kamp/RetroZilla
1
0
Fork 0
mirror of https://github.com/rn10950/RetroZilla.git synced 2024-11-13 11:10:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

cherry-picked mozilla NSS upstream changes (to rev a245a4cc):

Browse Source 
bug1201704, bug1171631, bug572412, bug1119618, bug1177770, bug1148374, bug1208243(part-of), bug1117022, bug1205688, bug1209443, bug1208508, bug1208503, bug1209435, bug1209451, bug1209456, bug1209541, bug1208503, bug1209546
This commit is contained in:
Roy Tam 2020-01-07 17:30:06 +08:00
parent 430790c1b1
commit 5c0160b5fb
23 changed files with 2432 additions and 1634 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3897
security/nss/cmd/fipstest/fipstest.c
View File

File diff suppressed because it is too large Load Diff

5
security/nss/cmd/lib/derprint.c
View File

@ -503,9 +503,10 @@ prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end,
data += lenLen;
/*
* Just quit now if slen more bytes puts us off the end.
* Just quit now if slen more bytes puts us off the end,
* or if there's no more data to process.
*/
if ((data + slen) > end) {
if ((data + slen) >= end) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}

6
security/nss/cmd/pk11mode/pk11mode.c
View File

@ -2090,8 +2090,8 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
}
PKM_LogIt("C_GetMechanismList returned the mechanism types:\n");
if (verbose) {
for (i = 1; i <= mechanismCount; i++) {
mechName = getName(pMechanismList[(i-1)], ConstMechanism);
for (i = 0; i < mechanismCount; i++) {
mechName = getName(pMechanismList[(i)], ConstMechanism);
/* output two mechanism name on each line */
/* currently the longest known mechansim name length is 37 */
@ -2100,7 +2100,7 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList,
} else {
printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]);
}
if ((i != 0) && ((i % 2) == 0 )) printf("\n");
if ((i % 2) == 1 ) printf("\n");
}
printf("\n\n");
}

4
security/nss/lib/certhigh/certvfypkix.c
View File

@ -1454,7 +1454,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
CERTCertListNode *node;
PKIX_PL_Cert *certPkix = NULL;
PKIX_TrustAnchor *trustAnchor = NULL;
PKIX_PL_Date *revDate = NULL;
PKIX_RevocationChecker *revChecker = NULL;
PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext;
@ -1664,9 +1663,6 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams,
if (date != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext);
if (revDate != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)revDate, plContext);
if (revChecker != NULL)
PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext);

2
security/nss/lib/freebl/Makefile
View File

@ -559,7 +559,7 @@ SINGLE_SHLIB_DIR = $(OBJDIR)/$(OS_TARGET)_SINGLE_SHLIB
ALL_TRASH += $(SINGLE_SHLIB_DIR)
$(SINGLE_SHLIB_DIR):
-mkdir $(SINGLE_SHLIB_DIR)
-mkdir -p $(SINGLE_SHLIB_DIR)
release_md libs:: $(SINGLE_SHLIB_DIR)
$(MAKE) FREEBL_CHILD_BUILD=1 \

5
security/nss/lib/freebl/nsslowhash.h
View File

@ -8,6 +8,9 @@
* Also NOTE: this only works with Hashing. Only the FIPS interface is enabled.
*/
#ifndef _NSSLOWHASH_H_
#define _NSSLOWHASH_H_
typedef struct NSSLOWInitContextStr NSSLOWInitContext;
typedef struct NSSLOWHASHContextStr NSSLOWHASHContext;
@ -26,3 +29,5 @@ void NSSLOWHASH_End(NSSLOWHASHContext *context,
unsigned int *ret, unsigned int len);
void NSSLOWHASH_Destroy(NSSLOWHASHContext *context);
unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context);
#endif

6
security/nss/lib/libpkix/include/pkix_revchecker.h
View File

@ -65,12 +65,10 @@ extern "C" {
* FUNCTION: PKIX_RevocationChecker_Create
* DESCRIPTION:
*
* Creates revocation checker object with a given flags.
* Creates a revocation checker object with the given flags. Revocation will
* be checked at the current date.
*
* PARAMETERS:
* "revDate"
* Revocation will be checked at this date. Current date is taken if the
* parameter is not specified.
* "leafMethodListFlags"
* Defines a set of method independent flags that will be used to check
* revocation of the leaf cert in the chain.

