Tree - source-git/gnutls - CentOS Git server

source-git / gnutls

Blame lib/priority.c

Blob History Raw

Packit Service	4684c1	`/*`
Packit Service	4684c1	`* Copyright (C) 2004-2015 Free Software Foundation, Inc.`
Packit Service	4684c1	`* Copyright (C) 2015-2019 Red Hat, Inc.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Author: Nikos Mavrogiannopoulos`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* This file is part of GnuTLS.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* The GnuTLS is free software; you can redistribute it and/or`
Packit Service	4684c1	`* modify it under the terms of the GNU Lesser General Public License`
Packit Service	4684c1	`* as published by the Free Software Foundation; either version 2.1 of`
Packit Service	4684c1	`* the License, or (at your option) any later version.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* This library is distributed in the hope that it will be useful, but`
Packit Service	4684c1	`* WITHOUT ANY WARRANTY; without even the implied warranty of`
Packit Service	4684c1	`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
Packit Service	4684c1	`* Lesser General Public License for more details.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* You should have received a copy of the GNU Lesser General Public License`
Packit Service	4684c1	`* along with this program. If not, see <https://www.gnu.org/licenses/>`
Packit Service	4684c1	`*`
Packit Service	4684c1	`*/`
Packit Service	4684c1
Packit Service	4684c1	`/* Here lies the code of the gnutls_*_set_priority() functions.`
Packit Service	4684c1	`*/`
Packit Service	4684c1
Packit Service	4684c1	`#include "gnutls_int.h"`
Packit Service	4684c1	`#include "algorithms.h"`
Packit Service	4684c1	`#include "errors.h"`
Packit Service	4684c1	`#include <num.h>`
Packit Service	4684c1	`#include <gnutls/x509.h>`
Packit Service	4684c1	`#include <c-ctype.h>`
Packit Service	4684c1	`#include <hello_ext.h>`
Packit Service	4684c1	`#include <c-strcase.h>`
Packit Service	4684c1	`#include "fips.h"`
Packit Service	4684c1	`#include "errno.h"`
Packit Service	4684c1	`#include "ext/srp.h"`
Packit Service	4684c1	`#include <gnutls/gnutls.h>`
Packit Service	4684c1	`#include "profiles.h"`
Packit Service	4684c1	`#include "c-strcase.h"`
Packit Service	4684c1	`#include "inih/ini.h"`
Packit Service	4684c1	`#include "profiles.h"`
Packit Service	4684c1	`#include "name_val_array.h"`
Packit Service	4684c1
Packit Service	4684c1	`#define MAX_ELEMENTS 64`
Packit Service	4684c1
Packit Service	4684c1	`#define ENABLE_PROFILE(c, profile) do { \`
Packit Service	4684c1	`c->additional_verify_flags &= 0x00ffffff; \`
Packit Service	4684c1	`c->additional_verify_flags \|= GNUTLS_PROFILE_TO_VFLAGS(profile); \`
Packit Service	4684c1	`c->level = _gnutls_profile_to_sec_level(profile); \`
Packit Service	4684c1	`} while(0)`
Packit Service	4684c1
Packit Service	4684c1	`/* This function is used by the test suite */`
Packit Service	4684c1	`char _gnutls_resolve_priorities(const char priorities);`
Packit Service	4684c1	`const char *_gnutls_default_priority_string = DEFAULT_PRIORITY_STRING;`
Packit Service	4684c1
Packit Service	4684c1	`static void prio_remove(priority_st * priority_list, unsigned int algo);`
Packit Service	4684c1	`static void prio_add(priority_st * priority_list, unsigned int algo);`
Packit Service	4684c1	`static void`
Packit Service	4684c1	`break_list(char *etag,`
Packit Service	4684c1	`char broken_etag[MAX_ELEMENTS], int size);`
Packit Service	4684c1
Packit Service	4684c1	`typedef void (bulk_rmadd_func) (priority_st * priority_list, const int *);`
Packit Service	4684c1
Packit Service	4684c1	`inline static void _set_priority(priority_st * st, const int *list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`int num = 0, i;`
Packit Service	4684c1
Packit Service	4684c1	`while (list[num] != 0)`
Packit Service	4684c1	`num++;`
Packit Service	4684c1	`if (num > MAX_ALGOS)`
Packit Service	4684c1	`num = MAX_ALGOS;`
Packit Service	4684c1	`st->num_priorities = num;`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < num; i++) {`
Packit Service	4684c1	`st->priorities[i] = list[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`inline static void _add_priority(priority_st * st, const int *list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`int num, i, j, init;`
Packit Service	4684c1
Packit Service	4684c1	`init = i = st->num_priorities;`
Packit Service	4684c1
Packit Service	4684c1	`for (num = 0; list[num] != 0; ++num) {`
Packit Service	4684c1	`if (i + 1 > MAX_ALGOS) {`
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`for (j = 0; j < init; j++) {`
Packit Service	4684c1	`if (st->priorities[j] == (unsigned) list[num]) {`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (j == init) {`
Packit Service	4684c1	`st->priorities[i++] = list[num];`
Packit Service	4684c1	`st->num_priorities++;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static void _clear_priorities(priority_st * st, const int *list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`memset(st, 0, sizeof(*st));`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static void _clear_given_priorities(priority_st * st, const int *list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`unsigned i;`
Packit Service	4684c1
Packit Service	4684c1	`for (i=0;list[i]!=0;i++) {`
Packit Service	4684c1	`prio_remove(st, list[i]);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static const int _supported_groups_dh[] = {`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE2048,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE3072,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE4096,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE6144,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE8192,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int _supported_groups_ecdh[] = {`
Packit Service	4684c1	`GNUTLS_GROUP_SECP256R1,`
Packit Service	4684c1	`GNUTLS_GROUP_SECP384R1,`
Packit Service	4684c1	`GNUTLS_GROUP_SECP521R1,`
Packit Service	4684c1	`GNUTLS_GROUP_X25519, /* RFC 8422 */`
Packit Service	4684c1	`GNUTLS_GROUP_X448, /* RFC 8422 */`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int _supported_groups_gost[] = {`
Packit Service	4684c1	`#ifdef ENABLE_GOST`
Packit Service	4684c1	`GNUTLS_GROUP_GC256A,`
Packit Service	4684c1	`GNUTLS_GROUP_GC256B,`
Packit Service	4684c1	`GNUTLS_GROUP_GC256C,`
Packit Service	4684c1	`GNUTLS_GROUP_GC256D,`
Packit Service	4684c1	`GNUTLS_GROUP_GC512A,`
Packit Service	4684c1	`GNUTLS_GROUP_GC512B,`
Packit Service	4684c1	`GNUTLS_GROUP_GC512C,`
Packit Service	4684c1	`#endif`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int _supported_groups_normal[] = {`
Packit Service	4684c1	`GNUTLS_GROUP_SECP256R1,`
Packit Service	4684c1	`GNUTLS_GROUP_SECP384R1,`
Packit Service	4684c1	`GNUTLS_GROUP_SECP521R1,`
Packit Service	4684c1	`GNUTLS_GROUP_X25519, /* RFC 8422 */`
Packit Service	4684c1	`GNUTLS_GROUP_X448, /* RFC 8422 */`
Packit Service	4684c1
Packit Service	4684c1	`/* These should stay last as our default behavior`
Packit Service	4684c1	`* is to send key shares for two top types (GNUTLS_KEY_SHARE_TOP2)`
Packit Service	4684c1	`* and we wouldn't want to have these sent by all clients`
Packit Service	4684c1	`* by default as they are quite expensive CPU-wise. */`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE2048,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE3072,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE4096,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE6144,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE8192,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* supported_groups_normal = _supported_groups_normal;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _supported_groups_secure128[] = {`
Packit Service	4684c1	`GNUTLS_GROUP_SECP256R1,`
Packit Service	4684c1	`GNUTLS_GROUP_SECP384R1,`
Packit Service	4684c1	`GNUTLS_GROUP_SECP521R1,`
Packit Service	4684c1	`GNUTLS_GROUP_X25519, /* RFC 8422 */`
Packit Service	4684c1	`GNUTLS_GROUP_X448, /* RFC 8422 */`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE2048,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE3072,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE4096,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE6144,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE8192,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* supported_groups_secure128 = _supported_groups_secure128;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _supported_groups_suiteb128[] = {`
Packit Service	4684c1	`GNUTLS_GROUP_SECP256R1,`
Packit Service	4684c1	`GNUTLS_GROUP_SECP384R1,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* supported_groups_suiteb128 = _supported_groups_suiteb128;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _supported_groups_suiteb192[] = {`
Packit Service	4684c1	`GNUTLS_GROUP_SECP384R1,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* supported_groups_suiteb192 = _supported_groups_suiteb192;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _supported_groups_secure192[] = {`
Packit Service	4684c1	`GNUTLS_GROUP_SECP384R1,`
Packit Service	4684c1	`GNUTLS_GROUP_SECP521R1,`
Packit Service	4684c1	`GNUTLS_GROUP_FFDHE8192,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* supported_groups_secure192 = _supported_groups_secure192;`
Packit Service	4684c1
Packit Service	4684c1	`static const int protocol_priority[] = {`
Packit Service	4684c1	`GNUTLS_TLS1_3,`
Packit Service	4684c1	`GNUTLS_TLS1_2,`
Packit Service	4684c1	`GNUTLS_TLS1_1,`
Packit Service	4684c1	`GNUTLS_TLS1_0,`
Packit Service	4684c1	`GNUTLS_DTLS1_2,`
Packit Service	4684c1	`GNUTLS_DTLS1_0,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`/* contains all the supported TLS protocols, intended to be used for eliminating them`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`static const int stream_protocol_priority[] = {`
Packit Service	4684c1	`GNUTLS_TLS1_3,`
Packit Service	4684c1	`GNUTLS_TLS1_2,`
Packit Service	4684c1	`GNUTLS_TLS1_1,`
Packit Service	4684c1	`GNUTLS_TLS1_0,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`/* contains all the supported DTLS protocols, intended to be used for eliminating them`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`static const int dgram_protocol_priority[] = {`
Packit Service	4684c1	`GNUTLS_DTLS1_2,`
Packit Service	4684c1	`GNUTLS_DTLS1_0,`
Packit Service	4684c1	`GNUTLS_DTLS0_9,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int dtls_protocol_priority[] = {`
Packit Service	4684c1	`GNUTLS_DTLS1_2,`
Packit Service	4684c1	`GNUTLS_DTLS1_0,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int _protocol_priority_suiteb[] = {`
Packit Service	4684c1	`GNUTLS_TLS1_2,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* protocol_priority_suiteb = _protocol_priority_suiteb;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _kx_priority_performance[] = {`
Packit Service	4684c1	`GNUTLS_KX_RSA,`
Packit Service	4684c1	`#ifdef ENABLE_ECDHE`
Packit Service	4684c1	`GNUTLS_KX_ECDHE_ECDSA,`
Packit Service	4684c1	`GNUTLS_KX_ECDHE_RSA,`
Packit Service	4684c1	`#endif`
Packit Service	4684c1	`#ifdef ENABLE_DHE`
Packit Service	4684c1	`GNUTLS_KX_DHE_RSA,`
Packit Service	4684c1	`#endif`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* kx_priority_performance = _kx_priority_performance;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _kx_priority_pfs[] = {`
Packit Service	4684c1	`#ifdef ENABLE_ECDHE`
Packit Service	4684c1	`GNUTLS_KX_ECDHE_ECDSA,`
Packit Service	4684c1	`GNUTLS_KX_ECDHE_RSA,`
Packit Service	4684c1	`#endif`
Packit Service	4684c1	`#ifdef ENABLE_DHE`
Packit Service	4684c1	`GNUTLS_KX_DHE_RSA,`
Packit Service	4684c1	`#endif`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* kx_priority_pfs = _kx_priority_pfs;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _kx_priority_suiteb[] = {`
Packit Service	4684c1	`GNUTLS_KX_ECDHE_ECDSA,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* kx_priority_suiteb = _kx_priority_suiteb;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _kx_priority_secure[] = {`
Packit Service	4684c1	`/* The ciphersuites that offer forward secrecy take`
Packit Service	4684c1	`* precedence`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`#ifdef ENABLE_ECDHE`
Packit Service	4684c1	`GNUTLS_KX_ECDHE_ECDSA,`
Packit Service	4684c1	`GNUTLS_KX_ECDHE_RSA,`
Packit Service	4684c1	`#endif`
Packit Service	4684c1	`GNUTLS_KX_RSA,`
Packit Service	4684c1	`/* KX-RSA is now ahead of DHE-RSA and DHE-DSS due to the compatibility`
Packit Service	4684c1	`* issues the DHE ciphersuites have. That is, one cannot enforce a specific`
Packit Service	4684c1	`* security level without dropping the connection.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`#ifdef ENABLE_DHE`
Packit Service	4684c1	`GNUTLS_KX_DHE_RSA,`
Packit Service	4684c1	`#endif`
Packit Service	4684c1	`/* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* kx_priority_secure = _kx_priority_secure;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _kx_priority_gost[] = {`
Packit Service	4684c1	`GNUTLS_KX_VKO_GOST_12,`
Packit Service	4684c1	`0,`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* kx_priority_gost = _kx_priority_gost;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _cipher_priority_performance_default[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_CHACHA20_POLY1305,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CBC,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CBC,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int _cipher_priority_performance_no_aesni[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_CHACHA20_POLY1305,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CBC,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CBC,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`/* If GCM and AES acceleration is available then prefer`
Packit Service	4684c1	`* them over anything else. Overall we prioritise AEAD`
Packit Service	4684c1	`* over legacy ciphers, and 256-bit over 128 (for future`
Packit Service	4684c1	`* proof).`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`static const int _cipher_priority_normal_default[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_CHACHA20_POLY1305,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CCM,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CBC,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CCM,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CBC,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int cipher_priority_performance_fips[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CCM,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CBC,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CBC,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int cipher_priority_normal_fips[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CBC,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CBC,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CCM,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`static const int _cipher_priority_suiteb128[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_GCM,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* cipher_priority_suiteb128 = _cipher_priority_suiteb128;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _cipher_priority_suiteb192[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* cipher_priority_suiteb192 = _cipher_priority_suiteb192;`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`static const int _cipher_priority_secure128[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_CHACHA20_POLY1305,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CBC,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CCM,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CBC,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_128_CCM,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int *cipher_priority_secure128 = _cipher_priority_secure128;`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`static const int _cipher_priority_secure192[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_GCM,`
