From 70e73da60998baa3f2637eb1a2cebbdf0fc47d9d Mon Sep 17 00:00:00 2001 From: Jeff Walden Date: Thu, 28 Feb 2019 21:30:49 -0800 Subject: [PATCH 01/16] Bug 1531638 - Make Vector::begin() always return a non-null pointer, to accommodate users that need/want this. r=froydnj Differential Revision: https://phabricator.services.mozilla.com/D21825 --HG-- extra : rebase_source : 5682d209aef3c10b204678c8865758708f2a7e3e --- mfbt/Vector.h | 9 +++++- mfbt/tests/TestVector.cpp | 62 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 1 deletion(-) diff --git a/mfbt/Vector.h b/mfbt/Vector.h index 7f483161f919..696da9ab7ad8 100644 --- a/mfbt/Vector.h +++ b/mfbt/Vector.h @@ -403,7 +403,14 @@ class MOZ_NON_PARAM Vector final : private AllocPolicy { : CapacityAndReserved(aCapacity, aReserved) {} CRAndStorage() = default; - T* storage() { return nullptr; } + T* storage() { + // If this returns |nullptr|, functions like |Vector::begin()| would too, + // breaking callers that pass a vector's elements as pointer/length to + // code that bounds its operation by length but (even just as a sanity + // check) always wants a non-null pointer. Fake up an aligned, non-null + // pointer to support these callers. + return reinterpret_cast(sizeof(T)); + } }; CRAndStorage mTail; diff --git a/mfbt/tests/TestVector.cpp b/mfbt/tests/TestVector.cpp index 158addef9520..1164e10266a8 100644 --- a/mfbt/tests/TestVector.cpp +++ b/mfbt/tests/TestVector.cpp @@ -506,6 +506,67 @@ static_assert(sizeof(Vector) == #endif // DEBUG +static void TestVectorBeginNonNull() { + // Vector::begin() should never return nullptr, to accommodate callers that + // (either for hygiene, or for semantic reasons) need a non-null pointer even + // for zero elements. + + Vector bvec0; + MOZ_RELEASE_ASSERT(bvec0.length() == 0); + MOZ_RELEASE_ASSERT(bvec0.begin() != nullptr); + + Vector bvec1; + MOZ_RELEASE_ASSERT(bvec1.length() == 0); + MOZ_RELEASE_ASSERT(bvec1.begin() != nullptr); + + Vector bvec64; + MOZ_RELEASE_ASSERT(bvec64.length() == 0); + MOZ_RELEASE_ASSERT(bvec64.begin() != nullptr); + + Vector ivec0; + MOZ_RELEASE_ASSERT(ivec0.length() == 0); + MOZ_RELEASE_ASSERT(ivec0.begin() != nullptr); + + Vector ivec1; + MOZ_RELEASE_ASSERT(ivec1.length() == 0); + MOZ_RELEASE_ASSERT(ivec1.begin() != nullptr); + + Vector ivec64; + MOZ_RELEASE_ASSERT(ivec64.length() == 0); + MOZ_RELEASE_ASSERT(ivec64.begin() != nullptr); + + Vector lvec0; + MOZ_RELEASE_ASSERT(lvec0.length() == 0); + MOZ_RELEASE_ASSERT(lvec0.begin() != nullptr); + + Vector lvec1; + MOZ_RELEASE_ASSERT(lvec1.length() == 0); + MOZ_RELEASE_ASSERT(lvec1.begin() != nullptr); + + Vector lvec64; + MOZ_RELEASE_ASSERT(lvec64.length() == 0); + MOZ_RELEASE_ASSERT(lvec64.begin() != nullptr); + + // Vector doesn't guarantee N inline elements -- the actual count is + // capped so that any Vector fits in a not-crazy amount of space -- so the + // code below won't overflow stacks or anything crazy. + struct VeryBig { + int array[16 * 1024 * 1024]; + }; + + Vector vbvec0; + MOZ_RELEASE_ASSERT(vbvec0.length() == 0); + MOZ_RELEASE_ASSERT(vbvec0.begin() != nullptr); + + Vector vbvec1; + MOZ_RELEASE_ASSERT(vbvec1.length() == 0); + MOZ_RELEASE_ASSERT(vbvec1.begin() != nullptr); + + Vector vbvec64; + MOZ_RELEASE_ASSERT(vbvec64.length() == 0); + MOZ_RELEASE_ASSERT(vbvec64.begin() != nullptr); +} + int main() { VectorTesting::testReserved(); VectorTesting::testConstRange(); @@ -516,4 +577,5 @@ int main() { VectorTesting::testReplaceRawBuffer(); VectorTesting::testInsert(); VectorTesting::testPodResizeToFit(); + TestVectorBeginNonNull(); } From 5756f575b901b7e30428c0c9db91dd2edd05ffbc Mon Sep 17 00:00:00 2001 From: Andrew Osmond Date: Tue, 12 Mar 2019 15:08:01 -0400 Subject: [PATCH 02/16] Bug 1534749 - Handle shutdown races between the compositor thread and IPDL object setup. r=rhunt When the compositor thread has begun shutdown, it will spin the event loop for the main thread until the last CompositorThreadHolder reference has been released. While spinning, new IPDL objects may be attempted to be created which depend on the compositor thread; we should check to ensure the compositor thread is still around before proceeding with creation. These objects include CompositorManagerParent, ImageBridgeParent, and VRManagerParent. Additionally there is a very similar bug between the vsync thread and VsyncBridgeChild. Differential Revision: https://phabricator.services.mozilla.com/D23308 --- gfx/ipc/GPUProcessManager.cpp | 4 ++-- gfx/ipc/VsyncBridgeChild.cpp | 12 +++++------- gfx/ipc/VsyncBridgeChild.h | 1 - gfx/ipc/VsyncIOThreadHolder.h | 8 ++++++++ gfx/layers/ipc/CompositorManagerParent.cpp | 7 ++++++- gfx/layers/ipc/CompositorManagerParent.h | 2 +- gfx/layers/ipc/ImageBridgeParent.cpp | 7 +++++++ gfx/vr/ipc/VRManagerParent.cpp | 3 +++ 8 files changed, 32 insertions(+), 12 deletions(-) diff --git a/gfx/ipc/GPUProcessManager.cpp b/gfx/ipc/GPUProcessManager.cpp index c8fecf0570f2..2c81abb46215 100644 --- a/gfx/ipc/GPUProcessManager.cpp +++ b/gfx/ipc/GPUProcessManager.cpp @@ -804,8 +804,8 @@ bool GPUProcessManager::CreateContentCompositorManager( if (mGPUChild) { mGPUChild->SendNewContentCompositorManager(std::move(parentPipe)); - } else { - CompositorManagerParent::Create(std::move(parentPipe)); + } else if (!CompositorManagerParent::Create(std::move(parentPipe))) { + return false; } *aOutEndpoint = std::move(childPipe); diff --git a/gfx/ipc/VsyncBridgeChild.cpp b/gfx/ipc/VsyncBridgeChild.cpp index 40b1b17e6c55..31f2a49aa922 100644 --- a/gfx/ipc/VsyncBridgeChild.cpp +++ b/gfx/ipc/VsyncBridgeChild.cpp @@ -12,7 +12,7 @@ namespace gfx { VsyncBridgeChild::VsyncBridgeChild(RefPtr aThread, const uint64_t& aProcessToken) - : mThread(aThread), mLoop(nullptr), mProcessToken(aProcessToken) {} + : mThread(aThread), mProcessToken(aProcessToken) {} VsyncBridgeChild::~VsyncBridgeChild() {} @@ -39,8 +39,6 @@ void VsyncBridgeChild::Open(Endpoint&& aEndpoint) { return; } - mLoop = MessageLoop::current(); - // Last reference is freed in DeallocPVsyncBridgeChild. AddRef(); } @@ -66,7 +64,7 @@ class NotifyVsyncTask : public Runnable { }; bool VsyncBridgeChild::IsOnVsyncIOThread() const { - return MessageLoop::current() == mLoop; + return mThread->IsOnCurrentThread(); } void VsyncBridgeChild::NotifyVsync(const VsyncEvent& aVsync, @@ -75,7 +73,7 @@ void VsyncBridgeChild::NotifyVsync(const VsyncEvent& aVsync, MOZ_ASSERT(!IsOnVsyncIOThread()); RefPtr task = new NotifyVsyncTask(this, aVsync, aLayersId); - mLoop->PostTask(task.forget()); + mThread->Dispatch(task.forget()); } void VsyncBridgeChild::NotifyVsyncImpl(const VsyncEvent& aVsync, @@ -91,8 +89,8 @@ void VsyncBridgeChild::NotifyVsyncImpl(const VsyncEvent& aVsync, void VsyncBridgeChild::Close() { if (!IsOnVsyncIOThread()) { - mLoop->PostTask(NewRunnableMethod("gfx::VsyncBridgeChild::Close", this, - &VsyncBridgeChild::Close)); + mThread->Dispatch(NewRunnableMethod("gfx::VsyncBridgeChild::Close", this, + &VsyncBridgeChild::Close)); return; } diff --git a/gfx/ipc/VsyncBridgeChild.h b/gfx/ipc/VsyncBridgeChild.h index d49c557c91b6..9e25a45db496 100644 --- a/gfx/ipc/VsyncBridgeChild.h +++ b/gfx/ipc/VsyncBridgeChild.h @@ -47,7 +47,6 @@ class VsyncBridgeChild final : public PVsyncBridgeChild { private: RefPtr mThread; - MessageLoop* mLoop; uint64_t mProcessToken; }; diff --git a/gfx/ipc/VsyncIOThreadHolder.h b/gfx/ipc/VsyncIOThreadHolder.h index ac305c7898c3..b5ea0c2c1fa5 100644 --- a/gfx/ipc/VsyncIOThreadHolder.h +++ b/gfx/ipc/VsyncIOThreadHolder.h @@ -23,6 +23,14 @@ class VsyncIOThreadHolder final { RefPtr GetThread() const; + bool IsOnCurrentThread() const { + return mThread->IsOnCurrentThread(); + } + + void Dispatch(already_AddRefed task) { + mThread->Dispatch(std::move(task), NS_DISPATCH_NORMAL); + } + private: ~VsyncIOThreadHolder(); diff --git a/gfx/layers/ipc/CompositorManagerParent.cpp b/gfx/layers/ipc/CompositorManagerParent.cpp index bb42a0350b08..5b954b4b6038 100644 --- a/gfx/layers/ipc/CompositorManagerParent.cpp +++ b/gfx/layers/ipc/CompositorManagerParent.cpp @@ -49,7 +49,7 @@ CompositorManagerParent::CreateSameProcess() { } /* static */ -void CompositorManagerParent::Create( +bool CompositorManagerParent::Create( Endpoint&& aEndpoint) { MOZ_ASSERT(NS_IsMainThread()); @@ -57,6 +57,10 @@ void CompositorManagerParent::Create( // (or UI process if it subsumbed the GPU process). MOZ_ASSERT(aEndpoint.OtherPid() != base::GetCurrentProcId()); + if (!CompositorThreadHolder::IsActive()) { + return false; + } + RefPtr bridge = new CompositorManagerParent(); RefPtr runnable = @@ -64,6 +68,7 @@ void CompositorManagerParent::Create( "CompositorManagerParent::Bind", bridge, &CompositorManagerParent::Bind, std::move(aEndpoint)); CompositorThreadHolder::Loop()->PostTask(runnable.forget()); + return true; } /* static */ diff --git a/gfx/layers/ipc/CompositorManagerParent.h b/gfx/layers/ipc/CompositorManagerParent.h index e18dc095a6ba..e925e8c918f7 100644 --- a/gfx/layers/ipc/CompositorManagerParent.h +++ b/gfx/layers/ipc/CompositorManagerParent.h @@ -30,7 +30,7 @@ class CompositorManagerParent final : public PCompositorManagerParent { public: static already_AddRefed CreateSameProcess(); - static void Create(Endpoint&& aEndpoint); + static bool Create(Endpoint&& aEndpoint); static void Shutdown(); static already_AddRefed diff --git a/gfx/layers/ipc/ImageBridgeParent.cpp b/gfx/layers/ipc/ImageBridgeParent.cpp index 5a360ed34f12..888fa9110192 100644 --- a/gfx/layers/ipc/ImageBridgeParent.cpp +++ b/gfx/layers/ipc/ImageBridgeParent.cpp @@ -91,6 +91,10 @@ bool ImageBridgeParent::CreateForGPUProcess( MOZ_ASSERT(XRE_GetProcessType() == GeckoProcessType_GPU); MessageLoop* loop = CompositorThreadHolder::Loop(); + if (!loop) { + return false; + } + RefPtr parent = new ImageBridgeParent(loop, aEndpoint.OtherPid()); @@ -211,6 +215,9 @@ mozilla::ipc::IPCResult ImageBridgeParent::RecvUpdate( bool ImageBridgeParent::CreateForContent( Endpoint&& aEndpoint) { MessageLoop* loop = CompositorThreadHolder::Loop(); + if (!loop) { + return false; + } RefPtr bridge = new ImageBridgeParent(loop, aEndpoint.OtherPid()); diff --git a/gfx/vr/ipc/VRManagerParent.cpp b/gfx/vr/ipc/VRManagerParent.cpp index b6a51825d372..81d594ba052f 100644 --- a/gfx/vr/ipc/VRManagerParent.cpp +++ b/gfx/vr/ipc/VRManagerParent.cpp @@ -74,6 +74,9 @@ void VRManagerParent::UnregisterFromManager() { /* static */ bool VRManagerParent::CreateForContent(Endpoint&& aEndpoint) { MessageLoop* loop = CompositorThreadHolder::Loop(); + if (!loop) { + return false; + } RefPtr vmp = new VRManagerParent(aEndpoint.OtherPid(), true); loop->PostTask(NewRunnableMethod&&>( From 8df45846694da49a4920f9d9c9a43e5ee2db6373 Mon Sep 17 00:00:00 2001 From: longsonr Date: Tue, 26 Mar 2019 18:51:21 +0000 Subject: [PATCH 03/16] Bug 1518666 Part 3 - Avoid instantiating an SVGViewBox pointer r=dholbert --- layout/base/nsLayoutUtils.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/layout/base/nsLayoutUtils.cpp b/layout/base/nsLayoutUtils.cpp index 7a3a93866c1c..7faead7ad573 100644 --- a/layout/base/nsLayoutUtils.cpp +++ b/layout/base/nsLayoutUtils.cpp @@ -9595,8 +9595,7 @@ static nsRect ComputeSVGReferenceRect(nsIFrame* aFrame, // system established by the `viewBox` attribute. // 2. The dimension of the reference box is set to the width and height // values of the `viewBox` attribute. - SVGViewBox* viewBox = svgElement->GetViewBox(); - const SVGViewBoxRect& value = viewBox->GetAnimValue(); + const SVGViewBoxRect& value = svgElement->GetViewBox()->GetAnimValue(); r = nsRect(nsPresContext::CSSPixelsToAppUnits(value.x), nsPresContext::CSSPixelsToAppUnits(value.y), nsPresContext::CSSPixelsToAppUnits(value.width), From 3b325c4a5f2b40d5355af870801655ae687cf068 Mon Sep 17 00:00:00 2001 From: longsonr Date: Tue, 26 Mar 2019 18:51:23 +0000 Subject: [PATCH 04/16] Bug 1518666 Part 4 - remove some unnecessary typedefs r=dholbert --- dom/svg/SVGElement.h | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/dom/svg/SVGElement.h b/dom/svg/SVGElement.h index feb8f658d42d..f010071777d4 100644 --- a/dom/svg/SVGElement.h +++ b/dom/svg/SVGElement.h @@ -77,19 +77,6 @@ class SVGElement : public SVGElementBase // nsIContent virtual nsresult Clone(mozilla::dom::NodeInfo*, nsINode** aResult) const MOZ_MUST_OVERRIDE override; - typedef mozilla::SVGEnum SVGEnum; - typedef mozilla::SVGEnumMapping SVGEnumMapping; - typedef mozilla::SVGNumberList SVGNumberList; - typedef mozilla::SVGAnimatedNumberList SVGAnimatedNumberList; - typedef mozilla::SVGUserUnitList SVGUserUnitList; - typedef mozilla::SVGAnimatedLengthList SVGAnimatedLengthList; - typedef mozilla::SVGAnimatedPointList SVGAnimatedPointList; - typedef mozilla::SVGAnimatedPathSegList SVGAnimatedPathSegList; - typedef mozilla::SVGAnimatedPreserveAspectRatio - SVGAnimatedPreserveAspectRatio; - typedef mozilla::SVGAnimatedTransformList SVGAnimatedTransformList; - typedef mozilla::SVGStringList SVGStringList; - // nsISupports NS_INLINE_DECL_REFCOUNTING_INHERITED(SVGElement, SVGElementBase) From e9be032791ff3dd00030cf38588bb3d4dc4e2267 Mon Sep 17 00:00:00 2001 From: longsonr Date: Tue, 26 Mar 2019 18:51:25 +0000 Subject: [PATCH 05/16] Bug 1518666 Part 5 - SVGAnimatedPathSegList does not need to be exported r=dholbert --- dom/svg/SVGTextPathElement.h | 2 +- dom/svg/moz.build | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/dom/svg/SVGTextPathElement.h b/dom/svg/SVGTextPathElement.h index dcf27d0b82e4..27a2c2a0692e 100644 --- a/dom/svg/SVGTextPathElement.h +++ b/dom/svg/SVGTextPathElement.h @@ -9,8 +9,8 @@ #include "SVGEnum.h" #include "nsSVGLength2.h" +#include "SVGAnimatedPathSegList.h" #include "SVGString.h" -#include "mozilla/dom/SVGAnimatedPathSegList.h" #include "mozilla/dom/SVGTextContentElement.h" class nsAtom; diff --git a/dom/svg/moz.build b/dom/svg/moz.build index f3d7715f9505..9f30bafd2e7a 100644 --- a/dom/svg/moz.build +++ b/dom/svg/moz.build @@ -19,7 +19,6 @@ EXPORTS.mozilla += [ EXPORTS.mozilla.dom += [ 'SVGAElement.h', - 'SVGAnimatedPathSegList.h', 'SVGAnimatedRect.h', 'SVGAnimateElement.h', 'SVGAnimateMotionElement.h', From 6688db77dddd472ad88aff0cc8ed9292f34fdc1f Mon Sep 17 00:00:00 2001 From: Brian Hackett Date: Fri, 22 Mar 2019 17:32:25 -0600 Subject: [PATCH 06/16] Bug 1537589 - Don't leave deformed breakpoints in reducer state, r=loganfsmyth. Differential Revision: https://phabricator.services.mozilla.com/D24582 --HG-- extra : rebase_source : fab54476c015164cbb9ce4f7f602c08b48cc9aa7 extra : histedit_source : 53d550808251969119ec0f8f373e72cb04a8a89e --- .../debugger/new/src/actions/breakpoints/addBreakpoint.js | 7 ------- 1 file changed, 7 deletions(-) diff --git a/devtools/client/debugger/new/src/actions/breakpoints/addBreakpoint.js b/devtools/client/debugger/new/src/actions/breakpoints/addBreakpoint.js index fd7c531fc0bb..49fc36189493 100644 --- a/devtools/client/debugger/new/src/actions/breakpoints/addBreakpoint.js +++ b/devtools/client/debugger/new/src/actions/breakpoints/addBreakpoint.js @@ -5,7 +5,6 @@ // @flow import { setBreakpointPositions } from "./breakpointPositions"; import { - breakpointExists, assertBreakpoint, createBreakpoint, getASTLocation, @@ -36,12 +35,6 @@ async function addBreakpointPromise(getState, client, sourceMaps, breakpoint) { const source = getSourceFromId(state, location.sourceId); const generatedSource = getSourceFromId(state, generatedLocation.sourceId); - if (breakpointExists(state, location)) { - const newBreakpoint = { ...breakpoint, location, generatedLocation }; - assertBreakpoint(newBreakpoint); - return newBreakpoint; - } - const breakpointLocation = makeBreakpointLocation( getState(), generatedLocation From f2df0d13fb68d66d415f98d7183d7a2b398109d6 Mon Sep 17 00:00:00 2001 From: Brian Hackett Date: Mon, 25 Mar 2019 09:45:14 -0600 Subject: [PATCH 07/16] Bug 1538739 - Remove breakpoint loading flag, r=jlast. Differential Revision: https://phabricator.services.mozilla.com/D24723 --HG-- extra : rebase_source : 64bbca016c44834c2926ce75b1eee5dfe487cd6a extra : histedit_source : 664b3b8ace44522ea93685355ff4a87369595037 --- .../src/actions/breakpoints/addBreakpoint.js | 5 ----- .../new/src/actions/breakpoints/index.js | 18 +----------------- .../__snapshots__/breakpoints.spec.js.snap | 3 --- .../src/actions/tests/helpers/breakpoints.js | 1 - .../new/src/components/Editor/Breakpoint.js | 8 +++----- .../new/src/components/SecondaryPanes/index.js | 8 ++------ .../debugger/new/src/reducers/breakpoints.js | 6 ------ .../new/src/selectors/breakpointSources.js | 1 - .../visibleColumnBreakpoints.spec.js.snap | 3 --- devtools/client/debugger/new/src/types.js | 2 -- .../debugger/new/src/utils/breakpoint/index.js | 1 - .../debugger/new/src/utils/test-mockup.js | 1 - 12 files changed, 6 insertions(+), 51 deletions(-) diff --git a/devtools/client/debugger/new/src/actions/breakpoints/addBreakpoint.js b/devtools/client/debugger/new/src/actions/breakpoints/addBreakpoint.js index 49fc36189493..ab232f99f8ff 100644 --- a/devtools/client/debugger/new/src/actions/breakpoints/addBreakpoint.js +++ b/devtools/client/debugger/new/src/actions/breakpoints/addBreakpoint.js @@ -50,7 +50,6 @@ async function addBreakpointPromise(getState, client, sourceMaps, breakpoint) { const newBreakpoint = { id: makeBreakpointId(generatedLocation), disabled: false, - loading: false, options: breakpoint.options, location, astLocation, @@ -72,10 +71,6 @@ export function addHiddenBreakpoint(location: SourceLocation) { export function enableBreakpoint(breakpoint: Breakpoint) { return async ({ dispatch, getState, client, sourceMaps }: ThunkArgs) => { - if (breakpoint.loading) { - return; - } - // To instantly reflect in the UI, we optimistically enable the breakpoint const enabledBreakpoint = { ...breakpoint, disabled: false }; diff --git a/devtools/client/debugger/new/src/actions/breakpoints/index.js b/devtools/client/debugger/new/src/actions/breakpoints/index.js index 61f7c578fd9e..1278dd731830 100644 --- a/devtools/client/debugger/new/src/actions/breakpoints/index.js +++ b/devtools/client/debugger/new/src/actions/breakpoints/index.js @@ -66,10 +66,6 @@ async function removeBreakpointsPromise(client, state, breakpoint) { */ export function removeBreakpoint(breakpoint: Breakpoint) { return ({ dispatch, getState, client }: ThunkArgs) => { - if (breakpoint.loading) { - return; - } - recordEvent("remove_breakpoint"); // If the breakpoint is already disabled, we don't need to communicate @@ -98,10 +94,6 @@ export function removeBreakpoint(breakpoint: Breakpoint) { */ export function disableBreakpoint(breakpoint: Breakpoint) { return async ({ dispatch, getState, client }: ThunkArgs) => { - if (breakpoint.loading) { - return; - } - await removeBreakpointsPromise(client, getState(), breakpoint); const newBreakpoint: Breakpoint = { ...breakpoint, disabled: true }; @@ -300,10 +292,6 @@ export function setBreakpointOptions( return dispatch(addBreakpoint(location, options)); } - if (bp.loading) { - return; - } - if (bp.disabled) { await dispatch(enableBreakpoint(bp)); } @@ -339,7 +327,7 @@ export function toggleBreakpointAtLine(line: number) { const bp = getBreakpointAtLocation(state, { line, column: undefined }); const isEmptyLine = isEmptyLineInSource(state, line, selectedSource.id); - if ((!bp && isEmptyLine) || (bp && bp.loading)) { + if (!bp && isEmptyLine) { return; } @@ -415,10 +403,6 @@ export function enableBreakpointsAtLine(sourceId: string, line: number) { export function toggleDisabledBreakpoint(breakpoint: Breakpoint) { return ({ dispatch, getState, client, sourceMaps }: ThunkArgs) => { - if (breakpoint.loading) { - return; - } - if (!breakpoint.disabled) { return dispatch(disableBreakpoint(breakpoint)); } diff --git a/devtools/client/debugger/new/src/actions/breakpoints/tests/__snapshots__/breakpoints.spec.js.snap b/devtools/client/debugger/new/src/actions/breakpoints/tests/__snapshots__/breakpoints.spec.js.snap index 5278883bbabf..1d26bc30390b 100644 --- a/devtools/client/debugger/new/src/actions/breakpoints/tests/__snapshots__/breakpoints.spec.js.snap +++ b/devtools/client/debugger/new/src/actions/breakpoints/tests/__snapshots__/breakpoints.spec.js.snap @@ -23,7 +23,6 @@ Array [ "sourceUrl": "http://localhost:8000/examples/a", }, "id": "a:2:1", - "loading": false, "location": Object { "column": 1, "line": 2, @@ -81,7 +80,6 @@ Object { "sourceUrl": "http://localhost:8000/examples/a.js", }, "id": "a.js:1:", - "loading": false, "location": Object { "column": 0, "line": 1, @@ -121,7 +119,6 @@ Array [ "sourceUrl": "http://localhost:8000/examples/a", }, "id": "a:5:1", - "loading": false, "location": Object { "column": 1, "line": 5, diff --git a/devtools/client/debugger/new/src/actions/tests/helpers/breakpoints.js b/devtools/client/debugger/new/src/actions/tests/helpers/breakpoints.js index e287a374218f..b5def1308987 100644 --- a/devtools/client/debugger/new/src/actions/tests/helpers/breakpoints.js +++ b/devtools/client/debugger/new/src/actions/tests/helpers/breakpoints.js @@ -40,7 +40,6 @@ export function generateBreakpoint( ) { return { id: "breakpoint", - loading: false, originalText: "", text: "", location: { diff --git a/devtools/client/debugger/new/src/components/Editor/Breakpoint.js b/devtools/client/debugger/new/src/components/Editor/Breakpoint.js index e2387604a437..0a65a44bf435 100644 --- a/devtools/client/debugger/new/src/components/Editor/Breakpoint.js +++ b/devtools/client/debugger/new/src/components/Editor/Breakpoint.js @@ -40,8 +40,8 @@ class Breakpoint extends PureComponent { } componentWillUnmount() { - const { breakpoint, selectedSource } = this.props; - if (!selectedSource || breakpoint.loading) { + const { selectedSource } = this.props; + if (!selectedSource) { return; } @@ -128,9 +128,7 @@ class Breakpoint extends PureComponent { return; } - // NOTE: we need to wait for the breakpoint to be loaded - // to get the generated location - if (!selectedSource || breakpoint.loading) { + if (!selectedSource) { return; } diff --git a/devtools/client/debugger/new/src/components/SecondaryPanes/index.js b/devtools/client/debugger/new/src/components/SecondaryPanes/index.js index 772e77796b75..fd979b081952 100644 --- a/devtools/client/debugger/new/src/components/SecondaryPanes/index.js +++ b/devtools/client/debugger/new/src/components/SecondaryPanes/index.js @@ -14,7 +14,6 @@ import { getTopFrame, getBreakpointsList, getBreakpointsDisabled, - getBreakpointsLoading, getExpressions, getIsWaitingOnBreak, getMapScopes, @@ -79,7 +78,6 @@ type Props = { breakpoints: Object, selectedFrame: ?Frame, breakpointsDisabled: boolean, - breakpointsLoading: boolean, isWaitingOnBreak: boolean, shouldMapScopes: boolean, shouldPauseOnExceptions: boolean, @@ -118,8 +116,7 @@ class SecondaryPanes extends Component { const { toggleAllBreakpoints, breakpoints, - breakpointsDisabled, - breakpointsLoading + breakpointsDisabled } = this.props; const isIndeterminate = !breakpointsDisabled && breakpoints.some(x => x.disabled); @@ -134,7 +131,7 @@ class SecondaryPanes extends Component { ? L10N.getStr("breakpoints.enable") : L10N.getStr("breakpoints.disable"), className: "breakpoints-toggle", - disabled: breakpointsLoading, + disabled: false, key: "breakpoints-toggle", onChange: e => { e.stopPropagation(); @@ -469,7 +466,6 @@ const mapStateToProps = state => { hasFrames: !!getTopFrame(state, thread), breakpoints: getBreakpointsList(state), breakpointsDisabled: getBreakpointsDisabled(state), - breakpointsLoading: getBreakpointsLoading(state), isWaitingOnBreak: getIsWaitingOnBreak(state, thread), selectedFrame: getSelectedFrame(state, thread), shouldMapScopes: getMapScopes(state), diff --git a/devtools/client/debugger/new/src/reducers/breakpoints.js b/devtools/client/debugger/new/src/reducers/breakpoints.js index f3444df856b2..2b7b7b977ca7 100644 --- a/devtools/client/debugger/new/src/reducers/breakpoints.js +++ b/devtools/client/debugger/new/src/reducers/breakpoints.js @@ -317,12 +317,6 @@ export function getBreakpointsDisabled(state: OuterState): boolean { return breakpoints.every(breakpoint => breakpoint.disabled); } -export function getBreakpointsLoading(state: OuterState): boolean { - const breakpoints = getBreakpointsList(state); - const isLoading = breakpoints.some(breakpoint => breakpoint.loading); - return breakpoints.length > 0 && isLoading; -} - export function getBreakpointsForSource( state: OuterState, sourceId: string, diff --git a/devtools/client/debugger/new/src/selectors/breakpointSources.js b/devtools/client/debugger/new/src/selectors/breakpointSources.js index 227ce881eb42..e330847a6c12 100644 --- a/devtools/client/debugger/new/src/selectors/breakpointSources.js +++ b/devtools/client/debugger/new/src/selectors/breakpointSources.js @@ -32,7 +32,6 @@ function getBreakpointsForSource( .filter( bp => !bp.options.hidden && - !bp.loading && (bp.text || bp.originalText || bp.options.condition || bp.disabled) ) .filter( diff --git a/devtools/client/debugger/new/src/selectors/test/__snapshots__/visibleColumnBreakpoints.spec.js.snap b/devtools/client/debugger/new/src/selectors/test/__snapshots__/visibleColumnBreakpoints.spec.js.snap index 630b00c062c4..cba1b53a0ed2 100644 --- a/devtools/client/debugger/new/src/selectors/test/__snapshots__/visibleColumnBreakpoints.spec.js.snap +++ b/devtools/client/debugger/new/src/selectors/test/__snapshots__/visibleColumnBreakpoints.spec.js.snap @@ -12,7 +12,6 @@ Array [ "sourceId": "foo", }, "id": "breakpoint", - "loading": false, "location": Object { "column": 1, "line": 1, @@ -51,7 +50,6 @@ Array [ "sourceId": "foo", }, "id": "breakpoint", - "loading": false, "location": Object { "column": 1, "line": 1, @@ -90,7 +88,6 @@ Array [ "sourceId": "foo", }, "id": "breakpoint", - "loading": false, "location": Object { "column": 1, "line": 1, diff --git a/devtools/client/debugger/new/src/types.js b/devtools/client/debugger/new/src/types.js index bc0f249f61ba..82888604db99 100644 --- a/devtools/client/debugger/new/src/types.js +++ b/devtools/client/debugger/new/src/types.js @@ -118,7 +118,6 @@ export type Breakpoint = {| +location: SourceLocation, +astLocation: ?ASTLocation, +generatedLocation: SourceLocation, - +loading: boolean, +disabled: boolean, +text: string, +originalText: string, @@ -174,7 +173,6 @@ export type PendingBreakpoint = { +location: PendingLocation, +astLocation: ASTLocation, +generatedLocation: PendingLocation, - +loading: boolean, +disabled: boolean, +text: string, +options: BreakpointOptions diff --git a/devtools/client/debugger/new/src/utils/breakpoint/index.js b/devtools/client/debugger/new/src/utils/breakpoint/index.js index 128b7fa1bae4..81f4a0586876 100644 --- a/devtools/client/debugger/new/src/utils/breakpoint/index.js +++ b/devtools/client/debugger/new/src/utils/breakpoint/index.js @@ -176,7 +176,6 @@ export function createBreakpoint( hidden: options.hidden || false }, disabled: disabled || false, - loading: false, astLocation: astLocation || defaultASTLocation, text, originalText diff --git a/devtools/client/debugger/new/src/utils/test-mockup.js b/devtools/client/debugger/new/src/utils/test-mockup.js index 6bd5561704e7..cb495249ea2f 100644 --- a/devtools/client/debugger/new/src/utils/test-mockup.js +++ b/devtools/client/debugger/new/src/utils/test-mockup.js @@ -102,7 +102,6 @@ function makeMockBreakpoint( location, astLocation: null, generatedLocation: location, - loading: false, disabled: false, text: "text", originalText: "text", From c4004ef40ce0adf52c24a45776870d8d10396cb8 Mon Sep 17 00:00:00 2001 From: Richard Pospesel Date: Mon, 12 Nov 2018 16:00:00 +0200 Subject: [PATCH 08/16] Bug 1506693 - PDFJS range-based requests violate FPI. r=bdahl --- .../extensions/pdfjs/content/PdfStreamConverter.jsm | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm index 5bc482e0e34a..6b9223b96d82 100644 --- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm +++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm @@ -220,6 +220,15 @@ class ChromeActions { return PrivateBrowsingUtils.isContentWindowPrivate(this.domWindow); } + getWindowOriginAttributes() + { + try { + return this.domWindow.document.nodePrincipal.originAttributes; + } catch(err) { + return {}; + } + } + download(data, sendResponse) { var self = this; var originalUrl = data.originalUrl; @@ -579,6 +588,9 @@ class RangedChromeActions extends ChromeActions { var xhr_onreadystatechange = function xhr_onreadystatechange() { if (this.readyState === 1) { // LOADING var netChannel = this.channel; + // override this XMLHttpRequest's OriginAttributes with our cached parent window's + // OriginAttributes, as we are currently running under the SystemPrincipal + this.setOriginAttributes(self.getWindowOriginAttributes()); if ("nsIPrivateBrowsingChannel" in Ci && netChannel instanceof Ci.nsIPrivateBrowsingChannel) { var docIsPrivate = self.isInPrivateBrowsing(); From 3b306926a8acbcd0ff3a9642c59887965f8f262c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bargull?