Backout of Backport from NSS 3.4 to NSS 3.3.4.x. Checkins to directory mozilla/security/nss/lib/ssl by relyea* between 2001-12-05 00:00 and 2001-12-07 00:00.

8 files changed, 22 insertions, 43 deletions

diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
index bd13eea1d..ef5d49270 100644
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -653,7 +653,7 @@ CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert,
 	subjectNameList = CERT_GetCertificateNames(subjectCert, arena);
 	subjectNameListLen = CERT_GetNamesLength(subjectNameList);
 	for (i = 0; i < subjectNameListLen; i++) {
-            if (namesIndexLen <= namesCount + i) {
+	    if (namesIndexLen < namesCount + i) {
 		namesIndexLen = namesIndexLen * 2;
 		namesIndex = (SECItem *) PORT_Realloc(namesIndex, namesIndexLen * 
 						       sizeof(SECItem));
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index 2c0741802..e48060a5f 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -49,7 +49,7 @@ SEC_BEGIN_PROTOS
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>] [<Beta>]"
  */
-#define NSS_VERSION  "3.3.4.7"
+#define NSS_VERSION  "3.3.4.6"
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   3
 #define NSS_VPATCH   4
diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c
index bd473f11f..5a9c45e5a 100644
--- a/security/nss/lib/ssl/authcert.c
+++ b/security/nss/lib/ssl/authcert.c
@@ -59,8 +59,8 @@ NSS_GetClientAuthData(void *                       arg,
 		      struct CERTCertificateStr ** pRetCert, 
 		      struct SECKEYPrivateKeyStr **pRetKey)
 {
-  CERTCertificate *  cert = NULL;
-  SECKEYPrivateKey * privkey = NULL;
+  CERTCertificate *  cert;
+  SECKEYPrivateKey * privkey;
   char *             chosenNickName = (char *)arg;    /* CONST */
   void *             proto_win  = NULL;
   SECStatus          rv         = SECFailure;
diff --git a/security/nss/lib/ssl/emulate.c b/security/nss/lib/ssl/emulate.c
index 77c99639f..bb6efc140 100644
--- a/security/nss/lib/ssl/emulate.c
+++ b/security/nss/lib/ssl/emulate.c
@@ -202,7 +202,7 @@ ssl_EmulateTransmitFile(    PRFileDesc *        sd,
 			    PRTransmitFileFlags flags,
 			    PRIntervalTime      timeout)
 {
-    void *            addr = NULL;
+    void *            addr;
     PRFileMap *       mapHandle = NULL;
     PRInt32           count     = 0;
     PRInt32           index     = 0;
@@ -461,7 +461,7 @@ PRInt32
 ssl_EmulateSendFile(PRFileDesc *sd, PRSendFileData *sfd,
                     PRTransmitFileFlags flags, PRIntervalTime timeout)
 {
-    void *            addr = NULL;
+    void *            addr;
     PRFileMap *       mapHandle  	= NULL;
     PRInt32           count 		= 0;
     PRInt32           file_bytes;
@@ -529,12 +529,6 @@ ssl_EmulateSendFile(PRFileDesc *sd, PRSendFileData *sfd,
         len      = mmap_len - addr_offset;
     }
     /*
-     * filebytes is negative or SENDFILE_MMAP_CHUNK is less than pagesize.
-     * assert so we catch problems in debug builds.
-     */
-    PR_ASSERT(len >= 0);
-
-    /*
      * Map in (part of) file. Take care of zero-length files.
      */
     if (len > 0) {
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index df6ef439b..8ed3e0e8d 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -444,9 +444,9 @@ ssl3_config_match_init(sslSocket *ss)
 	    /* Mark the suites that are backed by real tokens, certs and keys */
 	    suite->isPresent = (PRBool)
 		(((exchKeyType == kt_null) ||
-                    ((!isServer || (ss->serverKey[exchKeyType] &&
+		    (!isServer || (ss->serverKey[exchKeyType] &&
 				   ss->serverCertChain[exchKeyType])) &&
-                    PK11_TokenExists(kea_alg_defs[exchKeyType]))) &&
+		    PK11_TokenExists(kea_alg_defs[exchKeyType])) &&
 		((cipher_alg == calg_null) || PK11_TokenExists(cipher_alg)));
 	    if (suite->isPresent)
 	    	++numPresent;
@@ -2922,10 +2922,6 @@ ssl_UnwrapSymWrappingKey(
 	    PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey,
 				 masterWrapMech, CKA_UNWRAP, 0);
 	break;
-    default:
-        /* Assert? */
-        SET_ERROR_CODE
-        goto loser;
     }
 loser:
     return unwrappedWrappingKey;
@@ -2958,7 +2954,7 @@ getWrappingKey( sslSocket *       ss,
     SECKEYPublicKey *        svrPubKey             = NULL;
     PK11SymKey *             unwrappedWrappingKey  = NULL;
     PK11SymKey **            pSymWrapKey;
-    CK_MECHANISM_TYPE        asymWrapMechanism = CKM_INVALID_MECHANISM;
+    CK_MECHANISM_TYPE        asymWrapMechanism;
     int                      length;
     int                      symWrapMechIndex;
     SECStatus                rv;
@@ -3094,8 +3090,6 @@ no_wrapped_key:
 	goto loser;
     }
 
