net: plumb OCSP stapled responses.

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 34 matching lines @@
  *
  * ***** END LICENSE BLOCK ***** */
 
 #include "net/socket/ssl_client_socket_nss.h"
 
 #include <certdb.h>
 #include <hasht.h>
 #include <keyhi.h>
 #include <nspr.h>
 #include <nss.h>
+#include <ocsp.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
 #include <ssl.h>
 #include <sslerr.h>
 #include <sslproto.h>
 
 #include <limits>
 
 #include "base/compiler_specific.h"
@@ skipping 39 matching lines @@
 #endif
 
 static const int kRecvBufferSize = 4096;
 
 // kCorkTimeoutMs is the number of milliseconds for which we'll wait for a
 // Write to an SSL socket which we're False Starting. Since corking stops the
 // Finished message from being sent, the server sees an incomplete handshake
 // and some will time out such sockets quite aggressively.
 static const int kCorkTimeoutMs = 200;
 
+#if defined(OS_LINUX)

[wtc, 2010/11/23 00:44:45]

We should ideally test USE_NSS instead of OS_LINUX here.
Do all the USE_NSS platforms support __attribute__((weak))?

[agl, 2010/11/30 15:59:46]

I think this is specifically a Linux (and maybe FreeBSD, although I'll let them
fix that if they hit it) issue. It's not related to NSS itself, just to the
specific case of linking against a system libnss3.so.

+// On Linux, we dynamically link against the system version of libnss3.so. In
+// order to continue working on systems without up-to-date versions of NSS we
+// declare CERT_CacheOCSPResponseFromSideChannel to be a weak symbol. If, at
+// run time, we find that the symbol didn't resolve then we can avoid calling
+// the function.
+extern SECStatus
+CERT_CacheOCSPResponseFromSideChannel(
+    CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time,
+    SECItem *encodedResponse, void *pwArg) __attribute__((weak));

[wtc, 2010/11/23 00:44:45]

Does "weak" need to be double-parenthesized?

[agl, 2010/11/30 15:59:46]

It's the GCC syntax.

+
+static bool HaveCacheOCSPResponseFromSideChannelFunction() {
+  return CERT_CacheOCSPResponseFromSideChannel != NULL;
+}
+#else
+// On other platforms we ship this function ourselves so we know that we have

[wtc, 2010/11/23 00:44:45]

This comment is misleading because on other platforms (Mac
and Windows), we don't use libnss3 for certificate
verification.

We'll need to write platform-specific code to inject the
stapled OCSP response into the system certificate library.

Nit: line 133 should be indented with 2 spaces.

[agl, 2010/11/30 15:59:46]

Have changed the comment to include that point, have changed the function to
return false and have made the SSL_ENABLE_OCSP_STAPLING conditional on this
function.

Thus stapling is disabled on non-Linux until we can plumb the OCSP response into
the system libraries.
done.

+// it.
+static bool HaveCacheOCSPResponseFromSideChannelFunction() {
+    return true;
+}
+#endif
+
 namespace net {
 
 // State machines are easier to debug if you log state transitions.
 // Enable these if you want to see what's going on.
 #if 1
 #define EnterFunction(x)
 #define LeaveFunction(x)
 #define GotoState(s) next_handshake_state_ = s
 #define LogData(s, len)
 #else
@@ skipping 670 matching lines @@
   if (!ssl_config_.next_protos.empty()) {
     rv = SSL_SetNextProtoNego(
        nss_fd_,
        reinterpret_cast<const unsigned char *>(ssl_config_.next_protos.data()),
        ssl_config_.next_protos.size());
     if (rv != SECSuccess)
       LogFailedNSSFunction(net_log_, "SSL_SetNextProtoNego", "");
   }
 #endif
 
+#ifdef SSL_ENABLE_OCSP_STAPLING
+  if (!ssl_config_.snap_start_enabled) {
+    rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
+    if (rv != SECSuccess)
+      LogFailedNSSFunction(net_log_, "SSL_OptionSet (OCSP stapling)", "");
+  }
+#endif
+
   rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT");
     return ERR_UNEXPECTED;
   }
 
   rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this);
   if (rv != SECSuccess) {
     LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", "");
     return ERR_UNEXPECTED;
@@ skipping 1336 matching lines @@
               if (certs[i]->derCert.len != state.certs[i].size() ||
                   memcmp(certs[i]->derCert.data, state.certs[i].data(),
                          certs[i]->derCert.len) != 0) {
                 predicted_cert_chain_correct_ = false;
                 break;
               }
             }
           }
         }
 
+#if defined(SSL_ENABLE_OCSP_STAPLING)
+        if (!predicted_cert_chain_correct_ &&
+            HaveCacheOCSPResponseFromSideChannelFunction()) {

[wtc, 2010/11/23 00:44:45]

Could you add a TODO comment to note that we need to write
Mac and Windows code to inject the stapled OCSP response into
the system certificate library?

[agl, 2010/11/30 15:59:46]

Done.

+          unsigned int len = 0;
+          SSL_GetOCSPStapledData(nss_fd_, NULL, &len);
+          if (len) {
+            const unsigned int orig_len = len;
+            scoped_array<uint8> ocsp_response(new uint8[orig_len]);
+            SSL_GetOCSPStapledData(nss_fd_, ocsp_response.get(), &len);
+            DCHECK_EQ(orig_len, len);
+
+            SECItem ocsp_response_item;
+            memset(&ocsp_response_item, 0, sizeof(ocsp_response_item));

[wtc, 2010/11/23 00:44:45]

Nit: you can replace this memset call with
    ocsp_response_item.type = siBuffer;

[agl, 2010/11/30 15:59:46]

Done.

+            ocsp_response_item.data = ocsp_response.get();
+            ocsp_response_item.len = len;
+
+            CERT_CacheOCSPResponseFromSideChannel(
+                CERT_GetDefaultCertDB(), server_cert_nss_, PR_Now(),
+                &ocsp_response_item, NULL);
+          }
+        }
+#endif
+
         SaveSnapStartInfo();
         // SSL handshake is completed. It's possible that we mispredicted the
         // NPN agreed protocol. In this case, we've just sent a request in the
         // wrong protocol! The higher levels of this network stack aren't
         // prepared for switching the protocol like that so we make up an error
         // and rely on the fact that the request will be retried.
         if (IsNPNProtocolMispredicted()) {
           LOG(WARNING) << "Mispredicted NPN protocol for "
                        << host_and_port_.ToString();
           net_error = ERR_SSL_SNAP_START_NPN_MISPREDICTION;
@@ skipping 435 matching lines @@
     case SSL_CONNECTION_VERSION_TLS1_1:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1);
       break;
     case SSL_CONNECTION_VERSION_TLS1_2:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2);
       break;
   };
 }
 
 }  // namespace net