Closed Bug 102633 Opened 23 years ago Closed 22 years ago

PSM should allow the user to enable/disable additional available ciphers

Categories

(Core Graveyard :: Security: UI, defect, P2)

Product:
Core Graveyard
Component:
Security: UI
Version:
Other Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 184940
Milestone:
psm2.3

People

(Reporter: inactive-mailbox, Assigned: KaiE)

References

Details

Attachments

(5 files, 14 obsolete files)

Patch part 1/3
45.20 KB, patch
KaiE
: review+
alecf
: superreview+
asa
: approval+
Details | Diff | Splinter Review
Patch part 2/3
3.35 KB, patch
alecf
: superreview+
Details | Diff | Splinter Review
Suggested new UI, using simpler widgets, alternative screen layout suggested by alecf
12.09 KB, image/gif
Details
Updated Patch part 3/3
6.89 KB, patch
Details | Diff | Splinter Review
Updated Part part 3/3 (same as previous, ignoring whitespace)
6.87 KB, patch
Details | Diff | Splinter Review
"Edit/Preferences/Privacy/SSL/Edit Ciphers" shows a list of ciphers, but not all available ciphers. Here is a list of what we need to do, what I'd like to know to be able to implement this. 1.) === PSM does not provide a user interface to enable/disable the following ciphers: SSL_RSA_WITH_RC4_128_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_RC4_128_SHA SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA SSL_FORTEZZA_DMS_WITH_RC4_128_SHA SSL_FORTEZZA_DMS_WITH_NULL_SHA Should all of them be selectable in the user interface? 2.) === I notice that the user interface orders the ciphers by strength in the enable/disable user interface (in two sections). SSL 2 10 SSL_EN_RC4_128_WITH_MD5 20 SSL_EN_RC2_128_CBC_WITH_MD5 30 SSL_EN_DES_192_EDE3_CBC_WITH_MD5 40 SSL_EN_DES_64_CBC_WITH_MD5 50 SSL_EN_RC4_128_EXPORT40_WITH_MD5 60 SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 SSL 3 70 SSL_RSA_WITH_RC4_128_MD5 80 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 90 SSL_RSA_WITH_3DES_EDE_CBC_SHA 100 SSL_RSA_FIPS_WITH_DES_CBC_SHA 110 SSL_RSA_WITH_DES_CBC_SHA 120 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 130 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 140 SSL_RSA_EXPORT_WITH_RC4_40_MD5 150 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 160 SSL_RSA_WITH_NULL_MD5 At which positions should we insert the ciphers from 1.) in the user interface? For example, 75 SSL_RSA_WITH_RC4_128_SHA ? 3.) === We need user friendly plain text descriptions of the missing ciphers as listed in 1.) Example: SSL_RSA_WITH_RC4_128_SHA "RC4 encryption with a 128-bit key and SHA-1 MAC" ?
->future cc lord.
Priority: -- → P2
Target Milestone: --- → Future
Don't forget the AES ciphers.
Changing my prefered e-mail address.
Assignee: kai.engert → kaie
Nelson, you say I shouldn't forget the AES ciphers. I built that list by looking at the ciphers that PSM currently enables during startup. I looks like PSM currently does not have any reference to AES at all. This means, if by default AES ciphers are not enabled by default, Mozilla does not use AES ciphers currently. Can we build a list of ciphers that should be enabled in Mozilla?
I was misremembering bug 95987. http://bugzilla.mozilla.org/show_bug.cgi?id=95987 I thought that bug was about AES ciphersuites, but I see now that it was about the DHE ciphersuites. In any case, the AES suites should also be enabled, and the UI should allow them to be disabled. All the SSL3 ciphersuites now supported by NSS should be candidates for use in PSM, except those that do not encrypt, but only verify integity and authenticity.
The AES ciphersuites will be in NSS 3.4. PSM is using NSS 3.3 branch right now, which doesn't have the AES ciphersuites.
Nominating for 2.2. Mozilla has already the code that enables DHE ciphers. Nelson suggested the application should allow the user to disable any available cipher, to empower a user to disable any ciphers considered "flawed". Resolving this bug is only little coding work. I can implement it as soon as I have the answers to my questions (see top of this bug). To make my questions clearer: 1) We agreed that all ciphers should be selectable. Should ciphers with FORTEZZA be selectable in the UI, too? 2) Who can help defining the right order of cipher strengh? To which section (SSL2/SSL3/TLS) should the ciphers from 1) be added? 3) Who can help define the cleartext strings for those ciphers? Can I simply create new cleartext names using common sense, or are they well defined in some document? I wonder if we should implement this feature using a different approach. Instead of hard coding the list of ciphers into the UI, we could use a dynamic UI that is built from the list of ciphers the application decides to allow.
Status: NEW → ASSIGNED
Target Milestone: Future → 2.2
============= BUG EXTENSION ============= I'm extending the scope of this bug. The current UI only lists RSA ciphers without explicitly stating this fact. The updated UI should include the string RSA for all RSA ciphers.
libSSL already provides a list of all the implemented ciphersuites. This list was intended to allow applications to see exactly what ciphersuites are implemented in libSSL at run time. The list is not presently sorted in any particular order (IIRC). In http://bugzilla.mozilla.org/show_bug.cgi?id=78959, I have proposed the addition of a new function, SSL_GetCipherSuiteInfo, that takes a ciphersuite number and returns name strings and other info about all the components of that ciphersuite, including such things as names of all the components - name of the entire ciphersuite (e.g. SSL_RSA_WITH_RC4_128_MD5) - name of the symmatric cipher, (e.g., DES, RC4) - name of the MAC, (e.g., MD5, SHA1) - key sizes for symmetric cipher and mac, - name of the key agreement algorithm, (e.g., RSA, DHE, KEA) - name of the server authentication algorithm (e.g., RSA, DSA) That function, together with the list of ciphersuites, could be used to implement an always-up-to-date list of ciphersuites for the preferences panel. I propose to sort the list of ciphersuites in the same order of preference as is used by the SSL/TLS code itself. Please comment on my proposal in http://bugzilla.mozilla.org/show_bug.cgi?id=78959
Let's do that when we have 3.4
nsbeta1
Keywords: nsbeta1
Keywords: nsbeta1nsbeta1-
*** Bug 131830 has been marked as a duplicate of this bug. ***
Attached image Screenshot of a suggested dynamic UI (obsolete) —
This UI is dynamically rendered from the list of implemented ciphers that can be obtained from NSS at runtime.
Attached patch Patch (obsolete) — Splinter Review
This patch implements the previously shown UI. The real dialog is smaller, and you need to scroll up-down to see all the ciphers. I enlarged the dialog for the screenshot, to allow you to take a look at the complete sort order that is the result of the dynamic code. The patch adds support for allowing the user to configure all implemented ciphers. The code does automatically generate preference strings for the ciphers. In order to be backwards compatible regarding preferences, the preference strings for those ciphers that were already supported in the past did not change. Only for additional ciphers the preference strings are generated automatically, for the other ciphers, the strings are hardcoded. In order to activate additional ciphers we need to change the global preferences file: netwerk/base/public/security-prefs.js Current defaults are: pref("security.ssl2.des_64", true); pref("security.ssl2.des_ede3_192", true); pref("security.ssl2.rc2_128", true); pref("security.ssl2.rc2_40", true); pref("security.ssl2.rc4_128", true); pref("security.ssl2.rc4_40", true); pref("security.ssl3.rsa_1024_des_cbc_sha", true); pref("security.ssl3.rsa_1024_rc4_56_sha", true); pref("security.ssl3.rsa_des_ede3_sha", true); pref("security.ssl3.rsa_des_sha", true); pref("security.ssl3.rsa_fips_des_ede3_sha", true); pref("security.ssl3.rsa_fips_des_sha", true); pref("security.ssl3.rsa_null_md5", false); pref("security.ssl3.rsa_rc2_40_md5", true); pref("security.ssl3.rsa_rc4_128_md5", true); pref("security.ssl3.rsa_rc4_40_md5", true); To the above file, we need to add default preferences for the following new cipher pref strings: security.ssl3.rsa_dhe_aes_256_sha1 security.ssl3.dsa_dhe_aes_256_sha1 security.ssl3.rsa_rsa_aes_256_sha1 security.ssl3.fortezza_rc4_sha security.ssl3.dsa_dhe_rc4_128_sha1 security.ssl3.rsa_dhe_aes_128_sha1 security.ssl3.dsa_dhe_aes_128_sha1 security.ssl3.rsa_rsa_rc4_128_sha1 security.ssl3.rsa_rsa_aes_128_sha1 security.ssl3.rsa_dhe_3des_112_sha1 security.ssl3.dsa_dhe_3des_112_sha1 security.ssl3.fortezza_fortezza_sha security.ssl3.rsa_dhe_des_56_sha1 security.ssl3.dsa_dhe_des_56_sha1 security.ssl3.fortezza_null_sha
Nelson, could you review the screen shot of Kai's proposed UI? This fix should be in nsbeta1 because the new AES ciphersuites for TLS can't be used without a UI to enable them. I would also propose the fix for mozilla1.0 because the new UI will allow users to enable the DHE ciphersuites contributed by Dr. Henson, one of the few major contributions made by people outside the NSS team.
cc thayes
nsbeta1+ as per wtc's comment. Adding patch,review keywords.
Keywords: nsbeta1-nsbeta1+, patch, review
Questions and comments about this UI. 1. Will this window display properly on a 640x480 screen? (I think all PSM windows should display properly on 640x480 screens) Several of the columns appear to be much wider than the maximum width of the data displayed in those columns. Maybe they can be made narrower. 2. I think each and every row in the table should be unique. No two rows should appear to be identical to the user. Yet there are several rows that are repeated. SSL3/TLS 3DES RSA RSA 112 SHA1 FIPS appears twice. SSL3/TLS DES RSA RSA 56 SHA1 FIPS appears 3 times, not consecutive. In these cases, there is probably additional info needed to explain the differences between the rows. Some column should be avilable for that. 3. I'm not sure whether the FIPS column is supposed to mean a) This ciphersuite uses only FIPS approved algorithms, or b) This ciphersuite uses only FIPS approved algorithms, AND NSS's implementation of those algorithms has been validated by NIST, or ??? If it means "a", then the AES cipher suites should also be marked FIPS because AES is now a FIPS cipher. 4. There are 3 rows in this table that display KEA for the Authentication algorithm. These should only appear in the table if a fortezza token (hardware or software) is present. 5. I recognize that some of these comments _may_ imply that changes are needed to the info returned by SSL_GetChannelInfo, etc.
> Questions and comments about this UI. > > 1. Will this window display properly on a 640x480 screen? Yes. Note the screenshot does not show the default size. Before making the screenshot, I enlarged the dialog, to allow us to see all ciphers at once. Normally, you will have to scroll to see all ciphers. > 2. I think each and every row in the table should be unique. No two rows > should appear to be identical to the user. Yet there are several rows > that are repeated. > > In these cases, there is probably additional info needed to explain the > differences between the rows. Some column should be avilable for that. Good catch, I agree, we have to find out why there are duplicate rows. > SSL3/TLS 3DES RSA RSA 112 SHA1 FIPS appears twice. These are generated by the following lines defined in sslinfo.c: {0,CS(SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, }, {0,CS(SSL_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_RSA, C_3DES,B_3DES,M_SHA, 1, }, > SSL3/TLS DES RSA RSA 56 SHA1 FIPS appears 3 times, not consecutive. {0,CS(SSL_RSA_FIPS_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 1, }, {0,CS(SSL_RSA_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 1, }, {0,CS(TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA), S_RSA, K_RSA, C_DES, B_DES, M_SHA, 1, }, Why are there multiple ciphers defined, that have, besides their names, identical attributes? > 3. I'm not sure whether the FIPS column is supposed to mean > a) This ciphersuite uses only FIPS approved algorithms, or > b) This ciphersuite uses only FIPS approved algorithms, AND NSS's > implementation of those algorithms has been validated by NIST, or ??? Please look at the end of file sslinfo.c - By querying SSL_NumImplementedCiphers and SSL_GetCipherSuiteInfo, I'm given the contents of the suiteInfo array, and the last entries of those lines define a boolean "isFIPS". I thought it makes sense to show that value. I thought it means this attribute means, this cipher may be used while in FIPS mode. > If it means "a", then the AES cipher suites should also be marked FIPS > because AES is now a FIPS cipher. In that case the table in sslinfo.c should get updated, and the UI will automatically display that. > 4. There are 3 rows in this table that display KEA for the Authentication > algorithm. These should only appear in the table if a fortezza token > (hardware or software) is present. How I can query that availability?
Here is a proposal for how to resolve these issues. It has two parts. 1. Display another ciphersuite characteristic, the "is exportable", a.k.a. "is an export grade cipher suite" characteristic. Many of the ciphersuites in the list are old "export grade" (read: weaker) ciphersuites. In the late 1990s, the U.S. export regulations were changed, and 56-bit ciphers, including DES, that were formerly not exportable became exportable as long as they were used with public keys of 1024 bits or less. So, two new ciphersuites for SSL3 and TLS were created: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA and TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA is identical to the older non-export 56-bit DES ciphersuite except that (a) it is exportable, and (b) it has that extra 1024-bit public key size limit. If the UI showed the "is exportable" bit, then the exportable ciphersuite TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA would be differentiated from the older "domestic" ciphersuite SSL_RSA_WITH_DES_CBC_SHA. All the export ciphersuites should be distinguished with some explicit identifier as being export ciphersuites, IMO. I could add another bit to the struct SSLCipherSuiteInfoStr to show which ciphersuites are exportable. I'd suggest that, rather than adding another column to the output, that the last column be changed to display other attributes, like FIPS or EXPORT. 2. There are two ciphersuites that are difficult to explain succinctly. They were added to NSS before RFC 2246 (the TLS RFC) was published, and before TLS support was added to NSS. Now that NSS supports TLS, they are obsolete (IMO). They are SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA and SSL_RSA_FIPS_WITH_DES_CBC_SHA. When using TLS (as opposed to SSL v3.0), they are identical to SSL_RSA_WITH_3DES_EDE_CBC_SHA and SSL_RSA_WITH_DES_CBC_SHA respectively. I honestly believe that no-one in the world is using them, and I propose that we permanently disable them in PSM, and not display them in the UI. If additional discussion of this proposal is needed, let's not use this bug report as the vehicle for that discussion. Please send me email instead Thanks.
rangan make sure your read this bug.
Added dependency on bug 132438
Depends on: 132438
Jag, can you please have a look at nsCiphers::nsCiphers in the patch? When I use this patch, an optimized build crashes inside that method. The debug build does not crash. The debugger claims it crashes in nsACString::do_AppendFromElementPtr, called from nsCiphers::nsCiphers, but the rest of the debugger output looks damaged. Is my string usage incorrect? FYI, the variables info.*Name are const char*. Thanks for looking.
Jag, I think I know what happened, I was assuming that using operator= with a string class would cause it to copy the assigned const char* pointer, I was assuming that functionality, because it is used commonly in string classes from other libraries I know. Anyway, I changed the code since yesterday, and I now use Append instead of assignment, and I no longer crash.
I changed the implementation of the cipher dialog completely, please see attached new screenshot. Multiple arguments for this change. I today learned that the user interface widget I was using to implement it will go away very soon, so a re-work was necessary anyway. I made some wrong assumptions about the distinguishability of ciphers. While Nelson is helping me here, it is not sure whether the required change in NSS will make it in time. This new UI is independent of the change - although I'm using the information he provides as implemented in bug 132438, I can easily remove that from the patch. I built the preferences strings dynamically - I now decided to just use the name of the cipher, this seems to be better. If Nelson confirms that the names are unique, this sounds like the simpler approach (because with the previous patch, I would have had to extend the dynamic cipher preference name logic with the fips, export and non-standard attributes). I think one motivation for the cipher dialog is the ability for users to enable ciphers. And most likely, they will learn about ciphers to disable by hearing their standard name. That's why I'm now displaying that name in the UI, together with good explanation of as much attributes as we know about. Nelson explained that most of the new ciphers should be disabled by default. In the prior version of the client, only a limited number of ciphers were in the UI. For any new cipher that should become enabled by default, I would need to know the exact name of that cipher, to be sure we talk about the same ciphers. Thanks!
Attached image Screenshot of new UI suggestion (obsolete) —
Attachment #74942 - Attachment is obsolete: true
Attached patch Patch implementing new UI (obsolete) — Splinter Review
This patch uses the new bits provided in bug 132438. However, they are only used to provide information to the user.
Attachment #74945 - Attachment is obsolete: true
Actually. operator= is supposed to copy, I suspect the problem is more subtle. We don't have operator= for all Assign on all strings (since operator= can't be inherited), and for some we have the generated operator= (which does a shallow copy instead of a deep copy). I suspect you're running into one of these problems (bugs exist on them) but for now it's safer to use .Assign, as you already found.
Kai, I like this new UI much better!
Attached patch Updated patch (obsolete) — Splinter Review
- filtering out fortezza ciphers They have always been disabled in Mozilla it seems. They will be activated soon, once we add correct Fortezza detection to PSM. - filtering out old proprietary FIPS ciphers that should not longer be supported - rename "Exportable" to "USA Exportable" - remove display of "non-standard" attribute
Attachment #75575 - Attachment is obsolete: true
Nelson, Javi, Would you please formally review Kai's patch? Thanks.
Comment on attachment 75956 [details] [diff] [review] Updated patch Move the call to SSL_GetCipherSuiteInfo outside of the NS_ASSERTION to ensure it gets called in optimized builds as well. >+ NS_ASSERTION( >+ SECSuccess == >+ SSL_GetCipherSuiteInfo(cipher_id, &info, sizeof(SSLCipherSuiteInfo)), >+ "unable to get info for implemented cipher"); >+ I don't see any Mac xml file changes for the Mac build. Fix these two issues and r=javi
Attached patch Updated patch (obsolete) — Splinter Review
Thanks, Javi. I think you found the real reason for the crash I saw in the optimized build. This patch adds what you suggested.
Attachment #75956 - Attachment is obsolete: true
Sean, can you please review the string changes in the patch? Thanks. (You can locate them by searching for "dtd" in the latest patch.)
- added a comment that explains the cipher pref string logic - enhanced sanity checking for matching expected struct size - renamed a method
Attachment #76037 - Attachment is obsolete: true
Please note: While the patch allows users to manually enable additional ciphers, none of those additional ciphers will be enabled by default. If we want any of the additional ciphers to become enabled by default, please let me know, and I will create a separate patch to change mozilla/netwerk/base/public/security-prefs.js
I have reviewed the changes to the .h and .cpp files in the above patch. r=nelsonb oX<-< ^ | (me, bow tie signifies formal review. :) I have some concerns about increasing the number of XPCOM idl interfaces required to implement the cipher selection UI, but those are outside the scope of this review.
Comment on attachment 76184 [details] [diff] [review] Updated patch, includes suggestions from nelsonb patch has r=javi and portions r=nelsonb
Attachment #76184 - Flags: review+
Alec, can you please review?
Comment on attachment 76184 [details] [diff] [review] Updated patch, includes suggestions from nelsonb Also, this giant case statement, switch (cipher_id) would be much faster with a hardcoded table that mapped a cipher_id to a pref. in fact, the whole mCipherPrefs/mWantedCiphers system could be implemented as a static table, which would take up less memory and be faster, requiring no initialization. Also, nsIPref is deprecated, you should be using nsIPrefBranch (you can QueryInterface nsIPref to nsIPrefBranch, or you can >+nsCiphers* nsCiphers::singleton = nsnull; >+ >+void nsCiphers::InitSingleton() >+{ >+ NS_ASSERTION(!singleton, "trying to instantiate nsCiphers::singleton twice"); >+ >+ singleton = new nsCiphers(); >+} >+ >+void nsCiphers::DestroySingleton() >+{ >+ delete singleton; >+ singleton = nsnull; >+} >+ >+nsCiphers::nsCiphers() >+{ >+ // count number of wanted ciphers >+ >+ mWantedCiphers = new PRBool[SSL_NumImplementedCiphers]; >+ mCipherPrefs = new CipherPref[SSL_NumImplementedCiphers]; >+ So this is fine, but you could make your code a WHOLE lot cleaner and less heap-intensive if you made SSL_NumImpementedCiphers into a #define, and then made member variables of nsCiphers like mWantedSpihers declared like PRBool mWantedCiphers[SSL_NumImplementedCiphers]; but since SSL_NumImplementedCiphers is a variable, you can't do this... >+ if (!mCipherPrefs || !mWantedCiphers) >+ return; >+ >+ for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i) >+ { >+ PRUint16 cipher_id = SSL_ImplementedCiphers[i]; >+ >+ switch (cipher_id) in fact, this whole for-loop/switch statement is quite inefficient. you could do this much faster with some sort of static table struct cipher_info { PRInt32 cipher_id; PRBool wanted; const char* pref; }; then cipher_info cipher_defaults[] = { { { SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, PR_TRUE, "security.ssl2.rc4_128" }, {...} if the table is read-only, which it looks like to me, then you could just use this table as a direct reference, and you'd save yourself initialization time. >+ default: >+ { >+ SSLCipherSuiteInfo info; >+ SECStatus res = SSL_GetCipherSuiteInfo(cipher_id, &info, sizeof(info)); you'd handle this case, with some special flag, or |nsnull| for the pref name.. >+char *nsCiphers::GetPrefString(PRUint16 cipher_id) >+{ this would be as simple as { return ToNewCString(cipher_defaults[cipher_id].pref); } >Index: mozilla/security/manager/ssl/src/nsCipherInfo.h >=================================================================== >+ static nsCiphers *singleton; >+ >+ struct CipherPref { >+ CipherPref() :id(0) {} >+ >+ PRUint16 id; >+ nsCAutoString pref; ack! autostrings should not be used inside structures, without at least a comment to indicate why you're doing it. i.e. "safe because pref names are always < 64 characters, so this saves us the extra allocation" >+ >+private: >+ PRBool good; >+ SSLCipherSuiteInfo info; These are member variables, and should begin with "m" as in "mGood" and "mInfo" otherwise it's not clear in the implementation where "info." came from. (I was confused until I saw this declaration) >-static CipherPref CipherPrefs[] = { >-/* SSL2 ciphers */ >- {"security.ssl2.rc4_128", SSL_EN_RC4_128_WITH_MD5}, >- {"security.ssl2.rc2_128", SSL_EN_RC2_128_CBC_WITH_MD5}, >- {"security.ssl2.des_ede3_192", SSL_EN_DES_192_EDE3_CBC_WITH_MD5}, oh my goodness! You already had this table! Why not use it? it seems perfect!
Attachment #76184 - Flags: needs-work+
argh, I added comments to the patch, but mozilla interrupted the submit before the spam went out. Anyway, go read the comments :)
Alec, I would like to veto some parts of your veto :) But I realize my patch needs more explanation. Mozilla and NSS are separate products, while Mozilla uses NSS as an external library. Up to now, Mozilla used a hardcoded UI, only offering some hard coded ciphers for selection. But we decided that with this approach, Mozilla is always "behind" NSS, because for every added cipher in NSS we need to - become aware of that - update the UI Even worse, the number of ciphers is now large enough to justify a list with ciphers, rather than using a dialog with static checkboxes. You suggested that the "wanted" attribute should become part of a static table. But I don't want a static table anymore, because that would mean, I again need to hard code all ciphers in the code. While there is some table of ciphers and their attributes in NSS, we can't add the "wanted" attribute there, because what's wanted and what's not is a Mozilla application decision, while NSS is used by many different applications. The whole idea was, at runtime, query the available NSS library, and figure out which encryption algorithms it supports. Filter out any algorithms that we don't want to use for some reason, but keep all the others. Do not enable those ciphers by default, but do allow users to enable those ciphers manually. This also requires that preference strings for new ciphers must be created dynamically. But we must be backwards compatible, and old cipher prefs, that users will still have, must continue to work correctly, so we must continue to use the old pref strings that have always been hard coded. Therefore I think we don't have a choice and need to use the dynamic code.
> ack! autostrings should not be used inside structures, without at least a > comment > to indicate why you're doing it. i.e. "safe because pref names are always < 64 > characters, > so this saves us the extra allocation" Ok, I will change this to nsCString. I think the pref strings will be <64 most of the time, but I can't guarantee that. I thought, nsCAutoString is still save for usage in structs, because if the string get's larger, a dynamic string will be used. But thinking about it, this would cause 64 bytes to become wasted for each larger string, so I agree that changing to nsCString is a good idea. > These are member variables, and should begin with "m" as in "mGood" and "mInfo" > otherwise > it's not clear in the implementation where "info." came from. (I was confused > until I > saw this declaration) Ok, sorry, changed.
I agree that the intent here is to use NSS's information to build the UI dynamtically, rather than duplicating all that info in PSM, and thereby doubling the maintenance burden (having to update PSM each time NSS is updated). With Kai's dynamic UI code, if the user gets a new NSS DLL/DSO that implements new ciphersuites, the UI will automatically show them, and will automatically create/handle preferences for them.
ok, but your patch doesn't buy you any of that... the table is still read-only and all you've done is move initialization of the table from a static page in memory to a table that is initialized via C++ code. It's still a read-only table... basically, you patch does two orthagonal things: 1) creates a way to enumerate the table of ciphers and gather data about each one 2) change the method of initialization of this table I'm "vetoing" only the 2nd part. I think the interfaces and the XUL/JS are great! The problem I see with doing initialization in the way you have, is that maintenance of this list is going to be a huge headache, plus you've signifigantly increased the complexity of the code for no real gain. as a simple example, imagine this severely reduced case: some_structure myArray[3]; for (i=0; i<3; i++) { some_structure& this_entry=myArray[i]; switch (i) { case 0: this_entry.pref = "abc"; break; case 1: this_entry.pref = "def"; break; case 2: this_entry.pref = "ghi"; break; } } This is exactly the same as: myArray[0].pref = "abc"; myArray[1].pref = "def"; myArray[2].pref = "ghi"; and do you see that this is equivalent to writing: const some_structure myArray[] = { { ...., "abc", ...} }, { { ...., "def", ...} }, { { ...., "ghi", ...} }, (the only difference being that this last case is read-only) I do see the slight difference in that in SOME cases (i.e. the default: fall-through to SSL_GetCipherSuiteInfo()) you need to dynamically fill in the table, but you can either 1) hide this dynamically behind the interface to this table by falling through at runtime if the given entry in the table doesn't have the information you need.. 2) doing a one-time copy of this table into a single structure in memory (i.e. with memcpy()) and then tweaking the table if any information is missing.
The numeric values of cipher_id are a sparse set, not numerically continuous. So, rather than indexing the table myArray (the name from your example) with it, the cipher_id would be another entry in each row, and the table would have to be searched. I think the efficiency of that is comparable to the existing loop with switch. No?
> Also, nsIPref is deprecated, you should be using nsIPrefBranch (you can > QueryInterface nsIPref to nsIPrefBranch, or you can I would like to ask we file a separate bug on this code maintenance issue, because: - I'm not writing new code that accesses nsIPref - in order to change all occurrences of nsIPref in the patch to nsIPrefBranch, I'd be required to change all occurrences in nsNSSComponent. But it is using some callback notification functionality, which nsIPrefBranch does not seem to support.
Attached patch Updated patch (obsolete) — Splinter Review
- UI strings in this patch are r=cotter - added help button as discuseed with cotter and nelsonb - renamed variable names as suggested by alecf - now using nsCString instead of nsCAutoString
Attachment #76184 - Attachment is obsolete: true
re: the sparse-ness issue. I disagree that the switch() is comparable...because in both cases (your patch and my suggestion) you have to iterate through every entry in the table. There is no searching involved in either your version or mine. Since my version would actually execute less code in each iteration through the loop, I assert that mine is more efficient :) I really think that if you think about how one would go about implementing what I'm suggesting, you'll find its really much better than you think :) - your patch will be much smaller, the code will be faster, less memory will be allocated, and maintenance (i.e. adding/removing new ciphers) should be easier. re: nsIPref, that sounds fine to me.
> I really think that if you think about how one would go about implementing what > I'm suggesting, you'll find its really much better than you think :) - your > patch will be much smaller, the code will be faster, less memory will be > allocated, and maintenance (i.e. adding/removing new ciphers) should be easier. I wish I did, but I don't. I'm having trouble to find arguments, because I think everything has been said already. Are we only talking about the constructor of that singleton that will be only executed once? Are you aware that values of cipher_id will be like 0xFF01 ? If I try to write an array like you suggested, that does not use indices like 0xFF01, but of course values like 0, 1, 2..., I will have to introduce yet another look up array: int hardCodedCipherIDs[] = { SSL_RSA_WITH_RC4_128_SHA, ... }; const char *hardCodedPrefStrings[] = { "security.ssl2.bla", ... }; struct dynamicPrefStrings { int cipher_id; nsCString pref; } And every time I need a string, I will have to do two steps: - iterate over hardCodedCipherIDs and try to find the cipher_id - if found, fetch the value from the hard coded array - if not found, iterate over the array of dynamicPrefStrings I CAN NOT use a single simple array for all the ciphers, because I don't know that set at compile time. I must use a dynamic structure. If you want me to avoid copying the strings in that constructor, I'll have to use a crazy structure that dynamically points to either a string from the data segment, or one from the heap. And of course, I'll need another bool to indicate that state, because I want to clean up on shut down.
Attached patch Alternative patch (obsolete) — Splinter Review
Alec, I hope this patch is closed to what you prefer. Please note: This is a UI relevant patch. If we want that feature, it must land by tomorrow. Thanks!
Typo, instead of "closed" I wanted to say: Alec, I hope this is closer to what you prefer.
As I predicted in comment 47, and Kaie did in comment 51, this latest patch, which seems to do what Alec requested, has to do a search to find the entry in PSM's table corresponding to the entry in NSS's table. If we knew that both tables were sorted in ascending order by cipher_id, then we could remember the index in PSM's table to the previously found matching entry, and start each search from that index and stop the search when we found an entry in PSM's table with a greater cipher_id. That would probably be most efficient, even better than binary search. Of course the difference in execution times between these is probably much less than a millisecond, but if the point of Alec's review is efficiency, then we really should pick the most efficient.
upon my initial scan, this patch looks like it: 1) does a whole lot less initialization 2) spends just as much time searching as the previous patch so, it looks good. I'm continuing to review now.
The approach is generally better. Now, you may say "But now I'm doing an n^2 loop!" - the fact is that the old switch statement played the same roll as the n^2 loop, but took up far more space in both code and data! In fact, with a tigher loop, you keep your code pages small, and thus more data wants to stay in the processor's cache. And now, you do have the option of someday improving isCipherWithHistoricaPrefString() in some of the ways nelson suggested. I have a few more comments (all pretty trivial) 1) put the "wanted" attribute in the struct_historical_cipher_pref_strings structure as "isWanted" - I would call the structure something like struct_historical_cipher_overrides since they override more than just the pref - you'll save yourself the 6 lookups for each iteration through the array (i.e. leverage the existing call to isCipherWithHistoricalPrefString()) 2) use PRPackedBool when you have more than 2 booleans in a structure - it keeps the structure smaller by only using 8 bits per boolean (instead of 32) 3) use nsCAutoString when using strings on a stack. (i.e. see nsCString pref;) 4) nsIEnumerator is deprecated. please use nsISimpleEnumerator. (use NS_NewArrayEnumerator() in nsEnumeratorUtils.h) 5) in ListCiphers, why bother re-creating the NS_ISupportsArray every time - cache it in nsCipherInfoService and then all you have to do is call NS_NewArrayEnumerator each time after the first initialization. (should be as simple as just switching |array| to a member variable, and checking if (!mCipherArray) to see if you need to initialize it lazily... it will save you SSL_NumImplementedCiphers + 1 allocations for every call to ListCiphers() 6) use NS_NEWXPCOM when new'ing objects that have default constructors 7) you don't need this: + nsCOMPtr<nsICipherInfo> ci = nsCI; + you can just add NS_STATIC_CAST(nsICipherInfo*, nsCI) directly to the nsISupportsArray (wherever it ends up) I guess that's it.
