Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Backing out code from bug 102633 and the unsuccessful fix attempt from bug 137530, because the UI does not work as expected.

Browse Source 
r=javi / sr=alecf for backing out


git-svn-id: svn://10.0.0.236/trunk@121480 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
kaie%netscape.com 2002-05-14 20:42:54 +00:00
parent 5c779b010e
commit d8bb7d92e2
14 changed files with 125 additions and 871 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
mozilla/security/manager/pki/resources/content/pref-ciphers.xul
View File

@ -29,31 +29,11 @@
<window id="pref-ciphers" title="&cipher.title;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
style="width: 50em; height: 20em;"
onload="onLoad();">
<script type="application/x-javascript" src="chrome://help/content/contextHelp.js"/>
<script type="application/x-javascript"><![CDATA[
var prefs = null;
var prefStrings = new Array();
var ciphers = new Array();
var checkboxes = new Array();
var listbox = null;
var info_encryption;
var info_authAlg;
var info_keyAlg;
var info_keySize;
var info_macAlg;
var info_fips;
var info_exportable;
function createCell(label) {
var cell = document.createElement("listcell");
cell.setAttribute("label", label);
return cell;
}
function onLoad() {
doSetOKCancel(doOK, doCancel);
@ -62,101 +42,21 @@
prefs = Components.classes["@mozilla.org/preferences;1"].getService(nsIPref);
const nsCipherInfoService = "@mozilla.org/security/cipherinfo;1";
const nsICipherInfoService = Components.interfaces.nsICipherInfoService;
const nsICipherInfo = Components.interfaces.nsICipherInfo;
// Enumerate each checkbox on this page and set value
var prefElements = document.getElementsByAttribute("prefstring", "*");
for (var i = 0; i < prefElements.length; i++) {
var element = prefElements[i];
var prefString = element.getAttribute("prefstring");
var prefValue = false;
var cipher_info_service = Components.classes[nsCipherInfoService].getService(nsICipherInfoService);
var cipher_list = cipher_info_service.listCiphers();
listbox = document.getElementById("cipherlist");
info_encryption = document.getElementById("encryption");
info_authAlg = document.getElementById("authAlg");
info_keyAlg = document.getElementById("keyAlg");
info_keySize = document.getElementById("keySize");
info_macAlg = document.getElementById("macAlg");
info_fips = document.getElementById("fips");
info_exportable = document.getElementById("exportable");
var cipher;
var i = 0;
while (cipher_list.hasMoreElements()) {
cipher = cipher_list.getNext().QueryInterface(nsICipherInfo);
ciphers[i] = cipher;
var prefString = cipher.prefString;
prefStrings[i] = prefString;
var prefValue = null;
try {
prefValue = prefs.GetBoolPref(prefString);
} catch(e) { /* Put debug output here */ }
var listitem = document.createElement("listitem");
listitem.setAttribute("allowevents", "true");
var checkbox = document.createElement("checkbox");
checkbox.setAttribute("checked", prefValue);
element.setAttribute("checked", prefValue);
// disable xul element if the pref is locked.
if (prefs.PrefIsLocked(prefString)) {
checkbox.disabled=true;
}
checkboxes[i] = checkbox;
var checkcell = document.createElement("listcell");
checkcell.appendChild(checkbox);
listitem.appendChild(checkcell);
listitem.appendChild(createCell(cipher.isSSL2 ? "SSL2" : "SSL3/TLS"));
listitem.appendChild(createCell(cipher.longName));
listbox.appendChild(listitem);
if (!i) {
listbox.selectedIndex = 0;
}
++i;
}
}
function onSelect(event) {
if (listbox.selectedItems.length <= 0) {
info_encryption.setAttribute("value", "");
info_authAlg.setAttribute("value", "");
info_keyAlg.setAttribute("value", "");
info_keySize.setAttribute("value", "");
info_macAlg.setAttribute("value", "");
info_fips.removeAttribute("collapsed");
info_exportable.removeAttribute("collapsed");
}
else {
var selected = listbox.selectedIndex;
var cipher = ciphers[selected];
info_encryption.setAttribute("value", cipher.symCipherName);
