summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-08-17 06:33:23 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-08-17 06:33:23 +0200
commitdf852120098dc7ba5df4a76126c6297c6d2d1b7b (patch)
tree71522067a84239c386328a6d19f74005ae91cbf3 /security
parenta4719ebdd313dd48eaa63278302263693ff2691f (diff)
downloaduxp-df852120098dc7ba5df4a76126c6297c6d2d1b7b.tar.gz
Extend {EnabledWeakCiphers} bit field to allow more cipher suites.
Tag #709.
Diffstat (limited to 'security')
-rw-r--r--security/manager/ssl/nsNSSComponent.cpp16
1 files changed, 8 insertions, 8 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index 025f4bda24..acaf9da903 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1391,8 +1391,8 @@ static const CipherPref sCipherPrefs[] = {
// Bit flags indicating what weak ciphers are enabled.
// The bit index will correspond to the index in sCipherPrefs.
// Wrtten by the main thread, read from any threads.
-static Atomic<uint32_t> sEnabledWeakCiphers;
-static_assert(MOZ_ARRAY_LENGTH(sCipherPrefs) - 1 <= sizeof(uint32_t) * CHAR_BIT,
+static uint64_t sEnabledWeakCiphers;
+static_assert(MOZ_ARRAY_LENGTH(sCipherPrefs) - 1 <= sizeof(uint64_t) * CHAR_BIT,
"too many cipher suites");
/*static*/ bool
@@ -1404,10 +1404,10 @@ nsNSSComponent::AreAnyWeakCiphersEnabled()
/*static*/ void
nsNSSComponent::UseWeakCiphersOnSocket(PRFileDesc* fd)
{
- const uint32_t enabledWeakCiphers = sEnabledWeakCiphers;
+ const uint64_t enabledWeakCiphers = sEnabledWeakCiphers;
const CipherPref* const cp = sCipherPrefs;
for (size_t i = 0; cp[i].pref; ++i) {
- if (enabledWeakCiphers & ((uint32_t)1 << i)) {
+ if (enabledWeakCiphers & ((uint64_t)1 << i)) {
SSL_CipherPrefSet(fd, cp[i].id, true);
}
}
@@ -1536,9 +1536,9 @@ CipherSuiteChangeObserver::Observe(nsISupports* aSubject,
// Only the main thread will change sEnabledWeakCiphers.
uint32_t enabledWeakCiphers = sEnabledWeakCiphers;
if (cipherEnabled) {
- enabledWeakCiphers |= ((uint32_t)1 << i);
+ enabledWeakCiphers |= ((uint64_t)1 << i);
} else {
- enabledWeakCiphers &= ~((uint32_t)1 << i);
+ enabledWeakCiphers &= ~((uint64_t)1 << i);
}
sEnabledWeakCiphers = enabledWeakCiphers;
} else {
@@ -2476,7 +2476,7 @@ InitializeCipherSuite()
}
// Now only set SSL/TLS ciphers we knew about at compile time
- uint32_t enabledWeakCiphers = 0;
+ uint64_t enabledWeakCiphers = 0;
const CipherPref* const cp = sCipherPrefs;
for (size_t i = 0; cp[i].pref; ++i) {
bool cipherEnabled = Preferences::GetBool(cp[i].pref,
@@ -2485,7 +2485,7 @@ InitializeCipherSuite()
// Weak ciphers are not used by default. See the comment
// in CipherSuiteChangeObserver::Observe for details.
if (cipherEnabled) {
- enabledWeakCiphers |= ((uint32_t)1 << i);
+ enabledWeakCiphers |= ((uint64_t)1 << i);
}
} else {
SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);