roytam1/mozilla45esr
1
0
Fork 0
mirror of https://github.com/roytam1/mozilla45esr.git synced 2026-05-26 15:39:48 +00:00
Code Issues Projects Releases Wiki Activity

update NSS to git rev e76a339d424a5fad9bc42a7e91154a4dd89b83f3 with nss339-vc2013.diff applied

Browse Source
This commit is contained in:
Roy Tam
2019-01-27 08:06:54 +08:00
parent b2079811c6
commit 2ebe1a28d8
31 changed files with 738 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/nss/.arcconfig
+5
View File
@@ -0,0 +1,5 @@
{
"phabricator.uri" : "https://phabricator.services.mozilla.com/",
"repository.callsign": "NSS",
"history.immutable": false
}
security/nss/automation/abi-check/expected-report-libnsssysinit.so.txt
+8
View File
@@ -0,0 +1,8 @@
Function symbols changes summary: 2 Removed, 0 Added function symbols not referenced by debug info
Variable symbols changes summary: 0 Removed, 0 Added variable symbol not referenced by debug info
2 Removed function symbols not referenced by debug info:
_fini
_init
security/nss/build.sh
+4
View File
@@ -50,6 +50,7 @@ fuzz=0
fuzz_tls=0
fuzz_oss=0
no_local_nspr=0
sslkeylogfile=1
gyp_params=(--depth="$cwd" --generator-output=".")
ninja_params=()
@@ -103,6 +104,7 @@ while [ $# -gt 0 ]; do
--enable-fips) gyp_params+=(-Ddisable_fips=0) ;;
--enable-libpkix) gyp_params+=(-Ddisable_libpkix=0) ;;
--mozpkix-only) gyp_params+=(-Dmozpkix_only=1 -Ddisable_tests=1 -Dsign_libs=0) ;;
--disable-keylog) sslkeylogfile=0 ;;
*) show_help; exit 2 ;;
esac
shift
@@ -116,6 +118,8 @@ else
target=Debug
fi
gyp_params+=(-Denable_sslkeylogfile="$sslkeylogfile")
# Do special setup.
if [ "$fuzz" = 1 ]; then
source "$cwd"/coreconf/fuzz.sh
security/nss/coreconf/OS2.mk
-2
View File
@@ -39,8 +39,6 @@ HIGHMEM_LDFLAG = -Zhigh-mem
endif
ifndef NO_SHARED_LIB
WRAP_MALLOC_LIB =
WRAP_MALLOC_CFLAGS =
DSO_CFLAGS =
DSO_PIC_CFLAGS =
MKSHLIB = $(CXX) $(CXXFLAGS) $(DSO_LDOPTS) -o $@
security/nss/gtests/Makefile
+10
View File
@@ -26,6 +26,16 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
# Don't build sysinit gtests unless we are also building libnsssysinit.
# See lib/Makefile for the corresponding rules.
ifndef MOZILLA_CLIENT
ifeq ($(OS_ARCH),Linux)
ifneq ($(NSS_BUILD_UTIL_ONLY),1)
SYSINIT_GTEST=sysinit_gtest
endif
endif
endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
security/nss/gtests/manifest.mn
+1
View File
@@ -26,6 +26,7 @@ NSS_SRCDIRS = \
pk11_gtest \
softoken_gtest \
ssl_gtest \
$(SYSINIT_GTEST) \
nss_bogo_shim \
$(NULL)
endif
security/nss/gtests/ssl_gtest/Makefile
+6
View File
@@ -36,6 +36,12 @@ CPPSRCS := $(filter-out $(shell grep -l '^TEST_F' $(CPPSRCS)), $(CPPSRCS))
CFLAGS += -DNSS_DISABLE_TLS_1_3
endif
ifdef NSS_ALLOW_SSLKEYLOGFILE
SSLKEYLOGFILE_FILES = ssl_keylog_unittest.cc
else
SSLKEYLOGFILE_FILES = $(NULL)
endif
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
security/nss/gtests/ssl_gtest/manifest.mn
+2 -1
View File
@@ -20,6 +20,7 @@ CPPSRCS = \
ssl_ciphersuite_unittest.cc \
ssl_custext_unittest.cc \
ssl_damage_unittest.cc \
ssl_debug_env_unittest.cc \
ssl_dhe_unittest.cc \
ssl_drop_unittest.cc \
ssl_ecdh_unittest.cc \
@@ -31,7 +32,6 @@ CPPSRCS = \
ssl_gather_unittest.cc \
ssl_gtest.cc \
ssl_hrr_unittest.cc \
ssl_keylog_unittest.cc \
ssl_keyupdate_unittest.cc \
ssl_loopback_unittest.cc \
ssl_misc_unittest.cc \
@@ -53,6 +53,7 @@ CPPSRCS = \
tls_filter.cc \
tls_protect.cc \
tls_esni_unittest.cc \
$(SSLKEYLOGFILE_FILES) \
$(NULL)
INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
security/nss/gtests/ssl_gtest/ssl_debug_env_unittest.cc
+53
View File
@@ -0,0 +1,53 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <cstdlib>
#include <fstream>
#include <sstream>
#include "gtest_utils.h"
#include "tls_connect.h"
namespace nss_test {
extern "C" {
extern FILE* ssl_trace_iob;
#ifdef NSS_ALLOW_SSLKEYLOGFILE
extern FILE* ssl_keylog_iob;
#endif
}
// These tests ensure that when the associated environment variables are unset
// that the lazily-initialized defaults are what they are supposed to be.
