diff --git a/automation/taskcluster/graph/src/extend.js b/automation/taskcluster/graph/src/extend.js index 90271c9244..ce4e91ae97 100644 --- a/automation/taskcluster/graph/src/extend.js +++ b/automation/taskcluster/graph/src/extend.js @@ -125,7 +125,6 @@ export default async function main() { "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh -g -v --ubsan --asan" ], env: { - ASAN_OPTIONS: "detect_odr_violation=0", // bug 1316276 UBSAN_OPTIONS: "print_stacktrace=1", NSS_DISABLE_ARENA_FREE_LIST: "1", NSS_DISABLE_UNLOAD: "1", @@ -272,8 +271,7 @@ async function scheduleLinux(name, base) { async function scheduleFuzzing() { let base = { env: { - // bug 1316276 - ASAN_OPTIONS: "allocator_may_return_null=1:detect_odr_violation=0", + ASAN_OPTIONS: "allocator_may_return_null=1", UBSAN_OPTIONS: "print_stacktrace=1", NSS_DISABLE_ARENA_FREE_LIST: "1", NSS_DISABLE_UNLOAD: "1", @@ -334,8 +332,10 @@ async function scheduleFuzzing() { "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " + "quickder nss/fuzz/corpus/quickder -max_total_time=300" ], - // Need a privileged docker container to remove this. - env: {ASAN_OPTIONS: "detect_leaks=0"}, + // Need a privileged docker container to remove detect_leaks=0. + env: { + ASAN_OPTIONS: "allocator_may_return_null=1:detect_leaks=0", + }, symbol: "QuickDER", kind: "test" })); diff --git a/cmd/mpitests/mpitests.gyp b/cmd/mpitests/mpitests.gyp index 270b63ab84..e594e17b36 100644 --- a/cmd/mpitests/mpitests.gyp +++ b/cmd/mpitests/mpitests.gyp @@ -14,7 +14,16 @@ 'mpi-test.c', ], 'dependencies': [ - '<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)', + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/lib/util/util.gyp:nssutil3', + '<(DEPTH)/lib/nss/nss.gyp:nss_static', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', + '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', + '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', + '<(DEPTH)/lib/certdb/certdb.gyp:certdb', + '<(DEPTH)/lib/base/base.gyp:nssb', + '<(DEPTH)/lib/dev/dev.gyp:nssdev', + '<(DEPTH)/lib/pki/pki.gyp:nsspki', ] } ], diff --git a/coreconf/config.gypi b/coreconf/config.gypi index 63722d5b82..bd7f1da3cf 100644 --- a/coreconf/config.gypi +++ b/coreconf/config.gypi @@ -152,7 +152,7 @@ 'product_dir': '<(nss_dist_obj_dir)/lib' }], # mapfile handling - [ 'test_build==0 and mapfile!=""', { + [ 'mapfile!=""', { # Work around a gyp bug. Fixed upstream but not in Ubuntu packages: # https://chromium.googlesource.com/external/gyp/+/b85ad3e578da830377dbc1843aa4fbc5af17a192%5E%21/ 'sources': [ @@ -360,6 +360,11 @@ 'cflags': [ '-Wno-unused-function', ], + 'xcode_settings': { + 'OTHER_CFLAGS': [ + '-Wno-unused-function', + ], + }, }], [ 'sanitizer_flags!=0', { 'cflags': ['<@(sanitizer_flags)'], diff --git a/coreconf/fuzz.sh b/coreconf/fuzz.sh index 73b0d9f463..2eefc114cb 100644 --- a/coreconf/fuzz.sh +++ b/coreconf/fuzz.sh @@ -15,7 +15,7 @@ if [ -z "$CC" ]; then export CXX=clang++ fi -gyp_params+=(-Dtest_build=1 -Dfuzz=1) +gyp_params+=(-Dtest_build=1 -Dfuzz=1 -Dsign_libs=0) # Add debug symbols even for opt builds. nspr_params+=(--enable-debug-symbols) diff --git a/fuzz/fuzz.gyp b/fuzz/fuzz.gyp index 94dac8b3ff..1ccc9df8f9 100644 --- a/fuzz/fuzz.gyp +++ b/fuzz/fuzz.gyp @@ -37,8 +37,9 @@ '<(DEPTH)/lib/pki/pki.gyp:nsspki', '<(DEPTH)/lib/util/util.gyp:nssutil', '<(DEPTH)/lib/nss/nss.gyp:nss_static', - '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap', '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7', + # This is a static build of pk11wrap, softoken, and freebl. + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', ], 'conditions': [ ['use_fuzzing_engine==0', { diff --git a/fuzz/shared.h b/fuzz/shared.h index 1420580696..bfa4e8f527 100644 --- a/fuzz/shared.h +++ b/fuzz/shared.h @@ -13,8 +13,8 @@ class NSSDatabase { public: - NSSDatabase() { NSS_NoDB_Init(nullptr); } - ~NSSDatabase() { NSS_Shutdown(); } + NSSDatabase() { assert(NSS_NoDB_Init(nullptr) == SECSuccess); } + ~NSSDatabase() { assert(NSS_Shutdown() == SECSuccess); } }; size_t CustomMutate(std::vector mutators, diff --git a/gtests/der_gtest/der_gtest.gyp b/gtests/der_gtest/der_gtest.gyp index 95e14e4449..39801aeb58 100644 --- a/gtests/der_gtest/der_gtest.gyp +++ b/gtests/der_gtest/der_gtest.gyp @@ -18,6 +18,9 @@ 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', + '<(DEPTH)/lib/util/util.gyp:nssutil3', + '<(DEPTH)/lib/ssl/ssl.gyp:ssl3', + '<(DEPTH)/lib/nss/nss.gyp:nss3', ] } ], diff --git a/gtests/freebl_gtest/freebl_gtest.gyp b/gtests/freebl_gtest/freebl_gtest.gyp index bda3806860..a697ea410a 100644 --- a/gtests/freebl_gtest/freebl_gtest.gyp +++ b/gtests/freebl_gtest/freebl_gtest.gyp @@ -16,8 +16,17 @@ ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', - '<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)', + '<(DEPTH)/lib/util/util.gyp:nssutil3', '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', + '<(DEPTH)/lib/nss/nss.gyp:nss_static', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', + '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', + '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', + '<(DEPTH)/lib/certdb/certdb.gyp:certdb', + '<(DEPTH)/lib/base/base.gyp:nssb', + '<(DEPTH)/lib/dev/dev.gyp:nssdev', + '<(DEPTH)/lib/pki/pki.gyp:nsspki', + '<(DEPTH)/lib/ssl/ssl.gyp:ssl', ], 'conditions': [ [ 'ct_verif==1', { diff --git a/gtests/google_test/google_test.gyp b/gtests/google_test/google_test.gyp index e309ba25a7..d23de2ab6e 100644 --- a/gtests/google_test/google_test.gyp +++ b/gtests/google_test/google_test.gyp @@ -13,39 +13,7 @@ 'sources': [ 'gtest/src/gtest-all.cc' ], - 'dependencies': [ - '<(DEPTH)/lib/nss/nss.gyp:nss3', - '<(DEPTH)/lib/util/util.gyp:nssutil3', - '<(DEPTH)/lib/smime/smime.gyp:smime3', - '<(DEPTH)/lib/ssl/ssl.gyp:ssl3', - '<(DEPTH)/cmd/lib/lib.gyp:sectool' - ] }, - { - 'target_name': 'gtest1', - 'type': 'shared_library', - 'dependencies': [ - 'gtest' - ], - # Work around a gyp bug. Fixed upstream in gyp: - # https://chromium.googlesource.com/external/gyp/+/93cc6e2c23e4d5ebd179f388e67aa907d0dfd43d - 'conditions': [ - ['OS!="win"', { - 'libraries': [ - '-lstdc++', - ], - }], - ], - # For some reason when just linking static libraries into - # a DLL the link fails without this. - 'msvs_settings': { - 'VCLinkerTool': { - 'AdditionalDependencies': [ - '/DEFAULTLIB:MSVCRT', - ], - }, - }, - } ], 'target_defaults': { 'include_dirs': [ diff --git a/gtests/pk11_gtest/pk11_gtest.gyp b/gtests/pk11_gtest/pk11_gtest.gyp index 09bce728d7..40d52a6a22 100644 --- a/gtests/pk11_gtest/pk11_gtest.gyp +++ b/gtests/pk11_gtest/pk11_gtest.gyp @@ -21,9 +21,29 @@ ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', - '<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)', + '<(DEPTH)/lib/util/util.gyp:nssutil3', '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', ], + 'conditions': [ + [ 'test_build==1', { + 'dependencies': [ + '<(DEPTH)/lib/nss/nss.gyp:nss_static', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', + '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', + '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', + '<(DEPTH)/lib/certdb/certdb.gyp:certdb', + '<(DEPTH)/lib/base/base.gyp:nssb', + '<(DEPTH)/lib/dev/dev.gyp:nssdev', + '<(DEPTH)/lib/pki/pki.gyp:nsspki', + '<(DEPTH)/lib/ssl/ssl.gyp:ssl', + ], + }, { + 'dependencies': [ + '<(DEPTH)/lib/nss/nss.gyp:nss3', + '<(DEPTH)/lib/ssl/ssl.gyp:ssl3', + ], + }], + ], } ], 'target_defaults': { diff --git a/gtests/ssl_gtest/ssl_gtest.gyp b/gtests/ssl_gtest/ssl_gtest.gyp index a4b7e64acf..818faf66ee 100644 --- a/gtests/ssl_gtest/ssl_gtest.gyp +++ b/gtests/ssl_gtest/ssl_gtest.gyp @@ -47,27 +47,33 @@ 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/lib/util/util.gyp:nssutil3', - '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3', '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', - '<(DEPTH)/lib/softoken/softoken.gyp:softokn', '<(DEPTH)/lib/smime/smime.gyp:smime', '<(DEPTH)/lib/ssl/ssl.gyp:ssl', '<(DEPTH)/lib/nss/nss.gyp:nss_static', - '<(DEPTH)/cmd/lib/lib.gyp:sectool', '<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12', '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7', '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', - '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap', - '<(DEPTH)/lib/softoken/softoken.gyp:softokn', '<(DEPTH)/lib/certdb/certdb.gyp:certdb', '<(DEPTH)/lib/pki/pki.gyp:nsspki', '<(DEPTH)/lib/dev/dev.gyp:nssdev', '<(DEPTH)/lib/base/base.gyp:nssb', - '<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)', '<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib' ], 'conditions': [ + [ 'test_build==1', { + 'dependencies': [ + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', + ], + }, { + 'dependencies': [ + '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap', + '<(DEPTH)/lib/softoken/softoken.gyp:softokn', + '<(DEPTH)/lib/freebl/freebl.gyp:freebl', + ], + }], [ 'disable_dbm==0', { 'dependencies': [ '<(DEPTH)/lib/dbm/src/src.gyp:dbm', @@ -103,6 +109,5 @@ }, 'variables': { 'module': 'nss', - 'use_static_libs': 1, } } diff --git a/gtests/util_gtest/util_gtest.gyp b/gtests/util_gtest/util_gtest.gyp index 9ad5cc6f65..ee08bd67d7 100644 --- a/gtests/util_gtest/util_gtest.gyp +++ b/gtests/util_gtest/util_gtest.gyp @@ -18,6 +18,15 @@ '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/gtests/google_test/google_test.gyp:gtest', '<(DEPTH)/lib/util/util.gyp:nssutil', + '<(DEPTH)/lib/nss/nss.gyp:nss_static', + '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', + '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi', + '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi', + '<(DEPTH)/lib/certdb/certdb.gyp:certdb', + '<(DEPTH)/lib/base/base.gyp:nssb', + '<(DEPTH)/lib/dev/dev.gyp:nssdev', + '<(DEPTH)/lib/pki/pki.gyp:nsspki', + '<(DEPTH)/lib/ssl/ssl.gyp:ssl', ] } ], diff --git a/lib/freebl/freebl.gyp b/lib/freebl/freebl.gyp index 4afc649354..b8166ccf3a 100644 --- a/lib/freebl/freebl.gyp +++ b/lib/freebl/freebl.gyp @@ -32,125 +32,55 @@ '<(DEPTH)/exports.gyp:nss_exports' ] }, + # For test builds, build a static freebl library so we can statically + # link it into the test build binary. This way we don't have to + # dlopen() the shared lib but can directly call freebl functions. { - 'target_name': '<(freebl_name)', - 'type': 'shared_library', - 'sources': [ - 'aeskeywrap.c', - 'alg2268.c', - 'alghmac.c', - 'arcfive.c', - 'arcfour.c', - 'camellia.c', - 'chacha20poly1305.c', - 'ctr.c', - 'cts.c', - 'des.c', - 'desblapi.c', - 'dh.c', - 'drbg.c', - 'dsa.c', - 'ec.c', - 'ecdecode.c', - 'ecl/ec_naf.c', - 'ecl/ecl.c', - 'ecl/ecl_curve.c', - 'ecl/ecl_gf.c', - 'ecl/ecl_mult.c', - 'ecl/ecp_25519.c', - 'ecl/ecp_256.c', - 'ecl/ecp_256_32.c', - 'ecl/ecp_384.c', - 'ecl/ecp_521.c', - 'ecl/ecp_aff.c', - 'ecl/ecp_jac.c', - 'ecl/ecp_jm.c', - 'ecl/ecp_mont.c', - 'fipsfreebl.c', - 'freeblver.c', - 'gcm.c', - 'hmacct.c', - 'jpake.c', - 'ldvector.c', - 'md2.c', - 'md5.c', - 'mpi/mp_gf2m.c', - 'mpi/mpcpucache.c', - 'mpi/mpi.c', - 'mpi/mplogic.c', - 'mpi/mpmontg.c', - 'mpi/mpprime.c', - 'pqg.c', - 'rawhash.c', - 'rijndael.c', - 'rsa.c', - 'rsapkcs.c', - 'seed.c', - 'sha512.c', - 'sha_fast.c', - 'shvfy.c', - 'sysrand.c', - 'tlsprfalg.c' + 'target_name': 'freebl_static', + 'type': 'static_library', + 'includes': [ + 'freebl_base.gypi', + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', ], 'conditions': [ [ 'OS=="linux"', { - 'sources': [ - 'nsslowhash.c', - 'stubs.c', + 'defines!': [ + 'FREEBL_NO_DEPEND', + 'FREEBL_LOWHASH', + 'USE_HW_AES', + 'INTEL_GCM', ], - 'conditions': [ - [ 'test_build==1', { - 'dependencies': [ - '<(DEPTH)/lib/util/util.gyp:nssutil3', - ], - }], - ] - }], - [ 'OS=="linux" or OS=="android"', { 'conditions': [ [ 'target_arch=="x64"', { - 'sources': [ - 'arcfour-amd64-gas.s', + # The AES assembler code doesn't work in static test builds. + # The linker complains about non-relocatable code, and I + # currently don't know how to fix this properly. + 'sources!': [ 'intel-aes.s', 'intel-gcm.s', - 'mpi/mpi_amd64.c', - 'mpi/mpi_amd64_gas.s', - 'mpi/mp_comba.c', - ], - 'dependencies': [ - 'intel-gcm-wrap_c_lib', - ], - 'conditions': [ - [ 'cc_is_clang==1', { - 'cflags': [ - '-no-integrated-as', - ], - 'cflags_mozilla': [ - '-no-integrated-as', - ], - 'asflags_mozilla': [ - '-no-integrated-as', - ], - }], - ], - }], - [ 'target_arch=="ia32"', { - 'sources': [ - 'mpi/mpi_x86.s', - ], - }], - [ 'target_arch=="arm"', { - 'sources': [ - 'mpi/mpi_arm.c', ], }], ], - }, { - # not Linux or Android + }], + ], + }, + { + 'target_name': '<(freebl_name)', + 'type': 'shared_library', + 'includes': [ + 'freebl_base.gypi', + ], + 'dependencies': [ + '<(DEPTH)/exports.gyp:nss_exports', + ], + 'conditions': [ + [ 'OS!="linux" and OS!