crypto: disable NSS AES-NI support when AVX is disabled by OS.

crypto/nss_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 
 #include <nss.h>
 #include <pk11pub.h>
 #include <plarena.h>
 #include <prerror.h>
 #include <prinit.h>
 #include <prtime.h>
 #include <secmod.h>
+#include <stdlib.h>

[wtc, 2013/11/21 21:03:44]

This header isn't necessary.

[agl, 2013/11/22 16:22:35]

Done.

 
 #if defined(OS_LINUX)
 #include <linux/nfs_fs.h>
 #include <sys/vfs.h>
 #elif defined(OS_OPENBSD)
 #include <sys/mount.h>
 #include <sys/param.h>
 #endif
 
 #include <vector>
 
+#include "base/cpu.h"
 #include "base/debug/alias.h"
 #include "base/debug/stack_trace.h"
 #include "base/environment.h"
+#include "base/environment.h"

[wtc, 2013/11/21 21:03:44]

Delete this line (a duplicate).

[agl, 2013/11/22 16:22:35]

Done.

 #include "base/file_util.h"
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/metrics/histogram.h"
 #include "base/native_library.h"
 #include "base/strings/stringprintf.h"
 #include "base/threading/thread_checker.h"
@@ skipping 369 matching lines @@
         test_slot_(NULL),
         tpm_slot_(NULL),
         root_(NULL),
         chromeos_user_logged_in_(false) {
     base::TimeTicks start_time = base::TimeTicks::Now();
 
     // It's safe to construct on any thread, since LazyInstance will prevent any
     // other threads from accessing until the constructor is done.
     thread_checker_.DetachFromThread();
 
+    DisableAESNIIfNeeded();
+
     EnsureNSPRInit();
 
     // We *must* have NSS >= 3.14.3.
     COMPILE_ASSERT(
         (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) ||
         (NSS_VMAJOR == 3 && NSS_VMINOR > 14) ||
         (NSS_VMAJOR > 3),
         nss_version_check_failed);
     // Also check the run-time NSS version.
     // NSS_VersionCheck is a >= check, not strict equality.
@@ skipping 172 matching lines @@
       if (PK11_NeedUserInit(db_slot))
         PK11_InitPin(db_slot, NULL, NULL);
     }
     else {
       LOG(ERROR) << "Error opening persistent database (" << modspec
                  << "): " << GetNSSErrorMessage();
     }
     return db_slot;
   }
 
+  static void DisableAESNIIfNeeded() {
+    base::CPU cpu;
+
+    if (cpu.has_avx_hardware() && !cpu.has_avx()) {
+      // Some versions of NSS have a bug that causes AVX instructions to be
+      // used without testing whether XSAVE is enabled by the operating system.
+      // In order to work around this, we disable AES-NI in NSS when we find
+      // that |has_avx()| is false (which includes the XSAVE test).

[wtc, 2013/11/21 21:03:44]

Add the NSS bug number or URL here so we will know when it is safe to remove
this workaround.

[agl, 2013/11/22 16:22:35]

Done.

+      base::Environment::Create()->SetVar("NSS_DISABLE_HW_AES", "1");

[wtc, 2013/11/21 21:03:44]

We can also consider just turning off the AES-GCM cipher suites in TLS (and
probably QUIC). This will allow us to use the AES-CBC cipher suites with AES-NI
hardware acceleration. But this doesn't seem like a good trade-off.

+    }
+  }
+
   // If this is set to true NSS is forced to be initialized without a DB.
   static bool force_nodb_init_;
 
   bool tpm_token_enabled_for_nss_;
   std::string tpm_token_name_;
   std::string tpm_user_pin_;
   SECMODModule* chaps_module_;
   PK11SlotInfo* software_slot_;
   PK11SlotInfo* test_slot_;
   PK11SlotInfo* tpm_slot_;
@@ skipping 189 matching lines @@
 
 PK11SlotInfo* GetPublicNSSKeySlot() {
   return g_nss_singleton.Get().GetPublicNSSKeySlot();
 }
 
 PK11SlotInfo* GetPrivateNSSKeySlot() {
   return g_nss_singleton.Get().GetPrivateNSSKeySlot();
 }
 
 }  // namespace crypto