aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/ssl_ciph.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/ssl_ciph.c')
-rw-r--r--ssl/ssl_ciph.c104
1 files changed, 52 insertions, 52 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 060bd9d1c3..366dcc9d20 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -131,9 +131,9 @@ static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
{SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
{SSL_SHA256, NID_sha256}, /* SSL_MD_SHA256_IDX 4 */
{SSL_SHA384, NID_sha384}, /* SSL_MD_SHA384_IDX 5 */
- {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
- {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
- {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
+ {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
+ {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
+ {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
{0, NID_md5_sha1}, /* SSL_MD_MD5_SHA1_IDX 9 */
{0, NID_sha224}, /* SSL_MD_SHA224_IDX 10 */
{0, NID_sha512} /* SSL_MD_SHA512_IDX 11 */
@@ -143,28 +143,30 @@ static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
+/* *INDENT-OFF* */
static const ssl_cipher_table ssl_cipher_table_kx[] = {
- { SSL_kRSA, NID_kx_rsa },
- { SSL_kECDHE, NID_kx_ecdhe },
- { SSL_kDHE, NID_kx_dhe },
- { SSL_kECDHEPSK, NID_kx_ecdhe_psk },
- { SSL_kDHEPSK, NID_kx_dhe_psk },
- { SSL_kRSAPSK, NID_kx_rsa_psk },
- { SSL_kPSK, NID_kx_psk },
- { SSL_kSRP, NID_kx_srp },
- { SSL_kGOST, NID_kx_gost }
+ {SSL_kRSA, NID_kx_rsa},
+ {SSL_kECDHE, NID_kx_ecdhe},
+ {SSL_kDHE, NID_kx_dhe},
+ {SSL_kECDHEPSK, NID_kx_ecdhe_psk},
+ {SSL_kDHEPSK, NID_kx_dhe_psk},
+ {SSL_kRSAPSK, NID_kx_rsa_psk},
+ {SSL_kPSK, NID_kx_psk},
+ {SSL_kSRP, NID_kx_srp},
+ {SSL_kGOST, NID_kx_gost}
};
static const ssl_cipher_table ssl_cipher_table_auth[] = {
- { SSL_aRSA, NID_auth_rsa },
- { SSL_aECDSA, NID_auth_ecdsa },
- { SSL_aPSK, NID_auth_psk },
- { SSL_aDSS, NID_auth_dss },
- { SSL_aGOST01, NID_auth_gost01 },
- { SSL_aGOST12, NID_auth_gost12 },
- { SSL_aSRP, NID_auth_srp },
- { SSL_aNULL, NID_auth_null }
+ {SSL_aRSA, NID_auth_rsa},
+ {SSL_aECDSA, NID_auth_ecdsa},
+ {SSL_aPSK, NID_auth_psk},
+ {SSL_aDSS, NID_auth_dss},
+ {SSL_aGOST01, NID_auth_gost01},
+ {SSL_aGOST12, NID_auth_gost12},
+ {SSL_aSRP, NID_auth_srp},
+ {SSL_aNULL, NID_auth_null}
};
+/* *INDENT-ON* */
/* Utility function for table lookup */
static int ssl_cipher_info_find(const ssl_cipher_table * table,
@@ -286,9 +288,11 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_eNULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_GOST, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12, 0,
0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_AES128, 0, 0, 0, SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0,
+ {0, SSL_TXT_AES128, 0, 0, 0,
+ SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8, 0,
0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_AES256, 0, 0, 0, SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0,
+ {0, SSL_TXT_AES256, 0, 0, 0,
+ SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8, 0,
0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES, 0, 0, 0, SSL_AES, 0, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AES_GCM, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM, 0, 0, 0, 0,
@@ -303,7 +307,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_CAMELLIA256, 0, 0, 0, SSL_CAMELLIA256, 0, 0, 0, 0, 0, 0, 0, 0,
0},
{0, SSL_TXT_CAMELLIA, 0, 0, 0, SSL_CAMELLIA, 0, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+ {0, SSL_TXT_CHACHA20, 0, 0, 0, SSL_CHACHA20, 0, 0, 0, 0, 0, 0, 0, 0, 0},
/* MAC aliases */
{0, SSL_TXT_MD5, 0, 0, 0, 0, SSL_MD5, 0, 0, 0, 0, 0, 0, 0, 0},
@@ -453,7 +457,8 @@ void ssl_load_ciphers(void)
disabled_mac_mask |= SSL_GOST89MAC;
}
- ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] = get_optional_pkey_id("gost-mac-12");
+ ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
+ get_optional_pkey_id("gost-mac-12");
if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX]) {
ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
} else {
@@ -469,7 +474,8 @@ void ssl_load_ciphers(void)
/*
* Disable GOST key exchange if no GOST signature algs are available *
*/
- if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) == (SSL_aGOST01 | SSL_aGOST12))
+ if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
+ (SSL_aGOST01 | SSL_aGOST12))
disabled_mkey_mask |= SSL_kGOST;
}
@@ -824,8 +830,8 @@ static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
#endif
if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
- reverse = 1; /* needed to maintain sorting between
- * currently deleted ciphers */
+ reverse = 1; /* needed to maintain sorting between currently
+ * deleted ciphers */
head = *head_p;
tail = *tail_p;
@@ -1057,8 +1063,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
* it is no command or separator nor
* alphanumeric, so we call this an error.
