[openssl.org #3440] show real GOST algorithm names instead of "unknown"

Tue, 08 Jul 2014 09:19:28 -0700 

Hi,

I noticed that while debugging some issues with GOST it was very
practical to see the name of the 'real' algorithms being used instead of
the string "unknown".
Currently the file ssl/ssl_ciph.c checks if an key exchange /
authentication / encryption / digital signature algorithm is known, and
if not, returns "unknown".

Please find attached a patch for the master branch of openssl where the
various GOST algorithms are translated to new strings:
* key exchange algorithm SSL_kGOST has the value "VKO"  (for VKO R 34.10
key exchange)
* authentication algorithm SSL_aGOST94 has the value "GOST94" (for GOST
R 34.10-94)
* authentication algorithm SSL_aGOST01 has the value "GOST01" (for GOST
R 34.10-2001)
* encryption algorithm SSL_eGOST2814789CNT has the value "GOST89(256)"
(for GOST 28147-89)
* digital signature algorithm SSL_GOST89MAC has the value "GOST89" (for
GOST R 28147-89)
* digital signature algorithm SSL_GOST94 has the value "GOST94" (for
GOST R 34.11-94)

Example of current output:
openssl ciphers -v -l "aGOST"
GOST2001-GOST89-GOST89  SSLv3 Kx=unknown  Au=unknown Enc=unknown  
Mac=unknown
GOST94-GOST89-GOST89    SSLv3 Kx=unknown  Au=unknown Enc=unknown  
Mac=unknown
GOST2001-NULL-GOST94    SSLv3 Kx=unknown  Au=unknown Enc=None     
Mac=unknown
GOST94-NULL-GOST94      SSLv3 Kx=unknown  Au=unknown Enc=None     
Mac=unknown

Example of output of patched ssl/ssl_ciph.c:
openssl ciphers -v -l "aGOST"
GOST2001-GOST89-GOST89  SSLv3 Kx=VKO      Au=GOST01 Enc=GOST89(256)
Mac=GOST89
GOST94-GOST89-GOST89    SSLv3 Kx=VKO      Au=GOST94 Enc=GOST89(256)
Mac=GOST89
GOST2001-NULL-GOST94    SSLv3 Kx=VKO      Au=GOST01 Enc=None      Mac=GOST94
GOST94-NULL-GOST94      SSLv3 Kx=VKO      Au=GOST94 Enc=None      Mac=GOST94


Cheers,


Peter Mosmans


diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 405da44..bc19da1 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1714,6 +1714,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, 
char *buf, int len)
        case SSL_kSRP:
                kx="SRP";
                break;
+       case SSL_kGOST:
+               kx="VKO";
+               break;
        default:
                kx="unknown";
                }
@@ -1747,6 +1750,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, 
char *buf, int len)
        case SSL_aSRP:
                au="SRP";
                break;
+       case SSL_aGOST94:
+               au="GOST94";
+               break;
+       case SSL_aGOST01:
+               au="GOST01";
+               break;
        default:
                au="unknown";
                break;
@@ -1794,6 +1803,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, 
char *buf, int len)
        case SSL_SEED:
                enc="SEED(128)";
                break;
+       case SSL_eGOST2814789CNT:
+               enc="GOST89(256)";
+               break;
        default:
                enc="unknown";
                break;
@@ -1816,6 +1828,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, 
char *buf, int len)
        case SSL_AEAD:
                mac="AEAD";
                break;
+       case SSL_GOST89MAC:
+               mac="GOST89";
+               break;
+       case SSL_GOST94:
+               mac="GOST94";
+               break;
        default:
                mac="unknown";
                break;

Reply via email to