Skip to content

Commit

Permalink
Bug 1370890 - land NSS f212be04f3d0 UPGRADE_NSS_RELEASE, r=me
Browse files Browse the repository at this point in the history
  • Loading branch information
@franziskuskiefer
franziskuskiefer committed Jul 24, 2017
1 parent 56a1090 commit 226adc2
Show file tree
Hide file tree
Showing 10 changed files with 193 additions and 1,954 deletions.
1 change: 1 addition & 0 deletions security/nss/.gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,4 @@ GTAGS
fuzz/libFuzzer/*
fuzz/corpus
fuzz/out
.chk
2 changes: 1 addition & 1 deletion security/nss/TAG-INFO
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
825e5d444e99
f212be04f3d0
1 change: 1 addition & 0 deletions security/nss/coreconf/coreconf.dep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@
*/

#error "Do not include this header file."

11 changes: 6 additions & 5 deletions security/nss/fuzz/config/git-copy.sh
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/sh
#!/usr/bin/env bash

set -e

Expand All @@ -15,18 +15,19 @@ echo "Copy '$COMMIT' from '$REPO' to '$DIR'"
if [ -f $DIR/.git-copy ]; then
CURRENT=$(cat $DIR/.git-copy)
if [ $(echo -n $COMMIT | wc -c) != "40" ]; then
# On the off chance that $COMMIT is a remote head.
ACTUAL=$(git ls-remote $REPO $COMMIT | cut -c 1-40 -)
else
ACTUAL=$COMMIT
fi
if [ CURRENT = ACTUAL ]; then
if [ "$CURRENT" = "$ACTUAL" ]; then
echo "Up to date."
exit
fi
fi

mkdir -p $DIR
git -C $DIR init -q
git init -q $DIR
git -C $DIR fetch -q --depth=1 $REPO $COMMIT:git-copy-tmp
git -C $DIR reset --hard git-copy-tmp
git -C $DIR show-ref HEAD | cut -c 1-40 - > $DIR/.git-copy
git -C $DIR rev-parse --verify HEAD > $DIR/.git-copy
rm -rf $DIR/.git
2,070 changes: 134 additions & 1,936 deletions security/nss/lib/ckfw/builtins/certdata.txt
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions security/nss/lib/ckfw/builtins/nssckbi.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@
* It's recommend to switch back to 0 after having reached version 98/99.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 14
#define NSS_BUILTINS_LIBRARY_VERSION "2.14"
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 16
#define NSS_BUILTINS_LIBRARY_VERSION "2.16"

/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
Expand Down
13 changes: 7 additions & 6 deletions security/nss/lib/dev/devslot.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,15 +226,16 @@ nssSlot_GetToken(
NSSSlot *slot)
{
NSSToken *rvToken = NULL;
nssSlot_EnterMonitor(slot);

/* Even if a token should be present, check `slot->token` too as it
* might be gone already. This would happen mostly on shutdown. */
if (nssSlot_IsTokenPresent(slot) && slot->token) {
rvToken = nssToken_AddRef(slot->token);
if (nssSlot_IsTokenPresent(slot)) {
/* Even if a token should be present, check `slot->token` too as it
* might be gone already. This would happen mostly on shutdown. */
nssSlot_EnterMonitor(slot);
if (slot->token)
rvToken = nssToken_AddRef(slot->token);
nssSlot_ExitMonitor(slot);
}

nssSlot_ExitMonitor(slot);
return rvToken;
}

Expand Down
35 changes: 35 additions & 0 deletions security/nss/lib/softoken/pkcs11c.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2639,6 +2639,11 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,

#define INIT_HMAC_MECH(mmm) \
case CKM_##mmm##_HMAC_GENERAL: \
PORT_Assert(pMechanism->pParameter); \
if (!pMechanism->pParameter) { \
crv = CKR_MECHANISM_PARAM_INVALID; \
break; \
} \
crv = sftk_doHMACInit(context, HASH_Alg##mmm, key, \
*(CK_ULONG *)pMechanism->pParameter); \
break; \
Expand All @@ -2654,6 +2659,11 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
INIT_HMAC_MECH(SHA512)

case CKM_SHA_1_HMAC_GENERAL:
PORT_Assert(pMechanism->pParameter);
if (!pMechanism->pParameter) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
crv = sftk_doHMACInit(context, HASH_AlgSHA1, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
Expand All @@ -2662,10 +2672,20 @@ NSC_SignInit(CK_SESSION_HANDLE hSession,
break;

case CKM_SSL3_MD5_MAC:
PORT_Assert(pMechanism->pParameter);
if (!pMechanism->pParameter) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
case CKM_SSL3_SHA1_MAC:
PORT_Assert(pMechanism->pParameter);
if (!pMechanism->pParameter) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
Expand Down Expand Up @@ -3314,6 +3334,11 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
INIT_HMAC_MECH(SHA512)

case CKM_SHA_1_HMAC_GENERAL:
PORT_Assert(pMechanism->pParameter);
if (!pMechanism->pParameter) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
crv = sftk_doHMACInit(context, HASH_AlgSHA1, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
Expand All @@ -3322,10 +3347,20 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
break;

case CKM_SSL3_MD5_MAC:
PORT_Assert(pMechanism->pParameter);
if (!pMechanism->pParameter) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
crv = sftk_doSSLMACInit(context, SEC_OID_MD5, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
case CKM_SSL3_SHA1_MAC:
PORT_Assert(pMechanism->pParameter);
if (!pMechanism->pParameter) {
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
crv = sftk_doSSLMACInit(context, SEC_OID_SHA1, key,
*(CK_ULONG *)pMechanism->pParameter);
break;
Expand Down
2 changes: 1 addition & 1 deletion security/nss/mach
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ class cfAction(argparse.Action):
for file in files:
with open(os.path.join(dirname, file), "rb") as f:
hash.update(f.read())
chk_file = cwd + "/out/.chk"
chk_file = cwd + "/.chk"
old_chk = ""
new_chk = hash.hexdigest()
if os.path.exists(chk_file):
Expand Down
8 changes: 5 additions & 3 deletions security/nss/tests/interop/interop.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,15 @@ interop_init()
if [ ! -d "$INTEROP" ]; then
git clone -q https://github.com/mozilla/tls-interop "$INTEROP"
fi
INTEROP=$(cd "$INTEROP";pwd -P)

# We use the BoringSSL keyfiles
BORING=${BORING:=boringssl}
if [ ! -d "$BORING" ]; then
git clone -q https://boringssl.googlesource.com/boringssl "$BORING"
git -C "$BORING" checkout -q ea80f9d5df4c302de391e999395e1c87f9c786b3
fi
BORING=$(cd "$BORING";pwd -P)

SCRIPTNAME="interop.sh"
html_head "interop test"
Expand All @@ -53,7 +55,7 @@ interop_run()
server=$3

(cd "$INTEROP";
cargo run -- --client ${client} --server ${server} --rootdir ../${BORING}/ssl/test/runner/ --test-cases cases.json) 2>interop-${test_name}.errors | tee interop-${test_name}.log
cargo run -- --client "$client" --server "$server" --rootdir "$BORING"/ssl/test/runner/ --test-cases cases.json) 2>interop-${test_name}.errors | tee interop-${test_name}.log
html_msg "${PIPESTATUS[0]}" 0 "Interop" "Run successfully"
grep -i 'FAILED\|Assertion failure' interop-${test_name}.errors
html_msg $? 1 "Interop" "No failures"
Expand All @@ -62,7 +64,7 @@ interop_run()
cd "$(dirname "$0")"
SOURCE_DIR="$PWD"/../..
interop_init
NSS_SHIM="${BINDIR}"/nss_bogo_shim
BORING_SHIM="../${BORING}"/build/ssl/test/bssl_shim
NSS_SHIM="$BINDIR"/nss_bogo_shim
BORING_SHIM="$BORING"/build/ssl/test/bssl_shim
interop_run "nss_nss" ${NSS_SHIM} ${NSS_SHIM}
interop_cleanup

0 comments on commit 226adc2

Please sign in to comment.