#ifdef DEBUG
TEST_P(TlsConnectGeneric, DebugEnvTraceFileNotSet) {
char* ev = PR_GetEnvSecure("SSLDEBUGFILE");
if (ev && ev[0]) {
// note: should use GTEST_SKIP when GTest gets updated to support it
return;
}
Connect();
EXPECT_EQ(stderr, ssl_trace_iob);
}
#endif
#ifdef NSS_ALLOW_SSLKEYLOGFILE
TEST_P(TlsConnectGeneric, DebugEnvKeylogFileNotSet) {
char* ev = PR_GetEnvSecure("SSLKEYLOGFILE");
if (ev && ev[0]) {
// note: should use GTEST_SKIP when GTest gets updated to support it
return;
}
Connect();
EXPECT_EQ(nullptr, ssl_keylog_iob);
}
#endif
} // namespace nss_test
security/nss/gtests/ssl_gtest/ssl_gtest.gyp
+10 -2
View File
@@ -21,6 +21,7 @@
'ssl_ciphersuite_unittest.cc',
'ssl_custext_unittest.cc',
'ssl_damage_unittest.cc',
'ssl_debug_env_unittest.cc',
'ssl_dhe_unittest.cc',
'ssl_drop_unittest.cc',
'ssl_ecdh_unittest.cc',
@@ -32,7 +33,6 @@
'ssl_gather_unittest.cc',
'ssl_gtest.cc',
'ssl_hrr_unittest.cc',
'ssl_keylog_unittest.cc',
'ssl_keyupdate_unittest.cc',
'ssl_loopback_unittest.cc',
'ssl_misc_unittest.cc',
@@ -91,6 +91,14 @@
'<(DEPTH)/lib/dbm/src/src.gyp:dbm',
],
}],
[ 'enable_sslkeylogfile==1', {
'sources': [
'ssl_keylog_unittest.cc',
],
'defines': [
'NSS_ALLOW_SSLKEYLOGFILE',
],
}],
],
}
],
@@ -99,7 +107,7 @@
'../../lib/ssl'
],
'defines': [
'NSS_USE_STATIC_LIBS'
'NSS_USE_STATIC_LIBS',
],
},
'variables': {
security/nss/gtests/ssl_gtest/ssl_keylog_unittest.cc
+79 -33
View File
@@ -4,8 +4,6 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifdef NSS_ALLOW_SSLKEYLOGFILE
#include <cstdlib>
#include <fstream>
#include <sstream>
@@ -15,20 +13,59 @@
namespace nss_test {
static const std::string keylog_file_path = "keylog.txt";
static const std::string keylog_env = "SSLKEYLOGFILE=" + keylog_file_path;
static const std::string kKeylogFilePath = "keylog.txt";
static const std::string kKeylogBlankEnv = "SSLKEYLOGFILE=";
static const std::string kKeylogSetEnv = kKeylogBlankEnv + kKeylogFilePath;
extern "C" {
extern FILE* ssl_keylog_iob;
}
class KeyLogFileTestBase : public TlsConnectGeneric {
private:
std::string env_to_set_;
class KeyLogFileTest : public TlsConnectGeneric {
public:
virtual void CheckKeyLog() = 0;
KeyLogFileTestBase(std::string env) : env_to_set_(env) {}
void SetUp() override {
TlsConnectGeneric::SetUp();
// Remove previous results (if any).
(void)remove(keylog_file_path.c_str());
PR_SetEnv(keylog_env.c_str());
(void)remove(kKeylogFilePath.c_str());
PR_SetEnv(env_to_set_.c_str());
}
void CheckKeyLog() {
std::ifstream f(keylog_file_path);
void ConnectAndCheck() {
// This is a child process, ensure that error messages immediately
// propagate or else it will not be visible.
::testing::GTEST_FLAG(throw_on_failure) = true;
if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
SetupForZeroRtt();
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
ZeroRttSendReceive(true, true);
Handshake();
ExpectEarlyDataAccepted(true);
CheckConnected();
SendReceive();
} else {
Connect();
}
CheckKeyLog();
_exit(0);
}
};
class KeyLogFileTest : public KeyLogFileTestBase {
public:
KeyLogFileTest() : KeyLogFileTestBase(kKeylogSetEnv) {}
void CheckKeyLog() override {
std::ifstream f(kKeylogFilePath);
std::map<std::string, size_t> labels;
std::set<std::string> client_randoms;
for (std::string line; std::getline(f, line);) {
@@ -65,28 +102,6 @@ class KeyLogFileTest : public TlsConnectGeneric {
ASSERT_EQ(4U, labels["EXPORTER_SECRET"]);
}
}
void ConnectAndCheck() {
// This is a child process, ensure that error messages immediately
// propagate or else it will not be visible.
