Handle GOST ciphers in pr_cipher_quality()
This PR modifes pr_cipher_quality() as proposed in #1548 so that GOST ciphers are handled correctly. It changes pr_cipher_quality() so that the OpenSSL name is used in cases in which no RFC name is defined. It also adds a case statement for GOST so that GOST ciphers (that do not use MD5 or Null encryption) are marked as pr_svrty_low (as they are in run_cipherlists) rather than just being assigned the default rating (5).
This commit is contained in:
parent
061732a5fb
commit
40dfd8b53b
|
@ -5937,6 +5937,7 @@ pr_ecdh_curve_quality() {
|
||||||
pr_cipher_quality() {
|
pr_cipher_quality() {
|
||||||
local cipher="$1"
|
local cipher="$1"
|
||||||
local text="$2"
|
local text="$2"
|
||||||
|
local ossl_cipher
|
||||||
|
|
||||||
[[ -z "$1" ]] && return 0
|
[[ -z "$1" ]] && return 0
|
||||||
[[ -z "$text" ]] && text="$cipher"
|
[[ -z "$text" ]] && text="$cipher"
|
||||||
|
@ -5983,7 +5984,7 @@ pr_cipher_quality() {
|
||||||
pr_svrty_best "$text"
|
pr_svrty_best "$text"
|
||||||
return 7
|
return 7
|
||||||
;; #best ones
|
;; #best ones
|
||||||
*AES*SHA*|*CAMELLIA*SHA*|*SEED*SHA*|*CBC*)
|
*AES*SHA*|*CAMELLIA*SHA*|*SEED*SHA*|*CBC*|*GOST*)
|
||||||
pr_svrty_low "$text"
|
pr_svrty_low "$text"
|
||||||
return 4
|
return 4
|
||||||
;;
|
;;
|
||||||
|
@ -5993,7 +5994,9 @@ pr_cipher_quality() {
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
ossl_cipher="$cipher"
|
||||||
cipher="$(openssl2rfc "$cipher")"
|
cipher="$(openssl2rfc "$cipher")"
|
||||||
|
[[ -z "$cipher" ]] && cipher="$ossl_cipher"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Now we look at the RFC cipher names. The sequence matters - as above.
|
# Now we look at the RFC cipher names. The sequence matters - as above.
|
||||||
|
@ -6018,7 +6021,7 @@ pr_cipher_quality() {
|
||||||
pr_svrty_medium "$text"
|
pr_svrty_medium "$text"
|
||||||
return 3
|
return 3
|
||||||
;;
|
;;
|
||||||
*CBC*)
|
*CBC*|*GOST*)
|
||||||
pr_svrty_low "$text"
|
pr_svrty_low "$text"
|
||||||
return 4
|
return 4
|
||||||
;;
|
;;
|
||||||
|
|
Loading…
Reference in New Issue