--- a/cmd/bltest/blapitest.c
+++ b/cmd/bltest/blapitest.c
@@ -51,17 +51,18 @@ char *testdir = NULL;
#define TIMEFINISH(time, reps) \
time2 = (PRIntervalTime)(PR_IntervalNow() - time1); \
time1 = PR_IntervalToMilliseconds(time2); \
time = ((double)(time1))/reps;
#define TIMEMARK(seconds) \
time1 = PR_SecondsToInterval(seconds); \
{ \
- PRInt64 tmp; \
+ PRInt64 tmp, L100; \
+ LL_I2L(L100, 100); \
if (time2 == 0) { \
time2 = 1; \
} \
LL_DIV(tmp, time1, time2); \
if (tmp < 10) { \
if (tmp == 0) { \
opsBetweenChecks = 1; \
} else { \
@@ -307,28 +308,29 @@ char2_from_hex(unsigned char byteval, ch
return SECSuccess;
}
void
serialize_key(SECItem *it, int ni, PRFileDesc *file)
{
unsigned char len[4];
int i;
+ SECStatus status;
NSSBase64Encoder *cx;
cx = NSSBase64Encoder_Create(output_ascii, file);
for (i=0; i<ni; i++, it++) {
len[0] = (it->len >> 24) & 0xff;
len[1] = (it->len >> 16) & 0xff;
len[2] = (it->len >> 8) & 0xff;
len[3] = (it->len & 0xff);
- NSSBase64Encoder_Update(cx, len, 4);
- NSSBase64Encoder_Update(cx, it->data, it->len);
+ status = NSSBase64Encoder_Update(cx, len, 4);
+ status = NSSBase64Encoder_Update(cx, it->data, it->len);
}
- NSSBase64Encoder_Destroy(cx, PR_FALSE);
- PR_Write(file, "\r\n", 2);
+ status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
+ status = PR_Write(file, "\r\n", 2);
}
void
key_from_filedata(PLArenaPool *arena, SECItem *it, int ns, int ni, SECItem *filedata)
{
int fpos = 0;
int i, len;
unsigned char *buf = filedata->data;
@@ -1429,17 +1431,17 @@ bltest_rc5_init(bltestCipherInfo *cipher
SECStatus
bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
{
bltestSymmKeyParams *aesp = &cipherInfo->params.sk;
bltestAuthSymmKeyParams *gcmp = &cipherInfo->params.ask;
int minorMode;
int i;
int keylen = aesp->key.buf.len;
- unsigned int blocklen = AES_BLOCK_SIZE;
+ int blocklen = AES_BLOCK_SIZE;
PRIntervalTime time1, time2;
unsigned char *params;
int len;
CK_AES_CTR_PARAMS ctrParams;
CK_GCM_PARAMS gcmParams;
params = aesp->iv.buf.data;
switch (cipherInfo->mode) {
@@ -2562,16 +2564,18 @@ getHighUnitBytes(PRInt64 res)
static void
printPR_smpString(const char *sformat, char *reportStr,
const char *nformat, PRInt64 rNum)
{
if (reportStr) {
fprintf(stdout, sformat, reportStr);
PR_smprintf_free(reportStr);
} else {
+ int prnRes;
+ LL_L2I(prnRes, rNum);
fprintf(stdout, nformat, rNum);
}
}
static char*
getHighUnitOps(PRInt64 res)
{
int spl[] = {0, 0, 0, 0};
@@ -2995,17 +2999,17 @@ ReadFileToItem(SECItem *dst, const char
static SECStatus
blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff,
PRBool encrypt, PRBool decrypt)
{
bltestCipherInfo cipherInfo;
bltestIO pt, ct;
bltestCipherMode mode;
bltestParams *params;
- unsigned int i, j, nummodes, numtests;
+ int i, j, nummodes, numtests;
char *modestr;
char filename[256];
PLArenaPool *arena;
SECItem item;
SECStatus rv = SECSuccess, srv;
PORT_Memset(&cipherInfo, 0, sizeof(cipherInfo));
arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
@@ -3448,22 +3452,23 @@ static secuCommandFlag bltest_options[]
{ /* opt_MonteCarlo */ '3', PR_FALSE, 0, PR_FALSE },
{ /* opt_ThreadNum */ '4', PR_TRUE, 0, PR_FALSE },
{ /* opt_SecondsToRun */ '5', PR_TRUE, 0, PR_FALSE },
{ /* opt_CmdLine */ '-', PR_FALSE, 0, PR_FALSE }
};
int main(int argc, char **argv)
{
+ char *infileName, *outfileName, *keyfileName, *ivfileName;
SECStatus rv = SECFailure;
- double totalTime = 0.0;
+ double totalTime;
PRIntervalTime time1, time2;
PRFileDesc *outfile = NULL;
- bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL;
+ bltestCipherInfo *cipherInfoListHead, *cipherInfo;
bltestIOMode ioMode;
int bufsize, exponent, curThrdNum;
#ifndef NSS_DISABLE_ECC
char *curveName = NULL;
#endif
int i, commandsEntered;
int inoff, outoff;
int threads = 1;
@@ -3501,16 +3506,18 @@ int main(int argc, char **argv)
if (rv == SECFailure) {
fprintf(stderr, "%s: command line parsing error!\n", progName);
goto print_usage;
}
rv = SECFailure;
cipherInfo = PORT_ZNew(bltestCipherInfo);
cipherInfoListHead = cipherInfo;
+ /* set some defaults */
+ infileName = outfileName = keyfileName = ivfileName = NULL;
/* Check the number of commands entered on the command line. */
commandsEntered = 0;
for (i=0; i<bltest.numCommands; i++)
if (bltest.commands[i].activated)
commandsEntered++;
if (commandsEntered > 1 &&
@@ -3700,20 +3707,18 @@ int main(int argc, char **argv)
curveName = NULL;
#endif
if (bltest.commands[cmd_Verify].activated &&
!bltest.options[opt_SigFile].activated) {
fprintf(stderr, "%s: You must specify a signature file with -f.\n",
progName);
-print_usage:
- if (cipherInfo) {
- PORT_Free(cipherInfo);
- }
+ print_usage:
+ PORT_Free(cipherInfo);
Usage();
}
if (bltest.options[opt_MonteCarlo].activated) {
cipherInfo->mCarlo = PR_TRUE;
} else {
cipherInfo->mCarlo = PR_FALSE;
}
--- a/cmd/certcgi/certcgi.c
+++ b/cmd/certcgi/certcgi.c
@@ -351,16 +351,91 @@ find_field_bool(Pair *data,
if ((rv != NULL) && (PORT_Strcmp(rv, "true")) == 0) {
return PR_TRUE;
} else {
return PR_FALSE;
}
}
+static char *
+update_data_by_name(Pair *data,
+ char *field_name,
+ char *new_data)
+ /* replaces the data in the data structure associated with
+ a name with new data, returns null if not found */
+{
+ int i = 0;
+ int found = 0;
+ int length = 100;
+ char *new;
+
+ while (return_name(data, i) != NULL) {
+ if (PORT_Strcmp(return_name(data, i), field_name) == 0) {
+ new = make_copy_string( new_data, length, '\0');
+ PORT_Free(return_data(data, i));
+ found = 1;
+ (*(data + i)).data = new;
+ break;
+ }
+ i++;
+ }
+ if (!found) {
+ new = NULL;
+ }
+ return new;
+}
+
+static char *
+update_data_by_index(Pair *data,
+ int n,
+ char *new_data)
+ /* replaces the data of a particular index in the data structure */
+{
+ int length = 100;
+ char *new;
+
+ new = make_copy_string(new_data, length, '\0');
+ PORT_Free(return_data(data, n));
+ (*(data + n)).data = new;
+ return new;
+}
+
+
+static Pair *
+add_field(Pair *data,
+ char* field_name,
+ char* field_data)
+ /* adds a new name/data pair to the data structure */
+{
+ int i = 0;
+ int j;
+ int name_length = 100;
+ int data_length = 100;
+
+ while(return_name(data, i) != NULL) {
+ i++;
+ }
+ j = START_FIELDS;
+ while ( j < (i + 1) ) {
+ j = j * 2;
+ }
+ if (j == (i + 1)) {
+ data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair));
+ if (data == NULL) {
+ error_allocate();
+ }
+ }
+ (*(data + i)).name = make_copy_string(field_name, name_length, '\0');
+ (*(data + i)).data = make_copy_string(field_data, data_length, '\0');
+ (data + i + 1)->name = NULL;
+ return data;
+}
+
+
static CERTCertificateRequest *
makeCertReq(Pair *form_data,
int which_priv_key)
/* makes and encodes a certrequest */
{
PK11SlotInfo *slot;
CERTCertificateRequest *certReq = NULL;
@@ -447,36 +522,40 @@ MakeV1Cert(CERTCertDBHandle *hand
Pair *data)
{
CERTCertificate *issuerCert = NULL;
CERTValidity *validity;
CERTCertificate *cert = NULL;
PRExplodedTime printableTime;
PRTime now,
after;
+ SECStatus rv;
+
+
+
if ( !selfsign ) {
issuerCert = CERT_FindCertByNameString(handle, issuerNameStr);
if (!issuerCert) {
error_out("ERROR: Could not find issuer's certificate");
return NULL;
}
}
if (find_field_bool(data, "manValidity", PR_TRUE)) {
- (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE));
+ rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE));
} else {
now = PR_Now();
}
PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
if ( warpmonths ) {
printableTime.tm_month += warpmonths;
now = PR_ImplodeTime (&printableTime);
PR_ExplodeTime (now, PR_GMTParameters, &printableTime);
}
if (find_field_bool(data, "manValidity", PR_TRUE)) {
- (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE));
+ rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE));
PR_ExplodeTime (after, PR_GMTParameters, &printableTime);
} else {
printableTime.tm_month += 3;
after = PR_ImplodeTime (&printableTime);
}
/* note that the time is now in micro-second unit */
validity = CERT_CreateValidity (now, after);
@@ -507,17 +586,17 @@ get_serial_number(Pair *data)
if (find_field_bool(data, "serial-auto", PR_TRUE)) {
serialFile = fopen(filename, "r");
if (serialFile != NULL) {
fread(&serial, sizeof(int), 1, serialFile);
if (ferror(serialFile) != 0) {
error_out("Error: Unable to read serial number file");
}
- if (serial == -1) {
+ if (serial == 4294967295) {
serial = 21;
}
fclose(serialFile);
++serial;
serialFile = fopen(filename,"w");
if (serialFile == NULL) {
error_out("ERROR: Unable to open serial number file for writing");
}
@@ -1333,59 +1412,62 @@ string_to_ipaddress(char *string)
*(ipaddress->data + j) = '\0';
if (j != 4 && j != 8) {
error_out("ERROR: Improperly formated IP Address");
}
ipaddress->len = j;
return ipaddress;
}
-static int
-chr_to_hex(char c) {
- if (isdigit(c)) {
- return c - '0';
- }
- if (isxdigit(c)) {
- return toupper(c) - 'A' + 10;
- }
- return -1;
-}
-
static SECItem *
-string_to_binary(char *string)
+string_to_binary(char *string)
{
SECItem *rv;
+ int high_digit;
+ int low_digit;
rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem));
if (rv == NULL) {
error_allocate();
}
rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2);
- rv->len = 0;
- while (*string && !isxdigit(*string)) {
+ while (!isxdigit(*string)) {
string++;
}
- while (*string) {
- int high, low;
- high = chr_to_hex(*string++);
- low = chr_to_hex(*string++);
- if (high < 0 || low < 0) {
- error_out("ERROR: Improperly formated binary encoding");
- }
- rv->data[(rv->len)++] = high << 4 | low;
- if (*string != ':') {
- break;
- }
- ++string;
- }
- while (*string == ' ') {
- ++string;
- }
- if (*string) {
- error_out("ERROR: Junk after binary encoding");
+ rv->len = 0;
+ while (*string != '\0') {
+ if (isxdigit(*string)) {
+ if (*string >= '0' && *string <= '9') {
+ high_digit = *string - '0';
+ } else {
+ *string = toupper(*string);
+ high_digit = *string - 'A' + 10;
+ }
+ string++;
+ if (*string >= '0' && *string <= '9') {
+ low_digit = *string - '0';
+ } else {
+ *string = toupper(*string);
+ low_digit = *string - 'A' + 10;
+ }
+ (rv->len)++;
+ } else {
+ if (*string == ':') {
+ string++;
+ } else {
+ if (*string == ' ') {
+ while (*string == ' ') {
+ string++;
+ }
+ }
+ if (*string != '\0') {
+ error_out("ERROR: Improperly formated binary encoding");
+ }
+ }
+ }
}
return rv;
}
static SECStatus
MakeGeneralName(char *name,
CERTGeneralName *genName,
--- a/cmd/checkcert/checkcert.c
+++ b/cmd/checkcert/checkcert.c
@@ -117,27 +117,30 @@ void checkName(CERTName *n, char *fieldN
static
SECStatus
OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key,
SECItem *sig, SECAlgorithmID *sigAlgorithm)
{
SECStatus rv;
VFYContext *cx;
SECOidData *sigAlgOid, *oiddata;
+ SECOidTag sigAlgTag;
SECOidTag hashAlgTag;
int showDigestOid=0;
cx = VFY_CreateContextWithAlgorithmID(key, sig, sigAlgorithm, &hashAlgTag,
NULL);
if (cx == NULL)
return SECFailure;
sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm);
if (sigAlgOid == 0)
return SECFailure;
+ sigAlgTag = sigAlgOid->offset;
+
if (showDigestOid) {
oiddata = SECOID_FindOIDByTag(hashAlgTag);
if ( oiddata ) {
printf("PROBLEM: (cont) Digest OID is %s\n", oiddata->desc);
} else {
SECU_PrintAsHex(stdout,
&oiddata->oid, "PROBLEM: UNKNOWN OID", 0);
@@ -380,17 +383,17 @@ int main(int argc, char **argv)
if (verbose) {
printf("Decoded ok as an X509 certificate.\n");
}
SECU_RegisterDynamicOids();
rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0,
- (SECU_PPFunc)SECU_PrintCertificate);
+ SECU_PrintCertificate);
if (rv) {
fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n",
progName, PORT_GetError());
if (!force) {
exit(1);
}
}
--- a/cmd/crlutil/crlgen.c
+++ b/cmd/crlutil/crlgen.c
@@ -540,17 +540,17 @@ crlgen_AddCrlNumber(CRLGENGeneratorData
/* Creates Cert Revocation Reason code extension. Encodes it and
* returns as SECItem structure */
static SECItem*
crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr,
int *extCode)
{
SECItem *encodedItem;
void *dummy;
- void *mark = NULL;
+ void *mark;
int code = 0;
PORT_Assert(arena && dataArr);
if (!arena || !dataArr) {
goto loser;
}
mark = PORT_ArenaMark(arena);
@@ -578,31 +578,29 @@ crlgen_CreateReasonCode(PLArenaPool *are
if (!dummy) {
goto loser;
}
*extCode = SEC_OID_X509_REASON_CODE;
return encodedItem;
loser:
- if (mark) {
- PORT_ArenaRelease (arena, mark);
- }
+ PORT_ArenaRelease (arena, mark);
return NULL;
}
/* Creates Cert Invalidity Date extension. Encodes it and
* returns as SECItem structure */
static SECItem*
crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr,
int *extCode)
{
SECItem *encodedItem;
int length = 0;
- void *mark = NULL;
+ void *mark;
PORT_Assert(arena && dataArr);
if (!arena || !dataArr) {
goto loser;
}
mark = PORT_ArenaMark(arena);
@@ -621,19 +619,17 @@ crlgen_CreateInvalidityDate(PLArenaPool
PORT_Memcpy(encodedItem->data, dataArr[2], (encodedItem->len = length) *
sizeof(char));
*extCode = SEC_OID_X509_INVALID_DATE;
return encodedItem;
loser:
- if (mark) {
- PORT_ArenaRelease(arena, mark);
- }
+ PORT_ArenaRelease(arena, mark);
return NULL;
}
/* Creates(by calling extCreator function) and adds extension to a set
* of already added certs. Uses values of rangeFrom and rangeTo from
* CRLGENCrlGenCtl structure for identifying the inclusive set of certs */
static SECStatus
crlgen_AddEntryExtension(CRLGENGeneratorData *crlGenData,
@@ -1078,23 +1074,26 @@ crlgen_AddCert(CRLGENGeneratorData *crlG
/* Removes certs from entryDataHashTable which have certId serial number.
* certId can have value of a range of certs */
static SECStatus
crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId)
{
PRUint64 i = 0;
+ PLArenaPool *arena;
PORT_Assert(crlGenData && certId);
if (!crlGenData || !certId) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
+ arena = crlGenData->signCrl->arena;
+
if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure &&
certId) {
return SECFailure;
}
for (i = 0;i < crlGenData->rangeTo - crlGenData->rangeFrom + 1;i++) {
SECItem* certIdItem = SEC_ASN1EncodeInteger(NULL, NULL,
crlGenData->rangeFrom + i);
--- a/cmd/crlutil/crlutil.c
+++ b/cmd/crlutil/crlutil.c
@@ -123,17 +123,17 @@ static void ListCRLNames (CERTCertDBHand
crlNode = crlList->first;
fprintf (stdout, "\n");
fprintf (stdout, "\n%-40s %-5s\n\n", "CRL names", "CRL Type");
while (crlNode) {
char* asciiname = NULL;
CERTCertificate *cert = NULL;
- if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) {
+ if (crlNode->crl && &crlNode->crl->crl.derName) {
cert = CERT_FindCertByName(certHandle,
&crlNode->crl->crl.derName);
if (!cert) {
SECU_PrintError(progName, "could not find signing "
"certificate in database");
}
}
if (cert) {
@@ -693,45 +693,41 @@ GenerateCRL (CERTCertDBHandle *certHandl
SECU_PrintError(progName, "fail to allocate memory\n");
return SECFailure;
}
if (modifyFlag == PR_TRUE) {
signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName,
inFile, decodeOptions, importOptions);
if (signCrl == NULL) {
- rv = SECFailure;
goto loser;
}
}
if (!cert) {
cert = FindSigningCert(certHandle, signCrl, certNickName);
if (cert == NULL) {
- rv = SECFailure;
goto loser;
}
}
if (!signCrl) {
if (modifyFlag == PR_TRUE) {
if (!outFileName) {
int len = strlen(certNickName) + 5;
outFileName = PORT_ArenaAlloc(arena, len);
PR_snprintf(outFileName, len, "%s.crl", certNickName);
}
SECU_PrintError(progName, "Will try to generate crl. "
"It will be saved in file: %s",
outFileName);
}
signCrl = CreateNewCrl(arena, certHandle, cert);
- if (!signCrl) {
- rv = SECFailure;
+ if (!signCrl)
goto loser;
- }
}
rv = UpdateCrl(signCrl, inCrlInitFile);
if (rv != SECSuccess) {
goto loser;
}
rv = SignAndStoreCrl(signCrl, cert, outFileName, hashAlgTag, ascii,
--- a/cmd/crmftest/testcrmf.c
+++ b/cmd/crmftest/testcrmf.c
@@ -122,27 +122,23 @@ debug_test(SECItem *src, char *filePath)
}
PR_Write(fileDesc, src->data, src->len);
}
SECStatus
get_serial_number(long *dest)
{
- SECStatus rv;
+ SECStatus rv;
- if (dest == NULL) {
+ if (dest == NULL) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
- }
+ }
rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long));
- if (rv != SECSuccess) {
- /* PK11_GenerateRandom calls PORT_SetError */
- return SECFailure;
- }
/* make serial number positive */
if (*dest < 0L)
*dest = - *dest;
return SECSuccess;
}
PK11RSAGenParams *
GetRSAParams(void)
@@ -936,16 +932,28 @@ DoCMMFStuff(void)
CERT_DestroyCertificate(cert);
}
if (list) {
CERT_DestroyCertList(list);
}
return rv;
}
+static CK_MECHANISM_TYPE
+mapWrapKeyType(KeyType keyType)
+{
+ switch (keyType) {
+ case rsaKey:
+ return CKM_RSA_PKCS;
+ default:
+ break;
+ }
+ return CKM_INVALID_MECHANISM;
+}
+
#define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/
int
DoKeyRecovery( SECKEYPrivateKey *privKey)
{
#ifdef DOING_KEY_RECOVERY /* Doesn't compile yet. */
SECKEYPublicKey *pubKey;
PK11SlotInfo *slot;
@@ -1520,16 +1528,20 @@ main(int argc, char **argv)
PLOptState *optstate;
PLOptStatus status;
char *password = NULL;
char *pwfile = NULL;
int irv = 0;
PRUint32 flags = 0;
SECStatus rv;
PRBool nssInit = PR_FALSE;
+ PRBool pArg = PR_FALSE;
+ PRBool eArg = PR_FALSE;
+ PRBool sArg = PR_FALSE;
+ PRBool PArg = PR_FALSE;
memset( &signPair, 0, sizeof signPair);
memset( &cryptPair, 0, sizeof cryptPair);
printf ("\ncrmftest v1.0\n");
optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:f:");
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case 'd':
@@ -1542,39 +1554,43 @@ main(int argc, char **argv)
nssInit = PR_TRUE;
break;
case 'p':
personalCert = PORT_Strdup(optstate->value);
if (personalCert == NULL) {
printf ("-p failed\n");
return 603;
}
+ pArg = PR_TRUE;
break;
case 'e':
recoveryEncrypter = PORT_Strdup(optstate->value);
if (recoveryEncrypter == NULL) {
printf ("-e failed\n");
return 602;
}
+ eArg = PR_TRUE;
break;
case 's':
caCertName = PORT_Strdup(optstate->value);
if (caCertName == NULL) {
printf ("-s failed\n");
return 604;
}
+ sArg = PR_TRUE;
break;
case 'P':
password = PORT_Strdup(optstate->value);
if (password == NULL) {
printf ("-P failed\n");
return 606;
}
pwdata.source = PW_PLAINTEXT;
pwdata.data = password;
+ PArg = PR_TRUE;
break;
case 'f':
pwfile = PORT_Strdup(optstate->value);
if (pwfile == NULL) {
printf ("-f failed\n");
return 607;
}
pwdata.source = PW_FROMFILE;
--- a/cmd/fipstest/fipstest.c
+++ b/cmd/fipstest/fipstest.c
@@ -283,17 +283,17 @@ tdea_kat_mmt(char *reqfn)
{
char buf[180]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "CIPHERTEXT = <180 hex digits>\n".
*/
FILE *req; /* input stream from the REQUEST file */
FILE *resp; /* output stream to the RESPONSE file */
int i, j;
- int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */
+ int mode; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */
int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */
unsigned char key[24]; /* TDEA 3 key bundle */
unsigned int numKeys = 0;
unsigned char iv[8]; /* for all modes except ECB */
unsigned char plaintext[8*20]; /* 1 to 20 blocks */
unsigned int plaintextlen;
unsigned char ciphertext[8*20]; /* 1 to 20 blocks */
unsigned int ciphertextlen;
@@ -992,20 +992,20 @@ aes_kat_mmt(char *reqfn)
{
char buf[512]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "CIPHERTEXT = <320 hex digits>\n".
*/
FILE *aesreq; /* input stream from the REQUEST file */
FILE *aesresp; /* output stream to the RESPONSE file */
int i, j;
- int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */
+ int mode; /* NSS_AES (ECB) or NSS_AES_CBC */
int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
unsigned char key[32]; /* 128, 192, or 256 bits */
- unsigned int keysize = 0;
+ unsigned int keysize;
unsigned char iv[16]; /* for all modes except ECB */
unsigned char plaintext[10*16]; /* 1 to 10 blocks */
unsigned int plaintextlen;
unsigned char ciphertext[10*16]; /* 1 to 10 blocks */
unsigned int ciphertextlen;
SECStatus rv;
aesreq = fopen(reqfn, "r");
@@ -1192,17 +1192,17 @@ aes_ecb_mct(char *reqfn)
* needs to be large enough to hold the longest
* line "KEY = <64 hex digits>\n".
*/
FILE *aesreq; /* input stream from the REQUEST file */
FILE *aesresp; /* output stream to the RESPONSE file */
int i, j;
int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
unsigned char key[32]; /* 128, 192, or 256 bits */
- unsigned int keysize = 0;
+ unsigned int keysize;
unsigned char plaintext[16]; /* PT[j] */
unsigned char plaintext_1[16]; /* PT[j-1] */
unsigned char ciphertext[16]; /* CT[j] */
unsigned char ciphertext_1[16]; /* CT[j-1] */
unsigned char doublecheck[16];
unsigned int outputlen;
AESContext *cx = NULL; /* the operation being tested */
AESContext *cx2 = NULL; /* the inverse operation done in parallel
@@ -1475,17 +1475,17 @@ aes_cbc_mct(char *reqfn)
* needs to be large enough to hold the longest
* line "KEY = <64 hex digits>\n".
*/
FILE *aesreq; /* input stream from the REQUEST file */
FILE *aesresp; /* output stream to the RESPONSE file */
int i, j;
int encrypt = 0; /* 1 means encrypt, 0 means decrypt */
unsigned char key[32]; /* 128, 192, or 256 bits */
- unsigned int keysize = 0;
+ unsigned int keysize;
unsigned char iv[16];
unsigned char plaintext[16]; /* PT[j] */
unsigned char plaintext_1[16]; /* PT[j-1] */
unsigned char ciphertext[16]; /* CT[j] */
unsigned char ciphertext_1[16]; /* CT[j-1] */
unsigned char doublecheck[16];
unsigned int outputlen;
AESContext *cx = NULL; /* the operation being tested */
@@ -2098,17 +2098,17 @@ ecdsa_pkv_test(char *reqfn)
* line "Qx = <144 hex digits>\n".
*/
FILE *ecdsareq; /* input stream from the REQUEST file */
FILE *ecdsaresp; /* output stream to the RESPONSE file */
char curve[16]; /* "nistxddd" */
ECParams *ecparams = NULL;
SECItem pubkey;
unsigned int i;
- unsigned int len = 0;
+ unsigned int len;
PRBool keyvalid = PR_TRUE;
ecdsareq = fopen(reqfn, "r");
ecdsaresp = stdout;
strcpy(curve, "nist");
pubkey.data = NULL;
while (fgets(buf, sizeof buf, ecdsareq) != NULL) {
/* a comment or blank line */
@@ -2355,20 +2355,20 @@ ecdsa_sigver_test(char *reqfn)
* needs to be large enough to hold the longest
* line "Msg = <256 hex digits>\n".
*/
FILE *ecdsareq; /* input stream from the REQUEST file */
FILE *ecdsaresp; /* output stream to the RESPONSE file */
char curve[16]; /* "nistxddd" */
ECPublicKey ecpub;
unsigned int i, j;
- unsigned int flen = 0; /* length in bytes of the field size */
- unsigned int olen = 0; /* length in bytes of the base point order */
+ unsigned int flen; /* length in bytes of the field size */
+ unsigned int olen; /* length in bytes of the base point order */
unsigned char msg[512]; /* message that was signed (<= 128 bytes) */
- unsigned int msglen = 0;
+ unsigned int msglen;
unsigned char sha1[20]; /* SHA-1 hash (160 bits) */
unsigned char sig[2*MAX_ECKEY_LEN];
SECItem signature, digest;
PRBool keyvalid = PR_TRUE;
PRBool sigvalid = PR_TRUE;
ecdsareq = fopen(reqfn, "r");
ecdsaresp = stdout;
@@ -2527,16 +2527,53 @@ ecdsa_sigver_test(char *reqfn)
loser:
if (ecpub.ecParams.arena != NULL) {
PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE);
}
fclose(ecdsareq);
}
#endif /* NSS_DISABLE_ECC */
+
+/*
+ * Read a value from the test and allocate the result.
+ */
+static unsigned char *
+alloc_value(char *buf, int *len)
+{
+ unsigned char * value;
+ int i, count;
+
+ if (strncmp(buf, "<None>", 6) == 0) {
+ *len = 0;
+ return NULL;
+ }
+
+ /* find the length of the number */
+ for (count = 0; isxdigit(buf[count]); count++);
+ *len = count/2;
+
+ if (*len == 0) {
+ return NULL;
+ }
+
+ value = PORT_Alloc(*len);
+ if (!value) {
+ *len = 0;
+ return NULL;
+ }
+
+ for (i=0; i<*len; buf+=2 , i++) {
+ hex_to_byteval(buf, &value[i]);
+ }
+
+
+ return value;
+}
+
PRBool
isblankline(char *b)
{
while (isspace(*b)) b++;
if ((*b == '\n') || (*b == 0)) {
return PR_TRUE;
}
return PR_FALSE;
@@ -2557,19 +2594,17 @@ drbg(char *reqfn)
char buf[2000]; /* test case has some very long lines, returned bits
* as high as 800 bytes (6400 bits). That 1600 byte
* plus a tag */
char buf2[2000];
FILE *rngreq; /* input stream from the REQUEST file */
FILE *rngresp; /* output stream to the RESPONSE file */
unsigned int i, j;
-#if 0
PRBool predictionResistance = PR_FALSE;
-#endif
unsigned char *nonce = NULL;
int nonceLen = 0;
unsigned char *personalizationString = NULL;
int personalizationStringLen = 0;
unsigned char *additionalInput = NULL;
int additionalInputLen = 0;
unsigned char *entropyInput = NULL;
int entropyInputLen = 0;
@@ -2682,32 +2717,30 @@ drbg(char *reqfn)
}
/* [Hash - SHA256] */
if (strncmp(buf, "[SHA-256]", 9) == 0) {
fputs(buf, rngresp);
continue;
}
-#if 0 /* currently unsupported */
if (strncmp(buf, "[PredictionResistance", 21) == 0) {
i = 21;
while (isspace(buf[i]) || buf[i] == '=') {
i++;
- }
+ }
if (strncmp(buf, "False", 5) == 0) {
predictionResistance = PR_FALSE;
} else {
predictionResistance = PR_TRUE;
}
fputs(buf, rngresp);
continue;
}
-#endif
if (strncmp(buf, "[EntropyInputLen", 16) == 0) {
if (entropyInput) {
PORT_ZFree(entropyInput, entropyInputLen);
entropyInput = NULL;
entropyInputLen = 0;
}
if (sscanf(buf, "[EntropyInputLen = %d]", &entropyInputLen) != 1) {
@@ -2952,17 +2985,17 @@ rng_vst(char *reqfn)
* needs to be large enough to hold the longest
* line "XSeed = <128 hex digits>\n".
*/
FILE *rngreq; /* input stream from the REQUEST file */
FILE *rngresp; /* output stream to the RESPONSE file */
unsigned int i, j;
unsigned char Q[DSA1_SUBPRIME_LEN];
PRBool hasQ = PR_FALSE;
- unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */
+ unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */
unsigned char XKey[512/8];
unsigned char XSeed[512/8];
unsigned char GENX[DSA1_SIGNATURE_LEN];
unsigned char DSAX[DSA1_SUBPRIME_LEN];
SECStatus rv;
rngreq = fopen(reqfn, "r");
rngresp = stdout;
@@ -3075,17 +3108,17 @@ rng_mct(char *reqfn)
* needs to be large enough to hold the longest
* line "XSeed = <128 hex digits>\n".
*/
FILE *rngreq; /* input stream from the REQUEST file */
FILE *rngresp; /* output stream to the RESPONSE file */
unsigned int i, j;
unsigned char Q[DSA1_SUBPRIME_LEN];
PRBool hasQ = PR_FALSE;
- unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */
+ unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */
unsigned char XKey[512/8];
unsigned char XSeed[512/8];
unsigned char GENX[2*SHA1_LENGTH];
unsigned char DSAX[DSA1_SUBPRIME_LEN];
SECStatus rv;
rngreq = fopen(reqfn, "r");
rngresp = stdout;
@@ -3378,18 +3411,18 @@ SECStatus sha_mct_test(unsigned int MDLe
*
* reqfn is the pathname of the input REQUEST file.
*
* The output RESPONSE file is written to stdout.
*/
void sha_test(char *reqfn)
{
unsigned int i, j;
- unsigned int MDlen = 0; /* the length of the Message Digest in Bytes */
- unsigned int msgLen = 0; /* the length of the input Message in Bytes */
+ unsigned int MDlen; /* the length of the Message Digest in Bytes */
+ unsigned int msgLen; /* the length of the input Message in Bytes */
unsigned char *msg = NULL; /* holds the message to digest.*/
size_t bufSize = 25608; /*MAX buffer size */
char *buf = NULL; /* holds one line from the input REQUEST file.*/
unsigned char seed[HASH_LENGTH_MAX]; /* max size of seed 64 bytes */
unsigned char MD[HASH_LENGTH_MAX]; /* message digest */
FILE *req = NULL; /* input stream from the REQUEST file */
FILE *resp; /* output stream to the RESPONSE file */
@@ -3556,28 +3589,28 @@ hmac_calc(unsigned char *hmac_computed,
*
* The output RESPONSE file is written to stdout.
