Backed out changeset ab292958d0e7 (bug 996237) for build failures on Android
authorEd Morley <emorley@mozilla.com>
Mon, 04 Aug 2014 15:34:42 +0100
changeset 197727 8783e1a91b37903a14b8982d84840bb4529c226e
parent 197726 0c7eb576ed31d787578c928778ddbb04abe674de
child 197728 c835743934c32692f9c7de4cbc76db47b394485c
push id27249
push userryanvm@gmail.com
push dateMon, 04 Aug 2014 20:14:35 +0000
treeherderautoland@7f81be7db528 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs996237
milestone34.0a1
backs outab292958d0e728ab6b0f45c2f4e5d92eaf735e18
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset ab292958d0e7 (bug 996237) for build failures on Android
media/mtransport/transportlayer.h
media/mtransport/transportlayerdtls.cpp
media/mtransport/transportlayerdtls.h
--- a/media/mtransport/transportlayer.h
+++ b/media/mtransport/transportlayer.h
@@ -24,17 +24,17 @@ class TransportFlow;
 
 typedef int TransportResult;
 
 enum {
   TE_WOULDBLOCK = -1, TE_ERROR = -2, TE_INTERNAL = -3
 };
 
 #define TRANSPORT_LAYER_ID(name) \
-  virtual const std::string id() const { return name; } \
+  virtual const std::string id() { return name; } \
   static std::string ID() { return name; }
 
 // Abstract base class for network transport layers.
 class TransportLayer : public sigslot::has_slots<> {
  public:
   // The state of the transport flow
   // We can't use "ERROR" because Windows has a macro named "ERROR"
   enum State { TS_NONE, TS_INIT, TS_CONNECTING, TS_OPEN, TS_CLOSED, TS_ERROR };
@@ -76,20 +76,20 @@ class TransportLayer : public sigslot::h
   // Event definitions that one can register for
   // State has changed
   sigslot::signal2<TransportLayer*, State> SignalStateChange;
   // Data received on the flow
   sigslot::signal3<TransportLayer*, const unsigned char *, size_t>
                          SignalPacketReceived;
 
   // Return the layer id for this layer
-  virtual const std::string id() const = 0;
+  virtual const std::string id() = 0;
 
   // The id of the flow
-  const std::string& flow_id() const {
+  const std::string& flow_id() {
     return flow_id_;
   }
 
  protected:
   virtual void WasInserted() {}
   virtual void SetState(State state, const char *file, unsigned line);
   // Check if we are on the right thread
   void CheckThread() {
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -495,21 +495,21 @@ bool TransportLayerDtls::Setup() {
 
     rv = SSL_OptionSet(ssl_fd, SSL_REQUIRE_CERTIFICATE, PR_TRUE);
     if (rv != SECSuccess) {
       MOZ_MTLOG(ML_ERROR, "Couldn't require certificate");
       return false;
     }
   }
 
-  // Require TLS 1.1 or 1.2. Perhaps some day in the future we will allow TLS
-  // 1.0 for stream modes.
+  // Require TLS 1.1. Perhaps some day in the future we will allow
+  // TLS 1.0 for stream modes.
   SSLVersionRange version_range = {
     SSL_LIBRARY_VERSION_TLS_1_1,
-    SSL_LIBRARY_VERSION_TLS_1_2
+    SSL_LIBRARY_VERSION_TLS_1_1
   };
 
   rv = SSL_VersionRangeSet(ssl_fd, &version_range);
   if (rv != SECSuccess) {
     MOZ_MTLOG(ML_ERROR, "Can't disable SSLv3");
     return false;
   }
 
@@ -544,18 +544,26 @@ bool TransportLayerDtls::Setup() {
   }
 
   rv = SSL_OptionSet(ssl_fd, SSL_NO_LOCKS, PR_TRUE);
   if (rv != SECSuccess) {
     MOZ_MTLOG(ML_ERROR, "Couldn't disable locks");
     return false;
   }
 
-  if (!SetupCipherSuites(ssl_fd)) {
-    return false;
+  // Set the SRTP ciphers
+  if (srtp_ciphers_.size()) {
+    // Note: std::vector is guaranteed to contiguous
+    rv = SSL_SetSRTPCiphers(ssl_fd, &srtp_ciphers_[0],
+                            srtp_ciphers_.size());
+
+    if (rv != SECSuccess) {
+      MOZ_MTLOG(ML_ERROR, "Couldn't set SRTP cipher suite");
+      return false;
+    }
   }
 
