From ee1ed1d380f1bd3508186ddf78de678a7072f115 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Mon, 31 Jul 2017 09:11:18 -0400 Subject: [PATCH] Fix the names of older ciphers. The names of these ciphers have an "SSL_" prefix, but the RFC names use "TLS_": https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 This dates back to these ciphers being originally defined in SSLv3. As SSLv3 is on its way out anyway and this is a new set of APIs, consistently use the TLS names. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4007) --- doc/man3/SSL_CIPHER_get_name.pod | 6 ++-- include/openssl/ssl3.h | 20 ++++++------ ssl/t1_trce.c | 56 ++++++++++++++++---------------- test/ciphername_test.c | 56 ++++++++++++++++---------------- 4 files changed, 70 insertions(+), 68 deletions(-) diff --git a/doc/man3/SSL_CIPHER_get_name.pod b/doc/man3/SSL_CIPHER_get_name.pod index 691f9f46d8..89f53d685d 100644 --- a/doc/man3/SSL_CIPHER_get_name.pod +++ b/doc/man3/SSL_CIPHER_get_name.pod @@ -40,11 +40,13 @@ B is NULL, it returns "(NONE)". SSL_CIPHER_standard_name() returns a pointer to the standard RFC name of B. If the B is NULL, it returns "(NONE)". If the B -has no standard name, it returns B. +has no standard name, it returns B. If B was defined in both +SSLv3 and TLS, it returns the TLS name. OPENSSL_cipher_name() returns a pointer to the OpenSSL name of B. If the B is NULL, or B has no corresponding OpenSSL name, -it returns "(NONE)". +it returns "(NONE)". Where both exist, B should be the TLS name rather +than the SSLv3 name. SSL_CIPHER_get_bits() returns the number of secret bits used for B. If B is NULL, 0 is returned. diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 67e5c095b5..e9d56a8385 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -70,16 +70,16 @@ extern "C" { # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B /* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */ -# define SSL3_RFC_RSA_NULL_MD5 "SSL_RSA_WITH_NULL_MD5" -# define SSL3_RFC_RSA_NULL_SHA "SSL_RSA_WITH_NULL_SHA" -# define SSL3_RFC_RSA_DES_192_CBC3_SHA "SSL_RSA_WITH_3DES_EDE_CBC_SHA" -# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" -# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA" -# define SSL3_RFC_ADH_DES_192_CBC_SHA "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" -# define SSL3_RFC_RSA_IDEA_128_SHA "SSL_RSA_WITH_IDEA_CBC_SHA" -# define SSL3_RFC_RSA_RC4_128_MD5 "SSL_RSA_WITH_RC4_128_MD5" -# define SSL3_RFC_RSA_RC4_128_SHA "SSL_RSA_WITH_RC4_128_SHA" -# define SSL3_RFC_ADH_RC4_128_MD5 "SSL_DH_anon_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_NULL_MD5 "TLS_RSA_WITH_NULL_MD5" +# define SSL3_RFC_RSA_NULL_SHA "TLS_RSA_WITH_NULL_SHA" +# define SSL3_RFC_RSA_DES_192_CBC3_SHA "TLS_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_ADH_DES_192_CBC_SHA "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA" +# define SSL3_RFC_RSA_IDEA_128_SHA "TLS_RSA_WITH_IDEA_CBC_SHA" +# define SSL3_RFC_RSA_RC4_128_MD5 "TLS_RSA_WITH_RC4_128_MD5" +# define SSL3_RFC_RSA_RC4_128_SHA "TLS_RSA_WITH_RC4_128_SHA" +# define SSL3_RFC_ADH_RC4_128_MD5 "TLS_DH_anon_WITH_RC4_128_MD5" # define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" # define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 803df27a42..3bd25a5b1a 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -107,34 +107,34 @@ static ssl_trace_tbl ssl_handshake_tbl[] = { /* Cipher suites */ static ssl_trace_tbl ssl_ciphers_tbl[] = { - {0x0000, "SSL_NULL_WITH_NULL_NULL"}, - {0x0001, "SSL_RSA_WITH_NULL_MD5"}, - {0x0002, "SSL_RSA_WITH_NULL_SHA"}, - {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"}, - {0x0004, "SSL_RSA_WITH_RC4_128_MD5"}, - {0x0005, "SSL_RSA_WITH_RC4_128_SHA"}, - {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"}, - {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"}, - {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"}, - {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"}, - {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"}, - {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"}, - {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"}, - {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"}, - {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, - {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"}, - {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}, + {0x0000, "TLS_NULL_WITH_NULL_NULL"}, + {0x0001, "TLS_RSA_WITH_NULL_MD5"}, + {0x0002, "TLS_RSA_WITH_NULL_SHA"}, + {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, + {0x0004, "TLS_RSA_WITH_RC4_128_MD5"}, + {0x0005, "TLS_RSA_WITH_RC4_128_SHA"}, + {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, + {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"}, + {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"}, + {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, + {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, + {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, + {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, + {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, + {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, + {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, + {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, + {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"}, + {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, + {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"}, + {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, diff --git a/test/ciphername_test.c b/test/ciphername_test.c index c2c31573ca..97cc56a92c 100644 --- a/test/ciphername_test.c +++ b/test/ciphername_test.c @@ -29,34 +29,34 @@ typedef struct cipher_id_name { /* Cipher suites, copied from t1_trce.c */ static CIPHER_ID_NAME cipher_names[] = { - {0x0000, "SSL_NULL_WITH_NULL_NULL"}, - {0x0001, "SSL_RSA_WITH_NULL_MD5"}, - {0x0002, "SSL_RSA_WITH_NULL_SHA"}, - {0x0003, "SSL_RSA_EXPORT_WITH_RC4_40_MD5"}, - {0x0004, "SSL_RSA_WITH_RC4_128_MD5"}, - {0x0005, "SSL_RSA_WITH_RC4_128_SHA"}, - {0x0006, "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, - {0x0007, "SSL_RSA_WITH_IDEA_CBC_SHA"}, - {0x0008, "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0009, "SSL_RSA_WITH_DES_CBC_SHA"}, - {0x000A, "SSL_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x000B, "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000C, "SSL_DH_DSS_WITH_DES_CBC_SHA"}, - {0x000D, "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x000E, "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x000F, "SSL_DH_RSA_WITH_DES_CBC_SHA"}, - {0x0010, "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0011, "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0012, "SSL_DHE_DSS_WITH_DES_CBC_SHA"}, - {0x0013, "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, - {0x0014, "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, - {0x0015, "SSL_DHE_RSA_WITH_DES_CBC_SHA"}, - {0x0016, "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, - {0x0017, "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"}, - {0x0018, "SSL_DH_anon_WITH_RC4_128_MD5"}, - {0x0019, "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, - {0x001A, "SSL_DH_anon_WITH_DES_CBC_SHA"}, - {0x001B, "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}, + {0x0000, "TLS_NULL_WITH_NULL_NULL"}, + {0x0001, "TLS_RSA_WITH_NULL_MD5"}, + {0x0002, "TLS_RSA_WITH_NULL_SHA"}, + {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"}, + {0x0004, "TLS_RSA_WITH_RC4_128_MD5"}, + {0x0005, "TLS_RSA_WITH_RC4_128_SHA"}, + {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"}, + {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"}, + {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"}, + {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"}, + {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"}, + {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"}, + {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"}, + {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"}, + {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"}, + {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"}, + {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"}, + {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"}, + {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"}, + {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"}, + {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"}, + {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"}, + {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"}, {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"}, {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"}, {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"}, -- 2.34.1