NSS: remove cipher policy framework.

net/third_party/nss/ssl/sslimpl.h

 /*
  * This file is PRIVATE to SSL and should be the first thing included by
  * any SSL implementation file.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef __sslimpl_h_
 #define __sslimpl_h_
@@ skipping 255 matching lines @@
 /*
 ** A buffer object.
 */
 struct sslBufferStr {
     unsigned char *     buf;
     unsigned int        len;
     unsigned int        space;
 };
 
 /*
-** SSL3 cipher suite policy and preference struct.
+** SSL3 cipher suite preference struct.
 */
 typedef struct {
 #if !defined(_WIN32)
     unsigned int    cipher_suite : 16;
-    unsigned int    policy       :  8;
     unsigned int    enabled      :  1;
     unsigned int    isPresent    :  1;
 #else
     ssl3CipherSuite cipher_suite;
-    PRUint8         policy;
     unsigned char   enabled   : 1;
     unsigned char   isPresent : 1;
 #endif
 } ssl3CipherSuiteCfg;
 
 #ifdef NSS_ENABLE_ECC
 #define ssl_V3_SUITES_IMPLEMENTED 57
 #else
 #define ssl_V3_SUITES_IMPLEMENTED 35
 #endif /* NSS_ENABLE_ECC */
@@ skipping 333 matching lines @@
             int                   keyBits;
             int                   secretKeyBits;
         } ssl2;
         struct {
             /* values that are copied into the server's on-disk SID cache. */
             PRUint8               sessionIDLength;
             SSL3Opaque            sessionID[SSL3_SESSIONID_BYTES];
 
             ssl3CipherSuite       cipherSuite;
             SSLCompressionMethod  compression;
-            int                   policy;
             ssl3SidKeys           keys;
             CK_MECHANISM_TYPE     masterWrapMech;
                                   /* mechanism used to wrap master secret */
             SSL3KEAType           exchKeyType;
                                   /* key type used in exchange algorithm,
                                    * and to wrap the sym wrapping key. */
 #ifdef NSS_ENABLE_ECC
             PRUint32              negotiatedECCurves;
 #endif /* NSS_ENABLE_ECC */
 
@@ skipping 265 matching lines @@
     SECKEYPrivateKey *   clientPrivateKey;   /* used by client */
     /* platformClientKey is present even when NSS_PLATFORM_CLIENT_AUTH is not
      * defined in order to allow cleaner conditional code.
      * At most one of clientPrivateKey and platformClientKey may be set. */
     PlatformKey          platformClientKey;  /* used by client */
     CERTCertificateList *clientCertChain;    /* used by client */
     PRBool               sendEmptyCert;      /* used by client */
 
     SECKEYPrivateKey    *channelID;          /* used by client */
     SECKEYPublicKey     *channelIDPub;       /* used by client */
-

[wtc, 2013/08/09 19:28:19]

Resurrect this blank line.

[agl, 2013/08/12 11:29:12]

Done.

-    int                  policy;
-                        /* This says what cipher suites we can do, and should 
-                         * be either SSL_ALLOWED or SSL_RESTRICTED 
-                         */
     PLArenaPool *        peerCertArena;
                             /* These are used to keep track of the peer CA */
     void *               peerCertChain;     
                             /* chain while we are trying to validate it.   */
     CERTDistNames *      ca_list; 
                             /* used by server.  trusted CAs for this socket. */
     PRBool               initialized;
     SSL3HandshakeState   hs;
     ssl3CipherSpec       specs[2];      /* one is current, one is pending. */
 
@@ skipping 285 matching lines @@
 
     /* handle to perm cert db (and implicitly to the temp cert db) used 
     ** with this socket. 
     */
     CERTCertDBHandle * dbHandle;
 
     PRThread *  writerThread;   /* thread holds SSL_LOCK_WRITER lock */
 
     PRUint16    shutdownHow;    /* See ssl_SHUTDOWN defines below. */
 
-    PRUint16    allowedByPolicy;          /* copy of global policy bits. */
-    PRUint16    maybeAllowedByPolicy;     /* copy of global policy bits. */
     PRUint16    chosenPreference;         /* SSL2 cipher preferences. */
 
     sslHandshakingType handshaking;
 
     /* Gather object used for gathering data */
     sslGather        gs;                                /*recvBufLock*/
 
     sslBuffer        saveBuf;                           /*xmitBufLock*/
     sslBuffer        pendingBuf;                        /*xmitBufLock*/
 
@@ skipping 386 matching lines @@
 extern SECStatus ssl3_CipherPrefSetDefault(ssl3CipherSuite which, PRBool on);
 extern SECStatus ssl3_CipherPrefGetDefault(ssl3CipherSuite which, PRBool *on);
 extern SECStatus ssl2_CipherPrefSetDefault(PRInt32 which, PRBool enabled);
 extern SECStatus ssl2_CipherPrefGetDefault(PRInt32 which, PRBool *enabled);
 
 extern SECStatus ssl3_CipherPrefSet(sslSocket *ss, ssl3CipherSuite which, PRBool on);
 extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *on);
 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
 
-extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
-extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
-extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
-extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
-
-extern void      ssl2_InitSocketPolicy(sslSocket *ss);
-extern void      ssl3_InitSocketPolicy(sslSocket *ss);
+extern void      ssl2_InitSocketCipherSuites(sslSocket *ss);
+extern void      ssl3_InitSocketCipherSuites(sslSocket *ss);
 
 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
                                                  unsigned char *cs, int *size);
 
 extern SECStatus ssl3_RedoHandshake(sslSocket *ss, PRBool flushCache);
 extern SECStatus ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, 
                                              PRUint32 length);
 
 extern void ssl3_DestroySSL3Info(sslSocket *ss);
 
@@ skipping 120 matching lines @@
 
 extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
                                                  unsigned char *out,
                                                  unsigned int *outLen,
                                                  unsigned int outLenMax);
 
 /* Construct a new NSPR socket for the app to use */
 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
 extern void ssl_FreePRSocket(PRFileDesc *fd);
 
-/* Internal config function so SSL2 can initialize the present state of 
- * various ciphers */
-extern int ssl3_config_match_init(sslSocket *);
+/* Internal config function so SSL3 can test the present state of various
+ * ciphers */
+extern int ssl3_cipher_suite_available_init(sslSocket *);
 
 /* Create a new ref counted key pair object from two keys. */
 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, 
                                       SECKEYPublicKey * pubKey);
 
 /* get a new reference (bump ref count) to an ssl3KeyPair. */
 extern ssl3KeyPair * ssl3_GetKeyPairRef(ssl3KeyPair * keyPair);
 
 /* Decrement keypair's ref count and free if zero. */
 extern void ssl3_FreeKeyPair(ssl3KeyPair * keyPair);
@@ skipping 115 matching lines @@
 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
 #define SSL_GETPID getpid
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
 #else
 #define SSL_GETPID() 0
 #endif
 
 #endif /* __sslimpl_h_ */