="android"', { 'conditions': [ [ 'moz_fold_libs==0', { 'dependencies': [ - '../util/util.gyp:nssutil3', + '<(DEPTH)/lib/util/util.gyp:nssutil3', ], }, { 'libraries': [ @@ -158,105 +88,23 @@ ], }], ], - }], - [ 'OS=="win"', { - 'sources': [ - #TODO: building with mingw should not need this. - 'ecl/uint128.c', - ], - 'libraries': [ - 'advapi32.lib', - ], - 'conditions': [ - [ 'target_arch=="x64"', { - 'sources': [ - 'arcfour-amd64-masm.asm', - 'mpi/mpi_amd64.c', - 'mpi/mpi_amd64_masm.asm', - 'mpi/mp_comba_amd64_masm.asm', - 'intel-aes-x64-masm.asm', - 'intel-gcm-x64-masm.asm', - ], - }, { - # not x64 - 'sources': [ - 'mpi/mpi_x86_asm.c', - 'intel-aes-x86-masm.asm', - 'intel-gcm-x86-masm.asm', - ], - }], - [ 'cc_is_clang==1', { - 'dependencies': [ - 'intel-gcm-wrap_c_lib', - ], - }, { - # MSVC - 'sources': [ - 'intel-gcm-wrap.c', - ], - }], - ], - }], - ['target_arch=="ia32" or target_arch=="x64"', { - 'sources': [ - # All intel architectures get the 64 bit version - 'ecl/curve25519_64.c', - ], - }, { - 'sources': [ - # All non intel architectures get the generic 32 bit implementation (slow!) - 'ecl/curve25519_32.c', + }, 'target_arch=="x64"', { + 'dependencies': [ + 'intel-gcm-wrap_c_lib', ], }], - #TODO uint128.c - [ 'disable_chachapoly==0', { - 'conditions': [ - [ 'OS!="win" and target_arch=="x64"', { - 'sources': [ - 'chacha20_vec.c', - 'poly1305-donna-x64-sse2-incremental-source.c', - ], - }, { - # not x64 - 'sources': [ - 'chacha20.c', - 'poly1305.c', - ], - }], + [ 'OS=="win" and cc_is_clang==1', { + 'dependencies': [ + 'intel-gcm-wrap_c_lib', ], }], - [ 'fuzz_tls==1', { + [ 'OS=="linux"', { 'sources': [ - 'det_rng.c', - ], - 'defines': [ - 'UNSAFE_FUZZER_MODE', - ], - }], - [ 'ct_verif==1', { - 'defines': [ - 'CT_VERIF', - ], - }], - [ 'OS=="mac"', { - 'conditions': [ - [ 'target_arch=="ia32"', { - 'sources': [ - 'mpi/mpi_sse2.s', - ], - 'defines': [ - 'MP_USE_UINT_DIGIT', - 'MP_ASSEMBLY_MULTIPLY', - 'MP_ASSEMBLY_SQUARE', - 'MP_ASSEMBLY_DIV_2DX1D', - ], - }], + 'nsslowhash.c', + 'stubs.c', ], }], ], - 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports', - ], 'variables': { 'conditions': [ [ 'OS=="linux"', { @@ -266,9 +114,6 @@ }], ] }, - 'ldflags': [ - '-Wl,-Bsymbolic' - ] }, ], 'conditions': [ @@ -371,13 +216,7 @@ [ 'OS=="linux"', { 'defines': [ 'FREEBL_LOWHASH', - ], - 'conditions': [ - [ 'test_build==0', { - 'defines': [ - 'FREEBL_NO_DEPEND', - ], - }], + 'FREEBL_NO_DEPEND', ], }], [ 'OS=="linux" or OS=="android"', { diff --git a/lib/freebl/freebl_base.gypi b/lib/freebl/freebl_base.gypi new file mode 100644 index 0000000000..a2cf809ad5 --- /dev/null +++ b/lib/freebl/freebl_base.gypi @@ -0,0 +1,194 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +{ + 'sources': [ + 'aeskeywrap.c', + 'alg2268.c', + 'alghmac.c', + 'arcfive.c', + 'arcfour.c', + 'camellia.c', + 'chacha20poly1305.c', + 'ctr.c', + 'cts.c', + 'des.c', + 'desblapi.c', + 'dh.c', + 'drbg.c', + 'dsa.c', + 'ec.c', + 'ecdecode.c', + 'ecl/ec_naf.c', + 'ecl/ecl.c', + 'ecl/ecl_curve.c', + 'ecl/ecl_gf.c', + 'ecl/ecl_mult.c', + 'ecl/ecp_25519.c', + 'ecl/ecp_256.c', + 'ecl/ecp_256_32.c', + 'ecl/ecp_384.c', + 'ecl/ecp_521.c', + 'ecl/ecp_aff.c', + 'ecl/ecp_jac.c', + 'ecl/ecp_jm.c', + 'ecl/ecp_mont.c', + 'fipsfreebl.c', + 'freeblver.c', + 'gcm.c', + 'hmacct.c', + 'jpake.c', + 'ldvector.c', + 