Bug 1036142: Don't use kPublicKeyPinningPreloadListLength (r=keeler)

This commit is contained in:
Monica Chew 2014-07-09 12:58:40 -07:00
parent ccb7046707
commit 19c176c253
3 changed files with 74 additions and 27 deletions

View File

@ -168,10 +168,10 @@ CheckPinsForHostname(const CERTCertList *certList, const char *hostname,
PR_LOG(gPublicKeyPinningLog, PR_LOG_DEBUG, PR_LOG(gPublicKeyPinningLog, PR_LOG_DEBUG,
("pkpin: Querying pinsets for host: '%s'\n", evalHost)); ("pkpin: Querying pinsets for host: '%s'\n", evalHost));
foundEntry = (TransportSecurityPreload *)bsearch(evalHost, foundEntry = (TransportSecurityPreload *)bsearch(evalHost,
kPublicKeyPinningPreloadList, kPublicKeyPinningPreloadList,
kPublicKeyPinningPreloadListLength, sizeof(kPublicKeyPinningPreloadList) / sizeof(TransportSecurityPreload),
sizeof(TransportSecurityPreload), sizeof(TransportSecurityPreload),
TransportSecurityPreloadCompare); TransportSecurityPreloadCompare);
if (foundEntry) { if (foundEntry) {
PR_LOG(gPublicKeyPinningLog, PR_LOG_DEBUG, PR_LOG(gPublicKeyPinningLog, PR_LOG_DEBUG,
("pkpin: Found pinset for host: '%s'\n", evalHost)); ("pkpin: Found pinset for host: '%s'\n", evalHost));

