зеркало из https://github.com/mozilla/gecko-dev.git
Merge m-c to autoland, a=merge
MozReview-Commit-ID: 8QMHmu81oVt
This commit is contained in:
Коммит
bc7b598309
|
@ -63,9 +63,6 @@ pref("extensions.hotfix.certs.2.sha1Fingerprint", "39:E7:2B:7A:5B:CF:37:78:F9:5D
|
|||
// Check AUS for system add-on updates.
|
||||
pref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml");
|
||||
|
||||
// Disable screenshots for now, Shield will enable this.
|
||||
pref("extensions.screenshots.system-disabled", true);
|
||||
|
||||
// Disable add-ons that are not installed by the user in all scopes by default.
|
||||
// See the SCOPE constants in AddonManager.jsm for values to use here.
|
||||
pref("extensions.autoDisableScopes", 15);
|
||||
|
@ -870,6 +867,8 @@ pref("browser.sessionstore.debug", false);
|
|||
pref("browser.sessionstore.debug.no_auto_updates", false);
|
||||
// Forget closed windows/tabs after two weeks
|
||||
pref("browser.sessionstore.cleanup.forget_closed_after", 1209600000);
|
||||
// Maximum number of bytes of DOMSessionStorage data we collect per origin.
|
||||
pref("browser.sessionstore.dom_storage_limit", 2048);
|
||||
|
||||
// allow META refresh by default
|
||||
pref("accessibility.blockautorefresh", false);
|
||||
|
|
|
@ -15,6 +15,9 @@ Cu.import("resource://gre/modules/XPCOMUtils.jsm");
|
|||
XPCOMUtils.defineLazyModuleGetter(this, "console",
|
||||
"resource://gre/modules/Console.jsm");
|
||||
|
||||
// A bound to the size of data to store for DOM Storage.
|
||||
const DOM_STORAGE_LIMIT_PREF = "browser.sessionstore.dom_storage_limit";
|
||||
|
||||
// Returns the principal for a given |frame| contained in a given |docShell|.
|
||||
function getPrincipalForFrame(docShell, frame) {
|
||||
let ssm = Services.scriptSecurityManager;
|
||||
|
@ -179,14 +182,25 @@ var SessionStorageInternal = {
|
|||
storage = null;
|
||||
}
|
||||
|
||||
if (storage && storage.length) {
|
||||
for (let i = 0; i < storage.length; i++) {
|
||||
try {
|
||||
let key = storage.key(i);
|
||||
hostData[key] = storage.getItem(key);
|
||||
} catch (e) {
|
||||
// This currently throws for secured items (cf. bug 442048).
|
||||
}
|
||||
if (!storage || !storage.length) {
|
||||
return hostData;
|
||||
}
|
||||
|
||||
// If the DOMSessionStorage contains too much data, ignore it.
|
||||
let usage = window.QueryInterface(Ci.nsIInterfaceRequestor)
|
||||
.getInterface(Ci.nsIDOMWindowUtils)
|
||||
.getStorageUsage(storage);
|
||||
Services.telemetry.getHistogramById("FX_SESSION_RESTORE_DOM_STORAGE_SIZE_ESTIMATE_CHARS").add(usage);
|
||||
if (usage > Services.prefs.getIntPref(DOM_STORAGE_LIMIT_PREF)) {
|
||||
return hostData;
|
||||
}
|
||||
|
||||
for (let i = 0; i < storage.length; i++) {
|
||||
try {
|
||||
let key = storage.key(i);
|
||||
hostData[key] = storage.getItem(key);
|
||||
} catch (e) {
|
||||
// This currently throws for secured items (cf. bug 442048).
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ XPCOMUtils.defineLazyGetter(this, "gContentRestore",
|
|||
var gCurrentEpoch = 0;
|
||||
|
||||
// A bound to the size of data to store for DOM Storage.
|
||||
const DOM_STORAGE_MAX_CHARS = 10000000; // 10M characters
|
||||
const DOM_STORAGE_LIMIT_PREF = "browser.sessionstore.dom_storage_limit";
|
||||
|
||||
// This pref controls whether or not we send updates to the parent on a timeout
|
||||
// or not, and should only be used for tests or debugging.
|
||||
|
@ -580,37 +580,6 @@ var SessionStorageListener = {
|
|||
setTimeout(() => this.collect(), 0);
|
||||
},
|
||||
|
||||
// Before DOM Storage can be written to disk, it needs to be serialized
|
||||
// for sending across frames/processes, then again to be sent across
|
||||
// threads, then again to be put in a buffer for the disk. Each of these
|
||||
// serializations is an opportunity to OOM and (depending on the site of
|
||||
// the OOM), either crash, lose all data for the frame or lose all data
|
||||
// for the application.
|
||||
//
|
||||
// In order to avoid this, compute an estimate of the size of the
|
||||
// object, and block SessionStorage items that are too large. As
|
||||
// we also don't want to cause an OOM here, we use a quick and memory-
|
||||
// efficient approximation: we compute the total sum of string lengths
|
||||
// involved in this object.
|
||||
estimateStorageSize(collected) {
|
||||
if (!collected) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
let size = 0;
|
||||
for (let host of Object.keys(collected)) {
|
||||
size += host.length;
|
||||
let perHost = collected[host];
|
||||
for (let key of Object.keys(perHost)) {
|
||||
size += key.length;
|
||||
let perKey = perHost[key];
|
||||
size += perKey.length;
|
||||
}
|
||||
}
|
||||
|
||||
return size;
|
||||
},
|
||||
|
||||
// We don't want to send all the session storage data for all the frames
|
||||
// for every change. So if only a few value changed we send them over as
|
||||
// a "storagechange" event. If however for some reason before we send these
|
||||
|
@ -623,55 +592,56 @@ var SessionStorageListener = {
|
|||
},
|
||||
|
||||
collectFromEvent(event) {
|
||||
// TODO: we should take browser.sessionstore.dom_storage_limit into an account here.
|
||||
if (docShell) {
|
||||
let {url, key, newValue} = event;
|
||||
let uri = Services.io.newURI(url);
|
||||
let domain = uri.prePath;
|
||||
if (!this._changes) {
|
||||
this._changes = {};
|
||||
}
|
||||
if (!this._changes[domain]) {
|
||||
this._changes[domain] = {};
|
||||
}
|
||||
this._changes[domain][key] = newValue;
|
||||
|
||||
MessageQueue.push("storagechange", () => {
|
||||
let tmp = this._changes;
|
||||
// If there were multiple changes we send them merged.
|
||||
// First one will collect all the changes the rest of
|
||||
// these messages will be ignored.
|
||||
this.resetChanges();
|
||||
return tmp;
|
||||
});
|
||||
if (!docShell) {
|
||||
return;
|
||||
}
|
||||
|
||||
// How much data does DOMSessionStorage contain?
|
||||
let usage = content.QueryInterface(Ci.nsIInterfaceRequestor)
|
||||
.getInterface(Ci.nsIDOMWindowUtils)
|
||||
.getStorageUsage(event.storageArea);
|
||||
Services.telemetry.getHistogramById("FX_SESSION_RESTORE_DOM_STORAGE_SIZE_ESTIMATE_CHARS").add(usage);
|
||||
|
||||
// Don't store any data if we exceed the limit. Wipe any data we previously
|
||||
// collected so that we don't confuse websites with partial state.
|
||||
if (usage > Preferences.get(DOM_STORAGE_LIMIT_PREF)) {
|
||||
MessageQueue.push("storage", () => null);
|
||||
return;
|
||||
}
|
||||
|
||||
let {url, key, newValue} = event;
|
||||
let uri = Services.io.newURI(url);
|
||||
let domain = uri.prePath;
|
||||
if (!this._changes) {
|
||||
this._changes = {};
|
||||
}
|
||||
if (!this._changes[domain]) {
|
||||
this._changes[domain] = {};
|
||||
}
|
||||
this._changes[domain][key] = newValue;
|
||||
|
||||
MessageQueue.push("storagechange", () => {
|
||||
let tmp = this._changes;
|
||||
// If there were multiple changes we send them merged.
|
||||
// First one will collect all the changes the rest of
|
||||
// these messages will be ignored.
|
||||
this.resetChanges();
|
||||
return tmp;
|
||||
});
|
||||
},
|
||||
|
||||
collect() {
|
||||
if (docShell) {
|
||||
// We need the entire session storage, let's reset the pending individual change
|
||||
// messages.
|
||||
this.resetChanges();
|
||||
MessageQueue.push("storage", () => {
|
||||
let collected = SessionStorage.collect(docShell, gFrameTree);
|
||||
|
||||
if (collected == null) {
|
||||
return collected;
|
||||
}
|
||||
|
||||
let size = this.estimateStorageSize(collected);
|
||||
Services.telemetry.getHistogramById("FX_SESSION_RESTORE_DOM_STORAGE_SIZE_ESTIMATE_CHARS").add(size);
|
||||
|
||||
if (size > Preferences.get("browser.sessionstore.dom_storage_limit", DOM_STORAGE_MAX_CHARS)) {
|
||||
// Rather than keeping the old storage, which wouldn't match the rest
|
||||
// of the state of the page, empty the storage. DOM storage will be
|
||||
// recollected the next time and stored if it is now small enough.
|
||||
return {};
|
||||
}
|
||||
|
||||
return collected;
|
||||
});
|
||||
if (!docShell) {
|
||||
return;
|
||||
}
|
||||
|
||||
// We need the entire session storage, let's reset the pending individual change
|
||||
// messages.
|
||||
this.resetChanges();
|
||||
|
||||
MessageQueue.push("storage", () => {
|
||||
return SessionStorage.collect(docShell, gFrameTree);
|
||||
});
|
||||
},
|
||||
|
||||
onFrameTreeCollected() {
|
||||
|
|
|
@ -27,7 +27,7 @@ add_task(function* test_telemetry() {
|
|||
// There is no good way to make sure that the parent received the histogram entries from the child processes.
|
||||
// Let's stick to the ugly, spinning the event loop until we have a good approach (Bug 1357509).
|
||||
yield BrowserTestUtils.waitForCondition(() => {
|
||||
return histogram.snapshot().counts[5] > snap1.counts[5];
|
||||
return histogram.snapshot().counts[4] > snap1.counts[4];
|
||||
});
|
||||
|
||||
Assert.ok(true);
|
||||
|
|
|
@ -817,6 +817,32 @@ function createPseudo(test, element, type) {
|
|||
[], "no records after applying the same order");
|
||||
}, "animtion_order_change");
|
||||
|
||||
test(t => {
|
||||
var div = addDiv(t);
|
||||
var observer =
|
||||
setupSynchronousObserver(t,
|
||||
aOptions.subtree ? div.parentNode : div,
|
||||
aOptions.subtree);
|
||||
|
||||
var anim = div.animate({ opacity: [ 0, 1 ] },
|
||||
{ duration: 100 * MS_PER_SEC,
|
||||
iterationComposite: 'replace' });
|
||||
|
||||
assert_equals_records(observer.takeRecords(),
|
||||
[{ added: [anim], changed: [], removed: [] }],
|
||||
"records after animation is added");
|
||||
|
||||
anim.effect.iterationComposite = 'accumulate';
|
||||
assert_equals_records(observer.takeRecords(),
|
||||
[{ added: [], changed: [anim], removed: [] }],
|
||||
"records after iterationComposite is changed");
|
||||
|
||||
anim.effect.iterationComposite = 'accumulate';
|
||||
assert_equals_records(observer.takeRecords(),
|
||||
[], "no record after setting the same iterationComposite");
|
||||
|
||||
}, "set_iterationComposite");
|
||||
|
||||
});
|
||||
|
||||
test(t => {
|
||||
|
|
|
@ -167,7 +167,6 @@ IPCBlobInputStreamChild::StreamNeeded(IPCBlobInputStream* aStream,
|
|||
mozilla::ipc::IPCResult
|
||||
IPCBlobInputStreamChild::RecvStreamReady(const OptionalIPCStream& aStream)
|
||||
{
|
||||
MutexAutoLock lock(mMutex);
|
||||
MOZ_ASSERT(!mPendingOperations.IsEmpty());
|
||||
|
||||
nsCOMPtr<nsIInputStream> stream = DeserializeIPCStream(aStream);
|
||||
|
|
|
@ -19,7 +19,7 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=394700
|
|||
|
||||
/** Test for Bug 394700 **/
|
||||
|
||||
function remove(q1) { q1.parentNode.removeChild(q1); }
|
||||
function remove(q1) { q1.remove(); }
|
||||
|
||||
function testSelectedIndex()
|
||||
{
|
||||
|
@ -33,8 +33,8 @@ function testSelectedIndex()
|
|||
remove(document.getElementById("A"));
|
||||
}
|
||||
var selectElement = document.getElementsByTagName("select")[0];
|
||||
ok(selectElement.selectedIndex == -1, "Wrong selected index!");
|
||||
ok(selectElement.length == 0, "Select shouldn't have any options!")
|
||||
is(selectElement.selectedIndex, -1, "Wrong selected index!");
|
||||
is(selectElement.length, 0, "Select shouldn't have any options!");
|
||||
}
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
|
|
@ -208,10 +208,6 @@ GPUParent::RecvInit(nsTArray<GfxPrefSetting>&& prefs,
|
|||
RecvGetDeviceStatus(&data);
|
||||
Unused << SendInitComplete(data);
|
||||
|
||||
#ifdef XP_WIN
|
||||
DeviceManagerDx::PreloadAttachmentsOnCompositorThread();
|
||||
#endif
|
||||
|
||||
Telemetry::AccumulateTimeDelta(Telemetry::GPU_PROCESS_INITIALIZATION_TIME_MS, mLaunchTime);
|
||||
return IPC_OK();
|
||||
}
|
||||
|
|
|
@ -647,7 +647,11 @@ ClientLayerManager::FlushRendering()
|
|||
{
|
||||
if (mWidget) {
|
||||
if (CompositorBridgeChild* remoteRenderer = mWidget->GetRemoteRenderer()) {
|
||||
remoteRenderer->SendFlushRendering();
|
||||
if (mWidget->SynchronouslyRepaintOnResize() || gfxPrefs::LayersForceSynchronousResize()) {
|
||||
remoteRenderer->SendFlushRendering();
|
||||
} else {
|
||||
remoteRenderer->SendFlushRenderingAsync();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -549,6 +549,12 @@ CompositorBridgeParent::RecvFlushRendering()
|
|||
return IPC_OK();
|
||||
}
|
||||
|
||||
mozilla::ipc::IPCResult
|
||||
CompositorBridgeParent::RecvFlushRenderingAsync()
|
||||
{
|
||||
return RecvFlushRendering();
|
||||
}
|
||||
|
||||
mozilla::ipc::IPCResult
|
||||
CompositorBridgeParent::RecvForcePresent()
|
||||
{
|
||||
|
|
|
@ -202,6 +202,7 @@ public:
|
|||
virtual mozilla::ipc::IPCResult RecvMakeSnapshot(const SurfaceDescriptor& aInSnapshot,
|
||||
const gfx::IntRect& aRect) override;
|
||||
virtual mozilla::ipc::IPCResult RecvFlushRendering() override;
|
||||
virtual mozilla::ipc::IPCResult RecvFlushRenderingAsync() override;
|
||||
virtual mozilla::ipc::IPCResult RecvForcePresent() override;
|
||||
|
||||
virtual mozilla::ipc::IPCResult RecvAcknowledgeCompositorUpdate(const uint64_t&, const uint64_t&) override {
|
||||
|
|
|
@ -63,6 +63,7 @@ public:
|
|||
const gfx::IntRect& aRect) override
|
||||
{ return IPC_OK(); }
|
||||
virtual mozilla::ipc::IPCResult RecvFlushRendering() override { return IPC_OK(); }
|
||||
virtual mozilla::ipc::IPCResult RecvFlushRenderingAsync() override { return IPC_OK(); }
|
||||
virtual mozilla::ipc::IPCResult RecvForcePresent() override { return IPC_OK(); }
|
||||
virtual mozilla::ipc::IPCResult RecvNotifyRegionInvalidated(const nsIntRegion& aRegion) override { return IPC_OK(); }
|
||||
virtual mozilla::ipc::IPCResult RecvStartFrameTimeRecording(const int32_t& aBufferSize, uint32_t* aOutStartIndex) override { return IPC_OK(); }
|
||||
|
|
|
@ -205,6 +205,10 @@ parent:
|
|||
// block until they are completed.
|
||||
sync FlushRendering();
|
||||
|
||||
// Same as FlushRendering, but asynchronous, since not all platforms require
|
||||
// synchronous repaints on resize.
|
||||
async FlushRenderingAsync();
|
||||
|
||||
// Force an additional frame presentation to be executed. This is used to
|
||||
// work around a windows presentation bug (See Bug 1232042)
|
||||
async ForcePresent();
|
||||
|
|
|
@ -136,7 +136,12 @@ DeviceManagerDx::CreateCompositorDevices()
|
|||
mD3D11Module.disown();
|
||||
|
||||
MOZ_ASSERT(mCompositorDevice);
|
||||
return d3d11.IsEnabled();
|
||||
if (!d3d11.IsEnabled()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
PreloadAttachmentsOnCompositorThread();
|
||||
return true;
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -103,11 +103,11 @@ public:
|
|||
void ForceDeviceReset(ForcedDeviceResetReason aReason);
|
||||
void NotifyD3D9DeviceReset();
|
||||
|
||||
private:
|
||||
// Pre-load any compositor resources that are expensive, and are needed when we
|
||||
// attempt to create a compositor.
|
||||
static void PreloadAttachmentsOnCompositorThread();
|
||||
|
||||
private:
|
||||
IDXGIAdapter1 *GetDXGIAdapter();
|
||||
|
||||
void DisableD3D11AfterCrash();
|
||||
|
|
|
@ -965,9 +965,6 @@ gfxPlatform::InitLayersIPC()
|
|||
wr::RenderThread::Start();
|
||||
}
|
||||
layers::CompositorThreadHolder::Start();
|
||||
#ifdef XP_WIN
|
||||
gfx::DeviceManagerDx::PreloadAttachmentsOnCompositorThread();
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -563,6 +563,7 @@ private:
|
|||
DECL_GFX_PREF(Live, "layers.shared-buffer-provider.enabled", PersistentBufferProviderSharedEnabled, bool, false);
|
||||
DECL_GFX_PREF(Live, "layers.single-tile.enabled", LayersSingleTileEnabled, bool, true);
|
||||
DECL_GFX_PREF(Once, "layers.stereo-video.enabled", StereoVideoEnabled, bool, false);
|
||||
DECL_GFX_PREF(Live, "layers.force-synchronous-resize", LayersForceSynchronousResize, bool, false);
|
||||
|
||||
// We allow for configurable and rectangular tile size to avoid wasting memory on devices whose
|
||||
// screen size does not align nicely to the default tile size. Although layers can be any size,
|
||||
|
|
|
@ -1060,6 +1060,23 @@ struct JSRuntime : public js::MallocProvider<JSRuntime>
|
|||
js::ActiveThreadData<js::RuntimeCaches> caches_;
|
||||
public:
|
||||
js::RuntimeCaches& caches() { return caches_.ref(); }
|
||||
|
||||
private:
|
||||
// When wasm is interrupted, the pc at which we should return if the
|
||||
// interrupt hasn't stopped execution of the current running code. Since
|
||||
// this is used only by the interrupt handler and the latter is not
|
||||
// reentrant, this value can't be clobbered so there is at most one
|
||||
// resume PC at a time.
|
||||
js::ActiveThreadData<void*> wasmResumePC_;
|
||||
|
||||
public:
|
||||
void* wasmResumePC() const {
|
||||
return wasmResumePC_;
|
||||
}
|
||||
void setWasmResumePC(void* resumePC) {
|
||||
MOZ_ASSERT(!!resumePC == !wasmResumePC_);
|
||||
wasmResumePC_ = resumePC;
|
||||
}
|
||||
};
|
||||
|
||||
namespace js {
|
||||
|
|
|
@ -1645,7 +1645,6 @@ jit::JitActivation::traceIonRecovery(JSTracer* trc)
|
|||
WasmActivation::WasmActivation(JSContext* cx)
|
||||
: Activation(cx, Wasm),
|
||||
entrySP_(nullptr),
|
||||
resumePC_(nullptr),
|
||||
exitFP_(nullptr),
|
||||
exitReason_(wasm::ExitReason::Fixed::None)
|
||||
{
|
||||
|
@ -1691,7 +1690,7 @@ WasmActivation::startInterrupt(void* pc, uint8_t* fp)
|
|||
MOZ_ASSERT(!interrupted());
|
||||
MOZ_ASSERT(compartment()->wasm.lookupCode(pc)->lookupRange(pc)->isFunction());
|
||||
|
||||
resumePC_ = pc;
|
||||
cx_->runtime()->setWasmResumePC(pc);
|
||||
exitFP_ = fp;
|
||||
|
||||
MOZ_ASSERT(interrupted());
|
||||
|
@ -1703,10 +1702,23 @@ WasmActivation::finishInterrupt()
|
|||
MOZ_ASSERT(interrupted());
|
||||
MOZ_ASSERT(exitFP_);
|
||||
|
||||
resumePC_ = nullptr;
|
||||
cx_->runtime()->setWasmResumePC(nullptr);
|
||||
exitFP_ = nullptr;
|
||||
}
|
||||
|
||||
bool
|
||||
WasmActivation::interrupted() const
|
||||
{
|
||||
return !!cx_->runtime()->wasmResumePC();
|
||||
}
|
||||
|
||||
void*
|
||||
WasmActivation::resumePC() const
|
||||
{
|
||||
MOZ_ASSERT(interrupted());
|
||||
return cx_->runtime()->wasmResumePC();
|
||||
}
|
||||
|
||||
InterpreterFrameIterator&
|
||||
InterpreterFrameIterator::operator++()
|
||||
{
|
||||
|
|
|
@ -1734,7 +1734,6 @@ class WasmActivation : public Activation
|
|||
{
|
||||
WasmActivation* prevWasm_;
|
||||
void* entrySP_;
|
||||
void* resumePC_;
|
||||
uint8_t* exitFP_;
|
||||
wasm::ExitReason exitReason_;
|
||||
|
||||
|
@ -1765,8 +1764,8 @@ class WasmActivation : public Activation
|
|||
// when the interrupt is handled.
|
||||
void startInterrupt(void* pc, uint8_t* fp);
|
||||
void finishInterrupt();
|
||||
bool interrupted() const { return !!resumePC_; }
|
||||
void* resumePC() const { MOZ_ASSERT(interrupted()); return resumePC_; }
|
||||
bool interrupted() const;
|
||||
void* resumePC() const;
|
||||
|
||||
// Used by wasm::FrameIterator during stack unwinding.
|
||||
void unwindExitFP(uint8_t* exitFP);
|
||||
|
|
|
@ -1027,7 +1027,12 @@ HandleMachException(JSContext* cx, const ExceptionRequest& request)
|
|||
if (!IsHeapAccessAddress(*instance, faultingAddress))
|
||||
return false;
|
||||
|
||||
HandleMemoryAccess(&context, pc, faultingAddress, *instance, activation, ppc);
|
||||
{
|
||||
// HandleMemoryAccess may call startInterrupt, which sets the wasm
|
||||
// resume PC in the runtime.
|
||||
AutoNoteSingleThreadedRegion anstr;
|
||||
HandleMemoryAccess(&context, pc, faultingAddress, *instance, activation, ppc);
|
||||
}
|
||||
|
||||
// Update the thread state with the new pc and register values.
|
||||
kret = thread_set_state(cxThread, float_state, (thread_state_t)&context.float_, float_state_count);
|
||||
|
|
|
@ -976,7 +976,8 @@ nsFrame::DidSetStyleContext(nsStyleContext* aOldStyleContext)
|
|||
PresContext()->SetBidiEnabled();
|
||||
}
|
||||
|
||||
RemoveStateBits(NS_FRAME_SIMPLE_EVENT_REGIONS);
|
||||
RemoveStateBits(NS_FRAME_SIMPLE_EVENT_REGIONS |
|
||||
NS_FRAME_SIMPLE_DISPLAYLIST);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -2155,8 +2156,10 @@ nsIFrame::GetClipPropClipRect(const nsStyleDisplay* aDisp,
|
|||
* handled by constructing a dedicated nsHTML/XULScrollFrame, set up clipping
|
||||
* for that overflow in aBuilder->ClipState() to clip all containing-block
|
||||
* descendants.
|
||||
*
|
||||
* Return true if clipping was applied.
|
||||
*/
|
||||
static void
|
||||
static bool
|
||||
ApplyOverflowClipping(nsDisplayListBuilder* aBuilder,
|
||||
const nsIFrame* aFrame,
|
||||
const nsStyleDisplay* aDisp,
|
||||
|
@ -2168,7 +2171,7 @@ ApplyOverflowClipping(nsDisplayListBuilder* aBuilder,
|
|||
// is required by comboboxes which make their display text (an inline frame)
|
||||
// have clipping.
|
||||
if (!nsFrame::ShouldApplyOverflowClipping(aFrame, aDisp)) {
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
nsRect clipRect;
|
||||
bool haveRadii = false;
|
||||
|
@ -2184,6 +2187,7 @@ ApplyOverflowClipping(nsDisplayListBuilder* aBuilder,
|
|||
// XXX border-radius
|
||||
}
|
||||
aClipState.ClipContainingBlockDescendantsExtra(clipRect, haveRadii ? radii : nullptr);
|
||||
return true;
|
||||
}
|
||||
|
||||
#ifdef DEBUG
|
||||
|
@ -2863,6 +2867,45 @@ WrapInWrapList(nsDisplayListBuilder* aBuilder,
|
|||
return item;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a frame should be visited for building display list.
|
||||
*/
|
||||
static bool
|
||||
DescendIntoChild(nsDisplayListBuilder* aBuilder, nsIFrame *aChild,
|
||||
const nsRect& aDirty)
|
||||
{
|
||||
nsIFrame* child = aChild;
|
||||
const nsRect& dirty = aDirty;
|
||||
|
||||
if (!(child->GetStateBits() & NS_FRAME_FORCE_DISPLAY_LIST_DESCEND_INTO)) {
|
||||
// No need to descend into child to catch placeholders for visible
|
||||
// positioned stuff. So see if we can short-circuit frame traversal here.
|
||||
|
||||
// We can stop if child's frame subtree's intersection with the
|
||||
// dirty area is empty.
|
||||
// If the child is a scrollframe that we want to ignore, then we need
|
||||
// to descend into it because its scrolled child may intersect the dirty
|
||||
// area even if the scrollframe itself doesn't.
|
||||
// There are cases where the "ignore scroll frame" on the builder is not set
|
||||
// correctly, and so we additionally want to catch cases where the child is
|
||||
// a root scrollframe and we are ignoring scrolling on the viewport.
|
||||
nsIPresShell* shell = child->PresContext()->PresShell();
|
||||
bool keepDescending = child == aBuilder->GetIgnoreScrollFrame() ||
|
||||
(shell->IgnoringViewportScrolling() && child == shell->GetRootScrollFrame());
|
||||
if (!keepDescending) {
|
||||
nsRect childDirty;
|
||||
if (!childDirty.IntersectRect(dirty, child->GetVisualOverflowRect()))
|
||||
return false;
|
||||
// Usually we could set dirty to childDirty now but there's no
|
||||
// benefit, and it can be confusing. It can especially confuse
|
||||
// situations where we're going to ignore a scrollframe's clipping;
|
||||
// we wouldn't want to clip the dirty area to the scrollframe's
|
||||
// bounds in that case.