'md2.c', + 'md5.c', + 'mpi/mp_gf2m.c', + 'mpi/mpcpucache.c', + 'mpi/mpi.c', + 'mpi/mplogic.c', + 'mpi/mpmontg.c', + 'mpi/mpprime.c', + 'pqg.c', + 'rawhash.c', + 'rijndael.c', + 'rsa.c', + 'rsapkcs.c', + 'seed.c', + 'sha512.c', + 'sha_fast.c', + 'shvfy.c', + 'sysrand.c', + 'tlsprfalg.c' + ], + 'conditions': [ + [ 'OS=="linux" or OS=="android"', { + 'conditions': [ + [ 'target_arch=="x64"', { + 'sources': [ + 'arcfour-amd64-gas.s', + 'intel-aes.s', + 'intel-gcm.s', + 'mpi/mpi_amd64.c', + 'mpi/mpi_amd64_gas.s', + 'mpi/mp_comba.c', + ], + 'conditions': [ + [ 'cc_is_clang==1', { + 'cflags': [ + '-no-integrated-as', + ], + 'cflags_mozilla': [ + '-no-integrated-as', + ], + 'asflags_mozilla': [ + '-no-integrated-as', + ], + }], + ], + }], + [ 'target_arch=="ia32"', { + 'sources': [ + 'mpi/mpi_x86.s', + ], + }], + [ 'target_arch=="arm"', { + 'sources': [ + 'mpi/mpi_arm.c', + ], + }], + ], + }], + [ 'OS=="win"', { + 'sources': [ + #TODO: building with mingw should not need this. + 'ecl/uint128.c', + ], + 'libraries': [ + 'advapi32.lib', + ], + 'conditions': [ + [ 'target_arch=="x64"', { + 'sources': [ + 'arcfour-amd64-masm.asm', + 'mpi/mpi_amd64.c', + 'mpi/mpi_amd64_masm.asm', + 'mpi/mp_comba_amd64_masm.asm', + 'intel-aes-x64-masm.asm', + 'intel-gcm-x64-masm.asm', + ], + }, { + # not x64 + 'sources': [ + 'mpi/mpi_x86_asm.c', + 'intel-aes-x86-masm.asm', + 'intel-gcm-x86-masm.asm', + ], + }], + [ 'cc_is_clang!=1', { + # MSVC + 'sources': [ + 'intel-gcm-wrap.c', + ], + }], + ], + }], + ['target_arch=="ia32" or target_arch=="x64"', { + 'sources': [ + # All intel architectures get the 64 bit version + 'ecl/curve25519_64.c', + ], + }, { + 'sources': [ + # All non intel architectures get the generic 32 bit implementation (slow!) + 'ecl/curve25519_32.c', + ], + }], + #TODO uint128.c + [ 'disable_chachapoly==0', { + 'conditions': [ + [ 'OS!="win" and target_arch=="x64"', { + 'sources': [ + 'chacha20_vec.c', + 'poly1305-donna-x64-sse2-incremental-source.c', + ], + }, { + # not x64 + 'sources': [ + 'chacha20.c', + 'poly1305.c', + ], + }], + ], + }], + [ 'fuzz_tls==1', { + 'sources': [ + 'det_rng.c', + ], + 'defines': [ + 'UNSAFE_FUZZER_MODE', + ], + }], + [ 'ct_verif==1', { + 'defines': [ + 'CT_VERIF', + ], + }], + [ 'OS=="mac"', { + 'conditions': [ + [ 'target_arch=="ia32"', { + 'sources': [ + 'mpi/mpi_sse2.s', + ], + 'defines': [ + 'MP_USE_UINT_DIGIT', + 'MP_ASSEMBLY_MULTIPLY', + 'MP_ASSEMBLY_SQUARE', + 'MP_ASSEMBLY_DIV_2DX1D', + ], + }], + ], + }], + ], + 'ldflags': [ + '-Wl,-Bsymbolic' + ], +} diff --git a/lib/pk11wrap/pk11load.c b/lib/pk11wrap/pk11load.c index f12d0fd4fe..91339fad8f 100644 --- a/lib/pk11wrap/pk11load.c +++ b/lib/pk11wrap/pk11load.c @@ -17,6 +17,10 @@ #include "secerr.h" #include "prenv.h" #include "utilparst.h" +#include "prio.h" +#include "prprf.h" +#include +#include "prsystem.h" #define DEBUG_MODULE 1 @@ -350,6 +354,7 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, SECMODModule *mod) } } +#ifndef NSS_TEST_BUILD static const char *my_shlib_name = SHLIB_PREFIX "nss" SHLIB_VERSION "." SHLIB_SUFFIX; static const char *softoken_shlib_name = @@ -359,11 +364,6 @@ static PRCallOnceType loadSoftokenOnce; static PRLibrary *softokenLib; static PRInt32 softokenLoadCount; -#include "prio.h" -#include "prprf.h" -#include -#include "prsystem.h" - /* This function must be run only once. */ /* determine if hybrid platform, then actually load the DSO. */ static PRStatus @@ -380,6 +380,10 @@ softoken_LoadDSO(void) } return PR_FAILURE; } +#else +CK_RV NSC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList); +char **NSC_ModuleDBFunc(unsigned long function, char *parameters, void *args); +#endif /* * load a new module into our address space and initialize it. @@ -398,8 +402,11 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) if (mod->loaded) return SECSuccess; - /* intenal modules get loaded from their internal list */ + /* internal modules get loaded from their internal list */ if (mod->internal && (mod->dllName == NULL)) { +#ifdef NSS_TEST_BUILD + entry = (CK_C_GetFunctionList)NSC_GetFunctionList; +#else /* * Loads softoken as a dynamic library, * even though the rest of NSS assumes this as the "internal" module. @@ -420,10 +427,15 @@ secmod_LoadPKCS11Module(SECMODModule *mod, SECMODModule **oldModule) if (!entry) return SECFailure; +#endif if (mod->isModuleDB) { mod->moduleDBFunc = (CK_C_GetFunctionList) +#ifdef NSS_TEST_BUILD + NSC_ModuleDBFunc; +#else PR_FindSymbol(softokenLib, "NSC_ModuleDBFunc"); +#endif } if (mod->moduleDBOnly) { @@ -601,6 +613,7 @@ SECMOD_UnloadModule(SECMODModule *mod) * if not, we should change this to SECFailure and move it above the * mod->loaded = PR_FALSE; */ if (mod->internal && (mod->dllName == NULL)) { +#ifndef NSS_TEST_BUILD if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) { if (softokenLib) { disableUnload = PR_GetEnvSecure("NSS_DISABLE_UNLOAD"); @@ -616,6 +629,7 @@ SECMOD_UnloadModule(SECMODModule *mod) } loadSoftokenOnce = pristineCallOnce; } +#endif return SECSuccess; } diff --git a/lib/pk11wrap/pk11wrap.gyp b/lib/pk11wrap/pk11wrap.gyp index 2af27a0521..35fdacef9c 100644 --- a/lib/pk11wrap/pk11wrap.gyp +++ b/lib/pk11wrap/pk11wrap.gyp @@ -7,35 +7,54 @@ ], 'targets': [ { - 'target_name': 'pk11wrap', + 'target_name': 'pk11wrap_static', 'type': 'static_library', - 'sources': [ - 'dev3hack.c', - 'pk11akey.c', - 'pk11auth.c', - 'pk11cert.c', - 'pk11cxt.c', - 'pk11err.c', - 'pk11kea.c', - 'pk11list.c', - 'pk11load.c', - 'pk11mech.c', - 'pk11merge.c', - 'pk11nobj.c', - 'pk11obj.c', - 'pk11pars.c', - 'pk11pbe.c', - 'pk11pk12.c', - 'pk11pqg.c', - 'pk11sdr.c', - 'pk11skey.c', - 'pk11slot.c', - 'pk11util.c' + 'defines': [ + 'NSS_TEST_BUILD', + ], + 'dependencies': [ + 'pk11wrap_base', + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/lib/softoken/softoken.gyp:softokn_static', ], + }, + { + 'target_name': 'pk11wrap', + 'type': 'static_library', 'dependencies': [ - '<(DEPTH)/exports.gyp:nss_exports' - ] - } + 'pk11wrap_base', + '<(DEPTH)/exports.gyp:nss_exports', + ], + }, + { + 'target_name': 'pk11wrap_base', + 'type': 'none', + 'direct_dependent_settings': { + 'sources': [ + 'dev3hack.c', + 'pk11akey.c', + 'pk11auth.c', + 'pk11cert.c', + 'pk11cxt.c', + 'pk11err.c', + 'pk11kea.c', + 'pk11list.c', + 'pk11load.c', + 'pk11mech.c', + 'pk11merge.c', + 'pk11nobj.c', + 'pk11obj.c', + 'pk11pars.c', + 'pk11pbe.c', + 'pk11pk12.c', + 'pk11pqg.c', + 