Closed
Bug 1114882
Opened 10 years ago
Closed 10 years ago
Allow nsICryptoHash to be used in a content process
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla38
People
(Reporter: francois, Assigned: keeler)
References
Details
Attachments
(1 file, 3 obsolete files)
|
6.18 KB,
patch
|
keeler
:
review+
|
Details | Diff | Splinter Review |
The following doesn't work in under e10s when run in a GeckoProcessType_Content process:
nsresult rv;
nsCOMPtr<nsICryptoHash> cryptoHash;
cryptoHash = do_CreateInstance("@mozilla.org/security/hash;1", &rv);
The last line above triggers this error:
NS_ERROR("Trying to initialize PSM/NSS in a non-chrome process!");
(from http://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSComponent.cpp?from=nsNSSComponent.cpp&case=true#119)
The sub-resource integrity code (bug 992096) uses nsICryptoHash to hash sub-resources and compare that with the expected hash provided in the "integrity" attribute of a script tag.
|
Reporter | |
Comment 1•10 years ago
|
||
Here's my attempt at writing a test (possibly wrong) that should work once nsICryptoHash is made available to the content process.
|
|
Reporter | |
Comment 2•10 years ago
|
||
The test can be run like this:
./mach cppunittest ./obj-x86_64-unknown-linux-gnu/security/manager/ssl/tests/compiled/TestCryptoHash
|
Assignee | |
Comment 3•10 years ago
|
||
This should do what we want. The cpp unit test was having some troubles with XPCOM shutdown, I think, so I wrote an xpcshell test that should be sufficient.
Long term, I think NSS initialization should be refactored a bit so that it's easier to understand.
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8547860 -
Flags: review?(honzab.moz)
Attachment #8547860 -
Flags: feedback?(francois)
|
|
Reporter | |
Comment 4•10 years ago
|
||
Comment on attachment 8547860 [details] [diff] [review]
patch
I've just tested it with my patch on 992096 and all of my mochitests pass on e10s now.
Attachment #8547860 -
Flags: feedback?(francois) → feedback+
|
|
||
Updated•10 years ago
|
Attachment #8547860 -
Flags: review?(honzab.moz) → review+
|
|
Assignee | |
Comment 5•10 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=55658dc30b00
https://treeherder.mozilla.org/#/jobs?repo=try&revision=ba2994080557
Unfortunately, it looks like the test has to be disabled on b2g due to some test harness/sandboxing interactions. See bug 1124289. In any case:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7811ebf7e321
|
|
Assignee | |
Updated•10 years ago
|
Attachment #8540538 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 6•10 years ago
|
||
Attachment #8547860 -
Attachment is obsolete: true
Attachment #8552721 -
Flags: review+
Backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/5dac49e2f99e for Android S4 failures:
https://treeherder.mozilla.org/logviewer.html#?job_id=5737924&repo=mozilla-inbound
Flags: needinfo?(dkeeler)
|
|
Assignee | |
Comment 8•10 years ago
|
||
Well, I guess there's a similar situation with android.
https://hg.mozilla.org/integration/mozilla-inbound/rev/51ccf5f265f1
Attachment #8552721 -
Attachment is obsolete: true
Flags: needinfo?(dkeeler)
Attachment #8553229 -
Flags: review+
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
You need to log in
before you can comment on or make changes to this bug.
Description
•