diff --git a/mozilla/security/manager/pki/resources/content/pref-ciphers.xul b/mozilla/security/manager/pki/resources/content/pref-ciphers.xul index 7829e54adb3..e041d7c2e7e 100644 --- a/mozilla/security/manager/pki/resources/content/pref-ciphers.xul +++ b/mozilla/security/manager/pki/resources/content/pref-ciphers.xul @@ -29,31 +29,11 @@ - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + diff --git a/mozilla/security/manager/pki/resources/locale/en-US/pref-ssl.dtd b/mozilla/security/manager/pki/resources/locale/en-US/pref-ssl.dtd index af687b81df9..c8c085e5acc 100644 --- a/mozilla/security/manager/pki/resources/locale/en-US/pref-ssl.dtd +++ b/mozilla/security/manager/pki/resources/locale/en-US/pref-ssl.dtd @@ -50,15 +50,22 @@ - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + diff --git a/mozilla/security/manager/ssl/macbuild/PIPNSS.xml b/mozilla/security/manager/ssl/macbuild/PIPNSS.xml index 5ad46bb5938..2ff84147659 100644 --- a/mozilla/security/manager/ssl/macbuild/PIPNSS.xml +++ b/mozilla/security/manager/ssl/macbuild/PIPNSS.xml @@ -1152,13 +1152,6 @@ Text - - Name - nsCipherInfo.cpp - MacOS - Text - - Name nsCMS.cpp @@ -1328,11 +1321,6 @@ nsCertPicker.cpp MacOS - - Name - nsCipherInfo.cpp - MacOS - Name nsCMS.cpp @@ -2464,13 +2452,6 @@ Text - - Name - nsCipherInfo.cpp - MacOS - Text - - Name nsCMS.cpp @@ -2640,11 +2621,6 @@ nsCertPicker.cpp MacOS - - Name - nsCipherInfo.cpp - MacOS - Name nsCMS.cpp @@ -2932,12 +2908,6 @@ nsCertPicker.cpp MacOS - - PIPNSS.shlb - Name - nsCipherInfo.cpp - MacOS - PIPNSS.shlb Name diff --git a/mozilla/security/manager/ssl/macbuild/pipnssIDL.xml b/mozilla/security/manager/ssl/macbuild/pipnssIDL.xml index f6dc7f0c90f..e9a1e36c8f5 100644 --- a/mozilla/security/manager/ssl/macbuild/pipnssIDL.xml +++ b/mozilla/security/manager/ssl/macbuild/pipnssIDL.xml @@ -811,13 +811,6 @@ Text - - Name - nsICipherInfo.idl - MacOS - Text - - @@ -885,11 +878,6 @@ nsICMS.idl MacOS - - Name - nsICipherInfo.idl - MacOS - @@ -1650,13 +1638,6 @@ Text - - Name - nsICipherInfo.idl - MacOS - Text - - @@ -1724,11 +1705,6 @@ nsICMS.idl MacOS - - Name - nsICipherInfo.idl - MacOS - @@ -1819,12 +1795,6 @@ nsICMS.idl MacOS - - headers - Name - nsICipherInfo.idl - MacOS - diff --git a/mozilla/security/manager/ssl/public/Makefile.in b/mozilla/security/manager/ssl/public/Makefile.in index ab69acb81c2..d6e48f28336 100644 --- a/mozilla/security/manager/ssl/public/Makefile.in +++ b/mozilla/security/manager/ssl/public/Makefile.in @@ -57,7 +57,6 @@ XPIDLSRCS = \ nsICMSSecureMessage.idl \ nsICMS.idl \ nsIUserCertPicker.idl \ - nsICipherInfo.idl \ $(NULL) include $(topsrcdir)/config/rules.mk diff --git a/mozilla/security/manager/ssl/public/makefile.win b/mozilla/security/manager/ssl/public/makefile.win index 4c9c3b88979..58df9c2f8a0 100644 --- a/mozilla/security/manager/ssl/public/makefile.win +++ b/mozilla/security/manager/ssl/public/makefile.win @@ -57,7 +57,6 @@ XPIDLSRCS= \ .\nsICMSSecureMessage.idl \ .\nsICMS.idl \ .\nsIUserCertPicker.idl \ - .\nsICipherInfo.idl \ $(NULL) diff --git a/mozilla/security/manager/ssl/public/nsICipherInfo.idl b/mozilla/security/manager/ssl/public/nsICipherInfo.idl index f92a6f1215d..e69de29bb2d 100644 --- a/mozilla/security/manager/ssl/public/nsICipherInfo.idl +++ b/mozilla/security/manager/ssl/public/nsICipherInfo.idl @@ -1,75 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is Mozilla Communicator. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 2002 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "nsISupports.idl" -#include "nsISimpleEnumerator.idl" - -[scriptable, uuid(766d47cb-6d8c-4e71-b6b7-336917629a69)] -interface nsICipherInfoService : nsISupports -{ - nsISimpleEnumerator listCiphers(); -}; - -[scriptable, uuid(028e2b2a-1f0b-43a4-a1a7-365d2d7f35d0)] -interface nsICipherInfo : nsISupports -{ - readonly attribute string longName; - - readonly attribute PRBool isSSL2; - readonly attribute PRBool isFIPS; - readonly attribute PRBool isExportable; - readonly attribute PRBool nonStandard; - readonly attribute string symCipherName; - readonly attribute string authAlgorithmName; - readonly attribute string keaTypeName; - readonly attribute string macAlgorithmName; - readonly attribute PRInt32 effectiveKeyBits; - - readonly attribute string prefString; -}; - -%{C++ - -#define NS_CIPHERINFOSERVICE_CID { /* ec693a6f-0832-49dd-877c-89f6552df5de */ \ - 0xec693a6f, \ - 0x0832, \ - 0x49dd, \ - {0x87, 0x7c, 0x89, 0xf6, 0x55, 0x2d, 0xf5, 0xde} \ - } - -#define NS_CIPHERINFOSERVICE_CONTRACTID "@mozilla.org/security/cipherinfo;1" - -%} diff --git a/mozilla/security/manager/ssl/src/Makefile.in b/mozilla/security/manager/ssl/src/Makefile.in index 89d77c3d4aa..b7a82cea376 100644 --- a/mozilla/security/manager/ssl/src/Makefile.in +++ b/mozilla/security/manager/ssl/src/Makefile.in @@ -68,7 +68,6 @@ CPPSRCS = \ nsCMSSecureMessage.cpp \ nsCMS.cpp \ nsCertPicker.cpp \ - nsCipherInfo.cpp \ $(NULL) REQUIRES = nspr \ diff --git a/mozilla/security/manager/ssl/src/makefile.win b/mozilla/security/manager/ssl/src/makefile.win index db7b212ce38..915b0761100 100644 --- a/mozilla/security/manager/ssl/src/makefile.win +++ b/mozilla/security/manager/ssl/src/makefile.win @@ -144,7 +144,6 @@ OBJS = \ .\$(OBJDIR)\nsCMSSecureMessage.obj \ .\$(OBJDIR)\nsCMS.obj \ .\$(OBJDIR)\nsCertPicker.obj \ - .\$(OBJDIR)\nsCipherInfo.obj \ $(NULL) include <$(DEPTH)\config\rules.mak> diff --git a/mozilla/security/manager/ssl/src/nsCipherInfo.cpp b/mozilla/security/manager/ssl/src/nsCipherInfo.cpp index 591ac451f36..e69de29bb2d 100644 --- a/mozilla/security/manager/ssl/src/nsCipherInfo.cpp +++ b/mozilla/security/manager/ssl/src/nsCipherInfo.cpp @@ -1,414 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is Mozilla Communicator. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 2002 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "nsCipherInfo.h" -#include "nsReadableUtils.h" -#include "nsEnumeratorUtils.h" -#include "nsCRT.h" -#include "ssl.h" -#include "sslproto.h" - -nsCiphers* nsCiphers::singleton = nsnull; - -void nsCiphers::InitSingleton() -{ - NS_ASSERTION(!singleton, "trying to instantiate nsCiphers::singleton twice"); - - singleton = new nsCiphers(); -} - -void nsCiphers::DestroySingleton() -{ - delete singleton; - singleton = nsnull; -} - - -struct struct_historical_cipher_pref_strings -{ - PRUint16 cipher_id; - const char *pref_string; -} - const historical_cipher_pref_strings[] = -{ - { SSL_EN_RC4_128_WITH_MD5, "security.ssl2.rc4_128" }, - { SSL_EN_RC2_128_CBC_WITH_MD5, "security.ssl2.rc2_128" }, - { SSL_EN_DES_192_EDE3_CBC_WITH_MD5, "security.ssl2.des_ede3_192" }, - { SSL_EN_DES_64_CBC_WITH_MD5, "security.ssl2.des_64" }, - { SSL_EN_RC4_128_EXPORT40_WITH_MD5, "security.ssl2.rc4_40" }, - { SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, "security.ssl2.rc2_40" }, - { SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, "security.ssl3.fortezza_fortezza_sha" }, - { SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, "security.ssl3.fortezza_rc4_sha" }, - { SSL_RSA_WITH_RC4_128_MD5, "security.ssl3.rsa_rc4_128_md5" }, - { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, "security.ssl3.rsa_fips_des_ede3_sha" }, - { SSL_RSA_WITH_3DES_EDE_CBC_SHA, "security.ssl3.rsa_des_ede3_sha" }, - { SSL_RSA_FIPS_WITH_DES_CBC_SHA, "security.ssl3.rsa_fips_des_sha" }, - { SSL_RSA_WITH_DES_CBC_SHA, "security.ssl3.rsa_des_sha" }, - { TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, "security.ssl3.rsa_1024_rc4_56_sha" }, - { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, "security.ssl3.rsa_1024_des_cbc_sha" }, - { SSL_RSA_EXPORT_WITH_RC4_40_MD5, "security.ssl3.rsa_rc4_40_md5" }, - { SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5, "security.ssl3.rsa_rc2_40_md5" }, - { SSL_FORTEZZA_DMS_WITH_NULL_SHA, "security.ssl3.fortezza_null_sha" }, - { SSL_RSA_WITH_NULL_MD5, "security.ssl3.rsa_null_md5" } -}; - -const PRUint16 number_of_historical_cipher_pref_strings = - sizeof(historical_cipher_pref_strings) - / sizeof(struct_historical_cipher_pref_strings); - -PRBool isCipherWithHistoricaPrefString(const PRUint16 cipher_id, PRUint16 &out_index_into_array) -{ - for (PRUint16 i = 0; i < number_of_historical_cipher_pref_strings; ++i) - { - if (cipher_id == historical_cipher_pref_strings[i].cipher_id) - { - out_index_into_array = i; - return PR_TRUE; - } - } - - return PR_FALSE; -} - -nsCiphers::nsCiphers() -{ - // count number of wanted ciphers - - mCiphers = new CipherData[SSL_NumImplementedCiphers]; - - if (!mCiphers) - return; - - for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i) - { - CipherData &data = mCiphers[i]; - - data.id = SSL_ImplementedCiphers[i]; - - switch (data.id) - { - case SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: - case SSL_RSA_FIPS_WITH_DES_CBC_SHA: - // filter out no longer supported ciphers - data.isWanted = PR_FALSE; - break; - - case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: - case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: - case SSL_FORTEZZA_DMS_WITH_NULL_SHA: - // filter out fortezza ciphers until we implement proper UI handling - data.isWanted = PR_FALSE; - break; - - default: - data.isWanted = PR_TRUE; - break; - } - - if (!data.isWanted) - continue; - - // In past versions, there was a hardcoded mapping from cipher IDs - // to preference strings. - // In order to be backwards compatible with regards to preferences, - // we need to continue using those strings. - // However, we are now using the available ciphers from NSS dynamically, - // therefore we are using automatic preference string creation for - // any other ciphers. - - - data.isGood = ( - (SECSuccess == SSL_GetCipherSuiteInfo(data.id, &data.info, sizeof(data.info))) - && - (sizeof(data.info) == data.info.length)); - - if (!data.isGood) - { - NS_ASSERTION(0, "unable to get info for implemented cipher"); - continue; - } - - PRUint16 array_index = 0; - if (isCipherWithHistoricaPrefString(data.id, array_index)) - { - data.setDataSegmentPrefString( historical_cipher_pref_strings[array_index].pref_string ); - } - else - { - nsCAutoString pref; - pref.Append("security."); - pref.Append( SSL_IS_SSL2_CIPHER(data.info.cipherSuite) ? "ssl2." : "ssl3." ); - pref.Append(data.info.cipherSuiteName); - ToLowerCase(pref); - data.setHeapString(ToNewCString(pref)); - } - } -} - -nsCiphers::~nsCiphers() -{ - delete [] mCiphers; -} - -void nsCiphers::SetAllCiphersFromPrefs(nsIPref *ipref) -{ - PRBool enabled; - for (PRUint16 iCipher = 0; iCipher < SSL_NumImplementedCiphers; ++iCipher) - { - if (!singleton->mCiphers[iCipher].isWanted || !singleton->mCiphers[iCipher].isGood) - continue; - - CipherData &cd = singleton->mCiphers[iCipher]; - - ipref->GetBoolPref(cd.GetPrefString(), &enabled); - SSL_CipherPrefSetDefault(cd.id, enabled); - } -} - -void nsCiphers::SetCipherFromPref(nsIPref *ipref, const char *prefname) -{ - PRBool enabled; - for (PRUint16 iCipher = 0; iCipher < SSL_NumImplementedCiphers; ++iCipher) - { - if (!singleton->mCiphers[iCipher].isWanted || !singleton->mCiphers[iCipher].isGood) - continue; - - CipherData &cd = singleton->mCiphers[iCipher]; - - // find cipher ID - if (!nsCRT::strcmp(prefname, cd.GetPrefString())) - { - ipref->GetBoolPref(cd.GetPrefString(), &enabled); - SSL_CipherPrefSetDefault(cd.id, enabled); - break; - } - } -} - -PRBool nsCiphers::IsImplementedCipherWanted(PRUint16 implemented_cipher_index) -{ - NS_ASSERTION(implemented_cipher_index < SSL_NumImplementedCiphers, - "internal error"); - - return - singleton->mCiphers[implemented_cipher_index].isWanted - && - singleton->mCiphers[implemented_cipher_index].isGood; -} - -NS_IMPL_ISUPPORTS1(nsCipherInfoService, nsICipherInfoService) - -nsCipherInfoService::nsCipherInfoService() -{ - NS_INIT_ISUPPORTS(); -} - -nsCipherInfoService::~nsCipherInfoService() -{ -} - -NS_IMETHODIMP nsCipherInfoService::ListCiphers(nsISimpleEnumerator **_retval) -{ - nsresult rv = NS_OK; - - if (!mArray) - { - rv = NS_NewISupportsArray(getter_AddRefs(mArray)); - if (NS_FAILED(rv)) - return rv; - - for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i) - { - if (!nsCiphers::IsImplementedCipherWanted(i)) - continue; - - nsCipherInfo *nsCI = nsnull; - NS_NEWXPCOM(nsCI, nsCipherInfo); - nsCI->setCipherByImplementedCipherIndex(i); - mArray->AppendElement(NS_STATIC_CAST(nsICipherInfo*, nsCI)); - } - } - - return NS_NewArrayEnumerator(_retval, mArray); -} - - -NS_IMPL_ISUPPORTS1(nsCipherInfo, nsICipherInfo) - -nsCipherInfo::nsCipherInfo() -:mIsInitialized(PR_FALSE) -{ - NS_INIT_ISUPPORTS(); -} - -nsCipherInfo::~nsCipherInfo() -{ -} - -void nsCipherInfo::setCipherByImplementedCipherIndex(PRUint16 i) -{ - NS_ASSERTION(i < SSL_NumImplementedCiphers, "internal error"); - - mIsInitialized = PR_TRUE; - mCipherIndex = i; -} - -NS_IMETHODIMP nsCipherInfo::GetLongName(char * *aLongName) -{ - NS_ENSURE_ARG_POINTER(aLongName); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aLongName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.cipherSuiteName)); - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetIsSSL2(PRBool *aIsSSL2) -{ - NS_ENSURE_ARG_POINTER(aIsSSL2); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aIsSSL2 = SSL_IS_SSL2_CIPHER(nsCiphers::singleton->mCiphers[mCipherIndex].info.cipherSuite); - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetIsFIPS(PRBool *aIsFIPS) -{ - NS_ENSURE_ARG_POINTER(aIsFIPS); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aIsFIPS = nsCiphers::singleton->mCiphers[mCipherIndex].info.isFIPS; - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetIsExportable(PRBool *aIsExportable) -{ - NS_ENSURE_ARG_POINTER(aIsExportable); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aIsExportable = nsCiphers::singleton->mCiphers[mCipherIndex].info.isExportable; - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetNonStandard(PRBool *aNonStandard) -{ - NS_ENSURE_ARG_POINTER(aNonStandard); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aNonStandard = nsCiphers::singleton->mCiphers[mCipherIndex].info.nonStandard; - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetSymCipherName(char * *aSymCipherName) -{ - NS_ENSURE_ARG_POINTER(aSymCipherName); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aSymCipherName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.symCipherName)); - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetAuthAlgorithmName(char * *aAuthAlgorithmName) -{ - NS_ENSURE_ARG_POINTER(aAuthAlgorithmName); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aAuthAlgorithmName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.authAlgorithmName)); - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetKeaTypeName(char * *aKeaTypeName) -{ - NS_ENSURE_ARG_POINTER(aKeaTypeName); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aKeaTypeName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.keaTypeName)); - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetMacAlgorithmName(char * *aMacAlgorithmName) -{ - NS_ENSURE_ARG_POINTER(aMacAlgorithmName); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aMacAlgorithmName = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].info.macAlgorithmName)); - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetEffectiveKeyBits(PRInt32 *aEffectiveKeyBits) -{ - NS_ENSURE_ARG_POINTER(aEffectiveKeyBits); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - *aEffectiveKeyBits = nsCiphers::singleton->mCiphers[mCipherIndex].info.effectiveKeyBits; - return NS_OK; -} - -NS_IMETHODIMP nsCipherInfo::GetPrefString(char * *aPrefString) -{ - NS_ENSURE_ARG_POINTER(aPrefString); - - if (!mIsInitialized || !nsCiphers::singleton->mCiphers[mCipherIndex].isGood) - return NS_ERROR_NOT_INITIALIZED; - - if (!nsCiphers::singleton->mCiphers[mCipherIndex].isWanted) - { - *aPrefString = nsnull; - return NS_OK; - } - - *aPrefString = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].GetPrefString())); - return NS_OK; -} diff --git a/mozilla/security/manager/ssl/src/nsCipherInfo.h b/mozilla/security/manager/ssl/src/nsCipherInfo.h index 2453f327c84..e69de29bb2d 100644 --- a/mozilla/security/manager/ssl/src/nsCipherInfo.h +++ b/mozilla/security/manager/ssl/src/nsCipherInfo.h @@ -1,121 +0,0 @@ -/* ***** BEGIN LICENSE BLOCK ***** - * Version: MPL 1.1/GPL 2.0/LGPL 2.1 - * - * The contents of this file are subject to the Mozilla Public License Version - * 1.1 (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS IS" basis, - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License - * for the specific language governing rights and limitations under the - * License. - * - * The Original Code is Mozilla Communicator. - * - * The Initial Developer of the Original Code is - * Netscape Communications Corporation. - * Portions created by the Initial Developer are Copyright (C) 2002 - * the Initial Developer. All Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the terms of - * either the GNU General Public License Version 2 or later (the "GPL"), or - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), - * in which case the provisions of the GPL or the LGPL are applicable instead - * of those above. If you wish to allow use of your version of this file only - * under the terms of either the GPL or the LGPL, and not to allow others to - * use your version of this file under the terms of the MPL, indicate your - * decision by deleting the provisions above and replace them with the notice - * and other provisions required by the GPL or the LGPL. If you do not delete - * the provisions above, a recipient may use your version of this file under - * the terms of any one of the MPL, the GPL or the LGPL. - * - * ***** END LICENSE BLOCK ***** */ - -#include "nsISupportsArray.h" -#include "nsICipherInfo.h" -#include "nsIPref.h" -#include "nsString.h" -#include "sslt.h" - -class nsCipherInfo; - -class nsCiphers -{ -public: - nsCiphers(); - ~nsCiphers(); - - static void InitSingleton(); - static void DestroySingleton(); - - static void SetAllCiphersFromPrefs(nsIPref *ipref); - static void SetCipherFromPref(nsIPref *ipref, const char *prefname); - - static PRBool IsImplementedCipherWanted(PRUint16 implemented_cipher_index); - -private: - static nsCiphers *singleton; - - struct CipherData { - CipherData() - :id(0), isWanted(PR_FALSE), isGood(PR_FALSE), heapString(nsnull), dataSegmentString(nsnull) {} - - ~CipherData() { - if (heapString) nsMemory::Free(heapString); - } - - PRUint16 id; - void setDataSegmentPrefString(const char *dss) { - dataSegmentString = dss; - } - void setHeapString(char *hs) { - if (heapString) nsMemory::Free(heapString); - heapString = hs; - } - const char *GetPrefString() { - return heapString ? heapString : dataSegmentString; - } - PRPackedBool isWanted; - PRPackedBool isGood; - SSLCipherSuiteInfo info; - private: - char *heapString; - const char *dataSegmentString; - }; - - struct CipherData *mCiphers; - - friend class nsCipherInfo; -}; - -class nsCipherInfoService : public nsICipherInfoService -{ -public: - NS_DECL_ISUPPORTS - NS_DECL_NSICIPHERINFOSERVICE - - nsCipherInfoService(); - virtual ~nsCipherInfoService(); - -private: - nsCOMPtr mArray; -}; - -class nsCipherInfo : public nsICipherInfo -{ -public: - NS_DECL_ISUPPORTS - NS_DECL_NSICIPHERINFO - - nsCipherInfo(); - virtual ~nsCipherInfo(); - - void setCipherByImplementedCipherIndex(PRUint16 i); - -private: - PRBool mIsInitialized; - PRUint16 mCipherIndex; -}; diff --git a/mozilla/security/manager/ssl/src/nsNSSComponent.cpp b/mozilla/security/manager/ssl/src/nsNSSComponent.cpp index 83256e43556..2a7c7cf360a 100644 --- a/mozilla/security/manager/ssl/src/nsNSSComponent.cpp +++ b/mozilla/security/manager/ssl/src/nsNSSComponent.cpp @@ -67,7 +67,6 @@ #include "nsIBufEntropyCollector.h" #include "nsIServiceManager.h" #include "nsILocalFile.h" -#include "nsCipherInfo.h" #include "nss.h" #include "pk11func.h" @@ -230,8 +229,6 @@ nsNSSComponent::nsNSSComponent() NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!"); ++mInstanceCount; hashTableCerts = nsnull; - - nsCiphers::InitSingleton(); } nsNSSComponent::~nsNSSComponent() @@ -265,8 +262,6 @@ nsNSSComponent::~nsNSSComponent() PR_DestroyLock(mutex); mutex = nsnull; } - - nsCiphers::DestroySingleton(); PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::dtor finished\n")); } @@ -494,6 +489,37 @@ nsNSSComponent::RegisterPSMContentListener() return rv; } +/* Table of pref names and SSL cipher ID */ +typedef struct { + const char* pref; + long id; +} CipherPref; + +static CipherPref CipherPrefs[] = { +/* SSL2 ciphers */ + {"security.ssl2.rc4_128", SSL_EN_RC4_128_WITH_MD5}, + {"security.ssl2.rc2_128", SSL_EN_RC2_128_CBC_WITH_MD5}, + {"security.ssl2.des_ede3_192", SSL_EN_DES_192_EDE3_CBC_WITH_MD5}, + {"security.ssl2.des_64", SSL_EN_DES_64_CBC_WITH_MD5}, + {"security.ssl2.rc4_40", SSL_EN_RC4_128_EXPORT40_WITH_MD5}, + {"security.ssl2.rc2_40", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5}, + /* SSL3 ciphers */ + {"security.ssl3.fortezza_fortezza_sha", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA}, + {"security.ssl3.fortezza_rc4_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA}, + {"security.ssl3.rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5}, + {"security.ssl3.rsa_fips_des_ede3_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA}, + {"security.ssl3.rsa_des_ede3_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA}, + {"security.ssl3.rsa_fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA}, + {"security.ssl3.rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA}, + {"security.ssl3.rsa_1024_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}, + {"security.ssl3.rsa_1024_des_cbc_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}, + {"security.ssl3.rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5}, + {"security.ssl3.rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}, + {"security.ssl3.fortezza_null_sha", SSL_FORTEZZA_DMS_WITH_NULL_SHA}, + {"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5}, + {NULL, 0} /* end marker */ +}; + static void setOCSPOptions(nsIPref * pref) { // Set up OCSP // @@ -918,7 +944,12 @@ nsNSSComponent::InitializeNSS() mPref->GetBoolPref("security.enable_tls", &enabled); SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled); - nsCiphers::SetAllCiphersFromPrefs(mPref); + // Set SSL/TLS ciphers + for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) { + mPref->GetBoolPref(cp->pref, &enabled); + + SSL_CipherPrefSetDefault(cp->id, enabled); + } // Enable ciphers for PKCS#12 SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1); @@ -1298,7 +1329,14 @@ nsNSSComponent::PrefChanged(const char* prefName) } else if (!nsCRT::strcmp(prefName, "security.OCSP.enabled")) { setOCSPOptions(mPref); } else { - nsCiphers::SetCipherFromPref(mPref, prefName); + /* Look through the cipher table and set according to pref setting */ + for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) { + if (!nsCRT::strcmp(prefName, cp->pref)) { + mPref->GetBoolPref(cp->pref, &enabled); + SSL_CipherPrefSetDefault(cp->id, enabled); + break; + } + } } } diff --git a/mozilla/security/manager/ssl/src/nsNSSComponent.h b/mozilla/security/manager/ssl/src/nsNSSComponent.h index db2a82b74d5..a4000fc0023 100644 --- a/mozilla/security/manager/ssl/src/nsNSSComponent.h +++ b/mozilla/security/manager/ssl/src/nsNSSComponent.h @@ -125,6 +125,7 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports { NS_IMETHOD DefineNextTimer() = 0; NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0; + }; struct PRLock; diff --git a/mozilla/security/manager/ssl/src/nsNSSModule.cpp b/mozilla/security/manager/ssl/src/nsNSSModule.cpp index 7f79d2e65bc..2b4042cdab5 100644 --- a/mozilla/security/manager/ssl/src/nsNSSModule.cpp +++ b/mozilla/security/manager/ssl/src/nsNSSModule.cpp @@ -46,7 +46,6 @@ #include "nsCertPicker.h" #include "nsCURILoader.h" #include "nsICategoryManager.h" -#include "nsCipherInfo.h" // We must ensure that the nsNSSComponent has been loaded before // creating any other components. @@ -156,7 +155,6 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSEncoder) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSMessage) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsHash) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCertPicker) -NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCipherInfoService) static NS_METHOD RegisterPSMContentListeners( nsIComponentManager *aCompMgr, @@ -342,13 +340,6 @@ static const nsModuleComponentInfo components[] = "@mozilla.org/uriloader/psm-external-content-listener;1", PSMContentListenerConstructor, RegisterPSMContentListeners - }, - - { - "PSM Cipher Info", - NS_CIPHERINFOSERVICE_CID, - NS_CIPHERINFOSERVICE_CONTRACTID, - nsCipherInfoServiceConstructor } };