summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Taubert <ttaubert@mozilla.com>2016-07-07 15:16:51 +0200
committerTim Taubert <ttaubert@mozilla.com>2016-07-07 15:16:51 +0200
commit47752c02f713f9a732b316fc04fbf2301f36166e (patch)
tree08a13502754174bc5a26283f2fb200ae75d68c19
parent100a24be614c8c6c3bba386c5322064709006b93 (diff)
downloadnss-hg-47752c02f713f9a732b316fc04fbf2301f36166e.tar.gz
Bug 1285145 - Enable SSL tests on LSan runs r=franziskusNSS_3.26_BETA2
Diffstat
-rw-r--r--automation/taskcluster/graph/linux/build64-lsan.yml1
-rw-r--r--cmd/selfserv/selfserv.c25
-rw-r--r--cmd/tstclnt/tstclnt.c18
-rw-r--r--lib/pk11wrap/pk11skey.c13
-rw-r--r--lib/ssl/ssl3ext.c32
5 files changed, 56 insertions, 33 deletions
diff --git a/automation/taskcluster/graph/linux/build64-lsan.yml b/automation/taskcluster/graph/linux/build64-lsan.yml
index 59c0557cb..75747c870 100644
--- a/automation/taskcluster/graph/linux/build64-lsan.yml
+++ b/automation/taskcluster/graph/linux/build64-lsan.yml
@@ -34,4 +34,5 @@
- merge
- sdr
- smime
+ - ssl
- tools
diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c
index e408c6ef0..1cb26ce93 100644
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -694,7 +694,7 @@ launch_threads(
local)
? PR_LOCAL_THREAD
: PR_GLOBAL_THREAD,
- PR_UNJOINABLE_THREAD, 0);
+ PR_JOINABLE_THREAD, 0);
if (slot->prThread == NULL) {
printf("selfserv: Failed to launch thread!\n");
slot->state = rs_idle;
@@ -723,13 +723,24 @@ launch_threads(
void
terminateWorkerThreads(void)
{
- VLOG(("selfserv: server_thead: waiting on stopping"));
+ int i;
+
+ VLOG(("selfserv: server_thread: waiting on stopping"));
PZ_Lock(qLock);
PZ_NotifyAllCondVar(jobQNotEmptyCv);
- while (threadCount > 0) {
- PZ_WaitCondVar(threadCountChangeCv, PR_INTERVAL_NO_TIMEOUT);
+ PZ_Unlock(qLock);
+
+ /* Wait for worker threads to terminate. */
+ for (i = 0; i < maxThreads; ++i) {
+ perThread *slot = threads + i;
+ if (slot->prThread) {
+ PR_JoinThread(slot->prThread);
+ }
}
+
/* The worker threads empty the jobQ before they terminate. */
+ PZ_Lock(qLock);
+ PORT_Assert(threadCount == 0);
PORT_Assert(PR_CLIST_IS_EMPTY(&jobQ));
PZ_Unlock(qLock);
@@ -1843,6 +1854,9 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
hostInfo->len)) {
failedToNegotiateName = PR_TRUE;
}
+ if (hostInfo) {
+ SECITEM_FreeItem(hostInfo, PR_TRUE);
+ }
}
}
@@ -2894,6 +2908,9 @@ cleanup:
PORT_Free(ecNickName);
}
#endif
+ if (dsaNickName) {
+ PORT_Free(dsaNickName);
+ }
if (hasSidCache) {
SSL_ShutdownServerSessionIDCache();
diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c
index 378bb1379..2c2b71c5b 100644
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -1232,6 +1232,15 @@ main(int argc, char **argv)
printHostNameAndAddr(host, &addr);
+ if (!certDir) {
+ certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */
+ certDir = SECU_ConfigDirectory(certDir);
+ } else {
+ char *certDirTmp = certDir;
+ certDir = SECU_ConfigDirectory(certDirTmp);
+ PORT_Free(certDirTmp);
+ }
+
if (pingServerFirst) {
int iter = 0;
PRErrorCode err;
@@ -1283,15 +1292,6 @@ main(int argc, char **argv)
}
/* open the cert DB, the key DB, and the secmod DB. */
- if (!certDir) {
- certDir = SECU_DefaultSSLDir(); /* Look in $SSL_DIR */
- certDir = SECU_ConfigDirectory(certDir);
- } else {
- char *certDirTmp = certDir;
- certDir = SECU_ConfigDirectory(certDirTmp);
- PORT_Free(certDirTmp);
- }
-
if (openDB) {
rv = NSS_Init(certDir);
if (rv != SECSuccess) {
diff --git a/lib/pk11wrap/pk11skey.c b/lib/pk11wrap/pk11skey.c
index 28c135f1e..350048d1b 100644
--- a/lib/pk11wrap/pk11skey.c
+++ b/lib/pk11wrap/pk11skey.c
@@ -1788,8 +1788,6 @@ loser:
* random numbers. For Mail usage RandomB should be NULL. In the Sender's
* case RandomA is generate, outherwize it is passed.
