Back out changeset bda43f333e1a (bug 1211568) for "Could not find EV root in NSS storage" assertion failures

CLOSED TREE
This commit is contained in:
Phil Ringnalda 2015-11-10 08:18:47 -08:00
parent 1d99ef7b2b
commit 582d9740e2
17 changed files with 1478 additions and 497 deletions

View File

@ -213,7 +213,7 @@ DEFAULT_GMAKE_FLAGS += \
OS_PTHREAD= \
$(NULL)
DEFAULT_GMAKE_FLAGS += ARCHFLAG='$(filter-out -W%,$(CFLAGS)) -DCHECK_FORK_GETPID $(addprefix -DANDROID_VERSION=,$(ANDROID_VERSION)) -include $(topsrcdir)/security/manager/android_stub.h'
DEFAULT_GMAKE_FLAGS += ARCHFLAG='$(CFLAGS) -DCHECK_FORK_GETPID $(addprefix -DANDROID_VERSION=,$(ANDROID_VERSION)) -include $(topsrcdir)/security/manager/android_stub.h'
endif
endif
@ -241,7 +241,7 @@ ifdef MOZ_NO_WLZDEFS
DEFAULT_GMAKE_FLAGS += ZDEFS_FLAG=
endif
ifdef MOZ_CFLAGS_NSS
DEFAULT_GMAKE_FLAGS += XCFLAGS='$(filter-out -W%,$(CFLAGS))'
DEFAULT_GMAKE_FLAGS += XCFLAGS='$(CFLAGS)'
DEFAULT_GMAKE_FLAGS += DARWIN_DYLIB_VERSIONS='-compatibility_version 1 -current_version 1 $(LDFLAGS)'
endif
ifeq (1_1,$(CLANG_CL)_$(MOZ_ASAN))
@ -267,10 +267,7 @@ ifdef MOZ_FOLD_LIBS_FLAGS
DEFAULT_GMAKE_FLAGS += XCFLAGS='$(MOZ_FOLD_LIBS_FLAGS)'
endif
ifndef WARNINGS_AS_ERRORS
DEFAULT_GMAKE_FLAGS += NSS_ENABLE_WERROR=0
endif
ifeq ($(OS_TARGET),Android)
ifeq (1,$(ALLOW_COMPILER_WARNINGS))
DEFAULT_GMAKE_FLAGS += NSS_ENABLE_WERROR=0
endif

View File

@ -1 +1 @@
NSS_3_21_RTM
NSS_3_21_Beta3

View File

@ -712,8 +712,6 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile)
newpw2 = SECU_GetPasswordString(NULL, "Re-enter new password: ");
if(strcmp(newpw, newpw2)) {
PR_fprintf(PR_STDOUT, msgStrings[PW_MATCH_MSG]);
PORT_ZFree(newpw, strlen(newpw));
PORT_ZFree(newpw2, strlen(newpw2));
} else {
matching = PR_TRUE;
}
@ -740,13 +738,16 @@ ChangePW(char *tokenName, char *pwFile, char *newpwFile)
loser:
if(oldpw) {
PORT_ZFree(oldpw, strlen(oldpw));
memset(oldpw, 0, strlen(oldpw));
PORT_Free(oldpw);
}
if(newpw) {
PORT_ZFree(newpw, strlen(newpw));
memset(newpw, 0, strlen(newpw));
PORT_Free(newpw);
}
if(newpw2) {
PORT_ZFree(newpw2, strlen(newpw2));
memset(newpw2, 0, strlen(newpw2));
PORT_Free(newpw2);
}
PK11_FreeSlot(slot);

View File

@ -4,7 +4,6 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
include $(CORE_DEPTH)/coreconf/UNIX.mk
include $(CORE_DEPTH)/coreconf/Werror.mk
DEFAULT_COMPILER = gcc
@ -82,7 +81,44 @@ endif
# definitions so that the linker can catch multiply-defined symbols.
# Also, common symbols are not allowed with Darwin dynamic libraries.
OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(WARNING_CFLAGS) -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS)
OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS)
# This tests to see if enabling the warning is possible before
# setting an option to disable it.
disable_warning=$(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1))
COMPILER_NAME = $(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')
ifeq ($(COMPILER_NAME),clang)
# -Qunused-arguments : clang objects to arguments that it doesn't understand
# and fixing this would require rearchitecture
OS_CFLAGS += -Qunused-arguments
# -Wno-parentheses-equality : because clang warns about macro expansions
OS_CFLAGS += $(call disable_warning,parentheses-equality)
endif
ifndef NSS_ENABLE_WERROR
ifeq ($(COMPILER_NAME),clang)
NSS_ENABLE_WERROR = 1
else
NSS_ENABLE_WERROR := $(shell \
[ `$(CC) -dumpversion | cut -f 1 -d . -` -eq 4 -a \
`$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \
`$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \
echo 1 || echo 0)
ifneq ($(NSS_ENABLE_WERROR),1)
$(warning Unable to find gcc >= 4.8 disabling -Werror)
endif
endif
export NSS_ENABLE_WERROR
endif
ifeq ($(NSS_ENABLE_WERROR),1)
OS_CFLAGS += -Werror
else
# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions.
# Use this to disable use of that #pragma and the warnings it suppresses.
OS_CFLAGS += -DNSS_NO_GCC48
endif
ifdef BUILD_OPT
ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))

View File

@ -4,7 +4,6 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
include $(CORE_DEPTH)/coreconf/UNIX.mk
include $(CORE_DEPTH)/coreconf/Werror.mk
#
# The default implementation strategy for Linux is now pthreads
@ -133,16 +132,70 @@ endif
endif
ifndef COMPILER_TAG
COMPILER_TAG := _$(CC_NAME)
COMPILER_TAG = _$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')
CCC_COMPILER_TAG = _$(shell $(CCC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')
endif
ifeq ($(USE_PTHREADS),1)
OS_PTHREAD = -lpthread
endif
OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) $(WARNING_CFLAGS) -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR
OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR
OS_LIBS = $(OS_PTHREAD) -ldl -lc
# This tests to see if enabling the warning is possible before
# setting an option to disable it.
disable_warning=$(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1))
ifeq ($(COMPILER_TAG),_clang)
# -Qunused-arguments : clang objects to arguments that it doesn't understand
# and fixing this would require rearchitecture
OS_CFLAGS += -Qunused-arguments
# -Wno-parentheses-equality : because clang warns about macro expansions
OS_CFLAGS += $(call disable_warning,parentheses-equality)
ifdef BUILD_OPT
# clang is unable to handle glib's expansion of strcmp and similar for optimized
# builds, so ignore the resulting errors.
# See https://llvm.org/bugs/show_bug.cgi?id=20144
OS_CFLAGS += $(call disable_warning,array-bounds)
OS_CFLAGS += $(call disable_warning,unevaluated-expression)
endif
endif
ifndef NSS_ENABLE_WERROR
ifneq ($(OS_TARGET),Android)
# Android lollipop generates the following warning:
# error: call to 'sprintf' declared with attribute warning:
# sprintf is often misused; please use snprintf [-Werror]
# So, just suppress -Werror entirely on Android
NSS_ENABLE_WERROR = 0
$(warning !!! OS_TARGET is Android, disabling -Werror)
else
ifeq ($(COMPILER_TAG),_clang)
# Clang reports its version as an older gcc, but it's OK
NSS_ENABLE_WERROR = 1
else
NSS_ENABLE_WERROR := $(shell \
[ `$(CC) -dumpversion | cut -f 1 -d . -` -eq 4 -a \
`$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \
`$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \
echo 1 || echo 0)
ifneq ($(NSS_ENABLE_WERROR),1)
$(warning !!! Unable to find gcc 4.8 or greater, disabling -Werror)
endif
endif
endif
export NSS_ENABLE_WERROR
endif
ifeq (1,$(NSS_ENABLE_WERROR))
OS_CFLAGS += -Werror
else
# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions.
# Use this to disable use of that #pragma and the warnings it suppresses.
OS_CFLAGS += -DNSS_NO_GCC48
endif
ifdef USE_PTHREADS
DEFINES += -D_REENTRANT
endif

View File

@ -113,25 +113,19 @@ ifdef NS_USE_GCC
else
OPTIMIZER += -O2
endif
DEFINES += -UDEBUG -DNDEBUG
DEFINES += -UDEBUG -U_DEBUG -DNDEBUG
else
OPTIMIZER += -g
NULLSTRING :=
SPACE := $(NULLSTRING) # end of the line
USERNAME := $(subst $(SPACE),_,$(USERNAME))
USERNAME := $(subst -,_,$(USERNAME))
DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME)
endif
else # !NS_USE_GCC
OS_CFLAGS += -W3 -nologo -D_CRT_SECURE_NO_WARNINGS \
OS_CFLAGS += -W3 -WX -nologo -D_CRT_SECURE_NO_WARNINGS \
-D_CRT_NONSTDC_NO_WARNINGS
OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS
ifndef NSS_ENABLE_WERROR
NSS_ENABLE_WERROR = 1
endif
ifeq ($(NSS_ENABLE_WERROR),1)
OS_CFLAGS += -WX
endif
ifeq ($(_MSC_VER),$(_MSC_VER_6))
ifndef MOZ_DEBUG_SYMBOLS
OS_DLLFLAGS += -PDB:NONE
@ -165,7 +159,7 @@ else # !NS_USE_GCC
else
OPTIMIZER += -O2
endif
DEFINES += -UDEBUG -DNDEBUG
DEFINES += -UDEBUG -U_DEBUG -DNDEBUG
DLLFLAGS += -OUT:$@
ifdef MOZ_DEBUG_SYMBOLS
ifdef MOZ_DEBUG_FLAGS
@ -182,7 +176,7 @@ else # !NS_USE_GCC
SPACE := $(NULLSTRING) # end of the line
USERNAME := $(subst $(SPACE),_,$(USERNAME))
USERNAME := $(subst -,_,$(USERNAME))
DEFINES += -DDEBUG -UNDEBUG -DDEBUG_$(USERNAME)
DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME)
DLLFLAGS += -DEBUG -OUT:$@
LDFLAGS += -DEBUG
ifeq ($(_MSC_VER),$(_MSC_VER_6))

View File

@ -1,70 +0,0 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# This sets warning flags for unix-like operating systems.
ifndef CC_NAME
CC_NAME := $(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')
export CC_NAME
endif
ifndef WARNING_CFLAGS
# This tests to see if enabling the warning is possible before
# setting an option to disable it.
disable_warning = $(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1))
WARNING_CFLAGS = -Wall
ifeq ($(CC_NAME),clang)
# -Qunused-arguments : clang objects to arguments that it doesn't understand
# and fixing this would require rearchitecture
WARNING_CFLAGS += -Qunused-arguments
# -Wno-parentheses-equality : because clang warns about macro expansions
OS_CFLAGS += $(call disable_warning,parentheses-equality)
ifdef BUILD_OPT
# clang is unable to handle glib's expansion of strcmp and similar for optimized
# builds, so ignore the resulting errors.
# See https://llvm.org/bugs/show_bug.cgi?id=20144
WARNING_CFLAGS += $(call disable_warning,array-bounds)
WARNING_CFLAGS += $(call disable_warning,unevaluated-expression)
endif
endif # if clang
ifndef NSS_ENABLE_WERROR
ifeq ($(OS_TARGET),Android)
# Android lollipop generates the following warning:
# error: call to 'sprintf' declared with attribute warning:
# sprintf is often misused; please use snprintf [-Werror]
# So, just suppress -Werror entirely on Android
NSS_ENABLE_WERROR = 0
$(warning OS_TARGET is Android, disabling -Werror)
else
ifeq ($(CC_NAME),clang)
# Clang reports its version as an older gcc, but it's OK
NSS_ENABLE_WERROR = 1
else
CC_VERSION := $(subst ., ,$(shell $(CC) -dumpversion))
ifneq (,$(filter 4.8 4.9,$(word 1,$(CC_VERSION)).$(word 2,$(CC_VERSION))))
NSS_ENABLE_WERROR = 1
endif
ifeq (,$(filter 0 1 2 3 4,$(word 1,$(CC_VERSION))))
NSS_ENABLE_WERROR = 1
endif
ifndef NSS_ENABLE_WERROR
$(warning Unable to find gcc 4.8 or greater, disabling -Werror)
NSS_ENABLE_WERROR = 0
endif
endif
endif
endif #ndef NSS_ENABLE_WERROR
ifeq ($(NSS_ENABLE_WERROR),1)
WARNING_CFLAGS += -Werror
else
# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions.
# Use this to disable use of that #pragma and the warnings it suppresses.
WARNING_CFLAGS += -DNSS_NO_GCC48
endif
export WARNING_CFLAGS
endif # ndef WARNING_CFLAGS

View File

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."