-    PORT_Assert(asymWrapMechanism != CKM_INVALID_MECHANISM);
-
     wswk.symWrapMechanism  = masterWrapMech;
     wswk.symWrapMechIndex  = symWrapMechIndex;
     wswk.asymWrapMechanism = asymWrapMechanism;
@@ -3492,7 +3486,7 @@ loser:
 static SECStatus
 sendFortezzaClientKeyExchange(sslSocket * ss, SECKEYPublicKey * serverKey)
 {
-    ssl3CipherSpec *    pwSpec = NULL;
+    ssl3CipherSpec *	pwSpec;
     sslSessionID *	sid 		= ss->sec->ci.sid;
     PK11SlotInfo *	slot		= NULL;
     PK11SymKey *	pms 		= NULL;
diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c
index d0005d269..53575bf68 100644
--- a/security/nss/lib/ssl/sslcon.c
+++ b/security/nss/lib/ssl/sslcon.c
@@ -1457,10 +1457,10 @@ loser:
 static SECStatus
 ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
 {
-    sslSecurityInfo * sec = NULL;
+    sslSecurityInfo * sec;
     sslConnectInfo *  ci;
-    SECItem         * rk = NULL;
-    SECItem         * wk = NULL;
+    SECItem         * rk;
+    SECItem         * wk;
     SECItem *         param;
     SECStatus         rv;
     int               cipherType  = sid->u.ssl2.cipherType;
@@ -1495,7 +1495,7 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
 	SSL_DBG(("%d: SSL[%d]: ssl2_CreateSessionCypher: unknown cipher=%d",
 		 SSL_GETPID(), ss->fd, cipherType));
 	PORT_SetError(isClient ? SSL_ERROR_BAD_SERVER : SSL_ERROR_BAD_CLIENT);
-        goto sec_loser;
+	goto loser;
     }
 
     sec = ss->sec;
@@ -1580,12 +1580,8 @@ ssl2_CreateSessionCypher(sslSocket *ss, sslSessionID *sid, PRBool isClient)
     rv = SECFailure;
 
   done:
-    if (rk) {
-        SECITEM_ZfreeItem(rk, PR_FALSE);
-    }
-    if (wk) {
-        SECITEM_ZfreeItem(wk, PR_FALSE);
-    }
+    SECITEM_ZfreeItem(rk, PR_FALSE);
+    SECITEM_ZfreeItem(wk, PR_FALSE);
     return rv;
 }
 
@@ -1617,7 +1613,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits,
 			 PRUint8 *ek, unsigned int ekLen,
 			 PRUint8 *ca, unsigned int caLen)
 {
-    PRUint8           *kk = NULL;
+    PRUint8           *kk;
     sslSecurityInfo * sec;
     sslSessionID *    sid;
     PRUint8       *   kbuf = 0;	/* buffer for RSA decrypted data. */
@@ -1733,9 +1729,6 @@ hide_loser:
 	 * Instead, Generate a completely bogus master key .
 	 */
 	PK11_GenerateRandom(kbuf, ekLen);
-        if (!kk) {
-            kk = kbuf + ekLen - (keySize - ckLen);
-        }
     }
 
     /*
@@ -2974,7 +2967,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
     PRUint8           *localCipherSpecs = NULL;
     unsigned int      localCipherSize;
     unsigned int      i;
-    int               sendLen, sidLen = 0;
+    int               sendLen, sidLen;
     SECStatus         rv;
 
     PORT_Assert( ssl_Have1stHandshakeLock(ss) );
@@ -3754,6 +3747,8 @@ NSSSSL_VersionCheck(const char *importedVersion)
      * not compatible with future major, minor, or
      * patch releases.
      */
+    int vmajor = 0, vminor = 0, vpatch = 0;
+    const char *ptr = importedVersion;
     volatile char c; /* force a reference that won't get optimized away */
 
     c = __nss_ssl_rcsid[0] + __nss_ssl_sccsid[0]; 
diff --git a/security/nss/lib/ssl/ssldef.c b/security/nss/lib/ssl/ssldef.c
index 1d98cac88..81d6db8c8 100644
--- a/security/nss/lib/ssl/ssldef.c
+++ b/security/nss/lib/ssl/ssldef.c
@@ -41,10 +41,8 @@
 
 #if defined(WIN32)
 #define MAP_ERROR(from,to) if (err == from) { PORT_SetError(to); }
-#define DEFINE_ERROR       PRErrorCode err = PR_GetError();
 #else
 #define MAP_ERROR(from,to)
-#define DEFINE_ERROR
 #endif
 
 int ssl_DefConnect(sslSocket *ss, const PRNetAddr *sa)
@@ -90,7 +88,7 @@ int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
 
     rv = lower->methods->recv(lower, (void *)buf, len, flags, ss->rTimeout);
     if (rv < 0) {
-        DEFINE_ERROR
+	PRErrorCode err = PR_GetError();
 	MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
     } else if (rv > len) {
 	PORT_Assert(rv <= len);
@@ -154,7 +152,7 @@ int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len)
 
     rv = lower->methods->read(lower, (void *)buf, len);
     if (rv < 0) {
-        DEFINE_ERROR
+	PRErrorCode err = PR_GetError();
 	MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR)
     }
     return rv;
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index 81ec18d99..d294a1421 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -306,9 +306,7 @@ ssl_FreeSocket(sslSocket *ss)
     int        i;
 
     sslSocket *fs;
-#ifdef DEBUG
     sslSocket  lSock;
-#endif
 
 /* Get every lock you can imagine!
 ** Caller already holds these: