diff options
author | christophe.ravel.bugs%sun.com <devnull@localhost> | 2005-08-09 16:49:27 +0000 |
---|---|---|
committer | christophe.ravel.bugs%sun.com <devnull@localhost> | 2005-08-09 16:49:27 +0000 |
commit | c7b55a3a46e1cc432ccae517b56f15899c868955 (patch) | |
tree | 2e468693035405ba4dde834d8307c354dbf30c45 | |
parent | d340cac39ed31a626516273f2bd451dbacdd73ab (diff) | |
download | nss-hg-c7b55a3a46e1cc432ccae517b56f15899c868955.tar.gz |
Backout of Backport from NSS 3.4 to NSS 3.3.4.x. Checkins to directory mozilla/security/nss/lib/ssl by relyea* between 2001-12-05 00:00 and 2001-12-07 00:00.
-rw-r--r-- | security/nss/lib/certhigh/certvfy.c | 2 | ||||
-rw-r--r-- | security/nss/lib/nss/nss.h | 2 | ||||
-rw-r--r-- | security/nss/lib/ssl/authcert.c | 4 | ||||
-rw-r--r-- | security/nss/lib/ssl/emulate.c | 10 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 14 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslcon.c | 25 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssldef.c | 6 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslsock.c | 2 |
8 files changed, 22 insertions, 43 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index bd13eea1d..ef5d49270 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -653,7 +653,7 @@ CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert, subjectNameList = CERT_GetCertificateNames(subjectCert, arena); subjectNameListLen = CERT_GetNamesLength(subjectNameList); for (i = 0; i < subjectNameListLen; i++) { - if (namesIndexLen <= namesCount + i) { + if (namesIndexLen < namesCount + i) { namesIndexLen = namesIndexLen * 2; namesIndex = (SECItem *) PORT_Realloc(namesIndex, namesIndexLen * sizeof(SECItem)); diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 2c0741802..e48060a5f 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -49,7 +49,7 @@ SEC_BEGIN_PROTOS * The format of the version string should be * "<major version>.<minor version>[.<patch level>] [<Beta>]" */ -#define NSS_VERSION "3.3.4.7" +#define NSS_VERSION "3.3.4.6" #define NSS_VMAJOR 3 #define NSS_VMINOR 3 #define NSS_VPATCH 4 diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c index bd473f11f..5a9c45e5a 100644 --- a/security/nss/lib/ssl/authcert.c +++ b/security/nss/lib/ssl/authcert.c @@ -59,8 +59,8 @@ NSS_GetClientAuthData(void * arg, struct CERTCertificateStr ** pRetCert, struct SECKEYPrivateKeyStr **pRetKey) { - CERTCertificate * cert = NULL; - SECKEYPrivateKey * privkey = NULL; + CERTCertificate * cert; + SECKEYPrivateKey * privkey; char * chosenNickName = (char *)arg; /* CONST */ void * proto_win = NULL; SECStatus rv = SECFailure; diff --git a/security/nss/lib/ssl/emulate.c b/security/nss/lib/ssl/emulate.c index 77c99639f..bb6efc140 100644 --- a/security/nss/lib/ssl/emulate.c +++ b/security/nss/lib/ssl/emulate.c @@ -202,7 +202,7 @@ ssl_EmulateTransmitFile( PRFileDesc * sd, PRTransmitFileFlags flags, PRIntervalTime timeout) { - void * addr = NULL; + void * addr; PRFileMap * mapHandle = NULL; PRInt32 count = 0; PRInt32 index = 0; @@ -461,7 +461,7 @@ PRInt32 ssl_EmulateSendFile(PRFileDesc *sd, PRSendFileData *sfd, PRTransmitFileFlags flags, PRIntervalTime timeout) { - void * addr = NULL; + void * addr; PRFileMap * mapHandle = NULL; PRInt32 count = 0; PRInt32 file_bytes; @@ -529,12 +529,6 @@ ssl_EmulateSendFile(PRFileDesc *sd, PRSendFileData *sfd, len = mmap_len - addr_offset; } /* - * filebytes is negative or SENDFILE_MMAP_CHUNK is less than pagesize. - * assert so we catch problems in debug builds. - */ - PR_ASSERT(len >= 0); - - /* * Map in (part of) file. Take care of zero-length files. */ if (len > 0) { diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index df6ef439b..8ed3e0e8d 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -444,9 +444,9 @@ ssl3_config_match_init(sslSocket *ss) /* Mark the suites that are backed by real tokens, certs and keys */ suite->isPresent = (PRBool) (((exchKeyType == kt_null) || - ((!isServer || (ss->serverKey[exchKeyType] && + (!isServer || (ss->serverKey[exchKeyType] && ss->serverCertChain[exchKeyType])) && - PK11_TokenExists(kea_alg_defs[exchKeyType]))) && + PK11_TokenExists(kea_alg_defs[exchKeyType])) && ((cipher_alg == calg_null) || PK11_TokenExists(cipher_alg))); if (suite->isPresent) ++numPresent; @@ -2922,10 +2922,6 @@ ssl_UnwrapSymWrappingKey( PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey, masterWrapMech, CKA_UNWRAP, 0); break; - default: - /* Assert? */ - SET_ERROR_CODE - goto loser; } loser: return unwrappedWrappingKey; @@ -2958,7 +2954,7 @@ getWrappingKey( sslSocket * ss, SECKEYPublicKey * svrPubKey = NULL; PK11SymKey * unwrappedWrappingKey = NULL; PK11SymKey ** pSymWrapKey; - CK_MECHANISM_TYPE asymWrapMechanism = CKM_INVALID_MECHANISM; + CK_MECHANISM_TYPE asymWrapMechanism; int length; int symWrapMechIndex; SECStatus rv; @@ -3094,8 +3090,6 @@ no_wrapped_key: goto loser; } - PORT_Assert(asymWrapMechanism != CKM_INVALID_MECHANISM); - wswk.symWrapMechanism = masterWrapMech; wswk.symWrapMechIndex = symWrapMechIndex; wswk.asymWrapMechanism = asymWrapMechanism; @@ -3492,7 +3486,7 @@ loser: static SECStatus sendFortezzaClientKeyExchange(sslSocket * ss, SECKEYPublicKey * serverKey) { - ssl3CipherSpec * pwSpec = NULL; + ssl3CipherSpec * pwSpec; sslSessionID * sid = ss->sec->ci.sid; PK11SlotInfo * slot = NULL; PK11SymKey * pms = NULL; diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index d0005d269..53575bf68 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -1457,10 +1457,10 @@ loser: static SECStatus ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient) { - sslSecurityInfo * sec = NULL; + sslSecurityInfo * sec; sslConnectInfo * ci; - SECItem * rk = NULL; - SECItem * wk = NULL; + SECItem * rk; + SECItem * wk; SECItem * param; SECStatus rv; int cipherType = sid->u.ssl2.cipherType; @@ -1495,7 +1495,7 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient) SSL_DBG(("%d: SSL[%d]: ssl2_CreateSessionCypher: unknown cipher=%d", SSL_GETPID(), ss->fd, cipherType)); PORT_SetError(isClient ? SSL_ERROR_BAD_SERVER : SSL_ERROR_BAD_CLIENT); - goto sec_loser; + goto loser; } sec = ss->sec; @@ -1580,12 +1580,8 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient) rv = SECFailure; done: - if (rk) { - SECITEM_ZfreeItem(rk, PR_FALSE); - } - if (wk) { - SECITEM_ZfreeItem(wk, PR_FALSE); - } + SECITEM_ZfreeItem(rk, PR_FALSE); + SECITEM_ZfreeItem(wk, PR_FALSE); return rv; } @@ -1617,7 +1613,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, PRUint8 *ek, unsigned int ekLen, PRUint8 *ca, unsigned int caLen) { - PRUint8 *kk = NULL; + PRUint8 *kk; sslSecurityInfo * sec; sslSessionID * sid; PRUint8 * kbuf = 0; /* buffer for RSA decrypted data. */ @@ -1733,9 +1729,6 @@ hide_loser: * Instead, Generate a completely bogus master key . */ PK11_GenerateRandom(kbuf, ekLen); - if (!kk) { - kk = kbuf + ekLen - (keySize - ckLen); - } } /* @@ -2974,7 +2967,7 @@ ssl2_BeginClientHandshake(sslSocket *ss) PRUint8 *localCipherSpecs = NULL; unsigned int localCipherSize; unsigned int i; - int sendLen, sidLen = 0; + int sendLen, sidLen; SECStatus rv; PORT_Assert( ssl_Have1stHandshakeLock(ss) ); @@ -3754,6 +3747,8 @@ NSSSSL_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ + int vmajor = 0, vminor = 0, vpatch = 0; + const char *ptr = importedVersion; volatile char c; /* force a reference that won't get optimized away */ c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0]; diff --git a/security/nss/lib/ssl/ssldef.c b/security/nss/lib/ssl/ssldef.c index 1d98cac88..81d6db8c8 100644 --- a/security/nss/lib/ssl/ssldef.c +++ b/security/nss/lib/ssl/ssldef.c @@ -41,10 +41,8 @@ #if defined(WIN32) #define MAP_ERROR(from,to) if (err == from) { PORT_SetError(to); } -#define DEFINE_ERROR PRErrorCode err = PR_GetError(); #else #define MAP_ERROR(from,to) -#define DEFINE_ERROR #endif int ssl_DefConnect(sslSocket *ss, const PRNetAddr *sa) @@ -90,7 +88,7 @@ int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags) rv = lower->methods->recv(lower, (void *)buf, len, flags, ss->rTimeout); if (rv < 0) { - DEFINE_ERROR + PRErrorCode err = PR_GetError(); MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR) } else if (rv > len) { PORT_Assert(rv <= len); @@ -154,7 +152,7 @@ int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len) rv = lower->methods->read(lower, (void *)buf, len); if (rv < 0) { - DEFINE_ERROR + PRErrorCode err = PR_GetError(); MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR) } return rv; diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index 81ec18d99..d294a1421 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -306,9 +306,7 @@ ssl_FreeSocket(sslSocket *ss) int i; sslSocket *fs; -#ifdef DEBUG sslSocket lSock; -#endif /* Get every lock you can imagine! ** Caller already holds these: |