1
security/nss/lib/pk11wrap/pk11cert.c
View File

@ -1381,6 +1381,7 @@ pk11_keyIDHash_populate(void *wincx)
}
moduleLock = SECMOD_GetDefaultModuleListLock();
if (!moduleLock) {
SECITEM_FreeItem(slotid, PR_TRUE);
PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
return PR_FAILURE;
}

1
security/nss/lib/pk11wrap/pk11slot.c
View File

@ -400,6 +400,7 @@ PK11_NewSlotInfo(SECMODModule *mod)
slot->minPassword = 0;
slot->maxPassword = 0;
slot->hasRootCerts = PR_FALSE;
slot->hasRootTrust = PR_FALSE;
slot->nssToken = NULL;
return slot;
}

5
security/nss/lib/pkcs7/p7common.c
View File

@ -566,7 +566,7 @@ SEC_PKCS7DecryptContents(PLArenaPool *poolp,
{
SECAlgorithmID *algid = NULL;
SECStatus rv = SECFailure;
SECItem *result = NULL, *dest, *src;
SECItem *dest, *src;
void *mark;
PK11SymKey *eKey = NULL;
@ -645,9 +645,6 @@ SEC_PKCS7DecryptContents(PLArenaPool *poolp,
loser:
/* let success fall through */
if(result != NULL)
SECITEM_ZfreeItem(result, PR_TRUE);
if(rv == SECFailure)
PORT_ArenaRelease(poolp, mark);
else

2
security/nss/lib/smime/cmscinfo.c
View File

@ -227,7 +227,7 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn
void *
NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo)
{
SECOidTag tag = (cinfo && cinfo->contentTypeTag)
SECOidTag tag = cinfo->contentTypeTag
? cinfo->contentTypeTag->offset
: SEC_OID_UNKNOWN;
switch (tag) {

1
security/nss/lib/smime/cmssiginfo.c
View File

@ -404,6 +404,7 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo,
if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr),
&encoded_attrs) == NULL ||
encoded_attrs.data == NULL || encoded_attrs.len == 0) {
PORT_FreeArena(poolp, PR_FALSE);
vs = NSSCMSVS_ProcessingError;
goto loser;
}

14
security/nss/lib/softoken/legacydb/Makefile
View File

@ -20,7 +20,19 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
ifdef NSS_NO_INIT_SUPPORT
DEFINES += -DNSS_NO_INIT_SUPPORT
endif
ifeq ($(OS_TARGET),Linux)
ifeq ($(CPU_ARCH),ppc)
ifdef USE_64
DEFINES += -DNSS_NO_INIT_SUPPORT
endif # USE_64
endif # ppc
else # !Linux
# turn off no init support everywhere for now
DEFINES += -DNSS_NO_INIT_SUPPORT
endif # Linux
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #

10
security/nss/lib/softoken/legacydb/lginit.c
View File

@ -479,14 +479,6 @@ lg_HashNumber(const void *key)
return (PLHashNumber)((char *)key - (char *)NULL);
}
PRIntn
lg_CompareValues(const void *v1, const void *v2)
{
PLHashNumber value1 = lg_HashNumber(v1);
PLHashNumber value2 = lg_HashNumber(v2);
return (value1 == value2);
}
/*
* helper function to wrap a NSSLOWCERTCertDBHandle or a NSSLOWKEYDBHandle
* with and sdb structure.
@ -515,7 +507,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr,
if (lgdb_p->dbLock == NULL) {
goto loser;
}
lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, lg_CompareValues,
lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, PL_CompareValues,
SECITEM_HashCompare, NULL, 0);
if (lgdb_p->hashTable == NULL) {
goto loser;

6
security/nss/lib/softoken/legacydb/lgutil.c
View File

@ -303,8 +303,10 @@ lg_mkHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class)
/* there is only one KRL, use a fixed handle for it */
if (handle != LG_TOKEN_KRL_HANDLE) {
lg_XORHash(hashBuf,dbKey->data,dbKey->len);
handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) |
(hashBuf[2] << 8) | hashBuf[3];
handle = ((CK_OBJECT_HANDLE)hashBuf[0] << 24) |
((CK_OBJECT_HANDLE)hashBuf[1] << 16) |
((CK_OBJECT_HANDLE)hashBuf[2] << 8) |
(CK_OBJECT_HANDLE)hashBuf[3];
handle = class | (handle & ~(LG_TOKEN_TYPE_MASK|LG_TOKEN_MASK));
/* we have a CRL who's handle has randomly matched the reserved KRL
* handle, increment it */

