Configuration: make Solaris builds with gcc recognise GNU ld

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 5aa04dbd53b45936d119a43c14e32555dde0cedc..d047b8ff5dbdeb3e10198a4c6e4fd19745917737 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -18,7 +18,7 @@
 #include <openssl/conf.h>
 #include <openssl/trace.h>
 #include "internal/nelem.h"
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include "internal/thread_once.h"
 #include "internal/cryptlib.h"
 
@@ -93,7 +93,7 @@ static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
 
 /*
  * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
- * in the ssl_locl.h
+ * in the ssl_local.h
  */
 
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
@@ -1380,24 +1380,25 @@ int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
 {
     int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
 
-    if (ret && ctx->cipher_list != NULL) {
-        /* We already have a cipher_list, so we need to update it */
+    if (ret && ctx->cipher_list != NULL)
         return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id,
                                   ctx->tls13_ciphersuites);
-    }
 
     return ret;
 }
 
 int SSL_set_ciphersuites(SSL *s, const char *str)
 {
+    STACK_OF(SSL_CIPHER) *cipher_list;
     int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
 
-    if (ret && s->cipher_list != NULL) {
-        /* We already have a cipher_list, so we need to update it */
+    if (s->cipher_list == NULL) {
+        if ((cipher_list = SSL_get_ciphers(s)) != NULL)
+            s->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
+    }
+    if (ret && s->cipher_list != NULL)
         return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id,
                                   s->tls13_ciphersuites);
-    }
 
     return ret;
 }
@@ -1573,7 +1574,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
     ok = 1;
     rule_p = rule_str;
     if (strncmp(rule_str, "DEFAULT", 7) == 0) {
-        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+        ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(),
                                         &head, &tail, ca_list, c);
         rule_p += 7;
         if (*rule_p == ':')
@@ -1645,7 +1646,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
     const char *ver;
     const char *kx, *au, *enc, *mac;
     uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
-    static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
+    static const char *format = "%-30s %-7s Kx=%-8s Au=%-5s Enc=%-9s Mac=%-4s\n";
 
     if (buf == NULL) {
         len = 128;
@@ -2168,3 +2169,27 @@ int ssl_cert_is_disabled(size_t idx)
         return 1;
     return 0;
 }
+
+/*
+ * Default list of TLSv1.2 (and earlier) ciphers
+ * SSL_DEFAULT_CIPHER_LIST deprecated in 3.0.0
+ * Update both macro and function simultaneously
+ */
+const char *OSSL_default_cipher_list(void)
+{
+    return "ALL:!COMPLEMENTOFDEFAULT:!eNULL";
+}
+
+/*
+ * Default list of TLSv1.3 (and later) ciphers
+ * TLS_DEFAULT_CIPHERSUITES deprecated in 3.0.0
+ * Update both macro and function simultaneously
+ */
+const char *OSSL_default_ciphersuites(void)
+{
+    return "TLS_AES_256_GCM_SHA384:"
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+           "TLS_CHACHA20_POLY1305_SHA256:"
+#endif
+           "TLS_AES_128_GCM_SHA256";
+}