Don't mark the eNULL ciphers as non-default.

They're not part of ALL, so they're not part of COMPLEMENTOFDEFAULT

Reviewed-by: Rich Salz <rsalz@openssl.org>

MR: #2202
This commit is contained in:
Kurt Roeckx 2016-03-03 22:02:58 +01:00
parent 5b7af0dd6c
commit 1510b5f7ca
2 changed files with 20 additions and 20 deletions

View File

@ -172,7 +172,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_MD5, SSL_MD5,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE, SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -188,7 +188,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA1, SSL_SHA1,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -338,7 +338,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA1, SSL_SHA1,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -353,7 +353,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA1, SSL_SHA1,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -368,7 +368,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA1, SSL_SHA1,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -512,7 +512,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA256, SSL_SHA256,
SSL_TLSV1_2, SSL_TLSV1_2,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -740,7 +740,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_GOST94, SSL_GOST94,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE, SSL_STRONG_NONE,
SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94, SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
0, 0,
0 0
@ -1354,7 +1354,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA256, SSL_SHA256,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -1370,7 +1370,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA384, SSL_SHA384,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0, 0,
0, 0,
@ -1418,7 +1418,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA256, SSL_SHA256,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -1434,7 +1434,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA384, SSL_SHA384,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0, 0,
0, 0,
@ -1482,7 +1482,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA256, SSL_SHA256,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -1498,7 +1498,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA384, SSL_SHA384,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0, 0,
0, 0,
@ -1649,7 +1649,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA1, SSL_SHA1,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -1731,7 +1731,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA1, SSL_SHA1,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -1813,7 +1813,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA1, SSL_SHA1,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -2275,7 +2275,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA1, SSL_SHA1,
SSL_SSLV3, SSL_SSLV3,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -2291,7 +2291,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA256, SSL_SHA256,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
0, 0,
0, 0,
@ -2307,7 +2307,7 @@ static const SSL_CIPHER ssl3_ciphers[] = {
SSL_eNULL, SSL_eNULL,
SSL_SHA384, SSL_SHA384,
SSL_TLSV1, SSL_TLSV1,
SSL_NOT_DEFAULT | SSL_STRONG_NONE | SSL_FIPS, SSL_STRONG_NONE | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
0, 0,
0, 0,

View File

@ -296,7 +296,7 @@ static const SSL_CIPHER cipher_aliases[] = {
* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
* ALL!) * ALL!)
*/ */
{0, SSL_TXT_CMPDEF, 0, 0, 0, ~SSL_eNULL, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0}, {0, SSL_TXT_CMPDEF, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT, 0, 0, 0},
/* /*
* key exchange aliases (some of those using only a single bit here * key exchange aliases (some of those using only a single bit here