Certificate Transparency TLS extension patch for NSS

net/third_party/nss/ssl/sslsock.c

 /*
  * vtables (and methods that call through them) for the 4 types of 
  * SSLSockets supported.  Only one type is still supported.
  * Various other functions.
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "seccomon.h"
 #include "cert.h"
@@ skipping 155 matching lines @@
     PR_TRUE,    /* detectRollBack     */
     PR_FALSE,   /* noStepDown         */
     PR_FALSE,   /* bypassPKCS11       */
     PR_FALSE,   /* noLocks            */
     PR_FALSE,   /* enableSessionTickets */
     PR_FALSE,   /* enableDeflate      */
     2,          /* enableRenegotiation (default: requires extension) */
     PR_FALSE,   /* requireSafeNegotiation */
     PR_FALSE,   /* enableFalseStart   */
     PR_TRUE,    /* cbcRandomIV        */
-    PR_FALSE    /* enableOCSPStapling */
+    PR_FALSE,   /* enableOCSPStapling */
+    PR_FALSE    /* enableSignedCertTimestamps */
 };
 
 /*
  * default range of enabled SSL/TLS protocols
  */
 static SSLVersionRange versions_defaults_stream = {
     SSL_LIBRARY_VERSION_3_0,
     SSL_LIBRARY_VERSION_TLS_1_0
 };
 
@@ skipping 669 matching lines @@
         break;
 
       case SSL_CBC_RANDOM_IV:
         ss->opt.cbcRandomIV = on;
         break;
 
       case SSL_ENABLE_OCSP_STAPLING:
        ss->opt.enableOCSPStapling = on;
        break;
 
+      case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+       ss->opt.enableSignedCertTimestamps = on;
+       break;
+
       default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         rv = SECFailure;
     }
 
     /* We can't use the macros for releasing the locks here,
      * because ss->opt.noLocks might have changed just above.
      * We must release these locks (monitors) here, if we aquired them above,
      * regardless of the current value of ss->opt.noLocks.
      */
@@ skipping 50 matching lines @@
         on = ss->opt.enableSessionTickets;
         break;
     case SSL_ENABLE_DEFLATE:      on = ss->opt.enableDeflate;      break;
     case SSL_ENABLE_RENEGOTIATION:     
                                   on = ss->opt.enableRenegotiation; break;
     case SSL_REQUIRE_SAFE_NEGOTIATION: 
                                   on = ss->opt.requireSafeNegotiation; break;
     case SSL_ENABLE_FALSE_START:  on = ss->opt.enableFalseStart;   break;
     case SSL_CBC_RANDOM_IV:       on = ss->opt.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
+    case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+       on = ss->opt.enableSignedCertTimestamps;
+       break;
 
     default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         rv = SECFailure;
     }
 
     ssl_ReleaseSSL3HandshakeLock(ss);
     ssl_Release1stHandshakeLock(ss);
 
     *pOn = on;
@@ skipping 41 matching lines @@
     case SSL_ENABLE_RENEGOTIATION:     
                                   on = ssl_defaults.enableRenegotiation; break;
     case SSL_REQUIRE_SAFE_NEGOTIATION: 
                                   on = ssl_defaults.requireSafeNegotiation; 
                                   break;
     case SSL_ENABLE_FALSE_START:  on = ssl_defaults.enableFalseStart;   break;
     case SSL_CBC_RANDOM_IV:       on = ssl_defaults.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING:
        on = ssl_defaults.enableOCSPStapling;
        break;
+    case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
+       ssl_defaults.enableSignedCertTimestamps = on;

[wtc, 2013/11/08 19:51:31]

BUG: this should be
    on = ssl_defaults.enableSignedCertTimestamps;

[ekasper, 2013/11/18 17:47:18]

Yikes, I appear to have completely botched this file when migrating the patch to
chromium. Fixed, thanks!

+       break;
 
     default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         rv = SECFailure;
     }
 
     *pOn = on;
     return rv;
 }
 
@@ skipping 145 matching lines @@
       case SSL_ENABLE_FALSE_START:
         ssl_defaults.enableFalseStart = on;
         break;
 
       case SSL_CBC_RANDOM_IV:
         ssl_defaults.cbcRandomIV = on;
         break;
 
       case SSL_ENABLE_OCSP_STAPLING:
        ssl_defaults.enableOCSPStapling = on;
        break;

[wtc, 2013/11/08 19:51:31]

Please add a case for SSL_ENABLE_SIGNED_CERT_TIMESTAMPS here.

[ekasper, 2013/11/18 17:47:18]

Done.

 
       default:
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         return SECFailure;
     }
     return SECSuccess;
 }
 
 /* function tells us if the cipher suite is one that we no longer support. */
 static PRBool 
@@ skipping 811 matching lines @@
     }
 
     if (!ss->sec.ci.sid) {
        PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
        return NULL;
     }
     
     return &ss->sec.ci.sid->peerCertStatus;
 }
 
+const SECItem *
+SSL_PeerSignedCertTimestamps(PRFileDesc *fd)
+{
+    sslSocket *ss = ssl_FindSocket(fd);
+
+    if (!ss) {
+       SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerSignedCertTimestamps",
+                SSL_GETPID(), fd));
+       return NULL;
+    }
+
+    if (!ss->sec.ci.sid) {
+       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+       return NULL;
+    }
+
+    if (ss->version < SSL_LIBRARY_VERSION_3_0) {
+        return NULL;

[wtc, 2013/11/08 19:51:31]

Please add:
    PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);

Strictly speaking, this feature (which requires a TLS extension) won't work for
SSL 3.0 either, right?

[ekasper, 2013/11/18 17:47:18]

Strictly speaking yes, but I think it's nicer to allow the caller to just "see
if anything was sent" rather than force a check for the negotiated version.

There's still the SSLv2 version case left (because the data comes from u.ssl3)
but unless the application has SSLv2 enabled, they won't need to worry about
distinguishing this case.

Does this sound reasonable?

[wtc, 2013/11/19 23:52:28]

Yes, it does. Thanks.

To make it clear it's the u.ssl3 union member access that we are checking, we
can use ss->sec.ci.sid->version instead of ss->version in the check above.

[ekasper, 2013/11/20 16:06:27]

Done.

+    }
+    return &ss->sec.ci.sid->u.ssl3.signedCertTimestamps;
+}
+
 SECStatus
 SSL_HandshakeResumedSession(PRFileDesc *fd, PRBool *handshake_resumed) {
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
         SSL_DBG(("%d: SSL[%d]: bad socket in SSL_HandshakeResumedSession",
                  SSL_GETPID(), fd));
         return SECFailure;
     }
 
@@ skipping 1120 matching lines @@
         if (status != SECSuccess) {
 loser:
             ssl_DestroySocketContents(ss);
             ssl_DestroyLocks(ss);
             PORT_Free(ss);
             ss = NULL;
         }
     }
     return ss;
 }
-