= Date: Tue, 26 Mar 2019 12:27:54 -0700 Subject: [PATCH 09/16] Bug 1526394: Treat self-hosted functions the same as non-interpreted functions in Debugger code. r=jorendorff --- .../markup/test/browser_markup_events_04.js | 2 +- .../debug/Environment-selfhosted-builtins.js | 15 +++++++++++++++ .../tests/debug/Script-selfhosted-builtins.js | 15 +++++++++++++++ js/src/vm/Debugger.cpp | 16 ++++++++++------ 4 files changed, 41 insertions(+), 7 deletions(-) create mode 100644 js/src/jit-test/tests/debug/Environment-selfhosted-builtins.js create mode 100644 js/src/jit-test/tests/debug/Script-selfhosted-builtins.js diff --git a/devtools/client/inspector/markup/test/browser_markup_events_04.js b/devtools/client/inspector/markup/test/browser_markup_events_04.js index 78c7ae8592f0..4956424058bb 100644 --- a/devtools/client/inspector/markup/test/browser_markup_events_04.js +++ b/devtools/client/inspector/markup/test/browser_markup_events_04.js @@ -125,7 +125,7 @@ const TEST_DATA = [ // eslint-disable-line "Bubbling", "DOM2", ], - handler: "function sort(arr, comparefn) {\n" + + handler: "function sort(, ) {\n" + " [native code]\n" + "}", }, diff --git a/js/src/jit-test/tests/debug/Environment-selfhosted-builtins.js b/js/src/jit-test/tests/debug/Environment-selfhosted-builtins.js new file mode 100644 index 000000000000..1026a486f401 --- /dev/null +++ b/js/src/jit-test/tests/debug/Environment-selfhosted-builtins.js @@ -0,0 +1,15 @@ +// The environment of self-hosted builtins is not exposed to the debugger and +// instead is reported as |undefined| just like native builtins. + +let g = newGlobal({newCompartment: true}); + +let dbg = new Debugger(); +let gw = dbg.addDebuggee(g); + +// Array is a known native builtin function. +let nativeBuiltin = gw.makeDebuggeeValue(g.Array); +assertEq(nativeBuiltin.environment, undefined); + +// Array.prototype[@@iterator] is a known self-hosted builtin function. +let selfhostedBuiltin = gw.makeDebuggeeValue(g.Array.prototype[Symbol.iterator]); +assertEq(selfhostedBuiltin.environment, undefined); diff --git a/js/src/jit-test/tests/debug/Script-selfhosted-builtins.js b/js/src/jit-test/tests/debug/Script-selfhosted-builtins.js new file mode 100644 index 000000000000..ff981f5400be --- /dev/null +++ b/js/src/jit-test/tests/debug/Script-selfhosted-builtins.js @@ -0,0 +1,15 @@ +// The script of self-hosted builtins is not exposed to the debugger and +// instead is reported as |undefined| just like native builtins. + +let g = newGlobal({newCompartment: true}); + +let dbg = new Debugger(); +let gw = dbg.addDebuggee(g); + +// Array is a known native builtin function. +let nativeBuiltin = gw.makeDebuggeeValue(g.Array); +assertEq(nativeBuiltin.script, undefined); + +// Array.prototype[@@iterator] is a known self-hosted builtin function. +let selfhostedBuiltin = gw.makeDebuggeeValue(g.Array.prototype[Symbol.iterator]); +assertEq(selfhostedBuiltin.script, undefined); diff --git a/js/src/vm/Debugger.cpp b/js/src/vm/Debugger.cpp index 4568dbae4c29..d65e05388803 100644 --- a/js/src/vm/Debugger.cpp +++ b/js/src/vm/Debugger.cpp @@ -202,6 +202,10 @@ static const Class DebuggerSource_class = { /*** Utils ******************************************************************/ +static inline bool IsInterpretedNonSelfHostedFunction(JSFunction* fun) { + return fun->isInterpreted() && !fun->isSelfHostedBuiltin(); +} + static inline bool EnsureFunctionHasScript(JSContext* cx, HandleFunction fun) { if (fun->isInterpretedLazy()) { AutoRealm ar(cx, fun); @@ -212,7 +216,7 @@ static inline bool EnsureFunctionHasScript(JSContext* cx, HandleFunction fun) { static inline JSScript* GetOrCreateFunctionScript(JSContext* cx, HandleFunction fun) { - MOZ_ASSERT(fun->isInterpreted()); + MOZ_ASSERT(IsInterpretedNonSelfHostedFunction(fun)); if (!EnsureFunctionHasScript(cx, fun)) { return nullptr; } @@ -6332,8 +6336,8 @@ static bool DebuggerScript_getChildScripts(JSContext* cx, unsigned argc, for (const GCPtrObject& obj : script->objects()) { if (obj->is()) { fun = &obj->as(); - // The inner function could be a wasm native. - if (fun->isNative()) { + // The inner function could be an asm.js native. + if (!IsInterpretedNonSelfHostedFunction(fun)) { continue; } funScript = GetOrCreateFunctionScript(cx, fun); @@ -10318,7 +10322,7 @@ bool DebuggerObject::scriptGetter(JSContext* cx, unsigned argc, Value* vp) { } RootedFunction fun(cx, &obj->as()); - if (!fun->isInterpreted()) { + if (!IsInterpretedNonSelfHostedFunction(fun)) { args.rval().setUndefined(); return true; } @@ -10357,7 +10361,7 @@ bool DebuggerObject::environmentGetter(JSContext* cx, unsigned argc, } RootedFunction fun(cx, &obj->as()); - if (!fun->isInterpreted()) { + if (!IsInterpretedNonSelfHostedFunction(fun)) { args.rval().setUndefined(); return true; } @@ -11469,7 +11473,7 @@ bool DebuggerObject::getParameterNames(JSContext* cx, if (!result.growBy(referent->nargs())) { return false; } - if (referent->isInterpreted()) { + if (IsInterpretedNonSelfHostedFunction(referent)) { RootedScript script(cx, GetOrCreateFunctionScript(cx, referent)); if (!script) { return false; From 2823fecb3ac88f77b25fbb5f1384fc04d72a8da0 Mon Sep 17 00:00:00 2001 From: dOn'tReallycAre Date: Tue, 26 Mar 2019 13:24:00 +0200 Subject: [PATCH 10/16] Bug 1353767 - BufferList methods that can OOM should all be MOZ_MUST_USE. r=billm The Pickle methods can use MOZ_ALWAYS_TRUE because the BufferList is infallible, so the WriteBytes calls will never fail. --- ipc/chromium/src/base/pickle.cc | 8 ++++---- mfbt/BufferList.h | 4 ++-- mfbt/tests/TestBufferList.cpp | 22 +++++++++++----------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/ipc/chromium/src/base/pickle.cc b/ipc/chromium/src/base/pickle.cc index 999e9a78dad0..cc07ebaa9ae3 100644 --- a/ipc/chromium/src/base/pickle.cc +++ b/ipc/chromium/src/base/pickle.cc @@ -491,7 +491,7 @@ void Pickle::BeginWrite(uint32_t length, uint32_t alignment) { kBytePaddingMarker, kBytePaddingMarker, kBytePaddingMarker, kBytePaddingMarker, kBytePaddingMarker, }; - buffers_.WriteBytes(padding_data, padding); + MOZ_ALWAYS_TRUE(buffers_.WriteBytes(padding_data, padding)); } DCHECK((header_size_ + header_->payload_size + padding) % alignment == 0); @@ -511,7 +511,7 @@ void Pickle::EndWrite(uint32_t length) { kBytePaddingMarker, kBytePaddingMarker, }; - buffers_.WriteBytes(padding_data, padding); + MOZ_ALWAYS_TRUE(buffers_.WriteBytes(padding_data, padding)); } } @@ -627,7 +627,7 @@ bool Pickle::WriteBytes(const void* data, uint32_t data_len, BeginWrite(data_len, alignment); - buffers_.WriteBytes(reinterpret_cast(data), data_len); + MOZ_ALWAYS_TRUE(buffers_.WriteBytes(reinterpret_cast(data), data_len)); EndWrite(data_len); return true; @@ -667,7 +667,7 @@ bool Pickle::WriteData(const char* data, uint32_t length) { } void Pickle::InputBytes(const char* data, uint32_t length) { - buffers_.WriteBytes(data, length); + MOZ_ALWAYS_TRUE(buffers_.WriteBytes(data, length)); } int32_t* Pickle::GetInt32PtrForTest(uint32_t offset) { diff --git a/mfbt/BufferList.h b/mfbt/BufferList.h index 377cf84d5091..99e6ead4aea4 100644 --- a/mfbt/BufferList.h +++ b/mfbt/BufferList.h @@ -307,7 +307,7 @@ class BufferList : private AllocPolicy { // Copies aSize bytes from aData into the BufferList. The storage for these // bytes may be split across multiple buffers. Size() is increased by aSize. - inline bool WriteBytes(const char* aData, size_t aSize); + inline MOZ_MUST_USE bool WriteBytes(const char* aData, size_t aSize); // Allocates a buffer of at most |aMaxBytes| bytes and, if successful, returns // that buffer, and places its size in |aSize|. If unsuccessful, returns null @@ -399,7 +399,7 @@ class BufferList : private AllocPolicy { }; template -bool BufferList::WriteBytes(const char* aData, size_t aSize) { +MOZ_MUST_USE bool BufferList::WriteBytes(const char* aData, size_t aSize) { MOZ_RELEASE_ASSERT(mOwning); MOZ_RELEASE_ASSERT(mStandardCapacity); diff --git a/mfbt/tests/TestBufferList.cpp b/mfbt/tests/TestBufferList.cpp index 823bd06b318b..566bad20ac42 100644 --- a/mfbt/tests/TestBufferList.cpp +++ b/mfbt/tests/TestBufferList.cpp @@ -80,7 +80,7 @@ int main(void) { char toWrite[kSmallWrite]; memset(toWrite, 0x0a, kSmallWrite); - bl.WriteBytes(toWrite, kSmallWrite); + MOZ_ALWAYS_TRUE(bl.WriteBytes(toWrite, kSmallWrite)); MOZ_RELEASE_ASSERT(bl.Size() == kInitialSize + kSmallWrite); @@ -140,7 +140,7 @@ int main(void) { for (unsigned i = 0; i < kBigWrite; i++) { toWriteBig[i] = i % 37; } - bl.WriteBytes(toWriteBig, kBigWrite); + MOZ_ALWAYS_TRUE(bl.WriteBytes(toWriteBig, kBigWrite)); char* toReadBig = static_cast(malloc(kBigWrite)); iter = bl.Iter(); @@ -189,9 +189,9 @@ int main(void) { const size_t kSmallCapacity = 8; BufferList bl2(0, kSmallCapacity, kSmallCapacity); - bl2.WriteBytes(toWrite, kSmallWrite); - bl2.WriteBytes(toWrite, kSmallWrite); - bl2.WriteBytes(toWrite, kSmallWrite); + MOZ_ALWAYS_TRUE(bl2.WriteBytes(toWrite, kSmallWrite)); + MOZ_ALWAYS_TRUE(bl2.WriteBytes(toWrite, kSmallWrite)); + MOZ_ALWAYS_TRUE(bl2.WriteBytes(toWrite, kSmallWrite)); bl = std::move(bl2); MOZ_RELEASE_ASSERT(bl2.Size() == 0); @@ -262,7 +262,7 @@ int main(void) { MOZ_RELEASE_ASSERT(iter.Done()); BufferList bl4(8, 8, 8); - bl4.WriteBytes("abcd1234", 8); + MOZ_ALWAYS_TRUE(bl4.WriteBytes("abcd1234", 8)); iter = bl4.Iter(); iter.Advance(bl4, 8); @@ -270,8 +270,8 @@ int main(void) { MOZ_RELEASE_ASSERT(!success); BufferList bl6(0, 0, 16); - bl6.WriteBytes("abcdefgh12345678", 16); - bl6.WriteBytes("ijklmnop87654321", 16); + MOZ_ALWAYS_TRUE(bl6.WriteBytes("abcdefgh12345678", 16)); + MOZ_ALWAYS_TRUE(bl6.WriteBytes("ijklmnop87654321", 16)); iter = bl6.Iter(); iter.Advance(bl6, 8); BufferList bl7 = bl6.Extract(iter, 16, &success); @@ -284,7 +284,7 @@ int main(void) { MOZ_RELEASE_ASSERT(memcmp(data, "12345678ijklmnop", 16) == 0); BufferList bl8(0, 0, 16); - bl8.WriteBytes("abcdefgh12345678", 16); + MOZ_ALWAYS_TRUE(bl8.WriteBytes("abcdefgh12345678", 16)); iter = bl8.Iter(); BufferList bl9 = bl8.Extract(iter, 8, &success); MOZ_RELEASE_ASSERT(success); @@ -292,8 +292,8 @@ int main(void) { MOZ_RELEASE_ASSERT(!iter.Done()); BufferList bl10(0, 0, 8); - bl10.WriteBytes("abcdefgh", 8); - bl10.WriteBytes("12345678", 8); + MOZ_ALWAYS_TRUE(bl10.WriteBytes("abcdefgh", 8)); + MOZ_ALWAYS_TRUE(bl10.WriteBytes("12345678", 8)); iter = bl10.Iter(); BufferList bl11 = bl10.Extract(iter, 16, &success); MOZ_RELEASE_ASSERT(success); From 0e82d62b374847fa3a24fdefd6f12cb6ffc699c1 Mon Sep 17 00:00:00 2001 From: Jan Varga Date: Tue, 26 Mar 2019 18:31:16 +0100 Subject: [PATCH 11/16] Bug 1533651 - Clear LocalStorage and SessionStorage in nsGlobalWindowInner::FreeInnerObjects; r=asuth Differential Revision: https://phabricator.services.mozilla.com/D24934 --- dom/base/nsGlobalWindowInner.