Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(269)

Side by Side Diff: net/socket/ssl_client_socket_impl.cc

Issue 2192053002: Metric & meta-metric for CECPQ1 handshake latency. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix an unreachable code error (Windows compiler) Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_pool.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_impl.h" 5 #include "net/socket/ssl_client_socket_impl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <openssl/bio.h> 8 #include <openssl/bio.h>
9 #include <openssl/bytestring.h> 9 #include <openssl/bytestring.h>
10 #include <openssl/err.h> 10 #include <openssl/err.h>
11 #include <openssl/evp.h> 11 #include <openssl/evp.h>
12 #include <openssl/mem.h> 12 #include <openssl/mem.h>
13 #include <openssl/ssl.h> 13 #include <openssl/ssl.h>
14 #include <string.h> 14 #include <string.h>
15 15
16 #include <utility> 16 #include <utility>
17 17
18 #include "base/bind.h" 18 #include "base/bind.h"
19 #include "base/callback_helpers.h" 19 #include "base/callback_helpers.h"
20 #include "base/feature_list.h"
21 #include "base/lazy_instance.h" 20 #include "base/lazy_instance.h"
22 #include "base/macros.h" 21 #include "base/macros.h"
23 #include "base/memory/singleton.h" 22 #include "base/memory/singleton.h"
24 #include "base/metrics/field_trial.h" 23 #include "base/metrics/field_trial.h"
25 #include "base/metrics/histogram_macros.h" 24 #include "base/metrics/histogram_macros.h"
26 #include "base/metrics/sparse_histogram.h" 25 #include "base/metrics/sparse_histogram.h"
27 #include "base/profiler/scoped_tracker.h" 26 #include "base/profiler/scoped_tracker.h"
28 #include "base/strings/string_number_conversions.h" 27 #include "base/strings/string_number_conversions.h"
29 #include "base/strings/string_piece.h" 28 #include "base/strings/string_piece.h"
30 #include "base/synchronization/lock.h" 29 #include "base/synchronization/lock.h"
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
79 78
80 // TLS extension number use for Token Binding. 79 // TLS extension number use for Token Binding.
81 const unsigned int kTbExtNum = 24; 80 const unsigned int kTbExtNum = 24;
82 81
83 // Token Binding ProtocolVersions supported. 82 // Token Binding ProtocolVersions supported.
84 const uint8_t kTbProtocolVersionMajor = 0; 83 const uint8_t kTbProtocolVersionMajor = 0;
85 const uint8_t kTbProtocolVersionMinor = 8; 84 const uint8_t kTbProtocolVersionMinor = 8;
86 const uint8_t kTbMinProtocolVersionMajor = 0; 85 const uint8_t kTbMinProtocolVersionMajor = 0;
87 const uint8_t kTbMinProtocolVersionMinor = 6; 86 const uint8_t kTbMinProtocolVersionMinor = 6;
88 87
89 #if !defined(OS_NACL)
90 const base::Feature kPostQuantumExperiment{"SSLPostQuantumExperiment",
91 base::FEATURE_DISABLED_BY_DEFAULT};
92 #endif
93
94 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) { 88 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {
95 switch (EVP_MD_type(md)) { 89 switch (EVP_MD_type(md)) {
96 case NID_md5_sha1: 90 case NID_md5_sha1:
97 *hash = SSLPrivateKey::Hash::MD5_SHA1; 91 *hash = SSLPrivateKey::Hash::MD5_SHA1;
98 return true; 92 return true;
99 case NID_sha1: 93 case NID_sha1:
100 *hash = SSLPrivateKey::Hash::SHA1; 94 *hash = SSLPrivateKey::Hash::SHA1;
101 return true; 95 return true;
102 case NID_sha256: 96 case NID_sha256:
103 *hash = SSLPrivateKey::Hash::SHA256; 97 *hash = SSLPrivateKey::Hash::SHA256;
(...skipping 897 matching lines...) Expand 10 before | Expand all | Expand 10 after
1001 995
1002 SSL_set_mode(ssl_, mode.set_mask); 996 SSL_set_mode(ssl_, mode.set_mask);
1003 SSL_clear_mode(ssl_, mode.clear_mask); 997 SSL_clear_mode(ssl_, mode.clear_mask);
1004 998
1005 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers 999 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
1006 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable 1000 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable
1007 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not 1001 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not
1008 // supported. As DHE is being deprecated, don't add a cipher only to remove it 1002 // supported. As DHE is being deprecated, don't add a cipher only to remove it
1009 // immediately. 1003 // immediately.
1010 std::string command; 1004 std::string command;
1011 #if !defined(OS_NACL) 1005 if (SSLClientSocket::IsPostQuantumExperimentEnabled()) {
1012 if (base::FeatureList::IsEnabled(kPostQuantumExperiment)) {
1013 // These are experimental, non-standard ciphersuites. They are part of an 1006 // These are experimental, non-standard ciphersuites. They are part of an
1014 // experiment in post-quantum cryptography. They're not intended to 1007 // experiment in post-quantum cryptography. They're not intended to
1015 // represent a de-facto standard, and will be removed from BoringSSL in 1008 // represent a de-facto standard, and will be removed from BoringSSL in
1016 // ~2018. 1009 // ~2018.
1017 if (EVP_has_aes_hardware()) { 1010 if (EVP_has_aes_hardware()) {
1018 command.append( 1011 command.append(
1019 "CECPQ1-RSA-AES256-GCM-SHA384:" 1012 "CECPQ1-RSA-AES256-GCM-SHA384:"
1020 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); 1013 "CECPQ1-ECDSA-AES256-GCM-SHA384:");
1021 } 1014 }
1022 command.append( 1015 command.append(
1023 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:" 1016 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:"
1024 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:"); 1017 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:");
1025 if (!EVP_has_aes_hardware()) { 1018 if (!EVP_has_aes_hardware()) {
1026 command.append( 1019 command.append(
1027 "CECPQ1-RSA-AES256-GCM-SHA384:" 1020 "CECPQ1-RSA-AES256-GCM-SHA384:"
1028 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); 1021 "CECPQ1-ECDSA-AES256-GCM-SHA384:");
1029 } 1022 }
1030 } 1023 }
1031 #endif
1032 command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); 1024 command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4");
1033 1025
1034 if (ssl_config_.require_ecdhe) 1026 if (ssl_config_.require_ecdhe)
1035 command.append(":!kRSA:!kDHE"); 1027 command.append(":!kRSA:!kDHE");
1036 1028
1037 if (!ssl_config_.deprecated_cipher_suites_enabled) { 1029 if (!ssl_config_.deprecated_cipher_suites_enabled) {
1038 // Only offer DHE on the second handshake. https://crbug.com/538690 1030 // Only offer DHE on the second handshake. https://crbug.com/538690
1039 command.append(":!kDHE"); 1031 command.append(":!kDHE");
1040 } 1032 }
1041 1033
(...skipping 1344 matching lines...) Expand 10 before | Expand all | Expand 10 after
2386 } 2378 }
2387 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, 2379 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
2388 CHANNEL_ID_USAGE_MAX); 2380 CHANNEL_ID_USAGE_MAX);
2389 } 2381 }
2390 2382
2391 bool SSLClientSocketImpl::IsChannelIDEnabled() const { 2383 bool SSLClientSocketImpl::IsChannelIDEnabled() const {
2392 return ssl_config_.channel_id_enabled && channel_id_service_; 2384 return ssl_config_.channel_id_enabled && channel_id_service_;
2393 } 2385 }
2394 2386
2395 } // namespace net 2387 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_pool.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698