OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/nss_ssl_util.h" | 5 #include "net/socket/nss_ssl_util.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <secerr.h> | 8 #include <secerr.h> |
9 #include <ssl.h> | 9 #include <ssl.h> |
10 #include <sslerr.h> | 10 #include <sslerr.h> |
11 #include <sslproto.h> | 11 #include <sslproto.h> |
12 | 12 |
13 #include <string> | 13 #include <string> |
14 | 14 |
15 #include "base/bind.h" | 15 #include "base/bind.h" |
16 #include "base/cpu.h" | |
16 #include "base/lazy_instance.h" | 17 #include "base/lazy_instance.h" |
17 #include "base/logging.h" | 18 #include "base/logging.h" |
18 #include "base/memory/singleton.h" | 19 #include "base/memory/singleton.h" |
19 #include "base/threading/thread_restrictions.h" | 20 #include "base/threading/thread_restrictions.h" |
20 #include "base/values.h" | 21 #include "base/values.h" |
21 #include "build/build_config.h" | 22 #include "build/build_config.h" |
22 #include "crypto/nss_util.h" | 23 #include "crypto/nss_util.h" |
23 #include "net/base/net_errors.h" | 24 #include "net/base/net_errors.h" |
24 #include "net/base/net_log.h" | 25 #include "net/base/net_log.h" |
25 | 26 |
26 #if defined(OS_WIN) | 27 #if defined(OS_WIN) |
27 #include "base/win/windows_version.h" | 28 #include "base/win/windows_version.h" |
28 #endif | 29 #endif |
29 | 30 |
31 namespace { | |
32 | |
33 // CiphersRemove takes a zero-terminated array of cipher suite ids in | |
34 // |to_remove| and sets every instance of them in |ciphers| to zero. It returns | |
35 // true if it found and removed every element of |to_remove|. It assumes that | |
36 // there are no duplicates in |ciphers| nor in |to_remove|. | |
37 bool CiphersRemove(const uint16* to_remove, uint16* ciphers, size_t num) { | |
38 size_t i, found = 0; | |
39 | |
40 for (i = 0; ; i++) { | |
41 if (to_remove[i] == 0) | |
42 break; | |
43 | |
44 for (size_t j = 0; j < num; j++) { | |
45 if (to_remove[i] == ciphers[j]) { | |
46 ciphers[j] = 0; | |
47 found++; | |
48 break; | |
49 } | |
50 } | |
51 } | |
52 | |
53 return found == i; | |
54 } | |
55 | |
56 // CiphersCompact takes an array of cipher suite ids in |ciphers|, where some | |
57 // entries are zero, and moves the entries so that all the non-zero elements | |
58 // are compacted at the end of the array. | |
59 void CiphersCompact(uint16* ciphers, size_t num) { | |
60 size_t j = num - 1; | |
61 | |
62 for (size_t i = num - 1; i < num; i--) { | |
63 if (ciphers[i] == 0) | |
64 continue; | |
65 ciphers[j--] = ciphers[i]; | |
66 } | |
67 } | |
68 | |
69 // CiphersCopy copies the zero-terminated array |in| to |out|. It returns the | |
70 // number of cipher suite ids copied. | |
71 size_t CiphersCopy(const uint16* in, uint16* out) { | |
72 for (size_t i = 0; ; i++) { | |
73 if (in[i] == 0) | |
74 return i; | |
75 out[i] = in[i]; | |
76 } | |
77 } | |
78 | |
79 } // anonymous namespace | |
80 | |
30 namespace net { | 81 namespace net { |
31 | 82 |
32 class NSSSSLInitSingleton { | 83 class NSSSSLInitSingleton { |
33 public: | 84 public: |
34 NSSSSLInitSingleton() { | 85 NSSSSLInitSingleton() : num_ciphers_(0) { |
35 crypto::EnsureNSSInit(); | 86 crypto::EnsureNSSInit(); |
36 | 87 |
37 NSS_SetDomesticPolicy(); | 88 NSS_SetDomesticPolicy(); |
38 | 89 |
39 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); | 90 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); |
40 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); | 91 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); |
41 | 92 |
42 // Disable ECDSA cipher suites on platforms that do not support ECDSA | 93 // Disable ECDSA cipher suites on platforms that do not support ECDSA |
43 // signed certificates, as servers may use the presence of such | 94 // signed certificates, as servers may use the presence of such |
44 // ciphersuites as a hint to send an ECDSA certificate. | 95 // ciphersuites as a hint to send an ECDSA certificate. |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
79 // Enabled to allow servers with only a DSA certificate to function. | 130 // Enabled to allow servers with only a DSA certificate to function. |
80 enabled = true; | 131 enabled = true; |
81 } | 132 } |
82 SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled); | 133 SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled); |
83 } | 134 } |
84 } | 135 } |
85 | 136 |
86 // Enable SSL. | 137 // Enable SSL. |
87 SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); | 138 SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); |
88 | 139 |
140 // Calculate the order of ciphers that we'll use for NSS sockets. (Note | |
141 // that, even if a cipher is specified in the ordering, it must still be | |
142 // enabled in order to be included in a ClientHello.) | |
143 // | |
144 // Our top preference cipher suites are either forward-secret AES-GCM or | |
145 // forward-secret ChaCha20-Poly1305. If the local machine has AES-NI then | |
146 // we prefer AES-GCM, otherwise ChaCha20. The remainder of the cipher suite | |
147 // preference is inheriented from NSS. */ | |
148 static const uint16 chacha_ciphers[] = { | |
149 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, | |
150 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, | |
151 0, | |
152 }; | |
153 static const uint16 aes_gcm_ciphers[] = { | |
154 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | |
155 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | |
156 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, | |
wtc
2014/01/06 19:18:18
While testing a CL of mine today, I noticed that T
agl
2014/01/06 19:26:20
That's correct. No desire to bump non-forward-secr
| |
157 0, | |
158 }; | |
159 const PRUint16* all_ciphers = SSL_GetImplementedCiphers(); | |
160 num_ciphers_ = SSL_GetNumImplementedCiphers(); | |
161 ciphers_.reset(new uint16[num_ciphers_]); | |
162 memcpy(ciphers_.get(), all_ciphers, sizeof(uint16)*num_ciphers_); | |
163 | |
164 if (CiphersRemove(chacha_ciphers, ciphers_.get(), num_ciphers_) && | |
165 CiphersRemove(aes_gcm_ciphers, ciphers_.get(), num_ciphers_)) { | |
166 CiphersCompact(ciphers_.get(), num_ciphers_); | |
167 | |
168 const uint16* preference_ciphers = chacha_ciphers; | |
169 const uint16* other_ciphers = aes_gcm_ciphers; | |
170 base::CPU cpu; | |
171 | |
172 if (cpu.has_aesni() && cpu.has_avx()) { | |
173 preference_ciphers = aes_gcm_ciphers; | |
174 other_ciphers = chacha_ciphers; | |
175 } | |
176 unsigned i = CiphersCopy(preference_ciphers, ciphers_.get()); | |
177 CiphersCopy(other_ciphers, &ciphers_[i]); | |
178 } else { | |
179 ciphers_.reset(); | |
180 num_ciphers_ = 0; | |
181 } | |
182 | |
89 // All other SSL options are set per-session by SSLClientSocket and | 183 // All other SSL options are set per-session by SSLClientSocket and |
90 // SSLServerSocket. | 184 // SSLServerSocket. |
91 } | 185 } |
92 | 186 |
187 const uint16* GetNSSCipherOrder(size_t* out_length) { | |
188 *out_length = num_ciphers_; | |
189 return ciphers_.get(); | |
190 } | |
191 | |
93 ~NSSSSLInitSingleton() { | 192 ~NSSSSLInitSingleton() { |
94 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. | 193 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. |
95 SSL_ClearSessionCache(); | 194 SSL_ClearSessionCache(); |
96 } | 195 } |
196 | |
197 private: | |
198 scoped_ptr<uint16[]> ciphers_; | |
199 size_t num_ciphers_; | |
97 }; | 200 }; |
98 | 201 |
99 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton = | 202 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton = |
100 LAZY_INSTANCE_INITIALIZER; | 203 LAZY_INSTANCE_INITIALIZER; |
101 | 204 |
102 // Initialize the NSS SSL library if it isn't already initialized. This must | 205 // Initialize the NSS SSL library if it isn't already initialized. This must |
103 // be called before any other NSS SSL functions. This function is | 206 // be called before any other NSS SSL functions. This function is |
104 // thread-safe, and the NSS SSL library will only ever be initialized once. | 207 // thread-safe, and the NSS SSL library will only ever be initialized once. |
105 // The NSS SSL library will be properly shut down on program exit. | 208 // The NSS SSL library will be properly shut down on program exit. |
106 void EnsureNSSSSLInit() { | 209 void EnsureNSSSSLInit() { |
107 // Initializing SSL causes us to do blocking IO. | 210 // Initializing SSL causes us to do blocking IO. |
108 // Temporarily allow it until we fix | 211 // Temporarily allow it until we fix |
109 // http://code.google.com/p/chromium/issues/detail?id=59847 | 212 // http://code.google.com/p/chromium/issues/detail?id=59847 |
110 base::ThreadRestrictions::ScopedAllowIO allow_io; | 213 base::ThreadRestrictions::ScopedAllowIO allow_io; |
111 | 214 |
112 g_nss_ssl_init_singleton.Get(); | 215 g_nss_ssl_init_singleton.Get(); |
113 } | 216 } |
114 | 217 |
218 const uint16* GetNSSCipherOrder(size_t* out_length) { | |
219 return g_nss_ssl_init_singleton.Get().GetNSSCipherOrder(out_length); | |
220 } | |
221 | |
115 // Map a Chromium net error code to an NSS error code. | 222 // Map a Chromium net error code to an NSS error code. |
116 // See _MD_unix_map_default_error in the NSS source | 223 // See _MD_unix_map_default_error in the NSS source |
117 // tree for inspiration. | 224 // tree for inspiration. |
118 PRErrorCode MapErrorToNSS(int result) { | 225 PRErrorCode MapErrorToNSS(int result) { |
119 if (result >=0) | 226 if (result >=0) |
120 return result; | 227 return result; |
121 | 228 |
122 switch (result) { | 229 switch (result) { |
123 case ERR_IO_PENDING: | 230 case ERR_IO_PENDING: |
124 return PR_WOULD_BLOCK_ERROR; | 231 return PR_WOULD_BLOCK_ERROR; |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
276 const char* param) { | 383 const char* param) { |
277 DCHECK(function); | 384 DCHECK(function); |
278 DCHECK(param); | 385 DCHECK(param); |
279 net_log.AddEvent( | 386 net_log.AddEvent( |
280 NetLog::TYPE_SSL_NSS_ERROR, | 387 NetLog::TYPE_SSL_NSS_ERROR, |
281 base::Bind(&NetLogSSLFailedNSSFunctionCallback, | 388 base::Bind(&NetLogSSLFailedNSSFunctionCallback, |
282 function, param, PR_GetError())); | 389 function, param, PR_GetError())); |
283 } | 390 } |
284 | 391 |
285 } // namespace net | 392 } // namespace net |
OLD | NEW |