Closed Bug 1911005 Opened 1 year ago Closed 1 year ago

ct: note log state and timestamp when incorporating known logs

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
131 Branch
Tracking Flags:
Tracking Status
firefox131 --- fixed

People

(Reporter: keeler, Assigned: keeler)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

Bug 1911005 - certificate transparency: note log states and timestamps r?jschanck
48 bytes, text/x-phabricator-request
Details | Review

When updating the known CT log list, we need to make note of each log's state (qualified, usable, readonly, or retired) as well as the timestamp associated with that state.

This patch uses the log state information in the known CT log list to
differentiate qualified, usable, and readonly logs from retired logs. This
patch also takes the opportunity to update the language in the implementation
from "disqualified" to "retired" to match the current terminology from the
source data.

Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/25bb41b1999f certificate transparency: note log states and timestamps r=jschanck

Backed out for causing for causing build bustage in CTPolicyEnforcer.cpp

[task 2024-08-02T21:23:18.897Z] 21:23:18     INFO -  gmake[4]: Leaving directory '/builds/worker/workspace/obj-build/security/nss/lib/mozpkix/mozpkix_mozpkix'
[task 2024-08-02T21:23:18.905Z] 21:23:18     INFO -  gmake[4]: Entering directory '/builds/worker/workspace/obj-build/security/ct'
[task 2024-08-02T21:23:18.908Z] 21:23:18     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/gcc/bin/g++ --sysroot /builds/worker/fetches/sysroot-x86_64-linux-gnu -std=gnu++17 -isystem /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/c++/8 -isystem /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/x86_64-linux-gnu/c++/8 -isystem /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include/x86_64-linux-gnu -isystem /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/include -o Unified_cpp_security_ct0.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DDEBUG=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DMOZ_SUPPORT_LEAKCHECKING -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/security/ct -I/builds/worker/workspace/obj-build/security/ct -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -D_GLIBCXX_USE_CXX11_ABI=0 -fno-rtti -pthread -fno-sized-deallocation -fno-aligned-new -ffunction-sections -fdata-sections -fno-math-errno -fno-exceptions -pipe -fPIC -gdwarf-4 -O2 -fno-omit-frame-pointer -funwind-tables -Werror -Wall -Wempty-body -Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wno-invalid-offsetof -Wduplicated-cond -Wimplicit-fallthrough -Wlogical-op -Wno-error=maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-multistatement-macros -Wno-error=class-memaccess -Wformat -Wformat-overflow=2 -Wno-psabi -Wno-error=builtin-macro-redefined -Wextra -Wunreachable-code -Wno-unused-parameter -fno-strict-aliasing -ffp-contract=off  -MD -MP -MF .deps/Unified_cpp_security_ct0.o.pp   Unified_cpp_security_ct0.cpp
[task 2024-08-02T21:23:18.909Z] 21:23:18     INFO -  In file included from Unified_cpp_security_ct0.cpp:47:
[task 2024-08-02T21:23:18.910Z] 21:23:18     INFO -  /builds/worker/checkouts/gecko/security/ct/CTPolicyEnforcer.cpp: In function 'bool mozilla::ct::LogWasQualifiedForSct(const mozilla::ct::VerifiedSCT&, uint64_t)':
[task 2024-08-02T21:23:18.911Z] 21:23:18    ERROR -  /builds/worker/checkouts/gecko/security/ct/CTPolicyEnforcer.cpp:157:1: error: control reaches end of non-void function [-Werror=return-type]
[task 2024-08-02T21:23:18.912Z] 21:23:18     INFO -   }
[task 2024-08-02T21:23:18.917Z] 21:23:18     INFO -   ^
[task 2024-08-02T21:23:18.918Z] 21:23:18     INFO -  cc1plus: all warnings being treated as errors
[task 2024-08-02T21:23:18.920Z] 21:23:18    ERROR -  gmake[4]: *** [/builds/worker/checkouts/gecko/config/rules.mk:676: Unified_cpp_security_ct0.o] Error 1
[task 2024-08-02T21:23:18.921Z] 21:23:18     INFO -  gmake[4]: Leaving directory '/builds/worker/workspace/obj-build/security/ct'
[task 2024-08-02T21:23:18.922Z] 21:23:18     INFO -  gmake[4]: Target 'target-objects' not remade because of errors.
[task 2024-08-02T21:23:18.922Z] 21:23:18    ERROR -  gmake[3]: *** [/builds/worker/checkouts/gecko/config/recurse.mk:72: security/ct/target-objects] Error 2
[task 2024-08-02T21:23:18.932Z] 21:23:18     INFO -  gmake[4]: Entering directory '/builds/worker/workspace/obj-build/security/sandbox/linux/broker'
[task 2024-08-02T21:23:18.932Z] 21:23:18     INFO -  mkdir -p '.deps/'
[task 2024-08-02T21:23:18.933Z] 21:23:18     INFO -  gmake[4]: Leaving directory '/builds/worker/workspace/obj-build/security/sandbox/linux/broker'
[task 2024-08-02T21:23:18.958Z] 21:23:18     INFO -  gmake[4]: Entering directory '/builds/worker/workspace/obj-build/security/sandbox/linux/broker'
Flags: needinfo?(dkeeler)
Flags: needinfo?(dkeeler)
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3026b1b62d03 certificate transparency: note log states and timestamps r=jschanck

Backed out for causing build bustages related to CTPolicyEnforcer.cpp

[task 2024-08-03T00:01:08.895Z] 00:01:08     INFO -  gmake[4]: Entering directory '/builds/worker/workspace/obj-build/security/ct'
[task 2024-08-03T00:01:08.898Z] 00:01:08     INFO -  /builds/worker/fetches/sccache/sccache /builds/worker/fetches/clang/bin/clang++ --sysroot /builds/worker/fetches/sysroot-x86_64-linux-gnu -o CTPolicyEnforcer.o -c  -I/builds/worker/workspace/obj-build/dist/stl_wrappers -I/builds/worker/workspace/obj-build/dist/system_wrappers -include /builds/worker/checkouts/gecko/config/gcc_hidden.h -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fstack-clash-protection -DNDEBUG -DTRIMMED=1 -DMOZ_HAS_MOZGLUE -DMOZILLA_INTERNAL_API -DIMPL_LIBXUL -DMOZ_SUPPORT_LEAKCHECKING -DSTATIC_EXPORTABLE_JS_API -I/builds/worker/checkouts/gecko/security/ct -I/builds/worker/workspace/obj-build/security/ct -I/builds/worker/workspace/obj-build/dist/include -I/builds/worker/workspace/obj-build/dist/include/nspr -I/builds/worker/workspace/obj-build/dist/include/nss -DMOZILLA_CLIENT -include /builds/worker/workspace/obj-build/mozilla-config.h -D_GLIBCXX_USE_CXX11_ABI=0 -fno-rtti -pthread -fno-sized-deallocation -fno-aligned-new -ffunction-sections -fdata-sections -fno-math-errno -fno-exceptions -fPIC -fcrash-diagnostics-dir=/builds/worker/artifacts -gdwarf-4 -Xclang -load -Xclang /builds/worker/workspace/obj-build/build/clang-plugin/libclang-plugin.so -Xclang -add-plugin -Xclang moz-check -O2 -fno-omit-frame-pointer -funwind-tables -Werror -Wall -Wbitfield-enum-conversion -Wempty-body -Wformat-type-confusion -Wignored-qualifiers -Wpointer-arith -Wshadow-field-in-constructor-modified -Wsign-compare -Wtautological-constant-in-range-compare -Wtype-limits -Wno-error=tautological-type-limit-compare -Wunreachable-code -Wunreachable-code-return -Wunused-but-set-parameter -Wno-invalid-offsetof -Wclass-varargs -Wempty-init-stmt -Wfloat-overflow-conversion -Wfloat-zero-conversion -Wloop-analysis -Wno-range-loop-analysis -Wenum-compare-conditional -Wenum-float-conversion -Wno-deprecated-anon-enum-enum-conversion -Wno-deprecated-enum-enum-conversion -Wno-deprecated-this-capture -Wcomma -Wimplicit-fallthrough -Wstring-conversion -Wno-inline-new-delete -Wno-error=deprecated-declarations -Wno-error=array-bounds -Wno-error=free-nonheap-object -Wno-error=atomic-alignment -Wno-error=deprecated-builtins -Wformat -Wformat-security -Wno-psabi -Wthread-safety -Wno-error=builtin-macro-redefined -Wno-vla-cxx-extension -Wno-unknown-warning-option -Wextra -Wunreachable-code -Wno-unused-parameter -fno-strict-aliasing -ffp-contract=off  -MD -MP -MF .deps/CTPolicyEnforcer.o.pp   /builds/worker/checkouts/gecko/security/ct/CTPolicyEnforcer.cpp
[task 2024-08-03T00:01:08.898Z] 00:01:08    ERROR -  /builds/worker/checkouts/gecko/security/ct/CTPolicyEnforcer.cpp:157:3: error: use of undeclared identifier 'MOZ_ASSERT_UNREACHABLE'
[task 2024-08-03T00:01:08.898Z] 00:01:08     INFO -    157 |   MOZ_ASSERT_UNREACHABLE("verifiedSct.logState must be Admissible or Retired");
[task 2024-08-03T00:01:08.898Z] 00:01:08     INFO -        |   ^
[task 2024-08-03T00:01:08.898Z] 00:01:08     INFO -  1 error generated.
[task 2024-08-03T00:01:08.899Z] 00:01:08    ERROR -  gmake[4]: *** [/builds/worker/checkouts/gecko/config/rules.mk:674: CTPolicyEnforcer.o] Error 1
[task 2024-08-03T00:01:08.899Z] 00:01:08     INFO -  gmake[4]: Leaving directory '/builds/worker/workspace/obj-build/security/ct'
[task 2024-08-03T00:01:08.899Z] 00:01:08     INFO -  gmake[4]: Entering directory '/builds/worker/workspace/obj-build/security/ct'
[task 2024-08-03T00:01:08.900Z] 00:01:08     INFO -  security/ct/MultiLogCTVerifier.o
Flags: needinfo?(dkeeler)
Backout by imoraru@mozilla.com: https://hg.mozilla.org/mozilla-central/rev/3a7067a3cd84 Backed out changeset 25bb41b1999f for causing build bustage in CTPolicyEnforcer.cpp CLOSED TREE
Flags: needinfo?(dkeeler)
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/13d7c09a0aae certificate transparency: note log states and timestamps r=jschanck

https://hg.mozilla.org/mozilla-central/rev/13d7c09a0aae

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox131: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 131 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: