diff --git a/security/nss/.gitignore b/security/nss/.gitignore deleted file mode 100644 index 1d04dfab0bd..00000000000 --- a/security/nss/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -*~ -*.swp -*OPT.OBJ/ -*DBG.OBJ/ -*DBG.OBJD/ diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO index 38b5226b1a8..c113f6117b6 100644 --- a/security/nss/TAG-INFO +++ b/security/nss/TAG-INFO @@ -1 +1 @@ -NSS_3_21_Beta2 +NSS_3_20_RTM diff --git a/security/nss/circle.yml b/security/nss/circle.yml deleted file mode 100644 index 60cfaec6e01..00000000000 --- a/security/nss/circle.yml +++ /dev/null @@ -1,18 +0,0 @@ -checkout: - post: - - cd ..; hg clone https://hg.mozilla.org/projects/nspr - -test: - override: - - make nss_build_all - - cd tests; NSS_TESTS=ssl_gtests NSS_CYCLES=standard ./all.sh - -machine: - environment: - { USE_64: 1, - NSS_ENABLE_TLS_1_3: 1, - NSS_BUILD_GTESTS: 1, - } - hosts: - - diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index 204814d82d8..7761918088d 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -56,7 +56,8 @@ char *testdir = NULL; #define TIMEMARK(seconds) \ time1 = PR_SecondsToInterval(seconds); \ { \ - PRInt64 tmp; \ + PRInt64 tmp, L100; \ + LL_I2L(L100, 100); \ if (time2 == 0) { \ time2 = 1; \ } \ @@ -312,6 +313,7 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file) { unsigned char len[4]; int i; + SECStatus status; NSSBase64Encoder *cx; cx = NSSBase64Encoder_Create(output_ascii, file); for (i=0; ilen >> 16) & 0xff; len[2] = (it->len >> 8) & 0xff; len[3] = (it->len & 0xff); - NSSBase64Encoder_Update(cx, len, 4); - NSSBase64Encoder_Update(cx, it->data, it->len); + status = NSSBase64Encoder_Update(cx, len, 4); + status = NSSBase64Encoder_Update(cx, it->data, it->len); } - NSSBase64Encoder_Destroy(cx, PR_FALSE); - PR_Write(file, "\r\n", 2); + status = NSSBase64Encoder_Destroy(cx, PR_FALSE); + status = PR_Write(file, "\r\n", 2); } void @@ -1434,7 +1436,7 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) int minorMode; int i; int keylen = aesp->key.buf.len; - unsigned int blocklen = AES_BLOCK_SIZE; + int blocklen = AES_BLOCK_SIZE; PRIntervalTime time1, time2; unsigned char *params; int len; @@ -1633,8 +1635,6 @@ bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP : rsa_decryptOAEP; break; - default: - break; } return SECSuccess; } @@ -2569,6 +2569,8 @@ printPR_smpString(const char *sformat, char *reportStr, fprintf(stdout, sformat, reportStr); PR_smprintf_free(reportStr); } else { + int prnRes; + LL_L2I(prnRes, rNum); fprintf(stdout, nformat, rNum); } } @@ -2789,8 +2791,8 @@ mode_str_to_hash_alg(const SECItem *modeStr) case bltestSHA256: return HASH_AlgSHA256; case bltestSHA384: return HASH_AlgSHA384; case bltestSHA512: return HASH_AlgSHA512; - default: return HASH_AlgNULL; } + return HASH_AlgNULL; } void @@ -3002,7 +3004,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, bltestIO pt, ct; bltestCipherMode mode; bltestParams *params; - unsigned int i, j, nummodes, numtests; + int i, j, nummodes, numtests; char *modestr; char filename[256]; PLArenaPool *arena; @@ -3455,12 +3457,13 @@ static secuCommandFlag bltest_options[] = int main(int argc, char **argv) { + char *infileName, *outfileName, *keyfileName, *ivfileName; SECStatus rv = SECFailure; - double totalTime = 0.0; + double totalTime; PRIntervalTime time1, time2; PRFileDesc *outfile = NULL; - bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL; + bltestCipherInfo *cipherInfoListHead, *cipherInfo; bltestIOMode ioMode; int bufsize, exponent, curThrdNum; #ifndef NSS_DISABLE_ECC @@ -3508,6 +3511,8 @@ int main(int argc, char **argv) cipherInfo = PORT_ZNew(bltestCipherInfo); cipherInfoListHead = cipherInfo; + /* set some defaults */ + infileName = outfileName = keyfileName = ivfileName = NULL; /* Check the number of commands entered on the command line. */ commandsEntered = 0; @@ -3552,7 +3557,7 @@ int main(int argc, char **argv) unsigned int keySize = 1024; unsigned long exponent = 65537; int rounds = 1; - int ret = -1; + int ret; if (bltest.options[opt_KeySize].activated) { keySize = PORT_Atoi(bltest.options[opt_KeySize].arg); @@ -3707,10 +3712,8 @@ int main(int argc, char **argv) fprintf(stderr, "%s: You must specify a signature file with -f.\n", progName); -print_usage: - if (cipherInfo) { - PORT_Free(cipherInfo); - } + print_usage: + PORT_Free(cipherInfo); Usage(); } diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c index 1095d80edff..9bfa4e869b5 100644 --- a/security/nss/cmd/certcgi/certcgi.c +++ b/security/nss/cmd/certcgi/certcgi.c @@ -356,6 +356,81 @@ find_field_bool(Pair *data, } } +static char * +update_data_by_name(Pair *data, + char *field_name, + char *new_data) + /* replaces the data in the data structure associated with + a name with new data, returns null if not found */ +{ + int i = 0; + int found = 0; + int length = 100; + char *new; + + while (return_name(data, i) != NULL) { + if (PORT_Strcmp(return_name(data, i), field_name) == 0) { + new = make_copy_string( new_data, length, '\0'); + PORT_Free(return_data(data, i)); + found = 1; + (*(data + i)).data = new; + break; + } + i++; + } + if (!found) { + new = NULL; + } + return new; +} + +static char * +update_data_by_index(Pair *data, + int n, + char *new_data) + /* replaces the data of a particular index in the data structure */ +{ + int length = 100; + char *new; + + new = make_copy_string(new_data, length, '\0'); + PORT_Free(return_data(data, n)); + (*(data + n)).data = new; + return new; +} + + +static Pair * +add_field(Pair *data, + char* field_name, + char* field_data) + /* adds a new name/data pair to the data structure */ +{ + int i = 0; + int j; + int name_length = 100; + int data_length = 100; + + while(return_name(data, i) != NULL) { + i++; + } + j = START_FIELDS; + while ( j < (i + 1) ) { + j = j * 2; + } + if (j == (i + 1)) { + data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); + if (data == NULL) { + error_allocate(); + } + } + (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); + (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); + (data + i + 1)->name = NULL; + return data; +} + + static CERTCertificateRequest * makeCertReq(Pair *form_data, int which_priv_key) @@ -452,6 +527,10 @@ MakeV1Cert(CERTCertDBHandle *handle, PRExplodedTime printableTime; PRTime now, after; + SECStatus rv; + + + if ( !selfsign ) { issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); if (!issuerCert) { @@ -460,7 +539,7 @@ MakeV1Cert(CERTCertDBHandle *handle, } } if (find_field_bool(data, "manValidity", PR_TRUE)) { - (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); + rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); } else { now = PR_Now(); } @@ -471,7 +550,7 @@ MakeV1Cert(CERTCertDBHandle *handle, PR_ExplodeTime (now, PR_GMTParameters, &printableTime); } if (find_field_bool(data, "manValidity", PR_TRUE)) { - (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); + rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); PR_ExplodeTime (after, PR_GMTParameters, &printableTime); } else { printableTime.tm_month += 3; @@ -508,11 +587,11 @@ get_serial_number(Pair *data) if (find_field_bool(data, "serial-auto", PR_TRUE)) { serialFile = fopen(filename, "r"); if (serialFile != NULL) { - size_t nread = fread(&serial, sizeof(int), 1, serialFile); - if (ferror(serialFile) != 0 || nread != 1) { + fread(&serial, sizeof(int), 1, serialFile); + if (ferror(serialFile) != 0) { error_out("Error: Unable to read serial number file"); } - if (serial == -1) { + if (serial == 4294967295) { serial = 21; } fclose(serialFile); @@ -1338,49 +1417,52 @@ string_to_ipaddress(char *string) return ipaddress; } -static int -chr_to_hex(char c) { - if (isdigit(c)) { - return c - '0'; - } - if (isxdigit(c)) { - return toupper(c) - 'A' + 10; - } - return -1; -} - static SECItem * -string_to_binary(char *string) +string_to_binary(char *string) { SECItem *rv; + int high_digit; + int low_digit; rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); if (rv == NULL) { error_allocate(); } rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - rv->len = 0; - while (*string && !isxdigit(*string)) { + while (!isxdigit(*string)) { string++; } - while (*string) { - int high, low; - high = chr_to_hex(*string++); - low = chr_to_hex(*string++); - if (high < 0 || low < 0) { - error_out("ERROR: Improperly formated binary encoding"); - } - rv->data[(rv->len)++] = high << 4 | low; - if (*string != ':') { - break; - } - ++string; - } - while (*string == ' ') { - ++string; - } - if (*string) { - error_out("ERROR: Junk after binary encoding"); + rv->len = 0; + while (*string != '\0') { + if (isxdigit(*string)) { + if (*string >= '0' && *string <= '9') { + high_digit = *string - '0'; + } else { + *string = toupper(*string); + high_digit = *string - 'A' + 10; + } + string++; + if (*string >= '0' && *string <= '9') { + low_digit = *string - '0'; + } else { + *string = toupper(*string); + low_digit = *string - 'A' + 10; + } + (rv->len)++; + } else { + if (*string == ':') { + string++; + } else { + if (*string == ' ') { + while (*string == ' ') { + string++; + } + } + if (*string != '\0') { + error_out("ERROR: Improperly formated binary encoding"); + } + } + } } return rv; diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index ab22fbca18f..0d56cd4b406 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -609,27 +609,6 @@ DeleteCert(CERTCertDBHandle *handle, char *name) return rv; } -static SECStatus -RenameCert(CERTCertDBHandle *handle, char *name, char *newName) -{ - SECStatus rv; - CERTCertificate *cert; - - cert = CERT_FindCertByNicknameOrEmailAddr(handle, name); - if (!cert) { - SECU_PrintError(progName, "could not find certificate named \"%s\"", - name); - return SECFailure; - } - - rv = __PK11_SetCertificateNickname(cert, newName); - CERT_DestroyCertificate(cert); - if (rv) { - SECU_PrintError(progName, "unable to rename certificate"); - } - return rv; -} - static SECStatus ValidateCert(CERTCertDBHandle *handle, char *name, char *date, char *certUsage, PRBool checkSig, PRBool logit, @@ -1005,8 +984,6 @@ PrintSyntax(char *progName) "\t\t [-8 dns-names] [-a]\n", progName); FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName); - FPS "\t%s --rename -n cert-name --new-n new-cert-name\n" - "\t\t [-d certdir] [-P dbprefix]\n", progName); FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", progName); FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix]\n", @@ -1573,25 +1550,6 @@ static void luW(enum usage_level ul, const char *command) FPS "\n"); } -static void luRename(enum usage_level ul, const char *command) -{ - int is_my_command = (command && 0 == strcmp(command, "rename")); - if (ul == usage_all || !command || is_my_command) - FPS "%-15s Change the database nickname of a certificate\n", - "--rename"); - if (ul == usage_selected && !is_my_command) - return; - FPS "%-20s The old nickname of the cert to rename\n", - " -n cert-name"); - FPS "%-20s The new nickname of the cert to rename\n", - " --new-n new-name"); - FPS "%-20s Cert database directory (default is ~/.netscape)\n", - " -d certdir"); - FPS "%-20s Cert & Key database prefix\n", - " -P dbprefix"); - FPS "\n"); -} - static void luUpgradeMerge(enum usage_level ul, const char *command) { int is_my_command = (command && 0 == strcmp(command, "upgrade-merge")); @@ -1754,7 +1712,6 @@ static void LongUsage(char *progName, enum usage_level ul, const char *command) luC(ul, command); luG(ul, command); luD(ul, command); - luRename(ul, command); luF(ul, command); luU(ul, command); luK(ul, command); @@ -2254,7 +2211,6 @@ enum { cmd_Batch, cmd_Merge, cmd_UpgradeMerge, /* test only */ - cmd_Rename, max_cmd }; @@ -2323,7 +2279,6 @@ enum certutilOpts { opt_AddSubjectAltNameExt, opt_DumpExtensionValue, opt_GenericExtensions, - opt_NewNickname, opt_Help }; @@ -2354,9 +2309,7 @@ secuCommandFlag commands_init[] = { /* cmd_Batch */ 'B', PR_FALSE, 0, PR_FALSE }, { /* cmd_Merge */ 0, PR_FALSE, 0, PR_FALSE, "merge" }, { /* cmd_UpgradeMerge */ 0, PR_FALSE, 0, PR_FALSE, - "upgrade-merge" }, - { /* cmd_Rename */ 0, PR_FALSE, 0, PR_FALSE, - "rename" } + "upgrade-merge" } }; #define NUM_COMMANDS ((sizeof commands_init) / (sizeof commands_init[0])) @@ -2442,8 +2395,6 @@ secuCommandFlag options_init[] = "dump-ext-val"}, { /* opt_GenericExtensions */ 0, PR_TRUE, 0, PR_FALSE, "extGeneric"}, - { /* opt_NewNickname */ 0, PR_TRUE, 0, PR_FALSE, - "new-n"}, }; #define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0])) @@ -2477,7 +2428,6 @@ certutil_main(int argc, char **argv, PRBool initialize) char * upgradeTokenName = ""; KeyType keytype = rsaKey; char * name = NULL; - char * newName = NULL; char * email = NULL; char * keysource = NULL; SECOidTag hashAlgTag = SEC_OID_UNKNOWN; @@ -2836,19 +2786,6 @@ certutil_main(int argc, char **argv, PRBool initialize) return 255; } - /* Rename needs an old and a new nickname */ - if (certutil.commands[cmd_Rename].activated && - !(certutil.options[opt_Nickname].activated && - certutil.options[opt_NewNickname].activated)) { - - PR_fprintf(PR_STDERR, - "%s --rename: specify an old nickname (-n) and\n" - " a new nickname (--new-n).\n", - progName); - return 255; - } - - /* Upgrade/Merge needs a source database and a upgrade id. */ if (certutil.commands[cmd_UpgradeMerge].activated && !(certutil.options[opt_SourceDir].activated && @@ -2930,7 +2867,6 @@ certutil_main(int argc, char **argv, PRBool initialize) } name = SECU_GetOptionArg(&certutil, opt_Nickname); - newName = SECU_GetOptionArg(&certutil, opt_NewNickname); email = SECU_GetOptionArg(&certutil, opt_Emailaddress); PK11_SetPasswordFunc(SECU_GetModulePassword); @@ -3169,11 +3105,6 @@ merge_fail: rv = DeleteCert(certHandle, name); goto shutdown; } - /* Rename cert (--rename) */ - if (certutil.commands[cmd_Rename].activated) { - rv = RenameCert(certHandle, name, newName); - goto shutdown; - } /* Delete key (-F) */ if (certutil.commands[cmd_DeleteKey].activated) { rv = DeleteKey(name, &pwdata); diff --git a/security/nss/cmd/checkcert/checkcert.c b/security/nss/cmd/checkcert/checkcert.c index 235451c3926..2a62a08ee53 100644 --- a/security/nss/cmd/checkcert/checkcert.c +++ b/security/nss/cmd/checkcert/checkcert.c @@ -122,6 +122,7 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, SECStatus rv; VFYContext *cx; SECOidData *sigAlgOid, *oiddata; + SECOidTag sigAlgTag; SECOidTag hashAlgTag; int showDigestOid=0; @@ -133,6 +134,8 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); if (sigAlgOid == 0) return SECFailure; + sigAlgTag = sigAlgOid->offset; + if (showDigestOid) { oiddata = SECOID_FindOIDByTag(hashAlgTag); @@ -385,7 +388,7 @@ int main(int argc, char **argv) SECU_RegisterDynamicOids(); rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, - (SECU_PPFunc)SECU_PrintCertificate); + SECU_PrintCertificate); if (rv) { fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c index 1fad324909d..4eb16f71f16 100644 --- a/security/nss/cmd/crlutil/crlgen.c +++ b/security/nss/cmd/crlutil/crlgen.c @@ -545,7 +545,7 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; void *dummy; - void *mark = NULL; + void *mark; int code = 0; PORT_Assert(arena && dataArr); @@ -583,9 +583,7 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - if (mark) { - PORT_ArenaRelease (arena, mark); - } + PORT_ArenaRelease (arena, mark); return NULL; } @@ -597,7 +595,7 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; int length = 0; - void *mark = NULL; + void *mark; PORT_Assert(arena && dataArr); if (!arena || !dataArr) { @@ -626,9 +624,7 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - if (mark) { - PORT_ArenaRelease(arena, mark); - } + PORT_ArenaRelease(arena, mark); return NULL; } @@ -1083,6 +1079,7 @@ static SECStatus crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) { PRUint64 i = 0; + PLArenaPool *arena; PORT_Assert(crlGenData && certId); if (!crlGenData || !certId) { @@ -1090,6 +1087,8 @@ crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) return SECFailure; } + arena = crlGenData->signCrl->arena; + if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && certId) { return SECFailure; diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c index d5013714024..dd9f4932eec 100644 --- a/security/nss/cmd/crlutil/crlutil.c +++ b/security/nss/cmd/crlutil/crlutil.c @@ -128,7 +128,7 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool dele while (crlNode) { char* asciiname = NULL; CERTCertificate *cert = NULL; - if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) { + if (crlNode->crl && &crlNode->crl->crl.derName) { cert = CERT_FindCertByName(certHandle, &crlNode->crl->crl.derName); if (!cert) { @@ -698,7 +698,6 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName, inFile, decodeOptions, importOptions); if (signCrl == NULL) { - rv = SECFailure; goto loser; } } @@ -706,7 +705,6 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, if (!cert) { cert = FindSigningCert(certHandle, signCrl, certNickName); if (cert == NULL) { - rv = SECFailure; goto loser; } } @@ -723,10 +721,8 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, outFileName); } signCrl = CreateNewCrl(arena, certHandle, cert); - if (!signCrl) { - rv = SECFailure; + if (!signCrl) goto loser; - } } rv = UpdateCrl(signCrl, inCrlInitFile); diff --git a/security/nss/cmd/crmftest/testcrmf.c b/security/nss/cmd/crmftest/testcrmf.c index a1343436ef9..ce3d7cfb9a5 100644 --- a/security/nss/cmd/crmftest/testcrmf.c +++ b/security/nss/cmd/crmftest/testcrmf.c @@ -127,17 +127,13 @@ debug_test(SECItem *src, char *filePath) SECStatus get_serial_number(long *dest) { - SECStatus rv; + SECStatus rv; - if (dest == NULL) { + if (dest == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; - } + } rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long)); - if (rv != SECSuccess) { - /* PK11_GenerateRandom calls PORT_SetError */ - return SECFailure; - } /* make serial number positive */ if (*dest < 0L) *dest = - *dest; @@ -941,6 +937,18 @@ DoCMMFStuff(void) return rv; } +static CK_MECHANISM_TYPE +mapWrapKeyType(KeyType keyType) +{ + switch (keyType) { + case rsaKey: + return CKM_RSA_PKCS; + default: + break; + } + return CKM_INVALID_MECHANISM; +} + #define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/ int @@ -1525,6 +1533,10 @@ main(int argc, char **argv) PRUint32 flags = 0; SECStatus rv; PRBool nssInit = PR_FALSE; + PRBool pArg = PR_FALSE; + PRBool eArg = PR_FALSE; + PRBool sArg = PR_FALSE; + PRBool PArg = PR_FALSE; memset( &signPair, 0, sizeof signPair); memset( &cryptPair, 0, sizeof cryptPair); @@ -1547,6 +1559,7 @@ main(int argc, char **argv) printf ("-p failed\n"); return 603; } + pArg = PR_TRUE; break; case 'e': recoveryEncrypter = PORT_Strdup(optstate->value); @@ -1554,6 +1567,7 @@ main(int argc, char **argv) printf ("-e failed\n"); return 602; } + eArg = PR_TRUE; break; case 's': caCertName = PORT_Strdup(optstate->value); @@ -1561,6 +1575,7 @@ main(int argc, char **argv) printf ("-s failed\n"); return 604; } + sArg = PR_TRUE; break; case 'P': password = PORT_Strdup(optstate->value); @@ -1570,6 +1585,7 @@ main(int argc, char **argv) } pwdata.source = PW_PLAINTEXT; pwdata.data = password; + PArg = PR_TRUE; break; case 'f': pwfile = PORT_Strdup(optstate->value); diff --git a/security/nss/cmd/fipstest/fipstest.c b/security/nss/cmd/fipstest/fipstest.c index 6a2cf2cc6bb..cdd6b1aa545 100644 --- a/security/nss/cmd/fipstest/fipstest.c +++ b/security/nss/cmd/fipstest/fipstest.c @@ -17,21 +17,6 @@ #include "hasht.h" #include "lowkeyi.h" #include "softoken.h" -#include "pkcs11t.h" -#define __PASTE(x,y) x##y -#undef CK_PKCS11_FUNCTION_INFO -#undef CK_NEED_ARG_LIST -#define CK_EXTERN extern -#define CK_PKCS11_FUNCTION_INFO(func) \ - CK_RV __PASTE(NS,func) -#define CK_NEED_ARG_LIST 1 -#include "pkcs11f.h" -#undef CK_PKCS11_FUNCTION_INFO -#undef CK_NEED_ARG_LIST -#undef __PASTE -#define SSL3_RANDOM_LENGTH 32 - - #if 0 #include "../../lib/freebl/mpi/mpi.h" @@ -61,18 +46,18 @@ hex_to_byteval(const char *c2, unsigned char *byteval) unsigned char offset; *byteval = 0; for (i=0; i<2; i++) { - if (c2[i] >= '0' && c2[i] <= '9') { - offset = c2[i] - '0'; - *byteval |= offset << 4*(1-i); - } else if (c2[i] >= 'a' && c2[i] <= 'f') { - offset = c2[i] - 'a'; - *byteval |= (offset + 10) << 4*(1-i); - } else if (c2[i] >= 'A' && c2[i] <= 'F') { - offset = c2[i] - 'A'; - *byteval |= (offset + 10) << 4*(1-i); - } else { - return SECFailure; - } + if (c2[i] >= '0' && c2[i] <= '9') { + offset = c2[i] - '0'; + *byteval |= offset << 4*(1-i); + } else if (c2[i] >= 'a' && c2[i] <= 'f') { + offset = c2[i] - 'a'; + *byteval |= (offset + 10) << 4*(1-i); + } else if (c2[i] >= 'A' && c2[i] <= 'F') { + offset = c2[i] - 'A'; + *byteval |= (offset + 10) << 4*(1-i); + } else { + return SECFailure; + } } return SECSuccess; } @@ -83,12 +68,12 @@ byteval_to_hex(unsigned char byteval, char *c2, char a) int i; unsigned char offset; for (i=0; i<2; i++) { - offset = (byteval >> 4*(1-i)) & 0x0f; - if (offset < 10) { - c2[i] = '0' + offset; - } else { - c2[i] = a + offset - 10; - } + offset = (byteval >> 4*(1-i)) & 0x0f; + if (offset < 10) { + c2[i] = '0' + offset; + } else { + c2[i] = a + offset - 10; + } } return SECSuccess; } @@ -98,7 +83,7 @@ to_hex_str(char *str, const unsigned char *buf, unsigned int len) { unsigned int i; for (i=0; i 2*len) { - /* - * The input hex string is too long, but we allow it if the - * extra digits are leading 0's. - */ - for (j = 0; j < nxdigit-2*len; j++) { - if (str[j] != '0') { - return PR_FALSE; - } - } - /* skip leading 0's */ - str += nxdigit-2*len; - nxdigit = 2*len; + /* + * The input hex string is too long, but we allow it if the + * extra digits are leading 0's. + */ + for (j = 0; j < nxdigit-2*len; j++) { + if (str[j] != '0') { + return PR_FALSE; + } + } + /* skip leading 0's */ + str += nxdigit-2*len; + nxdigit = 2*len; } for (i=0, j=0; i< len; i++) { - if (2*i < 2*len-nxdigit) { - /* Handle a short input as if we padded it with leading 0's. */ - if (2*i+1 < 2*len-nxdigit) { - buf[i] = 0; - } else { - char tmp[2]; - tmp[0] = '0'; - tmp[1] = str[j]; - hex_to_byteval(tmp, &buf[i]); - j++; - } - } else { - hex_to_byteval(&str[j], &buf[i]); - j += 2; - } + if (2*i < 2*len-nxdigit) { + /* Handle a short input as if we padded it with leading 0's. */ + if (2*i+1 < 2*len-nxdigit) { + buf[i] = 0; + } else { + char tmp[2]; + tmp[0] = '0'; + tmp[1] = str[j]; + hex_to_byteval(tmp, &buf[i]); + j++; + } + } else { + hex_to_byteval(&str[j], &buf[i]); + j += 2; + } } return PR_TRUE; } @@ -303,11 +288,11 @@ tdea_kat_mmt(char *reqfn) FILE *req; /* input stream from the REQUEST file */ FILE *resp; /* output stream to the RESPONSE file */ int i, j; - int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ + int mode; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ unsigned char key[24]; /* TDEA 3 key bundle */ unsigned int numKeys = 0; - unsigned char iv[8]; /* for all modes except ECB */ + unsigned char iv[8]; /* for all modes except ECB */ unsigned char plaintext[8*20]; /* 1 to 20 blocks */ unsigned int plaintextlen; unsigned char ciphertext[8*20]; /* 1 to 20 blocks */ @@ -891,14 +876,14 @@ aes_encrypt_buf( cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Encrypt(cx, output, outputlen, maxoutputlen, input, inputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (*outputlen != inputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; @@ -909,26 +894,26 @@ aes_encrypt_buf( */ cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Decrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, - output, *outputlen); + output, *outputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (doublechecklen != *outputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; if (memcmp(doublecheck, input, inputlen) != 0) { - goto loser; + goto loser; } rv = SECSuccess; loser: if (cx != NULL) { - AES_DestroyContext(cx, PR_TRUE); + AES_DestroyContext(cx, PR_TRUE); } return rv; } @@ -948,15 +933,15 @@ aes_decrypt_buf( cx = AES_CreateContext(key, iv, mode, PR_FALSE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Decrypt(cx, output, outputlen, maxoutputlen, - input, inputlen); + input, inputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (*outputlen != inputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; @@ -967,245 +952,29 @@ aes_decrypt_buf( */ cx = AES_CreateContext(key, iv, mode, PR_TRUE, keysize, 16); if (cx == NULL) { - goto loser; + goto loser; } rv = AES_Encrypt(cx, doublecheck, &doublechecklen, sizeof doublecheck, - output, *outputlen); + output, *outputlen); if (rv != SECSuccess) { - goto loser; + goto loser; } if (doublechecklen != *outputlen) { - goto loser; + goto loser; } AES_DestroyContext(cx, PR_TRUE); cx = NULL; if (memcmp(doublecheck, input, inputlen) != 0) { - goto loser; + goto loser; } rv = SECSuccess; loser: if (cx != NULL) { - AES_DestroyContext(cx, PR_TRUE); + AES_DestroyContext(cx, PR_TRUE); } return rv; } -/* - * Perform the AES GCM tests. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ -void -aes_gcm(char *reqfn, int encrypt) -{ - char buf[512]; /* holds one line from the input REQUEST file. - * needs to be large enough to hold the longest - * line "CIPHERTEXT = <320 hex digits>\n". - */ - FILE *aesreq; /* input stream from the REQUEST file */ - FILE *aesresp; /* output stream to the RESPONSE file */ - int i, j; - unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize = 0; - unsigned char iv[128]; /* handle large gcm IV's */ - unsigned char plaintext[10*16]; /* 1 to 10 blocks */ - unsigned int plaintextlen; - unsigned char ciphertext[11*16]; /* 1 to 10 blocks + tag */ - unsigned int ciphertextlen; - unsigned char aad[11*16]; /* 1 to 10 blocks + tag */ - unsigned int aadlen = 0; - unsigned int tagbits; - unsigned int taglen = 0; - unsigned int ivlen; - CK_GCM_PARAMS params; - SECStatus rv; - - aesreq = fopen(reqfn, "r"); - aesresp = stdout; - while (fgets(buf, sizeof buf, aesreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, aesresp); - continue; - } - /* [ENCRYPT] or [DECRYPT] */ - if (buf[0] == '[') { - if (strncmp(buf, "[Taglen", 7) == 0) { - if (sscanf(buf, "[Taglen = %d]", &tagbits) != 1) { - goto loser; - } - taglen = tagbits/8; - } - if (strncmp(buf, "[IVlen", 6) == 0) { - if (sscanf(buf, "[IVlen = %d]", &ivlen) != 1) { - goto loser; - } - ivlen=ivlen/8; - } - fputs(buf, aesresp); - continue; - } - /* "COUNT = x" begins a new data set */ - if (strncmp(buf, "Count", 5) == 0) { - /* zeroize the variables for the test with this data set */ - memset(key, 0, sizeof key); - keysize = 0; - memset(iv, 0, sizeof iv); - memset(plaintext, 0, sizeof plaintext); - plaintextlen = 0; - memset(ciphertext, 0, sizeof ciphertext); - ciphertextlen = 0; - fputs(buf, aesresp); - continue; - } - /* KEY = ... */ - if (strncmp(buf, "Key", 3) == 0) { - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &key[j]); - } - keysize = j; - fputs(buf, aesresp); - continue; - } - /* IV = ... */ - if (strncmp(buf, "IV", 2) == 0) { - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j=0; j--) { + if (last < 0) { + last = (hash[i] & (1 << j)) ? 1 : 0; + fprintf(out, "%d ", last); + count = 1; + } else if (hash[i] & (1 << j)) { + if (last) { + count++; + } else { + last = 0; + fprintf(out, "%d ", count); + count = 1; + z++; + } + } else { + if (!last) { + count++; + } else { + last = 1; + fprintf(out, "%d ", count); + count = 1; + z++; + } + } + } } fprintf(out, "^\n"); fseek(out, start, SEEK_SET); @@ -2058,23 +1827,23 @@ int get_next_line(FILE *req, char *key, char *val, FILE *rsp) int w = 0; int c; while ((c = fgetc(req)) != EOF) { - if (ignore) { - fprintf(rsp, "%c", c); - if (c == '\n') return ignore; - } else if (c == '\n') { - break; - } else if (c == '#') { - ignore = 1; - fprintf(rsp, "%c", c); - } else if (c == '=') { - writeto[w] = '\0'; - w = 0; - writeto = val; - } else if (c == ' ' || c == '[' || c == ']') { - continue; - } else { - writeto[w++] = c; - } + if (ignore) { + fprintf(rsp, "%c", c); + if (c == '\n') return ignore; + } else if (c == '\n') { + break; + } else if (c == '#') { + ignore = 1; + fprintf(rsp, "%c", c); + } else if (c == '=') { + writeto[w] = '\0'; + w = 0; + writeto = val; + } else if (c == ' ' || c == '[' || c == ']') { + continue; + } else { + writeto[w++] = c; + } } writeto[w] = '\0'; return (c == EOF) ? -1 : ignore; @@ -2181,18 +1950,18 @@ getECParams(const char *curve) if (curve != NULL) { numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair); - for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); - i++) { - if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) - curveOidTag = nameTagPair[i].curveOidTag; - } + for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); + i++) { + if (PL_strcmp(curve, nameTagPair[i].curveName) == 0) + curveOidTag = nameTagPair[i].curveOidTag; + } } /* Return NULL if curve name is not recognized */ if ((curveOidTag == SEC_OID_UNKNOWN) || - (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { + (oidData = SECOID_FindOIDByTag(curveOidTag)) == NULL) { fprintf(stderr, "Unrecognized elliptic curve %s\n", curve); - return NULL; + return NULL; } ecparams = SECITEM_AllocItem(NULL, NULL, (2 + oidData->oid.len)); @@ -2209,121 +1978,6 @@ getECParams(const char *curve) return ecparams; } -/* - * HASH_ functions are available to full NSS apps and internally inside - * freebl, but not exported to users of freebl. Create short stubs to - * replace the functionality for fipstest. - */ -SECStatus -fips_hashBuf(HASH_HashType type, unsigned char *hashBuf, - unsigned char *msg, int len) -{ - SECStatus rv = SECFailure; - - switch (type) { - case HASH_AlgSHA1: - rv = SHA1_HashBuf(hashBuf, msg, len); - break; - case HASH_AlgSHA224: - rv = SHA224_HashBuf(hashBuf, msg, len); - break; - case HASH_AlgSHA256: - rv = SHA256_HashBuf(hashBuf, msg, len); - break; - case HASH_AlgSHA384: - rv = SHA384_HashBuf(hashBuf, msg, len); - break; - case HASH_AlgSHA512: - rv = SHA512_HashBuf(hashBuf, msg, len); - break; - default: - break; - } - return rv; -} - -int -fips_hashLen(HASH_HashType type) -{ - int len = 0; - - switch (type) { - case HASH_AlgSHA1: - len = SHA1_LENGTH; - break; - case HASH_AlgSHA224: - len = SHA224_LENGTH; - break; - case HASH_AlgSHA256: - len = SHA256_LENGTH; - break; - case HASH_AlgSHA384: - len = SHA384_LENGTH; - break; - case HASH_AlgSHA512: - len = SHA512_LENGTH; - break; - default: - break; - } - return len; -} - -SECOidTag -fips_hashOid(HASH_HashType type) -{ - SECOidTag oid = SEC_OID_UNKNOWN; - - switch (type) { - case HASH_AlgSHA1: - oid = SEC_OID_SHA1; - break; - case HASH_AlgSHA224: - oid = SEC_OID_SHA224; - break; - case HASH_AlgSHA256: - oid = SEC_OID_SHA256; - break; - case HASH_AlgSHA384: - oid = SEC_OID_SHA384; - break; - case HASH_AlgSHA512: - oid = SEC_OID_SHA512; - break; - default: - break; - } - return oid; -} - -HASH_HashType -sha_get_hashType(int hashbits) -{ - HASH_HashType hashType = HASH_AlgNULL; - - switch (hashbits) { - case 1: - case (SHA1_LENGTH*PR_BITS_PER_BYTE): - hashType = HASH_AlgSHA1; - break; - case (SHA224_LENGTH*PR_BITS_PER_BYTE): - hashType = HASH_AlgSHA224; - break; - case (SHA256_LENGTH*PR_BITS_PER_BYTE): - hashType = HASH_AlgSHA256; - break; - case (SHA384_LENGTH*PR_BITS_PER_BYTE): - hashType = HASH_AlgSHA384; - break; - case (SHA512_LENGTH*PR_BITS_PER_BYTE): - hashType = HASH_AlgSHA512; - break; - default: - break; - } - return hashType; -} - /* * Perform the ECDSA Key Pair Generation Test. * @@ -2342,7 +1996,7 @@ ecdsa_keypair_test(char *reqfn) FILE *ecdsareq; /* input stream from the REQUEST file */ FILE *ecdsaresp; /* output stream to the RESPONSE file */ char curve[16]; /* "nistxddd" */ - ECParams *ecparams = NULL; + ECParams *ecparams; int N; int i; unsigned int len; @@ -2351,95 +2005,81 @@ ecdsa_keypair_test(char *reqfn) ecdsaresp = stdout; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; - if (buf[1] == 'B') { - fputs(buf, ecdsaresp); - continue; - } - if (ecparams) { - PORT_FreeArena(ecparams->arena, PR_FALSE); - ecparams = NULL; - } + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + fputs(buf, ecdsaresp); + continue; + } + /* N = x */ + if (buf[0] == 'N') { + if (sscanf(buf, "N = %d", &N) != 1) { + goto loser; + } + for (i = 0; i < N; i++) { + ECPrivateKey *ecpriv; - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - fprintf(stderr, "Unknown curve %s.", curve); - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - fprintf(stderr, "Curve %s not supported.\n", curve); - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - fputs(buf, ecdsaresp); - continue; - } - /* N = x */ - if (buf[0] == 'N') { - if (sscanf(buf, "N = %d", &N) != 1) { - goto loser; - } - for (i = 0; i < N; i++) { - ECPrivateKey *ecpriv; - - if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { - goto loser; - } - fputs("d = ", ecdsaresp); - to_hex_str(buf, ecpriv->privateValue.data, - ecpriv->privateValue.len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) - != SECSuccess) { - goto loser; - } - len = ecpriv->publicValue.len; - if (len%2 == 0) { - goto loser; - } - len = (len-1)/2; - if (ecpriv->publicValue.data[0] - != EC_POINT_FORM_UNCOMPRESSED) { - goto loser; - } - fputs("Qx = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("Qy = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputc('\n', ecdsaresp); - PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); - } - continue; - } + if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { + goto loser; + } + fputs("d = ", ecdsaresp); + to_hex_str(buf, ecpriv->privateValue.data, + ecpriv->privateValue.len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) + != SECSuccess) { + goto loser; + } + len = ecpriv->publicValue.len; + if (len%2 == 0) { + goto loser; + } + len = (len-1)/2; + if (ecpriv->publicValue.data[0] + != EC_POINT_FORM_UNCOMPRESSED) { + goto loser; + } + fputs("Qx = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("Qy = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputc('\n', ecdsaresp); + PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); + } + PORT_FreeArena(ecparams->arena, PR_FALSE); + continue; + } } loser: - if (ecparams) { - PORT_FreeArena(ecparams->arena, PR_FALSE); - ecparams = NULL; - } fclose(ecdsareq); } @@ -2463,7 +2103,7 @@ ecdsa_pkv_test(char *reqfn) ECParams *ecparams = NULL; SECItem pubkey; unsigned int i; - unsigned int len = 0; + unsigned int len; PRBool keyvalid = PR_TRUE; ecdsareq = fopen(reqfn, "r"); @@ -2471,94 +2111,92 @@ ecdsa_pkv_test(char *reqfn) strcpy(curve, "nist"); pubkey.data = NULL; while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - fprintf(stderr, "Unknown curve %s.", curve); - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - fprintf(stderr, "Curve %s not supported.\n", curve); - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - len = (ecparams->fieldID.size + 7) >> 3; - if (pubkey.data != NULL) { - PORT_Free(pubkey.data); - pubkey.data = NULL; - } - SECITEM_AllocItem(NULL, &pubkey, 2*len+1); - if (pubkey.data == NULL) { - goto loser; - } - pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; - fputs(buf, ecdsaresp); - continue; - } - /* Qx = ... */ - if (strncmp(buf, "Qx", 2) == 0) { - fputs(buf, ecdsaresp); - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); - continue; - } - /* Qy = ... */ - if (strncmp(buf, "Qy", 2) == 0) { - fputs(buf, ecdsaresp); - if (!keyvalid) { - fputs("Result = F\n", ecdsaresp); - continue; - } - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); - if (!keyvalid) { - fputs("Result = F\n", ecdsaresp); - continue; - } - if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { - fputs("Result = P\n", ecdsaresp); - } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { - fputs("Result = F\n", ecdsaresp); - } else { - goto loser; - } - continue; - } + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + if (ecparams != NULL) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + len = (ecparams->fieldID.size + 7) >> 3; + if (pubkey.data != NULL) { + PORT_Free(pubkey.data); + pubkey.data = NULL; + } + SECITEM_AllocItem(NULL, &pubkey, 2*len+1); + if (pubkey.data == NULL) { + goto loser; + } + pubkey.data[0] = EC_POINT_FORM_UNCOMPRESSED; + fputs(buf, ecdsaresp); + continue; + } + /* Qx = ... */ + if (strncmp(buf, "Qx", 2) == 0) { + fputs(buf, ecdsaresp); + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&pubkey.data[1], len, &buf[i]); + continue; + } + /* Qy = ... */ + if (strncmp(buf, "Qy", 2) == 0) { + fputs(buf, ecdsaresp); + if (!keyvalid) { + fputs("Result = F\n", ecdsaresp); + continue; + } + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&pubkey.data[1+len], len, &buf[i]); + if (!keyvalid) { + fputs("Result = F\n", ecdsaresp); + continue; + } + if (EC_ValidatePublicKey(ecparams, &pubkey) == SECSuccess) { + fputs("Result = P\n", ecdsaresp); + } else if (PORT_GetError() == SEC_ERROR_BAD_KEY) { + fputs("Result = F\n", ecdsaresp); + } else { + goto loser; + } + continue; + } } loser: if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); + PORT_FreeArena(ecparams->arena, PR_FALSE); } if (pubkey.data != NULL) { - PORT_Free(pubkey.data); + PORT_Free(pubkey.data); } fclose(ecdsareq); } @@ -2586,9 +2224,7 @@ ecdsa_siggen_test(char *reqfn) unsigned int len; unsigned char msg[512]; /* message to be signed (<= 128 bytes) */ unsigned int msglen; - unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ - unsigned int shaLength = 0; /* length of SHA */ - HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ + unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; @@ -2596,135 +2232,111 @@ ecdsa_siggen_test(char *reqfn) ecdsaresp = stdout; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - src++; /* skip the comma */ - /* set the SHA Algorithm */ - if (strncmp(src, "SHA-1", 5) == 0) { - shaAlg = HASH_AlgSHA1; - } else if (strncmp(src, "SHA-224", 7) == 0) { - shaAlg = HASH_AlgSHA224; - } else if (strncmp(src, "SHA-256", 7) == 0) { - shaAlg = HASH_AlgSHA256; - } else if (strncmp(src, "SHA-384", 7)== 0) { - shaAlg = HASH_AlgSHA384; - } else if (strncmp(src, "SHA-512", 7) == 0) { - shaAlg = HASH_AlgSHA512; - } else { - fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type"); - goto loser; - } - if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); - ecparams = NULL; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - fprintf(stderr, "Unknown curve %s.", curve); - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - fprintf(stderr, "Curve %s not supported.\n", curve); - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - fputs(buf, ecdsaresp); - continue; - } - /* Msg = ... */ - if (strncmp(buf, "Msg", 3) == 0) { - ECPrivateKey *ecpriv; + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + if (ecparams != NULL) { + PORT_FreeArena(ecparams->arena, PR_FALSE); + ecparams = NULL; + } + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + fputs(buf, ecdsaresp); + continue; + } + /* Msg = ... */ + if (strncmp(buf, "Msg", 3) == 0) { + ECPrivateKey *ecpriv; - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &msg[j]); - } - msglen = j; - shaLength = fips_hashLen(shaAlg); - if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) { - if (shaLength == 0) { - fprintf(ecdsaresp, "ERROR: SHAAlg not defined."); - } - fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x", - shaLength == 160 ? 1 : shaLength); - goto loser; - } - fputs(buf, ecdsaresp); + i = 3; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; isxdigit(buf[i]); i+=2,j++) { + hex_to_byteval(&buf[i], &msg[j]); + } + msglen = j; + if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { + goto loser; + } + fputs(buf, ecdsaresp); - if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { - goto loser; - } - if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) - != SECSuccess) { - goto loser; - } - len = ecpriv->publicValue.len; - if (len%2 == 0) { - goto loser; - } - len = (len-1)/2; - if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { - goto loser; - } - fputs("Qx = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("Qy = ", ecdsaresp); - to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); + if (EC_NewKey(ecparams, &ecpriv) != SECSuccess) { + goto loser; + } + if (EC_ValidatePublicKey(ecparams, &ecpriv->publicValue) + != SECSuccess) { + goto loser; + } + len = ecpriv->publicValue.len; + if (len%2 == 0) { + goto loser; + } + len = (len-1)/2; + if (ecpriv->publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED) { + goto loser; + } + fputs("Qx = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("Qy = ", ecdsaresp); + to_hex_str(buf, &ecpriv->publicValue.data[1+len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); - digest.type = siBuffer; - digest.data = sha; - digest.len = shaLength; - signature.type = siBuffer; - signature.data = sig; - signature.len = sizeof sig; - if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { - goto loser; - } - len = signature.len; - if (len%2 != 0) { - goto loser; - } - len = len/2; - fputs("R = ", ecdsaresp); - to_hex_str(buf, &signature.data[0], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); - fputs("S = ", ecdsaresp); - to_hex_str(buf, &signature.data[len], len); - fputs(buf, ecdsaresp); - fputc('\n', ecdsaresp); + digest.type = siBuffer; + digest.data = sha1; + digest.len = sizeof sha1; + signature.type = siBuffer; + signature.data = sig; + signature.len = sizeof sig; + if (ECDSA_SignDigest(ecpriv, &signature, &digest) != SECSuccess) { + goto loser; + } + len = signature.len; + if (len%2 != 0) { + goto loser; + } + len = len/2; + fputs("R = ", ecdsaresp); + to_hex_str(buf, &signature.data[0], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); + fputs("S = ", ecdsaresp); + to_hex_str(buf, &signature.data[len], len); + fputs(buf, ecdsaresp); + fputc('\n', ecdsaresp); - PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); - continue; - } + PORT_FreeArena(ecpriv->ecParams.arena, PR_TRUE); + continue; + } } loser: if (ecparams != NULL) { - PORT_FreeArena(ecparams->arena, PR_FALSE); + PORT_FreeArena(ecparams->arena, PR_FALSE); } fclose(ecdsareq); } @@ -2748,13 +2360,11 @@ ecdsa_sigver_test(char *reqfn) char curve[16]; /* "nistxddd" */ ECPublicKey ecpub; unsigned int i, j; - unsigned int flen = 0; /* length in bytes of the field size */ - unsigned int olen = 0; /* length in bytes of the base point order */ + unsigned int flen; /* length in bytes of the field size */ + unsigned int olen; /* length in bytes of the base point order */ unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ - unsigned int msglen = 0; - unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */ - unsigned int shaLength = 0; /* length of SHA */ - HASH_HashType shaAlg = HASH_AlgNULL; /* type of SHA Alg */ + unsigned int msglen; + unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; PRBool keyvalid = PR_TRUE; @@ -2765,193 +2375,206 @@ ecdsa_sigver_test(char *reqfn) ecpub.ecParams.arena = NULL; strcpy(curve, "nist"); while (fgets(buf, sizeof buf, ecdsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, ecdsaresp); - continue; - } - /* [X-ddd] */ - if (buf[0] == '[') { - const char *src; - char *dst; - SECItem *encodedparams; - ECParams *ecparams; + /* a comment or blank line */ + if (buf[0] == '#' || buf[0] == '\n') { + fputs(buf, ecdsaresp); + continue; + } + /* [X-ddd] */ + if (buf[0] == '[') { + const char *src; + char *dst; + SECItem *encodedparams; + ECParams *ecparams; - src = &buf[1]; - dst = &curve[4]; - *dst++ = tolower(*src); - src += 2; /* skip the hyphen */ - *dst++ = *src++; - *dst++ = *src++; - *dst++ = *src++; - *dst = '\0'; - src++; /* skip the comma */ - /* set the SHA Algorithm */ - if (strncmp(src, "SHA-1", 5) == 0) { - shaAlg = HASH_AlgSHA1; - } else if (strncmp(src, "SHA-224", 7) == 0) { - shaAlg = HASH_AlgSHA224; - } else if (strncmp(src, "SHA-256", 7) == 0) { - shaAlg = HASH_AlgSHA256; - } else if (strncmp(src, "SHA-384", 7)== 0) { - shaAlg = HASH_AlgSHA384; - } else if (strncmp(src, "SHA-512", 7) == 0) { - shaAlg = HASH_AlgSHA512; - } else { - fprintf(ecdsaresp, "ERROR: Unable to find SHAAlg type"); - goto loser; - } - encodedparams = getECParams(curve); - if (encodedparams == NULL) { - fprintf(stderr, "Unknown curve %s.", curve); - goto loser; - } - if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { - fprintf(stderr, "Curve %s not supported.\n", curve); - goto loser; - } - SECITEM_FreeItem(encodedparams, PR_TRUE); - if (ecpub.ecParams.arena != NULL) { - PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); - } - ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (ecpub.ecParams.arena == NULL) { - goto loser; - } - if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) - != SECSuccess) { - goto loser; - } - PORT_FreeArena(ecparams->arena, PR_FALSE); - flen = (ecpub.ecParams.fieldID.size + 7) >> 3; - olen = ecpub.ecParams.order.len; - if (2*olen > sizeof sig) { - goto loser; - } - ecpub.publicValue.type = siBuffer; - ecpub.publicValue.data = NULL; - ecpub.publicValue.len = 0; - SECITEM_AllocItem(ecpub.ecParams.arena, - &ecpub.publicValue, 2*flen+1); - if (ecpub.publicValue.data == NULL) { - goto loser; - } - ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; - fputs(buf, ecdsaresp); - continue; - } - /* Msg = ... */ - if (strncmp(buf, "Msg", 3) == 0) { - i = 3; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; isxdigit(buf[i]); i+=2,j++) { - hex_to_byteval(&buf[i], &msg[j]); - } - msglen = j; - shaLength = fips_hashLen(shaAlg); - if (fips_hashBuf(shaAlg,sha,msg,msglen) != SECSuccess) { - if (shaLength == 0) { - fprintf(ecdsaresp, "ERROR: SHAAlg not defined."); - } - fprintf(ecdsaresp, "ERROR: Unable to generate SHA%x", - shaLength == 160 ? 1 : shaLength); - goto loser; - } - fputs(buf, ecdsaresp); + src = &buf[1]; + dst = &curve[4]; + *dst++ = tolower(*src); + src += 2; /* skip the hyphen */ + *dst++ = *src++; + *dst++ = *src++; + *dst++ = *src++; + *dst = '\0'; + encodedparams = getECParams(curve); + if (encodedparams == NULL) { + goto loser; + } + if (EC_DecodeParams(encodedparams, &ecparams) != SECSuccess) { + goto loser; + } + SECITEM_FreeItem(encodedparams, PR_TRUE); + if (ecpub.ecParams.arena != NULL) { + PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); + } + ecpub.ecParams.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (ecpub.ecParams.arena == NULL) { + goto loser; + } + if (EC_CopyParams(ecpub.ecParams.arena, &ecpub.ecParams, ecparams) + != SECSuccess) { + goto loser; + } + PORT_FreeArena(ecparams->arena, PR_FALSE); + flen = (ecpub.ecParams.fieldID.size + 7) >> 3; + olen = ecpub.ecParams.order.len; + if (2*olen > sizeof sig) { + goto loser; + } + ecpub.publicValue.type = siBuffer; + ecpub.publicValue.data = NULL; + ecpub.publicValue.len = 0; + SECITEM_AllocItem(ecpub.ecParams.arena, + &ecpub.publicValue, 2*flen+1); + if (ecpub.publicValue.data == NULL) { + goto loser; + } + ecpub.publicValue.data[0] = EC_POINT_FORM_UNCOMPRESSED; + fputs(buf, ecdsaresp); + continue; + } + /* Msg = ... */ + if (strncmp(buf, "Msg", 3) == 0) { + i = 3; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + for (j=0; isxdigit(buf[i]); i+=2,j++) { + hex_to_byteval(&buf[i], &msg[j]); + } + msglen = j; + if (SHA1_HashBuf(sha1, msg, msglen) != SECSuccess) { + goto loser; + } + fputs(buf, ecdsaresp); - digest.type = siBuffer; - digest.data = sha; - digest.len = shaLength; + digest.type = siBuffer; + digest.data = sha1; + digest.len = sizeof sha1; - continue; - } - /* Qx = ... */ - if (strncmp(buf, "Qx", 2) == 0) { - fputs(buf, ecdsaresp); - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, - &buf[i]); - continue; - } - /* Qy = ... */ - if (strncmp(buf, "Qy", 2) == 0) { - fputs(buf, ecdsaresp); - if (!keyvalid) { - continue; - } - i = 2; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, - &buf[i]); - if (!keyvalid) { - continue; - } - if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) - != SECSuccess) { - if (PORT_GetError() == SEC_ERROR_BAD_KEY) { - keyvalid = PR_FALSE; - } else { - goto loser; - } - } - continue; - } - /* R = ... */ - if (buf[0] == 'R') { - fputs(buf, ecdsaresp); - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - sigvalid = from_hex_str(sig, olen, &buf[i]); - continue; - } - /* S = ... */ - if (buf[0] == 'S') { - fputs(buf, ecdsaresp); - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - if (sigvalid) { - sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); - } - signature.type = siBuffer; - signature.data = sig; - signature.len = 2*olen; + continue; + } + /* Qx = ... */ + if (strncmp(buf, "Qx", 2) == 0) { + fputs(buf, ecdsaresp); + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&ecpub.publicValue.data[1], flen, + &buf[i]); + continue; + } + /* Qy = ... */ + if (strncmp(buf, "Qy", 2) == 0) { + fputs(buf, ecdsaresp); + if (!keyvalid) { + continue; + } + i = 2; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + keyvalid = from_hex_str(&ecpub.publicValue.data[1+flen], flen, + &buf[i]); + if (!keyvalid) { + continue; + } + if (EC_ValidatePublicKey(&ecpub.ecParams, &ecpub.publicValue) + != SECSuccess) { + if (PORT_GetError() == SEC_ERROR_BAD_KEY) { + keyvalid = PR_FALSE; + } else { + goto loser; + } + } + continue; + } + /* R = ... */ + if (buf[0] == 'R') { + fputs(buf, ecdsaresp); + i = 1; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + sigvalid = from_hex_str(sig, olen, &buf[i]); + continue; + } + /* S = ... */ + if (buf[0] == 'S') { + fputs(buf, ecdsaresp); + i = 1; + while (isspace(buf[i]) || buf[i] == '=') { + i++; + } + if (sigvalid) { + sigvalid = from_hex_str(&sig[olen], olen, &buf[i]); + } + signature.type = siBuffer; + signature.data = sig; + signature.len = 2*olen; - if (!keyvalid || !sigvalid) { - fputs("Result = F\n", ecdsaresp); - } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) - == SECSuccess) { - fputs("Result = P\n", ecdsaresp); - } else { - fputs("Result = F\n", ecdsaresp); - } - continue; - } + if (!keyvalid || !sigvalid) { + fputs("Result = F\n", ecdsaresp); + } else if (ECDSA_VerifyDigest(&ecpub, &signature, &digest) + == SECSuccess) { + fputs("Result = P\n", ecdsaresp); + } else { + fputs("Result = F\n", ecdsaresp); + } + continue; + } } loser: if (ecpub.ecParams.arena != NULL) { - PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); + PORT_FreeArena(ecpub.ecParams.arena, PR_FALSE); } fclose(ecdsareq); } #endif /* NSS_DISABLE_ECC */ + +/* + * Read a value from the test and allocate the result. + */ +static unsigned char * +alloc_value(char *buf, int *len) +{ + unsigned char * value; + int i, count; + + if (strncmp(buf, "", 6) == 0) { + *len = 0; + return NULL; + } + + /* find the length of the number */ + for (count = 0; isxdigit(buf[count]); count++); + *len = count/2; + + if (*len == 0) { + return NULL; + } + + value = PORT_Alloc(*len); + if (!value) { + *len = 0; + return NULL; + } + + for (i=0; i<*len; buf+=2 , i++) { + hex_to_byteval(buf, &value[i]); + } + + + return value; +} + PRBool isblankline(char *b) { while (isspace(*b)) b++; if ((*b == '\n') || (*b == 0)) { - return PR_TRUE; + return PR_TRUE; } return PR_FALSE; } @@ -2976,9 +2599,7 @@ drbg(char *reqfn) FILE *rngresp; /* output stream to the RESPONSE file */ unsigned int i, j; -#ifdef HANDLE_PREDICTION_RESISTANCE PRBool predictionResistance = PR_FALSE; -#endif unsigned char *nonce = NULL; int nonceLen = 0; unsigned char *personalizationString = NULL; @@ -2987,9 +2608,9 @@ drbg(char *reqfn) int additionalInputLen = 0; unsigned char *entropyInput = NULL; int entropyInputLen = 0; - unsigned char *predictedreturn_bytes = NULL; - unsigned char *return_bytes = NULL; - int return_bytes_len = 0; + unsigned char predictedreturn_bytes[SHA256_LENGTH]; + unsigned char return_bytes[SHA256_LENGTH]; + int return_bytes_len = SHA256_LENGTH; enum { NONE, INSTANTIATE, GENERATE, RESEED, RESULT } command = NONE; PRBool genResult = PR_FALSE; @@ -3000,23 +2621,23 @@ drbg(char *reqfn) while (fgets(buf, sizeof buf, rngreq) != NULL) { switch (command) { case INSTANTIATE: - if (debug) { - fputs("# PRNGTEST_Instantiate(",rngresp); - to_hex_str(buf2,entropyInput, entropyInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,",entropyInputLen); - to_hex_str(buf2,nonce, nonceLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,",nonceLen); - to_hex_str(buf2,personalizationString, - personalizationStringLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n", personalizationStringLen); - } + if (debug) { + fputs("# PRNGTEST_Instantiate(",rngresp); + to_hex_str(buf2,entropyInput, entropyInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,",entropyInputLen); + to_hex_str(buf2,nonce, nonceLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,",nonceLen); + to_hex_str(buf2,personalizationString, + personalizationStringLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n", personalizationStringLen); + } rv = PRNGTEST_Instantiate(entropyInput, entropyInputLen, nonce, nonceLen, personalizationString, - personalizationStringLen); + personalizationStringLen); if (rv != SECSuccess) { goto loser; } @@ -3025,17 +2646,17 @@ drbg(char *reqfn) case GENERATE: case RESULT: memset(return_bytes, 0, return_bytes_len); - if (debug) { - fputs("# PRNGTEST_Generate(returnbytes",rngresp); - fprintf(rngresp,",%d,", return_bytes_len); - to_hex_str(buf2,additionalInput, additionalInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n",additionalInputLen); - } + if (debug) { + fputs("# PRNGTEST_Generate(returnbytes",rngresp); + fprintf(rngresp,",%d,", return_bytes_len); + to_hex_str(buf2,additionalInput, additionalInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n",additionalInputLen); + } rv = PRNGTEST_Generate((PRUint8 *) return_bytes, - return_bytes_len, + return_bytes_len, (PRUint8 *) additionalInput, - additionalInputLen); + additionalInputLen); if (rv != SECSuccess) { goto loser; } @@ -3045,9 +2666,9 @@ drbg(char *reqfn) to_hex_str(buf2, return_bytes, return_bytes_len); fputs(buf2, rngresp); fputc('\n', rngresp); - if (debug) { - fputs("# PRNGTEST_Uninstantiate()\n",rngresp); - } + if (debug) { + fputs("# PRNGTEST_Uninstantiate()\n",rngresp); + } rv = PRNGTEST_Uninstantiate(); if (rv != SECSuccess) { goto loser; @@ -3057,23 +2678,23 @@ drbg(char *reqfn) to_hex_str(buf2, return_bytes, return_bytes_len); fputs(buf2, rngresp); fputc('\n', rngresp); - } + } memset(additionalInput, 0, additionalInputLen); break; case RESEED: if (entropyInput || additionalInput) { - if (debug) { - fputs("# PRNGTEST_Reseed(",rngresp); - fprintf(rngresp,",%d,", return_bytes_len); - to_hex_str(buf2,entropyInput, entropyInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d,", entropyInputLen); - to_hex_str(buf2,additionalInput, additionalInputLen); - fputs(buf2,rngresp); - fprintf(rngresp,",%d)\n",additionalInputLen); - } + if (debug) { + fputs("# PRNGTEST_Reseed(",rngresp); + fprintf(rngresp,",%d,", return_bytes_len); + to_hex_str(buf2,entropyInput, entropyInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d,", entropyInputLen); + to_hex_str(buf2,additionalInput, additionalInputLen); + fputs(buf2,rngresp); + fprintf(rngresp,",%d)\n",additionalInputLen); + } rv = PRNGTEST_Reseed(entropyInput, entropyInputLen, additionalInput, additionalInputLen); if (rv != SECSuccess) { @@ -3102,7 +2723,6 @@ drbg(char *reqfn) } if (strncmp(buf, "[PredictionResistance", 21) == 0) { -#ifdef HANDLE_PREDICTION_RESISTANCE i = 21; while (isspace(buf[i]) || buf[i] == '=') { i++; @@ -3112,33 +2732,10 @@ drbg(char *reqfn) } else { predictionResistance = PR_TRUE; } -#endif fputs(buf, rngresp); continue; } - - if (strncmp(buf, "[ReturnedBitsLen", 16) == 0) { - if (return_bytes) { - PORT_ZFree(return_bytes, return_bytes_len); - return_bytes = NULL; - } - if (predictedreturn_bytes) { - PORT_ZFree(predictedreturn_bytes, return_bytes_len); - predictedreturn_bytes = NULL; - } - return_bytes_len = 0; - if (sscanf(buf, "[ReturnedBitsLen = %d]", &return_bytes_len) != 1) { - goto loser; - } - return_bytes_len = return_bytes_len/8; - if (return_bytes_len > 0) { - return_bytes = PORT_Alloc(return_bytes_len); - predictedreturn_bytes = PORT_Alloc(return_bytes_len); - } - fputs(buf, rngresp); - continue; - } if (strncmp(buf, "[EntropyInputLen", 16) == 0) { if (entropyInput) { @@ -3149,7 +2746,7 @@ drbg(char *reqfn) if (sscanf(buf, "[EntropyInputLen = %d]", &entropyInputLen) != 1) { goto loser; } - entropyInputLen = entropyInputLen/8; + entropyInputLen = entropyInputLen/8; if (entropyInputLen > 0) { entropyInput = PORT_Alloc(entropyInputLen); } @@ -3167,7 +2764,7 @@ drbg(char *reqfn) if (sscanf(buf, "[NonceLen = %d]", &nonceLen) != 1) { goto loser; } - nonceLen = nonceLen/8; + nonceLen = nonceLen/8; if (nonceLen > 0) { nonce = PORT_Alloc(nonceLen); } @@ -3185,7 +2782,7 @@ drbg(char *reqfn) if (sscanf(buf, "[PersonalizationStringLen = %d]", &personalizationStringLen) != 1) { goto loser; } - personalizationStringLen = personalizationStringLen / 8; + personalizationStringLen = personalizationStringLen / 8; if (personalizationStringLen > 0) { personalizationString = PORT_Alloc(personalizationStringLen); } @@ -3204,7 +2801,7 @@ drbg(char *reqfn) if (sscanf(buf, "[AdditionalInputLen = %d]", &additionalInputLen) != 1) { goto loser; } - additionalInputLen = additionalInputLen/8; + additionalInputLen = additionalInputLen/8; if (additionalInputLen > 0) { additionalInput = PORT_Alloc(additionalInputLen); } @@ -3341,7 +2938,7 @@ drbg(char *reqfn) if (memcmp(return_bytes, predictedreturn_bytes, return_bytes_len) != 0) { - if (debug) { + if (debug) { fprintf(rngresp, "# Generate failed:\n"); fputs( "# predicted=", rngresp); to_hex_str(buf, predictedreturn_bytes, @@ -3351,7 +2948,7 @@ drbg(char *reqfn) fputs(buf2, rngresp); fputc('\n', rngresp); - } else { + } else { fprintf(stderr, "Generate failed:\n"); fputs( " predicted=", stderr); to_hex_str(buf, predictedreturn_bytes, @@ -3360,9 +2957,9 @@ drbg(char *reqfn) fputs("\n actual = ", stderr); fputs(buf2, stderr); fputc('\n', stderr); - } + } } - memset(predictedreturn_bytes, 0 , return_bytes_len); + memset(predictedreturn_bytes, 0 , sizeof predictedreturn_bytes); continue; } @@ -3393,7 +2990,7 @@ rng_vst(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[DSA1_SIGNATURE_LEN]; @@ -3403,92 +3000,92 @@ rng_vst(char *reqfn) rngreq = fopen(reqfn, "r"); rngresp = stdout; while (fgets(buf, sizeof buf, rngreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, rngresp); - continue; - } - /* [Xchange - SHA1] */ - if (buf[0] == '[') { - fputs(buf, rngresp); - continue; - } - /* Q = ... */ - if (buf[0] == 'Q') { - i = 1; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j1024) { @@ -4104,13 +3816,13 @@ dsa_keypair_test(char *reqfn) if (PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES, &pqg, &vfy) != SECSuccess) { fprintf(dsaresp, - "ERROR: Unable to generate PQG parameters"); + "ERROR: Unable to generate PQG parameters"); goto loser; } - } else { + } else { if (PQG_ParamGenV2(L, N, N, &pqg, &vfy) != SECSuccess) { fprintf(dsaresp, - "ERROR: Unable to generate PQG parameters"); + "ERROR: Unable to generate PQG parameters"); goto loser; } } @@ -4159,7 +3871,7 @@ loser: */ typedef enum { FIPS186_1,/* Generate/Verify P,Q & G according to FIPS 186-1 */ - A_1_2_1, /* Generate Provable P & Q */ + A_1_1_2, /* Generate Probable P & Q */ A_1_1_3, /* Verify Probable P & Q */ A_1_2_2, /* Verify Provable P & Q */ A_2_1, /* Generate Unverifiable G */ @@ -4189,7 +3901,7 @@ dsa_pqgver_test(char *reqfn) unsigned int i, j; PQGParams pqg; PQGVerify vfy; - unsigned int pghSize = 0; /* size for p, g, and h */ + unsigned int pghSize; /* size for p, g, and h */ dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); @@ -4207,37 +3919,37 @@ dsa_pqgver_test(char *reqfn) /* [A.xxxxx ] */ if (buf[0] == '[' && buf[1] == 'A') { - if (strncmp(&buf[1],"A.1.1.3",7) == 0) { - type = A_1_1_3; - } else if (strncmp(&buf[1],"A.2.2",5) == 0) { - type = A_2_2; - } else if (strncmp(&buf[1],"A.2.4",5) == 0) { - type = A_2_4; - } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) { - type = A_1_2_2; - /* validate our output from PQGGEN */ - } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) { - type = A_2_4; /* validate PQ and G together */ - } else { - fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); - exit(1); - } - + if (strncmp(&buf[1],"A.1.1.3",7) == 0) { + type = A_1_1_3; + } else if (strncmp(&buf[1],"A.2.2",5) == 0) { + type = A_2_2; + } else if (strncmp(&buf[1],"A.2.4",5) == 0) { + type = A_2_4; + } else if (strncmp(&buf[1],"A.1.2.2",7) == 0) { + type = A_1_2_2; + /* validate our output from PQGGEN */ + } else if (strncmp(&buf[1],"A.1.1.2",7) == 0) { + type = A_2_4; /* validate PQ and G together */ + } else { + fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); + exit(1); + } + fputs(buf, dsaresp); continue; } - + /* [Mod = x] */ if (buf[0] == '[') { - if (type == FIPS186_1) { + if (type == FIPS186_1) { N=160; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; - } - } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { - goto loser; + } + } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { + goto loser; } if (pqg.prime.data) { /* P */ @@ -4261,17 +3973,17 @@ dsa_pqgver_test(char *reqfn) /*calculate the size of p, g, and h then allocate items */ pghSize = L/8; - pqg.base.data = vfy.h.data = NULL; - vfy.seed.len = pqg.base.len = vfy.h.len = 0; + pqg.base.data = vfy.h.data = NULL; + vfy.seed.len = pqg.base.len = vfy.h.len = 0; SECITEM_AllocItem(NULL, &pqg.prime, pghSize); SECITEM_AllocItem(NULL, &vfy.seed, pghSize*3); - if (type == A_2_2) { - SECITEM_AllocItem(NULL, &vfy.h, pghSize); - vfy.h.len = pghSize; - } else if (type == A_2_4) { - SECITEM_AllocItem(NULL, &vfy.h, 1); - vfy.h.len = 1; - } + if (type == A_2_2) { + SECITEM_AllocItem(NULL, &vfy.h, pghSize); + vfy.h.len = pghSize; + } else if (type == A_2_4) { + SECITEM_AllocItem(NULL, &vfy.h, 1); + vfy.h.len = 1; + } pqg.prime.len = pghSize; /* q is always N bits */ SECITEM_AllocItem(NULL, &pqg.subPrime, N/8); @@ -4330,24 +4042,24 @@ dsa_pqgver_test(char *reqfn) if (strncmp(buf, "Seed", 4) == 0) { i = 4; } else if (strncmp(buf, "domain_parameter_seed", 21) == 0) { - i = 21; - } else if (strncmp(buf,"firstseed",9) == 0) { - i = 9; - } else { - i = 0; - } - if (i) { + i = 21; + } else if (strncmp(buf,"firstseed",9) == 0) { + i = 9; + } else { + i = 0; + } + if (i) { while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=0; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.seed.data[j]); } - vfy.seed.len = j; + vfy.seed.len = j; fputs(buf, dsaresp); - if (type == A_2_4) { - SECStatus result; + if (type == A_2_4) { + SECStatus result; /* Verify the Parameters */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); @@ -4359,49 +4071,49 @@ dsa_pqgver_test(char *reqfn) } else { fprintf(dsaresp, "Result = F\n"); } - } + } continue; } - if ((strncmp(buf,"pseed",5) == 0) || - (strncmp(buf,"qseed",5) == 0)) - { - i = 5; + if ((strncmp(buf,"pseed",5) == 0) || + (strncmp(buf,"qseed",5) == 0)) + { + i = 5; while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=vfy.seed.len; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.seed.data[j]); } - vfy.seed.len = j; + vfy.seed.len = j; fputs(buf, dsaresp); continue; - } + } if (strncmp(buf, "index", 4) == 0) { - i=5; + i=5; while (isspace(buf[i]) || buf[i] == '=') { i++; } - hex_to_byteval(&buf[i], &vfy.h.data[0]); - vfy.h.len = 1; + hex_to_byteval(&buf[i], &vfy.h.data[0]); + vfy.h.len = 1; fputs(buf, dsaresp); - } + } /* c = ... or counter=*/ if (buf[0] == 'c') { - if (strncmp(buf,"counter", 7) == 0) { + if (strncmp(buf,"counter", 7) == 0) { if (sscanf(buf, "counter = %u", &vfy.counter) != 1) { goto loser; - } - } else { + } + } else { if (sscanf(buf, "c = %u", &vfy.counter) != 1) { goto loser; - } + } } fputs(buf, dsaresp); if (type == A_1_1_3) { - SECStatus result; + SECStatus result; /* only verify P and Q, we have everything now. do it */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); if (rv != SECSuccess) { @@ -4416,17 +4128,17 @@ dsa_pqgver_test(char *reqfn) } continue; } - if (strncmp(buf,"pgen_counter", 12) == 0) { + if (strncmp(buf,"pgen_counter", 12) == 0) { if (sscanf(buf, "pgen_counter = %u", &vfy.counter) != 1) { goto loser; - } + } fputs(buf, dsaresp); - continue; - } - if (strncmp(buf,"qgen_counter", 12) == 0) { + continue; + } + if (strncmp(buf,"qgen_counter", 12) == 0) { fputs(buf, dsaresp); if (type == A_1_2_2) { - SECStatus result; + SECStatus result; /* only verify P and Q, we have everything now. do it */ SECStatus rv = PQG_VerifyParams(&pqg, &vfy, &result); if (rv != SECSuccess) { @@ -4439,8 +4151,8 @@ dsa_pqgver_test(char *reqfn) } fprintf(dsaresp, "\n"); } - continue; - } + continue; + } /* H = ... */ if (buf[0] == 'H') { SECStatus rv, result = SECFailure; @@ -4452,18 +4164,18 @@ dsa_pqgver_test(char *reqfn) for (j=0; isxdigit(buf[i]); i+=2,j++) { hex_to_byteval(&buf[i], &vfy.h.data[j]); } - vfy.h.len = j; + vfy.h.len = j; fputs(buf, dsaresp); - /* this should be a byte value. Remove the leading zeros. If - * it doesn't reduce to a byte, PQG_VerifyParams will catch it - if (type == A_2_2) { - data_save = vfy.h.data; - while(vfy.h.data[0] && (vfy.h.len > 1)) { - vfy.h.data++; - vfy.h.len--; - } - } */ + /* this should be a byte value. Remove the leading zeros. If + * it doesn't reduce to a byte, PQG_VerifyParams will catch it + if (type == A_2_2) { + data_save = vfy.h.data; + while(vfy.h.data[0] && (vfy.h.len > 1)) { + vfy.h.data++; + vfy.h.len--; + } + } */ /* Verify the Parameters */ rv = PQG_VerifyParams(&pqg, &vfy, &result); @@ -4520,10 +4232,9 @@ dsa_pqggen_test(char *reqfn) int L; int i; unsigned int j; - int output_g = 1; PQGParams *pqg = NULL; PQGVerify *vfy = NULL; - unsigned int keySizeIndex = 0; + unsigned int keySizeIndex; dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); @@ -4537,23 +4248,21 @@ dsa_pqggen_test(char *reqfn) /* [A.xxxxx ] */ if (buf[0] == '[' && buf[1] == 'A') { - if (strncmp(&buf[1],"A.1.1.2",7) == 0) { - fprintf(stderr, "NSS does Generate Probablistic Primes\n"); + if (strncmp(&buf[1],"A.1.1.2",7) == 0) { + type = A_1_1_2; + } else if (strncmp(&buf[1],"A.2.1",5) == 0) { + fprintf(stderr, "NSS only Generates G with P&Q\n"); exit(1); - } else if (strncmp(&buf[1],"A.2.1",5) == 0) { - type = A_1_2_1; - output_g = 1; - exit(1); - } else if (strncmp(&buf[1],"A.2.3",5) == 0) { - fprintf(stderr, "NSS only Generates G with P&Q\n"); - exit(1); - } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) { - type = A_1_2_1; - output_g = 0; - } else { - fprintf(stderr, "Unknown dsa pqggen test %s\n", &buf[1]); - exit(1); - } + } else if (strncmp(&buf[1],"A.2.3",5) == 0) { + fprintf(stderr, "NSS only Generates G with P&Q\n"); + exit(1); + } else if (strncmp(&buf[1],"A.1.2.1",7) == 0) { + fprintf(stderr, "NSS does not support Shawe-Taylor Primes\n"); + exit(1); + } else { + fprintf(stderr, "Unknown dsa ver test %s\n", &buf[1]); + exit(1); + } fputs(buf, dsaresp); continue; } @@ -4561,19 +4270,19 @@ dsa_pqggen_test(char *reqfn) /* [Mod = ... ] */ if (buf[0] == '[') { - if (type == FIPS186_1) { + if (type == FIPS186_1) { N=160; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; - } - } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { - goto loser; + } + } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { + goto loser; } fputs(buf, dsaresp); fputc('\n', dsaresp); - if (type == FIPS186_1) { + if (type == FIPS186_1) { /************************************************************ * PQG_ParamGenSeedLen doesn't take a key size, it takes an * index that points to a valid key size. @@ -4590,11 +4299,7 @@ dsa_pqggen_test(char *reqfn) } /* N = ... */ if (buf[0] == 'N') { - if (strncmp(buf, "Num", 3) == 0) { - if (sscanf(buf, "Num = %d", &count) != 1) { - goto loser; - } - } else if (sscanf(buf, "N = %d", &count) != 1) { + if (sscanf(buf, "N = %d", &count) != 1) { goto loser; } for (i = 0; i < count; i++) { @@ -4615,38 +4320,24 @@ dsa_pqggen_test(char *reqfn) fprintf(dsaresp, "P = %s\n", buf); to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len); fprintf(dsaresp, "Q = %s\n", buf); - if (output_g) { - to_hex_str(buf, pqg->base.data, pqg->base.len); - fprintf(dsaresp, "G = %s\n", buf); - } - if (type == FIPS186_1) { + to_hex_str(buf, pqg->base.data, pqg->base.len); + fprintf(dsaresp, "G = %s\n", buf); + if (type == FIPS186_1) { to_hex_str(buf, vfy->seed.data, vfy->seed.len); fprintf(dsaresp, "Seed = %s\n", buf); fprintf(dsaresp, "c = %d\n", vfy->counter); to_hex_str(buf, vfy->h.data, vfy->h.len); fputs("H = ", dsaresp); for (j=vfy->h.len; j< pqg->prime.len; j++) { - fprintf(dsaresp, "00"); + fprintf(dsaresp, "00"); } fprintf(dsaresp, "%s\n", buf); - } else { - unsigned int seedlen = vfy->seed.len/2; - unsigned int pgen_counter = vfy->counter >> 16; - unsigned int qgen_counter = vfy->counter & 0xffff; - /*fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); */ - to_hex_str(buf, vfy->seed.data, seedlen); - fprintf(dsaresp, "pseed = %s\n", buf); - to_hex_str(buf, vfy->seed.data+seedlen, seedlen); - fprintf(dsaresp, "qseed = %s\n", buf); - fprintf(dsaresp, "pgen_counter = %d\n", pgen_counter); - fprintf(dsaresp, "qgen_counter = %d\n", qgen_counter); - if (output_g) { - to_hex_str(buf, vfy->seed.data, vfy->seed.len); - fprintf(dsaresp, "domain_parameter_seed = %s\n", buf); - fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); - } - - } + } else { + fprintf(dsaresp, "counter = %d\n", vfy->counter); + fprintf(dsaresp, "index = %02x\n", vfy->h.data[0]); + to_hex_str(buf, vfy->seed.data, vfy->seed.len); + fprintf(dsaresp, "domain_parameter_seed = %s\n", buf); + } fputc('\n', dsaresp); if(pqg!=NULL) { PQG_DestroyParams(pqg); @@ -4732,7 +4423,7 @@ dsa_siggen_test(char *reqfn) if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N, &hashNum) != 3) { use_dsa1 = PR_TRUE; - hashNum = 1; + hashNum = 1; if (sscanf(buf, "[mod = %d]", &modulus) != 1) { goto loser; } @@ -4779,11 +4470,11 @@ dsa_siggen_test(char *reqfn) goto loser; } - hashType = sha_get_hashType(hashNum); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); - goto loser; - } + hashType = sha_get_hashType(hashNum); + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); + goto loser; + } continue; } @@ -4792,10 +4483,10 @@ dsa_siggen_test(char *reqfn) unsigned char msg[128]; /* MAX msg 128 */ unsigned int len = 0; - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } memset(hashBuf, 0, sizeof hashBuf); memset(sig, 0, sizeof sig); @@ -4809,7 +4500,7 @@ dsa_siggen_test(char *reqfn) } if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) { fprintf(dsaresp, "ERROR: Unable to generate SHA% digest", - hashNum); + hashNum); goto loser; } @@ -4904,8 +4595,8 @@ dsa_sigver_test(char *reqfn) if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d]", &L, & N, &hashNum) != 3) { - N=160; - hashNum = 1; + N=160; + hashNum = 1; if (sscanf(buf, "[mod = %d]", &L) != 1) { goto loser; } @@ -4937,11 +4628,11 @@ dsa_sigver_test(char *reqfn) SECITEM_AllocItem(NULL, &pubkey.params.subPrime, N/8); pubkey.params.subPrime.len = N/8; - hashType = sha_get_hashType(hashNum); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); - goto loser; - } + hashType = sha_get_hashType(hashNum); + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: invalid hash (SHA-%d)",hashNum); + goto loser; + } continue; } @@ -4995,10 +4686,10 @@ dsa_sigver_test(char *reqfn) unsigned char msg[128]; /* MAX msg 128 */ memset(hashBuf, 0, sizeof hashBuf); - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } i = 3; while (isspace(buf[i]) || buf[i] == '=') { @@ -5009,7 +4700,7 @@ dsa_sigver_test(char *reqfn) } if (fips_hashBuf(hashType, hashBuf, msg, j) != SECSuccess) { fprintf(dsaresp, "ERROR: Unable to generate SHA-%d digest", - hashNum); + hashNum); goto loser; } @@ -5049,17 +4740,17 @@ dsa_sigver_test(char *reqfn) /* S = ... */ if (buf[0] == 'S') { - if (hashType == HASH_AlgNULL) { - fprintf(dsaresp, "ERROR: Hash Alg not set"); - goto loser; - } + if (hashType == HASH_AlgNULL) { + fprintf(dsaresp, "ERROR: Hash Alg not set"); + goto loser; + } i = 1; while (isspace(buf[i]) || buf[i] == '=') { i++; } for (j=pubkey.params.subPrime.len; - j< pubkey.params.subPrime.len*2; i+=2,j++) { + j< pubkey.params.subPrime.len*2; i+=2,j++) { hex_to_byteval(&buf[i], &sig[j]); } fputs(buf, dsaresp); @@ -5076,7 +4767,7 @@ dsa_sigver_test(char *reqfn) } else { fprintf(dsaresp, "Result = F\n"); } - fprintf(dsaresp, "\n"); + fprintf(dsaresp, "\n"); continue; } } @@ -5096,118 +4787,6 @@ loser: } } -static void -pad(unsigned char *buf, int pad_len, unsigned char *src, int src_len) -{ - int offset = 0; - /* this shouldn't happen, fail right away rather than produce bad output */ - if (pad_len < src_len) { - fprintf(stderr, "data bigger than expected! %d > %d\n", src_len, pad_len); - exit(1); - } - - offset = pad_len - src_len; - memset(buf, 0, offset); - memcpy(buf+offset, src, src_len); - return; -} - - -/* - * Perform the DSA Key Pair Generation Test. - * - * reqfn is the pathname of the REQUEST file. - * - * The output RESPONSE file is written to stdout. - */ -void -rsa_keypair_test(char *reqfn) -{ - char buf[800]; /* holds one line from the input REQUEST file - * or to the output RESPONSE file. - * 800 to hold (384 public key (x2 for HEX) + 1'\n' - */ - unsigned char buf2[400]; /* can't need more then 1/2 buf length */ - FILE *rsareq; /* input stream from the REQUEST file */ - FILE *rsaresp; /* output stream to the RESPONSE file */ - int count; - int i; - int keySize; /* key size in bits*/ - int len = 0; /* key size in bytes */ - int len2 = 0; /* key size in bytes/2 (prime size) */ - SECItem e; - unsigned char default_e[] = { 0x1, 0x0, 0x1 }; - - e.data = default_e; - e.len = sizeof (default_e); - - rsareq = fopen(reqfn, "r"); - rsaresp = stdout; - while (fgets(buf, sizeof buf, rsareq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, rsaresp); - continue; - } - - /* [Mod = x] */ - if (buf[0] == '[') { - if (buf[1] == 'm') { - if (sscanf(buf, "[mod = %d]", &keySize) != 1) { - goto loser; - } - len = keySize/8; - len2 = keySize/16; - } - fputs(buf, rsaresp); - continue; - } - /* N = ...*/ - if (buf[0] == 'N') { - - if (sscanf(buf, "N = %d", &count) != 1) { - goto loser; - } - - /* Generate a DSA key, and output the key pair for N times */ - for (i = 0; i < count; i++) { - RSAPrivateKey *rsakey = NULL; - if ((rsakey = RSA_NewKey(keySize, &e)) == NULL) { - fprintf(rsaresp, "ERROR: Unable to generate RSA key"); - goto loser; - } - pad(buf2,len,rsakey->publicExponent.data, - rsakey->publicExponent.len); - to_hex_str(buf, buf2, len); - fprintf(rsaresp, "e = %s\n", buf); - pad(buf2,len2,rsakey->prime1.data, - rsakey->prime1.len); - to_hex_str(buf, buf2, len2); - fprintf(rsaresp, "p = %s\n", buf); - pad(buf2,len2,rsakey->prime2.data, - rsakey->prime2.len); - to_hex_str(buf, buf2, len2); - fprintf(rsaresp, "q = %s\n", buf); - pad(buf2,len,rsakey->modulus.data, - rsakey->modulus.len); - to_hex_str(buf, buf2, len); - fprintf(rsaresp, "n = %s\n", buf); - pad(buf2,len,rsakey->privateExponent.data, - rsakey->privateExponent.len); - to_hex_str(buf, buf2, len); - fprintf(rsaresp, "d = %s\n", buf); - fprintf(rsaresp, "\n"); - PORT_FreeArena(rsakey->arena, PR_TRUE); - rsakey = NULL; - } - continue; - } - - } -loser: - fclose(rsareq); -} - /* * Perform the RSA Signature Generation Test. * @@ -5366,16 +4945,16 @@ rsa_siggen_test(char *reqfn) for (j=0; isxdigit(buf[i]) && j < sizeof(msg); i+=2,j++) { hex_to_byteval(&buf[i], &msg[j]); } - shaLength = fips_hashLen(shaAlg); - if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { - if (shaLength == 0) { - fprintf(rsaresp, "ERROR: SHAAlg not defined."); - } + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { + if (shaLength == 0) { + fprintf(rsaresp, "ERROR: SHAAlg not defined."); + } fprintf(rsaresp, "ERROR: Unable to generate SHA%x", - shaLength == 160 ? 1 : shaLength); + shaLength == 160 ? 1 : shaLength); goto loser; } - shaOid = fips_hashOid(shaAlg); + shaOid = fips_hashOid(shaAlg); /* Perform RSA signature with the RSA private key. */ rv = RSA_HashSign( shaOid, @@ -5590,13 +5169,13 @@ rsa_sigver_test(char *reqfn) hex_to_byteval(&buf[i], &msg[j]); } - shaLength = fips_hashLen(shaAlg); - if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { - if (shaLength == 0) { - fprintf(rsaresp, "ERROR: SHAAlg not defined."); - } + shaLength = fips_hashLen(shaAlg); + if (fips_hashBuf(shaAlg,sha,msg,j) != SECSuccess) { + if (shaLength == 0) { + fprintf(rsaresp, "ERROR: SHAAlg not defined."); + } fprintf(rsaresp, "ERROR: Unable to generate SHA%x", - shaLength == 160 ? 1 : shaLength); + shaLength == 160 ? 1 : shaLength); goto loser; } @@ -5629,8 +5208,6 @@ rsa_sigver_test(char *reqfn) signatureLength = j; fputs(buf, rsaresp); - shaOid = fips_hashOid(shaAlg); - /* Perform RSA verification with the RSA public key. */ rv = RSA_HashCheckSign( shaOid, rsa_public_key, @@ -5656,302 +5233,6 @@ loser: } } -void -tls(char *reqfn) -{ - char buf[256]; /* holds one line from the input REQUEST file. - * needs to be large enough to hold the longest - * line "XSeed = <128 hex digits>\n". - */ - unsigned char *pms = NULL; - int pms_len; - unsigned char *master_secret = NULL; - unsigned char *key_block = NULL; - int key_block_len; - unsigned char serverHello_random[SSL3_RANDOM_LENGTH]; - unsigned char clientHello_random[SSL3_RANDOM_LENGTH]; - unsigned char server_random[SSL3_RANDOM_LENGTH]; - unsigned char client_random[SSL3_RANDOM_LENGTH]; - FILE *tlsreq = NULL; /* input stream from the REQUEST file */ - FILE *tlsresp; /* output stream to the RESPONSE file */ - unsigned int i, j; - CK_SLOT_ID slotList[10]; - CK_SLOT_ID slotID; - CK_ULONG slotListCount = sizeof(slotList)/sizeof(slotList[0]); - CK_ULONG count; - static const CK_C_INITIALIZE_ARGS pk11args= { - NULL, NULL, NULL, NULL, CKF_LIBRARY_CANT_CREATE_OS_THREADS , - (void *)"flags=readOnly,noCertDB,noModDB", NULL }; - static CK_OBJECT_CLASS ck_secret = CKO_SECRET_KEY; - static CK_KEY_TYPE ck_generic = CKK_GENERIC_SECRET; - static CK_BBOOL ck_true = CK_TRUE; - static CK_ULONG one = 1; - CK_ATTRIBUTE create_template[] = { - { CKA_VALUE, NULL, 0 }, - { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, - { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, - { CKA_DERIVE, &ck_true, sizeof (ck_true) }, - }; - CK_ULONG create_template_count = - sizeof(create_template)/sizeof(create_template[0]); - CK_ATTRIBUTE derive_template[] = { - { CKA_CLASS, &ck_secret, sizeof(ck_secret) }, - { CKA_KEY_TYPE, &ck_generic, sizeof(ck_generic) }, - { CKA_DERIVE, &ck_true, sizeof(ck_true) }, - { CKA_VALUE_LEN, &one, sizeof(one) }, - }; - CK_ULONG derive_template_count = - sizeof(derive_template)/sizeof(derive_template[0]); - CK_ATTRIBUTE master_template = - { CKA_VALUE, NULL, 0 }; - CK_ATTRIBUTE kb1_template = - { CKA_VALUE, NULL, 0 }; - CK_ATTRIBUTE kb2_template = - { CKA_VALUE, NULL, 0 }; - - - CK_MECHANISM master_mech = { CKM_TLS_MASTER_KEY_DERIVE , NULL, 0 }; - CK_MECHANISM key_block_mech = { CKM_TLS_KEY_AND_MAC_DERIVE , NULL, 0}; - CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; - CK_SSL3_KEY_MAT_PARAMS key_block_params; - CK_SSL3_KEY_MAT_OUT key_material; - CK_RV crv; - - /* set up PKCS #11 parameters */ - master_params.pVersion = NULL; - master_params.RandomInfo.pClientRandom = clientHello_random; - master_params.RandomInfo.ulClientRandomLen = sizeof(clientHello_random); - master_params.RandomInfo.pServerRandom = serverHello_random; - master_params.RandomInfo.ulServerRandomLen = sizeof(serverHello_random); - master_mech.pParameter = (void *) &master_params; - master_mech.ulParameterLen = sizeof(master_params); - key_block_params.ulMacSizeInBits = 0; - key_block_params.ulKeySizeInBits = 0; - key_block_params.ulIVSizeInBits = 0; - key_block_params.bIsExport = PR_FALSE; /* ignored anyway for TLS mech */ - key_block_params.RandomInfo.pClientRandom = client_random; - key_block_params.RandomInfo.ulClientRandomLen = sizeof(client_random); - key_block_params.RandomInfo.pServerRandom = server_random; - key_block_params.RandomInfo.ulServerRandomLen = sizeof(server_random); - key_block_params.pReturnedKeyMaterial = &key_material; - key_block_mech.pParameter = (void *) &key_block_params; - key_block_mech.ulParameterLen = sizeof(key_block_params); - - - crv = NSC_Initialize((CK_VOID_PTR)&pk11args); - if (crv != CKR_OK) { - fprintf(stderr,"NSC_Initialize failed crv=0x%x\n",(unsigned int)crv); - goto loser; - } - count = slotListCount; - crv = NSC_GetSlotList(PR_TRUE,slotList, &count); - if (crv != CKR_OK) { - fprintf(stderr,"NSC_GetSlotList failed crv=0x%x\n",(unsigned int)crv); - goto loser; - } - if ((count > slotListCount) || count < 1) { - fprintf(stderr, -"NSC_GetSlotList returned too many or too few slots: %d slots max=%d min=1\n", - (int) count, (int) slotListCount); - goto loser; - } - slotID = slotList[0]; - tlsreq = fopen(reqfn, "r"); - tlsresp = stdout; - while (fgets(buf, sizeof buf, tlsreq) != NULL) { - /* a comment or blank line */ - if (buf[0] == '#' || buf[0] == '\n') { - fputs(buf, tlsresp); - continue; - } - /* [Xchange - SHA1] */ - if (buf[0] == '[') { - if (strncmp(buf, "[TLS", 4) == 0) { - if (buf[7] == '0') { - master_mech.mechanism = CKM_TLS_MASTER_KEY_DERIVE; - key_block_mech.mechanism = CKM_TLS_KEY_AND_MAC_DERIVE; - } else if (buf[7] == '2') { - master_mech.mechanism = - CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; - key_block_mech.mechanism = - CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; - } else { - fprintf(stderr, "Unknown TLS type %x\n", - (unsigned int)buf[0]); - goto loser; - } - } - if (strncmp(buf, "[pre-master", 11) == 0) { - if (sscanf(buf, "[pre-master secret length = %d]", - &pms_len) != 1) { - goto loser; - } - pms_len = pms_len/8; - pms = malloc(pms_len); - master_secret = malloc(pms_len); - create_template[0].pValue = pms; - create_template[0].ulValueLen = pms_len; - master_template.pValue = master_secret; - master_template.ulValueLen = pms_len; - } - if (strncmp(buf, "[key", 4) == 0) { - if (sscanf(buf, "[key block length = %d]", &key_block_len) != 1) { - goto loser; - } - key_block_params.ulKeySizeInBits = 8; - key_block_params.ulIVSizeInBits = key_block_len/2-8; - key_block_len=key_block_len/8; - key_block = malloc(key_block_len); - kb1_template.pValue = &key_block[0]; - kb1_template.ulValueLen = 1; - kb2_template.pValue = &key_block[1]; - kb2_template.ulValueLen = 1; - key_material.pIVClient = &key_block[2]; - key_material.pIVServer = &key_block[2+key_block_len/2-1]; - } - fputs(buf, tlsresp); - continue; - } - /* "COUNT = x" begins a new data set */ - if (strncmp(buf, "COUNT", 5) == 0) { - /* zeroize the variables for the test with this data set */ - memset(pms, 0, pms_len); - memset(master_secret, 0, pms_len); - memset(key_block, 0, key_block_len); - fputs(buf, tlsresp); - continue; - } - /* pre_master_secret = ... */ - if (strncmp(buf, "pre_master_secret", 17) == 0) { - i = 17; - while (isspace(buf[i]) || buf[i] == '=') { - i++; - } - for (j=0; j.req */ - if ( strcmp(argv[2], "kat") == 0) { - /* Known Answer Test (KAT) */ - aes_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "mmt") == 0) { - /* Multi-block Message Test (MMT) */ - aes_kat_mmt(argv[4]); - } else if (strcmp(argv[2], "gcm") == 0) { - if ( strcmp(argv[3], "decrypt") == 0) { - aes_gcm(argv[4],0); - } else if (strcmp(argv[3], "encrypt_extiv") == 0) { - aes_gcm(argv[4],1); - } else if (strcmp(argv[3], "encrypt_intiv") == 0) { - aes_gcm(argv[4],2); - } - } else if (strcmp(argv[2], "mct") == 0) { - /* Monte Carlo Test (MCT) */ - if ( strcmp(argv[3], "ecb") == 0) { - /* ECB mode */ - aes_ecb_mct(argv[4]); - } else if (strcmp(argv[3], "cbc") == 0) { - /* CBC mode */ - aes_cbc_mct(argv[4]); - } - } + /* argv[2]=kat|mmt|mct argv[3]=ecb|cbc argv[4]=.req */ + if ( strcmp(argv[2], "kat") == 0) { + /* Known Answer Test (KAT) */ + aes_kat_mmt(argv[4]); + } else if (strcmp(argv[2], "mmt") == 0) { + /* Multi-block Message Test (MMT) */ + aes_kat_mmt(argv[4]); + } else if (strcmp(argv[2], "mct") == 0) { + /* Monte Carlo Test (MCT) */ + if ( strcmp(argv[3], "ecb") == 0) { + /* ECB mode */ + aes_ecb_mct(argv[4]); + } else if (strcmp(argv[3], "cbc") == 0) { + /* CBC mode */ + aes_cbc_mct(argv[4]); + } + } /*************/ /* SHA */ /*************/ @@ -6026,10 +5299,7 @@ int main(int argc, char **argv) } else if (strcmp(argv[2], "sigver") == 0) { /* Signature Verification Test */ rsa_sigver_test(argv[3]); - } else if (strcmp(argv[2], "keypair") == 0) { - /* Key Pair Generation Test */ - rsa_keypair_test(argv[3]); - } + } /*************/ /* HMAC */ /*************/ diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c index b01da4b8f38..875b62bbd06 100644 --- a/security/nss/cmd/httpserv/httpserv.c +++ b/security/nss/cmd/httpserv/httpserv.c @@ -339,6 +339,7 @@ static enum { static const char stopCmd[] = { "GET /stop " }; static const char getCmd[] = { "GET " }; +static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Generic Web Server\r\n" @@ -711,8 +712,8 @@ handle_connection( /* else good status response */ if (!isPost && ocspMethodsAllowed == ocspGetUnknown) { unknown = PR_TRUE; - nextUpdate = PR_Now() + (PRTime)60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ - revoDate = PR_Now() - (PRTime)60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ + nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ + revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ } } } diff --git a/security/nss/cmd/lib/basicutil.c b/security/nss/cmd/lib/basicutil.c index 77b70b1e617..94c28f59ad4 100644 --- a/security/nss/cmd/lib/basicutil.c +++ b/security/nss/cmd/lib/basicutil.c @@ -684,7 +684,7 @@ static unsigned char nibble(char c) { SECStatus SECU_SECItemHexStringToBinary(SECItem* srcdest) { - unsigned int i; + int i; if (!srcdest) { PORT_SetError(SEC_ERROR_INVALID_ARGS); diff --git a/security/nss/cmd/lib/derprint.c b/security/nss/cmd/lib/derprint.c index 285eb036b79..b4eb0ffb480 100644 --- a/security/nss/cmd/lib/derprint.c +++ b/security/nss/cmd/lib/derprint.c @@ -446,7 +446,7 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end } lenLen = nb + 1; if (raw) { - unsigned int i; + int i; rv = prettyPrintByte(out, lbyte, lv); if (rv < 0) @@ -503,10 +503,9 @@ prettyPrintItem(FILE *out, const unsigned char *data, const unsigned char *end, data += lenLen; /* - * Just quit now if slen more bytes puts us off the end, - * or if there's no more data to process. + * Just quit now if slen more bytes puts us off the end. */ - if ((data + slen) >= end) { + if ((data + slen) > end) { PORT_SetError(SEC_ERROR_BAD_DER); return -1; } diff --git a/security/nss/cmd/lib/pk11table.c b/security/nss/cmd/lib/pk11table.c index f76dafe81bf..d979835a0c2 100644 --- a/security/nss/cmd/lib/pk11table.c +++ b/security/nss/cmd/lib/pk11table.c @@ -577,7 +577,7 @@ const Constant _consts[] = { }; const Constant *consts = &_consts[0]; -const unsigned int constCount = sizeof(_consts)/sizeof(_consts[0]); +const int constCount = sizeof(_consts)/sizeof(_consts[0]); const Commands _commands[] = { {"C_Initialize", F_C_Initialize, @@ -1389,7 +1389,7 @@ const int topicCount = sizeof(_topics) / sizeof(_topics[0]); const char * getName(CK_ULONG value, ConstType type) { - unsigned int i; + int i; for (i=0; i < constCount; i++) { if (consts[i].type == type && consts[i].value == value) { @@ -1409,9 +1409,9 @@ getNameFromAttribute(CK_ATTRIBUTE_TYPE type) return getName(type, ConstAttribute); } -unsigned int totalKnownType(ConstType type) { - unsigned int count = 0; - unsigned int i; +int totalKnownType(ConstType type) { + int count = 0; + int i; for (i=0; i < constCount; i++) { if (consts[i].type == type) count++; diff --git a/security/nss/cmd/lib/pk11table.h b/security/nss/cmd/lib/pk11table.h index 0c4052ecef4..cdc4325fc8f 100644 --- a/security/nss/cmd/lib/pk11table.h +++ b/security/nss/cmd/lib/pk11table.h @@ -162,7 +162,7 @@ extern const int valueCount; extern const char **constTypeString; extern const int constTypeCount; extern const Constant *consts; -extern const unsigned int constCount; +extern const int constCount; extern const Commands *commands; extern const int commandCount; extern const Topics *topics; @@ -174,7 +174,7 @@ getName(CK_ULONG value, ConstType type); extern const char * getNameFromAttribute(CK_ATTRIBUTE_TYPE type); -extern unsigned int totalKnownType(ConstType type); +extern int totalKnownType(ConstType type); #endif /* _PK11_TABLE_H_ */ diff --git a/security/nss/cmd/lib/secpwd.c b/security/nss/cmd/lib/secpwd.c index d78e56ccd2a..2c4579d7879 100644 --- a/security/nss/cmd/lib/secpwd.c +++ b/security/nss/cmd/lib/secpwd.c @@ -74,9 +74,7 @@ char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, echoOff(infd); } - if (QUIET_FGETS(phrase, sizeof(phrase), input) == NULL) { - return NULL; - } + QUIET_FGETS ( phrase, sizeof(phrase), input); if (isTTY) { fprintf(output, "\n"); @@ -89,7 +87,7 @@ char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, /* Validate password */ if (!(*ok)(phrase)) { /* Not weird enough */ - if (!isTTY) return NULL; + if (!isTTY) return 0; fprintf(output, "Password must be at least 8 characters long with one or more\n"); fprintf(output, "non-alphabetic characters\n"); continue; diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 92f64f75c28..97331c9c253 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -375,8 +375,7 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, PR_fprintf(PR_STDERR, "Invalid password.\n"); PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - rv = SECFailure; - goto done; + return SECFailure; } } else break; @@ -386,22 +385,20 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); - rv = PK11_ChangePW(slot, oldpw, newpw); - if (rv != SECSuccess) { + if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { PR_fprintf(PR_STDERR, "Failed to change password.\n"); - } else { - PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); + return SECFailure; } PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); + PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); + done: - if (newpw) { - PORT_Memset(newpw, 0, PL_strlen(newpw)); - PORT_Free(newpw); - } - return rv; + PORT_Memset(newpw, 0, PL_strlen(newpw)); + PORT_Free(newpw); + return SECSuccess; } struct matchobj { @@ -1553,7 +1550,7 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len); { - unsigned int i; + int i; for (i=0; i < c->serialNumber.len; ++i) { unsigned char *chardata = (unsigned char*)(c->serialNumber.data); unsigned char c = *(chardata + i); @@ -2420,6 +2417,7 @@ SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); CERTCertificate *c; int rv = SEC_ERROR_NO_MEMORY; + int iv; if (!arena) return rv; @@ -2745,7 +2743,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - (SECU_PPFunc)SECU_PrintCertificate); + SECU_PrintCertificate); if (rv) return rv; } @@ -2864,7 +2862,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - (SECU_PPFunc)SECU_PrintCertificate); + SECU_PrintCertificate); if (rv) return rv; } @@ -3194,7 +3192,7 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert, data.len = cert->derCert.len; rv = SECU_PrintSignedData(stdout, &data, label, 0, - (SECU_PPFunc)SECU_PrintCertificate); + SECU_PrintCertificate); if (rv) { return(SECFailure); } @@ -3285,7 +3283,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, errstr = NULL; switch (node->error) { case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)((char *)node->arg - (char *)NULL); + flags = (unsigned int)node->arg; switch (flags) { case KU_DIGITAL_SIGNATURE: errstr = "Cert cannot sign."; @@ -3301,7 +3299,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, break; } case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)((char *)node->arg - (char *)NULL); + flags = (unsigned int)node->arg; switch (flags) { case NS_CERT_TYPE_SSL_CLIENT: case NS_CERT_TYPE_SSL_SERVER: diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h index ba42264b50d..36ed5a4ebd8 100644 --- a/security/nss/cmd/modutil/error.h +++ b/security/nss/cmd/modutil/error.h @@ -133,7 +133,25 @@ typedef enum { LAST_MSG /* must be last */ } Message; -/* defined in modutil.c */ -extern char *msgStrings[]; +static char *msgStrings[] = { + "FIPS mode enabled.\n", + "FIPS mode disabled.\n", + "Using database directory %s...\n", + "Creating \"%s\"...", + "Module \"%s\" added to database.\n", + "Module \"%s\" deleted from database.\n", + "Token \"%s\" password changed successfully.\n", + "Incorrect password, try again...\n", + "Passwords do not match, try again...\n", + "done.\n", + "Slot \"%s\" %s.\n", + "Successfully changed defaults.\n", + "Successfully changed defaults.\n", +"\nWARNING: Performing this operation while the browser is running could cause" +"\ncorruption of your security databases. If the browser is currently running," +"\nyou should exit browser before continuing this operation. Type " +"\n'q ' to abort, or to continue: ", + "\nAborting...\n" +}; #endif /* MODUTIL_ERROR_H */ diff --git a/security/nss/cmd/modutil/installparse.c b/security/nss/cmd/modutil/installparse.c index 3691c6388da..e23bbcc988d 100644 --- a/security/nss/cmd/modutil/installparse.c +++ b/security/nss/cmd/modutil/installparse.c @@ -203,7 +203,7 @@ yyparse() register char *yys; extern char *getenv(); - if ((yys = getenv("YYDEBUG")) != NULL) + if (yys = getenv("YYDEBUG")) { yyn = *yys; if (yyn >= '0' && yyn <= '9') @@ -220,7 +220,7 @@ yyparse() *yyssp = yystate = 0; yyloop: - if ((yyn = yydefred[yystate]) != 0) goto yyreduce; + if (yyn = yydefred[yystate]) goto yyreduce; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; diff --git a/security/nss/cmd/modutil/lex.Pk11Install_yy.c b/security/nss/cmd/modutil/lex.Pk11Install_yy.c index 4533e0c76fa..59d9bb597f9 100644 --- a/security/nss/cmd/modutil/lex.Pk11Install_yy.c +++ b/security/nss/cmd/modutil/lex.Pk11Install_yy.c @@ -1100,7 +1100,6 @@ register char *yy_bp; #endif /* ifndef YY_NO_UNPUT */ -#ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput() #else @@ -1172,7 +1171,6 @@ static int input() return c; } -#endif /* ifndef YY_NO_INPUT */ #ifdef YY_USE_PROTOS diff --git a/security/nss/cmd/modutil/manifest.mn b/security/nss/cmd/modutil/manifest.mn index a92ca68c1e9..9929a805928 100644 --- a/security/nss/cmd/modutil/manifest.mn +++ b/security/nss/cmd/modutil/manifest.mn @@ -24,7 +24,7 @@ PROGRAM = modutil REQUIRES = seccmd nss dbm -DEFINES = -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT +DEFINES = -DNSPR20 # sigh #INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c index 64212024f0c..ba07bba4f98 100644 --- a/security/nss/cmd/modutil/modutil.c +++ b/security/nss/cmd/modutil/modutil.c @@ -122,27 +122,6 @@ static char *optionStrings[] = { "-chkfips", }; -char *msgStrings[] = { - "FIPS mode enabled.\n", - "FIPS mode disabled.\n", - "Using database directory %s...\n", - "Creating \"%s\"...", - "Module \"%s\" added to database.\n", - "Module \"%s\" deleted from database.\n", - "Token \"%s\" password changed successfully.\n", - "Incorrect password, try again...\n", - "Passwords do not match, try again...\n", - "done.\n", - "Slot \"%s\" %s.\n", - "Successfully changed defaults.\n", - "Successfully changed defaults.\n", -"\nWARNING: Performing this operation while the browser is running could cause" -"\ncorruption of your security databases. If the browser is currently running," -"\nyou should exit browser before continuing this operation. Type " -"\n'q ' to abort, or to continue: ", - "\nAborting...\n" -}; - /* Increment i if doing so would have i still be less than j. If you are able to do this, return 0. Otherwise return 1. */ #define TRY_INC(i,j) ( ((i+1)len; i++) { + unsigned char byte=item->data[i]; + appendHex(byte >> 4); + appendHex(byte & 0xf); + appendLabel(':'); + } +} + /* * append a 32 bit integer (even on a 64 bit platform). * for simplicity append it as a hex value, full extension with 0x prefix. @@ -472,7 +493,7 @@ do_list_certs(const char *progName, int log) CERTCertList *sorted; CERTCertListNode *node; CERTCertTrust trust; - unsigned int i; + int i; list = PK11_ListCerts(PK11CertListUnique, NULL); if (list == NULL) { diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c index edf146a210c..e302bb5b83e 100644 --- a/security/nss/cmd/ocspclnt/ocspclnt.c +++ b/security/nss/cmd/ocspclnt/ocspclnt.c @@ -562,7 +562,7 @@ print_raw_certificates (FILE *out_file, SECItem **raw_certs, int level) while ((raw_cert = raw_certs[i++]) != NULL) { sprintf (cert_label, "Certificate (%d)", i); (void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1, - (SECU_PPFunc)SECU_PrintCertificate); + SECU_PrintCertificate); } } @@ -964,7 +964,7 @@ main (int argc, char **argv) PLOptState *optstate; SECStatus rv; CERTCertDBHandle *handle = NULL; - SECCertUsage cert_usage = certUsageSSLClient; + SECCertUsage cert_usage; PRTime verify_time; CERTCertificate *cert = NULL; PRBool ascii = PR_FALSE; diff --git a/security/nss/cmd/ocspresp/ocspresp.c b/security/nss/cmd/ocspresp/ocspresp.c index cbc826929e3..3e97747148b 100644 --- a/security/nss/cmd/ocspresp/ocspresp.c +++ b/security/nss/cmd/ocspresp/ocspresp.c @@ -129,12 +129,15 @@ main(int argc, char **argv) SECItem *encoded = NULL; CERTOCSPResponse *decoded = NULL; + SECStatus statusDecoded; SECItem *encodedRev = NULL; CERTOCSPResponse *decodedRev = NULL; + SECStatus statusDecodedRev; SECItem *encodedFail = NULL; CERTOCSPResponse *decodedFail = NULL; + SECStatus statusDecodedFail; CERTCertificate *obtainedSignerCert = NULL; @@ -178,47 +181,40 @@ main(int argc, char **argv) encoded = encode(arena, cid, caCert); PORT_Assert(encoded); decoded = CERT_DecodeOCSPResponse(encoded); - PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decoded)); + statusDecoded = CERT_GetOCSPResponseStatus(decoded); + PORT_Assert(statusDecoded == SECSuccess); - PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, - &obtainedSignerCert, caCert)); - PORT_CheckSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, - obtainedSignerCert, now)); + statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, + &obtainedSignerCert, caCert); + PORT_Assert(statusDecoded == SECSuccess); + statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, + obtainedSignerCert, now); + PORT_Assert(statusDecoded == SECSuccess); CERT_DestroyCertificate(obtainedSignerCert); encodedRev = encodeRevoked(arena, cid, caCert); PORT_Assert(encodedRev); decodedRev = CERT_DecodeOCSPResponse(encodedRev); - PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decodedRev)); + statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev); + PORT_Assert(statusDecodedRev == SECSuccess); - PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, - &obtainedSignerCert, caCert)); -#ifdef DEBUG - { - SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, + &obtainedSignerCert, caCert); + PORT_Assert(statusDecodedRev == SECSuccess); + statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, obtainedSignerCert, now); - PORT_Assert(rv == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); - } -#else - (void)CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, - obtainedSignerCert, now); -#endif + PORT_Assert(statusDecodedRev == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); CERT_DestroyCertificate(obtainedSignerCert); encodedFail = CERT_CreateEncodedOCSPErrorResponse( arena, SEC_ERROR_OCSP_TRY_SERVER_LATER); PORT_Assert(encodedFail); decodedFail = CERT_DecodeOCSPResponse(encodedFail); -#ifdef DEBUG - { - SECStatus rv = CERT_GetOCSPResponseStatus(decodedFail); - PORT_Assert(rv == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); - } -#else - (void)CERT_GetOCSPResponseStatus(decodedFail); -#endif + statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail); + PORT_Assert(statusDecodedFail == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); + retval = 0; loser: if (retval != 0) diff --git a/security/nss/cmd/oidcalc/oidcalc.c b/security/nss/cmd/oidcalc/oidcalc.c index c767099a4b8..39d300e36bf 100644 --- a/security/nss/cmd/oidcalc/oidcalc.c +++ b/security/nss/cmd/oidcalc/oidcalc.c @@ -44,13 +44,13 @@ main(int argc, char **argv) secondval = atoi(curstr); - if ( firstval > 2 ) { + if ( ( firstval < 0 ) || ( firstval > 2 ) ) { fprintf(stderr, "first component out of range\n"); exit(-1); } - if ( secondval > 39 ) { + if ( ( secondval < 0 ) || ( secondval > 39 ) ) { fprintf(stderr, "second component out of range\n"); exit(-1); } diff --git a/security/nss/cmd/p7env/p7env.c b/security/nss/cmd/p7env/p7env.c index 338f9cf30c7..01b35df9480 100644 --- a/security/nss/cmd/p7env/p7env.c +++ b/security/nss/cmd/p7env/p7env.c @@ -130,6 +130,7 @@ main(int argc, char **argv) { char *progName; FILE *inFile, *outFile; + char *certName; CERTCertDBHandle *certHandle; struct recipient *recipients, *rcpt; PLOptState *optstate; @@ -141,6 +142,7 @@ main(int argc, char **argv) inFile = NULL; outFile = NULL; + certName = NULL; recipients = NULL; rcpt = NULL; diff --git a/security/nss/cmd/pk11gcmtest/pk11gcmtest.c b/security/nss/cmd/pk11gcmtest/pk11gcmtest.c index 63f4b330bb2..35e08ef6803 100644 --- a/security/nss/cmd/pk11gcmtest/pk11gcmtest.c +++ b/security/nss/cmd/pk11gcmtest/pk11gcmtest.c @@ -166,22 +166,22 @@ aes_gcm_kat(const char *respfn) FILE *aesresp; /* input stream from the RESPONSE file */ int i, j; unsigned int test_group = 0; - unsigned int num_tests = 0; + unsigned int num_tests; PRBool is_encrypt; unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize = 16; + unsigned int keysize; unsigned char iv[10*16]; /* 1 to 10 blocks */ - unsigned int ivsize = 12; + unsigned int ivsize; unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen = 0; unsigned char aad[10*16]; /* 1 to 10 blocks */ unsigned int aadlen = 0; unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ - unsigned int ciphertextlen = 0; + unsigned int ciphertextlen; unsigned char tag[16]; - unsigned int tagsize = 16; + unsigned int tagsize; unsigned char output[10*16]; /* 1 to 10 blocks */ - unsigned int outputlen = 0; + unsigned int outputlen; unsigned int expected_keylen = 0; unsigned int expected_ivlen = 0; diff --git a/security/nss/cmd/pk11mode/pk11mode.c b/security/nss/cmd/pk11mode/pk11mode.c index 901323abe81..a9f89f31a4c 100644 --- a/security/nss/cmd/pk11mode/pk11mode.c +++ b/security/nss/cmd/pk11mode/pk11mode.c @@ -2090,8 +2090,8 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, } PKM_LogIt("C_GetMechanismList returned the mechanism types:\n"); if (verbose) { - for (i = 0; i < mechanismCount; i++) { - mechName = getName(pMechanismList[(i)], ConstMechanism); + for (i = 1; i <= mechanismCount; i++) { + mechName = getName(pMechanismList[(i-1)], ConstMechanism); /* output two mechanism name on each line */ /* currently the longest known mechansim name length is 37 */ @@ -2100,7 +2100,7 @@ CK_RV PKM_Mechanism(CK_FUNCTION_LIST_PTR pFunctionList, } else { printf("Unknown mechanism: 0x%08lX ", pMechanismList[i]); } - if ((i % 2) == 1 ) printf("\n"); + if ((i != 0) && ((i % 2) == 0 )) printf("\n"); } printf("\n\n"); } @@ -3506,8 +3506,8 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, CK_ATTRIBUTE_PTR pTemplate; CK_ULONG tnObjects = 0; int curMode; - unsigned int i; - unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); + int i; + int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); NUMTESTS++; /* increment NUMTESTS */ @@ -4558,7 +4558,7 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession; CK_RV crv; CK_MECHANISM mk_mech; - CK_VERSION version; + CK_VERSION expected_version, version; CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE type = CKK_GENERIC_SECRET; CK_BBOOL derive_bool = true; @@ -4625,6 +4625,8 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, case CKM_TLS_MASTER_KEY_DERIVE: attrs[3].pValue = NULL; attrs[3].ulValueLen = 0; + expected_version.major = 3; + expected_version.minor = 1; mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom; mkd_params.RandomInfo.ulClientRandomLen = diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index 398c0f84389..7b0467f2327 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -756,7 +756,7 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot, } else if (SECU_PrintSignedData(stdout, dip->der, (dip->hasKey) ? "(has private key)" : "", - 0, (SECU_PPFunc)SECU_PrintCertificate) != 0) { + 0, SECU_PrintCertificate) != 0) { SECU_PrintError(progName,"PKCS12 print cert bag failed"); } if (dip->friendlyName != NULL) { diff --git a/security/nss/cmd/pk1sign/pk1sign.c b/security/nss/cmd/pk1sign/pk1sign.c index 5f58f8c7816..5750cdb2d98 100644 --- a/security/nss/cmd/pk1sign/pk1sign.c +++ b/security/nss/cmd/pk1sign/pk1sign.c @@ -175,7 +175,7 @@ main(int argc, char **argv) PRFileDesc *inFile; char *keyName = NULL; CERTCertDBHandle *certHandle; - CERTCertificate *cert = NULL; + CERTCertificate *cert; PLOptState *optstate; PLOptStatus status; SECStatus rv; diff --git a/security/nss/cmd/pp/pp.c b/security/nss/cmd/pp/pp.c index 5a69a994e3e..31e766112af 100644 --- a/security/nss/cmd/pp/pp.c +++ b/security/nss/cmd/pp/pp.c @@ -25,11 +25,8 @@ static void Usage(char *progName) "Usage: %s [-t type] [-a] [-i input] [-o output] [-w] [-u]\n", progName); fprintf(stderr, "Pretty prints a file containing ASN.1 data in DER or ascii format.\n"); - fprintf(stderr, "%-14s Specify input and display type:", "-t type"); -#ifdef HAVE_EPV_TEMPLATE - fprintf(stderr, " %s (sk),", SEC_CT_PRIVATE_KEY); -#endif - fprintf(stderr, "\n"); + fprintf(stderr, "%-14s Specify input and display type: %s (sk),\n", + "-t type", SEC_CT_PRIVATE_KEY); fprintf(stderr, "%-14s %s (pk), %s (c), %s (cr),\n", "", SEC_CT_PUBLIC_KEY, SEC_CT_CERTIFICATE, SEC_CT_CERTIFICATE_REQUEST); fprintf(stderr, "%-14s %s (ci), %s (p7), %s or %s (n).\n", "", SEC_CT_CERTIFICATE_ID, @@ -139,7 +136,7 @@ int main(int argc, char **argv) if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 || PORT_Strcmp(typeTag, "c") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, - (SECU_PPFunc)SECU_PrintCertificate); + SECU_PrintCertificate); } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 || PORT_Strcmp(typeTag, "ci") == 0) { rv = SECU_PrintSignedContent(outFile, &data, 0, 0, diff --git a/security/nss/cmd/sdrtest/sdrtest.c b/security/nss/cmd/sdrtest/sdrtest.c index ba6350624fa..5740876d5ff 100644 --- a/security/nss/cmd/sdrtest/sdrtest.c +++ b/security/nss/cmd/sdrtest/sdrtest.c @@ -71,9 +71,9 @@ long_usage (char *program_name) int readStdin(SECItem * result) { - unsigned int bufsize = 0; + int bufsize = 0; int cc; - unsigned int wanted = 8192U; + int wanted = 8192; result->len = 0; result->data = NULL; diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c index 549fda53ed6..a3be7022c7e 100644 --- a/security/nss/cmd/selfserv/selfserv.c +++ b/security/nss/cmd/selfserv/selfserv.c @@ -65,7 +65,7 @@ static const char inheritableSockName[] = { "SELFSERV_LISTEN_SOCKET" }; #define MAX_BULK_TEST 1048576 /* 1 MB */ static PRBool testBulk; static PRUint32 testBulkSize = DEFAULT_BULK_TEST; -static PRInt32 testBulkTotal; +static PRUint32 testBulkTotal; static char* testBulkBuf; static PRDescIdentity log_layer_id = PR_INVALID_IO_LAYER; static PRFileDesc *loggingFD; @@ -74,10 +74,10 @@ static PRIOMethods loggingMethods; static PRBool logStats; static PRBool loggingLayer; static int logPeriod = 30; -static PRInt32 loggerOps; -static PRInt32 loggerBytes; -static PRInt32 loggerBytesTCP; -static PRInt32 bulkSentChunks; +static PRUint32 loggerOps; +static PRUint32 loggerBytes; +static PRUint32 loggerBytesTCP; +static PRUint32 bulkSentChunks; static enum ocspStaplingModeEnum { osm_disabled, /* server doesn't support stapling */ osm_good, /* supply a signed good status */ @@ -428,11 +428,10 @@ printSecurityInfo(PRFileDesc *fd) suite.macBits, suite.macAlgorithmName); FPRINTF(stderr, "selfserv: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n" - " Compression: %s, Extended Master Secret: %s\n", + " Compression: %s\n", channel.authKeyBits, suite.authAlgorithmName, channel.keaKeyBits, suite.keaTypeName, - channel.compressionMethodName, - channel.extendedMasterSecretUsed ? "Yes": "No"); + channel.compressionMethodName); } } if (verbose) { @@ -503,8 +502,8 @@ mySSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr, pwdata = SSL_RevealPinArg(fd); - for (;current && (PRUint32)i < sniNameArrSize;i++) { - unsigned int j = 0; + for (;current && i < sniNameArrSize;i++) { + int j = 0; for (;j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j];j++) { if (!PORT_Strncmp(nameArr[j], (const char *)current[i].data, @@ -752,8 +751,8 @@ logger(void *arg) PRIntervalTime period; PRIntervalTime previousTime; PRIntervalTime latestTime; - PRInt32 previousOps; - PRInt32 ops; + PRUint32 previousOps; + PRUint32 ops; PRIntervalTime logPeriodTicks = PR_TicksPerSecond(); PRFloat64 secondsPerTick = 1.0 / (PRFloat64)logPeriodTicks; int iterations = 0; @@ -772,7 +771,7 @@ logger(void *arg) */ PR_Sleep(logPeriodTicks); secondsElapsed++; - totalPeriodBytes += PR_ATOMIC_SET(&loggerBytes, 0); + totalPeriodBytes += PR_ATOMIC_SET(&loggerBytes, 0); totalPeriodBytesTCP += PR_ATOMIC_SET(&loggerBytesTCP, 0); if (secondsElapsed != logPeriod) { continue; @@ -838,8 +837,6 @@ PRBool testbypass = PR_FALSE; PRBool enableSessionTickets = PR_FALSE; PRBool enableCompression = PR_FALSE; PRBool failedToNegotiateName = PR_FALSE; -PRBool enableExtendedMasterSecret = PR_FALSE; - static char *virtServerNameArray[MAX_VIRT_SERVER_NAME_ARRAY_INDEX]; static int virtServerNameIndex = 1; @@ -1132,7 +1129,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, SECItemArray *result = NULL; SECItem *ocspResponse = NULL; CERTOCSPSingleResponse **singleResponses; - CERTOCSPSingleResponse *sr = NULL; + CERTOCSPSingleResponse *sr; CERTOCSPCertID *cid = NULL; CERTCertificate *ca; PRTime now = PR_Now(); @@ -1148,7 +1145,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, if (!cid) errExit("cannot created cid"); - nextUpdate = now + (PRTime)60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ + nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ switch (osm) { case osm_good: @@ -1163,7 +1160,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, case osm_revoked: sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now, &nextUpdate, - now - (PRTime)60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ + now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ NULL); break; default: @@ -1945,13 +1942,6 @@ server_main( } } - if (enableExtendedMasterSecret) { - rv = SSL_OptionSet(model_sock, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE); - if (rv != SECSuccess) { - errExit("error enabling extended master secret "); - } - } - for (kea = kt_rsa; kea < kt_kea_size; kea++) { if (cert[kea] != NULL) { secStatus = SSL_ConfigSecureServer(model_sock, @@ -2228,7 +2218,7 @@ main(int argc, char **argv) ** numbers, then capital letters, then lower case, alphabetical. */ optstate = PL_CreateOptState(argc, argv, - "2:A:BC:DEGH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); + "2:A:BC:DEH:L:M:NP:RS:T:U:V:W:Ya:bc:d:e:f:g:hi:jk:lmn:op:qrst:uvw:xyz"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { ++optionsFound; switch(optstate->option) { @@ -2244,8 +2234,6 @@ main(int argc, char **argv) case 'E': disableStepDown = PR_TRUE; break; case 'H': configureDHE = (PORT_Atoi(optstate->value) != 0); break; - case 'G': enableExtendedMasterSecret = PR_TRUE; break; - case 'I': /* reserved for OCSP multi-stapling */ break; case 'L': diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c index 7ddbf343dfe..51604414fd1 100644 --- a/security/nss/cmd/shlibsign/shlibsign.c +++ b/security/nss/cmd/shlibsign/shlibsign.c @@ -195,10 +195,6 @@ static const unsigned char base[] = { 0x14, 0x8e, 0xe7, 0xb8, 0xaa, 0xd5, 0xd1, 0x36, 0x1d, 0x7e, 0x5e, 0x7d, 0xfa, 0x5b, 0x77, 0x1f }; -/* - * The constants h, seed, & counter aren't used in the code; they're provided - * here (commented-out) so that human readers can verify that our our PQG - * parameters were generated properly. static const unsigned char h[] = { 0x41, 0x87, 0x47, 0x79, 0xd8, 0xba, 0x4e, 0xac, 0x44, 0x4f, 0x6b, 0xd2, 0x16, 0x5e, 0x04, 0xc6, @@ -236,7 +232,6 @@ static const unsigned char seed[] = { 0x00, 0x64, 0x06, 0x13, 0x51, 0xeb, 0x4a, 0x91, 0x9c }; static const unsigned int counter=1496; - */ static const unsigned char prime2[] = { 0x00, 0xa4, 0xc2, 0x83, 0x4f, 0x36, 0xd3, 0x4f, 0xae, @@ -312,10 +307,6 @@ static const unsigned char base2[] = { 0x00, 0x1c, 0xd3, 0xff, 0x4e, 0x2c, 0x38, 0x1c, 0xaa, 0x2e, 0x66, 0xbe, 0x32, 0x3e, 0x3c, 0x06, 0x5f }; -/* - * The constants h2, seed2, & counter2 aren't used in the code; they're provided - * here (commented-out) so that human readers can verify that our our PQG - * parameters were generated properly. static const unsigned char h2[] = { 0x30, 0x91, 0xa1, 0x2e, 0x40, 0xa5, 0x7d, 0xf7, 0xdc, 0xed, 0xee, 0x05, 0xc2, 0x31, 0x91, 0x37, @@ -385,7 +376,6 @@ static const unsigned char seed2[] = { 0x00, 0xc3, 0x29, 0x7d, 0xb7, 0x89, 0xbf, 0xe3, 0xde }; static const unsigned int counter2=210; - */ struct tuple_str { CK_RV errNum; @@ -522,7 +512,7 @@ CK_RVtoStr(CK_RV errNum) { /* Do binary search of table. */ while (low + 1 < high) { - i = low + (high - low) / 2; + i = (low + high) / 2; num = errStrings[i].errNum; if (errNum == num) return errStrings[i].errString; @@ -707,7 +697,7 @@ int main(int argc, char **argv) int bytesWritten; unsigned char file_buf[512]; int count=0; - unsigned int keySize = 0; + int keySize = 0; int i; PRBool verify = PR_FALSE; static PRBool FIPSMODE = PR_FALSE; diff --git a/security/nss/cmd/signtool/certgen.c b/security/nss/cmd/signtool/certgen.c index 5a645049c81..92c33fdb952 100644 --- a/security/nss/cmd/signtool/certgen.c +++ b/security/nss/cmd/signtool/certgen.c @@ -73,9 +73,6 @@ GenerateCert(char *nickname, int keysize, char *token) LL_L2UI(serial, PR_Now()); subject = GetSubjectFromUser(serial); - if (!subject) { - FatalError("Unable to get subject from user"); - } cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject, serial, keysize, token); @@ -125,9 +122,7 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "certificate common name: "); #endif - if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { - return NULL; - } + fgets(buf, STDIN_BUF_SIZE, stdin); cp = chop(buf); if (*cp == '\0') { sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME, @@ -149,9 +144,7 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "organization: "); #endif - if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { - return NULL; - } + fgets(buf, STDIN_BUF_SIZE, stdin); cp = chop(buf); if (*cp != '\0') { org = PORT_ZAlloc(strlen(cp) + 5); @@ -170,9 +163,7 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "organization unit: "); #endif - if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { - return NULL; - } + fgets(buf, STDIN_BUF_SIZE, stdin); cp = chop(buf); if (*cp != '\0') { orgunit = PORT_ZAlloc(strlen(cp) + 6); @@ -190,9 +181,7 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "state or province: "); #endif - if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { - return NULL; - } + fgets(buf, STDIN_BUF_SIZE, stdin); cp = chop(buf); if (*cp != '\0') { state = PORT_ZAlloc(strlen(cp) + 6); @@ -210,9 +199,7 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "country (must be exactly 2 characters): "); #endif - if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { - return NULL; - } + fgets(buf, STDIN_BUF_SIZE, stdin); cp = chop(cp); if (strlen(cp) != 2) { *cp = '\0'; /* country code must be 2 chars */ @@ -233,9 +220,7 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "username: "); #endif - if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { - return NULL; - } + fgets(buf, STDIN_BUF_SIZE, stdin); cp = chop(buf); if (*cp != '\0') { uid = PORT_ZAlloc(strlen(cp) + 7); @@ -253,9 +238,7 @@ GetSubjectFromUser(unsigned long serial) #else PR_fprintf(PR_STDOUT, "email address: "); #endif - if (!fgets(buf, STDIN_BUF_SIZE, stdin)) { - return NULL; - } + fgets(buf, STDIN_BUF_SIZE, stdin); cp = chop(buf); if (*cp != '\0') { email = PORT_ZAlloc(strlen(cp) + 5); @@ -437,6 +420,7 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) SECItem der2; SECItem * result2; + void *dummy; SECOidTag alg = SEC_OID_UNKNOWN; alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN); @@ -456,7 +440,7 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) der2.len = 0; der2.data = NULL; - (void)SEC_ASN1EncodeItem + dummy = SEC_ASN1EncodeItem (cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate)); if (rv != SECSuccess) { diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c index 73568d1ba0a..74a208e5e59 100644 --- a/security/nss/cmd/signtool/util.c +++ b/security/nss/cmd/signtool/util.c @@ -16,11 +16,9 @@ static int is_dir (char *filename); long *mozilla_event_queue = 0; #ifndef XP_WIN -char *XP_GetString (int i) +char *XP_GetString (int i) { - /* nasty hackish cast to avoid changing the signature of - * JAR_init_callbacks() */ - return (char *)SECU_Strerror (i); + return SECU_Strerror (i); } #endif diff --git a/security/nss/cmd/ssltap/ssltap.c b/security/nss/cmd/ssltap/ssltap.c index 8ea465ef32f..170420a6f89 100644 --- a/security/nss/cmd/ssltap/ssltap.c +++ b/security/nss/cmd/ssltap/ssltap.c @@ -41,12 +41,12 @@ struct _DataBuffer; typedef struct _DataBufferList { struct _DataBuffer *first,*last; - unsigned int size; + int size; int isEncrypted; unsigned char * msgBuf; - unsigned int msgBufOffset; - unsigned int msgBufSize; - unsigned int hMACsize; + int msgBufOffset; + int msgBufSize; + int hMACsize; } DataBufferList; typedef struct _DataBuffer { @@ -566,7 +566,7 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor (PRUint32)(GET_SHORT((chv2->rndlength))), (PRUint32)(GET_SHORT((chv2->rndlength)))); PR_fprintf(PR_STDOUT," cipher-suites = { \n"); - for (p=0;p<(PRUint32)GET_SHORT((chv2->cslength));p+=3) { + for (p=0;pcslength));p+=3) { PRUint32 cs_int = GET_24((&chv2->csuites[p])); const char *cs_str = V2CipherString(cs_int); @@ -575,17 +575,17 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor } q = p; PR_fprintf(PR_STDOUT," }\n"); - if (GET_SHORT((chv2->sidlength))) { + if (chv2->sidlength) { PR_fprintf(PR_STDOUT," session-id = { "); - for (p=0;p<(PRUint32)GET_SHORT((chv2->sidlength));p+=2) { + for (p=0;psidlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } } q += p; PR_fprintf(PR_STDOUT,"}\n"); - if (GET_SHORT((chv2->rndlength))) { + if (chv2->rndlength) { PR_fprintf(PR_STDOUT," challenge = { "); - for (p=0;p<(PRUint32)GET_SHORT((chv2->rndlength));p+=2) { + for (p=0;prndlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } PR_fprintf(PR_STDOUT,"}\n"); @@ -978,7 +978,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, { struct sslhandshake sslh; unsigned char * hsdata; - unsigned int offset=0; + int offset=0; PR_fprintf(PR_STDOUT," handshake {\n"); @@ -1365,7 +1365,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, offset += sslh.length + 4; } /* while */ if (offset < recordLen) { /* stuff left over */ - unsigned int newMsgLen = recordLen - offset; + int newMsgLen = recordLen - offset; if (!s->msgBuf) { s->msgBuf = PORT_Alloc(newMsgLen); if (!s->msgBuf) { diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index f4825050f27..43d121e2732 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -498,6 +498,7 @@ init_thread_data(void) PRBool useModelSocket = PR_TRUE; +static const char stopCmd[] = { "GET /stop " }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Netscape-Enterprise/2.0a\r\n" @@ -566,8 +567,8 @@ do_writes( { PRFileDesc * ssl_sock = (PRFileDesc *)a; lockedVars * lv = (lockedVars *)b; - unsigned int sent = 0; - int count = 0; + int sent = 0; + int count = 0; while (sent < bigBuf.len) { @@ -711,7 +712,7 @@ PRInt32 lastFullHandshakePeerID; void myHandshakeCallback(PRFileDesc *socket, void *arg) { - PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL)); + PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32) arg); } #endif @@ -731,6 +732,7 @@ do_connects( PRFileDesc * tcp_sock = 0; PRStatus prStatus; PRUint32 sleepInterval = 50; /* milliseconds */ + SECStatus result; int rv = SECSuccess; PRSocketOptionData opt; @@ -837,8 +839,7 @@ retry: PR_snprintf(sockPeerIDString, sizeof(sockPeerIDString), "ID%d", thisPeerID); SSL_SetSockPeerID(ssl_sock, sockPeerIDString); - SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, - (char *)NULL + thisPeerID); + SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, (void*)thisPeerID); #else /* force a full handshake by setting the no cache option */ SSL_OptionSet(ssl_sock, SSL_NO_CACHE, 1); @@ -853,9 +854,9 @@ retry: PR_ATOMIC_INCREMENT(&numConnected); if (bigBuf.data != NULL) { - (void)handle_fdx_connection( ssl_sock, tid); + result = handle_fdx_connection( ssl_sock, tid); } else { - (void)handle_connection( ssl_sock, tid); + result = handle_connection( ssl_sock, tid); } PR_ATOMIC_DECREMENT(&numConnected); diff --git a/security/nss/cmd/symkeyutil/symkeyutil.c b/security/nss/cmd/symkeyutil/symkeyutil.c index 353da711bcc..05de7d873cc 100644 --- a/security/nss/cmd/symkeyutil/symkeyutil.c +++ b/security/nss/cmd/symkeyutil/symkeyutil.c @@ -1015,7 +1015,8 @@ main(int argc, char **argv) } } if (se) { - PORT_CheckSuccess(PK11_FreeSlotListElement(slotList, se)); + SECStatus rv2 = PK11_FreeSlotListElement(slotList, se); + PORT_Assert(SECSuccess == rv2); } PK11_FreeSlotList(slotList); } diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c index 93a702220af..72f53badfda 100644 --- a/security/nss/cmd/tstclnt/tstclnt.c +++ b/security/nss/cmd/tstclnt/tstclnt.c @@ -129,11 +129,10 @@ void printSecurityInfo(PRFileDesc *fd) suite.macBits, suite.macAlgorithmName); FPRINTF(stderr, "tstclnt: Server Auth: %d-bit %s, Key Exchange: %d-bit %s\n" - " Compression: %s, Extended Master Secret: %s\n", + " Compression: %s\n", channel.authKeyBits, suite.authAlgorithmName, channel.keaKeyBits, suite.keaTypeName, - channel.compressionMethodName, - channel.extendedMasterSecretUsed ? "Yes": "No"); + channel.compressionMethodName); } } cert = SSL_RevealCert(fd); @@ -232,7 +231,6 @@ static void PrintParameterUsage(void) fprintf(stderr, "%-20s Enable compression.\n", "-z"); fprintf(stderr, "%-20s Enable false start.\n", "-g"); fprintf(stderr, "%-20s Enable the cert_status extension (OCSP stapling).\n", "-T"); - fprintf(stderr, "%-20s Enable the extended master secret extension (session hash).\n", "-G"); fprintf(stderr, "%-20s Require fresh revocation info from side channel.\n" "%-20s -F once means: require for server cert only\n" "%-20s -F twice means: require for intermediates, too\n" @@ -536,9 +534,9 @@ dumpServerCertificateChain(PRFileDesc *fd) return; } else if (dumpServerChain == 1) { - dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo; + dumpFunction = SECU_PrintCertificateBasicInfo; } else { - dumpFunction = (SECU_PPFunc)SECU_PrintCertificate; + dumpFunction = SECU_PrintCertificate; if (dumpServerChain > 2) { dumpCertPEM = PR_TRUE; } @@ -568,7 +566,7 @@ dumpServerCertificateChain(PRFileDesc *fd) PR_TRUE); } if (foundChain) { - unsigned int count = 0; + int count = 0; fprintf(stderr, "==== locally found issuer certificate(s): ====\n"); for(count = 0; count < (unsigned int)foundChain->len; count++) { CERTCertificate *c; @@ -621,7 +619,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (!serverCertAuth->shouldPause) { CERTCertificate *cert; - unsigned int i; + int i; const SECItemArray *csa; if (!serverCertAuth->testFreshStatusFromSideChannel) { @@ -646,7 +644,8 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (CERT_CacheOCSPResponseFromSideChannel( serverCertAuth->dbHandle, cert, PR_Now(), &csa->items[i], arg) != SECSuccess) { - PORT_Assert(PR_GetError() != 0); + PRErrorCode error = PR_GetError(); + PORT_Assert(error != 0); } } } @@ -921,7 +920,6 @@ int main(int argc, char **argv) int enableFalseStart = 0; int enableCertStatus = 0; int forceFallbackSCSV = 0; - int enableExtendedMasterSecret = 0; PRSocketOptionData opt; PRNetAddr addr; PRPollDesc pollset[2]; @@ -970,7 +968,7 @@ int main(int argc, char **argv) SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions); optstate = PL_CreateOptState(argc, argv, - "46BCDFGKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz"); + "46BCDFKM:OR:STV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz"); while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case '?': @@ -992,8 +990,6 @@ int main(int argc, char **argv) serverCertAuth.testFreshStatusFromSideChannel = PR_TRUE; break; - case 'G': enableExtendedMasterSecret = PR_TRUE; break; - case 'I': /* reserved for OCSP multi-stapling */ break; case 'O': serverCertAuth.shouldPause = PR_FALSE; break; @@ -1287,7 +1283,7 @@ int main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp = 0; + int ctmp; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) @@ -1391,15 +1387,6 @@ int main(int argc, char **argv) return 1; } - /* enable extended master secret mode */ - if (enableExtendedMasterSecret) { - rv = SSL_OptionSet(s, SSL_ENABLE_EXTENDED_MASTER_SECRET, PR_TRUE); - if (rv != SECSuccess) { - SECU_PrintError(progName, "error enabling extended master secret"); - return 1; - } - } - SSL_SetPKCS11PinArg(s, &pwdata); serverCertAuth.dbHandle = CERT_GetDefaultCertDB(); diff --git a/security/nss/cmd/vfychain/vfychain.c b/security/nss/cmd/vfychain/vfychain.c index f9f1787cc40..216fa365d14 100644 --- a/security/nss/cmd/vfychain/vfychain.c +++ b/security/nss/cmd/vfychain/vfychain.c @@ -333,7 +333,7 @@ configureRevocationParams(CERTRevocationFlags *flags) int i; unsigned int testType = REVCONFIG_TEST_UNDEFINED; static CERTRevocationTests *revTests = NULL; - PRUint64 *revFlags = NULL; + PRUint64 *revFlags; for(i = 0;i < REV_METHOD_INDEX_MAX;i++) { if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) { diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c index 6ee22489a74..d83fc395979 100644 --- a/security/nss/cmd/vfyserv/vfyserv.c +++ b/security/nss/cmd/vfyserv/vfyserv.c @@ -510,7 +510,7 @@ main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp = 0; + int ctmp; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c index 686c7b13ff1..15f0d9781e6 100644 --- a/security/nss/cmd/vfyserv/vfyutil.c +++ b/security/nss/cmd/vfyserv/vfyutil.c @@ -603,7 +603,7 @@ void dumpCertChain(CERTCertificate *cert, SECCertUsage usage) { CERTCertificateList *certList; - unsigned int count = 0; + int count = 0; certList = CERT_CertChainFromCert(cert, usage, PR_TRUE); if (certList == NULL) { diff --git a/security/nss/coreconf/Darwin.mk b/security/nss/coreconf/Darwin.mk index 269f6e1afb4..18a13481829 100644 --- a/security/nss/coreconf/Darwin.mk +++ b/security/nss/coreconf/Darwin.mk @@ -83,26 +83,6 @@ endif OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) -Wall -fno-common -pipe -DDARWIN -DHAVE_STRERROR -DHAVE_BSD_FLOCK $(DARWIN_SDK_CFLAGS) -ifeq (clang,$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q')) -NSS_HAS_GCC48 = true -endif -ifndef NSS_HAS_GCC48 -NSS_HAS_GCC48 := $(shell \ - [ `$(CC) -dumpversion | cut -f 1 -d . -` -eq 4 -a \ - `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ - `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ - echo true || echo false) -export NSS_HAS_GCC48 -endif -ifeq (true,$(NSS_HAS_GCC48)) -OS_CFLAGS += -Werror -else -# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. -# Use this to disable use of that #pragma and the warnings it suppresses. -OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable -Wno-strict-aliasing -$(warning Unable to find gcc >= 4.8 disabling -Werror) -endif - ifdef BUILD_OPT ifeq (11,$(ALLOW_OPT_CODE_SIZE)$(OPT_CODE_SIZE)) OPTIMIZER = -Oz diff --git a/security/nss/coreconf/Linux.mk b/security/nss/coreconf/Linux.mk index 2d25a7e8f6a..177a3c87411 100644 --- a/security/nss/coreconf/Linux.mk +++ b/security/nss/coreconf/Linux.mk @@ -125,50 +125,14 @@ ifdef MOZ_DEBUG_SYMBOLS endif endif -ifndef COMPILER_TAG -COMPILER_TAG = _$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') -CCC_COMPILER_TAG = _$(shell $(CCC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') -endif ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc -ifeq ($(COMPILER_TAG),_clang) -# -Qunused-arguments : clang objects to arguments that it doesn't understand -# and fixing this would require rearchitecture -# -Wno-parentheses-equality : because clang warns about macro expansions -OS_CFLAGS += -Qunused-arguments -Wno-parentheses-equality -ifdef BUILD_OPT -# clang is unable to handle glib's expansion of strcmp and similar for optimized -# builds, so ignore the resulting errors. -# See https://llvm.org/bugs/show_bug.cgi?id=20144 -OS_CFLAGS += -Wno-array-bounds -Wno-unevaluated-expression -endif -# Clang reports its version as an older gcc, but it's OK -NSS_HAS_GCC48 = true -endif - -ifndef NSS_HAS_GCC48 -NSS_HAS_GCC48 := $(shell \ - [ `$(CC) -dumpversion | cut -f 1 -d . -` -eq 4 -a \ - `$(CC) -dumpversion | cut -f 2 -d . -` -ge 8 -o \ - `$(CC) -dumpversion | cut -f 1 -d . -` -ge 5 ] && \ - echo true || echo false) -export NSS_HAS_GCC48 -endif -ifeq (true,$(NSS_HAS_GCC48)) -OS_CFLAGS += -Werror -else -# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. -# Use this to disable use of that #pragma and the warnings it suppresses. -OS_CFLAGS += -DNSS_NO_GCC48 -$(warning Unable to find gcc >= 4.8 disabling -Werror) -endif - ifdef USE_PTHREADS DEFINES += -D_REENTRANT endif diff --git a/security/nss/coreconf/WIN32.mk b/security/nss/coreconf/WIN32.mk index b8f8f48c4f6..da8c9bf8b26 100644 --- a/security/nss/coreconf/WIN32.mk +++ b/security/nss/coreconf/WIN32.mk @@ -24,9 +24,8 @@ else CC = cl CCC = cl LINK = link - LDFLAGS += -nologo AR = lib - AR += -nologo -OUT:$@ + AR += -NOLOGO -OUT:$@ RANLIB = echo BSDECHO = echo RC = rc.exe @@ -104,7 +103,10 @@ endif DLL_SUFFIX = dll ifdef NS_USE_GCC - OS_CFLAGS += -mwindows -mms-bitfields -Werror + # The -mnop-fun-dllimport flag allows us to avoid a drawback of + # the dllimport attribute that a pointer to a function marked as + # dllimport cannot be used as as a constant address. + OS_CFLAGS += -mwindows -mms-bitfields -mnop-fun-dllimport _GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY) DLLFLAGS += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB)) ifdef BUILD_OPT @@ -123,7 +125,7 @@ ifdef NS_USE_GCC DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME) endif else # !NS_USE_GCC - OS_CFLAGS += -W3 -WX -nologo -D_CRT_SECURE_NO_WARNINGS \ + OS_CFLAGS += -W3 -nologo -D_CRT_SECURE_NO_WARNINGS \ -D_CRT_NONSTDC_NO_WARNINGS OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS ifeq ($(_MSC_VER),$(_MSC_VER_6)) @@ -188,11 +190,11 @@ endif LDFLAGS += /FIXED:NO endif ifneq ($(_MSC_VER),$(_MSC_VER_6)) - # NSS has too many of these to fix, downgrade the warning - # Disable C4267: conversion from 'size_t' to 'type', possible loss of data - # Disable C4244: conversion from 'type1' to 'type2', possible loss of data - # Disable C4018: 'expression' : signed/unsigned mismatch - OS_CFLAGS += -w44267 -w44244 -w44018 + # Convert certain deadly warnings to errors (see list at end of file) + OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 -we4013 \ + -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \ + -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715 + ifeq ($(_MSC_VER_GE_12),1) OS_CFLAGS += -FS endif @@ -215,13 +217,10 @@ ifdef USE_64 else DEFINES += -D_X86_ # VS2012 defaults to -arch:SSE2. Use -arch:IA32 to avoid requiring - # SSE2. Clang-cl gets confused by -arch:IA32, so don't add it. - # (See https://llvm.org/bugs/show_bug.cgi?id=24335) + # SSE2. # Use subsystem 5.01 to allow running on Windows XP. ifeq ($(_MSC_VER_GE_11),1) - ifneq ($(CLANG_CL),1) - OS_CFLAGS += -arch:IA32 - endif + OS_CFLAGS += -arch:IA32 LDFLAGS += -SUBSYSTEM:CONSOLE,5.01 endif endif @@ -367,3 +366,32 @@ endif ifndef TARGETS TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM) endif + +# list of MSVC warnings converted to errors above: +# 4002: too many actual parameters for macro 'identifier' +# 4003: not enough actual parameters for macro 'identifier' +# 4004: incorrect construction after 'defined' +# 4006: #undef expected an identifier +# 4009: string too big; trailing characters truncated +# 4015: 'identifier' : type of bit field must be integral +# 4028: formal parameter different from declaration +# 4033: 'function' must return a value +# 4035: 'function' : no return value +# 4045: 'identifier' : array bounds overflow +# 4047: 'function' : 'type 1' differs in levels of indirection from 'type 2' +# 4053: one void operand for '?:' +# 4054: 'conversion' : from function pointer 'type1' to data pointer 'type2' +# 4059: pascal string too big, length byte is length % 256 +# 4063: case 'identifier' is not a valid value for switch of enum 'identifier' +# 4064: switch of incomplete enum 'identifier' +# 4078: case constant 'value' too big for the type of the switch expression +# 4087: 'function' : declared with 'void' parameter list +# 4090: 'function' : different 'const' qualifiers +# 4098: 'function' : void function returning a value +# 4390: ';' : empty controlled statement found; is this the intent? +# 4541: RTTI train wreck +# 4715: not all control paths return a value +# 4013: function undefined; assuming extern returning int +# 4553: '==' : operator has no effect; did you intend '='? +# 4551: function call missing argument list + diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 590d1bfaeee..5182f75552c 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,4 +10,3 @@ */ #error "Do not include this header file." - diff --git a/security/nss/coreconf/mkdepend/parse.c b/security/nss/coreconf/mkdepend/parse.c index 763ea003140..968d2c4eabe 100644 --- a/security/nss/coreconf/mkdepend/parse.c +++ b/security/nss/coreconf/mkdepend/parse.c @@ -350,7 +350,7 @@ define2(char *name, char *val, struct inclist *file) /* Fast inline binary search */ register char *s1; register char *s2; - register int middle = first + (last - first) / 2; + register int middle = (first + last) / 2; /* Fast inline strchr() */ s1 = name; @@ -436,7 +436,7 @@ slookup(char *symbol, struct inclist *file) /* Fast inline binary search */ register char *s1; register char *s2; - register int middle = first + (last - first) / 2; + register int middle = (first + last) / 2; /* Fast inline strchr() */ s1 = symbol; diff --git a/security/nss/coreconf/rules.mk b/security/nss/coreconf/rules.mk index 34b742a7fbb..5495b0c329f 100644 --- a/security/nss/coreconf/rules.mk +++ b/security/nss/coreconf/rules.mk @@ -272,10 +272,6 @@ $(IMPORT_LIBRARY): $(MAPFILE) $(IMPLIB) $@ $< $(RANLIB) $@ endif -ifeq ($(OS_ARCH),WINNT) -$(IMPORT_LIBRARY): $(LIBRARY) - cp -f $< $@ -endif ifdef SHARED_LIBRARY_LIBS ifdef BUILD_TREE @@ -424,12 +420,12 @@ $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.S $(OBJDIR)/$(PROG_PREFIX)%: %.cpp @$(MAKE_OBJDIR) ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) + $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) else ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) + $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) else - $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< + $(CCC) -o $@ -c $(CFLAGS) $< endif endif @@ -437,43 +433,29 @@ endif # Please keep the next two rules in sync. # $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc - $(MAKE_OBJDIR) -ifdef STRICT_CPLUSPLUS_SUFFIX - echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc - $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(OBJDIR)/t_$*.cc - rm -f $(OBJDIR)/t_$*.cc -else -ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) -else -ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) -else - $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< -endif -endif -endif #STRICT_CPLUSPLUS_SUFFIX + @$(MAKE_OBJDIR) + $(CCC) -o $@ -c $(CFLAGS) $< $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp @$(MAKE_OBJDIR) ifdef STRICT_CPLUSPLUS_SUFFIX echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc - $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(OBJDIR)/t_$*.cc + $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc rm -f $(OBJDIR)/t_$*.cc else ifdef USE_NT_C_SYNTAX - $(CCC) -Fo$@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) + $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) else ifdef NEED_ABSOLUTE_PATH - $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $(call core_abspath,$<) + $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) else - $(CCC) -o $@ -c $(CFLAGS) $(CXXFLAGS) $< + $(CCC) -o $@ -c $(CFLAGS) $< endif endif endif #STRICT_CPLUSPLUS_SUFFIX %.i: %.cpp - $(CCC) -C -E $(CFLAGS) $(CXXFLAGS) $< > $@ + $(CCC) -C -E $(CFLAGS) $< > $@ %.i: %.c ifeq (,$(filter-out WIN%,$(OS_TARGET))) diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index 95d68cff540..4fdb5d0d0a4 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -72,11 +72,6 @@ Delete a certificate from the certificate database. - - --rename - Change the database nickname of a certificate. - - -E Add an email certificate to the certificate database. @@ -736,11 +731,6 @@ Comma separated list of one or more of the following: - - --new-n nickname - A new nickname, used when renaming a certificate. - - --source-dir certdir Identify the certificate database directory to upgrade. diff --git a/security/nss/doc/html/certutil.html b/security/nss/doc/html/certutil.html index c3fd59f8bdf..6f29575d3d3 100644 --- a/security/nss/doc/html/certutil.html +++ b/security/nss/doc/html/certutil.html @@ -1,5 +1,5 @@ -CERTUTIL
CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 -