*/
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
retval = found = 0;
l++;
break;
@@ -1216,8 +1221,7 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
ok = 1;
}
} else
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
if (ok == 0)
retval = 0;
/*
@@ -1293,8 +1297,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
}
return 1;
# else
- SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
- SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
+ SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
return 0;
# endif
}
@@ -1347,8 +1350,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
disabled_mkey, disabled_auth, disabled_enc,
- disabled_mac, co_list, &head,
- &tail);
+ disabled_mac, co_list, &head, &tail);
/* Now arrange all ciphers by preference. */
@@ -1366,18 +1368,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
&tail);
-
/* Within each strength group, we prefer GCM over CHACHA... */
ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
&head, &tail);
ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
&head, &tail);
- /*
- * ...and generally, our preferred cipher is AES.
- * Note that AEADs will be bumped to take preference after sorting by
- * strength.
- */
+ /*
+ * ...and generally, our preferred cipher is AES.
+ * Note that AEADs will be bumped to take preference after sorting by
+ * strength.
+ */
ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
-1, &head, &tail);
@@ -1441,9 +1442,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
&head, &tail);
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
- CIPHER_BUMP, -1, &head, &tail);
+ CIPHER_BUMP, -1, &head, &tail);
ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
- CIPHER_BUMP, -1, &head, &tail);
+ CIPHER_BUMP, -1, &head, &tail);
/* Now disable everything (maintaining the ordering!) */
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
@@ -1485,7 +1486,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (ok && (strlen(rule_p) > 0))
ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
- OPENSSL_free(ca_list); /* Not needed anymore */
+ OPENSSL_free(ca_list); /* Not needed anymore */
if (!ok) { /* Rule processing failure */
OPENSSL_free(co_list);
@@ -1530,8 +1531,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
if (*cipher_list_by_id != NULL)
sk_SSL_CIPHER_free(*cipher_list_by_id);
*cipher_list_by_id = tmp_cipher_list;
- (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
- ssl_cipher_ptr_id_cmp);
+ (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
sk_SSL_CIPHER_sort(*cipher_list_by_id);
return (cipherstack);
@@ -1542,8 +1542,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
const char *ver;
const char *kx, *au, *enc, *mac;
uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
- static const char *format =
- "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
+ static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
if (buf == NULL) {
len = 128;
@@ -1753,8 +1752,8 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
if (c != NULL) {
if (alg_bits != NULL)
- *alg_bits = (int) c->alg_bits;
- ret = (int) c->strength_bits;
+ *alg_bits = (int)c->alg_bits;
+ ret = (int)c->strength_bits;
}
return ret;
}
@@ -1785,11 +1784,13 @@ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
{
return NULL;
}
+
STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
*meths)
{
return meths;
}
+
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
return 1;
@@ -1861,8 +1862,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
SSL_R_DUPLICATE_COMPRESSION_ID);
return (1);
}
- if (ssl_comp_methods == NULL
- || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
+ if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
OPENSSL_free(comp);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-26 07:12:10 +0000