   // Certificate validation
   rv = SSL_AuthCertificateHook(ssl_fd, AuthCertificateHook,
                                reinterpret_cast<void *>(this));
   if (rv != SECSuccess) {
     MOZ_MTLOG(ML_ERROR, "Couldn't set certificate validation hook");
     return false;
@@ -575,126 +583,16 @@ bool TransportLayerDtls::Setup() {
 
   if (downward_->state() == TS_OPEN) {
     Handshake();
   }
 
   return true;
 }
 
-// Ciphers we need to enable.  These are on by default in standard firefox
-// builds, but can be disabled with prefs and they aren't on in our unit tests
-// since that uses NSS default configuration.
-// Only override prefs to comply with MUST statements in the security-arch.
-static const uint32_t EnabledCiphers[] = {
-  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-};
-
-// Disalbe all NSS suites modes without PFS or with old and rusty ciphersuites.
-// Anything outside this list is governed by the usual combination of policy
-// and user preferences.
-static const uint32_t DisabledCiphers[] = {
-  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
-  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-  TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-
-  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
-  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
-  TLS_DHE_DSS_WITH_RC4_128_SHA,
-
-  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-  TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-  TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
-  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
-  TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
-  TLS_ECDH_RSA_WITH_RC4_128_SHA,
-
-  TLS_RSA_WITH_AES_128_GCM_SHA256,
-  TLS_RSA_WITH_AES_128_CBC_SHA,
-  TLS_RSA_WITH_AES_128_CBC_SHA256,
-  TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
-  TLS_RSA_WITH_AES_256_CBC_SHA,
-  TLS_RSA_WITH_AES_256_CBC_SHA256,
-  TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
-  TLS_RSA_WITH_SEED_CBC_SHA,
-  SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-  TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-  TLS_RSA_WITH_RC4_128_SHA,
-  TLS_RSA_WITH_RC4_128_MD5,
-
-  TLS_DHE_RSA_WITH_DES_CBC_SHA,
-  TLS_DHE_DSS_WITH_DES_CBC_SHA,
-  SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-  TLS_RSA_WITH_DES_CBC_SHA,
-
-  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-
-  TLS_RSA_EXPORT_WITH_RC4_40_MD5,
-  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
-
-  TLS_ECDHE_ECDSA_WITH_NULL_SHA,
-  TLS_ECDHE_RSA_WITH_NULL_SHA,
-  TLS_ECDH_ECDSA_WITH_NULL_SHA,
-  TLS_ECDH_RSA_WITH_NULL_SHA,
-
-  TLS_RSA_WITH_NULL_SHA,
-  TLS_RSA_WITH_NULL_SHA256,
-  TLS_RSA_WITH_NULL_MD5,
-};
-
-bool TransportLayerDtls::SetupCipherSuites(PRFileDesc* ssl_fd) const {
-  SECStatus rv;
-
-  // Set the SRTP ciphers
-  if (!srtp_ciphers_.empty()) {
-    // Note: std::vector is guaranteed to contiguous
-    rv = SSL_SetSRTPCiphers(ssl_fd, &srtp_ciphers_[0], srtp_ciphers_.size());
-
-    if (rv != SECSuccess) {
-      MOZ_MTLOG(ML_ERROR, "Couldn't set SRTP cipher suite");
-      return false;
-    }
-  }
-
-  for (size_t i = 0; i < PR_ARRAY_SIZE(EnabledCiphers); ++i) {
-    MOZ_MTLOG(ML_INFO, LAYER_INFO << "Enabling: " << EnabledCiphers[i]);
-    rv = SSL_CipherPrefSet(ssl_fd, EnabledCiphers[i], PR_TRUE);
-    if (rv != SECSuccess) {
-      MOZ_MTLOG(ML_ERROR, LAYER_INFO <<
-                "Unable to enable suite: " << EnabledCiphers[i]);
-      return false;
-    }
-  }
-
-  for (size_t i = 0; i < PR_ARRAY_SIZE(DisabledCiphers); ++i) {
-    MOZ_MTLOG(ML_INFO, LAYER_INFO << "Disabling: " << DisabledCiphers[i]);
-
-    PRBool enabled = false;
-    rv = SSL_CipherPrefGet(ssl_fd, DisabledCiphers[i], &enabled);
-    if (rv != SECSuccess) {
-      MOZ_MTLOG(ML_NOTICE, LAYER_INFO <<
-                "Unable to check if suite is enabled: " << DisabledCiphers[i]);
-      return false;
-    }
-    if (enabled) {
-      rv = SSL_CipherPrefSet(ssl_fd, DisabledCiphers[i], PR_FALSE);
-      if (rv != SECSuccess) {
-        MOZ_MTLOG(ML_NOTICE, LAYER_INFO <<
-                  "Unable to disable suite: " << DisabledCiphers[i]);
-        return false;
-      }
-    }
-  }
-  return true;
-}
 
 void TransportLayerDtls::StateChange(TransportLayer *layer, State state) {
   if (state <= state_) {
     MOZ_MTLOG(ML_ERROR, "Lower layer state is going backwards from ours");
     TL_SET_STATE(TS_ERROR);
     return;
   }
 
--- a/media/mtransport/transportlayerdtls.h
+++ b/media/mtransport/transportlayerdtls.h
@@ -121,17 +121,16 @@ class TransportLayerDtls : public Transp
 
    private:
     ~VerificationDigest() {}
     DISALLOW_COPY_ASSIGN(VerificationDigest);
   };
 
 
   bool Setup();
-  bool SetupCipherSuites(PRFileDesc* ssl_fd) const;
   void Handshake();
 
   static SECStatus GetClientAuthDataHook(void *arg, PRFileDesc *fd,
                                          CERTDistNames *caNames,
                                          CERTCertificate **pRetCert,
                                          SECKEYPrivateKey **pRetKey);
   static SECStatus AuthCertificateHook(void *arg,
                                        PRFileDesc *fd,