::testing::GTEST_FLAG(throw_on_failure) = true;
if (version_ == SSL_LIBRARY_VERSION_TLS_1_3) {
SetupForZeroRtt();
client_->Set0RttEnabled(true);
server_->Set0RttEnabled(true);
ExpectResumption(RESUME_TICKET);
ZeroRttSendReceive(true, true);
Handshake();
ExpectEarlyDataAccepted(true);
CheckConnected();
SendReceive();
} else {
Connect();
}
CheckKeyLog();
_exit(0);
}
};
// Tests are run in a separate process to ensure that NSS is not initialized yet
@@ -113,6 +128,37 @@ INSTANTIATE_TEST_CASE_P(
TlsConnectTestBase::kTlsV13));
#endif
} // namespace nss_test
class KeyLogFileUnsetTest : public KeyLogFileTestBase {
public:
KeyLogFileUnsetTest() : KeyLogFileTestBase(kKeylogBlankEnv) {}
#endif // NSS_ALLOW_SSLKEYLOGFILE
void CheckKeyLog() override {
std::ifstream f(kKeylogFilePath);
EXPECT_FALSE(f.good());
EXPECT_EQ(nullptr, ssl_keylog_iob);
}
};
TEST_P(KeyLogFileUnsetTest, KeyLogFile) {
testing::GTEST_FLAG(death_test_style) = "threadsafe";
ASSERT_EXIT(ConnectAndCheck(), ::testing::ExitedWithCode(0), "");
}
INSTANTIATE_TEST_CASE_P(
KeyLogFileDTLS12, KeyLogFileUnsetTest,
::testing::Combine(TlsConnectTestBase::kTlsVariantsDatagram,
TlsConnectTestBase::kTlsV11V12));
INSTANTIATE_TEST_CASE_P(
KeyLogFileTLS12, KeyLogFileUnsetTest,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV10ToV12));
#ifndef NSS_DISABLE_TLS_1_3
INSTANTIATE_TEST_CASE_P(
KeyLogFileTLS13, KeyLogFileUnsetTest,
::testing::Combine(TlsConnectTestBase::kTlsVariantsStream,
TlsConnectTestBase::kTlsV13));
#endif
} // namespace nss_test
security/nss/gtests/sysinit_gtest/Makefile
+43
View File
@@ -0,0 +1,43 @@
#! gmake
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#######################################################################
# (1) Include initial platform-independent assignments (MANDATORY). #
#######################################################################
include manifest.mn
#######################################################################
# (2) Include "global" configuration information. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
include ../common/gtest.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
security/nss/gtests/sysinit_gtest/getUserDB_unittest.cc
+164
View File
@@ -0,0 +1,164 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "gtest/gtest.h"
#include "prenv.h"
#include "seccomon.h"
#include <stdlib.h>
#include <string>
#include <unistd.h>
#include <sys/stat.h>
namespace nss_test {
// Return the path to user's NSS database.
extern "C" char *getUserDB(void);
class Sysinit : public ::testing::Test {
protected:
void SetUp() {
home_var_ = PR_GetEnvSecure("HOME");
if (home_var_) {
old_home_dir_ = home_var_;
}
xdg_data_home_var_ = PR_GetEnvSecure("XDG_DATA_HOME");
if (xdg_data_home_var_) {
old_xdg_data_home_ = xdg_data_home_var_;
ASSERT_EQ(0, unsetenv("XDG_DATA_HOME"));
}
char tmp[] = "/tmp/nss-tmp.XXXXXX";
tmp_home_ = mkdtemp(tmp);
ASSERT_EQ(0, setenv("HOME", tmp_home_.c_str(), 1));
}
void TearDown() {
// Set HOME back to original
if (home_var_) {
ASSERT_EQ(0, setenv("HOME", old_home_dir_.c_str(), 1));
} else {
ASSERT_EQ(0, unsetenv("HOME"));
}
// Set XDG_DATA_HOME back to original
if (xdg_data_home_var_) {
ASSERT_EQ(0, setenv("XDG_DATA_HOME", old_xdg_data_home_.c_str(), 1));
}
// Remove test dirs.
if (!nssdir_.empty()) {
ASSERT_EQ(0, RemoveEmptyDirsFromStart(nssdir_, tmp_home_));
}
}
// Remove all dirs within @start from @path containing only empty dirs.
// Assumes @start already exists.
// Upon successful completion, return 0. Otherwise, -1.
static int RemoveEmptyDirsFromStart(std::string path, std::string start) {
if (path.find(start) == std::string::npos) {
return -1;
}
std::string temp = path;
if (rmdir(temp.c_str())) {
return -1;
}
for (size_t i = temp.length() - 1; i > start.length(); --i) {
if (temp[i] == '/') {
temp[i] = '\0';
if (rmdir(temp.c_str())) {
return -1;
}
}
}
if (rmdir(start.c_str())) {
return -1;
}
return 0;
}
// Create empty dirs appending @path to @start with mode @mode.
