← Back to branch summary

~ubuntu-branches/ubuntu/saucy/gnutls28/saucy

« back to all changes in this revision

Viewing changes to lib/gnutls_priority.c

  • Committer: Package Import Robot
  • Author(s): Jeremy Bicha
  • Date: 2013-07-30 21:40:07 UTC
  • mfrom: (14.1.9 saucy-proposed)
  • Revision ID: package-import@ubuntu.com-20130730214007-9mrd08xo61kla008
Tags: 3.2.3-1ubuntu1
https://launchpad.net/bugs/1068029
* Sync with Debian (LP: #1068029). Remaining change:
  - Drop gnutls-bin and -doc since we want to use the versions
    in gnutls26 as the defaults instead

Show diffs side-by-side

added added

removed removed

Lines of Context:
lib/gnutls_priority.c
7
7
 *
8
8
 * The GnuTLS is free software; you can redistribute it and/or
9
9
 * modify it under the terms of the GNU Lesser General Public License
10
 
 * as published by the Free Software Foundation; either version 3 of
 
10
 * as published by the Free Software Foundation; either version 2.1 of
11
11
 * the License, or (at your option) any later version.
12
12
 *
13
13
 * This library is distributed in the hope that it will be useful, but
86
86
  return;
87
87
}
88
88
 
 
89
inline static void
 
90
_add_priority (priority_st * st, const int *list)
 
91
{
 
92
  int num, i, j, init;
 
93
 
 
94
  init = i = st->algorithms;
 
95
 
 
96
  for (num=0;list[num]!=0;++num)
 
97
    {
 
98
      if (i+1 > MAX_ALGOS)
 
99
        {
 
100
          return;
 
101
        }
 
102
      
 
103
      for (j=0;j<init;j++)
 
104
        {
 
105
          if (st->priority[j] == (unsigned)list[num])
 
106
            {
 
107
              break;
 
108
            }
 
109
        }
 
110
 
 
111
      if (j == init)
 
112
        {
 
113
          st->priority[i++] = list[num];
 
114
          st->algorithms++;
 
115
        }
 
116
    }
 
117
    
 
118
  return;
 
119
}
 
120
 
89
121
static void
90
122
_clear_priorities (priority_st * st, const int *list)
91
123
{
250
282
  GNUTLS_TLS1_1,
251
283
  GNUTLS_TLS1_0,
252
284
  GNUTLS_SSL3,
 
285
  GNUTLS_DTLS1_2,
 
286
  GNUTLS_DTLS1_0,
 
287
  0
 
288
};
 
289
 
 
290
static const int dtls_protocol_priority[] = {
 
291
  GNUTLS_DTLS1_2,
253
292
  GNUTLS_DTLS1_0,
254
293
  0
255
294
};
261
300
 
262
301
static const int kx_priority_performance[] = {
263
302
  GNUTLS_KX_RSA,
 
303
#ifdef ENABLE_ECDHE
264
304
  GNUTLS_KX_ECDHE_ECDSA,
265
305
  GNUTLS_KX_ECDHE_RSA,
 
306
#endif
 
307
#ifdef ENABLE_DHE
266
308
  GNUTLS_KX_DHE_RSA,
267
309
  GNUTLS_KX_DHE_DSS,
 
310
#endif
268
311
  0
269
312
};
270
313
 
275
318
 
276
319
static const int kx_priority_export[] = {
277
320
  GNUTLS_KX_RSA,
 
321
#ifdef ENABLE_ECDHE
278
322
  GNUTLS_KX_ECDHE_ECDSA,
279
323
  GNUTLS_KX_ECDHE_RSA,
 
324
#endif
 
325
#ifdef ENABLE_DHE
280
326
  GNUTLS_KX_DHE_RSA,
281
327
  GNUTLS_KX_DHE_DSS,
282
 
  GNUTLS_KX_RSA_EXPORT,
 
328
#endif
283
329
  0
284
330
};
285
331
 
287
333
  /* The ciphersuites that offer forward secrecy take
288
334
   * precedence
289
335
   */
 
336
#ifdef ENABLE_ECDHE
290
337
  GNUTLS_KX_ECDHE_ECDSA,
291
338
  GNUTLS_KX_ECDHE_RSA,
 
339
#endif
 
340
  GNUTLS_KX_RSA,
 
341
  /* KX-RSA is now ahead of DHE-RSA and DHE-DSS due to the compatibility
 
342
   * issues the DHE ciphersuites have. That is, one cannot enforce a specific
 
343
   * security level without dropping the connection. 
 