View File

@ -44,8 +44,10 @@ include $(CORE_DEPTH)/coreconf/rules.mk
MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
ifeq (WINNT,$(OS_ARCH))
# -MTd (not -MD) because that makes it link to the right library
# -EHsc because gtest has exception handlers
OS_CFLAGS += -EHsc
OS_CFLAGS := $(filterout -MD,$(OS_CFLAGS))
OS_CFLAGS += -MTd -EHsc
# On windows, we need to create the parent directory
# Needed because we include files from a subdirectory
MAKE_OBJDIR = $(INSTALL) -D $(dir $@)

View File

@ -48,8 +48,10 @@ CFLAGS += -I$(CORE_DEPTH)/lib/ssl
include ../../cmd/platrules.mk
ifeq (WINNT,$(OS_ARCH))
# -MTd (not -MD) because that makes it link to the right library
# -EHsc because gtest has exception handlers
OS_CFLAGS += -EHsc -nologo
OS_CFLAGS := $(filterout -MD,$(OS_CFLAGS))
OS_CFLAGS += -MTd -EHsc -nologo
# http://www.suodenjoki.dk/us/archive/2010/min-max.htm
OS_CFLAGS += -DNOMINMAX

View File

@ -405,7 +405,7 @@ void TlsAgent::EnableExtendedMasterSecret() {
}
void TlsAgent::CheckExtendedMasterSecret(bool expected) {
ASSERT_EQ(expected, info_.extendedMasterSecretUsed != PR_FALSE)
ASSERT_EQ(expected, static_cast<bool>(info_.extendedMasterSecretUsed))
<< "unexpected extended master secret state for " << name_;
}

File diff suppressed because it is too large Load Diff

View File

@ -45,8 +45,8 @@
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 6
#define NSS_BUILTINS_LIBRARY_VERSION "2.6"
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 5
#define NSS_BUILTINS_LIBRARY_VERSION "2.5"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1

View File

@ -7,15 +7,15 @@
/* Copyright(c) 2013, Intel Corp. */
/******************************************************************************/
/* Reference: */
/* [1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication */
/* [1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication */
/* Instruction and its Usage for Computing the GCM Mode (Rev. 2.01) */
/* http://software.intel.com/sites/default/files/article/165685/clmul-wp-r*/
/*ev-2.01-2012-09-21.pdf */
/* [2] S. Gueron, M. E. Kounavis: Efficient Implementation of the Galois */
/* Counter Mode Using a Carry-less Multiplier and a Fast Reduction */
/* Algorithm. Information Processing Letters 110: 549-553 (2010). */
/* [3] S. Gueron: AES Performance on the 2nd Generation Intel(R) Core(TM) */
/* Processor Family (to be posted) (2012). */
/* Algorithm. Information Processing Letters 110: 549553 (2010). */
/* [3] S. Gueron: AES Performance on the 2nd Generation Intel® Core™ Processor*/
/* Family (to be posted) (2012). */
/* [4] S. Gueron: Fast GHASH computations for speeding up AES-GCM (to be */
/* published) (2012). */
@ -41,9 +41,9 @@ SECStatus intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm, unsigned char *
const unsigned char *inbuf, unsigned int inlen,
unsigned int blocksize);
/* Prototypes of functions in the assembler file for fast AES-GCM, using
/* Prorotypes of functions in the assembler file for fast AES-GCM, using
Intel AES-NI and CLMUL-NI, as described in [1]
[1] Shay Gueron, Michael E. Kounavis: Intel(R) Carry-Less Multiplication
[1] Shay Gueron, Michael E. Kounavis: Intel® Carry-Less Multiplication
Instruction and its Usage for Computing the GCM Mode */
/* Prepares the constants used in the aggregated reduction method */

View File

@ -33,12 +33,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.21" _NSS_ECC_STRING _NSS_CUSTOMIZED
#define NSS_VERSION "3.21" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta"
#define NSS_VMAJOR 3
#define NSS_VMINOR 21
#define NSS_VPATCH 0
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
#define NSS_BETA PR_TRUE
#ifndef RC_INVOKED

View File

@ -25,11 +25,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.21" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VERSION "3.21" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 21
#define SOFTOKEN_VPATCH 0
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
#define SOFTOKEN_BETA PR_TRUE
#endif /* _SOFTKVER_H_ */

View File

@ -19,12 +19,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.21"
#define NSSUTIL_VERSION "3.21 Beta"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 21
#define NSSUTIL_VPATCH 0
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
#define NSSUTIL_BETA PR_TRUE
SEC_BEGIN_PROTOS