Home | History | Annotate | Download | only in socket 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/socket/nss_ssl_util.h"
      6 
      7 #include <nss.h>
      8 #include <secerr.h>
      9 #include <ssl.h>
     10 #include <sslerr.h>
     11 #include <sslproto.h>
     12 
     13 #include <string>
     14 
     15 #include "base/bind.h"
     16 #include "base/lazy_instance.h"
     17 #include "base/logging.h"
     18 #include "base/memory/singleton.h"
     19 #include "base/threading/thread_restrictions.h"
     20 #include "base/values.h"
     21 #include "build/build_config.h"
     22 #include "crypto/nss_util.h"
     23 #include "net/base/net_errors.h"
     24 #include "net/base/net_log.h"
     25 
     26 #if defined(OS_WIN)
     27 #include "base/win/windows_version.h"
     28 #endif
     29 
     30 namespace net {
     31 
     32 class NSSSSLInitSingleton {
     33  public:
     34   NSSSSLInitSingleton() {
     35     crypto::EnsureNSSInit();
     36 
     37     NSS_SetDomesticPolicy();
     38 
     39     const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
     40     const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
     41 
     42     // Disable ECDSA cipher suites on platforms that do not support ECDSA
     43     // signed certificates, as servers may use the presence of such
     44     // ciphersuites as a hint to send an ECDSA certificate.
     45     bool disableECDSA = false;
     46 #if defined(OS_WIN)
     47     if (base::win::GetVersion() < base::win::VERSION_VISTA)
     48       disableECDSA = true;
     49 #endif
     50 
     51     // Explicitly enable exactly those ciphers with keys of at least 80 bits
     52     for (int i = 0; i < num_ciphers; i++) {
     53       SSLCipherSuiteInfo info;
     54       if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info,
     55                                  sizeof(info)) == SECSuccess) {
     56         bool enabled = info.effectiveKeyBits >= 80;
     57         if (info.authAlgorithm == ssl_auth_ecdsa && disableECDSA)
     58           enabled = false;
     59 
     60         // Trim the list of cipher suites in order to keep the size of the
     61         // ClientHello down. DSS, ECDH, CAMELLIA, SEED and ECC+3DES cipher
     62         // suites are disabled.
     63         if (info.symCipher == ssl_calg_camellia ||
     64             info.symCipher == ssl_calg_seed ||
     65             (info.symCipher == ssl_calg_3des && info.keaType != ssl_kea_rsa) ||
     66             info.authAlgorithm == ssl_auth_dsa ||
     67             info.nonStandard ||
     68             strcmp(info.keaTypeName, "ECDH") == 0) {
     69           enabled = false;
     70         }
     71 
     72         if (ssl_ciphers[i] == TLS_DHE_DSS_WITH_AES_128_CBC_SHA) {
     73           // Enabled to allow servers with only a DSA certificate to function.
     74           enabled = true;
     75         }
     76         SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled);
     77       }
     78     }
     79 
     80     // Enable SSL.
     81     SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
     82 
     83     // All other SSL options are set per-session by SSLClientSocket and
     84     // SSLServerSocket.
     85   }
     86 
     87   ~NSSSSLInitSingleton() {
     88     // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY.
     89     SSL_ClearSessionCache();
     90   }
     91 };
     92 
     93 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton =
     94     LAZY_INSTANCE_INITIALIZER;
     95 
     96 // Initialize the NSS SSL library if it isn't already initialized.  This must
     97 // be called before any other NSS SSL functions.  This function is
     98 // thread-safe, and the NSS SSL library will only ever be initialized once.
     99 // The NSS SSL library will be properly shut down on program exit.
    100 void EnsureNSSSSLInit() {
    101   // Initializing SSL causes us to do blocking IO.
    102   // Temporarily allow it until we fix
    103   //   http://code.google.com/p/chromium/issues/detail?id=59847
    104   base::ThreadRestrictions::ScopedAllowIO allow_io;
    105 
    106   g_nss_ssl_init_singleton.Get();
    107 }
    108 
    109 // Map a Chromium net error code to an NSS error code.
    110 // See _MD_unix_map_default_error in the NSS source
    111 // tree for inspiration.