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dom/base/nsGlobalWindowInner.cpp b/dom/base/nsGlobalWindowInner.cpp index d25a0ec10d47..6c1270cd9c58 100644 --- a/dom/base/nsGlobalWindowInner.cpp +++ b/dom/base/nsGlobalWindowInner.cpp @@ -1230,6 +1230,8 @@ void nsGlobalWindowInner::FreeInnerObjects() { mExternal = nullptr; mInstallTrigger = nullptr; + mLocalStorage = nullptr; + mSessionStorage = nullptr; mPerformance = nullptr; mSharedWorkers.Clear(); From 4f522073b28f56dcb1f5c1948c6306aed86ccbd6 Mon Sep 17 00:00:00 2001 From: Jan Varga Date: Tue, 26 Mar 2019 21:06:18 +0100 Subject: [PATCH 12/16] Bug 1534211 - Remove a static constructor; r=asuth Differential Revision: https://phabricator.services.mozilla.com/D24965 --- dom/quota/ActorsParent.cpp | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/dom/quota/ActorsParent.cpp b/dom/quota/ActorsParent.cpp index 7a6da665913b..4020f5a074ef 100644 --- a/dom/quota/ActorsParent.cpp +++ b/dom/quota/ActorsParent.cpp @@ -1375,7 +1375,7 @@ void ReportInternalError(const char* aFile, uint32_t aLine, const char* aStr) { namespace { -nsString gBaseDirPath; +StaticAutoPtr gBaseDirPath; #ifdef DEBUG bool gQuotaManagerInitialized = false; @@ -2499,6 +2499,9 @@ QuotaManager::Observer::Observe(nsISupports* aSubject, const char* aTopic, nsresult rv; if (!strcmp(aTopic, kProfileDoChangeTopic)) { + MOZ_ASSERT(!gBaseDirPath); + gBaseDirPath = new nsString(); + nsCOMPtr baseDir; rv = NS_GetSpecialDirectory(NS_APP_INDEXEDDB_PARENT_DIR, getter_AddRefs(baseDir)); @@ -2510,7 +2513,7 @@ QuotaManager::Observer::Observe(nsISupports* aSubject, const char* aTopic, return rv; } - rv = baseDir->GetPath(gBaseDirPath); + rv = baseDir->GetPath(*gBaseDirPath); if (NS_WARN_IF(NS_FAILED(rv))) { return rv; } @@ -2542,7 +2545,8 @@ QuotaManager::Observer::Observe(nsISupports* aSubject, const char* aTopic, MOZ_ALWAYS_TRUE(SpinEventLoopUntil([&]() { return mShutdownComplete; })); - gBaseDirPath.Truncate(); + MOZ_ASSERT(gBaseDirPath); + gBaseDirPath = nullptr; return NS_OK; } @@ -2903,6 +2907,7 @@ nsresult QuotaManager::Initialize() { void QuotaManager::GetOrCreate(nsIRunnable* aCallback, nsIEventTarget* aMainEventTarget) { AssertIsOnBackgroundThread(); + MOZ_ASSERT(gBaseDirPath); if (IsShuttingDown()) { MOZ_ASSERT(false, "Calling GetOrCreate() after shutdown!"); @@ -2914,7 +2919,7 @@ void QuotaManager::GetOrCreate(nsIRunnable* aCallback, } else { RefPtr manager = new QuotaManager(); - nsresult rv = manager->Init(gBaseDirPath); + nsresult rv = manager->Init(*gBaseDirPath); if (NS_WARN_IF(NS_FAILED(rv))) { gCreateFailed = true; } else { From e7a4bd4df8790c26cccbba3d0906c93f9624914c Mon Sep 17 00:00:00 2001 From: Daniel Varga Date: Wed, 27 Mar 2019 00:33:31 +0200 Subject: [PATCH 13/16] Backed out changeset a64efd0aa9c1 (bug 1506693) for linting failure at /builds/worker/checkouts/gecko/browser/extensions/pdfjs/content/PdfStreamConverter.jsm:224:3. on a CLOSED TREE --HG-- extra : rebase_source : 9ecf8d24a35268f71b0a47b6594c9cf0f0a06b5d --- .../extensions/pdfjs/content/PdfStreamConverter.jsm | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm index 6b9223b96d82..5bc482e0e34a 100644 --- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm +++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm @@ -220,15 +220,6 @@ class ChromeActions { return PrivateBrowsingUtils.isContentWindowPrivate(this.domWindow); } - getWindowOriginAttributes() - { - try { - return this.domWindow.document.nodePrincipal.originAttributes; - } catch(err) { - return {}; - } - } - download(data, sendResponse) { var self = this; var originalUrl = data.originalUrl; @@ -588,9 +579,6 @@ class RangedChromeActions extends ChromeActions { var xhr_onreadystatechange = function xhr_onreadystatechange() { if (this.readyState === 1) { // LOADING var netChannel = this.channel; - // override this XMLHttpRequest's OriginAttributes with our cached parent window's - // OriginAttributes, as we are currently running under the SystemPrincipal - this.setOriginAttributes(self.getWindowOriginAttributes()); if ("nsIPrivateBrowsingChannel" in Ci && netChannel instanceof Ci.nsIPrivateBrowsingChannel) { var docIsPrivate = self.isInPrivateBrowsing(); From d60255305042cdbea3b88f6992f3c6373dbb6d4b Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Tue, 26 Mar 2019 18:48:46 +0000 Subject: [PATCH 14/16] Bug 1539227 - land NSS 67c41e385581 UPGRADE_NSS_RELEASE, r=me --HG-- extra : rebase_source : cd4c8d05e32ee16c9aaa1aeb23014b2299c100fd --- old-configure.in | 2 +- security/nss/.taskcluster.yml | 3 +- security/nss/TAG-INFO | 2 +- .../abi-check/expected-report-libnss3.so.txt | 2 +- .../abi-check/expected-report-libssl3.so.txt | 20 -- .../automation/abi-check/previous-nss-release | 2 +- security/nss/coreconf/coreconf.dep | 1 + .../nss/gtests/certdb_gtest/cert_unittest.cc | 47 ++++ .../nss/gtests/certdb_gtest/certdb_gtest.gyp | 3 + .../certdb_gtest/decode_certs_unittest.cc | 28 ++ security/nss/gtests/certdb_gtest/manifest.mn | 2 + .../ssl_gtest/ssl_recordsep_unittest.cc | 42 +++ security/nss/lib/certdb/cert.h | 6 + security/nss/lib/certdb/certdb.c | 11 + security/nss/lib/freebl/blinit.c | 68 ++++- security/nss/lib/freebl/crypto_primitives.c | 2 +- security/nss/lib/freebl/crypto_primitives.h | 16 +- security/nss/lib/freebl/freebl.gyp | 10 +- security/nss/lib/nss/nss.def | 6 + security/nss/lib/nss/nss.h | 6 +- security/nss/lib/pkcs7/certread.c | 18 +- security/nss/lib/softoken/sdb.c | 102 ++++--- security/nss/lib/softoken/sftkpwd.c | 253 +++++++----------- security/nss/lib/softoken/softkver.h | 6 +- security/nss/lib/ssl/ssl3con.c | 68 ++++- security/nss/lib/ssl/sslimpl.h | 8 + security/nss/lib/ssl/tls13con.c | 4 +- security/nss/lib/util/nssutil.h | 6 +- security/nss/tests/cert/cert.sh | 76 +++--- security/nss/tests/common/certsetup.sh | 5 +- security/nss/tests/crmf/crmf.sh | 8 +- security/nss/tests/gtests/gtests.sh | 30 ++- security/nss/tests/iopr/cert_iopr.sh | 2 +- .../nss/tests/iopr/server_scr/cert_gen.sh | 4 +- .../nss/tests/libpkix/certs/TestCA.ca.cert | Bin 628 -> 628 bytes .../nss/tests/libpkix/certs/TestUser50.cert | Bin 615 -> 617 bytes .../nss/tests/libpkix/certs/TestUser51.cert | Bin 615 -> 617 bytes .../nss/tests/libpkix/certs/make-ca-u50-u51 | 4 +- security/nss/tests/libpkix/certs/nss2alice | Bin 602 -> 605 bytes security/nss/tests/smime/bob.txt | 4 +- security/nss/tests/smime/smime.sh | 34 +-- 41 files changed, 559 insertions(+), 352 deletions(-) create mode 100644 security/nss/gtests/certdb_gtest/cert_unittest.cc create mode 100644 security/nss/gtests/certdb_gtest/decode_certs_unittest.cc mode change 100755 => 100644 security/nss/tests/libpkix/certs/nss2alice diff --git a/old-configure.in b/old-configure.in index 8ea8c83e6a3c..cd15290fdb0b 100644 --- a/old-configure.in +++ b/old-configure.in @@ -1538,7 +1538,7 @@ MOZ_ARG_WITH_BOOL(system-nss, _USE_SYSTEM_NSS=1 ) if test -n "$_USE_SYSTEM_NSS"; then - AM_PATH_NSS(3.42, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) + AM_PATH_NSS(3.44, [MOZ_SYSTEM_NSS=1], [AC_MSG_ERROR([you don't have NSS installed or your version is too old])]) fi NSS_CFLAGS="$NSS_CFLAGS -I${DIST}/include/nss" diff --git a/security/nss/.taskcluster.yml b/security/nss/.taskcluster.yml index efd0dd75dd75..4fffc9c82b3a 100644 --- a/security/nss/.taskcluster.yml +++ b/security/nss/.taskcluster.yml @@ -24,7 +24,7 @@ tasks: in: taskId: '${ownTaskId}' taskGroupId: '${ownTaskId}' - schedulerId: 'gecko-level-nss' + schedulerId: 'nss-level-${repository.level}' created: {$fromNow: ''} deadline: {$fromNow: '1 day'} expires: {$fromNow: '14 days'} @@ -41,7 +41,6 @@ tasks: scopes: - 'assume:repo:${repoUrl[8:]}:branch:default' - - 'queue:route:notify.email.${ownerEmail}.*' tags: createdForUser: "${ownerEmail}" diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index ab4b4e8cc279..1a71b4bc7b65 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_43_RTM +67c41e385581 diff --git a/security/nss/automation/abi-check/expected-report-libnss3.so.txt b/security/nss/automation/abi-check/expected-report-libnss3.so.txt index a4c767310134..c24dae4253ab 100644 --- a/security/nss/automation/abi-check/expected-report-libnss3.so.txt +++ b/security/nss/automation/abi-check/expected-report-libnss3.so.txt @@ -1,5 +1,5 @@ 1 Added function: - 'function SECOidTag HASH_GetHashOidTagByHashType(HASH_HashType)' {HASH_GetHashOidTagByHashType@@NSS_3.43} + 'function SECStatus CERT_GetCertificateDer(const CERTCertificate*, SECItem*)' {CERT_GetCertificateDer@@NSS_3.44} diff --git a/security/nss/automation/abi-check/expected-report-libssl3.so.txt b/security/nss/automation/abi-check/expected-report-libssl3.so.txt index 8ef488de0758..e69de29bb2d1 100644 --- a/security/nss/automation/abi-check/expected-report-libssl3.so.txt +++ b/security/nss/automation/abi-check/expected-report-libssl3.so.txt @@ -1,20 +0,0 @@ - -2 functions with some indirect sub-type change: - - [C]'function SECStatus SSL_GetCipherSuiteInfo(PRUint16, SSLCipherSuiteInfo*, PRUintn)' at sslinfo.c:326:1 has some indirect sub-type changes: - parameter 2 of type 'SSLCipherSuiteInfo*' has sub-type changes: - in pointed to type 'typedef SSLCipherSuiteInfo' at sslt.h:433:1: - underlying type 'struct SSLCipherSuiteInfoStr' at sslt.h:366:1 changed: - type size changed from 768 to 832 (in bits) - 1 data member insertion: - 'SSLHashType SSLCipherSuiteInfoStr::kdfHash', at offset 768 (in bits) at sslt.h:429:1 - - [C]'function SECStatus SSL_GetPreliminaryChannelInfo(PRFileDesc*, SSLPreliminaryChannelInfo*, PRUintn)' at sslinfo.c:111:1 has some indirect sub-type changes: - parameter 2 of type 'SSLPreliminaryChannelInfo*' has sub-type changes: - in pointed to type 'typedef SSLPreliminaryChannelInfo' at sslt.h:379:1: - underlying type 'struct SSLPreliminaryChannelInfoStr' at sslt.h:333:1 changed: - type size changed from 160 to 192 (in bits) - 1 data member insertion: - 'PRUint16 SSLPreliminaryChannelInfoStr::zeroRttCipherSuite', at offset 160 (in bits) at sslt.h:375:1 - - diff --git a/security/nss/automation/abi-check/previous-nss-release b/security/nss/automation/abi-check/previous-nss-release index d7418dbfda21..da7472286fa1 100644 --- a/security/nss/automation/abi-check/previous-nss-release +++ b/security/nss/automation/abi-check/previous-nss-release @@ -1 +1 @@ -NSS_3_42_BRANCH +NSS_3_43_BRANCH diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 5182f75552c8..590d1bfaeee3 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,3 +10,4 @@ */ #error "Do not include this header file." + diff --git a/security/nss/gtests/certdb_gtest/cert_unittest.cc b/security/nss/gtests/certdb_gtest/cert_unittest.cc new file mode 100644 index 000000000000..93003fa59ccd --- /dev/null +++ b/security/nss/gtests/certdb_gtest/cert_unittest.cc @@ -0,0 +1,47 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" + +#include "nss.h" +#include "secerr.h" +#include "pk11pub.h" +#include "nss_scoped_ptrs.h" + +namespace nss_test { + +class CertTest : public ::testing::Test {}; + +// Tests CERT_GetCertificateDer for the certs we have. +TEST_F(CertTest, GetCertDer) { + // Listing all the certs should get us the default trust anchors. + ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr)); + ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list)); + + for (PRCList* cursor = PR_NEXT_LINK(&certs->list); cursor != &certs->list; + cursor = PR_NEXT_LINK(cursor)) { + CERTCertListNode* node = (CERTCertListNode*)cursor; + SECItem der; + ASSERT_EQ(SECSuccess, CERT_GetCertificateDer(node->cert, &der)); + ASSERT_EQ(0, SECITEM_CompareItem(&der, &node->cert->derCert)); + } +} + +TEST_F(CertTest, GetCertDerBad) { + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + ScopedCERTCertList certs(PK11_ListCerts(PK11CertListAll, nullptr)); + ASSERT_FALSE(PR_CLIST_IS_EMPTY(&certs->list)); + CERTCertListNode* node = (CERTCertListNode*)PR_NEXT_LINK(&certs->list); + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(node->cert, nullptr)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); + + SECItem der; + EXPECT_EQ(SECFailure, CERT_GetCertificateDer(nullptr, &der)); + EXPECT_EQ(SEC_ERROR_INVALID_ARGS, PORT_GetError()); +} +} diff --git a/security/nss/gtests/certdb_gtest/certdb_gtest.gyp b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp index 898102defe30..7f5bb324b53a 100644 --- a/security/nss/gtests/certdb_gtest/certdb_gtest.gyp +++ b/security/nss/gtests/certdb_gtest/certdb_gtest.gyp @@ -12,6 +12,8 @@ 'type': 'executable', 'sources': [ 'alg1485_unittest.cc', + 'cert_unittest.cc', + 'decode_certs_unittest.cc', '<(DEPTH)/gtests/common/gtests.cc' ], 'dependencies': [ @@ -20,6 +22,7 @@ '<(DEPTH)/lib/util/util.gyp:nssutil3', '<(DEPTH)/lib/ssl/ssl.gyp:ssl3', '<(DEPTH)/lib/nss/nss.gyp:nss3', + '<(DEPTH)/lib/smime/smime.gyp:smime3', ] } ], diff --git a/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc new file mode 100644 index 000000000000..405194edcc8a --- /dev/null +++ b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc @@ -0,0 +1,28 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" + +#include "cert.h" +#include "prerror.h" +#include "secerr.h" + +class DecodeCertsTest : public ::testing::Test {}; + +TEST_F(DecodeCertsTest, EmptyCertPackage) { + // This represents a PKCS#7 ContentInfo with a contentType of + // '2.16.840.1.113730.2.5' (Netscape data-type cert-sequence) and a content + // consisting of an empty SEQUENCE. This is valid ASN.1, but it contains no + // certificates, so CERT_DecodeCertFromPackage should just return a null + // pointer. + unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, + 0x05, 0xa0, 0x02, 0x30, 0x00}; + EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage( + reinterpret_cast(emptyCertPackage), + sizeof(emptyCertPackage))); + EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); +} diff --git a/security/nss/gtests/certdb_gtest/manifest.mn b/security/nss/gtests/certdb_gtest/manifest.mn index 4a3a1fda09ca..c95cf991f31f 100644 --- a/security/nss/gtests/certdb_gtest/manifest.mn +++ b/security/nss/gtests/certdb_gtest/manifest.mn @@ -8,6 +8,8 @@ MODULE = nss CPPSRCS = \ alg1485_unittest.cc \ + cert_unittest.cc \ + decode_certs_unittest.cc \ $(NULL) INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \ diff --git a/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc b/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc index c69042014762..8a1dea5bfbca 100644 --- a/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc +++ b/security/nss/gtests/ssl_gtest/ssl_recordsep_unittest.cc @@ -442,6 +442,48 @@ TEST_P(TlsConnectStream, ReplaceRecordLayerAsyncLateAuth) { SendForwardReceive(client_, client_stage, server_); } +TEST_F(TlsConnectStreamTls13, ReplaceRecordLayerAsyncPostHandshake) { + StartConnect(); + client_->SetServerKeyBits(server_->server_key_bits()); + + BadPrSocket bad_layer_client(client_); + BadPrSocket bad_layer_server(server_); + StagedRecords client_stage(client_); + StagedRecords server_stage(server_); + + client_->SetAuthCertificateCallback(AuthCompleteBlock); + + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTING); + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTING); + + ASSERT_TRUE(client_stage.empty()); + client_->Handshake(); + ASSERT_TRUE(client_stage.empty()); + EXPECT_EQ(TlsAgent::STATE_CONNECTING, client_->state()); + + // Now declare the certificate good. + EXPECT_EQ(SECSuccess, SSL_AuthCertificateComplete(client_->ssl_fd(), 0)); + client_->Handshake(); + ASSERT_FALSE(client_stage.empty()); + + if (version_ >= SSL_LIBRARY_VERSION_TLS_1_3) { + EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + } else { + client_stage.ForwardAll(server_, TlsAgent::STATE_CONNECTED); + server_stage.ForwardAll(client_, TlsAgent::STATE_CONNECTED); + } + CheckKeys(); + + // Reading and writing application data should work. + SendForwardReceive(client_, client_stage, server_); + + // Post-handshake