diff options
author | Tim Taubert <ttaubert@mozilla.com> | 2016-07-07 15:16:51 +0200 |
---|---|---|
committer | Tim Taubert <ttaubert@mozilla.com> | 2016-07-07 15:16:51 +0200 |
commit | 47752c02f713f9a732b316fc04fbf2301f36166e (patch) | |
tree | 08a13502754174bc5a26283f2fb200ae75d68c19 | |
parent | 100a24be614c8c6c3bba386c5322064709006b93 (diff) | |
download | nss-hg-NSS_3.26_BETA2.tar.gz |
Bug 1285145 - Enable SSL tests on LSan runs r=franziskusNSS_3.26_BETA2
-rw-r--r-- | automation/taskcluster/graph/linux/build64-lsan.yml | 1 | ||||
-rw-r--r-- | cmd/selfserv/selfserv.c | 25 | ||||
-rw-r--r-- | cmd/tstclnt/tstclnt.c | 18 | ||||
-rw-r--r-- | lib/pk11wrap/pk11skey.c | 13 | ||||
-rw-r--r-- | lib/ssl/ssl3ext.c | 32 |
5 files changed, 56 insertions, 33 deletions
diff --git a/automation/taskcluster/graph/linux/build64-lsan.yml b/automation/taskcluster/graph/linux/build64-lsan.yml index 59c0557cb..75747c870 100644 --- a/automation/taskcluster/graph/linux/build64-lsan.yml +++ b/automation/taskcluster/graph/linux/build64-lsan.yml @@ -34,4 +34,5 @@ - merge - sdr - smime + - ssl - tools diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index e408c6ef0..1cb26ce93 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -694,7 +694,7 @@ launch_threads( local) ? PR_LOCAL_THREAD : PR_GLOBAL_THREAD, - PR_UNJOINABLE_THREAD, 0); + PR_JOINABLE_THREAD, 0); if (slot->prThread == NULL) { printf("selfserv: Failed to launch thread!\n"); slot->state = rs_idle; @@ -723,13 +723,24 @@ launch_threads( void terminateWorkerThreads(void) { - VLOG(("selfserv: server_thead: waiting on stopping")); + int i; + + VLOG(("selfserv: server_thread: waiting on stopping")); PZ_Lock(qLock); PZ_NotifyAllCondVar(jobQNotEmptyCv); - while (threadCount > 0) { - PZ_WaitCondVar(threadCountChangeCv, PR_INTERVAL_NO_TIMEOUT); + PZ_Unlock(qLock); + + /* Wait for worker threads to terminate. */ + for (i = 0; i < maxThreads; ++i) { + perThread *slot = threads + i; + if (slot->prThread) { + PR_JoinThread(slot->prThread); + } } + /* The worker threads empty the jobQ before they terminate. */ + PZ_Lock(qLock); + PORT_Assert(threadCount == 0); PORT_Assert(PR_CLIST_IS_EMPTY(&jobQ)); PZ_Unlock(qLock); @@ -1843,6 +1854,9 @@ handshakeCallback(PRFileDesc *fd, void *client_data) hostInfo->len)) { failedToNegotiateName = PR_TRUE; } + if (hostInfo) { + SECITEM_FreeItem(hostInfo, PR_TRUE); + } } } @@ -2894,6 +2908,9 @@ cleanup: PORT_Free(ecNickName); } #endif + if (dsaNickName) { + PORT_Free(dsaNickName); + } if (hasSidCache) { SSL_ShutdownServerSessionIDCache(); diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c index 378bb1379..2c2b71c5b 100644 --- a/cmd/tstclnt/tstclnt.c +++ b/cmd/tstclnt/tstclnt.c @@ -1232,6 +1232,15 @@ main(int argc, char **argv) printHostNameAndAddr(host, &addr); + if (!certDir) { + certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */ + certDir = SECU_ConfigDirectory(certDir); + } else { + char *certDirTmp = certDir; + certDir = SECU_ConfigDirectory(certDirTmp); + PORT_Free(certDirTmp); + } + if (pingServerFirst) { int iter = 0; PRErrorCode err; @@ -1283,15 +1292,6 @@ main(int argc, char **argv) } /* open the cert DB, the key DB, and the secmod DB. */ - if (!certDir) { - certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */ - certDir = SECU_ConfigDirectory(certDir); - } else { - char *certDirTmp = certDir; - certDir = SECU_ConfigDirectory(certDirTmp); - PORT_Free(certDirTmp); - } - if (openDB) { rv = NSS_Init(certDir); if (rv != SECSuccess) { diff --git a/lib/pk11wrap/pk11skey.c