NSS: remove cipher policy framework.

net/third_party/nss/ssl/sslimpl.h

Index: net/third_party/nss/ssl/sslimpl.h
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
index e6792b3286a2f23619d2f6019456377467c4a21e..ef085ba44c8f9605e12423a269590e4bcc6717f4 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
@@ -273,17 +273,15 @@ struct sslBufferStr {
 };
 
 /*
-** SSL3 cipher suite policy and preference struct.
+** SSL3 cipher suite preference struct.
 */
 typedef struct {
 #if !defined(_WIN32)
     unsigned int    cipher_suite : 16;
-    unsigned int    policy       :  8;
     unsigned int    enabled      :  1;
     unsigned int    isPresent    :  1;
 #else
     ssl3CipherSuite cipher_suite;
-    PRUint8         policy;
     unsigned char   enabled   : 1;
     unsigned char   isPresent : 1;
 #endif
@@ -637,7 +635,6 @@ struct sslSessionIDStr {
 
 	    ssl3CipherSuite       cipherSuite;
 	    SSLCompressionMethod  compression;
-	    int                   policy;
 	    ssl3SidKeys           keys;
 	    CK_MECHANISM_TYPE     masterWrapMech;
 				  /* mechanism used to wrap master secret */
@@ -924,10 +921,6 @@ struct ssl3StateStr {
     SECKEYPrivateKey    *channelID;          /* used by client */
     SECKEYPublicKey     *channelIDPub;       /* used by client */
 
-    int                  policy;
-			/* This says what cipher suites we can do, and should 
-			 * be either SSL_ALLOWED or SSL_RESTRICTED 
-			 */
     PLArenaPool *        peerCertArena;
 			    /* These are used to keep track of the peer CA */
     void *               peerCertChain;     
@@ -1233,8 +1226,6 @@ const unsigned char *  preferredCipher;
 
     PRUint16	shutdownHow; 	/* See ssl_SHUTDOWN defines below. */
 
-    PRUint16	allowedByPolicy;          /* copy of global policy bits. */
-    PRUint16	maybeAllowedByPolicy;     /* copy of global policy bits. */
     PRUint16	chosenPreference;         /* SSL2 cipher preferences. */
 
     sslHandshakingType handshaking;
@@ -1641,13 +1632,8 @@ extern SECStatus ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool
 extern SECStatus ssl2_CipherPrefSet(sslSocket *ss, PRInt32 which, PRBool enabled);
 extern SECStatus ssl2_CipherPrefGet(sslSocket *ss, PRInt32 which, PRBool *enabled);
 
-extern SECStatus ssl3_SetPolicy(ssl3CipherSuite which, PRInt32 policy);
-extern SECStatus ssl3_GetPolicy(ssl3CipherSuite which, PRInt32 *policy);
-extern SECStatus ssl2_SetPolicy(PRInt32 which, PRInt32 policy);
-extern SECStatus ssl2_GetPolicy(PRInt32 which, PRInt32 *policy);
-
-extern void      ssl2_InitSocketPolicy(sslSocket *ss);
-extern void      ssl3_InitSocketPolicy(sslSocket *ss);
+extern void      ssl2_InitSocketCipherSuites(sslSocket *ss);
+extern void      ssl3_InitSocketCipherSuites(sslSocket *ss);
 
 extern SECStatus ssl3_ConstructV2CipherSpecsHack(sslSocket *ss,
 						 unsigned char *cs, int *size);
@@ -1788,9 +1774,9 @@ extern SECStatus ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
 extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
 extern void ssl_FreePRSocket(PRFileDesc *fd);
 
-/* Internal config function so SSL2 can initialize the present state of 
+/* Internal config function so SSL2 can initialize the present state of

[wtc, 2013/08/08 21:26:28]

"SSL2" seems like a typo of "SSL3".

[agl, 2013/08/09 15:53:49]

Done.

  * various ciphers */
-extern int ssl3_config_match_init(sslSocket *);
+extern int ssl3_cipher_suites_test_presence(sslSocket *);

[wtc, 2013/08/08 21:26:28]

test => init?

to stress the fact that this function is used as an initialization function,
which must be called before cipher_suite_available can be used.

Another good name for this function would be ssl3_cipher_suite_available_init,
to match the pattern of the original names ssl3_config_match_init vs.
config_match.

[agl, 2013/08/09 15:53:49]

Have switched to this name.

 
 /* Create a new ref counted key pair object from two keys. */
 extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey,