summaryrefslogtreecommitdiff
path: root/lib/algorithms
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:14:07 +0100
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2013-11-08 22:17:10 +0100
commit76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch)
tree1dd2d22a197bc40c5330e516969a7cb1ae9bc96f /lib/algorithms
parent559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff)
downloadgnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz
reindented code
Diffstat (limited to 'lib/algorithms')
-rw-r--r--lib/algorithms/cert_types.c47
-rw-r--r--lib/algorithms/ciphers.c211
-rw-r--r--lib/algorithms/ciphersuites.c1852
-rw-r--r--lib/algorithms/ecc.c276
-rw-r--r--lib/algorithms/kx.c246
-rw-r--r--lib/algorithms/mac.c236
-rw-r--r--lib/algorithms/protocols.c180
-rw-r--r--lib/algorithms/publickey.c210
-rw-r--r--lib/algorithms/secparams.c157
-rw-r--r--lib/algorithms/sign.c306
10 files changed, 1851 insertions, 1870 deletions
diff --git a/lib/algorithms/cert_types.c b/lib/algorithms/cert_types.c
index 303438b759..7ccab552e3 100644
--- a/lib/algorithms/cert_types.c
+++ b/lib/algorithms/cert_types.c
@@ -34,17 +34,17 @@
* Returns: a string that contains the name of the specified
* certificate type, or %NULL in case of unknown types.
**/
-const char *
-gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
+const char *gnutls_certificate_type_get_name(gnutls_certificate_type_t
+ type)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- if (type == GNUTLS_CRT_X509)
- ret = "X.509";
- if (type == GNUTLS_CRT_OPENPGP)
- ret = "OPENPGP";
+ if (type == GNUTLS_CRT_X509)
+ ret = "X.509";
+ if (type == GNUTLS_CRT_OPENPGP)
+ ret = "OPENPGP";
- return ret;
+ return ret;
}
/**
@@ -56,23 +56,23 @@ gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
* Returns: a #gnutls_certificate_type_t for the specified in a
* string certificate type, or %GNUTLS_CRT_UNKNOWN on error.
**/
-gnutls_certificate_type_t
-gnutls_certificate_type_get_id (const char *name)
+gnutls_certificate_type_t gnutls_certificate_type_get_id(const char *name)
{
- gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
+ gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
- if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
- return GNUTLS_CRT_X509;
- if (strcasecmp (name, "OPENPGP") == 0)
- return GNUTLS_CRT_OPENPGP;
+ if (strcasecmp(name, "X.509") == 0
+ || strcasecmp(name, "X509") == 0)
+ return GNUTLS_CRT_X509;
+ if (strcasecmp(name, "OPENPGP") == 0)
+ return GNUTLS_CRT_OPENPGP;
- return ret;
+ return ret;
}
static const gnutls_certificate_type_t supported_certificate_types[] = {
- GNUTLS_CRT_X509,
- GNUTLS_CRT_OPENPGP,
- 0
+ GNUTLS_CRT_X509,
+ GNUTLS_CRT_OPENPGP,
+ 0
};
/**
@@ -83,12 +83,7 @@ static const gnutls_certificate_type_t supported_certificate_types[] = {
* Returns: a (0)-terminated list of #gnutls_certificate_type_t
* integers indicating the available certificate types.
**/
-const gnutls_certificate_type_t *
-gnutls_certificate_type_list (void)
+const gnutls_certificate_type_t *gnutls_certificate_type_list(void)
{
- return supported_certificate_types;
+ return supported_certificate_types;
}
-
-
-
-
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index 2d57933e7a..a0d372818b 100644
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -34,46 +34,67 @@
* Make sure to update MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
*/
static const cipher_entry_st algorithms[] = {
- {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 16, 0},
- {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 16, 0},
- {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 16, 0},
- {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0},
- {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0},
- {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0},
- {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
- 16, 16, 0},
- {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
- {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0},
- {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0},
- {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0, 0},
- {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0},
+ {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK,
+ 16, 16, 0},
+ {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM,
+ AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM,
+ AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0,
+ 0, 0},
+ {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32,
+ CIPHER_STREAM, 8, 8, 0},
+ {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM,
+ 8, 8, 0},
+ {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16,
+ CIPHER_BLOCK,
+ 16, 16, 0},
+ {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16,
+ CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32,
+ CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1},
+ {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0},
+ {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0},
+ {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0,
+ 0},
+ {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0},
#ifdef ENABLE_OPENPGP
- {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0},
- {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, 8, 8, 0},
- {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0},
- {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8,
- 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0},
- {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16,
- CIPHER_BLOCK, 8, 8, 0},
- {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
- 16, 0},
- {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24, CIPHER_BLOCK, 16,
- 16, 0},
- {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32, CIPHER_BLOCK, 16,
- 16, 0},
- {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
- 16, 0},
+ {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK,
+ 8, 8, 0},
+ {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8,
+ 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0},
+ {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16,
+ CIPHER_BLOCK, 8, 8, 0},
+ {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32,
+ CIPHER_BLOCK, 16,
+ 16, 0},
+ {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16,
+ CIPHER_BLOCK, 16,
+ 16, 0},
#endif
- {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0}
+ {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0}
};
#define GNUTLS_CIPHER_LOOP(b) \
@@ -85,11 +106,11 @@ static const cipher_entry_st algorithms[] = {
/* CIPHER functions */
-const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c)
+const cipher_entry_st *cipher_to_entry(gnutls_cipher_algorithm_t c)
{
- GNUTLS_CIPHER_LOOP (if (c==p->id) return p);
+ GNUTLS_CIPHER_LOOP(if (c == p->id) return p);
- return NULL;
+ return NULL;
}
/**
@@ -100,12 +121,11 @@ const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c)
*
* Since: 2.10.0
**/
-int
-gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm)
{
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->blocksize);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->blocksize);
+ return ret;
}
@@ -117,10 +137,9 @@ gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
*
* Since: 3.2.2
**/
-int
-gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm)
{
- return _gnutls_cipher_get_tag_size(cipher_to_entry(algorithm));
+ return _gnutls_cipher_get_tag_size(cipher_to_entry(algorithm));
}
/**
@@ -133,27 +152,27 @@ gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm)
*
* Since: 3.2.0
**/
-int
-gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
+int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm)
{
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->cipher_iv);
- return ret;
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->cipher_iv);
+ return ret;
}
/* returns the priority */
int
-_gnutls_cipher_priority (gnutls_session_t session,
- gnutls_cipher_algorithm_t algorithm)
+_gnutls_cipher_priority(gnutls_session_t session,
+ gnutls_cipher_algorithm_t algorithm)
{
- unsigned int i;
- for (i = 0; i < session->internals.priorities.cipher.algorithms; i++)
- {
- if (session->internals.priorities.cipher.priority[i] == algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.cipher.algorithms;
+ i++) {
+ if (session->internals.priorities.cipher.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -165,12 +184,11 @@ _gnutls_cipher_priority (gnutls_session_t session,
* Returns: length (in bytes) of the given cipher's key size, or 0 if
* the given cipher is invalid.
**/
-size_t
-gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
-{ /* In bytes */
- size_t ret = 0;
- GNUTLS_ALG_LOOP (ret = p->keysize);
- return ret;
+size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm)
+{ /* In bytes */
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP(ret = p->keysize);
+ return ret;
}
@@ -183,15 +201,14 @@ gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
* Returns: a pointer to a string that contains the name of the
* specified cipher, or %NULL.
**/
-const char *
-gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
+const char *gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -203,20 +220,18 @@ gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
* Returns: return a #gnutls_cipher_algorithm_t value corresponding to
* the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
**/
-gnutls_cipher_algorithm_t
-gnutls_cipher_get_id (const char *name)
+gnutls_cipher_algorithm_t gnutls_cipher_get_id(const char *name)
{
- gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
+ gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
- GNUTLS_CIPHER_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_CIPHER_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -233,22 +248,20 @@ gnutls_cipher_get_id (const char *name)
* integers indicating the available ciphers.
