AES*SHA*|*CAMELLIA*SHA*|*SEED*SHA*|*CBC*|*GOST*)
pr_svrty_low "$text"
return 4
;;
@ -5993,7 +5994,9 @@ pr_cipher_quality() {
;;
esac
fi
ossl_cipher="$cipher"
cipher="$(openssl2rfc "$cipher")"
[[ -z "$cipher" ]] && cipher="$ossl_cipher"
fi
# Now we look at the RFC cipher names. The sequence matters - as above.
@ -6018,7 +6021,7 @@ pr_cipher_quality() {
pr_svrty_medium "$text"
return 3
;;
*CBC*)
*CBC*|*GOST*)
pr_svrty_low "$text"
return 4
;;