1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/socket/nss_ssl_util.h" 6 7 #include <nss.h> 8 #include <secerr.h> 9 #include <ssl.h> 10 #include <sslerr.h> 11 #include <sslproto.h> 12 13 #include <string> 14 15 #include "base/bind.h" 16 #include "base/lazy_instance.h" 17 #include "base/logging.h" 18 #include "base/memory/singleton.h" 19 #include "base/threading/thread_restrictions.h" 20 #include "base/values.h" 21 #include "build/build_config.h" 22 #include "crypto/nss_util.h" 23 #include "net/base/net_errors.h" 24 #include "net/base/net_log.h" 25 26 #if defined(OS_WIN) 27 #include "base/win/windows_version.h" 28 #endif 29 30 namespace net { 31 32 class NSSSSLInitSingleton { 33 public: 34 NSSSSLInitSingleton() { 35 crypto::EnsureNSSInit(); 36 37 NSS_SetDomesticPolicy(); 38 39 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); 40 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); 41 42 // Disable ECDSA cipher suites on platforms that do not support ECDSA 43 // signed certificates, as servers may use the presence of such 44 // ciphersuites as a hint to send an ECDSA certificate. 45 bool disableECDSA = false; 46 #if defined(OS_WIN) 47 if (base::win::GetVersion() < base::win::VERSION_VISTA) 48 disableECDSA = true; 49 #endif 50 51 // Explicitly enable exactly those ciphers with keys of at least 80 bits 52 for (int i = 0; i < num_ciphers; i++) { 53 SSLCipherSuiteInfo info; 54 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, 55 sizeof(info)) == SECSuccess) { 56 bool enabled = info.effectiveKeyBits >= 80; 57 if (info.authAlgorithm == ssl_auth_ecdsa && disableECDSA) 58 enabled = false; 59 60 // Trim the list of cipher suites in order to keep the size of the 61 // ClientHello down. DSS, ECDH, CAMELLIA, SEED and ECC+3DES cipher 62 // suites are disabled. 63 if (info.symCipher == ssl_calg_camellia || 64 info.symCipher == ssl_calg_seed || 65 (info.symCipher == ssl_calg_3des && info.keaType != ssl_kea_rsa) || 66 info.authAlgorithm == ssl_auth_dsa || 67 info.nonStandard || 68 strcmp(info.keaTypeName, "ECDH") == 0) { 69 enabled = false; 70 } 71 72 if (ssl_ciphers[i] == TLS_DHE_DSS_WITH_AES_128_CBC_SHA) { 73 // Enabled to allow servers with only a DSA certificate to function. 74 enabled = true; 75 } 76 SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled); 77 } 78 } 79 80 // Enable SSL. 81 SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); 82 83 // All other SSL options are set per-session by SSLClientSocket and 84 // SSLServerSocket. 85 } 86 87 ~NSSSSLInitSingleton() { 88 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. 89 SSL_ClearSessionCache(); 90 } 91 }; 92 93 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton = 94 LAZY_INSTANCE_INITIALIZER; 95 96 // Initialize the NSS SSL library if it isn't already initialized. This must 97 // be called before any other NSS SSL functions. This function is 98 // thread-safe, and the NSS SSL library will only ever be initialized once. 99 // The NSS SSL library will be properly shut down on program exit. 100 void EnsureNSSSSLInit() { 101 // Initializing SSL causes us to do blocking IO. 102 // Temporarily allow it until we fix 103 // http://code.google.com/p/chromium/issues/detail?id=59847 104 base::ThreadRestrictions::ScopedAllowIO allow_io; 105 106 g_nss_ssl_init_singleton.Get(); 107 } 108 109 // Map a Chromium net error code to an NSS error code. 110 // See _MD_unix_map_default_error in the NSS source 111 // tree for inspiration. 112 PRErrorCode MapErrorToNSS(int result) { 113 if (result >=0) 114 return result; 115 116 switch (result) { 117 case ERR_IO_PENDING: 118 return PR_WOULD_BLOCK_ERROR; 119 case ERR_ACCESS_DENIED: 120 case ERR_NETWORK_ACCESS_DENIED: 121 // For connect, this could be mapped to PR_ADDRESS_NOT_SUPPORTED_ERROR. 122 return PR_NO_ACCESS_RIGHTS_ERROR; 123 case ERR_NOT_IMPLEMENTED: 124 return PR_NOT_IMPLEMENTED_ERROR; 125 case ERR_SOCKET_NOT_CONNECTED: 126 return PR_NOT_CONNECTED_ERROR; 127 case ERR_INTERNET_DISCONNECTED: // Equivalent to ENETDOWN. 128 return PR_NETWORK_UNREACHABLE_ERROR; // Best approximation. 129 case ERR_CONNECTION_TIMED_OUT: 130 case ERR_TIMED_OUT: 131 return PR_IO_TIMEOUT_ERROR; 132 case ERR_CONNECTION_RESET: 133 return PR_CONNECT_RESET_ERROR; 134 case ERR_CONNECTION_ABORTED: 135 return PR_CONNECT_ABORTED_ERROR; 136 case ERR_CONNECTION_REFUSED: 137 return PR_CONNECT_REFUSED_ERROR; 138 case ERR_ADDRESS_UNREACHABLE: 139 return PR_HOST_UNREACHABLE_ERROR; // Also PR_NETWORK_UNREACHABLE_ERROR. 140 case ERR_ADDRESS_INVALID: 141 return PR_ADDRESS_NOT_AVAILABLE_ERROR; 142 case ERR_NAME_NOT_RESOLVED: 143 return PR_DIRECTORY_LOOKUP_ERROR; 144 default: 145 LOG(WARNING) << "MapErrorToNSS " << result 146 << " mapped to PR_UNKNOWN_ERROR"; 147 return PR_UNKNOWN_ERROR; 148 } 149 } 150 151 // The default error mapping function. 152 // Maps an NSS error code to a network error code. 153 int MapNSSError(PRErrorCode err) { 154 // TODO(port): fill this out as we learn what's important 155 switch (err) { 156 case PR_WOULD_BLOCK_ERROR: 157 return ERR_IO_PENDING; 158 case PR_ADDRESS_NOT_SUPPORTED_ERROR: // For connect. 159 case PR_NO_ACCESS_RIGHTS_ERROR: 160 return ERR_ACCESS_DENIED; 161 case PR_IO_TIMEOUT_ERROR: 162 return ERR_TIMED_OUT; 163 case PR_CONNECT_RESET_ERROR: 164 return ERR_CONNECTION_RESET; 165 case PR_CONNECT_ABORTED_ERROR: 166 return ERR_CONNECTION_ABORTED; 167 case PR_CONNECT_REFUSED_ERROR: 168 return ERR_CONNECTION_REFUSED; 169 case PR_NOT_CONNECTED_ERROR: 170 return ERR_SOCKET_NOT_CONNECTED; 171 case PR_HOST_UNREACHABLE_ERROR: 172 case PR_NETWORK_UNREACHABLE_ERROR: 173 return ERR_ADDRESS_UNREACHABLE; 174 case PR_ADDRESS_NOT_AVAILABLE_ERROR: 175 return ERR_ADDRESS_INVALID; 176 case PR_INVALID_ARGUMENT_ERROR: 177 return ERR_INVALID_ARGUMENT; 178 case PR_END_OF_FILE_ERROR: 179 return ERR_CONNECTION_CLOSED; 180 case PR_NOT_IMPLEMENTED_ERROR: 181 return ERR_NOT_IMPLEMENTED; 182 183 case SEC_ERROR_LIBRARY_FAILURE: 184 return ERR_UNEXPECTED; 185 case SEC_ERROR_INVALID_ARGS: 186 return ERR_INVALID_ARGUMENT; 187 case SEC_ERROR_NO_MEMORY: 188 return ERR_OUT_OF_MEMORY; 189 case SEC_ERROR_NO_KEY: 190 return ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY; 191 case SEC_ERROR_INVALID_KEY: 192 case SSL_ERROR_SIGN_HASHES_FAILURE: 193 LOG(ERROR) << "ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: NSS error " << err 194 << ", OS error " << PR_GetOSError(); 195 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; 196 // A handshake (initial or renegotiation) may fail because some signature 197 // (for example, the signature in the ServerKeyExchange message for an 198 // ephemeral Diffie-Hellman cipher suite) is invalid. 