344
   */
 
345
#ifdef ENABLE_DHE
292
346
  GNUTLS_KX_DHE_RSA,
293
347
  GNUTLS_KX_DHE_DSS,
294
 
  GNUTLS_KX_RSA,
 
348
#endif
295
349
  /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
296
 
   * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add!
297
350
   */
298
351
  0
299
352
};
503
556
static void
504
557
prio_remove (priority_st * priority_list, unsigned int algo)
505
558
{
506
 
  int i = 0;
507
 
  int pos = -1;                 /* the position of the cipher to remove */
508
 
 
509
 
  while (priority_list->priority[i] != 0)
510
 
    {
511
 
      if (priority_list->priority[i] == algo)
512
 
        pos = i;
513
 
      i++;
514
 
    }
515
 
 
516
 
  if (pos >= 0)
517
 
    {
518
 
      priority_list->priority[pos] = priority_list->priority[i - 1];
519
 
      priority_list->priority[i - 1] = 0;
520
 
      priority_list->algorithms--;
 
559
  unsigned int i;
 
560
 
 
561
  for (i=0;i<priority_list->algorithms;i++)
 
562
    {
 
563
      if (priority_list->priority[i] == algo) 
 
564
        {
 
565
          priority_list->algorithms--;
 
566
          if ((priority_list->algorithms-i) > 0)
 
567
            memmove(&priority_list->priority[i], &priority_list->priority[i+1], (priority_list->algorithms-i)*sizeof(priority_list->priority[0]));
 
568
          priority_list->priority[priority_list->algorithms] = 0;
 
569
          break;
 
570
        }
521
571
    }
522
572
 
523
573
  return;
526
576
static void
527
577
prio_add (priority_st * priority_list, unsigned int algo)
528
578
{
529
 
  register int i = 0;
530
 
  while (priority_list->priority[i] != 0)
 
579
  unsigned int i, l = priority_list->algorithms;
 
580
 
 
581
  if (l >= MAX_ALGOS)
 
582
    return;                     /* can't add it anyway */
 
583
 
 
584
  for (i = 0; i < l; ++i)
531
585
    {
532
586
      if (algo == priority_list->priority[i])
533
587
        return;                 /* if it exists */
534
 
      i++;
535
588
    }
536
589
 
537
 
  if (i < MAX_ALGOS)
538
 
    {
539
 
      priority_list->priority[i] = algo;
540
 
      priority_list->algorithms++;
541
 
    }
 
590
  priority_list->priority[l] = algo;
 
591
  priority_list->algorithms++;
542
592
 
543
593
  return;
544
594
}
587
637
 
588
638
#define MAX_ELEMENTS 48
589
639
 
 
640
#define LEVEL_NONE "NONE"
 
641
#define LEVEL_NORMAL "NORMAL"
 
642
#define LEVEL_PERFORMANCE "PERFORMANCE"
 
643
#define LEVEL_SECURE128 "SECURE128"
 
644
#define LEVEL_SECURE192 "SECURE192"
 
645
#define LEVEL_SECURE256 "SECURE256"
 
646
#define LEVEL_SUITEB128 "SUITEB128"
 
647
#define LEVEL_SUITEB192 "SUITEB192"
 
648
#define LEVEL_EXPORT "EXPORT"
 
649
 
 
650
static
 
651
int check_level(const char* level, gnutls_priority_t priority_cache, int add)
 
652
{
 
653
bulk_rmadd_func *func;
 
654
 
 
655
  if (add) func = _add_priority;
 
656
  else func = _set_priority;
 
657
 
 
658
  if (strcasecmp (level, LEVEL_PERFORMANCE) == 0)
 
659
    {
 
660
      func (&priority_cache->cipher,
 
661
                     cipher_priority_performance);
 
662
      func (&priority_cache->kx, kx_priority_performance);
 
663
      func (&priority_cache->mac, mac_priority_normal);
 
664
      func (&priority_cache->sign_algo,
 
665
                     sign_priority_default);
 
666
      func (&priority_cache->supported_ecc, supported_ecc_normal);
 
667
 
 
668
      if (priority_cache->level == 0)
 
669
        priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
 
670
      return 1;
 