Packit Service	4684c1	`GNUTLS_CIPHER_CHACHA20_POLY1305,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CBC,`
Packit Service	4684c1	`GNUTLS_CIPHER_AES_256_CCM,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* cipher_priority_secure192 = _cipher_priority_secure192;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _sign_priority_default[] = {`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_RSAE_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP256R1_SHA256,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_EDDSA_ED25519,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_RSAE_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP384R1_SHA384,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_EDDSA_ED448,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_RSAE_SHA512,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP521R1_SHA512,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA1,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA1,`
Packit Service	4684c1
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* sign_priority_default = _sign_priority_default;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _sign_priority_suiteb128[] = {`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP256R1_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP384R1_SHA384,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* sign_priority_suiteb128 = _sign_priority_suiteb128;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _sign_priority_suiteb192[] = {`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP384R1_SHA384,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* sign_priority_suiteb192 = _sign_priority_suiteb192;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _sign_priority_secure128[] = {`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_RSAE_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA256,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP256R1_SHA256,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_EDDSA_ED25519,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_RSAE_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP384R1_SHA384,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_EDDSA_ED448,`
Packit Service	4684c1
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_RSAE_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP521R1_SHA512,`
Packit Service	4684c1
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* sign_priority_secure128 = _sign_priority_secure128;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _sign_priority_secure192[] = {`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_RSAE_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP384R1_SHA384,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_RSA_PSS_RSAE_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SHA512,`
Packit Service	4684c1	`GNUTLS_SIGN_ECDSA_SECP521R1_SHA512,`
Packit Service	4684c1
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* sign_priority_secure192 = _sign_priority_secure192;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _sign_priority_gost[] = {`
Packit Service	4684c1	`GNUTLS_SIGN_GOST_256,`
Packit Service	4684c1	`GNUTLS_SIGN_GOST_512,`
Packit Service	4684c1
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* sign_priority_gost = _sign_priority_gost;`
Packit Service	4684c1
Packit Service	4684c1	`static const int mac_priority_normal_default[] = {`
Packit Service	4684c1	`GNUTLS_MAC_SHA1,`
Packit Service	4684c1	`GNUTLS_MAC_AEAD,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int mac_priority_normal_fips[] = {`
Packit Service	4684c1	`GNUTLS_MAC_SHA1,`
Packit Service	4684c1	`GNUTLS_MAC_AEAD,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int *cipher_priority_performance = _cipher_priority_performance_default;`
Packit Service	4684c1	`static const int *cipher_priority_normal = _cipher_priority_normal_default;`
Packit Service	4684c1	`static const int *mac_priority_normal = mac_priority_normal_default;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _cipher_priority_gost[] = {`
Packit Service	4684c1	`GNUTLS_CIPHER_GOST28147_TC26Z_CNT,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int *cipher_priority_gost = _cipher_priority_gost;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _mac_priority_gost[] = {`
Packit Service	4684c1	`GNUTLS_MAC_GOST28147_TC26Z_IMIT,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int *mac_priority_gost = _mac_priority_gost;`
Packit Service	4684c1
Packit Service	4684c1	`/* if called with replace the default priorities with the FIPS140 ones */`
Packit Service	4684c1	`void _gnutls_priority_update_fips(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`cipher_priority_performance = cipher_priority_performance_fips;`
Packit Service	4684c1	`cipher_priority_normal = cipher_priority_normal_fips;`
Packit Service	4684c1	`mac_priority_normal = mac_priority_normal_fips;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`void _gnutls_priority_update_non_aesni(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`/* if we have no AES acceleration in performance mode`
Packit Service	4684c1	`* prefer fast stream ciphers */`
Packit Service	4684c1	`if (_gnutls_fips_mode_enabled() == 0) {`
Packit Service	4684c1	`cipher_priority_performance = _cipher_priority_performance_no_aesni;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static const int _mac_priority_suiteb[] = {`
Packit Service	4684c1	`GNUTLS_MAC_AEAD,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* mac_priority_suiteb = _mac_priority_suiteb;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _mac_priority_secure128[] = {`
Packit Service	4684c1	`GNUTLS_MAC_SHA1,`
Packit Service	4684c1	`GNUTLS_MAC_AEAD,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* mac_priority_secure128 = _mac_priority_secure128;`
Packit Service	4684c1
Packit Service	4684c1	`static const int _mac_priority_secure192[] = {`
Packit Service	4684c1	`GNUTLS_MAC_AEAD,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1	`static const int* mac_priority_secure192 = _mac_priority_secure192;`
Packit Service	4684c1
Packit Service	4684c1	`static const int cert_type_priority_default[] = {`
Packit Service	4684c1	`GNUTLS_CRT_X509,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const int cert_type_priority_all[] = {`
Packit Service	4684c1	`GNUTLS_CRT_X509,`
Packit Service	4684c1	`GNUTLS_CRT_RAWPK,`
Packit Service	4684c1	`0`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`typedef void (rmadd_func) (priority_st * priority_list, unsigned int alg);`
Packit Service	4684c1
Packit Service	4684c1	`static void prio_remove(priority_st * priority_list, unsigned int algo)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`unsigned int i;`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < priority_list->num_priorities; i++) {`
Packit Service	4684c1	`if (priority_list->priorities[i] == algo) {`
Packit Service	4684c1	`priority_list->num_priorities--;`
Packit Service	4684c1	`if ((priority_list->num_priorities - i) > 0)`
Packit Service	4684c1	`memmove(&priority_list->priorities[i],`
Packit Service	4684c1	`&priority_list->priorities[i + 1],`
Packit Service	4684c1	`(priority_list->num_priorities -`
Packit Service	4684c1	`i) *`
Packit Service	4684c1	`sizeof(priority_list->`
Packit Service	4684c1	`priorities[0]));`
Packit Service	4684c1	`priority_list->priorities[priority_list->`
Packit Service	4684c1	`num_priorities] = 0;`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static void prio_add(priority_st * priority_list, unsigned int algo)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`unsigned int i, l = priority_list->num_priorities;`
Packit Service	4684c1
Packit Service	4684c1	`if (l >= MAX_ALGOS)`
Packit Service	4684c1	`return; /* can't add it anyway */`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < l; ++i) {`
Packit Service	4684c1	`if (algo == priority_list->priorities[i])`
Packit Service	4684c1	`return; /* if it exists */`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`priority_list->priorities[l] = algo;`
Packit Service	4684c1	`priority_list->num_priorities++;`
Packit Service	4684c1
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_set:`
Packit Service	4684c1	`* @session: is a #gnutls_session_t type.`
Packit Service	4684c1	`* @priority: is a #gnutls_priority_t type.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Sets the priorities to use on the ciphers, key exchange methods,`
Packit Service	4684c1	`* and macs. Note that this function is expected to be called once`
Packit Service	4684c1	`* per session; when called multiple times (e.g., before a re-handshake,`
Packit Service	4684c1	`* the caller should make sure that any new settings are not incompatible`
Packit Service	4684c1	`* with the original session).`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: %GNUTLS_E_SUCCESS on success, or an error code on error.`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`int ret;`
Packit Service	4684c1
Packit Service	4684c1	`if (priority == NULL \|\| priority->protocol.num_priorities == 0 \|\|`
Packit Service	4684c1	`priority->cs.size == 0)`
Packit Service	4684c1	`return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);`
Packit Service	4684c1
Packit Service	4684c1	`/* set the current version to the first in the chain, if this is`
Packit Service	4684c1	`* the call before the initial handshake. During a re-handshake`
Packit Service	4684c1	`* we do not set the version to avoid overriding the currently`
Packit Service	4684c1	`* negotiated version. */`
Packit Service	4684c1	`if (!session->internals.handshake_in_progress &&`
Packit Service	4684c1	`!session->internals.initial_negotiation_completed) {`
Packit Service	4684c1	`ret = _gnutls_set_current_version(session,`
Packit Service	4684c1	`priority->protocol.priorities[0]);`
Packit Service	4684c1	`if (ret < 0)`
Packit Service	4684c1	`return gnutls_assert_val(ret);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* At this point the provided priorities passed the sanity tests */`
Packit Service	4684c1
Packit Service	4684c1	`if (session->internals.priorities)`
Packit Service	4684c1	`gnutls_priority_deinit(session->internals.priorities);`
Packit Service	4684c1
Packit Service	4684c1	`gnutls_atomic_increment(&priority->usage_cnt);`
Packit Service	4684c1	`session->internals.priorities = priority;`
Packit Service	4684c1
Packit Service	4684c1	`if (priority->no_tickets != 0) {`
Packit Service	4684c1	`/* when PFS is explicitly requested, disable session tickets */`
Packit Service	4684c1	`session->internals.flags \|= GNUTLS_NO_TICKETS;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`ADD_PROFILE_VFLAGS(session, priority->additional_verify_flags);`
Packit Service	4684c1
Packit Service	4684c1	`/* mirror variables */`
Packit Service	4684c1	`#undef COPY_TO_INTERNALS`
Packit Service	4684c1	`#define COPY_TO_INTERNALS(xx) session->internals.xx = priority->_##xx`
Packit Service	4684c1	`COPY_TO_INTERNALS(allow_large_records);`
Packit Service	4684c1	`COPY_TO_INTERNALS(allow_small_records);`
Packit Service	4684c1	`COPY_TO_INTERNALS(no_etm);`
Packit Service	4684c1	`COPY_TO_INTERNALS(no_ext_master_secret);`
Packit Service	4684c1	`COPY_TO_INTERNALS(allow_key_usage_violation);`
Packit Service	4684c1	`COPY_TO_INTERNALS(allow_wrong_pms);`
Packit Service	4684c1	`COPY_TO_INTERNALS(dumbfw);`
Packit Service	4684c1	`COPY_TO_INTERNALS(dh_prime_bits);`
Packit Service	4684c1
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`#define LEVEL_NONE "NONE"`
Packit Service	4684c1	`#define LEVEL_NORMAL "NORMAL"`
Packit Service	4684c1	`#define LEVEL_PFS "PFS"`
Packit Service	4684c1	`#define LEVEL_PERFORMANCE "PERFORMANCE"`
Packit Service	4684c1	`#define LEVEL_SECURE128 "SECURE128"`
Packit Service	4684c1	`#define LEVEL_SECURE192 "SECURE192"`
Packit Service	4684c1	`#define LEVEL_SECURE256 "SECURE256"`
Packit Service	4684c1	`#define LEVEL_SUITEB128 "SUITEB128"`
Packit Service	4684c1	`#define LEVEL_SUITEB192 "SUITEB192"`
Packit Service	4684c1	`#define LEVEL_LEGACY "LEGACY"`
Packit Service	4684c1
Packit Service	4684c1	`struct priority_groups_st {`
Packit Service	4684c1	`const char *name;`
Packit Service	4684c1	`const char *alias;`
Packit Service	4684c1	`const int **proto_list;`
Packit Service	4684c1	`const int **cipher_list;`
Packit Service	4684c1	`const int **mac_list;`
Packit Service	4684c1	`const int **kx_list;`
Packit Service	4684c1	`const int **sign_list;`
Packit Service	4684c1	`const int **group_list;`
Packit Service	4684c1	`unsigned profile;`
Packit Service	4684c1	`int sec_param;`
Packit Service	4684c1	`bool no_tickets;`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`static const struct priority_groups_st pgroups[] =`
Packit Service	4684c1	`{`
Packit Service	4684c1	`{.name = LEVEL_NORMAL,`
Packit Service	4684c1	`.cipher_list = &cipher_priority_normal,`
Packit Service	4684c1	`.mac_list = &mac_priority_normal,`
Packit Service	4684c1	`.kx_list = &kx_priority_secure,`
Packit Service	4684c1	`.sign_list = &sign_priority_default,`
Packit Service	4684c1	`.group_list = &supported_groups_normal,`
Packit Service	4684c1	`.profile = GNUTLS_PROFILE_LOW,`
Packit Service	4684c1	`.sec_param = GNUTLS_SEC_PARAM_WEAK`
Packit Service	4684c1	`},`
Packit Service	4684c1	`{.name = LEVEL_PFS,`
Packit Service	4684c1	`.cipher_list = &cipher_priority_normal,`
Packit Service	4684c1	`.mac_list = &mac_priority_secure128,`
Packit Service	4684c1	`.kx_list = &kx_priority_pfs,`
Packit Service	4684c1	`.sign_list = &sign_priority_default,`
Packit Service	4684c1	`.group_list = &supported_groups_normal,`
Packit Service	4684c1	`.profile = GNUTLS_PROFILE_LOW,`
Packit Service	4684c1	`.sec_param = GNUTLS_SEC_PARAM_WEAK,`
Packit Service	4684c1	`.no_tickets = 1`
Packit Service	4684c1	`},`
Packit Service	4684c1	`{.name = LEVEL_SECURE128,`
Packit Service	4684c1	`.alias = "SECURE",`
Packit Service	4684c1	`.cipher_list = &cipher_priority_secure128,`
Packit Service	4684c1	`.mac_list = &mac_priority_secure128,`
Packit Service	4684c1	`.kx_list = &kx_priority_secure,`
Packit Service	4684c1	`.sign_list = &sign_priority_secure128,`
Packit Service	4684c1	`.group_list = &supported_groups_secure128,`
Packit Service	4684c1	`/* The profile should have been HIGH but if we don't allow`
Packit Service	4684c1	`* SHA-1 (80-bits) as signature algorithm we are not able`
Packit Service	4684c1	`* to connect anywhere with this level */`
Packit Service	4684c1	`.profile = GNUTLS_PROFILE_LOW,`
Packit Service	4684c1	`.sec_param = GNUTLS_SEC_PARAM_LOW`
Packit Service	4684c1	`},`
Packit Service	4684c1	`{.name = LEVEL_SECURE192,`
Packit Service	4684c1	`.alias = LEVEL_SECURE256,`
Packit Service	4684c1	`.cipher_list = &cipher_priority_secure192,`
Packit Service	4684c1	`.mac_list = &mac_priority_secure192,`
Packit Service	4684c1	`.kx_list = &kx_priority_secure,`
Packit Service	4684c1	`.sign_list = &sign_priority_secure192,`
Packit Service	4684c1	`.group_list = &supported_groups_secure192,`
Packit Service	4684c1	`.profile = GNUTLS_PROFILE_HIGH,`
Packit Service	4684c1	`.sec_param = GNUTLS_SEC_PARAM_HIGH`
Packit Service	4684c1	`},`
Packit Service	4684c1	`{.name = LEVEL_SUITEB128,`
Packit Service	4684c1	`.proto_list = &protocol_priority_suiteb,`
Packit Service	4684c1	`.cipher_list = &cipher_priority_suiteb128,`
Packit Service	4684c1	`.mac_list = &mac_priority_suiteb,`
Packit Service	4684c1	`.kx_list = &kx_priority_suiteb,`
Packit Service	4684c1	`.sign_list = &sign_priority_suiteb128,`
Packit Service	4684c1	`.group_list = &supported_groups_suiteb128,`
Packit Service	4684c1	`.profile = GNUTLS_PROFILE_SUITEB128,`
Packit Service	4684c1	`.sec_param = GNUTLS_SEC_PARAM_HIGH`
Packit Service	4684c1	`},`
Packit Service	4684c1	`{.name = LEVEL_SUITEB192,`
Packit Service	4684c1	`.proto_list = &protocol_priority_suiteb,`
Packit Service	4684c1	`.cipher_list = &cipher_priority_suiteb192,`
Packit Service	4684c1	`.mac_list = &mac_priority_suiteb,`
Packit Service	4684c1	`.kx_list = &kx_priority_suiteb,`
Packit Service	4684c1	`.sign_list = &sign_priority_suiteb192,`
Packit Service	4684c1	`.group_list = &supported_groups_suiteb192,`
Packit Service	4684c1	`.profile = GNUTLS_PROFILE_SUITEB192,`
Packit Service	4684c1	`.sec_param = GNUTLS_SEC_PARAM_ULTRA`
Packit Service	4684c1	`},`
Packit Service	4684c1	`{.name = LEVEL_LEGACY,`
Packit Service	4684c1	`.cipher_list = &cipher_priority_normal,`
Packit Service	4684c1	`.mac_list = &mac_priority_normal,`
Packit Service	4684c1	`.kx_list = &kx_priority_secure,`
Packit Service	4684c1	`.sign_list = &sign_priority_default,`
Packit Service	4684c1	`.group_list = &supported_groups_normal,`
Packit Service	4684c1	`.sec_param = GNUTLS_SEC_PARAM_VERY_WEAK`
Packit Service	4684c1	`},`
Packit Service	4684c1	`{.name = LEVEL_PERFORMANCE,`
Packit Service	4684c1	`.cipher_list = &cipher_priority_performance,`
Packit Service	4684c1	`.mac_list = &mac_priority_normal,`
Packit Service	4684c1	`.kx_list = &kx_priority_performance,`
Packit Service	4684c1	`.sign_list = &sign_priority_default,`
Packit Service	4684c1	`.group_list = &supported_groups_normal,`
Packit Service	4684c1	`.profile = GNUTLS_PROFILE_LOW,`
Packit Service	4684c1	`.sec_param = GNUTLS_SEC_PARAM_WEAK`
Packit Service	4684c1	`},`
Packit Service	4684c1	`{`
Packit Service	4684c1	`.name = NULL,`
Packit Service	4684c1	`}`
Packit Service	4684c1	`};`
Packit Service	4684c1
Packit Service	4684c1	`#define SET_PROFILE(to_set) \`
Packit Service	4684c1	`profile = GNUTLS_VFLAGS_TO_PROFILE(priority_cache->additional_verify_flags); \`
Packit Service	4684c1	`if (profile == 0 \|\| profile > to_set) { \`
Packit Service	4684c1	`priority_cache->additional_verify_flags &= ~GNUTLS_VFLAGS_PROFILE_MASK; \`
Packit Service	4684c1	`priority_cache->additional_verify_flags \|= GNUTLS_PROFILE_TO_VFLAGS(to_set); \`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`#define SET_LEVEL(to_set) \`
Packit Service	4684c1	`if (priority_cache->level == 0 \|\| (unsigned)priority_cache->level > (unsigned)to_set) \`
Packit Service	4684c1	`priority_cache->level = to_set`
Packit Service	4684c1
Packit Service	4684c1	`static`
Packit Service	4684c1	`int check_level(const char *level, gnutls_priority_t priority_cache,`
Packit Service	4684c1	`int add)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`bulk_rmadd_func *func;`
Packit Service	4684c1	`unsigned profile = 0;`
Packit Service	4684c1	`unsigned i;`
Packit Service	4684c1	`int j;`
Packit Service	4684c1	`const cipher_entry_st *centry;`
Packit Service	4684c1
Packit Service	4684c1	`if (add)`
Packit Service	4684c1	`func = _add_priority;`
Packit Service	4684c1	`else`
Packit Service	4684c1	`func = _set_priority;`
Packit Service	4684c1
Packit Service	4684c1	`for (i=0;;i++) {`
Packit Service	4684c1	`if (pgroups[i].name == NULL)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`if (c_strcasecmp(level, pgroups[i].name) == 0 \|\|`
Packit Service	4684c1	`(pgroups[i].alias != NULL && c_strcasecmp(level, pgroups[i].alias) == 0)) {`
Packit Service	4684c1	`if (pgroups[i].proto_list != NULL)`
Packit Service	4684c1	`func(&priority_cache->protocol, *pgroups[i].proto_list);`
Packit Service	4684c1	`func(&priority_cache->_cipher, *pgroups[i].cipher_list);`
Packit Service	4684c1	`func(&priority_cache->_kx, *pgroups[i].kx_list);`
Packit Service	4684c1	`func(&priority_cache->_mac, *pgroups[i].mac_list);`
Packit Service	4684c1	`func(&priority_cache->_sign_algo, *pgroups[i].sign_list);`
Packit Service	4684c1	`func(&priority_cache->_supported_ecc, *pgroups[i].group_list);`
Packit Service	4684c1
Packit Service	4684c1	`if (pgroups[i].profile != 0) {`
Packit Service	4684c1	`SET_PROFILE(pgroups[i].profile); /* set certificate level */`
Packit Service	4684c1	`}`
Packit Service	4684c1	`SET_LEVEL(pgroups[i].sec_param); /* set DH params level */`
Packit Service	4684c1	`priority_cache->no_tickets = pgroups[i].no_tickets;`
Packit Service	4684c1	`if (priority_cache->have_cbc == 0) {`
Packit Service	4684c1	`for (j=0;(*pgroups[i].cipher_list)[j]!=0;j++) {`
Packit Service	4684c1	`centry = cipher_to_entry((*pgroups[i].cipher_list)[j]);`
Packit Service	4684c1	`if (centry != NULL && centry->type == CIPHER_BLOCK) {`
Packit Service	4684c1	`priority_cache->have_cbc = 1;`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`return 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static void enable_compat(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PRIO_COMPAT(c);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_server_key_usage_violations(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->allow_server_key_usage_violation = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_allow_small_records(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->_allow_small_records = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_dumbfw(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->_dumbfw = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_no_extensions(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->no_extensions = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_no_ext_master_secret(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->_no_ext_master_secret = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_no_etm(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->_no_etm = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_force_etm(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->force_etm = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_no_tickets(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->no_tickets = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void disable_wildcards(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->additional_verify_flags \|= GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_very_weak(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_VERY_WEAK);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_low(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_LOW);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_legacy(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_LEGACY);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_medium(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_MEDIUM);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_high(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_HIGH);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_ultra(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_ULTRA);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_future(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_FUTURE);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_suiteb128(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_SUITEB128);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_profile_suiteb192(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`ENABLE_PROFILE(c, GNUTLS_PROFILE_SUITEB128);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_safe_renegotiation(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->sr = SR_SAFE;`
Packit Service	4684c1
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_unsafe_renegotiation(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->sr = SR_UNSAFE;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_partial_safe_renegotiation(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->sr = SR_PARTIAL;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void disable_safe_renegotiation(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->sr = SR_DISABLED;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_fallback_scsv(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->fallback = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_latest_record_version(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->min_record_version = 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_ssl3_record_version(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->min_record_version = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_verify_allow_rsa_md5(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->additional_verify_flags \|=`
Packit Service	4684c1	`GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_verify_allow_sha1(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->additional_verify_flags \|=`
Packit Service	4684c1	`GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_verify_allow_broken(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->additional_verify_flags \|=`
Packit Service	4684c1	`GNUTLS_VERIFY_ALLOW_BROKEN;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void disable_crl_checks(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->additional_verify_flags \|=`
Packit Service	4684c1	`GNUTLS_VERIFY_DISABLE_CRL_CHECKS;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void enable_server_precedence(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`c->server_precedence = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`static void dummy_func(gnutls_priority_t c)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`#include <priority_options.h>`
Packit Service	4684c1
Packit Service	4684c1	`static gnutls_certificate_verification_profiles_t system_wide_verification_profile = GNUTLS_PROFILE_UNKNOWN;`
Packit Service	4684c1	`static name_val_array_t system_wide_priority_strings = NULL;`
Packit Service	4684c1	`static unsigned system_wide_priority_strings_init = 0;`
Packit Service	4684c1	`static unsigned system_wide_default_priority_string = 0;`
Packit Service	4684c1	`static unsigned fail_on_invalid_config = 0;`
Packit Service	4684c1	`static unsigned system_wide_disabled_ciphers[MAX_ALGOS+1] = {0};`
Packit Service	4684c1	`static unsigned system_wide_disabled_macs[MAX_ALGOS+1] = {0};`
Packit Service	4684c1	`static unsigned system_wide_disabled_groups[MAX_ALGOS+1] = {0};`
Packit Service	4684c1	`static unsigned system_wide_disabled_kxs[MAX_ALGOS+1] = {0};`
Packit Service	4684c1
Packit Service	4684c1	`static const char *system_priority_file = SYSTEM_PRIORITY_FILE;`
Packit Service	4684c1	`static time_t system_priority_last_mod = 0;`
Packit Service	4684c1
Packit Service	4684c1	`#define CUSTOM_PRIORITY_SECTION "priorities"`
Packit Service	4684c1	`#define OVERRIDES_SECTION "overrides"`
Packit Service	4684c1	`#define MAX_ALGO_NAME 2048`
Packit Service	4684c1
Packit Service	4684c1	`static void _clear_default_system_priority(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (system_wide_default_priority_string) {`
Packit Service	4684c1	`gnutls_free(_gnutls_default_priority_string);`
Packit Service	4684c1	`_gnutls_default_priority_string = DEFAULT_PRIORITY_STRING;`
Packit Service	4684c1	`system_wide_default_priority_string = 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`gnutls_certificate_verification_profiles_t _gnutls_get_system_wide_verification_profile(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`return system_wide_verification_profile;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* removes spaces */`
Packit Service	4684c1	`static char clear_spaces(const char str, char out[MAX_ALGO_NAME])`
Packit Service	4684c1	`{`
Packit Service	4684c1	`const char *p = str;`
Packit Service	4684c1	`unsigned i = 0;`
Packit Service	4684c1
Packit Service	4684c1	`while (c_isspace(*p))`
Packit Service	4684c1	`p++;`
Packit Service	4684c1
Packit Service	4684c1	`while (!c_isspace(p) && p != 0) {`
Packit Service	4684c1	`out[i++] = *p;`
Packit Service	4684c1	`p++;`
Packit Service	4684c1
Packit Service	4684c1	`if (i >= MAX_ALGO_NAME-1)`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`out[i] = 0;`
Packit Service	4684c1	`return out;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* This function parses a gnutls configuration file and updates internal`
Packit Service	4684c1	`* settings accordingly.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`static int cfg_ini_handler(void _ctx, const char section, const char name, const char value)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`char *p;`
Packit Service	4684c1	`int ret, type;`
Packit Service	4684c1	`unsigned i;`
Packit Service	4684c1	`char str[MAX_ALGO_NAME];`
Packit Service	4684c1
Packit Service	4684c1	`/* Note that we intentionally overwrite the value above; inih does`
Packit Service	4684c1	`* not use that value after we handle it. */`
Packit Service	4684c1
Packit Service	4684c1	`/* Parse sections */`
Packit Service	4684c1	`if (section == NULL \|\| section[0] == 0 \|\| c_strcasecmp(section, CUSTOM_PRIORITY_SECTION)==0) {`
Packit Service	4684c1	`if (system_wide_priority_strings_init == 0) {`
Packit Service	4684c1	`_name_val_array_init(&system_wide_priority_strings);`
Packit Service	4684c1	`system_wide_priority_strings_init = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: adding priority: %s -> %s\n", name, value);`
Packit Service	4684c1
Packit Service	4684c1	`ret = _name_val_array_append(&system_wide_priority_strings, name, value);`
Packit Service	4684c1	`if (ret < 0)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`} else if (c_strcasecmp(section, OVERRIDES_SECTION)==0) {`
Packit Service	4684c1	`if (c_strcasecmp(name, "default-priority-string")==0) {`
Packit Service	4684c1	`_clear_default_system_priority();`
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1	`_gnutls_debug_log("cfg: setting default-priority-string to %s\n", p);`