*
**/
-const gnutls_cipher_algorithm_t *
-gnutls_cipher_list (void)
+const gnutls_cipher_algorithm_t *gnutls_cipher_list(void)
{
-static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] = {0};
+ static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] =
+ { 0 };
- if (supported_ciphers[0] == 0)
- {
- int i = 0;
+ if (supported_ciphers[0] == 0) {
+ int i = 0;
- GNUTLS_CIPHER_LOOP (
- if (_gnutls_cipher_exists(p->id))
- supported_ciphers[i++]=p->id;
- );
- supported_ciphers[i++]=0;
- }
+ GNUTLS_CIPHER_LOOP(
+ if (_gnutls_cipher_exists(p->id))
+ supported_ciphers[i++] = p->id;
+ );
+ supported_ciphers[i++] = 0;
+ }
- return supported_ciphers;
+ return supported_ciphers;
}
-
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 03b2118fcc..b9637d71f6 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -31,18 +31,17 @@
#define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \
{ #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf}
-typedef struct
-{
- const char *name;
- const uint8_t id[2];
- gnutls_cipher_algorithm_t block_algorithm;
- gnutls_kx_algorithm_t kx_algorithm;
- gnutls_mac_algorithm_t mac_algorithm;
- gnutls_protocol_t min_version; /* this cipher suite is supported
- * from 'version' and above;
- */
- gnutls_protocol_t min_dtls_version; /* DTLS min version */
- gnutls_mac_algorithm_t prf;
+typedef struct {
+ const char *name;
+ const uint8_t id[2];
+ gnutls_cipher_algorithm_t block_algorithm;
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_mac_algorithm_t mac_algorithm;
+ gnutls_protocol_t min_version; /* this cipher suite is supported
+ * from 'version' and above;
+ */
+ gnutls_protocol_t min_dtls_version; /* DTLS min version */
+ gnutls_mac_algorithm_t prf;
} gnutls_cipher_suite_entry;
/* RSA with NULL cipher and MD5 MAC
@@ -312,764 +311,764 @@ typedef struct
#define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1)
static const gnutls_cipher_suite_entry cs_algorithms[] = {
- /* RSA-NULL */
- ENTRY (GNUTLS_RSA_NULL_MD5,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_NULL_SHA256,
- GNUTLS_CIPHER_NULL,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
-
- /* RSA */
- ENTRY (GNUTLS_RSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_ARCFOUR_128_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ /* RSA-NULL */
+ ENTRY(GNUTLS_RSA_NULL_MD5,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_NULL_SHA256,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+
+ /* RSA */
+ ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* Salsa20 */
- ENTRY (GNUTLS_RSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_RSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- /* DHE_DSS */
+ ENTRY(GNUTLS_RSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_RSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ /* DHE_DSS */
#ifdef ENABLE_DHE
- ENTRY (GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
- /* DHE_RSA */
- ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+ /* DHE_RSA */
+ ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
/* GCM */
- ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-#endif /* DHE */
+ ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+#endif /* DHE */
#ifdef ENABLE_ECDHE
/* ECC-RSA */
- ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* ECDHE-ECDSA */
- ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* More ECC */
-
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
- ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* ECDHE-ECDSA */
+ ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* More ECC */
+
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+ ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* Salsa20 */
- ENTRY (GNUTLS_ECDHE_RSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
#endif
#ifdef ENABLE_PSK
- /* ECC - PSK */
- ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
- ENTRY (GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
- ENTRY (GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
-
- ENTRY (GNUTLS_ECDHE_PSK_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- /* PSK */
- ENTRY (GNUTLS_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
-
- ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- ENTRY (GNUTLS_PSK_SALSA20_256_SHA1,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_PSK_ESTREAM_SALSA20_256_SHA1,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_PSK_ESTREAM_SALSA20_256_UMAC96,
- GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
- GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
- /* RSA-PSK */
- ENTRY (GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
-
-
- ENTRY (GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_RSA_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF (GNUTLS_RSA_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
-
-
- /* DHE-PSK */
- ENTRY (GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DHE_PSK_NULL_SHA256,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY_PRF (GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_SHA384, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ /* ECC - PSK */
+ ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+ ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+ ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
+
+ ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ /* PSK */
+ ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+
+ ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ ENTRY(GNUTLS_PSK_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_PSK_ESTREAM_SALSA20_256_SHA1,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_PSK_ESTREAM_SALSA20_256_UMAC96,
+ GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK,
+ GNUTLS_MAC_UMAC_96, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+ /* RSA-PSK */
+ ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+
+
+ ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+
+
+ /* DHE-PSK */
+ ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DHE_PSK_NULL_SHA256,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA384, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
#endif
#ifdef ENABLE_ANON
- /* DH_ANON */
- ENTRY (GNUTLS_DH_ANON_ARCFOUR_128_MD5,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
- GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
- ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256,
- GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
- GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
- ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
- GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2),
- ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
- GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
- GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
- GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ /* DH_ANON */
+ ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256,
+ GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384,
+ GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
+ ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256,
+ GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2),
+ ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384,
+ GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
+ GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384),
/* ECC-ANON */
- ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1,
- GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
- GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
- GNUTLS_MAC_SHA1, GNUTLS_SSL3,
- GNUTLS_VERSION_UNKNOWN),
+ ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1,
+ GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_UNKNOWN),
#endif
#ifdef ENABLE_SRP
- /* SRP */
- ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
- ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
- GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
- GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
-
- ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
- GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
- GNUTLS_DTLS_VERSION_MIN),
+ /* SRP */
+ ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+ ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
+
+ ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_DTLS_VERSION_MIN),
#endif
- {0, {0, 0}, 0, 0, 0, 0, 0, 0}
+ {0, {0, 0}, 0, 0, 0, 0, 0, 0}
};
#define CIPHER_SUITE_LOOP(b) \
@@ -1081,72 +1080,70 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
/* Cipher Suite's functions */
-const cipher_entry_st*
-_gnutls_cipher_suite_get_cipher_algo (const uint8_t suite[2])
+const cipher_entry_st *_gnutls_cipher_suite_get_cipher_algo(const uint8_t
+ suite[2])
{
- int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm);
- return cipher_to_entry(ret);
+ int ret = 0;
+ CIPHER_SUITE_ALG_LOOP(ret = p->block_algorithm);
+ return cipher_to_entry(ret);
}
gnutls_kx_algorithm_t
-_gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2])
+_gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2])
{
- int ret = 0;
+ int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm);
- return ret;
+ CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm);
+ return ret;
}
-gnutls_mac_algorithm_t
-_gnutls_cipher_suite_get_prf (const uint8_t suite[2])
+gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf(const uint8_t suite[2])
{
- int ret = 0;
+ int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->prf);
- return ret;
+ CIPHER_SUITE_ALG_LOOP(ret = p->prf);
+ return ret;
}
-const mac_entry_st*
-_gnutls_cipher_suite_get_mac_algo (const uint8_t suite[2])
-{ /* In bytes */
- int ret = 0;
- CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
- return mac_to_entry(ret);
+const mac_entry_st *_gnutls_cipher_suite_get_mac_algo(const uint8_t
+ suite[2])
+{ /* In bytes */
+ int ret = 0;
+ CIPHER_SUITE_ALG_LOOP(ret = p->mac_algorithm);
+ return mac_to_entry(ret);
}
-const char *
-_gnutls_cipher_suite_get_name (const uint8_t suite[2])
+const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2])
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1);
+ /* avoid prefix */
+ CIPHER_SUITE_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1);
- return ret;
+ return ret;
}
-static const gnutls_cipher_suite_entry *
-cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm)
+static const gnutls_cipher_suite_entry
+ *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm)
{
- const gnutls_cipher_suite_entry *ret = NULL;
-
- CIPHER_SUITE_LOOP (
- if (kx_algorithm == p->kx_algorithm &&
- cipher_algorithm == p->block_algorithm && mac_algorithm == p->mac_algorithm)
- {
- ret = p;
- break;
- }
- );
-
- return ret;
+ const gnutls_cipher_suite_entry *ret = NULL;
+
+ CIPHER_SUITE_LOOP(
+ if (kx_algorithm == p->kx_algorithm &&
+ cipher_algorithm == p->block_algorithm
+ && mac_algorithm == p->mac_algorithm) {
+ ret = p;
+ break;
+ }
+ );
+
+ return ret;
}
@@ -1162,18 +1159,21 @@ cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm,
* Returns: a string that contains the name of a TLS cipher suite,
* specified by the given algorithms, or %NULL.
**/
-const char *
-gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm)
+const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t
+ kx_algorithm,
+ gnutls_cipher_algorithm_t
+ cipher_algorithm,
+ gnutls_mac_algorithm_t
+ mac_algorithm)
{
-const gnutls_cipher_suite_entry * ce;
-
- ce = cipher_suite_get (kx_algorithm, cipher_algorithm, mac_algorithm);
- if (ce == NULL)
- return NULL;
- else
- return ce->name + sizeof ("GNUTLS_") - 1;
+ const gnutls_cipher_suite_entry *ce;
+
+ ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
+ mac_algorithm);
+ if (ce == NULL)
+ return NULL;
+ else
+ return ce->name + sizeof("GNUTLS_") - 1;
}
/*-
@@ -1188,21 +1188,22 @@ const gnutls_cipher_suite_entry * ce;
* Returns: 0 on success or a negative error code otherwise.
-*/
int
-_gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm,
- gnutls_cipher_algorithm_t cipher_algorithm,
- gnutls_mac_algorithm_t mac_algorithm, uint8_t suite[2])
+_gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm,
+ uint8_t suite[2])
{
-const gnutls_cipher_suite_entry * ce;
-
- ce = cipher_suite_get (kx_algorithm, cipher_algorithm, mac_algorithm);
- if (ce == NULL)
- return GNUTLS_E_INVALID_REQUEST;
- else
- {
- suite[0] = ce->id[0];
- suite[1] = ce->id[1];
- }
- return 0;
+ const gnutls_cipher_suite_entry *ce;
+
+ ce = cipher_suite_get(kx_algorithm, cipher_algorithm,
+ mac_algorithm);
+ if (ce == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+ else {
+ suite[0] = ce->id[0];
+ suite[1] = ce->id[1];
+ }
+ return 0;
}
/**
@@ -1223,44 +1224,42 @@ const gnutls_cipher_suite_entry * ce;
* about the cipher suite in the output variables. If @idx is out of
* bounds, %NULL is returned.
