diff options
author | Robert Relyea <rrelyea@redhat.com> | 2021-07-15 12:21:58 -0700 |
---|---|---|
committer | Robert Relyea <rrelyea@redhat.com> | 2021-07-15 12:21:58 -0700 |
commit | 1ae0b575132023942ed5db859f39d39761e80c9d (patch) | |
tree | 8f3a670a23de51f0c087b9dd849df04d4defa137 /automation/taskcluster | |
parent | 118ec82b436a2f852ebcdf17c5f109cad067434f (diff) | |
download | nss-hg-1ae0b575132023942ed5db859f39d39761e80c9d.tar.gz |
Bug 1720226 integrity checks in key4.db not happening on private components with AES_CBC
When we added support for AES, we also added support for integrity checks on the encrypted components.
It turns out the code that verifies the integrity checks was broken in 2 ways:
1. it wasn't accurately operating when AES was being used (the if statement wasn't actually triggering for AES_CBC because we were looking for AES in the wrong field).
2. password update did not update the integrity checks in the correct location, meaning any database which AES encrypted keys, and which had their password updated will not be able to validate their keys.
While we found this in a previous rebase, the patch had not been pushed upstream.
The attached patch needs sqlite3 to run the tests.
Differential Revision: https://phabricator.services.mozilla.com/D120011
Diffstat (limited to 'automation/taskcluster')
-rw-r--r-- | automation/taskcluster/docker-builds/Dockerfile | 1 | ||||
-rw-r--r-- | automation/taskcluster/docker-gcc-4.4/Dockerfile | 1 | ||||
-rw-r--r-- | automation/taskcluster/docker/Dockerfile | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/automation/taskcluster/docker-builds/Dockerfile b/automation/taskcluster/docker-builds/Dockerfile index 97436902c..82e829d87 100644 --- a/automation/taskcluster/docker-builds/Dockerfile +++ b/automation/taskcluster/docker-builds/Dockerfile @@ -35,6 +35,7 @@ RUN apt-get update \ valgrind \ zlib1g-dev \ clang-format-3.9 \ + sqlite3 \ && rm -rf /var/lib/apt/lists/* \ && apt-get autoremove -y && apt-get clean -y diff --git a/automation/taskcluster/docker-gcc-4.4/Dockerfile b/automation/taskcluster/docker-gcc-4.4/Dockerfile index 55344e567..866e8066c 100644 --- a/automation/taskcluster/docker-gcc-4.4/Dockerfile +++ b/automation/taskcluster/docker-gcc-4.4/Dockerfile @@ -11,6 +11,7 @@ RUN apt-get update \ make \ patch \ mercurial \ + sqlite3 \ zlib1g-dev \ && rm -rf /var/lib/apt/lists/* \ && apt-get autoremove -y && apt-get clean -y diff --git a/automation/taskcluster/docker/Dockerfile b/automation/taskcluster/docker/Dockerfile index 6df17c5e1..859b5bd11 100644 --- a/automation/taskcluster/docker/Dockerfile +++ b/automation/taskcluster/docker/Dockerfile @@ -20,6 +20,7 @@ RUN apt-get update \ mercurial \ ninja-build \ pkg-config \ + sqlite3 \ zlib1g-dev \ && rm -rf /var/lib/apt/lists/* \ && apt-get autoremove -y && apt-get clean -y |