Packit Service	4684c1	`if (strlen(p) > 0) {`
Packit Service	4684c1	`_gnutls_default_priority_string = gnutls_strdup(p);`
Packit Service	4684c1	`if (!_gnutls_default_priority_string) {`
Packit Service	4684c1	`_gnutls_default_priority_string = DEFAULT_PRIORITY_STRING;`
Packit Service	4684c1	`_gnutls_debug_log("cfg: failed setting default-priority-string\n");`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`system_wide_default_priority_string = 1;`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: empty default-priority-string, using default\n");`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (c_strcasecmp(name, "insecure-hash")==0) {`
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: marking hash %s as insecure\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1
Packit Service	4684c1	`ret = _gnutls_digest_mark_insecure(p);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: found unknown hash %s in %s\n",`
Packit Service	4684c1	`p, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (c_strcasecmp(name, "insecure-sig")==0 \|\| c_strcasecmp(name, "insecure-sig-for-cert")==0) {`
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1
Packit Service	4684c1	`if (c_strcasecmp(name, "insecure-sig")==0) {`
Packit Service	4684c1	`type = _INSECURE;`
Packit Service	4684c1	`_gnutls_debug_log("cfg: marking signature %s as insecure\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: marking signature %s as insecure for certs\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1	`type = _INSECURE_FOR_CERTS;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`ret = _gnutls_sign_mark_insecure(p, type);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: found unknown signature algorithm %s in %s\n",`
Packit Service	4684c1	`p, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (c_strcasecmp(name, "disabled-version")==0) {`
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: disabling version %s\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1
Packit Service	4684c1	`ret = _gnutls_version_mark_disabled(p);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: found unknown version %s in %s\n",`
Packit Service	4684c1	`p, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (c_strcasecmp(name, "disabled-curve")==0) {`
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: disabling curve %s\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1
Packit Service	4684c1	`ret = _gnutls_ecc_curve_mark_disabled(p);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: found unknown curve %s in %s\n",`
Packit Service	4684c1	`p, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (c_strcasecmp(name, "min-verification-profile")==0) {`
Packit Service	4684c1	`gnutls_certificate_verification_profiles_t profile;`
Packit Service	4684c1	`profile = gnutls_certificate_verification_profile_get_id(value);`
Packit Service	4684c1
Packit Service	4684c1	`if (profile == GNUTLS_PROFILE_UNKNOWN) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: found unknown profile %s in %s\n",`
Packit Service	4684c1	`value, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`system_wide_verification_profile = profile;`
Packit Service	4684c1	`} else if (c_strcasecmp(name, "tls-disabled-cipher")==0) {`
Packit Service	4684c1	`unsigned algo;`
Packit Service	4684c1
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: disabling cipher %s for TLS\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`algo = gnutls_cipher_get_id(p);`
Packit Service	4684c1	`if (algo == 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: unknown algorithm %s listed at %s\n",`
Packit Service	4684c1	`p, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`i = 0;`
Packit Service	4684c1	`while (system_wide_disabled_ciphers[i] != 0)`
Packit Service	4684c1	`i++;`
Packit Service	4684c1
Packit Service	4684c1	`if (i > MAX_ALGOS-1) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: too many (%d) disabled ciphers from %s\n",`
Packit Service	4684c1	`i, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`goto exit;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`system_wide_disabled_ciphers[i] = algo;`
Packit Service	4684c1	`system_wide_disabled_ciphers[i+1] = 0;`
Packit Service	4684c1
Packit Service	4684c1	`} else if (c_strcasecmp(name, "tls-disabled-mac")==0) {`
Packit Service	4684c1	`unsigned algo;`
Packit Service	4684c1
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: disabling MAC %s for TLS\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1
Packit Service	4684c1	`algo = gnutls_mac_get_id(p);`
Packit Service	4684c1	`if (algo == 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: unknown algorithm %s listed at %s\n",`
Packit Service	4684c1	`p, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`goto exit;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`i = 0;`
Packit Service	4684c1	`while (system_wide_disabled_macs[i] != 0)`
Packit Service	4684c1	`i++;`
Packit Service	4684c1
Packit Service	4684c1	`if (i > MAX_ALGOS-1) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: too many (%d) disabled MACs from %s\n",`
Packit Service	4684c1	`i, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`goto exit;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`system_wide_disabled_macs[i] = algo;`
Packit Service	4684c1	`system_wide_disabled_macs[i+1] = 0;`
Packit Service	4684c1	`} else if (c_strcasecmp(name, "tls-disabled-group")==0) {`
Packit Service	4684c1	`unsigned algo;`
Packit Service	4684c1
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1
Packit Service	4684c1	`if (strlen(p) > 6)`
Packit Service	4684c1	`p += 6; // skip GROUP-`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: disabling group %s for TLS\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1
Packit Service	4684c1	`algo = gnutls_group_get_id(p);`
Packit Service	4684c1	`if (algo == 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: unknown group %s listed at %s\n",`
Packit Service	4684c1	`p, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`goto exit;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`i = 0;`
Packit Service	4684c1	`while (system_wide_disabled_groups[i] != 0)`
Packit Service	4684c1	`i++;`
Packit Service	4684c1
Packit Service	4684c1	`if (i > MAX_ALGOS-1) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: too many (%d) disabled groups from %s\n",`
Packit Service	4684c1	`i, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`goto exit;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`system_wide_disabled_groups[i] = algo;`
Packit Service	4684c1	`system_wide_disabled_groups[i+1] = 0;`
Packit Service	4684c1	`} else if (c_strcasecmp(name, "tls-disabled-kx")==0) {`
Packit Service	4684c1	`unsigned algo;`
Packit Service	4684c1
Packit Service	4684c1	`p = clear_spaces(value, str);`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: disabling key exchange %s for TLS\n",`
Packit Service	4684c1	`p);`
Packit Service	4684c1
Packit Service	4684c1	`algo = gnutls_kx_get_id(p);`
Packit Service	4684c1	`if (algo == 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: unknown key exchange %s listed at %s\n",`
Packit Service	4684c1	`p, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`goto exit;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`i = 0;`
Packit Service	4684c1	`while (system_wide_disabled_kxs[i] != 0)`
Packit Service	4684c1	`i++;`
Packit Service	4684c1
Packit Service	4684c1	`if (i > MAX_ALGOS-1) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: too many (%d) disabled key exchanges from %s\n",`
Packit Service	4684c1	`i, name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`goto exit;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`system_wide_disabled_kxs[i] = algo;`
Packit Service	4684c1	`system_wide_disabled_kxs[i+1] = 0;`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`_gnutls_debug_log("unknown parameter %s\n", name);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: unknown section %s\n",`
Packit Service	4684c1	`section);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`exit:`
Packit Service	4684c1	`return 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static void _gnutls_update_system_priorities(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`int ret;`
Packit Service	4684c1	`struct stat sb;`
Packit Service	4684c1	`FILE *fp;`
Packit Service	4684c1
Packit Service	4684c1	`if (stat(system_priority_file, &sb) < 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: unable to access: %s: %d\n",`
Packit Service	4684c1	`system_priority_file, errno);`
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (system_wide_priority_strings_init != 0 &&`
Packit Service	4684c1	`sb.st_mtime == system_priority_last_mod) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: system priority %s has not changed\n",`
Packit Service	4684c1	`system_priority_file);`
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (system_wide_priority_strings_init != 0)`
Packit Service	4684c1	`_name_val_array_clear(&system_wide_priority_strings);`
Packit Service	4684c1
Packit Service	4684c1	`fp = fopen(system_priority_file, "re");`
Packit Service	4684c1	`if (fp == NULL) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: unable to open: %s: %d\n",`
Packit Service	4684c1	`system_priority_file, errno);`
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`ret = ini_parse_file(fp, cfg_ini_handler, NULL);`
Packit Service	4684c1	`fclose(fp);`
Packit Service	4684c1	`if (ret != 0) {`
Packit Service	4684c1	`_gnutls_debug_log("cfg: unable to parse: %s: %d\n",`
Packit Service	4684c1	`system_priority_file, ret);`
Packit Service	4684c1	`if (fail_on_invalid_config)`
Packit Service	4684c1	`exit(1);`
Packit Service	4684c1	`return;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("cfg: loaded system priority %s mtime %lld\n",`
Packit Service	4684c1	`system_priority_file,`
Packit Service	4684c1	`(unsigned long long)sb.st_mtime);`
Packit Service	4684c1
Packit Service	4684c1	`system_priority_last_mod = sb.st_mtime;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`void _gnutls_load_system_priorities(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`const char *p;`
Packit Service	4684c1
Packit Service	4684c1	`p = secure_getenv("GNUTLS_SYSTEM_PRIORITY_FILE");`
Packit Service	4684c1	`if (p != NULL)`
Packit Service	4684c1	`system_priority_file = p;`
Packit Service	4684c1
Packit Service	4684c1	`p = secure_getenv("GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID");`
Packit Service	4684c1	`if (p != NULL && p[0] == '1' && p[1] == 0)`
Packit Service	4684c1	`fail_on_invalid_config = 1;`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_update_system_priorities();`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`void _gnutls_unload_system_priorities(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`_name_val_array_clear(&system_wide_priority_strings);`
Packit Service	4684c1	`_clear_default_system_priority();`
Packit Service	4684c1	`system_priority_last_mod = 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_get_system_config_file:`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns the filename of the system wide configuration`
Packit Service	4684c1	`* file loaded by the library. The returned pointer is valid`
Packit Service	4684c1	`* until the library is unloaded.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: a constant pointer to the config file loaded, or %NULL if none`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Since: 3.6.9`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`const char *gnutls_get_system_config_file(void)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (system_wide_priority_strings_init)`
Packit Service	4684c1	`return system_priority_file;`
Packit Service	4684c1	`else`
Packit Service	4684c1	`return NULL;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`#define S(str) ((str!=NULL)?str:"")`
Packit Service	4684c1
Packit Service	4684c1	`/* Returns the new priorities if a priority string prefixed`
Packit Service	4684c1	`* with '@' is provided, or just a copy of the provided`
Packit Service	4684c1	`* priorities, appended with any additional present in`
Packit Service	4684c1	`* the priorities string.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* The returned string must be released using gnutls_free().`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`char _gnutls_resolve_priorities(const char priorities)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`const char *p = priorities;`
Packit Service	4684c1	`char *additional = NULL;`
Packit Service	4684c1	`char *ret = NULL;`
Packit Service	4684c1	`const char ss, ss_next;`
Packit Service	4684c1	`unsigned ss_len, ss_next_len;`
Packit Service	4684c1	`size_t n, n2 = 0;`
Packit Service	4684c1
Packit Service	4684c1	`while (c_isspace(*p))`
Packit Service	4684c1	`p++;`
Packit Service	4684c1
Packit Service	4684c1	`if (*p == '@') {`
Packit Service	4684c1	`ss = p+1;`
Packit Service	4684c1	`additional = strchr(ss, ':');`
Packit Service	4684c1	`if (additional != NULL) {`
Packit Service	4684c1	`additional++;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`do {`
Packit Service	4684c1	`ss_next = strchr(ss, ',');`
Packit Service	4684c1	`if (ss_next != NULL) {`
Packit Service	4684c1	`if (additional && ss_next > additional)`
Packit Service	4684c1	`ss_next = NULL;`
Packit Service	4684c1	`else`
Packit Service	4684c1	`ss_next++;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (ss_next) {`
Packit Service	4684c1	`ss_len = ss_next - ss - 1;`
Packit Service	4684c1	`ss_next_len = additional - ss_next - 1;`
Packit Service	4684c1	`} else if (additional) {`
Packit Service	4684c1	`ss_len = additional - ss - 1;`
Packit Service	4684c1	`ss_next_len = 0;`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`ss_len = strlen(ss);`
Packit Service	4684c1	`ss_next_len = 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* Always try to refresh the cached data, to`
Packit Service	4684c1	`* allow it to be updated without restarting`
Packit Service	4684c1	`* all applications`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`_gnutls_update_system_priorities();`
Packit Service	4684c1
Packit Service	4684c1	`p = _name_val_array_value(system_wide_priority_strings, ss, ss_len);`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("resolved '%.s' to '%s', next '%.s'\n",`
Packit Service	4684c1	`ss_len, ss, S(p), ss_next_len, S(ss_next));`
Packit Service	4684c1	`ss = ss_next;`
Packit Service	4684c1	`} while (ss && p == NULL);`
Packit Service	4684c1
Packit Service	4684c1	`if (p == NULL) {`
Packit Service	4684c1	`_gnutls_debug_log("unable to resolve %s\n", priorities);`
Packit Service	4684c1	`ret = NULL;`
Packit Service	4684c1	`goto finish;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`n = strlen(p);`
Packit Service	4684c1	`if (additional)`
Packit Service	4684c1	`n2 = strlen(additional);`
Packit Service	4684c1
Packit Service	4684c1	`ret = gnutls_malloc(n+n2+1+1);`
Packit Service	4684c1	`if (ret == NULL) {`
Packit Service	4684c1	`goto finish;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`memcpy(ret, p, n);`
