mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 05:11:16 +00:00
Backed out changeset bf6ee973f04e because of Android bustage UPGRADE_NSS_RELEASE
--HG-- extra : amend_source : 6502b79382c14536c060c03b428172cb6edc9d3f
This commit is contained in:
parent
66f094103a
commit
073576f302
@ -1 +1 @@
|
||||
0c3800b6eaba
|
||||
57e38a8407b3
|
||||
|
@ -1,12 +0,0 @@
|
||||
Functions changes summary: 0 Removed, 0 Changed, 6 Added functions
|
||||
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
|
||||
|
||||
6 Added functions:
|
||||
|
||||
'function SECStatus CERT_GetCertIsPerm(const CERTCertificate*, PRBool*)' {CERT_GetCertIsPerm@@NSS_3.31}
|
||||
'function SECStatus CERT_GetCertIsTemp(const CERTCertificate*, PRBool*)' {CERT_GetCertIsTemp@@NSS_3.31}
|
||||
'function CERTCertificate* PK11_FindCertFromURI(const char*, void*)' {PK11_FindCertFromURI@@NSS_3.31}
|
||||
'function CERTCertList* PK11_FindCertsFromURI(const char*, void*)' {PK11_FindCertsFromURI@@NSS_3.31}
|
||||
'function char* PK11_GetModuleURI(SECMODModule*)' {PK11_GetModuleURI@@NSS_3.31}
|
||||
'function char* PK11_GetTokenURI()' {PK11_GetTokenURI@@NSS_3.31}
|
||||
|
@ -1,12 +0,0 @@
|
||||
Functions changes summary: 0 Removed, 0 Changed, 6 Added functions
|
||||
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
|
||||
|
||||
6 Added functions:
|
||||
|
||||
'function void PK11URI_CreateURI(size_t, size_t)' {PK11URI_CreateURI@@NSSUTIL_3.31}
|
||||
'function void PK11URI_DestroyURI()' {PK11URI_DestroyURI@@NSSUTIL_3.31}
|
||||
'function char* PK11URI_FormatURI()' {PK11URI_FormatURI@@NSSUTIL_3.31}
|
||||
'function const char* PK11URI_GetPathAttribute(const char*)' {PK11URI_GetPathAttribute@@NSSUTIL_3.31}
|
||||
'function const char* PK11URI_GetQueryAttribute(const char*)' {PK11URI_GetQueryAttribute@@NSSUTIL_3.31}
|
||||
'function void PK11URI_ParseURI(const char*)' {PK11URI_ParseURI@@NSSUTIL_3.31}
|
||||
|
@ -1,14 +0,0 @@
|
||||
Functions changes summary: 0 Removed, 1 Changed, 0 Added function
|
||||
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
|
||||
|
||||
1 function with some indirect sub-type change:
|
||||
|
||||
[C]'function SECStatus SSL_GetPreliminaryChannelInfo(SSLPreliminaryChannelInfo*, PRUintn)' at sslinfo.c:115:1 has some indirect sub-type changes:
|
||||
parameter 1 of type 'SSLPreliminaryChannelInfo*' has sub-type changes:
|
||||
in pointed to type 'typedef SSLPreliminaryChannelInfo' at sslt.h:318:1:
|
||||
underlying type 'struct SSLPreliminaryChannelInfoStr' at sslt.h:287:1 changed:
|
||||
type size changed from 128 to 160 bits
|
||||
1 data member insertion:
|
||||
'PRUint32 SSLPreliminaryChannelInfoStr::maxEarlyDataSize', at offset 128 (in bits) at sslt.h:314:1
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
NSPR_4_14_BRANCH
|
@ -1 +0,0 @@
|
||||
NSS_3_30_BRANCH
|
@ -19,9 +19,6 @@ proc_args()
|
||||
"--test-nss")
|
||||
TEST_NSS=1
|
||||
;;
|
||||
"--check-abi")
|
||||
CHECK_ABI=1
|
||||
;;
|
||||
"--build-jss")
|
||||
BUILD_JSS=1
|
||||
;;
|
||||
@ -43,7 +40,6 @@ proc_args()
|
||||
echo " --build-jss"
|
||||
echo " --test-nss"
|
||||
echo " --test-jss"
|
||||
echo " --check-abi"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
@ -219,71 +215,6 @@ test_nss()
|
||||
return ${RET}
|
||||
}
|
||||
|
||||
check_abi()
|
||||
{
|
||||
print_log "######## NSS ABI CHECK - ${BITS} bits - ${OPT} ########"
|
||||
rm -rf ${HGDIR}/baseline
|
||||
mkdir ${HGDIR}/baseline
|
||||
BASE_NSPR=`cat ${HGDIR}/nss/automation/abi-check/previous-nspr-release`
|
||||
BASE_NSS=`cat ${HGDIR}/nss/automation/abi-check/previous-nss-release`
|
||||
|
||||
print_log "######## creating temporary HG clones ########"
|
||||
|
||||
hg clone -u "${BASE_NSPR}" "${HGDIR}/nspr" "${HGDIR}/baseline/nspr"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "invalid tag in automation/abi-check/previous-nspr-release"
|
||||
return 1
|
||||
fi
|
||||
hg clone -u "${BASE_NSS}" "${HGDIR}/nss" "${HGDIR}/baseline/nss"
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "invalid tag in automation/abi-check/previous-nss-release"
|
||||
return 1
|
||||
fi
|
||||
|
||||
print_log "######## building older NSPR/NSS ########"
|
||||
|
||||
print_log "$ pushd ${HGDIR}/baseline/nss"
|
||||
pushd ${HGDIR}/baseline/nss
|
||||
|
||||
print_log "$ ${MAKE} ${NSS_BUILD_TARGET}"
|
||||
#${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}"
|
||||
${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL}
|
||||
RET=$?