I should add that one thing you could if you can't finish this today is check in the additional strings in the DTD (i.e. without removing the old ones) - it would be a lot easier to get special dispensation after today if the localizable strings are already in the tree. so, sr=alecf on the JS, xul, and DTD.
Attached patch Patch part 1/3Splinter Review
> 1) put the "wanted" attribute in the struct_historical_cipher_pref_strings > structure as "isWanted" - I would call the structure something like > struct_historical_cipher_overrides since they override more than just the pref - > you'll save yourself the 6 lookups for each iteration through the array (i.e. > leverage the existing call to isCipherWithHistoricalPrefString()) I don't want to, actually I realize that my code should in a future version be changed to dynamically look at that fortezza attribute. While currently all fortezza type ciphers happen to have historical cipher pref names, this is not a given fact. Generally, that "wanted" attribute is something that can be decided dynamically at runtime, by looking at the attributes of available ciphers, and is not limited to those ciphers that had historical preference string names. > 2) use PRPackedBool when you have more than 2 booleans in a structure - it keeps > the structure smaller by only using 8 bits per boolean (instead of 32) ok, done. > 3) use nsCAutoString when using strings on a stack. (i.e. see nsCString pref;) ok, done. > 4) nsIEnumerator is deprecated. please use nsISimpleEnumerator. (use > NS_NewArrayEnumerator() in nsEnumeratorUtils.h) ok, done. > 5) in ListCiphers, why bother re-creating the NS_ISupportsArray every time - > cache it in nsCipherInfoService and then all you have to do is call > NS_NewArrayEnumerator each time after the first initialization. (should be as > simple as just switching |array| to a member variable, and checking if > (!mCipherArray) to see if you need to initialize it lazily... it will save you > SSL_NumImplementedCiphers + 1 allocations for every call to ListCiphers() ok, done > 6) use NS_NEWXPCOM when new'ing objects that have default constructors ok, done. > 7) you don't need this: > + nsCOMPtr<nsICipherInfo> ci = nsCI; > + > > you can just add NS_STATIC_CAST(nsICipherInfo*, nsCI) directly to the > nsISupportsArray (wherever it ends up) ok, done
> I should add that one thing you could if you can't finish this today is check in > the additional strings in the DTD (i.e. without removing the old ones) - it > would be a lot easier to get special dispensation after today if the localizable > strings are already in the tree. > > so, sr=alecf on the JS, xul, and DTD. Thanks, but that would be complicated, the only thing I could check in were the added strings, but all the rest would have to stay in place to not break any functionality. It would be cooler if we could land it in a single piece today.
Comment on attachment 76776 [details] [diff] [review] Patch part 1/3 nice turnaround :) sr=alecf (I was only suggesting the DTD workaround in case you couldn't get this patch ready by today - clearly no problem there!)
Attachment #76776 - Flags: superreview+
Attachment #76335 - Attachment is obsolete: true
Attachment #76651 - Flags: review+
Attachment #76776 - Flags: review+
Attachment #76651 - Attachment is obsolete: true
Attachment #76651 - Flags: review+
Comment on attachment 76776 [details] [diff] [review] Patch part 1/3 a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #76776 - Flags: approval+
Keywords: adt1.0.0
Marking as adt1.0.0- per ADT triage.
Keywords: adt1.0.0adt1.0.0-
remove nsbeta1+ Let's check this in the trunk. target 2.3 We want to get this on the 1.0.0 branch at some point.
Keywords: nsbeta1+
Target Milestone: 2.2 → 2.3
Well. The latest patch does not compile on Windows. Luckily I tried before checking it in. :) The problem is: I still have a "const char*" from my originally concept, and are trying to assign and delete that pointer. Deletion fails on Windows. But, changing the pointer to be "char*" does not work, either, because in that case, assining a string from the data segment does not work (sigh). I don't like casting away const, and this means I have to use another pointer per cipher in our data structure. I'm attaching an incremental patch, so we need review on the new patch in addition.
Attached patch Incremental patch (obsolete) — Splinter Review
Attached patch Patch part 2/3Splinter Review
Actually, I realized that I must not use delete to delete results from ToNewCString, but nsMemory::Free().
Attachment #78688 - Attachment is obsolete: true
Comment on attachment 78691 [details] [diff] [review] Patch part 2/3 sr=alecf.. this protects you well.
Attachment #78691 - Flags: superreview+
Checked in to the trunk.
Unfortunately there is a problem with the UI used by the new implementation. The code I produced does no longer work. I suspect this could be a general regression in XUL code. Please see bug 137530 which tracks the new problem.
Depends on: 137530
Now that bug 137530 seems to be fixed, I'm marking this one fixed as well.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified on the 5/9 trunk
Reopening. I don't get any traction on bug 137530. The 1.1alpha freeze is tomorrow, and it does not make sense to have broken code checked in. I'm asking for permission to back the code out, reverting to the previous UI and limited list of ciphers. Javi, Alec, can you please give me r=/sr= to back this patch and the non-succeeding patch from bug 137530?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
sr=alecf - really sorry to see this miss!
r=javi for backout. Too bad.