**/
-const char *
-gnutls_cipher_suite_info (size_t idx,
- unsigned char *cs_id,
- gnutls_kx_algorithm_t * kx,
- gnutls_cipher_algorithm_t * cipher,
- gnutls_mac_algorithm_t * mac,
- gnutls_protocol_t * min_version)
+const char *gnutls_cipher_suite_info(size_t idx,
+ unsigned char *cs_id,
+ gnutls_kx_algorithm_t * kx,
+ gnutls_cipher_algorithm_t * cipher,
+ gnutls_mac_algorithm_t * mac,
+ gnutls_protocol_t * min_version)
{
- if (idx >= CIPHER_SUITES_COUNT)
- return NULL;
-
- if (cs_id)
- memcpy (cs_id, cs_algorithms[idx].id, 2);
- if (kx)
- *kx = cs_algorithms[idx].kx_algorithm;
- if (cipher)
- *cipher = cs_algorithms[idx].block_algorithm;
- if (mac)
- *mac = cs_algorithms[idx].mac_algorithm;
- if (min_version)
- *min_version = cs_algorithms[idx].min_version;
-
- return cs_algorithms[idx].name + sizeof ("GNU") - 1;
+ if (idx >= CIPHER_SUITES_COUNT)
+ return NULL;
+
+ if (cs_id)
+ memcpy(cs_id, cs_algorithms[idx].id, 2);
+ if (kx)
+ *kx = cs_algorithms[idx].kx_algorithm;
+ if (cipher)
+ *cipher = cs_algorithms[idx].block_algorithm;
+ if (mac)
+ *mac = cs_algorithms[idx].mac_algorithm;
+ if (min_version)
+ *min_version = cs_algorithms[idx].min_version;
+
+ return cs_algorithms[idx].name + sizeof("GNU") - 1;
}
-static inline int
-_gnutls_cipher_suite_is_ok (const uint8_t suite[2])
+static inline int _gnutls_cipher_suite_is_ok(const uint8_t suite[2])
{
- size_t ret;
- const char *name = NULL;
+ size_t ret;
+ const char *name = NULL;
- CIPHER_SUITE_ALG_LOOP (name = p->name);
- if (name != NULL)
- ret = 0;
- else
- ret = 1;
- return ret;
+ CIPHER_SUITE_ALG_LOOP(name = p->name);
+ if (name != NULL)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
@@ -1277,47 +1276,63 @@ _gnutls_cipher_suite_is_ok (const uint8_t suite[2])
*
-*/
int
-_gnutls_supported_ciphersuites (gnutls_session_t session,
- uint8_t *cipher_suites, unsigned int max_cipher_suite_size)
+_gnutls_supported_ciphersuites(gnutls_session_t session,
+ uint8_t * cipher_suites,
+ unsigned int max_cipher_suite_size)
{
- unsigned int i, ret_count, j, z, k=0;
- const gnutls_cipher_suite_entry * ce;
- const version_entry_st* version = get_version( session);
- unsigned int is_dtls = IS_DTLS(session);
-
- for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
- for (j = 0; j < session->internals.priorities.cipher.algorithms; j++)
- for (z = 0; z < session->internals.priorities.mac.algorithms; z++)
- {
- ce = cipher_suite_get(session->internals.priorities.kx.priority[i],
- session->internals.priorities.cipher.priority[j],
- session->internals.priorities.mac.priority[z]);
-
- if (ce == NULL) continue;
-
- if (is_dtls == 0 && !(version->id >= ce->min_version))
- continue;
- else if (is_dtls != 0 && !(version->id >= ce->min_dtls_version))
-
- if (k+2 > max_cipher_suite_size)
- return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
-
- memcpy (&cipher_suites[k], ce->id, 2);
- k+=2;
- }
-
- ret_count = k;
-
- /* This function can no longer return 0 cipher suites.
- * It returns an error code instead.
- */
- if (ret_count == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_NO_CIPHER_SUITES;
- }
- return ret_count;
+ unsigned int i, ret_count, j, z, k = 0;
+ const gnutls_cipher_suite_entry *ce;
+ const version_entry_st *version = get_version(session);
+ unsigned int is_dtls = IS_DTLS(session);
+
+ for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
+ for (j = 0;
+ j < session->internals.priorities.cipher.algorithms;
+ j++)
+ for (z = 0;
+ z <
+ session->internals.priorities.mac.algorithms;
+ z++) {
+ ce = cipher_suite_get(session->internals.
+ priorities.kx.
+ priority[i],
+ session->internals.
+ priorities.cipher.
+ priority[j],
+ session->internals.
+ priorities.mac.
+ priority[z]);
+
+ if (ce == NULL)
+ continue;
+
+ if (is_dtls == 0
+ && !(version->id >= ce->min_version))
+ continue;
+ else if (is_dtls != 0
+ && !(version->id >=
+ ce->min_dtls_version))
+
+ if (k + 2 > max_cipher_suite_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_INTERNAL_ERROR);
+
+ memcpy(&cipher_suites[k], ce->id, 2);
+ k += 2;
+ }
+
+ ret_count = k;
+
+ /* This function can no longer return 0 cipher suites.
+ * It returns an error code instead.
+ */
+ if (ret_count == 0) {
+ gnutls_assert();
+ return GNUTLS_E_NO_CIPHER_SUITES;
+ }
+ return ret_count;
}
/**
@@ -1337,32 +1352,37 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
* Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise.
**/
int
-gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache, unsigned int idx, unsigned int *sidx)
+gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
+ unsigned int idx,
+ unsigned int *sidx)
{
-int mac_idx, cipher_idx, kx_idx;
-unsigned int i;
-unsigned int total = pcache->mac.algorithms * pcache->cipher.algorithms * pcache->kx.algorithms;
-
- if (idx >= total)
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
- mac_idx = idx % pcache->mac.algorithms;
-
- idx /= pcache->mac.algorithms;
- cipher_idx = idx % pcache->cipher.algorithms;
-
- idx /= pcache->cipher.algorithms;
- kx_idx = idx % pcache->kx.algorithms;
-
- for (i=0;i<CIPHER_SUITES_COUNT;i++)
- {
- if (cs_algorithms[i].kx_algorithm == pcache->kx.priority[kx_idx] &&
- cs_algorithms[i].block_algorithm == pcache->cipher.priority[cipher_idx] &&
- cs_algorithms[i].mac_algorithm == pcache->mac.priority[mac_idx])
- {
- *sidx = i;
- return 0;
- }
- }
- return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ int mac_idx, cipher_idx, kx_idx;
+ unsigned int i;
+ unsigned int total =
+ pcache->mac.algorithms * pcache->cipher.algorithms *
+ pcache->kx.algorithms;
+
+ if (idx >= total)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ mac_idx = idx % pcache->mac.algorithms;
+
+ idx /= pcache->mac.algorithms;
+ cipher_idx = idx % pcache->cipher.algorithms;
+
+ idx /= pcache->cipher.algorithms;
+ kx_idx = idx % pcache->kx.algorithms;
+
+ for (i = 0; i < CIPHER_SUITES_COUNT; i++) {
+ if (cs_algorithms[i].kx_algorithm ==
+ pcache->kx.priority[kx_idx]
+ && cs_algorithms[i].block_algorithm ==
+ pcache->cipher.priority[cipher_idx]
+ && cs_algorithms[i].mac_algorithm ==
+ pcache->mac.priority[mac_idx]) {
+ *sidx = i;
+ return 0;
+ }
+ }
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
}
diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c
index c574036ae9..3aa4000f9d 100644
--- a/lib/algorithms/ecc.c
+++ b/lib/algorithms/ecc.c
@@ -30,42 +30,42 @@
*/
static const gnutls_ecc_curve_entry_st ecc_curves[] = {
- {
- .name = "SECP192R1",
- .oid = "1.2.840.10045.3.1.1",
- .id = GNUTLS_ECC_CURVE_SECP192R1,
- .tls_id = 19,
- .size = 24,
- },
- {
- .name = "SECP224R1",
- .oid = "1.3.132.0.33",
- .id = GNUTLS_ECC_CURVE_SECP224R1,
- .tls_id = 21,
- .size = 28,
- },
- {
- .name = "SECP256R1",
- .oid = "1.2.840.10045.3.1.7",
- .id = GNUTLS_ECC_CURVE_SECP256R1,
- .tls_id = 23,
- .size = 32,
- },
- {
- .name = "SECP384R1",
- .oid = "1.3.132.0.34",
- .id = GNUTLS_ECC_CURVE_SECP384R1,
- .tls_id = 24,
- .size = 48,
- },
- {
- .name = "SECP521R1",
- .oid = "1.3.132.0.35",
- .id = GNUTLS_ECC_CURVE_SECP521R1,
- .tls_id = 25,
- .size = 66,
- },
- {0, 0, 0}
+ {
+ .name = "SECP192R1",
+ .oid = "1.2.840.10045.3.1.1",
+ .id = GNUTLS_ECC_CURVE_SECP192R1,
+ .tls_id = 19,
+ .size = 24,
+ },
+ {
+ .name = "SECP224R1",
+ .oid = "1.3.132.0.33",
+ .id = GNUTLS_ECC_CURVE_SECP224R1,
+ .tls_id = 21,
+ .size = 28,
+ },
+ {
+ .name = "SECP256R1",
+ .oid = "1.2.840.10045.3.1.7",
+ .id = GNUTLS_ECC_CURVE_SECP256R1,
+ .tls_id = 23,
+ .size = 32,
+ },
+ {
+ .name = "SECP384R1",
+ .oid = "1.3.132.0.34",
+ .id = GNUTLS_ECC_CURVE_SECP384R1,
+ .tls_id = 24,
+ .size = 48,
+ },
+ {
+ .name = "SECP521R1",
+ .oid = "1.3.132.0.35",
+ .id = GNUTLS_ECC_CURVE_SECP521R1,
+ .tls_id = 25,
+ .size = 66,
+ },
+ {0, 0, 0}
};
#define GNUTLS_ECC_CURVE_LOOP(b) \
@@ -75,20 +75,15 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
/* Returns the TLS id of the given curve
*/
-int
-_gnutls_tls_id_to_ecc_curve (int num)
+int _gnutls_tls_id_to_ecc_curve(int num)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
-
- GNUTLS_ECC_CURVE_LOOP (
- if (p->tls_id == num)
- {
- ret = p->id;
- break;
- }
- );
-
- return ret;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+
+ GNUTLS_ECC_CURVE_LOOP(if (p->tls_id == num) {
+ ret = p->id; break;}
+ );
+
+ return ret;
}
/**
@@ -101,41 +96,35 @@ _gnutls_tls_id_to_ecc_curve (int num)
* Returns: Return a (0)-terminated list of #gnutls_ecc_curve_t
* integers indicating the available curves.