|
||||
print_result "NSS - build - ${BITS} bits - ${OPT}" ${RET} 0
|
||||
|
||||
if [ ${RET} -ne 0 ]; then
|
||||
tail -100 ${LOG_ALL}
|
||||
return ${RET}
|
||||
fi
|
||||
|
||||
print_log "$ popd"
|
||||
popd
|
||||
|
||||
ABI_REPORT=${OUTPUTDIR}/abi-diff.txt
|
||||
rm -f ${ABI_REPORT}
|
||||
PREVDIST=${HGDIR}/baseline/dist
|
||||
NEWDIST=${HGDIR}/dist
|
||||
ALL_SOs="libfreebl3.so libfreeblpriv3.so libnspr4.so libnss3.so libnssckbi.so libnssdbm3.so libnsssysinit.so libnssutil3.so libplc4.so libplds4.so libsmime3.so libsoftokn3.so libssl3.so"
|
||||
for SO in ${ALL_SOs}; do
|
||||
if [ ! -f nss/automation/abi-check/expected-report-$SO.txt ]; then
|
||||
touch nss/automation/abi-check/expected-report-$SO.txt
|
||||
fi
|
||||
abidiff --hd1 $PREVDIST/public/ --hd2 $NEWDIST/public \
|
||||
$PREVDIST/*/lib/$SO $NEWDIST/*/lib/$SO \
|
||||
> nss/automation/abi-check/new-report-$SO.txt
|
||||
diff -u nss/automation/abi-check/expected-report-$SO.txt \
|
||||
nss/automation/abi-check/new-report-$SO.txt >> ${ABI_REPORT}
|
||||
done
|
||||
|
||||
if [ -s ${ABI_REPORT} ]; then
|
||||
print_log "FAILED: there are new unexpected ABI changes"
|
||||
cat ${ABI_REPORT}
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
test_jss()
|
||||
{
|
||||
print_log "######## JSS - tests - ${BITS} bits - ${OPT} ########"
|
||||
@ -357,11 +288,6 @@ build_and_test()
|
||||
[ $? -eq 0 ] || return 1
|
||||
fi
|
||||
|
||||
if [ -n "${CHECK_ABI}" ]; then
|
||||
check_abi
|
||||
[ $? -eq 0 ] || return 1
|
||||
fi
|
||||
|
||||
if [ -n "${BUILD_JSS}" ]; then
|
||||
create_objdir_dist_link
|
||||
build_jss
|
||||
@ -434,7 +360,6 @@ main()
|
||||
{
|
||||
VALID=0
|
||||
RET=1
|
||||
FAIL=0
|
||||
|
||||
for BITS in 32 64; do
|
||||
echo ${RUN_BITS} | grep ${BITS} > /dev/null
|
||||
@ -447,10 +372,7 @@ main()
|
||||
set_env
|
||||
run_all
|
||||
RET=$?
|
||||
print_log "### result of run_all is ${RET}"
|
||||
if [ ${RET} -ne 0 ]; then
|
||||
FAIL=${RET}
|
||||
fi
|
||||
print_log "### result of run_all is ${RET}"
|
||||
done
|
||||
done
|
||||
|
||||
@ -459,7 +381,7 @@ main()
|
||||
return 1
|
||||
fi
|
||||
|
||||
return ${FAIL}
|
||||
return ${RET}
|
||||
}
|
||||
|
||||
#function killallsub()
|
||||
@ -487,8 +409,6 @@ echo "tinderbox args: $0 $@"
|
||||
proc_args "$@"
|
||||
main
|
||||
|
||||
RET=$?
|
||||
print_log "### result of main is ${RET}"
|
||||
|
||||
#RET=$?
|
||||
#rm $IS_RUNNING_FILE
|
||||
exit ${RET}
|
||||
#exit ${RET}
|
||||
|
@ -1,10 +0,0 @@
|
||||
4.15
|
||||
|
||||
# The first line of this file must contain the human readable NSPR
|
||||
# version number, which is the minimum required version of NSPR
|
||||
# that is supported by this version of NSS.
|
||||
#
|
||||
# This information is used by release automation,
|
||||
# when creating an NSS source archive.
|
||||
#
|
||||
# All other lines in this file are ignored.
|
@ -171,13 +171,11 @@ def set_4_digit_release_number():
|
||||
set_all_lib_versions(version, major, minor, patch, build)
|
||||
|
||||
def create_nss_release_archive():
|
||||
ensure_arguments_after_action(3, "nss_release_version nss_hg_release_tag path_to_stage_directory")
|
||||
ensure_arguments_after_action(4, "nss_release_version nss_hg_release_tag nspr_release_version path_to_stage_directory")
|
||||
nssrel = args[1].strip() #e.g. 3.19.3
|
||||
nssreltag = args[2].strip() #e.g. NSS_3_19_3_RTM
|
||||
stagedir = args[3].strip() #e.g. ../stage
|
||||
|
||||
with open('automation/release/nspr-version.txt') as nspr_version_file:
|
||||
nsprrel = next(nspr_version_file).strip()
|
||||
nsprrel = args[3].strip() #e.g. 4.10.8
|
||||
stagedir = args[4].strip() #e.g. ../stage
|
||||
|
||||
nspr_tar = "nspr-" + nsprrel + ".tar.gz"
|
||||
nsprtar_with_path= stagedir + "/v" + nsprrel + "/src/" + nspr_tar
|
||||
|
@ -22,10 +22,6 @@ apt_packages+=('ninja-build')
|
||||
apt_packages+=('pkg-config')
|
||||
apt_packages+=('zlib1g-dev')
|
||||
|
||||
# 32-bit builds
|
||||
apt_packages+=('gcc-multilib')
|
||||
apt_packages+=('g++-multilib')
|
||||
|
||||
# Latest Mercurial.
|
||||
apt_packages+=('mercurial')
|
||||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
|
||||
@ -35,11 +31,6 @@ echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" >
|
||||
apt-get -y update
|
||||
apt-get install -y --no-install-recommends ${apt_packages[@]}
|
||||
|
||||
# 32-bit builds
|
||||
dpkg --add-architecture i386
|
||||
apt-get -y update
|
||||
apt-get install -y --no-install-recommends libssl-dev:i386
|
||||
|
||||
# Install LLVM/clang-4.0.
|
||||
mkdir clang-tmp
|
||||
git clone -n --depth 1 https://chromium.googlesource.com/chromium/src/tools/clang clang-tmp/clang
|
||||
|
@ -63,6 +63,11 @@ queue.filter(task => {
|
||||
if (task.collection == "make") {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Disable mpi tests for now on 32-bit builds (bug 1362392)
|
||||
if (task.platform == "linux32") {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -163,7 +168,6 @@ export default async function main() {
|
||||
});
|
||||
|
||||
await scheduleFuzzing();
|
||||
await scheduleFuzzing32();
|
||||
|
||||
await scheduleTools();
|
||||
|
||||
@ -411,110 +415,6 @@ async function scheduleFuzzing() {
|
||||
return queue.submit();
|
||||
}
|
||||
|
||||
async function scheduleFuzzing32() {
|
||||
let base = {
|
||||
env: {
|
||||
ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1",
|
||||
UBSAN_OPTIONS: "print_stacktrace=1",
|
||||
NSS_DISABLE_ARENA_FREE_LIST: "1",
|
||||
NSS_DISABLE_UNLOAD: "1",
|
||||
CC: "clang",
|
||||
CCC: "clang++"
|
||||
},
|
||||
features: ["allowPtrace"],
|
||||
platform: "linux32",
|
||||
collection: "fuzz",
|
||||
image: FUZZ_IMAGE
|
||||
};
|
||||
|
||||
// Build base definition.
|
||||
let build_base = merge({
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && " +
|
||||
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz -m32"
|
||||
],
|
||||
artifacts: {
|
||||
public: {
|
||||
expires: 24 * 7,
|
||||
type: "directory",
|
||||
path: "/home/worker/artifacts"
|
||||
}
|
||||
},
|
||||
kind: "build",
|
||||
symbol: "B"
|
||||
}, base);
|
||||
|
||||
// The task that builds NSPR+NSS.
