--- a/.hgtags
+++ b/.hgtags
@@ -118,8 +118,9 @@ 2c951493eef5b50b8085ef78ffe0d7902ff3d593
98086da94ccdc88f6de86774ce3d1fa258dc7c44 FIREFOX_AURORA_38_BASE
1b6bf6612c0f4d4fee81d18bf18016e692f874e1 FIREFOX_AURORA_39_BASE
66a95a483d2c77dfc387019336d18093acd6aac2 FIREFOX_AURORA_40_BASE
312c68b16549de9cea1557f461d5d234bd5e0a7d FIREFOX_AURORA_41_BASE
7a19194812eb767bee7cdf8fc36ba9a383c1bead FIREFOX_AURORA_42_BASE
fcef8ded82219c89298b4e376cfbdfba79a1d35a FIREFOX_AURORA_43_BASE
67a788db9f07822cfef52351bbbe3745dff8bd7f FIREFOX_AURORA_44_BASE
99137d6d4061f408ae0869122649d8bdf489cc30 FIREFOX_AURORA_45_BASE
+67c66c2878aed17ae3096d7db483ddbb2293c503 FIREFOX_AURORA_46_BASE
--- a/CLOBBER
+++ b/CLOBBER
@@ -17,10 +17,10 @@
#
# Modifying this file will now automatically clobber the buildbot machines \o/
#
# Are you updating CLOBBER because you think it's needed for your WebIDL
# changes to stick? As of bug 928195, this shouldn't be necessary! Please
# don't change CLOBBER for WebIDL changes any more.
-Bug 1240627 - Enable AVX2 optimizations in ffvpx on Mac
+Merge day clobber
\ No newline at end of file
--- a/browser/components/search/test/browser_contextmenu.js
+++ b/browser/components/search/test/browser_contextmenu.js
@@ -4,16 +4,19 @@
* Test searching for the selected text using the context menu
*/
add_task(function* () {
const ss = Services.search;
const ENGINE_NAME = "Foo";
var contextMenu;
+ // We want select events to be fired.
+ yield new Promise(resolve => SpecialPowers.pushPrefEnv({"set": [["dom.select_events.enabled", true]]}, resolve));
+
let envService = Cc["@mozilla.org/process/environment;1"].getService(Ci.nsIEnvironment);
let originalValue = envService.get("XPCSHELL_TEST_PROFILE_DIR");
envService.set("XPCSHELL_TEST_PROFILE_DIR", "1");
let url = "chrome://mochitests/content/browser/browser/components/search/test/";
let resProt = Services.io.getProtocolHandler("resource")
.QueryInterface(Ci.nsIResProtocolHandler);
let originalSubstitution = resProt.getSubstitution("search-plugins");
--- a/browser/config/version.txt
+++ b/browser/config/version.txt
@@ -1,1 +1,1 @@
-46.0a1
+47.0a1
--- a/browser/config/version_display.txt
+++ b/browser/config/version_display.txt
@@ -1,1 +1,1 @@
-46.0a1
+47.0a1
--- a/config/milestone.txt
+++ b/config/milestone.txt
@@ -5,9 +5,9 @@
# x.x.x.x
# x.x.x+
#
# Referenced by milestone.py.
# Hopefully I'll be able to automate replacement of *all*
# hardcoded milestones in the tree from these two files.
#--------------------------------------------------------
-46.0a1
+47.0a1
--- a/dom/bindings/BindingUtils.h
+++ b/dom/bindings/BindingUtils.h
@@ -2304,17 +2304,17 @@ public:
Nullable<nsTArray<T> >* mNullableArray;
};
SequenceType mSequenceType;
};
// Rooter class for MozMap; this is what we mostly use in the codegen.
template<typename T>
-class MOZ_RAII MozMapRooter : private JS::CustomAutoRooter
+class MOZ_RAII MozMapRooter final : private JS::CustomAutoRooter
{
public:
MozMapRooter(JSContext *aCx, MozMap<T>* aMozMap
MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
: JS::CustomAutoRooter(aCx MOZ_GUARD_OBJECT_NOTIFIER_PARAM_TO_PARENT),
mMozMap(aMozMap),
mMozMapType(eMozMap)
{
--- a/dom/bindings/TypedArray.h
+++ b/dom/bindings/TypedArray.h
@@ -407,18 +407,18 @@ public:
}
private:
Nullable<ArrayType>* const mArray;
};
// Class for easily setting up a rooted typed array object on the stack
template<typename ArrayType>
-class MOZ_RAII RootedTypedArray : public ArrayType,
- private TypedArrayRooter<ArrayType>
+class MOZ_RAII RootedTypedArray final : public ArrayType,
+ private TypedArrayRooter<ArrayType>
{
public:
explicit RootedTypedArray(JSContext* cx MOZ_GUARD_OBJECT_NOTIFIER_PARAM) :
ArrayType(),
TypedArrayRooter<ArrayType>(cx, this
MOZ_GUARD_OBJECT_NOTIFIER_PARAM_TO_PARENT)
{
}
--- a/gfx/layers/basic/BasicCompositor.cpp
+++ b/gfx/layers/basic/BasicCompositor.cpp
@@ -544,16 +544,19 @@ BasicCompositor::BeginFrame(const nsIntR
if (mTarget) {
// If we have a copy target, then we don't have a widget-provided mDrawTarget (currently). Use a dummy
// placeholder so that CreateRenderTarget() works.
mDrawTarget = gfxPlatform::GetPlatform()->ScreenReferenceDrawTarget();
} else {
// StartRemoteDrawingInRegion can mutate mInvalidRegion.
mDrawTarget = mWidget->StartRemoteDrawingInRegion(mInvalidRegion);
+ if (!mDrawTarget) {
+ return;
+ }
mInvalidRect = mInvalidRegion.GetBounds();
if (mInvalidRect.IsEmpty()) {
mWidget->EndRemoteDrawingInRegion(mDrawTarget, mInvalidRegion);
return;
}
}
if (!mDrawTarget || mInvalidRect.IsEmpty()) {
--- a/js/src/jit/RangeAnalysis.cpp
+++ b/js/src/jit/RangeAnalysis.cpp
@@ -2082,17 +2082,17 @@ RangeAnalysis::analyzeLoopPhi(MBasicBloc
return;
SimpleLinearSum modified = ExtractLinearSum(phi->getLoopBackedgeOperand());
if (modified.term != phi || modified.constant == 0)
return;
if (!phi->range())
- phi->setRange(new(alloc()) Range());
+ phi->setRange(new(alloc()) Range(phi));
LinearSum initialSum(alloc());
if (!initialSum.add(initial, 1))
return;
// The phi may change by N each iteration, and is either nondecreasing or
// nonincreasing. initial(phi) is either a lower or upper bound for the
// phi, and initial(phi) + loopBound * N is either an upper or lower bound,
new file mode 100644
--- /dev/null
+++ b/security/nss/.clang-format
@@ -0,0 +1,64 @@
+---
+Language: Cpp
+# BasedOnStyle: Mozilla
+AccessModifierOffset: -2
+AlignAfterOpenBracket: true
+AlignEscapedNewlinesLeft: false
+AlignOperands: true
+AlignTrailingComments: true
+AllowAllParametersOfDeclarationOnNextLine: false
+AllowShortBlocksOnASingleLine: false
+AllowShortCaseLabelsOnASingleLine: false
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+AllowShortFunctionsOnASingleLine: All
+AlwaysBreakAfterDefinitionReturnType: true
+AlwaysBreakTemplateDeclarations: false
+AlwaysBreakBeforeMultilineStrings: false
+BreakBeforeBinaryOperators: None
+BreakBeforeTernaryOperators: true
+BreakConstructorInitializersBeforeComma: false
+BinPackParameters: true
+BinPackArguments: true
+ColumnLimit: 0
+ConstructorInitializerAllOnOneLineOrOnePerLine: true
+ConstructorInitializerIndentWidth: 4
+DerivePointerAlignment: true
+ExperimentalAutoDetectBinPacking: false
+IndentCaseLabels: true
+IndentWrappedFunctionNames: false
+IndentFunctionDeclarationAfterType: false
+MaxEmptyLinesToKeep: 1
+KeepEmptyLinesAtTheStartOfBlocks: true
+NamespaceIndentation: None
+ObjCBlockIndentWidth: 2
+ObjCSpaceAfterProperty: true
+ObjCSpaceBeforeProtocolList: false
+PenaltyBreakBeforeFirstCallParameter: 19
+PenaltyBreakComment: 300
+PenaltyBreakString: 1000
+PenaltyBreakFirstLessLess: 120
+PenaltyExcessCharacter: 1000000
+PenaltyReturnTypeOnItsOwnLine: 200
+PointerAlignment: Right
+SpacesBeforeTrailingComments: 1
+Cpp11BracedListStyle: false
+Standard: Cpp03
+IndentWidth: 4
+TabWidth: 8
+UseTab: Never
+BreakBeforeBraces: Linux
+SpacesInParentheses: false
+SpacesInSquareBrackets: false
+SpacesInAngles: false
+SpaceInEmptyParentheses: false
+SpacesInCStyleCastParentheses: false
+SpaceAfterCStyleCast: false
+SpacesInContainerLiterals: true
+SpaceBeforeAssignmentOperators: true
+ContinuationIndentWidth: 4
+CommentPragmas: '^ IWYU pragma:'
+ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ]
+SpaceBeforeParens: ControlStatements
+DisableFormat: false
+...
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_21_RTM
+NSS_3_22_BETA2
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -3491,16 +3491,19 @@ shutdown:
PR_Close(outFile);
}
SECITEM_FreeItem(&certReqDER, PR_FALSE);
SECITEM_FreeItem(&certDER, PR_FALSE);
if (pwdata.data && pwdata.source == PW_PLAINTEXT) {
/* Allocated by a PL_strdup call in SECU_GetModulePassword. */
PL_strfree(pwdata.data);
}
+ if (email) {
+ PL_strfree(email);
+ }
/* Open the batch command file.
*
* - If -B <command line> option is specified, the contents in the
* command file will be interpreted as subsequent certutil
* commands to be executed in the current certutil process
* context after the current certutil command has been executed.
* - Each line in the command file consists of the command
--- a/security/nss/cmd/certutil/keystuff.c
+++ b/security/nss/cmd/certutil/keystuff.c
@@ -37,17 +37,17 @@ extern char *sys_errlist[];
#define ERROR_BREAK rv = SECFailure;break;
const SEC_ASN1Template SECKEY_PQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
- { 0, }
+ { 0 }
};
/* returns 0 for success, -1 for failure (EOF encountered) */
static int
UpdateRNG(void)
{
char randbuf[RAND_BUF_SIZE];
int fd, count;
deleted file mode 100644
--- a/security/nss/cmd/checkcert/Makefile
+++ /dev/null
@@ -1,48 +0,0 @@
-#! gmake
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-#######################################################################
-# (1) Include initial platform-independent assignments (MANDATORY). #
-#######################################################################
-
-include manifest.mn
-
-#######################################################################
-# (2) Include "global" configuration information. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/config.mk
-
-#######################################################################
-# (3) Include "component" configuration information. (OPTIONAL) #
-#######################################################################
-
-#######################################################################
-# (4) Include "local" platform-dependent assignments (OPTIONAL). #
-#######################################################################
-
-include ../platlibs.mk
-
-#######################################################################
-# (5) Execute "global" rules. (OPTIONAL) #
-#######################################################################
-
-include $(CORE_DEPTH)/coreconf/rules.mk
-
-#######################################################################
-# (6) Execute "component" rules. (OPTIONAL) #
-#######################################################################
-
-
-
-#######################################################################
-# (7) Execute "local" rules. (OPTIONAL). #
-#######################################################################
-
-
-
-include ../platrules.mk
-
deleted file mode 100644
--- a/security/nss/cmd/checkcert/checkcert.c
+++ /dev/null
@@ -1,575 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "secutil.h"
-#include "plgetopt.h"
-#include "cert.h"
-#include "secoid.h"
-#include "cryptohi.h"
-
-/* maximum supported modulus length in bits (indicate problem if over this) */
-#define MAX_MODULUS (1024)
-
-
-static void Usage(char *progName)
-{
- fprintf(stderr, "Usage: %s [aAvf] [certtocheck] [issuingcert]\n",
- progName);
- fprintf(stderr, "%-20s Cert to check is base64 encoded\n",
- "-a");
- fprintf(stderr, "%-20s Issuer's cert is base64 encoded\n",
- "-A");
- fprintf(stderr, "%-20s Verbose (indicate decoding progress etc.)\n",
- "-v");
- fprintf(stderr, "%-20s Force sanity checks even if pretty print fails.\n",
- "-f");
- fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
- "-o output");
- fprintf(stderr, "%-20s Specify the input type (no default)\n",
- "-t type");
- exit(-1);
-}
-
-
-/*
- * Check integer field named fieldName, printing out results and
- * returning the length of the integer in bits
- */
-
-static
-int checkInteger(SECItem *intItem, char *fieldName, int verbose)
-{
- int len, bitlen;
- if (verbose) {
- printf("Checking %s\n", fieldName);
- }
-
- len = intItem->len;
-
- if (len && (intItem->data[0] & 0x80)) {
- printf("PROBLEM: %s is NEGATIVE 2's-complement integer.\n",
- fieldName);
- }
-
-
- /* calculate bit length and check for unnecessary leading zeros */
- bitlen = len << 3;
- if (len > 1 && intItem->data[0] == 0) {
- /* leading zero byte(s) */
- if (!(intItem->data[1] & 0x80)) {
- printf("PROBLEM: %s has unneeded leading zeros. Violates DER.\n",
- fieldName);
- }
- /* strip leading zeros in length calculation */
- {
- int i=0;
- while (bitlen > 8 && intItem->data[i] == 0) {
- bitlen -= 8;
- i++;
- }
- }
- }
- return bitlen;
-}
-
-
-
-
-static
-void checkName(CERTName *n, char *fieldName, int verbose)
-{
- char *v=0;
- if (verbose) {
- printf("Checking %s\n", fieldName);
- }
-
- v = CERT_GetCountryName(n);
- if (!v) {
- printf("PROBLEM: %s lacks Country Name (C)\n",
- fieldName);
- }
- PORT_Free(v);
-
- v = CERT_GetOrgName(n);
- if (!v) {
- printf("PROBLEM: %s lacks Organization Name (O)\n",
- fieldName);
- }
- PORT_Free(v);
-
- v = CERT_GetOrgUnitName(n);
- if (!v) {
- printf("WARNING: %s lacks Organization Unit Name (OU)\n",
- fieldName);
- }
- PORT_Free(v);
-
- v = CERT_GetCommonName(n);
- if (!v) {
- printf("PROBLEM: %s lacks Common Name (CN)\n",
- fieldName);
- }
- PORT_Free(v);
-}
-
-
-static
-SECStatus
-OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
- SECItem *sig, SECAlgorithmID *sigAlgorithm)
-{
- SECStatus rv;
- VFYContext *cx;
- SECOidData *sigAlgOid, *oiddata;
- SECOidTag hashAlgTag;
- int showDigestOid=0;
-
- cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag,
- NULL);
- if (cx == NULL)
- return SECFailure;
-
- sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
- if (sigAlgOid == 0)
- return SECFailure;
-
- if (showDigestOid) {
- oiddata = SECOID_FindOIDByTag(hashAlgTag);
- if ( oiddata ) {
- printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
- } else {
- SECU_PrintAsHex(stdout,
- &oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
- }
- }
-
- rv = VFY_Begin(cx);
- if (rv == SECSuccess) {
- rv = VFY_Update(cx, buf, len);
- if (rv == SECSuccess)
- rv = VFY_End(cx);
- }
-
- VFY_DestroyContext(cx, PR_TRUE);
- return rv;
-}
-
-
-
-static
-SECStatus
-OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert)
-{
- SECItem sig;
- SECKEYPublicKey *pubKey = 0;
- SECStatus rv;
-
- /* check the certificate's validity */
- rv = CERT_CertTimesValid(cert);
- if ( rv ) {
- return(SECFailure);
- }
-
- /* get cert's public key */
- pubKey = CERT_ExtractPublicKey(cert);
- if ( !pubKey ) {
- return(SECFailure);
- }
-
- /* check the signature */
- sig = sd->signature;
- DER_ConvertBitString(&sig);
- rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig,
- &sd->signatureAlgorithm);
-
- SECKEY_DestroyPublicKey(pubKey);
-
- if ( rv ) {
- return(SECFailure);
- }
-
- return(SECSuccess);
-}
-
-
-
-
-static
-CERTCertificate *createEmptyCertificate(void)
-{
- PLArenaPool *arena = 0;
- CERTCertificate *c = 0;
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- return 0;
- }
-
-
- c = (CERTCertificate *) PORT_ArenaZAlloc(arena, sizeof(CERTCertificate));
-
- if (c) {
- c->referenceCount = 1;
- c->arena = arena;
- } else {
- PORT_FreeArena(arena,PR_TRUE);
- }
-
- return c;
-}
-
-
-int main(int argc, char **argv)
-{
- int verbose=0, force=0;
- int ascii=0, issuerAscii=0;
- char *progName=0;
- PRFileDesc *inFile=0, *issuerCertFile=0;
- SECItem derCert, derIssuerCert;
- PLArenaPool *arena=0;
- CERTSignedData *signedData=0;
- CERTCertificate *cert=0, *issuerCert=0;
- SECKEYPublicKey *rsapubkey=0;
- SECAlgorithmID md5WithRSAEncryption, md2WithRSAEncryption;
- SECAlgorithmID sha1WithRSAEncryption, rsaEncryption;
- SECItem spk;
- int selfSigned=0;
- int invalid=0;
- char *inFileName = NULL, *issuerCertFileName = NULL;
- PLOptState *optstate;
- PLOptStatus status;
- SECStatus rv;
-
- PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption));
- PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption));
- PORT_Memset(&sha1WithRSAEncryption, 0, sizeof(sha1WithRSAEncryption));
- PORT_Memset(&rsaEncryption, 0, sizeof(rsaEncryption));
-
- progName = strrchr(argv[0], '/');
- progName = progName ? progName+1 : argv[0];
-
- optstate = PL_CreateOptState(argc, argv, "aAvf");
- while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
- switch (optstate->option) {
- case 'v':
- verbose = 1;
- break;
-
- case 'f':
- force = 1;
- break;
-
- case 'a':
- ascii = 1;
- break;
-
- case 'A':
- issuerAscii = 1;
- break;
-
- case '\0':
- if (!inFileName)
- inFileName = PL_strdup(optstate->value);
- else if (!issuerCertFileName)
- issuerCertFileName = PL_strdup(optstate->value);
- else
- Usage(progName);
- break;
- }
- }
-
- if (!inFileName || !issuerCertFileName || status == PL_OPT_BAD) {
- /* insufficient or excess args */
- Usage(progName);
- }
-
- inFile = PR_Open(inFileName, PR_RDONLY, 0);
- if (!inFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, inFileName);
- exit(1);
- }
-
- issuerCertFile = PR_Open(issuerCertFileName, PR_RDONLY, 0);
- if (!issuerCertFile) {
- fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
- progName, issuerCertFileName);
- exit(1);
- }
-
- if (SECU_ReadDERFromFile(&derCert, inFile, ascii, PR_FALSE) != SECSuccess) {
- printf("Couldn't read input certificate as DER binary or base64\n");
- exit(1);
- }
-
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if (arena == 0) {
- fprintf(stderr,"%s: can't allocate scratch arena!", progName);
- exit(1);
- }
-
- if (issuerCertFile) {
- CERTSignedData *issuerCertSD=0;
- if (SECU_ReadDERFromFile(&derIssuerCert, issuerCertFile, issuerAscii,
- PR_FALSE) != SECSuccess) {
- printf("Couldn't read issuer certificate as DER binary or base64.\n");
- exit(1);
- }
- issuerCertSD = PORT_ArenaZNew(arena, CERTSignedData);
- if (!issuerCertSD) {
- fprintf(stderr,"%s: can't allocate issuer signed data!", progName);
- exit(1);
- }
- rv = SEC_ASN1DecodeItem(arena, issuerCertSD,
- SEC_ASN1_GET(CERT_SignedDataTemplate),
- &derIssuerCert);
- if (rv) {
- fprintf(stderr, "%s: Issuer cert isn't X509 SIGNED Data?\n",
- progName);
- exit(1);
- }
- issuerCert = createEmptyCertificate();
- if (!issuerCert) {
- printf("%s: can't allocate space for issuer cert.", progName);
- exit(1);
- }
- rv = SEC_ASN1DecodeItem(arena, issuerCert,
- SEC_ASN1_GET(CERT_CertificateTemplate),
- &issuerCertSD->data);
- if (rv) {
- printf("%s: Does not appear to be an X509 Certificate.\n",
- progName);
- exit(1);
- }
- }
-
- signedData = PORT_ArenaZNew(arena,CERTSignedData);
- if (!signedData) {
- fprintf(stderr,"%s: can't allocate signedData!", progName);
- exit(1);
- }
-
- rv = SEC_ASN1DecodeItem(arena, signedData,
- SEC_ASN1_GET(CERT_SignedDataTemplate),
- &derCert);
- if (rv) {
- fprintf(stderr, "%s: Does not appear to be X509 SIGNED Data.\n",
- progName);
- exit(1);
- }
-
- if (verbose) {
- printf("Decoded ok as X509 SIGNED data.\n");
- }
-
- cert = createEmptyCertificate();
- if (!cert) {
- fprintf(stderr, "%s: can't allocate cert", progName);
- exit(1);
- }
-
- rv = SEC_ASN1DecodeItem(arena, cert,
- SEC_ASN1_GET(CERT_CertificateTemplate),
- &signedData->data);
- if (rv) {
- fprintf(stderr, "%s: Does not appear to be an X509 Certificate.\n",
- progName);
- exit(1);
- }
-
-
- if (verbose) {
- printf("Decoded ok as an X509 certificate.\n");
- }
-
- SECU_RegisterDynamicOids();
- rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0,
- (SECU_PPFunc)SECU_PrintCertificate);
-
- if (rv) {
- fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n",
- progName, PORT_GetError());
- if (!force) {
- exit(1);
- }
- }
-
-
- /* Do various checks on the cert */
-
- printf("\n");
-
- /* Check algorithms */
- rv = SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption,
- SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL);
- if (rv) {
- fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION.\n",
- progName);
- exit(1);
- }
-
- rv = SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption,
- SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL);
- if (rv) {
- fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION.\n",
- progName);
- exit(1);
- }
-
- rv = SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption,
- SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL);
- if (rv) {
- fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION.\n",
- progName);
- exit(1);
- }
-
- rv = SECOID_SetAlgorithmID(arena, &rsaEncryption,
- SEC_OID_PKCS1_RSA_ENCRYPTION, NULL);
- if (rv) {
- fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_RSA_ENCRYPTION.\n",
- progName);
- exit(1);
- }
-
- {
- int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature,
- &md5WithRSAEncryption) == 0);
- int isMD2RSA = (SECOID_CompareAlgorithmID(&cert->signature,
- &md2WithRSAEncryption) == 0);
- int isSHA1RSA = (SECOID_CompareAlgorithmID(&cert->signature,
- &sha1WithRSAEncryption) == 0);
-
- if (verbose) {
- printf("\nDoing algorithm checks.\n");
- }
-
- if (!(isMD5RSA || isMD2RSA || isSHA1RSA)) {
- printf("PROBLEM: Signature not PKCS1 MD5, MD2, or SHA1 + RSA.\n");
- } else if (!isMD5RSA) {
- printf("WARNING: Signature not PKCS1 MD5 with RSA Encryption\n");
- }
-
- if (SECOID_CompareAlgorithmID(&cert->signature,
- &signedData->signatureAlgorithm)) {
- printf("PROBLEM: Algorithm in sig and certInfo don't match.\n");
- }
- }
-
- if (SECOID_CompareAlgorithmID(&cert->subjectPublicKeyInfo.algorithm,
- &rsaEncryption)) {
- printf("PROBLEM: Public key algorithm is not PKCS1 RSA Encryption.\n");
- }
-
- /* Check further public key properties */
- spk = cert->subjectPublicKeyInfo.subjectPublicKey;
- DER_ConvertBitString(&spk);
-
- if (verbose) {
- printf("\nsubjectPublicKey DER\n");
- rv = DER_PrettyPrint(stdout, &spk, PR_FALSE);
- printf("\n");
- }
-
- rsapubkey = (SECKEYPublicKey *)
- PORT_ArenaZAlloc(arena,sizeof(SECKEYPublicKey));
- if (!rsapubkey) {
- fprintf(stderr, "%s: rsapubkey allocation failed.\n", progName);
- exit(1);
- }
-
- rv = SEC_ASN1DecodeItem(arena, rsapubkey,
- SEC_ASN1_GET(SECKEY_RSAPublicKeyTemplate), &spk);
- if (rv) {
- printf("PROBLEM: subjectPublicKey is not a DER PKCS1 RSAPublicKey.\n");
- } else {
- int mlen;
- int pubexp;
- if (verbose) {
- printf("Decoded RSA Public Key ok. Doing key checks.\n");
- }
- PORT_Assert(rsapubkey->keyType == rsaKey); /* XXX RSA */
- mlen = checkInteger(&rsapubkey->u.rsa.modulus, "Modulus", verbose);
- printf("INFO: Public Key modulus length in bits: %d\n", mlen);
- if (mlen > MAX_MODULUS) {
- printf("PROBLEM: Modulus length exceeds %d bits.\n",
- MAX_MODULUS);
- }
- if (mlen < 512) {
- printf("WARNING: Short modulus.\n");
- }
- if (mlen != (1 << (ffs(mlen)-1))) {
- printf("WARNING: Unusual modulus length (not a power of two).\n");
- }
- checkInteger(&rsapubkey->u.rsa.publicExponent, "Public Exponent",
- verbose);
- pubexp = DER_GetInteger(&rsapubkey->u.rsa.publicExponent);
- if (pubexp != 17 && pubexp != 3 && pubexp != 65537) {
- printf("WARNING: Public exponent not any of: 3, 17, 65537\n");
- }
- }
-
-
- /* Name checks */
- checkName(&cert->issuer, "Issuer Name", verbose);
- checkName(&cert->subject, "Subject Name", verbose);
-
- if (issuerCert) {
- SECComparison c =
- CERT_CompareName(&cert->issuer, &issuerCert->subject);
- if (c) {
- printf("PROBLEM: Issuer Name and Subject in Issuing Cert differ\n");
- }
- }
-
- /* Check if self-signed */
- selfSigned = (CERT_CompareName(&cert->issuer, &cert->subject) == 0);
- if (selfSigned) {
- printf("INFO: Certificate is self signed.\n");
- } else {
- printf("INFO: Certificate is NOT self-signed.\n");
- }
-
-
- /* Validity time check */
- if (CERT_CertTimesValid(cert) == SECSuccess) {
- printf("INFO: Inside validity period of certificate.\n");
- } else {
- printf("PROBLEM: Not in validity period of certificate.\n");
- invalid = 1;
- }
-
- /* Signature check if self-signed */
- if (selfSigned && !invalid) {
- if (rsapubkey->u.rsa.modulus.len) {
- SECStatus ver;
- if (verbose) {
- printf("Checking self signature.\n");
- }
- ver = OurVerifySignedData(signedData, cert);
- if (ver != SECSuccess) {
- printf("PROBLEM: Verification of self-signature failed!\n");
- } else {
- printf("INFO: Self-signature verifies ok.\n");
- }
- } else {
- printf("INFO: Not checking signature due to key problems.\n");
- }
- } else if (!selfSigned && !invalid && issuerCert) {
- SECStatus ver;
- ver = OurVerifySignedData(signedData, issuerCert);
- if (ver != SECSuccess) {
- printf("PROBLEM: Verification of issuer's signature failed!\n");
- } else {
- printf("INFO: Issuer's signature verifies ok.\n");
- }
- } else {
- printf("INFO: Not checking signature.\n");
- }
-
- return 0;
-}
-
-
-
deleted file mode 100644
--- a/security/nss/cmd/checkcert/manifest.mn
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-CORE_DEPTH = ../..
-
-# MODULE public and private header directories are implicitly REQUIRED.
-MODULE = nss
-
-# This next line is used by .mk files
-# and gets translated into $LINCS in manifest.mnw
-REQUIRES = seccmd dbm
-
-DEFINES = -DNSPR20
-
-CSRCS = checkcert.c
-
-PROGRAM = checkcert
--- a/security/nss/cmd/fipstest/fipstest.c
+++ b/security/nss/cmd/fipstest/fipstest.c
@@ -5339,19 +5339,19 @@ rsa_siggen_test(char *reqfn)
unsigned char msg[128]; /* MAX msg 128 */
unsigned int rsa_bytes_signed;
unsigned char rsa_computed_signature[RSA_MAX_TEST_MODULUS_BYTES];
SECStatus rv = SECFailure;
NSSLOWKEYPublicKey * rsa_public_key;
NSSLOWKEYPrivateKey * rsa_private_key;
NSSLOWKEYPrivateKey low_RSA_private_key = { NULL,
- NSSLOWKEYRSAKey, };
+ NSSLOWKEYRSAKey };
NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
- NSSLOWKEYRSAKey, };
+ NSSLOWKEYRSAKey };
low_RSA_private_key.u.rsa = *rsaBlapiPrivKey;
low_RSA_public_key.u.rsa = *rsaBlapiPublicKey;
rsa_private_key = &low_RSA_private_key;
rsa_public_key = &low_RSA_public_key;
memset(sha, 0, sizeof sha);
@@ -5605,17 +5605,17 @@ rsa_sigver_test(char *reqfn)
}
/* S = ... */
if (buf[0] == 'S') {
SECStatus rv = SECFailure;
NSSLOWKEYPublicKey * rsa_public_key;
NSSLOWKEYPublicKey low_RSA_public_key = { NULL,
- NSSLOWKEYRSAKey, };
+ NSSLOWKEYRSAKey };
/* convert to a low RSA public key */
low_RSA_public_key.u.rsa = rsaBlapiPublicKey;
rsa_public_key = &low_RSA_public_key;
memset(signature, 0, sizeof(signature));
i = 1;
while (isspace(buf[i]) || buf[i] == '=') {
--- a/security/nss/cmd/lib/derprint.c
+++ b/security/nss/cmd/lib/derprint.c
@@ -25,16 +25,23 @@ getInteger256(const unsigned char *data,
break;
case 2:
val = (data[0] << 8) | data[1];
break;
case 3:
val = (data[0] << 16) | (data[1] << 8) | data[2];
break;
case 4:
+ /* If the most significant bit of data[0] is 1, val would be negative.
+ * Treat it as an error.
+ */
+ if (data[0] & 0x80) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
+ }
val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
break;
default:
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
return val;
@@ -227,16 +234,20 @@ prettyPrintObjectID(FILE *out, const uns
/*
* First print the Object Id in numeric format
*/
rv = prettyIndent(out, level);
if (rv < 0)
return rv;
+ if (len == 0) {
+ PORT_SetError(SEC_ERROR_BAD_DER);
+ return -1;
+ }
val = data[0];
i = val % 40;
val = val / 40;
rv = fprintf(out, "%lu %u ", val, i);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
@@ -277,34 +288,27 @@ prettyPrintObjectID(FILE *out, const uns
rv = fprintf(out, "(%s)", oiddata->desc);
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
}
- /*
- * Finally, on a new line, print the raw bytes (if requested).
- */
+ rv = prettyNewline(out);
+ if (rv < 0)
+ return rv;
+
if (raw) {
- rv = prettyNewline(out);
- if (rv < 0) {
- PORT_SetError(SEC_ERROR_IO);
+ rv = prettyPrintLeaf(out, data, len, level);
+ if (rv < 0)
return rv;
- }
-
- for (i = 0; i < len; i++) {
- rv = prettyPrintByte(out, *data++, level);
- if (rv < 0)
- return rv;
- }
}
- return prettyNewline(out);
+ return 0;
}
static char *prettyTagType [32] = {
"End of Contents",
"Boolean",
"Integer",
"Bit String",
"Octet String",
@@ -418,16 +422,17 @@ prettyPrintLength(FILE *out, const unsig
if (rv < 0) {
PORT_SetError(SEC_ERROR_IO);
return rv;
}
*indefinitep = PR_FALSE;
lbyte = *data++;
+ lenLen = 1;
if (lbyte >= 0x80) {
/* Multibyte length */
unsigned nb = (unsigned) (lbyte & 0x7f);
if (nb > 4) {
PORT_SetError(SEC_ERROR_BAD_DER);
return -1;
}
if (nb > 0) {
@@ -439,32 +444,31 @@ prettyPrintLength(FILE *out, const unsig
}
il = getInteger256(data, nb);
if (il < 0) return -1;
*lenp = (unsigned) il;
} else {
*lenp = 0;
*indefinitep = PR_TRUE;
}
- lenLen = nb + 1;
+ lenLen += nb;
if (raw) {
unsigned int i;
rv = prettyPrintByte(out, lbyte, lv);
if (rv < 0)
return rv;
for (i = 0; i < nb; i++) {
rv = prettyPrintByte(out, data[i], lv);
if (rv < 0)
return rv;
}
}
} else {
*lenp = lbyte;
- lenLen = 1;
if (raw) {
rv = prettyPrintByte(out, lbyte, lv);
if (rv < 0)
return rv;
}
}
if (*indefinitep)
rv = fprintf(out, "(indefinite)\n");
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -415,16 +415,19 @@ SECU_DefaultSSLDir(void)
{
char *dir;
static char sslDir[1000];
dir = PR_GetEnv("SSL_DIR");
if (!dir)
return NULL;
+ if (strlen(dir) >= PR_ARRAY_SIZE(sslDir)) {
+ return NULL;
+ }
sprintf(sslDir, "%s", dir);
if (sslDir[strlen(sslDir)-1] == '/')
sslDir[strlen(sslDir)-1] = 0;
return sslDir;
}
@@ -3295,16 +3298,17 @@ SECU_displayVerifyLog(FILE *outfile, CER
break;
case KU_KEY_CERT_SIGN:
errstr = "Cert cannot sign other certs.";
break;
default:
errstr = "[unknown usage].";
break;
}
+ break;
case SEC_ERROR_INADEQUATE_CERT_TYPE:
flags = (unsigned int)((char *)node->arg - (char *)NULL);
switch (flags) {
case NS_CERT_TYPE_SSL_CLIENT:
case NS_CERT_TYPE_SSL_SERVER:
errstr = "Cert cannot be used for SSL.";
break;
case NS_CERT_TYPE_SSL_CA:
@@ -3321,16 +3325,17 @@ SECU_displayVerifyLog(FILE *outfile, CER
break;
case NS_CERT_TYPE_OBJECT_SIGNING_CA:
errstr = "Cert cannot be used as an object signing CA.";
break;
default:
errstr = "[unknown usage].";
break;
}
+ break;
case SEC_ERROR_UNKNOWN_ISSUER:
case SEC_ERROR_UNTRUSTED_ISSUER:
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
errstr = node->cert->issuerName;
break;
default:
break;
}
--- a/security/nss/cmd/libpkix/pkixutil/pkixutil.c
+++ b/security/nss/cmd/libpkix/pkixutil/pkixutil.c
@@ -149,17 +149,17 @@ testFunctionRef testFnRefTable[] = {
{"test_hashtable", test_hashtable},
{"test_mem", test_mem},
{"test_monitorlock", test_monitorlock},
{"test_mutex", test_mutex},
{"test_mutex2", test_mutex2},
{"test_mutex3", test_mutex3},
{"test_object", test_object},
{"test_oid", test_oid},
-/* {"test_rwlock", test_rwlock, }*/
+/* {"test_rwlock", test_rwlock }*/
{"test_string", test_string},
{"test_string2", test_string2},
{"build_chain", build_chain},
{"dumpcert", dumpcert},
{"dumpcrl", dumpcrl},
{"validate_chain", validate_chain},
{NULL, NULL },
};
--- a/security/nss/cmd/makepqg/makepqg.c
+++ b/security/nss/cmd/makepqg/makepqg.c
@@ -23,17 +23,17 @@
char *progName;
const SEC_ASN1Template seckey_PQGParamsTemplate[] = {
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
{ SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
- { 0, }
+ { 0 }
};
void
Usage(void)
{
fprintf(stderr, "Usage: %s\n", progName);
--- a/security/nss/cmd/manifest.mn
+++ b/security/nss/cmd/manifest.mn
@@ -1,35 +1,53 @@
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
DEPTH = ..
