Fix a typo in the X.509v3 docs: cRLSign instead of cRLCertSign is correct

[openssl.git] / ssl / ssl_ciph.c

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 2bea76cffe138965e13425c6415f4268e2cf6b8f..e3f61ea0bc2a1ce734271b164338165174afeca4 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -111,7 +111,8 @@ typedef struct cipher_order_st
        } CIPHER_ORDER;
 
 static SSL_CIPHER cipher_aliases[]={
-       {0,SSL_TXT_ALL, 0,SSL_ALL,   0,SSL_ALL},        /* must be first */
+       /* Don't include eNULL unless specifically enabled */
+       {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, 0,SSL_ALL}, /* must be first */
        {0,SSL_TXT_kRSA,0,SSL_kRSA,  0,SSL_MKEY_MASK},
        {0,SSL_TXT_kDHr,0,SSL_kDHr,  0,SSL_MKEY_MASK},
        {0,SSL_TXT_kDHd,0,SSL_kDHd,  0,SSL_MKEY_MASK},
@@ -144,9 +145,9 @@ static SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_ADH, 0,SSL_ADH,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
        {0,SSL_TXT_FZA, 0,SSL_FZA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
 
-       {0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,_SSL_EXP_MASK},
-       {0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,_SSL_EXP_MASK},
-       {0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,_SSL_EXP_MASK},
+       {0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,SSL_EXP_MASK},
+       {0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,SSL_EXP_MASK},
+       {0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,SSL_EXP_MASK},
        {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
        {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
        {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
@@ -353,7 +354,7 @@ char *str;
        mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
 #endif
 
-#ifndef SSL_ALLOW_ENULL
+#ifdef SSL_FORBID_ENULL
        mask|=SSL_eNULL;
 #endif
 
@@ -403,7 +404,7 @@ char *str;
                }
 
        /* special case */
-       cipher_aliases[0].algorithms= ~mask;
+       cipher_aliases[0].algorithms &= ~mask;
 
        /* get the aliases */
        k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER);
@@ -616,7 +617,7 @@ SSL_CIPHER *cipher;
 char *buf;
 int len;
        {
-       int _export,pkl,kl;
+        int is_export,pkl,kl;
        char *ver,*exp;
        char *kx,*au,*enc,*mac;
        unsigned long alg,alg2;
@@ -625,10 +626,10 @@ int len;
        alg=cipher->algorithms;
        alg2=cipher->algorithm2;
 
-       _export=SSL_IS_EXPORT(alg);
+        is_export=SSL_IS_EXPORT(alg);
        pkl=SSL_EXPORT_PKEYLENGTH(alg);
        kl=SSL_EXPORT_KEYLENGTH(alg);
-       exp=_export?" export":"";
+        exp=is_export?" export":"";
 
        if (alg & SSL_SSLV2)
                ver="SSLv2";
@@ -640,7 +641,7 @@ int len;
        switch (alg&SSL_MKEY_MASK)
                {
        case SSL_kRSA:
-               kx=_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
+                kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
                break;
        case SSL_kDHr:
                kx="DH/RSA";
@@ -652,7 +653,7 @@ int len;
                kx="Fortezza";
                break;
        case SSL_kEDH:
-               kx=_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
+                kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
                break;
        default:
                kx="unknown";
@@ -681,17 +682,17 @@ int len;
        switch (alg&SSL_ENC_MASK)
                {
        case SSL_DES:
-               enc=(_export && kl == 5)?"DES(40)":"DES(56)";
+                enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
                break;
        case SSL_3DES:
                enc="3DES(168)";
                break;
        case SSL_RC4:
-               enc=_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
+                enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
                  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
                break;
        case SSL_RC2:
-               enc=_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
+                enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
                break;
        case SSL_IDEA:
                enc="IDEA(128)";