OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/nss_ssl_util.h" | 5 #include "net/socket/nss_ssl_util.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <secerr.h> | 8 #include <secerr.h> |
9 #include <ssl.h> | 9 #include <ssl.h> |
10 #include <sslerr.h> | 10 #include <sslerr.h> |
11 #include <sslproto.h> | 11 #include <sslproto.h> |
12 | 12 |
13 #include <string> | 13 #include <string> |
14 | 14 |
15 #include "base/bind.h" | 15 #include "base/bind.h" |
16 #include "base/cpu.h" | |
16 #include "base/lazy_instance.h" | 17 #include "base/lazy_instance.h" |
17 #include "base/logging.h" | 18 #include "base/logging.h" |
18 #include "base/memory/singleton.h" | 19 #include "base/memory/singleton.h" |
19 #include "base/threading/thread_restrictions.h" | 20 #include "base/threading/thread_restrictions.h" |
20 #include "base/values.h" | 21 #include "base/values.h" |
21 #include "build/build_config.h" | 22 #include "build/build_config.h" |
22 #include "crypto/nss_util.h" | 23 #include "crypto/nss_util.h" |
23 #include "net/base/net_errors.h" | 24 #include "net/base/net_errors.h" |
24 #include "net/base/net_log.h" | 25 #include "net/base/net_log.h" |
25 | 26 |
26 #if defined(OS_WIN) | 27 #if defined(OS_WIN) |
27 #include "base/win/windows_version.h" | 28 #include "base/win/windows_version.h" |
28 #endif | 29 #endif |
29 | 30 |
31 namespace { | |
32 | |
33 // CiphersRemove takes a zero-terminated array of cipher suite ids in | |
34 // |to_remove| and sets every instance of them in |ciphers| to zero. It returns | |
35 // true if it found and removed every element of |to_remove|. It assumes that | |
36 // there are no duplicates in |ciphers| nor in |to_remove|. | |
37 bool CiphersRemove(const uint16* to_remove, uint16* ciphers, size_t num) { | |
38 size_t num_remove, found = 0; | |
39 | |
40 for (num_remove = 0; ; num_remove++) { | |
41 if (to_remove[num_remove] == 0) | |
42 break; | |
43 } | |
44 | |
45 for (size_t i = 0; i < num; i++) { | |
46 for (size_t j = 0; j < num_remove; j++) { | |
47 if (to_remove[j] == ciphers[i]) { | |
48 ciphers[i] = 0; | |
49 found++; | |
50 break; | |
51 } | |
52 } | |
53 } | |
wtc
2013/11/22 01:14:16
I think it is less work to reverse the nested for
agl
2013/11/22 17:53:49
Done.
| |
54 | |
55 return found == num_remove; | |
56 } | |
57 | |
58 // CiphersCompact takes an array of cipher suite ids in |ciphers|, where some | |
59 // entries are zero, and moves the entries so that all the non-zero elements | |
60 // are compacted at the end of the array. | |
61 size_t CiphersCompact(uint16* ciphers, size_t num) { | |
62 size_t j = num - 1; | |
63 | |
64 for (size_t i = num - 1; i < num; i--) { | |
wtc
2013/11/22 01:14:16
The i < num check looks wrong at first glance. You
agl
2013/11/22 17:53:49
Yes.
| |
65 if (ciphers[i] == 0) | |
66 continue; | |
67 ciphers[j--] = ciphers[i]; | |
68 } | |
69 return j+1; | |
wtc
2013/11/22 01:14:16
Nit: the Style Guide recommends spaces around '+'
agl
2013/11/22 17:53:49
Done.
| |
70 } | |
71 | |
72 // CiphersCopy copies the zero-terminated array |in| to |out|. | |
wtc
2013/11/22 01:14:16
Document the return value.
agl
2013/11/22 17:53:49
Done.
| |
73 size_t CiphersCopy(const uint16* in, uint16* out) { | |
74 for (size_t i = 0; ; i++) { | |
75 if (in[i] == 0) | |
76 return i; | |
77 out[i] = in[i]; | |
78 } | |
79 } | |
80 | |
81 } // anonymous namespace | |
82 | |
83 | |
wtc
2013/11/22 01:14:16
Nit: delete one blank line
agl
2013/11/22 17:53:49
Done.
| |
30 namespace net { | 84 namespace net { |
31 | 85 |
32 class NSSSSLInitSingleton { | 86 class NSSSSLInitSingleton { |
33 public: | 87 public: |
34 NSSSSLInitSingleton() { | 88 NSSSSLInitSingleton() { |
wtc
2013/11/22 01:14:16
Initialize the new num_ciphers_ member to 0.
agl
2013/11/22 17:53:49
Done.
| |
35 crypto::EnsureNSSInit(); | 89 crypto::EnsureNSSInit(); |
36 | 90 |
37 NSS_SetDomesticPolicy(); | 91 NSS_SetDomesticPolicy(); |
38 | 92 |
39 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); | 93 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); |
40 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); | 94 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); |
41 | 95 |
42 // Disable ECDSA cipher suites on platforms that do not support ECDSA | 96 // Disable ECDSA cipher suites on platforms that do not support ECDSA |
43 // signed certificates, as servers may use the presence of such | 97 // signed certificates, as servers may use the presence of such |
44 // ciphersuites as a hint to send an ECDSA certificate. | 98 // ciphersuites as a hint to send an ECDSA certificate. |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
79 // Enabled to allow servers with only a DSA certificate to function. | 133 // Enabled to allow servers with only a DSA certificate to function. |
80 enabled = true; | 134 enabled = true; |
81 } | 135 } |
82 SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled); | 136 SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled); |
83 } | 137 } |
84 } | 138 } |
85 | 139 |
86 // Enable SSL. | 140 // Enable SSL. |
87 SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); | 141 SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); |
88 | 142 |
143 // Calculate the order of ciphers that we'll use for NSS sockets. (Note | |
144 // that, even if a cipher is specified in the ordering, it won't be | |
145 // included if it is disabled.) | |
wtc
2013/11/22 01:14:16
"it won't be included if it is disabled" sounds wr
agl
2013/11/22 17:53:49
I really did mean that, but it's clearly confusing
| |
146 // | |
147 // Our top preference cipher suites are either forward-secure AES-GCM or | |
148 // forward secure ChaCha20-Poly1305. If the local machine has AES-NI then | |
wtc
2013/11/22 01:14:16
Nit: forward secure => forward secret (two occurre
agl
2013/11/22 17:53:49
Done.
| |
149 // we prefer AES-GCM, otherwise ChaCha20. The remainder of the cipher suite | |
150 // preference is inheriented from NSS. */ | |
151 static const uint16 chacha_ciphers[] = { | |
152 0xcc14 /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 */, | |
wtc
2013/11/22 01:14:16
You should be able to use TLS_ECDHE_ECDSA_WITH_CHA
agl
2013/11/22 17:53:49
Done.
| |
153 0xcc13 /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 */, | |
154 0, | |
155 }; | |
156 static const uint16 aes_gcm_ciphers[] = { | |
157 0xc02b /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */, | |
158 0xc02f /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */, | |
159 0x9e /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */, | |
160 0, | |
161 }; | |
162 const PRUint16 *all_ciphers = SSL_GetImplementedCiphers(); | |
wtc
2013/11/22 01:14:16
Nit: put '*' next to the type. Also fix lines 171-
agl
2013/11/22 17:53:49
Done.