# MODULE = seccmd
+SOFTOKEN_SRCDIRS=
+NSS_SRCDIRS=
+LIB_SRCDIRS=
+
+ifdef NSS_BUILD_UTIL_ONLY
+REQUIRES = nspr
+else
REQUIRES = nss nspr libdbm
+LIB_SRCDIRS = \
+ lib \
+ $(NULL)
+endif
-DIRS = lib \
+ifndef NSS_BUILD_UTIL_ONLY
+SOFTOKEN_SRCDIRS = \
+ $(BLTEST_SRCDIR) \
+ $(FIPSTEST_SRCDIR) \
+ $(LOWHASHTEST_SRCDIR) \
+ $(SHLIBSIGN_SRCDIR) \
+ $(NULL)
+endif
+
+ifndef NSS_BUILD_SOFTOKEN_ONLY
+ifndef NSS_BUILD_UTIL_ONLY
+NSS_SRCDIRS = \
addbuiltin \
atob \
- $(BLTEST_SRCDIR) \
btoa \
certcgi \
certutil \
- checkcert \
chktest \
crlutil \
crmftest \
dbtest \
derdump \
digest \
httpserv \
- $(FIPSTEST_SRCDIR) \
- $(LOWHASHTEST_SRCDIR) \
listsuites \
makepqg \
multinit \
ocspclnt \
ocspresp \
oidcalc \
p7content \
p7env \
@@ -42,27 +60,33 @@ DIRS = lib \
pkix-errcodes \
pp \
pwdecrypt \
rsaperf \
sdrtest \
selfserv \
signtool \
signver \
- $(SHLIBSIGN_SRCDIR) \
smimetools \
ssltap \
strsclnt \
symkeyutil \
tests \
tstclnt \
vfychain \
vfyserv \
modutil \
$(NULL)
+endif
+endif
+
+DIRS = \
+ $(LIB_SRCDIRS) \
+ $(SOFTOKEN_SRCDIRS) \
+ $(NSS_SRCDIRS)
TEMPORARILY_DONT_BUILD = \
$(NULL)
# rsaperf \
#
# needs to look at what needs to happen to make jar build in
# the binary release environment.
--- a/security/nss/cmd/modutil/install-ds.c
+++ b/security/nss/cmd/modutil/install-ds.c
@@ -188,31 +188,29 @@ Pk11Install_File_Generate(Pk11Install_Fi
subiter = Pk11Install_ListIter_new(subpair->list);
subval = subiter->current;
if(!subval || (subval->type != STRING_VALUE)){
errStr = PR_smprintf(errString[BOGUS_RELATIVE_DIR],
_this->jarPath);
goto loser;
}
_this->relativePath = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(subiter);
- subiter = NULL;
+ Pk11Install_ListIter_delete(&subiter);
/* Absolute directory */
} else if( !PORT_Strcasecmp(subpair->key, ABSOLUTE_DIR_STRING)) {
subiter = Pk11Install_ListIter_new(subpair->list);
subval = subiter->current;
if(!subval || (subval->type != STRING_VALUE)){
errStr = PR_smprintf(errString[BOGUS_ABSOLUTE_DIR],
_this->jarPath);
goto loser;
}
_this->absolutePath = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(subiter);
- subiter = NULL;
+ Pk11Install_ListIter_delete(&subiter);
/* file permissions */
} else if( !PORT_Strcasecmp(subpair->key,
FILE_PERMISSIONS_STRING)) {
subiter = Pk11Install_ListIter_new(subpair->list);
subval = subiter->current;
if(!subval || (subval->type != STRING_VALUE) ||
!subval->string || !subval->string[0]){
@@ -222,18 +220,17 @@ Pk11Install_File_Generate(Pk11Install_Fi
}
_this->permissions = (int) strtol(subval->string, &endp, 8);
if(*endp != '\0') {
errStr = PR_smprintf(errString[BOGUS_FILE_PERMISSIONS],
_this->jarPath);
goto loser;
}
gotPerms = PR_TRUE;
- Pk11Install_ListIter_delete(subiter);
- subiter = NULL;
+ Pk11Install_ListIter_delete(&subiter);
}
} else {
if(!PORT_Strcasecmp(val->string, EXECUTABLE_STRING)) {
_this->executable = PR_TRUE;
}
}
}
@@ -255,22 +252,20 @@ Pk11Install_File_Generate(Pk11Install_Fi
if(!_this->absolutePath) {
errStr = PR_smprintf(errString[NO_ABSOLUTE_DIR], _this->jarPath);
goto loser;
}
#endif
loser:
if(iter) {
- Pk11Install_ListIter_delete(iter);
- PR_Free(iter);
+ Pk11Install_ListIter_delete(&iter);
}
if(subiter) {
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
+ Pk11Install_ListIter_delete(&subiter);
}
return errStr;
}
/*
//////////////////////////////////////////////////////////////////////////
// Method: Print
// Class: Pk11Install_File
@@ -631,22 +626,25 @@ Pk11Install_PlatformName_GetVerString(Pk
/*
//////////////////////////////////////////////////////////////////////////
// Method: Print
// Class: Pk11Install_PlatformName
*/
void
Pk11Install_PlatformName_Print(Pk11Install_PlatformName* _this, int pad)
{
+ char *str = NULL;
PAD(pad); printf("OS: %s\n", _this->OS ? _this->OS : "<NULL>");
PAD(pad); printf("Digits: ");
if(_this->numDigits == 0) {
printf("None\n");
} else {
- printf("%s\n", Pk11Install_PlatformName_GetVerString(_this));
+ str = Pk11Install_PlatformName_GetVerString(_this);
+ printf("%s\n", str);
+ PR_Free(str);
}
PAD(pad); printf("arch: %s\n", _this->arch ? _this->arch : "<NULL>");
}
Pk11Install_Platform*
Pk11Install_Platform_new()
{
Pk11Install_Platform* new_this;
@@ -765,37 +763,33 @@ Pk11Install_Platform_Generate(Pk11Instal
subiter = Pk11Install_ListIter_new(subpair->list);
subval = subiter->current;
if(!subval || (subval->type != STRING_VALUE)) {
errStr = PR_smprintf(errString[BOGUS_MODULE_FILE],
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
}
_this->moduleFile = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
+ Pk11Install_ListIter_delete(&subiter);
gotModuleFile = PR_TRUE;
} else if(!PORT_Strcasecmp(subpair->key, MODULE_NAME_STRING)){
if(gotModuleName) {
errStr = PR_smprintf(errString[REPEAT_MODULE_NAME],
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
}
subiter = Pk11Install_ListIter_new(subpair->list);
subval = subiter->current;
if(!subval || (subval->type != STRING_VALUE)) {
errStr = PR_smprintf(errString[BOGUS_MODULE_NAME],
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
}
_this->moduleName = PR_Strdup(subval->string);
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
+ Pk11Install_ListIter_delete(&subiter);
gotModuleName = PR_TRUE;
} else if(!PORT_Strcasecmp(subpair->key, MECH_FLAGS_STRING)) {
endptr=NULL;
if(gotMech) {
errStr = PR_smprintf(errString[REPEAT_MECH],
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
@@ -808,19 +802,17 @@ Pk11Install_Platform_Generate(Pk11Instal
goto loser;
}
_this->mechFlags = strtol(subval->string, &endptr, 0);
if(*endptr!='\0' || (endptr==subval->string) ) {
errStr = PR_smprintf(errString[BOGUS_MECH_FLAGS],
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
}
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter=NULL;
+ Pk11Install_ListIter_delete(&subiter);
gotMech = PR_TRUE;
} else if(!PORT_Strcasecmp(subpair->key,CIPHER_FLAGS_STRING)) {
endptr=NULL;
if(gotCipher) {
errStr = PR_smprintf(errString[REPEAT_CIPHER],
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
@@ -833,19 +825,17 @@ Pk11Install_Platform_Generate(Pk11Instal
goto loser;
}
_this->cipherFlags = strtol(subval->string, &endptr, 0);
if(*endptr!='\0' || (endptr==subval->string) ) {
errStr = PR_smprintf(errString[BOGUS_CIPHER_FLAGS],
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
}
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter=NULL;
+ Pk11Install_ListIter_delete(&subiter);
gotCipher = PR_TRUE;
} else if(!PORT_Strcasecmp(subpair->key, FILES_STRING)) {
if(gotFiles) {
errStr = PR_smprintf(errString[REPEAT_FILES],
Pk11Install_PlatformName_GetString(&_this->name));
goto loser;
}
subiter = Pk11Install_ListIter_new(subpair->list);
@@ -1084,19 +1074,17 @@ Pk11Install_Info_Generate(Pk11Install_In
if(subval->type == STRING_VALUE) {
errStr = Pk11Install_PlatformName_Generate(
&_this->forwardCompatible[i], subval->string);
if(errStr) {
goto loser;
}
}
}
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
+ Pk11Install_ListIter_delete(&subiter);
} else if(!PORT_Strcasecmp(pair->key, PLATFORMS_STRING)) {
subiter = Pk11Install_ListIter_new(pair->list);
_this->numPlatforms = pair->list->numPairs;
_this->platforms = (Pk11Install_Platform*)
PR_Malloc(sizeof(Pk11Install_Platform)*
_this->numPlatforms);
for(i=0; i < _this->numPlatforms; i++,
Pk11Install_ListIter_nextItem(subiter)) {
@@ -1104,19 +1092,17 @@ Pk11Install_Info_Generate(Pk11Install_In
subval = subiter->current;
if(subval->type == PAIR_VALUE) {
errStr = Pk11Install_Platform_Generate(&_this->platforms[i],subval->pair);
if(errStr) {
goto loser;
}
}
}
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
+ Pk11Install_ListIter_delete(&subiter);
}
}
}
if(_this->numPlatforms == 0) {
errStr = PR_smprintf(errString[NO_PLATFORMS]);
goto loser;
}
@@ -1187,24 +1173,20 @@ Pk11Install_Info_Generate(Pk11Install_In
first = first->equiv;
}
_this->platforms[i].equiv = first;
}
}
loser:
if(iter) {
- Pk11Install_ListIter_delete(iter);
- PR_Free(iter);
- iter = NULL;
+ Pk11Install_ListIter_delete(&iter);
}
if(subiter) {
- Pk11Install_ListIter_delete(subiter);
- PR_Free(subiter);
- subiter = NULL;
+ Pk11Install_ListIter_delete(&subiter);
}
return errStr;
}
/*
//////////////////////////////////////////////////////////////////////////
// Method: GetBestPlatform
// Class: Pk11Install_Info
@@ -1343,20 +1325,22 @@ Pk11Install_ListIter_new(const Pk11Insta
PR_Malloc(sizeof(Pk11Install_ListIter));
new_this->list = _list;
new_this->current = _list->head;
return new_this;
}
/****************************************************************************/
void
-Pk11Install_ListIter_delete(Pk11Install_ListIter* _this)
+Pk11Install_ListIter_delete(Pk11Install_ListIter** _this)
{
- _this->list=NULL;
- _this->current=NULL;
+ (*_this)->list=NULL;
+ (*_this)->current=NULL;
+ PR_Free(*_this);
+ *_this=NULL;
}
/****************************************************************************/
void
Pk11Install_ListIter_reset(Pk11Install_ListIter* _this)
{
if(_this->list) {
_this->current = _this->list->head;
--- a/security/nss/cmd/modutil/install-ds.h
+++ b/security/nss/cmd/modutil/install-ds.h
@@ -119,17 +119,17 @@ struct Pk11Install_ListIter_str {
Pk11Install_ListIter*
Pk11Install_ListIter_new_default();
void
Pk11Install_ListIter_init(Pk11Install_ListIter* _this);
Pk11Install_ListIter*
Pk11Install_ListIter_new(const Pk11Install_ValueList* _list);
void
-Pk11Install_ListIter_delete(Pk11Install_ListIter* _this);
+Pk11Install_ListIter_delete(Pk11Install_ListIter** _this);
void
Pk11Install_ListIter_reset(Pk11Install_ListIter* _this);
Pk11Install_Value*
Pk11Install_ListIter_nextItem(Pk11Install_ListIter* _this);
/************************************************************************
*
* Pk11Install_File
--- a/security/nss/cmd/pk1sign/pk1sign.c
+++ b/security/nss/cmd/pk1sign/pk1sign.c
@@ -39,18 +39,18 @@ SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplat
SEC_ASN1Template CERTSignatureDataTemplate[] =
{
{ SEC_ASN1_SEQUENCE,
0, NULL, sizeof(CERTSignedData) },
{ SEC_ASN1_INLINE,
offsetof(CERTSignedData,signatureAlgorithm),
SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
{ SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedData,signature), },
- { 0, }
+ offsetof(CERTSignedData,signature) },
+ { 0 }
};
static void
Usage(char *progName)
{
fprintf(stderr,
"Usage: %s -k keyname [-d keydir] [-i input] [-o output]\n",
--- a/security/nss/cmd/platlibs.mk
+++ b/security/nss/cmd/platlibs.mk
@@ -46,91 +46,140 @@ else
CRYPTOLIB=$(FREEBL_LIB_DIR)/$(LIB_PREFIX)freebl.$(LIB_SUFFIX)
SOFTOKENLIB=
EXTRA_SHARED_LIBS += \
-L$(SOFTOKEN_LIB_DIR) \
-lsoftokn3 \
$(NULL)
endif
+ifndef NSS_BUILD_SOFTOKEN_ONLY
PKIXLIB = \
$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixutil.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixsystem.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixcrlsel.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixmodule.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixstore.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixparams.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixchecker.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixpki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixtop.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixresults.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkixcertsel.$(LIB_SUFFIX)
+endif
-# can't do this in manifest.mn because OS_ARCH isn't defined there.
+NSS_LIBS_1=
+SECTOOL_LIB=
+NSS_LIBS_2=
+NSS_LIBS_3=
+NSS_LIBS_4=
+
+ifneq ($(NSS_BUILD_UTIL_ONLY),1)
+SECTOOL_LIB = \
+ $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+ $(NULL)
+else
+SECTOOL_LIB = \
+ $(NULL)
+endif
+
+ifneq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
ifeq ($(OS_ARCH), WINNT)
-
-EXTRA_LIBS += \
+# breakdown for windows
+NSS_LIBS_1 = \
$(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+ $(NULL)
+NSS_LIBS_2 = \
$(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
- $(SOFTOKENLIB) \
- $(CRYPTOLIB) \
+ $(NULL)
+NSS_LIBS_3 = \
$(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
$(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
$(PKIXLIB) \
$(DBMLIB) \
+ $(NULL)
+NSS_LIBS_4 = \
$(SQLITE_LIB_DIR)/$(LIB_PREFIX)$(SQLITE_LIB_NAME).$(LIB_SUFFIX) \
$(NSSUTIL_LIB_DIR)/$(LIB_PREFIX)nssutil3.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plc4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)plds4.$(LIB_SUFFIX) \
$(NSPR_LIB_DIR)/$(NSPR31_LIB_PREFIX)nspr4.$(LIB_SUFFIX) \
$(NULL)
+else
+# breakdown for others
+NSS_LIBS_1 = \
+ $(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
+ $(NULL)
+SECTOOL_LIB = \
+ $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
+ $(NULL)
+NSS_LIBS_2 = \
+ $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
+ $(NULL)
+NSS_LIBS_3 = \
+ $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+ $(NULL)
+NSS_LIBS_4 = \
+ $(DBMLIB) \
+ $(PKIXLIB) \
+ $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
+ $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
+ $(NULL)
+endif
+endif
+
+# can't do this in manifest.mn because OS_ARCH isn't defined there.
+ifeq ($(OS_ARCH), WINNT)
+
+EXTRA_LIBS += \
+ $(NSS_LIBS_1) \
+ $(SECTOOL_LIB) \
+ $(NSS_LIBS_2) \
+ $(SOFTOKENLIB) \
+ $(CRYPTOLIB) \
+ $(NSS_LIBS_3) \
+ $(NSS_LIBS_4) \
+ $(NULL)
# $(PROGRAM) has NO explicit dependencies on $(OS_LIBS)
#OS_LIBS += \
wsock32.lib \
winmm.lib \
$(NULL)
else
EXTRA_LIBS += \
- $(DIST)/lib/$(LIB_PREFIX)smime.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)ssl.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)sectool.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pkcs12.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pkcs7.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)cryptohi.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
+ $(NSS_LIBS_1) \
+ $(SECTOOL_LIB) \
+ $(NSS_LIBS_2) \
$(SOFTOKENLIB) \
- $(DIST)/lib/$(LIB_PREFIX)certdb.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nsspki.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nssdev.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)nssb.$(LIB_SUFFIX) \
+ $(NSS_LIBS_3) \
$(CRYPTOLIB) \
- $(DBMLIB) \
- $(PKIXLIB) \
- $(DIST)/lib/$(LIB_PREFIX)nss.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)pk11wrap.$(LIB_SUFFIX) \
- $(DIST)/lib/$(LIB_PREFIX)certhi.$(LIB_SUFFIX) \
+ $(NSS_LIBS_4) \
$(NULL)
ifeq ($(OS_ARCH), AIX)
EXTRA_SHARED_LIBS += -brtl
endif
# $(PROGRAM) has NO explicit dependencies on $(EXTRA_SHARED_LIBS)
# $(EXTRA_SHARED_LIBS) come before $(OS_LIBS), except on AIX.
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -220,16 +220,17 @@ PrintParameterUsage()
" good, revoked, unknown, failure, badsig, corrupted\n"
" ocsp: fetch from external OCSP server using AIA, or none\n"
"-A <ca> Nickname of a CA used to sign a stapled cert status\n"
"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n"
"-H override default DHE server support, 0: disable, 1: enable\n"
"-W override default DHE server weak parameters support, 0: disable, 1: enable\n"
"-c Restrict ciphers\n"
"-Y prints cipher values allowed for parameter -c and exits\n"
+"-G enables the extended master secret extension [RFC7627]\n"
, stderr);
}
static void
Usage(const char *progName)
{
PrintUsageHeader(progName);
PrintParameterUsage();
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -105,16 +105,17 @@ int renegotiationsDone = 0;
static char *progName;
secuPWData pwdata = { PW_NONE, 0 };
void printSecurityInfo(PRFileDesc *fd)
{
CERTCertificate * cert;
const SECItemArray *csa;
+ const SECItem *scts;
SSL3Statistics * ssl3stats = SSL_GetStatistics();
SECStatus result;
SSLChannelInfo channel;
SSLCipherSuiteInfo suite;
result = SSL_GetChannelInfo(fd, &channel, sizeof channel);
if (result == SECSuccess &&
channel.length == sizeof channel &&
@@ -157,16 +158,21 @@ void printSecurityInfo(PRFileDesc *fd)
ssl3stats->hsh_sid_cache_hits, ssl3stats->hsh_sid_cache_misses,
ssl3stats->hsh_sid_cache_not_ok, ssl3stats->hsh_sid_stateless_resumes);
csa = SSL_PeerStapledOCSPResponses(fd);
if (csa) {
fprintf(stderr, "Received %d Cert Status items (OCSP stapled data)\n",
csa->len);
}
+ scts = SSL_PeerSignedCertTimestamps(fd);
+ if (scts && scts->len) {
+ fprintf(stderr, "Received a Signed Certificate Timestamp of length"
+ " %u\n", scts->len);
+ }
}
void
handshakeCallback(PRFileDesc *fd, void *client_data)
{
const char *secondHandshakeName = (char *)client_data;
if (secondHandshakeName) {
SSL_SetURL(fd, secondHandshakeName);
@@ -179,17 +185,17 @@ handshakeCallback(PRFileDesc *fd, void *
}
static void PrintUsageHeader(const char *progName)
{
fprintf(stderr,
"Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
"[-D | -d certdir] [-C] [-b | -R root-module] \n"
"[-n nickname] [-Bafosvx] [-c ciphers] [-Y]\n"
- "[-V [min-version]:[max-version]] [-K] [-T]\n"
+ "[-V [min-version]:[max-version]] [-K] [-T] [-U]\n"
"[-r N] [-w passwd] [-W pwfile] [-q [-t seconds]]\n",
progName);
}
static void PrintParameterUsage(void)
{
fprintf(stderr, "%-20s Send different SNI name. 1st_hs_name - at first\n"
"%-20s handshake, 2nd_hs_name - at second handshake.\n"
@@ -227,16 +233,17 @@ static void PrintParameterUsage(void)
fprintf(stderr, "%-20s Use export policy.\n", "-x");
fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
fprintf(stderr, "%-20s Timeout for server ping (default: no timeout).\n", "-t seconds");
fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-r N");
fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u");
fprintf(stderr, "%-20s Enable compression.\n", "-z");
fprintf(stderr, "%-20s Enable false start.\n", "-g");
fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n", "-T");
+ fprintf(stderr, "%-20s Enable the signed_certificate_timestamp extension.\n", "-U");
fprintf(stderr, "%-20s Enable the extended master secret extension (session hash).\n", "-G");
fprintf(stderr, "%-20s Require fresh revocation info from side channel.\n"
"%-20s -F once means: require for server cert only\n"
"%-20s -F twice means: require for intermediates, too\n"
"%-20s (Connect, handshake with server, disable dynamic download\n"
"%-20s of OCSP/CRL, verify cert using CERT_PKIXVerifyCert.)\n"
"%-20s Exit code:\n"
"%-20s 0: have fresh and valid revocation data, status good\n"
@@ -245,16 +252,17 @@ static void PrintParameterUsage(void)
"%-20s 3: have fresh and valid revocation data, status revoked\n",
"-F", "", "", "", "", "", "", "", "", "");
fprintf(stderr, "%-20s Test -F allows 0=any (default), 1=only OCSP, 2=only CRL\n", "-M");
fprintf(stderr, "%-20s Restrict ciphers\n", "-c ciphers");
fprintf(stderr, "%-20s Print cipher values allowed for parameter -c and exit\n", "-Y");
fprintf(stderr, "%-20s Enforce using an IPv4 destination address\n", "-4");
fprintf(stderr, "%-20s Enforce using an IPv6 destination address\n", "-6");
fprintf(stderr, "%-20s (Options -4 and -6 cannot be combined.)\n", "");
+ fprintf(stderr, "%-20s Enable the extended master secret extension [RFC7627]\n", "-G");
}
static void Usage(const char *progName)
{
PrintUsageHeader(progName);
PrintParameterUsage();
exit(1);
}
@@ -915,16 +923,17 @@ int main(int argc, char **argv)
PRBool enableSSL2 = PR_TRUE;
int bypassPKCS11 = 0;
int disableLocking = 0;
int useExportPolicy = 0;
int enableSessionTickets = 0;
int enableCompression = 0;
int enableFalseStart = 0;
int enableCertStatus = 0;
+ int enableSignedCertTimestamps = 0;
int forceFallbackSCSV = 0;
int enableExtendedMasterSecret = 0;
PRSocketOptionData opt;
PRNetAddr addr;
PRPollDesc pollset[2];
PRBool allowIPv4 = PR_TRUE;
PRBool allowIPv6 = PR_TRUE;
PRBool pingServerFirst = PR_FALSE;
@@ -965,17 +974,17 @@ int main(int argc, char **argv)
if (sec > 0) {
maxInterval = PR_SecondsToInterval(sec);
}
}
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
optstate = PL_CreateOptState(argc, argv,
- "46BCDFGKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz");
+ "46BCDFGKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
default : Usage(progName); break;
case '4': allowIPv6 = PR_FALSE; if (!allowIPv4) Usage(progName); break;
case '6': allowIPv4 = PR_FALSE; if (!allowIPv6) Usage(progName); break;
@@ -1018,16 +1027,18 @@ int main(int argc, char **argv)
break;
case 'R': rootModule = PORT_Strdup(optstate->value); break;
case 'S': skipProtoHeader = PR_TRUE; break;
case 'T': enableCertStatus = 1; break;
+ case 'U': enableSignedCertTimestamps = 1; break;
+
case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value,
enabledVersions, enableSSL2,
&enabledVersions, &enableSSL2) != SECSuccess) {
Usage(progName);
}
break;
case 'Y': PrintCipherUsage(progName); exit(0); break;
@@ -1395,16 +1406,24 @@ int main(int argc, char **argv)
if (enableExtendedMasterSecret) {
rv = SSL_OptionSet(s, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling extended master secret");
return 1;
}
}
+ /* enable Signed Certificate Timestamps. */
+ rv = SSL_OptionSet(s, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+ enableSignedCertTimestamps);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "error enabling signed cert timestamps");
+ return 1;
+ }
+
SSL_SetPKCS11PinArg(s, &pwdata);
serverCertAuth.dbHandle = CERT_GetDefaultCertDB();
SSL_AuthCertificateHook(s, ownAuthCertificate, &serverCertAuth);
if (override) {
SSL_BadCertHook(s, ownBadCertHandler, NULL);
}
--- a/security/nss/coreconf/WIN32.mk
+++ b/security/nss/coreconf/WIN32.mk
@@ -99,17 +99,17 @@ XP_DEFINE += -DXP_PC
ifdef NS_USE_GCC
LIB_SUFFIX = a
else
LIB_SUFFIX = lib
endif
DLL_SUFFIX = dll
ifdef NS_USE_GCC
- OS_CFLAGS += -mwindows -mms-bitfields -Werror
+ OS_CFLAGS += -mwindows -mms-bitfields
_GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY)
DLLFLAGS += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB))
ifdef BUILD_OPT
ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
OPTIMIZER += -Os
else
OPTIMIZER += -O2
endif
--- a/security/nss/coreconf/Werror.mk
+++ b/security/nss/coreconf/Werror.mk
@@ -16,17 +16,17 @@ ifndef WARNING_CFLAGS
disable_warning = $(shell $(CC) -x c -E -Werror -W$(1) /dev/null >/dev/null 2>&1 && echo -Wno-$(1))
WARNING_CFLAGS = -Wall
ifeq ($(CC_NAME),clang)
# -Qunused-arguments : clang objects to arguments that it doesn't understand
# and fixing this would require rearchitecture
WARNING_CFLAGS += -Qunused-arguments
# -Wno-parentheses-equality : because clang warns about macro expansions
- OS_CFLAGS += $(call disable_warning,parentheses-equality)
+ WARNING_CFLAGS += $(call disable_warning,parentheses-equality)
ifdef BUILD_OPT
# clang is unable to handle glib's expansion of strcmp and similar for optimized
# builds, so ignore the resulting errors.
# See https://llvm.org/bugs/show_bug.cgi?id=20144
WARNING_CFLAGS += $(call disable_warning,array-bounds)
WARNING_CFLAGS += $(call disable_warning,unevaluated-expression)
endif
endif # if clang
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
/*
* A dummy header file that is a dependency for all the object files.
* Used to force a full recompilation of NSS in Mozilla's Tinderbox
* depend builds. See comments in rules.mk.
*/
#error "Do not include this header file."
+
--- a/security/nss/external_tests/README
+++ b/security/nss/external_tests/README
@@ -1,14 +1,14 @@
GTest-based Unit Tests
This directory contains GTest-based unit tests for NSS libssl.
-These aren't built by default, because they require C++.
-To build them, set ``NSS_BUILD_GTESTS=1''
+If your environment doesn't have C++ compiler suitable to build these tests,
+you may disable them using ``NSS_DISABLE_GTESTS=1''
Once built, they are run as part of running ``test/all.sh''
You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh''
They can be run standalone or under a debugger by invoking the ssl_gtest
executable with a ``-d'' option pointing to the directory created by either
of the above options. You can find that in
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/common/gtest.mk
@@ -0,0 +1,27 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+include ../../cmd/platlibs.mk
+include ../../cmd/platrules.mk
+
+MKPROG = $(CCC)
+MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
+
+ifeq (WINNT,$(OS_ARCH))
+ # -EHsc because gtest has exception handlers
+ OS_CFLAGS += -EHsc -nologo
+ # http://www.suodenjoki.dk/us/archive/2010/min-max.htm
+ OS_CFLAGS += -DNOMINMAX
+
+ # Linking to winsock to get htonl
+ OS_LIBS += Ws2_32.lib
+
+ # On windows, we need to create the parent directory
+ # Needed because we include files from a subdirectory
+ MAKE_OBJDIR = $(INSTALL) -D $(dir $@)
+else
+ CXXFLAGS += -std=c++0x
+endif
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/common/scoped_ptrs.h
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef scoped_ptrs_h__
+#define scoped_ptrs_h__
+
+#include "keyhi.h"
+
+namespace nss_test {
+
+struct ScopedDelete {
+ void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); }
+ void operator()(SECItem* item) { SECITEM_FreeItem(item, true); }
+ void operator()(PK11SymKey* key) { PK11_FreeSymKey(key); }
+ void operator()(SECKEYPublicKey* key) { SECKEY_DestroyPublicKey(key); }
+ void operator()(SECKEYPrivateKey* key) { SECKEY_DestroyPrivateKey(key); }
+ void operator()(SECAlgorithmID* id) { SECOID_DestroyAlgorithmID(id, true); }
+ void operator()(CERTSubjectPublicKeyInfo* spki) {
+ SECKEY_DestroySubjectPublicKeyInfo(spki);
+ }
+};
+
+template<class T>
+struct ScopedMaybeDelete {
+ void operator()(T* ptr) { if (ptr) { ScopedDelete del; del(ptr); } }
+};
+
+#define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped ## x
+
+SCOPED(PK11SlotInfo);
+SCOPED(SECItem);
+SCOPED(PK11SymKey);
+SCOPED(SECKEYPublicKey);
+SCOPED(SECKEYPrivateKey);
+SCOPED(SECAlgorithmID);
+SCOPED(CERTSubjectPublicKeyInfo);
+
+#undef SCOPED
+
+} // namespace nss_test
+
+#endif
--- a/security/nss/external_tests/google_test/Makefile
+++ b/security/nss/external_tests/google_test/Makefile
@@ -21,32 +21,24 @@ include $(CORE_DEPTH)/coreconf/config.mk
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
+include ../common/gtest.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-
-MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
-ifeq (WINNT,$(OS_ARCH))
- # -EHsc because gtest has exception handlers
- OS_CFLAGS += -EHsc
- # On windows, we need to create the parent directory
- # Needed because we include files from a subdirectory
- MAKE_OBJDIR = $(INSTALL) -D $(dir $@)
-endif
--- a/security/nss/external_tests/manifest.mn
+++ b/security/nss/external_tests/manifest.mn
@@ -2,10 +2,11 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
CORE_DEPTH = ..
DEPTH = ..
DIRS = \
google_test \
+ pk11_gtest \
ssl_gtest \
$(NULL)
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/pk11_gtest/Makefile
@@ -0,0 +1,44 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include ../common/gtest.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/pk11_gtest/manifest.mn
@@ -0,0 +1,22 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+CORE_DEPTH = ../..
+DEPTH = ../..
+MODULE = nss
+
+CPPSRCS = \
+ pk11_pbkdf2_unittest.cc \
+ pk11_prf_unittest.cc \
+ pk11_rsapss_unittest.cc \
+ pk11_gtest.cc \
+ $(NULL)
+
+INCLUDES += -I$(CORE_DEPTH)/external_tests/google_test/gtest/include \
+ -I$(CORE_DEPTH)/external_tests/common
+
+REQUIRES = nspr nss libdbm gtest
+
+PROGRAM = pk11_gtest
+EXTRA_LIBS = $(DIST)/lib/$(LIB_PREFIX)gtest.$(LIB_SUFFIX)
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/pk11_gtest/pk11_gtest.cc
@@ -0,0 +1,21 @@
+#include "nspr.h"
+#include "nss.h"
+#include "ssl.h"
+
+#include <cstdlib>
+
+#define GTEST_HAS_RTTI 0
+#include "gtest/gtest.h"
+
+int main(int argc, char **argv) {
+ // Start the tests
+ ::testing::InitGoogleTest(&argc, argv);
+
+ NSS_NoDB_Init(nullptr);
+ NSS_SetDomesticPolicy();
+ int rv = RUN_ALL_TESTS();
+
+ NSS_Shutdown();
+
+ return rv;
+}
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/pk11_gtest/pk11_pbkdf2_unittest.cc
@@ -0,0 +1,100 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include "pk11pub.h"
+#include <memory>
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+static unsigned char* ToUcharPtr(std::string& str) {
+ return const_cast<unsigned char*>(
+ reinterpret_cast<const unsigned char*>(str.c_str()));
+}
+
+class Pkcs11Pbkdf2Test : public ::testing::Test {
+ public:
+ void Derive(std::vector<uint8_t>& derived, SECOidTag hash_alg)
+ {
+ // Shared between test vectors.
+ const unsigned int iterations = 4096;
+ std::string pass("passwordPASSWORDpassword");
+ std::string salt("saltSALTsaltSALTsaltSALTsaltSALTsalt");
+
+ // Derivation must succeed with the right values.
+ EXPECT_TRUE(DeriveBytes(pass, salt, derived, hash_alg, iterations));
+
+ // Derivation must fail when the password is bogus.
+ std::string bogusPass("PasswordPASSWORDpassword");
+ EXPECT_FALSE(DeriveBytes(bogusPass, salt, derived, hash_alg, iterations));
+
+ // Derivation must fail when the salt is bogus.
+ std::string bogusSalt("SaltSALTsaltSALTsaltSALTsaltSALTsalt");
+ EXPECT_FALSE(DeriveBytes(pass, bogusSalt, derived, hash_alg, iterations));
+
+ // Derivation must fail when using the wrong hash function.
+ SECOidTag next_hash_alg = static_cast<SECOidTag>(hash_alg + 1);
+ EXPECT_FALSE(DeriveBytes(pass, salt, derived, next_hash_alg, iterations));
+
+ // Derivation must fail when using the wrong number of iterations.
+ EXPECT_FALSE(DeriveBytes(pass, salt, derived, hash_alg, iterations + 1));
+ }
+
+ private:
+ bool DeriveBytes(std::string& pass, std::string& salt,
+ std::vector<uint8_t>& derived, SECOidTag hash_alg,
+ unsigned int iterations)
+ {
+ SECItem passItem = { siBuffer, ToUcharPtr(pass),
+ static_cast<unsigned int>(pass.length()) };
+ SECItem saltItem = { siBuffer, ToUcharPtr(salt),
+ static_cast<unsigned int>(salt.length()) };
+
+ // Set up PBKDF2 params.
