Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(323)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 10700099: NSS Channel ID: don't check ECC support on every socket creation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « crypto/ec_private_key_openssl.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 1056 matching lines...) Expand 10 before | Expand all | Expand 10 after
1067 #else 1067 #else
1068 rv = SSL_GetClientAuthDataHook( 1068 rv = SSL_GetClientAuthDataHook(
1069 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); 1069 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this);
1070 #endif 1070 #endif
1071 if (rv != SECSuccess) { 1071 if (rv != SECSuccess) {
1072 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); 1072 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", "");
1073 return false; 1073 return false;
1074 } 1074 }
1075 1075
1076 if (ssl_config_.channel_id_enabled) { 1076 if (ssl_config_.channel_id_enabled) {
1077 // TODO(mattm): we can do this check on the network task runner only because 1077 if (crypto::ECPrivateKey::IsSupported()) {
1078 // we use the NSS internal slot. If we support other slots in the future,
1079 // checking whether they support ECDSA may block NSS, and thus this check
1080 // would have to be moved to the NSS task runner.
1081 crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot());
1082 if (PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) &&
1083 PK11_DoesMechanism(slot.get(), CKM_ECDSA)) {
1084 rv = SSL_SetClientChannelIDCallback( 1078 rv = SSL_SetClientChannelIDCallback(
1085 nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this); 1079 nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this);
1086 if (rv != SECSuccess) 1080 if (rv != SECSuccess)
1087 LogFailedNSSFunction(*weak_net_log_, "SSL_SetClientChannelIDCallback", 1081 LogFailedNSSFunction(*weak_net_log_, "SSL_SetClientChannelIDCallback",
1088 ""); 1082 "");
1089 } else { 1083 } else {
1090 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; 1084 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID.";
1091 } 1085 }
1092 } 1086 }
1093 1087
(...skipping 1422 matching lines...) Expand 10 before | Expand all | Expand 10 after
2516 2510
2517 // Since this enum is used for a histogram, do not change or re-use values. 2511 // Since this enum is used for a histogram, do not change or re-use values.
2518 enum { 2512 enum {
2519 DISABLED = 0, 2513 DISABLED = 0,
2520 CLIENT_ONLY = 1, 2514 CLIENT_ONLY = 1,
2521 CLIENT_AND_SERVER = 2, 2515 CLIENT_AND_SERVER = 2,
2522 DOMAIN_BOUND_CERT_USAGE_MAX 2516 DOMAIN_BOUND_CERT_USAGE_MAX
2523 } supported = DISABLED; 2517 } supported = DISABLED;
2524 if (channel_id_xtn_negotiated_) 2518 if (channel_id_xtn_negotiated_)
2525 supported = CLIENT_AND_SERVER; 2519 supported = CLIENT_AND_SERVER;
2526 else if (ssl_config_.channel_id_enabled) 2520 else if (ssl_config_.channel_id_enabled &&
2521 crypto::ECPrivateKey::IsSupported())
2527 supported = CLIENT_ONLY; 2522 supported = CLIENT_ONLY;
2528 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, 2523 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
2529 DOMAIN_BOUND_CERT_USAGE_MAX); 2524 DOMAIN_BOUND_CERT_USAGE_MAX);
2530 } 2525 }
2531 2526
2532 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) { 2527 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) {
2533 DCHECK(OnNetworkTaskRunner()); 2528 DCHECK(OnNetworkTaskRunner());
2534 DCHECK_GT(len, 0); 2529 DCHECK_GT(len, 0);
2535 2530
2536 if (detached_) 2531 if (detached_)
(...skipping 970 matching lines...) Expand 10 before | Expand all | Expand 10 after
3507 EnsureThreadIdAssigned(); 3502 EnsureThreadIdAssigned();
3508 base::AutoLock auto_lock(lock_); 3503 base::AutoLock auto_lock(lock_);
3509 return valid_thread_id_ == base::PlatformThread::CurrentId(); 3504 return valid_thread_id_ == base::PlatformThread::CurrentId();
3510 } 3505 }
3511 3506
3512 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { 3507 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
3513 return server_bound_cert_service_; 3508 return server_bound_cert_service_;
3514 } 3509 }
3515 3510
3516 } // namespace net 3511 } // namespace net
OLDNEW
« no previous file with comments | « crypto/ec_private_key_openssl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698