net: boost AES-GCM ciphers if the machine has AES-NI.

net/third_party/nss/ssl/ssl3con.c

 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
 /*
  * SSL3 Protocol
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
 
@@ skipping 12347 matching lines @@
         pref   = suite->enabled;
         rv     = SECSuccess;
     } else {
         pref   = SSL_NOT_ALLOWED;
         rv     = SECFailure;    /* err code was set by Lookup. */
     }
     *enabled = pref;
     return rv;
 }
 
+SECStatus
+ssl3_CipherOrderSet(sslSocket *ss, const PRUint16 *ciphers, size_t len)
+{
+    size_t i, done;

[wtc, 2013/11/19 23:00:44]

Nit: use unsigned int.

[agl, 2013/11/20 18:21:07]

Done.

+
+    for (i = done = 0; i < len; i++) {

[wtc, 2013/11/19 23:00:44]

It seems that |done| is always equal to |i|, so we can replace |done| by |i|.

[agl, 2013/11/20 18:21:07]

Done.

+        PRUint16 id = ciphers[i];
+        size_t existingIndex, j;
+        char found = 0;

[wtc, 2013/11/19 23:00:44]

Nit: Use PRBool and PR_FALSE, PR_TRUE instead of char, 0, 1.

[agl, 2013/11/20 18:21:07]

Done.

+
+        for (j = done; j < ssl_V3_SUITES_IMPLEMENTED; j++) {

[wtc, 2013/11/19 23:00:44]

This valid cipher suite check is quadratic. We should look into using a "model
socket" in Chromium. The model socket is the first argument to SSL_ImportFD.
Properties of the model socket are copied to the new SSL socket.

Update: I looked into this. Since the |ciphers| array depends on SSL config
settings such as TLS/SSL version range and disabled cipher suite list, the model
socket doesn't seem easy to do. We would need to update the model socket
whenever SSL config settings change.

[agl, 2013/11/20 18:21:07]

It might be possible to use a model socket because this ordering does not change
which ciphers are enabled etc, it just reorders them. Let me know if I've missed
something, otherwise it seems to be that the NSS singleton could configure a
model socket with this information.

[wtc, 2013/11/22 01:14:16]

I think you're right, although if the |ciphers| input array doesn't include all
ciphers, the missing ciphers will be disabled by the for loop at the end of this
function.
Yes, I agree. We just need to make sure to include all the ciphers.

+            if (ss->cipherSuites[j].cipher_suite == id) {
+                existingIndex = j;
+                found = 1;
+                break;
+            }
+        }
+
+        if (!found) {
+            PORT_SetError(SSL_ERROR_UNKNOWN_CIPHER_SUITE);
+            return SECFailure;
+        }
+
+        if (existingIndex != done) {
+            const ssl3CipherSuiteCfg temp = ss->cipherSuites[done];
+            ss->cipherSuites[done] = ss->cipherSuites[existingIndex];
+            ss->cipherSuites[existingIndex] = temp;
+        }
+        done++;
+    }
+
+    /* Disable all cipher suites that weren't included. */
+    for (; i < ssl_V3_SUITES_IMPLEMENTED; i++) {
+        ss->cipherSuites[i].enabled = 0;
+    }
+
+    return SECSuccess;
+}
+
 /* copy global default policy into socket. */
 void
 ssl3_InitSocketPolicy(sslSocket *ss)
 {
     PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
 }
 
 SECStatus
 ssl3_GetTLSUniqueChannelBinding(sslSocket *ss,
                                 unsigned char *out,
@@ skipping 212 matching lines @@
             PORT_Free(ss->ssl3.hs.recvdFragments.buf);
         }
     }
 
     ss->ssl3.initialized = PR_FALSE;
 
     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
 }
 
 /* End of ssl3con.c */