**/
-const gnutls_ecc_curve_t *
-gnutls_ecc_curve_list (void)
+const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void)
{
-static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
+ static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 };
- if (supported_curves[0] == 0)
- {
- int i = 0;
+ if (supported_curves[0] == 0) {
+ int i = 0;
- GNUTLS_ECC_CURVE_LOOP (
- supported_curves[i++]=p->id;
- );
- supported_curves[i++]=0;
- }
+ GNUTLS_ECC_CURVE_LOOP(supported_curves[i++] = p->id;);
+ supported_curves[i++] = 0;
+ }
- return supported_curves;
+ return supported_curves;
}
/* Maps numbers to TLS NamedCurve IDs (RFC4492).
* Returns a negative number on error.
*/
-int
-_gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc)
+int _gnutls_ecc_curve_get_tls_id(gnutls_ecc_curve_t supported_ecc)
{
- int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-
- GNUTLS_ECC_CURVE_LOOP (
- if (p->id == supported_ecc)
- {
- ret = p->tls_id;
- break;
- }
- );
-
- return ret;
+ int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == supported_ecc) {
+ ret = p->tls_id;
+ break;
+ }
+ );
+
+ return ret;
}
/*-
@@ -145,19 +134,18 @@ _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified OID, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid)
+gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve(const char *oid)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
- GNUTLS_ECC_CURVE_LOOP (
- if (strcasecmp (p->oid, oid) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (strcasecmp(p->oid, oid) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -169,20 +157,18 @@ gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified curve, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t
-_gnutls_ecc_curve_get_id (const char *name)
+gnutls_ecc_curve_t _gnutls_ecc_curve_get_id(const char *name)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID;
- GNUTLS_ECC_CURVE_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -192,20 +178,18 @@ _gnutls_ecc_curve_get_id (const char *name)
* Returns: return a #gnutls_ecc_curve_t value corresponding to
* the specified bit length, or %GNUTLS_ECC_CURVE_INVALID on error.
-*/
-gnutls_ecc_curve_t
-_gnutls_ecc_bits_to_curve (int bits)
+gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(int bits)
{
- gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1;
+ gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1;
- GNUTLS_ECC_CURVE_LOOP (
- if (8*p->size >= bits)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (8 * p->size >= bits) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -219,20 +203,18 @@ _gnutls_ecc_bits_to_curve (int bits)
*
* Since: 3.0
**/
-const char *
-gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve)
+const char *gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -244,20 +226,18 @@ gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve)
* Returns: a string that contains the name of the specified
* curve or %NULL.
-*/
-const char *
-_gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve)
+const char *_gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->oid;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->oid;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/*-
@@ -268,20 +248,19 @@ _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve)
*
* Returns: a pointer to #gnutls_ecc_curve_entry_st or %NULL.
-*/
-const gnutls_ecc_curve_entry_st *
-_gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve)
+const gnutls_ecc_curve_entry_st
+ *_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve)
{
- const gnutls_ecc_curve_entry_st *ret = NULL;
+ const gnutls_ecc_curve_entry_st *ret = NULL;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -294,17 +273,16 @@ _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve)
*
* Since: 3.0
**/
-int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve)
+int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve)
{
- int ret = 0;
+ int ret = 0;
- GNUTLS_ECC_CURVE_LOOP(
- if (p->id == curve)
- {
- ret = p->size;
- break;
- }
- );
+ GNUTLS_ECC_CURVE_LOOP(
+ if (p->id == curve) {
+ ret = p->size;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c
index eb7e11ac78..3fa8a317e0 100644
--- a/lib/algorithms/kx.c
+++ b/lib/algorithms/kx.c
@@ -46,30 +46,33 @@ extern mod_auth_st srp_dss_auth_struct;
* FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
* more than one credentials type.
*/
-typedef struct
-{
- gnutls_kx_algorithm_t algorithm;
- gnutls_credentials_type_t client_type;
- gnutls_credentials_type_t server_type; /* The type of credentials a server
- * needs to set */
+typedef struct {
+ gnutls_kx_algorithm_t algorithm;
+ gnutls_credentials_type_t client_type;
+ gnutls_credentials_type_t server_type; /* The type of credentials a server
+ * needs to set */
} gnutls_cred_map;
static const gnutls_cred_map cred_mappings[] = {
- {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
- {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
- {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
- {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
- {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
- {0, 0, 0}
+ {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
+ {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
+ {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE,
+ GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {0, 0, 0}
};
#define GNUTLS_KX_MAP_LOOP(b) \
@@ -79,48 +82,48 @@ static const gnutls_cred_map cred_mappings[] = {
#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
-struct gnutls_kx_algo_entry
-{
- const char *name;
- gnutls_kx_algorithm_t algorithm;
- mod_auth_st *auth_struct;
- int needs_dh_params;
+struct gnutls_kx_algo_entry {
+ const char *name;
+ gnutls_kx_algorithm_t algorithm;
+ mod_auth_st *auth_struct;
+ int needs_dh_params;
};
typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
#if defined(ENABLE_ANON) && defined(ENABLE_DHE)
- {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1},
+ {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1},
#endif
#if defined(ENABLE_ANON) && defined(ENABLE_ECDHE)
- {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0},
+ {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0},
#endif
- {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct},
+ {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct},
#ifdef ENABLE_DHE
- {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
- {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
+ {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1},
+ {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1},
#endif
#ifdef ENABLE_ECDHE
- {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
- {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0},
+ {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0},
+ {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct,
+ 0},
#endif
#ifdef ENABLE_SRP
- {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0},
- {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0},
- {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0},
+ {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0},
+ {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0},
+ {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0},
#endif
#ifdef ENABLE_PSK
- {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0},
- {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0},
-# ifdef ENABLE_DHE
- {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
- 1 /* needs DHE params */},
-# endif
-# ifdef ENABLE_ECDHE
- {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
-# endif
+ {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0},
+ {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0},
+#ifdef ENABLE_DHE
+ {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
+ 1 /* needs DHE params */ },
+#endif
+#ifdef ENABLE_ECDHE
+ {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0},
#endif
- {0, 0, 0, 0}
+#endif
+ {0, 0, 0, 0}
};
#define GNUTLS_KX_LOOP(b) \
@@ -132,26 +135,25 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
/* Key EXCHANGE functions */
-mod_auth_st *
-_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm)
+mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm_t algorithm)
{
- mod_auth_st *ret = NULL;
- GNUTLS_KX_ALG_LOOP (ret = p->auth_struct);
- return ret;
+ mod_auth_st *ret = NULL;
+ GNUTLS_KX_ALG_LOOP(ret = p->auth_struct);
+ return ret;
}
int
-_gnutls_kx_priority (gnutls_session_t session,
- gnutls_kx_algorithm_t algorithm)
+_gnutls_kx_priority(gnutls_session_t session,
+ gnutls_kx_algorithm_t algorithm)
{
- unsigned int i;
- for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
- {
- if (session->internals.priorities.kx.priority[i] == algorithm)
- return i;
- }
- return -1;
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.kx.algorithms; i++) {
+ if (session->internals.priorities.kx.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -163,15 +165,14 @@ _gnutls_kx_priority (gnutls_session_t session,
* Returns: a pointer to a string that contains the name of the
* specified key exchange algorithm, or %NULL.
**/
-const char *
-gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
+const char *gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_KX_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_KX_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -184,20 +185,18 @@ gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
* Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
* on error.
**/
-gnutls_kx_algorithm_t
-gnutls_kx_get_id (const char *name)
+gnutls_kx_algorithm_t gnutls_kx_get_id(const char *name)
{
- gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN;
+ gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN;
- GNUTLS_KX_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->algorithm;
- break;
- }
- );
+ GNUTLS_KX_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->algorithm;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -210,77 +209,66 @@ gnutls_kx_get_id (const char *name)
* Returns: a (0)-terminated list of #gnutls_kx_algorithm_t integers
* indicating the available key exchange algorithms.
