Closed Bug 1396137 Opened 6 years ago Closed 6 years ago

update broken-fips-pkcs#11-module-db-handling-code for when we use the sqlite-backed databases

Categories

(Core :: Security: PSM, defect, P1)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla57
Tracking Flags:
Tracking Status
firefox57 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

bug 1396137 - update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses
59 bytes, text/x-review-board-request
jcj
: review+
Details 
NSS behaves slightly differently when using the sqlite-backed databases. In particular, the error code returned when FIPS can't be enabled on startup is different. Also, the name of the pkcs#11 module db file is different. See upcoming patch.
Comment on attachment 8903826 [details]
bug 1396137 - update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses

https://reviewboard.mozilla.org/r/175586/#review180670

OK, looks fine.

::: security/manager/ssl/nsNSSComponent.cpp:1922
(Diff revision 1)
>    if (!safeMode && (savedPRErrorCode1 == SEC_ERROR_LEGACY_DATABASE ||
> -                    savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE)) {
> +                    savedPRErrorCode2 == SEC_ERROR_LEGACY_DATABASE ||
> +                    savedPRErrorCode1 == SEC_ERROR_PKCS11_DEVICE_ERROR ||
> +                    savedPRErrorCode2 == SEC_ERROR_PKCS11_DEVICE_ERROR)) {

Honestly, this is getting a bit ugly, but I'm-a gonna let it pass for this, it's short-ish term hackery, .... right? A few ESRs from now this will be gone...
Attachment #8903826 - Flags: review?(jjones) → review+
Well, hopefully. We can probably at least simplify it when we've actually transitioned to the sqlite dbs. Anyway, thanks!
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2b0d4df90489
update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses r=jcj
Backed out for build bustage, at least on Android at security/manager/ssl/nsNSSComponent.cpp:1915: 'savedPRErrorCode1' was not declared in this scope etc:

https://hg.mozilla.org/integration/autoland/rev/2adbaf665a26354a7abced57248a05fc4f27d854

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=2b0d4df90489db8e1922c28cf3c9fc973ce86d0b&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable
Build log: https://treeherder.mozilla.org/logviewer.html#?job_id=128594747&repo=autoland

 /builds/worker/workspace/build/src/security/manager/ssl/nsNSSComponent.cpp:1915:57: error: 'savedPRErrorCode1' was not declared in this scope
/builds/worker/workspace/build/src/security/manager/ssl/nsNSSComponent.cpp:1916:12: error: 'savedPRErrorCode2' was not declared in this scope
Flags: needinfo?(dkeeler)
D'oh. Thanks for backing it out.
Flags: needinfo?(dkeeler)
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/35df0b24828d
update broken fips pkcs#11 module db handling code for when we use the sqlite-backed databses r=jcj
https://hg.mozilla.org/mozilla-central/rev/35df0b24828d
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox57: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla57
You need to log in before you can comment on or make changes to this bug.