info_authAlg.setAttribute("value", cipher.authAlgorithmName);
info_keyAlg.setAttribute("value", cipher.keaTypeName);
info_keySize.setAttribute("value", cipher.effectiveKeyBits);
info_macAlg.setAttribute("value", cipher.macAlgorithmName);
if (cipher.isFIPS) {
info_fips.removeAttribute("collapsed");
}
else {
info_fips.setAttribute("collapsed", "true");
}
if (cipher.isExportable) {
info_exportable.removeAttribute("collapsed");
}
else {
info_exportable.setAttribute("collapsed", "true");
element.disabled=true;
}
}
}
@ -165,10 +65,12 @@
// Save the prefs
try {
// Enumerate each checkbox on this page and save the value
for (var i = 0; i < checkboxes.length; i++) {
var element = checkboxes[i];
var prefString = prefStrings[i];
var prefElements = document.getElementsByAttribute("prefstring", "*");
for (var i = 0; i < prefElements.length; i++) {
var element = prefElements[i];
var prefString = element.getAttribute("prefstring");
var prefValue = element.getAttribute("checked");
if (typeof(prefValue) == "string") prefValue = (prefValue == "true");
@ -184,68 +86,57 @@
function doCancel() {
window.close();
}
function doHelpButton() {
openHelp('cipher_help');
}
]]></script>
<vbox style="overflow: hidden;">
<vbox style="overflow: hidden;" flex="1">
<groupbox align="start">
<caption label="&cipher.ssl2.label;"/>
<checkbox label="&cipher.ssl2.rc4_128;"
prefstring="security.ssl2.rc4_128"/>
<checkbox label="&cipher.ssl2.rc2_128;"
prefstring="security.ssl2.rc2_128"/>
<checkbox label="&cipher.ssl2.des_ede3_192;"
prefstring="security.ssl2.des_ede3_192"/>
<checkbox label="&cipher.ssl2.des_64;"
prefstring="security.ssl2.des_64"/>
<checkbox label="&cipher.ssl2.rc4_40;"
prefstring="security.ssl2.rc4_40"/>
<checkbox label="&cipher.ssl2.rc2_40;"
prefstring="security.ssl2.rc2_40"/>
</groupbox>
<groupbox align="start">
<caption label="&cipher.ssl3.label;"/>
<checkbox label="&cipher.ssl3.rsa_rc4_128_md5;"
prefstring="security.ssl3.rsa_rc4_128_md5"/>
<checkbox label="&cipher.ssl3.rsa_fips_des_ede3_sha;"
prefstring="security.ssl3.rsa_fips_des_ede3_sha"/>
<checkbox label="&cipher.ssl3.rsa_des_ede3_sha;"
prefstring="security.ssl3.rsa_des_ede3_sha"/>
<checkbox label="&cipher.ssl3.rsa_fips_des_sha;"
prefstring="security.ssl3.rsa_fips_des_sha"/>
<checkbox label="&cipher.ssl3.rsa_des_sha;"
prefstring="security.ssl3.rsa_des_sha"/>
<checkbox label="&cipher.ssl3.rsa_1024_rc4_56_sha;"
prefstring="security.ssl3.rsa_1024_rc4_56_sha"/>
<checkbox label="&cipher.ssl3.rsa_1024_des_cbc_sha;"
prefstring="security.ssl3.rsa_1024_des_cbc_sha"/>
<checkbox label="&cipher.ssl3.rsa_rc4_40_md5;"
prefstring="security.ssl3.rsa_rc4_40_md5"/>
<checkbox label="&cipher.ssl3.rsa_rc2_40_md5;"
prefstring="security.ssl3.rsa_rc2_40_md5"/>
<checkbox label="&cipher.ssl3.rsa_null_md5;"
prefstring="security.ssl3.rsa_null_md5"/>
</groupbox>
<separator/>
<listbox id="cipherlist" style="height: 15em; width: 40em;"
flex="1" onselect="onSelect(event);">
<listcols>
<listcol flex="1"/>
<splitter class="tree-splitter"/>
<listcol flex="3"/>
<splitter class="tree-splitter"/>
<listcol flex="10"/>
</listcols>
<listhead>
<listheader label="&cipher.enable;"/>
<listheader label="&cipher.version;"/>
<listheader label="&cipher.name;"/>
</listhead>
</listbox>
<grid style="margin: 1em;">
<columns>
<column/>
<column/>
</columns>
<rows>
<row>
<label value="&cipher.encryption;"/>
<label id="encryption"/>
</row>
<row>
<label value="&cipher.authAlg;"/>
<label id="authAlg"/>
</row>
<row>
<label value="&cipher.keyAlg;"/>
<label id="keyAlg"/>
</row>
<row>
<label value="&cipher.keySize;"/>
<label id="keySize"/>
</row>
<row>
<label value="&cipher.macAlg;"/>
<label id="macAlg"/>
</row>
<row>
<label value="&cipher.other;"/>
<label id="fips" value="&cipher.fips;" collapsed="true"/>
</row>
<row>
<label value=""/>
<label id="exportable" value="&cipher.exportable;" collapsed="true"/>
</row>
</rows>
</grid>
<keyset id="dialogKeys"/>
<hbox id="okCancelHelpButtonsRight"/>
<hbox id="okCancelButtonsRight"/>
</vbox>

31
mozilla/security/manager/pki/resources/locale/en-US/pref-ssl.dtd
View File

@ -50,15 +50,22 @@
<!ENTITY cipher.ssl2.label "SSL2 Ciphersuites">
<!ENTITY cipher.ssl3.label "SSL3/TLS Ciphersuites">
<!-- Labels for cipher attributes -->
<!ENTITY cipher.enable "Enable">
<!ENTITY cipher.name "Cipher">
<!ENTITY cipher.version "Version">
<!ENTITY cipher.encryption "Encryption Algorithm:">
<!ENTITY cipher.authAlg "Authentification Algorithm:">
<!ENTITY cipher.keyAlg "Key Algorithm:">
<!ENTITY cipher.keySize "Key Size:">
<!ENTITY cipher.macAlg "MAC Algorithm:">
<!ENTITY cipher.other "Other Attributes:">
<!ENTITY cipher.fips "FIPS">
<!ENTITY cipher.exportable "IsExportable">
<!-- SSL2 Ciphers -->
<!ENTITY cipher.ssl2.rc4_128 "RC4 encryption with a 128-bit key">
<!ENTITY cipher.ssl2.rc2_128 "RC2 encryption with a 128-bit key">
<!ENTITY cipher.ssl2.des_ede3_192 "Triple DES encryption with a 168-bit key">
<!ENTITY cipher.ssl2.des_64 "DES encryption with a 56-bit key">
<!ENTITY cipher.ssl2.rc4_40 "RC4 encryption with a 40-bit key">
<!ENTITY cipher.ssl2.rc2_40 "RC2 encryption with a 40-bit key">
<!-- SSL3 ciphers -->
<!ENTITY cipher.ssl3.rsa_rc4_128_md5 "RC4 encryption with a 128-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_fips_des_ede3_sha "FIPS 140-1 compliant triple DES encryption and SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_des_ede3_sha "Triple DES encryption with a 168-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_fips_des_sha "FIPS 140-1 compliant DES encryption and SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_des_sha "DES encryption with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_1024_rc4_56_sha "RC4 encryption with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_1024_des_cbc_sha "DES encryption in CBC mode with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_rc4_40_md5 "RC4 encryption with a 40-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_rc2_40_md5 "RC2 encryption with a 40-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_null_md5 "No encryption with an MD5 MAC">

30
mozilla/security/manager/ssl/macbuild/PIPNSS.xml
View File

@ -1152,13 +1152,6 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -1328,11 +1321,6 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -2464,13 +2452,6 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -2640,11 +2621,6 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -2932,12 +2908,6 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>