*/
void hmac_test(char *reqfn)
{
unsigned int i, j;
size_t bufSize = 400; /* MAX buffer size */
char *buf = NULL; /* holds one line from the input REQUEST file.*/
- unsigned int keyLen = 0; /* Key Length */
+ unsigned int keyLen; /* Key Length */
unsigned char key[200]; /* key MAX size = 184 */
unsigned int msgLen = 128; /* the length of the input */
/* Message is always 128 Bytes */
unsigned char *msg = NULL; /* holds the message to digest.*/
- unsigned int HMACLen = 0; /* the length of the HMAC Bytes */
- unsigned int TLen = 0; /* the length of the requested */
+ unsigned int HMACLen; /* the length of the HMAC Bytes */
+ unsigned int TLen; /* the length of the requested */
/* truncated HMAC Bytes */
unsigned char HMAC[HASH_LENGTH_MAX]; /* computed HMAC */
unsigned char expectedHMAC[HASH_LENGTH_MAX]; /* for .fax files that have */
/* supplied known answer */
- HASH_HashType hash_alg = HASH_AlgNULL; /* HMAC type */
+ HASH_HashType hash_alg; /* HMAC type */
FILE *req = NULL; /* input stream from the REQUEST file */
FILE *resp; /* output stream to the RESPONSE file */
buf = PORT_ZAlloc(bufSize);
if (buf == NULL) {
goto loser;
@@ -3863,17 +3896,17 @@ dsa_pqgver_test(char *reqfn)
*/
FILE *dsareq; /* input stream from the REQUEST file */
FILE *dsaresp; /* output stream to the RESPONSE file */
int N;
int L;
unsigned int i, j;
PQGParams pqg;
PQGVerify vfy;
- unsigned int pghSize = 0; /* size for p, g, and h */
+ unsigned int pghSize; /* size for p, g, and h */
dsa_pqg_type type = FIPS186_1;
dsareq = fopen(reqfn, "r");
dsaresp = stdout;
memset(&pqg, 0, sizeof(pqg));
memset(&vfy, 0, sizeof(vfy));
while (fgets(buf, sizeof buf, dsareq) != NULL) {
@@ -4196,17 +4229,17 @@ dsa_pqggen_test(char *reqfn)
FILE *dsaresp; /* output stream to the RESPONSE file */
int count; /* number of times to generate parameters */
int N;
int L;
int i;
unsigned int j;
PQGParams *pqg = NULL;
PQGVerify *vfy = NULL;
- unsigned int keySizeIndex = 0;
+ unsigned int keySizeIndex;
dsa_pqg_type type = FIPS186_1;
dsareq = fopen(reqfn, "r");
dsaresp = stdout;
while (fgets(buf, sizeof buf, dsareq) != NULL) {
/* a comment or blank line */
if (buf[0] == '#' || buf[0] == '\n') {
fputs(buf, dsaresp);
--- a/cmd/httpserv/httpserv.c
+++ b/cmd/httpserv/httpserv.c
@@ -334,16 +334,17 @@ typedef struct caRevoInfoStr caRevoInfo;
static caRevoInfo *caRevoInfos = NULL;
static enum {
ocspGetOnly, ocspPostOnly, ocspGetAndPost, ocspRandomGetFailure, ocspGetUnknown
} ocspMethodsAllowed = ocspGetAndPost;
static const char stopCmd[] = { "GET /stop " };
static const char getCmd[] = { "GET " };
+static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" };
static const char outHeader[] = {
"HTTP/1.0 200 OK\r\n"
"Server: Generic Web Server\r\n"
"Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n"
"Content-type: text/plain\r\n"
"\r\n"
};
static const char outOcspHeader[] = {
@@ -706,18 +707,18 @@ handle_connection(
if (entry) {
/* revoked status response */
revoked = PR_TRUE;
DER_DecodeTimeChoice(&revoDate, &entry->revocationDate);
} else {
/* else good status response */
if (!isPost && ocspMethodsAllowed == ocspGetUnknown) {
unknown = PR_TRUE;
- nextUpdate = PR_Now() + (PRTime)60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/
- revoDate = PR_Now() - (PRTime)60*60*24 * PR_USEC_PER_SEC; /*yesterday*/
+ nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/
+ revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/
}
}
}
{
PRTime now = PR_Now();
PLArenaPool *arena = NULL;
CERTOCSPSingleResponse *sr;
--- a/cmd/lib/basicutil.c
+++ b/cmd/lib/basicutil.c
@@ -679,17 +679,17 @@ static unsigned char nibble(char c) {
c = PORT_Tolower(c);
return ( c >= '0' && c <= '9') ? c - '0' :
( c >= 'a' && c <= 'f') ? c - 'a' +10 : -1;
}
SECStatus
SECU_SECItemHexStringToBinary(SECItem* srcdest)
{
- unsigned int i;
+ int i;
if (!srcdest) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
if (srcdest->len < 4 || (srcdest->len % 2) ) {
/* too short to convert, or even number of characters */
PORT_SetError(SEC_ERROR_BAD_DATA);
--- a/cmd/lib/derprint.c
+++ b/cmd/lib/derprint.c
@@ -441,17 +441,17 @@ prettyPrintLength(FILE *out, const unsig
if (il < 0) return -1;
*lenp = (unsigned) il;
} else {
*lenp = 0;
*indefinitep = PR_TRUE;
}
lenLen = nb + 1;
if (raw) {
- unsigned int i;
+ int i;
rv = prettyPrintByte(out, lbyte, lv);
if (rv < 0)
return rv;
for (i = 0; i < nb; i++) {
rv = prettyPrintByte(out, data[i], lv);
if (rv < 0)
return rv;
--- a/cmd/lib/pk11table.c
+++ b/cmd/lib/pk11table.c
@@ -572,17 +572,17 @@ const Constant _consts[] = {
mkEntry(CKT_NSS_TRUST_UNKNOWN, Trust),
mkEntry(CKT_NSS_VALID_DELEGATOR, Trust),
mkEntry(CK_EFFECTIVELY_INFINITE, AvailableSizes),
mkEntry(CK_UNAVAILABLE_INFORMATION, CurrentSize),
};
const Constant *consts = &_consts[0];
-const unsigned int constCount = sizeof(_consts)/sizeof(_consts[0]);
+const int constCount = sizeof(_consts)/sizeof(_consts[0]);
const Commands _commands[] = {
{"C_Initialize", F_C_Initialize,
"C_Initialize pInitArgs\n\n"
"C_Initialize initializes the PKCS #11 library.\n"
" pInitArgs if this is not NULL_PTR it gets cast to and dereferenced\n",
{ArgInitializeArgs, ArgNone, ArgNone, ArgNone, ArgNone,
ArgNone, ArgNone, ArgNone, ArgNone, ArgNone }},
@@ -1384,17 +1384,17 @@ const Topics _topics[] = {
};
const Topics *topics= &_topics[0];
const int topicCount = sizeof(_topics) / sizeof(_topics[0]);
const char *
getName(CK_ULONG value, ConstType type)
{
- unsigned int i;
+ int i;
for (i=0; i < constCount; i++) {
if (consts[i].type == type && consts[i].value == value) {
return consts[i].name;
}
if (type == ConstNone && consts[i].value == value) {
return consts[i].name;
}
@@ -1404,17 +1404,17 @@ getName(CK_ULONG value, ConstType type)
}
const char *
getNameFromAttribute(CK_ATTRIBUTE_TYPE type)
{
return getName(type, ConstAttribute);
}
-unsigned int totalKnownType(ConstType type) {
- unsigned int count = 0;
- unsigned int i;
+int totalKnownType(ConstType type) {
+ int count = 0;
+ int i;
for (i=0; i < constCount; i++) {
if (consts[i].type == type) count++;
}
return count;
}
--- a/cmd/lib/pk11table.h
+++ b/cmd/lib/pk11table.h
@@ -157,24 +157,24 @@ typedef struct _topics {
* the command array itself. Make name to function and it's arguments
*/
extern const char **valueString;
extern const int valueCount;
extern const char **constTypeString;
extern const int constTypeCount;
extern const Constant *consts;
-extern const unsigned int constCount;
+extern const int constCount;
extern const Commands *commands;
extern const int commandCount;
extern const Topics *topics;
extern const int topicCount;
extern const char *
getName(CK_ULONG value, ConstType type);
extern const char *
getNameFromAttribute(CK_ATTRIBUTE_TYPE type);
-extern unsigned int totalKnownType(ConstType type);
+extern int totalKnownType(ConstType type);
#endif /* _PK11_TABLE_H_ */
--- a/cmd/lib/secutil.c
+++ b/cmd/lib/secutil.c
@@ -370,43 +370,40 @@ SECU_ChangePW2(PK11SlotInfo *slot, char
if (PK11_CheckUserPassword(slot, oldpw) != SECSuccess) {
if (pwdata.source == PW_NONE) {
PR_fprintf(PR_STDERR, "Invalid password. Try again.\n");
} else {
PR_fprintf(PR_STDERR, "Invalid password.\n");
PORT_Memset(oldpw, 0, PL_strlen(oldpw));
PORT_Free(oldpw);
- rv = SECFailure;
- goto done;
+ return SECFailure;
}
} else
break;
PORT_Free(oldpw);
}
newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata);
- rv = PK11_ChangePW(slot, oldpw, newpw);
- if (rv != SECSuccess) {
+ if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) {
PR_fprintf(PR_STDERR, "Failed to change password.\n");
- } else {
- PR_fprintf(PR_STDOUT, "Password changed successfully.\n");
+ return SECFailure;
}
PORT_Memset(oldpw, 0, PL_strlen(oldpw));
PORT_Free(oldpw);
+ PR_fprintf(PR_STDOUT, "Password changed successfully.\n");
+
done:
- if (newpw) {
- PORT_Memset(newpw, 0, PL_strlen(newpw));
- PORT_Free(newpw);
- }
- return rv;
+ PORT_Memset(newpw, 0, PL_strlen(newpw));
+ PORT_Free(newpw);
+ return SECSuccess;
}
struct matchobj {
SECItem index;
char *nname;
PRBool found;
};
@@ -1548,17 +1545,17 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *o
}
PORT_Free(derIssuerB64);
PORT_Free(derSerialB64);
fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len);
{
- unsigned int i;
+ int i;
for (i=0; i < c->serialNumber.len; ++i) {
unsigned char *chardata = (unsigned char*)(c->serialNumber.data);
unsigned char c = *(chardata + i);
fprintf(out, "\\x%02x", c);
}
fprintf(out, "\" }\n");
}
@@ -2415,16 +2412,17 @@ loser:
}
int
SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int level)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTCertificate *c;
int rv = SEC_ERROR_NO_MEMORY;
+ int iv;
if (!arena)
return rv;
/* Decode certificate */
c = PORT_ArenaZNew(arena, CERTCertificate);
if (!c)
goto loser;
@@ -2740,17 +2738,17 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKC
/* Parse and list certificates (if any) */
if (src->rawCerts != NULL) {
SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
iv = 0;
while ((aCert = src->rawCerts[iv++]) != NULL) {
sprintf(om, "Certificate (%x)", iv);
rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- (SECU_PPFunc)SECU_PrintCertificate);
+ SECU_PrintCertificate);
if (rv)
return rv;
}
}
/* Parse and list CRL's (if any) */
if (src->crls != NULL) {
SECU_Indent(out, level + 1);
@@ -2859,17 +2857,17 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *
/* Parse and list certificates (if any) */
if (src->rawCerts != NULL) {
SECU_Indent(out, level + 1); fprintf(out, "Certificate List:\n");
iv = 0;
while ((aCert = src->rawCerts[iv++]) != NULL) {
sprintf(om, "Certificate (%x)", iv);
rv = SECU_PrintSignedData(out, aCert, om, level + 2,
- (SECU_PPFunc)SECU_PrintCertificate);
+ SECU_PrintCertificate);
if (rv)
return rv;
}
}
/* Parse and list CRL's (if any) */
if (src->crls != NULL) {
SECU_Indent(out, level + 1);
@@ -3189,17 +3187,17 @@ SEC_PrintCertificateAndTrust(CERTCertifi
SECStatus rv;
SECItem data;
CERTCertTrust certTrust;
data.data = cert->derCert.data;
data.len = cert->derCert.len;
rv = SECU_PrintSignedData(stdout, &data, label, 0,
- (SECU_PPFunc)SECU_PrintCertificate);
+ SECU_PrintCertificate);
if (rv) {
return(SECFailure);
}
if (trust) {
SECU_PrintTrustFlags(stdout, trust,
"Certificate Trust Flags", 1);
} else if (CERT_GetCertTrust(cert, &certTrust) == SECSuccess) {
SECU_PrintTrustFlags(stdout, &certTrust,
@@ -3280,33 +3278,33 @@ SECU_displayVerifyLog(FILE *outfile, CER
}
}
}
fprintf(outfile, " ERROR %ld: %s\n", node->error,
SECU_Strerror(node->error));
errstr = NULL;
switch (node->error) {
case SEC_ERROR_INADEQUATE_KEY_USAGE:
- flags = (unsigned int)((char *)node->arg - (char *)NULL);
+ flags = (unsigned int)node->arg;
switch (flags) {
case KU_DIGITAL_SIGNATURE:
errstr = "Cert cannot sign.";
break;
case KU_KEY_ENCIPHERMENT:
errstr = "Cert cannot encrypt.";
break;
case KU_KEY_CERT_SIGN:
errstr = "Cert cannot sign other certs.";
break;
default:
errstr = "[unknown usage].";
break;
}
case SEC_ERROR_INADEQUATE_CERT_TYPE:
- flags = (unsigned int)((char *)node->arg - (char *)NULL);
+ flags = (unsigned int)node->arg;
switch (flags) {
case NS_CERT_TYPE_SSL_CLIENT:
case NS_CERT_TYPE_SSL_SERVER:
errstr = "Cert cannot be used for SSL.";
break;
case NS_CERT_TYPE_SSL_CA:
errstr = "Cert cannot be used as an SSL CA.";
break;
--- a/cmd/modutil/error.h
+++ b/cmd/modutil/error.h
@@ -128,12 +128,30 @@ typedef enum {
DEFAULT_SUCCESS_MSG,
UNDEFAULT_SUCCESS_MSG,
BROWSER_RUNNING_MSG,
ABORTING_MSG,
LAST_MSG /* must be last */
} Message;
-/* defined in modutil.c */
-extern char *msgStrings[];
+static char *msgStrings[] = {
+ "FIPS mode enabled.\n",
+ "FIPS mode disabled.\n",
+ "Using database directory %s...\n",
+ "Creating \"%s\"...",
+ "Module \"%s\" added to database.\n",
+ "Module \"%s\" deleted from database.\n",
+ "Token \"%s\" password changed successfully.\n",
+ "Incorrect password, try again...\n",
+ "Passwords do not match, try again...\n",
+ "done.\n",
+ "Slot \"%s\" %s.\n",
+ "Successfully changed defaults.\n",
+ "Successfully changed defaults.\n",
+"\nWARNING: Performing this operation while the browser is running could cause"
+"\ncorruption of your security databases. If the browser is currently running,"
+"\nyou should exit browser before continuing this operation. Type "
+"\n'q <enter>' to abort, or <enter> to continue: ",
+ "\nAborting...\n"
+};
#endif /* MODUTIL_ERROR_H */
--- a/cmd/modutil/installparse.c
+++ b/cmd/modutil/installparse.c
@@ -198,34 +198,34 @@ Pk11Install_yyerror(char *message)
int
yyparse()
{
register int yym, yyn, yystate;
#if YYDEBUG
register char *yys;
extern char *getenv();
- if ((yys = getenv("YYDEBUG")) != NULL)
+ if (yys = getenv("YYDEBUG"))
{
yyn = *yys;
if (yyn >= '0' && yyn <= '9')
yydebug = yyn - '0';
}
#endif
yynerrs = 0;
yyerrflag = 0;
yychar = (-1);
yyssp = yyss;
yyvsp = yyvs;
*yyssp = yystate = 0;
yyloop:
- if ((yyn = yydefred[yystate]) != 0) goto yyreduce;
+ if (yyn = yydefred[yystate]) goto yyreduce;
if (yychar < 0)
{
if ((yychar = yylex()) < 0) yychar = 0;
#if YYDEBUG
if (yydebug)
{
yys = 0;
if (yychar <= YYMAXTOKEN) yys = yyname[yychar];
--- a/cmd/modutil/lex.Pk11Install_yy.c
+++ b/cmd/modutil/lex.Pk11Install_yy.c
@@ -1095,17 +1095,16 @@ register char *yy_bp;
yytext_ptr = yy_bp;
yy_hold_char = *yy_cp;
yy_c_buf_p = yy_cp;
}
#endif /* ifndef YY_NO_UNPUT */
-#ifndef YY_NO_INPUT
#ifdef __cplusplus
static int yyinput()
#else
static int input()
#endif
{
int c;
@@ -1167,17 +1166,16 @@ static int input()
c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */
*yy_c_buf_p = '\0'; /* preserve yytext */
yy_hold_char = *++yy_c_buf_p;
return c;
}
-#endif /* ifndef YY_NO_INPUT */
#ifdef YY_USE_PROTOS
void yyrestart( FILE *input_file )
#else
void yyrestart( input_file )
FILE *input_file;
#endif
--- a/cmd/modutil/manifest.mn
+++ b/cmd/modutil/manifest.mn
@@ -19,16 +19,16 @@ CSRCS = modutil.c \
$(NULL)
CPPSRCS =
PROGRAM = modutil
REQUIRES = seccmd nss dbm
-DEFINES = -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT
+DEFINES = -DNSPR20
# sigh
#INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap
# USE_STATIC_LIBS = 1
EXTRA_LIBS = $(JAR_LIBS)
--- a/cmd/modutil/modutil.c
+++ b/cmd/modutil/modutil.c
@@ -117,37 +117,16 @@ static char *optionStrings[] = {
"-installdir",
"-tempdir",
"-secmod",
"-nocertdb",
"-string",
"-chkfips",
};
-char *msgStrings[] = {
- "FIPS mode enabled.\n",
- "FIPS mode disabled.\n",
- "Using database directory %s...\n",
- "Creating \"%s\"...",
- "Module \"%s\" added to database.\n",
- "Module \"%s\" deleted from database.\n",
- "Token \"%s\" password changed successfully.\n",
- "Incorrect password, try again...\n",
- "Passwords do not match, try again...\n",
- "done.\n",
- "Slot \"%s\" %s.\n",
- "Successfully changed defaults.\n",
- "Successfully changed defaults.\n",
-"\nWARNING: Performing this operation while the browser is running could cause"
-"\ncorruption of your security databases. If the browser is currently running,"
-"\nyou should exit browser before continuing this operation. Type "
-"\n'q <enter>' to abort, or <enter> to continue: ",
- "\nAborting...\n"
-};
-
/* Increment i if doing so would have i still be less than j. If you
are able to do this, return 0. Otherwise return 1. */
#define TRY_INC(i,j) ( ((i+1)<j) ? (++i, 0) : 1 )
/********************************************************************
*
* file-wide variables obtained from the command line
*/
--- a/cmd/multinit/multinit.c
+++ b/cmd/multinit/multinit.c
@@ -309,16 +309,37 @@ appendHex(unsigned char nibble)
if (nibble <= 9) {
appendLabel('0'+nibble);
} else {
appendLabel('a'+nibble-10);
}
}
/*
+ * append a secitem as colon separated hex bytes.
+ */
+static void
+appendItem(SECItem *item)
+{
+ int i;
+
+ if (!buffer.data) {
+ return;
+ }
+
+ appendLabel(':');
+ for (i=0; i < item->len; i++) {
+ unsigned char byte=item->data[i];
+ appendHex(byte >> 4);
+ appendHex(byte & 0xf);
+ appendLabel(':');
+ }
+}
+
+/*
* append a 32 bit integer (even on a 64 bit platform).
* for simplicity append it as a hex value, full extension with 0x prefix.
*/
static void
appendInt(unsigned int value)
{
int i;
@@ -467,17 +488,17 @@ sort_CN(CERTCertificate *certa, CERTCert
*/
void
do_list_certs(const char *progName, int log)
{
CERTCertList *list;
CERTCertList *sorted;
CERTCertListNode *node;
CERTCertTrust trust;
- unsigned int i;
+ int i;
list = PK11_ListCerts(PK11CertListUnique, NULL);
if (list == NULL) {
fprintf(stderr,"ERROR: no certs found %s\n",
SECU_Strerror(PORT_GetError()));
appendLabel('C');
appendString("none");
return;
--- a/cmd/ocspclnt/ocspclnt.c
+++ b/cmd/ocspclnt/ocspclnt.c
@@ -557,17 +557,17 @@ print_raw_certificates (FILE *out_file,
fprintf (out_file, "No Certificates.\n");
return;
}
fprintf (out_file, "Certificate List:\n");
while ((raw_cert = raw_certs[i++]) != NULL) {
sprintf (cert_label, "Certificate (%d)", i);
(void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1,
- (SECU_PPFunc)SECU_PrintCertificate);
+ SECU_PrintCertificate);
}
}
static void
print_ocsp_extensions (FILE *out_file, CERTCertExtension **extensions,
char *msg, int level)
{
@@ -959,17 +959,17 @@ main (int argc, char **argv)
int ccert, vcert;
const char *db_dir, *date_str, *cert_usage_str, *name;
const char *responder_name, *responder_url, *signer_name;
PRBool add_acceptable_responses, add_service_locator;
SECItem *data = NULL;
PLOptState *optstate;
SECStatus rv;
CERTCertDBHandle *handle = NULL;
- SECCertUsage cert_usage = certUsageSSLClient;
+ SECCertUsage cert_usage;
PRTime verify_time;
CERTCertificate *cert = NULL;
PRBool ascii = PR_FALSE;
retval = -1; /* what we return/exit with on error */
program_name = PL_strrchr(argv[0], '/');
program_name = program_name ? (program_name + 1) : argv[0];
--- a/cmd/ocspresp/ocspresp.c
+++ b/cmd/ocspresp/ocspresp.c
@@ -124,22 +124,25 @@ main(int argc, char **argv)
CERTCertDBHandle *certHandle = NULL;
CERTCertificate *caCert = NULL, *cert = NULL;
CERTOCSPCertID *cid = NULL;
PLArenaPool *arena = NULL;
PRTime now = PR_Now();
SECItem *encoded = NULL;
CERTOCSPResponse *decoded = NULL;
+ SECStatus statusDecoded;
SECItem *encodedRev = NULL;
CERTOCSPResponse *decodedRev = NULL;
+ SECStatus statusDecodedRev;
SECItem *encodedFail = NULL;
CERTOCSPResponse *decodedFail = NULL;
+ SECStatus statusDecodedFail;
CERTCertificate *obtainedSignerCert = NULL;
if (argc != 4 && argc != 6) {
return Usage();
}
if (argc == 6) {
@@ -173,57 +176,50 @@ main(int argc, char **argv)
goto loser;
cid = CERT_CreateOCSPCertID(cert, now);
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
encoded = encode(arena, cid, caCert);
PORT_Assert(encoded);
decoded = CERT_DecodeOCSPResponse(encoded);
- PORT_AssertSuccess(CERT_GetOCSPResponseStatus(decoded));
+ statusDecoded = CERT_GetOCSPResponseStatus(decoded);
+ PORT_Assert(statusDecoded == SECSuccess);
- PORT_AssertSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
- &obtainedSignerCert, caCert));
- PORT_AssertSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
- obtainedSignerCert, now));
+ statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata,
+ &obtainedSignerCert, caCert);
+ PORT_Assert(statusDecoded == SECSuccess);
+ statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid,
+ obtainedSignerCert, now);
+ PORT_Assert(statusDecoded == SECSuccess);
CERT_DestroyCertificate(obtainedSignerCert);
encodedRev = encodeRevoked(arena, cid, caCert);
PORT_Assert(encodedRev);
decodedRev = CERT_DecodeOCSPResponse(encodedRev);
- PORT_AssertSuccess(CERT_GetOCSPResponseStatus(decodedRev));
+ statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev);
+ PORT_Assert(statusDecodedRev == SECSuccess);
- PORT_AssertSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata,
- &obtainedSignerCert, caCert));
-#ifdef DEBUG
- {
- SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
+ statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata,
+ &obtainedSignerCert, caCert);
+ PORT_Assert(statusDecodedRev == SECSuccess);
+ statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
obtainedSignerCert, now);
- PORT_Assert(rv == SECFailure);
- PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
- }
-#else
- (void)CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
- obtainedSignerCert, now);
-#endif
+ PORT_Assert(statusDecodedRev == SECFailure);
+ PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
CERT_DestroyCertificate(obtainedSignerCert);
encodedFail = CERT_CreateEncodedOCSPErrorResponse(
arena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
PORT_Assert(encodedFail);
decodedFail = CERT_DecodeOCSPResponse(encodedFail);
-#ifdef DEBUG
- {
- SECStatus rv = CERT_GetOCSPResponseStatus(decodedFail);
- PORT_Assert(rv == SECFailure);
- PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
- }
-#else
- (void)CERT_GetOCSPResponseStatus(decodedFail);
-#endif
+ statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail);
+ PORT_Assert(statusDecodedFail == SECFailure);
+ PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
+
retval = 0;
loser:
if (retval != 0)
SECU_PrintError(argv[0], "tests failed");
if (cid)
CERT_DestroyOCSPCertID(cid);
if (cert)
--- a/cmd/oidcalc/oidcalc.c
+++ b/cmd/oidcalc/oidcalc.c
@@ -39,23 +39,23 @@ main(int argc, char **argv)
nextstr = strchr(curstr, '.');
if ( nextstr ) {
*nextstr = '\0';
}
secondval = atoi(curstr);
- if ( firstval > 2 ) {
+ if ( ( firstval < 0 ) || ( firstval > 2 ) ) {
fprintf(stderr, "first component out of range\n");
exit(-1);
}
- if ( secondval > 39 ) {
+ if ( ( secondval < 0 ) || ( secondval > 39 ) ) {
fprintf(stderr, "second component out of range\n");
exit(-1);
}
printf("0x%x, ", ( firstval * 40 ) + secondval );
while ( nextstr ) {
curstr = nextstr + 1;
--- a/cmd/p7env/p7env.c
+++ b/cmd/p7env/p7env.c
@@ -125,27 +125,29 @@ EncryptFile(FILE *outFile, FILE *inFile,
return 0;
}
int
main(int argc, char **argv)
{
char *progName;
FILE *inFile, *outFile;
+ char *certName;
CERTCertDBHandle *certHandle;
struct recipient *recipients, *rcpt;
PLOptState *optstate;
PLOptStatus status;
SECStatus rv;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
inFile = NULL;
outFile = NULL;
+ certName = NULL;
recipients = NULL;
rcpt = NULL;
/*
* Parse command line arguments
* XXX This needs to be enhanced to allow selection of algorithms
* and key sizes (or to look up algorithms and key sizes for each
* recipient in the magic database).
--- a/cmd/pk11gcmtest/pk11gcmtest.c
+++ b/cmd/pk11gcmtest/pk11gcmtest.c
@@ -161,32 +161,32 @@ aes_gcm_kat(const char *respfn)
{
char buf[512]; /* holds one line from the input REQUEST file.
* needs to be large enough to hold the longest
* line "CIPHERTEXT = <320 hex digits>\n".
*/
FILE *aesresp; /* input stream from the RESPONSE file */
int i, j;
unsigned int test_group = 0;
- unsigned int num_tests = 0;
+ unsigned int num_tests;
PRBool is_encrypt;
unsigned char key[32]; /* 128, 192, or 256 bits */
- unsigned int keysize = 16;
+ unsigned int keysize;
unsigned char iv[10*16]; /* 1 to 10 blocks */
- unsigned int ivsize = 12;
+ unsigned int ivsize;
unsigned char plaintext[10*16]; /* 1 to 10 blocks */
unsigned int plaintextlen = 0;
unsigned char aad[10*16]; /* 1 to 10 blocks */
unsigned int aadlen = 0;
unsigned char ciphertext[10*16]; /* 1 to 10 blocks */
- unsigned int ciphertextlen = 0;
+ unsigned int ciphertextlen;
unsigned char tag[16];
- unsigned int tagsize = 16;
+ unsigned int tagsize;
unsigned char output[10*16]; /* 1 to 10 blocks */
- unsigned int outputlen = 0;
+ unsigned int outputlen;
unsigned int expected_keylen = 0;
unsigned int expected_ivlen = 0;
unsigned int expected_ptlen = 0;
unsigned int expected_aadlen = 0;
unsigned int expected_taglen = 0;
SECStatus rv;
--- a/cmd/pk11mode/pk11mode.c
+++ b/cmd/pk11mode/pk11mode.c
@@ -3501,18 +3501,18 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIS
CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen) {
CK_RV crv = CKR_OK;
CK_SESSION_HANDLE h = (CK_SESSION_HANDLE)0;
CK_SESSION_INFO sinfo;
CK_ATTRIBUTE_PTR pTemplate;
CK_ULONG tnObjects = 0;
int curMode;
- unsigned int i;
- unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute);
+ int i;
+ int number_of_all_known_attribute_types = totalKnownType(ConstAttribute);
NUMTESTS++; /* increment NUMTESTS */
crv = pFunctionList->C_OpenSession(pSlotList[slotID], CKF_SERIAL_SESSION,
NULL, NULL, &h);
if ( CKR_OK != crv ) {
PKM_Error("C_OpenSession(%lu, CKF_SERIAL_SESSION, , )"
"returned 0x%08X, %-26s\n", pSlotList[slotID], crv,
@@ -4553,17 +4553,17 @@ CK_RV
PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList,
CK_SLOT_ID * pSlotList, CK_ULONG slotID,
CK_UTF8CHAR_PTR pwd, CK_ULONG pwdLen,
CK_MECHANISM_TYPE mechType,
enum_random_t rnd) {
CK_SESSION_HANDLE hSession;
CK_RV crv;
CK_MECHANISM mk_mech;
- CK_VERSION version;
+ CK_VERSION expected_version, version;
CK_OBJECT_CLASS class = CKO_SECRET_KEY;
CK_KEY_TYPE type = CKK_GENERIC_SECRET;
CK_BBOOL derive_bool = true;
CK_ATTRIBUTE attrs[4];
CK_ULONG attrs_count = 4;
CK_OBJECT_HANDLE pmk_obj = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE mk_obj = CK_INVALID_HANDLE;
CK_SSL3_MASTER_KEY_DERIVE_PARAMS mkd_params;
@@ -4620,16 +4620,18 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST
switch (mechType) {
case CKM_TLS_MASTER_KEY_DERIVE_DH:
isDH = true;
/* FALLTHRU */
case CKM_TLS_MASTER_KEY_DERIVE:
attrs[3].pValue = NULL;
attrs[3].ulValueLen = 0;
+ expected_version.major = 3;
+ expected_version.minor = 1;
mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom;
mkd_params.RandomInfo.ulClientRandomLen =
sizeof (TLSClientRandom);
mkd_params.RandomInfo.pServerRandom = (unsigned char * ) TLSServerRandom;
mkd_params.RandomInfo.ulServerRandomLen =
sizeof (TLSServerRandom);
break;
--- a/cmd/pk12util/pk12util.c
+++ b/cmd/pk12util/pk12util.c
@@ -751,17 +751,17 @@ P12U_ListPKCS12File(char *in_file, PK11S
"Cannot create output file");
} else {
PR_Write(fd, dip->der->data, dip->der->len);
PR_Close(fd);
}
} else
if (SECU_PrintSignedData(stdout, dip->der,
(dip->hasKey) ? "(has private key)" : "",
- 0, (SECU_PPFunc)SECU_PrintCertificate) != 0) {
+ 0, SECU_PrintCertificate) != 0) {
SECU_PrintError(progName,"PKCS12 print cert bag failed");
}
if (dip->friendlyName != NULL) {
printf(" Friendly Name: %s\n\n",
dip->friendlyName->data);
}
if (dip->shroudAlg) {
SECU_PrintAlgorithmID(stdout, dip->shroudAlg,
--- a/cmd/pk1sign/pk1sign.c
+++ b/cmd/pk1sign/pk1sign.c
@@ -170,17 +170,17 @@ SignFile(FILE *outFile, PRFileDesc *inFi
int
main(int argc, char **argv)
{
char *progName;
FILE *outFile;
PRFileDesc *inFile;
char *keyName = NULL;
CERTCertDBHandle *certHandle;
- CERTCertificate *cert = NULL;
+ CERTCertificate *cert;
PLOptState *optstate;
PLOptStatus status;
SECStatus rv;
progName = strrchr(argv[0], '/');
progName = progName ? progName+1 : argv[0];
inFile = NULL;
--- a/cmd/pp/pp.c
+++ b/cmd/pp/pp.c
@@ -131,17 +131,17 @@ int main(int argc, char **argv)
data.len = der.len;
SECU_EnableWrap(wrap);
/* Pretty print it */
if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 ||
PORT_Strcmp(typeTag, "c") == 0) {
rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0,
- (SECU_PPFunc)SECU_PrintCertificate);
+ SECU_PrintCertificate);
} else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 ||
PORT_Strcmp(typeTag, "ci") == 0) {
rv = SECU_PrintSignedContent(outFile, &data, 0, 0,
SECU_PrintDumpDerIssuerAndSerial);
} else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_REQUEST) == 0 ||
PORT_Strcmp(typeTag, "cr") == 0) {
rv = SECU_PrintSignedData(outFile, &data, "Certificate Request", 0,
SECU_PrintCertificateRequest);
--- a/cmd/sdrtest/sdrtest.c
+++ b/cmd/sdrtest/sdrtest.c
@@ -66,19 +66,19 @@ long_usage (char *program_name)
PR_fprintf (pr_stderr,
" %-13s supply \"password\" on the command line\n",
"-p password");
}
int
readStdin(SECItem * result)
{
- unsigned int bufsize = 0;
+ int bufsize = 0;
int cc;
- unsigned int wanted = 8192U;
+ int wanted = 8192;
result->len = 0;
result->data = NULL;
do {
if (bufsize < wanted) {
unsigned char * tmpData = (unsigned char *)PR_Realloc(result->data, wanted);
if (!tmpData) {
if (verbose) PR_fprintf(pr_stderr, "Allocation of buffer failed\n");
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -497,18 +497,18 @@ mySSLSNISocketConfig(PRFileDesc *fd, con
PORT_Assert(fd && sniNameArr);
if (!fd || !sniNameArr) {
return SSL_SNI_SEND_ALERT;
}
pwdata = SSL_RevealPinArg(fd);
- for (;current && (PRUint32)i < sniNameArrSize;i++) {
- unsigned int j = 0;
+ for (;current && i < sniNameArrSize;i++) {
+ int j = 0;
for (;j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j];j++) {
if (!PORT_Strncmp(nameArr[j],
(const char *)current[i].data,
current[i].len) &&
PORT_Strlen(nameArr[j]) == current[i].len) {
const char *nickName = nameArr[j];
if (j == 0) {
/* default cert */
@@ -1124,48 +1124,48 @@ makeCorruptedOCSPResponse(PLArenaPool *a
SECItemArray *
makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
CERTCertificate *cert, secuPWData *pwdata)
{
SECItemArray *result = NULL;
SECItem *ocspResponse = NULL;
CERTOCSPSingleResponse **singleResponses;
- CERTOCSPSingleResponse *sr = NULL;
+ CERTOCSPSingleResponse *sr;
CERTOCSPCertID *cid = NULL;
CERTCertificate *ca;
PRTime now = PR_Now();
PRTime nextUpdate;
PORT_Assert(cert != NULL);
ca = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), ocspStaplingCA);
if (!ca)
errExit("cannot find CA");
cid = CERT_CreateOCSPCertID(cert, now);
if (!cid)
errExit("cannot created cid");
- nextUpdate = now + (PRTime)60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */
+ nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */
switch (osm) {
case osm_good:
case osm_badsig:
sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now,
&nextUpdate);
break;
case osm_unknown:
sr = CERT_CreateOCSPSingleResponseUnknown(arena, cid, now,
&nextUpdate);
break;
case osm_revoked:
sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now,
&nextUpdate,
- now - (PRTime)60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */
+ now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */
NULL);
break;
default:
PORT_Assert(0);
break;
}
if (!sr)
--- a/cmd/shlibsign/shlibsign.c
+++ b/cmd/shlibsign/shlibsign.c
@@ -702,17 +702,17 @@ int main(int argc, char **argv)
PRFileDesc *fd;
PRStatus rv = PR_SUCCESS;
const char *input_file = NULL; /* read/create encrypted data from here */
char *output_file = NULL; /* write new encrypted data here */
int bytesRead;
int bytesWritten;
unsigned char file_buf[512];
int count=0;
- unsigned int keySize = 0;
+ int keySize = 0;
int i;
PRBool verify = PR_FALSE;
static PRBool FIPSMODE = PR_FALSE;
PRBool successful = PR_FALSE;
#ifdef USES_LINKS
int ret;
struct stat stat_buf;
--- a/cmd/signtool/certgen.c
+++ b/cmd/signtool/certgen.c
@@ -415,16 +415,17 @@ set_cert_type(CERTCertificate *cert, uns
static SECItem *
sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk)
{
SECStatus rv;
SECItem der2;
SECItem * result2;
+ void *dummy;
SECOidTag alg = SEC_OID_UNKNOWN;
alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN);
if (alg == SEC_OID_UNKNOWN) {
FatalError("Unknown key type");
}
rv = SECOID_SetAlgorithmID (cert->arena, &cert->signature, alg, 0);
@@ -434,17 +435,17 @@ sign_cert(CERTCertificate *cert, SECKEYP
PROGRAM_NAME);
errorCount++;
exit (ERRX);
}
der2.len = 0;
der2.data = NULL;
- (void)SEC_ASN1EncodeItem
+ dummy = SEC_ASN1EncodeItem
(cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate));
if (rv != SECSuccess) {
PR_fprintf(errorFD, "%s: error encoding cert\n", PROGRAM_NAME);
errorCount++;
exit (ERRX);
}
--- a/cmd/signtool/util.c
+++ b/cmd/signtool/util.c
@@ -11,21 +11,19 @@ static int is_dir (char *filename);
/***********************************************************
* Nasty hackish function definitions
*/
long *mozilla_event_queue = 0;
#ifndef XP_WIN
-char *XP_GetString (int i)
+char *XP_GetString (int i)
{
- /* nasty hackish cast to avoid changing the signature of
- * JAR_init_callbacks() */
- return (char *)SECU_Strerror (i);
+ return SECU_Strerror (i);
}
#endif
void FE_SetPasswordEnabled()
{
}
--- a/cmd/ssltap/ssltap.c
+++ b/cmd/ssltap/ssltap.c
@@ -36,22 +36,22 @@
#include "ocsp.h"
#include "ocspti.h" /* internals for pretty-printing routines *only* */
struct _DataBufferList;
struct _DataBuffer;
typedef struct _DataBufferList {
struct _DataBuffer *first,*last;
- unsigned int size;
+ int size;
int isEncrypted;
unsigned char * msgBuf;
- unsigned int msgBufOffset;
- unsigned int msgBufSize;
- unsigned int hMACsize;
+ int msgBufOffset;
+ int msgBufSize;
+ int hMACsize;
} DataBufferList;
typedef struct _DataBuffer {
unsigned char *buffer;
int length;
int offset; /* offset of first good byte */
struct _DataBuffer *next;
} DataBuffer;
@@ -561,36 +561,36 @@ void print_sslv2(DataBufferList *s, unsi
(PRUint32)(GET_SHORT((chv2->cslength))));
PR_fprintf(PR_STDOUT," sid-length = %d (0x%02x)\n",
(PRUint32)(GET_SHORT((chv2->sidlength))),
(PRUint32)(GET_SHORT((chv2->sidlength))));
PR_fprintf(PR_STDOUT," challenge-length = %d (0x%02x)\n",
(PRUint32)(GET_SHORT((chv2->rndlength))),
(PRUint32)(GET_SHORT((chv2->rndlength))));
PR_fprintf(PR_STDOUT," cipher-suites = { \n");
- for (p=0;p<(PRUint32)GET_SHORT((chv2->cslength));p+=3) {
+ for (p=0;p<GET_SHORT((chv2->cslength));p+=3) {
PRUint32 cs_int = GET_24((&chv2->csuites[p]));
const char *cs_str = V2CipherString(cs_int);
PR_fprintf(PR_STDOUT," (0x%06x) %s\n",
cs_int, cs_str);
}
q = p;
PR_fprintf(PR_STDOUT," }\n");
- if (GET_SHORT((chv2->sidlength))) {
+ if (chv2->sidlength) {
PR_fprintf(PR_STDOUT," session-id = { ");
- for (p=0;p<(PRUint32)GET_SHORT((chv2->sidlength));p+=2) {
+ for (p=0;p<GET_SHORT((chv2->sidlength));p+=2) {
PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q]))));
}
}
q += p;
PR_fprintf(PR_STDOUT,"}\n");
- if (GET_SHORT((chv2->rndlength))) {
+ if (chv2->rndlength) {
PR_fprintf(PR_STDOUT," challenge = { ");
- for (p=0;p<(PRUint32)GET_SHORT((chv2->rndlength));p+=2) {
+ for (p=0;p<GET_SHORT((chv2->rndlength));p+=2) {
PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q]))));
}
PR_fprintf(PR_STDOUT,"}\n");
}
PR_fprintf(PR_STDOUT,"}\n");
break;
/* end of V2 CLientHello Parsing */
@@ -973,17 +973,17 @@ print_status_response(SECItem *data)
*/
void print_ssl3_handshake(unsigned char *recordBuf,
unsigned int recordLen,
SSLRecord * sr,
DataBufferList *s)
{
struct sslhandshake sslh;
unsigned char * hsdata;
- unsigned int offset=0;
+ int offset=0;
PR_fprintf(PR_STDOUT," handshake {\n");
if (s->msgBufOffset && s->msgBuf) {
/* append recordBuf to msgBuf, then use msgBuf */
if (s->msgBufOffset + recordLen > s->msgBufSize) {
int newSize = s->msgBufOffset + recordLen;
unsigned char * newBuf = PORT_Realloc(s->msgBuf, newSize);
@@ -1360,17 +1360,17 @@ void print_ssl3_handshake(unsigned char
if (sslhexparse) print_hex(sslh.length, hsdata);
PR_fprintf(PR_STDOUT," }\n");
}
} /* end of switch sslh.type */
offset += sslh.length + 4;
} /* while */
if (offset < recordLen) { /* stuff left over */
- unsigned int newMsgLen = recordLen - offset;
+ int newMsgLen = recordLen - offset;
if (!s->msgBuf) {
s->msgBuf = PORT_Alloc(newMsgLen);
if (!s->msgBuf) {
PR_ASSERT(s->msgBuf);
showErr( "Malloc failed");
exit(11);
}
s->msgBufSize = newMsgLen;
--- a/cmd/strsclnt/strsclnt.c
+++ b/cmd/strsclnt/strsclnt.c
@@ -493,16 +493,17 @@ init_thread_data(void)
}
/**************************************************************************
** End thread management routines.
**************************************************************************/
PRBool useModelSocket = PR_TRUE;
+static const char stopCmd[] = { "GET /stop " };
static const char outHeader[] = {
"HTTP/1.0 200 OK\r\n"
"Server: Netscape-Enterprise/2.0a\r\n"
"Date: Tue, 26 Aug 1997 22:10:05 GMT\r\n"
"Content-type: text/plain\r\n"
"\r\n"
};
@@ -561,18 +562,18 @@ lockedVars_AddToCount(lockedVars * lv, i
int
do_writes(
void * a,
void * b,
int c)
{
PRFileDesc * ssl_sock = (PRFileDesc *)a;
lockedVars * lv = (lockedVars *)b;
- unsigned int sent = 0;
- int count = 0;
+ int sent = 0;
+ int count = 0;
while (sent < bigBuf.len) {
count = PR_Send(ssl_sock, bigBuf.data + sent, bigBuf.len - sent,
0, maxInterval);
if (count < 0) {
errWarn("PR_Send bigBuf");
break;
@@ -706,17 +707,17 @@ handle_connection( PRFileDesc *ssl_sock,
#ifdef USE_SOCK_PEER_ID
PRInt32 lastFullHandshakePeerID;
void
myHandshakeCallback(PRFileDesc *socket, void *arg)
{
- PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL));
+ PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32) arg);
}
#endif
/* one copy of this function is launched in a separate thread for each
** connection to be made.
*/
int
@@ -726,16 +727,17 @@ do_connects(
int tid)
{
PRNetAddr * addr = (PRNetAddr *) a;
PRFileDesc * model_sock = (PRFileDesc *) b;
PRFileDesc * ssl_sock = 0;
PRFileDesc * tcp_sock = 0;
PRStatus prStatus;
PRUint32 sleepInterval = 50; /* milliseconds */
+ SECStatus result;
int rv = SECSuccess;
PRSocketOptionData opt;
retry:
tcp_sock = PR_OpenTCPSocket(addr->raw.family);
if (tcp_sock == NULL) {
errExit("PR_OpenTCPSocket");
@@ -832,35 +834,34 @@ retry:
thisPeerID = PR_ATOMIC_INCREMENT(&sockPeerID);
} else {
/* reuse previous sockPeerID for restart handhsake */
thisPeerID = lastFullHandshakePeerID;
}
PR_snprintf(sockPeerIDString, sizeof(sockPeerIDString), "ID%d",
thisPeerID);
SSL_SetSockPeerID(ssl_sock, sockPeerIDString);
- SSL_HandshakeCallback(ssl_sock, myHandshakeCallback,
- (char *)NULL + thisPeerID);
+ SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, (void*)thisPeerID);
#else
/* force a full handshake by setting the no cache option */
SSL_OptionSet(ssl_sock, SSL_NO_CACHE, 1);
#endif
}
rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0);
if (rv != SECSuccess) {
errWarn("SSL_ResetHandshake");
goto done;
}
PR_ATOMIC_INCREMENT(&numConnected);
if (bigBuf.data != NULL) {
- (void)handle_fdx_connection( ssl_sock, tid);
+ result = handle_fdx_connection( ssl_sock, tid);
} else {
- (void)handle_connection( ssl_sock, tid);
+ result = handle_connection( ssl_sock, tid);
}
PR_ATOMIC_DECREMENT(&numConnected);
done:
if (ssl_sock) {
PR_Close(ssl_sock);
} else if (tcp_sock) {
--- a/cmd/symkeyutil/symkeyutil.c
+++ b/cmd/symkeyutil/symkeyutil.c
@@ -1010,17 +1010,18 @@ main(int argc, char **argv)
for (se = PK11_GetFirstSafe(slotList); se;
se=PK11_GetNextSafe(slotList,se, PR_FALSE)) {
rv = ListKeys(se->slot,&printLabel,&pwdata);
if (rv !=SECSuccess) {
break;
}
}
if (se) {
- PORT_AssertSuccess(PK11_FreeSlotListElement(slotList, se));
+ SECStatus rv2 = PK11_FreeSlotListElement(slotList, se);
+ PORT_Assert(SECSuccess == rv2);
}
PK11_FreeSlotList(slotList);
}
}
}
/* Move key (-M) */
if (symKeyUtil.commands[cmd_MoveKey].activated) {
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -529,19 +529,19 @@ dumpServerCertificateChain(PRFileDesc *f
CERTCertificateList *foundChain = NULL;
SECU_PPFunc dumpFunction = NULL;
PRBool dumpCertPEM = PR_FALSE;
if (!dumpServerChain) {
return;
}
else if (dumpServerChain == 1) {
- dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo;
+ dumpFunction = SECU_PrintCertificateBasicInfo;
} else {
- dumpFunction = (SECU_PPFunc)SECU_PrintCertificate;
+ dumpFunction = SECU_PrintCertificate;
if (dumpServerChain > 2) {
dumpCertPEM = PR_TRUE;
}
}
SECU_EnableWrap(PR_FALSE);
fprintf(stderr, "==== certificate(s) sent by server: ====\n");
@@ -561,17 +561,17 @@ dumpServerCertificateChain(PRFileDesc *f
if (peerCertChain) {
peerCert = SSL_RevealCert(fd);
if (peerCert) {
foundChain = CERT_CertChainFromCert(peerCert, certificateUsageSSLServer,
PR_TRUE);
}
if (foundChain) {
- unsigned int count = 0;
+ int count = 0;
fprintf(stderr, "==== locally found issuer certificate(s): ====\n");
for(count = 0; count < (unsigned int)foundChain->len; count++) {
CERTCertificate *c;
PRBool wasSentByServer = PR_FALSE;
c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &foundChain->certs[count]);
node = CERT_LIST_HEAD(peerCertChain);
while ( ! CERT_LIST_END(node, peerCertChain) ) {
@@ -614,17 +614,17 @@ ownAuthCertificate(void *arg, PRFileDesc
if (dumpServerChain) {
dumpServerCertificateChain(fd);
}
if (!serverCertAuth->shouldPause) {
CERTCertificate *cert;
- unsigned int i;
+ int i;
const SECItemArray *csa;
if (!serverCertAuth->testFreshStatusFromSideChannel) {
return SSL_AuthCertificate(serverCertAuth->dbHandle,
fd, checkSig, isServer);
}
/* No verification attempt must have happened before now,
@@ -639,17 +639,18 @@ ownAuthCertificate(void *arg, PRFileDesc
csa = SSL_PeerStapledOCSPResponses(fd);
if (csa) {
for (i = 0; i < csa->len; ++i) {
PORT_SetError(0);
if (CERT_CacheOCSPResponseFromSideChannel(
serverCertAuth->dbHandle, cert, PR_Now(),
&csa->items[i], arg) != SECSuccess) {
- PORT_Assert(PR_GetError() != 0);
+ PRErrorCode error = PR_GetError();
+ PORT_Assert(error != 0);
}
}
}
verifyFromSideChannel(cert, serverCertAuth);
CERT_DestroyCertificate(cert);
/* return success to ensure our caller will continue and we will
* reach the code that handles
@@ -1277,17 +1278,17 @@ int main(int argc, char **argv)
if (cipherString) {
char *cstringSaved = cipherString;
int ndx;
while (0 != (ndx = *cipherString++)) {
int cipher;
if (ndx == ':') {
- int ctmp = 0;
+ int ctmp;
cipher = 0;
HEXCHAR_TO_INT(*cipherString, ctmp)
cipher |= (ctmp << 12);
cipherString++;
HEXCHAR_TO_INT(*cipherString, ctmp)
cipher |= (ctmp << 8);
cipherString++;
--- a/cmd/vfychain/vfychain.c
+++ b/cmd/vfychain/vfychain.c
@@ -328,17 +328,17 @@ parseRevMethodsAndFlags()
}
SECStatus
configureRevocationParams(CERTRevocationFlags *flags)
{
int i;
unsigned int testType = REVCONFIG_TEST_UNDEFINED;
static CERTRevocationTests *revTests = NULL;
- PRUint64 *revFlags = NULL;
+ PRUint64 *revFlags;
for(i = 0;i < REV_METHOD_INDEX_MAX;i++) {
if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) {
continue;
}
if (revMethodsData[i].testType != testType) {
testType = revMethodsData[i].testType;
if (testType == REVCONFIG_TEST_CHAIN) {
--- a/cmd/vfyserv/vfyserv.c
+++ b/cmd/vfyserv/vfyserv.c
@@ -505,17 +505,17 @@ main(int argc, char **argv)
/* disable all the ciphers, then enable the ones we want. */
disableAllSSLCiphers();
while (0 != (ndx = *cipherString++)) {
int cipher;
if (ndx == ':') {
- int ctmp = 0;
+ int ctmp;
cipher = 0;
HEXCHAR_TO_INT(*cipherString, ctmp)
cipher |= (ctmp << 12);
cipherString++;
HEXCHAR_TO_INT(*cipherString, ctmp)
cipher |= (ctmp << 8);
cipherString++;
--- a/cmd/vfyserv/vfyutil.c
+++ b/cmd/vfyserv/vfyutil.c
@@ -598,17 +598,17 @@ lockedVars_AddToCount(lockedVars * lv, i
* multiple treads. But it should not be a problem since we
* consider vfyserv to be single threaded(see bug 353477).
*/
void
dumpCertChain(CERTCertificate *cert, SECCertUsage usage)
{
CERTCertificateList *certList;
- unsigned int count = 0;
+ int count = 0;
certList = CERT_CertChainFromCert(cert, usage, PR_TRUE);
if (certList == NULL) {
errWarn("CERT_CertChainFromCert");
return;
}
for(count = 0; count < (unsigned int)certList->len; count++) {
--- a/coreconf/Linux.mk
+++ b/coreconf/Linux.mk
@@ -120,41 +120,24 @@ ifdef MOZ_DEBUG_SYMBOLS
ifdef MOZ_DEBUG_FLAGS
OPTIMIZER += $(MOZ_DEBUG_FLAGS)
else
OPTIMIZER += -gdwarf-2
endif
endif
endif
-ifndef COMPILER_TAG
-COMPILER_TAG = _$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')
-CCC_COMPILER_TAG = _$(shell $(CCC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')
-endif
ifeq ($(USE_PTHREADS),1)
OS_PTHREAD = -lpthread
endif
-OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR
+OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR
OS_LIBS = $(OS_PTHREAD) -ldl -lc
-ifeq ($(COMPILER_TAG),_clang)
-# -Qunused-arguments : clang objects to arguments that it doesn't understand
-# and fixing this would require rearchitecture
-# -Wno-parentheses-equality : because clang warns about macro expansions
-OS_CFLAGS += -Qunused-arguments -Wno-parentheses-equality
-ifdef BUILD_OPT
-# clang is unable to handle glib's expansion of strcmp and similar for optimized
-# builds, so ignore the resulting errors.
-# See https://llvm.org/bugs/show_bug.cgi?id=20144
-OS_CFLAGS += -Wno-array-bounds -Wno-unevaluated-expression
-endif
-endif
-
ifdef USE_PTHREADS
DEFINES += -D_REENTRANT
endif
ARCH = linux
DSO_CFLAGS = -fPIC
DSO_LDOPTS = -shared $(ARCHFLAG) -Wl,--gc-sections
--- a/coreconf/WIN32.mk
+++ b/coreconf/WIN32.mk
@@ -19,19 +19,18 @@ ifdef NS_USE_GCC
RANLIB = ranlib
BSDECHO = echo
RC = windres.exe -O coff --use-temp-file
LINK_DLL = $(CC) $(OS_DLLFLAGS) $(DLLFLAGS)
else
CC = cl
CCC = cl
LINK = link
- LDFLAGS += -nologo
AR = lib
- AR += -nologo -OUT:$@
+ AR += -NOLOGO -OUT:$@
RANLIB = echo
BSDECHO = echo
RC = rc.exe
MT = mt.exe
# Check for clang-cl
CLANG_CL := $(shell expr `$(CC) -? 2>&1 | grep -w clang | wc -l` \> 0)
# Determine compiler version
ifeq ($(CLANG_CL),1)
@@ -99,17 +98,17 @@ XP_DEFINE += -DXP_PC
ifdef NS_USE_GCC
LIB_SUFFIX = a
else
LIB_SUFFIX = lib
endif
DLL_SUFFIX = dll
ifdef NS_USE_GCC
- OS_CFLAGS += -mwindows -mms-bitfields -Werror
+ OS_CFLAGS += -mwindows -mms-bitfields
_GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY)
DLLFLAGS += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB))
ifdef BUILD_OPT
ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE))
OPTIMIZER += -Os
else
OPTIMIZER += -O2
endif
@@ -118,17 +117,17 @@ ifdef NS_USE_GCC
OPTIMIZER += -g
NULLSTRING :=
SPACE := $(NULLSTRING) # end of the line
USERNAME := $(subst $(SPACE),_,$(USERNAME))
USERNAME := $(subst -,_,$(USERNAME))
DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME)
endif
else # !NS_USE_GCC
- OS_CFLAGS += -W3 -WX -nologo -D_CRT_SECURE_NO_WARNINGS \
+ OS_CFLAGS += -W3 -nologo -D_CRT_SECURE_NO_WARNINGS \
-D_CRT_NONSTDC_NO_WARNINGS
OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS
ifeq ($(_MSC_VER),$(_MSC_VER_6))
ifndef MOZ_DEBUG_SYMBOLS
OS_DLLFLAGS += -PDB:NONE
endif
endif
ifdef USE_DYNAMICBASE
@@ -183,21 +182,21 @@ ifeq ($(_MSC_VER),$(_MSC_VER_6))
ifndef MOZ_DEBUG_SYMBOLS
LDFLAGS += -PDB:NONE
endif
endif
# Purify requires /FIXED:NO when linking EXEs.
LDFLAGS += /FIXED:NO
endif
ifneq ($(_MSC_VER),$(_MSC_VER_6))
- # NSS has too many of these to fix, downgrade the warning
- # Disable C4267: conversion from 'size_t' to 'type', possible loss of data
- # Disable C4244: conversion from 'type1' to 'type2', possible loss of data
- # Disable C4018: 'expression' : signed/unsigned mismatch
- OS_CFLAGS += -w44267 -w44244 -w44018
+ # Convert certain deadly warnings to errors (see list at end of file)
+ OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 -we4013 \
+ -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \
+ -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715
+
ifeq ($(_MSC_VER_GE_12),1)
OS_CFLAGS += -FS
endif
endif # !MSVC6
endif # NS_USE_GCC
ifdef USE_64
DEFINES += -DWIN64
@@ -359,8 +358,37 @@ ifdef LIBRARY_NAME
endif
#
# override the TARGETS defined in ruleset.mk, adding IMPORT_LIBRARY
#
ifndef TARGETS
TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM)
endif
+
+# list of MSVC warnings converted to errors above:
+# 4002: too many actual parameters for macro 'identifier'
+# 4003: not enough actual parameters for macro 'identifier'
+# 4004: incorrect construction after 'defined'
+# 4006: #undef expected an identifier
+# 4009: string too big; trailing characters truncated
+# 4015: 'identifier' : type of bit field must be integral
+# 4028: formal parameter different from declaration
+# 4033: 'function' must return a value
+# 4035: 'function' : no return value
+# 4045: 'identifier' : array bounds overflow
+# 4047: 'function' : 'type 1' differs in levels of indirection from 'type 2'
+# 4053: one void operand for '?:'
+# 4054: 'conversion' : from function pointer 'type1' to data pointer 'type2'
+# 4059: pascal string too big, length byte is length % 256
+# 4063: case 'identifier' is not a valid value for switch of enum 'identifier'
+# 4064: switch of incomplete enum 'identifier'
+# 4078: case constant 'value' too big for the type of the switch expression
+# 4087: 'function' : declared with 'void' parameter list
+# 4090: 'function' : different 'const' qualifiers
+# 4098: 'function' : void function returning a value
+# 4390: ';' : empty controlled statement found; is this the intent?
+# 4541: RTTI train wreck
+# 4715: not all control paths return a value
+# 4013: function undefined; assuming extern returning int
+# 4553: '==' : operator has no effect; did you intend '='?
+# 4551: function call missing argument list
+
--- a/coreconf/rules.mk
+++ b/coreconf/rules.mk
@@ -267,20 +267,16 @@ endif
ifeq ($(OS_TARGET),OS2)
$(IMPORT_LIBRARY): $(MAPFILE)
rm -f $@
$(IMPLIB) $@ $<
$(RANLIB) $@
endif
-ifeq ($(OS_ARCH),WINNT)
-$(IMPORT_LIBRARY): $(LIBRARY)
- cp -f $< $@
-endif
ifdef SHARED_LIBRARY_LIBS
ifdef BUILD_TREE
SUB_SHLOBJS = $(foreach dir,$(SHARED_LIBRARY_DIRS),$(shell $(MAKE) -C $(dir) --no-print-directory get_objs))
else
SUB_SHLOBJS = $(foreach dir,$(SHARED_LIBRARY_DIRS),$(addprefix $(dir)/,$(shell $(MAKE) -C $(dir) --no-print-directory get_objs)))
endif
endif
@@ -432,32 +428,18 @@ else
$(CCC) -o $@ -c $(CFLAGS) $<
endif
endif
#
# Please keep the next two rules in sync.
#
$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc
- $(MAKE_OBJDIR)
-ifdef STRICT_CPLUSPLUS_SUFFIX
- echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc
- $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc
- rm -f $(OBJDIR)/t_$*.cc
-else
-ifdef USE_NT_C_SYNTAX
- $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<)
-else
-ifdef NEED_ABSOLUTE_PATH
- $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<)
-else
+ @$(MAKE_OBJDIR)
$(CCC) -o $@ -c $(CFLAGS) $<
-endif
-endif
-endif #STRICT_CPLUSPLUS_SUFFIX
$(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp
@$(MAKE_OBJDIR)
ifdef STRICT_CPLUSPLUS_SUFFIX
echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc
$(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc
rm -f $(OBJDIR)/t_$*.cc
else
--- a/external_tests/google_test/Makefile
+++ b/external_tests/google_test/Makefile
@@ -37,18 +37,9 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
-ifeq (WINNT,$(OS_ARCH))
- # -MTd (not -MD) because that makes it link to the right library
- # -EHsc because gtest has exception handlers
- OS_CFLAGS := $(filterout -MD,$(OS_CFLAGS))
- OS_CFLAGS += -MTd -EHsc
- # On windows, we need to create the parent directory
- # Needed because we include files from a subdirectory
- MAKE_OBJDIR = $(INSTALL) -D $(dir $@)
-endif
+MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS)
--- a/external_tests/ssl_gtest/Makefile
+++ b/external_tests/ssl_gtest/Makefile
@@ -37,24 +37,12 @@ include $(CORE_DEPTH)/coreconf/rules.mk
# (6) Execute "component" rules. (OPTIONAL) #
#######################################################################
#######################################################################
# (7) Execute "local" rules. (OPTIONAL). #
#######################################################################
-MKPROG = $(CCC)
+MKPROG = $(CXX)
+CFLAGS += -std=c++0x
include ../../cmd/platrules.mk
-ifeq (WINNT,$(OS_ARCH))
- # -MTd (not -MD) because that makes it link to the right library
- # -EHsc because gtest has exception handlers
- OS_CFLAGS := $(filterout -MD,$(OS_CFLAGS))
- OS_CFLAGS += -MTd -EHsc -nologo
- # http://www.suodenjoki.dk/us/archive/2010/min-max.htm
- OS_CFLAGS += -DNOMINMAX
-
- # Linking to winsock to get htonl
- OS_LIBS += Ws2_32.lib
-else
- CFLAGS += -std=c++0x
-endif
--- a/external_tests/ssl_gtest/databuffer.h
+++ b/external_tests/ssl_gtest/databuffer.h
@@ -7,21 +7,16 @@
#ifndef databuffer_h__
#define databuffer_h__
#include <algorithm>
#include <cassert>
#include <cstring>
#include <iomanip>
#include <iostream>
-#if defined(WIN32) || defined(WIN64)
-#include <winsock2.h>
-#else
-#include <arpa/inet.h>
-#endif
namespace nss_test {
class DataBuffer {
public:
DataBuffer() : data_(nullptr), len_(0) {}
DataBuffer(const uint8_t *data, size_t len) : data_(nullptr), len_(0) {
Assign(data, len);
--- a/external_tests/ssl_gtest/ssl_loopback_unittest.cc
+++ b/external_tests/ssl_gtest/ssl_loopback_unittest.cc
@@ -313,20 +313,20 @@ TEST_P(TlsConnectStream, ShortRead) {
// so skip in that case.
if (version_ < SSL_LIBRARY_VERSION_TLS_1_1)
return;
Connect();
server_->SendData(1200, 1200);
// Read the first tranche.
WAIT_(client_->received_bytes() == 1024, 2000);
- ASSERT_EQ(1024U, client_->received_bytes());
+ ASSERT_EQ(1024, client_->received_bytes());
// The second tranche should now immediately be available.
client_->ReadBytes();
- ASSERT_EQ(1200U, client_->received_bytes());
+ ASSERT_EQ(1200, client_->received_bytes());
}
INSTANTIATE_TEST_CASE_P(VariantsStream10, TlsConnectGeneric,
::testing::Combine(
TlsConnectTestBase::kTlsModesStream,
TlsConnectTestBase::kTlsV10));
INSTANTIATE_TEST_CASE_P(VariantsAll, TlsConnectGeneric,
::testing::Combine(
--- a/external_tests/ssl_gtest/tls_agent.cc
+++ b/external_tests/ssl_gtest/tls_agent.cc
@@ -22,17 +22,17 @@ const char* TlsAgent::states[] = {"INIT"
TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea)
: name_(name),
mode_(mode),
kea_(kea),
pr_fd_(nullptr),
adapter_(nullptr),
ssl_fd_(nullptr),
role_(role),
- state_(STATE_INIT),
+ state_(INIT),
falsestart_enabled_(false),
expected_version_(0),
expected_cipher_suite_(0),
expect_resumption_(false),
can_falsestart_hook_called_(false),
sni_hook_called_(false),
auth_certificate_hook_called_(false),
handshake_callback_called_(false),
@@ -117,17 +117,17 @@ bool TlsAgent::EnsureTlsSetup() {
}
void TlsAgent::StartConnect() {
EXPECT_TRUE(EnsureTlsSetup());
SECStatus rv;
rv = SSL_ResetHandshake(ssl_fd_, role_ == SERVER ? PR_TRUE : PR_FALSE);
EXPECT_EQ(SECSuccess, rv);
- SetState(STATE_CONNECTING);
+ SetState(CONNECTING);
}
void TlsAgent::EnableSomeEcdheCiphers() {
EXPECT_TRUE(EnsureTlsSetup());
const uint32_t EcdheCiphers[] = {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -187,22 +187,22 @@ void TlsAgent::SetExpectedVersion(uint16
expected_version_ = version;
}
void TlsAgent::SetExpectedReadError(bool err) {
expected_read_error_ = err;
}
void TlsAgent::CheckKEAType(SSLKEAType type) const {
- EXPECT_EQ(STATE_CONNECTED, state_);
+ EXPECT_EQ(CONNECTED, state_);
EXPECT_EQ(type, csinfo_.keaType);
}
void TlsAgent::CheckAuthType(SSLAuthType type) const {
- EXPECT_EQ(STATE_CONNECTED, state_);
+ EXPECT_EQ(CONNECTED, state_);
EXPECT_EQ(type, csinfo_.authAlgorithm);
}
void TlsAgent::EnableFalseStart() {
EXPECT_TRUE(EnsureTlsSetup());
falsestart_enabled_ = true;
EXPECT_EQ(SECSuccess,
@@ -247,17 +247,17 @@ void TlsAgent::EnableSrtp() {
void TlsAgent::CheckSrtp() const {
uint16_t actual;
EXPECT_EQ(SECSuccess, SSL_GetSRTPCipher(ssl_fd_, &actual));
EXPECT_EQ(SRTP_AES128_CM_HMAC_SHA1_80, actual);
}
void TlsAgent::CheckErrorCode(int32_t expected) const {
- EXPECT_EQ(STATE_ERROR, state_);
+ EXPECT_EQ(ERROR, state_);
EXPECT_EQ(expected, error_code_);
}
void TlsAgent::CheckPreliminaryInfo() {
SSLPreliminaryChannelInfo info;
EXPECT_EQ(SECSuccess,
SSL_GetPreliminaryChannelInfo(ssl_fd_, &info, sizeof(info)));
EXPECT_TRUE(info.valuesSet & ssl_preinfo_version);
@@ -310,17 +310,17 @@ void TlsAgent::Connected() {
// If either expected values were set or the callbacks were called, check
// that the final values are correct.
EXPECT_EQ(expected_version_, info_.protocolVersion);
EXPECT_EQ(expected_cipher_suite_, info_.cipherSuite);
rv = SSL_GetCipherSuiteInfo(info_.cipherSuite, &csinfo_, sizeof(csinfo_));
EXPECT_EQ(SECSuccess, rv);
- SetState(STATE_CONNECTED);
+ SetState(CONNECTED);
}
void TlsAgent::Handshake() {
SECStatus rv = SSL_ForceHandshake(ssl_fd_);
if (rv == SECSuccess) {
Connected();
Poller::Instance()->Wait(READABLE_EVENT, adapter_, this,
@@ -339,25 +339,25 @@ void TlsAgent::Handshake() {
return;
break;
// TODO(ekr@rtfm.com): needs special case for DTLS
case SSL_ERROR_RX_MALFORMED_HANDSHAKE:
default:
LOG("Handshake failed with error " << err);
error_code_ = err;
- SetState(STATE_ERROR);
+ SetState(ERROR);
return;
}
}
void TlsAgent::PrepareForRenegotiate() {
- EXPECT_EQ(STATE_CONNECTED, state_);
+ EXPECT_EQ(CONNECTED, state_);
- SetState(STATE_CONNECTING);
+ SetState(CONNECTING);
}
void TlsAgent::StartRenegotiate() {
PrepareForRenegotiate();
SECStatus rv = SSL_ReHandshake(ssl_fd_, PR_TRUE);
EXPECT_EQ(SECSuccess, rv);
}
@@ -372,17 +372,17 @@ void TlsAgent::SendData(size_t bytes, si
for(size_t i = 0; i < tosend; ++i) {
block[i] = 0xff & send_ctr_;
++send_ctr_;
}
LOG("Writing " << tosend << " bytes");
int32_t rv = PR_Write(ssl_fd_, block, tosend);
- ASSERT_EQ(tosend, static_cast<size_t>(rv));
+ ASSERT_EQ(tosend, rv);
bytes -= tosend;
}
}
void TlsAgent::ReadBytes() {
uint8_t block[1024];
@@ -391,19 +391,18 @@ void TlsAgent::ReadBytes() {
int32_t rv = PR_Read(ssl_fd_, block, sizeof(block));
int32_t err = PR_GetError();
if (err != PR_WOULD_BLOCK_ERROR) {
if (expected_read_error_) {
error_code_ = err;
} else {
ASSERT_LE(0, rv);
- size_t count = static_cast<size_t>(rv);
- LOG("Read " << count << " bytes");
- for (size_t i = 0; i < count; ++i) {
+ LOG("Read " << rv << " bytes");
+ for (size_t i = 0; i < rv; ++i) {
ASSERT_EQ(recv_ctr_ & 0xff, block[i]);
recv_ctr_++;
}
}
}
Poller::Instance()->Wait(READABLE_EVENT, adapter_, this,
&TlsAgent::ReadableCallback);
--- a/external_tests/ssl_gtest/tls_agent.h
+++ b/external_tests/ssl_gtest/tls_agent.h
@@ -26,17 +26,17 @@ enum SessionResumptionMode {
RESUME_SESSIONID = 1,
RESUME_TICKET = 2,
RESUME_BOTH = RESUME_SESSIONID | RESUME_TICKET
};
class TlsAgent : public PollTarget {
public:
enum Role { CLIENT, SERVER };
- enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR };
+ enum State { INIT, CONNECTING, CONNECTED, ERROR };
TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea);
virtual ~TlsAgent();
bool Init() {
pr_fd_ = DummyPrSocket::CreateFD(name_, mode_);
if (!pr_fd_) return false;
@@ -91,29 +91,29 @@ class TlsAgent : public PollTarget {
const char* state_str(State state) const { return states[state]; }
PRFileDesc* ssl_fd() { return ssl_fd_; }
uint16_t min_version() const { return vrange_.min; }
uint16_t max_version() const { return vrange_.max; }
uint16_t version() const {
- EXPECT_EQ(STATE_CONNECTED, state_);
+ EXPECT_EQ(CONNECTED, state_);
return info_.protocolVersion;
}
bool cipher_suite(int16_t* cipher_suite) const {
- if (state_ != STATE_CONNECTED) return false;
+ if (state_ != CONNECTED) return false;
*cipher_suite = info_.cipherSuite;
return true;
}
std::string cipher_suite_name() const {
- if (state_ != STATE_CONNECTED) return "UNKNOWN";
+ if (state_ != CONNECTED) return "UNKNOWN";
return csinfo_.cipherSuiteName;
}
std::vector<uint8_t> session_id() const {
return std::vector<uint8_t>(info_.sessionID,
info_.sessionID + info_.sessionIDLength);
}
@@ -145,20 +145,20 @@ class TlsAgent : public PollTarget {
TlsAgent* agent = static_cast<TlsAgent*>(self);
agent->ReadableCallback_int();
}
void ReadableCallback_int() {
LOG("Readable");
switch (state_) {
- case STATE_CONNECTING:
+ case CONNECTING:
Handshake();
break;
- case STATE_CONNECTED:
+ case CONNECTED:
ReadBytes();
break;
default:
break;
}
}
static PRInt32 SniHook(PRFileDesc *fd, const SECItem *srvNameArr,
--- a/external_tests/ssl_gtest/tls_connect.cc
+++ b/external_tests/ssl_gtest/tls_connect.cc
@@ -126,18 +126,18 @@ void TlsConnectTestBase::EnsureTlsSetup(
EXPECT_TRUE(client_->EnsureTlsSetup());
EXPECT_TRUE(server_->EnsureTlsSetup());
}
void TlsConnectTestBase::Handshake() {
client_->Handshake();
server_->Handshake();
- ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) &&
- (server_->state() != TlsAgent::STATE_CONNECTING),
+ ASSERT_TRUE_WAIT((client_->state() != TlsAgent::CONNECTING) &&
+ (server_->state() != TlsAgent::CONNECTING),
5000);
}
void TlsConnectTestBase::Connect() {
server_->StartConnect();
client_->StartConnect();
Handshake();
CheckConnected();
@@ -145,18 +145,18 @@ void TlsConnectTestBase::Connect() {
void TlsConnectTestBase::CheckConnected() {
// Check the version is as expected
EXPECT_EQ(client_->version(), server_->version());
EXPECT_EQ(std::min(client_->max_version(),
server_->max_version()),
client_->version());
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state());
- EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state());
+ EXPECT_EQ(TlsAgent::CONNECTED, client_->state());
+ EXPECT_EQ(TlsAgent::CONNECTED, server_->state());
int16_t cipher_suite1, cipher_suite2;
bool ret = client_->cipher_suite(&cipher_suite1);
EXPECT_TRUE(ret);
ret = server_->cipher_suite(&cipher_suite2);
EXPECT_TRUE(ret);
EXPECT_EQ(cipher_suite1, cipher_suite2);
@@ -175,18 +175,18 @@ void TlsConnectTestBase::CheckConnected(
CheckResumption(expected_resumption_mode_);
}
void TlsConnectTestBase::ConnectExpectFail() {
server_->StartConnect();
client_->StartConnect();
Handshake();
- ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state());
- ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state());
+ ASSERT_EQ(TlsAgent::ERROR, client_->state());
+ ASSERT_EQ(TlsAgent::ERROR, server_->state());
}
void TlsConnectTestBase::SetExpectedVersion(uint16_t version) {
client_->SetExpectedVersion(version);
server_->SetExpectedVersion(version);
}
void TlsConnectTestBase::EnableSomeEcdheCiphers() {
@@ -247,17 +247,17 @@ void TlsConnectTestBase::CheckSrtp() con
}
void TlsConnectTestBase::SendReceive() {
client_->SendData(50);
server_->SendData(50);
WAIT_(
client_->received_bytes() == 50 &&
server_->received_bytes() == 50, 2000);
- ASSERT_EQ(50U, client_->received_bytes());
- ASSERT_EQ(50U, server_->received_bytes());
+ ASSERT_EQ(50, client_->received_bytes());
+ ASSERT_EQ(50, server_->received_bytes());
}
TlsConnectGeneric::TlsConnectGeneric()
: TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())),
std::get<1>(GetParam())) {}
} // namespace nss_test
--- a/external_tests/ssl_gtest/tls_parser.h
+++ b/external_tests/ssl_gtest/tls_parser.h
@@ -5,21 +5,17 @@
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef tls_parser_h_
#define tls_parser_h_
#include <memory>
#include <cstdint>
#include <cstring>
-#if defined(WIN32) || defined(WIN64)
-#include <winsock2.h>
-#else
#include <arpa/inet.h>
-#endif
#include "databuffer.h"
namespace nss_test {
const uint8_t kTlsChangeCipherSpecType = 20;
const uint8_t kTlsAlertType = 21;
const uint8_t kTlsHandshakeType = 22;
--- a/lib/base/hash.c
+++ b/lib/base/hash.c
@@ -46,17 +46,19 @@ struct nssHashStr {
};
static PLHashNumber
nss_identity_hash
(
const void *key
)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ PRUint32 i = (PRUint32)key;
+ PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32));
+ return (PLHashNumber)i;
}
static PLHashNumber
nss_item_hash
(
const void *key
)
{
--- a/lib/base/list.c
+++ b/lib/base/list.c
@@ -212,18 +212,19 @@ nsslist_add_element(nssList *list, void
}
++list->count;
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
nssList_Add(nssList *list, void *data)
{
+ PRStatus nssrv;
NSSLIST_LOCK_IF(list);
- (void)nsslist_add_element(list, data);
+ nssrv = nsslist_add_element(list, data);
NSSLIST_UNLOCK_IF(list);
return PR_SUCCESS;
}
NSS_IMPLEMENT PRStatus
nssList_AddUnique(nssList *list, void *data)
{
PRStatus nssrv;
--- a/lib/base/tracker.c
+++ b/lib/base/tracker.c
@@ -24,17 +24,17 @@
*/
static PLHashNumber PR_CALLBACK
identity_hash
(
const void *key
)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber)key;
}
/*
* trackerOnceFunc
*
* This function is called once, using the nssCallOnce function above.
* It creates a new pointer tracker object; initialising its hash
* table and protective lock.
--- a/lib/certdb/certdb.c
+++ b/lib/certdb/certdb.c
@@ -2438,16 +2438,17 @@ CERT_EncodeTrustString(CERTCertTrust *tr
SECStatus
CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
unsigned int ncerts, SECItem **derCerts,
CERTCertificate ***retCerts, PRBool keepCerts,
PRBool caOnly, char *nickname)
{
unsigned int i;
CERTCertificate **certs = NULL;
+ SECStatus rv;
unsigned int fcerts = 0;
if ( ncerts ) {
certs = PORT_ZNewArray(CERTCertificate*, ncerts);
if ( certs == NULL ) {
return(SECFailure);
}
@@ -2485,38 +2486,37 @@ CERT_ImportCerts(CERTCertDBHandle *certd
if(isCA && (fcerts > 1)) {
/* if we are importing only a single cert and specifying
* a nickname, we want to use that nickname if it a CA,
* otherwise if there are more than one cert, we don't
* know which cert it belongs to. But we still may try
* the individual canickname from the cert itself.
*/
- /* Bug 1192442 - propagate errors from these calls. */
- (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL);
+ rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL);
} else {
- (void)CERT_AddTempCertToPerm(certs[i],
- nickname?nickname:canickname, NULL);
+ rv = CERT_AddTempCertToPerm(certs[i],
+ nickname?nickname:canickname, NULL);
}
PORT_Free(canickname);
/* don't care if it fails - keep going */
}
}
}
if ( retCerts ) {
*retCerts = certs;
} else {
if (certs) {
CERT_DestroyCertArray(certs, fcerts);
}
}
- return (fcerts || !ncerts) ? SECSuccess : SECFailure;
+ return ((fcerts || !ncerts) ? SECSuccess : SECFailure);
}
/*
* a real list of certificates - need to convert CERTCertificateList
* stuff and ASN 1 encoder/decoder over to using this...
*/
CERTCertList *
CERT_NewCertList(void)
@@ -2888,26 +2888,25 @@ CERT_LockCertRefCount(CERTCertificate *c
}
/*
* Free the cert reference count lock
*/
void
CERT_UnlockCertRefCount(CERTCertificate *cert)
{
+ PRStatus prstat;
+
PORT_Assert(certRefCountLock != NULL);
-#ifdef DEBUG
- {
- PRStatus prstat = PZ_Unlock(certRefCountLock);
- PORT_Assert(prstat == PR_SUCCESS);
- }
-#else
- PZ_Unlock(certRefCountLock);
-#endif
+ prstat = PZ_Unlock(certRefCountLock);
+
+ PORT_Assert(prstat == PR_SUCCESS);
+
+ return;
}
static PZLock *certTrustLock = NULL;
/*
* Acquire the cert trust lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
@@ -2969,26 +2968,25 @@ cert_DestroyLocks(void)
}
/*
* Free the cert trust lock
*/
void
CERT_UnlockCertTrust(const CERTCertificate *cert)
{
+ PRStatus prstat;
+
PORT_Assert(certTrustLock != NULL);
-#ifdef DEBUG
- {
- PRStatus prstat = PZ_Unlock(certTrustLock);
- PORT_Assert(prstat == PR_SUCCESS);
- }
-#else
- PZ_Unlock(certTrustLock);
-#endif
+ prstat = PZ_Unlock(certTrustLock);
+
+ PORT_Assert(prstat == PR_SUCCESS);
+
+ return;
}
/*
* Get the StatusConfig data for this handle
*/
CERTStatusConfig *
CERT_GetStatusConfig(CERTCertDBHandle *handle)
--- a/lib/certdb/crl.c
+++ b/lib/certdb/crl.c
@@ -622,30 +622,31 @@ loser:
CERTSignedCrl *
crl_storeCRL (PK11SlotInfo *slot,char *url,
CERTSignedCrl *newCrl, SECItem *derCrl, int type)
{
CERTSignedCrl *oldCrl = NULL, *crl = NULL;
PRBool deleteOldCrl = PR_FALSE;
CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE;
+ SECStatus rv;
PORT_Assert(newCrl);
PORT_Assert(derCrl);
PORT_Assert(type == SEC_CRL_TYPE);
if (type != SEC_CRL_TYPE) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
/* we can't use the cache here because we must look in the same
token */
- (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type,
- &oldCrl, CRL_DECODE_SKIP_ENTRIES);
+ rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type,
+ &oldCrl, CRL_DECODE_SKIP_ENTRIES);
/* if there is an old crl on the token, make sure the one we are
installing is newer. If not, exit out, otherwise delete the
old crl.
*/
if (oldCrl != NULL) {
/* if it's already there, quietly continue */
if (SECITEM_CompareItem(newCrl->derCrl, oldCrl->derCrl)
== SECEqual) {
@@ -2687,17 +2688,17 @@ cert_CheckCertRevocationStatus(CERTCerti
}
else
{
/* no revocation date, certificate is permanently revoked */
rv = SECFailure;
}
if (SECFailure == rv)
{
- (void)CERT_FindCRLEntryReasonExten(entry, &reason);
+ SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason);
PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
}
break;
case dpcacheEmpty:
/* useful for NIST policy */
status = certRevocationStatusUnknown;
break;
@@ -3044,17 +3045,17 @@ static SECStatus addCRLToCache(CERTCertD
/* take ownership of CRL, and insert it into the named CRL cache
* and indexed CRL cache
*/
SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
const SECItem* canonicalizedName)
{
NamedCRLCacheEntry* oldEntry, * newEntry = NULL;
NamedCRLCache* ncc = NULL;
- SECStatus rv = SECSuccess;
+ SECStatus rv = SECSuccess, rv2;
PORT_Assert(namedCRLCache.lock);
PORT_Assert(namedCRLCache.entries);
if (!crl || !canonicalizedName)
{
PORT_Assert(0);
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -3082,17 +3083,18 @@ SECStatus cert_CacheCRLByGeneralName(CER
if (!oldEntry)
{
/* add new good entry to the hash table */
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
(void*) newEntry->canonicalizedName,
(void*) newEntry))
{
PORT_Assert(0);
- NamedCRLCacheEntry_Destroy(newEntry);
+ rv2 = NamedCRLCacheEntry_Destroy(newEntry);
+ PORT_Assert(SECSuccess == rv2);
rv = SECFailure;
}
}
else
{
PRBool removed;
/* remove the old CRL from the cache if needed */
if (oldEntry->inCRLCache)
@@ -3105,17 +3107,18 @@ SECStatus cert_CacheCRLByGeneralName(CER
PORT_Assert(removed);
if (!removed)
{
rv = SECFailure;
/* leak old entry since we couldn't remove it from the hash table */
}
else
{
- PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
+ rv2 = NamedCRLCacheEntry_Destroy(oldEntry);
+ PORT_Assert(SECSuccess == rv2);
}
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
(void*) newEntry->canonicalizedName,
(void*) newEntry))
{
PORT_Assert(0);
rv = SECFailure;
}
@@ -3152,29 +3155,31 @@ SECStatus cert_CacheCRLByGeneralName(CER
PORT_Assert(removed);
if (!removed)
{
/* leak old entry since we couldn't remove it from the hash table */
rv = SECFailure;
}
else
{
- PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
+ rv2 = NamedCRLCacheEntry_Destroy(oldEntry);
+ PORT_Assert(SECSuccess == rv2);
}
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
(void*) newEntry->canonicalizedName,
(void*) newEntry))
{
PORT_Assert(0);
rv = SECFailure;
}
}
}
}
- PORT_AssertSuccess(cert_ReleaseNamedCRLCache(ncc));
+ rv2 = cert_ReleaseNamedCRLCache(ncc);
+ PORT_Assert(SECSuccess == rv2);
return rv;
}
static SECStatus CachedCrl_Create(CachedCrl** returned, CERTSignedCrl* crl,
CRLOrigin origin)
{
CachedCrl* newcrl = NULL;
--- a/lib/certdb/genname.c
+++ b/lib/certdb/genname.c
@@ -62,16 +62,26 @@ static const SEC_ASN1Template CERTOthNam
};
static const SEC_ASN1Template CERTOtherNameTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_CONSTRUCTED | 0 ,
offsetof(CERTGeneralName, name.OthName), CERTOthNameTemplate,
sizeof(CERTGeneralName) }
};
+static const SEC_ASN1Template CERTOtherName2Template[] = {
+ { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 ,
+ 0, NULL, sizeof(CERTGeneralName) },
+ { SEC_ASN1_OBJECT_ID,
+ offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) },
+ { SEC_ASN1_ANY,
+ offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) },
+ { 0, }
+};
+
static const SEC_ASN1Template CERT_RFC822NameTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 ,
offsetof(CERTGeneralName, name.other),
SEC_ASN1_SUB(SEC_IA5StringTemplate),
sizeof (CERTGeneralName)}
};
static const SEC_ASN1Template CERT_DNSNameTemplate[] = {
--- a/lib/certdb/secname.c
+++ b/lib/certdb/secname.c
@@ -235,16 +235,24 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA
if (rv) goto loser;
}
return ava;
loser:
return 0;
}
+/************************************************************************/
+/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */
+static const SEC_ASN1Template cert_RDNTemplate[] = {
+ { SEC_ASN1_SET_OF,
+ offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
+};
+
+
CERTRDN *
CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
{
CERTAVA *ava;
CERTRDN *rdn;
va_list ap;
unsigned count;
CERTAVA **avap;
--- a/lib/certhigh/certhigh.c
+++ b/lib/certhigh/certhigh.c
@@ -19,41 +19,46 @@
PRBool
CERT_MatchNickname(char *name1, char *name2) {
char *nickname1= NULL;
char *nickname2 = NULL;
char *token1;
char *token2;
+ char *token = NULL;
+ int len;
/* first deal with the straight comparison */
if (PORT_Strcmp(name1, name2) == 0) {
return PR_TRUE;
}
/* we need to handle the case where one name has an explicit token and the other
* doesn't */
token1 = PORT_Strchr(name1,':');
token2 = PORT_Strchr(name2,':');
if ((token1 && token2) || (!token1 && !token2)) {
/* either both token names are specified or neither are, not match */
return PR_FALSE;
}
if (token1) {
+ token=name1;
nickname1=token1;
nickname2=name2;
} else {
+ token=name2;
nickname1=token2;
nickname2=name1;
}
+ len = nickname1-token;
nickname1++;
if (PORT_Strcmp(nickname1,nickname2) != 0) {
return PR_FALSE;
}
- /* Bug 1192443 - compare the other token with the internal slot here */
+ /* compare the other token with the internal slot here */
return PR_TRUE;
}
/*
* Find all user certificates that match the given criteria.
*
* "handle" - database to search
* "usage" - certificate usage to match
--- a/lib/certhigh/certvfypkix.c
+++ b/lib/certhigh/certvfypkix.c
@@ -1407,23 +1407,23 @@ setRevocationMethod(PKIX_RevocationCheck
CERTRevocationMethodIndex certRevMethod,
PKIX_RevocationMethodType pkixRevMethod,
PKIX_Boolean verifyResponderUsages,
PKIX_Boolean isLeafTest,
void *plContext)
{
PKIX_UInt32 methodFlags = 0;
PKIX_Error *error = NULL;
- PKIX_UInt32 priority = 0;
+ int priority = 0;
- if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) {
+ if (revTest->number_of_defined_methods <= certRevMethod) {
return NULL;
}
if (revTest->preferred_methods) {
- unsigned int i = 0;
+ int i = 0;
for (;i < revTest->number_of_preferred_methods;i++) {
if (revTest->preferred_methods[i] == certRevMethod)
break;
}
priority = i;
}
methodFlags = revTest->cert_rev_flags_per_method[certRevMethod];
if (verifyResponderUsages &&
--- a/lib/certhigh/ocsp.c
+++ b/lib/certhigh/ocsp.c
@@ -554,29 +554,24 @@ ocsp_FreeCacheItem(OCSPCacheItem *item)
static void
ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item)
{
/* The item we're removing could be either the least recently used item,
* or it could be an item that couldn't get updated with newer status info
* because of an allocation failure, or it could get removed because we're
* cleaning up.
*/
+ PRBool couldRemoveFromHashTable;
OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread()));
PR_EnterMonitor(OCSP_Global.monitor);
ocsp_RemoveCacheItemFromLinkedList(cache, item);
-#ifdef DEBUG
- {
- PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries,
- item->certID);
- PORT_Assert(couldRemoveFromHashTable);
- }
-#else
- PL_HashTableRemove(cache->entries, item->certID);
-#endif
+ couldRemoveFromHashTable = PL_HashTableRemove(cache->entries,
+ item->certID);
+ PORT_Assert(couldRemoveFromHashTable);
--cache->numberOfEntries;
ocsp_FreeCacheItem(item);
PR_ExitMonitor(OCSP_Global.monitor);
}
static void
ocsp_CheckCacheSize(OCSPCacheData *cache)
{
--- a/lib/ckfw/builtins/binst.c
+++ b/lib/ckfw/builtins/binst.c
@@ -60,18 +60,20 @@ builtins_mdInstance_GetLibraryDescriptio
static CK_VERSION
builtins_mdInstance_GetLibraryVersion
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance
)
{
-#define NSS_VERSION_VARIABLE __nss_builtins_version
-#include "verref.h"
+ extern const char __nss_builtins_version[];
+ volatile char c; /* force a reference that won't get optimized away */
+
+ c = __nss_builtins_version[0];
return nss_builtins_LibraryVersion;
}
static CK_RV
builtins_mdInstance_GetSlots
(
NSSCKMDInstance *mdInstance,
NSSCKFWInstance *fwInstance,
--- a/lib/ckfw/builtins/certdata.perl
+++ b/lib/ckfw/builtins/certdata.perl
@@ -6,16 +6,17 @@
use strict;
my %constants;
my $count = 0;
my $o;
my @objects = ();
my @objsize;
+$constants{CKO_DATA} = "static const CK_OBJECT_CLASS cko_data = CKO_DATA;\n";
$constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n";
$constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n";
while(<>) {
my @fields = ();
my $size;
s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
--- a/lib/ckfw/hash.c
+++ b/lib/ckfw/hash.c
@@ -43,17 +43,19 @@ struct nssCKFWHashStr {
};
static PLHashNumber
nss_ckfw_identity_hash
(
const void *key
)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ PRUint32 i = (PRUint32)key;
+ PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32));
+ return (PLHashNumber)i;
}
/*
* nssCKFWHash_Create
*
*/
NSS_IMPLEMENT nssCKFWHash *
nssCKFWHash_Create
--- a/lib/ckfw/token.c
+++ b/lib/ckfw/token.c
@@ -1253,32 +1253,33 @@ nssCKFWToken_GetUTCTime
if( CKR_OK != error ) {
return error;
}
/* Sanity-check the data */
{
/* Format is YYYYMMDDhhmmss00 */
int i;
- int Y, M, D, h, m, s;
+ int Y, M, D, h, m, s, z;
static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
for( i = 0; i < 16; i++ ) {
if( (utcTime[i] < '0') || (utcTime[i] > '9') ) {
goto badtime;
}
}
Y = ((utcTime[ 0] - '0') * 1000) + ((utcTime[1] - '0') * 100) +
((utcTime[ 2] - '0') * 10) + (utcTime[ 3] - '0');
M = ((utcTime[ 4] - '0') * 10) + (utcTime[ 5] - '0');
D = ((utcTime[ 6] - '0') * 10) + (utcTime[ 7] - '0');
h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0');
m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0');
s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0');
+ z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0');
if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */
if( (M < 1) || (M > 12) ) goto badtime;
if( (D < 1) || (D > 31) ) goto badtime;
if( D > dims[M-1] ) goto badtime; /* per-month check */
if( (2 == M) && (((Y%4)||!(Y%100))&&(Y%400)) && (D > 28) ) goto badtime; /* leap years */
--- a/lib/crmf/cmmfchal.c
+++ b/lib/crmf/cmmfchal.c
@@ -25,16 +25,17 @@ cmmf_create_witness_and_challenge(PLAren
SECItem encodedRandStr = {siBuffer, NULL, 0};
SECItem *dummy;
unsigned char *randHash, *senderHash, *encChal=NULL;
unsigned modulusLen = 0;
SECStatus rv = SECFailure;
CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}};
PK11SlotInfo *slot;
PK11SymKey *symKey = NULL;
+ CK_OBJECT_HANDLE id;
CERTSubjectPublicKeyInfo *spki = NULL;
encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber,
inRandom);
encodedRandNum = &challenge->randomNumber;
randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
senderHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
@@ -70,17 +71,17 @@ cmmf_create_witness_and_challenge(PLAren
rv = SECFailure;
goto loser;
}
slot =PK11_GetBestSlotWithAttributes(CKM_RSA_PKCS, CKF_WRAP, 0, passwdArg);
if (slot == NULL) {
rv = SECFailure;
goto loser;
}
- (void)PK11_ImportPublicKey(slot, inPubKey, PR_FALSE);
+ id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE);
/* In order to properly encrypt the data, we import as a symmetric
* key, and then wrap that key. That in essence encrypts the data.
* This is the method recommended in the PK11 world in order
* to prevent threading issues as well as breaking any other semantics
* the PK11 libraries depend on.
*/
symKey = PK11_ImportSymKey(slot, CKM_RSA_PKCS, PK11_OriginGenerated,
CKA_VALUE, &encodedRandStr, passwdArg);
--- a/lib/crmf/crmfcont.c
+++ b/lib/crmf/crmfcont.c
@@ -852,42 +852,36 @@ crmf_create_encrypted_value_wrapped_priv
}
CRMFEncryptedKey*
CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey,
CERTCertificate *inCACert)
{
SECKEYPublicKey *caPubKey = NULL;
CRMFEncryptedKey *encKey = NULL;
+ CRMFEncryptedValue *dummy;
PORT_Assert(inPrivKey != NULL && inCACert != NULL);
if (inPrivKey == NULL || inCACert == NULL) {
return NULL;
}
caPubKey = CERT_ExtractPublicKey(inCACert);
if (caPubKey == NULL) {
goto loser;
}
encKey = PORT_ZNew(CRMFEncryptedKey);
if (encKey == NULL) {
goto loser;
}
-#ifdef DEBUG
- {
- CRMFEncryptedValue *dummy =
- crmf_create_encrypted_value_wrapped_privkey(
- inPrivKey, caPubKey, &encKey->value.encryptedValue);
- PORT_Assert(dummy == &encKey->value.encryptedValue);
- }
-#else
- crmf_create_encrypted_value_wrapped_privkey(
- inPrivKey, caPubKey, &encKey->value.encryptedValue);
-#endif
+ dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey,
+ caPubKey,
+ &encKey->value.encryptedValue);
+ PORT_Assert(dummy == &encKey->value.encryptedValue);
/* We won't add the der value here, but rather when it
* becomes part of a certificate request.
*/
SECKEY_DestroyPublicKey(caPubKey);
encKey->encKeyChoice = crmfEncryptedValueChoice;
return encKey;
loser:
if (encKey != NULL) {
--- a/lib/crmf/crmfi.h
+++ b/lib/crmf/crmfi.h
@@ -47,17 +47,17 @@
*/
#define MAX_WRAPPED_KEY_LEN RSA_MAX_MODULUS_BITS
#define CRMF_BITS_TO_BYTES(bits) (((bits)+7)/8)
#define CRMF_BYTES_TO_BITS(bytes) ((bytes)*8)
struct crmfEncoderArg {
SECItem *buffer;
- unsigned long allocatedLen;
+ long allocatedLen;
};
struct crmfEncoderOutput {
CRMFEncoderOutputCallback fn;
void *outputArg;
};
/*
--- a/lib/crmf/crmfpop.c
+++ b/lib/crmf/crmfpop.c
@@ -5,17 +5,17 @@
#include "crmf.h"
#include "crmfi.h"
#include "secasn1.h"
#include "keyhi.h"
#include "cryptohi.h"
-#define CRMF_DEFAULT_ALLOC_SIZE 1024U
+#define CRMF_DEFAULT_ALLOC_SIZE 1024
SECStatus
crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
SECItem *derDest)
{
derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
if (derDest->data == NULL) {
return SECFailure;
@@ -28,16 +28,17 @@ crmf_init_encoder_callback_arg (struct c
}
/* Caller should release or unmark the pool, instead of doing it here.
** But there are NO callers of this function at present...
*/
SECStatus
CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
{
+ SECItem *dummy;
CRMFProofOfPossession *pop;
PLArenaPool *poolp;
void *mark;
PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
poolp = inCertReqMsg->poolp;
mark = PORT_ArenaMark(poolp);
if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
@@ -46,19 +47,19 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCert
pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
if (pop == NULL) {
goto loser;
}
pop->popUsed = crmfRAVerified;
pop->popChoice.raVerified.data = NULL;
pop->popChoice.raVerified.len = 0;
inCertReqMsg->pop = pop;
- (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
- &(pop->popChoice.raVerified),
- CRMFRAVerifiedTemplate);
+ dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
+ &(pop->popChoice.raVerified),
+ CRMFRAVerifiedTemplate);
return SECSuccess;
loser:
PORT_ArenaRelease(poolp, mark);
return SECFailure;
}
static SECOidTag
crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey)
--- a/lib/crmf/crmftmpl.c
+++ b/lib/crmf/crmftmpl.c
@@ -133,16 +133,29 @@ const SEC_ASN1Template CRMFCertReqMsgTem
{ 0 }
};
const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF, offsetof(CRMFCertReqMessages, messages),
CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)}
};
+static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
+ SEC_ASN1_CONTEXT_SPECIFIC | 0,
+ offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) },
+ { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1,
+ offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+ offsetof(CRMFPOPOSigningKeyInput, publicKey),
+ SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) },
+ { 0 }
+};
+
const SEC_ASN1Template CRMFRAVerifiedTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN,
0,
SEC_ASN1_SUB(SEC_NullTemplate) },
{ 0 }
};
@@ -234,8 +247,24 @@ const SEC_ASN1Template CRMFEncryptedValu
const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = {
{ SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED |
SEC_ASN1_CONTEXT_SPECIFIC | 0,
0,
CRMFEncryptedValueTemplate},
{ 0 }
};
+
+static const SEC_ASN1Template CRMFSinglePubInfoTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFSinglePubInfo)},
+ { SEC_ASN1_INTEGER, offsetof(CRMFSinglePubInfo, pubMethod) },
+ { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC,
+ offsetof(CRMFSinglePubInfo, pubLocation) },
+ { 0 }
+};
+
+static const SEC_ASN1Template CRMFPublicationInfoTemplate[] ={
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPKIPublicationInfo) },
+ { SEC_ASN1_INTEGER, offsetof(CRMFPKIPublicationInfo, action) },
+ { SEC_ASN1_POINTER, offsetof(CRMFPKIPublicationInfo, pubInfos),
+ CRMFSinglePubInfoTemplate},
+ { 0 }
+};
--- a/lib/dbm/src/h_page.c
+++ b/lib/dbm/src/h_page.c
@@ -715,16 +715,33 @@ extern int
errno = EFTYPE;
return (-1);
}
if (!is_bitmap && !bp[0]) {
PAGE_INIT(p);
} else {
+#ifdef DEBUG
+ if(BYTE_ORDER == LITTLE_ENDIAN)
+ {
+ int is_little_endian;
+ is_little_endian = BYTE_ORDER;
+ }
+ else if(BYTE_ORDER == BIG_ENDIAN)
+ {
+ int is_big_endian;
+ is_big_endian = BYTE_ORDER;
+ }
+ else
+ {
+ assert(0);
+ }
+#endif
+
if (hashp->LORDER != BYTE_ORDER) {
register int i, max;
if (is_bitmap) {
max = hashp->BSIZE >> 2; /* divide by 4 */
for (i = 0; i < max; i++)
M_32_SWAP(((int *)p)[i]);
} else {
--- a/lib/dev/devslot.c
+++ b/lib/dev/devslot.c
@@ -20,16 +20,19 @@
/* this should track global and per-transaction login information */
#define NSSSLOT_IS_FRIENDLY(slot) \
(slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
/* measured as interval */
static PRIntervalTime s_token_delay_time = 0;
+/* The flags needed to open a read-only session. */
+static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION;
+
NSS_IMPLEMENT PRStatus
nssSlot_Destroy (
NSSSlot *slot
)
{
if (slot) {
if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) {
PZ_DestroyLock(slot->base.lock);
--- a/lib/dev/devtoken.c
+++ b/lib/dev/devtoken.c
@@ -1461,16 +1461,17 @@ nssToken_TraverseCertificates (
{
CK_RV ckrv;
CK_ULONG count;
CK_OBJECT_HANDLE *objectHandles;
CK_ATTRIBUTE_PTR attr;
CK_ATTRIBUTE cert_template[2];
CK_ULONG ctsize;
NSSArena *arena;
+ PRStatus status;
PRUint32 arraySize, numHandles;
nssCryptokiObject **objects;
void *epv = nssToken_GetCryptokiEPV(token);
nssSession *session = (sessionOpt) ? sessionOpt : token->defaultSession;
/* Don't ask the module to use an invalid session handle. */
if (!session || session->handle == CK_INVALID_SESSION) {
PORT_SetError(SEC_ERROR_NO_TOKEN);
@@ -1538,17 +1539,17 @@ nssToken_TraverseCertificates (
goto loser;
}
if (numHandles > 0) {
objects = create_objects_from_handles(token, session,
objectHandles, numHandles);
if (objects) {
nssCryptokiObject **op;
for (op = objects; *op; op++) {
- (void)(*callback)(*op, arg);
+ status = (*callback)(*op, arg);
}
nss_ZFreeIf(objects);
}
}
nssArena_Destroy(arena);
return PR_SUCCESS;
loser:
nssArena_Destroy(arena);
--- a/lib/freebl/cts.c
+++ b/lib/freebl/cts.c
@@ -180,17 +180,17 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
{
unsigned char *Pn;
unsigned char Cn_2[MAX_BLOCK_SIZE]; /* block Cn-2 */
unsigned char Cn_1[MAX_BLOCK_SIZE]; /* block Cn-1 */
unsigned char Cn[MAX_BLOCK_SIZE]; /* block Cn */
unsigned char lastBlock[MAX_BLOCK_SIZE];
const unsigned char *tmp;
unsigned int tmpLen;
- unsigned int fullblocks, pad;
+ int fullblocks, pad;
unsigned int i;
SECStatus rv;
if (inlen < blocksize) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
return SECFailure;
}
--- a/lib/freebl/dh.c
+++ b/lib/freebl/dh.c
@@ -200,17 +200,17 @@ SECStatus
DH_Derive(SECItem *publicValue,
SECItem *prime,
SECItem *privateValue,
SECItem *derivedSecret,
unsigned int outBytes)
{
mp_int p, Xa, Yb, ZZ, psub1;
mp_err err = MP_OKAY;
- unsigned int len = 0;
+ int len = 0;
unsigned int nb;
unsigned char *secret = NULL;
if (!publicValue || !prime || !privateValue || !derivedSecret) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
memset(derivedSecret, 0, sizeof *derivedSecret);
MP_DIGITS(&p) = 0;
--- a/lib/freebl/drbg.c
+++ b/lib/freebl/drbg.c
@@ -242,42 +242,36 @@ prng_reseed_test(RNGContext *rng, const
}
return prng_reseed(rng, entropy, entropy_len,
additional_input, additional_input_len);
}
/*
* build some fast inline functions for adding.
*/
-#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \
- { \
- int k1; \
- for (k1 = start; carry && k1 >= 0; k1--) { \
- carry = !(++dest[k1]); \
- } \
- }
+#define PRNG_ADD_CARRY_ONLY(dest, start, cy) \
+ carry = cy; \
+ for (k1=start; carry && k1 >=0 ; k1--) { \
+ carry = !(++dest[k1]); \
+ }
/*
* NOTE: dest must be an array for the following to work.
*/
-#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
+#define PRNG_ADD_BITS(dest, dest_len, add, len) \
carry = 0; \
- PORT_Assert((dest_len) >= (len)); \
- { \
- int k1, k2; \
- for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \
- carry += dest[k1] + add[k2]; \
- dest[k1] = (PRUint8) carry; \
- carry >>= 8; \
- } \
+ for (k1=dest_len -1, k2=len-1; k2 >= 0; --k1, --k2) { \
+ carry += dest[k1]+ add[k2]; \
+ dest[k1] = (PRUint8) carry; \
+ carry >>= 8; \
}
-#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
- PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
- PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry)
+#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len) \
+ PRNG_ADD_BITS(dest, dest_len, add, len) \
+ PRNG_ADD_CARRY_ONLY(dest, k1, carry)
/*
* This function expands the internal state of the prng to fulfill any number
* of bytes we need for this request. We only use this call if we need more
* than can be supplied by a single call to SHA256_HashBuf.
*
* This function is specified in NIST SP 800-90 section 10.1.1.4, Hashgen
*/
@@ -287,26 +281,26 @@ prng_Hashgen(RNGContext *rng, PRUint8 *r
{
PRUint8 data[VSize(rng)];
PORT_Memcpy(data, V(rng), VSize(rng));
while (no_of_returned_bytes) {
SHA256Context ctx;
unsigned int len;
unsigned int carry;
+ int k1;
SHA256_Begin(&ctx);
SHA256_Update(&ctx, data, sizeof data);
SHA256_End(&ctx, returned_bytes, &len, no_of_returned_bytes);
returned_bytes += len;
no_of_returned_bytes -= len;
/* The carry parameter is a bool (increment or not).
* This increments data if no_of_returned_bytes is not zero */
- carry = no_of_returned_bytes;
- PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry);
+ PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes);
}
PORT_Memset(data, 0, sizeof data);
}
/*
* Generates new random bytes and advances the internal prng state.
* additional bytes are only used in algorithm testing.
*
@@ -316,16 +310,17 @@ static SECStatus
prng_generateNewBytes(RNGContext *rng,
PRUint8 *returned_bytes, unsigned int no_of_returned_bytes,
const PRUint8 *additional_input,
unsigned int additional_input_len)
{
PRUint8 H[SHA256_LENGTH]; /* both H and w since they
* aren't used concurrently */
unsigned int carry;
+ int k1, k2;
if (!rng->isValid) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* This code only triggers during tests, normal
* prng operation does not use additional_input */
if (additional_input){
@@ -336,36 +331,35 @@ prng_generateNewBytes(RNGContext *rng,
* them to the same variable, but keeping their unique names for
* easy comparison to the spec */
#define w H
rng->V_type = prngAdditionalDataType;
SHA256_Begin(&ctx);
SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data);
SHA256_Update(&ctx, additional_input, additional_input_len);
SHA256_End(&ctx, w, NULL, sizeof w);
- PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry)
+ PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w)
PORT_Memset(w, 0, sizeof w);
#undef w
}
if (no_of_returned_bytes == SHA256_LENGTH) {
/* short_cut to hashbuf and save a copy and a clear */
SHA256_HashBuf(returned_bytes, V(rng), VSize(rng) );
} else {
prng_Hashgen(rng, returned_bytes, no_of_returned_bytes);
}
/* advance our internal state... */
rng->V_type = prngGenerateByteType;
SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data);
- PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry)
- PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry);
+ PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H)
+ PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C);
PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter,
- sizeof rng->reseed_counter, carry)
- carry = 1;
- PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry);
+ sizeof rng->reseed_counter)
+ PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1);
/* continuous rng check */
if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) {
rng->isValid = PR_FALSE;
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
PORT_Memcpy(rng->oldV, V(rng), sizeof rng->oldV);
@@ -511,17 +505,17 @@ RNG_RandomUpdate(const void *data, size_
*
* if 'sizeof(size_t) <= 4' is triggered, it means that we were expecting
* sizeof(size_t) to be less than or equal to 4, but it wasn't. Setting
* NS_PTR_GT_32 will correct that mistake.
*/
PR_STATIC_ASSERT(sizeof(size_t) > 4);
- if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) {
+ if (bytes > PRNG_MAX_ADDITIONAL_BYTES) {
bytes = PRNG_MAX_ADDITIONAL_BYTES;
}
#else
PR_STATIC_ASSERT(sizeof(size_t) <= 4);
#endif
PZ_Lock(globalrng->lock);
/* if we're passed more than our additionalDataCache, simply
--- a/lib/freebl/dsa.c
+++ b/lib/freebl/dsa.c
@@ -497,17 +497,17 @@ DSA_VerifyDigest(DSAPublicKey *key, cons
const SECItem *digest)
{
/* FIPS-compliance dictates that digest is a SHA hash. */
mp_int p, q, g; /* PQG parameters */
mp_int r_, s_; /* tuple (r', s') is received signature) */
mp_int u1, u2, v, w; /* intermediate values used in verification */
mp_int y; /* public key */
mp_err err;
- unsigned int dsa_subprime_len, dsa_signature_len, offset;
+ int dsa_subprime_len, dsa_signature_len, offset;
SECItem localDigest;
unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN];
SECStatus verified = SECFailure;
/* Check args. */
if (!key || !signature || !digest ) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
--- a/lib/freebl/ecl/ecl-priv.h
+++ b/lib/freebl/ecl/ecl-priv.h
@@ -24,49 +24,50 @@
/* Gets the i'th bit in the binary representation of a. If i >= length(a),
* then return 0. (The above behaviour differs from mpl_get_bit, which
* causes an error if i >= length(a).) */
#define MP_GET_BIT(a, i) \
((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
-#define MP_ADD_CARRY(a1, a2, s, carry) \
+#define MP_ADD_CARRY(a1, a2, s, cin, cout) \
{ mp_word w; \
- w = ((mp_word)carry) + (a1) + (a2); \
+ w = ((mp_word)(cin)) + (a1) + (a2); \
s = ACCUM(w); \
- carry = CARRYOUT(w); }
+ cout = CARRYOUT(w); }
-#define MP_SUB_BORROW(a1, a2, s, borrow) \
+#define MP_SUB_BORROW(a1, a2, s, bin, bout) \
{ mp_word w; \
- w = ((mp_word)(a1)) - (a2) - borrow; \
+ w = ((mp_word)(a1)) - (a2) - (bin); \
s = ACCUM(w); \
- borrow = (w >> MP_DIGIT_BIT) & 1; }
+ bout = (w >> MP_DIGIT_BIT) & 1; }
#else
/* NOTE,
- * carry and borrow are both read and written.
+ * cin and cout could be the same variable.
+ * bin and bout could be the same variable.
* a1 or a2 and s could be the same variable.
* don't trash those outputs until their respective inputs have
* been read. */
-#define MP_ADD_CARRY(a1, a2, s, carry) \
+#define MP_ADD_CARRY(a1, a2, s, cin, cout) \
{ mp_digit tmp,sum; \
tmp = (a1); \
sum = tmp + (a2); \
tmp = (sum < tmp); /* detect overflow */ \
- s = sum += carry; \
- carry = tmp + (sum < carry); }
+ s = sum += (cin); \
+ cout = tmp + (sum < (cin)); }
-#define MP_SUB_BORROW(a1, a2, s, borrow) \
+#define MP_SUB_BORROW(a1, a2, s, bin, bout) \
{ mp_digit tmp; \
tmp = (a1); \
s = tmp - (a2); \
tmp = (s > tmp); /* detect borrow */ \
- if (borrow && !s--) tmp++; \
- borrow = tmp; }
+ if ((bin) && !s--) tmp++; \
+ bout = tmp; }
#endif
struct GFMethodStr;
typedef struct GFMethodStr GFMethod;
struct GFMethodStr {
/* Indicates whether the structure was constructed from dynamic memory
* or statically created. */
--- a/lib/freebl/ecl/ecl_gf.c
+++ b/lib/freebl/ecl/ecl_gf.c
@@ -237,20 +237,19 @@ ec_GFp_add_3(const mp_int *a, const mp_i
r2 = MP_DIGIT(b,2);
case 2:
r1 = MP_DIGIT(b,1);
case 1:
r0 = MP_DIGIT(b,0);
}
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
+ MP_ADD_CARRY(a0, r0, r0, 0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry, carry);
#else
__asm__ (
"xorq %3,%3 \n\t"
"addq %4,%0 \n\t"
"adcq %5,%1 \n\t"
"adcq %6,%2 \n\t"
"adcq $0,%3 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
@@ -269,20 +268,19 @@ ec_GFp_add_3(const mp_int *a, const mp_i
/* Do quick 'subract' if we've gone over
* (add the 2's complement of the curve field) */
a2 = MP_DIGIT(&meth->irr,2);
if (carry || r2 > a2 ||
((r2 == a2) && mp_cmp(r,&meth->irr) != MP_LT)) {
a1 = MP_DIGIT(&meth->irr,1);
a0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_SUB_BORROW(r0, a0, r0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry);
- MP_SUB_BORROW(r2, a2, r2, carry);
+ MP_SUB_BORROW(r0, a0, r0, 0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry, carry);
#else
__asm__ (
"subq %3,%0 \n\t"
"sbbq %4,%1 \n\t"
"sbbq %5,%2 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2)
: "r" (a0), "r" (a1), "r" (a2),
"0" (r0), "1" (r1), "2" (r2)
@@ -326,21 +324,20 @@ ec_GFp_add_4(const mp_int *a, const mp_i
r2 = MP_DIGIT(b,2);
case 2:
r1 = MP_DIGIT(b,1);
case 1:
r0 = MP_DIGIT(b,0);
}
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
- MP_ADD_CARRY(a3, r3, r3, carry);
+ MP_ADD_CARRY(a0, r0, r0, 0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry, carry);
#else
__asm__ (
"xorq %4,%4 \n\t"
"addq %5,%0 \n\t"
"adcq %6,%1 \n\t"
"adcq %7,%2 \n\t"
"adcq %8,%3 \n\t"
"adcq $0,%4 \n\t"
@@ -362,21 +359,20 @@ ec_GFp_add_4(const mp_int *a, const mp_i
* (add the 2's complement of the curve field) */
a3 = MP_DIGIT(&meth->irr,3);
if (carry || r3 > a3 ||
((r3 == a3) && mp_cmp(r,&meth->irr) != MP_LT)) {
a2 = MP_DIGIT(&meth->irr,2);
a1 = MP_DIGIT(&meth->irr,1);
a0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_SUB_BORROW(r0, a0, r0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry);
- MP_SUB_BORROW(r2, a2, r2, carry);
- MP_SUB_BORROW(r3, a3, r3, carry);
+ MP_SUB_BORROW(r0, a0, r0, 0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry, carry);
#else
__asm__ (
"subq %4,%0 \n\t"
"sbbq %5,%1 \n\t"
"sbbq %6,%2 \n\t"
"sbbq %7,%3 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
: "r" (a0), "r" (a1), "r" (a2), "r" (a3),
@@ -425,22 +421,21 @@ ec_GFp_add_5(const mp_int *a, const mp_i
case 3:
r2 = MP_DIGIT(b,2);
case 2:
r1 = MP_DIGIT(b,1);
case 1:
r0 = MP_DIGIT(b,0);
}
- carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
- MP_ADD_CARRY(a3, r3, r3, carry);
- MP_ADD_CARRY(a4, r4, r4, carry);
+ MP_ADD_CARRY(a0, r0, r0, 0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry, carry);
+ MP_ADD_CARRY(a4, r4, r4, carry, carry);
MP_CHECKOK(s_mp_pad(r, 5));
MP_DIGIT(r, 4) = r4;
MP_DIGIT(r, 3) = r3;
MP_DIGIT(r, 2) = r2;
MP_DIGIT(r, 1) = r1;
MP_DIGIT(r, 0) = r0;
MP_SIGN(r) = MP_ZPOS;
@@ -450,22 +445,21 @@ ec_GFp_add_5(const mp_int *a, const mp_i
* (add the 2's complement of the curve field) */
a4 = MP_DIGIT(&meth->irr,4);
if (carry || r4 > a4 ||
((r4 == a4) && mp_cmp(r,&meth->irr) != MP_LT)) {
a3 = MP_DIGIT(&meth->irr,3);
a2 = MP_DIGIT(&meth->irr,2);
a1 = MP_DIGIT(&meth->irr,1);
a0 = MP_DIGIT(&meth->irr,0);
- carry = 0;
- MP_SUB_BORROW(r0, a0, r0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry);
- MP_SUB_BORROW(r2, a2, r2, carry);
- MP_SUB_BORROW(r3, a3, r3, carry);
- MP_SUB_BORROW(r4, a4, r4, carry);
+ MP_SUB_BORROW(r0, a0, r0, 0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry, carry);
+ MP_SUB_BORROW(r4, a4, r4, carry, carry);
MP_DIGIT(r, 4) = r4;
MP_DIGIT(r, 3) = r3;
MP_DIGIT(r, 2) = r2;
MP_DIGIT(r, 1) = r1;
MP_DIGIT(r, 0) = r0;
}
s_mp_clamp(r);
@@ -508,23 +502,22 @@ ec_GFp_add_6(const mp_int *a, const mp_i
case 3:
r2 = MP_DIGIT(b,2);
case 2:
r1 = MP_DIGIT(b,1);
case 1:
r0 = MP_DIGIT(b,0);
}
- carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
- MP_ADD_CARRY(a3, r3, r3, carry);
- MP_ADD_CARRY(a4, r4, r4, carry);
- MP_ADD_CARRY(a5, r5, r5, carry);
+ MP_ADD_CARRY(a0, r0, r0, 0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry, carry);
+ MP_ADD_CARRY(a4, r4, r4, carry, carry);
+ MP_ADD_CARRY(a5, r5, r5, carry, carry);
MP_CHECKOK(s_mp_pad(r, 6));
MP_DIGIT(r, 5) = r5;
MP_DIGIT(r, 4) = r4;
MP_DIGIT(r, 3) = r3;
MP_DIGIT(r, 2) = r2;
MP_DIGIT(r, 1) = r1;
MP_DIGIT(r, 0) = r0;
@@ -536,23 +529,22 @@ ec_GFp_add_6(const mp_int *a, const mp_i
a5 = MP_DIGIT(&meth->irr,5);
if (carry || r5 > a5 ||
((r5 == a5) && mp_cmp(r,&meth->irr) != MP_LT)) {
a4 = MP_DIGIT(&meth->irr,4);
a3 = MP_DIGIT(&meth->irr,3);
a2 = MP_DIGIT(&meth->irr,2);
a1 = MP_DIGIT(&meth->irr,1);
a0 = MP_DIGIT(&meth->irr,0);
- carry = 0;
- MP_SUB_BORROW(r0, a0, r0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry);
- MP_SUB_BORROW(r2, a2, r2, carry);
- MP_SUB_BORROW(r3, a3, r3, carry);
- MP_SUB_BORROW(r4, a4, r4, carry);
- MP_SUB_BORROW(r5, a5, r5, carry);
+ MP_SUB_BORROW(r0, a0, r0, 0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry, carry);
+ MP_SUB_BORROW(r4, a4, r4, carry, carry);
+ MP_SUB_BORROW(r5, a5, r5, carry, carry);
MP_DIGIT(r, 5) = r5;
MP_DIGIT(r, 4) = r4;
MP_DIGIT(r, 3) = r3;
MP_DIGIT(r, 2) = r2;
MP_DIGIT(r, 1) = r1;
MP_DIGIT(r, 0) = r0;
}
@@ -590,20 +582,19 @@ ec_GFp_sub_3(const mp_int *a, const mp_i
b2 = MP_DIGIT(b,2);
case 2:
b1 = MP_DIGIT(b,1);
case 1:
b0 = MP_DIGIT(b,0);
}
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
+ MP_SUB_BORROW(r0, b0, r0, 0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
#else
__asm__ (
"xorq %3,%3 \n\t"
"subq %4,%0 \n\t"
"sbbq %5,%1 \n\t"
"sbbq %6,%2 \n\t"
"adcq $0,%3 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2), "=r" (borrow)
@@ -614,20 +605,19 @@ ec_GFp_sub_3(const mp_int *a, const mp_i
/* Do quick 'add' if we've gone under 0
* (subtract the 2's complement of the curve field) */
if (borrow) {
b2 = MP_DIGIT(&meth->irr,2);
b1 = MP_DIGIT(&meth->irr,1);
b0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_ADD_CARRY(b0, r0, r0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow);
+ MP_ADD_CARRY(b0, r0, r0, 0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
#else
__asm__ (
"addq %3,%0 \n\t"
"adcq %4,%1 \n\t"
"adcq %5,%2 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2)
: "r" (b0), "r" (b1), "r" (b2),
"0" (r0), "1" (r1), "2" (r2)
@@ -680,21 +670,20 @@ ec_GFp_sub_4(const mp_int *a, const mp_i
b2 = MP_DIGIT(b,2);
case 2:
b1 = MP_DIGIT(b,1);
case 1:
b0 = MP_DIGIT(b,0);
}
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow);
+ MP_SUB_BORROW(r0, b0, r0, 0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
#else
__asm__ (
"xorq %4,%4 \n\t"
"subq %5,%0 \n\t"
"sbbq %6,%1 \n\t"
"sbbq %7,%2 \n\t"
"sbbq %8,%3 \n\t"
"adcq $0,%4 \n\t"
@@ -707,21 +696,20 @@ ec_GFp_sub_4(const mp_int *a, const mp_i
/* Do quick 'add' if we've gone under 0
* (subtract the 2's complement of the curve field) */
if (borrow) {
b3 = MP_DIGIT(&meth->irr,3);
b2 = MP_DIGIT(&meth->irr,2);
b1 = MP_DIGIT(&meth->irr,1);
b0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_ADD_CARRY(b0, r0, r0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow);
+ MP_ADD_CARRY(b0, r0, r0, 0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
#else
__asm__ (
"addq %4,%0 \n\t"
"adcq %5,%1 \n\t"
"adcq %6,%2 \n\t"
"adcq %7,%3 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
: "r" (b0), "r" (b1), "r" (b2), "r" (b3),
@@ -778,36 +766,34 @@ ec_GFp_sub_5(const mp_int *a, const mp_i
case 3:
b2 = MP_DIGIT(b,2);
case 2:
b1 = MP_DIGIT(b,1);
case 1:
b0 = MP_DIGIT(b,0);
}
- borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow);
- MP_SUB_BORROW(r4, b4, r4, borrow);
+ MP_SUB_BORROW(r0, b0, r0, 0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
+ MP_SUB_BORROW(r4, b4, r4, borrow, borrow);
/* Do quick 'add' if we've gone under 0
* (subtract the 2's complement of the curve field) */
if (borrow) {
b4 = MP_DIGIT(&meth->irr,4);
b3 = MP_DIGIT(&meth->irr,3);
b2 = MP_DIGIT(&meth->irr,2);
b1 = MP_DIGIT(&meth->irr,1);
b0 = MP_DIGIT(&meth->irr,0);
- borrow = 0;
- MP_ADD_CARRY(b0, r0, r0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow);
+ MP_ADD_CARRY(b0, r0, r0, 0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
}
MP_CHECKOK(s_mp_pad(r, 5));
MP_DIGIT(r, 4) = r4;
MP_DIGIT(r, 3) = r3;
MP_DIGIT(r, 2) = r2;
MP_DIGIT(r, 1) = r1;
MP_DIGIT(r, 0) = r0;
MP_SIGN(r) = MP_ZPOS;
@@ -852,39 +838,37 @@ ec_GFp_sub_6(const mp_int *a, const mp_i
case 3:
b2 = MP_DIGIT(b,2);
case 2:
b1 = MP_DIGIT(b,1);
case 1:
b0 = MP_DIGIT(b,0);
}
- borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow);
- MP_SUB_BORROW(r4, b4, r4, borrow);
- MP_SUB_BORROW(r5, b5, r5, borrow);
+ MP_SUB_BORROW(r0, b0, r0, 0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
+ MP_SUB_BORROW(r4, b4, r4, borrow, borrow);
+ MP_SUB_BORROW(r5, b5, r5, borrow, borrow);
/* Do quick 'add' if we've gone under 0
* (subtract the 2's complement of the curve field) */
if (borrow) {
b5 = MP_DIGIT(&meth->irr,5);
b4 = MP_DIGIT(&meth->irr,4);
b3 = MP_DIGIT(&meth->irr,3);
b2 = MP_DIGIT(&meth->irr,2);
b1 = MP_DIGIT(&meth->irr,1);
b0 = MP_DIGIT(&meth->irr,0);
- borrow = 0;
- MP_ADD_CARRY(b0, r0, r0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow);
- MP_ADD_CARRY(b4, r4, r4, borrow);
+ MP_ADD_CARRY(b0, r0, r0, 0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
+ MP_ADD_CARRY(b4, r4, r4, borrow, borrow);
}
MP_CHECKOK(s_mp_pad(r, 6));
MP_DIGIT(r, 5) = r5;
MP_DIGIT(r, 4) = r4;
MP_DIGIT(r, 3) = r3;
MP_DIGIT(r, 2) = r2;
MP_DIGIT(r, 1) = r1;
--- a/lib/freebl/ecl/ecl_mult.c
+++ b/lib/freebl/ecl/ecl_mult.c
@@ -124,17 +124,17 @@ ec_pts_mul_basic(const mp_int *k1, const
mp_err
ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
{
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
const mp_int *a, *b;
- unsigned int i, j;
+ int i, j;
int ai, bi, d;
ARGCHK(group != NULL, MP_BADARG);
ARGCHK(!((k1 == NULL)
&& ((k2 == NULL) || (px == NULL)
|| (py == NULL))), MP_BADARG);
/* if some arguments are not defined used ECPoint_mul */
@@ -231,17 +231,17 @@ ec_pts_mul_simul_w2(const mp_int *k1, co
}
d = (mpl_significant_bits(a) + 1) / 2;
/* R = inf */
mp_zero(rx);
mp_zero(ry);
- for (i = d; i-- > 0;) {
+ for (i = d - 1; i >= 0; i--) {
ai = MP_GET_BIT(a, 2 * i + 1);
ai <<= 1;
ai |= MP_GET_BIT(a, 2 * i);
bi = MP_GET_BIT(b, 2 * i + 1);
bi <<= 1;
bi |= MP_GET_BIT(b, 2 * i);
/* R = 2^2 * R */
MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
--- a/lib/freebl/ecl/ecp_192.c
+++ b/lib/freebl/ecl/ecp_192.c
@@ -67,46 +67,44 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_
r2b= MP_DIGIT(a, 5);
r2a= MP_DIGIT(a, 4);
r1b = MP_DIGIT(a, 3);
r1a = MP_DIGIT(a, 2);
r0b = MP_DIGIT(a, 1);
r0a = MP_DIGIT(a, 0);
/* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
- carry = 0;
- MP_ADD_CARRY(r0a, a3a, r0a, carry);
- MP_ADD_CARRY(r0b, a3b, r0b, carry);
- MP_ADD_CARRY(r1a, a3a, r1a, carry);
- MP_ADD_CARRY(r1b, a3b, r1b, carry);
- MP_ADD_CARRY(r2a, a4a, r2a, carry);
- MP_ADD_CARRY(r2b, a4b, r2b, carry);
+ MP_ADD_CARRY(r0a, a3a, r0a, 0, carry);
+ MP_ADD_CARRY(r0b, a3b, r0b, carry, carry);
+ MP_ADD_CARRY(r1a, a3a, r1a, carry, carry);
+ MP_ADD_CARRY(r1b, a3b, r1b, carry, carry);
+ MP_ADD_CARRY(r2a, a4a, r2a, carry, carry);
+ MP_ADD_CARRY(r2b, a4b, r2b, carry, carry);
r3 = carry; carry = 0;
- MP_ADD_CARRY(r0a, a5a, r0a, carry);
- MP_ADD_CARRY(r0b, a5b, r0b, carry);
- MP_ADD_CARRY(r1a, a5a, r1a, carry);
- MP_ADD_CARRY(r1b, a5b, r1b, carry);
- MP_ADD_CARRY(r2a, a5a, r2a, carry);
- MP_ADD_CARRY(r2b, a5b, r2b, carry);
- r3 += carry; carry = 0;
- MP_ADD_CARRY(r1a, a4a, r1a, carry);
- MP_ADD_CARRY(r1b, a4b, r1b, carry);
- MP_ADD_CARRY(r2a, 0, r2a, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry);
+ MP_ADD_CARRY(r0a, a5a, r0a, 0, carry);
+ MP_ADD_CARRY(r0b, a5b, r0b, carry, carry);
+ MP_ADD_CARRY(r1a, a5a, r1a, carry, carry);
+ MP_ADD_CARRY(r1b, a5b, r1b, carry, carry);
+ MP_ADD_CARRY(r2a, a5a, r2a, carry, carry);
+ MP_ADD_CARRY(r2b, a5b, r2b, carry, carry);
+ r3 += carry;
+ MP_ADD_CARRY(r1a, a4a, r1a, 0, carry);
+ MP_ADD_CARRY(r1b, a4b, r1b, carry, carry);
+ MP_ADD_CARRY(r2a, 0, r2a, carry, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry, carry);
r3 += carry;
/* reduce out the carry */
while (r3) {
- carry = 0;
- MP_ADD_CARRY(r0a, r3, r0a, carry);
- MP_ADD_CARRY(r0b, 0, r0b, carry);
- MP_ADD_CARRY(r1a, r3, r1a, carry);
- MP_ADD_CARRY(r1b, 0, r1b, carry);
- MP_ADD_CARRY(r2a, 0, r2a, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry);
+ MP_ADD_CARRY(r0a, r3, r0a, 0, carry);
+ MP_ADD_CARRY(r0b, 0, r0b, carry, carry);
+ MP_ADD_CARRY(r1a, r3, r1a, carry, carry);
+ MP_ADD_CARRY(r1b, 0, r1b, carry, carry);
+ MP_ADD_CARRY(r2a, 0, r2a, carry, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry, carry);
r3 = carry;
}
/* check for final reduction */
/*
* our field is 0xffffffffffffffff, 0xfffffffffffffffe,
* 0xffffffffffffffff. That means we can only be over and need
* one more reduction
@@ -118,19 +116,18 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_
* complement value (1,1,0)). (r0, r1, r2)
*/
if (((r2b == 0xffffffff) && (r2a == 0xffffffff)
&& (r1b == 0xffffffff) ) &&
((r1a == 0xffffffff) ||
(r1a == 0xfffffffe) && (r0a == 0xffffffff) &&
(r0b == 0xffffffff)) ) {
/* do a quick subtract */
- carry = 0;
- MP_ADD_CARRY(r0a, 1, r0a, carry);
- MP_ADD_CARRY(r0b, carry, r0a, carry);
+ MP_ADD_CARRY(r0a, 1, r0a, 0, carry);
+ MP_ADD_CARRY(r0b, carry, r0a, 0, carry);
r1a += 1+carry;
r1b = r2a = r2b = 0;
}
/* set the lower words of r */
if (a != r) {
MP_CHECKOK(s_mp_pad(r, 6));
}
@@ -152,27 +149,26 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_
}
r2 = MP_DIGIT(a, 2);
r1 = MP_DIGIT(a, 1);
r0 = MP_DIGIT(a, 0);
/* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(r0, a3, r0, carry);
- MP_ADD_CARRY(r1, a3, r1, carry);
- MP_ADD_CARRY(r2, a4, r2, carry);
- r3 = carry; carry = 0;
- MP_ADD_CARRY(r0, a5, r0, carry);
- MP_ADD_CARRY(r1, a5, r1, carry);
- MP_ADD_CARRY(r2, a5, r2, carry);
- r3 += carry; carry = 0;
- MP_ADD_CARRY(r1, a4, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r0, a3, r0, 0, carry);
+ MP_ADD_CARRY(r1, a3, r1, carry, carry);
+ MP_ADD_CARRY(r2, a4, r2, carry, carry);
+ r3 = carry;
+ MP_ADD_CARRY(r0, a5, r0, 0, carry);
+ MP_ADD_CARRY(r1, a5, r1, carry, carry);
+ MP_ADD_CARRY(r2, a5, r2, carry, carry);
+ r3 += carry;
+ MP_ADD_CARRY(r1, a4, r1, 0, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry, carry);
r3 += carry;
#else
r2 = MP_DIGIT(a, 2);
r1 = MP_DIGIT(a, 1);
r0 = MP_DIGIT(a, 0);
/* set the lower words of r */
@@ -194,20 +190,19 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_
: "0" (r0), "1" (r1), "2" (r2), "3" (r3),
"4" (a3), "5" (a4), "6"(a5)
: "%cc" );
#endif
/* reduce out the carry */
while (r3) {
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(r0, r3, r0, carry);
- MP_ADD_CARRY(r1, r3, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r0, r3, r0, 0, carry);