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void
|
||||
nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
||||
nsIFrame* aChild,
|
||||
|
@ -2885,11 +2928,59 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
if (child->GetStateBits() & NS_FRAME_TOO_DEEP_IN_FRAME_TREE)
|
||||
return;
|
||||
|
||||
const bool doingShortcut =
|
||||
(child->GetStateBits() & NS_FRAME_SIMPLE_DISPLAYLIST) &&
|
||||
aBuilder->IsPaintingToWindow() &&
|
||||
// This would be changed by the change of preference.
|
||||
aBuilder->IsBuildingLayerEventRegions() &&
|
||||
// Animations may change the value of |HasOpacity()|.
|
||||
!(child->GetContent() &&
|
||||
child->GetContent()->MayHaveAnimations());
|
||||
if (doingShortcut) {
|
||||
// This is the shortcut for frames been handled along the common
|
||||
// path, the most common one of THE COMMON CASE mentioned later.
|
||||
MOZ_ASSERT(child->Type() != LayoutFrameType::Placeholder);
|
||||
MOZ_ASSERT(!aBuilder->GetSelectedFramesOnly() &&
|
||||
!aBuilder->GetIncludeAllOutOfFlows(),
|
||||
"It should be held for painting to window");
|
||||
|
||||
// dirty rect in child-relative coordinates
|
||||
nsRect dirty = aDirtyRect - child->GetOffsetTo(this);
|
||||
if (!DescendIntoChild(aBuilder, child, dirty)) {
|
||||
return;
|
||||
}
|
||||
|
||||
nsDisplayListBuilder::AutoBuildingDisplayList
|
||||
buildingForChild(aBuilder, child, dirty, false);
|
||||
|
||||
CheckForApzAwareEventHandlers(aBuilder, child);
|
||||
|
||||
nsDisplayLayerEventRegions* eventRegions = aBuilder->GetLayerEventRegions();
|
||||
if (eventRegions) {
|
||||
eventRegions->AddFrame(aBuilder, child);
|
||||
}
|
||||
|
||||
child->MarkAbsoluteFramesForDisplayList(aBuilder, dirty);
|
||||
aBuilder->AdjustWindowDraggingRegion(child);
|
||||
child->BuildDisplayList(aBuilder, dirty, aLists);
|
||||
aBuilder->DisplayCaret(child, dirty, aLists.Content());
|
||||
#ifdef DEBUG
|
||||
DisplayDebugBorders(aBuilder, child, aLists);
|
||||
#endif
|
||||
return;
|
||||
}
|
||||
|
||||
bool isSVG = (child->GetStateBits() & NS_FRAME_SVG_LAYOUT);
|
||||
|
||||
// It is raised if the control flow strays off the common path.
|
||||
// The common path is the most common one of THE COMMON CASE
|
||||
// mentioned later.
|
||||
bool awayFromCommonPath = false;
|
||||
|
||||
// true if this is a real or pseudo stacking context
|
||||
bool pseudoStackingContext =
|
||||
(aFlags & DISPLAY_CHILD_FORCE_PSEUDO_STACKING_CONTEXT) != 0;
|
||||
awayFromCommonPath |= pseudoStackingContext;
|
||||
if (!isSVG &&
|
||||
(aFlags & DISPLAY_CHILD_INLINE) &&
|
||||
!child->IsFrameOfType(eLineParticipant)) {
|
||||
|
@ -2897,6 +2988,7 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
// it acts like inline-block or inline-table. Therefore it is a
|
||||
// pseudo-stacking-context.
|
||||
pseudoStackingContext = true;
|
||||
awayFromCommonPath = true;
|
||||
}
|
||||
|
||||
// dirty rect in child-relative coordinates
|
||||
|
@ -2937,6 +3029,7 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
dirty.SetEmpty();
|
||||
}
|
||||
pseudoStackingContext = true;
|
||||
awayFromCommonPath = true;
|
||||
}
|
||||
|
||||
NS_ASSERTION(!child->IsPlaceholderFrame(),
|
||||
|
@ -2950,31 +3043,9 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
if (aBuilder->GetIncludeAllOutOfFlows() &&
|
||||
(child->GetStateBits() & NS_FRAME_OUT_OF_FLOW)) {
|
||||
dirty = child->GetVisualOverflowRect();
|
||||
} else if (!(child->GetStateBits() & NS_FRAME_FORCE_DISPLAY_LIST_DESCEND_INTO)) {
|
||||
// No need to descend into child to catch placeholders for visible
|
||||
// positioned stuff. So see if we can short-circuit frame traversal here.
|
||||
|
||||
// We can stop if child's frame subtree's intersection with the
|
||||
// dirty area is empty.
|
||||
// If the child is a scrollframe that we want to ignore, then we need
|
||||
// to descend into it because its scrolled child may intersect the dirty
|
||||
// area even if the scrollframe itself doesn't.
|
||||
// There are cases where the "ignore scroll frame" on the builder is not set
|
||||
// correctly, and so we additionally want to catch cases where the child is
|
||||
// a root scrollframe and we are ignoring scrolling on the viewport.
|
||||
nsIPresShell* shell = PresContext()->PresShell();
|
||||
bool keepDescending = child == aBuilder->GetIgnoreScrollFrame() ||
|
||||
(shell->IgnoringViewportScrolling() && child == shell->GetRootScrollFrame());
|
||||
if (!keepDescending) {
|
||||
nsRect childDirty;
|
||||
if (!childDirty.IntersectRect(dirty, child->GetVisualOverflowRect()))
|
||||
return;
|
||||
// Usually we could set dirty to childDirty now but there's no
|
||||
// benefit, and it can be confusing. It can especially confuse
|
||||
// situations where we're going to ignore a scrollframe's clipping;
|
||||
// we wouldn't want to clip the dirty area to the scrollframe's
|
||||
// bounds in that case.
|
||||
}
|
||||
awayFromCommonPath = true;
|
||||
} else if (!DescendIntoChild(aBuilder, child, dirty)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// XXX need to have inline-block and inline-table set pseudoStackingContext
|
||||
|
@ -2991,6 +3062,7 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
// within the displayport.
|
||||
if (aBuilder->IsPaintingToWindow() && child->TrackingVisibility()) {
|
||||
child->PresContext()->PresShell()->EnsureFrameInApproximatelyVisibleList(child);
|
||||
awayFromCommonPath = true;
|
||||
}
|
||||
|
||||
// Child is composited if it's transformed, partially transparent, or has
|
||||
|
@ -3022,6 +3094,7 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
(aFlags & DISPLAY_CHILD_FORCE_STACKING_CONTEXT)) {
|
||||
// If you change this, also change IsPseudoStackingContextFromStyle()
|
||||
pseudoStackingContext = true;
|
||||
awayFromCommonPath = true;
|
||||
}
|
||||
NS_ASSERTION(!isStackingContext || pseudoStackingContext,
|
||||
"Stacking contexts must also be pseudo-stacking-contexts");
|
||||
|
@ -3039,6 +3112,7 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
savedOutOfFlowData->mContainingBlockClipChain);
|
||||
asrSetter.SetCurrentActiveScrolledRoot(
|
||||
savedOutOfFlowData->mContainingBlockActiveScrolledRoot);
|
||||
MOZ_ASSERT(awayFromCommonPath, "It is impossible when savedOutOfFlowData is true");
|
||||
} else if (GetStateBits() & NS_FRAME_FORCE_DISPLAY_LIST_DESCEND_INTO &&
|
||||
isPlaceholder) {
|
||||
NS_ASSERTION(dirty.IsEmpty(), "should have empty dirty rect");
|
||||
|
@ -3052,6 +3126,7 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
// instead since we know we won't render anything, and the inner out-of-flow
|
||||
// frame will setup the correct clip for itself.
|
||||
clipState.SetClipChainForContainingBlockDescendants(nullptr);
|
||||
awayFromCommonPath = true;
|
||||
}
|
||||
|
||||
// Setup clipping for the parent's overflow:-moz-hidden-unscrollable,
|
||||
|
@ -3065,7 +3140,9 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
nsIFrame* parent = child->GetParent();
|
||||
const nsStyleDisplay* parentDisp =
|
||||
parent == this ? ourDisp : parent->StyleDisplay();
|
||||
ApplyOverflowClipping(aBuilder, parent, parentDisp, clipState);
|
||||
if (ApplyOverflowClipping(aBuilder, parent, parentDisp, clipState)) {
|
||||
awayFromCommonPath = true;
|
||||
}
|
||||
|
||||
nsDisplayList list;
|
||||
nsDisplayList extraPositionedDescendants;
|
||||
|
@ -3088,6 +3165,7 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
dirty.IntersectRect(dirty, *clipPropClip);
|
||||
clipState.ClipContentDescendants(
|
||||
*clipPropClip + aBuilder->ToReferenceFrame(child));
|
||||
awayFromCommonPath = true;
|
||||
}
|
||||
|
||||
child->MarkAbsoluteFramesForDisplayList(aBuilder, dirty);
|
||||
|
@ -3113,6 +3191,12 @@ nsIFrame::BuildDisplayListForChild(nsDisplayListBuilder* aBuilder,
|
|||
if (eventRegions) {
|
||||
eventRegions->AddFrame(aBuilder, child);
|
||||
}
|
||||
if (!awayFromCommonPath &&
|
||||
aBuilder->IsPaintingToWindow() &&
|
||||
!buildingForChild.MaybeAnimatedGeometryRoot()) {
|
||||
// The shortcut is available for the child for next time.
|
||||
child->AddStateBits(NS_FRAME_SIMPLE_DISPLAYLIST);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -273,6 +273,10 @@ FRAME_STATE_BIT(Generic, 55, NS_FRAME_OWNS_ANON_BOXES)
|
|||
// Frame has properties in the nsIFrame::Properties() hash.
|
||||
FRAME_STATE_BIT(Generic, 56, NS_FRAME_HAS_PROPERTIES)
|
||||
|
||||
// The display list of the frame can be handled by the shortcut for
|
||||
// COMMON CASE.
|
||||
FRAME_STATE_BIT(Generic, 57, NS_FRAME_SIMPLE_DISPLAYLIST)
|
||||
|
||||
// Set for all descendants of MathML sub/supscript elements (other than the
|
||||
// base frame) to indicate that the SSTY font feature should be used.
|
||||
FRAME_STATE_BIT(Generic, 58, NS_FRAME_MATHML_SCRIPT_DESCENDANT)
|
||||
|
|
|
@ -973,7 +973,7 @@ AnimatedGeometryRoot*
|
|||
nsDisplayListBuilder::WrapAGRForFrame(nsIFrame* aAnimatedGeometryRoot,
|
||||
AnimatedGeometryRoot* aParent /* = nullptr */)
|
||||
{
|
||||
MOZ_ASSERT(IsAnimatedGeometryRoot(aAnimatedGeometryRoot));
|
||||
MOZ_ASSERT(IsAnimatedGeometryRoot(aAnimatedGeometryRoot) == AGR_YES);
|
||||
|
||||
AnimatedGeometryRoot* result = nullptr;
|
||||
if (!mFrameToAnimatedGeometryRootMap.Get(aAnimatedGeometryRoot, &result)) {
|
||||
|
@ -1477,72 +1477,94 @@ IsStickyFrameActive(nsDisplayListBuilder* aBuilder, nsIFrame* aFrame, nsIFrame*
|
|||
return sf->IsScrollingActive(aBuilder) && sf->GetScrolledFrame() == cursor;
|
||||
}
|
||||
|
||||
bool
|
||||
nsDisplayListBuilder::IsAnimatedGeometryRoot(nsIFrame* aFrame, nsIFrame** aParent)
|
||||
nsDisplayListBuilder::AGRState
|
||||
nsDisplayListBuilder::IsAnimatedGeometryRoot(nsIFrame* aFrame,
|
||||
nsIFrame** aParent)
|
||||
{
|
||||
if (aFrame == mReferenceFrame) {
|
||||
return true;
|
||||
return AGR_YES;
|
||||
}
|
||||
if (!IsPaintingToWindow()) {
|
||||
if (aParent) {
|
||||
*aParent = nsLayoutUtils::GetCrossDocParentFrame(aFrame);
|
||||
}
|
||||
return false;
|
||||
return AGR_NO;
|
||||
}
|
||||
|
||||
if (nsLayoutUtils::IsPopup(aFrame))
|
||||
return true;
|
||||
return AGR_YES;
|
||||
if (ActiveLayerTracker::IsOffsetOrMarginStyleAnimated(aFrame)) {
|
||||
const bool inBudget = AddToAGRBudget(aFrame);
|
||||
if (inBudget) {
|
||||
return true;
|
||||
return AGR_YES;
|
||||
}
|
||||
}
|
||||
if (!aFrame->GetParent() &&
|
||||
nsLayoutUtils::ViewportHasDisplayPort(aFrame->PresContext())) {
|
||||
// Viewport frames in a display port need to be animated geometry roots
|
||||
// for background-attachment:fixed elements.
|
||||
return true;
|
||||
return AGR_YES;
|
||||
}
|
||||
if (aFrame->IsTransformed()) {
|
||||
return true;
|
||||
return AGR_YES;
|
||||
}
|
||||
|
||||
nsIFrame* parent = nsLayoutUtils::GetCrossDocParentFrame(aFrame);
|
||||
if (!parent)
|
||||
return true;
|
||||
return AGR_YES;
|
||||
|
||||
bool maybe = false; // Possible to transition from not being an AGR
|
||||
// to being an AGR without a style change.
|
||||
|
||||
LayoutFrameType parentType = parent->Type();
|
||||
// Treat the slider thumb as being as an active scrolled root when it wants
|
||||
// its own layer so that it can move without repainting.
|
||||
if (parentType == LayoutFrameType::Slider &&
|
||||
nsLayoutUtils::IsScrollbarThumbLayerized(aFrame)) {
|
||||
return true;
|
||||
if (parentType == LayoutFrameType::Slider) {
|
||||
if (nsLayoutUtils::IsScrollbarThumbLayerized(aFrame)) {
|
||||
return AGR_YES;
|
||||
}
|
||||
maybe = true;
|
||||
}
|
||||
|
||||
if (aFrame->StyleDisplay()->mPosition == NS_STYLE_POSITION_STICKY &&
|
||||
IsStickyFrameActive(this, aFrame, parent))
|
||||
{
|
||||
return true;
|
||||
if (aFrame->StyleDisplay()->mPosition == NS_STYLE_POSITION_STICKY) {
|
||||
if (IsStickyFrameActive(this, aFrame, parent)) {
|
||||
return AGR_YES;
|
||||
}
|
||||
maybe = true;
|
||||
}
|
||||
|
||||
if (parentType == LayoutFrameType::Scroll ||
|
||||
parentType == LayoutFrameType::ListControl) {
|
||||
nsIScrollableFrame* sf = do_QueryFrame(parent);
|
||||
if (sf->IsScrollingActive(this) && sf->GetScrolledFrame() == aFrame) {
|
||||
return true;
|
||||
if (sf->GetScrolledFrame() == aFrame) {
|
||||
if (sf->IsScrollingActive(this)) {
|
||||
return AGR_YES;
|
||||
}
|
||||
maybe = true;
|
||||
}
|
||||
}
|
||||
|
||||
// Fixed-pos frames are parented by the viewport frame, which has no parent.
|
||||
if (nsLayoutUtils::IsFixedPosFrameInDisplayPort(aFrame)) {
|
||||
return true;
|
||||
return AGR_YES;
|
||||
}
|
||||
|
||||
if ((aFrame->GetStateBits() & NS_FRAME_MAY_BE_TRANSFORMED) &&
|
||||
aFrame->IsFrameOfType(nsIFrame::eSVG)) {
|
||||
// For SVG containers, they always have
|
||||
// NS_FRAME_MAY_BE_TRANSFORMED bit. However, they would be
|
||||
// affected by the fragement identifiers in the svgView form at
|
||||
// runtime without a new style context.
|
||||
// For example, layout/reftests/svg/fragmentIdentifier-01.xhtml
|
||||
//
|
||||
// see https://www.w3.org/TR/SVG/linking.html#SVGFragmentIdentifiers
|
||||
maybe = true;
|
||||
}
|
||||
|
||||
if (aParent) {
|
||||
*aParent = parent;
|
||||
}
|
||||
return false;
|
||||
return !maybe ? AGR_NO : AGR_MAYBE;
|
||||
}
|
||||
|
||||
nsIFrame*
|
||||
|
@ -1552,7 +1574,7 @@ nsDisplayListBuilder::FindAnimatedGeometryRootFrameFor(nsIFrame* aFrame)
|
|||
nsIFrame* cursor = aFrame;
|
||||
while (cursor != RootReferenceFrame()) {
|
||||
nsIFrame* next;
|
||||
if (IsAnimatedGeometryRoot(cursor, &next))
|
||||
if (IsAnimatedGeometryRoot(cursor, &next) == AGR_YES)
|
||||
return cursor;
|
||||
cursor = next;
|
||||
}
|
||||
|
@ -1563,7 +1585,7 @@ void
|
|||
nsDisplayListBuilder::RecomputeCurrentAnimatedGeometryRoot()
|
||||
{
|
||||
if (*mCurrentAGR != mCurrentFrame &&
|
||||
IsAnimatedGeometryRoot(const_cast<nsIFrame*>(mCurrentFrame))) {
|
||||
IsAnimatedGeometryRoot(const_cast<nsIFrame*>(mCurrentFrame)) == AGR_YES) {
|
||||
AnimatedGeometryRoot* oldAGR = mCurrentAGR;
|
||||
mCurrentAGR = WrapAGRForFrame(const_cast<nsIFrame*>(mCurrentFrame), mCurrentAGR);
|
||||
|
||||
|
|
|
@ -283,6 +283,15 @@ class nsDisplayListBuilder {
|
|||
nsRect mDirtyRect;
|
||||
};
|
||||
|
||||
/**
|
||||
* A frame can be in one of three states of AGR.
|
||||
* AGR_NO means the frame is not an AGR for now.
|
||||
* AGR_YES means the frame is an AGR for now.
|
||||
* AGR_MAYBE means the frame is not an AGR for now, but a transition
|
||||
* to AGR_YES without restyling is possible.
|
||||
*/
|
||||
enum AGRState { AGR_NO, AGR_YES, AGR_MAYBE };
|
||||
|
||||
public:
|
||||
typedef mozilla::FrameLayerBuilder FrameLayerBuilder;
|
||||
typedef mozilla::DisplayItemClip DisplayItemClip;
|
||||
|
@ -818,8 +827,9 @@ public:
|
|||
aBuilder->FindReferenceFrameFor(aForChild,
|
||||
&aBuilder->mCurrentOffsetToReferenceFrame);
|
||||
}
|
||||
mCurrentAGRState = aBuilder->IsAnimatedGeometryRoot(aForChild);
|
||||
if (aBuilder->mCurrentFrame == aForChild->GetParent()) {
|
||||
if (aBuilder->IsAnimatedGeometryRoot(aForChild)) {
|
||||
if (mCurrentAGRState == AGR_YES) {
|
||||
aBuilder->mCurrentAGR = aBuilder->WrapAGRForFrame(aForChild, aBuilder->mCurrentAGR);
|
||||
}
|
||||
} else if (aForChild != aBuilder->mCurrentFrame) {
|
||||
|
@ -843,8 +853,10 @@ public:
|
|||
return mPrevAnimatedGeometryRoot;
|
||||
}
|
||||
bool IsAnimatedGeometryRoot() const {
|
||||
return *mBuilder->mCurrentAGR == mBuilder->mCurrentFrame;
|
||||
|
||||
return mCurrentAGRState == AGR_YES;
|
||||
}
|
||||
bool MaybeAnimatedGeometryRoot() const {
|
||||
return mCurrentAGRState == AGR_MAYBE;
|
||||
}
|
||||
void RestoreBuildingInvisibleItemsValue() {
|
||||
mBuilder->mBuildingInvisibleItems = mPrevBuildingInvisibleItems;
|
||||
|
@ -862,6 +874,7 @@ public:
|
|||
}
|
||||
private:
|
||||
nsDisplayListBuilder* mBuilder;
|
||||
AGRState mCurrentAGRState;
|
||||
const nsIFrame* mPrevFrame;
|
||||
const nsIFrame* mPrevReferenceFrame;
|
||||
nsIFrame* mPrevAnimatedGeometryRoot;
|
||||
|
@ -1398,7 +1411,8 @@ private:
|
|||
* Returns whether a frame acts as an animated geometry root, optionally
|
||||
* returning the next ancestor to check.
