Browse code
Fix handling an optional invalid cipher at the end of data-ciphers
If an optional cipher was found at the end of --data-cipher that was
not available, it would reset the error and allow non optional ciphers
to be ignored.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20211206150852.3142891-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20211206150852.3142891-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 868433857fbf8d71515ac0ffecb98eae893515dc)
Arne Schwabe authored on 2021/12/07 00:08:52Showing 2 changed files
| ... | ... |
@@ -133,7 +133,7 @@ mutate_ncp_cipher_list(const char *list, struct gc_arena *gc) |
| 133 | 133 |
{
|
| 134 | 134 |
const char* optstr = optional ? "optional ": ""; |
| 135 | 135 |
msg(M_WARN, "Unsupported %scipher in --data-ciphers: %s", optstr, token); |
| 136 |
- error_found = !optional; |
|
| 136 |
+ error_found = error_found || !optional; |
|
| 137 | 137 |
} |
| 138 | 138 |
else |
| 139 | 139 |
{
|
| ... | ... |
@@ -85,6 +85,9 @@ test_check_ncp_ciphers_list(void **state) |
| 85 | 85 |
/* All unsupported should still yield an empty list */ |
| 86 | 86 |
assert_ptr_equal(mutate_ncp_cipher_list("?kugelfisch:?grasshopper", &gc), NULL);
|
| 87 | 87 |
|
| 88 |
+ /* If the last is optional, previous invalid ciphers should be ignored */ |
|
| 89 |
+ assert_ptr_equal(mutate_ncp_cipher_list("Vollbit:Littlebit:AES-256-CBC:BF-CBC:?nixbit", &gc), NULL);
|
|
| 90 |
+ |
|
| 88 | 91 |
/* For testing that with OpenSSL 1.1.0+ that also accepts ciphers in |
| 89 | 92 |
* a different spelling the normalised cipher output is the same */ |
| 90 | 93 |
bool have_chacha_mixed_case = cipher_kt_get("ChaCha20-Poly1305");
|