OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/nss_ssl_util.h" | 5 #include "net/socket/nss_ssl_util.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <secerr.h> | 8 #include <secerr.h> |
9 #include <ssl.h> | 9 #include <ssl.h> |
10 #include <sslerr.h> | 10 #include <sslerr.h> |
11 #include <sslproto.h> | 11 #include <sslproto.h> |
12 | 12 |
13 #include <string> | 13 #include <string> |
14 | 14 |
15 #include "base/bind.h" | 15 #include "base/bind.h" |
16 #include "base/cpu.h" | |
16 #include "base/lazy_instance.h" | 17 #include "base/lazy_instance.h" |
17 #include "base/logging.h" | 18 #include "base/logging.h" |
18 #include "base/memory/singleton.h" | 19 #include "base/memory/singleton.h" |
19 #include "base/threading/thread_restrictions.h" | 20 #include "base/threading/thread_restrictions.h" |
20 #include "base/values.h" | 21 #include "base/values.h" |
21 #include "build/build_config.h" | 22 #include "build/build_config.h" |
22 #include "crypto/nss_util.h" | 23 #include "crypto/nss_util.h" |
23 #include "net/base/net_errors.h" | 24 #include "net/base/net_errors.h" |
24 #include "net/base/net_log.h" | 25 #include "net/base/net_log.h" |
25 | 26 |
26 #if defined(OS_WIN) | 27 #if defined(OS_WIN) |
27 #include "base/win/windows_version.h" | 28 #include "base/win/windows_version.h" |
28 #endif | 29 #endif |
29 | 30 |
31 namespace { | |
32 | |
33 // CiphersRemove takes a zero-terminated array of cipher suite ids in | |
34 // |to_remove| and sets every instance of them in |ciphers| to zero. It returns | |
35 // true if it found and removed every element of |to_remove|. It assumes that | |
36 // there are no duplicates in |ciphers| nor in |to_remove|. | |
37 bool CiphersRemove(const uint16* to_remove, uint16* ciphers, size_t num) { | |
38 size_t i, found = 0; | |
39 | |
40 for (i = 0; ; i++) { | |
41 if (to_remove[i] == 0) | |
42 break; | |
43 | |
44 for (size_t j = 0; j < num; j++) { | |
45 if (to_remove[i] == ciphers[j]) { | |
46 ciphers[j] = 0; | |
47 found++; | |
48 break; | |
49 } | |
50 } | |
51 } | |
52 | |
53 return found == i; | |
54 } | |
55 | |
56 // CiphersCompact takes an array of cipher suite ids in |ciphers|, where some | |
57 // entries are zero, and moves the entries so that all the non-zero elements | |
58 // are compacted at the end of the array. | |
59 void CiphersCompact(uint16* ciphers, size_t num) { | |
60 size_t j = num - 1; | |
61 | |
62 for (size_t i = num - 1; i < num; i--) { | |
63 if (ciphers[i] == 0) | |
64 continue; | |
65 ciphers[j--] = ciphers[i]; | |
66 } | |
67 } | |
68 | |
69 // CiphersCopy copies the zero-terminated array |in| to |out|. It returns the | |
70 // number of cipher suite ids copied. | |
71 size_t CiphersCopy(const uint16* in, uint16* out) { | |
72 for (size_t i = 0; ; i++) { | |
73 if (in[i] == 0) | |
74 return i; | |
75 out[i] = in[i]; | |
76 } | |
77 } | |
78 | |
79 } // anonymous namespace | |
80 | |
30 namespace net { | 81 namespace net { |
31 | 82 |
32 class NSSSSLInitSingleton { | 83 class NSSSSLInitSingleton { |
33 public: | 84 public: |
34 NSSSSLInitSingleton() { | 85 NSSSSLInitSingleton() |
86 : num_ciphers_(0) { | |
wtc
2013/11/23 01:02:07
Nit: the Style Guide allows a short initializer on
| |
35 crypto::EnsureNSSInit(); | 87 crypto::EnsureNSSInit(); |
36 | 88 |
37 NSS_SetDomesticPolicy(); | 89 NSS_SetDomesticPolicy(); |
38 | 90 |
39 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); | 91 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); |
40 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); | 92 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); |
41 | 93 |
42 // Disable ECDSA cipher suites on platforms that do not support ECDSA | 94 // Disable ECDSA cipher suites on platforms that do not support ECDSA |
43 // signed certificates, as servers may use the presence of such | 95 // signed certificates, as servers may use the presence of such |
44 // ciphersuites as a hint to send an ECDSA certificate. | 96 // ciphersuites as a hint to send an ECDSA certificate. |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
79 // Enabled to allow servers with only a DSA certificate to function. | 131 // Enabled to allow servers with only a DSA certificate to function. |
80 enabled = true; | 132 enabled = true; |
81 } | 133 } |
82 SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled); | 134 SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled); |
83 } | 135 } |
84 } | 136 } |
85 | 137 |
86 // Enable SSL. | 138 // Enable SSL. |
87 SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); | 139 SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); |
88 | 140 |
141 // Calculate the order of ciphers that we'll use for NSS sockets. (Note | |
142 // that, even if a cipher is specified in the ordering, it must still be | |
143 // enabled in order to be included in a ClientHello.) | |
144 // | |
145 // Our top preference cipher suites are either forward-secret AES-GCM or | |
146 // forward-secret ChaCha20-Poly1305. If the local machine has AES-NI then | |
147 // we prefer AES-GCM, otherwise ChaCha20. The remainder of the cipher suite | |