|
||||
*/
|
||||
bool IsAnimatedGeometryRoot(nsIFrame* aFrame, nsIFrame** aParent = nullptr);
|
||||
AGRState IsAnimatedGeometryRoot(nsIFrame* aFrame,
|
||||
nsIFrame** aParent = nullptr);
|
||||
|
||||
/**
|
||||
* Returns the nearest ancestor frame to aFrame that is considered to have
|
||||
|
|
|
@ -2510,11 +2510,13 @@ nsMenuPopupFrame::ShouldFollowAnchor(nsRect& aRect)
|
|||
}
|
||||
|
||||
nsIFrame* anchorFrame = mAnchorContent->GetPrimaryFrame();
|
||||
if (anchorFrame) {
|
||||
nsPresContext* rootPresContext = PresContext()->GetRootPresContext();
|
||||
if (rootPresContext) {
|
||||
aRect = ComputeAnchorRect(rootPresContext, anchorFrame);
|
||||
}
|
||||
if (!anchorFrame) {
|
||||
return false;
|
||||
}
|
||||
|
||||
nsPresContext* rootPresContext = PresContext()->GetRootPresContext();
|
||||
if (rootPresContext) {
|
||||
aRect = ComputeAnchorRect(rootPresContext, anchorFrame);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
|
|
@ -1160,4 +1160,4 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
|
|||
|
||||
static const int32_t kUnknownId = -1;
|
||||
|
||||
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1502377322721000);
|
||||
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1502463680810000);
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
007sascha.de: did not receive HSTS header
|
||||
00f.net: did not receive HSTS header
|
||||
020wifi.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 118" data: no]
|
||||
0513c.com: could not connect to host
|
||||
0g.org.uk: could not connect to host
|
||||
0o0.ooo: could not connect to host
|
||||
0p.no: did not receive HSTS header
|
||||
|
@ -102,7 +103,6 @@ aaron-gustafson.com: did not receive HSTS header
|
|||
aati.info: did not receive HSTS header
|
||||
abearofsoap.com: could not connect to host
|
||||
abecodes.net: did not receive HSTS header
|
||||
abeontech.com: could not connect to host
|
||||
abilitylist.org: did not receive HSTS header
|
||||
abioniere.de: could not connect to host
|
||||
ablogagency.net: could not connect to host
|
||||
|
@ -134,10 +134,9 @@ actu-medias.com: did not receive HSTS header
|
|||
acuve.jp: could not connect to host
|
||||
ada.is: max-age too low: 2592000
|
||||
adajwells.me: could not connect to host
|
||||
adamgold.net: could not connect to host
|
||||
adams.net: max-age too low: 0
|
||||
adamwk.com: did not receive HSTS header
|
||||
adboos.com: could not connect to host
|
||||
adboos.com: did not receive HSTS header
|
||||
addaxpetroleum.com: could not connect to host
|
||||
addvocate.com: could not connect to host
|
||||
adelevie.com: could not connect to host
|
||||
|
@ -156,8 +155,6 @@ adquisitio.es: could not connect to host
|
|||
adquisitio.fr: could not connect to host
|
||||
adquisitio.it: could not connect to host
|
||||
adrianseo.ro: did not receive HSTS header
|
||||
adrienkohlbecker.com: could not connect to host
|
||||
adrinet.tk: could not connect to host
|
||||
adrl.ca: could not connect to host
|
||||
adsfund.org: could not connect to host
|
||||
aduedu.de: did not receive HSTS header
|
||||
|
@ -232,7 +229,7 @@ alloinformatique.net: could not connect to host
|
|||
allstarswithus.com: could not connect to host
|
||||
alpha.irccloud.com: could not connect to host
|
||||
alphabit-secure.com: could not connect to host
|
||||
alphabuild.io: did not receive HSTS header
|
||||
alphabuild.io: could not connect to host
|
||||
alphalabs.xyz: could not connect to host
|
||||
alt33c3.org: could not connect to host
|
||||
altfire.ca: could not connect to host
|
||||
|
@ -344,6 +341,7 @@ appsdash.io: could not connect to host
|
|||
appseccalifornia.org: did not receive HSTS header
|
||||
aptive.co.uk: did not receive HSTS header
|
||||
aqilacademy.com.au: could not connect to host
|
||||
aqualogy.de: could not connect to host
|
||||
aquilalab.com: could not connect to host
|
||||
arabdigitalexpression.org: did not receive HSTS header
|
||||
aradulconteaza.ro: could not connect to host
|
||||
|
@ -398,7 +396,7 @@ asuhe.cc: did not receive HSTS header
|
|||
asuhe.win: could not connect to host
|
||||
atavio.at: could not connect to host
|
||||
atavio.ch: could not connect to host
|
||||
atavio.de: did not receive HSTS header
|
||||
atavio.de: could not connect to host
|
||||
atbeckett.com: did not receive HSTS header
|
||||
athenelive.com: could not connect to host
|
||||
athul.xyz: did not receive HSTS header
|
||||
|
@ -493,7 +491,6 @@ bashcode.ninja: could not connect to host
|
|||
basicsolutionsus.com: did not receive HSTS header
|
||||
basilisk.io: could not connect to host
|
||||
bassh.net: could not connect to host
|
||||
batonger.com: did not receive HSTS header
|
||||
baud.ninja: could not connect to host
|
||||
baum.ga: did not receive HSTS header
|
||||
baumstark.ca: could not connect to host
|
||||
|
@ -548,6 +545,7 @@ besixdouze.world: could not connect to host
|
|||
besola.de: did not receive HSTS header
|
||||
bestbeards.ca: could not connect to host
|
||||
bestcellular.com: did not receive HSTS header
|
||||
bestgifts4you.com: could not connect to host
|
||||
besthost.cz: did not receive HSTS header
|
||||
betcafearena.ro: did not receive HSTS header
|
||||
bethditto.com: could not connect to host
|
||||
|
@ -583,7 +581,6 @@ billin.net: did not receive HSTS header
|
|||
billkiss.com: could not connect to host
|
||||
billninja.com: did not receive HSTS header
|
||||
billrusling.com: could not connect to host
|
||||
biltullen.com: did not receive HSTS header
|
||||
binderapp.net: could not connect to host
|
||||
bingcheung.com: did not receive HSTS header
|
||||
biofam.ru: did not receive HSTS header
|
||||
|
@ -643,7 +640,7 @@ blupig.net: did not receive HSTS header
|
|||
bluserv.net: did not receive HSTS header
|
||||
bm-trading.nl: did not receive HSTS header
|
||||
bnhlibrary.com: did not receive HSTS header
|
||||
bobiji.com: did not receive HSTS header
|
||||
bobiji.com: could not connect to host
|
||||
bodo-wolff.de: could not connect to host
|
||||
bodyblog.nl: did not receive HSTS header
|
||||
bodybuilding-legends.com: could not connect to host
|
||||
|
@ -697,7 +694,6 @@ britzer-toner.de: did not receive HSTS header
|
|||
brks.xyz: could not connect to host
|
||||
broken-oak.com: could not connect to host
|
||||
brokenhands.io: could not connect to host
|
||||
bronevichok.ru: could not connect to host
|
||||
brookechase.com: did not receive HSTS header
|
||||
browserid.org: could not connect to host
|
||||
brunix.net: did not receive HSTS header
|
||||
|
@ -828,6 +824,7 @@ catinmay.com: did not receive HSTS header
|
|||
catnapstudios.com: could not connect to host
|
||||
caveclan.org: did not receive HSTS header
|
||||
cavedroid.xyz: could not connect to host
|
||||
cbdev.de: could not connect to host
|
||||
cbhq.net: could not connect to host
|
||||
cbtistexcalac.mx: max-age too low: 0
|
||||
ccblog.de: did not receive HSTS header
|
||||
|
@ -910,6 +907,7 @@ chrisopperwall.com: did not receive HSTS header
|
|||
christiaandruif.nl: could not connect to host
|
||||
christianbargon.de: did not receive HSTS header
|
||||
christianbro.gq: could not connect to host
|
||||
christiangaetano.com: could not connect to host
|
||||
christophercolumbusfoundation.gov: did not receive HSTS header
|
||||
christophheich.me: could not connect to host
|
||||
chrisu3050.at: could not connect to host
|
||||
|
@ -935,7 +933,7 @@ ciuciucadou.ro: could not connect to host
|
|||
cium.ru: could not connect to host
|
||||
cjcaron.org: could not connect to host
|
||||
claimconnect.us: could not connect to host
|
||||
clanrose.org.uk: max-age too low: 0
|
||||
clanrose.org.uk: max-age too low: 10
|
||||
clara-baumert.de: could not connect to host
|
||||
claralabs.com: did not receive HSTS header
|
||||
classicsandexotics.com: did not receive HSTS header
|
||||
|
@ -1009,7 +1007,6 @@ codelayer.ca: could not connect to host
|
|||
codelitmus.com: did not receive HSTS header
|
||||
codemonkeyrawks.net: did not receive HSTS header
|
||||
codepoet.de: could not connect to host
|
||||
codepult.com: could not connect to host
|
||||
codepx.com: did not receive HSTS header
|
||||
codiva.io: max-age too low: 2592000
|
||||
coffeeetc.co.uk: did not receive HSTS header
|
||||
|
@ -1026,6 +1023,7 @@ colo-tech.com: could not connect to host
|
|||
colognegaming.net: could not connect to host
|
||||
coloradocomputernetworking.net: could not connect to host
|
||||
colorlib.com: did not receive HSTS header
|
||||
combron.nl: did not receive HSTS header
|
||||
comfortdom.ua: did not receive HSTS header
|
||||
comfortticket.de: did not receive HSTS header
|
||||
comicspines.com: could not connect to host
|
||||
|
@ -1063,6 +1061,7 @@ coole-meister.de: could not connect to host
|
|||
cooxa.com: did not receive HSTS header
|
||||
cor-ser.es: could not connect to host
|
||||
coralproject.net: did not receive HSTS header
|
||||
corbax.com: did not receive HSTS header
|
||||
corderoscleaning.com: did not receive HSTS header
|
||||
cordial-restaurant.com: did not receive HSTS header
|
||||
core.mx: could not connect to host
|
||||
|
@ -1108,7 +1107,7 @@ crockett.io: did not receive HSTS header
|
|||
croome.no-ip.org: could not connect to host
|
||||
crosscom.ch: could not connect to host
|
||||
crosssec.com: did not receive HSTS header
|
||||
crowd.supply: could not connect to host
|
||||
crowd.supply: did not receive HSTS header
|
||||
crowdcurity.com: did not receive HSTS header
|
||||
crowdjuris.com: could not connect to host
|
||||
crtvmgmt.com: could not connect to host
|
||||
|
@ -1192,6 +1191,7 @@ danieliancu.com: could not connect to host
|
|||
danielworthy.com: did not receive HSTS header
|
||||
danijobs.com: could not connect to host
|
||||
danishenanigans.com: could not connect to host
|
||||
danjesensky.com: could not connect to host
|
||||
danrl.de: could not connect to host
|
||||
daolerp.xyz: could not connect to host
|
||||
dargasia.is: could not connect to host
|
||||
|
@ -1223,6 +1223,7 @@ davidglidden.eu: could not connect to host
|
|||
davidhunter.scot: did not receive HSTS header
|
||||
davidnoren.com: did not receive HSTS header
|
||||
davidreinhardt.de: could not connect to host
|
||||
dawson-floridavilla.co.uk: max-age too low: 10
|
||||
daylightcompany.com: did not receive HSTS header
|
||||
daytonaseaside.com: did not receive HSTS header
|
||||
db.gy: could not connect to host
|
||||
|
@ -1312,8 +1313,7 @@ digitalriver.tk: could not connect to host
|
|||
digitalskillswap.com: could not connect to host
|
||||
dim.lighting: could not connect to host
|
||||
dinamoelektrik.com: could not connect to host
|
||||
dingcc.com: did not receive HSTS header
|
||||
dingcc.me: did not receive HSTS header
|
||||
dingcc.me: could not connect to host
|
||||
dinkum.online: could not connect to host
|
||||
directhskincream.com: could not connect to host
|
||||
directorinegocis.cat: could not connect to host
|
||||
|
@ -1366,6 +1366,7 @@ dollarstore24.com: could not connect to host
|
|||
dollywiki.co.uk: could not connect to host
|
||||
dolphin-cloud.com: could not connect to host
|
||||
dolphincorp.co.uk: could not connect to host
|
||||
domadillo.com: could not connect to host
|
||||
domaris.de: did not receive HSTS header
|
||||
dominicpratt.de: did not receive HSTS header
|
||||
dominioanimal.com: could not connect to host
|
||||
|
@ -1401,6 +1402,7 @@ drdevil.ru: could not connect to host
|
|||
dreadbyte.com: could not connect to host
|
||||
dreamcatcherblog.de: could not connect to host
|
||||
dreamlighteyeserum.com: could not connect to host
|
||||
dreamsforabetterworld.com.au: did not receive HSTS header
|
||||
dredgepress.com: could not connect to host
|
||||
dreid.org: did not receive HSTS header
|
||||
drewgle.net: could not connect to host
|
||||
|
@ -1420,6 +1422,7 @@ dubrovskiy.pro: could not connect to host
|
|||
duesee.org: could not connect to host
|
||||
dullsir.com: did not receive HSTS header
|
||||
dungi.org: could not connect to host
|
||||
dutchessuganda.com: did not receive HSTS header
|
||||
dutchrank.com: did not receive HSTS header
|
||||
dworzak.ch: could not connect to host
|
||||
dycontrol.de: could not connect to host
|
||||
|
@ -1427,7 +1430,6 @@ dyktig.as: did not receive HSTS header
|
|||
dylanscott.com.au: did not receive HSTS header
|
||||
dymersion.com: did not receive HSTS header
|
||||
dynamic-innovations.net: could not connect to host
|
||||
dyrkar.com: did not receive HSTS header
|
||||
dzimejl.sk: did not receive HSTS header
|
||||
dzlibs.io: could not connect to host
|
||||
dzndk.com: could not connect to host
|
||||
|
@ -1541,6 +1543,7 @@ endlessdiy.ca: could not connect to host
|
|||
endlesshorizon.net: could not connect to host
|
||||
endlesstone.com: did not receive HSTS header
|
||||
enefan.jp: could not connect to host
|
||||
engelwerbung.com: did not receive HSTS header
|
||||
enginsight.com: did not receive HSTS header
|
||||
englishyamal.ru: did not receive HSTS header
|
||||
enigmacpt.com: did not receive HSTS header
|
||||
|
@ -1563,11 +1566,14 @@ envygeeks.io: did not receive HSTS header
|
|||
eol34.com: did not receive HSTS header
|
||||
epanurse.com: could not connect to host
|
||||
ephry.com: could not connect to host
|
||||
epicpages.com: could not connect to host
|
||||
epoxate.com: could not connect to host
|
||||
epublibre.org: could not connect to host
|
||||
eq8.net.au: could not connect to host
|
||||
equate.net.au: could not connect to host
|
||||
equatetechnologies.com.au: could not connect to host
|
||||
equilibre-yoga-jennifer-will.com: could not connect to host
|
||||
equitee.co: could not connect to host
|
||||
erawanarifnugroho.com: did not receive HSTS header
|
||||
eressea.xyz: could not connect to host
|
||||
ericbond.net: could not connect to host
|
||||
|
@ -1623,6 +1629,7 @@ euren.se: could not connect to host
|
|||
eurocamping.se: could not connect to host
|
||||
euroshop24.net: could not connect to host
|
||||
evafojtova.cz: did not receive HSTS header
|
||||
evangelosm.com: could not connect to host
|
||||
evdenevenakliyatankara.pw: did not receive HSTS header
|
||||
everybooks.com: max-age too low: 60
|
||||
everylab.org: could not connect to host
|
||||
|
@ -1713,6 +1720,7 @@ festrip.com: could not connect to host
|
|||
fexmen.com: could not connect to host
|
||||
ffmradio.de: did not receive HSTS header
|
||||
fics-twosigma.com: could not connect to host
|
||||
fid.to: could not connect to host
|
||||
fiftyshadesofluca.ml: could not connect to host
|
||||
fig.co: did not receive HSTS header
|
||||
fightr.co: could not connect to host
|
||||
|
@ -1813,6 +1821,7 @@ frankwei.xyz: did not receive HSTS header
|
|||
franta.biz: did not receive HSTS header
|
||||
franta.email: did not receive HSTS header
|
||||
franzt.de: could not connect to host
|
||||
franzt.ovh: could not connect to host
|
||||
frasys.io: could not connect to host
|
||||
frasys.net: could not connect to host
|
||||
fredvoyage.fr: did not receive HSTS header
|
||||
|
@ -1953,7 +1962,6 @@ getwashdaddy.com: could not connect to host
|
|||
gfm.tech: could not connect to host
|
||||
gfwsb.ml: could not connect to host
|
||||
ggss.ml: could not connect to host
|
||||
gha.st: did not receive HSTS header
|
||||
gheorghesarcov.ga: could not connect to host
|
||||
gheorghesarcov.tk: could not connect to host
|
||||
gietvloergarant.nl: did not receive HSTS header
|
||||
|
@ -1974,6 +1982,7 @@ gizzo.sk: could not connect to host
|
|||
gl.search.yahoo.com: did not receive HSTS header
|
||||
glass.google.com: did not receive HSTS header (error ignored - included regardless)
|
||||
glentakahashi.com: max-age too low: 0
|
||||
glitchsys.com: could not connect to host
|
||||
glitzmirror.com: could not connect to host
|
||||
global-adult-webcams.com: did not receive HSTS header
|
||||
globalado.com: could not connect to host
|
||||
|
@ -1986,7 +1995,6 @@ gm.search.yahoo.com: did not receive HSTS header
|
|||
gmail.com: did not receive HSTS header (error ignored - included regardless)
|
||||
gmantra.org: could not connect to host
|
||||
gmoes.at: max-age too low: 600000
|
||||
gnylf.com: did not receive HSTS header
|
||||
go.ax: did not receive HSTS header
|
||||
go2sh.de: did not receive HSTS header
|
||||
goabonga.com: could not connect to host
|
||||
|
@ -2023,7 +2031,6 @@ gorilla-gym.site: could not connect to host
|
|||
gothamlimo.com: could not connect to host
|
||||
goto.google.com: did not receive HSTS header (error ignored - included regardless)
|
||||
gotocloud.ru: could not connect to host
|
||||
gotowned.org: did not receive HSTS header
|
||||
gotspot.com: could not connect to host
|
||||
gottcode.org: did not receive HSTS header
|
||||
gov.ax: could not connect to host
|
||||
|
@ -2185,13 +2192,11 @@ hdrboundless.com: could not connect to host
|
|||
hdsmigrationtool.com: could not connect to host
|
||||
hduin.xyz: could not connect to host
|
||||
hdwallpapers.net: did not receive HSTS header
|
||||
healthiercompany.com: did not receive HSTS header
|
||||
healtious.com: did not receive HSTS header
|
||||
heart.ge: did not receive HSTS header
|
||||
heartlandrentals.com: did not receive HSTS header
|
||||
heathmanners.com: could not connect to host
|
||||
hebaus.com: could not connect to host
|
||||
hectorj.net: could not connect to host
|
||||
heidilein.info: did not receive HSTS header
|
||||
heijblok.com: could not connect to host
|
||||
heimnetze.org: could not connect to host
|
||||
|
@ -2206,7 +2211,6 @@ henriknoerr.com: could not connect to host
|
|||
herrenfahrt.com: did not receive HSTS header
|
||||
herzbotschaft.de: did not receive HSTS header
|
||||
heutger.net: did not receive HSTS header
|
||||
hex2013.com: did not receive HSTS header
|
||||
heycms.com: could not connect to host
|
||||
heywoodtown.co.uk: could not connect to host
|
||||
hfi.me: could not connect to host
|
||||
|
@ -2245,8 +2249,6 @@ homeclouding.de: could not connect to host
|
|||
homedna.com: did not receive HSTS header
|
||||
hometownmall.com: did not receive HSTS header
|
||||
homeyantra.com: max-age too low: 86400
|
||||
hompus.nl: could not connect to host
|
||||
honeybeard.co.uk: could not connect to host
|
||||
hongzhaxiaofendui.com: could not connect to host
|
||||
honoo.com: could not connect to host
|
||||
hookandloom.com: did not receive HSTS header
|
||||
|
@ -2329,7 +2331,6 @@ id-co.in: could not connect to host
|
|||
id-conf.com: did not receive HSTS header
|
||||
idacmedia.com: max-age too low: 5184000
|
||||
ideal-envelopes.co.uk: did not receive HSTS header
|
||||
ideaman924.com: could not connect to host
|
||||
ideasmeetingpoint.com: could not connect to host
|
||||
ideation-inc.co.jp: could not connect to host
|
||||
idecode.net: could not connect to host
|
||||
|
@ -2428,7 +2429,6 @@ intel.li: did not receive HSTS header
|
|||
interference.io: could not connect to host
|
||||
interhosts.co.za: could not connect to host
|
||||
interlun.com: could not connect to host
|
||||
internect.co.za: did not receive HSTS header
|
||||
internetcasinos.de: could not connect to host
|
||||
internetcensus.org: could not connect to host
|
||||
interserved.com: did not receive HSTS header
|
||||
|
@ -2447,7 +2447,6 @@ iosmods.com: did not receive HSTS header
|
|||
iostips.ru: could not connect to host
|
||||
iotsms.io: could not connect to host
|
||||
ip6.im: did not receive HSTS header
|
||||
iphoneunlock.nu: did not receive HSTS header
|
||||
ipmimagazine.com: did not receive HSTS header
|
||||
iprice.co.id: did not receive HSTS header
|
||||
iprice.hk: did not receive HSTS header
|
||||
|
@ -2477,6 +2476,7 @@ iseek.biz: max-age too low: 0
|
|||
ishillaryclintoninprisonyet.com: could not connect to host
|
||||
isitamor.pm: could not connect to host
|
||||
iskaz.rs: did not receive HSTS header
|
||||
isntall.us: could not connect to host
|
||||
isogen5.com: could not connect to host
|
||||
isogram.nl: could not connect to host
|
||||
israkurort.com: did not receive HSTS header
|
||||
|
@ -2593,9 +2593,11 @@ jingyuesi.com: could not connect to host
|
|||
jirav.io: could not connect to host
|
||||
jkb.pics: could not connect to host
|
||||
jkbuster.com: could not connect to host
|
||||
jm-bea.net: did not receive HSTS header
|
||||
joakimalgroy.com: could not connect to host
|
||||
jobmedic.com: did not receive HSTS header
|
||||
jobss.co.uk: did not receive HSTS header
|
||||
joduska.me: could not connect to host
|
||||
joedavison.me: could not connect to host
|
||||
johannes-sprink.de: could not connect to host
|
||||
johnbrownphotography.ch: did not receive HSTS header
|
||||
|
@ -2630,6 +2632,7 @@ jslay.net: could not connect to host
|
|||
jualautoclave.com: did not receive HSTS header
|
||||
jualssh.com: could not connect to host
|
||||
julian-kipka.de: could not connect to host
|
||||
julibear.com: could not connect to host
|
||||
julido.de: did not receive HSTS header
|
||||
jumbox.xyz: could not connect to host
|
||||
junaos.xyz: did not receive HSTS header
|
||||
|
@ -2663,7 +2666,6 @@ kamikano.com: could not connect to host
|
|||
kamitech.ch: could not connect to host
|
||||
kanar.nl: could not connect to host
|
||||
kaneo-gmbh.de: did not receive HSTS header
|
||||
kangooroule.fr: could not connect to host
|
||||
kaplatz.is: could not connect to host
|
||||
kapucini.si: max-age too low: 0
|
||||
karaoketonight.com: could not connect to host
|
||||
|
@ -2691,7 +2693,7 @@ keeley.ml: could not connect to host
|
|||
keeleysam.me: could not connect to host
|
||||
keepassa.co: could not connect to host
|
||||
keepclean.me: could not connect to host
|
||||
kellyandantony.com: could not connect to host
|
||||
kellyandantony.com: did not receive HSTS header
|
||||
kerangalam.com: could not connect to host
|
||||
kerksanders.nl: did not receive HSTS header
|
||||
kermadec.net: could not connect to host
|
||||
|
@ -2716,6 +2718,7 @@ kingmanhall.org: could not connect to host
|
|||
kinkdr.com: could not connect to host
|
||||
kinnon.enterprises: could not connect to host
|
||||
kionetworks.com: did not receive HSTS header
|
||||
kirbear.com: could not connect to host
|
||||
kirkforcongress.com: could not connect to host
|
||||
kirkforsenate.com: could not connect to host
|
||||
kirkpatrickdavis.com: could not connect to host
|
||||
|
@ -2780,6 +2783,7 @@ kreb.io: could not connect to host
|
|||
kredite.sale: could not connect to host
|
||||
krestanskydarek.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 118" data: no]
|
||||
kriegt.es: did not receive HSTS header
|
||||
kristikala.nl: could not connect to host
|
||||
krizevci.info: did not receive HSTS header
|
||||
kroetenfuchs.de: could not connect to host
|
||||
kroodle.nl: did not receive HSTS header
|
||||
|
@ -2792,13 +2796,13 @@ kstan.me: could not connect to host
|
|||
kswriter.com: could not connect to host
|
||||
kucom.it: did not receive HSTS header
|
||||
kueulangtahunanak.net: could not connect to host
|
||||
kultmobil.se: did not receive HSTS header
|
||||
kummerlaender.eu: did not receive HSTS header
|
||||
kupelne-ptacek.sk: did not receive HSTS header
|
||||
kuppingercole.com: did not receive HSTS header
|
||||
kura.io: could not connect to host
|
||||
kurehun.org: could not connect to host
|
||||
kurtmclester.com: did not receive HSTS header
|
||||
kurz.pw: could not connect to host
|
||||
kusaka-abacus.jp: max-age too low: 0
|
||||
kweddingplanning.com: did not receive HSTS header
|
||||
kwok.tv: could not connect to host
|
||||
|
@ -2855,6 +2859,7 @@ lawformt.com: could not connect to host
|
|||
lawly.org: could not connect to host
|
||||
laxatus.com: could not connect to host
|
||||
laxiongames.es: could not connect to host
|
||||
lazerus.net: did not receive HSTS header
|
||||
lbrt.xyz: could not connect to host
|
||||
ldarby.me.uk: could not connect to host
|
||||
leadership9.com: could not connect to host
|
||||
|
@ -2912,6 +2917,7 @@ liaoshuma.com: could not connect to host
|
|||
libanco.com: could not connect to host
|
||||
libertyrp.org: could not connect to host
|
||||
library.linode.com: did not receive HSTS header
|
||||
libraryfreedomproject.org: could not connect to host
|
||||
libreboot.org: did not receive HSTS header
|
||||
librechan.net: could not connect to host
|
||||
libreduca.com: could not connect to host
|
||||
|
@ -2926,8 +2932,8 @@ lifestylehunter.co.uk: did not receive HSTS header
|
|||
lifetimemoneymachine.com: did not receive HSTS header
|
||||
lightarmory.com: could not connect to host
|
||||
lightpaste.com: could not connect to host
|
||||
lighttp.com: did not receive HSTS header
|
||||
lightworx.io: did not receive HSTS header
|
||||
lijero.co: could not connect to host
|
||||
lila.pink: did not receive HSTS header
|
||||
lillpopp.eu: max-age too low: 10
|
||||
lilpwny.com: could not connect to host
|
||||
|
@ -2954,6 +2960,7 @@ linuxforyou.com: could not connect to host
|
|||
linuxgeek.ro: could not connect to host
|
||||
linuxmint.cz: max-age too low: 0
|
||||
linuxmonitoring.net: could not connect to host
|
||||
linuxwebservertips.in: could not connect to host
|
||||
liquorsanthe.in: could not connect to host
|
||||
lisaco.de: could not connect to host
|
||||
listafirmelor.com: could not connect to host
|
||||
|
@ -2971,23 +2978,23 @@ loafbox.com: could not connect to host
|
|||
loansonline.today: could not connect to host
|
||||
localdrive.me: did not receive HSTS header
|
||||
localhorst.xyz: could not connect to host
|
||||
lockpicks.se: did not receive HSTS header
|
||||
locktheirphone.com: could not connect to host
|
||||
locomotive.ca: did not receive HSTS header
|
||||
loftboard.eu: could not connect to host
|
||||
logario.com.br: could not connect to host
|
||||
logcat.info: could not connect to host
|
||||
logicaladvertising.com: could not connect to host
|
||||
login.corp.google.com: max-age too low: 7776000 (error ignored - included regardless)
|
||||
loginseite.com: could not connect to host
|
||||
lognot.net: could not connect to host
|
||||
lolidunno.com: could not connect to host
|
||||
lolmegafroi.de: could not connect to host
|
||||
londonlanguageexchange.com: could not connect to host
|
||||
lonerwolf.com: did not receive HSTS header
|
||||
look-at-my.site: could not connect to host
|
||||
lookasik.eu: did not receive HSTS header
|
||||
lookout.com: did not receive HSTS header
|
||||
lookzook.com: did not receive HSTS header
|
||||
loongsg.xyz: could not connect to host
|
||||
lostg.com: could not connect to host
|
||||
lostinsecurity.com: could not connect to host
|
||||
lostinweb.eu: could not connect to host
|
||||
|
@ -3017,6 +3024,8 @@ ludwiggrill.de: did not receive HSTS header
|
|||
lufthansaexperts.com: max-age too low: 2592000
|
||||
luine.xyz: max-age too low: 0
|
||||
luis-checa.com: could not connect to host
|
||||
lukas-schauer.de: could not connect to host
|
||||
lukas2511.de: could not connect to host
|
||||
lukonet.com: did not receive HSTS header
|
||||
luludapomerania.com: could not connect to host
|
||||
lumd.me: could not connect to host
|
||||
|
@ -3024,7 +3033,6 @@ lumi.do: did not receive HSTS header
|
|||
lunarift.com: could not connect to host
|
||||
lunarrift.net: could not connect to host
|
||||