Packit Service	4684c1	`if (additional != NULL) {`
Packit Service	4684c1	`ret[n] = ':';`
Packit Service	4684c1	`memcpy(&ret[n+1], additional, n2);`
Packit Service	4684c1	`ret[n+n2+1] = 0;`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`ret[n] = 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`return gnutls_strdup(p);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`finish:`
Packit Service	4684c1	`if (ret != NULL) {`
Packit Service	4684c1	`_gnutls_debug_log("selected priority string: %s\n", ret);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`return ret;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static void add_ec(gnutls_priority_t priority_cache)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`const gnutls_group_entry_st *ge;`
Packit Service	4684c1	`unsigned i;`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < priority_cache->_supported_ecc.num_priorities; i++) {`
Packit Service	4684c1	`ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priorities[i]);`
Packit Service	4684c1	`if (ge != NULL && priority_cache->groups.size < sizeof(priority_cache->groups.entry)/sizeof(priority_cache->groups.entry[0])) {`
Packit Service	4684c1	`/* do not add groups which do not correspond to enabled ciphersuites */`
Packit Service	4684c1	`if (!ge->curve)`
Packit Service	4684c1	`continue;`
Packit Service	4684c1	`priority_cache->groups.entry[priority_cache->groups.size++] = ge;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`static void add_dh(gnutls_priority_t priority_cache)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`const gnutls_group_entry_st *ge;`
Packit Service	4684c1	`unsigned i;`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < priority_cache->_supported_ecc.num_priorities; i++) {`
Packit Service	4684c1	`ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priorities[i]);`
Packit Service	4684c1	`if (ge != NULL && priority_cache->groups.size < sizeof(priority_cache->groups.entry)/sizeof(priority_cache->groups.entry[0])) {`
Packit Service	4684c1	`/* do not add groups which do not correspond to enabled ciphersuites */`
Packit Service	4684c1	`if (!ge->prime)`
Packit Service	4684c1	`continue;`
Packit Service	4684c1	`priority_cache->groups.entry[priority_cache->groups.size++] = ge;`
Packit Service	4684c1	`priority_cache->groups.have_ffdhe = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* This function was originally precalculating ciphersuite-specific items, however`
Packit Service	4684c1	`* it has now extended to much more than that. It provides a consistency check to`
Packit Service	4684c1	`* set parameters, and in cases it applies policy specific items.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`static int set_ciphersuite_list(gnutls_priority_t priority_cache)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`unsigned i, j, z;`
Packit Service	4684c1	`const gnutls_cipher_suite_entry_st *ce;`
Packit Service	4684c1	`const gnutls_sign_entry_st *se;`
Packit Service	4684c1	`unsigned have_ec = 0;`
Packit Service	4684c1	`unsigned have_dh = 0;`
Packit Service	4684c1	`unsigned tls_sig_sem = 0;`
Packit Service	4684c1	`const version_entry_st tlsmax = NULL, vers;`
Packit Service	4684c1	`const version_entry_st *dtlsmax = NULL;`
Packit Service	4684c1	`const version_entry_st *tlsmin = NULL;`
Packit Service	4684c1	`const version_entry_st *dtlsmin = NULL;`
Packit Service	4684c1	`unsigned have_tls13 = 0, have_srp = 0;`
Packit Service	4684c1	`unsigned have_pre_tls12 = 0, have_tls12 = 0;`
Packit Service	4684c1	`unsigned have_psk = 0, have_null = 0, have_rsa_psk = 0;`
Packit Service	4684c1
Packit Service	4684c1	`/* have_psk indicates that a PSK key exchange compatible`
Packit Service	4684c1	`* with TLS1.3 is enabled. */`
Packit Service	4684c1
Packit Service	4684c1	`priority_cache->cs.size = 0;`
Packit Service	4684c1	`priority_cache->sigalg.size = 0;`
Packit Service	4684c1	`priority_cache->groups.size = 0;`
Packit Service	4684c1	`priority_cache->groups.have_ffdhe = 0;`
Packit Service	4684c1
Packit Service	4684c1	`/* disable key exchanges which are globally disabled */`
Packit Service	4684c1	`z = 0;`
Packit Service	4684c1	`while (system_wide_disabled_kxs[z] != 0) {`
Packit Service	4684c1	`for (i = j = 0; i < priority_cache->_kx.num_priorities; i++) {`
Packit Service	4684c1	`if (priority_cache->_kx.priorities[i] != system_wide_disabled_kxs[z])`
Packit Service	4684c1	`priority_cache->_kx.priorities[j++] = priority_cache->_kx.priorities[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1	`priority_cache->_kx.num_priorities = j;`
Packit Service	4684c1	`z++;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* disable groups which are globally disabled */`
Packit Service	4684c1	`z = 0;`
Packit Service	4684c1	`while (system_wide_disabled_groups[z] != 0) {`
Packit Service	4684c1	`for (i = j = 0; i < priority_cache->_supported_ecc.num_priorities; i++) {`
Packit Service	4684c1	`if (priority_cache->_supported_ecc.priorities[i] != system_wide_disabled_groups[z])`
Packit Service	4684c1	`priority_cache->_supported_ecc.priorities[j++] = priority_cache->_supported_ecc.priorities[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1	`priority_cache->_supported_ecc.num_priorities = j;`
Packit Service	4684c1	`z++;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* disable ciphers which are globally disabled */`
Packit Service	4684c1	`z = 0;`
Packit Service	4684c1	`while (system_wide_disabled_ciphers[z] != 0) {`
Packit Service	4684c1	`for (i = j = 0; i < priority_cache->_cipher.num_priorities; i++) {`
Packit Service	4684c1	`if (priority_cache->_cipher.priorities[i] != system_wide_disabled_ciphers[z])`
Packit Service	4684c1	`priority_cache->_cipher.priorities[j++] = priority_cache->_cipher.priorities[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1	`priority_cache->_cipher.num_priorities = j;`
Packit Service	4684c1	`z++;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* disable MACs which are globally disabled */`
Packit Service	4684c1	`z = 0;`
Packit Service	4684c1	`while (system_wide_disabled_macs[z] != 0) {`
Packit Service	4684c1	`for (i = j = 0; i < priority_cache->_mac.num_priorities; i++) {`
Packit Service	4684c1	`if (priority_cache->_mac.priorities[i] != system_wide_disabled_macs[z])`
Packit Service	4684c1	`priority_cache->_mac.priorities[j++] = priority_cache->_mac.priorities[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1	`priority_cache->_mac.num_priorities = j;`
Packit Service	4684c1	`z++;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`for (j=0;j<priority_cache->_cipher.num_priorities;j++) {`
Packit Service	4684c1	`if (priority_cache->_cipher.priorities[j] == GNUTLS_CIPHER_NULL) {`
Packit Service	4684c1	`have_null = 1;`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < priority_cache->_kx.num_priorities; i++) {`
Packit Service	4684c1	`if (IS_SRP_KX(priority_cache->_kx.priorities[i])) {`
Packit Service	4684c1	`have_srp = 1;`
Packit Service	4684c1	`} else if (_gnutls_kx_is_psk(priority_cache->_kx.priorities[i])) {`
Packit Service	4684c1	`if (priority_cache->_kx.priorities[i] == GNUTLS_KX_RSA_PSK)`
Packit Service	4684c1	`have_rsa_psk = 1;`
Packit Service	4684c1	`else`
Packit Service	4684c1	`have_psk = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* disable TLS versions which are added but are unsupported */`
Packit Service	4684c1	`for (i = j = 0; i < priority_cache->protocol.num_priorities; i++) {`
Packit Service	4684c1	`vers = version_to_entry(priority_cache->protocol.priorities[i]);`
Packit Service	4684c1	`if (!vers \|\| vers->supported)`
Packit Service	4684c1	`priority_cache->protocol.priorities[j++] = priority_cache->protocol.priorities[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1	`priority_cache->protocol.num_priorities = j;`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`/* if we have NULL ciphersuites, SRP, or RSA-PSK enabled remove TLS1.3+`
Packit Service	4684c1	`* protocol versions; they cannot be negotiated under TLS1.3. */`
Packit Service	4684c1	`if (have_null \|\| have_srp \|\| have_rsa_psk \|\| priority_cache->no_extensions) {`
Packit Service	4684c1	`for (i = j = 0; i < priority_cache->protocol.num_priorities; i++) {`
Packit Service	4684c1	`vers = version_to_entry(priority_cache->protocol.priorities[i]);`
Packit Service	4684c1	`if (!vers \|\| !vers->tls13_sem)`
Packit Service	4684c1	`priority_cache->protocol.priorities[j++] = priority_cache->protocol.priorities[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1	`priority_cache->protocol.num_priorities = j;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < priority_cache->protocol.num_priorities; i++) {`
Packit Service	4684c1	`vers = version_to_entry(priority_cache->protocol.priorities[i]);`
Packit Service	4684c1	`if (!vers)`
Packit Service	4684c1	`continue;`
Packit Service	4684c1
Packit Service	4684c1	`if (vers->transport == GNUTLS_STREAM) { /* TLS */`
Packit Service	4684c1	`tls_sig_sem \|= vers->tls_sig_sem;`
Packit Service	4684c1	`if (vers->tls13_sem)`
Packit Service	4684c1	`have_tls13 = 1;`
Packit Service	4684c1
Packit Service	4684c1	`if (vers->id == GNUTLS_TLS1_2)`
Packit Service	4684c1	`have_tls12 = 1;`
Packit Service	4684c1	`else if (vers->id < GNUTLS_TLS1_2)`
Packit Service	4684c1	`have_pre_tls12 = 1;`
Packit Service	4684c1
Packit Service	4684c1	`if (tlsmax == NULL \|\| vers->age > tlsmax->age)`
Packit Service	4684c1	`tlsmax = vers;`
Packit Service	4684c1	`if (tlsmin == NULL \|\| vers->age < tlsmin->age)`
Packit Service	4684c1	`tlsmin = vers;`
Packit Service	4684c1	`} else { /* dtls */`
Packit Service	4684c1	`tls_sig_sem \|= vers->tls_sig_sem;`
Packit Service	4684c1
Packit Service	4684c1	`/* we need to introduce similar handling to above`
Packit Service	4684c1	`* when DTLS1.3 is supported */`
Packit Service	4684c1
Packit Service	4684c1	`if (dtlsmax == NULL \|\| vers->age > dtlsmax->age)`
Packit Service	4684c1	`dtlsmax = vers;`
Packit Service	4684c1	`if (dtlsmin == NULL \|\| vers->age < dtlsmin->age)`
Packit Service	4684c1	`dtlsmin = vers;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* DTLS or TLS protocols must be present */`
Packit Service	4684c1	`if ((!tlsmax \|\| !tlsmin) && (!dtlsmax \|\| !dtlsmin))`
Packit Service	4684c1	`return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`priority_cache->have_psk = have_psk;`
Packit Service	4684c1
Packit Service	4684c1	`/* if we are have TLS1.3+ do not enable any key exchange algorithms,`
Packit Service	4684c1	`* the protocol doesn't require any. */`
Packit Service	4684c1	`if (tlsmin && tlsmin->tls13_sem && !have_psk) {`
Packit Service	4684c1	`if (!dtlsmin \|\| (dtlsmin && dtlsmin->tls13_sem))`
Packit Service	4684c1	`priority_cache->_kx.num_priorities = 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* Add TLS 1.3 ciphersuites (no KX) */`
Packit Service	4684c1	`for (j=0;j<priority_cache->_cipher.num_priorities;j++) {`
Packit Service	4684c1	`for (z=0;z<priority_cache->_mac.num_priorities;z++) {`
Packit Service	4684c1	`ce = cipher_suite_get(`
Packit Service	4684c1	`0, priority_cache->_cipher.priorities[j],`
Packit Service	4684c1	`priority_cache->_mac.priorities[z]);`
Packit Service	4684c1
Packit Service	4684c1	`if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) {`
Packit Service	4684c1	`priority_cache->cs.entry[priority_cache->cs.size++] = ce;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < priority_cache->_kx.num_priorities; i++) {`
Packit Service	4684c1	`for (j=0;j<priority_cache->_cipher.num_priorities;j++) {`
Packit Service	4684c1	`for (z=0;z<priority_cache->_mac.num_priorities;z++) {`
Packit Service	4684c1	`ce = cipher_suite_get(`
Packit Service	4684c1	`priority_cache->_kx.priorities[i],`
Packit Service	4684c1	`priority_cache->_cipher.priorities[j],`
Packit Service	4684c1	`priority_cache->_mac.priorities[z]);`
Packit Service	4684c1
Packit Service	4684c1	`if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) {`
Packit Service	4684c1	`priority_cache->cs.entry[priority_cache->cs.size++] = ce;`
Packit Service	4684c1	`if (!have_ec && (_gnutls_kx_is_ecc(ce->kx_algorithm) \|\|`
Packit Service	4684c1	`_gnutls_kx_is_vko_gost(ce->kx_algorithm))) {`
Packit Service	4684c1	`have_ec = 1;`
Packit Service	4684c1	`add_ec(priority_cache);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`if (!have_dh && _gnutls_kx_is_dhe(ce->kx_algorithm)) {`
Packit Service	4684c1	`have_dh = 1;`
Packit Service	4684c1	`add_dh(priority_cache);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (have_tls13 && (!have_ec \|\| !have_dh)) {`
Packit Service	4684c1	`/* scan groups to determine have_ec and have_dh */`
Packit Service	4684c1	`for (i=0; i < priority_cache->_supported_ecc.num_priorities; i++) {`
Packit Service	4684c1	`const gnutls_group_entry_st *ge;`
Packit Service	4684c1	`ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priorities[i]);`
Packit Service	4684c1	`if (ge) {`
Packit Service	4684c1	`if (ge->curve && !have_ec) {`
Packit Service	4684c1	`add_ec(priority_cache);`
Packit Service	4684c1	`have_ec = 1;`
Packit Service	4684c1	`} else if (ge->prime && !have_dh) {`
Packit Service	4684c1	`add_dh(priority_cache);`
Packit Service	4684c1	`have_dh = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (have_dh && have_ec)`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`for (i = 0; i < priority_cache->_sign_algo.num_priorities; i++) {`
Packit Service	4684c1	`se = _gnutls_sign_to_entry(priority_cache->_sign_algo.priorities[i]);`
Packit Service	4684c1	`if (se != NULL && priority_cache->sigalg.size < sizeof(priority_cache->sigalg.entry)/sizeof(priority_cache->sigalg.entry[0])) {`
Packit Service	4684c1	`/* if the signature algorithm semantics are not compatible with`
Packit Service	4684c1	`* the protocol's, then skip. */`
Packit Service	4684c1	`if ((se->aid.tls_sem & tls_sig_sem) == 0)`
Packit Service	4684c1	`continue;`
Packit Service	4684c1	`priority_cache->sigalg.entry[priority_cache->sigalg.size++] = se;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_debug_log("added %d protocols, %d ciphersuites, %d sig algos and %d groups into priority list\n",`
Packit Service	4684c1	`priority_cache->protocol.num_priorities,`
Packit Service	4684c1	`priority_cache->cs.size, priority_cache->sigalg.size,`
Packit Service	4684c1	`priority_cache->groups.size);`
Packit Service	4684c1
Packit Service	4684c1	`if (priority_cache->sigalg.size == 0) {`
Packit Service	4684c1	`/* no signature algorithms; eliminate TLS 1.2 or DTLS 1.2 and later */`
Packit Service	4684c1	`priority_st newp;`
Packit Service	4684c1	`newp.num_priorities = 0;`
Packit Service	4684c1
Packit Service	4684c1	`/* we need to eliminate TLS 1.2 or DTLS 1.2 and later protocols */`
Packit Service	4684c1	`for (i = 0; i < priority_cache->protocol.num_priorities; i++) {`
Packit Service	4684c1	`if (priority_cache->protocol.priorities[i] < GNUTLS_TLS1_2) {`
Packit Service	4684c1	`newp.priorities[newp.num_priorities++] = priority_cache->protocol.priorities[i];`
Packit Service	4684c1	`} else if (priority_cache->protocol.priorities[i] >= GNUTLS_DTLS_VERSION_MIN &&`
