--- a/CLOBBER
+++ b/CLOBBER
@@ -17,9 +17,9 @@
 #
 # Modifying this file will now automatically clobber the buildbot machines \o/
 #
 
 # Are you updating CLOBBER because you think it's needed for your WebIDL
 # changes to stick? As of bug 928195, this shouldn't be necessary! Please
 # don't change CLOBBER for WebIDL changes any more.
 
-Bugs 1101331 - See if a CLOBBER helps the situation any.
+bug 1114669 removes nsIStreamCipher.idl, which requires a clobber according to bug 1114669

--- a/security/manager/ssl/public/moz.build
+++ b/security/manager/ssl/public/moz.build
@@ -26,17 +26,16 @@ XPIDL_SOURCES += [
     'nsIPK11TokenDB.idl',
     'nsIPKCS11.idl',
     'nsIPKCS11Module.idl',
     'nsIPKCS11ModuleDB.idl',
     'nsIPKCS11Slot.idl',
     'nsIProtectedAuthThread.idl',
     'nsISSLErrorListener.idl',
     'nsISSLStatus.idl',
-    'nsIStreamCipher.idl',
     'nsITokenDialogs.idl',
     'nsITokenPasswordDialogs.idl',
     'nsIUserCertPicker.idl',
     'nsIX509Cert.idl',
     'nsIX509CertDB.idl',
     'nsIX509CertList.idl',
     'nsIX509CertValidity.idl',
 ]

deleted file mode 100644
--- a/security/manager/ssl/public/nsIStreamCipher.idl
+++ /dev/null
@@ -1,61 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-#include "nsIKeyModule.idl"
-
-interface nsIInputStream;
-
-/**
- * Stream cipher interface.  We're basically copying the interface from
- * nsICryptoHash interface.
- */
-[scriptable, uuid(1d507cd6-1630-4710-af1b-4012dbcc514c)]
-interface nsIStreamCipher : nsISupports
-{
-    /**
-     * Initialize a stream cipher.
-     * @param aKey nsIKeyObject
-     */
-    void init(in nsIKeyObject aKey);
-
-    /**
-     * Initialize a stream cipher with an initialization vector.
-     * @param aKey nsIKeyObject
-     * @param aIV the initialization vector
-     * @param aIVLen the length of the initialization vector
-     */
-    void initWithIV(in nsIKeyObject aKey,
-                    [const, array, size_is(aIVLen)] in octet aIV,
-                    in unsigned long aIVLen);
-
-    /**
-     * Update from an array of bytes.
-     */
-    void update([const, array, size_is(aLen)] in octet aData, in unsigned long aLen);
-
-    /**
-     * Update from a stream.
-     */
-    void updateFromStream(in nsIInputStream aStream, in long aLen);
-
-    /**
-     * A more script friendly method (not in nsICryptoHash interface).
-     */
-    void updateFromString(in ACString aInput);
-
-    /**
-     * @param aASCII if true then the returned value is a base-64
-     *        encoded string.  if false, then the returned value is
-     *        binary data.
-     */
-    ACString finish(in boolean aASCII);
-
-    /**
-     * Discard aLen bytes of the keystream.
-     * These days 1536 is considered a decent amount to drop to get
-     * the key state warmed-up enough for secure usage.
-     */
-    void discard(in long aLen);
-};

--- a/security/manager/ssl/src/moz.build
+++ b/security/manager/ssl/src/moz.build
@@ -53,17 +53,16 @@ UNIFIED_SOURCES += [
     'nsPKCS12Blob.cpp',
     'nsProtectedAuthThread.cpp',
     'nsPSMBackgroundThread.cpp',
     'nsRandomGenerator.cpp',
     'nsSDR.cpp',
     'NSSErrorsService.cpp',
     'nsSSLSocketProvider.cpp',
     'nsSSLStatus.cpp',
-    'nsStreamCipher.cpp',
     'nsTLSSocketProvider.cpp',
     'nsUsageArrayHelper.cpp',
     'PSMRunnable.cpp',
     'SharedSSLState.cpp',
     'SSLServerCertVerification.cpp',
     'TransportSecurityInfo.cpp',
 ]
 