luneta.nearbuysystems.com: could not connect to host
|
||||
lunix.io: did not receive HSTS header
|
||||
luno.io: could not connect to host
|
||||
luody.info: could not connect to host
|
||||
luoe.ml: could not connect to host
|
||||
|
@ -3058,7 +3066,6 @@ madars.org: did not receive HSTS header
|
|||
maddin.ga: could not connect to host
|
||||
madebymagnitude.com: did not receive HSTS header
|
||||
maderwin.com: did not receive HSTS header
|
||||
madreacqua.org: could not connect to host
|
||||
mae-berlinistanbul.com: could not connect to host
|
||||
mafamane.com: could not connect to host
|
||||
mafiareturns.com: max-age too low: 2592000
|
||||
|
@ -3106,6 +3113,7 @@ marie-elisabeth.dk: did not receive HSTS header
|
|||
marie-en-provence.com: did not receive HSTS header
|
||||
markaconnor.com: could not connect to host
|
||||
markayapilandirma.com: could not connect to host
|
||||
markcp.me: did not receive HSTS header
|
||||
market.android.com: did not receive HSTS header (error ignored - included regardless)
|
||||
markrego.com: could not connect to host
|
||||
marksill.com: could not connect to host
|
||||
|
@ -3114,6 +3122,7 @@ markus-dev.com: did not receive HSTS header
|
|||
markusweimar.de: did not receive HSTS header
|
||||
marleyresort.com: did not receive HSTS header
|
||||
marshut.net: could not connect to host
|
||||
martialc.be: could not connect to host
|
||||
martiert.com: could not connect to host
|
||||
martijnvhoof.nl: could not connect to host
|
||||
martinec.co.uk: could not connect to host
|
||||
|
@ -3200,7 +3209,6 @@ meritz.rocks: could not connect to host
|
|||
merson.me: could not connect to host
|
||||
meshok.ru: did not receive HSTS header
|
||||
mesmoque.com: did not receive HSTS header
|
||||
metachris.com: could not connect to host
|
||||
metagrader.com: could not connect to host
|
||||
metebalci.com: did not receive HSTS header
|
||||
meteosky.net: could not connect to host
|
||||
|
@ -3347,6 +3355,7 @@ motocyklovedily.cz: did not receive HSTS header
|
|||
motoryz.com: max-age too low: 300
|
||||
mottvd.com: could not connect to host
|
||||
moula.com.au: did not receive HSTS header
|
||||
mountainactivitysection.org.uk: max-age too low: 10
|
||||
mountainmusicpromotions.com: did not receive HSTS header
|
||||
moviesabout.net: could not connect to host
|
||||
moy-gorod.od.ua: did not receive HSTS header
|
||||
|
@ -3354,7 +3363,6 @@ moy.cat: did not receive HSTS header
|
|||
mp3juices.is: could not connect to host
|
||||
mpintaamalabanna.it: could not connect to host
|
||||
mqas.net: could not connect to host
|
||||
mrawe.com: could not connect to host
|
||||
mrdani.net: could not connect to host
|
||||
mrettich.org: did not receive HSTS header
|
||||
mrning.com: did not receive HSTS header
|
||||
|
@ -3406,6 +3414,7 @@ myepass.de: could not connect to host
|
|||
mygate.at: could not connect to host
|
||||
mygdut.com: did not receive HSTS header
|
||||
mygov.scot: did not receive HSTS header
|
||||
myimmitracker.com: did not receive HSTS header
|
||||
myiocc.org: could not connect to host
|
||||
mykolab.com: did not receive HSTS header
|
||||
mykreuzfahrt.de: could not connect to host
|
||||
|
@ -3418,7 +3427,6 @@ myphonebox.de: could not connect to host
|
|||
mysecretrewards.com: did not receive HSTS header
|
||||
mystery-science-theater-3000.de: did not receive HSTS header
|
||||
mythlogic.com: did not receive HSTS header
|
||||
mythslegendscollection.com: did not receive HSTS header
|
||||
myweb360.de: did not receive HSTS header
|
||||
myzone.com: did not receive HSTS header
|
||||
n-rickroll-e.pw: could not connect to host
|
||||
|
@ -3486,6 +3494,7 @@ nephos.xyz: did not receive HSTS header
|
|||
nepustil.net: did not receive HSTS header
|
||||
neris.io: could not connect to host
|
||||
nestedquotes.ca: could not connect to host
|
||||
neswec.org.uk: max-age too low: 10
|
||||
netba.net: could not connect to host
|
||||
netbox.cc: could not connect to host
|
||||
netherwind.eu: did not receive HSTS header
|
||||
|
@ -3633,7 +3642,7 @@ nystart.no: did not receive HSTS header
|
|||
nz.search.yahoo.com: max-age too low: 172800
|
||||
nzb.cat: did not receive HSTS header
|
||||
nzbs.io: could not connect to host
|
||||
nzquakes.maori.nz: could not connect to host
|
||||
nzquakes.maori.nz: did not receive HSTS header
|
||||
o-rickroll-y.pw: could not connect to host
|
||||
o0o.one: could not connect to host
|
||||
oasis.mobi: did not receive HSTS header
|
||||
|
@ -3663,6 +3672,7 @@ oldchaphome.nl: did not receive HSTS header
|
|||
oldoakflorist.com: could not connect to host
|
||||
oliverdunk.com: did not receive HSTS header
|
||||
ollehbizev.co.kr: could not connect to host
|
||||
olygazoo.com: could not connect to host
|
||||
omacostudio.com: could not connect to host
|
||||
omgaanmetidealen.com: could not connect to host
|
||||
ominto.com: max-age too low: 0
|
||||
|
@ -3777,7 +3787,7 @@ oxynux.fr: could not connect to host
|
|||
oyste.in: could not connect to host
|
||||
p-rickroll-o.pw: could not connect to host
|
||||
p.linode.com: could not connect to host
|
||||
p3in.com: did not receive HSTS header
|
||||
p3in.com: could not connect to host
|
||||
p8r.de: could not connect to host
|
||||
pa.search.yahoo.com: did not receive HSTS header
|
||||
pablocamino.tk: could not connect to host
|
||||
|
@ -3814,7 +3824,6 @@ parentmail.co.uk: did not receive HSTS header
|
|||
parithy.net: could not connect to host
|
||||
parkingplus.co.il: could not connect to host
|
||||
parkrocker.com: did not receive HSTS header
|
||||
parodybit.net: could not connect to host
|
||||
parpaing-paillette.net: could not connect to host
|
||||
particonpsplus.it: did not receive HSTS header
|
||||
partijtjevoordevrijheid.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: /builds/slave/m-cen-l64-periodicupdate-00000/getHSTSPreloadList.js :: processStsHeader :: line 118" data: no]
|
||||
|
@ -3844,6 +3853,7 @@ paul-kerebel.pro: could not connect to host
|
|||
pauladamsmith.com: could not connect to host
|
||||
paulchen.at: could not connect to host
|
||||
paulewen.ca: could not connect to host
|
||||
paulproell.at: could not connect to host
|
||||
paulyang.cn: did not receive HSTS header
|
||||
pavelfojt.cz: did not receive HSTS header
|
||||
paxwinkel.nl: did not receive HSTS header
|
||||
|
@ -3951,6 +3961,7 @@ playflick.com: did not receive HSTS header
|
|||
playmaker.io: could not connect to host
|
||||
playmyplay.com: did not receive HSTS header
|
||||
playnation.io: could not connect to host
|
||||
playsharp.com: could not connect to host
|
||||
please-deny.me: did not receive HSTS header
|
||||
pleasure.forsale: could not connect to host
|
||||
pleier-it.de: did not receive HSTS header
|
||||
|
@ -4002,6 +4013,7 @@ potsky.com: did not receive HSTS header
|
|||
poussinooz.fr: could not connect to host
|
||||
povitria.net: could not connect to host
|
||||
power99press.com: did not receive HSTS header
|
||||
poweroff.win: could not connect to host
|
||||
powerplannerapp.com: did not receive HSTS header
|
||||
powershift.ne.jp: did not receive HSTS header
|
||||
powerxequality.com: could not connect to host
|
||||
|
@ -4041,6 +4053,7 @@ progblog.net: could not connect to host
|
|||
progg.no: could not connect to host
|
||||
progress-technologies.com: could not connect to host
|
||||
prohostonline.fi: could not connect to host
|
||||
proitconsulting.com.au: could not connect to host
|
||||
project-sparks.eu: did not receive HSTS header
|
||||
projectmercury.space: could not connect to host
|
||||
promecon-gmbh.de: did not receive HSTS header
|
||||
|
@ -4049,7 +4062,6 @@ prontolight.com: did not receive HSTS header
|
|||
prontomovers.co.uk: could not connect to host
|
||||
propactrading.com: could not connect to host
|
||||
property-catalogue.eu: did not receive HSTS header
|
||||
proposalonline.com: did not receive HSTS header
|
||||
prosocialmachines.com: could not connect to host
|
||||
prosoft.sk: did not receive HSTS header
|
||||
prosperident.com: did not receive HSTS header
|
||||
|
@ -4096,6 +4108,7 @@ qccqld.org.au: could not connect to host
|
|||
qingpat.com: could not connect to host
|
||||
qingxuan.info: max-age too low: 864000
|
||||
qinxi1992.com: could not connect to host
|
||||
qirinus.com: could not connect to host
|
||||
qldconservation.org: could not connect to host
|
||||
qonqa.de: did not receive HSTS header
|
||||
qop.io: could not connect to host
|
||||
|
@ -4112,7 +4125,7 @@ quantenteranik.eu: could not connect to host
|
|||
quantum-cloud.xyz: could not connect to host
|
||||
quantumcourse.org: did not receive HSTS header
|
||||
quebecmailbox.com: could not connect to host
|
||||
queercoders.com: could not connect to host
|
||||
queercoders.com: did not receive HSTS header
|
||||
queryplayground.com: could not connect to host
|
||||
questsandrewards.com: could not connect to host
|
||||
quizmemes.org: could not connect to host
|
||||
|
@ -4129,6 +4142,7 @@ r3bl.me: did not receive HSTS header
|
|||
ra-schaal.de: could not connect to host
|
||||
raajheshkannaa.com: could not connect to host
|
||||
radicaleducation.net: could not connect to host
|
||||
radtke.bayern: could not connect to host
|
||||
rafaelcz.de: could not connect to host
|
||||
railjob.cn: could not connect to host
|
||||
rainbowbarracuda.com: could not connect to host
|
||||
|
@ -4198,6 +4212,7 @@ regenbogenwald.de: did not receive HSTS header
|
|||
regenerescence.com: did not receive HSTS header
|
||||
reggae-cdmx.com: did not receive HSTS header
|
||||
reic.me: could not connect to host
|
||||
reichl-online.net: could not connect to host
|
||||
reinaldudras.ee: did not receive HSTS header
|
||||
reisyukaku.org: did not receive HSTS header
|
||||
rejo.in: could not connect to host
|
||||
|
@ -4269,8 +4284,10 @@ rme.li: did not receive HSTS header
|
|||
rngmeme.com: could not connect to host
|
||||
roadfeast.com: could not connect to host
|
||||
roan24.pl: did not receive HSTS header
|
||||
robandjanine.com: could not connect to host
|
||||
robertglastra.com: could not connect to host
|
||||
robigalia.org: did not receive HSTS header
|
||||
robspc.repair: could not connect to host
|
||||
robteix.com: did not receive HSTS header
|
||||
robtex.net: did not receive HSTS header
|
||||
robtex.org: did not receive HSTS header
|
||||
|
@ -4296,6 +4313,7 @@ rootforum.org: did not receive HSTS header
|
|||
rootservice.org: did not receive HSTS header
|
||||
rootwpn.com: could not connect to host
|
||||
rop.io: could not connect to host
|
||||
roseitsolutions.co.uk: max-age too low: 10
|
||||
rossen.be: did not receive HSTS header
|
||||
rosslug.org.uk: could not connect to host
|
||||
rough.nu: could not connect to host
|
||||
|
@ -4337,6 +4355,7 @@ rx-contact.com: did not receive HSTS header
|
|||
rxprep.com: did not receive HSTS header
|
||||
rxv.cc: could not connect to host
|
||||
ryanteck.uk: did not receive HSTS header
|
||||
rylin.net: did not receive HSTS header
|
||||
s-rickroll-p.pw: could not connect to host
|
||||
s.how: did not receive HSTS header
|
||||
safelist.eu: did not receive HSTS header
|
||||
|
@ -4393,6 +4412,7 @@ sby.de: did not receive HSTS header
|
|||
sc4le.com: could not connect to host
|
||||
scannabi.com: could not connect to host
|
||||
schadegarant.net: could not connect to host
|
||||
schauer.so: could not connect to host
|
||||
schnapke.name: could not connect to host
|
||||
schnell-gold.com: could not connect to host
|
||||
schooltrends.co.uk: did not receive HSTS header
|
||||
|
@ -4428,6 +4448,7 @@ scrion.com: could not connect to host
|
|||
script.google.com: did not receive HSTS header (error ignored - included regardless)
|
||||
scriptenforcer.net: could not connect to host
|
||||
scriptict.nl: could not connect to host
|
||||
sculpture.support: did not receive HSTS header
|
||||
sdmoscow.ru: could not connect to host
|
||||
sdrobs.com: did not receive HSTS header
|
||||
sdsl-speedtest.de: could not connect to host
|
||||
|
@ -4465,6 +4486,7 @@ sehenderson.com: did not receive HSTS header
|
|||
seiko-dojo.com: could not connect to host
|
||||
selecadm.name: could not connect to host
|
||||
selectruckscalltrackingreports.com: could not connect to host
|
||||
self-evident.org: could not connect to host
|
||||
selfcarecentral.com: did not receive HSTS header
|
||||
selfie-france.fr: could not connect to host
|
||||
selldorado.com: could not connect to host
|
||||
|
@ -4544,6 +4566,7 @@ siddhant.me: did not receive HSTS header
|
|||
siebens.net: could not connect to host
|
||||
sifls.com: could not connect to host
|
||||
sig6.org: could not connect to host
|
||||
sijimi.cn: could not connect to host
|
||||
sijmenschoon.nl: did not receive HSTS header
|
||||
silaslova-ekb.ru: could not connect to host
|
||||
silentcircle.com: did not receive HSTS header
|
||||
|
@ -4569,7 +4592,6 @@ simply-premium.com: did not receive HSTS header
|
|||
sin30.net: could not connect to host
|
||||
sincron.org: could not connect to host
|
||||
sinful.pw: could not connect to host
|
||||
sinfulforums.net: could not connect to host
|
||||
singul4rity.com: could not connect to host
|
||||
sinosky.org: did not receive HSTS header
|
||||
siriad.com: could not connect to host
|
||||
|
@ -4580,7 +4602,6 @@ siterip.org: could not connect to host
|
|||
sites.google.com: did not receive HSTS header (error ignored - included regardless)
|
||||
sitesten.com: did not receive HSTS header
|
||||
sixtwentyten.com: did not receive HSTS header
|
||||
skalender.ch: could not connect to host
|
||||
skhosting.eu: max-age too low: 0
|
||||
ski-insurance.com.au: did not receive HSTS header
|
||||
skidstresser.com: did not receive HSTS header
|
||||
|
@ -4588,10 +4609,10 @@ skile.ru: could not connect to host
|
|||
skk.io: could not connect to host
|
||||
skoda-clever-lead.de: could not connect to host
|
||||
skolem.de: could not connect to host
|
||||
skotty.io: did not receive HSTS header
|
||||
skullhouse.nyc: did not receive HSTS header
|
||||
skyflix.me: could not connect to host
|
||||
skyoy.com: did not receive HSTS header
|
||||
slangbellor.com: did not receive HSTS header
|
||||
slash-dev.de: did not receive HSTS header
|
||||
slashand.co: did not receive HSTS header
|
||||
slashem.me: did not receive HSTS header
|
||||
|
@ -4657,8 +4678,7 @@ solsystems.ru: could not connect to host
|
|||
someshit.xyz: could not connect to host
|
||||
somethingnew.xyz: could not connect to host
|
||||
sonic.network: did not receive HSTS header
|
||||
sonicrainboom.rocks: did not receive HSTS header
|
||||
sonyunlock.nu: did not receive HSTS header
|
||||
sonicrainboom.rocks: could not connect to host
|
||||
soobi.org: did not receive HSTS header
|
||||
soondy.com: did not receive HSTS header
|
||||
sosaka.ml: could not connect to host
|
||||
|
@ -4699,11 +4719,11 @@ spiet.nl: could not connect to host
|
|||
spikeykc.me: did not receive HSTS header
|
||||
spillmaker.no: did not receive HSTS header
|
||||
spilsbury.io: could not connect to host
|
||||
spitefultowel.com: could not connect to host
|
||||
spititout.it: could not connect to host
|
||||
spittersberger.recipes: did not receive HSTS header
|
||||
sponsortobias.com: did not receive HSTS header
|
||||
sportchirp-internal.azurewebsites.net: did not receive HSTS header
|
||||
sporthit.ru: could not connect to host
|
||||
sportwette.eu: did not receive HSTS header
|
||||
spot-events.com: could not connect to host
|
||||
spotifyripper.tk: could not connect to host
|
||||
|
@ -4771,7 +4791,6 @@ stewartremodelingadvantage.com: did not receive HSTS header
|
|||
stig.io: did not receive HSTS header
|
||||
stigroom.com: could not connect to host
|
||||
stillblackhat.id: could not connect to host
|
||||
stilmobil.se: did not receive HSTS header
|
||||
stinkytrashhound.com: could not connect to host
|
||||
stirlingpoon.com: did not receive HSTS header
|
||||
stirlingpoon.net: did not receive HSTS header
|
||||
|
@ -4793,6 +4812,7 @@ stqry.com: did not receive HSTS header
|
|||
str0.at: did not receive HSTS header
|
||||
strasweb.fr: did not receive HSTS header
|
||||
strbt.de: could not connect to host
|
||||
stream.pub: did not receive HSTS header
|
||||
streamingeverywhere.com: did not receive HSTS header
|
||||
streamingmagazin.de: could not connect to host
|
||||
streampanel.net: did not receive HSTS header
|
||||
|
@ -4829,6 +4849,7 @@ suksit.com: could not connect to host
|
|||
sumoatm.com: did not receive HSTS header
|
||||
sumoscout.de: did not receive HSTS header
|
||||
suncountrymarine.com: did not receive HSTS header
|
||||
sunflyer.cn: did not receive HSTS header
|
||||
sunnyfruit.ru: did not receive HSTS header
|
||||
sunshinepress.org: could not connect to host
|
||||
sunyanzi.tk: could not connect to host
|
||||
|
@ -4883,6 +4904,7 @@ syriatalk.biz: could not connect to host
|
|||
syriatalk.org: could not connect to host
|
||||
syrocon.ch: could not connect to host
|
||||
sys.tf: could not connect to host
|
||||
sysmike.de: could not connect to host
|
||||
syso.name: could not connect to host
|
||||
systemd.me: could not connect to host
|
||||
szaszm.tk: could not connect to host
|
||||
|
@ -4898,7 +4920,7 @@ tafoma.com: did not receive HSTS header
|
|||
tageau.com: could not connect to host
|
||||
taglondon.org: did not receive HSTS header
|
||||
tailify.com: did not receive HSTS header
|
||||
tails.com.ar: did not receive HSTS header
|
||||
tails.com.ar: could not connect to host
|
||||
tales-of-interia.de: did not receive HSTS header
|
||||
talk.google.com: did not receive HSTS header (error ignored - included regardless)
|
||||
talktwincities.com: could not connect to host
|
||||
|
@ -4941,6 +4963,7 @@ tcp.expert: did not receive HSTS header
|
|||
tcptun.com: could not connect to host
|
||||
teachforcanada.ca: did not receive HSTS header
|
||||
team-teasers.com: could not connect to host
|
||||
teambeoplay.co.uk: did not receive HSTS header
|
||||
teamblueridge.org: could not connect to host
|
||||
teamsocial.co: did not receive HSTS header
|
||||
teamzeus.cz: could not connect to host
|
||||
|
@ -4980,6 +5003,7 @@ terrax.berlin: could not connect to host
|
|||
terrax.info: could not connect to host
|
||||
testandroid.xyz: could not connect to host
|
||||
testnode.xyz: could not connect to host
|
||||
testosterone-complex.com: did not receive HSTS header
|
||||
teulon.eu: could not connect to host
|
||||
texte-zur-taufe.de: did not receive HSTS header
|
||||
texter-linz.at: did not receive HSTS header
|
||||
|
@ -5012,7 +5036,6 @@ thecrochetcottage.net: could not connect to host
|
|||
thediaryofadam.com: did not receive HSTS header
|
||||
theendofzion.com: did not receive HSTS header
|
||||
theescapistswiki.com: could not connect to host
|
||||
theeyeopener.com: did not receive HSTS header
|
||||
thefarbeyond.com: could not connect to host
|
||||
theflowerbasketonline.com: could not connect to host
|
||||
thefootballanalyst.com: did not receive HSTS header
|
||||
|
@ -5029,7 +5052,6 @@ thehonorguard.org: did not receive HSTS header
|
|||
thehoopsarchive.com: could not connect to host
|
||||
theinvisibletrailer.com: could not connect to host
|
||||
thejserver.de: could not connect to host
|
||||
thelinuxspace.com: could not connect to host
|
||||
themarble.co: could not connect to host
|
||||
themicrocapital.com: could not connect to host
|
||||
themoderate.xyz: could not connect to host
|
||||
|
@ -5037,6 +5059,7 @@ thenextstep.events: could not connect to host
|
|||
theodorejones.info: could not connect to host
|
||||
theojones.name: could not connect to host
|
||||
thepartywarehouse.co.uk: did not receive HSTS header
|
||||
thepaymentscompany.com: could not connect to host
|
||||
thepcweb.tk: could not connect to host
|
||||
thepiratebay.al: could not connect to host
|
||||
thepiratebay.poker: could not connect to host
|
||||
|
@ -5046,7 +5069,6 @@ therewill.be: could not connect to host
|
|||
theseed.io: could not connect to host
|
||||
thestack.xyz: could not connect to host
|
||||
thestagchorleywood.co.uk: did not receive HSTS header
|
||||
thestory.ie: could not connect to host
|
||||
theurbanyoga.com: did not receive HSTS header
|
||||
thevintagenews.com: max-age too low: 0
|
||||
thewebfellas.com: did not receive HSTS header
|
||||
|
@ -5062,6 +5084,7 @@ thirty5.net: did not receive HSTS header
|
|||
thisisacompletetest.ga: could not connect to host
|
||||
thisisforager.com: could not connect to host
|
||||
thiswebhost.com: did not receive HSTS header
|
||||
thomascloud.ddns.net: could not connect to host
|
||||
thomaskliszowski.fr: did not receive HSTS header
|
||||
thomasschweizer.net: could not connect to host
|
||||
thorncreek.net: did not receive HSTS header
|
||||
|
@ -5191,7 +5214,7 @@ true.ink: did not receive HSTS header
|
|||
truebred-labradors.com: could not connect to host
|
||||
trunkjunk.co: did not receive HSTS header
|
||||
trusitio.com: did not receive HSTS header
|
||||
trusteecar.com: could not connect to host
|
||||
trusteecar.com: did not receive HSTS header
|
||||
trustmeimfancy.com: could not connect to host
|
||||
trybind.com: could not connect to host
|
||||
tryoneday.co: did not receive HSTS header
|
||||
|
@ -5246,7 +5269,6 @@ tzappa.net: could not connect to host
|
|||
u-blox.com: max-age too low: 0
|
||||
ua.search.yahoo.com: did not receive HSTS header
|
||||
uadp.pw: could not connect to host
|
||||
uangteman.com: did not receive HSTS header
|
||||
uber.com.au: did not receive HSTS header
|
||||
uberfunction.com: did not receive HSTS header
|
||||
ubicloud.de: could not connect to host
|
||||
|
@ -5261,7 +5283,6 @@ ui8.net: max-age too low: 86400
|
|||
ukas.com: did not receive HSTS header
|
||||
ukdropshipment.co.uk: did not receive HSTS header
|
||||
ukdropshipment.com: did not receive HSTS header
|
||||
ukhas.net: could not connect to host
|
||||
ukk.dk: max-age too low: 0
|
||||
ukrgadget.com: could not connect to host
|
||||
ulabox.cat: did not receive HSTS header
|
||||
|
@ -5337,7 +5358,6 @@ ustr.gov: max-age too low: 86400
|
|||
utilitarianism.net: did not receive HSTS header
|
||||
utleieplassen.no: could not connect to host
|
||||
utopiagalaxy.space: could not connect to host
|
||||
utopianconcept.com: did not receive HSTS header
|
||||
utopianhomespa.com: did not receive HSTS header
|
||||
utumno.ch: could not connect to host
|
||||
utvbloggen.se: max-age too low: 604800
|
||||
|
@ -5440,11 +5460,12 @@ voicesuk.co.uk: did not receive HSTS header
|
|||
voidpay.com: could not connect to host
|
||||
voidpay.net: could not connect to host
|
||||
voidpay.org: could not connect to host
|
||||
volcrado.com: did not receive HSTS header
|
||||
voidptr.eu: could not connect to host
|
||||
volcrado.com: could not connect to host
|
||||
voliere-info.nl: did not receive HSTS header
|
||||
volkden.com: could not connect to host
|
||||
vortexhobbies.com: did not receive HSTS header
|
||||
vosjesweb.nl: did not receive HSTS header
|
||||
vosjesweb.nl: could not connect to host
|
||||
vox.vg: did not receive HSTS header
|
||||
vpl.me: did not receive HSTS header
|
||||
vpn-byen.dk: did not receive HSTS header
|
||||
|
@ -5574,7 +5595,6 @@ willosagiede.com: did not receive HSTS header
|
|||
winaes.com: did not receive HSTS header
|
||||
winclient.cn: could not connect to host
|
||||
windowsphoneblog.it: could not connect to host
|
||||
winebid.com: could not connect to host
|
||||
winecodeavocado.com: could not connect to host
|
||||
winged.io: could not connect to host
|
||||
wingumd.net: could not connect to host
|
||||
|
@ -5587,7 +5607,7 @@ wirc.gr: could not connect to host
|
|||
wireshark.org: did not receive HSTS header
|
||||
wiseloan.com: did not receive HSTS header
|
||||
wishcert.com: could not connect to host
|
||||
witae.com: could not connect to host
|
||||
witae.com: did not receive HSTS header
|
||||
withgoogle.com: did not receive HSTS header (error ignored - included regardless)
|
||||
withmy.beer: could not connect to host
|
||||
withustrading.com: could not connect to host
|
||||
|
@ -5631,7 +5651,6 @@ writeapp.me: did not receive HSTS header
|
|||
wrldevelopment.com: did not receive HSTS header
|
||||
wsscompany.com.ve: could not connect to host
|
||||
wufu.org: did not receive HSTS header
|
||||
wuhengmin.com: did not receive HSTS header
|
||||
wukongmusic.us: did not receive HSTS header
|
||||
wurzelzwerg.net: could not connect to host
|
||||
wusx.club: could not connect to host
|
||||
|
@ -5674,7 +5693,7 @@ xcoop.me: could not connect to host
|
|||
xehoivn.vn: did not receive HSTS header
|
||||
xellos.ga: could not connect to host
|
||||
xellos.ml: could not connect to host
|
||||
xendo.net: did not receive HSTS header
|
||||
xendo.net: could not connect to host
|
||||
xenesisziarovky.sk: could not connect to host
|
||||
xett.com: could not connect to host
|
||||
xf-liam.com: did not receive HSTS header
|
||||
|
@ -5685,6 +5704,7 @@ xiaolvmu.me: could not connect to host
|
|||
xiaoxiao.im: could not connect to host
|
||||
xichuangke.com: could not connect to host
|
||||
ximens.me: did not receive HSTS header
|
||||
xinbiji.cn: did not receive HSTS header
|
||||
xisa.it: could not connect to host
|
||||
xiyu.moe: could not connect to host
|
||||
xmonk.org: could not connect to host
|
||||
|
@ -5708,6 +5728,7 @@ xn--lgb3a8bcpn.ga: could not connect to host
|
|||
xn--lgb3a8bcpn.gq: could not connect to host
|
||||
xn--lgb3a8bcpn.ml: could not connect to host
|
||||
xn--ls8hi7a.tk: could not connect to host
|
||||
xn--lsaupp-iua.se: did not receive HSTS header
|
||||
xn--mgbbh2a9fub.xn--ngbc5azd: could not connect to host
|
||||
xn--neb-tma3u8u.xyz: could not connect to host
|
||||
xn--seelenwchter-mcb.eu: could not connect to host
|
||||
|
@ -5778,7 +5799,7 @@ ypiresia.fr: could not connect to host
|
|||
ytcuber.xyz: could not connect to host
|
||||
yu.gg: did not receive HSTS header
|
||||
yu7.jp: did not receive HSTS header
|
||||
yuan.ga: did not receive HSTS header
|
||||
yuan.ga: could not connect to host
|
||||
yuhen.ru: did not receive HSTS header
|
||||
yuko.moe: could not connect to host
|
||||
yunzhu.li: did not receive HSTS header
|
||||
|
@ -5786,6 +5807,7 @@ yunzhu.org: could not connect to host
|
|||
yutabon.com: could not connect to host
|
||||
yuushou.com: max-age too low: 0
|
||||
yux.io: did not receive HSTS header
|
||||
yvesx.com: could not connect to host
|
||||
ywei.org: could not connect to host
|
||||
yzal.io: did not receive HSTS header
|
||||
z33.ch: did not receive HSTS header
|
||||
|
@ -5853,6 +5875,7 @@ zqhong.com: could not connect to host
|
|||
ztan.tk: could not connect to host
|
||||
ztcaoll222.cn: did not receive HSTS header
|
||||
zubel.it: could not connect to host
|
||||
zulu7.com: could not connect to host
|
||||
zvncloud.com: did not receive HSTS header
|
||||
zwollemagazine.nl: did not receive HSTS header
|
||||
zyf.pw: could not connect to host
|
||||
|
|
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
@ -1 +1 @@
|
|||
fa15eb3ce158
|
||||
236a06d9c3c4
|
||||
|
|
|
@ -26,6 +26,7 @@ apt_packages+=('zlib1g-dev')
|
|||
apt_packages+=('ninja-build')
|
||||
apt_packages+=('gyp')
|
||||
apt_packages+=('mercurial')
|
||||
apt_packages+=('locales')
|
||||
|
||||
# Install packages.
|
||||
apt-get install -y --no-install-recommends ${apt_packages[@]}
|
||||
|
|
|
@ -12,6 +12,7 @@ apt_packages=()
|
|||
apt_packages+=('build-essential')
|
||||
apt_packages+=('ca-certificates')
|
||||
apt_packages+=('curl')
|
||||
apt_packages+=('locales')
|
||||
apt_packages+=('python-dev')
|
||||
apt_packages+=('python-pip')
|
||||
apt_packages+=('python-setuptools')
|
||||
|
|
|
@ -12,6 +12,7 @@ apt-get install -y --no-install-recommends apt-utils
|
|||
apt_packages=()
|
||||
apt_packages+=('ca-certificates')
|
||||
apt_packages+=('curl')
|
||||
apt_packages+=('locales')
|
||||
apt_packages+=('xz-utils')
|
||||
|
||||
# Latest Mercurial.
|
||||
|
|
|
@ -7,7 +7,7 @@ export DEBIAN_FRONTEND=noninteractive
|
|||
apt-get -y update && apt-get -y upgrade
|
||||
|
||||
# Need those to install newer packages below.
|
||||
apt-get install -y --no-install-recommends apt-utils curl ca-certificates
|
||||
apt-get install -y --no-install-recommends apt-utils curl ca-certificates locales
|
||||
|
||||
# Latest Mercurial.
|
||||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
|
||||
|
|
|
@ -17,6 +17,7 @@ apt_packages+=('git')
|
|||
apt_packages+=('gyp')
|
||||
apt_packages+=('libssl-dev')
|
||||
apt_packages+=('libxml2-utils')
|
||||
apt_packages+=('locales')
|
||||
apt_packages+=('ninja-build')
|
||||
apt_packages+=('pkg-config')
|
||||
apt_packages+=('zlib1g-dev')
|
||||
|
@ -37,7 +38,6 @@ git -C clang-tmp/clang checkout HEAD scripts/update.py
|
|||
clang-tmp/clang/scripts/update.py
|
||||
rm -fr clang-tmp
|
||||
|
||||
# Generate locales.
|
||||
locale-gen en_US.UTF-8
|
||||
dpkg-reconfigure locales
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@ apt_packages+=('npm')
|
|||
apt_packages+=('git')
|
||||
apt_packages+=('golang-1.6')
|
||||
apt_packages+=('libxml2-utils')
|
||||
apt_packages+=('locales')
|
||||
apt_packages+=('ninja-build')
|
||||
apt_packages+=('pkg-config')
|
||||
apt_packages+=('zlib1g-dev')
|
||||
|
|
|
@ -34,14 +34,8 @@ queue.filter(task => {
|
|||
return false;
|
||||
}
|
||||
|
||||
// Remove extra builds w/o libpkix for non-linux64-debug.
|
||||
if (task.symbol == "noLibpkix" &&
|
||||
(task.platform != "linux64" || task.collection != "debug")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Make modular builds only on Linux x64.
|
||||
if (task.symbol == "modular" && task.platform != "linux64") {
|
||||
// Make modular builds only on Linux make.
|
||||
if (task.symbol == "modular" && task.collection != "make") {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -58,9 +52,29 @@ queue.filter(task => {
|
|||
}
|
||||
}
|
||||
|
||||
// GYP builds with -Ddisable_libpkix=1 by default.
|
||||
if ((task.collection == "gyp" || task.collection == "asan"
|
||||
|| task.platform == "aarch64") && task.tests == "chains") {
|
||||
// Only old make builds have -Ddisable_libpkix=0 and can run chain tests.
|
||||
if (task.tests == "chains" && task.collection != "make" &&
|
||||
task.platform != "windows2012-64") {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (task.group == "Test") {
|
||||
// Don't run test builds on old make platforms
|
||||
if (task.collection == "make") {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Disable mpi tests for now on 32-bit builds (bug 1362392)
|
||||
if (task.platform == "linux32") {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Don't run additional hardware tests on ARM (we don't have anything there).
|
||||
if (task.group == "Cipher" && task.platform == "aarch64" && task.env &&
|
||||
(task.env.NSS_DISABLE_PCLMUL == "1" || task.env.NSS_DISABLE_HW_AES == "1"
|
||||
|| task.env.NSS_DISABLE_AVX == "1")) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -87,47 +101,51 @@ queue.map(task => {
|
|||
|
||||
export default async function main() {
|
||||
await scheduleLinux("Linux 32 (opt)", {
|
||||
env: {BUILD_OPT: "1"},
|
||||
platform: "linux32",
|
||||
image: LINUX_IMAGE
|
||||
});
|
||||
}, "-m32 --opt");
|
||||
|
||||
await scheduleLinux("Linux 32 (debug)", {
|
||||
platform: "linux32",
|
||||
collection: "debug",
|
||||
image: LINUX_IMAGE
|
||||
});
|
||||
}, "-m32");
|
||||
|
||||
await scheduleLinux("Linux 64 (opt)", {
|
||||
env: {USE_64: "1", BUILD_OPT: "1"},
|
||||
platform: "linux64",
|
||||
image: LINUX_IMAGE
|
||||
});
|
||||
}, "--opt");
|
||||
|
||||
await scheduleLinux("Linux 64 (debug)", {
|
||||
env: {USE_64: "1"},
|
||||
platform: "linux64",
|
||||
collection: "debug",
|
||||
image: LINUX_IMAGE
|
||||
});
|
||||
|
||||
await scheduleLinux("Linux 64 (debug, gyp)", {
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh"
|
||||
],
|
||||
await scheduleLinux("Linux 64 (debug, make)", {
|
||||
env: {USE_64: "1"},
|
||||
platform: "linux64",
|
||||
collection: "gyp",
|
||||
image: LINUX_IMAGE
|
||||
image: LINUX_IMAGE,
|
||||
collection: "make",
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
|
||||
],
|
||||
});
|
||||
|
||||
await scheduleLinux("Linux 64 (GYP, ASan, debug)", {
|
||||
await scheduleLinux("Linux 32 (debug, make)", {
|
||||
platform: "linux32",
|
||||
image: LINUX_IMAGE,
|
||||
collection: "make",
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh -g -v --ubsan --asan"
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
|
||||
],
|
||||
});
|
||||
|
||||
await scheduleLinux("Linux 64 (ASan, debug)", {
|
||||
env: {
|
||||
UBSAN_OPTIONS: "print_stacktrace=1",
|
||||
NSS_DISABLE_ARENA_FREE_LIST: "1",
|
||||
|
@ -139,7 +157,7 @@ export default async function main() {
|
|||
collection: "asan",
|
||||
image: LINUX_IMAGE,
|
||||
features: ["allowPtrace"],
|
||||
});
|
||||
}, "--ubsan --asan");
|
||||
|
||||
await scheduleWindows("Windows 2012 64 (opt)", {
|
||||
env: {BUILD_OPT: "1"}
|
||||
|
@ -151,8 +169,6 @@ export default async function main() {
|
|||
|
||||
await scheduleFuzzing();
|
||||
|
||||
await scheduleTestBuilds();
|
||||
|
||||
await scheduleTools();
|
||||
|
||||
let aarch64_base = {
|
||||
|
@ -188,13 +204,13 @@ export default async function main() {
|
|||
|
||||
/*****************************************************************************/
|
||||
|
||||
async function scheduleLinux(name, base) {
|
||||
async function scheduleLinux(name, base, args = "") {
|
||||
// Build base definition.
|
||||
let build_base = merge({
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh"
|
||||
"bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh " + args
|
||||
],
|
||||
artifacts: {
|
||||
public: {
|
||||
|
@ -260,18 +276,19 @@ async function scheduleLinux(name, base) {
|
|||
symbol: "gcc-6.1"
|
||||
}));
|
||||
|
||||
queue.scheduleTask(merge(extra_base, {
|
||||
name: `${name} w/ NSS_DISABLE_LIBPKIX=1`,
|
||||
env: {NSS_DISABLE_LIBPKIX: "1"},
|
||||
symbol: "noLibpkix"
|
||||
}));
|
||||
|
||||
queue.scheduleTask(merge(extra_base, {
|
||||
name: `${name} w/ modular builds`,
|
||||
env: {NSS_BUILD_MODULAR: "1"},
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh",
|
||||
],
|
||||
symbol: "modular"
|
||||
}));
|
||||
|
||||
await scheduleTestBuilds(merge(base, {group: "Test"}), args);
|
||||
|
||||
return queue.submit();
|
||||
}
|
||||
|
||||
|
@ -400,21 +417,14 @@ async function scheduleFuzzing() {
|
|||
|
||||
/*****************************************************************************/
|
||||
|
||||
async function scheduleTestBuilds() {
|
||||
let base = {
|
||||
platform: "linux64",
|
||||
collection: "gyp",
|
||||
group: "Test",
|
||||
image: LINUX_IMAGE
|
||||
};
|
||||
|
||||
async function scheduleTestBuilds(base, args = "") {
|
||||
// Build base definition.
|
||||
let build = merge({
|
||||
command: [
|
||||
"/bin/bash",
|
||||
"-c",
|
||||
"bin/checkout.sh && " +
|
||||
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --test --ct-verif"
|
||||
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --test --ct-verif " + args
|
||||
],
|
||||
artifacts: {
|
||||
public: {
|
||||
|
@ -425,7 +435,7 @@ async function scheduleTestBuilds() {
|
|||
},
|
||||
kind: "build",
|
||||
symbol: "B",
|
||||
name: "Linux 64 (debug, gyp, test)"
|
||||
name: "Linux 64 (debug, test)"
|
||||
}, base);
|
||||
|
||||
// The task that builds NSPR+NSS.
|
||||
|
@ -529,7 +539,19 @@ function scheduleTests(task_build, task_cert, test_base) {
|
|||
name: "Chains tests", symbol: "Chains", tests: "chains"
|
||||
}));
|
||||
queue.scheduleTask(merge(no_cert_base, {
|
||||
name: "Cipher tests", symbol: "Cipher", tests: "cipher"
|
||||
name: "Cipher tests", symbol: "Default", tests: "cipher", group: "Cipher"
|
||||
}));
|
||||
queue.scheduleTask(merge(no_cert_base, {
|
||||
name: "Cipher tests", symbol: "NoAESNI", tests: "cipher",
|
||||
env: {NSS_DISABLE_HW_AES: "1"}, group: "Cipher"
|
||||
}));
|
||||
queue.scheduleTask(merge(no_cert_base, {
|
||||
name: "Cipher tests", symbol: "NoPCLMUL", tests: "cipher",
|
||||
env: {NSS_DISABLE_PCLMUL: "1"}, group: "Cipher"
|
||||
}));
|
||||
queue.scheduleTask(merge(no_cert_base, {
|
||||
name: "Cipher tests", symbol: "NoAVX", tests: "cipher",
|
||||
env: {NSS_DISABLE_AVX: "1"}, group: "Cipher"
|
||||
}));
|
||||
queue.scheduleTask(merge(no_cert_base, {
|
||||
name: "EC tests", symbol: "EC", tests: "ec"
|
||||
|
|
|
@ -23,7 +23,7 @@ function parseOptions(opts) {
|
|||
|
||||
// Parse platforms.
|
||||
let allPlatforms = ["linux", "linux64", "linux64-asan", "win64",
|
||||
"linux64-gyp", "linux64-fuzz", "aarch64"];
|
||||
"linux64-make", "linux-make", "linux64-fuzz", "aarch64"];
|
||||
let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
|
||||
|
||||
// If the given value is nonsense or "none" default to all platforms.
|
||||
|
@ -82,11 +82,10 @@ function filter(opts) {
|
|||
// Filter unit tests.
|
||||
if (task.tests) {
|
||||
let found = opts.unittests.some(test => {
|
||||
// TODO: think of something more intelligent here.
|
||||
if (task.symbol.toLowerCase().startsWith("mpi") && test == "mpi") {
|
||||
if (task.group && task.group.toLowerCase() == "ssl" && test == "ssl") {
|
||||
return true;
|
||||
}
|
||||
return (task.group || task.symbol).toLowerCase().startsWith(test);
|
||||
return task.symbol.toLowerCase().startsWith(test);
|
||||
});
|
||||
|
||||
if (!found) {
|
||||
|
@ -107,7 +106,8 @@ function filter(opts) {
|
|||
"linux": "linux32",
|
||||
"linux64-asan": "linux64",
|
||||
"linux64-fuzz": "linux64",
|
||||
"linux64-gyp": "linux64",
|
||||
"linux64-make": "linux64",
|
||||
"linux-make": "linux32",
|
||||
"win64": "windows2012-64"
|
||||
};
|
||||
|
||||
|
@ -117,8 +117,8 @@ function filter(opts) {
|
|||
// Additional checks.
|
||||
if (platform == "linux64-asan") {
|
||||
keep &= coll("asan");
|
||||
} else if (platform == "linux64-gyp") {
|
||||
keep &= coll("gyp");
|
||||
} else if (platform == "linux64-make" || platform == "linux-make") {
|
||||
keep &= coll("make");
|
||||
} else if (platform == "linux64-fuzz") {
|
||||
keep &= coll("fuzz");
|
||||
} else {
|
||||
|
@ -133,7 +133,7 @@ function filter(opts) {
|
|||
}
|
||||
|
||||
// Finally, filter by build type.
|
||||
let isDebug = coll("debug") || coll("asan") || coll("gyp") ||
|
||||
let isDebug = coll("debug") || coll("asan") || coll("make") ||
|
||||
coll("fuzz");
|
||||
return (isDebug && opts.builds.includes("d")) ||
|
||||
(!isDebug && opts.builds.includes("o"));
|
||||
|
|
|
@ -49,6 +49,7 @@ fuzz=0
|
|||
fuzz_tls=0
|
||||
fuzz_oss=0
|
||||
no_local_nspr=0
|
||||
armhf=0
|
||||
|
||||
gyp_params=(--depth="$cwd" --generator-output=".")
|
||||
nspr_params=()
|
||||
|
@ -58,6 +59,8 @@ ninja_params=()
|
|||
arch=$(python "$cwd"/coreconf/detect_host_arch.py)
|
||||
if [ "$arch" = "x64" -o "$arch" = "aarch64" ]; then
|
||||
build_64=1
|
||||
elif [ "$arch" = "arm" ]; then
|
||||
armhf=1
|
||||
fi
|
||||
|
||||
# parse command line arguments
|
||||
|
@ -101,7 +104,7 @@ else
|
|||
fi
|
||||
if [ "$build_64" = 1 ]; then
|
||||
nspr_params+=(--enable-64bit)
|
||||
else
|
||||
elif [ ! "$armhf" = 1 ]; then
|
||||
gyp_params+=(-Dtarget_arch=ia32)
|
||||
fi
|
||||
if [ "$fuzz" = 1 ]; then
|
||||
|
|
|
@ -148,7 +148,7 @@ DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections
|
|||
# against the libsanitizer runtime built into the main executable.
|
||||
ZDEFS_FLAG = -Wl,-z,defs
|
||||
DSO_LDOPTS += $(if $(findstring 2.11.90.0.8,$(shell ld -v)),,$(ZDEFS_FLAG))
|
||||
LDFLAGS += $(ARCHFLAG)
|
||||
LDFLAGS += $(ARCHFLAG) -z noexecstack
|
||||
|
||||
# On Maemo, we need to use the -rpath-link flag for even the standard system
|
||||
# library directories.
|
||||
|
|
|
@ -141,6 +141,52 @@
|
|||
'debug_optimization_level%': '1',
|
||||
},
|
||||
}],
|
||||
[ 'target_arch=="ia32" or target_arch=="x64"', {
|
||||
'defines': [
|
||||
'NSS_X86_OR_X64',
|
||||
],
|
||||
# For Windows.
|
||||
'msvs_settings': {
|
||||
'VCCLCompilerTool': {
|
||||
'PreprocessorDefinitions': [
|
||||
'NSS_X86_OR_X64',
|
||||
],
|
||||
},
|
||||
},
|
||||
}],
|
||||
[ 'target_arch=="ia32"', {
|
||||
'defines': [
|
||||
'NSS_X86',
|
||||
],
|
||||
# For Windows.
|
||||
'msvs_settings': {
|
||||
'VCCLCompilerTool': {
|
||||
'PreprocessorDefinitions': [
|
||||
'NSS_X86',
|
||||
],
|
||||
},
|
||||
},
|
||||
}],
|
||||
[ 'target_arch=="arm64" or target_arch=="aarch64"', {
|
||||
'defines': [
|
||||
'NSS_USE_64',
|
||||
],
|
||||
}],
|
||||
[ 'target_arch=="x64"', {
|
||||
'defines': [
|
||||
'NSS_X64',
|
||||
'NSS_USE_64',
|
||||
],
|
||||
# For Windows.
|
||||
'msvs_settings': {
|
||||
'VCCLCompilerTool': {
|
||||
'PreprocessorDefinitions': [
|
||||
'NSS_X64',
|
||||
'NSS_USE_64',
|
||||
],
|
||||
},
|
||||
},
|
||||
}],
|
||||
],
|
||||
'target_conditions': [
|
||||
# If we want to properly export a static library, and copy it to lib,
|
||||
|
@ -315,6 +361,9 @@
|
|||
'cflags_cc': [
|
||||
'-std=c++0x',
|
||||
],
|
||||
'ldflags': [
|
||||
'-z', 'noexecstack',
|
||||
],
|
||||
'conditions': [
|
||||
[ 'target_arch=="ia32"', {
|
||||
'cflags': ['-m32'],
|
||||
|
|
|
@ -10,4 +10,3 @@
|
|||
*/
|
||||
|
||||
#error "Do not include this header file."
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ class DataBuffer {
|
|||
len_ = len;
|
||||
}
|
||||
|
||||
void Truncate(size_t len) { len_ = std::min(len_, len); }
|
||||
void Truncate(size_t len) { len_ = (std::min)(len_, len); }
|
||||
|
||||
void Assign(const DataBuffer& other) { Assign(other.data(), other.len()); }
|
||||
|
||||
|
@ -126,14 +126,14 @@ class DataBuffer {
|
|||
size_t old_len = len_;
|
||||
|
||||
// The amount of stuff remaining from the tail of the old.
|
||||
size_t tail_len = old_len - std::min(old_len, index + remove);
|
||||
size_t tail_len = old_len - (std::min)(old_len, index + remove);
|
||||
// The new length: the head of the old, the new, and the tail of the old.
|
||||
len_ = index + ins_len + tail_len;
|
||||
data_ = new uint8_t[len_ ? len_ : 1];
|
||||
|
||||
// The head of the old.
|
||||
if (old_value) {
|
||||
Write(0, old_value, std::min(old_len, index));
|
||||
Write(0, old_value, (std::min)(old_len, index));
|
||||
}
|
||||
// Maybe a gap.
|
||||
if (old_value && index > old_len) {
|
||||
|
|
|
@ -17,6 +17,8 @@
|
|||
#endif
|
||||
#include "databuffer.h"
|
||||
|
||||
#include "sslt.h"
|
||||
|
||||
namespace nss_test {
|
||||
|
||||
const uint8_t kTlsChangeCipherSpecType = 20;
|
||||
|
@ -133,6 +135,10 @@ class TlsParser {
|
|||
size_t offset_;
|
||||
};
|
||||
|
||||
inline std::ostream& operator<<(std::ostream& os, SSLProtocolVariant v) {
|
||||
return os << ((v == ssl_variant_stream) ? "TLS" : "DTLS");
|
||||
}
|
||||
|
||||
} // namespace nss_test
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,46 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
LIBFUZZER_REVISION=8837e6cbbc842ab7524b06a2f7360c36add316b3
|
||||
|
||||
d=$(dirname $0)
|
||||
$d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer b96a41ac6bbc3824fc7c7977662bebacac8f0983 $d/../libFuzzer
|
||||
|
||||
# [https://llvm.org/bugs/show_bug.cgi?id=31318]
|
||||
# This prevents a known buffer overrun that won't be fixed as the affected code
|
||||
# will go away in the near future. Until that is we have to patch it as we seem
|
||||
# to constantly run into it.
|
||||
cat <<EOF | patch -p0 -d $d/..
|
||||
diff --git libFuzzer/FuzzerLoop.cpp libFuzzer/FuzzerLoop.cpp
|
||||
--- libFuzzer/FuzzerLoop.cpp
|
||||
+++ libFuzzer/FuzzerLoop.cpp
|
||||
@@ -476,6 +476,9 @@
|
||||
uint8_t dummy;
|
||||
ExecuteCallback(&dummy, 0);
|
||||
|
||||
+ // Number of counters might have changed.
|
||||
+ PrepareCounters(&MaxCoverage);
|
||||
+
|
||||
for (const auto &U : *InitialCorpus) {
|
||||
if (size_t NumFeatures = RunOne(U)) {
|
||||
CheckExitOnSrcPosOrItem();
|
||||
EOF
|
||||
|
||||
# Latest Libfuzzer uses __sanitizer_dump_coverage(), a symbol to be introduced
|
||||
# with LLVM 4.0. To keep our code working with LLVM 3.x to simplify development
|
||||
# of fuzzers we'll just provide it ourselves.
|
||||
cat <<EOF | patch -p0 -d $d/..
|
||||
diff --git libFuzzer/FuzzerTracePC.cpp libFuzzer/FuzzerTracePC.cpp
|
||||
--- libFuzzer/FuzzerTracePC.cpp
|
||||
+++ libFuzzer/FuzzerTracePC.cpp
|
||||
@@ -33,6 +33,12 @@
|
||||
ATTRIBUTE_INTERFACE
|
||||
uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs];
|
||||
|
||||
+#if defined(__clang_major__) && (__clang_major__ == 3)
|
||||
+void __sanitizer_dump_coverage(const uintptr_t *pcs, uintptr_t len) {
|
||||
+ // SanCov in LLVM 4.x will provide this symbol. Make 3.x work.
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
namespace fuzzer {
|
||||
|
||||
TracePC TPC;
|
||||
EOF
|
||||
$d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer $LIBFUZZER_REVISION $d/../libFuzzer
|
||||
|
|
|
@ -265,6 +265,12 @@ class TestAgent {
|
|||
rv = SSL_VersionRangeSet(ssl_fd_, &vrange);
|
||||
if (rv != SECSuccess) return false;
|
||||
|
||||
SSLVersionRange verify_vrange;
|
||||
rv = SSL_VersionRangeGet(ssl_fd_, &verify_vrange);
|
||||
if (rv != SECSuccess) return false;
|
||||
if (vrange.min != verify_vrange.min || vrange.max != verify_vrange.max)
|
||||
return false;
|
||||
|
||||
rv = SSL_OptionSet(ssl_fd_, SSL_NO_CACHE, false);
|
||||
if (rv != SECSuccess) return false;
|
||||
|
||||
|
|
|
@ -39,6 +39,7 @@ CPPSRCS = \
|
|||
ssl_staticrsa_unittest.cc \
|
||||
ssl_v2_client_hello_unittest.cc \
|
||||
ssl_version_unittest.cc \
|
||||
ssl_versionpolicy_unittest.cc \
|
||||
test_io.cc \
|
||||
tls_agent.cc \
|
||||
tls_connect.cc \
|
||||
|
|
|
@ -70,11 +70,7 @@ TEST_P(TlsConnectGenericPre13, DamageServerSignature) {
|
|||
server_->SetTlsRecordFilter(filter);
|
||||
ExpectAlert(client_, kTlsAlertDecryptError);
|
||||
ConnectExpectFail();
|
||||
// TODO(ttaubert@mozilla.com): This is the wrong error code in
|
||||
// 1.1 and below. Bug 1354488.
|
||||
client_->CheckErrorCode(version_ >= SSL_LIBRARY_VERSION_TLS_1_2
|
||||
? SEC_ERROR_BAD_SIGNATURE
|
||||
: SEC_ERROR_PKCS11_DEVICE_ERROR);
|
||||
client_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
|
||||
server_->CheckErrorCode(SSL_ERROR_DECRYPT_ERROR_ALERT);
|
||||
}
|
||||
|
||||
|
@ -117,11 +113,7 @@ TEST_P(TlsConnectGeneric, DamageClientSignature) {
|
|||
? TlsAgent::STATE_CONNECTED
|
||||
: TlsAgent::STATE_CONNECTING,
|
||||
client_->state());
|
||||
// TODO(ttaubert@mozilla.com): This is the wrong error code in
|
||||
// 1.1 and below. Bug 1354488.
|
||||
server_->CheckErrorCode(version_ >= SSL_LIBRARY_VERSION_TLS_1_2
|
||||
? SEC_ERROR_BAD_SIGNATURE
|
||||
: SEC_ERROR_PKCS11_DEVICE_ERROR);
|
||||
server_->CheckErrorCode(SEC_ERROR_BAD_SIGNATURE);
|
||||
}
|
||||
|
||||
} // namespace nspr_test
|
||||
|
|
|
@ -36,6 +36,7 @@
|
|||
'ssl_staticrsa_unittest.cc',
|
||||
'ssl_v2_client_hello_unittest.cc',
|
||||
'ssl_version_unittest.cc',
|
||||
'ssl_versionpolicy_unittest.cc',
|
||||
'test_io.cc',
|
||||
'tls_agent.cc',
|
||||
'tls_connect.cc',
|
||||
|
|
|
@ -0,0 +1,404 @@
|
|||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* vim: set ts=2 et sw=2 tw=80: */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
||||
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "nss.h"
|
||||
#include "secerr.h"
|
||||
#include "ssl.h"
|
||||
#include "ssl3prot.h"
|
||||
#include "sslerr.h"
|
||||
#include "sslproto.h"
|
||||
|
||||
#include "gtest_utils.h"
|
||||
#include "scoped_ptrs.h"
|
||||
#include "tls_connect.h"
|
||||
#include "tls_filter.h"
|
||||
#include "tls_parser.h"
|
||||
|
||||
#include <iostream>
|
||||
|
||||
namespace nss_test {
|
||||
|
||||
std::string GetSSLVersionString(uint16_t v) {
|
||||
switch (v) {
|
||||
case SSL_LIBRARY_VERSION_3_0:
|
||||
return "ssl3";
|
||||
case SSL_LIBRARY_VERSION_TLS_1_0:
|
||||
return "tls1.0";
|
||||
case SSL_LIBRARY_VERSION_TLS_1_1:
|
||||
return "tls1.1";
|
||||
case SSL_LIBRARY_VERSION_TLS_1_2:
|
||||
return "tls1.2";
|
||||
case SSL_LIBRARY_VERSION_TLS_1_3:
|
||||
return "tls1.3";
|
||||
case SSL_LIBRARY_VERSION_NONE:
|
||||
return "NONE";
|
||||
}
|
||||
if (v < SSL_LIBRARY_VERSION_3_0) {
|
||||
return "undefined-too-low";
|
||||
}
|
||||
return "undefined-too-high";
|
||||
}
|
||||
|
||||
inline std::ostream& operator<<(std::ostream& stream,
|
||||
const SSLVersionRange& vr) {
|
||||
return stream << GetSSLVersionString(vr.min) << ","
|
||||
<< GetSSLVersionString(vr.max);
|
||||
}
|
||||
|
||||
class VersionRangeWithLabel {
|
||||
public:
|
||||
VersionRangeWithLabel(const std::string& label, const SSLVersionRange& vr)
|
||||
: label_(label), vr_(vr) {}
|
||||
VersionRangeWithLabel(const std::string& label, uint16_t min, uint16_t max)
|
||||
: label_(label) {
|
||||
vr_.min = min;
|
||||
vr_.max = max;
|
||||
}
|
||||
VersionRangeWithLabel(const std::string& label) : label_(label) {
|
||||
vr_.min = vr_.max = SSL_LIBRARY_VERSION_NONE;
|
||||
}
|
||||
|
||||
void WriteStream(std::ostream& stream) const {
|
||||
stream << " " << label_ << ": " << vr_;
|
||||
}
|
||||
|
||||
uint16_t min() const { return vr_.min; }
|
||||
uint16_t max() const { return vr_.max; }
|
||||
SSLVersionRange range() const { return vr_; }
|
||||
|
||||
private:
|
||||
std::string label_;
|
||||
SSLVersionRange vr_;
|
||||
};
|
||||
|
||||
inline std::ostream& operator<<(std::ostream& stream,
|
||||
const VersionRangeWithLabel& vrwl) {
|
||||
vrwl.WriteStream(stream);
|
||||
return stream;
|
||||
}
|
||||
|
||||
typedef std::tuple<SSLProtocolVariant, // variant
|
||||
uint16_t, // policy min
|
||||
uint16_t, // policy max
|
||||
uint16_t, // input min
|
||||
uint16_t> // input max
|
||||
PolicyVersionRangeInput;
|
||||
|
||||
class TestPolicyVersionRange
|
||||
: public TlsConnectTestBase,
|
||||
public ::testing::WithParamInterface<PolicyVersionRangeInput> {
|
||||
public:
|
||||
TestPolicyVersionRange()
|
||||
: TlsConnectTestBase(((static_cast<SSLProtocolVariant>(
|
||||
std::get<0>(GetParam())) == ssl_variant_stream)
|
||||
? STREAM
|
||||
: DGRAM),
|
||||
0),
|
||||
variant_(static_cast<SSLProtocolVariant>(std::get<0>(GetParam()))),
|
||||
policy_("policy", std::get<1>(GetParam()), std::get<2>(GetParam())),
|
||||
input_("input", std::get<3>(GetParam()), std::get<4>(GetParam())),
|
||||
library_("supported-by-library",
|
||||
((variant_ == ssl_variant_stream)
|
||||
? SSL_LIBRARY_VERSION_MIN_SUPPORTED_STREAM
|
||||
: SSL_LIBRARY_VERSION_MIN_SUPPORTED_DATAGRAM),
|
||||
SSL_LIBRARY_VERSION_MAX_SUPPORTED) {
|
||||
TlsConnectTestBase::SkipVersionChecks();
|
||||
}
|
||||
|
||||
void SetPolicy(const SSLVersionRange& policy) {
|
||||
NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0);
|
||||
|
||||
SECStatus rv;
|
||||
rv = NSS_OptionSet(NSS_TLS_VERSION_MIN_POLICY, policy.min);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionSet(NSS_TLS_VERSION_MAX_POLICY, policy.max);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionSet(NSS_DTLS_VERSION_MIN_POLICY, policy.min);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionSet(NSS_DTLS_VERSION_MAX_POLICY, policy.max);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
}
|
||||
|
||||
void CreateDummySocket(std::shared_ptr<DummyPrSocket>* dummy_socket,
|
||||
ScopedPRFileDesc* ssl_fd) {
|
||||
(*dummy_socket)
|
||||
.reset(new DummyPrSocket(
|
||||
"dummy", (variant_ == ssl_variant_stream) ? STREAM : DGRAM));
|
||||
*ssl_fd = (*dummy_socket)->CreateFD();
|
||||
if (variant_ == ssl_variant_stream) {
|
||||
SSL_ImportFD(nullptr, ssl_fd->get());
|
||||
} else {
|
||||
DTLS_ImportFD(nullptr, ssl_fd->get());
|
||||
}
|
||||
}
|
||||
|
||||
bool GetOverlap(const SSLVersionRange& r1, const SSLVersionRange& r2,
|
||||
SSLVersionRange* overlap) {
|
||||
if (r1.min == SSL_LIBRARY_VERSION_NONE ||
|
||||
r1.max == SSL_LIBRARY_VERSION_NONE ||
|
||||
r2.min == SSL_LIBRARY_VERSION_NONE ||
|
||||
r2.max == SSL_LIBRARY_VERSION_NONE) {
|
||||
return false;
|
||||
}
|
||||
|
||||
SSLVersionRange temp;
|
||||
temp.min = PR_MAX(r1.min, r2.min);
|
||||
temp.max = PR_MIN(r1.max, r2.max);
|
||||
|
||||
if (temp.min > temp.max) {
|
||||
return false;
|
||||
}
|
||||
|
||||
*overlap = temp;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool IsValidInputForVersionRangeSet(SSLVersionRange* expectedEffectiveRange) {
|
||||
if (input_.min() <= SSL_LIBRARY_VERSION_3_0 &&
|
||||
input_.max() >= SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
// This is always invalid input, independent of policy
|
||||
return false;
|
||||
}
|
||||
|
||||
if (input_.min() < library_.min() || input_.max() > library_.max() ||
|
||||
input_.min() > input_.max()) {
|
||||
// Asking for unsupported ranges is invalid input for VersionRangeSet
|
||||
// APIs, regardless of overlap.
|
||||
return false;
|
||||
}
|
||||
|
||||
SSLVersionRange overlap_with_library;
|
||||
if (!GetOverlap(input_.range(), library_.range(), &overlap_with_library)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
SSLVersionRange overlap_with_library_and_policy;
|
||||
if (!GetOverlap(overlap_with_library, policy_.range(),
|
||||
&overlap_with_library_and_policy)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
RemoveConflictingVersions(variant_, &overlap_with_library_and_policy);
|
||||
*expectedEffectiveRange = overlap_with_library_and_policy;
|
||||
return true;
|
||||
}
|
||||
|
||||
void RemoveConflictingVersions(SSLProtocolVariant variant,
|
||||
SSLVersionRange* r) {
|
||||
ASSERT_TRUE(r != nullptr);
|
||||
if (r->max >= SSL_LIBRARY_VERSION_TLS_1_3 &&
|
||||
r->min < SSL_LIBRARY_VERSION_TLS_1_0) {
|
||||
r->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
}
|
||||
}
|
||||
|
||||
void SetUp() {
|
||||
SetPolicy(policy_.range());
|
||||
TlsConnectTestBase::SetUp();
|
||||
}
|
||||
|
||||
void TearDown() {
|
||||
TlsConnectTestBase::TearDown();
|
||||
saved_version_policy_.RestoreOriginalPolicy();
|
||||
}
|
||||
|
||||
protected:
|
||||
class VersionPolicy {
|
||||
public:
|
||||
VersionPolicy() { SaveOriginalPolicy(); }
|
||||
|
||||
void RestoreOriginalPolicy() {
|
||||
SECStatus rv;
|
||||
rv = NSS_OptionSet(NSS_TLS_VERSION_MIN_POLICY, saved_min_tls_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionSet(NSS_TLS_VERSION_MAX_POLICY, saved_max_tls_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionSet(NSS_DTLS_VERSION_MIN_POLICY, saved_min_dtls_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionSet(NSS_DTLS_VERSION_MAX_POLICY, saved_max_dtls_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
// If it wasn't set initially, clear the bit that we set.
|
||||
if (!(saved_algorithm_policy_ & NSS_USE_POLICY_IN_SSL)) {
|
||||
rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, 0,
|
||||
NSS_USE_POLICY_IN_SSL);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
}
|
||||
}
|
||||
|
||||
private:
|
||||
void SaveOriginalPolicy() {
|
||||
SECStatus rv;
|
||||
rv = NSS_OptionGet(NSS_TLS_VERSION_MIN_POLICY, &saved_min_tls_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionGet(NSS_TLS_VERSION_MAX_POLICY, &saved_max_tls_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionGet(NSS_DTLS_VERSION_MIN_POLICY, &saved_min_dtls_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_OptionGet(NSS_DTLS_VERSION_MAX_POLICY, &saved_max_dtls_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY,
|
||||
&saved_algorithm_policy_);
|
||||
ASSERT_EQ(SECSuccess, rv);
|
||||
}
|
||||
|
||||
int32_t saved_min_tls_;
|
||||
int32_t saved_max_tls_;
|
||||
int32_t saved_min_dtls_;
|
||||
int32_t saved_max_dtls_;
|
||||
uint32_t saved_algorithm_policy_;
|
||||
};
|
||||
|
||||
VersionPolicy saved_version_policy_;
|
||||
|
||||
SSLProtocolVariant variant_;
|
||||
const VersionRangeWithLabel policy_;
|
||||
const VersionRangeWithLabel input_;
|
||||
const VersionRangeWithLabel library_;
|
||||
};
|
||||
|
||||
static const uint16_t kExpandedVersionsArr[] = {
|
||||
/* clang-format off */
|
||||
SSL_LIBRARY_VERSION_3_0 - 1,
|
||||
SSL_LIBRARY_VERSION_3_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_0,
|
||||
SSL_LIBRARY_VERSION_TLS_1_1,
|
||||
SSL_LIBRARY_VERSION_TLS_1_2,
|
||||
#ifndef NSS_DISABLE_TLS_1_3
|
||||
SSL_LIBRARY_VERSION_TLS_1_3,
|
||||
#endif
|
||||
SSL_LIBRARY_VERSION_MAX_SUPPORTED + 1
|
||||
/* clang-format on */
|
||||
};
|
||||
static ::testing::internal::ParamGenerator<uint16_t> kExpandedVersions =
|
||||
::testing::ValuesIn(kExpandedVersionsArr);
|
||||
|
||||
static const SSLProtocolVariant kVariantsArr[] = {ssl_variant_stream,
|
||||
ssl_variant_datagram};
|
||||
static ::testing::internal::ParamGenerator<SSLProtocolVariant> kVariants =
|
||||
::testing::ValuesIn(kVariantsArr);
|
||||
|
||||
TEST_P(TestPolicyVersionRange, TestAllTLSVersionsAndPolicyCombinations) {
|
||||
ASSERT_TRUE(variant_ == ssl_variant_stream ||
|
||||
variant_ == ssl_variant_datagram)
|
||||
<< "testing unsupported ssl variant";
|
||||
|
||||
std::cerr << "testing: " << variant_ << policy_ << input_ << library_
|
||||
<< std::endl;
|
||||
|
||||
SSLVersionRange supported_range;
|
||||
SECStatus rv = SSL_VersionRangeGetSupported(variant_, &supported_range);
|
||||
VersionRangeWithLabel supported("SSL_VersionRangeGetSupported",
|
||||
supported_range);
|
||||
|
||||
std::cerr << supported << std::endl;
|
||||
|
||||
std::shared_ptr<DummyPrSocket> dummy_socket;
|
||||
ScopedPRFileDesc ssl_fd;
|
||||
CreateDummySocket(&dummy_socket, &ssl_fd);
|
||||
|
||||
SECStatus rv_socket;
|
||||
SSLVersionRange overlap_policy_and_lib;
|
||||
if (!GetOverlap(policy_.range(), library_.range(), &overlap_policy_and_lib)) {
|
||||
EXPECT_EQ(SECFailure, rv)
|
||||
<< "expected SSL_VersionRangeGetSupported to fail with invalid policy";
|
||||
|
||||
SSLVersionRange enabled_range;
|
||||
rv = SSL_VersionRangeGetDefault(variant_, &enabled_range);
|
||||
EXPECT_EQ(SECFailure, rv)
|
||||
<< "expected SSL_VersionRangeGetDefault to fail with invalid policy";
|
||||
|
||||
SSLVersionRange enabled_range_on_socket;
|
||||
rv_socket = SSL_VersionRangeGet(ssl_fd.get(), &enabled_range_on_socket);
|
||||
EXPECT_EQ(SECFailure, rv_socket)
|
||||
<< "expected SSL_VersionRangeGet to fail with invalid policy";
|
||||
|
||||
ConnectExpectFail();
|
||||
return;
|
||||
}
|
||||
|
||||
EXPECT_EQ(SECSuccess, rv)
|
||||
<< "expected SSL_VersionRangeGetSupported to succeed with valid policy";
|
||||
|
||||
EXPECT_TRUE(supported_range.min != SSL_LIBRARY_VERSION_NONE &&
|
||||
supported_range.max != SSL_LIBRARY_VERSION_NONE)
|
||||
<< "expected SSL_VersionRangeGetSupported to return real values with "
|
||||
"valid policy";
|
||||
|
||||
RemoveConflictingVersions(variant_, &overlap_policy_and_lib);
|
||||
VersionRangeWithLabel overlap_info("overlap", overlap_policy_and_lib);
|
||||
|
||||
EXPECT_TRUE(supported_range == overlap_policy_and_lib)
|
||||
<< "expected range from GetSupported to be identical with calculated "
|
||||
"overlap "
|
||||
<< overlap_info;
|
||||
|
||||
// We don't know which versions are "enabled by default" by the library,
|
||||
// therefore we don't know if there's overlap between the default
|
||||
// and the policy, and therefore, we don't if TLS connections should
|
||||
// be successful or fail in this combination.
|
||||
// Therefore we don't test if we can connect, without having configured a
|
||||
// version range explicitly.
|
||||
|
||||
// Now start testing with supplied input.
|
||||
|
||||
SSLVersionRange expected_effective_range;
|
||||
bool is_valid_input =
|
||||
IsValidInputForVersionRangeSet(&expected_effective_range);
|
||||
|
||||
SSLVersionRange temp_input = input_.range();
|
||||
rv = SSL_VersionRangeSetDefault(variant_, &temp_input);
|
||||
rv_socket = SSL_VersionRangeSet(ssl_fd.get(), &temp_input);
|
||||
|
||||
if (!is_valid_input) {
|
||||
EXPECT_EQ(SECFailure, rv)
|
||||
<< "expected failure return from SSL_VersionRangeSetDefault";
|
||||
|
||||
EXPECT_EQ(SECFailure, rv_socket)
|
||||
<< "expected failure return from SSL_VersionRangeSet";
|
||||
return;
|
||||
}
|
||||
|
||||
EXPECT_EQ(SECSuccess, rv)
|
||||
<< "expected successful return from SSL_VersionRangeSetDefault";
|
||||
|
||||
EXPECT_EQ(SECSuccess, rv_socket)
|
||||
<< "expected successful return from SSL_VersionRangeSet";
|
||||
|
||||
SSLVersionRange effective;
|
||||
SSLVersionRange effective_socket;
|
||||
|
||||
rv = SSL_VersionRangeGetDefault(variant_, &effective);
|
||||
EXPECT_EQ(SECSuccess, rv)
|
||||
<< "expected successful return from SSL_VersionRangeGetDefault";
|
||||
|
||||
rv_socket = SSL_VersionRangeGet(ssl_fd.get(), &effective_socket);
|
||||
EXPECT_EQ(SECSuccess, rv_socket)
|
||||
<< "expected successful return from SSL_VersionRangeGet";
|
||||
|
||||
VersionRangeWithLabel expected_info("expectation", expected_effective_range);
|
||||
VersionRangeWithLabel effective_info("effectively-enabled", effective);
|
||||
|
||||
EXPECT_TRUE(expected_effective_range == effective)
|
||||
<< "range returned by SSL_VersionRangeGetDefault doesn't match "
|
||||
"expectation: "
|
||||
<< expected_info << effective_info;
|
||||
|
||||
EXPECT_TRUE(expected_effective_range == effective_socket)
|
||||
<< "range returned by SSL_VersionRangeGet doesn't match "
|
||||
"expectation: "
|
||||
<< expected_info << effective_info;
|
||||
|
||||
// Because we found overlap between policy and supported versions,
|
||||
// and because we have used SetDefault to enable at least one version,
|
||||
// it should be possible to execute an SSL/TLS connection.
|
||||
Connect();
|
||||
}
|
||||
|
||||
INSTANTIATE_TEST_CASE_P(TLSVersionRanges, TestPolicyVersionRange,
|
||||
::testing::Combine(kVariants, kExpandedVersions,
|
||||
kExpandedVersions, kExpandedVersions,
|
||||
kExpandedVersions));
|
||||
} // namespace nss_test
|
|
@ -72,7 +72,8 @@ TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode)
|
|||
handshake_callback_(),
|
||||
auth_certificate_callback_(),
|
||||
sni_callback_(),
|
||||
expect_short_headers_(false) {
|
||||
expect_short_headers_(false),
|
||||
skip_version_checks_(false) {
|
||||
memset(&info_, 0, sizeof(info_));
|
||||
memset(&csinfo_, 0, sizeof(csinfo_));
|
||||
SECStatus rv = SSL_VersionRangeGetDefault(
|
||||
|
@ -165,9 +166,12 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
|
|||
}
|
||||
dummy_fd.release(); // Now subsumed by ssl_fd_.
|
||||
|
||||
SECStatus rv = SSL_VersionRangeSet(ssl_fd(), &vrange_);
|
||||
EXPECT_EQ(SECSuccess, rv);
|
||||
if (rv != SECSuccess) return false;
|
||||
SECStatus rv;
|
||||
if (!skip_version_checks_) {
|
||||
rv = SSL_VersionRangeSet(ssl_fd(), &vrange_);
|
||||
EXPECT_EQ(SECSuccess, rv);
|
||||
if (rv != SECSuccess) return false;
|
||||
}
|
||||
|
||||
if (role_ == SERVER) {
|
||||
EXPECT_TRUE(ConfigServerCert(name_, true));
|
||||
|
@ -435,6 +439,8 @@ void TlsAgent::ExpectReadWriteError() { expect_readwrite_error_ = true; }
|
|||
|
||||
void TlsAgent::ExpectShortHeaders() { expect_short_headers_ = true; }
|
||||
|
||||
void TlsAgent::SkipVersionChecks() { skip_version_checks_ = true; }
|
||||
|
||||
void TlsAgent::SetSignatureSchemes(const SSLSignatureScheme* schemes,
|
||||
size_t count) {
|
||||
EXPECT_TRUE(EnsureTlsSetup());
|
||||
|
|
|
@ -137,6 +137,7 @@ class TlsAgent : public PollTarget {
|
|||
void EnableFalseStart();
|
||||
void ExpectResumption();
|
||||
void ExpectShortHeaders();
|
||||
void SkipVersionChecks();
|
||||
void SetSignatureSchemes(const SSLSignatureScheme* schemes, size_t count);
|
||||
void EnableAlpn(const uint8_t* val, size_t len);
|
||||
void CheckAlpn(SSLNextProtoState expected_state,
|
||||
|
@ -388,6 +389,7 @@ class TlsAgent : public PollTarget {
|
|||
AuthCertificateCallbackFunction auth_certificate_callback_;
|
||||
SniCallbackFunction sni_callback_;
|
||||
bool expect_short_headers_;
|
||||
bool skip_version_checks_;
|
||||
};
|
||||
|
||||
inline std::ostream& operator<<(std::ostream& stream,
|
||||
|
@ -485,6 +487,10 @@ class TlsAgentDgramTestClient : public TlsAgentTestBase {
|
|||
TlsAgentDgramTestClient() : TlsAgentTestBase(TlsAgent::CLIENT, DGRAM) {}
|
||||
};
|
||||
|
||||
inline bool operator==(const SSLVersionRange& vr1, const SSLVersionRange& vr2) {
|
||||
return vr1.min == vr2.min && vr1.max == vr2.max;
|
||||
}
|
||||
|
||||
} // namespace nss_test
|
||||
|
||||
#endif
|
||||
|
|
|
@ -110,7 +110,8 @@ TlsConnectTestBase::TlsConnectTestBase(Mode mode, uint16_t version)
|
|||
expected_resumption_mode_(RESUME_NONE),
|
||||
session_ids_(),
|
||||
expect_extended_master_secret_(false),
|
||||
expect_early_data_accepted_(false) {
|
||||
expect_early_data_accepted_(false),
|
||||
skip_version_checks_(false) {
|
||||
std::string v;
|
||||
if (mode_ == DGRAM && version_ == SSL_LIBRARY_VERSION_TLS_1_1) {
|
||||
v = "1.0";
|
||||
|
@ -209,6 +210,10 @@ void TlsConnectTestBase::Reset(const std::string& server_name,
|
|||
const std::string& client_name) {
|
||||
client_.reset(new TlsAgent(client_name, TlsAgent::CLIENT, mode_));
|
||||
server_.reset(new TlsAgent(server_name, TlsAgent::SERVER, mode_));
|
||||
if (skip_version_checks_) {
|
||||
client_->SkipVersionChecks();
|
||||
server_->SkipVersionChecks();
|
||||
}
|
||||
|
||||
Init();
|
||||
}
|
||||
|
@ -268,10 +273,12 @@ void TlsConnectTestBase::ConnectWithCipherSuite(uint16_t cipher_suite) {
|
|||
}
|
||||
|
||||
void TlsConnectTestBase::CheckConnected() {
|
||||
// Check the version is as expected
|
||||
EXPECT_EQ(client_->version(), server_->version());
|
||||
EXPECT_EQ(std::min(client_->max_version(), server_->max_version()),
|
||||
client_->version());
|
||||
if (!skip_version_checks_) {
|
||||
// Check the version is as expected
|
||||
EXPECT_EQ(std::min(client_->max_version(), server_->max_version()),
|
||||
client_->version());
|
||||
}
|
||||
|
||||
EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
|
||||
EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
|
||||
|
@ -510,6 +517,10 @@ void TlsConnectTestBase::EnsureModelSockets() {
|
|||
new TlsAgent(TlsAgent::kClient, TlsAgent::CLIENT, mode_));
|
||||
server_model_.reset(
|
||||
new TlsAgent(TlsAgent::kServerRsa, TlsAgent::SERVER, mode_));
|
||||
if (skip_version_checks_) {
|
||||
client_model_->SkipVersionChecks();
|
||||
server_model_->SkipVersionChecks();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -635,6 +646,12 @@ void TlsConnectTestBase::DisableECDHEServerKeyReuse() {
|
|||
server_->DisableECDHEServerKeyReuse();
|
||||
}
|
||||
|
||||
void TlsConnectTestBase::SkipVersionChecks() {
|
||||
skip_version_checks_ = true;
|
||||
client_->SkipVersionChecks();
|
||||
server_->SkipVersionChecks();
|
||||
}
|
||||
|
||||
TlsConnectGeneric::TlsConnectGeneric()
|
||||
: TlsConnectTestBase(std::get<0>(GetParam()), std::get<1>(GetParam())) {}
|
||||
|
||||
|
|
|
@ -111,6 +111,7 @@ class TlsConnectTestBase : public ::testing::Test {
|
|||
void ExpectExtendedMasterSecret(bool expected);
|
||||
void ExpectEarlyDataAccepted(bool expected);
|
||||
void DisableECDHEServerKeyReuse();
|
||||
void SkipVersionChecks();
|
||||
|
||||
protected:
|
||||
Mode mode_;
|
||||
|
@ -139,6 +140,7 @@ class TlsConnectTestBase : public ::testing::Test {
|
|||
|
||||
bool expect_extended_master_secret_;
|
||||
bool expect_early_data_accepted_;
|
||||
bool skip_version_checks_;
|
||||
|
||||
// Track groups and make sure that there are no duplicates.
|
||||
class DuplicateGroupChecker {
|
||||
|
|
|
@ -68,11 +68,13 @@ TEST_F(B64EncodeDecodeTest, FakeEncDecTest) {
|
|||
}
|
||||
|
||||
// These takes a while ...
