Closed Bug 1430906 Opened 6 years ago Closed 6 years ago

pkix gtests hold NSS resources alive until shutdown

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
mozilla59
Tracking Status
firefox59 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

The mozilla::pkix gtests generate a shared private/public key pair that gets stashed in a global variable. Since it's not part of XPCOM or the existing NSS shutdown machinery, it doesn't get released at the appropriate time, which complicates our efforts to fix NSS shutdown (see e.g. bug 1417680). The current approach to solve this is fairly straightforward: generate the key pair as usual, but essentially serialize the data and only recreate it on demand (e.g. when signing data). That way, the objects are not held alive past the lifetime of the gtests.
As a way to test these changes without the other changes, running `MOZ_LOG="pipnss:4" ./mach gtest "psm*:pkix*"` should yield different results before/after this patch. Before, shutdown will fail, resulting in "[31508:Main Thread]: E/pipnss NSS SHUTDOWN FAILURE". With this patch, shutdown will (should) succeed, resulting in "[30853:Main Thread]: D/pipnss NSS shutdown =====>> OK <<====="
Comment on attachment 8943044 [details]
bug 1430906 - don't hold around a test key forever in mozilla::pkix gtests r?jcj,franziskus

Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision.

https://phabricator.services.mozilla.com/D404#9753
Attachment #8943044 - Flags: review+
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1932a56bc060
don't hold around a test key forever in mozilla::pkix gtests r=franziskus
Thanks for the reviews!
https://hg.mozilla.org/mozilla-central/rev/1932a56bc060
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in before you can comment on or make changes to this bug.