Backed out changeset db6a856a9d37 (bug 1301407) for Assertion failures at nsNSSComponent.cpp
authorIris Hsiao <ihsiao@mozilla.com>
Tue, 08 Nov 2016 11:06:24 +0800
changeset 321600 788b95bf4ea32c2684fb30eb719ed1b078dcd3df
parent 321599 483dc75949fa15e328523b383ab4377ee50d753f
child 321601 01800003ec3b043995e4ec1daaaf827e7ee2bbee
push id30931
push userkwierso@gmail.com
push dateTue, 08 Nov 2016 21:58:36 +0000
treeherdermozilla-central@783356f1476e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1301407
milestone52.0a1
backs outdb6a856a9d378ded5fb8f2642e14e4cbef57c82c
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset db6a856a9d37 (bug 1301407) for Assertion failures at nsNSSComponent.cpp CLOSED TREE
security/manager/ssl/nsNSSComponent.cpp
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1277,36 +1277,26 @@ nsNSSComponent::ConfigureInternalPKCS11T
 
 nsresult
 nsNSSComponent::InitializePIPNSSBundle()
 {
   // Called during init only, no mutex required.
 
   nsresult rv;
   nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-  MOZ_RELEASE_ASSERT(bundleService);
-#endif
   if (NS_FAILED(rv) || !bundleService)
     return NS_ERROR_FAILURE;
 
   bundleService->CreateBundle("chrome://pipnss/locale/pipnss.properties",
                               getter_AddRefs(mPIPNSSBundle));
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(mPIPNSSBundle);
-#endif
   if (!mPIPNSSBundle)
     rv = NS_ERROR_FAILURE;
 
   bundleService->CreateBundle("chrome://pipnss/locale/nsserrors.properties",
                               getter_AddRefs(mNSSErrorsBundle));
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(mNSSErrorsBundle);
-#endif
   if (!mNSSErrorsBundle)
     rv = NS_ERROR_FAILURE;
 
   return rv;
 }
 
 // Table of pref names and SSL cipher ID
 typedef struct {
@@ -1468,19 +1458,16 @@ StaticRefPtr<CipherSuiteChangeObserver> 
 // static
 nsresult
 CipherSuiteChangeObserver::StartObserve()
 {
   NS_ASSERTION(NS_IsMainThread(), "CipherSuiteChangeObserver::StartObserve() can only be accessed in main thread");
   if (!sObserver) {
     RefPtr<CipherSuiteChangeObserver> observer = new CipherSuiteChangeObserver();
     nsresult rv = Preferences::AddStrongObserver(observer.get(), "security.");
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-#endif
     if (NS_FAILED(rv)) {
       sObserver = nullptr;
       return rv;
     }
 
     nsCOMPtr<nsIObserverService> observerService =
       mozilla::services::GetObserverService();
     observerService->AddObserver(observer, NS_XPCOM_SHUTDOWN_OBSERVER_ID,
@@ -1720,19 +1707,16 @@ GetNSSProfilePath(nsAutoCString& aProfil
     MOZ_LOG(gPIPNSSLog, LogLevel::Error,
            ("Could not get nsILocalFileWin for profile directory.\n"));
     return NS_ERROR_FAILURE;
   }
   rv = profileFileWin->GetNativeCanonicalPath(aProfilePath);
 #else
   rv = profileFile->GetNativePath(aProfilePath);
 #endif
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-#endif
   if (NS_FAILED(rv)) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Error,
            ("Could not get native path for profile directory.\n"));
     return rv;
   }
 
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
           ("NSS profile at '%s'\n", aProfilePath.get()));
@@ -1750,19 +1734,16 @@ nsNSSComponent::InitializeNSS()
   static_assert(nsINSSErrorsService::NSS_SEC_ERROR_BASE == SEC_ERROR_BASE &&
                 nsINSSErrorsService::NSS_SEC_ERROR_LIMIT == SEC_ERROR_LIMIT &&
                 nsINSSErrorsService::NSS_SSL_ERROR_BASE == SSL_ERROR_BASE &&
                 nsINSSErrorsService::NSS_SSL_ERROR_LIMIT == SSL_ERROR_LIMIT,
                 "You must update the values in nsINSSErrorsService.idl");
 
