kris
/
boringssl
1
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Sfoglia il codice sorgente

Support standard RFC cipher suite names alongside OpenSSL ones. 

Both Conscrypt and Netty have a lot of logic to map between the two
kinds of names. WebRTC needed an SSL_CIPHER_get_rfc_name for something.
Just have both in the library. Also deprecate SSL_CIPHER_get_rfc_name
in favor of SSL_CIPHER_standard_name, which matches upstream if built
with enable-ssl-trace. And, unlike SSL_CIPHER_get_rfc_name, this does
not require dealing with the malloc.

(Strangely this decreases bssl's binary size, even though we're carrying
more strings around. It seems the old SSL_CIPHER_get_rfc_name was
somewhat large in comparison. Regardless, a consumer that disliked 30
short strings probably also disliked the OpenSSL names. That would be
better solved by opaquifying SSL_CIPHER and adding a less stringy API
for configuring cipher lists. That's something we can explore later if
needed.)

I also made the command-line tool print out the standard names since
they're more standard. May as well push folks towards those going
forward.

Change-Id: Ieeb3d63e67ef4da87458e68d130166a4c1090596
Reviewed-on: https://boringssl-review.googlesource.com/17324
Reviewed-by: Robert Sloan <varomodt@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
kris/onging/CECPQ3_patch15
David Benjamin 7 anni fa
committed by CQ bot account: commit-bot@chromium.org
parent
cd60bf0e0a
commit
6fff386492
5 ha cambiato i file con 105 aggiunte e 116 eliminazioni
Visualizzazione separata
Opzioni Diff
Mostra statistiche Scarica il file Patch Scarica il file Diff
  1. +20
    -12
      include/openssl/ssl.h
  2. +39
    -71
      ssl/ssl_cipher.c
  3. +44
    -31
      ssl/ssl_test.cc
  4. +1
    -1
      tool/ciphers.cc
  5. +1
    -1
      tool/transport_common.cc

+ 20
- 12
include/openssl/ssl.h Vedi File

@@ -1246,7 +1246,12 @@ OPENSSL_EXPORT uint16_t SSL_CIPHER_get_min_version(const SSL_CIPHER *cipher);
* supports |cipher|. */
OPENSSL_EXPORT uint16_t SSL_CIPHER_get_max_version(const SSL_CIPHER *cipher);

/* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. */
/* SSL_CIPHER_standard_name returns the standard IETF name for |cipher|. For
* example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". */
OPENSSL_EXPORT const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher);

/* SSL_CIPHER_get_name returns the OpenSSL name of |cipher|. For example,
* "ECDHE-RSA-AES128-GCM-SHA256". */
OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);

/* SSL_CIPHER_get_kx_name returns a string that describes the key-exchange
@@ -1254,12 +1259,6 @@ OPENSSL_EXPORT const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
* ciphers return the string "GENERIC". */
OPENSSL_EXPORT const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher);

/* SSL_CIPHER_get_rfc_name returns a newly-allocated string with the standard
* name for |cipher| or NULL on error. For example,
* "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". The caller is responsible for
* calling |OPENSSL_free| on the result. */
OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher);

/* SSL_CIPHER_get_bits returns the strength, in bits, of |cipher|. If
* |out_alg_bits| is not NULL, it writes the number of bits consumed by the
* symmetric algorithm to |*out_alg_bits|. */
@@ -1295,10 +1294,10 @@ OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher,
* |!| deletes all matching ciphers, enabled or not, from either list. Deleted
* ciphers will not matched by future operations.
*
* A selector may be a specific cipher (using the OpenSSL name for the cipher)
* or one or more rules separated by |+|. The final selector matches the
* intersection of each rule. For instance, |AESGCM+aECDSA| matches
* ECDSA-authenticated AES-GCM ciphers.
* A selector may be a specific cipher (using either the standard or OpenSSL
* name for the cipher) or one or more rules separated by |+|. The final
* selector matches the intersection of each rule. For instance, |AESGCM+aECDSA|
* matches ECDSA-authenticated AES-GCM ciphers.
*
* Available cipher rules are:
*
@@ -3386,13 +3385,20 @@ OPENSSL_EXPORT int SSL_library_init(void);
* The description includes a trailing newline and has the form:
* AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
*
* Consider |SSL_CIPHER_get_name| or |SSL_CIPHER_get_rfc_name| instead. */
* Consider |SSL_CIPHER_standard_name| or |SSL_CIPHER_get_name| instead. */
OPENSSL_EXPORT const char *SSL_CIPHER_description(const SSL_CIPHER *cipher,
char *buf, int len);

