diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 77619180..81c3061b 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -56,8 +56,7 @@ char *testdir = NULL; #define TIMEMARK(seconds) \ time1 = PR_SecondsToInterval(seconds); \ { \ - PRInt64 tmp, L100; \ - LL_I2L(L100, 100); \ + PRInt64 tmp; \ if (time2 == 0) { \ time2 = 1; \ } \ @@ -313,7 +312,6 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file) { unsigned char len[4]; int i; - SECStatus status; NSSBase64Encoder *cx; cx = NSSBase64Encoder_Create(output_ascii, file); for (i=0; ilen >> 16) & 0xff; len[2] = (it->len >> 8) & 0xff; len[3] = (it->len & 0xff); - status = NSSBase64Encoder_Update(cx, len, 4); - status = NSSBase64Encoder_Update(cx, it->data, it->len); + NSSBase64Encoder_Update(cx, len, 4); + NSSBase64Encoder_Update(cx, it->data, it->len); } - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(file, "\r\n", 2); + NSSBase64Encoder_Destroy(cx, PR_FALSE); + PR_Write(file, "\r\n", 2); } void @@ -1436,7 +1434,7 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) int minorMode; int i; int keylen = aesp->key.buf.len; - int blocklen = AES_BLOCK_SIZE; + unsigned int blocklen = AES_BLOCK_SIZE; PRIntervalTime time1, time2; unsigned char *params; int len; @@ -1635,6 +1633,8 @@ bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP : rsa_decryptOAEP; break; + default: + break; } return SECSuccess; } @@ -2569,8 +2569,6 @@ printPR_smpString(const char *sformat, char *reportStr, fprintf(stdout, sformat, reportStr); PR_smprintf_free(reportStr); } else { - int prnRes; - LL_L2I(prnRes, rNum); fprintf(stdout, nformat, rNum); } } @@ -2791,8 +2789,8 @@ mode_str_to_hash_alg(const SECItem *modeStr) case bltestSHA256: return HASH_AlgSHA256; case bltestSHA384: return HASH_AlgSHA384; case bltestSHA512: return HASH_AlgSHA512; + default: return HASH_AlgNULL; } - return HASH_AlgNULL; } void @@ -3004,7 +3002,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, bltestIO pt, ct; bltestCipherMode mode; bltestParams *params; - int i, j, nummodes, numtests; + unsigned int i, j, nummodes, numtests; char *modestr; char filename[256]; PLArenaPool *arena; @@ -3457,13 +3455,12 @@ static secuCommandFlag bltest_options[] = int main(int argc, char **argv) { - char *infileName, *outfileName, *keyfileName, *ivfileName; SECStatus rv = SECFailure; - double totalTime; + double totalTime = 0.0; PRIntervalTime time1, time2; PRFileDesc *outfile = NULL; - bltestCipherInfo *cipherInfoListHead, *cipherInfo; + bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL; bltestIOMode ioMode; int bufsize, exponent, curThrdNum; #ifndef NSS_DISABLE_ECC @@ -3511,8 +3508,6 @@ int main(int argc, char **argv) cipherInfo = PORT_ZNew(bltestCipherInfo); cipherInfoListHead = cipherInfo; - /* set some defaults */ - infileName = outfileName = keyfileName = ivfileName = NULL; /* Check the number of commands entered on the command line. */ commandsEntered = 0; @@ -3712,8 +3707,10 @@ int main(int argc, char **argv) fprintf(stderr, "%s: You must specify a signature file with -f.\n", progName); - print_usage: - PORT_Free(cipherInfo); +print_usage: + if (cipherInfo) { + PORT_Free(cipherInfo); + } Usage(); } diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c index 9bfa4e86..889de254 100644 --- a/security/nss/cmd/certcgi/certcgi.c +++ b/security/nss/cmd/certcgi/certcgi.c @@ -356,81 +356,6 @@ find_field_bool(Pair *data, } } -static char * -update_data_by_name(Pair *data, - char *field_name, - char *new_data) - /* replaces the data in the data structure associated with - a name with new data, returns null if not found */ -{ - int i = 0; - int found = 0; - int length = 100; - char *new; - - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - new = make_copy_string( new_data, length, '\0'); - PORT_Free(return_data(data, i)); - found = 1; - (*(data + i)).data = new; - break; - } - i++; - } - if (!found) { - new = NULL; - } - return new; -} - -static char * -update_data_by_index(Pair *data, - int n, - char *new_data) - /* replaces the data of a particular index in the data structure */ -{ - int length = 100; - char *new; - - new = make_copy_string(new_data, length, '\0'); - PORT_Free(return_data(data, n)); - (*(data + n)).data = new; - return new; -} - - -static Pair * -add_field(Pair *data, - char* field_name, - char* field_data) - /* adds a new name/data pair to the data structure */ -{ - int i = 0; - int j; - int name_length = 100; - int data_length = 100; - - while(return_name(data, i) != NULL) { - i++; - } - j = START_FIELDS; - while ( j < (i + 1) ) { - j = j * 2; - } - if (j == (i + 1)) { - data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); - if (data == NULL) { - error_allocate(); - } - } - (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); - (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); - (data + i + 1)->name = NULL; - return data; -} - - static CERTCertificateRequest * makeCertReq(Pair *form_data, int which_priv_key) @@ -527,10 +452,6 @@ MakeV1Cert(CERTCertDBHandle *handle, PRExplodedTime printableTime; PRTime now, after; - SECStatus rv; - - - if ( !selfsign ) { issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); if (!issuerCert) { @@ -539,7 +460,7 @@ MakeV1Cert(CERTCertDBHandle *handle, } } if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); + (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); } else { now = PR_Now(); } @@ -550,7 +471,7 @@ MakeV1Cert(CERTCertDBHandle *handle, PR_ExplodeTime (now, PR_GMTParameters, &printableTime); } if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); + (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); PR_ExplodeTime (after, PR_GMTParameters, &printableTime); } else { printableTime.tm_month += 3; @@ -591,7 +512,7 @@ get_serial_number(Pair *data) if (ferror(serialFile) != 0) { error_out("Error: Unable to read serial number file"); } - if (serial == 4294967295) { + if (serial == -1) { serial = 21; } fclose(serialFile); @@ -1417,52 +1338,49 @@ string_to_ipaddress(char *string) return ipaddress; } +static int +chr_to_hex(char c) { + if (isdigit(c)) { + return c - '0'; + } + if (isxdigit(c)) { + return toupper(c) - 'A' + 10; + } + return -1; +} + static SECItem * -string_to_binary(char *string) +string_to_binary(char *string) { SECItem *rv; - int high_digit; - int low_digit; rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); if (rv == NULL) { error_allocate(); } rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - while (!isxdigit(*string)) { + rv->len = 0; + while (*string && !isxdigit(*string)) { string++; } - rv->len = 0; - while (*string != '\0') { - if (isxdigit(*string)) { - if (*string >= '0' && *string <= '9') { - high_digit = *string - '0'; - } else { - *string = toupper(*string); - high_digit = *string - 'A' + 10; - } - string++; - if (*string >= '0' && *string <= '9') { - low_digit = *string - '0'; - } else { - *string = toupper(*string); - low_digit = *string - 'A' + 10; - } - (rv->len)++; - } else { - if (*string == ':') { - string++; - } else { - if (*string == ' ') { - while (*string == ' ') { - string++; - } - } - if (*string != '\0') { - error_out("ERROR: Improperly formated binary encoding"); - } - } - } + while (*string) { + int high, low; + high = chr_to_hex(*string++); + low = chr_to_hex(*string++); + if (high < 0 || low < 0) { + error_out("ERROR: Improperly formated binary encoding"); + } + rv->data[(rv->len)++] = high << 4 | low; + if (*string != ':') { + break; + } + ++string; + } + while (*string == ' ') { + ++string; + } + if (*string) { + error_out("ERROR: Junk after binary encoding"); } return rv; diff --git a/security/nss/cmd/certutil/certext.c b/security/nss/cmd/certutil/certext.c index a87b4b1f..c36bc2d2 100644 --- a/security/nss/cmd/certutil/certext.c +++ b/security/nss/cmd/certutil/certext.c @@ -987,10 +987,13 @@ AddNameConstraints(void *extHandle) GEN_BREAK(SECFailure); } - PrintChoicesAndGetAnswer("Type of Name Constraint?\n" + if (PrintChoicesAndGetAnswer("Type of Name Constraint?\n" "\t1 - permitted\n\t2 - excluded\n\tAny" "other number to finish\n\tChoice", - buffer, sizeof(buffer)); + buffer, sizeof(buffer)) != SECSuccess) { + GEN_BREAK(SECFailure); + } + intValue = PORT_Atoi(buffer); switch (intValue) { case 1: @@ -1826,11 +1829,13 @@ AddInfoAccess(void *extHandle, PRBool addSIAExt, PRBool isCACert) intValue = timeStamping; } } else { - PrintChoicesAndGetAnswer("Enter access method type " + if (PrintChoicesAndGetAnswer("Enter access method type " "for Authority Information Access extension:\n" "\t1 - CA Issuers\n\t2 - OCSP\n\tAny" "other number to finish\n\tChoice", - buffer, sizeof(buffer)); + buffer, sizeof(buffer)) != SECSuccess) { + GEN_BREAK (SECFailure); + } intValue = PORT_Atoi(buffer); } if (addSIAExt) { diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 9bf78b7f..ab22fbca 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -180,7 +180,7 @@ AddCert(PK11SlotInfo *slot, CERTCertDBHandle *handle, char *name, char *trusts, static SECStatus CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, - SECOidTag hashAlgTag, CERTName *subject, char *phone, int ascii, + SECOidTag hashAlgTag, CERTName *subject, const char *phone, int ascii, const char *emailAddrs, const char *dnsNames, certutilExtnList extnList, const char *extGeneric, /*out*/ SECItem *result) @@ -270,7 +270,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, } if (!phone) - phone = strdup("(not specified)"); + phone = "(not specified)"; email = CERT_GetCertEmailAddress(subject); if (!email) @@ -323,6 +323,7 @@ CertReq(SECKEYPrivateKey *privk, SECKEYPublicKey *pubk, KeyType keyType, } PR_smprintf_free(header); } + PORT_Free(obuf); } else { (void) SECITEM_CopyItem(NULL, result, &signedReq); } @@ -608,6 +609,27 @@ DeleteCert(CERTCertDBHandle *handle, char *name) return rv; } +static SECStatus +RenameCert(CERTCertDBHandle *handle, char *name, char *newName) +{ + SECStatus rv; + CERTCertificate *cert; + + cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); + if (!cert) { + SECU_PrintError(progName, "could not find certificate named \"%s\"", + name); + return SECFailure; + } + + rv = __PK11_SetCertificateNickname(cert, newName); + CERT_DestroyCertificate(cert); + if (rv) { + SECU_PrintError(progName, "unable to rename certificate"); + } + return rv; +} + static SECStatus ValidateCert(CERTCertDBHandle *handle, char *name, char *date, char *certUsage, PRBool checkSig, PRBool logit, @@ -983,6 +1005,8 @@ PrintSyntax(char *progName) "\t\t [-8 dns-names] [-a]\n", progName); FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); + FPS "\t%s --rename -n cert-name --new-n new-cert-name\n" + "\t\t [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n", @@ -1549,6 +1573,25 @@ static void luW(enum usage_level ul, const char *command) FPS "\n"); } +static void luRename(enum usage_level ul, const char *command) +{ + int is_my_command = (command && 0 == strcmp(command, "rename")); + if (ul == usage_all || !command || is_my_command) + FPS "%-15s Change the database nickname of a certificate\n", + "--rename"); + if (ul == usage_selected && !is_my_command) + return; + FPS "%-20s The old nickname of the cert to rename\n", + " -n cert-name"); + FPS "%-20s The new nickname of the cert to rename\n", + " --new-n new-name"); + FPS "%-20s Cert database directory (default is ~/.netscape)\n", + " -d certdir"); + FPS "%-20s Cert & Key database prefix\n", + " -P dbprefix"); + FPS "\n"); +} + static void luUpgradeMerge(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "upgrade-merge")); @@ -1711,6 +1754,7 @@ static void LongUsage(char *progName, enum usage_level ul, const char *command) luC(ul, command); luG(ul, command); luD(ul, command); + luRename(ul, command); luF(ul, command); luU(ul, command); luK(ul, command); @@ -2210,6 +2254,7 @@ enum { cmd_Batch, cmd_Merge, cmd_UpgradeMerge, /* test only */ + cmd_Rename, max_cmd }; @@ -2278,6 +2323,7 @@ enum certutilOpts { opt_AddSubjectAltNameExt, opt_DumpExtensionValue, opt_GenericExtensions, + opt_NewNickname, opt_Help }; @@ -2308,7 +2354,9 @@ secuCommandFlag commands_init[] = { /* cmd_Batch */ 'B', PR_FALSE, 0, PR_FALSE }, { /* cmd_Merge */ 0, PR_FALSE, 0, PR_FALSE, "merge" }, { /* cmd_UpgradeMerge */ 0, PR_FALSE, 0, PR_FALSE, - "upgrade-merge" } + "upgrade-merge" }, + { /* cmd_Rename */ 0, PR_FALSE, 0, PR_FALSE, + "rename" } }; #define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0])) @@ -2394,6 +2442,8 @@ secuCommandFlag options_init[] = "dump-ext-val"}, { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE, "extGeneric"}, + { /* opt_NewNickname */ 0, PR_TRUE, 0, PR_FALSE, + "new-n"}, }; #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) @@ -2419,14 +2469,15 @@ certutil_main(int argc, char **argv, PRBool initialize) PRFileDesc *outFile = PR_STDOUT; SECItem certReqDER = { siBuffer, NULL, 0 }; SECItem certDER = { siBuffer, NULL, 0 }; - char * slotname = "internal"; - char * certPrefix = ""; + const char *slotname = "internal"; + const char *certPrefix = ""; char * sourceDir = ""; - char * srcCertPrefix = ""; + const char *srcCertPrefix = ""; char * upgradeID = ""; char * upgradeTokenName = ""; KeyType keytype = rsaKey; char * name = NULL; + char * newName = NULL; char * email = NULL; char * keysource = NULL; SECOidTag hashAlgTag = SEC_OID_UNKNOWN; @@ -2533,7 +2584,7 @@ certutil_main(int argc, char **argv, PRBool initialize) if (PL_strcmp(certutil.options[opt_TokenName].arg, "all") == 0) slotname = NULL; else - slotname = PL_strdup(certutil.options[opt_TokenName].arg); + slotname = certutil.options[opt_TokenName].arg; } /* -Z hash type */ @@ -2593,7 +2644,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* -P certdb name prefix */ if (certutil.options[opt_DBPrefix].activated) { if (certutil.options[opt_DBPrefix].arg) { - certPrefix = strdup(certutil.options[opt_DBPrefix].arg); + certPrefix = certutil.options[opt_DBPrefix].arg; } else { Usage(progName); } @@ -2602,7 +2653,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* --source-prefix certdb name prefix */ if (certutil.options[opt_SourcePrefix].activated) { if (certutil.options[opt_SourcePrefix].arg) { - srcCertPrefix = strdup(certutil.options[opt_SourcePrefix].arg); + srcCertPrefix = certutil.options[opt_SourcePrefix].arg; } else { Usage(progName); } @@ -2785,6 +2836,19 @@ certutil_main(int argc, char **argv, PRBool initialize) return 255; } + /* Rename needs an old and a new nickname */ + if (certutil.commands[cmd_Rename].activated && + !(certutil.options[opt_Nickname].activated && + certutil.options[opt_NewNickname].activated)) { + + PR_fprintf(PR_STDERR, + "%s --rename: specify an old nickname (-n) and\n" + " a new nickname (--new-n).\n", + progName); + return 255; + } + + /* Upgrade/Merge needs a source database and a upgrade id. */ if (certutil.commands[cmd_UpgradeMerge].activated && !(certutil.options[opt_SourceDir].activated && @@ -2866,6 +2930,7 @@ certutil_main(int argc, char **argv, PRBool initialize) } name = SECU_GetOptionArg(&certutil, opt_Nickname); + newName = SECU_GetOptionArg(&certutil, opt_NewNickname); email = SECU_GetOptionArg(&certutil, opt_Emailaddress); PK11_SetPasswordFunc(SECU_GetModulePassword); @@ -3104,6 +3169,11 @@ merge_fail: rv = DeleteCert(certHandle, name); goto shutdown; } + /* Rename cert (--rename) */ + if (certutil.commands[cmd_Rename].activated) { + rv = RenameCert(certHandle, name, newName); + goto shutdown; + } /* Delete key (-F) */ if (certutil.commands[cmd_DeleteKey].activated) { rv = DeleteKey(name, &pwdata); diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c index 0cdd0343..c62e5637 100644 --- a/security/nss/cmd/certutil/keystuff.c +++ b/security/nss/cmd/certutil/keystuff.c @@ -133,64 +133,92 @@ UpdateRNG(void) } static const unsigned char P[] = { 0, - 0x98, 0xef, 0x3a, 0xae, 0x70, 0x98, 0x9b, 0x44, - 0xdb, 0x35, 0x86, 0xc1, 0xb6, 0xc2, 0x47, 0x7c, - 0xb4, 0xff, 0x99, 0xe8, 0xae, 0x44, 0xf2, 0xeb, - 0xc3, 0xbe, 0x23, 0x0f, 0x65, 0xd0, 0x4c, 0x04, - 0x82, 0x90, 0xa7, 0x9d, 0x4a, 0xc8, 0x93, 0x7f, - 0x41, 0xdf, 0xf8, 0x80, 0x6b, 0x0b, 0x68, 0x7f, - 0xaf, 0xe4, 0xa8, 0xb5, 0xb2, 0x99, 0xc3, 0x69, - 0xfb, 0x3f, 0xe7, 0x1b, 0xd0, 0x0f, 0xa9, 0x7a, - 0x4a, 0x04, 0xbf, 0x50, 0x9e, 0x22, 0x33, 0xb8, - 0x89, 0x53, 0x24, 0x10, 0xf9, 0x68, 0x77, 0xad, - 0xaf, 0x10, 0x68, 0xb8, 0xd3, 0x68, 0x5d, 0xa3, - 0xc3, 0xeb, 0x72, 0x3b, 0xa0, 0x0b, 0x73, 0x65, - 0xc5, 0xd1, 0xfa, 0x8c, 0xc0, 0x7d, 0xaa, 0x52, - 0x29, 0x34, 0x44, 0x01, 0xbf, 0x12, 0x25, 0xfe, - 0x18, 0x0a, 0xc8, 0x3f, 0xc1, 0x60, 0x48, 0xdb, - 0xad, 0x93, 0xb6, 0x61, 0x67, 0xd7, 0xa8, 0x2d }; + 0xc6, 0x2a, 0x47, 0x73, 0xea, 0x78, 0xfa, 0x65, + 0x47, 0x69, 0x39, 0x10, 0x08, 0x55, 0x6a, 0xdd, + 0xbf, 0x77, 0xe1, 0x9a, 0x69, 0x73, 0xba, 0x66, + 0x37, 0x08, 0x93, 0x9e, 0xdb, 0x5d, 0x01, 0x08, + 0xb8, 0x3a, 0x73, 0xe9, 0x85, 0x5f, 0xa7, 0x2b, + 0x63, 0x7f, 0xd0, 0xc6, 0x4c, 0xdc, 0xfc, 0x8b, + 0xa6, 0x03, 0xc9, 0x9c, 0x80, 0x5e, 0xec, 0xc6, + 0x21, 0x23, 0xf7, 0x8e, 0xa4, 0x7b, 0x77, 0x83, + 0x02, 0x44, 0xf8, 0x05, 0xd7, 0x36, 0x52, 0x13, + 0x57, 0x78, 0x97, 0xf3, 0x7b, 0xcf, 0x1f, 0xc9, + 0x2a, 0xa4, 0x71, 0x9d, 0xa8, 0xd8, 0x5d, 0xc5, + 0x3b, 0x64, 0x3a, 0x72, 0x60, 0x62, 0xb0, 0xb8, + 0xf3, 0xb1, 0xe7, 0xb9, 0x76, 0xdf, 0x74, 0xbe, + 0x87, 0x6a, 0xd2, 0xf1, 0xa9, 0x44, 0x8b, 0x63, + 0x76, 0x4f, 0x5d, 0x21, 0x63, 0xb5, 0x4f, 0x3c, + 0x7b, 0x61, 0xb2, 0xf3, 0xea, 0xc5, 0xd8, 0xef, + 0x30, 0x50, 0x59, 0x33, 0x61, 0xc0, 0xf3, 0x6e, + 0x21, 0xcf, 0x15, 0x35, 0x4a, 0x87, 0x2b, 0xc3, + 0xf6, 0x5a, 0x1f, 0x24, 0x22, 0xc5, 0xeb, 0x47, + 0x34, 0x4a, 0x1b, 0xb5, 0x2e, 0x71, 0x52, 0x8f, + 0x2d, 0x7d, 0xa9, 0x96, 0x8a, 0x7c, 0x61, 0xdb, + 0xc0, 0xdc, 0xf1, 0xca, 0x28, 0x69, 0x1c, 0x97, + 0xad, 0xea, 0x0d, 0x9e, 0x02, 0xe6, 0xe5, 0x7d, + 0xad, 0xe0, 0x42, 0x91, 0x4d, 0xfa, 0xe2, 0x81, + 0x16, 0x2b, 0xc2, 0x96, 0x3b, 0x32, 0x8c, 0x20, + 0x69, 0x8b, 0x5b, 0x17, 0x3c, 0xf9, 0x13, 0x6c, + 0x98, 0x27, 0x1c, 0xca, 0xcf, 0x33, 0xaa, 0x93, + 0x21, 0xaf, 0x17, 0x6e, 0x5e, 0x00, 0x37, 0xd9, + 0x34, 0x8a, 0x47, 0xd2, 0x1c, 0x67, 0x32, 0x60, + 0xb6, 0xc7, 0xb0, 0xfd, 0x32, 0x90, 0x93, 0x32, + 0xaa, 0x11, 0xba, 0x23, 0x19, 0x39, 0x6a, 0x42, + 0x7c, 0x1f, 0xb7, 0x28, 0xdb, 0x64, 0xad, 0xd9 }; static const unsigned char Q[] = { 0, - 0xb5, 0xb0, 0x84, 0x8b, 0x44, 0x29, 0xf6, 0x33, - 0x59, 0xa1, 0x3c, 0xbe, 0xd2, 0x7f, 0x35, 0xa1, - 0x76, 0x27, 0x03, 0x81 }; + 0xe6, 0xa3, 0xc9, 0xc6, 0x51, 0x92, 0x8b, 0xb3, + 0x98, 0x8f, 0x97, 0xb8, 0x31, 0x0d, 0x4a, 0x03, + 0x1e, 0xba, 0x4e, 0xe6, 0xc8, 0x90, 0x98, 0x1d, + 0x3a, 0x95, 0xf4, 0xf1 }; static const unsigned char G[] = { - 0x04, 0x0e, 0x83, 0x69, 0xf1, 0xcd, 0x7d, 0xe5, - 0x0c, 0x78, 0x93, 0xd6, 0x49, 0x6f, 0x00, 0x04, - 0x4e, 0x0e, 0x6c, 0x37, 0xaa, 0x38, 0x22, 0x47, - 0xd2, 0x58, 0xec, 0x83, 0x12, 0x95, 0xf9, 0x9c, - 0xf1, 0xf4, 0x27, 0xff, 0xd7, 0x99, 0x57, 0x35, - 0xc6, 0x64, 0x4c, 0xc0, 0x47, 0x12, 0x31, 0x50, - 0x82, 0x3c, 0x2a, 0x07, 0x03, 0x01, 0xef, 0x30, - 0x09, 0x89, 0x82, 0x41, 0x76, 0x71, 0xda, 0x9e, - 0x57, 0x8b, 0x76, 0x38, 0x37, 0x5f, 0xa5, 0xcd, - 0x32, 0x84, 0x45, 0x8d, 0x4c, 0x17, 0x54, 0x2b, - 0x5d, 0xc2, 0x6b, 0xba, 0x3e, 0xa0, 0x7b, 0x95, - 0xd7, 0x00, 0x42, 0xf7, 0x08, 0xb8, 0x83, 0x87, - 0x60, 0xe1, 0xe5, 0xf4, 0x1a, 0x54, 0xc2, 0x20, - 0xda, 0x38, 0x3a, 0xd1, 0xb6, 0x10, 0xf4, 0xcb, - 0x35, 0xda, 0x97, 0x92, 0x87, 0xd6, 0xa5, 0x37, - 0x62, 0xb4, 0x93, 0x4a, 0x15, 0x21, 0xa5, 0x10 }; + 0x70, 0x32, 0x58, 0x5d, 0xb3, 0xbf, 0xc3, 0x62, + 0x63, 0x0b, 0xf8, 0xa5, 0xe1, 0xed, 0xeb, 0x79, + 0xac, 0x18, 0x41, 0x64, 0xb3, 0xda, 0x4c, 0xa7, + 0x92, 0x63, 0xb1, 0x33, 0x7c, 0xcb, 0x43, 0xdc, + 0x1f, 0x38, 0x63, 0x5e, 0x0e, 0x6d, 0x45, 0xd1, + 0xc9, 0x67, 0xf3, 0xcf, 0x3d, 0x2d, 0x16, 0x4e, + 0x92, 0x16, 0x06, 0x59, 0x29, 0x89, 0x6f, 0x54, + 0xff, 0xc5, 0x71, 0xc8, 0x3a, 0x95, 0x84, 0xb6, + 0x7e, 0x7b, 0x1e, 0x8b, 0x47, 0x9d, 0x7a, 0x3a, + 0x36, 0x9b, 0x70, 0x2f, 0xd1, 0xbd, 0xef, 0xe8, + 0x3a, 0x41, 0xd4, 0xf3, 0x1f, 0x81, 0xc7, 0x1f, + 0x96, 0x7c, 0x30, 0xab, 0xf4, 0x7a, 0xac, 0x93, + 0xed, 0x6f, 0x67, 0xb0, 0xc9, 0x5b, 0xf3, 0x83, + 0x9d, 0xa0, 0xd7, 0xb9, 0x01, 0xed, 0x28, 0xae, + 0x1c, 0x6e, 0x2e, 0x48, 0xac, 0x9f, 0x7d, 0xf3, + 0x00, 0x48, 0xee, 0x0e, 0xfb, 0x7e, 0x5e, 0xcb, + 0xf5, 0x39, 0xd8, 0x92, 0x90, 0x61, 0x2d, 0x1e, + 0x3c, 0xd3, 0x55, 0x0d, 0x34, 0xd1, 0x81, 0xc4, + 0x89, 0xea, 0x94, 0x2b, 0x56, 0x33, 0x73, 0x58, + 0x48, 0xbf, 0x23, 0x72, 0x19, 0x5f, 0x19, 0xac, + 0xff, 0x09, 0xc8, 0xcd, 0xab, 0x71, 0xef, 0x9e, + 0x20, 0xfd, 0xe3, 0xb8, 0x27, 0x9e, 0x65, 0xb1, + 0x85, 0xcd, 0x88, 0xfe, 0xd4, 0xd7, 0x64, 0x4d, + 0xe1, 0xe8, 0xa6, 0xe5, 0x96, 0xc8, 0x5d, 0x9c, + 0xc6, 0x70, 0x6b, 0xba, 0x77, 0x4e, 0x90, 0x4a, + 0xb0, 0x96, 0xc5, 0xa0, 0x9e, 0x2c, 0x01, 0x03, + 0xbe, 0xbd, 0x71, 0xba, 0x0a, 0x6f, 0x9f, 0xe5, + 0xdb, 0x04, 0x08, 0xf2, 0x9e, 0x0f, 0x1b, 0xac, + 0xcd, 0xbb, 0x65, 0x12, 0xcf, 0x77, 0xc9, 0x7d, + 0xbe, 0x94, 0x4b, 0x9c, 0x5b, 0xde, 0x0d, 0xfa, + 0x57, 0xdd, 0x77, 0x32, 0xf0, 0x5b, 0x34, 0xfd, + 0x19, 0x95, 0x33, 0x60, 0x87, 0xe2, 0xa2, 0xf4 }; -/* h: - * 4a:76:30:89:eb:e1:81:7c:99:0b:39:7f:95:4a:65:72: - * c6:b4:05:92:48:6c:3c:b2:7e:e7:39:f3:92:7d:c1:3f: - * bf:e1:fd:b3:4a:46:3e:ce:29:80:e3:d6:f4:59:c6:92: - * 16:2b:0e:d7:d6:bb:ef:94:36:31:c2:66:46:c5:4a:77: - * aa:95:84:ef:99:7e:e3:9c:d9:a0:32:42:09:b6:4e:d0: - * b3:c8:5e:06:df:a1:ac:4d:2d:f9:08:c2:cb:4b:a4:42: - * db:8a:5b:de:25:6e:2b:5b:ca:00:75:2c:57:00:18:aa: - * 68:59:a1:94:03:07:94:78:38:bc:f8:7c:1e:1c:a3:2e - * SEED: - * b5:44:66:c9:0f:f1:ca:1c:95:45:ce:90:74:89:14:f2: - * 13:3e:23:5a:b0:6a:bf:86:ad:cb:a0:7d:ce:3b:c8:16: - * 7f:2d:a2:1a:cb:33:7d:c1:e7:d7:07:aa:1b:a2:d7:89: - * f5:a4:db:f7:8b:50:00:cd:b4:7d:25:81:3f:f8:a8:dd: - * 6c:46:e5:77:b5:60:7e:75:79:b8:99:57:c1:c4:f3:f7: - * 17:ca:43:00:b8:33:b6:06:8f:4d:91:ed:23:a5:66:1b: - * ef:14:d7:bc:21:2b:82:d8:ab:fa:fd:a7:c3:4d:bf:52: - * af:8e:57:59:61:1a:4e:65:c6:90:d6:a6:ff:0b:15:b1 - * g: 1024 - * counter: 1003 + +/* P, Q, G have been generated using the NSS makepqg utility: + * makepqg -l 2048 -g 224 -r + * (see also: bug 1170322) + * + * h: 1 (0x1) + * SEED: + * d2:0b:c5:63:1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f: + * 0e:be:d0:38:e4:78:d5:3c:7c:9e:a9:9a:d2:0b:c5:63: + * 1b:af:dc:36:b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38: + * e4:78:d5:3c:7c:9e:c7:70:d2:0b:c5:63:1b:af:dc:36: + * b7:7c:b9:3e:36:01:a0:8f:0e:be:d0:38:e4:78:d5:3c: + * 7c:9e:aa:3e + * g: 672 + * counter: 0 */ static const SECKEYPQGParams default_pqg_params = { diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c index 63beea58..235451c3 100644 --- a/security/nss/cmd/checkcert/checkcert.c +++ b/security/nss/cmd/checkcert/checkcert.c @@ -122,7 +122,6 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, SECStatus rv; VFYContext *cx; SECOidData *sigAlgOid, *oiddata; - SECOidTag sigAlgTag; SECOidTag hashAlgTag; int showDigestOid=0; @@ -134,8 +133,6 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); if (sigAlgOid == 0) return SECFailure; - sigAlgTag = sigAlgOid->offset; - if (showDigestOid) { oiddata = SECOID_FindOIDByTag(hashAlgTag); @@ -220,14 +217,12 @@ CERTCertificate *createEmptyCertificate(void) } return c; -} - - +} int main(int argc, char **argv) { - int rv, verbose=0, force=0; + int verbose=0, force=0; int ascii=0, issuerAscii=0; char *progName=0; PRFileDesc *inFile=0, *issuerCertFile=0; @@ -244,6 +239,7 @@ int main(int argc, char **argv) char *inFileName = NULL, *issuerCertFileName = NULL; PLOptState *optstate; PLOptStatus status; + SECStatus rv; PORT_Memset(&md5WithRSAEncryption, 0, sizeof(md5WithRSAEncryption)); PORT_Memset(&md2WithRSAEncryption, 0, sizeof(md2WithRSAEncryption)); @@ -389,7 +385,7 @@ int main(int argc, char **argv) SECU_RegisterDynamicOids(); rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) { fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", @@ -405,17 +401,37 @@ int main(int argc, char **argv) printf("\n"); /* Check algorithms */ - SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, + rv = SECOID_SetAlgorithmID(arena, &md5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, NULL); + if (rv) { + fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION.\n", + progName); + exit(1); + } - SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, + rv = SECOID_SetAlgorithmID(arena, &md2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, NULL); + if (rv) { + fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION.\n", + progName); + exit(1); + } - SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, + rv = SECOID_SetAlgorithmID(arena, &sha1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, NULL); + if (rv) { + fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION.\n", + progName); + exit(1); + } - SECOID_SetAlgorithmID(arena, &rsaEncryption, + rv = SECOID_SetAlgorithmID(arena, &rsaEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION, NULL); + if (rv) { + fprintf(stderr, "%s: failed to set algorithm ID for SEC_OID_PKCS1_RSA_ENCRYPTION.\n", + progName); + exit(1); + } { int isMD5RSA = (SECOID_CompareAlgorithmID(&cert->signature, diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c index 4eb16f71..1fad3249 100644 --- a/security/nss/cmd/crlutil/crlgen.c +++ b/security/nss/cmd/crlutil/crlgen.c @@ -545,7 +545,7 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; void *dummy; - void *mark; + void *mark = NULL; int code = 0; PORT_Assert(arena && dataArr); @@ -583,7 +583,9 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - PORT_ArenaRelease (arena, mark); + if (mark) { + PORT_ArenaRelease (arena, mark); + } return NULL; } @@ -595,7 +597,7 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; int length = 0; - void *mark; + void *mark = NULL; PORT_Assert(arena && dataArr); if (!arena || !dataArr) { @@ -624,7 +626,9 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - PORT_ArenaRelease(arena, mark); + if (mark) { + PORT_ArenaRelease(arena, mark); + } return NULL; } @@ -1079,7 +1083,6 @@ static SECStatus crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) { PRUint64 i = 0; - PLArenaPool *arena; PORT_Assert(crlGenData && certId); if (!crlGenData || !certId) { @@ -1087,8 +1090,6 @@ crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) return SECFailure; } - arena = crlGenData->signCrl->arena; - if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && certId) { return SECFailure; diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c index dd9f4932..d5013714 100644 --- a/security/nss/cmd/crlutil/crlutil.c +++ b/security/nss/cmd/crlutil/crlutil.c @@ -128,7 +128,7 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool dele while (crlNode) { char* asciiname = NULL; CERTCertificate *cert = NULL; - if (crlNode->crl && &crlNode->crl->crl.derName) { + if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) { cert = CERT_FindCertByName(certHandle, &crlNode->crl->crl.derName); if (!cert) { @@ -698,6 +698,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName, inFile, decodeOptions, importOptions); if (signCrl == NULL) { + rv = SECFailure; goto loser; } } @@ -705,6 +706,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, if (!cert) { cert = FindSigningCert(certHandle, signCrl, certNickName); if (cert == NULL) { + rv = SECFailure; goto loser; } } @@ -721,8 +723,10 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, outFileName); } signCrl = CreateNewCrl(arena, certHandle, cert); - if (!signCrl) + if (!signCrl) { + rv = SECFailure; goto loser; + } } rv = UpdateCrl(signCrl, inCrlInitFile); diff --git a/security/nss/cmd/crmftest/testcrmf.c b/security/nss/cmd/crmftest/testcrmf.c index ce3d7cfb..a1343436 100644 --- a/security/nss/cmd/crmftest/testcrmf.c +++ b/security/nss/cmd/crmftest/testcrmf.c @@ -127,13 +127,17 @@ debug_test(SECItem *src, char *filePath) SECStatus get_serial_number(long *dest) { - SECStatus rv; + SECStatus rv; - if (dest == NULL) { + if (dest == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; - } + } rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long)); + if (rv != SECSuccess) { + /* PK11_GenerateRandom calls PORT_SetError */ + return SECFailure; + } /* make serial number positive */ if (*dest < 0L) *dest = - *dest; @@ -937,18 +941,6 @@ DoCMMFStuff(void) return rv; } -static CK_MECHANISM_TYPE -mapWrapKeyType(KeyType keyType) -{ - switch (keyType) { - case rsaKey: - return CKM_RSA_PKCS; - default: - break; - } - return CKM_INVALID_MECHANISM; -} - #define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/ int @@ -1533,10 +1525,6 @@ main(int argc, char **argv) PRUint32 flags = 0; SECStatus rv; PRBool nssInit = PR_FALSE; - PRBool pArg = PR_FALSE; - PRBool eArg = PR_FALSE; - PRBool sArg = PR_FALSE; - PRBool PArg = PR_FALSE; memset( &signPair, 0, sizeof signPair); memset( &cryptPair, 0, sizeof cryptPair); @@ -1559,7 +1547,6 @@ main(int argc, char **argv) printf ("-p failed\n"); return 603; } - pArg = PR_TRUE; break; case 'e': recoveryEncrypter = PORT_Strdup(optstate->value); @@ -1567,7 +1554,6 @@ main(int argc, char **argv) printf ("-e failed\n"); return 602; } - eArg = PR_TRUE; break; case 's': caCertName = PORT_Strdup(optstate->value); @@ -1575,7 +1561,6 @@ main(int argc, char **argv) printf ("-s failed\n"); return 604; } - sArg = PR_TRUE; break; case 'P': password = PORT_Strdup(optstate->value); @@ -1585,7 +1570,6 @@ main(int argc, char **argv) } pwdata.source = PW_PLAINTEXT; pwdata.data = password; - PArg = PR_TRUE; break; case 'f': pwfile = PORT_Strdup(optstate->value); diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c index cdd6b1aa..1561e737 100644 --- a/security/nss/cmd/fipstest/fipstest.c +++ b/security/nss/cmd/fipstest/fipstest.c @@ -288,7 +288,7 @@ tdea_kat_mmt(char *reqfn) FILE *req; /* input stream from the REQUEST file */ FILE *resp; /* output stream to the RESPONSE file */ int i, j; - int mode; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ + int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ unsigned char key[24]; /* TDEA 3 key bundle */ unsigned int numKeys = 0; @@ -997,10 +997,10 @@ aes_kat_mmt(char *reqfn) FILE *aesreq; /* input stream from the REQUEST file */ FILE *aesresp; /* output stream to the RESPONSE file */ int i, j; - int mode; /* NSS_AES (ECB) or NSS_AES_CBC */ + int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char iv[16]; /* for all modes except ECB */ unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen; @@ -1197,7 +1197,7 @@ aes_ecb_mct(char *reqfn) int i, j; int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char plaintext[16]; /* PT[j] */ unsigned char plaintext_1[16]; /* PT[j-1] */ unsigned char ciphertext[16]; /* CT[j] */ @@ -1480,7 +1480,7 @@ aes_cbc_mct(char *reqfn) int i, j; int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char iv[16]; unsigned char plaintext[16]; /* PT[j] */ unsigned char plaintext_1[16]; /* PT[j-1] */ @@ -2103,7 +2103,7 @@ ecdsa_pkv_test(char *reqfn) ECParams *ecparams = NULL; SECItem pubkey; unsigned int i; - unsigned int len; + unsigned int len = 0; PRBool keyvalid = PR_TRUE; ecdsareq = fopen(reqfn, "r"); @@ -2360,10 +2360,10 @@ ecdsa_sigver_test(char *reqfn) char curve[16]; /* "nistxddd" */ ECPublicKey ecpub; unsigned int i, j; - unsigned int flen; /* length in bytes of the field size */ - unsigned int olen; /* length in bytes of the base point order */ + unsigned int flen = 0; /* length in bytes of the field size */ + unsigned int olen = 0; /* length in bytes of the base point order */ unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ - unsigned int msglen; + unsigned int msglen = 0; unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; @@ -2532,43 +2532,6 @@ loser: } #endif /* NSS_DISABLE_ECC */ - -/* - * Read a value from the test and allocate the result. - */ -static unsigned char * -alloc_value(char *buf, int *len) -{ - unsigned char * value; - int i, count; - - if (strncmp(buf, "", 6) == 0) { - *len = 0; - return NULL; - } - - /* find the length of the number */ - for (count = 0; isxdigit(buf[count]); count++); - *len = count/2; - - if (*len == 0) { - return NULL; - } - - value = PORT_Alloc(*len); - if (!value) { - *len = 0; - return NULL; - } - - for (i=0; i<*len; buf+=2 , i++) { - hex_to_byteval(buf, &value[i]); - } - - - return value; -} - PRBool isblankline(char *b) { @@ -2599,7 +2562,9 @@ drbg(char *reqfn) FILE *rngresp; /* output stream to the RESPONSE file */ unsigned int i, j; +#if 0 PRBool predictionResistance = PR_FALSE; +#endif unsigned char *nonce = NULL; int nonceLen = 0; unsigned char *personalizationString = NULL; @@ -2722,11 +2687,12 @@ drbg(char *reqfn) continue; } +#if 0 /* currently unsupported */ if (strncmp(buf, "[PredictionResistance", 21) == 0) { i = 21; while (isspace(buf[i]) || buf[i] == '=') { i++; - } + } if (strncmp(buf, "False", 5) == 0) { predictionResistance = PR_FALSE; } else { @@ -2736,6 +2702,7 @@ drbg(char *reqfn) fputs(buf, rngresp); continue; } +#endif if (strncmp(buf, "[EntropyInputLen", 16) == 0) { if (entropyInput) { @@ -2990,7 +2957,7 @@ rng_vst(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[DSA1_SIGNATURE_LEN]; @@ -3113,7 +3080,7 @@ rng_mct(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[2*SHA1_LENGTH]; @@ -3416,8 +3383,8 @@ SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp) void sha_test(char *reqfn) { unsigned int i, j; - unsigned int MDlen; /* the length of the Message Digest in Bytes */ - unsigned int msgLen; /* the length of the input Message in Bytes */ + unsigned int MDlen = 0; /* the length of the Message Digest in Bytes */ + unsigned int msgLen = 0; /* the length of the input Message in Bytes */ unsigned char *msg = NULL; /* holds the message to digest.*/ size_t bufSize = 25608; /*MAX buffer size */ char *buf = NULL; /* holds one line from the input REQUEST file.*/ @@ -3594,18 +3561,18 @@ void hmac_test(char *reqfn) unsigned int i, j; size_t bufSize = 400; /* MAX buffer size */ char *buf = NULL; /* holds one line from the input REQUEST file.*/ - unsigned int keyLen; /* Key Length */ + unsigned int keyLen = 0; /* Key Length */ unsigned char key[200]; /* key MAX size = 184 */ unsigned int msgLen = 128; /* the length of the input */ /* Message is always 128 Bytes */ unsigned char *msg = NULL; /* holds the message to digest.*/ - unsigned int HMACLen; /* the length of the HMAC Bytes */ - unsigned int TLen; /* the length of the requested */ + unsigned int HMACLen = 0; /* the length of the HMAC Bytes */ + unsigned int TLen = 0; /* the length of the requested */ /* truncated HMAC Bytes */ unsigned char HMAC[HASH_LENGTH_MAX]; /* computed HMAC */ unsigned char expectedHMAC[HASH_LENGTH_MAX]; /* for .fax files that have */ /* supplied known answer */ - HASH_HashType hash_alg; /* HMAC type */ + HASH_HashType hash_alg = HASH_AlgNULL; /* HMAC type */ FILE *req = NULL; /* input stream from the REQUEST file */ @@ -3901,7 +3868,7 @@ dsa_pqgver_test(char *reqfn) unsigned int i, j; PQGParams pqg; PQGVerify vfy; - unsigned int pghSize; /* size for p, g, and h */ + unsigned int pghSize = 0; /* size for p, g, and h */ dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); @@ -4234,7 +4201,7 @@ dsa_pqggen_test(char *reqfn) unsigned int j; PQGParams *pqg = NULL; PQGVerify *vfy = NULL; - unsigned int keySizeIndex; + unsigned int keySizeIndex = 0; dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c index 875b62bb..b01da4b8 100644 --- a/security/nss/cmd/httpserv/httpserv.c +++ b/security/nss/cmd/httpserv/httpserv.c @@ -339,7 +339,6 @@ static enum { static const char stopCmd[] = { "GET /stop " }; static const char getCmd[] = { "GET " }; -static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Generic Web Server\r\n" @@ -712,8 +711,8 @@ handle_connection( /* else good status response */ if (!isPost && ocspMethodsAllowed == ocspGetUnknown) { unknown = PR_TRUE; - nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ - revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ + nextUpdate = PR_Now() + (PRTime)60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ + revoDate = PR_Now() - (PRTime)60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ } } } diff --git a/security/nss/cmd/lib/basicutil.c b/security/nss/cmd/lib/basicutil.c index d6f09429..77b70b1e 100644 --- a/security/nss/cmd/lib/basicutil.c +++ b/security/nss/cmd/lib/basicutil.c @@ -241,7 +241,7 @@ void SECU_PrintAsHex(FILE *out, const SECItem *data, const char *m, int level) { unsigned i; - int column; + int column = 0; PRBool isString = PR_TRUE; PRBool isWhiteSpace = PR_TRUE; PRBool printedHex = PR_FALSE; @@ -684,7 +684,7 @@ static unsigned char nibble(char c) { SECStatus SECU_SECItemHexStringToBinary(SECItem* srcdest) { - int i; + unsigned int i; if (!srcdest) { PORT_SetError(SEC_ERROR_INVALID_ARGS); diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c index b4eb0ffb..75811df3 100644 --- a/security/nss/cmd/lib/derprint.c +++ b/security/nss/cmd/lib/derprint.c @@ -446,7 +446,7 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end } lenLen = nb + 1; if (raw) { - int i; + unsigned int i; rv = prettyPrintByte(out, lbyte, lv); if (rv < 0) diff --git a/security/nss/cmd/lib/pk11table.c b/security/nss/cmd/lib/pk11table.c index d979835a..f76dafe8 100644 --- a/security/nss/cmd/lib/pk11table.c +++ b/security/nss/cmd/lib/pk11table.c @@ -577,7 +577,7 @@ const Constant _consts[] = { }; const Constant *consts = &_consts[0]; -const int constCount = sizeof(_consts)/sizeof(_consts[0]); +const unsigned int constCount = sizeof(_consts)/sizeof(_consts[0]); const Commands _commands[] = { {"C_Initialize", F_C_Initialize, @@ -1389,7 +1389,7 @@ const int topicCount = sizeof(_topics) / sizeof(_topics[0]); const char * getName(CK_ULONG value, ConstType type) { - int i; + unsigned int i; for (i=0; i < constCount; i++) { if (consts[i].type == type && consts[i].value == value) { @@ -1409,9 +1409,9 @@ getNameFromAttribute(CK_ATTRIBUTE_TYPE type) return getName(type, ConstAttribute); } -int totalKnownType(ConstType type) { - int count = 0; - int i; +unsigned int totalKnownType(ConstType type) { + unsigned int count = 0; + unsigned int i; for (i=0; i < constCount; i++) { if (consts[i].type == type) count++; diff --git a/security/nss/cmd/lib/pk11table.h b/security/nss/cmd/lib/pk11table.h index cdc4325f..0c4052ec 100644 --- a/security/nss/cmd/lib/pk11table.h +++ b/security/nss/cmd/lib/pk11table.h @@ -162,7 +162,7 @@ extern const int valueCount; extern const char **constTypeString; extern const int constTypeCount; extern const Constant *consts; -extern const int constCount; +extern const unsigned int constCount; extern const Commands *commands; extern const int commandCount; extern const Topics *topics; @@ -174,7 +174,7 @@ getName(CK_ULONG value, ConstType type); extern const char * getNameFromAttribute(CK_ATTRIBUTE_TYPE type); -extern int totalKnownType(ConstType type); +extern unsigned int totalKnownType(ConstType type); #endif /* _PK11_TABLE_H_ */ diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 97331c9c..92f64f75 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -375,7 +375,8 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, PR_fprintf(PR_STDERR, "Invalid password.\n"); PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - return SECFailure; + rv = SECFailure; + goto done; } } else break; @@ -385,20 +386,22 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); - if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { + rv = PK11_ChangePW(slot, oldpw, newpw); + if (rv != SECSuccess) { PR_fprintf(PR_STDERR, "Failed to change password.\n"); - return SECFailure; + } else { + PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); } PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); - done: - PORT_Memset(newpw, 0, PL_strlen(newpw)); - PORT_Free(newpw); - return SECSuccess; + if (newpw) { + PORT_Memset(newpw, 0, PL_strlen(newpw)); + PORT_Free(newpw); + } + return rv; } struct matchobj { @@ -1550,7 +1553,7 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len); { - int i; + unsigned int i; for (i=0; i < c->serialNumber.len; ++i) { unsigned char *chardata = (unsigned char*)(c->serialNumber.data); unsigned char c = *(chardata + i); @@ -2417,7 +2420,6 @@ SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); CERTCertificate *c; int rv = SEC_ERROR_NO_MEMORY; - int iv; if (!arena) return rv; @@ -2743,7 +2745,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) return rv; } @@ -2862,7 +2864,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) return rv; } @@ -3192,7 +3194,7 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert, data.len = cert->derCert.len; rv = SECU_PrintSignedData(stdout, &data, label, 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) { return(SECFailure); } @@ -3283,7 +3285,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, errstr = NULL; switch (node->error) { case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; + flags = (unsigned int)((char *)node->arg - (char *)NULL); switch (flags) { case KU_DIGITAL_SIGNATURE: errstr = "Cert cannot sign."; @@ -3299,7 +3301,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, break; } case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; + flags = (unsigned int)((char *)node->arg - (char *)NULL); switch (flags) { case NS_CERT_TYPE_SSL_CLIENT: case NS_CERT_TYPE_SSL_SERVER: diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h index 36ed5a4e..ba42264b 100644 --- a/security/nss/cmd/modutil/error.h +++ b/security/nss/cmd/modutil/error.h @@ -133,25 +133,7 @@ typedef enum { LAST_MSG /* must be last */ } Message; -static char *msgStrings[] = { - "FIPS mode enabled.\n", - "FIPS mode disabled.\n", - "Using database directory %s...\n", - "Creating \"%s\"...", - "Module \"%s\" added to database.\n", - "Module \"%s\" deleted from database.\n", - "Token \"%s\" password changed successfully.\n", - "Incorrect password, try again...\n", - "Passwords do not match, try again...\n", - "done.\n", - "Slot \"%s\" %s.\n", - "Successfully changed defaults.\n", - "Successfully changed defaults.\n", -"\nWARNING: Performing this operation while the browser is running could cause" -"\ncorruption of your security databases. If the browser is currently running," -"\nyou should exit browser before continuing this operation. Type " -"\n'q ' to abort, or to continue: ", - "\nAborting...\n" -}; +/* defined in modutil.c */ +extern char *msgStrings[]; #endif /* MODUTIL_ERROR_H */ diff --git a/security/nss/cmd/modutil/install.c b/security/nss/cmd/modutil/install.c index 839cf402..283fc790 100644 --- a/security/nss/cmd/modutil/install.c +++ b/security/nss/cmd/modutil/install.c @@ -120,9 +120,10 @@ typedef struct StringNode_str { StringNode* StringNode_new() { StringNode* new_this; - new_this = (StringNode*)malloc(sizeof(StringNode)); - new_this->str=NULL; - new_this->next=NULL; + new_this = (StringNode*)PR_Malloc(sizeof(StringNode)); + PORT_Assert(new_this != NULL); + new_this->str = NULL; + new_this->next = NULL; return new_this; } diff --git a/security/nss/cmd/modutil/installparse.c b/security/nss/cmd/modutil/installparse.c index e23bbcc9..3691c638 100644 --- a/security/nss/cmd/modutil/installparse.c +++ b/security/nss/cmd/modutil/installparse.c @@ -203,7 +203,7 @@ yyparse() register char *yys; extern char *getenv(); - if (yys = getenv("YYDEBUG")) + if ((yys = getenv("YYDEBUG")) != NULL) { yyn = *yys; if (yyn >= '0' && yyn <= '9') @@ -220,7 +220,7 @@ yyparse() *yyssp = yystate = 0; yyloop: - if (yyn = yydefred[yystate]) goto yyreduce; + if ((yyn = yydefred[yystate]) != 0) goto yyreduce; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; diff --git a/security/nss/cmd/modutil/lex.Pk11Install_yy.c b/security/nss/cmd/modutil/lex.Pk11Install_yy.c index 59d9bb59..4533e0c7 100644 --- a/security/nss/cmd/modutil/lex.Pk11Install_yy.c +++ b/security/nss/cmd/modutil/lex.Pk11Install_yy.c @@ -1100,6 +1100,7 @@ register char *yy_bp; #endif /* ifndef YY_NO_UNPUT */ +#ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput() #else @@ -1171,6 +1172,7 @@ static int input() return c; } +#endif /* ifndef YY_NO_INPUT */ #ifdef YY_USE_PROTOS diff --git a/security/nss/cmd/modutil/manifest.mn b/security/nss/cmd/modutil/manifest.mn index 9929a805..a92ca68c 100644 --- a/security/nss/cmd/modutil/manifest.mn +++ b/security/nss/cmd/modutil/manifest.mn @@ -24,7 +24,7 @@ PROGRAM = modutil REQUIRES = seccmd nss dbm -DEFINES = -DNSPR20 +DEFINES = -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT # sigh #INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c index ba07bba4..64212024 100644 --- a/security/nss/cmd/modutil/modutil.c +++ b/security/nss/cmd/modutil/modutil.c @@ -122,6 +122,27 @@ static char *optionStrings[] = { "-chkfips", }; +char *msgStrings[] = { + "FIPS mode enabled.\n", + "FIPS mode disabled.\n", + "Using database directory %s...\n", + "Creating \"%s\"...", + "Module \"%s\" added to database.\n", + "Module \"%s\" deleted from database.\n", + "Token \"%s\" password changed successfully.\n", + "Incorrect password, try again...\n", + "Passwords do not match, try again...\n", + "done.\n", + "Slot \"%s\" %s.\n", + "Successfully changed defaults.\n", + "Successfully changed defaults.\n", +"\nWARNING: Performing this operation while the browser is running could cause" +"\ncorruption of your security databases. If the browser is currently running," +"\nyou should exit browser before continuing this operation. Type " +"\n'q ' to abort, or to continue: ", + "\nAborting...\n" +}; + /* Increment i if doing so would have i still be less than j. If you are able to do this, return 0. Otherwise return 1. */ #define TRY_INC(i,j) ( ((i+1)len; i++) { - unsigned char byte=item->data[i]; - appendHex(byte >> 4); - appendHex(byte & 0xf); - appendLabel(':'); - } -} - /* * append a 32 bit integer (even on a 64 bit platform). * for simplicity append it as a hex value, full extension with 0x prefix. @@ -493,7 +472,7 @@ do_list_certs(const char *progName, int log) CERTCertList *sorted; CERTCertListNode *node; CERTCertTrust trust; - int i; + unsigned int i; list = PK11_ListCerts(PK11CertListUnique, NULL); if (list == NULL) { diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c index e302bb5b..edf146a2 100644 --- a/security/nss/cmd/ocspclnt/ocspclnt.c +++ b/security/nss/cmd/ocspclnt/ocspclnt.c @@ -562,7 +562,7 @@ print_raw_certificates (FILE *out_file, SECItem **raw_certs, int level) while ((raw_cert = raw_certs[i++]) != NULL) { sprintf (cert_label, "Certificate (%d)", i); (void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); } } @@ -964,7 +964,7 @@ main (int argc, char **argv) PLOptState *optstate; SECStatus rv; CERTCertDBHandle *handle = NULL; - SECCertUsage cert_usage; + SECCertUsage cert_usage = certUsageSSLClient; PRTime verify_time; CERTCertificate *cert = NULL; PRBool ascii = PR_FALSE; diff --git a/security/nss/cmd/ocspresp/ocspresp.c b/security/nss/cmd/ocspresp/ocspresp.c index 3e977471..cbc82692 100644 --- a/security/nss/cmd/ocspresp/ocspresp.c +++ b/security/nss/cmd/ocspresp/ocspresp.c @@ -129,15 +129,12 @@ main(int argc, char **argv) SECItem *encoded = NULL; CERTOCSPResponse *decoded = NULL; - SECStatus statusDecoded; SECItem *encodedRev = NULL; CERTOCSPResponse *decodedRev = NULL; - SECStatus statusDecodedRev; SECItem *encodedFail = NULL; CERTOCSPResponse *decodedFail = NULL; - SECStatus statusDecodedFail; CERTCertificate *obtainedSignerCert = NULL; @@ -181,40 +178,47 @@ main(int argc, char **argv) encoded = encode(arena, cid, caCert); PORT_Assert(encoded); decoded = CERT_DecodeOCSPResponse(encoded); - statusDecoded = CERT_GetOCSPResponseStatus(decoded); - PORT_Assert(statusDecoded == SECSuccess); + PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decoded)); - statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, - &obtainedSignerCert, caCert); - PORT_Assert(statusDecoded == SECSuccess); - statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, - obtainedSignerCert, now); - PORT_Assert(statusDecoded == SECSuccess); + PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, + &obtainedSignerCert, caCert)); + PORT_CheckSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, + obtainedSignerCert, now)); CERT_DestroyCertificate(obtainedSignerCert); encodedRev = encodeRevoked(arena, cid, caCert); PORT_Assert(encodedRev); decodedRev = CERT_DecodeOCSPResponse(encodedRev); - statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev); - PORT_Assert(statusDecodedRev == SECSuccess); + PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decodedRev)); - statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, - &obtainedSignerCert, caCert); - PORT_Assert(statusDecodedRev == SECSuccess); - statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, + &obtainedSignerCert, caCert)); +#ifdef DEBUG + { + SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, obtainedSignerCert, now); - PORT_Assert(statusDecodedRev == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); + PORT_Assert(rv == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); + } +#else + (void)CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + obtainedSignerCert, now); +#endif CERT_DestroyCertificate(obtainedSignerCert); encodedFail = CERT_CreateEncodedOCSPErrorResponse( arena, SEC_ERROR_OCSP_TRY_SERVER_LATER); PORT_Assert(encodedFail); decodedFail = CERT_DecodeOCSPResponse(encodedFail); - statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail); - PORT_Assert(statusDecodedFail == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); - +#ifdef DEBUG + { + SECStatus rv = CERT_GetOCSPResponseStatus(decodedFail); + PORT_Assert(rv == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); + } +#else + (void)CERT_GetOCSPResponseStatus(decodedFail); +#endif retval = 0; loser: if (retval != 0) diff --git a/security/nss/cmd/oidcalc/oidcalc.c b/security/nss/cmd/oidcalc/oidcalc.c index 39d300e3..c767099a 100644 --- a/security/nss/cmd/oidcalc/oidcalc.c +++ b/security/nss/cmd/oidcalc/oidcalc.c @@ -44,13 +44,13 @@ main(int argc, char **argv) secondval = atoi(curstr); - if ( ( firstval < 0 ) || ( firstval > 2 ) ) { + if ( firstval > 2 ) { fprintf(stderr, "first component out of range\n"); exit(-1); } - if ( ( secondval < 0 ) || ( secondval > 39 ) ) { + if ( secondval > 39 ) { fprintf(stderr, "second component out of range\n"); exit(-1); } diff --git a/security/nss/cmd/p7env/p7env.c b/security/nss/cmd/p7env/p7env.c index 01b35df9..338f9cf3 100644 --- a/security/nss/cmd/p7env/p7env.c +++ b/security/nss/cmd/p7env/p7env.c @@ -130,7 +130,6 @@ main(int argc, char **argv) { char *progName; FILE *inFile, *outFile; - char *certName; CERTCertDBHandle *certHandle; struct recipient *recipients, *rcpt; PLOptState *optstate; @@ -142,7 +141,6 @@ main(int argc, char **argv) inFile = NULL; outFile = NULL; - certName = NULL; recipients = NULL; rcpt = NULL; diff --git a/security/nss/cmd/pk11gcmtest/pk11gcmtest.c b/security/nss/cmd/pk11gcmtest/pk11gcmtest.c index 35e08ef6..63f4b330 100644 --- a/security/nss/cmd/pk11gcmtest/pk11gcmtest.c +++ b/security/nss/cmd/pk11gcmtest/pk11gcmtest.c @@ -166,22 +166,22 @@ aes_gcm_kat(const char *respfn) FILE *aesresp; /* input stream from the RESPONSE file */ int i, j; unsigned int test_group = 0; - unsigned int num_tests; + unsigned int num_tests = 0; PRBool is_encrypt; unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 16; unsigned char iv[10*16]; /* 1 to 10 blocks */ - unsigned int ivsize; + unsigned int ivsize = 12; unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen = 0; unsigned char aad[10*16]; /* 1 to 10 blocks */ unsigned int aadlen = 0; unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ - unsigned int ciphertextlen; + unsigned int ciphertextlen = 0; unsigned char tag[16]; - unsigned int tagsize; + unsigned int tagsize = 16; unsigned char output[10*16]; /* 1 to 10 blocks */ - unsigned int outputlen; + unsigned int outputlen = 0; unsigned int expected_keylen = 0; unsigned int expected_ivlen = 0; diff --git a/security/nss/cmd/pk11mode/pk11mode.c b/security/nss/cmd/pk11mode/pk11mode.c index a9f89f31..ce89945a 100644 --- a/security/nss/cmd/pk11mode/pk11mode.c +++ b/security/nss/cmd/pk11mode/pk11mode.c @@ -3506,8 +3506,8 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, CK_ATTRIBUTE_PTR pTemplate; CK_ULONG tnObjects = 0; int curMode; - int i; - int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); + unsigned int i; + unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); NUMTESTS++; /* increment NUMTESTS */ @@ -4558,7 +4558,7 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession; CK_RV crv; CK_MECHANISM mk_mech; - CK_VERSION expected_version, version; + CK_VERSION version; CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE type = CKK_GENERIC_SECRET; CK_BBOOL derive_bool = true; @@ -4625,8 +4625,6 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, case CKM_TLS_MASTER_KEY_DERIVE: attrs[3].pValue = NULL; attrs[3].ulValueLen = 0; - expected_version.major = 3; - expected_version.minor = 1; mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom; mkd_params.RandomInfo.ulClientRandomLen = diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index 7b0467f2..398c0f84 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -756,7 +756,7 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot, } else if (SECU_PrintSignedData(stdout, dip->der, (dip->hasKey) ? "(has private key)" : "", - 0, SECU_PrintCertificate) != 0) { + 0, (SECU_PPFunc)SECU_PrintCertificate) != 0) { SECU_PrintError(progName,"PKCS12 print cert bag failed"); } if (dip->friendlyName != NULL) { diff --git a/security/nss/cmd/pk1sign/pk1sign.c b/security/nss/cmd/pk1sign/pk1sign.c index 5750cdb2..5f58f8c7 100644 --- a/security/nss/cmd/pk1sign/pk1sign.c +++ b/security/nss/cmd/pk1sign/pk1sign.c @@ -175,7 +175,7 @@ main(int argc, char **argv) PRFileDesc *inFile; char *keyName = NULL; CERTCertDBHandle *certHandle; - CERTCertificate *cert; + CERTCertificate *cert = NULL; PLOptState *optstate; PLOptStatus status; SECStatus rv; diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c index 31e76611..5a69a994 100644 --- a/security/nss/cmd/pp/pp.c +++ b/security/nss/cmd/pp/pp.c @@ -25,8 +25,11 @@ static void Usage(char *progName) "Usage: %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n", progName); fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n"); - fprintf(stderr, "%-14s Specify input and display type: %s (sk),\n", - "-t type", SEC_CT_PRIVATE_KEY); + fprintf(stderr, "%-14s Specify input and display type:", "-t type"); +#ifdef HAVE_EPV_TEMPLATE + fprintf(stderr, " %s (sk),", SEC_CT_PRIVATE_KEY); +#endif + fprintf(stderr, "\n"); fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY, SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID, @@ -136,7 +139,7 @@ int main(int argc, char **argv) if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 || PORT_Strcmp(typeTag, "c") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 || PORT_Strcmp(typeTag, "ci") == 0) { rv = SECU_PrintSignedContent(outFile, &data, 0, 0, diff --git a/security/nss/cmd/sdrtest/sdrtest.c b/security/nss/cmd/sdrtest/sdrtest.c index 5740876d..ba635062 100644 --- a/security/nss/cmd/sdrtest/sdrtest.c +++ b/security/nss/cmd/sdrtest/sdrtest.c @@ -71,9 +71,9 @@ long_usage (char *program_name) int readStdin(SECItem * result) { - int bufsize = 0; + unsigned int bufsize = 0; int cc; - int wanted = 8192; + unsigned int wanted = 8192U; result->len = 0; result->data = NULL; diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index d87f0de0..9509892d 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -119,16 +119,16 @@ const int ssl3CipherSuites[] = { TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ TLS_RSA_WITH_RC4_128_SHA, /* n */ - -1, /* TLS_DHE_DSS_WITH_RC4_128_SHA, * o */ - -1, /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, * p */ - -1, /* TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, * q */ - -1, /* TLS_DHE_RSA_WITH_DES_CBC_SHA, * r */ - -1, /* TLS_DHE_DSS_WITH_DES_CBC_SHA, * s */ - -1, /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA, * t */ - -1, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA, * u */ + TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */ + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */ + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, /* q */ + TLS_DHE_RSA_WITH_DES_CBC_SHA, /* r */ + TLS_DHE_DSS_WITH_DES_CBC_SHA, /* s */ + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, /* t */ + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, /* u */ TLS_RSA_WITH_AES_128_CBC_SHA, /* v */ - -1, /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA, * w */ - -1, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA, * x */ + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ TLS_RSA_WITH_NULL_SHA, /* z */ 0 @@ -141,6 +141,9 @@ static PRBool noDelay; static int requestCert; static int verbose; static SECItem bigBuf; +static int configureDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/ +static int configureReuseECDHE = -1; /* -1: don't configure, 0 refresh, >=1 reuse*/ +static int configureWeakDHE = -1; /* -1: don't configure, 0 disable, >=1 enable*/ static PRThread * acceptorThread; @@ -160,11 +163,12 @@ PrintUsageHeader(const char *progName) " [-f password_file] [-L [seconds]] [-M maxProcs] [-P dbprefix]\n" " [-V [min-version]:[max-version]] [-a sni_name]\n" " [ T ] [-A ca]\n" +" [-C SSLCacheEntries] [-S dsa_nickname]" #ifndef NSS_DISABLE_ECC -" [-C SSLCacheEntries] [-e ec_nickname]\n" -#else -" [-C SSLCacheEntries]\n" + " [-e ec_nickname]" #endif /* NSS_DISABLE_ECC */ +"\n" +" -U [0|1] -H [0|1] -W [0|1]\n" ,progName); } @@ -216,6 +220,9 @@ PrintParameterUsage() " good, revoked, unknown, failure, badsig, corrupted\n" " ocsp: fetch from external OCSP server using AIA, or none\n" "-A Nickname of a CA used to sign a stapled cert status\n" +"-U override default ECDHE ephemeral key reuse, 0: refresh, 1: reuse\n" +"-H override default DHE server support, 0: disable, 1: enable\n" +"-W override default DHE server weak parameters support, 0: disable, 1: enable\n" "-c Restrict ciphers\n" "-Y prints cipher values allowed for parameter -c and exits\n" , stderr); @@ -252,7 +259,16 @@ PrintCipherUsage(const char *progName) "l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n" "m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n" "n SSL3 RSA WITH RC4 128 SHA\n" +"o TLS_DHE_DSS_WITH_RC4_128_SHA\n" +"p TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n" +"q TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA\n" +"r TLS_DHE_RSA_WITH_DES_CBC_SHA\n" +"s TLS_DHE_DSS_WITH_DES_CBC_SHA\n" +"t TLS_DHE_DSS_WITH_AES_128_CBC_SHA\n" +"u TLS_DHE_RSA_WITH_AES_128_CBC_SHA\n" "v SSL3 RSA WITH AES 128 CBC SHA\n" +"w TLS_DHE_DSS_WITH_AES_256_CBC_SHA\n" +"x TLS_DHE_RSA_WITH_AES_256_CBC_SHA\n" "y SSL3 RSA WITH AES 256 CBC SHA\n" "z SSL3 RSA WITH NULL SHA\n" "\n" @@ -486,8 +502,8 @@ mySSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr, pwdata = SSL_RevealPinArg(fd); - for (;current && i < sniNameArrSize;i++) { - int j = 0; + for (;current && (PRUint32)i < sniNameArrSize;i++) { + unsigned int j = 0; for (;j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j];j++) { if (!PORT_Strncmp(nameArr[j], (const char *)current[i].data, @@ -1113,7 +1129,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, SECItemArray *result = NULL; SECItem *ocspResponse = NULL; CERTOCSPSingleResponse **singleResponses; - CERTOCSPSingleResponse *sr; + CERTOCSPSingleResponse *sr = NULL; CERTOCSPCertID *cid = NULL; CERTCertificate *ca; PRTime now = PR_Now(); @@ -1129,7 +1145,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, if (!cid) errExit("cannot created cid"); - nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ + nextUpdate = now + (PRTime)60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ switch (osm) { case osm_good: @@ -1144,7 +1160,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, case osm_revoked: sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now, &nextUpdate, - now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ + now - (PRTime)60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ NULL); break; default: @@ -1905,6 +1921,27 @@ server_main( } } + if (configureDHE > -1) { + rv = SSL_OptionSet(model_sock, SSL_ENABLE_SERVER_DHE, (configureDHE > 0)); + if (rv != SECSuccess) { + errExit("error configuring server side DHE support"); + } + } + + if (configureReuseECDHE > -1) { + rv = SSL_OptionSet(model_sock, SSL_REUSE_SERVER_ECDHE_KEY, (configureReuseECDHE > 0)); + if (rv != SECSuccess) { + errExit("error configuring server side reuse of ECDHE key"); + } + } + + if (configureWeakDHE > -1) { + rv = SSL_EnableWeakDHEPrimeGroup(model_sock, (configureWeakDHE > 0)); + if (rv != SECSuccess) { + errExit("error configuring weak DHE prime group"); + } + } + for (kea = kt_rsa; kea < kt_kea_size; kea++) { if (cert[kea] != NULL) { secStatus = SSL_ConfigSecureServer(model_sock, @@ -2136,6 +2173,7 @@ main(int argc, char **argv) #ifndef NSS_DISABLE_ECC char * ecNickName = NULL; #endif + char * dsaNickName = NULL; const char * fileName = NULL; char * cipherString= NULL; const char * dir = "."; @@ -2180,7 +2218,7 @@ main(int argc, char **argv) ** numbers, then capital letters, then lower case, alphabetical. */ optstate = PL_CreateOptState(argc, argv, - "2:A:BC:DEL:M:NP:RT:V:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); + "2:A:BC:DEH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { ++optionsFound; switch(optstate->option) { @@ -2194,6 +2232,7 @@ main(int argc, char **argv) case 'D': noDelay = PR_TRUE; break; case 'E': disableStepDown = PR_TRUE; break; + case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break; case 'I': /* reserved for OCSP multi-stapling */ break; @@ -2217,6 +2256,8 @@ main(int argc, char **argv) case 'R': disableRollBack = PR_TRUE; break; + case 'S': dsaNickName = PORT_Strdup(optstate->value); break; + case 'T': if (enableOCSPStapling(optstate->value) != SECSuccess) { fprintf(stderr, "Invalid OCSP stapling mode.\n"); @@ -2225,6 +2266,8 @@ main(int argc, char **argv) } break; + case 'U': configureReuseECDHE = (PORT_Atoi(optstate->value) != 0); break; + case 'V': if (SECU_ParseSSLVersionRangeString(optstate->value, enabledVersions, enableSSL2, &enabledVersions, &enableSSL2) != SECSuccess) { @@ -2232,10 +2275,12 @@ main(int argc, char **argv) } break; + case 'W': configureWeakDHE = (PORT_Atoi(optstate->value) != 0); break; + case 'Y': PrintCipherUsage(progName); exit(0); break; case 'a': if (virtServerNameIndex >= MAX_VIRT_SERVER_NAME_ARRAY_INDEX) { - Usage(progName); + Usage(progName); break; } virtServerNameArray[virtServerNameIndex++] = PORT_Strdup(optstate->value); break; @@ -2362,6 +2407,7 @@ main(int argc, char **argv) } if ((nickName == NULL) + && (dsaNickName == NULL) #ifndef NSS_DISABLE_ECC && (ecNickName == NULL) #endif @@ -2593,6 +2639,33 @@ main(int argc, char **argv) setupCertStatus(certStatusArena, ocspStaplingMode, cert[kt_rsa], kt_rsa, &pwdata); } + if (dsaNickName) { + /* Investigate if ssl_kea_dh should be changed to ssl_auth_dsa. + * See bug 102794.*/ + cert[ssl_kea_dh] = PK11_FindCertFromNickname(dsaNickName, &pwdata); + if (cert[ssl_kea_dh] == NULL) { + fprintf(stderr, "selfserv: Can't find certificate %s\n", dsaNickName); + exit(12); + } + privKey[ssl_kea_dh] = PK11_FindKeyByAnyCert(cert[ssl_kea_dh], &pwdata); + if (privKey[ssl_kea_dh] == NULL) { + fprintf(stderr, "selfserv: Can't find Private Key for cert %s\n", + dsaNickName); + exit(11); + } + if (testbypass) { + PRBool bypassOK; + if (SSL_CanBypass(cert[ssl_kea_dh], privKey[ssl_kea_dh], protos, cipherlist, + nciphers, &bypassOK, &pwdata) != SECSuccess) { + SECU_PrintError(progName, "Bypass test failed %s\n", nickName); + exit(14); + } + fprintf(stderr, "selfserv: %s can%s bypass\n", nickName, + bypassOK ? "" : "not"); + } + setupCertStatus(certStatusArena, ocspStaplingMode, cert[ssl_kea_dh], ssl_kea_dh, + &pwdata); + } #ifndef NSS_DISABLE_ECC if (ecNickName) { cert[kt_ecdh] = PK11_FindCertFromNickname(ecNickName, &pwdata); @@ -2625,6 +2698,13 @@ main(int argc, char **argv) if (testbypass) goto cleanup; + if (configureWeakDHE > 0) { + fprintf(stderr, "selfserv: Creating dynamic weak DH parameters\n"); + rv = SSL_EnableWeakDHEPrimeGroup(NULL, PR_TRUE); + fprintf(stderr, "selfserv: Done creating dynamic weak DH parameters\n"); + } + + /* allocate the array of thread slots, and launch the worker threads. */ rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads); diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c index 51604414..0a4edc11 100644 --- a/security/nss/cmd/shlibsign/shlibsign.c +++ b/security/nss/cmd/shlibsign/shlibsign.c @@ -195,6 +195,10 @@ static const unsigned char base[] = { 0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36, 0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f }; +/* + * The constants h, seed, & counter aren't used in the code; they're provided + * here (commented-out) so that human readers can verify that our our PQG + * parameters were generated properly. static const unsigned char h[] = { 0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac, 0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6, @@ -232,6 +236,7 @@ static const unsigned char seed[] = { 0x00, 0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c }; static const unsigned int counter=1496; + */ static const unsigned char prime2[] = { 0x00, 0xa4, 0xc2, 0x83, 0x4f, 0x36, 0xd3, 0x4f, 0xae, @@ -307,6 +312,10 @@ static const unsigned char base2[] = { 0x00, 0x1c, 0xd3, 0xff, 0x4e, 0x2c, 0x38, 0x1c, 0xaa, 0x2e, 0x66, 0xbe, 0x32, 0x3e, 0x3c, 0x06, 0x5f }; +/* + * The constants h2, seed2, & counter2 aren't used in the code; they're provided + * here (commented-out) so that human readers can verify that our our PQG + * parameters were generated properly. static const unsigned char h2[] = { 0x30, 0x91, 0xa1, 0x2e, 0x40, 0xa5, 0x7d, 0xf7, 0xdc, 0xed, 0xee, 0x05, 0xc2, 0x31, 0x91, 0x37, @@ -376,6 +385,7 @@ static const unsigned char seed2[] = { 0x00, 0xc3, 0x29, 0x7d, 0xb7, 0x89, 0xbf, 0xe3, 0xde }; static const unsigned int counter2=210; + */ struct tuple_str { CK_RV errNum; @@ -697,7 +707,7 @@ int main(int argc, char **argv) int bytesWritten; unsigned char file_buf[512]; int count=0; - int keySize = 0; + unsigned int keySize = 0; int i; PRBool verify = PR_FALSE; static PRBool FIPSMODE = PR_FALSE; diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c index 92c33fdb..0f7c596d 100644 --- a/security/nss/cmd/signtool/certgen.c +++ b/security/nss/cmd/signtool/certgen.c @@ -420,7 +420,6 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) SECItem der2; SECItem * result2; - void *dummy; SECOidTag alg = SEC_OID_UNKNOWN; alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN); @@ -440,7 +439,7 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) der2.len = 0; der2.data = NULL; - dummy = SEC_ASN1EncodeItem + (void)SEC_ASN1EncodeItem (cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate)); if (rv != SECSuccess) { diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c index 74a208e5..73568d1b 100644 --- a/security/nss/cmd/signtool/util.c +++ b/security/nss/cmd/signtool/util.c @@ -16,9 +16,11 @@ static int is_dir (char *filename); long *mozilla_event_queue = 0; #ifndef XP_WIN -char *XP_GetString (int i) +char *XP_GetString (int i) { - return SECU_Strerror (i); + /* nasty hackish cast to avoid changing the signature of + * JAR_init_callbacks() */ + return (char *)SECU_Strerror (i); } #endif diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c index 170420a6..8ea465ef 100644 --- a/security/nss/cmd/ssltap/ssltap.c +++ b/security/nss/cmd/ssltap/ssltap.c @@ -41,12 +41,12 @@ struct _DataBuffer; typedef struct _DataBufferList { struct _DataBuffer *first,*last; - int size; + unsigned int size; int isEncrypted; unsigned char * msgBuf; - int msgBufOffset; - int msgBufSize; - int hMACsize; + unsigned int msgBufOffset; + unsigned int msgBufSize; + unsigned int hMACsize; } DataBufferList; typedef struct _DataBuffer { @@ -566,7 +566,7 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor (PRUint32)(GET_SHORT((chv2->rndlength))), (PRUint32)(GET_SHORT((chv2->rndlength)))); PR_fprintf(PR_STDOUT," cipher-suites = { \n"); - for (p=0;pcslength));p+=3) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->cslength));p+=3) { PRUint32 cs_int = GET_24((&chv2->csuites[p])); const char *cs_str = V2CipherString(cs_int); @@ -575,17 +575,17 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor } q = p; PR_fprintf(PR_STDOUT," }\n"); - if (chv2->sidlength) { + if (GET_SHORT((chv2->sidlength))) { PR_fprintf(PR_STDOUT," session-id = { "); - for (p=0;psidlength));p+=2) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->sidlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } } q += p; PR_fprintf(PR_STDOUT,"}\n"); - if (chv2->rndlength) { + if (GET_SHORT((chv2->rndlength))) { PR_fprintf(PR_STDOUT," challenge = { "); - for (p=0;prndlength));p+=2) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->rndlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } PR_fprintf(PR_STDOUT,"}\n"); @@ -978,7 +978,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, { struct sslhandshake sslh; unsigned char * hsdata; - int offset=0; + unsigned int offset=0; PR_fprintf(PR_STDOUT," handshake {\n"); @@ -1365,7 +1365,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, offset += sslh.length + 4; } /* while */ if (offset < recordLen) { /* stuff left over */ - int newMsgLen = recordLen - offset; + unsigned int newMsgLen = recordLen - offset; if (!s->msgBuf) { s->msgBuf = PORT_Alloc(newMsgLen); if (!s->msgBuf) { diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 43d121e2..f4825050 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -498,7 +498,6 @@ init_thread_data(void) PRBool useModelSocket = PR_TRUE; -static const char stopCmd[] = { "GET /stop " }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Netscape-Enterprise/2.0a\r\n" @@ -567,8 +566,8 @@ do_writes( { PRFileDesc * ssl_sock = (PRFileDesc *)a; lockedVars * lv = (lockedVars *)b; - int sent = 0; - int count = 0; + unsigned int sent = 0; + int count = 0; while (sent < bigBuf.len) { @@ -712,7 +711,7 @@ PRInt32 lastFullHandshakePeerID; void myHandshakeCallback(PRFileDesc *socket, void *arg) { - PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32) arg); + PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL)); } #endif @@ -732,7 +731,6 @@ do_connects( PRFileDesc * tcp_sock = 0; PRStatus prStatus; PRUint32 sleepInterval = 50; /* milliseconds */ - SECStatus result; int rv = SECSuccess; PRSocketOptionData opt; @@ -839,7 +837,8 @@ retry: PR_snprintf(sockPeerIDString, sizeof(sockPeerIDString), "ID%d", thisPeerID); SSL_SetSockPeerID(ssl_sock, sockPeerIDString); - SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, (void*)thisPeerID); + SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, + (char *)NULL + thisPeerID); #else /* force a full handshake by setting the no cache option */ SSL_OptionSet(ssl_sock, SSL_NO_CACHE, 1); @@ -854,9 +853,9 @@ retry: PR_ATOMIC_INCREMENT(&numConnected); if (bigBuf.data != NULL) { - result = handle_fdx_connection( ssl_sock, tid); + (void)handle_fdx_connection( ssl_sock, tid); } else { - result = handle_connection( ssl_sock, tid); + (void)handle_connection( ssl_sock, tid); } PR_ATOMIC_DECREMENT(&numConnected); diff --git a/security/nss/cmd/symkeyutil/symkeyutil.c b/security/nss/cmd/symkeyutil/symkeyutil.c index 05de7d87..353da711 100644 --- a/security/nss/cmd/symkeyutil/symkeyutil.c +++ b/security/nss/cmd/symkeyutil/symkeyutil.c @@ -1015,8 +1015,7 @@ main(int argc, char **argv) } } if (se) { - SECStatus rv2 = PK11_FreeSlotListElement(slotList, se); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(PK11_FreeSlotListElement(slotList, se)); } PK11_FreeSlotList(slotList); } diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 72f53bad..ddfadafd 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -534,9 +534,9 @@ dumpServerCertificateChain(PRFileDesc *fd) return; } else if (dumpServerChain == 1) { - dumpFunction = SECU_PrintCertificateBasicInfo; + dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo; } else { - dumpFunction = SECU_PrintCertificate; + dumpFunction = (SECU_PPFunc)SECU_PrintCertificate; if (dumpServerChain > 2) { dumpCertPEM = PR_TRUE; } @@ -566,7 +566,7 @@ dumpServerCertificateChain(PRFileDesc *fd) PR_TRUE); } if (foundChain) { - int count = 0; + unsigned int count = 0; fprintf(stderr, "==== locally found issuer certificate(s): ====\n"); for(count = 0; count < (unsigned int)foundChain->len; count++) { CERTCertificate *c; @@ -619,7 +619,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (!serverCertAuth->shouldPause) { CERTCertificate *cert; - int i; + unsigned int i; const SECItemArray *csa; if (!serverCertAuth->testFreshStatusFromSideChannel) { @@ -644,8 +644,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (CERT_CacheOCSPResponseFromSideChannel( serverCertAuth->dbHandle, cert, PR_Now(), &csa->items[i], arg) != SECSuccess) { - PRErrorCode error = PR_GetError(); - PORT_Assert(error != 0); + PORT_Assert(PR_GetError() != 0); } } } @@ -1283,7 +1282,7 @@ int main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp; + int ctmp = 0; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/security/nss/cmd/vfychain/vfychain.c b/security/nss/cmd/vfychain/vfychain.c index 216fa365..f9f1787c 100644 --- a/security/nss/cmd/vfychain/vfychain.c +++ b/security/nss/cmd/vfychain/vfychain.c @@ -333,7 +333,7 @@ configureRevocationParams(CERTRevocationFlags *flags) int i; unsigned int testType = REVCONFIG_TEST_UNDEFINED; static CERTRevocationTests *revTests = NULL; - PRUint64 *revFlags; + PRUint64 *revFlags = NULL; for(i = 0;i < REV_METHOD_INDEX_MAX;i++) { if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) { diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c index d83fc395..6ee22489 100644 --- a/security/nss/cmd/vfyserv/vfyserv.c +++ b/security/nss/cmd/vfyserv/vfyserv.c @@ -510,7 +510,7 @@ main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp; + int ctmp = 0; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c index 15f0d978..686c7b13 100644 --- a/security/nss/cmd/vfyserv/vfyutil.c +++ b/security/nss/cmd/vfyserv/vfyutil.c @@ -603,7 +603,7 @@ void dumpCertChain(CERTCertificate *cert, SECCertUsage usage) { CERTCertificateList *certList; - int count = 0; + unsigned int count = 0; certList = CERT_CertChainFromCert(cert, usage, PR_TRUE); if (certList == NULL) { diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 6567f25f..414aef53 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -125,14 +125,58 @@ ifdef MOZ_DEBUG_SYMBOLS endif endif +ifndef COMPILER_TAG +COMPILER_TAG = _$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') +CCC_COMPILER_TAG = _$(shell $(CCC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') +endif ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc +ifeq ($(COMPILER_TAG),_clang) +# -Qunused-arguments : clang objects to arguments that it doesn't understand +# and fixing this would require rearchitecture +# -Wno-parentheses-equality : because clang warns about macro expansions +OS_CFLAGS += -Qunused-arguments -Wno-parentheses-equality +ifdef BUILD_OPT +# clang is unable to handle glib's expansion of strcmp and similar for optimized +# builds, so ignore the resulting errors. +# See https://llvm.org/bugs/show_bug.cgi?id=20144 +OS_CFLAGS += -Wno-array-bounds -Wno-unevaluated-expression +endif +# Clang reports its version as an older gcc, but it's OK +NSS_HAS_GCC48 = true +endif + +# Check for the existence of gcc 4.8 +ifndef NSS_HAS_GCC48 +define GCC48_TEST = +int main() {\n +#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)\n + return 1;\n +#else\n + return 0;\n +#endif\n +}\n +endef +TEST_GCC48 := /tmp/test_gcc48_$(shell echo $$$$) +NSS_HAS_GCC48 := (,$(shell echo -e "$(GCC48_TEST)" > $(TEST_GCC48).c && \ + $(CC) -o $(TEST_GCC48) $(TEST_GCC48).c && \ + $(TEST_GCC48) && echo true || echo false; \ + rm -f $(TEST_GCC48) $(TEST_GCC48).c)) +export NSS_HAS_GCC48 +endif + +ifeq (true,$(NSS_HAS_GCC48)) +# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. +# Here, we disable use of that #pragma and the warnings it suppresses. +OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable +endif + ifdef USE_PTHREADS DEFINES += -D_REENTRANT endif diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index bf46a83e..7fe950a3 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -24,8 +24,9 @@ else CC = cl CCC = cl LINK = link + LDFLAGS += -nologo AR = lib - AR += -NOLOGO -OUT:$@ + AR += -nologo -OUT:$@ RANLIB = echo BSDECHO = echo RC = rc.exe @@ -103,10 +104,7 @@ endif DLL_SUFFIX = dll ifdef NS_USE_GCC - # The -mnop-fun-dllimport flag allows us to avoid a drawback of - # the dllimport attribute that a pointer to a function marked as - # dllimport cannot be used as as a constant address. - OS_CFLAGS += -mwindows -mms-bitfields -mnop-fun-dllimport + OS_CFLAGS += -mwindows -mms-bitfields _GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY) DLLFLAGS += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB)) ifdef BUILD_OPT @@ -195,6 +193,11 @@ ifneq ($(_MSC_VER),$(_MSC_VER_6)) -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \ -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715 + # NSS has too many of these to fix, downgrade the warning + # Disable C4267: conversion from 'size_t' to 'type', possible loss of data + # Disable C4244: conversion from 'type1' to 'type2', possible loss of data + # Disable C4018: 'expression' : signed/unsigned mismatch + OS_CFLAGS += -w44267 -w44244 -w44018 ifeq ($(_MSC_VER_GE_12),1) OS_CFLAGS += -FS endif @@ -210,12 +213,21 @@ endif ifeq (,$(filter-out x386 x86_64,$(CPU_ARCH))) ifdef USE_64 DEFINES += -D_AMD64_ + # Use subsystem 5.02 to allow running on Windows XP. + ifeq ($(_MSC_VER_GE_11),1) + LDFLAGS += -SUBSYSTEM:CONSOLE,5.02 + endif else DEFINES += -D_X86_ # VS2012 defaults to -arch:SSE2. Use -arch:IA32 to avoid requiring - # SSE2. + # SSE2. Clang-cl gets confused by -arch:IA32, so don't add it. + # (See https://llvm.org/bugs/show_bug.cgi?id=24335) + # Use subsystem 5.01 to allow running on Windows XP. ifeq ($(_MSC_VER_GE_11),1) - OS_CFLAGS += -arch:IA32 + ifneq ($(CLANG_CL),1) + OS_CFLAGS += -arch:IA32 + endif + LDFLAGS += -SUBSYSTEM:CONSOLE,5.01 endif endif endif diff --git a/security/nss/coreconf/rules.mk b/security/nss/coreconf/rules.mk index 5495b0c3..0a891ebc 100644 --- a/security/nss/coreconf/rules.mk +++ b/security/nss/coreconf/rules.mk @@ -272,6 +272,10 @@ $(IMPORT_LIBRARY): $(MAPFILE) $(IMPLIB) $@ $< $(RANLIB) $@ endif +ifeq ($(OS_ARCH),WINNT) +$(IMPORT_LIBRARY): $(LIBRARY) + cp -f $< $@ +endif ifdef SHARED_LIBRARY_LIBS ifdef BUILD_TREE @@ -433,8 +437,22 @@ endif # Please keep the next two rules in sync. # $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc - @$(MAKE_OBJDIR) + $(MAKE_OBJDIR) +ifdef STRICT_CPLUSPLUS_SUFFIX + echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc + $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc + rm -f $(OBJDIR)/t_$*.cc +else +ifdef USE_NT_C_SYNTAX + $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) +else +ifdef NEED_ABSOLUTE_PATH + $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) +else $(CCC) -o $@ -c $(CFLAGS) $< +endif +endif +endif #STRICT_CPLUSPLUS_SUFFIX $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp @$(MAKE_OBJDIR) diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index 4fdb5d0d..95d68cff 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -72,6 +72,11 @@ Delete a certificate from the certificate database. + + --rename + Change the database nickname of a certificate. + + -E Add an email certificate to the certificate database. @@ -731,6 +736,11 @@ Comma separated list of one or more of the following: + + --new-n nickname + A new nickname, used when renaming a certificate. + + --source-dir certdir Identify the certificate database directory to upgrade. diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index 6f29575d..c3fd59f8 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,5 +1,5 @@ -CERTUTIL
CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the +CERTUTIL

CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

--rename

Change the database nickname of a certificate.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using -D. Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair. You can display the public key with the command certutil -K -h tokenname.

-G

Generate a new public and private key pair within a key database. The key database should already exist; if one is not present, this command option will initialize one by default. Some smart cards can store only one key pair. If you create a new key pair for such a card, the previous pair is overwritten.

-H

Display a list of the command options and arguments.

-K

List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).

-L

List all the certificates, or display information about a named certificate, in a certificate database. @@ -120,7 +120,7 @@ PKCS #11 key Attributes. Comma separated list of key attribute flags, selected f PKCS #11 key Operation Flags. Comma separated list of one or more of the following: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} -

--source-dir certdir

Identify the certificate database directory to upgrade.

--source-prefix certdir

Give the prefix of the certificate and key databases to upgrade.

--upgrade-id uniqueID

Give the unique ID of the database to upgrade.

--upgrade-token-name name

Set the name of the token to use while it is being upgraded.

-@ pwfile

Give the name of a password file to use for the database being upgraded.

Usage and Examples

+

--new-n nickname

A new nickname, used when renaming a certificate.

--source-dir certdir

Identify the certificate database directory to upgrade.

--source-prefix certdir

Give the prefix of the certificate and key databases to upgrade.

--upgrade-id uniqueID

Give the unique ID of the database to upgrade.

--upgrade-token-name name

Set the name of the token to use while it is being upgraded.

-@ pwfile

Give the name of a password file to use for the database being upgraded.

Usage and Examples

Most of the command options in the examples listed here have more arguments available. The arguments included in these examples are the most common ones or are used to illustrate a specific scenario. Use the -H option to show the complete list of arguments for each command option.

