Add cipher list ciphersuites which using encryption algorithm in mode CBC.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11984)

diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index 07ff9bc1df672ce2e701abf290b243d3cd08d32c..b4ed3e51d590421cbf19ffdf4606090d8e471bc7 100644 (file)
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -403,6 +403,13 @@ used and only the two suite B compliant cipher suites
 (ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are
 permissible.
 
+=item B<CBC>
+
+All cipher suites using encryption algorithm in Cipher Block Chaining (CBC)
+mode. These cipher suites are only supported in TLS v1.2 and earlier. Currently
+it's an alias for the following cipherstrings: B<SSL_DES>, B<SSL_3DES>, B<SSL_RC2>,
+B<SSL_IDEA>, B<SSL_AES128>, B<SSL_AES256>, B<SSL_CAMELLIA128>, B<SSL_CAMELLIA256>, B<SSL_SEED>.
+
 =back
 
 =head1 CIPHER SUITE NAMES

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0973f0688d29f6c77a5608ef9a0f29408756e5ba..c039b2a04a93c9d544afcec692e49ccff1afd0d2 100644 (file)
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -138,6 +138,7 @@ extern "C" {
 # define SSL_TXT_ARIA128         "ARIA128"
 # define SSL_TXT_ARIA256         "ARIA256"
 # define SSL_TXT_GOST2012_GOST8912_GOST8912 "GOST2012-GOST8912-GOST8912"
+# define SSL_TXT_CBC             "CBC"
 
 # define SSL_TXT_MD5             "MD5"
 # define SSL_TXT_SHA1            "SHA1"

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index ec2dabc89abd43ec257eeec14de23c85bd69b0c3..83710f843199b3ec721d74af213ea66791cde919 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -253,6 +253,7 @@ static const SSL_CIPHER cipher_aliases[] = {
     {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
     {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM},
     {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM},
+    {0, SSL_TXT_CBC, NULL, 0, 0, 0, SSL_CBC},
 
     /* MAC aliases */
     {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 083141931c81c03820944dc042908707e7509fb1..5e2379c09321ebf8bd05a28a7e366e41128fc2d2 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -246,6 +246,9 @@
 # define SSL_CHACHA20            (SSL_CHACHA20POLY1305)
 # define SSL_ARIAGCM             (SSL_ARIA128GCM | SSL_ARIA256GCM)
 # define SSL_ARIA                (SSL_ARIAGCM)
+# define SSL_CBC                 (SSL_DES | SSL_3DES | SSL_RC2 | SSL_IDEA \
+                                  | SSL_AES128 | SSL_AES256 | SSL_CAMELLIA128 \
+                                  | SSL_CAMELLIA256 | SSL_SEED)
 
 /* Bits for algorithm_mac (symmetric authentication) */