671
    }
 
672
  else if (strcasecmp (level, LEVEL_NORMAL) == 0)
 
673
    {
 
674
      func (&priority_cache->cipher, cipher_priority_normal);
 
675
      func (&priority_cache->kx, kx_priority_secure);
 
676
      func (&priority_cache->mac, mac_priority_normal);
 
677
      func (&priority_cache->sign_algo,
 
678
                     sign_priority_default);
 
679
      func (&priority_cache->supported_ecc, supported_ecc_normal);
 
680
 
 
681
      if (priority_cache->level == 0)
 
682
        priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
 
683
      return 1;
 
684
    }
 
685
  else if (strcasecmp (level, LEVEL_SECURE256) == 0
 
686
           || strcasecmp (level, LEVEL_SECURE192) == 0)
 
687
    {
 
688
      func (&priority_cache->cipher,
 
689
                     cipher_priority_secure192);
 
690
      func (&priority_cache->kx, kx_priority_secure);
 
691
      func (&priority_cache->mac, mac_priority_secure192);
 
692
      func (&priority_cache->sign_algo,
 
693
                     sign_priority_secure192);
 
694
      func (&priority_cache->supported_ecc, supported_ecc_secure192);
 
695
      
 
696
      /* be conservative for now. Set the bits to correspond to 96-bit level */
 
697
      if (priority_cache->level == 0)
 
698
        priority_cache->level = GNUTLS_SEC_PARAM_LEGACY;
 
699
      return 1;
 
700
    }
 
701
  else if (strcasecmp (level, LEVEL_SECURE128) == 0
 
702
           || strcasecmp (level, "SECURE") == 0)
 
703
    {
 
704
      func (&priority_cache->cipher,
 
705
                     cipher_priority_secure128);
 
706
      func (&priority_cache->kx, kx_priority_secure);
 
707
      func (&priority_cache->mac, mac_priority_secure128);
 
708
      func (&priority_cache->sign_algo,
 
709
                     sign_priority_secure128);
 
710
      func (&priority_cache->supported_ecc, supported_ecc_secure128);
 
711
 
 
712
      /* be conservative for now. Set the bits to correspond to an 72-bit level */
 
713
      if (priority_cache->level == 0)
 
714
        priority_cache->level = GNUTLS_SEC_PARAM_WEAK;
 
715
      return 1;
 
716
    }
 
717
  else if (strcasecmp (level, LEVEL_SUITEB128) == 0)
 
718
    {
 
719
      func (&priority_cache->protocol, protocol_priority_suiteb);
 
720
      func (&priority_cache->cipher,
 
721
                     cipher_priority_suiteb128);
 
722
      func (&priority_cache->kx, kx_priority_suiteb);
 
723
      func (&priority_cache->mac, mac_priority_suiteb128);
 
724
      func (&priority_cache->sign_algo,
 
725
                     sign_priority_suiteb128);
 
726
      func (&priority_cache->supported_ecc, supported_ecc_suiteb128);
 
727
 
 
728
      if (priority_cache->level == 0)
 
729
        priority_cache->level = GNUTLS_SEC_PARAM_HIGH;
 
730
      return 1;
 
731
    }
 
732
  else if (strcasecmp (level, LEVEL_SUITEB192) == 0)
 
733
    {
 
734
      func (&priority_cache->protocol, protocol_priority_suiteb);
 
735
      func (&priority_cache->cipher,
 
736
                     cipher_priority_suiteb192);
 
737
      func (&priority_cache->kx, kx_priority_suiteb);
 
738
      func (&priority_cache->mac, mac_priority_suiteb192);
 
739
      func (&priority_cache->sign_algo,
 
740
                     sign_priority_suiteb192);
 
741
      func (&priority_cache->supported_ecc, supported_ecc_suiteb192);
 
742
 
 
743
      if (priority_cache->level == 0)
 
744
        priority_cache->level = GNUTLS_SEC_PARAM_ULTRA;
 
745
      return 1;
 
746
    }
 
747
  else if (strcasecmp (level, LEVEL_EXPORT) == 0)
 
748
    {
 
749
      func (&priority_cache->cipher, cipher_priority_export);
 
750
      func (&priority_cache->kx, kx_priority_export);
 
751
      func (&priority_cache->mac, mac_priority_secure128);
 
752
      func (&priority_cache->sign_algo,
 
753
                     sign_priority_default);
 
754
      func (&priority_cache->supported_ecc, supported_ecc_normal);
 
755
 
 
756
      if (priority_cache->level == 0)
 
757
        priority_cache->level = GNUTLS_SEC_PARAM_EXPORT;
 
758
      return 1;
 
759
    }
 
760
  return 0;
 
761
}
 
762
 
590
763
/**
591
764
 * gnutls_priority_init:
592
765
 * @priority_cache: is a #gnutls_prioritity_t structure.
640
813
 *
641
814
 * "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
642
815
 *
643
 
 * "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
 
816
 * "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
644
817
 * enabled, SSL3.0 is disabled, and libz compression enabled.
645
818
 *
646
819
 * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1", 
647
820
 *
648
821
 * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1", 
649
822
 *
650
 
 * "NORMAL:%COMPAT" is the most compatible mode.
 
823
 * "SECURE256:+SECURE128",
 
824
 *
 
825
 * Note that "NORMAL:%COMPAT" is the most compatible mode.
651
826
 *
652
827
 * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
653
828
 * %GNUTLS_E_SUCCESS on success, or an error code.
669
844
      gnutls_assert ();
670
845
      return GNUTLS_E_MEMORY_ERROR;
671
846
    }
 
847
  
 
848
  if (err_pos)
 
849
    *err_pos = priorities;
672
850
 
673
851
  /* for now unsafe renegotiation is default on everyone. To be removed
674
852
   * when we make it the default.
675
853
   */
676
854
  (*priority_cache)->sr = SR_PARTIAL;
677
855
  (*priority_cache)->ssl3_record_version = 1;
 
856
  
 
857
  
 
858
  (*priority_cache)->max_empty_records = DEFAULT_MAX_EMPTY_RECORDS;
678
859
 
679
860
  if (priorities == NULL)
680
 
    priorities = "NORMAL";
 
861
    priorities = LEVEL_NORMAL;
681
862
 
682
863
  darg = gnutls_strdup (priorities);
683
864
  if (darg == NULL)
690
871
  /* This is our default set of protocol version, certificate types and
691
872
   * compression methods.
692
873
   */
693
 
  if (strcasecmp (broken_list[0], "NONE") != 0)
 
874
  if (strcasecmp (broken_list[0], LEVEL_NONE) != 0)
694
875
    {
695
876
      _set_priority (&(*priority_cache)->protocol, protocol_priority);
696
877
      _set_priority (&(*priority_cache)->compression, comp_priority);
697
878
      _set_priority (&(*priority_cache)->cert_type, cert_type_priority_default);
698
879
      _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
699
880
      _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
 
881
      (*priority_cache)->level = GNUTLS_SEC_PARAM_VERY_WEAK;
700
882
      i = 0;
701
883
    }
702
884
  else
706
888
 
707
889
  for (; i < broken_list_size; i++)
708
890
    {
709
 
      if (strcasecmp (broken_list[i], "PERFORMANCE") == 0)
710
 
        {
711
 
          _set_priority (&(*priority_cache)->cipher,
712
 
                         cipher_priority_performance);
713
 
          _set_priority (&(*priority_cache)->kx, kx_priority_performance);
714
 
          _set_priority (&(*priority_cache)->mac, mac_priority_normal);
715
 
          _set_priority (&(*priority_cache)->sign_algo,
716
 
                         sign_priority_default);
717
 
          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
718
 
        }
719
 
      else if (strcasecmp (broken_list[i], "NORMAL") == 0)
720
 
        {
721
 
          _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
722
 
          _set_priority (&(*priority_cache)->kx, kx_priority_secure);
723
 
          _set_priority (&(*priority_cache)->mac, mac_priority_normal);
724
 
          _set_priority (&(*priority_cache)->sign_algo,
725
 
                         sign_priority_default);
726
 
          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
727
 
        }
728
 
      else if (strcasecmp (broken_list[i], "SECURE256") == 0
729
 
               || strcasecmp (broken_list[i], "SECURE192") == 0)
730
 
        {
731
 
          _set_priority (&(*priority_cache)->cipher,
732
 
                         cipher_priority_secure192);
733
 
          _set_priority (&(*priority_cache)->kx, kx_priority_secure);
734
 
          _set_priority (&(*priority_cache)->mac, mac_priority_secure192);
735
 
          _set_priority (&(*priority_cache)->sign_algo,
736
 
                         sign_priority_secure192);
737
 
          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure192);
738
 
        }
739
 
      else if (strcasecmp (broken_list[i], "SECURE128") == 0
740
 
               || strcasecmp (broken_list[i], "SECURE") == 0)
741
 
        {
742
 
          _set_priority (&(*priority_cache)->cipher,
743
 
                         cipher_priority_secure128);
744
 
          _set_priority (&(*priority_cache)->kx, kx_priority_secure);
745
 
          _set_priority (&(*priority_cache)->mac, mac_priority_secure128);
746
 
          _set_priority (&(*priority_cache)->sign_algo,
747
 
                         sign_priority_secure128);
748
 
          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure128);
749
 
        }
750
 
      else if (strcasecmp (broken_list[i], "SUITEB128") == 0)
751
 
        {
752
 
          _set_priority (&(*priority_cache)->protocol, protocol_priority_suiteb);
753
 
          _set_priority (&(*priority_cache)->cipher,
754
 
                         cipher_priority_suiteb128);
755
 
          _set_priority (&(*priority_cache)->kx, kx_priority_suiteb);
756
 
          _set_priority (&(*priority_cache)->mac, mac_priority_suiteb128);
757
 
          _set_priority (&(*priority_cache)->sign_algo,
758
 
                         sign_priority_suiteb128);
759
 
          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_suiteb128);
760
 
        }
761
 
      else if (strcasecmp (broken_list[i], "SUITEB192") == 0)
762
 
        {
763
 
          _set_priority (&(*priority_cache)->protocol, protocol_priority_suiteb);
764
 
          _set_priority (&(*priority_cache)->cipher,
765
 
                         cipher_priority_suiteb192);
766
 
          _set_priority (&(*priority_cache)->kx, kx_priority_suiteb);
767
 
          _set_priority (&(*priority_cache)->mac, mac_priority_suiteb192);
768
 
          _set_priority (&(*priority_cache)->sign_algo,
769
 
                         sign_priority_suiteb192);
770
 
          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_suiteb192);
771
 
        }
772
 
      else if (strcasecmp (broken_list[i], "EXPORT") == 0)
773
 
        {
774
 
          _set_priority (&(*priority_cache)->cipher, cipher_priority_export);
775
 
          _set_priority (&(*priority_cache)->kx, kx_priority_export);
776
 
          _set_priority (&(*priority_cache)->mac, mac_priority_secure128);
777
 
          _set_priority (&(*priority_cache)->sign_algo,
778
 
                         sign_priority_default);
779
 
          _set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
780
 
        }                       /* now check if the element is something like -ALGO */
 
891
      if (check_level(broken_list[i], *priority_cache, 0) != 0)
 
892
        {
 
893
          continue;
 
894
        }
781
895
      else if (broken_list[i][0] == '!' || broken_list[i][0] == '+'
782
896
               || broken_list[i][0] == '-')
783
897
        {
784
898
          if (broken_list[i][0] == '+')
785
899
            {
786
900
              fn = prio_add;
787
 
              bulk_fn = _set_priority;
 
901
              bulk_fn = _add_priority;
788
902
            }
789
903
          else
790
904
            {
792
906
              bulk_fn = _clear_priorities;
793
907
            }
794
908
 
795
 
          if ((algo =
 
909
          if (broken_list[i][0] == '+' && check_level(&broken_list[i][1], *priority_cache, 1) != 0)
 
910
            {
 
911
              continue;
 
912
            }
 
913
          else if ((algo =
796
914
               gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN)
797
915
            fn (&(*priority_cache)->mac, algo);
798
916
          else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) !=
808
926
                  bulk_fn (&(*priority_cache)->protocol,
809
927
                                 protocol_priority);
810
928
                }
 
929
              else if (strncasecmp (&broken_list[i][1], "VERS-DTLS-ALL", 13) == 0)
 
930
                {
 
931
                  bulk_fn (&(*priority_cache)->protocol,
 
932
                                 dtls_protocol_priority);
 
933
                }
811
934
              else
812
935
                {
813
936
                  if ((algo =
909
1032
        {
910
1033
          if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
911
1034
            {
912
 
              (*priority_cache)->no_padding = 1;
913
 
              (*priority_cache)->allow_large_records = 1;
 