*/
-static unsigned char *rb_email = NULL;
-
PK11SymKey *
PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
PRBool isSender, SECItem *randomA, SECItem *randomB,
@@ -1801,15 +1799,6 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
PK11SymKey *symKey;
CK_RV crv;
-
- if (rb_email == NULL) {
- rb_email = PORT_ZAlloc(128);
- if (rb_email == NULL) {
- return NULL;
- }
- rb_email[127] = 1;
- }
-
/* get our key Structure */
symKey = pk11_CreateSymKey(slot, target, PR_TRUE, PR_TRUE, wincx);
if (symKey == NULL) {
@@ -1829,11 +1818,13 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
case keaKey:
case fortezzaKey:
{
+ static unsigned char rb_email[128] = { 0 };
CK_KEA_DERIVE_PARAMS param;
param.isSender = (CK_BBOOL) isSender;
param.ulRandomLen = randomA->len;
param.pRandomA = randomA->data;
param.pRandomB = rb_email;
+ param.pRandomB[127] = 1;
if (randomB)
param.pRandomB = randomB->data;
if (pubKey->keyType == fortezzaKey) {
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
index cc5d73282..c803727e4 100644
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -1172,7 +1172,7 @@ ssl3_EncodeSessionTicket(sslSocket *ss, SECItem *ticket_data)
AESContext *aes_ctx;
const SECHashObject *hashObj = NULL;
PRUint64 hmac_ctx_buf[MAX_MAC_CONTEXT_LLONGS];
- HMACContext *hmac_ctx;
+ HMACContext *hmac_ctx = NULL;
#endif
CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC;
PK11Context *aes_ctx_pkcs11;
@@ -1485,16 +1485,19 @@ ssl3_EncodeSessionTicket(sslSocket *ss, SECItem *ticket_data)
hmac_ctx = (HMACContext *)hmac_ctx_buf;
hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
if (HMAC_Init(hmac_ctx, hashObj, mac_key,
- mac_key_length, PR_FALSE) != SECSuccess)
+ mac_key_length, PR_FALSE) != SECSuccess) {
goto loser;
+ }
HMAC_Begin(hmac_ctx);
HMAC_Update(hmac_ctx, key_name, SESS_TICKET_KEY_NAME_LEN);
HMAC_Update(hmac_ctx, iv, sizeof(iv));
HMAC_Update(hmac_ctx, (unsigned char *)length_buf, 2);
HMAC_Update(hmac_ctx, ciphertext.data, ciphertext.len);
- HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
- sizeof(computed_mac));
+ if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
+ sizeof(computed_mac)) != SECSuccess) {
+ goto loser;
+ }
} else
#endif
{
@@ -1568,12 +1571,20 @@ ssl3_EncodeSessionTicket(sslSocket *ss, SECItem *ticket_data)
ticket_buf.data = NULL;
loser:
- if (hmac_ctx_pkcs11)
+#ifndef NO_PKCS11_BYPASS
+ if (hmac_ctx) {
+ HMAC_Destroy(hmac_ctx, PR_FALSE);
+ }
+#endif
+ if (hmac_ctx_pkcs11) {
PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE);
- if (plaintext_item.data)
+ }
+ if (plaintext_item.data) {
SECITEM_FreeItem(&plaintext_item, PR_FALSE);
- if (ciphertext.data)
+ }
+ if (ciphertext.data) {
SECITEM_FreeItem(&ciphertext, PR_FALSE);
+ }
if (ticket_buf.data) {
SECITEM_FreeItem(&ticket_buf, PR_FALSE);
}
@@ -1699,9 +1710,12 @@ ssl3_ProcessSessionTicketCommon(sslSocket *ss, SECItem *data)
HMAC_Begin(hmac_ctx);
HMAC_Update(hmac_ctx, extension_data.data,
extension_data.len - TLS_EX_SESS_TICKET_MAC_LENGTH);
- if (HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
- sizeof(computed_mac)) != SECSuccess)
+ rv = HMAC_Finish(hmac_ctx, computed_mac, &computed_mac_length,
+ sizeof(computed_mac));
+ HMAC_Destroy(hmac_ctx, PR_FALSE);
+ if (rv != SECSuccess) {
goto no_ticket;
+ }
} else
#endif
{
View Lorry Controller Status