diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
--- a/net/third_party/nss/ssl/ssl3con.c 2012-11-09 15:21:56.747322689 -0800
+++ b/net/third_party/nss/ssl/ssl3con.c 2012-11-09 15:28:27.933078020 -0800
@@ -8365,6 +8365,57 @@ ssl3_CopyPeerCertsToSID(ssl3CertNode *ce
}
/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
+ * ssl3 CertificateStatus message.
+ * Caller must hold Handshake and RecvBuf locks.
+ * This is always called before ssl3_HandleCertificate, even if the Certificate
+ * message is sent first.
+ */
+static SECStatus
+ssl3_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
+{
+ PRInt32 status, len;
+ int errCode;
+ SSL3AlertDescription desc;
+
+ if (!ss->ssl3.hs.may_get_cert_status ||
+ ss->ssl3.hs.ws != wait_server_cert ||
+ !ss->ssl3.hs.pending_cert_msg.data ||
+ ss->ssl3.hs.cert_status.data) {
+ errCode = SSL_ERROR_RX_UNEXPECTED_CERT_STATUS;
+ desc = unexpected_message;
+ goto alert_loser;
+ }
+
+ /* Consume the CertificateStatusType enum */
+ status = ssl3_ConsumeHandshakeNumber(ss, 1, &b, &length);
+ if (status != 1 /* ocsp */) {
+ goto format_loser;
+ }
+
+ len = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
+ if (len != length) {
+ goto format_loser;
+ }
+
+ if (SECITEM_AllocItem(NULL, &ss->ssl3.hs.cert_status, length) == NULL) {
+ return SECFailure;
+ }
+ ss->ssl3.hs.cert_status.type = siBuffer;
+ PORT_Memcpy(ss->ssl3.hs.cert_status.data, b, length);
+
+ return SECSuccess;
+
+format_loser:
+ errCode = SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT;
+ desc = bad_certificate_status_response;
+
+alert_loser:
+ (void)SSL3_SendAlert(ss, alert_fatal, desc);
+ (void)ssl_MapLowLevelError(errCode);
+ return SECFailure;
+}
+
+/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
* ssl3 Certificate message.
* Caller must hold Handshake and RecvBuf locks.
*/
@@ -9248,6 +9299,26 @@ ssl3_FinishHandshake(sslSocket * ss)
return SECSuccess;
}
+/* This function handles any pending Certificate messages. Certificate messages
+ * can be pending if we expect a possible CertificateStatus message to follow.
+ *
+ * This function must be called immediately after handling the
+ * CertificateStatus message, and before handling any ServerKeyExchange or
+ * CertificateRequest messages.
+ */
+static SECStatus
+ssl3_MaybeHandlePendingCertificateMessage(sslSocket *ss)
+{
+ SECStatus rv = SECSuccess;
+
+ if (ss->ssl3.hs.pending_cert_msg.data) {
+ rv = ssl3_HandleCertificate(ss, ss->ssl3.hs.pending_cert_msg.data,
+ ss->ssl3.hs.pending_cert_msg.len);
+ SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE);
+ }
+ return rv;
+}
+
/* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3
* hanshake message.
* Caller must hold Handshake and RecvBuf locks.
@@ -9376,14 +9447,42 @@ ssl3_HandleHandshakeMessage(sslSocket *s
rv = dtls_HandleHelloVerifyRequest(ss, b, length);
break;
case certificate:
+ if (ss->ssl3.hs.may_get_cert_status) {
+ /* If we might get a CertificateStatus then we want to postpone the
+ * processing of the Certificate message until after we have
+ * processed the CertificateStatus */
+ if (ss->ssl3.hs.pending_cert_msg.data ||
+ ss->ssl3.hs.ws != wait_server_cert) {
+ (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+ (void)ssl_MapLowLevelError(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE);
+ return SECFailure;
+ }
+ if (SECITEM_AllocItem(NULL, &ss->ssl3.hs.pending_cert_msg,
+ length) == NULL) {
+ return SECFailure;
+ }
+ ss->ssl3.hs.pending_cert_msg.type = siBuffer;
+ PORT_Memcpy(ss->ssl3.hs.pending_cert_msg.data, b, length);
+ break;
+ }
rv = ssl3_HandleCertificate(ss, b, length);
break;
+ case certificate_status:
+ rv = ssl3_HandleCertificateStatus(ss, b, length);
+ if (rv != SECSuccess)
+ break;
+ PORT_Assert(ss->ssl3.hs.pending_cert_msg.data);
+ rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
+ break;
case server_key_exchange:
if (ss->sec.isServer) {
(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
return SECFailure;
}
+ rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
+ if (rv != SECSuccess)
+ break;
rv = ssl3_HandleServerKeyExchange(ss, b, length);
break;
case certificate_request:
@@ -9392,6 +9491,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST);
return SECFailure;
}
+ rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
+ if (rv != SECSuccess)
+ break;
rv = ssl3_HandleCertificateRequest(ss, b, length);
break;
case server_hello_done:
@@ -9405,6 +9507,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
return SECFailure;
}
+ rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
+ if (rv != SECSuccess)
+ break;
rv = ssl3_HandleServerHelloDone(ss);
break;
case certificate_verify:
@@ -10369,6 +10474,12 @@ ssl3_DestroySSL3Info(sslSocket *ss)
ss->ssl3.hs.messages.len = 0;
ss->ssl3.hs.messages.space = 0;
}
+ if (ss->ssl3.hs.pending_cert_msg.data) {
+ SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE);
+ }
+ if (ss->ssl3.hs.cert_status.data) {
+ SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE);
+ }
/* free the SSL3Buffer (msg_body) */
PORT_Free(ss->ssl3.hs.msg_body.buf);
diff -pu -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
--- a/net/third_party/nss/ssl/ssl3ext.c 2012-09-20 17:28:05.000000000 -0700
+++ b/net/third_party/nss/ssl/ssl3ext.c 2012-11-09 15:32:11.606363256 -0800
@@ -234,6 +234,7 @@ static const ssl3HelloExtensionHandler s
{ ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
{ ssl_next_proto_nego_xtn, &ssl3_ClientHandleNextProtoNegoXtn },
{ ssl_use_srtp_xtn, &ssl3_HandleUseSRTPXtn },
+ { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn },
{ -1, NULL }
};
@@ -258,7 +259,8 @@ ssl3HelloExtensionSender clientHelloSend
#endif
{ ssl_session_ticket_xtn, &ssl3_SendSessionTicketXtn },
{ ssl_next_proto_nego_xtn, &ssl3_ClientSendNextProtoNegoXtn },
- { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn }
+ { ssl_use_srtp_xtn, &ssl3_SendUseSRTPXtn },
+ { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }
/* any extra entries will appear as { 0, NULL } */
};
@@ -640,6 +642,80 @@ loser:
return -1;
}
+SECStatus
+ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
+ SECItem *data)
+{
+ /* If we didn't request this extension, then the server may not echo it. */
+ if (!ss->opt.enableOCSPStapling)
+ return SECFailure;
+
+ /* The echoed extension must be empty. */
+ if (data->len != 0)
+ return SECFailure;
+
+ ss->ssl3.hs.may_get_cert_status = PR_TRUE;
+
+ /* Keep track of negotiated extensions. */
+ ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+
+ return SECSuccess;
+}
+
+/* ssl3_ClientSendStatusRequestXtn builds the status_request extension on the
+ * client side. See RFC 4366 section 3.6. */
+PRInt32
+ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
+ PRUint32 maxBytes)
+{
+ PRInt32 extension_length;
+
+ if (!ss->opt.enableOCSPStapling)
+ return 0;
+
+ /* extension_type (2-bytes) +
+ * length(extension_data) (2-bytes) +
+ * status_type (1) +
+ * responder_id_list length (2) +
+ * request_extensions length (2)
+ */
+ extension_length = 9;
+
+ if (append && maxBytes >= extension_length) {
+ SECStatus rv;
+ TLSExtensionData *xtnData;
+
+ /* extension_type */
+ rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+ if (rv != SECSuccess)
+ return -1;
+ rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+ if (rv != SECSuccess)
+ return -1;
+ rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
+ if (rv != SECSuccess)
+ return -1;
+ /* A zero length responder_id_list means that the responders are
+ * implicitly known to the server. */
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+ if (rv != SECSuccess)
+ return -1;
+ /* A zero length request_extensions means that there are no extensions.
+ * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
+ * means that the server can replay a cached OCSP response to us. */
+ rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+ if (rv != SECSuccess)
+ return -1;
+
+ xtnData = &ss->xtnData;
+ xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
+ } else if (maxBytes < extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+ return extension_length;
+}
+
/*
* NewSessionTicket
* Called from ssl3_HandleFinished
diff -pu -r a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
--- a/net/third_party/nss/ssl/ssl3prot.h 2012-04-25 07:50:12.000000000 -0700
+++ b/net/third_party/nss/ssl/ssl3prot.h 2012-11-09 15:28:27.933078020 -0800
@@ -129,6 +129,7 @@ typedef enum {
certificate_verify = 15,
client_key_exchange = 16,
finished = 20,
+ certificate_status = 22,
next_proto = 67
} SSL3HandshakeType;
diff -pu -r a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
--- a/net/third_party/nss/ssl/sslerr.h 2012-07-12 17:51:57.000000000 -0700
+++ b/net/third_party/nss/ssl/sslerr.h 2012-11-09 15:30:36.804971319 -0800
@@ -188,6 +188,8 @@ SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQ
SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124),
+SSL_ERROR_RX_UNEXPECTED_CERT_STATUS = (SSL_ERROR_BASE + 125),
+
SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */
} SSLErrorCodes;
#endif /* NO_SECURITY_ERROR_ENUM */
diff -pu -r a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h
--- a/net/third_party/nss/ssl/SSLerrs.h 2012-07-12 17:51:57.000000000 -0700
+++ b/net/third_party/nss/ssl/SSLerrs.h 2012-11-09 15:30:19.924723400 -0800
@@ -400,3 +400,6 @@ ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY
ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124),
"SSL feature not supported for the protocol version.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS, (SSL_ERROR_BASE + 125),
+"SSL received an unexpected Certificate Status handshake message.")
diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
--- a/net/third_party/nss/ssl/ssl.h 2012-11-09 15:27:15.952019947 -0800
+++ b/net/third_party/nss/ssl/ssl.h 2012-11-09 15:28:27.933078020 -0800
@@ -158,6 +158,7 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
* accept fragmented alerts).
*/
#define SSL_CBC_RANDOM_IV 23
+#define SSL_ENABLE_OCSP_STAPLING 24 /* Request OCSP stapling (client) */
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
@@ -409,6 +410,23 @@ SSL_IMPORT SECStatus SSL_PeerCertificate
PRFileDesc *fd, CERTCertificate **certs,
unsigned int *numCerts, unsigned int maxNumCerts);
+/* SSL_GetStapledOCSPResponse returns the OCSP response that was provided by
+ * the TLS server. The resulting data is copied to |out_data|. On entry, |*len|
+ * must contain the size of |out_data|. On exit, |*len| will contain the size
+ * of the OCSP stapled response. If the stapled response is too large to fit in
+ * |out_data| then it will be truncated. If no OCSP response was given by the
+ * server then it has zero length.
+ *
+ * You must set the SSL_ENABLE_OCSP_STAPLING option in order for OCSP responses
+ * to be provided by a server.
+ *
+ * You can call this function during the certificate verification callback or
+ * any time afterwards.
+ */
+SSL_IMPORT SECStatus SSL_GetStapledOCSPResponse(PRFileDesc *fd,
+ unsigned char *out_data,
+ unsigned int *len);
+
/*
** Authenticate certificate hook. Called when a certificate comes in
** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
--- a/net/third_party/nss/ssl/sslimpl.h 2012-11-09 15:21:56.747322689 -0800
+++ b/net/third_party/nss/ssl/sslimpl.h 2012-11-09 15:28:27.943078167 -0800
@@ -316,6 +316,7 @@ typedef struct sslOptionsStr {
unsigned int requireSafeNegotiation : 1; /* 22 */
unsigned int enableFalseStart : 1; /* 23 */
unsigned int cbcRandomIV : 1; /* 24 */
+ unsigned int enableOCSPStapling : 1; /* 25 */
} sslOptions;
typedef enum { sslHandshakingUndetermined = 0,
@@ -795,6 +796,14 @@ const ssl3CipherSuiteDef *suite_def;
PRBool isResuming; /* are we resuming a session */
PRBool usedStepDownKey; /* we did a server key exchange. */
PRBool sendingSCSV; /* instead of empty RI */
+ PRBool may_get_cert_status; /* the server echoed a
+ * status_request extension so
+ * may send a CertificateStatus
+ * handshake message. */
+ SECItem pending_cert_msg; /* a Certificate message which we
+ * save temporarily if we may get
+ * a CertificateStatus message */
+ SECItem cert_status; /* an OCSP response */
sslBuffer msgState; /* current state for handshake messages*/
/* protected by recvBufLock */
sslBuffer messages; /* Accumulated handshake messages */
@@ -1625,6 +1634,8 @@ extern SECStatus ssl3_HandleSupportedPoi
PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
+extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
+ PRUint16 ex_type, SECItem *data);
extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
PRUint16 ex_type, SECItem *data);
@@ -1634,6 +1645,8 @@ extern SECStatus ssl3_ServerHandleSessio
*/
extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
PRUint32 maxBytes);
+extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
+ PRUint32 maxBytes);
/* ClientHello and ServerHello extension senders.