View File

@ -429,7 +429,10 @@ static const char* kPinset_google_root_pems_sha256_Data[] = {
kAffirmTrust_PremiumFingerprint, kAffirmTrust_PremiumFingerprint,
kAddTrust_Qualified_Certificates_RootFingerprint, kAddTrust_Qualified_Certificates_RootFingerprint,
}; };
static const StaticFingerprints kPinset_google_root_pems_sha256 = { 64, kPinset_google_root_pems_sha256_Data }; static const StaticFingerprints kPinset_google_root_pems_sha256 = {
sizeof(kPinset_google_root_pems_sha256_Data) / sizeof(const char*),
kPinset_google_root_pems_sha256_Data
};
static const StaticPinset kPinset_google_root_pems = { static const StaticPinset kPinset_google_root_pems = {
nullptr, nullptr,
@ -459,7 +462,10 @@ static const char* kPinset_mozilla_sha256_Data[] = {
kDigiCert_Global_Root_CAFingerprint, kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint, kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
}; };
static const StaticFingerprints kPinset_mozilla_sha256 = { 21, kPinset_mozilla_sha256_Data }; static const StaticFingerprints kPinset_mozilla_sha256 = {
sizeof(kPinset_mozilla_sha256_Data) / sizeof(const char*),
kPinset_mozilla_sha256_Data
};
static const StaticPinset kPinset_mozilla = { static const StaticPinset kPinset_mozilla = {
nullptr, nullptr,
@ -469,7 +475,10 @@ static const StaticPinset kPinset_mozilla = {
static const char* kPinset_mozilla_fxa_sha256_Data[] = { static const char* kPinset_mozilla_fxa_sha256_Data[] = {
kDigiCert_Global_Root_CAFingerprint, kDigiCert_Global_Root_CAFingerprint,
}; };
static const StaticFingerprints kPinset_mozilla_fxa_sha256 = { 1, kPinset_mozilla_fxa_sha256_Data }; static const StaticFingerprints kPinset_mozilla_fxa_sha256 = {
sizeof(kPinset_mozilla_fxa_sha256_Data) / sizeof(const char*),
kPinset_mozilla_fxa_sha256_Data
};
static const StaticPinset kPinset_mozilla_fxa = { static const StaticPinset kPinset_mozilla_fxa = {
nullptr, nullptr,
@ -479,7 +488,10 @@ static const StaticPinset kPinset_mozilla_fxa = {
static const char* kPinset_mozilla_test_sha256_Data[] = { static const char* kPinset_mozilla_test_sha256_Data[] = {
kEnd_Entity_Test_CertFingerprint, kEnd_Entity_Test_CertFingerprint,
}; };
static const StaticFingerprints kPinset_mozilla_test_sha256 = { 1, kPinset_mozilla_test_sha256_Data }; static const StaticFingerprints kPinset_mozilla_test_sha256 = {
sizeof(kPinset_mozilla_test_sha256_Data) / sizeof(const char*),
kPinset_mozilla_test_sha256_Data
};
static const StaticPinset kPinset_mozilla_test = { static const StaticPinset kPinset_mozilla_test = {
nullptr, nullptr,
@ -490,7 +502,10 @@ static const StaticPinset kPinset_mozilla_test = {
static const char* kPinset_test_sha1_Data[] = { static const char* kPinset_test_sha1_Data[] = {
kTestSPKIFingerprint, kTestSPKIFingerprint,
}; };
static const StaticFingerprints kPinset_test_sha1 = { 1, kPinset_test_sha1_Data }; static const StaticFingerprints kPinset_test_sha1 = {
sizeof(kPinset_test_sha1_Data) / sizeof(const char*),
kPinset_test_sha1_Data
};
static const StaticPinset kPinset_test = { static const StaticPinset kPinset_test = {
&kPinset_test_sha1, &kPinset_test_sha1,
@ -501,7 +516,10 @@ static const char* kPinset_google_sha1_Data[] = {
kGoogleG2Fingerprint, kGoogleG2Fingerprint,
kGoogleBackup2048Fingerprint, kGoogleBackup2048Fingerprint,
}; };
static const StaticFingerprints kPinset_google_sha1 = { 2, kPinset_google_sha1_Data }; static const StaticFingerprints kPinset_google_sha1 = {
sizeof(kPinset_google_sha1_Data) / sizeof(const char*),
kPinset_google_sha1_Data
};
static const StaticPinset kPinset_google = { static const StaticPinset kPinset_google = {
&kPinset_google_sha1, &kPinset_google_sha1,
@ -513,13 +531,19 @@ static const char* kPinset_tor_sha1_Data[] = {
kTor2Fingerprint, kTor2Fingerprint,
kTor3Fingerprint, kTor3Fingerprint,
}; };
static const StaticFingerprints kPinset_tor_sha1 = { 3, kPinset_tor_sha1_Data }; static const StaticFingerprints kPinset_tor_sha1 = {
sizeof(kPinset_tor_sha1_Data) / sizeof(const char*),
kPinset_tor_sha1_Data
};
static const char* kPinset_tor_sha256_Data[] = { static const char* kPinset_tor_sha256_Data[] = {
kDigiCert_High_Assurance_EV_Root_CAFingerprint, kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGOOGLE_PIN_RapidSSLFingerprint, kGOOGLE_PIN_RapidSSLFingerprint,
}; };
static const StaticFingerprints kPinset_tor_sha256 = { 2, kPinset_tor_sha256_Data }; static const StaticFingerprints kPinset_tor_sha256 = {
sizeof(kPinset_tor_sha256_Data) / sizeof(const char*),
kPinset_tor_sha256_Data
};
static const StaticPinset kPinset_tor = { static const StaticPinset kPinset_tor = {
&kPinset_tor_sha1, &kPinset_tor_sha1,
@ -529,7 +553,10 @@ static const StaticPinset kPinset_tor = {
static const char* kPinset_twitterCom_sha1_Data[] = { static const char* kPinset_twitterCom_sha1_Data[] = {
kTwitter1Fingerprint, kTwitter1Fingerprint,
}; };
static const StaticFingerprints kPinset_twitterCom_sha1 = { 1, kPinset_twitterCom_sha1_Data }; static const StaticFingerprints kPinset_twitterCom_sha1 = {
sizeof(kPinset_twitterCom_sha1_Data) / sizeof(const char*),
kPinset_twitterCom_sha1_Data
};
static const char* kPinset_twitterCom_sha256_Data[] = { static const char* kPinset_twitterCom_sha256_Data[] = {