'pk11sdr.c', + 'pk11skey.c', + 'pk11slot.c', + 'pk11util.c' + ], + }, + }, ], 'target_defaults': { 'defines': [ @@ -48,4 +67,4 @@ 'variables': { 'module': 'nss' } -} \ No newline at end of file +} diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c index 114c9d84f9..6148790f08 100644 --- a/lib/softoken/pkcs11.c +++ b/lib/softoken/pkcs11.c @@ -3149,9 +3149,11 @@ nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS) * this call doesn't force freebl to be reloaded. */ BL_SetForkState(PR_FALSE); +#ifndef NSS_TEST_BUILD /* unload freeBL shared library from memory. This may only decrement the * OS refcount if it's been loaded multiple times, eg. by libssl */ BL_Unload(); +#endif /* clean up the default OID table */ SECOID_Shutdown(); diff --git a/lib/softoken/softoken.gyp b/lib/softoken/softoken.gyp index 8d72e60c5e..f32bacf4b0 100644 --- a/lib/softoken/softoken.gyp +++ b/lib/softoken/softoken.gyp @@ -7,34 +7,64 @@ ], 'targets': [ { - 'target_name': 'softokn', + 'target_name': 'softokn_static', 'type': 'static_library', - 'sources': [ - 'fipsaudt.c', - 'fipstest.c', - 'fipstokn.c', - 'jpakesftk.c', - 'lgglue.c', - 'lowkey.c', - 'lowpbe.c', - 'padbuf.c', - 'pkcs11.c', - 'pkcs11c.c', - 'pkcs11u.c', - 'sdb.c', - 'sftkdb.c', - 'sftkhmac.c', - 'sftkpars.c', - 'sftkpwd.c', - 'softkver.c', - 'tlsprf.c' + 'defines': [ + 'NSS_TEST_BUILD', + ], + 'dependencies': [ + 'softokn_base', + '<(DEPTH)/exports.gyp:nss_exports', + '<(DEPTH)/lib/freebl/freebl.gyp:freebl_static', + ], + 'conditions': [ + [ 'use_system_sqlite==1', { + 'dependencies': [ + '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3', + ], + }, { + 'dependencies': [ + '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite', + ], + }], ], + }, + { + 'target_name': 'softokn', + 'type': 'static_library', 'dependencies': [ + 'softokn_base', '<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3', '<(DEPTH)/lib/freebl/freebl.gyp:freebl', ] }, + { + 'target_name': 'softokn_base', + 'type': 'none', + 'direct_dependent_settings': { + 'sources': [ + 'fipsaudt.c', + 'fipstest.c', + 'fipstokn.c', + 'jpakesftk.c', + 'lgglue.c', + 'lowkey.c', + 'lowpbe.c', + 'padbuf.c', + 'pkcs11.c', + 'pkcs11c.c', + 'pkcs11u.c', + 'sdb.c', + 'sftkdb.c', + 'sftkhmac.c', + 'sftkpars.c', + 'sftkpwd.c', + 'softkver.c', + 'tlsprf.c' + ], + }, + }, { 'target_name': 'softokn3', 'type': 'shared_library', diff --git a/lib/ssl/ssl.gyp b/lib/ssl/ssl.gyp index 0cdb7f16c7..31f40059a1 100644 --- a/lib/ssl/ssl.gyp +++ b/lib/ssl/ssl.gyp @@ -76,7 +76,6 @@ ], 'dependencies': [ '<(DEPTH)/exports.gyp:nss_exports', - '<(DEPTH)/lib/freebl/freebl.gyp:freebl', ], }, { @@ -86,6 +85,7 @@ 'ssl', '<(DEPTH)/lib/nss/nss.gyp:nss3', '<(DEPTH)/lib/util/util.gyp:nssutil3', + '<(DEPTH)/lib/freebl/freebl.gyp:freebl', ], 'variables': { 'mapfile': 'ssl.def' diff --git a/nss.gyp b/nss.gyp index 52fcf5c5f9..3d9efc60b1 100644 --- a/nss.gyp +++ b/nss.gyp @@ -177,7 +177,6 @@ 'cmd/tstclnt/tstclnt.gyp:tstclnt', 'cmd/vfychain/vfychain.gyp:vfychain', 'cmd/vfyserv/vfyserv.gyp:vfyserv', - 'gtests/google_test/google_test.gyp:gtest1', 'gtests/der_gtest/der_gtest.gyp:der_gtest', 'gtests/pk11_gtest/pk11_gtest.gyp:pk11_gtest', 'gtests/ssl_gtest/ssl_gtest.gyp:ssl_gtest',