security/nss/lib/util/secplcy.c@b8a032363ba2 (annotated)
security/nss/lib/util/secplcy.c
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #include "secplcy.h" |
| michael@0 | 6 | #include "prmem.h" |
| michael@0 | 7 | |
| michael@0 | 8 | SECCipherFind *sec_CipherFindInit(PRBool onlyAllowed, |
| michael@0 | 9 | secCPStruct *policy, |
| michael@0 | 10 | long *ciphers) |
| michael@0 | 11 | { |
| michael@0 | 12 | SECCipherFind *find = PR_NEWZAP(SECCipherFind); |
| michael@0 | 13 | if (find) |
| michael@0 | 14 | { |
| michael@0 | 15 | find->policy = policy; |
| michael@0 | 16 | find->ciphers = ciphers; |
| michael@0 | 17 | find->onlyAllowed = onlyAllowed; |
| michael@0 | 18 | find->index = -1; |
| michael@0 | 19 | } |
| michael@0 | 20 | return find; |
| michael@0 | 21 | } |
| michael@0 | 22 | |
| michael@0 | 23 | long sec_CipherFindNext(SECCipherFind *find) |
| michael@0 | 24 | { |
| michael@0 | 25 | char *policy; |
| michael@0 | 26 | long rv = -1; |
| michael@0 | 27 | secCPStruct *policies = (secCPStruct *) find->policy; |
| michael@0 | 28 | long *ciphers = (long *) find->ciphers; |
| michael@0 | 29 | long numCiphers = policies->num_ciphers; |
| michael@0 | 30 | |
| michael@0 | 31 | find->index++; |
| michael@0 | 32 | while((find->index < numCiphers) && (rv == -1)) |
| michael@0 | 33 | { |
| michael@0 | 34 | /* Translate index to cipher. */ |
| michael@0 | 35 | rv = ciphers[find->index]; |
| michael@0 | 36 | |
| michael@0 | 37 | /* If we're only looking for allowed ciphers, and if this |
| michael@0 | 38 | cipher isn't allowed, loop around.*/ |
| michael@0 | 39 | if (find->onlyAllowed) |
| michael@0 | 40 | { |
| michael@0 | 41 | /* Find the appropriate policy flag. */ |
| michael@0 | 42 | policy = (&(policies->begin_ciphers)) + find->index + 1; |
| michael@0 | 43 | |
| michael@0 | 44 | /* If this cipher isn't allowed by policy, continue. */ |
| michael@0 | 45 | if (! (*policy)) |
| michael@0 | 46 | { |
| michael@0 | 47 | rv = -1; |
| michael@0 | 48 | find->index++; |
| michael@0 | 49 | } |
| michael@0 | 50 | } |
| michael@0 | 51 | } |
| michael@0 | 52 | |
| michael@0 | 53 | return rv; |
| michael@0 | 54 | } |
| michael@0 | 55 | |
| michael@0 | 56 | char sec_IsCipherAllowed(long cipher, secCPStruct *policies, |
| michael@0 | 57 | long *ciphers) |
| michael@0 | 58 | { |
| michael@0 | 59 | char result = SEC_CIPHER_NOT_ALLOWED; /* our default answer */ |
| michael@0 | 60 | long numCiphers = policies->num_ciphers; |
| michael@0 | 61 | char *policy; |
| michael@0 | 62 | int i; |
| michael@0 | 63 | |
| michael@0 | 64 | /* Convert the cipher number into a policy flag location. */ |
| michael@0 | 65 | for (i=0, policy=(&(policies->begin_ciphers) + 1); |
| michael@0 | 66 | i<numCiphers; |
| michael@0 | 67 | i++, policy++) |
| michael@0 | 68 | { |
| michael@0 | 69 | if (cipher == ciphers[i]) |
| michael@0 | 70 | break; |
| michael@0 | 71 | } |
| michael@0 | 72 | |
| michael@0 | 73 | if (i < numCiphers) |
| michael@0 | 74 | { |
| michael@0 | 75 | /* Found the cipher, get the policy value. */ |
| michael@0 | 76 | result = *policy; |
| michael@0 | 77 | } |
| michael@0 | 78 | |
| michael@0 | 79 | return result; |
| michael@0 | 80 | } |
| michael@0 | 81 | |
| michael@0 | 82 | void sec_CipherFindEnd(SECCipherFind *find) |
| michael@0 | 83 | { |
| michael@0 | 84 | PR_FREEIF(find); |
| michael@0 | 85 | } |
