diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/ssl_config_service.cc | 31 | ||||
| -rw-r--r-- | net/base/ssl_false_start_blacklist.cc | 34 | ||||
| -rw-r--r-- | net/base/ssl_false_start_blacklist.h | 98 | ||||
| -rw-r--r-- | net/base/ssl_false_start_blacklist.txt | 671 | ||||
| -rw-r--r-- | net/base/ssl_false_start_blacklist_process.cc | 267 | ||||
| -rw-r--r-- | net/base/ssl_false_start_blacklist_unittest.cc | 28 | ||||
| -rw-r--r-- | net/net.gyp | 32 |
7 files changed, 29 insertions, 1132 deletions
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc index 753f1c7..c310cd2 100644 --- a/net/base/ssl_config_service.cc +++ b/net/base/ssl_config_service.cc @@ -3,7 +3,6 @@ // found in the LICENSE file. #include "net/base/ssl_config_service.h" -#include "net/base/ssl_false_start_blacklist.h" #if defined(OS_WIN) #include "net/base/ssl_config_service_win.h" @@ -59,7 +58,35 @@ bool SSLConfigService::IsKnownStrictTLSServer(const std::string& hostname) { // static bool SSLConfigService::IsKnownFalseStartIncompatibleServer( const std::string& hostname) { - return SSLFalseStartBlacklist::IsMember(hostname.c_str()); + // If this list starts growing, it'll need to be something more efficient + // than a linear list. + static const char kFalseStartIncompatibleServers[][15] = { + "www.picnik.com", + }; + + static const char kFalseStartIncompatibleDomains[][11] = { + // Added at the request of A10. + "yodlee.com", + }; + + // Note that the hostname is normalised to lower-case by this point. + for (size_t i = 0; i < arraysize(kFalseStartIncompatibleServers); i++) { + if (strcmp(hostname.c_str(), kFalseStartIncompatibleServers[i]) == 0) + return true; + } + + for (size_t i = 0; i < arraysize(kFalseStartIncompatibleDomains); i++) { + const char* domain = kFalseStartIncompatibleDomains[i]; + const size_t len = strlen(domain); + if (hostname.size() >= len && + memcmp(&hostname[hostname.size() - len], domain, len) == 0 && + (hostname.size() == len || + hostname[hostname.size() - len - 1] == '.')) { + return true; + } + } + + return false; } static bool g_dnssec_enabled = false; diff --git a/net/base/ssl_false_start_blacklist.cc b/net/base/ssl_false_start_blacklist.cc deleted file mode 100644 index 9e0f309..0000000 --- a/net/base/ssl_false_start_blacklist.cc +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/ssl_false_start_blacklist.h" - -namespace net { - -// static -bool SSLFalseStartBlacklist::IsMember(const char* host) { - const char* last_two_labels = LastTwoLabels(host); - if (!last_two_labels) - return false; - const unsigned bucket = Hash(last_two_labels) & (kBuckets - 1); - const uint16 start = kHashTable[bucket]; - const uint16 end = kHashTable[bucket + 1]; - const size_t len = strlen(host); - - for (size_t i = start; i < end;) { - const size_t blacklist_entry_len = static_cast<uint8>(kHashData[i]); - if (len >= blacklist_entry_len && - memcmp(&host[len - blacklist_entry_len], &kHashData[i + 1], - blacklist_entry_len) == 0 && - (len == blacklist_entry_len || - host[len - blacklist_entry_len - 1] == '.')) { - return true; - } - i += blacklist_entry_len + 1; - } - - return false; -} - -} // namespace net diff --git a/net/base/ssl_false_start_blacklist.h b/net/base/ssl_false_start_blacklist.h deleted file mode 100644 index 1d44d0a..0000000 --- a/net/base/ssl_false_start_blacklist.h +++ /dev/null @@ -1,98 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_BASE_SSL_FALSE_START_BLACKLIST_H_ -#define NET_BASE_SSL_FALSE_START_BLACKLIST_H_ - -#include "base/basictypes.h" - -namespace net { - -// SSLFalseStartBlacklist is a set of domains which we believe to be intolerant -// to TLS False Start. Because this set is several hundred long, it's -// precompiled by the code in ssl_false_start_blacklist_process.cc into a hash -// table for fast lookups. -class SSLFalseStartBlacklist { - public: - // IsMember returns true if the given host is in the blacklist. - // host: a DNS name in dotted form (i.e. "www.example.com") - static bool IsMember(const char* host); - - // Hash returns the modified djb2 hash of the given string. - static unsigned Hash(const char* str) { - // This is inline because the code which generates the hash table needs to - // use it. However, the generating code cannot link against - // ssl_false_start_blacklist.cc because that needs the tables which it - // generates. - const unsigned char* in = reinterpret_cast<const unsigned char*>(str); - unsigned hash = 5381; - unsigned char c; - - while ((c = *in++)) - hash = ((hash << 5) + hash) ^ c; - return hash; - } - - // LastTwoLabels returns a pointer within |host| to the last two labels of - // |host|. For example, if |host| is "a.b.c.d" then LastTwoLabels will return - // "c.d". - // host: a DNS name in dotted form. - // returns: NULL on error, otherwise a pointer inside |host|. - static const char* LastTwoLabels(const char* host) { - // See comment in |Hash| for why this function is inline. - const size_t len = strlen(host); - if (len == 0) - return NULL; - - unsigned dots_found = 0; - size_t i; - for (i = len - 1; i < len; i--) { - if (host[i] == '.') { - dots_found++; - if (dots_found == 2) { - i++; - break; - } - } - } - - if (i > len) - i = 0; - - if (dots_found == 0) - return NULL; // no names with less than two labels are in the blacklist. - if (dots_found == 1) { - if (host[0] == '.') - return NULL; // ditto - } - - return &host[i]; - } - - // This is the number of buckets in the blacklist hash table. (Must be a - // power of two). - static const unsigned kBuckets = 128; - - private: - // The following two members are defined in - // ssl_false_start_blacklist_data.cc, which is generated by - // ssl_false_start_blacklist_process.cc - - // kHashTable contains an offset into |kHashData| for each bucket. The - // additional element at the end contains the length of |kHashData|. - static const uint16 kHashTable[kBuckets + 1]; - // kHashData contains the contents of the hash table. |kHashTable| indexes - // into this array. Each bucket consists of zero or more, 8-bit length - // prefixed strings. Each string is a DNS name in dotted form. For a given - // string x, x and *.x are considered to be in the blacklist. In order to - // assign a string to a hash bucket, the last two labels (not including the - // root label) are hashed. Thus, the bucket for "www.example.com" is - // Hash("example.com"). No names that are less than two labels long are - // included in the blacklist. - static const char kHashData[]; -}; - -} // namespace net - -#endif // NET_BASE_SSL_FALSE_START_BLACKLIST_H_ diff --git a/net/base/ssl_false_start_blacklist.txt b/net/base/ssl_false_start_blacklist.txt deleted file mode 100644 index 9b97c57..0000000 --- a/net/base/ssl_false_start_blacklist.txt +++ /dev/null @@ -1,671 +0,0 @@ -# Copyright (c) 2010 The Chromium Authors. All rights reserved. -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -# This is the list of hosts for which we will not perform False Start. It was -# gathered from probing and bug reports. - -# This is included for unit tests: -example.com - -123.cht.com.tw -4science.net -abangdani.wordpress.com -access.arkansas.gov -accessgeneral.com -accessingram.com -accorservicesdirect.net -adfox.cz -ads.bridgetrack.com -adult.dl.rakuten.co.jp -adulthire.com -advanceautoparts.com -agents.nationalsecuritygroup.com -alamode.com -algoritam.hr -alsformalwear.com -alucmo.com -amail.centrum.cz -amexweb.com.mx -amsi.alliedgroup.net -amwaylive.com -anntaylor.recruitmax.com -apps.revenuecycle.com -aps2.toshiba-tro.de -apus.edu -aribabuyer.us.dell.com -ariston.es -asb.dk -ashgate.com -ashleymadison.com -asp.fm-pc.com -atari.com -ats.openhire.com -attask-ondemand.com -attask.com -axa.co.uk -banking.ing-diba.at -baptisthealth.net -barkoff.tv -barracudaserver.com -barronscatalog.com -bb3.utc.edu -bcbsfl.recruitmax.com -bentley.edu -biddingforgood.com -biffalo.net -bilder.buecher.de -bishops.org.za -bitfang.com -blogger.huffingtonpost.com -brinksinc.com -buecher.de -buildings.com -bux.ee -buyshakeweightformen.com -cagreatamerica.com -candydirect.com -cardsdirect.com -caringbridge.org -cash.netmarble.net -ccmail.cc.gatech.edu -celebrateyourfaith.com -centralr.com -certs.zurich.co.uk -champions-online.com -chnla.com -chw.recruitmax.com -ciaoitalia.com -cinema.warnermycal.com -circlesofwisdom.com -cisr-ssl-vpn2.univ-lyon1.fr -citi.bridgetrack.com -citizensfla.com -claritycon.com -classbauth.austin.hp.com -cofunds.co.uk -combattesting.com -compaxtrade.com -confirmit.suw.corp.google.com -coopervisionrebates.com -corporate.bpn.pt -correo.uft.cl -credinamico.programapar.com.br -creditcards.citicards.com -cts.vresp.com -cubizone.com -customer.precash.com -cvintranet.classifiedventures.com -d49.org -depo.ru -destinationlighting.com -djmmusic.com -dl.rakuten.co.jp -dmgov.org -docstoc.com -docuware.com -dokeos.ehb.be -drammen.skole.d-ikt.no -drsha.com -dskdirect.bg -dwarest.disc.co.jp -easybillindia.in -easyswitch.nl -ebb.ubb.bg -ebit.com.br -echo.com -echotrak.com -econda-monitor.de -edaccents.com -edumail.tokem.fi -eduportal.pl -elm.mcmaster.ca -elmls.mcmaster.ca -email.manutouch.com.hk -email.wsd1.org -email.yorksj.ac.uk -employee.translink.bc.ca -ent.enteduc.fr -enterprise.channeladvisor.com -epk.tv -epoti.abanka.si -equippers.com -eumail.nov.com -eurobank.pl -exchange.chc.be -exchange.hostnet.nl -exchange.selco.info -external1.collaboration.hp.com -extra.chrysler.de -extranet.cchmc.org -faxbetter.com -fdc.org.br -financialengines.com -firstam.net -flydenver.com -forums.champions-online.com -forums.startrekonline.com -fucam.ac.be -fullseat.com -futuretrails.com -ganymede.chester.ac.uk -gateway.madisoncity.k12.al.us -genuineonlinebank.com -getslimtsnow.com -global2.mtsallstream.com -go.enbw.net -goamp.com -gomopa.net -goredsea.com -gotobelfast.com -greenpower24.com -gw2.fli.bund.de -haken.mynavi.jp -hangikredi.com -hastingsdirect.com -hearablog.com -heavens-above.com -helpdesk.clear2pay.com -helwanbb.com -hercle.com -hivanet.hitachi-ies.co.jp -hoken-clinic.info -homedepotrebates.com -honeybakedonline.com -hood.com -hostedjobs.openhire.com -howtowritearesume.net -humana.recruitmax.com -hurmail01.hurriyet.com.tr -hydra.cusys.edu -hz.nl -il.systemb2b.com -il2l.com -indraweb.indra.es -ineways.com -info.enet-japan.com -infonet.hz.nl -inside.nhl.com -insight.smartdm.com -integrishealth.recruitmax.com -interiorsandsources.com -internal.imaginets.com -intra.billing.ru -intranet.peckham.org -intranet.ucol.ac.nz -inverhills.edu -iol.pt -iqsystem.irrc.co.jp -ito.org.tr -itrade.fhtrust.com.tw -iweb.thebankersbank.com -j-union.com -jasaga.or.jp -jnet.agsys.sompo-japan.co.jp -job.disc.co.jp -job.nikkei.co.jp -jobmgr.disc.co.jp -kahosl.be -keas.com -kimberlyclark.myvurv.com -king-invest.net -kingsdominion.com -kingsroadmerch.com -kwiktrip.com -leerlingmail.niftarlake.nl -legalconnection.com -lightstone.co.za -login-pos.eurobank.pl -login-raty.eurobank.pl -lxr.com -maartenluther.calvijn.nl -magelo.com -magtek.com -mail.centrum.cz -mail.extranet.hp.com -mail.gtri.gatech.edu -mail.gunnebo.com -mail.hoover.k12.al.us -mail.hzeeland.nl -mail.idera.com -mail.ilsole24ore.com -mail.jetblue.com -mail.officebroker.com -mail.oma.nl -mail.rawlinscollege.org.uk -mail.rcsdk12.org -mail.silmu.fi -mail.sinclair.edu -mail.skmc.gov.ae -mail.the-ascott.com -mail.tox-us.com -mail.ugs.com -mail.uottawa.ca -mail.yvc.ac.il -mail2.law.stetson.edu -mail2.skanetrafiken.se -mailhub1.cpsb.org -mailhub2.cpsb.org -marshallsonline.com -massport.com -mediabistro.com -member.yong-online.com.tw -merchantonlineapp.com -merrickbank.com -metalinq.com -miele.co.uk -miller.co.jp -mishlohim.co.il -mizunoshop.net -mochibot.com -mochigames.com -mochimedia.com -moss.esher.ac.uk -msexchange.lyon.edu -msishopper.net -mtsexchange.mtsn.org.uk -mudy.info -my.bentley.edu -my.berkeleycollege.edu -my.dover.edu -my.ecwid.com -my.wcupa.edu -mycls.cls.ch -myoffice.eu.goodyear.com -myoffice.na.goodyear.com -myparceldelivery.com -na.ntrsupport.com -naramail.nara.gov -neospeech.com -nettkontoret.kredinor.no -neways.com -newaysonline.com -newvistalive.com -nochex.com -noridian.totalonboarding.com -noticiastelemicro.com -nr.edu -nuwaveoven.com -online.eurobank.pl -onyxinv.com -orix-sumai.jp -osvinc.com -otpbank.hu -owa.dist113.org -owa.kajak.fi -owa.kan.se -owa.nordakademie.de -owa.tecnicasreunidas.es -owa2k3.bhw.de -parfumdreams.de -partner.buzzcity.com -partners.conocophillipsalaska.com -pastel.co.za -perfectmoney.com -picnik.com -pimkie.de -pimkie.es -pimkie.fr -pimkie.it -pineconeresearch.com -planet-tachyon.com -playneverwinter.com -pocket.matsui.co.jp -pokervt.com -poolzconnect.singaporepools.com.sg -popularglasses.com -portaal.nh1816.nl -portail.mont-notre-dame.qc.ca -portal.eduweb.vic.gov.au -portal.eiffel.nl -portal.hello.ch -portal.klz.org.uk -portal.langara.bc.ca -portal.mariestad.se -portal.peckham.org -portal.perse.co.uk -portal.tku.ac.jp -post.norwegian.no -posta.dsi.gov.tr -powerschool.ccsdut.net -powerschool.lawrence.k12.ma.us -profil.centrum.cz -projectinsight.cbre.com -providers.tufts-health.com -ps.dvusd.org -ps.glenbard.org -ps.liberty.k12.mo.us -psyquel.com -pushentertainment.com -q8car.com -qisweb2-verw.uni-hohenheim.de -quotien.onlinebank.com -rainforest-alliance.org -rakuraku-market.com -rbc.bridgetrack.com -rc.kotoha.co.jp -remote.cushingco.com -reprofinance.com -restaurantwedding.jp -rio.edu -rlcdn.com -rmg.i-grasp.com -rosevalleyindia.com -rotaban.ru -rozodoniy.com -rpv.fbn.ca -rr.com -run.auone.jp -runnet.jp -s-yoyaku.city.sagamihara.kanagawa.jp -s-yoyaku.city.urayasu.chiba.jp -safelinkwireless.com -sail.iwcc.edu -samba.huji.ac.il -samsami2u.wordpress.com -samstores.com -sap.kenexa.com -saratogaschools.org -scottsliquidgold.com -search.boox.jp -search.petfinder.com -secure.cambrianc.on.ca -secure.court.gov.il -secure.discountadvances.com -secure.earthclassmail.com -secure.merchantcart.net -secure.mycashnow.com -secure.nochex.com -secure.paydaymax.com -secure.www.denverpost.com -secure.www.mercurynews.com -secure.www.twincities.com -secure.zeelandnet.nl -secure.zoominfo.com -secureaccess.cacu.com -securedlogons.humanadental.com -seha.ae -selfcare.rr.com -services.bag-mail.de -shakeweight.com -shiki.gr.jp -showcase-tv.com -shsremote.solarishs.org -sierranevada.com -sis.ggusd.us -sisense.com -smart.otpbanka.hr -sobexinvest.com -socketstore.co.uk -soundvision.com -spalding.edu -sprintrebates.com -squareup.com -ss3.e-state.co.jp -ssl.arcsoft.com -sslvpn.broadcom.com -sslvpn.savannah.chatham.k12.ga.us -staffmail.brighton.ac.uk -staffportal.bne.catholic.edu.au -stapleseasyrebates.com -startnextweek.com.au -startrekonline.com -ste-exch1.nhc.ac.uk -stores.channeladvisor.com -strideeveryday.com -studentdata.warwick.ac.uk -studynet.dem.hva.nl -subjectivemetrics.com -survey5.spss-asp.com -surveys.itsyourview.com -suvana.com -svelvik.skole.d-ikt.no -syllabus.doshisha.ac.jp -sys.ins-uni.co.jp -taocan777.com -teetimesusa.com -terrabanking.romexterra.ro -testdriveunlimited2.com -tgn.co.jp -tgw.com -thecinema.in -thediamondstore.co.uk -thor.movistar.com.co -thymes.com -tlfw01.fhsg.ch -tools.med.nyu.edu -topfox.co.uk -totalcore.com -tracs.txstate.edu -trialpay.com -tryshakeweight.com -trytotalpillow.com -tvspy.com -tw.event.gamania.com -ucol.ac.nz -ukblelite01.emea.aza-lite.com -ukblelite02.emea.aza-lite.com -uni-hohenheim.de -user.centrum.cz -usuwazavpn04.americas.aza-lite.com -vcsportal.viasyscs.com -vle.guilsborough.northants.sch.uk -voogd.com -vpn-01.houstonisd.org -vpn-03.houstonisd.org -vpn-04.houstonisd.org -vpn.tarumanagara.com -vr.is -vtrade.vincomsc.com.vn -warranty.akeryards.as -web-opas.osakaya.co.jp -webaccess.7p-group.com -webaccess.pvhs.org -webbt.banque-tahiti.pf -webforensics.co.uk -webmail.asb.dk -webmail.austmus.gov.au -webmail.bne.catholic.edu.au -webmail.bose.com -webmail.choa.org -webmail.csaa.com -webmail.firstam.net -webmail.hrblock.com -webmail.ingbank.com.tr -webmail.kapsch.net -webmail.levinglobal.com -webmail.lolland.dk -webmail.mopera.net -webmail.mt.gov -webmail.newlook.net -webmail.ordina.nl -webmail.peelpolice.ca -webmail.springer-sbm.com -webmail.srhs.com -webmail.toho-u.ac.jp -webmail.transat.com -webmail.tribune.com -webmail.tuev-nord.de -webmail.valamar.com -webmail.waterman-group.co.uk -webmail.wcupa.edu -webmaildata.rr.com -webshop.weijntjes.nl -webvpn.au.aecom.com -webvpn.ben.edu -webvpn.eu.aecom.com -webvpn.usaa.com -webvpn.usps.gov -welltrix.com -werecoverdata.com -wettstar.de -workhere.jetblue.com -wowbeez.com -ws.licenzji-vetturi.gov.mt -wtc.lxr.com -www.accessgeneral.com -www.accessingram.com -www.adfox.cz -www.agromercantil.com.gt -www.algoritam.hr -www.amu.apus.edu -www.amwaylive.com -www.anoka.k12.mn.us -www.apus.edu -www.aramex.net -www.asb.dk -www.ashleymadison.com -www.aussiecupid.com.au -www.azimut.portail.soquij.qc.ca -www.benefitsconnect.net -www.bsnparentnet.nl -www.buecher.de -www.cardsdirect.com -www.caringbridge.org -www.cashpoint.com -www.centralr.com -www.champions-online.com -www.chineselovelinks.com -www.citizensfla.com -www.cmarket.com -www.coop-kobe.net -www.costco.com.mx -www.cubizone.com -www.cupidmedia.com -www.dandh.com -www.djmmusic.com -www.docstoc.com -www.docuware.com -www.dskdirect.bg -www.dualsaw.com -www.e-denpo.net -www.e-zoa.com -www.easy-share.com -www.echo.com -www.echotrak.com -www.econda-monitor.de -www.edumail.vic.gov.au -www.eduweb.vic.gov.au -www.empresas.bancobcr.com -www.eurobank.pl -www.expesite.com -www.fareastcafe.co.jp -www.feitest.com -www.filipinaheart.com -www.financialengines.com -www.firstassistinsurance.com -www.frankfurt-oder.de -www.fucam.ac.be -www.goamp.com -www.golfdo.com -www.gomopa.net -www.hangikredi.com -www.hastingsdirect.com -www.hastingsessential.com -www.helwanbb.com -www.homedepotrebates.com -www.hongkongcupid.com -www.ihale.gov.tr -www.improvementscatalog.com -www.inetportals.com -www.internationalcupid.com -www.inverhills.edu -www.iol.pt -www.istyle.com.tw -www.jerusalem.muni.il -www.krungsricashlink.com -www.kultur.gov.tr -www.m-pesa.com -www.mallorca.co.uk -www.marshallsonline.com -www.meadsd.net -www.mediabistro.com -www.merrickbank.com -www.microline.hr -www.miller.co.jp -www.mishlohim.co.il -www.mochibot.com -www.mochigames.com -www.mochimedia.com -www.mochipass.com -www.moe.gov.ae -www.mof.go.jp -www.montimbrenligne.laposte.fr -www.mopera.net -www.mp4all.nl -www.msishopper.net -www.mypoint.com -www.nbch.com.ar -www.ncatrak.org -www.neways.com -www.newaysonline.com -www.nhk-ep.com -www.nochex.com -www.officemd.net -www.onlineaha.org -www.otpbank.hu -www.pagport.jp -www.pandorashop.nl -www.picnik.com -www.promptparts.com -www.q8car.com -www.redbullcontentpool.com -www.regmurcia.com -www.riksgalden.se -www.rotaban.ru -www.rr.com -www.safelinkwireless.com -www.samstores.com -www.sharedoc.com -www.smarttickets.com.au -www.smartypig.com -www.smiles.caisse-epargne.fr -www.sprintrebates.com -www.stapleseasyrebates.com -www.startrekonline.com -www.store.limewire.com -www.supplier.nokia.com -www.thailovelinks.com -www.thecinema.in -www.themls.com -www.tjmaxx.com -www.tnc.ne.jp -www.topfox.co.uk -www.toranoana.jp -www.trialpay.com -www.tryabcircle.com -www.tzamtzam.co.il -www.ucol.ac.nz -www.user.zoominfo.com -www.variety.com -www.vietnamcupid.com -www.voogd.com -www.vpn.cmu.edu -www.wettstar.de -www.wiso.uni-hamburg.de -www.worthington-portal.org -www.wowbeez.com -www.y-do.net -www.yourwirelessrebatecenter.com -www.zenfolio.com -www.zenryonetwork.com -www.zoominfo.com -www1.cat365.net -www1.ticket-web-shochiku.com -www2.fakton.nl -www2.proexam.org -www2.secom-techno.co.jp -www2.ticket-web-shochiku.com -www6.hsmv.state.fl.us -wwws.jp-bank.japanpost.jp -wwy01.shiki.gr.jp -wynbilling.wyndhamworldwide.com -wynnmacau.recruitmax.com -xbox.redeemer.ab.ca -yodlee.com -yourwirelessrebatecenter.com -yoyaku.city.funabashi.chiba.jp -yoyaku.city.hachioji.tokyo.jp -zenfolio.com -zoominfo.com -zumbafitness.com diff --git a/net/base/ssl_false_start_blacklist_process.cc b/net/base/ssl_false_start_blacklist_process.cc deleted file mode 100644 index ed67c8f..0000000 --- a/net/base/ssl_false_start_blacklist_process.cc +++ /dev/null @@ -1,267 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// This utility program exists to process the False Start blacklist file into -// a static hash table so that it can be efficiently queried by Chrome. - -#include <stdio.h> -#include <stdlib.h> - -#include <set> -#include <string> -#include <vector> - -#include "base/basictypes.h" -#include "base/logging.h" -#include "net/base/ssl_false_start_blacklist.h" - -using net::SSLFalseStartBlacklist; - -static const unsigned kBuckets = SSLFalseStartBlacklist::kBuckets; - -static int -usage(const char* argv0) { - fprintf(stderr, "Usage: %s <blacklist file> <output .c file>\n", argv0); - return 1; -} - -// StripWWWPrefix removes "www." from the beginning of any elements of the -// vector. -static void StripWWWPrefix(std::vector<std::string>* hosts) { - static const char kPrefix[] = "www."; - static const unsigned kPrefixLen = sizeof(kPrefix) - 1; - - for (size_t i = 0; i < hosts->size(); i++) { - const std::string& h = (*hosts)[i]; - if (h.size() >= kPrefixLen && - memcmp(h.data(), kPrefix, kPrefixLen) == 0) { - (*hosts)[i] = h.substr(kPrefixLen, h.size() - kPrefixLen); - } - } -} - -// RemoveDuplicateEntries removes all duplicates from |hosts|. -static void RemoveDuplicateEntries(std::vector<std::string>* hosts) { - std::set<std::string> hosts_set; - std::vector<std::string> ret; - - for (std::vector<std::string>::const_iterator - i = hosts->begin(); i != hosts->end(); i++) { - if (hosts_set.count(*i)) { - LOG(INFO) << "Removing duplicate entry for " << *i; - continue; - } - hosts_set.insert(*i); - ret.push_back(*i); - } - - hosts->swap(ret); -} - -// ParentDomain returns the parent domain for a given domain name or the empty -// string if the name is a top-level domain. -static std::string ParentDomain(const std::string& in) { - for (size_t i = 0; i < in.size(); i++) { - if (in[i] == '.') { - return in.substr(i + 1, in.size() - i - 1); - } - } - - return std::string(); -} - -// RemoveRedundantEntries removes any entries which are subdomains of other -// entries. (i.e. foo.example.com would be removed if example.com were also -// included.) -static void RemoveRedundantEntries(std::vector<std::string>* hosts) { - std::set<std::string> hosts_set; - std::vector<std::string> ret; - - for (std::vector<std::string>::const_iterator - i = hosts->begin(); i != hosts->end(); i++) { - hosts_set.insert(*i); - } - - for (std::vector<std::string>::const_iterator - i = hosts->begin(); i != hosts->end(); i++) { - std::string parent = ParentDomain(*i); - while (!parent.empty()) { - if (hosts_set.count(parent)) - break; - parent = ParentDomain(parent); - } - if (parent.empty()) { - ret.push_back(*i); - } else { - LOG(INFO) << "Removing " << *i << " as redundant"; - } - } - - hosts->swap(ret); -} - -// CheckLengths returns true iff every host is less than 256 bytes long (not -// including the terminating NUL) and contains two or more labels. -static bool CheckLengths(const std::vector<std::string>& hosts) { - for (std::vector<std::string>::const_iterator - i = hosts.begin(); i != hosts.end(); i++) { - if (i->size() >= 256) { - LOG(ERROR) << "Entry " << *i << " is too large"; - return false; - } - if (SSLFalseStartBlacklist::LastTwoLabels(i->c_str()) == NULL) { - LOG(ERROR) << "Entry " << *i << " contains to few labels"; - return false; - } - } - - return true; -} - -int main(int argc, char** argv) { - if (argc != 3) - return usage(argv[0]); - - const char* input_file = argv[1]; - const char* output_file = argv[2]; - FILE* input = fopen(input_file, "r"); - if (!input) { - perror("open"); - return usage(argv[0]); - } - - if (fseek(input, 0, SEEK_END)) { - perror("fseek"); - return 1; - } - - const long input_size = ftell(input); - - if (fseek(input, 0, SEEK_SET)) { - perror("fseek"); - return 1; - } - - char* buffer = static_cast<char*>(malloc(input_size)); - if (fread(buffer, input_size, 1, input) != 1) { - perror("fread"); - free(buffer); - fclose(input); - return 1; - } - fclose(input); - - std::vector<std::string> hosts; - - off_t line_start = 0; - bool is_comment = false; - bool non_whitespace_seen = false; - for (long i = 0; i <= input_size; i++) { - if (i == input_size || buffer[i] == '\n') { - if (!is_comment && non_whitespace_seen) - hosts.push_back(std::string(&buffer[line_start], i - line_start)); - is_comment = false; - non_whitespace_seen = false; - line_start = i + 1; - continue; - } - - if (i == line_start && buffer[i] == '#') - is_comment = true; - if (buffer[i] != ' ' && buffer[i] != '\t') - non_whitespace_seen = true; - } - free(buffer); - - LOG(INFO) << "Have " << hosts.size() << " hosts after parse"; - StripWWWPrefix(&hosts); - RemoveDuplicateEntries(&hosts); - LOG(INFO) << "Have " << hosts.size() << " hosts after removing duplicates"; - RemoveRedundantEntries(&hosts); - LOG(INFO) << "Have " << hosts.size() << " hosts after removing redundants"; - if (!CheckLengths(hosts)) { - LOG(ERROR) << "One or more entries is too large or too small"; - return 2; - } - - LOG(INFO) << "Using " << kBuckets << " entry hash table"; - uint16 table[kBuckets]; - std::vector<std::string> buckets[kBuckets]; - - for (std::vector<std::string>::const_iterator - i = hosts.begin(); i != hosts.end(); i++) { - const char* last_two_labels = - SSLFalseStartBlacklist::LastTwoLabels(i->c_str()); - const unsigned h = SSLFalseStartBlacklist::Hash(last_two_labels); - buckets[h & (kBuckets - 1)].push_back(*i); - } - - std::string table_data; - unsigned max_bucket_size = 0; - for (unsigned i = 0; i < kBuckets; i++) { - if (table_data.size() > 65535) { - LOG(ERROR) << "Hash table overflowed a uint16 index"; - return 3; - } - - if (buckets[i].size() > max_bucket_size) - max_bucket_size = buckets[i].size(); - - table[i] = table_data.size(); - for (std::vector<std::string>::const_iterator - j = buckets[i].begin(); j != buckets[i].end(); j++) { - table_data.push_back((char) j->size()); - table_data.append(*j); - } - } - - LOG(INFO) << "Largest bucket has " << max_bucket_size << " entries"; - - FILE* out = fopen(output_file, "w+"); - if (!out) { - perror("opening output file"); - return 4; - } - - fprintf(out, "// Copyright (c) 2010 The Chromium Authors. All rights " - "reserved.\n// Use of this source code is governed by a BSD-style " - "license that can be\n// found in the LICENSE file.\n\n"); - fprintf(out, "// WARNING: this code is generated by\n" - "// ssl_false_start_blacklist_process.cc. Do not edit.