|
||||
TEST_F(B64EncodeDecodeTest, LongFakeDecTest1) {
|
||||
TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeDecTest1) {
|
||||
EXPECT_TRUE(TestFakeDecode(0x66666666));
|
||||
}
|
||||
TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest1) { TestFakeEncode(0x3fffffff); }
|
||||
TEST_F(B64EncodeDecodeTest, LongFakeEncDecTest2) {
|
||||
TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest1) {
|
||||
TestFakeEncode(0x3fffffff);
|
||||
}
|
||||
TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeEncDecTest2) {
|
||||
EXPECT_FALSE(TestFakeEncode(0x40000000));
|
||||
}
|
||||
|
||||
|
|
|
@ -58,4 +58,11 @@ SEC_END_PROTOS
|
|||
|
||||
#undef HAVE_NO_SANITIZE_ATTR
|
||||
|
||||
SECStatus RSA_Init();
|
||||
|
||||
/* Freebl state. */
|
||||
PRBool aesni_support();
|
||||
PRBool clmul_support();
|
||||
PRBool avx_support();
|
||||
|
||||
#endif /* _BLAPII_H_ */
|
||||
|
|
|
@ -0,0 +1,119 @@
|
|||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
#include "blapii.h"
|
||||
#include "mpi.h"
|
||||
#include "secerr.h"
|
||||
#include "prtypes.h"
|
||||
#include "prinit.h"
|
||||
#include "prenv.h"
|
||||
|
||||
#if defined(_MSC_VER) && !defined(_M_IX86)
|
||||
#include <intrin.h> /* for _xgetbv() */
|
||||
#endif
|
||||
|
||||
static PRCallOnceType coFreeblInit;
|
||||
|
||||
/* State variables. */
|
||||
static PRBool aesni_support_ = PR_FALSE;
|
||||
static PRBool clmul_support_ = PR_FALSE;
|
||||
static PRBool avx_support_ = PR_FALSE;
|
||||
|
||||
#ifdef NSS_X86_OR_X64
|
||||
/*
|
||||
* Adapted from the example code in "How to detect New Instruction support in
|
||||
* the 4th generation Intel Core processor family" by Max Locktyukhin.
|
||||
*
|
||||
* XGETBV:
|
||||
* Reads an extended control register (XCR) specified by ECX into EDX:EAX.
|
||||
*/
|
||||
static PRBool
|
||||
check_xcr0_ymm()
|
||||
{
|
||||
PRUint32 xcr0;
|
||||
#if defined(_MSC_VER)
|
||||
#if defined(_M_IX86)
|
||||
__asm {
|
||||
mov ecx, 0
|
||||
xgetbv
|
||||
mov xcr0, eax
|
||||
}
|
||||
#else
|
||||
xcr0 = (PRUint32)_xgetbv(0); /* Requires VS2010 SP1 or later. */
|
||||
#endif /* _M_IX86 */
|
||||
#else /* _MSC_VER */
|
||||
/* Old OSX compilers don't support xgetbv. Use byte form. */
|
||||
__asm__(".byte 0x0F, 0x01, 0xd0"
|
||||
: "=a"(xcr0)
|
||||
: "c"(0)
|
||||
: "%edx");
|
||||
#endif /* _MSC_VER */
|
||||
/* Check if xmm and ymm state are enabled in XCR0. */
|
||||
return (xcr0 & 6) == 6;
|
||||
}
|
||||
|
||||
#define ECX_AESNI (1 << 25)
|
||||
#define ECX_CLMUL (1 << 1)
|
||||
#define ECX_XSAVE (1 << 26)
|
||||
#define ECX_OSXSAVE (1 << 27)
|
||||
#define ECX_AVX (1 << 28)
|
||||
#define AVX_BITS (ECX_XSAVE | ECX_OSXSAVE | ECX_AVX)
|
||||
|
||||
void
|
||||
CheckX86CPUSupport()
|
||||
{
|
||||
unsigned long eax, ebx, ecx, edx;
|
||||
char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
|
||||
char *disable_pclmul = PR_GetEnvSecure("NSS_DISABLE_PCLMUL");
|
||||
char *disable_avx = PR_GetEnvSecure("NSS_DISABLE_AVX");
|
||||
freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
|
||||
aesni_support_ = (PRBool)((ecx & ECX_AESNI) != 0 && disable_hw_aes == NULL);
|
||||
clmul_support_ = (PRBool)((ecx & ECX_CLMUL) != 0 && disable_pclmul == NULL);
|
||||
/* For AVX we check AVX, OSXSAVE, and XSAVE
|
||||
* as well as XMM and YMM state. */
|
||||
avx_support_ = (PRBool)((ecx & AVX_BITS) == AVX_BITS) && check_xcr0_ymm() &&
|
||||
disable_avx == NULL;
|
||||
}
|
||||
#endif /* NSS_X86_OR_X64 */
|
||||
|
||||
PRBool
|
||||
aesni_support()
|
||||
{
|
||||
return aesni_support_;
|
||||
}
|
||||
PRBool
|
||||
clmul_support()
|
||||
{
|
||||
return clmul_support_;
|
||||
}
|
||||
PRBool
|
||||
avx_support()
|
||||
{
|
||||
return avx_support_;
|
||||
}
|
||||
|
||||
static PRStatus
|
||||
FreeblInit(void)
|
||||
{
|
||||
#ifdef NSS_X86_OR_X64
|
||||
CheckX86CPUSupport();
|
||||
#endif
|
||||
return PR_SUCCESS;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
BL_Init()
|
||||
{
|
||||
if (PR_CallOnce(&coFreeblInit, FreeblInit) != PR_SUCCESS) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
return SECFailure;
|
||||
}
|
||||
RSA_Init();
|
||||
|
||||
return SECSuccess;
|
||||
}
|
|
@ -158,8 +158,6 @@
|
|||
'VCCLCompilerTool': {
|
||||
#TODO: -Ox optimize flags
|
||||
'PreprocessorDefinitions': [
|
||||
'NSS_X86_OR_X64',
|
||||
'NSS_X86',
|
||||
'MP_ASSEMBLY_MULTIPLY',
|
||||
'MP_ASSEMBLY_SQUARE',
|
||||
'MP_ASSEMBLY_DIV_2DX1D',
|
||||
|
@ -176,9 +174,6 @@
|
|||
'VCCLCompilerTool': {
|
||||
#TODO: -Ox optimize flags
|
||||
'PreprocessorDefinitions': [
|
||||
'NSS_USE_64',
|
||||
'NSS_X86_OR_X64',
|
||||
'NSS_X64',
|
||||
'MP_IS_LITTLE_ENDIAN',
|
||||
'NSS_BEVAND_ARCFOUR',
|
||||
'MPI_AMD64',
|
||||
|
@ -192,11 +187,8 @@
|
|||
}],
|
||||
[ 'OS!="win"', {
|
||||
'conditions': [
|
||||
[ 'target_arch=="x64"', {
|
||||
[ 'target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', {
|
||||
'defines': [
|
||||
'NSS_USE_64',
|
||||
'NSS_X86_OR_X64',
|
||||
'NSS_X64',
|
||||
# The Makefile does version-tests on GCC, but we're not doing that here.
|
||||
'HAVE_INT128_SUPPORT',
|
||||
],
|
||||
|
@ -205,12 +197,6 @@
|
|||
'ecl/uint128.c',
|
||||
],
|
||||
}],
|
||||
[ 'target_arch=="ia32"', {
|
||||
'defines': [
|
||||
'NSS_X86_OR_X64',
|
||||
'NSS_X86',
|
||||
],
|
||||
}],
|
||||
],
|
||||
}],
|
||||
[ 'OS=="linux"', {
|
||||
|
@ -251,11 +237,7 @@
|
|||
'MP_ASSEMBLY_SQUARE',
|
||||
'MP_USE_UINT_DIGIT',
|
||||
'SHA_NO_LONG_LONG',
|
||||
],
|
||||
}],
|
||||
[ 'target_arch=="arm64" or target_arch=="aarch64"', {
|
||||
'defines': [
|
||||
'NSS_USE_64',
|
||||
'ARMHF',
|
||||
],
|
||||
}],
|
||||
],
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
'ecl/ecp_jm.c',
|
||||
'ecl/ecp_mont.c',
|
||||
'fipsfreebl.c',
|
||||
'blinit.c',
|
||||
'freeblver.c',
|
||||
'gcm.c',
|
||||
'hmacct.c',
|
||||
|
|
|
@ -132,6 +132,7 @@ CSRCS = \
|
|||
chacha20poly1305.c \
|
||||
cts.c \
|
||||
ctr.c \
|
||||
blinit.c \
|
||||
fipsfreebl.c \
|
||||
gcm.c \
|
||||
hmacct.c \
|
||||
|
|
|
@ -26,17 +26,11 @@
|
|||
#include "mpi.h"
|
||||
|
||||
#ifdef USE_HW_AES
|
||||
static int has_intel_aes = 0;
|
||||
static PRBool use_hw_aes = PR_FALSE;
|
||||
|
||||
#ifdef INTEL_GCM
|
||||
#include "intel-gcm.h"
|
||||
static int has_intel_avx = 0;
|
||||
static int has_intel_clmul = 0;
|
||||
static PRBool use_hw_gcm = PR_FALSE;
|
||||
#if defined(_MSC_VER) && !defined(_M_IX86)
|
||||
#include <intrin.h> /* for _xgetbv() */
|
||||
#endif
|
||||
#endif
|
||||
#endif /* USE_HW_AES */
|
||||
|
||||
|
@ -999,39 +993,6 @@ AES_AllocateContext(void)
|
|||
return PORT_ZNew(AESContext);
|
||||
}
|
||||
|
||||
#ifdef INTEL_GCM
|
||||
/*
|
||||
* Adapted from the example code in "How to detect New Instruction support in
|
||||
* the 4th generation Intel Core processor family" by Max Locktyukhin.
|
||||
*
|
||||
* XGETBV:
|
||||
* Reads an extended control register (XCR) specified by ECX into EDX:EAX.
|
||||
*/
|
||||
static PRBool
|
||||
check_xcr0_ymm()
|
||||
{
|
||||
PRUint32 xcr0;
|
||||
#if defined(_MSC_VER)
|
||||
#if defined(_M_IX86)
|
||||
__asm {
|
||||
mov ecx, 0
|
||||
xgetbv
|
||||
mov xcr0, eax
|
||||
}
|
||||
#else
|
||||
xcr0 = (PRUint32)_xgetbv(0); /* Requires VS2010 SP1 or later. */
|
||||
#endif
|
||||
#else
|
||||
__asm__("xgetbv"
|
||||
: "=a"(xcr0)
|
||||
: "c"(0)
|
||||
: "%edx");
|
||||
#endif
|
||||
/* Check if xmm and ymm state are enabled in XCR0. */
|
||||
return (xcr0 & 6) == 6;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
** Initialize a new AES context suitable for AES encryption/decryption in
|
||||
** the ECB or CBC mode.
|
||||
|
@ -1070,33 +1031,9 @@ aes_InitContext(AESContext *cx, const unsigned char *key, unsigned int keysize,
|
|||
return SECFailure;
|
||||
}
|
||||
#ifdef USE_HW_AES
|
||||
if (has_intel_aes == 0) {
|
||||
unsigned long eax, ebx, ecx, edx;
|
||||
char *disable_hw_aes = PR_GetEnvSecure("NSS_DISABLE_HW_AES");
|
||||
|
||||
if (disable_hw_aes == NULL) {
|
||||
freebl_cpuid(1, &eax, &ebx, &ecx, &edx);
|
||||
has_intel_aes = (ecx & (1 << 25)) != 0 ? 1 : -1;
|
||||
use_hw_aes = aesni_support() && (keysize % 8) == 0 && blocksize == 16;
|
||||
#ifdef INTEL_GCM
|
||||
has_intel_clmul = (ecx & (1 << 1)) != 0 ? 1 : -1;
|
||||
if ((ecx & (1 << 27)) != 0 && (ecx & (1 << 28)) != 0 &&
|
||||
check_xcr0_ymm()) {
|
||||
has_intel_avx = 1;
|
||||
} else {
|
||||
has_intel_avx = -1;
|
||||
}
|
||||
#endif
|
||||
} else {
|
||||
has_intel_aes = -1;
|
||||
#ifdef INTEL_GCM
|
||||
has_intel_avx = -1;
|
||||
has_intel_clmul = -1;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
use_hw_aes = (PRBool)(has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16);
|
||||
#ifdef INTEL_GCM
|
||||
use_hw_gcm = (PRBool)(use_hw_aes && has_intel_avx > 0 && has_intel_clmul > 0);
|
||||
use_hw_gcm = use_hw_aes && avx_support() && clmul_support();
|
||||
#endif
|
||||
#endif /* USE_HW_AES */
|
||||
/* Nb = (block size in bits) / 32 */
|
||||
|
|
|
@ -1551,7 +1551,7 @@ cleanup:
|
|||
return rv;
|
||||
}
|
||||
|
||||
static SECStatus
|
||||
SECStatus
|
||||
RSA_Init(void)
|
||||
{
|
||||
if (PR_CallOnce(&coBPInit, init_blinding_params_list) != PR_SUCCESS) {
|
||||
|
@ -1561,12 +1561,6 @@ RSA_Init(void)
|
|||
return SECSuccess;
|
||||
}
|
||||
|
||||
SECStatus
|
||||
BL_Init(void)
|
||||
{
|
||||
return RSA_Init();
|
||||
}
|
||||
|
||||
/* cleanup at shutdown */
|
||||
void
|
||||
RSA_Cleanup(void)
|
||||
|
|
|
@ -1211,6 +1211,7 @@ RSA_SignPSS(RSAPrivateKey *key,
|
|||
if (rv != SECSuccess)
|
||||
goto done;
|
||||
|
||||
// This sets error codes upon failure.
|
||||
rv = RSA_PrivateKeyOpDoubleChecked(key, output, pssEncoded);
|
||||
*outputLen = modulusLen;
|
||||
|
||||
|
@ -1270,7 +1271,6 @@ RSA_CheckSignPSS(RSAPublicKey *key,
|
|||
return rv;
|
||||
}
|
||||
|
||||
/* XXX Doesn't set error code */
|
||||
SECStatus
|
||||
RSA_Sign(RSAPrivateKey *key,
|
||||
unsigned char *output,
|
||||
|
@ -1279,34 +1279,34 @@ RSA_Sign(RSAPrivateKey *key,
|
|||
const unsigned char *input,
|
||||
unsigned int inputLen)
|
||||
{
|
||||
SECStatus rv = SECSuccess;
|
||||
SECStatus rv = SECFailure;
|
||||
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
|
||||
SECItem formatted;
|
||||
SECItem unformatted;
|
||||
SECItem formatted = { siBuffer, NULL, 0 };
|
||||
SECItem unformatted = { siBuffer, (unsigned char *)input, inputLen };
|
||||
|
||||
if (maxOutputLen < modulusLen)
|
||||
return SECFailure;
|
||||
if (maxOutputLen < modulusLen) {
|
||||
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
|
||||
goto done;
|
||||
}
|
||||
|
||||
unformatted.len = inputLen;
|
||||
unformatted.data = (unsigned char *)input;
|
||||
formatted.data = NULL;
|
||||
rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPrivate,
|
||||
&unformatted);
|
||||
if (rv != SECSuccess)
|
||||
if (rv != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
goto done;
|
||||
}
|
||||
|
||||
// This sets error codes upon failure.
|
||||
rv = RSA_PrivateKeyOpDoubleChecked(key, output, formatted.data);
|
||||
*outputLen = modulusLen;
|
||||
|
||||
goto done;
|
||||
|
||||
done:
|
||||
if (formatted.data != NULL)
|
||||
if (formatted.data != NULL) {
|
||||
PORT_ZFree(formatted.data, modulusLen);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* XXX Doesn't set error code */
|
||||
SECStatus
|
||||
RSA_CheckSign(RSAPublicKey *key,
|
||||
const unsigned char *sig,
|
||||
|
@ -1314,60 +1314,71 @@ RSA_CheckSign(RSAPublicKey *key,
|
|||
const unsigned char *data,
|
||||
unsigned int dataLen)
|
||||
{
|
||||
SECStatus rv;
|
||||
SECStatus rv = SECFailure;
|
||||
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
|
||||
unsigned int i;
|
||||
unsigned char *buffer;
|
||||
unsigned char *buffer = NULL;
|
||||
|
||||
if (sigLen != modulusLen) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (sigLen != modulusLen)
|
||||
goto failure;
|
||||
/*
|
||||
* 0x00 || BT || Pad || 0x00 || ActualData
|
||||
*
|
||||
* The "3" below is the first octet + the second octet + the 0x00
|
||||
* octet that always comes just before the ActualData.
|
||||
*/
|
||||
if (dataLen > modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN))
|
||||
goto failure;
|
||||
if (dataLen > modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)) {
|
||||
PORT_SetError(SEC_ERROR_BAD_DATA);
|
||||
goto done;
|
||||
}
|
||||
|
||||
buffer = (unsigned char *)PORT_Alloc(modulusLen + 1);
|
||||
if (!buffer)
|
||||
goto failure;
|
||||
if (!buffer) {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
goto done;
|
||||
}
|
||||
|
||||
rv = RSA_PublicKeyOp(key, buffer, sig);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
if (RSA_PublicKeyOp(key, buffer, sig) != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
|
||||
/*
|
||||
* check the padding that was used
|
||||
*/
|
||||
if (buffer[0] != RSA_BLOCK_FIRST_OCTET ||
|
||||
buffer[1] != (unsigned char)RSA_BlockPrivate) {
|
||||
goto loser;
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
for (i = 2; i < modulusLen - dataLen - 1; i++) {
|
||||
if (buffer[i] != RSA_BLOCK_PRIVATE_PAD_OCTET)
|
||||
goto loser;
|
||||
if (buffer[i] != RSA_BLOCK_PRIVATE_PAD_OCTET) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
if (buffer[i] != RSA_BLOCK_AFTER_PAD_OCTET) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
if (buffer[i] != RSA_BLOCK_AFTER_PAD_OCTET)
|
||||
goto loser;
|
||||
|
||||
/*
|
||||
* make sure we get the same results
|
||||
*/
|
||||
if (PORT_Memcmp(buffer + modulusLen - dataLen, data, dataLen) != 0)
|
||||
goto loser;
|
||||
if (PORT_Memcmp(buffer + modulusLen - dataLen, data, dataLen) == 0) {
|
||||
rv = SECSuccess;
|
||||
}
|
||||
|
||||
PORT_Free(buffer);
|
||||
return SECSuccess;
|
||||
|
||||
loser:
|
||||
PORT_Free(buffer);
|
||||
failure:
|
||||
return SECFailure;
|
||||
done:
|
||||
if (buffer) {
|
||||
PORT_Free(buffer);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* XXX Doesn't set error code */
|
||||
SECStatus
|
||||
RSA_CheckSignRecover(RSAPublicKey *key,
|
||||
unsigned char *output,
|
||||
|
@ -1376,21 +1387,27 @@ RSA_CheckSignRecover(RSAPublicKey *key,
|
|||
const unsigned char *sig,
|
||||
unsigned int sigLen)
|
||||
{
|
||||
SECStatus rv;
|
||||
SECStatus rv = SECFailure;
|
||||
unsigned int modulusLen = rsa_modulusLen(&key->modulus);
|
||||
unsigned int i;
|
||||
unsigned char *buffer;
|
||||
unsigned char *buffer = NULL;
|
||||
|
||||
if (sigLen != modulusLen)
|
||||
goto failure;
|
||||
if (sigLen != modulusLen) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
|
||||
buffer = (unsigned char *)PORT_Alloc(modulusLen + 1);
|
||||
if (!buffer)
|
||||
goto failure;
|
||||
if (!buffer) {
|
||||
PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (RSA_PublicKeyOp(key, buffer, sig) != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
|
||||
rv = RSA_PublicKeyOp(key, buffer, sig);
|
||||
if (rv != SECSuccess)
|
||||
goto loser;
|
||||
*outputLen = 0;
|
||||
|
||||
/*
|
||||
|
@ -1398,28 +1415,34 @@ RSA_CheckSignRecover(RSAPublicKey *key,
|
|||
*/
|
||||
if (buffer[0] != RSA_BLOCK_FIRST_OCTET ||
|
||||
buffer[1] != (unsigned char)RSA_BlockPrivate) {
|
||||
goto loser;
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
for (i = 2; i < modulusLen; i++) {
|
||||
if (buffer[i] == RSA_BLOCK_AFTER_PAD_OCTET) {
|
||||
*outputLen = modulusLen - i - 1;
|
||||
break;
|
||||
}
|
||||
if (buffer[i] != RSA_BLOCK_PRIVATE_PAD_OCTET)
|
||||
goto loser;
|
||||
if (buffer[i] != RSA_BLOCK_PRIVATE_PAD_OCTET) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
if (*outputLen == 0) {
|
||||
PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
|
||||
goto done;
|
||||
}
|
||||
if (*outputLen > maxOutputLen) {
|
||||
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
|
||||
goto done;
|
||||
}
|
||||
if (*outputLen == 0)
|
||||
goto loser;
|
||||
if (*outputLen > maxOutputLen)
|
||||
goto loser;
|
||||
|
||||
PORT_Memcpy(output, buffer + modulusLen - *outputLen, *outputLen);
|
||||
rv = SECSuccess;
|
||||
|
||||
PORT_Free(buffer);
|
||||
return SECSuccess;
|
||||
|
||||
loser:
|
||||
PORT_Free(buffer);
|
||||
failure:
|
||||
return SECFailure;
|
||||
done:
|
||||
if (buffer) {
|
||||
PORT_Free(buffer);
|
||||
}
|
||||
return rv;
|
||||
}
|
||||
|
|
|
@ -26,49 +26,6 @@
|
|||
'defines': [
|
||||
'MOZILLA_CLIENT=1',
|
||||
],
|
||||
'conditions': [
|
||||
[ 'OS=="win"', {
|
||||
'configurations': {
|
||||
'x86_Base': {
|
||||
'msvs_settings': {
|
||||
'VCCLCompilerTool': {
|
||||
'PreprocessorDefinitions': [
|
||||
'NSS_X86_OR_X64',
|
||||
'NSS_X86',
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
'x64_Base': {
|
||||
'msvs_settings': {
|
||||
'VCCLCompilerTool': {
|
||||
'PreprocessorDefinitions': [
|
||||
'NSS_USE_64',
|
||||
'NSS_X86_OR_X64',
|
||||
'NSS_X64',
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}, {
|
||||
'conditions': [
|
||||
[ 'target_arch=="x64"', {
|
||||
'defines': [
|
||||
'NSS_USE_64',
|
||||
'NSS_X86_OR_X64',
|
||||
'NSS_X64',
|
||||
],
|
||||
}],
|
||||
[ 'target_arch=="ia32"', {
|
||||
'defines': [
|
||||
'NSS_X86_OR_X64',
|
||||
'NSS_X86',
|
||||
],
|
||||
}],
|
||||
],
|
||||
}],
|
||||
],
|
||||
},
|
||||
'variables': {
|
||||
'module': 'nss'
|
||||
|
|
|
@ -1496,6 +1496,14 @@ extern PRInt32 ssl3_SendRecord(sslSocket *ss, ssl3CipherSpec *cwSpec,
|
|||
*/
|
||||
#define SSL_LIBRARY_VERSION_NONE 0
|
||||
|
||||
/* SSL_LIBRARY_VERSION_MIN_SUPPORTED is the minimum version that this version
|
||||
* of libssl supports. Applications should use SSL_VersionRangeGetSupported at
|
||||
* runtime to determine which versions are supported by the version of libssl
|
||||
* in use.
|
||||
*/
|
||||
#define SSL_LIBRARY_VERSION_MIN_SUPPORTED_DATAGRAM SSL_LIBRARY_VERSION_TLS_1_1
|
||||
#define SSL_LIBRARY_VERSION_MIN_SUPPORTED_STREAM SSL_LIBRARY_VERSION_3_0
|
||||
|
||||
/* SSL_LIBRARY_VERSION_MAX_SUPPORTED is the maximum version that this version
|
||||
* of libssl supports. Applications should use SSL_VersionRangeGetSupported at
|
||||
* runtime to determine which versions are supported by the version of libssl
|
||||
|
|
|
@ -2152,11 +2152,11 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
|||
ss->sniSocketConfig = sm->sniSocketConfig;
|
||||
if (sm->sniSocketConfigArg)
|
||||
ss->sniSocketConfigArg = sm->sniSocketConfigArg;
|
||||
if (ss->alertReceivedCallback) {
|
||||
if (sm->alertReceivedCallback) {
|
||||
ss->alertReceivedCallback = sm->alertReceivedCallback;
|
||||
ss->alertReceivedCallbackArg = sm->alertReceivedCallbackArg;
|
||||
}
|
||||
if (ss->alertSentCallback) {
|
||||
if (sm->alertSentCallback) {
|
||||
ss->alertSentCallback = sm->alertSentCallback;
|
||||
ss->alertSentCallbackArg = sm->alertSentCallbackArg;
|
||||
}
|
||||
|
@ -2173,61 +2173,82 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
|
|||
return fd;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the user supplied range
|
||||
*/
|
||||
static SECStatus
|
||||
ssl3_GetRangePolicy(SSLProtocolVariant protocolVariant, SSLVersionRange *prange)
|
||||
SECStatus
|
||||
ssl3_GetEffectiveVersionPolicy(SSLProtocolVariant variant,
|
||||
SSLVersionRange *effectivePolicy)
|
||||
{
|
||||
SECStatus rv;
|
||||
PRUint32 policy;
|
||||
PRInt32 option;
|
||||
PRUint32 policyFlag;
|
||||
PRInt32 minPolicy, maxPolicy;
|
||||
|
||||
/* only use policy constraints if we've set the apply ssl policy bit */
|
||||
rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policy);
|
||||
if ((rv != SECSuccess) || !(policy & NSS_USE_POLICY_IN_SSL)) {
|
||||
if (variant == ssl_variant_stream) {
|
||||
effectivePolicy->min = SSL_LIBRARY_VERSION_MIN_SUPPORTED_STREAM;
|
||||
effectivePolicy->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
|
||||
} else {
|
||||
effectivePolicy->min = SSL_LIBRARY_VERSION_MIN_SUPPORTED_DATAGRAM;
|
||||
effectivePolicy->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
|
||||
}
|
||||
|
||||
rv = NSS_GetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, &policyFlag);
|
||||
if ((rv != SECSuccess) || !(policyFlag & NSS_USE_POLICY_IN_SSL)) {
|
||||
/* Policy is not active, report library extents. */
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
rv = NSS_OptionGet(VERSIONS_POLICY_MIN(variant), &minPolicy);
|
||||
if (rv != SECSuccess) {
|
||||
return SECFailure;
|
||||
}
|
||||
rv = NSS_OptionGet(VERSIONS_POLICY_MIN(protocolVariant), &option);
|
||||
rv = NSS_OptionGet(VERSIONS_POLICY_MAX(variant), &maxPolicy);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
return SECFailure;
|
||||
}
|
||||
prange->min = (PRUint16)option;
|
||||
rv = NSS_OptionGet(VERSIONS_POLICY_MAX(protocolVariant), &option);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
}
|
||||
prange->max = (PRUint16)option;
|
||||
if (prange->max < prange->min) {
|
||||
return SECFailure; /* don't accept an invalid policy */
|
||||
|
||||
if (minPolicy > effectivePolicy->max ||
|
||||
maxPolicy < effectivePolicy->min ||
|
||||
minPolicy > maxPolicy) {
|
||||
return SECFailure;
|
||||
}
|
||||
effectivePolicy->min = PR_MAX(effectivePolicy->min, minPolicy);
|
||||
effectivePolicy->max = PR_MIN(effectivePolicy->max, maxPolicy);
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
/*
|
||||
* Constrain a single protocol variant's range based on the user policy
|
||||
/*
|
||||
* Assumes that rangeParam values are within the supported boundaries,
|
||||
* but should contain all potentially allowed versions, even if they contain
|
||||
* conflicting versions.
