diff options
192 files changed, 1354 insertions, 1506 deletions
diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c index 776191808..81c3061bb 100644 --- a/cmd/bltest/blapitest.c +++ b/cmd/bltest/blapitest.c @@ -56,8 +56,7 @@ char *testdir = NULL; #define TIMEMARK(seconds) \ time1 = PR_SecondsToInterval(seconds); \ { \ - PRInt64 tmp, L100; \ - LL_I2L(L100, 100); \ + PRInt64 tmp; \ if (time2 == 0) { \ time2 = 1; \ } \ @@ -313,7 +312,6 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file) { unsigned char len[4]; int i; - SECStatus status; NSSBase64Encoder *cx; cx = NSSBase64Encoder_Create(output_ascii, file); for (i=0; i<ni; i++, it++) { @@ -321,11 +319,11 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file) len[1] = (it->len >> 16) & 0xff; len[2] = (it->len >> 8) & 0xff; len[3] = (it->len & 0xff); - status = NSSBase64Encoder_Update(cx, len, 4); - status = NSSBase64Encoder_Update(cx, it->data, it->len); + NSSBase64Encoder_Update(cx, len, 4); + NSSBase64Encoder_Update(cx, it->data, it->len); } - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(file, "\r\n", 2); + NSSBase64Encoder_Destroy(cx, PR_FALSE); + PR_Write(file, "\r\n", 2); } void @@ -1436,7 +1434,7 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) int minorMode; int i; int keylen = aesp->key.buf.len; - int blocklen = AES_BLOCK_SIZE; + unsigned int blocklen = AES_BLOCK_SIZE; PRIntervalTime time1, time2; unsigned char *params; int len; @@ -1635,6 +1633,8 @@ bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP : rsa_decryptOAEP; break; + default: + break; } return SECSuccess; } @@ -2569,8 +2569,6 @@ printPR_smpString(const char *sformat, char *reportStr, fprintf(stdout, sformat, reportStr); PR_smprintf_free(reportStr); } else { - int prnRes; - LL_L2I(prnRes, rNum); fprintf(stdout, nformat, rNum); } } @@ -2791,8 +2789,8 @@ mode_str_to_hash_alg(const SECItem *modeStr) case bltestSHA256: return HASH_AlgSHA256; case bltestSHA384: return HASH_AlgSHA384; case bltestSHA512: return HASH_AlgSHA512; + default: return HASH_AlgNULL; } - return HASH_AlgNULL; } void @@ -3004,7 +3002,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, bltestIO pt, ct; bltestCipherMode mode; bltestParams *params; - int i, j, nummodes, numtests; + unsigned int i, j, nummodes, numtests; char *modestr; char filename[256]; PLArenaPool *arena; @@ -3457,13 +3455,12 @@ static secuCommandFlag bltest_options[] = int main(int argc, char **argv) { - char *infileName, *outfileName, *keyfileName, *ivfileName; SECStatus rv = SECFailure; - double totalTime; + double totalTime = 0.0; PRIntervalTime time1, time2; PRFileDesc *outfile = NULL; - bltestCipherInfo *cipherInfoListHead, *cipherInfo; + bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL; bltestIOMode ioMode; int bufsize, exponent, curThrdNum; #ifndef NSS_DISABLE_ECC @@ -3511,8 +3508,6 @@ int main(int argc, char **argv) cipherInfo = PORT_ZNew(bltestCipherInfo); cipherInfoListHead = cipherInfo; - /* set some defaults */ - infileName = outfileName = keyfileName = ivfileName = NULL; /* Check the number of commands entered on the command line. */ commandsEntered = 0; @@ -3712,8 +3707,10 @@ int main(int argc, char **argv) fprintf(stderr, "%s: You must specify a signature file with -f.\n", progName); - print_usage: - PORT_Free(cipherInfo); +print_usage: + if (cipherInfo) { + PORT_Free(cipherInfo); + } Usage(); } diff --git a/cmd/certcgi/certcgi.c b/cmd/certcgi/certcgi.c index 9bfa4e869..889de2540 100644 --- a/cmd/certcgi/certcgi.c +++ b/cmd/certcgi/certcgi.c @@ -356,81 +356,6 @@ find_field_bool(Pair *data, } } -static char * -update_data_by_name(Pair *data, - char *field_name, - char *new_data) - /* replaces the data in the data structure associated with - a name with new data, returns null if not found */ -{ - int i = 0; - int found = 0; - int length = 100; - char *new; - - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - new = make_copy_string( new_data, length, '\0'); - PORT_Free(return_data(data, i)); - found = 1; - (*(data + i)).data = new; - break; - } - i++; - } - if (!found) { - new = NULL; - } - return new; -} - -static char * -update_data_by_index(Pair *data, - int n, - char *new_data) - /* replaces the data of a particular index in the data structure */ -{ - int length = 100; - char *new; - - new = make_copy_string(new_data, length, '\0'); - PORT_Free(return_data(data, n)); - (*(data + n)).data = new; - return new; -} - - -static Pair * -add_field(Pair *data, - char* field_name, - char* field_data) - /* adds a new name/data pair to the data structure */ -{ - int i = 0; - int j; - int name_length = 100; - int data_length = 100; - - while(return_name(data, i) != NULL) { - i++; - } - j = START_FIELDS; - while ( j < (i + 1) ) { - j = j * 2; - } - if (j == (i + 1)) { - data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); - if (data == NULL) { - error_allocate(); - } - } - (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); - (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); - (data + i + 1)->name = NULL; - return data; -} - - static CERTCertificateRequest * makeCertReq(Pair *form_data, int which_priv_key) @@ -527,10 +452,6 @@ MakeV1Cert(CERTCertDBHandle *handle, PRExplodedTime printableTime; PRTime now, after; - SECStatus rv; - - - if ( !selfsign ) { issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); if (!issuerCert) { @@ -539,7 +460,7 @@ MakeV1Cert(CERTCertDBHandle *handle, } } if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); + (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); } else { now = PR_Now(); } @@ -550,7 +471,7 @@ MakeV1Cert(CERTCertDBHandle *handle, PR_ExplodeTime (now, PR_GMTParameters, &printableTime); } if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); + (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); PR_ExplodeTime (after, PR_GMTParameters, &printableTime); } else { printableTime.tm_month += 3; @@ -591,7 +512,7 @@ get_serial_number(Pair *data) if (ferror(serialFile) != 0) { error_out("Error: Unable to read serial number file"); } - if (serial == 4294967295) { + if (serial == -1) { serial = 21; } fclose(serialFile); @@ -1417,52 +1338,49 @@ string_to_ipaddress(char *string) return ipaddress; } +static int +chr_to_hex(char c) { + if (isdigit(c)) { + return c - '0'; + } + if (isxdigit(c)) { + return toupper(c) - 'A' + 10; + } + return -1; +} + static SECItem * -string_to_binary(char *string) +string_to_binary(char *string) { SECItem *rv; - int high_digit; - int low_digit; rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); if (rv == NULL) { error_allocate(); } rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - while (!isxdigit(*string)) { + rv->len = 0; + while (*string && !isxdigit(*string)) { string++; } - rv->len = 0; - while (*string != '\0') { - if (isxdigit(*string)) { - if (*string >= '0' && *string <= '9') { - high_digit = *string - '0'; - } else { - *string = toupper(*string); - high_digit = *string - 'A' + 10; - } - string++; - if (*string >= '0' && *string <= '9') { - low_digit = *string - '0'; - } else { - *string = toupper(*string); - low_digit = *string - 'A' + 10; - } - (rv->len)++; - } else { - if (*string == ':') { - string++; - } else { - if (*string == ' ') { - while (*string == ' ') { - string++; - } - } - if (*string != '\0') { - error_out("ERROR: Improperly formated binary encoding"); - } - } - } + while (*string) { + int high, low; + high = chr_to_hex(*string++); + low = chr_to_hex(*string++); + if (high < 0 || low < 0) { + error_out("ERROR: Improperly formated binary encoding"); + } + rv->data[(rv->len)++] = high << 4 | low; + if (*string != ':') { + break; + } + ++string; + } + while (*string == ' ') { + ++string; + } + if (*string) { + error_out("ERROR: Junk after binary encoding"); } return rv; diff --git a/cmd/checkcert/checkcert.c b/cmd/checkcert/checkcert.c index 2a62a08ee..235451c39 100644 --- a/cmd/checkcert/checkcert.c +++ b/cmd/checkcert/checkcert.c @@ -122,7 +122,6 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, SECStatus rv; VFYContext *cx; SECOidData *sigAlgOid, *oiddata; - SECOidTag sigAlgTag; SECOidTag hashAlgTag; int showDigestOid=0; @@ -134,8 +133,6 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); if (sigAlgOid == 0) return SECFailure; - sigAlgTag = sigAlgOid->offset; - if (showDigestOid) { oiddata = SECOID_FindOIDByTag(hashAlgTag); @@ -388,7 +385,7 @@ int main(int argc, char **argv) SECU_RegisterDynamicOids(); rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) { fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", diff --git a/cmd/crlutil/crlgen.c b/cmd/crlutil/crlgen.c index 4eb16f71f..1fad32490 100644 --- a/cmd/crlutil/crlgen.c +++ b/cmd/crlutil/crlgen.c @@ -545,7 +545,7 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; void *dummy; - void *mark; + void *mark = NULL; int code = 0; PORT_Assert(arena && dataArr); @@ -583,7 +583,9 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - PORT_ArenaRelease (arena, mark); + if (mark) { + PORT_ArenaRelease (arena, mark); + } return NULL; } @@ -595,7 +597,7 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; int length = 0; - void *mark; + void *mark = NULL; PORT_Assert(arena && dataArr); if (!arena || !dataArr) { @@ -624,7 +626,9 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - PORT_ArenaRelease(arena, mark); + if (mark) { + PORT_ArenaRelease(arena, mark); + } return NULL; } @@ -1079,7 +1083,6 @@ static SECStatus crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) { PRUint64 i = 0; - PLArenaPool *arena; PORT_Assert(crlGenData && certId); if (!crlGenData || !certId) { @@ -1087,8 +1090,6 @@ crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) return SECFailure; } - arena = crlGenData->signCrl->arena; - if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && certId) { return SECFailure; diff --git a/cmd/crlutil/crlutil.c b/cmd/crlutil/crlutil.c index dd9f4932e..d50137140 100644 --- a/cmd/crlutil/crlutil.c +++ b/cmd/crlutil/crlutil.c @@ -128,7 +128,7 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool dele while (crlNode) { char* asciiname = NULL; CERTCertificate *cert = NULL; - if (crlNode->crl && &crlNode->crl->crl.derName) { + if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) { cert = CERT_FindCertByName(certHandle, &crlNode->crl->crl.derName); if (!cert) { @@ -698,6 +698,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName, inFile, decodeOptions, importOptions); if (signCrl == NULL) { + rv = SECFailure; goto loser; } } @@ -705,6 +706,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, if (!cert) { cert = FindSigningCert(certHandle, signCrl, certNickName); if (cert == NULL) { + rv = SECFailure; goto loser; } } @@ -721,8 +723,10 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, outFileName); } signCrl = CreateNewCrl(arena, certHandle, cert); - if (!signCrl) + if (!signCrl) { + rv = SECFailure; goto loser; + } } rv = UpdateCrl(signCrl, inCrlInitFile); diff --git a/cmd/crmftest/testcrmf.c b/cmd/crmftest/testcrmf.c index ce3d7cfb9..a1343436e 100644 --- a/cmd/crmftest/testcrmf.c +++ b/cmd/crmftest/testcrmf.c @@ -127,13 +127,17 @@ debug_test(SECItem *src, char *filePath) SECStatus get_serial_number(long *dest) { - SECStatus rv; + SECStatus rv; - if (dest == NULL) { + if (dest == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; - } + } rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long)); + if (rv != SECSuccess) { + /* PK11_GenerateRandom calls PORT_SetError */ + return SECFailure; + } /* make serial number positive */ if (*dest < 0L) *dest = - *dest; @@ -937,18 +941,6 @@ DoCMMFStuff(void) return rv; } -static CK_MECHANISM_TYPE -mapWrapKeyType(KeyType keyType) -{ - switch (keyType) { - case rsaKey: - return CKM_RSA_PKCS; - default: - break; - } - return CKM_INVALID_MECHANISM; -} - #define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/ int @@ -1533,10 +1525,6 @@ main(int argc, char **argv) PRUint32 flags = 0; SECStatus rv; PRBool nssInit = PR_FALSE; - PRBool pArg = PR_FALSE; - PRBool eArg = PR_FALSE; - PRBool sArg = PR_FALSE; - PRBool PArg = PR_FALSE; memset( &signPair, 0, sizeof signPair); memset( &cryptPair, 0, sizeof cryptPair); @@ -1559,7 +1547,6 @@ main(int argc, char **argv) printf ("-p failed\n"); return 603; } - pArg = PR_TRUE; break; case 'e': recoveryEncrypter = PORT_Strdup(optstate->value); @@ -1567,7 +1554,6 @@ main(int argc, char **argv) printf ("-e failed\n"); return 602; } - eArg = PR_TRUE; break; case 's': caCertName = PORT_Strdup(optstate->value); @@ -1575,7 +1561,6 @@ main(int argc, char **argv) printf ("-s failed\n"); return 604; } - sArg = PR_TRUE; break; case 'P': password = PORT_Strdup(optstate->value); @@ -1585,7 +1570,6 @@ main(int argc, char **argv) } pwdata.source = PW_PLAINTEXT; pwdata.data = password; - PArg = PR_TRUE; break; case 'f': pwfile = PORT_Strdup(optstate->value); diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c index cdd6b1aa5..1561e7377 100644 --- a/cmd/fipstest/fipstest.c +++ b/cmd/fipstest/fipstest.c @@ -288,7 +288,7 @@ tdea_kat_mmt(char *reqfn) FILE *req; /* input stream from the REQUEST file */ FILE *resp; /* output stream to the RESPONSE file */ int i, j; - int mode; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ + int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ unsigned char key[24]; /* TDEA 3 key bundle */ unsigned int numKeys = 0; @@ -997,10 +997,10 @@ aes_kat_mmt(char *reqfn) FILE *aesreq; /* input stream from the REQUEST file */ FILE *aesresp; /* output stream to the RESPONSE file */ int i, j; - int mode; /* NSS_AES (ECB) or NSS_AES_CBC */ + int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char iv[16]; /* for all modes except ECB */ unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen; @@ -1197,7 +1197,7 @@ aes_ecb_mct(char *reqfn) int i, j; int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char plaintext[16]; /* PT[j] */ unsigned char plaintext_1[16]; /* PT[j-1] */ unsigned char ciphertext[16]; /* CT[j] */ @@ -1480,7 +1480,7 @@ aes_cbc_mct(char *reqfn) int i, j; int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char iv[16]; unsigned char plaintext[16]; /* PT[j] */ unsigned char plaintext_1[16]; /* PT[j-1] */ @@ -2103,7 +2103,7 @@ ecdsa_pkv_test(char *reqfn) ECParams *ecparams = NULL; SECItem pubkey; unsigned int i; - unsigned int len; + unsigned int len = 0; PRBool keyvalid = PR_TRUE; ecdsareq = fopen(reqfn, "r"); @@ -2360,10 +2360,10 @@ ecdsa_sigver_test(char *reqfn) char curve[16]; /* "nistxddd" */ ECPublicKey ecpub; unsigned int i, j; - unsigned int flen; /* length in bytes of the field size */ - unsigned int olen; /* length in bytes of the base point order */ + unsigned int flen = 0; /* length in bytes of the field size */ + unsigned int olen = 0; /* length in bytes of the base point order */ unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ - unsigned int msglen; + unsigned int msglen = 0; unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; @@ -2532,43 +2532,6 @@ loser: } #endif /* NSS_DISABLE_ECC */ - -/* - * Read a value from the test and allocate the result. - */ -static unsigned char * -alloc_value(char *buf, int *len) -{ - unsigned char * value; - int i, count; - - if (strncmp(buf, "<None>", 6) == 0) { - *len = 0; - return NULL; - } - - /* find the length of the number */ - for (count = 0; isxdigit(buf[count]); count++); - *len = count/2; - - if (*len == 0) { - return NULL; - } - - value = PORT_Alloc(*len); - if (!value) { - *len = 0; - return NULL; - } - - for (i=0; i<*len; buf+=2 , i++) { - hex_to_byteval(buf, &value[i]); - } - - - return value; -} - PRBool isblankline(char *b) { @@ -2599,7 +2562,9 @@ drbg(char *reqfn) FILE *rngresp; /* output stream to the RESPONSE file */ unsigned int i, j; +#if 0 PRBool predictionResistance = PR_FALSE; +#endif unsigned char *nonce = NULL; int nonceLen = 0; unsigned char *personalizationString = NULL; @@ -2722,11 +2687,12 @@ drbg(char *reqfn) continue; } +#if 0 /* currently unsupported */ if (strncmp(buf, "[PredictionResistance", 21) == 0) { i = 21; while (isspace(buf[i]) || buf[i] == '=') { i++; - } + } if (strncmp(buf, "False", 5) == 0) { predictionResistance = PR_FALSE; } else { @@ -2736,6 +2702,7 @@ drbg(char *reqfn) fputs(buf, rngresp); continue; } +#endif if (strncmp(buf, "[EntropyInputLen", 16) == 0) { if (entropyInput) { @@ -2990,7 +2957,7 @@ rng_vst(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[DSA1_SIGNATURE_LEN]; @@ -3113,7 +3080,7 @@ rng_mct(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[2*SHA1_LENGTH]; @@ -3416,8 +3383,8 @@ SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp) void sha_test(char *reqfn) { unsigned int i, j; - unsigned int MDlen; /* the length of the Message Digest in Bytes */ - unsigned int msgLen; /* the length of the input Message in Bytes */ + unsigned int MDlen = 0; /* the length of the Message Digest in Bytes */ + unsigned int msgLen = 0; /* the length of the input Message in Bytes */ unsigned char *msg = NULL; /* holds the message to digest.