30
mozilla/security/manager/ssl/macbuild/pipnssIDL.xml
View File

@ -811,13 +811,6 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
</FILELIST>
<LINKORDER>
<FILEREF>
@ -885,11 +878,6 @@
<PATH>nsICMS.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</LINKORDER>
</TARGET>
<TARGET>
@ -1650,13 +1638,6 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
</FILELIST>
<LINKORDER>
<FILEREF>
@ -1724,11 +1705,6 @@
<PATH>nsICMS.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</LINKORDER>
</TARGET>
</TARGETLIST>
@ -1819,12 +1795,6 @@
<PATH>nsICMS.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</GROUPLIST>
</PROJECT>

1
mozilla/security/manager/ssl/public/Makefile.in
View File

@ -57,7 +57,6 @@ XPIDLSRCS = \
nsICMSSecureMessage.idl \
nsICMS.idl \
nsIUserCertPicker.idl \
nsICipherInfo.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

1
mozilla/security/manager/ssl/public/makefile.win
View File

@ -57,7 +57,6 @@ XPIDLSRCS= \
.\nsICMSSecureMessage.idl \
.\nsICMS.idl \
.\nsIUserCertPicker.idl \
.\nsICipherInfo.idl \
$(NULL)

75
mozilla/security/manager/ssl/public/nsICipherInfo.idl
View File

@ -1,75 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
#include "nsISimpleEnumerator.idl"
[scriptable, uuid(766d47cb-6d8c-4e71-b6b7-336917629a69)]
interface nsICipherInfoService : nsISupports
{
nsISimpleEnumerator listCiphers();
};
[scriptable, uuid(028e2b2a-1f0b-43a4-a1a7-365d2d7f35d0)]
interface nsICipherInfo : nsISupports
{
readonly attribute string longName;
readonly attribute PRBool isSSL2;
readonly attribute PRBool isFIPS;
readonly attribute PRBool isExportable;
readonly attribute PRBool nonStandard;
readonly attribute string symCipherName;
readonly attribute string authAlgorithmName;
readonly attribute string keaTypeName;
readonly attribute string macAlgorithmName;
readonly attribute PRInt32 effectiveKeyBits;
readonly attribute string prefString;
};
%{C++
#define NS_CIPHERINFOSERVICE_CID { /* ec693a6f-0832-49dd-877c-89f6552df5de */ \
0xec693a6f, \
0x0832, \
0x49dd, \
{0x87, 0x7c, 0x89, 0xf6, 0x55, 0x2d, 0xf5, 0xde} \
}
#define NS_CIPHERINFOSERVICE_CONTRACTID "@mozilla.org/security/cipherinfo;1"
%}

1
mozilla/security/manager/ssl/src/Makefile.in
View File

@ -68,7 +68,6 @@ CPPSRCS = \
nsCMSSecureMessage.cpp \
nsCMS.cpp \
nsCertPicker.cpp \
nsCipherInfo.cpp \
$(NULL)
REQUIRES = nspr \

1
mozilla/security/manager/ssl/src/makefile.win
View File

@ -144,7 +144,6 @@ OBJS = \
.\$(OBJDIR)\nsCMSSecureMessage.obj \
.\$(OBJDIR)\nsCMS.obj \
.\$(OBJDIR)\nsCertPicker.obj \
.\$(OBJDIR)\nsCipherInfo.obj \
$(NULL)
include <$(DEPTH)\config\rules.mak>

414
mozilla/security/manager/ssl/src/nsCipherInfo.cpp
View File

@ -1,414 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsCipherInfo.h"
#include "nsReadableUtils.h"
#include "nsEnumeratorUtils.h"
#include "nsCRT.h"
#include "ssl.h"
#include "sslproto.h"
nsCiphers* nsCiphers::singleton = nsnull;
void nsCiphers::InitSingleton()
{
NS_ASSERTION(!singleton, "trying to instantiate nsCiphers::singleton twice");
singleton = new nsCiphers();
}
void nsCiphers::DestroySingleton()
{
delete singleton;
singleton = nsnull;
}
struct struct_historical_cipher_pref_strings
{
PRUint16 cipher_id;
const char *pref_string;
}
const historical_cipher_pref_strings[] =
{
{ SSL_EN_RC4_128_WITH_MD5, "security.ssl2.rc4_128" },
{ SSL_EN_RC2_128_CBC_WITH_MD5, "security.ssl2.rc2_128" },
{ SSL_EN_DES_192_EDE3_CBC_WITH_MD5, "security.ssl2.des_ede3_192" },
{ SSL_EN_DES_64_CBC_WITH_MD5, "security.ssl2.des_64" },
{ SSL_EN_RC4_128_EXPORT40_WITH_MD5, "security.ssl2.rc4_40" },
{ SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, "security.ssl2.rc2_40" },
{ SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, "security.ssl3.fortezza_fortezza_sha" },
{ SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, "security.ssl3.fortezza_rc4_sha" },
{ SSL_RSA_WITH_RC4_128_MD5, "security.ssl3.rsa_rc4_128_md5" },
{ SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "security.ssl3.rsa_fips_des_ede3_sha" },
{ SSL_RSA_WITH_3DES_EDE_CBC_SHA, "security.ssl3.rsa_des_ede3_sha" },
{ SSL_RSA_FIPS_WITH_DES_CBC_SHA, "security.ssl3.rsa_fips_des_sha" },
{ SSL_RSA_WITH_DES_CBC_SHA, "security.ssl3.rsa_des_sha" },
{ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, "security.ssl3.rsa_1024_rc4_56_sha" },
{ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, "security.ssl3.rsa_1024_des_cbc_sha" },
{ SSL_RSA_EXPORT_WITH_RC4_40_MD5, "security.ssl3.rsa_rc4_40_md5" },
{ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "security.ssl3.rsa_rc2_40_md5" },
{ SSL_FORTEZZA_DMS_WITH_NULL_SHA, "security.ssl3.fortezza_null_sha" },
{ SSL_RSA_WITH_NULL_MD5, "security.ssl3.rsa_null_md5" }
};
const PRUint16 number_of_historical_cipher_pref_strings =
sizeof(historical_cipher_pref_strings)
/ sizeof(struct_historical_cipher_pref_strings);
PRBool isCipherWithHistoricaPrefString(const PRUint16 cipher_id, PRUint16 &out_index_into_array)
{
for (PRUint16 i = 0; i < number_of_historical_cipher_pref_strings; ++i)
{
if (cipher_id == historical_cipher_pref_strings[i].cipher_id)
{
out_index_into_array = i;
return PR_TRUE;
}
}
return PR_FALSE;
}
nsCiphers::nsCiphers()
{
// count number of wanted ciphers
mCiphers = new CipherData[SSL_NumImplementedCiphers];
if (!mCiphers)
return;
for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i)
{
CipherData &data = mCiphers[i];
data.id = SSL_ImplementedCiphers[i];
switch (data.id)
{
case SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA:
case SSL_RSA_FIPS_WITH_DES_CBC_SHA:
// filter out no longer supported ciphers
data.isWanted = PR_FALSE;
break;
case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA:
case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
// filter out fortezza ciphers until we implement proper UI handling
data.isWanted = PR_FALSE;
break;
default:
data.isWanted = PR_TRUE;
break;
}
if (!data.isWanted)
continue;
// In past versions, there was a hardcoded mapping from cipher IDs
// to preference strings.
// In order to be backwards compatible with regards to preferences,
// we need to continue using those strings.
// However, we are now using the available ciphers from NSS dynamically,
// therefore we are using automatic preference string creation for
// any other ciphers.
data.isGood = (
(SECSuccess == SSL_GetCipherSuiteInfo(data.id, &data.info, sizeof(data.info)))
&&
(sizeof(data.info) == data.info.length));
if (!data.isGood)
{
NS_ASSERTION(0, "unable to get info for implemented cipher");
continue;
}
PRUint16 array_index = 0;
if (isCipherWithHistoricaPrefString(data.id, array_index))
{
data.setDataSegmentPrefString( historical_cipher_pref_strings[array_index].pref_string );
}
else
{
nsCAutoString pref;
pref.Append("security.");
pref.Append( SSL_IS_SSL2_CIPHER(data.info.cipherSuite) ? "ssl2." : "ssl3." );
pref.Append(data.info.cipherSuiteName);
ToLowerCase(pref);
data.setHeapString(ToNewCString(pref));
}
}
}
nsCiphers::~nsCiphers()
{
delete [] mCiphers;
}
void nsCiphers::SetAllCiphersFromPrefs(nsIPref *ipref)
{
PRBool enabled;
for (PRUint16 iCipher = 0; iCipher < SSL_NumImplementedCiphers; ++iCipher)
{
if (!singleton->mCiphers[iCipher].isWanted || !singleton->mCiphers[iCipher].isGood)
continue;
CipherData &cd = singleton->mCiphers[iCipher];
ipref->GetBoolPref(cd.GetPrefString(), &enabled);
SSL_CipherPrefSetDefault(cd.id, enabled);
}
}
void nsCiphers::SetCipherFromPref(nsIPref *ipref, const char *prefname)
{
PRBool enabled;
for (PRUint16 iCipher = 0; iCipher < SSL_NumImplementedCiphers; ++iCipher)
{
if (!singleton->mCiphers[iCipher].isWanted || !singleton->mCiphers[iCipher].isGood)
continue;
CipherData &cd = singleton->mCiphers[iCipher];
// find cipher ID
if (!nsCRT::strcmp(prefname, cd.GetPrefString()))
{
ipref->GetBoolPref(cd.GetPrefString(), &enabled);
SSL_CipherPrefSetDefault(cd.id, enabled);
break;
}
}
}
PRBool nsCiphers::IsImplementedCipherWanted(PRUint16 implemented_cipher_index)
{
NS_ASSERTION(implemented_cipher_index < SSL_NumImplementedCiphers,
"internal error");
return
singleton->mCiphers[implemented_cipher_index].isWanted
&&
singleton->mCiphers[implemented_cipher_index].isGood;
}
NS_IMPL_ISUPPORTS1(nsCipherInfoService, nsICipherInfoService)
nsCipherInfoService::nsCipherInfoService()
{
NS_INIT_ISUPPORTS();
}
nsCipherInfoService::~nsCipherInfoService()
{
}
NS_IMETHODIMP nsCipherInfoService::ListCiphers(nsISimpleEnumerator **_retval)
{
nsresult rv = NS_OK;
if (!mArray)
{
rv = NS_NewISupportsArray(getter_AddRefs(mArray));
if (NS_FAILED(rv))
return rv;
for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i)
{
if (!nsCiphers::IsImplementedCipherWanted(i))
continue;
nsCipherInfo *nsCI = nsnull;
NS_NEWXPCOM(nsCI, nsCipherInfo);
nsCI->setCipherByImplementedCipherIndex(i);
mArray->AppendElement(NS_STATIC_CAST(nsICipherInfo*, nsCI));
}
}
return NS_NewArrayEnumerator(_retval, mArray);
}
NS_IMPL_ISUPPORTS1(nsCipherInfo, nsICipherInfo)
nsCipherInfo::nsCipherInfo()
:mIsInitialized(PR_FALSE)
{
NS_INIT_ISUPPORTS();
}
nsCipherInfo::~nsCipherInfo()
{
}
void nsCipherInfo::setCipherByImplementedCipherIndex(PRUint16 i)
{
NS_ASSERTION(i < SSL_NumImplementedCiphers, "internal error");
mIsInitialized = PR_TRUE;
mCipherIndex = i;
}
NS_IMETHODIMP nsCipherInfo::GetLongName(char * *aLongName)
{
NS_ENSURE_ARG_POINTER(aLongName);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aLongName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.cipherSuiteName));
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetIsSSL2(PRBool *aIsSSL2)
{
NS_ENSURE_ARG_POINTER(aIsSSL2);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aIsSSL2 = SSL_IS_SSL2_CIPHER(nsCiphers::singleton->mCiphers[mCipherIndex].info.cipherSuite);
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetIsFIPS(PRBool *aIsFIPS)
{
NS_ENSURE_ARG_POINTER(aIsFIPS);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aIsFIPS = nsCiphers::singleton->mCiphers[mCipherIndex].info.isFIPS;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetIsExportable(PRBool *aIsExportable)
{
NS_ENSURE_ARG_POINTER(aIsExportable);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aIsExportable = nsCiphers::singleton->mCiphers[mCipherIndex].info.isExportable;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetNonStandard(PRBool *aNonStandard)
{
NS_ENSURE_ARG_POINTER(aNonStandard);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aNonStandard = nsCiphers::singleton->mCiphers[mCipherIndex].info.nonStandard;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetSymCipherName(char * *aSymCipherName)
{
NS_ENSURE_ARG_POINTER(aSymCipherName);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aSymCipherName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.symCipherName));
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetAuthAlgorithmName(char * *aAuthAlgorithmName)
{
NS_ENSURE_ARG_POINTER(aAuthAlgorithmName);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aAuthAlgorithmName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.authAlgorithmName));
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetKeaTypeName(char * *aKeaTypeName)
{
NS_ENSURE_ARG_POINTER(aKeaTypeName);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aKeaTypeName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.keaTypeName));
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetMacAlgorithmName(char * *aMacAlgorithmName)
{
NS_ENSURE_ARG_POINTER(aMacAlgorithmName);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aMacAlgorithmName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.macAlgorithmName));
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetEffectiveKeyBits(PRInt32 *aEffectiveKeyBits)
{
NS_ENSURE_ARG_POINTER(aEffectiveKeyBits);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
*aEffectiveKeyBits = nsCiphers::singleton->mCiphers[mCipherIndex].info.effectiveKeyBits;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetPrefString(char * *aPrefString)
{
NS_ENSURE_ARG_POINTER(aPrefString);
if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood)
return NS_ERROR_NOT_INITIALIZED;
if (!nsCiphers::singleton->mCiphers[mCipherIndex].isWanted)
{
*aPrefString = nsnull;
return NS_OK;
}
*aPrefString = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].GetPrefString()));
return NS_OK;
}

121
mozilla/security/manager/ssl/src/nsCipherInfo.h
View File

@ -1,121 +0,0 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupportsArray.h"
#include "nsICipherInfo.h"
#include "nsIPref.h"
#include "nsString.h"
#include "sslt.h"
class nsCipherInfo;
class nsCiphers
{
public:
nsCiphers();
~nsCiphers();
static void InitSingleton();
static void DestroySingleton();
static void SetAllCiphersFromPrefs(nsIPref *ipref);
static void SetCipherFromPref(nsIPref *ipref, const char *prefname);
static PRBool IsImplementedCipherWanted(PRUint16 implemented_cipher_index);
private:
static nsCiphers *singleton;
struct CipherData {
CipherData()
:id(0), isWanted(PR_FALSE), isGood(PR_FALSE), heapString(nsnull), dataSegmentString(nsnull) {}
~CipherData() {
if (heapString) nsMemory::Free(heapString);
}
PRUint16 id;
void setDataSegmentPrefString(const char *dss) {
dataSegmentString = dss;
}
void setHeapString(char *hs) {
if (heapString) nsMemory::Free(heapString);
heapString = hs;
}
const char *GetPrefString() {
return heapString ? heapString : dataSegmentString;
}
PRPackedBool isWanted;
PRPackedBool isGood;
SSLCipherSuiteInfo info;
private:
char *heapString;
const char *dataSegmentString;
};
struct CipherData *mCiphers;
friend class nsCipherInfo;
};
class nsCipherInfoService : public nsICipherInfoService
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICIPHERINFOSERVICE
nsCipherInfoService();
virtual ~nsCipherInfoService();
private:
nsCOMPtr<nsISupportsArray> mArray;
};
class nsCipherInfo : public nsICipherInfo
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICIPHERINFO
nsCipherInfo();
virtual ~nsCipherInfo();
void setCipherByImplementedCipherIndex(PRUint16 i);
private:
PRBool mIsInitialized;
PRUint16 mCipherIndex;
};

52
mozilla/security/manager/ssl/src/nsNSSComponent.cpp
View File

@ -67,7 +67,6 @@
#include "nsIBufEntropyCollector.h"
#include "nsIServiceManager.h"
#include "nsILocalFile.h"
#include "nsCipherInfo.h"
#include "nss.h"
#include "pk11func.h"
@ -230,8 +229,6 @@ nsNSSComponent::nsNSSComponent()
NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
++mInstanceCount;
hashTableCerts = nsnull;
nsCiphers::InitSingleton();
}
nsNSSComponent::~nsNSSComponent()
@ -265,8 +262,6 @@ nsNSSComponent::~nsNSSComponent()
PR_DestroyLock(mutex);
mutex = nsnull;
}
nsCiphers::DestroySingleton();
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::dtor finished\n"));
}
@ -494,6 +489,37 @@ nsNSSComponent::RegisterPSMContentListener()
return rv;
}
/* Table of pref names and SSL cipher ID */
typedef struct {
const char* pref;
long id;
} CipherPref;
static CipherPref CipherPrefs[] = {
/* SSL2 ciphers */
{"security.ssl2.rc4_128", SSL_EN_RC4_128_WITH_MD5},
{"security.ssl2.rc2_128", SSL_EN_RC2_128_CBC_WITH_MD5},
{"security.ssl2.des_ede3_192", SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
{"security.ssl2.des_64", SSL_EN_DES_64_CBC_WITH_MD5},
{"security.ssl2.rc4_40", SSL_EN_RC4_128_EXPORT40_WITH_MD5},
{"security.ssl2.rc2_40", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
/* SSL3 ciphers */
{"security.ssl3.fortezza_fortezza_sha", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
{"security.ssl3.fortezza_rc4_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
{"security.ssl3.rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5},
{"security.ssl3.rsa_fips_des_ede3_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
{"security.ssl3.rsa_des_ede3_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA},
{"security.ssl3.rsa_fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_1024_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
{"security.ssl3.rsa_1024_des_cbc_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5},
{"security.ssl3.rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
{"security.ssl3.fortezza_null_sha", SSL_FORTEZZA_DMS_WITH_NULL_SHA},
{"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5},
{NULL, 0} /* end marker */
};
static void setOCSPOptions(nsIPref * pref)
{
// Set up OCSP //
@ -918,7 +944,12 @@ nsNSSComponent::InitializeNSS()
mPref->GetBoolPref("security.enable_tls", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
nsCiphers::SetAllCiphersFromPrefs(mPref);
// Set SSL/TLS ciphers
for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
mPref->GetBoolPref(cp->pref, &enabled);
SSL_CipherPrefSetDefault(cp->id, enabled);
}
// Enable ciphers for PKCS#12
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
@ -1298,7 +1329,14 @@ nsNSSComponent::PrefChanged(const char* prefName)
} else if (!nsCRT::strcmp(prefName, "security.OCSP.enabled")) {
setOCSPOptions(mPref);
} else {
nsCiphers::SetCipherFromPref(mPref, prefName);
/* Look through the cipher table and set according to pref setting */
for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
if (!nsCRT::strcmp(prefName, cp->pref)) {
mPref->GetBoolPref(cp->pref, &enabled);
SSL_CipherPrefSetDefault(cp->id, enabled);
break;
}
}
}
}

1
mozilla/security/manager/ssl/src/nsNSSComponent.h
View File

@ -125,6 +125,7 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
NS_IMETHOD DefineNextTimer() = 0;
NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0;
};
struct PRLock;

9
mozilla/security/manager/ssl/src/nsNSSModule.cpp
View File

@ -46,7 +46,6 @@
#include "nsCertPicker.h"
#include "nsCURILoader.h"
#include "nsICategoryManager.h"
#include "nsCipherInfo.h"
// We must ensure that the nsNSSComponent has been loaded before
// creating any other components.
@ -156,7 +155,6 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSEncoder)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSMessage)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsHash)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCertPicker)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCipherInfoService)
static NS_METHOD RegisterPSMContentListeners(
nsIComponentManager *aCompMgr,
@ -342,13 +340,6 @@ static const nsModuleComponentInfo components[] =
"@mozilla.org/uriloader/psm-external-content-listener;1",
PSMContentListenerConstructor,
RegisterPSMContentListeners
},
{
"PSM Cipher Info",
NS_CIPHERINFOSERVICE_CID,
NS_CIPHERINFOSERVICE_CONTRACTID,
nsCipherInfoServiceConstructor
}
};