summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/util/secplcy.c
blob: 0c784d0553551e1a03eedf118c9eca963cd80d5d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "secplcy.h"
#include "prmem.h"

SECCipherFind *
sec_CipherFindInit(PRBool onlyAllowed,
                   secCPStruct *policy,
                   long *ciphers)
{
    SECCipherFind *find = PR_NEWZAP(SECCipherFind);
    if (find) {
        find->policy = policy;
        find->ciphers = ciphers;
        find->onlyAllowed = onlyAllowed;
        find->index = -1;
    }
    return find;
}

long
sec_CipherFindNext(SECCipherFind *find)
{
    char *policy;
    long rv = -1;
    secCPStruct *policies = (secCPStruct *)find->policy;
    long *ciphers = (long *)find->ciphers;
    long numCiphers = policies->num_ciphers;

    find->index++;
    while ((find->index < numCiphers) && (rv == -1)) {
        /* Translate index to cipher. */
        rv = ciphers[find->index];

        /* If we're only looking for allowed ciphers, and if this
           cipher isn't allowed, loop around.*/
        if (find->onlyAllowed) {
            /* Find the appropriate policy flag. */
            policy = (&(policies->begin_ciphers)) + find->index + 1;

            /* If this cipher isn't allowed by policy, continue. */
            if (!(*policy)) {
                rv = -1;
                find->index++;
            }
        }
    }

    return rv;
}

char
sec_IsCipherAllowed(long cipher, secCPStruct *policies,
                    long *ciphers)
{
    char result = SEC_CIPHER_NOT_ALLOWED; /* our default answer */
    long numCiphers = policies->num_ciphers;
    char *policy;
    int i;

    /* Convert the cipher number into a policy flag location. */
    for (i = 0, policy = (&(policies->begin_ciphers) + 1);
         i < numCiphers;
         i++, policy++) {
        if (cipher == ciphers[i])
            break;
    }

    if (i < numCiphers) {
        /* Found the cipher, get the policy value. */
        result = *policy;
    }

    return result;
}

void
sec_CipherFindEnd(SECCipherFind *find)
{
    PR_FREEIF(find);
}