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

--rename

Change the database nickname of a certificate.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the +CERTUTIL

CERTUTIL

Name

certutil — Manage keys and certificate in both NSS databases and other NSS tokens

Synopsis

certutil [options] [[arguments]]

STATUS

This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477 +

Description

The Certificate Database Tool, certutil, is a command-line utility that can create and modify certificate and key databases. It can specifically list, generate, modify, or delete certificates, create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key database.

Certificate issuance, part of the key and certificate management process, requires that keys and certificates be created in the key database. This document discusses certificate and key database management. For information on the security module database management, see the modutil manpage.

Command Options and Arguments

Running certutil always requires one and only one command option to specify the type of certificate operation. Each command option may take zero or more arguments. The command option -H will list all the command options and their relevant arguments.

Command Options

-A

Add an existing certificate to a certificate database. The certificate database should already exist; if one is not present, this command option will initialize one by default.

-B

Run a series of commands from the specified batch file. This requires the -i argument.

-C

Create a new binary certificate file from a binary certificate request file. Use the -i argument to specify the certificate request file. If this argument is not used, certutil prompts for a filename.

-D

Delete a certificate from the certificate database.

-E

Add an email certificate to the certificate database.

-F

Delete a private key from a key database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the -d argument. Use the -k argument to specify explicitly whether to delete a DSA, RSA, or ECC key. If you don't use the -k argument, the option looks for an RSA key matching the specified nickname.

When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using -D. Some smart cards do not let you remove a public key you have generated. In such a case, only the private key is deleted from the key pair. You can display the public key with the command certutil -K -h tokenname.

-G

Generate a new public and private key pair within a key database. The key database should already exist; if one is not present, this command option will initialize one by default. Some smart cards can store only one key pair. If you create a new key pair for such a card, the previous pair is overwritten.

-H

Display a list of the command options and arguments.

-K

List the key ID of keys in the key database. A key ID is the modulus of the RSA key or the publicValue of the DSA key. IDs are displayed in hexadecimal ("0x" is not shown).

-L

List all the certificates, or display information about a named certificate, in a certificate database. @@ -120,7 +120,7 @@ PKCS #11 key Attributes. Comma separated list of key attribute flags, selected f PKCS #11 key Operation Flags. Comma separated list of one or more of the following: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} -

--new-n nickname

A new nickname, used when renaming a certificate.

--source-dir certdir

Identify the certificate database directory to upgrade.

--source-prefix certdir

Give the prefix of the certificate and key databases to upgrade.

--upgrade-id uniqueID

Give the unique ID of the database to upgrade.

--upgrade-token-name name

Set the name of the token to use while it is being upgraded.

-@ pwfile

Give the name of a password file to use for the database being upgraded.

Usage and Examples

+

--source-dir certdir

Identify the certificate database directory to upgrade.

--source-prefix certdir

Give the prefix of the certificate and key databases to upgrade.

--upgrade-id uniqueID

Give the unique ID of the database to upgrade.

--upgrade-token-name name

Set the name of the token to use while it is being upgraded.

-@ pwfile

Give the name of a password file to use for the database being upgraded.

Usage and Examples

Most of the command options in the examples listed here have more arguments available. The arguments included in these examples are the most common ones or are used to illustrate a specific scenario. Use the -H option to show the complete list of arguments for each command option.

