diff options
Diffstat (limited to 'lib/priority.c')
-rw-r--r-- | lib/priority.c | 47 |
1 files changed, 21 insertions, 26 deletions
diff --git a/lib/priority.c b/lib/priority.c index 900bbf7783..1ed5d84927 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2004-2015 Free Software Foundation, Inc. - * Copyright (C) 2015-2017 Red Hat, Inc. + * Copyright (C) 2015-2019 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -36,10 +36,17 @@ #include "errno.h" #include "ext/srp.h" #include <gnutls/gnutls.h> +#include "profiles.h" #include "c-strcase.h" #define MAX_ELEMENTS 64 +#define ENABLE_PROFILE(c, profile) do { \ + c->additional_verify_flags &= 0x00ffffff; \ + c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(profile); \ + c->level = _gnutls_profile_to_sec_level(profile); \ + } while(0) + /* This function is used by the test suite */ char *_gnutls_resolve_priorities(const char* priorities); const char *_gnutls_default_priority_string = DEFAULT_PRIORITY_STRING; @@ -839,51 +846,39 @@ static void disable_wildcards(gnutls_priority_t c) } static void enable_profile_very_weak(gnutls_priority_t c) { - c->additional_verify_flags &= 0x00ffffff; - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_VERY_WEAK); - c->level = GNUTLS_SEC_PARAM_VERY_WEAK; + ENABLE_PROFILE(c, GNUTLS_PROFILE_VERY_WEAK); } static void enable_profile_low(gnutls_priority_t c) { - c->additional_verify_flags &= 0x00ffffff; - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LOW); - c->level = GNUTLS_SEC_PARAM_LOW; + ENABLE_PROFILE(c, GNUTLS_PROFILE_LOW); } static void enable_profile_legacy(gnutls_priority_t c) { - c->additional_verify_flags &= 0x00ffffff; - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_LEGACY); - c->level = GNUTLS_SEC_PARAM_LEGACY; + ENABLE_PROFILE(c, GNUTLS_PROFILE_LEGACY); +} +static void enable_profile_medium(gnutls_priority_t c) +{ + ENABLE_PROFILE(c, GNUTLS_PROFILE_MEDIUM); } static void enable_profile_high(gnutls_priority_t c) { - c->additional_verify_flags &= 0x00ffffff; - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_HIGH); - c->level = GNUTLS_SEC_PARAM_HIGH; + ENABLE_PROFILE(c, GNUTLS_PROFILE_HIGH); } static void enable_profile_ultra(gnutls_priority_t c) { - c->additional_verify_flags &= 0x00ffffff; - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_ULTRA); - c->level = GNUTLS_SEC_PARAM_ULTRA; + ENABLE_PROFILE(c, GNUTLS_PROFILE_ULTRA); } -static void enable_profile_medium(gnutls_priority_t c) +static void enable_profile_future(gnutls_priority_t c) { - c->additional_verify_flags &= 0x00ffffff; - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_MEDIUM); - c->level = GNUTLS_SEC_PARAM_MEDIUM; + ENABLE_PROFILE(c, GNUTLS_PROFILE_FUTURE); } static void enable_profile_suiteb128(gnutls_priority_t c) { - c->additional_verify_flags &= 0x00ffffff; - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB128); - c->level = GNUTLS_SEC_PARAM_HIGH; + ENABLE_PROFILE(c, GNUTLS_PROFILE_SUITEB128); } static void enable_profile_suiteb192(gnutls_priority_t c) { - c->additional_verify_flags &= 0x00ffffff; - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(GNUTLS_PROFILE_SUITEB192); - c->level = GNUTLS_SEC_PARAM_ULTRA; + ENABLE_PROFILE(c, GNUTLS_PROFILE_SUITEB128); } static void enable_safe_renegotiation(gnutls_priority_t c) { |