I have backed it out. We are back at the cipher UI and list that was in place before I worked on this bug. This is not the last word on this bug, and most of the code is still correct. We just need to make sure that we use a kind of UI that is commonly used in Mozilla. The approach used with this patch, checkboxes in multi-column-listboxes, is not used anywhere else, and I couldn't find support from XUL people who could make it work again. I have two ideas how a simpler UI could look like. Idea 1: ======= Instead of using a multi-column-listbox with checkboxes, we could use a single-column-listbox with checkboxes. Those are actually used already, for example in Edit/Prefs/Advanced/Scripts, and in another place on Windows only. However, that control is broken, too, when the list of items is large enough to require a scrollbar (you can't toggle checkboxes further down in the list). Our list is large. Idea 2: ======= Do not use any checkboxes within the listbox. Just display a list where the list items show the name of the cipher, and a string "enabled" or "disabled". When a user selects an entry, we update the text info section. In addition, the text info section also would contain a checkbox that allows to enable or disable the cipher, and if the user toggles, we update the "enabled" string in the listbox to disabled. Would that UI be acceptable?
Attached image Suggested new UI, using simpler widgets (obsolete) —
This is a screenshot of what I describe at the end of the previous comment.
Attachment #75574 - Attachment is obsolete: true
Comment on attachment 83632 [details] Suggested new UI, using simpler widgets wrong image
Attachment #83632 - Attachment is obsolete: true
Attached image Suggested new UI, using simpler widgets (obsolete) —
Comment on attachment 76776 [details] [diff] [review] Patch part 1/3 Required patch part 1
Attachment #76776 - Attachment description: Updated patch → Patch part 1/3
Attachment #78691 - Attachment description: Better incremental patch → Patch part 2/3
Attached patch Patch part 3/3 (obsolete) — Splinter Review
This is an incremental patch, based on what has already been reviewed in the previous patches. It implements the new UI as shown in the screenshot. It uses simpler widgets. No more checkboxes in listboxes. Each line in the listbox displays the name of a cipher. In front of the name, there will be an "x" shown if the cipher is currently enabled. If you click an entry in the list, the detailed information secction will update. In addition, the checkbox to the right of the list will be set to the enabled state of the selected cipher. If the user toggles the checkbox, the x in the list in front of the cipher name will also be shown/removed.
Here is the explanation for the lot of spam today. First, I thought, this bug would not have a high priority. Therefore I decided to back it out, to at least have not broken code in the Mozilla trunk. Then I received today the high priority request as described in bug 144510, to add support for AES ciphers. This changed things, and because I'd prefer to not work on the old UI any more, and we all want all the ciphers, I decided to work on this bug right away. I would like to land this on the trunk again. I would then like to also land this on the branch. If ADT allows this new UI for the branch, but we or ADT only want a different set of ciphers, we still could land an adjusted variation of this on the branch. I have tested the patch on Windows and Linux.
just a UI comment - elsewhere in the product, we have enabled/disabled stuff on the RIGHT side of the item you're enabling/disabling, and details about the item below the list of items - see the mail filter UI, and the mail subscription UI for enable/disable stuff in listboxes, and the security choose-a-certificate UI for the details-below-the-list bit. I'm not sure an extra checkbox in the details side is really necessary - you can just allow the user to check/uncheck the items in the list. finally, I haven't looked at the patch in enough detail to know yet, but if you're not using the standard checkmark/dot notation, go steal the styles from the mail filters and mail subscription UI, for consistency.
Alec, thanks a lot for your comment and the pointers to the other dialogs in Mozilla. Sigh, I wish I had spotted them before. The first implementation, the one that I backed out, actually used the same approach as the mail filters. For some reason, my implementation of the UI did not work correctly. I asked around, and nobody could explain why it did not work. But now that I see that it actually works as expected in the mail filter dialog, this gives me new hope. With that reference code, I should be able to find the required XUL magic that makes the previous UI work.
Status: REOPENED → ASSIGNED
Alec, I looked at how the mail filter dialog is implemented. It is not simple code, but it uses several tricks to make the checkbox-in-listbox work. There are rules, actions, bindings, datasources, manual mouse-click-to-clicked-cell calculation. Of course it would be possible for me to duplicate that and do the same in the cipher dialog. But I wonder whether it is really worth to do all that additional work for the simple requirement we have. Given that the cipher dialog will not be used often. Given how much time I already put into this, I'd rather stay with the simple UI and the separate check box. If you prefer, I can put the x column to the right of the cipher name, and display the info below the list, if you think that's better.
I'm surprised its that much work - I'm guessing its just an XBL binding line in CSS, maybe another line or two to get the images right...and then some sort of onclick handler...but if its really more work then just file a bug for the future behavior, you never know - someone else might tackle it..
> I'm surprised its that much work - I'm guessing its just an XBL binding line in > CSS, maybe another line or two to get the images right...and then some sort of > onclick handler... The work consists of: - understand the XUL tricks the other dialogs are using - test what I produce is correct and works on all platforms There are no such requirements with the simple new UI I have implemented. It uses simple widgets and will just work. > but if its really more work then just file a bug for the > future behavior, you never know - someone else might tackle it.. I have filed bug 144812
Attachment #83635 - Attachment is obsolete: true
Blocks: sslciphers
Keywords: nsbeta1
Because this bug is already complex, and I'll be using a different strategy to implement, I have filed the fresh bug 184940. *** This bug has been marked as a duplicate of 184940 ***
No longer blocks: sslciphers
Status: ASSIGNED → RESOLVED
Closed: 23 years ago22 years ago
Keywords: adt1.0.0-, nsbeta1, patch, review
Resolution: --- → DUPLICATE
Verified dupe.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: