author | Raymond Etornam Agbeame(:retornam) <mozbugs.retornam@gmail.com> |
Thu, 22 Jan 2015 16:02:30 -0800 | |
changeset 225501 | f4ddeae5b6c4b5bfda50066386133e4346697e94 |
parent 225500 | e18607ef70216797946bb205d099d72c28bb4115 |
child 225502 | 67d15be29a07bb76bbc7a3a05416c9743f0af732 |
push id | 28163 |
push user | philringnalda@gmail.com |
push date | Sat, 24 Jan 2015 16:27:39 +0000 |
treeherder | mozilla-central@1cf171c1a177 [default view] [failures only] |
perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
reviewers | keeler |
bugs | 1109235 |
milestone | 38.0a1 |
first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
CLOBBER | file | annotate | diff | comparison | revisions | |
security/manager/ssl/public/moz.build | file | annotate | diff | comparison | revisions | |
security/manager/ssl/public/nsIStreamCipher.idl | file | annotate | diff | comparison | revisions | |
security/manager/ssl/src/moz.build | file | annotate | diff | comparison | revisions | |
security/manager/ssl/src/nsNSSModule.cpp | file | annotate | diff | comparison | revisions | |
security/manager/ssl/src/nsStreamCipher.cpp | file | annotate | diff | comparison | revisions | |
security/manager/ssl/src/nsStreamCipher.h | file | annotate | diff | comparison | revisions |
--- a/CLOBBER +++ b/CLOBBER @@ -17,9 +17,9 @@ # # Modifying this file will now automatically clobber the buildbot machines \o/ # # Are you updating CLOBBER because you think it's needed for your WebIDL # changes to stick? As of bug 928195, this shouldn't be necessary! Please # don't change CLOBBER for WebIDL changes any more. -Bugs 1101331 - See if a CLOBBER helps the situation any. +bug 1114669 removes nsIStreamCipher.idl, which requires a clobber according to bug 1114669
--- a/security/manager/ssl/public/moz.build +++ b/security/manager/ssl/public/moz.build @@ -26,17 +26,16 @@ XPIDL_SOURCES += [ 'nsIPK11TokenDB.idl', 'nsIPKCS11.idl', 'nsIPKCS11Module.idl', 'nsIPKCS11ModuleDB.idl', 'nsIPKCS11Slot.idl', 'nsIProtectedAuthThread.idl', 'nsISSLErrorListener.idl', 'nsISSLStatus.idl', - 'nsIStreamCipher.idl', 'nsITokenDialogs.idl', 'nsITokenPasswordDialogs.idl', 'nsIUserCertPicker.idl', 'nsIX509Cert.idl', 'nsIX509CertDB.idl', 'nsIX509CertList.idl', 'nsIX509CertValidity.idl', ]
deleted file mode 100644 --- a/security/manager/ssl/public/nsIStreamCipher.idl +++ /dev/null @@ -1,61 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "nsISupports.idl" -#include "nsIKeyModule.idl" - -interface nsIInputStream; - -/** - * Stream cipher interface. We're basically copying the interface from - * nsICryptoHash interface. - */ -[scriptable, uuid(1d507cd6-1630-4710-af1b-4012dbcc514c)] -interface nsIStreamCipher : nsISupports -{ - /** - * Initialize a stream cipher. - * @param aKey nsIKeyObject - */ - void init(in nsIKeyObject aKey); - - /** - * Initialize a stream cipher with an initialization vector. - * @param aKey nsIKeyObject - * @param aIV the initialization vector - * @param aIVLen the length of the initialization vector - */ - void initWithIV(in nsIKeyObject aKey, - [const, array, size_is(aIVLen)] in octet aIV, - in unsigned long aIVLen); - - /** - * Update from an array of bytes. - */ - void update([const, array, size_is(aLen)] in octet aData, in unsigned long aLen); - - /** - * Update from a stream. - */ - void updateFromStream(in nsIInputStream aStream, in long aLen); - - /** - * A more script friendly method (not in nsICryptoHash interface). - */ - void updateFromString(in ACString aInput); - - /** - * @param aASCII if true then the returned value is a base-64 - * encoded string. if false, then the returned value is - * binary data. - */ - ACString finish(in boolean aASCII); - - /** - * Discard aLen bytes of the keystream. - * These days 1536 is considered a decent amount to drop to get - * the key state warmed-up enough for secure usage. - */ - void discard(in long aLen); -};
--- a/security/manager/ssl/src/moz.build +++ b/security/manager/ssl/src/moz.build @@ -53,17 +53,16 @@ UNIFIED_SOURCES += [ 'nsPKCS12Blob.cpp', 'nsProtectedAuthThread.cpp', 'nsPSMBackgroundThread.cpp', 'nsRandomGenerator.cpp', 'nsSDR.cpp', 'NSSErrorsService.cpp', 'nsSSLSocketProvider.cpp', 'nsSSLStatus.cpp', - 'nsStreamCipher.cpp', 'nsTLSSocketProvider.cpp', 'nsUsageArrayHelper.cpp', 'PSMRunnable.cpp', 'SharedSSLState.cpp', 'SSLServerCertVerification.cpp', 'TransportSecurityInfo.cpp', ]
--- a/security/manager/ssl/src/nsNSSModule.cpp +++ b/security/manager/ssl/src/nsNSSModule.cpp @@ -26,17 +26,16 @@ #include "nsCryptoHash.h" //For the NS_CRYPTO_CONTRACTID define #include "nsDOMCID.h" #include "nsNetCID.h" #include "nsCertPicker.h" #include "nsCURILoader.h" #include "nsICategoryManager.h" #include "nsNTLMAuthModule.h" -#include "nsStreamCipher.h" #include "nsKeyModule.h" #include "nsDataSignatureVerifier.h" #include "nsCertOverrideService.h" #include "nsRandomGenerator.h" #include "nsSSLStatus.h" #include "TransportSecurityInfo.h" #include "NSSErrorsService.h" #include "nsNSSVersion.h" @@ -196,17 +195,16 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPRO #ifdef MOZ_XUL NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree) #endif NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertPicker) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCryptoHMAC) -NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsStreamCipher) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObject) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObjectFactory) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsRandomGenerator) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus) NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo) typedef mozilla::psm::NSSErrorsService NSSErrorsService; @@ -229,17 +227,16 @@ NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID #ifdef MOZ_XUL NS_DEFINE_NAMED_CID(NS_CERTTREE_CID); #endif NS_DEFINE_NAMED_CID(NS_PKCS11_CID); NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID); NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID); NS_DEFINE_NAMED_CID(NS_CERT_PICKER_CID); NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID); -NS_DEFINE_NAMED_CID(NS_STREAMCIPHER_CID); NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID); NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID); NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID); NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID); NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID); NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID); NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID); NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID); @@ -261,17 +258,16 @@ static const mozilla::Module::CIDEntry k #ifdef MOZ_XUL { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor }, #endif { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor }, { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor }, { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor }, { &kNS_CERT_PICKER_CID, false, nullptr, nsCertPickerConstructor }, { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor }, - { &kNS_STREAMCIPHER_CID, false, nullptr, nsStreamCipherConstructor }, { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor }, { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor }, { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor }, { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor }, { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor }, { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor }, { &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor }, { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor }, @@ -298,17 +294,16 @@ static const mozilla::Module::ContractID #endif { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID }, { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID }, { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID }, { NS_CERT_PICKER_CONTRACTID, &kNS_CERT_PICKER_CID }, { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID }, { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID }, { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID }, - { NS_STREAMCIPHER_CONTRACTID, &kNS_STREAMCIPHER_CID }, { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID }, { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID }, { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID }, { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID }, { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID }, { nullptr } };
deleted file mode 100644 --- a/security/manager/ssl/src/nsStreamCipher.cpp +++ /dev/null @@ -1,186 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "nsIKeyModule.h" -#include "nsStreamCipher.h" -#include "nsStreamUtils.h" -#include "base64.h" - -NS_IMPL_ISUPPORTS(nsStreamCipher, nsIStreamCipher) - -nsStreamCipher::nsStreamCipher() - : mContext(nullptr) -{ -} - -nsStreamCipher::~nsStreamCipher() -{ - if (mContext) - PK11_DestroyContext(mContext, true /* free sub-objects */); -} - -nsresult -nsStreamCipher::InitWithIV_(nsIKeyObject *aKey, SECItem* aIV) -{ - NS_ENSURE_ARG_POINTER(aKey); - - // Make sure we have a SYM_KEY. - int16_t keyType; - nsresult rv = aKey->GetType(&keyType); - NS_ENSURE_SUCCESS(rv, rv); - if (keyType != nsIKeyObject::SYM_KEY) - return NS_ERROR_INVALID_ARG; - - if (mContext) - PK11_DestroyContext(mContext, true /* free sub-objects */); - - // Get the PK11SymKey out of the key object and create the PK11Context. - void* keyObj; - rv = aKey->GetKeyObj(&keyObj); - NS_ENSURE_SUCCESS(rv, rv); - - PK11SymKey *symkey = reinterpret_cast<PK11SymKey*>(keyObj); - if (!symkey) - return NS_ERROR_FAILURE; - - CK_MECHANISM_TYPE cipherMech = PK11_GetMechanism(symkey); - - SECItem *param = nullptr; - // aIV may be null - param = PK11_ParamFromIV(cipherMech, aIV); - if (!param) - return NS_ERROR_FAILURE; - - mContext = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT, - symkey, param); - - SECITEM_FreeItem(param, true); - - // Something went wrong if mContext doesn't exist. - if (!mContext) - return NS_ERROR_FAILURE; - - // Everything went ok. - mValue.Truncate(); - return NS_OK; -} - -///////////////////////////////////////////////////////////////////////////// -// nsIStreamCipher - -NS_IMETHODIMP nsStreamCipher::Init(nsIKeyObject *aKey) -{ - return InitWithIV_(aKey, nullptr); -} - -NS_IMETHODIMP nsStreamCipher::InitWithIV(nsIKeyObject *aKey, - const uint8_t *aIV, uint32_t aIVLen) -{ - SECItem IV; - IV.data = (unsigned char*)aIV; - IV.len = aIVLen; - return InitWithIV_(aKey, &IV); -} - -NS_IMETHODIMP nsStreamCipher::Update(const uint8_t *aData, uint32_t aLen) -{ - if (!mContext) - return NS_ERROR_NOT_INITIALIZED; - - unsigned char* output = new unsigned char[aLen]; - unsigned char* input = (unsigned char*)aData; - - int32_t setLen; - -#ifdef DEBUG - SECStatus rv = -#endif - PK11_CipherOp(mContext, output, &setLen, aLen, input, aLen); - NS_ASSERTION(rv == SECSuccess, "failed to encrypt"); - NS_ASSERTION((uint32_t)setLen == aLen, "data length should not change"); - - mValue.Append((const char*)output, aLen); - - delete [] output; - - return NS_OK; -} - -NS_IMETHODIMP nsStreamCipher::UpdateFromStream(nsIInputStream *aStream, - int32_t aLen) -{ - if (!mContext) - return NS_ERROR_NOT_INITIALIZED; - - nsCString inputString; - nsresult rv = NS_ConsumeStream(aStream, aLen, inputString); - NS_ENSURE_SUCCESS(rv, rv); - - return UpdateFromString(inputString); -} - -NS_IMETHODIMP nsStreamCipher::UpdateFromString(const nsACString& aInput) -{ - if (!mContext) - return NS_ERROR_NOT_INITIALIZED; - - const nsCString& flatInput = PromiseFlatCString(aInput); - unsigned char* input = (unsigned char*)flatInput.get(); - uint32_t len = aInput.Length(); - - unsigned char* output = new unsigned char[len]; - - int32_t setLen; - -#ifdef DEBUG - SECStatus rv = -#endif - PK11_CipherOp(mContext, output, &setLen, len, input, len); - NS_ASSERTION(rv == SECSuccess, "failed to encrypt"); - NS_ASSERTION((uint32_t)setLen == len, "data length should not change"); - - mValue.Append((const char*)output, len); - delete [] output; - - return NS_OK; -} - -NS_IMETHODIMP nsStreamCipher::Finish(bool aASCII, nsACString & _retval) -{ - if (!mContext) - return NS_ERROR_NOT_INITIALIZED; - - if (aASCII) { - char *asciiData = BTOA_DataToAscii((unsigned char*)(mValue.get()), - mValue.Length()); - _retval.Assign(asciiData); - PORT_Free(asciiData); - } else { - _retval.Assign(mValue); - } - - return NS_OK; -} - -NS_IMETHODIMP nsStreamCipher::Discard(int32_t aLen) -{ - if (!mContext) - return NS_ERROR_NOT_INITIALIZED; - - unsigned char* output = new unsigned char[aLen]; - unsigned char* input = new unsigned char[aLen]; - - int32_t setLen; - -#ifdef DEBUG - SECStatus rv = -#endif - PK11_CipherOp(mContext, output, &setLen, aLen, input, aLen); - NS_ASSERTION(rv == SECSuccess, "failed to encrypt"); - NS_ASSERTION(setLen == aLen, "data length should not change"); - - delete [] output; - delete [] input; - return NS_OK; -}
deleted file mode 100644 --- a/security/manager/ssl/src/nsStreamCipher.h +++ /dev/null @@ -1,43 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef _NS_STREAMCIPHER_H_ -#define _NS_STREAMCIPHER_H_ - -#include "nsIStreamCipher.h" -#include "nsString.h" -#include "pk11func.h" -#include "mozilla/Attributes.h" - -/* dbfcbe4a-10f7-4d6f-a481-68e6d6b71d21 */ -#define NS_STREAMCIPHER_CID \ -{ 0xdbfcbe4a, 0x10f7, 0x4d6f, {0xa4, 0x81, 0x68, 0xe6, 0xd6, 0xb7, 0x1d, 0x21}} -#define NS_STREAMCIPHER_CONTRACTID "@mozilla.org/security/streamcipher;1" - -class nsStreamCipher MOZ_FINAL : public nsIStreamCipher -{ -public: - nsStreamCipher(); - - NS_DECL_ISUPPORTS - NS_DECL_NSISTREAMCIPHER - -private: - ~nsStreamCipher(); - - // Helper method for initializing this object. - // aIV may be null. - nsresult InitWithIV_(nsIKeyObject *aKey, SECItem* aIV); - - // Disallow copy constructor - nsStreamCipher(nsStreamCipher&); - - // Holds our stream cipher context. - PK11Context* mContext; - - // Holds the amount we've computed so far. - nsCString mValue; -}; - -#endif // _NS_STREAMCIPHER_H_