Hi, I noticed that while debugging some issues with GOST it was very practical to see the name of the 'real' algorithms being used instead of the string "unknown". Currently the file ssl/ssl_ciph.c checks if an key exchange / authentication / encryption / digital signature algorithm is known, and if not, returns "unknown".
Please find attached a patch for the master branch of openssl where the various GOST algorithms are translated to new strings: * key exchange algorithm SSL_kGOST has the value "VKO" (for VKO R 34.10 key exchange) * authentication algorithm SSL_aGOST94 has the value "GOST94" (for GOST R 34.10-94) * authentication algorithm SSL_aGOST01 has the value "GOST01" (for GOST R 34.10-2001) * encryption algorithm SSL_eGOST2814789CNT has the value "GOST89(256)" (for GOST 28147-89) * digital signature algorithm SSL_GOST89MAC has the value "GOST89" (for GOST R 28147-89) * digital signature algorithm SSL_GOST94 has the value "GOST94" (for GOST R 34.11-94) Example of current output: openssl ciphers -v -l "aGOST" GOST2001-GOST89-GOST89 SSLv3 Kx=unknown Au=unknown Enc=unknown Mac=unknown GOST94-GOST89-GOST89 SSLv3 Kx=unknown Au=unknown Enc=unknown Mac=unknown GOST2001-NULL-GOST94 SSLv3 Kx=unknown Au=unknown Enc=None Mac=unknown GOST94-NULL-GOST94 SSLv3 Kx=unknown Au=unknown Enc=None Mac=unknown Example of output of patched ssl/ssl_ciph.c: openssl ciphers -v -l "aGOST" GOST2001-GOST89-GOST89 SSLv3 Kx=VKO Au=GOST01 Enc=GOST89(256) Mac=GOST89 GOST94-GOST89-GOST89 SSLv3 Kx=VKO Au=GOST94 Enc=GOST89(256) Mac=GOST89 GOST2001-NULL-GOST94 SSLv3 Kx=VKO Au=GOST01 Enc=None Mac=GOST94 GOST94-NULL-GOST94 SSLv3 Kx=VKO Au=GOST94 Enc=None Mac=GOST94 Cheers, Peter Mosmans
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 405da44..bc19da1 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1714,6 +1714,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kSRP: kx="SRP"; break; + case SSL_kGOST: + kx="VKO"; + break; default: kx="unknown"; } @@ -1747,6 +1750,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aSRP: au="SRP"; break; + case SSL_aGOST94: + au="GOST94"; + break; + case SSL_aGOST01: + au="GOST01"; + break; default: au="unknown"; break; @@ -1794,6 +1803,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_SEED: enc="SEED(128)"; break; + case SSL_eGOST2814789CNT: + enc="GOST89(256)"; + break; default: enc="unknown"; break; @@ -1816,6 +1828,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_AEAD: mac="AEAD"; break; + case SSL_GOST89MAC: + mac="GOST89"; + break; + case SSL_GOST94: + mac="GOST94"; + break; default: mac="unknown"; break;