messages should work here. + EXPECT_EQ(SECSuccess, SSL_SendSessionTicket(server_->ssl_fd(), nullptr, 0)); + SendForwardReceive(server_, server_stage, client_); +} + // This test ensures that data is correctly forwarded when the handshake is // resumed after asynchronous server certificate authentication, when // SSL_AuthCertificateComplete() is called. The logic for resuming the diff --git a/security/nss/lib/certdb/cert.h b/security/nss/lib/certdb/cert.h index 333ba4c9dd42..1981b8f549fd 100644 --- a/security/nss/lib/certdb/cert.h +++ b/security/nss/lib/certdb/cert.h @@ -215,6 +215,12 @@ extern void CERT_DestroyCertificate(CERTCertificate *cert); */ extern CERTCertificate *CERT_DupCertificate(CERTCertificate *c); +/* Access the DER of the certificate. This only creates a reference to the DER + * in the outparam not a copy. To avoid the pointer becoming invalid, use + * CERT_DupCertificate() and keep a reference to the duplicate alive. + */ +extern SECStatus CERT_GetCertificateDer(const CERTCertificate *c, SECItem *der); + /* ** Create a new certificate request. This result must be wrapped with an ** CERTSignedData to create a signed certificate request. diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 85b5f291703b..7eede8d0e191 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -1314,6 +1314,17 @@ CERT_DupCertificate(CERTCertificate *c) return c; } +SECStatus +CERT_GetCertificateDer(const CERTCertificate *c, SECItem *der) +{ + if (!c || !der) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + *der = c->derCert; + return SECSuccess; +} + /* * Allow use of default cert database, so that apps(such as mozilla) don't * have to pass the handle all over the place. diff --git a/security/nss/lib/freebl/blinit.c b/security/nss/lib/freebl/blinit.c index f369e62e71af..d1bb037fc1fd 100644 --- a/security/nss/lib/freebl/blinit.c +++ b/security/nss/lib/freebl/blinit.c @@ -92,23 +92,32 @@ CheckX86CPUSupport() #endif /* NSS_X86_OR_X64 */ /* clang-format off */ -#if (defined(__aarch64__) || defined(__arm__)) && !defined(__ANDROID__) +#if defined(__aarch64__) || defined(__arm__) #ifndef __has_include #define __has_include(x) 0 #endif #if (__has_include() || defined(__linux__)) && \ defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__) +/* This might be conflict with host compiler */ +#if !defined(__ANDROID__) #include +#endif extern unsigned long getauxval(unsigned long type) __attribute__((weak)); #else static unsigned long (*getauxval)(unsigned long) = NULL; -#define AT_HWCAP2 0 -#define AT_HWCAP 0 #endif /* defined(__GNUC__) && __GNUC__ >= 2 && defined(__ELF__)*/ -#endif /* (defined(__aarch64__) || defined(__arm__)) && !defined(__ANDROID__) */ + +#ifndef AT_HWCAP2 +#define AT_HWCAP2 26 +#endif +#ifndef AT_HWCAP +#define AT_HWCAP 16 +#endif + +#endif /* defined(__aarch64__) || defined(__arm__) */ /* clang-format on */ -#if defined(__aarch64__) && !defined(__ANDROID__) +#if defined(__aarch64__) // Defines from hwcap.h in Linux kernel - ARM64 #ifndef HWCAP_AES #define HWCAP_AES (1 << 3) @@ -138,9 +147,9 @@ CheckARMSupport() /* aarch64 must support NEON. */ arm_neon_support_ = disable_arm_neon == NULL; } -#endif /* defined(__aarch64__) && !defined(__ANDROID__) */ +#endif /* defined(__aarch64__) */ -#if defined(__arm__) && !defined(__ANDROID__) +#if defined(__arm__) // Defines from hwcap.h in Linux kernel - ARM /* * HWCAP flags - for elf_hwcap (in kernel) and AT_HWCAP @@ -165,23 +174,58 @@ CheckARMSupport() #define HWCAP2_SHA2 (1 << 3) #endif +PRBool +GetNeonSupport() +{ + char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON"); + if (disable_arm_neon) { + return PR_FALSE; + } +#if defined(__ARM_NEON) || defined(__ARM_NEON__) + // Compiler generates NEON instruction as default option. + // If no getauxval, compiler generate NEON instruction by default, + // we should allow NOEN support. + return PR_TRUE; +#elif !defined(__ANDROID__) + // Android's cpu-features.c detects features by the following logic + // + // - Call getauxval(AT_HWCAP) + // - Parse /proc/self/auxv if getauxval is nothing or returns 0 + // - Parse /proc/cpuinfo if both cannot detect features + // + // But we don't use it for Android since Android document + // (https://developer.android.com/ndk/guides/cpu-features) says + // one problem with AT_HWCAP sometimes devices (Nexus 4 and emulator) + // are mistaken for IDIV. + if (getauxval) { + return (getauxval(AT_HWCAP) & HWCAP_NEON); + } +#endif /* defined(__ARM_NEON) || defined(__ARM_NEON__) */ + return PR_FALSE; +} + void CheckARMSupport() { - char *disable_arm_neon = PR_GetEnvSecure("NSS_DISABLE_ARM_NEON"); char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES"); if (getauxval) { + // Android's cpu-features.c uses AT_HWCAP2 for newer features. + // AT_HWCAP2 is implemented on newer devices / kernel, so we can trust + // it since cpu-features.c doesn't have workaround / fallback. + // Also, AT_HWCAP2 is supported by glibc 2.18+ on Linux/arm, If + // AT_HWCAP2 isn't supported by glibc or Linux kernel, getauxval will + // returns 0. long hwcaps = getauxval(AT_HWCAP2); arm_aes_support_ = hwcaps & HWCAP2_AES && disable_hw_aes == NULL; arm_pmull_support_ = hwcaps & HWCAP2_PMULL; arm_sha1_support_ = hwcaps & HWCAP2_SHA1; arm_sha2_support_ = hwcaps & HWCAP2_SHA2; - arm_neon_support_ = hwcaps & HWCAP_NEON && disable_arm_neon == NULL; } + arm_neon_support_ = GetNeonSupport(); } -#endif /* defined(__arm__) && !defined(__ANDROID__) */ +#endif /* defined(__arm__) */ -// Enable when Firefox can use it. +// Enable when Firefox can use it for Android API 16 and 17. // #if defined(__ANDROID__) && (defined(__arm__) || defined(__aarch64__)) // #include // void @@ -262,7 +306,7 @@ FreeblInit(void) { #ifdef NSS_X86_OR_X64 CheckX86CPUSupport(); -#elif (defined(__aarch64__) || defined(__arm__)) && !defined(__ANDROID__) +#elif (defined(__aarch64__) || defined(__arm__)) CheckARMSupport(); #endif return PR_SUCCESS; diff --git a/security/nss/lib/freebl/crypto_primitives.c b/security/nss/lib/freebl/crypto_primitives.c index 49c8ca5ca6ed..937e1dd720f2 100644 --- a/security/nss/lib/freebl/crypto_primitives.c +++ b/security/nss/lib/freebl/crypto_primitives.c @@ -22,7 +22,7 @@ swap8b(PRUint64 value) return (value); } -#elif !defined(_MSC_VER) +#elif !defined(_MSC_VER) && !__has_builtin(__builtin_bswap64) PRUint64 swap8b(PRUint64 x) diff --git a/security/nss/lib/freebl/crypto_primitives.h b/security/nss/lib/freebl/crypto_primitives.h index f19601f4b4e8..177e6f3fffe5 100644 --- a/security/nss/lib/freebl/crypto_primitives.h +++ b/security/nss/lib/freebl/crypto_primitives.h @@ -11,6 +11,11 @@ #include #include "prtypes.h" +/* For non-clang platform */ +#ifndef __has_builtin +#define __has_builtin(x) 0 +#endif + /* Unfortunately this isn't always set when it should be. */ #if defined(HAVE_LONG_LONG) @@ -29,11 +34,16 @@ /* * FREEBL_HTONLL(x): swap bytes in a 64-bit integer. */ +#if defined(IS_LITTLE_ENDIAN) #if defined(_MSC_VER) #pragma intrinsic(_byteswap_uint64) #define FREEBL_HTONLL(x) _byteswap_uint64(x) +#elif __has_builtin(__builtin_bswap64) + +#define FREEBL_HTONLL(x) __builtin_bswap64(x) + #elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64)) PRUint64 swap8b(PRUint64 value); @@ -48,4 +58,8 @@ PRUint64 swap8b(PRUint64 x); #endif /* _MSC_VER */ -#endif /* HAVE_LONG_LONG */ \ No newline at end of file +#else /* IS_LITTLE_ENDIAN */ +#define FREEBL_HTONLL(x) (x) +#endif + +#endif /* HAVE_LONG_LONG */ diff --git a/security/nss/lib/freebl/freebl.gyp b/security/nss/lib/freebl/freebl.gyp index 288ff07a3bf8..4bc127ce9229 100644 --- a/security/nss/lib/freebl/freebl.gyp +++ b/security/nss/lib/freebl/freebl.gyp @@ -76,11 +76,11 @@ '__SSSE3__', ], }], - [ 'OS=="android"', { - # On Android we can't use any of the hardware acceleration :( - 'defines!': [ - '__ARM_NEON__', - '__ARM_NEON', + [ 'target_arch=="arm"', { + # Gecko doesn't support non-NEON platform on Android, but tier-3 + # platform such as Linux/arm will need it + 'cflags_mozilla': [ + '-mfpu=neon' ], }], ], diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index d589fd30e26f..53d463a66ffd 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1145,3 +1145,9 @@ HASH_GetHashOidTagByHashType; ;+ local: ;+ *; ;+}; +;+NSS_3.44 { # NSS 3.44 release +;+ global: +CERT_GetCertificateDer; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 1df2125172b5..d82b64980417 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -22,12 +22,12 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.43" _NSS_CUSTOMIZED +#define NSS_VERSION "3.44" _NSS_CUSTOMIZED " Beta" #define NSS_VMAJOR 3 -#define NSS_VMINOR 43 +#define NSS_VMINOR 44 #define NSS_VPATCH 0 #define NSS_VBUILD 0 -#define NSS_BETA PR_FALSE +#define NSS_BETA PR_TRUE #ifndef RC_INVOKED diff --git a/security/nss/lib/pkcs7/certread.c b/security/nss/lib/pkcs7/certread.c index 2d692f1a2d5e..3091f9947ee4 100644 --- a/security/nss/lib/pkcs7/certread.c +++ b/security/nss/lib/pkcs7/certread.c @@ -492,14 +492,16 @@ typedef struct { static SECStatus collect_certs(void *arg, SECItem **certs, int numcerts) { - SECStatus rv; - collect_args *collectArgs; - - collectArgs = (collect_args *)arg; - - rv = SECITEM_CopyItem(collectArgs->arena, &collectArgs->cert, *certs); - - return (rv); + collect_args *collectArgs = (collect_args *)arg; + if (!collectArgs || !collectArgs->arena) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + if (numcerts < 1 || !certs || !*certs) { + PORT_SetError(SEC_ERROR_BAD_DER); + return SECFailure; + } + return SECITEM_CopyItem(collectArgs->arena, &collectArgs->cert, *certs); } /* diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index fb897d68ccc8..4830bc111fb2 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -858,7 +858,6 @@ sdb_FindObjectsFinal(SDB *sdb, SDBFind *sdbFind) return sdb_mapSQLError(sdb_p->type, sqlerr); } -static const char GET_ATTRIBUTE_CMD[] = "SELECT ALL %s FROM %s WHERE id=$ID;"; CK_RV sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, CK_ATTRIBUTE *template, CK_ULONG count) @@ -866,8 +865,6 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, SDBPrivate *sdb_p = sdb->private; sqlite3 *sqlDB = NULL; sqlite3_stmt *stmt = NULL; - char *getStr = NULL; - char *newStr = NULL; const char *table = NULL; int sqlerr = SQLITE_OK; CK_RV error = CKR_OK; @@ -875,55 +872,74 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, int retry = 0; unsigned int i; + if (count == 0) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } + /* open a new db if necessary */ error = sdb_openDBLocal(sdb_p, &sqlDB, &table); if (error != CKR_OK) { goto loser; } + char *columns = NULL; for (i = 0; i < count; i++) { - getStr = sqlite3_mprintf("a%x", template[i].type); - - if (getStr == NULL) { + char *newColumns; + if (columns) { + newColumns = sqlite3_mprintf("%s, a%x", columns, template[i].type); + sqlite3_free(columns); + columns = NULL; + } else { + newColumns = sqlite3_mprintf("a%x", template[i].type); + } + if (!newColumns) { error = CKR_HOST_MEMORY; goto loser; } + columns = newColumns; + } + if (!columns) { + error = CKR_OBJECT_HANDLE_INVALID; + goto loser; + } - newStr = sqlite3_mprintf(GET_ATTRIBUTE_CMD, getStr, table); - sqlite3_free(getStr); - getStr = NULL; - if (newStr == NULL) { - error = CKR_HOST_MEMORY; - goto loser; + char *statement = sqlite3_mprintf("SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;", + columns, table); + sqlite3_free(columns); + columns = NULL; + if (!statement) { + error = CKR_HOST_MEMORY; + goto loser; + } + + sqlerr = sqlite3_prepare_v2(sqlDB, statement, -1, &stmt, NULL); + sqlite3_free(statement); + statement = NULL; + if (sqlerr != SQLITE_OK) { + goto loser; + } + + // NB: indices in sqlite3_bind_int are 1-indexed + sqlerr = sqlite3_bind_int(stmt, 1, object_id); + if (sqlerr != SQLITE_OK) { + goto loser; + } + + do { + sqlerr = sqlite3_step(stmt); + if (sqlerr == SQLITE_BUSY) { + PR_Sleep(SDB_BUSY_RETRY_TIME); } - - sqlerr = sqlite3_prepare_v2(sqlDB, newStr, -1, &stmt, NULL); - sqlite3_free(newStr); - newStr = NULL; - if (sqlerr == SQLITE_ERROR) { - template[i].ulValueLen = -1; - error = CKR_ATTRIBUTE_TYPE_INVALID; - continue; - } else if (sqlerr != SQLITE_OK) { - goto loser; - } - - sqlerr = sqlite3_bind_int(stmt, 1, object_id); - if (sqlerr != SQLITE_OK) { - goto loser; - } - - do { - sqlerr = sqlite3_step(stmt); - if (sqlerr == SQLITE_BUSY) { - PR_Sleep(SDB_BUSY_RETRY_TIME); - } - if (sqlerr == SQLITE_ROW) { + if (sqlerr == SQLITE_ROW) { + PORT_Assert(!found); + for (i = 0; i < count; i++) { unsigned int blobSize; const char *blobData; - blobSize = sqlite3_column_bytes(stmt, 0); - blobData = sqlite3_column_blob(stmt, 0); + // NB: indices in sqlite_column_{bytes,blob} are 0-indexed + blobSize = sqlite3_column_bytes(stmt, i); + blobData = sqlite3_column_blob(stmt, i); if (blobData == NULL) { template[i].ulValueLen = -1; error = CKR_ATTRIBUTE_TYPE_INVALID; @@ -945,13 +961,13 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, PORT_Memcpy(template[i].pValue, blobData, blobSize); } template[i].ulValueLen = blobSize; - found = 1; } - } while (!sdb_done(sqlerr, &retry)); - sqlite3_reset(stmt); - sqlite3_finalize(stmt); - stmt = NULL; - } + found = 1; + } + } while (!sdb_done(sqlerr, &retry)); + sqlite3_reset(stmt); + sqlite3_finalize(stmt); + stmt = NULL; loser: /* fix up the error if necessary */ diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c index 9834d3ba0104..9f97c77038fa 100644 --- a/security/nss/lib/softoken/sftkpwd.c +++ b/security/nss/lib/softoken/sftkpwd.c @@ -859,92 +859,77 @@ static CK_RV sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE id, SECItem *newKey) { - CK_ATTRIBUTE authAttrs[] = { - { CKA_MODULUS, NULL, 0 }, - { CKA_PUBLIC_EXPONENT, NULL, 0 }, - { CKA_CERT_SHA1_HASH, NULL, 0 }, - { CKA_CERT_MD5_HASH, NULL, 0 }, - { CKA_TRUST_SERVER_AUTH, NULL, 0 }, - { CKA_TRUST_CLIENT_AUTH, NULL, 0 }, - { CKA_TRUST_EMAIL_PROTECTION, NULL, 0 }, - { CKA_TRUST_CODE_SIGNING, NULL, 0 }, - { CKA_TRUST_STEP_UP_APPROVED, NULL, 0 }, - { CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0 }, - }; - CK_ULONG authAttrCount = sizeof(authAttrs) / sizeof(CK_ATTRIBUTE); - unsigned int i, count; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; - - id &= SFTK_OBJ_ID_MASK; - if (handle->type != SFTK_KEYDB_TYPE) { keyHandle = handle->peerDB; } - if (keyHandle == NULL) { return CKR_OK; } - - /* old DB's don't have meta data, finished with MACs */ + // Old DBs don't have metadata, so we can return early here. keyTarget = SFTK_GET_SDB(keyHandle); if ((keyTarget->sdb_flags & SDB_HAS_META) == 0) { return CKR_OK; } - /* - * STEP 1: find the MACed attributes of this object - */ - (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); - count = 0; - /* allocate space for the attributes */ - for (i = 0; i < authAttrCount; i++) { - if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)) { + id &= SFTK_OBJ_ID_MASK; + + CK_ATTRIBUTE_TYPE authAttrTypes[] = { + CKA_MODULUS, + CKA_PUBLIC_EXPONENT, + CKA_CERT_SHA1_HASH, + CKA_CERT_MD5_HASH, + CKA_TRUST_SERVER_AUTH, + CKA_TRUST_CLIENT_AUTH, + CKA_TRUST_EMAIL_PROTECTION, + CKA_TRUST_CODE_SIGNING, + CKA_TRUST_STEP_UP_APPROVED, + CKA_NSS_OVERRIDE_EXTENSIONS, + }; + const CK_ULONG authAttrTypeCount = sizeof(authAttrTypes) / sizeof(authAttrTypes[0]); + + // We don't know what attributes this object has, so we update them one at a + // time. + unsigned int i; + for (i = 0; i < authAttrTypeCount; i++) { + CK_ATTRIBUTE authAttr = { authAttrTypes[i], NULL, 0 }; + CK_RV rv = sftkdb_GetAttributeValue(handle, id, &authAttr, 1); + if (rv != CKR_OK) { continue; } - count++; - authAttrs[i].pValue = PORT_ArenaAlloc(arena, authAttrs[i].ulValueLen); - if (authAttrs[i].pValue == NULL) { - break; - } - } - - /* if count was zero, none were found, finished with MACs */ - if (count == 0) { - return CKR_OK; - } - - (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); - /* ignore error code, we expect some possible errors */ - - /* GetAttributeValue just verified the old macs, safe to write - * them out then... */ - for (i = 0; i < authAttrCount; i++) { - SECItem *signText; - SECItem plainText; - SECStatus rv; - - if ((authAttrs[i].ulValueLen == -1) || (authAttrs[i].ulValueLen == 0)) { + if ((authAttr.ulValueLen == -1) || (authAttr.ulValueLen == 0)) { continue; } - - if (authAttrs[i].ulValueLen == sizeof(CK_ULONG) && - sftkdb_isULONGAttribute(authAttrs[i].type)) { - CK_ULONG value = *(CK_ULONG *)authAttrs[i].pValue; - sftk_ULong2SDBULong(authAttrs[i].pValue, value); - authAttrs[i].ulValueLen = SDB_ULONG_SIZE; + authAttr.pValue = PORT_ArenaAlloc(arena, authAttr.ulValueLen); + if (authAttr.pValue == NULL) { + return CKR_HOST_MEMORY; } - - plainText.data = authAttrs[i].pValue; - plainText.len = authAttrs[i].ulValueLen; - rv = sftkdb_SignAttribute(arena, newKey, id, - authAttrs[i].type, &plainText, &signText); - if (rv != SECSuccess) { + rv = sftkdb_GetAttributeValue(handle, id, &authAttr, 1); + if (rv != CKR_OK) { + return rv; + } + if ((authAttr.ulValueLen == -1) || (authAttr.ulValueLen == 0)) { return CKR_GENERAL_ERROR; } - rv = sftkdb_PutAttributeSignature(handle, keyTarget, id, - authAttrs[i].type, signText); - if (rv != SECSuccess) { + // GetAttributeValue just verified the old macs, so it is safe to write + // them out now. + if (authAttr.ulValueLen == sizeof(CK_ULONG) && + sftkdb_isULONGAttribute(authAttr.type)) { + CK_ULONG value = *(CK_ULONG *)authAttr.pValue; + sftk_ULong2SDBULong(authAttr.pValue, value); + authAttr.ulValueLen = SDB_ULONG_SIZE; + } + SECItem *signText; + SECItem plainText; + plainText.data = authAttr.pValue; + plainText.len = authAttr.ulValueLen; + if (sftkdb_SignAttribute(arena, newKey, id, authAttr.type, &plainText, + &signText) != SECSuccess) { + return CKR_GENERAL_ERROR; + } + if (sftkdb_PutAttributeSignature(handle, keyTarget, id, authAttr.type, + signText) != SECSuccess) { return CKR_GENERAL_ERROR; } } @@ -956,110 +941,64 @@ static CK_RV sftk_updateEncrypted(PLArenaPool *arena, SFTKDBHandle *keydb, CK_OBJECT_HANDLE id, SECItem *newKey) { - CK_RV crv = CKR_OK; - CK_RV crv2; - CK_ATTRIBUTE *first, *last; - CK_ATTRIBUTE privAttrs[] = { - { CKA_VALUE, NULL, 0 }, - { CKA_PRIVATE_EXPONENT, NULL, 0 }, - { CKA_PRIME_1, NULL, 0 }, - { CKA_PRIME_2, NULL, 0 }, - { CKA_EXPONENT_1, NULL, 0 }, - { CKA_EXPONENT_2, NULL, 0 }, - { CKA_COEFFICIENT, NULL, 0 } + CK_ATTRIBUTE_TYPE privAttrTypes[] = { + CKA_VALUE, + CKA_PRIVATE_EXPONENT, + CKA_PRIME_1, + CKA_PRIME_2, + CKA_EXPONENT_1, + CKA_EXPONENT_2, + CKA_COEFFICIENT, }; - CK_ULONG privAttrCount = sizeof(privAttrs) / sizeof(CK_ATTRIBUTE); - unsigned int i, count; + const CK_ULONG privAttrCount = sizeof(privAttrTypes) / sizeof(privAttrTypes[0]); - /* - * STEP 1. Read the old attributes in the clear. - */ - - /* Get the attribute sizes. - * ignore the error code, we will have unknown attributes here */ - crv2 = sftkdb_GetAttributeValue(keydb, id, privAttrs, privAttrCount); - - /* - * find the valid block of attributes and fill allocate space for - * their data */ - first = last = NULL; + // We don't know what attributes this object has, so we update them one at a + // time. + unsigned int i; for (i = 0; i < privAttrCount; i++) { - /* find the block of attributes that are appropriate for this - * objects. There should only be once contiguous block, if not - * there's an error. - * - * find the first and last good entry. - */ - if ((privAttrs[i].ulValueLen == -1) || (privAttrs[i].ulValueLen == 0)) { - if (!first) - continue; - if (!last) { - /* previous entry was last good entry */ - last = &privAttrs[i - 1]; - } + // Read the old attribute in the clear. + CK_ATTRIBUTE privAttr = { privAttrTypes[i], NULL, 0 }; + CK_RV crv = sftkdb_GetAttributeValue(keydb, id, &privAttr, 1); + if (crv != CKR_OK) { continue; } - if (!first) { - first = &privAttrs[i]; + if ((privAttr.ulValueLen == -1) || (privAttr.ulValueLen == 0)) { + continue; } - if (last) { - /* OOPS, we've found another good entry beyond the end of the - * last good entry, we need to fail here. */ - crv = CKR_GENERAL_ERROR; - break; + privAttr.pValue = PORT_ArenaAlloc(arena, privAttr.ulValueLen); + if (privAttr.pValue == NULL) { + return CKR_HOST_MEMORY; } - privAttrs[i].pValue = PORT_ArenaAlloc(arena, privAttrs[i].ulValueLen); - if (privAttrs[i].pValue == NULL) { - crv = CKR_HOST_MEMORY; - break; + crv = sftkdb_GetAttributeValue(keydb, id, &privAttr, 1); + if (crv != CKR_OK) { + return crv; } - } - if (first == NULL) { - /* no valid entries found, return error based on crv2 */ - return crv2; - } - if (last == NULL) { - last = &privAttrs[privAttrCount - 1]; - } - if (crv != CKR_OK) { - return crv; - } - /* read the attributes */ - count = (last - first) + 1; - crv = sftkdb_GetAttributeValue(keydb, id, first, count); - if (crv != CKR_OK) { - return crv; - } - - /* - * STEP 2: read the encrypt the attributes with the new key. - */ - for (i = 0; i < count; i++) { - SECItem plainText; - SECItem *result; - SECStatus rv; - - plainText.data = first[i].pValue; - plainText.len = first[i].ulValueLen; - rv = sftkdb_EncryptAttribute(arena, newKey, &plainText, &result); - if (rv != SECSuccess) { + if ((privAttr.ulValueLen == -1) || (privAttr.ulValueLen == 0)) { return CKR_GENERAL_ERROR; } - first[i].pValue = result->data; - first[i].ulValueLen = result->len; - /* clear our sensitive data out */ + SECItem plainText; + SECItem *result; + plainText.data = privAttr.pValue; + plainText.len = privAttr.ulValueLen; + if (sftkdb_EncryptAttribute(arena, newKey, &plainText, &result) != SECSuccess) { + return CKR_GENERAL_ERROR; + } + privAttr.pValue = result->data; + privAttr.ulValueLen = result->len; + // Clear sensitive data. PORT_Memset(plainText.data, 0, plainText.len); + + // Write the newly encrypted attributes out directly. + CK_OBJECT_HANDLE newId = id & SFTK_OBJ_ID_MASK; + keydb->newKey = newKey; + crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, newId, &privAttr, 1); + keydb->newKey = NULL; + if (crv != CKR_OK) { + return crv; + } } - /* - * STEP 3: write the newly encrypted attributes out directly - */ - id &= SFTK_OBJ_ID_MASK; - keydb->newKey = newKey; - crv = (*keydb->db->sdb_SetAttributeValue)(keydb->db, id, first, count); - keydb->newKey = NULL; - - return crv; + return CKR_OK; } static CK_RV diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 906ee1d2cc4b..5702460254c7 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -17,11 +17,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.43" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.44" SOFTOKEN_ECC_STRING " Beta" #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 43 +#define SOFTOKEN_VMINOR 44 #define SOFTOKEN_VPATCH 0 #define SOFTOKEN_VBUILD 0 -#define SOFTOKEN_BETA PR_FALSE +#define SOFTOKEN_BETA PR_TRUE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 2797e627f571..9385e526384e 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -8625,6 +8625,45 @@ loser: return SECFailure; } +/* unwrap helper function to handle the case where the wrapKey doesn't wind + * up in the correct token for the master secret */ +PK11SymKey * +ssl_unwrapSymKey(PK11SymKey *wrapKey, + CK_MECHANISM_TYPE wrapType, SECItem *param, + SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_FLAGS keyFlags, void *pinArg) +{ + PK11SymKey *unwrappedKey; + + /* unwrap the master secret. */ + unwrappedKey = PK11_UnwrapSymKeyWithFlags(wrapKey, wrapType, param, + wrappedKey, target, operation, keySize, + keyFlags); + if (!unwrappedKey) { + PK11SlotInfo *targetSlot = PK11_GetBestSlot(target, pinArg); + PK11SymKey *newWrapKey; + + /* it's possible that we failed to unwrap because the wrapKey is in + * a slot that can't handle target. Move the wrapKey to a slot that + * can handle this mechanism and retry the operation */ + if (targetSlot == NULL) { + return NULL; + } + newWrapKey = PK11_MoveSymKey(targetSlot, CKA_UNWRAP, 0, + PR_FALSE, wrapKey); + PK11_FreeSlot(targetSlot); + if (newWrapKey == NULL) { + return NULL; + } + unwrappedKey = PK11_UnwrapSymKeyWithFlags(newWrapKey, wrapType, param, + wrappedKey, target, operation, keySize, + keyFlags); + PK11_FreeSymKey(newWrapKey); + } + return unwrappedKey; +} + static SECStatus ssl3_UnwrapMasterSecretServer(sslSocket *ss, sslSessionID *sid, PK11SymKey **ms) { @@ -8646,12 +8685,14 @@ ssl3_UnwrapMasterSecretServer(sslSocket *ss, sslSessionID *sid, PK11SymKey **ms) keyFlags = CKF_SIGN | CKF_VERIFY; } - /* unwrap the master secret. */ - *ms = PK11_UnwrapSymKeyWithFlags(wrapKey, sid->u.ssl3.masterWrapMech, - NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE, - CKA_DERIVE, SSL3_MASTER_SECRET_LENGTH, keyFlags); + *ms = ssl_unwrapSymKey(wrapKey, sid->u.ssl3.masterWrapMech, NULL, + &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE, + CKA_DERIVE, SSL3_MASTER_SECRET_LENGTH, + keyFlags, ss->pkcs11PinArg); PK11_FreeSymKey(wrapKey); if (!*ms) { + SSL_TRC(10, ("%d: SSL3[%d]: server wrapping key found, but couldn't unwrap MasterSecret. wrapMech=0x%0lx", + SSL_GETPID(), ss->fd, sid->u.ssl3.masterWrapMech)); return SECFailure; } return SECSuccess; @@ -11874,7 +11915,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) { (void)ssl3_DecodeError(ss); PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); - return SECFailure; + goto loser; } #undef MAX_HANDSHAKE_MSG_LEN @@ -11899,7 +11940,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) ss->ssl3.hs.msg_len = 0; ss->ssl3.hs.header_bytes = 0; if (rv != SECSuccess) { - return rv; + goto loser; } } else { /* must be copied to msg_body and dealt with from there */ @@ -11912,7 +11953,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) rv = sslBuffer_Grow(&ss->ssl3.hs.msg_body, ss->ssl3.hs.msg_len); if (rv != SECSuccess) { /* sslBuffer_Grow has set a memory error code. */ - return SECFailure; + goto loser; } PORT_Memcpy(ss->ssl3.hs.msg_body.buf + ss->ssl3.hs.msg_body.len, @@ -11932,7 +11973,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) ss->ssl3.hs.msg_len = 0; ss->ssl3.hs.header_bytes = 0; if (rv != SECSuccess) { - return rv; + goto loser; } } else { PORT_Assert(buf.len == 0); @@ -11943,6 +11984,17 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) origBuf->len = 0; /* So ssl3_GatherAppDataRecord will keep looping. */ return SECSuccess; + +loser : { + /* Make sure to remove any data that was consumed. */ + unsigned int consumed = origBuf->len - buf.len; + PORT_Assert(consumed == buf.buf - origBuf->buf); + if (consumed > 0) { + memmove(origBuf->buf, origBuf->buf + consumed, buf.len); + origBuf->len = buf.len; + } +} + return SECFailure; } /* These macros return the given value with the MSB copied to all the other diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 247d1107f417..575f4964a48a 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1734,6 +1734,14 @@ SECStatus ssl_DecodeResumptionToken(sslSessionID *sid, const PRUint8 *encodedTic PRUint32 encodedTicketLen); PRBool ssl_IsResumptionTokenUsable(sslSocket *ss, sslSessionID *sid); +/* unwrap helper function to handle the case where the wrapKey doesn't wind + * * up in the correct token for the master secret */ +PK11SymKey *ssl_unwrapSymKey(PK11SymKey *wrapKey, + CK_MECHANISM_TYPE wrapType, SECItem *param, + SECItem *wrappedKey, + CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, + int keySize, CK_FLAGS keyFlags, void *pinArg); + /* Remove when stable. */ SECStatus SSLExp_SetResumptionTokenCallback(PRFileDesc *fd, diff --git a/security/nss/lib/ssl/tls13con.c b/security/nss/lib/ssl/tls13con.c index 825f8e1710d5..704618070078 100644 --- a/security/nss/lib/ssl/tls13con.c +++ b/security/nss/lib/ssl/tls13con.c @@ -981,13 +981,13 @@ tls13_RecoverWrappedSharedSecret(sslSocket *ss, sslSessionID *sid) wrappedMS.len = sid->u.ssl3.keys.wrapped_master_secret_len; /* unwrap the "master secret" which is actually RMS. */ - ss->ssl3.hs.resumptionMasterSecret = PK11_UnwrapSymKeyWithFlags( + ss->ssl3.hs.resumptionMasterSecret = ssl_unwrapSymKey( wrapKey, sid->u.ssl3.masterWrapMech, NULL, &wrappedMS, CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, tls13_GetHashSizeForHash(hashType), - CKF_SIGN | CKF_VERIFY); + CKF_SIGN | CKF_VERIFY, ss->pkcs11PinArg); PK11_FreeSymKey(wrapKey); if (!ss->ssl3.hs.resumptionMasterSecret) { return SECFailure; diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 45392b9391b8..75c32f46c004 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,12 +19,12 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.43" +#define NSSUTIL_VERSION "3.44 Beta" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 43 +#define NSSUTIL_VMINOR 44 #define NSSUTIL_VPATCH 0 #define NSSUTIL_VBUILD 0 -#define NSSUTIL_BETA PR_FALSE +#define NSSUTIL_BETA PR_TRUE SEC_BEGIN_PROTOS diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh index b74de9be5356..616043cff16b 100755 --- a/security/nss/tests/cert/cert.sh +++ b/security/nss/tests/cert/cert.sh @@ -317,7 +317,7 @@ cert_create_cert() cert_add_cert() { CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1 if [ "$RET" -ne 0 ]; then return $RET @@ -343,7 +343,7 @@ cert_add_cert() # Generate and add DSA cert # CU_ACTION="Generate DSA Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 if [ "$RET" -ne 0 ]; then @@ -367,7 +367,7 @@ cert_add_cert() # Generate DSA certificate signed with RSA CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 if [ "$RET" -ne 0 ]; then @@ -398,7 +398,7 @@ cert_add_cert() # CURVE="secp384r1" CU_ACTION="Generate EC Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 if [ "$RET" -ne 0 ]; then @@ -422,7 +422,7 @@ cert_add_cert() # Generate EC certificate signed with RSA CU_ACTION="Generate mixed EC Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 if [ "$RET" -ne 0 ]; then @@ -455,7 +455,7 @@ cert_add_cert() grep 'TestUser-rsa-pss-interop$' | sed -n 's/^<.*> [^ ]\{1,\} *\([^ ]\{1,\}\).*/\1/p'` CU_ACTION="Generate RSA-PSS Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-rsa-pss@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-rsa-pss@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k ${KEYID} -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -873,15 +873,15 @@ cert_smime_client() ## call to cert_create_cert ends up creating two separate certs ## one for Eve and another for Eve-ec but they both end up with ## the same Subject Alt Name Extension, i.e., both the cert for -## Eve@bogus.com and the cert for Eve-ec@bogus.com end up -## listing eve@bogus.net in the Certificate Subject Alt Name extension. +## Eve@example.com and the cert for Eve-ec@example.com end up +## listing eve@example.net in the Certificate Subject Alt Name extension. ## This can cause a problem later when cmsutil attempts to create ## enveloped data and accidently picks up the ECC cert (NSS currently ## does not support ECC for enveloped data creation). This script ## avoids the problem by ensuring that these conflicting certs are ## never added to the same cert database (see comment marked XXXX). echo "$SCRIPTNAME: Creating multiEmail's Certificate --------------------" - cert_create_cert "${EVEDIR}" "Eve" 60 ${D_EVE} "-7 eve@bogus.net,eve@bogus.cc,beve@bogus.com" + cert_create_cert "${EVEDIR}" "Eve" 60 ${D_EVE} "-7 eve@example.net,eve@example.org,beve@example.com" #echo "************* Copying CA files to ${SERVERDIR}" #cp ${CADIR}/*.db . @@ -891,7 +891,7 @@ cert_smime_client() # #cd ${CERTDIR} #CU_ACTION="Creating ${CERTNAME}'s Server Cert" - #CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US" + #CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@example.com, O=BOGUS Netscape, L=Mountain View, ST=California, C=US" #certu -S -n "${CERTNAME}" -c "TestCA" -t "u,u,u" -m "$CERTSERIAL" \ # -d ${PROFILEDIR} -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -v 60 2>&1 @@ -975,7 +975,7 @@ cert_extended_ssl() modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1 CU_ACTION="Generate Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request (ext)" @@ -995,7 +995,7 @@ cert_extended_ssl() # Repeat the above for DSA certs # CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1017,7 +1017,7 @@ cert_extended_ssl() # Repeat again for mixed DSA certs # CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1040,7 +1040,7 @@ cert_extended_ssl() # EC_CURVE="secp256r1" CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1063,7 +1063,7 @@ cert_extended_ssl() # EC_CURVE="secp256r1" CU_ACTION="Generate mixed EC Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1124,7 +1124,7 @@ cert_extended_ssl() modu -add "RootCerts" -libfile "${ROOTCERTSFILE}" -dbdir "${PROFILEDIR}" 2>&1 CU_ACTION="Generate Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" \ -o req 2>&1 @@ -1144,7 +1144,7 @@ cert_extended_ssl() # Repeat the above for DSA certs # CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1167,7 +1167,7 @@ cert_extended_ssl() # Repeat the above for mixed DSA certs # CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1191,7 +1191,7 @@ cert_extended_ssl() # Repeat the above for EC certs # CU_ACTION="Generate EC Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1214,7 +1214,7 @@ cert_extended_ssl() # Repeat the above for mixed EC certs # CU_ACTION="Generate mixed EC Cert Request for $CERTNAME (ext)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ecmixed@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -k ec -q "${EC_CURVE}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1387,7 +1387,7 @@ MODSCRIPT RETEXPECTED=0 CU_ACTION="Generate Certificate for ${CERTNAME}" - CU_SUBJECT="CN=${CERTNAME}, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=${CERTNAME}, E=fips@example.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" certu -S -n ${FIPSCERTNICK} -x -t "Cu,Cu,Cu" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -k dsa -v 600 -m 500 -z "${R_NOISE_FILE}" 2>&1 if [ "$RET" -eq 0 ]; then cert_log "SUCCESS: FIPS passed" @@ -1439,7 +1439,7 @@ cert_eccurves() CERTNAME="Curve-${CURVE}" CERTSERIAL=`expr $CERTSERIAL + 1 ` CU_ACTION="Generate EC Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-ec@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -k ec -q "${CURVE}" -d "${PROFILEDIR}" -f "${R_PWFILE}" \ -z "${R_NOISE_FILE}" -o req 2>&1 @@ -1464,7 +1464,7 @@ cert_extensions_test() { COUNT=`expr ${COUNT} + 1` CERTNAME=TestExt${COUNT} - CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" echo echo certutil -d ${CERT_EXTENSIONS_DIR} -S -n ${CERTNAME} \ @@ -2026,7 +2026,7 @@ cert_test_password() # finally make sure we can use the old key with the new password CU_ACTION="Generate Certificate for ${CERTNAME} with new password" - CU_SUBJECT="CN=${CERTNAME}, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=${CERTNAME}, E=password@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -S -n PasswordCert -c PasswordCA -t "u,u,u" -d "${PROFILEDIR}" -f "${R_FIPSPWFILE}" -z "${R_NOISE_FILE}" 2>&1 if [ "$RET" -eq 0 ]; then cert_log "SUCCESS: PASSWORD passed" @@ -2055,7 +2055,7 @@ cert_test_distrust() certu -M -n "Distrusted" -t p,p,p -d ${PROFILEDIR} -f "${R_PWFILE}" 2>&1 echo "$SCRIPTNAME: Creating Distrusted Intermediate" CERTNAME="DistrustedCA" - ALL_CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + ALL_CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" cert_CA ${CADIR} "${CERTNAME}" "-c TestCA" ",," ${D_CA} 2010 2>&1 CU_ACTION="Import Distrusted Intermediate" certu -A -n "${CERTNAME}" -t "p,p,p" -f "${R_PWFILE}" -d "${PROFILEDIR}" \ @@ -2065,7 +2065,7 @@ cert_test_distrust() # since it's not signed by TestCA it requires more steps. CU_ACTION="Generate Cert Request for Leaf Chained to Distrusted CA" CERTNAME="LeafChainedToDistrustedCA" - CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=${CERTNAME}, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2205,7 +2205,7 @@ cert_test_rsapss() CERTNAME="TestUser-rsa-pss1" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2236,7 +2236,7 @@ EOF CERTNAME="TestUser-rsa-pss2" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2267,7 +2267,7 @@ EOF CERTNAME="TestUser-rsa-pss3" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2298,7 +2298,7 @@ EOF CERTNAME="TestUser-rsa-pss4" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2329,7 +2329,7 @@ EOF CERTNAME="TestUser-rsa-pss5" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2360,7 +2360,7 @@ EOF CERTNAME="TestUser-rsa-pss6" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2392,7 +2392,7 @@ EOF CERTNAME="TestUser-rsa-pss7" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2409,7 +2409,7 @@ EOF CERTNAME="TestUser-rsa-pss8" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2440,7 +2440,7 @@ EOF CERTNAME="TestUser-rsa-pss9" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2471,7 +2471,7 @@ EOF CERTNAME="TestUser-rsa-pss10" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2503,7 +2503,7 @@ EOF CERTNAME="TestUser-rsa-pss11" CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" @@ -2571,7 +2571,7 @@ cert_test_rsapss_policy() # Issuer certificate: RSA # Signature: RSA-PSS (explicit, with --pss-sign and -Z SHA1) CU_ACTION="Generate Cert Request for $CERTNAME" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" certu -R -d "${PROFILEDIR}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}" --pss -o req 2>&1 CU_ACTION="Sign ${CERTNAME}'s Request" diff --git a/security/nss/tests/common/certsetup.sh b/security/nss/tests/common/certsetup.sh index 2b5cef840b1b..f9ee459e126b 100644 --- a/security/nss/tests/common/certsetup.sh +++ b/security/nss/tests/common/certsetup.sh @@ -47,11 +47,12 @@ make_cert() { rsa_ca_rsapss_chain) type_args=(-g 1024 --pss-sign);sign=(-c rsa_ca);type=rsa;; ecdh_rsa) type_args=(-q nistp256);sign=(-c rsa_ca);type=ec ;; esac + msg="create certificate: $@" shift 2 counter=$(($counter + 1)) certscript $@ | ${BINDIR}/certutil -S \ - -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \ + -z "$R_NOISE_FILE" -d "$PROFILEDIR" \ -n $name -s "CN=$name" -t "$trust" "${sign[@]}" -m "$counter" \ -w -2 -v 120 -k "$type" "${type_args[@]}" "${sighash[@]}" -1 -2 - html_msg $? 0 "create certificate: $@" + html_msg $? 0 "$msg" } diff --git a/security/nss/tests/crmf/crmf.sh b/security/nss/tests/crmf/crmf.sh index 6059c19912ea..4e1f357822db 100644 --- a/security/nss/tests/crmf/crmf.sh +++ b/security/nss/tests/crmf/crmf.sh @@ -58,12 +58,12 @@ crmf_init() crmf_main() { echo "$SCRIPTNAME: CRMF/CMMF Tests ------------------------------" - echo "crmftest -d ${P_R_BOBDIR} -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode" - ${BINDIR}/crmftest -d ${P_R_BOBDIR} -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode + echo "crmftest -d ${P_R_BOBDIR} -p Bob -e dave@example.com -s TestCA -P nss crmf decode" + ${BINDIR}/crmftest -d ${P_R_BOBDIR} -p Bob -e dave@example.com -s TestCA -P nss crmf decode html_msg $? 0 "CRMF test" "." - echo "crmftest -d ${P_R_BOBDIR} -p Bob -e dave@bogus.com -s TestCA -P nss cmmf" - ${BINDIR}/crmftest -d ${P_R_BOBDIR} -p Bob -e dave@bogus.com -s TestCA -P nss cmmf + echo "crmftest -d ${P_R_BOBDIR} -p Bob -e dave@example.com -s TestCA -P nss cmmf" + ${BINDIR}/crmftest -d ${P_R_BOBDIR} -p Bob -e dave@example.com -s TestCA -P nss cmmf html_msg $? 0 "CMMF test" "." # Add tests for key recovery and challange as crmftest's capabilities increase diff --git a/security/nss/tests/gtests/gtests.sh b/security/nss/tests/gtests/gtests.sh index f9f3ca81c2e4..2b45e1ccda00 100755 --- a/security/nss/tests/gtests/gtests.sh +++ b/security/nss/tests/gtests/gtests.sh @@ -23,6 +23,7 @@ gtest_init() { cd "$(dirname "$1")" + pwd SOURCE_DIR="$PWD"/../.. if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then cd ../common @@ -30,11 +31,14 @@ gtest_init() fi SCRIPTNAME=gtests.sh + . "${QADIR}"/common/certsetup.sh if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for CLEANUP="${SCRIPTNAME}" # cleaning this script will do it fi + mkdir -p "${GTESTDIR}" + cd "${GTESTDIR}" } ########################## gtest_start ############################# @@ -48,20 +52,22 @@ gtest_start() html_unknown "Skipping $i (not built)" continue fi - GTESTDIR="${HOSTDIR}/$i" + DIR="${GTESTDIR}/$i" html_head "$i" - if [ ! -d "$GTESTDIR" ]; then - mkdir -p "$GTESTDIR" - echo "${BINDIR}/certutil" -N -d "$GTESTDIR" --empty-password 2>&1 - "${BINDIR}/certutil" -N -d "$GTESTDIR" --empty-password 2>&1 + if [ ! -d "$DIR" ]; then + mkdir -p "$DIR" + echo "${BINDIR}/certutil" -N -d "$DIR" --empty-password 2>&1 + "${BINDIR}/certutil" -N -d "$DIR" --empty-password 2>&1 + + PROFILEDIR="$DIR" make_cert dummy p256 sign fi - cd "$GTESTDIR" - GTESTREPORT="$GTESTDIR/report.xml" - PARSED_REPORT="$GTESTDIR/report.parsed" + pushd "$DIR" + GTESTREPORT="$DIR/report.xml" + PARSED_REPORT="$DIR/report.parsed" echo "executing $i" "${BINDIR}/$i" "${SOURCE_DIR}/gtests/freebl_gtest/kat/Hash_DRBG.rsp" \ - -d "$GTESTDIR" -w --gtest_output=xml:"${GTESTREPORT}" \ - --gtest_filter="${GTESTFILTER:-*}" + -d "$DIR" -w --gtest_output=xml:"${GTESTREPORT}" \ + --gtest_filter="${GTESTFILTER:-*}" html_msg $? 0 "$i run successfully" echo "test output dir: ${GTESTREPORT}" echo "executing sed to parse the xml report" @@ -76,14 +82,14 @@ gtest_start() html_failed_ignore_core "$name" fi done + popd done } gtest_cleanup() { html "
" - cd "${QADIR}" - . common/cleanup.sh + . "${QADIR}"/common/cleanup.sh } ################## main ################################################# diff --git a/security/nss/tests/iopr/cert_iopr.sh b/security/nss/tests/iopr/cert_iopr.sh index bb1bf047c250..b162a2d81ce1 100644 --- a/security/nss/tests/iopr/cert_iopr.sh +++ b/security/nss/tests/iopr/cert_iopr.sh @@ -252,7 +252,7 @@ download_install_certs() { CERTNAME=$HOSTADDR CU_ACTION="Generate Cert Request for $CERTNAME (ws: $host)" - CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@bogus.com, O=BOGUS NSS, \ + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}@example.com, O=BOGUS NSS, \ L=Mountain View, ST=California, C=US" certu -R -d "${sslServerDir}" -f "${R_PWFILE}" -z "${R_NOISE_FILE}"\ -o $sslServerDir/req 2>&1 diff --git a/security/nss/tests/iopr/server_scr/cert_gen.sh b/security/nss/tests/iopr/server_scr/cert_gen.sh index 17771ade1640..6611a0f416a2 100644 --- a/security/nss/tests/iopr/server_scr/cert_gen.sh +++ b/security/nss/tests/iopr/server_scr/cert_gen.sh @@ -116,7 +116,7 @@ createSignedCert() { echo Creating cert $certName-$keyType with SN=$certSN - CU_SUBJECT="CN=$certName, E=${certName}-${keyType}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=$certName, E=${certName}-${keyType}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" repAndExec \ certutil -R -d $dir -f "${PW_FILE}" -z "${NOISE_FILE}" \ -k $keyType -o $dir/req 2>&1 @@ -267,7 +267,7 @@ generateAndExportCACert() { certName=TestCA [ "$caName" ] && certName=$caName - CU_SUBJECT="CN=NSS IOPR Test CA $$, E=${certName}@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + CU_SUBJECT="CN=NSS IOPR Test CA $$, E=${certName}@example.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" repAndExec \ certutil -S -n $certName -t "CTu,CTu,CTu" -v 600 -x -d ${dir} -1 -2 \ -f ${PW_FILE} -z ${NOISE_FILE} -m `expr $$ + 2238` >&1 <*sFfuSSF*!9dH8WZm4>B+|IWRIXG%-0fGBq<=ksoK1 z4gnm0t-#%i0gabTt1j{WDnP)03=mNbTdF36nrCZ*#{9BRn~V0&mhPL#1$0P?V`r?@ zh#ZZ@aGsq9TG;*tZ=q3GvJ67nal(g33e8IUG~yqGjDg7%NK5wUA2A--<~TZ6HaL+y zhBNGqFSHhByNEs6ov2kIj#i}DQf0$bdh?|L-;=5VLw^ee00V)600tj5A$;5wR}@RX z?}tsG#(=vmO}#)OY;}NC2W4z~OhBbCqTc$6>-xT0d=qn|C3{|cAXm0$rlrNg07s9i zmw1ynd1y87p8v~D8xb3irkjlW`F{v;OMK=md+E(Vo{VUzWSMF*mFfuYQF*Y(aFg02j4>B+|GcYnTFfleVH83?=ksoK1 z4gnm0#8`MLqly$swk;Fu;;`jv0{?%bDTnJ&G{7zP&EQ-CH>W3sw3q#vR)s(T!;`83Lw^MY00V)60J{7%c%i`uP;5v- z$ldykS=g^VOozBslOSW^78s}csB8m8vBoZG;{h||QK$crYh&~E6yilu|*h_?)y z(zg%&GIyzjZJdN}u`Wp<>%LuG=BEnswO)?=VzMwpxl0AKdFabyL-}sXLL7eVy*Gr9 Rx4j?Lvk2Y(0ho9xtu~Lg@4SqR+!JMU6)X*m4NMFzO^r;A zqa^r^49qMI4B-L>ja?HJ{gqS=l;OHK8O6jxQj1GMi&KkC4IEM{5_1c3QYT9?n$@r6 zImN2eQFAG&UcB^<{Dlqdy6N{%DwoXq_hEV1mursu|$d!De! zgoDp-Jb$VXIqBU~eVav---<;s?tM9B&s1@HrVop~e|%YX$AURvc6`Mh8>R2<8Ee+^ zD81BjTe@S_tH&HXa}T`x-&&P=sOh`Z-ZJJXx9WSDm>C%uQGCeCz}(o#P|>g@gDEY1 zR&&AR$2X68Z*hG1{R z&$0A7;e74rGFO)g(Xj?wc1d^a^q#*%(dO7kDvEzUS?|F{T&dQDgQfEG_ dHRLpkUbyAq?2NCaty@;FeZ1?%+LIxtu~Lg@4SqRtP^E(6^spxjSLLUj7$wo zqa^r^49tuT4B-L>jU5ve{S}lA6ydr!8O20GQj1GMi&KkC4IGm4(@TpdOEa3)@BAZl zP4o4a&YySKWsC!&dNo@5zBfodaM>g#YJUB|?OpZ{L?b3YT6fpr!M^;n2ivxL=&rid zyN!2)`R6}}lB@3ZoZ9|Z`OEZ`-<-wtS|3MD*4pJevw`*Wd!umQcVF`E|LSY;O5I{H z!D7wla<H81Qm5|22&nDXrY*3>yFr_EfG%_O)A(=Y86$(w!2 zo9p}T&y5VuT{qh#pS)`{GM~=3nX&WuvgRF|JFP?(#jd=)-i(Rg>`Fwa_)#ef>xKK3 axp%P%y6T11tDYAwv-v+~g`K+j*?j;=6{INu diff --git a/security/nss/tests/libpkix/certs/TestUser51.cert b/security/nss/tests/libpkix/certs/TestUser51.cert index 1b45db286f34cb0ebf0bb2572ec3251af4721dbe..12c74e9f9792cd25a77e9c0fa8f630dfc9f027a9 100644 GIT binary patch delta 395 zcmaFP@{&c?pouBfpo#I^0%j&gCMHH>170>xtu~Lg@4SqR+!JMU6)X*m4NMFzO^r-V zq9pi@49qMI4B-L>ja?HJ{gqS=l;OHK8O6jxQj1GMi&KkC4INS|5_1c3QYT9?n$;ga z`9ffu@%qZI-*?9Cxp>9VW~Y9y_vVCGhOtvPviR2f{ahH3s*)^MJMm!AlrJUmvxM)T zI`!~cmQitj@9l48S2w&@Pt5ww-*x9teW#YQPQ|wgyi4@1#KuJYF0WkO?|1rSxqXfG zl4Lz6Z}rlNElZr|Iva{Iwv|dBdnTWMR?qBaeKHd>BLgFf4_O(Q8ygws2fplTa9Uid z-yp%p9B9P!Sg2fd)!8d664=v%z1#Nm{{Qw170>xtu~Lg@4SqRtP^E(6^spxjSLLUj7$y8 zq9pi@49tuT4B-L>jU5ve{S}lA6ydr!8O20GQj1GMi&KkC4IPs5(@TpdOEa3)?=Jey z(bWF8$mWsPC#{X_56{_cRS3?MDcxi6ec=uk`>8*r58EgksvrFkapBw7PunVsbn31g z-#GiJ{%)6>(-<|3_C(xyUM2if%A@Lk?UxO9AAT%9)>d-yL*iWd;C-D!J#*wlr2qH) zVb7Ohmp6NG<<_y&E0#%l?Y%Cm!M>sJj^K)VekNu{21XSBu`)0>HZsKKbf?YPd3FDS z_*~g0h4VRgpK~wJ{Be${X2lDY%SlH+ueqX(#8hR= zi#?w-j=iwET>jtZlFe>oslBCjk_Q{yYotY7_J^l6PkXDq~)Q#nDR~~g;q_N7P*WlC)2_X*vj3A{; diff --git a/security/nss/tests/libpkix/certs/make-ca-u50-u51 b/security/nss/tests/libpkix/certs/make-ca-u50-u51 index 5d8f920a9c15..9024e357dbed 100755 --- a/security/nss/tests/libpkix/certs/make-ca-u50-u51 +++ b/security/nss/tests/libpkix/certs/make-ca-u50-u51 @@ -26,9 +26,9 @@ n n CERTSCRIPT -certutil -S -z noise -g 1024 -d . -n u50 -s "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 50 -v 598 +certutil -S -z noise -g 1024 -d . -n u50 -s "CN=TestUser50,E=TestUser50@example.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 50 -v 598 -certutil -S -z noise -g 1024 -d . -n u51 -s "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 51 -v 598 +certutil -S -z noise -g 1024 -d . -n u51 -s "CN=TestUser51,E=TestUser51@example.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US" -t ,, -c ca -m 51 -v 598 certutil -d . -L -n ca -r > TestCA.ca.cert certutil -d . -L -n u50 -r > TestUser50.cert diff --git a/security/nss/tests/libpkix/certs/nss2alice b/security/nss/tests/libpkix/certs/nss2alice old mode 100755 new mode 100644 index 48172a5ed51a3e364dc18ab8a8f02a8f980df5e0..07ebff7ab2be829ef9b4ba8174a49176f7911658 GIT binary patch delta 57 zcmcb`a+ig}pouBcpo#I&M2>k(jSUkO{bdyllkbrTi+rR5A{*f_P?JlekVGIBDC@jK>ZCZ{?i<)@bx KZx&(nWCQ@Xi4Tzg diff --git a/security/nss/tests/smime/bob.txt b/security/nss/tests/smime/bob.txt index 330b2c94d576..5ec307f0b6bd 100644 --- a/security/nss/tests/smime/bob.txt +++ b/security/nss/tests/smime/bob.txt @@ -1,6 +1,6 @@ Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT) -From: bob@bogus.com +From: bob@example.com Subject: message Bob --> Alice -To: alice@bogus.com +To: alice@example.com This is a test message from Bob to Alice. diff --git a/security/nss/tests/smime/smime.sh b/security/nss/tests/smime/smime.sh index 02a2b843e9a0..f319d93ccb45 100755 --- a/security/nss/tests/smime/smime.sh +++ b/security/nss/tests/smime/smime.sh @@ -107,8 +107,8 @@ cms_sign() } header_mime_from_to_subject="MIME-Version: 1.0 -From: Alice@bogus.com -To: Bob@bogus.com +From: Alice@example.com +To: Bob@example.com Subject: " header_opaque_signed="Content-Type: application/pkcs7-mime; name=smime.p7m; @@ -167,7 +167,7 @@ mime_init() smime_enveloped() { - ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@bogus.com -i tb/alice.mime -d ${P_R_ALICEDIR} -p nss -o tb/alice.mime.env + ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@example.com -i tb/alice.mime -d ${P_R_ALICEDIR} -p nss -o tb/alice.mime.env OUT="tb/alice.env.eml" echo -n "${header_mime_from_to_subject}" >>${OUT} @@ -191,7 +191,7 @@ smime_signed_enveloped() cat tb/alice.mime.d${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT} echo "${multipart_end}" >>${OUT} - ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@bogus.com -i ${OUT} -d ${P_R_ALICEDIR} -p nss -o ${OUT}.env + ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@example.com -i ${OUT} -d ${P_R_ALICEDIR} -p nss -o ${OUT}.env OUT="tb/alice.d${SIG}.multipart.eml" echo -n "${header_mime_from_to_subject}" >>${OUT} @@ -213,7 +213,7 @@ smime_signed_enveloped() echo "$header_opaque_signed" >>${OUT} cat tb/alice.textplain.${SIG} | ${BINDIR}/btoa | sed 's/\r$//' >>${OUT} - ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@bogus.com -i ${OUT} -d ${P_R_ALICEDIR} -p nss -o ${OUT}.env + ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@example.com -i ${OUT} -d ${P_R_ALICEDIR} -p nss -o ${OUT}.env OUT="tb/alice.${SIG}.opaque.eml" echo -n "${header_mime_from_to_subject}" >>${OUT} @@ -301,9 +301,9 @@ smime_main() smime_signed_enveloped echo "$SCRIPTNAME: Enveloped Data Tests ------------------------------" - echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\" + echo "cmsutil -E -r bob@example.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\" echo " -o alice.env" - ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env + ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@example.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env html_msg $? 0 "Create Enveloped Data Alice" "." echo "cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1" @@ -317,23 +317,23 @@ smime_main() # multiple recip echo "$SCRIPTNAME: Testing multiple recipients ------------------------------" echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \\" - echo " -r bob@bogus.com,dave@bogus.com" + echo " -r bob@example.com,dave@example.com" ${PROFTOOL} ${BINDIR}/cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \ - -r bob@bogus.com,dave@bogus.com + -r bob@example.com,dave@example.com ret=$? html_msg $ret 0 "Create Multiple Recipients Enveloped Data Alice" "." if [ $ret != 0 ] ; then echo "certutil -L -d ${P_R_ALICEDIR}" ${BINDIR}/certutil -L -d ${P_R_ALICEDIR} - echo "certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com" - ${BINDIR}/certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com + echo "certutil -L -d ${P_R_ALICEDIR} -n dave@example.com" + ${BINDIR}/certutil -L -d ${P_R_ALICEDIR} -n dave@example.com fi echo "$SCRIPTNAME: Testing multiple email addrs ------------------------------" echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \\" - echo " -r eve@bogus.net" + echo " -r eve@example.net" ${PROFTOOL} ${BINDIR}/cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \ - -r eve@bogus.net + -r eve@example.net ret=$? html_msg $ret 0 "Encrypt to a Multiple Email cert" "." @@ -359,9 +359,9 @@ smime_main() html_msg $? 0 "Compare Decoded with Multiple Email cert" "." echo "$SCRIPTNAME: Sending CERTS-ONLY Message ------------------------------" - echo "cmsutil -O -r \"Alice,bob@bogus.com,dave@bogus.com\" \\" + echo "cmsutil -O -r \"Alice,bob@example.com,dave@example.com\" \\" echo " -d ${P_R_ALICEDIR} > co.der" - ${PROFTOOL} ${BINDIR}/cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${P_R_ALICEDIR} > co.der + ${PROFTOOL} ${BINDIR}/cmsutil -O -r "Alice,bob@example.com,dave@example.com" -d ${P_R_ALICEDIR} > co.der html_msg $? 0 "Create Certs-Only Alice" "." echo "cmsutil -D -i co.der -d ${P_R_BOBDIR}" @@ -370,9 +370,9 @@ smime_main() echo "$SCRIPTNAME: Encrypted-Data Message ---------------------------------" echo "cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \\" - echo " -r \"bob@bogus.com\" > alice.enc" + echo " -r \"bob@example.com\" > alice.enc" ${PROFTOOL} ${BINDIR}/cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \ - -r "bob@bogus.com" > alice.enc + -r "bob@example.com" > alice.enc html_msg $? 0 "Create Encrypted-Data" "." echo "cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss \\" From 235478b9348f3ddf773d388bfa6cbda1743ebb65 Mon Sep 17 00:00:00 2001 From: Daniel Varga Date: Wed, 27 Mar 2019 01:51:36 +0200 Subject: [PATCH 15/16] Backed out 2 changesets (bug 1534211, bug 1533651) for xpcshell failure at devtools/client/responsive.html/test/unit/test_change_device.js on a CLOSED TREE Backed out changeset 00f84bd04433 (bug 1534211) Backed out changeset a36496b378c7 (bug 1533651) --- dom/base/nsGlobalWindowInner.cpp | 2 -- dom/quota/ActorsParent.cpp | 13 ++++--------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/dom/base/nsGlobalWindowInner.cpp b/dom/base/nsGlobalWindowInner.cpp index 6c1270cd9c58..d25a0ec10d47 100644 --- a/dom/base/nsGlobalWindowInner.cpp +++ b/dom/base/nsGlobalWindowInner.cpp @@ -1230,8 +1230,6 @@ void nsGlobalWindowInner::FreeInnerObjects() { mExternal = nullptr; mInstallTrigger = nullptr; - mLocalStorage = nullptr; - mSessionStorage = nullptr; mPerformance = nullptr; mSharedWorkers.Clear(); diff --git a/dom/quota/ActorsParent.cpp b/dom/quota/ActorsParent.cpp index 4020f5a074ef..7a6da665913b 100644 --- a/dom/quota/ActorsParent.cpp +++ b/dom/quota/ActorsParent.cpp @@ -1375,7 +1375,7 @@ void ReportInternalError(const char* aFile, uint32_t aLine, const char* aStr) { namespace { -StaticAutoPtr gBaseDirPath; +nsString gBaseDirPath; #ifdef DEBUG bool gQuotaManagerInitialized = false; @@ -2499,9 +2499,6 @@ QuotaManager::Observer::Observe(nsISupports* aSubject, const char* aTopic, nsresult rv; if (!strcmp(aTopic, kProfileDoChangeTopic)) { - MOZ_ASSERT(!gBaseDirPath); - gBaseDirPath = new nsString(); - nsCOMPtr baseDir; rv = NS_GetSpecialDirectory(NS_APP_INDEXEDDB_PARENT_DIR, getter_AddRefs(baseDir)); @@ -2513,7 +2510,7 @@ QuotaManager::Observer::Observe(nsISupports* aSubject, const char* aTopic, return rv; } - rv = baseDir->GetPath(*gBaseDirPath); + rv = baseDir->GetPath(gBaseDirPath); if (NS_WARN_IF(NS_FAILED(rv))) { return rv; } @@ -2545,8 +2542,7 @@ QuotaManager::Observer::Observe(nsISupports* aSubject, const char* aTopic, MOZ_ALWAYS_TRUE(SpinEventLoopUntil([&]() { return mShutdownComplete; })); - MOZ_ASSERT(gBaseDirPath); - gBaseDirPath = nullptr; + gBaseDirPath.Truncate(); return NS_OK; } @@ -2907,7 +2903,6 @@ nsresult QuotaManager::Initialize() { void QuotaManager::GetOrCreate(nsIRunnable* aCallback, nsIEventTarget* aMainEventTarget) { AssertIsOnBackgroundThread(); - MOZ_ASSERT(gBaseDirPath); if (IsShuttingDown()) { MOZ_ASSERT(false, "Calling GetOrCreate() after shutdown!"); @@ -2919,7 +2914,7 @@ void QuotaManager::GetOrCreate(nsIRunnable* aCallback, } else { RefPtr manager = new QuotaManager(); - nsresult rv = manager->Init(*gBaseDirPath); + nsresult rv = manager->Init(gBaseDirPath); if (NS_WARN_IF(NS_FAILED(rv))) { gCreateFailed = true; } else { From 9c165b28d3d439a8d61ff4574988a36ec27fbbcc Mon Sep 17 00:00:00 2001 From: Jeff Walden Date: Tue, 26 Mar 2019 16:32:42 -0700 Subject: [PATCH 16/16] Bug 1537536 - Forcibly generate Rust bindings for the JS::RootedValue typedef now that it happens the Rust bindings never themselves use the typedef. r=bustage --HG-- extra : rebase_source : 171442f8da86a99ea0d6ad5b058825db2609705f --- js/rust/build.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/js/rust/build.rs b/js/rust/build.rs index e6a44495ee09..a3da9cca5844 100644 --- a/js/rust/build.rs +++ b/js/rust/build.rs @@ -221,6 +221,7 @@ const WHITELIST_TYPES: &'static [&'static str] = &[ "JS::PropertyDescriptor", "JS::Rooted", "JS::RootedObject", + "JS::RootedValue", "JS::RootingContext", "JS::RootKind", "js::Scalar::Type",