Creating New Security Databases

Certificates, keys, and security modules related to managing certificates are stored in three related databases: diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 6ce08f2e..a7daa936 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 23 February 2015 +.\" Date: 13 August 2015 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "23 February 2015" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "13 August 2015" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -80,6 +80,11 @@ prompts for a filename\&. Delete a certificate from the certificate database\&. .RE .PP +\-\-rename +.RS 4 +Change the database nickname of a certificate\&. +.RE +.PP \-E .RS 4 Add an email certificate to the certificate database\&. @@ -1108,6 +1113,11 @@ PKCS #11 key Attributes\&. Comma separated list of key attribute flags, selected PKCS #11 key Operation Flags\&. Comma separated list of one or more of the following: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} .RE .PP +\-\-new\-n nickname +.RS 4 +A new nickname, used when renaming a certificate\&. +.RE +.PP \-\-source\-dir certdir .RS 4 Identify the certificate database directory to upgrade\&. diff --git a/security/nss/lib/base/list.c b/security/nss/lib/base/list.c index d6773d74..5f34923b 100644 --- a/security/nss/lib/base/list.c +++ b/security/nss/lib/base/list.c @@ -217,9 +217,8 @@ nsslist_add_element(nssList *list, void *data) NSS_IMPLEMENT PRStatus nssList_Add(nssList *list, void *data) { - PRStatus nssrv; NSSLIST_LOCK_IF(list); - nssrv = nsslist_add_element(list, data); + (void)nsslist_add_element(list, data); NSSLIST_UNLOCK_IF(list); return PR_SUCCESS; } diff --git a/security/nss/lib/base/tracker.c b/security/nss/lib/base/tracker.c index 95881f91..06e2baf2 100644 --- a/security/nss/lib/base/tracker.c +++ b/security/nss/lib/base/tracker.c @@ -29,7 +29,7 @@ identity_hash const void *key ) { - return (PLHashNumber)key; + return (PLHashNumber)((char *)key - (char *)NULL); } /* diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 2581be22..f282bbb9 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -2443,7 +2443,6 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, { unsigned int i; CERTCertificate **certs = NULL; - SECStatus rv; unsigned int fcerts = 0; if ( ncerts ) { @@ -2491,10 +2490,11 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, * know which cert it belongs to. But we still may try * the individual canickname from the cert itself. */ - rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL); + /* Bug 1192442 - propagate errors from these calls. */ + (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); } else { - rv = CERT_AddTempCertToPerm(certs[i], - nickname?nickname:canickname, NULL); + (void)CERT_AddTempCertToPerm(certs[i], + nickname?nickname:canickname, NULL); } PORT_Free(canickname); @@ -2511,7 +2511,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, } } - return ((fcerts || !ncerts) ? SECSuccess : SECFailure); + return (fcerts || !ncerts) ? SECSuccess : SECFailure; } /* @@ -2893,15 +2893,16 @@ CERT_LockCertRefCount(CERTCertificate *cert) void CERT_UnlockCertRefCount(CERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certRefCountLock != NULL); - prstat = PZ_Unlock(certRefCountLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certRefCountLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certRefCountLock); +#endif } static PZLock *certTrustLock = NULL; @@ -2973,15 +2974,16 @@ cert_DestroyLocks(void) void CERT_UnlockCertTrust(const CERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certTrustLock != NULL); - prstat = PZ_Unlock(certTrustLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certTrustLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certTrustLock); +#endif } diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index 9f9aa0b2..05ded136 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -627,7 +627,6 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, CERTSignedCrl *oldCrl = NULL, *crl = NULL; PRBool deleteOldCrl = PR_FALSE; CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; - SECStatus rv; PORT_Assert(newCrl); PORT_Assert(derCrl); @@ -640,8 +639,8 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, /* we can't use the cache here because we must look in the same token */ - rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, - &oldCrl, CRL_DECODE_SKIP_ENTRIES); + (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, + &oldCrl, CRL_DECODE_SKIP_ENTRIES); /* if there is an old crl on the token, make sure the one we are installing is newer. If not, exit out, otherwise delete the old crl. @@ -2693,7 +2692,7 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer, } if (SECFailure == rv) { - SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); + (void)CERT_FindCRLEntryReasonExten(entry, &reason); PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); } break; @@ -3050,7 +3049,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, { NamedCRLCacheEntry* oldEntry, * newEntry = NULL; NamedCRLCache* ncc = NULL; - SECStatus rv = SECSuccess, rv2; + SECStatus rv = SECSuccess; PORT_Assert(namedCRLCache.lock); PORT_Assert(namedCRLCache.entries); @@ -3088,8 +3087,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, (void*) newEntry)) { PORT_Assert(0); - rv2 = NamedCRLCacheEntry_Destroy(newEntry); - PORT_Assert(SECSuccess == rv2); + NamedCRLCacheEntry_Destroy(newEntry); rv = SECFailure; } } @@ -3112,8 +3110,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - rv2 = NamedCRLCacheEntry_Destroy(oldEntry); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3160,8 +3157,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - rv2 = NamedCRLCacheEntry_Destroy(oldEntry); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3173,8 +3169,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } } } - rv2 = cert_ReleaseNamedCRLCache(ncc); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(cert_ReleaseNamedCRLCache(ncc)); return rv; } diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index e3bc11d5..6529a6a0 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -67,16 +67,6 @@ static const SEC_ASN1Template CERTOtherNameTemplate[] = { sizeof(CERTGeneralName) } }; -static const SEC_ASN1Template CERTOtherName2Template[] = { - { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 , - 0, NULL, sizeof(CERTGeneralName) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) }, - { SEC_ASN1_ANY, - offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) }, - { 0, } -}; - static const SEC_ASN1Template CERT_RFC822NameTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 , offsetof(CERTGeneralName, name.other), @@ -684,7 +674,7 @@ loser: return NULL; } -CERTNameConstraint * +static CERTNameConstraint * cert_DecodeNameConstraintSubTree(PLArenaPool *arena, SECItem **subTree, PRBool permited) @@ -701,15 +691,17 @@ cert_DecodeNameConstraintSubTree(PLArenaPool *arena, if (current == NULL) { goto loser; } - if (last == NULL) { - first = last = current; + if (first == NULL) { + first = current; + } else { + current->l.prev = &(last->l); + last->l.next = &(current->l); } - current->l.prev = &(last->l); - current->l.next = last->l.next; - last->l.next = &(current->l); + last = current; i++; } - first->l.prev = &(current->l); + first->l.prev = &(last->l); + last->l.next = &(first->l); /* TODO: unmark arena */ return first; loser: diff --git a/security/nss/lib/certdb/secname.c b/security/nss/lib/certdb/secname.c index d070bbfc..88a0cf75 100644 --- a/security/nss/lib/certdb/secname.c +++ b/security/nss/lib/certdb/secname.c @@ -240,14 +240,6 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from) return 0; } -/************************************************************************/ -/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */ -static const SEC_ASN1Template cert_RDNTemplate[] = { - { SEC_ASN1_SET_OF, - offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } -}; - - CERTRDN * CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...) { diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c index 74651baf..b06b7af3 100644 --- a/security/nss/lib/certhigh/certhigh.c +++ b/security/nss/lib/certhigh/certhigh.c @@ -24,8 +24,6 @@ CERT_MatchNickname(char *name1, char *name2) { char *nickname2 = NULL; char *token1; char *token2; - char *token = NULL; - int len; /* first deal with the straight comparison */ if (PORT_Strcmp(name1, name2) == 0) { @@ -40,20 +38,17 @@ CERT_MatchNickname(char *name1, char *name2) { return PR_FALSE; } if (token1) { - token=name1; nickname1=token1; nickname2=name2; } else { - token=name2; nickname1=token2; nickname2=name1; } - len = nickname1-token; nickname1++; if (PORT_Strcmp(nickname1,nickname2) != 0) { return PR_FALSE; } - /* compare the other token with the internal slot here */ + /* Bug 1192443 - compare the other token with the internal slot here */ return PR_TRUE; } diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index dcb2dbf2..35f841e5 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -1412,13 +1412,13 @@ setRevocationMethod(PKIX_RevocationChecker *revChecker, { PKIX_UInt32 methodFlags = 0; PKIX_Error *error = NULL; - int priority = 0; + PKIX_UInt32 priority = 0; - if (revTest->number_of_defined_methods <= certRevMethod) { + if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) { return NULL; } if (revTest->preferred_methods) { - int i = 0; + unsigned int i = 0; for (;i < revTest->number_of_preferred_methods;i++) { if (revTest->preferred_methods[i] == certRevMethod) break; diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index 59b341f1..86ae0a06 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -559,14 +559,19 @@ ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item) * because of an allocation failure, or it could get removed because we're * cleaning up. */ - PRBool couldRemoveFromHashTable; OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread())); PR_EnterMonitor(OCSP_Global.monitor); ocsp_RemoveCacheItemFromLinkedList(cache, item); - couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, - item->certID); - PORT_Assert(couldRemoveFromHashTable); +#ifdef DEBUG + { + PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, + item->certID); + PORT_Assert(couldRemoveFromHashTable); + } +#else + PL_HashTableRemove(cache->entries, item->certID); +#endif --cache->numberOfEntries; ocsp_FreeCacheItem(item); PR_ExitMonitor(OCSP_Global.monitor); diff --git a/security/nss/lib/certhigh/xcrldist.c b/security/nss/lib/certhigh/xcrldist.c index 286dc377..291a9d88 100644 --- a/security/nss/lib/certhigh/xcrldist.c +++ b/security/nss/lib/certhigh/xcrldist.c @@ -101,9 +101,6 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena, rv = SECFailure; break; - /* distributionPointName is omitted */ - case 0: break; - default: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); rv = SECFailure; diff --git a/security/nss/lib/ckfw/builtins/binst.c b/security/nss/lib/ckfw/builtins/binst.c index a837113b..8cb057d9 100644 --- a/security/nss/lib/ckfw/builtins/binst.c +++ b/security/nss/lib/ckfw/builtins/binst.c @@ -65,11 +65,8 @@ builtins_mdInstance_GetLibraryVersion NSSCKFWInstance *fwInstance ) { - extern const char __nss_builtins_rcsid[]; - extern const char __nss_builtins_sccsid[]; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_builtins_rcsid[0] + __nss_builtins_sccsid[0]; +#define NSS_VERSION_VARIABLE __nss_builtins_version +#include "verref.h" return nss_builtins_LibraryVersion; } diff --git a/security/nss/lib/ckfw/builtins/certdata.perl b/security/nss/lib/ckfw/builtins/certdata.perl index 56771f5c..e77decf9 100644 --- a/security/nss/lib/ckfw/builtins/certdata.perl +++ b/security/nss/lib/ckfw/builtins/certdata.perl @@ -11,7 +11,6 @@ my $o; my @objects = (); my @objsize; -$constants{CKO_DATA} = "static const CK_OBJECT_CLASS cko_data = CKO_DATA;\n"; $constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n"; $constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n"; diff --git a/security/nss/lib/ckfw/builtins/ckbiver.c b/security/nss/lib/ckfw/builtins/ckbiver.c index c8ea7a9c..41783b2f 100644 --- a/security/nss/lib/ckfw/builtins/ckbiver.c +++ b/security/nss/lib/ckfw/builtins/ckbiver.c @@ -13,14 +13,7 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_builtins_rcsid[] = "$Header: NSS Builtin Trusted Root CAs " - NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_builtins_sccsid[] = "@(#)NSS Builtin Trusted Root CAs " - NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_builtins_version[] = "Version: NSS Builtin Trusted Root CAs " + NSS_BUILTINS_LIBRARY_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/ckfw/builtins/config.mk b/security/nss/lib/ckfw/builtins/config.mk index 31b0f9b1..b385ac6f 100644 --- a/security/nss/lib/ckfw/builtins/config.mk +++ b/security/nss/lib/ckfw/builtins/config.mk @@ -30,8 +30,5 @@ INCLUDES += -I. # To create a loadable module on Darwin, we must use -bundle. # ifeq ($(OS_TARGET),Darwin) -ifndef USE_64 DSO_LDOPTS = -bundle endif -endif - diff --git a/security/nss/lib/ckfw/builtins/nssckbi.h b/security/nss/lib/ckfw/builtins/nssckbi.h index baa75470..1d261dff 100644 --- a/security/nss/lib/ckfw/builtins/nssckbi.h +++ b/security/nss/lib/ckfw/builtins/nssckbi.h @@ -45,8 +45,8 @@ * of the comment in the CK_VERSION type definition. */ #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2 -#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 4 -#define NSS_BUILTINS_LIBRARY_VERSION "2.4" +#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 5 +#define NSS_BUILTINS_LIBRARY_VERSION "2.5" /* These version numbers detail the semantic changes to the ckfw engine. */ #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1 diff --git a/security/nss/lib/ckfw/capi/ckcapiver.c b/security/nss/lib/ckfw/capi/ckcapiver.c index cddf6c46..54e48875 100644 --- a/security/nss/lib/ckfw/capi/ckcapiver.c +++ b/security/nss/lib/ckfw/capi/ckcapiver.c @@ -12,14 +12,7 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_ckcapi_rcsid[] = "$Header: NSS Access to Microsoft Certificate Store " - NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_ckcapi_sccsid[] = "@(#)NSS Access to Microsoft Certificate Store " - NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_ckcapi_version[] = "Version: NSS Access to Microsoft Certificate Store " + NSS_CKCAPI_LIBRARY_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/ckfw/capi/config.mk b/security/nss/lib/ckfw/capi/config.mk index 5f064fb9..ec0a8627 100644 --- a/security/nss/lib/ckfw/capi/config.mk +++ b/security/nss/lib/ckfw/capi/config.mk @@ -27,8 +27,5 @@ endif # To create a loadable module on Darwin, we must use -bundle. # ifeq ($(OS_TARGET),Darwin) -ifndef USE_64 DSO_LDOPTS = -bundle endif -endif - diff --git a/security/nss/lib/ckfw/hash.c b/security/nss/lib/ckfw/hash.c index 51f53b1a..e4f6ce2b 100644 --- a/security/nss/lib/ckfw/hash.c +++ b/security/nss/lib/ckfw/hash.c @@ -48,9 +48,7 @@ nss_ckfw_identity_hash const void *key ) { - PRUint32 i = (PRUint32)key; - PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); - return (PLHashNumber)i; + return (PLHashNumber)((char *)key - (char *)NULL); } /* diff --git a/security/nss/lib/ckfw/nssmkey/ckmkver.c b/security/nss/lib/ckfw/nssmkey/ckmkver.c index e30fd987..0f689763 100644 --- a/security/nss/lib/ckfw/nssmkey/ckmkver.c +++ b/security/nss/lib/ckfw/nssmkey/ckmkver.c @@ -12,14 +12,7 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_ckmk_rcsid[] = "$Header: NSS Access to the MAC OS X Key Ring " - NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_ckmk_sccsid[] = "@(#)NSS Access to the MAC OS X Key Ring " - NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_ckmk_version[] = "Version: NSS Access to the MAC OS X Key Ring " + NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/ckfw/token.c b/security/nss/lib/ckfw/token.c index aaaf1188..4a975764 100644 --- a/security/nss/lib/ckfw/token.c +++ b/security/nss/lib/ckfw/token.c @@ -1258,7 +1258,7 @@ nssCKFWToken_GetUTCTime { /* Format is YYYYMMDDhhmmss00 */ int i; - int Y, M, D, h, m, s, z; + int Y, M, D, h, m, s; static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; for( i = 0; i < 16; i++ ) { @@ -1274,7 +1274,6 @@ nssCKFWToken_GetUTCTime h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0'); m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); - z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0'); if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */ if( (M < 1) || (M > 12) ) goto badtime; diff --git a/security/nss/lib/crmf/cmmfchal.c b/security/nss/lib/crmf/cmmfchal.c index 8f7b2982..bf0b7ba3 100644 --- a/security/nss/lib/crmf/cmmfchal.c +++ b/security/nss/lib/crmf/cmmfchal.c @@ -30,7 +30,6 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}}; PK11SlotInfo *slot; PK11SymKey *symKey = NULL; - CK_OBJECT_HANDLE id; CERTSubjectPublicKeyInfo *spki = NULL; @@ -76,7 +75,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, rv = SECFailure; goto loser; } - id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); + (void)PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); /* In order to properly encrypt the data, we import as a symmetric * key, and then wrap that key. That in essence encrypts the data. * This is the method recommended in the PK11 world in order diff --git a/security/nss/lib/crmf/crmfcont.c b/security/nss/lib/crmf/crmfcont.c index cc386ea3..4e274d32 100644 --- a/security/nss/lib/crmf/crmfcont.c +++ b/security/nss/lib/crmf/crmfcont.c @@ -857,7 +857,6 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, { SECKEYPublicKey *caPubKey = NULL; CRMFEncryptedKey *encKey = NULL; - CRMFEncryptedValue *dummy; PORT_Assert(inPrivKey != NULL && inCACert != NULL); if (inPrivKey == NULL || inCACert == NULL) { @@ -873,10 +872,17 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, if (encKey == NULL) { goto loser; } - dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, - caPubKey, - &encKey->value.encryptedValue); - PORT_Assert(dummy == &encKey->value.encryptedValue); +#ifdef DEBUG + { + CRMFEncryptedValue *dummy = + crmf_create_encrypted_value_wrapped_privkey( + inPrivKey, caPubKey, &encKey->value.encryptedValue); + PORT_Assert(dummy == &encKey->value.encryptedValue); + } +#else + crmf_create_encrypted_value_wrapped_privkey( + inPrivKey, caPubKey, &encKey->value.encryptedValue); +#endif /* We won't add the der value here, but rather when it * becomes part of a certificate request. */ diff --git a/security/nss/lib/crmf/crmfi.h b/security/nss/lib/crmf/crmfi.h index 0dc9b498..fd27a9b9 100644 --- a/security/nss/lib/crmf/crmfi.h +++ b/security/nss/lib/crmf/crmfi.h @@ -52,7 +52,7 @@ struct crmfEncoderArg { SECItem *buffer; - long allocatedLen; + unsigned long allocatedLen; }; struct crmfEncoderOutput { diff --git a/security/nss/lib/crmf/crmfpop.c b/security/nss/lib/crmf/crmfpop.c index 78381bf7..2d4e3269 100644 --- a/security/nss/lib/crmf/crmfpop.c +++ b/security/nss/lib/crmf/crmfpop.c @@ -10,7 +10,7 @@ #include "keyhi.h" #include "cryptohi.h" -#define CRMF_DEFAULT_ALLOC_SIZE 1024 +#define CRMF_DEFAULT_ALLOC_SIZE 1024U SECStatus crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, @@ -33,7 +33,6 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) { - SECItem *dummy; CRMFProofOfPossession *pop; PLArenaPool *poolp; void *mark; @@ -52,9 +51,9 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) pop->popChoice.raVerified.data = NULL; pop->popChoice.raVerified.len = 0; inCertReqMsg->pop = pop; - dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), - &(pop->popChoice.raVerified), - CRMFRAVerifiedTemplate); + (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), + &(pop->popChoice.raVerified), + CRMFRAVerifiedTemplate); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); diff --git a/security/nss/lib/crmf/crmftmpl.c b/security/nss/lib/crmf/crmftmpl.c index 73d75f8b..320d5246 100644 --- a/security/nss/lib/crmf/crmftmpl.c +++ b/security/nss/lib/crmf/crmftmpl.c @@ -138,19 +138,6 @@ const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = { CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)} }; -static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) }, - { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1, - offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, - offsetof(CRMFPOPOSigningKeyInput, publicKey), - SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) }, - { 0 } -}; - const SEC_ASN1Template CRMFRAVerifiedTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN, 0, @@ -252,19 +239,3 @@ const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = { CRMFEncryptedValueTemplate}, { 0 } }; - -static const SEC_ASN1Template CRMFSinglePubInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFSinglePubInfo)}, - { SEC_ASN1_INTEGER, offsetof(CRMFSinglePubInfo, pubMethod) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC, - offsetof(CRMFSinglePubInfo, pubLocation) }, - { 0 } -}; - -static const SEC_ASN1Template CRMFPublicationInfoTemplate[] ={ - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPKIPublicationInfo) }, - { SEC_ASN1_INTEGER, offsetof(CRMFPKIPublicationInfo, action) }, - { SEC_ASN1_POINTER, offsetof(CRMFPKIPublicationInfo, pubInfos), - CRMFSinglePubInfoTemplate}, - { 0 } -}; diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h index 88a77f15..411ea00e 100644 --- a/security/nss/lib/cryptohi/keyhi.h +++ b/security/nss/lib/cryptohi/keyhi.h @@ -37,6 +37,11 @@ extern SECStatus SECKEY_CopySubjectPublicKeyInfo(PLArenaPool *arena, extern SECStatus SECKEY_UpdateCertPQG(CERTCertificate * subjectCert); +/* +** Return the number of bits in the provided big integer. This assumes that the +** SECItem contains a big-endian number and counts from the first non-zero bit. +*/ +extern unsigned SECKEY_BigIntegerBitLength(const SECItem *number); /* ** Return the strength of the public key in bytes diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index 16d2a499..db72b745 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -178,8 +178,8 @@ SECKEY_CreateDHPrivateKey(SECKEYDHParams *param, SECKEYPublicKey **pubk, void *c PK11SlotInfo *slot; if (!param || !param->base.data || !param->prime.data || - param->prime.len < 512/8 || param->base.len == 0 || - param->base.len > param->prime.len + 1 || + SECKEY_BigIntegerBitLength(¶m->prime) < DH_MIN_P_BITS || + param->base.len == 0 || param->base.len > param->prime.len + 1 || (param->base.len == 1 && param->base.data[0] == 0)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; @@ -941,61 +941,76 @@ SECKEY_ECParamsToBasePointOrderLen(const SECItem *encodedParams) } } +/* The number of bits in the number from the first non-zero bit onward. */ +unsigned +SECKEY_BigIntegerBitLength(const SECItem *number) +{ + const unsigned char *p; + unsigned octets; + unsigned bits; + + if (!number || !number->data) { + PORT_SetError(SEC_ERROR_INVALID_KEY); + return 0; + } + + p = number->data; + octets = number->len; + while (octets > 0 && !*p) { + ++p; + --octets; + } + if (octets == 0) { + return 0; + } + /* bits = 7..1 because we know at least one bit is set already */ + /* Note: This could do a binary search, but this is faster for keys if we + * assume that good keys will have the MSB set. */ + for (bits = 7; bits > 0; --bits) { + if (*p & (1 << bits)) { + break; + } + } + return octets * 8 + bits - 7; +} + /* returns key strength in bytes (not bits) */ unsigned SECKEY_PublicKeyStrength(const SECKEYPublicKey *pubk) { - unsigned char b0; - unsigned size; - - /* interpret modulus length as key strength */ - if (!pubk) - goto loser; - switch (pubk->keyType) { - case rsaKey: - if (!pubk->u.rsa.modulus.data) break; - b0 = pubk->u.rsa.modulus.data[0]; - return b0 ? pubk->u.rsa.modulus.len : pubk->u.rsa.modulus.len - 1; - case dsaKey: - if (!pubk->u.dsa.publicValue.data) break; - b0 = pubk->u.dsa.publicValue.data[0]; - return b0 ? pubk->u.dsa.publicValue.len : - pubk->u.dsa.publicValue.len - 1; - case dhKey: - if (!pubk->u.dh.publicValue.data) break; - b0 = pubk->u.dh.publicValue.data[0]; - return b0 ? pubk->u.dh.publicValue.len : - pubk->u.dh.publicValue.len - 1; - case ecKey: - /* Get the key size in bits and adjust */ - size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); - return (size + 7)/8; - default: - break; - } -loser: - PORT_SetError(SEC_ERROR_INVALID_KEY); - return 0; + return (SECKEY_PublicKeyStrengthInBits(pubk) + 7) / 8; } /* returns key strength in bits */ unsigned SECKEY_PublicKeyStrengthInBits(const SECKEYPublicKey *pubk) { - unsigned size; + unsigned bitSize = 0; + + if (!pubk) { + PORT_SetError(SEC_ERROR_INVALID_KEY); + return 0; + } + + /* interpret modulus length as key strength */ switch (pubk->keyType) { case rsaKey: + bitSize = SECKEY_BigIntegerBitLength(&pubk->u.rsa.modulus); + break; case dsaKey: + bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dsa.publicValue); + break; case dhKey: - return SECKEY_PublicKeyStrength(pubk) * 8; /* 1 byte = 8 bits */ + bitSize = SECKEY_BigIntegerBitLength(&pubk->u.dh.publicValue); + break; case ecKey: - size = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); - return size; + bitSize = SECKEY_ECParamsToKeySize(&pubk->u.ec.DEREncodedParams); + break; default: - break; + PORT_SetError(SEC_ERROR_INVALID_KEY); + break; } - PORT_SetError(SEC_ERROR_INVALID_KEY); - return 0; + return bitSize; } /* returns signature length in bytes (not bits) */ @@ -1550,7 +1565,7 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, * this yet. */ PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len); - PORT_Memset((char *)pvk, 0, sizeof(*pvk)); + PORT_Memset(pvk, 0, sizeof(*pvk)); if(freeit == PR_TRUE) { PORT_FreeArena(poolp, PR_TRUE); } else { @@ -1560,7 +1575,7 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, SECITEM_ZfreeItem(&pvk->version, PR_FALSE); SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE); SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE); - PORT_Memset((char *)pvk, 0, sizeof(*pvk)); + PORT_Memset(pvk, 0, sizeof(*pvk)); if(freeit == PR_TRUE) { PORT_Free(pvk); } @@ -1581,7 +1596,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, * this yet. */ PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len); - PORT_Memset((char *)epki, 0, sizeof(*epki)); + PORT_Memset(epki, 0, sizeof(*epki)); if(freeit == PR_TRUE) { PORT_FreeArena(poolp, PR_TRUE); } else { @@ -1590,7 +1605,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, } else { SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE); SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE); - PORT_Memset((char *)epki, 0, sizeof(*epki)); + PORT_Memset(epki, 0, sizeof(*epki)); if(freeit == PR_TRUE) { PORT_Free(epki); } diff --git a/security/nss/lib/dbm/config/config.mk b/security/nss/lib/dbm/config/config.mk index 535c62e7..9ad98af8 100644 --- a/security/nss/lib/dbm/config/config.mk +++ b/security/nss/lib/dbm/config/config.mk @@ -25,10 +25,6 @@ ifdef HAVE_SNPRINTF DEFINES += -DHAVE_SNPRINTF endif -ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) -DEFINES += -DHAVE_SYS_CDEFS_H -endif - ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) DEFINES += -DHAVE_SYS_BYTEORDER_H endif diff --git a/security/nss/lib/dbm/include/cdefs.h b/security/nss/lib/dbm/include/cdefs.h deleted file mode 100644 index 6df5a80e..00000000 --- a/security/nss/lib/dbm/include/cdefs.h +++ /dev/null @@ -1,126 +0,0 @@ -/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Berkeley Software Design, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)cdefs.h 8.7 (Berkeley) 1/21/94 - */ - -#ifndef _CDEFS_H_ -#define _CDEFS_H_ - -#if defined(__cplusplus) -#define __BEGIN_DECLS extern "C" { -#define __END_DECLS } -#else -#define __BEGIN_DECLS -#define __END_DECLS -#endif - -/* - * The __CONCAT macro is used to concatenate parts of symbol names, e.g. - * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. - * The __CONCAT macro is a bit tricky -- make sure you don't put spaces - * in between its arguments. __CONCAT can also concatenate double-quoted - * strings produced by the __STRING macro, but this only works with ANSI C. - */ -#if defined(__STDC__) || defined(__cplusplus) || defined(_WINDOWS) || defined(XP_OS2) -#define __P(protos) protos /* full-blown ANSI C */ -#define __CONCAT(x,y) x ## y -#define __STRING(x) #x - -/* On HP-UX 11.00, defines __const. */ -#ifndef __const -#define __const const /* define reserved names to standard */ -#endif /* __const */ -#define __signed signed -#define __volatile volatile -#ifndef _WINDOWS -#if defined(__cplusplus) -#define __inline inline /* convert to C++ keyword */ -#else -#if !defined(__GNUC__) && !defined(__MWERKS__) -#define __inline /* delete GCC keyword */ -#endif /* !__GNUC__ */ -#endif /* !__cplusplus */ -#endif /* !_WINDOWS */ - -#else /* !(__STDC__ || __cplusplus) */ -#define __P(protos) () /* traditional C preprocessor */ -#define __CONCAT(x,y) x/**/y -#define __STRING(x) "x" - -#ifndef __GNUC__ -#define __const /* delete pseudo-ANSI C keywords */ -#define __inline -#define __signed -#define __volatile -/* - * In non-ANSI C environments, new programs will want ANSI-only C keywords - * deleted from the program and old programs will want them left alone. - * When using a compiler other than gcc, programs using the ANSI C keywords - * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. - * When using "gcc -traditional", we assume that this is the intent; if - * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. - */ -#ifndef NO_ANSI_KEYWORDS -#define const /* delete ANSI C keywords */ -#define inline -#define signed -#define volatile -#endif -#endif /* !__GNUC__ */ -#endif /* !(__STDC__ || __cplusplus) */ - -/* - * GCC1 and some versions of GCC2 declare dead (non-returning) and - * pure (no side effects) functions using "volatile" and "const"; - * unfortunately, these then cause warnings under "-ansi -pedantic". - * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of - * these work for GNU C++ (modulo a slight glitch in the C++ grammar - * in the distribution version of 2.5.5). - */ -#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5 -#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */ -#if defined(__GNUC__) && !defined(__STRICT_ANSI__) -#define __dead __volatile -#define __pure __const -#endif -#endif - -/* Delete pseudo-keywords wherever they are not available or needed. */ -#ifndef __dead -#define __dead -#define __pure -#endif - -#endif /* !_CDEFS_H_ */ diff --git a/security/nss/lib/dbm/include/manifest.mn b/security/nss/lib/dbm/include/manifest.mn index da971b3c..64b6fdac 100644 --- a/security/nss/lib/dbm/include/manifest.mn +++ b/security/nss/lib/dbm/include/manifest.mn @@ -8,8 +8,7 @@ CORE_DEPTH = ../../.. MODULE = dbm -EXPORTS = cdefs.h \ - mcom_db.h \ +EXPORTS = mcom_db.h \ ncompat.h \ winfile.h \ $(NULL) @@ -19,7 +18,6 @@ PRIVATE_EXPORTS = hsearch.h \ extern.h \ queue.h \ hash.h \ - mpool.h \ search.h \ $(NULL) diff --git a/security/nss/lib/dbm/include/mcom_db.h b/security/nss/lib/dbm/include/mcom_db.h index f2044846..4cca5325 100644 --- a/security/nss/lib/dbm/include/mcom_db.h +++ b/security/nss/lib/dbm/include/mcom_db.h @@ -56,12 +56,6 @@ typedef PRUint32 uint32; #ifdef __DBINTERFACE_PRIVATE -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif - #ifdef HAVE_SYS_BYTEORDER_H #include #endif diff --git a/security/nss/lib/dbm/include/mpool.h b/security/nss/lib/dbm/include/mpool.h deleted file mode 100644 index 0483d243..00000000 --- a/security/nss/lib/dbm/include/mpool.h +++ /dev/null @@ -1,97 +0,0 @@ -/*- - * Copyright (c) 1991, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. ***REMOVED*** - see - * ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)mpool.h 8.2 (Berkeley) 7/14/94 - */ - -#include - -/* - * The memory pool scheme is a simple one. Each in-memory page is referenced - * by a bucket which is threaded in up to two of three ways. All active pages - * are threaded on a hash chain (hashed by page number) and an lru chain. - * Inactive pages are threaded on a free chain. Each reference to a memory - * pool is handed an opaque MPOOL cookie which stores all of this information. - */ -#define HASHSIZE 128 -#define HASHKEY(pgno) ((pgno - 1) % HASHSIZE) - -/* The BKT structures are the elements of the queues. */ -typedef struct _bkt { - CIRCLEQ_ENTRY(_bkt) hq; /* hash queue */ - CIRCLEQ_ENTRY(_bkt) q; /* lru queue */ - void *page; /* page */ - pgno_t pgno; /* page number */ - -#define MPOOL_DIRTY 0x01 /* page needs to be written */ -#define MPOOL_PINNED 0x02 /* page is pinned into memory */ - uint8 flags; /* flags */ -} BKT; - -typedef struct MPOOL { - CIRCLEQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ - /* hash queue array */ - CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; - pgno_t curcache; /* current number of cached pages */ - pgno_t maxcache; /* max number of cached pages */ - pgno_t npages; /* number of pages in the file */ - uint32 pagesize; /* file page size */ - int fd; /* file descriptor */ - /* page in conversion routine */ - void (*pgin) (void *, pgno_t, void *); - /* page out conversion routine */ - void (*pgout) (void *, pgno_t, void *); - void *pgcookie; /* cookie for page in/out routines */ -#ifdef STATISTICS - uint32 cachehit; - uint32 cachemiss; - uint32 pagealloc; - uint32 pageflush; - uint32 pageget; - uint32 pagenew; - uint32 pageput; - uint32 pageread; - uint32 pagewrite; -#endif -} MPOOL; - -__BEGIN_DECLS -MPOOL *mpool_open (void *, int, pgno_t, pgno_t); -void mpool_filter (MPOOL *, void (*)(void *, pgno_t, void *), - void (*)(void *, pgno_t, void *), void *); -void *mpool_new (MPOOL *, pgno_t *); -void *mpool_get (MPOOL *, pgno_t, uint); -int mpool_put (MPOOL *, void *, uint); -int mpool_sync (MPOOL *); -int mpool_close (MPOOL *); -#ifdef STATISTICS -void mpool_stat (MPOOL *); -#endif -__END_DECLS diff --git a/security/nss/lib/dbm/src/h_bigkey.c b/security/nss/lib/dbm/src/h_bigkey.c index c174e32a..ed0c5020 100644 --- a/security/nss/lib/dbm/src/h_bigkey.c +++ b/security/nss/lib/dbm/src/h_bigkey.c @@ -72,8 +72,8 @@ static char sccsid[] = "@(#)hash_bigkey.c 8.3 (Berkeley) 5/31/94"; #include "page.h" /* #include "extern.h" */ -static int collect_key __P((HTAB *, BUFHEAD *, int, DBT *, int)); -static int collect_data __P((HTAB *, BUFHEAD *, int, int)); +static int collect_key(HTAB *, BUFHEAD *, int, DBT *, int); +static int collect_data(HTAB *, BUFHEAD *, int, int); /* * Big_insert diff --git a/security/nss/lib/dbm/src/h_func.c b/security/nss/lib/dbm/src/h_func.c index 8c86be64..688a794f 100644 --- a/security/nss/lib/dbm/src/h_func.c +++ b/security/nss/lib/dbm/src/h_func.c @@ -45,14 +45,14 @@ static char sccsid[] = "@(#)hash_func.c 8.2 (Berkeley) 2/21/94"; /* #include "extern.h" */ #if 0 -static uint32 hash1 __P((const void *, size_t)); -static uint32 hash2 __P((const void *, size_t)); -static uint32 hash3 __P((const void *, size_t)); +static uint32 hash1(const void *, size_t); +static uint32 hash2(const void *, size_t); +static uint32 hash3(const void *, size_t); #endif -static uint32 hash4 __P((const void *, size_t)); +static uint32 hash4(const void *, size_t); /* Global default hash function */ -uint32 (*__default_hash) __P((const void *, size_t)) = hash4; +uint32 (*__default_hash)(const void *, size_t) = hash4; /* * HASH FUNCTIONS diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c index 3b95554d..cc024947 100644 --- a/security/nss/lib/dbm/src/h_page.c +++ b/security/nss/lib/dbm/src/h_page.c @@ -89,13 +89,12 @@ static char sccsid[] = "@(#)hash_page.c 8.7 (Berkeley) 8/16/94"; extern int mkstempflags(char *path, int extraFlags); -static uint32 *fetch_bitmap __P((HTAB *, uint32)); -static uint32 first_free __P((uint32)); -static int open_temp __P((HTAB *)); -static uint16 overflow_page __P((HTAB *)); -static void squeeze_key __P((uint16 *, const DBT *, const DBT *)); -static int ugly_split - __P((HTAB *, uint32, BUFHEAD *, BUFHEAD *, int, int)); +static uint32 *fetch_bitmap(HTAB *, uint32); +static uint32 first_free(uint32); +static int open_temp(HTAB *); +static uint16 overflow_page(HTAB *); +static void squeeze_key(uint16 *, const DBT *, const DBT *); +static int ugly_split(HTAB *, uint32, BUFHEAD *, BUFHEAD *, int, int); #define PAGE_INIT(P) { \ ((uint16 *)(P))[0] = 0; \ @@ -721,23 +720,6 @@ __get_page(HTAB *hashp, PAGE_INIT(p); } else { -#ifdef DEBUG - if(BYTE_ORDER == LITTLE_ENDIAN) - { - int is_little_endian; - is_little_endian = BYTE_ORDER; - } - else if(BYTE_ORDER == BIG_ENDIAN) - { - int is_big_endian; - is_big_endian = BYTE_ORDER; - } - else - { - assert(0); - } -#endif - if (hashp->LORDER != BYTE_ORDER) { register int i, max; diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c index c7b1d181..3f9a516e 100644 --- a/security/nss/lib/dbm/src/hash.c +++ b/security/nss/lib/dbm/src/hash.c @@ -74,23 +74,23 @@ static char sccsid[] = "@(#)hash.c 8.9 (Berkeley) 6/16/94"; /* #include "extern.h" */ -static int alloc_segs __P((HTAB *, int)); -static int flush_meta __P((HTAB *)); -static int hash_access __P((HTAB *, ACTION, DBT *, DBT *)); -static int hash_close __P((DB *)); -static int hash_delete __P((const DB *, const DBT *, uint)); -static int hash_fd __P((const DB *)); -static int hash_get __P((const DB *, const DBT *, DBT *, uint)); -static int hash_put __P((const DB *, DBT *, const DBT *, uint)); -static void *hash_realloc __P((SEGMENT **, size_t, size_t)); -static int hash_seq __P((const DB *, DBT *, DBT *, uint)); -static int hash_sync __P((const DB *, uint)); -static int hdestroy __P((HTAB *)); -static HTAB *init_hash __P((HTAB *, const char *, HASHINFO *)); -static int init_htab __P((HTAB *, int)); +static int alloc_segs(HTAB *, int); +static int flush_meta(HTAB *); +static int hash_access(HTAB *, ACTION, DBT *, DBT *); +static int hash_close(DB *); +static int hash_delete(const DB *, const DBT *, uint); +static int hash_fd(const DB *); +static int hash_get(const DB *, const DBT *, DBT *, uint); +static int hash_put(const DB *, DBT *, const DBT *, uint); +static void *hash_realloc(SEGMENT **, size_t, size_t); +static int hash_seq(const DB *, DBT *, DBT *, uint); +static int hash_sync(const DB *, uint); +static int hdestroy(HTAB *); +static HTAB *init_hash(HTAB *, const char *, HASHINFO *); +static int init_htab(HTAB *, int); #if BYTE_ORDER == LITTLE_ENDIAN -static void swap_header __P((HTAB *)); -static void swap_header_copy __P((HASHHDR *, HASHHDR *)); +static void swap_header(HTAB *); +static void swap_header_copy(HASHHDR *, HASHHDR *); #endif /* Fast arithmetic, relying on powers of 2, */ diff --git a/security/nss/lib/dbm/src/hash_buf.c b/security/nss/lib/dbm/src/hash_buf.c index 727164c6..d3286943 100644 --- a/security/nss/lib/dbm/src/hash_buf.c +++ b/security/nss/lib/dbm/src/hash_buf.c @@ -70,7 +70,7 @@ static char sccsid[] = "@(#)hash_buf.c 8.5 (Berkeley) 7/15/94"; #include "page.h" /* #include "extern.h" */ -static BUFHEAD *newbuf __P((HTAB *, uint32, BUFHEAD *)); +static BUFHEAD *newbuf(HTAB *, uint32, BUFHEAD *); /* Unlink B from its place in the lru */ #define BUF_REMOVE(B) { \ diff --git a/security/nss/lib/dbm/src/memmove.c b/security/nss/lib/dbm/src/memmove.c index 935ab463..aacf9461 100644 --- a/security/nss/lib/dbm/src/memmove.c +++ b/security/nss/lib/dbm/src/memmove.c @@ -37,11 +37,6 @@ static char sccsid[] = "@(#)bcopy.c 8.1 (Berkeley) 6/4/93"; #endif /* LIBC_SCCS and not lint */ -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif #include /* diff --git a/security/nss/lib/dbm/src/snprintf.c b/security/nss/lib/dbm/src/snprintf.c index 96696d8e..377a8d84 100644 --- a/security/nss/lib/dbm/src/snprintf.c +++ b/security/nss/lib/dbm/src/snprintf.c @@ -4,32 +4,14 @@ #include #include -#ifdef HAVE_SYS_CDEFS_H -#include -#else -#include "cdefs.h" -#endif - #include "prtypes.h" #include -#ifdef __STDC__ #include -#else -#include -#endif int -#ifdef __STDC__ snprintf(char *str, size_t n, const char *fmt, ...) -#else -snprintf(str, n, fmt, va_alist) - char *str; - size_t n; - const char *fmt; - va_dcl -#endif { va_list ap; #ifdef VSPRINTF_CHARSTAR @@ -37,11 +19,7 @@ snprintf(str, n, fmt, va_alist) #else int rval; #endif -#ifdef __STDC__ va_start(ap, fmt); -#else - va_start(ap); -#endif #ifdef VSPRINTF_CHARSTAR rp = vsprintf(str, fmt, ap); va_end(ap); diff --git a/security/nss/lib/dev/devslot.c b/security/nss/lib/dev/devslot.c index d97cbba3..f49915ee 100644 --- a/security/nss/lib/dev/devslot.c +++ b/security/nss/lib/dev/devslot.c @@ -25,9 +25,6 @@ /* measured as interval */ static PRIntervalTime s_token_delay_time = 0; -/* The flags needed to open a read-only session. */ -static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION; - NSS_IMPLEMENT PRStatus nssSlot_Destroy ( NSSSlot *slot diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index b6032812..7223e489 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -1466,7 +1466,6 @@ nssToken_TraverseCertificates ( CK_ATTRIBUTE cert_template[2]; CK_ULONG ctsize; NSSArena *arena; - PRStatus status; PRUint32 arraySize, numHandles; nssCryptokiObject **objects; void *epv = nssToken_GetCryptokiEPV(token); @@ -1544,7 +1543,7 @@ nssToken_TraverseCertificates ( if (objects) { nssCryptokiObject **op; for (op = objects; *op; op++) { - status = (*callback)(*op, arg); + (void)(*callback)(*op, arg); } nss_ZFreeIf(objects); } diff --git a/security/nss/lib/freebl/cts.c b/security/nss/lib/freebl/cts.c index 5d4ed18b..984e05b9 100644 --- a/security/nss/lib/freebl/cts.c +++ b/security/nss/lib/freebl/cts.c @@ -185,7 +185,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, unsigned char lastBlock[MAX_BLOCK_SIZE]; const unsigned char *tmp; unsigned int tmpLen; - int fullblocks, pad; + unsigned int fullblocks, pad; unsigned int i; SECStatus rv; diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c index 54ff4803..66c11013 100644 --- a/security/nss/lib/freebl/dh.c +++ b/security/nss/lib/freebl/dh.c @@ -205,7 +205,7 @@ DH_Derive(SECItem *publicValue, { mp_int p, Xa, Yb, ZZ, psub1; mp_err err = MP_OKAY; - int len = 0; + unsigned int len = 0; unsigned int nb; unsigned char *secret = NULL; if (!publicValue || !prime || !privateValue || !derivedSecret) { @@ -252,6 +252,24 @@ DH_Derive(SECItem *publicValue, err = MP_BADARG; goto cleanup; } + + /* + * We check to make sure that ZZ is not equal to 1 or -1 mod p. + * This helps guard against small subgroup attacks, since an attacker + * using a subgroup of size N will produce 1 or -1 with probability 1/N. + * When the protocol is executed within a properly large subgroup, the + * probability of this result will be negligibly small. For example, + * with a strong prime of the form 2p+1, the probability will be 1/p. + * + * We return MP_BADARG because this is probably the result of a bad + * public value or a bad prime having been provided. + */ + if (mp_cmp_d(&ZZ, 1) == 0 || + mp_cmp(&ZZ, &psub1) == 0) { + err = MP_BADARG; + goto cleanup; + } + /* allocate a buffer which can hold the entire derived secret. */ secret = PORT_Alloc(len); /* grab the derived secret */ diff --git a/security/nss/lib/freebl/drbg.c b/security/nss/lib/freebl/drbg.c index 4745df4c..e20db2e6 100644 --- a/security/nss/lib/freebl/drbg.c +++ b/security/nss/lib/freebl/drbg.c @@ -247,26 +247,32 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, /* * build some fast inline functions for adding. */ -#define PRNG_ADD_CARRY_ONLY(dest, start, cy) \ - carry = cy; \ - for (k1=start; carry && k1 >=0 ; k1--) { \ - carry = !(++dest[k1]); \ - } +#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \ + { \ + int k1; \ + for (k1 = start; carry && k1 >= 0; k1--) { \ + carry = !(++dest[k1]); \ + } \ + } /* * NOTE: dest must be an array for the following to work. */ -#define PRNG_ADD_BITS(dest, dest_len, add, len) \ +#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ carry = 0; \ - for (k1=dest_len -1, k2=len-1; k2 >= 0; --k1, --k2) { \ - carry += dest[k1]+ add[k2]; \ - dest[k1] = (PRUint8) carry; \ - carry >>= 8; \ + PORT_Assert((dest_len) >= (len)); \ + { \ + int k1, k2; \ + for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \ + carry += dest[k1] + add[k2]; \ + dest[k1] = (PRUint8) carry; \ + carry >>= 8; \ + } \ } -#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len) \ - PRNG_ADD_BITS(dest, dest_len, add, len) \ - PRNG_ADD_CARRY_ONLY(dest, k1, carry) +#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ + PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ + PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) /* * This function expands the internal state of the prng to fulfill any number @@ -286,7 +292,6 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, SHA256Context ctx; unsigned int len; unsigned int carry; - int k1; SHA256_Begin(&ctx); SHA256_Update(&ctx, data, sizeof data); @@ -295,7 +300,8 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, no_of_returned_bytes -= len; /* The carry parameter is a bool (increment or not). * This increments data if no_of_returned_bytes is not zero */ - PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes); + carry = no_of_returned_bytes; + PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry); } PORT_Memset(data, 0, sizeof data); } @@ -315,7 +321,6 @@ prng_generateNewBytes(RNGContext *rng, PRUint8 H[SHA256_LENGTH]; /* both H and w since they * aren't used concurrently */ unsigned int carry; - int k1, k2; if (!rng->isValid) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -336,7 +341,7 @@ prng_generateNewBytes(RNGContext *rng, SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data); SHA256_Update(&ctx, additional_input, additional_input_len); SHA256_End(&ctx, w, NULL, sizeof w); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w) + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry) PORT_Memset(w, 0, sizeof w); #undef w } @@ -350,11 +355,12 @@ prng_generateNewBytes(RNGContext *rng, /* advance our internal state... */ rng->V_type = prngGenerateByteType; SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H) - PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C); + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry) + PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry); PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter, - sizeof rng->reseed_counter) - PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1); + sizeof rng->reseed_counter, carry) + carry = 1; + PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry); /* continuous rng check */ if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) { @@ -510,7 +516,7 @@ RNG_RandomUpdate(const void *data, size_t bytes) PR_STATIC_ASSERT(sizeof(size_t) > 4); - if (bytes > PRNG_MAX_ADDITIONAL_BYTES) { + if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) { bytes = PRNG_MAX_ADDITIONAL_BYTES; } #else diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c index ad3ce004..0da63ed5 100644 --- a/security/nss/lib/freebl/dsa.c +++ b/security/nss/lib/freebl/dsa.c @@ -502,7 +502,7 @@ DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature, mp_int u1, u2, v, w; /* intermediate values used in verification */ mp_int y; /* public key */ mp_err err; - int dsa_subprime_len, dsa_signature_len, offset; + unsigned int dsa_subprime_len, dsa_signature_len, offset; SECItem localDigest; unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN]; SECStatus verified = SECFailure; diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index 6af242dc..4435f91e 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -543,6 +543,15 @@ ECDH_Derive(SECItem *publicValue, return SECFailure; } + /* + * We fail if the public value is the point at infinity, since + * this produces predictable results. + */ + if (ec_point_at_infinity(publicValue)) { + PORT_SetError(SEC_ERROR_BAD_KEY); + return SECFailure; + } + MP_DIGITS(&k) = 0; memset(derivedSecret, 0, sizeof *derivedSecret); len = (ecParams->fieldID.size + 7) >> 3; diff --git a/security/nss/lib/freebl/ecl/ecl-priv.h b/security/nss/lib/freebl/ecl/ecl-priv.h index 22dd355a..16f80a46 100644 --- a/security/nss/lib/freebl/ecl/ecl-priv.h +++ b/security/nss/lib/freebl/ecl/ecl-priv.h @@ -29,40 +29,39 @@ ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i)) #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) -#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ +#define MP_ADD_CARRY(a1, a2, s, carry) \ { mp_word w; \ - w = ((mp_word)(cin)) + (a1) + (a2); \ + w = ((mp_word)carry) + (a1) + (a2); \ s = ACCUM(w); \ - cout = CARRYOUT(w); } + carry = CARRYOUT(w); } -#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ +#define MP_SUB_BORROW(a1, a2, s, borrow) \ { mp_word w; \ - w = ((mp_word)(a1)) - (a2) - (bin); \ + w = ((mp_word)(a1)) - (a2) - borrow; \ s = ACCUM(w); \ - bout = (w >> MP_DIGIT_BIT) & 1; } + borrow = (w >> MP_DIGIT_BIT) & 1; } #else /* NOTE, - * cin and cout could be the same variable. - * bin and bout could be the same variable. + * carry and borrow are both read and written. * a1 or a2 and s could be the same variable. * don't trash those outputs until their respective inputs have * been read. */ -#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ +#define MP_ADD_CARRY(a1, a2, s, carry) \ { mp_digit tmp,sum; \ tmp = (a1); \ sum = tmp + (a2); \ tmp = (sum < tmp); /* detect overflow */ \ - s = sum += (cin); \ - cout = tmp + (sum < (cin)); } + s = sum += carry; \ + carry = tmp + (sum < carry); } -#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ +#define MP_SUB_BORROW(a1, a2, s, borrow) \ { mp_digit tmp; \ tmp = (a1); \ s = tmp - (a2); \ tmp = (s > tmp); /* detect borrow */ \ - if ((bin) && !s--) tmp++; \ - bout = tmp; } + if (borrow && !s--) tmp++; \ + borrow = tmp; } #endif diff --git a/security/nss/lib/freebl/ecl/ecl_gf.c b/security/nss/lib/freebl/ecl/ecl_gf.c index 22047d51..d250d786 100644 --- a/security/nss/lib/freebl/ecl/ecl_gf.c +++ b/security/nss/lib/freebl/ecl/ecl_gf.c @@ -242,9 +242,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -273,9 +274,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); #else __asm__ ( "subq %3,%0 \n\t" @@ -329,10 +331,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); #else __asm__ ( "xorq %4,%4 \n\t" @@ -364,10 +367,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); #else __asm__ ( "subq %4,%0 \n\t" @@ -426,11 +430,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); - MP_ADD_CARRY(a4, r4, r4, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a4, r4, r4, carry); MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -450,11 +455,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); - MP_SUB_BORROW(r4, a4, r4, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r4, a4, r4, carry); MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; MP_DIGIT(r, 2) = r2; @@ -507,12 +513,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); - MP_ADD_CARRY(a4, r4, r4, carry, carry); - MP_ADD_CARRY(a5, r5, r5, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a4, r4, r4, carry); + MP_ADD_CARRY(a5, r5, r5, carry); MP_CHECKOK(s_mp_pad(r, 6)); MP_DIGIT(r, 5) = r5; @@ -534,12 +541,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); - MP_SUB_BORROW(r4, a4, r4, carry, carry); - MP_SUB_BORROW(r5, a5, r5, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r4, a4, r4, carry); + MP_SUB_BORROW(r5, a5, r5, carry); MP_DIGIT(r, 5) = r5; MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; @@ -587,9 +595,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -610,9 +619,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); #else __asm__ ( "addq %3,%0 \n\t" @@ -675,10 +685,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); #else __asm__ ( "xorq %4,%4 \n\t" @@ -701,10 +712,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); #else __asm__ ( "addq %4,%0 \n\t" @@ -771,11 +783,12 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -785,10 +798,11 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); } MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -843,12 +857,13 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow, borrow); - MP_SUB_BORROW(r5, b5, r5, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow); + MP_SUB_BORROW(r5, b5, r5, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -859,11 +874,12 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); - MP_ADD_CARRY(b4, r4, r4, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); + MP_ADD_CARRY(b4, r4, r4, borrow); } MP_CHECKOK(s_mp_pad(r, 6)); diff --git a/security/nss/lib/freebl/ecl/ecl_mult.c b/security/nss/lib/freebl/ecl/ecl_mult.c index a99ca825..5932828b 100644 --- a/security/nss/lib/freebl/ecl/ecl_mult.c +++ b/security/nss/lib/freebl/ecl/ecl_mult.c @@ -129,7 +129,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_err res = MP_OKAY; mp_int precomp[4][4][2]; const mp_int *a, *b; - int i, j; + unsigned int i, j; int ai, bi, d; ARGCHK(group != NULL, MP_BADARG); @@ -236,7 +236,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_zero(rx); mp_zero(ry); - for (i = d - 1; i >= 0; i--) { + for (i = d; i-- > 0;) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/security/nss/lib/freebl/ecl/ecp_192.c b/security/nss/lib/freebl/ecl/ecp_192.c index 70b717a1..ef11cef9 100644 --- a/security/nss/lib/freebl/ecl/ecp_192.c +++ b/security/nss/lib/freebl/ecl/ecp_192.c @@ -72,34 +72,36 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0a = MP_DIGIT(a, 0); /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ - MP_ADD_CARRY(r0a, a3a, r0a, 0, carry); - MP_ADD_CARRY(r0b, a3b, r0b, carry, carry); - MP_ADD_CARRY(r1a, a3a, r1a, carry, carry); - MP_ADD_CARRY(r1b, a3b, r1b, carry, carry); - MP_ADD_CARRY(r2a, a4a, r2a, carry, carry); - MP_ADD_CARRY(r2b, a4b, r2b, carry, carry); + carry = 0; + MP_ADD_CARRY(r0a, a3a, r0a, carry); + MP_ADD_CARRY(r0b, a3b, r0b, carry); + MP_ADD_CARRY(r1a, a3a, r1a, carry); + MP_ADD_CARRY(r1b, a3b, r1b, carry); + MP_ADD_CARRY(r2a, a4a, r2a, carry); + MP_ADD_CARRY(r2b, a4b, r2b, carry); r3 = carry; carry = 0; - MP_ADD_CARRY(r0a, a5a, r0a, 0, carry); - MP_ADD_CARRY(r0b, a5b, r0b, carry, carry); - MP_ADD_CARRY(r1a, a5a, r1a, carry, carry); - MP_ADD_CARRY(r1b, a5b, r1b, carry, carry); - MP_ADD_CARRY(r2a, a5a, r2a, carry, carry); - MP_ADD_CARRY(r2b, a5b, r2b, carry, carry); - r3 += carry; - MP_ADD_CARRY(r1a, a4a, r1a, 0, carry); - MP_ADD_CARRY(r1b, a4b, r1b, carry, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + MP_ADD_CARRY(r0a, a5a, r0a, carry); + MP_ADD_CARRY(r0b, a5b, r0b, carry); + MP_ADD_CARRY(r1a, a5a, r1a, carry); + MP_ADD_CARRY(r1b, a5b, r1b, carry); + MP_ADD_CARRY(r2a, a5a, r2a, carry); + MP_ADD_CARRY(r2b, a5b, r2b, carry); + r3 += carry; carry = 0; + MP_ADD_CARRY(r1a, a4a, r1a, carry); + MP_ADD_CARRY(r1b, a4b, r1b, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); r3 += carry; /* reduce out the carry */ while (r3) { - MP_ADD_CARRY(r0a, r3, r0a, 0, carry); - MP_ADD_CARRY(r0b, 0, r0b, carry, carry); - MP_ADD_CARRY(r1a, r3, r1a, carry, carry); - MP_ADD_CARRY(r1b, 0, r1b, carry, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + carry = 0; + MP_ADD_CARRY(r0a, r3, r0a, carry); + MP_ADD_CARRY(r0b, 0, r0b, carry); + MP_ADD_CARRY(r1a, r3, r1a, carry); + MP_ADD_CARRY(r1b, 0, r1b, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); r3 = carry; } @@ -121,8 +123,9 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) (r1a == 0xfffffffe) && (r0a == 0xffffffff) && (r0b == 0xffffffff)) ) { /* do a quick subtract */ - MP_ADD_CARRY(r0a, 1, r0a, 0, carry); - MP_ADD_CARRY(r0b, carry, r0a, 0, carry); + carry = 0; + MP_ADD_CARRY(r0a, 1, r0a, carry); + MP_ADD_CARRY(r0b, carry, r0a, carry); r1a += 1+carry; r1b = r2a = r2b = 0; } @@ -154,16 +157,17 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, a3, r0, 0, carry); - MP_ADD_CARRY(r1, a3, r1, carry, carry); - MP_ADD_CARRY(r2, a4, r2, carry, carry); - r3 = carry; - MP_ADD_CARRY(r0, a5, r0, 0, carry); - MP_ADD_CARRY(r1, a5, r1, carry, carry); - MP_ADD_CARRY(r2, a5, r2, carry, carry); - r3 += carry; - MP_ADD_CARRY(r1, a4, r1, 0, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, a3, r0, carry); + MP_ADD_CARRY(r1, a3, r1, carry); + MP_ADD_CARRY(r2, a4, r2, carry); + r3 = carry; carry = 0; + MP_ADD_CARRY(r0, a5, r0, carry); + MP_ADD_CARRY(r1, a5, r1, carry); + MP_ADD_CARRY(r2, a5, r2, carry); + r3 += carry; carry = 0; + MP_ADD_CARRY(r1, a4, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); r3 += carry; #else @@ -195,9 +199,10 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* reduce out the carry */ while (r3) { #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, r3, r0, 0, carry); - MP_ADD_CARRY(r1, r3, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, r3, r0, carry); + MP_ADD_CARRY(r1, r3, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); r3 = carry; #else a3=r3; @@ -229,7 +234,8 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { /* do a quick subtract */ - MP_ADD_CARRY(r0, 1, r0, 0, carry); + carry = 0; + MP_ADD_CARRY(r0, 1, r0, carry); r1 += 1+carry; r2 = 0; } @@ -280,9 +286,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -302,9 +309,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, 1, r0, 0, carry); - MP_ADD_CARRY(r1, 1, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, 1, r0, carry); + MP_ADD_CARRY(r1, 1, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); #else __asm__ ( "addq $1,%0 \n\t" @@ -362,9 +370,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -382,9 +391,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, * (subtract the 2's complement of the curve field) */ if (borrow) { #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, 1, r0, 0, borrow); - MP_SUB_BORROW(r1, 1, r1, borrow, borrow); - MP_SUB_BORROW(r2, 0, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, 1, r0, borrow); + MP_SUB_BORROW(r1, 1, r1, borrow); + MP_SUB_BORROW(r2, 0, r2, borrow); #else __asm__ ( "subq $1,%0 \n\t" diff --git a/security/nss/lib/freebl/ecl/ecp_224.c b/security/nss/lib/freebl/ecl/ecp_224.c index 18779ba1..4faab215 100644 --- a/security/nss/lib/freebl/ecl/ecp_224.c +++ b/security/nss/lib/freebl/ecl/ecp_224.c @@ -72,52 +72,54 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - MP_ADD_CARRY (r1b, a3b, r1b, 0, carry); - MP_ADD_CARRY (r2a, a4a, r2a, carry, carry); - MP_ADD_CARRY (r2b, a4b, r2b, carry, carry); - MP_ADD_CARRY (r3a, a5a, r3a, carry, carry); - r3b = carry; - MP_ADD_CARRY (r1b, a5b, r1b, 0, carry); - MP_ADD_CARRY (r2a, a6a, r2a, carry, carry); - MP_ADD_CARRY (r2b, a6b, r2b, carry, carry); - MP_ADD_CARRY (r3a, 0, r3a, carry, carry); - r3b += carry; - MP_SUB_BORROW(r0a, a3b, r0a, 0, carry); - MP_SUB_BORROW(r0b, a4a, r0b, carry, carry); - MP_SUB_BORROW(r1a, a4b, r1a, carry, carry); - MP_SUB_BORROW(r1b, a5a, r1b, carry, carry); - MP_SUB_BORROW(r2a, a5b, r2a, carry, carry); - MP_SUB_BORROW(r2b, a6a, r2b, carry, carry); - MP_SUB_BORROW(r3a, a6b, r3a, carry, carry); - r3b -= carry; - MP_SUB_BORROW(r0a, a5b, r0a, 0, carry); - MP_SUB_BORROW(r0b, a6a, r0b, carry, carry); - MP_SUB_BORROW(r1a, a6b, r1a, carry, carry); + carry = 0; + MP_ADD_CARRY (r1b, a3b, r1b, carry); + MP_ADD_CARRY (r2a, a4a, r2a, carry); + MP_ADD_CARRY (r2b, a4b, r2b, carry); + MP_ADD_CARRY (r3a, a5a, r3a, carry); + r3b = carry; carry = 0; + MP_ADD_CARRY (r1b, a5b, r1b, carry); + MP_ADD_CARRY (r2a, a6a, r2a, carry); + MP_ADD_CARRY (r2b, a6b, r2b, carry); + MP_ADD_CARRY (r3a, 0, r3a, carry); + r3b += carry; carry = 0; + MP_SUB_BORROW(r0a, a3b, r0a, carry); + MP_SUB_BORROW(r0b, a4a, r0b, carry); + MP_SUB_BORROW(r1a, a4b, r1a, carry); + MP_SUB_BORROW(r1b, a5a, r1b, carry); + MP_SUB_BORROW(r2a, a5b, r2a, carry); + MP_SUB_BORROW(r2b, a6a, r2b, carry); + MP_SUB_BORROW(r3a, a6b, r3a, carry); + r3b -= carry; carry = 0; + MP_SUB_BORROW(r0a, a5b, r0a, carry); + MP_SUB_BORROW(r0b, a6a, r0b, carry); + MP_SUB_BORROW(r1a, a6b, r1a, carry); if (carry) { - MP_SUB_BORROW(r1b, 0, r1b, carry, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry); r3b -= carry; } while (r3b > 0) { int tmp; - MP_ADD_CARRY(r1b, r3b, r1b, 0, carry); + carry = 0; + MP_ADD_CARRY(r1b, r3b, r1b, carry); if (carry) { - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); - MP_ADD_CARRY(r3a, 0, r3a, carry, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); + MP_ADD_CARRY(r3a, 0, r3a, carry); } - tmp = carry; - MP_SUB_BORROW(r0a, r3b, r0a, 0, carry); + tmp = carry; carry = 0; + MP_SUB_BORROW(r0a, r3b, r0a, carry); if (carry) { - MP_SUB_BORROW(r0b, 0, r0b, carry, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry, carry); - MP_SUB_BORROW(r1b, 0, r1b, carry, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry); tmp -= carry; } r3b = tmp; @@ -125,13 +127,14 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r3b < 0) { mp_digit maxInt = MP_DIGIT_MAX; - MP_ADD_CARRY (r0a, 1, r0a, 0, carry); - MP_ADD_CARRY (r0b, 0, r0b, carry, carry); - MP_ADD_CARRY (r1a, 0, r1a, carry, carry); - MP_ADD_CARRY (r1b, maxInt, r1b, carry, carry); - MP_ADD_CARRY (r2a, maxInt, r2a, carry, carry); - MP_ADD_CARRY (r2b, maxInt, r2b, carry, carry); - MP_ADD_CARRY (r3a, maxInt, r3a, carry, carry); + carry = 0; + MP_ADD_CARRY (r0a, 1, r0a, carry); + MP_ADD_CARRY (r0b, 0, r0b, carry); + MP_ADD_CARRY (r1a, 0, r1a, carry); + MP_ADD_CARRY (r1b, maxInt, r1b, carry); + MP_ADD_CARRY (r2a, maxInt, r2a, carry); + MP_ADD_CARRY (r2b, maxInt, r2b, carry); + MP_ADD_CARRY (r3a, maxInt, r3a, carry); r3b += carry; } /* check for final reduction */ @@ -140,9 +143,10 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) && ((r1a != 0) || (r0b != 0) || (r0a != 0)) ) { /* one last subraction */ - MP_SUB_BORROW(r0a, 1, r0a, 0, carry); - MP_SUB_BORROW(r0b, 0, r0b, carry, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry, carry); + carry = 0; + MP_SUB_BORROW(r0a, 1, r0a, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry); r1b = r2a = r2b = r3a = 0; } @@ -194,22 +198,26 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - MP_ADD_CARRY (r1, a3b, r1, 0, carry); - MP_ADD_CARRY (r2, a4 , r2, carry, carry); - MP_ADD_CARRY (r3, a5a, r3, carry, carry); - MP_ADD_CARRY (r1, a5b, r1, 0, carry); - MP_ADD_CARRY (r2, a6 , r2, carry, carry); - MP_ADD_CARRY (r3, 0, r3, carry, carry); + carry = 0; + MP_ADD_CARRY (r1, a3b, r1, carry); + MP_ADD_CARRY (r2, a4 , r2, carry); + MP_ADD_CARRY (r3, a5a, r3, carry); + carry = 0; + MP_ADD_CARRY (r1, a5b, r1, carry); + MP_ADD_CARRY (r2, a6 , r2, carry); + MP_ADD_CARRY (r3, 0, r3, carry); - MP_SUB_BORROW(r0, a4a_a3b, r0, 0, carry); - MP_SUB_BORROW(r1, a5a_a4b, r1, carry, carry); - MP_SUB_BORROW(r2, a6a_a5b, r2, carry, carry); - MP_SUB_BORROW(r3, a6b , r3, carry, carry); - MP_SUB_BORROW(r0, a6a_a5b, r0, 0, carry); - MP_SUB_BORROW(r1, a6b , r1, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a4a_a3b, r0, carry); + MP_SUB_BORROW(r1, a5a_a4b, r1, carry); + MP_SUB_BORROW(r2, a6a_a5b, r2, carry); + MP_SUB_BORROW(r3, a6b , r3, carry); + carry = 0; + MP_SUB_BORROW(r0, a6a_a5b, r0, carry); + MP_SUB_BORROW(r1, a6b , r1, carry); if (carry) { - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); } @@ -218,25 +226,28 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r3b = (int)(r3 >>32); while (r3b > 0) { r3 &= 0xffffffff; - MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, 0, carry); + carry = 0; + MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, carry); if (carry) { - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, 0, r3, carry, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, 0, r3, carry); } - MP_SUB_BORROW(r0, r3b, r0, 0, carry); + carry = 0; + MP_SUB_BORROW(r0, r3b, r0, carry); if (carry) { - MP_SUB_BORROW(r1, 0, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r1, 0, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); } r3b = (int)(r3 >>32); } while (r3b < 0) { - MP_ADD_CARRY (r0, 1, r0, 0, carry); - MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry, carry); - MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry, carry); - MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry, carry); + carry = 0; + MP_ADD_CARRY (r0, 1, r0, carry); + MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry); + MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry); + MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry); r3b = (int)(r3 >>32); } /* check for final reduction */ @@ -247,8 +258,9 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) && ((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) { /* one last subraction */ - MP_SUB_BORROW(r0, 1, r0, 0, carry); - MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, 1, r0, carry); + MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry); r2 = r3 = 0; } diff --git a/security/nss/lib/freebl/ecl/ecp_256.c b/security/nss/lib/freebl/ecl/ecp_256.c index a834d15d..936ee6dd 100644 --- a/security/nss/lib/freebl/ecl/ecp_256.c +++ b/security/nss/lib/freebl/ecl/ecp_256.c @@ -68,115 +68,118 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r7 = MP_DIGIT(a,7); /* sum 1 */ - MP_ADD_CARRY(r3, a11, r3, 0, carry); - MP_ADD_CARRY(r4, a12, r4, carry, carry); - MP_ADD_CARRY(r5, a13, r5, carry, carry); - MP_ADD_CARRY(r6, a14, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); - r8 = carry; - MP_ADD_CARRY(r3, a11, r3, 0, carry); - MP_ADD_CARRY(r4, a12, r4, carry, carry); - MP_ADD_CARRY(r5, a13, r5, carry, carry); - MP_ADD_CARRY(r6, a14, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); - r8 += carry; + carry = 0; + MP_ADD_CARRY(r3, a11, r3, carry); + MP_ADD_CARRY(r4, a12, r4, carry); + MP_ADD_CARRY(r5, a13, r5, carry); + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); + r8 = carry; carry = 0; + MP_ADD_CARRY(r3, a11, r3, carry); + MP_ADD_CARRY(r4, a12, r4, carry); + MP_ADD_CARRY(r5, a13, r5, carry); + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); + r8 += carry; carry = 0; /* sum 2 */ - MP_ADD_CARRY(r3, a12, r3, 0, carry); - MP_ADD_CARRY(r4, a13, r4, carry, carry); - MP_ADD_CARRY(r5, a14, r5, carry, carry); - MP_ADD_CARRY(r6, a15, r6, carry, carry); - MP_ADD_CARRY(r7, 0, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r3, a12, r3, carry); + MP_ADD_CARRY(r4, a13, r4, carry); + MP_ADD_CARRY(r5, a14, r5, carry); + MP_ADD_CARRY(r6, a15, r6, carry); + MP_ADD_CARRY(r7, 0, r7, carry); + r8 += carry; carry = 0; /* combine last bottom of sum 3 with second sum 2 */ - MP_ADD_CARRY(r0, a8, r0, 0, carry); - MP_ADD_CARRY(r1, a9, r1, carry, carry); - MP_ADD_CARRY(r2, a10, r2, carry, carry); - MP_ADD_CARRY(r3, a12, r3, carry, carry); - MP_ADD_CARRY(r4, a13, r4, carry, carry); - MP_ADD_CARRY(r5, a14, r5, carry, carry); - MP_ADD_CARRY(r6, a15, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); /* from sum 3 */ - r8 += carry; + MP_ADD_CARRY(r0, a8, r0, carry); + MP_ADD_CARRY(r1, a9, r1, carry); + MP_ADD_CARRY(r2, a10, r2, carry); + MP_ADD_CARRY(r3, a12, r3, carry); + MP_ADD_CARRY(r4, a13, r4, carry); + MP_ADD_CARRY(r5, a14, r5, carry); + MP_ADD_CARRY(r6, a15, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */ + r8 += carry; carry = 0; /* sum 3 (rest of it)*/ - MP_ADD_CARRY(r6, a14, r6, 0, carry); - MP_ADD_CARRY(r7, 0, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, 0, r7, carry); + r8 += carry; carry = 0; /* sum 4 (rest of it)*/ - MP_ADD_CARRY(r0, a9, r0, 0, carry); - MP_ADD_CARRY(r1, a10, r1, carry, carry); - MP_ADD_CARRY(r2, a11, r2, carry, carry); - MP_ADD_CARRY(r3, a13, r3, carry, carry); - MP_ADD_CARRY(r4, a14, r4, carry, carry); - MP_ADD_CARRY(r5, a15, r5, carry, carry); - MP_ADD_CARRY(r6, a13, r6, carry, carry); - MP_ADD_CARRY(r7, a8, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r0, a9, r0, carry); + MP_ADD_CARRY(r1, a10, r1, carry); + MP_ADD_CARRY(r2, a11, r2, carry); + MP_ADD_CARRY(r3, a13, r3, carry); + MP_ADD_CARRY(r4, a14, r4, carry); + MP_ADD_CARRY(r5, a15, r5, carry); + MP_ADD_CARRY(r6, a13, r6, carry); + MP_ADD_CARRY(r7, a8, r7, carry); + r8 += carry; carry = 0; /* diff 5 */ - MP_SUB_BORROW(r0, a11, r0, 0, carry); - MP_SUB_BORROW(r1, a12, r1, carry, carry); - MP_SUB_BORROW(r2, a13, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); - MP_SUB_BORROW(r4, 0, r4, carry, carry); - MP_SUB_BORROW(r5, 0, r5, carry, carry); - MP_SUB_BORROW(r6, a8, r6, carry, carry); - MP_SUB_BORROW(r7, a10, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a11, r0, carry); + MP_SUB_BORROW(r1, a12, r1, carry); + MP_SUB_BORROW(r2, a13, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); + MP_SUB_BORROW(r4, 0, r4, carry); + MP_SUB_BORROW(r5, 0, r5, carry); + MP_SUB_BORROW(r6, a8, r6, carry); + MP_SUB_BORROW(r7, a10, r7, carry); + r8 -= carry; carry = 0; /* diff 6 */ - MP_SUB_BORROW(r0, a12, r0, 0, carry); - MP_SUB_BORROW(r1, a13, r1, carry, carry); - MP_SUB_BORROW(r2, a14, r2, carry, carry); - MP_SUB_BORROW(r3, a15, r3, carry, carry); - MP_SUB_BORROW(r4, 0, r4, carry, carry); - MP_SUB_BORROW(r5, 0, r5, carry, carry); - MP_SUB_BORROW(r6, a9, r6, carry, carry); - MP_SUB_BORROW(r7, a11, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a12, r0, carry); + MP_SUB_BORROW(r1, a13, r1, carry); + MP_SUB_BORROW(r2, a14, r2, carry); + MP_SUB_BORROW(r3, a15, r3, carry); + MP_SUB_BORROW(r4, 0, r4, carry); + MP_SUB_BORROW(r5, 0, r5, carry); + MP_SUB_BORROW(r6, a9, r6, carry); + MP_SUB_BORROW(r7, a11, r7, carry); + r8 -= carry; carry = 0; /* diff 7 */ - MP_SUB_BORROW(r0, a13, r0, 0, carry); - MP_SUB_BORROW(r1, a14, r1, carry, carry); - MP_SUB_BORROW(r2, a15, r2, carry, carry); - MP_SUB_BORROW(r3, a8, r3, carry, carry); - MP_SUB_BORROW(r4, a9, r4, carry, carry); - MP_SUB_BORROW(r5, a10, r5, carry, carry); - MP_SUB_BORROW(r6, 0, r6, carry, carry); - MP_SUB_BORROW(r7, a12, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a13, r0, carry); + MP_SUB_BORROW(r1, a14, r1, carry); + MP_SUB_BORROW(r2, a15, r2, carry); + MP_SUB_BORROW(r3, a8, r3, carry); + MP_SUB_BORROW(r4, a9, r4, carry); + MP_SUB_BORROW(r5, a10, r5, carry); + MP_SUB_BORROW(r6, 0, r6, carry); + MP_SUB_BORROW(r7, a12, r7, carry); + r8 -= carry; carry = 0; /* diff 8 */ - MP_SUB_BORROW(r0, a14, r0, 0, carry); - MP_SUB_BORROW(r1, a15, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, a9, r3, carry, carry); - MP_SUB_BORROW(r4, a10, r4, carry, carry); - MP_SUB_BORROW(r5, a11, r5, carry, carry); - MP_SUB_BORROW(r6, 0, r6, carry, carry); - MP_SUB_BORROW(r7, a13, r7, carry, carry); + MP_SUB_BORROW(r0, a14, r0, carry); + MP_SUB_BORROW(r1, a15, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, a9, r3, carry); + MP_SUB_BORROW(r4, a10, r4, carry); + MP_SUB_BORROW(r5, a11, r5, carry); + MP_SUB_BORROW(r6, 0, r6, carry); + MP_SUB_BORROW(r7, a13, r7, carry); r8 -= carry; /* reduce the overflows */ while (r8 > 0) { - mp_digit r8_d = r8; - MP_ADD_CARRY(r0, r8_d, r0, 0, carry); - MP_ADD_CARRY(r1, 0, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, 0-r8_d, r3, carry, carry); - MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry, carry); - MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry, carry); - MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry, carry); - MP_ADD_CARRY(r7, (r8_d-1), r7, carry, carry); + mp_digit r8_d = r8; carry = 0; + carry = 0; + MP_ADD_CARRY(r0, r8_d, r0, carry); + MP_ADD_CARRY(r1, 0, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, 0-r8_d, r3, carry); + MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry); + MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry); + MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry); + MP_ADD_CARRY(r7, (r8_d-1), r7, carry); r8 = carry; } /* reduce the underflows */ while (r8 < 0) { mp_digit r8_d = -r8; - MP_SUB_BORROW(r0, r8_d, r0, 0, carry); - MP_SUB_BORROW(r1, 0, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0-r8_d, r3, carry, carry); - MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry, carry); - MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry, carry); - MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry, carry); - MP_SUB_BORROW(r7, (r8_d-1), r7, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, r8_d, r0, carry); + MP_SUB_BORROW(r1, 0, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0-r8_d, r3, carry); + MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry); + MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry); + MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry); + MP_SUB_BORROW(r7, (r8_d-1), r7, carry); r8 = 0-carry; } if (a != r) { @@ -229,69 +232,82 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0 = MP_DIGIT(a,0); /* sum 1 */ - MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); - MP_ADD_CARRY(r2, a6, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 = carry; - MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); - MP_ADD_CARRY(r2, a6, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 += carry; + carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, carry); + MP_ADD_CARRY(r2, a6, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 = carry; carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, carry); + MP_ADD_CARRY(r2, a6, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 += carry; carry = 0; /* sum 2 */ - MP_ADD_CARRY(r1, a6l, r1, 0, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); - MP_ADD_CARRY(r3, a7h, r3, carry, carry); - r4 += carry; - MP_ADD_CARRY(r1, a6l, r1, 0, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); - MP_ADD_CARRY(r3, a7h, r3, carry, carry); - r4 += carry; + carry = 0; + MP_ADD_CARRY(r1, a6l, r1, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry); + MP_ADD_CARRY(r3, a7h, r3, carry); + r4 += carry; carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a6l, r1, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry); + MP_ADD_CARRY(r3, a7h, r3, carry); + r4 += carry; carry = 0; /* sum 3 */ - MP_ADD_CARRY(r0, a4, r0, 0, carry); - MP_ADD_CARRY(r1, a5l >> 32, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 += carry; + carry = 0; + MP_ADD_CARRY(r0, a4, r0, carry); + MP_ADD_CARRY(r1, a5l >> 32, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 += carry; carry = 0; /* sum 4 */ - MP_ADD_CARRY(r0, a4h | a5l, r0, 0, carry); - MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry, carry); - MP_ADD_CARRY(r2, a7, r2, carry, carry); - MP_ADD_CARRY(r3, a6h | a4l, r3, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, a4h | a5l, r0, carry); + MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry); + MP_ADD_CARRY(r2, a7, r2, carry); + MP_ADD_CARRY(r3, a6h | a4l, r3, carry); r4 += carry; /* diff 5 */ - MP_SUB_BORROW(r0, a5h | a6l, r0, 0, carry); - MP_SUB_BORROW(r1, a6h, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a5h | a6l, r0, carry); + MP_SUB_BORROW(r1, a6h, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry); r4 -= carry; /* diff 6 */ - MP_SUB_BORROW(r0, a6, r0, 0, carry); - MP_SUB_BORROW(r1, a7, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a6, r0, carry); + MP_SUB_BORROW(r1, a7, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry); r4 -= carry; /* diff 7 */ - MP_SUB_BORROW(r0, a6h|a7l, r0, 0, carry); - MP_SUB_BORROW(r1, a7h|a4l, r1, carry, carry); - MP_SUB_BORROW(r2, a4h|a5l, r2, carry, carry); - MP_SUB_BORROW(r3, a6l, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a6h|a7l, r0, carry); + MP_SUB_BORROW(r1, a7h|a4l, r1, carry); + MP_SUB_BORROW(r2, a4h|a5l, r2, carry); + MP_SUB_BORROW(r3, a6l, r3, carry); r4 -= carry; /* diff 8 */ - MP_SUB_BORROW(r0, a7, r0, 0, carry); - MP_SUB_BORROW(r1, a4h<<32, r1, carry, carry); - MP_SUB_BORROW(r2, a5, r2, carry, carry); - MP_SUB_BORROW(r3, a6h<<32, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a7, r0, carry); + MP_SUB_BORROW(r1, a4h<<32, r1, carry); + MP_SUB_BORROW(r2, a5, r2, carry); + MP_SUB_BORROW(r3, a6h<<32, r3, carry); r4 -= carry; /* reduce the overflows */ while (r4 > 0) { mp_digit r4_long = r4; mp_digit r4l = (r4_long << 32); - MP_ADD_CARRY(r0, r4_long, r0, 0, carry); - MP_ADD_CARRY(r1, 0-r4l, r1, carry, carry); - MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry, carry); - MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry, carry); + carry = 0; + carry = 0; + MP_ADD_CARRY(r0, r4_long, r0, carry); + MP_ADD_CARRY(r1, 0-r4l, r1, carry); + MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry); + MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry); r4 = carry; } @@ -299,10 +315,11 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r4 < 0) { mp_digit r4_long = -r4; mp_digit r4l = (r4_long << 32); - MP_SUB_BORROW(r0, r4_long, r0, 0, carry); - MP_SUB_BORROW(r1, 0-r4l, r1, carry, carry); - MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry, carry); - MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, r4_long, r0, carry); + MP_SUB_BORROW(r1, 0-r4l, r1, carry); + MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry); + MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry); r4 = 0-carry; } diff --git a/security/nss/lib/freebl/ecl/ecp_521.c b/security/nss/lib/freebl/ecl/ecp_521.c index 7eac0f07..f70c2f43 100644 --- a/security/nss/lib/freebl/ecl/ecp_521.c +++ b/security/nss/lib/freebl/ecl/ecp_521.c @@ -17,7 +17,7 @@ ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth) { mp_err res = MP_OKAY; int a_bits = mpl_significant_bits(a); - int i; + unsigned int i; /* m1, m2 are statically-allocated mp_int of exactly the size we need */ mp_int m1; diff --git a/security/nss/lib/freebl/ecl/ecp_jac.c b/security/nss/lib/freebl/ecl/ecp_jac.c index c7bb239c..f174b169 100644 --- a/security/nss/lib/freebl/ecl/ecp_jac.c +++ b/security/nss/lib/freebl/ecl/ecp_jac.c @@ -144,6 +144,20 @@ ec_GFp_pt_add_jac_aff(const mp_int *px, const mp_int *py, const mp_int *pz, MP_CHECKOK(group->meth->field_sub(&A, px, &C, group->meth)); MP_CHECKOK(group->meth->field_sub(&B, py, &D, group->meth)); + if (mp_cmp_z(&C) == 0) { + /* P == Q or P == -Q */ + if (mp_cmp_z(&D) == 0) { + /* P == Q */ + /* It is cheaper to double (qx, qy, 1) than (px, py, pz). */ + MP_DIGIT(&D, 0) = 1; /* Set D to 1. */ + MP_CHECKOK(ec_GFp_pt_dbl_jac(qx, qy, &D, rx, ry, rz, group)); + } else { + /* P == -Q */ + MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); + } + goto CLEANUP; + } + /* C2 = C^2, C3 = C^3 */ MP_CHECKOK(group->meth->field_sqr(&C, &C2, group->meth)); MP_CHECKOK(group->meth->field_mul(&C, &C2, &C3, group->meth)); @@ -205,7 +219,8 @@ ec_GFp_pt_dbl_jac(const mp_int *px, const mp_int *py, const mp_int *pz, MP_CHECKOK(mp_init(&M)); MP_CHECKOK(mp_init(&S)); - if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES) { + /* P == inf or P == -P */ + if (ec_GFp_pt_is_inf_jac(px, py, pz) == MP_YES || mp_cmp_z(py) == 0) { MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, rz)); goto CLEANUP; } @@ -372,7 +387,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_int precomp[4][4][2]; mp_int rz; const mp_int *a, *b; - int i, j; + unsigned int i, j; int ai, bi, d; for (i = 0; i < 4; i++) { @@ -479,7 +494,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, MP_CHECKOK(mp_init(&rz)); MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz)); - for (i = d - 1; i >= 0; i--) { + for (i = d; i-- > 0;) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/security/nss/lib/freebl/ecl/ecp_jm.c b/security/nss/lib/freebl/ecl/ecp_jm.c index b1a3dc89..2d564127 100644 --- a/security/nss/lib/freebl/ecl/ecp_jm.c +++ b/security/nss/lib/freebl/ecl/ecp_jm.c @@ -16,7 +16,7 @@ * output that is still field-encoded. * */ -mp_err +static mp_err ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz, const mp_int *paz4, mp_int *rx, mp_int *ry, mp_int *rz, mp_int *raz4, mp_int scratch[], const ECGroup *group) @@ -86,7 +86,7 @@ ec_GFp_pt_dbl_jm(const mp_int *px, const mp_int *py, const mp_int *pz, * Uses mixed Modified_Jacobian-affine coordinates. Assumes input is * already field-encoded using field_enc, and returns output that is still * field-encoded. */ -mp_err +static mp_err ec_GFp_pt_add_jm_aff(const mp_int *px, const mp_int *py, const mp_int *pz, const mp_int *paz4, const mp_int *qx, const mp_int *qy, mp_int *rx, mp_int *ry, mp_int *rz, diff --git a/security/nss/lib/freebl/freeblver.c b/security/nss/lib/freebl/freeblver.c index c288b41a..9136f0b0 100644 --- a/security/nss/lib/freebl/freeblver.c +++ b/security/nss/lib/freebl/freeblver.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_freebl_rcsid[] = "$Header: NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_freebl_sccsid[] = "@(#)NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_freebl_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index deb6770f..1d9affec 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -294,13 +294,9 @@ static const struct FREEBLVectorStr vector = const FREEBLVector * FREEBL_GetVector(void) { - extern const char __nss_freebl_rcsid[]; - extern const char __nss_freebl_sccsid[]; +#define NSS_VERSION_VARIABLE __nss_freebl_version +#include "verref.h" - /* force a reference that won't get optimized away */ - volatile char c; - - c = __nss_freebl_rcsid[0] + __nss_freebl_sccsid[0]; #ifdef FREEBL_NO_DEPEND FREEBL_InitStubs(); #endif diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 5eb50de9..9105a690 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -132,7 +132,6 @@ freebl_LoadDSO( void ) handle = loader_LoadLibrary(name); if (handle) { PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); - PRStatus status; if (address) { FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address; const FREEBLVector * dsoVector = getVector(); @@ -149,8 +148,14 @@ freebl_LoadDSO( void ) } } } - status = PR_UnloadLibrary(handle); - PORT_Assert(PR_SUCCESS == status); +#ifdef DEBUG + { + PRStatus status = PR_UnloadLibrary(blLib); + PORT_Assert(PR_SUCCESS == status); + } +#else + PR_UnloadLibrary(blLib); +#endif } return PR_FAILURE; } @@ -901,8 +906,12 @@ BL_Unload(void) if (blLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { +#ifdef DEBUG PRStatus status = PR_UnloadLibrary(blLib); PORT_Assert(PR_SUCCESS == status); +#else + PR_UnloadLibrary(blLib); +#endif } blLib = NULL; } diff --git a/security/nss/lib/freebl/md5.c b/security/nss/lib/freebl/md5.c index 1a0916e2..6ac15b64 100644 --- a/security/nss/lib/freebl/md5.c +++ b/security/nss/lib/freebl/md5.c @@ -259,7 +259,7 @@ MD5_Begin(MD5Context *cx) (i32) #else #define lendian(i32) \ - (tmp = i32 >> 16 | i32 << 16, (tmp & MASK) << 8 | tmp >> 8 & MASK) + (tmp = (i32 >> 16) | (i32 << 16), ((tmp & MASK) << 8) | ((tmp >> 8) & MASK)) #endif #ifndef IS_LITTLE_ENDIAN diff --git a/security/nss/lib/freebl/mpi/mpcpucache.c b/security/nss/lib/freebl/mpi/mpcpucache.c index 9a4a9d30..92500611 100644 --- a/security/nss/lib/freebl/mpi/mpcpucache.c +++ b/security/nss/lib/freebl/mpi/mpcpucache.c @@ -3,6 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "mpi.h" +#include "prtypes.h" /* * This file implements a single function: s_mpi_getProcessorLineSize(); @@ -619,35 +620,17 @@ unsigned long s_mpi_is_sse2() { unsigned long eax, ebx, ecx, edx; - int manufacturer = MAN_UNKNOWN; - int i; - char string[13]; if (is386() || is486()) { return 0; } freebl_cpuid(0, &eax, &ebx, &ecx, &edx); - /* string holds the CPU's manufacturer ID string - a twelve - * character ASCII string stored in ebx, edx, ecx, and - * the 32-bit extended feature flags are in edx, ecx. - */ - *(int *)string = ebx; - *(int *)&string[4] = (int)edx; - *(int *)&string[8] = (int)ecx; - string[12] = 0; /* has no SSE2 extensions */ if (eax == 0) { return 0; } - for (i=0; i < n_manufacturers; i++) { - if ( strcmp(manMap[i],string) == 0) { - manufacturer = i; - break; - } - } - freebl_cpuid(1,&eax,&ebx,&ecx,&edx); return (edx & SSE2_FLAG) == SSE2_FLAG; } @@ -657,11 +640,12 @@ unsigned long s_mpi_getProcessorLineSize() { unsigned long eax, ebx, ecx, edx; + PRUint32 cpuid[3]; unsigned long cpuidLevel; unsigned long cacheLineSize = 0; int manufacturer = MAN_UNKNOWN; int i; - char string[65]; + char string[13]; #if !defined(AMD_64) if (is386()) { @@ -678,9 +662,10 @@ s_mpi_getProcessorLineSize() * character ASCII string stored in ebx, edx, ecx, and * the 32-bit extended feature flags are in edx, ecx. */ - *(int *)string = ebx; - *(int *)&string[4] = (int)edx; - *(int *)&string[8] = (int)ecx; + cpuid[0] = ebx; + cpuid[1] = ecx; + cpuid[2] = edx; + memcpy(string, cpuid, sizeof(cpuid)); string[12] = 0; manufacturer = MAN_UNKNOWN; diff --git a/security/nss/lib/freebl/mpi/mpi-priv.h b/security/nss/lib/freebl/mpi/mpi-priv.h index e81d0fe0..7a0725f4 100644 --- a/security/nss/lib/freebl/mpi/mpi-priv.h +++ b/security/nss/lib/freebl/mpi/mpi-priv.h @@ -254,8 +254,10 @@ mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, mp_digit *quot, mp_digit *rem); /* c += a * b * (MP_RADIX ** offset); */ +/* Callers of this macro should be aware that the return type might vary; + * it should be treated as a void function. */ #define s_mp_mul_d_add_offset(a, b, c, off) \ -(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY) + s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off) typedef struct { mp_int N; /* modulus N */ diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c index 2a3719b8..43ce83ae 100644 --- a/security/nss/lib/freebl/mpi/mpi.c +++ b/security/nss/lib/freebl/mpi/mpi.c @@ -1095,7 +1095,7 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c) mp_int s, x; mp_err res; mp_digit d; - int dig, bit; + unsigned int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -1470,7 +1470,7 @@ mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c mp_int s, x, mu; mp_err res; mp_digit d; - int dig, bit; + unsigned int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -2004,7 +2004,7 @@ mp_size mp_trailing_zeros(const mp_int *mp) { mp_digit d; mp_size n = 0; - int ix; + unsigned int ix; if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp)) return n; @@ -2916,8 +2916,7 @@ void s_mp_exch(mp_int *a, mp_int *b) mp_err s_mp_lshd(mp_int *mp, mp_size p) { mp_err res; - mp_size pos; - int ix; + unsigned int ix; if(p == 0) return MP_OKAY; @@ -2928,14 +2927,13 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p) if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY) return res; - pos = USED(mp) - 1; - /* Shift all the significant figures over as needed */ - for(ix = pos - p; ix >= 0; ix--) + for (ix = USED(mp) - p; ix-- > 0;) { DIGIT(mp, ix + p) = DIGIT(mp, ix); + } /* Fill the bottom digits with zeroes */ - for(ix = 0; ix < p; ix++) + for(ix = 0; (mp_size)ix < p; ix++) DIGIT(mp, ix) = 0; return MP_OKAY; @@ -3046,7 +3044,7 @@ void s_mp_div_2(mp_int *mp) mp_err s_mp_mul_2(mp_int *mp) { mp_digit *pd; - int ix, used; + unsigned int ix, used; mp_digit kin = 0; /* Shift digits leftward by 1 bit */ @@ -4672,10 +4670,10 @@ mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len) /* }}} */ /* {{{ mp_unsigned_octet_size(mp) */ -int +unsigned int mp_unsigned_octet_size(const mp_int *mp) { - int bytes; + unsigned int bytes; int ix; mp_digit d = 0; @@ -4712,12 +4710,12 @@ mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); + ARGCHK(bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4744,12 +4742,12 @@ mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); + ARGCHK(bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4784,12 +4782,12 @@ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= length, MP_BADARG); + ARGCHK(bytes <= length, MP_BADARG); /* place any needed leading zeros */ for (;length > bytes; --length) { diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h index a556c17e..b1b45d25 100644 --- a/security/nss/lib/freebl/mpi/mpi.h +++ b/security/nss/lib/freebl/mpi/mpi.h @@ -258,7 +258,7 @@ const char *mp_strerror(mp_err ec); /* Octet string conversion functions */ mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len); -int mp_unsigned_octet_size(const mp_int *mp); +unsigned int mp_unsigned_octet_size(const mp_int *mp); mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len); diff --git a/security/nss/lib/freebl/mpi/mplogic.c b/security/nss/lib/freebl/mpi/mplogic.c index dbec7acf..df0aad0e 100644 --- a/security/nss/lib/freebl/mpi/mplogic.c +++ b/security/nss/lib/freebl/mpi/mplogic.c @@ -403,9 +403,9 @@ mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits) returns number of significnant bits in abs(a). returns 1 if value is zero. */ -mp_err mpl_significant_bits(const mp_int *a) +mp_size mpl_significant_bits(const mp_int *a) { - mp_err bits = 0; + mp_size bits = 0; int ix; ARGCHK(a != NULL, MP_BADARG); diff --git a/security/nss/lib/freebl/mpi/mplogic.h b/security/nss/lib/freebl/mpi/mplogic.h index f45fe366..e05374a8 100644 --- a/security/nss/lib/freebl/mpi/mplogic.h +++ b/security/nss/lib/freebl/mpi/mplogic.h @@ -47,6 +47,6 @@ mp_err mpl_parity(mp_int *a); /* determine parity */ mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value); mp_err mpl_get_bit(const mp_int *a, mp_size bitNum); mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits); -mp_err mpl_significant_bits(const mp_int *a); +mp_size mpl_significant_bits(const mp_int *a); #endif /* end _H_MPLOGIC_ */ diff --git a/security/nss/lib/freebl/mpi/mpmontg.c b/security/nss/lib/freebl/mpi/mpmontg.c index d619360a..9667755d 100644 --- a/security/nss/lib/freebl/mpi/mpmontg.c +++ b/security/nss/lib/freebl/mpi/mpmontg.c @@ -47,7 +47,7 @@ mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm) for (i = 0; i < MP_USED(&mmm->N); ++i ) { mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime; /* T += N * m_i * (MP_RADIX ** i); */ - MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) ); + s_mp_mul_d_add_offset(&mmm->N, m_i, T, i); } s_mp_clamp(T); diff --git a/security/nss/lib/freebl/mpi/mpprime.c b/security/nss/lib/freebl/mpi/mpprime.c index f0baf9d2..9b97fb20 100644 --- a/security/nss/lib/freebl/mpi/mpprime.c +++ b/security/nss/lib/freebl/mpi/mpprime.c @@ -394,7 +394,7 @@ mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, { mp_digit np; mp_err res; - int i = 0; + unsigned int i = 0; mp_int trial; mp_int q; mp_size num_tests; diff --git a/security/nss/lib/freebl/nsslowhash.c b/security/nss/lib/freebl/nsslowhash.c index e6a634ae..a9ab5b73 100644 --- a/security/nss/lib/freebl/nsslowhash.c +++ b/security/nss/lib/freebl/nsslowhash.c @@ -285,14 +285,9 @@ static NSSLOWInitContext dummyContext = { 0 }; NSSLOWInitContext * NSSLOW_Init(void) { - SECStatus rv; CK_RV crv; #ifdef FREEBL_NO_DEPEND - PRBool nsprAvailable = PR_FALSE; - - - rv = FREEBL_InitStubs(); - nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE; + (void)FREEBL_InitStubs(); #endif if (post_failed) { diff --git a/security/nss/lib/freebl/pqg.c b/security/nss/lib/freebl/pqg.c index 56cdd20c..f7971557 100644 --- a/security/nss/lib/freebl/pqg.c +++ b/security/nss/lib/freebl/pqg.c @@ -494,7 +494,7 @@ makePrimefromPrimesShaweTaylor( mp_int * q, /* sub prime, can be 1 */ mp_int * prime, /* output. */ SECItem * prime_seed, /* input/output. */ - int * prime_gen_counter) /* input/output. */ + unsigned int *prime_gen_counter) /* input/output. */ { mp_int c; mp_int c0_2; @@ -727,7 +727,7 @@ makePrimefromSeedShaweTaylor( const SECItem * input_seed, /* input. */ mp_int * prime, /* output. */ SECItem * prime_seed, /* output. */ - int * prime_gen_counter) /* output. */ + unsigned int *prime_gen_counter) /* output. */ { mp_int c; mp_int c0; @@ -882,7 +882,7 @@ findQfromSeed( const SECItem * seed, /* input. */ mp_int * Q, /* input. */ mp_int * Q_, /* output. */ - int * qseed_len, /* output */ + unsigned int *qseed_len, /* output */ HASH_HashType *hashtypePtr, /* output. Hash uses */ pqgGenType *typePtr) /* output. Generation Type used */ { @@ -937,7 +937,7 @@ const SECItem * seed, /* input. */ firstseed.len = seed->len/3; for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL; hashtype=getNextHash(hashtype)) { - int count; + unsigned int count; rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_, &qseed, &count); @@ -1229,7 +1229,6 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy) { unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ - unsigned int b; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/ unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ @@ -1309,8 +1308,7 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */ n = (L - 1) / outlen; - /* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */ - b = (L - 1) % outlen; + /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */ seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */ step_5: /* ****************************************************************** @@ -1348,7 +1346,7 @@ step_5: CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) ); } else { /* FIPS186_3_ST_TYPE */ - int qgen_counter, pgen_counter; + unsigned int qgen_counter, pgen_counter; /* Step 1 (L,N) already checked for acceptability */ @@ -1589,7 +1587,7 @@ PQG_VerifyParams(const PQGParams *params, mp_err err = MP_OKAY; int j; unsigned int counter_max = 0; /* handle legacy L < 1024 */ - int qseed_len; + unsigned int qseed_len; SECItem pseed_ = {0, 0, 0}; HASH_HashType hashtype; pqgGenType type; @@ -1682,8 +1680,8 @@ PQG_VerifyParams(const PQGParams *params, if (type == FIPS186_3_ST_TYPE) { SECItem qseed = { 0, 0, 0 }; SECItem pseed = { 0, 0, 0 }; - int first_seed_len; - int pgen_counter = 0; + unsigned int first_seed_len; + unsigned int pgen_counter = 0; /* extract pseed and qseed from domain_parameter_seed, which is * first_seed || pseed || qseed. qseed is first_seed + small_integer diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index 498cc96b..f885acc4 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -248,7 +248,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) PLArenaPool *arena = NULL; /* Require key size to be a multiple of 16 bits. */ if (!publicExponent || keySizeInBits % 16 != 0 || - BAD_RSA_KEY_SIZE(keySizeInBits/8, publicExponent->len)) { + BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits/8, publicExponent->len)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } diff --git a/security/nss/lib/freebl/sha_fast.c b/security/nss/lib/freebl/sha_fast.c index b826cf93..29019495 100644 --- a/security/nss/lib/freebl/sha_fast.c +++ b/security/nss/lib/freebl/sha_fast.c @@ -148,7 +148,6 @@ SHA1_End(SHA1Context *ctx, unsigned char *hashout, { register PRUint64 size; register PRUint32 lenB; - PRUint32 tmpbuf[5]; static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -188,7 +187,6 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout, #if defined(SHA_NEED_TMP_VARIABLE) register PRUint32 tmp; #endif - PRUint32 tmpbuf[5]; PORT_Assert (maxDigestLen >= SHA1_LENGTH); SHA_STORE_RESULT; diff --git a/security/nss/lib/freebl/sha_fast.h b/security/nss/lib/freebl/sha_fast.h index 9d47aba4..256e1900 100644 --- a/security/nss/lib/freebl/sha_fast.h +++ b/security/nss/lib/freebl/sha_fast.h @@ -147,6 +147,7 @@ static __inline__ PRUint32 swap4b(PRUint32 value) SHA_STORE(3); \ SHA_STORE(4); \ } else { \ + PRUint32 tmpbuf[5]; \ tmpbuf[0] = SHA_HTONL(ctx->H[0]); \ tmpbuf[1] = SHA_HTONL(ctx->H[1]); \ tmpbuf[2] = SHA_HTONL(ctx->H[2]); \ diff --git a/security/nss/lib/freebl/stubs.c b/security/nss/lib/freebl/stubs.c index 1de9b497..993d01e1 100644 --- a/security/nss/lib/freebl/stubs.c +++ b/security/nss/lib/freebl/stubs.c @@ -324,7 +324,7 @@ extern PROffset32 PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence) { int *lfd; - int lwhence = SEEK_SET;; + int lwhence = SEEK_SET; STUB_SAFE_CALL3(PR_Seek, fd, offset, whence); lfd = (int *)fd; switch (whence) { @@ -334,6 +334,8 @@ PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence) case PR_SEEK_END: lwhence = SEEK_END; break; + case PR_SEEK_SET: + break; } return lseek(*lfd, offset, lwhence); diff --git a/security/nss/lib/jar/jarfile.c b/security/nss/lib/jar/jarfile.c index a604f19c..3346dbec 100644 --- a/security/nss/lib/jar/jarfile.c +++ b/security/nss/lib/jar/jarfile.c @@ -36,11 +36,12 @@ jar_inflate_memory(unsigned int method, long *length, long expected_out_len, char **data); static int -jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length); +jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length); static int -jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, - unsigned int method); +jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length, unsigned int method); static int jar_verify_extract(JAR *jar, char *path, char *physical_path); @@ -74,6 +75,10 @@ static int dostime(char *time, const char *s); #ifdef NSS_X86_OR_X64 +/* The following macros throw up warnings. */ +#ifdef __GNUC__ +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif #define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii))) #define x86LongToUint32(ii) (*(const PRUint32 *)(ii)) #else @@ -241,7 +246,8 @@ JAR_extract(JAR *jar, char *path, char *outpath) #define CHUNK 32768 static int -jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) +jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length) { JAR_FILE out; char *buffer = (char *)PORT_ZAlloc(CHUNK); @@ -251,7 +257,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) return JAR_ERR_MEMORY; if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - long at = 0; + unsigned long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { @@ -289,7 +295,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) #define OCHUNK 32768 static int -jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, +jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned long length, unsigned int method) { char *inbuf, *outbuf; @@ -315,11 +321,11 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, } if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - long at = 0; + unsigned long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { - long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; + unsigned long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; unsigned long tin; if (JAR_FREAD (fp, inbuf, chunk) != chunk) { @@ -353,7 +359,7 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, return JAR_ERR_CORRUPT; } ochunk = zs.total_out - prev_total; - if (JAR_FWRITE (out, outbuf, ochunk) < ochunk) { + if (JAR_FWRITE (out, outbuf, ochunk) < (long)ochunk) { /* most likely a disk full error */ status = JAR_ERR_DISK; break; @@ -820,8 +826,7 @@ jar_listtar(JAR *jar, JAR_FILE fp) char *s; JAR_Physical *phy; long pos = 0L; - long sz, mode; - time_t when; + long sz; union TarEntry tarball; while (1) { @@ -833,9 +838,7 @@ jar_listtar(JAR *jar, JAR_FILE fp) if (!*tarball.val.filename) break; - when = octalToLong (tarball.val.time); sz = octalToLong (tarball.val.size); - mode = octalToLong (tarball.val.mode); /* Tag the end of filename */ s = tarball.val.filename; diff --git a/security/nss/lib/jar/jarsign.c b/security/nss/lib/jar/jarsign.c index 9d05d9b5..f0299b1c 100644 --- a/security/nss/lib/jar/jarsign.c +++ b/security/nss/lib/jar/jarsign.c @@ -171,7 +171,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, { SEC_PKCS7ContentInfo *cinfo; const SECHashObject *hashObj; - char *errstring; void *mw = NULL; void *hashcx; unsigned int len; @@ -231,7 +230,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, status = PORT_GetError(); SEC_PKCS7DestroyContentInfo (cinfo); if (rv != SECSuccess) { - errstring = JAR_get_error (status); return ((status < 0) ? status : JAR_ERR_GENERAL); } return 0; diff --git a/security/nss/lib/libpkix/include/pkix_certstore.h b/security/nss/lib/libpkix/include/pkix_certstore.h index 2feb3334..fb705644 100644 --- a/security/nss/lib/libpkix/include/pkix_certstore.h +++ b/security/nss/lib/libpkix/include/pkix_certstore.h @@ -10,6 +10,7 @@ #define _PKIX_CERTSTORE_H #include "pkixt.h" +#include "certt.h" #ifdef __cplusplus extern "C" { @@ -327,7 +328,7 @@ typedef PKIX_Error * PKIX_PL_Cert *issuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, PKIX_RevocationStatus *revStatus, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c index c77ac8ef..d6f5b6bc 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c @@ -195,7 +195,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void *plContext) { PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn; @@ -294,7 +294,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h index d7213aad..35f1a474 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h @@ -31,7 +31,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); PKIX_Error * @@ -43,7 +43,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c index 481aa52b..b6fca9a3 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c @@ -147,7 +147,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void *plContext) { PKIX_PL_OcspCertID *cid = NULL; @@ -222,7 +222,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h index 547b403b..fbec315f 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h @@ -30,7 +30,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); PKIX_Error * @@ -42,7 +42,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c index ebe37739..7bed9b88 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c @@ -349,7 +349,7 @@ PKIX_RevocationChecker_Check( * first we are going to test all local(cached) info * second, all remote info(fetching) */ for (tries = 0;tries < 2;tries++) { - int methodNum = 0; + unsigned int methodNum = 0; for (;methodNum < revList->length;methodNum++) { PKIX_UInt32 methodFlags = 0; @@ -372,7 +372,8 @@ PKIX_RevocationChecker_Check( methodFlags, chainVerificationState, &revStatus, - pReasonCode, plContext), + (CERTCRLEntryReasonCode *)pReasonCode, + plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; if (revStatus == PKIX_RevStatus_Revoked) { @@ -397,7 +398,8 @@ PKIX_RevocationChecker_Check( (*method->externalRevChecker)(cert, issuer, date, method, procParams, methodFlags, - &revStatus, pReasonCode, + &revStatus, + (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h index 80d9eeaa..20dfe377 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h @@ -12,6 +12,7 @@ #define _PKIX_REVOCATIONCHECKER_H #include "pkixt.h" +#include "certt.h" #ifdef __cplusplus extern "C" { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h index 19322373..a97c7620 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h @@ -31,7 +31,7 @@ pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); /* External revocation check function prototype definition. @@ -44,7 +44,7 @@ pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); /* Revocation method structure assosiates revocation types with diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c index 9967af9b..e9a9c03d 100644 --- a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c +++ b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c @@ -190,7 +190,7 @@ pkix_CRLSelector_Hashcode( PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + + hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) + (contextHash << 3)) + paramsHash; *pHashcode = hash; diff --git a/security/nss/lib/libpkix/pkix/results/pkix_policynode.c b/security/nss/lib/libpkix/pkix/results/pkix_policynode.c index 91d8a74b..fd8cee98 100644 --- a/security/nss/lib/libpkix/pkix/results/pkix_policynode.c +++ b/security/nss/lib/libpkix/pkix/results/pkix_policynode.c @@ -824,7 +824,7 @@ pkix_PolicyNode_Hashcode( (node, &nodeHash, plContext), PKIX_SINGLEPOLICYNODEHASHCODEFAILED); - nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent); + nodeHash = 31*nodeHash + (PKIX_UInt32)((char *)node->parent - (char *)NULL); PKIX_HASHCODE (node->children, diff --git a/security/nss/lib/libpkix/pkix/store/pkix_store.c b/security/nss/lib/libpkix/pkix/store/pkix_store.c index 31c21ea1..af8be2bb 100644 --- a/security/nss/lib/libpkix/pkix/store/pkix_store.c +++ b/security/nss/lib/libpkix/pkix/store/pkix_store.c @@ -74,11 +74,11 @@ pkix_CertStore_Hashcode( PKIX_CERTSTOREHASHCODEFAILED); } - *pHashcode = (PKIX_UInt32) certStore->certCallback + - (PKIX_UInt32) certStore->crlCallback + - (PKIX_UInt32) certStore->certContinue + - (PKIX_UInt32) certStore->crlContinue + - (PKIX_UInt32) certStore->trustCallback + + *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) + (tempHash << 7); cleanup: diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index 9ca307e4..94515785 100644 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -1526,7 +1526,7 @@ pkix_Build_SelectCertsFromTrustAnchors( PKIX_List **pMatchList, void *plContext) { - int anchorIndex = 0; + unsigned int anchorIndex = 0; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_List *matchList = NULL; diff --git a/security/nss/lib/libpkix/pkix/util/pkix_error.c b/security/nss/lib/libpkix/pkix/util/pkix_error.c index e6fba866..9d730ca1 100644 --- a/security/nss/lib/libpkix/pkix/util/pkix_error.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_error.c @@ -325,7 +325,7 @@ pkix_Error_Hashcode( /* XXX Unimplemented */ /* XXX Need to make hashcodes equal when two errors are equal */ - *pResult = (PKIX_UInt32)object; + *pResult = (PKIX_UInt32)((char *)object - (char *)NULL); PKIX_RETURN(ERROR); } diff --git a/security/nss/lib/libpkix/pkix/util/pkix_logger.c b/security/nss/lib/libpkix/pkix/util/pkix_logger.c index cfd870de..a916e6e4 100644 --- a/security/nss/lib/libpkix/pkix/util/pkix_logger.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_logger.c @@ -492,7 +492,7 @@ pkix_Logger_Hashcode( PKIX_HASHCODE(logger->context, &tempHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) + + hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) + logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent; *pHashcode = hash; diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.h b/security/nss/lib/libpkix/pkix/util/pkix_tools.h index fe6ce634..1a4689da 100644 --- a/security/nss/lib/libpkix/pkix/util/pkix_tools.h +++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.h @@ -1437,8 +1437,8 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key); typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry; struct pkix_ClassTable_EntryStruct { char *description; - PKIX_Int32 objCounter; - PKIX_Int32 typeObjectSize; + PKIX_UInt32 objCounter; + PKIX_UInt32 typeObjectSize; PKIX_PL_DestructorCallback destructor; PKIX_PL_EqualsCallback equalsFunction; PKIX_PL_HashcodeCallback hashcodeFunction; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c index d459a4a7..9954f0ca 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c @@ -265,7 +265,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( contentLength = /* Try to reserve 4K+ buffer */ client->filledupBytes + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && - contentLength > client->maxResponseLen) { + contentLength > (PKIX_Int32)client->maxResponseLen) { if (client->filledupBytes < client->maxResponseLen) { contentLength = client->maxResponseLen; } else { @@ -282,7 +282,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( default: client->rcv_http_data_len = contentLength; if (client->maxResponseLen > 0 && - client->maxResponseLen < contentLength) { + (PKIX_Int32)client->maxResponseLen < contentLength) { client->connectStatus = HTTP_ERROR; goto cleanup; } @@ -290,7 +290,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( /* * Do we have all of the message body, or do we need to read some more? */ - if (client->filledupBytes < contentLength) { + if ((PKIX_Int32)client->filledupBytes < contentLength) { client->connectStatus = HTTP_RECV_BODY; *pKeepGoing = PKIX_TRUE; } else { @@ -935,7 +935,7 @@ pkix_pl_HttpDefaultClient_RecvBody( * plus remaining capacity, plus new expansion. */ int currBuffSize = client->capacity; /* Try to increase the buffer by 4K */ - int newLength = currBuffSize + HTTP_DATA_BUFSIZE; + unsigned int newLength = currBuffSize + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && newLength > client->maxResponseLen) { newLength = client->maxResponseLen; @@ -1480,8 +1480,6 @@ pkix_pl_HttpDefaultClient_Cancel( SEC_HTTP_REQUEST_SESSION request, void *plContext) { - PKIX_PL_HttpDefaultClient *client = NULL; - PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel"); PKIX_NULLCHECK_ONE(request); @@ -1491,8 +1489,6 @@ pkix_pl_HttpDefaultClient_Cancel( plContext), PKIX_REQUESTNOTANHTTPDEFAULTCLIENT); - client = (PKIX_PL_HttpDefaultClient *)request; - /* XXX Not implemented */ cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c index 51ffce97..4546e339 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c @@ -263,16 +263,12 @@ pkix_pl_LdapRequest_Destroy( PKIX_PL_Object *object, void *plContext) { - PKIX_PL_LdapRequest *ldapRq = NULL; - PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy"); PKIX_NULLCHECK_ONE(object); PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext), PKIX_OBJECTNOTLDAPREQUEST); - ldapRq = (PKIX_PL_LdapRequest *)object; - /* * All dynamic fields in an LDAPRequest are allocated * in an arena, and will be freed when the arena is destroyed. diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c index 078862c8..7de614ea 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c @@ -379,14 +379,12 @@ NameCacheHasFetchedCrlInfo(PKIX_PL_Cert *pkixCert, PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE; PKIX_List *dpList = NULL; pkix_pl_CrlDp *dp = NULL; - CERTCertificate *cert; PKIX_UInt32 dpIndex = 0; SECStatus rv = SECSuccess; PRTime reloadDelay = 0, badCrlInvalDelay = 0; PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl"); - cert = pkixCert->nssCert; reloadDelay = ((PKIX_PL_NssContext*)plContext)->crlReloadDelay * PR_USEC_PER_SEC; @@ -480,7 +478,7 @@ pkix_pl_Pk11CertStore_CheckRevByCrl( PKIX_PL_Cert *pkixIssuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, PKIX_RevocationStatus *pStatus, void *plContext) { @@ -675,7 +673,7 @@ RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date, { NamedCRLCache* nameCrlCache = NULL; pkix_pl_CrlDp *dp = NULL; - int dpIndex = 0; + unsigned int dpIndex = 0; PRTime time; PRTime reloadDelay = 0, badCrlInvalDelay = 0; SECStatus rv; @@ -779,7 +777,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, SECItem *derCrlCopy = NULL; CERTSignedCrl *nssCrl = NULL; CERTGeneralName *genName = NULL; - PKIX_Int32 savedError = -1; SECItem **derGenNames = NULL; SECItem *derGenName = NULL; @@ -799,13 +796,11 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (!derGenName || !genName->name.other.data) { /* get to next name if no data. */ - savedError = PKIX_UNSUPPORTEDCRLDPTYPE; break; } uri = &genName->name.other; location = (char*)PR_Malloc(1 + uri->len); if (!location) { - savedError = PKIX_ALLOCERROR; break; } PORT_Memcpy(location, uri->data, uri->len); @@ -813,7 +808,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (CERT_ParseURL(location, &hostname, &port, &path) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); - savedError = PKIX_URLPARSINGFAILED; break; } @@ -823,7 +817,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if ((*hcv1->createSessionFcn)(hostname, port, &pServerSession) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); - savedError = PKIX_URLPARSINGFAILED; break; } @@ -835,7 +828,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, PR_SecondsToInterval( ((PKIX_PL_NssContext*)plContext)->timeoutSeconds), &pRequestSession) != SECSuccess) { - savedError = PKIX_HTTPSERVERERROR; break; } @@ -858,12 +850,10 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, NULL, &myHttpResponseData, &myHttpResponseDataLen) != SECSuccess) { - savedError = PKIX_HTTPSERVERERROR; break; } if (myHttpResponseCode != 200) { - savedError = PKIX_HTTPSERVERERROR; break; } } while(0); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c index 2afd680c..6bd0a3a0 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c @@ -62,7 +62,12 @@ static PKIX_Boolean socketTraceFlag = PKIX_FALSE; static void pkix_pl_socket_timestamp() { PRInt64 prTime; prTime = PR_Now(); +/* We shouldn't use PR_ALTERNATE_INT64_TYPEDEF, but nor can we use PRId64 */ +#if PR_BYTES_PER_LONG == 8 && !defined(PR_ALTERNATE_INT64_TYPEDEF) + printf("%ld:\n", prTime); +#else printf("%lld:\n", prTime); +#endif } /* @@ -140,7 +145,7 @@ static void pkix_pl_socket_linePrefix(PKIX_UInt32 addr) { */ static void pkix_pl_socket_traceLine(char *ptr) { PKIX_UInt32 i = 0; - pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); for (i = 0; i < 16; i++) { printf(" "); pkix_pl_socket_hexDigit(ptr[i]); @@ -184,7 +189,7 @@ static void pkix_pl_socket_traceLine(char *ptr) { static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) { PKIX_UInt32 i = 0; if (nBytes > 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); } for (i = 0; i < nBytes; i++) { printf(" "); @@ -243,7 +248,7 @@ void pkix_pl_socket_tracebuff(void *buf, PKIX_UInt32 nBytes) { * Special case: if called with length of zero, just do address */ if (nBytes == 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)buf); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)buf - (char *)NULL)); printf("\n"); } else { while (bytesRemaining >= 16) { diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index 2036f5c9..fa8f1851 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -1515,7 +1515,6 @@ PKIX_PL_Cert_Create( SECItem *derCertItem = NULL; void *derBytes = NULL; PKIX_UInt32 derLength; - PKIX_Boolean copyDER; PKIX_PL_Cert *cert = NULL; CERTCertDBHandle *handle; @@ -1542,7 +1541,6 @@ PKIX_PL_Cert_Create( * allowing us to free our copy without worrying about whether NSS * is still using it */ - copyDER = PKIX_TRUE; handle = CERT_GetDefaultCertDB(); nssCert = CERT_NewTempCertificate(handle, derCertItem, /* nickname */ NULL, diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c index 0f6d7833..b83db357 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c @@ -351,7 +351,7 @@ pkix_pl_CRL_ToString_Helper( void *plContext) { char *asciiFormat = NULL; - PKIX_UInt32 crlVersion; + PKIX_UInt32 crlVersion = 0; PKIX_PL_X500Name *crlIssuer = NULL; PKIX_PL_OID *nssSignatureAlgId = NULL; PKIX_PL_BigInt *crlNumber = NULL; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c index 6bc74b61..338eb1c0 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c @@ -73,7 +73,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable) PKIX_UInt32 pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable) { - int typeCounter = 0; + unsigned int typeCounter = 0; PKIX_UInt32 numObjects = 0; char classNameBuff[128]; char *className = NULL; @@ -245,7 +245,9 @@ cleanup: PKIX_Error * PKIX_PL_Shutdown(void *plContext) { +#ifdef DEBUG PKIX_UInt32 numLeakedObjects = 0; +#endif PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown"); @@ -258,10 +260,14 @@ PKIX_PL_Shutdown(void *plContext) pkix_pl_HttpCertStore_Shutdown(plContext); +#ifdef DEBUG numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL); if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { PORT_Assert(numLeakedObjects == 0); } +#else + pkix_pl_lifecycle_ObjectLeakCheck(NULL); +#endif if (plContext != NULL) { PKIX_PL_NssContext_Destroy(plContext); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c index 881a1ed5..9a33fd5e 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c @@ -371,7 +371,7 @@ pkix_pl_Object_Hashcode_Default( PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default"); PKIX_NULLCHECK_TWO(object, pValue); - *pValue = (PKIX_UInt32)object; + *pValue = (PKIX_UInt32)((char *)object - (char *)NULL); PKIX_RETURN(OBJECT); } diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index fdc8a8a1..fbabaa09 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1070,9 +1070,15 @@ SEC_GetCrlTimes; ;+ local: ;+ *; ;+}; -;+NSS_3.18.1 { # NSS 3.18.1 release +;+NSS_3.19 { # NSS 3.19 release ;+ global: CERT_GetImposedNameConstraints; ;+ local: ;+ *; ;+}; +;+NSS_3.19.1 { # NSS 3.19.1 release +;+ global: +SECKEY_BigIntegerBitLength; +;+ local: +;+ *; +;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 6bac8320..8caafa53 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -33,9 +33,9 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.18.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED +#define NSS_VERSION "3.20.0.1" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 18 +#define NSS_VMINOR 20 #define NSS_VPATCH 0 #define NSS_VBUILD 1 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index 6218a7e9..b22f9151 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -491,10 +491,6 @@ struct NSSInitContextStr { #define NSS_INIT_MAGIC 0x1413A91C static SECStatus nss_InitShutdownList(void); -#ifdef DEBUG -static CERTCertificate dummyCert; -#endif - /* All initialized to zero in BSS */ static PRCallOnceType nssInitOnce; static PZLock *nssInitLock; @@ -571,8 +567,11 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, * functions */ if (!isReallyInitted) { +#ifdef DEBUG + CERTCertificate dummyCert; /* New option bits must not change the size of CERTCertificate. */ PORT_Assert(sizeof(dummyCert.options) == sizeof(void *)); +#endif if (SECSuccess != cert_InitLocks()) { goto loser; @@ -1230,8 +1229,7 @@ NSS_IsInitialized(void) } -extern const char __nss_base_rcsid[]; -extern const char __nss_base_sccsid[]; +extern const char __nss_base_version[]; PRBool NSS_VersionCheck(const char *importedVersion) @@ -1247,9 +1245,8 @@ NSS_VersionCheck(const char *importedVersion) */ int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0; const char *ptr = importedVersion; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_base_rcsid[0] + __nss_base_sccsid[0]; +#define NSS_VERSION_VARIABLE __nss_base_version +#include "verref.h" while (isdigit(*ptr)) { vmajor = 10 * vmajor + *ptr - '0'; diff --git a/security/nss/lib/nss/nssver.c b/security/nss/lib/nss/nssver.c index e2aa0cec..653ebec6 100644 --- a/security/nss/lib/nss/nssver.c +++ b/security/nss/lib/nss/nssver.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_base_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_base_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_base_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 1bf8a7f5..dbf6b961 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -143,6 +143,8 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert, PK11_SETATTRS(&theTemplate,0,NULL,0); switch (pubKey->keyType) { case rsaKey: + case rsaPssKey: + case rsaOaepKey: PK11_SETATTRS(&theTemplate,CKA_MODULUS, pubKey->u.rsa.modulus.data, pubKey->u.rsa.modulus.len); break; @@ -228,7 +230,6 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, nssPKIObject *pkio; NSSToken *token; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); - PRStatus status; /* Get the cryptoki object from the handle */ token = PK11Slot_GetNSSToken(slot); @@ -278,7 +279,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, * different NSSCertificate that it found in the cache. * Presumably, the nickname which we just output above remains valid. :) */ - status = nssTrustDomain_AddCertsToCache(td, &c, 1); + (void)nssTrustDomain_AddCertsToCache(td, &c, 1); return STAN_GetCERTCertificateOrRelease(c); } @@ -2005,7 +2006,6 @@ SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, SECStatus(* callback)(CERTCertificate*, void *), void *arg) { - struct nss3_cert_cbstr pk11cb; PRStatus nssrv = PR_SUCCESS; NSSToken *token; NSSTrustDomain *td; @@ -2016,8 +2016,6 @@ PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, NSSCertificate **certs; nssList *nameList = NULL; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - pk11cb.callback = callback; - pk11cb.arg = arg; token = PK11Slot_GetNSSToken(slot); if (!nssToken_IsPresent(token)) { return SECSuccess; @@ -2700,7 +2698,8 @@ __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) { /* Can't set nickname of temp cert. */ if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { - return SEC_ERROR_INVALID_ARGS; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); } diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c index 6700180a..e3ba1226 100644 --- a/security/nss/lib/pk11wrap/pk11load.c +++ b/security/nss/lib/pk11wrap/pk11load.c @@ -589,8 +589,12 @@ SECMOD_UnloadModule(SECMODModule *mod) { if (softokenLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { +#ifdef DEBUG PRStatus status = PR_UnloadLibrary(softokenLib); PORT_Assert(PR_SUCCESS == status); +#else + PR_UnloadLibrary(softokenLib); +#endif } softokenLib = NULL; } diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c index ad9b1fda..187e2e1f 100644 --- a/security/nss/lib/pk11wrap/pk11merge.c +++ b/security/nss/lib/pk11wrap/pk11merge.c @@ -750,8 +750,7 @@ pk11_mergeCert(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, CK_ATTRIBUTE sourceCKAID = {CKA_ID, NULL, 0}; CK_ATTRIBUTE targetCKAID = {CKA_ID, NULL, 0}; SECStatus lrv = SECSuccess; - int error; - + int error = SEC_ERROR_LIBRARY_FAILURE; sourceCert = PK11_MakeCertFromHandle(sourceSlot, id, NULL); if (sourceCert == NULL) { diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index 70802948..e09d2276 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -1781,7 +1781,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]); /* if you change the array, change the variable below as well */ CK_OBJECT_HANDLE peerID; - CK_OBJECT_HANDLE parent; PLArenaPool *arena; CK_RV crv; @@ -1810,7 +1809,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, /* * issue the find */ - parent = *(CK_OBJECT_CLASS *)(keyclass->pValue); *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass; peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize); diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index 471e57b3..2152a41e 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -422,7 +422,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk, void *wincx) { - CK_KEY_TYPE keyType = CKK_RSA; SECStatus rv = SECFailure; SECKEYRawPrivateKey *lpk = NULL; const SEC_ASN1Template *keyTemplate, *paramTemplate; @@ -449,7 +448,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = rsaKey; - keyType = CKK_RSA; break; case SEC_OID_ANSIX9_DSA_SIGNATURE: prepare_dsa_priv_key_export_for_asn1(lpk); @@ -457,7 +455,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = SECKEY_PQGParamsTemplate; paramDest = &(lpk->u.dsa.params); lpk->keyType = dsaKey; - keyType = CKK_DSA; break; case SEC_OID_X942_DIFFIE_HELMAN_KEY: if(!publicValue) { @@ -468,7 +465,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = dhKey; - keyType = CKK_DH; break; default: diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 4c5b9f16..20d9eaad 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -1821,6 +1821,8 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, switch (privKey->keyType) { case rsaKey: + case rsaPssKey: + case rsaOaepKey: case nullKey: PORT_SetError(SEC_ERROR_BAD_KEY); break; diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 1f6597b5..044956fe 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -555,10 +555,10 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName, break; } if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) && - ( (!tokenName) || (tmpSlot->token_name && - (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) && - ( (!slotName) || (tmpSlot->slot_name && - (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) { + ( (!tokenName) || + (0==PORT_Strcmp(tmpSlot->token_name, tokenName)) ) && + ( (!slotName) || + (0==PORT_Strcmp(tmpSlot->slot_name, slotName)) ) ) { if (tmpSlot) { PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE); slotcount++; @@ -1105,7 +1105,6 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) { CK_TOKEN_INFO tokenInfo; CK_RV crv; - char *tmp; SECStatus rv; PRStatus status; @@ -1139,8 +1138,8 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) if (slot->isActiveCard) { slot->protectedAuthPath = PR_FALSE; } - tmp = PK11_MakeString(NULL,slot->token_name, - (char *)tokenInfo.label, sizeof(tokenInfo.label)); + (void)PK11_MakeString(NULL,slot->token_name, + (char *)tokenInfo.label, sizeof(tokenInfo.label)); slot->minPassword = tokenInfo.ulMinPinLen; slot->maxPassword = tokenInfo.ulMaxPinLen; PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial)); @@ -1349,7 +1348,6 @@ void PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) { SECStatus rv; - char *tmp; CK_SLOT_INFO slotInfo; slot->functionList = mod->functionList; @@ -1371,7 +1369,7 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) * works because modules keep implicit references * from their slots, and won't unload and disappear * until all their slots have been freed */ - tmp = PK11_MakeString(NULL,slot->slot_name, + (void)PK11_MakeString(NULL,slot->slot_name, (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); #define ACTIVE_CARD "ActivCard SA" @@ -2052,7 +2050,7 @@ PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type, PK11SlotInfo *slot = NULL; PRBool freeit = PR_FALSE; PRBool listNeedLogin = PR_FALSE; - int i; + unsigned int i; SECStatus rv; list = PK11_GetSlotList(type[0]); diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index 6a3a38c9..51bf0f7f 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -2810,7 +2810,7 @@ SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, return SECFailure; } - for (i = 0; safeBag = p12dcx->safeBags[i]; i++) { + for (i = 0; (safeBag = p12dcx->safeBags[i]); i++) { SECItem *newNickname = NULL; SECItem *defaultNickname = NULL; SECStatus rename_rv; diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 5584407f..76693849 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -695,7 +695,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, void *bagData) { sec_PKCS12SafeBag *safeBag; - PRBool setName = PR_TRUE; void *mark = NULL; SECStatus rv = SECSuccess; SECOidData *oidData = NULL; @@ -740,7 +739,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID: safeBag->safeBagContent.safeContents = (sec_PKCS12SafeContents *)bagData; - setName = PR_FALSE; break; default: goto loser; @@ -1532,8 +1530,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) * it is confirmed that integrity must be in place */ if(p12exp->integrityEnabled && !p12exp->pwdIntegrity) { - SECStatus rv; - /* create public key integrity mode */ p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData( p12exp->integrityInfo.pubkeyInfo.cert, @@ -1549,8 +1545,7 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) if(SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo,NULL) != SECSuccess) { goto loser; } - rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo)); } else { p12enc->aSafeCinfo = SEC_PKCS7CreateData(); diff --git a/security/nss/lib/pkcs7/p7decode.c b/security/nss/lib/pkcs7/p7decode.c index 80689544..7a52d820 100644 --- a/security/nss/lib/pkcs7/p7decode.c +++ b/security/nss/lib/pkcs7/p7decode.c @@ -1290,7 +1290,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, const SECItem *digest; SECItem **digests; SECItem **rawcerts; - CERTSignedCrl **crls; SEC_PKCS7SignerInfo **signerinfos, *signerinfo; CERTCertificate *cert, **certs; PRBool goodsig; @@ -1340,7 +1339,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = sdp->digestAlgorithms; digests = sdp->digests; rawcerts = sdp->rawCerts; - crls = sdp->crls; signerinfos = sdp->signerInfos; content_type = &(sdp->contentInfo.contentType); sigkey = NULL; @@ -1355,7 +1353,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = saedp->digestAlgorithms; digests = saedp->digests; rawcerts = saedp->rawCerts; - crls = saedp->crls; signerinfos = saedp->signerInfos; content_type = &(saedp->encContentInfo.contentType); sigkey = saedp->sigKey; diff --git a/security/nss/lib/pkcs7/p7encode.c b/security/nss/lib/pkcs7/p7encode.c index 99b68ee5..349bc846 100644 --- a/security/nss/lib/pkcs7/p7encode.c +++ b/security/nss/lib/pkcs7/p7encode.c @@ -59,13 +59,10 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, SECKEYPublicKey *publickey = NULL; SECKEYPrivateKey *ourPrivKey = NULL; PK11SymKey *bulkkey; - void *mark, *wincx; + void *mark; int i; PLArenaPool *arena = NULL; - /* Get the context in case we need it below. */ - wincx = cinfo->pwfn_arg; - kind = SEC_PKCS7ContentType (cinfo); switch (kind) { default: diff --git a/security/nss/lib/pkcs7/p7local.c b/security/nss/lib/pkcs7/p7local.c index 6a7af1f8..8c5e0bfa 100644 --- a/security/nss/lib/pkcs7/p7local.c +++ b/security/nss/lib/pkcs7/p7local.c @@ -397,7 +397,7 @@ sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - int blocks, bsize, pcount, padsize; + unsigned int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/security/nss/lib/pki/certificate.c b/security/nss/lib/pki/certificate.c index ed6145a5..fdf147c9 100644 --- a/security/nss/lib/pki/certificate.c +++ b/security/nss/lib/pki/certificate.c @@ -895,7 +895,6 @@ nssCertificateList_DoCallback ( { nssListIterator *certs; NSSCertificate *cert; - PRStatus nssrv; certs = nssList_CreateIterator(certList); if (!certs) { return PR_FAILURE; @@ -904,7 +903,7 @@ nssCertificateList_DoCallback ( cert != (NSSCertificate *)NULL; cert = (NSSCertificate *)nssListIterator_Next(certs)) { - nssrv = (*callback)(cert, arg); + (void)(*callback)(cert, arg); } nssListIterator_Finish(certs); nssListIterator_Destroy(certs); diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 953d7380..a415ace4 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -1272,7 +1272,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) { int numNotDestroyed = 0; /* the ones skipped plus the failures */ int failureCount = 0; /* actual deletion failures by devices */ - int index; + unsigned int index; nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); @@ -1327,7 +1327,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) /* caller made sure nssTrust isn't NULL */ nssPKIObject *tobject = &nssTrust->object; nssPKIObject *cobject = &c->object; - int i; + unsigned int i; /* Iterate through the cert and trust object instances looking for * those with matching pk11 slots to delete. Even if some device diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index 083b9b66..c86e5bb4 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -903,7 +903,6 @@ nssPKIObjectCollection_Traverse ( nssPKIObjectCallback *callback ) { - PRStatus status; PRCList *link = PR_NEXT_LINK(&collection->head); pkiObjectCollectionNode *node; while (link != &collection->head) { @@ -920,19 +919,19 @@ nssPKIObjectCollection_Traverse ( } switch (collection->objectType) { case pkiObjectType_Certificate: - status = (*callback->func.cert)((NSSCertificate *)node->object, + (void)(*callback->func.cert)((NSSCertificate *)node->object, callback->arg); break; case pkiObjectType_CRL: - status = (*callback->func.crl)((NSSCRL *)node->object, + (void)(*callback->func.crl)((NSSCRL *)node->object, callback->arg); break; case pkiObjectType_PrivateKey: - status = (*callback->func.pvkey)((NSSPrivateKey *)node->object, + (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object, callback->arg); break; case pkiObjectType_PublicKey: - status = (*callback->func.pbkey)((NSSPublicKey *)node->object, + (void)(*callback->func.pbkey)((NSSPublicKey *)node->object, callback->arg); break; } @@ -1057,7 +1056,6 @@ nssCertificateCollection_Create ( NSSCertificate **certsOpt ) { - PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor); collection->objectType = pkiObjectType_Certificate; @@ -1068,7 +1066,7 @@ nssCertificateCollection_Create ( if (certsOpt) { for (; *certsOpt; certsOpt++) { nssPKIObject *object = (nssPKIObject *)(*certsOpt); - status = nssPKIObjectCollection_AddObject(collection, object); + (void)nssPKIObjectCollection_AddObject(collection, object); } } return collection; @@ -1164,7 +1162,6 @@ nssCRLCollection_Create ( NSSCRL **crlsOpt ) { - PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock); collection->objectType = pkiObjectType_CRL; @@ -1175,7 +1172,7 @@ nssCRLCollection_Create ( if (crlsOpt) { for (; *crlsOpt; crlsOpt++) { nssPKIObject *object = (nssPKIObject *)(*crlsOpt); - status = nssPKIObjectCollection_AddObject(collection, object); + (void)nssPKIObjectCollection_AddObject(collection, object); } } return collection; diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c index 7842189c..5f9dfdd5 100644 --- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -329,7 +329,7 @@ nssTrustDomain_RemoveCertFromCacheLOCKED ( nssList *subjectList; cache_entry *ce; NSSArena *arena; - NSSUTF8 *nickname; + NSSUTF8 *nickname = NULL; #ifdef DEBUG_CACHE log_cert_ref("attempt to remove cert", cert); @@ -776,14 +776,18 @@ add_cert_to_cache ( added++; /* If a new subject entry was created, also need nickname and/or email */ if (subjectList != NULL) { +#ifdef nodef PRBool handle = PR_FALSE; +#endif if (certNickname) { nssrv = add_nickname_entry(arena, td->cache, certNickname, subjectList); if (nssrv != PR_SUCCESS) { goto loser; } +#ifdef nodef handle = PR_TRUE; +#endif added++; } if (cert->email) { @@ -791,7 +795,9 @@ add_cert_to_cache ( if (nssrv != PR_SUCCESS) { goto loser; } +#ifdef nodef handle = PR_TRUE; +#endif added += 2; } #ifdef nodef diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index a3d26a88..90e8f268 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -991,7 +991,6 @@ NSSTrustDomain_TraverseCertificates ( void *arg ) { - PRStatus status = PR_FAILURE; NSSToken *token = NULL; NSSSlot **slots = NULL; NSSSlot **slotp; @@ -1028,7 +1027,7 @@ NSSTrustDomain_TraverseCertificates ( session = nssTrustDomain_GetSessionForToken(td, token); if (session) { /* perform the traversal */ - status = nssToken_TraverseCertificates(token, + (void)nssToken_TraverseCertificates(token, session, tokenOnly, collector, @@ -1041,7 +1040,7 @@ NSSTrustDomain_TraverseCertificates ( /* Traverse the collection */ pkiCallback.func.cert = callback; pkiCallback.arg = arg; - status = nssPKIObjectCollection_Traverse(collection, &pkiCallback); + (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback); loser: if (slots) { nssSlotArray_Destroy(slots); diff --git a/security/nss/lib/smime/cmsasn1.c b/security/nss/lib/smime/cmsasn1.c index 4519363b..b09a2e18 100644 --- a/security/nss/lib/smime/cmsasn1.c +++ b/security/nss/lib/smime/cmsasn1.c @@ -51,10 +51,6 @@ const SEC_ASN1Template NSSCMSMessageTemplate[] = { { 0 } }; -static const SEC_ASN1Template NSS_PointerToCMSMessageTemplate[] = { - { SEC_ASN1_POINTER, 0, NSSCMSMessageTemplate } -}; - /* ----------------------------------------------------------------------------- * ENCAPSULATED & ENCRYPTED CONTENTINFO * (both use a NSSCMSContentInfo) diff --git a/security/nss/lib/smime/cmscipher.c b/security/nss/lib/smime/cmscipher.c index 16d64361..958d4e47 100644 --- a/security/nss/lib/smime/cmscipher.c +++ b/security/nss/lib/smime/cmscipher.c @@ -366,7 +366,7 @@ NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - int blocks, bsize, pcount, padsize; + unsigned int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/security/nss/lib/smime/cmsencode.c b/security/nss/lib/smime/cmsencode.c index 651f0865..3025740b 100644 --- a/security/nss/lib/smime/cmsencode.c +++ b/security/nss/lib/smime/cmsencode.c @@ -122,7 +122,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) NSSCMSEncoderContext *p7ecx; NSSCMSContentInfo *rootcinfo, *cinfo; PRBool after = !before; - PLArenaPool *poolp; SECOidTag childtype; SECItem *item; @@ -130,7 +129,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) PORT_Assert(p7ecx != NULL); rootcinfo = &(p7ecx->cmsg->contentInfo); - poolp = p7ecx->cmsg->poolp; #ifdef CMSDEBUG fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth); @@ -201,12 +199,9 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx) SECStatus rv; SECOidTag childtype; NSSCMSContentInfo *cinfo; - PLArenaPool *poolp; NSSCMSEncoderContext *childp7ecx; const SEC_ASN1Template *template; - poolp = p7ecx->cmsg->poolp; - /* call _Encode_BeforeData handlers */ switch (p7ecx->type) { case SEC_OID_PKCS7_SIGNED_DATA: diff --git a/security/nss/lib/smime/cmsmessage.c b/security/nss/lib/smime/cmsmessage.c index 72026e6c..a44fb0b5 100644 --- a/security/nss/lib/smime/cmsmessage.c +++ b/security/nss/lib/smime/cmsmessage.c @@ -28,26 +28,26 @@ NSS_CMSMessage_Create(PLArenaPool *poolp) PRBool poolp_is_ours = PR_FALSE; if (poolp == NULL) { - poolp = PORT_NewArena (1024); /* XXX what is right value? */ - if (poolp == NULL) - return NULL; - poolp_is_ours = PR_TRUE; - } + poolp = PORT_NewArena (1024); /* XXX what is right value? */ + if (poolp == NULL) + return NULL; + poolp_is_ours = PR_TRUE; + } if (!poolp_is_ours) - mark = PORT_ArenaMark(poolp); + mark = PORT_ArenaMark(poolp); - cmsg = (NSSCMSMessage *)PORT_ArenaZAlloc (poolp, sizeof(NSSCMSMessage)); - if (cmsg == NULL) { - if (!poolp_is_ours) { - if (mark) { - PORT_ArenaRelease(poolp, mark); - } - } else - PORT_FreeArena(poolp, PR_FALSE); - return NULL; + cmsg = (NSSCMSMessage *)PORT_ArenaZAlloc(poolp, sizeof(NSSCMSMessage)); + if (cmsg == NULL || + NSS_CMSContentInfo_Private_Init(&(cmsg->contentInfo)) != SECSuccess) { + if (!poolp_is_ours) { + if (mark) { + PORT_ArenaRelease(poolp, mark); + } + } else + PORT_FreeArena(poolp, PR_FALSE); + return NULL; } - NSS_CMSContentInfo_Private_Init(&(cmsg->contentInfo)); cmsg->poolp = poolp; cmsg->poolp_is_ours = poolp_is_ours; diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c index 5e08870b..abc22542 100644 --- a/security/nss/lib/smime/cmsrecinfo.c +++ b/security/nss/lib/smime/cmsrecinfo.c @@ -526,7 +526,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag) { PK11SymKey *bulkkey = NULL; - SECAlgorithmID *encalg; SECOidTag encalgtag; SECItem *enckey; int error; @@ -536,7 +535,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, switch (ri->recipientInfoType) { case NSSCMSRecipientInfoID_KeyTrans: - encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */ switch (encalgtag) { @@ -551,7 +549,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KeyAgree: - encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); switch (encalgtag) { @@ -573,7 +570,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KEK: - encalg = &(ri->ri.kekRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg)); enckey = &(ri->ri.kekRecipientInfo.encKey); /* not supported yet */ diff --git a/security/nss/lib/smime/cmsudf.c b/security/nss/lib/smime/cmsudf.c index 13071113..472b6d66 100644 --- a/security/nss/lib/smime/cmsudf.c +++ b/security/nss/lib/smime/cmsudf.c @@ -79,14 +79,14 @@ nss_cmstype_shutdown(void *appData, void *reserved) static PLHashNumber nss_cmstype_hash_key(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } static PRIntn nss_cmstype_compare_keys(const void *v1, const void *v2) { - PLHashNumber value1 = (PLHashNumber) v1; - PLHashNumber value2 = (PLHashNumber) v2; + PLHashNumber value1 = nss_cmstype_hash_key(v1); + PLHashNumber value2 = nss_cmstype_hash_key(v2); return (value1 == value2); } diff --git a/security/nss/lib/smime/smimeutil.c b/security/nss/lib/smime/smimeutil.c index 90fa0cf2..84d1960a 100644 --- a/security/nss/lib/smime/smimeutil.c +++ b/security/nss/lib/smime/smimeutil.c @@ -754,12 +754,13 @@ loser: return cert; } -extern const char __nss_smime_rcsid[]; -extern const char __nss_smime_sccsid[]; +extern const char __nss_smime_version[]; PRBool NSSSMIME_VersionCheck(const char *importedVersion) { +#define NSS_VERSION_VARIABLE __nss_smime_version +#include "verref.h" /* * This is the secret handshake algorithm. * @@ -769,10 +770,6 @@ NSSSMIME_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_smime_rcsid[0] + __nss_smime_sccsid[0]; - return NSS_VersionCheck(importedVersion); } diff --git a/security/nss/lib/smime/smimever.c b/security/nss/lib/smime/smimever.c index 917bbf59..8c06130a 100644 --- a/security/nss/lib/smime/smimever.c +++ b/security/nss/lib/smime/smimever.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_smime_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_smime_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_smime_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c index 085b2be2..c3dd887b 100644 --- a/security/nss/lib/softoken/legacydb/keydb.c +++ b/security/nss/lib/softoken/legacydb/keydb.c @@ -1476,7 +1476,9 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, SECItem *cipherText = NULL; SECItem *dummy = NULL; #ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug = NULL; +#endif int savelen; #endif @@ -1589,9 +1591,11 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, goto loser; } +#ifdef EC_DEBUG fordebug = &(pki->privateKey); SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey", pk->keyType, fordebug); +#endif break; #endif /* NSS_DISABLE_ECC */ @@ -1704,7 +1708,7 @@ seckey_decrypt_private_key(SECItem*epki, SECStatus rv = SECFailure; PLArenaPool *temparena = NULL, *permarena = NULL; SECItem *dest = NULL; -#ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug = NULL; #endif @@ -1817,9 +1821,11 @@ seckey_decrypt_private_key(SECItem*epki, pk->keyType = NSSLOWKEYECKey; lg_prepare_low_ec_priv_key_for_asn1(pk); +#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey", pk->keyType, fordebug); +#endif if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey, &pki->privateKey) ) break; rv = SEC_QuickDERDecodeItem(permarena, pk, @@ -1990,12 +1996,10 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, SECItem *encCheck) { SECOidData *oidData; - SECStatus rv; oidData = SECOID_FindOIDByTag(alg); if ( oidData == NULL ) { - rv = SECFailure; - goto loser; + return SECFailure; } entry->len = 1 + oidData->oid.len + encCheck->len; @@ -2006,7 +2010,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, } if ( entry->data == NULL ) { - goto loser; + return SECFailure; } /* first length of oid */ @@ -2017,10 +2021,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data, encCheck->len); - return(SECSuccess); - -loser: - return(SECFailure); + return SECSuccess; } @@ -2032,7 +2033,6 @@ static SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) { SECStatus rv; - int ret; int errors = 0; if ( handle->db == NULL ) { @@ -2080,7 +2080,7 @@ nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) done: /* sync the database */ - ret = keydb_Sync(handle, 0); + (void)keydb_Sync(handle, 0); db_InitComplete(handle->db); return (errors == 0 ? SECSuccess : SECFailure); @@ -2089,7 +2089,6 @@ done: static int keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2099,7 +2098,7 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2107,7 +2106,6 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret = 0; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2117,7 +2115,7 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2125,7 +2123,6 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2135,7 +2132,7 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) ret = (* db->sync)(db, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2143,7 +2140,6 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) static int keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2153,7 +2149,7 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2161,7 +2157,6 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) static int keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2171,7 +2166,7 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2179,7 +2174,6 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static void keydb_Close(NSSLOWKEYDBHandle *kdb) { - PRStatus prstat; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2188,7 +2182,7 @@ keydb_Close(NSSLOWKEYDBHandle *kdb) (* db->close)(db); - SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock)); + SKIP_AFTER_FORK(PZ_Unlock(kdbLock)); return; } diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index 00a0a746..7c80c568 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -210,8 +210,6 @@ static const CK_ATTRIBUTE lg_StaticFalseAttr = LG_DEF_ATTRIBUTE(&lg_staticFalseValue,sizeof(lg_staticFalseValue)); static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL,0); char lg_StaticOneValue = 1; -static const CK_ATTRIBUTE lg_StaticOneAttr = - LG_DEF_ATTRIBUTE(&lg_StaticOneValue,sizeof(lg_StaticOneValue)); /* * helper functions which get the database and call the underlying @@ -434,11 +432,6 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) { return pubItem; } -static const SEC_ASN1Template lg_SerialTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(NSSLOWCERTCertificate,serialNumber) }, - { 0 } -}; - static CK_RV lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute) diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c index 37efcd6f..47da8f04 100644 --- a/security/nss/lib/softoken/legacydb/lginit.c +++ b/security/nss/lib/softoken/legacydb/lginit.c @@ -22,15 +22,9 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_dbm_rcsid[] = "$Header: NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_dbm_sccsid[] = "@(#)NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_dbm_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING; typedef struct LGPrivateStr { NSSLOWCERTCertDBHandle *certDB; @@ -482,14 +476,14 @@ lg_Close(SDB *sdb) static PLHashNumber lg_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } PRIntn lg_CompareValues(const void *v1, const void *v2) { - PLHashNumber value1 = (PLHashNumber) v1; - PLHashNumber value2 = (PLHashNumber) v2; + PLHashNumber value1 = lg_HashNumber(v1); + PLHashNumber value2 = lg_HashNumber(v2); return (value1 == value2); } @@ -593,9 +587,9 @@ legacy_Open(const char *configdir, const char *certPrefix, CK_RV crv = CKR_OK; SECStatus rv; PRBool readOnly = (flags == SDB_RDONLY)? PR_TRUE: PR_FALSE; - volatile char c; /* force a reference that won't get optimized away */ - c = __nss_dbm_rcsid[0] + __nss_dbm_sccsid[0]; +#define NSS_VERSION_VARIABLE __nss_dbm_version +#include "verref.h" rv = SECOID_Init(); if (SECSuccess != rv) { diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index 5f767006..4eda4f0f 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -103,13 +103,12 @@ nsslowcert_LockDB(NSSLOWCERTCertDBHandle *handle) static void nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle) { - PRStatus prstat; - - prstat = PZ_ExitMonitor(handle->dbMon); - +#ifdef DEBUG + PRStatus prstat = PZ_ExitMonitor(handle->dbMon); PORT_Assert(prstat == PR_SUCCESS); - - return; +#else + PZ_ExitMonitor(handle->dbMon); +#endif } @@ -134,15 +133,16 @@ nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certRefCountLock != NULL); - prstat = PZ_Unlock(certRefCountLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certRefCountLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certRefCountLock); +#endif } /* @@ -166,15 +166,16 @@ nsslowcert_LockCertTrust(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certTrustLock != NULL); - prstat = PZ_Unlock(certTrustLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certTrustLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certTrustLock); +#endif } @@ -199,15 +200,17 @@ nsslowcert_LockFreeList(void) static void nsslowcert_UnlockFreeList(void) { - PRStatus prstat = PR_SUCCESS; - PORT_Assert(freeListLock != NULL); - SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PR_SUCCESS; + SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + SKIP_AFTER_FORK(PZ_Unlock(freeListLock)); +#endif } NSSLOWCERTCertificate * @@ -224,7 +227,6 @@ nsslowcert_DupCertificate(NSSLOWCERTCertificate *c) static int certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -232,7 +234,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -240,7 +242,6 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret = 0; PORT_Assert(dbLock != NULL); @@ -248,7 +249,7 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -256,7 +257,6 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Sync(DB *db, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -264,7 +264,7 @@ certdb_Sync(DB *db, unsigned int flags) ret = (* db->sync)(db, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -273,7 +273,6 @@ certdb_Sync(DB *db, unsigned int flags) static int certdb_Del(DB *db, DBT *key, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -281,7 +280,7 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); /* don't fail if the record is already deleted */ if (ret == DB_NOT_FOUND) { @@ -294,7 +293,6 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) static int certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -302,7 +300,7 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -310,14 +308,12 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) static void certdb_Close(DB *db) { - PRStatus prstat = PR_SUCCESS; - PORT_Assert(dbLock != NULL); SKIP_AFTER_FORK(PZ_Lock(dbLock)); (* db->close)(db); - SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock)); + SKIP_AFTER_FORK(PZ_Unlock(dbLock)); return; } @@ -2430,7 +2426,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, certDBEntrySubject *entry; SECStatus rv; unsigned int nnlen; - unsigned int eaddrlen; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ( arena == NULL ) { @@ -2480,7 +2475,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, goto loser; } - eaddrlen = PORT_Strlen(emailAddr) + 1; entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *)); if ( entry->emailAddrs == NULL ) { PORT_Free(emailAddr); @@ -3586,7 +3580,6 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) certDBEntrySMime *emailEntry = NULL; char *nickname; char *emailAddr; - SECStatus rv; /* * Sequence through the old database and copy all of the entries @@ -3700,7 +3693,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) if ( subjectEntry->nickname ) { PORT_Memcpy(subjectEntry->nickname, nickname, key.size - 1); - rv = WriteDBSubjectEntry(handle, subjectEntry); + (void)WriteDBSubjectEntry(handle, subjectEntry); } } else if ( type == certDBEntryTypeSMimeProfile ) { emailAddr = &((char *)key.data)[1]; @@ -3729,7 +3722,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr, key.size - 1); subjectEntry->nemailAddrs = 1; - rv = WriteDBSubjectEntry(handle, subjectEntry); + (void)WriteDBSubjectEntry(handle, subjectEntry); } } } @@ -3791,14 +3784,13 @@ static SECStatus UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) { NSSLOWCERTCertDBHandle updatehandle; - SECStatus rv; updatehandle.permCertDB = updatedb; updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB); updatehandle.dbVerify = 0; updatehandle.ref = 1; /* prevent premature close */ - rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, + (void)nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, (void *)handle); PZ_DestroyMonitor(updatehandle.dbMon); @@ -5071,7 +5063,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, PRBool isKRL) { SECItem keyitem; - DBT key; SECStatus rv; PLArenaPool *arena = NULL; certDBEntryRevocation *entry = NULL; @@ -5088,9 +5079,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, goto loser; } - key.data = keyitem.data; - key.size = keyitem.len; - /* find in perm database */ entry = ReadDBCrlEntry(handle, crlKey, crlType); diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c index c0949fec..16d4c914 100644 --- a/security/nss/lib/softoken/lowpbe.c +++ b/security/nss/lib/softoken/lowpbe.c @@ -516,7 +516,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, } PORT_Memcpy(Ai, iterBuf, hashLength); - for (Bidx = 0; Bidx < B.len; Bidx += hashLength) { + for (Bidx = 0; Bidx < (int)B.len; Bidx += hashLength) { PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength)); } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index bd7c4bd5..e52c57db 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -393,6 +393,7 @@ static const struct mechanismList mechanisms[] = { {CKM_SHA512_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_SHA512_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_TLS_PRF_GENERAL, {0, 512, CKF_SN_VR}, PR_FALSE}, + {CKM_TLS_MAC, {0, 512, CKF_SN_VR}, PR_FALSE}, {CKM_NSS_TLS_PRF_GENERAL_SHA256, {0, 512, CKF_SN_VR}, PR_FALSE}, /* ------------------------- HKDF Operations -------------------------- */ @@ -462,12 +463,15 @@ static const struct mechanismList mechanisms[] = { {CKM_SHA384_KEY_DERIVATION, { 0, 48, CKF_DERIVE}, PR_FALSE}, {CKM_SHA512_KEY_DERIVATION, { 0, 64, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, + {CKM_TLS12_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_MASTER_KEY_DERIVE_DH, {8, 128, CKF_DERIVE}, PR_FALSE}, + {CKM_TLS12_MASTER_KEY_DERIVE_DH, {8, 128, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, {8, 128, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, + {CKM_TLS12_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, {48, 48, CKF_DERIVE}, PR_FALSE}, /* ---------------------- PBE Key Derivations ------------------------ */ @@ -1742,7 +1746,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue, object,CKA_EC_POINT); if (crv == CKR_OK) { - int keyLen,curveLen; + unsigned int keyLen,curveLen; curveLen = (pubKey->u.ec.ecParams.fieldID.size +7)/8; keyLen = (2*curveLen)+1; @@ -2217,7 +2221,7 @@ CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) static PLHashNumber sftk_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } /* @@ -3135,17 +3139,16 @@ CK_RV NSC_Finalize (CK_VOID_PTR pReserved) return crv; } -extern const char __nss_softokn_rcsid[]; -extern const char __nss_softokn_sccsid[]; +extern const char __nss_softokn_version[]; /* NSC_GetInfo returns general information about Cryptoki. */ CK_RV NSC_GetInfo(CK_INFO_PTR pInfo) { - volatile char c; /* force a reference that won't get optimized away */ +#define NSS_VERSION_VARIABLE __nss_softokn_version +#include "verref.h" CHECK_FORK(); - c = __nss_softokn_rcsid[0] + __nss_softokn_sccsid[0]; pInfo->cryptokiVersion.major = 2; pInfo->cryptokiVersion.minor = 20; PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32); @@ -4002,7 +4005,7 @@ static CK_RV sftk_CreateNewSlot(SFTKSlot *slot, CK_OBJECT_CLASS class, PRBool isValidFIPSUserSlot = PR_FALSE; PRBool isValidSlot = PR_FALSE; PRBool isFIPS = PR_FALSE; - unsigned long moduleIndex; + unsigned long moduleIndex = NSC_NON_FIPS_MODULE; SFTKAttribute *attribute; sftk_parameters paramStrings; char *paramString; @@ -4511,7 +4514,7 @@ sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle, { PRBool isCert = PR_FALSE; int emailIndex = -1; - int i; + unsigned int i; SFTKSearchResults smime_search; CK_ATTRIBUTE smime_template[2]; CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME; diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index fc050f35..0a2c5dc8 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -73,6 +73,7 @@ static void sftk_Null(void *data, PRBool freeit) } \ printf("\n") #else +#undef EC_DEBUG #define SEC_PRINT(a, b, c, d) #endif #endif /* NSS_DISABLE_ECC */ @@ -2517,10 +2518,52 @@ finish_rsa: *(CK_ULONG *)pMechanism->pParameter); break; case CKM_TLS_PRF_GENERAL: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); break; + case CKM_TLS_MAC: { + CK_TLS_MAC_PARAMS *tls12_mac_params; + HASH_HashType tlsPrfHash; + const char *label; + + if (pMechanism->ulParameterLen != sizeof(CK_TLS_MAC_PARAMS)) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + tls12_mac_params = (CK_TLS_MAC_PARAMS *)pMechanism->pParameter; + if (tls12_mac_params->prfMechanism == CKM_TLS_PRF) { + /* The TLS 1.0 and 1.1 PRF */ + tlsPrfHash = HASH_AlgNULL; + if (tls12_mac_params->ulMacLength != 12) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + } else { + /* The hash function for the TLS 1.2 PRF */ + tlsPrfHash = + GetHashTypeFromMechanism(tls12_mac_params->prfMechanism); + if (tlsPrfHash == HASH_AlgNULL || + tls12_mac_params->ulMacLength < 12) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + } + if (tls12_mac_params->ulServerOrClient == 1) { + label = "server finished"; + } else if (tls12_mac_params->ulServerOrClient == 2) { + label = "client finished"; + } else { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + crv = sftk_TLSPRFInit(context, key, key_type, tlsPrfHash, + tls12_mac_params->ulMacLength); + if (crv == CKR_OK) { + context->hashUpdate(context->hashInfo, label, 15); + } + break; + } case CKM_NSS_TLS_PRF_GENERAL_SHA256: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); break; case CKM_NSS_HMAC_CONSTANT_TIME: { @@ -3114,10 +3157,10 @@ finish_rsa: *(CK_ULONG *)pMechanism->pParameter); break; case CKM_TLS_PRF_GENERAL: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); break; case CKM_NSS_TLS_PRF_GENERAL_SHA256: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); break; default: @@ -4039,7 +4082,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, CK_MECHANISM mech = {0, NULL, 0}; CK_ULONG modulusLen; - CK_ULONG subPrimeLen; + CK_ULONG subPrimeLen = 0; PRBool isEncryptable = PR_FALSE; PRBool canSignVerify = PR_FALSE; PRBool isDerivable = PR_FALSE; @@ -4337,7 +4380,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, DSAPrivateKey * dsaPriv; /* Diffie Hellman */ - int private_value_bits = 0; DHPrivateKey * dhPriv; #ifndef NSS_DISABLE_ECC @@ -4389,7 +4431,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, */ for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) { if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) { - private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue; continue; } @@ -4859,7 +4900,9 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) SECStatus rv = SECSuccess; SECItem *encodedKey = NULL; #ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug; +#endif int savelen; #endif @@ -4932,9 +4975,11 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) lk->u.ec.ecParams.curveOID.len = savelen; lk->u.ec.publicValue.len >>= 3; +#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, fordebug); +#endif param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); @@ -4973,7 +5018,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PrivateKeyInfoTemplate); *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; -#ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG fordebug = encodedKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); @@ -5822,9 +5867,10 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; CK_OBJECT_CLASS classType = CKO_SECRET_KEY; CK_KEY_DERIVATION_STRING_DATA *stringPtr; + CK_MECHANISM_TYPE mechanism = pMechanism->mechanism; PRBool isTLS = PR_FALSE; - PRBool isSHA256 = PR_FALSE; PRBool isDH = PR_FALSE; + HASH_HashType tlsPrfHash = HASH_AlgNULL; SECStatus rv; int i; unsigned int outLen; @@ -5871,7 +5917,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, keySize = sftk_MapKeySize(keyType); } - switch (pMechanism->mechanism) { + switch (mechanism) { case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ @@ -5919,18 +5965,16 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, } } - switch (pMechanism->mechanism) { + switch (mechanism) { /* * generate the master secret */ + case CKM_TLS12_MASTER_KEY_DERIVE: + case CKM_TLS12_MASTER_KEY_DERIVE_DH: case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: - isSHA256 = PR_TRUE; - /* fall thru */ case CKM_TLS_MASTER_KEY_DERIVE: case CKM_TLS_MASTER_KEY_DERIVE_DH: - isTLS = PR_TRUE; - /* fall thru */ case CKM_SSL3_MASTER_KEY_DERIVE: case CKM_SSL3_MASTER_KEY_DERIVE_DH: { @@ -5938,10 +5982,30 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, SSL3RSAPreMasterSecret * rsa_pms; unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; - if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || - (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || - (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) - isDH = PR_TRUE; + if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) || + (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { + CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master = + (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *) pMechanism->pParameter; + tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism); + if (tlsPrfHash == HASH_AlgNULL) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) || + (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { + tlsPrfHash = HASH_AlgSHA256; + } + + if ((mechanism != CKM_SSL3_MASTER_KEY_DERIVE) && + (mechanism != CKM_SSL3_MASTER_KEY_DERIVE_DH)) { + isTLS = PR_TRUE; + } + if ((mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || + (mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || + (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) || + (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { + isDH = PR_TRUE; + } /* first do the consistancy checks */ if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { @@ -6008,8 +6072,8 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, pms.data = (unsigned char*)att->attrib.pValue; pms.len = att->attrib.ulValueLen; - if (isSHA256) { - status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret", + if (tlsPrfHash != HASH_AlgNULL) { + status = TLS_P_hash(tlsPrfHash, &pms, "master secret", &crsr, &master, isFIPS); } else { status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); @@ -6072,12 +6136,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, break; } + case CKM_TLS12_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: - isSHA256 = PR_TRUE; - /* fall thru */ case CKM_TLS_KEY_AND_MAC_DERIVE: - isTLS = PR_TRUE; - /* fall thru */ case CKM_SSL3_KEY_AND_MAC_DERIVE: { CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; @@ -6087,6 +6148,22 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; + if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { + CK_TLS12_KEY_MAT_PARAMS *tls12_keys = + (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; + tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); + if (tlsPrfHash == HASH_AlgNULL) { + crv = CKR_MECHANISM_PARAM_INVALID; + break; + } + } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { + tlsPrfHash = HASH_AlgSHA256; + } + + if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { + isTLS = PR_TRUE; + } + crv = sftk_DeriveSensitiveCheck(sourceKey,key); if (crv != CKR_OK) break; @@ -6166,8 +6243,8 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, master.data = (unsigned char*)att->attrib.pValue; master.len = att->attrib.ulValueLen; - if (isSHA256) { - status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion", + if (tlsPrfHash != HASH_AlgNULL) { + status = TLS_P_hash(tlsPrfHash, &master, "key expansion", &srcr, &keyblk, isFIPS); } else { status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, @@ -6731,7 +6808,7 @@ key_and_mac_derive_fail: PRBool withCofactor = PR_FALSE; unsigned char *secret; unsigned char *keyData = NULL; - int secretlen, curveLen, pubKeyLen; + unsigned int secretlen, curveLen, pubKeyLen; CK_ECDH1_DERIVE_PARAMS *mechParams; NSSLOWKEYPrivateKey *privKey; PLArenaPool *arena = NULL; @@ -6783,7 +6860,7 @@ key_and_mac_derive_fail: ecPoint = newPoint; } - if (pMechanism->mechanism == CKM_ECDH1_COFACTOR_DERIVE) { + if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { withCofactor = PR_TRUE; } else { /* When not using cofactor derivation, one should diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 9a00273f..1023a001 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -112,7 +112,7 @@ typedef void (*SFTKBegin)(void *); typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int, void *, unsigned int); typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int); -typedef void (*SFTKHash)(void *,void *,unsigned int); +typedef void (*SFTKHash)(void *,const void *,unsigned int); typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int); typedef void (*SFTKFree)(void *); @@ -724,8 +724,8 @@ sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New( CK_MECHANISM_PTR mech, SFTKObject *key); sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New( CK_MECHANISM_PTR mech, SFTKObject *key); -void sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len); -void sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len); +void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len); +void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len); void sftk_MACConstantTime_EndHash( void *pctx, void *out, unsigned int *outLength, unsigned int maxLength); void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool); @@ -738,7 +738,8 @@ extern CK_RV sftk_TLSPRFInit(SFTKSessionContext *context, SFTKObject * key, CK_KEY_TYPE key_type, - HASH_HashType hash_alg); + HASH_HashType hash_alg, + unsigned int out_len); SEC_END_PROTOS diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index 78e2fdc9..de5cbbc2 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -1174,7 +1174,6 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) { SFTKSlot *slot = sftk_SlotFromSession(session); SFTKSessionObject *so = sftk_narrowToSessionObject(object); - SFTKTokenObject *to = sftk_narrowToTokenObject(object); CK_RV crv = CKR_OK; PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize); @@ -1191,8 +1190,10 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) sftk_FreeObject(object); /* free the reference owned by the queue */ } else { SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle); - +#ifdef DEBUG + SFTKTokenObject *to = sftk_narrowToTokenObject(object); PORT_Assert(to); +#endif crv = sftkdb_DestroyObject(handle, object->handle); sftk_freeDB(handle); } @@ -1899,7 +1900,6 @@ SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) { SFTKObject *object = NULL; - SFTKTokenObject *tokObject = NULL; PRBool hasLocks = PR_FALSE; CK_RV crv; @@ -1908,7 +1908,6 @@ sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) if (object == NULL) { return NULL; } - tokObject = (SFTKTokenObject *) object; object->handle = handle; /* every object must have a class, if we can't get it, the object diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index 0bb7c8ea..042a683f 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -689,7 +689,7 @@ sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count, char *join=""; int sqlerr = SQLITE_OK; CK_RV error = CKR_OK; - int i; + unsigned int i; LOCK_SQLITE() *find = NULL; @@ -836,7 +836,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, CK_RV error = CKR_OK; int found = 0; int retry = 0; - int i; + unsigned int i; /* open a new db if necessary */ @@ -879,7 +879,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, PR_Sleep(SDB_BUSY_RETRY_TIME); } if (sqlerr == SQLITE_ROW) { - int blobSize; + unsigned int blobSize; const char *blobData; blobSize = sqlite3_column_bytes(stmt, 0); @@ -963,7 +963,7 @@ sdb_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id, int sqlerr = SQLITE_OK; int retry = 0; CK_RV error = CKR_OK; - int i; + unsigned int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; @@ -1115,7 +1115,7 @@ sdb_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *object_id, CK_RV error = CKR_OK; CK_OBJECT_HANDLE this_object = CK_INVALID_HANDLE; int retry = 0; - int i; + unsigned int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c index 14919101..b686e8e1 100644 --- a/security/nss/lib/softoken/sftkdb.c +++ b/security/nss/lib/softoken/sftkdb.c @@ -325,9 +325,7 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID, if (sftkdb_isULONGAttribute(template[i].type)) { if (template[i].pValue) { CK_ULONG value; - unsigned char *data; - data = (unsigned char *)ntemplate[i].pValue; value = sftk_SDBULong2ULong(ntemplate[i].pValue); if (length < sizeof(CK_ULONG)) { template[i].ulValueLen = -1; @@ -475,7 +473,7 @@ sftk_signTemplate(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template, CK_ULONG count) { - int i; + unsigned int i; CK_RV crv; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -573,11 +571,8 @@ sftkdb_CreateObject(PLArenaPool *arena, SFTKDBHandle *handle, SDB *db, CK_OBJECT_HANDLE *objectID, CK_ATTRIBUTE *template, CK_ULONG count) { - PRBool inTransaction = PR_FALSE; CK_RV crv; - inTransaction = PR_TRUE; - crv = (*db->sdb_CreateObject)(db, objectID, template, count); if (crv != CKR_OK) { goto loser; @@ -595,9 +590,9 @@ sftk_ExtractTemplate(PLArenaPool *arena, SFTKObject *object, SFTKDBHandle *handle,CK_ULONG *pcount, CK_RV *crv) { - int count; + unsigned int count; CK_ATTRIBUTE *template; - int i, templateIndex; + unsigned int i, templateIndex; SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); PRBool doEnc = PR_TRUE; @@ -1021,7 +1016,7 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, { CK_ATTRIBUTE *attr; char *nickname, *newNickname; - int end, digit; + unsigned int end, digit; /* sanity checks. We should never get here with these errors */ if (objectType != CKO_CERTIFICATE) { @@ -1060,9 +1055,11 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, return CKR_OK; } - for (end = attr->ulValueLen - 1; - end >= 0 && (digit = nickname[end]) <= '9' && digit >= '0'; - end--) { + for (end = attr->ulValueLen; end-- > 0;) { + digit = nickname[end]; + if (digit > '9' || digit < '0') { + break; + } if (digit < '9') { nickname[end]++; return CKR_OK; @@ -1257,7 +1254,7 @@ sftkdb_FindObjects(SFTKDBHandle *handle, SDBFind *find, crv = (*db->sdb_FindObjects)(db, find, ids, arraySize, count); if (crv == CKR_OK) { - int i; + unsigned int i; for (i=0; i < *count; i++) { ids[i] |= (handle->type | SFTK_TOKEN_TYPE); } @@ -1600,14 +1597,14 @@ static const CK_ATTRIBUTE_TYPE known_attributes[] = { CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS }; -static int known_attributes_size= sizeof(known_attributes)/ +static unsigned int known_attributes_size= sizeof(known_attributes)/ sizeof(known_attributes[0]); static CK_RV sftkdb_GetObjectTemplate(SDB *source, CK_OBJECT_HANDLE id, CK_ATTRIBUTE *ptemplate, CK_ULONG *max) { - int i,j; + unsigned int i,j; CK_RV crv; if (*max < known_attributes_size) { @@ -2011,7 +2008,6 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, {CKA_ID, NULL, 0}, {CKA_LABEL, NULL, 0} }; - CK_RV crv; attr1 = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen); attr2 = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen); @@ -2023,7 +2019,7 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, } /* the source has either an id or a label, see what the target has */ - crv = (*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); + (void)(*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); /* if the target has neither, update from the source */ if ( ((ttemplate[0].ulValueLen == 0) || @@ -2168,7 +2164,7 @@ sftkdb_mergeObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE id, CK_OBJECT_CLASS objectType; SDB *source = handle->update; SDB *target = handle->db; - int i; + unsigned int i; CK_RV crv; PLArenaPool *arena = NULL; @@ -2257,7 +2253,7 @@ sftkdb_Update(SFTKDBHandle *handle, SECItem *key) SECItem *updatePasswordKey = NULL; CK_RV crv, crv2; PRBool inTransaction = PR_FALSE; - int i; + unsigned int i; if (handle == NULL) { return CKR_OK; diff --git a/security/nss/lib/softoken/sftkhmac.c b/security/nss/lib/softoken/sftkhmac.c index 3b55a057..f4e859bc 100644 --- a/security/nss/lib/softoken/sftkhmac.c +++ b/security/nss/lib/softoken/sftkhmac.c @@ -143,31 +143,29 @@ loser: } void -sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len) +sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - SECStatus rv = HMAC_ConstantTime( + PORT_CheckSuccess(HMAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength); - PORT_Assert(rv == SECSuccess); + ctx->totalLength)); } void -sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len) +sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - SECStatus rv = SSLv3_MAC_ConstantTime( + PORT_CheckSuccess(SSLv3_MAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength); - PORT_Assert(rv == SECSuccess); + ctx->totalLength)); } void diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c index 4c9ac172..d8ce8577 100644 --- a/security/nss/lib/softoken/sftkpwd.c +++ b/security/nss/lib/softoken/sftkpwd.c @@ -864,8 +864,6 @@ static CK_RV sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE id, SECItem *newKey) { - CK_RV crv = CKR_OK; - CK_RV crv2; CK_ATTRIBUTE authAttrs[] = { {CKA_MODULUS, NULL, 0}, {CKA_PUBLIC_EXPONENT, NULL, 0}, @@ -879,7 +877,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, {CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0}, }; CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE); - int i, count; + unsigned int i, count; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -902,7 +900,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, /* * STEP 1: find the MACed attributes of this object */ - crv2 = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); count = 0; /* allocate space for the attributes */ for (i=0; i < authAttrCount; i++) { @@ -912,7 +910,6 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, count++; authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen); if (authAttrs[i].pValue == NULL) { - crv = CKR_HOST_MEMORY; break; } } @@ -922,7 +919,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, return CKR_OK; } - crv = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); /* ignore error code, we expect some possible errors */ /* GetAttributeValue just verified the old macs, safe to write @@ -969,7 +966,7 @@ sftk_updateEncrypted(PLArenaPool *arena, SFTKDBHandle *keydb, {CKA_EXPONENT_2, NULL, 0}, {CKA_COEFFICIENT, NULL, 0} }; CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE); - int i, count; + unsigned int i, count; /* * STEP 1. Read the old attributes in the clear. @@ -1113,7 +1110,7 @@ sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template, CK_ULONG idCount = SFTK_MAX_IDS; CK_OBJECT_HANDLE ids[SFTK_MAX_IDS]; CK_RV crv, crv2; - int i; + unsigned int i; crv = sftkdb_FindObjectsInit(handle, template, count, &find); @@ -1247,7 +1244,7 @@ loser: PORT_ZFree(newKey.data,newKey.len); } if (result) { - SECITEM_FreeItem(result, PR_FALSE); + SECITEM_FreeItem(result, PR_TRUE); } if (rv != SECSuccess) { (*keydb->db->sdb_Abort)(keydb->db); diff --git a/security/nss/lib/softoken/softkver.c b/security/nss/lib/softoken/softkver.c index de21bfef..3f20fad2 100644 --- a/security/nss/lib/softoken/softkver.c +++ b/security/nss/lib/softoken/softkver.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_softokn_rcsid[] = "$Header: NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_softokn_sccsid[] = "@(#)NSS " SOFTOKEN_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_softokn_version[] = "Version: NSS " SOFTOKEN_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 9e7b2c14..c7adc4bb 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,9 +25,9 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.18.0.1" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.20.0.1" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 18 +#define SOFTOKEN_VMINOR 20 #define SOFTOKEN_VPATCH 0 #define SOFTOKEN_VBUILD 1 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/softoken/tlsprf.c b/security/nss/lib/softoken/tlsprf.c index 8c97ad3a..0ebad602 100644 --- a/security/nss/lib/softoken/tlsprf.c +++ b/security/nss/lib/softoken/tlsprf.c @@ -6,6 +6,7 @@ #include "pkcs11i.h" #include "blapi.h" +#include "secerr.h" #define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb))) @@ -23,6 +24,7 @@ typedef struct { SECStatus cxRv; /* records failure of void functions. */ PRBool cxIsFIPS; /* true if conforming to FIPS 198. */ HASH_HashType cxHashAlg; /* hash algorithm to use for TLS 1.2+ */ + unsigned int cxOutLen; /* bytes of output if nonzero */ unsigned char cxBuf[512]; /* actual size may be larger than 512. */ } TLSPRFContext; @@ -87,7 +89,14 @@ sftk_TLSPRFUpdate(TLSPRFContext *cx, seedItem.len = cx->cxDataLen; sigItem.data = sig; - sigItem.len = maxLen; + if (cx->cxOutLen == 0) { + sigItem.len = maxLen; + } else if (cx->cxOutLen <= maxLen) { + sigItem.len = cx->cxOutLen; + } else { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } if (cx->cxHashAlg != HASH_AlgNULL) { rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem, @@ -142,7 +151,8 @@ CK_RV sftk_TLSPRFInit(SFTKSessionContext *context, SFTKObject * key, CK_KEY_TYPE key_type, - HASH_HashType hash_alg) + HASH_HashType hash_alg, + unsigned int out_len) { SFTKAttribute * keyVal; TLSPRFContext * prf_cx; @@ -169,6 +179,7 @@ sftk_TLSPRFInit(SFTKSessionContext *context, prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); prf_cx->cxBufPtr = prf_cx->cxBuf; prf_cx->cxHashAlg = hash_alg; + prf_cx->cxOutLen = out_len; if (keySize) PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize); diff --git a/security/nss/lib/sqlite/Makefile b/security/nss/lib/sqlite/Makefile index a2f0cf7d..dd8ea143 100644 --- a/security/nss/lib/sqlite/Makefile +++ b/security/nss/lib/sqlite/Makefile @@ -46,3 +46,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk export:: private_export +ifeq (WINNT,$(OS_ARCH)) +# sqlite calls the deprecated GetVersionExA method +OS_CFLAGS += -w44996 +endif + diff --git a/security/nss/lib/sqlite/sqlite3.c b/security/nss/lib/sqlite/sqlite3.c index 8ec2bb95..8f261e80 100644 --- a/security/nss/lib/sqlite/sqlite3.c +++ b/security/nss/lib/sqlite/sqlite3.c @@ -8149,17 +8149,17 @@ typedef INT8_TYPE i8; /* 1-byte signed integer */ ** Macros to determine whether the machine is big or little endian, ** evaluated at runtime. */ -#ifdef SQLITE_AMALGAMATION -SQLITE_PRIVATE const int sqlite3one = 1; -#else -SQLITE_PRIVATE const int sqlite3one; -#endif #if defined(i386) || defined(__i386__) || defined(_M_IX86)\ || defined(__x86_64) || defined(__x86_64__) # define SQLITE_BIGENDIAN 0 # define SQLITE_LITTLEENDIAN 1 # define SQLITE_UTF16NATIVE SQLITE_UTF16LE #else +# ifdef SQLITE_AMALGAMATION +SQLITE_PRIVATE const int sqlite3one = 1; +# else +SQLITE_PRIVATE const int sqlite3one; +# endif # define SQLITE_BIGENDIAN (*(char *)(&sqlite3one)==0) # define SQLITE_LITTLEENDIAN (*(char *)(&sqlite3one)==1) # define SQLITE_UTF16NATIVE (SQLITE_BIGENDIAN?SQLITE_UTF16BE:SQLITE_UTF16LE) diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index 174037b1..da561644 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -422,3 +422,15 @@ ER3(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL, (SSL_ERROR_BASE + 130), ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131), "The server rejected the handshake because the client downgraded to a lower " "TLS version than the server supports.") + +ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132), +"The server certificate included a public key that was too weak.") + +ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133), +"Not enough room in buffer for DTLS record.") + +ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134), +"No supported TLS signature algorithm was configured.") + +ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135), +"The peer used an unsupported combination of signature and hash algorithm.") diff --git a/security/nss/lib/ssl/dhe-param.c b/security/nss/lib/ssl/dhe-param.c new file mode 100644 index 00000000..ac0942e2 --- /dev/null +++ b/security/nss/lib/ssl/dhe-param.c @@ -0,0 +1,413 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +static const unsigned char ff_dhe_g2[] = { 2 }; + +static const unsigned char ff_dhe_2048_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_2048 = { + { siBuffer, (unsigned char *)ff_dhe_2048_p, sizeof(ff_dhe_2048_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; + +static const unsigned char ff_dhe_3072_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_3072 = { + { siBuffer, (unsigned char *)ff_dhe_3072_p, sizeof(ff_dhe_3072_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; + +static const unsigned char ff_dhe_4096_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_4096 = { + { siBuffer, (unsigned char *)ff_dhe_4096_p, sizeof(ff_dhe_4096_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; + +static const unsigned char ff_dhe_6144_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, + 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, + 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, + 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, + 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, + 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, + 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, + 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, + 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, + 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, + 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, + 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, + 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, + 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, + 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, + 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, + 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, + 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, + 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, + 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, + 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, + 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, + 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, + 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, + 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, + 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, + 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, + 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, + 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, + 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, + 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, + 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, + 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_6144 = { + { siBuffer, (unsigned char *)ff_dhe_6144_p, sizeof(ff_dhe_6144_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; + +static const unsigned char ff_dhe_8192_p[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, + 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, + 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, + 0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, + 0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, + 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, + 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, + 0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, + 0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, + 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, + 0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, + 0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, + 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, + 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, + 0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, + 0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, + 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, + 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, + 0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, + 0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, + 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, + 0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, + 0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, + 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, + 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, + 0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, + 0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, + 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, + 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, + 0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, + 0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, + 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, + 0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, + 0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, + 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, + 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, + 0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, + 0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, + 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, + 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, + 0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, + 0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, + 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, + 0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, + 0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, + 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, + 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, + 0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, + 0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, + 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, + 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, + 0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, + 0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, + 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, + 0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, + 0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, + 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, + 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, + 0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, + 0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, + 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, + 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, + 0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, + 0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, + 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, + 0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, + 0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, + 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, + 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, + 0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, + 0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, + 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, + 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, + 0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, + 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, + 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, + 0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, + 0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, + 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, + 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, + 0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, + 0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, + 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, + 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, + 0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, + 0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, + 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, + 0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, + 0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, + 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, + 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, + 0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, + 0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, + 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, + 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, + 0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, + 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, + 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, + 0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, + 0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, + 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, + 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, + 0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, + 0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, + 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, + 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, + 0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, + 0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, + 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, + 0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, + 0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, + 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, + 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, + 0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, + 0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, + 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, + 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, + 0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, + 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, + 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, + 0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, + 0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, + 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, + 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, + 0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, + 0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +static const ssl3DHParams ff_dhe_8192 = { + { siBuffer, (unsigned char *)ff_dhe_8192_p, sizeof(ff_dhe_8192_p) }, + { siBuffer, (unsigned char *)ff_dhe_g2, sizeof(ff_dhe_g2) }, +}; diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 89315eee..1b211070 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -104,9 +104,7 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) const ssl3CipherSuite * suite; for (suite = nonDTLSSuites; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); } return SECSuccess; } @@ -229,7 +227,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) #define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ if (message_length > MAX_HANDSHAKE_MSG_LEN) { (void)ssl3_DecodeError(ss); - PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); + PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); return SECFailure; } #undef MAX_HANDSHAKE_MSG_LEN @@ -396,7 +394,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * This avoids having to fill in the bitmask in the common * case of adjacent fragments received in sequence */ - if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { + if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) { /* Either this is the adjacent fragment or an overlapping * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + @@ -676,7 +674,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) /* The reason we use 8 here is that that's the length of * the new DTLS data that we add to the header */ - fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), + fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8), content_len - fragment_offset); PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); /* Make totally sure that we are within the buffer. diff --git a/security/nss/lib/ssl/ssl.def b/security/nss/lib/ssl/ssl.def index 3a2340b4..efcf9a94 100644 --- a/security/nss/lib/ssl/ssl.def +++ b/security/nss/lib/ssl/ssl.def @@ -171,3 +171,22 @@ SSL_SetCanFalseStartCallback; ;+ local: ;+*; ;+}; +;+NSS_3.20 { # NSS 3.20 release +;+ global: +;+# If the 3.20 release includes any additional functions +;+# besides SSL_DHEGroupPrefSet and SSL_EnableWeakDHEPrimeGroup +;+# they should be labeled as NSS_3.20a +SSL_DHEGroupPrefSet; +SSL_EnableWeakDHEPrimeGroup; +;+ local: +;+*; +;+}; +;+NSS_3.21 { # NSS 3.21 release +;+ global: +SSL_GetPreliminaryChannelInfo; +SSL_SignaturePrefSet; +SSL_SignaturePrefGet; +SSL_SignatureMaxCount; +;+ local: +;+*; +;+}; diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 91a47a69..40f8476d 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -185,12 +185,17 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); /* SSL_REUSE_SERVER_ECDHE_KEY controls whether the ECDHE server key is * reused for multiple handshakes or generated each time. * SSL_REUSE_SERVER_ECDHE_KEY is currently enabled by default. + * This socket option is for ECDHE, only. It is unrelated to DHE. */ #define SSL_REUSE_SERVER_ECDHE_KEY 27 #define SSL_ENABLE_FALLBACK_SCSV 28 /* Send fallback SCSV in * handshakes. */ +/* SSL_ENABLE_SERVER_DHE controls whether DHE is enabled for the server socket. + */ +#define SSL_ENABLE_SERVER_DHE 29 + #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); @@ -292,6 +297,86 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); +/* +** Control for TLS signature algorithms for TLS 1.2 only. +** +** This governs what signature algorithms are sent by a client in the +** signature_algorithms extension. A client will not accept a signature from a +** server unless it uses an enabled algorithm. +** +** This also governs what the server sends in the supported_signature_algorithms +** field of a CertificateRequest. It also changes what the server uses to sign +** ServerKeyExchange: a server uses the first entry from this list that is +** compatible with the client's advertised signature_algorithms extension and +** the selected server certificate. +** +** Omitting SHA-256 from this list might be foolish. Support is mandatory in +** TLS 1.2 and there might be interoperability issues. For a server, NSS only +** supports SHA-256 for verifying a TLS 1.2 CertificateVerify. This list needs +** to include SHA-256 if client authentication is requested or required, or +** creating a CertificateRequest will fail. +*/ +SSL_IMPORT SECStatus SSL_SignaturePrefSet( + PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms, + unsigned int count); + +/* +** Get the currently configured signature algorithms. +** +** The algorithms are written to |algorithms| but not if there are more than +** |maxCount| values configured. The number of algorithms that are in use are +** written to |count|. This fails if |maxCount| is insufficiently large. +*/ +SSL_IMPORT SECStatus SSL_SignaturePrefGet( + PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, unsigned int *count, + unsigned int maxCount); + +/* +** Returns the maximum number of signature algorithms that are supported and +** can be set or retrieved using SSL_SignaturePrefSet or SSL_SignaturePrefGet. +*/ +SSL_IMPORT unsigned int SSL_SignatureMaxCount(); + +/* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group +** parameters that can be used by NSS for the given server socket. +** The first item in the array is used as the default group, if no other +** selection criteria can be used by NSS. +** The set is provided as an array of identifiers as defined by SSLDHEGroupType. +** If more than one group identifier is provided, NSS will select the one to use. +** For example, a TLS extension sent by the client might indicate a preference. +*/ +SSL_IMPORT SECStatus SSL_DHEGroupPrefSet(PRFileDesc *fd, + SSLDHEGroupType *groups, + PRUint16 num_groups); + +/* Enable the use of a DHE group that's smaller than the library default, +** for backwards compatibility reasons. The DH parameters will be created +** at the time this function is called, which might take a very long time. +** The function will block until generation is completed. +** The intention is to enforce that fresh and safe parameters are generated +** each time a process is started. +** At the time this API was initially implemented, the API will enable the +** use of 1024 bit DHE parameters. This value might get increased in future +** versions of NSS. +** +** It is allowed to call this API will a NULL value for parameter fd, +** which will prepare the global parameters that NSS will reuse for the remainder +** of the process lifetime. This can be used early after startup of a process, +** to avoid a delay when handling incoming client connections. +** This preparation with a NULL for parameter fd will NOT enable the weak group +** on sockets. The function needs to be called again for every socket that +** should use the weak group. +** +** It is allowed to use this API in combination with the SSL_DHEGroupPrefSet API. +** If both APIs have been called, the weakest group will be used, +** unless it is certain that the client supports larger group parameters. +** The weak group will be used as the default group, overriding the preference +** for the first group potentially set with a call to SSL_DHEGroupPrefSet +** (The first group set using SSL_DHEGroupPrefSet will still be enabled, but +** it's no longer the default group.) +*/ +SSL_IMPORT SECStatus SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled); + /* SSL Version Range API ** ** This API should be used to control SSL 3.0 & TLS support instead of the @@ -895,10 +980,27 @@ SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); /* Report more information than SSL_SecurityStatus. -** Caller supplies the info struct. Function fills it in. -*/ + * Caller supplies the info struct. This function fills it in. + * The information here will be zeroed prior to details being confirmed. The + * details are confirmed either when a Finished message is received, or - for a + * client - when the second flight of messages have been sent. This function + * therefore produces unreliable results prior to receiving the + * SSLHandshakeCallback or the SSLCanFalseStartCallback. + */ SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len); +/* Get preliminary information about a channel. + * This function can be called prior to handshake details being confirmed (see + * SSL_GetChannelInfo above for what that means). Thus, information provided by + * this function is available to SSLAuthCertificate, SSLGetClientAuthData, + * SSLSNISocketConfig, and other callbacks that might be called during the + * processing of the first flight of client of server handshake messages. + * Values are marked as being unavailable when renegotiation is initiated. + */ +SSL_IMPORT SECStatus +SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, + SSLPreliminaryChannelInfo *info, + PRUintn len); SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, SSLCipherSuiteInfo *info, PRUintn len); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 7d26568f..7da3aa6d 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -61,8 +61,8 @@ static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, const unsigned char *b, unsigned int l); +static SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); -static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, const unsigned char *input, @@ -108,14 +108,17 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { #endif /* NSS_DISABLE_ECC */ { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -173,6 +176,23 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, }; +static const SSLSignatureAndHashAlg defaultSignatureAlgorithms[] = { + {ssl_hash_sha256, ssl_sign_rsa}, + {ssl_hash_sha384, ssl_sign_rsa}, + {ssl_hash_sha512, ssl_sign_rsa}, + {ssl_hash_sha1, ssl_sign_rsa}, +#ifndef NSS_DISABLE_ECC + {ssl_hash_sha256, ssl_sign_ecdsa}, + {ssl_hash_sha384, ssl_sign_ecdsa}, + {ssl_hash_sha512, ssl_sign_ecdsa}, + {ssl_hash_sha1, ssl_sign_ecdsa}, +#endif + {ssl_hash_sha256, ssl_sign_dsa}, + {ssl_hash_sha1, ssl_sign_dsa} +}; +PR_STATIC_ASSERT(PR_ARRAY_SIZE(defaultSignatureAlgorithms) <= + MAX_SIGNATURE_ALGORITHMS); + /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order. */ #ifdef DEBUG @@ -233,20 +253,6 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { ct_DSS_sign, }; -/* This block is the contents of the supported_signature_algorithms field of - * our TLS 1.2 CertificateRequest message, in wire format. See - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - * - * This block contains only sha256 entries because we only support TLS 1.2 - * CertificateVerify messages that use the handshake hash. */ -static const PRUint8 supported_signature_algorithms[] = { - tls_hash_sha256, tls_sig_rsa, -#ifndef NSS_DISABLE_ECC - tls_hash_sha256, tls_sig_ecdsa, -#endif - tls_hash_sha256, tls_sig_dsa, -}; - #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ @@ -284,30 +290,30 @@ static const ssl3BulkCipherDef bulk_cipher_defs[] = { {cipher_missing, calg_null, 0, 0, type_stream, 0, 0, 0, 0}, }; -static const ssl3KEADef kea_defs[] = +static const ssl3KEADef kea_defs[] = { /* indexed by SSL3KeyExchangeAlgorithm */ - /* kea exchKeyType signKeyType is_limited limit tls_keygen */ - {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE}, - {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE}, - {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, - {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, - {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE}, - {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE}, - {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE}, - {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE}, - {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE}, - {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE }, + /* kea exchKeyType signKeyType is_limited limit tls_keygen ephemeral */ + {kea_null, kt_null, sign_null, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa, kt_rsa, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_rsa_export, kt_rsa, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_rsa_export_1024,kt_rsa, sign_rsa, PR_TRUE, 1024, PR_FALSE, PR_FALSE}, + {kea_dh_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dh_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_dh_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_FALSE}, + {kea_dhe_dss, kt_dh, sign_dsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dhe_dss_export, kt_dh, sign_dsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_dhe_rsa, kt_dh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dhe_rsa_export, kt_dh, sign_rsa, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_dh_anon, kt_dh, sign_null, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_dh_anon_export, kt_dh, sign_null, PR_TRUE, 512, PR_FALSE, PR_TRUE}, + {kea_rsa_fips, kt_rsa, sign_rsa, PR_FALSE, 0, PR_TRUE, PR_FALSE}, #ifndef NSS_DISABLE_ECC - {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE}, - {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE}, + {kea_ecdh_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_ecdhe_ecdsa, kt_ecdh, sign_ecdsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_ecdh_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_FALSE}, + {kea_ecdhe_rsa, kt_ecdh, sign_rsa, PR_FALSE, 0, PR_FALSE, PR_TRUE}, + {kea_ecdh_anon, kt_ecdh, sign_null, PR_FALSE, 0, PR_FALSE, PR_TRUE}, #endif /* NSS_DISABLE_ECC */ }; @@ -408,6 +414,10 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa}, + {TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_dss}, + {TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, cipher_aes_128, hmac_sha256, kea_dhe_dss}, + {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss}, + #ifndef NSS_DISABLE_ECC {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, @@ -644,12 +654,15 @@ ssl3_CipherSuiteAllowedForVersionRange( case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: case TLS_RSA_WITH_AES_128_CBC_SHA256: case TLS_RSA_WITH_AES_128_GCM_SHA256: + case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: + case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: case TLS_RSA_WITH_NULL_SHA256: return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2; case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: + case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: return vrange->max >= SSL_LIBRARY_VERSION_TLS_1_2; /* RFC 4492: ECC cipher suites need TLS extensions to negotiate curves and @@ -772,16 +785,11 @@ ssl3_config_match_init(sslSocket *ss) * that the server uses an RSA cert for (EC)DHE-RSA. */ switch (cipher_def->key_exchange_alg) { + case kea_dhe_dss: + svrAuth = ss->serverCerts + ssl_kea_dh; + break; case kea_ecdhe_rsa: -#if NSS_SERVER_DHE_IMPLEMENTED - /* XXX NSS does not yet implement the server side of _DHE_ - * cipher suites. Correcting the computation for svrAuth, - * as the case below does, causes NSS SSL servers to begin to - * negotiate cipher suites they do not implement. So, until - * server side _DHE_ is implemented, keep this disabled. - */ case kea_dhe_rsa: -#endif svrAuth = ss->serverCerts + kt_rsa; break; case kea_ecdh_ecdsa: @@ -793,6 +801,8 @@ ssl3_config_match_init(sslSocket *ss) * simultaneously. For now, both of them use * whatever is in the certificate slot for kt_ecdh */ + case kea_dhe_dss_export: + case kea_dhe_rsa_export: default: svrAuth = ss->serverCerts + exchKeyType; break; @@ -829,11 +839,22 @@ ssl3_config_match_init(sslSocket *ss) * cipher suite. */ static PRBool config_match(ssl3CipherSuiteCfg *suite, int policy, PRBool enabled, - const SSLVersionRange *vrange) + const SSLVersionRange *vrange, const sslSocket *ss) { + const ssl3CipherSuiteDef *cipher_def; + PORT_Assert(policy != SSL_NOT_ALLOWED && enabled != PR_FALSE); if (policy == SSL_NOT_ALLOWED || !enabled) - return PR_FALSE; + return PR_FALSE; + + cipher_def = ssl_LookupCipherSuiteDef(suite->cipher_suite); + PORT_Assert(cipher_def != NULL); + + PORT_Assert(ss != NULL); + if (ss->sec.isServer && !ss->opt.enableServerDhe && + kea_defs[cipher_def->key_exchange_alg].exchKeyType == ssl_kea_dh) + return PR_FALSE; + return (PRBool)(suite->enabled && suite->isPresent && suite->policy != SSL_NOT_ALLOWED && @@ -854,7 +875,7 @@ count_cipher_suites(sslSocket *ss, int policy, PRBool enabled) return 0; } for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { - if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange)) + if (config_match(&ss->cipherSuites[i], policy, enabled, &ss->vrange, ss)) count++; } if (count <= 0) { @@ -946,9 +967,9 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, break; case dsaKey: doDerEncode = isTLS; - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. + /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -959,9 +980,9 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, #ifndef NSS_DISABLE_ECC case ecKey: doDerEncode = PR_TRUE; - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. + /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -976,7 +997,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, } PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { signatureLen = PK11_SignatureLen(key); if (signatureLen <= 0) { PORT_SetError(SEC_ERROR_INVALID_KEY); @@ -990,7 +1011,8 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, rv = PK11_Sign(key, buf, &hashItem); } else { - rv = SGN_Digest(key, hash->hashAlg, buf, &hashItem); + SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(hash->hashAlg); + rv = SGN_Digest(key, hashOID, buf, &hashItem); } if (rv != SECSuccess) { ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); @@ -1038,7 +1060,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, return SECFailure; } - hashAlg = hash->hashAlg; + hashAlg = ssl3_TLSHashAlgorithmToOID(hash->hashAlg); switch (key->keyType) { case rsaKey: encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION; @@ -1047,9 +1069,9 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, break; case dsaKey: encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE; - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. + /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -1070,13 +1092,13 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, #ifndef NSS_DISABLE_ECC case ecKey: encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. + /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. * ECDSA signatures always encode the integers r and s using ASN.1 * (unlike DSA where ASN.1 encoding is used with TLS but not with * SSL3). So we can use VFY_VerifyDigestDirect for ECDSA. */ - if (hash->hashAlg == SEC_OID_UNKNOWN) { + if (hash->hashAlg == ssl_hash_none) { hashAlg = SEC_OID_SHA1; hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); @@ -1104,8 +1126,8 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, */ rv = PK11_Verify(key, buf, &hashItem, pwArg); } else { - rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg, - pwArg); + rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg, + pwArg); } SECKEY_DestroyPublicKey(key); if (signature) { @@ -1121,75 +1143,71 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, /* Caller must set hiLevel error code. */ /* Called from ssl3_ComputeExportRSAKeyHash * ssl3_ComputeDHKeyHash - * which are called from ssl3_HandleServerKeyExchange. + * which are called from ssl3_HandleServerKeyExchange. * - * hashAlg: either the OID for a hash algorithm or SEC_OID_UNKNOWN to specify - * the pre-1.2, MD5/SHA1 combination hash. + * hashAlg: ssl_hash_none indicates the pre-1.2, MD5/SHA1 combination hash. */ SECStatus -ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, - PRUint8 * hashBuf, unsigned int bufLen, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, + PRUint8 * hashBuf, unsigned int bufLen, + SSL3Hashes *hashes, PRBool bypassPKCS11) { - SECStatus rv = SECSuccess; + SECStatus rv; + SECOidTag hashOID; #ifndef NO_PKCS11_BYPASS if (bypassPKCS11) { - if (hashAlg == SEC_OID_UNKNOWN) { - MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen); - SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen); - hashes->len = MD5_LENGTH + SHA1_LENGTH; - } else if (hashAlg == SEC_OID_SHA1) { - SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA1_LENGTH; - } else if (hashAlg == SEC_OID_SHA256) { - SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA256_LENGTH; - } else if (hashAlg == SEC_OID_SHA384) { - SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA384_LENGTH; - } else if (hashAlg == SEC_OID_SHA512) { - SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA512_LENGTH; - } else { - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - return SECFailure; - } - } else + if (hashAlg == ssl_hash_none) { + MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen); + SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen); + hashes->len = MD5_LENGTH + SHA1_LENGTH; + } else if (hashAlg == ssl_hash_sha1) { + SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA1_LENGTH; + } else if (hashAlg == ssl_hash_sha256) { + SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA256_LENGTH; + } else if (hashAlg == ssl_hash_sha384) { + SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA384_LENGTH; + } else if (hashAlg == ssl_hash_sha512) { + SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA512_LENGTH; + } else { + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } + } else #endif { - if (hashAlg == SEC_OID_UNKNOWN) { - rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); - rv = SECFailure; - goto done; - } - - rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); - rv = SECFailure; - } - hashes->len = MD5_LENGTH + SHA1_LENGTH; - } else { - hashes->len = HASH_ResultLenByOidTag(hashAlg); - if (hashes->len > sizeof(hashes->u.raw)) { - ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - rv = SECFailure; - goto done; - } - rv = PK11_HashBuf(hashAlg, hashes->u.raw, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); - rv = SECFailure; - } - } + if (hashAlg == ssl_hash_none) { + rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); + return rv; + } + rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); + return rv; + } + hashes->len = MD5_LENGTH + SHA1_LENGTH; + } else { + hashOID = ssl3_TLSHashAlgorithmToOID(hashAlg); + hashes->len = HASH_ResultLenByOidTag(hashOID); + if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) { + ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } + rv = PK11_HashBuf(hashOID, hashes->u.raw, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); + return rv; + } + } } hashes->hashAlg = hashAlg; - -done: - return rv; + return SECSuccess; } /* Caller must set hiLevel error code. @@ -1197,10 +1215,10 @@ done: ** ssl3_HandleServerKeyExchange. */ static SECStatus -ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg, - SECItem modulus, SECItem publicExponent, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg, + SECItem modulus, SECItem publicExponent, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; @@ -1238,7 +1256,7 @@ ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg, bypassPKCS11); PRINT_BUF(95, (NULL, "RSAkey hash: ", hashBuf, bufLen)); - if (hashAlg == SEC_OID_UNKNOWN) { + if (hashAlg == ssl_hash_none) { PRINT_BUF(95, (NULL, "RSAkey hash: MD5 result", hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result", @@ -1256,10 +1274,10 @@ ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg, /* Caller must set hiLevel error code. */ /* Called from ssl3_HandleServerKeyExchange. */ static SECStatus -ssl3_ComputeDHKeyHash(SECOidTag hashAlg, - SECItem dh_p, SECItem dh_g, SECItem dh_Ys, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeDHKeyHash(SSLHashType hashAlg, + SECItem dh_p, SECItem dh_g, SECItem dh_Ys, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; @@ -1302,7 +1320,7 @@ ssl3_ComputeDHKeyHash(SECOidTag hashAlg, bypassPKCS11); PRINT_BUF(95, (NULL, "DHkey hash: ", hashBuf, bufLen)); - if (hashAlg == SEC_OID_UNKNOWN) { + if (hashAlg == ssl_hash_none) { PRINT_BUF(95, (NULL, "DHkey hash: MD5 result", hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result", @@ -2540,7 +2558,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, PRUint32 fragLen; PRUint32 p1Len, p2Len, oddLen = 0; PRUint16 headerLen; - int ivLen = 0; + unsigned int ivLen = 0; int cipherBytes = 0; unsigned char pseudoHeader[13]; unsigned int pseudoHeaderLen; @@ -3102,7 +3120,8 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) { static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER | ssl_SEND_FLAG_CAP_RECORD_VERSION; - PRInt32 rv = SECSuccess; + PRInt32 count = -1; + SECStatus rv = SECSuccess; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -3116,18 +3135,19 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; } else { - rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, + count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len, flags); } - if (rv < 0) { + if (count < 0) { int err = PORT_GetError(); PORT_Assert(err != PR_WOULD_BLOCK_ERROR); if (err == PR_WOULD_BLOCK_ERROR) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } - } else if (rv < ss->sec.ci.sendBuf.len) { + rv = SECFailure; + } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { /* short write should never happen */ - PORT_Assert(rv >= ss->sec.ci.sendBuf.len); + PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; } else { @@ -3592,15 +3612,17 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) SECItem params; CK_FLAGS keyFlags; CK_VERSION pms_version; - CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; + /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ + CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; + unsigned int master_params_len; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); if (isTLS12) { - if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; - else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; - key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; + if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; + else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; + key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; keyFlags = CKF_SIGN | CKF_VERIFY; } else if (isTLS) { if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH; @@ -3624,9 +3646,15 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; master_params.RandomInfo.pServerRandom = sr; master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; + if (isTLS12) { + master_params.prfHashMechanism = CKM_SHA256; + master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); + } else { + master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); + } params.data = (unsigned char *) &master_params; - params.len = sizeof master_params; + params.len = master_params_len; } if (pms != NULL) { @@ -3756,7 +3784,9 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) PK11SymKey * symKey = NULL; void * pwArg = ss->pkcs11PinArg; int keySize; - CK_SSL3_KEY_MAT_PARAMS key_material_params; + CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a + * CK_SSL3_KEY_MAT_PARAMS */ + unsigned int key_material_params_len; CK_SSL3_KEY_MAT_OUT returnedKeys; CK_MECHANISM_TYPE key_derive; CK_MECHANISM_TYPE bulk_mechanism; @@ -3810,17 +3840,21 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) PORT_Assert( alg2Mech[calg].calg == calg); bulk_mechanism = alg2Mech[calg].cmech; - params.data = (unsigned char *)&key_material_params; - params.len = sizeof(key_material_params); - if (isTLS12) { - key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; + key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; + key_material_params.prfHashMechanism = CKM_SHA256; + key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); } else if (isTLS) { key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; + key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); } else { key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE; + key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); } + params.data = (unsigned char *)&key_material_params; + params.len = key_material_params_len; + /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and * DERIVE by DEFAULT */ symKey = PK11_Derive(pwSpec->master_secret, key_derive, ¶ms, @@ -4131,6 +4165,12 @@ ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize) PRUint8 b[4]; PRUint8 * p = b; + PORT_Assert(lenSize <= 4 && lenSize > 0); + if (lenSize < 4 && num >= (1L << (lenSize * 8))) { + PORT_SetError(SSL_ERROR_TX_RECORD_TOO_LONG); + return SECFailure; + } + switch (lenSize) { case 4: *p++ = (num >> 24) & 0xff; @@ -4223,17 +4263,12 @@ ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length) * |sigAndHash| to the current handshake message. */ SECStatus ssl3_AppendSignatureAndHashAlgorithm( - sslSocket *ss, const SSL3SignatureAndHashAlgorithm* sigAndHash) + sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash) { - unsigned char serialized[2]; + PRUint8 serialized[2]; - serialized[0] = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg); - if (serialized[0] == 0) { - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - return SECFailure; - } - - serialized[1] = sigAndHash->sigAlg; + serialized[0] = (PRUint8)sigAndHash->hashAlg; + serialized[1] = (PRUint8)sigAndHash->sigAlg; return ssl3_AppendHandshake(ss, serialized, sizeof(serialized)); } @@ -4347,15 +4382,13 @@ ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, /* tlsHashOIDMap contains the mapping between TLS hash identifiers and the * SECOidTag used internally by NSS. */ static const struct { - int tlsHash; + SSLHashType tlsHash; SECOidTag oid; } tlsHashOIDMap[] = { - { tls_hash_md5, SEC_OID_MD5 }, - { tls_hash_sha1, SEC_OID_SHA1 }, - { tls_hash_sha224, SEC_OID_SHA224 }, - { tls_hash_sha256, SEC_OID_SHA256 }, - { tls_hash_sha384, SEC_OID_SHA384 }, - { tls_hash_sha512, SEC_OID_SHA512 } + { ssl_hash_sha1, SEC_OID_SHA1 }, + { ssl_hash_sha256, SEC_OID_SHA256 }, + { ssl_hash_sha384, SEC_OID_SHA384 }, + { ssl_hash_sha512, SEC_OID_SHA512 } }; /* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value. @@ -4363,7 +4396,7 @@ static const struct { * * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ SECOidTag -ssl3_TLSHashAlgorithmToOID(int hashFunc) +ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc) { unsigned int i; @@ -4375,42 +4408,24 @@ ssl3_TLSHashAlgorithmToOID(int hashFunc) return SEC_OID_UNKNOWN; } -/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm - * identifier. If the hash is not recognised, zero is returned. - * - * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -static int -ssl3_OIDToTLSHashAlgorithm(SECOidTag oid) -{ - unsigned int i; - - for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) { - if (oid == tlsHashOIDMap[i].oid) { - return tlsHashOIDMap[i].tlsHash; - } - } - return 0; -} - /* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm * identifier for a given KeyType. */ static SECStatus -ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, - TLSSignatureAlgorithm *out) +ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, SSLSignType *out) { switch (keyType) { case rsaKey: - *out = tls_sig_rsa; - return SECSuccess; + *out = ssl_sign_rsa; + return SECSuccess; case dsaKey: - *out = tls_sig_dsa; - return SECSuccess; + *out = ssl_sign_dsa; + return SECSuccess; case ecKey: - *out = tls_sig_ecdsa; - return SECSuccess; + *out = ssl_sign_ecdsa; + return SECSuccess; default: - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_KEY); + return SECFailure; } } @@ -4418,15 +4433,15 @@ ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, * algorithm identifier for the given certificate. */ static SECStatus ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert, - TLSSignatureAlgorithm *out) + SSLSignType *out) { SECKEYPublicKey *key; KeyType keyType; key = CERT_ExtractPublicKey(cert); if (key == NULL) { - ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); - return SECFailure; + ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); + return SECFailure; } keyType = key->keyType; @@ -4436,24 +4451,75 @@ ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert, /* ssl3_CheckSignatureAndHashAlgorithmConsistency checks that the signature * algorithm identifier in |sigAndHash| is consistent with the public key in - * |cert|. If so, SECSuccess is returned. Otherwise, PORT_SetError is called - * and SECFailure is returned. */ + * |cert|. It also checks the hash algorithm against the configured signature + * algorithms. If all the tests pass, SECSuccess is returned. Otherwise, + * PORT_SetError is called and SECFailure is returned. */ SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( - const SSL3SignatureAndHashAlgorithm *sigAndHash, CERTCertificate* cert) + sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, + CERTCertificate* cert) { SECStatus rv; - TLSSignatureAlgorithm sigAlg; + SSLSignType sigAlg; + unsigned int i; rv = ssl3_TLSSignatureAlgorithmForCertificate(cert, &sigAlg); if (rv != SECSuccess) { - return rv; + return rv; } if (sigAlg != sigAndHash->sigAlg) { - PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); - return SECFailure; + PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); + return SECFailure; } - return SECSuccess; + + for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { + const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; + if (sigAndHash->sigAlg == alg->sigAlg && + sigAndHash->hashAlg == alg->hashAlg) { + return SECSuccess; + } + } + PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; +} + +PRBool +ssl3_IsSupportedSignatureAlgorithm(const SSLSignatureAndHashAlg *alg) +{ + static const SSLHashType supportedHashes[] = { + ssl_hash_sha1, + ssl_hash_sha256, + ssl_hash_sha384, + ssl_hash_sha512 + }; + + static const SSLSignType supportedSigAlgs[] = { + ssl_sign_rsa, +#ifndef NSS_DISABLE_ECC + ssl_sign_ecdsa, +#endif + ssl_sign_dsa + }; + + unsigned int i; + PRBool hashOK = PR_FALSE; + PRBool signOK = PR_FALSE; + + for (i = 0; i < PR_ARRAY_SIZE(supportedHashes); ++i) { + if (alg->hashAlg == supportedHashes[i]) { + hashOK = PR_TRUE; + break; + } + } + + for (i = 0; i < PR_ARRAY_SIZE(supportedSigAlgs); ++i) { + if (alg->sigAlg == supportedSigAlgs[i]) { + signOK = PR_TRUE; + break; + } + } + + return hashOK && signOK; } /* ssl3_ConsumeSignatureAndHashAlgorithm reads a SignatureAndHashAlgorithm @@ -4463,25 +4529,24 @@ ssl3_CheckSignatureAndHashAlgorithmConsistency( * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, - SSL3Opaque **b, - PRUint32 *length, - SSL3SignatureAndHashAlgorithm *out) + SSL3Opaque **b, + PRUint32 *length, + SSLSignatureAndHashAlg *out) { - unsigned char bytes[2]; + PRUint8 bytes[2]; SECStatus rv; rv = ssl3_ConsumeHandshake(ss, bytes, sizeof(bytes), b, length); if (rv != SECSuccess) { - return rv; + return rv; } - out->hashAlg = ssl3_TLSHashAlgorithmToOID(bytes[0]); - if (out->hashAlg == SEC_OID_UNKNOWN) { - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - return SECFailure; + out->hashAlg = (SSLHashType)bytes[0]; + out->sigAlg = (SSLSignType)bytes[1]; + if (!ssl3_IsSupportedSignatureAlgorithm(out)) { + PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; } - - out->sigAlg = bytes[1]; return SECSuccess; } @@ -4511,7 +4576,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, SSL3Opaque sha_inner[MAX_MAC_LENGTH]; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - hashes->hashAlg = SEC_OID_UNKNOWN; + hashes->hashAlg = ssl_hash_none; #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11 && @@ -4532,7 +4597,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ - hashes->hashAlg = SEC_OID_SHA256; + hashes->hashAlg = ssl_hash_sha256; rv = SECSuccess; } else if (ss->opt.bypassPKCS11) { /* compute them without PKCS11 */ @@ -4647,7 +4712,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, } /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ - hashes->hashAlg = SEC_OID_SHA256; + hashes->hashAlg = ssl_hash_sha256; rv = SECSuccess; tls12_loser: @@ -4826,7 +4891,7 @@ ssl3_ComputeBackupHandshakeHashes(sslSocket * ss, rv = SECFailure; goto loser; } - hashes->hashAlg = SEC_OID_SHA1; + hashes->hashAlg = ssl_hash_sha1; loser: PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE); @@ -4907,7 +4972,9 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (rv != SECSuccess) { return rv; /* ssl3_InitState has set the error code. */ } - ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ + /* These must be reset every handshake. */ + ss->ssl3.hs.sendingSCSV = PR_FALSE; + ss->ssl3.hs.preliminaryInfo = 0; PORT_Assert(IS_DTLS(ss) || !resending); SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE); @@ -5279,7 +5346,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) } for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; - if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange)) { + if (config_match(suite, ss->ssl3.policy, PR_TRUE, &ss->vrange, ss)) { actual_count++; if (actual_count > num_suites) { if (sid->u.ssl3.lock) { PR_RWLock_Unlock(sid->u.ssl3.lock); } @@ -5401,9 +5468,7 @@ ssl3_HandleHelloRequest(sslSocket *ss) return SECFailure; } if (ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { - ssl_GetXmitBufLock(ss); - rv = SSL3_SendAlert(ss, alert_warning, no_renegotiation); - ssl_ReleaseXmitBufLock(ss); + (void)SSL3_SendAlert(ss, alert_warning, no_renegotiation); PORT_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED); return SECFailure; } @@ -6097,9 +6162,9 @@ ssl3_SendClientKeyExchange(sslSocket *ss) isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); /* enforce limits on kea key sizes. */ if (ss->ssl3.hs.kea_def->is_limited) { - int keyLen = SECKEY_PublicKeyStrength(serverKey); /* bytes */ + unsigned int keyLen = SECKEY_PublicKeyStrengthInBits(serverKey); - if (keyLen * BPB > ss->ssl3.hs.kea_def->key_size_limit) { + if (keyLen > ss->ssl3.hs.kea_def->key_size_limit) { if (isTLS) (void)SSL3_SendAlert(ss, alert_fatal, export_restriction); else @@ -6154,7 +6219,7 @@ ssl3_SendCertificateVerify(sslSocket *ss) SSL3Hashes hashes; KeyType keyType; unsigned int len; - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); @@ -6208,11 +6273,11 @@ ssl3_SendCertificateVerify(sslSocket *ss) } if (isTLS12) { rv = ssl3_TLSSignatureAlgorithmForKeyType(keyType, - &sigAndHash.sigAlg); + &sigAndHash.sigAlg); if (rv != SECSuccess) { goto done; } - sigAndHash.hashAlg = hashes.hashAlg; + sigAndHash.hashAlg = hashes.hashAlg; rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash); if (rv != SECSuccess) { @@ -6305,6 +6370,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); rv = ssl3_InitHandshakeHashes(ss); @@ -6340,7 +6406,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; if (temp == suite->cipher_suite) { SSLVersionRange vrange = {ss->version, ss->version}; - if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { /* config_match already checks whether the cipher suite is * acceptable for the version, but the check is repeated here * in order to give a more precise error code. */ @@ -6364,6 +6430,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp); + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; PORT_Assert(ss->ssl3.hs.suite_def); if (!ss->ssl3.hs.suite_def) { PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE); @@ -6581,7 +6648,17 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); ss->ssl3.hs.isResuming = PR_FALSE; - ss->ssl3.hs.ws = wait_server_cert; + if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { + /* All current cipher suites other than those with sign_null (i.e., + * (EC)DH_anon_* suites) require a certificate, so use that signal. */ + ss->ssl3.hs.ws = wait_server_cert; + } else { + /* All the remaining cipher suites must be (EC)DH_anon_* and so + * must be ephemeral. Note, if we ever add PSK this might + * change. */ + PORT_Assert(ss->ssl3.hs.kea_def->ephemeral); + ss->ssl3.hs.ws = wait_server_key; + } return SECSuccess; alert_loser: @@ -6592,29 +6669,6 @@ loser: return SECFailure; } -/* ssl3_BigIntGreaterThanOne returns true iff |mpint|, taken as an unsigned, - * big-endian integer is > 1 */ -static PRBool -ssl3_BigIntGreaterThanOne(const SECItem* mpint) { - unsigned char firstNonZeroByte = 0; - unsigned int i; - - for (i = 0; i < mpint->len; i++) { - if (mpint->data[i]) { - firstNonZeroByte = mpint->data[i]; - break; - } - } - - if (firstNonZeroByte == 0) - return PR_FALSE; - if (firstNonZeroByte > 1) - return PR_TRUE; - - /* firstNonZeroByte == 1, therefore mpint > 1 iff the first non-zero byte - * is followed by another byte. */ - return (i < mpint->len - 1); -} /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 ServerKeyExchange message. @@ -6631,25 +6685,19 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SSL3AlertDescription desc = illegal_parameter; SSL3Hashes hashes; SECItem signature = {siBuffer, NULL, 0}; - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; - sigAndHash.hashAlg = SEC_OID_UNKNOWN; + sigAndHash.hashAlg = ssl_hash_none; SSL_TRC(3, ("%d: SSL3[%d]: handle server_key_exchange handshake", SSL_GETPID(), ss->fd)); PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.ws != wait_server_key && - ss->ssl3.hs.ws != wait_server_cert) { - errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; - desc = unexpected_message; - goto alert_loser; - } - if (ss->sec.peerCert == NULL) { - errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; - desc = unexpected_message; - goto alert_loser; + if (ss->ssl3.hs.ws != wait_server_key) { + errCode = SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH; + desc = unexpected_message; + goto alert_loser; } isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); @@ -6665,6 +6713,12 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } + /* This exchange method is only used by export cipher suites. + * Those are broken and so this code will eventually be removed. */ + if (SECKEY_BigIntegerBitLength(&modulus) < 512) { + desc = isTLS ? insufficient_security : illegal_parameter; + goto alert_loser; + } rv = ssl3_ConsumeHandshakeVariable(ss, &exponent, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ @@ -6675,7 +6729,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed or unsupported. */ } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss, &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; @@ -6698,10 +6752,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* * check to make sure the hash is signed by right guy */ - rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { errCode = ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); @@ -6750,12 +6804,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem dh_p = {siBuffer, NULL, 0}; SECItem dh_g = {siBuffer, NULL, 0}; SECItem dh_Ys = {siBuffer, NULL, 0}; + unsigned dh_p_bits; + unsigned dh_g_bits; + unsigned dh_Ys_bits; rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_p.len < 512/8) { + dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p); + if (dh_p_bits < SSL_DH_MIN_P_BITS) { errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } @@ -6763,13 +6821,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_g)) + /* Abort if dh_g is 0, 1, or obviously too big. */ + dh_g_bits = SECKEY_BigIntegerBitLength(&dh_g); + if (dh_g_bits > dh_p_bits || dh_g_bits <= 1) goto alert_loser; rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ } - if (dh_Ys.len > dh_p.len || !ssl3_BigIntGreaterThanOne(&dh_Ys)) + dh_Ys_bits = SECKEY_BigIntegerBitLength(&dh_Ys); + if (dh_Ys_bits > dh_p_bits || dh_Ys_bits <= 1) goto alert_loser; if (isTLS12) { rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, @@ -6777,7 +6838,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed or unsupported. */ } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss, &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; @@ -6804,10 +6865,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* * check to make sure the hash is signed by right guy */ - rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { errCode = ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); @@ -6876,14 +6937,13 @@ no_memory: /* no-memory error has already been set. */ return SECFailure; } - /* * Returns the TLS signature algorithm for the client authentication key and * whether it is an RSA or DSA key that may be able to sign only SHA-1 hashes. */ static SECStatus ssl3_ExtractClientKeyInfo(sslSocket *ss, - TLSSignatureAlgorithm *sigAlg, + SSLSignType *sigAlg, PRBool *preferSha1) { SECStatus rv = SECSuccess; @@ -6927,7 +6987,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, const SECItem *algorithms) { SECStatus rv; - TLSSignatureAlgorithm sigAlg; + SSLSignType sigAlg; PRBool preferSha1; PRBool supportsSha1 = PR_FALSE; PRBool supportsSha256 = PR_FALSE; @@ -6952,9 +7012,9 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, /* Determine the server's hash support for that signature algorithm. */ for (i = 0; i < algorithms->len; i += 2) { if (algorithms->data[i+1] == sigAlg) { - if (algorithms->data[i] == tls_hash_sha1) { + if (algorithms->data[i] == ssl_hash_sha1) { supportsSha1 = PR_TRUE; - } else if (algorithms->data[i] == tls_hash_sha256) { + } else if (algorithms->data[i] == ssl_hash_sha256) { supportsSha256 = PR_TRUE; } } @@ -7004,11 +7064,10 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.ws != wait_cert_request && - ss->ssl3.hs.ws != wait_server_key) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; - goto alert_loser; + if (ss->ssl3.hs.ws != wait_cert_request) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST; + goto alert_loser; } PORT_Assert(ss->ssl3.clientCertChain == NULL); @@ -7094,6 +7153,8 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.ws = wait_hello_done; if (ss->getClientAuthData != NULL) { + PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); /* XXX Should pass cert_types and algorithms in this call!! */ rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg, ss->fd, &ca_list, @@ -7198,6 +7259,8 @@ ssl3_CheckFalseStart(sslSocket *ss) SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher", SSL_GETPID(), ss->fd)); } else { + PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); rv = (ss->canFalseStartCallback)(ss->fd, ss->canFalseStartCallbackData, &ss->ssl3.hs.canFalseStart); @@ -7257,9 +7320,8 @@ ssl3_HandleServerHelloDone(sslSocket *ss) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); + /* Skipping CertificateRequest is always permitted. */ if (ws != wait_hello_done && - ws != wait_server_cert && - ws != wait_server_key && ws != wait_cert_request) { SSL3_SendAlert(ss, alert_fatal, unexpected_message); PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); @@ -7574,7 +7636,7 @@ ssl3_SendServerHelloSequence(sslSocket *ss) if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) { /* see if we can legally use the key in the cert. */ - int keyLen; /* bytes */ + unsigned int keyLen; /* bytes */ keyLen = PK11_GetPrivateModulusLen( ss->serverCerts[kea_def->exchKeyType].SERVERKEY); @@ -7595,14 +7657,11 @@ ssl3_SendServerHelloSequence(sslSocket *ss) return rv; #endif } -#ifndef NSS_DISABLE_ECC - } else if ((kea_def->kea == kea_ecdhe_rsa) || - (kea_def->kea == kea_ecdhe_ecdsa)) { - rv = ssl3_SendServerKeyExchange(ss); - if (rv != SECSuccess) { - return rv; /* err code was set. */ - } -#endif /* NSS_DISABLE_ECC */ + } else if (kea_def->ephemeral) { + rv = ssl3_SendServerKeyExchange(ss); + if (rv != SECSuccess) { + return rv; /* err code was set. */ + } } if (ss->opt.requestCertificate) { @@ -7624,6 +7683,22 @@ ssl3_SendServerHelloSequence(sslSocket *ss) /* An empty TLS Renegotiation Info (RI) extension */ static const PRUint8 emptyRIext[5] = {0xff, 0x01, 0x00, 0x01, 0x00}; +static PRBool +ssl3_KEAAllowsSessionTicket(SSL3KeyExchangeAlgorithm kea) +{ + switch (kea) { + case kea_dhe_dss: + case kea_dhe_dss_export: + case kea_dh_dss_export: + case kea_dh_dss: + /* TODO: Fix session tickets for DSS. The server code rejects the + * session ticket received from the client. Bug 1174677 */ + return PR_FALSE; + default: + return PR_TRUE; + }; +} + /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 Client Hello message. * Caller must hold Handshake and RecvBuf locks. @@ -7646,6 +7721,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem comps = {siBuffer, NULL, 0}; PRBool haveSpecWriteLock = PR_FALSE; PRBool haveXmitBufLock = PR_FALSE; + PRBool canOfferSessionTicket = PR_FALSE; SSL_TRC(3, ("%d: SSL3[%d]: handle client_hello handshake", SSL_GETPID(), ss->fd)); @@ -7653,6 +7729,22 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->ssl3.initialized ); + ss->ssl3.hs.preliminaryInfo = 0; + + if (!ss->sec.isServer || + (ss->ssl3.hs.ws != wait_client_hello && + ss->ssl3.hs.ws != idle_handshake)) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; + goto alert_loser; + } + if (ss->ssl3.hs.ws == idle_handshake && + ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { + desc = no_renegotiation; + level = alert_warning; + errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; + goto alert_loser; + } /* Get peer name of client */ rv = ssl_GetPeerInfo(ss); @@ -7680,20 +7772,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData)); ss->statelessResume = PR_FALSE; - if ((ss->ssl3.hs.ws != wait_client_hello) && - (ss->ssl3.hs.ws != idle_handshake)) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO; - goto alert_loser; - } - if (ss->ssl3.hs.ws == idle_handshake && - ss->opt.enableRenegotiation == SSL_RENEGOTIATE_NEVER) { - desc = no_renegotiation; - level = alert_warning; - errCode = SSL_ERROR_RENEGOTIATION_NOT_ALLOWED; - goto alert_loser; - } - if (IS_DTLS(ss)) { dtls_RehandshakeCleanup(ss); } @@ -7717,6 +7795,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; rv = ssl3_InitHandshakeHashes(ss); if (rv != SECSuccess) { @@ -7884,8 +7963,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * resuming.) */ if (ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && sid == NULL) { - ssl3_RegisterServerHelloExtensionSender(ss, - ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn); + canOfferSessionTicket = PR_TRUE; } if (sid != NULL) { @@ -7964,7 +8042,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * The product policy won't change during the process lifetime. * Implemented ("isPresent") shouldn't change for servers. */ - if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) break; #else if (!suite->enabled) @@ -7977,6 +8055,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; /* Use the cached compression method. */ ss->ssl3.hs.compression = sid->u.ssl3.compression; @@ -8013,7 +8092,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; SSLVersionRange vrange = {ss->version, ss->version}; - if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { continue; } for (i = 0; i + 1 < suites.len; i += 2) { @@ -8022,6 +8101,7 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; goto suite_found; } } @@ -8030,6 +8110,15 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto alert_loser; suite_found: + if (canOfferSessionTicket) + canOfferSessionTicket = ssl3_KEAAllowsSessionTicket( + ss->ssl3.hs.suite_def->key_exchange_alg); + + if (canOfferSessionTicket) { + ssl3_RegisterServerHelloExtensionSender(ss, + ssl_session_ticket_xtn, ssl3_SendSessionTicketXtn); + } + /* Select a compression algorithm. */ for (i = 0; i < comps.len; i++) { if (!compressionEnabled(ss, comps.data[i])) @@ -8250,6 +8339,9 @@ compression_found: if (ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) { int ret = 0; if (ss->sniSocketConfig) do { /* not a loop */ + PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); + ret = SSL_SNI_SEND_ALERT; /* If extension is negotiated, the len of names should > 0. */ if (ss->xtnData.sniNameArrSize) { @@ -8297,7 +8389,7 @@ compression_found: ret = SSL_SNI_SEND_ALERT; break; } - } else if (ret < ss->xtnData.sniNameArrSize) { + } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) { /* Application has configured new socket info. Lets check it * and save the name. */ SECStatus rv; @@ -8348,7 +8440,7 @@ compression_found: ssl3_SendServerNameXtn); } else { /* Callback returned index outside of the boundary. */ - PORT_Assert(ret < ss->xtnData.sniNameArrSize); + PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize); errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; desc = internal_error; ret = SSL_SNI_SEND_ALERT; @@ -8399,8 +8491,9 @@ compression_found: rv = ssl3_SendServerHelloSequence(ss); ssl_ReleaseXmitBufLock(ss); if (rv != SECSuccess) { - errCode = PORT_GetError(); - goto loser; + errCode = PORT_GetError(); + desc = handshake_failure; + goto alert_loser; } if (haveXmitBufLock) { @@ -8492,6 +8585,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; rv = ssl3_InitHandshakeHashes(ss); if (rv != SECSuccess) { @@ -8547,7 +8641,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) for (j = 0; j < ssl_V3_SUITES_IMPLEMENTED; j++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[j]; SSLVersionRange vrange = {ss->version, ss->version}; - if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange)) { + if (!config_match(suite, ss->ssl3.policy, PR_TRUE, &vrange, ss)) { continue; } for (i = 0; i+2 < suite_length; i += 3) { @@ -8556,6 +8650,7 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); + ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; goto suite_found; } } @@ -8746,6 +8841,154 @@ ssl3_SendServerHello(sslSocket *ss) return SECSuccess; } +static SECStatus +ssl3_PickSignatureHashAlgorithm(sslSocket *ss, + SSLSignatureAndHashAlg* out); + +static SECStatus +ssl3_SendDHServerKeyExchange(sslSocket *ss) +{ + const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; + SECStatus rv = SECFailure; + int length; + PRBool isTLS; + SECItem signed_hash = {siBuffer, NULL, 0}; + SSL3Hashes hashes; + SSLSignatureAndHashAlg sigAndHash; + SECKEYDHParams dhParam; + + ssl3KeyPair *keyPair = NULL; + SECKEYPublicKey *pubKey = NULL; /* Ephemeral DH key */ + SECKEYPrivateKey *privKey = NULL; /* Ephemeral DH key */ + int certIndex = -1; + + if (kea_def->kea != kea_dhe_dss && kea_def->kea != kea_dhe_rsa) { + /* TODO: Support DH_anon. It might be sufficient to drop the signature. + See bug 1170510. */ + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + return SECFailure; + } + + dhParam.prime.data = ss->dheParams->prime.data; + dhParam.prime.len = ss->dheParams->prime.len; + dhParam.base.data = ss->dheParams->base.data; + dhParam.base.len = ss->dheParams->base.len; + + PRINT_BUF(60, (NULL, "Server DH p", dhParam.prime.data, + dhParam.prime.len)); + PRINT_BUF(60, (NULL, "Server DH g", dhParam.base.data, + dhParam.base.len)); + + /* Generate ephemeral DH keypair */ + privKey = SECKEY_CreateDHPrivateKey(&dhParam, &pubKey, NULL); + if (!privKey || !pubKey) { + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + rv = SECFailure; + goto loser; + } + + keyPair = ssl3_NewKeyPair(privKey, pubKey); + if (!keyPair) { + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + goto loser; + } + + PRINT_BUF(50, (ss, "DH public value:", + pubKey->u.dh.publicValue.data, + pubKey->u.dh.publicValue.len)); + + if (ssl3_PickSignatureHashAlgorithm(ss, &sigAndHash) != SECSuccess) { + ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL); + goto loser; + } + + rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, + pubKey->u.dh.prime, + pubKey->u.dh.base, + pubKey->u.dh.publicValue, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; + } + + /* It has been suggested to test kea_def->signKeyType instead, and to use + * ssl_auth_* instead. Investigate what to do. See bug 102794. */ + if (kea_def->kea == kea_dhe_rsa) + certIndex = ssl_kea_rsa; + else + certIndex = ssl_kea_dh; + + isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0); + rv = ssl3_SignHashes(&hashes, ss->serverCerts[certIndex].SERVERKEY, + &signed_hash, isTLS); + if (rv != SECSuccess) { + goto loser; /* ssl3_SignHashes has set err. */ + } + if (signed_hash.data == NULL) { + PORT_SetError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); + goto loser; + } + length = 2 + pubKey->u.dh.prime.len + + 2 + pubKey->u.dh.base.len + + 2 + pubKey->u.dh.publicValue.len + + 2 + signed_hash.len; + + if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { + length += 2; + } + + rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + + rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.prime.data, + pubKey->u.dh.prime.len, 2); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + + rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.base.data, + pubKey->u.dh.base.len, 2); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + + rv = ssl3_AppendHandshakeVariable(ss, pubKey->u.dh.publicValue.data, + pubKey->u.dh.publicValue.len, 2); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + + if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { + rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + } + + rv = ssl3_AppendHandshakeVariable(ss, signed_hash.data, + signed_hash.len, 2); + if (rv != SECSuccess) { + goto loser; /* err set by AppendHandshake. */ + } + PORT_Free(signed_hash.data); + ss->dheKeyPair = keyPair; + return SECSuccess; + +loser: + if (signed_hash.data) + PORT_Free(signed_hash.data); + if (privKey) + SECKEY_DestroyPrivateKey(privKey); + if (pubKey) + SECKEY_DestroyPublicKey(pubKey); + return SECFailure; +} + /* ssl3_PickSignatureHashAlgorithm selects a hash algorithm to use when signing * elements of the handshake. (The negotiated cipher suite determines the * signature algorithm.) Prior to TLS 1.2, the MD5/SHA1 combination is always @@ -8753,18 +8996,10 @@ ssl3_SendServerHello(sslSocket *ss) * hash combinations. */ static SECStatus ssl3_PickSignatureHashAlgorithm(sslSocket *ss, - SSL3SignatureAndHashAlgorithm* out) + SSLSignatureAndHashAlg* out) { - TLSSignatureAlgorithm sigAlg; + SSLSignType sigAlg; unsigned int i, j; - /* hashPreference expresses our preferences for hash algorithms, most - * preferable first. */ - static const SECOidTag hashPreference[] = { - SEC_OID_SHA256, - SEC_OID_SHA384, - SEC_OID_SHA512, - SEC_OID_SHA1, - }; switch (ss->ssl3.hs.kea_def->kea) { case kea_rsa: @@ -8777,48 +9012,56 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, case kea_rsa_fips: case kea_ecdh_rsa: case kea_ecdhe_rsa: - sigAlg = tls_sig_rsa; - break; + sigAlg = ssl_sign_rsa; + break; case kea_dh_dss: case kea_dh_dss_export: case kea_dhe_dss: case kea_dhe_dss_export: - sigAlg = tls_sig_dsa; - break; + sigAlg = ssl_sign_dsa; + break; case kea_ecdh_ecdsa: case kea_ecdhe_ecdsa: - sigAlg = tls_sig_ecdsa; - break; + sigAlg = ssl_sign_ecdsa; + break; default: - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); - return SECFailure; + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); + return SECFailure; } out->sigAlg = sigAlg; if (ss->version <= SSL_LIBRARY_VERSION_TLS_1_1) { - /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and - * prior. */ - out->hashAlg = SEC_OID_UNKNOWN; - return SECSuccess; + /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and + * prior. */ + out->hashAlg = ssl_hash_none; + return SECSuccess; } if (ss->ssl3.hs.numClientSigAndHash == 0) { - /* If the client didn't provide any signature_algorithms extension then - * we can assume that they support SHA-1: - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - out->hashAlg = SEC_OID_SHA1; - return SECSuccess; + /* If the client didn't provide any signature_algorithms extension then + * we can assume that they support SHA-1: + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ + out->hashAlg = ssl_hash_sha1; + return SECSuccess; } - for (i = 0; i < PR_ARRAY_SIZE(hashPreference); i++) { - for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) { - const SSL3SignatureAndHashAlgorithm* sh = - &ss->ssl3.hs.clientSigAndHash[j]; - if (sh->sigAlg == sigAlg && sh->hashAlg == hashPreference[i]) { - out->hashAlg = sh->hashAlg; - return SECSuccess; - } - } + /* Here we look for the first server preference that the client has + * indicated support for in their signature_algorithms extension. */ + for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { + const SSLSignatureAndHashAlg *serverPref = + &ss->ssl3.signatureAlgorithms[i]; + if (serverPref->sigAlg != sigAlg) { + continue; + } + for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) { + const SSLSignatureAndHashAlg *clientPref = + &ss->ssl3.hs.clientSigAndHash[j]; + if (clientPref->hashAlg == serverPref->hashAlg && + clientPref->sigAlg == sigAlg) { + out->hashAlg = serverPref->hashAlg; + return SECSuccess; + } + } } PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); @@ -8836,7 +9079,7 @@ ssl3_SendServerKeyExchange(sslSocket *ss) SECItem signed_hash = {siBuffer, NULL, 0}; SSL3Hashes hashes; SECKEYPublicKey * sdPub; /* public key for step-down */ - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -8883,6 +9126,10 @@ ssl3_SendServerKeyExchange(sslSocket *ss) 2 + sdPub->u.rsa.publicExponent.len + 2 + signed_hash.len; + if (ss->ssl3.pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { + length += 2; + } + rv = ssl3_AppendHandshakeHeader(ss, server_key_exchange, length); if (rv != SECSuccess) { goto loser; /* err set by AppendHandshake. */ @@ -8916,6 +9163,11 @@ ssl3_SendServerKeyExchange(sslSocket *ss) PORT_Free(signed_hash.data); return SECSuccess; + case ssl_kea_dh: { + rv = ssl3_SendDHServerKeyExchange(ss); + return rv; + } + #ifndef NSS_DISABLE_ECC case kt_ecdh: { rv = ssl3_SendECDHServerKeyExchange(ss, &sigAndHash); @@ -8923,7 +9175,6 @@ ssl3_SendServerKeyExchange(sslSocket *ss) } #endif /* NSS_DISABLE_ECC */ - case kt_dh: case kt_null: default: PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); @@ -8935,6 +9186,36 @@ loser: return SECFailure; } +static SECStatus +ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, + unsigned maxLen, PRUint32 *len) +{ + unsigned int i; + + PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2); + if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + *len = 0; + for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { + const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; + /* Note that we don't support a handshake hash with anything other than + * SHA-256, so asking for a signature from clients for something else + * would be inviting disaster. */ + if (alg->hashAlg == ssl_hash_sha256) { + buf[(*len)++] = (PRUint8)alg->hashAlg; + buf[(*len)++] = (PRUint8)alg->sigAlg; + } + } + + if (*len == 0) { + PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; + } + return SECSuccess; +} static SECStatus ssl3_SendCertificateRequest(sslSocket *ss) @@ -8943,7 +9224,6 @@ ssl3_SendCertificateRequest(sslSocket *ss) SECItem * name; CERTDistNames *ca_list; const PRUint8 *certTypes; - const PRUint8 *sigAlgs; SECItem * names = NULL; SECStatus rv; int length; @@ -8951,7 +9231,8 @@ ssl3_SendCertificateRequest(sslSocket *ss) int calen = 0; int nnames = 0; int certTypesLength; - int sigAlgsLength; + PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2]; + unsigned int sigAlgsLength; SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", SSL_GETPID(), ss->fd)); @@ -8978,12 +9259,15 @@ ssl3_SendCertificateRequest(sslSocket *ss) certTypes = certificate_types; certTypesLength = sizeof certificate_types; - sigAlgs = supported_signature_algorithms; - sigAlgsLength = sizeof supported_signature_algorithms; length = 1 + certTypesLength + 2 + calen; if (isTLS12) { - length += 2 + sigAlgsLength; + rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs), + &sigAlgsLength); + if (rv != SECSuccess) { + return rv; + } + length += 2 + sigAlgsLength; } rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); @@ -9049,7 +9333,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY; SSL3AlertDescription desc = handshake_failure; PRBool isTLS, isTLS12; - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake", SSL_GETPID(), ss->fd)); @@ -9059,7 +9343,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - if (ss->ssl3.hs.ws != wait_cert_verify || ss->sec.peerCert == NULL) { + if (ss->ssl3.hs.ws != wait_cert_verify) { desc = unexpected_message; errCode = SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY; goto alert_loser; @@ -9072,7 +9356,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, goto loser; /* malformed or unsupported. */ } rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - &sigAndHash, ss->sec.peerCert); + ss, &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { errCode = PORT_GetError(); desc = decrypt_error; @@ -9081,7 +9365,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, /* We only support CertificateVerify messages that use the handshake * hash. */ - if (sigAndHash.hashAlg != hashes->hashAlg) { + if (sigAndHash.hashAlg != hashes->hashAlg) { errCode = SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM; desc = decrypt_error; goto alert_loser; @@ -9332,6 +9616,59 @@ double_bypass: return SECSuccess; } +static SECStatus +ssl3_HandleDHClientKeyExchange(sslSocket *ss, + SSL3Opaque *b, + PRUint32 length, + SECKEYPublicKey *srvrPubKey, + SECKEYPrivateKey *serverKey) +{ + PK11SymKey *pms; + SECStatus rv; + SECKEYPublicKey clntPubKey; + CK_MECHANISM_TYPE target; + PRBool isTLS; + + PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); + PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); + PORT_Assert( srvrPubKey ); + + clntPubKey.keyType = dhKey; + clntPubKey.u.dh.prime.len = srvrPubKey->u.dh.prime.len; + clntPubKey.u.dh.prime.data = srvrPubKey->u.dh.prime.data; + clntPubKey.u.dh.base.len = srvrPubKey->u.dh.base.len; + clntPubKey.u.dh.base.data = srvrPubKey->u.dh.base.data; + + rv = ssl3_ConsumeHandshakeVariable(ss, &clntPubKey.u.dh.publicValue, + 2, &b, &length); + if (rv != SECSuccess) { + goto loser; + } + + isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); + + if (isTLS) target = CKM_TLS_MASTER_KEY_DERIVE_DH; + else target = CKM_SSL3_MASTER_KEY_DERIVE_DH; + + /* Determine the PMS */ + pms = PK11_PubDerive(serverKey, &clntPubKey, PR_FALSE, NULL, NULL, + CKM_DH_PKCS_DERIVE, target, CKA_DERIVE, 0, NULL); + if (pms == NULL) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); pms = NULL; + +loser: + if (ss->dheKeyPair) { + ssl3_FreeKeyPair(ss->dheKeyPair); + ss->dheKeyPair = NULL; + } + return rv; +} + /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete * ssl3 ClientKeyExchange message from the remote client @@ -9344,9 +9681,7 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECStatus rv; const ssl3KEADef *kea_def; ssl3KeyPair *serverKeyPair = NULL; -#ifndef NSS_DISABLE_ECC SECKEYPublicKey *serverPubKey = NULL; -#endif /* NSS_DISABLE_ECC */ SSL_TRC(3, ("%d: SSL3[%d]: handle client_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -9376,6 +9711,16 @@ ssl3_HandleClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->sec.keaKeyBits = EXPORT_RSA_KEY_LENGTH * BPB; } else skip: + if (kea_def->kea == kea_dhe_dss || + kea_def->kea == kea_dhe_rsa) { + if (ss->dheKeyPair) { + serverKeyPair = ss->dheKeyPair; + if (serverKeyPair->pubKey) { + ss->sec.keaKeyBits = + SECKEY_PublicKeyStrengthInBits(serverKeyPair->pubKey); + } + } + } else #ifndef NSS_DISABLE_ECC /* XXX Using SSLKEAType to index server certifiates * does not work for (EC)DHE ciphers. Until we have @@ -9421,6 +9766,21 @@ skip: } break; + case ssl_kea_dh: + if (ss->dheKeyPair && ss->dheKeyPair->pubKey) { + serverPubKey = ss->dheKeyPair->pubKey; + } + if (!serverPubKey) { + PORT_SetError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); + return SECFailure; + } + rv = ssl3_HandleDHClientKeyExchange(ss, b, length, + serverPubKey, serverKey); + if (rv != SECSuccess) { + SSL3_SendAlert(ss, alert_fatal, handshake_failure); + return SECFailure; /* error code set */ + } + break; #ifndef NSS_DISABLE_ECC case kt_ecdh: @@ -9845,11 +10205,11 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if ((ss->ssl3.hs.ws != wait_server_cert) && - (ss->ssl3.hs.ws != wait_client_cert)) { - desc = unexpected_message; - errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE; - goto alert_loser; + if ((isServer && ss->ssl3.hs.ws != wait_client_cert) || + (!isServer && ss->ssl3.hs.ws != wait_server_cert)) { + desc = unexpected_message; + errCode = SSL_ERROR_RX_UNEXPECTED_CERTIFICATE; + goto alert_loser; } if (ss->sec.peerCert != NULL) { @@ -10012,6 +10372,8 @@ ssl3_AuthCertificate(sslSocket *ss) ss->ssl3.hs.authCertificatePending = PR_FALSE; + PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); /* * Ask caller-supplied callback function to validate cert chain. */ @@ -10055,49 +10417,43 @@ ssl3_AuthCertificate(sslSocket *ss) ss->sec.authAlgorithm = ss->ssl3.hs.kea_def->signKeyType; ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType; if (pubKey) { + KeyType pubKeyType; ss->sec.keaKeyBits = ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); -#ifndef NSS_DISABLE_ECC - if (ss->sec.keaType == kt_ecdh) { - /* Get authKeyBits from signing key. - * XXX The code below uses a quick approximation of - * key size based on cert->signatureWrap.signature.data - * (which contains the DER encoded signature). The field - * cert->signatureWrap.signature.len contains the - * length of the encoded signature in bits. - */ - if (ss->ssl3.hs.kea_def->kea == kea_ecdh_ecdsa) { - ss->sec.authKeyBits = - cert->signatureWrap.signature.data[3]*8; - if (cert->signatureWrap.signature.data[4] == 0x00) - ss->sec.authKeyBits -= 8; - /* - * XXX: if cert is not signed by ecdsa we should - * destroy pubKey and goto bad_cert - */ - } else if (ss->ssl3.hs.kea_def->kea == kea_ecdh_rsa) { - ss->sec.authKeyBits = cert->signatureWrap.signature.len; - /* - * XXX: if cert is not signed by rsa we should - * destroy pubKey and goto bad_cert - */ - } - } -#endif /* NSS_DISABLE_ECC */ + pubKeyType = SECKEY_GetPublicKeyType(pubKey); + /* Too small: not good enough. Send a fatal alert. */ + /* We aren't checking EC here on the understanding that we only + * support curves we like, a decision that might need revisiting. */ + if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey || + pubKeyType == rsaOaepKey) && + ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) || + (pubKeyType == dsaKey && + ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) || + (pubKeyType == dhKey && + ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) { + PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY); + (void)SSL3_SendAlert(ss, alert_fatal, + ss->version >= SSL_LIBRARY_VERSION_TLS_1_0 + ? insufficient_security + : illegal_parameter); + SECKEY_DestroyPublicKey(pubKey); + return SECFailure; + } SECKEY_DestroyPublicKey(pubKey); pubKey = NULL; } - ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ - if (ss->ssl3.hs.kea_def->is_limited || - /* XXX OR server cert is signing only. */ -#ifndef NSS_DISABLE_ECC - ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || - ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || -#endif /* NSS_DISABLE_ECC */ - ss->ssl3.hs.kea_def->exchKeyType == kt_dh) { - ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */ - } + /* Ephemeral suites require ServerKeyExchange. Export cipher suites + * with RSA key exchange also require ServerKeyExchange if the + * authentication key exceeds the key size limit. */ + if (ss->ssl3.hs.kea_def->ephemeral || + (ss->ssl3.hs.kea_def->is_limited && + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa && + ss->sec.authKeyBits > ss->ssl3.hs.kea_def->key_size_limit)) { + ss->ssl3.hs.ws = wait_server_key; /* require server_key_exchange */ + } else { + ss->ssl3.hs.ws = wait_cert_request; /* disallow server_key_exchange */ + } } else { ss->ssl3.hs.ws = wait_client_key; } @@ -10205,16 +10561,42 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, const SSL3Hashes * hashes, TLSFinished * tlsFinished) { - const char * label; - unsigned int len; - SECStatus rv; + SECStatus rv; + CK_TLS_MAC_PARAMS tls_mac_params; + SECItem param = {siBuffer, NULL, 0}; + PK11Context *prf_context; + unsigned int retLen; - label = isServer ? "server finished" : "client finished"; - len = 15; + if (!spec->master_secret || spec->bypassCiphers) { + const char *label = isServer ? "server finished" : "client finished"; + unsigned int len = 15; - rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, - hashes->len, tlsFinished->verify_data, - sizeof tlsFinished->verify_data); + return ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, + hashes->len, tlsFinished->verify_data, + sizeof tlsFinished->verify_data); + } + + if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { + tls_mac_params.prfMechanism = CKM_TLS_PRF; + } else { + tls_mac_params.prfMechanism = CKM_SHA256; + } + tls_mac_params.ulMacLength = 12; + tls_mac_params.ulServerOrClient = isServer ? 1 : 2; + param.data = (unsigned char *)&tls_mac_params; + param.len = sizeof(tls_mac_params); + prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN, + spec->master_secret, ¶m); + if (!prf_context) + return SECFailure; + + rv = PK11_DigestBegin(prf_context); + rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len); + rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen, + sizeof tlsFinished->verify_data); + PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data); + + PK11_DestroyContext(prf_context, PR_TRUE); return rv; } @@ -10609,7 +10991,8 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, * ServerHello message.) */ if (isServer && !ss->ssl3.hs.isResuming && - ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn)) { + ssl3_ExtensionNegotiated(ss, ssl_session_ticket_xtn) && + ssl3_KEAAllowsSessionTicket(ss->ssl3.hs.suite_def->key_exchange_alg)) { /* RFC 5077 Section 3.3: "In the case of a full handshake, the * server MUST verify the client's Finished message before sending * the ticket." Presumably, this also means that the client's @@ -10657,7 +11040,8 @@ xmit_loser: return rv; } - if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { + if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || + ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { effectiveExchKeyType = kt_rsa; } else { effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; @@ -11020,7 +11404,7 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) #define MAX_HANDSHAKE_MSG_LEN 0x1ffff /* 128k - 1 */ if (ss->ssl3.hs.msg_len > MAX_HANDSHAKE_MSG_LEN) { (void)ssl3_DecodeError(ss); - PORT_SetError(SSL_ERROR_RX_RECORD_TOO_LONG); + PORT_SetError(SSL_ERROR_RX_MALFORMED_HANDSHAKE); return SECFailure; } #undef MAX_HANDSHAKE_MSG_LEN @@ -11321,7 +11705,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) SSL3Opaque *givenHash; sslBuffer *plaintext; sslBuffer temp_buf; - PRUint64 dtls_seq_num; + PRUint64 dtls_seq_num = 0; unsigned int ivLen = 0; unsigned int originalLen = 0; unsigned int good; @@ -11802,6 +12186,7 @@ ssl3_InitState(sslSocket *ss) ss->ssl3.hs.sendingSCSV = PR_FALSE; ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); + ss->ssl3.hs.preliminaryInfo = 0; ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; #ifndef NSS_DISABLE_ECC @@ -11875,8 +12260,6 @@ ssl3_FreeKeyPair(ssl3KeyPair * keyPair) } } - - /* * Creates the public and private RSA keys for SSL Step down. * Called from SSL_ConfigSecureServer in sslsecur.c @@ -11908,7 +12291,6 @@ ssl3_CreateRSAStepDownKeys(sslSocket *ss) return rv; } - /* record the export policy for this cipher suite */ SECStatus ssl3_SetPolicy(ssl3CipherSuite which, int policy) @@ -12009,11 +12391,87 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) return rv; } +SECStatus +SSL_SignaturePrefSet(PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms, + unsigned int count) +{ + sslSocket *ss; + unsigned int i; + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefSet", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + if (!count || count > MAX_SIGNATURE_ALGORITHMS) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + ss->ssl3.signatureAlgorithmCount = 0; + for (i = 0; i < count; ++i) { + if (!ssl3_IsSupportedSignatureAlgorithm(&algorithms[i])) { + SSL_DBG(("%d: SSL[%d]: invalid signature algorithm set %d/%d", + SSL_GETPID(), fd, algorithms[i].sigAlg, + algorithms[i].hashAlg)); + continue; + } + + ss->ssl3.signatureAlgorithms[ss->ssl3.signatureAlgorithmCount++] = + algorithms[i]; + } + + if (ss->ssl3.signatureAlgorithmCount == 0) { + PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); + return SECFailure; + } + return SECSuccess; +} + +SECStatus +SSL_SignaturePrefGet(PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, + unsigned int *count, unsigned int maxCount) +{ + sslSocket *ss; + unsigned int requiredSpace; + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefGet", + SSL_GETPID(), fd)); + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + if (!algorithms || !count || + maxCount < ss->ssl3.signatureAlgorithmCount) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + requiredSpace = + ss->ssl3.signatureAlgorithmCount * sizeof(SSLSignatureAndHashAlg); + PORT_Memcpy(algorithms, ss->ssl3.signatureAlgorithms, requiredSpace); + *count = ss->ssl3.signatureAlgorithmCount; + return SECSuccess; +} + +unsigned int +SSL_SignatureMaxCount() { + return MAX_SIGNATURE_ALGORITHMS; +} + /* copy global default policy into socket. */ void ssl3_InitSocketPolicy(sslSocket *ss) { PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); + PORT_Memcpy(ss->ssl3.signatureAlgorithms, defaultSignatureAlgorithms, + sizeof(defaultSignatureAlgorithms)); + ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms); } /* ssl3_config_match_init must have already been called by @@ -12041,7 +12499,7 @@ ssl3_ConstructV2CipherSpecsHack(sslSocket *ss, unsigned char *cs, int *size) /* ssl3_config_match_init was called by the caller of this function. */ for (i = 0; i < ssl_V3_SUITES_IMPLEMENTED; i++) { ssl3CipherSuiteCfg *suite = &ss->cipherSuites[i]; - if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange)) { + if (config_match(suite, SSL_ALLOWED, PR_TRUE, &ss->vrange, ss)) { if (cs != NULL) { *cs++ = 0x00; *cs++ = (suite->cipher_suite >> 8) & 0xFF; @@ -12166,6 +12624,10 @@ ssl3_DestroySSL3Info(sslSocket *ss) } } + if (ss->ssl3.dheGroups) { + PORT_Free(ss->ssl3.dheGroups); + } + ss->ssl3.initialized = PR_FALSE; SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index aca2b74d..5dbca165 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -208,7 +208,7 @@ params2ecName(SECKEYECParams * params) /* Caller must set hiLevel error code. */ static SECStatus -ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, +ssl3_ComputeECDHKeyHash(SSLHashType hashAlg, SECItem ec_params, SECItem server_ecpoint, SSL3Random *client_rand, SSL3Random *server_rand, SSL3Hashes *hashes, PRBool bypassPKCS11) @@ -297,7 +297,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) pubKey->u.ec.publicValue.len)); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_TLS12_MASTER_KEY_DERIVE_DH; } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { @@ -388,7 +388,7 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); if (isTLS12) { - target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + target = CKM_TLS12_MASTER_KEY_DERIVE_DH; } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { @@ -609,9 +609,9 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem ec_params = {siBuffer, NULL, 0}; SECItem ec_point = {siBuffer, NULL, 0}; unsigned char paramBuf[3]; /* only for curve_type == named_curve */ - SSL3SignatureAndHashAlgorithm sigAndHash; + SSLSignatureAndHashAlg sigAndHash; - sigAndHash.hashAlg = SEC_OID_UNKNOWN; + sigAndHash.hashAlg = ssl_hash_none; isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); @@ -653,7 +653,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto loser; /* malformed or unsupported. */ } rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - &sigAndHash, ss->sec.peerCert); + ss, &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; } @@ -750,7 +750,7 @@ no_memory: /* no-memory error has already been set. */ SECStatus ssl3_SendECDHServerKeyExchange( sslSocket *ss, - const SSL3SignatureAndHashAlgorithm *sigAndHash) + const SSLSignatureAndHashAlg *sigAndHash) { const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; SECStatus rv = SECFailure; @@ -967,9 +967,7 @@ ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) if (!suite) suite = ecSuites; for (; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); } return SECSuccess; } @@ -1128,7 +1126,10 @@ ssl3_SendSupportedCurvesXtn( ecList = tlsECList; } - if (append && maxBytes >= ecListSize) { + if (maxBytes < (PRUint32)ecListSize) { + return 0; + } + if (append) { SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); if (rv != SECSuccess) return -1; diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index 6965a6df..c45f2954 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -311,7 +311,7 @@ ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { static PRBool arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) { - int i; + unsigned int i; for (i = 0; i < len; i++) { if (ex_type == array[i]) return PR_TRUE; @@ -451,7 +451,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECFailure; } for (i = 0;i < listCount;i++) { - int j; + unsigned int j; PRInt32 type; SECStatus rv; PRBool nametypePresent = PR_FALSE; @@ -539,7 +539,11 @@ ssl3_SendSessionTicketXtn( } } - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); @@ -562,9 +566,6 @@ ssl3_SendSessionTicketXtn( xtnData->advertised[xtnData->numAdvertised++] = ssl_session_ticket_xtn; } - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; @@ -625,12 +626,17 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) rv = ssl3_ValidateNextProtoNego(data->data, data->len); if (rv != SECSuccess) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return rv; } PORT_Assert(ss->nextProtoCallback); + /* For ALPN, the cipher suite isn't selected yet. Note that extensions + * sometimes affect what cipher suite is selected, e.g., for ECC. */ + PORT_Assert((ss->ssl3.hs.preliminaryInfo & + ssl_preinfo_all & ~ssl_preinfo_cipher_suite) == + (ssl_preinfo_all & ~ssl_preinfo_cipher_suite)); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, result.data, &result.len, sizeof(resultBuffer)); if (rv != SECSuccess) { @@ -653,8 +659,8 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NEGOTIATED) { /* The callback might say OK, but then it picks a default value - one * that was not listed. That's OK for NPN, but not ALPN. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); (void)SSL3_SendAlert(ss, alert_fatal, no_application_protocol); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL); return SECFailure; } @@ -673,8 +679,8 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) * despite it being permitted by the spec. */ if (ss->firstHsDone || data->len == 0) { /* Clients MUST send a non-empty ALPN extension. */ - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -701,8 +707,8 @@ ssl3_ServerHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) rv = ssl3_RegisterServerHelloExtensionSender( ss, ex_type, ssl3_ServerSendAppProtoXtn); if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return rv; } } @@ -722,8 +728,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we've negotiated NPN then we're required to send the NPN handshake * message. Thus, these two extensions cannot both be negotiated on the * same connection. */ - PORT_SetError(SSL_ERROR_BAD_SERVER); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_BAD_SERVER); return SECFailure; } @@ -733,8 +739,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, * we sent the ClientHello and now. */ if (!ss->nextProtoCallback) { PORT_Assert(0); - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_NO_CALLBACK); return SECFailure; } @@ -758,16 +764,16 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) * uint8 len; // where len >= 1 * uint8 protocol_name[len]; */ if (data->len < 4 || data->len > 2 + 1 + 255) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } list_len = ssl3_ConsumeHandshakeNumber(ss, 2, &data->data, &data->len); /* The list has to be the entire extension. */ if (list_len != data->len) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -775,8 +781,8 @@ ssl3_ClientHandleAppProtoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) &data->data, &data->len); /* The list must have exactly one value. */ if (rv != SECSuccess || data->len != 0) { - PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID); return SECFailure; } @@ -799,7 +805,10 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, extension_length = 4; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); if (rv != SECSuccess) @@ -809,8 +818,6 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_next_proto_nego_xtn; - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -834,7 +841,10 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list length */ + ss->opt.nextProtoNego.len; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { /* NPN requires that the client's fallback protocol is first in the * list. However, ALPN sends protocols in preference order. So we * allocate a buffer and move the first protocol to the end of the @@ -874,8 +884,6 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_app_layer_protocol_xtn; - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -903,7 +911,10 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list */ + 1 /* name length */ + ss->ssl3.nextProto.len; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); if (rv != SECSuccess) { @@ -922,8 +933,6 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) if (rv != SECSuccess) { return -1; } - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -970,7 +979,10 @@ ssl3_ServerSendStatusRequestXtn( return 0; extension_length = 2 + 2; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); if (rv != SECSuccess) @@ -1003,7 +1015,11 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, */ extension_length = 9; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; TLSExtensionData *xtnData; @@ -1031,9 +1047,6 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; } @@ -1045,7 +1058,7 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, SECStatus ssl3_SendNewSessionTicket(sslSocket *ss) { - int i; + PRUint32 i; SECStatus rv; NewSessionTicket ticket; SECItem plaintext; @@ -1125,7 +1138,8 @@ ssl3_SendNewSessionTicket(sslSocket *ss) sslSessionID sid; PORT_Memset(&sid, 0, sizeof(sslSessionID)); - if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) { + if (ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa || + ss->ssl3.hs.kea_def->kea == kea_dhe_rsa) { effectiveExchKeyType = kt_rsa; } else { effectiveExchKeyType = ss->ssl3.hs.kea_def->exchKeyType; @@ -1420,7 +1434,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, if (data->len == 0) { ss->xtnData.emptySessionTicket = PR_TRUE; } else { - int i; + PRUint32 i; SECItem extension_data; EncryptedSessionTicket enc_session_ticket; unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; @@ -2010,7 +2024,10 @@ ssl3_SendRenegotiationInfoXtn( (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 : ss->ssl3.hs.finishedBytes); needed = 5 + len; - if (append && maxBytes >= needed) { + if (maxBytes < (PRUint32)needed) { + return 0; + } + if (append) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); @@ -2063,8 +2080,8 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data) } if (len && NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data, data->data + 1, len)) { - PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); (void)SSL3_SendAlert(ss, alert_fatal, handshake_failure); + PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE); return SECFailure; } /* remember that we got this extension and it was correct. */ @@ -2188,8 +2205,8 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } if (!found) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); return SECFailure; } @@ -2202,8 +2219,8 @@ ssl3_ClientHandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* We didn't offer an MKI, so this must be 0 length */ if (litem.len != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, illegal_parameter); + PORT_SetError(SSL_ERROR_RX_MALFORMED_SERVER_HELLO); return SECFailure; } @@ -2299,7 +2316,7 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; SECItem algorithms; const unsigned char *b; - unsigned int numAlgorithms, i, j; + unsigned int numAlgorithms, i; /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { @@ -2313,8 +2330,8 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } /* Trailing data, empty value, or odd-length value is invalid. */ if (data->len != 0 || algorithms.len == 0 || (algorithms.len & 1) != 0) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, decode_error); + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); return SECFailure; } @@ -2326,30 +2343,24 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } ss->ssl3.hs.clientSigAndHash = - PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); + PORT_NewArray(SSLSignatureAndHashAlg, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { - PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); (void)SSL3_SendAlert(ss, alert_fatal, internal_error); + PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); return SECFailure; } ss->ssl3.hs.numClientSigAndHash = 0; b = algorithms.data; - for (i = j = 0; i < numAlgorithms; i++) { - unsigned char tls_hash = *(b++); - unsigned char tls_sig = *(b++); - SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); - - if (hash == SEC_OID_UNKNOWN) { - /* We ignore formats that we don't understand. */ - continue; + ss->ssl3.hs.numClientSigAndHash = 0; + for (i = 0; i < numAlgorithms; i++) { + SSLSignatureAndHashAlg *sigAndHash = + &ss->ssl3.hs.clientSigAndHash[ss->ssl3.hs.numClientSigAndHash]; + sigAndHash->hashAlg = (SSLHashType)*(b++); + sigAndHash->sigAlg = (SSLSignType)*(b++); + if (ssl3_IsSupportedSignatureAlgorithm(sigAndHash)) { + ++ss->ssl3.hs.numClientSigAndHash; } - /* tls_sig support will be checked later in - * ssl3_PickSignatureHashAlgorithm. */ - ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash; - ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig; - ++j; - ++ss->ssl3.hs.numClientSigAndHash; } if (!ss->ssl3.hs.numClientSigAndHash) { @@ -2367,24 +2378,11 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS * 1.2 ClientHellos. */ static PRInt32 -ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) +ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) { - static const unsigned char signatureAlgorithms[] = { - /* This block is the contents of our signature_algorithms extension, in - * wire format. See - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - tls_hash_sha256, tls_sig_rsa, - tls_hash_sha384, tls_sig_rsa, - tls_hash_sha1, tls_sig_rsa, -#ifndef NSS_DISABLE_ECC - tls_hash_sha256, tls_sig_ecdsa, - tls_hash_sha384, tls_sig_ecdsa, - tls_hash_sha1, tls_sig_ecdsa, -#endif - tls_hash_sha256, tls_sig_dsa, - tls_hash_sha1, tls_sig_dsa, - }; PRInt32 extension_length; + unsigned int i; + PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2]; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { return 0; @@ -2394,31 +2392,38 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* extension type */ + 2 /* extension length */ + 2 /* supported_signature_algorithms length */ + - sizeof(signatureAlgorithms); + ss->ssl3.signatureAlgorithmCount * 2; - if (append && maxBytes >= extension_length) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, - sizeof(signatureAlgorithms), 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_signature_algorithms_xtn; - } else if (maxBytes < extension_length) { + if (maxBytes < extension_length) { PORT_Assert(0); return 0; } - return extension_length; + if (append) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); + if (rv != SECSuccess) { + return -1; + } + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) { + return -1; + } -loser: - return -1; + for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { + buf[i * 2] = ss->ssl3.signatureAlgorithms[i].hashAlg; + buf[i * 2 + 1] = ss->ssl3.signatureAlgorithms[i].sigAlg; + } + rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2); + if (rv != SECSuccess) { + return -1; + } + + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_signature_algorithms_xtn; + } + + return extension_length; } unsigned int @@ -2486,7 +2491,11 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } extension_length = 6; /* Type + length + number */ - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2); if (rv != SECSuccess) @@ -2499,9 +2508,6 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_tls13_draft_version_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; diff --git a/security/nss/lib/ssl/ssl3gthr.c b/security/nss/lib/ssl/ssl3gthr.c index cd487c66..23b9755b 100644 --- a/security/nss/lib/ssl/ssl3gthr.c +++ b/security/nss/lib/ssl/ssl3gthr.c @@ -71,8 +71,8 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) break; } - PORT_Assert( nb <= gs->remainder ); - if (nb > gs->remainder) { + PORT_Assert( (unsigned int)nb <= gs->remainder ); + if ((unsigned int)nb > gs->remainder) { /* ssl_DefRecv is misbehaving! this error is fatal to SSL. */ gs->state = GS_INIT; /* so we don't crash next time */ rv = SECFailure; diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index 485d7dd3..a93bef12 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -217,32 +217,6 @@ typedef struct { } u; } SSL3ServerParams; -/* This enum reflects HashAlgorithm enum from - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 - * - * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ -enum { - tls_hash_md5 = 1, - tls_hash_sha1 = 2, - tls_hash_sha224 = 3, - tls_hash_sha256 = 4, - tls_hash_sha384 = 5, - tls_hash_sha512 = 6 -}; - -/* This enum reflects SignatureAlgorithm enum from - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -typedef enum { - tls_sig_rsa = 1, - tls_sig_dsa = 2, - tls_sig_ecdsa = 3 -} TLSSignatureAlgorithm; - -typedef struct { - SECOidTag hashAlg; - TLSSignatureAlgorithm sigAlg; -} SSL3SignatureAndHashAlgorithm; - /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS * prior to 1.2. */ typedef struct { @@ -251,11 +225,11 @@ typedef struct { } SSL3HashesIndividually; /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| - * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually + * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually * struct. */ typedef struct { unsigned int len; - SECOidTag hashAlg; + SSLHashType hashAlg; union { PRUint8 raw[64]; SSL3HashesIndividually s; diff --git a/security/nss/lib/ssl/sslauth.c b/security/nss/lib/ssl/sslauth.c index ed74d94c..b144336d 100644 --- a/security/nss/lib/ssl/sslauth.c +++ b/security/nss/lib/ssl/sslauth.c @@ -264,8 +264,7 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer) &certStatusArray->items[0], ss->pkcs11PinArg) != SECSuccess) { - PRErrorCode error = PR_GetError(); - PORT_Assert(error != 0); + PORT_Assert(PR_GetError() != 0); } } diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index 8c5a5ad3..ccd00260 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -22,20 +22,6 @@ static PRBool policyWasSet; -/* This ordered list is indexed by (SSL_CK_xx * 3) */ -/* Second and third bytes are MSB and LSB of master key length. */ -static const PRUint8 allCipherSuites[] = { - 0, 0, 0, - SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, - SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80, - SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80, - SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80, - SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0, - 0, 0, 0 -}; - #define ssl2_NUM_SUITES_IMPLEMENTED 6 /* This list is sent back to the client when the client-hello message @@ -851,7 +837,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) { PRUint8 * out; int rv; - int amount; + unsigned int amount; int count = 0; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -927,7 +913,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; PRUint8 macLen; int nout; - int buflen; + unsigned int buflen; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1031,7 +1017,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; /* of plaintext to go in record. */ unsigned int padding; /* add this many padding byte. */ int nout; /* ciphertext size after header. */ - int buflen; /* size of generated record. */ + unsigned int buflen; /* size of generated record. */ PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1555,7 +1541,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, unsigned int ddLen; /* length of RSA decrypted data in kbuf */ unsigned int keySize; unsigned int dkLen; /* decrypted key length in bytes */ - int modulusLen; + int modulusLen; SECStatus rv; PRUint16 allowed; /* cipher kinds enabled and allowed by policy */ PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES]; @@ -1617,11 +1603,11 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, } modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY); - if (modulusLen == -1) { + if (modulusLen < 0) { /* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */ modulusLen = ekLen; } - if (ekLen > modulusLen || ekLen + ckLen < keySize) { + if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) { SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!", SSL_GETPID(), ss->fd, ekLen)); PORT_SetError(SSL_ERROR_BAD_CLIENT); @@ -2495,7 +2481,6 @@ ssl2_HandleMessage(sslSocket *ss) PRUint8 * cid; unsigned len, certType, certLen, responseLen; int rv; - int rv2; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -2613,7 +2598,7 @@ ssl2_HandleMessage(sslSocket *ss) data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen, responseLen); if (rv) { - rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); + (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); SET_ERROR_CODE goto loser; } @@ -2741,7 +2726,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) PRUint8 * cs; PRUint8 * data; SECStatus rv; - int needed, sidHit, certLen, csLen, cidLen, certType, err; + unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -3669,12 +3654,14 @@ loser: */ #include "nss.h" -extern const char __nss_ssl_rcsid[]; -extern const char __nss_ssl_sccsid[]; +extern const char __nss_ssl_version[]; PRBool NSSSSL_VersionCheck(const char *importedVersion) { +#define NSS_VERSION_VARIABLE __nss_ssl_version +#include "verref.h" + /* * This is the secret handshake algorithm. * @@ -3684,9 +3671,6 @@ NSSSSL_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0]; return NSS_VersionCheck(importedVersion); } diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c index 09ce43f0..f69aed2d 100644 --- a/security/nss/lib/ssl/sslenum.c +++ b/security/nss/lib/ssl/sslenum.c @@ -66,14 +66,17 @@ const PRUint16 SSL_ImplementedCiphers[] = { #endif /* NSS_DISABLE_ECC */ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 12dbb1d8..4e905438 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -198,6 +198,13 @@ SSL_ERROR_NEXT_PROTOCOL_NO_PROTOCOL = (SSL_ERROR_BASE + 130), SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131), +SSL_ERROR_WEAK_SERVER_CERT_KEY = (SSL_ERROR_BASE + 132), + +SSL_ERROR_RX_SHORT_DTLS_READ = (SSL_ERROR_BASE + 133), + +SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134), +SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135), + SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index 896d05a1..e155a080 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file is PRIVATE to SSL and should be the first thing included by * any SSL implementation file. @@ -153,6 +154,15 @@ typedef enum { SSLAppOpRead = 0, #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ +/* The minimum server key sizes accepted by the clients. + * Not 1024 to be conservative. */ +#define SSL_RSA_MIN_MODULUS_BITS 1023 +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ +#define SSL_DH_MIN_P_BITS 1023 +#define SSL_DSA_MIN_P_BITS 1023 + #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ #define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ @@ -170,6 +180,7 @@ typedef struct ssl3CertNodeStr ssl3CertNode; typedef struct ssl3BulkCipherDefStr ssl3BulkCipherDef; typedef struct ssl3MACDefStr ssl3MACDef; typedef struct ssl3KeyPairStr ssl3KeyPair; +typedef struct ssl3DHParamsStr ssl3DHParams; struct ssl3CertNodeStr { struct ssl3CertNodeStr *next; @@ -289,13 +300,19 @@ typedef struct { } ssl3CipherSuiteCfg; #ifndef NSS_DISABLE_ECC -#define ssl_V3_SUITES_IMPLEMENTED 61 +#define ssl_V3_SUITES_IMPLEMENTED 64 #else -#define ssl_V3_SUITES_IMPLEMENTED 37 +#define ssl_V3_SUITES_IMPLEMENTED 40 #endif /* NSS_DISABLE_ECC */ #define MAX_DTLS_SRTP_CIPHER_SUITES 4 +/* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of + * SSLSignType and SSLHashType, but not all combinations (specifically, this + * doesn't allow space for combinations with MD5). */ +#define MAX_SIGNATURE_ALGORITHMS 15 + + typedef struct sslOptionsStr { /* If SSL_SetNextProtoNego has been called, then this contains the * list of supported protocols. */ @@ -328,6 +345,7 @@ typedef struct sslOptionsStr { unsigned int enableALPN : 1; /* 27 */ unsigned int reuseServerECDHEKey : 1; /* 28 */ unsigned int enableFallbackSCSV : 1; /* 29 */ + unsigned int enableServerDhe : 1; /* 30 */ } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -725,9 +743,15 @@ typedef struct { SSL3KeyExchangeAlgorithm kea; SSL3KEAType exchKeyType; SSL3SignType signKeyType; + /* For export cipher suites: + * is_limited identifies a suite as having a limit on the key size. + * key_size_limit provides the corresponding limit. */ PRBool is_limited; - int key_size_limit; + unsigned int key_size_limit; PRBool tls_keygen; + /* True if the key exchange for the suite is ephemeral. Or to be more + * precise: true if the ServerKeyExchange message is always required. */ + PRBool ephemeral; } ssl3KEADef; /* @@ -900,12 +924,14 @@ const ssl3CipherSuiteDef *suite_def; PRBool cacheSID; PRBool canFalseStart; /* Can/did we False Start */ + /* Which preliminaryinfo values have been set. */ + PRUint32 preliminaryInfo; /* clientSigAndHash contains the contents of the signature_algorithms * extension (if any) from the client. This is only valid for TLS 1.2 * or later. */ - SSL3SignatureAndHashAlgorithm *clientSigAndHash; - unsigned int numClientSigAndHash; + SSLSignatureAndHashAlg *clientSigAndHash; + unsigned int numClientSigAndHash; /* This group of values is used for DTLS */ PRUint16 sendMessageSeq; /* The sending message sequence @@ -982,9 +1008,17 @@ struct ssl3StateStr { PRUint16 dtlsSRTPCipherCount; PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */ PRBool fatalAlertSent; + PRUint16 numDHEGroups; /* used by server */ + SSLDHEGroupType * dheGroups; /* used by server */ + PRBool dheWeakGroupEnabled; /* used by server */ + + /* TLS 1.2 introduces separate signature algorithm negotiation. + * This is our preference order. */ + SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS]; + unsigned int signatureAlgorithmCount; }; -#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the +#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the * headers, so slightly larger than expected */ #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) @@ -1001,6 +1035,11 @@ struct ssl3KeyPairStr { PRInt32 refCount; /* use PR_Atomic calls for this. */ }; +struct ssl3DHParamsStr { + SECItem prime; /* p */ + SECItem base; /* g */ +}; + typedef struct SSLWrappedSymWrappingKeyStr { SSL3Opaque wrappedSymmetricWrappingkey[512]; CK_MECHANISM_TYPE symWrapMechanism; @@ -1209,6 +1248,9 @@ const unsigned char * preferredCipher; ssl3KeyPair * stepDownKeyPair; /* RSA step down keys */ + const ssl3DHParams *dheParams; /* DHE param */ + ssl3KeyPair * dheKeyPair; /* DHE keys */ + /* Callbacks */ SSLAuthCertificate authCertificate; void *authCertificateArg; @@ -1601,6 +1643,8 @@ int ssl3_GatherCompleteHandshake(sslSocket *ss, int flags); */ extern SECStatus ssl3_CreateRSAStepDownKeys(sslSocket *ss); +extern SECStatus ssl3_SelectDHParams(sslSocket *ss); + #ifndef NSS_DISABLE_ECC extern void ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss); extern PRBool ssl3_IsECCEnabled(sslSocket *ss); @@ -1701,11 +1745,11 @@ extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length, SECKEYPublicKey *srvrPubKey, SECKEYPrivateKey *srvrPrivKey); -extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss, - const SSL3SignatureAndHashAlgorithm *sigAndHash); +extern SECStatus ssl3_SendECDHServerKeyExchange( + sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); #endif -extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, +extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, PRUint8 * hashBuf, unsigned int bufLen, SSL3Hashes *hashes, PRBool bypassPKCS11); @@ -1719,21 +1763,22 @@ extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize); extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); -extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss, - const SSL3SignatureAndHashAlgorithm* sigAndHash); +extern SECStatus ssl3_AppendSignatureAndHashAlgorithm( + sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash); extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); -extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc); +extern PRBool ssl3_IsSupportedSignatureAlgorithm( + const SSLSignatureAndHashAlg *alg); extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( - const SSL3SignatureAndHashAlgorithm *sigAndHash, - CERTCertificate* cert); -extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, - SSL3Opaque **b, PRUint32 *length, - SSL3SignatureAndHashAlgorithm *out); + sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, + CERTCertificate* cert); +extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm( + sslSocket *ss, SSL3Opaque **b, PRUint32 *length, + SSLSignatureAndHashAlg *out); extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, PRBool isTLS); extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 00f2f380..d2df8c2e 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -85,6 +85,42 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) return SECSuccess; } +SECStatus +SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, + SSLPreliminaryChannelInfo *info, + PRUintn len) +{ + sslSocket *ss; + SSLPreliminaryChannelInfo inf; + + if (!info || len < sizeof inf.length) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo", + SSL_GETPID(), fd)); + return SECFailure; + } + + if (ss->version < SSL_LIBRARY_VERSION_3_0) { + PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); + return SECFailure; + } + + memset(&inf, 0, sizeof(inf)); + inf.length = PR_MIN(sizeof(inf), len); + + inf.valuesSet = ss->ssl3.hs.preliminaryInfo; + inf.protocolVersion = ss->version; + inf.cipherSuite = ss->ssl3.hs.cipher_suite; + + memcpy(info, &inf, inf.length); + return SECSuccess; +} + #define CS(x) x, #x #define CK(x) x | 0xff00, #x @@ -135,6 +171,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, {0,CS(TLS_DHE_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA), S_DSA, K_DHE, C_AES, B_256, M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256), S_DSA, K_DHE, C_AES, B_256, M_SHA256, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA256), S_RSA, K_RSA, C_AES, B_256, M_SHA256, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_AES_256_CBC_SHA), S_RSA, K_RSA, C_AES, B_256, M_SHA, 1, 0, 0, }, @@ -145,7 +182,9 @@ static const SSLCipherSuiteInfo suiteInfo[] = { {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_DHE_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256), S_DSA, K_DHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, }, {0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA), S_DSA, K_DHE, C_AES, B_128, M_SHA, 1, 0, 0, }, +{0,CS(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256), S_DSA, K_DHE, C_AES, B_128, M_SHA256, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_SEED_CBC_SHA), S_RSA, K_RSA, C_SEED,B_128, M_SHA, 1, 0, 0, }, {0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, }, {0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, }, @@ -244,12 +283,10 @@ SSL_DisableDefaultExportCipherSuites(void) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; - SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE)); } } return SECSuccess; @@ -265,12 +302,10 @@ SSL_DisableExportCipherSuites(PRFileDesc * fd) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; - SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE)); } } return SECSuccess; diff --git a/security/nss/lib/ssl/sslmutex.c b/security/nss/lib/ssl/sslmutex.c index ff636806..af683daf 100644 --- a/security/nss/lib/ssl/sslmutex.c +++ b/security/nss/lib/ssl/sslmutex.c @@ -504,7 +504,7 @@ sslMutex_Lock(sslMutex *pMutex) return SECSuccess; } -#elif defined(XP_UNIX) +#elif defined(XP_UNIX) && !defined(DARWIN) #include #include "unix_err.h" diff --git a/security/nss/lib/ssl/sslmutex.h b/security/nss/lib/ssl/sslmutex.h index b784baf6..d374a883 100644 --- a/security/nss/lib/ssl/sslmutex.h +++ b/security/nss/lib/ssl/sslmutex.h @@ -67,7 +67,8 @@ typedef struct { } sslMutex; typedef pid_t sslPID; -#elif defined(XP_UNIX) /* other types of Unix */ +/* other types of unix, except OS X */ +#elif defined(XP_UNIX) && !defined(DARWIN) #include /* for pid_t */ #include /* for sem_t, and sem_* functions */ @@ -83,7 +84,7 @@ typedef struct typedef pid_t sslPID; -#else +#else /* no support for cross-process locking */ /* what platform is this ?? */ @@ -95,7 +96,11 @@ typedef struct { } u; } sslMutex; +#ifdef DARWIN +typedef pid_t sslPID; +#else typedef int sslPID; +#endif #endif diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h index e02442c0..2db47a53 100644 --- a/security/nss/lib/ssl/sslproto.h +++ b/security/nss/lib/ssl/sslproto.h @@ -177,6 +177,7 @@ #define TLS_RSA_WITH_AES_128_CBC_SHA256 0x003C #define TLS_RSA_WITH_AES_256_CBC_SHA256 0x003D +#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 0x0040 #define TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0041 #define TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x0042 #define TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x0043 @@ -191,6 +192,7 @@ #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x0065 #define TLS_DHE_DSS_WITH_RC4_128_SHA 0x0066 #define TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x0067 +#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 0x006A #define TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x006B #define TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0x0084 diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index ea2d4080..53b48858 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -138,6 +138,9 @@ ssl_FinishHandshake(sslSocket *ss) ss->gs.readOffset = 0; if (ss->handshakeCallback) { + PORT_Assert(ss->version < SSL_LIBRARY_VERSION_3_0 || + (ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == + ssl_preinfo_all); (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); } } @@ -654,6 +657,16 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) SSL_GETPID(), ss->fd, available)); } + if (IS_DTLS(ss) && (len < available)) { + /* DTLS does not allow you to do partial reads */ + SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d", + SSL_GETPID(), ss->fd, len, available)); + ss->gs.readOffset += available; + PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ); + rv = SECFailure; + goto done; + } + /* Dole out clear data to reader */ amount = PR_MIN(len, available); PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount); @@ -693,6 +706,7 @@ NSS_FindCertKEAType(CERTCertificate * cert) case SEC_OID_PKCS1_RSA_ENCRYPTION: keaType = kt_rsa; break; + case SEC_OID_ANSIX9_DSA_SIGNATURE: /* hah, signature, not a key? */ case SEC_OID_X942_DIFFIE_HELMAN_KEY: keaType = kt_dh; break; @@ -789,6 +803,11 @@ ssl_ConfigSecureServer(sslSocket *ss, CERTCertificate *cert, goto loser; } } + if (kea == ssl_kea_dh || kea == ssl_kea_rsa) { + if (ssl3_SelectDHParams(ss) != SECSuccess) { + goto loser; + } + } return SECSuccess; loser: @@ -1177,11 +1196,8 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow) int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags) { - sslSecurityInfo *sec; int rv = 0; - sec = &ss->sec; - if (ss->shutdownHow & ssl_SHUTDOWN_RCV) { PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); return PR_FAILURE; diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index 4d9ef380..3a80d060 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -1027,6 +1027,10 @@ CloseCache(cacheDesc *cache) memset(cache, 0, sizeof *cache); } +#ifdef __GNUC__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif static SECStatus InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, int maxSrvNameCacheEntries, PRUint32 ssl2_timeout, @@ -1266,6 +1270,9 @@ loser: CloseCache(cache); return SECFailure; } +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif PRUint32 SSL_GetMaxServerCacheLocks(void) diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index 90bc4572..e3521516 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -18,6 +18,7 @@ #include "blapi.h" #endif #include "nss.h" +#include "pk11pqg.h" #define SET_ERROR_CODE /* reminder */ @@ -82,7 +83,8 @@ static sslOptions ssl_defaults = { PR_TRUE, /* enableNPN */ PR_FALSE, /* enableALPN */ PR_TRUE, /* reuseServerECDHEKey */ - PR_FALSE /* enableFallbackSCSV */ + PR_FALSE, /* enableFallbackSCSV */ + PR_TRUE, /* enableServerDhe */ }; /* @@ -224,6 +226,24 @@ ssl_DupSocket(sslSocket *os) PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; + PORT_Memcpy(ss->ssl3.signatureAlgorithms, os->ssl3.signatureAlgorithms, + sizeof(ss->ssl3.signatureAlgorithms[0]) * + os->ssl3.signatureAlgorithmCount); + ss->ssl3.signatureAlgorithmCount = os->ssl3.signatureAlgorithmCount; + + ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled; + ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups; + if (os->ssl3.dheGroups) { + ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, + os->ssl3.numDHEGroups); + if (!ss->ssl3.dheGroups) { + goto loser; + } + PORT_Memcpy(ss->ssl3.dheGroups, os->ssl3.dheGroups, + sizeof(SSLDHEGroupType) * os->ssl3.numDHEGroups); + } else { + ss->ssl3.dheGroups = NULL; + } if (os->cipherSpecs) { ss->cipherSpecs = (unsigned char*)PORT_Alloc(os->sizeCipherSpecs); @@ -267,6 +287,10 @@ ssl_DupSocket(sslSocket *os) ssl3_GetKeyPairRef(os->stepDownKeyPair); ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL : ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair); + ss->dheKeyPair = !os->dheKeyPair ? NULL : + ssl3_GetKeyPairRef(os->dheKeyPair); + ss->dheParams = os->dheParams; + /* * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL. * XXX We should detect this, and not just march on with NULL pointers. @@ -384,8 +408,11 @@ ssl_DestroySocketContents(sslSocket *ss) ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair); ss->ephemeralECDHKeyPair = NULL; } + if (ss->dheKeyPair) { + ssl3_FreeKeyPair(ss->dheKeyPair); + ss->dheKeyPair = NULL; + } SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); - PORT_Assert(!ss->xtnData.sniNameArr); if (ss->xtnData.sniNameArr) { PORT_Free(ss->xtnData.sniNameArr); ss->xtnData.sniNameArr = NULL; @@ -794,6 +821,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) ss->opt.enableFallbackSCSV = on; break; + case SSL_ENABLE_SERVER_DHE: + ss->opt.enableServerDhe = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -869,6 +900,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) case SSL_REUSE_SERVER_ECDHE_KEY: on = ss->opt.reuseServerECDHEKey; break; case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; + case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -938,6 +970,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_ENABLE_FALLBACK_SCSV: on = ssl_defaults.enableFallbackSCSV; break; + case SSL_ENABLE_SERVER_DHE: + on = ssl_defaults.enableServerDhe; + break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -1121,6 +1156,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) ssl_defaults.enableFallbackSCSV = on; break; + case SSL_ENABLE_SERVER_DHE: + ssl_defaults.enableServerDhe = on; + break; + default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -1339,7 +1378,204 @@ NSS_SetFrancePolicy(void) return NSS_SetDomesticPolicy(); } +SECStatus +SSL_DHEGroupPrefSet(PRFileDesc *fd, + SSLDHEGroupType *groups, + PRUint16 num_groups) +{ + sslSocket *ss; + if ((num_groups && !groups) || (!num_groups && groups)) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd)); + return SECFailure; + } + + if (ss->ssl3.dheGroups) { + PORT_Free(ss->ssl3.dheGroups); + ss->ssl3.dheGroups = NULL; + ss->ssl3.numDHEGroups = 0; + } + + if (groups) { + ss->ssl3.dheGroups = PORT_NewArray(SSLDHEGroupType, num_groups); + if (!ss->ssl3.dheGroups) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return SECFailure; + } + PORT_Memcpy(ss->ssl3.dheGroups, groups, + sizeof(SSLDHEGroupType) * num_groups); + } + return SECSuccess; +} + + +PRCallOnceType gWeakDHParamsRegisterOnce; +int gWeakDHParamsRegisterError; + +PRCallOnceType gWeakDHParamsOnce; +int gWeakDHParamsError; +/* As our code allocates type PQGParams, we'll keep it around, + * even though we only make use of it's parameters through gWeakDHParam. */ +static PQGParams *gWeakParamsPQG; +static ssl3DHParams *gWeakDHParams; + +static PRStatus +ssl3_CreateWeakDHParams(void) +{ + PQGVerify *vfy; + SECStatus rv, passed; + + PORT_Assert(!gWeakDHParams && !gWeakParamsPQG); + + rv = PK11_PQG_ParamGenV2(1024, 160, 64 /*maximum seed that will work*/, + &gWeakParamsPQG, &vfy); + if (rv != SECSuccess) { + gWeakDHParamsError = PORT_GetError(); + return PR_FAILURE; + } + + rv = PK11_PQG_VerifyParams(gWeakParamsPQG, vfy, &passed); + if (rv != SECSuccess || passed != SECSuccess) { + SSL_DBG(("%d: PK11_PQG_VerifyParams failed in ssl3_CreateWeakDHParams", + SSL_GETPID())); + gWeakDHParamsError = PORT_GetError(); + return PR_FAILURE; + } + + gWeakDHParams = PORT_ArenaNew(gWeakParamsPQG->arena, ssl3DHParams); + if (!gWeakDHParams) { + gWeakDHParamsError = PORT_GetError(); + return PR_FAILURE; + } + + gWeakDHParams->prime.data = gWeakParamsPQG->prime.data; + gWeakDHParams->prime.len = gWeakParamsPQG->prime.len; + gWeakDHParams->base.data = gWeakParamsPQG->base.data; + gWeakDHParams->base.len = gWeakParamsPQG->base.len; + + PK11_PQG_DestroyVerify(vfy); + return PR_SUCCESS; +} + +static SECStatus +ssl3_WeakDHParamsShutdown(void *appData, void *nssData) +{ + if (gWeakParamsPQG) { + PK11_PQG_DestroyParams(gWeakParamsPQG); + gWeakParamsPQG = NULL; + gWeakDHParams = NULL; + } + return SECSuccess; +} + +static PRStatus +ssl3_WeakDHParamsRegisterShutdown(void) +{ + SECStatus rv; + rv = NSS_RegisterShutdown(ssl3_WeakDHParamsShutdown, NULL); + if (rv != SECSuccess) { + gWeakDHParamsRegisterError = PORT_GetError(); + } + return (PRStatus)rv; +} + +/* global init strategy inspired by ssl3_CreateECDHEphemeralKeys */ +SECStatus +SSL_EnableWeakDHEPrimeGroup(PRFileDesc *fd, PRBool enabled) +{ + sslSocket *ss; + PRStatus status; + + if (enabled) { + status = PR_CallOnce(&gWeakDHParamsRegisterOnce, + ssl3_WeakDHParamsRegisterShutdown); + if (status != PR_SUCCESS) { + PORT_SetError(gWeakDHParamsRegisterError); + return SECFailure; + } + + status = PR_CallOnce(&gWeakDHParamsOnce, ssl3_CreateWeakDHParams); + if (status != PR_SUCCESS) { + PORT_SetError(gWeakDHParamsError); + return SECFailure; + } + } + + if (!fd) + return SECSuccess; + + ss = ssl_FindSocket(fd); + if (!ss) { + SSL_DBG(("%d: SSL[%d]: bad socket in SSL_DHEGroupPrefSet", SSL_GETPID(), fd)); + return SECFailure; + } + + ss->ssl3.dheWeakGroupEnabled = enabled; + return SECSuccess; +} + +#include "dhe-param.c" + +static const SSLDHEGroupType ssl_default_dhe_groups[] = { + ssl_ff_dhe_2048_group +}; + +/* Keep this array synchronized with the index definitions in SSLDHEGroupType */ +static const ssl3DHParams *all_ssl3DHParams[] = { + NULL, /* ssl_dhe_group_none */ + &ff_dhe_2048, + &ff_dhe_3072, + &ff_dhe_4096, + &ff_dhe_6144, + &ff_dhe_8192, +}; + +static SSLDHEGroupType +selectDHEGroup(sslSocket *ss, const SSLDHEGroupType *groups, PRUint16 num_groups) +{ + if (!groups || !num_groups) + return ssl_dhe_group_none; + + /* We don't have automatic group parameter selection yet + * (potentially) based on socket parameters, e.g. key sizes. + * For now, we return the first available group from the allowed list. */ + return groups[0]; +} + +/* Ensure DH parameters have been selected */ +SECStatus +ssl3_SelectDHParams(sslSocket *ss) +{ + SSLDHEGroupType selectedGroup = ssl_dhe_group_none; + + if (ss->ssl3.dheWeakGroupEnabled) { + ss->dheParams = gWeakDHParams; + } else { + if (ss->ssl3.dheGroups) { + selectedGroup = selectDHEGroup(ss, ss->ssl3.dheGroups, + ss->ssl3.numDHEGroups); + } else { + size_t number_of_default_groups = PR_ARRAY_SIZE(ssl_default_dhe_groups); + selectedGroup = selectDHEGroup(ss, ssl_default_dhe_groups, + number_of_default_groups); + } + + if (selectedGroup == ssl_dhe_group_none || + selectedGroup >= ssl_dhe_group_max) { + return SECFailure; + } + + ss->dheParams = all_ssl3DHParams[selectedGroup]; + } + + return SECSuccess; +} /* LOCKS ??? XXX */ static PRFileDesc * @@ -1637,6 +1873,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers, sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount); ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount; + PORT_Memcpy(ss->ssl3.signatureAlgorithms, sm->ssl3.signatureAlgorithms, + sizeof(ss->ssl3.signatureAlgorithms[0]) * + sm->ssl3.signatureAlgorithmCount); + ss->ssl3.signatureAlgorithmCount = sm->ssl3.signatureAlgorithmCount; if (!ss->opt.useSecurity) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -2966,6 +3206,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant) ss->certStatusArray[i] = NULL; } ss->stepDownKeyPair = NULL; + + ss->dheParams = NULL; + ss->dheKeyPair = NULL; + ss->dbHandle = CERT_GetDefaultCertDB(); /* Provide default implementation of hooks */ diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index 1d28feb1..f9d83c85 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -1,3 +1,4 @@ +/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file contains prototypes for the public SSL functions. * @@ -55,13 +56,35 @@ typedef enum { #define kt_ecdh ssl_kea_ecdh #define kt_kea_size ssl_kea_size + +/* Values of this enum match the SignatureAlgorithm enum from + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ typedef enum { - ssl_sign_null = 0, + ssl_sign_null = 0, /* "anonymous" in TLS */ ssl_sign_rsa = 1, ssl_sign_dsa = 2, ssl_sign_ecdsa = 3 } SSLSignType; +/* Values of this enum match the HashAlgorithm enum from + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ +typedef enum { + /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5 + * and SHA1. The other values are only used in TLS 1.2. */ + ssl_hash_none = 0, + ssl_hash_md5 = 1, + ssl_hash_sha1 = 2, + ssl_hash_sha224 = 3, + ssl_hash_sha256 = 4, + ssl_hash_sha384 = 5, + ssl_hash_sha512 = 6 +} SSLHashType; + +typedef struct SSLSignatureAndHashAlgStr { + SSLHashType hashAlg; + SSLSignType sigAlg; +} SSLSignatureAndHashAlg; + typedef enum { ssl_auth_null = 0, ssl_auth_rsa = 1, @@ -124,6 +147,23 @@ typedef struct SSLChannelInfoStr { SSLCompressionMethod compressionMethod; } SSLChannelInfo; +/* Preliminary channel info */ +#define ssl_preinfo_version (1U << 0) +#define ssl_preinfo_cipher_suite (1U << 1) +#define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite) + +typedef struct SSLPreliminaryChannelInfoStr { + /* This is set to the length of the struct. */ + PRUint32 length; + /* A bitfield over SSLPreliminaryValueSet that describes which + * preliminary values are set (see ssl_preinfo_*). */ + PRUint32 valuesSet; + /* Protocol version: test (valuesSet & ssl_preinfo_version) */ + PRUint16 protocolVersion; + /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */ + PRUint16 cipherSuite; +} SSLPreliminaryChannelInfo; + typedef struct SSLCipherSuiteInfoStr { PRUint16 length; PRUint16 cipherSuite; @@ -197,4 +237,14 @@ typedef enum { #define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ +typedef enum { + ssl_dhe_group_none = 0, + ssl_ff_dhe_2048_group = 1, + ssl_ff_dhe_3072_group = 2, + ssl_ff_dhe_4096_group = 3, + ssl_ff_dhe_6144_group = 4, + ssl_ff_dhe_8192_group = 5, + ssl_dhe_group_max +} SSLDHEGroupType; + #endif /* __sslt_h_ */ diff --git a/security/nss/lib/ssl/sslver.c b/security/nss/lib/ssl/sslver.c index 35e0317e..666e2592 100644 --- a/security/nss/lib/ssl/sslver.c +++ b/security/nss/lib/ssl/sslver.c @@ -13,12 +13,6 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_ssl_rcsid[] = "$Header: NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_ssl_sccsid[] = "@(#)NSS " NSS_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_ssl_version[] = "Version: NSS " NSS_VERSION _DEBUG_STRING; diff --git a/security/nss/lib/util/derdec.c b/security/nss/lib/util/derdec.c index c6219148..2c17ce93 100644 --- a/security/nss/lib/util/derdec.c +++ b/security/nss/lib/util/derdec.c @@ -175,7 +175,7 @@ der_capture(unsigned char *buf, unsigned char *end, return SECFailure; } - *header_len_p = bp - buf; + *header_len_p = (int)(bp - buf); *contents_len_p = contents_len; return SECSuccess; diff --git a/security/nss/lib/util/derenc.c b/security/nss/lib/util/derenc.c index 90a9d2df..4a02e1a7 100644 --- a/security/nss/lib/util/derenc.c +++ b/security/nss/lib/util/derenc.c @@ -279,7 +279,7 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) int header_len; PRUint32 contents_len; unsigned long encode_kind, under_kind; - PRBool explicit, optional, universal; + PRBool explicit, universal; /* @@ -301,7 +301,6 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) encode_kind = dtemplate->kind; explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE; - optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE; encode_kind &= ~DER_OPTIONAL; universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL) ? PR_TRUE : PR_FALSE; diff --git a/security/nss/lib/util/manifest.mn b/security/nss/lib/util/manifest.mn index 9ff3758f..36c2d1df 100644 --- a/security/nss/lib/util/manifest.mn +++ b/security/nss/lib/util/manifest.mn @@ -43,6 +43,7 @@ EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ + verref.h \ templates.c \ $(NULL) diff --git a/security/nss/lib/util/nssb64e.c b/security/nss/lib/util/nssb64e.c index da0702c0..5959982b 100644 --- a/security/nss/lib/util/nssb64e.c +++ b/security/nss/lib/util/nssb64e.c @@ -632,7 +632,7 @@ NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt, { char *out_string = outStrOpt; PRUint32 max_out_len; - PRUint32 out_len; + PRUint32 out_len = 0; void *mark = NULL; char *dummy; diff --git a/security/nss/lib/util/nssrwlk.c b/security/nss/lib/util/nssrwlk.c index 65fceda2..fbbfbd6e 100644 --- a/security/nss/lib/util/nssrwlk.c +++ b/security/nss/lib/util/nssrwlk.c @@ -91,7 +91,7 @@ NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) goto loser; } if (lock_name != NULL) { - rwlock->rw_name = (char*) PR_Malloc(strlen(lock_name) + 1); + rwlock->rw_name = (char*) PR_Malloc((PRUint32)strlen(lock_name) + 1); if (rwlock->rw_name == NULL) { goto loser; } diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index effeaacc..df476920 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,9 +19,9 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.18.0.1" +#define NSSUTIL_VERSION "3.20.0.1" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 18 +#define NSSUTIL_VMINOR 20 #define NSSUTIL_VPATCH 0 #define NSSUTIL_VBUILD 1 #define NSSUTIL_BETA PR_FALSE diff --git a/security/nss/lib/util/pkcs11t.h b/security/nss/lib/util/pkcs11t.h index b0034616..23931413 100644 --- a/security/nss/lib/util/pkcs11t.h +++ b/security/nss/lib/util/pkcs11t.h @@ -824,6 +824,14 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 +/* TLS 1.2 mechanisms are new for v2.40 */ +#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0 +#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1 +#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2 +#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3 +#define CKM_TLS_MAC 0x000003E4 +#define CKM_TLS_KDF 0x000003E5 + #define CKM_KEY_WRAP_LYNKS 0x00000400 #define CKM_KEY_WRAP_SET_OAEP 0x00000401 @@ -1648,6 +1656,45 @@ typedef struct CK_TLS_PRF_PARAMS { typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; +/* TLS 1.2 is new for version 2.40 */ +typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION_PTR pVersion; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; + +typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ + CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_TLS12_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */ + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_KEY_MAT_PARAMS; + +typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; + +typedef struct CK_TLS_KDF_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLength; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_BYTE_PTR pContextData; + CK_ULONG ulContextDataLength; +} CK_TLS_KDF_PARAMS; + +typedef struct CK_TLS_MAC_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_ULONG ulMacLength; + CK_ULONG ulServerOrClient; +} CK_TLS_MAC_PARAMS; + +typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; + /* WTLS is new for version 2.20 */ typedef struct CK_WTLS_RANDOM_DATA { CK_BYTE_PTR pClientRandom; diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c index f9776bb9..fe72b293 100644 --- a/security/nss/lib/util/quickder.c +++ b/security/nss/lib/util/quickder.c @@ -146,7 +146,7 @@ static SECStatus GetItem(SECItem* src, SECItem* dest, PRBool includeTag) PORT_SetError(SEC_ERROR_BAD_DER); return SECFailure; } - src->len -= (dest->data - src->data) + dest->len; + src->len -= (int)(dest->data - src->data) + dest->len; src->data = dest->data + dest->len; return SECSuccess; } @@ -270,13 +270,9 @@ static SECStatus MatchComponentType(const SEC_ASN1Template* templateEntry, if ( (tag & SEC_ASN1_CLASS_MASK) != (((unsigned char)kind) & SEC_ASN1_CLASS_MASK) ) { -#ifdef DEBUG /* this is only to help debugging of the decoder in case of problems */ - unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; - unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; - tagclass = tagclass; - expectedclass = expectedclass; -#endif + /* unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; */ + /* unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; */ *match = PR_FALSE; return SECSuccess; } @@ -657,13 +653,12 @@ static SECStatus DecodeItem(void* dest, { SECStatus rv = SECSuccess; SECItem temp; - SECItem mark; + SECItem mark = {siBuffer, NULL, 0}; PRBool pop = PR_FALSE; PRBool decode = PR_TRUE; PRBool save = PR_FALSE; unsigned long kind; PRBool match = PR_TRUE; - PRBool optional = PR_FALSE; PR_ASSERT(src && dest && templateEntry && arena); #if 0 @@ -678,7 +673,6 @@ static SECStatus DecodeItem(void* dest, { /* do the template validation */ kind = templateEntry->kind; - optional = (0 != (kind & SEC_ASN1_OPTIONAL)); if (!kind) { PORT_SetError(SEC_ERROR_BAD_TEMPLATE); diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 5b1714a3..0414c47e 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -20,15 +20,9 @@ #endif /* - * Version information for the 'ident' and 'what commands - * - * NOTE: the first component of the concatenated rcsid string - * must not end in a '$' to prevent rcs keyword substitution. + * Version information */ -const char __nss_util_rcsid[] = "$Header: NSS " NSSUTIL_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__ " $"; -const char __nss_util_sccsid[] = "@(#)NSS " NSSUTIL_VERSION _DEBUG_STRING - " " __DATE__ " " __TIME__; +const char __nss_util_version[] = "Version: NSS " NSSUTIL_VERSION _DEBUG_STRING; /* MISSI Mosaic Object ID space */ /* USGov algorithm OID space: { 2 16 840 1 101 } */ @@ -492,9 +486,6 @@ CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4}; -CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2}; -CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3}; -CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4}; CONST_OID sha256[] = { SHAXXX, 1 }; CONST_OID sha384[] = { SHAXXX, 2 }; @@ -1878,7 +1869,7 @@ static PLHashTable *oidmechhash = NULL; static PLHashNumber secoid_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } static void @@ -1919,9 +1910,9 @@ SECOID_Init(void) const SECOidData *oid; int i; char * envVal; - volatile char c; /* force a reference that won't get optimized away */ - c = __nss_util_rcsid[0] + __nss_util_sccsid[0]; +#define NSS_VERSION_VARIABLE __nss_util_version +#include "verref.h" if (oidhash) { return SECSuccess; /* already initialized */ diff --git a/security/nss/lib/util/secport.c b/security/nss/lib/util/secport.c index 106399d2..723d89b3 100644 --- a/security/nss/lib/util/secport.c +++ b/security/nss/lib/util/secport.c @@ -466,7 +466,7 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) PZ_Lock(pool->lock); #ifdef THREADMARK { - threadmark_mark **pw, *tm; + threadmark_mark **pw; if (PR_GetCurrentThread() != pool->marking_thread ) { PZ_Unlock(pool->lock); @@ -488,7 +488,6 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) return /* no error indication available */ ; } - tm = *pw; *pw = (threadmark_mark *)NULL; if (zero) { @@ -536,7 +535,7 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) #ifdef THREADMARK PORTArenaPool *pool = (PORTArenaPool *)arena; if (ARENAPOOL_MAGIC == pool->magic ) { - threadmark_mark **pw, *tm; + threadmark_mark **pw; PZ_Lock(pool->lock); @@ -560,7 +559,6 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) return /* no error indication available */ ; } - tm = *pw; *pw = (threadmark_mark *)NULL; if (! pool->first_mark ) { diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h index 5b09b9cb..1b8f4616 100644 --- a/security/nss/lib/util/secport.h +++ b/security/nss/lib/util/secport.h @@ -87,6 +87,13 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); SEC_END_PROTOS #define PORT_Assert PR_ASSERT +/* This runs a function that should return SECSuccess. */ +/* The value is asserted in a debug build, otherwise it is ignored. */ +#ifdef DEBUG +#define PORT_CheckSuccess(f) PR_ASSERT((f) == SECSuccess) +#else +#define PORT_CheckSuccess(f) (f) +#endif #define PORT_ZNew(type) (type*)PORT_ZAlloc(sizeof(type)) #define PORT_New(type) (type*)PORT_Alloc(sizeof(type)) #define PORT_ArenaNew(poolp, type) \ diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c index 0f5970f1..50e6c839 100644 --- a/security/nss/lib/util/utilmod.c +++ b/security/nss/lib/util/utilmod.c @@ -480,7 +480,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName, char *block = NULL; char *name = NULL; char *lib = NULL; - int name_len, lib_len; + int name_len, lib_len = 0; PRBool skip = PR_FALSE; PRBool found = PR_FALSE; diff --git a/security/nss/lib/util/verref.h b/security/nss/lib/util/verref.h new file mode 100644 index 00000000..2d141bb5 --- /dev/null +++ b/security/nss/lib/util/verref.h @@ -0,0 +1,40 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This header is used inline in a function to ensure that a version string + * symbol is linked in and not optimized out. A volatile reference is added to + * the variable identified by NSS_VERSION_VARIABLE. + * + * Use this as follows: + * + * #define NSS_VERSION_VARIABLE __nss_ssl_version + * #include "verref.h" + */ + +/* Suppress unused variable warnings. */ +#ifdef _MSC_VER +#pragma warning(push) +#pragma warning(disable: 4101) +#endif +/* This works for both gcc and clang */ +#if defined(__GNUC__) && !defined(NSS_NO_GCC48) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-variable" +#endif + +#ifndef NSS_VERSION_VARIABLE +#error NSS_VERSION_VARIABLE must be set before including "verref.h" +#endif +{ + extern const char NSS_VERSION_VARIABLE[]; + volatile const char _nss_version_c = NSS_VERSION_VARIABLE[0]; +} +#undef NSS_VERSION_VARIABLE + +#ifdef _MSC_VER +#pragma warning(pop) +#endif +#if defined(__GNUC__) && !defined(NSS_NO_GCC48) +#pragma GCC diagnostic pop +#endif diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh index 1a23c19c..e77a353f 100644 --- a/security/nss/tests/cert/cert.sh +++ b/security/nss/tests/cert/cert.sh @@ -292,6 +292,14 @@ cert_create_cert() return $RET fi + CU_ACTION="Import DSA Root CA for $CERTNAME" + certu -A -n "TestCA-dsa" -t "TC,TC,TC" -f "${R_PWFILE}" \ + -d "${PROFILEDIR}" -i "${R_CADIR}/TestCA-dsa.ca.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Import EC Root CA for $CERTNAME" certu -A -n "TestCA-ec" -t "TC,TC,TC" -f "${R_PWFILE}" \ @@ -337,6 +345,60 @@ cert_add_cert() cert_log "SUCCESS: $CERTNAME's Cert Created" +# +# Generate and add DSA cert +# + CU_ACTION="Generate DSA Cert Request for $CERTNAME" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Sign ${CERTNAME}'s DSA Request" + certu -C -c "TestCA-dsa" -m "$CERTSERIAL" -v 60 -d "${P_R_CADIR}" \ + -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" "$1" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Import $CERTNAME's DSA Cert" + certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + cert_log "SUCCESS: $CERTNAME's DSA Cert Created" + +# Generate DSA certificate signed with RSA + CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -k dsa -d "${PROFILEDIR}" -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Sign ${CERTNAME}'s DSA Request with RSA" +# Avoid conflicting serial numbers with TestCA issuer by keeping +# this set far away. A smaller number risks colliding with the +# extended ssl user certificates. + NEWSERIAL=`expr ${CERTSERIAL} + 20000` + certu -C -c "TestCA" -m "$NEWSERIAL" -v 60 -d "${P_R_CADIR}" \ + -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" "$1" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + + CU_ACTION="Import $CERTNAME's mixed DSA Cert" + certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 + if [ "$RET" -ne 0 ]; then + return $RET + fi + cert_log "SUCCESS: $CERTNAME's mixed DSA Cert Created" + # # Generate and add EC cert # @@ -430,6 +492,34 @@ cert_all_CA() # root.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last # in the chain + +# +# Create DSA version of TestCA + ALL_CU_SUBJECT="CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US" + cert_dsa_CA $CADIR TestCA-dsa -x "CTu,CTu,CTu" ${D_CA} "1" +# +# Create DSA versions of the intermediate CA certs + ALL_CU_SUBJECT="CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $SERVER_CADIR serverCA-dsa -x "Cu,Cu,Cu" ${D_SERVER_CA} "2" + ALL_CU_SUBJECT="CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $SERVER_CADIR chain-1-serverCA-dsa "-c serverCA-dsa" "u,u,u" ${D_SERVER_CA} "3" + ALL_CU_SUBJECT="CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $SERVER_CADIR chain-2-serverCA-dsa "-c chain-1-serverCA-dsa" "u,u,u" ${D_SERVER_CA} "4" + + ALL_CU_SUBJECT="CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $CLIENT_CADIR clientCA-dsa -x "Tu,Cu,Cu" ${D_CLIENT_CA} "5" + ALL_CU_SUBJECT="CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $CLIENT_CADIR chain-1-clientCA-dsa "-c clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "6" + ALL_CU_SUBJECT="CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" + cert_dsa_CA $CLIENT_CADIR chain-2-clientCA-dsa "-c chain-1-clientCA-dsa" "u,u,u" ${D_CLIENT_CA} "7" + + rm $CLIENT_CADIR/dsaroot.cert $SERVER_CADIR/dsaroot.cert +# dsaroot.cert in $CLIENT_CADIR and in $SERVER_CADIR is one of the last +# in the chain + + + + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Create EC version of TestCA @@ -540,6 +630,76 @@ CERTSCRIPT cp root.cert ${NICKNAME}.ca.cert } + + + + +################################ cert_dsa_CA ############################# +# local shell function to build the Temp. Certificate Authority (CA) +# used for testing purposes, creating a CA Certificate and a root cert +# This is the ECC version of cert_CA. +########################################################################## +cert_dsa_CA() +{ + CUR_CADIR=$1 + NICKNAME=$2 + SIGNER=$3 + TRUSTARG=$4 + DOMAIN=$5 + CERTSERIAL=$6 + + echo "$SCRIPTNAME: Creating an DSA CA Certificate $NICKNAME ==========================" + + if [ ! -d "${CUR_CADIR}" ]; then + mkdir -p "${CUR_CADIR}" + fi + cd ${CUR_CADIR} + pwd + + LPROFILE=. + if [ -n "${MULTIACCESS_DBM}" ]; then + LPROFILE="multiaccess:${DOMAIN}" + fi + + ################# Creating an DSA CA Cert ############################### + # + CU_ACTION="Creating DSA CA Cert $NICKNAME " + CU_SUBJECT=$ALL_CU_SUBJECT + certu -S -n $NICKNAME -k dsa -t $TRUSTARG -v 600 $SIGNER \ + -d ${LPROFILE} -1 -2 -5 -f ${R_PWFILE} -z ${R_NOISE_FILE} \ + -m $CERTSERIAL 2>&1 <&1 +# +# Repeat the above for DSA certs +# + CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + + CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)" + cp ${CERTDIR}/req ${SERVER_CADIR} + certu -C -c "chain-2-serverCA-dsa" -m 200 -v 60 -d "${P_SERVER_CADIR}" \ + -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1 + + CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)" + certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 + + CU_ACTION="Import Client DSA Root CA -t T,, for $CERTNAME (ext.)" + certu -A -n "clientCA-dsa" -t "T,," -f "${R_PWFILE}" -d "${PROFILEDIR}" \ + -i "${CLIENT_CADIR}/clientCA-dsa.ca.cert" 2>&1 +# +# done with DSA certs +# +# Repeat again for mixed DSA certs +# + CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + + CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)" + cp ${CERTDIR}/req ${SERVER_CADIR} + certu -C -c "chain-2-serverCA" -m 202 -v 60 -d "${P_SERVER_CADIR}" \ + -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1 + + CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)" + certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 + +# CU_ACTION="Import Client mixed DSA Root CA -t T,, for $CERTNAME (ext.)" +# certu -A -n "clientCA-dsamixed" -t "T,," -f "${R_PWFILE}" \ +# -d "${PROFILEDIR}" -i "${CLIENT_CADIR}/clientCA-dsamixed.ca.cert" \ +# 2>&1 + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs @@ -794,7 +998,7 @@ cert_extended_ssl() for CA in `find ${SERVER_CADIR} -name "?*.ca.cert"` ; do N=`basename $CA | sed -e "s/.ca.cert//"` - if [ $N = "serverCA" -o $N = "serverCA-ec" ] ; then + if [ $N = "serverCA" -o $N = "serverCA-ec" -o $N = "serverCA-dsa" ] ; then T="-t C,C,C" else T="-t u,u,u" @@ -830,6 +1034,53 @@ cert_extended_ssl() certu -A -n "serverCA" -t "C,C,C" -f "${R_PWFILE}" -d "${PROFILEDIR}" \ -i "${SERVER_CADIR}/serverCA.ca.cert" 2>&1 +# +# Repeat the above for DSA certs +# + CU_ACTION="Generate DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + + CU_ACTION="Sign ${CERTNAME}'s DSA Request (ext)" + cp ${CERTDIR}/req ${CLIENT_CADIR} + certu -C -c "chain-2-clientCA-dsa" -m 300 -v 60 -d "${P_CLIENT_CADIR}" \ + -i req -o "${CERTNAME}-dsa.cert" -f "${R_PWFILE}" 2>&1 + + CU_ACTION="Import $CERTNAME's DSA Cert -t u,u,u (ext)" + certu -A -n "${CERTNAME}-dsa" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsa.cert" 2>&1 + + CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)" + certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \ + -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1 +# +# done with DSA certs +# +# +# Repeat the above for mixed DSA certs +# + CU_ACTION="Generate mixed DSA Cert Request for $CERTNAME (ext)" + CU_SUBJECT="CN=$CERTNAME, E=${CERTNAME}-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" + certu -R -d "${PROFILEDIR}" -k dsa -f "${R_PWFILE}" \ + -z "${R_NOISE_FILE}" -o req 2>&1 + + CU_ACTION="Sign ${CERTNAME}'s mixed DSA Request (ext)" + cp ${CERTDIR}/req ${CLIENT_CADIR} + certu -C -c "chain-2-clientCA" -m 302 -v 60 -d "${P_CLIENT_CADIR}" \ + -i req -o "${CERTNAME}-dsamixed.cert" -f "${R_PWFILE}" 2>&1 + + CU_ACTION="Import $CERTNAME's mixed DSA Cert -t u,u,u (ext)" + certu -A -n "${CERTNAME}-dsamixed" -t "u,u,u" -d "${PROFILEDIR}" \ + -f "${R_PWFILE}" -i "${CERTNAME}-dsamixed.cert" 2>&1 + +# CU_ACTION="Import Server DSA Root CA -t C,C,C for $CERTNAME (ext.)" +# certu -A -n "serverCA-dsa" -t "C,C,C" -f "${R_PWFILE}" \ +# -d "${PROFILEDIR}" -i "${SERVER_CADIR}/serverCA-dsa.ca.cert" 2>&1 +# +# done with mixed DSA certs +# + if [ -z "$NSS_DISABLE_ECC" ] ; then # # Repeat the above for EC certs @@ -883,7 +1134,7 @@ cert_extended_ssl() for CA in `find ${CLIENT_CADIR} -name "?*.ca.cert"` ; do N=`basename $CA | sed -e "s/.ca.cert//"` - if [ $N = "clientCA" -o $N = "clientCA-ec" ] ; then + if [ $N = "clientCA" -o $N = "clientCA-ec" -o $N = "clientCA-dsa" ] ; then T="-t T,C,C" else T="-t u,u,u" @@ -920,6 +1171,10 @@ cert_ssl() cert_add_cert CU_ACTION="Modify trust attributes of Root CA -t TC,TC,TC" certu -M -n "TestCA" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" + + CU_ACTION="Modify trust attributes of DSA Root CA -t TC,TC,TC" + certu -M -n "TestCA-dsa" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" + if [ -z "$NSS_DISABLE_ECC" ] ; then CU_ACTION="Modify trust attributes of EC Root CA -t TC,TC,TC" certu -M -n "TestCA-ec" -t "TC,TC,TC" -d ${PROFILEDIR} -f "${R_PWFILE}" @@ -1422,6 +1677,24 @@ EOF_CRLINI CRL_GEN_RES=`expr $? + $CRL_GEN_RES` chmod 600 ${CRL_FILE_GRP_1}_or + + CU_ACTION="Generating CRL (DSA) for range ${CRL_GRP_1_BEGIN}-${CRL_GRP_END} TestCA-dsa authority" + +# Until Bug 292285 is resolved, do not encode x400 Addresses. After +# the bug is resolved, reintroduce "x400Address:x400Address" within +# addext issuerAltNames ... + crlu -q -d $CADIR -G -n "TestCA-dsa" -f ${R_PWFILE} \ + -o ${CRL_FILE_GRP_1}_or-dsa < ${SERVEROUTFILE} 2>&1 & RET=$? else ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} \ - ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose & + ${ECC_OPTIONS} -S ${HOSTADDR}-dsa -w nss ${sparam} -i ${R_SERVERPID} $verbose -H 1 & RET=$? fi diff --git a/security/nss/tests/ssl/sslcov.txt b/security/nss/tests/ssl/sslcov.txt index c4fee164..c050dd8b 100644 --- a/security/nss/tests/ssl/sslcov.txt +++ b/security/nss/tests/ssl/sslcov.txt @@ -86,10 +86,21 @@ noECC TLS12 v TLS12_RSA_WITH_AES_128_CBC_SHA noECC TLS12 y TLS12_RSA_WITH_AES_256_CBC_SHA noECC TLS12 z TLS12_RSA_WITH_NULL_SHA + noECC TLS12 :0016 TLS12_DHE_RSA_WITH_3DES_EDE_CBC_SHA + noECC TLS12 :0032 TLS12_DHE_DSS_WITH_AES_128_CBC_SHA + noECC TLS12 :0033 TLS12_DHE_RSA_WITH_AES_128_CBC_SHA + noECC TLS12 :0038 TLS12_DHE_DSS_WITH_AES_256_CBC_SHA + noECC TLS12 :0039 TLS12_DHE_RSA_WITH_AES_256_CBC_SHA noECC TLS12 :003B TLS12_RSA_WITH_NULL_SHA256 noECC TLS12 :003C TLS12_RSA_WITH_AES_128_CBC_SHA256 noECC TLS12 :003D TLS12_RSA_WITH_AES_256_CBC_SHA256 + noECC TLS12 :0040 TLS12_DHE_DSS_WITH_AES_128_CBC_SHA256 + noECC TLS12 :0067 TLS12_DHE_RSA_WITH_AES_128_CBC_SHA256 + noECC TLS12 :006A TLS12_DHE_DSS_WITH_AES_256_CBC_SHA256 + noECC TLS12 :006B TLS12_DHE_RSA_WITH_AES_256_CBC_SHA256 noECC TLS12 :009C TLS12_RSA_WITH_AES_128_GCM_SHA256 + noECC TLS12 :009E TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256 + noECC TLS12 :00A2 TLS12_DHE_DSS_WITH_AES_128_GCM_SHA256 # # ECC ciphers (TLS) # diff --git a/security/nss/tests/ssl/sslstress.txt b/security/nss/tests/ssl/sslstress.txt index dded8bd9..738d6904 100644 --- a/security/nss/tests/ssl/sslstress.txt +++ b/security/nss/tests/ssl/sslstress.txt @@ -44,6 +44,7 @@ ECC 0 -c_:C027 -V_ssl3:_-c_1000_-C_:C027 Stress TLS ECDHE-RSA AES 128 CBC with SHA256 ECC 0 -c_:C02F -V_ssl3:_-c_1000_-C_:C02F Stress TLS ECDHE-RSA AES 128 GCM ECC 0 -c_:C004_-u -V_ssl3:_-c_1000_-C_:C004_-u Stress TLS ECDH-ECDSA AES 128 CBC with SHA (session ticket) + ECC 0 -c_:C009_-u -V_ssl3:_-c_100_-C_:C009_-u Stress TLS ECDHE-ECDSA AES 128 CBC with SHA (session ticket) # # add client auth versions here... # @@ -53,3 +54,33 @@ ECC 0 -r_-r_-c_:C00E -V_ssl3:_-c_10_-C_:C00E_-N_-n_TestUser-ecmixed Stress TLS ECDH-RSA AES 128 CBC with SHA (no reuse, client auth) ECC 0 -r_-r_-c_:C013 -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec Stress TLS ECDHE-RSA AES 128 CBC with SHA(client auth) ECC 0 -r_-r_-c_:C013_-u -V_ssl3:_-c_100_-C_:C013_-n_TestUser-ec_-u Stress TLS ECDHE-RSA AES 128 CBC with SHA(session ticket, client auth) + +# +# ############################ DHE ciphers ############################ +# + noECC 0 -c_:0016 -V_ssl3:_-c_100_-C_:0016_-N Stress TLS DHE_RSA_WITH_3DES_EDE_CBC_SHA (no reuse) + noECC 0 -c_:0033 -V_ssl3:_-c_1000_-C_:0033 Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA + + + noECC 0 -c_:0039 -V_ssl3:_-c_100_-C_:0039_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA (no reuse) + noECC 0 -c_:0040 -V_ssl3:_-c_100_-C_:0040_-N Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA256 (no reuse) + +# noECC 0 -c_:0038_-u -V_ssl3:_-c_1000_-C_:0038_-u Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (session ticket) +# use the above session ticket test, once session tickets with DHE_DSS are working + noECC 0 -c_:0038 -V_ssl3:_-c_1000_-C_:0038_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA (no reuse) + +# noECC 0 -c_:006A -V_ssl3:_-c_1000_-C_:006A Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 +# use the above reuse test, once the session cache with DHE_DSS is working + noECC 0 -c_:006A -V_ssl3:_-c_1000_-C_:006A_-N Stress TLS DHE_DSS_WITH_AES_256_CBC_SHA256 (no reuse + + noECC 0 -c_:006B -V_ssl3:_-c_100_-C_:006B_-N Stress TLS DHE_RSA_WITH_AES_256_CBC_SHA256 (no reuse) + noECC 0 -c_:009E -V_ssl3:_-c_100_-C_:009E_-N Stress TLS DHE_RSA_WITH_AES_128_GCM_SHA256 (no reuse) +# +# add client auth versions here... +# + noECC 0 -r_-r_-c_:0032 -V_ssl3:_-c_100_-C_:0032_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_CBC_SHA (no reuse, client auth) + noECC 0 -r_-r_-c_:0067 -V_ssl3:_-c_1000_-C_:0067_-n_TestUser-dsamixed Stress TLS DHE_RSA_WITH_AES_128_CBC_SHA256 (client auth) + +# noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:_-c_1000_-C_:00A2_-n_TestUser-dsa_-u Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (session ticket, client auth) +# use the above session ticket test, once session tickets with DHE_DSS are working + noECC 0 -r_-r_-c_:00A2_-u -V_ssl3:_-c_1000_-C_:00A2_-N_-n_TestUser-dsa Stress TLS DHE_DSS_WITH_AES_128_GCM_SHA256 (no reuse, client auth)