security/nss/lib/nss/nssoptions.c
author Sebastian Hengst <archaeopteryx@coole-files.de>
Wed, 14 Apr 2021 11:29:47 +0200
changeset 575819 14541ee6ce5e7c9f273e83c0ad3b2ba1c46b02c5
parent 555459 24aaf5d4c68bccf698870752ca00e2c8952032f8
permissions -rw-r--r--
Merge autoland to mozilla-central. a=merge

/*
 * NSS utility functions
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <ctype.h>
#include <string.h>
#include <assert.h>

#include "seccomon.h"
#include "secoidt.h"
#include "secoid.h"
#include "nss.h"
#include "nssoptions.h"
#include "secerr.h"

struct nssOps {
    PRInt32 rsaMinKeySize;
    PRInt32 dhMinKeySize;
    PRInt32 dsaMinKeySize;
    PRInt32 tlsVersionMinPolicy;
    PRInt32 tlsVersionMaxPolicy;
    PRInt32 dtlsVersionMinPolicy;
    PRInt32 dtlsVersionMaxPolicy;
    PRInt32 pkcs12DecodeForceUnicode;
    PRInt32 defaultLocks;
};

static struct nssOps nss_ops = {
    SSL_RSA_MIN_MODULUS_BITS,
    SSL_DH_MIN_P_BITS,
    SSL_DSA_MIN_P_BITS,
    1,      /* Set TLS min to less the the smallest legal SSL value */
    0xffff, /* set TLS max to more than the largest legal SSL value */
    1,
    0xffff,
    PR_FALSE,
    0
};

SECStatus
NSS_OptionSet(PRInt32 which, PRInt32 value)
{
    SECStatus rv = SECSuccess;

    if (NSS_IsPolicyLocked()) {
        PORT_SetError(SEC_ERROR_POLICY_LOCKED);
        return SECFailure;
    }

    switch (which) {
        case NSS_RSA_MIN_KEY_SIZE:
            nss_ops.rsaMinKeySize = value;
            break;
        case NSS_DH_MIN_KEY_SIZE:
            nss_ops.dhMinKeySize = value;
            break;
        case NSS_DSA_MIN_KEY_SIZE:
            nss_ops.dsaMinKeySize = value;
            break;
        case NSS_TLS_VERSION_MIN_POLICY:
            nss_ops.tlsVersionMinPolicy = value;
            break;
        case NSS_TLS_VERSION_MAX_POLICY:
            nss_ops.tlsVersionMaxPolicy = value;
            break;
        case NSS_DTLS_VERSION_MIN_POLICY:
            nss_ops.dtlsVersionMinPolicy = value;
            break;
        case NSS_DTLS_VERSION_MAX_POLICY:
            nss_ops.dtlsVersionMaxPolicy = value;
            break;
        case __NSS_PKCS12_DECODE_FORCE_UNICODE:
            nss_ops.pkcs12DecodeForceUnicode = value;
            break;
        case NSS_DEFAULT_LOCKS:
            nss_ops.defaultLocks = value;
            break;
        default:
            PORT_SetError(SEC_ERROR_INVALID_ARGS);
            rv = SECFailure;
    }

    return rv;
}

SECStatus
NSS_OptionGet(PRInt32 which, PRInt32 *value)
{
    SECStatus rv = SECSuccess;

    switch (which) {
        case NSS_RSA_MIN_KEY_SIZE:
            *value = nss_ops.rsaMinKeySize;
            break;
        case NSS_DH_MIN_KEY_SIZE:
            *value = nss_ops.dhMinKeySize;
            break;
        case NSS_DSA_MIN_KEY_SIZE:
            *value = nss_ops.dsaMinKeySize;
            break;
        case NSS_TLS_VERSION_MIN_POLICY:
            *value = nss_ops.tlsVersionMinPolicy;
            break;
        case NSS_TLS_VERSION_MAX_POLICY:
            *value = nss_ops.tlsVersionMaxPolicy;
            break;
        case NSS_DTLS_VERSION_MIN_POLICY:
            *value = nss_ops.dtlsVersionMinPolicy;
            break;
        case NSS_DTLS_VERSION_MAX_POLICY:
            *value = nss_ops.dtlsVersionMaxPolicy;
            break;
        case __NSS_PKCS12_DECODE_FORCE_UNICODE:
            *value = nss_ops.pkcs12DecodeForceUnicode;
            break;
        case NSS_DEFAULT_LOCKS:
            *value = nss_ops.defaultLocks;
            break;
        default:
            rv = SECFailure;
    }

    return rv;
}