Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(168)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/nss_util.cc

Issue 79283002: crypto: disable NSS AES-NI support when AVX is disabled by OS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « base/cpu.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/nss_util.h" 5 #include "crypto/nss_util.h"
6 #include "crypto/nss_util_internal.h" 6 #include "crypto/nss_util_internal.h"
7 7
8 #include <nss.h> 8 #include <nss.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <plarena.h> 10 #include <plarena.h>
11 #include <prerror.h> 11 #include <prerror.h>
12 #include <prinit.h> 12 #include <prinit.h>
13 #include <prtime.h> 13 #include <prtime.h>
14 #include <secmod.h> 14 #include <secmod.h>
15 15
16 #if defined(OS_LINUX) 16 #if defined(OS_LINUX)
17 #include <linux/nfs_fs.h> 17 #include <linux/nfs_fs.h>
18 #include <sys/vfs.h> 18 #include <sys/vfs.h>
19 #elif defined(OS_OPENBSD) 19 #elif defined(OS_OPENBSD)
20 #include <sys/mount.h> 20 #include <sys/mount.h>
21 #include <sys/param.h> 21 #include <sys/param.h>
22 #endif 22 #endif
23 23
24 #include <vector> 24 #include <vector>
25 25
26 #include "base/cpu.h"
26 #include "base/debug/alias.h" 27 #include "base/debug/alias.h"
27 #include "base/debug/stack_trace.h" 28 #include "base/debug/stack_trace.h"
28 #include "base/environment.h" 29 #include "base/environment.h"
29 #include "base/file_util.h" 30 #include "base/file_util.h"
30 #include "base/files/file_path.h" 31 #include "base/files/file_path.h"
31 #include "base/files/scoped_temp_dir.h" 32 #include "base/files/scoped_temp_dir.h"
32 #include "base/lazy_instance.h" 33 #include "base/lazy_instance.h"
33 #include "base/logging.h" 34 #include "base/logging.h"
34 #include "base/memory/scoped_ptr.h" 35 #include "base/memory/scoped_ptr.h"
35 #include "base/metrics/histogram.h" 36 #include "base/metrics/histogram.h"
(...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after
408 test_slot_(NULL), 409 test_slot_(NULL),
409 tpm_slot_(NULL), 410 tpm_slot_(NULL),
410 root_(NULL), 411 root_(NULL),
411 chromeos_user_logged_in_(false) { 412 chromeos_user_logged_in_(false) {
412 base::TimeTicks start_time = base::TimeTicks::Now(); 413 base::TimeTicks start_time = base::TimeTicks::Now();
413 414
414 // It's safe to construct on any thread, since LazyInstance will prevent any 415 // It's safe to construct on any thread, since LazyInstance will prevent any
415 // other threads from accessing until the constructor is done. 416 // other threads from accessing until the constructor is done.
416 thread_checker_.DetachFromThread(); 417 thread_checker_.DetachFromThread();
417 418
419 DisableAESNIIfNeeded();
420
418 EnsureNSPRInit(); 421 EnsureNSPRInit();
419 422
420 // We *must* have NSS >= 3.14.3. 423 // We *must* have NSS >= 3.14.3.
421 COMPILE_ASSERT( 424 COMPILE_ASSERT(
422 (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) || 425 (NSS_VMAJOR == 3 && NSS_VMINOR == 14 && NSS_VPATCH >= 3) ||
423 (NSS_VMAJOR == 3 && NSS_VMINOR > 14) || 426 (NSS_VMAJOR == 3 && NSS_VMINOR > 14) ||
424 (NSS_VMAJOR > 3), 427 (NSS_VMAJOR > 3),
425 nss_version_check_failed); 428 nss_version_check_failed);
426 // Also check the run-time NSS version. 429 // Also check the run-time NSS version.
427 // NSS_VersionCheck is a >= check, not strict equality. 430 // NSS_VersionCheck is a >= check, not strict equality.
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after
600 if (PK11_NeedUserInit(db_slot)) 603 if (PK11_NeedUserInit(db_slot))
601 PK11_InitPin(db_slot, NULL, NULL); 604 PK11_InitPin(db_slot, NULL, NULL);
602 } 605 }
603 else { 606 else {
604 LOG(ERROR) << "Error opening persistent database (" << modspec 607 LOG(ERROR) << "Error opening persistent database (" << modspec
605 << "): " << GetNSSErrorMessage(); 608 << "): " << GetNSSErrorMessage();
606 } 609 }
607 return db_slot; 610 return db_slot;
608 } 611 }
609 612
613 static void DisableAESNIIfNeeded() {
614 if (NSS_VersionCheck("3.15") && !NSS_VersionCheck("3.15.4")) {
615 // Some versions of NSS have a bug that causes AVX instructions to be
616 // used without testing whether XSAVE is enabled by the operating system.
617 // In order to work around this, we disable AES-NI in NSS when we find
618 // that |has_avx()| is false (which includes the XSAVE test). See
619 // https://bugzilla.mozilla.org/show_bug.cgi?id=940794
620 base::CPU cpu;
621
622 if (cpu.has_avx_hardware() && !cpu.has_avx()) {
623 base::Environment::Create()->SetVar("NSS_DISABLE_HW_AES", "1");
624 }
625 }
626 }
627
610 // If this is set to true NSS is forced to be initialized without a DB. 628 // If this is set to true NSS is forced to be initialized without a DB.
611 static bool force_nodb_init_; 629 static bool force_nodb_init_;
612 630
613 bool tpm_token_enabled_for_nss_; 631 bool tpm_token_enabled_for_nss_;
614 std::string tpm_token_name_; 632 std::string tpm_token_name_;
615 std::string tpm_user_pin_; 633 std::string tpm_user_pin_;
616 SECMODModule* chaps_module_; 634 SECMODModule* chaps_module_;
617 PK11SlotInfo* software_slot_; 635 PK11SlotInfo* software_slot_;
618 PK11SlotInfo* test_slot_; 636 PK11SlotInfo* test_slot_;
619 PK11SlotInfo* tpm_slot_; 637 PK11SlotInfo* tpm_slot_;
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after
809 827
810 PK11SlotInfo* GetPublicNSSKeySlot() { 828 PK11SlotInfo* GetPublicNSSKeySlot() {
811 return g_nss_singleton.Get().GetPublicNSSKeySlot(); 829 return g_nss_singleton.Get().GetPublicNSSKeySlot();
812 } 830 }
813 831
814 PK11SlotInfo* GetPrivateNSSKeySlot() { 832 PK11SlotInfo* GetPrivateNSSKeySlot() {
815 return g_nss_singleton.Get().GetPrivateNSSKeySlot(); 833 return g_nss_singleton.Get().GetPrivateNSSKeySlot();
816 } 834 }
817 835
818 } // namespace crypto 836 } // namespace crypto
OLDNEW
« no previous file with comments | « base/cpu.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698