\n\n"); - fprintf(out, "#include \"base/basictypes.h\"\n\n"); - fprintf(out, "#include \"net/base/ssl_false_start_blacklist.h\"\n\n"); - fprintf(out, "namespace net {\n\n"); - fprintf(out, "const uint16 SSLFalseStartBlacklist::kHashTable[%d + 1] = {\n", - kBuckets); - for (unsigned i = 0; i < kBuckets; i++) { - fprintf(out, " %d,\n", (int) table[i]); - } - fprintf(out, " %d,\n", (int) table_data.size()); - fprintf(out, "};\n\n"); - - fprintf(out, "const char SSLFalseStartBlacklist::kHashData[] = \n"); - for (unsigned i = 0, line_length = 0; i < table_data.size(); i++) { - if (line_length == 0) - fprintf(out, " \""); - uint8 c = static_cast<uint8>(table_data[i]); - if (c < 32 || c > 127 || c == '"') { - fprintf(out, "\\%c%c%c", '0' + ((c >> 6) & 7), '0' + ((c >> 3) & 7), - '0' + (c & 7)); - line_length += 4; - } else { - fprintf(out, "%c", c); - line_length++; - } - if (i == table_data.size() - 1) { - fprintf(out, "\";\n"); - } else if (line_length >= 70) { - fprintf(out, "\"\n"); - line_length = 0; - } - } - fprintf(out, "\n} // namespace net\n"); - fclose(out); - - return 0; -} diff --git a/net/base/ssl_false_start_blacklist_unittest.cc b/net/base/ssl_false_start_blacklist_unittest.cc deleted file mode 100644 index 7ade428..0000000 --- a/net/base/ssl_false_start_blacklist_unittest.cc +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/ssl_false_start_blacklist.h" -#include "testing/gtest/include/gtest/gtest.h" - -TEST(SSLFalseStartBlacklistTest, LastTwoLabels) { -#define F net::SSLFalseStartBlacklist::LastTwoLabels - EXPECT_STREQ(F("a.b.c.d"), "c.d"); - EXPECT_STREQ(F("a.b"), "a.b"); - EXPECT_STREQ(F("example.com"), "example.com"); - EXPECT_STREQ(F("www.example.com"), "example.com"); - EXPECT_STREQ(F("www.www.example.com"), "example.com"); - - EXPECT_TRUE(F("com") == NULL); - EXPECT_TRUE(F(".com") == NULL); - EXPECT_TRUE(F("") == NULL); -#undef F -} - -TEST(SSLFalseStartBlacklistTest, IsMember) { - EXPECT_TRUE(net::SSLFalseStartBlacklist::IsMember("example.com")); - EXPECT_TRUE(net::SSLFalseStartBlacklist::IsMember("www.example.com")); - EXPECT_TRUE(net::SSLFalseStartBlacklist::IsMember("a.b.example.com")); - EXPECT_FALSE(net::SSLFalseStartBlacklist::IsMember("aexample.com")); - EXPECT_FALSE(net::SSLFalseStartBlacklist::IsMember("com")); -} diff --git a/net/net.gyp b/net/net.gyp index 2f8bb2d..1814d59 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -19,7 +19,6 @@ '../third_party/icu/icu.gyp:icuuc', '../third_party/zlib/zlib.gyp:zlib', 'net_resources', - 'ssl_false_start_blacklist_process', ], 'sources': [ 'base/address_family.h', @@ -166,7 +165,6 @@ 'base/ssl_config_service_mac.h', 'base/ssl_config_service_win.cc', 'base/ssl_config_service_win.h', - 'base/ssl_false_start_blacklist.cc', 'base/ssl_info.cc', 'base/ssl_info.h', 'base/static_cookie_policy.cc', @@ -201,25 +199,6 @@ 'export_dependent_settings': [ '../base/base.gyp:base', ], - 'actions': [ - { - 'action_name': 'ssl_false_start_blacklist', - 'inputs': [ - '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)ssl_false_start_blacklist_process<(EXECUTABLE_SUFFIX)', - 'base/ssl_false_start_blacklist.txt', - ], - 'outputs': [ - '<(SHARED_INTERMEDIATE_DIR)/net/base/ssl_false_start_blacklist_data.cc', - ], - 'action': - ['<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)ssl_false_start_blacklist_process<(EXECUTABLE_SUFFIX)', - 'base/ssl_false_start_blacklist.txt', - '<(SHARED_INTERMEDIATE_DIR)/net/base/ssl_false_start_blacklist_data.cc', - ], - 'message': 'Generating SSL False Start blacklist', - 'process_outputs_as_sources': 1, - }, - ], 'conditions': [ [ 'OS == "linux" or OS == "freebsd" or OS == "openbsd"', { 'dependencies': [ @@ -753,7 +732,6 @@ 'base/ssl_config_service_mac_unittest.cc', 'base/ssl_config_service_unittest.cc', 'base/ssl_config_service_win_unittest.cc', - 'base/ssl_false_start_blacklist_unittest.cc', 'base/static_cookie_policy_unittest.cc', 'base/transport_security_state_unittest.cc', 'base/test_certificate_data.h', @@ -1134,16 +1112,6 @@ 'tools/hresolv/hresolv.cc', ], }, - { - 'target_name': 'ssl_false_start_blacklist_process', - 'type': 'executable', - 'dependencies': [ - '../base/base.gyp:base', - ], - 'sources': [ - 'base/ssl_false_start_blacklist_process.cc', - ], - }, ], 'conditions': [ # ['OS=="linux"', { |