Change cipher default strings to a function

 Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]

  *) Default cipher lists/suites are now avaialble via a function, the

     #defines are deprecated.

     [Todd Short]

  *) Add target VC-WIN32-UWP, VC-WIN64A-UWP, VC-WIN32-ARM-UWP and

     VC-WIN64-ARM-UWP in Windows OneCore target for making building libraries

     for Windows Store apps easier. Also, the "no-uplink" option has been added.

SSL_CTX_set_cipher_list,

SSL_set_cipher_list,

SSL_CTX_set_ciphersuites,

SSL_set_ciphersuites

SSL_set_ciphersuites,

OSSL_default_cipher_list,

OSSL_default_ciphersuites

- choose list of available SSL_CIPHERs

=head1 SYNOPSIS

 int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);

 int SSL_set_ciphersuites(SSL *s, const char *str);

 const char *OSSL_default_cipher_list(void);

 const char *OSSL_default_ciphersuites(void);

=head1 DESCRIPTION

SSL_CTX_set_cipher_list() sets the list of available ciphers (TLSv1.2 and below)

SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it

configures the ciphersuites for B<ssl>.

OSSL_default_cipher_list() returns the default cipher string for TLSv1.2

(and earlier) ciphers. OSSL_default_ciphersuites() returns the default

cipher string for TLSv1.3 ciphersuites.

=head1 NOTES

The control string B<str> for SSL_CTX_set_cipher_list() and

keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated

and the handshake will fail.

OSSL_default_cipher_list() and OSSL_default_ciphersuites() replace

SSL_DEFAULT_CIPHER_LIST and TLS_DEFAULT_CIPHERSUITES, respectively. The

cipher list defines are deprecated as of 3.0.0.

=head1 RETURN VALUES

SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher

L<SSL_CTX_set_tmp_dh_callback(3)>,

L<ciphers(1)>

=head1 HISTORY

OSSL_default_cipher_list() and OSSL_default_ciphersites() are new in 3.0.0.

=head1 COPYRIGHT

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

 * The following cipher list is used by default. It also is substituted when

 * an application-defined cipher list string starts with 'DEFAULT'.

 * This applies to ciphersuites for TLSv1.2 and below.

 * DEPRECATED IN 3.0.0, in favor of OSSL_default_cipher_list()

 * Update both macro and function simultaneously

 */

# if !OPENSSL_API_3

#  define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"

/* This is the default set of TLSv1.3 ciphersuites */

/*

 * This is the default set of TLSv1.3 ciphersuites

 * DEPRECATED IN 3.0.0, in favor of OSSL_default_ciphersuites()

 * Update both macro and function simultaneously

 */

#  if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)

#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \

                                    "TLS_CHACHA20_POLY1305_SHA256:" \

#   define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \

                                   "TLS_AES_128_GCM_SHA256"

#  endif

# endif

/*

 * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always

 * starts with a reasonable order, and all we have to do for DEFAULT is

                                 SSL_allow_early_data_cb_fn cb,

                                 void *arg);

/* store the default cipher strings inside the library */

const char *OSSL_default_cipher_list(void);

const char *OSSL_default_ciphersuites(void);

# ifdef  __cplusplus

}

# endif

    ok = 1;

    rule_p = rule_str;

    if (strncmp(rule_str, "DEFAULT", 7) == 0) {

        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,

        ok = ssl_cipher_process_rulestr(OSSL_default_cipher_list(),

                                        &head, &tail, ca_list, c);

        rule_p += 7;

        if (*rule_p == ':')

        return 1;

    return 0;

}

/*

 * Default list of TLSv1.2 (and earlier) ciphers

 * SSL_DEFAULT_CIPHER_LIST deprecated in 3.0.0

 * Update both macro and function simultaneously

 */

const char *OSSL_default_cipher_list(void)

{

    return "ALL:!COMPLEMENTOFDEFAULT:!eNULL";

}

/*

 * Default list of TLSv1.3 (and later) ciphers

 * TLS_DEFAULT_CIPHERSUITES deprecated in 3.0.0

 * Update both macro and function simultaneously

 */

const char *OSSL_default_ciphersuites(void)

{

    return "TLS_AES_256_GCM_SHA384:"

#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)

           "TLS_CHACHA20_POLY1305_SHA256:"

#endif

           "TLS_AES_128_GCM_SHA256";

}

    ctx->method = meth;

    if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {

    if (!SSL_CTX_set_ciphersuites(ctx, OSSL_default_ciphersuites())) {

        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);

        return 0;

    }

                                ctx->tls13_ciphersuites,

                                &(ctx->cipher_list),

                                &(ctx->cipher_list_by_id),

                                SSL_DEFAULT_CIPHER_LIST, ctx->cert);

                                OSSL_default_cipher_list(), ctx->cert);

    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {

        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);

        return 0;

        goto err;

#endif

    if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))

    if (!SSL_CTX_set_ciphersuites(ret, OSSL_default_ciphersuites()))

        goto err;

    if (!ssl_create_cipher_list(ret->method,

                                ret->tls13_ciphersuites,

                                &ret->cipher_list, &ret->cipher_list_by_id,

                                SSL_DEFAULT_CIPHER_LIST, ret->cert)

                                OSSL_default_cipher_list(), ret->cert)

        || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {

        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);

        goto err2;