**/
-const gnutls_kx_algorithm_t *
-gnutls_kx_list (void)
+const gnutls_kx_algorithm_t *gnutls_kx_list(void)
{
-static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = {0};
+ static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = { 0 };
- if (supported_kxs[0] == 0)
- {
- int i = 0;
+ if (supported_kxs[0] == 0) {
+ int i = 0;
- GNUTLS_KX_LOOP (supported_kxs[i++]=p->algorithm);
- supported_kxs[i++]=0;
- }
+ GNUTLS_KX_LOOP(supported_kxs[i++] = p->algorithm);
+ supported_kxs[i++] = 0;
+ }
- return supported_kxs;
+ return supported_kxs;
}
-int
-_gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm)
+int _gnutls_kx_is_ok(gnutls_kx_algorithm_t algorithm)
{
- ssize_t ret = -1;
- GNUTLS_KX_ALG_LOOP (ret = p->algorithm);
- if (ret >= 0)
- ret = 0;
- else
- ret = 1;
- return ret;
+ ssize_t ret = -1;
+ GNUTLS_KX_ALG_LOOP(ret = p->algorithm);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
}
-int
-_gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm)
+int _gnutls_kx_needs_dh_params(gnutls_kx_algorithm_t algorithm)
{
- ssize_t ret = 0;
- GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params);
- return ret;
+ ssize_t ret = 0;
+ GNUTLS_KX_ALG_LOOP(ret = p->needs_dh_params);
+ return ret;
}
/* Type to KX mappings */
gnutls_kx_algorithm_t
-_gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server)
+_gnutls_map_kx_get_kx(gnutls_credentials_type_t type, int server)
{
- gnutls_kx_algorithm_t ret = -1;
-
- if (server)
- {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
- }
- else
- {
- GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
- }
- return ret;
+ gnutls_kx_algorithm_t ret = -1;
+
+ if (server) {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
+ } else {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm);
+ }
+ return ret;
}
/* Returns the credentials type required for this
* Key exchange method.
*/
gnutls_credentials_type_t
-_gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server)
+_gnutls_map_kx_get_cred(gnutls_kx_algorithm_t algorithm, int server)
{
- gnutls_credentials_type_t ret = -1;
- if (server)
- {
- GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
- p->server_type);
- }
- else
- {
- GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
- p->client_type);
- }
-
- return ret;
+ gnutls_credentials_type_t ret = -1;
+ if (server) {
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret =
+ p->server_type);
+ } else {
+ GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret =
+ p->client_type);
+ }
+
+ return ret;
}
-
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index a2fc83688d..595eab348e 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -26,19 +26,24 @@
#include <x509/common.h>
static const mac_entry_st hash_algorithms[] = {
- {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64},
- {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64},
- {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1, 64},
- {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1, 64},
- {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1, 64},
- {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1, 64},
- {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
- {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0},
- {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0},
- {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */
- {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1, 64},
- {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0},
- {0, 0, 0, 0, 0, 0, 0, 0}
+ {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64},
+ {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64},
+ {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1,
+ 64},
+ {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1,
+ 64},
+ {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1,
+ 64},
+ {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1,
+ 64},
+ {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0},
+ {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0},
+ {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0},
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */
+ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1,
+ 64},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0}
};
@@ -49,24 +54,24 @@ static const mac_entry_st hash_algorithms[] = {
#define GNUTLS_HASH_ALG_LOOP(a) \
GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
-const mac_entry_st* mac_to_entry(gnutls_mac_algorithm_t c)
+const mac_entry_st *mac_to_entry(gnutls_mac_algorithm_t c)
{
- GNUTLS_HASH_LOOP (if (c==p->id) return p);
+ GNUTLS_HASH_LOOP(if (c == p->id) return p);
- return NULL;
+ return NULL;
}
int
-_gnutls_mac_priority (gnutls_session_t session,
- gnutls_mac_algorithm_t algorithm)
-{ /* actually returns the priority */
- unsigned int i;
- for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
- {
- if (session->internals.priorities.mac.priority[i] == algorithm)
- return i;
- }
- return -1;
+_gnutls_mac_priority(gnutls_session_t session,
+ gnutls_mac_algorithm_t algorithm)
+{ /* actually returns the priority */
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.mac.algorithms; i++) {
+ if (session->internals.priorities.mac.priority[i] ==
+ algorithm)
+ return i;
+ }
+ return -1;
}
/**
@@ -78,15 +83,14 @@ _gnutls_mac_priority (gnutls_session_t session,
* Returns: a string that contains the name of the specified MAC
* algorithm, or %NULL.
**/
-const char *
-gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
+const char *gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -98,20 +102,18 @@ gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
* Returns: a string that contains the name of the specified digest
* algorithm, or %NULL.
**/
-const char *
-gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm)
+const char *gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_HASH_LOOP (
- if (algorithm == (unsigned)p->id && p->oid != NULL)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (algorithm == (unsigned) p->id && p->oid != NULL) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -124,20 +126,18 @@ gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm)
* Returns: a #gnutls_digest_algorithm_t id of the specified MAC
* algorithm string, or %GNUTLS_DIG_UNKNOWN on failures.
**/
-gnutls_digest_algorithm_t
-gnutls_digest_get_id (const char *name)
+gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name)
{
- gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+ gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
- GNUTLS_HASH_LOOP (
- if (p->oid != NULL && strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (p->oid != NULL && strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -150,20 +150,18 @@ gnutls_digest_get_id (const char *name)
* Returns: a #gnutls_mac_algorithm_t id of the specified MAC
* algorithm string, or %GNUTLS_MAC_UNKNOWN on failures.
**/
-gnutls_mac_algorithm_t
-gnutls_mac_get_id (const char *name)
+gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name)
{
- gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
+ gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
- GNUTLS_HASH_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_HASH_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -175,15 +173,14 @@ gnutls_mac_get_id (const char *name)
* Returns: length (in bytes) of the given MAC key size, or 0 if the
* given MAC algorithm is invalid.
**/
-size_t
-gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
+size_t gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm)
{
- size_t ret = 0;
+ size_t ret = 0;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->key_size);
- return ret;
+ return ret;
}
/**
@@ -196,15 +193,14 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
*
* Since: 3.2.0
**/
-size_t
-gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm)
+size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm)
{
- size_t ret = 0;
+ size_t ret = 0;
- /* avoid prefix */
- GNUTLS_HASH_ALG_LOOP (ret = p->nonce_size);
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP(ret = p->nonce_size);
- return ret;
+ return ret;
}
/**
@@ -217,23 +213,21 @@ gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm)
* Returns: Return a (0)-terminated list of #gnutls_mac_algorithm_t
* integers indicating the available MACs.
**/
-const gnutls_mac_algorithm_t *
-gnutls_mac_list (void)
+const gnutls_mac_algorithm_t *gnutls_mac_list(void)
{
-static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
+ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
- if (supported_macs[0] == 0)
- {
- int i = 0;
+ if (supported_macs[0] == 0) {
+ int i = 0;
- GNUTLS_HASH_LOOP (
- if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
- supported_macs[i++]=p->id;
- );
- supported_macs[i++]=0;
- }
+ GNUTLS_HASH_LOOP(
+ if (p->placeholder != 0 || _gnutls_mac_exists(p->id))
+ supported_macs[i++] = p->id;
+ );
+ supported_macs[i++] = 0;
+ }
- return supported_macs;
+ return supported_macs;
}
/**
@@ -246,39 +240,39 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
* Returns: Return a (0)-terminated list of #gnutls_digest_algorithm_t
* integers indicating the available digests.
**/
-const gnutls_digest_algorithm_t *
-gnutls_digest_list (void)
+const gnutls_digest_algorithm_t *gnutls_digest_list(void)
{
-static gnutls_digest_algorithm_t supported_digests[MAX_ALGOS] = { 0 };
-
- if (supported_digests[0] == 0)
- {
- int i = 0;
-
- GNUTLS_HASH_LOOP (
- if (p->oid != NULL && (p->placeholder != 0 || _gnutls_mac_exists(p->id)))
- supported_digests[i++]=p->id;
- );
- supported_digests[i++]=0;
- }
-
- return supported_digests;
+ static gnutls_digest_algorithm_t supported_digests[MAX_ALGOS] =
+ { 0 };
+
+ if (supported_digests[0] == 0) {
+ int i = 0;
+
+ GNUTLS_HASH_LOOP(
+ if (p->oid != NULL && (p->placeholder != 0 ||
+ _gnutls_mac_exists(p->id))) {
+
+ supported_digests[i++] = p->id;
+ }
+ );
+ supported_digests[i++] = 0;
+ }
+
+ return supported_digests;
}
-gnutls_digest_algorithm_t
-_gnutls_x509_oid_to_digest (const char *oid)
+gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest(const char *oid)
{
- gnutls_digest_algorithm_t ret = 0;
-
- GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = (gnutls_digest_algorithm_t)p->id;
- break;
- }
- );
-
- if (ret == 0)
- return GNUTLS_DIG_UNKNOWN;
- return ret;
+ gnutls_digest_algorithm_t ret = 0;
+
+ GNUTLS_HASH_LOOP(
+ if (p->oid && strcmp(oid, p->oid) == 0) {
+ ret = (gnutls_digest_algorithm_t) p->id;
+ break;
+ }
+ );
+
+ if (ret == 0)
+ return GNUTLS_DIG_UNKNOWN;
+ return ret;
}
-
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c
index 1f7a15804d..1ad022013e 100644
--- a/lib/algorithms/protocols.c
+++ b/lib/algorithms/protocols.c
@@ -27,14 +27,14 @@
/* TLS Versions */
static const version_entry_st sup_versions[] = {
- {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1, 0, 0, 0, 0},
- {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1, 0, 1, 0, 0},
- {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1, 1, 1, 0, 0},
- {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1, 1, 1, 1, 1},
- {"DTLS0.9", GNUTLS_DTLS0_9, 1, 0, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
- {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* 1.1 over datagram */
- {"DTLS1.2", GNUTLS_DTLS1_2, 254, 253, GNUTLS_DGRAM, 1, 1, 1, 1, 1}, /* 1.2 over datagram */
- {0, 0, 0, 0, 0}
+ {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1, 0, 0, 0, 0},
+ {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1, 0, 1, 0, 0},
+ {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1, 1, 1, 0, 0},
+ {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1, 1, 1, 1, 1},
+ {"DTLS0.9", GNUTLS_DTLS0_9, 1, 0, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */
+ {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* 1.1 over datagram */
+ {"DTLS1.2", GNUTLS_DTLS1_2, 254, 253, GNUTLS_DGRAM, 1, 1, 1, 1, 1}, /* 1.2 over datagram */
+ {0, 0, 0, 0, 0}
};
#define GNUTLS_VERSION_LOOP(b) \
@@ -44,68 +44,71 @@ static const version_entry_st sup_versions[] = {
#define GNUTLS_VERSION_ALG_LOOP(a) \
GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
-const version_entry_st* version_to_entry(gnutls_protocol_t version)
+const version_entry_st *version_to_entry(gnutls_protocol_t version)
{
- GNUTLS_VERSION_ALG_LOOP (return p);
- return NULL;
+ GNUTLS_VERSION_ALG_LOOP(return p);
+ return NULL;
}
/* Return the priority of the provided version number */
int
-_gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
+_gnutls_version_priority(gnutls_session_t session,
+ gnutls_protocol_t version)
{
- unsigned int i;
-
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- if (session->internals.priorities.protocol.priority[i] == version)
- return i;
- }
- return -1;
+ unsigned int i;
+
+ for (i = 0; i < session->internals.priorities.protocol.algorithms;
+ i++) {
+ if (session->internals.priorities.protocol.priority[i] ==
+ version)
+ return i;
+ }
+ return -1;
}
/* Returns the lowest TLS version number in the priorities.