   MutexAutoLock lock(mutex);
 
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(!mNSSInitialized);
-#endif
   if (mNSSInitialized) {
     // We should never try to initialize NSS more than once in a process.
     MOZ_ASSERT_UNREACHABLE("Trying to initialize NSS twice");
     return NS_ERROR_FAILURE;
   }
 
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization beginning\n"));
 
@@ -1771,73 +1752,55 @@ nsNSSComponent::InitializeNSS()
   // If we could assume i18n will not change between profiles, one call per application
   // run were sufficient. As I can't predict what happens in the future, let's repeat
   // this call for every re-init of NSS.
 
   ConfigureInternalPKCS11Token();
 
   nsAutoCString profileStr;
   nsresult rv = GetNSSProfilePath(profileStr);
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-#endif
   if (NS_FAILED(rv)) {
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   SECStatus init_rv = SECFailure;
   bool nocertdb = Preferences::GetBool("security.nocertdb", false);
   bool inSafeMode = true;
   nsCOMPtr<nsIXULRuntime> runtime(do_GetService("@mozilla.org/xre/runtime;1"));
   // There might not be an nsIXULRuntime in embedded situations. This will
   // default to assuming we are in safe mode (as a result, no external PKCS11
   // modules will be loaded).
   if (runtime) {
     rv = runtime->GetInSafeMode(&inSafeMode);
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-#endif
     if (NS_FAILED(rv)) {
       return rv;
     }
   }
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode));
 
   if (!nocertdb && !profileStr.IsEmpty()) {
     // First try to initialize the NSS DB in read/write mode.
     // Only load PKCS11 modules if we're not in safe mode.
     init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
     // If that fails, attempt read-only mode.
     if (init_rv != SECSuccess) {
       MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get()));
       init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode);
-#ifdef ANDROID
-      MOZ_RELEASE_ASSERT(init_rv == SECSuccess);
-#endif
     }
     if (init_rv != SECSuccess) {
       MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n"));
     }
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(init_rv == SECSuccess);
-#endif
   }
   // If we haven't succeeded in initializing the DB in our profile
   // directory or we don't have a profile at all, or the "security.nocertdb"
   // pref has been set to "true", attempt to initialize with no DB.
   if (nocertdb || init_rv != SECSuccess) {
     init_rv = NSS_NoDB_Init(nullptr);
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(init_rv == SECSuccess);
-#endif
   }
   if (init_rv != SECSuccess) {
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(false);
-#endif
     MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("could not initialize NSS - panicking\n"));
     return NS_ERROR_NOT_AVAILABLE;
   }
 
   // ensure we have an initial value for the content signer root
   mContentSigningRootHash =
     Preferences::GetString("security.content.signature.root_hash");
 
@@ -1849,30 +1812,24 @@ nsNSSComponent::InitializeNSS()
 
   // Register an observer so we can inform NSS when these prefs change
   Preferences::AddStrongObserver(this, "security.");
 
   SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
   SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
 
   rv = setEnabledTLSVersions();
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-#endif
   if (NS_FAILED(rv)) {
     return NS_ERROR_UNEXPECTED;
   }
 
   DisableMD5();
   LoadLoadableRoots();
 
   rv = LoadExtendedValidationInfo();
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-#endif
   if (NS_FAILED(rv)) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to load EV info"));
     return rv;
   }
 
   MaybeEnableFamilySafetyCompatibility();
   MaybeImportEnterpriseRoots();
 
@@ -1902,72 +1859,57 @@ nsNSSComponent::InitializeNSS()
                        Preferences::GetBool("security.ssl.enable_alpn",
                                             ALPN_ENABLED_DEFAULT));
 
   SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
                        Preferences::GetBool("security.tls.enable_0rtt_data",
                                             ENABLED_0RTT_DATA_DEFAULT));
 
   if (NS_FAILED(InitializeCipherSuite())) {
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(false);
-#endif
     MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to initialize cipher suite settings\n"));
     return NS_ERROR_FAILURE;
   }
 
   // TLSServerSocket may be run with the session cache enabled. It is necessary
   // to call this once before that can happen. This specifies a maximum of 1000
   // cache entries (the default number of cache entries is 10000, which seems a
   // little excessive as there probably won't be that many clients connecting to
   // any TLSServerSockets the browser runs.)
   // Note that this must occur before any calls to SSL_ClearSessionCache
   // (otherwise memory will leak).
   if (SSL_ConfigServerSessionIDCache(1000, 0, 0, nullptr) != SECSuccess) {
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(false);
-#endif
     return NS_ERROR_FAILURE;
   }
 
   // ensure the CertBlocklist is initialised
   nsCOMPtr<nsICertBlocklist> certList = do_GetService(NS_CERTBLOCKLIST_CONTRACTID);
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(certList);
-#endif
   if (!certList) {
     return NS_ERROR_FAILURE;
   }
 
   // dynamic options from prefs
   setValidationOptions(true, lock);
 
 #ifndef MOZ_NO_SMART_CARDS
   LaunchSmartCardThreads();
 #endif
 
   mozilla::pkix::RegisterErrorTable();
 
   // Initialize the site security service
   nsCOMPtr<nsISiteSecurityService> sssService =
     do_GetService(NS_SSSERVICE_CONTRACTID);
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(sssService);
-#endif
   if (!sssService) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize site security service\n"));
     return NS_ERROR_FAILURE;
   }
 
   // Initialize the cert override service
   nsCOMPtr<nsICertOverrideService> coService =
     do_GetService(NS_CERTOVERRIDE_CONTRACTID);
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(coService);
-#endif
   if (!coService) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize cert override service\n"));
     return NS_ERROR_FAILURE;
   }
 
   if (PK11_IsFIPS()) {
     Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true);
   }
@@ -2029,19 +1971,16 @@ nsNSSComponent::Init()
     return NS_ERROR_NOT_SAME_THREAD;
   }
 
   nsresult rv = NS_OK;
 
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n"));
 
   rv = InitializePIPNSSBundle();
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-#endif
   if (NS_FAILED(rv)) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to create pipnss bundle.\n"));
     return rv;
   }
 
   // Access our string bundles now, this prevents assertions from I/O
   // - nsStandardURL not thread-safe
   // - wrong thread: 'NS_IsMainThread()' in nsIOService.cpp
@@ -2052,19 +1991,16 @@ nsNSSComponent::Init()
     mPIPNSSBundle->GetStringFromName(dummy_name.get(),
                                      getter_Copies(result));
     mNSSErrorsBundle->GetStringFromName(dummy_name.get(),
                                         getter_Copies(result));
   }
 
 
   rv = InitializeNSS();
-#ifdef ANDROID
-  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-#endif
   if (NS_FAILED(rv)) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Error,
             ("nsNSSComponent::InitializeNSS() failed\n"));
     return rv;
   }
 
   RememberCertErrorsTable::Init();
 
@@ -2216,19 +2152,16 @@ nsresult nsNSSComponent::LogoutAuthentic
 
 nsresult
 nsNSSComponent::RegisterObservers()
 {
   // Happens once during init only, no mutex protection.
 
   nsCOMPtr<nsIObserverService> observerService(
     do_GetService("@mozilla.org/observer-service;1"));
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(observerService);
-#endif
   if (!observerService) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
             ("nsNSSComponent: couldn't get observer service\n"));
     return NS_ERROR_FAILURE;
   }
 
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: adding observers\n"));
   // Using false for the ownsweak parameter means the observer service will
@@ -2440,19 +2373,16 @@ namespace mozilla {
 namespace psm {
 
 nsresult
 InitializeCipherSuite()
 {
   NS_ASSERTION(NS_IsMainThread(), "InitializeCipherSuite() can only be accessed in main thread");
 
   if (NSS_SetDomesticPolicy() != SECSuccess) {
-#ifdef ANDROID
-    MOZ_RELEASE_ASSERT(false);
-#endif
     return NS_ERROR_FAILURE;
   }
 
   // Disable any ciphers that NSS might have enabled by default
   for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
     uint16_t cipher_id = SSL_ImplementedCiphers[i];
     SSL_CipherPrefSetDefault(cipher_id, false);
   }