/* SSL_CIPHER_get_version returns the string "TLSv1/SSLv3". */
OPENSSL_EXPORT const char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);

/* SSL_CIPHER_get_rfc_name returns a newly-allocated string containing the
* result of |SSL_CIPHER_standard_name| or NULL on error. The caller is
* responsible for calling |OPENSSL_free| on the result.
*
* Use |SSL_CIPHER_standard_name| instead. */
OPENSSL_EXPORT char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher);

typedef void COMP_METHOD;

/* SSL_COMP_get_compression_methods returns NULL. */
@@ -3890,6 +3896,8 @@ typedef struct ssl_x509_method_st SSL_X509_METHOD;
struct ssl_cipher_st {
/* name is the OpenSSL name for the cipher. */
const char *name;
/* standard_name is the IETF name for the cipher. */
const char *standard_name;
/* id is the cipher suite value bitwise OR-d with 0x03000000. */
uint32_t id;



+ 39
- 71
ssl/ssl_cipher.c Vedi File

@@ -160,6 +160,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 02 */
{
SSL3_TXT_RSA_NULL_SHA,
"TLS_RSA_WITH_NULL_SHA",
SSL3_CK_RSA_NULL_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -171,6 +172,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 0A */
{
SSL3_TXT_RSA_DES_192_CBC3_SHA,
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
SSL3_CK_RSA_DES_192_CBC3_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -185,6 +187,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 2F */
{
TLS1_TXT_RSA_WITH_AES_128_SHA,
"TLS_RSA_WITH_AES_128_CBC_SHA",
TLS1_CK_RSA_WITH_AES_128_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -196,6 +199,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 35 */
{
TLS1_TXT_RSA_WITH_AES_256_SHA,
"TLS_RSA_WITH_AES_256_CBC_SHA",
TLS1_CK_RSA_WITH_AES_256_SHA,
SSL_kRSA,
SSL_aRSA,
@@ -210,6 +214,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 3C */
{
TLS1_TXT_RSA_WITH_AES_128_SHA256,
"TLS_RSA_WITH_AES_128_CBC_SHA256",
TLS1_CK_RSA_WITH_AES_128_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -221,6 +226,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 3D */
{
TLS1_TXT_RSA_WITH_AES_256_SHA256,
"TLS_RSA_WITH_AES_256_CBC_SHA256",
TLS1_CK_RSA_WITH_AES_256_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -234,6 +240,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 8C */
{
TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
"TLS_PSK_WITH_AES_128_CBC_SHA",
TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
@@ -245,6 +252,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 8D */
{
TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
"TLS_PSK_WITH_AES_256_CBC_SHA",
TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
SSL_kPSK,
SSL_aPSK,
@@ -258,6 +266,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 9C */
{
TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
"TLS_RSA_WITH_AES_128_GCM_SHA256",
TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
SSL_kRSA,
SSL_aRSA,
@@ -269,6 +278,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 9D */
{
TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
"TLS_RSA_WITH_AES_256_GCM_SHA384",
TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
SSL_kRSA,
SSL_aRSA,
@@ -282,6 +292,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 1301 */
{
TLS1_TXT_AES_128_GCM_SHA256,
"TLS_AES_128_GCM_SHA256",
TLS1_CK_AES_128_GCM_SHA256,
SSL_kGENERIC,
SSL_aGENERIC,
@@ -293,6 +304,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 1302 */
{
TLS1_TXT_AES_256_GCM_SHA384,
"TLS_AES_256_GCM_SHA384",
TLS1_CK_AES_256_GCM_SHA384,
SSL_kGENERIC,
SSL_aGENERIC,
@@ -304,6 +316,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher 1303 */
{
TLS1_TXT_CHACHA20_POLY1305_SHA256,
"TLS_CHACHA20_POLY1305_SHA256",
TLS1_CK_CHACHA20_POLY1305_SHA256,
SSL_kGENERIC,
SSL_aGENERIC,
@@ -315,6 +328,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C009 */
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aECDSA,
@@ -326,6 +340,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C00A */
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aECDSA,
@@ -337,6 +352,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C013 */
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aRSA,
@@ -348,6 +364,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C014 */
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aRSA,
@@ -362,6 +379,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C023 */
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
SSL_kECDHE,
SSL_aECDSA,
@@ -373,6 +391,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C024 */
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
SSL_kECDHE,
SSL_aECDSA,
@@ -384,6 +403,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C027 */
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
SSL_kECDHE,
SSL_aRSA,
@@ -395,6 +415,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C028 */
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
SSL_kECDHE,
SSL_aRSA,
@@ -409,6 +430,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C02B */
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHE,
SSL_aECDSA,
@@ -420,6 +442,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C02C */
{
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aECDSA,
@@ -431,6 +454,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C02F */
{
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
SSL_kECDHE,
SSL_aRSA,
@@ -442,6 +466,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C030 */
{
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aRSA,
@@ -455,6 +480,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C035 */
{
TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
SSL_kECDHE,
SSL_aPSK,
@@ -466,6 +492,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher C036 */
{
TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
"TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
SSL_kECDHE,
SSL_aPSK,
@@ -479,6 +506,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher CCA8 */
{
TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
SSL_kECDHE,
SSL_aRSA,
@@ -490,6 +518,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher CCA9 */
{
TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
SSL_kECDHE,
SSL_aECDSA,
@@ -501,6 +530,7 @@ static const SSL_CIPHER kCiphers[] = {
/* Cipher CCAB */
{
TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
"TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
SSL_kECDHE,
SSL_aPSK,
@@ -1089,8 +1119,8 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method,
ch = *l;
buf = l;
buf_len = 0;
while (((ch >= 'A') && (ch <= 'Z')) || ((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) || (ch == '-') || (ch == '.')) {
while ((ch >= 'A' && ch <= 'Z') || (ch >= '0' && ch <= '9') ||
(ch >= 'a' && ch <= 'z') || ch == '-' || ch == '.' || ch == '_') {
ch = *(++l);
buf_len++;
}
@@ -1111,7 +1141,8 @@ static int ssl_cipher_process_rulestr(const SSL_PROTOCOL_METHOD *ssl_method,
if (!multi && ch != '+') {
for (j = 0; j < kCiphersLen; j++) {
const SSL_CIPHER *cipher = &kCiphers[j];
if (rule_equals(cipher->name, buf, buf_len)) {
if (rule_equals(cipher->name, buf, buf_len) ||
rule_equals(cipher->standard_name, buf, buf_len)) {
cipher_id = cipher->id;
break;
}
@@ -1447,6 +1478,10 @@ const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher) {
return "(NONE)";
}

const char *SSL_CIPHER_standard_name(const SSL_CIPHER *cipher) {
return cipher->standard_name;
}

const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher) {
if (cipher == NULL) {
return "";
@@ -1483,79 +1518,12 @@ const char *SSL_CIPHER_get_kx_name(const SSL_CIPHER *cipher) {
}
}

static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) {
switch (cipher->algorithm_enc) {
case SSL_3DES:
return "3DES_EDE_CBC";
case SSL_AES128:
return "AES_128_CBC";
case SSL_AES256:
return "AES_256_CBC";
case SSL_AES128GCM:
return "AES_128_GCM";
case SSL_AES256GCM:
return "AES_256_GCM";
case SSL_CHACHA20POLY1305:
return "CHACHA20_POLY1305";
break;
default:
assert(0);
return "UNKNOWN";
}
}

static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) {
switch (cipher->algorithm_prf) {
case SSL_HANDSHAKE_MAC_DEFAULT:
/* Before TLS 1.2, the PRF component is the hash used in the HMAC, which
* is SHA-1 for all supported ciphers. */
assert(cipher->algorithm_mac == SSL_SHA1);
return "SHA";
case SSL_HANDSHAKE_MAC_SHA256:
return "SHA256";
case SSL_HANDSHAKE_MAC_SHA384:
return "SHA384";
}
assert(0);
return "UNKNOWN";
}

char *SSL_CIPHER_get_rfc_name(const SSL_CIPHER *cipher) {
if (cipher == NULL) {
return NULL;
}

const char *kx_name = SSL_CIPHER_get_kx_name(cipher);
const char *enc_name = ssl_cipher_get_enc_name(cipher);
const char *prf_name = ssl_cipher_get_prf_name(cipher);

