diff options
Diffstat (limited to 'lib/nss')
| -rw-r--r-- | lib/nss/nss.h | 22 | ||||
| -rw-r--r-- | lib/nss/nssoptions.c | 28 | ||||
| -rw-r--r-- | lib/nss/nssoptions.h | 2 |
3 files changed, 51 insertions, 1 deletions
diff --git a/lib/nss/nss.h b/lib/nss/nss.h index 081422e91..b3ef5057c 100644 --- a/lib/nss/nss.h +++ b/lib/nss/nss.h @@ -302,6 +302,28 @@ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); #define NSS_DEFAULT_LOCKS 0x00d /* lock default values */ #define NSS_DEFAULT_SSL_LOCK 1 /* lock the ssl default values */ +/* NSS_KEY_SIZE_POLICY controls what kinds of operations are subject to + * the NSS_XXX_MIN_KEY_SIZE values. + * NSS_KEY_SIZE_POLICY_FLAGS sets and clears all the flags to the input + * value + * On get it returns all the flags + * NSS_KEY_SIZE_POLICY_SET_FLAGS sets only the flags=1 in theinput value and + * does not affect the other flags + * On get it returns all the flags + * NSS_KEY_SIZE_POLICY_CLEAR_FLAGS clears only the flags=1 in the input + * value and does not affect the other flags + * On get it returns all the compliment of all the flags + * (cleared flags == 1) */ +#define NSS_KEY_SIZE_POLICY_FLAGS 0x00e +#define NSS_KEY_SIZE_POLICY_SET_FLAGS 0x00f +#define NSS_KEY_SIZE_POLICY_CLEAR_FLAGS 0x010 +/* currently defined flags */ +#define NSS_KEY_SIZE_POLICY_SSL_FLAG 1 +#define NSS_KEY_SIZE_POLICY_VERIFY_FLAG 2 +#define NSS_KEY_SIZE_POLICY_SIGN_FLAG 4 + +#define NSS_ECC_MIN_KEY_SIZE 0x011 + /* * Set and get global options for the NSS library. */ diff --git a/lib/nss/nssoptions.c b/lib/nss/nssoptions.c index f7225c414..cc637ffda 100644 --- a/lib/nss/nssoptions.c +++ b/lib/nss/nssoptions.c @@ -26,6 +26,8 @@ struct nssOps { PRInt32 dtlsVersionMaxPolicy; PRInt32 pkcs12DecodeForceUnicode; PRInt32 defaultLocks; + PRInt32 keySizePolicyFlags; + PRInt32 eccMinKeySize; }; static struct nssOps nss_ops = { @@ -37,7 +39,9 @@ static struct nssOps nss_ops = { 1, 0xffff, PR_FALSE, - 0 + 0, + NSS_KEY_SIZE_POLICY_SSL_FLAG, + SSL_ECC_MIN_CURVE_BITS }; SECStatus @@ -78,6 +82,18 @@ NSS_OptionSet(PRInt32 which, PRInt32 value) case NSS_DEFAULT_LOCKS: nss_ops.defaultLocks = value; break; + case NSS_KEY_SIZE_POLICY_FLAGS: + nss_ops.keySizePolicyFlags = value; + break; + case NSS_KEY_SIZE_POLICY_SET_FLAGS: + nss_ops.keySizePolicyFlags |= value; + break; + case NSS_KEY_SIZE_POLICY_CLEAR_FLAGS: + nss_ops.keySizePolicyFlags &= ~value; + break; + case NSS_ECC_MIN_KEY_SIZE: + nss_ops.eccMinKeySize = value; + break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -119,6 +135,16 @@ NSS_OptionGet(PRInt32 which, PRInt32 *value) case NSS_DEFAULT_LOCKS: *value = nss_ops.defaultLocks; break; + case NSS_KEY_SIZE_POLICY_FLAGS: + case NSS_KEY_SIZE_POLICY_SET_FLAGS: + *value = nss_ops.keySizePolicyFlags; + break; + case NSS_KEY_SIZE_POLICY_CLEAR_FLAGS: + *value = ~nss_ops.keySizePolicyFlags; + break; + case NSS_ECC_MIN_KEY_SIZE: + *value = nss_ops.eccMinKeySize; + break; default: rv = SECFailure; } diff --git a/lib/nss/nssoptions.h b/lib/nss/nssoptions.h index 024c1e92f..3f19c61ed 100644 --- a/lib/nss/nssoptions.h +++ b/lib/nss/nssoptions.h @@ -18,3 +18,5 @@ * happens because NSS used to count bit lengths incorrectly. */ #define SSL_DH_MIN_P_BITS 1023 #define SSL_DSA_MIN_P_BITS 1023 +/* not really used by SSL, but define it here for consistency */ +#define SSL_ECC_MIN_CURVE_BITS 255 |