diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2018-08-17 06:33:23 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-08-17 06:33:23 +0200 |
| commit | df852120098dc7ba5df4a76126c6297c6d2d1b7b (patch) | |
| tree | 71522067a84239c386328a6d19f74005ae91cbf3 /security | |
| parent | a4719ebdd313dd48eaa63278302263693ff2691f (diff) | |
| download | UXP-df852120098dc7ba5df4a76126c6297c6d2d1b7b.tar UXP-df852120098dc7ba5df4a76126c6297c6d2d1b7b.tar.gz UXP-df852120098dc7ba5df4a76126c6297c6d2d1b7b.tar.lz UXP-df852120098dc7ba5df4a76126c6297c6d2d1b7b.tar.xz UXP-df852120098dc7ba5df4a76126c6297c6d2d1b7b.zip | |
Extend {EnabledWeakCiphers} bit field to allow more cipher suites.
Tag #709.
Diffstat (limited to 'security')
| -rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 025f4bda2..acaf9da90 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1391,8 +1391,8 @@ static const CipherPref sCipherPrefs[] = { // Bit flags indicating what weak ciphers are enabled. // The bit index will correspond to the index in sCipherPrefs. // Wrtten by the main thread, read from any threads. -static Atomic<uint32_t> sEnabledWeakCiphers; -static_assert(MOZ_ARRAY_LENGTH(sCipherPrefs) - 1 <= sizeof(uint32_t) * CHAR_BIT, +static uint64_t sEnabledWeakCiphers; +static_assert(MOZ_ARRAY_LENGTH(sCipherPrefs) - 1 <= sizeof(uint64_t) * CHAR_BIT, "too many cipher suites"); /*static*/ bool @@ -1404,10 +1404,10 @@ nsNSSComponent::AreAnyWeakCiphersEnabled() /*static*/ void nsNSSComponent::UseWeakCiphersOnSocket(PRFileDesc* fd) { - const uint32_t enabledWeakCiphers = sEnabledWeakCiphers; + const uint64_t enabledWeakCiphers = sEnabledWeakCiphers; const CipherPref* const cp = sCipherPrefs; for (size_t i = 0; cp[i].pref; ++i) { - if (enabledWeakCiphers & ((uint32_t)1 << i)) { + if (enabledWeakCiphers & ((uint64_t)1 << i)) { SSL_CipherPrefSet(fd, cp[i].id, true); } } @@ -1536,9 +1536,9 @@ CipherSuiteChangeObserver::Observe(nsISupports* aSubject, // Only the main thread will change sEnabledWeakCiphers. uint32_t enabledWeakCiphers = sEnabledWeakCiphers; if (cipherEnabled) { - enabledWeakCiphers |= ((uint32_t)1 << i); + enabledWeakCiphers |= ((uint64_t)1 << i); } else { - enabledWeakCiphers &= ~((uint32_t)1 << i); + enabledWeakCiphers &= ~((uint64_t)1 << i); } sEnabledWeakCiphers = enabledWeakCiphers; } else { @@ -2476,7 +2476,7 @@ InitializeCipherSuite() } // Now only set SSL/TLS ciphers we knew about at compile time - uint32_t enabledWeakCiphers = 0; + uint64_t enabledWeakCiphers = 0; const CipherPref* const cp = sCipherPrefs; for (size_t i = 0; cp[i].pref; ++i) { bool cipherEnabled = Preferences::GetBool(cp[i].pref, @@ -2485,7 +2485,7 @@ InitializeCipherSuite() // Weak ciphers are not used by default. See the comment // in CipherSuiteChangeObserver::Observe for details. if (cipherEnabled) { - enabledWeakCiphers |= ((uint32_t)1 << i); + enabledWeakCiphers |= ((uint64_t)1 << i); } } else { SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled); |