1035
              ENABLE_COMPAT((*priority_cache));
914
1036
            }
915
1037
          else if (strcasecmp (&broken_list[i][1], "NO_EXTENSIONS") == 0)
916
1038
            {
917
1039
              (*priority_cache)->no_extensions = 1;
918
1040
            }
 
1041
          else if (strcasecmp (&broken_list[i][1], "STATELESS_COMPRESSION") == 0)
 
1042
            {
 
1043
              (*priority_cache)->stateless_compression = 1;
 
1044
            }
919
1045
          else if (strcasecmp (&broken_list[i][1],
920
1046
                               "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
921
1047
            {
924
1050
                GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
925
1051
            }
926
1052
          else if (strcasecmp (&broken_list[i][1],
 
1053
                               "VERIFY_DISABLE_CRL_CHECKS") == 0)
 
1054
            {
 
1055
              (*priority_cache)->additional_verify_flags |=
 
1056
                GNUTLS_VERIFY_DISABLE_CRL_CHECKS;
 
1057
            }
 
1058
          else if (strcasecmp (&broken_list[i][1],
927
1059
                               "SSL3_RECORD_VERSION") == 0)
928
1060
            (*priority_cache)->ssl3_record_version = 1;
929
1061
          else if (strcasecmp (&broken_list[i][1],
957
1089
            {
958
1090
              (*priority_cache)->server_precedence = 1;
959
1091
            }
 
1092
          else if (strcasecmp (&broken_list[i][1],
 
1093
                               "NEW_PADDING") == 0)
 
1094
            {
 
1095
              (*priority_cache)->new_record_padding = 1;
 
1096
            }
960
1097
          else
961
1098
            goto error;
962
1099
        }
1151
1288
}
1152
1289
 
1153
1290
/**
 
1291
 * gnutls_priority_kx_list:
 
1292
 * @pcache: is a #gnutls_prioritity_t structure.
 
1293
 * @list: will point to an integer list
 
1294
 *
 
1295
 * Get a list of available key exchange methods in the priority
 
1296
 * structure. 
 
1297
 *
 
1298
 * Returns: the number of curves, or an error code.
 
1299
 * Since: 3.2.3
 
1300
 **/
 
1301
int
 
1302
gnutls_priority_kx_list (gnutls_priority_t pcache, const unsigned int** list)
 
1303
{
 
1304
  if (pcache->kx.algorithms == 0)
 
1305
    return 0;
 
1306
  
 
1307
  *list = pcache->kx.priority;
 
1308
  return pcache->kx.algorithms;
 
1309
}
 
1310
 
 
1311
/**
 
1312
 * gnutls_priority_cipher_list:
 
1313
 * @pcache: is a #gnutls_prioritity_t structure.
 
1314
 * @list: will point to an integer list
 
1315
 *
 
1316
 * Get a list of available ciphers in the priority
 
1317
 * structure. 
 
1318
 *
 
1319
 * Returns: the number of curves, or an error code.
 
1320
 * Since: 3.2.3
 
1321
 **/
 
1322
int
 
1323
gnutls_priority_cipher_list (gnutls_priority_t pcache, const unsigned int** list)
 
1324
{
 
1325
  if (pcache->cipher.algorithms == 0)
 
1326
    return 0;
 
1327
  
 
1328
  *list = pcache->cipher.priority;
 
1329
  return pcache->cipher.algorithms;
 
1330
}
 
1331
 
 
1332
/**
 
1333
 * gnutls_priority_mac_list:
 
1334
 * @pcache: is a #gnutls_prioritity_t structure.
 
1335
 * @list: will point to an integer list
 
1336
 *
 
1337
 * Get a list of available MAC algorithms in the priority
 
1338
 * structure. 
 
1339
 *
 
1340
 * Returns: the number of curves, or an error code.
 
1341
 * Since: 3.2.3
 
1342
 **/
 
1343
int
 
1344
gnutls_priority_mac_list (gnutls_priority_t pcache, const unsigned int** list)
 
1345
{
 
1346
  if (pcache->mac.algorithms == 0)
 
1347
    return 0;
 
1348
  
 
1349
  *list = pcache->mac.priority;
 
1350
  return pcache->mac.algorithms;
 
1351
}
 
1352
 
 
1353
/**
1154
1354
 * gnutls_priority_compression_list:
1155
1355
 * @pcache: is a #gnutls_prioritity_t structure.
1156
1356
 * @list: will point to an integer list