*/
-gnutls_protocol_t
-_gnutls_version_lowest (gnutls_session_t session)
+gnutls_protocol_t _gnutls_version_lowest(gnutls_session_t session)
{
- unsigned int i, min = 0xff;
- gnutls_protocol_t cur_prot;
+ unsigned int i, min = 0xff;
+ gnutls_protocol_t cur_prot;
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- cur_prot = session->internals.priorities.protocol.priority[i];
+ for (i=0;i< session->internals.priorities.protocol.algorithms;i++) {
+ cur_prot =
+ session->internals.priorities.protocol.priority[i];
- if (cur_prot < min && _gnutls_version_is_supported(session, cur_prot))
- min = cur_prot;
- }
+ if (cur_prot < min
+ && _gnutls_version_is_supported(session, cur_prot))
+ min = cur_prot;
+ }
- if (min == 0xff)
- return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+ if (min == 0xff)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
- return min;
+ return min;
}
/* Returns the maximum version in the priorities
*/
-gnutls_protocol_t
-_gnutls_version_max (gnutls_session_t session)
+gnutls_protocol_t _gnutls_version_max(gnutls_session_t session)
{
- unsigned int i, max = 0x00;
- gnutls_protocol_t cur_prot;
+ unsigned int i, max = 0x00;
+ gnutls_protocol_t cur_prot;
- for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
- {
- cur_prot = session->internals.priorities.protocol.priority[i];
+ for (i = 0; i < session->internals.priorities.protocol.algorithms;
+ i++) {
+ cur_prot =
+ session->internals.priorities.protocol.priority[i];
- if (cur_prot > max && _gnutls_version_is_supported(session, cur_prot))
- max = cur_prot;
- }
+ if (cur_prot > max
+ && _gnutls_version_is_supported(session, cur_prot))
+ max = cur_prot;
+ }
- if (max == 0x00)
- return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+ if (max == 0x00)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
- return max;
+ return max;
}
@@ -118,14 +121,13 @@ _gnutls_version_max (gnutls_session_t session)
* Returns: a string that contains the name of the specified TLS
* version (e.g., "TLS1.0"), or %NULL.
**/
-const char *
-gnutls_protocol_get_name (gnutls_protocol_t version)
+const char *gnutls_protocol_get_name(gnutls_protocol_t version)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_VERSION_ALG_LOOP (ret = p->name);
- return ret;
+ /* avoid prefix */
+ GNUTLS_VERSION_ALG_LOOP(ret = p->name);
+ return ret;
}
/**
@@ -137,20 +139,18 @@ gnutls_protocol_get_name (gnutls_protocol_t version)
* Returns: an id of the specified protocol, or
* %GNUTLS_VERSION_UNKNOWN on error.
**/
-gnutls_protocol_t
-gnutls_protocol_get_id (const char *name)
+gnutls_protocol_t gnutls_protocol_get_id(const char *name)
{
- gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
+ gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
- GNUTLS_VERSION_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_VERSION_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -164,50 +164,50 @@ gnutls_protocol_get_id (const char *name)
* indicating the available protocols.
*
**/
-const gnutls_protocol_t *
-gnutls_protocol_list (void)
+const gnutls_protocol_t *gnutls_protocol_list(void)
{
-static gnutls_protocol_t supported_protocols[MAX_ALGOS] = {0};
+ static gnutls_protocol_t supported_protocols[MAX_ALGOS] = { 0 };
- if (supported_protocols[0] == 0)
- {
- int i = 0;
+ if (supported_protocols[0] == 0) {
+ int i = 0;
- GNUTLS_VERSION_LOOP (supported_protocols[i++]=p->id);
- supported_protocols[i++]=0;
- }
+ GNUTLS_VERSION_LOOP(supported_protocols[i++] = p->id);
+ supported_protocols[i++] = 0;
+ }
- return supported_protocols;
+ return supported_protocols;
}
/* Returns a version number given the major and minor numbers.
*/
-gnutls_protocol_t
-_gnutls_version_get (uint8_t major, uint8_t minor)
+gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor)
{
- int ret = -1;
+ int ret = -1;
- GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
- ret = p->id);
- return ret;
+ GNUTLS_VERSION_LOOP(
+ if ((p->major == major) && (p->minor == minor))
+ ret = p->id
+ );
+ return ret;
}
/* Version Functions */
int
-_gnutls_version_is_supported (gnutls_session_t session,
- const gnutls_protocol_t version)
+_gnutls_version_is_supported(gnutls_session_t session,
+ const gnutls_protocol_t version)
{
- int ret = 0;
+ int ret = 0;
- GNUTLS_VERSION_ALG_LOOP (ret = p->supported && p->transport == session->internals.transport);
+ GNUTLS_VERSION_ALG_LOOP(
+ ret = p->supported && p->transport == session->internals.transport
+ );
- if (ret == 0)
- return 0;
+ if (ret == 0)
+ return 0;
- if (_gnutls_version_priority (session, version) < 0)
- return 0; /* disabled by the user */
- else
- return 1;
+ if (_gnutls_version_priority(session, version) < 0)
+ return 0; /* disabled by the user */
+ else
+ return 1;
}
-
diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c
index f504c7b72f..59738d6ccf 100644
--- a/lib/algorithms/publickey.c
+++ b/lib/algorithms/publickey.c
@@ -27,17 +27,16 @@
/* KX mappings to PK algorithms */
-typedef struct
-{
- gnutls_kx_algorithm_t kx_algorithm;
- gnutls_pk_algorithm_t pk_algorithm;
- enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
- * for encryption, CIPHER_SIGN if signature only,
- * CIPHER_IGN if this does not apply at all.
- *
- * This is useful to certificate cipher suites, which check
- * against the certificate key usage bits.
- */
+typedef struct {
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_pk_algorithm_t pk_algorithm;
+ enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
+ * for encryption, CIPHER_SIGN if signature only,
+ * CIPHER_IGN if this does not apply at all.
+ *
+ * This is useful to certificate cipher suites, which check
+ * against the certificate key usage bits.
+ */
} gnutls_pk_map;
/* This table maps the Key exchange algorithms to
@@ -46,15 +45,15 @@ typedef struct
* use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
*/
static const gnutls_pk_map pk_mappings[] = {
- {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
- {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
- {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
- {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
- {0, 0, 0}
+ {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
+ {0, 0, 0}
};
#define GNUTLS_PK_MAP_LOOP(b) \
@@ -69,37 +68,36 @@ static const gnutls_pk_map pk_mappings[] = {
* the given gnutls_kx_algorithm_t.
*/
gnutls_pk_algorithm_t
-_gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm)
+_gnutls_map_pk_get_pk(gnutls_kx_algorithm_t kx_algorithm)
{
- gnutls_pk_algorithm_t ret = -1;
+ gnutls_pk_algorithm_t ret = -1;
- GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret;
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm) return ret;
}
/* pk algorithms;
*/
-struct gnutls_pk_entry
-{
- const char *name;
- const char *oid;
- gnutls_pk_algorithm_t id;
+struct gnutls_pk_entry {
+ const char *name;
+ const char *oid;
+ gnutls_pk_algorithm_t id;
};
typedef struct gnutls_pk_entry gnutls_pk_entry;
static const gnutls_pk_entry pk_algorithms[] = {
- /* having duplicate entries is ok, as long as the one
- * we want to return OID from is first */
- {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
- {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
- {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
- {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
- {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
- {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
- {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
- {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
- {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
- {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
- {0, 0, 0}
+ /* having duplicate entries is ok, as long as the one
+ * we want to return OID from is first */
+ {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
+ {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
+ {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
+ {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
+ {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
+ {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
+ {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
+ {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC},
+ {0, 0, 0}
};
#define GNUTLS_PK_LOOP(b) \
@@ -116,20 +114,18 @@ static const gnutls_pk_entry pk_algorithms[] = {
* Returns: a string that contains the name of the specified public
* key algorithm, or %NULL.