+ MP_ADD_CARRY(r1, r3, r1, carry, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry, carry);
r3 = carry;
#else
a3=r3;
__asm__ (
"xorq %3,%3 \n\t"
"addq %4,%0 \n\t"
"adcq %4,%1 \n\t"
"adcq $0,%2 \n\t"
@@ -229,18 +224,17 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_
* r1 == 0xfffffffffffffffffe and r0 = 0xfffffffffffffffff
* In all cases, we subtract the field (or add the 2's
* complement value (1,1,0)). (r0, r1, r2)
*/
if (r3 || ((r2 == MP_DIGIT_MAX) &&
((r1 == MP_DIGIT_MAX) ||
((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) {
/* do a quick subtract */
- carry = 0;
- MP_ADD_CARRY(r0, 1, r0, carry);
+ MP_ADD_CARRY(r0, 1, r0, 0, carry);
r1 += 1+carry;
r2 = 0;
}
/* set the lower words of r */
if (a != r) {
MP_CHECKOK(s_mp_pad(r, 3));
}
MP_DIGIT(r, 2) = r2;
@@ -281,20 +275,19 @@ ec_GFp_nistp192_add(const mp_int *a, con
r2 = MP_DIGIT(b,2);
case 2:
r1 = MP_DIGIT(b,1);
case 1:
r0 = MP_DIGIT(b,0);
}
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(a0, r0, r0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry);
- MP_ADD_CARRY(a2, r2, r2, carry);
+ MP_ADD_CARRY(a0, r0, r0, 0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry, carry);
#else
__asm__ (
"xorq %3,%3 \n\t"
"addq %4,%0 \n\t"
"adcq %5,%1 \n\t"
"adcq %6,%2 \n\t"
"adcq $0,%3 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
@@ -304,20 +297,19 @@ ec_GFp_nistp192_add(const mp_int *a, con
#endif
/* Do quick 'subract' if we've gone over
* (add the 2's complement of the curve field) */
if (carry || ((r2 == MP_DIGIT_MAX) &&
((r1 == MP_DIGIT_MAX) ||
((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) {
#ifndef MPI_AMD64_ADD
- carry = 0;
- MP_ADD_CARRY(r0, 1, r0, carry);
- MP_ADD_CARRY(r1, 1, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r0, 1, r0, 0, carry);
+ MP_ADD_CARRY(r1, 1, r1, carry, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry, carry);
#else
__asm__ (
"addq $1,%0 \n\t"
"adcq $1,%1 \n\t"
"adcq $0,%2 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2)
: "0" (r0), "1" (r1), "2" (r2)
: "%cc" );
@@ -365,20 +357,19 @@ ec_GFp_nistp192_sub(const mp_int *a, con
b2 = MP_DIGIT(b,2);
case 2:
b1 = MP_DIGIT(b,1);
case 1:
b0 = MP_DIGIT(b,0);
}
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_SUB_BORROW(r0, b0, r0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow);
+ MP_SUB_BORROW(r0, b0, r0, 0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
#else
__asm__ (
"xorq %3,%3 \n\t"
"subq %4,%0 \n\t"
"sbbq %5,%1 \n\t"
"sbbq %6,%2 \n\t"
"adcq $0,%3 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2), "=r"(borrow)
@@ -386,20 +377,19 @@ ec_GFp_nistp192_sub(const mp_int *a, con
"1" (r1), "2" (r2)
: "%cc" );
#endif
/* Do quick 'add' if we've gone under 0
* (subtract the 2's complement of the curve field) */
if (borrow) {
#ifndef MPI_AMD64_ADD
- borrow = 0;
- MP_SUB_BORROW(r0, 1, r0, borrow);
- MP_SUB_BORROW(r1, 1, r1, borrow);
- MP_SUB_BORROW(r2, 0, r2, borrow);
+ MP_SUB_BORROW(r0, 1, r0, 0, borrow);
+ MP_SUB_BORROW(r1, 1, r1, borrow, borrow);
+ MP_SUB_BORROW(r2, 0, r2, borrow, borrow);
#else
__asm__ (
"subq $1,%0 \n\t"
"sbbq $1,%1 \n\t"
"sbbq $0,%2 \n\t"
: "=r"(r0), "=r"(r1), "=r"(r2)
: "0" (r0), "1" (r1), "2" (r2)
: "%cc" );
--- a/lib/freebl/ecl/ecp_224.c
+++ b/lib/freebl/ecl/ecp_224.c
@@ -67,91 +67,87 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_
r0a = MP_DIGIT(a, 0);
/* implement r = (a3a,a2,a1,a0)
+(a5a, a4,a3b, 0)
+( 0, a6,a5b, 0)
-( 0 0, 0|a6b, a6a|a5b )
-( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
- carry = 0;
- MP_ADD_CARRY (r1b, a3b, r1b, carry);
- MP_ADD_CARRY (r2a, a4a, r2a, carry);
- MP_ADD_CARRY (r2b, a4b, r2b, carry);
- MP_ADD_CARRY (r3a, a5a, r3a, carry);
- r3b = carry; carry = 0;
- MP_ADD_CARRY (r1b, a5b, r1b, carry);
- MP_ADD_CARRY (r2a, a6a, r2a, carry);
- MP_ADD_CARRY (r2b, a6b, r2b, carry);
- MP_ADD_CARRY (r3a, 0, r3a, carry);
- r3b += carry; carry = 0;
- MP_SUB_BORROW(r0a, a3b, r0a, carry);
- MP_SUB_BORROW(r0b, a4a, r0b, carry);
- MP_SUB_BORROW(r1a, a4b, r1a, carry);
- MP_SUB_BORROW(r1b, a5a, r1b, carry);
- MP_SUB_BORROW(r2a, a5b, r2a, carry);
- MP_SUB_BORROW(r2b, a6a, r2b, carry);
- MP_SUB_BORROW(r3a, a6b, r3a, carry);
- r3b -= carry; carry = 0;
- MP_SUB_BORROW(r0a, a5b, r0a, carry);
- MP_SUB_BORROW(r0b, a6a, r0b, carry);
- MP_SUB_BORROW(r1a, a6b, r1a, carry);
+ MP_ADD_CARRY (r1b, a3b, r1b, 0, carry);
+ MP_ADD_CARRY (r2a, a4a, r2a, carry, carry);
+ MP_ADD_CARRY (r2b, a4b, r2b, carry, carry);
+ MP_ADD_CARRY (r3a, a5a, r3a, carry, carry);
+ r3b = carry;
+ MP_ADD_CARRY (r1b, a5b, r1b, 0, carry);
+ MP_ADD_CARRY (r2a, a6a, r2a, carry, carry);
+ MP_ADD_CARRY (r2b, a6b, r2b, carry, carry);
+ MP_ADD_CARRY (r3a, 0, r3a, carry, carry);
+ r3b += carry;
+ MP_SUB_BORROW(r0a, a3b, r0a, 0, carry);
+ MP_SUB_BORROW(r0b, a4a, r0b, carry, carry);
+ MP_SUB_BORROW(r1a, a4b, r1a, carry, carry);
+ MP_SUB_BORROW(r1b, a5a, r1b, carry, carry);
+ MP_SUB_BORROW(r2a, a5b, r2a, carry, carry);
+ MP_SUB_BORROW(r2b, a6a, r2b, carry, carry);
+ MP_SUB_BORROW(r3a, a6b, r3a, carry, carry);
+ r3b -= carry;
+ MP_SUB_BORROW(r0a, a5b, r0a, 0, carry);
+ MP_SUB_BORROW(r0b, a6a, r0b, carry, carry);
+ MP_SUB_BORROW(r1a, a6b, r1a, carry, carry);
if (carry) {
- MP_SUB_BORROW(r1b, 0, r1b, carry);
- MP_SUB_BORROW(r2a, 0, r2a, carry);
- MP_SUB_BORROW(r2b, 0, r2b, carry);
- MP_SUB_BORROW(r3a, 0, r3a, carry);
+ MP_SUB_BORROW(r1b, 0, r1b, carry, carry);
+ MP_SUB_BORROW(r2a, 0, r2a, carry, carry);
+ MP_SUB_BORROW(r2b, 0, r2b, carry, carry);
+ MP_SUB_BORROW(r3a, 0, r3a, carry, carry);
r3b -= carry;
}
while (r3b > 0) {
int tmp;
- carry = 0;
- MP_ADD_CARRY(r1b, r3b, r1b, carry);
+ MP_ADD_CARRY(r1b, r3b, r1b, 0, carry);
if (carry) {
- MP_ADD_CARRY(r2a, 0, r2a, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry);
- MP_ADD_CARRY(r3a, 0, r3a, carry);
+ MP_ADD_CARRY(r2a, 0, r2a, carry, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry, carry);
+ MP_ADD_CARRY(r3a, 0, r3a, carry, carry);
}
- tmp = carry; carry = 0;
- MP_SUB_BORROW(r0a, r3b, r0a, carry);
+ tmp = carry;
+ MP_SUB_BORROW(r0a, r3b, r0a, 0, carry);
if (carry) {
- MP_SUB_BORROW(r0b, 0, r0b, carry);
- MP_SUB_BORROW(r1a, 0, r1a, carry);
- MP_SUB_BORROW(r1b, 0, r1b, carry);
- MP_SUB_BORROW(r2a, 0, r2a, carry);
- MP_SUB_BORROW(r2b, 0, r2b, carry);
- MP_SUB_BORROW(r3a, 0, r3a, carry);
+ MP_SUB_BORROW(r0b, 0, r0b, carry, carry);
+ MP_SUB_BORROW(r1a, 0, r1a, carry, carry);
+ MP_SUB_BORROW(r1b, 0, r1b, carry, carry);
+ MP_SUB_BORROW(r2a, 0, r2a, carry, carry);
+ MP_SUB_BORROW(r2b, 0, r2b, carry, carry);
+ MP_SUB_BORROW(r3a, 0, r3a, carry, carry);
tmp -= carry;
}
r3b = tmp;
}
while (r3b < 0) {
mp_digit maxInt = MP_DIGIT_MAX;
- carry = 0;
- MP_ADD_CARRY (r0a, 1, r0a, carry);
- MP_ADD_CARRY (r0b, 0, r0b, carry);
- MP_ADD_CARRY (r1a, 0, r1a, carry);
- MP_ADD_CARRY (r1b, maxInt, r1b, carry);
- MP_ADD_CARRY (r2a, maxInt, r2a, carry);
- MP_ADD_CARRY (r2b, maxInt, r2b, carry);
- MP_ADD_CARRY (r3a, maxInt, r3a, carry);
+ MP_ADD_CARRY (r0a, 1, r0a, 0, carry);
+ MP_ADD_CARRY (r0b, 0, r0b, carry, carry);
+ MP_ADD_CARRY (r1a, 0, r1a, carry, carry);
+ MP_ADD_CARRY (r1b, maxInt, r1b, carry, carry);
+ MP_ADD_CARRY (r2a, maxInt, r2a, carry, carry);
+ MP_ADD_CARRY (r2b, maxInt, r2b, carry, carry);
+ MP_ADD_CARRY (r3a, maxInt, r3a, carry, carry);
r3b += carry;
}
/* check for final reduction */
/* now the only way we are over is if the top 4 words are all ones */
if ((r3a == MP_DIGIT_MAX) && (r2b == MP_DIGIT_MAX)
&& (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) &&
((r1a != 0) || (r0b != 0) || (r0a != 0)) ) {
/* one last subraction */
- carry = 0;
- MP_SUB_BORROW(r0a, 1, r0a, carry);
- MP_SUB_BORROW(r0b, 0, r0b, carry);
- MP_SUB_BORROW(r1a, 0, r1a, carry);
+ MP_SUB_BORROW(r0a, 1, r0a, 0, carry);
+ MP_SUB_BORROW(r0b, 0, r0b, carry, carry);
+ MP_SUB_BORROW(r1a, 0, r1a, carry, carry);
r1b = r2a = r2b = r3a = 0;
}
if (a != r) {
MP_CHECKOK(s_mp_pad(r, 7));
}
/* set the lower words of r */
@@ -193,79 +189,71 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_
r1 = MP_DIGIT(a, 1);
r0 = MP_DIGIT(a, 0);
/* implement r = (a3a,a2,a1,a0)
+(a5a, a4,a3b, 0)
+( 0, a6,a5b, 0)
-( 0 0, 0|a6b, a6a|a5b )
-( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
- carry = 0;
- MP_ADD_CARRY (r1, a3b, r1, carry);
- MP_ADD_CARRY (r2, a4 , r2, carry);
- MP_ADD_CARRY (r3, a5a, r3, carry);
- carry = 0;
- MP_ADD_CARRY (r1, a5b, r1, carry);
- MP_ADD_CARRY (r2, a6 , r2, carry);
- MP_ADD_CARRY (r3, 0, r3, carry);
+ MP_ADD_CARRY (r1, a3b, r1, 0, carry);
+ MP_ADD_CARRY (r2, a4 , r2, carry, carry);
+ MP_ADD_CARRY (r3, a5a, r3, carry, carry);
+ MP_ADD_CARRY (r1, a5b, r1, 0, carry);
+ MP_ADD_CARRY (r2, a6 , r2, carry, carry);
+ MP_ADD_CARRY (r3, 0, r3, carry, carry);
- carry = 0;
- MP_SUB_BORROW(r0, a4a_a3b, r0, carry);
- MP_SUB_BORROW(r1, a5a_a4b, r1, carry);
- MP_SUB_BORROW(r2, a6a_a5b, r2, carry);
- MP_SUB_BORROW(r3, a6b , r3, carry);
- carry = 0;
- MP_SUB_BORROW(r0, a6a_a5b, r0, carry);
- MP_SUB_BORROW(r1, a6b , r1, carry);
+ MP_SUB_BORROW(r0, a4a_a3b, r0, 0, carry);
+ MP_SUB_BORROW(r1, a5a_a4b, r1, carry, carry);
+ MP_SUB_BORROW(r2, a6a_a5b, r2, carry, carry);
+ MP_SUB_BORROW(r3, a6b , r3, carry, carry);
+ MP_SUB_BORROW(r0, a6a_a5b, r0, 0, carry);
+ MP_SUB_BORROW(r1, a6b , r1, carry, carry);
if (carry) {
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, 0, r3, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry, carry);
}
/* if the value is negative, r3 has a 2's complement
* high value */
r3b = (int)(r3 >>32);
while (r3b > 0) {
r3 &= 0xffffffff;
- carry = 0;
- MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, carry);
+ MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, 0, carry);
if (carry) {
- MP_ADD_CARRY(r2, 0, r2, carry);
- MP_ADD_CARRY(r3, 0, r3, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry, carry);
+ MP_ADD_CARRY(r3, 0, r3, carry, carry);
}
- carry = 0;
- MP_SUB_BORROW(r0, r3b, r0, carry);
+ MP_SUB_BORROW(r0, r3b, r0, 0, carry);
if (carry) {
- MP_SUB_BORROW(r1, 0, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, 0, r3, carry);
+ MP_SUB_BORROW(r1, 0, r1, carry, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry, carry);
}
r3b = (int)(r3 >>32);
}
while (r3b < 0) {
- carry = 0;
- MP_ADD_CARRY (r0, 1, r0, carry);
- MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry);
- MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry);
- MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry);
+ MP_ADD_CARRY (r0, 1, r0, 0, carry);
+ MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry, carry);
+ MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry, carry);
+ MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry, carry);
r3b = (int)(r3 >>32);
}
/* check for final reduction */
/* now the only way we are over is if the top 4 words are
* all ones. Subtract the curve. (curve is 2^224 - 2^96 +1)
*/
if ((r3 == (MP_DIGIT_MAX >> 32)) && (r2 == MP_DIGIT_MAX)
&& ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) &&
((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) {
/* one last subraction */
- carry = 0;
- MP_SUB_BORROW(r0, 1, r0, carry);
- MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry);
+ MP_SUB_BORROW(r0, 1, r0, 0, carry);
+ MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry, carry);
r2 = r3 = 0;
}
if (a != r) {
MP_CHECKOK(s_mp_pad(r, 4));
}
/* set the lower words of r */
--- a/lib/freebl/ecl/ecp_256.c
+++ b/lib/freebl/ecl/ecp_256.c
@@ -63,128 +63,125 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_
r2 = MP_DIGIT(a,2);
r3 = MP_DIGIT(a,3);
r4 = MP_DIGIT(a,4);
r5 = MP_DIGIT(a,5);
r6 = MP_DIGIT(a,6);
r7 = MP_DIGIT(a,7);
/* sum 1 */
- carry = 0;
- MP_ADD_CARRY(r3, a11, r3, carry);
- MP_ADD_CARRY(r4, a12, r4, carry);
- MP_ADD_CARRY(r5, a13, r5, carry);
- MP_ADD_CARRY(r6, a14, r6, carry);
- MP_ADD_CARRY(r7, a15, r7, carry);
- r8 = carry; carry = 0;
- MP_ADD_CARRY(r3, a11, r3, carry);
- MP_ADD_CARRY(r4, a12, r4, carry);
- MP_ADD_CARRY(r5, a13, r5, carry);
- MP_ADD_CARRY(r6, a14, r6, carry);
- MP_ADD_CARRY(r7, a15, r7, carry);
- r8 += carry; carry = 0;
+ MP_ADD_CARRY(r3, a11, r3, 0, carry);
+ MP_ADD_CARRY(r4, a12, r4, carry, carry);
+ MP_ADD_CARRY(r5, a13, r5, carry, carry);
+ MP_ADD_CARRY(r6, a14, r6, carry, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry, carry);
+ r8 = carry;
+ MP_ADD_CARRY(r3, a11, r3, 0, carry);
+ MP_ADD_CARRY(r4, a12, r4, carry, carry);
+ MP_ADD_CARRY(r5, a13, r5, carry, carry);
+ MP_ADD_CARRY(r6, a14, r6, carry, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry, carry);
+ r8 += carry;
/* sum 2 */
- MP_ADD_CARRY(r3, a12, r3, carry);
- MP_ADD_CARRY(r4, a13, r4, carry);
- MP_ADD_CARRY(r5, a14, r5, carry);
- MP_ADD_CARRY(r6, a15, r6, carry);
- MP_ADD_CARRY(r7, 0, r7, carry);
- r8 += carry; carry = 0;
+ MP_ADD_CARRY(r3, a12, r3, 0, carry);
+ MP_ADD_CARRY(r4, a13, r4, carry, carry);
+ MP_ADD_CARRY(r5, a14, r5, carry, carry);
+ MP_ADD_CARRY(r6, a15, r6, carry, carry);
+ MP_ADD_CARRY(r7, 0, r7, carry, carry);
+ r8 += carry;
/* combine last bottom of sum 3 with second sum 2 */
- MP_ADD_CARRY(r0, a8, r0, carry);
- MP_ADD_CARRY(r1, a9, r1, carry);
- MP_ADD_CARRY(r2, a10, r2, carry);
- MP_ADD_CARRY(r3, a12, r3, carry);
- MP_ADD_CARRY(r4, a13, r4, carry);
- MP_ADD_CARRY(r5, a14, r5, carry);
- MP_ADD_CARRY(r6, a15, r6, carry);
- MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */
- r8 += carry; carry = 0;
+ MP_ADD_CARRY(r0, a8, r0, 0, carry);
+ MP_ADD_CARRY(r1, a9, r1, carry, carry);
+ MP_ADD_CARRY(r2, a10, r2, carry, carry);
+ MP_ADD_CARRY(r3, a12, r3, carry, carry);
+ MP_ADD_CARRY(r4, a13, r4, carry, carry);
+ MP_ADD_CARRY(r5, a14, r5, carry, carry);
+ MP_ADD_CARRY(r6, a15, r6, carry, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry, carry); /* from sum 3 */
+ r8 += carry;
/* sum 3 (rest of it)*/
- MP_ADD_CARRY(r6, a14, r6, carry);
- MP_ADD_CARRY(r7, 0, r7, carry);
- r8 += carry; carry = 0;
+ MP_ADD_CARRY(r6, a14, r6, 0, carry);
+ MP_ADD_CARRY(r7, 0, r7, carry, carry);
+ r8 += carry;
/* sum 4 (rest of it)*/
- MP_ADD_CARRY(r0, a9, r0, carry);
- MP_ADD_CARRY(r1, a10, r1, carry);
- MP_ADD_CARRY(r2, a11, r2, carry);
- MP_ADD_CARRY(r3, a13, r3, carry);
- MP_ADD_CARRY(r4, a14, r4, carry);
- MP_ADD_CARRY(r5, a15, r5, carry);
- MP_ADD_CARRY(r6, a13, r6, carry);
- MP_ADD_CARRY(r7, a8, r7, carry);
- r8 += carry; carry = 0;
+ MP_ADD_CARRY(r0, a9, r0, 0, carry);
+ MP_ADD_CARRY(r1, a10, r1, carry, carry);
+ MP_ADD_CARRY(r2, a11, r2, carry, carry);
+ MP_ADD_CARRY(r3, a13, r3, carry, carry);
+ MP_ADD_CARRY(r4, a14, r4, carry, carry);
+ MP_ADD_CARRY(r5, a15, r5, carry, carry);
+ MP_ADD_CARRY(r6, a13, r6, carry, carry);
+ MP_ADD_CARRY(r7, a8, r7, carry, carry);
+ r8 += carry;
/* diff 5 */
- MP_SUB_BORROW(r0, a11, r0, carry);
- MP_SUB_BORROW(r1, a12, r1, carry);
- MP_SUB_BORROW(r2, a13, r2, carry);
- MP_SUB_BORROW(r3, 0, r3, carry);
- MP_SUB_BORROW(r4, 0, r4, carry);
- MP_SUB_BORROW(r5, 0, r5, carry);
- MP_SUB_BORROW(r6, a8, r6, carry);
- MP_SUB_BORROW(r7, a10, r7, carry);
- r8 -= carry; carry = 0;
+ MP_SUB_BORROW(r0, a11, r0, 0, carry);
+ MP_SUB_BORROW(r1, a12, r1, carry, carry);
+ MP_SUB_BORROW(r2, a13, r2, carry, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry, carry);
+ MP_SUB_BORROW(r4, 0, r4, carry, carry);
+ MP_SUB_BORROW(r5, 0, r5, carry, carry);
+ MP_SUB_BORROW(r6, a8, r6, carry, carry);
+ MP_SUB_BORROW(r7, a10, r7, carry, carry);
+ r8 -= carry;
/* diff 6 */
- MP_SUB_BORROW(r0, a12, r0, carry);
- MP_SUB_BORROW(r1, a13, r1, carry);
- MP_SUB_BORROW(r2, a14, r2, carry);
- MP_SUB_BORROW(r3, a15, r3, carry);
- MP_SUB_BORROW(r4, 0, r4, carry);
- MP_SUB_BORROW(r5, 0, r5, carry);
- MP_SUB_BORROW(r6, a9, r6, carry);
- MP_SUB_BORROW(r7, a11, r7, carry);
- r8 -= carry; carry = 0;
+ MP_SUB_BORROW(r0, a12, r0, 0, carry);
+ MP_SUB_BORROW(r1, a13, r1, carry, carry);
+ MP_SUB_BORROW(r2, a14, r2, carry, carry);
+ MP_SUB_BORROW(r3, a15, r3, carry, carry);
+ MP_SUB_BORROW(r4, 0, r4, carry, carry);
+ MP_SUB_BORROW(r5, 0, r5, carry, carry);
+ MP_SUB_BORROW(r6, a9, r6, carry, carry);
+ MP_SUB_BORROW(r7, a11, r7, carry, carry);
+ r8 -= carry;
/* diff 7 */
- MP_SUB_BORROW(r0, a13, r0, carry);
- MP_SUB_BORROW(r1, a14, r1, carry);
- MP_SUB_BORROW(r2, a15, r2, carry);
- MP_SUB_BORROW(r3, a8, r3, carry);
- MP_SUB_BORROW(r4, a9, r4, carry);
- MP_SUB_BORROW(r5, a10, r5, carry);
- MP_SUB_BORROW(r6, 0, r6, carry);
- MP_SUB_BORROW(r7, a12, r7, carry);
- r8 -= carry; carry = 0;
+ MP_SUB_BORROW(r0, a13, r0, 0, carry);
+ MP_SUB_BORROW(r1, a14, r1, carry, carry);
+ MP_SUB_BORROW(r2, a15, r2, carry, carry);
+ MP_SUB_BORROW(r3, a8, r3, carry, carry);
+ MP_SUB_BORROW(r4, a9, r4, carry, carry);
+ MP_SUB_BORROW(r5, a10, r5, carry, carry);
+ MP_SUB_BORROW(r6, 0, r6, carry, carry);
+ MP_SUB_BORROW(r7, a12, r7, carry, carry);
+ r8 -= carry;
/* diff 8 */
- MP_SUB_BORROW(r0, a14, r0, carry);
- MP_SUB_BORROW(r1, a15, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, a9, r3, carry);
- MP_SUB_BORROW(r4, a10, r4, carry);
- MP_SUB_BORROW(r5, a11, r5, carry);
- MP_SUB_BORROW(r6, 0, r6, carry);
- MP_SUB_BORROW(r7, a13, r7, carry);
+ MP_SUB_BORROW(r0, a14, r0, 0, carry);
+ MP_SUB_BORROW(r1, a15, r1, carry, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry, carry);
+ MP_SUB_BORROW(r3, a9, r3, carry, carry);
+ MP_SUB_BORROW(r4, a10, r4, carry, carry);
+ MP_SUB_BORROW(r5, a11, r5, carry, carry);
+ MP_SUB_BORROW(r6, 0, r6, carry, carry);
+ MP_SUB_BORROW(r7, a13, r7, carry, carry);
r8 -= carry;
/* reduce the overflows */
while (r8 > 0) {
- mp_digit r8_d = r8; carry = 0;
- carry = 0;
- MP_ADD_CARRY(r0, r8_d, r0, carry);
- MP_ADD_CARRY(r1, 0, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
- MP_ADD_CARRY(r3, 0-r8_d, r3, carry);
- MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry);
- MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry);
- MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry);
- MP_ADD_CARRY(r7, (r8_d-1), r7, carry);
+ mp_digit r8_d = r8;
+ MP_ADD_CARRY(r0, r8_d, r0, 0, carry);
+ MP_ADD_CARRY(r1, 0, r1, carry, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry, carry);
+ MP_ADD_CARRY(r3, 0-r8_d, r3, carry, carry);
+ MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry, carry);
+ MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry, carry);
+ MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry, carry);
+ MP_ADD_CARRY(r7, (r8_d-1), r7, carry, carry);
r8 = carry;
}
/* reduce the underflows */
while (r8 < 0) {
mp_digit r8_d = -r8;
- carry = 0;
- MP_SUB_BORROW(r0, r8_d, r0, carry);
- MP_SUB_BORROW(r1, 0, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, 0-r8_d, r3, carry);
- MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry);
- MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry);
- MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry);
- MP_SUB_BORROW(r7, (r8_d-1), r7, carry);
+ MP_SUB_BORROW(r0, r8_d, r0, 0, carry);
+ MP_SUB_BORROW(r1, 0, r1, carry, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry, carry);
+ MP_SUB_BORROW(r3, 0-r8_d, r3, carry, carry);
+ MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry, carry);
+ MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry, carry);
+ MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry, carry);
+ MP_SUB_BORROW(r7, (r8_d-1), r7, carry, carry);
r8 = 0-carry;
}
if (a != r) {
MP_CHECKOK(s_mp_pad(r,8));
}
MP_SIGN(r) = MP_ZPOS;
MP_USED(r) = 8;
@@ -227,104 +224,90 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_
a4l = a4 << 32;
a4h = a4 >> 32;
r3 = MP_DIGIT(a,3);
r2 = MP_DIGIT(a,2);
r1 = MP_DIGIT(a,1);
r0 = MP_DIGIT(a,0);
/* sum 1 */
- carry = 0;
- carry = 0;
- MP_ADD_CARRY(r1, a5h << 32, r1, carry);
- MP_ADD_CARRY(r2, a6, r2, carry);
- MP_ADD_CARRY(r3, a7, r3, carry);
- r4 = carry; carry = 0;
- carry = 0;
- MP_ADD_CARRY(r1, a5h << 32, r1, carry);
- MP_ADD_CARRY(r2, a6, r2, carry);
- MP_ADD_CARRY(r3, a7, r3, carry);
- r4 += carry; carry = 0;
+ MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry);
+ MP_ADD_CARRY(r2, a6, r2, carry, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry, carry);
+ r4 = carry;
+ MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry);
+ MP_ADD_CARRY(r2, a6, r2, carry, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry, carry);
+ r4 += carry;
/* sum 2 */
- carry = 0;
- MP_ADD_CARRY(r1, a6l, r1, carry);
- MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
- MP_ADD_CARRY(r3, a7h, r3, carry);
- r4 += carry; carry = 0;
- carry = 0;
- MP_ADD_CARRY(r1, a6l, r1, carry);
- MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
- MP_ADD_CARRY(r3, a7h, r3, carry);
- r4 += carry; carry = 0;
+ MP_ADD_CARRY(r1, a6l, r1, 0, carry);
+ MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry);
+ MP_ADD_CARRY(r3, a7h, r3, carry, carry);
+ r4 += carry;
+ MP_ADD_CARRY(r1, a6l, r1, 0, carry);
+ MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry);
+ MP_ADD_CARRY(r3, a7h, r3, carry, carry);
+ r4 += carry;
/* sum 3 */
- carry = 0;
- MP_ADD_CARRY(r0, a4, r0, carry);
- MP_ADD_CARRY(r1, a5l >> 32, r1, carry);
- MP_ADD_CARRY(r2, 0, r2, carry);
- MP_ADD_CARRY(r3, a7, r3, carry);
- r4 += carry; carry = 0;
+ MP_ADD_CARRY(r0, a4, r0, 0, carry);
+ MP_ADD_CARRY(r1, a5l >> 32, r1, carry, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry, carry);
+ r4 += carry;
/* sum 4 */
- carry = 0;
- MP_ADD_CARRY(r0, a4h | a5l, r0, carry);
- MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry);
- MP_ADD_CARRY(r2, a7, r2, carry);
- MP_ADD_CARRY(r3, a6h | a4l, r3, carry);
+ MP_ADD_CARRY(r0, a4h | a5l, r0, 0, carry);
+ MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry, carry);
+ MP_ADD_CARRY(r2, a7, r2, carry, carry);
+ MP_ADD_CARRY(r3, a6h | a4l, r3, carry, carry);
r4 += carry;
/* diff 5 */
- carry = 0;
- MP_SUB_BORROW(r0, a5h | a6l, r0, carry);
- MP_SUB_BORROW(r1, a6h, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry);
+ MP_SUB_BORROW(r0, a5h | a6l, r0, 0, carry);
+ MP_SUB_BORROW(r1, a6h, r1, carry, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry, carry);
+ MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry, carry);
r4 -= carry;
/* diff 6 */
- carry = 0;
- MP_SUB_BORROW(r0, a6, r0, carry);
- MP_SUB_BORROW(r1, a7, r1, carry);
- MP_SUB_BORROW(r2, 0, r2, carry);
- MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry);
+ MP_SUB_BORROW(r0, a6, r0, 0, carry);
+ MP_SUB_BORROW(r1, a7, r1, carry, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry, carry);
+ MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry, carry);
r4 -= carry;
/* diff 7 */
- carry = 0;
- MP_SUB_BORROW(r0, a6h|a7l, r0, carry);
- MP_SUB_BORROW(r1, a7h|a4l, r1, carry);
- MP_SUB_BORROW(r2, a4h|a5l, r2, carry);
- MP_SUB_BORROW(r3, a6l, r3, carry);
+ MP_SUB_BORROW(r0, a6h|a7l, r0, 0, carry);
+ MP_SUB_BORROW(r1, a7h|a4l, r1, carry, carry);
+ MP_SUB_BORROW(r2, a4h|a5l, r2, carry, carry);
+ MP_SUB_BORROW(r3, a6l, r3, carry, carry);
r4 -= carry;
/* diff 8 */
- carry = 0;
- MP_SUB_BORROW(r0, a7, r0, carry);
- MP_SUB_BORROW(r1, a4h<<32, r1, carry);
- MP_SUB_BORROW(r2, a5, r2, carry);
- MP_SUB_BORROW(r3, a6h<<32, r3, carry);
+ MP_SUB_BORROW(r0, a7, r0, 0, carry);
+ MP_SUB_BORROW(r1, a4h<<32, r1, carry, carry);
+ MP_SUB_BORROW(r2, a5, r2, carry, carry);
+ MP_SUB_BORROW(r3, a6h<<32, r3, carry, carry);
r4 -= carry;
/* reduce the overflows */
while (r4 > 0) {
mp_digit r4_long = r4;
mp_digit r4l = (r4_long << 32);
- carry = 0;
- carry = 0;
- MP_ADD_CARRY(r0, r4_long, r0, carry);
- MP_ADD_CARRY(r1, 0-r4l, r1, carry);
- MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry);
- MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry);
+ MP_ADD_CARRY(r0, r4_long, r0, 0, carry);
+ MP_ADD_CARRY(r1, 0-r4l, r1, carry, carry);
+ MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry, carry);
+ MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry, carry);
r4 = carry;
}
/* reduce the underflows */
while (r4 < 0) {
mp_digit r4_long = -r4;
mp_digit r4l = (r4_long << 32);
- carry = 0;
- MP_SUB_BORROW(r0, r4_long, r0, carry);
- MP_SUB_BORROW(r1, 0-r4l, r1, carry);
- MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry);
- MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry);
+ MP_SUB_BORROW(r0, r4_long, r0, 0, carry);
+ MP_SUB_BORROW(r1, 0-r4l, r1, carry, carry);
+ MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry, carry);
+ MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry, carry);
r4 = 0-carry;
}
if (a != r) {
MP_CHECKOK(s_mp_pad(r,4));
}
MP_SIGN(r) = MP_ZPOS;
MP_USED(r) = 4;
--- a/lib/freebl/ecl/ecp_521.c
+++ b/lib/freebl/ecl/ecp_521.c
@@ -12,17 +12,17 @@
/* Fast modular reduction for p521 = 2^521 - 1. a can be r. Uses
* algorithm 2.31 from Hankerson, Menezes, Vanstone. Guide to
* Elliptic Curve Cryptography. */
static mp_err
ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
mp_err res = MP_OKAY;
int a_bits = mpl_significant_bits(a);
- unsigned int i;
+ int i;
/* m1, m2 are statically-allocated mp_int of exactly the size we need */
mp_int m1;
mp_digit s1[ECP521_DIGITS] = { 0 };
MP_SIGN(&m1) = MP_ZPOS;
MP_ALLOC(&m1) = ECP521_DIGITS;
--- a/lib/freebl/ecl/ecp_jac.c
+++ b/lib/freebl/ecl/ecp_jac.c
@@ -382,17 +382,17 @@ mp_err
ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
const mp_int *py, mp_int *rx, mp_int *ry,
const ECGroup *group)
{
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
mp_int rz;
const mp_int *a, *b;
- unsigned int i, j;
+ int i, j;
int ai, bi, d;
for (i = 0; i < 4; i++) {
for (j = 0; j < 4; j++) {
MP_DIGITS(&precomp[i][j][0]) = 0;
MP_DIGITS(&precomp[i][j][1]) = 0;
}
}
@@ -489,17 +489,17 @@ ec_GFp_pts_mul_jac(const mp_int *k1, con
}
d = (mpl_significant_bits(a) + 1) / 2;
/* R = inf */
MP_CHECKOK(mp_init(&rz));
MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
- for (i = d; i-- > 0;) {
+ for (i = d - 1; i >= 0; i--) {
ai = MP_GET_BIT(a, 2 * i + 1);
ai <<= 1;
ai |= MP_GET_BIT(a, 2 * i);
bi = MP_GET_BIT(b, 2 * i + 1);
bi <<= 1;
bi |= MP_GET_BIT(b, 2 * i);
/* R = 2^2 * R */
MP_CHECKOK(ec_GFp_pt_dbl_jac(rx, ry, &rz, rx, ry, &rz, group));
--- a/lib/freebl/ldvector.c
+++ b/lib/freebl/ldvector.c
@@ -289,17 +289,20 @@ static const struct FREEBLVectorStr vect
EC_CopyParams
/* End of Version 3.017 */
};
const FREEBLVector *
FREEBL_GetVector(void)
{
-#define NSS_VERSION_VARIABLE __nss_freebl_version
-#include "verref.h"
+ extern const char __nss_freebl_version[];
+ /* force a reference that won't get optimized away */
+ volatile char c;
+
+ c = __nss_freebl_version[0];
#ifdef FREEBL_NO_DEPEND
FREEBL_InitStubs();
#endif
return &vector;
}
--- a/lib/freebl/loader.c
+++ b/lib/freebl/loader.c
@@ -127,40 +127,35 @@ freebl_LoadDSO( void )
if (!name) {
PR_SetError(PR_LOAD_LIBRARY_ERROR, 0);
return PR_FAILURE;
}
handle = loader_LoadLibrary(name);
if (handle) {
PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
+ PRStatus status;
if (address) {
FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address;
const FREEBLVector * dsoVector = getVector();
if (dsoVector) {
unsigned short dsoVersion = dsoVector->version;
unsigned short myVersion = FREEBL_VERSION;
if (MSB(dsoVersion) == MSB(myVersion) &&
LSB(dsoVersion) >= LSB(myVersion) &&
dsoVector->length >= sizeof(FREEBLVector)) {
vector = dsoVector;
libraryName = name;
blLib = handle;
return PR_SUCCESS;
}
}
}
-#ifdef DEBUG
- {
- PRStatus status = PR_UnloadLibrary(blLib);
- PORT_Assert(PR_SUCCESS == status);
- }
-#else
- PR_UnloadLibrary(blLib);
-#endif
+ status = PR_UnloadLibrary(handle);
+ PORT_Assert(PR_SUCCESS == status);
}
return PR_FAILURE;
}
static const PRCallOnceType pristineCallOnce;
static PRCallOnceType loadFreeBLOnce;
static PRStatus
@@ -901,22 +896,18 @@ BL_Unload(void)
char *disableUnload = NULL;
vector = NULL;
/* If an SSL socket is configured with SSL_BYPASS_PKCS11, but the application
* never does a handshake on it, BL_Unload will be called even though freebl
* was never loaded. So, don't assert blLib. */
if (blLib) {
disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
-#ifdef DEBUG
PRStatus status = PR_UnloadLibrary(blLib);
PORT_Assert(PR_SUCCESS == status);
-#else
- PR_UnloadLibrary(blLib);
-#endif
}
blLib = NULL;
}
loadFreeBLOnce = pristineCallOnce;
}
/* ============== New for 3.003 =============================== */
--- a/lib/freebl/mpi/mpcpucache.c
+++ b/lib/freebl/mpi/mpcpucache.c
@@ -1,14 +1,13 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mpi.h"
-#include "prtypes.h"
/*
* This file implements a single function: s_mpi_getProcessorLineSize();
* s_mpi_getProcessorLineSize() returns the size in bytes of the cache line
* if a cache exists, or zero if there is no cache. If more than one
* cache line exists, it should return the smallest line size (which is
* usually the L1 cache).
*
@@ -615,62 +614,78 @@ static const int n_manufacturers = sizeo
#define MAN_UNKNOWN 9
#if !defined(AMD_64)
#define SSE2_FLAG (1<<26)
unsigned long
s_mpi_is_sse2()
{
unsigned long eax, ebx, ecx, edx;
+ int manufacturer = MAN_UNKNOWN;
+ int i;
+ char string[13];
if (is386() || is486()) {
return 0;
}
freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
+ /* string holds the CPU's manufacturer ID string - a twelve
+ * character ASCII string stored in ebx, edx, ecx, and
+ * the 32-bit extended feature flags are in edx, ecx.
+ */
+ *(int *)string = ebx;
+ *(int *)&string[4] = (int)edx;
+ *(int *)&string[8] = (int)ecx;
+ string[12] = 0;
/* has no SSE2 extensions */
if (eax == 0) {
return 0;
}
+ for (i=0; i < n_manufacturers; i++) {
+ if ( strcmp(manMap[i],string) == 0) {
+ manufacturer = i;
+ break;
+ }
+ }
+
freebl_cpuid(1,&eax,&ebx,&ecx,&edx);
return (edx & SSE2_FLAG) == SSE2_FLAG;
}
#endif
unsigned long
s_mpi_getProcessorLineSize()
{
unsigned long eax, ebx, ecx, edx;
- PRUint32 cpuid[3];
unsigned long cpuidLevel;
unsigned long cacheLineSize = 0;
int manufacturer = MAN_UNKNOWN;
int i;
- char string[13];
+ char string[65];
#if !defined(AMD_64)
if (is386()) {
return 0; /* 386 had no cache */
} if (is486()) {
return 32; /* really? need more info */
}
#endif
/* Pentium, cpuid command is available */
freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
cpuidLevel = eax;
/* string holds the CPU's manufacturer ID string - a twelve
* character ASCII string stored in ebx, edx, ecx, and
* the 32-bit extended feature flags are in edx, ecx.
*/
- cpuid[0] = ebx;
- cpuid[1] = ecx;
- cpuid[2] = edx;
- memcpy(string, cpuid, sizeof(cpuid));
+ *(int *)string = ebx;
+ *(int *)&string[4] = (int)edx;
+ *(int *)&string[8] = (int)ecx;
string[12] = 0;
manufacturer = MAN_UNKNOWN;
for (i=0; i < n_manufacturers; i++) {
if ( strcmp(manMap[i],string) == 0) {
manufacturer = i;
}
}
--- a/lib/freebl/mpi/mpi-priv.h
+++ b/lib/freebl/mpi/mpi-priv.h
@@ -249,20 +249,18 @@ void MPI_ASM_DECL s_mpv_mul_d_add_pr
void MPI_ASM_DECL s_mpv_sqr_add_prop(const mp_digit *a,
mp_size a_len,
mp_digit *sqrs);
mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo,
mp_digit divisor, mp_digit *quot, mp_digit *rem);
/* c += a * b * (MP_RADIX ** offset); */
-/* Callers of this macro should be aware that the return type might vary;
- * it should be treated as a void function. */
#define s_mp_mul_d_add_offset(a, b, c, off) \
- s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off)
+(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY)
typedef struct {
mp_int N; /* modulus N */
mp_digit n0prime; /* n0' = - (n0 ** -1) mod MP_RADIX */
} mp_mont_modulus;
mp_err s_mp_mul_mont(const mp_int *a, const mp_int *b, mp_int *c,
mp_mont_modulus *mmm);
--- a/lib/freebl/mpi/mpi.c
+++ b/lib/freebl/mpi/mpi.c
@@ -1090,17 +1090,17 @@ mp_err mp_div_2d(const mp_int *a, mp_dig
standard iterative square-and-multiply technique.
*/
mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
{
mp_int s, x;
mp_err res;
mp_digit d;
- unsigned int dig, bit;
+ int dig, bit;
ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
if(mp_cmp_z(b) < 0)
return MP_RANGE;
if((res = mp_init(&s)) != MP_OKAY)
return res;
@@ -1465,17 +1465,17 @@ mp_err mp_sqrmod(const mp_int *a, const
s_mp_reduce() below for details)
*/
mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c)
{
mp_int s, x, mu;
mp_err res;
mp_digit d;
- unsigned int dig, bit;
+ int dig, bit;
ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
if(mp_cmp_z(b) < 0 || mp_cmp_z(m) <= 0)
return MP_RANGE;
if((res = mp_init(&s)) != MP_OKAY)
return res;
@@ -1999,17 +1999,17 @@ mp_err mp_xgcd(const mp_int *a, const mp
} /* end mp_xgcd() */
/* }}} */
mp_size mp_trailing_zeros(const mp_int *mp)
{
mp_digit d;
mp_size n = 0;
- unsigned int ix;
+ int ix;
if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp))
return n;
for (ix = 0; !(d = MP_DIGIT(mp,ix)) && (ix < MP_USED(mp)); ++ix)
n += MP_DIGIT_BIT;
if (!d)
return 0; /* shouldn't happen, but ... */
@@ -2911,34 +2911,36 @@ void s_mp_exch(mp_int *a, mp_int *b)
Shift mp leftward by p digits, growing if needed, and zero-filling
the in-shifted digits at the right end. This is a convenient
alternative to multiplication by powers of the radix
*/
mp_err s_mp_lshd(mp_int *mp, mp_size p)
{
mp_err res;
- unsigned int ix;
+ mp_size pos;
+ int ix;
if(p == 0)
return MP_OKAY;
if (MP_USED(mp) == 1 && MP_DIGIT(mp, 0) == 0)
return MP_OKAY;
if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY)
return res;
+ pos = USED(mp) - 1;
+
/* Shift all the significant figures over as needed */
- for (ix = USED(mp) - p; ix-- > 0;) {
+ for(ix = pos - p; ix >= 0; ix--)
DIGIT(mp, ix + p) = DIGIT(mp, ix);
- }
/* Fill the bottom digits with zeroes */
- for(ix = 0; (mp_size)ix < p; ix++)
+ for(ix = 0; ix < p; ix++)
DIGIT(mp, ix) = 0;
return MP_OKAY;
} /* end s_mp_lshd() */
/* }}} */
@@ -3039,17 +3041,17 @@ void s_mp_div_2(mp_int *mp)
/* }}} */
/* {{{ s_mp_mul_2(mp) */
mp_err s_mp_mul_2(mp_int *mp)
{
mp_digit *pd;
- unsigned int ix, used;
+ int ix, used;
mp_digit kin = 0;
/* Shift digits leftward by 1 bit */
used = MP_USED(mp);
pd = MP_DIGITS(mp);
for (ix = 0; ix < used; ix++) {
mp_digit d = *pd;
*pd++ = (d << 1) | kin;
@@ -4665,20 +4667,20 @@ mp_read_unsigned_octets(mp_int *mp, cons
}
MP_DIGIT(mp, 0) = d;
}
return MP_OKAY;
} /* end mp_read_unsigned_octets() */
/* }}} */
/* {{{ mp_unsigned_octet_size(mp) */
-unsigned int
+int
mp_unsigned_octet_size(const mp_int *mp)
{
- unsigned int bytes;
+ int bytes;
int ix;
mp_digit d = 0;
ARGCHK(mp != NULL, MP_BADARG);
ARGCHK(MP_ZPOS == SIGN(mp), MP_BADARG);
bytes = (USED(mp) * sizeof(mp_digit));
@@ -4705,22 +4707,22 @@ mp_unsigned_octet_size(const mp_int *mp)
/* }}} */
/* {{{ mp_to_unsigned_octets(mp, str) */
/* output a buffer of big endian octets no longer than specified. */
mp_err
mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
{
int ix, pos = 0;
- unsigned int bytes;
+ int bytes;
ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes <= maxlen, MP_BADARG);
+ ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG);
/* Iterate over each digit... */
for(ix = USED(mp) - 1; ix >= 0; ix--) {
mp_digit d = DIGIT(mp, ix);
int jx;
/* Unpack digit bytes, high order first */
for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
@@ -4737,22 +4739,22 @@ mp_to_unsigned_octets(const mp_int *mp,
/* }}} */
/* {{{ mp_to_signed_octets(mp, str) */
/* output a buffer of big endian octets no longer than specified. */
mp_err
mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
{
int ix, pos = 0;
- unsigned int bytes;
+ int bytes;
ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes <= maxlen, MP_BADARG);
+ ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG);
/* Iterate over each digit... */
for(ix = USED(mp) - 1; ix >= 0; ix--) {
mp_digit d = DIGIT(mp, ix);
int jx;
/* Unpack digit bytes, high order first */
for(jx = sizeof(mp_digit) - 1; jx >= 0; jx--) {
@@ -4777,22 +4779,22 @@ mp_to_signed_octets(const mp_int *mp, un
/* }}} */
/* {{{ mp_to_fixlen_octets(mp, str) */
/* output a buffer of big endian octets exactly as long as requested. */
mp_err
mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length)
{
int ix, pos = 0;
- unsigned int bytes;
+ int bytes;
ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes <= length, MP_BADARG);
+ ARGCHK(bytes >= 0 && bytes <= length, MP_BADARG);
/* place any needed leading zeros */
for (;length > bytes; --length) {
*str++ = 0;
}
/* Iterate over each digit... */
for(ix = USED(mp) - 1; ix >= 0; ix--) {
--- a/lib/freebl/mpi/mpi.h
+++ b/lib/freebl/mpi/mpi.h
@@ -253,17 +253,17 @@ int mp_tovalue(char ch, int r);
#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
#define mp_tohex(M, S) mp_toradix((M), (S), 16)
/* Error strings */
const char *mp_strerror(mp_err ec);
/* Octet string conversion functions */
mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len);
-unsigned int mp_unsigned_octet_size(const mp_int *mp);
+int mp_unsigned_octet_size(const mp_int *mp);
mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen);
mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen);
mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len);
/* Miscellaneous */
mp_size mp_trailing_zeros(const mp_int *mp);
void freebl_cpuid(unsigned long op, unsigned long *eax,
unsigned long *ebx, unsigned long *ecx,
--- a/lib/freebl/mpi/mplogic.c
+++ b/lib/freebl/mpi/mplogic.c
@@ -398,19 +398,19 @@ mp_err mpl_get_bits(const mp_int *a, mp_
return (mp_err)mask;
}
/*
mpl_significant_bits
returns number of significnant bits in abs(a).
returns 1 if value is zero.
*/
-mp_size mpl_significant_bits(const mp_int *a)
+mp_err mpl_significant_bits(const mp_int *a)
{
- mp_size bits = 0;
+ mp_err bits = 0;
int ix;
ARGCHK(a != NULL, MP_BADARG);
ix = MP_USED(a);
for (ix = MP_USED(a); ix > 0; ) {
mp_digit d;
d = MP_DIGIT(a, --ix);
--- a/lib/freebl/mpi/mplogic.h
+++ b/lib/freebl/mpi/mplogic.h
@@ -42,11 +42,11 @@ mp_err mpl_num_set(mp_int *a, int *num);
mp_err mpl_num_clear(mp_int *a, int *num); /* count clear bits */
mp_err mpl_parity(mp_int *a); /* determine parity */
/* Get & Set the value of a bit */
mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value);
mp_err mpl_get_bit(const mp_int *a, mp_size bitNum);
mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits);
-mp_size mpl_significant_bits(const mp_int *a);
+mp_err mpl_significant_bits(const mp_int *a);
#endif /* end _H_MPLOGIC_ */
--- a/lib/freebl/mpi/mpmontg.c
+++ b/lib/freebl/mpi/mpmontg.c
@@ -42,17 +42,17 @@ mp_err s_mp_redc(mp_int *T, mp_mont_modu
mp_err res;
mp_size i;
i = (MP_USED(&mmm->N) << 1) + 1;
MP_CHECKOK( s_mp_pad(T, i) );
for (i = 0; i < MP_USED(&mmm->N); ++i ) {
mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime;
/* T += N * m_i * (MP_RADIX ** i); */
- s_mp_mul_d_add_offset(&mmm->N, m_i, T, i);
+ MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) );
}
s_mp_clamp(T);
/* T /= R */
s_mp_rshd( T, MP_USED(&mmm->N) );
if ((res = s_mp_cmp(T, &mmm->N)) >= 0) {
/* T = T - N */
--- a/lib/freebl/mpi/mpprime.c
+++ b/lib/freebl/mpi/mpprime.c
@@ -389,17 +389,17 @@ mp_err mpp_sieve(mp_int *trial, const mp
#define SIEVE_SIZE 32*1024
mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
unsigned long * nTries)
{
mp_digit np;
mp_err res;
- unsigned int i = 0;
+ int i = 0;
mp_int trial;
mp_int q;
mp_size num_tests;
unsigned char *sieve;
ARGCHK(start != 0, MP_BADARG);
ARGCHK(nBits > 16, MP_RANGE);
--- a/lib/freebl/nsslowhash.c
+++ b/lib/freebl/nsslowhash.c
@@ -280,19 +280,24 @@ static int nsslow_GetFIPSEnabled(void) {
static int post = 0;
static int post_failed = 0;
static NSSLOWInitContext dummyContext = { 0 };
NSSLOWInitContext *
NSSLOW_Init(void)
{
+ SECStatus rv;
CK_RV crv;
#ifdef FREEBL_NO_DEPEND
- (void)FREEBL_InitStubs();
+ PRBool nsprAvailable = PR_FALSE;
+
+
+ rv = FREEBL_InitStubs();
+ nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE;
#endif
if (post_failed) {
return NULL;
}
if (!post && nsslow_GetFIPSEnabled()) {
--- a/lib/freebl/pqg.c
+++ b/lib/freebl/pqg.c
@@ -489,17 +489,17 @@ cleanup:
SECStatus
makePrimefromPrimesShaweTaylor(
HASH_HashType hashtype, /* selected Hashing algorithm */
unsigned int length, /* input. Length of prime in bits. */
mp_int * c0, /* seed prime */
mp_int * q, /* sub prime, can be 1 */
mp_int * prime, /* output. */
SECItem * prime_seed, /* input/output. */
- unsigned int *prime_gen_counter) /* input/output. */
+ int * prime_gen_counter) /* input/output. */
{
mp_int c;
mp_int c0_2;
mp_int t;
mp_int a;
mp_int z;
mp_int two_length_minus_1;
SECStatus rv = SECFailure;
@@ -722,17 +722,17 @@ cleanup:
*/
SECStatus
makePrimefromSeedShaweTaylor(
HASH_HashType hashtype, /* selected Hashing algorithm */
unsigned int length, /* input. Length of prime in bits. */
const SECItem * input_seed, /* input. */
mp_int * prime, /* output. */
SECItem * prime_seed, /* output. */
- unsigned int *prime_gen_counter) /* output. */
+ int * prime_gen_counter) /* output. */
{
mp_int c;
mp_int c0;
mp_int one;
SECStatus rv = SECFailure;
int hashlen = HASH_ResultLen(hashtype);
int outlen = hashlen*PR_BITS_PER_BYTE;
int offset;
@@ -877,17 +877,17 @@ cleanup:
static SECStatus
findQfromSeed(
unsigned int L, /* input. Length of p in bits. */
unsigned int N, /* input. Length of q in bits. */
unsigned int g, /* input. Length of seed in bits. */
const SECItem * seed, /* input. */
mp_int * Q, /* input. */
mp_int * Q_, /* output. */
- unsigned int *qseed_len, /* output */
+ int * qseed_len, /* output */
HASH_HashType *hashtypePtr, /* output. Hash uses */
pqgGenType *typePtr) /* output. Generation Type used */
{
HASH_HashType hashtype;
SECItem firstseed = { 0, 0, 0 };
SECItem qseed = { 0, 0, 0 };
SECStatus rv;
@@ -932,17 +932,17 @@ const SECItem * seed, /* input
}
/*
* OK finally try FIPS186_3 Shawe-Taylor
*/
firstseed = *seed;
firstseed.len = seed->len/3;
for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL;
hashtype=getNextHash(hashtype)) {
- unsigned int count;
+ int count;
rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_,
&qseed, &count);
if (rv != SECSuccess) {
continue;
}
if (mp_cmp(Q,Q_) == 0) {
/* check qseed as well... */
@@ -1224,16 +1224,17 @@ cleanup:
** and so that the correctness of this code can be easily verified.
** So, please forgive the ugly c code.
**/
static SECStatus
pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
{
unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
+ unsigned int b; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/
unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int outlen; /* Per FIPS 186-3, appendix A.1.1.2. */
unsigned int maxCount;
HASH_HashType hashtype;
SECItem *seed; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
PLArenaPool *arena = NULL;
@@ -1303,17 +1304,18 @@ pqg_ParamGen(unsigned int L, unsigned in
/* Select Hash and Compute lengths. */
/* getFirstHash gives us the smallest acceptable hash for this key
* strength */
hashtype = getFirstHash(L,N);
outlen = HASH_ResultLen(hashtype)*PR_BITS_PER_BYTE;
/* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
n = (L - 1) / outlen;
- /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */
+ /* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */
+ b = (L - 1) % outlen;
seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */
step_5:
/* ******************************************************************
** Step 5. (Step 1 in 186-1)
** "Choose an abitrary sequence of at least N bits and call it SEED.
** Let g be the length of SEED in bits."
*/
if (++iterations > MAX_ITERATIONS) { /* give up after a while */
@@ -1341,17 +1343,17 @@ step_5:
** FIPS186_3_ST_TYPE.
*/
if (type == FIPS186_1_TYPE) {
CHECK_SEC_OK( makeQfromSeed(seedlen, seed, &Q) );
} else if (type == FIPS186_3_TYPE) {
CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) );
} else {
/* FIPS186_3_ST_TYPE */
- unsigned int qgen_counter, pgen_counter;
+ int qgen_counter, pgen_counter;
/* Step 1 (L,N) already checked for acceptability */
firstseed = *seed;
qgen_counter = 0;
/* Step 2. Use N and firstseed to generate random prime q
* using Apendix C.6 */
CHECK_SEC_OK( makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, &Q,
@@ -1582,17 +1584,17 @@ PQG_VerifyParams(const PQGParams *params
const PQGVerify *vfy, SECStatus *result)
{
SECStatus rv = SECSuccess;
unsigned int g, n, L, N, offset, outlen;
mp_int p0, P, Q, G, P_, Q_, G_, r, h;
mp_err err = MP_OKAY;
int j;
unsigned int counter_max = 0; /* handle legacy L < 1024 */
- unsigned int qseed_len;
+ int qseed_len;
SECItem pseed_ = {0, 0, 0};
HASH_HashType hashtype;
pqgGenType type;
#define CHECKPARAM(cond) \
if (!(cond)) { \
*result = SECFailure; \
goto cleanup; \
@@ -1675,18 +1677,18 @@ PQG_VerifyParams(const PQGParams *params
/* This function checks all possible hash and generation types to
* find a Q_ which matches Q. */
CHECKPARAM( findQfromSeed(L, N, g, &vfy->seed, &Q, &Q_, &qseed_len,
&hashtype, &type) == SECSuccess );
CHECKPARAM( mp_cmp(&Q, &Q_) == 0 );
if (type == FIPS186_3_ST_TYPE) {
SECItem qseed = { 0, 0, 0 };
SECItem pseed = { 0, 0, 0 };
- unsigned int first_seed_len;
- unsigned int pgen_counter = 0;
+ int first_seed_len;
+ int pgen_counter = 0;
/* extract pseed and qseed from domain_parameter_seed, which is
* first_seed || pseed || qseed. qseed is first_seed + small_integer
* pseed is qseed + small_integer. This means most of the time
* first_seed.len == qseed.len == pseed.len. Rarely qseed.len and/or
* pseed.len will be one greater than first_seed.len, so we can
* depend on the fact that
* first_seed.len = floor(domain_parameter_seed.len/3).
--- a/lib/freebl/rsa.c
+++ b/lib/freebl/rsa.c
@@ -243,17 +243,17 @@ RSA_NewKey(int keySizeInBits, SECItem *p
int kiter;
mp_err err = MP_OKAY;
SECStatus rv = SECSuccess;
int prerr = 0;
RSAPrivateKey *key = NULL;
PLArenaPool *arena = NULL;
/* Require key size to be a multiple of 16 bits. */
if (!publicExponent || keySizeInBits % 16 != 0 ||
- BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits/8, publicExponent->len)) {
+ BAD_RSA_KEY_SIZE(keySizeInBits/8, publicExponent->len)) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
/* 1. Allocate arena & key */
arena = PORT_NewArena(NSS_FREEBL_DEFAULT_CHUNKSIZE);
if (!arena) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
return NULL;
--- a/lib/freebl/sha512.c
+++ b/lib/freebl/sha512.c
@@ -923,24 +923,20 @@ SHA512_Begin(SHA512Context *ctx)
#endif
static void
SHA512_Compress(SHA512Context *ctx)
{
#if defined(IS_LITTLE_ENDIAN)
{
#if defined(HAVE_LONG_LONG)
-#if defined(SHA_MASK16)
PRUint64 t1;
-#endif
#else
-#if defined(SHA4MASK)
PRUint32 t1;
#endif
-#endif
BYTESWAP8(W[0]);
BYTESWAP8(W[1]);
BYTESWAP8(W[2]);
BYTESWAP8(W[3]);
BYTESWAP8(W[4]);
BYTESWAP8(W[5]);
BYTESWAP8(W[6]);
BYTESWAP8(W[7]);
@@ -1222,25 +1218,21 @@ SHA512_Update(SHA512Context *ctx, const
}
void
SHA512_End(SHA512Context *ctx, unsigned char *digest,
unsigned int *digestLen, unsigned int maxDigestLen)
{
#if defined(HAVE_LONG_LONG)
unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
-#if defined(SHA_MASK16)
PRUint64 t1;
-#endif
#else
unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
-#if defined(SHA4MASK)
PRUint32 t1;
#endif
-#endif
unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
PRUint64 lo;
LL_SHL(lo, ctx->sizeLo, 3);
SHA512_Update(ctx, pad, padLen);
#if defined(HAVE_LONG_LONG)
W[14] = 0;
@@ -1272,24 +1264,20 @@ SHA512_End(SHA512Context *ctx, unsigned
*digestLen = padLen;
}
void
SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest,
unsigned int *digestLen, unsigned int maxDigestLen)
{
#if defined(HAVE_LONG_LONG)
-#if defined(SHA_MASK16)
PRUint64 t1;
-#endif
#else
-#if defined(SHA4MASK)
PRUint32 t1;
#endif
-#endif
PRUint64 h[8];
unsigned int len;
memcpy(h, ctx->h, sizeof(h));
#if defined(IS_LITTLE_ENDIAN)
BYTESWAP8(h[0]);
BYTESWAP8(h[1]);
--- a/lib/freebl/sha_fast.c
+++ b/lib/freebl/sha_fast.c
@@ -143,16 +143,17 @@ SHA1_Update(SHA1Context *ctx, const unsi
* SHA: Generate hash value from context
*/
void
SHA1_End(SHA1Context *ctx, unsigned char *hashout,
unsigned int *pDigestLen, unsigned int maxDigestLen)
{
register PRUint64 size;
register PRUint32 lenB;
+ PRUint32 tmpbuf[5];
static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
#define tmp lenB
PORT_Assert (maxDigestLen >= SHA1_LENGTH);
@@ -182,16 +183,17 @@ SHA1_End(SHA1Context *ctx, unsigned char
void
SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout,
unsigned int *pDigestLen, unsigned int maxDigestLen)
{
#if defined(SHA_NEED_TMP_VARIABLE)
register PRUint32 tmp;
#endif
+ PRUint32 tmpbuf[5];
PORT_Assert (maxDigestLen >= SHA1_LENGTH);
SHA_STORE_RESULT;
if (pDigestLen)
*pDigestLen = SHA1_LENGTH;
}
#undef B
--- a/lib/jar/jarfile.c
+++ b/lib/jar/jarfile.c
@@ -31,22 +31,21 @@ PR_STATIC_ASSERT(512 == sizeof(union Tar
static int
jar_guess_jar(const char *filename, JAR_FILE fp);
static int
jar_inflate_memory(unsigned int method, long *length, long expected_out_len,
char **data);
static int
-jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset,
- unsigned long length);
+jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length);
static int
-jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset,
- unsigned long length, unsigned int method);
+jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length,
+ unsigned int method);
static int
jar_verify_extract(JAR *jar, char *path, char *physical_path);
static JAR_Physical *
jar_get_physical(JAR *jar, char *pathname);
static int
@@ -70,20 +69,16 @@ jar_listzip(JAR *jar, JAR_FILE fp);
/* conversions */
static int
dosdate(char *date, const char *s);
static int
dostime(char *time, const char *s);
#ifdef NSS_X86_OR_X64
-/* The following macros throw up warnings. */
-#ifdef __GNUC__
-#pragma GCC diagnostic ignored "-Wstrict-aliasing"
-#endif
#define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii)))
#define x86LongToUint32(ii) (*(const PRUint32 *)(ii))
#else
static PRUint32
x86ShortToUint32(const void *ii);
static PRUint32
x86LongToUint32(const void *ll);
@@ -241,28 +236,27 @@ JAR_extract(JAR *jar, char *path, char *
* in one bulk calloc. (Necessary under Win16 platform.)
* This is done for uncompressed entries only.
*
*/
#define CHUNK 32768
static int
-jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset,
- unsigned long length)
+jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length)
{
JAR_FILE out;
char *buffer = (char *)PORT_ZAlloc(CHUNK);
int status = 0;
if (buffer == NULL)
return JAR_ERR_MEMORY;
if ((out = JAR_FOPEN (outpath, "wb")) != NULL) {
- unsigned long at = 0;
+ long at = 0;
JAR_FSEEK (fp, offset, (PRSeekWhence)0);
while (at < length) {
long chunk = (at + CHUNK <= length) ? CHUNK : length - at;
if (JAR_FREAD (fp, buffer, chunk) != chunk) {
status = JAR_ERR_DISK;
break;
}
@@ -290,17 +284,17 @@ jar_physical_extraction(JAR_FILE fp, cha
*
*/
/* input and output chunks differ, assume 4x compression */
#define ICHUNK 8192
#define OCHUNK 32768
static int
-jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned long length,
+jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length,
unsigned int method)
{
char *inbuf, *outbuf;
int status = 0;
z_stream zs;
JAR_FILE out;
/* Raw inflate in zlib 1.1.4 needs an extra dummy byte at the end */
@@ -316,21 +310,21 @@ jar_physical_inflate(JAR_FILE fp, char *
status = inflateInit2 (&zs, -MAX_WBITS);
if (status != Z_OK) {
PORT_Free (inbuf);
PORT_Free (outbuf);
return JAR_ERR_GENERAL;
}
if ((out = JAR_FOPEN (outpath, "wb")) != NULL) {
- unsigned long at = 0;
+ long at = 0;
JAR_FSEEK (fp, offset, (PRSeekWhence)0);
while (at < length) {
- unsigned long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at;
+ long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at;
unsigned long tin;
if (JAR_FREAD (fp, inbuf, chunk) != chunk) {
/* incomplete read */
JAR_FCLOSE (out);
PORT_Free (inbuf);
PORT_Free (outbuf);
return JAR_ERR_CORRUPT;
@@ -354,17 +348,17 @@ jar_physical_inflate(JAR_FILE fp, char *
if (status != Z_OK && status != Z_STREAM_END) {
/* error during decompression */
JAR_FCLOSE (out);
PORT_Free (inbuf);
PORT_Free (outbuf);
return JAR_ERR_CORRUPT;
}
ochunk = zs.total_out - prev_total;
- if (JAR_FWRITE (out, outbuf, ochunk) < (long)ochunk) {
+ if (JAR_FWRITE (out, outbuf, ochunk) < ochunk) {
/* most likely a disk full error */
status = JAR_ERR_DISK;
break;
}
if (status == Z_STREAM_END)
break;
}
}
@@ -821,29 +815,32 @@ loser:
*
*/
static int
jar_listtar(JAR *jar, JAR_FILE fp)
{
char *s;
JAR_Physical *phy;
long pos = 0L;
- long sz;
+ long sz, mode;
+ time_t when;
union TarEntry tarball;
while (1) {
JAR_FSEEK (fp, pos, (PRSeekWhence)0);
if (JAR_FREAD (fp, &tarball, sizeof tarball) < sizeof tarball)
break;
if (!*tarball.val.filename)
break;
+ when = octalToLong (tarball.val.time);
sz = octalToLong (tarball.val.size);
+ mode = octalToLong (tarball.val.mode);
/* Tag the end of filename */
s = tarball.val.filename;
while (*s && *s != ' ')
s++;
*s = 0;
/* Add to our linked list */
--- a/lib/jar/jarsign.c
+++ b/lib/jar/jarsign.c
@@ -166,16 +166,17 @@ static void jar_pk7_out (void *arg, cons
}
int
jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert,
char *password, JAR_FILE infp, JAR_FILE outfp)
{
SEC_PKCS7ContentInfo *cinfo;
const SECHashObject *hashObj;
+ char *errstring;
void *mw = NULL;
void *hashcx;
unsigned int len;
int status = 0;
SECStatus rv;
SECItem digest;
unsigned char digestdata[32];
unsigned char buffer[4096];
@@ -225,12 +226,13 @@ jar_create_pk7(CERTCertDBHandle *certdb,
PORT_SetError(0);
/* if calling from mozilla thread*/
rv = SEC_PKCS7Encode(cinfo, jar_pk7_out, outfp, NULL, NULL, mw);
if (rv != SECSuccess)
status = PORT_GetError();
SEC_PKCS7DestroyContentInfo (cinfo);
if (rv != SECSuccess) {
+ errstring = JAR_get_error (status);
return ((status < 0) ? status : JAR_ERR_GENERAL);
}
return 0;
}
--- a/lib/libpkix/include/pkix_certstore.h
+++ b/lib/libpkix/include/pkix_certstore.h
@@ -5,17 +5,16 @@
* This file defines functions associated with the PKIX_CertStore type.
*
*/
#ifndef _PKIX_CERTSTORE_H
#define _PKIX_CERTSTORE_H
#include "pkixt.h"
-#include "certt.h"
#ifdef __cplusplus
extern "C" {
#endif
/* General
*
* Please refer to the libpkix Programmer's Guide for detailed information
@@ -323,17 +322,17 @@ typedef PKIX_Error *
*/
typedef PKIX_Error *
(*PKIX_CertStore_CheckRevokationByCrlCallback)(
PKIX_CertStore *store,
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
PKIX_Boolean crlDownloadDone,
- CERTCRLEntryReasonCode *reasonCode,
+ PKIX_UInt32 *reasonCode,
PKIX_RevocationStatus *revStatus,
void *plContext);
/*
* FUNCTION: PKIX_CertStore_CrlContinue
* DESCRIPTION:
*
* This function continues the non-blocking operation initiated by an earlier
--- a/lib/libpkix/pkix/checker/pkix_crlchecker.c
+++ b/lib/libpkix/pkix/checker/pkix_crlchecker.c
@@ -190,17 +190,17 @@ pkix_CrlChecker_CheckLocal(
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *pReasonCode,
+ PKIX_UInt32 *pReasonCode,
void *plContext)
{
PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn;
PKIX_CertStore *certStore = NULL;
pkix_CrlChecker *state = NULL;
PKIX_UInt32 crlStoreIndex = 0;
PKIX_UInt32 numCrlStores = 0;
PKIX_Boolean storeIsLocal = PKIX_FALSE;
@@ -289,17 +289,17 @@ PKIX_Error *
pkix_CrlChecker_CheckExternal(
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *pReasonCode,
+ PKIX_UInt32 *pReasonCode,
void **pNBIOContext,
void *plContext)
{
PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn = NULL;
PKIX_CertStore_ImportCrlCallback storeImportCrlFn = NULL;
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
PKIX_CertStore *certStore = NULL;
PKIX_CertStore *localStore = NULL;
--- a/lib/libpkix/pkix/checker/pkix_crlchecker.h
+++ b/lib/libpkix/pkix/checker/pkix_crlchecker.h
@@ -26,29 +26,29 @@ pkix_CrlChecker_CheckLocal(
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *reasonCode,
+ PKIX_UInt32 *reasonCode,
void *plContext);
PKIX_Error *
pkix_CrlChecker_CheckExternal(
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *reasonCode,
+ PKIX_UInt32 *reasonCode,
void **pNBIOContext,
void *plContext);
PKIX_Error *
pkix_CrlChecker_Create(PKIX_RevocationMethodType methodType,
PKIX_UInt32 flags,
PKIX_UInt32 priority,
pkix_LocalRevocationCheckFn localRevChecker,
--- a/lib/libpkix/pkix/checker/pkix_ocspchecker.c
+++ b/lib/libpkix/pkix/checker/pkix_ocspchecker.c
@@ -142,17 +142,17 @@ pkix_OcspChecker_CheckLocal(
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *pReasonCode,
+ PKIX_UInt32 *pReasonCode,
void *plContext)
{
PKIX_PL_OcspCertID *cid = NULL;
PKIX_Boolean hasFreshStatus = PKIX_FALSE;
PKIX_Boolean statusIsGood = PKIX_FALSE;
SECErrorCodes resultCode = SEC_ERROR_REVOKED_CERTIFICATE_OCSP;
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
@@ -217,17 +217,17 @@ PKIX_Error *
pkix_OcspChecker_CheckExternal(
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *pReasonCode,
+ PKIX_UInt32 *pReasonCode,
void **pNBIOContext,
void *plContext)
{
SECErrorCodes resultCode = SEC_ERROR_REVOKED_CERTIFICATE_OCSP;
PKIX_Boolean uriFound = PKIX_FALSE;
PKIX_Boolean passed = PKIX_TRUE;
pkix_OcspChecker *checker = NULL;
PKIX_PL_OcspCertID *cid = NULL;
--- a/lib/libpkix/pkix/checker/pkix_ocspchecker.h
+++ b/lib/libpkix/pkix/checker/pkix_ocspchecker.h
@@ -25,29 +25,29 @@ pkix_OcspChecker_CheckLocal(
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *reasonCode,
+ PKIX_UInt32 *reasonCode,
void *plContext);
PKIX_Error *
pkix_OcspChecker_CheckExternal(
PKIX_PL_Cert *cert,
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *reasonCode,
+ PKIX_UInt32 *reasonCode,
void **pNBIOContext,
void *plContext);
PKIX_Error *
pkix_OcspChecker_Create(PKIX_RevocationMethodType methodType,
PKIX_UInt32 flags,
PKIX_UInt32 priority,
pkix_LocalRevocationCheckFn localRevChecker,
--- a/lib/libpkix/pkix/checker/pkix_revocationchecker.c
+++ b/lib/libpkix/pkix/checker/pkix_revocationchecker.c
@@ -344,17 +344,17 @@ PKIX_RevocationChecker_Check(
sizeof(PKIX_RevocationStatus) * PKIX_RevocationMethod_MAX);
date = procParams->date;
/* Need to have two loops if we testing all local info first:
* first we are going to test all local(cached) info
* second, all remote info(fetching) */
for (tries = 0;tries < 2;tries++) {
- unsigned int methodNum = 0;
+ int methodNum = 0;
for (;methodNum < revList->length;methodNum++) {
PKIX_UInt32 methodFlags = 0;
PKIX_DECREF(method);
PKIX_CHECK(
PKIX_List_GetItem(revList, methodNum,
(PKIX_PL_Object**)&method, plContext),
PKIX_LISTGETITEMFAILED);
@@ -367,18 +367,17 @@ PKIX_RevocationChecker_Check(
methodStatus[methodNum] == PKIX_RevStatus_NoInfo) {
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
PKIX_CHECK_NO_GOTO(
(*method->localRevChecker)(cert, issuer, date,
method, procParams,
methodFlags,
chainVerificationState,
&revStatus,
- (CERTCRLEntryReasonCode *)pReasonCode,
- plContext),
+ pReasonCode, plContext),
PKIX_REVCHECKERCHECKFAILED);
methodStatus[methodNum] = revStatus;
if (revStatus == PKIX_RevStatus_Revoked) {
/* if error was generated use it as final error. */
overallStatus = PKIX_RevStatus_Revoked;
goto cleanup;
}
if (pkixErrorResult) {
@@ -393,18 +392,17 @@ PKIX_RevocationChecker_Check(
chainVerificationState &&
methodStatus[methodNum] == PKIX_RevStatus_NoInfo) {
if (!(methodFlags & PKIX_REV_M_FORBID_NETWORK_FETCHING)) {
PKIX_RevocationStatus revStatus = PKIX_RevStatus_NoInfo;
PKIX_CHECK_NO_GOTO(
(*method->externalRevChecker)(cert, issuer, date,
method,
procParams, methodFlags,
- &revStatus,
- (CERTCRLEntryReasonCode *)pReasonCode,
+ &revStatus, pReasonCode,
&nbioContext, plContext),
PKIX_REVCHECKERCHECKFAILED);
methodStatus[methodNum] = revStatus;
if (revStatus == PKIX_RevStatus_Revoked) {
/* if error was generated use it as final error. */
overallStatus = PKIX_RevStatus_Revoked;
goto cleanup;
}
--- a/lib/libpkix/pkix/checker/pkix_revocationchecker.h
+++ b/lib/libpkix/pkix/checker/pkix_revocationchecker.h
@@ -7,17 +7,16 @@
* RevocationChecker Object Type Definition
*
*/
#ifndef _PKIX_REVOCATIONCHECKER_H
#define _PKIX_REVOCATIONCHECKER_H
#include "pkixt.h"
-#include "certt.h"
#ifdef __cplusplus
extern "C" {
#endif
/* NOTE: nbio logistic removed. Will be replaced later. */
/*
--- a/lib/libpkix/pkix/checker/pkix_revocationmethod.h
+++ b/lib/libpkix/pkix/checker/pkix_revocationmethod.h
@@ -26,30 +26,30 @@ typedef struct pkix_RevocationMethodStru
typedef PKIX_Error *
pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *reasonCode,
+ PKIX_UInt32 *reasonCode,
void *plContext);
/* External revocation check function prototype definition.
* Revocation methods that required external communications(crldp
* ocsp) shoult implement this prototype. */
typedef PKIX_Error *
pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
pkix_RevocationMethod *checkerObject,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- CERTCRLEntryReasonCode *reasonCode,
+ PKIX_UInt32 *reasonCode,
void **pNBIOContext, void *plContext);
/* Revocation method structure assosiates revocation types with
* a set of flags on the method, a priority of the method (0
* corresponds to the highest priority), and method local/external
* checker functions. */
struct pkix_RevocationMethodStruct {
PKIX_RevocationMethodType methodType;
--- a/lib/libpkix/pkix/crlsel/pkix_crlselector.c
+++ b/lib/libpkix/pkix/crlsel/pkix_crlselector.c
@@ -185,17 +185,17 @@ pkix_CRLSelector_Hashcode(
crlSelector = (PKIX_CRLSelector *)object;
PKIX_HASHCODE(crlSelector->params, ¶msHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
PKIX_HASHCODE(crlSelector->context, &contextHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
- hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) +
+ hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback +
(contextHash << 3)) + paramsHash;
*pHashcode = hash;
cleanup:
PKIX_RETURN(CRLSELECTOR);
}
--- a/lib/libpkix/pkix/results/pkix_policynode.c
+++ b/lib/libpkix/pkix/results/pkix_policynode.c
@@ -819,17 +819,17 @@ pkix_PolicyNode_Hashcode(
PKIX_OBJECTNOTPOLICYNODE);
node = (PKIX_PolicyNode *)object;
PKIX_CHECK(pkix_SinglePolicyNode_Hashcode
(node, &nodeHash, plContext),
PKIX_SINGLEPOLICYNODEHASHCODEFAILED);
- nodeHash = 31*nodeHash + (PKIX_UInt32)((char *)node->parent - (char *)NULL);
+ nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent);
PKIX_HASHCODE
(node->children,
&childrenHash,
plContext,
PKIX_OBJECTHASHCODEFAILED);
nodeHash = 31*nodeHash + childrenHash;
--- a/lib/libpkix/pkix/store/pkix_store.c
+++ b/lib/libpkix/pkix/store/pkix_store.c
@@ -69,21 +69,21 @@ pkix_CertStore_Hashcode(
if (certStore->certStoreContext) {
PKIX_CHECK(PKIX_PL_Object_Hashcode
((PKIX_PL_Object *) certStore->certStoreContext,
&tempHash,
plContext),
PKIX_CERTSTOREHASHCODEFAILED);
}
- *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) +
- (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) +
- (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) +
- (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) +
- (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) +
+ *pHashcode = (PKIX_UInt32) certStore->certCallback +
+ (PKIX_UInt32) certStore->crlCallback +
+ (PKIX_UInt32) certStore->certContinue +
+ (PKIX_UInt32) certStore->crlContinue +
+ (PKIX_UInt32) certStore->trustCallback +
(tempHash << 7);
cleanup:
PKIX_RETURN(CERTSTORE);
}
/*
--- a/lib/libpkix/pkix/top/pkix_build.c
+++ b/lib/libpkix/pkix/top/pkix_build.c
@@ -1521,17 +1521,17 @@ cleanup:
/* Match trust anchor to select params in order to find next cert. */
static PKIX_Error*
pkix_Build_SelectCertsFromTrustAnchors(
PKIX_List *trustAnchorsList,
PKIX_ComCertSelParams *certSelParams,
PKIX_List **pMatchList,
void *plContext)
{
- unsigned int anchorIndex = 0;
+ int anchorIndex = 0;
PKIX_TrustAnchor *anchor = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_List *matchList = NULL;
PKIX_CertSelector *certSel = NULL;
PKIX_CertSelector_MatchCallback selectorMatchCB = NULL;
PKIX_ENTER(BUILD, "pkix_Build_SelectCertsFromTrustAnchors");
--- a/lib/libpkix/pkix/util/pkix_error.c
+++ b/lib/libpkix/pkix/util/pkix_error.c
@@ -320,17 +320,17 @@ pkix_Error_Hashcode(
PKIX_UInt32 *pResult,
void *plContext)
{
PKIX_ENTER(ERROR, "pkix_Error_Hashcode");
PKIX_NULLCHECK_TWO(object, pResult);
/* XXX Unimplemented */
/* XXX Need to make hashcodes equal when two errors are equal */
- *pResult = (PKIX_UInt32)((char *)object - (char *)NULL);
+ *pResult = (PKIX_UInt32)object;
PKIX_RETURN(ERROR);
}
/* --Initializers------------------------------------------------- */
/*
* PKIX_ERRORCLASSNAMES is an array of strings, with each string holding a
--- a/lib/libpkix/pkix/util/pkix_logger.c
+++ b/lib/libpkix/pkix/util/pkix_logger.c
@@ -487,17 +487,17 @@ pkix_Logger_Hashcode(
PKIX_CHECK(pkix_CheckType(object, PKIX_LOGGER_TYPE, plContext),
PKIX_OBJECTNOTLOGGER);
logger = (PKIX_Logger *)object;
PKIX_HASHCODE(logger->context, &tempHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
- hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) +
+ hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) +
logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent;
*pHashcode = hash;
cleanup:
PKIX_RETURN(LOGGER);
}
--- a/lib/libpkix/pkix/util/pkix_tools.h
+++ b/lib/libpkix/pkix/util/pkix_tools.h
@@ -1432,18 +1432,18 @@ extern PLHashNumber PR_CALLBACK pkix_Err
* when their respective PKIX_"type"_RegisterSelf functions are called.
* User-defined types can be registered using PKIX_PL_Object_RegisterType.
* (see comments in pkix_pl_system.h)
*/
typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry;
struct pkix_ClassTable_EntryStruct {
char *description;
- PKIX_UInt32 objCounter;
- PKIX_UInt32 typeObjectSize;
+ PKIX_Int32 objCounter;
+ PKIX_Int32 typeObjectSize;
PKIX_PL_DestructorCallback destructor;
PKIX_PL_EqualsCallback equalsFunction;
PKIX_PL_HashcodeCallback hashcodeFunction;
PKIX_PL_ToStringCallback toStringFunction;
PKIX_PL_ComparatorCallback comparator;
PKIX_PL_DuplicateCallback duplicateFunction;
};
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
@@ -260,42 +260,42 @@ pkix_pl_HttpDefaultClient_HdrCheckComple
case HTTP_UNKNOWN_CONTENT_LENGTH:
/* Unknown contentLength indicator.Will be set by
* pkix_pl_HttpDefaultClient_RecvBody whey connection get closed */
client->rcv_http_data_len = HTTP_UNKNOWN_CONTENT_LENGTH;
contentLength = /* Try to reserve 4K+ buffer */
client->filledupBytes + HTTP_DATA_BUFSIZE;
if (client->maxResponseLen > 0 &&
- contentLength > (PKIX_Int32)client->maxResponseLen) {
+ contentLength > client->maxResponseLen) {
if (client->filledupBytes < client->maxResponseLen) {
contentLength = client->maxResponseLen;
} else {
client->connectStatus = HTTP_ERROR;
goto cleanup;
}
}
/* set available number of bytes in the buffer */
client->capacity = contentLength;
client->connectStatus = HTTP_RECV_BODY;
*pKeepGoing = PKIX_TRUE;
break;
default:
client->rcv_http_data_len = contentLength;
if (client->maxResponseLen > 0 &&
- (PKIX_Int32)client->maxResponseLen < contentLength) {
+ client->maxResponseLen < contentLength) {
client->connectStatus = HTTP_ERROR;
goto cleanup;
}
/*
* Do we have all of the message body, or do we need to read some more?
*/
- if ((PKIX_Int32)client->filledupBytes < contentLength) {
+ if (client->filledupBytes < contentLength) {
client->connectStatus = HTTP_RECV_BODY;
*pKeepGoing = PKIX_TRUE;
} else {
client->connectStatus = HTTP_COMPLETE;
*pKeepGoing = PKIX_FALSE;
}
}
@@ -930,17 +930,17 @@ pkix_pl_HttpDefaultClient_RecvBody(
/* Check the buffer capacity: increase and
* reallocate if it is low. */
int freeBuffSize = client->capacity - client->filledupBytes;
if (freeBuffSize < HTTP_MIN_AVAILABLE_BUFFER_SIZE) {
/* New length will be consist of available(downloaded) bytes,
* plus remaining capacity, plus new expansion. */
int currBuffSize = client->capacity;
/* Try to increase the buffer by 4K */
- unsigned int newLength = currBuffSize + HTTP_DATA_BUFSIZE;
+ int newLength = currBuffSize + HTTP_DATA_BUFSIZE;
if (client->maxResponseLen > 0 &&
newLength > client->maxResponseLen) {
newLength = client->maxResponseLen;
}
/* Check if we can grow the buffer and report an error if
* new size is not larger than the current size of the buffer.*/
if (newLength <= client->filledupBytes) {
client->rcv_http_data_len = client->filledupBytes;
@@ -1475,25 +1475,29 @@ cleanup:
}
PKIX_Error *
pkix_pl_HttpDefaultClient_Cancel(
SEC_HTTP_REQUEST_SESSION request,
void *plContext)
{
+ PKIX_PL_HttpDefaultClient *client = NULL;
+
PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel");
PKIX_NULLCHECK_ONE(request);
PKIX_CHECK(pkix_CheckType
((PKIX_PL_Object *)request,
PKIX_HTTPDEFAULTCLIENT_TYPE,
plContext),
PKIX_REQUESTNOTANHTTPDEFAULTCLIENT);
+ client = (PKIX_PL_HttpDefaultClient *)request;
+
/* XXX Not implemented */
cleanup:
PKIX_RETURN(HTTPDEFAULTCLIENT);
}
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
@@ -258,22 +258,26 @@ pkix_pl_LdapRequest_EncodeAttrs(
* FUNCTION: pkix_pl_LdapRequest_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_LdapRequest_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
+ PKIX_PL_LdapRequest *ldapRq = NULL;
+
PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy");
PKIX_NULLCHECK_ONE(object);
PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext),
PKIX_OBJECTNOTLDAPREQUEST);
+ ldapRq = (PKIX_PL_LdapRequest *)object;
+
/*
* All dynamic fields in an LDAPRequest are allocated
* in an arena, and will be freed when the arena is destroyed.
*/
cleanup:
PKIX_RETURN(LDAPREQUEST);
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
@@ -374,22 +374,24 @@ NameCacheHasFetchedCrlInfo(PKIX_PL_Cert
void *plContext)
{
/* Returning true result in this case will mean, that case info
* is currect and should used as is. */
NamedCRLCache* nameCrlCache = NULL;
PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
PKIX_List *dpList = NULL;
pkix_pl_CrlDp *dp = NULL;
+ CERTCertificate *cert;
PKIX_UInt32 dpIndex = 0;
SECStatus rv = SECSuccess;
PRTime reloadDelay = 0, badCrlInvalDelay = 0;
PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl");
+ cert = pkixCert->nssCert;
reloadDelay =
((PKIX_PL_NssContext*)plContext)->crlReloadDelay *
PR_USEC_PER_SEC;
badCrlInvalDelay =
((PKIX_PL_NssContext*)plContext)->badDerCrlReloadDelay *
PR_USEC_PER_SEC;
if (!time) {
time = PR_Now();
@@ -473,17 +475,17 @@ cleanup:
*/
static PKIX_Error *
pkix_pl_Pk11CertStore_CheckRevByCrl(
PKIX_CertStore *store,
PKIX_PL_Cert *pkixCert,
PKIX_PL_Cert *pkixIssuer,
PKIX_PL_Date *date,
PKIX_Boolean crlDownloadDone,
- CERTCRLEntryReasonCode *pReasonCode,
+ PKIX_UInt32 *pReasonCode,
PKIX_RevocationStatus *pStatus,
void *plContext)
{
PKIX_RevocationStatus pkixRevStatus = PKIX_RevStatus_NoInfo;
CERTRevocationStatus revStatus = certRevocationStatusUnknown;
PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
CERTCertificate *cert = NULL, *issuer = NULL;
SECStatus rv = SECSuccess;
@@ -668,17 +670,17 @@ fatal:
}
static PKIX_Error *
RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date,
void *plContext)
{
NamedCRLCache* nameCrlCache = NULL;
pkix_pl_CrlDp *dp = NULL;
- unsigned int dpIndex = 0;
+ int dpIndex = 0;
PRTime time;
PRTime reloadDelay = 0, badCrlInvalDelay = 0;
SECStatus rv;
PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_ListRemovePrtDp");
if (!dpList || !dpList->length) {
PKIX_RETURN(CERTSTORE);
@@ -772,16 +774,17 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_C
SEC_HTTP_REQUEST_SESSION pRequestSession = NULL;
PRUint16 myHttpResponseCode;
const char *myHttpResponseData = NULL;
PRUint32 myHttpResponseDataLen;
SECItem *uri = NULL;
SECItem *derCrlCopy = NULL;
CERTSignedCrl *nssCrl = NULL;
CERTGeneralName *genName = NULL;
+ PKIX_Int32 savedError = -1;
SECItem **derGenNames = NULL;
SECItem *derGenName = NULL;
PKIX_ENTER(CERTSTORE, "pkix_pl_Pk11CertStore_DownloadCrl");
/* Do not support dps others than a one with GeneralName
* name type. */
if (dp->distPointType != generalName ||
@@ -791,48 +794,53 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_C
genName = dp->name.fullName;
derGenNames = dp->nssdp->derFullName;
do {
derGenName = *derGenNames;
do {
if (!derGenName ||
!genName->name.other.data) {
/* get to next name if no data. */
+ savedError = PKIX_UNSUPPORTEDCRLDPTYPE;
break;
}
uri = &genName->name.other;
location = (char*)PR_Malloc(1 + uri->len);
if (!location) {
+ savedError = PKIX_ALLOCERROR;
break;
}
PORT_Memcpy(location, uri->data, uri->len);
location[uri->len] = 0;
if (CERT_ParseURL(location, &hostname,
&port, &path) != SECSuccess) {
PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL);
+ savedError = PKIX_URLPARSINGFAILED;
break;
}
PORT_Assert(hostname != NULL);
PORT_Assert(path != NULL);
if ((*hcv1->createSessionFcn)(hostname, port,
&pServerSession) != SECSuccess) {
PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL);
+ savedError = PKIX_URLPARSINGFAILED;
break;
}
if ((*hcv1->createFcn)(pServerSession, "http", path, "GET",
/* Users with slow connections might not get CRL revocation
checking for certs that use big CRLs because of the timeout
We absolutely need code that limits our retry attempts.
*/
PR_SecondsToInterval(
((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
&pRequestSession) != SECSuccess) {
+ savedError = PKIX_HTTPSERVERERROR;
break;
}
myHttpResponseDataLen =
((PKIX_PL_NssContext*)plContext)->maxResponseLength;
if (myHttpResponseDataLen < PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH)
myHttpResponseDataLen = PKIX_DEFAULT_MAX_CRL_RESPONSE_LENGTH;
@@ -845,20 +853,22 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_C
if ((*hcv1->trySendAndReceiveFcn)(
pRequestSession,
NULL,
&myHttpResponseCode,
NULL,
NULL,
&myHttpResponseData,
&myHttpResponseDataLen) != SECSuccess) {
+ savedError = PKIX_HTTPSERVERERROR;
break;
}
if (myHttpResponseCode != 200) {
+ savedError = PKIX_HTTPSERVERERROR;
break;
}
} while(0);
if (!myHttpResponseData) {
/* Going to the next one. */
genName = CERT_GetNextGeneralName(genName);
derGenNames++;
}
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
@@ -57,21 +57,17 @@ static PKIX_Boolean socketTraceFlag = PK
* THREAD SAFETY:
* Thread Safe (see Thread Safety definitions in Programmer's Guide)
* RETURNS:
* none
*/
static void pkix_pl_socket_timestamp() {
PRInt64 prTime;
prTime = PR_Now();
-#if PR_BYTES_PER_LONG == 8
- printf("%ld:\n", prTime);
-#else
printf("%lld:\n", prTime);
-#endif
}
/*
* FUNCTION: pkix_pl_socket_hexDigit
* DESCRIPTION:
*
* This functions prints to stdout the byte "byteVal" as two hex digits.
*
@@ -139,17 +135,17 @@ static void pkix_pl_socket_linePrefix(PK
* The address of the first of the bytes to be printed
* THREAD SAFETY:
* Thread Safe (see Thread Safety definitions in Programmer's Guide)
* RETURNS:
* none
*/
static void pkix_pl_socket_traceLine(char *ptr) {
PKIX_UInt32 i = 0;
- pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL));
+ pkix_pl_socket_linePrefix((PKIX_UInt32)ptr);
for (i = 0; i < 16; i++) {
printf(" ");
pkix_pl_socket_hexDigit(ptr[i]);
if (i == 7) {
printf(" ");
}
}
printf(" ");
@@ -183,17 +179,17 @@ static void pkix_pl_socket_traceLine(cha
* THREAD SAFETY:
* Thread Safe (see Thread Safety definitions in Programmer's Guide)
* RETURNS:
* none
*/
static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) {
PKIX_UInt32 i = 0;
if (nBytes > 0) {
- pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL));
+ pkix_pl_socket_linePrefix((PKIX_UInt32)ptr);
}
for (i = 0; i < nBytes; i++) {
printf(" ");
pkix_pl_socket_hexDigit(ptr[i]);
if (i == 7) {
printf(" ");
}
}
@@ -242,17 +238,17 @@ void pkix_pl_socket_tracebuff(void *buf,
if (socketTraceFlag == PKIX_FALSE) return;
pkix_pl_socket_timestamp();
/*
* Special case: if called with length of zero, just do address
*/
if (nBytes == 0) {
- pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)buf - (char *)NULL));
+ pkix_pl_socket_linePrefix((PKIX_UInt32)buf);
printf("\n");
} else {
while (bytesRemaining >= 16) {
pkix_pl_socket_traceLine(&bufptr[offset]);
bytesRemaining -= 16;
offset += 16;
}
pkix_pl_socket_tracePartialLine
--- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
@@ -1510,16 +1510,17 @@ PKIX_PL_Cert_Create(
PKIX_PL_ByteArray *byteArray,
PKIX_PL_Cert **pCert,
void *plContext)
{
CERTCertificate *nssCert = NULL;
SECItem *derCertItem = NULL;
void *derBytes = NULL;
PKIX_UInt32 derLength;
+ PKIX_Boolean copyDER;
PKIX_PL_Cert *cert = NULL;
CERTCertDBHandle *handle;
PKIX_ENTER(CERT, "PKIX_PL_Cert_Create");
PKIX_NULLCHECK_TWO(pCert, byteArray);
PKIX_CHECK(PKIX_PL_ByteArray_GetPointer
(byteArray, &derBytes, plContext),
@@ -1536,16 +1537,17 @@ PKIX_PL_Cert_Create(
(void) PORT_Memcpy(derCertItem->data, derBytes, derLength);
/*
* setting copyDER to true forces NSS to make its own copy of the DER,
* allowing us to free our copy without worrying about whether NSS
* is still using it
*/
+ copyDER = PKIX_TRUE;
handle = CERT_GetDefaultCertDB();
nssCert = CERT_NewTempCertificate(handle, derCertItem,
/* nickname */ NULL,
/* isPerm */ PR_FALSE,
/* copyDer */ PR_TRUE);
if (!nssCert){
PKIX_ERROR(PKIX_CERTDECODEDERCERTIFICATEFAILED);
}
--- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
@@ -346,17 +346,17 @@ cleanup:
*/
static PKIX_Error *
pkix_pl_CRL_ToString_Helper(
PKIX_PL_CRL *crl,
PKIX_PL_String **pString,
void *plContext)
{
char *asciiFormat = NULL;
- PKIX_UInt32 crlVersion = 0;
+ PKIX_UInt32 crlVersion;
PKIX_PL_X500Name *crlIssuer = NULL;
PKIX_PL_OID *nssSignatureAlgId = NULL;
PKIX_PL_BigInt *crlNumber = NULL;
PKIX_List *crlEntryList = NULL;
PKIX_List *critExtOIDs = NULL;
PKIX_PL_String *formatString = NULL;
PKIX_PL_String *crlIssuerString = NULL;
PKIX_PL_String *lastUpdateString = NULL;
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
@@ -68,17 +68,17 @@ pkix_pl_lifecycle_ObjectTableUpdate(int
return SECSuccess;
}
#endif /* PKIX_OBJECT_LEAK_TEST */
PKIX_UInt32
pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable)
{
- unsigned int typeCounter = 0;
+ int typeCounter = 0;
PKIX_UInt32 numObjects = 0;
char classNameBuff[128];
char *className = NULL;
for (; typeCounter < PKIX_NUMTYPES; typeCounter++) {
pkix_ClassTable_Entry *entry = &systemClasses[typeCounter];
PKIX_UInt32 objCountDiff = entry->objCounter;
@@ -240,39 +240,33 @@ cleanup:
}
/*
* PKIX_PL_Shutdown (see comments in pkix_pl_system.h)
*/
PKIX_Error *
PKIX_PL_Shutdown(void *plContext)
{
-#ifdef DEBUG
PKIX_UInt32 numLeakedObjects = 0;
-#endif
PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown");
if (!pkix_pl_initialized) {
/* The library was not initilized */
PKIX_RETURN(OBJECT);
}
PR_DestroyLock(classTableLock);
pkix_pl_HttpCertStore_Shutdown(plContext);
-#ifdef DEBUG
numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL);
if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
PORT_Assert(numLeakedObjects == 0);
}
-#else
- pkix_pl_lifecycle_ObjectLeakCheck(NULL);
-#endif
if (plContext != NULL) {
PKIX_PL_NssContext_Destroy(plContext);
}
pkix_pl_initialized = PKIX_FALSE;
PKIX_RETURN(OBJECT);
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
@@ -366,17 +366,17 @@ static PKIX_Error *
pkix_pl_Object_Hashcode_Default(
PKIX_PL_Object *object,
PKIX_UInt32 *pValue,
void *plContext)
{
PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default");
PKIX_NULLCHECK_TWO(object, pValue);
- *pValue = (PKIX_UInt32)((char *)object - (char *)NULL);
+ *pValue = (PKIX_UInt32)object;
PKIX_RETURN(OBJECT);
}
/*
* FUNCTION: pkix_pl_Object_RetrieveEqualsCallback
* DESCRIPTION:
*
--- a/lib/nss/nssinit.c
+++ b/lib/nss/nssinit.c
@@ -486,16 +486,20 @@ static void* plContext = NULL;
struct NSSInitContextStr {
NSSInitContext *next;
PRUint32 magic;
};
#define NSS_INIT_MAGIC 0x1413A91C
static SECStatus nss_InitShutdownList(void);
+#ifdef DEBUG
+static CERTCertificate dummyCert;
+#endif
+
/* All initialized to zero in BSS */
static PRCallOnceType nssInitOnce;
static PZLock *nssInitLock;
static PZCondVar *nssInitCondition;
static int nssIsInInit;
static PRStatus
nss_doLockInit(void)
@@ -562,21 +566,18 @@ nss_Init(const char *configdir, const ch
nssIsInInit++;
PZ_Unlock(nssInitLock);
/* this tells us whether or not some library has already initialized us.
* if so, we don't want to double call some of the basic initialization
* functions */
if (!isReallyInitted) {
-#ifdef DEBUG
- CERTCertificate dummyCert;
/* New option bits must not change the size of CERTCertificate. */
PORT_Assert(sizeof(dummyCert.options) == sizeof(void *));
-#endif
if (SECSuccess != cert_InitLocks()) {
goto loser;
}
if (SECSuccess != InitCRLCache()) {
goto loser;
}
@@ -1240,18 +1241,19 @@ NSS_VersionCheck(const char *importedVer
* This release has a simple version compatibility
* check algorithm. This release is not backward
* compatible with previous major releases. It is
* not compatible with future major, minor, or
* patch releases or builds.
*/
int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0;
const char *ptr = importedVersion;
-#define NSS_VERSION_VARIABLE __nss_base_version
-#include "verref.h"
+ volatile char c; /* force a reference that won't get optimized away */
+
+ c = __nss_base_version[0];
while (isdigit(*ptr)) {
vmajor = 10 * vmajor + *ptr - '0';
ptr++;
}
if (*ptr == '.') {
ptr++;
while (isdigit(*ptr)) {
--- a/lib/pk11wrap/pk11cert.c
+++ b/lib/pk11wrap/pk11cert.c
@@ -223,16 +223,17 @@ static CERTCertificate *
pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
CK_ATTRIBUTE *privateLabel, char **nickptr)
{
NSSCertificate *c;
nssCryptokiObject *co = NULL;
nssPKIObject *pkio;
NSSToken *token;
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
+ PRStatus status;
/* Get the cryptoki object from the handle */
token = PK11Slot_GetNSSToken(slot);
if (token->defaultSession) {
co = nssCryptokiObject_Create(token, token->defaultSession, certID);
} else {
PORT_SetError(SEC_ERROR_NO_TOKEN);
}
@@ -272,17 +273,17 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJ
*nickptr = pk11_buildNickname(slot, &label, privateLabel, &id);
}
/* This function may destroy the cert in "c" and all its subordinate
* structures, and replace the value in "c" with the address of a
* different NSSCertificate that it found in the cache.
* Presumably, the nickname which we just output above remains valid. :)
*/
- (void)nssTrustDomain_AddCertsToCache(td, &c, 1);
+ status = nssTrustDomain_AddCertsToCache(td, &c, 1);
return STAN_GetCERTCertificateOrRelease(c);
}
/*
* Build an CERTCertificate structure from a PKCS#11 object ID.... certID
* Must be a CertObject. This code does not explicitly checks that.
*/
CERTCertificate *
@@ -1999,26 +2000,29 @@ PK11_TraverseCertsForSubjectInSlot(CERTC
}
return (nssrv == PR_SUCCESS) ? SECSuccess : SECFailure;
}
SECStatus
PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot,
SECStatus(* callback)(CERTCertificate*, void *), void *arg)
{
+ struct nss3_cert_cbstr pk11cb;
PRStatus nssrv = PR_SUCCESS;
NSSToken *token;
NSSTrustDomain *td;
NSSUTF8 *nick;
PRBool created = PR_FALSE;
nssCryptokiObject **instances;
nssPKIObjectCollection *collection = NULL;
NSSCertificate **certs;
nssList *nameList = NULL;
nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
+ pk11cb.callback = callback;
+ pk11cb.arg = arg;
token = PK11Slot_GetNSSToken(slot);
if (!nssToken_IsPresent(token)) {
return SECSuccess;
}
if (nickname->data[nickname->len-1] != '\0') {
nick = nssUTF8_Create(NULL, nssStringType_UTF8String,
nickname->data, nickname->len);
created = PR_TRUE;
@@ -2691,13 +2695,12 @@ PK11_GetAllSlotsForCert(CERTCertificate
*
* If you ignore this warning, your process is TAINTED and will most likely misbehave.
*/
SECStatus
__PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname)
{
/* Can't set nickname of temp cert. */
if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ return SEC_ERROR_INVALID_ARGS;
}
return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname);
}
--- a/lib/pk11wrap/pk11load.c
+++ b/lib/pk11wrap/pk11load.c
@@ -584,22 +584,18 @@ SECMOD_UnloadModule(SECMODModule *mod) {
/* do we want the semantics to allow unloading the internal library?
* if not, we should change this to SECFailure and move it above the
* mod->loaded = PR_FALSE; */
if (mod->internal && (mod->dllName == NULL)) {
if (0 == PR_ATOMIC_DECREMENT(&softokenLoadCount)) {
if (softokenLib) {
disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
-#ifdef DEBUG
PRStatus status = PR_UnloadLibrary(softokenLib);
PORT_Assert(PR_SUCCESS == status);
-#else
- PR_UnloadLibrary(softokenLib);
-#endif
}
softokenLib = NULL;
}
loadSoftokenOnce = pristineCallOnce;
}
return SECSuccess;
}
--- a/lib/pk11wrap/pk11merge.c
+++ b/lib/pk11wrap/pk11merge.c
@@ -745,17 +745,18 @@ pk11_mergeCert(PK11SlotInfo *targetSlot,
CERTCertificate *sourceCert = NULL;
CK_OBJECT_HANDLE targetCertID = CK_INVALID_HANDLE;
char *nickname = NULL;
SECStatus rv = SECSuccess;
PLArenaPool *arena = NULL;
CK_ATTRIBUTE sourceCKAID = {CKA_ID, NULL, 0};
CK_ATTRIBUTE targetCKAID = {CKA_ID, NULL, 0};
SECStatus lrv = SECSuccess;
- int error = SEC_ERROR_LIBRARY_FAILURE;
+ int error;
+
sourceCert = PK11_MakeCertFromHandle(sourceSlot, id, NULL);
if (sourceCert == NULL) {
rv = SECFailure;
goto done;
}
nickname = PK11_GetObjectNickname(sourceSlot, id);
--- a/lib/pk11wrap/pk11obj.c
+++ b/lib/pk11wrap/pk11obj.c
@@ -1776,16 +1776,17 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OB
{ CKA_ID, NULL, 0 },
{ CKA_CLASS, NULL, 0 }
};
/* if you change the array, change the variable below as well */
CK_ATTRIBUTE *keyclass = &theTemplate[1];
int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
/* if you change the array, change the variable below as well */
CK_OBJECT_HANDLE peerID;
+ CK_OBJECT_HANDLE parent;
PLArenaPool *arena;
CK_RV crv;
/* now we need to create space for the public key */
arena = PORT_NewArena( DER_DEFAULT_CHUNKSIZE);
if (arena == NULL) return CK_INVALID_HANDLE;
crv = PK11_GetAttributes(arena,slot,searchID,theTemplate,tsize);
@@ -1804,16 +1805,17 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OB
return CK_INVALID_HANDLE;
}
/*
* issue the find
*/
+ parent = *(CK_OBJECT_CLASS *)(keyclass->pValue);
*(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass;
peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize);
PORT_FreeArena(arena,PR_FALSE);
return peerID;
}
--- a/lib/pk11wrap/pk11pk12.c
+++ b/lib/pk11wrap/pk11pk12.c
@@ -417,16 +417,17 @@ loser:
}
SECStatus
PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
SECKEYPrivateKeyInfo *pki, SECItem *nickname, SECItem *publicValue,
PRBool isPerm, PRBool isPrivate, unsigned int keyUsage,
SECKEYPrivateKey **privk, void *wincx)
{
+ CK_KEY_TYPE keyType = CKK_RSA;
SECStatus rv = SECFailure;
SECKEYRawPrivateKey *lpk = NULL;
const SEC_ASN1Template *keyTemplate, *paramTemplate;
void *paramDest = NULL;
PLArenaPool *arena = NULL;
arena = PORT_NewArena(2048);
if(!arena) {
@@ -443,33 +444,36 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK
switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
prepare_rsa_priv_key_export_for_asn1(lpk);
keyTemplate = SECKEY_RSAPrivateKeyExportTemplate;
paramTemplate = NULL;
paramDest = NULL;
lpk->keyType = rsaKey;
+ keyType = CKK_RSA;
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
prepare_dsa_priv_key_export_for_asn1(lpk);
keyTemplate = SECKEY_DSAPrivateKeyExportTemplate;
paramTemplate = SECKEY_PQGParamsTemplate;
paramDest = &(lpk->u.dsa.params);
lpk->keyType = dsaKey;
+ keyType = CKK_DSA;
break;
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
if(!publicValue) {
goto loser;
}
prepare_dh_priv_key_export_for_asn1(lpk);
keyTemplate = SECKEY_DHPrivateKeyExportTemplate;
paramTemplate = NULL;
paramDest = NULL;
lpk->keyType = dhKey;
+ keyType = CKK_DH;
break;
default:
keyTemplate = NULL;
paramTemplate = NULL;
paramDest = NULL;
break;
}
--- a/lib/pk11wrap/pk11slot.c
+++ b/lib/pk11wrap/pk11slot.c
@@ -550,20 +550,20 @@ PK11_FindSlotsByNames(const char *dllNam
for (i=0; i < mlp->module->slotCount; i++) {
PK11SlotInfo *tmpSlot = (mlp->module->slots?mlp->module->slots[i]:NULL);
PORT_Assert(tmpSlot);
if (!tmpSlot) {
rv = SECFailure;
break;
}
if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) &&
- ( (!tokenName) ||
- (0==PORT_Strcmp(tmpSlot->token_name, tokenName)) ) &&
- ( (!slotName) ||
- (0==PORT_Strcmp(tmpSlot->slot_name, slotName)) ) ) {
+ ( (!tokenName) || (tmpSlot->token_name &&
+ (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) &&
+ ( (!slotName) || (tmpSlot->slot_name &&
+ (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) {
if (tmpSlot) {
PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE);
slotcount++;
}
}
}
}
}
@@ -1100,16 +1100,17 @@ PK11_ReadMechanismList(PK11SlotInfo *slo
* of NSS. It reads the information associated with a card or token,
* that is not going to change unless the card or token changes.
*/
SECStatus
PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
{
CK_TOKEN_INFO tokenInfo;
CK_RV crv;
+ char *tmp;
SECStatus rv;
PRStatus status;
/* set the slot flags to the current token values */
if (!slot->isThreadSafe) PK11_EnterSlotMonitor(slot);
crv = PK11_GETTAB(slot)->C_GetTokenInfo(slot->slotID,&tokenInfo);
if (!slot->isThreadSafe) PK11_ExitSlotMonitor(slot);
if (crv != CKR_OK) {
@@ -1133,18 +1134,18 @@ PK11_InitToken(PK11SlotInfo *slot, PRBoo
? PR_TRUE : PR_FALSE);
slot->lastLoginCheck = 0;
slot->lastState = 0;
/* on some platforms Active Card incorrectly sets the
* CKF_PROTECTED_AUTHENTICATION_PATH bit when it doesn't mean to. */
if (slot->isActiveCard) {
slot->protectedAuthPath = PR_FALSE;
}
- (void)PK11_MakeString(NULL,slot->token_name,
- (char *)tokenInfo.label, sizeof(tokenInfo.label));
+ tmp = PK11_MakeString(NULL,slot->token_name,
+ (char *)tokenInfo.label, sizeof(tokenInfo.label));
slot->minPassword = tokenInfo.ulMinPinLen;
slot->maxPassword = tokenInfo.ulMaxPinLen;
PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial));
nssToken_UpdateName(slot->nssToken);
slot->defRWSession = (PRBool)((!slot->readOnly) &&
(tokenInfo.ulMaxSessionCount == 1));
@@ -1343,16 +1344,17 @@ pk11_isRootSlot(PK11SlotInfo *slot)
* this and InitToken is Init slot does those one time initialization stuff,
* usually associated with the reader, while InitToken may get called multiple
* times as tokens are removed and re-inserted.
*/
void
PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
{
SECStatus rv;
+ char *tmp;
CK_SLOT_INFO slotInfo;
slot->functionList = mod->functionList;
slot->isInternal = mod->internal;
slot->slotID = slotID;
slot->isThreadSafe = mod->isThreadSafe;
slot->hasRSAInfo = PR_FALSE;
@@ -1364,17 +1366,17 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT
/* test to make sure claimed mechanism work */
slot->needTest = mod->internal ? PR_FALSE : PR_TRUE;
slot->module = mod; /* NOTE: we don't make a reference here because
* modules have references to their slots. This
* works because modules keep implicit references
* from their slots, and won't unload and disappear
* until all their slots have been freed */
- (void)PK11_MakeString(NULL,slot->slot_name,
+ tmp = PK11_MakeString(NULL,slot->slot_name,
(char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);
#define ACTIVE_CARD "ActivCard SA"
slot->isActiveCard = (PRBool)(PORT_Strncmp((char *)slotInfo.manufacturerID,
ACTIVE_CARD, sizeof(ACTIVE_CARD)-1) == 0);
if ((slotInfo.flags & CKF_REMOVABLE_DEVICE) == 0) {
slot->isPerm = PR_TRUE;
/* permanment slots must have the token present always */
@@ -2045,17 +2047,17 @@ PK11_GetBestSlotMultipleWithAttributes(C
CK_FLAGS *mechanismInfoFlags, unsigned int *keySize,
unsigned int mech_count, void *wincx)
{
PK11SlotList *list = NULL;
PK11SlotListElement *le ;
PK11SlotInfo *slot = NULL;
PRBool freeit = PR_FALSE;
PRBool listNeedLogin = PR_FALSE;
- unsigned int i;
+ int i;
SECStatus rv;
list = PK11_GetSlotList(type[0]);
if ((list == NULL) || (list->head == NULL)) {
/* We need to look up all the tokens for the mechanism */
list = PK11_GetAllTokens(type[0],PR_FALSE,PR_TRUE,wincx);
freeit = PR_TRUE;
--- a/lib/pkcs12/p12d.c
+++ b/lib/pkcs12/p12d.c
@@ -2805,17 +2805,17 @@ SEC_PKCS12DecoderRenameCertNicknames(SEC
CERTCertificate *cert;
SECStatus srv;
if(!p12dcx || p12dcx->error || !p12dcx->safeBags || !nicknameCb) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- for (i = 0; (safeBag = p12dcx->safeBags[i]); i++) {
+ for (i = 0; safeBag = p12dcx->safeBags[i]; i++) {
SECItem *newNickname = NULL;
SECItem *defaultNickname = NULL;
SECStatus rename_rv;
if (SECOID_FindOIDTag(&(safeBag->safeBagType)) !=
SEC_OID_PKCS12_V1_CERT_BAG_ID) {
continue;
}
--- a/lib/pkcs12/p12e.c
+++ b/lib/pkcs12/p12e.c
@@ -690,16 +690,17 @@ sec_pkcs12_append_bag(SEC_PKCS12ExportCo
* the contents are set. The contents could be set later by the calling
* routine.
*/
sec_PKCS12SafeBag *
sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType,
void *bagData)
{
sec_PKCS12SafeBag *safeBag;
+ PRBool setName = PR_TRUE;
void *mark = NULL;
SECStatus rv = SECSuccess;
SECOidData *oidData = NULL;
if(!p12ctxt) {
return NULL;
}
@@ -734,16 +735,17 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12Export
break;
case SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID:
safeBag->safeBagContent.pkcs8ShroudedKeyBag =
(SECKEYEncryptedPrivateKeyInfo *)bagData;
break;
case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID:
safeBag->safeBagContent.safeContents =
(sec_PKCS12SafeContents *)bagData;
+ setName = PR_FALSE;
break;
default:
goto loser;
}
oidData = SECOID_FindOIDByTag(bagType);
if(oidData) {
rv = SECITEM_CopyItem(p12ctxt->arena, &safeBag->safeBagType, &oidData->oid);
@@ -1525,32 +1527,35 @@ sec_pkcs12_encoder_start_context(SEC_PKC
}
/* set up the authenticated safe content info based on the
* type of integrity being used. this should be changed to
* enforce integrity mode, but will not be implemented until
* it is confirmed that integrity must be in place
*/
if(p12exp->integrityEnabled && !p12exp->pwdIntegrity) {
+ SECStatus rv;
+
/* create public key integrity mode */
p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData(
p12exp->integrityInfo.pubkeyInfo.cert,
certUsageEmailSigner,
p12exp->integrityInfo.pubkeyInfo.certDb,
p12exp->integrityInfo.pubkeyInfo.algorithm,
NULL,
p12exp->pwfn,
p12exp->pwfnarg);
if(!p12enc->aSafeCinfo) {
goto loser;
}
if(SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo,NULL) != SECSuccess) {
goto loser;
}
- PORT_AssertSuccess(SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo));
+ rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo);
+ PORT_Assert(rv == SECSuccess);
} else {
p12enc->aSafeCinfo = SEC_PKCS7CreateData();
/* init password pased integrity mode */
if(p12exp->integrityEnabled) {
SECItem pwd = {siBuffer,NULL, 0};
SECItem *salt = sec_pkcs12_generate_salt();
PK11SymKey *symKey;
--- a/lib/pkcs7/p7decode.c
+++ b/lib/pkcs7/p7decode.c
@@ -1285,16 +1285,17 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
HASH_HashType digest_type,
PRBool keepcerts,
const PRTime *atTime)
{
SECAlgorithmID **digestalgs, *bulkid;
const SECItem *digest;
SECItem **digests;
SECItem **rawcerts;
+ CERTSignedCrl **crls;
SEC_PKCS7SignerInfo **signerinfos, *signerinfo;
CERTCertificate *cert, **certs;
PRBool goodsig;
CERTCertDBHandle *certdb, *defaultdb;
SECOidTag encTag,digestTag;
HASH_HashType found_type;
int i, certcount;
SECKEYPublicKey *publickey;
@@ -1334,30 +1335,32 @@ sec_pkcs7_verify_signature(SEC_PKCS7Cont
case SEC_OID_PKCS7_SIGNED_DATA:
{
SEC_PKCS7SignedData *sdp;
sdp = cinfo->content.signedData;
digestalgs = sdp->digestAlgorithms;
digests = sdp->digests;
rawcerts = sdp->rawCerts;
+ crls = sdp->crls;
signerinfos = sdp->signerInfos;
content_type = &(sdp->contentInfo.contentType);
sigkey = NULL;
bulkid = NULL;
}
break;
case SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA:
{
SEC_PKCS7SignedAndEnvelopedData *saedp;
saedp = cinfo->content.signedAndEnvelopedData;
digestalgs = saedp->digestAlgorithms;
digests = saedp->digests;
rawcerts = saedp->rawCerts;
+ crls = saedp->crls;
signerinfos = saedp->signerInfos;
content_type = &(saedp->encContentInfo.contentType);
sigkey = saedp->sigKey;
bulkid = &(saedp->encContentInfo.contentEncAlg);
}
break;
}
--- a/lib/pkcs7/p7encode.c
+++ b/lib/pkcs7/p7encode.c
@@ -54,20 +54,23 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKC
{
SECOidTag kind;
sec_PKCS7CipherObject *encryptobj;
SEC_PKCS7RecipientInfo **recipientinfos, *ri;
SEC_PKCS7EncryptedContentInfo *enccinfo;
SECKEYPublicKey *publickey = NULL;
SECKEYPrivateKey *ourPrivKey = NULL;
PK11SymKey *bulkkey;
- void *mark;
+ void *mark, *wincx;
int i;
PLArenaPool *arena = NULL;
+ /* Get the context in case we need it below. */
+ wincx = cinfo->pwfn_arg;
+
kind = SEC_PKCS7ContentType (cinfo);
switch (kind) {
default:
case SEC_OID_PKCS7_DATA:
case SEC_OID_PKCS7_DIGESTED_DATA:
case SEC_OID_PKCS7_SIGNED_DATA:
recipientinfos = NULL;
enccinfo = NULL;
--- a/lib/pkcs7/p7local.c
+++ b/lib/pkcs7/p7local.c
@@ -392,17 +392,17 @@ sec_PKCS7EncryptLength (sec_PKCS7CipherO
* added to it another block, all of which is padding.)
*/
SECStatus
sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, unsigned char *output,
unsigned int *output_len_p, unsigned int max_output_len,
const unsigned char *input, unsigned int input_len,
PRBool final)
{
- unsigned int blocks, bsize, pcount, padsize;
+ int blocks, bsize, pcount, padsize;
unsigned int max_needed, ifraglen, ofraglen, output_len;
unsigned char *pbuf;
SECStatus rv;
PORT_Assert (! obj->encrypt);
/*
* Check that we have enough room for the output. Our caller should
--- a/lib/pki/certificate.c
+++ b/lib/pki/certificate.c
@@ -890,25 +890,26 @@ NSS_EXTERN PRStatus
nssCertificateList_DoCallback (
nssList *certList,
PRStatus (* callback)(NSSCertificate *c, void *arg),
void *arg
)
{
nssListIterator *certs;
NSSCertificate *cert;
+ PRStatus nssrv;
certs = nssList_CreateIterator(certList);
if (!certs) {
return PR_FAILURE;
}
for (cert = (NSSCertificate *)nssListIterator_Start(certs);
cert != (NSSCertificate *)NULL;
cert = (NSSCertificate *)nssListIterator_Next(certs))
{
- (void)(*callback)(cert, arg);
+ nssrv = (*callback)(cert, arg);
}
nssListIterator_Finish(certs);
nssListIterator_Destroy(certs);
return PR_SUCCESS;
}
static PRStatus add_ref_callback(NSSCertificate *c, void *a)
{
--- a/lib/pki/pki3hack.c
+++ b/lib/pki/pki3hack.c
@@ -1267,17 +1267,17 @@ done:
** surviving entries to the front of the object list
** and nullifying the rest.
*/
static PRStatus
DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject)
{
int numNotDestroyed = 0; /* the ones skipped plus the failures */
int failureCount = 0; /* actual deletion failures by devices */
- unsigned int index;
+ int index;
nssPKIObject_AddRef(tObject);
nssPKIObject_Lock(tObject);
/* Keep going even if a module fails to delete. */
for (index = 0; index < tObject->numInstances; index++) {
nssCryptokiObject *instance = tObject->instances[index];
if (!instance) {
continue;
@@ -1322,17 +1322,17 @@ STAN_DeleteCertTrustMatchingSlot(NSSCert
{
PRStatus nssrv = PR_SUCCESS;
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
NSSTrust *nssTrust = nssTrustDomain_FindTrustForCertificate(td, c);
/* caller made sure nssTrust isn't NULL */
nssPKIObject *tobject = &nssTrust->object;
nssPKIObject *cobject = &c->object;
- unsigned int i;
+ int i;
/* Iterate through the cert and trust object instances looking for
* those with matching pk11 slots to delete. Even if some device
* can't delete we keep going. Keeping a status variable for the
* loop so that once it's failed the other gets set.
*/
NSSRWLock_LockRead(td->tokensLock);
nssPKIObject_AddRef(cobject);
--- a/lib/pki/pkibase.c
+++ b/lib/pki/pkibase.c
@@ -898,45 +898,46 @@ nssPKIObjectCollection_GetObjects (
}
NSS_IMPLEMENT PRStatus
nssPKIObjectCollection_Traverse (
nssPKIObjectCollection *collection,
nssPKIObjectCallback *callback
)
{
+ PRStatus status;
PRCList *link = PR_NEXT_LINK(&collection->head);
pkiObjectCollectionNode *node;
while (link != &collection->head) {
node = (pkiObjectCollectionNode *)link;
if (!node->haveObject) {
node->object = (*collection->createObject)(node->object);
if (!node->object) {
link = PR_NEXT_LINK(link);
/*remove bogus object from list*/
nssPKIObjectCollection_RemoveNode(collection,node);
continue;
}
node->haveObject = PR_TRUE;
}
switch (collection->objectType) {
case pkiObjectType_Certificate:
- (void)(*callback->func.cert)((NSSCertificate *)node->object,
+ status = (*callback->func.cert)((NSSCertificate *)node->object,
callback->arg);
break;
case pkiObjectType_CRL:
- (void)(*callback->func.crl)((NSSCRL *)node->object,
+ status = (*callback->func.crl)((NSSCRL *)node->object,
callback->arg);
break;
case pkiObjectType_PrivateKey:
- (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object,
+ status = (*callback->func.pvkey)((NSSPrivateKey *)node->object,
callback->arg);
break;
case pkiObjectType_PublicKey:
- (void)(*callback->func.pbkey)((NSSPublicKey *)node->object,
+ status = (*callback->func.pbkey)((NSSPublicKey *)node->object,
callback->arg);
break;
}
link = PR_NEXT_LINK(link);
}
return PR_SUCCESS;
}
@@ -1051,27 +1052,28 @@ cert_createObject(nssPKIObject *o)
}
NSS_IMPLEMENT nssPKIObjectCollection *
nssCertificateCollection_Create (
NSSTrustDomain *td,
NSSCertificate **certsOpt
)
{
+ PRStatus status;
nssPKIObjectCollection *collection;
collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor);
collection->objectType = pkiObjectType_Certificate;
collection->destroyObject = cert_destroyObject;
collection->getUIDFromObject = cert_getUIDFromObject;
collection->getUIDFromInstance = cert_getUIDFromInstance;
collection->createObject = cert_createObject;
if (certsOpt) {
for (; *certsOpt; certsOpt++) {
nssPKIObject *object = (nssPKIObject *)(*certsOpt);
- (void)nssPKIObjectCollection_AddObject(collection, object);
+ status = nssPKIObjectCollection_AddObject(collection, object);
}
}
return collection;
}
NSS_IMPLEMENT NSSCertificate **
nssPKIObjectCollection_GetCertificates (
nssPKIObjectCollection *collection,
@@ -1157,27 +1159,28 @@ crl_createObject(nssPKIObject *o)
}
NSS_IMPLEMENT nssPKIObjectCollection *
nssCRLCollection_Create (
NSSTrustDomain *td,
NSSCRL **crlsOpt
)
{
+ PRStatus status;
nssPKIObjectCollection *collection;
collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock);
collection->objectType = pkiObjectType_CRL;
collection->destroyObject = crl_destroyObject;
collection->getUIDFromObject = crl_getUIDFromObject;
collection->getUIDFromInstance = crl_getUIDFromInstance;
collection->createObject = crl_createObject;
if (crlsOpt) {
for (; *crlsOpt; crlsOpt++) {
nssPKIObject *object = (nssPKIObject *)(*crlsOpt);
- (void)nssPKIObjectCollection_AddObject(collection, object);
+ status = nssPKIObjectCollection_AddObject(collection, object);
}
}
return collection;
}
NSS_IMPLEMENT NSSCRL **
nssPKIObjectCollection_GetCRLs (
nssPKIObjectCollection *collection,
--- a/lib/pki/tdcache.c
+++ b/lib/pki/tdcache.c
@@ -324,17 +324,17 @@ NSS_IMPLEMENT void
nssTrustDomain_RemoveCertFromCacheLOCKED (
NSSTrustDomain *td,
NSSCertificate *cert
)
{
nssList *subjectList;
cache_entry *ce;
NSSArena *arena;
- NSSUTF8 *nickname = NULL;
+ NSSUTF8 *nickname;
#ifdef DEBUG_CACHE
log_cert_ref("attempt to remove cert", cert);
#endif
ce = (cache_entry *)nssHash_Lookup(td->cache->issuerAndSN, cert);
if (!ce || ce->entry.cert != cert) {
/* If it's not in the cache, or a different cert is (this is really
* for safety reasons, though it shouldn't happen), do nothing
@@ -771,38 +771,32 @@ add_cert_to_cache (
nssrv = add_subject_entry(arena, td->cache, cert,
certNickname, &subjectList);
if (nssrv != PR_SUCCESS) {
goto loser;
}
added++;
/* If a new subject entry was created, also need nickname and/or email */
if (subjectList != NULL) {
-#ifdef nodef
PRBool handle = PR_FALSE;
-#endif
if (certNickname) {
nssrv = add_nickname_entry(arena, td->cache,
certNickname, subjectList);
if (nssrv != PR_SUCCESS) {
goto loser;
}
-#ifdef nodef
handle = PR_TRUE;
-#endif
added++;
}
if (cert->email) {
nssrv = add_email_entry(td->cache, cert, subjectList);
if (nssrv != PR_SUCCESS) {
goto loser;
}
-#ifdef nodef
handle = PR_TRUE;
-#endif
added += 2;
}
#ifdef nodef
/* I think either a nickname or email address must be associated
* with the cert. However, certs are passed to NewTemp without
* either. This worked in the old code, so it must work now.
*/
if (!handle) {
--- a/lib/pki/trustdomain.c
+++ b/lib/pki/trustdomain.c
@@ -986,16 +986,17 @@ collector(nssCryptokiObject *instance, v
NSS_IMPLEMENT PRStatus *
NSSTrustDomain_TraverseCertificates (
NSSTrustDomain *td,
PRStatus (*callback)(NSSCertificate *c, void *arg),
void *arg
)
{
+ PRStatus status = PR_FAILURE;
NSSToken *token = NULL;
NSSSlot **slots = NULL;
NSSSlot **slotp;
nssPKIObjectCollection *collection = NULL;
nssPKIObjectCallback pkiCallback;
nssUpdateLevel updateLevel;
NSSCertificate **cached = NULL;
nssList *certList;
@@ -1022,30 +1023,30 @@ NSSTrustDomain_TraverseCertificates (
token = nssSlot_GetToken(*slotp);
if (token) {
nssSession *session;
nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
/* get a session for the token */
session = nssTrustDomain_GetSessionForToken(td, token);
if (session) {
/* perform the traversal */
- (void)nssToken_TraverseCertificates(token,
+ status = nssToken_TraverseCertificates(token,
session,
tokenOnly,
collector,
collection);
}
nssToken_Destroy(token);
}
}
/* Traverse the collection */
pkiCallback.func.cert = callback;
pkiCallback.arg = arg;
- (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback);
+ status = nssPKIObjectCollection_Traverse(collection, &pkiCallback);
loser:
if (slots) {
nssSlotArray_Destroy(slots);
}
if (collection) {
nssPKIObjectCollection_Destroy(collection);
}
return NULL;
--- a/lib/smime/cmsasn1.c
+++ b/lib/smime/cmsasn1.c
@@ -46,16 +46,20 @@ const SEC_ASN1Template NSSCMSMessageTemp
offsetof(NSSCMSMessage,contentInfo.contentType) },
{ SEC_ASN1_OPTIONAL | SEC_ASN1_DYNAMIC | SEC_ASN1_MAY_STREAM
| SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
offsetof(NSSCMSMessage,contentInfo.content),
&nss_cms_chooser },
{ 0 }
};
+static const SEC_ASN1Template NSS_PointerToCMSMessageTemplate[] = {
+ { SEC_ASN1_POINTER, 0, NSSCMSMessageTemplate }
+};
+
/* -----------------------------------------------------------------------------
* ENCAPSULATED & ENCRYPTED CONTENTINFO
* (both use a NSSCMSContentInfo)
*/
static const SEC_ASN1Template NSSCMSEncapsulatedContentInfoTemplate[] = {
{ SEC_ASN1_SEQUENCE | SEC_ASN1_MAY_STREAM,
0, NULL, sizeof(NSSCMSContentInfo) },
{ SEC_ASN1_OBJECT_ID,
--- a/lib/smime/cmscipher.c
+++ b/lib/smime/cmscipher.c
@@ -361,17 +361,17 @@ NSS_CMSCipherContext_EncryptLength(NSSCM
* added to it another block, all of which is padding.)
*/
SECStatus
NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
unsigned int *output_len_p, unsigned int max_output_len,
const unsigned char *input, unsigned int input_len,
PRBool final)
{
- unsigned int blocks, bsize, pcount, padsize;
+ int blocks, bsize, pcount, padsize;
unsigned int max_needed, ifraglen, ofraglen, output_len;
unsigned char *pbuf;
SECStatus rv;
PORT_Assert (! cc->encrypt);
/*
* Check that we have enough room for the output. Our caller should
--- a/lib/smime/cmsencode.c
+++ b/lib/smime/cmsencode.c
@@ -117,23 +117,25 @@ nss_cms_encoder_out(void *arg, const cha
* encryption and/or digesting and possibly set up child encoders.
*/
static void
nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth)
{
NSSCMSEncoderContext *p7ecx;
NSSCMSContentInfo *rootcinfo, *cinfo;
PRBool after = !before;
+ PLArenaPool *poolp;
SECOidTag childtype;
SECItem *item;
p7ecx = (NSSCMSEncoderContext *)arg;
PORT_Assert(p7ecx != NULL);
rootcinfo = &(p7ecx->cmsg->contentInfo);
+ poolp = p7ecx->cmsg->poolp;
#ifdef CMSDEBUG
fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth);
#endif
/*
* Watch for the content field, at which point we want to instruct
* the ASN.1 encoder to start taking bytes from the buffer.
@@ -194,19 +196,22 @@ nss_cms_encoder_notify(void *arg, PRBool
* nss_cms_before_data - setup the current encoder to receive data
*/
static SECStatus
nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
{
SECStatus rv;
SECOidTag childtype;
NSSCMSContentInfo *cinfo;
+ PLArenaPool *poolp;
NSSCMSEncoderContext *childp7ecx;
const SEC_ASN1Template *template;
+ poolp = p7ecx->cmsg->poolp;
+
/* call _Encode_BeforeData handlers */
switch (p7ecx->type) {
case SEC_OID_PKCS7_SIGNED_DATA:
/* we're encoding a signedData, so set up the digests */
rv = NSS_CMSSignedData_Encode_BeforeData(p7ecx->content.signedData);
break;
case SEC_OID_PKCS7_DIGESTED_DATA:
/* we're encoding a digestedData, so set up the digest */
--- a/lib/smime/cmsrecinfo.c
+++ b/lib/smime/cmsrecinfo.c
@@ -521,39 +521,42 @@ NSS_CMSRecipientInfo_WrapBulkKey(NSSCMSR
return rv;
}
PK11SymKey *
NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
{
PK11SymKey *bulkkey = NULL;
+ SECAlgorithmID *encalg;
SECOidTag encalgtag;
SECItem *enckey;
int error;
ri->cert = CERT_DupCertificate(cert);
/* mark the recipientInfo so we can find it later */
switch (ri->recipientInfoType) {
case NSSCMSRecipientInfoID_KeyTrans:
+ encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg);
encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */
switch (encalgtag) {
case SEC_OID_PKCS1_RSA_ENCRYPTION:
/* RSA encryption algorithm: */
/* get the symmetric (bulk) key by unwrapping it using our private key */
bulkkey = NSS_CMSUtil_DecryptSymKey_RSA(privkey, enckey, bulkalgtag);
break;
default:
error = SEC_ERROR_UNSUPPORTED_KEYALG;
goto loser;
}
break;
case NSSCMSRecipientInfoID_KeyAgree:
+ encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg);
encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
switch (encalgtag) {
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
/* Diffie-Helman key exchange */
/* XXX not yet implemented */
/* XXX problem: SEC_OID_X942_DIFFIE_HELMAN_KEY points to a PKCS3 mechanism! */
/* we support ephemeral-static DH only, so if the recipientinfo */
@@ -565,16 +568,17 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCM
goto loser;
break;
default:
error = SEC_ERROR_UNSUPPORTED_KEYALG;
goto loser;
}
break;
case NSSCMSRecipientInfoID_KEK:
+ encalg = &(ri->ri.kekRecipientInfo.keyEncAlg);
encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
enckey = &(ri->ri.kekRecipientInfo.encKey);
/* not supported yet */
error = SEC_ERROR_UNSUPPORTED_KEYALG;
goto loser;
break;
}
/* XXXX continue here */
--- a/lib/smime/cmsudf.c
+++ b/lib/smime/cmsudf.c
@@ -74,24 +74,24 @@ nss_cmstype_shutdown(void *appData, void
nsscmstypeOnce = nsscmstypeClearOnce;
}
return SECSuccess;
}
static PLHashNumber
nss_cmstype_hash_key(const void *key)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber) key;
}
static PRIntn
nss_cmstype_compare_keys(const void *v1, const void *v2)
{
- PLHashNumber value1 = nss_cmstype_hash_key(v1);
- PLHashNumber value2 = nss_cmstype_hash_key(v2);
+ PLHashNumber value1 = (PLHashNumber) v1;
+ PLHashNumber value2 = (PLHashNumber) v2;
return (value1 == value2);
}
/*
* initialize our hash tables, called once on the first attemat to register
* a new SMIME type.
*/
--- a/lib/smime/smimeutil.c
+++ b/lib/smime/smimeutil.c
@@ -754,27 +754,29 @@ loser:
return cert;
}
extern const char __nss_smime_version[];
PRBool
NSSSMIME_VersionCheck(const char *importedVersion)
{
-#define NSS_VERSION_VARIABLE __nss_smime_version
-#include "verref.h"
/*
* This is the secret handshake algorithm.
*
* This release has a simple version compatibility
* check algorithm. This release is not backward
* compatible with previous major releases. It is
* not compatible with future major, minor, or
* patch releases.
*/
+ volatile char c; /* force a reference that won't get optimized away */
+
+ c = __nss_smime_version[0];
+
return NSS_VersionCheck(importedVersion);
}
const char *
NSSSMIME_GetVersion(void)
{
return NSS_VERSION;
}
--- a/lib/softoken/legacydb/keydb.c
+++ b/lib/softoken/legacydb/keydb.c
@@ -1471,19 +1471,17 @@ seckey_encrypt_private_key( PLArenaPool
{
NSSLOWKEYPrivateKeyInfo *pki = NULL;
SECStatus rv = SECFailure;
PLArenaPool *temparena = NULL;
SECItem *der_item = NULL;
SECItem *cipherText = NULL;
SECItem *dummy = NULL;
#ifndef NSS_DISABLE_ECC
-#ifdef EC_DEBUG
SECItem *fordebug = NULL;
-#endif
int savelen;
#endif
temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
if(temparena == NULL)
goto loser;
/* allocate structures */
@@ -1586,21 +1584,19 @@ seckey_encrypt_private_key( PLArenaPool
/* At this point dummy should contain the encoded params */
rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
SEC_OID_ANSIX962_EC_PUBLIC_KEY, dummy);
if (rv == SECFailure) {
goto loser;
}
-#ifdef EC_DEBUG
fordebug = &(pki->privateKey);
SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey",
pk->keyType, fordebug);
-#endif
break;
#endif /* NSS_DISABLE_ECC */
default:
/* We don't support DH or Fortezza private keys yet */
PORT_Assert(PR_FALSE);
break;
}
@@ -1703,17 +1699,17 @@ static NSSLOWKEYPrivateKey *
seckey_decrypt_private_key(SECItem*epki,
SDB *sdbpw)
{
NSSLOWKEYPrivateKey *pk = NULL;
NSSLOWKEYPrivateKeyInfo *pki = NULL;
SECStatus rv = SECFailure;
PLArenaPool *temparena = NULL, *permarena = NULL;
SECItem *dest = NULL;
-#ifdef EC_DEBUG
+#ifndef NSS_DISABLE_ECC
SECItem *fordebug = NULL;
#endif
if((epki == NULL) || (sdbpw == NULL))
goto loser;
temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
permarena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
@@ -1816,21 +1812,19 @@ seckey_decrypt_private_key(SECItem*epki,
lg_nsslowkey_DHPrivateKeyTemplate,
&newPrivateKey);
break;
#ifndef NSS_DISABLE_ECC
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
pk->keyType = NSSLOWKEYECKey;
lg_prepare_low_ec_priv_key_for_asn1(pk);
-#ifdef EC_DEBUG
fordebug = &pki->privateKey;
SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey",
pk->keyType, fordebug);
-#endif
if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
&pki->privateKey) ) break;
rv = SEC_QuickDERDecodeItem(permarena, pk,
lg_nsslowkey_ECPrivateKeyTemplate,
&newPrivateKey);
if (rv != SECSuccess)
goto loser;
@@ -1991,53 +1985,59 @@ nsslowkey_FindKeyNicknameByPublicKey(NSS
}
/* ===== ENCODING ROUTINES ===== */
static SECStatus
encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
SECItem *encCheck)
{
SECOidData *oidData;
+ SECStatus rv;
oidData = SECOID_FindOIDByTag(alg);
if ( oidData == NULL ) {
- return SECFailure;
+ rv = SECFailure;
+ goto loser;
}
entry->len = 1 + oidData->oid.len + encCheck->len;
if ( arena ) {
entry->data = (unsigned char *)PORT_ArenaAlloc(arena, entry->len);
} else {
entry->data = (unsigned char *)PORT_Alloc(entry->len);
}
if ( entry->data == NULL ) {
- return SECFailure;
+ goto loser;
}
/* first length of oid */
entry->data[0] = (unsigned char)oidData->oid.len;
/* next oid itself */
PORT_Memcpy(&entry->data[1], oidData->oid.data, oidData->oid.len);
/* finally the encrypted check string */
PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data,
encCheck->len);
- return SECSuccess;
+ return(SECSuccess);
+
+loser:
+ return(SECFailure);
}
#define MAX_DB_SIZE 0xffff
/*
* Clear out all the keys in the existing database
*/
static SECStatus
nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle)
{
SECStatus rv;
+ int ret;
int errors = 0;
if ( handle->db == NULL ) {
return(SECSuccess);
}
if (handle->readOnly) {
/* set an error code */
@@ -2075,119 +2075,125 @@ nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *
}
}
if ( rv != SECSuccess ) {
errors++;
}
done:
/* sync the database */
- (void)keydb_Sync(handle, 0);
+ ret = keydb_Sync(handle, 0);
db_InitComplete(handle->db);
return (errors == 0 ? SECSuccess : SECFailure);
}
static int
keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
{
+ PRStatus prstat;
int ret;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
PORT_Assert(kdbLock != NULL);
PZ_Lock(kdbLock);
ret = (* db->get)(db, key, data, flags);
- (void)PZ_Unlock(kdbLock);
+ prstat = PZ_Unlock(kdbLock);
return(ret);
}
static int
keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
{
+ PRStatus prstat;
int ret = 0;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
PORT_Assert(kdbLock != NULL);
PZ_Lock(kdbLock);
ret = (* db->put)(db, key, data, flags);
- (void)PZ_Unlock(kdbLock);
+ prstat = PZ_Unlock(kdbLock);
return(ret);
}
static int
keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags)
{
+ PRStatus prstat;
int ret;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
PORT_Assert(kdbLock != NULL);
PZ_Lock(kdbLock);
ret = (* db->sync)(db, flags);
- (void)PZ_Unlock(kdbLock);
+ prstat = PZ_Unlock(kdbLock);
return(ret);
}
static int
keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags)
{
+ PRStatus prstat;
int ret;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
PORT_Assert(kdbLock != NULL);
PZ_Lock(kdbLock);
ret = (* db->del)(db, key, flags);
- (void)PZ_Unlock(kdbLock);
+ prstat = PZ_Unlock(kdbLock);
return(ret);
}
static int
keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
{
+ PRStatus prstat;
int ret;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
PORT_Assert(kdbLock != NULL);
PZ_Lock(kdbLock);
ret = (* db->seq)(db, key, data, flags);
- (void)PZ_Unlock(kdbLock);
+ prstat = PZ_Unlock(kdbLock);
return(ret);
}
static void
keydb_Close(NSSLOWKEYDBHandle *kdb)
{
+ PRStatus prstat;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
PORT_Assert(kdbLock != NULL);
SKIP_AFTER_FORK(PZ_Lock(kdbLock));
(* db->close)(db);
- SKIP_AFTER_FORK(PZ_Unlock(kdbLock));
+ SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock));
return;
}
/*
* SDB Entry Points for the Key DB
*/
--- a/lib/softoken/legacydb/lgattr.c
+++ b/lib/softoken/legacydb/lgattr.c
@@ -205,16 +205,18 @@ lg_invalidAttribute(CK_ATTRIBUTE *attr)
CK_BBOOL lg_staticTrueValue = CK_TRUE;
CK_BBOOL lg_staticFalseValue = CK_FALSE;
static const CK_ATTRIBUTE lg_StaticTrueAttr =
LG_DEF_ATTRIBUTE(&lg_staticTrueValue,sizeof(lg_staticTrueValue));
static const CK_ATTRIBUTE lg_StaticFalseAttr =
LG_DEF_ATTRIBUTE(&lg_staticFalseValue,sizeof(lg_staticFalseValue));
static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL,0);
char lg_StaticOneValue = 1;
+static const CK_ATTRIBUTE lg_StaticOneAttr =
+ LG_DEF_ATTRIBUTE(&lg_StaticOneValue,sizeof(lg_StaticOneValue));
/*
* helper functions which get the database and call the underlying
* low level database function.
*/
static char *
lg_FindKeyNicknameByPublicKey(SDB *sdb, SECItem *dbKey)
{
@@ -427,16 +429,21 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey
break;
#endif /* NSS_DISABLE_ECC */
default:
break;
}
return pubItem;
}
+static const SEC_ASN1Template lg_SerialTemplate[] = {
+ { SEC_ASN1_INTEGER, offsetof(NSSLOWCERTCertificate,serialNumber) },
+ { 0 }
+};
+
static CK_RV
lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *attribute)
{
unsigned char hash[SHA1_LENGTH];
CK_KEY_TYPE keyType = CKK_RSA;
switch (type) {
--- a/lib/softoken/legacydb/lginit.c
+++ b/lib/softoken/legacydb/lginit.c
@@ -471,24 +471,24 @@ lg_Close(SDB *sdb)
}
PORT_Free(sdb);
return CKR_OK;
}
static PLHashNumber
lg_HashNumber(const void *key)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber) key;
}
PRIntn
lg_CompareValues(const void *v1, const void *v2)
{
- PLHashNumber value1 = lg_HashNumber(v1);
- PLHashNumber value2 = lg_HashNumber(v2);
+ PLHashNumber value1 = (PLHashNumber) v1;
+ PLHashNumber value2 = (PLHashNumber) v2;
return (value1 == value2);
}
/*
* helper function to wrap a NSSLOWCERTCertDBHandle or a NSSLOWKEYDBHandle
* with and sdb structure.
*/
CK_RV
@@ -582,19 +582,19 @@ loser:
CK_RV
legacy_Open(const char *configdir, const char *certPrefix,
const char *keyPrefix, int certVersion, int keyVersion,
int flags, SDB **certDB, SDB **keyDB)
{
CK_RV crv = CKR_OK;
SECStatus rv;
PRBool readOnly = (flags == SDB_RDONLY)? PR_TRUE: PR_FALSE;
+ volatile char c; /* force a reference that won't get optimized away */
-#define NSS_VERSION_VARIABLE __nss_dbm_version
-#include "verref.h"
+ c = __nss_dbm_version[0];
rv = SECOID_Init();
if (SECSuccess != rv) {
return CKR_DEVICE_ERROR;
}
nsslowcert_InitLocks();
if (keyDB) *keyDB = NULL;
--- a/lib/softoken/legacydb/pcertdb.c
+++ b/lib/softoken/legacydb/pcertdb.c
@@ -98,22 +98,23 @@ nsslowcert_LockDB(NSSLOWCERTCertDBHandle
}
/*
* Free the global cert database lock.
*/
static void
nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle)
{
-#ifdef DEBUG
- PRStatus prstat = PZ_ExitMonitor(handle->dbMon);
+ PRStatus prstat;
+
+ prstat = PZ_ExitMonitor(handle->dbMon);
+
PORT_Assert(prstat == PR_SUCCESS);
-#else
- PZ_ExitMonitor(handle->dbMon);
-#endif
+
+ return;
}
/*
* Acquire the cert reference count lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
@@ -128,26 +129,25 @@ nsslowcert_LockCertRefCount(NSSLOWCERTCe
}
/*
* Free the cert reference count lock
*/
static void
nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert)
{
+ PRStatus prstat;
+
PORT_Assert(certRefCountLock != NULL);
-#ifdef DEBUG
- {
- PRStatus prstat = PZ_Unlock(certRefCountLock);
- PORT_Assert(prstat == PR_SUCCESS);
- }
-#else
- PZ_Unlock(certRefCountLock);
-#endif
+ prstat = PZ_Unlock(certRefCountLock);
+
+ PORT_Assert(prstat == PR_SUCCESS);
+
+ return;
}
/*
* Acquire the cert trust lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
*/
@@ -161,26 +161,25 @@ nsslowcert_LockCertTrust(NSSLOWCERTCerti
}
/*
* Free the cert trust lock
*/
static void
nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert)
{
+ PRStatus prstat;
+
PORT_Assert(certTrustLock != NULL);
-#ifdef DEBUG
- {
- PRStatus prstat = PZ_Unlock(certTrustLock);
- PORT_Assert(prstat == PR_SUCCESS);
- }
-#else
- PZ_Unlock(certTrustLock);
-#endif
+ prstat = PZ_Unlock(certTrustLock);
+
+ PORT_Assert(prstat == PR_SUCCESS);
+
+ return;
}
/*
* Acquire the cert reference count lock
* There is currently one global lock for all certs, but I'm putting a cert
* arg here so that it will be easy to make it per-cert in the future if
* that turns out to be necessary.
@@ -195,130 +194,135 @@ nsslowcert_LockFreeList(void)
}
/*
* Free the cert reference count lock
*/
static void
nsslowcert_UnlockFreeList(void)
{
+ PRStatus prstat = PR_SUCCESS;
+
PORT_Assert(freeListLock != NULL);
-#ifdef DEBUG
- {
- PRStatus prstat = PR_SUCCESS;
- SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock));
- PORT_Assert(prstat == PR_SUCCESS);
- }
-#else
- SKIP_AFTER_FORK(PZ_Unlock(freeListLock));
-#endif
+ SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock));
+
+ PORT_Assert(prstat == PR_SUCCESS);
+
+ return;
}
NSSLOWCERTCertificate *
nsslowcert_DupCertificate(NSSLOWCERTCertificate *c)
{
if (c) {
nsslowcert_LockCertRefCount(c);
++c->referenceCount;
nsslowcert_UnlockCertRefCount(c);
}
return c;
}
static int
certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags)
{
+ PRStatus prstat;
int ret;
PORT_Assert(dbLock != NULL);
PZ_Lock(dbLock);
ret = (* db->get)(db, key, data, flags);
- (void)PZ_Unlock(dbLock);
+ prstat = PZ_Unlock(dbLock);
return(ret);
}
static int
certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags)
{
+ PRStatus prstat;
int ret = 0;
PORT_Assert(dbLock != NULL);
PZ_Lock(dbLock);
ret = (* db->put)(db, key, data, flags);
- (void)PZ_Unlock(dbLock);
+ prstat = PZ_Unlock(dbLock);
return(ret);
}
static int
certdb_Sync(DB *db, unsigned int flags)
{
+ PRStatus prstat;
int ret;
PORT_Assert(dbLock != NULL);
PZ_Lock(dbLock);
ret = (* db->sync)(db, flags);
- (void)PZ_Unlock(dbLock);
+ prstat = PZ_Unlock(dbLock);
return(ret);
}
#define DB_NOT_FOUND -30991 /* from DBM 3.2 */
static int
certdb_Del(DB *db, DBT *key, unsigned int flags)
{
+ PRStatus prstat;
int ret;
PORT_Assert(dbLock != NULL);
PZ_Lock(dbLock);
ret = (* db->del)(db, key, flags);
- (void)PZ_Unlock(dbLock);
+ prstat = PZ_Unlock(dbLock);
/* don't fail if the record is already deleted */
if (ret == DB_NOT_FOUND) {
ret = 0;
}
return(ret);
}
static int
certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags)
{
+ PRStatus prstat;
int ret;
PORT_Assert(dbLock != NULL);
PZ_Lock(dbLock);
ret = (* db->seq)(db, key, data, flags);
- (void)PZ_Unlock(dbLock);
+ prstat = PZ_Unlock(dbLock);
return(ret);
}
static void
certdb_Close(DB *db)
{
+ PRStatus prstat = PR_SUCCESS;
+
PORT_Assert(dbLock != NULL);
SKIP_AFTER_FORK(PZ_Lock(dbLock));
(* db->close)(db);
- SKIP_AFTER_FORK(PZ_Unlock(dbLock));
+ SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock));
return;
}
void
pkcs11_freeNickname(char *nickname, char *space)
{
if (nickname && nickname != space) {
@@ -2421,16 +2425,17 @@ static certDBEntrySubject *
NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey,
SECItem *keyID, char *nickname, char *emailAddr,
unsigned int flags)
{
PLArenaPool *arena = NULL;
certDBEntrySubject *entry;
SECStatus rv;
unsigned int nnlen;
+ unsigned int eaddrlen;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
goto loser;
}
entry = (certDBEntrySubject *)PORT_ArenaAlloc(arena,
@@ -2470,16 +2475,17 @@ NewDBSubjectEntry(SECItem *derSubject, S
/* copy email addr */
if ( emailAddr && ( *emailAddr != '\0' ) ) {
emailAddr = nsslowcert_FixupEmailAddr(emailAddr);
if ( emailAddr == NULL ) {
entry->emailAddrs = NULL;
goto loser;
}
+ eaddrlen = PORT_Strlen(emailAddr) + 1;
entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *));
if ( entry->emailAddrs == NULL ) {
PORT_Free(emailAddr);
goto loser;
}
entry->emailAddrs[0] = PORT_ArenaStrdup(arena,emailAddr);
if (entry->emailAddrs[0]) {
entry->nemailAddrs = 1;
@@ -3575,16 +3581,17 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handl
DBT key, data;
unsigned char *buf, *tmpbuf = NULL;
certDBEntryType type;
certDBEntryNickname *nnEntry = NULL;
certDBEntrySubject *subjectEntry = NULL;
certDBEntrySMime *emailEntry = NULL;
char *nickname;
char *emailAddr;
+ SECStatus rv;
/*
* Sequence through the old database and copy all of the entries
* to the new database. Subject name entries will have the new
* fields inserted into them (with zero length).
*/
ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST);
if ( ret ) {
@@ -3688,17 +3695,17 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handl
}
subjectEntry->nickname =
(char *)PORT_ArenaAlloc(subjectEntry->common.arena,
key.size - 1);
if ( subjectEntry->nickname ) {
PORT_Memcpy(subjectEntry->nickname, nickname,
key.size - 1);
- (void)WriteDBSubjectEntry(handle, subjectEntry);
+ rv = WriteDBSubjectEntry(handle, subjectEntry);
}
} else if ( type == certDBEntryTypeSMimeProfile ) {
emailAddr = &((char *)key.data)[1];
/* get the matching smime entry in the new DB */
emailEntry = nsslowcert_ReadDBSMimeEntry(handle, emailAddr);
if ( emailEntry == NULL ) {
goto endloop;
@@ -3717,17 +3724,17 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handl
if ( subjectEntry->emailAddrs ) {
subjectEntry->emailAddrs[0] =
(char *)PORT_ArenaAlloc(subjectEntry->common.arena,
key.size - 1);
if ( subjectEntry->emailAddrs[0] ) {
PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr,
key.size - 1);
subjectEntry->nemailAddrs = 1;
- (void)WriteDBSubjectEntry(handle, subjectEntry);
+ rv = WriteDBSubjectEntry(handle, subjectEntry);
}
}
}
endloop:
if ( subjectEntry ) {
DestroyDBEntry((certDBEntry *)subjectEntry);
subjectEntry = NULL;
@@ -3779,23 +3786,24 @@ updateV5Callback(NSSLOWCERTCertificate *
return(SECSuccess);
}
static SECStatus
UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
{
NSSLOWCERTCertDBHandle updatehandle;
+ SECStatus rv;
updatehandle.permCertDB = updatedb;
updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB);
updatehandle.dbVerify = 0;
updatehandle.ref = 1; /* prevent premature close */
- (void)nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback,
+ rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback,
(void *)handle);
PZ_DestroyMonitor(updatehandle.dbMon);
(* updatedb->close)(updatedb);
return(SECSuccess);
}
@@ -5058,32 +5066,36 @@ nsslowcert_DestroyCertificateNoLocking(N
* Lookup a CRL in the databases. We mirror the same fast caching data base
* caching stuff used by certificates....?
*/
certDBEntryRevocation *
nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
SECItem *crlKey, PRBool isKRL)
{
SECItem keyitem;
+ DBT key;
SECStatus rv;
PLArenaPool *arena = NULL;
certDBEntryRevocation *entry = NULL;
certDBEntryType crlType = isKRL ? certDBEntryTypeKeyRevocation
: certDBEntryTypeRevocation;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
goto loser;
}
rv = EncodeDBGenericKey(crlKey, arena, &keyitem, crlType);
if ( rv != SECSuccess ) {
goto loser;
}
+ key.data = keyitem.data;
+ key.size = keyitem.len;
+
/* find in perm database */
entry = ReadDBCrlEntry(handle, crlKey, crlType);
if ( entry == NULL ) {
goto loser;
}
loser:
--- a/lib/softoken/lowpbe.c
+++ b/lib/softoken/lowpbe.c
@@ -511,17 +511,17 @@ nsspkcs5_PKCS12PBE(const SECHashObject *
hashObject->end(hash, iterBuf, &hashLen, hashObject->length);
if(hashLen != hashObject->length) {
break;
}
}
PORT_Memcpy(Ai, iterBuf, hashLength);
- for (Bidx = 0; Bidx < (int)B.len; Bidx += hashLength) {
+ for (Bidx = 0; Bidx < B.len; Bidx += hashLength) {
PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength));
}
k = I.len/B.len;
for(j = 0; j < k; j++) {
unsigned int q, carryBit;
unsigned char *Ij = I.data + j*B.len;
--- a/lib/softoken/pkcs11.c
+++ b/lib/softoken/pkcs11.c
@@ -1741,17 +1741,17 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKO
&pubKey->u.ec.ecParams) != SECSuccess) {
crv = CKR_DOMAIN_PARAMS_INVALID;
break;
}
crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue,
object,CKA_EC_POINT);
if (crv == CKR_OK) {
- unsigned int keyLen,curveLen;
+ int keyLen,curveLen;
curveLen = (pubKey->u.ec.ecParams.fieldID.size +7)/8;
keyLen = (2*curveLen)+1;
/* special note: We can't just use the first byte to determine
* between these 2 cases because both EC_POINT_FORM_UNCOMPRESSED
* and SEC_ASN1_OCTET_STRING are 0x04 */
@@ -2216,17 +2216,17 @@ CK_RV C_GetFunctionList(CK_FUNCTION_LIST
CHECK_FORK();
return NSC_GetFunctionList(pFunctionList);
}
static PLHashNumber
sftk_HashNumber(const void *key)
{
- return (PLHashNumber)((char *)key - (char *)NULL);
+ return (PLHashNumber) key;
}
/*
* eventually I'd like to expunge all occurances of XXX_SLOT_ID and
* just go with the info in the slot. This is one place, however,
* where it might be a little difficult.
*/
const char *
@@ -3139,21 +3139,21 @@ CK_RV NSC_Finalize (CK_VOID_PTR pReserve
return crv;
}
extern const char __nss_softokn_version[];
/* NSC_GetInfo returns general information about Cryptoki. */
CK_RV NSC_GetInfo(CK_INFO_PTR pInfo)
{
-#define NSS_VERSION_VARIABLE __nss_softokn_version
-#include "verref.h"
+ volatile char c; /* force a reference that won't get optimized away */
CHECK_FORK();
+ c = __nss_softokn_version[0];
pInfo->cryptokiVersion.major = 2;
pInfo->cryptokiVersion.minor = 20;
PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
pInfo->libraryVersion.major = SOFTOKEN_VMAJOR;
pInfo->libraryVersion.minor = SOFTOKEN_VMINOR;
PORT_Memcpy(pInfo->libraryDescription,libraryDescription,32);
pInfo->flags = 0;
return CKR_OK;
@@ -4000,17 +4000,17 @@ CK_RV NSC_Logout(CK_SESSION_HANDLE hSess
*/
static CK_RV sftk_CreateNewSlot(SFTKSlot *slot, CK_OBJECT_CLASS class,
SFTKObject *object)
{
PRBool isValidUserSlot = PR_FALSE;
PRBool isValidFIPSUserSlot = PR_FALSE;
PRBool isValidSlot = PR_FALSE;
PRBool isFIPS = PR_FALSE;
- unsigned long moduleIndex = NSC_NON_FIPS_MODULE;
+ unsigned long moduleIndex;
SFTKAttribute *attribute;
sftk_parameters paramStrings;
char *paramString;
CK_SLOT_ID slotID = 0;
SFTKSlot *newSlot = NULL;
CK_RV crv = CKR_OK;
if (class != CKO_NETSCAPE_DELSLOT && class != CKO_NETSCAPE_NEWSLOT) {
@@ -4509,17 +4509,17 @@ sftk_searchDatabase(SFTKDBHandle *handle
* pk11wrap so that it will work with other tokens other than softoken.
*/
CK_RV
sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle,
SFTKSearchResults *search, CK_ATTRIBUTE *pTemplate, CK_ULONG ulCount)
{
PRBool isCert = PR_FALSE;
int emailIndex = -1;
- unsigned int i;
+ int i;
SFTKSearchResults smime_search;
CK_ATTRIBUTE smime_template[2];
CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME;
SFTKAttribute *attribute = NULL;
SFTKObject *object = NULL;
CK_RV crv = CKR_OK;
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -68,17 +68,16 @@ static void sftk_Null(void *data, PRBool
#define SEC_PRINT(str1, str2, num, sitem) \
printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
str1, str2, num, sitem->len); \
for (i = 0; i < sitem->len; i++) { \
printf("%02x:", sitem->data[i]); \
} \
printf("\n")
#else
-#undef EC_DEBUG
#define SEC_PRINT(a, b, c, d)
#endif
#endif /* NSS_DISABLE_ECC */
/*
* free routines.... Free local type allocated data, and convert
* other free routines to the destroy signature.
*/
@@ -4077,17 +4076,17 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
* CKK_EC => CKM_ECDSA
* others => CKM_INVALID_MECHANISM
*
* None of these mechanisms has a parameter.
*/
CK_MECHANISM mech = {0, NULL, 0};
CK_ULONG modulusLen;
- CK_ULONG subPrimeLen = 0;
+ CK_ULONG subPrimeLen;
PRBool isEncryptable = PR_FALSE;
PRBool canSignVerify = PR_FALSE;
PRBool isDerivable = PR_FALSE;
CK_RV crv;
/* Variables used for Encrypt/Decrypt functions. */
unsigned char *known_message = (unsigned char *)"Known Crypto Message";
unsigned char plaintext[PAIRWISE_MESSAGE_LENGTH];
@@ -4375,16 +4374,17 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HA
RSAPrivateKey * rsaPriv;
/* DSA */
PQGParams pqgParam;
DHParams dhParam;
DSAPrivateKey * dsaPriv;
/* Diffie Hellman */
+ int private_value_bits = 0;
DHPrivateKey * dhPriv;
#ifndef NSS_DISABLE_ECC
/* Elliptic Curve Cryptography */
SECItem ecEncodedParams; /* DER Encoded parameters */
ECPrivateKey * ecPriv;
ECParams * ecParams;
#endif /* NSS_DISABLE_ECC */
@@ -4426,16 +4426,17 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HA
sftk_FreeObject(publicKey);
return CKR_HOST_MEMORY;
}
/*
* now load the private key template
*/
for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) {
if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) {
+ private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue;
continue;
}
crv = sftk_AddAttributeType(privateKey,
sftk_attr_expand(&pPrivateKeyTemplate[i]));
if (crv != CKR_OK) break;
}
@@ -4895,19 +4896,17 @@ static SECItem *sftk_PackagePrivateKey(S
NSSLOWKEYPrivateKeyInfo *pki = NULL;
SFTKAttribute *attribute = NULL;
PLArenaPool *arena = NULL;
SECOidTag algorithm = SEC_OID_UNKNOWN;
void *dummy, *param = NULL;
SECStatus rv = SECSuccess;
SECItem *encodedKey = NULL;
#ifndef NSS_DISABLE_ECC
-#ifdef EC_DEBUG
SECItem *fordebug;
-#endif
int savelen;
#endif
if(!key) {
*crvp = CKR_KEY_HANDLE_INVALID; /* really can't happen */
return NULL;
}
@@ -4970,21 +4969,19 @@ static SECItem *sftk_PackagePrivateKey(S
lk->u.ec.publicValue.len <<= 3;
savelen = lk->u.ec.ecParams.curveOID.len;
lk->u.ec.ecParams.curveOID.len = 0;
dummy = SEC_ASN1EncodeItem(arena, &pki->privateKey, lk,
nsslowkey_ECPrivateKeyTemplate);
lk->u.ec.ecParams.curveOID.len = savelen;
lk->u.ec.publicValue.len >>= 3;
-#ifdef EC_DEBUG
fordebug = &pki->privateKey;
SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType,
fordebug);
-#endif
param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding);
algorithm = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
break;
#endif /* NSS_DISABLE_ECC */
case NSSLOWKEYDHKey:
default:
@@ -5013,17 +5010,17 @@ static SECItem *sftk_PackagePrivateKey(S
rv = SECFailure;
goto loser;
}
encodedKey = SEC_ASN1EncodeItem(NULL, NULL, pki,
nsslowkey_PrivateKeyInfoTemplate);
*crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR;
-#ifdef EC_DEBUG
+#ifndef NSS_DISABLE_ECC
fordebug = encodedKey;
SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType,
fordebug);
#endif
loser:
if(arena) {
PORT_FreeArena(arena, PR_TRUE);
}
@@ -6803,17 +6800,17 @@ key_and_mac_derive_fail:
case CKM_ECDH1_DERIVE:
case CKM_ECDH1_COFACTOR_DERIVE:
{
SECItem ecScalar, ecPoint;
SECItem tmp;
PRBool withCofactor = PR_FALSE;
unsigned char *secret;
unsigned char *keyData = NULL;
- unsigned int secretlen, curveLen, pubKeyLen;
+ int secretlen, curveLen, pubKeyLen;
CK_ECDH1_DERIVE_PARAMS *mechParams;
NSSLOWKEYPrivateKey *privKey;
PLArenaPool *arena = NULL;
/* Check mechanism parameters */
mechParams = (CK_ECDH1_DERIVE_PARAMS *) pMechanism->pParameter;
if ((pMechanism->ulParameterLen != sizeof(CK_ECDH1_DERIVE_PARAMS)) ||
((mechParams->kdf == CKD_NULL) &&
--- a/lib/softoken/pkcs11u.c
+++ b/lib/softoken/pkcs11u.c
@@ -1169,36 +1169,35 @@ sftk_AddObject(SFTKSession *session, SFT
/*
* delete an object from a slot and session queue
*/
CK_RV
sftk_DeleteObject(SFTKSession *session, SFTKObject *object)
{
SFTKSlot *slot = sftk_SlotFromSession(session);
SFTKSessionObject *so = sftk_narrowToSessionObject(object);
+ SFTKTokenObject *to = sftk_narrowToTokenObject(object);
CK_RV crv = CKR_OK;
PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize);
/* Handle Token case */
if (so && so->session) {
SFTKSession *session = so->session;
PZ_Lock(session->objectLock);
sftkqueue_delete(&so->sessionList,0,session->objects,0);
PZ_Unlock(session->objectLock);
PZ_Lock(slot->objectLock);
sftkqueue_delete2(object, object->handle, index, slot->sessObjHashTable);
PZ_Unlock(slot->objectLock);
sftkqueue_clear_deleted_element(object);
sftk_FreeObject(object); /* free the reference owned by the queue */
} else {
SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle);
-#ifdef DEBUG
- SFTKTokenObject *to = sftk_narrowToTokenObject(o