Packit Service	4684c1	`priority_cache->protocol.priorities[i] < GNUTLS_DTLS1_2) {`
Packit Service	4684c1	`newp.priorities[newp.num_priorities++] = priority_cache->protocol.priorities[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`memcpy(&priority_cache->protocol, &newp, sizeof(newp));`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (unlikely(priority_cache->protocol.num_priorities == 0))`
Packit Service	4684c1	`return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);`
Packit Service	4684c1	`#ifndef ENABLE_SSL3`
Packit Service	4684c1	`else if (unlikely(priority_cache->protocol.num_priorities == 1 && priority_cache->protocol.priorities[0] == GNUTLS_SSL3))`
Packit Service	4684c1	`return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);`
Packit Service	4684c1	`#endif`
Packit Service	4684c1
Packit Service	4684c1	`if (unlikely(priority_cache->cs.size == 0))`
Packit Service	4684c1	`return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET);`
Packit Service	4684c1
Packit Service	4684c1	`/* when TLS 1.3 is available we must have groups set; additionally`
Packit Service	4684c1	`* we require TLS1.2 to be enabled if TLS1.3 is asked for, and`
Packit Service	4684c1	`* a pre-TLS1.2 protocol is there; that is because servers which`
Packit Service	4684c1	`* do not support TLS1.3 will negotiate TLS1.2 if seen a TLS1.3 handshake */`
Packit Service	4684c1	`if (unlikely((!have_psk && tlsmax && tlsmax->id >= GNUTLS_TLS1_3 && priority_cache->groups.size == 0)) \|\|`
Packit Service	4684c1	`(!have_tls12 && have_pre_tls12 && have_tls13)) {`
Packit Service	4684c1	`for (i = j = 0; i < priority_cache->protocol.num_priorities; i++) {`
Packit Service	4684c1	`vers = version_to_entry(priority_cache->protocol.priorities[i]);`
Packit Service	4684c1	`if (!vers \|\| vers->transport != GNUTLS_STREAM \|\| !vers->tls13_sem)`
Packit Service	4684c1	`priority_cache->protocol.priorities[j++] = priority_cache->protocol.priorities[i];`
Packit Service	4684c1	`}`
Packit Service	4684c1	`priority_cache->protocol.num_priorities = j;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* ensure that the verification profile is not lower from the configured */`
Packit Service	4684c1	`if (system_wide_verification_profile) {`
Packit Service	4684c1	`gnutls_sec_param_t level = priority_cache->level;`
Packit Service	4684c1	`gnutls_sec_param_t system_wide_level = _gnutls_profile_to_sec_level(system_wide_verification_profile);`
Packit Service	4684c1
Packit Service	4684c1	`if (level < system_wide_level) {`
Packit Service	4684c1	`ENABLE_PROFILE(priority_cache, system_wide_verification_profile);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_init2:`
Packit Service	4684c1	`* @priority_cache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @priorities: is a string describing priorities (may be %NULL)`
Packit Service	4684c1	`* @err_pos: In case of an error this will have the position in the string the error occurred`
Packit Service	4684c1	`* @flags: zero or %GNUTLS_PRIORITY_INIT_DEF_APPEND`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Sets priorities for the ciphers, key exchange methods, and macs.`
Packit Service	4684c1	`* The @priority_cache should be deinitialized`
Packit Service	4684c1	`* using gnutls_priority_deinit().`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* The #priorities option allows you to specify a colon`
Packit Service	4684c1	`* separated list of the cipher priorities to enable.`
Packit Service	4684c1	`* Some keywords are defined to provide quick access`
Packit Service	4684c1	`* to common preferences.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* When @flags is set to %GNUTLS_PRIORITY_INIT_DEF_APPEND then the @priorities`
Packit Service	4684c1	`* specified will be appended to the default options.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Unless there is a special need, use the "NORMAL" keyword to`
Packit Service	4684c1	`* apply a reasonable security level, or "NORMAL:%%COMPAT" for compatibility.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "PERFORMANCE" means all the "secure" ciphersuites are enabled,`
Packit Service	4684c1	`* limited to 128 bit ciphers and sorted by terms of speed`
Packit Service	4684c1	`* performance.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is`
Packit Service	4684c1	`* no verification profile set, and the allowed DH primes are considered`
Packit Service	4684c1	`* weak today.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are`
Packit Service	4684c1	`* included as a fallback only. The ciphers are sorted by security`
Packit Service	4684c1	`* margin.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "PFS" means all "secure" ciphersuites that support perfect forward secrecy.`
Packit Service	4684c1	`* The 256-bit ciphers are included as a fallback only.`
Packit Service	4684c1	`* The ciphers are sorted by security margin.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "SECURE128" means all "secure" ciphersuites of security level 128-bit`
Packit Service	4684c1	`* or more.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "SECURE192" means all "secure" ciphersuites of security level 192-bit`
Packit Service	4684c1	`* or more.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "SUITEB128" means all the NSA SuiteB ciphersuites with security level`
Packit Service	4684c1	`* of 128.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "SUITEB192" means all the NSA SuiteB ciphersuites with security level`
Packit Service	4684c1	`* of 192.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "NONE" means nothing is enabled. This disables everything, including protocols.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "@@KEYWORD1,KEYWORD2,..." The system administrator imposed settings.`
Packit Service	4684c1	`* The provided keyword(s) will be expanded from a configuration-time`
Packit Service	4684c1	`* provided file - default is: /etc/gnutls/config.`
Packit Service	4684c1	`* Any attributes that follow it, will be appended to the expanded`
Packit Service	4684c1	`* string. If multiple keywords are provided, separated by commas,`
Packit Service	4684c1	`* then the first keyword that exists in the configuration file`
Packit Service	4684c1	`* will be used. At least one of the keywords must exist, or this`
Packit Service	4684c1	`* function will return an error. Typical usage would be to specify`
Packit Service	4684c1	`* an application specified keyword first, followed by "SYSTEM" as`
Packit Service	4684c1	`* a default fallback. e.g., "@LIBVIRT,SYSTEM:!-VERS-SSL3.0" will`
Packit Service	4684c1	`* first try to find a config file entry matching "LIBVIRT", but if`
Packit Service	4684c1	`* that does not exist will use the entry for "SYSTEM". If "SYSTEM"`
Packit Service	4684c1	`* does not exist either, an error will be returned. In all cases,`
Packit Service	4684c1	`* the SSL3.0 protocol will be disabled. The system priority file`
Packit Service	4684c1	`* entries should be formatted as "KEYWORD=VALUE", e.g.,`
Packit Service	4684c1	`* "SYSTEM=NORMAL:+ARCFOUR-128".`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Special keywords are "!", "-" and "+".`
Packit Service	4684c1	`* "!" or "-" appended with an algorithm will remove this algorithm.`
Packit Service	4684c1	`* "+" appended with an algorithm will add this algorithm.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Check the GnuTLS manual section "Priority strings" for detailed`
Packit Service	4684c1	`* information.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Examples:`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "SECURE128:-VERS-SSL3.0" means that only secure ciphers are`
Packit Service	4684c1	`* and enabled, SSL3.0 is disabled.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1",`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* "SECURE256:+SECURE128",`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Note that "NORMAL:%%COMPAT" is the most compatible mode.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* A %NULL @priorities string indicates the default priorities to be`
Packit Service	4684c1	`* used (this is available since GnuTLS 3.3.0).`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,`
Packit Service	4684c1	`* %GNUTLS_E_SUCCESS on success, or an error code.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Since: 3.6.3`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_init2(gnutls_priority_t * priority_cache,`
Packit Service	4684c1	`const char priorities, const char *err_pos,`
Packit Service	4684c1	`unsigned flags)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`gnutls_buffer_st buf;`
Packit Service	4684c1	`const char *ep;`
Packit Service	4684c1	`int ret;`
Packit Service	4684c1
Packit Service	4684c1	`if (flags & GNUTLS_PRIORITY_INIT_DEF_APPEND) {`
Packit Service	4684c1	`if (priorities == NULL)`
Packit Service	4684c1	`return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);`
Packit Service	4684c1
Packit Service	4684c1	`if (err_pos)`
Packit Service	4684c1	`*err_pos = priorities;`
Packit Service	4684c1
Packit Service	4684c1	`_gnutls_buffer_init(&buf;;`
Packit Service	4684c1
Packit Service	4684c1	`ret = _gnutls_buffer_append_str(&buf, _gnutls_default_priority_string);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`_gnutls_buffer_clear(&buf;;`
Packit Service	4684c1	`return gnutls_assert_val(ret);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`ret = _gnutls_buffer_append_str(&buf, ":");`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`_gnutls_buffer_clear(&buf;;`
Packit Service	4684c1	`return gnutls_assert_val(ret);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`ret = _gnutls_buffer_append_str(&buf, priorities);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`_gnutls_buffer_clear(&buf;;`
Packit Service	4684c1	`return gnutls_assert_val(ret);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`ret = gnutls_priority_init(priority_cache, (const char*)buf.data, &ep);`
Packit Service	4684c1	`if (ret < 0 && ep != (const char*)buf.data && ep != NULL) {`
Packit Service	4684c1	`ptrdiff_t diff = (ptrdiff_t)ep-(ptrdiff_t)buf.data;`
Packit Service	4684c1	`unsigned hlen = strlen(_gnutls_default_priority_string)+1;`
Packit Service	4684c1
Packit Service	4684c1	`if (err_pos && diff > hlen) {`
Packit Service	4684c1	`*err_pos = priorities + diff - hlen;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`_gnutls_buffer_clear(&buf;;`
Packit Service	4684c1	`return ret;`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`return gnutls_priority_init(priority_cache, priorities, err_pos);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`#define PRIO_MATCH(name) c_strncasecmp(&broken_list[i][1], name, sizeof(name) - 1)`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_init:`
Packit Service	4684c1	`* @priority_cache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @priorities: is a string describing priorities (may be %NULL)`
Packit Service	4684c1	`* @err_pos: In case of an error this will have the position in the string the error occurred`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* For applications that do not modify their crypto settings per release, consider`
Packit Service	4684c1	`* using gnutls_priority_init2() with %GNUTLS_PRIORITY_INIT_DEF_APPEND flag`
Packit Service	4684c1	`* instead. We suggest to use centralized crypto settings handled by the GnuTLS`
Packit Service	4684c1	`* library, and applications modifying the default settings to their needs.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* This function is identical to gnutls_priority_init2() with zero`
Packit Service	4684c1	`* flags.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* A %NULL @priorities string indicates the default priorities to be`
Packit Service	4684c1	`* used (this is available since GnuTLS 3.3.0).`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,`
Packit Service	4684c1	`* %GNUTLS_E_SUCCESS on success, or an error code.`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_init(gnutls_priority_t * priority_cache,`
Packit Service	4684c1	`const char priorities, const char *err_pos)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`char *broken_list[MAX_ELEMENTS];`
Packit Service	4684c1	`int broken_list_size = 0, i = 0, j;`
Packit Service	4684c1	`char *darg = NULL;`
Packit Service	4684c1	`unsigned ikeyword_set = 0;`
Packit Service	4684c1	`int algo;`
Packit Service	4684c1	`int ret;`
Packit Service	4684c1	`rmadd_func *fn;`
Packit Service	4684c1	`bulk_rmadd_func *bulk_fn;`
Packit Service	4684c1	`bulk_rmadd_func *bulk_given_fn;`
Packit Service	4684c1	`const cipher_entry_st *centry;`
Packit Service	4684c1	`unsigned resolved_match = 1;`
Packit Service	4684c1
Packit Service	4684c1	`if (err_pos)`
Packit Service	4684c1	`*err_pos = priorities;`
Packit Service	4684c1
Packit Service	4684c1	`*priority_cache =`
Packit Service	4684c1	`gnutls_calloc(1, sizeof(struct gnutls_priority_st));`
Packit Service	4684c1	`if (*priority_cache == NULL) {`
Packit Service	4684c1	`gnutls_assert();`
Packit Service	4684c1	`return GNUTLS_E_MEMORY_ERROR;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* for now unsafe renegotiation is default on everyone. To be removed`
Packit Service	4684c1	`* when we make it the default.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`(*priority_cache)->sr = SR_PARTIAL;`
Packit Service	4684c1	`(*priority_cache)->min_record_version = 1;`
Packit Service	4684c1	`gnutls_atomic_init(&(*priority_cache)->usage_cnt);`
Packit Service	4684c1
Packit Service	4684c1	`if (priorities == NULL) {`
Packit Service	4684c1	`priorities = _gnutls_default_priority_string;`
Packit Service	4684c1	`resolved_match = 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`darg = _gnutls_resolve_priorities(priorities);`
Packit Service	4684c1	`if (darg == NULL) {`
Packit Service	4684c1	`gnutls_assert();`
Packit Service	4684c1	`goto error;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (strcmp(darg, priorities) != 0)`
Packit Service	4684c1	`resolved_match = 0;`
Packit Service	4684c1
Packit Service	4684c1	`break_list(darg, broken_list, &broken_list_size);`
Packit Service	4684c1	`/* This is our default set of protocol version, certificate types.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`if (c_strcasecmp(broken_list[0], LEVEL_NONE) != 0) {`
Packit Service	4684c1	`_set_priority(&(*priority_cache)->protocol,`
Packit Service	4684c1	`protocol_priority);`
Packit Service	4684c1	`_set_priority(&(*priority_cache)->client_ctype,`
Packit Service	4684c1	`cert_type_priority_default);`
Packit Service	4684c1	`_set_priority(&(*priority_cache)->server_ctype,`
Packit Service	4684c1	`cert_type_priority_default);`
Packit Service	4684c1	`_set_priority(&(*priority_cache)->_sign_algo,`
Packit Service	4684c1	`sign_priority_default);`
Packit Service	4684c1	`_set_priority(&(*priority_cache)->_supported_ecc,`
Packit Service	4684c1	`supported_groups_normal);`
Packit Service	4684c1	`i = 0;`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`ikeyword_set = 1;`
Packit Service	4684c1	`i = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`for (; i < broken_list_size; i++) {`
Packit Service	4684c1	`if (check_level(broken_list[i], *priority_cache, ikeyword_set) != 0) {`
Packit Service	4684c1	`ikeyword_set = 1;`
Packit Service	4684c1	`continue;`
Packit Service	4684c1	`} else if (broken_list[i][0] == '!'`
Packit Service	4684c1	`\|\| broken_list[i][0] == '+'`
Packit Service	4684c1	`\|\| broken_list[i][0] == '-') {`
Packit Service	4684c1	`if (broken_list[i][0] == '+') {`
Packit Service	4684c1	`fn = prio_add;`
Packit Service	4684c1	`bulk_fn = _add_priority;`
Packit Service	4684c1	`bulk_given_fn = _add_priority;`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`fn = prio_remove;`
Packit Service	4684c1	`bulk_fn = _clear_priorities;`
Packit Service	4684c1	`bulk_given_fn = _clear_given_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`if (broken_list[i][0] == '+'`
Packit Service	4684c1	`&& check_level(&broken_list[i][1],`
Packit Service	4684c1	`*priority_cache, 1) != 0) {`
Packit Service	4684c1	`continue;`
Packit Service	4684c1	`} else if ((algo =`
Packit Service	4684c1	`gnutls_mac_get_id(&broken_list[i][1]))`
Packit Service	4684c1	`!= GNUTLS_MAC_UNKNOWN) {`
Packit Service	4684c1	`fn(&(*priority_cache)->_mac, algo);`
Packit Service	4684c1	`} else if ((centry = cipher_name_to_entry(&broken_list[i][1])) != NULL) {`
Packit Service	4684c1	`if (_gnutls_cipher_exists(centry->id)) {`
Packit Service	4684c1	`fn(&(*priority_cache)->_cipher, centry->id);`
Packit Service	4684c1	`if (centry->type == CIPHER_BLOCK)`
Packit Service	4684c1	`(*priority_cache)->have_cbc = 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if ((algo =`
Packit Service	4684c1	`_gnutls_kx_get_id(&broken_list[i][1])) !=`
Packit Service	4684c1	`GNUTLS_KX_UNKNOWN) {`
Packit Service	4684c1	`if (algo != GNUTLS_KX_INVALID)`
Packit Service	4684c1	`fn(&(*priority_cache)->_kx, algo);`
Packit Service	4684c1	`} else if (PRIO_MATCH("VERS-") == 0) {`
Packit Service	4684c1	`if (PRIO_MATCH("VERS-TLS-ALL") == 0) {`
Packit Service	4684c1	`bulk_given_fn(&(*priority_cache)->`
Packit Service	4684c1	`protocol,`
Packit Service	4684c1	`stream_protocol_priority);`
Packit Service	4684c1	`} else if (PRIO_MATCH("VERS-DTLS-ALL") == 0) {`
Packit Service	4684c1	`bulk_given_fn(&(*priority_cache)->`
Packit Service	4684c1	`protocol,`
Packit Service	4684c1	`(bulk_given_fn==_add_priority)?dtls_protocol_priority:dgram_protocol_priority);`
Packit Service	4684c1	`} else if (PRIO_MATCH("VERS-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->`
Packit Service	4684c1	`protocol,`
Packit Service	4684c1	`protocol_priority);`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`if ((algo =`
Packit Service	4684c1	`gnutls_protocol_get_id`
Packit Service	4684c1	`(&broken_list[i][6])) !=`
Packit Service	4684c1	`GNUTLS_VERSION_UNKNOWN) {`
Packit Service	4684c1	`fn(&(*priority_cache)->`
Packit Service	4684c1	`protocol, algo);`
Packit Service	4684c1	`} else`
Packit Service	4684c1	`goto error;`
Packit Service	4684c1
Packit Service	4684c1	`}`
Packit Service	4684c1	`} /* now check if the element is something like -ALGO */`
Packit Service	4684c1	`else if (PRIO_MATCH("COMP-") == 0) {`
Packit Service	4684c1	`/* ignore all compression methods */`
Packit Service	4684c1	`continue;`
Packit Service	4684c1	`} /* now check if the element is something like -ALGO */`
Packit Service	4684c1	`else if (PRIO_MATCH("CURVE-") == 0) {`
Packit Service	4684c1	`if (PRIO_MATCH("CURVE-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->`
Packit Service	4684c1	`_supported_ecc,`
Packit Service	4684c1	`supported_groups_normal);`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`if ((algo =`
Packit Service	4684c1	`gnutls_ecc_curve_get_id`
Packit Service	4684c1	`(&broken_list[i][7])) !=`
Packit Service	4684c1	`GNUTLS_ECC_CURVE_INVALID)`
Packit Service	4684c1	`fn(&(*priority_cache)->`
Packit Service	4684c1	`_supported_ecc, algo);`
Packit Service	4684c1	`else`
Packit Service	4684c1	`goto error;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (PRIO_MATCH("GROUP-") == 0) {`
Packit Service	4684c1	`if (PRIO_MATCH("GROUP-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->`
Packit Service	4684c1	`_supported_ecc,`
Packit Service	4684c1	`supported_groups_normal);`
Packit Service	4684c1	`} else if (PRIO_MATCH("GROUP-DH-ALL") == 0) {`
Packit Service	4684c1	`bulk_given_fn(&(*priority_cache)->`
Packit Service	4684c1	`_supported_ecc,`
Packit Service	4684c1	`_supported_groups_dh);`
Packit Service	4684c1	`} else if (PRIO_MATCH("GROUP-EC-ALL") == 0) {`
Packit Service	4684c1	`bulk_given_fn(&(*priority_cache)->`
Packit Service	4684c1	`_supported_ecc,`
Packit Service	4684c1	`_supported_groups_ecdh);`
Packit Service	4684c1	`} else if (PRIO_MATCH("GROUP-GOST-ALL") == 0) {`
Packit Service	4684c1	`bulk_given_fn(&(*priority_cache)->`
Packit Service	4684c1	`_supported_ecc,`
Packit Service	4684c1	`_supported_groups_gost);`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`if ((algo =`
Packit Service	4684c1	`gnutls_group_get_id`
Packit Service	4684c1	`(&broken_list[i][7])) !=`
Packit Service	4684c1	`GNUTLS_GROUP_INVALID)`
Packit Service	4684c1	`fn(&(*priority_cache)->`
Packit Service	4684c1	`_supported_ecc, algo);`
Packit Service	4684c1	`else`
Packit Service	4684c1	`goto error;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (PRIO_MATCH("CTYPE-") == 0) {`
Packit Service	4684c1	`// Certificate types`
Packit Service	4684c1	`if (PRIO_MATCH("CTYPE-ALL") == 0) {`
Packit Service	4684c1	`// Symmetric cert types, all types allowed`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->client_ctype,`
Packit Service	4684c1	`cert_type_priority_all);`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->server_ctype,`
Packit Service	4684c1	`cert_type_priority_all);`
Packit Service	4684c1	`} else if (PRIO_MATCH("CTYPE-CLI-") == 0) {`
Packit Service	4684c1	`// Client certificate types`
Packit Service	4684c1	`if (PRIO_MATCH("CTYPE-CLI-ALL") == 0) {`
Packit Service	4684c1	`// All client cert types allowed`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->client_ctype,`
Packit Service	4684c1	`cert_type_priority_all);`
Packit Service	4684c1	`} else if ((algo = gnutls_certificate_type_get_id`
Packit Service	4684c1	`(&broken_list[i][11])) != GNUTLS_CRT_UNKNOWN) {`
Packit Service	4684c1	`// Specific client cert type allowed`
Packit Service	4684c1	`fn(&(*priority_cache)->client_ctype, algo);`
Packit Service	4684c1	`} else goto error;`
Packit Service	4684c1	`} else if (PRIO_MATCH("CTYPE-SRV-") == 0) {`
Packit Service	4684c1	`// Server certificate types`
Packit Service	4684c1	`if (PRIO_MATCH("CTYPE-SRV-ALL") == 0) {`
Packit Service	4684c1	`// All server cert types allowed`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->server_ctype,`
Packit Service	4684c1	`cert_type_priority_all);`
Packit Service	4684c1	`} else if ((algo = gnutls_certificate_type_get_id`
Packit Service	4684c1	`(&broken_list[i][11])) != GNUTLS_CRT_UNKNOWN) {`
Packit Service	4684c1	`// Specific server cert type allowed`
Packit Service	4684c1	`fn(&(*priority_cache)->server_ctype, algo);`
Packit Service	4684c1	`} else goto error;`
Packit Service	4684c1	`} else { // Symmetric certificate type`
Packit Service	4684c1	`if ((algo = gnutls_certificate_type_get_id`
Packit Service	4684c1	`(&broken_list[i][7])) != GNUTLS_CRT_UNKNOWN) {`
Packit Service	4684c1	`fn(&(*priority_cache)->client_ctype, algo);`
Packit Service	4684c1	`fn(&(*priority_cache)->server_ctype, algo);`
Packit Service	4684c1	`} else if (PRIO_MATCH("CTYPE-OPENPGP") == 0) {`
Packit Service	4684c1	`/* legacy openpgp option - ignore */`
Packit Service	4684c1	`continue;`
Packit Service	4684c1	`} else goto error;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (PRIO_MATCH("SIGN-") == 0) {`
Packit Service	4684c1	`if (PRIO_MATCH("SIGN-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->`
Packit Service	4684c1	`_sign_algo,`
Packit Service	4684c1	`sign_priority_default);`
Packit Service	4684c1	`} else if (PRIO_MATCH("SIGN-GOST-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->`
Packit Service	4684c1	`_sign_algo,`
Packit Service	4684c1	`sign_priority_gost);`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`if ((algo =`
Packit Service	4684c1	`gnutls_sign_get_id`
Packit Service	4684c1	`(&broken_list[i][6])) !=`
Packit Service	4684c1	`GNUTLS_SIGN_UNKNOWN)`
Packit Service	4684c1	`fn(&(*priority_cache)->`
Packit Service	4684c1	`_sign_algo, algo);`
Packit Service	4684c1	`else`
Packit Service	4684c1	`goto error;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (PRIO_MATCH("MAC-") == 0) {`
Packit Service	4684c1	`if (PRIO_MATCH("MAC-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_mac,`
Packit Service	4684c1	`mac_priority_normal);`
Packit Service	4684c1	`} else if (PRIO_MATCH("MAC-GOST-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_mac,`
Packit Service	4684c1	`mac_priority_gost);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (PRIO_MATCH("CIPHER-") == 0) {`
Packit Service	4684c1	`if (PRIO_MATCH("CIPHER-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_cipher,`
Packit Service	4684c1	`cipher_priority_normal);`
Packit Service	4684c1	`} else if (PRIO_MATCH("CIPHER-GOST-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_cipher,`
Packit Service	4684c1	`cipher_priority_gost);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (PRIO_MATCH("KX-") == 0) {`
Packit Service	4684c1	`if (PRIO_MATCH("KX-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_kx,`
Packit Service	4684c1	`kx_priority_secure);`
Packit Service	4684c1	`} else if (PRIO_MATCH("KX-GOST-ALL") == 0) {`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_kx,`
Packit Service	4684c1	`kx_priority_gost);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`} else if (PRIO_MATCH("GOST") == 0) {`
Packit Service	4684c1	`bulk_given_fn(&(*priority_cache)->_supported_ecc,`
Packit Service	4684c1	`_supported_groups_gost);`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_sign_algo,`
Packit Service	4684c1	`sign_priority_gost);`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_mac,`
Packit Service	4684c1	`mac_priority_gost);`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_cipher,`
Packit Service	4684c1	`cipher_priority_gost);`
Packit Service	4684c1	`bulk_fn(&(*priority_cache)->_kx,`
Packit Service	4684c1	`kx_priority_gost);`
Packit Service	4684c1	`} else`
Packit Service	4684c1	`goto error;`
Packit Service	4684c1	`} else if (broken_list[i][0] == '%') {`
Packit Service	4684c1	`const struct priority_options_st * o;`
Packit Service	4684c1	`/* to add a new option modify`
Packit Service	4684c1	`* priority_options.gperf */`
Packit Service	4684c1	`o = in_word_set(&broken_list[i][1], strlen(&broken_list[i][1]));`
Packit Service	4684c1	`if (o == NULL) {`
Packit Service	4684c1	`goto error;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`o->func(*priority_cache);`
Packit Service	4684c1	`} else`
Packit Service	4684c1	`goto error;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`ret = set_ciphersuite_list(*priority_cache);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`if (err_pos)`
Packit Service	4684c1	`*err_pos = priorities;`
Packit Service	4684c1	`goto error_cleanup;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`gnutls_free(darg);`
Packit Service	4684c1
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`error:`
Packit Service	4684c1	`if (err_pos != NULL && i < broken_list_size && resolved_match) {`
Packit Service	4684c1	`*err_pos = priorities;`
Packit Service	4684c1	`for (j = 0; j < i; j++) {`
Packit Service	4684c1	`(*err_pos) += strlen(broken_list[j]) + 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`ret = GNUTLS_E_INVALID_REQUEST;`
Packit Service	4684c1
Packit Service	4684c1	`error_cleanup:`
Packit Service	4684c1	`free(darg);`
Packit Service	4684c1	`gnutls_priority_deinit(*priority_cache);`
Packit Service	4684c1	`*priority_cache = NULL;`
Packit Service	4684c1
Packit Service	4684c1	`return ret;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_deinit:`
Packit Service	4684c1	`* @priority_cache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Deinitializes the priority cache.`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`void gnutls_priority_deinit(gnutls_priority_t priority_cache)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (priority_cache == NULL)`
Packit Service	4684c1	`return;`
Packit Service	4684c1
Packit Service	4684c1	`/* Note that here we care about the following two cases:`
Packit Service	4684c1	`* 1. Multiple sessions or different threads holding a reference + a global reference`
Packit Service	4684c1	`* 2. One session holding a reference with a possible global reference`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* As such, it will never be that two threads reach the`
Packit Service	4684c1	`* zero state at the same time, unless the global reference`
Packit Service	4684c1	`* is cleared too, which is invalid state.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`if (gnutls_atomic_val(&priority_cache->usage_cnt) == 0) {`
Packit Service	4684c1	`gnutls_atomic_deinit(&priority_cache->usage_cnt);`
Packit Service	4684c1	`gnutls_free(priority_cache);`
Packit Service	4684c1	`return;`
Packit Service	4684c1	`} else {`
Packit Service	4684c1	`gnutls_atomic_decrement(&priority_cache->usage_cnt);`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_set_direct:`
Packit Service	4684c1	`* @session: is a #gnutls_session_t type.`
Packit Service	4684c1	`* @priorities: is a string describing priorities`
Packit Service	4684c1	`* @err_pos: In case of an error this will have the position in the string the error occurred`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Sets the priorities to use on the ciphers, key exchange methods,`
Packit Service	4684c1	`* and macs. This function avoids keeping a`
Packit Service	4684c1	`* priority cache and is used to directly set string priorities to a`
Packit Service	4684c1	`* TLS session. For documentation check the gnutls_priority_init().`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* To use a reasonable default, consider using gnutls_set_default_priority(),`
Packit Service	4684c1	`* or gnutls_set_default_priority_append() instead of this function.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,`
Packit Service	4684c1	`* %GNUTLS_E_SUCCESS on success, or an error code.`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_set_direct(gnutls_session_t session,`
Packit Service	4684c1	`const char priorities, const char *err_pos)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`gnutls_priority_t prio;`
Packit Service	4684c1	`int ret;`
Packit Service	4684c1
Packit Service	4684c1	`ret = gnutls_priority_init(&prio, priorities, err_pos);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`gnutls_assert();`
Packit Service	4684c1	`return ret;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`ret = gnutls_priority_set(session, prio);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`gnutls_assert();`
Packit Service	4684c1	`return ret;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* ensure that the session holds the only reference for the struct */`
Packit Service	4684c1	`gnutls_priority_deinit(prio);`
Packit Service	4684c1
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* Breaks a list of "xxx", "yyy", to a character array, of`
Packit Service	4684c1	`* MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`static void`
Packit Service	4684c1	`break_list(char *list,`
Packit Service	4684c1	`char broken_list[MAX_ELEMENTS], int size)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`char *p = list;`
Packit Service	4684c1
Packit Service	4684c1	`*size = 0;`
Packit Service	4684c1
Packit Service	4684c1	`do {`
Packit Service	4684c1	`broken_list[*size] = p;`
Packit Service	4684c1
Packit Service	4684c1	`(*size)++;`
Packit Service	4684c1
Packit Service	4684c1	`p = strchr(p, ':');`
Packit Service	4684c1	`if (p) {`
Packit Service	4684c1	`*p = 0;`
Packit Service	4684c1	`p++; /* move to next entry and skip white`
Packit Service	4684c1	`* space.`
Packit Service	4684c1	`*/`
Packit Service	4684c1	`while (*p == ' ')`
Packit Service	4684c1	`p++;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`}`
Packit Service	4684c1	`while (p != NULL && *size < MAX_ELEMENTS);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_set_default_priority:`
Packit Service	4684c1	`* @session: is a #gnutls_session_t type.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Sets the default priority on the ciphers, key exchange methods,`
Packit Service	4684c1	`* and macs. This is the recommended method of`
Packit Service	4684c1	`* setting the defaults, in order to promote consistency between applications`
Packit Service	4684c1	`* using GnuTLS, and to allow GnuTLS using applications to update settings`
Packit Service	4684c1	`* in par with the library. For client applications which require`
Packit Service	4684c1	`* maximum compatibility consider calling gnutls_session_enable_compatibility_mode()`
Packit Service	4684c1	`* after this function.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* For an application to specify additional options to priority string`
Packit Service	4684c1	`* consider using gnutls_set_default_priority_append().`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* To allow a user to override the defaults (e.g., when a user interface`
Packit Service	4684c1	`* or configuration file is available), the functions`
Packit Service	4684c1	`* gnutls_priority_set_direct() or gnutls_priority_set() can`
Packit Service	4684c1	`* be used.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: %GNUTLS_E_SUCCESS on success, or an error code.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Since: 2.1.4`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int gnutls_set_default_priority(gnutls_session_t session)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`return gnutls_priority_set_direct(session, NULL, NULL);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_set_default_priority_append:`
Packit Service	4684c1	`* @session: is a #gnutls_session_t type.`
Packit Service	4684c1	`* @add_prio: is a string describing priorities to be appended to default`
Packit Service	4684c1	`* @err_pos: In case of an error this will have the position in the string the error occurred`
Packit Service	4684c1	`* @flags: must be zero`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Sets the default priority on the ciphers, key exchange methods,`
Packit Service	4684c1	`* and macs with the additional options in @add_prio. This is the recommended method of`
Packit Service	4684c1	`* setting the defaults when only few additional options are to be added. This promotes`
Packit Service	4684c1	`* consistency between applications using GnuTLS, and allows GnuTLS using applications`
Packit Service	4684c1	`* to update settings in par with the library.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* The @add_prio string should start as a normal priority string, e.g.,`
Packit Service	4684c1	`* '-VERS-TLS-ALL:+VERS-TLS1.3:%%COMPAT' or '%%FORCE_ETM'. That is, it must not start`
Packit Service	4684c1	`* with ':'.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* To allow a user to override the defaults (e.g., when a user interface`
Packit Service	4684c1	`* or configuration file is available), the functions`
Packit Service	4684c1	`* gnutls_priority_set_direct() or gnutls_priority_set() can`
Packit Service	4684c1	`* be used.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: %GNUTLS_E_SUCCESS on success, or an error code.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Since: 3.6.3`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int gnutls_set_default_priority_append(gnutls_session_t session,`
Packit Service	4684c1	`const char *add_prio,`
Packit Service	4684c1	`const char **err_pos,`
Packit Service	4684c1	`unsigned flags)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`gnutls_priority_t prio;`
Packit Service	4684c1	`int ret;`
Packit Service	4684c1
Packit Service	4684c1	`ret = gnutls_priority_init2(&prio, add_prio, err_pos, GNUTLS_PRIORITY_INIT_DEF_APPEND);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`gnutls_assert();`
Packit Service	4684c1	`return ret;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`ret = gnutls_priority_set(session, prio);`
Packit Service	4684c1	`if (ret < 0) {`
Packit Service	4684c1	`gnutls_assert();`
Packit Service	4684c1	`return ret;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/* ensure that the session holds the only reference for the struct */`
Packit Service	4684c1	`gnutls_priority_deinit(prio);`
Packit Service	4684c1
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_ecc_curve_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available elliptic curves in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Deprecated: This function has been replaced by`
Packit Service	4684c1	`* gnutls_priority_group_list() since 3.6.0.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of items, or an error code.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Since: 3.0`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`unsigned i;`
Packit Service	4684c1
Packit Service	4684c1	`if (pcache->_supported_ecc.num_priorities == 0)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`*list = pcache->_supported_ecc.priorities;`
Packit Service	4684c1
Packit Service	4684c1	`/* to ensure we don't confuse the caller, we do not include`
Packit Service	4684c1	`* any FFDHE groups. This may return an incomplete list. */`
Packit Service	4684c1	`for (i=0;i<pcache->_supported_ecc.num_priorities;i++)`
Packit Service	4684c1	`if (pcache->_supported_ecc.priorities[i] > GNUTLS_ECC_CURVE_MAX)`
Packit Service	4684c1	`return i;`
Packit Service	4684c1
Packit Service	4684c1	`return pcache->_supported_ecc.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_group_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available groups in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of items, or an error code.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Since: 3.6.0`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_group_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (pcache->_supported_ecc.num_priorities == 0)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`*list = pcache->_supported_ecc.priorities;`
Packit Service	4684c1	`return pcache->_supported_ecc.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_kx_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available key exchange methods in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of items, or an error code.`
Packit Service	4684c1	`* Since: 3.2.3`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_kx_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (pcache->_kx.num_priorities == 0)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`*list = pcache->_kx.priorities;`
Packit Service	4684c1	`return pcache->_kx.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_cipher_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available ciphers in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of items, or an error code.`
Packit Service	4684c1	`* Since: 3.2.3`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_cipher_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (pcache->_cipher.num_priorities == 0)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`*list = pcache->_cipher.priorities;`
Packit Service	4684c1	`return pcache->_cipher.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_mac_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available MAC algorithms in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of items, or an error code.`
Packit Service	4684c1	`* Since: 3.2.3`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_mac_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (pcache->_mac.num_priorities == 0)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`*list = pcache->_mac.priorities;`
Packit Service	4684c1	`return pcache->_mac.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_compression_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available compression method in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of methods, or an error code.`
Packit Service	4684c1	`* Since: 3.0`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_compression_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`static const unsigned int priority[1] = {GNUTLS_COMP_NULL};`
Packit Service	4684c1
Packit Service	4684c1	`*list = priority;`
Packit Service	4684c1	`return 1;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_protocol_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available TLS version numbers in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of protocols, or an error code.`
Packit Service	4684c1	`* Since: 3.0`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_protocol_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (pcache->protocol.num_priorities == 0)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`*list = pcache->protocol.priorities;`
Packit Service	4684c1	`return pcache->protocol.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_sign_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available signature algorithms in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of algorithms, or an error code.`
Packit Service	4684c1	`* Since: 3.0`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_sign_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (pcache->_sign_algo.num_priorities == 0)`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1
Packit Service	4684c1	`*list = pcache->_sign_algo.priorities;`
Packit Service	4684c1	`return pcache->_sign_algo.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_certificate_type_list:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available certificate types in the priority`
Packit Service	4684c1	`* structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* As of version 3.6.4 this function is an alias for`
Packit Service	4684c1	`* gnutls_priority_certificate_type_list2 with the target parameter`
Packit Service	4684c1	`* set to:`
Packit Service	4684c1	`* - GNUTLS_CTYPE_SERVER, if the %SERVER_PRECEDENCE option is set`
Packit Service	4684c1	`* - GNUTLS_CTYPE_CLIENT, otherwise.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of certificate types, or an error code.`
Packit Service	4684c1	`* Since: 3.0`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_certificate_type_list(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`gnutls_ctype_target_t target =`
Packit Service	4684c1	`pcache->server_precedence ? GNUTLS_CTYPE_SERVER : GNUTLS_CTYPE_CLIENT;`
Packit Service	4684c1
Packit Service	4684c1	`return gnutls_priority_certificate_type_list2(pcache, list, target);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_certificate_type_list2:`
Packit Service	4684c1	`* @pcache: is a #gnutls_prioritity_t type.`
Packit Service	4684c1	`* @list: will point to an integer list.`
Packit Service	4684c1	`* @target: is a #gnutls_ctype_target_t type. Valid arguments are`
Packit Service	4684c1	`* GNUTLS_CTYPE_CLIENT and GNUTLS_CTYPE_SERVER`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Get a list of available certificate types for the given target`
Packit Service	4684c1	`* in the priority structure.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: the number of certificate types, or an error code.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Since: 3.6.4`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`int`
Packit Service	4684c1	`gnutls_priority_certificate_type_list2(gnutls_priority_t pcache,`
Packit Service	4684c1	`const unsigned int **list, gnutls_ctype_target_t target)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`switch (target) {`
Packit Service	4684c1	`case GNUTLS_CTYPE_CLIENT:`
Packit Service	4684c1	`if(pcache->client_ctype.num_priorities > 0) {`
Packit Service	4684c1	`*list = pcache->client_ctype.priorities;`
Packit Service	4684c1	`return pcache->client_ctype.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`case GNUTLS_CTYPE_SERVER:`
Packit Service	4684c1	`if(pcache->server_ctype.num_priorities > 0) {`
Packit Service	4684c1	`*list = pcache->server_ctype.priorities;`
Packit Service	4684c1	`return pcache->server_ctype.num_priorities;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`break;`
Packit Service	4684c1	`default:`
Packit Service	4684c1	`// Invalid target given`
Packit Service	4684c1	`gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`// Found a matching target but non of them had any ctypes set`
Packit Service	4684c1	`return 0;`
Packit Service	4684c1	`}`
Packit Service	4684c1
Packit Service	4684c1	`/**`
Packit Service	4684c1	`* gnutls_priority_string_list:`
Packit Service	4684c1	`* @iter: an integer counter starting from zero`
Packit Service	4684c1	`* @flags: one of %GNUTLS_PRIORITY_LIST_INIT_KEYWORDS, %GNUTLS_PRIORITY_LIST_SPECIAL`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Can be used to iterate all available priority strings.`
Packit Service	4684c1	`* Due to internal implementation details, there are cases where this`
Packit Service	4684c1	`* function can return the empty string. In that case that string should be ignored.`
Packit Service	4684c1	`* When no strings are available it returns %NULL.`
Packit Service	4684c1	`*`
Packit Service	4684c1	`* Returns: a priority string`
Packit Service	4684c1	`* Since: 3.4.0`
Packit Service	4684c1	`**/`
Packit Service	4684c1	`const char *`
Packit Service	4684c1	`gnutls_priority_string_list(unsigned iter, unsigned int flags)`
Packit Service	4684c1	`{`
Packit Service	4684c1	`if (flags & GNUTLS_PRIORITY_LIST_INIT_KEYWORDS) {`
Packit Service	4684c1	`if (iter >= (sizeof(pgroups)/sizeof(pgroups[0]))-1)`
Packit Service	4684c1	`return NULL;`
Packit Service	4684c1	`return pgroups[iter].name;`
Packit Service	4684c1	`} else if (flags & GNUTLS_PRIORITY_LIST_SPECIAL) {`
Packit Service	4684c1	`if (iter >= (sizeof(wordlist)/sizeof(wordlist[0]))-1)`
Packit Service	4684c1	`return NULL;`
Packit Service	4684c1	`return wordlist[iter].name;`
Packit Service	4684c1	`}`
Packit Service	4684c1	`return NULL;`
Packit Service	4684c1	`}`

source-git / gnutls

Source Code

Blame lib/priority.c