|
||||
let task_build = queue.scheduleTask(merge(build_base, {
|
||||
name: "Linux 32 (debug, fuzz)"
|
||||
}));
|
||||
|
||||
// The task that builds NSPR+NSS (TLS fuzzing mode).
|
||||
let task_build_tls = queue.scheduleTask(merge(build_base, {
|
||||
name: "Linux 32 (debug, TLS fuzz)",
|
||||
symbol: "B",
|
||||
group: "TLS",
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && " +
|
||||
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls -m32"
|
||||
],
|
||||
}));
|
||||
|
||||
// Schedule tests.
|
||||
queue.scheduleTask(merge(base, {
|
||||
parent: task_build_tls,
|
||||
name: "Gtests",
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
|
||||
],
|
||||
env: {GTESTFILTER: "*Fuzz*"},
|
||||
tests: "ssl_gtests gtests",
|
||||
cycle: "standard",
|
||||
symbol: "Gtest",
|
||||
kind: "test"
|
||||
}));
|
||||
|
||||
// Schedule fuzzing runs.
|
||||
let run_base = merge(base, {parent: task_build, kind: "test"});
|
||||
scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096);
|
||||
scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000);
|
||||
|
||||
// Schedule MPI fuzzing runs.
|
||||
let mpi_base = merge(run_base, {group: "MPI"});
|
||||
let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr",
|
||||
"sqrmod", "sub", "submod"];
|
||||
for (let name of mpi_names) {
|
||||
scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name);
|
||||
}
|
||||
scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod");
|
||||
|
||||
// Schedule TLS fuzzing runs (non-fuzzing mode).
|
||||
let tls_base = merge(run_base, {group: "TLS"});
|
||||
scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm",
|
||||
"tls-client-no_fuzzer_mode");
|
||||
scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", 20000, "server-nfm",
|
||||
"tls-server-no_fuzzer_mode");
|
||||
scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client", 20000,
|
||||
"dtls-client-nfm", "dtls-client-no_fuzzer_mode");
|
||||
scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server", 20000,
|
||||
"dtls-server-nfm", "dtls-server-no_fuzzer_mode");
|
||||
|
||||
// Schedule TLS fuzzing runs (fuzzing mode).
|
||||
let tls_fm_base = merge(tls_base, {parent: task_build_tls});
|
||||
scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client");
|
||||
scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", 20000, "server");
|
||||
scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", 20000, "dtls-client");
|
||||
scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", 20000, "dtls-server");
|
||||
|
||||
return queue.submit();
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
async function scheduleTestBuilds(base, args = "") {
|
||||
|
@ -23,7 +23,7 @@ function parseOptions(opts) {
|
||||
|
||||
// Parse platforms.
|
||||
let allPlatforms = ["linux", "linux64", "linux64-asan", "win64",
|
||||
"linux64-make", "linux-make", "linux-fuzz", "linux64-fuzz", "aarch64"];
|
||||
"linux64-make", "linux-make", "linux64-fuzz", "aarch64"];
|
||||
let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
|
||||
|
||||
// If the given value is nonsense or "none" default to all platforms.
|
||||
@ -104,7 +104,6 @@ function filter(opts) {
|
||||
let found = opts.platforms.some(platform => {
|
||||
let aliases = {
|
||||
"linux": "linux32",
|
||||
"linux-fuzz": "linux32",
|
||||
"linux64-asan": "linux64",
|
||||
"linux64-fuzz": "linux64",
|
||||
"linux64-make": "linux64",
|
||||
@ -120,7 +119,7 @@ function filter(opts) {
|
||||
keep &= coll("asan");
|
||||
} else if (platform == "linux64-make" || platform == "linux-make") {
|
||||
keep &= coll("make");
|
||||
} else if (platform == "linux64-fuzz" || platform == "linux-fuzz") {
|
||||
} else if (platform == "linux64-fuzz") {
|
||||
keep &= coll("fuzz");
|
||||
} else {
|
||||
keep &= coll("opt") || coll("debug");
|
||||
|
@ -1261,13 +1261,11 @@ DoChallengeResponse(SECKEYPrivateKey *privKey,
|
||||
return 908;
|
||||
}
|
||||
keyID = PK11_MakeIDFromPubKey(publicValue);
|
||||
SECITEM_FreeItem(publicValue, PR_TRUE);
|
||||
if (keyID == NULL) {
|
||||
printf("Could not make the keyID from the public value\n");
|
||||
return 909;
|
||||
}
|
||||
foundPrivKey = PK11_FindKeyByKeyID(privKey->pkcs11Slot, keyID, &pwdata);
|
||||
SECITEM_FreeItem(keyID, PR_TRUE);
|
||||
if (foundPrivKey == NULL) {
|
||||
printf("Could not find the private key corresponding to the public"
|
||||
" value.\n");