+ ScopedSECAlgorithmID alg_id(
+ PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, hash_alg, hash_alg,
+ derived.size(), iterations, &saltItem));
+
+ // Derive.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ ScopedPK11SymKey symKey(
+ PK11_PBEKeyGen(slot.get(), alg_id.get(), &passItem, false, nullptr));
+
+ SECStatus rv = PK11_ExtractKeyValue(symKey.get());
+ EXPECT_EQ(rv, SECSuccess);
+
+ SECItem* keyData = PK11_GetKeyData(symKey.get());
+ return !memcmp(&derived[0], keyData->data, keyData->len);
+ }
+};
+
+// RFC 6070 <http://tools.ietf.org/html/rfc6070>
+TEST_F(Pkcs11Pbkdf2Test, DeriveKnown1) {
+ std::vector<uint8_t> derived = {
+ 0x3d, 0x2e, 0xec, 0x4f, 0xe4, 0x1c, 0x84, 0x9b, 0x80, 0xc8, 0xd8, 0x36,
+ 0x62, 0xc0, 0xe4, 0x4a, 0x8b, 0x29, 0x1a, 0x96, 0x4c, 0xf2, 0xf0, 0x70, 0x38
+ };
+
+ Derive(derived, SEC_OID_HMAC_SHA1);
+}
+
+// https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors
+TEST_F(Pkcs11Pbkdf2Test, DeriveKnown2) {
+ std::vector<uint8_t> derived = {
+ 0x34, 0x8c, 0x89, 0xdb, 0xcb, 0xd3, 0x2b, 0x2f, 0x32, 0xd8, 0x14, 0xb8,
+ 0x11, 0x6e, 0x84, 0xcf, 0x2b, 0x17, 0x34, 0x7e, 0xbc, 0x18, 0x00, 0x18,
+ 0x1c, 0x4e, 0x2a, 0x1f, 0xb8, 0xdd, 0x53, 0xe1, 0xc6, 0x35, 0x51, 0x8c,
+ 0x7d, 0xac, 0x47, 0xe9
+ };
+
+ Derive(derived, SEC_OID_HMAC_SHA256);
+}
+
+} // namespace nss_test
+
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/pk11_gtest/pk11_prf_unittest.cc
@@ -0,0 +1,250 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include "pk11pub.h"
+#include <memory>
+
+#include "gtest/gtest.h"
+
+namespace nss_test {
+
+const size_t kPmsSize = 48;
+const size_t kMasterSecretSize = 48;
+const size_t kPrfSeedSizeSha256 = 32;
+const size_t kPrfSeedSizeTlsPrf = 36;
+
+// This is not the right size for anything
+const size_t kIncorrectSize = 17;
+
+const uint8_t kPmsData[] = {
+ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+ 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
+ 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
+ 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,
+ 0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f
+};
+
+const uint8_t kPrfSeed[] = {
+ 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
+ 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,
+ 0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,
+ 0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,
+ 0xd0,0xd1,0xd2,0xd3
+};
+
+const uint8_t kExpectedOutputEmsSha256[] = {
+ 0x75,0xa7,0xa5,0x98,0xef,0xab,0x90,0xe7,
+ 0x7c,0x67,0x80,0xde,0xab,0x3a,0x11,0xf3,
+ 0x5d,0xb2,0xf8,0x47,0xff,0x09,0x01,0xec,
+ 0xf8,0x93,0x89,0xfc,0x98,0x2e,0x6e,0xf9,
+ 0x2c,0xf5,0x9b,0x04,0x04,0x6f,0xd7,0x28,
+ 0x6e,0xea,0xe3,0x83,0xc4,0x4a,0xff,0x03
+};
+
+const uint8_t kExpectedOutputEmsTlsPrf[] = {
+ 0x06,0xbf,0x29,0x86,0x5d,0xf3,0x3e,0x38,
+ 0xfd,0xfa,0x91,0x10,0x2a,0x20,0xff,0xd6,
+ 0xb9,0xd5,0x72,0x5a,0x6d,0x42,0x20,0x16,
+ 0xde,0xa4,0xa0,0x51,0xe5,0x53,0xc1,0x28,
+ 0x04,0x99,0xbc,0xb1,0x2c,0x9d,0xe8,0x0b,
+ 0x18,0xa2,0x0e,0x48,0x52,0x8d,0x61,0x13
+};
+
+static unsigned char* toUcharPtr(const uint8_t* v) {
+ return const_cast<unsigned char*>(
+ static_cast<const unsigned char *>(v));
+}
+
+class TlsPrfTest : public ::testing::Test {
+ public:
+ TlsPrfTest()
+ : params_({siBuffer, nullptr, 0})
+ , pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize})
+ , key_mech_(0)
+ , slot_(nullptr)
+ , pms_(nullptr)
+ , ms_(nullptr)
+ , pms_version_({0, 0}) {}
+
+ ~TlsPrfTest() {
+ if (slot_) { PK11_FreeSlot(slot_); }
+ ClearTempVars();
+ }
+
+ void ClearTempVars() {
+ if (pms_) { PK11_FreeSymKey(pms_); }
+ if (ms_) { PK11_FreeSymKey(ms_); }
+ }
+
+ void Init() {
+ params_.type = siBuffer;
+
+ pms_item_.type = siBuffer;
+ pms_item_.data = const_cast<unsigned char*>(
+ static_cast<const unsigned char *>(kPmsData));
+
+ slot_ = PK11_GetInternalSlot();
+ ASSERT_NE(nullptr, slot_);
+ }
+
+ void CheckForError(CK_MECHANISM_TYPE hash_mech,
+ size_t seed_len,
+ size_t pms_len,
+ size_t output_len) {
+ // Error tests don't depend on the derivation mechansim
+ Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech,
+ seed_len, pms_len, output_len, nullptr, nullptr);
+ }
+
+ void ComputeAndVerifyMs(CK_MECHANISM_TYPE derive_mech,
+ CK_MECHANISM_TYPE hash_mech,
+ CK_VERSION* version,
+ const uint8_t* expected) {
+ // Infer seed length from mechanism
+ int seed_len = 0;
+ switch (hash_mech) {
+ case CKM_TLS_PRF: seed_len = kPrfSeedSizeTlsPrf; break;
+ case CKM_SHA256: seed_len = kPrfSeedSizeSha256; break;
+ default: ASSERT_TRUE(false);
+ }
+
+ Inner(derive_mech, hash_mech, seed_len,
+ kPmsSize, 0, version, expected);
+ }
+
+
+ // Set output == nullptr to test when errors occur
+ void Inner(
+ CK_MECHANISM_TYPE derive_mech,
+ CK_MECHANISM_TYPE hash_mech,
+ size_t seed_len,
+ size_t pms_len,
+ size_t output_len,
+ CK_VERSION* version,
+ const uint8_t* expected) {
+ ClearTempVars();
+
+ // Infer the key mechanism from the hash type
+ switch (hash_mech) {
+ case CKM_TLS_PRF: key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE; break;
+ case CKM_SHA256: key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; break;
+ default: ASSERT_TRUE(false);
+ }
+
+ // Import the params
+ CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = {
+ hash_mech,
+ toUcharPtr(kPrfSeed),
+ static_cast<CK_ULONG>(seed_len),
+ version
+ };
+ params_.data = reinterpret_cast<unsigned char*>(&master_params);
+ params_.len = sizeof(master_params);
+
+ // Import the PMS
+ pms_item_.len = pms_len;
+ pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap,
+ CKA_DERIVE, &pms_item_, NULL);
+ ASSERT_NE(nullptr, pms_);
+
+
+ // Compute the EMS
+ ms_ = PK11_DeriveWithFlags(pms_, derive_mech, ¶ms_, key_mech_,
+ CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
+
+ // Verify the EMS has the expected value (null or otherwise)
+ if (!expected) {
+ EXPECT_EQ(nullptr, ms_);
+ } else {
+ ASSERT_NE(nullptr, ms_);
+
+ SECStatus rv = PK11_ExtractKeyValue(ms_);
+ ASSERT_EQ(SECSuccess, rv);
+
+ SECItem *msData = PK11_GetKeyData(ms_);
+ ASSERT_NE(nullptr, msData);
+
+ ASSERT_EQ(kMasterSecretSize, msData->len);
+ EXPECT_EQ(0,
+ memcmp(msData->data, expected, kMasterSecretSize));
+ }
+ }
+
+ protected:
+ SECItem params_;
+ SECItem pms_item_;
+ CK_MECHANISM_TYPE key_mech_;
+ PK11SlotInfo *slot_;
+ PK11SymKey *pms_;
+ PK11SymKey *ms_;
+ CK_VERSION pms_version_;
+};
+
+TEST_F(TlsPrfTest, ExtendedMsParamErr) {
+ Init();
+
+ // This should fail; it's the correct set from which the below are derived
+ // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, 0);
+
+ // Output key size != 0, SSL3_MASTER_SECRET_LENGTH
+ CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, kIncorrectSize);
+
+ // not-DH && pms size != SSL3_PMS_LENGTH
+ CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0);
+
+ // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH
+ CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0);
+
+ // !CKM_TLS_PRF && seed length != hash output length
+ CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0);
+}
+
+// Test matrix:
+//
+// DH RSA
+// TLS_PRF 1 2
+// SHA256 3 4
+TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) {
+ Init();
+ ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
+ CKM_TLS_PRF,
+ nullptr,
+ kExpectedOutputEmsTlsPrf);
+}
+
+TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) {
+ Init();
+ ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
+ CKM_TLS_PRF,
+ &pms_version_,
+ kExpectedOutputEmsTlsPrf);
+ EXPECT_EQ(0, pms_version_.major);
+ EXPECT_EQ(1, pms_version_.minor);
+}
+
+
+TEST_F(TlsPrfTest, ExtendedMsDhSha256) {
+ Init();
+ ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
+ CKM_SHA256,
+ nullptr,
+ kExpectedOutputEmsSha256);
+}
+
+TEST_F(TlsPrfTest, ExtendedMsRsaSha256) {
+ Init();
+ ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
+ CKM_SHA256,
+ &pms_version_,
+ kExpectedOutputEmsSha256);
+ EXPECT_EQ(0, pms_version_.major);
+ EXPECT_EQ(1, pms_version_.minor);
+}
+
+} // namespace nss_test
+
new file mode 100644
--- /dev/null
+++ b/security/nss/external_tests/pk11_gtest/pk11_rsapss_unittest.cc
@@ -0,0 +1,246 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nss.h"
+#include "pk11pub.h"
+#include "sechash.h"
+#include <memory>
+
+#include "gtest/gtest.h"
+#include "scoped_ptrs.h"
+
+namespace nss_test {
+
+// RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector1Spki[] = {
+ 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02,
+ 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51,
+ 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52,
+ 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56,
+ 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94,
+ 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0,
+ 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5,
+ 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70,
+ 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0,
+ 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22,
+ 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
+ 0x37, 0x02, 0x03, 0x01, 0x00, 0x01
+};
+// RSA-PSS test vectors, pss-vect.txt, Example 1.1
+const uint8_t kTestVector1Data[] = {
+ 0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb, 0xbc,
+ 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54, 0x75, 0xcc,
+ 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c, 0xe2, 0x39, 0x2e,
+ 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15, 0x6a, 0x0d, 0x8d, 0x52,
+ 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09, 0x57, 0x86, 0xcb, 0x76, 0x97,
+ 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe, 0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5,
+ 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2, 0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67,
+ 0x69, 0x3f, 0x90, 0xdf, 0xb0, 0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44,
+ 0x72, 0xc0, 0x0e, 0x5f, 0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06,
+ 0xce, 0x78, 0xe0, 0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0,
+ 0x31, 0x7e, 0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38,
+ 0x08, 0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
+ 0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41, 0x62,
+ 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9, 0xea, 0x8f,
+ 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16, 0xbe, 0x02, 0x54,
+ 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26, 0x76, 0xe0, 0x8a, 0xed,
+ 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67, 0xd0
+};
+const uint8_t kTestVector1Sig[] = {
+ 0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38, 0x8e,
+ 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1, 0x85, 0xdf,
+ 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd, 0x44, 0xdc, 0x86,
+ 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2, 0x26, 0xf3, 0xec, 0x22,
+ 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31, 0xf5, 0x05, 0x12, 0x15, 0xdf,
+ 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa, 0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14,
+ 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4, 0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa,
+ 0x35, 0x42, 0xff, 0xee, 0x65, 0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d,
+ 0xeb, 0x27, 0xdc, 0xa1, 0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00,
+ 0xf1, 0xff, 0x2b, 0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c
+};
+
+// RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+const uint8_t kTestVector2Spki[] = {
+ 0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00, 0x30, 0x82,
+ 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a, 0xc4, 0xcb, 0x02,
+ 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70, 0xef, 0x99, 0x1c, 0x56,
+ 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa, 0x89, 0x37, 0xce, 0xa5, 0x7b,
+ 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00, 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22,
+ 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27, 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80,
+ 0x90, 0xfe, 0xe2, 0xa7, 0xad, 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49,
+ 0x97, 0xc7, 0xa4, 0x2d, 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f,
+ 0xe5, 0x21, 0xc1, 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e,
+ 0x4c, 0x7e, 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57,
+ 0x7e, 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
+ 0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc, 0x95,
+ 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79, 0x25, 0xfe,
+ 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea, 0x45, 0x49, 0xc5,
+ 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9, 0x1f, 0xff, 0x58, 0x73,
+ 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70, 0x5a, 0x33, 0xe3, 0x91, 0x90,
+ 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1, 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c,
+ 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17, 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d,
+ 0xce, 0x09, 0xcb, 0x4a, 0xd0, 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98,
+ 0xee, 0x27, 0xcf, 0x55, 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec,
+ 0x8b, 0x17, 0x4b, 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21,
+ 0xae, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01
+};
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1
+const uint8_t kTestVector2Data[] = {
+ 0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9, 0x68, 0x03, 0x27,
+ 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f, 0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a,
+ 0x3a, 0xd6, 0x09
+};
+const uint8_t kTestVector2Sig[] = {
+ 0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b, 0x19,
+ 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f, 0xce, 0x54,
+ 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd, 0xfd, 0xac, 0xe1,
+ 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14, 0x8e, 0xba, 0xd7, 0xa0,
+ 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5, 0x72, 0x7d, 0x05, 0xf2, 0x1e,
+ 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20, 0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a,
+ 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6, 0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59,
+ 0x61, 0xc8, 0xbf, 0xad, 0x74, 0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39,
+ 0x3e, 0x72, 0x23, 0x73, 0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55,
+ 0x5b, 0x0e, 0xc0, 0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76,
+ 0x14, 0xce, 0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95,
+ 0x16, 0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
+ 0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8, 0xfe,
+ 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77, 0x55, 0x92,
+ 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00, 0x0b, 0xe2, 0x5b,
+ 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86, 0x18, 0x4d, 0xd1, 0xc8,
+ 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f, 0x60, 0x66, 0x3d, 0xe7, 0xf5,
+ 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f, 0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4,
+ 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1, 0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2,
+ 0x38, 0x52, 0x30, 0xd0, 0x70, 0xd0, 0x7e, 0x16, 0x66
+};
+
+static unsigned char* toUcharPtr(const uint8_t* v) {
+ return const_cast<unsigned char*>(
+ static_cast<const unsigned char*>(v));
+}
+
+class Pkcs11RsaPssTest : public ::testing::Test {
+};
+
+class Pkcs11RsaPssVectorTest : public Pkcs11RsaPssTest {
+ public:
+ void Verify(const uint8_t* spki, size_t spki_len, const uint8_t* data,
+ size_t data_len, const uint8_t* sig, size_t sig_len) {
+ // Verify data signed with PSS/SHA-1.
+ SECOidTag hashOid = SEC_OID_SHA1;
+ CK_MECHANISM_TYPE hashMech = CKM_SHA_1;
+ CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA1;
+
+ // Set up PSS parameters.
+ unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
+ CK_RSA_PKCS_PSS_PARAMS rsaPssParams = { hashMech, mgf, hLen };
+ SECItem params = { siBuffer,
+ reinterpret_cast<unsigned char*>(&rsaPssParams),
+ sizeof(rsaPssParams) };
+
+ // Import public key.
+ SECItem spkiItem = { siBuffer, toUcharPtr(spki),
+ static_cast<unsigned int>(spki_len) };
+ ScopedCERTSubjectPublicKeyInfo certSpki(
+ SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+ ScopedSECKEYPublicKey pubKey(SECKEY_ExtractPublicKey(certSpki.get()));
+
+ // Hash the data.
+ std::vector<uint8_t> hashBuf(hLen);
+ SECItem hash = { siBuffer, &hashBuf[0],
+ static_cast<unsigned int>(hashBuf.size()) };
+ SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data),
+ data_len);
+ EXPECT_EQ(rv, SECSuccess);
+
+ // Verify.
+ CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
+ SECItem sigItem = { siBuffer, toUcharPtr(sig),
+ static_cast<unsigned int>(sig_len) };
+ rv = PK11_VerifyWithMechanism(pubKey.get(), mech, ¶ms, &sigItem, &hash,
+ nullptr);
+ EXPECT_EQ(rv, SECSuccess);
+ }
+};
+
+#define PSS_TEST_VECTOR_VERIFY(spki, data, sig) \
+ Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig));
+
+TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
+ // Sign data with a 1024-bit RSA key, using PSS/SHA-256.
+ SECOidTag hashOid = SEC_OID_SHA256;
+ CK_MECHANISM_TYPE hashMech = CKM_SHA256;
+ CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA256;
+ PK11RSAGenParams rsaGenParams = { 1024, 0x10001 };
+
+ // Generate RSA key pair.
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ SECKEYPublicKey* pubKeyRaw = nullptr;
+ ScopedSECKEYPrivateKey privKey(PK11_GenerateKeyPair(slot.get(),
+ CKM_RSA_PKCS_KEY_PAIR_GEN,
+ &rsaGenParams, &pubKeyRaw,
+ false, false, nullptr));
+ ASSERT_TRUE(!!privKey && pubKeyRaw);
+ ScopedSECKEYPublicKey pubKey(pubKeyRaw);
+
+ // Generate random data to sign.
+ uint8_t dataBuf[50];
+ SECItem data = { siBuffer, dataBuf, sizeof(dataBuf) };
+ unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
+ SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), data.data, data.len);
+ EXPECT_EQ(rv, SECSuccess);
+
+ // Allocate memory for the signature.
+ std::vector<uint8_t> sigBuf(PK11_SignatureLen(privKey.get()));
+ SECItem sig = { siBuffer, &sigBuf[0],
+ static_cast<unsigned int>(sigBuf.size()) };
+
+ // Set up PSS parameters.
+ CK_RSA_PKCS_PSS_PARAMS rsaPssParams = { hashMech, mgf, hLen };
+ SECItem params = { siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
+ sizeof(rsaPssParams) };
+
+ // Sign.
+ CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
+ rv = PK11_SignWithMechanism(privKey.get(), mech, ¶ms, &sig, &data);
+ EXPECT_EQ(rv, SECSuccess);
+
+ // Verify.
+ rv = PK11_VerifyWithMechanism(pubKey.get(), mech, ¶ms, &sig, &data,
+ nullptr);
+ EXPECT_EQ(rv, SECSuccess);
+
+ // Verification with modified data must fail.
+ data.data[0] ^= 0xff;
+ rv = PK11_VerifyWithMechanism(pubKey.get(), mech, ¶ms, &sig, &data,
+ nullptr);
+ EXPECT_EQ(rv, SECFailure);
+
+ // Verification with original data but the wrong signature must fail.
+ data.data[0] ^= 0xff; // Revert previous changes.
+ sig.data[0] ^= 0xff;
+ rv = PK11_VerifyWithMechanism(pubKey.get(), mech, ¶ms, &sig, &data,
+ nullptr);
+ EXPECT_EQ(rv, SECFailure);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 1.1: A 1024-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature1) {
+ PSS_TEST_VECTOR_VERIFY(kTestVector1Spki, kTestVector1Data, kTestVector1Sig);
+}
+
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) {
+ PSS_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig);
+}
+
+} // namespace nss_test
+
--- a/security/nss/external_tests/ssl_gtest/Makefile
+++ b/security/nss/external_tests/ssl_gtest/Makefile
@@ -20,41 +20,26 @@ include $(CORE_DEPTH)/coreconf/config.mk
# (3) Include "component" configuration information. (OPTIONAL) #
#######################################################################
#######################################################################
# (4) Include "local" platform-dependent assignments (OPTIONAL). #
#######################################################################
-include ../../cmd/platlibs.mk
+include ../common/gtest.mk
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-MKPROG = $(CCC)
CFLAGS += -I$(CORE_DEPTH)/lib/ssl
-
-include ../../cmd/platrules.mk
-
-ifeq (WINNT,$(OS_ARCH))
- # -EHsc because gtest has exception handlers
- OS_CFLAGS += -EHsc -nologo
- # http://www.suodenjoki.dk/us/archive/2010/min-max.htm
- OS_CFLAGS += -DNOMINMAX
-
- # Linking to winsock to get htonl
- OS_LIBS += Ws2_32.lib
-else
- CXXFLAGS += -std=c++0x
-endif
--- a/security/nss/external_tests/ssl_gtest/databuffer.h
+++ b/security/nss/external_tests/ssl_gtest/databuffer.h
@@ -46,19 +46,26 @@ class DataBuffer {
void Truncate(size_t len) {
len_ = std::min(len_, len);
}
void Assign(const DataBuffer& other) {
Assign(other.data(), other.len());
}
+
void Assign(const uint8_t* data, size_t len) {
- Allocate(len);
- memcpy(static_cast<void *>(data_), static_cast<const void *>(data), len);
+ if (data) {
+ Allocate(len);
+ memcpy(static_cast<void *>(data_), static_cast<const void *>(data), len);
+ } else {
+ assert(len == 0);
+ data_ = nullptr;
+ len_ = 0;
+ }
}
// Write will do a new allocation and expand the size of the buffer if needed.
void Write(size_t index, const uint8_t* val, size_t count) {
if (index + count > len_) {
size_t newlen = index + count;
uint8_t* tmp = new uint8_t[newlen]; // Always > 0.
memcpy(static_cast<void*>(tmp),
@@ -161,11 +168,20 @@ inline std::ostream& operator<<(std::ost
}
stream << std::hex << std::setfill('0') << std::setw(2)
<< static_cast<unsigned>(buf.data()[i]);
}
stream << std::dec;
return stream;
}
+inline bool operator==(const DataBuffer& a, const DataBuffer& b) {
+ return (a.empty() && b.empty()) ||
+ (a.len() == b.len() && 0 == memcmp(a.data(), b.data(), a.len()));
+}
+
+inline bool operator!=(const DataBuffer& a, const DataBuffer& b) {
+ return !(a == b);
+}
+
} // namespace nss_test
#endif
--- a/security/nss/external_tests/ssl_gtest/manifest.mn
+++ b/security/nss/external_tests/ssl_gtest/manifest.mn
@@ -10,17 +10,16 @@ MODULE = nss
CSRCS = \
libssl_internals.c \
$(NULL)
CPPSRCS = \
ssl_agent_unittest.cc \
ssl_loopback_unittest.cc \
ssl_extension_unittest.cc \
- ssl_prf_unittest.cc \
ssl_skip_unittest.cc \
ssl_gtest.cc \
test_io.cc \
tls_agent.cc \
tls_connect.cc \
tls_filter.cc \
tls_parser.cc \
$(NULL)
--- a/security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc
@@ -604,16 +604,120 @@ TEST_P(TlsExtensionTest12Plus, Signature
uint32_t v;
EXPECT_TRUE(ext.Read(cursor++, 1, &v));
EXPECT_EQ(algorithms[i].hashAlg, static_cast<SSLHashType>(v));
EXPECT_TRUE(ext.Read(cursor++, 1, &v));
EXPECT_EQ(algorithms[i].sigAlg, static_cast<SSLSignType>(v));
}
}
+/*
+ * Tests for Certificate Transparency (RFC 6962)
+ */
+
+// Helper class - stores signed certificate timestamps as provided
+// by the relevant callbacks on the client.
+class SignedCertificateTimestampsExtractor {
+ public:
+ SignedCertificateTimestampsExtractor(TlsAgent& client) {
+ client.SetAuthCertificateCallback(
+ [&](TlsAgent& agent, PRBool checksig, PRBool isServer) {
+ const SECItem *scts = SSL_PeerSignedCertTimestamps(agent.ssl_fd());
+ ASSERT_TRUE(scts);
+ auth_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+ }
+ );
+ client.SetHandshakeCallback(
+ [&](TlsAgent& agent) {
+ const SECItem *scts = SSL_PeerSignedCertTimestamps(agent.ssl_fd());
+ ASSERT_TRUE(scts);
+ handshake_timestamps_.reset(new DataBuffer(scts->data, scts->len));
+ }
+ );
+ }
+
+ void assertTimestamps(const DataBuffer& timestamps) {
+ ASSERT_TRUE(auth_timestamps_);
+ ASSERT_EQ(timestamps, *auth_timestamps_);
+
+ ASSERT_TRUE(handshake_timestamps_);
+ ASSERT_EQ(timestamps, *handshake_timestamps_);
+ }
+
+ private:
+ std::unique_ptr<DataBuffer> auth_timestamps_;
+ std::unique_ptr<DataBuffer> handshake_timestamps_;
+};
+
+// Test timestamps extraction during a successful handshake.
+TEST_P(TlsExtensionTestGeneric, SignedCertificateTimestampsHandshake) {
+ uint8_t val[] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
+ const SECItem si_timestamps = { siBuffer, val, sizeof(val) };
+ const DataBuffer timestamps(val, sizeof(val));
+
+ server_->StartConnect();
+ ASSERT_EQ(SECSuccess,
+ SSL_SetSignedCertTimestamps(server_->ssl_fd(),
+ &si_timestamps, server_->kea()));
+
+ client_->StartConnect();
+ ASSERT_EQ(SECSuccess,
+ SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE));
+
+ SignedCertificateTimestampsExtractor timestamps_extractor(*client_);
+ Handshake();
+ CheckConnected();
+ timestamps_extractor.assertTimestamps(timestamps);
+}
+
+// Test SSL_PeerSignedCertTimestamps returning zero-length SECItem
+// when the client / the server / both have not enabled the feature.
+TEST_P(TlsExtensionTestGeneric, SignedCertificateTimestampsInactiveClient) {
+ uint8_t val[] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
+ const SECItem si_timestamps = { siBuffer, val, sizeof(val) };
+
+ server_->StartConnect();
+ ASSERT_EQ(SECSuccess,
+ SSL_SetSignedCertTimestamps(server_->ssl_fd(),
+ &si_timestamps, server_->kea()));
+
+ client_->StartConnect();
+
+ SignedCertificateTimestampsExtractor timestamps_extractor(*client_);
+ Handshake();
+ CheckConnected();
+ timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+TEST_P(TlsExtensionTestGeneric, SignedCertificateTimestampsInactiveServer) {
+ server_->StartConnect();
+
+ client_->StartConnect();
+ ASSERT_EQ(SECSuccess,
+ SSL_OptionSet(client_->ssl_fd(),
+ SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, PR_TRUE));
+
+ SignedCertificateTimestampsExtractor timestamps_extractor(*client_);
+ Handshake();
+ CheckConnected();
+ timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+TEST_P(TlsExtensionTestGeneric, SignedCertificateTimestampsInactiveBoth) {
+ server_->StartConnect();
+ client_->StartConnect();
+
+ SignedCertificateTimestampsExtractor timestamps_extractor(*client_);
+ Handshake();
+ CheckConnected();
+ timestamps_extractor.assertTimestamps(DataBuffer());
+}
+
+
INSTANTIATE_TEST_CASE_P(ExtensionTls10, TlsExtensionTestGeneric,
::testing::Combine(
TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10));
INSTANTIATE_TEST_CASE_P(ExtensionVariants, TlsExtensionTestGeneric,
::testing::Combine(
TlsConnectTestBase::kTlsModesAll,
TlsConnectTestBase::kTlsV11V12));
deleted file mode 100644
--- a/security/nss/external_tests/ssl_gtest/ssl_prf_unittest.cc
+++ /dev/null
@@ -1,253 +0,0 @@
-/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=2 et sw=2 tw=80: */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this file,
- * You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nss.h"
-#include "pk11pub.h"
-#include <memory>
-
-#include "gtest_utils.h"
-
-namespace nss_test {
-
-#define CONST_UINT8_TO_UCHAR(a) const_cast<unsigned char*>( \
- static_cast<const unsigned char *>(a))
-
-const size_t kPmsSize = 48;
-const size_t kMasterSecretSize = 48;
-const size_t kPrfSeedSizeSha256 = 32;
-const size_t kPrfSeedSizeTlsPrf = 36;
-
-// This is not the right size for anything
-const size_t kIncorrectSize = 17;
-
-const uint8_t kPmsData[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
- 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
- 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,
- 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,
- 0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f
-};
-
-const uint8_t kPrfSeed[] = {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff,
- 0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7,
- 0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef,
- 0xd0,0xd1,0xd2,0xd3
-};
-
-const uint8_t kExpectedOutputEmsSha256[] = {
- 0x75,0xa7,0xa5,0x98,0xef,0xab,0x90,0xe7,
- 0x7c,0x67,0x80,0xde,0xab,0x3a,0x11,0xf3,
- 0x5d,0xb2,0xf8,0x47,0xff,0x09,0x01,0xec,
- 0xf8,0x93,0x89,0xfc,0x98,0x2e,0x6e,0xf9,
- 0x2c,0xf5,0x9b,0x04,0x04,0x6f,0xd7,0x28,
- 0x6e,0xea,0xe3,0x83,0xc4,0x4a,0xff,0x03
-};
-
-const uint8_t kExpectedOutputEmsTlsPrf[] = {
- 0x06,0xbf,0x29,0x86,0x5d,0xf3,0x3e,0x38,
- 0xfd,0xfa,0x91,0x10,0x2a,0x20,0xff,0xd6,
- 0xb9,0xd5,0x72,0x5a,0x6d,0x42,0x20,0x16,
- 0xde,0xa4,0xa0,0x51,0xe5,0x53,0xc1,0x28,
- 0x04,0x99,0xbc,0xb1,0x2c,0x9d,0xe8,0x0b,
- 0x18,0xa2,0x0e,0x48,0x52,0x8d,0x61,0x13
-};
-
-static unsigned char* toUcharPtr(const uint8_t* v) {
- return const_cast<unsigned char*>(
- static_cast<const unsigned char *>(v));
-}
-
-class TlsPrfTest : public ::testing::Test {
- public:
- TlsPrfTest()
- : params_({siBuffer, nullptr, 0})
- , pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize})
- , key_mech_(0)
- , slot_(nullptr)
- , pms_(nullptr)
- , ms_(nullptr)
- , pms_version_({0, 0}) {}
-
- ~TlsPrfTest() {
- if (slot_) { PK11_FreeSlot(slot_); }
- ClearTempVars();
- }
-
- void ClearTempVars() {
- if (pms_) { PK11_FreeSymKey(pms_); }
- if (ms_) { PK11_FreeSymKey(ms_); }
- }
-
- void Init() {
- params_.type = siBuffer;
-
- pms_item_.type = siBuffer;
- pms_item_.data = const_cast<unsigned char*>(
- static_cast<const unsigned char *>(kPmsData));
-
- slot_ = PK11_GetInternalSlot();
- ASSERT_NE(nullptr, slot_);
- }
-
- void CheckForError(CK_MECHANISM_TYPE hash_mech,
- size_t seed_len,
- size_t pms_len,
- size_t output_len) {
- // Error tests don't depend on the derivation mechansim
- Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech,
- seed_len, pms_len, output_len, nullptr, nullptr);
- }
-
- void ComputeAndVerifyMs(CK_MECHANISM_TYPE derive_mech,
- CK_MECHANISM_TYPE hash_mech,
- CK_VERSION* version,
- const uint8_t* expected) {
- // Infer seed length from mechanism
- int seed_len = 0;
- switch (hash_mech) {
- case CKM_TLS_PRF: seed_len = kPrfSeedSizeTlsPrf; break;
- case CKM_SHA256: seed_len = kPrfSeedSizeSha256; break;
- default: ASSERT_TRUE(false);
- }
-
- Inner(derive_mech, hash_mech, seed_len,
- kPmsSize, 0, version, expected);
- }
-
-
- // Set output == nullptr to test when errors occur
- void Inner(
- CK_MECHANISM_TYPE derive_mech,
- CK_MECHANISM_TYPE hash_mech,
- size_t seed_len,
- size_t pms_len,
- size_t output_len,
- CK_VERSION* version,
- const uint8_t* expected) {
- ClearTempVars();
-
- // Infer the key mechanism from the hash type
- switch (hash_mech) {
- case CKM_TLS_PRF: key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE; break;
- case CKM_SHA256: key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; break;
- default: ASSERT_TRUE(false);
- }
-
- // Import the params
- CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = {
- hash_mech,
- toUcharPtr(kPrfSeed),
- seed_len,
- version
- };
- params_.data = reinterpret_cast<unsigned char*>(&master_params);
- params_.len = sizeof(master_params);
-
- // Import the PMS
- pms_item_.len = pms_len;
- pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap,
- CKA_DERIVE, &pms_item_, NULL);
- ASSERT_NE(nullptr, pms_);
-
-
- // Compute the EMS
- ms_ = PK11_DeriveWithFlags(pms_, derive_mech, ¶ms_, key_mech_,
- CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY);
-
- // Verify the EMS has the expected value (null or otherwise)
- if (!expected) {
- EXPECT_EQ(nullptr, ms_);
- } else {
- ASSERT_NE(nullptr, ms_);
-
- SECStatus rv = PK11_ExtractKeyValue(ms_);
- ASSERT_EQ(SECSuccess, rv);
-
- SECItem *msData = PK11_GetKeyData(ms_);
- ASSERT_NE(nullptr, msData);
-
- ASSERT_EQ(kMasterSecretSize, msData->len);
- EXPECT_EQ(0,
- memcmp(msData->data, expected, kMasterSecretSize));
- }
- }
-
- protected:
- SECItem params_;
- SECItem pms_item_;
- CK_MECHANISM_TYPE key_mech_;
- PK11SlotInfo *slot_;
- PK11SymKey *pms_;
- PK11SymKey *ms_;
- CK_VERSION pms_version_;
-};
-
-TEST_F(TlsPrfTest, ExtendedMsParamErr) {
- Init();
-
- // This should fail; it's the correct set from which the below are derived
- // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, 0);
-
- // Output key size != 0, SSL3_MASTER_SECRET_LENGTH
- CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, kIncorrectSize);
-
- // not-DH && pms size != SSL3_PMS_LENGTH
- CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0);
-
- // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH
- CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0);
-
- // !CKM_TLS_PRF && seed length != hash output length
- CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0);
-}
-
-// Test matrix:
-//
-// DH RSA
-// TLS_PRF 1 2
-// SHA256 3 4
-TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) {
- Init();
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
- CKM_TLS_PRF,
- nullptr,
- kExpectedOutputEmsTlsPrf);
-}
-
-TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) {
- Init();
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
- CKM_TLS_PRF,
- &pms_version_,
- kExpectedOutputEmsTlsPrf);
- EXPECT_EQ(0, pms_version_.major);
- EXPECT_EQ(1, pms_version_.minor);
-}
-
-
-TEST_F(TlsPrfTest, ExtendedMsDhSha256) {
- Init();
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH,
- CKM_SHA256,
- nullptr,
- kExpectedOutputEmsSha256);
-}
-
-TEST_F(TlsPrfTest, ExtendedMsRsaSha256) {
- Init();
- ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
- CKM_SHA256,
- &pms_version_,
- kExpectedOutputEmsSha256);
- EXPECT_EQ(0, pms_version_.major);
- EXPECT_EQ(1, pms_version_.minor);
-}
-
-} // namespace nss_test
-
--- a/security/nss/external_tests/ssl_gtest/tls_agent.cc
+++ b/security/nss/external_tests/ssl_gtest/tls_agent.cc
@@ -35,17 +35,19 @@ TlsAgent::TlsAgent(const std::string& na
expect_resumption_(false),
can_falsestart_hook_called_(false),
sni_hook_called_(false),
auth_certificate_hook_called_(false),
handshake_callback_called_(false),
error_code_(0),
send_ctr_(0),
recv_ctr_(0),
- expected_read_error_(false) {
+ expected_read_error_(false),
+ handshake_callback_(),
+ auth_certificate_callback_() {
memset(&info_, 0, sizeof(info_));
memset(&csinfo_, 0, sizeof(csinfo_));
SECStatus rv = SSL_VersionRangeGetDefault(mode_ == STREAM ?
ssl_variant_stream : ssl_variant_datagram,
&vrange_);
EXPECT_EQ(SECSuccess, rv);
}
--- a/security/nss/external_tests/ssl_gtest/tls_agent.h
+++ b/security/nss/external_tests/ssl_gtest/tls_agent.h
@@ -6,16 +6,17 @@
#ifndef tls_agent_h_
#define tls_agent_h_
#include "prio.h"
#include "ssl.h"
#include <iostream>
+#include <functional>
#include "test_io.h"
#define GTEST_HAS_RTTI 0
#include "gtest/gtest.h"
namespace nss_test {
@@ -23,16 +24,26 @@ namespace nss_test {
enum SessionResumptionMode {
RESUME_NONE = 0,
RESUME_SESSIONID = 1,
RESUME_TICKET = 2,
RESUME_BOTH = RESUME_SESSIONID | RESUME_TICKET
};
+class TlsAgent;
+
+typedef
+ std::function<void(TlsAgent& agent, PRBool checksig, PRBool isServer)>
+ AuthCertificateCallbackFunction;
+
+typedef
+ std::function<void(TlsAgent& agent)>
+ HandshakeCallbackFunction;
+
class TlsAgent : public PollTarget {
public:
enum Role { CLIENT, SERVER };
enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR };
TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea);
virtual ~TlsAgent();
@@ -89,18 +100,22 @@ class TlsAgent : public PollTarget {
void CheckErrorCode(int32_t expected) const;
void SendData(size_t bytes, size_t blocksize = 1024);
void ReadBytes();
void ResetSentBytes(); // Hack to test drops.
void EnableExtendedMasterSecret();
void CheckExtendedMasterSecret(bool expected);
void DisableRollbackDetection();
+ Role role() const { return role_; }
+
State state() const { return state_; }
+ SSLKEAType kea() const { return kea_; }
+
const char* state_str() const { return state_str(state()); }
const char* state_str(State state) const { return states[state]; }
PRFileDesc* ssl_fd() { return ssl_fd_; }
DummyPrSocket* adapter() { return adapter_; }
uint16_t min_version() const { return vrange_.min; }
@@ -126,16 +141,25 @@ class TlsAgent : public PollTarget {
std::vector<uint8_t> session_id() const {
return std::vector<uint8_t>(info_.sessionID,
info_.sessionID + info_.sessionIDLength);
}
size_t received_bytes() const { return recv_ctr_; }
int32_t error_code() const { return error_code_; }
+ void SetHandshakeCallback(HandshakeCallbackFunction handshake_callback) {
+ handshake_callback_ = handshake_callback;
+ }
+
+ void SetAuthCertificateCallback(
+ AuthCertificateCallbackFunction auth_certificate_callback) {
+ auth_certificate_callback_ = auth_certificate_callback;
+ }
+
private:
const static char* states[];
void SetState(State state) {
if (state_ == state) return;
LOG("Changing state from " << state_str(state_) << " to "
<< state_str(state));
@@ -143,25 +167,31 @@ class TlsAgent : public PollTarget {
}
// Dummy auth certificate hook.
static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
PRBool checksig, PRBool isServer) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
agent->CheckPreliminaryInfo();
agent->auth_certificate_hook_called_ = true;
+ if (agent->auth_certificate_callback_) {
+ agent->auth_certificate_callback_(*agent, checksig, isServer);
+ }
return SECSuccess;
}
// Client auth certificate hook.
static SECStatus ClientAuthenticated(void* arg, PRFileDesc* fd,
PRBool checksig, PRBool isServer) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
EXPECT_TRUE(agent->expect_client_auth_);
EXPECT_TRUE(isServer);
+ if (agent->auth_certificate_callback_) {
+ agent->auth_certificate_callback_(*agent, checksig, isServer);
+ }
return SECSuccess;
}
static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd,
CERTDistNames* caNames,
CERTCertificate** cert,
SECKEYPrivateKey** privKey);
@@ -203,16 +233,19 @@ class TlsAgent : public PollTarget {
*canFalseStart = true;
return SECSuccess;
}
static void HandshakeCallback(PRFileDesc *fd, void *arg) {
TlsAgent* agent = reinterpret_cast<TlsAgent*>(arg);
agent->CheckPreliminaryInfo();
agent->handshake_callback_called_ = true;
+ if (agent->handshake_callback_) {
+ agent->handshake_callback_(*agent);
+ }
}
void CheckCallbacks() const;
void Connected();
const std::string name_;
Mode mode_;
SSLKEAType kea_;
@@ -232,16 +265,18 @@ class TlsAgent : public PollTarget {
bool handshake_callback_called_;
SSLChannelInfo info_;
SSLCipherSuiteInfo csinfo_;
SSLVersionRange vrange_;
int32_t error_code_;
size_t send_ctr_;
size_t recv_ctr_;
bool expected_read_error_;
+ HandshakeCallbackFunction handshake_callback_;
+ AuthCertificateCallbackFunction auth_certificate_callback_;
};
class TlsAgentTestBase : public ::testing::Test {
public:
static ::testing::internal::ParamGenerator<std::string> kTlsRolesAll;
TlsAgentTestBase(TlsAgent::Role role,
Mode mode) : agent_(nullptr),
--- a/security/nss/lib/Makefile
+++ b/security/nss/lib/Makefile
@@ -41,35 +41,53 @@ ifeq ($(OS_ARCH),Linux)
SYSINIT_SRCDIR = sysinit # Add the sysinit directory to DIRS.
endif
endif
ifndef NSS_DISABLE_DBM
DBM_SRCDIR = dbm # Add the dbm directory to DIRS.
endif
+ifeq ($(NSS_BUILD_UTIL_ONLY),1)
+SYSINIT_SRCDIR=
+endif
+
#######################################################################
# (5) Execute "global" rules. (OPTIONAL) #
#######################################################################
include $(CORE_DEPTH)/coreconf/rules.mk
#######################################################################
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
-# Not included when building nss without softoken
-UTIL_SRCDIR =
-FREEBL_SRCDIR =
-SOFTOKEN_SRCDIR =
+ifeq ($(NSS_BUILD_UTIL_ONLY),1)
+ UTIL_SRCDIR = util
+ FREEBL_SRCDIR =
+ SOFTOKEN_SRCDIR =
else
-# default is to include all
-UTIL_SRCDIR = util
-FREEBL_SRCDIR = freebl
-SOFTOKEN_SRCDIR = softoken
+ ifeq ($(NSS_BUILD_SOFTOKEN_ONLY),1)
+ UTIL_SRCDIR =
+ FREEBL_SRCDIR = freebl
+ SOFTOKEN_SRCDIR = softoken
+ else
+ ifeq ($(NSS_BUILD_WITHOUT_SOFTOKEN),1)
+ # Not included when building nss without softoken
+ # This build type uses the build results of the prior
+ # NSS_BUILD_UTIL_ONLY and NSS_BUILD_SOFTOKEN_ONLY builds
+ UTIL_SRCDIR =
+ FREEBL_SRCDIR =
+ SOFTOKEN_SRCDIR =
+ else
+ # default is to include all
+ UTIL_SRCDIR = util
+ FREEBL_SRCDIR = freebl
+ SOFTOKEN_SRCDIR = softoken
+ endif
+ endif
endif
--- a/security/nss/lib/base/arena.c
+++ b/security/nss/lib/base/arena.c
@@ -36,110 +36,104 @@
*
* The nonpublic methods relating to this type are:
*
* nssArena_Create -- constructor
* nssArena_Destroy
* nssArena_Mark
* nssArena_Release
* nssArena_Unmark
- *
+ *
* nss_ZAlloc
* nss_ZFreeIf
* nss_ZRealloc
*
* In debug builds, the following calls are available:
*
* nssArena_verifyPointer
* nssArena_registerDestructor
* nssArena_deregisterDestructor
*/
struct NSSArenaStr {
- PLArenaPool pool;
- PRLock *lock;
+ PLArenaPool pool;
+ PRLock *lock;
#ifdef ARENA_THREADMARK
- PRThread *marking_thread;
- nssArenaMark *first_mark;
- nssArenaMark *last_mark;
+ PRThread *marking_thread;
+ nssArenaMark *first_mark;
+ nssArenaMark *last_mark;
#endif /* ARENA_THREADMARK */
#ifdef ARENA_DESTRUCTOR_LIST
- struct arena_destructor_node *first_destructor;
- struct arena_destructor_node *last_destructor;
+ struct arena_destructor_node *first_destructor;
+ struct arena_destructor_node *last_destructor;
#endif /* ARENA_DESTRUCTOR_LIST */
};
/*
* nssArenaMark
*
* This type is used to mark the current state of an NSSArena.