**/
-const char *
-gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
+const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = NULL;
+ const char *ret = NULL;
- GNUTLS_PK_LOOP(
- if (p->id == algorithm)
- {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_PK_LOOP(
+ if (p->id == algorithm) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -144,20 +140,21 @@ gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
*
* Since: 2.6.0
**/
-const gnutls_pk_algorithm_t *
-gnutls_pk_list (void)
+const gnutls_pk_algorithm_t *gnutls_pk_list(void)
{
-static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0};
+ static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = { 0 };
- if (supported_pks[0] == 0)
- {
- int i = 0;
+ if (supported_pks[0] == 0) {
+ int i = 0;
- GNUTLS_PK_LOOP (if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i>0?(i-1):0]!=p->id) supported_pks[i++]=p->id);
- supported_pks[i++]=0;
- }
+ GNUTLS_PK_LOOP(
+ if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i > 0 ? (i - 1) : 0] != p->id)
+ supported_pks[i++] = p->id
+ );
+ supported_pks[i++] = 0;
+ }
- return supported_pks;
+ return supported_pks;
}
/**
@@ -173,20 +170,18 @@ static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0};
*
* Since: 2.6.0
**/
-gnutls_pk_algorithm_t
-gnutls_pk_get_id (const char *name)
+gnutls_pk_algorithm_t gnutls_pk_get_id(const char *name)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- const gnutls_pk_entry *p;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (name && strcmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (name && strcmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
- return ret;
+ return ret;
}
/**
@@ -200,52 +195,46 @@ gnutls_pk_get_id (const char *name)
*
* Since: 2.6.0
**/
-const char *
-gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm)
+const char *gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = "Unknown";
- const gnutls_pk_entry *p;
+ const char *ret = "Unknown";
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (algorithm == p->id)
- {
- ret = p->name;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (algorithm == p->id) {
+ ret = p->name;
+ break;
+ }
- return ret;
+ return ret;
}
-gnutls_pk_algorithm_t
-_gnutls_x509_oid2pk_algorithm (const char *oid)
+gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm(const char *oid)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- const gnutls_pk_entry *p;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (p->oid && strcmp (p->oid, oid) == 0)
- {
- ret = p->id;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->oid && strcmp(p->oid, oid) == 0) {
+ ret = p->id;
+ break;
+ }
- return ret;
+ return ret;
}
-const char *
-_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
+const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm_t algorithm)
{
- const char *ret = NULL;
- const gnutls_pk_entry *p;
+ const char *ret = NULL;
+ const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
- if (p->id == algorithm)
- {
- ret = p->oid;
- break;
- }
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->id == algorithm) {
+ ret = p->oid;
+ break;
+ }
- return ret;
+ return ret;
}
/* Returns the encipher type for the given key exchange algorithm.
@@ -254,10 +243,11 @@ _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
* ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
*/
enum encipher_type
-_gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm)
+_gnutls_kx_encipher_type(gnutls_kx_algorithm_t kx_algorithm)
{
- int ret = CIPHER_IGN;
- GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret;
+ int ret = CIPHER_IGN;
+ GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type)
-}
+ return ret;
+}
diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c
index 36a1ebfa64..2dc04b7256 100644
--- a/lib/algorithms/secparams.c
+++ b/lib/algorithms/secparams.c
@@ -25,30 +25,29 @@
#include <gnutls_errors.h>
#include <x509/common.h>
-typedef struct
-{
- const char *name;
- gnutls_sec_param_t sec_param;
- unsigned int bits; /* security level */
- unsigned int pk_bits; /* DH, RSA, SRP */
- unsigned int dsa_bits; /* bits for DSA. Handled differently since
- * choice of key size in DSA is political.
- */
- unsigned int subgroup_bits; /* subgroup bits */
- unsigned int ecc_bits; /* bits for ECC keys */
+typedef struct {
+ const char *name;
+ gnutls_sec_param_t sec_param;
+ unsigned int bits; /* security level */
+ unsigned int pk_bits; /* DH, RSA, SRP */
+ unsigned int dsa_bits; /* bits for DSA. Handled differently since
+ * choice of key size in DSA is political.
+ */
+ unsigned int subgroup_bits; /* subgroup bits */
+ unsigned int ecc_bits; /* bits for ECC keys */
} gnutls_sec_params_entry;
static const gnutls_sec_params_entry sec_params[] = {
- {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
- {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 150, 0},
- {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0},
- {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
- {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
- {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
- {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
- {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
- {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
- {NULL, 0, 0, 0, 0, 0}
+ {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0},
+ {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 150, 0},
+ {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0},
+ {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160},
+ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
+ {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
+ {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
+ {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
+ {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
+ {NULL, 0, 0, 0, 0, 0}
};
#define GNUTLS_SEC_PARAM_LOOP(b) \
@@ -71,41 +70,40 @@ static const gnutls_sec_params_entry sec_params[] = {
* Since: 2.12.0
**/
unsigned int
-gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
- gnutls_sec_param_t param)
+gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
+ gnutls_sec_param_t param)
{
- unsigned int ret = 0;
-
- /* handle DSA differently */
- GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- if (algo == GNUTLS_PK_DSA)
- ret = p->dsa_bits;
- else if (algo == GNUTLS_PK_EC)
- ret = p->ecc_bits;
- else
- ret = p->pk_bits;
- break;
- }
- );
- return ret;
+ unsigned int ret = 0;
+
+ /* handle DSA differently */
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->sec_param == param) {
+ if (algo == GNUTLS_PK_DSA)
+ ret = p->dsa_bits;
+ else if (algo == GNUTLS_PK_EC)
+ ret = p->ecc_bits;
+ else
+ ret = p->pk_bits; break;
+ }
+ );
+ return ret;
}
/* Returns the corresponding size for subgroup bits (q),
* given the group bits (p).
*/
-unsigned int
-_gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
+unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits)
{
- unsigned int ret = 0;
+ unsigned int ret = 0;
- GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits)
- {
- ret = p->subgroup_bits; break;
- }
- );
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->pk_bits >= pk_bits) {
+ ret = p->subgroup_bits;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -119,18 +117,18 @@ _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
*
* Since: 2.12.0
**/
-const char *
-gnutls_sec_param_get_name (gnutls_sec_param_t param)
+const char *gnutls_sec_param_get_name(gnutls_sec_param_t param)
{
- const char *ret = "Unknown";
+ const char *ret = "Unknown";
- GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
- {
- ret = p->name; break;
- }
- );
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->sec_param == param) {
+ ret = p->name;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
/**
@@ -147,29 +145,28 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param)
* Since: 2.12.0
**/
gnutls_sec_param_t
-gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits)
+gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo, unsigned int bits)
{
- gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_INSECURE;
-
- if (bits == 0)
- return GNUTLS_SEC_PARAM_UNKNOWN;
-
- if (algo == GNUTLS_PK_EC)
- {
- GNUTLS_SEC_PARAM_LOOP (if (p->ecc_bits > bits)
- {
- break;
- }
- ret = p->sec_param;);
- }
- else
- {
- GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits)
- {
- break;
- }
- ret = p->sec_param;);
- }
-
- return ret;
+ gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_INSECURE;
+
+ if (bits == 0)
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+
+ if (algo == GNUTLS_PK_EC) {
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->ecc_bits > bits) {
+ break;
+ }
+ ret = p->sec_param;
+ );
+ } else {
+ GNUTLS_SEC_PARAM_LOOP(
+ if (p->pk_bits > bits) {
+ break;
+ }
+ ret = p->sec_param;
+ );
+ }
+
+ return ret;
}
diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index 29348e9baa..04f2645a4b 100644
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -27,16 +27,15 @@
/* signature algorithms;
*/
-struct gnutls_sign_entry
-{
- const char *name;
- const char *oid;
- gnutls_sign_algorithm_t id;
- gnutls_pk_algorithm_t pk;
- gnutls_digest_algorithm_t mac;
- /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
- for values to use in aid struct. */
- const sign_algorithm_st aid;
+struct gnutls_sign_entry {
+ const char *name;
+ const char *oid;
+ gnutls_sign_algorithm_t id;
+ gnutls_pk_algorithm_t pk;
+ gnutls_digest_algorithm_t mac;
+ /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
+ for values to use in aid struct. */
+ const sign_algorithm_st aid;
};
typedef struct gnutls_sign_entry gnutls_sign_entry;
@@ -44,43 +43,57 @@ typedef struct gnutls_sign_entry gnutls_sign_entry;
static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN;
static const gnutls_sign_entry sign_algorithms[] = {
- {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA1, {2, 1}},
- {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA1, {2, 1}},
- {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA224, {3, 1}},
- {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA256, {4, 1}},
- {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA384, {5, 1}},
- {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
- GNUTLS_DIG_SHA512, {6, 1}},
- {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
- GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN},
- {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA1, {2, 2}},
- {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA1, {2, 2}},
- {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA224, {3, 2}},
- {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256, GNUTLS_PK_DSA,
- GNUTLS_DIG_SHA256, {4, 2}},
- {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD5, {1, 1}},
- {"RSA-MD5", "1.3.14.3.2.25", GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD5, {1, 1}},
- {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
- GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN},
- {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1, GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}},
- {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224, GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}},
- {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}},
- {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}},
- {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}},
- {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
- TLS_SIGN_AID_UNKNOWN},
- {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN},
- {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
+ {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA1, {2, 1}},
+ {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA1, {2, 1}},
+ {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA224, {3, 1}},
+ {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA256, {4, 1}},
+ {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA384, {5, 1}},
+ {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_SHA512, {6, 1}},
+ {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160,
+ GNUTLS_PK_RSA,
+ GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN},
+ {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA1, {2, 2}},
+ {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA1, {2, 2}},
+ {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224,
+ GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA224, {3, 2}},
+ {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_PK_DSA,
+ GNUTLS_DIG_SHA256, {4, 2}},
+ {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD5, {1, 1}},
+ {"RSA-MD5", "1.3.14.3.2.25", GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD5, {1, 1}},
+ {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
+ GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN},
+ {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}},
+ {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}},
+ {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}},
+ {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}},
+ {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512,
+ GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}},
+ {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
+ TLS_SIGN_AID_UNKNOWN},
+ {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0,
+ TLS_SIGN_AID_UNKNOWN},
+ {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
};
#define GNUTLS_SIGN_LOOP(b) \
@@ -101,16 +114,15 @@ static const gnutls_sign_entry sign_algorithms[] = {
* Returns: a string that contains the name of the specified sign
* algorithm, or %NULL.
