Bring back SCT_STATUS_INVALID for cached entries

https://codereview.chromium.org/2241213002/ split SCT_STATUS_INVALID into two new enum values to record the different reasons that an SCT might be invalid. However, we didn't realize that SCT_STATUS_INVALID might still be present in disk cache entries, resulting in renderer kills when the browser tries to deserialize SSLStatus objects containing these cached SCT_STATUS_INVALID values. This CL brings back SCT_STATUS_INVALID and documents it as deprecated, but still existent for the sake of cache entries. BUG=640296 Review-Url: https://codereview.chromium.org/2277653002 Cr-Commit-Position: refs/heads/master@{#414280}

Bring back SCT_STATUS_INVALID for cached entries
https://codereview.chromium.org/2241213002/ split SCT_STATUS_INVALID into two new enum values to record the different reasons that an SCT might be invalid. However, we didn't realize that SCT_STATUS_INVALID might still be present in disk cache entries, resulting in renderer kills when the browser tries to deserialize SSLStatus objects containing these cached SCT_STATUS_INVALID values. This CL brings back SCT_STATUS_INVALID and documents it as deprecated, but still existent for the sake of cache entries. BUG=640296 Review-Url: https://codereview.chromium.org/2277653002 Cr-Commit-Position: refs/heads/master@{#414280}
321ed2a5 · estark · Commit bot · 3aa872b6 · 321ed2a5 · 321ed2a5
Commit 321ed2a5 authored Aug 24, 2016 by estark Committed by Commit bot Aug 25, 2016
6 changed files
--- a/chrome/browser/ssl/chrome_expect_ct_reporter.cc
+++ b/chrome/browser/ssl/chrome_expect_ct_reporter.cc
@@ -152,6 +152,7 @@ void ChromeExpectCTReporter::OnExpectCTFailed(
      case net::ct::SCT_STATUS_LOG_UNKNOWN:
        AddUnknownSCT(sct_and_status, unknown_scts.get());
        break;
+      case net::ct::SCT_STATUS_INVALID:
      case net::ct::SCT_STATUS_INVALID_SIGNATURE:
      case net::ct::SCT_STATUS_INVALID_TIMESTAMP:
        AddInvalidSCT(sct_and_status, invalid_scts.get());

--- a/chrome/browser/ui/website_settings/website_settings.cc
+++ b/chrome/browser/ui/website_settings/website_settings.cc
@@ -197,7 +197,9 @@ int GetSiteIdentityDetailsMessageByCTInfo(
                  : IDS_PAGE_INFO_SECURITY_TAB_SECURE_IDENTITY_CT_VERIFIED);
  // Any invalid SCT.
-  if (CertificateTransparencyStatusMatchAny(
+  if (CertificateTransparencyStatusMatchAny(sct_verify_statuses,
+                                            net::ct::SCT_STATUS_INVALID) ||
+      CertificateTransparencyStatusMatchAny(
          sct_verify_statuses, net::ct::SCT_STATUS_INVALID_TIMESTAMP) ||
      CertificateTransparencyStatusMatchAny(
          sct_verify_statuses, net::ct::SCT_STATUS_INVALID_SIGNATURE))

--- a/content/common/ssl_status_serialization.cc
+++ b/content/common/ssl_status_serialization.cc
@@ -31,6 +31,9 @@ bool CheckSecurityStyle(int security_style) {
 bool CheckSCTStatus(uint32_t sct_status) {
  switch (sct_status) {
    case net::ct::SCT_STATUS_LOG_UNKNOWN:
+    // INVALID is deprecated and should not be used anymore, but it
+    // might have been previously written into the disk cache.
+    case net::ct::SCT_STATUS_INVALID:
    case net::ct::SCT_STATUS_INVALID_SIGNATURE:
    case net::ct::SCT_STATUS_OK:
    case net::ct::SCT_STATUS_INVALID_TIMESTAMP:

--- a/content/common/ssl_status_serialization_unittest.cc
+++ b/content/common/ssl_status_serialization_unittest.cc
@@ -148,4 +148,19 @@ TEST(SSLStatusSerializationTest, DeserializeBogusSCTVerifyStatus) {
  EXPECT_PRED2(SSLStatusAreEqual, SSLStatus(), deserialized);
 }
+// Test that SCTVerifyStatus INVALID can be deserialized; even though
+// this value is deprecated, it may still appear in previously written
+// disk cache entries. Regression test for https://crbug.com/640296
+TEST(SSLStatusSerializationTest, DeserializeInvalidSCT) {
+  SSLStatus status;
+  SetTestStatus(&status);
+  status.sct_statuses.push_back(
+      static_cast<net::ct::SCTVerifyStatus>(net::ct::SCT_STATUS_INVALID));
+  std::string serialized = SerializeSecurityInfo(status);
+  SSLStatus deserialized;
+  ASSERT_TRUE(DeserializeSecurityInfo(serialized, &deserialized));
+  EXPECT_PRED2(SSLStatusAreEqual, status, deserialized);
+}
 }  // namespace
--- a/net/cert/ct_sct_to_string.cc
+++ b/net/cert/ct_sct_to_string.cc
@@ -62,6 +62,8 @@ const std::string StatusToString(SCTVerifyStatus status) {
  switch (status) {
    case SCT_STATUS_LOG_UNKNOWN:
      return "From unknown log";
+    case SCT_STATUS_INVALID:
+      return "Invalid";
    case SCT_STATUS_INVALID_SIGNATURE:
      return "Invalid signature";
    case SCT_STATUS_OK:

--- a/net/cert/sct_status_flags.h
+++ b/net/cert/sct_status_flags.h
@@ -21,9 +21,12 @@ enum SCTVerifyStatus {
  // The SCT is from an unknown log, so we cannot verify its signature.
  SCT_STATUS_LOG_UNKNOWN = 1,
-  // SCTVerifyStatus=2 used to represent SCT_STATUS_INVALID, which has now been
+  // This value is deprecated and should not be used. It has been split
-  // split into INVALID_SIGNATURE and INVALID_TIMESTAMP to represent the
+  // into INVALID_SIGNATURE and INVALID_TIMESTAMP to represent the
-  // different reasons an SCT could be invalid.
+  // different reasons an SCT could be invalid. Though it is no longer
+  // in use, it is preserved here because it may be present in
+  // serialized messages.
+  SCT_STATUS_INVALID = 2,
  // The SCT is from a known log, and the signature is valid.
  SCT_STATUS_OK = 3,