kVerisign_Class_2_Public_Primary_Certification_Authority___G2Fingerprint, kVerisign_Class_2_Public_Primary_Certification_Authority___G2Fingerprint,
@ -554,7 +581,10 @@ static const char* kPinset_twitterCom_sha256_Data[] = {
kVerisign_Class_3_Public_Primary_Certification_AuthorityFingerprint, kVerisign_Class_3_Public_Primary_Certification_AuthorityFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint, kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
}; };
static const StaticFingerprints kPinset_twitterCom_sha256 = { 21, kPinset_twitterCom_sha256_Data }; static const StaticFingerprints kPinset_twitterCom_sha256 = {
sizeof(kPinset_twitterCom_sha256_Data) / sizeof(const char*),
kPinset_twitterCom_sha256_Data
};
static const StaticPinset kPinset_twitterCom = { static const StaticPinset kPinset_twitterCom = {
&kPinset_twitterCom_sha1, &kPinset_twitterCom_sha1,
@ -564,7 +594,10 @@ static const StaticPinset kPinset_twitterCom = {
static const char* kPinset_twitterCDN_sha1_Data[] = { static const char* kPinset_twitterCDN_sha1_Data[] = {
kTwitter1Fingerprint, kTwitter1Fingerprint,
}; };
static const StaticFingerprints kPinset_twitterCDN_sha1 = { 1, kPinset_twitterCDN_sha1_Data }; static const StaticFingerprints kPinset_twitterCDN_sha1 = {
sizeof(kPinset_twitterCDN_sha1_Data) / sizeof(const char*),
kPinset_twitterCDN_sha1_Data
};
static const char* kPinset_twitterCDN_sha256_Data[] = { static const char* kPinset_twitterCDN_sha256_Data[] = {
kVerisign_Class_2_Public_Primary_Certification_Authority___G2Fingerprint, kVerisign_Class_2_Public_Primary_Certification_Authority___G2Fingerprint,
@ -610,7 +643,10 @@ static const char* kPinset_twitterCDN_sha256_Data[] = {
kComodo_AAA_Services_rootFingerprint, kComodo_AAA_Services_rootFingerprint,
kAddTrust_Qualified_Certificates_RootFingerprint, kAddTrust_Qualified_Certificates_RootFingerprint,
}; };
static const StaticFingerprints kPinset_twitterCDN_sha256 = { 42, kPinset_twitterCDN_sha256_Data }; static const StaticFingerprints kPinset_twitterCDN_sha256 = {
sizeof(kPinset_twitterCDN_sha256_Data) / sizeof(const char*),
kPinset_twitterCDN_sha256_Data
};
static const StaticPinset kPinset_twitterCDN = { static const StaticPinset kPinset_twitterCDN = {
&kPinset_twitterCDN_sha1, &kPinset_twitterCDN_sha1,
@ -621,7 +657,10 @@ static const char* kPinset_tor2web_sha256_Data[] = {
kGOOGLE_PIN_Tor2webFingerprint, kGOOGLE_PIN_Tor2webFingerprint,
kGOOGLE_PIN_AlphaSSL_G2Fingerprint, kGOOGLE_PIN_AlphaSSL_G2Fingerprint,
}; };
static const StaticFingerprints kPinset_tor2web_sha256 = { 2, kPinset_tor2web_sha256_Data }; static const StaticFingerprints kPinset_tor2web_sha256 = {
sizeof(kPinset_tor2web_sha256_Data) / sizeof(const char*),
kPinset_tor2web_sha256_Data
};
static const StaticPinset kPinset_tor2web = { static const StaticPinset kPinset_tor2web = {
nullptr, nullptr,
@ -632,7 +671,10 @@ static const char* kPinset_cryptoCat_sha256_Data[] = {
kDigiCert_High_Assurance_EV_Root_CAFingerprint, kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGOOGLE_PIN_CryptoCat1Fingerprint, kGOOGLE_PIN_CryptoCat1Fingerprint,
}; };
static const StaticFingerprints kPinset_cryptoCat_sha256 = { 2, kPinset_cryptoCat_sha256_Data }; static const StaticFingerprints kPinset_cryptoCat_sha256 = {
sizeof(kPinset_cryptoCat_sha256_Data) / sizeof(const char*),
kPinset_cryptoCat_sha256_Data
};
static const StaticPinset kPinset_cryptoCat = { static const StaticPinset kPinset_cryptoCat = {
nullptr, nullptr,
@ -642,7 +684,10 @@ static const StaticPinset kPinset_cryptoCat = {
static const char* kPinset_lavabit_sha256_Data[] = { static const char* kPinset_lavabit_sha256_Data[] = {
kGOOGLE_PIN_LibertylavabitcomFingerprint, kGOOGLE_PIN_LibertylavabitcomFingerprint,
}; };
static const StaticFingerprints kPinset_lavabit_sha256 = { 1, kPinset_lavabit_sha256_Data }; static const StaticFingerprints kPinset_lavabit_sha256 = {
sizeof(kPinset_lavabit_sha256_Data) / sizeof(const char*),
kPinset_lavabit_sha256_Data
};
static const StaticPinset kPinset_lavabit = { static const StaticPinset kPinset_lavabit = {
nullptr, nullptr,
@ -669,7 +714,10 @@ static const char* kPinset_dropbox_sha256_Data[] = {
kDigiCert_Global_Root_CAFingerprint, kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint, kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
}; };
static const StaticFingerprints kPinset_dropbox_sha256 = { 18, kPinset_dropbox_sha256_Data }; static const StaticFingerprints kPinset_dropbox_sha256 = {
sizeof(kPinset_dropbox_sha256_Data) / sizeof(const char*),
kPinset_dropbox_sha256_Data
};
static const StaticPinset kPinset_dropbox = { static const StaticPinset kPinset_dropbox = {
nullptr, nullptr,
@ -1015,8 +1063,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "ytimg.com", true, false, false, -1, &kPinset_google_root_pems }, { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
}; };
static const int kPublicKeyPinningPreloadListLength = 325; // Pinning Preload List Length = 325;
static const int32_t kUnknownId = -1; static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1413306296143000); static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1413400280364000);

View File

@ -26,7 +26,6 @@ let { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
let gCertDB = Cc["@mozilla.org/security/x509certdb;1"] let gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB); .getService(Ci.nsIX509CertDB);
gCertDB.QueryInterface(Ci.nsIX509CertDB);
const BUILT_IN_NICK_PREFIX = "Builtin Object Token:"; const BUILT_IN_NICK_PREFIX = "Builtin Object Token:";
const SHA1_PREFIX = "sha1/"; const SHA1_PREFIX = "sha1/";
@ -431,8 +430,9 @@ function writeFingerprints(certNameToSKD, certSKDToName, name, hashes, type) {
writeString(" 0\n"); writeString(" 0\n");
} }
writeString("};\n"); writeString("};\n");
writeString("static const StaticFingerprints " + varPrefix + " = { " + writeString("static const StaticFingerprints " + varPrefix + " = {\n " +
hashes.length + ", " + varPrefix + "_Data };\n\n"); "sizeof(" + varPrefix + "_Data) / sizeof(const char*),\n " + varPrefix +
"_Data\n};\n\n");
} }
function writeEntry(entry) { function writeEntry(entry) {
@ -483,8 +483,7 @@ function writeDomainList(chromeImportedEntries) {
} }
writeString("};\n"); writeString("};\n");
writeString("\nstatic const int kPublicKeyPinningPreloadListLength = " + writeString("\n// Pinning Preload List Length = " + count + ";\n");
count + ";\n");
writeString("\nstatic const int32_t kUnknownId = -1;\n"); writeString("\nstatic const int32_t kUnknownId = -1;\n");
} }