7
security/nss/lib/softoken/legacydb/pcertdb.c
View File

@ -3381,13 +3381,10 @@ AddCertToPermDB(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert,
loser:
/* don't leave partial entry in the database */
if ( state > 0 ) {
rv = DeleteDBCertEntry(handle, &cert->certKey);
DeleteDBCertEntry(handle, &cert->certKey);
}
if ( ( state > 1 ) && donnentry ) {
rv = DeleteDBNicknameEntry(handle, nickname);
}
if ( state > 2 ) {
rv = DeleteDBSubjectEntry(handle, &cert->derSubject);
DeleteDBNicknameEntry(handle, nickname);
}
if ( certEntry ) {
DestroyDBEntry((certDBEntry *)certEntry);

2
security/nss/lib/softoken/pkcs11c.c
View File

@ -2577,6 +2577,7 @@ finish_rsa:
}
intpointer = PORT_New(CK_ULONG);
if (intpointer == NULL) {
PORT_Free(ctx);
crv = CKR_HOST_MEMORY;
break;
}
@ -2606,6 +2607,7 @@ finish_rsa:
}
intpointer = PORT_New(CK_ULONG);
if (intpointer == NULL) {
PORT_Free(ctx);
crv = CKR_HOST_MEMORY;
break;
}

59
security/nss/lib/ssl/ssl3con.c
View File

@ -94,19 +94,19 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
/* cipher_suite policy enabled isPresent */
#ifndef NSS_DISABLE_ECC
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
* bug 946147.
*/
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
@ -4731,6 +4731,11 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss,
SSL3Opaque sha_inner[MAX_MAC_LENGTH];
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) );
if (ss->ssl3.hs.hashType == handshake_hash_unknown) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
hashes->hashAlg = ssl_hash_none;
#ifndef NO_PKCS11_BYPASS
@ -4769,7 +4774,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss,
return SECFailure;
}
s[0] = (unsigned char)(sender >> 24);
s[1] = (unsigned char)(sender >> 16);
s[2] = (unsigned char)(sender >> 8);
@ -4906,7 +4910,6 @@ tls12_loser:
return SECFailure;
}
s[0] = (unsigned char)(sender >> 24);
s[1] = (unsigned char)(sender >> 16);
s[2] = (unsigned char)(sender >> 8);
@ -6958,7 +6961,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (peerKey == NULL) {
PORT_FreeArena(arena, PR_FALSE);
goto no_memory;
}
@ -6969,7 +6971,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
if (SECITEM_CopyItem(arena, &peerKey->u.rsa.modulus, &modulus) ||
SECITEM_CopyItem(arena, &peerKey->u.rsa.publicExponent, &exponent))
{
PORT_FreeArena(arena, PR_FALSE);
goto no_memory;
}
ss->sec.peerKey = peerKey;
@ -7069,7 +7070,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto no_memory;
}
ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (peerKey == NULL) {
goto no_memory;
}
@ -7083,7 +7084,6 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECITEM_CopyItem(arena, &peerKey->u.dh.base, &dh_g) ||
SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys))
{
PORT_FreeArena(arena, PR_FALSE);
goto no_memory;
}
ss->sec.peerKey = peerKey;
@ -7106,10 +7106,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, desc);
loser:
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
PORT_SetError( errCode );
return SECFailure;
no_memory: /* no-memory error has already been set. */
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
return SECFailure;
}
@ -9555,6 +9561,13 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
goto alert_loser;
}
if (!hashes) {
PORT_Assert(0);
desc = internal_error;
errCode = SEC_ERROR_LIBRARY_FAILURE;
goto alert_loser;
}
if (isTLS12) {
rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length,
&sigAndHash);
@ -11215,6 +11228,13 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length,
return SECFailure;
}
if (!hashes) {
PORT_Assert(0);
SSL3_SendAlert(ss, alert_fatal, internal_error);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0);
if (isTLS) {
TLSFinished tlsFinished;
@ -11440,6 +11460,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
SECStatus rv = SECSuccess;
SSL3HandshakeType type = ss->ssl3.hs.msg_type;
SSL3Hashes hashes; /* computed hashes are put here. */
SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */
PRUint8 hdr[4];
PRUint8 dtlsData[8];
@ -11450,7 +11471,8 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
* current message.
*/
ssl_GetSpecReadLock(ss); /************************************/
if((type == finished) || (type == certificate_verify)) {
if(((type == finished) && (ss->ssl3.hs.ws == wait_finished)) ||
((type == certificate_verify) && (ss->ssl3.hs.ws == wait_cert_verify))) {
SSL3Sender sender = (SSL3Sender)0;
ssl3CipherSpec *rSpec = ss->ssl3.prSpec;
@ -11459,6 +11481,9 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
rSpec = ss->ssl3.crSpec;
}
rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender);
if (rv == SECSuccess) {
hashesPtr = &hashes;
}
}
ssl_ReleaseSpecReadLock(ss); /************************************/
if (rv != SECSuccess) {
@ -11609,7 +11634,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY);
return SECFailure;
}
rv = ssl3_HandleCertificateVerify(ss, b, length, &hashes);
rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr);
break;
case client_key_exchange:
if (!ss->sec.isServer) {
@ -11628,7 +11653,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
rv = ssl3_HandleNewSessionTicket(ss, b, length);
break;
case finished:
rv = ssl3_HandleFinished(ss, b, length, &hashes);
rv = ssl3_HandleFinished(ss, b, length, hashesPtr);
break;
default:
(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);