*/
struct nssArenaMarkStr {
- PRUint32 magic;
- void *mark;
+ PRUint32 magic;
+ void *mark;
#ifdef ARENA_THREADMARK
- nssArenaMark *next;
+ nssArenaMark *next;
#endif /* ARENA_THREADMARK */
#ifdef ARENA_DESTRUCTOR_LIST
- struct arena_destructor_node *next_destructor;
- struct arena_destructor_node *prev_destructor;
+ struct arena_destructor_node *next_destructor;
+ struct arena_destructor_node *prev_destructor;
#endif /* ARENA_DESTRUCTOR_LIST */
};
#define MARK_MAGIC 0x4d41524b /* "MARK" how original */
/*
* But first, the pointer-tracking code
*/
#ifdef DEBUG
extern const NSSError NSS_ERROR_INTERNAL_ERROR;
static nssPointerTracker arena_pointer_tracker;
static PRStatus
-arena_add_pointer
-(
- const NSSArena *arena
-)
+arena_add_pointer(const NSSArena *arena)
{
- PRStatus rv;
+ PRStatus rv;
+
+ rv = nssPointerTracker_initialize(&arena_pointer_tracker);
+ if (PR_SUCCESS != rv) {
+ return rv;
+ }
- rv = nssPointerTracker_initialize(&arena_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- return rv;
- }
+ rv = nssPointerTracker_add(&arena_pointer_tracker, arena);
+ if (PR_SUCCESS != rv) {
+ NSSError e = NSS_GetError();
+ if (NSS_ERROR_NO_MEMORY != e) {
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+ }
+
+ return rv;
+ }
- rv = nssPointerTracker_add(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- NSSError e = NSS_GetError();
- if( NSS_ERROR_NO_MEMORY != e ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
+ return PR_SUCCESS;
+}
+
+static PRStatus
+arena_remove_pointer(const NSSArena *arena)
+{
+ PRStatus rv;
+
+ rv = nssPointerTracker_remove(&arena_pointer_tracker, arena);
+ if (PR_SUCCESS != rv) {
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR);
}
return rv;
- }
-
- return PR_SUCCESS;
-}
-
-static PRStatus
-arena_remove_pointer
-(
- const NSSArena *arena
-)
-{
- PRStatus rv;
-
- rv = nssPointerTracker_remove(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INTERNAL_ERROR);
- }
-
- return rv;
}
/*
* nssArena_verifyPointer
*
* This method is only present in debug builds.
*
* If the specified pointer is a valid pointer to an NSSArena object,
@@ -150,186 +144,172 @@ arena_remove_pointer
* NSS_ERROR_INVALID_ARENA
*
* Return value:
* PR_SUCCESS if the pointer is valid
* PR_FAILURE if it isn't
*/
NSS_IMPLEMENT PRStatus
-nssArena_verifyPointer
-(
- const NSSArena *arena
-)
+nssArena_verifyPointer(const NSSArena *arena)
{
- PRStatus rv;
+ PRStatus rv;
- rv = nssPointerTracker_initialize(&arena_pointer_tracker);
- if( PR_SUCCESS != rv ) {
- /*
- * This is a little disingenious. We have to initialize the
- * tracker, because someone could "legitimately" try to verify
- * an arena pointer before one is ever created. And this step
- * might fail, due to lack of memory. But the only way that
- * this step can fail is if it's doing the call_once stuff,
- * (later calls just no-op). And if it didn't no-op, there
- * aren't any valid arenas.. so the argument certainly isn't one.
- */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
+ rv = nssPointerTracker_initialize(&arena_pointer_tracker);
+ if (PR_SUCCESS != rv) {
+ /*
+ * This is a little disingenious. We have to initialize the
+ * tracker, because someone could "legitimately" try to verify
+ * an arena pointer before one is ever created. And this step
+ * might fail, due to lack of memory. But the only way that
+ * this step can fail is if it's doing the call_once stuff,
+ * (later calls just no-op). And if it didn't no-op, there
+ * aren't any valid arenas.. so the argument certainly isn't one.
+ */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return PR_FAILURE;
+ }
- rv = nssPointerTracker_verify(&arena_pointer_tracker, arena);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
+ rv = nssPointerTracker_verify(&arena_pointer_tracker, arena);
+ if (PR_SUCCESS != rv) {
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return PR_FAILURE;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
#endif /* DEBUG */
#ifdef ARENA_DESTRUCTOR_LIST
struct arena_destructor_node {
- struct arena_destructor_node *next;
- struct arena_destructor_node *prev;
- void (*destructor)(void *argument);
- void *arg;
+ struct arena_destructor_node *next;
+ struct arena_destructor_node *prev;
+ void (*destructor)(void *argument);
+ void *arg;
};
/*
* nssArena_registerDestructor
*
* This routine stores a pointer to a callback and an arbitrary
* pointer-sized argument in the arena, at the current point in
* the mark stack. If the arena is destroyed, or an "earlier"
* mark is released, then this destructor will be called at that
* time. Note that the destructor will be called with the arena
* locked, which means the destructor may free memory in that
* arena, but it may not allocate or cause to be allocated any
* memory. This callback facility was included to support our
* debug-version pointer-tracker feature; overuse runs counter to
- * the the original intent of arenas. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
+ * the the original intent of arenas. This routine returns a
+ * PRStatus value; if successful, it will return PR_SUCCESS. If
+ * unsuccessful, it will set an error on the error stack and
* return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nssArena_registerDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-)
+nssArena_registerDestructor(NSSArena *arena, void (*destructor)(void *argument),
+ void *arg)
{
- struct arena_destructor_node *it;
+ struct arena_destructor_node *it;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
-
- it = nss_ZNEW(arena, struct arena_destructor_node);
- if( (struct arena_destructor_node *)NULL == it ) {
- return PR_FAILURE;
- }
+
+ it = nss_ZNEW(arena, struct arena_destructor_node);
+ if ((struct arena_destructor_node *)NULL == it) {
+ return PR_FAILURE;
+ }
- it->prev = arena->last_destructor;
- arena->last_destructor->next = it;
- arena->last_destructor = it;
- it->destructor = destructor;
- it->arg = arg;
+ it->prev = arena->last_destructor;
+ arena->last_destructor->next = it;
+ arena->last_destructor = it;
+ it->destructor = destructor;
+ it->arg = arg;
- if( (nssArenaMark *)NULL != arena->last_mark ) {
- arena->last_mark->prev_destructor = it->prev;
- arena->last_mark->next_destructor = it->next;
- }
+ if ((nssArenaMark *)NULL != arena->last_mark) {
+ arena->last_mark->prev_destructor = it->prev;
+ arena->last_mark->next_destructor = it->next;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
-nssArena_deregisterDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-)
+nssArena_deregisterDestructor(NSSArena *arena,
+ void (*destructor)(void *argument), void *arg)
{
- struct arena_destructor_node *it;
+ struct arena_destructor_node *it;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
- for( it = arena->first_destructor; it; it = it->next ) {
- if( (it->destructor == destructor) && (it->arg == arg) ) {
- break;
+ for (it = arena->first_destructor; it; it = it->next) {
+ if ((it->destructor == destructor) && (it->arg == arg)) {
+ break;
+ }
}
- }
- if( (struct arena_destructor_node *)NULL == it ) {
- nss_SetError(NSS_ERROR_NOT_FOUND);
- return PR_FAILURE;
- }
+ if ((struct arena_destructor_node *)NULL == it) {
+ nss_SetError(NSS_ERROR_NOT_FOUND);
+ return PR_FAILURE;
+ }
- if( it == arena->first_destructor ) {
- arena->first_destructor = it->next;
- }
+ if (it == arena->first_destructor) {
+ arena->first_destructor = it->next;
+ }
- if( it == arena->last_destructor ) {
- arena->last_destructor = it->prev;
- }
+ if (it == arena->last_destructor) {
+ arena->last_destructor = it->prev;
+ }
- if( (struct arena_destructor_node *)NULL != it->prev ) {
- it->prev->next = it->next;
- }
+ if ((struct arena_destructor_node *)NULL != it->prev) {
+ it->prev->next = it->next;
+ }
- if( (struct arena_destructor_node *)NULL != it->next ) {
- it->next->prev = it->prev;
- }
+ if ((struct arena_destructor_node *)NULL != it->next) {
+ it->next->prev = it->prev;
+ }
- {
- nssArenaMark *m;
- for( m = arena->first_mark; m; m = m->next ) {
- if( m->next_destructor == it ) {
- m->next_destructor = it->next;
- }
- if( m->prev_destructor == it ) {
- m->prev_destructor = it->prev;
- }
+ {
+ nssArenaMark *m;
+ for (m = arena->first_mark; m; m = m->next) {
+ if (m->next_destructor == it) {
+ m->next_destructor = it->next;
+ }
+ if (m->prev_destructor == it) {
+ m->prev_destructor = it->prev;
+ }
+ }
}
- }
- nss_ZFreeIf(it);
- return PR_SUCCESS;
+ nss_ZFreeIf(it);
+ return PR_SUCCESS;
}
static void
-nss_arena_call_destructor_chain
-(
- struct arena_destructor_node *it
-)
+nss_arena_call_destructor_chain(struct arena_destructor_node *it)
{
- for( ; it ; it = it->next ) {
- (*(it->destructor))(it->arg);
- }
+ for (; it; it = it->next) {
+ (*(it->destructor))(it->arg);
+ }
}
#endif /* ARENA_DESTRUCTOR_LIST */
/*
* NSSArena_Create
*
* This routine creates a new memory arena. This routine may return
@@ -339,382 +319,367 @@ nss_arena_call_destructor_chain
* NSS_ERROR_NO_MEMORY
*
* Return value:
* NULL upon error
* A pointer to an NSSArena upon success
*/
NSS_IMPLEMENT NSSArena *
-NSSArena_Create
-(
- void
-)
+NSSArena_Create(void)
{
- nss_ClearErrorStack();
- return nssArena_Create();
+ nss_ClearErrorStack();
+ return nssArena_Create();
}
/*
* nssArena_Create
*
* This routine creates a new memory arena. This routine may return
- * NULL upon error, in which case it will have set an error on the
+ * NULL upon error, in which case it will have set an error on the
* error stack.
*
* The error may be one of the following values:
* NSS_ERROR_NO_MEMORY
*
* Return value:
* NULL upon error
* A pointer to an NSSArena upon success
*/
NSS_IMPLEMENT NSSArena *
-nssArena_Create
-(
- void
-)
+nssArena_Create(void)
{
- NSSArena *rv = (NSSArena *)NULL;
+ NSSArena *rv = (NSSArena *)NULL;
- rv = nss_ZNEW((NSSArena *)NULL, NSSArena);
- if( (NSSArena *)NULL == rv ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSArena *)NULL;
- }
+ rv = nss_ZNEW((NSSArena *)NULL, NSSArena);
+ if ((NSSArena *)NULL == rv) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (NSSArena *)NULL;
+ }
+
+ rv->lock = PR_NewLock();
+ if ((PRLock *)NULL == rv->lock) {
+ (void)nss_ZFreeIf(rv);
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (NSSArena *)NULL;
+ }
- rv->lock = PR_NewLock();
- if( (PRLock *)NULL == rv->lock ) {
- (void)nss_ZFreeIf(rv);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSArena *)NULL;
- }
+ /*
+ * Arena sizes. The current security code has 229 occurrences of
+ * PORT_NewArena. The default chunksizes specified break down as
+ *
+ * Size Mult. Specified as
+ * 512 1 512
+ * 1024 7 1024
+ * 2048 5 2048
+ * 2048 5 CRMF_DEFAULT_ARENA_SIZE
+ * 2048 190 DER_DEFAULT_CHUNKSIZE
+ * 2048 20 SEC_ASN1_DEFAULT_ARENA_SIZE
+ * 4096 1 4096
+ *
+ * Obviously this "default chunksize" flexibility isn't very
+ * useful to us, so I'll just pick 2048.
+ */
- /*
- * Arena sizes. The current security code has 229 occurrences of
- * PORT_NewArena. The default chunksizes specified break down as
- *
- * Size Mult. Specified as
- * 512 1 512
- * 1024 7 1024
- * 2048 5 2048
- * 2048 5 CRMF_DEFAULT_ARENA_SIZE
- * 2048 190 DER_DEFAULT_CHUNKSIZE
- * 2048 20 SEC_ASN1_DEFAULT_ARENA_SIZE
- * 4096 1 4096
- *
- * Obviously this "default chunksize" flexibility isn't very
- * useful to us, so I'll just pick 2048.
- */
-
- PL_InitArenaPool(&rv->pool, "NSS", 2048, sizeof(double));
+ PL_InitArenaPool(&rv->pool, "NSS", 2048, sizeof(double));
#ifdef DEBUG
- {
- PRStatus st;
- st = arena_add_pointer(rv);
- if( PR_SUCCESS != st ) {
- PL_FinishArenaPool(&rv->pool);
- PR_DestroyLock(rv->lock);
- (void)nss_ZFreeIf(rv);
- return (NSSArena *)NULL;
+ {
+ PRStatus st;
+ st = arena_add_pointer(rv);
+ if (PR_SUCCESS != st) {
+ PL_FinishArenaPool(&rv->pool);
+ PR_DestroyLock(rv->lock);
+ (void)nss_ZFreeIf(rv);
+ return (NSSArena *)NULL;
+ }
}
- }
#endif /* DEBUG */
- return rv;
+ return rv;
}
/*
* NSSArena_Destroy
*
* This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
+ * allocated from it. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCESS. If unsuccessful, it will
* create an error stack and return PR_FAILURE.
*
* The top-level error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
*
* Return value:
* PR_SUCCESS upon success
* PR_FAILURE upon failure
*/
NSS_IMPLEMENT PRStatus
-NSSArena_Destroy
-(
- NSSArena *arena
-)
+NSSArena_Destroy(NSSArena *arena)
{
- nss_ClearErrorStack();
+ nss_ClearErrorStack();
#ifdef DEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* DEBUG */
- return nssArena_Destroy(arena);
+ return nssArena_Destroy(arena);
}
/*
* nssArena_Destroy
*
* This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
+ * allocated from it. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCESS. If unsuccessful, it will
* set an error on the error stack and return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nssArena_Destroy
-(
- NSSArena *arena
-)
+nssArena_Destroy(NSSArena *arena)
{
- PRLock *lock;
+ PRLock *lock;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
- PR_Lock(arena->lock);
-
+ if ((PRLock *)NULL == arena->lock) {
+ /* Just got destroyed */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return PR_FAILURE;
+ }
+ PR_Lock(arena->lock);
+
#ifdef DEBUG
- if( PR_SUCCESS != arena_remove_pointer(arena) ) {
- PR_Unlock(arena->lock);
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != arena_remove_pointer(arena)) {
+ PR_Unlock(arena->lock);
+ return PR_FAILURE;
+ }
#endif /* DEBUG */
#ifdef ARENA_DESTRUCTOR_LIST
- /* Note that the arena is locked at this time */
- nss_arena_call_destructor_chain(arena->first_destructor);
+ /* Note that the arena is locked at this time */
+ nss_arena_call_destructor_chain(arena->first_destructor);
#endif /* ARENA_DESTRUCTOR_LIST */
- PL_FinishArenaPool(&arena->pool);
- lock = arena->lock;
- arena->lock = (PRLock *)NULL;
- PR_Unlock(lock);
- PR_DestroyLock(lock);
- (void)nss_ZFreeIf(arena);
- return PR_SUCCESS;
+ PL_FinishArenaPool(&arena->pool);
+ lock = arena->lock;
+ arena->lock = (PRLock *)NULL;
+ PR_Unlock(lock);
+ PR_DestroyLock(lock);
+ (void)nss_ZFreeIf(arena);
+ return PR_SUCCESS;
}
static void *nss_zalloc_arena_locked(NSSArena *arena, PRUint32 size);
/*
* nssArena_Mark
*
* This routine "marks" the current state of an arena. Space
* allocated after the arena has been marked can be freed by
* releasing the arena back to the mark with nssArena_Release,
- * or committed by calling nssArena_Unmark. When successful,
- * this routine returns a valid nssArenaMark pointer. This
- * routine may return NULL upon error, in which case it will
+ * or committed by calling nssArena_Unmark. When successful,
+ * this routine returns a valid nssArenaMark pointer. This
+ * routine may return NULL upon error, in which case it will
* have set an error on the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon failure
* An nssArenaMark pointer upon success
*/
NSS_IMPLEMENT nssArenaMark *
-nssArena_Mark
-(
- NSSArena *arena
-)
+nssArena_Mark(NSSArena *arena)
{
- nssArenaMark *rv;
- void *p;
+ nssArenaMark *rv;
+ void *p;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (nssArenaMark *)NULL;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return (nssArenaMark *)NULL;
+ }
#endif /* NSSDEBUG */
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return (nssArenaMark *)NULL;
- }
- PR_Lock(arena->lock);
+ if ((PRLock *)NULL == arena->lock) {
+ /* Just got destroyed */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return (nssArenaMark *)NULL;
+ }
+ PR_Lock(arena->lock);
#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL == arena->marking_thread ) {
- /* Unmarked. Store our thread ID */
- arena->marking_thread = PR_GetCurrentThread();
- /* This call never fails. */
- } else {
- /* Marked. Verify it's the current thread */
- if( PR_GetCurrentThread() != arena->marking_thread ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return (nssArenaMark *)NULL;
+ if ((PRThread *)NULL == arena->marking_thread) {
+ /* Unmarked. Store our thread ID */
+ arena->marking_thread = PR_GetCurrentThread();
+ /* This call never fails. */
}
- }
+ else {
+ /* Marked. Verify it's the current thread */
+ if (PR_GetCurrentThread() != arena->marking_thread) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+ return (nssArenaMark *)NULL;
+ }
+ }
#endif /* ARENA_THREADMARK */
- p = PL_ARENA_MARK(&arena->pool);
- /* No error possible */
+ p = PL_ARENA_MARK(&arena->pool);
+ /* No error possible */
- /* Do this after the mark */
- rv = (nssArenaMark *)nss_zalloc_arena_locked(arena, sizeof(nssArenaMark));
- if( (nssArenaMark *)NULL == rv ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (nssArenaMark *)NULL;
- }
+ /* Do this after the mark */
+ rv = (nssArenaMark *)nss_zalloc_arena_locked(arena, sizeof(nssArenaMark));
+ if ((nssArenaMark *)NULL == rv) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (nssArenaMark *)NULL;
+ }
#ifdef ARENA_THREADMARK
- if ( (nssArenaMark *)NULL == arena->first_mark) {
- arena->first_mark = rv;
- arena->last_mark = rv;
- } else {
- arena->last_mark->next = rv;
- arena->last_mark = rv;
- }
+ if ((nssArenaMark *)NULL == arena->first_mark) {
+ arena->first_mark = rv;
+ arena->last_mark = rv;
+ }
+ else {
+ arena->last_mark->next = rv;
+ arena->last_mark = rv;
+ }
#endif /* ARENA_THREADMARK */
- rv->mark = p;
- rv->magic = MARK_MAGIC;
+ rv->mark = p;
+ rv->magic = MARK_MAGIC;
#ifdef ARENA_DESTRUCTOR_LIST
- rv->prev_destructor = arena->last_destructor;
+ rv->prev_destructor = arena->last_destructor;
#endif /* ARENA_DESTRUCTOR_LIST */
- PR_Unlock(arena->lock);
+ PR_Unlock(arena->lock);
- return rv;
+ return rv;
}
/*
* nss_arena_unmark_release
*
* This static routine implements the routines nssArena_Release
* ans nssArena_Unmark, which are almost identical.
*/
static PRStatus
-nss_arena_unmark_release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark,
- PRBool release
-)
+nss_arena_unmark_release(NSSArena *arena, nssArenaMark *arenaMark,
+ PRBool release)
{
- void *inner_mark;
+ void *inner_mark;
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
- if( MARK_MAGIC != arenaMark->magic ) {
- nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
- return PR_FAILURE;
- }
+ if (MARK_MAGIC != arenaMark->magic) {
+ nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
+ return PR_FAILURE;
+ }
- if( (PRLock *)NULL == arena->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return PR_FAILURE;
- }
- PR_Lock(arena->lock);
+ if ((PRLock *)NULL == arena->lock) {
+ /* Just got destroyed */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return PR_FAILURE;
+ }
+ PR_Lock(arena->lock);
#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL != arena->marking_thread ) {
- if( PR_GetCurrentThread() != arena->marking_thread ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return PR_FAILURE;
+ if ((PRThread *)NULL != arena->marking_thread) {
+ if (PR_GetCurrentThread() != arena->marking_thread) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+ return PR_FAILURE;
+ }
}
- }
#endif /* ARENA_THREADMARK */
- if( MARK_MAGIC != arenaMark->magic ) {
- /* Just got released */
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
- return PR_FAILURE;
- }
-
- arenaMark->magic = 0;
- inner_mark = arenaMark->mark;
-
-#ifdef ARENA_THREADMARK
- {
- nssArenaMark **pMark = &arena->first_mark;
- nssArenaMark *rest;
- nssArenaMark *last = (nssArenaMark *)NULL;
-
- /* Find this mark */
- while( *pMark != arenaMark ) {
- last = *pMark;
- pMark = &(*pMark)->next;
+ if (MARK_MAGIC != arenaMark->magic) {
+ /* Just got released */
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_INVALID_ARENA_MARK);
+ return PR_FAILURE;
}
- /* Remember the pointer, then zero it */
- rest = (*pMark)->next;
- *pMark = (nssArenaMark *)NULL;
+ arenaMark->magic = 0;
+ inner_mark = arenaMark->mark;
- arena->last_mark = last;
+#ifdef ARENA_THREADMARK
+ {
+ nssArenaMark **pMark = &arena->first_mark;
+ nssArenaMark *rest;
+ nssArenaMark *last = (nssArenaMark *)NULL;
+
+ /* Find this mark */
+ while (*pMark != arenaMark) {
+ last = *pMark;
+ pMark = &(*pMark)->next;
+ }
- /* Invalidate any later marks being implicitly released */
- for( ; (nssArenaMark *)NULL != rest; rest = rest->next ) {
- rest->magic = 0;
- }
+ /* Remember the pointer, then zero it */
+ rest = (*pMark)->next;
+ *pMark = (nssArenaMark *)NULL;
+
+ arena->last_mark = last;
- /* If we just got rid of the first mark, clear the thread ID */
- if( (nssArenaMark *)NULL == arena->first_mark ) {
- arena->marking_thread = (PRThread *)NULL;
+ /* Invalidate any later marks being implicitly released */
+ for (; (nssArenaMark *)NULL != rest; rest = rest->next) {
+ rest->magic = 0;
+ }
+
+ /* If we just got rid of the first mark, clear the thread ID */
+ if ((nssArenaMark *)NULL == arena->first_mark) {
+ arena->marking_thread = (PRThread *)NULL;
+ }
}
- }
#endif /* ARENA_THREADMARK */
- if( release ) {
+ if (release) {
#ifdef ARENA_DESTRUCTOR_LIST
- if( (struct arena_destructor_node *)NULL != arenaMark->prev_destructor ) {
- arenaMark->prev_destructor->next = (struct arena_destructor_node *)NULL;
- }
- arena->last_destructor = arenaMark->prev_destructor;
+ if ((struct arena_destructor_node *)NULL !=
+ arenaMark->prev_destructor) {
+ arenaMark->prev_destructor->next =
+ (struct arena_destructor_node *)NULL;
+ }
+ arena->last_destructor = arenaMark->prev_destructor;
- /* Note that the arena is locked at this time */
- nss_arena_call_destructor_chain(arenaMark->next_destructor);
+ /* Note that the arena is locked at this time */
+ nss_arena_call_destructor_chain(arenaMark->next_destructor);
#endif /* ARENA_DESTRUCTOR_LIST */
- PL_ARENA_RELEASE(&arena->pool, inner_mark);
- /* No error return */
- }
+ PL_ARENA_RELEASE(&arena->pool, inner_mark);
+ /* No error return */
+ }
- PR_Unlock(arena->lock);
- return PR_SUCCESS;
+ PR_Unlock(arena->lock);
+ return PR_SUCCESS;
}
/*
* nssArena_Release
*
* This routine invalidates and releases all memory allocated from
* the specified arena after the point at which the specified mark
* was obtained. This routine returns a PRStatus value; if successful,
@@ -727,23 +692,19 @@ nss_arena_unmark_release
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nssArena_Release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-)
+nssArena_Release(NSSArena *arena, nssArenaMark *arenaMark)
{
- return nss_arena_unmark_release(arena, arenaMark, PR_TRUE);
+ return nss_arena_unmark_release(arena, arenaMark, PR_TRUE);
}
/*
* nssArena_Unmark
*
* This routine "commits" the indicated mark and any marks after
* it, making them unreleasable. Note that any earlier marks can
* still be released, and such a release will invalidate these
@@ -759,456 +720,430 @@ nssArena_Release
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nssArena_Unmark
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-)
+nssArena_Unmark(NSSArena *arena, nssArenaMark *arenaMark)
{
- return nss_arena_unmark_release(arena, arenaMark, PR_FALSE);
+ return nss_arena_unmark_release(arena, arenaMark, PR_FALSE);
}
/*
* We prefix this header to all allocated blocks. It is a multiple
* of the alignment size. Note that this usage of a header may make
* purify spew bogus warnings about "potentially leaked blocks" of
* memory; if that gets too annoying we can add in a pointer to the
* header in the header itself. There's not a lot of safety here;
* maybe we should add a magic value?
*/
struct pointer_header {
- NSSArena *arena;
- PRUint32 size;
+ NSSArena *arena;
+ PRUint32 size;
};
static void *
-nss_zalloc_arena_locked
-(
- NSSArena *arena,
- PRUint32 size
-)
+nss_zalloc_arena_locked(NSSArena *arena, PRUint32 size)
{
- void *p;
- void *rv;
- struct pointer_header *h;
- PRUint32 my_size = size + sizeof(struct pointer_header);
- PL_ARENA_ALLOCATE(p, &arena->pool, my_size);
- if( (void *)NULL == p ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
- /*
- * Do this before we unlock. This way if the user is using
- * an arena in one thread while destroying it in another, he'll
- * fault/FMR in his code, not ours.
- */
- h = (struct pointer_header *)p;
- h->arena = arena;
- h->size = size;
- rv = (void *)((char *)h + sizeof(struct pointer_header));
- (void)nsslibc_memset(rv, 0, size);
- return rv;
+ void *p;
+ void *rv;
+ struct pointer_header *h;
+ PRUint32 my_size = size + sizeof(struct pointer_header);
+ PL_ARENA_ALLOCATE(p, &arena->pool, my_size);
+ if ((void *)NULL == p) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
+ /*
+ * Do this before we unlock. This way if the user is using
+ * an arena in one thread while destroying it in another, he'll
+ * fault/FMR in his code, not ours.
+ */
+ h = (struct pointer_header *)p;
+ h->arena = arena;
+ h->size = size;
+ rv = (void *)((char *)h + sizeof(struct pointer_header));
+ (void)nsslibc_memset(rv, 0, size);
+ return rv;
}
/*
* NSS_ZAlloc
*
- * This routine allocates and zeroes a section of memory of the
+ * This routine allocates and zeroes a section of memory of the
* size, and returns to the caller a pointer to that memory. If
* the optional arena argument is non-null, the memory will be
* obtained from that arena; otherwise, the memory will be obtained
* from the heap. This routine may return NULL upon error, in
* which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
+ * value specified for size may be zero; in which case a valid
* zero-length block of memory will be allocated. This block may
* be expanded by calling NSS_ZRealloc.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the new segment of zeroed memory
*/
NSS_IMPLEMENT void *
-NSS_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-)
+NSS_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
{
- return nss_ZAlloc(arenaOpt, size);
+ return nss_ZAlloc(arenaOpt, size);
}
/*
* nss_ZAlloc
*
- * This routine allocates and zeroes a section of memory of the
+ * This routine allocates and zeroes a section of memory of the
* size, and returns to the caller a pointer to that memory. If
* the optional arena argument is non-null, the memory will be
* obtained from that arena; otherwise, the memory will be obtained
* from the heap. This routine may return NULL upon error, in
* which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
+ * value specified for size may be zero; in which case a valid
* zero-length block of memory will be allocated. This block may
* be expanded by calling nss_ZRealloc.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the new segment of zeroed memory
*/
NSS_IMPLEMENT void *
-nss_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-)
+nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size)
{
- struct pointer_header *h;
- PRUint32 my_size = size + sizeof(struct pointer_header);
+ struct pointer_header *h;
+ PRUint32 my_size = size + sizeof(struct pointer_header);
- if( my_size < sizeof(struct pointer_header) ) {
- /* Wrapped */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
-
- if( (NSSArena *)NULL == arenaOpt ) {
- /* Heap allocation, no locking required. */
- h = (struct pointer_header *)PR_Calloc(1, my_size);
- if( (struct pointer_header *)NULL == h ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
+ if (my_size < sizeof(struct pointer_header)) {
+ /* Wrapped */
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
}
- h->arena = (NSSArena *)NULL;
- h->size = size;
- /* We used calloc: it's already zeroed */
+ if ((NSSArena *)NULL == arenaOpt) {
+ /* Heap allocation, no locking required. */
+ h = (struct pointer_header *)PR_Calloc(1, my_size);
+ if ((struct pointer_header *)NULL == h) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
- return (void *)((char *)h + sizeof(struct pointer_header));
- } else {
- void *rv;
- /* Arena allocation */
+ h->arena = (NSSArena *)NULL;
+ h->size = size;
+ /* We used calloc: it's already zeroed */
+
+ return (void *)((char *)h + sizeof(struct pointer_header));
+ }
+ else {
+ void *rv;
+/* Arena allocation */
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (void *)NULL;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (void *)NULL;
+ }
#endif /* NSSDEBUG */
- if( (PRLock *)NULL == arenaOpt->lock ) {
- /* Just got destroyed */
- nss_SetError(NSS_ERROR_INVALID_ARENA);
- return (void *)NULL;
- }
- PR_Lock(arenaOpt->lock);
+ if ((PRLock *)NULL == arenaOpt->lock) {
+ /* Just got destroyed */
+ nss_SetError(NSS_ERROR_INVALID_ARENA);
+ return (void *)NULL;
+ }
+ PR_Lock(arenaOpt->lock);
#ifdef ARENA_THREADMARK
- if( (PRThread *)NULL != arenaOpt->marking_thread ) {
- if( PR_GetCurrentThread() != arenaOpt->marking_thread ) {
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- PR_Unlock(arenaOpt->lock);
- return (void *)NULL;
- }
- }
+ if ((PRThread *)NULL != arenaOpt->marking_thread) {
+ if (PR_GetCurrentThread() != arenaOpt->marking_thread) {
+ nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+ PR_Unlock(arenaOpt->lock);
+ return (void *)NULL;
+ }
+ }
#endif /* ARENA_THREADMARK */
- rv = nss_zalloc_arena_locked(arenaOpt, size);
+ rv = nss_zalloc_arena_locked(arenaOpt, size);
- PR_Unlock(arenaOpt->lock);
- return rv;
- }
- /*NOTREACHED*/
+ PR_Unlock(arenaOpt->lock);
+ return rv;
+ }
+ /*NOTREACHED*/
}
/*
* NSS_ZFreeIf
*
- * If the specified pointer is non-null, then the region of memory
- * to which it points -- which must have been allocated with
- * NSS_ZAlloc -- will be zeroed and released. This routine
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * NSS_ZAlloc -- will be zeroed and released. This routine
* returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
+ * If unsuccessful, it will set an error on the error stack and return
* PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-NSS_ZFreeIf
-(
- void *pointer
-)
+NSS_ZFreeIf(void *pointer)
{
- return nss_ZFreeIf(pointer);
+ return nss_ZFreeIf(pointer);
}
/*
* nss_ZFreeIf
*
- * If the specified pointer is non-null, then the region of memory
- * to which it points -- which must have been allocated with
- * nss_ZAlloc -- will be zeroed and released. This routine
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * nss_ZAlloc -- will be zeroed and released. This routine
* returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
+ * If unsuccessful, it will set an error on the error stack and return
* PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nss_ZFreeIf
-(
- void *pointer
-)
+nss_ZFreeIf(void *pointer)
{
- struct pointer_header *h;
+ struct pointer_header *h;
- if( (void *)NULL == pointer ) {
- return PR_SUCCESS;
- }
+ if ((void *)NULL == pointer) {
+ return PR_SUCCESS;
+ }
- h = (struct pointer_header *)((char *)pointer
- - sizeof(struct pointer_header));
+ h = (struct pointer_header *)((char *)pointer -
+ sizeof(struct pointer_header));
+
+ /* Check any magic here */
- /* Check any magic here */
-
- if( (NSSArena *)NULL == h->arena ) {
- /* Heap */
- (void)nsslibc_memset(pointer, 0, h->size);
- PR_Free(h);
- return PR_SUCCESS;
- } else {
- /* Arena */
+ if ((NSSArena *)NULL == h->arena) {
+ /* Heap */
+ (void)nsslibc_memset(pointer, 0, h->size);
+ PR_Free(h);
+ return PR_SUCCESS;
+ }
+ else {
+/* Arena */
#ifdef NSSDEBUG
- if( PR_SUCCESS != nssArena_verifyPointer(h->arena) ) {
- return PR_FAILURE;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(h->arena)) {
+ return PR_FAILURE;
+ }
#endif /* NSSDEBUG */
- if( (PRLock *)NULL == h->arena->lock ) {
- /* Just got destroyed.. so this pointer is invalid */
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
- PR_Lock(h->arena->lock);
+ if ((PRLock *)NULL == h->arena->lock) {
+ /* Just got destroyed.. so this pointer is invalid */
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
+ PR_Lock(h->arena->lock);
- (void)nsslibc_memset(pointer, 0, h->size);
+ (void)nsslibc_memset(pointer, 0, h->size);
- /* No way to "free" it within an NSPR arena. */
+ /* No way to "free" it within an NSPR arena. */
- PR_Unlock(h->arena->lock);
- return PR_SUCCESS;
- }
- /*NOTREACHED*/
+ PR_Unlock(h->arena->lock);
+ return PR_SUCCESS;
+ }
+ /*NOTREACHED*/
}
/*
* NSS_ZRealloc
*
* This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
+ * nss_ZAlloc or nss_ZRealloc. The portion of memory
* between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
+ * obtained or released -- is in either case zeroed. This routine
+ * may return NULL upon failure, in which case it will have placed
* an error on the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the replacement segment of memory
*/
NSS_EXTERN void *
-NSS_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-)
+NSS_ZRealloc(void *pointer, PRUint32 newSize)
{
return nss_ZRealloc(pointer, newSize);
}
/*
* nss_ZRealloc
*
* This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
+ * nss_ZAlloc or nss_ZRealloc. The portion of memory
* between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
+ * obtained or released -- is in either case zeroed. This routine
+ * may return NULL upon failure, in which case it will have placed
* an error on the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the replacement segment of memory
*/
NSS_EXTERN void *
-nss_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-)
+nss_ZRealloc(void *pointer, PRUint32 newSize)
{
- NSSArena *arena;
- struct pointer_header *h, *new_h;
- PRUint32 my_newSize = newSize + sizeof(struct pointer_header);
- void *rv;
+ NSSArena *arena;
+ struct pointer_header *h, *new_h;
+ PRUint32 my_newSize = newSize + sizeof(struct pointer_header);
+ void *rv;
- if( my_newSize < sizeof(struct pointer_header) ) {
- /* Wrapped */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
+ if (my_newSize < sizeof(struct pointer_header)) {
+ /* Wrapped */
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
- if( (void *)NULL == pointer ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
-
- h = (struct pointer_header *)((char *)pointer
- - sizeof(struct pointer_header));
-
- /* Check any magic here */
+ if ((void *)NULL == pointer) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (void *)NULL;
+ }
- if( newSize == h->size ) {
- /* saves thrashing */
- return pointer;
- }
+ h = (struct pointer_header *)((char *)pointer -
+ sizeof(struct pointer_header));
- arena = h->arena;
- if (!arena) {
- /* Heap */
- new_h = (struct pointer_header *)PR_Calloc(1, my_newSize);
- if( (struct pointer_header *)NULL == new_h ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
+ /* Check any magic here */
+
+ if (newSize == h->size) {
+ /* saves thrashing */
+ return pointer;
}
- new_h->arena = (NSSArena *)NULL;
- new_h->size = newSize;
- rv = (void *)((char *)new_h + sizeof(struct pointer_header));
+ arena = h->arena;
+ if (!arena) {
+ /* Heap */
+ new_h = (struct pointer_header *)PR_Calloc(1, my_newSize);
+ if ((struct pointer_header *)NULL == new_h) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
- if( newSize > h->size ) {
- (void)nsslibc_memcpy(rv, pointer, h->size);
- (void)nsslibc_memset(&((char *)rv)[ h->size ],
- 0, (newSize - h->size));
- } else {
- (void)nsslibc_memcpy(rv, pointer, newSize);
- }
+ new_h->arena = (NSSArena *)NULL;
+ new_h->size = newSize;
+ rv = (void *)((char *)new_h + sizeof(struct pointer_header));
- (void)nsslibc_memset(pointer, 0, h->size);
- h->size = 0;
- PR_Free(h);
+ if (newSize > h->size) {
+ (void)nsslibc_memcpy(rv, pointer, h->size);
+ (void)nsslibc_memset(&((char *)rv)[h->size], 0,
+ (newSize - h->size));
+ }
+ else {
+ (void)nsslibc_memcpy(rv, pointer, newSize);
+ }
- return rv;
- } else {
- void *p;
- /* Arena */
+ (void)nsslibc_memset(pointer, 0, h->size);
+ h->size = 0;
+ PR_Free(h);
+
+ return rv;
+ }
+ else {
+ void *p;
+/* Arena */
#ifdef NSSDEBUG
- if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
- return (void *)NULL;
- }
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return (void *)NULL;
+ }
#endif /* NSSDEBUG */
- if (!arena->lock) {
- /* Just got destroyed.. so this pointer is invalid */
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
- PR_Lock(arena->lock);
+ if (!arena->lock) {
+ /* Just got destroyed.. so this pointer is invalid */
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (void *)NULL;
+ }
+ PR_Lock(arena->lock);
#ifdef ARENA_THREADMARK
- if (arena->marking_thread) {
- if (PR_GetCurrentThread() != arena->marking_thread) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
- return (void *)NULL;
- }
- }
+ if (arena->marking_thread) {
+ if (PR_GetCurrentThread() != arena->marking_thread) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD);
+ return (void *)NULL;
+ }
+ }
#endif /* ARENA_THREADMARK */
- if( newSize < h->size ) {
- /*
- * We have no general way of returning memory to the arena
- * (mark/release doesn't work because things may have been
- * allocated after this object), so the memory is gone
- * anyway. We might as well just return the same pointer to
- * the user, saying "yeah, uh-hunh, you can only use less of
- * it now." We'll zero the leftover part, of course. And
- * in fact we might as well *not* adjust h->size-- this way,
- * if the user reallocs back up to something not greater than
- * the original size, then voila, there's the memory! This
- * way a thrash big/small/big/small doesn't burn up the arena.