b/lib/pk11wrap/pk11skey.c index 28c135f1e..350048d1b 100644 --- a/lib/pk11wrap/pk11skey.c +++ b/lib/pk11wrap/pk11skey.c @@ -1788,8 +1788,6 @@ loser: * random numbers. For Mail usage RandomB should be NULL. In the Sender's * case RandomA is generate, outherwize it is passed. */ -static unsigned char *rb_email = NULL; - PK11SymKey * PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB, @@ -1801,15 +1799,6 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, PK11SymKey *symKey; CK_RV crv; - - if (rb_email == NULL) { - rb_email = PORT_ZAlloc(128); - if (rb_email == NULL) { - return NULL; - } - rb_email[127] = 1; - } - /* get our key Structure */ symKey = pk11_CreateSymKey(slot, target, PR_TRUE, PR_TRUE, wincx); if (symKey == NULL) { @@ -1829,11 +1818,13 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, case keaKey: case fortezzaKey: { + static unsigned char rb_email[128] = { 0 }; CK_KEA_DERIVE_PARAMS param; param.isSender = (CK_BBOOL) isSender; param.ulRandomLen = randomA->len; param.pRandomA = randomA->data; param.pRandomB = rb_email; + param.pRandomB[127] = 1; if (randomB) param.pRandomB = randomB->data; if (pubKey->keyType == fortezzaKey) { diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index cc5d73282..c803727e4 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -1172,7 +1172,7 @@ ssl3_EncodeSessionTicket(sslSocket *ss, SECItem *ticket_data) AESContext *aes_ctx; const SECHashObject *hashObj = NULL; PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS]; - HMACContext *hmac_ctx; + HMACContext *hmac_ctx = NULL; #endif CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; PK11Context *aes_ctx_pkcs11; @@ -1485,16 +1485,19 @@ ssl3_EncodeSessionTicket(sslSocket *ss, SECItem *ticket_data) hmac_ctx = (HMACContext *)hmac_ctx_buf; hashObj = HASH_GetRawHashObject(HASH_AlgSHA256); if (HMAC_Init(hmac_ctx, hashObj, mac_key, - mac_key_length, PR_FALSE) != SECSuccess) + mac_key_length, PR_FALSE) != SECSuccess) { goto loser; + } HMAC_Begin(hmac_ctx); HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN); HMAC_Update(hmac_ctx, iv, sizeof(iv)); HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2); HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len); - HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, - sizeof(computed_mac)); + if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, + sizeof(computed_mac)) != SECSuccess) { + goto loser; + } } else #endif { @@ -1568,12 +1571,20 @@ ssl3_EncodeSessionTicket(sslSocket *ss, SECItem *ticket_data) ticket_buf.data = NULL; loser: - if (hmac_ctx_pkcs11) +#ifndef NO_PKCS11_BYPASS + if (hmac_ctx) { + HMAC_Destroy(hmac_ctx, PR_FALSE); + } +#endif + if (hmac_ctx_pkcs11) { PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); - if (plaintext_item.data) + } + if (plaintext_item.data) { SECITEM_FreeItem(&plaintext_item, PR_FALSE); - if (ciphertext.data) + } + if (ciphertext.data) { SECITEM_FreeItem(&ciphertext, PR_FALSE); + } if (ticket_buf.data) { SECITEM_FreeItem(&ticket_buf, PR_FALSE); } @@ -1699,9 +1710,12 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, SECItem *data) HMAC_Begin(hmac_ctx); HMAC_Update(hmac_ctx, extension_data.data, extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH); - if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, - sizeof(computed_mac)) != SECSuccess) + rv = HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length, + sizeof(computed_mac)); + HMAC_Destroy(hmac_ctx, PR_FALSE); + if (rv != SECSuccess) { goto no_ticket; + } } else #endif { |