148 // preference is inheriented from NSS. */ | |
149 static const uint16 chacha_ciphers[] = { | |
150 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, | |
151 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, | |
152 0, | |
153 }; | |
154 static const uint16 aes_gcm_ciphers[] = { | |
155 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | |
156 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | |
157 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, | |
158 0, | |
159 }; | |
160 const PRUint16* all_ciphers = SSL_GetImplementedCiphers(); | |
161 num_ciphers_ = SSL_GetNumImplementedCiphers(); | |
162 ciphers_.reset(new uint16[num_ciphers_]); | |
163 memcpy(ciphers_.get(), all_ciphers, sizeof(uint16)*num_ciphers_); | |
164 | |
165 if (CiphersRemove(chacha_ciphers, ciphers_.get(), num_ciphers_) && | |
166 CiphersRemove(aes_gcm_ciphers, ciphers_.get(), num_ciphers_)) { | |
167 CiphersCompact(ciphers_.get(), num_ciphers_); | |
168 | |
169 const uint16* preference_ciphers = chacha_ciphers; | |
170 const uint16* other_ciphers = aes_gcm_ciphers; | |
171 if (base::CPU().has_aesni()) { | |
172 preference_ciphers = aes_gcm_ciphers; | |
173 other_ciphers = chacha_ciphers; | |
174 } | |
175 unsigned i = CiphersCopy(preference_ciphers, ciphers_.get()); | |
176 CiphersCopy(other_ciphers, &ciphers_[i]); | |
177 } else { | |
178 ciphers_.reset(); | |
179 num_ciphers_ = 0; | |
180 } | |
181 | |
89 // All other SSL options are set per-session by SSLClientSocket and | 182 // All other SSL options are set per-session by SSLClientSocket and |
90 // SSLServerSocket. | 183 // SSLServerSocket. |
91 } | 184 } |
92 | 185 |
186 const uint16* GetNSSCipherOrder(size_t* out_length) { | |
187 *out_length = num_ciphers_; | |
188 return ciphers_.get(); | |
189 } | |
190 | |
93 ~NSSSSLInitSingleton() { | 191 ~NSSSSLInitSingleton() { |
94 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. | 192 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. |
95 SSL_ClearSessionCache(); | 193 SSL_ClearSessionCache(); |
96 } | 194 } |
195 | |
196 private: | |
197 scoped_ptr<uint16[]> ciphers_; | |
198 size_t num_ciphers_; | |
97 }; | 199 }; |
98 | 200 |
99 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton = | 201 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton = |
100 LAZY_INSTANCE_INITIALIZER; | 202 LAZY_INSTANCE_INITIALIZER; |
101 | 203 |
102 // Initialize the NSS SSL library if it isn't already initialized. This must | 204 // Initialize the NSS SSL library if it isn't already initialized. This must |
103 // be called before any other NSS SSL functions. This function is | 205 // be called before any other NSS SSL functions. This function is |
104 // thread-safe, and the NSS SSL library will only ever be initialized once. | 206 // thread-safe, and the NSS SSL library will only ever be initialized once. |
105 // The NSS SSL library will be properly shut down on program exit. | 207 // The NSS SSL library will be properly shut down on program exit. |
106 void EnsureNSSSSLInit() { | 208 void EnsureNSSSSLInit() { |
107 // Initializing SSL causes us to do blocking IO. | 209 // Initializing SSL causes us to do blocking IO. |
108 // Temporarily allow it until we fix | 210 // Temporarily allow it until we fix |
109 // http://code.google.com/p/chromium/issues/detail?id=59847 | 211 // http://code.google.com/p/chromium/issues/detail?id=59847 |
110 base::ThreadRestrictions::ScopedAllowIO allow_io; | 212 base::ThreadRestrictions::ScopedAllowIO allow_io; |
111 | 213 |
112 g_nss_ssl_init_singleton.Get(); | 214 g_nss_ssl_init_singleton.Get(); |
113 } | 215 } |
114 | 216 |
217 const uint16* GetNSSCipherOrder(size_t* out_length) { | |
218 return g_nss_ssl_init_singleton.Get().GetNSSCipherOrder(out_length); | |
219 } | |
220 | |
115 // Map a Chromium net error code to an NSS error code. | 221 // Map a Chromium net error code to an NSS error code. |
116 // See _MD_unix_map_default_error in the NSS source | 222 // See _MD_unix_map_default_error in the NSS source |
117 // tree for inspiration. | 223 // tree for inspiration. |
118 PRErrorCode MapErrorToNSS(int result) { | 224 PRErrorCode MapErrorToNSS(int result) { |
119 if (result >=0) | 225 if (result >=0) |
120 return result; | 226 return result; |
121 | 227 |
122 switch (result) { | 228 switch (result) { |
123 case ERR_IO_PENDING: | 229 case ERR_IO_PENDING: |
124 return PR_WOULD_BLOCK_ERROR; | 230 return PR_WOULD_BLOCK_ERROR; |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
276 const char* param) { | 382 const char* param) { |
277 DCHECK(function); | 383 DCHECK(function); |
278 DCHECK(param); | 384 DCHECK(param); |
279 net_log.AddEvent( | 385 net_log.AddEvent( |
280 NetLog::TYPE_SSL_NSS_ERROR, | 386 NetLog::TYPE_SSL_NSS_ERROR, |
281 base::Bind(&NetLogSSLFailedNSSFunctionCallback, | 387 base::Bind(&NetLogSSLFailedNSSFunctionCallback, |
282 function, param, PR_GetError())); | 388 function, param, PR_GetError())); |
283 } | 389 } |
284 | 390 |
285 } // namespace net | 391 } // namespace net |
OLD | NEW |