da1f719199
- add multi_mask, negative_mask, and multi_strength + some keywords may describe multiple cipher suite parameters at once - fix masks decision tree + all masks have to fit the cipher suite to include it - correct 'action' evaluation + plus sign means ordering (which NSS does not support) + no sign presence means adding implicitly - extend keywords for new future ciphers Backporting: #1372349 Resolves: #1243517
65 lines
2.1 KiB
Diff
65 lines
2.1 KiB
Diff
Update MozNSS cipher attributes definitions
|
|
|
|
Author: Matus Honek <mhonek@redhat.com>
|
|
PreviousAuthor: Jan Vcelak <jvcelak@redhat.com>
|
|
|
|
diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
|
|
--- a/libraries/libldap/tls_m.c
|
|
+++ b/libraries/libldap/tls_m.c
|
|
@@ -210,27 +210,37 @@ typedef struct {
|
|
/* cipher attributes */
|
|
#define SSL_kRSA 0x00000001L
|
|
#define SSL_aRSA 0x00000002L
|
|
-#define SSL_RSA (SSL_kRSA|SSL_aRSA)
|
|
#define SSL_aDSA 0x00000004L
|
|
#define SSL_DSA SSL_aDSA
|
|
#define SSL_eNULL 0x00000008L
|
|
#define SSL_DES 0x00000010L
|
|
#define SSL_3DES 0x00000020L
|
|
#define SSL_RC4 0x00000040L
|
|
#define SSL_RC2 0x00000080L
|
|
#define SSL_AES128 0x00000100L
|
|
#define SSL_AES256 0x00000200L
|
|
-#define SSL_AES (SSL_AES128|SSL_AES256)
|
|
#define SSL_MD5 0x00000400L
|
|
#define SSL_SHA1 0x00000800L
|
|
#define SSL_kEDH 0x00001000L
|
|
#define SSL_CAMELLIA128 0x00002000L
|
|
#define SSL_CAMELLIA256 0x00004000L
|
|
-#define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
|
|
#define SSL_SEED 0x00008000L
|
|
#define SSL_kECDH 0x00010000L
|
|
#define SSL_kECDHE 0x00020000L
|
|
#define SSL_aECDSA 0x00040000L
|
|
+#define SSL_SHA256 0x00080000L
|
|
+#define SSL_SHA384 0x00100000L
|
|
+#define SSL_kEECDH 0x00200000L
|
|
+#define SSL_AESGCM 0x00400000L
|
|
+#define SSL_AEAD 0x00800000L
|
|
+#define SSL_aPSK 0x01000000L
|
|
+#define SSL_CHACHA20POLY1305 0x02000000L
|
|
+
|
|
+/* cipher attributes non-unique - do not use for definitions */
|
|
+#define SSL_RSA 0x00000001L
|
|
+#define SSL_AES 0x00000002L
|
|
+#define SSL_CAMELLIA 0x00000004L
|
|
+#define SSL_ECDH 0x00000008L
|
|
|
|
/* cipher strength */
|
|
#define SSL_NULL 0x00000001L
|
|
@@ -237,10 +251,14 @@ typedef struct {
|
|
#define SSL_MEDIUM 0x00000010L
|
|
#define SSL_HIGH 0x00000020L
|
|
|
|
+/* cipher strengths non-unique - do not use for definitions */
|
|
+#define SSL_EXPORT 0x00000001L
|
|
+
|
|
#define SSL2 0x00000001L
|
|
#define SSL3 0x00000002L
|
|
/* OpenSSL treats SSL3 and TLSv1 the same */
|
|
#define TLS1 SSL3
|
|
+#define TLS1_2 0x00000004L
|
|
|
|
/* Cipher translation */
|
|
static cipher_properties ciphers_def[] = {
|