- */
- char *extra = &((char *)pointer)[ newSize ];
- (void)nsslibc_memset(extra, 0, (h->size - newSize));
- PR_Unlock(arena->lock);
- return pointer;
- }
+ if (newSize < h->size) {
+ /*
+ * We have no general way of returning memory to the arena
+ * (mark/release doesn't work because things may have been
+ * allocated after this object), so the memory is gone
+ * anyway. We might as well just return the same pointer to
+ * the user, saying "yeah, uh-hunh, you can only use less of
+ * it now." We'll zero the leftover part, of course. And
+ * in fact we might as well *not* adjust h->size-- this way,
+ * if the user reallocs back up to something not greater than
+ * the original size, then voila, there's the memory! This
+ * way a thrash big/small/big/small doesn't burn up the arena.
+ */
+ char *extra = &((char *)pointer)[newSize];
+ (void)nsslibc_memset(extra, 0, (h->size - newSize));
+ PR_Unlock(arena->lock);
+ return pointer;
+ }
- PL_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
- if( (void *)NULL == p ) {
- PR_Unlock(arena->lock);
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (void *)NULL;
- }
+ PL_ARENA_ALLOCATE(p, &arena->pool, my_newSize);
+ if ((void *)NULL == p) {
+ PR_Unlock(arena->lock);
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (void *)NULL;
+ }
- new_h = (struct pointer_header *)p;
- new_h->arena = arena;
- new_h->size = newSize;
- rv = (void *)((char *)new_h + sizeof(struct pointer_header));
- if (rv != pointer) {
- (void)nsslibc_memcpy(rv, pointer, h->size);
- (void)nsslibc_memset(pointer, 0, h->size);
+ new_h = (struct pointer_header *)p;
+ new_h->arena = arena;
+ new_h->size = newSize;
+ rv = (void *)((char *)new_h + sizeof(struct pointer_header));
+ if (rv != pointer) {
+ (void)nsslibc_memcpy(rv, pointer, h->size);
+ (void)nsslibc_memset(pointer, 0, h->size);
+ }
+ (void)nsslibc_memset(&((char *)rv)[h->size], 0, (newSize - h->size));
+ h->arena = (NSSArena *)NULL;
+ h->size = 0;
+ PR_Unlock(arena->lock);
+ return rv;
}
- (void)nsslibc_memset(&((char *)rv)[ h->size ], 0, (newSize - h->size));
- h->arena = (NSSArena *)NULL;
- h->size = 0;
- PR_Unlock(arena->lock);
- return rv;
- }
- /*NOTREACHED*/
+ /*NOTREACHED*/
}
-PRStatus
+PRStatus
nssArena_Shutdown(void)
{
- PRStatus rv = PR_SUCCESS;
+ PRStatus rv = PR_SUCCESS;
#ifdef DEBUG
- rv = nssPointerTracker_finalize(&arena_pointer_tracker);
+ rv = nssPointerTracker_finalize(&arena_pointer_tracker);
#endif
- return rv;
+ return rv;
}
--- a/security/nss/lib/base/base.h
+++ b/security/nss/lib/base/base.h
@@ -3,17 +3,17 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef BASE_H
#define BASE_H
/*
* base.h
*
- * This header file contains basic prototypes and preprocessor
+ * This header file contains basic prototypes and preprocessor
* definitions used throughout nss but not available publicly.
*/
#ifndef BASET_H
#include "baset.h"
#endif /* BASET_H */
#ifndef NSSBASE_H
@@ -59,17 +59,17 @@ PR_BEGIN_EXTERN_C
*
* nssArenaHashAllocOps
*/
/*
* nssArena_Create
*
* This routine creates a new memory arena. This routine may return
- * NULL upon error, in which case it will have set an error on the
+ * NULL upon error, in which case it will have set an error on the
* error stack.
*
* The error may be one of the following values:
* NSS_ERROR_NO_MEMORY
*
* Return value:
* NULL upon error
* A pointer to an NSSArena upon success
@@ -78,74 +78,62 @@ PR_BEGIN_EXTERN_C
/*
* XXX fgmr
* Arenas can be named upon creation; this is mostly of use when
* debugging. Should we expose that here, allowing an optional
* "const char *name" argument? Should the public version of this
* call (NSSArena_Create) have it too?
*/
-NSS_EXTERN NSSArena *
-nssArena_Create
-(
- void
-);
+NSS_EXTERN NSSArena *nssArena_Create(void);
extern const NSSError NSS_ERROR_NO_MEMORY;
/*
* nssArena_Destroy
*
* This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
+ * allocated from it. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCESS. If unsuccessful, it will
* set an error on the error stack and return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_Destroy
-(
- NSSArena *arena
-);
+NSS_EXTERN PRStatus nssArena_Destroy(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
/*
* nssArena_Mark
*
* This routine "marks" the current state of an arena. Space
* allocated after the arena has been marked can be freed by
* releasing the arena back to the mark with nssArena_Release,
- * or committed by calling nssArena_Unmark. When successful,
- * this routine returns a valid nssArenaMark pointer. This
- * routine may return NULL upon error, in which case it will
+ * or committed by calling nssArena_Unmark. When successful,
+ * this routine returns a valid nssArenaMark pointer. This
+ * routine may return NULL upon error, in which case it will
* have set an error on the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon failure
* An nssArenaMark pointer upon success
*/
-NSS_EXTERN nssArenaMark *
-nssArena_Mark
-(
- NSSArena *arena
-);
+NSS_EXTERN nssArenaMark *nssArena_Mark(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
/*
* nssArena_Release
*
@@ -160,22 +148,17 @@ extern const NSSError NSS_ERROR_ARENA_MA
* NSS_ERROR_INVALID_ARENA_MARK
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_Release
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-);
+NSS_EXTERN PRStatus nssArena_Release(NSSArena *arena, nssArenaMark *arenaMark);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
/*
* nssArena_Unmark
*
* This routine "commits" the indicated mark and any marks after
@@ -192,22 +175,17 @@ extern const NSSError NSS_ERROR_INVALID_
* NSS_ERROR_INVALID_ARENA_MARK
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_Unmark
-(
- NSSArena *arena,
- nssArenaMark *arenaMark
-);
+NSS_EXTERN PRStatus nssArena_Unmark(NSSArena *arena, nssArenaMark *arenaMark);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_INVALID_ARENA_MARK;
extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
#ifdef ARENA_DESTRUCTOR_LIST
/*
@@ -217,229 +195,205 @@ extern const NSSError NSS_ERROR_ARENA_MA
* pointer-sized argument in the arena, at the current point in
* the mark stack. If the arena is destroyed, or an "earlier"
* mark is released, then this destructor will be called at that
* time. Note that the destructor will be called with the arena
* locked, which means the destructor may free memory in that
* arena, but it may not allocate or cause to be allocated any
* memory. This callback facility was included to support our
* debug-version pointer-tracker feature; overuse runs counter to
- * the the original intent of arenas. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
+ * the the original intent of arenas. This routine returns a
+ * PRStatus value; if successful, it will return PR_SUCCESS. If
+ * unsuccessful, it will set an error on the error stack and
* return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_registerDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-);
+NSS_EXTERN PRStatus nssArena_registerDestructor(
+ NSSArena *arena, void (*destructor)(void *argument), void *arg);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
/*
* nssArena_deregisterDestructor
*
* This routine will remove the first destructor in the specified
* arena which has the specified destructor and argument values.
* The destructor will not be called. This routine returns a
- * PRStatus value; if successful, it will return PR_SUCCESS. If
- * unsuccessful, it will set an error on the error stack and
+ * PRStatus value; if successful, it will return PR_SUCCESS. If
+ * unsuccessful, it will set an error on the error stack and
* return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NOT_FOUND
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nssArena_deregisterDestructor
-(
- NSSArena *arena,
- void (*destructor)(void *argument),
- void *arg
-);
+NSS_EXTERN PRStatus nssArena_deregisterDestructor(
+ NSSArena *arena, void (*destructor)(void *argument), void *arg);
extern const NSSError NSS_ERROR_INVALID_ITEM;
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NOT_FOUND;
#endif /* ARENA_DESTRUCTOR_LIST */
/*
* nss_ZAlloc
*
- * This routine allocates and zeroes a section of memory of the
+ * This routine allocates and zeroes a section of memory of the
* size, and returns to the caller a pointer to that memory. If
* the optional arena argument is non-null, the memory will be
* obtained from that arena; otherwise, the memory will be obtained
* from the heap. This routine may return NULL upon error, in
* which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
+ * value specified for size may be zero; in which case a valid
* zero-length block of memory will be allocated. This block may
* be expanded by calling nss_ZRealloc.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the new segment of zeroed memory
*/
-NSS_EXTERN void *
-nss_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-);
+NSS_EXTERN void *nss_ZAlloc(NSSArena *arenaOpt, PRUint32 size);
extern const NSSError NSS_ERROR_INVALID_ARENA;
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
/*
* nss_ZFreeIf
*
- * If the specified pointer is non-null, then the region of memory
- * to which it points -- which must have been allocated with
- * nss_ZAlloc -- will be zeroed and released. This routine
+ * If the specified pointer is non-null, then the region of memory
+ * to which it points -- which must have been allocated with
+ * nss_ZAlloc -- will be zeroed and released. This routine
* returns a PRStatus value; if successful, it will return PR_SUCCESS.
- * If unsuccessful, it will set an error on the error stack and return
+ * If unsuccessful, it will set an error on the error stack and return
* PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-nss_ZFreeIf
-(
- void *pointer
-);
+NSS_EXTERN PRStatus nss_ZFreeIf(void *pointer);
extern const NSSError NSS_ERROR_INVALID_POINTER;
/*
* nss_ZRealloc
*
* This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
+ * nss_ZAlloc or nss_ZRealloc. The portion of memory
* between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
+ * obtained or released -- is in either case zeroed. This routine
+ * may return NULL upon failure, in which case it will have placed
* an error on the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the replacement segment of memory
*/
-NSS_EXTERN void *
-nss_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-);
+NSS_EXTERN void *nss_ZRealloc(void *pointer, PRUint32 newSize);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD;
/*
* nss_ZNEW
*
* This preprocessor macro will allocate memory for a new object
* of the specified type with nss_ZAlloc, and will cast the
- * return value appropriately. If the optional arena argument is
- * non-null, the memory will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
+ * return value appropriately. If the optional arena argument is
+ * non-null, the memory will be obtained from that arena; otherwise,
+ * the memory will be obtained from the heap. This routine may
+ * return NULL upon error, in which case it will have set an error
* upon the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
*
* Return value:
* NULL upon error
* A pointer to the new segment of zeroed memory
*/
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
#define nss_ZNEW(arenaOpt, type) ((type *)nss_ZAlloc((arenaOpt), sizeof(type)))
/*
* nss_ZNEWARRAY
*
* This preprocessor macro will allocate memory for an array of
* new objects, and will cast the return value appropriately.
- * If the optional arena argument is non-null, the memory will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error upon the error
+ * If the optional arena argument is non-null, the memory will
+ * be obtained from that arena; otherwise, the memory will be
+ * obtained from the heap. This routine may return NULL upon
+ * error, in which case it will have set an error upon the error
* stack. The array size may be specified as zero.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
*
* Return value:
* NULL upon error
* A pointer to the new segment of zeroed memory
*/
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
-#define nss_ZNEWARRAY(arenaOpt, type, quantity) ((type *)nss_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
+#define nss_ZNEWARRAY(arenaOpt, type, quantity) \
+ ((type *)nss_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
/*
* nss_ZREALLOCARRAY
*
* This preprocessor macro will reallocate memory for an array of
* new objects, and will cast the return value appropriately.
- * This routine may return NULL upon error, in which case it will
+ * This routine may return NULL upon error, in which case it will
* have set an error upon the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the replacement segment of memory
*/
-#define nss_ZREALLOCARRAY(p, type, quantity) ((type *)nss_ZRealloc((p), sizeof(type) * (quantity)))
+#define nss_ZREALLOCARRAY(p, type, quantity) \
+ ((type *)nss_ZRealloc((p), sizeof(type) * (quantity)))
/*
* nssArena_verifyPointer
*
* This method is only present in debug builds.
*
* If the specified pointer is a valid pointer to an NSSArena object,
* this routine will return PR_SUCCESS. Otherwise, it will put an
@@ -449,21 +403,17 @@ extern const NSSError NSS_ERROR_ARENA_MA
* NSS_ERROR_INVALID_ARENA
*
* Return value:
* PR_SUCCESS if the pointer is valid
* PR_FAILURE if it isn't
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssArena_verifyPointer
-(
- const NSSArena *arena
-);
+NSS_EXTERN PRStatus nssArena_verifyPointer(const NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
#endif /* DEBUG */
/*
* nssArena_VERIFYPOINTER
*
* This macro is always available. In debug builds it will call
@@ -474,35 +424,35 @@ extern const NSSError NSS_ERROR_INVALID_
* Return value:
* PR_SUCCESS if the pointer is valid
* PR_FAILURE if it isn't
*/
#ifdef DEBUG
#define nssArena_VERIFYPOINTER(p) nssArena_verifyPointer(p)
#else /* DEBUG */
-/* The following line exceeds 72 characters, but emacs screws up if I split it. */
-#define nssArena_VERIFYPOINTER(p) (((NSSArena *)NULL == (p))?PR_FAILURE:PR_SUCCESS)
+
+#define nssArena_VERIFYPOINTER(p) \
+ (((NSSArena *)NULL == (p)) ? PR_FAILURE : PR_SUCCESS)
#endif /* DEBUG */
/*
- * Private function to be called by NSS_Shutdown to cleanup nssArena
+ * Private function to be called by NSS_Shutdown to cleanup nssArena
* bookkeeping.
*/
-extern PRStatus
-nssArena_Shutdown(void);
+extern PRStatus nssArena_Shutdown(void);
/*
* nssArenaHashAllocOps
*
* This constant structure contains allocation callbacks designed for
* use with the NSPL routine PL_NewHashTable. For example:
*
* NSSArena *hashTableArena = nssArena_Create();
- * PLHashTable *t = PL_NewHashTable(n, hasher, key_compare,
+ * PLHashTable *t = PL_NewHashTable(n, hasher, key_compare,
* value_compare, nssArenaHashAllocOps, hashTableArena);
*/
NSS_EXTERN_DATA PLHashAllocOps nssArenaHashAllocOps;
/*
* The error stack
*
@@ -510,176 +460,129 @@ NSS_EXTERN_DATA PLHashAllocOps nssArenaH
*
* nss_SetError
* nss_ClearErrorStack
*/
/*
* nss_SetError
*
- * This routine places a new error code on the top of the calling
+ * This routine places a new error code on the top of the calling
* thread's error stack. Calling this routine wiht an error code
* of zero will clear the error stack.
*/
-NSS_EXTERN void
-nss_SetError
-(
- PRUint32 error
-);
+NSS_EXTERN void nss_SetError(PRUint32 error);
/*
* nss_ClearErrorStack
*
* This routine clears the calling thread's error stack.
*/
-NSS_EXTERN void
-nss_ClearErrorStack
-(
- void
-);
+NSS_EXTERN void nss_ClearErrorStack(void);
/*
* nss_DestroyErrorStack
*
* This routine frees the calling thread's error stack.
*/
-NSS_EXTERN void
-nss_DestroyErrorStack
-(
- void
-);
+NSS_EXTERN void nss_DestroyErrorStack(void);
/*
* NSSItem
*
* nssItem_Create
* nssItem_Duplicate
* nssItem_Equal
*/
-NSS_EXTERN NSSItem *
-nssItem_Create
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- PRUint32 length,
- const void *data
-);
+NSS_EXTERN NSSItem *nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt,
+ PRUint32 length, const void *data);
-NSS_EXTERN void
-nssItem_Destroy
-(
- NSSItem *item
-);
+NSS_EXTERN void nssItem_Destroy(NSSItem *item);
-NSS_EXTERN NSSItem *
-nssItem_Duplicate
-(
- NSSItem *obj,
- NSSArena *arenaOpt,
- NSSItem *rvOpt
-);
+NSS_EXTERN NSSItem *nssItem_Duplicate(NSSItem *obj, NSSArena *arenaOpt,
+ NSSItem *rvOpt);
-NSS_EXTERN PRBool
-nssItem_Equal
-(
- const NSSItem *one,
- const NSSItem *two,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nssItem_Equal(const NSSItem *one, const NSSItem *two,
+ PRStatus *statusOpt);
/*
* NSSUTF8
*
* nssUTF8_CaseIgnoreMatch
* nssUTF8_Duplicate
* nssUTF8_Size
* nssUTF8_Length
* nssUTF8_CopyIntoFixedBuffer
*/
/*
* nssUTF8_CaseIgnoreMatch
- *
- * Returns true if the two UTF8-encoded strings pointed to by the
+ *
+ * Returns true if the two UTF8-encoded strings pointed to by the
* two specified NSSUTF8 pointers differ only in typcase.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_TRUE if the strings match, ignoring case
* PR_FALSE if they don't
* PR_FALSE upon error
*/
-NSS_EXTERN PRBool
-nssUTF8_CaseIgnoreMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b,
+ PRStatus *statusOpt);
/*
* nssUTF8_Duplicate
*
* This routine duplicates the UTF8-encoded string pointed to by the
* specified NSSUTF8 pointer. If the optional arenaOpt argument is
* not null, the memory required will be obtained from that arena;
* otherwise, the memory required will be obtained from the heap.
* A pointer to the new string will be returned. In case of error,
- * an error will be placed on the error stack and NULL will be
+ * an error will be placed on the error stack and NULL will be
* returned.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
*/
-NSS_EXTERN NSSUTF8 *
-nssUTF8_Duplicate
-(
- const NSSUTF8 *s,
- NSSArena *arenaOpt
-);
+NSS_EXTERN NSSUTF8 *nssUTF8_Duplicate(const NSSUTF8 *s, NSSArena *arenaOpt);
/*
* nssUTF8_PrintableMatch
*
- * Returns true if the two Printable strings pointed to by the
- * two specified NSSUTF8 pointers match when compared with the
- * rules for Printable String (leading and trailing spaces are
- * disregarded, extents of whitespace match irregardless of length,
+ * Returns true if the two Printable strings pointed to by the
+ * two specified NSSUTF8 pointers match when compared with the
+ * rules for Printable String (leading and trailing spaces are
+ * disregarded, extents of whitespace match irregardless of length,
* and case is not significant), then PR_TRUE will be returned.
* Otherwise, PR_FALSE will be returned. Upon failure, PR_FALSE
* will be returned. If the optional statusOpt argument is not
* NULL, then PR_SUCCESS or PR_FAILURE will be stored in that
* location.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_TRUE if the strings match, ignoring case
* PR_FALSE if they don't
* PR_FALSE upon error
*/
-NSS_EXTERN PRBool
-nssUTF8_PrintableMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b,
+ PRStatus *statusOpt);
/*
* nssUTF8_Size
*
* This routine returns the length in bytes (including the terminating
* null) of the UTF8-encoded string pointed to by the specified
* NSSUTF8 pointer. Zero is returned on error.
*
@@ -687,22 +590,17 @@ nssUTF8_PrintableMatch
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_VALUE_TOO_LARGE
*
* Return value:
* nonzero size of the string
* 0 on error
*/
-NSS_EXTERN PRUint32
-nssUTF8_Size
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRUint32 nssUTF8_Size(const NSSUTF8 *s, PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
/*
* nssUTF8_Length
*
* This routine returns the length in characters (not including the
@@ -714,22 +612,17 @@ extern const NSSError NSS_ERROR_VALUE_TO
* NSS_ERROR_VALUE_TOO_LARGE
* NSS_ERROR_INVALID_STRING
*
* Return value:
* length of the string (which may be zero)
* 0 on error
*/
-NSS_EXTERN PRUint32
-nssUTF8_Length
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRUint32 nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_VALUE_TOO_LARGE;
extern const NSSError NSS_ERROR_INVALID_STRING;
/*
* nssUTF8_Create
*
@@ -748,265 +641,174 @@ extern const NSSError NSS_ERROR_INVALID_
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_UNSUPPORTED_TYPE
*
* Return value:
* NULL upon error
* A non-null pointer to a new UTF8 string otherwise
*/
-NSS_EXTERN NSSUTF8 *
-nssUTF8_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- const void *inputString,
- PRUint32 size /* in bytes, not characters */
-);
+NSS_EXTERN NSSUTF8 *nssUTF8_Create(NSSArena *arenaOpt, nssStringType type,
+ const void *inputString,
+ PRUint32 size /* in bytes, not characters */
+ );
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_UNSUPPORTED_TYPE;
-NSS_EXTERN NSSItem *
-nssUTF8_GetEncoding
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- nssStringType type,
- NSSUTF8 *string
-);
+NSS_EXTERN NSSItem *nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt,
+ nssStringType type, NSSUTF8 *string);
/*
* nssUTF8_CopyIntoFixedBuffer
*
- * This will copy a UTF8 string into a fixed-length buffer, making
+ * This will copy a UTF8 string into a fixed-length buffer, making
* sure that the all characters are valid. Any remaining space will
- * be padded with the specified ASCII character, typically either
+ * be padded with the specified ASCII character, typically either
* null or space.
*
* Blah, blah, blah.
*/
extern const NSSError NSS_ERROR_INVALID_POINTER;
extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
-NSS_EXTERN PRStatus
-nssUTF8_CopyIntoFixedBuffer
-(
- NSSUTF8 *string,
- char *buffer,
- PRUint32 bufferSize,
- char pad
-);
+NSS_EXTERN PRStatus nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer,
+ PRUint32 bufferSize, char pad);
/*
* nssUTF8_Equal
*
*/
-NSS_EXTERN PRBool
-nssUTF8_Equal
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nssUTF8_Equal(const NSSUTF8 *a, const NSSUTF8 *b,
+ PRStatus *statusOpt);
/*
* nssList
*
* The goal is to provide a simple, optionally threadsafe, linked list
* class. Since NSS did not seem to use the circularity of PRCList
* much before, this provides a list that appears to be a linear,
* NULL-terminated list.
*/
/*
* nssList_Create
*
* If threadsafe is true, the list will be locked during modifications
* and traversals.
*/
-NSS_EXTERN nssList *
-nssList_Create
-(
- NSSArena *arenaOpt,
- PRBool threadSafe
-);
+NSS_EXTERN nssList *nssList_Create(NSSArena *arenaOpt, PRBool threadSafe);
/*
* nssList_Destroy
*/
-NSS_EXTERN PRStatus
-nssList_Destroy
-(
- nssList *list
-);
+NSS_EXTERN PRStatus nssList_Destroy(nssList *list);
-NSS_EXTERN void
-nssList_Clear
-(
- nssList *list,
- nssListElementDestructorFunc destructor
-);
+NSS_EXTERN void nssList_Clear(nssList *list,
+ nssListElementDestructorFunc destructor);
/*
* nssList_SetCompareFunction
*
* By default, two list elements will be compared by comparing their
* data pointers. By setting this function, the user can control
* how elements are compared.
*/
-NSS_EXTERN void
-nssList_SetCompareFunction
-(
- nssList *list,
- nssListCompareFunc compareFunc
-);
+NSS_EXTERN void nssList_SetCompareFunction(nssList *list,
+ nssListCompareFunc compareFunc);
/*
* nssList_SetSortFunction
*
* Sort function to use for an ordered list.
*/
-NSS_EXTERN void
-nssList_SetSortFunction
-(
- nssList *list,
- nssListSortFunc sortFunc
-);
+NSS_EXTERN void nssList_SetSortFunction(nssList *list,
+ nssListSortFunc sortFunc);
/*
* nssList_Add
*/
-NSS_EXTERN PRStatus
-nssList_Add
-(
- nssList *list,
- void *data
-);
+NSS_EXTERN PRStatus nssList_Add(nssList *list, void *data);
/*
* nssList_AddUnique
*
* This will use the compare function to see if the element is already
* in the list.
*/
-NSS_EXTERN PRStatus
-nssList_AddUnique
-(
- nssList *list,
- void *data
-);
+NSS_EXTERN PRStatus nssList_AddUnique(nssList *list, void *data);
/*
* nssList_Remove
*
* Uses the compare function to locate the element and remove it.
*/
-NSS_EXTERN PRStatus
-nssList_Remove(nssList *list, void *data);
+NSS_EXTERN PRStatus nssList_Remove(nssList *list, void *data);
/*
* nssList_Get
*
* Uses the compare function to locate an element. Also serves as
* nssList_Exists.
*/
-NSS_EXTERN void *
-nssList_Get
-(
- nssList *list,
- void *data
-);
+NSS_EXTERN void *nssList_Get(nssList *list, void *data);
/*
* nssList_Count
*/
-NSS_EXTERN PRUint32
-nssList_Count
-(
- nssList *list
-);
+NSS_EXTERN PRUint32 nssList_Count(nssList *list);
/*
* nssList_GetArray
*
* Fill rvArray, up to maxElements, with elements in the list. The
* array is NULL-terminated, so its allocated size must be maxElements + 1.
*/
-NSS_EXTERN PRStatus
-nssList_GetArray
-(
- nssList *list,
- void **rvArray,
- PRUint32 maxElements
-);
+NSS_EXTERN PRStatus nssList_GetArray(nssList *list, void **rvArray,
+ PRUint32 maxElements);
/*
* nssList_CreateIterator
*
* Create an iterator for list traversal.
*/
-NSS_EXTERN nssListIterator *
-nssList_CreateIterator
-(
- nssList *list
-);
+NSS_EXTERN nssListIterator *nssList_CreateIterator(nssList *list);
-NSS_EXTERN nssList *
-nssList_Clone
-(
- nssList *list
-);
+NSS_EXTERN nssList *nssList_Clone(nssList *list);
/*
* nssListIterator_Destroy
*/
-NSS_EXTERN void
-nssListIterator_Destroy
-(
- nssListIterator *iter
-);
+NSS_EXTERN void nssListIterator_Destroy(nssListIterator *iter);
/*
* nssListIterator_Start
*
* Begin a list iteration. After this call, if the list is threadSafe,
* the list is *locked*.
*/
-NSS_EXTERN void *
-nssListIterator_Start
-(
- nssListIterator *iter
-);
+NSS_EXTERN void *nssListIterator_Start(nssListIterator *iter);
/*
* nssListIterator_Next
*
* Continue a list iteration.
*/
-NSS_EXTERN void *
-nssListIterator_Next
-(
- nssListIterator *iter
-);
+NSS_EXTERN void *nssListIterator_Next(nssListIterator *iter);
/*
* nssListIterator_Finish
*
* Complete a list iteration. This *must* be called in order for the
* lock to be released.
*/
-NSS_EXTERN PRStatus
-nssListIterator_Finish
-(
- nssListIterator *iter
-);
+NSS_EXTERN PRStatus nssListIterator_Finish(nssListIterator *iter);
/*
* nssHash
*
* nssHash_Create
* nssHash_Destroy
* nssHash_Add
* nssHash_Remove
@@ -1016,178 +818,122 @@ nssListIterator_Finish
* nssHash_Iterate
*/
/*
* nssHash_Create
*
*/
-NSS_EXTERN nssHash *
-nssHash_Create
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets,
- PLHashFunction keyHash,
- PLHashComparator keyCompare,
- PLHashComparator valueCompare
-);
+NSS_EXTERN nssHash *nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets,
+ PLHashFunction keyHash,
+ PLHashComparator keyCompare,
+ PLHashComparator valueCompare);
-NSS_EXTERN nssHash *
-nssHash_CreatePointer
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-);
+NSS_EXTERN nssHash *nssHash_CreatePointer(NSSArena *arenaOpt,
+ PRUint32 numBuckets);
-NSS_EXTERN nssHash *
-nssHash_CreateString
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-);
+NSS_EXTERN nssHash *nssHash_CreateString(NSSArena *arenaOpt,
+ PRUint32 numBuckets);
-NSS_EXTERN nssHash *
-nssHash_CreateItem
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-);
+NSS_EXTERN nssHash *nssHash_CreateItem(NSSArena *arenaOpt, PRUint32 numBuckets);
/*
* nssHash_Destroy
*
*/
-NSS_EXTERN void
-nssHash_Destroy
-(
- nssHash *hash
-);
+NSS_EXTERN void nssHash_Destroy(nssHash *hash);
/*
* nssHash_Add
*
*/
extern const NSSError NSS_ERROR_HASH_COLLISION;
-NSS_EXTERN PRStatus
-nssHash_Add
-(
- nssHash *hash,
- const void *key,
- const void *value
-);
+NSS_EXTERN PRStatus nssHash_Add(nssHash *hash, const void *key,
+ const void *value);
/*
* nssHash_Remove
*
*/
-NSS_EXTERN void
-nssHash_Remove
-(
- nssHash *hash,
- const void *it
-);
+NSS_EXTERN void nssHash_Remove(nssHash *hash, const void *it);
/*
* nssHash_Count
*
*/
-NSS_EXTERN PRUint32
-nssHash_Count
-(
- nssHash *hash
-);
+NSS_EXTERN PRUint32 nssHash_Count(nssHash *hash);
/*
* nssHash_Exists
*
*/
-NSS_EXTERN PRBool
-nssHash_Exists
-(
- nssHash *hash,
- const void *it
-);
+NSS_EXTERN PRBool nssHash_Exists(nssHash *hash, const void *it);
/*
* nssHash_Lookup
*
*/
-NSS_EXTERN void *
-nssHash_Lookup
-(
- nssHash *hash,
- const void *it
-);
+NSS_EXTERN void *nssHash_Lookup(nssHash *hash, const void *it);
/*
* nssHash_Iterate
*
*/
-NSS_EXTERN void
-nssHash_Iterate
-(
- nssHash *hash,
- nssHashIterator fcn,
- void *closure
-);
-
+NSS_EXTERN void nssHash_Iterate(nssHash *hash, nssHashIterator fcn,
+ void *closure);
/*
* nssPointerTracker
*
* This type and these methods are only present in debug builds.
- *
+ *
* The nonpublic methods relating to this type are:
*
* nssPointerTracker_initialize
* nssPointerTracker_finalize
* nssPointerTracker_add
* nssPointerTracker_remove
* nssPointerTracker_verify
*/
/*
* nssPointerTracker_initialize
*
* This method is only present in debug builds.
- *
+ *
* This routine initializes an nssPointerTracker object. Note that
* the object must have been declared *static* to guarantee that it
* is in a zeroed state initially. This routine is idempotent, and
- * may even be safely called by multiple threads simultaneously with
- * the same argument. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. On failure it will set an
+ * may even be safely called by multiple threads simultaneously with
+ * the same argument. This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS. On failure it will set an
* error on the error stack and return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_NO_MEMORY
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_initialize
-(
- nssPointerTracker *tracker
-);
+NSS_EXTERN PRStatus nssPointerTracker_initialize(nssPointerTracker *tracker);
extern const NSSError NSS_ERROR_NO_MEMORY;
#endif /* DEBUG */
/*
* nssPointerTracker_finalize
*
* This method is only present in debug builds.
- *
+ *
* This routine returns the nssPointerTracker object to the pre-
* initialized state, releasing all resources used by the object.
* It will *NOT* destroy the objects being tracked by the pointer
* (should any remain), and therefore cannot be used to "sweep up"
* remaining objects. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCES. On failure it will set an
* error on the error stack and return PR_FAILURE. If any objects
* remain in the tracker when it is finalized, that will be treated
@@ -1197,21 +943,17 @@ extern const NSSError NSS_ERROR_NO_MEMOR
* NSS_ERROR_TRACKER_NOT_EMPTY
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_finalize
-(
- nssPointerTracker *tracker
-);
+NSS_EXTERN PRStatus nssPointerTracker_finalize(nssPointerTracker *tracker);
extern const NSSError NSS_ERROR_TRACKER_NOT_EMPTY;
#endif /* DEBUG */
/*
* nssPointerTracker_add
*
* This method is only present in debug builds.
@@ -1229,92 +971,80 @@ extern const NSSError NSS_ERROR_TRACKER_
* NSS_ERROR_DUPLICATE_POINTER
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_add
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
+NSS_EXTERN PRStatus nssPointerTracker_add(nssPointerTracker *tracker,
+ const void *pointer);
extern const NSSError NSS_ERROR_NO_MEMORY;
extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
extern const NSSError NSS_ERROR_DUPLICATE_POINTER;
#endif /* DEBUG */
/*
* nssPointerTracker_remove
*
* This method is only present in debug builds.
*
- * This routine removes the specified pointer from the
+ * This routine removes the specified pointer from the
* nssPointerTracker object. It does not call any destructor for the
* object; rather, this should be called from the object's destructor.
- * The nssPointerTracker is threadsafe, but this call is not
- * idempotent. This routine returns a PRStatus value; if successful
- * it will return PR_SUCCESS. On failure it will set an error on the
+ * The nssPointerTracker is threadsafe, but this call is not
+ * idempotent. This routine returns a PRStatus value; if successful
+ * it will return PR_SUCCESS. On failure it will set an error on the
* error stack and return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_TRACKER_NOT_INITIALIZED
* NSS_ERROR_POINTER_NOT_REGISTERED
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_remove
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
+NSS_EXTERN PRStatus nssPointerTracker_remove(nssPointerTracker *tracker,
+ const void *pointer);
extern const NSSError NSS_ERROR_TRACKER_NOT_INITIALIZED;
extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
#endif /* DEBUG */
/*
* nssPointerTracker_verify
*
* This method is only present in debug builds.
*
* This routine verifies that the specified pointer has been registered
* with the nssPointerTracker object. The nssPointerTracker object is
* threadsafe, and this call may be safely called from multiple threads
* simultaneously with the same arguments. This routine returns a
- * PRStatus value; if the pointer is registered this will return
- * PR_SUCCESS. Otherwise it will set an error on the error stack and
- * return PR_FAILURE. Although the error is suitable for leaving on
- * the stack, callers may wish to augment the information available by
+ * PRStatus value; if the pointer is registered this will return
+ * PR_SUCCESS. Otherwise it will set an error on the error stack and
+ * return PR_FAILURE. Although the error is suitable for leaving on
+ * the stack, callers may wish to augment the information available by
* placing a more type-specific error on the stack.
*
* The error may be one of the following values:
* NSS_ERROR_POINTER_NOT_REGISTERED
*
* Return value:
* PR_SUCCESS
* PR_FAILRUE
*/
#ifdef DEBUG
-NSS_EXTERN PRStatus
-nssPointerTracker_verify
-(
- nssPointerTracker *tracker,
- const void *pointer
-);
+NSS_EXTERN PRStatus nssPointerTracker_verify(nssPointerTracker *tracker,
+ const void *pointer);
extern const NSSError NSS_ERROR_POINTER_NOT_REGISTERED;
#endif /* DEBUG */
/*
* libc
*
* nsslibc_memcpy
@@ -1328,67 +1058,49 @@ extern const NSSError NSS_ERROR_POINTER_
* Errors:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* NULL on error
* The destination pointer on success
*/
-NSS_EXTERN void *
-nsslibc_memcpy
-(
- void *dest,
- const void *source,
- PRUint32 n
-);
+NSS_EXTERN void *nsslibc_memcpy(void *dest, const void *source, PRUint32 n);
extern const NSSError NSS_ERROR_INVALID_POINTER;
/*
* nsslibc_memset
*
* Errors:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* NULL on error
* The destination pointer on success
*/
-NSS_EXTERN void *
-nsslibc_memset
-(
- void *dest,
- PRUint8 byte,
- PRUint32 n
-);
+NSS_EXTERN void *nsslibc_memset(void *dest, PRUint8 byte, PRUint32 n);
extern const NSSError NSS_ERROR_INVALID_POINTER;
/*
* nsslibc_memequal
*
* Errors:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_TRUE if they match
* PR_FALSE if they don't
* PR_FALSE upon error
*/
-NSS_EXTERN PRBool
-nsslibc_memequal
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-);
+NSS_EXTERN PRBool nsslibc_memequal(const void *a, const void *b, PRUint32 len,
+ PRStatus *statusOpt);
extern const NSSError NSS_ERROR_INVALID_POINTER;
#define nsslibc_offsetof(str, memb) ((PRPtrdiff)(&(((str *)0)->memb)))
PR_END_EXTERN_C
#endif /* BASE_H */
--- a/security/nss/lib/base/baset.h
+++ b/security/nss/lib/base/baset.h
@@ -27,17 +27,17 @@ PR_BEGIN_EXTERN_C
*/
struct nssArenaMarkStr;
typedef struct nssArenaMarkStr nssArenaMark;
#ifdef DEBUG
/*
* ARENA_THREADMARK
- *
+ *
* Optionally, this arena implementation can be compiled with some
* runtime checking enabled, which will catch the situation where
* one thread "marks" the arena, another thread allocates memory,
* and then the mark is released. Usually this is a surprise to
* the second thread, and this leads to weird runtime errors.
* Define ARENA_THREADMARK to catch these cases; we define it for all
* (internal and external) debug builds.
*/
@@ -63,63 +63,62 @@ typedef struct nssArenaMarkStr nssArenaM
#ifdef ARENA_THREADMARK
#define ARENA_DESTRUCTOR_LIST
#endif /* ARENA_THREADMARK */
#endif /* DEBUG */
typedef struct nssListStr nssList;
typedef struct nssListIteratorStr nssListIterator;
-typedef PRBool (* nssListCompareFunc)(void *a, void *b);
-typedef PRIntn (* nssListSortFunc)(void *a, void *b);
-typedef void (* nssListElementDestructorFunc)(void *el);
+typedef PRBool (*nssListCompareFunc)(void *a, void *b);
+typedef PRIntn (*nssListSortFunc)(void *a, void *b);
+typedef void (*nssListElementDestructorFunc)(void *el);
typedef struct nssHashStr nssHash;
-typedef void (PR_CALLBACK *nssHashIterator)(const void *key,
- void *value,
- void *arg);
+typedef void(PR_CALLBACK *nssHashIterator)(const void *key, void *value,
+ void *arg);
/*
* nssPointerTracker
*
* This type is used in debug builds (both external and internal) to
* track our object pointers. Objects of this type must be statically
* allocated, which means the structure size must be available to the
* compiler. Therefore we must expose the contents of this structure.
* But please don't access elements directly; use the accessors.
*/
#ifdef DEBUG
struct nssPointerTrackerStr {
- PRCallOnceType once;
- PZLock *lock;
- PLHashTable *table;
+ PRCallOnceType once;
+ PZLock *lock;
+ PLHashTable *table;
};
typedef struct nssPointerTrackerStr nssPointerTracker;
#endif /* DEBUG */
/*
* nssStringType
*
* There are several types of strings in the real world. We try to
* use only UTF8 and avoid the rest, but that's not always possible.
* So we have a couple converter routines to go to and from the other
* string types. We have to be able to specify those string types,
* so we have this enumeration.
*/
enum nssStringTypeEnum {
- nssStringType_DirectoryString,
- nssStringType_TeletexString, /* Not "teletext" with trailing 't' */
- nssStringType_PrintableString,
- nssStringType_UniversalString,
- nssStringType_BMPString,
- nssStringType_UTF8String,
- nssStringType_PHGString,
- nssStringType_GeneralString,
+ nssStringType_DirectoryString,
+ nssStringType_TeletexString, /* Not "teletext" with trailing 't' */
+ nssStringType_PrintableString,
+ nssStringType_UniversalString,
+ nssStringType_BMPString,
+ nssStringType_UTF8String,
+ nssStringType_PHGString,
+ nssStringType_GeneralString,
- nssStringType_Unknown = -1
+ nssStringType_Unknown = -1
};
typedef enum nssStringTypeEnum nssStringType;
PR_END_EXTERN_C
#endif /* BASET_H */
--- a/security/nss/lib/base/error.c
+++ b/security/nss/lib/base/error.c
@@ -1,42 +1,42 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* error.c
*
- * This file contains the code implementing the per-thread error
+ * This file contains the code implementing the per-thread error
* stacks upon which most NSS routines report their errors.
*/
#ifndef BASE_H
#include "base.h"
-#endif /* BASE_H */
+#endif /* BASE_H */
#include <limits.h> /* for UINT_MAX */
#include <string.h> /* for memmove */
#define NSS_MAX_ERROR_STACK_COUNT 16 /* error codes */
/*
* The stack itself has a header, and a sequence of integers.
* The header records the amount of space (as measured in stack
* slots) already allocated for the stack, and the count of the
* number of records currently being used.
*/
struct stack_header_str {
- PRUint16 space;
- PRUint16 count;
+ PRUint16 space;
+ PRUint16 count;
};
struct error_stack_str {
- struct stack_header_str header;
- PRInt32 stack[1];
+ struct stack_header_str header;
+ PRInt32 stack[1];
};
typedef struct error_stack_str error_stack;
/*
* error_stack_index
*
* Thread-private data must be indexed. This is that index.
* See PR_NewThreadPrivateIndex for more information.
@@ -57,72 +57,74 @@ static PRUintn error_stack_index = INVAL
static PRCallOnceType error_call_once;
/*
* error_once_function
*
* This is the once-called callback.
*/
static PRStatus
-error_once_function ( void)
+error_once_function(void)
{
- return PR_NewThreadPrivateIndex(&error_stack_index, PR_Free);
+ return PR_NewThreadPrivateIndex(&error_stack_index, PR_Free);
}
/*
* error_get_my_stack
*
* This routine returns the calling thread's error stack, creating
* it if necessary. It may return NULL upon error, which implicitly
* means that it ran out of memory.
*/
static error_stack *
-error_get_my_stack ( void)
+error_get_my_stack(void)
{
- PRStatus st;
- error_stack *rv;
- PRUintn new_size;
- PRUint32 new_bytes;
- error_stack *new_stack;
+ PRStatus st;
+ error_stack *rv;
+ PRUintn new_size;
+ PRUint32 new_bytes;
+ error_stack *new_stack;
- if( INVALID_TPD_INDEX == error_stack_index ) {
- st = PR_CallOnce(&error_call_once, error_once_function);
- if( PR_SUCCESS != st ) {
- return (error_stack *)NULL;
+ if (INVALID_TPD_INDEX == error_stack_index) {
+ st = PR_CallOnce(&error_call_once, error_once_function);
+ if (PR_SUCCESS != st) {
+ return (error_stack *)NULL;
+ }
}
- }
- rv = (error_stack *)PR_GetThreadPrivate(error_stack_index);
- if( (error_stack *)NULL == rv ) {
- /* Doesn't exist; create one */
- new_size = 16;
- } else if( rv->header.count == rv->header.space &&
- rv->header.count < NSS_MAX_ERROR_STACK_COUNT ) {
- /* Too small, expand it */
- new_size = PR_MIN( rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
- } else {
- /* Okay, return it */
- return rv;
- }
+ rv = (error_stack *)PR_GetThreadPrivate(error_stack_index);
+ if ((error_stack *)NULL == rv) {
+ /* Doesn't exist; create one */
+ new_size = 16;
+ }
+ else if (rv->header.count == rv->header.space &&
+ rv->header.count < NSS_MAX_ERROR_STACK_COUNT) {
+ /* Too small, expand it */
+ new_size = PR_MIN(rv->header.space * 2, NSS_MAX_ERROR_STACK_COUNT);
+ }
+ else {
+ /* Okay, return it */
+ return rv;
+ }
- new_bytes = (new_size * sizeof(PRInt32)) + sizeof(error_stack);
- /* Use NSPR's calloc/realloc, not NSS's, to avoid loops! */
- new_stack = PR_Calloc(1, new_bytes);
-
- if( (error_stack *)NULL != new_stack ) {
- if( (error_stack *)NULL != rv ) {
- (void)nsslibc_memcpy(new_stack,rv,rv->header.space);
+ new_bytes = (new_size * sizeof(PRInt32)) + sizeof(error_stack);
+ /* Use NSPR's calloc/realloc, not NSS's, to avoid loops! */
+ new_stack = PR_Calloc(1, new_bytes);
+
+ if ((error_stack *)NULL != new_stack) {
+ if ((error_stack *)NULL != rv) {
+ (void)nsslibc_memcpy(new_stack, rv, rv->header.space);
+ }
+ new_stack->header.space = new_size;
}
- new_stack->header.space = new_size;
- }
- /* Set the value, whether or not the allocation worked */
- PR_SetThreadPrivate(error_stack_index, new_stack);
- return new_stack;
+ /* Set the value, whether or not the allocation worked */
+ PR_SetThreadPrivate(error_stack_index, new_stack);
+ return new_stack;
}
/*
* The error stack
*
* The public methods relating to the error stack are:
*
* NSS_GetError
@@ -146,124 +148,125 @@ error_get_my_stack ( void)
* indicates that the previous NSS library call did not set an error.
*
* Return value:
* 0 if no error has been set
* A nonzero error number
*/
NSS_IMPLEMENT PRInt32
-NSS_GetError ( void)
+NSS_GetError(void)
{
- error_stack *es = error_get_my_stack();
+ error_stack *es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- return NSS_ERROR_NO_MEMORY; /* Good guess! */
- }
+ if ((error_stack *)NULL == es) {
+ return NSS_ERROR_NO_MEMORY; /* Good guess! */
+ }
- if( 0 == es->header.count ) {
- return 0;
- }
+ if (0 == es->header.count) {
+ return 0;
+ }
- return es->stack[ es->header.count-1 ];
+ return es->stack[es->header.count - 1];
}
/*
* NSS_GetErrorStack
*
* This routine returns a pointer to an array of integers, containing
* the entire sequence or "stack" of errors set by the most recent NSS
* library routine called by the same thread calling this routine.
* NOTE: the caller DOES NOT OWN the memory pointed to by the return
* value. The pointer will remain valid until the calling thread
- * calls another NSS routine. The lowest-level (most specific) error
+ * calls another NSS routine. The lowest-level (most specific) error
* is first in the array, and the highest-level is last. The array is
* zero-terminated. This routine may return NULL upon error; this
* indicates a low-memory situation.
*
* Return value:
* NULL upon error, which is an implied NSS_ERROR_NO_MEMORY
* A NON-caller-owned pointer to an array of integers
*/
NSS_IMPLEMENT PRInt32 *
-NSS_GetErrorStack ( void)
+NSS_GetErrorStack(void)
{
- error_stack *es = error_get_my_stack();
+ error_stack *es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- return (PRInt32 *)NULL;
- }
+ if ((error_stack *)NULL == es) {
+ return (PRInt32 *)NULL;
+ }
- /* Make sure it's terminated */
- es->stack[ es->header.count ] = 0;
+ /* Make sure it's terminated */
+ es->stack[es->header.count] = 0;
- return es->stack;
+ return es->stack;
}
/*
* nss_SetError
*
- * This routine places a new error code on the top of the calling
+ * This routine places a new error code on the top of the calling
* thread's error stack. Calling this routine wiht an error code
* of zero will clear the error stack.
*/
NSS_IMPLEMENT void
-nss_SetError ( PRUint32 error)
+nss_SetError(PRUint32 error)
{
- error_stack *es;
+ error_stack *es;
- if( 0 == error ) {
- nss_ClearErrorStack();
- return;
- }
+ if (0 == error) {
+ nss_ClearErrorStack();
+ return;
+ }
- es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- /* Oh, well. */
- return;
- }
+ es = error_get_my_stack();
+ if ((error_stack *)NULL == es) {
+ /* Oh, well. */
+ return;
+ }
- if (es->header.count < es->header.space) {
- es->stack[ es->header.count++ ] = error;
- } else {
- memmove(es->stack, es->stack + 1,
- (es->header.space - 1) * (sizeof es->stack[0]));
- es->stack[ es->header.space - 1 ] = error;
- }
- return;
+ if (es->header.count < es->header.space) {
+ es->stack[es->header.count++] = error;
+ }
+ else {
+ memmove(es->stack, es->stack + 1,
+ (es->header.space - 1) * (sizeof es->stack[0]));
+ es->stack[es->header.space - 1] = error;
+ }
+ return;
}
/*
* nss_ClearErrorStack
*
* This routine clears the calling thread's error stack.
*/
NSS_IMPLEMENT void
-nss_ClearErrorStack ( void)
+nss_ClearErrorStack(void)
{
- error_stack *es = error_get_my_stack();
- if( (error_stack *)NULL == es ) {
- /* Oh, well. */
+ error_stack *es = error_get_my_stack();
+ if ((error_stack *)NULL == es) {
+ /* Oh, well. */
+ return;
+ }
+
+ es->header.count = 0;
+ es->stack[0] = 0;
return;
- }
-
- es->header.count = 0;
- es->stack[0] = 0;
- return;
}
/*
* nss_DestroyErrorStack
*
* This routine frees the calling thread's error stack.
*/
NSS_IMPLEMENT void
-nss_DestroyErrorStack ( void)
+nss_DestroyErrorStack(void)
{
- if( INVALID_TPD_INDEX != error_stack_index ) {
- PR_SetThreadPrivate(error_stack_index, NULL);
- }
- return;
+ if (INVALID_TPD_INDEX != error_stack_index) {
+ PR_SetThreadPrivate(error_stack_index, NULL);
+ }
+ return;
}
--- a/security/nss/lib/base/errorval.c
+++ b/security/nss/lib/base/errorval.c
@@ -7,16 +7,18 @@
*
* This file contains the actual error constants used in NSS.
*/
#ifndef NSSBASET_H
#include "nssbaset.h"
#endif /* NSSBASET_H */
+/* clang-format off */
+
const NSSError NSS_ERROR_NO_ERROR = 0;
const NSSError NSS_ERROR_INTERNAL_ERROR = 1;
const NSSError NSS_ERROR_NO_MEMORY = 2;
const NSSError NSS_ERROR_INVALID_POINTER = 3;
const NSSError NSS_ERROR_INVALID_ARENA = 4;
const NSSError NSS_ERROR_INVALID_ARENA_MARK = 5;
const NSSError NSS_ERROR_DUPLICATE_POINTER = 6;
const NSSError NSS_ERROR_POINTER_NOT_REGISTERED = 7;
@@ -55,8 +57,9 @@ const NSSError NSS_ERROR_CERTIFICATE_IN_
const NSSError NSS_ERROR_HASH_COLLISION = 33;
const NSSError NSS_ERROR_DEVICE_ERROR = 34;
const NSSError NSS_ERROR_INVALID_CERTIFICATE = 35;
const NSSError NSS_ERROR_BUSY = 36;
const NSSError NSS_ERROR_ALREADY_INITIALIZED = 37;
const NSSError NSS_ERROR_PKCS11 = 38;
+/* clang-format on */
\ No newline at end of file
--- a/security/nss/lib/base/hash.c
+++ b/security/nss/lib/base/hash.c
@@ -27,345 +27,293 @@
* nssHash_Remove
* nssHash_Count
* nssHash_Exists
* nssHash_Lookup
* nssHash_Iterate
*/
struct nssHashStr {
- NSSArena *arena;
- PRBool i_alloced_arena;
- PRLock *mutex;
+ NSSArena *arena;
+ PRBool i_alloced_arena;
+ PRLock *mutex;
- /*
- * The invariant that mutex protects is:
- * The count accurately reflects the hashtable state.
- */
+ /*
+ * The invariant that mutex protects is:
+ * The count accurately reflects the hashtable state.
+ */
- PLHashTable *plHashTable;
- PRUint32 count;
+ PLHashTable *plHashTable;
+ PRUint32 count;
};
static PLHashNumber
-nss_identity_hash
-(
- const void *key
-)
+nss_identity_hash(const void *key)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
static PLHashNumber
-nss_item_hash
-(
- const void *key
-)
+nss_item_hash(const void *key)
{
- unsigned int i;
- PLHashNumber h;
- NSSItem *it = (NSSItem *)key;
- h = 0;
- for (i=0; i<it->size; i++)
- h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)it->data)[i];
- return h;
+ unsigned int i;
+ PLHashNumber h;
+ NSSItem *it = (NSSItem *)key;
+ h = 0;
+ for (i = 0; i < it->size; i++)
+ h = PR_ROTATE_LEFT32(h, 4) ^ ((unsigned char *)it->data)[i];
+ return h;
}
static int
nss_compare_items(const void *v1, const void *v2)
{
- PRStatus ignore;
- return (int)nssItem_Equal((NSSItem *)v1, (NSSItem *)v2, &ignore);
+ PRStatus ignore;
+ return (int)nssItem_Equal((NSSItem *)v1, (NSSItem *)v2, &ignore);
}
/*
* nssHash_create
*
*/
NSS_IMPLEMENT nssHash *
-nssHash_Create
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets,
- PLHashFunction keyHash,
- PLHashComparator keyCompare,
- PLHashComparator valueCompare
-)
+nssHash_Create(NSSArena *arenaOpt, PRUint32 numBuckets, PLHashFunction keyHash,
+ PLHashComparator keyCompare, PLHashComparator valueCompare)
{
- nssHash *rv;
- NSSArena *arena;
- PRBool i_alloced;
+ nssHash *rv;
+ NSSArena *arena;
+ PRBool i_alloced;
#ifdef NSSDEBUG
- if( arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (nssHash *)NULL;
- }
+ if (arenaOpt && PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (nssHash *)NULL;
+ }
#endif /* NSSDEBUG */
- if (arenaOpt) {
- arena = arenaOpt;
- i_alloced = PR_FALSE;
- } else {
- arena = nssArena_Create();
- i_alloced = PR_TRUE;
- }
+ if (arenaOpt) {
+ arena = arenaOpt;
+ i_alloced = PR_FALSE;
+ }
+ else {
+ arena = nssArena_Create();
+ i_alloced = PR_TRUE;
+ }
- rv = nss_ZNEW(arena, nssHash);
- if( (nssHash *)NULL == rv ) {
- goto loser;
- }
+ rv = nss_ZNEW(arena, nssHash);
+ if ((nssHash *)NULL == rv) {
+ goto loser;
+ }
- rv->mutex = PZ_NewLock(nssILockOther);
- if( (PZLock *)NULL == rv->mutex ) {
- goto loser;
- }
+ rv->mutex = PZ_NewLock(nssILockOther);
+ if ((PZLock *)NULL == rv->mutex) {
+ goto loser;
+ }
- rv->plHashTable = PL_NewHashTable(numBuckets,
- keyHash, keyCompare, valueCompare,
- &nssArenaHashAllocOps, arena);
- if( (PLHashTable *)NULL == rv->plHashTable ) {
- (void)PZ_DestroyLock(rv->mutex);
- goto loser;
- }
+ rv->plHashTable =
+ PL_NewHashTable(numBuckets, keyHash, keyCompare, valueCompare,
+ &nssArenaHashAllocOps, arena);
+ if ((PLHashTable *)NULL == rv->plHashTable) {
+ (void)PZ_DestroyLock(rv->mutex);
+ goto loser;
+ }
- rv->count = 0;
- rv->arena = arena;
- rv->i_alloced_arena = i_alloced;
+ rv->count = 0;
+ rv->arena = arena;
+ rv->i_alloced_arena = i_alloced;
- return rv;
+ return rv;
loser:
- (void)nss_ZFreeIf(rv);
- return (nssHash *)NULL;
+ (void)nss_ZFreeIf(rv);
+ return (nssHash *)NULL;
}
/*
* nssHash_CreatePointer
*
*/
NSS_IMPLEMENT nssHash *
-nssHash_CreatePointer
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-)
+nssHash_CreatePointer(NSSArena *arenaOpt, PRUint32 numBuckets)
{
- return nssHash_Create(arenaOpt, numBuckets,
- nss_identity_hash, PL_CompareValues, PL_CompareValues);
+ return nssHash_Create(arenaOpt, numBuckets, nss_identity_hash,
+ PL_CompareValues, PL_CompareValues);
}
/*
* nssHash_CreateString
*
*/
NSS_IMPLEMENT nssHash *
-nssHash_CreateString
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-)
+nssHash_CreateString(NSSArena *arenaOpt, PRUint32 numBuckets)
{
- return nssHash_Create(arenaOpt, numBuckets,
- PL_HashString, PL_CompareStrings, PL_CompareStrings);
+ return nssHash_Create(arenaOpt, numBuckets, PL_HashString,
+ PL_CompareStrings, PL_CompareStrings);
}
/*
* nssHash_CreateItem
*
*/
NSS_IMPLEMENT nssHash *
-nssHash_CreateItem
-(
- NSSArena *arenaOpt,
- PRUint32 numBuckets
-)
+nssHash_CreateItem(NSSArena *arenaOpt, PRUint32 numBuckets)
{
- return nssHash_Create(arenaOpt, numBuckets,
- nss_item_hash, nss_compare_items, PL_CompareValues);
+ return nssHash_Create(arenaOpt, numBuckets, nss_item_hash,
+ nss_compare_items, PL_CompareValues);
}
/*
* nssHash_Destroy
*
*/
NSS_IMPLEMENT void
-nssHash_Destroy
-(
- nssHash *hash
-)
+nssHash_Destroy(nssHash *hash)
{
- (void)PZ_DestroyLock(hash->mutex);
- PL_HashTableDestroy(hash->plHashTable);
- if (hash->i_alloced_arena) {
- nssArena_Destroy(hash->arena);
- } else {
- nss_ZFreeIf(hash);
- }
+ (void)PZ_DestroyLock(hash->mutex);
+ PL_HashTableDestroy(hash->plHashTable);
+ if (hash->i_alloced_arena) {
+ nssArena_Destroy(hash->arena);
+ }
+ else {
+ nss_ZFreeIf(hash);
+ }
}
/*
* nssHash_Add
*
*/
NSS_IMPLEMENT PRStatus
-nssHash_Add
-(
- nssHash *hash,
- const void *key,
- const void *value
-)
+nssHash_Add(nssHash *hash, const void *key, const void *value)
{
- PRStatus error = PR_FAILURE;
- PLHashEntry *he;
+ PRStatus error = PR_FAILURE;
+ PLHashEntry *he;
+
+ PZ_Lock(hash->mutex);
- PZ_Lock(hash->mutex);
-
- he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
- if( (PLHashEntry *)NULL == he ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- } else if (he->value != value) {
- nss_SetError(NSS_ERROR_HASH_COLLISION);
- } else {
- hash->count++;
- error = PR_SUCCESS;
- }
+ he = PL_HashTableAdd(hash->plHashTable, key, (void *)value);
+ if ((PLHashEntry *)NULL == he) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ }
+ else if (he->value != value) {
+ nss_SetError(NSS_ERROR_HASH_COLLISION);
+ }
+ else {
+ hash->count++;
+ error = PR_SUCCESS;
+ }
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- return error;
+ return error;
}
/*
* nssHash_Remove
*
*/
NSS_IMPLEMENT void
-nssHash_Remove
-(
- nssHash *hash,
- const void *it
-)
+nssHash_Remove(nssHash *hash, const void *it)
{
- PRBool found;
+ PRBool found;
+
+ PZ_Lock(hash->mutex);
- PZ_Lock(hash->mutex);
+ found = PL_HashTableRemove(hash->plHashTable, it);
+ if (found) {
+ hash->count--;
+ }
- found = PL_HashTableRemove(hash->plHashTable, it);
- if( found ) {
- hash->count--;
- }
-
- (void)PZ_Unlock(hash->mutex);
- return;
+ (void)PZ_Unlock(hash->mutex);
+ return;
}
/*
* nssHash_Count
*
*/
NSS_IMPLEMENT PRUint32
-nssHash_Count
-(
- nssHash *hash
-)
+nssHash_Count(nssHash *hash)
{
- PRUint32 count;
+ PRUint32 count;
+
+ PZ_Lock(hash->mutex);
- PZ_Lock(hash->mutex);
-
- count = hash->count;
+ count = hash->count;
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- return count;
+ return count;
}
/*
* nssHash_Exists
*
*/
NSS_IMPLEMENT PRBool
-nssHash_Exists
-(
- nssHash *hash,
- const void *it
-)
+nssHash_Exists(nssHash *hash, const void *it)
{
- void *value;
+ void *value;
- PZ_Lock(hash->mutex);
+ PZ_Lock(hash->mutex);
+
+ value = PL_HashTableLookup(hash->plHashTable, it);
- value = PL_HashTableLookup(hash->plHashTable, it);
-
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- if( (void *)NULL == value ) {
- return PR_FALSE;
- } else {
- return PR_TRUE;
- }
+ if ((void *)NULL == value) {
+ return PR_FALSE;
+ }
+ else {
+ return PR_TRUE;
+ }
}
/*
* nssHash_Lookup
*
*/
NSS_IMPLEMENT void *
-nssHash_Lookup
-(
- nssHash *hash,
- const void *it
-)
+nssHash_Lookup(nssHash *hash, const void *it)
{
- void *rv;
+ void *rv;
+
+ PZ_Lock(hash->mutex);
- PZ_Lock(hash->mutex);
-
- rv = PL_HashTableLookup(hash->plHashTable, it);
+ rv = PL_HashTableLookup(hash->plHashTable, it);
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- return rv;
+ return rv;
}
struct arg_str {
- nssHashIterator fcn;
- void *closure;
+ nssHashIterator fcn;
+ void *closure;
};
static PRIntn
-nss_hash_enumerator
-(
- PLHashEntry *he,
- PRIntn index,
- void *arg
-)
+nss_hash_enumerator(PLHashEntry *he, PRIntn index, void *arg)
{
- struct arg_str *as = (struct arg_str *)arg;
- as->fcn(he->key, he->value, as->closure);
- return HT_ENUMERATE_NEXT;
+ struct arg_str *as = (struct arg_str *)arg;
+ as->fcn(he->key, he->value, as->closure);
+ return HT_ENUMERATE_NEXT;
}
/*
* nssHash_Iterate
*
* NOTE that the iteration function will be called with the hashtable locked.
*/
NSS_IMPLEMENT void
-nssHash_Iterate
-(
- nssHash *hash,
- nssHashIterator fcn,
- void *closure
-)
+nssHash_Iterate(nssHash *hash, nssHashIterator fcn, void *closure)
{
- struct arg_str as;
- as.fcn = fcn;
- as.closure = closure;
+ struct arg_str as;
+ as.fcn = fcn;
+ as.closure = closure;
- PZ_Lock(hash->mutex);
+ PZ_Lock(hash->mutex);
- PL_HashTableEnumerateEntries(hash->plHashTable, nss_hash_enumerator, &as);
+ PL_HashTableEnumerateEntries(hash->plHashTable, nss_hash_enumerator, &as);
- (void)PZ_Unlock(hash->mutex);
+ (void)PZ_Unlock(hash->mutex);
- return;
+ return;
}
--- a/security/nss/lib/base/hashops.c
+++ b/security/nss/lib/base/hashops.c
@@ -7,78 +7,58 @@
*
* This file includes a set of PLHashAllocOps that use NSSArenas.
*/
#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */
-static void * PR_CALLBACK
-nss_arena_hash_alloc_table
-(
- void *pool,
- PRSize size
-)
+static void *PR_CALLBACK
+nss_arena_hash_alloc_table(void *pool, PRSize size)
{
- NSSArena *arena = (NSSArena *)NULL;
+ NSSArena *arena = (NSSArena *)NULL;
#ifdef NSSDEBUG
- if( (void *)NULL != arena ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (void *)NULL;
+ if ((void *)NULL != arena) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return (void *)NULL;
+ }
}
- }
#endif /* NSSDEBUG */
- return nss_ZAlloc(arena, size);
+ return nss_ZAlloc(arena, size);
}
static void PR_CALLBACK
-nss_arena_hash_free_table
-(
- void *pool,
- void *item
-)
+nss_arena_hash_free_table(void *pool, void *item)
{
- (void)nss_ZFreeIf(item);
+ (void)nss_ZFreeIf(item);
}
-static PLHashEntry * PR_CALLBACK
-nss_arena_hash_alloc_entry
-(
- void *pool,
- const void *key
-)
+static PLHashEntry *PR_CALLBACK
+nss_arena_hash_alloc_entry(void *pool, const void *key)
{
- NSSArena *arena = NULL;
+ NSSArena *arena = NULL;
#ifdef NSSDEBUG
- if( (void *)NULL != arena ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arena) ) {
- return (void *)NULL;
+ if ((void *)NULL != arena) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arena)) {
+ return (void *)NULL;
+ }
}
- }
#endif /* NSSDEBUG */
- return nss_ZNEW(arena, PLHashEntry);
+ return nss_ZNEW(arena, PLHashEntry);
}
static void PR_CALLBACK
-nss_arena_hash_free_entry
-(
- void *pool,
- PLHashEntry *he,
- PRUintn flag
-)
+nss_arena_hash_free_entry(void *pool, PLHashEntry *he, PRUintn flag)
{
- if( HT_FREE_ENTRY == flag ) {
- (void)nss_ZFreeIf(he);
- }
+ if (HT_FREE_ENTRY == flag) {
+ (void)nss_ZFreeIf(he);
+ }
}
-NSS_IMPLEMENT_DATA PLHashAllocOps
-nssArenaHashAllocOps = {
- nss_arena_hash_alloc_table,
- nss_arena_hash_free_table,
- nss_arena_hash_alloc_entry,
- nss_arena_hash_free_entry
+NSS_IMPLEMENT_DATA PLHashAllocOps nssArenaHashAllocOps = {
+ nss_arena_hash_alloc_table, nss_arena_hash_free_table,
+ nss_arena_hash_alloc_entry, nss_arena_hash_free_entry
};
--- a/security/nss/lib/base/item.c
+++ b/security/nss/lib/base/item.c
@@ -17,128 +17,115 @@
*
* -- fgmr comments --
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
* NSS_ERROR_INVALID_POINTER
- *
+ *
* Return value:
* A pointer to an NSSItem upon success
* NULL upon failure
*/
NSS_IMPLEMENT NSSItem *
-nssItem_Create
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- PRUint32 length,
- const void *data
-)
+nssItem_Create(NSSArena *arenaOpt, NSSItem *rvOpt, PRUint32 length,
+ const void *data)
{
- NSSItem *rv = (NSSItem *)NULL;
+ NSSItem *rv = (NSSItem *)NULL;
#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSItem *)NULL;
+ }
}
- }
- if( (const void *)NULL == data ) {
- if( length > 0 ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSItem *)NULL;
+ if ((const void *)NULL == data) {
+ if (length > 0) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (NSSItem *)NULL;
+ }
}
- }
#endif /* DEBUG */
- if( (NSSItem *)NULL == rvOpt ) {
- rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
- if( (NSSItem *)NULL == rv ) {
- goto loser;
+ if ((NSSItem *)NULL == rvOpt) {
+ rv = (NSSItem *)nss_ZNEW(arenaOpt, NSSItem);
+ if ((NSSItem *)NULL == rv) {
+ goto loser;
+ }
}
- } else {
- rv = rvOpt;
- }
+ else {
+ rv = rvOpt;
+ }
- rv->size = length;
- rv->data = nss_ZAlloc(arenaOpt, length);
- if( (void *)NULL == rv->data ) {
- goto loser;
- }
+ rv->size = length;
+ rv->data = nss_ZAlloc(arenaOpt, length);
+ if ((void *)NULL == rv->data) {
+ goto loser;
+ }
- if( length > 0 ) {
- (void)nsslibc_memcpy(rv->data, data, length);
- }
+ if (length > 0) {
+ (void)nsslibc_memcpy(rv->data, data, length);
+ }
- return rv;
+ return rv;
- loser:
- if( rv != rvOpt ) {
- nss_ZFreeIf(rv);
- }
+loser:
+ if (rv != rvOpt) {
+ nss_ZFreeIf(rv);
+ }
- return (NSSItem *)NULL;
+ return (NSSItem *)NULL;
}
NSS_IMPLEMENT void
-nssItem_Destroy
-(
- NSSItem *item
-)
+nssItem_Destroy(NSSItem *item)
{
- nss_ClearErrorStack();
+ nss_ClearErrorStack();
- nss_ZFreeIf(item->data);
- nss_ZFreeIf(item);
-
+ nss_ZFreeIf(item->data);
+ nss_ZFreeIf(item);
}
/*
* nssItem_Duplicate
*
* -- fgmr comments --
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
* NSS_ERROR_INVALID_ITEM
- *
+ *
* Return value:
* A pointer to an NSSItem upon success
* NULL upon failure
*/
NSS_IMPLEMENT NSSItem *
-nssItem_Duplicate
-(
- NSSItem *obj,
- NSSArena *arenaOpt,
- NSSItem *rvOpt
-)
+nssItem_Duplicate(NSSItem *obj, NSSArena *arenaOpt, NSSItem *rvOpt)
{
#ifdef DEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSItem *)NULL;
+ }
}
- }
- if( (NSSItem *)NULL == obj ) {
- nss_SetError(NSS_ERROR_INVALID_ITEM);
- return (NSSItem *)NULL;
- }
+ if ((NSSItem *)NULL == obj) {
+ nss_SetError(NSS_ERROR_INVALID_ITEM);
+ return (NSSItem *)NULL;
+ }
#endif /* DEBUG */
- return nssItem_Create(arenaOpt, rvOpt, obj->size, obj->data);
+ return nssItem_Create(arenaOpt, rvOpt, obj->size, obj->data);
}
#ifdef DEBUG
/*
* nssItem_verifyPointer
*
* -- fgmr comments --
*
@@ -146,28 +133,25 @@ nssItem_Duplicate
* NSS_ERROR_INVALID_ITEM
*
* Return value:
* PR_SUCCESS upon success
* PR_FAILURE upon failure
*/
NSS_IMPLEMENT PRStatus
-nssItem_verifyPointer
-(
- const NSSItem *item
-)
+nssItem_verifyPointer(const NSSItem *item)
{
- if( ((const NSSItem *)NULL == item) ||
- (((void *)NULL == item->data) && (item->size > 0)) ) {
- nss_SetError(NSS_ERROR_INVALID_ITEM);
- return PR_FAILURE;
- }
+ if (((const NSSItem *)NULL == item) ||
+ (((void *)NULL == item->data) && (item->size > 0))) {
+ nss_SetError(NSS_ERROR_INVALID_ITEM);
+ return PR_FAILURE;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
#endif /* DEBUG */
/*
* nssItem_Equal
*
* -- fgmr comments --
*
@@ -176,33 +160,28 @@ nssItem_verifyPointer
*
* Return value:
* PR_TRUE if the items are identical
* PR_FALSE if they aren't
* PR_FALSE upon error
*/
NSS_IMPLEMENT PRBool
-nssItem_Equal
-(
- const NSSItem *one,
- const NSSItem *two,
- PRStatus *statusOpt
-)
+nssItem_Equal(const NSSItem *one, const NSSItem *two, PRStatus *statusOpt)
{
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
+
+ if (((const NSSItem *)NULL == one) && ((const NSSItem *)NULL == two)) {
+ return PR_TRUE;
+ }
- if( ((const NSSItem *)NULL == one) && ((const NSSItem *)NULL == two) ) {
- return PR_TRUE;
- }
+ if (((const NSSItem *)NULL == one) || ((const NSSItem *)NULL == two)) {
+ return PR_FALSE;
+ }
- if( ((const NSSItem *)NULL == one) || ((const NSSItem *)NULL == two) ) {
- return PR_FALSE;
- }
+ if (one->size != two->size) {
+ return PR_FALSE;
+ }
- if( one->size != two->size ) {
- return PR_FALSE;
- }
-
- return nsslibc_memequal(one->data, two->data, one->size, statusOpt);
+ return nsslibc_memequal(one->data, two->data, one->size, statusOpt);
}
--- a/security/nss/lib/base/libc.c
+++ b/security/nss/lib/base/libc.c
@@ -1,19 +1,19 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* libc.c
*
- * This file contains our wrappers/reimplementations for "standard"
- * libc functions. Things like "memcpy." We add to this as we need
- * it. Oh, and let's keep it in alphabetical order, should it ever
- * get large. Most string/character stuff should be in utf8.c, not
+ * This file contains our wrappers/reimplementations for "standard"
+ * libc functions. Things like "memcpy." We add to this as we need
+ * it. Oh, and let's keep it in alphabetical order, should it ever
+ * get large. Most string/character stuff should be in utf8.c, not
* here. This file (and maybe utf8.c) should be the only ones in
* NSS to include files with angle brackets.
*/
#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */
@@ -33,132 +33,112 @@
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* NULL on error
* The destination pointer on success
*/
NSS_IMPLEMENT void *
-nsslibc_memcpy
-(
- void *dest,
- const void *source,
- PRUint32 n
-)
+nsslibc_memcpy(void *dest, const void *source, PRUint32 n)
{
#ifdef NSSDEBUG
- if( ((void *)NULL == dest) || ((const void *)NULL == source) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
+ if (((void *)NULL == dest) || ((const void *)NULL == source)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (void *)NULL;
+ }
#endif /* NSSDEBUG */
- return memcpy(dest, source, (size_t)n);
+ return memcpy(dest, source, (size_t)n);
}
/*
* nsslibc_memset
*
* Errors:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* NULL on error
* The destination pointer on success
*/
NSS_IMPLEMENT void *
-nsslibc_memset
-(
- void *dest,
- PRUint8 byte,
- PRUint32 n
-)
+nsslibc_memset(void *dest, PRUint8 byte, PRUint32 n)
{
#ifdef NSSDEBUG
- if( ((void *)NULL == dest) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (void *)NULL;
- }
+ if (((void *)NULL == dest)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (void *)NULL;
+ }
#endif /* NSSDEBUG */
- return memset(dest, (int)byte, (size_t)n);
+ return memset(dest, (int)byte, (size_t)n);
}
/*
* nsslibc_memequal
*
* Errors:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_TRUE if they match
* PR_FALSE if they don't
* PR_FALSE upon error
*/
NSS_IMPLEMENT PRBool
-nsslibc_memequal
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-)
+nsslibc_memequal(const void *a, const void *b, PRUint32 len,
+ PRStatus *statusOpt)
{
#ifdef NSSDEBUG
- if( (((void *)NULL == a) || ((void *)NULL == b)) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if ((((void *)NULL == a) || ((void *)NULL == b))) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return PR_FALSE;
}
- return PR_FALSE;
- }
#endif /* NSSDEBUG */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- if( 0 == memcmp(a, b, len) ) {
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
+ if (0 == memcmp(a, b, len)) {
+ return PR_TRUE;
+ }
+ else {
+ return PR_FALSE;
+ }
}
/*
* nsslibc_memcmp
*/
NSS_IMPLEMENT PRInt32
-nsslibc_memcmp
-(
- const void *a,
- const void *b,
- PRUint32 len,
- PRStatus *statusOpt
-)
+nsslibc_memcmp(const void *a, const void *b, PRUint32 len, PRStatus *statusOpt)
{
- int v;
+ int v;
#ifdef NSSDEBUG
- if( (((void *)NULL == a) || ((void *)NULL == b)) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if ((((void *)NULL == a) || ((void *)NULL == b))) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return -2;
}
- return -2;
- }
#endif /* NSSDEBUG */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- v = memcmp(a, b, len);
- return (PRInt32)v;
+ v = memcmp(a, b, len);
+ return (PRInt32)v;
}
/*
* offsetof is a preprocessor definition
*/
--- a/security/nss/lib/base/list.c
+++ b/security/nss/lib/base/list.c
@@ -8,131 +8,131 @@
* This contains the implementation of NSS's thread-safe linked list.
*/
#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */
struct nssListElementStr {
- PRCList link;
- void *data;
+ PRCList link;
+ void *data;
};
typedef struct nssListElementStr nssListElement;
struct nssListStr {
- NSSArena *arena;
- PZLock *lock;
+ NSSArena *arena;
+ PZLock *lock;
nssListElement *head;
- PRUint32 count;
+ PRUint32 count;
nssListCompareFunc compareFunc;
- nssListSortFunc sortFunc;
+ nssListSortFunc sortFunc;
PRBool i_alloced_arena;
};
struct nssListIteratorStr {
PZLock *lock;
nssList *list;
nssListElement *current;
};
-#define NSSLIST_LOCK_IF(list) \
- if ((list)->lock) PZ_Lock((list)->lock)
+#define NSSLIST_LOCK_IF(list) \
+ if ((list)->lock) \
+ PZ_Lock((list)->lock)
-#define NSSLIST_UNLOCK_IF(list) \
- if ((list)->lock) PZ_Unlock((list)->lock)
+#define NSSLIST_UNLOCK_IF(list) \
+ if ((list)->lock) \
+ PZ_Unlock((list)->lock)
static PRBool
pointer_compare(void *a, void *b)
{
return (PRBool)(a == b);
}
static nssListElement *
nsslist_get_matching_element(nssList *list, void *data)
{
PRCList *link;
nssListElement *node;
node = list->head;
if (!node) {
- return NULL;
+ return NULL;
}
link = &node->link;
while (node) {
- /* using a callback slows things down when it's just compare ... */
- if (list->compareFunc(node->data, data)) {
- break;
- }
- link = &node->link;
- if (link == PR_LIST_TAIL(&list->head->link)) {
- node = NULL;
- break;
- }
- node = (nssListElement *)PR_NEXT_LINK(&node->link);
+ /* using a callback slows things down when it's just compare ... */
+ if (list->compareFunc(node->data, data)) {
+ break;
+ }
+ link = &node->link;
+ if (link == PR_LIST_TAIL(&list->head->link)) {
+ node = NULL;
+ break;
+ }
+ node = (nssListElement *)PR_NEXT_LINK(&node->link);
}
return node;
}
NSS_IMPLEMENT nssList *
-nssList_Create
-(
- NSSArena *arenaOpt,
- PRBool threadSafe
-)
+nssList_Create(NSSArena *arenaOpt, PRBool threadSafe)
{
NSSArena *arena;
nssList *list;
PRBool i_alloced;
if (arenaOpt) {
- arena = arenaOpt;
- i_alloced = PR_FALSE;
- } else {
- arena = nssArena_Create();
- i_alloced = PR_TRUE;
+ arena = arenaOpt;
+ i_alloced = PR_FALSE;
+ }
+ else {
+ arena = nssArena_Create();
+ i_alloced = PR_TRUE;
}
if (!arena) {
- return (nssList *)NULL;
+ return (nssList *)NULL;
}
list = nss_ZNEW(arena, nssList);
if (!list) {
- if (!arenaOpt) {
- NSSArena_Destroy(arena);
- }
- return (nssList *)NULL;
+ if (!arenaOpt) {
+ NSSArena_Destroy(arena);
+ }
+ return (nssList *)NULL;
}
if (threadSafe) {
- list->lock = PZ_NewLock(nssILockOther);
- if (!list->lock) {
- if (arenaOpt) {
- nss_ZFreeIf(list);
- } else {
- NSSArena_Destroy(arena);
- }
- return (nssList *)NULL;
- }
+ list->lock = PZ_NewLock(nssILockOther);
+ if (!list->lock) {
+ if (arenaOpt) {
+ nss_ZFreeIf(list);
+ }
+ else {
+ NSSArena_Destroy(arena);
+ }
+ return (nssList *)NULL;
+ }
}
list->arena = arena;
list->i_alloced_arena = i_alloced;
list->compareFunc = pointer_compare;
return list;
}
NSS_IMPLEMENT PRStatus
nssList_Destroy(nssList *list)
{
if (!list->i_alloced_arena) {
- nssList_Clear(list, NULL);
+ nssList_Clear(list, NULL);
}
if (list->lock) {
- (void)PZ_DestroyLock(list->lock);
+ (void)PZ_DestroyLock(list->lock);
}
if (list->i_alloced_arena) {
- NSSArena_Destroy(list->arena);
- list = NULL;
+ NSSArena_Destroy(list->arena);
+ list = NULL;
}
nss_ZFreeIf(list);
return PR_SUCCESS;
}
NSS_IMPLEMENT void
nssList_SetCompareFunction(nssList *list, nssListCompareFunc compareFunc)
{
@@ -156,64 +156,68 @@ NSS_IMPLEMENT void
nssList_Clear(nssList *list, nssListElementDestructorFunc destructor)
{
PRCList *link;
nssListElement *node, *tmp;
NSSLIST_LOCK_IF(list);
node = list->head;
list->head = NULL;
while (node && list->count > 0) {
- if (destructor) (*destructor)(node->data);
- link = &node->link;
- tmp = (nssListElement *)PR_NEXT_LINK(link);
- PR_REMOVE_LINK(link);
- nss_ZFreeIf(node);
- node = tmp;
- --list->count;
+ if (destructor)
+ (*destructor)(node->data);
+ link = &node->link;
+ tmp = (nssListElement *)PR_NEXT_LINK(link);
+ PR_REMOVE_LINK(link);
+ nss_ZFreeIf(node);
+ node = tmp;
+ --list->count;
}
NSSLIST_UNLOCK_IF(list);
}
static PRStatus
nsslist_add_element(nssList *list, void *data)
{
nssListElement *node = nss_ZNEW(list->arena, nssListElement);
if (!node) {
- return PR_FAILURE;
+ return PR_FAILURE;
}
PR_INIT_CLIST(&node->link);
node->data = data;
if (list->head) {
- if (list->sortFunc) {
- PRCList *link;
- nssListElement *currNode;
- currNode = list->head;
- /* insert in ordered list */
- while (currNode) {
- link = &currNode->link;
- if (list->sortFunc(data, currNode->data) <= 0) {
- /* new element goes before current node */
- PR_INSERT_BEFORE(&node->link, link);
- /* reset head if this is first */
- if (currNode == list->head) list->head = node;
- break;
- }
- if (link == PR_LIST_TAIL(&list->head->link)) {
- /* reached end of list, append */
- PR_INSERT_AFTER(&node->link, link);
- break;
- }
- currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link);
- }
- } else {
- /* not sorting */
- PR_APPEND_LINK(&node->link, &list->head->link);
- }
- } else {
- list->head = node;
+ if (list->sortFunc) {
+ PRCList *link;
+ nssListElement *currNode;
+ currNode = list->head;
+ /* insert in ordered list */
+ while (currNode) {
+ link = &currNode->link;
+ if (list->sortFunc(data, currNode->data) <= 0) {
+ /* new element goes before current node */
+ PR_INSERT_BEFORE(&node->link, link);
+ /* reset head if this is first */
+ if (currNode == list->head)
+ list->head = node;
+ break;
+ }
+ if (link == PR_LIST_TAIL(&list->head->link)) {
+ /* reached end of list, append */
+ PR_INSERT_AFTER(&node->link, link);
+ break;
+ }
+ currNode = (nssListElement *)PR_NEXT_LINK(&currNode->link);
+ }
+ }
+ else {
+ /* not sorting */
+ PR_APPEND_LINK(&node->link, &list->head->link);
+ }
+ }
+ else {
+ list->head = node;
}
++list->count;
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
nssList_Add(nssList *list, void *data)
{
@@ -226,40 +230,40 @@ nssList_Add(nssList *list, void *data)
NSS_IMPLEMENT PRStatus
nssList_AddUnique(nssList *list, void *data)
{
PRStatus nssrv;
nssListElement *node;
NSSLIST_LOCK_IF(list);
node = nsslist_get_matching_element(list, data);
if (node) {
- /* already in, finish */
- NSSLIST_UNLOCK_IF(list);
- return PR_SUCCESS;
+ /* already in, finish */
+ NSSLIST_UNLOCK_IF(list);
+ return PR_SUCCESS;
}
nssrv = nsslist_add_element(list, data);
NSSLIST_UNLOCK_IF(list);
return nssrv;
}
NSS_IMPLEMENT PRStatus
nssList_Remove(nssList *list, void *data)
{
nssListElement *node;
NSSLIST_LOCK_IF(list);
node = nsslist_get_matching_element(list, data);
if (node) {
- if (node == list->head) {
- list->head = (nssListElement *)PR_NEXT_LINK(&node->link);
- }
- PR_REMOVE_LINK(&node->link);
- nss_ZFreeIf(node);
- if (--list->count == 0) {
- list->head = NULL;
- }
+ if (node == list->head) {
+ list->head = (nssListElement *)PR_NEXT_LINK(&node->link);
+ }
+ PR_REMOVE_LINK(&node->link);
+ nss_ZFreeIf(node);
+ if (--list->count == 0) {
+ list->head = NULL;
+ }
}
NSSLIST_UNLOCK_IF(list);
return PR_SUCCESS;
}
NSS_IMPLEMENT void *
nssList_Get(nssList *list, void *data)
{
@@ -279,122 +283,122 @@ nssList_Count(nssList *list)
NSS_IMPLEMENT PRStatus
nssList_GetArray(nssList *list, void **rvArray, PRUint32 maxElements)
{
nssListElement *node;
PRUint32 i = 0;
PR_ASSERT(maxElements > 0);
node = list->head;
if (!node) {
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
NSSLIST_LOCK_IF(list);
while (node) {
- rvArray[i++] = node->data;
- if (i == maxElements) break;
- node = (nssListElement *)PR_NEXT_LINK(&node->link);
- if (node == list->head) {
- break;
- }
+ rvArray[i++] = node->data;
+ if (i == maxElements)
+ break;
+ node = (nssListElement *)PR_NEXT_LINK(&node->link);
+ if (node == list->head) {
+ break;
+ }
}
NSSLIST_UNLOCK_IF(list);
return PR_SUCCESS;
}
NSS_IMPLEMENT nssList *
nssList_Clone(nssList *list)
{
nssList *rvList;
nssListElement *node;
rvList = nssList_Create(NULL, (list->lock != NULL));
if (!rvList) {
- return NULL;
+ return NULL;
}
NSSLIST_LOCK_IF(list);
if (list->count > 0) {
- node = list->head;
- while (PR_TRUE) {
- nssList_Add(rvList, node->data);
- node = (nssListElement *)PR_NEXT_LINK(&node->link);
- if (node == list->head) {
- break;
- }
- }
+ node = list->head;
+ while (PR_TRUE) {
+ nssList_Add(rvList, node->data);
+ node = (nssListElement *)PR_NEXT_LINK(&node->link);
+ if (node == list->head) {
+ break;
+ }
+ }
}
NSSLIST_UNLOCK_IF(list);
return rvList;
}
NSS_IMPLEMENT nssListIterator *
nssList_CreateIterator(nssList *list)
{
nssListIterator *rvIterator;
rvIterator = nss_ZNEW(NULL, nssListIterator);
if (!rvIterator) {
- return NULL;
+ return NULL;
}
rvIterator->list = nssList_Clone(list);
if (!rvIterator->list) {
- nss_ZFreeIf(rvIterator);
- return NULL;
+ nss_ZFreeIf(rvIterator);
+ return NULL;
}
rvIterator->current = rvIterator->list->head;
if (list->lock) {
- rvIterator->lock = PZ_NewLock(nssILockOther);
- if (!rvIterator->lock) {
- nssList_Destroy(rvIterator->list);
- nss_ZFreeIf(rvIterator);
- rvIterator = NULL;
- }
+ rvIterator->lock = PZ_NewLock(nssILockOther);
+ if (!rvIterator->lock) {
+ nssList_Destroy(rvIterator->list);
+ nss_ZFreeIf(rvIterator);
+ rvIterator = NULL;
+ }
}
return rvIterator;
}
NSS_IMPLEMENT void
nssListIterator_Destroy(nssListIterator *iter)
{
if (iter->lock) {
- (void)PZ_DestroyLock(iter->lock);
+ (void)PZ_DestroyLock(iter->lock);
}
nssList_Destroy(iter->list);
nss_ZFreeIf(iter);
}
NSS_IMPLEMENT void *
nssListIterator_Start(nssListIterator *iter)
{
NSSLIST_LOCK_IF(iter);
if (iter->list->count == 0) {
- return NULL;
+ return NULL;
}
iter->current = iter->list->head;
return iter->current->data;
}
NSS_IMPLEMENT void *
nssListIterator_Next(nssListIterator *iter)
{
nssListElement *node;
PRCList *link;
if (iter->list->count == 1 || iter->current == NULL) {
- /* Reached the end of the list. Don't change the state, force to
- * user to call nssList_Finish to clean up.
- */
- return NULL;
+ /* Reached the end of the list. Don't change the state, force to
+ * user to call nssList_Finish to clean up.
+ */
+ return NULL;
}
node = (nssListElement *)PR_NEXT_LINK(&iter->current->link);
link = &node->link;
if (link == PR_LIST_TAIL(&iter->list->head->link)) {
- /* Signal the end of the list. */
- iter->current = NULL;
- return node->data;
+ /* Signal the end of the list. */
+ iter->current = NULL;
+ return node->data;
}
iter->current = node;
return node->data;
}
NSS_IMPLEMENT PRStatus
nssListIterator_Finish(nssListIterator *iter)
{
iter->current = iter->list->head;
return (iter->lock) ? PZ_Unlock(iter->lock) : PR_SUCCESS;
}
-
--- a/security/nss/lib/base/nssbase.h
+++ b/security/nss/lib/base/nssbase.h
@@ -39,45 +39,37 @@ PR_BEGIN_EXTERN_C
* The top-level error may be one of the following values:
* NSS_ERROR_NO_MEMORY
*
* Return value:
* NULL upon error
* A pointer to an NSSArena upon success
*/
-NSS_EXTERN NSSArena *
-NSSArena_Create
-(
- void
-);
+NSS_EXTERN NSSArena *NSSArena_Create(void);
extern const NSSError NSS_ERROR_NO_MEMORY;
/*
* NSSArena_Destroy
*
* This routine will destroy the specified arena, freeing all memory
- * allocated from it. This routine returns a PRStatus value; if
+ * allocated from it. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCESS. If unsuccessful, it will
* create an error stack and return PR_FAILURE.
*
* The top-level error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
*
* Return value:
* PR_SUCCESS upon success
* PR_FAILURE upon failure
*/
-NSS_EXTERN PRStatus
-NSSArena_Destroy
-(
- NSSArena *arena
-);
+NSS_EXTERN PRStatus NSSArena_Destroy(NSSArena *arena);
extern const NSSError NSS_ERROR_INVALID_ARENA;
/*
* The error stack
*
* The public methods relating to the error stack are:
*
@@ -95,152 +87,131 @@ extern const NSSError NSS_ERROR_INVALID_
* This routine cannot fail. It may return NSS_ERROR_NO_ERROR, which
* indicates that the previous NSS library call did not set an error.
*
* Return value:
* 0 if no error has been set
* A nonzero error number
*/
-NSS_EXTERN NSSError
-NSS_GetError
-(
- void
-);
+NSS_EXTERN NSSError NSS_GetError(void);
extern const NSSError NSS_ERROR_NO_ERROR;
/*
* NSS_GetErrorStack
*
- * This routine returns a pointer to an array of NSSError values,
- * containingthe entire sequence or "stack" of errors set by the most
- * recent NSS library routine called by the same thread calling this
- * routine. NOTE: the caller DOES NOT OWN the memory pointed to by
- * the return value. The pointer will remain valid until the calling
- * thread calls another NSS routine. The lowest-level (most specific)
- * error is first in the array, and the highest-level is last. The
- * array is zero-terminated. This routine may return NULL upon error;
+ * This routine returns a pointer to an array of NSSError values,
+ * containingthe entire sequence or "stack" of errors set by the most
+ * recent NSS library routine called by the same thread calling this
+ * routine. NOTE: the caller DOES NOT OWN the memory pointed to by
+ * the return value. The pointer will remain valid until the calling
+ * thread calls another NSS routine. The lowest-level (most specific)
+ * error is first in the array, and the highest-level is last. The
+ * array is zero-terminated. This routine may return NULL upon error;
* this indicates a low-memory situation.
*
* Return value:
* NULL upon error, which is an implied NSS_ERROR_NO_MEMORY
* A NON-caller-owned pointer to an array of NSSError values
*/
-NSS_EXTERN NSSError *
-NSS_GetErrorStack
-(
- void
-);
+NSS_EXTERN NSSError *NSS_GetErrorStack(void);
/*
* NSS_ZNEW
*
* This preprocessor macro will allocate memory for a new object
* of the specified type with nss_ZAlloc, and will cast the
- * return value appropriately. If the optional arena argument is
- * non-null, the memory will be obtained from that arena; otherwise,
- * the memory will be obtained from the heap. This routine may
- * return NULL upon error, in which case it will have set an error
+ * return value appropriately. If the optional arena argument is
+ * non-null, the memory will be obtained from that arena; otherwise,
+ * the memory will be obtained from the heap. This routine may
+ * return NULL upon error, in which case it will have set an error
* upon the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
*
* Return value:
* NULL upon error
* A pointer to the new segment of zeroed memory
*/
-/* The following line exceeds 72 characters, but emacs barfs if we split it. */
#define NSS_ZNEW(arenaOpt, type) ((type *)NSS_ZAlloc((arenaOpt), sizeof(type)))
/*
* NSS_ZNEWARRAY
*
* This preprocessor macro will allocate memory for an array of
* new objects, and will cast the return value appropriately.
- * If the optional arena argument is non-null, the memory will
- * be obtained from that arena; otherwise, the memory will be
- * obtained from the heap. This routine may return NULL upon
- * error, in which case it will have set an error upon the error
+ * If the optional arena argument is non-null, the memory will
+ * be obtained from that arena; otherwise, the memory will be
+ * obtained from the heap. This routine may return NULL upon
+ * error, in which case it will have set an error upon the error
* stack. The array size may be specified as zero.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
*
* Return value:
* NULL upon error
* A pointer to the new segment of zeroed memory
*/
-/* The following line exceeds 72 characters, but emacs barfs if we split it. */
-#define NSS_ZNEWARRAY(arenaOpt, type, quantity) ((type *)NSS_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
-
+#define NSS_ZNEWARRAY(arenaOpt, type, quantity) \
+ ((type *)NSS_ZAlloc((arenaOpt), sizeof(type) * (quantity)))
/*
* NSS_ZAlloc
*
- * This routine allocates and zeroes a section of memory of the
+ * This routine allocates and zeroes a section of memory of the
* size, and returns to the caller a pointer to that memory. If
* the optional arena argument is non-null, the memory will be
* obtained from that arena; otherwise, the memory will be obtained
* from the heap. This routine may return NULL upon error, in
* which case it will have set an error upon the error stack. The
- * value specified for size may be zero; in which case a valid
+ * value specified for size may be zero; in which case a valid
* zero-length block of memory will be allocated. This block may
* be expanded by calling NSS_ZRealloc.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the new segment of zeroed memory
*/
-NSS_EXTERN void *
-NSS_ZAlloc
-(
- NSSArena *arenaOpt,
- PRUint32 size
-);
+NSS_EXTERN void *NSS_ZAlloc(NSSArena *arenaOpt, PRUint32 size);
/*
* NSS_ZRealloc
*
* This routine reallocates a block of memory obtained by calling
- * nss_ZAlloc or nss_ZRealloc. The portion of memory
+ * nss_ZAlloc or nss_ZRealloc. The portion of memory
* between the new and old sizes -- which is either being newly
- * obtained or released -- is in either case zeroed. This routine
- * may return NULL upon failure, in which case it will have placed
+ * obtained or released -- is in either case zeroed. This routine
+ * may return NULL upon failure, in which case it will have placed
* an error on the error stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_NO_MEMORY
* NSS_ERROR_ARENA_MARKED_BY_ANOTHER_THREAD
*
* Return value:
* NULL upon error
* A pointer to the replacement segment of memory
*/
-NSS_EXTERN void *
-NSS_ZRealloc
-(
- void *pointer,
- PRUint32 newSize
-);
-
+NSS_EXTERN void *NSS_ZRealloc(void *pointer, PRUint32 newSize);
/*
* NSS_ZFreeIf
*
* If the specified pointer is non-null, then the region of memory
* to which it points -- which must have been allocated with
* nss_ZAlloc -- will be zeroed and released. This routine
* returns a PRStatus value; if successful, it will return PR_SUCCESS.
@@ -250,17 +221,13 @@ NSS_ZRealloc
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
-NSS_EXTERN PRStatus
-NSS_ZFreeIf
-(
- void *pointer
-);
+NSS_EXTERN PRStatus NSS_ZFreeIf(void *pointer);
PR_END_EXTERN_C
#endif /* NSSBASE_H */
--- a/security/nss/lib/base/nssbaset.h
+++ b/security/nss/lib/base/nssbaset.h
@@ -13,68 +13,67 @@
#include "nspr.h"
#include "nssilock.h"
/*
* NSS_EXTERN, NSS_IMPLEMENT, NSS_EXTERN_DATA, NSS_IMPLEMENT_DATA
*
* NSS has its own versions of these NSPR macros, in a form which
- * does not confuse ctags and other related utilities. NSPR
+ * does not confuse ctags and other related utilities. NSPR
* defines these macros to take the type as an argument, because
* of certain OS requirements on platforms not supported by NSS.
*/
-#define DUMMY /* dummy */
-#define NSS_EXTERN extern
-#define NSS_EXTERN_DATA extern
-#define NSS_IMPLEMENT
-#define NSS_IMPLEMENT_DATA
+#define DUMMY /* dummy */
+#define NSS_EXTERN extern
+#define NSS_EXTERN_DATA extern
+#define NSS_IMPLEMENT
+#define NSS_IMPLEMENT_DATA
PR_BEGIN_EXTERN_C
/*
* NSSError
*
* Calls to NSS routines may result in one or more errors being placed
* on the calling thread's "error stack." Every possible error that
- * may be returned from a function is declared where the function is
+ * may be returned from a function is declared where the function is
* prototyped. All errors are of the following type.
*/
typedef PRInt32 NSSError;
/*
* NSSArena
*
* Arenas are logical sets of heap memory, from which memory may be
* allocated. When an arena is destroyed, all memory allocated within
- * that arena is implicitly freed. These arenas are thread-safe:
+ * that arena is implicitly freed. These arenas are thread-safe:
* an arena pointer may be used by multiple threads simultaneously.
* However, as they are not backed by shared memory, they may only be
* used within one process.
*/
struct NSSArenaStr;
typedef struct NSSArenaStr NSSArena;
/*
* NSSItem
*
* This is the basic type used to refer to an unconstrained datum of
* arbitrary size.
*/
struct NSSItemStr {
- void *data;
- PRUint32 size;
+ void *data;
+ PRUint32 size;
};
typedef struct NSSItemStr NSSItem;
-
/*
* NSSBER
*
* Data packed according to the Basic Encoding Rules of ASN.1.
*/
typedef NSSItem NSSBER;
--- a/security/nss/lib/base/tracker.c
+++ b/security/nss/lib/base/tracker.c
@@ -1,15 +1,15 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* tracker.c
- *
+ *
* This file contains the code used by the pointer-tracking calls used
* in the debug builds to catch bad pointers. The entire contents are
* only available in debug builds (both internal and external builds).
*/
#ifndef BASE_H
#include "base.h"
#endif /* BASE_H */
@@ -19,131 +19,114 @@
* identity_hash
*
* This static callback is a PLHashFunction as defined in plhash.h
* It merely returns the value of the object pointer as its hash.
* There are no possible errors.
*/
static PLHashNumber PR_CALLBACK
-identity_hash
-(
- const void *key
-)
+identity_hash(const void *key)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
/*
* trackerOnceFunc
*
* This function is called once, using the nssCallOnce function above.
* It creates a new pointer tracker object; initialising its hash
* table and protective lock.
*/
static PRStatus
-trackerOnceFunc
-(
- void *arg
-)
+trackerOnceFunc(void *arg)
{
- nssPointerTracker *tracker = (nssPointerTracker *)arg;
+ nssPointerTracker *tracker = (nssPointerTracker *)arg;
- tracker->lock = PZ_NewLock(nssILockOther);
- if( (PZLock *)NULL == tracker->lock ) {
- return PR_FAILURE;
- }
+ tracker->lock = PZ_NewLock(nssILockOther);
+ if ((PZLock *)NULL == tracker->lock) {
+ return PR_FAILURE;
+ }
- tracker->table = PL_NewHashTable(0,
- identity_hash,
- PL_CompareValues,
- PL_CompareValues,
- (PLHashAllocOps *)NULL,
- (void *)NULL);
- if( (PLHashTable *)NULL == tracker->table ) {
- PZ_DestroyLock(tracker->lock);
- tracker->lock = (PZLock *)NULL;
- return PR_FAILURE;
- }
+ tracker->table =
+ PL_NewHashTable(0, identity_hash, PL_CompareValues, PL_CompareValues,
+ (PLHashAllocOps *)NULL, (void *)NULL);
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_DestroyLock(tracker->lock);
+ tracker->lock = (PZLock *)NULL;
+ return PR_FAILURE;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
/*
* nssPointerTracker_initialize
*
* This method is only present in debug builds.
- *
+ *
* This routine initializes an nssPointerTracker object. Note that
* the object must have been declared *static* to guarantee that it
* is in a zeroed state initially. This routine is idempotent, and
- * may even be safely called by multiple threads simultaneously with
- * the same argument. This routine returns a PRStatus value; if
- * successful, it will return PR_SUCCESS. On failure it will set an
+ * may even be safely called by multiple threads simultaneously with
+ * the same argument. This routine returns a PRStatus value; if
+ * successful, it will return PR_SUCCESS. On failure it will set an
* error on the error stack and return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_NO_MEMORY
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_initialize
-(
- nssPointerTracker *tracker
-)
+nssPointerTracker_initialize(nssPointerTracker *tracker)
{
- PRStatus rv = PR_CallOnceWithArg(&tracker->once, trackerOnceFunc, tracker);
- if( PR_SUCCESS != rv ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- }
+ PRStatus rv = PR_CallOnceWithArg(&tracker->once, trackerOnceFunc, tracker);
+ if (PR_SUCCESS != rv) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ }
- return rv;
+ return rv;
}
#ifdef DONT_DESTROY_EMPTY_TABLES
/* See same #ifdef below */
/*
* count_entries
*
* This static routine is a PLHashEnumerator, as defined in plhash.h.
* It merely causes the enumeration function to count the number of
* entries.
*/
static PRIntn PR_CALLBACK
-count_entries
-(
- PLHashEntry *he,
- PRIntn index,
- void *arg
-)
+count_entries(PLHashEntry *he, PRIntn index, void *arg)
{
- return HT_ENUMERATE_NEXT;
+ return HT_ENUMERATE_NEXT;
}
#endif /* DONT_DESTROY_EMPTY_TABLES */
/*
* zero_once
*
* This is a guaranteed zeroed once block. It's used to help clear
* the tracker.
*/
static const PRCallOnceType zero_once;
/*
* nssPointerTracker_finalize
*
* This method is only present in debug builds.
- *
+ *
* This routine returns the nssPointerTracker object to the pre-
* initialized state, releasing all resources used by the object.
* It will *NOT* destroy the objects being tracked by the pointer
* (should any remain), and therefore cannot be used to "sweep up"
* remaining objects. This routine returns a PRStatus value; if
* successful, it will return PR_SUCCES. On failure it will set an
* error on the error stack and return PR_FAILURE. If any objects
* remain in the tracker when it is finalized, that will be treated
@@ -155,68 +138,64 @@ static const PRCallOnceType zero_once;
* NSS_ERROR_TRACKER_NOT_EMPTY
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_finalize
-(
- nssPointerTracker *tracker
-)
+nssPointerTracker_finalize(nssPointerTracker *tracker)
{
- PZLock *lock;
+ PZLock *lock;
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
+ if ((nssPointerTracker *)NULL == tracker) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
- if( (PZLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PZLock *)NULL == tracker->lock) {
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- lock = tracker->lock;
- PZ_Lock(lock);
+ lock = tracker->lock;
+ PZ_Lock(lock);
- if( (PLHashTable *)NULL == tracker->table ) {
- PZ_Unlock(lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_Unlock(lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
#ifdef DONT_DESTROY_EMPTY_TABLES
- /*
- * I changed my mind; I think we don't want this after all.
- * Comments?
- */
- count = PL_HashTableEnumerateEntries(tracker->table,
- count_entries,
- (void *)NULL);
+ /*
+ * I changed my mind; I think we don't want this after all.
+ * Comments?
+ */
+ count = PL_HashTableEnumerateEntries(tracker->table, count_entries,
+ (void *)NULL);
- if( 0 != count ) {
- PZ_Unlock(lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_EMPTY);
- return PR_FAILURE;
- }
+ if (0 != count) {
+ PZ_Unlock(lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_EMPTY);
+ return PR_FAILURE;
+ }
#endif /* DONT_DESTROY_EMPTY_TABLES */
- PL_HashTableDestroy(tracker->table);
- /* memset(tracker, 0, sizeof(nssPointerTracker)); */
- tracker->once = zero_once;
- tracker->lock = (PZLock *)NULL;
- tracker->table = (PLHashTable *)NULL;
+ PL_HashTableDestroy(tracker->table);
+ /* memset(tracker, 0, sizeof(nssPointerTracker)); */
+ tracker->once = zero_once;
+ tracker->lock = (PZLock *)NULL;
+ tracker->table = (PLHashTable *)NULL;
- PZ_Unlock(lock);
- PZ_DestroyLock(lock);
+ PZ_Unlock(lock);
+ PZ_DestroyLock(lock);
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
/*
* nssPointerTracker_add
*
* This method is only present in debug builds.
*
* This routine adds the specified pointer to the nssPointerTracker
@@ -233,179 +212,167 @@ nssPointerTracker_finalize
* NSS_ERROR_DUPLICATE_POINTER
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_add
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
+nssPointerTracker_add(nssPointerTracker *tracker, const void *pointer)
{
- void *check;
- PLHashEntry *entry;
+ void *check;
+ PLHashEntry *entry;
+
+ if ((nssPointerTracker *)NULL == tracker) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
+
+ if ((PZLock *)NULL == tracker->lock) {
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
+ PZ_Lock(tracker->lock);
+
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_Unlock(tracker->lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- if( (PZLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ check = PL_HashTableLookup(tracker->table, pointer);
+ if ((void *)NULL != check) {
+ PZ_Unlock(tracker->lock);
+ nss_SetError(NSS_ERROR_DUPLICATE_POINTER);
+ return PR_FAILURE;
+ }
- PZ_Lock(tracker->lock);
+ entry = PL_HashTableAdd(tracker->table, pointer, (void *)pointer);
- if( (PLHashTable *)NULL == tracker->table ) {
PZ_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
-
- check = PL_HashTableLookup(tracker->table, pointer);
- if( (void *)NULL != check ) {
- PZ_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_DUPLICATE_POINTER);
- return PR_FAILURE;
- }
- entry = PL_HashTableAdd(tracker->table, pointer, (void *)pointer);
-
- PZ_Unlock(tracker->lock);
+ if ((PLHashEntry *)NULL == entry) {
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return PR_FAILURE;
+ }
- if( (PLHashEntry *)NULL == entry ) {
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return PR_FAILURE;
- }
+ return PR_SUCCESS;
+}
- return PR_SUCCESS;
-}
-
/*
* nssPointerTracker_remove
*
* This method is only present in debug builds.
*
- * This routine removes the specified pointer from the
+ * This routine removes the specified pointer from the
* nssPointerTracker object. It does not call any destructor for the
* object; rather, this should be called from the object's destructor.
- * The nssPointerTracker is threadsafe, but this call is not
- * idempotent. This routine returns a PRStatus value; if successful
- * it will return PR_SUCCESS. On failure it will set an error on the
+ * The nssPointerTracker is threadsafe, but this call is not
+ * idempotent. This routine returns a PRStatus value; if successful
+ * it will return PR_SUCCESS. On failure it will set an error on the
* error stack and return PR_FAILURE.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_TRACKER_NOT_INITIALIZED
* NSS_ERROR_POINTER_NOT_REGISTERED
*
* Return value:
* PR_SUCCESS
* PR_FAILURE
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_remove
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
+nssPointerTracker_remove(nssPointerTracker *tracker, const void *pointer)
{
- PRBool registered;
+ PRBool registered;
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
+ if ((nssPointerTracker *)NULL == tracker) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
- if( (PZLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PZLock *)NULL == tracker->lock) {
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
+
+ PZ_Lock(tracker->lock);
- PZ_Lock(tracker->lock);
-
- if( (PLHashTable *)NULL == tracker->table ) {
- PZ_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_Unlock(tracker->lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- registered = PL_HashTableRemove(tracker->table, pointer);
- PZ_Unlock(tracker->lock);
+ registered = PL_HashTableRemove(tracker->table, pointer);
+ PZ_Unlock(tracker->lock);
- if( !registered ) {
- nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
- return PR_FAILURE;
- }
+ if (!registered) {
+ nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
+ return PR_FAILURE;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
/*
* nssPointerTracker_verify
*
* This method is only present in debug builds.
*
* This routine verifies that the specified pointer has been registered
* with the nssPointerTracker object. The nssPointerTracker object is
* threadsafe, and this call may be safely called from multiple threads
* simultaneously with the same arguments. This routine returns a
- * PRStatus value; if the pointer is registered this will return
- * PR_SUCCESS. Otherwise it will set an error on the error stack and
- * return PR_FAILURE. Although the error is suitable for leaving on
- * the stack, callers may wish to augment the information available by
+ * PRStatus value; if the pointer is registered this will return
+ * PR_SUCCESS. Otherwise it will set an error on the error stack and
+ * return PR_FAILURE. Although the error is suitable for leaving on
+ * the stack, callers may wish to augment the information available by
* placing a more type-specific error on the stack.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_TRACKER_NOT_INITIALIZED
* NSS_ERROR_POINTER_NOT_REGISTERED
*
* Return value:
* PR_SUCCESS
* PR_FAILRUE
*/
NSS_IMPLEMENT PRStatus
-nssPointerTracker_verify
-(
- nssPointerTracker *tracker,
- const void *pointer
-)
+nssPointerTracker_verify(nssPointerTracker *tracker, const void *pointer)
{
- void *check;
+ void *check;
- if( (nssPointerTracker *)NULL == tracker ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FAILURE;
- }
+ if ((nssPointerTracker *)NULL == tracker) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FAILURE;
+ }
- if( (PZLock *)NULL == tracker->lock ) {
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PZLock *)NULL == tracker->lock) {
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
+
+ PZ_Lock(tracker->lock);
- PZ_Lock(tracker->lock);
-
- if( (PLHashTable *)NULL == tracker->table ) {
- PZ_Unlock(tracker->lock);
- nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
- return PR_FAILURE;
- }
+ if ((PLHashTable *)NULL == tracker->table) {
+ PZ_Unlock(tracker->lock);
+ nss_SetError(NSS_ERROR_TRACKER_NOT_INITIALIZED);
+ return PR_FAILURE;
+ }
- check = PL_HashTableLookup(tracker->table, pointer);
- PZ_Unlock(tracker->lock);
+ check = PL_HashTableLookup(tracker->table, pointer);
+ PZ_Unlock(tracker->lock);
- if( (void *)NULL == check ) {
- nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
- return PR_FAILURE;
- }
+ if ((void *)NULL == check) {
+ nss_SetError(NSS_ERROR_POINTER_NOT_REGISTERED);
+ return PR_FAILURE;
+ }
- return PR_SUCCESS;
+ return PR_SUCCESS;
}
#endif /* DEBUG */
--- a/security/nss/lib/base/utf8.c
+++ b/security/nss/lib/base/utf8.c
@@ -19,232 +19,218 @@
* NOTES:
*
* There's an "is hex string" function in pki1/atav.c. If we need
* it in more places, pull that one out.
*/
/*
* nssUTF8_CaseIgnoreMatch
- *
- * Returns true if the two UTF8-encoded strings pointed to by the
+ *
+ * Returns true if the two UTF8-encoded strings pointed to by the
* two specified NSSUTF8 pointers differ only in typcase.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_TRUE if the strings match, ignoring case
* PR_FALSE if they don't
* PR_FALSE upon error
*/
NSS_IMPLEMENT PRBool
-nssUTF8_CaseIgnoreMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
+nssUTF8_CaseIgnoreMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return PR_FALSE;
}
- return PR_FALSE;
- }
#endif /* NSSDEBUG */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- /*
- * XXX fgmr
- *
- * This is, like, so wrong!
- */
- if( 0 == PL_strcasecmp((const char *)a, (const char *)b) ) {
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
+ /*
+ * XXX fgmr
+ *
+ * This is, like, so wrong!
+ */
+ if (0 == PL_strcasecmp((const char *)a, (const char *)b)) {
+ return PR_TRUE;
+ }
+ else {
+ return PR_FALSE;
+ }
}
/*
* nssUTF8_PrintableMatch
*
- * Returns true if the two Printable strings pointed to by the
- * two specified NSSUTF8 pointers match when compared with the
- * rules for Printable String (leading and trailing spaces are
- * disregarded, extents of whitespace match irregardless of length,
+ * Returns true if the two Printable strings pointed to by the
+ * two specified NSSUTF8 pointers match when compared with the
+ * rules for Printable String (leading and trailing spaces are
+ * disregarded, extents of whitespace match irregardless of length,
* and case is not significant), then PR_TRUE will be returned.
* Otherwise, PR_FALSE will be returned. Upon failure, PR_FALSE
* will be returned. If the optional statusOpt argument is not
* NULL, then PR_SUCCESS or PR_FAILURE will be stored in that
* location.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
*
* Return value:
* PR_TRUE if the strings match, ignoring case
* PR_FALSE if they don't
* PR_FALSE upon error
*/
NSS_IMPLEMENT PRBool
-nssUTF8_PrintableMatch
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
+nssUTF8_PrintableMatch(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
- PRUint8 *c;
- PRUint8 *d;
+ PRUint8 *c;
+ PRUint8 *d;
#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return PR_FALSE;
}
- return PR_FALSE;
- }
#endif /* NSSDEBUG */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- c = (PRUint8 *)a;
- d = (PRUint8 *)b;
-
- while( ' ' == *c ) {
- c++;
- }
-
- while( ' ' == *d ) {
- d++;
- }
-
- while( ('\0' != *c) && ('\0' != *d) ) {
- PRUint8 e, f;
-
- e = *c;
- f = *d;
-
- if( ('a' <= e) && (e <= 'z') ) {
- e -= ('a' - 'A');
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
}
- if( ('a' <= f) && (f <= 'z') ) {
- f -= ('a' - 'A');
+ c = (PRUint8 *)a;
+ d = (PRUint8 *)b;
+
+ while (' ' == *c) {
+ c++;
}
- if( e != f ) {
- return PR_FALSE;
+ while (' ' == *d) {
+ d++;
}
- c++;
- d++;
+ while (('\0' != *c) && ('\0' != *d)) {
+ PRUint8 e, f;
+
+ e = *c;
+ f = *d;
+
+ if (('a' <= e) && (e <= 'z')) {
+ e -= ('a' - 'A');
+ }
+
+ if (('a' <= f) && (f <= 'z')) {
+ f -= ('a' - 'A');
+ }
- if( ' ' == *c ) {
- while( ' ' == *c ) {
+ if (e != f) {
+ return PR_FALSE;
+ }
+
c++;
- }
- c--;
+ d++;
+
+ if (' ' == *c) {
+ while (' ' == *c) {
+ c++;
+ }
+ c--;
+ }
+
+ if (' ' == *d) {
+ while (' ' == *d) {
+ d++;
+ }
+ d--;
+ }
}
- if( ' ' == *d ) {
- while( ' ' == *d ) {
+ while (' ' == *c) {
+ c++;
+ }
+
+ while (' ' == *d) {
d++;
- }
- d--;
}
- }
- while( ' ' == *c ) {
- c++;
- }
-
- while( ' ' == *d ) {
- d++;
- }
-
- if( *c == *d ) {
- /* And both '\0', btw */
- return PR_TRUE;
- } else {
- return PR_FALSE;
- }
+ if (*c == *d) {
+ /* And both '\0', btw */
+ return PR_TRUE;
+ }
+ else {
+ return PR_FALSE;
+ }
}
/*
* nssUTF8_Duplicate
*
* This routine duplicates the UTF8-encoded string pointed to by the
* specified NSSUTF8 pointer. If the optional arenaOpt argument is
* not null, the memory required will be obtained from that arena;
* otherwise, the memory required will be obtained from the heap.
* A pointer to the new string will be returned. In case of error,
- * an error will be placed on the error stack and NULL will be
+ * an error will be placed on the error stack and NULL will be
* returned.
*
* The error may be one of the following values:
* NSS_ERROR_INVALID_POINTER
* NSS_ERROR_INVALID_ARENA
* NSS_ERROR_NO_MEMORY
*/
NSS_IMPLEMENT NSSUTF8 *
-nssUTF8_Duplicate
-(
- const NSSUTF8 *s,
- NSSArena *arenaOpt
-)
+nssUTF8_Duplicate(const NSSUTF8 *s, NSSArena *arenaOpt)
{
- NSSUTF8 *rv;
- PRUint32 len;
+ NSSUTF8 *rv;
+ PRUint32 len;
#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSUTF8 *)NULL;
- }
+ if ((const NSSUTF8 *)NULL == s) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (NSSUTF8 *)NULL;
+ }
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSUTF8 *)NULL;
+ }
}
- }
#endif /* NSSDEBUG */
- len = PL_strlen((const char *)s);
+ len = PL_strlen((const char *)s);
#ifdef PEDANTIC
- if( '\0' != ((const char *)s)[ len ] ) {
- /* must have wrapped, e.g., too big for PRUint32 */
- nss_SetError(NSS_ERROR_NO_MEMORY);
- return (NSSUTF8 *)NULL;
- }
-#endif /* PEDANTIC */
- len++; /* zero termination */
+ if ('\0' != ((const char *)s)[len]) {
+ /* must have wrapped, e.g., too big for PRUint32 */
+ nss_SetError(NSS_ERROR_NO_MEMORY);
+ return (NSSUTF8 *)NULL;
+ }
+#endif /* PEDANTIC */
+ len++; /* zero termination */
- rv = nss_ZAlloc(arenaOpt, len);
- if( (void *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
+ rv = nss_ZAlloc(arenaOpt, len);
+ if ((void *)NULL == rv) {
+ return (NSSUTF8 *)NULL;
+ }
- (void)nsslibc_memcpy(rv, s, len);
- return rv;
+ (void)nsslibc_memcpy(rv, s, len);
+ return rv;
}
/*
* nssUTF8_Size
*
* This routine returns the length in bytes (including the terminating
* null) of the UTF8-encoded string pointed to by the specified
* NSSUTF8 pointer. Zero is returned on error.
@@ -254,51 +240,47 @@ nssUTF8_Duplicate
* NSS_ERROR_VALUE_TOO_LARGE
*
* Return value:
* 0 on error
* nonzero length of the string.
*/
NSS_IMPLEMENT PRUint32
-nssUTF8_Size
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-)
+nssUTF8_Size(const NSSUTF8 *s, PRStatus *statusOpt)
{
- PRUint32 sv;
+ PRUint32 sv;
#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if ((const NSSUTF8 *)NULL == s) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return 0;
}
- return 0;
- }
#endif /* NSSDEBUG */
- sv = PL_strlen((const char *)s) + 1;
+ sv = PL_strlen((const char *)s) + 1;
#ifdef PEDANTIC
- if( '\0' != ((const char *)s)[ sv-1 ] ) {
- /* wrapped */
- nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if ('\0' != ((const char *)s)[sv - 1]) {
+ /* wrapped */
+ nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return 0;
}
- return 0;
- }
#endif /* PEDANTIC */
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- return sv;
+ return sv;
}
/*
* nssUTF8_Length
*
* This routine returns the length in characters (not including the
* terminating null) of the UTF8-encoded string pointed to by the
* specified NSSUTF8 pointer.
@@ -309,101 +291,102 @@ nssUTF8_Size
* NSS_ERROR_INVALID_STRING
*
* Return value:
* length of the string (which may be zero)
* 0 on error
*/
NSS_IMPLEMENT PRUint32
-nssUTF8_Length
-(
- const NSSUTF8 *s,
- PRStatus *statusOpt
-)
+nssUTF8_Length(const NSSUTF8 *s, PRStatus *statusOpt)
{
- PRUint32 l = 0;
- const PRUint8 *c = (const PRUint8 *)s;
+ PRUint32 l = 0;
+ const PRUint8 *c = (const PRUint8 *)s;
#ifdef NSSDEBUG
- if( (const NSSUTF8 *)NULL == s ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- goto loser;
- }
+ if ((const NSSUTF8 *)NULL == s) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ goto loser;
+ }
#endif /* NSSDEBUG */
- /*
- * From RFC 2044:
- *
- * UCS-4 range (hex.) UTF-8 octet sequence (binary)
- * 0000 0000-0000 007F 0xxxxxxx
- * 0000 0080-0000 07FF 110xxxxx 10xxxxxx
- * 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
- * 0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
- * 0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
- * 0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx
- */
+ /*
+ * From RFC 2044:
+ *
+ * UCS-4 range (hex.) UTF-8 octet sequence (binary)
+ * 0000 0000-0000 007F 0xxxxxxx
+ * 0000 0080-0000 07FF 110xxxxx 10xxxxxx
+ * 0000 0800-0000 FFFF 1110xxxx 10xxxxxx 10xxxxxx
+ * 0001 0000-001F FFFF 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
+ * 0020 0000-03FF FFFF 111110xx 10xxxxxx 10xxxxxx 10xxxxxx 10xxxxxx
+ * 0400 0000-7FFF FFFF 1111110x 10xxxxxx ... 10xxxxxx
+ */
- while( 0 != *c ) {
- PRUint32 incr;
- if( (*c & 0x80) == 0 ) {
- incr = 1;
- } else if( (*c & 0xE0) == 0xC0 ) {
- incr = 2;
- } else if( (*c & 0xF0) == 0xE0 ) {
- incr = 3;
- } else if( (*c & 0xF8) == 0xF0 ) {
- incr = 4;
- } else if( (*c & 0xFC) == 0xF8 ) {
- incr = 5;
- } else if( (*c & 0xFE) == 0xFC ) {
- incr = 6;
- } else {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- goto loser;
- }
+ while (0 != *c) {
+ PRUint32 incr;
+ if ((*c & 0x80) == 0) {
+ incr = 1;
+ }
+ else if ((*c & 0xE0) == 0xC0) {
+ incr = 2;
+ }
+ else if ((*c & 0xF0) == 0xE0) {
+ incr = 3;
+ }
+ else if ((*c & 0xF8) == 0xF0) {
+ incr = 4;
+ }
+ else if ((*c & 0xFC) == 0xF8) {
+ incr = 5;
+ }
+ else if ((*c & 0xFE) == 0xFC) {
+ incr = 6;
+ }
+ else {
+ nss_SetError(NSS_ERROR_INVALID_STRING);
+ goto loser;
+ }
- l += incr;
+ l += incr;
#ifdef PEDANTIC
- if( l < incr ) {
- /* Wrapped-- too big */
- nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
- goto loser;
- }
+ if (l < incr) {
+ /* Wrapped-- too big */
+ nss_SetError(NSS_ERROR_VALUE_TOO_LARGE);
+ goto loser;
+ }
- {
- PRUint8 *d;
- for( d = &c[1]; d < &c[incr]; d++ ) {
- if( (*d & 0xC0) != 0xF0 ) {
- nss_SetError(NSS_ERROR_INVALID_STRING);
- goto loser;
+ {
+ PRUint8 *d;
+ for (d = &c[1]; d < &c[incr]; d++) {
+ if ((*d & 0xC0) != 0xF0) {
+ nss_SetError(NSS_ERROR_INVALID_STRING);
+ goto loser;
+ }
+ }
}
- }
- }
#endif /* PEDANTIC */
- c += incr;
- }
+ c += incr;
+ }
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_SUCCESS;
- }
-
- return l;
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_SUCCESS;
+ }
- loser:
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
- }
+ return l;
- return 0;
+loser:
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+
+ return 0;
}
-
/*
* nssUTF8_Create
*
* This routine creates a UTF8 string from a string in some other
* format. Some types of string may include embedded null characters,
* so for them the length parameter must be used. For string types
* that are null-terminated, the length parameter is optional; if it
* is zero, it will be ignored. If the optional arena argument is
@@ -420,307 +403,290 @@ nssUTF8_Length
* Return value:
* NULL upon error
* A non-null pointer to a new UTF8 string otherwise
*/
extern const NSSError NSS_ERROR_INTERNAL_ERROR; /* XXX fgmr */
NSS_IMPLEMENT NSSUTF8 *
-nssUTF8_Create
-(
- NSSArena *arenaOpt,
- nssStringType type,
- const void *inputString,
- PRUint32 size /* in bytes, not characters */
-)
+nssUTF8_Create(NSSArena *arenaOpt, nssStringType type, const void *inputString,
+ PRUint32 size /* in bytes, not characters */
+ )
{
- NSSUTF8 *rv = NULL;
+ NSSUTF8 *rv = NULL;
#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSUTF8 *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSUTF8 *)NULL;
+ }
}
- }
- if( (const void *)NULL == inputString ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSUTF8 *)NULL;
- }
+ if ((const void *)NULL == inputString) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (NSSUTF8 *)NULL;
+ }
#endif /* NSSDEBUG */
- switch( type ) {
- case nssStringType_DirectoryString:
- /* This is a composite type requiring BER */
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- case nssStringType_TeletexString:
- /*
- * draft-ietf-pkix-ipki-part1-11 says in part:
- *
- * In addition, many legacy implementations support names encoded
- * in the ISO 8859-1 character set (Latin1String) but tag them as
- * TeletexString. The Latin1String includes characters used in
- * Western European countries which are not part of the
- * TeletexString charcter set. Implementations that process
- * TeletexString SHOULD be prepared to handle the entire ISO
- * 8859-1 character set.[ISO 8859-1].
- */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_PrintableString:
- /*
- * PrintableString consists of A-Za-z0-9 ,()+,-./:=?
- * This is a subset of ASCII, which is a subset of UTF8.
- * So we can just duplicate the string over.
- */
+ switch (type) {
+ case nssStringType_DirectoryString:
+ /* This is a composite type requiring BER */
+ nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+ break;
+ case nssStringType_TeletexString:
+ /*
+ * draft-ietf-pkix-ipki-part1-11 says in part:
+ *
+ * In addition, many legacy implementations support names encoded
+ * in the ISO 8859-1 character set (Latin1String) but tag them as
+ * TeletexString. The Latin1String includes characters used in
+ * Western European countries which are not part of the
+ * TeletexString charcter set. Implementations that process
+ * TeletexString SHOULD be prepared to handle the entire ISO
+ * 8859-1 character set.[ISO 8859-1].
+ */
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_PrintableString:
+ /*
+ * PrintableString consists of A-Za-z0-9 ,()+,-./:=?
+ * This is a subset of ASCII, which is a subset of UTF8.
+ * So we can just duplicate the string over.
+ */
+
+ if (0 == size) {
+ rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
+ }
+ else {
+ rv = nss_ZAlloc(arenaOpt, size + 1);
+ if ((NSSUTF8 *)NULL == rv) {
+ return (NSSUTF8 *)NULL;
+ }
+
+ (void)nsslibc_memcpy(rv, inputString, size);
+ }
- if( 0 == size ) {
- rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
- } else {
- rv = nss_ZAlloc(arenaOpt, size+1);
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
+ break;
+ case nssStringType_UniversalString:
+ /* 4-byte unicode */
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_BMPString:
+ /* Base Multilingual Plane of Unicode */
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_UTF8String:
+ if (0 == size) {
+ rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
+ }
+ else {
+ rv = nss_ZAlloc(arenaOpt, size + 1);
+ if ((NSSUTF8 *)NULL == rv) {
+ return (NSSUTF8 *)NULL;
+ }
- (void)nsslibc_memcpy(rv, inputString, size);
+ (void)nsslibc_memcpy(rv, inputString, size);
+ }
+
+ break;
+ case nssStringType_PHGString:
+ /*
+ * PHGString is an IA5String (with case-insensitive comparisons).
+ * IA5 is ~almost~ ascii; ascii has dollar-sign where IA5 has
+ * currency symbol.
+ */
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_GeneralString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ default:
+ nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+ break;
}
- break;
- case nssStringType_UniversalString:
- /* 4-byte unicode */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_BMPString:
- /* Base Multilingual Plane of Unicode */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UTF8String:
- if( 0 == size ) {
- rv = nssUTF8_Duplicate((const NSSUTF8 *)inputString, arenaOpt);
- } else {
- rv = nss_ZAlloc(arenaOpt, size+1);
- if( (NSSUTF8 *)NULL == rv ) {
- return (NSSUTF8 *)NULL;
- }
-
- (void)nsslibc_memcpy(rv, inputString, size);
- }
-
- break;
- case nssStringType_PHGString:
- /*
- * PHGString is an IA5String (with case-insensitive comparisons).
- * IA5 is ~almost~ ascii; ascii has dollar-sign where IA5 has
- * currency symbol.
- */
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_GeneralString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- }
-
- return rv;
+ return rv;
}
NSS_IMPLEMENT NSSItem *
-nssUTF8_GetEncoding
-(
- NSSArena *arenaOpt,
- NSSItem *rvOpt,
- nssStringType type,
- NSSUTF8 *string
-)
+nssUTF8_GetEncoding(NSSArena *arenaOpt, NSSItem *rvOpt, nssStringType type,
+ NSSUTF8 *string)
{
- NSSItem *rv = (NSSItem *)NULL;
- PRStatus status = PR_SUCCESS;
+ NSSItem *rv = (NSSItem *)NULL;
+ PRStatus status = PR_SUCCESS;
#ifdef NSSDEBUG
- if( (NSSArena *)NULL != arenaOpt ) {
- if( PR_SUCCESS != nssArena_verifyPointer(arenaOpt) ) {
- return (NSSItem *)NULL;
+ if ((NSSArena *)NULL != arenaOpt) {
+ if (PR_SUCCESS != nssArena_verifyPointer(arenaOpt)) {
+ return (NSSItem *)NULL;
+ }
}
- }
- if( (NSSUTF8 *)NULL == string ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return (NSSItem *)NULL;
- }
+ if ((NSSUTF8 *)NULL == string) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return (NSSItem *)NULL;
+ }
#endif /* NSSDEBUG */
- switch( type ) {
- case nssStringType_DirectoryString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_TeletexString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_PrintableString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UniversalString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_BMPString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- case nssStringType_UTF8String:
- {
- NSSUTF8 *dup = nssUTF8_Duplicate(string, arenaOpt);
- if( (NSSUTF8 *)NULL == dup ) {
- return (NSSItem *)NULL;
- }
+ switch (type) {
+ case nssStringType_DirectoryString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_TeletexString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_PrintableString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_UniversalString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_BMPString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ case nssStringType_UTF8String: {
+ NSSUTF8 *dup = nssUTF8_Duplicate(string, arenaOpt);
+ if ((NSSUTF8 *)NULL == dup) {
+ return (NSSItem *)NULL;
+ }
- if( (NSSItem *)NULL == rvOpt ) {
- rv = nss_ZNEW(arenaOpt, NSSItem);
- if( (NSSItem *)NULL == rv ) {
- (void)nss_ZFreeIf(dup);
- return (NSSItem *)NULL;
- }
- } else {
- rv = rvOpt;
- }
+ if ((NSSItem *)NULL == rvOpt) {
+ rv = nss_ZNEW(arenaOpt, NSSItem);
+ if ((NSSItem *)NULL == rv) {
+ (void)nss_ZFreeIf(dup);
+ return (NSSItem *)NULL;
+ }
+ }
+ else {
+ rv = rvOpt;
+ }
- rv->data = dup;
- dup = (NSSUTF8 *)NULL;
- rv->size = nssUTF8_Size(rv->data, &status);
- if( (0 == rv->size) && (PR_SUCCESS != status) ) {
- if( (NSSItem *)NULL == rvOpt ) {
- (void)nss_ZFreeIf(rv);
- }
- return (NSSItem *)NULL;
- }
+ rv->data = dup;
+ dup = (NSSUTF8 *)NULL;
+ rv->size = nssUTF8_Size(rv->data, &status);
+ if ((0 == rv->size) && (PR_SUCCESS != status)) {
+ if ((NSSItem *)NULL == rvOpt) {
+ (void)nss_ZFreeIf(rv);
+ }
+ return (NSSItem *)NULL;
+ }
+ } break;
+ case nssStringType_PHGString:
+ nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
+ break;
+ default:
+ nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
+ break;
}
- break;
- case nssStringType_PHGString:
- nss_SetError(NSS_ERROR_INTERNAL_ERROR); /* unimplemented */
- break;
- default:
- nss_SetError(NSS_ERROR_UNSUPPORTED_TYPE);
- break;
- }
- return rv;
+ return rv;
}
/*
* nssUTF8_CopyIntoFixedBuffer
*
- * This will copy a UTF8 string into a fixed-length buffer, making
+ * This will copy a UTF8 string into a fixed-length buffer, making
* sure that the all characters are valid. Any remaining space will
- * be padded with the specified ASCII character, typically either
+ * be padded with the specified ASCII character, typically either
* null or space.
*
* Blah, blah, blah.
*/
NSS_IMPLEMENT PRStatus
-nssUTF8_CopyIntoFixedBuffer
-(
- NSSUTF8 *string,
- char *buffer,
- PRUint32 bufferSize,
- char pad
-)
+nssUTF8_CopyIntoFixedBuffer(NSSUTF8 *string, char *buffer, PRUint32 bufferSize,
+ char pad)
{
- PRUint32 stringSize = 0;
+ PRUint32 stringSize = 0;
#ifdef NSSDEBUG
- if( (char *)NULL == buffer ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- return PR_FALSE;
- }
+ if ((char *)NULL == buffer) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ return PR_FALSE;
+ }
- if( 0 == bufferSize ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FALSE;
- }
+ if (0 == bufferSize) {
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return PR_FALSE;
+ }
- if( (pad & 0x80) != 0x00 ) {
- nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
- return PR_FALSE;
- }
+ if ((pad & 0x80) != 0x00) {
+ nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+ return PR_FALSE;
+ }
#endif /* NSSDEBUG */
- if( (NSSUTF8 *)NULL == string ) {
- string = (NSSUTF8 *) "";
- }
-
- stringSize = nssUTF8_Size(string, (PRStatus *)NULL);
- stringSize--; /* don't count the trailing null */
- if( stringSize > bufferSize ) {
- PRUint32 bs = bufferSize;
- (void)nsslibc_memcpy(buffer, string, bufferSize);
-
- if( ( ((buffer[ bs-1 ] & 0x80) == 0x00)) ||
- ((bs > 1) && ((buffer[ bs-2 ] & 0xE0) == 0xC0)) ||
- ((bs > 2) && ((buffer[ bs-3 ] & 0xF0) == 0xE0)) ||
- ((bs > 3) && ((buffer[ bs-4 ] & 0xF8) == 0xF0)) ||
- ((bs > 4) && ((buffer[ bs-5 ] & 0xFC) == 0xF8)) ||
- ((bs > 5) && ((buffer[ bs-6 ] & 0xFE) == 0xFC)) ) {
- /* It fit exactly */
- return PR_SUCCESS;
+ if ((NSSUTF8 *)NULL == string) {
+ string = (NSSUTF8 *)"";
}
- /* Too long. We have to trim the last character */
- for( /*bs*/; bs != 0; bs-- ) {
- if( (buffer[bs-1] & 0xC0) != 0x80 ) {
- buffer[bs-1] = pad;
- break;
- } else {
- buffer[bs-1] = pad;
- }
- }
- } else {
- (void)nsslibc_memset(buffer, pad, bufferSize);
- (void)nsslibc_memcpy(buffer, string, stringSize);
- }
+ stringSize = nssUTF8_Size(string, (PRStatus *)NULL);
+ stringSize--; /* don't count the trailing null */
+ if (stringSize > bufferSize) {
+ PRUint32 bs = bufferSize;
+ (void)nsslibc_memcpy(buffer, string, bufferSize);
+
+ if (( ((buffer[bs - 1] & 0x80) == 0x00)) ||
+ ((bs > 1) && ((buffer[bs - 2] & 0xE0) == 0xC0)) ||
+ ((bs > 2) && ((buffer[bs - 3] & 0xF0) == 0xE0)) ||
+ ((bs > 3) && ((buffer[bs - 4] & 0xF8) == 0xF0)) ||
+ ((bs > 4) && ((buffer[bs - 5] & 0xFC) == 0xF8)) ||
+ ((bs > 5) && ((buffer[bs - 6] & 0xFE) == 0xFC))) {
+ /* It fit exactly */
+ return PR_SUCCESS;
+ }
- return PR_SUCCESS;
+ /* Too long. We have to trim the last character */
+ for (/*bs*/; bs != 0; bs--) {
+ if ((buffer[bs - 1] & 0xC0) != 0x80) {
+ buffer[bs - 1] = pad;
+ break;
+ }
+ else {
+ buffer[bs - 1] = pad;
+ }
+ }
+ }
+ else {
+ (void)nsslibc_memset(buffer, pad, bufferSize);
+ (void)nsslibc_memcpy(buffer, string, stringSize);
+ }
+
+ return PR_SUCCESS;
}
/*
* nssUTF8_Equal
*
*/
NSS_IMPLEMENT PRBool
-nssUTF8_Equal
-(
- const NSSUTF8 *a,
- const NSSUTF8 *b,
- PRStatus *statusOpt
-)
+nssUTF8_Equal(const NSSUTF8 *a, const NSSUTF8 *b, PRStatus *statusOpt)
{
- PRUint32 la, lb;
+ PRUint32 la, lb;
#ifdef NSSDEBUG
- if( ((const NSSUTF8 *)NULL == a) ||
- ((const NSSUTF8 *)NULL == b) ) {
- nss_SetError(NSS_ERROR_INVALID_POINTER);
- if( (PRStatus *)NULL != statusOpt ) {
- *statusOpt = PR_FAILURE;
+ if (((const NSSUTF8 *)NULL == a) || ((const NSSUTF8 *)NULL == b)) {
+ nss_SetError(NSS_ERROR_INVALID_POINTER);
+ if ((PRStatus *)NULL != statusOpt) {
+ *statusOpt = PR_FAILURE;
+ }
+ return PR_FALSE;
}
- return PR_FALSE;
- }
#endif /* NSSDEBUG */
- la = nssUTF8_Size(a, statusOpt);
- if( 0 == la ) {
- return PR_FALSE;
- }
+ la = nssUTF8_Size(a, statusOpt);
+ if (0 == la) {
+ return PR_FALSE;
+ }
- lb = nssUTF8_Size(b, statusOpt);
- if( 0 == lb ) {
- return PR_FALSE;
- }
+ lb = nssUTF8_Size(b, statusOpt);
+ if (0 == lb) {
+ return PR_FALSE;
+ }
- if( la != lb ) {
- return PR_FALSE;
- }
+ if (la != lb) {
+ return PR_FALSE;
+ }
- return nsslibc_memequal(a, b, la, statusOpt);
+ return nsslibc_memequal(a, b, la, statusOpt);
}
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -8,36 +8,38 @@
#include "cert.h"
#include "certi.h"
#include "xconst.h"
#include "genname.h"
#include "secitem.h"
#include "secerr.h"
typedef struct NameToKindStr {
- const char * name;
+ const char* name;
unsigned int maxLen; /* max bytes in UTF8 encoded string value */
- SECOidTag kind;
- int valueType;
+ SECOidTag kind;
+ int valueType;
} NameToKind;
/* local type for directory string--could be printable_string or utf8 */
#define SEC_ASN1_DS SEC_ASN1_HIGH_TAG_NUMBER
+/* clang-format off */
+
/* Add new entries to this table, and maybe to function ParseRFC1485AVA */
static const NameToKind name2kinds[] = {
/* IANA registered type names
- * (See: http://www.iana.org/assignments/ldap-parameters)
+ * (See: http://www.iana.org/assignments/ldap-parameters)
*/
/* RFC 3280, 4630 MUST SUPPORT */
{ "CN", 640, SEC_OID_AVA_COMMON_NAME, SEC_ASN1_DS},
{ "ST", 128, SEC_OID_AVA_STATE_OR_PROVINCE,
- SEC_ASN1_DS},
+ SEC_ASN1_DS},
{ "O", 128, SEC_OID_AVA_ORGANIZATION_NAME,
- SEC_ASN1_DS},
+ SEC_ASN1_DS},
{ "OU", 128, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
SEC_ASN1_DS},
{ "dnQualifier", 32767, SEC_OID_AVA_DN_QUALIFIER, SEC_ASN1_PRINTABLE_STRING},
{ "C", 2, SEC_OID_AVA_COUNTRY_NAME, SEC_ASN1_PRINTABLE_STRING},
{ "serialNumber", 64, SEC_OID_AVA_SERIAL_NUMBER,SEC_ASN1_PRINTABLE_STRING},
/* RFC 3280, 4630 SHOULD SUPPORT */
{ "L", 128, SEC_OID_AVA_LOCALITY, SEC_ASN1_DS},
@@ -53,17 +55,17 @@ static const NameToKind name2kinds[] = {
{ "MAIL", 256, SEC_OID_RFC1274_MAIL, SEC_ASN1_IA5_STRING},
{ "UID", 256, SEC_OID_RFC1274_UID, SEC_ASN1_DS},
/* ------------------ "strict" boundary ---------------------------------
* In strict mode, cert_NameToAscii does not encode any of the attributes
* below this line. The first SECOidTag below this line must be used to
* conditionally define the "endKind" in function AppendAVA() below.
* Most new attribute names should be added below this line.
- * Maybe this line should be up higher? Say, after the 3280 MUSTs and
+ * Maybe this line should be up higher? Say, after the 3280 MUSTs and
* before the 3280 SHOULDs?
*/
/* values from draft-ietf-ldapbis-user-schema-05 (not in RFC 3280) */
{ "postalAddress", 128, SEC_OID_AVA_POSTAL_ADDRESS, SEC_ASN1_DS},
{ "postalCode", 40, SEC_OID_AVA_POSTAL_CODE, SEC_ASN1_DS},
{ "postOfficeBox", 40, SEC_OID_AVA_POST_OFFICE_BOX,SEC_ASN1_DS},
{ "houseIdentifier",64, SEC_OID_AVA_HOUSE_IDENTIFIER,SEC_ASN1_DS},
@@ -71,1490 +73,1532 @@ static const NameToKind name2kinds[] = {
/* legacy keywords */
{ "E", 128, SEC_OID_PKCS9_EMAIL_ADDRESS,SEC_ASN1_IA5_STRING},
{ "STREET", 128, SEC_OID_AVA_STREET_ADDRESS, SEC_ASN1_DS},
{ "pseudonym", 64, SEC_OID_AVA_PSEUDONYM, SEC_ASN1_DS},
/* values defined by the CAB Forum for EV */
{ "incorporationLocality", 128, SEC_OID_EV_INCORPORATION_LOCALITY,
- SEC_ASN1_DS},
+ SEC_ASN1_DS},
{ "incorporationState", 128, SEC_OID_EV_INCORPORATION_STATE,
- SEC_ASN1_DS},
+ SEC_ASN1_DS},
{ "incorporationCountry", 2, SEC_OID_EV_INCORPORATION_COUNTRY,
- SEC_ASN1_PRINTABLE_STRING},
+ SEC_ASN1_PRINTABLE_STRING},
{ "businessCategory", 64, SEC_OID_BUSINESS_CATEGORY, SEC_ASN1_DS},
/* values defined in X.520 */
{ "name", 64, SEC_OID_AVA_NAME, SEC_ASN1_DS},
{ 0, 256, SEC_OID_UNKNOWN, 0},
};
/* Table facilitates conversion of ASCII hex to binary. */
static const PRInt16 x2b[256] = {
-/* #0x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #1x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #2x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #3x */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1,
-/* #4x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #5x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #6x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #7x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #8x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #9x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #ax */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #bx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #cx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #dx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-/* #ex */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #0x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #1x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #2x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #3x */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1,
+/* #4x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #5x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #6x */ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #7x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #8x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #9x */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #ax */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #bx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #cx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #dx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+/* #ex */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
/* #fx */ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
};
#define IS_HEX(c) (x2b[(PRUint8)(c)] >= 0)
#define C_DOUBLE_QUOTE '\042'
#define C_BACKSLASH '\134'
#define C_EQUAL '='
-#define OPTIONAL_SPACE(c) \
+#define OPTIONAL_SPACE(c) \
(((c) == ' ') || ((c) == '\r') || ((c) == '\n'))
-#define SPECIAL_CHAR(c) \
- (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) || \
- ((c) == '\r') || ((c) == '\n') || ((c) == '+') || \
- ((c) == '<') || ((c) == '>') || ((c) == '#') || \
+#define SPECIAL_CHAR(c) \
+ (((c) == ',') || ((c) == '=') || ((c) == C_DOUBLE_QUOTE) || \
+ ((c) == '\r') || ((c) == '\n') || ((c) == '+') || \
+ ((c) == '<') || ((c) == '>') || ((c) == '#') || \
((c) == ';') || ((c) == C_BACKSLASH))
-#define IS_PRINTABLE(c) \
- ((((c) >= 'a') && ((c) <= 'z')) || \
- (((c) >= 'A') && ((c) <= 'Z')) || \
- (((c) >= '0') && ((c) <= '9')) || \
- ((c) == ' ') || \
- ((c) == '\'') || \
- ((c) == '\050') || /* ( */ \
- ((c) == '\051') || /* ) */ \
- (((c) >= '+') && ((c) <= '/')) || /* + , - . / */ \
- ((c) == ':') || \
- ((c) == '=') || \
+#define IS_PRINTABLE(c) \
+ ((((c) >= 'a') && ((c) <= 'z')) || \
+ (((c) >= 'A') && ((c) <= 'Z')) || \
+ (((c) >= '0') && ((c) <= '9')) || \
+ ((c) == ' ') || \
+ ((c) == '\'') || \
+ ((c) == '\050') || /* ( */ \
+ ((c) == '\051') || /* ) */ \
+ (((c) >= '+') && ((c) <= '/')) || /* + , - . / */ \
+ ((c) == ':') || \
+ ((c) == '=') || \
((c) == '?'))
+/* clang-format on */
+
/* RFC 2253 says we must escape ",+\"\\<>;=" EXCEPT inside a quoted string.
* Inside a quoted string, we only need to escape " and \
* We choose to quote strings containing any of those special characters,
* so we only need to escape " and \
*/
-#define NEEDS_ESCAPE(c) \
- (c == C_DOUBLE_QUOTE || c == C_BACKSLASH)
+#define NEEDS_ESCAPE(c) (c == C_DOUBLE_QUOTE || c == C_BACKSLASH)
-#define NEEDS_HEX_ESCAPE(c) \
- ((PRUint8)c < 0x20 || c == 0x7f)
+#define NEEDS_HEX_ESCAPE(c) ((PRUint8)c < 0x20 || c == 0x7f)
int
cert_AVAOidTagToMaxLen(SECOidTag tag)
{
- const NameToKind *n2k = name2kinds;
+ const NameToKind* n2k = name2kinds;
while (n2k->kind != tag && n2k->kind != SEC_OID_UNKNOWN) {
- ++n2k;
+ ++n2k;
}
return (n2k->kind != SEC_OID_UNKNOWN) ? n2k->maxLen : -1;
}
static PRBool
-IsPrintable(unsigned char *data, unsigned len)
+IsPrintable(unsigned char* data, unsigned len)
{
unsigned char ch, *end;
end = data + len;
while (data < end) {
- ch = *data++;
- if (!IS_PRINTABLE(ch)) {
- return PR_FALSE;
- }
+ ch = *data++;
+ if (!IS_PRINTABLE(ch)) {
+ return PR_FALSE;
+ }
}
return PR_TRUE;
}
static void
-skipSpace(const char **pbp, const char *endptr)
+skipSpace(const char** pbp, const char* endptr)
{
- const char *bp = *pbp;
+ const char* bp = *pbp;
while (bp < endptr && OPTIONAL_SPACE(*bp)) {
- bp++;
+ bp++;
}
*pbp = bp;
}
static SECStatus
-scanTag(const char **pbp, const char *endptr, char *tagBuf, int tagBufSize)
+scanTag(const char** pbp, const char* endptr, char* tagBuf, int tagBufSize)
{
- const char *bp;
- char *tagBufp;
+ const char* bp;
+ char* tagBufp;
int taglen;
PORT_Assert(tagBufSize > 0);
-
+
/* skip optional leading space */
skipSpace(pbp, endptr);
if (*pbp == endptr) {
- /* nothing left */
- return SECFailure;
+ /* nothing left */
+ return SECFailure;
}
-
+
/* fill tagBuf */
taglen = 0;
bp = *pbp;
tagBufp = tagBuf;
while (bp < endptr && !OPTIONAL_SPACE(*bp) && (*bp != C_EQUAL)) {
- if (++taglen >= tagBufSize) {
- *pbp = bp;
- return SECFailure;
- }
- *tagBufp++ = *bp++;
+ if (++taglen >= tagBufSize) {
+ *pbp = bp;
+ return SECFailure;
+ }
+ *tagBufp++ = *bp++;
}
/* null-terminate tagBuf -- guaranteed at least one space left */
*tagBufp++ = 0;
*pbp = bp;
-
+
/* skip trailing spaces till we hit something - should be an equal sign */
skipSpace(pbp, endptr);
if (*pbp == endptr) {
- /* nothing left */
- return SECFailure;
+ /* nothing left */
+ return SECFailure;
}
if (**pbp != C_EQUAL) {
- /* should be an equal sign */
- return SECFailure;
+ /* should be an equal sign */
+ return SECFailure;
}
/* skip over the equal sign */
(*pbp)++;
-
+
return SECSuccess;
}
/* Returns the number of bytes in the value. 0 means failure. */
static int
-scanVal(const char **pbp, const char *endptr, char *valBuf, int valBufSize)
+scanVal(const char** pbp, const char* endptr, char* valBuf, int valBufSize)
{
- const char *bp;
- char *valBufp;
+ const char* bp;
+ char* valBufp;
int vallen = 0;
PRBool isQuoted;
-
+
PORT_Assert(valBufSize > 0);
-
+
/* skip optional leading space */
skipSpace(pbp, endptr);
- if(*pbp == endptr) {
- /* nothing left */
- return 0;
+ if (*pbp == endptr) {
+ /* nothing left */
+ return 0;
}
-
+
bp = *pbp;
-
+
/* quoted? */
if (*bp == C_DOUBLE_QUOTE) {
- isQuoted = PR_TRUE;
- /* skip over it */
- bp++;
- } else {
- isQuoted = PR_FALSE;
+ isQuoted = PR_TRUE;
+ /* skip over it */
+ bp++;
}
-
+ else {
+ isQuoted = PR_FALSE;
+ }
+
valBufp = valBuf;
while (bp < endptr) {
- char c = *bp;
- if (c == C_BACKSLASH) {
- /* escape character */
- bp++;
- if (bp >= endptr) {
- /* escape charater must appear with paired char */
- *pbp = bp;
- return 0;
- }
- c = *bp;
- if (IS_HEX(c) && (endptr - bp) >= 2 && IS_HEX(bp[1])) {
- bp++;
- c = (char)((x2b[(PRUint8)c] << 4) | x2b[(PRUint8)*bp]);
- }
- } else if (c == '#' && bp == *pbp) {
- /* ignore leading #, quotation not required for it. */
- } else if (!isQuoted && SPECIAL_CHAR(c)) {
- /* unescaped special and not within quoted value */
- break;
- } else if (c == C_DOUBLE_QUOTE) {
- /* reached unescaped double quote */
- break;
- }
- /* append character */
+ char c = *bp;
+ if (c == C_BACKSLASH) {
+ /* escape character */
+ bp++;
+ if (bp >= endptr) {
+ /* escape charater must appear with paired char */
+ *pbp = bp;
+ return 0;
<