1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/*
* NSS utility functions
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <ctype.h>
#include <string.h>
#include <assert.h>
#include "seccomon.h"
#include "secoidt.h"
#include "secoid.h"
#include "nss.h"
#include "nssoptions.h"
#include "secerr.h"
struct nssOps {
PRInt32 rsaMinKeySize;
PRInt32 dhMinKeySize;
PRInt32 dsaMinKeySize;
PRInt32 tlsVersionMinPolicy;
PRInt32 tlsVersionMaxPolicy;
PRInt32 dtlsVersionMinPolicy;
PRInt32 dtlsVersionMaxPolicy;
PRInt32 pkcs12DecodeForceUnicode;
PRInt32 defaultLocks;
};
static struct nssOps nss_ops = {
SSL_RSA_MIN_MODULUS_BITS,
SSL_DH_MIN_P_BITS,
SSL_DSA_MIN_P_BITS,
1, /* Set TLS min to less the the smallest legal SSL value */
0xffff, /* set TLS max to more than the largest legal SSL value */
1,
0xffff,
PR_FALSE,
0
};
SECStatus
NSS_OptionSet(PRInt32 which, PRInt32 value)
{
SECStatus rv = SECSuccess;
if (NSS_IsPolicyLocked()) {
PORT_SetError(SEC_ERROR_POLICY_LOCKED);
return SECFailure;
}
switch (which) {
case NSS_RSA_MIN_KEY_SIZE:
nss_ops.rsaMinKeySize = value;
break;
case NSS_DH_MIN_KEY_SIZE:
nss_ops.dhMinKeySize = value;
break;
case NSS_DSA_MIN_KEY_SIZE:
nss_ops.dsaMinKeySize = value;
break;
case NSS_TLS_VERSION_MIN_POLICY:
nss_ops.tlsVersionMinPolicy = value;
break;
case NSS_TLS_VERSION_MAX_POLICY:
nss_ops.tlsVersionMaxPolicy = value;
break;
case NSS_DTLS_VERSION_MIN_POLICY:
nss_ops.dtlsVersionMinPolicy = value;
break;
case NSS_DTLS_VERSION_MAX_POLICY:
nss_ops.dtlsVersionMaxPolicy = value;
break;
case __NSS_PKCS12_DECODE_FORCE_UNICODE:
nss_ops.pkcs12DecodeForceUnicode = value;
break;
case NSS_DEFAULT_LOCKS:
nss_ops.defaultLocks = value;
break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
}
return rv;
}
SECStatus
NSS_OptionGet(PRInt32 which, PRInt32 *value)
{
SECStatus rv = SECSuccess;
switch (which) {
case NSS_RSA_MIN_KEY_SIZE:
*value = nss_ops.rsaMinKeySize;
break;
case NSS_DH_MIN_KEY_SIZE:
*value = nss_ops.dhMinKeySize;
break;
case NSS_DSA_MIN_KEY_SIZE:
*value = nss_ops.dsaMinKeySize;
break;
case NSS_TLS_VERSION_MIN_POLICY:
*value = nss_ops.tlsVersionMinPolicy;
break;
case NSS_TLS_VERSION_MAX_POLICY:
*value = nss_ops.tlsVersionMaxPolicy;
break;
case NSS_DTLS_VERSION_MIN_POLICY:
*value = nss_ops.dtlsVersionMinPolicy;
break;
case NSS_DTLS_VERSION_MAX_POLICY:
*value = nss_ops.dtlsVersionMaxPolicy;
break;
case __NSS_PKCS12_DECODE_FORCE_UNICODE:
*value = nss_ops.pkcs12DecodeForceUnicode;
break;
case NSS_DEFAULT_LOCKS:
*value = nss_ops.defaultLocks;
break;
default:
rv = SECFailure;
}
return rv;
}
|
