More tweaks for comments due indent issues

[openssl.git] / ssl / ssl_ciph.c
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c

index 9c7fbc302260d31f66ea88fb585ed555cc1638dc..4444c224ca3fdead04f887ec807128b29e3c0408 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -242,6 +242,7 @@ static const SSL_CIPHER cipher_aliases[]={
         {0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0},
         {0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0},
         {0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kDHE,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
         {0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
  
         {0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
@@ -250,6 +251,7 @@ static const SSL_CIPHER cipher_aliases[]={
         {0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
         {0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
         {0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kECDHE,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
         {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
  
          {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
@@ -262,7 +264,8 @@ static const SSL_CIPHER cipher_aliases[]={
         {0,SSL_TXT_DSS,0,     0,SSL_aDSS,   0,0,0,0,0,0,0},
         {0,SSL_TXT_aKRB5,0,   0,SSL_aKRB5, 0,0,0,0,0,0,0},
         {0,SSL_TXT_aNULL,0,   0,SSL_aNULL, 0,0,0,0,0,0,0},
-       {0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0}, /* no such ciphersuites supported! */
+       /* no such ciphersuites supported! */
+       {0,SSL_TXT_aDH,0,     0,SSL_aDH,   0,0,0,0,0,0,0},
         {0,SSL_TXT_aECDH,0,   0,SSL_aECDH, 0,0,0,0,0,0,0},
         {0,SSL_TXT_aECDSA,0,  0,SSL_aECDSA,0,0,0,0,0,0,0},
         {0,SSL_TXT_ECDSA,0,   0,SSL_aECDSA, 0,0,0,0,0,0,0},
@@ -274,7 +277,9 @@ static const SSL_CIPHER cipher_aliases[]={
  
         /* aliases combining key exchange and server authentication */
         {0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_DHE,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
         {0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_ECDHE,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
         {0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
         {0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
         {0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
@@ -327,6 +332,19 @@ static const SSL_CIPHER cipher_aliases[]={
         {0,SSL_TXT_HIGH,0,    0,0,0,0,0,SSL_HIGH,  0,0,0},
         /* FIPS 140-2 approved ciphersuite */
         {0,SSL_TXT_FIPS,0,    0,0,~SSL_eNULL,0,0,SSL_FIPS,  0,0,0},
+       /* "DHE-" aliases to "EDH-" labels (for forward compatibility) */
+       {0,SSL3_TXT_DHE_DSS_DES_40_CBC_SHA,0,
+         SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
+       {0,SSL3_TXT_DHE_DSS_DES_64_CBC_SHA,0,
+         SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
+       {0,SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,0,
+         SSL_kDHE,SSL_aDSS,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
+       {0,SSL3_TXT_DHE_RSA_DES_40_CBC_SHA,0,
+         SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
+       {0,SSL3_TXT_DHE_RSA_DES_64_CBC_SHA,0,
+         SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
+       {0,SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,0,
+         SSL_kDHE,SSL_aRSA,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
         };
  /* Search for public key algorithm with given name and 
   * return its pkey_id if it is available. Otherwise return 0
@@ -820,7 +838,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                         co_list[co_list_num].active = 0;
                         co_list_num++;
  #ifdef KSSL_DEBUG
-                       printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
+                       fprintf(stderr,"\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
  #endif /* KSSL_DEBUG */
                         /*
                         if (!sk_push(ca_list,(char *)c)) goto err;
@@ -937,7 +955,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
         int reverse = 0;
  
  #ifdef CIPHER_DEBUG
-       printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
+       fprintf(stderr, "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
                 rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
  #endif
  
@@ -983,7 +1001,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                 else
                         {
  #ifdef CIPHER_DEBUG
-                       printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
+                       fprintf(stderr, "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
  #endif
  #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
                         if (cipher_id && cipher_id != cp->id)
@@ -1006,7 +1024,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
                         }
  
  #ifdef CIPHER_DEBUG
-               printf("Action = %d\n", rule);
+               fprintf(stderr, "Action = %d\n", rule);
  #endif
  
                 /* add the cipher if it has not been added yet. */
@@ -1403,6 +1421,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
                 return 0;
                 }
  
+#ifndef OPENSSL_NO_ECDH
         switch(suiteb_flags)
                 {
         case SSL_CERT_FLAG_SUITEB_128_LOS:
@@ -1421,6 +1440,10 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
         /* Set auto ECDH parameter determination */
         c->ecdh_tmp_auto = 1;
         return 1;
+#else
+       SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
+       return 0;
+#endif
         }
  #endif
  
@@ -1460,7 +1483,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
          */
         num_of_ciphers = ssl_method->num_ciphers();
  #ifdef KSSL_DEBUG
-       printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+       fprintf(stderr,"ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
  #endif    /* KSSL_DEBUG */
         co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
         if (co_list == NULL)
@@ -1587,7 +1610,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
                         {
                         sk_SSL_CIPHER_push(cipherstack, curr->cipher);
  #ifdef CIPHER_DEBUG
-                       printf("<%s>\n",curr->cipher->name);
+                       fprintf(stderr, "<%s>\n",curr->cipher->name);
  #endif
                         }
                 }
@@ -1677,6 +1700,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_kSRP:
                 kx="SRP";
                 break;
+       case SSL_kGOST:
+               kx="GOST";
+               break;
         default:
                 kx="unknown";
                 }
@@ -1710,6 +1736,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_aSRP:
                 au="SRP";
                 break;
+       case SSL_aGOST94:
+               au="GOST94";
+               break;
+       case SSL_aGOST01:
+               au="GOST01";
+               break;
         default:
                 au="unknown";
                 break;
@@ -1757,6 +1789,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_SEED:
                 enc="SEED(128)";
                 break;
+       case SSL_eGOST2814789CNT:
+               enc="GOST89(256)";
+               break;
         default:
                 enc="unknown";
                 break;
@@ -1779,6 +1814,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_AEAD:
                 mac="AEAD";
                 break;
+       case SSL_GOST89MAC:
+               mac="GOST89";
+               break;
+       case SSL_GOST94:
+               mac="GOST94";
+               break;
         default:
                 mac="unknown";
                 break;
@@ -1904,12 +1945,14 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
          if (cm == NULL || cm->type == NID_undef)
                  return 1;
  
-       /* According to draft-ietf-tls-compression-04.txt, the
-          compression number ranges should be the following:
-
-          0 to 63:    methods defined by the IETF
-          64 to 192:  external party methods assigned by IANA
-          193 to 255: reserved for private use */
+       /*-
+        * According to draft-ietf-tls-compression-04.txt, the
+        * compression number ranges should be the following:
+         *
+         *   0 to  63:  methods defined by the IETF
+        *  64 to 192:  external party methods assigned by IANA
+        * 193 to 255:  reserved for private use 
+        */
         if (id < 193 || id > 255)
                 {
                 SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);