9
security/nss/lib/ssl/ssl3ecc.c
View File

@ -704,7 +704,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
goto no_memory;
}
ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey);
if (peerKey == NULL) {
goto no_memory;
}
@ -725,7 +725,6 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
/* copy publicValue in peerKey */
if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point))
{
PORT_FreeArena(arena, PR_FALSE);
goto no_memory;
}
peerKey->pkcs11Slot = NULL;
@ -739,10 +738,16 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
alert_loser:
(void)SSL3_SendAlert(ss, alert_fatal, desc);
loser:
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
PORT_SetError( errCode );
return SECFailure;
no_memory: /* no-memory error has already been set. */
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE);
return SECFailure;
}

6
security/nss/tests/all.sh
View File

@ -201,7 +201,7 @@ run_cycle_upgrade_db()
# run the subset of tests with the upgraded database
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains"
TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains ssl_gtests"
echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null
RET=$?
@ -232,7 +232,7 @@ run_cycle_shared_db()
# run the tests for native sharedb support
TESTS="${ALL_TESTS}"
TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits"
TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits ssl_gtests"
echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null
RET=$?
@ -273,7 +273,7 @@ run_cycles()
cycles="standard pkix upgradedb sharedb"
CYCLES=${NSS_CYCLES:-$cycles}
tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains"
tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ssl_gtests"
TESTS=${NSS_TESTS:-$tests}
ALL_TESTS=${TESTS}

2
security/nss/tests/common/init.sh
View File

@ -234,7 +234,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
HTML_FAILED='</TD><TD bgcolor=red>Failed</TD><TR>'
HTML_FAILED_CORE='</TD><TD bgcolor=red>Failed Core</TD><TR>'
HTML_PASSED='</TD><TD bgcolor=lightGreen>Passed</TD><TR>'
HTML_UNKNOWN='</TD><TD>Unknown/TD><TR>'
HTML_UNKNOWN='</TD><TD>Unknown</TD><TR>'
TABLE_ARGS=

4
security/nss/tests/ssl/ssl.sh
View File

@ -437,10 +437,10 @@ ssl_stapling_sub()
start_selfserv
echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} -v ${CLIENT_OPTIONS} \\"
echo " -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}"
echo " -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}"
rm ${TMP}/$HOST.tmp.$$ 2>/dev/null
${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \
-d ${P_R_CLIENTDIR} -v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \
-d ${P_R_CLIENTDIR} -v -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \
>${TMP}/$HOST.tmp.$$ 2>&1
ret=$?
cat ${TMP}/$HOST.tmp.$$

12
security/nss/tests/ssl/sslauth.txt
View File

@ -65,12 +65,12 @@
# SNI Tests
#
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS
SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS
SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert