diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-05-06 12:41:40 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-11-29 13:21:53 +0100 |
commit | 0ecce7191dfd78387f2994253d37ed1df50d563d (patch) | |
tree | fb1d66e9329cdad3ef617c02b96c77aca1c8dd3e /lib/algorithms/groups.c | |
parent | ee3af8d6e863bd958cbe7468f9cbe09d803f4e92 (diff) | |
download | gnutls-0ecce7191dfd78387f2994253d37ed1df50d563d.tar.gz |
priority: support allowlisting in configuration file
This adds a new mode of interpreting the [overrides] section. If
"override-mode" is set to "allowlisting" in the [global] section, all
the algorithms (hashes, signature algorithms, curves, and versions)
are initially marked as insecure/disabled. Then the user can enable
them by specifying allowlisting keywords such as "secure-hash" in the
[overrides] section.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Co-authored-by: Alexander Sosedkin <asosedkin@redhat.com>
Diffstat (limited to 'lib/algorithms/groups.c')
-rw-r--r-- | lib/algorithms/groups.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/algorithms/groups.c b/lib/algorithms/groups.c index d4b77beb2a..d8bf95824f 100644 --- a/lib/algorithms/groups.c +++ b/lib/algorithms/groups.c @@ -276,6 +276,24 @@ gnutls_group_t gnutls_group_get_id(const char *name) return ret; } + +/* Similar to gnutls_group_get_id, except that it does not check if + * the curve is supported. + */ +gnutls_group_t _gnutls_group_get_id(const char *name) +{ + gnutls_group_t ret = GNUTLS_GROUP_INVALID; + + GNUTLS_GROUP_LOOP( + if (c_strcasecmp(p->name, name) == 0) { + ret = p->id; + break; + } + ); + + return ret; +} + /** * gnutls_group_get_name: * @group: is an element from %gnutls_group_t |