*/ size_t bufSize = 25608; /*MAX buffer size */ char *buf = NULL; /* holds one line from the input REQUEST file.*/ @@ -3594,18 +3561,18 @@ void hmac_test(char *reqfn) unsigned int i, j; size_t bufSize = 400; /* MAX buffer size */ char *buf = NULL; /* holds one line from the input REQUEST file.*/ - unsigned int keyLen; /* Key Length */ + unsigned int keyLen = 0; /* Key Length */ unsigned char key[200]; /* key MAX size = 184 */ unsigned int msgLen = 128; /* the length of the input */ /* Message is always 128 Bytes */ unsigned char *msg = NULL; /* holds the message to digest.*/ - unsigned int HMACLen; /* the length of the HMAC Bytes */ - unsigned int TLen; /* the length of the requested */ + unsigned int HMACLen = 0; /* the length of the HMAC Bytes */ + unsigned int TLen = 0; /* the length of the requested */ /* truncated HMAC Bytes */ unsigned char HMAC[HASH_LENGTH_MAX]; /* computed HMAC */ unsigned char expectedHMAC[HASH_LENGTH_MAX]; /* for .fax files that have */ /* supplied known answer */ - HASH_HashType hash_alg; /* HMAC type */ + HASH_HashType hash_alg = HASH_AlgNULL; /* HMAC type */ FILE *req = NULL; /* input stream from the REQUEST file */ @@ -3901,7 +3868,7 @@ dsa_pqgver_test(char *reqfn) unsigned int i, j; PQGParams pqg; PQGVerify vfy; - unsigned int pghSize; /* size for p, g, and h */ + unsigned int pghSize = 0; /* size for p, g, and h */ dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); @@ -4234,7 +4201,7 @@ dsa_pqggen_test(char *reqfn) unsigned int j; PQGParams *pqg = NULL; PQGVerify *vfy = NULL; - unsigned int keySizeIndex; + unsigned int keySizeIndex = 0; dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); diff --git a/cmd/httpserv/httpserv.c b/cmd/httpserv/httpserv.c index 875b62bbd..b01da4b8f 100644 --- a/cmd/httpserv/httpserv.c +++ b/cmd/httpserv/httpserv.c @@ -339,7 +339,6 @@ static enum { static const char stopCmd[] = { "GET /stop " }; static const char getCmd[] = { "GET " }; -static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Generic Web Server\r\n" @@ -712,8 +711,8 @@ handle_connection( /* else good status response */ if (!isPost && ocspMethodsAllowed == ocspGetUnknown) { unknown = PR_TRUE; - nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ - revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ + nextUpdate = PR_Now() + (PRTime)60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ + revoDate = PR_Now() - (PRTime)60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ } } } diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c index 94c28f59a..77b70b1e6 100644 --- a/cmd/lib/basicutil.c +++ b/cmd/lib/basicutil.c @@ -684,7 +684,7 @@ static unsigned char nibble(char c) { SECStatus SECU_SECItemHexStringToBinary(SECItem* srcdest) { - int i; + unsigned int i; if (!srcdest) { PORT_SetError(SEC_ERROR_INVALID_ARGS); diff --git a/cmd/lib/derprint.c b/cmd/lib/derprint.c index b4eb0ffb4..75811df3f 100644 --- a/cmd/lib/derprint.c +++ b/cmd/lib/derprint.c @@ -446,7 +446,7 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end } lenLen = nb + 1; if (raw) { - int i; + unsigned int i; rv = prettyPrintByte(out, lbyte, lv); if (rv < 0) diff --git a/cmd/lib/pk11table.c b/cmd/lib/pk11table.c index d979835a0..f76dafe81 100644 --- a/cmd/lib/pk11table.c +++ b/cmd/lib/pk11table.c @@ -577,7 +577,7 @@ const Constant _consts[] = { }; const Constant *consts = &_consts[0]; -const int constCount = sizeof(_consts)/sizeof(_consts[0]); +const unsigned int constCount = sizeof(_consts)/sizeof(_consts[0]); const Commands _commands[] = { {"C_Initialize", F_C_Initialize, @@ -1389,7 +1389,7 @@ const int topicCount = sizeof(_topics) / sizeof(_topics[0]); const char * getName(CK_ULONG value, ConstType type) { - int i; + unsigned int i; for (i=0; i < constCount; i++) { if (consts[i].type == type && consts[i].value == value) { @@ -1409,9 +1409,9 @@ getNameFromAttribute(CK_ATTRIBUTE_TYPE type) return getName(type, ConstAttribute); } -int totalKnownType(ConstType type) { - int count = 0; - int i; +unsigned int totalKnownType(ConstType type) { + unsigned int count = 0; + unsigned int i; for (i=0; i < constCount; i++) { if (consts[i].type == type) count++; diff --git a/cmd/lib/pk11table.h b/cmd/lib/pk11table.h index cdc4325fc..0c4052ece 100644 --- a/cmd/lib/pk11table.h +++ b/cmd/lib/pk11table.h @@ -162,7 +162,7 @@ extern const int valueCount; extern const char **constTypeString; extern const int constTypeCount; extern const Constant *consts; -extern const int constCount; +extern const unsigned int constCount; extern const Commands *commands; extern const int commandCount; extern const Topics *topics; @@ -174,7 +174,7 @@ getName(CK_ULONG value, ConstType type); extern const char * getNameFromAttribute(CK_ATTRIBUTE_TYPE type); -extern int totalKnownType(ConstType type); +extern unsigned int totalKnownType(ConstType type); #endif /* _PK11_TABLE_H_ */ diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c index 97331c9c2..92f64f75c 100644 --- a/cmd/lib/secutil.c +++ b/cmd/lib/secutil.c @@ -375,7 +375,8 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, PR_fprintf(PR_STDERR, "Invalid password.