**/
-const char *
-gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
+const char *gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm)
{
- gnutls_sign_algorithm_t sign = algorithm;
- const char *ret = NULL;
+ gnutls_sign_algorithm_t sign = algorithm;
+ const char *ret = NULL;
- /* avoid prefix */
- GNUTLS_SIGN_ALG_LOOP (ret = p->name);
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP(ret = p->name);
- return ret;
+ return ret;
}
/**
@@ -119,19 +131,18 @@ gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
*
* Returns: Non-zero if the provided signature algorithm is considered to be secure.
**/
-int
-gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
+int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm)
{
- gnutls_sign_algorithm_t sign = algorithm;
- gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN;
+ gnutls_sign_algorithm_t sign = algorithm;
+ gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN;
+
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP(dig = p->mac);
- /* avoid prefix */
- GNUTLS_SIGN_ALG_LOOP (dig = p->mac);
-
- if (dig != GNUTLS_DIG_UNKNOWN)
- return _gnutls_digest_is_secure(mac_to_entry(dig));
+ if (dig != GNUTLS_DIG_UNKNOWN)
+ return _gnutls_digest_is_secure(mac_to_entry(dig));
- return 0;
+ return 0;
}
/**
@@ -143,20 +154,18 @@ gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm)
* integers indicating the available ciphers.
*
**/
-const gnutls_sign_algorithm_t *
-gnutls_sign_list (void)
+const gnutls_sign_algorithm_t *gnutls_sign_list(void)
{
-static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0};
+ static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = { 0 };
- if (supported_sign[0] == 0)
- {
- int i = 0;
+ if (supported_sign[0] == 0) {
+ int i = 0;
- GNUTLS_SIGN_LOOP (supported_sign[i++]=p->id);
- supported_sign[i++]=0;
- }
+ GNUTLS_SIGN_LOOP(supported_sign[i++] = p->id);
+ supported_sign[i++] = 0;
+ }
- return supported_sign;
+ return supported_sign;
}
/**
@@ -168,41 +177,35 @@ static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0};
* Returns: return a #gnutls_sign_algorithm_t value corresponding to
* the specified algorithm, or %GNUTLS_SIGN_UNKNOWN on error.
**/
-gnutls_sign_algorithm_t
-gnutls_sign_get_id (const char *name)
+gnutls_sign_algorithm_t gnutls_sign_get_id(const char *name)
{
- gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
- GNUTLS_SIGN_LOOP (
- if (strcasecmp (p->name, name) == 0)
- {
- ret = p->id;
- break;
- }
- );
+ GNUTLS_SIGN_LOOP(
+ if (strcasecmp(p->name, name) == 0) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+ return ret;
}
-gnutls_sign_algorithm_t
-_gnutls_x509_oid2sign_algorithm (const char *oid)
+gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm(const char *oid)
{
- gnutls_sign_algorithm_t ret = 0;
-
- GNUTLS_SIGN_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
- {
- ret = p->id;
- break;
- }
- );
-
- if (ret == 0)
- {
- _gnutls_debug_log ("Unknown SIGN OID: '%s'\n", oid);
- return GNUTLS_SIGN_UNKNOWN;
- }
- return ret;
+ gnutls_sign_algorithm_t ret = 0;
+
+ GNUTLS_SIGN_LOOP(
+ if (p->oid && strcmp(oid, p->oid) == 0) {
+ ret = p->id; break;}
+ );
+
+ if (ret == 0) {
+ _gnutls_debug_log("Unknown SIGN OID: '%s'\n", oid);
+ return GNUTLS_SIGN_UNKNOWN;
+ }
+ return ret;
}
/**
@@ -216,33 +219,34 @@ _gnutls_x509_oid2sign_algorithm (const char *oid)
* Returns: return a #gnutls_sign_algorithm_t value, or %GNUTLS_SIGN_UNKNOWN on error.
**/
gnutls_sign_algorithm_t
-gnutls_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
+gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
{
- gnutls_sign_algorithm_t ret = 0;
-
- GNUTLS_SIGN_LOOP (if (pk == p->pk && hash == p->mac)
- {
- ret = p->id; break;}
- );
-
- if (ret == 0)
- return GNUTLS_SIGN_UNKNOWN;
- return ret;
+ gnutls_sign_algorithm_t ret = 0;
+
+ GNUTLS_SIGN_LOOP(
+ if (pk == p->pk && hash == p->mac) {
+ ret = p->id;
+ break;
+ }
+ );
+
+ if (ret == 0)
+ return GNUTLS_SIGN_UNKNOWN;
+ return ret;
}
-const char *
-_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
- gnutls_digest_algorithm_t mac)
+const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t pk,
+ gnutls_digest_algorithm_t mac)
{
- gnutls_sign_algorithm_t sign;
- const char *ret = NULL;
+ gnutls_sign_algorithm_t sign;
+ const char *ret = NULL;
- sign = gnutls_pk_to_sign (pk, mac);
- if (sign == GNUTLS_SIGN_UNKNOWN)
- return NULL;
+ sign = gnutls_pk_to_sign(pk, mac);
+ if (sign == GNUTLS_SIGN_UNKNOWN)
+ return NULL;
- GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
- return ret;
+ GNUTLS_SIGN_ALG_LOOP(ret = p->oid);
+ return ret;
}
/**
@@ -257,13 +261,13 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
* Returns: return a #gnutls_digest_algorithm_t value, or %GNUTLS_DIG_UNKNOWN on error.
**/
gnutls_digest_algorithm_t
-gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign)
{
- gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+ gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
- GNUTLS_SIGN_ALG_LOOP (ret = p->mac);
+ GNUTLS_SIGN_ALG_LOOP(ret = p->mac);
- return ret;
+ return ret;
}
/**
@@ -278,46 +282,48 @@ gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
* Returns: return a #gnutls_pk_algorithm_t value, or %GNUTLS_PK_UNKNOWN on error.
**/
gnutls_pk_algorithm_t
-gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign)
{
- gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
- GNUTLS_SIGN_ALG_LOOP (ret = p->pk);
+ GNUTLS_SIGN_ALG_LOOP(ret = p->pk);
- return ret;
+ return ret;
}
gnutls_sign_algorithm_t
-_gnutls_tls_aid_to_sign (const sign_algorithm_st * aid)
+_gnutls_tls_aid_to_sign(const sign_algorithm_st * aid)
{
- gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
- if (memcmp(aid, &unknown_tls_aid, sizeof(*aid))==0)
- return ret;
+ if (memcmp(aid, &unknown_tls_aid, sizeof(*aid)) == 0)
+ return ret;
- GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm
- && p->aid.sign_algorithm == aid->sign_algorithm)
- {
- ret = p->id; break;
- }
- );
+ GNUTLS_SIGN_LOOP(
+ if (p->aid.hash_algorithm == aid->hash_algorithm &&
+ p->aid.sign_algorithm == aid->sign_algorithm) {
+ ret = p->id;
+ break;
+ }
+ );
- return ret;
+
+ return ret;
}
/* Returns NULL if a valid AID is not found
*/
-const sign_algorithm_st*
-_gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign)
+const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t
+ sign)
{
- const sign_algorithm_st * ret = NULL;
+ const sign_algorithm_st *ret = NULL;
- GNUTLS_SIGN_ALG_LOOP (ret = &p->aid);
+ GNUTLS_SIGN_ALG_LOOP(ret = &p->aid);
- if (ret != NULL && memcmp(ret, &unknown_tls_aid, sizeof(*ret))==0)
- return NULL;
+ if (ret != NULL
+ && memcmp(ret, &unknown_tls_aid, sizeof(*ret)) == 0)
+ return NULL;
- return ret;
+ return ret;
}
-
View Lorry Controller Status