|
||||
|
@ -31,18 +31,7 @@
|
||||
'include_dirs': [
|
||||
'<(DEPTH)/lib/freebl/mpi',
|
||||
'<(DEPTH)/lib/util',
|
||||
],
|
||||
# This uses test builds and has to set defines for MPI.
|
||||
'conditions': [
|
||||
[ 'target_arch=="ia32"', {
|
||||
'defines': [
|
||||
'MP_USE_UINT_DIGIT',
|
||||
'MP_ASSEMBLY_MULTIPLY',
|
||||
'MP_ASSEMBLY_SQUARE',
|
||||
'MP_ASSEMBLY_DIV_2DX1D',
|
||||
],
|
||||
}],
|
||||
],
|
||||
]
|
||||
},
|
||||
'variables': {
|
||||
'module': 'nss'
|
||||
|
@ -10,3 +10,4 @@
|
||||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
@ -24,10 +24,7 @@ if [ "$fuzz_oss" = 1 ]; then
|
||||
gyp_params+=(-Dno_zdefs=1 -Dfuzz_oss=1)
|
||||
else
|
||||
enable_sanitizer asan
|
||||
# Ubsan doesn't build on 32-bit at the moment. Disable it.
|
||||
if [ "$build_64" = 1 ]; then
|
||||
enable_ubsan
|
||||
fi
|
||||
enable_ubsan
|
||||
enable_sancov
|
||||
fi
|
||||
|
||||
|
@ -88,15 +88,6 @@
|
||||
'-lcrypto',
|
||||
],
|
||||
}],
|
||||
# For test builds we have to set MPI defines.
|
||||
[ 'target_arch=="ia32"', {
|
||||
'defines': [
|
||||
'MP_USE_UINT_DIGIT',
|
||||
'MP_ASSEMBLY_MULTIPLY',
|
||||
'MP_ASSEMBLY_SQUARE',
|
||||
'MP_ASSEMBLY_DIV_2DX1D',
|
||||
],
|
||||
}],
|
||||
],
|
||||
},
|
||||
},
|
||||
|
@ -29,6 +29,13 @@
|
||||
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
|
||||
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
|
||||
],
|
||||
'conditions': [
|
||||
[ 'ct_verif==1', {
|
||||
'defines': [
|
||||
'CT_VERIF',
|
||||
],
|
||||
}],
|
||||
],
|
||||
},
|
||||
{
|
||||
'target_name': 'prng_gtest',
|
||||
@ -55,23 +62,7 @@
|
||||
'target_defaults': {
|
||||
'include_dirs': [
|
||||
'<(DEPTH)/lib/freebl/mpi',
|
||||
],
|
||||
# For test builds we have to set MPI defines.
|
||||
'conditions': [
|
||||
[ 'ct_verif==1', {
|
||||
'defines': [
|
||||
'CT_VERIF',
|
||||
],
|
||||
}],
|
||||
[ 'target_arch=="ia32"', {
|
||||
'defines': [
|
||||
'MP_USE_UINT_DIGIT',
|
||||
'MP_ASSEMBLY_MULTIPLY',
|
||||
'MP_ASSEMBLY_SQUARE',
|
||||
'MP_ASSEMBLY_DIV_2DX1D',
|
||||
],
|
||||
}],
|
||||
],
|
||||
]
|
||||
},
|
||||
'variables': {
|
||||
'module': 'nss'
|
||||
|
@ -53,39 +53,13 @@ class MPITest : public ::testing::Test {
|
||||
mp_clear(&a);
|
||||
mp_clear(&b);
|
||||
}
|
||||
|
||||
void TestDiv(const std::string a_string, const std::string b_string,
|
||||
const std::string result) {
|
||||
mp_int a, b, c;
|
||||
MP_DIGITS(&a) = 0;
|
||||
MP_DIGITS(&b) = 0;
|
||||
MP_DIGITS(&c) = 0;
|
||||
ASSERT_EQ(MP_OKAY, mp_init(&a));
|
||||
ASSERT_EQ(MP_OKAY, mp_init(&b));
|
||||
ASSERT_EQ(MP_OKAY, mp_init(&c));
|
||||
|
||||
mp_read_radix(&a, a_string.c_str(), 16);
|
||||
mp_read_radix(&b, b_string.c_str(), 16);
|
||||
mp_read_radix(&c, result.c_str(), 16);
|
||||
EXPECT_EQ(MP_OKAY, mp_div(&a, &b, &a, &b));
|
||||
EXPECT_EQ(0, mp_cmp(&a, &c));
|
||||
|
||||
mp_clear(&a);
|
||||
mp_clear(&b);
|
||||
mp_clear(&c);
|
||||
}
|
||||
};
|
||||
|
||||
TEST_F(MPITest, MpiCmp01Test) { TestCmp("0", "1", -1); }
|
||||
TEST_F(MPITest, MpiCmp10Test) { TestCmp("1", "0", 1); }
|
||||
TEST_F(MPITest, MpiCmp00Test) { TestCmp("0", "0", 0); }
|
||||
TEST_F(MPITest, MpiCmp11Test) { TestCmp("1", "1", 0); }
|
||||
TEST_F(MPITest, MpiDiv32ErrorTest) {
|
||||
TestDiv("FFFF00FFFFFFFF000000000000", "FFFF00FFFFFFFFFF", "FFFFFFFFFF");
|
||||
}
|
||||
|
||||
#ifdef NSS_X64
|
||||
// This tests assumes 64-bit mp_digits.