    112 PRErrorCode MapErrorToNSS(int result) {
    113   if (result >=0)
    114     return result;
    115 
    116   switch (result) {
    117     case ERR_IO_PENDING:
    118       return PR_WOULD_BLOCK_ERROR;
    119     case ERR_ACCESS_DENIED:
    120     case ERR_NETWORK_ACCESS_DENIED:
    121       // For connect, this could be mapped to PR_ADDRESS_NOT_SUPPORTED_ERROR.
    122       return PR_NO_ACCESS_RIGHTS_ERROR;
    123     case ERR_NOT_IMPLEMENTED:
    124       return PR_NOT_IMPLEMENTED_ERROR;
    125     case ERR_SOCKET_NOT_CONNECTED:
    126       return PR_NOT_CONNECTED_ERROR;
    127     case ERR_INTERNET_DISCONNECTED:  // Equivalent to ENETDOWN.
    128       return PR_NETWORK_UNREACHABLE_ERROR;  // Best approximation.
    129     case ERR_CONNECTION_TIMED_OUT:
    130     case ERR_TIMED_OUT:
    131       return PR_IO_TIMEOUT_ERROR;
    132     case ERR_CONNECTION_RESET:
    133       return PR_CONNECT_RESET_ERROR;
    134     case ERR_CONNECTION_ABORTED:
    135       return PR_CONNECT_ABORTED_ERROR;
    136     case ERR_CONNECTION_REFUSED:
    137       return PR_CONNECT_REFUSED_ERROR;
    138     case ERR_ADDRESS_UNREACHABLE:
    139       return PR_HOST_UNREACHABLE_ERROR;  // Also PR_NETWORK_UNREACHABLE_ERROR.
    140     case ERR_ADDRESS_INVALID:
    141       return PR_ADDRESS_NOT_AVAILABLE_ERROR;
    142     case ERR_NAME_NOT_RESOLVED:
    143       return PR_DIRECTORY_LOOKUP_ERROR;
    144     default:
    145       LOG(WARNING) << "MapErrorToNSS " << result
    146                    << " mapped to PR_UNKNOWN_ERROR";
    147       return PR_UNKNOWN_ERROR;
    148   }
    149 }
    150 
    151 // The default error mapping function.
    152 // Maps an NSS error code to a network error code.
    153 int MapNSSError(PRErrorCode err) {
    154   // TODO(port): fill this out as we learn what's important
    155   switch (err) {
    156     case PR_WOULD_BLOCK_ERROR:
    157       return ERR_IO_PENDING;
    158     case PR_ADDRESS_NOT_SUPPORTED_ERROR:  // For connect.
    159     case PR_NO_ACCESS_RIGHTS_ERROR:
    160       return ERR_ACCESS_DENIED;
    161     case PR_IO_TIMEOUT_ERROR:
    162       return ERR_TIMED_OUT;
    163     case PR_CONNECT_RESET_ERROR:
    164       return ERR_CONNECTION_RESET;
    165     case PR_CONNECT_ABORTED_ERROR:
    166       return ERR_CONNECTION_ABORTED;
    167     case PR_CONNECT_REFUSED_ERROR:
    168       return ERR_CONNECTION_REFUSED;
    169     case PR_NOT_CONNECTED_ERROR:
    170       return ERR_SOCKET_NOT_CONNECTED;
    171     case PR_HOST_UNREACHABLE_ERROR:
    172     case PR_NETWORK_UNREACHABLE_ERROR:
    173       return ERR_ADDRESS_UNREACHABLE;
    174     case PR_ADDRESS_NOT_AVAILABLE_ERROR:
    175       return ERR_ADDRESS_INVALID;
    176     case PR_INVALID_ARGUMENT_ERROR:
    177       return ERR_INVALID_ARGUMENT;
    178     case PR_END_OF_FILE_ERROR:
    179       return ERR_CONNECTION_CLOSED;
    180     case PR_NOT_IMPLEMENTED_ERROR:
    181       return ERR_NOT_IMPLEMENTED;
    182 
    183     case SEC_ERROR_LIBRARY_FAILURE:
    184       return ERR_UNEXPECTED;
    185     case SEC_ERROR_INVALID_ARGS:
    186       return ERR_INVALID_ARGUMENT;
    187     case SEC_ERROR_NO_MEMORY:
    188       return ERR_OUT_OF_MEMORY;
    189     case SEC_ERROR_NO_KEY:
    190       return ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY;
    191     case SEC_ERROR_INVALID_KEY:
    192     case SSL_ERROR_SIGN_HASHES_FAILURE:
    193       LOG(ERROR) << "ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: NSS error " << err
    194                  << ", OS error " << PR_GetOSError();
    195       return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
    196     // A handshake (initial or renegotiation) may fail because some signature
    197     // (for example, the signature in the ServerKeyExchange message for an
    198     // ephemeral Diffie-Hellman cipher suite) is invalid.