// Assumes @start already exists.
// Upon successful completion, return the string @start + @path.
static std::string CreateEmptyDirsFromStart(std::string start,
std::string path, mode_t mode) {
std::string temp = start + "/";
for (size_t i = 1; i < path.length(); ++i) {
if (path[i] == '/') {
EXPECT_EQ(0, mkdir(temp.c_str(), mode));
}
temp += path[i];
}
// We reach the end of string before the last dir is created
EXPECT_EQ(0, mkdir(temp.c_str(), mode));
return temp;
}
char *home_var_;
char *xdg_data_home_var_;
std::string old_home_dir_;
std::string old_xdg_data_home_;
std::string nssdir_;
std::string tmp_home_;
};
class SysinitSetXdgUserDataHome : public Sysinit {
protected:
void SetUp() {
Sysinit::SetUp();
ASSERT_EQ(0, setenv("XDG_DATA_HOME", tmp_home_.c_str(), 1));
}
};
class SysinitSetTrashXdgUserDataHome : public Sysinit {
protected:
void SetUp() {
Sysinit::SetUp();
std::string trashPath = tmp_home_ + "/this/path/does/not/exist";
ASSERT_EQ(0, setenv("XDG_DATA_HOME", trashPath.c_str(), 1));
}
void TearDown() {
ASSERT_EQ(0, rmdir(tmp_home_.c_str()));
Sysinit::TearDown();
}
};
// Check if $HOME/.pki/nssdb is used if it exists
TEST_F(Sysinit, LegacyPath) {
nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/.pki/nssdb", 0760);
char *nssdb = getUserDB();
ASSERT_EQ(nssdir_, nssdb);
PORT_Free(nssdb);
}
// Check if $HOME/.local/share/pki/nssdb is used if:
// - $HOME/.pki/nssdb does not exist;
// - XDG_DATA_HOME is not set.
TEST_F(Sysinit, XdgDefaultPath) {
nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/.local/share", 0755);
nssdir_ = CreateEmptyDirsFromStart(nssdir_, "/pki/nssdb", 0760);
char *nssdb = getUserDB();
ASSERT_EQ(nssdir_, nssdb);
PORT_Free(nssdb);
}
// Check if ${XDG_DATA_HOME}/pki/nssdb is used if:
// - $HOME/.pki/nssdb does not exist;
// - XDG_DATA_HOME is set and the path exists.
TEST_F(SysinitSetXdgUserDataHome, XdgSetPath) {
// XDG_DATA_HOME is set to HOME
nssdir_ = CreateEmptyDirsFromStart(tmp_home_, "/pki/nssdb", 0760);
char *nssdb = getUserDB();
ASSERT_EQ(nssdir_, nssdb);
PORT_Free(nssdb);
}
// Check if it fails when:
// - XDG_DATA_HOME is set to a path that does not exist;
// - $HOME/.pki/nssdb also does not exist. */
TEST_F(SysinitSetTrashXdgUserDataHome, XdgSetToTrashPath) {
char *nssdb = getUserDB();
ASSERT_EQ(nullptr, nssdb);
}
} // namespace nss_test
security/nss/gtests/sysinit_gtest/manifest.mn
+27
View File
@@ -0,0 +1,27 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
DEPTH = ../..
MODULE = nss
CPPSRCS = \
getUserDB_unittest.cc \
sysinit_gtest.cc \
$(NULL)
INCLUDES += -I$(CORE_DEPTH)/gtests/google_test/gtest/include \
-I$(CORE_DEPTH)/gtests/common
REQUIRES = nspr nss libdbm gtest
PROGRAM = sysinit_gtest
EXTRA_LIBS = \
$(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX) $(EXTRA_OBJS) \
$(DIST)/lib/$(LIB_PREFIX)nsssysinit.$(LIB_SUFFIX) \
$(NULL)
USE_STATIC_LIBS = 1
security/nss/gtests/sysinit_gtest/sysinit_gtest.cc
+9
View File
@@ -0,0 +1,9 @@
#define GTEST_HAS_RTTI 0
#include "gtest/gtest.h"
int main(int argc, char** argv) {
// Start the tests
::testing::InitGoogleTest(&argc, argv);
int rv = RUN_ALL_TESTS();
return rv;
}
security/nss/gtests/sysinit_gtest/sysinit_gtest.gyp
+35
View File
@@ -0,0 +1,35 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi',
'../common/gtest.gypi'
],
'targets': [
{
'target_name': 'sysinit_gtest',
'type': 'executable',
'sources': [
'sysinit_gtest.cc',
'getUserDB_unittest.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
'<(DEPTH)/lib/sysinit/sysinit.gyp:nsssysinit_static'
]
}
],
'target_defaults': {
'include_dirs': [
'../../lib/sysinit'
],
'defines': [
'NSS_USE_STATIC_LIBS'
]
},
'variables': {
'module': 'nss'
}
}
security/nss/help.txt
+2
View File
@@ -51,3 +51,5 @@ NSS build tool options:
--enable-libpkix make libpkix part of the build
--mozpkix-only build only static mozpkix and mozpkix-test libraries
support for this build option is limited
--disable-keylog enable support for logging key data to a file specified
by the SSLKEYLOGFILE environment variable
security/nss/lib/smime/cmscinfo.c
+82 -14
View File
@@ -51,6 +51,10 @@ NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo)
{
SECOidTag kind;
if (cinfo == NULL) {
return;
}
kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
switch (kind) {
case SEC_OID_PKCS7_ENVELOPED_DATA:
@@ -86,6 +90,11 @@ NSSCMSContentInfo *
NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo)
{
NSSCMSContentInfo *ccinfo = NULL;
if (cinfo == NULL) {
return NULL;
}
SECOidTag tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
switch (tag) {
case SEC_OID_PKCS7_SIGNED_DATA:
@@ -127,6 +136,9 @@ SECStatus
NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream)
{
SECStatus rv;
if (cinfo == NULL) {
return SECFailure;
}
rv = NSS_CMSContentInfo_Private_Init(cinfo);
if (rv != SECSuccess) {
@@ -145,15 +157,20 @@ NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
SECOidTag type, void *ptr)
{
SECStatus rv;
if (cinfo == NULL || cmsg == NULL) {
return SECFailure;
}
cinfo->contentTypeTag = SECOID_FindOIDByTag(type);
if (cinfo->contentTypeTag == NULL)
if (cinfo->contentTypeTag == NULL) {
return SECFailure;
}
/* do not copy the oid, just create a reference */
rv = SECITEM_CopyItem(cmsg->poolp, &(cinfo->contentType), &(cinfo->contentTypeTag->oid));
if (rv != SECSuccess)
if (rv != SECSuccess) {
return SECFailure;
}
cinfo->content.pointer = ptr;
@@ -185,8 +202,9 @@ SECStatus
NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo,
SECItem *data, PRBool detached)
{
if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess)
if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess) {
return SECFailure;
}
if (detached) {
cinfo->rawContent = NULL;
}
@@ -230,6 +248,10 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn
void *
NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
{
if (cinfo == NULL) {
return NULL;
}
SECOidTag tag = cinfo->contentTypeTag
? cinfo->contentTypeTag->offset
: SEC_OID_UNKNOWN;
@@ -260,6 +282,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
SECOidTag tag;
SECItem *pItem = NULL;
if (cinfo == NULL) {
return NULL;
}
tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo);
if (NSS_CMSType_IsData(tag)) {
pItem = cinfo->content.data;
@@ -282,6 +308,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo)
SECOidTag
NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo)
{
if (cinfo == NULL) {
return SEC_OID_UNKNOWN;
}
if (cinfo->contentTypeTag == NULL)
cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
@@ -294,11 +324,17 @@ NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo)
SECItem *
NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo)
{
if (cinfo->contentTypeTag == NULL)
cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
if (cinfo->contentTypeTag == NULL)
if (cinfo == NULL) {
return NULL;
}
if (cinfo->contentTypeTag == NULL) {
cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType));
}
if (cinfo->contentTypeTag == NULL) {
return NULL;
}
return &(cinfo->contentTypeTag->oid);
}
@@ -310,8 +346,13 @@ NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo)
SECOidTag
NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo)
{
if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN)
if (cinfo == NULL) {
return SEC_OID_UNKNOWN;
}
if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN) {
cinfo->contentEncAlgTag = SECOID_GetAlgorithmTag(&(cinfo->contentEncAlg));
}
return cinfo->contentEncAlgTag;
}
@@ -322,6 +363,10 @@ NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo)
SECAlgorithmID *
NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo)
{
if (cinfo == NULL) {
return NULL;
}
return &(cinfo->contentEncAlg);
}
@@ -330,10 +375,14 @@ NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo
SECOidTag bulkalgtag, SECItem *parameters, int keysize)
{
SECStatus rv;
if (cinfo == NULL) {
return SECFailure;
}
rv = SECOID_SetAlgorithmID(poolp, &(cinfo->contentEncAlg), bulkalgtag, parameters);
if (rv != SECSuccess)
if (rv != SECSuccess) {
return SECFailure;
}
cinfo->keysize = keysize;
return SECSuccess;
}
@@ -343,27 +392,42 @@ NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin
SECAlgorithmID *algid, int keysize)
{
SECStatus rv;
if (cinfo == NULL) {
return SECFailure;
}
rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid);
if (rv != SECSuccess)
if (rv != SECSuccess) {
return SECFailure;
if (keysize >= 0)
}
if (keysize >= 0) {
cinfo->keysize = keysize;
}
return SECSuccess;
}
void
NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey)
{
cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey);
cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg));
if (cinfo == NULL) {
return;
}
if (bulkkey == NULL) {
cinfo->bulkkey = NULL;
cinfo->keysize = 0;
} else {
cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey);
cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg));
}
}
PK11SymKey *
NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo)
{
if (cinfo->bulkkey == NULL)
if (cinfo == NULL || cinfo->bulkkey == NULL) {
return NULL;
}
return PK11_ReferenceSymKey(cinfo->bulkkey);
}
@@ -371,5 +435,9 @@ NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo)
int
NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo)
{
if (cinfo == NULL) {
return 0;
}
return cinfo->keysize;
}
security/nss/lib/smime/cmsdigdata.c
+3 -1
View File
@@ -56,7 +56,9 @@ void
NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd)
{
/* everything's in a pool, so don't worry about the storage */
NSS_CMSContentInfo_Destroy(&(digd->contentInfo));
if (digd != NULL) {
NSS_CMSContentInfo_Destroy(&(digd->contentInfo));
}
return;
}
security/nss/lib/smime/cmsencdata.c
+3 -1
View File
@@ -87,7 +87,9 @@ void
NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd)
{
/* everything's in a pool, so don't worry about the storage */
NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
if (encd != NULL) {
NSS_CMSContentInfo_Destroy(&(encd->contentInfo));
}
return;
}
security/nss/lib/smime/cmsenvdata.c
+5
View File
@@ -144,6 +144,11 @@ NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd)
poolp = envd->cmsg->poolp;
cinfo = &(envd->contentInfo);
if (cinfo == NULL) {
PORT_SetError(SEC_ERROR_BAD_DATA);
goto loser;
}
recipientinfos = envd->recipientInfos;
if (recipientinfos == NULL) {
PORT_SetError(SEC_ERROR_BAD_DATA);
security/nss/lib/smime/cmsmessage.c
+64 -12
View File
@@ -29,8 +29,9 @@ NSS_CMSMessage_Create(PLArenaPool *poolp)
if (poolp == NULL) {
poolp = PORT_NewArena(1024); /* XXX what is right value? */
if (poolp == NULL)
if (poolp == NULL) {
return NULL;
}
poolp_is_ours = PR_TRUE;
}
@@ -44,8 +45,9 @@ NSS_CMSMessage_Create(PLArenaPool *poolp)
if (mark) {
PORT_ArenaRelease(poolp, mark);
}
} else
} else {
PORT_FreeArena(poolp, PR_FALSE);
}
return NULL;
}
@@ -53,8 +55,9 @@ NSS_CMSMessage_Create(PLArenaPool *poolp)
cmsg->poolp_is_ours = poolp_is_ours;
cmsg->refCount = 1;
if (mark)
if (mark) {
PORT_ArenaUnmark(poolp, mark);
}
return cmsg;
}
@@ -73,8 +76,13 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg,
SECAlgorithmID **detached_digestalgs, SECItem **detached_digests)
{
if (pwfn)
if (cmsg == NULL) {
return;
}
if (pwfn) {
PK11_SetPasswordFunc(pwfn);
}
cmsg->pwfn_arg = pwfn_arg;
cmsg->decrypt_key_cb = decrypt_key_cb;
cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg;
@@ -88,19 +96,25 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg,
void
NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg)
{
PORT_Assert(cmsg->refCount > 0);
if (cmsg->refCount <= 0) /* oops */
if (cmsg == NULL)
return;
cmsg->refCount--; /* thread safety? */
if (cmsg->refCount > 0)
PORT_Assert(cmsg->refCount > 0);
if (cmsg->refCount <= 0) { /* oops */
return;
}
cmsg->refCount--; /* thread safety? */
if (cmsg->refCount > 0) {
return;
}
NSS_CMSContentInfo_Destroy(&(cmsg->contentInfo));
/* if poolp is not NULL, cmsg is the owner of its arena */
if (cmsg->poolp_is_ours)
if (cmsg->poolp_is_ours) {
PORT_FreeArena(cmsg->poolp, PR_FALSE); /* XXX clear it? */
}
}
/*
@@ -112,8 +126,9 @@ NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg)
NSSCMSMessage *
NSS_CMSMessage_Copy(NSSCMSMessage *cmsg)
{
if (cmsg == NULL)
if (cmsg == NULL) {
return NULL;
}
PORT_Assert(cmsg->refCount > 0);
@@ -127,6 +142,10 @@ NSS_CMSMessage_Copy(NSSCMSMessage *cmsg)
PLArenaPool *
NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg)
{
if (cmsg == NULL) {
return NULL;
}
return cmsg->poolp;
}
@@ -136,6 +155,10 @@ NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg)
NSSCMSContentInfo *
NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg)
{
if (cmsg == NULL) {
return NULL;
}
return &(cmsg->contentInfo);
}
@@ -147,6 +170,10 @@ NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg)
SECItem *
NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg)
{
if (cmsg == NULL) {
return NULL;
}
/* this is a shortcut */
NSSCMSContentInfo *cinfo = NSS_CMSMessage_GetContentInfo(cmsg);
SECItem *pItem = NSS_CMSContentInfo_GetInnerContent(cinfo);
@@ -164,6 +191,10 @@ NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg)
int count = 0;
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return 0;
}
/* walk down the chain of contentinfos */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL;) {
count++;
@@ -183,6 +214,10 @@ NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n)
int count = 0;
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return NULL;
}
/* walk down the chain of contentinfos */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
@@ -200,6 +235,10 @@ NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg)
{
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return PR_FALSE;
}
/* descend into CMS message */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
@@ -221,6 +260,10 @@ NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg)
{
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return PR_FALSE;
}
/* walk down the chain of contentinfos */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
@@ -251,13 +294,21 @@ NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg)
{
NSSCMSContentInfo *cinfo;
if (cmsg == NULL) {
return PR_FALSE;
}
/* walk down the chain of contentinfos */
for (cinfo = &(cmsg->contentInfo); cinfo != NULL;
cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) {
switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) {
case SEC_OID_PKCS7_SIGNED_DATA:
if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos))
if (cinfo->content.signedData == NULL) {
return PR_FALSE;
}
if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos)) {
return PR_TRUE;
}
break;
default:
/* callback here for generic wrappers? */
@@ -278,8 +329,9 @@ NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen)
{
SECItem *item = NULL;
if (cmsg == NULL)
if (cmsg == NULL) {
return PR_TRUE;
}
item = NSS_CMSContentInfo_GetContent(NSS_CMSMessage_GetContentInfo(cmsg));
security/nss/lib/smime/cmsudf.c
+1 -1
View File
@@ -239,7 +239,7 @@ NSS_CMSGenericWrapperData_Destroy(SECOidTag type, NSSCMSGenericWrapperData *gd)
{
const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type);
if (typeInfo && typeInfo->destroy) {
if (typeInfo && (typeInfo->destroy) && (gd != NULL)) {
(*typeInfo->destroy)(gd);
}
}
security/nss/lib/ssl/ssl.gyp
+5 -5
View File
@@ -73,6 +73,11 @@
'-std=gnu99',
],
}],
[ 'enable_sslkeylogfile==1', {
'defines': [
'NSS_ALLOW_SSLKEYLOGFILE',
],
}],
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
@@ -92,11 +97,6 @@
}
}
],
'target_defaults': {
'defines': [
'NSS_ALLOW_SSLKEYLOGFILE=1'
]
},
'variables': {
'module': 'nss'
}
security/nss/lib/ssl/sslsock.c
+2
View File
@@ -3644,6 +3644,7 @@ ssl_SetDefaultsFromEnvironment(void)
char *ev;
firsttime = 0;
#ifdef DEBUG
ssl_trace_iob = NULL;
ev = PR_GetEnvSecure("SSLDEBUGFILE");
if (ev && ev[0]) {
ssl_trace_iob = fopen(ev, "w");
@@ -3665,6 +3666,7 @@ ssl_SetDefaultsFromEnvironment(void)
}
#endif /* DEBUG */
#ifdef NSS_ALLOW_SSLKEYLOGFILE
ssl_keylog_iob = NULL;
ev = PR_GetEnvSecure("SSLKEYLOGFILE");
if (ev && ev[0]) {
ssl_keylog_iob = fopen(ev, "a");
security/nss/lib/sysinit/manifest.mn
+7 -5
View File
@@ -2,14 +2,16 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ../..
CORE_DEPTH = ../..
# MODULE public and private header directories are implicitly REQUIRED.
MODULE = nss
CSRCS = nsssysinit.c
CSRCS = \
nsssysinit.c \
$(NULL)
LIBRARY_NAME = nsssysinit
#LIBRARY_VERSION = 3
MAPFILE = $(OBJDIR)/nsssysinit.def
# This part of the code, including all sub-dirs, can be optimized for size
export ALLOW_OPT_CODE_SIZE = 1
security/nss/lib/sysinit/nsssysinit.c
+70 -13
View File
@@ -37,9 +37,41 @@ testdir(char *dir)
return S_ISDIR(buf.st_mode);
}
/**
* Append given @dir to @path and creates the directory with mode @mode.
* Returns 0 if successful, -1 otherwise.
* Assumes that the allocation for @path has sufficient space for @dir
* to be added.
*/
static int
appendDirAndCreate(char *path, char *dir, mode_t mode)
{
PORT_Strcat(path, dir);
if (!testdir(path)) {
if (mkdir(path, mode)) {
return -1;
}
}
return 0;
}
#define XDG_NSS_USER_PATH1 "/.local"
#define XDG_NSS_USER_PATH2 "/share"
#define XDG_NSS_USER_PATH3 "/pki"
#define NSS_USER_PATH1 "/.pki"
#define NSS_USER_PATH2 "/nssdb"
static char *
/**
* Return the path to user's NSS database.
* We search in the following dirs in order:
* (1) $HOME/.pki/nssdb;
* (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set;
* (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value).
* If (1) does not exist, then the returned dir will be set to either
* (2) or (3), depending if XDG_DATA_HOME is set.