Creating New Security Databases

Certificates, keys, and security modules related to managing certificates are stored in three related databases: diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index a7daa936469..6ce08f2eb52 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 13 August 2015 +.\" Date: 23 February 2015 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "13 August 2015" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "23 February 2015" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -80,11 +80,6 @@ prompts for a filename\&. Delete a certificate from the certificate database\&. .RE .PP -\-\-rename -.RS 4 -Change the database nickname of a certificate\&. -.RE -.PP \-E .RS 4 Add an email certificate to the certificate database\&. @@ -1113,11 +1108,6 @@ PKCS #11 key Attributes\&. Comma separated list of key attribute flags, selected PKCS #11 key Operation Flags\&. Comma separated list of one or more of the following: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} .RE .PP -\-\-new\-n nickname -.RS 4 -A new nickname, used when renaming a certificate\&. -.RE -.PP \-\-source\-dir certdir .RS 4 Identify the certificate database directory to upgrade\&. diff --git a/security/nss/external_tests/README b/security/nss/external_tests/README index 30e69d1ee55..45d3b1f7066 100644 --- a/security/nss/external_tests/README +++ b/security/nss/external_tests/README @@ -1,15 +1,31 @@ GTest-based Unit Tests -This directory contains GTest-based unit tests for NSS libssl. +This directory contains GTest-based unit tests for NSS. -These aren't built by default, because they require C++. -To build them, set ``NSS_BUILD_GTESTS=1'' +Currently, these are only loopback-type tests of libsssl, +but could be expanded to other types of tests. To make these +work do: -Once built, they are run as part of running ``test/all.sh'' -You can run just the GTests by running ``tests/ssl_gtests/ssl_gtests.sh'' +- Set NSS_BUILD_GTESTS=1 before starting your build -They can be run standalone or under a debugger by invoking the ssl_gtest -executable with a ``-d'' option pointing to the directory created by either -of the above options. You can find that in +- cd tests/ + +- Set NSS_TESTS=ssl_gtests and NSS_CYCLES=standard + +- run ./all.sh + +This will run the certutil tests (generating a test db) and +will finalize with a call to the ssl_gtest + +You should be able to run the unit tests manually as: + + ssl_gtest -d ${SSLGTESTDIR} + +Where $SSLGTESTDIR is a directory with a database containing: + - an RSA certificate called server (with its private key) + - an ECDSA certificate called ecdsa (with its private key) + +A directory like this is created by ./all.sh and can be found +in a directory named something like tests_results/security/${hostname}.${NUMBER}/ssl_gtests diff --git a/security/nss/external_tests/google_test/Makefile b/security/nss/external_tests/google_test/Makefile index 8a3c1fae6a7..ac7276e787f 100644 --- a/security/nss/external_tests/google_test/Makefile +++ b/security/nss/external_tests/google_test/Makefile @@ -42,13 +42,4 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### -MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS) -ifeq (WINNT,$(OS_ARCH)) - # -MTd (not -MD) because that makes it link to the right library - # -EHsc because gtest has exception handlers - OS_CFLAGS := $(filterout -MD,$(OS_CFLAGS)) - OS_CFLAGS += -MTd -EHsc - # On windows, we need to create the parent directory - # Needed because we include files from a subdirectory - MAKE_OBJDIR = $(INSTALL) -D $(dir $@) -endif +MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS) diff --git a/security/nss/external_tests/ssl_gtest/Makefile b/security/nss/external_tests/ssl_gtest/Makefile index 7f36bffe404..9b9ed891525 100644 --- a/security/nss/external_tests/ssl_gtest/Makefile +++ b/security/nss/external_tests/ssl_gtest/Makefile @@ -42,20 +42,7 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### -MKPROG = $(CCC) -CXXFLAGS += -std=c++0x -CFLAGS += -I$(CORE_DEPTH)/lib/ssl - +MKPROG = $(CXX) +CFLAGS += -std=c++0x include ../../cmd/platrules.mk -ifeq (WINNT,$(OS_ARCH)) - # -MTd (not -MD) because that makes it link to the right library - # -EHsc because gtest has exception handlers - OS_CFLAGS := $(filterout -MD,$(OS_CFLAGS)) - OS_CFLAGS += -MTd -EHsc -nologo - # http://www.suodenjoki.dk/us/archive/2010/min-max.htm - OS_CFLAGS += -DNOMINMAX - - # Linking to winsock to get htonl - OS_LIBS += Ws2_32.lib -endif diff --git a/security/nss/external_tests/ssl_gtest/databuffer.h b/security/nss/external_tests/ssl_gtest/databuffer.h index 832b8c3822b..c3d3bb9be94 100644 --- a/security/nss/external_tests/ssl_gtest/databuffer.h +++ b/security/nss/external_tests/ssl_gtest/databuffer.h @@ -12,11 +12,6 @@ #include #include #include -#if defined(WIN32) || defined(WIN64) -#include -#else -#include -#endif namespace nss_test { @@ -27,13 +22,13 @@ class DataBuffer { Assign(data, len); } explicit DataBuffer(const DataBuffer& other) : data_(nullptr), len_(0) { - Assign(other); + Assign(other.data(), other.len()); } ~DataBuffer() { delete[] data_; } DataBuffer& operator=(const DataBuffer& other) { if (&other != this) { - Assign(other); + Assign(other.data(), other.len()); } return *this; } @@ -48,9 +43,6 @@ class DataBuffer { len_ = std::min(len_, len); } - void Assign(const DataBuffer& other) { - Assign(other.data(), other.len()); - } void Assign(const uint8_t* data, size_t len) { Allocate(len); memcpy(static_cast(data_), static_cast(data), len); @@ -86,21 +78,6 @@ class DataBuffer { Write(index, addr + sizeof(uint32_t) - count, count); } - // This can't use the same trick as Write(), since we might be reading from a - // smaller data source. - bool Read(size_t index, size_t count, uint32_t* val) const { - assert(count < sizeof(uint32_t)); - assert(val); - if ((index > len()) || (count > (len() - index))) { - return false; - } - *val = 0; - for (size_t i = 0; i < count; ++i) { - *val = (*val << 8) | data()[index + i]; - } - return true; - } - // Starting at |index|, remove |remove| bytes and replace them with the // contents of |buf|. void Splice(const DataBuffer& buf, size_t index, size_t remove = 0) { diff --git a/security/nss/external_tests/ssl_gtest/libssl_internals.c b/security/nss/external_tests/ssl_gtest/libssl_internals.c deleted file mode 100644 index db83ef6942d..00000000000 --- a/security/nss/external_tests/ssl_gtest/libssl_internals.c +++ /dev/null @@ -1,26 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* This file contains functions for frobbing the internals of libssl */ -#include "libssl_internals.h" - -#include "seccomon.h" -#include "ssl.h" -#include "sslimpl.h" - -SECStatus -SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd) -{ - sslSocket *ss = (sslSocket *)fd->secret; - - if (!ss) { - return SECFailure; - } - - ++ss->clientHelloVersion; - - return SECSuccess; -} diff --git a/security/nss/external_tests/ssl_gtest/libssl_internals.h b/security/nss/external_tests/ssl_gtest/libssl_internals.h deleted file mode 100644 index db6d0af624f..00000000000 --- a/security/nss/external_tests/ssl_gtest/libssl_internals.h +++ /dev/null @@ -1,17 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#ifndef libssl_internals_h_ -#define libssl_internals_h_ - -#include "prio.h" -#include "seccomon.h" - -SECStatus SSLInt_IncrementClientHandshakeVersion(PRFileDesc *fd); - -#endif - - diff --git a/security/nss/external_tests/ssl_gtest/manifest.mn b/security/nss/external_tests/ssl_gtest/manifest.mn index 6d70c0b53c2..ee9f1c2abf6 100644 --- a/security/nss/external_tests/ssl_gtest/manifest.mn +++ b/security/nss/external_tests/ssl_gtest/manifest.mn @@ -6,16 +6,9 @@ CORE_DEPTH = ../.. DEPTH = ../.. MODULE = nss -# These sources have access to libssl internals -CSRCS = \ - libssl_internals.c \ - $(NULL) - CPPSRCS = \ - ssl_agent_unittest.cc \ ssl_loopback_unittest.cc \ ssl_extension_unittest.cc \ - ssl_prf_unittest.cc \ ssl_skip_unittest.cc \ ssl_gtest.cc \ test_io.cc \ diff --git a/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc b/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc deleted file mode 100644 index d67bf56ad2e..00000000000 --- a/security/nss/external_tests/ssl_gtest/ssl_agent_unittest.cc +++ /dev/null @@ -1,58 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "ssl.h" -#include "sslerr.h" -#include "sslproto.h" - -#include - -#include "databuffer.h" -#include "tls_agent.h" -#include "tls_connect.h" -#include "tls_parser.h" - -namespace nss_test { - -void MakeTrivialHandshakeMessage(uint8_t hs_type, size_t hs_len, - DataBuffer* out) { - size_t total_len = 5 + 4 + hs_len; - - out->Allocate(total_len); - - size_t index = 0; - out->Write(index, kTlsHandshakeType, 1); ++index; // Content Type - out->Write(index, 3, 1); ++index; // Version high - out->Write(index, 1, 1); ++index; // Version low - out->Write(index, 4 + hs_len, 2); index += 2; // Length - - out->Write(index, hs_type, 1); ++index; // Handshake record type. - out->Write(index, hs_len, 3); index += 3; // Handshake length - for (; index < total_len; ++index) { - out->Write(index, 1, 1); - } -} - -TEST_P(TlsAgentTest, EarlyFinished) { - DataBuffer buffer; - MakeTrivialHandshakeMessage(kTlsHandshakeFinished, 0, &buffer); - ProcessMessage(buffer, TlsAgent::STATE_ERROR, - SSL_ERROR_RX_UNEXPECTED_FINISHED); -} - -TEST_P(TlsAgentTest, EarlyCertificateVerify) { - DataBuffer buffer; - MakeTrivialHandshakeMessage(kTlsHandshakeCertificateVerify, 0, &buffer); - ProcessMessage(buffer, TlsAgent::STATE_ERROR, - SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY); -} - -INSTANTIATE_TEST_CASE_P(AgentTests, TlsAgentTest, - ::testing::Combine( - TlsAgentTestBase::kTlsRolesAll, - TlsConnectTestBase::kTlsModesStream)); - -} // namespace nss_test diff --git a/security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc b/security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc index 55e702ff4b9..478cc008240 100644 --- a/security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc +++ b/security/nss/external_tests/ssl_gtest/ssl_extension_unittest.cc @@ -196,8 +196,8 @@ class TlsExtensionReplacer : public TlsExtensionFilter { return true; } private: - const uint16_t extension_; - const DataBuffer data_; + uint16_t extension_; + DataBuffer data_; }; class TlsExtensionInjector : public TlsHandshakeFilter { @@ -251,27 +251,7 @@ class TlsExtensionInjector : public TlsHandshakeFilter { } private: - const uint16_t extension_; - const DataBuffer data_; -}; - -class TlsExtensionCapture : public TlsExtensionFilter { - public: - TlsExtensionCapture(uint16_t ext) - : extension_(ext), data_() {} - - virtual bool FilterExtension(uint16_t extension_type, - const DataBuffer& input, DataBuffer* output) { - if (extension_type == extension_) { - data_.Assign(input); - } - return false; - } - - const DataBuffer& extension() const { return data_; } - - private: - const uint16_t extension_; + uint16_t extension_; DataBuffer data_; }; @@ -514,6 +494,7 @@ TEST_P(TlsExtensionTest12Plus, DISABLED_SignatureAlgorithmsSigUnsupported) { } TEST_P(TlsExtensionTestGeneric, SupportedCurvesShort) { + EnableSomeEcdheCiphers(); const uint8_t val[] = { 0x00, 0x01, 0x00 }; DataBuffer extension(val, sizeof(val)); ClientHelloErrorTest(new TlsExtensionReplacer(ssl_elliptic_curves_xtn, @@ -521,6 +502,7 @@ TEST_P(TlsExtensionTestGeneric, SupportedCurvesShort) { } TEST_P(TlsExtensionTestGeneric, SupportedCurvesBadLength) { + EnableSomeEcdheCiphers(); const uint8_t val[] = { 0x09, 0x99, 0x00, 0x00 }; DataBuffer extension(val, sizeof(val)); ClientHelloErrorTest(new TlsExtensionReplacer(ssl_elliptic_curves_xtn, @@ -528,6 +510,7 @@ TEST_P(TlsExtensionTestGeneric, SupportedCurvesBadLength) { } TEST_P(TlsExtensionTestGeneric, SupportedCurvesTrailingData) { + EnableSomeEcdheCiphers(); const uint8_t val[] = { 0x00, 0x02, 0x00, 0x00, 0x00 }; DataBuffer extension(val, sizeof(val)); ClientHelloErrorTest(new TlsExtensionReplacer(ssl_elliptic_curves_xtn, @@ -535,6 +518,7 @@ TEST_P(TlsExtensionTestGeneric, SupportedCurvesTrailingData) { } TEST_P(TlsExtensionTestGeneric, SupportedPointsEmpty) { + EnableSomeEcdheCiphers(); const uint8_t val[] = { 0x00 }; DataBuffer extension(val, sizeof(val)); ClientHelloErrorTest(new TlsExtensionReplacer(ssl_ec_point_formats_xtn, @@ -542,6 +526,7 @@ TEST_P(TlsExtensionTestGeneric, SupportedPointsEmpty) { } TEST_P(TlsExtensionTestGeneric, SupportedPointsBadLength) { + EnableSomeEcdheCiphers(); const uint8_t val[] = { 0x99, 0x00, 0x00 }; DataBuffer extension(val, sizeof(val)); ClientHelloErrorTest(new TlsExtensionReplacer(ssl_ec_point_formats_xtn, @@ -549,6 +534,7 @@ TEST_P(TlsExtensionTestGeneric, SupportedPointsBadLength) { } TEST_P(TlsExtensionTestGeneric, SupportedPointsTrailingData) { + EnableSomeEcdheCiphers(); const uint8_t val[] = { 0x01, 0x00, 0x00 }; DataBuffer extension(val, sizeof(val)); ClientHelloErrorTest(new TlsExtensionReplacer(ssl_ec_point_formats_xtn, @@ -576,32 +562,6 @@ TEST_P(TlsExtensionTestGeneric, RenegotiationInfoExtensionEmpty) { extension)); } -TEST_P(TlsExtensionTest12Plus, SignatureAlgorithmConfiguration) { - const SSLSignatureAndHashAlg algorithms[] = { - {ssl_hash_sha512, ssl_sign_rsa}, - {ssl_hash_sha384, ssl_sign_ecdsa} - }; - - TlsExtensionCapture *capture = - new TlsExtensionCapture(ssl_signature_algorithms_xtn); - client_->SetSignatureAlgorithms(algorithms, PR_ARRAY_SIZE(algorithms)); - client_->SetPacketFilter(capture); - DisableDheAndEcdheCiphers(); - Connect(); - - const DataBuffer& ext = capture->extension(); - EXPECT_EQ(2 + PR_ARRAY_SIZE(algorithms) * 2, ext.len()); - for (size_t i = 0, cursor = 2; - i < PR_ARRAY_SIZE(algorithms) && cursor < ext.len(); - ++i) { - uint32_t v; - EXPECT_TRUE(ext.Read(cursor++, 1, &v)); - EXPECT_EQ(algorithms[i].hashAlg, static_cast(v)); - EXPECT_TRUE(ext.Read(cursor++, 1, &v)); - EXPECT_EQ(algorithms[i].sigAlg, static_cast(v)); - } -} - INSTANTIATE_TEST_CASE_P(ExtensionTls10, TlsExtensionTestGeneric, ::testing::Combine( TlsConnectTestBase::kTlsModesStream, diff --git a/security/nss/external_tests/ssl_gtest/ssl_gtest.cc b/security/nss/external_tests/ssl_gtest/ssl_gtest.cc index 938b013af43..ee1c40cfd8a 100644 --- a/security/nss/external_tests/ssl_gtest/ssl_gtest.cc +++ b/security/nss/external_tests/ssl_gtest/ssl_gtest.cc @@ -16,9 +16,6 @@ int main(int argc, char **argv) { ::testing::InitGoogleTest(&argc, argv); g_working_dir_path = "."; - // Temporarily disable asserts for PKCS#11 slot leakage until - // Bug 1168425 is fixed. - unsetenv("NSS_STRICT_SHUTDOWN"); char* workdir = getenv("NSS_GTEST_WORKDIR"); if (workdir) g_working_dir_path = workdir; diff --git a/security/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc b/security/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc index 13b50a7398e..8b3b84bf85c 100644 --- a/security/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc +++ b/security/nss/external_tests/ssl_gtest/ssl_loopback_unittest.cc @@ -5,62 +5,16 @@ * You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "ssl.h" -#include "sslerr.h" #include "sslproto.h" -#include -extern "C" { -// This is not something that should make you happy. -#include "libssl_internals.h" -} +#include #include "tls_parser.h" #include "tls_filter.h" #include "tls_connect.h" -#include "gtest_utils.h" namespace nss_test { -uint8_t kBogusClientKeyExchange[] = { - 0x01, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -}; - -// When we see the ClientKeyExchange from |client|, increment the -// ClientHelloVersion on |server|. -class TlsInspectorClientHelloVersionChanger : public TlsHandshakeFilter { - public: - TlsInspectorClientHelloVersionChanger(TlsAgent* server) : server_(server) {} - - virtual bool FilterHandshake(uint16_t version, uint8_t handshake_type, - const DataBuffer& input, DataBuffer* output) { - if (handshake_type == kTlsHandshakeClientKeyExchange) { - EXPECT_EQ( - SECSuccess, - SSLInt_IncrementClientHandshakeVersion(server_->ssl_fd())); - } - return false; - } - - private: - TlsAgent* server_; -}; - class TlsServerKeyExchangeEcdhe { public: bool Parse(const DataBuffer& buffer) { @@ -89,54 +43,42 @@ class TlsServerKeyExchangeEcdhe { TEST_P(TlsConnectGeneric, SetupOnly) {} TEST_P(TlsConnectGeneric, Connect) { - SetExpectedVersion(std::get<1>(GetParam())); Connect(); + client_->CheckVersion(std::get<1>(GetParam())); client_->CheckAuthType(ssl_auth_rsa); } -TEST_P(TlsConnectGeneric, ConnectEcdsa) { - SetExpectedVersion(std::get<1>(GetParam())); - ResetEcdsa(); - Connect(); - client_->CheckAuthType(ssl_auth_ecdsa); -} - -TEST_P(TlsConnectGeneric, ConnectFalseStart) { - client_->EnableFalseStart(); - Connect(); -} - TEST_P(TlsConnectGeneric, ConnectResumed) { ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID); Connect(); ResetRsa(); - ExpectResumption(RESUME_SESSIONID); Connect(); + CheckResumption(RESUME_SESSIONID); } TEST_P(TlsConnectGeneric, ConnectClientCacheDisabled) { ConfigureSessionCache(RESUME_NONE, RESUME_SESSIONID); Connect(); ResetRsa(); - ExpectResumption(RESUME_NONE); Connect(); + CheckResumption(RESUME_NONE); } TEST_P(TlsConnectGeneric, ConnectServerCacheDisabled) { ConfigureSessionCache(RESUME_SESSIONID, RESUME_NONE); Connect(); ResetRsa(); - ExpectResumption(RESUME_NONE); Connect(); + CheckResumption(RESUME_NONE); } TEST_P(TlsConnectGeneric, ConnectSessionCacheDisabled) { ConfigureSessionCache(RESUME_NONE, RESUME_NONE); Connect(); ResetRsa(); - ExpectResumption(RESUME_NONE); Connect(); + CheckResumption(RESUME_NONE); } TEST_P(TlsConnectGeneric, ConnectResumeSupportBoth) { @@ -146,8 +88,8 @@ TEST_P(TlsConnectGeneric, ConnectResumeSupportBoth) { ResetRsa(); ConfigureSessionCache(RESUME_BOTH, RESUME_BOTH); - ExpectResumption(RESUME_TICKET); Connect(); + CheckResumption(RESUME_TICKET); } TEST_P(TlsConnectGeneric, ConnectResumeClientTicketServerBoth) { @@ -158,8 +100,8 @@ TEST_P(TlsConnectGeneric, ConnectResumeClientTicketServerBoth) { ResetRsa(); ConfigureSessionCache(RESUME_TICKET, RESUME_BOTH); - ExpectResumption(RESUME_NONE); Connect(); + CheckResumption(RESUME_NONE); } TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicket) { @@ -169,8 +111,8 @@ TEST_P(TlsConnectGeneric, ConnectResumeClientBothTicketServerTicket) { ResetRsa(); ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); - ExpectResumption(RESUME_TICKET); Connect(); + CheckResumption(RESUME_TICKET); } TEST_P(TlsConnectGeneric, ConnectClientServerTicketOnly) { @@ -181,8 +123,8 @@ TEST_P(TlsConnectGeneric, ConnectClientServerTicketOnly) { ResetRsa(); ConfigureSessionCache(RESUME_TICKET, RESUME_TICKET); - ExpectResumption(RESUME_NONE); Connect(); + CheckResumption(RESUME_NONE); } TEST_P(TlsConnectGeneric, ConnectClientBothServerNone) { @@ -191,8 +133,8 @@ TEST_P(TlsConnectGeneric, ConnectClientBothServerNone) { ResetRsa(); ConfigureSessionCache(RESUME_BOTH, RESUME_NONE); - ExpectResumption(RESUME_NONE); Connect(); + CheckResumption(RESUME_NONE); } TEST_P(TlsConnectGeneric, ConnectClientNoneServerBoth) { @@ -201,13 +143,12 @@ TEST_P(TlsConnectGeneric, ConnectClientNoneServerBoth) { ResetRsa(); ConfigureSessionCache(RESUME_NONE, RESUME_BOTH); - ExpectResumption(RESUME_NONE); Connect(); + CheckResumption(RESUME_NONE); } TEST_P(TlsConnectGeneric, ResumeWithHigherVersion) { EnsureTlsSetup(); - SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_1); ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID); client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_1); @@ -217,119 +158,13 @@ TEST_P(TlsConnectGeneric, ResumeWithHigherVersion) { ResetRsa(); EnsureTlsSetup(); - SetExpectedVersion(SSL_LIBRARY_VERSION_TLS_1_2); client_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_2); server_->SetVersionRange(SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_2); - ExpectResumption(RESUME_NONE); Connect(); -} - -TEST_P(TlsConnectGeneric, ClientAuth) { - client_->SetupClientAuth(); - server_->RequestClientAuth(true); - Connect(); - server_->CheckAuthType(ssl_auth_rsa); -} - -TEST_P(TlsConnectGeneric, ClientAuthEcdsa) { - ResetEcdsa(); - client_->SetupClientAuth(); - server_->RequestClientAuth(true); - Connect(); - server_->CheckAuthType(ssl_auth_ecdsa); -} - -static const SSLSignatureAndHashAlg SignatureEcdsaSha384[] = { - {ssl_hash_sha384, ssl_sign_ecdsa} -}; -static const SSLSignatureAndHashAlg SignatureEcdsaSha256[] = { - {ssl_hash_sha256, ssl_sign_ecdsa} -}; -static const SSLSignatureAndHashAlg SignatureRsaSha384[] = { - {ssl_hash_sha384, ssl_sign_rsa} -}; -static const SSLSignatureAndHashAlg SignatureRsaSha256[] = { - {ssl_hash_sha256, ssl_sign_rsa} -}; - -// When signature algorithms match up, this should connect successfully; even -// for TLS 1.1 and 1.0, where they should be ignored. -TEST_P(TlsConnectGeneric, SignatureAlgorithmServerAuth) { - client_->SetSignatureAlgorithms(SignatureEcdsaSha384, - PR_ARRAY_SIZE(SignatureEcdsaSha384)); - server_->SetSignatureAlgorithms(SignatureEcdsaSha384, - PR_ARRAY_SIZE(SignatureEcdsaSha384)); - ResetEcdsa(); - Connect(); -} - -// Here the client picks a single option, which should work in all versions. -// Defaults on the server include the first option. -TEST_P(TlsConnectGeneric, SignatureAlgorithmClientOnly) { - const SSLSignatureAndHashAlg clientAlgorithms[] = { - {ssl_hash_sha384, ssl_sign_ecdsa}, - {ssl_hash_sha384, ssl_sign_rsa}, // supported but unusable - {ssl_hash_md5, ssl_sign_ecdsa} // unsupported and ignored - }; - client_->SetSignatureAlgorithms(clientAlgorithms, - PR_ARRAY_SIZE(clientAlgorithms)); - ResetEcdsa(); - Connect(); -} - -// Here the server picks a single option, which should work in all versions. -// Defaults on the client include the provided option. -TEST_P(TlsConnectGeneric, SignatureAlgorithmServerOnly) { - server_->SetSignatureAlgorithms(SignatureEcdsaSha384, - PR_ARRAY_SIZE(SignatureEcdsaSha384)); - ResetEcdsa(); - Connect(); -} - -// There is no need for overlap on signatures; since we don't actually use the -// signatures for static RSA, this should still connect successfully. -// This should also work in TLS 1.0 and 1.1 where the algorithms aren't used. -TEST_P(TlsConnectGeneric, SignatureAlgorithmNoOverlapStaticRsa) { - client_->SetSignatureAlgorithms(SignatureRsaSha384, - PR_ARRAY_SIZE(SignatureRsaSha384)); - server_->SetSignatureAlgorithms(SignatureRsaSha256, - PR_ARRAY_SIZE(SignatureRsaSha256)); - DisableDheAndEcdheCiphers(); - Connect(); - client_->CheckKEAType(ssl_kea_rsa); - client_->CheckAuthType(ssl_auth_rsa); -} - -// Signature algorithms governs both verification and generation of signatures. -// With ECDSA, we need to at least have a common signature algorithm configured. -TEST_P(TlsConnectTls12, SignatureAlgorithmNoOverlapEcdsa) { - ResetEcdsa(); - client_->SetSignatureAlgorithms(SignatureEcdsaSha384, - PR_ARRAY_SIZE(SignatureEcdsaSha384)); - server_->SetSignatureAlgorithms(SignatureEcdsaSha256, - PR_ARRAY_SIZE(SignatureEcdsaSha256)); - ConnectExpectFail(); -} - -// Pre 1.2, a mismatch on signature algorithms shouldn't affect anything. -TEST_P(TlsConnectPre12, SignatureAlgorithmNoOverlapEcdsa) { - ResetEcdsa(); - client_->SetSignatureAlgorithms(SignatureEcdsaSha384, - PR_ARRAY_SIZE(SignatureEcdsaSha384)); - server_->SetSignatureAlgorithms(SignatureEcdsaSha256, - PR_ARRAY_SIZE(SignatureEcdsaSha256)); - Connect(); -} - -// The server requests client auth but doesn't offer a SHA-256 option. -// This fails because NSS only uses SHA-256 for handshake transcript hashes. -TEST_P(TlsConnectTls12, RequestClientAuthWithoutSha256) { - server_->SetSignatureAlgorithms(SignatureRsaSha384, - PR_ARRAY_SIZE(SignatureRsaSha384)); - server_->RequestClientAuth(false); - ConnectExpectFail(); + CheckResumption(RESUME_NONE); + client_->CheckVersion(SSL_LIBRARY_VERSION_TLS_1_2); } TEST_P(TlsConnectGeneric, ConnectAlpn) { @@ -339,87 +174,27 @@ TEST_P(TlsConnectGeneric, ConnectAlpn) { server_->CheckAlpn(SSL_NEXT_PROTO_NEGOTIATED, "a"); } +TEST_P(TlsConnectGeneric, ConnectEcdsa) { + ResetEcdsa(); + Connect(); + client_->CheckVersion(std::get<1>(GetParam())); + client_->CheckAuthType(ssl_auth_ecdsa); +} + TEST_P(TlsConnectDatagram, ConnectSrtp) { EnableSrtp(); Connect(); CheckSrtp(); } -TEST_P(TlsConnectStream, ConnectAndClientRenegotiate) { - Connect(); - server_->PrepareForRenegotiate(); - client_->StartRenegotiate(); - Handshake(); - CheckConnected(); -} - -TEST_P(TlsConnectStream, ConnectAndServerRenegotiate) { - Connect(); - client_->PrepareForRenegotiate(); - server_->StartRenegotiate(); - Handshake(); - CheckConnected(); -} - -TEST_P(TlsConnectStream, ConnectStaticRSA) { - DisableDheAndEcdheCiphers(); - Connect(); - client_->CheckKEAType(ssl_kea_rsa); -} - -TEST_P(TlsConnectStream, ConnectDhe) { - DisableEcdheCiphers(); - Connect(); - client_->CheckKEAType(ssl_kea_dh); -} - -// Test that a totally bogus EPMS is handled correctly. -// This test is stream so we can catch the bad_record_mac alert. -TEST_P(TlsConnectStream, ConnectStaticRSABogusCKE) { - DisableDheAndEcdheCiphers(); - TlsInspectorReplaceHandshakeMessage* i1 = - new TlsInspectorReplaceHandshakeMessage(kTlsHandshakeClientKeyExchange, - DataBuffer( - kBogusClientKeyExchange, - sizeof(kBogusClientKeyExchange))); - client_->SetPacketFilter(i1); - auto alert_recorder = new TlsAlertRecorder(); - server_->SetPacketFilter(alert_recorder); - ConnectExpectFail(); - EXPECT_EQ(kTlsAlertFatal, alert_recorder->level()); - EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description()); -} - -// Test that a PMS with a bogus version number is handled correctly. -// This test is stream so we can catch the bad_record_mac alert. -TEST_P(TlsConnectStream, ConnectStaticRSABogusPMSVersionDetect) { - DisableDheAndEcdheCiphers(); - client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger( - server_)); - auto alert_recorder = new TlsAlertRecorder(); - server_->SetPacketFilter(alert_recorder); - ConnectExpectFail(); - EXPECT_EQ(kTlsAlertFatal, alert_recorder->level()); - EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description()); -} - -// Test that a PMS with a bogus version number is ignored when -// rollback detection is disabled. This is a positive control for -// ConnectStaticRSABogusPMSVersionDetect. -TEST_P(TlsConnectGeneric, ConnectStaticRSABogusPMSVersionIgnore) { - DisableDheAndEcdheCiphers(); - client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger( - server_)); - server_->DisableRollbackDetection(); - Connect(); -} - TEST_P(TlsConnectStream, ConnectEcdhe) { + EnableSomeEcdheCiphers(); Connect(); client_->CheckKEAType(ssl_kea_ecdh); } TEST_P(TlsConnectStream, ConnectEcdheTwiceReuseKey) { + EnableSomeEcdheCiphers(); TlsInspectorRecordHandshakeMessage* i1 = new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange); server_->SetPacketFilter(i1); @@ -433,6 +208,7 @@ TEST_P(TlsConnectStream, ConnectEcdheTwiceReuseKey) { TlsInspectorRecordHandshakeMessage* i2 = new TlsInspectorRecordHandshakeMessage(kTlsHandshakeServerKeyExchange); server_->SetPacketFilter(i2); + EnableSomeEcdheCiphers(); ConfigureSessionCache(RESUME_NONE, RESUME_NONE); Connect(); client_->CheckKEAType(ssl_kea_ecdh); @@ -447,7 +223,7 @@ TEST_P(TlsConnectStream, ConnectEcdheTwiceReuseKey) { } TEST_P(TlsConnectStream, ConnectEcdheTwiceNewKey) { - server_->EnsureTlsSetup(); + EnableSomeEcdheCiphers(); SECStatus rv = SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE); EXPECT_EQ(SECSuccess, rv); @@ -461,7 +237,7 @@ TEST_P(TlsConnectStream, ConnectEcdheTwiceNewKey) { // Restart ResetRsa(); - server_->EnsureTlsSetup(); + EnableSomeEcdheCiphers(); rv = SSL_OptionSet(server_->ssl_fd(), SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE); EXPECT_EQ(SECSuccess, rv); TlsInspectorRecordHandshakeMessage* i2 = @@ -480,167 +256,6 @@ TEST_P(TlsConnectStream, ConnectEcdheTwiceNewKey) { dhe1.public_key_.len()))); } -TEST_P(TlsConnectGeneric, ConnectSendReceive) { - Connect(); - SendReceive(); -} - -// The next two tests takes advantage of the fact that we -// automatically read the first 1024 bytes, so if -// we provide 1200 bytes, they overrun the read buffer -// provided by the calling test. - -// DTLS should return an error. -TEST_P(TlsConnectDatagram, ShortRead) { - Connect(); - client_->SetExpectedReadError(true); - server_->SendData(1200, 1200); - WAIT_(client_->error_code() == SSL_ERROR_RX_SHORT_DTLS_READ, 2000); - // Don't call CheckErrorCode() because it requires us to being - // in state ERROR. - ASSERT_EQ(SSL_ERROR_RX_SHORT_DTLS_READ, client_->error_code()); - - // Now send and receive another packet. - client_->SetExpectedReadError(false); - server_->ResetSentBytes(); // Reset the counter. - SendReceive(); -} - -// TLS should get the write in two chunks. -TEST_P(TlsConnectStream, ShortRead) { - // This test behaves oddly with TLS 1.0 because of 1/n+1 splitting, - // so skip in that case. - if (version_ < SSL_LIBRARY_VERSION_TLS_1_1) - return; - - Connect(); - server_->SendData(1200, 1200); - // Read the first tranche. - WAIT_(client_->received_bytes() == 1024, 2000); - ASSERT_EQ(1024U, client_->received_bytes()); - // The second tranche should now immediately be available. - client_->ReadBytes(); - ASSERT_EQ(1200U, client_->received_bytes()); -} - -TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecret) { - EnableExtendedMasterSecret(); - Connect(); - ResetRsa(); - ExpectResumption(RESUME_SESSIONID); - EnableExtendedMasterSecret(); - Connect(); -} - - -TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretStaticRSA) { - DisableDheAndEcdheCiphers(); - EnableExtendedMasterSecret(); - Connect(); -} - -// This test is stream so we can catch the bad_record_mac alert. -TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusCKE) { - DisableDheAndEcdheCiphers(); - EnableExtendedMasterSecret(); - TlsInspectorReplaceHandshakeMessage* inspect = - new TlsInspectorReplaceHandshakeMessage(kTlsHandshakeClientKeyExchange, - DataBuffer( - kBogusClientKeyExchange, - sizeof(kBogusClientKeyExchange))); - client_->SetPacketFilter(inspect); - auto alert_recorder = new TlsAlertRecorder(); - server_->SetPacketFilter(alert_recorder); - ConnectExpectFail(); - EXPECT_EQ(kTlsAlertFatal, alert_recorder->level()); - EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description()); -} - -// This test is stream so we can catch the bad_record_mac alert. -TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusPMSVersionDetect) { - DisableDheAndEcdheCiphers(); - EnableExtendedMasterSecret(); - client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger( - server_)); - auto alert_recorder = new TlsAlertRecorder(); - server_->SetPacketFilter(alert_recorder); - ConnectExpectFail(); - EXPECT_EQ(kTlsAlertFatal, alert_recorder->level()); - EXPECT_EQ(kTlsAlertBadRecordMac, alert_recorder->description()); -} - -TEST_P(TlsConnectStream, ConnectExtendedMasterSecretStaticRSABogusPMSVersionIgnore) { - DisableDheAndEcdheCiphers(); - EnableExtendedMasterSecret(); - client_->SetPacketFilter(new TlsInspectorClientHelloVersionChanger( - server_)); - server_->DisableRollbackDetection(); - Connect(); -} - -TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretECDHE) { - EnableExtendedMasterSecret(); - Connect(); - - ResetRsa(); - EnableExtendedMasterSecret(); - ExpectResumption(RESUME_SESSIONID); - Connect(); -} - -TEST_P(TlsConnectGeneric, ConnectExtendedMasterSecretTicket) { - ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); - EnableExtendedMasterSecret(); - Connect(); - - ResetRsa(); - ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET); - - EnableExtendedMasterSecret(); - ExpectResumption(RESUME_TICKET); - Connect(); -} - -TEST_P(TlsConnectGeneric, - ConnectExtendedMasterSecretClientOnly) { - client_->EnableExtendedMasterSecret(); - ExpectExtendedMasterSecret(false); - Connect(); -} - -TEST_P(TlsConnectGeneric, - ConnectExtendedMasterSecretServerOnly) { - server_->EnableExtendedMasterSecret(); - ExpectExtendedMasterSecret(false); - Connect(); -} - -TEST_P(TlsConnectGeneric, - ConnectExtendedMasterSecretResumeWithout) { - EnableExtendedMasterSecret(); - Connect(); - - ResetRsa(); - server_->EnableExtendedMasterSecret(); - auto alert_recorder = new TlsAlertRecorder(); - server_->SetPacketFilter(alert_recorder); - ConnectExpectFail(); - EXPECT_EQ(kTlsAlertFatal, alert_recorder->level()); - EXPECT_EQ(kTlsAlertHandshakeFailure, alert_recorder->description()); -} - -TEST_P(TlsConnectGeneric, - ConnectNormalResumeWithExtendedMasterSecret) { - ConfigureSessionCache(RESUME_SESSIONID, RESUME_SESSIONID); - ExpectExtendedMasterSecret(false); - Connect(); - - ResetRsa(); - EnableExtendedMasterSecret(); - ExpectResumption(RESUME_NONE); - Connect(); -} - INSTANTIATE_TEST_CASE_P(VariantsStream10, TlsConnectGeneric, ::testing::Combine( TlsConnectTestBase::kTlsModesStream, @@ -651,19 +266,7 @@ INSTANTIATE_TEST_CASE_P(VariantsAll, TlsConnectGeneric, TlsConnectTestBase::kTlsV11V12)); INSTANTIATE_TEST_CASE_P(VersionsDatagram, TlsConnectDatagram, TlsConnectTestBase::kTlsV11V12); -INSTANTIATE_TEST_CASE_P(Variants12, TlsConnectTls12, - TlsConnectTestBase::kTlsModesAll); -INSTANTIATE_TEST_CASE_P(Pre12Stream, TlsConnectPre12, - ::testing::Combine( - TlsConnectTestBase::kTlsModesStream, - TlsConnectTestBase::kTlsV10)); -INSTANTIATE_TEST_CASE_P(Pre12All, TlsConnectPre12, - ::testing::Combine( - TlsConnectTestBase::kTlsModesAll, - TlsConnectTestBase::kTlsV11)); -INSTANTIATE_TEST_CASE_P(VersionsStream10, TlsConnectStream, - TlsConnectTestBase::kTlsV10); -INSTANTIATE_TEST_CASE_P(VersionsStream, TlsConnectStream, +INSTANTIATE_TEST_CASE_P(VersionsDatagram, TlsConnectStream, TlsConnectTestBase::kTlsV11V12); } // namespace nspr_test diff --git a/security/nss/external_tests/ssl_gtest/ssl_prf_unittest.cc b/security/nss/external_tests/ssl_gtest/ssl_prf_unittest.cc deleted file mode 100644 index ea2478b9a93..00000000000 --- a/security/nss/external_tests/ssl_gtest/ssl_prf_unittest.cc +++ /dev/null @@ -1,253 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "nss.h" -#include "pk11pub.h" -#include - -#include "gtest_utils.h" - -namespace nss_test { - -#define CONST_UINT8_TO_UCHAR(a) const_cast( \ - static_cast(a)) - -const size_t kPmsSize = 48; -const size_t kMasterSecretSize = 48; -const size_t kPrfSeedSizeSha256 = 32; -const size_t kPrfSeedSizeTlsPrf = 36; - -// This is not the right size for anything -const size_t kIncorrectSize = 17; - -const uint8_t kPmsData[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, - 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f, - 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27, - 0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f -}; - -const uint8_t kPrfSeed[] = { - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff, - 0xe0,0xe1,0xe2,0xe3,0xe4,0xe5,0xe6,0xe7, - 0xe8,0xe9,0xea,0xeb,0xec,0xed,0xee,0xef, - 0xd0,0xd1,0xd2,0xd3 -}; - -const uint8_t kExpectedOutputEmsSha256[] = { - 0x75,0xa7,0xa5,0x98,0xef,0xab,0x90,0xe7, - 0x7c,0x67,0x80,0xde,0xab,0x3a,0x11,0xf3, - 0x5d,0xb2,0xf8,0x47,0xff,0x09,0x01,0xec, - 0xf8,0x93,0x89,0xfc,0x98,0x2e,0x6e,0xf9, - 0x2c,0xf5,0x9b,0x04,0x04,0x6f,0xd7,0x28, - 0x6e,0xea,0xe3,0x83,0xc4,0x4a,0xff,0x03 -}; - -const uint8_t kExpectedOutputEmsTlsPrf[] = { - 0x06,0xbf,0x29,0x86,0x5d,0xf3,0x3e,0x38, - 0xfd,0xfa,0x91,0x10,0x2a,0x20,0xff,0xd6, - 0xb9,0xd5,0x72,0x5a,0x6d,0x42,0x20,0x16, - 0xde,0xa4,0xa0,0x51,0xe5,0x53,0xc1,0x28, - 0x04,0x99,0xbc,0xb1,0x2c,0x9d,0xe8,0x0b, - 0x18,0xa2,0x0e,0x48,0x52,0x8d,0x61,0x13 -}; - -static unsigned char* toUcharPtr(const uint8_t* v) { - return const_cast( - static_cast(v)); -} - -class TlsPrfTest : public ::testing::Test { - public: - TlsPrfTest() - : params_({siBuffer, nullptr, 0}) - , pms_item_({siBuffer, toUcharPtr(kPmsData), kPmsSize}) - , key_mech_(0) - , slot_(nullptr) - , pms_(nullptr) - , ms_(nullptr) - , pms_version_({0, 0}) {} - - ~TlsPrfTest() { - if (slot_) { PK11_FreeSlot(slot_); } - ClearTempVars(); - } - - void ClearTempVars() { - if (pms_) { PK11_FreeSymKey(pms_); } - if (ms_) { PK11_FreeSymKey(ms_); } - } - - void Init() { - params_.type = siBuffer; - - pms_item_.type = siBuffer; - pms_item_.data = const_cast( - static_cast(kPmsData)); - - slot_ = PK11_GetInternalSlot(); - ASSERT_NE(nullptr, slot_); - } - - void CheckForError(CK_MECHANISM_TYPE hash_mech, - size_t seed_len, - size_t pms_len, - size_t output_len) { - // Error tests don't depend on the derivation mechansim - Inner(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, hash_mech, - seed_len, pms_len, output_len, nullptr, nullptr); - } - - void ComputeAndVerifyMs(CK_MECHANISM_TYPE derive_mech, - CK_MECHANISM_TYPE hash_mech, - CK_VERSION* version, - const uint8_t* expected) { - // Infer seed length from mechanism - int seed_len = 0; - switch (hash_mech) { - case CKM_TLS_PRF: seed_len = kPrfSeedSizeTlsPrf; break; - case CKM_SHA256: seed_len = kPrfSeedSizeSha256; break; - default: ASSERT_TRUE(false); - } - - Inner(derive_mech, hash_mech, seed_len, - kPmsSize, 0, version, expected); - } - - - // Set output == nullptr to test when errors occur - void Inner( - CK_MECHANISM_TYPE derive_mech, - CK_MECHANISM_TYPE hash_mech, - size_t seed_len, - size_t pms_len, - size_t output_len, - CK_VERSION* version, - const uint8_t* expected) { - ClearTempVars(); - - // Infer the key mechanism from the hash type - switch (hash_mech) { - case CKM_TLS_PRF: key_mech_ = CKM_TLS_KEY_AND_MAC_DERIVE; break; - case CKM_SHA256: key_mech_ = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; break; - default: ASSERT_TRUE(false); - } - - // Import the params - CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS master_params = { - hash_mech, - toUcharPtr(kPrfSeed), - seed_len, - version - }; - params_.data = reinterpret_cast(&master_params); - params_.len = sizeof(master_params); - - // Import the PMS - pms_item_.len = pms_len; - pms_ = PK11_ImportSymKey(slot_, derive_mech, PK11_OriginUnwrap, - CKA_DERIVE, &pms_item_, NULL); - ASSERT_NE(nullptr, pms_); - - - // Compute the EMS - ms_ = PK11_DeriveWithFlags(pms_, derive_mech, ¶ms_, key_mech_, - CKA_DERIVE, output_len, CKF_SIGN | CKF_VERIFY); - - // Verify the EMS has the expected value (null or otherwise) - if (!expected) { - EXPECT_EQ(nullptr, ms_); - } else { - ASSERT_NE(nullptr, ms_); - - SECStatus rv = PK11_ExtractKeyValue(ms_); - ASSERT_EQ(SECSuccess, rv); - - SECItem *msData = PK11_GetKeyData(ms_); - ASSERT_NE(nullptr, msData); - - ASSERT_EQ(kMasterSecretSize, msData->len); - EXPECT_EQ(0, - memcmp(msData->data, expected, kMasterSecretSize)); - } - } - - protected: - SECItem params_; - SECItem pms_item_; - CK_MECHANISM_TYPE key_mech_; - PK11SlotInfo *slot_; - PK11SymKey *pms_; - PK11SymKey *ms_; - CK_VERSION pms_version_; -}; - -TEST_F(TlsPrfTest, ExtendedMsParamErr) { - Init(); - - // This should fail; it's the correct set from which the below are derived - // CheckForError(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, 0); - - // Output key size != 0, SSL3_MASTER_SECRET_LENGTH - CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kPmsSize, kIncorrectSize); - - // not-DH && pms size != SSL3_PMS_LENGTH - CheckForError(CKM_TLS_PRF, kPrfSeedSizeTlsPrf, kIncorrectSize, 0); - - // CKM_TLS_PRF && seed length != MD5_LENGTH + SHA1_LENGTH - CheckForError(CKM_TLS_PRF, kIncorrectSize, kPmsSize, 0); - - // !CKM_TLS_PRF && seed length != hash output length - CheckForError(CKM_SHA256, kIncorrectSize, kPmsSize, 0); -} - -// Test matrix: -// -// DH RSA -// TLS_PRF 1 2 -// SHA256 3 4 -TEST_F(TlsPrfTest, ExtendedMsDhTlsPrf) { - Init(); - ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, - CKM_TLS_PRF, - nullptr, - kExpectedOutputEmsTlsPrf); -} - -TEST_F(TlsPrfTest, ExtendedMsRsaTlsPrf) { - Init(); - ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, - CKM_TLS_PRF, - &pms_version_, - kExpectedOutputEmsTlsPrf); - EXPECT_EQ(0, pms_version_.major); - EXPECT_EQ(1, pms_version_.minor); -} - - -TEST_F(TlsPrfTest, ExtendedMsDhSha256) { - Init(); - ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, - CKM_SHA256, - nullptr, - kExpectedOutputEmsSha256); -} - -TEST_F(TlsPrfTest, ExtendedMsRsaSha256) { - Init(); - ComputeAndVerifyMs(CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, - CKM_SHA256, - &pms_version_, - kExpectedOutputEmsSha256); - EXPECT_EQ(0, pms_version_.major); - EXPECT_EQ(1, pms_version_.minor); -} - -} // namespace nss_test - diff --git a/security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc b/security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc index 3a893cf6ca6..c8b15c86d8f 100644 --- a/security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc +++ b/security/nss/external_tests/ssl_gtest/ssl_skip_unittest.cc @@ -109,7 +109,7 @@ class TlsSkipTest }; TEST_P(TlsSkipTest, SkipCertificateRsa) { - DisableDheAndEcdheCiphers(); + DisableDheCiphers(); ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate)); client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); } @@ -120,6 +120,7 @@ TEST_P(TlsSkipTest, SkipCertificateDhe) { } TEST_P(TlsSkipTest, SkipCertificateEcdhe) { + EnableSomeEcdheCiphers(); ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeCertificate)); client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH); } @@ -131,6 +132,8 @@ TEST_P(TlsSkipTest, SkipCertificateEcdsa) { } TEST_P(TlsSkipTest, SkipServerKeyExchange) { + // Have to enable some ephemeral suites, or ServerKeyExchange doesn't appear. + EnableSomeEcdheCiphers(); ServerSkipTest(new TlsHandshakeSkipFilter(kTlsHandshakeServerKeyExchange)); client_->CheckErrorCode(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE); } diff --git a/security/nss/external_tests/ssl_gtest/test_io.cc b/security/nss/external_tests/ssl_gtest/test_io.cc index 9c289698040..70b2b1e1b0a 100644 --- a/security/nss/external_tests/ssl_gtest/test_io.cc +++ b/security/nss/external_tests/ssl_gtest/test_io.cc @@ -125,9 +125,8 @@ static PRStatus DummyListen(PRFileDesc *f, int32_t depth) { } static PRStatus DummyShutdown(PRFileDesc *f, int32_t how) { - DummyPrSocket *io = reinterpret_cast(f->secret); - io->Reset(); - return PR_SUCCESS; + UNIMPLEMENTED(); + return PR_FAILURE; } // This function does not support peek. @@ -251,12 +250,7 @@ static int32_t DummyReserved(PRFileDesc *f) { } DummyPrSocket::~DummyPrSocket() { - Reset(); -} - -void DummyPrSocket::Reset() { delete filter_; - peer_ = nullptr; while (!input_.empty()) { Packet* front = input_.front(); @@ -401,29 +395,6 @@ void Poller::Wait(Event event, DummyPrSocket *adapter, PollTarget *target, waiters_[adapter] = waiter; } -void Poller::Cancel(Event event, DummyPrSocket *adapter) { - auto it = waiters_.find(adapter); - Waiter *waiter; - - if (it == waiters_.end()) { - return; - } - - waiter = it->second; - - waiter->targets_[event] = nullptr; - waiter->callbacks_[event] = nullptr; - - // Clean up if there are no callbacks. - for (size_t i=0; icallbacks_[i]) - return; - } - - delete waiter; - waiters_.erase(adapter); -} - void Poller::SetTimer(uint32_t timer_ms, PollTarget *target, PollCallback cb, Timer **timer) { Timer *t = new Timer(PR_Now() + timer_ms * 1000, target, cb); diff --git a/security/nss/external_tests/ssl_gtest/test_io.h b/security/nss/external_tests/ssl_gtest/test_io.h index f5910c20318..d55d3e4d8ef 100644 --- a/security/nss/external_tests/ssl_gtest/test_io.h +++ b/security/nss/external_tests/ssl_gtest/test_io.h @@ -50,9 +50,8 @@ class DummyPrSocket { static DummyPrSocket* GetAdapter(PRFileDesc* fd); void SetPeer(DummyPrSocket* peer) { peer_ = peer; } + void SetPacketFilter(PacketFilter* filter) { filter_ = filter; } - // Drops peer, packet filter and any outstanding packets. - void Reset(); void PacketReceived(const DataBuffer& data); int32_t Read(void* data, int32_t len); @@ -103,7 +102,6 @@ class Poller { void Wait(Event event, DummyPrSocket* adapter, PollTarget* target, PollCallback cb); - void Cancel(Event event, DummyPrSocket* adapter); void SetTimer(uint32_t timer_ms, PollTarget* target, PollCallback cb, Timer** handle); bool Poll(); diff --git a/security/nss/external_tests/ssl_gtest/tls_agent.cc b/security/nss/external_tests/ssl_gtest/tls_agent.cc index 16a39329d92..2793b0d209e 100644 --- a/security/nss/external_tests/ssl_gtest/tls_agent.cc +++ b/security/nss/external_tests/ssl_gtest/tls_agent.cc @@ -17,53 +17,8 @@ namespace nss_test { - const char* TlsAgent::states[] = {"INIT", "CONNECTING", "CONNECTED", "ERROR"}; -TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea) - : name_(name), - mode_(mode), - kea_(kea), - pr_fd_(nullptr), - adapter_(nullptr), - ssl_fd_(nullptr), - role_(role), - state_(STATE_INIT), - falsestart_enabled_(false), - expected_version_(0), - expected_cipher_suite_(0), - expect_resumption_(false), - can_falsestart_hook_called_(false), - sni_hook_called_(false), - auth_certificate_hook_called_(false), - handshake_callback_called_(false), - error_code_(0), - send_ctr_(0), - recv_ctr_(0), - expected_read_error_(false) { - - memset(&info_, 0, sizeof(info_)); - memset(&csinfo_, 0, sizeof(csinfo_)); - SECStatus rv = SSL_VersionRangeGetDefault(mode_ == STREAM ? - ssl_variant_stream : ssl_variant_datagram, - &vrange_); - EXPECT_EQ(SECSuccess, rv); -} - -TlsAgent::~TlsAgent() { - if (adapter_) { - Poller::Instance()->Cancel(READABLE_EVENT, adapter_); - } - - if (pr_fd_) { - PR_Close(pr_fd_); - } - - if (ssl_fd_) { - PR_Close(ssl_fd_); - } -} - bool TlsAgent::EnsureTlsSetup() { // Don't set up twice if (ssl_fd_) return true; @@ -94,7 +49,8 @@ bool TlsAgent::EnsureTlsSetup() { SECKEY_DestroyPrivateKey(priv); CERT_DestroyCertificate(cert); - rv = SSL_SNISocketConfigHook(ssl_fd_, SniHook, this); + rv = SSL_SNISocketConfigHook(ssl_fd_, SniHook, + reinterpret_cast(this)); EXPECT_EQ(SECSuccess, rv); // don't abort, just fail } else { SECStatus rv = SSL_SetURL(ssl_fd_, "server"); @@ -106,87 +62,49 @@ bool TlsAgent::EnsureTlsSetup() { EXPECT_EQ(SECSuccess, rv); if (rv != SECSuccess) return false; - rv = SSL_AuthCertificateHook(ssl_fd_, AuthCertificateHook, this); - EXPECT_EQ(SECSuccess, rv); - if (rv != SECSuccess) return false; - - rv = SSL_HandshakeCallback(ssl_fd_, HandshakeCallback, this); + rv = SSL_AuthCertificateHook(ssl_fd_, AuthCertificateHook, + reinterpret_cast(this)); EXPECT_EQ(SECSuccess, rv); if (rv != SECSuccess) return false; return true; } -void TlsAgent::SetupClientAuth() { - EXPECT_TRUE(EnsureTlsSetup()); - ASSERT_EQ(CLIENT, role_); - - EXPECT_EQ(SECSuccess, - SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, - reinterpret_cast(this))); -} - -bool TlsAgent::GetClientAuthCredentials(CERTCertificate **cert, - SECKEYPrivateKey **priv) const { - *cert = PK11_FindCertFromNickname(name_.c_str(), nullptr); - EXPECT_NE(nullptr, *cert); - if (!*cert) return false; - - *priv = PK11_FindKeyByAnyCert(*cert, nullptr); - EXPECT_NE(nullptr, *priv); - if (!*priv) return false; // Leak cert. - - return true; -} - -SECStatus TlsAgent::GetClientAuthDataHook(void* self, PRFileDesc* fd, - CERTDistNames* caNames, - CERTCertificate** cert, - SECKEYPrivateKey** privKey) { - TlsAgent* agent = reinterpret_cast(self); - if (agent->GetClientAuthCredentials(cert, privKey)) { - return SECSuccess; - } - return SECFailure; -} - - -void TlsAgent::RequestClientAuth(bool requireAuth) { - EXPECT_TRUE(EnsureTlsSetup()); - ASSERT_EQ(SERVER, role_); - - EXPECT_EQ(SECSuccess, - SSL_OptionSet(ssl_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE)); - EXPECT_EQ(SECSuccess, - SSL_OptionSet(ssl_fd_, SSL_REQUIRE_CERTIFICATE, - requireAuth ? PR_TRUE : PR_FALSE)); - - EXPECT_EQ(SECSuccess, - SSL_AuthCertificateHook(ssl_fd_, &TlsAgent::ClientAuthenticated, - this)); - expect_client_auth_ = true; -} - void TlsAgent::StartConnect() { EXPECT_TRUE(EnsureTlsSetup()); SECStatus rv; rv = SSL_ResetHandshake(ssl_fd_, role_ == SERVER ? PR_TRUE : PR_FALSE); EXPECT_EQ(SECSuccess, rv); - SetState(STATE_CONNECTING); + SetState(CONNECTING); } -void TlsAgent::DisableCiphersByKeyExchange(SSLKEAType kea) { +void TlsAgent::EnableSomeEcdheCiphers() { EXPECT_TRUE(EnsureTlsSetup()); - for (size_t i = 0; i < SSL_NumImplementedCiphers; ++i) { + const uint32_t EcdheCiphers[] = {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA}; + + for (size_t i = 0; i < PR_ARRAY_SIZE(EcdheCiphers); ++i) { + SECStatus rv = SSL_CipherPrefSet(ssl_fd_, EcdheCiphers[i], PR_TRUE); + EXPECT_EQ(SECSuccess, rv); + } +} + + +void TlsAgent::DisableDheCiphers() { + EXPECT_TRUE(EnsureTlsSetup()); + + for (size_t i=0; i < SSL_NumImplementedCiphers; ++i) { SSLCipherSuiteInfo csinfo; SECStatus rv = SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &csinfo, sizeof(csinfo)); ASSERT_EQ(SECSuccess, rv); - if (csinfo.keaType == kea) { + if (csinfo.keaType == ssl_kea_dh) { rv = SSL_CipherPrefSet(ssl_fd_, SSL_ImplementedCiphers[i], PR_FALSE); EXPECT_EQ(SECSuccess, rv); } @@ -219,77 +137,19 @@ void TlsAgent::SetVersionRange(uint16_t minver, uint16_t maxver) { } } -void TlsAgent::SetExpectedVersion(uint16_t version) { - expected_version_ = version; -} - -void TlsAgent::SetExpectedReadError(bool err) { - expected_read_error_ = err; -} - -void TlsAgent::SetSignatureAlgorithms(const SSLSignatureAndHashAlg* algorithms, - size_t count) { - EXPECT_TRUE(EnsureTlsSetup()); - EXPECT_LE(count, SSL_SignatureMaxCount()); - EXPECT_EQ(SECSuccess, SSL_SignaturePrefSet(ssl_fd_, algorithms, - static_cast(count))); - EXPECT_EQ(SECFailure, SSL_SignaturePrefSet(ssl_fd_, algorithms, 0)) - << "setting no algorithms should fail and do nothing"; - - unsigned int configuredCount; - SSLSignatureAndHashAlg configuredAlgorithms[count]; - EXPECT_EQ(SECFailure, - SSL_SignaturePrefGet(ssl_fd_, nullptr, &configuredCount, 1)) - << "get algorithms, algorithms is nullptr"; - EXPECT_EQ(SECFailure, - SSL_SignaturePrefGet(ssl_fd_, configuredAlgorithms, - &configuredCount, 0)) - << "get algorithms, too little space"; - EXPECT_EQ(SECFailure, - SSL_SignaturePrefGet(ssl_fd_, configuredAlgorithms, nullptr, - PR_ARRAY_SIZE(configuredAlgorithms))) - << "get algorithms, algCountOut is nullptr"; - - EXPECT_EQ(SECSuccess, - SSL_SignaturePrefGet(ssl_fd_, configuredAlgorithms, - &configuredCount, - PR_ARRAY_SIZE(configuredAlgorithms))); - // SignaturePrefSet drops unsupported algorithms silently, so the number that - // are configured might be fewer. - EXPECT_LE(configuredCount, count); - unsigned int i = 0; - for (unsigned int j = 0; j < count && i < configuredCount; ++j) { - if (i < configuredCount && - algorithms[j].hashAlg == configuredAlgorithms[i].hashAlg && - algorithms[j].sigAlg == configuredAlgorithms[i].sigAlg) { - ++i; - } - } - EXPECT_EQ(i, configuredCount) << "algorithms in use were all set"; -} - void TlsAgent::CheckKEAType(SSLKEAType type) const { - EXPECT_EQ(STATE_CONNECTED, state_); + EXPECT_EQ(CONNECTED, state_); EXPECT_EQ(type, csinfo_.keaType); } void TlsAgent::CheckAuthType(SSLAuthType type) const { - EXPECT_EQ(STATE_CONNECTED, state_); + EXPECT_EQ(CONNECTED, state_); EXPECT_EQ(type, csinfo_.authAlgorithm); } -void TlsAgent::EnableFalseStart() { - EXPECT_TRUE(EnsureTlsSetup()); - - falsestart_enabled_ = true; - EXPECT_EQ(SECSuccess, - SSL_SetCanFalseStartCallback(ssl_fd_, CanFalseStartCallback, this)); - EXPECT_EQ(SECSuccess, - SSL_OptionSet(ssl_fd_, SSL_ENABLE_FALSE_START, PR_TRUE)); -} - -void TlsAgent::ExpectResumption() { - expect_resumption_ = true; +void TlsAgent::CheckVersion(uint16_t version) const { + EXPECT_EQ(CONNECTED, state_); + EXPECT_EQ(version, info_.protocolVersion); } void TlsAgent::EnableAlpn(const uint8_t* val, size_t len) { @@ -300,7 +160,7 @@ void TlsAgent::EnableAlpn(const uint8_t* val, size_t len) { } void TlsAgent::CheckAlpn(SSLNextProtoState expected_state, - const std::string& expected) const { + const std::string& expected) { SSLNextProtoState state; char chosen[10]; unsigned int chosen_len; @@ -319,114 +179,31 @@ void TlsAgent::EnableSrtp() { }; EXPECT_EQ(SECSuccess, SSL_SetSRTPCiphers(ssl_fd_, ciphers, PR_ARRAY_SIZE(ciphers))); + } -void TlsAgent::CheckSrtp() const { +void TlsAgent::CheckSrtp() { uint16_t actual; EXPECT_EQ(SECSuccess, SSL_GetSRTPCipher(ssl_fd_, &actual)); EXPECT_EQ(SRTP_AES128_CM_HMAC_SHA1_80, actual); } void TlsAgent::CheckErrorCode(int32_t expected) const { - EXPECT_EQ(STATE_ERROR, state_); + EXPECT_EQ(ERROR, state_); EXPECT_EQ(expected, error_code_); } -void TlsAgent::CheckPreliminaryInfo() { - SSLPreliminaryChannelInfo info; - EXPECT_EQ(SECSuccess, - SSL_GetPreliminaryChannelInfo(ssl_fd_, &info, sizeof(info))); - EXPECT_TRUE(info.valuesSet & ssl_preinfo_version); - EXPECT_TRUE(info.valuesSet & ssl_preinfo_cipher_suite); - - // A version of 0 is invalid and indicates no expectation. This value is - // initialized to 0 so that tests that don't explicitly set an expected - // version can negotiate a version. - if (!expected_version_) { - expected_version_ = info.protocolVersion; - } - EXPECT_EQ(expected_version_, info.protocolVersion); - - // As with the version; 0 is the null cipher suite (and also invalid). - if (!expected_cipher_suite_) { - expected_cipher_suite_ = info.cipherSuite; - } - EXPECT_EQ(expected_cipher_suite_, info.cipherSuite); -} - -// Check that all the expected callbacks have been called. -void TlsAgent::CheckCallbacks() const { - // If false start happens, the handshake is reported as being complete at the - // point that false start happens. - if (expect_resumption_ || !falsestart_enabled_) { - EXPECT_TRUE(handshake_callback_called_); - } - - // These callbacks shouldn't fire if we are resuming. - if (role_ == SERVER) { - EXPECT_EQ(!expect_resumption_, sni_hook_called_); - } else { - EXPECT_EQ(!expect_resumption_, auth_certificate_hook_called_); - // Note that this isn't unconditionally called, even with false start on. - // But the callback is only skipped if a cipher that is ridiculously weak - // (80 bits) is chosen. Don't test that: plan to remove bad ciphers. - EXPECT_EQ(falsestart_enabled_ && !expect_resumption_, - can_falsestart_hook_called_); - } -} - -void TlsAgent::Connected() { - LOG("Handshake success"); - CheckCallbacks(); - - SECStatus rv = SSL_GetChannelInfo(ssl_fd_, &info_, sizeof(info_)); - EXPECT_EQ(SECSuccess, rv); - - // Preliminary values are exposed through callbacks during the handshake. - // If either expected values were set or the callbacks were called, check - // that the final values are correct. - EXPECT_EQ(expected_version_, info_.protocolVersion); - EXPECT_EQ(expected_cipher_suite_, info_.cipherSuite); - - rv = SSL_GetCipherSuiteInfo(info_.cipherSuite, &csinfo_, sizeof(csinfo_)); - EXPECT_EQ(SECSuccess, rv); - - SetState(STATE_CONNECTED); -} - -void TlsAgent::EnableExtendedMasterSecret() { - ASSERT_TRUE(EnsureTlsSetup()); - - SECStatus rv = SSL_OptionSet(ssl_fd_, - SSL_ENABLE_EXTENDED_MASTER_SECRET, - PR_TRUE); - - ASSERT_EQ(SECSuccess, rv); -} - -void TlsAgent::CheckExtendedMasterSecret(bool expected) { - ASSERT_EQ(expected, info_.extendedMasterSecretUsed) - << "unexpected extended master secret state for " << name_; -} - -void TlsAgent::DisableRollbackDetection() { - ASSERT_TRUE(EnsureTlsSetup()); - - SECStatus rv = SSL_OptionSet(ssl_fd_, - SSL_ROLLBACK_DETECTION, - PR_FALSE); - - ASSERT_EQ(SECSuccess, rv); -} - void TlsAgent::Handshake() { SECStatus rv = SSL_ForceHandshake(ssl_fd_); if (rv == SECSuccess) { - Connected(); + LOG("Handshake success"); + SECStatus rv = SSL_GetChannelInfo(ssl_fd_, &info_, sizeof(info_)); + EXPECT_EQ(SECSuccess, rv); - Poller::Instance()->Wait(READABLE_EVENT, adapter_, this, - &TlsAgent::ReadableCallback); + rv = SSL_GetCipherSuiteInfo(info_.cipherSuite, &csinfo_, sizeof(csinfo_)); + EXPECT_EQ(SECSuccess, rv); + SetState(CONNECTED); return; } @@ -443,81 +220,13 @@ void TlsAgent::Handshake() { // TODO(ekr@rtfm.com): needs special case for DTLS case SSL_ERROR_RX_MALFORMED_HANDSHAKE: default: - if (IS_SSL_ERROR(err)) { - LOG("Handshake failed with SSL error " << err - SSL_ERROR_BASE); - } else { - LOG("Handshake failed with error " << err); - } + LOG("Handshake failed with error " << err); error_code_ = err; - SetState(STATE_ERROR); + SetState(ERROR); return; } } -void TlsAgent::PrepareForRenegotiate() { - EXPECT_EQ(STATE_CONNECTED, state_); - - SetState(STATE_CONNECTING); -} - -void TlsAgent::StartRenegotiate() { - PrepareForRenegotiate(); - - SECStatus rv = SSL_ReHandshake(ssl_fd_, PR_TRUE); - EXPECT_EQ(SECSuccess, rv); -} - -void TlsAgent::SendData(size_t bytes, size_t blocksize) { - uint8_t block[4096]; - - ASSERT_LT(blocksize, sizeof(block)); - - while(bytes) { - size_t tosend = std::min(blocksize, bytes); - - for(size_t i = 0; i < tosend; ++i) { - block[i] = 0xff & send_ctr_; - ++send_ctr_; - } - - LOG("Writing " << tosend << " bytes"); - int32_t rv = PR_Write(ssl_fd_, block, tosend); - ASSERT_EQ(tosend, static_cast(rv)); - - bytes -= tosend; - } -} - -void TlsAgent::ReadBytes() { - uint8_t block[1024]; - - LOG("Reading application data from socket"); - - int32_t rv = PR_Read(ssl_fd_, block, sizeof(block)); - - int32_t err = PR_GetError(); - if (err != PR_WOULD_BLOCK_ERROR) { - if (expected_read_error_) { - error_code_ = err; - } else { - ASSERT_LE(0, rv); - size_t count = static_cast(rv); - LOG("Read " << count << " bytes"); - for (size_t i = 0; i < count; ++i) { - ASSERT_EQ(recv_ctr_ & 0xff, block[i]); - recv_ctr_++; - } - } - } - - Poller::Instance()->Wait(READABLE_EVENT, adapter_, this, - &TlsAgent::ReadableCallback); -} - -void TlsAgent::ResetSentBytes() { - send_ctr_ = 0; -} - void TlsAgent::ConfigureSessionCache(SessionResumptionMode mode) { EXPECT_TRUE(EnsureTlsSetup()); @@ -534,39 +243,5 @@ void TlsAgent::ConfigureSessionCache(SessionResumptionMode mode) { EXPECT_EQ(SECSuccess, rv); } -static const std::string kTlsRolesAllArr[] = {"CLIENT", "SERVER"}; -::testing::internal::ParamGenerator - TlsAgentTestBase::kTlsRolesAll = ::testing::ValuesIn(kTlsRolesAllArr); - -void TlsAgentTestBase::Init() { - agent_ = new TlsAgent( - role_ == TlsAgent::CLIENT ? "client" : "server", - role_, mode_, kea_); - agent_->Init(); - fd_ = DummyPrSocket::CreateFD("dummy", mode_); - agent_->adapter()->SetPeer( - DummyPrSocket::GetAdapter(fd_)); - agent_->StartConnect(); -} - -void TlsAgentTestBase::EnsureInit() { - if (!agent_) { - Init(); - } -} - -void TlsAgentTestBase::ProcessMessage(const DataBuffer& buffer, - TlsAgent::State expected_state, - int32_t error_code) { - EnsureInit(); - agent_->adapter()->PacketReceived(buffer); - agent_->Handshake(); - - ASSERT_EQ(expected_state, agent_->state()); - - if (expected_state == TlsAgent::STATE_ERROR) { - ASSERT_EQ(error_code, agent_->error_code()); - } -} } // namespace nss_test diff --git a/security/nss/external_tests/ssl_gtest/tls_agent.h b/security/nss/external_tests/ssl_gtest/tls_agent.h index f15de13aa0b..9eec076c77f 100644 --- a/security/nss/external_tests/ssl_gtest/tls_agent.h +++ b/security/nss/external_tests/ssl_gtest/tls_agent.h @@ -31,10 +31,35 @@ enum SessionResumptionMode { class TlsAgent : public PollTarget { public: enum Role { CLIENT, SERVER }; - enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR }; + enum State { INIT, CONNECTING, CONNECTED, ERROR }; - TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea); - virtual ~TlsAgent(); + TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea) + : name_(name), + mode_(mode), + kea_(kea), + pr_fd_(nullptr), + adapter_(nullptr), + ssl_fd_(nullptr), + role_(role), + state_(INIT), + error_code_(0) { + memset(&info_, 0, sizeof(info_)); + memset(&csinfo_, 0, sizeof(csinfo_)); + SECStatus rv = SSL_VersionRangeGetDefault(mode_ == STREAM ? + ssl_variant_stream : ssl_variant_datagram, + &vrange_); + EXPECT_EQ(SECSuccess, rv); + } + + ~TlsAgent() { + if (pr_fd_) { + PR_Close(pr_fd_); + } + + if (ssl_fd_) { + PR_Close(ssl_fd_); + } + } bool Init() { pr_fd_ = DummyPrSocket::CreateFD(name_, mode_); @@ -56,43 +81,23 @@ class TlsAgent : public PollTarget { void StartConnect(); void CheckKEAType(SSLKEAType type) const; void CheckAuthType(SSLAuthType type) const; + void CheckVersion(uint16_t version) const; void Handshake(); - // Marks the internal state as CONNECTING in anticipation of renegotiation. - void PrepareForRenegotiate(); - // Prepares for renegotiation, then actually triggers it. - void StartRenegotiate(); - void DisableCiphersByKeyExchange(SSLKEAType kea); + void EnableSomeEcdheCiphers(); + void DisableDheCiphers(); bool EnsureTlsSetup(); - void SetupClientAuth(); - void RequestClientAuth(bool requireAuth); - bool GetClientAuthCredentials(CERTCertificate** cert, - SECKEYPrivateKey** priv) const; - void ConfigureSessionCache(SessionResumptionMode mode); void SetSessionTicketsEnabled(bool en); void SetSessionCacheEnabled(bool en); void SetVersionRange(uint16_t minver, uint16_t maxver); - void CheckPreliminaryInfo(); - void SetExpectedVersion(uint16_t version); - void SetExpectedReadError(bool err); - void EnableFalseStart(); - void ExpectResumption(); - void SetSignatureAlgorithms(const SSLSignatureAndHashAlg* algorithms, - size_t count); void EnableAlpn(const uint8_t* val, size_t len); void CheckAlpn(SSLNextProtoState expected_state, - const std::string& expected) const; + const std::string& expected); void EnableSrtp(); - void CheckSrtp() const; + void CheckSrtp(); void CheckErrorCode(int32_t expected) const; - void SendData(size_t bytes, size_t blocksize = 1024); - void ReadBytes(); - void ResetSentBytes(); // Hack to test drops. - void EnableExtendedMasterSecret(); - void CheckExtendedMasterSecret(bool expected); - void DisableRollbackDetection(); State state() const { return state_; } @@ -101,24 +106,33 @@ class TlsAgent : public PollTarget { const char* state_str(State state) const { return states[state]; } PRFileDesc* ssl_fd() { return ssl_fd_; } - DummyPrSocket* adapter() { return adapter_; } uint16_t min_version() const { return vrange_.min; } uint16_t max_version() const { return vrange_.max; } + + bool version(uint16_t* version) const { + if (state_ != CONNECTED) return false; + + *version = info_.protocolVersion; + + return true; + } + uint16_t version() const { - EXPECT_EQ(STATE_CONNECTED, state_); + EXPECT_EQ(CONNECTED, state_); + return info_.protocolVersion; } bool cipher_suite(int16_t* cipher_suite) const { - if (state_ != STATE_CONNECTED) return false; + if (state_ != CONNECTED) return false; *cipher_suite = info_.cipherSuite; return true; } std::string cipher_suite_name() const { - if (state_ != STATE_CONNECTED) return "UNKNOWN"; + if (state_ != CONNECTED) return "UNKNOWN"; return csinfo_.cipherSuiteName; } @@ -128,9 +142,6 @@ class TlsAgent : public PollTarget { info_.sessionID + info_.sessionIDLength); } - size_t received_bytes() const { return recv_ctr_; } - int32_t error_code() const { return error_code_; } - private: const static char* states[]; @@ -145,74 +156,25 @@ class TlsAgent : public PollTarget { // Dummy auth certificate hook. static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig, PRBool isServer) { - TlsAgent* agent = reinterpret_cast(arg); - agent->CheckPreliminaryInfo(); - agent->auth_certificate_hook_called_ = true; return SECSuccess; } - // Client auth certificate hook. - static SECStatus ClientAuthenticated(void* arg, PRFileDesc* fd, - PRBool checksig, PRBool isServer) { - TlsAgent* agent = reinterpret_cast(arg); - EXPECT_TRUE(agent->expect_client_auth_); - EXPECT_TRUE(isServer); - return SECSuccess; - } - - static SECStatus GetClientAuthDataHook(void* self, PRFileDesc* fd, - CERTDistNames* caNames, - CERTCertificate** cert, - SECKEYPrivateKey** privKey); - static void ReadableCallback(PollTarget* self, Event event) { TlsAgent* agent = static_cast(self); agent->ReadableCallback_int(); } - void ReadableCallback_int() { LOG("Readable"); - switch (state_) { - case STATE_CONNECTING: - Handshake(); - break; - case STATE_CONNECTED: - ReadBytes(); - break; - default: - break; - } + Handshake(); } static PRInt32 SniHook(PRFileDesc *fd, const SECItem *srvNameArr, PRUint32 srvNameArrSize, void *arg) { - TlsAgent* agent = reinterpret_cast(arg); - agent->CheckPreliminaryInfo(); - agent->sni_hook_called_ = true; return SSL_SNI_CURRENT_CONFIG_IS_USED; } - static SECStatus CanFalseStartCallback(PRFileDesc *fd, void *arg, - PRBool *canFalseStart) { - TlsAgent* agent = reinterpret_cast(arg); - agent->CheckPreliminaryInfo(); - EXPECT_TRUE(agent->falsestart_enabled_); - agent->can_falsestart_hook_called_ = true; - *canFalseStart = true; - return SECSuccess; - } - - static void HandshakeCallback(PRFileDesc *fd, void *arg) { - TlsAgent* agent = reinterpret_cast(arg); - agent->CheckPreliminaryInfo(); - agent->handshake_callback_called_ = true; - } - - void CheckCallbacks() const; - void Connected(); - const std::string name_; Mode mode_; SSLKEAType kea_; @@ -221,73 +183,10 @@ class TlsAgent : public PollTarget { PRFileDesc* ssl_fd_; Role role_; State state_; - bool falsestart_enabled_; - uint16_t expected_version_; - uint16_t expected_cipher_suite_; - bool expect_resumption_; - bool expect_client_auth_; - bool can_falsestart_hook_called_; - bool sni_hook_called_; - bool auth_certificate_hook_called_; - bool handshake_callback_called_; SSLChannelInfo info_; SSLCipherSuiteInfo csinfo_; SSLVersionRange vrange_; int32_t error_code_; - size_t send_ctr_; - size_t recv_ctr_; - bool expected_read_error_; -}; - -class TlsAgentTestBase : public ::testing::Test { - public: - static ::testing::internal::ParamGenerator kTlsRolesAll; - - TlsAgentTestBase(TlsAgent::Role role, - Mode mode) : agent_(nullptr), - fd_(nullptr), - role_(role), - mode_(mode), - kea_(ssl_kea_rsa) {} - ~TlsAgentTestBase() { - delete agent_; - if (fd_) { - PR_Close(fd_); - } - } - - static inline TlsAgent::Role ToRole(const std::string& str) { - return str == "CLIENT" ? TlsAgent::CLIENT : TlsAgent::SERVER; - } - - static inline Mode ToMode(const std::string& str) { - return str == "TLS" ? STREAM : DGRAM; - } - - void Init(); - - protected: - void EnsureInit(); - void ProcessMessage(const DataBuffer& buffer, - TlsAgent::State expected_state, - int32_t error_code = 0); - - - TlsAgent* agent_; - PRFileDesc* fd_; - TlsAgent::Role role_; - Mode mode_; - SSLKEAType kea_; -}; - -class TlsAgentTest : - public TlsAgentTestBase, - public ::testing::WithParamInterface - > { - public: - TlsAgentTest() : - TlsAgentTestBase(ToRole(std::get<0>(GetParam())), - ToMode(std::get<1>(GetParam()))) {} }; } // namespace nss_test diff --git a/security/nss/external_tests/ssl_gtest/tls_connect.cc b/security/nss/external_tests/ssl_gtest/tls_connect.cc index 34c6d126e1e..f34086d7c2a 100644 --- a/security/nss/external_tests/ssl_gtest/tls_connect.cc +++ b/security/nss/external_tests/ssl_gtest/tls_connect.cc @@ -24,9 +24,6 @@ static const std::string kTlsModesAllArr[] = {"TLS", "DTLS"}; static const uint16_t kTlsV10Arr[] = {SSL_LIBRARY_VERSION_TLS_1_0}; ::testing::internal::ParamGenerator TlsConnectTestBase::kTlsV10 = ::testing::ValuesIn(kTlsV10Arr); -static const uint16_t kTlsV11Arr[] = {SSL_LIBRARY_VERSION_TLS_1_1}; -::testing::internal::ParamGenerator - TlsConnectTestBase::kTlsV11 = ::testing::ValuesIn(kTlsV11Arr); static const uint16_t kTlsV11V12Arr[] = {SSL_LIBRARY_VERSION_TLS_1_1, SSL_LIBRARY_VERSION_TLS_1_2}; ::testing::internal::ParamGenerator @@ -58,13 +55,13 @@ TlsConnectTestBase::TlsConnectTestBase(Mode mode, uint16_t version) client_(new TlsAgent("client", TlsAgent::CLIENT, mode_, ssl_kea_rsa)), server_(new TlsAgent("server", TlsAgent::SERVER, mode_, ssl_kea_rsa)), version_(version), - expected_resumption_mode_(RESUME_NONE), - session_ids_(), - expect_extended_master_secret_(false) { + session_ids_() { std::cerr << "Version: " << mode_ << " " << VersionString(version_) << std::endl; } TlsConnectTestBase::~TlsConnectTestBase() { + delete client_; + delete server_; } void TlsConnectTestBase::SetUp() { @@ -79,8 +76,8 @@ void TlsConnectTestBase::SetUp() { } void TlsConnectTestBase::TearDown() { - delete client_; - delete server_; + client_ = nullptr; + server_ = nullptr; SSL_ClearSessionCache(); SSL_ShutdownServerSessionIDCache(); @@ -115,14 +112,7 @@ void TlsConnectTestBase::ResetRsa() { void TlsConnectTestBase::ResetEcdsa() { Reset("ecdsa", ssl_kea_ecdh); -} - -void TlsConnectTestBase::ExpectResumption(SessionResumptionMode expected) { - expected_resumption_mode_ = expected; - if (expected != RESUME_NONE) { - client_->ExpectResumption(); - server_->ExpectResumption(); - } + EnableSomeEcdheCiphers(); } void TlsConnectTestBase::EnsureTlsSetup() { @@ -131,36 +121,28 @@ void TlsConnectTestBase::EnsureTlsSetup() { } void TlsConnectTestBase::Handshake() { + server_->StartConnect(); + client_->StartConnect(); client_->Handshake(); server_->Handshake(); - ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) && - (server_->state() != TlsAgent::STATE_CONNECTING), + ASSERT_TRUE_WAIT((client_->state() != TlsAgent::CONNECTING) && + (server_->state() != TlsAgent::CONNECTING), 5000); -} -void TlsConnectTestBase::EnableExtendedMasterSecret() { - client_->EnableExtendedMasterSecret(); - server_->EnableExtendedMasterSecret(); - ExpectExtendedMasterSecret(true); } void TlsConnectTestBase::Connect() { - server_->StartConnect(); - client_->StartConnect(); Handshake(); - CheckConnected(); -} -void TlsConnectTestBase::CheckConnected() { // Check the version is as expected EXPECT_EQ(client_->version(), server_->version()); EXPECT_EQ(std::min(client_->max_version(), server_->max_version()), client_->version()); - EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); - EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state()); + EXPECT_EQ(TlsAgent::CONNECTED, client_->state()); + EXPECT_EQ(TlsAgent::CONNECTED, server_->state()); int16_t cipher_suite1, cipher_suite2; bool ret = client_->cipher_suite(&cipher_suite1); @@ -180,39 +162,23 @@ void TlsConnectTestBase::CheckConnected() { EXPECT_EQ(32U, sid_s1.size()); EXPECT_EQ(sid_c1, sid_s1); session_ids_.push_back(sid_c1); - - CheckResumption(expected_resumption_mode_); - // Check whether the extended master secret extension was negotiated. - CheckExtendedMasterSecret(); } void TlsConnectTestBase::ConnectExpectFail() { - server_->StartConnect(); - client_->StartConnect(); Handshake(); - ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state()); - ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state()); + ASSERT_EQ(TlsAgent::ERROR, client_->state()); + ASSERT_EQ(TlsAgent::ERROR, server_->state()); } -void TlsConnectTestBase::SetExpectedVersion(uint16_t version) { - client_->SetExpectedVersion(version); - server_->SetExpectedVersion(version); +void TlsConnectTestBase::EnableSomeEcdheCiphers() { + client_->EnableSomeEcdheCiphers(); + server_->EnableSomeEcdheCiphers(); } void TlsConnectTestBase::DisableDheCiphers() { - client_->DisableCiphersByKeyExchange(ssl_kea_dh); - server_->DisableCiphersByKeyExchange(ssl_kea_dh); -} - -void TlsConnectTestBase::DisableEcdheCiphers() { - client_->DisableCiphersByKeyExchange(ssl_kea_ecdh); - server_->DisableCiphersByKeyExchange(ssl_kea_ecdh); -} - -void TlsConnectTestBase::DisableDheAndEcdheCiphers() { - DisableDheCiphers(); - DisableEcdheCiphers(); + client_->DisableDheCiphers(); + server_->DisableDheCiphers(); } void TlsConnectTestBase::ConfigureSessionCache(SessionResumptionMode client, @@ -257,39 +223,13 @@ void TlsConnectTestBase::EnableSrtp() { server_->EnableSrtp(); } -void TlsConnectTestBase::CheckSrtp() const { +void TlsConnectTestBase::CheckSrtp() { client_->CheckSrtp(); server_->CheckSrtp(); } -void TlsConnectTestBase::SendReceive() { - client_->SendData(50); - server_->SendData(50); - WAIT_(client_->received_bytes() == 50U && - server_->received_bytes() == 50U, 2000); - ASSERT_EQ(50U, client_->received_bytes()); - ASSERT_EQ(50U, server_->received_bytes()); -} - -void TlsConnectTestBase::ExpectExtendedMasterSecret(bool expected) { - expect_extended_master_secret_ = expected; -} - -void TlsConnectTestBase::CheckExtendedMasterSecret() { - client_->CheckExtendedMasterSecret(expect_extended_master_secret_); - server_->CheckExtendedMasterSecret(expect_extended_master_secret_); -} - TlsConnectGeneric::TlsConnectGeneric() : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())), std::get<1>(GetParam())) {} -TlsConnectPre12::TlsConnectPre12() - : TlsConnectTestBase(TlsConnectTestBase::ToMode(std::get<0>(GetParam())), - std::get<1>(GetParam())) {} - -TlsConnectTls12::TlsConnectTls12() - : TlsConnectTestBase(TlsConnectTestBase::ToMode(GetParam()), - SSL_LIBRARY_VERSION_TLS_1_2) {} - } // namespace nss_test diff --git a/security/nss/external_tests/ssl_gtest/tls_connect.h b/security/nss/external_tests/ssl_gtest/tls_connect.h index 88caf5924bd..bf7875920b1 100644 --- a/security/nss/external_tests/ssl_gtest/tls_connect.h +++ b/security/nss/external_tests/ssl_gtest/tls_connect.h @@ -24,7 +24,6 @@ class TlsConnectTestBase : public ::testing::Test { static ::testing::internal::ParamGenerator kTlsModesStream; static ::testing::internal::ParamGenerator kTlsModesAll; static ::testing::internal::ParamGenerator kTlsV10; - static ::testing::internal::ParamGenerator kTlsV11; static ::testing::internal::ParamGenerator kTlsV11V12; static ::testing::internal::ParamGenerator kTlsV12Plus; @@ -52,40 +51,27 @@ class TlsConnectTestBase : public ::testing::Test { void Handshake(); // Connect and check that it works. void Connect(); - // Check that the connection was successfully established. - void CheckConnected(); // Connect and expect it to fail. void ConnectExpectFail(); - void SetExpectedVersion(uint16_t version); - // Expect resumption of a particular type. - void ExpectResumption(SessionResumptionMode expected); - void DisableDheAndEcdheCiphers(); + void EnableSomeEcdheCiphers(); void DisableDheCiphers(); - void