\n"); PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - return SECFailure; + rv = SECFailure; + goto done; } } else break; @@ -385,20 +386,22 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); - if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { + rv = PK11_ChangePW(slot, oldpw, newpw); + if (rv != SECSuccess) { PR_fprintf(PR_STDERR, "Failed to change password.\n"); - return SECFailure; + } else { + PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); } PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); - done: - PORT_Memset(newpw, 0, PL_strlen(newpw)); - PORT_Free(newpw); - return SECSuccess; + if (newpw) { + PORT_Memset(newpw, 0, PL_strlen(newpw)); + PORT_Free(newpw); + } + return rv; } struct matchobj { @@ -1550,7 +1553,7 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len); { - int i; + unsigned int i; for (i=0; i < c->serialNumber.len; ++i) { unsigned char *chardata = (unsigned char*)(c->serialNumber.data); unsigned char c = *(chardata + i); @@ -2417,7 +2420,6 @@ SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); CERTCertificate *c; int rv = SEC_ERROR_NO_MEMORY; - int iv; if (!arena) return rv; @@ -2743,7 +2745,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) return rv; } @@ -2862,7 +2864,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) return rv; } @@ -3192,7 +3194,7 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert, data.len = cert->derCert.len; rv = SECU_PrintSignedData(stdout, &data, label, 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) { return(SECFailure); } @@ -3283,7 +3285,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, errstr = NULL; switch (node->error) { case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; + flags = (unsigned int)((char *)node->arg - (char *)NULL); switch (flags) { case KU_DIGITAL_SIGNATURE: errstr = "Cert cannot sign."; @@ -3299,7 +3301,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, break; } case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; + flags = (unsigned int)((char *)node->arg - (char *)NULL); switch (flags) { case NS_CERT_TYPE_SSL_CLIENT: case NS_CERT_TYPE_SSL_SERVER: diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h index 36ed5a4eb..ba42264b5 100644 --- a/cmd/modutil/error.h +++ b/cmd/modutil/error.h @@ -133,25 +133,7 @@ typedef enum { LAST_MSG /* must be last */ } Message; -static char *msgStrings[] = { - "FIPS mode enabled.\n", - "FIPS mode disabled.\n", - "Using database directory %s...\n", - "Creating \"%s\"...", - "Module \"%s\" added to database.\n", - "Module \"%s\" deleted from database.\n", - "Token \"%s\" password changed successfully.\n", - "Incorrect password, try again...\n", - "Passwords do not match, try again...\n", - "done.\n", - "Slot \"%s\" %s.\n", - "Successfully changed defaults.\n", - "Successfully changed defaults.\n", -"\nWARNING: Performing this operation while the browser is running could cause" -"\ncorruption of your security databases. If the browser is currently running," -"\nyou should exit browser before continuing this operation. Type " -"\n'q <enter>' to abort, or <enter> to continue: ", - "\nAborting...\n" -}; +/* defined in modutil.c */ +extern char *msgStrings[]; #endif /* MODUTIL_ERROR_H */ diff --git a/cmd/modutil/installparse.c b/cmd/modutil/installparse.c index e23bbcc98..3691c6388 100644 --- a/cmd/modutil/installparse.c +++ b/cmd/modutil/installparse.c @@ -203,7 +203,7 @@ yyparse() register char *yys; extern char *getenv(); - if (yys = getenv("YYDEBUG")) + if ((yys = getenv("YYDEBUG")) != NULL) { yyn = *yys; if (yyn >= '0' && yyn <= '9') @@ -220,7 +220,7 @@ yyparse() *yyssp = yystate = 0; yyloop: - if (yyn = yydefred[yystate]) goto yyreduce; + if ((yyn = yydefred[yystate]) != 0) goto yyreduce; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; diff --git a/cmd/modutil/lex.Pk11Install_yy.c b/cmd/modutil/lex.Pk11Install_yy.c index 59d9bb597..4533e0c76 100644 --- a/cmd/modutil/lex.Pk11Install_yy.c +++ b/cmd/modutil/lex.Pk11Install_yy.c @@ -1100,6 +1100,7 @@ register char *yy_bp; #endif /* ifndef YY_NO_UNPUT */ +#ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput() #else @@ -1171,6 +1172,7 @@ static int input() return c; } +#endif /* ifndef YY_NO_INPUT */ #ifdef YY_USE_PROTOS diff --git a/cmd/modutil/manifest.mn b/cmd/modutil/manifest.mn index 9929a8059..a92ca68c1 100644 --- a/cmd/modutil/manifest.mn +++ b/cmd/modutil/manifest.mn @@ -24,7 +24,7 @@ PROGRAM = modutil REQUIRES = seccmd nss dbm -DEFINES = -DNSPR20 +DEFINES = -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT # sigh #INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c index ba07bba4f..64212024f 100644 --- a/cmd/modutil/modutil.c +++ b/cmd/modutil/modutil.c @@ -122,6 +122,27 @@ static char *optionStrings[] = { "-chkfips", }; +char *msgStrings[] = { + "FIPS mode enabled.\n", + "FIPS mode disabled.\n", + "Using database directory %s...