/* The final name is TLS_{kx_name}_WITH_{enc_name}_{prf_name} or
* TLS_{enc_name}_{prf_name} depending on whether the cipher is AEAD-only. */
size_t len = 4 + strlen(enc_name) + 1 + strlen(prf_name) + 1;

if (cipher->algorithm_mkey != SSL_kGENERIC) {
len += strlen(kx_name) + 6;
}

char *ret = OPENSSL_malloc(len);
if (ret == NULL) {
return NULL;
}

if (BUF_strlcpy(ret, "TLS_", len) >= len ||
(cipher->algorithm_mkey != SSL_kGENERIC &&
(BUF_strlcat(ret, kx_name, len) >= len ||
BUF_strlcat(ret, "_WITH_", len) >= len)) ||
BUF_strlcat(ret, enc_name, len) >= len ||
BUF_strlcat(ret, "_", len) >= len ||
BUF_strlcat(ret, prf_name, len) >= len) {
assert(0);
OPENSSL_free(ret);
return NULL;
}

assert(strlen(ret) + 1 == len);
return ret;
return OPENSSL_strdup(SSL_CIPHER_standard_name(cipher));
}

int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *out_alg_bits) {


+ 44
- 31
ssl/ssl_test.cc Vedi File

@@ -177,6 +177,20 @@ static const CipherTest kCipherTests[] = {
},
false,
},
// Standard names may be used instead of OpenSSL names.
{
"[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256|"
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256]:"
"[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256]:"
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
{
{TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, 1},
{TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0},
{TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0},
{TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0},
},
false,
},
// @STRENGTH performs a stable strength-sort of the selected ciphers and
// only the selected ciphers.
{
@@ -730,43 +744,42 @@ TEST(SSLTest, DefaultVersion) {
ExpectDefaultVersion(TLS1_2_VERSION, TLS1_2_VERSION, &DTLSv1_2_method);
}

typedef struct {
int id;
const char *rfc_name;
} CIPHER_RFC_NAME_TEST;

static const CIPHER_RFC_NAME_TEST kCipherRFCNameTests[] = {
{SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
{TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
{TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
{TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
{TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
{TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
{TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
{TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
{TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
{TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
{TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
{TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
};
TEST(SSLTest, CipherGetStandardName) {
static const struct {
int id;
const char *standard_name;
} kTests[] = {
{SSL3_CK_RSA_DES_192_CBC3_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
{TLS1_CK_RSA_WITH_AES_128_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA"},
{TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
{TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
{TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
{TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
{TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
{TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
{TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
{TLS1_CK_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384"},
{TLS1_CK_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256"},
{TLS1_CK_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256"},
};

TEST(SSLTest, CipherGetRFCName) {
for (const CIPHER_RFC_NAME_TEST &t : kCipherRFCNameTests) {
SCOPED_TRACE(t.rfc_name);
for (const auto &t : kTests) {
SCOPED_TRACE(t.standard_name);

const SSL_CIPHER *cipher = SSL_get_cipher_by_value(t.id & 0xffff);
ASSERT_TRUE(cipher);
EXPECT_STREQ(t.standard_name, SSL_CIPHER_standard_name(cipher));

bssl::UniquePtr<char> rfc_name(SSL_CIPHER_get_rfc_name(cipher));
ASSERT_TRUE(rfc_name);

EXPECT_STREQ(t.rfc_name, rfc_name.get());
EXPECT_STREQ(t.standard_name, rfc_name.get());
}
}



+ 1
- 1
tool/ciphers.cc Vedi File

@@ -52,7 +52,7 @@ bool Ciphers(const std::vector<std::string> &args) {
printf(" ");
}

printf("%s\n", SSL_CIPHER_get_name(cipher));
printf("%s\n", SSL_CIPHER_standard_name(cipher));

if (!in_group && last_in_group) {
printf("]\n");


+ 1
- 1
tool/transport_common.cc Vedi File

@@ -251,7 +251,7 @@ void PrintConnectionInfo(const SSL *ssl) {
fprintf(stderr, " Version: %s\n", SSL_get_version(ssl));
fprintf(stderr, " Resumed session: %s\n",
SSL_session_reused(ssl) ? "yes" : "no");
fprintf(stderr, " Cipher: %s\n", SSL_CIPHER_get_name(cipher));
fprintf(stderr, " Cipher: %s\n", SSL_CIPHER_standard_name(cipher));
uint16_t curve = SSL_get_curve_id(ssl);
if (curve != 0) {
fprintf(stderr, " ECDHE curve: %s\n", SSL_get_curve_name(curve));


Scrivi Anteprima
Caricamento…
Annulla
Salva