|
||||
* Will return the overlap, or a NONE range if system policy is invalid.
|
||||
*/
|
||||
static SECStatus
|
||||
ssl3_ConstrainVariantRangeByPolicy(SSLProtocolVariant protocolVariant)
|
||||
ssl3_CreateOverlapWithPolicy(SSLProtocolVariant protocolVariant,
|
||||
SSLVersionRange *input,
|
||||
SSLVersionRange *overlap)
|
||||
{
|
||||
SSLVersionRange vrange;
|
||||
SSLVersionRange pvrange;
|
||||
SECStatus rv;
|
||||
SSLVersionRange effectivePolicyBoundary;
|
||||
SSLVersionRange vrange;
|
||||
|
||||
vrange = *VERSIONS_DEFAULTS(protocolVariant);
|
||||
rv = ssl3_GetRangePolicy(protocolVariant, &pvrange);
|
||||
if (rv != SECSuccess) {
|
||||
return SECSuccess; /* we don't have any policy */
|
||||
PORT_Assert(input != NULL);
|
||||
|
||||
rv = ssl3_GetEffectiveVersionPolicy(protocolVariant,
|
||||
&effectivePolicyBoundary);
|
||||
if (rv == SECFailure) {
|
||||
/* SECFailure means internal failure or invalid configuration. */
|
||||
overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
|
||||
return SECFailure;
|
||||
}
|
||||
vrange.min = PR_MAX(vrange.min, pvrange.min);
|
||||
vrange.max = PR_MIN(vrange.max, pvrange.max);
|
||||
if (vrange.max >= vrange.min) {
|
||||
*VERSIONS_DEFAULTS(protocolVariant) = vrange;
|
||||
} else {
|
||||
|
||||
vrange.min = PR_MAX(input->min, effectivePolicyBoundary.min);
|
||||
vrange.max = PR_MIN(input->max, effectivePolicyBoundary.max);
|
||||
|
||||
if (vrange.max < vrange.min) {
|
||||
/* there was no overlap, turn off range altogether */
|
||||
pvrange.min = pvrange.max = SSL_LIBRARY_VERSION_NONE;
|
||||
*VERSIONS_DEFAULTS(protocolVariant) = pvrange;
|
||||
overlap->min = overlap->max = SSL_LIBRARY_VERSION_NONE;
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
*overlap = vrange;
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
|
@ -2235,16 +2256,17 @@ static PRBool
|
|||
ssl_VersionIsSupportedByPolicy(SSLProtocolVariant protocolVariant,
|
||||
SSL3ProtocolVersion version)
|
||||
{
|
||||
SSLVersionRange pvrange;
|
||||
SECStatus rv;
|
||||
SSLVersionRange effectivePolicyBoundary;
|
||||
|
||||
rv = ssl3_GetRangePolicy(protocolVariant, &pvrange);
|
||||
if (rv == SECSuccess) {
|
||||
if ((version > pvrange.max) || (version < pvrange.min)) {
|
||||
return PR_FALSE; /* disallowed by policy */
|
||||
}
|
||||
rv = ssl3_GetEffectiveVersionPolicy(protocolVariant,
|
||||
&effectivePolicyBoundary);
|
||||
if (rv == SECFailure) {
|
||||
/* SECFailure means internal failure or invalid configuration. */
|
||||
return PR_FALSE;
|
||||
}
|
||||
return PR_TRUE;
|
||||
return version >= effectivePolicyBoundary.min &&
|
||||
version <= effectivePolicyBoundary.max;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -2254,18 +2276,36 @@ ssl_VersionIsSupportedByPolicy(SSLProtocolVariant protocolVariant,
|
|||
SECStatus
|
||||
ssl3_ConstrainRangeByPolicy(void)
|
||||
{
|
||||
SECStatus rv;
|
||||
rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_stream);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
}
|
||||
rv = ssl3_ConstrainVariantRangeByPolicy(ssl_variant_datagram);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
}
|
||||
/* We ignore failures in ssl3_CreateOverlapWithPolicy. Although an empty
|
||||
* overlap disables all connectivity, it's an allowed state.
|
||||
*/
|
||||
ssl3_CreateOverlapWithPolicy(ssl_variant_stream,
|
||||
VERSIONS_DEFAULTS(ssl_variant_stream),
|
||||
VERSIONS_DEFAULTS(ssl_variant_stream));
|
||||
ssl3_CreateOverlapWithPolicy(ssl_variant_datagram,
|
||||
VERSIONS_DEFAULTS(ssl_variant_datagram),
|
||||
VERSIONS_DEFAULTS(ssl_variant_datagram));
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
PRBool
|
||||
ssl3_VersionIsSupportedByCode(SSLProtocolVariant protocolVariant,
|
||||
SSL3ProtocolVersion version)
|
||||
{
|
||||
switch (protocolVariant) {
|
||||
case ssl_variant_stream:
|
||||
return (version >= SSL_LIBRARY_VERSION_MIN_SUPPORTED_STREAM &&
|
||||
version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
|
||||
case ssl_variant_datagram:
|
||||
return (version >= SSL_LIBRARY_VERSION_MIN_SUPPORTED_DATAGRAM &&
|
||||
version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
|
||||
}
|
||||
|
||||
/* Can't get here */
|
||||
PORT_Assert(PR_FALSE);
|
||||
return PR_FALSE;
|
||||
}
|
||||
|
||||
PRBool
|
||||
ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
|
||||
SSL3ProtocolVersion version)
|
||||
|
@ -2273,33 +2313,7 @@ ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant,
|
|||
if (!ssl_VersionIsSupportedByPolicy(protocolVariant, version)) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
switch (protocolVariant) {
|
||||
case ssl_variant_stream:
|
||||
return (version >= SSL_LIBRARY_VERSION_3_0 &&
|
||||
version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
|
||||
case ssl_variant_datagram:
|
||||
return (version >= SSL_LIBRARY_VERSION_TLS_1_1 &&
|
||||
version <= SSL_LIBRARY_VERSION_MAX_SUPPORTED);
|
||||
default:
|
||||
/* Can't get here */
|
||||
PORT_Assert(PR_FALSE);
|
||||
return PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
/* Returns PR_TRUE if the given version range is valid and
|
||||
** fully supported; otherwise, returns PR_FALSE.
|
||||
*/
|
||||
static PRBool
|
||||
ssl3_VersionRangeIsValid(SSLProtocolVariant protocolVariant,
|
||||
const SSLVersionRange *vrange)
|
||||
{
|
||||
return vrange &&
|
||||
vrange->min <= vrange->max &&
|
||||
ssl3_VersionIsSupported(protocolVariant, vrange->min) &&
|
||||
ssl3_VersionIsSupported(protocolVariant, vrange->max) &&
|
||||
(vrange->min > SSL_LIBRARY_VERSION_3_0 ||
|
||||
vrange->max < SSL_LIBRARY_VERSION_TLS_1_3);
|
||||
return ssl3_VersionIsSupportedByCode(protocolVariant, version);
|
||||
}
|
||||
|
||||
const SECItem *
|
||||
|
@ -2325,6 +2339,8 @@ SECStatus
|
|||
SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
|
||||
SSLVersionRange *vrange)
|
||||
{
|
||||
SECStatus rv;
|
||||
|
||||
if (!vrange) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
|
@ -2332,15 +2348,15 @@ SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
|
|||
|
||||
switch (protocolVariant) {
|
||||
case ssl_variant_stream:
|
||||
vrange->min = SSL_LIBRARY_VERSION_3_0;
|
||||
vrange->min = SSL_LIBRARY_VERSION_MIN_SUPPORTED_STREAM;
|
||||
vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
|
||||
// We don't allow SSLv3 and TLSv1.3 together.
|
||||
if (vrange->max == SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
vrange->min = SSL_LIBRARY_VERSION_TLS_1_0;
|
||||
}
|
||||
/* We don't allow SSLv3 and TLSv1.3 together.
|
||||
* However, don't check yet, apply the policy first.
|
||||
* Because if the effective supported range doesn't use TLS 1.3,
|
||||
* then we don't need to increase the minimum. */
|
||||
break;
|
||||
case ssl_variant_datagram:
|
||||
vrange->min = SSL_LIBRARY_VERSION_TLS_1_1;
|
||||
vrange->min = SSL_LIBRARY_VERSION_MIN_SUPPORTED_DATAGRAM;
|
||||
vrange->max = SSL_LIBRARY_VERSION_MAX_SUPPORTED;
|
||||
break;
|
||||
default:
|
||||
|
@ -2348,6 +2364,17 @@ SSL_VersionRangeGetSupported(SSLProtocolVariant protocolVariant,
|
|||
return SECFailure;
|
||||
}
|
||||
|
||||
rv = ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange);
|
||||
if (rv != SECSuccess) {
|
||||
/* Library default and policy don't overlap. */
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* We don't allow SSLv3 and TLSv1.3 together */
|
||||
if (vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
|
@ -2363,6 +2390,43 @@ SSL_VersionRangeGetDefault(SSLProtocolVariant protocolVariant,
|
|||
}
|
||||
|
||||
*vrange = *VERSIONS_DEFAULTS(protocolVariant);
|
||||
return ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange);
|
||||
}
|
||||
|
||||
static PRBool
|
||||
ssl3_HasConflictingSSLVersions(const SSLVersionRange *vrange)
|
||||
{
|
||||
return (vrange->min <= SSL_LIBRARY_VERSION_3_0 &&
|
||||
vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3);
|
||||
}
|
||||
|
||||
static SECStatus
|
||||
ssl3_CheckRangeValidAndConstrainByPolicy(SSLProtocolVariant protocolVariant,
|
||||
SSLVersionRange *vrange)
|
||||
{
|
||||
SECStatus rv;
|
||||
|
||||
if (vrange->min > vrange->max ||
|
||||
!ssl3_VersionIsSupportedByCode(protocolVariant, vrange->min) ||
|
||||
!ssl3_VersionIsSupportedByCode(protocolVariant, vrange->max) ||
|
||||
ssl3_HasConflictingSSLVersions(vrange)) {
|
||||
PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
/* Try to adjust the received range using our policy.
|
||||
* If there's overlap, we'll use the (possibly reduced) range.
|
||||
* If there isn't overlap, it's failure. */
|
||||
|
||||
rv = ssl3_CreateOverlapWithPolicy(protocolVariant, vrange, vrange);
|
||||
if (rv != SECSuccess) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
/* We don't allow SSLv3 and TLSv1.3 together */
|
||||
if (vrange->max >= SSL_LIBRARY_VERSION_TLS_1_3) {
|
||||
vrange->min = PR_MAX(vrange->min, SSL_LIBRARY_VERSION_TLS_1_0);
|
||||
}
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
|
@ -2371,13 +2435,21 @@ SECStatus
|
|||
SSL_VersionRangeSetDefault(SSLProtocolVariant protocolVariant,
|
||||
const SSLVersionRange *vrange)
|
||||
{
|
||||
if (!ssl3_VersionRangeIsValid(protocolVariant, vrange)) {
|
||||
PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
|
||||
SSLVersionRange constrainedRange;
|
||||
SECStatus rv;
|
||||
|
||||
if (!vrange) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
*VERSIONS_DEFAULTS(protocolVariant) = *vrange;
|
||||
constrainedRange = *vrange;
|
||||
rv = ssl3_CheckRangeValidAndConstrainByPolicy(protocolVariant,
|
||||
&constrainedRange);
|
||||
if (rv != SECSuccess)
|
||||
return rv;
|
||||
|
||||
*VERSIONS_DEFAULTS(protocolVariant) = constrainedRange;
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
|
@ -2405,24 +2477,33 @@ SSL_VersionRangeGet(PRFileDesc *fd, SSLVersionRange *vrange)
|
|||
ssl_ReleaseSSL3HandshakeLock(ss);
|
||||
ssl_Release1stHandshakeLock(ss);
|
||||
|
||||
return SECSuccess;
|
||||
return ssl3_CreateOverlapWithPolicy(ss->protocolVariant, vrange, vrange);
|
||||
}
|
||||
|
||||
SECStatus
|
||||
SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
|
||||
{
|
||||
sslSocket *ss = ssl_FindSocket(fd);
|
||||
SSLVersionRange constrainedRange;
|
||||
sslSocket *ss;
|
||||
SECStatus rv;
|
||||
|
||||
if (!vrange) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
ss = ssl_FindSocket(fd);
|
||||
if (!ss) {
|
||||
SSL_DBG(("%d: SSL[%d]: bad socket in SSL_VersionRangeSet",
|
||||
SSL_GETPID(), fd));
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if (!ssl3_VersionRangeIsValid(ss->protocolVariant, vrange)) {
|
||||
PORT_SetError(SSL_ERROR_INVALID_VERSION_RANGE);
|
||||
return SECFailure;
|
||||
}
|
||||
constrainedRange = *vrange;
|
||||
rv = ssl3_CheckRangeValidAndConstrainByPolicy(ss->protocolVariant,
|
||||
&constrainedRange);
|
||||
if (rv != SECSuccess)
|
||||
return rv;
|
||||
|
||||
ssl_Get1stHandshakeLock(ss);
|
||||
ssl_GetSSL3HandshakeLock(ss);
|
||||
|
@ -2435,7 +2516,7 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
|
|||
return SECFailure;
|
||||
}
|
||||
|
||||
ss->vrange = *vrange;
|
||||
ss->vrange = constrainedRange;
|
||||
|
||||
ssl_ReleaseSSL3HandshakeLock(ss);
|
||||
ssl_Release1stHandshakeLock(ss);
|
||||
|
@ -3684,7 +3765,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
|
|||
ss->opt.noLocks = !makeLocks;
|
||||
ss->vrange = *VERSIONS_DEFAULTS(protocolVariant);
|
||||
ss->protocolVariant = protocolVariant;
|
||||
|
||||
/* Ignore overlap failures, because returning NULL would trigger assertion
|
||||
* failures elsewhere. We don't want this scenario to be fatal, it's just
|
||||
* a state where no SSL connectivity is possible. */
|
||||
ssl3_CreateOverlapWithPolicy(ss->protocolVariant, &ss->vrange, &ss->vrange);
|
||||
ss->peerID = NULL;
|
||||
ss->rTimeout = PR_INTERVAL_NO_TIMEOUT;
|
||||
ss->wTimeout = PR_INTERVAL_NO_TIMEOUT;
|
||||
|
|
|
@ -231,20 +231,20 @@ bool EncTool::DoCipher(std::string file_name, std::string out_file,
|
|||
bool encrypt, key_func_t get_params) {
|
||||
SECStatus rv;
|
||||
unsigned int outLen = 0, chunkSize = 1024;
|
||||
char buffer[chunkSize + 16];
|
||||
char buffer[1040];
|
||||
const unsigned char* bufferStart =
|
||||
reinterpret_cast<const unsigned char*>(buffer);
|
||||
|
||||
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
|
||||
if (!slot) {
|
||||
PrintError("Unable to find security device", PR_GetError(), __LINE__);
|
||||
return SECFailure;
|
||||
return false;
|
||||
}
|
||||
|
||||
ScopedSECItem key, params;
|
||||
if (!(this->*get_params)(std::vector<uint8_t>(), key, params)) {
|
||||
PrintError("Geting keys and params failed.", __LINE__);
|
||||
return SECFailure;
|
||||
return false;
|
||||
}
|
||||
|
||||
ScopedPK11SymKey symKey(
|
||||
|
@ -252,7 +252,7 @@ bool EncTool::DoCipher(std::string file_name, std::string out_file,
|
|||
CKA_DECRYPT | CKA_ENCRYPT, key.get(), nullptr));
|
||||
if (!symKey) {
|
||||
PrintError("Failure to import key into NSS", PR_GetError(), __LINE__);
|
||||
return SECFailure;
|
||||
return false;
|
||||
}
|
||||
|
||||
std::streambuf* buf;
|
||||
|
@ -270,21 +270,21 @@ bool EncTool::DoCipher(std::string file_name, std::string out_file,
|
|||
// Read from stdin.
|
||||
if (file_name.empty()) {
|
||||
std::vector<uint8_t> data = ReadInputData("");
|
||||
uint8_t out[data.size() + 16];
|
||||
std::vector<uint8_t> out(data.size() + 16);
|
||||
SECStatus rv;
|
||||
if (encrypt) {
|
||||
rv = PK11_Encrypt(symKey.get(), cipher_mech_, params.get(), out, &outLen,
|
||||
data.size() + 16, data.data(), data.size());
|
||||
rv = PK11_Encrypt(symKey.get(), cipher_mech_, params.get(), out.data(),
|
||||
&outLen, data.size() + 16, data.data(), data.size());
|
||||
} else {
|
||||
rv = PK11_Decrypt(symKey.get(), cipher_mech_, params.get(), out, &outLen,
|
||||
data.size() + 16, data.data(), data.size());
|
||||
rv = PK11_Decrypt(symKey.get(), cipher_mech_, params.get(), out.data(),
|
||||
&outLen, data.size() + 16, data.data(), data.size());
|
||||
}
|
||||
if (rv != SECSuccess) {
|
||||
PrintError(encrypt ? "Error encrypting" : "Error decrypting",
|
||||
PR_GetError(), __LINE__);
|
||||
return false;
|
||||
};
|
||||
output.write(reinterpret_cast<char*>(out), outLen);
|
||||
output.write(reinterpret_cast<char*>(out.data()), outLen);
|
||||
output.flush();
|
||||
if (output_file.good()) {
|
||||
output_file.close();
|
||||
|
@ -302,7 +302,7 @@ bool EncTool::DoCipher(std::string file_name, std::string out_file,
|
|||
if (!input.good()) {
|
||||
return false;
|
||||
}
|
||||
uint8_t out[chunkSize + 16];
|
||||
uint8_t out[1040];
|
||||
while (input) {
|
||||
if (encrypt) {
|
||||
input.read(buffer, chunkSize);
|
||||
|
|
|
@ -27,6 +27,9 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then
|
|||
echo "NSS_AIA_OCSP=${NSS_AIA_OCSP}"
|
||||
echo "IOPR_HOSTADDR_LIST=${IOPR_HOSTADDR_LIST}"
|
||||
echo "PKITS_DATA=${PKITS_DATA}"
|
||||
echo "NSS_DISABLE_HW_AES=${NSS_DISABLE_HW_AES}"
|
||||
echo "NSS_DISABLE_PCLMUL=${NSS_DISABLE_PCLMUL}"
|
||||
echo "NSS_DISABLE_AVX=${NSS_DISABLE_AVX}"
|
||||
echo
|
||||
echo "Tests summary:"
|
||||
echo "--------------"
|
||||
|
|
|
@ -32,6 +32,9 @@
|
|||
<menuitem label="Three"/>
|
||||
</menupopup>
|
||||
|
||||
<button id="anchorhidden" label="HiddenAnchor" hidden="true"/>
|
||||
<button id="anchorextra" label="ExtraAnchor"/>
|
||||
|
||||
<script type="application/javascript"><![CDATA[
|
||||
|
||||
Components.utils.import("resource://gre/modules/Task.jsm");
|
||||
|
@ -140,6 +143,27 @@ function runTests() {
|
|||
yield popuphidden;
|
||||
yield menupopuphidden;
|
||||
|
||||
// A popup with a hidden anchor should not update
|
||||
let anchorhidden = document.getElementById("anchorhidden");
|
||||
popupshown = waitForPanel(panel, "popupshown");
|
||||
panel.openPopup(anchorhidden, "after_start");
|
||||
yield popupshown;
|
||||
|
||||
let oldtop = panel.getBoundingClientRect().top;
|
||||
|
||||
// Show and adjust anchors. The panel should not update or hide due to this.
|
||||
anchorhidden.hidden = false;
|
||||
document.getElementById("anchorextra").hidden = true;
|
||||
yield new Promise(r => { SimpleTest.executeSoon(r); });
|
||||
|
||||
let newtop = panel.getBoundingClientRect().top;
|
||||
is(panel.state, "open", "panel is still open after showing anchor");
|
||||
is(oldtop, newtop, "panel top did not change after showing anchor");
|
||||
|
||||
popuphidden = waitForPanel(panel, "popuphidden");
|
||||
panel.hidePopup();
|
||||
yield popuphidden;
|
||||
|
||||
// The panel should no longer follow anchors.
|
||||
panel.setAttribute("followanchor", "false");
|
||||
|
||||
|
|
|
@ -1950,6 +1950,13 @@ public:
|
|||
virtual CompositorBridgeChild* GetRemoteRenderer()
|
||||
{ return nullptr; }
|
||||
|
||||
/**
|
||||
* Returns true if the widget requires synchronous repaints on resize,
|
||||
* false otherwise.
|
||||
*/
|
||||
virtual bool SynchronouslyRepaintOnResize()
|
||||
{ return true; }
|
||||
|
||||
/**
|
||||
* Some platforms (only cocoa right now) round widget coordinates to the
|
||||
* nearest even pixels (see bug 892994), this function allows us to
|
||||
|
|
|
@ -316,6 +316,9 @@ public:
|
|||
|
||||
void GetCompositorWidgetInitData(mozilla::widget::CompositorWidgetInitData* aInitData) override;
|
||||
bool IsTouchWindow() const { return mTouchWindow; }
|
||||
bool SynchronouslyRepaintOnResize() override {
|
||||
return false;
|
||||
}
|
||||
|
||||
protected:
|
||||
virtual ~nsWindow();
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
#include "Base64.h"
|
||||
|
||||
#include "mozilla/ScopeExit.h"
|
||||
#include "mozilla/UniquePtrExtensions.h"
|
||||
#include "nsIInputStream.h"
|
||||
#include "nsString.h"
|
||||
|
@ -356,16 +357,27 @@ Base64Encode(const nsACString& aBinary, nsACString& aBase64)
|
|||
nsresult
|
||||
Base64Encode(const nsAString& aBinary, nsAString& aBase64)
|
||||
{
|
||||
NS_LossyConvertUTF16toASCII binary(aBinary);
|
||||
auto truncater = mozilla::MakeScopeExit([&]() { aBase64.Truncate(); });
|
||||
|
||||
// XXX We should really consider decoding directly from the string, rather
|
||||
// than making a separate copy here.
|
||||
nsAutoCString binary;
|
||||
if (!binary.SetCapacity(aBinary.Length(), mozilla::fallible)) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
LossyCopyUTF16toASCII(aBinary, binary);
|
||||
|
||||
nsAutoCString base64;
|
||||
|
||||
nsresult rv = Base64Encode(binary, base64);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
CopyASCIItoUTF16(base64, aBase64);
|
||||
} else {
|
||||
aBase64.Truncate();
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (!CopyASCIItoUTF16(base64, aBase64, mozilla::fallible)) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
truncater.release();
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
@ -464,16 +476,27 @@ Base64Decode(const nsACString& aBase64, nsACString& aBinary)
|
|||
nsresult
|
||||
Base64Decode(const nsAString& aBase64, nsAString& aBinary)
|
||||
{
|
||||
NS_LossyConvertUTF16toASCII base64(aBase64);
|
||||
auto truncater = mozilla::MakeScopeExit([&]() { aBinary.Truncate(); });
|
||||
|
||||
// XXX We should really consider decoding directly from the string, rather
|
||||
// than making a separate copy here.
|
||||
nsAutoCString base64;
|
||||
if (!base64.SetCapacity(aBase64.Length(), mozilla::fallible)) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
LossyCopyUTF16toASCII(aBase64, base64);
|
||||
|
||||
nsAutoCString binary;
|
||||
|
||||
nsresult rv = Base64Decode(base64, binary);
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
CopyASCIItoUTF16(binary, aBinary);
|
||||
} else {
|
||||
aBinary.Truncate();
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (!CopyASCIItoUTF16(binary, aBinary, mozilla::fallible)) {
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
truncater.release();
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
|
|
@ -38,8 +38,6 @@ SlicedInputStream::SlicedInputStream(nsIInputStream* aInputStream,
|
|||
, mLength(aLength)
|
||||
, mCurPos(0)
|
||||
, mClosed(false)
|
||||
, mAsyncWaitFlags(0)
|
||||
, mAsyncWaitRequestedCount(0)
|
||||
{
|
||||
MOZ_ASSERT(aInputStream);
|
||||
SetSourceStream(aInputStream);
|
||||
|
@ -54,8 +52,6 @@ SlicedInputStream::SlicedInputStream()
|
|||
, mLength(0)
|
||||
, mCurPos(0)
|
||||
, mClosed(false)
|
||||
, mAsyncWaitFlags(0)
|
||||
, mAsyncWaitRequestedCount(0)
|
||||
{}
|
||||
|
||||
SlicedInputStream::~SlicedInputStream()
|
||||
|
|
|
@ -87,9 +87,20 @@ LossyCopyUTF16toASCII(const nsAString& aSource, nsACString& aDest)
|
|||
|
||||
void
|
||||
CopyASCIItoUTF16(const nsACString& aSource, nsAString& aDest)
|
||||
{
|
||||
if (!CopyASCIItoUTF16(aSource, aDest, mozilla::fallible)) {
|
||||
// Note that this may wildly underestimate the allocation that failed, as
|
||||
// we report the length of aSource as UTF-16 instead of UTF-8.
|
||||
aDest.AllocFailed(aDest.Length() + aSource.Length());
|
||||
}
|
||||
}
|
||||
|
||||
bool
|
||||
CopyASCIItoUTF16(const nsACString& aSource, nsAString& aDest,
|
||||
const mozilla::fallible_t& aFallible)
|
||||
{
|
||||
aDest.Truncate();
|
||||
AppendASCIItoUTF16(aSource, aDest);
|
||||
return AppendASCIItoUTF16(aSource, aDest, aFallible);
|
||||
}
|
||||
|
||||
void
|
||||
|
|
|
@ -35,6 +35,8 @@ Distance(const nsReadingIterator<char>& aStart,
|
|||
|
||||
void LossyCopyUTF16toASCII(const nsAString& aSource, nsACString& aDest);
|
||||
void CopyASCIItoUTF16(const nsACString& aSource, nsAString& aDest);
|
||||
MOZ_MUST_USE bool CopyASCIItoUTF16(const nsACString& aSource, nsAString& aDest,
|
||||
const mozilla::fallible_t&);
|
||||
|
||||
void LossyCopyUTF16toASCII(const char16ptr_t aSource, nsACString& aDest);
|
||||
void CopyASCIItoUTF16(const char* aSource, nsAString& aDest);
|
||||
|
|
Загрузка…
Ссылка в новой задаче