Document the behaviour of non-standard separators in cipher strings.
OpenSSL allows spaces, commas and semi-colons to be used as separators
in cipher strings, in addition to the usual colons.
This change documents that spaces cannot be used in equal-preference
groups and forbids these alternative separators in strict mode.
Change-Id: I3879e25aed54539c281511627e6a282e9463bdc3
Reviewed-on: https://boringssl-review.googlesource.com/18424
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index dbb4c75..f1a215f 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -756,8 +756,12 @@
}
}
-#define ITEM_SEP(a) \
- (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+static bool is_cipher_list_separator(char c, int is_strict) {
+ if (c == ':') {
+ return true;
+ }
+ return !is_strict && (c == ' ' || c == ';' || c == ',');
+}
/* rule_equals returns one iff the NUL-terminated string |rule| is equal to the
* |buf_len| bytes at |buf|. */
@@ -1092,7 +1096,7 @@
return 0;
}
- if (ITEM_SEP(ch)) {
+ if (is_cipher_list_separator(ch, strict)) {
l++;
continue;
}
@@ -1186,7 +1190,7 @@
/* We do not support any "multi" options together with "@", so throw away
* the rest of the command, if any left, until end or ':' is found. */
- while (*l != '\0' && !ITEM_SEP(*l)) {
+ while (*l != '\0' && !is_cipher_list_separator(*l, strict)) {
l++;
}
} else if (!skip_rule) {
