Bug 1588567 - enable mozilla::pkix gtests in NSS r=jcj
authorDana Keeler <dkeeler@mozilla.com>
Fri, 01 Nov 2019 22:36:25 +0000
changeset 15370 27a29997f59819d712e2ccdd9d529f6dad99ca2d
parent 15369 7f578a829b29a2d63383ff7cf36ba778235ab77e
child 15371 35857ae98190c590ae00a01cb1a2ed48def3915f
push id3563
push userjjones@mozilla.com
push dateFri, 01 Nov 2019 23:32:37 +0000
reviewersjcj
bugs1588567
Bug 1588567 - enable mozilla::pkix gtests in NSS r=jcj Differential Revision: https://phabricator.services.mozilla.com/D49184
gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
lib/mozpkix/test-lib/pkixtestnss.cpp
tests/gtests/gtests.sh
--- a/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
+++ b/gtests/mozpkix_gtest/pkixcheck_CheckKeyUsage_tests.cpp
@@ -161,18 +161,18 @@ void ASSERT_SimpleCase(uint8_t unusedBit
   ASSERT_EQ(Success, CheckKeyUsage(EndEntityOrCA::MustBeCA, &good, usage));
 
   // We use (~bits >> unusedBits) << unusedBits) instead of using the same
   // calculation that is in CheckKeyUsage to validate that the calculation in
   // CheckKeyUsage is correct.
 
   // Test that none of the other non-padding bits are mistaken for the given
   // key usage in the single-byte value case.
-  NAMED_SIMPLE_KU(notGood, unusedBits,
-                  static_cast<uint8_t>((~bits >> unusedBits) << unusedBits));
+  uint8_t paddingBits = (static_cast<uint8_t>(~bits) >> unusedBits) << unusedBits;
+  NAMED_SIMPLE_KU(notGood, unusedBits, paddingBits);
   ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeEndEntity, &notGood, usage));
   ASSERT_BAD(CheckKeyUsage(EndEntityOrCA::MustBeCA, &notGood, usage));
 
   // Test that none of the other non-padding bits are mistaken for the given
   // key usage in the two-byte value case.
   const uint8_t twoByteNotGoodData[] = {
     0x03/*BIT STRING*/, 0x03/*LENGTH=3*/, unusedBits,
     static_cast<uint8_t>(~bits),
--- a/lib/mozpkix/test-lib/pkixtestnss.cpp
+++ b/lib/mozpkix/test-lib/pkixtestnss.cpp
@@ -231,17 +231,17 @@ TestKeyPair*
 GenerateKeyPairInner()
 {
   ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
   if (!slot) {
     abort();
   }
   PK11RSAGenParams params;
   params.keySizeInBits = 2048;
-  params.pe = 3;
+  params.pe = 65537;
 
   // Bug 1012786: PK11_GenerateKeyPair can fail if there is insufficient
   // entropy to generate a random key. Attempting to add some entropy and
   // retrying appears to solve this issue.
   for (uint32_t retries = 0; retries < 10; retries++) {
     SECKEYPublicKey* publicKeyTemp = nullptr;
     ScopedSECKEYPrivateKey
       privateKey(PK11_GenerateKeyPair(slot.get(), CKM_RSA_PKCS_KEY_PAIR_GEN,
--- a/tests/gtests/gtests.sh
+++ b/tests/gtests/gtests.sh
@@ -59,18 +59,24 @@ gtest_start()
       echo "${BINDIR}/certutil" -N -d "$DIR" --empty-password 2>&1
       "${BINDIR}/certutil" -N -d "$DIR" --empty-password 2>&1
 
       PROFILEDIR="$DIR" make_cert dummy p256 sign
     fi
     pushd "$DIR"
     GTESTREPORT="$DIR/report.xml"
     PARSED_REPORT="$DIR/report.parsed"
+    # The mozilla::pkix gtests cause an ODR violation that we ignore.
+    # See bug 1588567.
+    if [ "$i" = "mozpkix_gtest" ]; then
+      EXTRA_ASAN_OPTIONS="detect_odr_violation=0"
+    fi
     echo "executing $i"
-    "${BINDIR}/$i" "${SOURCE_DIR}/gtests/freebl_gtest/kat/Hash_DRBG.rsp" \
+    ASAN_OPTIONS="$ASAN_OPTIONS:$EXTRA_ASAN_OPTIONS" "${BINDIR}/$i" \
+                 "${SOURCE_DIR}/gtests/freebl_gtest/kat/Hash_DRBG.rsp" \
                  -d "$DIR" -w --gtest_output=xml:"${GTESTREPORT}" \
                               --gtest_filter="${GTESTFILTER:-*}"
     html_msg $? 0 "$i run successfully"
     echo "test output dir: ${GTESTREPORT}"
     echo "executing sed to parse the xml report"
     sed -f "${COMMON}/parsegtestreport.sed" "$GTESTREPORT" > "$PARSED_REPORT"
     echo "processing the parsed report"
     cat "$PARSED_REPORT" | while read result name; do
@@ -88,12 +94,12 @@ gtest_start()
 
 gtest_cleanup()
 {
   html "</TABLE><BR>"
   . "${QADIR}"/common/cleanup.sh
 }
 
 ################## main #################################################
-GTESTS="${GTESTS:-prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest sysinit_gtest blake2b_gtest smime_gtest}"
+GTESTS="${GTESTS:-prng_gtest certhigh_gtest certdb_gtest der_gtest pk11_gtest util_gtest freebl_gtest softoken_gtest sysinit_gtest blake2b_gtest smime_gtest mozpkix_gtest}"
 gtest_init "$0"
 gtest_start
 gtest_cleanup