--- a/security/manager/ssl/src/nsNSSModule.cpp
+++ b/security/manager/ssl/src/nsNSSModule.cpp
@@ -26,17 +26,16 @@
 #include "nsCryptoHash.h"
 //For the NS_CRYPTO_CONTRACTID define
 #include "nsDOMCID.h"
 #include "nsNetCID.h"
 #include "nsCertPicker.h"
 #include "nsCURILoader.h"
 #include "nsICategoryManager.h"
 #include "nsNTLMAuthModule.h"
-#include "nsStreamCipher.h"
 #include "nsKeyModule.h"
 #include "nsDataSignatureVerifier.h"
 #include "nsCertOverrideService.h"
 #include "nsRandomGenerator.h"
 #include "nsSSLStatus.h"
 #include "TransportSecurityInfo.h"
 #include "NSSErrorsService.h"
 #include "nsNSSVersion.h"
@@ -196,17 +195,16 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPRO
 #ifdef MOZ_XUL
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree)
 #endif
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertPicker)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCryptoHMAC)
-NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsStreamCipher)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObject)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObjectFactory)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsRandomGenerator)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo)
 
 typedef mozilla::psm::NSSErrorsService NSSErrorsService;
@@ -229,17 +227,16 @@ NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID
 #ifdef MOZ_XUL
 NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
 #endif
 NS_DEFINE_NAMED_CID(NS_PKCS11_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
 NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
 NS_DEFINE_NAMED_CID(NS_CERT_PICKER_CID);
 NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
-NS_DEFINE_NAMED_CID(NS_STREAMCIPHER_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
 NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
 NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
 NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
 NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
 NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
 NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
 NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
@@ -261,17 +258,16 @@ static const mozilla::Module::CIDEntry k
 #ifdef MOZ_XUL
   { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor },
 #endif
   { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor },
   { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
   { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
   { &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor },
   { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
-  { &kNS_STREAMCIPHER_CID, false, nullptr, nsStreamCipherConstructor },
   { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
   { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor },
   { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor },
   { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor },
   { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor },
   { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor },
   { &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor },
   { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor },
@@ -298,17 +294,16 @@ static const mozilla::Module::ContractID
 #endif
   { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID },
   { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
   { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
   { NS_CERT_PICKER_CONTRACTID, &kNS_CERT_PICKER_CID },
   { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
   { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
   { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
-  { NS_STREAMCIPHER_CONTRACTID, &kNS_STREAMCIPHER_CID },
   { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
   { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
   { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
   { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
   { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
   { nullptr }
 };
 

deleted file mode 100644
--- a/security/manager/ssl/src/nsStreamCipher.cpp
+++ /dev/null
@@ -1,186 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsIKeyModule.h"
-#include "nsStreamCipher.h"
-#include "nsStreamUtils.h"
-#include "base64.h"
-
-NS_IMPL_ISUPPORTS(nsStreamCipher, nsIStreamCipher)
-
-nsStreamCipher::nsStreamCipher()
-  : mContext(nullptr)
-{
-}
-
-nsStreamCipher::~nsStreamCipher()
-{
-  if (mContext)
-    PK11_DestroyContext(mContext, true /* free sub-objects */);
-}
-
-nsresult
-nsStreamCipher::InitWithIV_(nsIKeyObject *aKey, SECItem* aIV)
-{
-  NS_ENSURE_ARG_POINTER(aKey);
-
-  // Make sure we have a SYM_KEY.
-  int16_t keyType;
-  nsresult rv = aKey->GetType(&keyType);
-  NS_ENSURE_SUCCESS(rv, rv);
-  if (keyType != nsIKeyObject::SYM_KEY)
-    return NS_ERROR_INVALID_ARG;
-
-  if (mContext)
-    PK11_DestroyContext(mContext, true /* free sub-objects */);
-
-  // Get the PK11SymKey out of the key object and create the PK11Context.
-  void* keyObj;
-  rv = aKey->GetKeyObj(&keyObj);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  PK11SymKey *symkey = reinterpret_cast<PK11SymKey*>(keyObj);
-  if (!symkey)
-    return NS_ERROR_FAILURE;
-
-  CK_MECHANISM_TYPE cipherMech = PK11_GetMechanism(symkey);
-
-  SECItem *param = nullptr;
-  // aIV may be null
-  param = PK11_ParamFromIV(cipherMech, aIV);
-  if (!param)
-    return NS_ERROR_FAILURE;
-
-  mContext = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT,
-                                        symkey, param);
-
-  SECITEM_FreeItem(param, true);
-
-  // Something went wrong if mContext doesn't exist.
-  if (!mContext)
-    return NS_ERROR_FAILURE;
-
-  // Everything went ok.      
-  mValue.Truncate();
-  return NS_OK;
-}
-
-/////////////////////////////////////////////////////////////////////////////
-// nsIStreamCipher
-
-NS_IMETHODIMP nsStreamCipher::Init(nsIKeyObject *aKey)
-{
-  return InitWithIV_(aKey, nullptr);
-}
-
-NS_IMETHODIMP nsStreamCipher::InitWithIV(nsIKeyObject *aKey,
-                                         const uint8_t *aIV, uint32_t aIVLen)
-{
-  SECItem IV;
-  IV.data = (unsigned char*)aIV;
-  IV.len = aIVLen;
-  return InitWithIV_(aKey, &IV);
-}
-
-NS_IMETHODIMP nsStreamCipher::Update(const uint8_t *aData, uint32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  unsigned char* output = new unsigned char[aLen];
-  unsigned char* input = (unsigned char*)aData;
-  
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, aLen, input, aLen);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION((uint32_t)setLen == aLen, "data length should not change");
-
-  mValue.Append((const char*)output, aLen);
-
-  delete [] output;
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::UpdateFromStream(nsIInputStream *aStream,
-                                               int32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  nsCString inputString;
-  nsresult rv = NS_ConsumeStream(aStream, aLen, inputString);
-  NS_ENSURE_SUCCESS(rv, rv);
-  
-  return UpdateFromString(inputString);
-}
-
-NS_IMETHODIMP nsStreamCipher::UpdateFromString(const nsACString& aInput)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  const nsCString& flatInput = PromiseFlatCString(aInput);
-  unsigned char* input = (unsigned char*)flatInput.get();
-  uint32_t len = aInput.Length();
-
-  unsigned char* output = new unsigned char[len];
-
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, len, input, len);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION((uint32_t)setLen == len, "data length should not change");
-
-  mValue.Append((const char*)output, len);
-  delete [] output;
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::Finish(bool aASCII, nsACString & _retval)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  if (aASCII) {
-    char *asciiData = BTOA_DataToAscii((unsigned char*)(mValue.get()),
-                                       mValue.Length());
-    _retval.Assign(asciiData);
-    PORT_Free(asciiData);
-  } else {
-    _retval.Assign(mValue);
-  }
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP nsStreamCipher::Discard(int32_t aLen)
-{
-  if (!mContext)
-    return NS_ERROR_NOT_INITIALIZED;
-
-  unsigned char* output = new unsigned char[aLen];
-  unsigned char* input = new unsigned char[aLen];
-
-  int32_t setLen;
-
-#ifdef DEBUG
-  SECStatus rv =
-#endif
-    PK11_CipherOp(mContext, output, &setLen, aLen, input, aLen);
-  NS_ASSERTION(rv == SECSuccess, "failed to encrypt");
-  NS_ASSERTION(setLen == aLen, "data length should not change");
-  
-  delete [] output;
-  delete [] input;
-  return NS_OK;
-}

deleted file mode 100644
--- a/security/manager/ssl/src/nsStreamCipher.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#ifndef _NS_STREAMCIPHER_H_
-#define _NS_STREAMCIPHER_H_
-
-#include "nsIStreamCipher.h"
-#include "nsString.h"
-#include "pk11func.h"
-#include "mozilla/Attributes.h"
-
-/* dbfcbe4a-10f7-4d6f-a481-68e6d6b71d21 */
-#define NS_STREAMCIPHER_CID   \
-{ 0xdbfcbe4a, 0x10f7, 0x4d6f, {0xa4, 0x81, 0x68, 0xe6, 0xd6, 0xb7, 0x1d, 0x21}}
-#define NS_STREAMCIPHER_CONTRACTID "@mozilla.org/security/streamcipher;1"
-
-class nsStreamCipher MOZ_FINAL : public nsIStreamCipher
-{
-public:
-  nsStreamCipher();
-
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSISTREAMCIPHER
-
-private:
-  ~nsStreamCipher();
-
-  // Helper method for initializing this object.
-  // aIV may be null.
-  nsresult InitWithIV_(nsIKeyObject *aKey, SECItem* aIV);
-  
-  // Disallow copy constructor
-  nsStreamCipher(nsStreamCipher&);
-
-  // Holds our stream cipher context.
-  PK11Context* mContext;
-
-  // Holds the amount we've computed so far.
-  nsCString mValue;
-};
-
-#endif // _NS_STREAMCIPHER_H_