| |
163 num_ciphers_ = SSL_GetNumImplementedCiphers(); | |
164 ciphers_.reset(new uint16[num_ciphers_]); | |
165 memcpy(ciphers_.get(), all_ciphers, sizeof(uint16)*num_ciphers_); | |
166 | |
167 if (CiphersRemove(chacha_ciphers, ciphers_.get(), num_ciphers_) && | |
168 CiphersRemove(aes_gcm_ciphers, ciphers_.get(), num_ciphers_)) { | |
wtc
2013/11/22 01:14:16
Nit: We can pass the sizes of chacha_ciphers and a
agl
2013/11/22 17:53:49
By reordering the for loops in CiphersRemove, as y
| |
169 CiphersCompact(ciphers_.get(), num_ciphers_); | |
170 | |
171 const uint16 *preference_ciphers = chacha_ciphers; | |
172 const uint16 *other_ciphers = aes_gcm_ciphers; | |
173 if (base::CPU().has_aesni()) { | |
174 preference_ciphers = aes_gcm_ciphers; | |
175 other_ciphers = chacha_ciphers; | |
176 } | |
177 unsigned i = CiphersCopy(preference_ciphers, ciphers_.get()); | |
178 CiphersCopy(other_ciphers, &ciphers_[i]); | |
179 } else { | |
180 ciphers_.reset(); | |
181 num_ciphers_ = 0; | |
182 } | |
183 | |
89 // All other SSL options are set per-session by SSLClientSocket and | 184 // All other SSL options are set per-session by SSLClientSocket and |
90 // SSLServerSocket. | 185 // SSLServerSocket. |
91 } | 186 } |
92 | 187 |
188 const uint16* GetNSSCipherOrder(size_t* out_length) { | |
189 *out_length = num_ciphers_; | |
190 return ciphers_.get(); | |
191 } | |
192 | |
93 ~NSSSSLInitSingleton() { | 193 ~NSSSSLInitSingleton() { |
94 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. | 194 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. |
95 SSL_ClearSessionCache(); | 195 SSL_ClearSessionCache(); |
96 } | 196 } |
197 | |
198 private: | |
199 scoped_ptr<uint16[]> ciphers_; | |
200 size_t num_ciphers_; | |
97 }; | 201 }; |
98 | 202 |
99 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton = | 203 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton = |
100 LAZY_INSTANCE_INITIALIZER; | 204 LAZY_INSTANCE_INITIALIZER; |
101 | 205 |
102 // Initialize the NSS SSL library if it isn't already initialized. This must | 206 // Initialize the NSS SSL library if it isn't already initialized. This must |
103 // be called before any other NSS SSL functions. This function is | 207 // be called before any other NSS SSL functions. This function is |
104 // thread-safe, and the NSS SSL library will only ever be initialized once. | 208 // thread-safe, and the NSS SSL library will only ever be initialized once. |
105 // The NSS SSL library will be properly shut down on program exit. | 209 // The NSS SSL library will be properly shut down on program exit. |
106 void EnsureNSSSSLInit() { | 210 void EnsureNSSSSLInit() { |
107 // Initializing SSL causes us to do blocking IO. | 211 // Initializing SSL causes us to do blocking IO. |
108 // Temporarily allow it until we fix | 212 // Temporarily allow it until we fix |
109 // http://code.google.com/p/chromium/issues/detail?id=59847 | 213 // http://code.google.com/p/chromium/issues/detail?id=59847 |
110 base::ThreadRestrictions::ScopedAllowIO allow_io; | 214 base::ThreadRestrictions::ScopedAllowIO allow_io; |
111 | 215 |
112 g_nss_ssl_init_singleton.Get(); | 216 g_nss_ssl_init_singleton.Get(); |
113 } | 217 } |
114 | 218 |
219 const uint16* GetNSSCipherOrder(size_t* out_length) { | |
220 return g_nss_ssl_init_singleton.Get().GetNSSCipherOrder(out_length); | |
221 } | |
222 | |
115 // Map a Chromium net error code to an NSS error code. | 223 // Map a Chromium net error code to an NSS error code. |
116 // See _MD_unix_map_default_error in the NSS source | 224 // See _MD_unix_map_default_error in the NSS source |
117 // tree for inspiration. | 225 // tree for inspiration. |
118 PRErrorCode MapErrorToNSS(int result) { | 226 PRErrorCode MapErrorToNSS(int result) { |
119 if (result >=0) | 227 if (result >=0) |
120 return result; | 228 return result; |
121 | 229 |
122 switch (result) { | 230 switch (result) { |
123 case ERR_IO_PENDING: | 231 case ERR_IO_PENDING: |
124 return PR_WOULD_BLOCK_ERROR; | 232 return PR_WOULD_BLOCK_ERROR; |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
276 const char* param) { | 384 const char* param) { |
277 DCHECK(function); | 385 DCHECK(function); |
278 DCHECK(param); | 386 DCHECK(param); |
279 net_log.AddEvent( | 387 net_log.AddEvent( |
280 NetLog::TYPE_SSL_NSS_ERROR, | 388 NetLog::TYPE_SSL_NSS_ERROR, |
281 base::Bind(&NetLogSSLFailedNSSFunctionCallback, | 389 base::Bind(&NetLogSSLFailedNSSFunctionCallback, |
282 function, param, PR_GetError())); | 390 function, param, PR_GetError())); |
283 } | 391 } |
284 | 392 |
285 } // namespace net | 393 } // namespace net |
OLD | NEW |