* The code is in ssl3ext.c.
diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
--- a/net/third_party/nss/ssl/sslsock.c 2012-11-09 15:17:00.432983977 -0800
+++ b/net/third_party/nss/ssl/sslsock.c 2012-11-09 15:28:27.943078167 -0800
@@ -153,7 +153,8 @@ static sslOptions ssl_defaults = {
2, /* enableRenegotiation (default: requires extension) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
- PR_TRUE /* cbcRandomIV */
+ PR_TRUE, /* cbcRandomIV */
+ PR_FALSE, /* enableOCSPStapling */
};
/*
@@ -827,6 +828,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
ss->opt.cbcRandomIV = on;
break;
+ case SSL_ENABLE_OCSP_STAPLING:
+ ss->opt.enableOCSPStapling = on;
+ break;
+
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
@@ -896,6 +901,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
on = ss->opt.requireSafeNegotiation; break;
case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
case SSL_CBC_RANDOM_IV: on = ss->opt.cbcRandomIV; break;
+ case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -954,6 +960,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
break;
case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
case SSL_CBC_RANDOM_IV: on = ssl_defaults.cbcRandomIV; break;
+ case SSL_ENABLE_OCSP_STAPLING:
+ on = ssl_defaults.enableOCSPStapling;
+ break;
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -1117,6 +1126,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
ssl_defaults.cbcRandomIV = on;
break;
+ case SSL_ENABLE_OCSP_STAPLING:
+ ssl_defaults.enableOCSPStapling = on;
+ break;
+
default:
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -1859,6 +1872,36 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
return SECSuccess;
}
+SECStatus
+SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data,
+ unsigned int *len) {
+ sslSocket *ss = ssl_FindSocket(fd);
+
+ if (!ss) {
+ SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetStapledOCSPResponse",
+ SSL_GETPID(), fd));
+ return SECFailure;
+ }
+
+ ssl_Get1stHandshakeLock(ss);
+ ssl_GetSSL3HandshakeLock(ss);
+
+ if (ss->ssl3.hs.cert_status.data) {
+ unsigned int todo = ss->ssl3.hs.cert_status.len;
+ if (todo > *len)
+ todo = *len;
+ *len = ss->ssl3.hs.cert_status.len;
+ PORT_Memcpy(out_data, ss->ssl3.hs.cert_status.data, todo);
+ } else {
+ *len = 0;
+ }
+
+ ssl_ReleaseSSL3HandshakeLock(ss);
+ ssl_Release1stHandshakeLock(ss);
+
+ return SECSuccess;
+}
+
/************************************************************************/
/* The following functions are the TOP LEVEL SSL functions.
** They all get called through the NSPRIOMethods table below.
diff -pu -r a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h
--- a/net/third_party/nss/ssl/sslt.h 2012-06-06 19:06:19.000000000 -0700
+++ b/net/third_party/nss/ssl/sslt.h 2012-11-09 15:29:10.333701086 -0800
@@ -175,6 +175,7 @@ typedef enum {
/* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
typedef enum {
ssl_server_name_xtn = 0,
+ ssl_cert_status_xtn = 5,
#ifdef NSS_ENABLE_ECC
ssl_elliptic_curves_xtn = 10,
ssl_ec_point_formats_xtn = 11,
@@ -185,6 +186,6 @@ typedef enum {
ssl_renegotiation_info_xtn = 0xff01 /* experimental number */
} SSLExtensionType;
-#define SSL_MAX_EXTENSIONS 7
+#define SSL_MAX_EXTENSIONS 8
#endif /* __sslt_h_ */