199 case SEC_ERROR_BAD_SIGNATURE: 200 return ERR_SSL_PROTOCOL_ERROR; 201 202 case SSL_ERROR_SSL_DISABLED: 203 return ERR_NO_SSL_VERSIONS_ENABLED; 204 case SSL_ERROR_NO_CYPHER_OVERLAP: 205 case SSL_ERROR_PROTOCOL_VERSION_ALERT: 206 case SSL_ERROR_UNSUPPORTED_VERSION: 207 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; 208 case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: 209 case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: 210 case SSL_ERROR_ILLEGAL_PARAMETER_ALERT: 211 return ERR_SSL_PROTOCOL_ERROR; 212 case SSL_ERROR_DECOMPRESSION_FAILURE_ALERT: 213 return ERR_SSL_DECOMPRESSION_FAILURE_ALERT; 214 case SSL_ERROR_BAD_MAC_ALERT: 215 return ERR_SSL_BAD_RECORD_MAC_ALERT; 216 case SSL_ERROR_DECRYPT_ERROR_ALERT: 217 return ERR_SSL_DECRYPT_ERROR_ALERT; 218 case SSL_ERROR_UNSAFE_NEGOTIATION: 219 return ERR_SSL_UNSAFE_NEGOTIATION; 220 case SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY: 221 return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY; 222 case SSL_ERROR_HANDSHAKE_NOT_COMPLETED: 223 return ERR_SSL_HANDSHAKE_NOT_COMPLETED; 224 case SEC_ERROR_BAD_KEY: 225 case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE: 226 // TODO(wtc): the following errors may also occur in contexts unrelated 227 // to the peer's public key. We should add new error codes for them, or 228 // map them to ERR_SSL_BAD_PEER_PUBLIC_KEY only in the right context. 229 // General unsupported/unknown key algorithm error. 230 case SEC_ERROR_UNSUPPORTED_KEYALG: 231 // General DER decoding errors. 232 case SEC_ERROR_BAD_DER: 233 case SEC_ERROR_EXTRA_INPUT: 234 return ERR_SSL_BAD_PEER_PUBLIC_KEY; 235 236 default: { 237 if (IS_SSL_ERROR(err)) { 238 LOG(WARNING) << "Unknown SSL error " << err 239 << " mapped to net::ERR_SSL_PROTOCOL_ERROR"; 240 return ERR_SSL_PROTOCOL_ERROR; 241 } 242 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; 243 return ERR_FAILED; 244 } 245 } 246 } 247 248 // Returns parameters to attach to the NetLog when we receive an error in 249 // response to a call to an NSS function. Used instead of 250 // NetLogSSLErrorCallback with events of type TYPE_SSL_NSS_ERROR. 251 base::Value* NetLogSSLFailedNSSFunctionCallback( 252 const char* function, 253 const char* param, 254 int ssl_lib_error, 255 NetLog::LogLevel /* log_level */) { 256 base::DictionaryValue* dict = new base::DictionaryValue(); 257 dict->SetString("function", function); 258 if (param[0] != '\0') 259 dict->SetString("param", param); 260 dict->SetInteger("ssl_lib_error", ssl_lib_error); 261 return dict; 262 } 263 264 void LogFailedNSSFunction(const BoundNetLog& net_log, 265 const char* function, 266 const char* param) { 267 DCHECK(function); 268 DCHECK(param); 269 net_log.AddEvent( 270 NetLog::TYPE_SSL_NSS_ERROR, 271 base::Bind(&NetLogSSLFailedNSSFunctionCallback, 272 function, param, PR_GetError())); 273 } 274 275 } // namespace net 276