    199     case SEC_ERROR_BAD_SIGNATURE:
    200       return ERR_SSL_PROTOCOL_ERROR;
    201 
    202     case SSL_ERROR_SSL_DISABLED:
    203       return ERR_NO_SSL_VERSIONS_ENABLED;
    204     case SSL_ERROR_NO_CYPHER_OVERLAP:
    205     case SSL_ERROR_PROTOCOL_VERSION_ALERT:
    206     case SSL_ERROR_UNSUPPORTED_VERSION:
    207       return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
    208     case SSL_ERROR_HANDSHAKE_FAILURE_ALERT:
    209     case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT:
    210     case SSL_ERROR_ILLEGAL_PARAMETER_ALERT:
    211       return ERR_SSL_PROTOCOL_ERROR;
    212     case SSL_ERROR_DECOMPRESSION_FAILURE_ALERT:
    213       return ERR_SSL_DECOMPRESSION_FAILURE_ALERT;
    214     case SSL_ERROR_BAD_MAC_ALERT:
    215       return ERR_SSL_BAD_RECORD_MAC_ALERT;
    216     case SSL_ERROR_DECRYPT_ERROR_ALERT:
    217       return ERR_SSL_DECRYPT_ERROR_ALERT;
    218     case SSL_ERROR_UNSAFE_NEGOTIATION:
    219       return ERR_SSL_UNSAFE_NEGOTIATION;
    220     case SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY:
    221       return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY;
    222     case SSL_ERROR_HANDSHAKE_NOT_COMPLETED:
    223       return ERR_SSL_HANDSHAKE_NOT_COMPLETED;
    224     case SEC_ERROR_BAD_KEY:
    225     case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE:
    226     // TODO(wtc): the following errors may also occur in contexts unrelated
    227     // to the peer's public key.  We should add new error codes for them, or
    228     // map them to ERR_SSL_BAD_PEER_PUBLIC_KEY only in the right context.
    229     // General unsupported/unknown key algorithm error.
    230     case SEC_ERROR_UNSUPPORTED_KEYALG:
    231     // General DER decoding errors.
    232     case SEC_ERROR_BAD_DER:
    233     case SEC_ERROR_EXTRA_INPUT:
    234       return ERR_SSL_BAD_PEER_PUBLIC_KEY;
    235 
    236     default: {
    237       if (IS_SSL_ERROR(err)) {
    238         LOG(WARNING) << "Unknown SSL error " << err
    239                      << " mapped to net::ERR_SSL_PROTOCOL_ERROR";
    240         return ERR_SSL_PROTOCOL_ERROR;
    241       }
    242       LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
    243       return ERR_FAILED;
    244     }
    245   }
    246 }
    247 
    248 // Returns parameters to attach to the NetLog when we receive an error in
    249 // response to a call to an NSS function.  Used instead of
    250 // NetLogSSLErrorCallback with events of type TYPE_SSL_NSS_ERROR.
    251 base::Value* NetLogSSLFailedNSSFunctionCallback(
    252     const char* function,
    253     const char* param,
    254     int ssl_lib_error,
    255     NetLog::LogLevel /* log_level */) {
    256   base::DictionaryValue* dict = new base::DictionaryValue();
    257   dict->SetString("function", function);
    258   if (param[0] != '\0')
    259     dict->SetString("param", param);
    260   dict->SetInteger("ssl_lib_error", ssl_lib_error);
    261   return dict;
    262 }
    263 
    264 void LogFailedNSSFunction(const BoundNetLog& net_log,
    265                           const char* function,
    266                           const char* param) {
    267   DCHECK(function);
    268   DCHECK(param);
    269   net_log.AddEvent(
    270       NetLog::TYPE_SSL_NSS_ERROR,
    271       base::Bind(&NetLogSSLFailedNSSFunctionCallback,
    272                  function, param, PR_GetError()));
    273 }
    274 
    275 }  // namespace net
    276