Index: net/third_party/nss/ssl/ssl3con.c |
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c |
index 882e35690ed6a1dee19b0eec1d2e158fa4bb3a5e..ab2289152f1a31890f059c8c4ae40ea4781e52ff 100644 |
--- a/net/third_party/nss/ssl/ssl3con.c |
+++ b/net/third_party/nss/ssl/ssl3con.c |
@@ -12365,6 +12365,45 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) |
return rv; |
} |
+SECStatus |
+ssl3_CipherOrderSet(sslSocket *ss, const PRUint16 *ciphers, size_t len) |
+{ |
+ size_t i, done; |
wtc
2013/11/19 23:00:44
Nit: use unsigned int.
agl
2013/11/20 18:21:07
Done.
|
+ |
+ for (i = done = 0; i < len; i++) { |
wtc
2013/11/19 23:00:44
It seems that |done| is always equal to |i|, so we
agl
2013/11/20 18:21:07
Done.
|
+ PRUint16 id = ciphers[i]; |
+ size_t existingIndex, j; |
+ char found = 0; |
wtc
2013/11/19 23:00:44
Nit: Use PRBool and PR_FALSE, PR_TRUE instead of c
agl
2013/11/20 18:21:07
Done.
|
+ |
+ for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) { |
wtc
2013/11/19 23:00:44
This valid cipher suite check is quadratic. We sho
agl
2013/11/20 18:21:07
It might be possible to use a model socket because
wtc
2013/11/22 01:14:16
I think you're right, although if the |ciphers| in
|
+ if (ss->cipherSuites[j].cipher_suite == id) { |
+ existingIndex = j; |
+ found = 1; |
+ break; |
+ } |
+ } |
+ |
+ if (!found) { |
+ PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE); |
+ return SECFailure; |
+ } |
+ |
+ if (existingIndex != done) { |
+ const ssl3CipherSuiteCfg temp = ss->cipherSuites[done]; |
+ ss->cipherSuites[done] = ss->cipherSuites[existingIndex]; |
+ ss->cipherSuites[existingIndex] = temp; |
+ } |
+ done++; |
+ } |
+ |
+ /* Disable all cipher suites that weren't included. */ |
+ for (; i < ssl_V3_SUITES_IMPLEMENTED; i++) { |
+ ss->cipherSuites[i].enabled = 0; |
+ } |
+ |
+ return SECSuccess; |
+} |
+ |
/* copy global default policy into socket. */ |
void |
ssl3_InitSocketPolicy(sslSocket *ss) |