|
||||
TEST_F(MPITest, MpiCmpUnalignedTest) {
|
||||
mp_int a, b, c;
|
||||
MP_DIGITS(&a) = 0;
|
||||
@ -116,7 +90,6 @@ TEST_F(MPITest, MpiCmpUnalignedTest) {
|
||||
mp_clear(&b);
|
||||
mp_clear(&c);
|
||||
}
|
||||
#endif
|
||||
|
||||
// This test is slow. Disable it by default so we can run these tests on CI.
|
||||
class DISABLED_MPITest : public ::testing::Test {};
|
||||
|
@ -31,17 +31,13 @@ class PK11URITest : public ::testing::Test {
|
||||
size_t i;
|
||||
for (i = 0; i < num_pattrs; i++) {
|
||||
const char *value = PK11URI_GetPathAttribute(tmp.get(), pattrs[i].name);
|
||||
EXPECT_TRUE(value);
|
||||
if (value) {
|
||||
EXPECT_EQ(std::string(value), std::string(pattrs[i].value));
|
||||
}
|
||||
ASSERT_TRUE(value);
|
||||
ASSERT_EQ(std::string(value), std::string(pattrs[i].value));
|
||||
}
|
||||
for (i = 0; i < num_qattrs; i++) {
|
||||
const char *value = PK11URI_GetQueryAttribute(tmp.get(), qattrs[i].name);
|
||||
EXPECT_TRUE(value);
|
||||
if (value) {
|
||||
EXPECT_EQ(std::string(value), std::string(qattrs[i].value));
|
||||
}
|
||||
ASSERT_TRUE(value);
|
||||
ASSERT_EQ(std::string(value), std::string(qattrs[i].value));
|
||||
}
|
||||
}
|
||||
|
||||
@ -52,10 +48,8 @@ class PK11URITest : public ::testing::Test {
|
||||
PK11URI_CreateURI(pattrs, num_pattrs, qattrs, num_qattrs));
|
||||
ASSERT_TRUE(tmp);
|
||||
char *out = PK11URI_FormatURI(nullptr, tmp.get());
|
||||
EXPECT_TRUE(out);
|
||||
if (out) {
|
||||
EXPECT_EQ(std::string(out), formatted);
|
||||
}
|
||||
ASSERT_TRUE(out);
|
||||
ASSERT_EQ(std::string(out), formatted);
|
||||
PORT_Free(out);
|
||||
}
|
||||
|
||||
@ -73,17 +67,13 @@ class PK11URITest : public ::testing::Test {
|
||||
size_t i;
|
||||
for (i = 0; i < num_pattrs; i++) {
|
||||
const char *value = PK11URI_GetPathAttribute(tmp.get(), pattrs[i].name);
|
||||
EXPECT_TRUE(value);
|
||||
if (value) {
|
||||
EXPECT_EQ(std::string(value), std::string(pattrs[i].value));
|
||||
}
|
||||
ASSERT_TRUE(value);
|
||||
ASSERT_EQ(std::string(value), std::string(pattrs[i].value));
|
||||
}
|
||||
for (i = 0; i < num_qattrs; i++) {
|
||||
const char *value = PK11URI_GetQueryAttribute(tmp.get(), qattrs[i].name);
|
||||
EXPECT_TRUE(value);
|
||||
if (value) {
|
||||
EXPECT_EQ(std::string(value), std::string(qattrs[i].value));
|
||||
}
|
||||
ASSERT_TRUE(value);
|
||||
ASSERT_EQ(std::string(value), std::string(qattrs[i].value));
|
||||
}
|
||||
}
|
||||
|
||||
@ -91,11 +81,9 @@ class PK11URITest : public ::testing::Test {
|
||||
ScopedPK11URI tmp(PK11URI_ParseURI(str.c_str()));
|
||||
ASSERT_TRUE(tmp);
|
||||
char *out = PK11URI_FormatURI(nullptr, tmp.get());
|
||||
EXPECT_TRUE(out);
|
||||
if (out) {
|
||||
EXPECT_EQ(std::string(out), formatted);
|
||||
PORT_Free(out);
|
||||
}
|
||||
ASSERT_TRUE(out);
|
||||
ASSERT_EQ(std::string(out), formatted);
|
||||
PORT_Free(out);
|
||||
}
|
||||
|
||||
protected:
|
||||
|
@ -2859,9 +2859,6 @@ void
|
||||
s_mp_exch(mp_int *a, mp_int *b)
|
||||
{
|
||||
mp_int tmp;
|
||||
if (!a || !b) {
|
||||
return;
|
||||
}
|
||||
|
||||
tmp = *a;
|
||||
*a = *b;
|
||||
@ -4167,7 +4164,11 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
|
||||
mp_int *quot) /* i: 0; o: quotient */
|
||||
{
|
||||
mp_int part, t;
|
||||
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
|
||||
mp_word q_msd;
|
||||
#else
|
||||
mp_digit q_msd;
|
||||
#endif
|
||||
mp_err res;
|
||||
mp_digit d;
|
||||
mp_digit div_msd;
|
||||
@ -4212,7 +4213,7 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
|
||||
MP_USED(&part) = MP_USED(div);
|
||||
|
||||
/* We have now truncated the part of the remainder to the same length as
|
||||
* the divisor. If part is smaller than div, extend part by one digit. */
|
||||
* the divisor. If part is smaller than div, extend part by one digit. */
|
||||
if (s_mp_cmp(&part, div) < 0) {
|
||||
--unusedRem;
|
||||
#if MP_ARGCHK == 2
|
||||
@ -4229,12 +4230,18 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
|
||||
div_msd = MP_DIGIT(div, MP_USED(div) - 1);
|
||||
if (!partExtended) {
|
||||
/* In this case, q_msd /= div_msd is always 1. First, since div_msd is
|
||||
* normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since
|
||||
* we didn't extend part, q_msd >= div_msd. Therefore we know that
|
||||
* div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we
|
||||
* get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */
|
||||
* normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since
|
||||
* we didn't extend part, q_msd >= div_msd. Therefore we know that
|
||||
* div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we
|
||||
* get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */
|
||||
q_msd = 1;
|
||||
} else {
|
||||
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
|
||||
q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2);
|
||||
q_msd /= div_msd;
|
||||
if (q_msd == RADIX)
|
||||
--q_msd;
|
||||
#else
|
||||
if (q_msd == div_msd) {
|
||||
q_msd = MP_DIGIT_MAX;
|
||||
} else {
|
||||
@ -4242,6 +4249,7 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
|
||||
MP_CHECKOK(s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2),
|
||||
div_msd, &q_msd, &r));
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#if MP_ARGCHK == 2
|
||||
assert(q_msd > 0); /* This case should never occur any more. */
|
||||
@ -4251,15 +4259,15 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
|
||||
|
||||
/* See what that multiplies out to */
|
||||
mp_copy(div, &t);
|
||||
MP_CHECKOK(s_mp_mul_d(&t, q_msd));
|
||||
MP_CHECKOK(s_mp_mul_d(&t, (mp_digit)q_msd));
|
||||
|
||||
/*
|
||||
If it's too big, back it off. We should not have to do this
|
||||
more than once, or, in rare cases, twice. Knuth describes a
|
||||
method by which this could be reduced to a maximum of once, but
|
||||
I didn't implement that here.
|
||||
When using s_mpv_div_2dx1d, we may have to do this 3 times.
|
||||
*/
|
||||
If it's too big, back it off. We should not have to do this
|
||||
more than once, or, in rare cases, twice. Knuth describes a
|
||||
method by which this could be reduced to a maximum of once, but
|
||||
I didn't implement that here.
|
||||
* When using s_mpv_div_2dx1d, we may have to do this 3 times.
|
||||
*/
|
||||
for (i = 4; s_mp_cmp(&t, &part) > 0 && i > 0; --i) {
|
||||
--q_msd;
|
||||
MP_CHECKOK(s_mp_sub(&t, div)); /* t -= div */
|
||||
@ -4274,11 +4282,11 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
|
||||
s_mp_clamp(rem);
|
||||
|
||||
/*
|
||||
Include the digit in the quotient. We allocated enough memory
|
||||
for any quotient we could ever possibly get, so we should not
|
||||
have to check for failures here
|
||||
*/
|
||||
MP_DIGIT(quot, unusedRem) = q_msd;
|
||||
Include the digit in the quotient. We allocated enough memory
|
||||
for any quotient we could ever possibly get, so we should not
|
||||
have to check for failures here
|
||||
*/
|
||||
MP_DIGIT(quot, unusedRem) = (mp_digit)q_msd;
|
||||
}
|
||||
|
||||
/* Denormalize remainder */
|
||||
|
@ -765,12 +765,7 @@ find_certs_from_nickname(const char *nickname, void *wincx)
|
||||
*delimit = ':';
|
||||
} else {
|
||||
slot = PK11_GetInternalKeySlot();
|
||||
token = PK11Slot_GetNSSToken(slot);
|
||||
if (token) {
|
||||
nssToken_AddRef(token);
|
||||
} else {
|
||||
PORT_SetError(SEC_ERROR_NO_TOKEN);
|
||||
}
|
||||
token = nssToken_AddRef(PK11Slot_GetNSSToken(slot));
|
||||
}
|
||||
if (token) {
|
||||
nssList *certList;
|
||||
|
@ -38,6 +38,13 @@
|
||||
#include "zlib.h"
|
||||
#endif
|
||||
|
||||
#ifndef PK11_SETATTRS
|
||||
#define PK11_SETATTRS(x, id, v, l) \
|
||||
(x)->type = (id); \
|
||||
(x)->pValue = (v); \
|
||||
(x)->ulValueLen = (l);
|
||||
#endif
|
||||
|
||||
static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
|
||||
PK11SlotInfo *serverKeySlot);
|
||||
static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
|
||||
|
@ -31,6 +31,13 @@
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#ifndef PK11_SETATTRS
|
||||
#define PK11_SETATTRS(x, id, v, l) \
|
||||
(x)->type = (id); \
|
||||
(x)->pValue = (v); \
|
||||
(x)->ulValueLen = (l);
|
||||
#endif
|
||||
|
||||
SECStatus
|
||||
ssl_NamedGroup2ECParams(PLArenaPool *arena, const sslNamedGroupDef *ecGroup,
|
||||
SECKEYECParams *params)
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -305,6 +305,13 @@ typedef enum {
|
||||
CLIENT_AUTH_CERTIFICATE = 1
|
||||
} ClientAuthenticationType;
|
||||
|
||||
typedef struct {
|
||||
ClientAuthenticationType client_auth_type;
|
||||
union {
|
||||
SSL3Opaque *certificate_list;
|
||||
} identity;
|
||||
} ClientIdentity;
|
||||
|
||||
#define SESS_TICKET_KEY_NAME_LEN 16
|
||||
#define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
|
||||
#define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
|
||||
@ -317,4 +324,8 @@ typedef struct {
|
||||
unsigned char *mac;
|
||||
} EncryptedSessionTicket;
|
||||
|
||||
#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
|
||||
|
||||
#define TLS_STE_NO_SERVER_NAME -1
|
||||
|
||||
#endif /* __ssl3proto_h_ */
|
||||
|
@ -992,7 +992,7 @@ typedef struct SSLWrappedSymWrappingKeyStr {
|
||||
} SSLWrappedSymWrappingKey;
|
||||
|
||||
typedef struct SessionTicketStr {
|
||||
PRBool valid;
|
||||
PRUint16 ticket_version;
|
||||
SSL3ProtocolVersion ssl_version;
|
||||
ssl3CipherSuite cipher_suite;
|
||||
SSLCompressionMethod compression_method;
|
||||
@ -1010,7 +1010,7 @@ typedef struct SessionTicketStr {
|
||||
PRUint16 ms_length;
|
||||
SSL3Opaque master_secret[48];
|
||||
PRBool extendedMasterSecretUsed;
|
||||
ClientAuthenticationType client_auth_type;
|
||||
ClientIdentity client_identity;
|
||||
SECItem peer_cert;
|
||||
PRUint32 timestamp;
|
||||
PRUint32 flags;
|
||||
|
@ -1808,7 +1808,6 @@ ssl_GetSessionTicketKeys(sslSocket *ss, unsigned char *keyName,
|
||||
}
|
||||
|
||||
if (!ssl_session_ticket_keys.encKey || !ssl_session_ticket_keys.macKey) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
|
@ -681,7 +681,7 @@ PK11URI_ParseURI(const char *string)
|
||||
|
||||
result = pk11uri_AllocURI();
|
||||
if (result == NULL) {
|
||||
return NULL;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
/* Parse the path component and its attributes. */
|
||||
|
Loading…
Reference in New Issue
Block a user