*/
char *
getUserDB(void)
{
char *userdir = PR_GetEnvSecure("HOME");
@@ -50,22 +82,47 @@ getUserDB(void)
}
nssdir = PORT_Alloc(strlen(userdir) + sizeof(NSS_USER_PATH1) + sizeof(NSS_USER_PATH2));
PORT_Strcpy(nssdir, userdir);
PORT_Strcat(nssdir, NSS_USER_PATH1 NSS_USER_PATH2);
if (testdir(nssdir)) {
/* $HOME/.pki/nssdb exists */
return nssdir;
} else {
/* either $HOME/.pki or $HOME/.pki/nssdb does not exist */
PORT_Free(nssdir);
}
int size = 0;
char *xdguserdatadir = PR_GetEnvSecure("XDG_DATA_HOME");
if (xdguserdatadir) {
size = strlen(xdguserdatadir);
} else {
size = strlen(userdir) + sizeof(XDG_NSS_USER_PATH1) + sizeof(XDG_NSS_USER_PATH2);
}
size += sizeof(XDG_NSS_USER_PATH3) + sizeof(NSS_USER_PATH2);
nssdir = PORT_Alloc(size);
if (nssdir == NULL) {
return NULL;
}
PORT_Strcpy(nssdir, userdir);
/* verify it exists */
if (!testdir(nssdir)) {
PORT_Free(nssdir);
return NULL;
if (xdguserdatadir) {
PORT_Strcpy(nssdir, xdguserdatadir);
if (!testdir(nssdir)) {
PORT_Free(nssdir);
return NULL;
}
} else {
PORT_Strcpy(nssdir, userdir);
if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH1, 0755) ||
appendDirAndCreate(nssdir, XDG_NSS_USER_PATH2, 0755)) {
PORT_Free(nssdir);
return NULL;
}
}
PORT_Strcat(nssdir, NSS_USER_PATH1);
if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
PORT_Free(nssdir);
return NULL;
}
PORT_Strcat(nssdir, NSS_USER_PATH2);
if (!testdir(nssdir) && mkdir(nssdir, 0760)) {
/* ${XDG_DATA_HOME:-$HOME/.local/share}/pki/nssdb */
if (appendDirAndCreate(nssdir, XDG_NSS_USER_PATH3, 0760) ||
appendDirAndCreate(nssdir, NSS_USER_PATH2, 0760)) {
PORT_Free(nssdir);
return NULL;
}
security/nss/lib/sysinit/nsssysinit.def
+26
View File
@@ -0,0 +1,26 @@
;+#
;+# This Source Code Form is subject to the terms of the Mozilla Public
;+# License, v. 2.0. If a copy of the MPL was not distributed with this
;+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
;+#
;+# OK, this file is meant to support SUN, LINUX, AIX and WINDOWS
;+# 1. For all unix platforms, the string ";-" means "remove this line"
;+# 2. For all unix platforms, the string " DATA " will be removed from any
;+# line on which it occurs.
;+# 3. Lines containing ";+" will have ";+" removed on SUN and LINUX.
;+# On AIX, lines containing ";+" will be removed.
;+# 4. For all unix platforms, the string ";;" will thave the ";;" removed.
;+# 5. For all unix platforms, after the above processing has taken place,
;+# all characters after the first ";" on the line will be removed.
;+# And for AIX, the first ";" will also be removed.
;+# This file is passed directly to windows. Since ';' is a comment, all UNIX
;+# directives are hidden behind ";", ";+", and ";-"
;+
;+NSS_3.15 { # NSS 3.15 release
;+ global:
LIBRARY nsssysiniit ;-
EXPORTS ;-
NSS_ReturnModuleSpecData;
;+ local:
;+*;
;+};
security/nss/lib/sysinit/sysinit.gyp
+10 -7
View File
@@ -3,29 +3,32 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../../coreconf/config.gypi'
'../../coreconf/config.gypi',
],
'targets': [
{
'target_name': 'nsssysinit_static',
'type': 'static_library',
'sources': [
'nsssysinit.c'
'nsssysinit.c',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/util/util.gyp:nssutil3'
]
],
},
{
'target_name': 'nsssysinit',
'type': 'shared_library',
'dependencies': [
'nsssysinit_static'
]
'nsssysinit_static',
],
'variables': {
'mapfile': 'nsssysinit.def',
},
}
],
'variables': {
'module': 'nss'
'module': 'nss',
}
}
}
security/nss/nss.gyp
+1
View File
@@ -199,6 +199,7 @@
[ 'OS=="linux"', {
'dependencies': [
'cmd/lowhashtest/lowhashtest.gyp:lowhashtest',
'gtests/sysinit_gtest/sysinit_gtest.gyp:sysinit_gtest',
],
}],
[ 'disable_libpkix==0', {
security/nss/tests/gtests/gtests.sh
+1 -1
View File
@@ -83,7 +83,7 @@ gtest_cleanup()
}
################## main #################################################
GTESTS="prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest blake2b_gtest"
GTESTS="prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest sysinit_gtest blake2b_gtest"
SOURCE_DIR="$PWD"/../..
gtest_init $0
gtest_start