From 40dfd8b53bc65cf89aa5571b9b7a72b2578ccedb Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Wed, 1 Apr 2020 11:18:50 -0400
Subject: [PATCH] Handle GOST ciphers in pr_cipher_quality()

This PR modifes pr_cipher_quality() as proposed in #1548 so that GOST ciphers are handled correctly. It changes pr_cipher_quality() so that the OpenSSL name is used in cases in which no RFC name is defined. It also adds a case statement for GOST so that GOST ciphers (that do not use MD5 or Null encryption) are marked as pr_svrty_low (as they are in run_cipherlists) rather than just being assigned the default rating (5).
---
 testssl.sh | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index a40a1ce..a5138e6 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -5937,6 +5937,7 @@ pr_ecdh_curve_quality() {
 pr_cipher_quality() {
      local cipher="$1"
      local text="$2"
+     local ossl_cipher
 
      [[ -z "$1" ]] && return 0
      [[ -z "$text" ]] && text="$cipher"
@@ -5983,7 +5984,7 @@ pr_cipher_quality() {
                          pr_svrty_best "$text"
                          return 7
                          ;; #best ones
-                    *AES*SHA*|*CAMELLIA*SHA*|*SEED*SHA*|*CBC*)
+                    *AES*SHA*|*CAMELLIA*SHA*|*SEED*SHA*|*CBC*|*GOST*)
                          pr_svrty_low "$text"
                          return 4
                          ;;
@@ -5993,7 +5994,9 @@ pr_cipher_quality() {
                          ;;
                esac
           fi
+          ossl_cipher="$cipher"
           cipher="$(openssl2rfc "$cipher")"
+          [[ -z "$cipher" ]] && cipher="$ossl_cipher"
      fi
 
      # Now we look at the RFC cipher names. The sequence matters - as above.
@@ -6018,7 +6021,7 @@ pr_cipher_quality() {
                pr_svrty_medium "$text"
                return 3
                ;;
-          *CBC*)
+          *CBC*|*GOST*)
                pr_svrty_low "$text"
                return 4
                ;;