Closed Bug 1341290 Opened 8 years ago Closed 8 years ago

Upgrade OpenSSL for use with WebPush.

Categories

(Firefox for iOS :: Sync, defect)

Product:
Firefox for iOS
Component:
Sync
Platform:
Other
iOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Iteration:
1.16

People

(Reporter: jhugman, Assigned: jhugman)

References

Details

Attachments

(1 file)

Link to Github pull-request: https://github.com/mozilla-mobile/firefox-ios/pull/2457
55 bytes, text/x-github-pull-request
st3fan
: review+
Details | Review
No description provided.
Using ecec, which depends on OpenSSL version 1.1.0+.
Blocks: 1333767
Assignee: nobody → jhugman
Status: NEW → ASSIGNED
Attachment #8840867 - Flags: review?(sleroux)
Attachment #8840867 - Flags: review?(rnewman)
Comment on attachment 8840867 [details] [review] Link to Github pull-request: https://github.com/mozilla-mobile/firefox-ios/pull/2457 I think Steph's review for this is sufficient.
Attachment #8840867 - Flags: review?(rnewman)
I added review notes mostly about checking return values of OpenSSL functions. One thing that I am a bit worried about is the fact that we don't seem to initialize the OpenSSL library. The OpenSSL wiki says: "If you fail to initialize the library, then you will experience unexplained errors like SSL_CTX_new returning NULL, error messages like SSL_CTX_new:library has no ciphers and alert handshake failure with no shared ciphers." and suggests: "If you are using OpenSSL 1.0.2 or below, then you would use SSL_library_init. If you are using OpenSSL 1.1.0 or above, then you would use OPENSSL_init_ssl. " See https://wiki.openssl.org/index.php/Library_Initialization We only use the libcrypto part of OpenSSL, so I am not sure if this is problematic or not. It is unclear if we need to do anything at all.
Pre-upgrade, we were initializing OPENSSL_init_ssl only as part of sqlcipher initialization. This remains the same following the upgade. However, as per https://wiki.openssl.org/index.php/Library_Initialization#libcrypto_Initialization > libcrypto should be initialized with calls to OpenSSL_add_all_algorithms and ERR_load_crypto_strings. We should probably be doing this, independently of sqlcipher initialization.
Comment on attachment 8840867 [details] [review] Link to Github pull-request: https://github.com/mozilla-mobile/firefox-ios/pull/2457 Looked over the PR and looks OK by me but :st3fan is the expert here so deferring to him :)
Attachment #8840867 - Flags: review?(sleroux) → review?(sarentz)
Iteration: --- → 1.16
Ready for r? from :st3fan.
Flags: needinfo?(sarentz)
Comment on attachment 8840867 [details] [review] Link to Github pull-request: https://github.com/mozilla-mobile/firefox-ios/pull/2457 LGTM If the unit tests are all green, land it on master please.
Flags: needinfo?(sarentz)
Attachment #8840867 - Flags: review?(sarentz) → review+
Merged.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Blocks: 1333772
No longer blocks: 1333767
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: