diff options
Diffstat (limited to 'lib/gnutls_priority.c')
| -rw-r--r-- | lib/gnutls_priority.c | 392 |
1 files changed, 196 insertions, 196 deletions
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 0589d9950e..5021c52256 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -33,8 +33,8 @@ static void break_comma_list (char *etag, - char **broken_etag, int *elements, int max_elements, - char sep); + char **broken_etag, int *elements, int max_elements, + char sep); /** * gnutls_cipher_set_priority: @@ -195,7 +195,7 @@ gnutls_protocol_set_priority (gnutls_session_t session, const int *list) **/ int gnutls_certificate_type_set_priority (gnutls_session_t session, - const int *list) + const int *list) { #ifdef ENABLE_OPENPGP return _set_priority (&session->internals.priorities.cert_type, list); @@ -384,12 +384,12 @@ static void prio_remove (priority_st * priority_list, unsigned int algo) { int i = 0; - int pos = -1; /* the position of the cipher to remove */ + int pos = -1; /* the position of the cipher to remove */ while (priority_list->priority[i] != 0) { if (priority_list->priority[i] == algo) - pos = i; + pos = i; i++; } @@ -410,7 +410,7 @@ prio_add (priority_st * priority_list, unsigned int algo) while (priority_list->priority[i] != 0) { if (algo == priority_list->priority[i]) - return; /* if it exists */ + return; /* if it exists */ i++; } @@ -444,15 +444,15 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) } memcpy (&session->internals.priorities, priority, - sizeof (struct gnutls_priority_st)); + sizeof (struct gnutls_priority_st)); /* set the current version to the first in the chain. * This will be overridden later. */ if (session->internals.priorities.protocol.algorithms > 0) _gnutls_set_current_version (session, - session->internals.priorities.protocol. - priority[0]); + session->internals.priorities.protocol. + priority[0]); return 0; } @@ -574,7 +574,7 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) **/ int gnutls_priority_init (gnutls_priority_t * priority_cache, - const char *priorities, const char **err_pos) + const char *priorities, const char **err_pos) { char *broken_list[MAX_ELEMENTS]; int broken_list_size = 0, i = 0, j; @@ -624,185 +624,185 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, for (; i < broken_list_size; i++) { if (strcasecmp (broken_list[i], "PERFORMANCE") == 0) - { - _set_priority (&(*priority_cache)->cipher, - cipher_priority_performance); - _set_priority (&(*priority_cache)->kx, kx_priority_performance); - _set_priority (&(*priority_cache)->mac, mac_priority_performance); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_default); - } + { + _set_priority (&(*priority_cache)->cipher, + cipher_priority_performance); + _set_priority (&(*priority_cache)->kx, kx_priority_performance); + _set_priority (&(*priority_cache)->mac, mac_priority_performance); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); + } else if (strcasecmp (broken_list[i], "NORMAL") == 0) - { - _set_priority (&(*priority_cache)->cipher, cipher_priority_normal); - _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_default); - } + { + _set_priority (&(*priority_cache)->cipher, cipher_priority_normal); + _set_priority (&(*priority_cache)->kx, kx_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); + } else if (strcasecmp (broken_list[i], "SECURE256") == 0 - || strcasecmp (broken_list[i], "SECURE") == 0) - { - _set_priority (&(*priority_cache)->cipher, - cipher_priority_secure256); - _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_secure256); - } + || strcasecmp (broken_list[i], "SECURE") == 0) + { + _set_priority (&(*priority_cache)->cipher, + cipher_priority_secure256); + _set_priority (&(*priority_cache)->kx, kx_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_secure256); + } else if (strcasecmp (broken_list[i], "SECURE128") == 0) - { - _set_priority (&(*priority_cache)->cipher, - cipher_priority_secure128); - _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_secure128); - } + { + _set_priority (&(*priority_cache)->cipher, + cipher_priority_secure128); + _set_priority (&(*priority_cache)->kx, kx_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_secure128); + } else if (strcasecmp (broken_list[i], "EXPORT") == 0) - { - _set_priority (&(*priority_cache)->cipher, cipher_priority_export); - _set_priority (&(*priority_cache)->kx, kx_priority_export); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_default); - } /* now check if the element is something like -ALGO */ + { + _set_priority (&(*priority_cache)->cipher, cipher_priority_export); + _set_priority (&(*priority_cache)->kx, kx_priority_export); + _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); + } /* now check if the element is something like -ALGO */ else if (broken_list[i][0] == '!' || broken_list[i][0] == '+' - || broken_list[i][0] == '-') - { - if (broken_list[i][0] == '+') - fn = prio_add; - else - fn = prio_remove; - - if ((algo = - gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN) - fn (&(*priority_cache)->mac, algo); - else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) != - GNUTLS_CIPHER_UNKNOWN) - fn (&(*priority_cache)->cipher, algo); - else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) != - GNUTLS_KX_UNKNOWN) - fn (&(*priority_cache)->kx, algo); - else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0) - { - if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0) - { - _set_priority (&(*priority_cache)->protocol, - protocol_priority); - } - else - { - if ((algo = - gnutls_protocol_get_id (&broken_list[i][6])) != - GNUTLS_VERSION_UNKNOWN) - fn (&(*priority_cache)->protocol, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0) - { - if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0) - { - _set_priority (&(*priority_cache)->compression, - comp_priority); - } - else - { - if ((algo = - gnutls_compression_get_id (&broken_list[i][6])) != - GNUTLS_COMP_UNKNOWN) - fn (&(*priority_cache)->compression, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) - { - if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0) - { - _set_priority (&(*priority_cache)->cert_type, - cert_type_priority); - } - else - { - if ((algo = - gnutls_certificate_type_get_id (&broken_list[i][7])) != - GNUTLS_CRT_UNKNOWN) - fn (&(*priority_cache)->cert_type, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0) - { - if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0) - { - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_default); - } - else - { - if ((algo = - gnutls_sign_get_id (&broken_list[i][6])) != - GNUTLS_SIGN_UNKNOWN) - fn (&(*priority_cache)->sign_algo, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else - goto error; - } + || broken_list[i][0] == '-') + { + if (broken_list[i][0] == '+') + fn = prio_add; + else + fn = prio_remove; + + if ((algo = + gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN) + fn (&(*priority_cache)->mac, algo); + else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) != + GNUTLS_CIPHER_UNKNOWN) + fn (&(*priority_cache)->cipher, algo); + else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) != + GNUTLS_KX_UNKNOWN) + fn (&(*priority_cache)->kx, algo); + else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0) + { + if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0) + { + _set_priority (&(*priority_cache)->protocol, + protocol_priority); + } + else + { + if ((algo = + gnutls_protocol_get_id (&broken_list[i][6])) != + GNUTLS_VERSION_UNKNOWN) + fn (&(*priority_cache)->protocol, algo); + else + goto error; + } + } /* now check if the element is something like -ALGO */ + else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0) + { + if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0) + { + _set_priority (&(*priority_cache)->compression, + comp_priority); + } + else + { + if ((algo = + gnutls_compression_get_id (&broken_list[i][6])) != + GNUTLS_COMP_UNKNOWN) + fn (&(*priority_cache)->compression, algo); + else + goto error; + } + } /* now check if the element is something like -ALGO */ + else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) + { + if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0) + { + _set_priority (&(*priority_cache)->cert_type, + cert_type_priority); + } + else + { + if ((algo = + gnutls_certificate_type_get_id (&broken_list[i][7])) != + GNUTLS_CRT_UNKNOWN) + fn (&(*priority_cache)->cert_type, algo); + else + goto error; + } + } /* now check if the element is something like -ALGO */ + else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0) + { + if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0) + { + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); + } + else + { + if ((algo = + gnutls_sign_get_id (&broken_list[i][6])) != + GNUTLS_SIGN_UNKNOWN) + fn (&(*priority_cache)->sign_algo, algo); + else + goto error; + } + } /* now check if the element is something like -ALGO */ + else + goto error; + } else if (broken_list[i][0] == '%') - { - if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) - { - (*priority_cache)->no_padding = 1; - (*priority_cache)->allow_large_records = 1; - } - else if (strcasecmp (&broken_list[i][1], - "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) - { - prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); - (*priority_cache)->additional_verify_flags |= - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; - } - else if (strcasecmp (&broken_list[i][1], - "SSL3_RECORD_VERSION") == 0) - (*priority_cache)->no_ssl3_record_version = 0; - else if (strcasecmp (&broken_list[i][1], - "LATEST_RECORD_VERSION") == 0) - (*priority_cache)->no_ssl3_record_version = 1; - else if (strcasecmp (&broken_list[i][1], - "VERIFY_ALLOW_X509_V1_CA_CRT") == 0) - (*priority_cache)->additional_verify_flags |= - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; - else if (strcasecmp (&broken_list[i][1], - "UNSAFE_RENEGOTIATION") == 0) - { - (*priority_cache)->sr = SR_UNSAFE; - } - else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0) - { - (*priority_cache)->sr = SR_SAFE; - } - else if (strcasecmp (&broken_list[i][1], - "PARTIAL_RENEGOTIATION") == 0) - { - (*priority_cache)->sr = SR_PARTIAL; - } - else if (strcasecmp (&broken_list[i][1], - "DISABLE_SAFE_RENEGOTIATION") == 0) - { - (*priority_cache)->sr = SR_DISABLED; - } - else - goto error; - } + { + if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) + { + (*priority_cache)->no_padding = 1; + (*priority_cache)->allow_large_records = 1; + } + else if (strcasecmp (&broken_list[i][1], + "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) + { + prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); + (*priority_cache)->additional_verify_flags |= + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; + } + else if (strcasecmp (&broken_list[i][1], + "SSL3_RECORD_VERSION") == 0) + (*priority_cache)->no_ssl3_record_version = 0; + else if (strcasecmp (&broken_list[i][1], + "LATEST_RECORD_VERSION") == 0) + (*priority_cache)->no_ssl3_record_version = 1; + else if (strcasecmp (&broken_list[i][1], + "VERIFY_ALLOW_X509_V1_CA_CRT") == 0) + (*priority_cache)->additional_verify_flags |= + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; + else if (strcasecmp (&broken_list[i][1], + "UNSAFE_RENEGOTIATION") == 0) + { + (*priority_cache)->sr = SR_UNSAFE; + } + else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0) + { + (*priority_cache)->sr = SR_SAFE; + } + else if (strcasecmp (&broken_list[i][1], + "PARTIAL_RENEGOTIATION") == 0) + { + (*priority_cache)->sr = SR_PARTIAL; + } + else if (strcasecmp (&broken_list[i][1], + "DISABLE_SAFE_RENEGOTIATION") == 0) + { + (*priority_cache)->sr = SR_DISABLED; + } + else + goto error; + } else - goto error; + goto error; } gnutls_free (darg); @@ -813,9 +813,9 @@ error: { *err_pos = priorities; for (j = 0; j < i; j++) - { - (*err_pos) += strlen (broken_list[j]) + 1; - } + { + (*err_pos) += strlen (broken_list[j]) + 1; + } } gnutls_free (darg); gnutls_free (*priority_cache); @@ -853,7 +853,7 @@ gnutls_priority_deinit (gnutls_priority_t priority_cache) **/ int gnutls_priority_set_direct (gnutls_session_t session, - const char *priorities, const char **err_pos) + const char *priorities, const char **err_pos) { gnutls_priority_t prio; int ret; @@ -882,8 +882,8 @@ gnutls_priority_set_direct (gnutls_session_t session, */ static void break_comma_list (char *etag, - char **broken_etag, int *elements, int max_elements, - char sep) + char **broken_etag, int *elements, int max_elements, + char sep) { char *p = etag; if (sep == 0) @@ -899,14 +899,14 @@ break_comma_list (char *etag, p = strchr (p, sep); if (p) - { - *p = 0; - p++; /* move to next entry and skip white - * space. - */ - while (*p == ' ') - p++; - } + { + *p = 0; + p++; /* move to next entry and skip white + * space. + */ + while (*p == ' ') + p++; + } } while (p != NULL && *elements < max_elements); } |