DisableEcdheCiphers(); - void EnableExtendedMasterSecret(); void ConfigureSessionCache(SessionResumptionMode client, SessionResumptionMode server); + void CheckResumption(SessionResumptionMode expected); void EnableAlpn(); void EnableSrtp(); - void CheckSrtp() const; - void SendReceive(); - void ExpectExtendedMasterSecret(bool expected); - + void CheckSrtp(); protected: + Mode mode_; TlsAgent* client_; TlsAgent* server_; uint16_t version_; - SessionResumptionMode expected_resumption_mode_; std::vector> session_ids_; private: void Reset(const std::string& server_name, SSLKEAType kea); - void CheckResumption(SessionResumptionMode expected); - void CheckExtendedMasterSecret(); - - bool expect_extended_master_secret_; }; // A TLS-only test base. @@ -112,22 +98,6 @@ class TlsConnectGeneric TlsConnectGeneric(); }; -// A Pre TLS 1.2 generic test. -class TlsConnectPre12 - : public TlsConnectTestBase, - public ::testing::WithParamInterface> { - public: - TlsConnectPre12(); -}; - -// A TLS 1.2 only generic test. -class TlsConnectTls12 - : public TlsConnectTestBase, - public ::testing::WithParamInterface { - public: - TlsConnectTls12(); -}; - } // namespace nss_test #endif diff --git a/security/nss/external_tests/ssl_gtest/tls_filter.cc b/security/nss/external_tests/ssl_gtest/tls_filter.cc index 07654eed780..2430cfefda2 100644 --- a/security/nss/external_tests/ssl_gtest/tls_filter.cc +++ b/security/nss/external_tests/ssl_gtest/tls_filter.cc @@ -187,18 +187,6 @@ bool TlsInspectorRecordHandshakeMessage::FilterHandshake( return false; } - -bool TlsInspectorReplaceHandshakeMessage::FilterHandshake( - uint16_t version, uint8_t handshake_type, - const DataBuffer& input, DataBuffer* output) { - if (handshake_type == handshake_type_) { - *output = buffer_; - return true; - } - - return false; -} - bool TlsAlertRecorder::FilterRecord(uint8_t content_type, uint16_t version, const DataBuffer& input, DataBuffer* output) { if (level_ == kTlsAlertFatal) { // already fatal diff --git a/security/nss/external_tests/ssl_gtest/tls_filter.h b/security/nss/external_tests/ssl_gtest/tls_filter.h index 1eec64b2696..49593b36381 100644 --- a/security/nss/external_tests/ssl_gtest/tls_filter.h +++ b/security/nss/external_tests/ssl_gtest/tls_filter.h @@ -75,21 +75,6 @@ class TlsInspectorRecordHandshakeMessage : public TlsHandshakeFilter { DataBuffer buffer_; }; -// Replace all instances of a handshake message. -class TlsInspectorReplaceHandshakeMessage : public TlsHandshakeFilter { - public: - TlsInspectorReplaceHandshakeMessage(uint8_t handshake_type, - const DataBuffer& replacement) - : handshake_type_(handshake_type), buffer_(replacement) {} - - virtual bool FilterHandshake(uint16_t version, uint8_t handshake_type, - const DataBuffer& input, DataBuffer* output); - - private: - uint8_t handshake_type_; - DataBuffer buffer_; -}; - // Records an alert. If an alert has already been recorded, it won't save the // new alert unless the old alert is a warning and the new one is fatal. class TlsAlertRecorder : public TlsRecordFilter { diff --git a/security/nss/external_tests/ssl_gtest/tls_parser.h b/security/nss/external_tests/ssl_gtest/tls_parser.h index da3f3a7ce29..3e6ac24c68d 100644 --- a/security/nss/external_tests/ssl_gtest/tls_parser.h +++ b/security/nss/external_tests/ssl_gtest/tls_parser.h @@ -10,11 +10,7 @@ #include #include #include -#if defined(WIN32) || defined(WIN64) -#include -#else #include -#endif #include "databuffer.h" namespace nss_test { @@ -27,15 +23,11 @@ const uint8_t kTlsHandshakeClientHello = 1; const uint8_t kTlsHandshakeServerHello = 2; const uint8_t kTlsHandshakeCertificate = 11; const uint8_t kTlsHandshakeServerKeyExchange = 12; -const uint8_t kTlsHandshakeCertificateVerify = 15; -const uint8_t kTlsHandshakeClientKeyExchange = 16; -const uint8_t kTlsHandshakeFinished = 20; const uint8_t kTlsAlertWarning = 1; const uint8_t kTlsAlertFatal = 2; const uint8_t kTlsAlertUnexpectedMessage = 10; -const uint8_t kTlsAlertBadRecordMac = 20; const uint8_t kTlsAlertHandshakeFailure = 40; const uint8_t kTlsAlertIllegalParameter = 47; const uint8_t kTlsAlertDecodeError = 50; diff --git a/security/nss/lib/base/hash.c b/security/nss/lib/base/hash.c index 7eaaf6ff0a5..514e547ac8a 100644 --- a/security/nss/lib/base/hash.c +++ b/security/nss/lib/base/hash.c @@ -51,7 +51,9 @@ nss_identity_hash const void *key ) { - return (PLHashNumber)((char *)key - (char *)NULL); + PRUint32 i = (PRUint32)key; + PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); + return (PLHashNumber)i; } static PLHashNumber diff --git a/security/nss/lib/base/list.c b/security/nss/lib/base/list.c index 5f34923b205..d6773d74348 100644 --- a/security/nss/lib/base/list.c +++ b/security/nss/lib/base/list.c @@ -217,8 +217,9 @@ nsslist_add_element(nssList *list, void *data) NSS_IMPLEMENT PRStatus nssList_Add(nssList *list, void *data) { + PRStatus nssrv; NSSLIST_LOCK_IF(list); - (void)nsslist_add_element(list, data); + nssrv = nsslist_add_element(list, data); NSSLIST_UNLOCK_IF(list); return PR_SUCCESS; } diff --git a/security/nss/lib/base/tracker.c b/security/nss/lib/base/tracker.c index 06e2baf2a46..95881f91188 100644 --- a/security/nss/lib/base/tracker.c +++ b/security/nss/lib/base/tracker.c @@ -29,7 +29,7 @@ identity_hash const void *key ) { - return (PLHashNumber)((char *)key - (char *)NULL); + return (PLHashNumber)key; } /* diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index f282bbb9ffa..2581be22725 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -2443,6 +2443,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, { unsigned int i; CERTCertificate **certs = NULL; + SECStatus rv; unsigned int fcerts = 0; if ( ncerts ) { @@ -2490,11 +2491,10 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, * know which cert it belongs to. But we still may try * the individual canickname from the cert itself. */ - /* Bug 1192442 - propagate errors from these calls. */ - (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); + rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL); } else { - (void)CERT_AddTempCertToPerm(certs[i], - nickname?nickname:canickname, NULL); + rv = CERT_AddTempCertToPerm(certs[i], + nickname?nickname:canickname, NULL); } PORT_Free(canickname); @@ -2511,7 +2511,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, } } - return (fcerts || !ncerts) ? SECSuccess : SECFailure; + return ((fcerts || !ncerts) ? SECSuccess : SECFailure); } /* @@ -2893,16 +2893,15 @@ CERT_LockCertRefCount(CERTCertificate *cert) void CERT_UnlockCertRefCount(CERTCertificate *cert) { + PRStatus prstat; + PORT_Assert(certRefCountLock != NULL); -#ifdef DEBUG - { - PRStatus prstat = PZ_Unlock(certRefCountLock); - PORT_Assert(prstat == PR_SUCCESS); - } -#else - PZ_Unlock(certRefCountLock); -#endif + prstat = PZ_Unlock(certRefCountLock); + + PORT_Assert(prstat == PR_SUCCESS); + + return; } static PZLock *certTrustLock = NULL; @@ -2974,16 +2973,15 @@ cert_DestroyLocks(void) void CERT_UnlockCertTrust(const CERTCertificate *cert) { + PRStatus prstat; + PORT_Assert(certTrustLock != NULL); -#ifdef DEBUG - { - PRStatus prstat = PZ_Unlock(certTrustLock); - PORT_Assert(prstat == PR_SUCCESS); - } -#else - PZ_Unlock(certTrustLock); -#endif + prstat = PZ_Unlock(certTrustLock); + + PORT_Assert(prstat == PR_SUCCESS); + + return; } diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c index 05ded1368ae..9f9aa0b2afa 100644 --- a/security/nss/lib/certdb/crl.c +++ b/security/nss/lib/certdb/crl.c @@ -627,6 +627,7 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, CERTSignedCrl *oldCrl = NULL, *crl = NULL; PRBool deleteOldCrl = PR_FALSE; CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; + SECStatus rv; PORT_Assert(newCrl); PORT_Assert(derCrl); @@ -639,8 +640,8 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, /* we can't use the cache here because we must look in the same token */ - (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, - &oldCrl, CRL_DECODE_SKIP_ENTRIES); + rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, + &oldCrl, CRL_DECODE_SKIP_ENTRIES); /* if there is an old crl on the token, make sure the one we are installing is newer. If not, exit out, otherwise delete the old crl. @@ -2692,7 +2693,7 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer, } if (SECFailure == rv) { - (void)CERT_FindCRLEntryReasonExten(entry, &reason); + SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); } break; @@ -3049,7 +3050,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, { NamedCRLCacheEntry* oldEntry, * newEntry = NULL; NamedCRLCache* ncc = NULL; - SECStatus rv = SECSuccess; + SECStatus rv = SECSuccess, rv2; PORT_Assert(namedCRLCache.lock); PORT_Assert(namedCRLCache.entries); @@ -3087,7 +3088,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, (void*) newEntry)) { PORT_Assert(0); - NamedCRLCacheEntry_Destroy(newEntry); + rv2 = NamedCRLCacheEntry_Destroy(newEntry); + PORT_Assert(SECSuccess == rv2); rv = SECFailure; } } @@ -3110,7 +3112,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); + rv2 = NamedCRLCacheEntry_Destroy(oldEntry); + PORT_Assert(SECSuccess == rv2); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3157,7 +3160,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); + rv2 = NamedCRLCacheEntry_Destroy(oldEntry); + PORT_Assert(SECSuccess == rv2); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3169,7 +3173,8 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } } } - PORT_CheckSuccess(cert_ReleaseNamedCRLCache(ncc)); + rv2 = cert_ReleaseNamedCRLCache(ncc); + PORT_Assert(SECSuccess == rv2); return rv; } diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index 6529a6a097a..04c8a77120c 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -67,6 +67,16 @@ static const SEC_ASN1Template CERTOtherNameTemplate[] = { sizeof(CERTGeneralName) } }; +static const SEC_ASN1Template CERTOtherName2Template[] = { + { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 , + 0, NULL, sizeof(CERTGeneralName) }, + { SEC_ASN1_OBJECT_ID, + offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) }, + { SEC_ASN1_ANY, + offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) }, + { 0, } +}; + static const SEC_ASN1Template CERT_RFC822NameTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 , offsetof(CERTGeneralName, name.other), diff --git a/security/nss/lib/certdb/secname.c b/security/nss/lib/certdb/secname.c index 88a0cf75ef3..d070bbfc735 100644 --- a/security/nss/lib/certdb/secname.c +++ b/security/nss/lib/certdb/secname.c @@ -240,6 +240,14 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from) return 0; } +/************************************************************************/ +/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */ +static const SEC_ASN1Template cert_RDNTemplate[] = { + { SEC_ASN1_SET_OF, + offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } +}; + + CERTRDN * CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...) { diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c index b06b7af331d..74651baf271 100644 --- a/security/nss/lib/certhigh/certhigh.c +++ b/security/nss/lib/certhigh/certhigh.c @@ -24,6 +24,8 @@ CERT_MatchNickname(char *name1, char *name2) { char *nickname2 = NULL; char *token1; char *token2; + char *token = NULL; + int len; /* first deal with the straight comparison */ if (PORT_Strcmp(name1, name2) == 0) { @@ -38,17 +40,20 @@ CERT_MatchNickname(char *name1, char *name2) { return PR_FALSE; } if (token1) { + token=name1; nickname1=token1; nickname2=name2; } else { + token=name2; nickname1=token2; nickname2=name1; } + len = nickname1-token; nickname1++; if (PORT_Strcmp(nickname1,nickname2) != 0) { return PR_FALSE; } - /* Bug 1192443 - compare the other token with the internal slot here */ + /* compare the other token with the internal slot here */ return PR_TRUE; } diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 2deb281f2f0..3141163deb8 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -23,7 +23,6 @@ #include "pkim.h" #include "pki3hack.h" #include "base.h" -#include "keyhi.h" /* * Check the validity times of a certificate @@ -35,94 +34,6 @@ CERT_CertTimesValid(CERTCertificate *c) return (valid == secCertTimeValid) ? SECSuccess : SECFailure; } -SECStatus checkKeyParams(const SECAlgorithmID *sigAlgorithm, const SECKEYPublicKey *key) -{ - SECStatus rv; - SECOidTag sigAlg; - SECOidTag curve; - PRUint32 policyFlags = 0; - PRInt32 minLen, len; - - sigAlg = SECOID_GetAlgorithmTag(sigAlgorithm); - - switch(sigAlg) { - case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: - case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: - if (key->keyType != ecKey) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - - curve = SECKEY_GetECCOid(&key->u.ec.DEREncodedParams); - if (curve != 0) { - if (NSS_GetAlgorithmPolicy(curve, &policyFlags) == SECFailure || - !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { - PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); - return SECFailure; - } else { - return SECSuccess; - } - } else { - PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE); - return SECFailure; - } - return SECSuccess; - case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION: - case SEC_OID_PKCS1_RSA_PSS_SIGNATURE: - case SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE: - case SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE: - if (key->keyType != rsaKey && key->keyType != rsaPssKey) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - - len = 8 * key->u.rsa.modulus.len; - - rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minLen); - if (rv != SECSuccess) { - return SECFailure; - } - - if (len < minLen) { - return SECFailure; - } - - return SECSuccess; - case SEC_OID_ANSIX9_DSA_SIGNATURE: - case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: - case SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST: - case SEC_OID_SDN702_DSA_SIGNATURE: - case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST: - case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: - if (key->keyType != dsaKey) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return SECFailure; - } - - len = 8 * key->u.dsa.params.prime.len; - - rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minLen); - if (rv != SECSuccess) { - return SECFailure; - } - - if (len < minLen) { - return SECFailure; - } - - return SECSuccess; - default: - return SECSuccess; - } -} - /* * verify the signature of a signed data object with the given DER publickey */ @@ -139,6 +50,7 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd, PORT_SetError(PR_INVALID_ARGUMENT_ERROR); return SECFailure; } + /* check the signature */ sig = sd->signature; /* convert sig->len from bit counts to byte count. */ @@ -149,17 +61,11 @@ CERT_VerifySignedDataWithPublicKey(const CERTSignedData *sd, if (rv == SECSuccess) { /* Are we honoring signatures for this algorithm? */ PRUint32 policyFlags = 0; - rv = checkKeyParams(&sd->signatureAlgorithm, pubKey); - if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); - return SECFailure; - } - rv = NSS_GetAlgorithmPolicy(hashAlg, &policyFlags); if (rv == SECSuccess && !(policyFlags & NSS_USE_ALG_IN_CERT_SIGNATURE)) { PORT_SetError(SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED); - return SECFailure; + rv = SECFailure; } } return rv; diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index b89fe215fe8..dcb2dbf2cc5 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -1412,13 +1412,13 @@ setRevocationMethod(PKIX_RevocationChecker *revChecker, { PKIX_UInt32 methodFlags = 0; PKIX_Error *error = NULL; - PKIX_UInt32 priority = 0; + int priority = 0; - if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) { + if (revTest->number_of_defined_methods <= certRevMethod) { return NULL; } if (revTest->preferred_methods) { - unsigned int i = 0; + int i = 0; for (;i < revTest->number_of_preferred_methods;i++) { if (revTest->preferred_methods[i] == certRevMethod) break; @@ -1454,6 +1454,7 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, CERTCertListNode *node; PKIX_PL_Cert *certPkix = NULL; PKIX_TrustAnchor *trustAnchor = NULL; + PKIX_PL_Date *revDate = NULL; PKIX_RevocationChecker *revChecker = NULL; PKIX_PL_NssContext *nssContext = (PKIX_PL_NssContext *)plContext; @@ -1663,6 +1664,9 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, if (date != NULL) PKIX_PL_Object_DecRef((PKIX_PL_Object *)date, plContext); + if (revDate != NULL) + PKIX_PL_Object_DecRef((PKIX_PL_Object *)revDate, plContext); + if (revChecker != NULL) PKIX_PL_Object_DecRef((PKIX_PL_Object *)revChecker, plContext); diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index 86ae0a063b3..59b341f1e80 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -559,19 +559,14 @@ ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item) * because of an allocation failure, or it could get removed because we're * cleaning up. */ + PRBool couldRemoveFromHashTable; OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread())); PR_EnterMonitor(OCSP_Global.monitor); ocsp_RemoveCacheItemFromLinkedList(cache, item); -#ifdef DEBUG - { - PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, - item->certID); - PORT_Assert(couldRemoveFromHashTable); - } -#else - PL_HashTableRemove(cache->entries, item->certID); -#endif + couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, + item->certID); + PORT_Assert(couldRemoveFromHashTable); --cache->numberOfEntries; ocsp_FreeCacheItem(item); PR_ExitMonitor(OCSP_Global.monitor); diff --git a/security/nss/lib/certhigh/xcrldist.c b/security/nss/lib/certhigh/xcrldist.c index 291a9d888e7..286dc377591 100644 --- a/security/nss/lib/certhigh/xcrldist.c +++ b/security/nss/lib/certhigh/xcrldist.c @@ -101,6 +101,9 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena, rv = SECFailure; break; + /* distributionPointName is omitted */ + case 0: break; + default: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); rv = SECFailure; diff --git a/security/nss/lib/ckfw/builtins/binst.c b/security/nss/lib/ckfw/builtins/binst.c index 8cb057d9665..8940ea035ec 100644 --- a/security/nss/lib/ckfw/builtins/binst.c +++ b/security/nss/lib/ckfw/builtins/binst.c @@ -65,8 +65,10 @@ builtins_mdInstance_GetLibraryVersion NSSCKFWInstance *fwInstance ) { -#define NSS_VERSION_VARIABLE __nss_builtins_version -#include "verref.h" + extern const char __nss_builtins_version[]; + volatile char c; /* force a reference that won't get optimized away */ + + c = __nss_builtins_version[0]; return nss_builtins_LibraryVersion; } diff --git a/security/nss/lib/ckfw/builtins/certdata.perl b/security/nss/lib/ckfw/builtins/certdata.perl index e77decf9fcd..56771f5cb43 100644 --- a/security/nss/lib/ckfw/builtins/certdata.perl +++ b/security/nss/lib/ckfw/builtins/certdata.perl @@ -11,6 +11,7 @@ my $o; my @objects = (); my @objsize; +$constants{CKO_DATA} = "static const CK_OBJECT_CLASS cko_data = CKO_DATA;\n"; $constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n"; $constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n"; diff --git a/security/nss/lib/ckfw/hash.c b/security/nss/lib/ckfw/hash.c index e4f6ce2bd22..51f53b1a94c 100644 --- a/security/nss/lib/ckfw/hash.c +++ b/security/nss/lib/ckfw/hash.c @@ -48,7 +48,9 @@ nss_ckfw_identity_hash const void *key ) { - return (PLHashNumber)((char *)key - (char *)NULL); + PRUint32 i = (PRUint32)key; + PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); + return (PLHashNumber)i; } /* diff --git a/security/nss/lib/ckfw/token.c b/security/nss/lib/ckfw/token.c index 4a975764341..aaaf118889b 100644 --- a/security/nss/lib/ckfw/token.c +++ b/security/nss/lib/ckfw/token.c @@ -1258,7 +1258,7 @@ nssCKFWToken_GetUTCTime { /* Format is YYYYMMDDhhmmss00 */ int i; - int Y, M, D, h, m, s; + int Y, M, D, h, m, s, z; static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; for( i = 0; i < 16; i++ ) { @@ -1274,6 +1274,7 @@ nssCKFWToken_GetUTCTime h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0'); m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); + z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0'); if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */ if( (M < 1) || (M > 12) ) goto badtime; diff --git a/security/nss/lib/crmf/cmmfchal.c b/security/nss/lib/crmf/cmmfchal.c index bf0b7ba377c..8f7b2982a3d 100644 --- a/security/nss/lib/crmf/cmmfchal.c +++ b/security/nss/lib/crmf/cmmfchal.c @@ -30,6 +30,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}}; PK11SlotInfo *slot; PK11SymKey *symKey = NULL; + CK_OBJECT_HANDLE id; CERTSubjectPublicKeyInfo *spki = NULL; @@ -75,7 +76,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, rv = SECFailure; goto loser; } - (void)PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); + id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); /* In order to properly encrypt the data, we import as a symmetric * key, and then wrap that key. That in essence encrypts the data. * This is the method recommended in the PK11 world in order diff --git a/security/nss/lib/crmf/crmfcont.c b/security/nss/lib/crmf/crmfcont.c index 4e274d32c82..cc386ea30c3 100644 --- a/security/nss/lib/crmf/crmfcont.c +++ b/security/nss/lib/crmf/crmfcont.c @@ -857,6 +857,7 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, { SECKEYPublicKey *caPubKey = NULL; CRMFEncryptedKey *encKey = NULL; + CRMFEncryptedValue *dummy; PORT_Assert(inPrivKey != NULL && inCACert != NULL); if (inPrivKey == NULL || inCACert == NULL) { @@ -872,17 +873,10 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, if (encKey == NULL) { goto loser; } -#ifdef DEBUG - { - CRMFEncryptedValue *dummy = - crmf_create_encrypted_value_wrapped_privkey( - inPrivKey, caPubKey, &encKey->value.encryptedValue); - PORT_Assert(dummy == &encKey->value.encryptedValue); - } -#else - crmf_create_encrypted_value_wrapped_privkey( - inPrivKey, caPubKey, &encKey->value.encryptedValue); -#endif + dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, + caPubKey, + &encKey->value.encryptedValue); + PORT_Assert(dummy == &encKey->value.encryptedValue); /* We won't add the der value here, but rather when it * becomes part of a certificate request. */ diff --git a/security/nss/lib/crmf/crmfi.h b/security/nss/lib/crmf/crmfi.h index fd27a9b9a12..0dc9b4986a2 100644 --- a/security/nss/lib/crmf/crmfi.h +++ b/security/nss/lib/crmf/crmfi.h @@ -52,7 +52,7 @@ struct crmfEncoderArg { SECItem *buffer; - unsigned long allocatedLen; + long allocatedLen; }; struct crmfEncoderOutput { diff --git a/security/nss/lib/crmf/crmfpop.c b/security/nss/lib/crmf/crmfpop.c index 2d4e32699f3..78381bf79ec 100644 --- a/security/nss/lib/crmf/crmfpop.c +++ b/security/nss/lib/crmf/crmfpop.c @@ -10,7 +10,7 @@ #include "keyhi.h" #include "cryptohi.h" -#define CRMF_DEFAULT_ALLOC_SIZE 1024U +#define CRMF_DEFAULT_ALLOC_SIZE 1024 SECStatus crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, @@ -33,6 +33,7 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) { + SECItem *dummy; CRMFProofOfPossession *pop; PLArenaPool *poolp; void *mark; @@ -51,9 +52,9 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) pop->popChoice.raVerified.data = NULL; pop->popChoice.raVerified.len = 0; inCertReqMsg->pop = pop; - (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), - &(pop->popChoice.raVerified), - CRMFRAVerifiedTemplate); + dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), + &(pop->popChoice.raVerified), + CRMFRAVerifiedTemplate); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); diff --git a/security/nss/lib/crmf/crmftmpl.c b/security/nss/lib/crmf/crmftmpl.c index 320d524635f..73d75f8b7fb 100644 --- a/security/nss/lib/crmf/crmftmpl.c +++ b/security/nss/lib/crmf/crmftmpl.c @@ -138,6 +138,19 @@ const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = { CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)} }; +static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | + SEC_ASN1_CONTEXT_SPECIFIC | 0, + offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) }, + { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1, + offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, + offsetof(CRMFPOPOSigningKeyInput, publicKey), + SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) }, + { 0 } +}; + const SEC_ASN1Template CRMFRAVerifiedTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN, 0, @@ -239,3 +252,19 @@ const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = { CRMFEncryptedValueTemplate}, { 0 } }; + +static const SEC_ASN1Template CRMFSinglePubInfoTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFSinglePubInfo)}, + { SEC_ASN1_INTEGER, offsetof(CRMFSinglePubInfo, pubMethod) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC, + offsetof(CRMFSinglePubInfo, pubLocation) }, + { 0 } +}; + +static const SEC_ASN1Template CRMFPublicationInfoTemplate[] ={ + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPKIPublicationInfo) }, + { SEC_ASN1_INTEGER, offsetof(CRMFPKIPublicationInfo, action) }, + { SEC_ASN1_POINTER, offsetof(CRMFPKIPublicationInfo, pubInfos), + CRMFSinglePubInfoTemplate}, + { 0 } +}; diff --git a/security/nss/lib/cryptohi/keyhi.h b/security/nss/lib/cryptohi/keyhi.h index 0ed3698ebf2..411ea00e3cd 100644 --- a/security/nss/lib/cryptohi/keyhi.h +++ b/security/nss/lib/cryptohi/keyhi.h @@ -260,14 +260,6 @@ extern int SECKEY_ECParamsToKeySize(const SECItem *params); */ extern int SECKEY_ECParamsToBasePointOrderLen(const SECItem *params); -/* - * Returns the object identifier of the curve, of the provided - * elliptic curve parameters structures. - * - * Return 0 on failure (unknown EC domain parameters). - */ -SECOidTag SECKEY_GetECCOid(const SECKEYECParams * params); - SEC_END_PROTOS #endif /* _KEYHI_H_ */ diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index 1fcd4087f0d..1eb0a7c4dbb 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -1565,7 +1565,7 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, * this yet. */ PORT_Memset(pvk->privateKey.data, 0, pvk->privateKey.len); - PORT_Memset(pvk, 0, sizeof(*pvk)); + PORT_Memset((char *)pvk, 0, sizeof(*pvk)); if(freeit == PR_TRUE) { PORT_FreeArena(poolp, PR_TRUE); } else { @@ -1575,7 +1575,7 @@ SECKEY_DestroyPrivateKeyInfo(SECKEYPrivateKeyInfo *pvk, SECITEM_ZfreeItem(&pvk->version, PR_FALSE); SECITEM_ZfreeItem(&pvk->privateKey, PR_FALSE); SECOID_DestroyAlgorithmID(&pvk->algorithm, PR_FALSE); - PORT_Memset(pvk, 0, sizeof(*pvk)); + PORT_Memset((char *)pvk, 0, sizeof(*pvk)); if(freeit == PR_TRUE) { PORT_Free(pvk); } @@ -1596,7 +1596,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, * this yet. */ PORT_Memset(epki->encryptedData.data, 0, epki->encryptedData.len); - PORT_Memset(epki, 0, sizeof(*epki)); + PORT_Memset((char *)epki, 0, sizeof(*epki)); if(freeit == PR_TRUE) { PORT_FreeArena(poolp, PR_TRUE); } else { @@ -1605,7 +1605,7 @@ SECKEY_DestroyEncryptedPrivateKeyInfo(SECKEYEncryptedPrivateKeyInfo *epki, } else { SECITEM_ZfreeItem(&epki->encryptedData, PR_FALSE); SECOID_DestroyAlgorithmID(&epki->algorithm, PR_FALSE); - PORT_Memset(epki, 0, sizeof(*epki)); + PORT_Memset((char *)epki, 0, sizeof(*epki)); if(freeit == PR_TRUE) { PORT_Free(epki); } @@ -1904,22 +1904,3 @@ SECKEY_CacheStaticFlags(SECKEYPrivateKey* key) } return rv; } - -SECOidTag -SECKEY_GetECCOid(const SECKEYECParams * params) -{ - SECItem oid = { siBuffer, NULL, 0}; - SECOidData *oidData = NULL; - - /* - * params->data needs to contain the ASN encoding of an object ID (OID) - * representing a named curve. Here, we strip away everything - * before the actual OID and use the OID to look up a named curve. - */ - if (params->data[0] != SEC_ASN1_OBJECT_ID) return 0; - oid.len = params->len - 2; - oid.data = params->data + 2; - if ((oidData = SECOID_FindOID(&oid)) == NULL) return 0; - - return oidData->offset; -} diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c index 669f3b32a00..890e86828ae 100644 --- a/security/nss/lib/dbm/src/h_page.c +++ b/security/nss/lib/dbm/src/h_page.c @@ -158,11 +158,10 @@ long new_lseek(int fd, long offset, int origin) { char buffer[1024]; long len = seek_pos-end_pos; - memset(buffer, 0, 1024); + memset(&buffer, 0, 1024); while(len > 0) { - if(write(fd, buffer, (size_t)(1024 > len ? len : 1024)) < 0) - return(-1); + write(fd, (char*)&buffer, (size_t)(1024 > len ? len : 1024)); len -= 1024; } return(lseek(fd, seek_pos, SEEK_SET)); @@ -721,6 +720,23 @@ __get_page(HTAB *hashp, PAGE_INIT(p); } else { +#ifdef DEBUG + if(BYTE_ORDER == LITTLE_ENDIAN) + { + int is_little_endian; + is_little_endian = BYTE_ORDER; + } + else if(BYTE_ORDER == BIG_ENDIAN) + { + int is_big_endian; + is_big_endian = BYTE_ORDER; + } + else + { + assert(0); + } +#endif + if (hashp->LORDER != BYTE_ORDER) { register int i, max; @@ -982,7 +998,7 @@ overflow_page(HTAB *hashp) if (offset > SPLITMASK) { if (++splitnum >= NCACHED) { #ifndef macintosh - (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); + (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); #endif return (0); } @@ -997,7 +1013,7 @@ overflow_page(HTAB *hashp) free_page++; if (free_page >= NCACHED) { #ifndef macintosh - (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); + (void)write(STDERR_FILENO, OVMSG, sizeof(OVMSG) - 1); #endif return (0); } @@ -1023,7 +1039,8 @@ overflow_page(HTAB *hashp) if (offset > SPLITMASK) { if (++splitnum >= NCACHED) { #ifndef macintosh - (void)fwrite(OVMSG, 1, sizeof(OVMSG) - 1, stderr); + (void)write(STDERR_FILENO, OVMSG, + sizeof(OVMSG) - 1); #endif return (0); } diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c index b3a904a8329..3f9a516e03a 100644 --- a/security/nss/lib/dbm/src/hash.c +++ b/security/nss/lib/dbm/src/hash.c @@ -911,7 +911,7 @@ hash_seq( uint flag) { register uint32 bucket; - register BUFHEAD *bufp = NULL; + register BUFHEAD *bufp; HTAB *hashp; uint16 *bp, ndx; diff --git a/security/nss/lib/dev/devslot.c b/security/nss/lib/dev/devslot.c index f49915ee152..d97cbba32e4 100644 --- a/security/nss/lib/dev/devslot.c +++ b/security/nss/lib/dev/devslot.c @@ -25,6 +25,9 @@ /* measured as interval */ static PRIntervalTime s_token_delay_time = 0; +/* The flags needed to open a read-only session. */ +static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION; + NSS_IMPLEMENT PRStatus nssSlot_Destroy ( NSSSlot *slot diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index 7223e489bd3..b6032812fb4 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -1466,6 +1466,7 @@ nssToken_TraverseCertificates ( CK_ATTRIBUTE cert_template[2]; CK_ULONG ctsize; NSSArena *arena; + PRStatus status; PRUint32 arraySize, numHandles; nssCryptokiObject **objects; void *epv = nssToken_GetCryptokiEPV(token); @@ -1543,7 +1544,7 @@ nssToken_TraverseCertificates ( if (objects) { nssCryptokiObject **op; for (op = objects; *op; op++) { - (void)(*callback)(*op, arg); + status = (*callback)(*op, arg); } nss_ZFreeIf(objects); } diff --git a/security/nss/lib/freebl/Makefile b/security/nss/lib/freebl/Makefile index ab0b1e57177..68fcddfe9a7 100644 --- a/security/nss/lib/freebl/Makefile +++ b/security/nss/lib/freebl/Makefile @@ -559,7 +559,7 @@ SINGLE_SHLIB_DIR = $(OBJDIR)/$(OS_TARGET)_SINGLE_SHLIB ALL_TRASH += $(SINGLE_SHLIB_DIR) $(SINGLE_SHLIB_DIR): - -mkdir -p $(SINGLE_SHLIB_DIR) + -mkdir $(SINGLE_SHLIB_DIR) release_md libs:: $(SINGLE_SHLIB_DIR) $(MAKE) FREEBL_CHILD_BUILD=1 \ diff --git a/security/nss/lib/freebl/cts.c b/security/nss/lib/freebl/cts.c index 984e05b9507..5d4ed18bc3e 100644 --- a/security/nss/lib/freebl/cts.c +++ b/security/nss/lib/freebl/cts.c @@ -185,7 +185,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, unsigned char lastBlock[MAX_BLOCK_SIZE]; const unsigned char *tmp; unsigned int tmpLen; - unsigned int fullblocks, pad; + int fullblocks, pad; unsigned int i; SECStatus rv; diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c index 66c11013470..54ff4803ea5 100644 --- a/security/nss/lib/freebl/dh.c +++ b/security/nss/lib/freebl/dh.c @@ -205,7 +205,7 @@ DH_Derive(SECItem *publicValue, { mp_int p, Xa, Yb, ZZ, psub1; mp_err err = MP_OKAY; - unsigned int len = 0; + int len = 0; unsigned int nb; unsigned char *secret = NULL; if (!publicValue || !prime || !privateValue || !derivedSecret) { @@ -252,24 +252,6 @@ DH_Derive(SECItem *publicValue, err = MP_BADARG; goto cleanup; } - - /* - * We check to make sure that ZZ is not equal to 1 or -1 mod p. - * This helps guard against small subgroup attacks, since an attacker - * using a subgroup of size N will produce 1 or -1 with probability 1/N. - * When the protocol is executed within a properly large subgroup, the - * probability of this result will be negligibly small. For example, - * with a strong prime of the form 2p+1, the probability will be 1/p. - * - * We return MP_BADARG because this is probably the result of a bad - * public value or a bad prime having been provided. - */ - if (mp_cmp_d(&ZZ, 1) == 0 || - mp_cmp(&ZZ, &psub1) == 0) { - err = MP_BADARG; - goto cleanup; - } - /* allocate a buffer which can hold the entire derived secret. */ secret = PORT_Alloc(len); /* grab the derived secret */ diff --git a/security/nss/lib/freebl/drbg.c b/security/nss/lib/freebl/drbg.c index 391d45604fc..4745df4c75f 100644 --- a/security/nss/lib/freebl/drbg.c +++ b/security/nss/lib/freebl/drbg.c @@ -24,7 +24,7 @@ * for SHA-1, SHA-224, and SHA-256 it's 440 bits. * for SHA-384 and SHA-512 it's 888 bits */ #define PRNG_SEEDLEN (440/PR_BITS_PER_BYTE) -#define PRNG_MAX_ADDITIONAL_BYTES PR_INT64(0x100000000) +static const PRInt64 PRNG_MAX_ADDITIONAL_BYTES = LL_INIT(0x1, 0x0); /* 2^35 bits or 2^32 bytes */ #define PRNG_MAX_REQUEST_SIZE 0x10000 /* 2^19 bits or 2^16 bytes */ #define PRNG_ADDITONAL_DATA_CACHE_SIZE (8*1024) /* must be less than @@ -247,32 +247,26 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, /* * build some fast inline functions for adding. */ -#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \ - { \ - int k1; \ - for (k1 = start; carry && k1 >= 0; k1--) { \ - carry = !(++dest[k1]); \ - } \ - } +#define PRNG_ADD_CARRY_ONLY(dest, start, cy) \ + carry = cy; \ + for (k1=start; carry && k1 >=0 ; k1--) { \ + carry = !(++dest[k1]); \ + } /* * NOTE: dest must be an array for the following to work. */ -#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ +#define PRNG_ADD_BITS(dest, dest_len, add, len) \ carry = 0; \ - PORT_Assert((dest_len) >= (len)); \ - { \ - int k1, k2; \ - for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \ - carry += dest[k1] + add[k2]; \ - dest[k1] = (PRUint8) carry; \ - carry >>= 8; \ - } \ + for (k1=dest_len -1, k2=len-1; k2 >= 0; --k1, --k2) { \ + carry += dest[k1]+ add[k2]; \ + dest[k1] = (PRUint8) carry; \ + carry >>= 8; \ } -#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ - PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ - PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) +#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len) \ + PRNG_ADD_BITS(dest, dest_len, add, len) \ + PRNG_ADD_CARRY_ONLY(dest, k1, carry) /* * This function expands the internal state of the prng to fulfill any number @@ -292,6 +286,7 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, SHA256Context ctx; unsigned int len; unsigned int carry; + int k1; SHA256_Begin(&ctx); SHA256_Update(&ctx, data, sizeof data); @@ -300,8 +295,7 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, no_of_returned_bytes -= len; /* The carry parameter is a bool (increment or not). * This increments data if no_of_returned_bytes is not zero */ - carry = no_of_returned_bytes; - PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry); + PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes); } PORT_Memset(data, 0, sizeof data); } @@ -321,6 +315,7 @@ prng_generateNewBytes(RNGContext *rng, PRUint8 H[SHA256_LENGTH]; /* both H and w since they * aren't used concurrently */ unsigned int carry; + int k1, k2; if (!rng->isValid) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -341,7 +336,7 @@ prng_generateNewBytes(RNGContext *rng, SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data); SHA256_Update(&ctx, additional_input, additional_input_len); SHA256_End(&ctx, w, NULL, sizeof w); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry) + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w) PORT_Memset(w, 0, sizeof w); #undef w } @@ -355,12 +350,11 @@ prng_generateNewBytes(RNGContext *rng, /* advance our internal state... */ rng->V_type = prngGenerateByteType; SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry) - PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry); + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H) + PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C); PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter, - sizeof rng->reseed_counter, carry) - carry = 1; - PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry); + sizeof rng->reseed_counter) + PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1); /* continuous rng check */ if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) { @@ -516,7 +510,7 @@ RNG_RandomUpdate(const void *data, size_t bytes) PR_STATIC_ASSERT(sizeof(size_t) > 4); - if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) { + if (bytes > PRNG_MAX_ADDITIONAL_BYTES) { bytes = PRNG_MAX_ADDITIONAL_BYTES; } #else diff --git a/security/nss/lib/freebl/dsa.c b/security/nss/lib/freebl/dsa.c index 0da63ed5493..ad3ce00435e 100644 --- a/security/nss/lib/freebl/dsa.c +++ b/security/nss/lib/freebl/dsa.c @@ -502,7 +502,7 @@ DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature, mp_int u1, u2, v, w; /* intermediate values used in verification */ mp_int y; /* public key */ mp_err err; - unsigned int dsa_subprime_len, dsa_signature_len, offset; + int dsa_subprime_len, dsa_signature_len, offset; SECItem localDigest; unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN]; SECStatus verified = SECFailure; diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c index 4435f91eaa3..6af242dc108 100644 --- a/security/nss/lib/freebl/ec.c +++ b/security/nss/lib/freebl/ec.c @@ -543,15 +543,6 @@ ECDH_Derive(SECItem *publicValue, return SECFailure; } - /* - * We fail if the public value is the point at infinity, since - * this produces predictable results. - */ - if (ec_point_at_infinity(publicValue)) { - PORT_SetError(SEC_ERROR_BAD_KEY); - return SECFailure; - } - MP_DIGITS(&k) = 0; memset(derivedSecret, 0, sizeof *derivedSecret); len = (ecParams->fieldID.size + 7) >> 3; diff --git a/security/nss/lib/freebl/ecl/ecl-priv.h b/security/nss/lib/freebl/ecl/ecl-priv.h index 16f80a4652c..22dd355a276 100644 --- a/security/nss/lib/freebl/ecl/ecl-priv.h +++ b/security/nss/lib/freebl/ecl/ecl-priv.h @@ -29,39 +29,40 @@ ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i)) #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) -#define MP_ADD_CARRY(a1, a2, s, carry) \ +#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ { mp_word w; \ - w = ((mp_word)carry) + (a1) + (a2); \ + w = ((mp_word)(cin)) + (a1) + (a2); \ s = ACCUM(w); \ - carry = CARRYOUT(w); } + cout = CARRYOUT(w); } -#define MP_SUB_BORROW(a1, a2, s, borrow) \ +#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ { mp_word w; \ - w = ((mp_word)(a1)) - (a2) - borrow; \ + w = ((mp_word)(a1)) - (a2) - (bin); \ s = ACCUM(w); \ - borrow = (w >> MP_DIGIT_BIT) & 1; } + bout = (w >> MP_DIGIT_BIT) & 1; } #else /* NOTE, - * carry and borrow are both read and written. + * cin and cout could be the same variable. + * bin and bout could be the same variable. * a1 or a2 and s could be the same variable. * don't trash those outputs until their respective inputs have * been read. */ -#define MP_ADD_CARRY(a1, a2, s, carry) \ +#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ { mp_digit tmp,sum; \ tmp = (a1); \ sum = tmp + (a2); \ tmp = (sum < tmp); /* detect overflow */ \ - s = sum += carry; \ - carry = tmp + (sum < carry); } + s = sum += (cin); \ + cout = tmp + (sum < (cin)); } -#define MP_SUB_BORROW(a1, a2, s, borrow) \ +#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ { mp_digit tmp; \ tmp = (a1); \ s = tmp - (a2); \ tmp = (s > tmp); /* detect borrow */ \ - if (borrow && !s--) tmp++; \ - borrow = tmp; } + if ((bin) && !s--) tmp++; \ + bout = tmp; } #endif diff --git a/security/nss/lib/freebl/ecl/ecl_gf.c b/security/nss/lib/freebl/ecl/ecl_gf.c index d250d7863a3..22047d519a9 100644 --- a/security/nss/lib/freebl/ecl/ecl_gf.c +++ b/security/nss/lib/freebl/ecl/ecl_gf.c @@ -242,10 +242,9 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - carry = 0; - MP_ADD_CARRY(a0, r0, r0, carry); - MP_ADD_CARRY(a1, r1, r1, carry); - MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a0, r0, r0, 0, carry); + MP_ADD_CARRY(a1, r1, r1, carry, carry); + MP_ADD_CARRY(a2, r2, r2, carry, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -274,10 +273,9 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - carry = 0; - MP_SUB_BORROW(r0, a0, r0, carry); - MP_SUB_BORROW(r1, a1, r1, carry); - MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r0, a0, r0, 0, carry); + MP_SUB_BORROW(r1, a1, r1, carry, carry); + MP_SUB_BORROW(r2, a2, r2, carry, carry); #else __asm__ ( "subq %3,%0 \n\t" @@ -331,11 +329,10 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - carry = 0; - MP_ADD_CARRY(a0, r0, r0, carry); - MP_ADD_CARRY(a1, r1, r1, carry); - MP_ADD_CARRY(a2, r2, r2, carry); - MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a0, r0, r0, 0, carry); + MP_ADD_CARRY(a1, r1, r1, carry, carry); + MP_ADD_CARRY(a2, r2, r2, carry, carry); + MP_ADD_CARRY(a3, r3, r3, carry, carry); #else __asm__ ( "xorq %4,%4 \n\t" @@ -367,11 +364,10 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - carry = 0; - MP_SUB_BORROW(r0, a0, r0, carry); - MP_SUB_BORROW(r1, a1, r1, carry); - MP_SUB_BORROW(r2, a2, r2, carry); - MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r0, a0, r0, 0, carry); + MP_SUB_BORROW(r1, a1, r1, carry, carry); + MP_SUB_BORROW(r2, a2, r2, carry, carry); + MP_SUB_BORROW(r3, a3, r3, carry, carry); #else __asm__ ( "subq %4,%0 \n\t" @@ -430,12 +426,11 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - carry = 0; - MP_ADD_CARRY(a0, r0, r0, carry); - MP_ADD_CARRY(a1, r1, r1, carry); - MP_ADD_CARRY(a2, r2, r2, carry); - MP_ADD_CARRY(a3, r3, r3, carry); - MP_ADD_CARRY(a4, r4, r4, carry); + MP_ADD_CARRY(a0, r0, r0, 0, carry); + MP_ADD_CARRY(a1, r1, r1, carry, carry); + MP_ADD_CARRY(a2, r2, r2, carry, carry); + MP_ADD_CARRY(a3, r3, r3, carry, carry); + MP_ADD_CARRY(a4, r4, r4, carry, carry); MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -455,12 +450,11 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - carry = 0; - MP_SUB_BORROW(r0, a0, r0, carry); - MP_SUB_BORROW(r1, a1, r1, carry); - MP_SUB_BORROW(r2, a2, r2, carry); - MP_SUB_BORROW(r3, a3, r3, carry); - MP_SUB_BORROW(r4, a4, r4, carry); + MP_SUB_BORROW(r0, a0, r0, 0, carry); + MP_SUB_BORROW(r1, a1, r1, carry, carry); + MP_SUB_BORROW(r2, a2, r2, carry, carry); + MP_SUB_BORROW(r3, a3, r3, carry, carry); + MP_SUB_BORROW(r4, a4, r4, carry, carry); MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; MP_DIGIT(r, 2) = r2; @@ -513,13 +507,12 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - carry = 0; - MP_ADD_CARRY(a0, r0, r0, carry); - MP_ADD_CARRY(a1, r1, r1, carry); - MP_ADD_CARRY(a2, r2, r2, carry); - MP_ADD_CARRY(a3, r3, r3, carry); - MP_ADD_CARRY(a4, r4, r4, carry); - MP_ADD_CARRY(a5, r5, r5, carry); + MP_ADD_CARRY(a0, r0, r0, 0, carry); + MP_ADD_CARRY(a1, r1, r1, carry, carry); + MP_ADD_CARRY(a2, r2, r2, carry, carry); + MP_ADD_CARRY(a3, r3, r3, carry, carry); + MP_ADD_CARRY(a4, r4, r4, carry, carry); + MP_ADD_CARRY(a5, r5, r5, carry, carry); MP_CHECKOK(s_mp_pad(r, 6)); MP_DIGIT(r, 5) = r5; @@ -541,13 +534,12 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - carry = 0; - MP_SUB_BORROW(r0, a0, r0, carry); - MP_SUB_BORROW(r1, a1, r1, carry); - MP_SUB_BORROW(r2, a2, r2, carry); - MP_SUB_BORROW(r3, a3, r3, carry); - MP_SUB_BORROW(r4, a4, r4, carry); - MP_SUB_BORROW(r5, a5, r5, carry); + MP_SUB_BORROW(r0, a0, r0, 0, carry); + MP_SUB_BORROW(r1, a1, r1, carry, carry); + MP_SUB_BORROW(r2, a2, r2, carry, carry); + MP_SUB_BORROW(r3, a3, r3, carry, carry); + MP_SUB_BORROW(r4, a4, r4, carry, carry); + MP_SUB_BORROW(r5, a5, r5, carry, carry); MP_DIGIT(r, 5) = r5; MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; @@ -595,10 +587,9 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - borrow = 0; - MP_SUB_BORROW(r0, b0, r0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r0, b0, r0, 0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -619,10 +610,9 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - borrow = 0; - MP_ADD_CARRY(b0, r0, r0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b0, r0, r0, 0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow, borrow); #else __asm__ ( "addq %3,%0 \n\t" @@ -685,11 +675,10 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - borrow = 0; - MP_SUB_BORROW(r0, b0, r0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r0, b0, r0, 0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow, borrow); #else __asm__ ( "xorq %4,%4 \n\t" @@ -712,11 +701,10 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - borrow = 0; - MP_ADD_CARRY(b0, r0, r0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow); + MP_ADD_CARRY(b0, r0, r0, 0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow, borrow); #else __asm__ ( "addq %4,%0 \n\t" @@ -783,12 +771,11 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - borrow = 0; - MP_SUB_BORROW(r0, b0, r0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow); + MP_SUB_BORROW(r0, b0, r0, 0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -798,11 +785,10 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - borrow = 0; - MP_ADD_CARRY(b0, r0, r0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow); + MP_ADD_CARRY(b0, r0, r0, 0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow, borrow); } MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -857,13 +843,12 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - borrow = 0; - MP_SUB_BORROW(r0, b0, r0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow); - MP_SUB_BORROW(r5, b5, r5, borrow); + MP_SUB_BORROW(r0, b0, r0, 0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow, borrow); + MP_SUB_BORROW(r5, b5, r5, borrow, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -874,12 +859,11 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - borrow = 0; - MP_ADD_CARRY(b0, r0, r0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow); - MP_ADD_CARRY(b4, r4, r4, borrow); + MP_ADD_CARRY(b0, r0, r0, 0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + MP_ADD_CARRY(b4, r4, r4, borrow, borrow); } MP_CHECKOK(s_mp_pad(r, 6)); diff --git a/security/nss/lib/freebl/ecl/ecl_mult.c b/security/nss/lib/freebl/ecl/ecl_mult.c index 5932828bd13..a99ca82505e 100644 --- a/security/nss/lib/freebl/ecl/ecl_mult.c +++ b/security/nss/lib/freebl/ecl/ecl_mult.c @@ -129,7 +129,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_err res = MP_OKAY; mp_int precomp[4][4][2]; const mp_int *a, *b; - unsigned int i, j; + int i, j; int ai, bi, d; ARGCHK(group != NULL, MP_BADARG); @@ -236,7 +236,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_zero(rx); mp_zero(ry); - for (i = d; i-- > 0;) { + for (i = d - 1; i >= 0; i--) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/security/nss/lib/freebl/ecl/ecp_192.c b/security/nss/lib/freebl/ecl/ecp_192.c index 0bfd95e1dff..70b717a1a1a 100644 --- a/security/nss/lib/freebl/ecl/ecp_192.c +++ b/security/nss/lib/freebl/ecl/ecp_192.c @@ -72,36 +72,34 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0a = MP_DIGIT(a, 0); /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ - carry = 0; - MP_ADD_CARRY(r0a, a3a, r0a, carry); - MP_ADD_CARRY(r0b, a3b, r0b, carry); - MP_ADD_CARRY(r1a, a3a, r1a, carry); - MP_ADD_CARRY(r1b, a3b, r1b, carry); - MP_ADD_CARRY(r2a, a4a, r2a, carry); - MP_ADD_CARRY(r2b, a4b, r2b, carry); + MP_ADD_CARRY(r0a, a3a, r0a, 0, carry); + MP_ADD_CARRY(r0b, a3b, r0b, carry, carry); + MP_ADD_CARRY(r1a, a3a, r1a, carry, carry); + MP_ADD_CARRY(r1b, a3b, r1b, carry, carry); + MP_ADD_CARRY(r2a, a4a, r2a, carry, carry); + MP_ADD_CARRY(r2b, a4b, r2b, carry, carry); r3 = carry; carry = 0; - MP_ADD_CARRY(r0a, a5a, r0a, carry); - MP_ADD_CARRY(r0b, a5b, r0b, carry); - MP_ADD_CARRY(r1a, a5a, r1a, carry); - MP_ADD_CARRY(r1b, a5b, r1b, carry); - MP_ADD_CARRY(r2a, a5a, r2a, carry); - MP_ADD_CARRY(r2b, a5b, r2b, carry); - r3 += carry; carry = 0; - MP_ADD_CARRY(r1a, a4a, r1a, carry); - MP_ADD_CARRY(r1b, a4b, r1b, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry); + MP_ADD_CARRY(r0a, a5a, r0a, 0, carry); + MP_ADD_CARRY(r0b, a5b, r0b, carry, carry); + MP_ADD_CARRY(r1a, a5a, r1a, carry, carry); + MP_ADD_CARRY(r1b, a5b, r1b, carry, carry); + MP_ADD_CARRY(r2a, a5a, r2a, carry, carry); + MP_ADD_CARRY(r2b, a5b, r2b, carry, carry); + r3 += carry; + MP_ADD_CARRY(r1a, a4a, r1a, 0, carry); + MP_ADD_CARRY(r1b, a4b, r1b, carry, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry, carry); r3 += carry; /* reduce out the carry */ while (r3) { - carry = 0; - MP_ADD_CARRY(r0a, r3, r0a, carry); - MP_ADD_CARRY(r0b, 0, r0b, carry); - MP_ADD_CARRY(r1a, r3, r1a, carry); - MP_ADD_CARRY(r1b, 0, r1b, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry); + MP_ADD_CARRY(r0a, r3, r0a, 0, carry); + MP_ADD_CARRY(r0b, 0, r0b, carry, carry); + MP_ADD_CARRY(r1a, r3, r1a, carry, carry); + MP_ADD_CARRY(r1b, 0, r1b, carry, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry, carry); r3 = carry; } @@ -120,12 +118,11 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) if (((r2b == 0xffffffff) && (r2a == 0xffffffff) && (r1b == 0xffffffff) ) && ((r1a == 0xffffffff) || - ((r1a == 0xfffffffe) && (r0a == 0xffffffff) && - (r0b == 0xffffffff))) ) { + (r1a == 0xfffffffe) && (r0a == 0xffffffff) && + (r0b == 0xffffffff)) ) { /* do a quick subtract */ - carry = 0; - MP_ADD_CARRY(r0a, 1, r0a, carry); - MP_ADD_CARRY(r0b, carry, r0a, carry); + MP_ADD_CARRY(r0a, 1, r0a, 0, carry); + MP_ADD_CARRY(r0b, carry, r0a, 0, carry); r1a += 1+carry; r1b = r2a = r2b = 0; } @@ -157,17 +154,16 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ #ifndef MPI_AMD64_ADD - carry = 0; - MP_ADD_CARRY(r0, a3, r0, carry); - MP_ADD_CARRY(r1, a3, r1, carry); - MP_ADD_CARRY(r2, a4, r2, carry); - r3 = carry; carry = 0; - MP_ADD_CARRY(r0, a5, r0, carry); - MP_ADD_CARRY(r1, a5, r1, carry); - MP_ADD_CARRY(r2, a5, r2, carry); - r3 += carry; carry = 0; - MP_ADD_CARRY(r1, a4, r1, carry); - MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r0, a3, r0, 0, carry); + MP_ADD_CARRY(r1, a3, r1, carry, carry); + MP_ADD_CARRY(r2, a4, r2, carry, carry); + r3 = carry; + MP_ADD_CARRY(r0, a5, r0, 0, carry); + MP_ADD_CARRY(r1, a5, r1, carry, carry); + MP_ADD_CARRY(r2, a5, r2, carry, carry); + r3 += carry; + MP_ADD_CARRY(r1, a4, r1, 0, carry); + MP_ADD_CARRY(r2, 0, r2, carry, carry); r3 += carry; #else @@ -199,10 +195,9 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* reduce out the carry */ while (r3) { #ifndef MPI_AMD64_ADD - carry = 0; - MP_ADD_CARRY(r0, r3, r0, carry); - MP_ADD_CARRY(r1, r3, r1, carry); - MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r0, r3, r0, 0, carry); + MP_ADD_CARRY(r1, r3, r1, carry, carry); + MP_ADD_CARRY(r2, 0, r2, carry, carry); r3 = carry; #else a3=r3; @@ -234,8 +229,7 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { /* do a quick subtract */ - carry = 0; - MP_ADD_CARRY(r0, 1, r0, carry); + MP_ADD_CARRY(r0, 1, r0, 0, carry); r1 += 1+carry; r2 = 0; } @@ -286,10 +280,9 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - carry = 0; - MP_ADD_CARRY(a0, r0, r0, carry); - MP_ADD_CARRY(a1, r1, r1, carry); - MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a0, r0, r0, 0, carry); + MP_ADD_CARRY(a1, r1, r1, carry, carry); + MP_ADD_CARRY(a2, r2, r2, carry, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -309,10 +302,9 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { #ifndef MPI_AMD64_ADD - carry = 0; - MP_ADD_CARRY(r0, 1, r0, carry); - MP_ADD_CARRY(r1, 1, r1, carry); - MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r0, 1, r0, 0, carry); + MP_ADD_CARRY(r1, 1, r1, carry, carry); + MP_ADD_CARRY(r2, 0, r2, carry, carry); #else __asm__ ( "addq $1,%0 \n\t" @@ -370,10 +362,9 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - borrow = 0; - MP_SUB_BORROW(r0, b0, r0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r0, b0, r0, 0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -391,10 +382,9 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, * (subtract the 2's complement of the curve field) */ if (borrow) { #ifndef MPI_AMD64_ADD - borrow = 0; - MP_SUB_BORROW(r0, 1, r0, borrow); - MP_SUB_BORROW(r1, 1, r1, borrow); - MP_SUB_BORROW(r2, 0, r2, borrow); + MP_SUB_BORROW(r0, 1, r0, 0, borrow); + MP_SUB_BORROW(r1, 1, r1, borrow, borrow); + MP_SUB_BORROW(r2, 0, r2, borrow, borrow); #else __asm__ ( "subq $1,%0 \n\t" diff --git a/security/nss/lib/freebl/ecl/ecp_224.c b/security/nss/lib/freebl/ecl/ecp_224.c index 142f255d3ae..18779ba1b90 100644 --- a/security/nss/lib/freebl/ecl/ecp_224.c +++ b/security/nss/lib/freebl/ecl/ecp_224.c @@ -22,7 +22,7 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) mp_digit carry; #ifdef ECL_THIRTY_TWO_BIT mp_digit a6a = 0, a6b = 0, - a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3b = 0; + a5a = 0, a5b = 0, a4a = 0, a4b = 0, a3a = 0, a3b = 0; mp_digit r0a, r0b, r1a, r1b, r2a, r2b, r3a; #else mp_digit a6 = 0, a5 = 0, a4 = 0, a3b = 0, a5a = 0; @@ -72,54 +72,52 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - carry = 0; - MP_ADD_CARRY (r1b, a3b, r1b, carry); - MP_ADD_CARRY (r2a, a4a, r2a, carry); - MP_ADD_CARRY (r2b, a4b, r2b, carry); - MP_ADD_CARRY (r3a, a5a, r3a, carry); - r3b = carry; carry = 0; - MP_ADD_CARRY (r1b, a5b, r1b, carry); - MP_ADD_CARRY (r2a, a6a, r2a, carry); - MP_ADD_CARRY (r2b, a6b, r2b, carry); - MP_ADD_CARRY (r3a, 0, r3a, carry); - r3b += carry; carry = 0; - MP_SUB_BORROW(r0a, a3b, r0a, carry); - MP_SUB_BORROW(r0b, a4a, r0b, carry); - MP_SUB_BORROW(r1a, a4b, r1a, carry); - MP_SUB_BORROW(r1b, a5a, r1b, carry); - MP_SUB_BORROW(r2a, a5b, r2a, carry); - MP_SUB_BORROW(r2b, a6a, r2b, carry); - MP_SUB_BORROW(r3a, a6b, r3a, carry); - r3b -= carry; carry = 0; - MP_SUB_BORROW(r0a, a5b, r0a, carry); - MP_SUB_BORROW(r0b, a6a, r0b, carry); - MP_SUB_BORROW(r1a, a6b, r1a, carry); + MP_ADD_CARRY (r1b, a3b, r1b, 0, carry); + MP_ADD_CARRY (r2a, a4a, r2a, carry, carry); + MP_ADD_CARRY (r2b, a4b, r2b, carry, carry); + MP_ADD_CARRY (r3a, a5a, r3a, carry, carry); + r3b = carry; + MP_ADD_CARRY (r1b, a5b, r1b, 0, carry); + MP_ADD_CARRY (r2a, a6a, r2a, carry, carry); + MP_ADD_CARRY (r2b, a6b, r2b, carry, carry); + MP_ADD_CARRY (r3a, 0, r3a, carry, carry); + r3b += carry; + MP_SUB_BORROW(r0a, a3b, r0a, 0, carry); + MP_SUB_BORROW(r0b, a4a, r0b, carry, carry); + MP_SUB_BORROW(r1a, a4b, r1a, carry, carry); + MP_SUB_BORROW(r1b, a5a, r1b, carry, carry); + MP_SUB_BORROW(r2a, a5b, r2a, carry, carry); + MP_SUB_BORROW(r2b, a6a, r2b, carry, carry); + MP_SUB_BORROW(r3a, a6b, r3a, carry, carry); + r3b -= carry; + MP_SUB_BORROW(r0a, a5b, r0a, 0, carry); + MP_SUB_BORROW(r0b, a6a, r0b, carry, carry); + MP_SUB_BORROW(r1a, a6b, r1a, carry, carry); if (carry) { - MP_SUB_BORROW(r1b, 0, r1b, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry, carry); r3b -= carry; } while (r3b > 0) { int tmp; - carry = 0; - MP_ADD_CARRY(r1b, r3b, r1b, carry); + MP_ADD_CARRY(r1b, r3b, r1b, 0, carry); if (carry) { - MP_ADD_CARRY(r2a, 0, r2a, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry); - MP_ADD_CARRY(r3a, 0, r3a, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + MP_ADD_CARRY(r3a, 0, r3a, carry, carry); } - tmp = carry; carry = 0; - MP_SUB_BORROW(r0a, r3b, r0a, carry); + tmp = carry; + MP_SUB_BORROW(r0a, r3b, r0a, 0, carry); if (carry) { - MP_SUB_BORROW(r0b, 0, r0b, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry); - MP_SUB_BORROW(r1b, 0, r1b, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry, carry); tmp -= carry; } r3b = tmp; @@ -127,14 +125,13 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r3b < 0) { mp_digit maxInt = MP_DIGIT_MAX; - carry = 0; - MP_ADD_CARRY (r0a, 1, r0a, carry); - MP_ADD_CARRY (r0b, 0, r0b, carry); - MP_ADD_CARRY (r1a, 0, r1a, carry); - MP_ADD_CARRY (r1b, maxInt, r1b, carry); - MP_ADD_CARRY (r2a, maxInt, r2a, carry); - MP_ADD_CARRY (r2b, maxInt, r2b, carry); - MP_ADD_CARRY (r3a, maxInt, r3a, carry); + MP_ADD_CARRY (r0a, 1, r0a, 0, carry); + MP_ADD_CARRY (r0b, 0, r0b, carry, carry); + MP_ADD_CARRY (r1a, 0, r1a, carry, carry); + MP_ADD_CARRY (r1b, maxInt, r1b, carry, carry); + MP_ADD_CARRY (r2a, maxInt, r2a, carry, carry); + MP_ADD_CARRY (r2b, maxInt, r2b, carry, carry); + MP_ADD_CARRY (r3a, maxInt, r3a, carry, carry); r3b += carry; } /* check for final reduction */ @@ -143,10 +140,9 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) && ((r1a != 0) || (r0b != 0) || (r0a != 0)) ) { /* one last subraction */ - carry = 0; - MP_SUB_BORROW(r0a, 1, r0a, carry); - MP_SUB_BORROW(r0b, 0, r0b, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry); + MP_SUB_BORROW(r0a, 1, r0a, 0, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry, carry); r1b = r2a = r2b = r3a = 0; } @@ -198,26 +194,22 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - carry = 0; - MP_ADD_CARRY (r1, a3b, r1, carry); - MP_ADD_CARRY (r2, a4 , r2, carry); - MP_ADD_CARRY (r3, a5a, r3, carry); - carry = 0; - MP_ADD_CARRY (r1, a5b, r1, carry); - MP_ADD_CARRY (r2, a6 , r2, carry); - MP_ADD_CARRY (r3, 0, r3, carry); + MP_ADD_CARRY (r1, a3b, r1, 0, carry); + MP_ADD_CARRY (r2, a4 , r2, carry, carry); + MP_ADD_CARRY (r3, a5a, r3, carry, carry); + MP_ADD_CARRY (r1, a5b, r1, 0, carry); + MP_ADD_CARRY (r2, a6 , r2, carry, carry); + MP_ADD_CARRY (r3, 0, r3, carry, carry); - carry = 0; - MP_SUB_BORROW(r0, a4a_a3b, r0, carry); - MP_SUB_BORROW(r1, a5a_a4b, r1, carry); - MP_SUB_BORROW(r2, a6a_a5b, r2, carry); - MP_SUB_BORROW(r3, a6b , r3, carry); - carry = 0; - MP_SUB_BORROW(r0, a6a_a5b, r0, carry); - MP_SUB_BORROW(r1, a6b , r1, carry); + MP_SUB_BORROW(r0, a4a_a3b, r0, 0, carry); + MP_SUB_BORROW(r1, a5a_a4b, r1, carry, carry); + MP_SUB_BORROW(r2, a6a_a5b, r2, carry, carry); + MP_SUB_BORROW(r3, a6b , r3, carry, carry); + MP_SUB_BORROW(r0, a6a_a5b, r0, 0, carry); + MP_SUB_BORROW(r1, a6b , r1, carry, carry); if (carry) { - MP_SUB_BORROW(r2, 0, r2, carry); - MP_SUB_BORROW(r3, 0, r3, carry); + MP_SUB_BORROW(r2, 0, r2, carry, carry); + MP_SUB_BORROW(r3, 0, r3, carry, carry); } @@ -226,28 +218,25 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r3b = (int)(r3 >>32); while (r3b > 0) { r3 &= 0xffffffff; - carry = 0; - MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, carry); + MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, 0, carry); if (carry) { - MP_ADD_CARRY(r2, 0, r2, carry); - MP_ADD_CARRY(r3, 0, r3, carry); + MP_ADD_CARRY(r2, 0, r2, carry, carry); + MP_ADD_CARRY(r3, 0, r3, carry, carry); } - carry = 0; - MP_SUB_BORROW(r0, r3b, r0, carry); + MP_SUB_BORROW(r0, r3b, r0, 0, carry); if (carry) { - MP_SUB_BORROW(r1, 0, r1, carry); - MP_SUB_BORROW(r2, 0, r2, carry); - MP_SUB_BORROW(r3, 0, r3, carry); + MP_SUB_BORROW(r1, 0, r1, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry, carry); + MP_SUB_BORROW(r3, 0, r3, carry, carry); } r3b = (int)(r3 >>32); } while (r3b < 0) { - carry = 0; - MP_ADD_CARRY (r0, 1, r0, carry); - MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry); - MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry); - MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry); + MP_ADD_CARRY (r0, 1, r0, 0, carry); + MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry, carry); + MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry, carry); + MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry, carry); r3b = (int)(r3 >>32); } /* check for final reduction */ @@ -258,9 +247,8 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) && ((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) { /* one last subraction */ - carry = 0; - MP_SUB_BORROW(r0, 1, r0, carry); - MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry); + MP_SUB_BORROW(r0, 1, r0, 0, carry); + MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry, carry); r2 = r3 = 0; } diff --git a/security/nss/lib/freebl/ecl/ecp_256.c b/security/nss/lib/freebl/ecl/ecp_256.c index 936ee6ddd38..a834d15d466 100644 --- a/security/nss/lib/freebl/ecl/ecp_256.c +++ b/security/nss/lib/freebl/ecl/ecp_256.c @@ -68,118 +68,115 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r7 = MP_DIGIT(a,7); /* sum 1 */ - carry = 0; - MP_ADD_CARRY(r3, a11, r3, carry); - MP_ADD_CARRY(r4, a12, r4, carry); - MP_ADD_CARRY(r5, a13, r5, carry); - MP_ADD_CARRY(r6, a14, r6, carry); - MP_ADD_CARRY(r7, a15, r7, carry); - r8 = carry; carry = 0; - MP_ADD_CARRY(r3, a11, r3, carry); - MP_ADD_CARRY(r4, a12, r4, carry); - MP_ADD_CARRY(r5, a13, r5, carry); - MP_ADD_CARRY(r6, a14, r6, carry); - MP_ADD_CARRY(r7, a15, r7, carry); - r8 += carry; carry = 0; + MP_ADD_CARRY(r3, a11, r3, 0, carry); + MP_ADD_CARRY(r4, a12, r4, carry, carry); + MP_ADD_CARRY(r5, a13, r5, carry, carry); + MP_ADD_CARRY(r6, a14, r6, carry, carry); + MP_ADD_CARRY(r7, a15, r7, carry, carry); + r8 = carry; + MP_ADD_CARRY(r3, a11, r3, 0, carry); + MP_ADD_CARRY(r4, a12, r4, carry, carry); + MP_ADD_CARRY(r5, a13, r5, carry, carry); + MP_ADD_CARRY(r6, a14, r6, carry, carry); + MP_ADD_CARRY(r7, a15, r7, carry, carry); + r8 += carry; /* sum 2 */ - MP_ADD_CARRY(r3, a12, r3, carry); - MP_ADD_CARRY(r4, a13, r4, carry); - MP_ADD_CARRY(r5, a14, r5, carry); - MP_ADD_CARRY(r6, a15, r6, carry); - MP_ADD_CARRY(r7, 0, r7, carry); - r8 += carry; carry = 0; + MP_ADD_CARRY(r3, a12, r3, 0, carry); + MP_ADD_CARRY(r4, a13, r4, carry, carry); + MP_ADD_CARRY(r5, a14, r5, carry, carry); + MP_ADD_CARRY(r6, a15, r6, carry, carry); + MP_ADD_CARRY(r7, 0, r7, carry, carry); + r8 += carry; /* combine last bottom of sum 3 with second sum 2 */ - MP_ADD_CARRY(r0, a8, r0, carry); - MP_ADD_CARRY(r1, a9, r1, carry); - MP_ADD_CARRY(r2, a10, r2, carry); - MP_ADD_CARRY(r3, a12, r3, carry); - MP_ADD_CARRY(r4, a13, r4, carry); - MP_ADD_CARRY(r5, a14, r5, carry); - MP_ADD_CARRY(r6, a15, r6, carry); - MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */ - r8 += carry; carry = 0; + MP_ADD_CARRY(r0, a8, r0, 0, carry); + MP_ADD_CARRY(r1, a9, r1, carry, carry); + MP_ADD_CARRY(r2, a10, r2, carry, carry); + MP_ADD_CARRY(r3, a12, r3, carry, carry); + MP_ADD_CARRY(r4, a13, r4, carry, carry); + MP_ADD_CARRY(r5, a14, r5, carry, carry); + MP_ADD_CARRY(r6, a15, r6, carry, carry); + MP_ADD_CARRY(r7, a15, r7, carry, carry); /* from sum 3 */ + r8 += carry; /* sum 3 (rest of it)*/ - MP_ADD_CARRY(r6, a14, r6, carry); - MP_ADD_CARRY(r7, 0, r7, carry); - r8 += carry; carry = 0; + MP_ADD_CARRY(r6, a14, r6, 0, carry); + MP_ADD_CARRY(r7, 0, r7, carry, carry); + r8 += carry; /* sum 4 (rest of it)*/ - MP_ADD_CARRY(r0, a9, r0, carry); - MP_ADD_CARRY(r1, a10, r1, carry); - MP_ADD_CARRY(r2, a11, r2, carry); - MP_ADD_CARRY(r3, a13, r3, carry); - MP_ADD_CARRY(r4, a14, r4, carry); - MP_ADD_CARRY(r5, a15, r5, carry); - MP_ADD_CARRY(r6, a13, r6, carry); - MP_ADD_CARRY(r7, a8, r7, carry); - r8 += carry; carry = 0; + MP_ADD_CARRY(r0, a9, r0, 0, carry); + MP_ADD_CARRY(r1, a10, r1, carry, carry); + MP_ADD_CARRY(r2, a11, r2, carry, carry); + MP_ADD_CARRY(r3, a13, r3, carry, carry); + MP_ADD_CARRY(r4, a14, r4, carry, carry); + MP_ADD_CARRY(r5, a15, r5, carry, carry); + MP_ADD_CARRY(r6, a13, r6, carry, carry); + MP_ADD_CARRY(r7, a8, r7, carry, carry); + r8 += carry; /* diff 5 */ - MP_SUB_BORROW(r0, a11, r0, carry); - MP_SUB_BORROW(r1, a12, r1, carry); - MP_SUB_BORROW(r2, a13, r2, carry); - MP_SUB_BORROW(r3, 0, r3, carry); - MP_SUB_BORROW(r4, 0, r4, carry); - MP_SUB_BORROW(r5, 0, r5, carry); - MP_SUB_BORROW(r6, a8, r6, carry); - MP_SUB_BORROW(r7, a10, r7, carry); - r8 -= carry; carry = 0; + MP_SUB_BORROW(r0, a11, r0, 0, carry); + MP_SUB_BORROW(r1, a12, r1, carry, carry); + MP_SUB_BORROW(r2, a13, r2, carry, carry); + MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r4, 0, r4, carry, carry); + MP_SUB_BORROW(r5, 0, r5, carry, carry); + MP_SUB_BORROW(r6, a8, r6, carry, carry); + MP_SUB_BORROW(r7, a10, r7, carry, carry); + r8 -= carry; /* diff 6 */ - MP_SUB_BORROW(r0, a12, r0, carry); - MP_SUB_BORROW(r1, a13, r1, carry); - MP_SUB_BORROW(r2, a14, r2, carry); - MP_SUB_BORROW(r3, a15, r3, carry); - MP_SUB_BORROW(r4, 0, r4, carry); - MP_SUB_BORROW(r5, 0, r5, carry); - MP_SUB_BORROW(r6, a9, r6, carry); - MP_SUB_BORROW(r7, a11, r7, carry); - r8 -= carry; carry = 0; + MP_SUB_BORROW(r0, a12, r0, 0, carry); + MP_SUB_BORROW(r1, a13, r1, carry, carry); + MP_SUB_BORROW(r2, a14, r2, carry, carry); + MP_SUB_BORROW(r3, a15, r3, carry, carry); + MP_SUB_BORROW(r4, 0, r4, carry, carry); + MP_SUB_BORROW(r5, 0, r5, carry, carry); + MP_SUB_BORROW(r6, a9, r6, carry, carry); + MP_SUB_BORROW(r7, a11, r7, carry, carry); + r8 -= carry; /* diff 7 */ - MP_SUB_BORROW(r0, a13, r0, carry); - MP_SUB_BORROW(r1, a14, r1, carry); - MP_SUB_BORROW(r2, a15, r2, carry); - MP_SUB_BORROW(r3, a8, r3, carry); - MP_SUB_BORROW(r4, a9, r4, carry); - MP_SUB_BORROW(r5, a10, r5, carry); - MP_SUB_BORROW(r6, 0, r6, carry); - MP_SUB_BORROW(r7, a12, r7, carry); - r8 -= carry; carry = 0; + MP_SUB_BORROW(r0, a13, r0, 0, carry); + MP_SUB_BORROW(r1, a14, r1, carry, carry); + MP_SUB_BORROW(r2, a15, r2, carry, carry); + MP_SUB_BORROW(r3, a8, r3, carry, carry); + MP_SUB_BORROW(r4, a9, r4, carry, carry); + MP_SUB_BORROW(r5, a10, r5, carry, carry); + MP_SUB_BORROW(r6, 0, r6, carry, carry); + MP_SUB_BORROW(r7, a12, r7, carry, carry); + r8 -= carry; /* diff 8 */ - MP_SUB_BORROW(r0, a14, r0, carry); - MP_SUB_BORROW(r1, a15, r1, carry); - MP_SUB_BORROW(r2, 0, r2, carry); - MP_SUB_BORROW(r3, a9, r3, carry); - MP_SUB_BORROW(r4, a10, r4, carry); - MP_SUB_BORROW(r5, a11, r5, carry); - MP_SUB_BORROW(r6, 0, r6, carry); - MP_SUB_BORROW(r7, a13, r7, carry); + MP_SUB_BORROW(r0, a14, r0, 0, carry); + MP_SUB_BORROW(r1, a15, r1, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry, carry); + MP_SUB_BORROW(r3, a9, r3, carry, carry); + MP_SUB_BORROW(r4, a10, r4, carry, carry); + MP_SUB_BORROW(r5, a11, r5, carry, carry); + MP_SUB_BORROW(r6, 0, r6, carry, carry); + MP_SUB_BORROW(r7, a13, r7, carry, carry); r8 -= carry; /* reduce the overflows */ while (r8 > 0) { - mp_digit r8_d = r8; carry = 0; - carry = 0; - MP_ADD_CARRY(r0, r8_d, r0, carry); - MP_ADD_CARRY(r1, 0, r1, carry); - MP_ADD_CARRY(r2, 0, r2, carry); - MP_ADD_CARRY(r3, 0-r8_d, r3, carry); - MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry); - MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry); - MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry); - MP_ADD_CARRY(r7, (r8_d-1), r7, carry); + mp_digit r8_d = r8; + MP_ADD_CARRY(r0, r8_d, r0, 0, carry); + MP_ADD_CARRY(r1, 0, r1, carry, carry); + MP_ADD_CARRY(r2, 0, r2, carry, carry); + MP_ADD_CARRY(r3, 0-r8_d, r3, carry, carry); + MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry, carry); + MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry, carry); + MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry, carry); + MP_ADD_CARRY(r7, (r8_d-1), r7, carry, carry); r8 = carry; } /* reduce the underflows */ while (r8 < 0) { mp_digit r8_d = -r8; - carry = 0; - MP_SUB_BORROW(r0, r8_d, r0, carry); - MP_SUB_BORROW(r1, 0, r1, carry); - MP_SUB_BORROW(r2, 0, r2, carry); - MP_SUB_BORROW(r3, 0-r8_d, r3, carry); - MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry); - MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry); - MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry); - MP_SUB_BORROW(r7, (r8_d-1), r7, carry); + MP_SUB_BORROW(r0, r8_d, r0, 0, carry); + MP_SUB_BORROW(r1, 0, r1, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry, carry); + MP_SUB_BORROW(r3, 0-r8_d, r3, carry, carry); + MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry, carry); + MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry, carry); + MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry, carry); + MP_SUB_BORROW(r7, (r8_d-1), r7, carry, carry); r8 = 0-carry; } if (a != r) { @@ -232,82 +229,69 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0 = MP_DIGIT(a,0); /* sum 1 */ - carry = 0; - carry = 0; - MP_ADD_CARRY(r1, a5h << 32, r1, carry); - MP_ADD_CARRY(r2, a6, r2, carry); - MP_ADD_CARRY(r3, a7, r3, carry); - r4 = carry; carry = 0; - carry = 0; - MP_ADD_CARRY(r1, a5h << 32, r1, carry); - MP_ADD_CARRY(r2, a6, r2, carry); - MP_ADD_CARRY(r3, a7, r3, carry); - r4 += carry; carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); + MP_ADD_CARRY(r2, a6, r2, carry, carry); + MP_ADD_CARRY(r3, a7, r3, carry, carry); + r4 = carry; + MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); + MP_ADD_CARRY(r2, a6, r2, carry, carry); + MP_ADD_CARRY(r3, a7, r3, carry, carry); + r4 += carry; /* sum 2 */ - carry = 0; - MP_ADD_CARRY(r1, a6l, r1, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry); - MP_ADD_CARRY(r3, a7h, r3, carry); - r4 += carry; carry = 0; - carry = 0; - MP_ADD_CARRY(r1, a6l, r1, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry); - MP_ADD_CARRY(r3, a7h, r3, carry); - r4 += carry; carry = 0; + MP_ADD_CARRY(r1, a6l, r1, 0, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); + MP_ADD_CARRY(r3, a7h, r3, carry, carry); + r4 += carry; + MP_ADD_CARRY(r1, a6l, r1, 0, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); + MP_ADD_CARRY(r3, a7h, r3, carry, carry); + r4 += carry; /* sum 3 */ - carry = 0; - MP_ADD_CARRY(r0, a4, r0, carry); - MP_ADD_CARRY(r1, a5l >> 32, r1, carry); - MP_ADD_CARRY(r2, 0, r2, carry); - MP_ADD_CARRY(r3, a7, r3, carry); - r4 += carry; carry = 0; + MP_ADD_CARRY(r0, a4, r0, 0, carry); + MP_ADD_CARRY(r1, a5l >> 32, r1, carry, carry); + MP_ADD_CARRY(r2, 0, r2, carry, carry); + MP_ADD_CARRY(r3, a7, r3, carry, carry); + r4 += carry; /* sum 4 */ - carry = 0; - MP_ADD_CARRY(r0, a4h | a5l, r0, carry); - MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry); - MP_ADD_CARRY(r2, a7, r2, carry); - MP_ADD_CARRY(r3, a6h | a4l, r3, carry); + MP_ADD_CARRY(r0, a4h | a5l, r0, 0, carry); + MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry, carry); + MP_ADD_CARRY(r2, a7, r2, carry, carry); + MP_ADD_CARRY(r3, a6h | a4l, r3, carry, carry); r4 += carry; /* diff 5 */ - carry = 0; - MP_SUB_BORROW(r0, a5h | a6l, r0, carry); - MP_SUB_BORROW(r1, a6h, r1, carry); - MP_SUB_BORROW(r2, 0, r2, carry); - MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry); + MP_SUB_BORROW(r0, a5h | a6l, r0, 0, carry); + MP_SUB_BORROW(r1, a6h, r1, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry, carry); + MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry, carry); r4 -= carry; /* diff 6 */ - carry = 0; - MP_SUB_BORROW(r0, a6, r0, carry); - MP_SUB_BORROW(r1, a7, r1, carry); - MP_SUB_BORROW(r2, 0, r2, carry); - MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry); + MP_SUB_BORROW(r0, a6, r0, 0, carry); + MP_SUB_BORROW(r1, a7, r1, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry, carry); + MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry, carry); r4 -= carry; /* diff 7 */ - carry = 0; - MP_SUB_BORROW(r0, a6h|a7l, r0, carry); - MP_SUB_BORROW(r1, a7h|a4l, r1, carry); - MP_SUB_BORROW(r2, a4h|a5l, r2, carry); - MP_SUB_BORROW(r3, a6l, r3, carry); + MP_SUB_BORROW(r0, a6h|a7l, r0, 0, carry); + MP_SUB_BORROW(r1, a7h|a4l, r1, carry, carry); + MP_SUB_BORROW(r2, a4h|a5l, r2, carry, carry); + MP_SUB_BORROW(r3, a6l, r3, carry, carry); r4 -= carry; /* diff 8 */ - carry = 0; - MP_SUB_BORROW(r0, a7, r0, carry); - MP_SUB_BORROW(r1, a4h<<32, r1, carry); - MP_SUB_BORROW(r2, a5, r2, carry); - MP_SUB_BORROW(r3, a6h<<32, r3, carry); + MP_SUB_BORROW(r0, a7, r0, 0, carry); + MP_SUB_BORROW(r1, a4h<<32, r1, carry, carry); + MP_SUB_BORROW(r2, a5, r2, carry, carry); + MP_SUB_BORROW(r3, a6h<<32, r3, carry, carry); r4 -= carry; /* reduce the overflows */ while (r4 > 0) { mp_digit r4_long = r4; mp_digit r4l = (r4_long << 32); - carry = 0; - carry = 0; - MP_ADD_CARRY(r0, r4_long, r0, carry); - MP_ADD_CARRY(r1, 0-r4l, r1, carry); - MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry); - MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry); + MP_ADD_CARRY(r0, r4_long, r0, 0, carry); + MP_ADD_CARRY(r1, 0-r4l, r1, carry, carry); + MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry, carry); + MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry, carry); r4 = carry; } @@ -315,11 +299,10 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r4 < 0) { mp_digit r4_long = -r4; mp_digit r4l = (r4_long << 32); - carry = 0; - MP_SUB_BORROW(r0, r4_long, r0, carry); - MP_SUB_BORROW(r1, 0-r4l, r1, carry); - MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry); - MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry); + MP_SUB_BORROW(r0, r4_long, r0, 0, carry); + MP_SUB_BORROW(r1, 0-r4l, r1, carry, carry); + MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry, carry); + MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry, carry); r4 = 0-carry; } diff --git a/security/nss/lib/freebl/ecl/ecp_256_32.c b/security/nss/lib/freebl/ecl/ecp_256_32.c index cd8cd23846d..815cc91a386 100644 --- a/security/nss/lib/freebl/ecl/ecp_256_32.c +++ b/security/nss/lib/freebl/ecl/ecp_256_32.c @@ -1254,12 +1254,12 @@ static void scalar_mult(felem nx, felem ny, felem nz, #define BYTESWAP64(x) OSSwapInt64(x) #else #define BYTESWAP32(x) \ - (((x) >> 24) | (((x) >> 8) & 0xff00) | (((x) & 0xff00) << 8) | ((x) << 24)) + ((x) >> 24 | (x) >> 8 & 0xff00 | ((x) & 0xff00) << 8 | (x) << 24) #define BYTESWAP64(x) \ - (((x) >> 56) | (((x) >> 40) & 0xff00) | \ - (((x) >> 24) & 0xff0000) | (((x) >> 8) & 0xff000000) | \ - (((x) & 0xff000000) << 8) | (((x) & 0xff0000) << 24) | \ - (((x) & 0xff00) << 40) | ((x) << 56)) + ((x) >> 56 | (x) >> 40 & 0xff00 | \ + (x) >> 24 & 0xff0000 | (x) >> 8 & 0xff000000 | \ + ((x) & 0xff000000) << 8 | ((x) & 0xff0000) << 24 | \ + ((x) & 0xff00) << 40 | (x) << 56) #endif #ifdef MP_USE_UINT_DIGIT diff --git a/security/nss/lib/freebl/ecl/ecp_521.c b/security/nss/lib/freebl/ecl/ecp_521.c index f70c2f43926..7eac0f075d4 100644 --- a/security/nss/lib/freebl/ecl/ecp_521.c +++ b/security/nss/lib/freebl/ecl/ecp_521.c @@ -17,7 +17,7 @@ ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth) { mp_err res = MP_OKAY; int a_bits = mpl_significant_bits(a); - unsigned int i; + int i; /* m1, m2 are statically-allocated mp_int of exactly the size we need */ mp_int m1; diff --git a/security/nss/lib/freebl/ecl/ecp_jac.c b/security/nss/lib/freebl/ecl/ecp_jac.c index f174b169240..e31730def0a 100644 --- a/security/nss/lib/freebl/ecl/ecp_jac.c +++ b/security/nss/lib/freebl/ecl/ecp_jac.c @@ -387,7 +387,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_int precomp[4][4][2]; mp_int rz; const mp_int *a, *b; - unsigned int i, j; + int i, j; int ai, bi, d; for (i = 0; i < 4; i++) { @@ -494,7 +494,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, MP_CHECKOK(mp_init(&rz)); MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz)); - for (i = d; i-- > 0;) { + for (i = d - 1; i >= 0; i--) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/security/nss/lib/freebl/ldvector.c b/security/nss/lib/freebl/ldvector.c index 1d9affec234..c6ace187601 100644 --- a/security/nss/lib/freebl/ldvector.c +++ b/security/nss/lib/freebl/ldvector.c @@ -294,9 +294,12 @@ static const struct FREEBLVectorStr vector = const FREEBLVector * FREEBL_GetVector(void) { -#define NSS_VERSION_VARIABLE __nss_freebl_version -#include "verref.h" + extern const char __nss_freebl_version[]; + /* force a reference that won't get optimized away */ + volatile char c; + + c = __nss_freebl_version[0]; #ifdef FREEBL_NO_DEPEND FREEBL_InitStubs(); #endif diff --git a/security/nss/lib/freebl/loader.c b/security/nss/lib/freebl/loader.c index 9105a69002e..5eb50de951b 100644 --- a/security/nss/lib/freebl/loader.c +++ b/security/nss/lib/freebl/loader.c @@ -132,6 +132,7 @@ freebl_LoadDSO( void ) handle = loader_LoadLibrary(name); if (handle) { PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); + PRStatus status; if (address) { FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address; const FREEBLVector * dsoVector = getVector(); @@ -148,14 +149,8 @@ freebl_LoadDSO( void ) } } } -#ifdef DEBUG - { - PRStatus status = PR_UnloadLibrary(blLib); - PORT_Assert(PR_SUCCESS == status); - } -#else - PR_UnloadLibrary(blLib); -#endif + status = PR_UnloadLibrary(handle); + PORT_Assert(PR_SUCCESS == status); } return PR_FAILURE; } @@ -906,12 +901,8 @@ BL_Unload(void) if (blLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { -#ifdef DEBUG PRStatus status = PR_UnloadLibrary(blLib); PORT_Assert(PR_SUCCESS == status); -#else - PR_UnloadLibrary(blLib); -#endif } blLib = NULL; } diff --git a/security/nss/lib/freebl/md5.c b/security/nss/lib/freebl/md5.c index 6ac15b64bb5..1a0916e2db5 100644 --- a/security/nss/lib/freebl/md5.c +++ b/security/nss/lib/freebl/md5.c @@ -259,7 +259,7 @@ MD5_Begin(MD5Context *cx) (i32) #else #define lendian(i32) \ - (tmp = (i32 >> 16) | (i32 << 16), ((tmp & MASK) << 8) | ((tmp >> 8) & MASK)) + (tmp = i32 >> 16 | i32 << 16, (tmp & MASK) << 8 | tmp >> 8 & MASK) #endif #ifndef IS_LITTLE_ENDIAN diff --git a/security/nss/lib/freebl/mpi/mpcpucache.c b/security/nss/lib/freebl/mpi/mpcpucache.c index 925006110d9..9a4a9d30c1e 100644 --- a/security/nss/lib/freebl/mpi/mpcpucache.c +++ b/security/nss/lib/freebl/mpi/mpcpucache.c @@ -3,7 +3,6 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "mpi.h" -#include "prtypes.h" /* * This file implements a single function: s_mpi_getProcessorLineSize(); @@ -620,17 +619,35 @@ unsigned long s_mpi_is_sse2() { unsigned long eax, ebx, ecx, edx; + int manufacturer = MAN_UNKNOWN; + int i; + char string[13]; if (is386() || is486()) { return 0; } freebl_cpuid(0, &eax, &ebx, &ecx, &edx); + /* string holds the CPU's manufacturer ID string - a twelve + * character ASCII string stored in ebx, edx, ecx, and + * the 32-bit extended feature flags are in edx, ecx. + */ + *(int *)string = ebx; + *(int *)&string[4] = (int)edx; + *(int *)&string[8] = (int)ecx; + string[12] = 0; /* has no SSE2 extensions */ if (eax == 0) { return 0; } + for (i=0; i < n_manufacturers; i++) { + if ( strcmp(manMap[i],string) == 0) { + manufacturer = i; + break; + } + } + freebl_cpuid(1,&eax,&ebx,&ecx,&edx); return (edx & SSE2_FLAG) == SSE2_FLAG; } @@ -640,12 +657,11 @@ unsigned long s_mpi_getProcessorLineSize() { unsigned long eax, ebx, ecx, edx; - PRUint32 cpuid[3]; unsigned long cpuidLevel; unsigned long cacheLineSize = 0; int manufacturer = MAN_UNKNOWN; int i; - char string[13]; + char string[65]; #if !defined(AMD_64) if (is386()) { @@ -662,10 +678,9 @@ s_mpi_getProcessorLineSize() * character ASCII string stored in ebx, edx, ecx, and * the 32-bit extended feature flags are in edx, ecx. */ - cpuid[0] = ebx; - cpuid[1] = ecx; - cpuid[2] = edx; - memcpy(string, cpuid, sizeof(cpuid)); + *(int *)string = ebx; + *(int *)&string[4] = (int)edx; + *(int *)&string[8] = (int)ecx; string[12] = 0; manufacturer = MAN_UNKNOWN; diff --git a/security/nss/lib/freebl/mpi/mpi-priv.h b/security/nss/lib/freebl/mpi/mpi-priv.h index 7a0725f468d..e81d0fe0ebf 100644 --- a/security/nss/lib/freebl/mpi/mpi-priv.h +++ b/security/nss/lib/freebl/mpi/mpi-priv.h @@ -254,10 +254,8 @@ mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, mp_digit *quot, mp_digit *rem); /* c += a * b * (MP_RADIX ** offset); */ -/* Callers of this macro should be aware that the return type might vary; - * it should be treated as a void function. */ #define s_mp_mul_d_add_offset(a, b, c, off) \ - s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off) +(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY) typedef struct { mp_int N; /* modulus N */ diff --git a/security/nss/lib/freebl/mpi/mpi.c b/security/nss/lib/freebl/mpi/mpi.c index 84f9b97b63e..2a3719b8836 100644 --- a/security/nss/lib/freebl/mpi/mpi.c +++ b/security/nss/lib/freebl/mpi/mpi.c @@ -1095,7 +1095,7 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c) mp_int s, x; mp_err res; mp_digit d; - unsigned int dig, bit; + int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -1470,7 +1470,7 @@ mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c mp_int s, x, mu; mp_err res; mp_digit d; - unsigned int dig, bit; + int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -2004,7 +2004,7 @@ mp_size mp_trailing_zeros(const mp_int *mp) { mp_digit d; mp_size n = 0; - unsigned int ix; + int ix; if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp)) return n; @@ -2916,7 +2916,8 @@ void s_mp_exch(mp_int *a, mp_int *b) mp_err s_mp_lshd(mp_int *mp, mp_size p) { mp_err res; - unsigned int ix; + mp_size pos; + int ix; if(p == 0) return MP_OKAY; @@ -2927,13 +2928,14 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p) if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY) return res; + pos = USED(mp) - 1; + /* Shift all the significant figures over as needed */ - for (ix = USED(mp) - p; ix-- > 0;) { + for(ix = pos - p; ix >= 0; ix--) DIGIT(mp, ix + p) = DIGIT(mp, ix); - } /* Fill the bottom digits with zeroes */ - for(ix = 0; (mp_size)ix < p; ix++) + for(ix = 0; ix < p; ix++) DIGIT(mp, ix) = 0; return MP_OKAY; @@ -3044,7 +3046,7 @@ void s_mp_div_2(mp_int *mp) mp_err s_mp_mul_2(mp_int *mp) { mp_digit *pd; - unsigned int ix, used; + int ix, used; mp_digit kin = 0; /* Shift digits leftward by 1 bit */ @@ -4190,7 +4192,6 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ MP_SIGN(rem) = ZPOS; MP_SIGN(div) = ZPOS; - MP_SIGN(&part) = ZPOS; /* A working temporary for division */ MP_CHECKOK( mp_init_size(&t, MP_ALLOC(rem))); @@ -4198,6 +4199,8 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ /* Normalize to optimize guessing */ MP_CHECKOK( s_mp_norm(rem, div, &d) ); + part = *rem; + /* Perform the division itself...woo! */ MP_USED(quot) = MP_ALLOC(quot); @@ -4206,15 +4209,11 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ while (MP_USED(rem) > MP_USED(div) || s_mp_cmp(rem, div) >= 0) { int i; int unusedRem; - int partExtended = 0; /* set to true if we need to extend part */ unusedRem = MP_USED(rem) - MP_USED(div); MP_DIGITS(&part) = MP_DIGITS(rem) + unusedRem; MP_ALLOC(&part) = MP_ALLOC(rem) - unusedRem; MP_USED(&part) = MP_USED(div); - - /* We have now truncated the part of the remainder to the same length as - * the divisor. If part is smaller than div, extend part by one digit. */ if (s_mp_cmp(&part, div) < 0) { -- unusedRem; #if MP_ARGCHK == 2 @@ -4223,34 +4222,26 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */ -- MP_DIGITS(&part); ++ MP_USED(&part); ++ MP_ALLOC(&part); - partExtended = 1; } /* Compute a guess for the next quotient digit */ q_msd = MP_DIGIT(&part, MP_USED(&part) - 1); div_msd = MP_DIGIT(div, MP_USED(div) - 1); - if (!partExtended) { - /* In this case, q_msd /= div_msd is always 1. First, since div_msd is - * normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since - * we didn't extend part, q_msd >= div_msd. Therefore we know that - * div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we - * get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */ + if (q_msd >= div_msd) { q_msd = 1; - } else { + } else if (MP_USED(&part) > 1) { #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD) q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2); q_msd /= div_msd; if (q_msd == RADIX) --q_msd; #else - if (q_msd == div_msd) { - q_msd = MP_DIGIT_MAX; - } else { - mp_digit r; - MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), - div_msd, &q_msd, &r) ); - } + mp_digit r; + MP_CHECKOK( s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2), + div_msd, &q_msd, &r) ); #endif + } else { + q_msd = 0; } #if MP_ARGCHK == 2 assert(q_msd > 0); /* This case should never occur any more. */ @@ -4681,10 +4672,10 @@ mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len) /* }}} */ /* {{{ mp_unsigned_octet_size(mp) */ -unsigned int +int mp_unsigned_octet_size(const mp_int *mp) { - unsigned int bytes; + int bytes; int ix; mp_digit d = 0; @@ -4721,12 +4712,12 @@ mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - unsigned int bytes; + int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= maxlen, MP_BADARG); + ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4753,12 +4744,12 @@ mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - unsigned int bytes; + int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= maxlen, MP_BADARG); + ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4793,12 +4784,12 @@ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) { int ix, pos = 0; - unsigned int bytes; + int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes <= length, MP_BADARG); + ARGCHK(bytes >= 0 && bytes <= length, MP_BADARG); /* place any needed leading zeros */ for (;length > bytes; --length) { diff --git a/security/nss/lib/freebl/mpi/mpi.h b/security/nss/lib/freebl/mpi/mpi.h index b1b45d25725..a556c17e93b 100644 --- a/security/nss/lib/freebl/mpi/mpi.h +++ b/security/nss/lib/freebl/mpi/mpi.h @@ -258,7 +258,7 @@ const char *mp_strerror(mp_err ec); /* Octet string conversion functions */ mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len); -unsigned int mp_unsigned_octet_size(const mp_int *mp); +int mp_unsigned_octet_size(const mp_int *mp); mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len); diff --git a/security/nss/lib/freebl/mpi/mplogic.c b/security/nss/lib/freebl/mpi/mplogic.c index df0aad0e1d0..dbec7acfca4 100644 --- a/security/nss/lib/freebl/mpi/mplogic.c +++ b/security/nss/lib/freebl/mpi/mplogic.c @@ -403,9 +403,9 @@ mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits) returns number of significnant bits in abs(a). returns 1 if value is zero. */ -mp_size mpl_significant_bits(const mp_int *a) +mp_err mpl_significant_bits(const mp_int *a) { - mp_size bits = 0; + mp_err bits = 0; int ix; ARGCHK(a != NULL, MP_BADARG); diff --git a/security/nss/lib/freebl/mpi/mplogic.h b/security/nss/lib/freebl/mpi/mplogic.h index e05374a8212..f45fe36650a 100644 --- a/security/nss/lib/freebl/mpi/mplogic.h +++ b/security/nss/lib/freebl/mpi/mplogic.h @@ -47,6 +47,6 @@ mp_err mpl_parity(mp_int *a); /* determine parity */ mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value); mp_err mpl_get_bit(const mp_int *a, mp_size bitNum); mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits); -mp_size mpl_significant_bits(const mp_int *a); +mp_err mpl_significant_bits(const mp_int *a); #endif /* end _H_MPLOGIC_ */ diff --git a/security/nss/lib/freebl/mpi/mpmontg.c b/security/nss/lib/freebl/mpi/mpmontg.c index 9667755d034..d619360aa09 100644 --- a/security/nss/lib/freebl/mpi/mpmontg.c +++ b/security/nss/lib/freebl/mpi/mpmontg.c @@ -47,7 +47,7 @@ mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm) for (i = 0; i < MP_USED(&mmm->N); ++i ) { mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime; /* T += N * m_i * (MP_RADIX ** i); */ - s_mp_mul_d_add_offset(&mmm->N, m_i, T, i); + MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) ); } s_mp_clamp(T); diff --git a/security/nss/lib/freebl/mpi/mpprime.c b/security/nss/lib/freebl/mpi/mpprime.c index 9b97fb2063d..f0baf9d2a53 100644 --- a/security/nss/lib/freebl/mpi/mpprime.c +++ b/security/nss/lib/freebl/mpi/mpprime.c @@ -394,7 +394,7 @@ mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, { mp_digit np; mp_err res; - unsigned int i = 0; + int i = 0; mp_int trial; mp_int q; mp_size num_tests; diff --git a/security/nss/lib/freebl/nsslowhash.c b/security/nss/lib/freebl/nsslowhash.c index a9ab5b73856..e6a634aef9f 100644 --- a/security/nss/lib/freebl/nsslowhash.c +++ b/security/nss/lib/freebl/nsslowhash.c @@ -285,9 +285,14 @@ static NSSLOWInitContext dummyContext = { 0 }; NSSLOWInitContext * NSSLOW_Init(void) { + SECStatus rv; CK_RV crv; #ifdef FREEBL_NO_DEPEND - (void)FREEBL_InitStubs(); + PRBool nsprAvailable = PR_FALSE; + + + rv = FREEBL_InitStubs(); + nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE; #endif if (post_failed) { diff --git a/security/nss/lib/freebl/nsslowhash.h b/security/nss/lib/freebl/nsslowhash.h index bfce42be244..bbd537b5c4c 100644 --- a/security/nss/lib/freebl/nsslowhash.h +++ b/security/nss/lib/freebl/nsslowhash.h @@ -8,9 +8,6 @@ * Also NOTE: this only works with Hashing. Only the FIPS interface is enabled. */ -#ifndef _NSSLOWHASH_H_ -#define _NSSLOWHASH_H_ - typedef struct NSSLOWInitContextStr NSSLOWInitContext; typedef struct NSSLOWHASHContextStr NSSLOWHASHContext; @@ -29,5 +26,3 @@ void NSSLOWHASH_End(NSSLOWHASHContext *context, unsigned int *ret, unsigned int len); void NSSLOWHASH_Destroy(NSSLOWHASHContext *context); unsigned int NSSLOWHASH_Length(NSSLOWHASHContext *context); - -#endif diff --git a/security/nss/lib/freebl/pqg.c b/security/nss/lib/freebl/pqg.c index fd1351ed233..56cdd20cc70 100644 --- a/security/nss/lib/freebl/pqg.c +++ b/security/nss/lib/freebl/pqg.c @@ -494,7 +494,7 @@ makePrimefromPrimesShaweTaylor( mp_int * q, /* sub prime, can be 1 */ mp_int * prime, /* output. */ SECItem * prime_seed, /* input/output. */ - unsigned int *prime_gen_counter) /* input/output. */ + int * prime_gen_counter) /* input/output. */ { mp_int c; mp_int c0_2; @@ -727,7 +727,7 @@ makePrimefromSeedShaweTaylor( const SECItem * input_seed, /* input. */ mp_int * prime, /* output. */ SECItem * prime_seed, /* output. */ - unsigned int *prime_gen_counter) /* output. */ + int * prime_gen_counter) /* output. */ { mp_int c; mp_int c0; @@ -882,7 +882,7 @@ findQfromSeed( const SECItem * seed, /* input. */ mp_int * Q, /* input. */ mp_int * Q_, /* output. */ - unsigned int *qseed_len, /* output */ + int * qseed_len, /* output */ HASH_HashType *hashtypePtr, /* output. Hash uses */ pqgGenType *typePtr) /* output. Generation Type used */ { @@ -937,7 +937,7 @@ const SECItem * seed, /* input. */ firstseed.len = seed->len/3; for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL; hashtype=getNextHash(hashtype)) { - unsigned int count; + int count; rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_, &qseed, &count); @@ -1143,7 +1143,7 @@ makeGfromIndex(HASH_HashType hashtype, unsigned int len; mp_err err = MP_OKAY; SECStatus rv = SECSuccess; - const SECHashObject *hashobj = NULL; + const SECHashObject *hashobj; void *hashcx = NULL; MP_DIGITS(&e) = 0; @@ -1229,6 +1229,7 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy) { unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ + unsigned int b; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/ unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ @@ -1308,7 +1309,8 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */ n = (L - 1) / outlen; - /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */ + /* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */ + b = (L - 1) % outlen; seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */ step_5: /* ****************************************************************** @@ -1346,7 +1348,7 @@ step_5: CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) ); } else { /* FIPS186_3_ST_TYPE */ - unsigned int qgen_counter, pgen_counter; + int qgen_counter, pgen_counter; /* Step 1 (L,N) already checked for acceptability */ @@ -1587,7 +1589,7 @@ PQG_VerifyParams(const PQGParams *params, mp_err err = MP_OKAY; int j; unsigned int counter_max = 0; /* handle legacy L < 1024 */ - unsigned int qseed_len; + int qseed_len; SECItem pseed_ = {0, 0, 0}; HASH_HashType hashtype; pqgGenType type; @@ -1680,8 +1682,8 @@ PQG_VerifyParams(const PQGParams *params, if (type == FIPS186_3_ST_TYPE) { SECItem qseed = { 0, 0, 0 }; SECItem pseed = { 0, 0, 0 }; - unsigned int first_seed_len; - unsigned int pgen_counter = 0; + int first_seed_len; + int pgen_counter = 0; /* extract pseed and qseed from domain_parameter_seed, which is * first_seed || pseed || qseed. qseed is first_seed + small_integer diff --git a/security/nss/lib/freebl/rsa.c b/security/nss/lib/freebl/rsa.c index f885acc4433..498cc96bc5a 100644 --- a/security/nss/lib/freebl/rsa.c +++ b/security/nss/lib/freebl/rsa.c @@ -248,7 +248,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) PLArenaPool *arena = NULL; /* Require key size to be a multiple of 16 bits. */ if (!publicExponent || keySizeInBits % 16 != 0 || - BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits/8, publicExponent->len)) { + BAD_RSA_KEY_SIZE(keySizeInBits/8, publicExponent->len)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } diff --git a/security/nss/lib/freebl/sha512.c b/security/nss/lib/freebl/sha512.c index fb7ce597402..0e6baa87f28 100644 --- a/security/nss/lib/freebl/sha512.c +++ b/security/nss/lib/freebl/sha512.c @@ -67,11 +67,11 @@ static const PRUint32 H256[8] = { 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }; -#if defined(IS_LITTLE_ENDIAN) #if (_MSC_VER >= 1300) #include #pragma intrinsic(_byteswap_ulong) #define SHA_HTONL(x) _byteswap_ulong(x) +#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(_MSC_VER) && defined(NSS_X86_OR_X64) #ifndef FORCEINLINE #if (_MSC_VER >= 1200) @@ -92,6 +92,7 @@ swap4b(PRUint32 dwd) } #define SHA_HTONL(x) swap4b(x) +#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(__GNUC__) && defined(NSS_X86_OR_X64) static __inline__ PRUint32 swap4b(PRUint32 value) @@ -100,6 +101,7 @@ static __inline__ PRUint32 swap4b(PRUint32 value) return (value); } #define SHA_HTONL(x) swap4b(x) +#define BYTESWAP4(x) x = SHA_HTONL(x) #elif defined(__GNUC__) && (defined(__thumb2__) || \ (!defined(__thumb__) && \ @@ -119,18 +121,14 @@ static __inline__ PRUint32 swap4b(PRUint32 value) return ret; } #define SHA_HTONL(x) swap4b(x) +#define BYTESWAP4(x) x = SHA_HTONL(x) #else #define SWAP4MASK 0x00FF00FF -static PRUint32 swap4b(PRUint32 value) -{ - PRUint32 t1 = (value << 16) | (value >> 16); - return ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK); -} -#define SHA_HTONL(x) swap4b +#define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \ + ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK)) +#define BYTESWAP4(x) x = SHA_HTONL(x) #endif -#define BYTESWAP4(x) x = SHA_HTONL(x) -#endif /* defined(IS_LITTLE_ENDIAN) */ #if defined(_MSC_VER) #pragma intrinsic (_lrotr, _lrotl) @@ -144,8 +142,8 @@ static PRUint32 swap4b(PRUint32 value) /* Capitol Sigma and lower case sigma functions */ #define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22)) #define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25)) -#define s0(x) (ROTR32(x, 7) ^ ROTR32(x,18) ^ SHR(x, 3)) -#define s1(x) (ROTR32(x,17) ^ ROTR32(x,19) ^ SHR(x,10)) +#define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3)) +#define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10)) SHA256Context * SHA256_NewContext(void) @@ -174,6 +172,8 @@ static void SHA256_Compress(SHA256Context *ctx) { { + register PRUint32 t1, t2; + #if defined(IS_LITTLE_ENDIAN) BYTESWAP4(W[0]); BYTESWAP4(W[1]); @@ -426,6 +426,9 @@ SHA256_End(SHA256Context *ctx, unsigned char *digest, unsigned int inBuf = ctx->sizeLo & 0x3f; unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf); PRUint32 hi, lo; +#ifdef SWAP4MASK + PRUint32 t1; +#endif hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29); lo = (ctx->sizeLo << 3); @@ -464,6 +467,9 @@ SHA256_EndRaw(SHA256Context *ctx, unsigned char *digest, { PRUint32 h[8]; unsigned int len; +#ifdef SWAP4MASK + PRUint32 t1; +#endif memcpy(h, ctx->h, sizeof(h)); @@ -648,8 +654,8 @@ void SHA224_Clone(SHA224Context *dest, SHA224Context *src) #define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39)) #define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41)) -#define s0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SHR(x,7)) -#define s1(x) (ROTR64(x,19) ^ ROTR64(x,61) ^ SHR(x,6)) +#define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7)) +#define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6)) #if PR_BYTES_PER_LONG == 8 #define ULLC(hi,lo) 0x ## hi ## lo ## UL @@ -659,7 +665,6 @@ void SHA224_Clone(SHA224Context *dest, SHA224Context *src) #define ULLC(hi,lo) 0x ## hi ## lo ## ULL #endif -#if defined(IS_LITTLE_ENDIAN) #if defined(_MSC_VER) #pragma intrinsic(_byteswap_uint64) #define SHA_HTONLL(x) _byteswap_uint64(x) @@ -675,30 +680,25 @@ static __inline__ PRUint64 swap8b(PRUint64 value) #else #define SHA_MASK16 ULLC(0000FFFF,0000FFFF) #define SHA_MASK8 ULLC(00FF00FF,00FF00FF) -static PRUint64 swap8b(PRUint64 x) -{ - PRUint64 t1 = x; - t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ); - t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16); - return (t1 >> 32) | (t1 << 32); -} -#define SHA_HTONLL(x) swap8b(x) +#define SHA_HTONLL(x) (t1 = x, \ + t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \ + t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \ + (t1 >> 32) | (t1 << 32)) #endif #define BYTESWAP8(x) x = SHA_HTONLL(x) -#endif /* defined(IS_LITTLE_ENDIAN) */ #else /* no long long */ #if defined(IS_LITTLE_ENDIAN) #define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U } -#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \ - x.hi ^= x.lo ^= x.hi ^= x.lo, x) -#define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \ - tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0) #else #define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U } #endif +#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \ + x.hi ^= x.lo ^= x.hi ^= x.lo, x) +#define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \ + tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0) #endif /* SHA-384 and SHA-512 constants, K512. */ @@ -927,6 +927,11 @@ SHA512_Compress(SHA512Context *ctx) { #if defined(IS_LITTLE_ENDIAN) { +#if defined(HAVE_LONG_LONG) + PRUint64 t1; +#else + PRUint32 t1; +#endif BYTESWAP8(W[0]); BYTESWAP8(W[1]); BYTESWAP8(W[2]); @@ -947,6 +952,7 @@ SHA512_Compress(SHA512Context *ctx) #endif { + PRUint64 t1, t2; #ifdef NOUNROLL512 { /* prepare the "message schedule" */ @@ -1217,8 +1223,10 @@ SHA512_End(SHA512Context *ctx, unsigned char *digest, { #if defined(HAVE_LONG_LONG) unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f; + PRUint64 t1; #else unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f; + PRUint32 t1; #endif unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); PRUint64 lo; @@ -1260,6 +1268,11 @@ void SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen) { +#if defined(HAVE_LONG_LONG) + PRUint64 t1; +#else + PRUint32 t1; +#endif PRUint64 h[8]; unsigned int len; diff --git a/security/nss/lib/freebl/sha_fast.c b/security/nss/lib/freebl/sha_fast.c index 290194953cf..b826cf93ac5 100644 --- a/security/nss/lib/freebl/sha_fast.c +++ b/security/nss/lib/freebl/sha_fast.c @@ -148,6 +148,7 @@ SHA1_End(SHA1Context *ctx, unsigned char *hashout, { register PRUint64 size; register PRUint32 lenB; + PRUint32 tmpbuf[5]; static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -187,6 +188,7 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout, #if defined(SHA_NEED_TMP_VARIABLE) register PRUint32 tmp; #endif + PRUint32 tmpbuf[5]; PORT_Assert (maxDigestLen >= SHA1_LENGTH); SHA_STORE_RESULT; diff --git a/security/nss/lib/freebl/sha_fast.h b/security/nss/lib/freebl/sha_fast.h index 256e1900d0e..9d47aba42ea 100644 --- a/security/nss/lib/freebl/sha_fast.h +++ b/security/nss/lib/freebl/sha_fast.h @@ -147,7 +147,6 @@ static __inline__ PRUint32 swap4b(PRUint32 value) SHA_STORE(3); \ SHA_STORE(4); \ } else { \ - PRUint32 tmpbuf[5]; \ tmpbuf[0] = SHA_HTONL(ctx->H[0]); \ tmpbuf[1] = SHA_HTONL(ctx->H[1]); \ tmpbuf[2] = SHA_HTONL(ctx->H[2]); \ diff --git a/security/nss/lib/freebl/stubs.c b/security/nss/lib/freebl/stubs.c index 993d01e18ef..1de9b497196 100644 --- a/security/nss/lib/freebl/stubs.c +++ b/security/nss/lib/freebl/stubs.c @@ -324,7 +324,7 @@ extern PROffset32 PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence) { int *lfd; - int lwhence = SEEK_SET; + int lwhence = SEEK_SET;; STUB_SAFE_CALL3(PR_Seek, fd, offset, whence); lfd = (int *)fd; switch (whence) { @@ -334,8 +334,6 @@ PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence) case PR_SEEK_END: lwhence = SEEK_END; break; - case PR_SEEK_SET: - break; } return lseek(*lfd, offset, lwhence); diff --git a/security/nss/lib/jar/jarfile.c b/security/nss/lib/jar/jarfile.c index 96da4d79340..a604f19cdb1 100644 --- a/security/nss/lib/jar/jarfile.c +++ b/security/nss/lib/jar/jarfile.c @@ -36,12 +36,11 @@ jar_inflate_memory(unsigned int method, long *length, long expected_out_len, char **data); static int -jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, - unsigned long length); +jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length); static int -jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, - unsigned long length, unsigned int method); +jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, + unsigned int method); static int jar_verify_extract(JAR *jar, char *path, char *physical_path); @@ -75,10 +74,6 @@ static int dostime(char *time, const char *s); #ifdef NSS_X86_OR_X64 -/* The following macros throw up warnings. */ -#if defined(__GNUC__) && !defined(NSS_NO_GCC48) -#pragma GCC diagnostic ignored "-Wstrict-aliasing" -#endif #define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii))) #define x86LongToUint32(ii) (*(const PRUint32 *)(ii)) #else @@ -246,8 +241,7 @@ JAR_extract(JAR *jar, char *path, char *outpath) #define CHUNK 32768 static int -jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, - unsigned long length) +jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) { JAR_FILE out; char *buffer = (char *)PORT_ZAlloc(CHUNK); @@ -257,7 +251,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, return JAR_ERR_MEMORY; if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - unsigned long at = 0; + long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { @@ -295,7 +289,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, #define OCHUNK 32768 static int -jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned long length, +jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, unsigned int method) { char *inbuf, *outbuf; @@ -321,11 +315,11 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned } if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - unsigned long at = 0; + long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { - unsigned long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; + long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; unsigned long tin; if (JAR_FREAD (fp, inbuf, chunk) != chunk) { @@ -359,7 +353,7 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned return JAR_ERR_CORRUPT; } ochunk = zs.total_out - prev_total; - if (JAR_FWRITE (out, outbuf, ochunk) < (long)ochunk) { + if (JAR_FWRITE (out, outbuf, ochunk) < ochunk) { /* most likely a disk full error */ status = JAR_ERR_DISK; break; @@ -826,7 +820,8 @@ jar_listtar(JAR *jar, JAR_FILE fp) char *s; JAR_Physical *phy; long pos = 0L; - long sz; + long sz, mode; + time_t when; union TarEntry tarball; while (1) { @@ -838,7 +833,9 @@ jar_listtar(JAR *jar, JAR_FILE fp) if (!*tarball.val.filename) break; + when = octalToLong (tarball.val.time); sz = octalToLong (tarball.val.size); + mode = octalToLong (tarball.val.mode); /* Tag the end of filename */ s = tarball.val.filename; diff --git a/security/nss/lib/jar/jarsign.c b/security/nss/lib/jar/jarsign.c index 9beaa3bfbcb..9d05d9b5b8d 100644 --- a/security/nss/lib/jar/jarsign.c +++ b/security/nss/lib/jar/jarsign.c @@ -49,15 +49,8 @@ JAR_calculate_digest(void *data, long length) return NULL; } - md5 = PK11_CreateDigestContext(SEC_OID_MD5); - if (md5 == NULL) { - return NULL; - } + md5 = PK11_CreateDigestContext(SEC_OID_MD5); sha1 = PK11_CreateDigestContext(SEC_OID_SHA1); - if (sha1 == NULL) { - PK11_DestroyContext(md5, PR_TRUE); - return NULL; - } if (length >= 0) { PK11_DigestBegin (md5); @@ -114,12 +107,6 @@ JAR_digest_file (char *filename, JAR_Digest *dig) sha1 = PK11_CreateDigestContext (SEC_OID_SHA1); if (md5 == NULL || sha1 == NULL) { - if (md5) { - PK11_DestroyContext(md5, PR_TRUE); - } - if (sha1) { - PK11_DestroyContext(sha1, PR_TRUE); - } /* can't generate digest contexts */ PORT_Free (buf); JAR_FCLOSE (fp); @@ -184,6 +171,7 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, { SEC_PKCS7ContentInfo *cinfo; const SECHashObject *hashObj; + char *errstring; void *mw = NULL; void *hashcx; unsigned int len; @@ -243,6 +231,7 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, status = PORT_GetError(); SEC_PKCS7DestroyContentInfo (cinfo); if (rv != SECSuccess) { + errstring = JAR_get_error (status); return ((status < 0) ? status : JAR_ERR_GENERAL); } return 0; diff --git a/security/nss/lib/libpkix/include/pkix_certstore.h b/security/nss/lib/libpkix/include/pkix_certstore.h index fb705644ebc..2feb3334d93 100755 --- a/security/nss/lib/libpkix/include/pkix_certstore.h +++ b/security/nss/lib/libpkix/include/pkix_certstore.h @@ -10,7 +10,6 @@ #define _PKIX_CERTSTORE_H #include "pkixt.h" -#include "certt.h" #ifdef __cplusplus extern "C" { @@ -328,7 +327,7 @@ typedef PKIX_Error * PKIX_PL_Cert *issuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - CERTCRLEntryReasonCode *reasonCode, + PKIX_UInt32 *reasonCode, PKIX_RevocationStatus *revStatus, void *plContext); diff --git a/security/nss/lib/libpkix/include/pkix_revchecker.h b/security/nss/lib/libpkix/include/pkix_revchecker.h index a16d23a9333..18a10cd2369 100755 --- a/security/nss/lib/libpkix/include/pkix_revchecker.h +++ b/security/nss/lib/libpkix/include/pkix_revchecker.h @@ -65,10 +65,12 @@ extern "C" { * FUNCTION: PKIX_RevocationChecker_Create * DESCRIPTION: * - * Creates a revocation checker object with the given flags. Revocation will - * be checked at the current date. + * Creates revocation checker object with a given flags. * * PARAMETERS: + * "revDate" + * Revocation will be checked at this date. Current date is taken if the + * parameter is not specified. * "leafMethodListFlags" * Defines a set of method independent flags that will be used to check * revocation of the leaf cert in the chain. diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c index d6f5b6bcc8a..c77ac8ef12f 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c @@ -195,7 +195,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *pReasonCode, + PKIX_UInt32 *pReasonCode, void *plContext) { PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn; @@ -294,7 +294,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *pReasonCode, + PKIX_UInt32 *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h index 35f1a474556..d7213aadbdc 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.h @@ -31,7 +31,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *reasonCode, + PKIX_UInt32 *reasonCode, void *plContext); PKIX_Error * @@ -43,7 +43,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *reasonCode, + PKIX_UInt32 *reasonCode, void **pNBIOContext, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c index b6fca9a3547..481aa52b528 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.c @@ -147,7 +147,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *pReasonCode, + PKIX_UInt32 *pReasonCode, void *plContext) { PKIX_PL_OcspCertID *cid = NULL; @@ -222,7 +222,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *pReasonCode, + PKIX_UInt32 *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h index fbec315f963..547b403b424 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_ocspchecker.h @@ -30,7 +30,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *reasonCode, + PKIX_UInt32 *reasonCode, void *plContext); PKIX_Error * @@ -42,7 +42,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *reasonCode, + PKIX_UInt32 *reasonCode, void **pNBIOContext, void *plContext); diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c index 7bed9b88601..ebe37739fa5 100755 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.c @@ -349,7 +349,7 @@ PKIX_RevocationChecker_Check( * first we are going to test all local(cached) info * second, all remote info(fetching) */ for (tries = 0;tries < 2;tries++) { - unsigned int methodNum = 0; + int methodNum = 0; for (;methodNum < revList->length;methodNum++) { PKIX_UInt32 methodFlags = 0; @@ -372,8 +372,7 @@ PKIX_RevocationChecker_Check( methodFlags, chainVerificationState, &revStatus, - (CERTCRLEntryReasonCode *)pReasonCode, - plContext), + pReasonCode, plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; if (revStatus == PKIX_RevStatus_Revoked) { @@ -398,8 +397,7 @@ PKIX_RevocationChecker_Check( (*method->externalRevChecker)(cert, issuer, date, method, procParams, methodFlags, - &revStatus, - (CERTCRLEntryReasonCode *)pReasonCode, + &revStatus, pReasonCode, &nbioContext, plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h index 20dfe37787d..80d9eeaa202 100755 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationchecker.h @@ -12,7 +12,6 @@ #define _PKIX_REVOCATIONCHECKER_H #include "pkixt.h" -#include "certt.h" #ifdef __cplusplus extern "C" { diff --git a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h index a97c7620ae3..193223731ba 100644 --- a/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h +++ b/security/nss/lib/libpkix/pkix/checker/pkix_revocationmethod.h @@ -31,7 +31,7 @@ pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *reasonCode, + PKIX_UInt32 *reasonCode, void *plContext); /* External revocation check function prototype definition. @@ -44,7 +44,7 @@ pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - CERTCRLEntryReasonCode *reasonCode, + PKIX_UInt32 *reasonCode, void **pNBIOContext, void *plContext); /* Revocation method structure assosiates revocation types with diff --git a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c index e9a9c03dfdc..9967af9b8f8 100755 --- a/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c +++ b/security/nss/lib/libpkix/pkix/crlsel/pkix_crlselector.c @@ -190,7 +190,7 @@ pkix_CRLSelector_Hashcode( PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) + + hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + (contextHash << 3)) + paramsHash; *pHashcode = hash; diff --git a/security/nss/lib/libpkix/pkix/results/pkix_policynode.c b/security/nss/lib/libpkix/pkix/results/pkix_policynode.c index fd8cee982b7..91d8a74b66a 100755 --- a/security/nss/lib/libpkix/pkix/results/pkix_policynode.c +++ b/security/nss/lib/libpkix/pkix/results/pkix_policynode.c @@ -824,7 +824,7 @@ pkix_PolicyNode_Hashcode( (node, &nodeHash, plContext), PKIX_SINGLEPOLICYNODEHASHCODEFAILED); - nodeHash = 31*nodeHash + (PKIX_UInt32)((char *)node->parent - (char *)NULL); + nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent); PKIX_HASHCODE (node->children, diff --git a/security/nss/lib/libpkix/pkix/store/pkix_store.c b/security/nss/lib/libpkix/pkix/store/pkix_store.c index af8be2bb2cc..31c21ea1609 100755 --- a/security/nss/lib/libpkix/pkix/store/pkix_store.c +++ b/security/nss/lib/libpkix/pkix/store/pkix_store.c @@ -74,11 +74,11 @@ pkix_CertStore_Hashcode( PKIX_CERTSTOREHASHCODEFAILED); } - *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) + - (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) + - (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) + - (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) + - (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) + + *pHashcode = (PKIX_UInt32) certStore->certCallback + + (PKIX_UInt32) certStore->crlCallback + + (PKIX_UInt32) certStore->certContinue + + (PKIX_UInt32) certStore->crlContinue + + (PKIX_UInt32) certStore->trustCallback + (tempHash << 7); cleanup: diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index 94515785b49..9ca307e43fb 100755 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -1526,7 +1526,7 @@ pkix_Build_SelectCertsFromTrustAnchors( PKIX_List **pMatchList, void *plContext) { - unsigned int anchorIndex = 0; + int anchorIndex = 0; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_List *matchList = NULL; diff --git a/security/nss/lib/libpkix/pkix/util/pkix_error.c b/security/nss/lib/libpkix/pkix/util/pkix_error.c index 9d730ca1610..e6fba866a90 100755 --- a/security/nss/lib/libpkix/pkix/util/pkix_error.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_error.c @@ -325,7 +325,7 @@ pkix_Error_Hashcode( /* XXX Unimplemented */ /* XXX Need to make hashcodes equal when two errors are equal */ - *pResult = (PKIX_UInt32)((char *)object - (char *)NULL); + *pResult = (PKIX_UInt32)object; PKIX_RETURN(ERROR); } diff --git a/security/nss/lib/libpkix/pkix/util/pkix_logger.c b/security/nss/lib/libpkix/pkix/util/pkix_logger.c index a916e6e4f44..cfd870def55 100644 --- a/security/nss/lib/libpkix/pkix/util/pkix_logger.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_logger.c @@ -492,7 +492,7 @@ pkix_Logger_Hashcode( PKIX_HASHCODE(logger->context, &tempHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) + + hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) + logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent; *pHashcode = hash; diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.h b/security/nss/lib/libpkix/pkix/util/pkix_tools.h index 1a4689da78c..fe6ce63465c 100755 --- a/security/nss/lib/libpkix/pkix/util/pkix_tools.h +++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.h @@ -1437,8 +1437,8 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key); typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry; struct pkix_ClassTable_EntryStruct { char *description; - PKIX_UInt32 objCounter; - PKIX_UInt32 typeObjectSize; + PKIX_Int32 objCounter; + PKIX_Int32 typeObjectSize; PKIX_PL_DestructorCallback destructor; PKIX_PL_EqualsCallback equalsFunction; PKIX_PL_HashcodeCallback hashcodeFunction; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c index 9954f0ca689..d459a4a7bae 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c @@ -265,7 +265,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( contentLength = /* Try to reserve 4K+ buffer */ client->filledupBytes + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && - contentLength > (PKIX_Int32)client->maxResponseLen) { + contentLength > client->maxResponseLen) { if (client->filledupBytes < client->maxResponseLen) { contentLength = client->maxResponseLen; } else { @@ -282,7 +282,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( default: client->rcv_http_data_len = contentLength; if (client->maxResponseLen > 0 && - (PKIX_Int32)client->maxResponseLen < contentLength) { + client->maxResponseLen < contentLength) { client->connectStatus = HTTP_ERROR; goto cleanup; } @@ -290,7 +290,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( /* * Do we have all of the message body, or do we need to read some more? */ - if ((PKIX_Int32)client->filledupBytes < contentLength) { + if (client->filledupBytes < contentLength) { client->connectStatus = HTTP_RECV_BODY; *pKeepGoing = PKIX_TRUE; } else { @@ -935,7 +935,7 @@ pkix_pl_HttpDefaultClient_RecvBody( * plus remaining capacity, plus new expansion. */ int currBuffSize = client->capacity; /* Try to increase the buffer by 4K */ - unsigned int newLength = currBuffSize + HTTP_DATA_BUFSIZE; + int newLength = currBuffSize + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && newLength > client->maxResponseLen) { newLength = client->maxResponseLen; @@ -1480,6 +1480,8 @@ pkix_pl_HttpDefaultClient_Cancel( SEC_HTTP_REQUEST_SESSION request, void *plContext) { + PKIX_PL_HttpDefaultClient *client = NULL; + PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel"); PKIX_NULLCHECK_ONE(request); @@ -1489,6 +1491,8 @@ pkix_pl_HttpDefaultClient_Cancel( plContext), PKIX_REQUESTNOTANHTTPDEFAULTCLIENT); + client = (PKIX_PL_HttpDefaultClient *)request; + /* XXX Not implemented */ cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c index 3dc06be9a27..a191ad65d6d 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapdefaultclient.c @@ -359,7 +359,7 @@ pkix_pl_LdapDefaultClient_VerifyBindResponse( "pkix_pl_LdapDefaultClient_VerifyBindResponse"); PKIX_NULLCHECK_TWO(client, client->rcvBuf); - decode.data = (unsigned char *)(client->rcvBuf); + decode.data = (void *)(client->rcvBuf); decode.len = bufLen; PKIX_CHECK(pkix_pl_LdapDefaultClient_DecodeBindResponse diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c index 4546e339a5b..51ffce97ca8 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c @@ -263,12 +263,16 @@ pkix_pl_LdapRequest_Destroy( PKIX_PL_Object *object, void *plContext) { + PKIX_PL_LdapRequest *ldapRq = NULL; + PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy"); PKIX_NULLCHECK_ONE(object); PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext), PKIX_OBJECTNOTLDAPREQUEST); + ldapRq = (PKIX_PL_LdapRequest *)object; + /* * All dynamic fields in an LDAPRequest are allocated * in an arena, and will be freed when the arena is destroyed. diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c index cd2543f3be2..9d37f58f80f 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapresponse.c @@ -730,7 +730,7 @@ pkix_pl_LdapResponse_GetResultCode( resultMsg = &response->decoded.protocolOp.op.searchResponseResultMsg; - *pResultCode = *(resultMsg->resultCode.data); + *pResultCode = *(char *)(resultMsg->resultCode.data); cleanup: diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c index 7de614ea682..078862c8b66 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c @@ -379,12 +379,14 @@ NameCacheHasFetchedCrlInfo(PKIX_PL_Cert *pkixCert, PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE; PKIX_List *dpList = NULL; pkix_pl_CrlDp *dp = NULL; + CERTCertificate *cert; PKIX_UInt32 dpIndex = 0; SECStatus rv = SECSuccess; PRTime reloadDelay = 0, badCrlInvalDelay = 0; PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl"); + cert = pkixCert->nssCert; reloadDelay = ((PKIX_PL_NssContext*)plContext)->crlReloadDelay * PR_USEC_PER_SEC; @@ -478,7 +480,7 @@ pkix_pl_Pk11CertStore_CheckRevByCrl( PKIX_PL_Cert *pkixIssuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - CERTCRLEntryReasonCode *pReasonCode, + PKIX_UInt32 *pReasonCode, PKIX_RevocationStatus *pStatus, void *plContext) { @@ -673,7 +675,7 @@ RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date, { NamedCRLCache* nameCrlCache = NULL; pkix_pl_CrlDp *dp = NULL; - unsigned int dpIndex = 0; + int dpIndex = 0; PRTime time; PRTime reloadDelay = 0, badCrlInvalDelay = 0; SECStatus rv; @@ -777,6 +779,7 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, SECItem *derCrlCopy = NULL; CERTSignedCrl *nssCrl = NULL; CERTGeneralName *genName = NULL; + PKIX_Int32 savedError = -1; SECItem **derGenNames = NULL; SECItem *derGenName = NULL; @@ -796,11 +799,13 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (!derGenName || !genName->name.other.data) { /* get to next name if no data. */ + savedError = PKIX_UNSUPPORTEDCRLDPTYPE; break; } uri = &genName->name.other; location = (char*)PR_Malloc(1 + uri->len); if (!location) { + savedError = PKIX_ALLOCERROR; break; } PORT_Memcpy(location, uri->data, uri->len); @@ -808,6 +813,7 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (CERT_ParseURL(location, &hostname, &port, &path) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); + savedError = PKIX_URLPARSINGFAILED; break; } @@ -817,6 +823,7 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if ((*hcv1->createSessionFcn)(hostname, port, &pServerSession) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); + savedError = PKIX_URLPARSINGFAILED; break; } @@ -828,6 +835,7 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, PR_SecondsToInterval( ((PKIX_PL_NssContext*)plContext)->timeoutSeconds), &pRequestSession) != SECSuccess) { + savedError = PKIX_HTTPSERVERERROR; break; } @@ -850,10 +858,12 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, NULL, &myHttpResponseData, &myHttpResponseDataLen) != SECSuccess) { + savedError = PKIX_HTTPSERVERERROR; break; } if (myHttpResponseCode != 200) { + savedError = PKIX_HTTPSERVERERROR; break; } } while(0); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c index 6bd0a3a0990..2afd680c607 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c @@ -62,12 +62,7 @@ static PKIX_Boolean socketTraceFlag = PKIX_FALSE; static void pkix_pl_socket_timestamp() { PRInt64 prTime; prTime = PR_Now(); -/* We shouldn't use PR_ALTERNATE_INT64_TYPEDEF, but nor can we use PRId64 */ -#if PR_BYTES_PER_LONG == 8 && !defined(PR_ALTERNATE_INT64_TYPEDEF) - printf("%ld:\n", prTime); -#else printf("%lld:\n", prTime); -#endif } /* @@ -145,7 +140,7 @@ static void pkix_pl_socket_linePrefix(PKIX_UInt32 addr) { */ static void pkix_pl_socket_traceLine(char *ptr) { PKIX_UInt32 i = 0; - pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); + pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); for (i = 0; i < 16; i++) { printf(" "); pkix_pl_socket_hexDigit(ptr[i]); @@ -189,7 +184,7 @@ static void pkix_pl_socket_traceLine(char *ptr) { static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) { PKIX_UInt32 i = 0; if (nBytes > 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); + pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); } for (i = 0; i < nBytes; i++) { printf(" "); @@ -248,7 +243,7 @@ void pkix_pl_socket_tracebuff(void *buf, PKIX_UInt32 nBytes) { * Special case: if called with length of zero, just do address */ if (nBytes == 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)buf - (char *)NULL)); + pkix_pl_socket_linePrefix((PKIX_UInt32)buf); printf("\n"); } else { while (bytesRemaining >= 16) { diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index fa8f1851eaf..2036f5c9fcb 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -1515,6 +1515,7 @@ PKIX_PL_Cert_Create( SECItem *derCertItem = NULL; void *derBytes = NULL; PKIX_UInt32 derLength; + PKIX_Boolean copyDER; PKIX_PL_Cert *cert = NULL; CERTCertDBHandle *handle; @@ -1541,6 +1542,7 @@ PKIX_PL_Cert_Create( * allowing us to free our copy without worrying about whether NSS * is still using it */ + copyDER = PKIX_TRUE; handle = CERT_GetDefaultCertDB(); nssCert = CERT_NewTempCertificate(handle, derCertItem, /* nickname */ NULL, diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c index b83db357ac7..0f6d7833340 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c @@ -351,7 +351,7 @@ pkix_pl_CRL_ToString_Helper( void *plContext) { char *asciiFormat = NULL; - PKIX_UInt32 crlVersion = 0; + PKIX_UInt32 crlVersion; PKIX_PL_X500Name *crlIssuer = NULL; PKIX_PL_OID *nssSignatureAlgId = NULL; PKIX_PL_BigInt *crlNumber = NULL; diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c index 338eb1c017e..6bc74b61129 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c @@ -73,7 +73,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable) PKIX_UInt32 pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable) { - unsigned int typeCounter = 0; + int typeCounter = 0; PKIX_UInt32 numObjects = 0; char classNameBuff[128]; char *className = NULL; @@ -245,9 +245,7 @@ cleanup: PKIX_Error * PKIX_PL_Shutdown(void *plContext) { -#ifdef DEBUG PKIX_UInt32 numLeakedObjects = 0; -#endif PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown"); @@ -260,14 +258,10 @@ PKIX_PL_Shutdown(void *plContext) pkix_pl_HttpCertStore_Shutdown(plContext); -#ifdef DEBUG numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL); if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { PORT_Assert(numLeakedObjects == 0); } -#else - pkix_pl_lifecycle_ObjectLeakCheck(NULL); -#endif if (plContext != NULL) { PKIX_PL_NssContext_Destroy(plContext); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c index 7dafa0b2043..881a1ed5433 100755 --- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c @@ -371,7 +371,7 @@ pkix_pl_Object_Hashcode_Default( PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default"); PKIX_NULLCHECK_TWO(object, pValue); - *pValue = (PKIX_UInt32)((char *)object - (char *)NULL); + *pValue = (PKIX_UInt32)object; PKIX_RETURN(OBJECT); } @@ -600,7 +600,7 @@ PKIX_PL_Object_Alloc( object = NULL; /* Atomically increment object counter */ - PR_ATOMIC_INCREMENT((PRInt32*)&ctEntry->objCounter); + PR_ATOMIC_INCREMENT(&ctEntry->objCounter); cleanup: @@ -897,7 +897,7 @@ PKIX_PL_Object_DecRef( } /* Atomically decrement object counter */ - PR_ATOMIC_DECREMENT((PRInt32*)&ctEntry->objCounter); + PR_ATOMIC_DECREMENT(&ctEntry->objCounter); /* pkix_pl_Object_Destroy assumes the lock is held */ /* It will call unlock and destroy the object */ diff --git a/security/nss/lib/nss/manifest.mn b/security/nss/lib/nss/manifest.mn index 54bed49e63b..9e812e52ce6 100644 --- a/security/nss/lib/nss/manifest.mn +++ b/security/nss/lib/nss/manifest.mn @@ -6,7 +6,6 @@ CORE_DEPTH = ../.. PRIVATE_EXPORTS = \ nssrenam.h \ - nssoptions.h \ $(NULL) EXPORTS = \ @@ -17,7 +16,6 @@ MODULE = nss CSRCS = \ nssinit.c \ - nssoptions.c \ nssver.c \ utilwrap.c \ $(NULL) diff --git a/security/nss/lib/nss/nss.def b/security/nss/lib/nss/nss.def index cd2920c05d9..fbabaa09a67 100644 --- a/security/nss/lib/nss/nss.def +++ b/security/nss/lib/nss/nss.def @@ -1082,11 +1082,3 @@ SECKEY_BigIntegerBitLength; ;+ local: ;+ *; ;+}; -;+NSS_3.21 { # NSS 3.21 release -;+ global: -NSS_OptionGet; -NSS_OptionSet; -SECMOD_CreateModuleEx; -;+ local: -;+ *; -;+}; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 279440019df..824e4609672 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -33,12 +33,12 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define NSS_VERSION "3.21" _NSS_ECC_STRING _NSS_CUSTOMIZED " Beta" +#define NSS_VERSION "3.20" _NSS_ECC_STRING _NSS_CUSTOMIZED #define NSS_VMAJOR 3 -#define NSS_VMINOR 21 +#define NSS_VMINOR 20 #define NSS_VPATCH 0 #define NSS_VBUILD 0 -#define NSS_BETA PR_TRUE +#define NSS_BETA PR_FALSE #ifndef RC_INVOKED @@ -294,19 +294,6 @@ SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData); */ SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); -/* Available options for NSS_OptionSet() and NSS_OptionGet(). - */ -#define NSS_RSA_MIN_KEY_SIZE (1<<0) -#define NSS_DH_MIN_KEY_SIZE (1<<1) -#define NSS_DSA_MIN_KEY_SIZE (1<<2) - -/* - * Set and get global options for the NSS library. - */ -SECStatus NSS_OptionSet(PRInt32 which, PRInt32 value); -SECStatus NSS_OptionGet(PRInt32 which, PRInt32 *value); - - /* * Close the Cert, Key databases. */ diff --git a/security/nss/lib/nss/nssinit.c b/security/nss/lib/nss/nssinit.c index b22f9151e3f..3966c35e2df 100644 --- a/security/nss/lib/nss/nssinit.c +++ b/security/nss/lib/nss/nssinit.c @@ -491,6 +491,10 @@ struct NSSInitContextStr { #define NSS_INIT_MAGIC 0x1413A91C static SECStatus nss_InitShutdownList(void); +#ifdef DEBUG +static CERTCertificate dummyCert; +#endif + /* All initialized to zero in BSS */ static PRCallOnceType nssInitOnce; static PZLock *nssInitLock; @@ -567,11 +571,8 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, * functions */ if (!isReallyInitted) { -#ifdef DEBUG - CERTCertificate dummyCert; /* New option bits must not change the size of CERTCertificate. */ PORT_Assert(sizeof(dummyCert.options) == sizeof(void *)); -#endif if (SECSuccess != cert_InitLocks()) { goto loser; @@ -1245,8 +1246,9 @@ NSS_VersionCheck(const char *importedVersion) */ int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0; const char *ptr = importedVersion; -#define NSS_VERSION_VARIABLE __nss_base_version -#include "verref.h" + volatile char c; /* force a reference that won't get optimized away */ + + c = __nss_base_version[0]; while (isdigit(*ptr)) { vmajor = 10 * vmajor + *ptr - '0'; diff --git a/security/nss/lib/nss/nssoptions.c b/security/nss/lib/nss/nssoptions.c deleted file mode 100644 index 10b0138df58..00000000000 --- a/security/nss/lib/nss/nssoptions.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * NSS utility functions - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include -#include -#include - -#include "seccomon.h" -#include "secoidt.h" -#include "secoid.h" -#include "nss.h" -#include "nssoptions.h" - -struct nssOps { - PRInt32 rsaMinKeySize; - PRInt32 dhMinKeySize; - PRInt32 dsaMinKeySize; -}; - -static struct nssOps nss_ops = { - SSL_RSA_MIN_MODULUS_BITS, - SSL_DH_MIN_P_BITS, - SSL_DSA_MIN_P_BITS -}; - -SECStatus -NSS_OptionSet(PRInt32 which, PRInt32 value) -{ -SECStatus rv = SECSuccess; - - switch (which) { - case NSS_RSA_MIN_KEY_SIZE: - nss_ops.rsaMinKeySize = value; - break; - case NSS_DH_MIN_KEY_SIZE: - nss_ops.dhMinKeySize = value; - break; - case NSS_DSA_MIN_KEY_SIZE: - nss_ops.dsaMinKeySize = value; - break; - default: - rv = SECFailure; - } - - return rv; -} - -SECStatus -NSS_OptionGet(PRInt32 which, PRInt32 *value) -{ -SECStatus rv = SECSuccess; - - switch (which) { - case NSS_RSA_MIN_KEY_SIZE: - *value = nss_ops.rsaMinKeySize; - break; - case NSS_DH_MIN_KEY_SIZE: - *value = nss_ops.dhMinKeySize; - break; - case NSS_DSA_MIN_KEY_SIZE: - *value = nss_ops.dsaMinKeySize; - break; - default: - rv = SECFailure; - } - - return rv; -} - diff --git a/security/nss/lib/nss/nssoptions.h b/security/nss/lib/nss/nssoptions.h deleted file mode 100644 index daa0944c30e..00000000000 --- a/security/nss/lib/nss/nssoptions.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * NSS utility functions - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -/* - * Include the default limits here - */ -/* SSL default limits are here so we don't have to import a private SSL header - * file into NSS proper */ - -/* The minimum server key sizes accepted by the clients. - * Not 1024 to be conservative. */ -#define SSL_RSA_MIN_MODULUS_BITS 1023 -/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be - * only 1023 bits and similar. We don't have good data on whether this - * happens because NSS used to count bit lengths incorrectly. */ -#define SSL_DH_MIN_P_BITS 1023 -#define SSL_DSA_MIN_P_BITS 1023 - diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 8d361ecf888..1bf8a7f50bc 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -143,8 +143,6 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert, PK11_SETATTRS(&theTemplate,0,NULL,0); switch (pubKey->keyType) { case rsaKey: - case rsaPssKey: - case rsaOaepKey: PK11_SETATTRS(&theTemplate,CKA_MODULUS, pubKey->u.rsa.modulus.data, pubKey->u.rsa.modulus.len); break; @@ -230,6 +228,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, nssPKIObject *pkio; NSSToken *token; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); + PRStatus status; /* Get the cryptoki object from the handle */ token = PK11Slot_GetNSSToken(slot); @@ -279,7 +278,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, * different NSSCertificate that it found in the cache. * Presumably, the nickname which we just output above remains valid. :) */ - (void)nssTrustDomain_AddCertsToCache(td, &c, 1); + status = nssTrustDomain_AddCertsToCache(td, &c, 1); return STAN_GetCERTCertificateOrRelease(c); } @@ -1381,7 +1380,6 @@ pk11_keyIDHash_populate(void *wincx) } moduleLock = SECMOD_GetDefaultModuleListLock(); if (!moduleLock) { - SECITEM_FreeItem(slotid, PR_TRUE); PORT_SetError(SEC_ERROR_NOT_INITIALIZED); return PR_FAILURE; } @@ -2007,6 +2005,7 @@ SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, SECStatus(* callback)(CERTCertificate*, void *), void *arg) { + struct nss3_cert_cbstr pk11cb; PRStatus nssrv = PR_SUCCESS; NSSToken *token; NSSTrustDomain *td; @@ -2017,6 +2016,8 @@ PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, NSSCertificate **certs; nssList *nameList = NULL; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; + pk11cb.callback = callback; + pk11cb.arg = arg; token = PK11Slot_GetNSSToken(slot); if (!nssToken_IsPresent(token)) { return SECSuccess; @@ -2699,8 +2700,7 @@ __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) { /* Can't set nickname of temp cert. */ if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + return SEC_ERROR_INVALID_ARGS; } return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); } diff --git a/security/nss/lib/pk11wrap/pk11load.c b/security/nss/lib/pk11wrap/pk11load.c index e3ba1226e5f..6700180ad17 100644 --- a/security/nss/lib/pk11wrap/pk11load.c +++ b/security/nss/lib/pk11wrap/pk11load.c @@ -589,12 +589,8 @@ SECMOD_UnloadModule(SECMODModule *mod) { if (softokenLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { -#ifdef DEBUG PRStatus status = PR_UnloadLibrary(softokenLib); PORT_Assert(PR_SUCCESS == status); -#else - PR_UnloadLibrary(softokenLib); -#endif } softokenLib = NULL; } diff --git a/security/nss/lib/pk11wrap/pk11mech.c b/security/nss/lib/pk11wrap/pk11mech.c index 29e86e64452..b7a7296b39a 100644 --- a/security/nss/lib/pk11wrap/pk11mech.c +++ b/security/nss/lib/pk11wrap/pk11mech.c @@ -379,8 +379,6 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: case CKM_TLS_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: - case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: - case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: case CKM_SHA_1_HMAC: case CKM_SHA_1_HMAC_GENERAL: case CKM_SHA224_HMAC: @@ -575,8 +573,6 @@ PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size) case CKM_TLS_MASTER_KEY_DERIVE: case CKM_TLS_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: - case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: - case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: return CKM_SSL3_PRE_MASTER_KEY_GEN; case CKM_SHA_1_HMAC: case CKM_SHA_1_HMAC_GENERAL: diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c index 8fadc7caf31..ad9b1fda684 100644 --- a/security/nss/lib/pk11wrap/pk11merge.c +++ b/security/nss/lib/pk11wrap/pk11merge.c @@ -750,7 +750,8 @@ pk11_mergeCert(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, CK_ATTRIBUTE sourceCKAID = {CKA_ID, NULL, 0}; CK_ATTRIBUTE targetCKAID = {CKA_ID, NULL, 0}; SECStatus lrv = SECSuccess; - int error = SEC_ERROR_LIBRARY_FAILURE; + int error; + sourceCert = PK11_MakeCertFromHandle(sourceSlot, id, NULL); if (sourceCert == NULL) { @@ -1261,8 +1262,7 @@ pk11_mergeByObjectIDs(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, PK11MergeLog *log, void *targetPwArg, void *sourcePwArg) { SECStatus rv = SECSuccess; - int error = SEC_ERROR_LIBRARY_FAILURE; - int i; + int error, i; for (i=0; i < count; i++) { /* try to update the entire database. On failure, keep going, @@ -1326,8 +1326,7 @@ PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, PK11MergeLog *log, void *targetPwArg, void *sourcePwArg) { SECStatus rv = SECSuccess, lrv = SECSuccess; - int error = SEC_ERROR_LIBRARY_FAILURE; - int count = 0; + int error, count = 0; CK_ATTRIBUTE search[2]; CK_OBJECT_HANDLE *objectIDs = NULL; CK_BBOOL ck_true = CK_TRUE; diff --git a/security/nss/lib/pk11wrap/pk11obj.c b/security/nss/lib/pk11wrap/pk11obj.c index 848b45a0179..70802948193 100644 --- a/security/nss/lib/pk11wrap/pk11obj.c +++ b/security/nss/lib/pk11wrap/pk11obj.c @@ -1577,7 +1577,7 @@ PK11_WriteRawAttribute(PK11ObjectType objType, void *objSpec, CK_ATTRIBUTE_TYPE attrType, SECItem *item) { PK11SlotInfo *slot = NULL; - CK_OBJECT_HANDLE handle = 0; + CK_OBJECT_HANDLE handle; CK_ATTRIBUTE setTemplate; CK_RV crv; CK_SESSION_HANDLE rwsession; @@ -1630,7 +1630,7 @@ PK11_ReadRawAttribute(PK11ObjectType objType, void *objSpec, CK_ATTRIBUTE_TYPE attrType, SECItem *item) { PK11SlotInfo *slot = NULL; - CK_OBJECT_HANDLE handle = 0; + CK_OBJECT_HANDLE handle; switch (objType) { case PK11_TypeGeneric: @@ -1781,6 +1781,7 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]); /* if you change the array, change the variable below as well */ CK_OBJECT_HANDLE peerID; + CK_OBJECT_HANDLE parent; PLArenaPool *arena; CK_RV crv; @@ -1809,6 +1810,7 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, /* * issue the find */ + parent = *(CK_OBJECT_CLASS *)(keyclass->pValue); *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass; peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize); diff --git a/security/nss/lib/pk11wrap/pk11pars.c b/security/nss/lib/pk11wrap/pk11pars.c index 40ac7908575..314062bdafb 100644 --- a/security/nss/lib/pk11wrap/pk11pars.c +++ b/security/nss/lib/pk11wrap/pk11pars.c @@ -133,17 +133,6 @@ secmod_NewModule(void) SECMODModule * SECMOD_CreateModule(const char *library, const char *moduleName, const char *parameters, const char *nss) -{ - return SECMOD_CreateModuleEx(library, moduleName, parameters, nss, NULL); -} - -/* - * for 3.4 we continue to use the old SECMODModule structure - */ -SECMODModule * -SECMOD_CreateModuleEx(const char *library, const char *moduleName, - const char *parameters, const char *nss, - const char *config) { SECMODModule *mod = secmod_NewModule(); char *slotParams,*ciphers; @@ -159,9 +148,6 @@ SECMOD_CreateModuleEx(const char *library, const char *moduleName, if (parameters) { mod->libraryParams = PORT_ArenaStrdup(mod->arena,parameters); } - if (config) { - /* XXX: Apply configuration */ - } mod->internal = NSSUTIL_ArgHasFlag("flags","internal",nssc); mod->isFIPS = NSSUTIL_ArgHasFlag("flags","FIPS",nssc); mod->isCritical = NSSUTIL_ArgHasFlag("flags","critical",nssc); @@ -991,7 +977,6 @@ SECMODModule * SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) { char *library = NULL, *moduleName = NULL, *parameters = NULL, *nss= NULL; - char *config = NULL; SECStatus status; SECMODModule *module = NULL; SECMODModule *oldModule = NULL; @@ -1000,19 +985,17 @@ SECMOD_LoadModule(char *modulespec,SECMODModule *parent, PRBool recurse) /* initialize the underlying module structures */ SECMOD_Init(); - status = NSSUTIL_ArgParseModuleSpecEx(modulespec, &library, &moduleName, - ¶meters, &nss, - &config); + status = NSSUTIL_ArgParseModuleSpec(modulespec, &library, &moduleName, + ¶meters, &nss); if (status != SECSuccess) { goto loser; } - module = SECMOD_CreateModuleEx(library, moduleName, parameters, nss, config); + module = SECMOD_CreateModule(library, moduleName, parameters, nss); if (library) PORT_Free(library); if (moduleName) PORT_Free(moduleName); if (parameters) PORT_Free(parameters); if (nss) PORT_Free(nss); - if (config) PORT_Free(config); if (!module) { goto loser; } diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c index e5a0a21cf44..471e57b3365 100644 --- a/security/nss/lib/pk11wrap/pk11pk12.c +++ b/security/nss/lib/pk11wrap/pk11pk12.c @@ -234,17 +234,13 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate, derPKI); if( rv != SECSuccess ) { - /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the - * validity of the data in pki. The best we can do is free the arena - * and return. - */ - PORT_FreeArena(temparena, PR_TRUE); - return rv; + goto finish; } rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, publicValue, isPerm, isPrivate, keyUsage, privk, wincx); +finish: /* this zeroes the key and frees the arena */ SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/); return rv; @@ -426,6 +422,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk, void *wincx) { + CK_KEY_TYPE keyType = CKK_RSA; SECStatus rv = SECFailure; SECKEYRawPrivateKey *lpk = NULL; const SEC_ASN1Template *keyTemplate, *paramTemplate; @@ -452,6 +449,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = rsaKey; + keyType = CKK_RSA; break; case SEC_OID_ANSIX9_DSA_SIGNATURE: prepare_dsa_priv_key_export_for_asn1(lpk); @@ -459,6 +457,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = SECKEY_PQGParamsTemplate; paramDest = &(lpk->u.dsa.params); lpk->keyType = dsaKey; + keyType = CKK_DSA; break; case SEC_OID_X942_DIFFIE_HELMAN_KEY: if(!publicValue) { @@ -469,6 +468,7 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = dhKey; + keyType = CKK_DH; break; default: diff --git a/security/nss/lib/pk11wrap/pk11skey.c b/security/nss/lib/pk11wrap/pk11skey.c index 20d9eaad9db..4c5b9f16aaf 100644 --- a/security/nss/lib/pk11wrap/pk11skey.c +++ b/security/nss/lib/pk11wrap/pk11skey.c @@ -1821,8 +1821,6 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, switch (privKey->keyType) { case rsaKey: - case rsaPssKey: - case rsaOaepKey: case nullKey: PORT_SetError(SEC_ERROR_BAD_KEY); break; diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index d52c0204d9f..1f6597b5ebb 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -400,7 +400,6 @@ PK11_NewSlotInfo(SECMODModule *mod) slot->minPassword = 0; slot->maxPassword = 0; slot->hasRootCerts = PR_FALSE; - slot->hasRootTrust = PR_FALSE; slot->nssToken = NULL; return slot; } @@ -556,10 +555,10 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName, break; } if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) && - ( (!tokenName) || - (0==PORT_Strcmp(tmpSlot->token_name, tokenName)) ) && - ( (!slotName) || - (0==PORT_Strcmp(tmpSlot->slot_name, slotName)) ) ) { + ( (!tokenName) || (tmpSlot->token_name && + (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) && + ( (!slotName) || (tmpSlot->slot_name && + (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) { if (tmpSlot) { PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE); slotcount++; @@ -1106,6 +1105,7 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) { CK_TOKEN_INFO tokenInfo; CK_RV crv; + char *tmp; SECStatus rv; PRStatus status; @@ -1139,8 +1139,8 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) if (slot->isActiveCard) { slot->protectedAuthPath = PR_FALSE; } - (void)PK11_MakeString(NULL,slot->token_name, - (char *)tokenInfo.label, sizeof(tokenInfo.label)); + tmp = PK11_MakeString(NULL,slot->token_name, + (char *)tokenInfo.label, sizeof(tokenInfo.label)); slot->minPassword = tokenInfo.ulMinPinLen; slot->maxPassword = tokenInfo.ulMaxPinLen; PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial)); @@ -1349,6 +1349,7 @@ void PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) { SECStatus rv; + char *tmp; CK_SLOT_INFO slotInfo; slot->functionList = mod->functionList; @@ -1370,7 +1371,7 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) * works because modules keep implicit references * from their slots, and won't unload and disappear * until all their slots have been freed */ - (void)PK11_MakeString(NULL,slot->slot_name, + tmp = PK11_MakeString(NULL,slot->slot_name, (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); #define ACTIVE_CARD "ActivCard SA" @@ -2051,7 +2052,7 @@ PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type, PK11SlotInfo *slot = NULL; PRBool freeit = PR_FALSE; PRBool listNeedLogin = PR_FALSE; - unsigned int i; + int i; SECStatus rv; list = PK11_GetSlotList(type[0]); diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h index c194d9a7a58..9cc4cfb5246 100644 --- a/security/nss/lib/pk11wrap/secmod.h +++ b/security/nss/lib/pk11wrap/secmod.h @@ -64,9 +64,6 @@ SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); SECMODModule * SECMOD_CreateModule(const char *lib, const char *name, const char *param, const char *nss); -SECMODModule * SECMOD_CreateModuleEx(const char *lib, const char *name, - const char *param, const char *nss, - const char *config); /* * After a fork(), PKCS #11 says we need to call C_Initialize again in * the child before we can use the module. This function causes this diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index 51bf0f7f51f..6a3a38c94b9 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -2810,7 +2810,7 @@ SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, return SECFailure; } - for (i = 0; (safeBag = p12dcx->safeBags[i]); i++) { + for (i = 0; safeBag = p12dcx->safeBags[i]; i++) { SECItem *newNickname = NULL; SECItem *defaultNickname = NULL; SECStatus rename_rv; diff --git a/security/nss/lib/pkcs12/p12e.c b/security/nss/lib/pkcs12/p12e.c index 7669384900f..5584407f8e7 100644 --- a/security/nss/lib/pkcs12/p12e.c +++ b/security/nss/lib/pkcs12/p12e.c @@ -695,6 +695,7 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, void *bagData) { sec_PKCS12SafeBag *safeBag; + PRBool setName = PR_TRUE; void *mark = NULL; SECStatus rv = SECSuccess; SECOidData *oidData = NULL; @@ -739,6 +740,7 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID: safeBag->safeBagContent.safeContents = (sec_PKCS12SafeContents *)bagData; + setName = PR_FALSE; break; default: goto loser; @@ -1530,6 +1532,8 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) * it is confirmed that integrity must be in place */ if(p12exp->integrityEnabled && !p12exp->pwdIntegrity) { + SECStatus rv; + /* create public key integrity mode */ p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData( p12exp->integrityInfo.pubkeyInfo.cert, @@ -1545,7 +1549,8 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) if(SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo,NULL) != SECSuccess) { goto loser; } - PORT_CheckSuccess(SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo)); + rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo); + PORT_Assert(rv == SECSuccess); } else { p12enc->aSafeCinfo = SEC_PKCS7CreateData(); diff --git a/security/nss/lib/pkcs7/p7common.c b/security/nss/lib/pkcs7/p7common.c index 10015ce25b1..9a44f20b388 100644 --- a/security/nss/lib/pkcs7/p7common.c +++ b/security/nss/lib/pkcs7/p7common.c @@ -408,6 +408,7 @@ SEC_PKCS7EncryptContents(PLArenaPool *poolp, void *wincx) { SECAlgorithmID *algid = NULL; + SECItem * result = NULL; SECItem * src; SECItem * dest; SECItem * blocked_data = NULL; @@ -523,6 +524,9 @@ loser: if(blocked_data != NULL) SECITEM_ZfreeItem(blocked_data, PR_TRUE); + if(result != NULL) + SECITEM_ZfreeItem(result, PR_TRUE); + if(rv == SECFailure) PORT_ArenaRelease(poolp, mark); else @@ -562,7 +566,7 @@ SEC_PKCS7DecryptContents(PLArenaPool *poolp, { SECAlgorithmID *algid = NULL; SECStatus rv = SECFailure; - SECItem *dest, *src; + SECItem *result = NULL, *dest, *src; void *mark; PK11SymKey *eKey = NULL; @@ -641,6 +645,9 @@ SEC_PKCS7DecryptContents(PLArenaPool *poolp, loser: /* let success fall through */ + if(result != NULL) + SECITEM_ZfreeItem(result, PR_TRUE); + if(rv == SECFailure) PORT_ArenaRelease(poolp, mark); else diff --git a/security/nss/lib/pkcs7/p7decode.c b/security/nss/lib/pkcs7/p7decode.c index 7a52d820383..80689544e99 100644 --- a/security/nss/lib/pkcs7/p7decode.c +++ b/security/nss/lib/pkcs7/p7decode.c @@ -1290,6 +1290,7 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, const SECItem *digest; SECItem **digests; SECItem **rawcerts; + CERTSignedCrl **crls; SEC_PKCS7SignerInfo **signerinfos, *signerinfo; CERTCertificate *cert, **certs; PRBool goodsig; @@ -1339,6 +1340,7 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = sdp->digestAlgorithms; digests = sdp->digests; rawcerts = sdp->rawCerts; + crls = sdp->crls; signerinfos = sdp->signerInfos; content_type = &(sdp->contentInfo.contentType); sigkey = NULL; @@ -1353,6 +1355,7 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = saedp->digestAlgorithms; digests = saedp->digests; rawcerts = saedp->rawCerts; + crls = saedp->crls; signerinfos = saedp->signerInfos; content_type = &(saedp->encContentInfo.contentType); sigkey = saedp->sigKey; diff --git a/security/nss/lib/pkcs7/p7encode.c b/security/nss/lib/pkcs7/p7encode.c index 349bc84610c..99b68ee517d 100644 --- a/security/nss/lib/pkcs7/p7encode.c +++ b/security/nss/lib/pkcs7/p7encode.c @@ -59,10 +59,13 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, SECKEYPublicKey *publickey = NULL; SECKEYPrivateKey *ourPrivKey = NULL; PK11SymKey *bulkkey; - void *mark; + void *mark, *wincx; int i; PLArenaPool *arena = NULL; + /* Get the context in case we need it below. */ + wincx = cinfo->pwfn_arg; + kind = SEC_PKCS7ContentType (cinfo); switch (kind) { default: diff --git a/security/nss/lib/pkcs7/p7local.c b/security/nss/lib/pkcs7/p7local.c index 8c5e0bfa591..6a7af1f809e 100644 --- a/security/nss/lib/pkcs7/p7local.c +++ b/security/nss/lib/pkcs7/p7local.c @@ -397,7 +397,7 @@ sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - unsigned int blocks, bsize, pcount, padsize; + int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/security/nss/lib/pki/certificate.c b/security/nss/lib/pki/certificate.c index fdf147c9e3d..ed6145a5596 100644 --- a/security/nss/lib/pki/certificate.c +++ b/security/nss/lib/pki/certificate.c @@ -895,6 +895,7 @@ nssCertificateList_DoCallback ( { nssListIterator *certs; NSSCertificate *cert; + PRStatus nssrv; certs = nssList_CreateIterator(certList); if (!certs) { return PR_FAILURE; @@ -903,7 +904,7 @@ nssCertificateList_DoCallback ( cert != (NSSCertificate *)NULL; cert = (NSSCertificate *)nssListIterator_Next(certs)) { - (void)(*callback)(cert, arg); + nssrv = (*callback)(cert, arg); } nssListIterator_Finish(certs); nssListIterator_Destroy(certs); diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index a415ace4c91..953d73800c4 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -1272,7 +1272,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) { int numNotDestroyed = 0; /* the ones skipped plus the failures */ int failureCount = 0; /* actual deletion failures by devices */ - unsigned int index; + int index; nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); @@ -1327,7 +1327,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) /* caller made sure nssTrust isn't NULL */ nssPKIObject *tobject = &nssTrust->object; nssPKIObject *cobject = &c->object; - unsigned int i; + int i; /* Iterate through the cert and trust object instances looking for * those with matching pk11 slots to delete. Even if some device diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index 0e39e8ba611..083b9b66a94 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -903,6 +903,7 @@ nssPKIObjectCollection_Traverse ( nssPKIObjectCallback *callback ) { + PRStatus status; PRCList *link = PR_NEXT_LINK(&collection->head); pkiObjectCollectionNode *node; while (link != &collection->head) { @@ -919,19 +920,19 @@ nssPKIObjectCollection_Traverse ( } switch (collection->objectType) { case pkiObjectType_Certificate: - (void)(*callback->func.cert)((NSSCertificate *)node->object, + status = (*callback->func.cert)((NSSCertificate *)node->object, callback->arg); break; case pkiObjectType_CRL: - (void)(*callback->func.crl)((NSSCRL *)node->object, + status = (*callback->func.crl)((NSSCRL *)node->object, callback->arg); break; case pkiObjectType_PrivateKey: - (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object, + status = (*callback->func.pvkey)((NSSPrivateKey *)node->object, callback->arg); break; case pkiObjectType_PublicKey: - (void)(*callback->func.pbkey)((NSSPublicKey *)node->object, + status = (*callback->func.pbkey)((NSSPublicKey *)node->object, callback->arg); break; } @@ -1056,11 +1057,9 @@ nssCertificateCollection_Create ( NSSCertificate **certsOpt ) { + PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor); - if (!collection) { - return NULL; - } collection->objectType = pkiObjectType_Certificate; collection->destroyObject = cert_destroyObject; collection->getUIDFromObject = cert_getUIDFromObject; @@ -1069,7 +1068,7 @@ nssCertificateCollection_Create ( if (certsOpt) { for (; *certsOpt; certsOpt++) { nssPKIObject *object = (nssPKIObject *)(*certsOpt); - (void)nssPKIObjectCollection_AddObject(collection, object); + status = nssPKIObjectCollection_AddObject(collection, object); } } return collection; @@ -1165,11 +1164,9 @@ nssCRLCollection_Create ( NSSCRL **crlsOpt ) { + PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock); - if (!collection) { - return NULL; - } collection->objectType = pkiObjectType_CRL; collection->destroyObject = crl_destroyObject; collection->getUIDFromObject = crl_getUIDFromObject; @@ -1178,7 +1175,7 @@ nssCRLCollection_Create ( if (crlsOpt) { for (; *crlsOpt; crlsOpt++) { nssPKIObject *object = (nssPKIObject *)(*crlsOpt); - (void)nssPKIObjectCollection_AddObject(collection, object); + status = nssPKIObjectCollection_AddObject(collection, object); } } return collection; diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c index 5f9dfdd5c20..7842189ca7e 100644 --- a/security/nss/lib/pki/tdcache.c +++ b/security/nss/lib/pki/tdcache.c @@ -329,7 +329,7 @@ nssTrustDomain_RemoveCertFromCacheLOCKED ( nssList *subjectList; cache_entry *ce; NSSArena *arena; - NSSUTF8 *nickname = NULL; + NSSUTF8 *nickname; #ifdef DEBUG_CACHE log_cert_ref("attempt to remove cert", cert); @@ -776,18 +776,14 @@ add_cert_to_cache ( added++; /* If a new subject entry was created, also need nickname and/or email */ if (subjectList != NULL) { -#ifdef nodef PRBool handle = PR_FALSE; -#endif if (certNickname) { nssrv = add_nickname_entry(arena, td->cache, certNickname, subjectList); if (nssrv != PR_SUCCESS) { goto loser; } -#ifdef nodef handle = PR_TRUE; -#endif added++; } if (cert->email) { @@ -795,9 +791,7 @@ add_cert_to_cache ( if (nssrv != PR_SUCCESS) { goto loser; } -#ifdef nodef handle = PR_TRUE; -#endif added += 2; } #ifdef nodef diff --git a/security/nss/lib/pki/trustdomain.c b/security/nss/lib/pki/trustdomain.c index 90e8f268d65..a3d26a88d47 100644 --- a/security/nss/lib/pki/trustdomain.c +++ b/security/nss/lib/pki/trustdomain.c @@ -991,6 +991,7 @@ NSSTrustDomain_TraverseCertificates ( void *arg ) { + PRStatus status = PR_FAILURE; NSSToken *token = NULL; NSSSlot **slots = NULL; NSSSlot **slotp; @@ -1027,7 +1028,7 @@ NSSTrustDomain_TraverseCertificates ( session = nssTrustDomain_GetSessionForToken(td, token); if (session) { /* perform the traversal */ - (void)nssToken_TraverseCertificates(token, + status = nssToken_TraverseCertificates(token, session, tokenOnly, collector, @@ -1040,7 +1041,7 @@ NSSTrustDomain_TraverseCertificates ( /* Traverse the collection */ pkiCallback.func.cert = callback; pkiCallback.arg = arg; - (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback); + status = nssPKIObjectCollection_Traverse(collection, &pkiCallback); loser: if (slots) { nssSlotArray_Destroy(slots); diff --git a/security/nss/lib/smime/cmsasn1.c b/security/nss/lib/smime/cmsasn1.c index b09a2e18c87..4519363b93f 100644 --- a/security/nss/lib/smime/cmsasn1.c +++ b/security/nss/lib/smime/cmsasn1.c @@ -51,6 +51,10 @@ const SEC_ASN1Template NSSCMSMessageTemplate[] = { { 0 } }; +static const SEC_ASN1Template NSS_PointerToCMSMessageTemplate[] = { + { SEC_ASN1_POINTER, 0, NSSCMSMessageTemplate } +}; + /* ----------------------------------------------------------------------------- * ENCAPSULATED & ENCRYPTED CONTENTINFO * (both use a NSSCMSContentInfo) diff --git a/security/nss/lib/smime/cmscinfo.c b/security/nss/lib/smime/cmscinfo.c index b6f1d0a6a50..56ca0f20e35 100644 --- a/security/nss/lib/smime/cmscinfo.c +++ b/security/nss/lib/smime/cmscinfo.c @@ -227,7 +227,7 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn void * NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo) { - SECOidTag tag = cinfo->contentTypeTag + SECOidTag tag = (cinfo && cinfo->contentTypeTag) ? cinfo->contentTypeTag->offset : SEC_OID_UNKNOWN; switch (tag) { diff --git a/security/nss/lib/smime/cmscipher.c b/security/nss/lib/smime/cmscipher.c index 958d4e47357..16d643615b8 100644 --- a/security/nss/lib/smime/cmscipher.c +++ b/security/nss/lib/smime/cmscipher.c @@ -366,7 +366,7 @@ NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - unsigned int blocks, bsize, pcount, padsize; + int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/security/nss/lib/smime/cmsencode.c b/security/nss/lib/smime/cmsencode.c index 3025740b59c..651f0865ac2 100644 --- a/security/nss/lib/smime/cmsencode.c +++ b/security/nss/lib/smime/cmsencode.c @@ -122,6 +122,7 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) NSSCMSEncoderContext *p7ecx; NSSCMSContentInfo *rootcinfo, *cinfo; PRBool after = !before; + PLArenaPool *poolp; SECOidTag childtype; SECItem *item; @@ -129,6 +130,7 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) PORT_Assert(p7ecx != NULL); rootcinfo = &(p7ecx->cmsg->contentInfo); + poolp = p7ecx->cmsg->poolp; #ifdef CMSDEBUG fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth); @@ -199,9 +201,12 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx) SECStatus rv; SECOidTag childtype; NSSCMSContentInfo *cinfo; + PLArenaPool *poolp; NSSCMSEncoderContext *childp7ecx; const SEC_ASN1Template *template; + poolp = p7ecx->cmsg->poolp; + /* call _Encode_BeforeData handlers */ switch (p7ecx->type) { case SEC_OID_PKCS7_SIGNED_DATA: diff --git a/security/nss/lib/smime/cmsrecinfo.c b/security/nss/lib/smime/cmsrecinfo.c index abc22542c7a..5e08870b292 100644 --- a/security/nss/lib/smime/cmsrecinfo.c +++ b/security/nss/lib/smime/cmsrecinfo.c @@ -526,6 +526,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag) { PK11SymKey *bulkkey = NULL; + SECAlgorithmID *encalg; SECOidTag encalgtag; SECItem *enckey; int error; @@ -535,6 +536,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, switch (ri->recipientInfoType) { case NSSCMSRecipientInfoID_KeyTrans: + encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */ switch (encalgtag) { @@ -549,6 +551,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KeyAgree: + encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); switch (encalgtag) { @@ -570,6 +573,7 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KEK: + encalg = &(ri->ri.kekRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg)); enckey = &(ri->ri.kekRecipientInfo.encKey); /* not supported yet */ diff --git a/security/nss/lib/smime/cmssiginfo.c b/security/nss/lib/smime/cmssiginfo.c index f3635c2da7c..ae35f0538b7 100644 --- a/security/nss/lib/smime/cmssiginfo.c +++ b/security/nss/lib/smime/cmssiginfo.c @@ -404,7 +404,6 @@ NSS_CMSSignerInfo_Verify(NSSCMSSignerInfo *signerinfo, if (NSS_CMSAttributeArray_Encode(poolp, &(signerinfo->authAttr), &encoded_attrs) == NULL || encoded_attrs.data == NULL || encoded_attrs.len == 0) { - PORT_FreeArena(poolp, PR_FALSE); vs = NSSCMSVS_ProcessingError; goto loser; } diff --git a/security/nss/lib/smime/cmsudf.c b/security/nss/lib/smime/cmsudf.c index 472b6d66338..13071113e7c 100644 --- a/security/nss/lib/smime/cmsudf.c +++ b/security/nss/lib/smime/cmsudf.c @@ -79,14 +79,14 @@ nss_cmstype_shutdown(void *appData, void *reserved) static PLHashNumber nss_cmstype_hash_key(const void *key) { - return (PLHashNumber)((char *)key - (char *)NULL); + return (PLHashNumber) key; } static PRIntn nss_cmstype_compare_keys(const void *v1, const void *v2) { - PLHashNumber value1 = nss_cmstype_hash_key(v1); - PLHashNumber value2 = nss_cmstype_hash_key(v2); + PLHashNumber value1 = (PLHashNumber) v1; + PLHashNumber value2 = (PLHashNumber) v2; return (value1 == value2); } diff --git a/security/nss/lib/smime/smimeutil.c b/security/nss/lib/smime/smimeutil.c index 84d1960a0cf..fbb61b9c1aa 100644 --- a/security/nss/lib/smime/smimeutil.c +++ b/security/nss/lib/smime/smimeutil.c @@ -759,8 +759,6 @@ extern const char __nss_smime_version[]; PRBool NSSSMIME_VersionCheck(const char *importedVersion) { -#define NSS_VERSION_VARIABLE __nss_smime_version -#include "verref.h" /* * This is the secret handshake algorithm. * @@ -770,6 +768,10 @@ NSSSMIME_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ + volatile char c; /* force a reference that won't get optimized away */ + + c = __nss_smime_version[0]; + return NSS_VersionCheck(importedVersion); } diff --git a/security/nss/lib/softoken/legacydb/Makefile b/security/nss/lib/softoken/legacydb/Makefile index b7e94cae332..616c65fbd56 100644 --- a/security/nss/lib/softoken/legacydb/Makefile +++ b/security/nss/lib/softoken/legacydb/Makefile @@ -20,19 +20,7 @@ include $(CORE_DEPTH)/coreconf/config.mk # (3) Include "component" configuration information. (OPTIONAL) # ####################################################################### -ifdef NSS_NO_INIT_SUPPORT - DEFINES += -DNSS_NO_INIT_SUPPORT -endif -ifeq ($(OS_TARGET),Linux) -ifeq ($(CPU_ARCH),ppc) -ifdef USE_64 - DEFINES += -DNSS_NO_INIT_SUPPORT -endif # USE_64 -endif # ppc -else # !Linux - # turn off no init support everywhere for now - DEFINES += -DNSS_NO_INIT_SUPPORT -endif # Linux + ####################################################################### # (4) Include "local" platform-dependent assignments (OPTIONAL). # diff --git a/security/nss/lib/softoken/legacydb/keydb.c b/security/nss/lib/softoken/legacydb/keydb.c index d54f10c035f..085b2be20ef 100644 --- a/security/nss/lib/softoken/legacydb/keydb.c +++ b/security/nss/lib/softoken/legacydb/keydb.c @@ -1378,7 +1378,7 @@ nsslowkey_PutPWCheckEntry(NSSLOWKEYDBHandle *handle,NSSLOWKEYPasswordEntry *entr NSSLOWKEYDBKey *dbkey = NULL; SECItem *item = NULL; SECItem salt; - SECOidTag algid = SEC_OID_UNKNOWN; + SECOidTag algid; SECStatus rv = SECFailure; PLArenaPool *arena; int ret; @@ -1476,9 +1476,7 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, SECItem *cipherText = NULL; SECItem *dummy = NULL; #ifndef NSS_DISABLE_ECC -#ifdef EC_DEBUG SECItem *fordebug = NULL; -#endif int savelen; #endif @@ -1591,11 +1589,9 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, goto loser; } -#ifdef EC_DEBUG fordebug = &(pki->privateKey); SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey", pk->keyType, fordebug); -#endif break; #endif /* NSS_DISABLE_ECC */ @@ -1708,7 +1704,7 @@ seckey_decrypt_private_key(SECItem*epki, SECStatus rv = SECFailure; PLArenaPool *temparena = NULL, *permarena = NULL; SECItem *dest = NULL; -#ifdef EC_DEBUG +#ifndef NSS_DISABLE_ECC SECItem *fordebug = NULL; #endif @@ -1821,11 +1817,9 @@ seckey_decrypt_private_key(SECItem*epki, pk->keyType = NSSLOWKEYECKey; lg_prepare_low_ec_priv_key_for_asn1(pk); -#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey", pk->keyType, fordebug); -#endif if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey, &pki->privateKey) ) break; rv = SEC_QuickDERDecodeItem(permarena, pk, @@ -1996,10 +1990,12 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, SECItem *encCheck) { SECOidData *oidData; + SECStatus rv; oidData = SECOID_FindOIDByTag(alg); if ( oidData == NULL ) { - return SECFailure; + rv = SECFailure; + goto loser; } entry->len = 1 + oidData->oid.len + encCheck->len; @@ -2010,7 +2006,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, } if ( entry->data == NULL ) { - return SECFailure; + goto loser; } /* first length of oid */ @@ -2021,7 +2017,10 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data, encCheck->len); - return SECSuccess; + return(SECSuccess); + +loser: + return(SECFailure); } @@ -2033,6 +2032,7 @@ static SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) { SECStatus rv; + int ret; int errors = 0; if ( handle->db == NULL ) { @@ -2080,7 +2080,7 @@ nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) done: /* sync the database */ - (void)keydb_Sync(handle, 0); + ret = keydb_Sync(handle, 0); db_InitComplete(handle->db); return (errors == 0 ? SECSuccess : SECFailure); @@ -2089,6 +2089,7 @@ done: static int keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { + PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2098,7 +2099,7 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - (void)PZ_Unlock(kdbLock); + prstat = PZ_Unlock(kdbLock); return(ret); } @@ -2106,6 +2107,7 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { + PRStatus prstat; int ret = 0; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2115,7 +2117,7 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - (void)PZ_Unlock(kdbLock); + prstat = PZ_Unlock(kdbLock); return(ret); } @@ -2123,6 +2125,7 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) { + PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2132,7 +2135,7 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) ret = (* db->sync)(db, flags); - (void)PZ_Unlock(kdbLock); + prstat = PZ_Unlock(kdbLock); return(ret); } @@ -2140,6 +2143,7 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) static int keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) { + PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2149,7 +2153,7 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - (void)PZ_Unlock(kdbLock); + prstat = PZ_Unlock(kdbLock); return(ret); } @@ -2157,6 +2161,7 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) static int keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { + PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2166,7 +2171,7 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - (void)PZ_Unlock(kdbLock); + prstat = PZ_Unlock(kdbLock); return(ret); } @@ -2174,6 +2179,7 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static void keydb_Close(NSSLOWKEYDBHandle *kdb) { + PRStatus prstat; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2182,7 +2188,7 @@ keydb_Close(NSSLOWKEYDBHandle *kdb) (* db->close)(db); - SKIP_AFTER_FORK(PZ_Unlock(kdbLock)); + SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock)); return; } diff --git a/security/nss/lib/softoken/legacydb/lgattr.c b/security/nss/lib/softoken/legacydb/lgattr.c index 7c80c568e06..00a0a746d48 100644 --- a/security/nss/lib/softoken/legacydb/lgattr.c +++ b/security/nss/lib/softoken/legacydb/lgattr.c @@ -210,6 +210,8 @@ static const CK_ATTRIBUTE lg_StaticFalseAttr = LG_DEF_ATTRIBUTE(&lg_staticFalseValue,sizeof(lg_staticFalseValue)); static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL,0); char lg_StaticOneValue = 1; +static const CK_ATTRIBUTE lg_StaticOneAttr = + LG_DEF_ATTRIBUTE(&lg_StaticOneValue,sizeof(lg_StaticOneValue)); /* * helper functions which get the database and call the underlying @@ -432,6 +434,11 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) { return pubItem; } +static const SEC_ASN1Template lg_SerialTemplate[] = { + { SEC_ASN1_INTEGER, offsetof(NSSLOWCERTCertificate,serialNumber) }, + { 0 } +}; + static CK_RV lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute) diff --git a/security/nss/lib/softoken/legacydb/lginit.c b/security/nss/lib/softoken/legacydb/lginit.c index b49f3fea684..d08d4506a70 100644 --- a/security/nss/lib/softoken/legacydb/lginit.c +++ b/security/nss/lib/softoken/legacydb/lginit.c @@ -476,7 +476,15 @@ lg_Close(SDB *sdb) static PLHashNumber lg_HashNumber(const void *key) { - return (PLHashNumber)((char *)key - (char *)NULL); + return (PLHashNumber) key; +} + +PRIntn +lg_CompareValues(const void *v1, const void *v2) +{ + PLHashNumber value1 = (PLHashNumber) v1; + PLHashNumber value2 = (PLHashNumber) v2; + return (value1 == value2); } /* @@ -507,7 +515,7 @@ lg_init(SDB **pSdb, int flags, NSSLOWCERTCertDBHandle *certdbPtr, if (lgdb_p->dbLock == NULL) { goto loser; } - lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, PL_CompareValues, + lgdb_p->hashTable = PL_NewHashTable(64, lg_HashNumber, lg_CompareValues, SECITEM_HashCompare, NULL, 0); if (lgdb_p->hashTable == NULL) { goto loser; @@ -579,9 +587,9 @@ legacy_Open(const char *configdir, const char *certPrefix, CK_RV crv = CKR_OK; SECStatus rv; PRBool readOnly = (flags == SDB_RDONLY)? PR_TRUE: PR_FALSE; + volatile char c; /* force a reference that won't get optimized away */ -#define NSS_VERSION_VARIABLE __nss_dbm_version -#include "verref.h" + c = __nss_dbm_version[0]; rv = SECOID_Init(); if (SECSuccess != rv) { @@ -593,7 +601,7 @@ legacy_Open(const char *configdir, const char *certPrefix, if (certDB) *certDB = NULL; if (certDB) { - NSSLOWCERTCertDBHandle *certdbPtr = NULL; + NSSLOWCERTCertDBHandle *certdbPtr; crv = lg_OpenCertDB(configdir, certPrefix, readOnly, &certdbPtr); if (crv != CKR_OK) { diff --git a/security/nss/lib/softoken/legacydb/lgutil.c b/security/nss/lib/softoken/legacydb/lgutil.c index 1b45bb01136..88e46d6e49e 100644 --- a/security/nss/lib/softoken/legacydb/lgutil.c +++ b/security/nss/lib/softoken/legacydb/lgutil.c @@ -303,10 +303,8 @@ lg_mkHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class) /* there is only one KRL, use a fixed handle for it */ if (handle != LG_TOKEN_KRL_HANDLE) { lg_XORHash(hashBuf,dbKey->data,dbKey->len); - handle = ((CK_OBJECT_HANDLE)hashBuf[0] << 24) | - ((CK_OBJECT_HANDLE)hashBuf[1] << 16) | - ((CK_OBJECT_HANDLE)hashBuf[2] << 8) | - (CK_OBJECT_HANDLE)hashBuf[3]; + handle = (hashBuf[0] << 24) | (hashBuf[1] << 16) | + (hashBuf[2] << 8) | hashBuf[3]; handle = class | (handle & ~(LG_TOKEN_TYPE_MASK|LG_TOKEN_MASK)); /* we have a CRL who's handle has randomly matched the reserved KRL * handle, increment it */ diff --git a/security/nss/lib/softoken/legacydb/pcertdb.c b/security/nss/lib/softoken/legacydb/pcertdb.c index 418de0b8345..5f7670062ce 100644 --- a/security/nss/lib/softoken/legacydb/pcertdb.c +++ b/security/nss/lib/softoken/legacydb/pcertdb.c @@ -103,12 +103,13 @@ nsslowcert_LockDB(NSSLOWCERTCertDBHandle *handle) static void nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle) { -#ifdef DEBUG - PRStatus prstat = PZ_ExitMonitor(handle->dbMon); + PRStatus prstat; + + prstat = PZ_ExitMonitor(handle->dbMon); + PORT_Assert(prstat == PR_SUCCESS); -#else - PZ_ExitMonitor(handle->dbMon); -#endif + + return; } @@ -133,16 +134,15 @@ nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert) { + PRStatus prstat; + PORT_Assert(certRefCountLock != NULL); -#ifdef DEBUG - { - PRStatus prstat = PZ_Unlock(certRefCountLock); - PORT_Assert(prstat == PR_SUCCESS); - } -#else - PZ_Unlock(certRefCountLock); -#endif + prstat = PZ_Unlock(certRefCountLock); + + PORT_Assert(prstat == PR_SUCCESS); + + return; } /* @@ -166,16 +166,15 @@ nsslowcert_LockCertTrust(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert) { + PRStatus prstat; + PORT_Assert(certTrustLock != NULL); -#ifdef DEBUG - { - PRStatus prstat = PZ_Unlock(certTrustLock); - PORT_Assert(prstat == PR_SUCCESS); - } -#else - PZ_Unlock(certTrustLock); -#endif + prstat = PZ_Unlock(certTrustLock); + + PORT_Assert(prstat == PR_SUCCESS); + + return; } @@ -200,17 +199,15 @@ nsslowcert_LockFreeList(void) static void nsslowcert_UnlockFreeList(void) { + PRStatus prstat = PR_SUCCESS; + PORT_Assert(freeListLock != NULL); -#ifdef DEBUG - { - PRStatus prstat = PR_SUCCESS; - SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); - PORT_Assert(prstat == PR_SUCCESS); - } -#else - SKIP_AFTER_FORK(PZ_Unlock(freeListLock)); -#endif + SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); + + PORT_Assert(prstat == PR_SUCCESS); + + return; } NSSLOWCERTCertificate * @@ -227,6 +224,7 @@ nsslowcert_DupCertificate(NSSLOWCERTCertificate *c) static int certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) { + PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -234,7 +232,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - (void)PZ_Unlock(dbLock); + prstat = PZ_Unlock(dbLock); return(ret); } @@ -242,6 +240,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) { + PRStatus prstat; int ret = 0; PORT_Assert(dbLock != NULL); @@ -249,7 +248,7 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - (void)PZ_Unlock(dbLock); + prstat = PZ_Unlock(dbLock); return(ret); } @@ -257,6 +256,7 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Sync(DB *db, unsigned int flags) { + PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -264,7 +264,7 @@ certdb_Sync(DB *db, unsigned int flags) ret = (* db->sync)(db, flags); - (void)PZ_Unlock(dbLock); + prstat = PZ_Unlock(dbLock); return(ret); } @@ -273,6 +273,7 @@ certdb_Sync(DB *db, unsigned int flags) static int certdb_Del(DB *db, DBT *key, unsigned int flags) { + PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -280,7 +281,7 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - (void)PZ_Unlock(dbLock); + prstat = PZ_Unlock(dbLock); /* don't fail if the record is already deleted */ if (ret == DB_NOT_FOUND) { @@ -293,6 +294,7 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) static int certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) { + PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -300,7 +302,7 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - (void)PZ_Unlock(dbLock); + prstat = PZ_Unlock(dbLock); return(ret); } @@ -308,12 +310,14 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) static void certdb_Close(DB *db) { + PRStatus prstat = PR_SUCCESS; + PORT_Assert(dbLock != NULL); SKIP_AFTER_FORK(PZ_Lock(dbLock)); (* db->close)(db); - SKIP_AFTER_FORK(PZ_Unlock(dbLock)); + SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock)); return; } @@ -2426,6 +2430,7 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, certDBEntrySubject *entry; SECStatus rv; unsigned int nnlen; + unsigned int eaddrlen; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ( arena == NULL ) { @@ -2475,6 +2480,7 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, goto loser; } + eaddrlen = PORT_Strlen(emailAddr) + 1; entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *)); if ( entry->emailAddrs == NULL ) { PORT_Free(emailAddr); @@ -3381,10 +3387,13 @@ AddCertToPermDB(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTCertificate *cert, loser: /* don't leave partial entry in the database */ if ( state > 0 ) { - DeleteDBCertEntry(handle, &cert->certKey); + rv = DeleteDBCertEntry(handle, &cert->certKey); } if ( ( state > 1 ) && donnentry ) { - DeleteDBNicknameEntry(handle, nickname); + rv = DeleteDBNicknameEntry(handle, nickname); + } + if ( state > 2 ) { + rv = DeleteDBSubjectEntry(handle, &cert->derSubject); } if ( certEntry ) { DestroyDBEntry((certDBEntry *)certEntry); @@ -3577,6 +3586,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) certDBEntrySMime *emailEntry = NULL; char *nickname; char *emailAddr; + SECStatus rv; /* * Sequence through the old database and copy all of the entries @@ -3690,7 +3700,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) if ( subjectEntry->nickname ) { PORT_Memcpy(subjectEntry->nickname, nickname, key.size - 1); - (void)WriteDBSubjectEntry(handle, subjectEntry); + rv = WriteDBSubjectEntry(handle, subjectEntry); } } else if ( type == certDBEntryTypeSMimeProfile ) { emailAddr = &((char *)key.data)[1]; @@ -3719,7 +3729,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr, key.size - 1); subjectEntry->nemailAddrs = 1; - (void)WriteDBSubjectEntry(handle, subjectEntry); + rv = WriteDBSubjectEntry(handle, subjectEntry); } } } @@ -3781,13 +3791,14 @@ static SECStatus UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) { NSSLOWCERTCertDBHandle updatehandle; + SECStatus rv; updatehandle.permCertDB = updatedb; updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB); updatehandle.dbVerify = 0; updatehandle.ref = 1; /* prevent premature close */ - (void)nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, + rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, (void *)handle); PZ_DestroyMonitor(updatehandle.dbMon); @@ -5060,6 +5071,7 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, PRBool isKRL) { SECItem keyitem; + DBT key; SECStatus rv; PLArenaPool *arena = NULL; certDBEntryRevocation *entry = NULL; @@ -5076,6 +5088,9 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, goto loser; } + key.data = keyitem.data; + key.size = keyitem.len; + /* find in perm database */ entry = ReadDBCrlEntry(handle, crlKey, crlType); diff --git a/security/nss/lib/softoken/lowpbe.c b/security/nss/lib/softoken/lowpbe.c index 16d4c91416e..c0949fec0ad 100644 --- a/security/nss/lib/softoken/lowpbe.c +++ b/security/nss/lib/softoken/lowpbe.c @@ -516,7 +516,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, } PORT_Memcpy(Ai, iterBuf, hashLength); - for (Bidx = 0; Bidx < (int)B.len; Bidx += hashLength) { + for (Bidx = 0; Bidx < B.len; Bidx += hashLength) { PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength)); } diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 24bfaca1ade..123e6f977c0 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -393,7 +393,6 @@ static const struct mechanismList mechanisms[] = { {CKM_SHA512_HMAC, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_SHA512_HMAC_GENERAL, {1, 128, CKF_SN_VR}, PR_TRUE}, {CKM_TLS_PRF_GENERAL, {0, 512, CKF_SN_VR}, PR_FALSE}, - {CKM_TLS_MAC, {0, 512, CKF_SN_VR}, PR_FALSE}, {CKM_NSS_TLS_PRF_GENERAL_SHA256, {0, 512, CKF_SN_VR}, PR_FALSE}, /* ------------------------- HKDF Operations -------------------------- */ @@ -463,21 +462,14 @@ static const struct mechanismList mechanisms[] = { {CKM_SHA384_KEY_DERIVATION, { 0, 48, CKF_DERIVE}, PR_FALSE}, {CKM_SHA512_KEY_DERIVATION, { 0, 64, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, - {CKM_TLS12_MASTER_KEY_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_MASTER_KEY_DERIVE_DH, {8, 128, CKF_DERIVE}, PR_FALSE}, - {CKM_TLS12_MASTER_KEY_DERIVE_DH, {8, 128, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, {8, 128, CKF_DERIVE}, PR_FALSE}, {CKM_TLS_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, - {CKM_TLS12_KEY_AND_MAC_DERIVE, {48, 48, CKF_DERIVE}, PR_FALSE}, {CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, {48, 48, CKF_DERIVE}, PR_FALSE}, - {CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, - {48,128, CKF_DERIVE}, PR_FALSE}, - {CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, - {48,128, CKF_DERIVE}, PR_FALSE}, /* ---------------------- PBE Key Derivations ------------------------ */ {CKM_PBE_MD2_DES_CBC, {8, 8, CKF_DERIVE}, PR_TRUE}, {CKM_PBE_MD5_DES_CBC, {8, 8, CKF_DERIVE}, PR_TRUE}, @@ -1750,7 +1742,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue, object,CKA_EC_POINT); if (crv == CKR_OK) { - unsigned int keyLen,curveLen; + int keyLen,curveLen; curveLen = (pubKey->u.ec.ecParams.fieldID.size +7)/8; keyLen = (2*curveLen)+1; @@ -2225,7 +2217,7 @@ CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) static PLHashNumber sftk_HashNumber(const void *key) { - return (PLHashNumber)((char *)key - (char *)NULL); + return (PLHashNumber) key; } /* @@ -2606,7 +2598,7 @@ CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout) --slot->sessionCount; SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock)); if (session->info.flags & CKF_RW_SESSION) { - (void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount); + PR_ATOMIC_DECREMENT(&slot->rwSessionCount); } } else { SKIP_AFTER_FORK(PZ_Unlock(lock)); @@ -3148,11 +3140,11 @@ extern const char __nss_softokn_version[]; /* NSC_GetInfo returns general information about Cryptoki. */ CK_RV NSC_GetInfo(CK_INFO_PTR pInfo) { -#define NSS_VERSION_VARIABLE __nss_softokn_version -#include "verref.h" + volatile char c; /* force a reference that won't get optimized away */ CHECK_FORK(); + c = __nss_softokn_version[0]; pInfo->cryptokiVersion.major = 2; pInfo->cryptokiVersion.minor = 20; PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32); @@ -3723,7 +3715,7 @@ CK_RV NSC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, ++slot->sessionCount; PZ_Unlock(slot->slotLock); if (session->info.flags & CKF_RW_SESSION) { - (void)PR_ATOMIC_INCREMENT(&slot->rwSessionCount); + PR_ATOMIC_INCREMENT(&slot->rwSessionCount); } do { @@ -3791,7 +3783,7 @@ CK_RV NSC_CloseSession(CK_SESSION_HANDLE hSession) sftk_freeDB(handle); } if (session->info.flags & CKF_RW_SESSION) { - (void)PR_ATOMIC_DECREMENT(&slot->rwSessionCount); + PR_ATOMIC_DECREMENT(&slot->rwSessionCount); } } @@ -4009,7 +4001,7 @@ static CK_RV sftk_CreateNewSlot(SFTKSlot *slot, CK_OBJECT_CLASS class, PRBool isValidFIPSUserSlot = PR_FALSE; PRBool isValidSlot = PR_FALSE; PRBool isFIPS = PR_FALSE; - unsigned long moduleIndex = NSC_NON_FIPS_MODULE; + unsigned long moduleIndex; SFTKAttribute *attribute; sftk_parameters paramStrings; char *paramString; @@ -4518,7 +4510,7 @@ sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle, { PRBool isCert = PR_FALSE; int emailIndex = -1; - unsigned int i; + int i; SFTKSearchResults smime_search; CK_ATTRIBUTE smime_template[2]; CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME; diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c index 90d4c855863..fc050f35c31 100644 --- a/security/nss/lib/softoken/pkcs11c.c +++ b/security/nss/lib/softoken/pkcs11c.c @@ -73,7 +73,6 @@ static void sftk_Null(void *data, PRBool freeit) } \ printf("\n") #else -#undef EC_DEBUG #define SEC_PRINT(a, b, c, d) #endif #endif /* NSS_DISABLE_ECC */ @@ -2518,52 +2517,10 @@ finish_rsa: *(CK_ULONG *)pMechanism->pParameter); break; case CKM_TLS_PRF_GENERAL: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); break; - case CKM_TLS_MAC: { - CK_TLS_MAC_PARAMS *tls12_mac_params; - HASH_HashType tlsPrfHash; - const char *label; - - if (pMechanism->ulParameterLen != sizeof(CK_TLS_MAC_PARAMS)) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - tls12_mac_params = (CK_TLS_MAC_PARAMS *)pMechanism->pParameter; - if (tls12_mac_params->prfMechanism == CKM_TLS_PRF) { - /* The TLS 1.0 and 1.1 PRF */ - tlsPrfHash = HASH_AlgNULL; - if (tls12_mac_params->ulMacLength != 12) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - } else { - /* The hash function for the TLS 1.2 PRF */ - tlsPrfHash = - GetHashTypeFromMechanism(tls12_mac_params->prfMechanism); - if (tlsPrfHash == HASH_AlgNULL || - tls12_mac_params->ulMacLength < 12) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - } - if (tls12_mac_params->ulServerOrClient == 1) { - label = "server finished"; - } else if (tls12_mac_params->ulServerOrClient == 2) { - label = "client finished"; - } else { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - crv = sftk_TLSPRFInit(context, key, key_type, tlsPrfHash, - tls12_mac_params->ulMacLength); - if (crv == CKR_OK) { - context->hashUpdate(context->hashInfo, label, 15); - } - break; - } case CKM_NSS_TLS_PRF_GENERAL_SHA256: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); break; case CKM_NSS_HMAC_CONSTANT_TIME: { @@ -2577,7 +2534,6 @@ finish_rsa: } intpointer = PORT_New(CK_ULONG); if (intpointer == NULL) { - PORT_Free(ctx); crv = CKR_HOST_MEMORY; break; } @@ -2607,7 +2563,6 @@ finish_rsa: } intpointer = PORT_New(CK_ULONG); if (intpointer == NULL) { - PORT_Free(ctx); crv = CKR_HOST_MEMORY; break; } @@ -3159,10 +3114,10 @@ finish_rsa: *(CK_ULONG *)pMechanism->pParameter); break; case CKM_TLS_PRF_GENERAL: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL, 0); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgNULL); break; case CKM_NSS_TLS_PRF_GENERAL_SHA256: - crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256, 0); + crv = sftk_TLSPRFInit(context, key, key_type, HASH_AlgSHA256); break; default: @@ -3842,7 +3797,7 @@ CK_RV NSC_GenerateKey(CK_SESSION_HANDLE hSession, * produce them any more. The affected algorithm was 3DES. */ PRBool faultyPBE3DES = PR_FALSE; - HASH_HashType hashType = HASH_AlgNULL; + HASH_HashType hashType; CHECK_FORK(); @@ -4083,8 +4038,8 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, */ CK_MECHANISM mech = {0, NULL, 0}; - CK_ULONG modulusLen = 0; - CK_ULONG subPrimeLen = 0; + CK_ULONG modulusLen; + CK_ULONG subPrimeLen; PRBool isEncryptable = PR_FALSE; PRBool canSignVerify = PR_FALSE; PRBool isDerivable = PR_FALSE; @@ -4382,6 +4337,7 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, DSAPrivateKey * dsaPriv; /* Diffie Hellman */ + int private_value_bits = 0; DHPrivateKey * dhPriv; #ifndef NSS_DISABLE_ECC @@ -4433,6 +4389,7 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, */ for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) { if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) { + private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue; continue; } @@ -4902,9 +4859,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) SECStatus rv = SECSuccess; SECItem *encodedKey = NULL; #ifndef NSS_DISABLE_ECC -#ifdef EC_DEBUG SECItem *fordebug; -#endif int savelen; #endif @@ -4977,11 +4932,9 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) lk->u.ec.ecParams.curveOID.len = savelen; lk->u.ec.publicValue.len >>= 3; -#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, fordebug); -#endif param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); @@ -5020,7 +4973,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PrivateKeyInfoTemplate); *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; -#ifdef EC_DEBUG +#ifndef NSS_DISABLE_ECC fordebug = encodedKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); @@ -5869,10 +5822,9 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, CK_KEY_TYPE keyType = CKK_GENERIC_SECRET; CK_OBJECT_CLASS classType = CKO_SECRET_KEY; CK_KEY_DERIVATION_STRING_DATA *stringPtr; - CK_MECHANISM_TYPE mechanism = pMechanism->mechanism; PRBool isTLS = PR_FALSE; + PRBool isSHA256 = PR_FALSE; PRBool isDH = PR_FALSE; - HASH_HashType tlsPrfHash = HASH_AlgNULL; SECStatus rv; int i; unsigned int outLen; @@ -5919,7 +5871,7 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, keySize = sftk_MapKeySize(keyType); } - switch (mechanism) { + switch (pMechanism->mechanism) { case CKM_NSS_JPAKE_ROUND2_SHA1: /* fall through */ case CKM_NSS_JPAKE_ROUND2_SHA256: /* fall through */ case CKM_NSS_JPAKE_ROUND2_SHA384: /* fall through */ @@ -5967,16 +5919,18 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, } } - switch (mechanism) { + switch (pMechanism->mechanism) { /* * generate the master secret */ - case CKM_TLS12_MASTER_KEY_DERIVE: - case CKM_TLS12_MASTER_KEY_DERIVE_DH: case CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256: case CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256: + isSHA256 = PR_TRUE; + /* fall thru */ case CKM_TLS_MASTER_KEY_DERIVE: case CKM_TLS_MASTER_KEY_DERIVE_DH: + isTLS = PR_TRUE; + /* fall thru */ case CKM_SSL3_MASTER_KEY_DERIVE: case CKM_SSL3_MASTER_KEY_DERIVE_DH: { @@ -5984,32 +5938,12 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, SSL3RSAPreMasterSecret * rsa_pms; unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; - if ((mechanism == CKM_TLS12_MASTER_KEY_DERIVE) || - (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { - CK_TLS12_MASTER_KEY_DERIVE_PARAMS *tls12_master = - (CK_TLS12_MASTER_KEY_DERIVE_PARAMS *) pMechanism->pParameter; - tlsPrfHash = GetHashTypeFromMechanism(tls12_master->prfHashMechanism); - if (tlsPrfHash == HASH_AlgNULL) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - } else if ((mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256) || - (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) { - tlsPrfHash = HASH_AlgSHA256; - } + if ((pMechanism->mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || + (pMechanism->mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || + (pMechanism->mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256)) + isDH = PR_TRUE; - if ((mechanism != CKM_SSL3_MASTER_KEY_DERIVE) && - (mechanism != CKM_SSL3_MASTER_KEY_DERIVE_DH)) { - isTLS = PR_TRUE; - } - if ((mechanism == CKM_SSL3_MASTER_KEY_DERIVE_DH) || - (mechanism == CKM_TLS_MASTER_KEY_DERIVE_DH) || - (mechanism == CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256) || - (mechanism == CKM_TLS12_MASTER_KEY_DERIVE_DH)) { - isDH = PR_TRUE; - } - - /* first do the consistency checks */ + /* first do the consistancy checks */ if (!isDH && (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { crv = CKR_KEY_TYPE_INCONSISTENT; break; @@ -6074,8 +6008,8 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, pms.data = (unsigned char*)att->attrib.pValue; pms.len = att->attrib.ulValueLen; - if (tlsPrfHash != HASH_AlgNULL) { - status = TLS_P_hash(tlsPrfHash, &pms, "master secret", + if (isSHA256) { + status = TLS_P_hash(HASH_AlgSHA256, &pms, "master secret", &crsr, &master, isFIPS); } else { status = TLS_PRF(&pms, "master secret", &crsr, &master, isFIPS); @@ -6138,108 +6072,12 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, break; } - /* Extended master key derivation [draft-ietf-tls-session-hash] */ - case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE: - case CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH: - { - CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS *ems_params; - SSL3RSAPreMasterSecret *rsa_pms; - SECStatus status; - SECItem pms = { siBuffer, NULL, 0 }; - SECItem seed = { siBuffer, NULL, 0 }; - SECItem master = { siBuffer, NULL, 0 }; - - ems_params = (CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS*) - pMechanism->pParameter; - - /* First do the consistency checks */ - if ((mechanism == CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE) && - (att->attrib.ulValueLen != SSL3_PMS_LENGTH)) { - crv = CKR_KEY_TYPE_INCONSISTENT; - break; - } - att2 = sftk_FindAttribute(sourceKey,CKA_KEY_TYPE); - if ((att2 == NULL) || - (*(CK_KEY_TYPE *)att2->attrib.pValue != CKK_GENERIC_SECRET)) { - if (att2) sftk_FreeAttribute(att2); - crv = CKR_KEY_FUNCTION_NOT_PERMITTED; - break; - } - sftk_FreeAttribute(att2); - if (keyType != CKK_GENERIC_SECRET) { - crv = CKR_KEY_FUNCTION_NOT_PERMITTED; - break; - } - if ((keySize != 0) && (keySize != SSL3_MASTER_SECRET_LENGTH)) { - crv = CKR_KEY_FUNCTION_NOT_PERMITTED; - break; - } - - /* Do the key derivation */ - pms.data = (unsigned char*) att->attrib.pValue; - pms.len = att->attrib.ulValueLen; - seed.data = ems_params->pSessionHash; - seed.len = ems_params->ulSessionHashLen; - master.data = key_block; - master.len = SSL3_MASTER_SECRET_LENGTH; - if (ems_params-> prfHashMechanism == CKM_TLS_PRF) { - /* - * In this case, the session hash is the concatenation of SHA-1 - * and MD5, so it should be 36 bytes long. - */ - if (seed.len != MD5_LENGTH + SHA1_LENGTH) { - crv = CKR_TEMPLATE_INCONSISTENT; - break; - } - - status = TLS_PRF(&pms, "extended master secret", - &seed, &master, isFIPS); - } else { - const SECHashObject *hashObj; - - tlsPrfHash = GetHashTypeFromMechanism(ems_params->prfHashMechanism); - if (tlsPrfHash == HASH_AlgNULL) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - - hashObj = HASH_GetRawHashObject(tlsPrfHash); - if (seed.len != hashObj->length) { - crv = CKR_TEMPLATE_INCONSISTENT; - break; - } - - status = TLS_P_hash(tlsPrfHash, &pms, "extended master secret", - &seed, &master, isFIPS); - } - if (status != SECSuccess) { - crv = CKR_FUNCTION_FAILED; - break; - } - - /* Reflect the version if required */ - if (ems_params->pVersion) { - SFTKSessionObject *sessKey = sftk_narrowToSessionObject(key); - rsa_pms = (SSL3RSAPreMasterSecret *) att->attrib.pValue; - /* don't leak more key material than necessary for SSL to work */ - if ((sessKey == NULL) || sessKey->wasDerived) { - ems_params->pVersion->major = 0xff; - ems_params->pVersion->minor = 0xff; - } else { - ems_params->pVersion->major = rsa_pms->client_version[0]; - ems_params->pVersion->minor = rsa_pms->client_version[1]; - } - } - - /* Store the results */ - crv = sftk_forceAttribute(key, CKA_VALUE, key_block, - SSL3_MASTER_SECRET_LENGTH); - break; - } - - case CKM_TLS12_KEY_AND_MAC_DERIVE: case CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256: + isSHA256 = PR_TRUE; + /* fall thru */ case CKM_TLS_KEY_AND_MAC_DERIVE: + isTLS = PR_TRUE; + /* fall thru */ case CKM_SSL3_KEY_AND_MAC_DERIVE: { CK_SSL3_KEY_MAT_PARAMS *ssl3_keys; @@ -6249,22 +6087,6 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, unsigned char srcrdata[SSL3_RANDOM_LENGTH * 2]; unsigned char crsrdata[SSL3_RANDOM_LENGTH * 2]; - if (mechanism == CKM_TLS12_KEY_AND_MAC_DERIVE) { - CK_TLS12_KEY_MAT_PARAMS *tls12_keys = - (CK_TLS12_KEY_MAT_PARAMS *) pMechanism->pParameter; - tlsPrfHash = GetHashTypeFromMechanism(tls12_keys->prfHashMechanism); - if (tlsPrfHash == HASH_AlgNULL) { - crv = CKR_MECHANISM_PARAM_INVALID; - break; - } - } else if (mechanism == CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256) { - tlsPrfHash = HASH_AlgSHA256; - } - - if (mechanism != CKM_SSL3_KEY_AND_MAC_DERIVE) { - isTLS = PR_TRUE; - } - crv = sftk_DeriveSensitiveCheck(sourceKey,key); if (crv != CKR_OK) break; @@ -6344,8 +6166,8 @@ CK_RV NSC_DeriveKey( CK_SESSION_HANDLE hSession, master.data = (unsigned char*)att->attrib.pValue; master.len = att->attrib.ulValueLen; - if (tlsPrfHash != HASH_AlgNULL) { - status = TLS_P_hash(tlsPrfHash, &master, "key expansion", + if (isSHA256) { + status = TLS_P_hash(HASH_AlgSHA256, &master, "key expansion", &srcr, &keyblk, isFIPS); } else { status = TLS_PRF(&master, "key expansion", &srcr, &keyblk, @@ -6909,7 +6731,7 @@ key_and_mac_derive_fail: PRBool withCofactor = PR_FALSE; unsigned char *secret; unsigned char *keyData = NULL; - unsigned int secretlen, curveLen, pubKeyLen; + int secretlen, curveLen, pubKeyLen; CK_ECDH1_DERIVE_PARAMS *mechParams; NSSLOWKEYPrivateKey *privKey; PLArenaPool *arena = NULL; @@ -6961,7 +6783,7 @@ key_and_mac_derive_fail: ecPoint = newPoint; } - if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) { + if (pMechanism->mechanism == CKM_ECDH1_COFACTOR_DERIVE) { withCofactor = PR_TRUE; } else { /* When not using cofactor derivation, one should diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 1023a0012d6..9a00273f0d1 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -112,7 +112,7 @@ typedef void (*SFTKBegin)(void *); typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int, void *, unsigned int); typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int); -typedef void (*SFTKHash)(void *,const void *,unsigned int); +typedef void (*SFTKHash)(void *,void *,unsigned int); typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int); typedef void (*SFTKFree)(void *); @@ -724,8 +724,8 @@ sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New( CK_MECHANISM_PTR mech, SFTKObject *key); sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New( CK_MECHANISM_PTR mech, SFTKObject *key); -void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len); -void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len); +void sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len); +void sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len); void sftk_MACConstantTime_EndHash( void *pctx, void *out, unsigned int *outLength, unsigned int maxLength); void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool); @@ -738,8 +738,7 @@ extern CK_RV sftk_TLSPRFInit(SFTKSessionContext *context, SFTKObject * key, CK_KEY_TYPE key_type, - HASH_HashType hash_alg, - unsigned int out_len); + HASH_HashType hash_alg); SEC_END_PROTOS diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c index de5cbbc29b0..78e2fdc9c44 100644 --- a/security/nss/lib/softoken/pkcs11u.c +++ b/security/nss/lib/softoken/pkcs11u.c @@ -1174,6 +1174,7 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) { SFTKSlot *slot = sftk_SlotFromSession(session); SFTKSessionObject *so = sftk_narrowToSessionObject(object); + SFTKTokenObject *to = sftk_narrowToTokenObject(object); CK_RV crv = CKR_OK; PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize); @@ -1190,10 +1191,8 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) sftk_FreeObject(object); /* free the reference owned by the queue */ } else { SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle); -#ifdef DEBUG - SFTKTokenObject *to = sftk_narrowToTokenObject(object); + PORT_Assert(to); -#endif crv = sftkdb_DestroyObject(handle, object->handle); sftk_freeDB(handle); } @@ -1900,6 +1899,7 @@ SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) { SFTKObject *object = NULL; + SFTKTokenObject *tokObject = NULL; PRBool hasLocks = PR_FALSE; CK_RV crv; @@ -1908,6 +1908,7 @@ sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) if (object == NULL) { return NULL; } + tokObject = (SFTKTokenObject *) object; object->handle = handle; /* every object must have a class, if we can't get it, the object diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c index 16848604c6f..83150bb38b1 100644 --- a/security/nss/lib/softoken/sdb.c +++ b/security/nss/lib/softoken/sdb.c @@ -689,7 +689,7 @@ sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count, char *join=""; int sqlerr = SQLITE_OK; CK_RV error = CKR_OK; - unsigned int i; + int i; LOCK_SQLITE() *find = NULL; @@ -836,7 +836,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, CK_RV error = CKR_OK; int found = 0; int retry = 0; - unsigned int i; + int i; /* open a new db if necessary */ @@ -879,7 +879,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, PR_Sleep(SDB_BUSY_RETRY_TIME); } if (sqlerr == SQLITE_ROW) { - unsigned int blobSize; + int blobSize; const char *blobData; blobSize = sqlite3_column_bytes(stmt, 0); @@ -963,7 +963,7 @@ sdb_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id, int sqlerr = SQLITE_OK; int retry = 0; CK_RV error = CKR_OK; - unsigned int i; + int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; @@ -1115,7 +1115,7 @@ sdb_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *object_id, CK_RV error = CKR_OK; CK_OBJECT_HANDLE this_object = CK_INVALID_HANDLE; int retry = 0; - unsigned int i; + int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c index 61f1e9e4f36..149191018e7 100644 --- a/security/nss/lib/softoken/sftkdb.c +++ b/security/nss/lib/softoken/sftkdb.c @@ -325,7 +325,9 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID, if (sftkdb_isULONGAttribute(template[i].type)) { if (template[i].pValue) { CK_ULONG value; + unsigned char *data; + data = (unsigned char *)ntemplate[i].pValue; value = sftk_SDBULong2ULong(ntemplate[i].pValue); if (length < sizeof(CK_ULONG)) { template[i].ulValueLen = -1; @@ -473,7 +475,7 @@ sftk_signTemplate(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template, CK_ULONG count) { - unsigned int i; + int i; CK_RV crv; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -571,8 +573,11 @@ sftkdb_CreateObject(PLArenaPool *arena, SFTKDBHandle *handle, SDB *db, CK_OBJECT_HANDLE *objectID, CK_ATTRIBUTE *template, CK_ULONG count) { + PRBool inTransaction = PR_FALSE; CK_RV crv; + inTransaction = PR_TRUE; + crv = (*db->sdb_CreateObject)(db, objectID, template, count); if (crv != CKR_OK) { goto loser; @@ -590,9 +595,9 @@ sftk_ExtractTemplate(PLArenaPool *arena, SFTKObject *object, SFTKDBHandle *handle,CK_ULONG *pcount, CK_RV *crv) { - unsigned int count; + int count; CK_ATTRIBUTE *template; - unsigned int i, templateIndex; + int i, templateIndex; SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); PRBool doEnc = PR_TRUE; @@ -1016,7 +1021,7 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, { CK_ATTRIBUTE *attr; char *nickname, *newNickname; - unsigned int end, digit; + int end, digit; /* sanity checks. We should never get here with these errors */ if (objectType != CKO_CERTIFICATE) { @@ -1055,11 +1060,9 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, return CKR_OK; } - for (end = attr->ulValueLen; end-- > 0;) { - digit = nickname[end]; - if (digit > '9' || digit < '0') { - break; - } + for (end = attr->ulValueLen - 1; + end >= 0 && (digit = nickname[end]) <= '9' && digit >= '0'; + end--) { if (digit < '9') { nickname[end]++; return CKR_OK; @@ -1254,7 +1257,7 @@ sftkdb_FindObjects(SFTKDBHandle *handle, SDBFind *find, crv = (*db->sdb_FindObjects)(db, find, ids, arraySize, count); if (crv == CKR_OK) { - unsigned int i; + int i; for (i=0; i < *count; i++) { ids[i] |= (handle->type | SFTK_TOKEN_TYPE); } @@ -1597,14 +1600,14 @@ static const CK_ATTRIBUTE_TYPE known_attributes[] = { CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS }; -static unsigned int known_attributes_size= sizeof(known_attributes)/ +static int known_attributes_size= sizeof(known_attributes)/ sizeof(known_attributes[0]); static CK_RV sftkdb_GetObjectTemplate(SDB *source, CK_OBJECT_HANDLE id, CK_ATTRIBUTE *ptemplate, CK_ULONG *max) { - unsigned int i,j; + int i,j; CK_RV crv; if (*max < known_attributes_size) { @@ -2008,6 +2011,7 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, {CKA_ID, NULL, 0}, {CKA_LABEL, NULL, 0} }; + CK_RV crv; attr1 = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen); attr2 = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen); @@ -2019,7 +2023,7 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, } /* the source has either an id or a label, see what the target has */ - (void)(*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); + crv = (*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); /* if the target has neither, update from the source */ if ( ((ttemplate[0].ulValueLen == 0) || @@ -2164,7 +2168,7 @@ sftkdb_mergeObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE id, CK_OBJECT_CLASS objectType; SDB *source = handle->update; SDB *target = handle->db; - unsigned int i; + int i; CK_RV crv; PLArenaPool *arena = NULL; @@ -2253,7 +2257,7 @@ sftkdb_Update(SFTKDBHandle *handle, SECItem *key) SECItem *updatePasswordKey = NULL; CK_RV crv, crv2; PRBool inTransaction = PR_FALSE; - unsigned int i; + int i; if (handle == NULL) { return CKR_OK; @@ -2408,7 +2412,7 @@ sftk_getCertDB(SFTKSlot *slot) PZ_Lock(slot->slotLock); dbHandle = slot->certDB; if (dbHandle) { - (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); + PR_ATOMIC_INCREMENT(&dbHandle->ref); } PZ_Unlock(slot->slotLock); return dbHandle; @@ -2426,7 +2430,7 @@ sftk_getKeyDB(SFTKSlot *slot) SKIP_AFTER_FORK(PZ_Lock(slot->slotLock)); dbHandle = slot->keyDB; if (dbHandle) { - (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); + PR_ATOMIC_INCREMENT(&dbHandle->ref); } SKIP_AFTER_FORK(PZ_Unlock(slot->slotLock)); return dbHandle; @@ -2444,7 +2448,7 @@ sftk_getDBForTokenObject(SFTKSlot *slot, CK_OBJECT_HANDLE objectID) PZ_Lock(slot->slotLock); dbHandle = objectID & SFTK_KEYDB_TYPE ? slot->keyDB : slot->certDB; if (dbHandle) { - (void)PR_ATOMIC_INCREMENT(&dbHandle->ref); + PR_ATOMIC_INCREMENT(&dbHandle->ref); } PZ_Unlock(slot->slotLock); return dbHandle; diff --git a/security/nss/lib/softoken/sftkhmac.c b/security/nss/lib/softoken/sftkhmac.c index f4e859bc886..3b55a0572c9 100644 --- a/security/nss/lib/softoken/sftkhmac.c +++ b/security/nss/lib/softoken/sftkhmac.c @@ -143,29 +143,31 @@ loser: } void -sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len) +sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - PORT_CheckSuccess(HMAC_ConstantTime( + SECStatus rv = HMAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength)); + ctx->totalLength); + PORT_Assert(rv == SECSuccess); } void -sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len) +sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - PORT_CheckSuccess(SSLv3_MAC_ConstantTime( + SECStatus rv = SSLv3_MAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength)); + ctx->totalLength); + PORT_Assert(rv == SECSuccess); } void diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c index d8ce857757d..670744c1c5b 100644 --- a/security/nss/lib/softoken/sftkpwd.c +++ b/security/nss/lib/softoken/sftkpwd.c @@ -864,6 +864,8 @@ static CK_RV sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE id, SECItem *newKey) { + CK_RV crv = CKR_OK; + CK_RV crv2; CK_ATTRIBUTE authAttrs[] = { {CKA_MODULUS, NULL, 0}, {CKA_PUBLIC_EXPONENT, NULL, 0}, @@ -877,7 +879,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, {CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0}, }; CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE); - unsigned int i, count; + int i, count; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -900,7 +902,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, /* * STEP 1: find the MACed attributes of this object */ - (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + crv2 = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); count = 0; /* allocate space for the attributes */ for (i=0; i < authAttrCount; i++) { @@ -910,6 +912,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, count++; authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen); if (authAttrs[i].pValue == NULL) { + crv = CKR_HOST_MEMORY; break; } } @@ -919,7 +922,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, return CKR_OK; } - (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + crv = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); /* ignore error code, we expect some possible errors */ /* GetAttributeValue just verified the old macs, safe to write @@ -966,7 +969,7 @@ sftk_updateEncrypted(PLArenaPool *arena, SFTKDBHandle *keydb, {CKA_EXPONENT_2, NULL, 0}, {CKA_COEFFICIENT, NULL, 0} }; CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE); - unsigned int i, count; + int i, count; /* * STEP 1. Read the old attributes in the clear. @@ -1110,7 +1113,7 @@ sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template, CK_ULONG idCount = SFTK_MAX_IDS; CK_OBJECT_HANDLE ids[SFTK_MAX_IDS]; CK_RV crv, crv2; - unsigned int i; + int i; crv = sftkdb_FindObjectsInit(handle, template, count, &find); diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index e284fe2e8c7..591a3956aec 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -25,11 +25,11 @@ * The format of the version string should be * ".[.[.]][ ][ ]" */ -#define SOFTOKEN_VERSION "3.21" SOFTOKEN_ECC_STRING " Beta" +#define SOFTOKEN_VERSION "3.20" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 -#define SOFTOKEN_VMINOR 21 +#define SOFTOKEN_VMINOR 20 #define SOFTOKEN_VPATCH 0 #define SOFTOKEN_VBUILD 0 -#define SOFTOKEN_BETA PR_TRUE +#define SOFTOKEN_BETA PR_FALSE #endif /* _SOFTKVER_H_ */ diff --git a/security/nss/lib/softoken/tlsprf.c b/security/nss/lib/softoken/tlsprf.c index 0ebad602e64..8c97ad3ae6b 100644 --- a/security/nss/lib/softoken/tlsprf.c +++ b/security/nss/lib/softoken/tlsprf.c @@ -6,7 +6,6 @@ #include "pkcs11i.h" #include "blapi.h" -#include "secerr.h" #define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb))) @@ -24,7 +23,6 @@ typedef struct { SECStatus cxRv; /* records failure of void functions. */ PRBool cxIsFIPS; /* true if conforming to FIPS 198. */ HASH_HashType cxHashAlg; /* hash algorithm to use for TLS 1.2+ */ - unsigned int cxOutLen; /* bytes of output if nonzero */ unsigned char cxBuf[512]; /* actual size may be larger than 512. */ } TLSPRFContext; @@ -89,14 +87,7 @@ sftk_TLSPRFUpdate(TLSPRFContext *cx, seedItem.len = cx->cxDataLen; sigItem.data = sig; - if (cx->cxOutLen == 0) { - sigItem.len = maxLen; - } else if (cx->cxOutLen <= maxLen) { - sigItem.len = cx->cxOutLen; - } else { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; - } + sigItem.len = maxLen; if (cx->cxHashAlg != HASH_AlgNULL) { rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem, @@ -151,8 +142,7 @@ CK_RV sftk_TLSPRFInit(SFTKSessionContext *context, SFTKObject * key, CK_KEY_TYPE key_type, - HASH_HashType hash_alg, - unsigned int out_len) + HASH_HashType hash_alg) { SFTKAttribute * keyVal; TLSPRFContext * prf_cx; @@ -179,7 +169,6 @@ sftk_TLSPRFInit(SFTKSessionContext *context, prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); prf_cx->cxBufPtr = prf_cx->cxBuf; prf_cx->cxHashAlg = hash_alg; - prf_cx->cxOutLen = out_len; if (keySize) PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize); diff --git a/security/nss/lib/sqlite/Makefile b/security/nss/lib/sqlite/Makefile index dd8ea143425..a2f0cf7d569 100644 --- a/security/nss/lib/sqlite/Makefile +++ b/security/nss/lib/sqlite/Makefile @@ -46,8 +46,3 @@ include $(CORE_DEPTH)/coreconf/rules.mk export:: private_export -ifeq (WINNT,$(OS_ARCH)) -# sqlite calls the deprecated GetVersionExA method -OS_CFLAGS += -w44996 -endif - diff --git a/security/nss/lib/sqlite/sqlite3.c b/security/nss/lib/sqlite/sqlite3.c index 8f261e801d3..8ec2bb9508e 100644 --- a/security/nss/lib/sqlite/sqlite3.c +++ b/security/nss/lib/sqlite/sqlite3.c @@ -8149,17 +8149,17 @@ typedef INT8_TYPE i8; /* 1-byte signed integer */ ** Macros to determine whether the machine is big or little endian, ** evaluated at runtime. */ +#ifdef SQLITE_AMALGAMATION +SQLITE_PRIVATE const int sqlite3one = 1; +#else +SQLITE_PRIVATE const int sqlite3one; +#endif #if defined(i386) || defined(__i386__) || defined(_M_IX86)\ || defined(__x86_64) || defined(__x86_64__) # define SQLITE_BIGENDIAN 0 # define SQLITE_LITTLEENDIAN 1 # define SQLITE_UTF16NATIVE SQLITE_UTF16LE #else -# ifdef SQLITE_AMALGAMATION -SQLITE_PRIVATE const int sqlite3one = 1; -# else -SQLITE_PRIVATE const int sqlite3one; -# endif # define SQLITE_BIGENDIAN (*(char *)(&sqlite3one)==0) # define SQLITE_LITTLEENDIAN (*(char *)(&sqlite3one)==1) # define SQLITE_UTF16NATIVE (SQLITE_BIGENDIAN?SQLITE_UTF16BE:SQLITE_UTF16LE) diff --git a/security/nss/lib/ssl/SSLerrs.h b/security/nss/lib/ssl/SSLerrs.h index 60283968083..9c857ad9c61 100644 --- a/security/nss/lib/ssl/SSLerrs.h +++ b/security/nss/lib/ssl/SSLerrs.h @@ -425,18 +425,3 @@ ER3(SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT, (SSL_ERROR_BASE + 131), ER3(SSL_ERROR_WEAK_SERVER_CERT_KEY, (SSL_ERROR_BASE + 132), "The server certificate included a public key that was too weak.") - -ER3(SSL_ERROR_RX_SHORT_DTLS_READ, (SSL_ERROR_BASE + 133), -"Not enough room in buffer for DTLS record.") - -ER3(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 134), -"No supported TLS signature algorithm was configured.") - -ER3(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM, (SSL_ERROR_BASE + 135), -"The peer used an unsupported combination of signature and hash algorithm.") - -ER3(SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 136), -"The peer tried to resume without a correct extended_master_secret extension") - -ER3(SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET, (SSL_ERROR_BASE + 137), -"The peer tried to resume with an unexpected extended_master_secret extension") diff --git a/security/nss/lib/ssl/derive.c b/security/nss/lib/ssl/derive.c index 8b58b800d71..b7c38c30ba3 100644 --- a/security/nss/lib/ssl/derive.c +++ b/security/nss/lib/ssl/derive.c @@ -431,7 +431,7 @@ key_and_mac_derive_fail: * so isRSA is always true. */ SECStatus -ssl3_MasterSecretDeriveBypass( +ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, diff --git a/security/nss/lib/ssl/dtlscon.c b/security/nss/lib/ssl/dtlscon.c index 1b21107094e..cb63b2cc0c6 100644 --- a/security/nss/lib/ssl/dtlscon.c +++ b/security/nss/lib/ssl/dtlscon.c @@ -104,7 +104,9 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) const ssl3CipherSuite * suite; for (suite = nonDTLSSuites; *suite; ++suite) { - PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); + SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); + + PORT_Assert(rv == SECSuccess); /* else is coding error */ } return SECSuccess; } @@ -394,7 +396,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * This avoids having to fill in the bitmask in the common * case of adjacent fragments received in sequence */ - if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) { + if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { /* Either this is the adjacent fragment or an overlapping * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + @@ -674,7 +676,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) /* The reason we use 8 here is that that's the length of * the new DTLS data that we add to the header */ - fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8), + fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), content_len - fragment_offset); PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); /* Make totally sure that we are within the buffer. diff --git a/security/nss/lib/ssl/ssl.def b/security/nss/lib/ssl/ssl.def index 44db4e5ee3c..5b3124b09b7 100644 --- a/security/nss/lib/ssl/ssl.def +++ b/security/nss/lib/ssl/ssl.def @@ -173,17 +173,11 @@ SSL_SetCanFalseStartCallback; ;+}; ;+NSS_3.20 { # NSS 3.20 release ;+ global: +;+# If the 3.20 release includes any additional functions +;+# besides SSL_DHEGroupPrefSet and SSL_EnableWeakDHEPrimeGroup +;+# they should be labeled as NSS_3.20a SSL_DHEGroupPrefSet; SSL_EnableWeakDHEPrimeGroup; ;+ local: ;+*; ;+}; -;+NSS_3.21 { # NSS 3.21 release -;+ global: -SSL_GetPreliminaryChannelInfo; -SSL_SignaturePrefSet; -SSL_SignaturePrefGet; -SSL_SignatureMaxCount; -;+ local: -;+*; -;+}; diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h index 2a527693b19..bfd4c0743d7 100644 --- a/security/nss/lib/ssl/ssl.h +++ b/security/nss/lib/ssl/ssl.h @@ -196,14 +196,6 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd); */ #define SSL_ENABLE_SERVER_DHE 29 -/* Use draft-ietf-tls-session-hash. Controls whether we offer the - * extended_master_secret extension which, when accepted, hashes - * the handshake transcript into the master secret. This option is - * disabled by default. - */ -#define SSL_ENABLE_EXTENDED_MASTER_SECRET 30 - - #ifdef SSL_DEPRECATED_FUNCTION /* Old deprecated function names */ SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); @@ -305,46 +297,6 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled); SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy); SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy); -/* -** Control for TLS signature algorithms for TLS 1.2 only. -** -** This governs what signature algorithms are sent by a client in the -** signature_algorithms extension. A client will not accept a signature from a -** server unless it uses an enabled algorithm. -** -** This also governs what the server sends in the supported_signature_algorithms -** field of a CertificateRequest. It also changes what the server uses to sign -** ServerKeyExchange: a server uses the first entry from this list that is -** compatible with the client's advertised signature_algorithms extension and -** the selected server certificate. -** -** Omitting SHA-256 from this list might be foolish. Support is mandatory in -** TLS 1.2 and there might be interoperability issues. For a server, NSS only -** supports SHA-256 for verifying a TLS 1.2 CertificateVerify. This list needs -** to include SHA-256 if client authentication is requested or required, or -** creating a CertificateRequest will fail. -*/ -SSL_IMPORT SECStatus SSL_SignaturePrefSet( - PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms, - unsigned int count); - -/* -** Get the currently configured signature algorithms. -** -** The algorithms are written to |algorithms| but not if there are more than -** |maxCount| values configured. The number of algorithms that are in use are -** written to |count|. This fails if |maxCount| is insufficiently large. -*/ -SSL_IMPORT SECStatus SSL_SignaturePrefGet( - PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, unsigned int *count, - unsigned int maxCount); - -/* -** Returns the maximum number of signature algorithms that are supported and -** can be set or retrieved using SSL_SignaturePrefSet or SSL_SignaturePrefGet. -*/ -SSL_IMPORT unsigned int SSL_SignatureMaxCount(); - /* SSL_DHEGroupPrefSet is used to configure the set of allowed/enabled DHE group ** parameters that can be used by NSS for the given server socket. ** The first item in the array is used as the default group, if no other @@ -988,27 +940,10 @@ SSL_IMPORT SECStatus NSS_SetFrancePolicy(void); SSL_IMPORT SSL3Statistics * SSL_GetStatistics(void); /* Report more information than SSL_SecurityStatus. - * Caller supplies the info struct. This function fills it in. - * The information here will be zeroed prior to details being confirmed. The - * details are confirmed either when a Finished message is received, or - for a - * client - when the second flight of messages have been sent. This function - * therefore produces unreliable results prior to receiving the - * SSLHandshakeCallback or the SSLCanFalseStartCallback. - */ +** Caller supplies the info struct. Function fills it in. +*/ SSL_IMPORT SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len); -/* Get preliminary information about a channel. - * This function can be called prior to handshake details being confirmed (see - * SSL_GetChannelInfo above for what that means). Thus, information provided by - * this function is available to SSLAuthCertificate, SSLGetClientAuthData, - * SSLSNISocketConfig, and other callbacks that might be called during the - * processing of the first flight of client of server handshake messages. - * Values are marked as being unavailable when renegotiation is initiated. - */ -SSL_IMPORT SECStatus -SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, - SSLPreliminaryChannelInfo *info, - PRUintn len); SSL_IMPORT SECStatus SSL_GetCipherSuiteInfo(PRUint16 cipherSuite, SSLCipherSuiteInfo *info, PRUintn len); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index b79891bbd59..932c57b110d 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -24,8 +24,6 @@ #include "prerror.h" #include "pratom.h" #include "prthread.h" -#include "nss.h" -#include "nssoptions.h" #include "pk11func.h" #include "secmod.h" @@ -63,12 +61,8 @@ static SECStatus ssl3_SendServerKeyExchange( sslSocket *ss); static SECStatus ssl3_UpdateHandshakeHashes( sslSocket *ss, const unsigned char *b, unsigned int l); -static SECOidTag ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc); -static SECStatus ssl3_ComputeHandshakeHashes(sslSocket *ss, - ssl3CipherSpec *spec, - SSL3Hashes *hashes, - PRUint32 sender); static SECStatus ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags); +static int ssl3_OIDToTLSHashAlgorithm(SECOidTag oid); static SECStatus Null_Cipher(void *ctx, unsigned char *output, int *outputLen, int maxOutputLen, const unsigned char *input, @@ -96,17 +90,17 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* cipher_suite policy enabled isPresent */ #ifndef NSS_DISABLE_ECC - { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around * bug 946147. */ - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, @@ -182,23 +176,6 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { { TLS_RSA_WITH_NULL_MD5, SSL_ALLOWED, PR_FALSE, PR_FALSE}, }; -static const SSLSignatureAndHashAlg defaultSignatureAlgorithms[] = { - {ssl_hash_sha256, ssl_sign_rsa}, - {ssl_hash_sha384, ssl_sign_rsa}, - {ssl_hash_sha512, ssl_sign_rsa}, - {ssl_hash_sha1, ssl_sign_rsa}, -#ifndef NSS_DISABLE_ECC - {ssl_hash_sha256, ssl_sign_ecdsa}, - {ssl_hash_sha384, ssl_sign_ecdsa}, - {ssl_hash_sha512, ssl_sign_ecdsa}, - {ssl_hash_sha1, ssl_sign_ecdsa}, -#endif - {ssl_hash_sha256, ssl_sign_dsa}, - {ssl_hash_sha1, ssl_sign_dsa} -}; -PR_STATIC_ASSERT(PR_ARRAY_SIZE(defaultSignatureAlgorithms) <= - MAX_SIGNATURE_ALGORITHMS); - /* Verify that SSL_ImplementedCiphers and cipherSuites are in consistent order. */ #ifdef DEBUG @@ -259,6 +236,20 @@ static const /*SSL3ClientCertificateType */ PRUint8 certificate_types [] = { ct_DSS_sign, }; +/* This block is the contents of the supported_signature_algorithms field of + * our TLS 1.2 CertificateRequest message, in wire format. See + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + * + * This block contains only sha256 entries because we only support TLS 1.2 + * CertificateVerify messages that use the handshake hash. */ +static const PRUint8 supported_signature_algorithms[] = { + tls_hash_sha256, tls_sig_rsa, +#ifndef NSS_DISABLE_ECC + tls_hash_sha256, tls_sig_ecdsa, +#endif + tls_hash_sha256, tls_sig_dsa, +}; + #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ @@ -973,9 +964,9 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, break; case dsaKey: doDerEncode = isTLS; - /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. + /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == ssl_hash_none) { + if (hash->hashAlg == SEC_OID_UNKNOWN) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -986,9 +977,9 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, #ifndef NSS_DISABLE_ECC case ecKey: doDerEncode = PR_TRUE; - /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. + /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == ssl_hash_none) { + if (hash->hashAlg == SEC_OID_UNKNOWN) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -1003,7 +994,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, } PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); - if (hash->hashAlg == ssl_hash_none) { + if (hash->hashAlg == SEC_OID_UNKNOWN) { signatureLen = PK11_SignatureLen(key); if (signatureLen <= 0) { PORT_SetError(SEC_ERROR_INVALID_KEY); @@ -1017,8 +1008,7 @@ ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, rv = PK11_Sign(key, buf, &hashItem); } else { - SECOidTag hashOID = ssl3_TLSHashAlgorithmToOID(hash->hashAlg); - rv = SGN_Digest(key, hashOID, buf, &hashItem); + rv = SGN_Digest(key, hash->hashAlg, buf, &hashItem); } if (rv != SECSuccess) { ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); @@ -1066,7 +1056,7 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, return SECFailure; } - hashAlg = ssl3_TLSHashAlgorithmToOID(hash->hashAlg); + hashAlg = hash->hashAlg; switch (key->keyType) { case rsaKey: encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION; @@ -1075,9 +1065,9 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, break; case dsaKey: encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE; - /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. + /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. */ - if (hash->hashAlg == ssl_hash_none) { + if (hash->hashAlg == SEC_OID_UNKNOWN) { hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); } else { @@ -1098,13 +1088,13 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, #ifndef NSS_DISABLE_ECC case ecKey: encAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY; - /* ssl_hash_none is used to specify the MD5/SHA1 concatenated hash. + /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated hash. * In that case, we use just the SHA1 part. * ECDSA signatures always encode the integers r and s using ASN.1 * (unlike DSA where ASN.1 encoding is used with TLS but not with * SSL3). So we can use VFY_VerifyDigestDirect for ECDSA. */ - if (hash->hashAlg == ssl_hash_none) { + if (hash->hashAlg == SEC_OID_UNKNOWN) { hashAlg = SEC_OID_SHA1; hashItem.data = hash->u.s.sha; hashItem.len = sizeof(hash->u.s.sha); @@ -1132,8 +1122,8 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, */ rv = PK11_Verify(key, buf, &hashItem, pwArg); } else { - rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg, - pwArg); + rv = VFY_VerifyDigestDirect(&hashItem, key, buf, encAlg, hashAlg, + pwArg); } SECKEY_DestroyPublicKey(key); if (signature) { @@ -1149,71 +1139,75 @@ ssl3_VerifySignedHashes(SSL3Hashes *hash, CERTCertificate *cert, /* Caller must set hiLevel error code. */ /* Called from ssl3_ComputeExportRSAKeyHash * ssl3_ComputeDHKeyHash - * which are called from ssl3_HandleServerKeyExchange. + * which are called from ssl3_HandleServerKeyExchange. * - * hashAlg: ssl_hash_none indicates the pre-1.2, MD5/SHA1 combination hash. + * hashAlg: either the OID for a hash algorithm or SEC_OID_UNKNOWN to specify + * the pre-1.2, MD5/SHA1 combination hash. */ SECStatus -ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, - PRUint8 * hashBuf, unsigned int bufLen, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, + PRUint8 * hashBuf, unsigned int bufLen, + SSL3Hashes *hashes, PRBool bypassPKCS11) { - SECStatus rv; - SECOidTag hashOID; + SECStatus rv = SECSuccess; #ifndef NO_PKCS11_BYPASS if (bypassPKCS11) { - if (hashAlg == ssl_hash_none) { - MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen); - SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen); - hashes->len = MD5_LENGTH + SHA1_LENGTH; - } else if (hashAlg == ssl_hash_sha1) { - SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA1_LENGTH; - } else if (hashAlg == ssl_hash_sha256) { - SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA256_LENGTH; - } else if (hashAlg == ssl_hash_sha384) { - SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA384_LENGTH; - } else if (hashAlg == ssl_hash_sha512) { - SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); - hashes->len = SHA512_LENGTH; - } else { - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - return SECFailure; - } - } else + if (hashAlg == SEC_OID_UNKNOWN) { + MD5_HashBuf (hashes->u.s.md5, hashBuf, bufLen); + SHA1_HashBuf(hashes->u.s.sha, hashBuf, bufLen); + hashes->len = MD5_LENGTH + SHA1_LENGTH; + } else if (hashAlg == SEC_OID_SHA1) { + SHA1_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA1_LENGTH; + } else if (hashAlg == SEC_OID_SHA256) { + SHA256_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA256_LENGTH; + } else if (hashAlg == SEC_OID_SHA384) { + SHA384_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA384_LENGTH; + } else if (hashAlg == SEC_OID_SHA512) { + SHA512_HashBuf(hashes->u.raw, hashBuf, bufLen); + hashes->len = SHA512_LENGTH; + } else { + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } + } else #endif { - if (hashAlg == ssl_hash_none) { - rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); - return rv; - } - rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); - return rv; - } - hashes->len = MD5_LENGTH + SHA1_LENGTH; - } else { - hashOID = ssl3_TLSHashAlgorithmToOID(hashAlg); - hashes->len = HASH_ResultLenByOidTag(hashOID); - if (hashes->len == 0 || hashes->len > sizeof(hashes->u.raw)) { - ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); - return SECFailure; - } - rv = PK11_HashBuf(hashOID, hashes->u.raw, hashBuf, bufLen); - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); - return rv; - } - } + if (hashAlg == SEC_OID_UNKNOWN) { + rv = PK11_HashBuf(SEC_OID_MD5, hashes->u.s.md5, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_MD5_DIGEST_FAILURE); + rv = SECFailure; + goto done; + } + + rv = PK11_HashBuf(SEC_OID_SHA1, hashes->u.s.sha, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_SHA_DIGEST_FAILURE); + rv = SECFailure; + } + hashes->len = MD5_LENGTH + SHA1_LENGTH; + } else { + hashes->len = HASH_ResultLenByOidTag(hashAlg); + if (hashes->len > sizeof(hashes->u.raw)) { + ssl_MapLowLevelError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + rv = SECFailure; + goto done; + } + rv = PK11_HashBuf(hashAlg, hashes->u.raw, hashBuf, bufLen); + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_DIGEST_FAILURE); + rv = SECFailure; + } + } } hashes->hashAlg = hashAlg; - return SECSuccess; + +done: + return rv; } /* Caller must set hiLevel error code. @@ -1221,10 +1215,10 @@ ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, ** ssl3_HandleServerKeyExchange. */ static SECStatus -ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg, - SECItem modulus, SECItem publicExponent, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeExportRSAKeyHash(SECOidTag hashAlg, + SECItem modulus, SECItem publicExponent, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; @@ -1262,7 +1256,7 @@ ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg, bypassPKCS11); PRINT_BUF(95, (NULL, "RSAkey hash: ", hashBuf, bufLen)); - if (hashAlg == ssl_hash_none) { + if (hashAlg == SEC_OID_UNKNOWN) { PRINT_BUF(95, (NULL, "RSAkey hash: MD5 result", hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "RSAkey hash: SHA1 result", @@ -1280,10 +1274,10 @@ ssl3_ComputeExportRSAKeyHash(SSLHashType hashAlg, /* Caller must set hiLevel error code. */ /* Called from ssl3_HandleServerKeyExchange. */ static SECStatus -ssl3_ComputeDHKeyHash(SSLHashType hashAlg, - SECItem dh_p, SECItem dh_g, SECItem dh_Ys, - SSL3Random *client_rand, SSL3Random *server_rand, - SSL3Hashes *hashes, PRBool bypassPKCS11) +ssl3_ComputeDHKeyHash(SECOidTag hashAlg, + SECItem dh_p, SECItem dh_g, SECItem dh_Ys, + SSL3Random *client_rand, SSL3Random *server_rand, + SSL3Hashes *hashes, PRBool bypassPKCS11) { PRUint8 * hashBuf; PRUint8 * pBuf; @@ -1326,7 +1320,7 @@ ssl3_ComputeDHKeyHash(SSLHashType hashAlg, bypassPKCS11); PRINT_BUF(95, (NULL, "DHkey hash: ", hashBuf, bufLen)); - if (hashAlg == ssl_hash_none) { + if (hashAlg == SEC_OID_UNKNOWN) { PRINT_BUF(95, (NULL, "DHkey hash: MD5 result", hashes->u.s.md5, MD5_LENGTH)); PRINT_BUF(95, (NULL, "DHkey hash: SHA1 result", @@ -2183,11 +2177,7 @@ fail: * Sets error code, but caller probably should override to disambiguate. * NULL pms means re-use old master_secret. * - * This code is common to the bypass and PKCS11 execution paths. For - * the bypass case, pms is NULL. If the old master secret is reused, - * pms is NULL and the master secret is already in either - * pwSpec->msItem.len (the bypass case) or pwSpec->master_secret. - * + * This code is common to the bypass and PKCS11 execution paths. * For the bypass case, pms is NULL. */ SECStatus @@ -2568,7 +2558,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, PRUint32 fragLen; PRUint32 p1Len, p2Len, oddLen = 0; PRUint16 headerLen; - unsigned int ivLen = 0; + int ivLen = 0; int cipherBytes = 0; unsigned char pseudoHeader[13]; unsigned int pseudoHeaderLen; @@ -3130,8 +3120,7 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) { static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER | ssl_SEND_FLAG_CAP_RECORD_VERSION; - PRInt32 count = -1; - SECStatus rv = SECSuccess; + PRInt32 rv = SECSuccess; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -3145,19 +3134,18 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; } else { - count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, + rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len, flags); } - if (count < 0) { + if (rv < 0) { int err = PORT_GetError(); PORT_Assert(err != PR_WOULD_BLOCK_ERROR); if (err == PR_WOULD_BLOCK_ERROR) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } - rv = SECFailure; - } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { + } else if (rv < ss->sec.ci.sendBuf.len) { /* short write should never happen */ - PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len); + PORT_Assert(rv >= ss->sec.ci.sendBuf.len); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; } else { @@ -3593,70 +3581,13 @@ ssl3_HandleChangeCipherSpecs(sslSocket *ss, sslBuffer *buf) return SECSuccess; } -/* This method completes the derivation of the MS from the PMS. -** -** 1. Derive the MS, if possible, else return an error. -** -** 2. Check the version if |pms_version| is non-zero and if wrong, -** return an error. -** -** 3. If |msp| is nonzero, return MS in |*msp|. - -** Called from: -** ssl3_ComputeMasterSecretInt -** tls_ComputeExtendedMasterSecretInt +/* This method uses PKCS11 to derive the MS from the PMS, where PMS +** is a PKCS11 symkey. This is used in all cases except the +** "triple bypass" with RSA key exchange. +** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec. */ static SECStatus -ssl3_ComputeMasterSecretFinish(sslSocket *ss, - CK_MECHANISM_TYPE master_derive, - CK_MECHANISM_TYPE key_derive, - CK_VERSION *pms_version, - SECItem *params, CK_FLAGS keyFlags, - PK11SymKey *pms, PK11SymKey **msp) -{ - PK11SymKey *ms = NULL; - - ms = PK11_DeriveWithFlags(pms, master_derive, - params, key_derive, - CKA_DERIVE, 0, keyFlags); - if (!ms) { - ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); - return SECFailure; - } - - if (pms_version && ss->opt.detectRollBack) { - SSL3ProtocolVersion client_version; - client_version = pms_version->major << 8 | pms_version->minor; - - if (IS_DTLS(ss)) { - client_version = dtls_DTLSVersionToTLSVersion(client_version); - } - - if (client_version != ss->clientHelloVersion) { - /* Destroy MS. Version roll-back detected. */ - PK11_FreeSymKey(ms); - ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); - return SECFailure; - } - } - - if (msp) { - *msp = ms; - } else { - PK11_FreeSymKey(ms); - } - - return SECSuccess; -} - -/* Compute the ordinary (pre draft-ietf-tls-session-hash) master - ** secret and return it in |*msp|. - ** - ** Called from: ssl3_ComputeMasterSecret - */ -static SECStatus -ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, - PK11SymKey **msp) +ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) { ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec; const ssl3KEADef *kea_def= ss->ssl3.hs.kea_def; @@ -3666,27 +3597,28 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, (pwSpec->version > SSL_LIBRARY_VERSION_3_0)); PRBool isTLS12= (PRBool)(isTLS && pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); - /* + /* * Whenever isDH is true, we need to use CKM_TLS_MASTER_KEY_DERIVE_DH * which, unlike CKM_TLS_MASTER_KEY_DERIVE, converts arbitrary size - * data into a 48-byte value, and does not expect to return the version. + * data into a 48-byte value. */ PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) || (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh)); + SECStatus rv = SECFailure; CK_MECHANISM_TYPE master_derive; CK_MECHANISM_TYPE key_derive; SECItem params; CK_FLAGS keyFlags; CK_VERSION pms_version; - CK_VERSION *pms_version_ptr = NULL; - /* master_params may be used as a CK_SSL3_MASTER_KEY_DERIVE_PARAMS */ - CK_TLS12_MASTER_KEY_DERIVE_PARAMS master_params; - unsigned int master_params_len; + CK_SSL3_MASTER_KEY_DERIVE_PARAMS master_params; + PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); + PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); + PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); if (isTLS12) { - if(isDH) master_derive = CKM_TLS12_MASTER_KEY_DERIVE_DH; - else master_derive = CKM_TLS12_MASTER_KEY_DERIVE; - key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; + if(isDH) master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; + else master_derive = CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256; + key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; keyFlags = CKF_SIGN | CKF_VERIFY; } else if (isTLS) { if(isDH) master_derive = CKM_TLS_MASTER_KEY_DERIVE_DH; @@ -3700,142 +3632,87 @@ ssl3_ComputeMasterSecretInt(sslSocket *ss, PK11SymKey *pms, keyFlags = 0; } - if (!isDH) { - pms_version_ptr = &pms_version; + if (pms || !pwSpec->master_secret) { + if (isDH) { + master_params.pVersion = NULL; + } else { + master_params.pVersion = &pms_version; + } + master_params.RandomInfo.pClientRandom = cr; + master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; + master_params.RandomInfo.pServerRandom = sr; + master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; + + params.data = (unsigned char *) &master_params; + params.len = sizeof master_params; } - master_params.pVersion = pms_version_ptr; - master_params.RandomInfo.pClientRandom = cr; - master_params.RandomInfo.ulClientRandomLen = SSL3_RANDOM_LENGTH; - master_params.RandomInfo.pServerRandom = sr; - master_params.RandomInfo.ulServerRandomLen = SSL3_RANDOM_LENGTH; - if (isTLS12) { - master_params.prfHashMechanism = CKM_SHA256; - master_params_len = sizeof(CK_TLS12_MASTER_KEY_DERIVE_PARAMS); - } else { - /* prfHashMechanism is not relevant with this PRF */ - master_params_len = sizeof(CK_SSL3_MASTER_KEY_DERIVE_PARAMS); + if (pms != NULL) { +#if defined(TRACE) + if (ssl_trace >= 100) { + SECStatus extractRV = PK11_ExtractKeyValue(pms); + if (extractRV == SECSuccess) { + SECItem * keyData = PK11_GetKeyData(pms); + if (keyData && keyData->data && keyData->len) { + ssl_PrintBuf(ss, "Pre-Master Secret", + keyData->data, keyData->len); + } + } + } +#endif + pwSpec->master_secret = PK11_DeriveWithFlags(pms, master_derive, + ¶ms, key_derive, CKA_DERIVE, 0, keyFlags); + if (!isDH && pwSpec->master_secret && ss->opt.detectRollBack) { + SSL3ProtocolVersion client_version; + client_version = pms_version.major << 8 | pms_version.minor; + + if (IS_DTLS(ss)) { + client_version = dtls_DTLSVersionToTLSVersion(client_version); + } + + if (client_version != ss->clientHelloVersion) { + /* Destroy it. Version roll-back detected. */ + PK11_FreeSymKey(pwSpec->master_secret); + pwSpec->master_secret = NULL; + } + } + if (pwSpec->master_secret == NULL) { + /* Generate a faux master secret in the same slot as the old one. */ + PK11SlotInfo * slot = PK11_GetSlotFromKey((PK11SymKey *)pms); + PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot); + + PK11_FreeSlot(slot); + if (fpms != NULL) { + pwSpec->master_secret = PK11_DeriveWithFlags(fpms, + master_derive, ¶ms, key_derive, + CKA_DERIVE, 0, keyFlags); + PK11_FreeSymKey(fpms); + } + } } + if (pwSpec->master_secret == NULL) { + /* Generate a faux master secret from the internal slot. */ + PK11SlotInfo * slot = PK11_GetInternalSlot(); + PK11SymKey * fpms = ssl3_GenerateRSAPMS(ss, pwSpec, slot); - params.data = (unsigned char *) &master_params; - params.len = master_params_len; - - return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, - pms_version_ptr, ¶ms, - keyFlags, pms, msp); -} - -/* Compute the draft-ietf-tls-session-hash master -** secret and return it in |*msp|. -** -** Called from: ssl3_ComputeMasterSecret -*/ -static SECStatus -tls_ComputeExtendedMasterSecretInt(sslSocket *ss, PK11SymKey *pms, - PK11SymKey **msp) -{ - ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec; - CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS extended_master_params; - SSL3Hashes hashes; - /* - * Determine whether to use the DH/ECDH or RSA derivation modes. - */ - /* - * TODO(ekr@rtfm.com): Verify that the slot can handle this key expansion - * mode. Bug 1198298 */ - PRBool isDH = (PRBool) ((ss->ssl3.hs.kea_def->exchKeyType == kt_dh) || - (ss->ssl3.hs.kea_def->exchKeyType == kt_ecdh)); - CK_MECHANISM_TYPE master_derive; - CK_MECHANISM_TYPE key_derive; - SECItem params; - const CK_FLAGS keyFlags = CKF_SIGN | CKF_VERIFY; - CK_VERSION pms_version; - CK_VERSION *pms_version_ptr = NULL; - SECStatus rv; - - rv = ssl3_ComputeHandshakeHashes(ss, pwSpec, &hashes, 0); - if (rv != SECSuccess) { - PORT_Assert(0); /* Should never fail */ - ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); - return SECFailure; + PK11_FreeSlot(slot); + if (fpms != NULL) { + pwSpec->master_secret = PK11_DeriveWithFlags(fpms, + master_derive, ¶ms, key_derive, + CKA_DERIVE, 0, keyFlags); + if (pwSpec->master_secret == NULL) { + pwSpec->master_secret = fpms; /* use the fpms as the master. */ + fpms = NULL; + } + } + if (fpms) { + PK11_FreeSymKey(fpms); + } } - - if (isDH) { - master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH; - } else { - master_derive = CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE; - pms_version_ptr = &pms_version; + if (pwSpec->master_secret == NULL) { + ssl_MapLowLevelError(SSL_ERROR_SESSION_KEY_GEN_FAILURE); + return rv; } - - if (pwSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2) { - /* TLS 1.2 */ - extended_master_params.prfHashMechanism = CKM_SHA256; - key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; - } else { - /* TLS < 1.2 */ - extended_master_params.prfHashMechanism = CKM_TLS_PRF; - key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; - } - - extended_master_params.pVersion = pms_version_ptr; - extended_master_params.pSessionHash = hashes.u.raw; - extended_master_params.ulSessionHashLen = hashes.len; - - params.data = (unsigned char *) &extended_master_params; - params.len = sizeof extended_master_params; - - return ssl3_ComputeMasterSecretFinish(ss, master_derive, key_derive, - pms_version_ptr, ¶ms, - keyFlags, pms, msp); -} - - -/* Wrapper method to compute the master secret and return it in |*msp|. -** -** Called from ssl3_ComputeMasterSecret -*/ -static SECStatus -ssl3_ComputeMasterSecret(sslSocket *ss, PK11SymKey *pms, - PK11SymKey **msp) -{ - PORT_Assert(pms != NULL); - PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); - PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); - - if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { - return tls_ComputeExtendedMasterSecretInt(ss, pms, msp); - } else { - return ssl3_ComputeMasterSecretInt(ss, pms, msp); - } -} - -/* This method uses PKCS11 to derive the MS from the PMS, where PMS -** is a PKCS11 symkey. We call ssl3_ComputeMasterSecret to do the -** computations and then modify the pwSpec->state as a side effect. -** -** This is used in all cases except the "triple bypass" with RSA key -** exchange. -** -** Called from ssl3_InitPendingCipherSpec. prSpec is pwSpec. -*/ -static SECStatus -ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) -{ - SECStatus rv; - PK11SymKey* ms = NULL; - ssl3CipherSpec *pwSpec = ss->ssl3.pwSpec; - - PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); - PORT_Assert( ss->opt.noLocks || ssl_HaveSpecWriteLock(ss)); - PORT_Assert(ss->ssl3.prSpec == ss->ssl3.pwSpec); - - if (pms) { - rv = ssl3_ComputeMasterSecret(ss, pms, &ms); - pwSpec->master_secret = ms; - if (rv != SECSuccess) - return rv; - } - #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { SECItem * keydata; @@ -3846,7 +3723,7 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) rv = PK11_ExtractKeyValue(pwSpec->master_secret); if (rv != SECSuccess) { return rv; - } + } /* This returns the address of the secItem inside the key struct, * not a copy or a reference. So, there's no need to free it. */ @@ -3861,10 +3738,10 @@ ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms) } } #endif - return SECSuccess; } + /* * Derive encryption and MAC Keys (and IVs) from master secret * Sets a useful error code when returning SECFailure. @@ -3897,9 +3774,7 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) PK11SymKey * symKey = NULL; void * pwArg = ss->pkcs11PinArg; int keySize; - CK_TLS12_KEY_MAT_PARAMS key_material_params; /* may be used as a - * CK_SSL3_KEY_MAT_PARAMS */ - unsigned int key_material_params_len; + CK_SSL3_KEY_MAT_PARAMS key_material_params; CK_SSL3_KEY_MAT_OUT returnedKeys; CK_MECHANISM_TYPE key_derive; CK_MECHANISM_TYPE bulk_mechanism; @@ -3953,21 +3828,17 @@ ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss) PORT_Assert( alg2Mech[calg].calg == calg); bulk_mechanism = alg2Mech[calg].cmech; + params.data = (unsigned char *)&key_material_params; + params.len = sizeof(key_material_params); + if (isTLS12) { - key_derive = CKM_TLS12_KEY_AND_MAC_DERIVE; - key_material_params.prfHashMechanism = CKM_SHA256; - key_material_params_len = sizeof(CK_TLS12_KEY_MAT_PARAMS); + key_derive = CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256; } else if (isTLS) { key_derive = CKM_TLS_KEY_AND_MAC_DERIVE; - key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); } else { key_derive = CKM_SSL3_KEY_AND_MAC_DERIVE; - key_material_params_len = sizeof(CK_SSL3_KEY_MAT_PARAMS); } - params.data = (unsigned char *)&key_material_params; - params.len = key_material_params_len; - /* CKM_SSL3_KEY_AND_MAC_DERIVE is defined to set ENCRYPT, DECRYPT, and * DERIVE by DEFAULT */ symKey = PK11_Derive(pwSpec->master_secret, key_derive, ¶ms, @@ -4376,12 +4247,17 @@ ssl3_AppendHandshakeHeader(sslSocket *ss, SSL3HandshakeType t, PRUint32 length) * |sigAndHash| to the current handshake message. */ SECStatus ssl3_AppendSignatureAndHashAlgorithm( - sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash) + sslSocket *ss, const SSL3SignatureAndHashAlgorithm* sigAndHash) { - PRUint8 serialized[2]; + unsigned char serialized[2]; - serialized[0] = (PRUint8)sigAndHash->hashAlg; - serialized[1] = (PRUint8)sigAndHash->sigAlg; + serialized[0] = ssl3_OIDToTLSHashAlgorithm(sigAndHash->hashAlg); + if (serialized[0] == 0) { + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; + } + + serialized[1] = sigAndHash->sigAlg; return ssl3_AppendHandshake(ss, serialized, sizeof(serialized)); } @@ -4495,13 +4371,15 @@ ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, /* tlsHashOIDMap contains the mapping between TLS hash identifiers and the * SECOidTag used internally by NSS. */ static const struct { - SSLHashType tlsHash; + int tlsHash; SECOidTag oid; } tlsHashOIDMap[] = { - { ssl_hash_sha1, SEC_OID_SHA1 }, - { ssl_hash_sha256, SEC_OID_SHA256 }, - { ssl_hash_sha384, SEC_OID_SHA384 }, - { ssl_hash_sha512, SEC_OID_SHA512 } + { tls_hash_md5, SEC_OID_MD5 }, + { tls_hash_sha1, SEC_OID_SHA1 }, + { tls_hash_sha224, SEC_OID_SHA224 }, + { tls_hash_sha256, SEC_OID_SHA256 }, + { tls_hash_sha384, SEC_OID_SHA384 }, + { tls_hash_sha512, SEC_OID_SHA512 } }; /* ssl3_TLSHashAlgorithmToOID converts a TLS hash identifier into an OID value. @@ -4509,7 +4387,7 @@ static const struct { * * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ SECOidTag -ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc) +ssl3_TLSHashAlgorithmToOID(int hashFunc) { unsigned int i; @@ -4521,24 +4399,42 @@ ssl3_TLSHashAlgorithmToOID(SSLHashType hashFunc) return SEC_OID_UNKNOWN; } +/* ssl3_OIDToTLSHashAlgorithm converts an OID to a TLS hash algorithm + * identifier. If the hash is not recognised, zero is returned. + * + * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ +static int +ssl3_OIDToTLSHashAlgorithm(SECOidTag oid) +{ + unsigned int i; + + for (i = 0; i < PR_ARRAY_SIZE(tlsHashOIDMap); i++) { + if (oid == tlsHashOIDMap[i].oid) { + return tlsHashOIDMap[i].tlsHash; + } + } + return 0; +} + /* ssl3_TLSSignatureAlgorithmForKeyType returns the TLS 1.2 signature algorithm * identifier for a given KeyType. */ static SECStatus -ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, SSLSignType *out) +ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, + TLSSignatureAlgorithm *out) { switch (keyType) { case rsaKey: - *out = ssl_sign_rsa; - return SECSuccess; + *out = tls_sig_rsa; + return SECSuccess; case dsaKey: - *out = ssl_sign_dsa; - return SECSuccess; + *out = tls_sig_dsa; + return SECSuccess; case ecKey: - *out = ssl_sign_ecdsa; - return SECSuccess; + *out = tls_sig_ecdsa; + return SECSuccess; default: - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_KEY); + return SECFailure; } } @@ -4546,15 +4442,15 @@ ssl3_TLSSignatureAlgorithmForKeyType(KeyType keyType, SSLSignType *out) * algorithm identifier for the given certificate. */ static SECStatus ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert, - SSLSignType *out) + TLSSignatureAlgorithm *out) { SECKEYPublicKey *key; KeyType keyType; key = CERT_ExtractPublicKey(cert); if (key == NULL) { - ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); - return SECFailure; + ssl_MapLowLevelError(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE); + return SECFailure; } keyType = key->keyType; @@ -4564,75 +4460,24 @@ ssl3_TLSSignatureAlgorithmForCertificate(CERTCertificate *cert, /* ssl3_CheckSignatureAndHashAlgorithmConsistency checks that the signature * algorithm identifier in |sigAndHash| is consistent with the public key in - * |cert|. It also checks the hash algorithm against the configured signature - * algorithms. If all the tests pass, SECSuccess is returned. Otherwise, - * PORT_SetError is called and SECFailure is returned. */ + * |cert|. If so, SECSuccess is returned. Otherwise, PORT_SetError is called + * and SECFailure is returned. */ SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( - sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, - CERTCertificate* cert) + const SSL3SignatureAndHashAlgorithm *sigAndHash, CERTCertificate* cert) { SECStatus rv; - SSLSignType sigAlg; - unsigned int i; + TLSSignatureAlgorithm sigAlg; rv = ssl3_TLSSignatureAlgorithmForCertificate(cert, &sigAlg); if (rv != SECSuccess) { - return rv; + return rv; } if (sigAlg != sigAndHash->sigAlg) { - PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); - return SECFailure; + PORT_SetError(SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM); + return SECFailure; } - - for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { - const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; - if (sigAndHash->sigAlg == alg->sigAlg && - sigAndHash->hashAlg == alg->hashAlg) { - return SECSuccess; - } - } - PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); - return SECFailure; -} - -PRBool -ssl3_IsSupportedSignatureAlgorithm(const SSLSignatureAndHashAlg *alg) -{ - static const SSLHashType supportedHashes[] = { - ssl_hash_sha1, - ssl_hash_sha256, - ssl_hash_sha384, - ssl_hash_sha512 - }; - - static const SSLSignType supportedSigAlgs[] = { - ssl_sign_rsa, -#ifndef NSS_DISABLE_ECC - ssl_sign_ecdsa, -#endif - ssl_sign_dsa - }; - - unsigned int i; - PRBool hashOK = PR_FALSE; - PRBool signOK = PR_FALSE; - - for (i = 0; i < PR_ARRAY_SIZE(supportedHashes); ++i) { - if (alg->hashAlg == supportedHashes[i]) { - hashOK = PR_TRUE; - break; - } - } - - for (i = 0; i < PR_ARRAY_SIZE(supportedSigAlgs); ++i) { - if (alg->sigAlg == supportedSigAlgs[i]) { - signOK = PR_TRUE; - break; - } - } - - return hashOK && signOK; + return SECSuccess; } /* ssl3_ConsumeSignatureAndHashAlgorithm reads a SignatureAndHashAlgorithm @@ -4642,24 +4487,25 @@ ssl3_IsSupportedSignatureAlgorithm(const SSLSignatureAndHashAlg *alg) * See https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, - SSL3Opaque **b, - PRUint32 *length, - SSLSignatureAndHashAlg *out) + SSL3Opaque **b, + PRUint32 *length, + SSL3SignatureAndHashAlgorithm *out) { - PRUint8 bytes[2]; + unsigned char bytes[2]; SECStatus rv; rv = ssl3_ConsumeHandshake(ss, bytes, sizeof(bytes), b, length); if (rv != SECSuccess) { - return rv; + return rv; } - out->hashAlg = (SSLHashType)bytes[0]; - out->sigAlg = (SSLSignType)bytes[1]; - if (!ssl3_IsSupportedSignatureAlgorithm(out)) { - PORT_SetError(SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM); - return SECFailure; + out->hashAlg = ssl3_TLSHashAlgorithmToOID(bytes[0]); + if (out->hashAlg == SEC_OID_UNKNOWN) { + PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); + return SECFailure; } + + out->sigAlg = bytes[1]; return SECSuccess; } @@ -4689,12 +4535,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, SSL3Opaque sha_inner[MAX_MAC_LENGTH]; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); - if (ss->ssl3.hs.hashType == handshake_hash_unknown) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - - hashes->hashAlg = ssl_hash_none; + hashes->hashAlg = SEC_OID_UNKNOWN; #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11 && @@ -4702,6 +4543,11 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* compute them without PKCS11 */ PRUint64 sha_cx[MAX_MAC_CONTEXT_LLONGS]; + if (!spec->msItem.data) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } + ss->ssl3.hs.sha_clone(sha_cx, ss->ssl3.hs.sha_cx); ss->ssl3.hs.sha_obj->end(sha_cx, hashes->u.raw, &hashes->len, sizeof(hashes->u.raw)); @@ -4710,7 +4556,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ - hashes->hashAlg = ssl_hash_sha256; + hashes->hashAlg = SEC_OID_SHA256; rv = SECSuccess; } else if (ss->opt.bypassPKCS11) { /* compute them without PKCS11 */ @@ -4720,6 +4566,11 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, #define md5cx ((MD5Context *)md5_cx) #define shacx ((SHA1Context *)sha_cx) + if (!spec->msItem.data) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } + MD5_Clone (md5cx, (MD5Context *)ss->ssl3.hs.md5_cx); SHA1_Clone(shacx, (SHA1Context *)ss->ssl3.hs.sha_cx); @@ -4727,11 +4578,6 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, /* compute hashes for SSL3. */ unsigned char s[4]; - if (!spec->msItem.data) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -4804,6 +4650,11 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, unsigned char stackBuf[1024]; unsigned char *stateBuf = NULL; + if (!spec->master_secret) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } + h = ss->ssl3.hs.sha; stateBuf = PK11_SaveContextAlloc(h, stackBuf, sizeof(stackBuf), &stateLen); @@ -4820,7 +4671,7 @@ ssl3_ComputeHandshakeHashes(sslSocket * ss, } /* If we ever support ciphersuites where the PRF hash isn't SHA-256 * then this will need to be updated. */ - hashes->hashAlg = ssl_hash_sha256; + hashes->hashAlg = SEC_OID_SHA256; rv = SECSuccess; tls12_loser: @@ -4843,6 +4694,11 @@ tls12_loser: unsigned char md5StackBuf[256]; unsigned char shaStackBuf[512]; + if (!spec->master_secret) { + PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); + return SECFailure; + } + md5StateBuf = PK11_SaveContextAlloc(ss->ssl3.hs.md5, md5StackBuf, sizeof md5StackBuf, &md5StateLen); if (md5StateBuf == NULL) { @@ -4863,11 +4719,6 @@ tls12_loser: /* compute hashes for SSL3. */ unsigned char s[4]; - if (!spec->master_secret) { - PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE); - return SECFailure; - } - s[0] = (unsigned char)(sender >> 24); s[1] = (unsigned char)(sender >> 16); s[2] = (unsigned char)(sender >> 8); @@ -4999,7 +4850,7 @@ ssl3_ComputeBackupHandshakeHashes(sslSocket * ss, rv = SECFailure; goto loser; } - hashes->hashAlg = ssl_hash_sha1; + hashes->hashAlg = SEC_OID_SHA1; loser: PK11_DestroyContext(ss->ssl3.hs.backupHash, PR_TRUE); @@ -5080,9 +4931,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending) if (rv != SECSuccess) { return rv; /* ssl3_InitState has set the error code. */ } - /* These must be reset every handshake. */ - ss->ssl3.hs.sendingSCSV = PR_FALSE; - ss->ssl3.hs.preliminaryInfo = 0; + ss->ssl3.hs.sendingSCSV = PR_FALSE; /* Must be reset every handshake */ PORT_Assert(IS_DTLS(ss) || !resending); SECITEM_FreeItem(&ss->ssl3.hs.newSessionTicket.ticket, PR_FALSE); @@ -6113,6 +5962,14 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) } } + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); pms = NULL; + + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, isTLS ? enc_pms.len + 2 : enc_pms.len); if (rv != SECSuccess) { @@ -6127,15 +5984,6 @@ sendRSAClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); - pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = SECSuccess; loser: @@ -6205,6 +6053,14 @@ sendDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) SECKEY_DestroyPrivateKey(privKey); privKey = NULL; + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); pms = NULL; + + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, pubKey->u.dh.publicValue.len + 2); if (rv != SECSuccess) { @@ -6220,17 +6076,9 @@ sendDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); - pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = SECSuccess; + loser: if(pms) PK11_FreeSymKey(pms); @@ -6328,7 +6176,7 @@ ssl3_SendCertificateVerify(sslSocket *ss) SSL3Hashes hashes; KeyType keyType; unsigned int len; - SSLSignatureAndHashAlg sigAndHash; + SSL3SignatureAndHashAlgorithm sigAndHash; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); @@ -6382,11 +6230,11 @@ ssl3_SendCertificateVerify(sslSocket *ss) } if (isTLS12) { rv = ssl3_TLSSignatureAlgorithmForKeyType(keyType, - &sigAndHash.sigAlg); + &sigAndHash.sigAlg); if (rv != SECSuccess) { goto done; } - sigAndHash.hashAlg = hashes.hashAlg; + sigAndHash.hashAlg = hashes.hashAlg; rv = ssl3_AppendSignatureAndHashAlgorithm(ss, &sigAndHash); if (rv != SECSuccess) { @@ -6479,7 +6327,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; isTLS = (ss->version > SSL_LIBRARY_VERSION_3_0); rv = ssl3_InitHandshakeHashes(ss); @@ -6539,7 +6386,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) } ss->ssl3.hs.cipher_suite = (ssl3CipherSuite)temp; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef((ssl3CipherSuite)temp); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; PORT_Assert(ss->ssl3.hs.suite_def); if (!ss->ssl3.hs.suite_def) { PORT_SetError(errCode = SEC_ERROR_LIBRARY_FAILURE); @@ -6626,32 +6472,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem wrappedMS; /* wrapped master secret. */ - /* [draft-ietf-tls-session-hash-06; Section 5.3] - * - * o If the original session did not use the "extended_master_secret" - * extension but the new ServerHello contains the extension, the - * client MUST abort the handshake. - */ - if (!sid->u.ssl3.keys.extendedMasterSecretUsed && - ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { - errCode = SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET; - goto alert_loser; - } - - /* - * o If the original session used an extended master secret but the new - * ServerHello does not contain the "extended_master_secret" - * extension, the client SHOULD abort the handshake. - * - * TODO(ekr@rtfm.com): Add option to refuse to resume when EMS is not - * used at all (bug 1176526). - */ - if (sid->u.ssl3.keys.extendedMasterSecretUsed && - !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { - errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET; - goto alert_loser; - } - ss->sec.authAlgorithm = sid->authAlgorithm; ss->sec.authKeyBits = sid->authKeyBits; ss->sec.keaType = sid->keaType; @@ -6753,7 +6573,7 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->sec.peerCert = CERT_DupCertificate(sid->peerCert); } - /* NULL value for PMS because we are reusing the old MS */ + /* NULL value for PMS signifies re-use of the old MS */ rv = ssl3_InitPendingCipherSpec(ss, NULL); if (rv != SECSuccess) { goto alert_loser; /* err code was set */ @@ -6782,20 +6602,16 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) sid->u.ssl3.sessionIDLength = sidBytes.len; PORT_Memcpy(sid->u.ssl3.sessionID, sidBytes.data, sidBytes.len); - sid->u.ssl3.keys.extendedMasterSecretUsed = - ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn); - ss->ssl3.hs.isResuming = PR_FALSE; if (ss->ssl3.hs.kea_def->signKeyType != sign_null) { /* All current cipher suites other than those with sign_null (i.e., - * (EC)DH_anon_* suites) require a certificate, so use that signal. */ + * DH_anon_* suites) require a certificate, so use that signal. */ ss->ssl3.hs.ws = wait_server_cert; - } else { - /* All the remaining cipher suites must be (EC)DH_anon_* and so - * must be ephemeral. Note, if we ever add PSK this might - * change. */ - PORT_Assert(ss->ssl3.hs.kea_def->ephemeral); + } else if (ss->ssl3.hs.kea_def->ephemeral) { + /* Only ephemeral cipher suites use ServerKeyExchange. */ ss->ssl3.hs.ws = wait_server_key; + } else { + ss->ssl3.hs.ws = wait_cert_request; } return SECSuccess; @@ -6823,9 +6639,9 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SSL3AlertDescription desc = illegal_parameter; SSL3Hashes hashes; SECItem signature = {siBuffer, NULL, 0}; - SSLSignatureAndHashAlg sigAndHash; + SSL3SignatureAndHashAlgorithm sigAndHash; - sigAndHash.hashAlg = ssl_hash_none; + sigAndHash.hashAlg = SEC_OID_UNKNOWN; SSL_TRC(3, ("%d: SSL3[%d]: handle server_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -6867,7 +6683,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed or unsupported. */ } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss, + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; @@ -6890,10 +6706,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* * check to make sure the hash is signed by right guy */ - rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + rv = ssl3_ComputeExportRSAKeyHash(sigAndHash.hashAlg, modulus, exponent, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { errCode = ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); @@ -6919,6 +6735,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { + PORT_FreeArena(arena, PR_FALSE); goto no_memory; } @@ -6929,6 +6746,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (SECITEM_CopyItem(arena, &peerKey->u.rsa.modulus, &modulus) || SECITEM_CopyItem(arena, &peerKey->u.rsa.publicExponent, &exponent)) { + PORT_FreeArena(arena, PR_FALSE); goto no_memory; } ss->sec.peerKey = peerKey; @@ -6943,19 +6761,13 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) unsigned dh_p_bits; unsigned dh_g_bits; unsigned dh_Ys_bits; - PRInt32 minDH; rv = ssl3_ConsumeHandshakeVariable(ss, &dh_p, 2, &b, &length); if (rv != SECSuccess) { goto loser; /* malformed. */ } - - rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH); - if (rv != SECSuccess) { - minDH = SSL_DH_MIN_P_BITS; - } dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p); - if (dh_p_bits < minDH) { + if (dh_p_bits < SSL_DH_MIN_P_BITS) { errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY; goto alert_loser; } @@ -6980,7 +6792,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) if (rv != SECSuccess) { goto loser; /* malformed or unsupported. */ } - rv = ssl3_CheckSignatureAndHashAlgorithmConsistency(ss, + rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; @@ -7007,10 +6819,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* * check to make sure the hash is signed by right guy */ - rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys, - &ss->ssl3.hs.client_random, - &ss->ssl3.hs.server_random, - &hashes, ss->opt.bypassPKCS11); + rv = ssl3_ComputeDHKeyHash(sigAndHash.hashAlg, dh_p, dh_g, dh_Ys, + &ss->ssl3.hs.client_random, + &ss->ssl3.hs.server_random, + &hashes, ss->opt.bypassPKCS11); if (rv != SECSuccess) { errCode = ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); @@ -7034,7 +6846,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto no_memory; } - peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); + ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { goto no_memory; } @@ -7048,6 +6860,7 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECITEM_CopyItem(arena, &peerKey->u.dh.base, &dh_g) || SECITEM_CopyItem(arena, &peerKey->u.dh.publicValue, &dh_Ys)) { + PORT_FreeArena(arena, PR_FALSE); goto no_memory; } ss->sec.peerKey = peerKey; @@ -7070,16 +6883,10 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } PORT_SetError( errCode ); return SECFailure; no_memory: /* no-memory error has already been set. */ - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } @@ -7090,7 +6897,7 @@ no_memory: /* no-memory error has already been set. */ */ static SECStatus ssl3_ExtractClientKeyInfo(sslSocket *ss, - SSLSignType *sigAlg, + TLSSignatureAlgorithm *sigAlg, PRBool *preferSha1) { SECStatus rv = SECSuccess; @@ -7134,7 +6941,7 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, const SECItem *algorithms) { SECStatus rv; - SSLSignType sigAlg; + TLSSignatureAlgorithm sigAlg; PRBool preferSha1; PRBool supportsSha1 = PR_FALSE; PRBool supportsSha256 = PR_FALSE; @@ -7159,9 +6966,9 @@ ssl3_DestroyBackupHandshakeHashIfNotNeeded(sslSocket *ss, /* Determine the server's hash support for that signature algorithm. */ for (i = 0; i < algorithms->len; i += 2) { if (algorithms->data[i+1] == sigAlg) { - if (algorithms->data[i] == ssl_hash_sha1) { + if (algorithms->data[i] == tls_hash_sha1) { supportsSha1 = PR_TRUE; - } else if (algorithms->data[i] == ssl_hash_sha256) { + } else if (algorithms->data[i] == tls_hash_sha256) { supportsSha256 = PR_TRUE; } } @@ -7300,8 +7107,6 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.ws = wait_hello_done; if (ss->getClientAuthData != NULL) { - PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == - ssl_preinfo_all); /* XXX Should pass cert_types and algorithms in this call!! */ rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg, ss->fd, &ca_list, @@ -7406,8 +7211,6 @@ ssl3_CheckFalseStart(sslSocket *ss) SSL_TRC(3, ("%d: SSL[%d]: no false start due to weak cipher", SSL_GETPID(), ss->fd)); } else { - PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == - ssl_preinfo_all); rv = (ss->canFalseStartCallback)(ss->fd, ss->canFalseStartCallbackData, &ss->ssl3.hs.canFalseStart); @@ -7731,7 +7534,6 @@ ssl3_NewSessionID(sslSocket *ss, PRBool is_server) sid->u.ssl3.policy = SSL_ALLOWED; sid->u.ssl3.clientWriteKey = NULL; sid->u.ssl3.serverWriteKey = NULL; - sid->u.ssl3.keys.extendedMasterSecretUsed = PR_FALSE; if (is_server) { SECStatus rv; @@ -7784,7 +7586,7 @@ ssl3_SendServerHelloSequence(sslSocket *ss) if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) { /* see if we can legally use the key in the cert. */ - unsigned int keyLen; /* bytes */ + int keyLen; /* bytes */ keyLen = PK11_GetPrivateModulusLen( ss->serverCerts[kea_def->exchKeyType].SERVERKEY); @@ -7877,7 +7679,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->ssl3.initialized ); - ss->ssl3.hs.preliminaryInfo = 0; if (!ss->sec.isServer || (ss->ssl3.hs.ws != wait_client_hello && @@ -7943,7 +7744,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; rv = ssl3_InitHandshakeHashes(ss); if (rv != SECSuccess) { @@ -8203,7 +8003,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; /* Use the cached compression method. */ ss->ssl3.hs.compression = sid->u.ssl3.compression; @@ -8249,7 +8048,6 @@ ssl3_HandleClientHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; goto suite_found; } } @@ -8292,8 +8090,6 @@ compression_found: /* If there are any failures while processing the old sid, * we don't consider them to be errors. Instead, We just behave * as if the client had sent us no sid to begin with, and make a new one. - * The exception here is attempts to resume extended_master_secret - * sessions without the extension, which causes an alert. */ if (sid != NULL) do { ssl3CipherSpec *pwSpec; @@ -8305,30 +8101,6 @@ compression_found: break; /* not an error */ } - /* [draft-ietf-tls-session-hash-06; Section 5.3] - * o If the original session did not use the "extended_master_secret" - * extension but the new ClientHello contains the extension, then the - * server MUST NOT perform the abbreviated handshake. Instead, it - * SHOULD continue with a full handshake (as described in - * Section 5.2) to negotiate a new session. - * - * o If the original session used the "extended_master_secret" - * extension but the new ClientHello does not contain the extension, - * the server MUST abort the abbreviated handshake. - */ - if (ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)) { - if (!sid->u.ssl3.keys.extendedMasterSecretUsed) { - break; /* not an error */ - } - } else { - if (sid->u.ssl3.keys.extendedMasterSecretUsed) { - /* Note: we do not destroy the session */ - desc = handshake_failure; - errCode = SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET; - goto alert_loser; - } - } - if (ss->sec.ci.sid) { if (ss->sec.uncache) ss->sec.uncache(ss->sec.ci.sid); @@ -8469,7 +8241,7 @@ compression_found: haveSpecWriteLock = PR_FALSE; } - /* NULL value for PMS because we are re-using the old MS */ + /* NULL value for PMS signifies re-use of the old MS */ rv = ssl3_InitPendingCipherSpec(ss, NULL); if (rv != SECSuccess) { errCode = PORT_GetError(); @@ -8513,9 +8285,6 @@ compression_found: if (ssl3_ExtensionNegotiated(ss, ssl_server_name_xtn)) { int ret = 0; if (ss->sniSocketConfig) do { /* not a loop */ - PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == - ssl_preinfo_all); - ret = SSL_SNI_SEND_ALERT; /* If extension is negotiated, the len of names should > 0. */ if (ss->xtnData.sniNameArrSize) { @@ -8563,7 +8332,7 @@ compression_found: ret = SSL_SNI_SEND_ALERT; break; } - } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) { + } else if (ret < ss->xtnData.sniNameArrSize) { /* Application has configured new socket info. Lets check it * and save the name. */ SECStatus rv; @@ -8614,7 +8383,7 @@ compression_found: ssl3_SendServerNameXtn); } else { /* Callback returned index outside of the boundary. */ - PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize); + PORT_Assert(ret < ss->xtnData.sniNameArrSize); errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; desc = internal_error; ret = SSL_SNI_SEND_ALERT; @@ -8660,16 +8429,13 @@ compression_found: } ss->sec.ci.sid = sid; - sid->u.ssl3.keys.extendedMasterSecretUsed = - ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn); ss->ssl3.hs.isResuming = PR_FALSE; ssl_GetXmitBufLock(ss); rv = ssl3_SendServerHelloSequence(ss); ssl_ReleaseXmitBufLock(ss); if (rv != SECSuccess) { - errCode = PORT_GetError(); - desc = handshake_failure; - goto alert_loser; + errCode = PORT_GetError(); + goto loser; } if (haveXmitBufLock) { @@ -8761,7 +8527,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) errCode = SSL_ERROR_UNSUPPORTED_VERSION; goto alert_loser; } - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_version; rv = ssl3_InitHandshakeHashes(ss); if (rv != SECSuccess) { @@ -8826,7 +8591,6 @@ ssl3_HandleV2ClientHello(sslSocket *ss, unsigned char *buffer, int length) ss->ssl3.hs.cipher_suite = suite->cipher_suite; ss->ssl3.hs.suite_def = ssl_LookupCipherSuiteDef(ss->ssl3.hs.cipher_suite); - ss->ssl3.hs.preliminaryInfo |= ssl_preinfo_cipher_suite; goto suite_found; } } @@ -9019,7 +8783,7 @@ ssl3_SendServerHello(sslSocket *ss) static SECStatus ssl3_PickSignatureHashAlgorithm(sslSocket *ss, - SSLSignatureAndHashAlg* out); + SSL3SignatureAndHashAlgorithm* out); static SECStatus ssl3_SendDHServerKeyExchange(sslSocket *ss) @@ -9030,7 +8794,7 @@ ssl3_SendDHServerKeyExchange(sslSocket *ss) PRBool isTLS; SECItem signed_hash = {siBuffer, NULL, 0}; SSL3Hashes hashes; - SSLSignatureAndHashAlg sigAndHash; + SSL3SignatureAndHashAlgorithm sigAndHash; SECKEYDHParams dhParam; ssl3KeyPair *keyPair = NULL; @@ -9172,10 +8936,18 @@ loser: * hash combinations. */ static SECStatus ssl3_PickSignatureHashAlgorithm(sslSocket *ss, - SSLSignatureAndHashAlg* out) + SSL3SignatureAndHashAlgorithm* out) { - SSLSignType sigAlg; + TLSSignatureAlgorithm sigAlg; unsigned int i, j; + /* hashPreference expresses our preferences for hash algorithms, most + * preferable first. */ + static const SECOidTag hashPreference[] = { + SEC_OID_SHA256, + SEC_OID_SHA384, + SEC_OID_SHA512, + SEC_OID_SHA1, + }; switch (ss->ssl3.hs.kea_def->kea) { case kea_rsa: @@ -9188,56 +8960,48 @@ ssl3_PickSignatureHashAlgorithm(sslSocket *ss, case kea_rsa_fips: case kea_ecdh_rsa: case kea_ecdhe_rsa: - sigAlg = ssl_sign_rsa; - break; + sigAlg = tls_sig_rsa; + break; case kea_dh_dss: case kea_dh_dss_export: case kea_dhe_dss: case kea_dhe_dss_export: - sigAlg = ssl_sign_dsa; - break; + sigAlg = tls_sig_dsa; + break; case kea_ecdh_ecdsa: case kea_ecdhe_ecdsa: - sigAlg = ssl_sign_ecdsa; - break; + sigAlg = tls_sig_ecdsa; + break; default: - PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); - return SECFailure; + PORT_SetError(SEC_ERROR_UNSUPPORTED_KEYALG); + return SECFailure; } out->sigAlg = sigAlg; if (ss->version <= SSL_LIBRARY_VERSION_TLS_1_1) { - /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and - * prior. */ - out->hashAlg = ssl_hash_none; - return SECSuccess; + /* SEC_OID_UNKNOWN means the MD5/SHA1 combo hash used in TLS 1.1 and + * prior. */ + out->hashAlg = SEC_OID_UNKNOWN; + return SECSuccess; } if (ss->ssl3.hs.numClientSigAndHash == 0) { - /* If the client didn't provide any signature_algorithms extension then - * we can assume that they support SHA-1: - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ - out->hashAlg = ssl_hash_sha1; - return SECSuccess; + /* If the client didn't provide any signature_algorithms extension then + * we can assume that they support SHA-1: + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ + out->hashAlg = SEC_OID_SHA1; + return SECSuccess; } - /* Here we look for the first server preference that the client has - * indicated support for in their signature_algorithms extension. */ - for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { - const SSLSignatureAndHashAlg *serverPref = - &ss->ssl3.signatureAlgorithms[i]; - if (serverPref->sigAlg != sigAlg) { - continue; - } - for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) { - const SSLSignatureAndHashAlg *clientPref = - &ss->ssl3.hs.clientSigAndHash[j]; - if (clientPref->hashAlg == serverPref->hashAlg && - clientPref->sigAlg == sigAlg) { - out->hashAlg = serverPref->hashAlg; - return SECSuccess; - } - } + for (i = 0; i < PR_ARRAY_SIZE(hashPreference); i++) { + for (j = 0; j < ss->ssl3.hs.numClientSigAndHash; j++) { + const SSL3SignatureAndHashAlgorithm* sh = + &ss->ssl3.hs.clientSigAndHash[j]; + if (sh->sigAlg == sigAlg && sh->hashAlg == hashPreference[i]) { + out->hashAlg = sh->hashAlg; + return SECSuccess; + } + } } PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); @@ -9255,7 +9019,7 @@ ssl3_SendServerKeyExchange(sslSocket *ss) SECItem signed_hash = {siBuffer, NULL, 0}; SSL3Hashes hashes; SECKEYPublicKey * sdPub; /* public key for step-down */ - SSLSignatureAndHashAlg sigAndHash; + SSL3SignatureAndHashAlgorithm sigAndHash; SSL_TRC(3, ("%d: SSL3[%d]: send server_key_exchange handshake", SSL_GETPID(), ss->fd)); @@ -9362,36 +9126,6 @@ loser: return SECFailure; } -static SECStatus -ssl3_EncodeCertificateRequestSigAlgs(sslSocket *ss, PRUint8 *buf, - unsigned maxLen, PRUint32 *len) -{ - unsigned int i; - - PORT_Assert(maxLen >= ss->ssl3.signatureAlgorithmCount * 2); - if (maxLen < ss->ssl3.signatureAlgorithmCount * 2) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - - *len = 0; - for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { - const SSLSignatureAndHashAlg *alg = &ss->ssl3.signatureAlgorithms[i]; - /* Note that we don't support a handshake hash with anything other than - * SHA-256, so asking for a signature from clients for something else - * would be inviting disaster. */ - if (alg->hashAlg == ssl_hash_sha256) { - buf[(*len)++] = (PRUint8)alg->hashAlg; - buf[(*len)++] = (PRUint8)alg->sigAlg; - } - } - - if (*len == 0) { - PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); - return SECFailure; - } - return SECSuccess; -} static SECStatus ssl3_SendCertificateRequest(sslSocket *ss) @@ -9400,6 +9134,7 @@ ssl3_SendCertificateRequest(sslSocket *ss) SECItem * name; CERTDistNames *ca_list; const PRUint8 *certTypes; + const PRUint8 *sigAlgs; SECItem * names = NULL; SECStatus rv; int length; @@ -9407,8 +9142,7 @@ ssl3_SendCertificateRequest(sslSocket *ss) int calen = 0; int nnames = 0; int certTypesLength; - PRUint8 sigAlgs[MAX_SIGNATURE_ALGORITHMS * 2]; - unsigned int sigAlgsLength = 0; + int sigAlgsLength; SSL_TRC(3, ("%d: SSL3[%d]: send certificate_request handshake", SSL_GETPID(), ss->fd)); @@ -9435,15 +9169,12 @@ ssl3_SendCertificateRequest(sslSocket *ss) certTypes = certificate_types; certTypesLength = sizeof certificate_types; + sigAlgs = supported_signature_algorithms; + sigAlgsLength = sizeof supported_signature_algorithms; length = 1 + certTypesLength + 2 + calen; if (isTLS12) { - rv = ssl3_EncodeCertificateRequestSigAlgs(ss, sigAlgs, sizeof(sigAlgs), - &sigAlgsLength); - if (rv != SECSuccess) { - return rv; - } - length += 2 + sigAlgsLength; + length += 2 + sigAlgsLength; } rv = ssl3_AppendHandshakeHeader(ss, certificate_request, length); @@ -9509,7 +9240,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, int errCode = SSL_ERROR_RX_MALFORMED_CERT_VERIFY; SSL3AlertDescription desc = handshake_failure; PRBool isTLS, isTLS12; - SSLSignatureAndHashAlg sigAndHash; + SSL3SignatureAndHashAlgorithm sigAndHash; SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_verify handshake", SSL_GETPID(), ss->fd)); @@ -9525,13 +9256,6 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, goto alert_loser; } - if (!hashes) { - PORT_Assert(0); - desc = internal_error; - errCode = SEC_ERROR_LIBRARY_FAILURE; - goto alert_loser; - } - if (isTLS12) { rv = ssl3_ConsumeSignatureAndHashAlgorithm(ss, &b, &length, &sigAndHash); @@ -9539,7 +9263,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, goto loser; /* malformed or unsupported. */ } rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - ss, &sigAndHash, ss->sec.peerCert); + &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { errCode = PORT_GetError(); desc = decrypt_error; @@ -9548,7 +9272,7 @@ ssl3_HandleCertificateVerify(sslSocket *ss, SSL3Opaque *b, PRUint32 length, /* We only support CertificateVerify messages that use the handshake * hash. */ - if (sigAndHash.hashAlg != hashes->hashAlg) { + if (sigAndHash.hashAlg != hashes->hashAlg) { errCode = SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM; desc = decrypt_error; goto alert_loser; @@ -9679,17 +9403,18 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, PRUint32 length, SECKEYPrivateKey *serverKey) { + PK11SymKey * pms; #ifndef NO_PKCS11_BYPASS unsigned char * cr = (unsigned char *)&ss->ssl3.hs.client_random; unsigned char * sr = (unsigned char *)&ss->ssl3.hs.server_random; ssl3CipherSpec * pwSpec = ss->ssl3.pwSpec; unsigned int outLen = 0; - PRBool isTLS = PR_FALSE; - SECItem pmsItem = {siBuffer, NULL, 0}; - unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; #endif + PRBool isTLS = PR_FALSE; SECStatus rv; SECItem enc_pms; + unsigned char rsaPmsBuf[SSL3_RSA_PMS_LENGTH]; + SECItem pmsItem = {siBuffer, NULL, 0}; PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss) ); @@ -9697,10 +9422,8 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, enc_pms.data = b; enc_pms.len = length; -#ifndef NO_PKCS11_BYPASS pmsItem.data = rsaPmsBuf; pmsItem.len = sizeof rsaPmsBuf; -#endif if (ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0) { /* isTLS */ PRInt32 kLen; @@ -9712,24 +9435,13 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, if ((unsigned)kLen < enc_pms.len) { enc_pms.len = kLen; } -#ifndef NO_PKCS11_BYPASS isTLS = PR_TRUE; -#endif } else { -#ifndef NO_PKCS11_BYPASS isTLS = (PRBool)(ss->ssl3.hs.kea_def->tls_keygen != 0); -#endif } #ifndef NO_PKCS11_BYPASS if (ss->opt.bypassPKCS11) { - /* We have not implemented a tls_ExtendedMasterKeyDeriveBypass - * and will not negotiate this extension in bypass mode. This - * assert just double-checks that. - */ - PORT_Assert( - !ssl3_ExtensionNegotiated(ss, ssl_extended_master_secret_xtn)); - /* TRIPLE BYPASS, get PMS directly from RSA decryption. * Use PK11_PrivDecryptPKCS1 to decrypt the PMS to a buffer, * then, check for version rollback attack, then @@ -9757,8 +9469,8 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, } } /* have PMS, build MS without PKCS11 */ - rv = ssl3_MasterSecretDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, - PR_TRUE); + rv = ssl3_MasterKeyDeriveBypass(pwSpec, cr, sr, &pmsItem, isTLS, + PR_TRUE); if (rv != SECSuccess) { pwSpec->msItem.data = pwSpec->raw_master_secret; pwSpec->msItem.len = SSL3_MASTER_SECRET_LENGTH; @@ -9768,107 +9480,46 @@ ssl3_HandleRSAClientKeyExchange(sslSocket *ss, } else #endif { - PK11SymKey *tmpPms[2] = {NULL, NULL}; - PK11SlotInfo *slot; - int useFauxPms = 0; -#define currentPms tmpPms[!useFauxPms] -#define unusedPms tmpPms[useFauxPms] -#define realPms tmpPms[1] -#define fauxPms tmpPms[0] - #ifndef NO_PKCS11_BYPASS double_bypass: #endif + /* + * unwrap pms out of the incoming buffer + * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do + * the unwrap. Rather, it is the mechanism with which the + * unwrapped pms will be used. + */ + pms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, + CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); + if (pms != NULL) { + PRINT_BUF(60, (ss, "decrypted premaster secret:", + PK11_GetKeyData(pms)->data, + PK11_GetKeyData(pms)->len)); + } else { + /* unwrap failed. Generate a bogus PMS and carry on. */ + PK11SlotInfo * slot = PK11_GetSlotFromPrivateKey(serverKey); - /* - * Get as close to algorithm 2 from RFC 5246; Section 7.4.7.1 - * as we can within the constraints of the PKCS#11 interface. - * - * 1. Unconditionally generate a bogus PMS (what RFC 5246 - * calls R). - * 2. Attempt the RSA decryption to recover the PMS (what - * RFC 5246 calls M). - * 3. Set PMS = (M == NULL) ? R : M - * 4. Use ssl3_ComputeMasterSecret(PMS) to attempt to derive - * the MS from PMS. This includes performing the version - * check and length check. - * 5. If either the initial RSA decryption failed or - * ssl3_ComputeMasterSecret(PMS) failed, then discard - * M and set PMS = R. Else, discard R and set PMS = M. - * - * We do two derivations here because we can't rely on having - * a function that only performs the PMS version and length - * check. The only redundant cost is that this runs the PRF, - * which isn't necessary here. - */ + ssl_GetSpecWriteLock(ss); + pms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot); + ssl_ReleaseSpecWriteLock(ss); + PK11_FreeSlot(slot); + } - /* Generate the bogus PMS (R) */ - slot = PK11_GetSlotFromPrivateKey(serverKey); - if (!slot) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - - if (!PK11_DoesMechanism(slot, CKM_SSL3_MASTER_KEY_DERIVE)) { - PK11_FreeSlot(slot); - slot = PK11_GetBestSlot(CKM_SSL3_MASTER_KEY_DERIVE, NULL); - if (!slot) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - } - - ssl_GetSpecWriteLock(ss); - fauxPms = ssl3_GenerateRSAPMS(ss, ss->ssl3.prSpec, slot); - ssl_ReleaseSpecWriteLock(ss); - PK11_FreeSlot(slot); - - if (fauxPms == NULL) { + if (pms == NULL) { + /* last gasp. */ ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); return SECFailure; } - /* - * unwrap pms out of the incoming buffer - * Note: CKM_SSL3_MASTER_KEY_DERIVE is NOT the mechanism used to do - * the unwrap. Rather, it is the mechanism with which the - * unwrapped pms will be used. - */ - realPms = PK11_PubUnwrapSymKey(serverKey, &enc_pms, - CKM_SSL3_MASTER_KEY_DERIVE, CKA_DERIVE, 0); - /* Temporarily use the PMS if unwrapping the real PMS fails. */ - useFauxPms |= (realPms == NULL); - - /* Attempt to derive the MS from the PMS. This is the only way to - * check the version field in the RSA PMS. If this fails, we - * then use the faux PMS in place of the PMS. Note that this - * operation should never fail if we are using the faux PMS - * since it is correctly formatted. */ - rv = ssl3_ComputeMasterSecret(ss, currentPms, NULL); - - /* If we succeeded, then select the true PMS and discard the - * FPMS. Else, select the FPMS and select the true PMS */ - useFauxPms |= (rv != SECSuccess); - - if (unusedPms) { - PK11_FreeSymKey(unusedPms); - } - /* This step will derive the MS from the PMS, among other things. */ - rv = ssl3_InitPendingCipherSpec(ss, currentPms); - PK11_FreeSymKey(currentPms); + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); } if (rv != SECSuccess) { SEND_ALERT return SECFailure; /* error code set by ssl3_InitPendingCipherSpec */ } - -#undef currentPms -#undef unusedPms -#undef realPms -#undef fauxPms - return SECSuccess; } @@ -10628,8 +10279,6 @@ ssl3_AuthCertificate(sslSocket *ss) ss->ssl3.hs.authCertificatePending = PR_FALSE; - PORT_Assert((ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == - ssl_preinfo_all); /* * Ask caller-supplied callback function to validate cert chain. */ @@ -10674,40 +10323,19 @@ ssl3_AuthCertificate(sslSocket *ss) ss->sec.keaType = ss->ssl3.hs.kea_def->exchKeyType; if (pubKey) { KeyType pubKeyType; - PRInt32 minKey; ss->sec.keaKeyBits = ss->sec.authKeyBits = SECKEY_PublicKeyStrengthInBits(pubKey); pubKeyType = SECKEY_GetPublicKeyType(pubKey); - minKey = ss->sec.authKeyBits; - switch (pubKeyType) { - case rsaKey: - case rsaPssKey: - case rsaOaepKey: - rv = NSS_OptionGet(NSS_RSA_MIN_KEY_SIZE, &minKey); - if (rv != SECSuccess) { - minKey = SSL_RSA_MIN_MODULUS_BITS; - } - break; - case dsaKey: - rv = NSS_OptionGet(NSS_DSA_MIN_KEY_SIZE, &minKey); - if (rv != SECSuccess) { - minKey = SSL_DSA_MIN_P_BITS; - } - break; - case dhKey: - rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minKey); - if (rv != SECSuccess) { - minKey = SSL_DH_MIN_P_BITS; - } - break; - default: - break; - } - /* Too small: not good enough. Send a fatal alert. */ /* We aren't checking EC here on the understanding that we only * support curves we like, a decision that might need revisiting. */ - if ( ss->sec.authKeyBits < minKey) { + if (((pubKeyType == rsaKey || pubKeyType == rsaPssKey || + pubKeyType == rsaOaepKey) && + ss->sec.authKeyBits < SSL_RSA_MIN_MODULUS_BITS) || + (pubKeyType == dsaKey && + ss->sec.authKeyBits < SSL_DSA_MIN_P_BITS) || + (pubKeyType == dhKey && + ss->sec.authKeyBits < SSL_DH_MIN_P_BITS)) { PORT_SetError(SSL_ERROR_WEAK_SERVER_CERT_KEY); (void)SSL3_SendAlert(ss, alert_fatal, ss->version >= SSL_LIBRARY_VERSION_TLS_1_0 @@ -10838,42 +10466,16 @@ ssl3_ComputeTLSFinished(ssl3CipherSpec *spec, const SSL3Hashes * hashes, TLSFinished * tlsFinished) { - SECStatus rv; - CK_TLS_MAC_PARAMS tls_mac_params; - SECItem param = {siBuffer, NULL, 0}; - PK11Context *prf_context; - unsigned int retLen; + const char * label; + unsigned int len; + SECStatus rv; - if (!spec->master_secret || spec->bypassCiphers) { - const char *label = isServer ? "server finished" : "client finished"; - unsigned int len = 15; + label = isServer ? "server finished" : "client finished"; + len = 15; - return ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, - hashes->len, tlsFinished->verify_data, - sizeof tlsFinished->verify_data); - } - - if (spec->version < SSL_LIBRARY_VERSION_TLS_1_2) { - tls_mac_params.prfMechanism = CKM_TLS_PRF; - } else { - tls_mac_params.prfMechanism = CKM_SHA256; - } - tls_mac_params.ulMacLength = 12; - tls_mac_params.ulServerOrClient = isServer ? 1 : 2; - param.data = (unsigned char *)&tls_mac_params; - param.len = sizeof(tls_mac_params); - prf_context = PK11_CreateContextBySymKey(CKM_TLS_MAC, CKA_SIGN, - spec->master_secret, ¶m); - if (!prf_context) - return SECFailure; - - rv = PK11_DigestBegin(prf_context); - rv |= PK11_DigestOp(prf_context, hashes->u.raw, hashes->len); - rv |= PK11_DigestFinal(prf_context, tlsFinished->verify_data, &retLen, - sizeof tlsFinished->verify_data); - PORT_Assert(rv != SECSuccess || retLen == sizeof tlsFinished->verify_data); - - PK11_DestroyContext(prf_context, PR_TRUE); + rv = ssl3_TLSPRFWithMasterSecret(spec, label, len, hashes->u.raw, + hashes->len, tlsFinished->verify_data, + sizeof tlsFinished->verify_data); return rv; } @@ -11213,13 +10815,6 @@ ssl3_HandleFinished(sslSocket *ss, SSL3Opaque *b, PRUint32 length, return SECFailure; } - if (!hashes) { - PORT_Assert(0); - SSL3_SendAlert(ss, alert_fatal, internal_error); - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } - isTLS = (PRBool)(ss->ssl3.crSpec->version > SSL_LIBRARY_VERSION_3_0); if (isTLS) { TLSFinished tlsFinished; @@ -11445,7 +11040,6 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECStatus rv = SECSuccess; SSL3HandshakeType type = ss->ssl3.hs.msg_type; SSL3Hashes hashes; /* computed hashes are put here. */ - SSL3Hashes *hashesPtr = NULL; /* Set when hashes are computed */ PRUint8 hdr[4]; PRUint8 dtlsData[8]; @@ -11456,8 +11050,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) * current message. */ ssl_GetSpecReadLock(ss); /************************************/ - if(((type == finished) && (ss->ssl3.hs.ws == wait_finished)) || - ((type == certificate_verify) && (ss->ssl3.hs.ws == wait_cert_verify))) { + if((type == finished) || (type == certificate_verify)) { SSL3Sender sender = (SSL3Sender)0; ssl3CipherSpec *rSpec = ss->ssl3.prSpec; @@ -11466,9 +11059,6 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) rSpec = ss->ssl3.crSpec; } rv = ssl3_ComputeHandshakeHashes(ss, rSpec, &hashes, sender); - if (rv == SECSuccess) { - hashesPtr = &hashes; - } } ssl_ReleaseSpecReadLock(ss); /************************************/ if (rv != SECSuccess) { @@ -11619,7 +11209,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY); return SECFailure; } - rv = ssl3_HandleCertificateVerify(ss, b, length, hashesPtr); + rv = ssl3_HandleCertificateVerify(ss, b, length, &hashes); break; case client_key_exchange: if (!ss->sec.isServer) { @@ -11638,7 +11228,7 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length) rv = ssl3_HandleNewSessionTicket(ss, b, length); break; case finished: - rv = ssl3_HandleFinished(ss, b, length, hashesPtr); + rv = ssl3_HandleFinished(ss, b, length, &hashes); break; default: (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message); @@ -11994,7 +11584,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) SSL3Opaque *givenHash; sslBuffer *plaintext; sslBuffer temp_buf; - PRUint64 dtls_seq_num = 0; + PRUint64 dtls_seq_num; unsigned int ivLen = 0; unsigned int originalLen = 0; unsigned int good; @@ -12475,7 +12065,6 @@ ssl3_InitState(sslSocket *ss) ss->ssl3.hs.sendingSCSV = PR_FALSE; ssl3_InitCipherSpec(ss, ss->ssl3.crSpec); ssl3_InitCipherSpec(ss, ss->ssl3.prSpec); - ss->ssl3.hs.preliminaryInfo = 0; ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello; #ifndef NSS_DISABLE_ECC @@ -12680,87 +12269,11 @@ ssl3_CipherPrefGet(sslSocket *ss, ssl3CipherSuite which, PRBool *enabled) return rv; } -SECStatus -SSL_SignaturePrefSet(PRFileDesc *fd, const SSLSignatureAndHashAlg *algorithms, - unsigned int count) -{ - sslSocket *ss; - unsigned int i; - - ss = ssl_FindSocket(fd); - if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefSet", - SSL_GETPID(), fd)); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (!count || count > MAX_SIGNATURE_ALGORITHMS) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - ss->ssl3.signatureAlgorithmCount = 0; - for (i = 0; i < count; ++i) { - if (!ssl3_IsSupportedSignatureAlgorithm(&algorithms[i])) { - SSL_DBG(("%d: SSL[%d]: invalid signature algorithm set %d/%d", - SSL_GETPID(), fd, algorithms[i].sigAlg, - algorithms[i].hashAlg)); - continue; - } - - ss->ssl3.signatureAlgorithms[ss->ssl3.signatureAlgorithmCount++] = - algorithms[i]; - } - - if (ss->ssl3.signatureAlgorithmCount == 0) { - PORT_SetError(SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM); - return SECFailure; - } - return SECSuccess; -} - -SECStatus -SSL_SignaturePrefGet(PRFileDesc *fd, SSLSignatureAndHashAlg *algorithms, - unsigned int *count, unsigned int maxCount) -{ - sslSocket *ss; - unsigned int requiredSpace; - - ss = ssl_FindSocket(fd); - if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SignaturePrefGet", - SSL_GETPID(), fd)); - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - if (!algorithms || !count || - maxCount < ss->ssl3.signatureAlgorithmCount) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - requiredSpace = - ss->ssl3.signatureAlgorithmCount * sizeof(SSLSignatureAndHashAlg); - PORT_Memcpy(algorithms, ss->ssl3.signatureAlgorithms, requiredSpace); - *count = ss->ssl3.signatureAlgorithmCount; - return SECSuccess; -} - -unsigned int -SSL_SignatureMaxCount() { - return MAX_SIGNATURE_ALGORITHMS; -} - /* copy global default policy into socket. */ void ssl3_InitSocketPolicy(sslSocket *ss) { PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites); - PORT_Memcpy(ss->ssl3.signatureAlgorithms, defaultSignatureAlgorithms, - sizeof(defaultSignatureAlgorithms)); - ss->ssl3.signatureAlgorithmCount = PR_ARRAY_SIZE(defaultSignatureAlgorithms); } /* ssl3_config_match_init must have already been called by diff --git a/security/nss/lib/ssl/ssl3ecc.c b/security/nss/lib/ssl/ssl3ecc.c index 94008a012b2..aca2b74d46a 100644 --- a/security/nss/lib/ssl/ssl3ecc.c +++ b/security/nss/lib/ssl/ssl3ecc.c @@ -208,7 +208,7 @@ params2ecName(SECKEYECParams * params) /* Caller must set hiLevel error code. */ static SECStatus -ssl3_ComputeECDHKeyHash(SSLHashType hashAlg, +ssl3_ComputeECDHKeyHash(SECOidTag hashAlg, SECItem ec_params, SECItem server_ecpoint, SSL3Random *client_rand, SSL3Random *server_rand, SSL3Hashes *hashes, PRBool bypassPKCS11) @@ -297,7 +297,7 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) pubKey->u.ec.publicValue.len)); if (isTLS12) { - target = CKM_TLS12_MASTER_KEY_DERIVE_DH; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { @@ -319,6 +319,14 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) SECKEY_DestroyPrivateKey(privKey); privKey = NULL; + rv = ssl3_InitPendingCipherSpec(ss, pms); + PK11_FreeSymKey(pms); pms = NULL; + + if (rv != SECSuccess) { + ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); + goto loser; + } + rv = ssl3_AppendHandshakeHeader(ss, client_key_exchange, pubKey->u.ec.publicValue.len + 1); if (rv != SECSuccess) { @@ -335,14 +343,6 @@ ssl3_SendECDHClientKeyExchange(sslSocket * ss, SECKEYPublicKey * svrPubKey) goto loser; /* err set by ssl3_AppendHandshake* */ } - rv = ssl3_InitPendingCipherSpec(ss, pms); - PK11_FreeSymKey(pms); pms = NULL; - - if (rv != SECSuccess) { - ssl_MapLowLevelError(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE); - goto loser; - } - rv = SECSuccess; loser: @@ -388,7 +388,7 @@ ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); if (isTLS12) { - target = CKM_TLS12_MASTER_KEY_DERIVE_DH; + target = CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256; } else if (isTLS) { target = CKM_TLS_MASTER_KEY_DERIVE_DH; } else { @@ -609,9 +609,9 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) SECItem ec_params = {siBuffer, NULL, 0}; SECItem ec_point = {siBuffer, NULL, 0}; unsigned char paramBuf[3]; /* only for curve_type == named_curve */ - SSLSignatureAndHashAlg sigAndHash; + SSL3SignatureAndHashAlgorithm sigAndHash; - sigAndHash.hashAlg = ssl_hash_none; + sigAndHash.hashAlg = SEC_OID_UNKNOWN; isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0); isTLS12 = (PRBool)(ss->ssl3.prSpec->version >= SSL_LIBRARY_VERSION_TLS_1_2); @@ -653,7 +653,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto loser; /* malformed or unsupported. */ } rv = ssl3_CheckSignatureAndHashAlgorithmConsistency( - ss, &sigAndHash, ss->sec.peerCert); + &sigAndHash, ss->sec.peerCert); if (rv != SECSuccess) { goto loser; } @@ -704,7 +704,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto no_memory; } - peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); + ss->sec.peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { goto no_memory; } @@ -725,6 +725,7 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) /* copy publicValue in peerKey */ if (SECITEM_CopyItem(arena, &peerKey->u.ec.publicValue, &ec_point)) { + PORT_FreeArena(arena, PR_FALSE); goto no_memory; } peerKey->pkcs11Slot = NULL; @@ -738,16 +739,10 @@ ssl3_HandleECDHServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) alert_loser: (void)SSL3_SendAlert(ss, alert_fatal, desc); loser: - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } PORT_SetError( errCode ); return SECFailure; no_memory: /* no-memory error has already been set. */ - if (arena) { - PORT_FreeArena(arena, PR_FALSE); - } ssl_MapLowLevelError(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE); return SECFailure; } @@ -755,7 +750,7 @@ no_memory: /* no-memory error has already been set. */ SECStatus ssl3_SendECDHServerKeyExchange( sslSocket *ss, - const SSLSignatureAndHashAlg *sigAndHash) + const SSL3SignatureAndHashAlgorithm *sigAndHash) { const ssl3KEADef * kea_def = ss->ssl3.hs.kea_def; SECStatus rv = SECFailure; @@ -972,7 +967,9 @@ ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) if (!suite) suite = ecSuites; for (; *suite; ++suite) { - PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); + SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); + + PORT_Assert(rv == SECSuccess); /* else is coding error */ } return SECSuccess; } @@ -1131,10 +1128,7 @@ ssl3_SendSupportedCurvesXtn( ecList = tlsECList; } - if (maxBytes < (PRUint32)ecListSize) { - return 0; - } - if (append) { + if (append && maxBytes >= ecListSize) { SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); if (rv != SECSuccess) return -1; diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c index bf70cc4c26a..9691e19c73f 100644 --- a/security/nss/lib/ssl/ssl3ext.c +++ b/security/nss/lib/ssl/ssl3ext.c @@ -91,12 +91,6 @@ static PRInt32 ssl3_ClientSendDraftVersionXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes); static SECStatus ssl3_ServerHandleDraftVersionXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data); -static PRInt32 ssl3_SendExtendedMasterSecretXtn(sslSocket *ss, PRBool append, - PRUint32 maxBytes); -static SECStatus ssl3_HandleExtendedMasterSecretXtn(sslSocket *ss, - PRUint16 ex_type, - SECItem *data); - /* * Write bytes. Using this function means the SECItem structure @@ -262,7 +256,6 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = { { ssl_cert_status_xtn, &ssl3_ServerHandleStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ServerHandleSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ServerHandleDraftVersionXtn }, - { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn }, { -1, NULL } }; @@ -277,7 +270,6 @@ static const ssl3HelloExtensionHandler serverHelloHandlersTLS[] = { { ssl_app_layer_protocol_xtn, &ssl3_ClientHandleAppProtoXtn }, { ssl_use_srtp_xtn, &ssl3_ClientHandleUseSRTPXtn }, { ssl_cert_status_xtn, &ssl3_ClientHandleStatusRequestXtn }, - { ssl_extended_master_secret_xtn, &ssl3_HandleExtendedMasterSecretXtn }, { -1, NULL } }; @@ -307,7 +299,6 @@ ssl3HelloExtensionSender clientHelloSendersTLS[SSL_MAX_EXTENSIONS] = { { ssl_cert_status_xtn, &ssl3_ClientSendStatusRequestXtn }, { ssl_signature_algorithms_xtn, &ssl3_ClientSendSigAlgsXtn }, { ssl_tls13_draft_version_xtn, &ssl3_ClientSendDraftVersionXtn }, - { ssl_extended_master_secret_xtn, &ssl3_SendExtendedMasterSecretXtn}, /* any extra entries will appear as { 0, NULL } */ }; @@ -320,7 +311,7 @@ ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { static PRBool arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) { - unsigned int i; + int i; for (i = 0; i < len; i++) { if (ex_type == array[i]) return PR_TRUE; @@ -452,12 +443,15 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } listCount += 1; } + if (!listCount) { + return SECFailure; /* nothing we can act on */ + } names = PORT_ZNewArray(SECItem, listCount); if (!names) { return SECFailure; } for (i = 0;i < listCount;i++) { - unsigned int j; + int j; PRInt32 type; SECStatus rv; PRBool nametypePresent = PR_FALSE; @@ -545,11 +539,7 @@ ssl3_SendSessionTicketXtn( } } - if (maxBytes < (PRUint32)extension_length) { - PORT_Assert(0); - return 0; - } - if (append) { + if (append && maxBytes >= extension_length) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); @@ -572,6 +562,9 @@ ssl3_SendSessionTicketXtn( xtnData->advertised[xtnData->numAdvertised++] = ssl_session_ticket_xtn; } + } else if (maxBytes < extension_length) { + PORT_Assert(0); + return 0; } return extension_length; @@ -638,11 +631,6 @@ ssl3_SelectAppProtocol(sslSocket *ss, PRUint16 ex_type, SECItem *data) } PORT_Assert(ss->nextProtoCallback); - /* For ALPN, the cipher suite isn't selected yet. Note that extensions - * sometimes affect what cipher suite is selected, e.g., for ECC. */ - PORT_Assert((ss->ssl3.hs.preliminaryInfo & - ssl_preinfo_all & ~ssl_preinfo_cipher_suite) == - (ssl_preinfo_all & ~ssl_preinfo_cipher_suite)); rv = ss->nextProtoCallback(ss->nextProtoArg, ss->fd, data->data, data->len, result.data, &result.len, sizeof(resultBuffer)); if (rv != SECSuccess) { @@ -811,10 +799,7 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, extension_length = 4; - if (maxBytes < (PRUint32)extension_length) { - return 0; - } - if (append) { + if (append && maxBytes >= extension_length) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); if (rv != SECSuccess) @@ -824,6 +809,8 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_next_proto_nego_xtn; + } else if (maxBytes < extension_length) { + return 0; } return extension_length; @@ -847,10 +834,7 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list length */ + ss->opt.nextProtoNego.len; - if (maxBytes < (PRUint32)extension_length) { - return 0; - } - if (append) { + if (append && maxBytes >= extension_length) { /* NPN requires that the client's fallback protocol is first in the * list. However, ALPN sends protocols in preference order. So we * allocate a buffer and move the first protocol to the end of the @@ -890,6 +874,8 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_app_layer_protocol_xtn; + } else if (maxBytes < extension_length) { + return 0; } return extension_length; @@ -917,10 +903,7 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list */ + 1 /* name length */ + ss->ssl3.nextProto.len; - if (maxBytes < (PRUint32)extension_length) { - return 0; - } - if (append) { + if (append && maxBytes >= extension_length) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); if (rv != SECSuccess) { @@ -939,6 +922,8 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) if (rv != SECSuccess) { return -1; } + } else if (maxBytes < extension_length) { + return 0; } return extension_length; @@ -985,10 +970,7 @@ ssl3_ServerSendStatusRequestXtn( return 0; extension_length = 2 + 2; - if (maxBytes < (PRUint32)extension_length) { - return 0; - } - if (append) { + if (append && maxBytes >= extension_length) { /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); if (rv != SECSuccess) @@ -1021,11 +1003,7 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, */ extension_length = 9; - if (maxBytes < (PRUint32)extension_length) { - PORT_Assert(0); - return 0; - } - if (append) { + if (append && maxBytes >= extension_length) { SECStatus rv; TLSExtensionData *xtnData; @@ -1053,6 +1031,9 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn; + } else if (maxBytes < extension_length) { + PORT_Assert(0); + return 0; } return extension_length; } @@ -1064,7 +1045,7 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, SECStatus ssl3_SendNewSessionTicket(sslSocket *ss) { - PRUint32 i; + int i; SECStatus rv; NewSessionTicket ticket; SECItem plaintext; @@ -1096,7 +1077,7 @@ ssl3_SendNewSessionTicket(sslSocket *ss) CK_MECHANISM_TYPE cipherMech = CKM_AES_CBC; PK11Context *aes_ctx_pkcs11; CK_MECHANISM_TYPE macMech = CKM_SHA256_HMAC; - PK11Context *hmac_ctx_pkcs11 = NULL; + PK11Context *hmac_ctx_pkcs11; unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; unsigned int computed_mac_length; unsigned char iv[AES_BLOCK_SIZE]; @@ -1188,7 +1169,6 @@ ssl3_SendNewSessionTicket(sslSocket *ss) + cert_length /* cert */ + 1 /* server name type */ + srvNameLen /* name len + length field */ - + 1 /* extendedMasterSecretUsed */ + sizeof(ticket.ticket_lifetime_hint); padding_length = AES_BLOCK_SIZE - (ciphertext_length % AES_BLOCK_SIZE); @@ -1287,11 +1267,6 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; } - /* extendedMasterSecretUsed */ - rv = ssl3_AppendNumberToItem( - &plaintext, ss->sec.ci.sid->u.ssl3.keys.extendedMasterSecretUsed, 1); - if (rv != SECSuccess) goto loser; - PORT_Assert(plaintext.len == padding_length); for (i = 0; i < padding_length; i++) plaintext.data[i] = (unsigned char)padding_length; @@ -1361,18 +1336,14 @@ ssl3_SendNewSessionTicket(sslSocket *ss) goto loser; rv = PK11_DigestBegin(hmac_ctx_pkcs11); - if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, key_name, SESS_TICKET_KEY_NAME_LEN); - if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, iv, sizeof(iv)); - if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, (unsigned char *)length_buf, 2); - if (rv != SECSuccess) goto loser; rv = PK11_DigestOp(hmac_ctx_pkcs11, ciphertext.data, ciphertext.len); - if (rv != SECSuccess) goto loser; rv = PK11_DigestFinal(hmac_ctx_pkcs11, computed_mac, &computed_mac_length, sizeof(computed_mac)); + PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); if (rv != SECSuccess) goto loser; } @@ -1401,8 +1372,6 @@ ssl3_SendNewSessionTicket(sslSocket *ss) if (rv != SECSuccess) goto loser; loser: - if (hmac_ctx_pkcs11) - PK11_DestroyContext(hmac_ctx_pkcs11, PR_TRUE); if (plaintext_item.data) SECITEM_FreeItem(&plaintext_item, PR_FALSE); if (ciphertext.data) @@ -1452,7 +1421,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, if (data->len == 0) { ss->xtnData.emptySessionTicket = PR_TRUE; } else { - PRUint32 i; + int i; SECItem extension_data; EncryptedSessionTicket enc_session_ticket; unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; @@ -1655,10 +1624,9 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, goto loser; } - /* Read ticket_version and reject if the version is wrong */ + /* Read ticket_version (which is ignored for now.) */ temp = ssl3_ConsumeHandshakeNumber(ss, 2, &buffer, &buffer_len); - if (temp != TLS_EX_SESS_TICKET_VERSION) goto no_ticket; - + if (temp < 0) goto no_ticket; parsed_session_ticket->ticket_version = (SSL3ProtocolVersion)temp; /* Read SSLVersion. */ @@ -1759,13 +1727,6 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->srvName.type = nameType; } - /* Read extendedMasterSecretUsed */ - temp = ssl3_ConsumeHandshakeNumber(ss, 1, &buffer, &buffer_len); - if (temp < 0) - goto no_ticket; - PORT_Assert(temp == PR_TRUE || temp == PR_FALSE); - parsed_session_ticket->extendedMasterSecretUsed = (PRBool)temp; - /* Done parsing. Check that all bytes have been consumed. */ if (buffer_len != padding_length) goto no_ticket; @@ -1812,8 +1773,6 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, parsed_session_ticket->ms_is_wrapped; sid->u.ssl3.masterValid = PR_TRUE; sid->u.ssl3.keys.resumable = PR_TRUE; - sid->u.ssl3.keys.extendedMasterSecretUsed = parsed_session_ticket-> - extendedMasterSecretUsed; /* Copy over client cert from session ticket if there is one. */ if (parsed_session_ticket->peer_cert.data != NULL) { @@ -2052,10 +2011,7 @@ ssl3_SendRenegotiationInfoXtn( (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 : ss->ssl3.hs.finishedBytes); needed = 5 + len; - if (maxBytes < (PRUint32)needed) { - return 0; - } - if (append) { + if (append && maxBytes >= needed) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); @@ -2344,7 +2300,7 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) SECStatus rv; SECItem algorithms; const unsigned char *b; - unsigned int numAlgorithms, i; + unsigned int numAlgorithms, i, j; /* Ignore this extension if we aren't doing TLS 1.2 or greater. */ if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { @@ -2371,7 +2327,7 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) } ss->ssl3.hs.clientSigAndHash = - PORT_NewArray(SSLSignatureAndHashAlg, numAlgorithms); + PORT_NewArray(SSL3SignatureAndHashAlgorithm, numAlgorithms); if (!ss->ssl3.hs.clientSigAndHash) { (void)SSL3_SendAlert(ss, alert_fatal, internal_error); PORT_SetError(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO); @@ -2380,15 +2336,21 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) ss->ssl3.hs.numClientSigAndHash = 0; b = algorithms.data; - ss->ssl3.hs.numClientSigAndHash = 0; - for (i = 0; i < numAlgorithms; i++) { - SSLSignatureAndHashAlg *sigAndHash = - &ss->ssl3.hs.clientSigAndHash[ss->ssl3.hs.numClientSigAndHash]; - sigAndHash->hashAlg = (SSLHashType)*(b++); - sigAndHash->sigAlg = (SSLSignType)*(b++); - if (ssl3_IsSupportedSignatureAlgorithm(sigAndHash)) { - ++ss->ssl3.hs.numClientSigAndHash; + for (i = j = 0; i < numAlgorithms; i++) { + unsigned char tls_hash = *(b++); + unsigned char tls_sig = *(b++); + SECOidTag hash = ssl3_TLSHashAlgorithmToOID(tls_hash); + + if (hash == SEC_OID_UNKNOWN) { + /* We ignore formats that we don't understand. */ + continue; } + /* tls_sig support will be checked later in + * ssl3_PickSignatureHashAlgorithm. */ + ss->ssl3.hs.clientSigAndHash[j].hashAlg = hash; + ss->ssl3.hs.clientSigAndHash[j].sigAlg = tls_sig; + ++j; + ++ss->ssl3.hs.numClientSigAndHash; } if (!ss->ssl3.hs.numClientSigAndHash) { @@ -2406,11 +2368,26 @@ ssl3_ServerHandleSigAlgsXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) /* ssl3_ClientSendSigAlgsXtn sends the signature_algorithm extension for TLS * 1.2 ClientHellos. */ static PRInt32 -ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) +ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) { + static const unsigned char signatureAlgorithms[] = { + /* This block is the contents of our signature_algorithms extension, in + * wire format. See + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ + tls_hash_sha256, tls_sig_rsa, + tls_hash_sha384, tls_sig_rsa, + tls_hash_sha512, tls_sig_rsa, + tls_hash_sha1, tls_sig_rsa, +#ifndef NSS_DISABLE_ECC + tls_hash_sha256, tls_sig_ecdsa, + tls_hash_sha384, tls_sig_ecdsa, + tls_hash_sha512, tls_sig_ecdsa, + tls_hash_sha1, tls_sig_ecdsa, +#endif + tls_hash_sha256, tls_sig_dsa, + tls_hash_sha1, tls_sig_dsa, + }; PRInt32 extension_length; - unsigned int i; - PRUint8 buf[MAX_SIGNATURE_ALGORITHMS * 2]; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_2) { return 0; @@ -2420,38 +2397,31 @@ ssl3_ClientSendSigAlgsXtn(sslSocket *ss, PRBool append, PRUint32 maxBytes) 2 /* extension type */ + 2 /* extension length */ + 2 /* supported_signature_algorithms length */ + - ss->ssl3.signatureAlgorithmCount * 2; + sizeof(signatureAlgorithms); - if (maxBytes < extension_length) { + if (append && maxBytes >= extension_length) { + SECStatus rv; + rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); + if (rv != SECSuccess) + goto loser; + rv = ssl3_AppendHandshakeVariable(ss, signatureAlgorithms, + sizeof(signatureAlgorithms), 2); + if (rv != SECSuccess) + goto loser; + ss->xtnData.advertised[ss->xtnData.numAdvertised++] = + ssl_signature_algorithms_xtn; + } else if (maxBytes < extension_length) { PORT_Assert(0); return 0; } - if (append) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); - if (rv != SECSuccess) { - return -1; - } - rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2); - if (rv != SECSuccess) { - return -1; - } - - for (i = 0; i < ss->ssl3.signatureAlgorithmCount; ++i) { - buf[i * 2] = ss->ssl3.signatureAlgorithms[i].hashAlg; - buf[i * 2 + 1] = ss->ssl3.signatureAlgorithms[i].sigAlg; - } - rv = ssl3_AppendHandshakeVariable(ss, buf, extension_length - 6, 2); - if (rv != SECSuccess) { - return -1; - } - - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_signature_algorithms_xtn; - } - return extension_length; + +loser: + return -1; } unsigned int @@ -2519,11 +2489,7 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } extension_length = 6; /* Type + length + number */ - if (maxBytes < (PRUint32)extension_length) { - PORT_Assert(0); - return 0; - } - if (append) { + if (append && maxBytes >= extension_length) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2); if (rv != SECSuccess) @@ -2536,6 +2502,9 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_tls13_draft_version_xtn; + } else if (maxBytes < extension_length) { + PORT_Assert(0); + return 0; } return extension_length; @@ -2587,90 +2556,3 @@ ssl3_ServerHandleDraftVersionXtn(sslSocket * ss, PRUint16 ex_type, return SECSuccess; } - -static PRInt32 -ssl3_SendExtendedMasterSecretXtn(sslSocket * ss, PRBool append, - PRUint32 maxBytes) -{ - PRInt32 extension_length; - - if (!ss->opt.enableExtendedMS) { - return 0; - } - -#ifndef NO_PKCS11_BYPASS - /* Extended MS can only be used w/o bypass mode */ - if (ss->opt.bypassPKCS11) { - PORT_Assert(0); - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); - return -1; - } -#endif - - /* Always send the extension in this function, since the - * client always sends it and this function is only called on - * the server if we negotiated the extension. */ - extension_length = 4; /* Type + length (0) */ - if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; - } - - if (append) { - SECStatus rv; - rv = ssl3_AppendHandshakeNumber(ss, ssl_extended_master_secret_xtn, 2); - if (rv != SECSuccess) - goto loser; - rv = ssl3_AppendHandshakeNumber(ss, 0, 2); - if (rv != SECSuccess) - goto loser; - ss->xtnData.advertised[ss->xtnData.numAdvertised++] = - ssl_extended_master_secret_xtn; - } - - return extension_length; - -loser: - return -1; -} - - -static SECStatus -ssl3_HandleExtendedMasterSecretXtn(sslSocket * ss, PRUint16 ex_type, - SECItem *data) -{ - if (ss->version < SSL_LIBRARY_VERSION_TLS_1_0) { - return SECSuccess; - } - - if (!ss->opt.enableExtendedMS) { - return SECSuccess; - } - -#ifndef NO_PKCS11_BYPASS - /* Extended MS can only be used w/o bypass mode */ - if (ss->opt.bypassPKCS11) { - PORT_Assert(0); - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); - return SECFailure; - } -#endif - - if (data->len != 0) { - SSL_TRC(30, ("%d: SSL3[%d]: Bogus extended master secret extension", - SSL_GETPID(), ss->fd)); - return SECFailure; - } - - SSL_DBG(("%d: SSL[%d]: Negotiated extended master secret extension.", - SSL_GETPID(), ss->fd)); - - /* Keep track of negotiated extensions. */ - ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; - - if (ss->sec.isServer) { - return ssl3_RegisterServerHelloExtensionSender( - ss, ex_type, ssl3_SendExtendedMasterSecretXtn); - } - return SECSuccess; -} diff --git a/security/nss/lib/ssl/ssl3gthr.c b/security/nss/lib/ssl/ssl3gthr.c index 23b9755b600..cd487c6670a 100644 --- a/security/nss/lib/ssl/ssl3gthr.c +++ b/security/nss/lib/ssl/ssl3gthr.c @@ -71,8 +71,8 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) break; } - PORT_Assert( (unsigned int)nb <= gs->remainder ); - if ((unsigned int)nb > gs->remainder) { + PORT_Assert( nb <= gs->remainder ); + if (nb > gs->remainder) { /* ssl_DefRecv is misbehaving! this error is fatal to SSL. */ gs->state = GS_INIT; /* so we don't crash next time */ rv = SECFailure; diff --git a/security/nss/lib/ssl/ssl3prot.h b/security/nss/lib/ssl/ssl3prot.h index a93bef126b7..485d7dd3829 100644 --- a/security/nss/lib/ssl/ssl3prot.h +++ b/security/nss/lib/ssl/ssl3prot.h @@ -217,6 +217,32 @@ typedef struct { } u; } SSL3ServerParams; +/* This enum reflects HashAlgorithm enum from + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + * + * When updating, be sure to also update ssl3_TLSHashAlgorithmToOID. */ +enum { + tls_hash_md5 = 1, + tls_hash_sha1 = 2, + tls_hash_sha224 = 3, + tls_hash_sha256 = 4, + tls_hash_sha384 = 5, + tls_hash_sha512 = 6 +}; + +/* This enum reflects SignatureAlgorithm enum from + * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ +typedef enum { + tls_sig_rsa = 1, + tls_sig_dsa = 2, + tls_sig_ecdsa = 3 +} TLSSignatureAlgorithm; + +typedef struct { + SECOidTag hashAlg; + TLSSignatureAlgorithm sigAlg; +} SSL3SignatureAndHashAlgorithm; + /* SSL3HashesIndividually contains a combination MD5/SHA1 hash, as used in TLS * prior to 1.2. */ typedef struct { @@ -225,11 +251,11 @@ typedef struct { } SSL3HashesIndividually; /* SSL3Hashes contains an SSL hash value. The digest is contained in |u.raw| - * which, if |hashAlg==ssl_hash_none| is also a SSL3HashesIndividually + * which, if |hashAlg==SEC_OID_UNKNOWN| is also a SSL3HashesIndividually * struct. */ typedef struct { unsigned int len; - SSLHashType hashAlg; + SECOidTag hashAlg; union { PRUint8 raw[64]; SSL3HashesIndividually s; diff --git a/security/nss/lib/ssl/sslauth.c b/security/nss/lib/ssl/sslauth.c index b144336db76..ed74d94c630 100644 --- a/security/nss/lib/ssl/sslauth.c +++ b/security/nss/lib/ssl/sslauth.c @@ -264,7 +264,8 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer) &certStatusArray->items[0], ss->pkcs11PinArg) != SECSuccess) { - PORT_Assert(PR_GetError() != 0); + PRErrorCode error = PR_GetError(); + PORT_Assert(error != 0); } } diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index ccd00260ec2..24e4d673f29 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -22,6 +22,20 @@ static PRBool policyWasSet; +/* This ordered list is indexed by (SSL_CK_xx * 3) */ +/* Second and third bytes are MSB and LSB of master key length. */ +static const PRUint8 allCipherSuites[] = { + 0, 0, 0, + SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, + SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80, + SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, + SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80, + SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80, + SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40, + SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0, + 0, 0, 0 +}; + #define ssl2_NUM_SUITES_IMPLEMENTED 6 /* This list is sent back to the client when the client-hello message @@ -837,7 +851,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) { PRUint8 * out; int rv; - unsigned int amount; + int amount; int count = 0; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -913,7 +927,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; PRUint8 macLen; int nout; - unsigned int buflen; + int buflen; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1017,7 +1031,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; /* of plaintext to go in record. */ unsigned int padding; /* add this many padding byte. */ int nout; /* ciphertext size after header. */ - unsigned int buflen; /* size of generated record. */ + int buflen; /* size of generated record. */ PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1541,7 +1555,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, unsigned int ddLen; /* length of RSA decrypted data in kbuf */ unsigned int keySize; unsigned int dkLen; /* decrypted key length in bytes */ - int modulusLen; + int modulusLen; SECStatus rv; PRUint16 allowed; /* cipher kinds enabled and allowed by policy */ PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES]; @@ -1603,11 +1617,11 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, } modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY); - if (modulusLen < 0) { + if (modulusLen == -1) { /* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */ modulusLen = ekLen; } - if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) { + if (ekLen > modulusLen || ekLen + ckLen < keySize) { SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!", SSL_GETPID(), ss->fd, ekLen)); PORT_SetError(SSL_ERROR_BAD_CLIENT); @@ -2481,6 +2495,7 @@ ssl2_HandleMessage(sslSocket *ss) PRUint8 * cid; unsigned len, certType, certLen, responseLen; int rv; + int rv2; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -2598,7 +2613,7 @@ ssl2_HandleMessage(sslSocket *ss) data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen, responseLen); if (rv) { - (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); + rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); SET_ERROR_CODE goto loser; } @@ -2726,7 +2741,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) PRUint8 * cs; PRUint8 * data; SECStatus rv; - unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err; + int needed, sidHit, certLen, csLen, cidLen, certType, err; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -3659,9 +3674,6 @@ extern const char __nss_ssl_version[]; PRBool NSSSSL_VersionCheck(const char *importedVersion) { -#define NSS_VERSION_VARIABLE __nss_ssl_version -#include "verref.h" - /* * This is the secret handshake algorithm. * @@ -3671,6 +3683,9 @@ NSSSSL_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ + volatile char c; /* force a reference that won't get optimized away */ + + c = __nss_ssl_version[0]; return NSS_VersionCheck(importedVersion); } diff --git a/security/nss/lib/ssl/sslerr.h b/security/nss/lib/ssl/sslerr.h index 192a10758e8..5a8d6743e38 100644 --- a/security/nss/lib/ssl/sslerr.h +++ b/security/nss/lib/ssl/sslerr.h @@ -200,14 +200,6 @@ SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT = (SSL_ERROR_BASE + 131), SSL_ERROR_WEAK_SERVER_CERT_KEY = (SSL_ERROR_BASE + 132), -SSL_ERROR_RX_SHORT_DTLS_READ = (SSL_ERROR_BASE + 133), - -SSL_ERROR_NO_SUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 134), -SSL_ERROR_UNSUPPORTED_SIGNATURE_ALGORITHM = (SSL_ERROR_BASE + 135), - -SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 136), -SSL_ERROR_UNEXPECTED_EXTENDED_MASTER_SECRET = (SSL_ERROR_BASE + 137), - SSL_ERROR_END_OF_LIST /* let the c compiler determine the value of this. */ } SSLErrorCodes; #endif /* NO_SECURITY_ERROR_ENUM */ diff --git a/security/nss/lib/ssl/sslimpl.h b/security/nss/lib/ssl/sslimpl.h index d3156e311ff..47aa543d6b6 100644 --- a/security/nss/lib/ssl/sslimpl.h +++ b/security/nss/lib/ssl/sslimpl.h @@ -1,4 +1,3 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file is PRIVATE to SSL and should be the first thing included by * any SSL implementation file. @@ -154,6 +153,15 @@ typedef enum { SSLAppOpRead = 0, #define EXPORT_RSA_KEY_LENGTH 64 /* bytes */ +/* The minimum server key sizes accepted by the clients. + * Not 1024 to be conservative. */ +#define SSL_RSA_MIN_MODULUS_BITS 1023 +/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be + * only 1023 bits and similar. We don't have good data on whether this + * happens because NSS used to count bit lengths incorrectly. */ +#define SSL_DH_MIN_P_BITS 1023 +#define SSL_DSA_MIN_P_BITS 1023 + #define INITIAL_DTLS_TIMEOUT_MS 1000 /* Default value from RFC 4347 = 1s*/ #define MAX_DTLS_TIMEOUT_MS 60000 /* 1 minute */ #define DTLS_FINISHED_TIMER_MS 120000 /* Time to wait in FINISHED state */ @@ -298,12 +306,6 @@ typedef struct { #define MAX_DTLS_SRTP_CIPHER_SUITES 4 -/* MAX_SIGNATURE_ALGORITHMS allows for a large number of combinations of - * SSLSignType and SSLHashType, but not all combinations (specifically, this - * doesn't allow space for combinations with MD5). */ -#define MAX_SIGNATURE_ALGORITHMS 15 - - typedef struct sslOptionsStr { /* If SSL_SetNextProtoNego has been called, then this contains the * list of supported protocols. */ @@ -337,7 +339,6 @@ typedef struct sslOptionsStr { unsigned int reuseServerECDHEKey : 1; /* 28 */ unsigned int enableFallbackSCSV : 1; /* 29 */ unsigned int enableServerDhe : 1; /* 30 */ - unsigned int enableExtendedMS : 1; /* 31 */ } sslOptions; typedef enum { sslHandshakingUndetermined = 0, @@ -510,7 +511,6 @@ typedef struct { PRUint16 wrapped_master_secret_len; PRUint8 msIsWrapped; PRUint8 resumable; - PRUint8 extendedMasterSecretUsed; } ssl3SidKeys; /* 52 bytes */ typedef struct { @@ -740,7 +740,7 @@ typedef struct { * is_limited identifies a suite as having a limit on the key size. * key_size_limit provides the corresponding limit. */ PRBool is_limited; - unsigned int key_size_limit; + int key_size_limit; PRBool tls_keygen; /* True if the key exchange for the suite is ephemeral. Or to be more * precise: true if the ServerKeyExchange message is always required. */ @@ -917,14 +917,12 @@ const ssl3CipherSuiteDef *suite_def; PRBool cacheSID; PRBool canFalseStart; /* Can/did we False Start */ - /* Which preliminaryinfo values have been set. */ - PRUint32 preliminaryInfo; /* clientSigAndHash contains the contents of the signature_algorithms * extension (if any) from the client. This is only valid for TLS 1.2 * or later. */ - SSLSignatureAndHashAlg *clientSigAndHash; - unsigned int numClientSigAndHash; + SSL3SignatureAndHashAlgorithm *clientSigAndHash; + unsigned int numClientSigAndHash; /* This group of values is used for DTLS */ PRUint16 sendMessageSeq; /* The sending message sequence @@ -1004,14 +1002,9 @@ struct ssl3StateStr { PRUint16 numDHEGroups; /* used by server */ SSLDHEGroupType * dheGroups; /* used by server */ PRBool dheWeakGroupEnabled; /* used by server */ - - /* TLS 1.2 introduces separate signature algorithm negotiation. - * This is our preference order. */ - SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS]; - unsigned int signatureAlgorithmCount; }; -#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the +#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the * headers, so slightly larger than expected */ #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) @@ -1063,7 +1056,6 @@ typedef struct SessionTicketStr { CK_MECHANISM_TYPE msWrapMech; PRUint16 ms_length; SSL3Opaque master_secret[48]; - PRBool extendedMasterSecretUsed; ClientIdentity client_identity; SECItem peer_cert; PRUint32 timestamp; @@ -1589,7 +1581,7 @@ extern PRBool ssl3_VersionIsSupported(SSLProtocolVariant protocolVariant, extern SECStatus ssl3_KeyAndMacDeriveBypass(ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, PRBool isTLS, PRBool isExport); -extern SECStatus ssl3_MasterSecretDeriveBypass( ssl3CipherSpec * pwSpec, +extern SECStatus ssl3_MasterKeyDeriveBypass( ssl3CipherSpec * pwSpec, const unsigned char * cr, const unsigned char * sr, const SECItem * pms, PRBool isTLS, PRBool isRSA); @@ -1739,11 +1731,11 @@ extern SECStatus ssl3_HandleECDHClientKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length, SECKEYPublicKey *srvrPubKey, SECKEYPrivateKey *srvrPrivKey); -extern SECStatus ssl3_SendECDHServerKeyExchange( - sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash); +extern SECStatus ssl3_SendECDHServerKeyExchange(sslSocket *ss, + const SSL3SignatureAndHashAlgorithm *sigAndHash); #endif -extern SECStatus ssl3_ComputeCommonKeyHash(SSLHashType hashAlg, +extern SECStatus ssl3_ComputeCommonKeyHash(SECOidTag hashAlg, PRUint8 * hashBuf, unsigned int bufLen, SSL3Hashes *hashes, PRBool bypassPKCS11); @@ -1757,22 +1749,21 @@ extern SECStatus ssl3_AppendHandshakeNumber(sslSocket *ss, PRInt32 num, PRInt32 lenSize); extern SECStatus ssl3_AppendHandshakeVariable( sslSocket *ss, const SSL3Opaque *src, PRInt32 bytes, PRInt32 lenSize); -extern SECStatus ssl3_AppendSignatureAndHashAlgorithm( - sslSocket *ss, const SSLSignatureAndHashAlg* sigAndHash); +extern SECStatus ssl3_AppendSignatureAndHashAlgorithm(sslSocket *ss, + const SSL3SignatureAndHashAlgorithm* sigAndHash); extern SECStatus ssl3_ConsumeHandshake(sslSocket *ss, void *v, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); extern PRInt32 ssl3_ConsumeHandshakeNumber(sslSocket *ss, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); extern SECStatus ssl3_ConsumeHandshakeVariable(sslSocket *ss, SECItem *i, PRInt32 bytes, SSL3Opaque **b, PRUint32 *length); -extern PRBool ssl3_IsSupportedSignatureAlgorithm( - const SSLSignatureAndHashAlg *alg); +extern SECOidTag ssl3_TLSHashAlgorithmToOID(int hashFunc); extern SECStatus ssl3_CheckSignatureAndHashAlgorithmConsistency( - sslSocket *ss, const SSLSignatureAndHashAlg *sigAndHash, - CERTCertificate* cert); -extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm( - sslSocket *ss, SSL3Opaque **b, PRUint32 *length, - SSLSignatureAndHashAlg *out); + const SSL3SignatureAndHashAlgorithm *sigAndHash, + CERTCertificate* cert); +extern SECStatus ssl3_ConsumeSignatureAndHashAlgorithm(sslSocket *ss, + SSL3Opaque **b, PRUint32 *length, + SSL3SignatureAndHashAlgorithm *out); extern SECStatus ssl3_SignHashes(SSL3Hashes *hash, SECKEYPrivateKey *key, SECItem *buf, PRBool isTLS); extern SECStatus ssl3_VerifySignedHashes(SSL3Hashes *hash, @@ -1840,7 +1831,7 @@ extern PRBool ssl_GetSessionTicketKeysPKCS11(SECKEYPrivateKey *svrPrivKey, /* Tell clients to consider tickets valid for this long. */ #define TLS_EX_SESS_TICKET_LIFETIME_HINT (2 * 24 * 60 * 60) /* 2 days */ -#define TLS_EX_SESS_TICKET_VERSION (0x0101) +#define TLS_EX_SESS_TICKET_VERSION (0x0100) extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data, unsigned int length); diff --git a/security/nss/lib/ssl/sslinfo.c b/security/nss/lib/ssl/sslinfo.c index 216ab0fa040..3832756058f 100644 --- a/security/nss/lib/ssl/sslinfo.c +++ b/security/nss/lib/ssl/sslinfo.c @@ -67,8 +67,6 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) inf.creationTime = sid->creationTime; inf.lastAccessTime = sid->lastAccessTime; inf.expirationTime = sid->expirationTime; - inf.extendedMasterSecretUsed = sid->u.ssl3.keys.extendedMasterSecretUsed; - if (ss->version < SSL_LIBRARY_VERSION_3_0) { /* SSL2 */ inf.sessionIDLength = SSL2_SESSIONID_BYTES; memcpy(inf.sessionID, sid->u.ssl2.sessionID, @@ -87,42 +85,6 @@ SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info, PRUintn len) return SECSuccess; } -SECStatus -SSL_GetPreliminaryChannelInfo(PRFileDesc *fd, - SSLPreliminaryChannelInfo *info, - PRUintn len) -{ - sslSocket *ss; - SSLPreliminaryChannelInfo inf; - - if (!info || len < sizeof inf.length) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; - } - - ss = ssl_FindSocket(fd); - if (!ss) { - SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetPreliminaryChannelInfo", - SSL_GETPID(), fd)); - return SECFailure; - } - - if (ss->version < SSL_LIBRARY_VERSION_3_0) { - PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION); - return SECFailure; - } - - memset(&inf, 0, sizeof(inf)); - inf.length = PR_MIN(sizeof(inf), len); - - inf.valuesSet = ss->ssl3.hs.preliminaryInfo; - inf.protocolVersion = ss->version; - inf.cipherSuite = ss->ssl3.hs.cipher_suite; - - memcpy(info, &inf, inf.length); - return SECSuccess; -} - #define CS(x) x, #x #define CK(x) x | 0xff00, #x @@ -285,10 +247,12 @@ SSL_DisableDefaultExportCipherSuites(void) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; + SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE)); + rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); + PORT_Assert(rv == SECSuccess); } } return SECSuccess; @@ -304,10 +268,12 @@ SSL_DisableExportCipherSuites(PRFileDesc * fd) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; + SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE)); + rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); + PORT_Assert(rv == SECSuccess); } } return SECSuccess; diff --git a/security/nss/lib/ssl/sslmutex.c b/security/nss/lib/ssl/sslmutex.c index af683daf561..ff6368069df 100644 --- a/security/nss/lib/ssl/sslmutex.c +++ b/security/nss/lib/ssl/sslmutex.c @@ -504,7 +504,7 @@ sslMutex_Lock(sslMutex *pMutex) return SECSuccess; } -#elif defined(XP_UNIX) && !defined(DARWIN) +#elif defined(XP_UNIX) #include #include "unix_err.h" diff --git a/security/nss/lib/ssl/sslmutex.h b/security/nss/lib/ssl/sslmutex.h index d374a883b73..b784baf665b 100644 --- a/security/nss/lib/ssl/sslmutex.h +++ b/security/nss/lib/ssl/sslmutex.h @@ -67,8 +67,7 @@ typedef struct { } sslMutex; typedef pid_t sslPID; -/* other types of unix, except OS X */ -#elif defined(XP_UNIX) && !defined(DARWIN) +#elif defined(XP_UNIX) /* other types of Unix */ #include /* for pid_t */ #include /* for sem_t, and sem_* functions */ @@ -84,7 +83,7 @@ typedef struct typedef pid_t sslPID; -#else /* no support for cross-process locking */ +#else /* what platform is this ?? */ @@ -96,11 +95,7 @@ typedef struct { } u; } sslMutex; -#ifdef DARWIN -typedef pid_t sslPID; -#else typedef int sslPID; -#endif #endif diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index 53b48858605..14261132a54 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -138,9 +138,6 @@ ssl_FinishHandshake(sslSocket *ss) ss->gs.readOffset = 0; if (ss->handshakeCallback) { - PORT_Assert(ss->version < SSL_LIBRARY_VERSION_3_0 || - (ss->ssl3.hs.preliminaryInfo & ssl_preinfo_all) == - ssl_preinfo_all); (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); } } @@ -657,16 +654,6 @@ DoRecv(sslSocket *ss, unsigned char *out, int len, int flags) SSL_GETPID(), ss->fd, available)); } - if (IS_DTLS(ss) && (len < available)) { - /* DTLS does not allow you to do partial reads */ - SSL_TRC(30, ("%d: SSL[%d]: DTLS short read. len=%d available=%d", - SSL_GETPID(), ss->fd, len, available)); - ss->gs.readOffset += available; - PORT_SetError(SSL_ERROR_RX_SHORT_DTLS_READ); - rv = SECFailure; - goto done; - } - /* Dole out clear data to reader */ amount = PR_MIN(len, available); PORT_Memcpy(out, ss->gs.buf.buf + ss->gs.readOffset, amount); @@ -1196,8 +1183,11 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow) int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags) { + sslSecurityInfo *sec; int rv = 0; + sec = &ss->sec; + if (ss->shutdownHow & ssl_SHUTDOWN_RCV) { PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); return PR_FAILURE; diff --git a/security/nss/lib/ssl/sslsnce.c b/security/nss/lib/ssl/sslsnce.c index f31b2e9c2d7..4d9ef380cdb 100644 --- a/security/nss/lib/ssl/sslsnce.c +++ b/security/nss/lib/ssl/sslsnce.c @@ -120,14 +120,14 @@ struct sidCacheEntryStr { /* 2 */ ssl3CipherSuite cipherSuite; /* 2 */ PRUint16 compression; /* SSLCompressionMethod */ -/* 54 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ +/* 52 */ ssl3SidKeys keys; /* keys, wrapped as needed. */ /* 4 */ PRUint32 masterWrapMech; /* 4 */ SSL3KEAType exchKeyType; /* 4 */ PRInt32 certIndex; /* 4 */ PRInt32 srvNameIndex; /* 32 */ PRUint8 srvNameHash[SHA256_LENGTH]; /* SHA256 name hash */ -/*108 */} ssl3; +/*104 */} ssl3; /* force sizeof(sidCacheEntry) to be a multiple of cache line size */ struct { /*120 */ PRUint8 filler[120]; /* 72+120==192, a multiple of 16 */ @@ -507,6 +507,7 @@ ConvertFromSID(sidCacheEntry *to, sslSessionID *from) to->sessionIDLength = from->u.ssl3.sessionIDLength; to->u.ssl3.certIndex = -1; to->u.ssl3.srvNameIndex = -1; + PORT_Memcpy(to->sessionID, from->u.ssl3.sessionID, to->sessionIDLength); @@ -636,7 +637,7 @@ ConvertToSID(sidCacheEntry * from, to->authKeyBits = from->authKeyBits; to->keaType = from->keaType; to->keaKeyBits = from->keaKeyBits; - + return to; loser: @@ -1227,32 +1228,20 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, /* Fix pointers in our private copy of cache descriptor to point to ** spaces in shared memory */ - cache->sidCacheLocks = (sidCacheLock *) - (cache->cacheMem + (ptrdiff_t)cache->sidCacheLocks); - cache->keyCacheLock = (sidCacheLock *) - (cache->cacheMem + (ptrdiff_t)cache->keyCacheLock); - cache->certCacheLock = (sidCacheLock *) - (cache->cacheMem + (ptrdiff_t)cache->certCacheLock); - cache->srvNameCacheLock = (sidCacheLock *) - (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheLock); - cache->sidCacheSets = (sidCacheSet *) - (cache->cacheMem + (ptrdiff_t)cache->sidCacheSets); - cache->sidCacheData = (sidCacheEntry *) - (cache->cacheMem + (ptrdiff_t)cache->sidCacheData); - cache->certCacheData = (certCacheEntry *) - (cache->cacheMem + (ptrdiff_t)cache->certCacheData); - cache->keyCacheData = (SSLWrappedSymWrappingKey *) - (cache->cacheMem + (ptrdiff_t)cache->keyCacheData); - cache->ticketKeyNameSuffix = (PRUint8 *) - (cache->cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); - cache->ticketEncKey = (encKeyCacheEntry *) - (cache->cacheMem + (ptrdiff_t)cache->ticketEncKey); - cache->ticketMacKey = (encKeyCacheEntry *) - (cache->cacheMem + (ptrdiff_t)cache->ticketMacKey); - cache->ticketKeysValid = (PRUint32 *) - (cache->cacheMem + (ptrdiff_t)cache->ticketKeysValid); - cache->srvNameCacheData = (srvNameCacheEntry *) - (cache->cacheMem + (ptrdiff_t)cache->srvNameCacheData); + ptr = (ptrdiff_t)cache->cacheMem; + *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; + *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; + *(ptrdiff_t *)(&cache->certCacheLock) += ptr; + *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; + *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; + *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; + *(ptrdiff_t *)(&cache->certCacheData) += ptr; + *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; + *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; + *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; + *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; + *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; + *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; /* initialize the locks */ init_time = ssl_Time(); @@ -1495,6 +1484,7 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) char * fmString = NULL; char * myEnvString = NULL; unsigned int decoLen; + ptrdiff_t ptr; inheritance inherit; cacheDesc my; #ifdef WINNT @@ -1590,32 +1580,20 @@ SSL_InheritMPServerSIDCacheInstance(cacheDesc *cache, const char * envString) /* Fix pointers in our private copy of cache descriptor to point to ** spaces in shared memory, whose address is now in "my". */ - cache->sidCacheLocks = (sidCacheLock *) - (my.cacheMem + (ptrdiff_t)cache->sidCacheLocks); - cache->keyCacheLock = (sidCacheLock *) - (my.cacheMem + (ptrdiff_t)cache->keyCacheLock); - cache->certCacheLock = (sidCacheLock *) - (my.cacheMem + (ptrdiff_t)cache->certCacheLock); - cache->srvNameCacheLock = (sidCacheLock *) - (my.cacheMem + (ptrdiff_t)cache->srvNameCacheLock); - cache->sidCacheSets = (sidCacheSet *) - (my.cacheMem + (ptrdiff_t)cache->sidCacheSets); - cache->sidCacheData = (sidCacheEntry *) - (my.cacheMem + (ptrdiff_t)cache->sidCacheData); - cache->certCacheData = (certCacheEntry *) - (my.cacheMem + (ptrdiff_t)cache->certCacheData); - cache->keyCacheData = (SSLWrappedSymWrappingKey *) - (my.cacheMem + (ptrdiff_t)cache->keyCacheData); - cache->ticketKeyNameSuffix = (PRUint8 *) - (my.cacheMem + (ptrdiff_t)cache->ticketKeyNameSuffix); - cache->ticketEncKey = (encKeyCacheEntry *) - (my.cacheMem + (ptrdiff_t)cache->ticketEncKey); - cache->ticketMacKey = (encKeyCacheEntry *) - (my.cacheMem + (ptrdiff_t)cache->ticketMacKey); - cache->ticketKeysValid = (PRUint32 *) - (my.cacheMem + (ptrdiff_t)cache->ticketKeysValid); - cache->srvNameCacheData = (srvNameCacheEntry *) - (my.cacheMem + (ptrdiff_t)cache->srvNameCacheData); + ptr = (ptrdiff_t)my.cacheMem; + *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; + *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; + *(ptrdiff_t *)(&cache->certCacheLock) += ptr; + *(ptrdiff_t *)(&cache->srvNameCacheLock) += ptr; + *(ptrdiff_t *)(&cache->sidCacheSets ) += ptr; + *(ptrdiff_t *)(&cache->sidCacheData ) += ptr; + *(ptrdiff_t *)(&cache->certCacheData) += ptr; + *(ptrdiff_t *)(&cache->keyCacheData ) += ptr; + *(ptrdiff_t *)(&cache->ticketKeyNameSuffix) += ptr; + *(ptrdiff_t *)(&cache->ticketEncKey ) += ptr; + *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; + *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; + *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; cache->cacheMemMap = my.cacheMemMap; cache->cacheMem = my.cacheMem; diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index f73500925f1..eaf7f6edca3 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -85,7 +85,6 @@ static sslOptions ssl_defaults = { PR_TRUE, /* reuseServerECDHEKey */ PR_FALSE, /* enableFallbackSCSV */ PR_TRUE, /* enableServerDhe */ - PR_FALSE /* enableExtendedMS */ }; /* @@ -227,10 +226,6 @@ ssl_DupSocket(sslSocket *os) PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, os->ssl3.dtlsSRTPCiphers, sizeof(PRUint16) * os->ssl3.dtlsSRTPCipherCount); ss->ssl3.dtlsSRTPCipherCount = os->ssl3.dtlsSRTPCipherCount; - PORT_Memcpy(ss->ssl3.signatureAlgorithms, os->ssl3.signatureAlgorithms, - sizeof(ss->ssl3.signatureAlgorithms[0]) * - os->ssl3.signatureAlgorithmCount); - ss->ssl3.signatureAlgorithmCount = os->ssl3.signatureAlgorithmCount; ss->ssl3.dheWeakGroupEnabled = os->ssl3.dheWeakGroupEnabled; ss->ssl3.numDHEGroups = os->ssl3.numDHEGroups; @@ -414,6 +409,7 @@ ssl_DestroySocketContents(sslSocket *ss) ss->dheKeyPair = NULL; } SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); + PORT_Assert(!ss->xtnData.sniNameArr); if (ss->xtnData.sniNameArr) { PORT_Free(ss->xtnData.sniNameArr); ss->xtnData.sniNameArr = NULL; @@ -826,10 +822,6 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) ss->opt.enableServerDhe = on; break; - case SSL_ENABLE_EXTENDED_MASTER_SECRET: - ss->opt.enableExtendedMS = on; - break; - default: PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; @@ -906,8 +898,6 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) on = ss->opt.reuseServerECDHEKey; break; case SSL_ENABLE_FALLBACK_SCSV: on = ss->opt.enableFallbackSCSV; break; case SSL_ENABLE_SERVER_DHE: on = ss->opt.enableServerDhe; break; - case SSL_ENABLE_EXTENDED_MASTER_SECRET: - on = ss->opt.enableExtendedMS; break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -980,9 +970,6 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) case SSL_ENABLE_SERVER_DHE: on = ssl_defaults.enableServerDhe; break; - case SSL_ENABLE_EXTENDED_MASTER_SECRET: - on = ssl_defaults.enableExtendedMS; - break; default: PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -1170,10 +1157,6 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) ssl_defaults.enableServerDhe = on; break; - case SSL_ENABLE_EXTENDED_MASTER_SECRET: - ssl_defaults.enableExtendedMS = on; - break; - default: PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -1440,7 +1423,7 @@ static PQGParams *gWeakParamsPQG; static ssl3DHParams *gWeakDHParams; static PRStatus -ssl3_CreateWeakDHParams(void) +ssl3_CreateWeakDHParams() { PQGVerify *vfy; SECStatus rv, passed; @@ -1887,10 +1870,6 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd) PORT_Memcpy(ss->ssl3.dtlsSRTPCiphers, sm->ssl3.dtlsSRTPCiphers, sizeof(PRUint16) * sm->ssl3.dtlsSRTPCipherCount); ss->ssl3.dtlsSRTPCipherCount = sm->ssl3.dtlsSRTPCipherCount; - PORT_Memcpy(ss->ssl3.signatureAlgorithms, sm->ssl3.signatureAlgorithms, - sizeof(ss->ssl3.signatureAlgorithms[0]) * - sm->ssl3.signatureAlgorithmCount); - ss->ssl3.signatureAlgorithmCount = sm->ssl3.signatureAlgorithmCount; if (!ss->opt.useSecurity) { PORT_SetError(SEC_ERROR_INVALID_ARGS); diff --git a/security/nss/lib/ssl/sslt.h b/security/nss/lib/ssl/sslt.h index cd742bbb2ed..152adb64f59 100644 --- a/security/nss/lib/ssl/sslt.h +++ b/security/nss/lib/ssl/sslt.h @@ -1,4 +1,3 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file contains prototypes for the public SSL functions. * @@ -56,35 +55,13 @@ typedef enum { #define kt_ecdh ssl_kea_ecdh #define kt_kea_size ssl_kea_size - -/* Values of this enum match the SignatureAlgorithm enum from - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ typedef enum { - ssl_sign_null = 0, /* "anonymous" in TLS */ + ssl_sign_null = 0, ssl_sign_rsa = 1, ssl_sign_dsa = 2, ssl_sign_ecdsa = 3 } SSLSignType; -/* Values of this enum match the HashAlgorithm enum from - * https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 */ -typedef enum { - /* ssl_hash_none is used internally to mean the pre-1.2 combination of MD5 - * and SHA1. The other values are only used in TLS 1.2. */ - ssl_hash_none = 0, - ssl_hash_md5 = 1, - ssl_hash_sha1 = 2, - ssl_hash_sha224 = 3, - ssl_hash_sha256 = 4, - ssl_hash_sha384 = 5, - ssl_hash_sha512 = 6 -} SSLHashType; - -typedef struct SSLSignatureAndHashAlgStr { - SSLHashType hashAlg; - SSLSignType sigAlg; -} SSLSignatureAndHashAlg; - typedef enum { ssl_auth_null = 0, ssl_auth_rsa = 1, @@ -145,31 +122,8 @@ typedef struct SSLChannelInfoStr { /* compression method info */ const char * compressionMethodName; SSLCompressionMethod compressionMethod; - - /* The following fields are added in NSS 3.21. - * This field only has meaning in TLS < 1.3 and will be set to - * PR_FALSE in TLS 1.3. - */ - PRBool extendedMasterSecretUsed; } SSLChannelInfo; -/* Preliminary channel info */ -#define ssl_preinfo_version (1U << 0) -#define ssl_preinfo_cipher_suite (1U << 1) -#define ssl_preinfo_all (ssl_preinfo_version|ssl_preinfo_cipher_suite) - -typedef struct SSLPreliminaryChannelInfoStr { - /* This is set to the length of the struct. */ - PRUint32 length; - /* A bitfield over SSLPreliminaryValueSet that describes which - * preliminary values are set (see ssl_preinfo_*). */ - PRUint32 valuesSet; - /* Protocol version: test (valuesSet & ssl_preinfo_version) */ - PRUint16 protocolVersion; - /* Cipher suite: test (valuesSet & ssl_preinfo_cipher_suite) */ - PRUint16 cipherSuite; -} SSLPreliminaryChannelInfo; - typedef struct SSLCipherSuiteInfoStr { PRUint16 length; PRUint16 cipherSuite; @@ -235,14 +189,13 @@ typedef enum { ssl_use_srtp_xtn = 14, ssl_app_layer_protocol_xtn = 16, ssl_padding_xtn = 21, - ssl_extended_master_secret_xtn = 23, ssl_session_ticket_xtn = 35, ssl_next_proto_nego_xtn = 13172, ssl_renegotiation_info_xtn = 0xff01, ssl_tls13_draft_version_xtn = 0xff02 /* experimental number */ } SSLExtensionType; -#define SSL_MAX_EXTENSIONS 12 /* doesn't include ssl_padding_xtn. */ +#define SSL_MAX_EXTENSIONS 11 /* doesn't include ssl_padding_xtn. */ typedef enum { ssl_dhe_group_none = 0, diff --git a/security/nss/lib/util/derdec.c b/security/nss/lib/util/derdec.c index 2c17ce939c4..c6219148774 100644 --- a/security/nss/lib/util/derdec.c +++ b/security/nss/lib/util/derdec.c @@ -175,7 +175,7 @@ der_capture(unsigned char *buf, unsigned char *end, return SECFailure; } - *header_len_p = (int)(bp - buf); + *header_len_p = bp - buf; *contents_len_p = contents_len; return SECSuccess; diff --git a/security/nss/lib/util/derenc.c b/security/nss/lib/util/derenc.c index 4a02e1a7106..90a9d2dfc33 100644 --- a/security/nss/lib/util/derenc.c +++ b/security/nss/lib/util/derenc.c @@ -279,7 +279,7 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) int header_len; PRUint32 contents_len; unsigned long encode_kind, under_kind; - PRBool explicit, universal; + PRBool explicit, optional, universal; /* @@ -301,6 +301,7 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) encode_kind = dtemplate->kind; explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE; + optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE; encode_kind &= ~DER_OPTIONAL; universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL) ? PR_TRUE : PR_FALSE; diff --git a/security/nss/lib/util/manifest.mn b/security/nss/lib/util/manifest.mn index 36c2d1dfe2f..9ff3758f0dc 100644 --- a/security/nss/lib/util/manifest.mn +++ b/security/nss/lib/util/manifest.mn @@ -43,7 +43,6 @@ EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ - verref.h \ templates.c \ $(NULL) diff --git a/security/nss/lib/util/nssb64e.c b/security/nss/lib/util/nssb64e.c index 5959982bbde..da0702c084a 100644 --- a/security/nss/lib/util/nssb64e.c +++ b/security/nss/lib/util/nssb64e.c @@ -632,7 +632,7 @@ NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt, { char *out_string = outStrOpt; PRUint32 max_out_len; - PRUint32 out_len = 0; + PRUint32 out_len; void *mark = NULL; char *dummy; diff --git a/security/nss/lib/util/nssrwlk.c b/security/nss/lib/util/nssrwlk.c index fbbfbd6ee56..65fceda2e60 100644 --- a/security/nss/lib/util/nssrwlk.c +++ b/security/nss/lib/util/nssrwlk.c @@ -91,7 +91,7 @@ NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) goto loser; } if (lock_name != NULL) { - rwlock->rw_name = (char*) PR_Malloc((PRUint32)strlen(lock_name) + 1); + rwlock->rw_name = (char*) PR_Malloc(strlen(lock_name) + 1); if (rwlock->rw_name == NULL) { goto loser; } diff --git a/security/nss/lib/util/nssutil.def b/security/nss/lib/util/nssutil.def index 631a49911ce..9d98df22216 100644 --- a/security/nss/lib/util/nssutil.def +++ b/security/nss/lib/util/nssutil.def @@ -277,9 +277,3 @@ _SGN_VerifyPKCS1DigestInfo; ;+ local: ;+ *; ;+}; -;+NSSUTIL_3.21 { # NSS Utilities 3.21 release -;+ global: -NSSUTIL_ArgParseModuleSpecEx; -;+ local: -;+ *; -;+}; diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 132fa59163f..6a3c8b9c573 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,12 +19,12 @@ * The format of the version string should be * ".[.[.]][ ]" */ -#define NSSUTIL_VERSION "3.21 Beta" +#define NSSUTIL_VERSION "3.20" #define NSSUTIL_VMAJOR 3 -#define NSSUTIL_VMINOR 21 +#define NSSUTIL_VMINOR 20 #define NSSUTIL_VPATCH 0 #define NSSUTIL_VBUILD 0 -#define NSSUTIL_BETA PR_TRUE +#define NSSUTIL_BETA PR_FALSE SEC_BEGIN_PROTOS diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h index 5e137849df5..a1a0ebbc412 100644 --- a/security/nss/lib/util/pkcs11n.h +++ b/security/nss/lib/util/pkcs11n.h @@ -28,7 +28,7 @@ /* * NSS-defined object classes - * + * */ #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS) @@ -164,7 +164,7 @@ #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10) /* J-PAKE round 2 key derivation mechanisms. - * + * * Required template attributes: CKA_NSS_JPAKE_PEERID * Input key type: CKK_NSS_JPAKE_ROUND1 * Output key type: CKK_NSS_JPAKE_ROUND2 @@ -176,14 +176,14 @@ #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13) #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14) -/* J-PAKE final key material derivation mechanisms +/* J-PAKE final key material derivation mechanisms * * Input key type: CKK_NSS_JPAKE_ROUND2 * Output key type: CKK_GENERIC_SECRET * Output key class: CKO_SECRET_KEY * Parameter type: CK_NSS_JPAKEFinalParams * - * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material + * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material * to get a key with uniformly distributed bits. */ #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) @@ -214,10 +214,6 @@ #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) -/* TLS extended master secret derivation */ -#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25) -#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) - /* * HISTORICAL: * Do not attempt to use these. They are only used by NETSCAPE's internal @@ -296,7 +292,7 @@ typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. See RFC 5869. - + bExtract: If set, HKDF-Extract will be applied to the input key. If the optional salt is given, it is used; otherwise, the salt is set to a sequence of zeros equal in length to the HMAC output. @@ -321,31 +317,6 @@ typedef struct CK_NSS_HKDFParams { CK_ULONG ulInfoLen; } CK_NSS_HKDFParams; -/* - * Parameter for the TLS extended master secret key derivation mechanisms: - * - * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE - * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH - * - * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash - * function used. For earlier versions of the PRF, set the prfHashMechanism - * value to CKM_TLS_PRF. - * - * The session hash input is expected to be the output of the same hash - * function as the PRF uses (as required by draft-ietf-tls-session-hash). So - * the ulSessionHashLen member must be equal the output length of the hash - * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF, - * the length of concatenated MD5 and SHA-1 digests). - * - */ -typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS { - CK_MECHANISM_TYPE prfHashMechanism; - CK_BYTE_PTR pSessionHash; - CK_ULONG ulSessionHashLen; - CK_VERSION_PTR pVersion; -} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS; - - /* * Trust info * @@ -370,7 +341,7 @@ typedef CK_ULONG CK_TRUST; #define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10) #define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */ -/* +/* * These may well remain NSS-specific; I'm only using them * to cache resolution data. */ @@ -481,7 +452,7 @@ typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated #define SECMOD_MODULE_DB_FUNCTION_FIND 0 #define SECMOD_MODULE_DB_FUNCTION_ADD 1 #define SECMOD_MODULE_DB_FUNCTION_DEL 2 -#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 +#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, char *parameters, void *moduleSpec); diff --git a/security/nss/lib/util/pkcs11t.h b/security/nss/lib/util/pkcs11t.h index 23931413e44..b003461628d 100644 --- a/security/nss/lib/util/pkcs11t.h +++ b/security/nss/lib/util/pkcs11t.h @@ -824,14 +824,6 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 -/* TLS 1.2 mechanisms are new for v2.40 */ -#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0 -#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1 -#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2 -#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3 -#define CKM_TLS_MAC 0x000003E4 -#define CKM_TLS_KDF 0x000003E5 - #define CKM_KEY_WRAP_LYNKS 0x00000400 #define CKM_KEY_WRAP_SET_OAEP 0x00000401 @@ -1656,45 +1648,6 @@ typedef struct CK_TLS_PRF_PARAMS { typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; -/* TLS 1.2 is new for version 2.40 */ -typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { - CK_SSL3_RANDOM_DATA RandomInfo; - CK_VERSION_PTR pVersion; - CK_MECHANISM_TYPE prfHashMechanism; -} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; - -typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ - CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; - -typedef struct CK_TLS12_KEY_MAT_PARAMS { - CK_ULONG ulMacSizeInBits; - CK_ULONG ulKeySizeInBits; - CK_ULONG ulIVSizeInBits; - CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */ - CK_SSL3_RANDOM_DATA RandomInfo; - CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; - CK_MECHANISM_TYPE prfHashMechanism; -} CK_TLS12_KEY_MAT_PARAMS; - -typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; - -typedef struct CK_TLS_KDF_PARAMS { - CK_MECHANISM_TYPE prfMechanism; - CK_BYTE_PTR pLabel; - CK_ULONG ulLabelLength; - CK_SSL3_RANDOM_DATA RandomInfo; - CK_BYTE_PTR pContextData; - CK_ULONG ulContextDataLength; -} CK_TLS_KDF_PARAMS; - -typedef struct CK_TLS_MAC_PARAMS { - CK_MECHANISM_TYPE prfMechanism; - CK_ULONG ulMacLength; - CK_ULONG ulServerOrClient; -} CK_TLS_MAC_PARAMS; - -typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; - /* WTLS is new for version 2.20 */ typedef struct CK_WTLS_RANDOM_DATA { CK_BYTE_PTR pClientRandom; diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c index fe72b293a9e..f9776bb9d58 100644 --- a/security/nss/lib/util/quickder.c +++ b/security/nss/lib/util/quickder.c @@ -146,7 +146,7 @@ static SECStatus GetItem(SECItem* src, SECItem* dest, PRBool includeTag) PORT_SetError(SEC_ERROR_BAD_DER); return SECFailure; } - src->len -= (int)(dest->data - src->data) + dest->len; + src->len -= (dest->data - src->data) + dest->len; src->data = dest->data + dest->len; return SECSuccess; } @@ -270,9 +270,13 @@ static SECStatus MatchComponentType(const SEC_ASN1Template* templateEntry, if ( (tag & SEC_ASN1_CLASS_MASK) != (((unsigned char)kind) & SEC_ASN1_CLASS_MASK) ) { +#ifdef DEBUG /* this is only to help debugging of the decoder in case of problems */ - /* unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; */ - /* unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; */ + unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; + unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; + tagclass = tagclass; + expectedclass = expectedclass; +#endif *match = PR_FALSE; return SECSuccess; } @@ -653,12 +657,13 @@ static SECStatus DecodeItem(void* dest, { SECStatus rv = SECSuccess; SECItem temp; - SECItem mark = {siBuffer, NULL, 0}; + SECItem mark; PRBool pop = PR_FALSE; PRBool decode = PR_TRUE; PRBool save = PR_FALSE; unsigned long kind; PRBool match = PR_TRUE; + PRBool optional = PR_FALSE; PR_ASSERT(src && dest && templateEntry && arena); #if 0 @@ -673,6 +678,7 @@ static SECStatus DecodeItem(void* dest, { /* do the template validation */ kind = templateEntry->kind; + optional = (0 != (kind & SEC_ASN1_OPTIONAL)); if (!kind) { PORT_SetError(SEC_ERROR_BAD_TEMPLATE); diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c index 0414c47e4a0..a8ef5ec1f8c 100644 --- a/security/nss/lib/util/secoid.c +++ b/security/nss/lib/util/secoid.c @@ -486,6 +486,9 @@ CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4}; +CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2}; +CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3}; +CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4}; CONST_OID sha256[] = { SHAXXX, 1 }; CONST_OID sha384[] = { SHAXXX, 2 }; @@ -1869,7 +1872,7 @@ static PLHashTable *oidmechhash = NULL; static PLHashNumber secoid_HashNumber(const void *key) { - return (PLHashNumber)((char *)key - (char *)NULL); + return (PLHashNumber) key; } static void @@ -1910,9 +1913,9 @@ SECOID_Init(void) const SECOidData *oid; int i; char * envVal; + volatile char c; /* force a reference that won't get optimized away */ -#define NSS_VERSION_VARIABLE __nss_util_version -#include "verref.h" + c = __nss_util_version[0]; if (oidhash) { return SECSuccess; /* already initialized */ diff --git a/security/nss/lib/util/secport.c b/security/nss/lib/util/secport.c index 723d89b351d..106399d245c 100644 --- a/security/nss/lib/util/secport.c +++ b/security/nss/lib/util/secport.c @@ -466,7 +466,7 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) PZ_Lock(pool->lock); #ifdef THREADMARK { - threadmark_mark **pw; + threadmark_mark **pw, *tm; if (PR_GetCurrentThread() != pool->marking_thread ) { PZ_Unlock(pool->lock); @@ -488,6 +488,7 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) return /* no error indication available */ ; } + tm = *pw; *pw = (threadmark_mark *)NULL; if (zero) { @@ -535,7 +536,7 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) #ifdef THREADMARK PORTArenaPool *pool = (PORTArenaPool *)arena; if (ARENAPOOL_MAGIC == pool->magic ) { - threadmark_mark **pw; + threadmark_mark **pw, *tm; PZ_Lock(pool->lock); @@ -559,6 +560,7 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) return /* no error indication available */ ; } + tm = *pw; *pw = (threadmark_mark *)NULL; if (! pool->first_mark ) { diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h index 7d2f5e07c66..5b09b9cb8d3 100644 --- a/security/nss/lib/util/secport.h +++ b/security/nss/lib/util/secport.h @@ -87,19 +87,6 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); SEC_END_PROTOS #define PORT_Assert PR_ASSERT -/* This runs a function that should return SECSuccess. - * Intended for NSS internal use only. - * The return value is asserted in a debug build, otherwise it is ignored. - * This is no substitute for proper error handling. It is OK only if you - * have ensured that the function cannot fail by other means such as checking - * prerequisites. In that case this can be used as a safeguard against - * unexpected changes in a function. - */ -#ifdef DEBUG -#define PORT_CheckSuccess(f) PR_ASSERT((f) == SECSuccess) -#else -#define PORT_CheckSuccess(f) (f) -#endif #define PORT_ZNew(type) (type*)PORT_ZAlloc(sizeof(type)) #define PORT_New(type) (type*)PORT_Alloc(sizeof(type)) #define PORT_ArenaNew(poolp, type) \ diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c index 4be99ade2f8..0f5970f1111 100644 --- a/security/nss/lib/util/utilmod.c +++ b/security/nss/lib/util/utilmod.c @@ -75,15 +75,14 @@ /* * Smart string cat functions. Automatically manage the memory. - * The first parameter is the destination string. If it's null, we + * The first parameter is the source string. If it's null, we * allocate memory for it. If it's not, we reallocate memory * so the the concanenated string fits. */ static char * nssutil_DupnCat(char *baseString, const char *str, int str_len) { - int baseStringLen = baseString ? PORT_Strlen(baseString) : 0; - int len = baseStringLen + 1; + int len = (baseString ? PORT_Strlen(baseString) : 0) + 1; char *newString; len += str_len; @@ -92,9 +91,8 @@ nssutil_DupnCat(char *baseString, const char *str, int str_len) PORT_Free(baseString); return NULL; } - PORT_Memcpy(&newString[baseStringLen], str, str_len); - newString[len - 1] = 0; - return newString; + if (baseString == NULL) *newString = 0; + return PORT_Strncat(newString,str, str_len); } /* Same as nssutil_DupnCat except it concatenates the full string, not a @@ -482,7 +480,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName, char *block = NULL; char *name = NULL; char *lib = NULL; - int name_len = 0, lib_len = 0; + int name_len, lib_len; PRBool skip = PR_FALSE; PRBool found = PR_FALSE; diff --git a/security/nss/lib/util/utilpars.c b/security/nss/lib/util/utilpars.c index 278f9c426dd..d2cd3e04ae7 100644 --- a/security/nss/lib/util/utilpars.c +++ b/security/nss/lib/util/utilpars.c @@ -762,31 +762,6 @@ NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, } -/************************************************************************ - * Parse Full module specs into: library, commonName, module parameters, - * and NSS specifi parameters. - */ -SECStatus -NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod, - char **parameters, char **nss, - char **config) -{ - int next; - modulespec = NSSUTIL_ArgStrip(modulespec); - - *lib = *mod = *parameters = *nss = *config = 0; - - while (*modulespec) { - NSSUTIL_HANDLE_STRING_ARG(modulespec,*lib,"library=",;) - NSSUTIL_HANDLE_STRING_ARG(modulespec,*mod,"name=",;) - NSSUTIL_HANDLE_STRING_ARG(modulespec,*parameters,"parameters=",;) - NSSUTIL_HANDLE_STRING_ARG(modulespec,*nss,"nss=",;) - NSSUTIL_HANDLE_STRING_ARG(modulespec,*config,"config=",;) - NSSUTIL_HANDLE_FINAL_ARG(modulespec) - } - return SECSuccess; -} - /************************************************************************ * Parse Full module specs into: library, commonName, module parameters, * and NSS specifi parameters. @@ -813,12 +788,11 @@ NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, /************************************************************************ * make a new module spec from it's components */ char * -NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters, - char *NSS, - char *config) +NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, + char *NSS) { char *moduleSpec; - char *lib,*name,*param,*nss,*conf; + char *lib,*name,*param,*nss; /* * now the final spec @@ -827,13 +801,7 @@ NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters, name = nssutil_formatPair("name",commonName,'\"'); param = nssutil_formatPair("parameters",parameters,'\"'); nss = nssutil_formatPair("NSS",NSS,'\"'); - if (config) { - conf = nssutil_formatPair("config",config,'\"'); - moduleSpec = PR_smprintf("%s %s %s %s %s", lib,name,param,nss,conf); - nssutil_freePair(conf); - } else { - moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); - } + moduleSpec = PR_smprintf("%s %s %s %s", lib,name,param,nss); nssutil_freePair(lib); nssutil_freePair(name); nssutil_freePair(param); @@ -841,15 +809,6 @@ NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, char *parameters, return (moduleSpec); } -/************************************************************************ - * make a new module spec from it's components */ -char * -NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, - char *NSS) -{ - return NSSUTIL_MkModuleSpecEx(dllName, commonName, parameters, NSS, NULL); -} - #define NSSUTIL_ARG_FORTEZZA_FLAG "FORTEZZA" /****************************************************************************** diff --git a/security/nss/lib/util/utilpars.h b/security/nss/lib/util/utilpars.h index 7562bb65bc7..e01ba14c943 100644 --- a/security/nss/lib/util/utilpars.h +++ b/security/nss/lib/util/utilpars.h @@ -39,12 +39,8 @@ char * NSSUTIL_MkSlotString(unsigned long slotID, unsigned long defaultFlags, PRBool hasRootCerts, PRBool hasRootTrust); SECStatus NSSUTIL_ArgParseModuleSpec(char *modulespec, char **lib, char **mod, char **parameters, char **nss); -SECStatus NSSUTIL_ArgParseModuleSpecEx(char *modulespec, char **lib, char **mod, - char **parameters, char **nss, char **config); char *NSSUTIL_MkModuleSpec(char *dllName, char *commonName, char *parameters, char *NSS); -char *NSSUTIL_MkModuleSpecEx(char *dllName, char *commonName, - char *parameters, char *NSS, char *config); void NSSUTIL_ArgParseCipherFlags(unsigned long *newCiphers,char *cipherList); char * NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal, PRBool isFIPS, PRBool isModuleDB, PRBool isModuleDBOnly, diff --git a/security/nss/lib/util/verref.h b/security/nss/lib/util/verref.h deleted file mode 100644 index 2d141bb5ca7..00000000000 --- a/security/nss/lib/util/verref.h +++ /dev/null @@ -1,40 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - -/* This header is used inline in a function to ensure that a version string - * symbol is linked in and not optimized out. A volatile reference is added to - * the variable identified by NSS_VERSION_VARIABLE. - * - * Use this as follows: - * - * #define NSS_VERSION_VARIABLE __nss_ssl_version - * #include "verref.h" - */ - -/* Suppress unused variable warnings. */ -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning(disable: 4101) -#endif -/* This works for both gcc and clang */ -#if defined(__GNUC__) && !defined(NSS_NO_GCC48) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wunused-variable" -#endif - -#ifndef NSS_VERSION_VARIABLE -#error NSS_VERSION_VARIABLE must be set before including "verref.h" -#endif -{ - extern const char NSS_VERSION_VARIABLE[]; - volatile const char _nss_version_c = NSS_VERSION_VARIABLE[0]; -} -#undef NSS_VERSION_VARIABLE - -#ifdef _MSC_VER -#pragma warning(pop) -#endif -#if defined(__GNUC__) && !defined(NSS_NO_GCC48) -#pragma GCC diagnostic pop -#endif diff --git a/security/nss/tests/all.sh b/security/nss/tests/all.sh index 819789c93b7..1170bc1bac8 100755 --- a/security/nss/tests/all.sh +++ b/security/nss/tests/all.sh @@ -202,7 +202,7 @@ run_cycle_upgrade_db() # run the subset of tests with the upgraded database TESTS="${ALL_TESTS}" - TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains ssl_gtests" + TESTS_SKIP="cipher libpkix cert dbtests sdr ocsp pkits chains" echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null RET=$? @@ -233,7 +233,7 @@ run_cycle_shared_db() # run the tests for native sharedb support TESTS="${ALL_TESTS}" - TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits ssl_gtests" + TESTS_SKIP="cipher libpkix dbupgrade sdr ocsp pkits" echo "${NSS_SSL_TESTS}" | grep "_" > /dev/null RET=$? @@ -274,7 +274,7 @@ run_cycles() cycles="standard pkix upgradedb sharedb" CYCLES=${NSS_CYCLES:-$cycles} -tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ssl_gtests" +tests="cipher lowhash libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains" TESTS=${NSS_TESTS:-$tests} ALL_TESTS=${TESTS} diff --git a/security/nss/tests/cert/cert.sh b/security/nss/tests/cert/cert.sh index 114369f6bfe..43c1cdd8e85 100755 --- a/security/nss/tests/cert/cert.sh +++ b/security/nss/tests/cert/cert.sh @@ -1201,6 +1201,50 @@ cert_ssl() pk12u -i ${R_STAPLINGDIR}/ca.p12 -k ${R_PWFILE} -w ${R_PWFILE} -d ${R_STAPLINGDIR} } +############################# ssl_gtest ########################## +# local shell function to create serve certs for SSL gtests +################################################################## +cert_ssl_gtests() +{ + CERTFAILED=0 + echo "$SCRIPTNAME: Creating ssl_gtest DB dir" + cert_init_cert ${SSLGTESTDIR} "server" 1 ${D_EXT_SERVER} + echo "$SCRIPTNAME: Creating database for ssl_gtests" + certu -N -d "${SSLGTESTDIR}" --empty-password 2>&1 + # the ssl server used here is special: is a self-signed server + # certificate with name server. + echo "$SCRIPTNAME: Creating server certs for ssl_gtests" + certu -S -z ${R_NOISE_FILE} -g 2048 -d ${SSLGTESTDIR} -n server -s "CN=server" \ + -t C,C,C -x -m 1 -w -2 -v 120 -Z SHA256 -1 -2 <Passed<" | wc -l | sed s/\ *//) echo "Passed: ${LINES_CNT}" - FAILED_CNT=$(cat ${RESULTS} | grep ">Failed<" | wc -l | sed s/\ *//) - echo "Failed: ${FAILED_CNT}" - CORE_CNT=$(cat ${RESULTS} | grep ">Failed Core<" | wc -l | sed s/\ *//) - echo "Failed with core: ${CORE_CNT}" + LINES_CNT=$(cat ${RESULTS} | grep ">Failed<" | wc -l | sed s/\ *//) + echo "Failed: ${LINES_CNT}" + LINES_CNT=$(cat ${RESULTS} | grep ">Failed Core<" | wc -l | sed s/\ *//) + echo "Failed with core: ${LINES_CNT}" LINES_CNT=$(cat ${RESULTS} | grep ">Unknown<" | wc -l | sed s/\ *//) echo "Unknown status: ${LINES_CNT}" if [ ${LINES_CNT} -gt 0 ]; then @@ -46,8 +46,4 @@ if [ -z "${CLEANUP}" -o "${CLEANUP}" = "${SCRIPTNAME}" ]; then html "END_OF_TEST
" html "" rm -f ${TEMPFILES} 2>/dev/null - if [ ${FAILED_CNT} -gt 0 ]; then - exit 1 - fi - fi diff --git a/security/nss/tests/common/init.sh b/security/nss/tests/common/init.sh index 2c4e69c18d1..521438c3d7d 100644 --- a/security/nss/tests/common/init.sh +++ b/security/nss/tests/common/init.sh @@ -235,7 +235,7 @@ if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then HTML_FAILED='Failed' HTML_FAILED_CORE='Failed Core' HTML_PASSED='Passed' - HTML_UNKNOWN='Unknown' + HTML_UNKNOWN='Unknown/TD>' TABLE_ARGS= diff --git a/security/nss/tests/dbupgrade/dbupgrade.sh b/security/nss/tests/dbupgrade/dbupgrade.sh index 0302e614348..9d25f1f045d 100755 --- a/security/nss/tests/dbupgrade/dbupgrade.sh +++ b/security/nss/tests/dbupgrade/dbupgrade.sh @@ -79,7 +79,7 @@ dbupgrade_main() if [ -d fips ]; then echo "upgrading db fips" - ${BINDIR}/certutil -S -g 1024 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2>&1 + ${BINDIR}/certutil -S -g 512 -n tmprsa -t "u,u,u" -s "CN=tmprsa, C=US" -x -d sql:fips -f ${FIPSPWFILE} -z ${NOISE_FILE} 2>&1 html_msg $? 0 "Upgrading fips" # remove our temp certificate we created in the fist token ${BINDIR}/certutil -F -n tmprsa -d sql:fips -f ${FIPSPWFILE} 2>&1 diff --git a/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c b/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c index 62826f1eea4..57c431199dc 100644 --- a/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c +++ b/security/nss/tests/pkcs11/netscape/suites/security/pkcs11/pk11test.c @@ -1316,7 +1316,7 @@ GetMechInfo(CK_MECHANISM_TYPE type) l = 0; r = numMechs-1; while(l <= r) { - mid = l+(r-l)/2; + mid = (l+r)/2; if(mechInfo[mid].type == type) { return &(mechInfo[mid]); } else if(mechInfo[mid].type < type) { diff --git a/security/nss/tests/ssl/ssl.sh b/security/nss/tests/ssl/ssl.sh index 1bfb4b74ee5..6b8d0830fbf 100755 --- a/security/nss/tests/ssl/ssl.sh +++ b/security/nss/tests/ssl/ssl.sh @@ -437,10 +437,10 @@ ssl_stapling_sub() start_selfserv echo "tstclnt -p ${PORT} -h ${HOSTADDR} -f -d ${P_R_CLIENTDIR} -v ${CLIENT_OPTIONS} \\" - echo " -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}" + echo " -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE}" rm ${TMP}/$HOST.tmp.$$ 2>/dev/null ${PROFTOOL} ${BINDIR}/tstclnt -p ${PORT} -h ${HOSTADDR} -f ${CLIENT_OPTIONS} \ - -d ${P_R_CLIENTDIR} -v -c v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \ + -d ${P_R_CLIENTDIR} -v -T -O -F -M 1 -V ssl3: < ${REQUEST_FILE} \ >${TMP}/$HOST.tmp.$$ 2>&1 ret=$? cat ${TMP}/$HOST.tmp.$$ diff --git a/security/nss/tests/ssl/sslauth.txt b/security/nss/tests/ssl/sslauth.txt index aa8196c5f6b..9178cb876d8 100644 --- a/security/nss/tests/ssl/sslauth.txt +++ b/security/nss/tests/ssl/sslauth.txt @@ -65,12 +65,12 @@ # SNI Tests # SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI - SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI - SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert + SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI - SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions + SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI - SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI + SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host.Dom TLS Server hello response with SNI: Change name on 2d HS - SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS - SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert + SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni.Dom_-a_Host-sni1.Dom TLS Server hello response with SNI: Change name to invalid 2d HS + SNI 1 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert diff --git a/security/nss/tests/ssl_gtests/parsereport.sed b/security/nss/tests/ssl_gtests/parsereport.sed deleted file mode 100644 index d7c6ddada09..00000000000 --- a/security/nss/tests/ssl_gtests/parsereport.sed +++ /dev/null @@ -1,8 +0,0 @@ -/\&1 - html_msg $? 0 "create ssl_gtest database" - - ${BINDIR}/certutil -S -z ${R_NOISE_FILE} -d "${PROFILEDIR}" \ - -n server -s "CN=server" -t C,C,C -x -m 1 -w -2 -v 120 \ - -k rsa -g 1024 -Z SHA256 -1 -2 < /dev/null - else - html_failed "$name" - fi - done + ssl_gtest -d ${SSLGTESTDIR} + html_msg $? 0 "ssl_gtest" } ################## main #################################################