\n", + "Creating \"%s\"...", + "Module \"%s\" added to database.\n", + "Module \"%s\" deleted from database.\n", + "Token \"%s\" password changed successfully.\n", + "Incorrect password, try again...\n", + "Passwords do not match, try again...\n", + "done.\n", + "Slot \"%s\" %s.\n", + "Successfully changed defaults.\n", + "Successfully changed defaults.\n", +"\nWARNING: Performing this operation while the browser is running could cause" +"\ncorruption of your security databases. If the browser is currently running," +"\nyou should exit browser before continuing this operation. Type " +"\n'q <enter>' to abort, or <enter> to continue: ", + "\nAborting...\n" +}; + /* Increment i if doing so would have i still be less than j. If you are able to do this, return 0. Otherwise return 1. */ #define TRY_INC(i,j) ( ((i+1)<j) ? (++i, 0) : 1 ) diff --git a/cmd/multinit/multinit.c b/cmd/multinit/multinit.c index e2ba4cca6..32c3eb401 100644 --- a/cmd/multinit/multinit.c +++ b/cmd/multinit/multinit.c @@ -314,27 +314,6 @@ appendHex(unsigned char nibble) } /* - * append a secitem as colon separated hex bytes. - */ -static void -appendItem(SECItem *item) -{ - int i; - - if (!buffer.data) { - return; - } - - appendLabel(':'); - for (i=0; i < item->len; i++) { - unsigned char byte=item->data[i]; - appendHex(byte >> 4); - appendHex(byte & 0xf); - appendLabel(':'); - } -} - -/* * append a 32 bit integer (even on a 64 bit platform). * for simplicity append it as a hex value, full extension with 0x prefix. */ @@ -493,7 +472,7 @@ do_list_certs(const char *progName, int log) CERTCertList *sorted; CERTCertListNode *node; CERTCertTrust trust; - int i; + unsigned int i; list = PK11_ListCerts(PK11CertListUnique, NULL); if (list == NULL) { diff --git a/cmd/ocspclnt/ocspclnt.c b/cmd/ocspclnt/ocspclnt.c index e302bb5b8..edf146a21 100644 --- a/cmd/ocspclnt/ocspclnt.c +++ b/cmd/ocspclnt/ocspclnt.c @@ -562,7 +562,7 @@ print_raw_certificates (FILE *out_file, SECItem **raw_certs, int level) while ((raw_cert = raw_certs[i++]) != NULL) { sprintf (cert_label, "Certificate (%d)", i); (void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); } } @@ -964,7 +964,7 @@ main (int argc, char **argv) PLOptState *optstate; SECStatus rv; CERTCertDBHandle *handle = NULL; - SECCertUsage cert_usage; + SECCertUsage cert_usage = certUsageSSLClient; PRTime verify_time; CERTCertificate *cert = NULL; PRBool ascii = PR_FALSE; diff --git a/cmd/ocspresp/ocspresp.c b/cmd/ocspresp/ocspresp.c index 3e9774714..cbc826929 100644 --- a/cmd/ocspresp/ocspresp.c +++ b/cmd/ocspresp/ocspresp.c @@ -129,15 +129,12 @@ main(int argc, char **argv) SECItem *encoded = NULL; CERTOCSPResponse *decoded = NULL; - SECStatus statusDecoded; SECItem *encodedRev = NULL; CERTOCSPResponse *decodedRev = NULL; - SECStatus statusDecodedRev; SECItem *encodedFail = NULL; CERTOCSPResponse *decodedFail = NULL; - SECStatus statusDecodedFail; CERTCertificate *obtainedSignerCert = NULL; @@ -181,40 +178,47 @@ main(int argc, char **argv) encoded = encode(arena, cid, caCert); PORT_Assert(encoded); decoded = CERT_DecodeOCSPResponse(encoded); - statusDecoded = CERT_GetOCSPResponseStatus(decoded); - PORT_Assert(statusDecoded == SECSuccess); - - statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, - &obtainedSignerCert, caCert); - PORT_Assert(statusDecoded == SECSuccess); - statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, - obtainedSignerCert, now); - PORT_Assert(statusDecoded == SECSuccess); + PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decoded)); + + PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, + &obtainedSignerCert, caCert)); + PORT_CheckSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, + obtainedSignerCert, now)); CERT_DestroyCertificate(obtainedSignerCert); encodedRev = encodeRevoked(arena, cid, caCert); PORT_Assert(encodedRev); decodedRev = CERT_DecodeOCSPResponse(encodedRev); - statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev); - PORT_Assert(statusDecodedRev == SECSuccess); + PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decodedRev)); - statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, - &obtainedSignerCert, caCert); - PORT_Assert(statusDecodedRev == SECSuccess); - statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, + &obtainedSignerCert, caCert)); +#ifdef DEBUG + { + SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, obtainedSignerCert, now); - PORT_Assert(statusDecodedRev == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); + PORT_Assert(rv == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); + } +#else + (void)CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + obtainedSignerCert, now); +#endif CERT_DestroyCertificate(obtainedSignerCert); encodedFail = CERT_CreateEncodedOCSPErrorResponse( arena, SEC_ERROR_OCSP_TRY_SERVER_LATER); PORT_Assert(encodedFail); decodedFail = CERT_DecodeOCSPResponse(encodedFail); - statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail); - PORT_Assert(statusDecodedFail == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); - +#ifdef DEBUG + { + SECStatus rv = CERT_GetOCSPResponseStatus(decodedFail); + PORT_Assert(rv == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); + } +#else + (void)CERT_GetOCSPResponseStatus(decodedFail); +#endif retval = 0; loser: if (retval != 0) diff --git a/cmd/oidcalc/oidcalc.c b/cmd/oidcalc/oidcalc.c index 39d300e36..c767099a4 100644 --- a/cmd/oidcalc/oidcalc.c +++ b/cmd/oidcalc/oidcalc.c @@ -44,13 +44,13 @@ main(int argc, char **argv) secondval = atoi(curstr); - if ( ( firstval < 0 ) || ( firstval > 2 ) ) { + if ( firstval > 2 ) { fprintf(stderr, "first component out of range\n"); exit(-1); } - if ( ( secondval < 0 ) || ( secondval > 39 ) ) { + if ( secondval > 39 ) { fprintf(stderr, "second component out of range\n"); exit(-1); } diff --git a/cmd/p7env/p7env.c b/cmd/p7env/p7env.c index 01b35df94..338f9cf30 100644 --- a/cmd/p7env/p7env.c +++ b/cmd/p7env/p7env.c @@ -130,7 +130,6 @@ main(int argc, char **argv) { char *progName; FILE *inFile, *outFile; - char *certName; CERTCertDBHandle *certHandle; struct recipient *recipients, *rcpt; PLOptState *optstate; @@ -142,7 +141,6 @@ main(int argc, char **argv) inFile = NULL; outFile = NULL; - certName = NULL; recipients = NULL; rcpt = NULL; diff --git a/cmd/pk11gcmtest/pk11gcmtest.c b/cmd/pk11gcmtest/pk11gcmtest.c index 35e08ef68..63f4b330b 100644 --- a/cmd/pk11gcmtest/pk11gcmtest.c +++ b/cmd/pk11gcmtest/pk11gcmtest.c @@ -166,22 +166,22 @@ aes_gcm_kat(const char *respfn) FILE *aesresp; /* input stream from the RESPONSE file */ int i, j; unsigned int test_group = 0; - unsigned int num_tests; + unsigned int num_tests = 0; PRBool is_encrypt; unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 16; unsigned char iv[10*16]; /* 1 to 10 blocks */ - unsigned int ivsize; + unsigned int ivsize = 12; unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen = 0; unsigned char aad[10*16]; /* 1 to 10 blocks */ unsigned int aadlen = 0; unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ - unsigned int ciphertextlen; + unsigned int ciphertextlen = 0; unsigned char tag[16]; - unsigned int tagsize; + unsigned int tagsize = 16; unsigned char output[10*16]; /* 1 to 10 blocks */ - unsigned int outputlen; + unsigned int outputlen = 0; unsigned int expected_keylen = 0; unsigned int expected_ivlen = 0; diff --git a/cmd/pk11mode/pk11mode.c b/cmd/pk11mode/pk11mode.c index a9f89f31a..ce89945a8 100644 --- a/cmd/pk11mode/pk11mode.c +++ b/cmd/pk11mode/pk11mode.c @@ -3506,8 +3506,8 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, CK_ATTRIBUTE_PTR pTemplate; CK_ULONG tnObjects = 0; int curMode; - int i; - int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); + unsigned int i; + unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); NUMTESTS++; /* increment NUMTESTS */ @@ -4558,7 +4558,7 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession; CK_RV crv; CK_MECHANISM mk_mech; - CK_VERSION expected_version, version; + CK_VERSION version; CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE type = CKK_GENERIC_SECRET; CK_BBOOL derive_bool = true; @@ -4625,8 +4625,6 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, case CKM_TLS_MASTER_KEY_DERIVE: attrs[3].pValue = NULL; attrs[3].ulValueLen = 0; - expected_version.major = 3; - expected_version.minor = 1; mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom; mkd_params.RandomInfo.ulClientRandomLen = diff --git a/cmd/pk12util/pk12util.c b/cmd/pk12util/pk12util.c index 7b0467f23..398c0f843 100644 --- a/cmd/pk12util/pk12util.c +++ b/cmd/pk12util/pk12util.c @@ -756,7 +756,7 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot, } else if (SECU_PrintSignedData(stdout, dip->der, (dip->hasKey) ? "(has private key)" : "", - 0, SECU_PrintCertificate) != 0) { + 0, (SECU_PPFunc)SECU_PrintCertificate) != 0) { SECU_PrintError(progName,"PKCS12 print cert bag failed"); } if (dip->friendlyName != NULL) { diff --git a/cmd/pk1sign/pk1sign.c b/cmd/pk1sign/pk1sign.c index 5750cdb2d..5f58f8c78 100644 --- a/cmd/pk1sign/pk1sign.c +++ b/cmd/pk1sign/pk1sign.c @@ -175,7 +175,7 @@ main(int argc, char **argv) PRFileDesc *inFile; char *keyName = NULL; CERTCertDBHandle *certHandle; - CERTCertificate *cert; + CERTCertificate *cert = NULL; PLOptState *optstate; PLOptStatus status; SECStatus rv; diff --git a/cmd/pp/pp.c b/cmd/pp/pp.c index 31e766112..73bf0764e 100644 --- a/cmd/pp/pp.c +++ b/cmd/pp/pp.c @@ -136,7 +136,7 @@ int main(int argc, char **argv) if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 || PORT_Strcmp(typeTag, "c") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 || PORT_Strcmp(typeTag, "ci") == 0) { rv = SECU_PrintSignedContent(outFile, &data, 0, 0, diff --git a/cmd/sdrtest/sdrtest.c b/cmd/sdrtest/sdrtest.c index 5740876d5..ba6350624 100644 --- a/cmd/sdrtest/sdrtest.c +++ b/cmd/sdrtest/sdrtest.c @@ -71,9 +71,9 @@ long_usage (char *program_name) int readStdin(SECItem * result) { - int bufsize = 0; + unsigned int bufsize = 0; int cc; - int wanted = 8192; + unsigned int wanted = 8192U; result->len = 0; result->data = NULL; diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index a3be7022c..9509892d3 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -502,8 +502,8 @@ mySSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr, pwdata = SSL_RevealPinArg(fd); - for (;current && i < sniNameArrSize;i++) { - int j = 0; + for (;current && (PRUint32)i < sniNameArrSize;i++) { + unsigned int j = 0; for (;j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j];j++) { if (!PORT_Strncmp(nameArr[j], (const char *)current[i].data, @@ -1129,7 +1129,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, SECItemArray *result = NULL; SECItem *ocspResponse = NULL; CERTOCSPSingleResponse **singleResponses; - CERTOCSPSingleResponse *sr; + CERTOCSPSingleResponse *sr = NULL; CERTOCSPCertID *cid = NULL; CERTCertificate *ca; PRTime now = PR_Now(); @@ -1145,7 +1145,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, if (!cid) errExit("cannot created cid"); - nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ + nextUpdate = now + (PRTime)60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ switch (osm) { case osm_good: @@ -1160,7 +1160,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, case osm_revoked: sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now, &nextUpdate, - now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ + now - (PRTime)60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ NULL); break; default: diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c index cc8a546f5..0a4edc113 100644 --- a/cmd/shlibsign/shlibsign.c +++ b/cmd/shlibsign/shlibsign.c @@ -707,7 +707,7 @@ int main(int argc, char **argv) int bytesWritten; unsigned char file_buf[512]; int count=0; - int keySize = 0; + unsigned int keySize = 0; int i; PRBool verify = PR_FALSE; static PRBool FIPSMODE = PR_FALSE; diff --git a/cmd/signtool/certgen.c b/cmd/signtool/certgen.c index 92c33fdb9..0f7c596dd 100644 --- a/cmd/signtool/certgen.c +++ b/cmd/signtool/certgen.c @@ -420,7 +420,6 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) SECItem der2; SECItem * result2; - void *dummy; SECOidTag alg = SEC_OID_UNKNOWN; alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN); @@ -440,7 +439,7 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) der2.len = 0; der2.data = NULL; - dummy = SEC_ASN1EncodeItem + (void)SEC_ASN1EncodeItem (cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate)); if (rv != SECSuccess) { diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c index 74a208e5e..73568d1ba 100644 --- a/cmd/signtool/util.c +++ b/cmd/signtool/util.c @@ -16,9 +16,11 @@ static int is_dir (char *filename); long *mozilla_event_queue = 0; #ifndef XP_WIN -char *XP_GetString (int i) +char *XP_GetString (int i) { - return SECU_Strerror (i); + /* nasty hackish cast to avoid changing the signature of + * JAR_init_callbacks() */ + return (char *)SECU_Strerror (i); } #endif diff --git a/cmd/ssltap/ssltap.c b/cmd/ssltap/ssltap.c index 170420a6f..8ea465ef3 100644 --- a/cmd/ssltap/ssltap.c +++ b/cmd/ssltap/ssltap.c @@ -41,12 +41,12 @@ struct _DataBuffer; typedef struct _DataBufferList { struct _DataBuffer *first,*last; - int size; + unsigned int size; int isEncrypted; unsigned char * msgBuf; - int msgBufOffset; - int msgBufSize; - int hMACsize; + unsigned int msgBufOffset; + unsigned int msgBufSize; + unsigned int hMACsize; } DataBufferList; typedef struct _DataBuffer { @@ -566,7 +566,7 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor (PRUint32)(GET_SHORT((chv2->rndlength))), (PRUint32)(GET_SHORT((chv2->rndlength)))); PR_fprintf(PR_STDOUT," cipher-suites = { \n"); - for (p=0;p<GET_SHORT((chv2->cslength));p+=3) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->cslength));p+=3) { PRUint32 cs_int = GET_24((&chv2->csuites[p])); const char *cs_str = V2CipherString(cs_int); @@ -575,17 +575,17 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor } q = p; PR_fprintf(PR_STDOUT," }\n"); - if (chv2->sidlength) { + if (GET_SHORT((chv2->sidlength))) { PR_fprintf(PR_STDOUT," session-id = { "); - for (p=0;p<GET_SHORT((chv2->sidlength));p+=2) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->sidlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } } q += p; PR_fprintf(PR_STDOUT,"}\n"); - if (chv2->rndlength) { + if (GET_SHORT((chv2->rndlength))) { PR_fprintf(PR_STDOUT," challenge = { "); - for (p=0;p<GET_SHORT((chv2->rndlength));p+=2) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->rndlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } PR_fprintf(PR_STDOUT,"}\n"); @@ -978,7 +978,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, { struct sslhandshake sslh; unsigned char * hsdata; - int offset=0; + unsigned int offset=0; PR_fprintf(PR_STDOUT," handshake {\n"); @@ -1365,7 +1365,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, offset += sslh.length + 4; } /* while */ if (offset < recordLen) { /* stuff left over */ - int newMsgLen = recordLen - offset; + unsigned int newMsgLen = recordLen - offset; if (!s->msgBuf) { s->msgBuf = PORT_Alloc(newMsgLen); if (!s->msgBuf) { diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c index 43d121e27..f4825050f 100644 --- a/cmd/strsclnt/strsclnt.c +++ b/cmd/strsclnt/strsclnt.c @@ -498,7 +498,6 @@ init_thread_data(void) PRBool useModelSocket = PR_TRUE; -static const char stopCmd[] = { "GET /stop " }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Netscape-Enterprise/2.0a\r\n" @@ -567,8 +566,8 @@ do_writes( { PRFileDesc * ssl_sock = (PRFileDesc *)a; lockedVars * lv = (lockedVars *)b; - int sent = 0; - int count = 0; + unsigned int sent = 0; + int count = 0; while (sent < bigBuf.len) { @@ -712,7 +711,7 @@ PRInt32 lastFullHandshakePeerID; void myHandshakeCallback(PRFileDesc *socket, void *arg) { - PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32) arg); + PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL)); } #endif @@ -732,7 +731,6 @@ do_connects( PRFileDesc * tcp_sock = 0; PRStatus prStatus; PRUint32 sleepInterval = 50; /* milliseconds */ - SECStatus result; int rv = SECSuccess; PRSocketOptionData opt; @@ -839,7 +837,8 @@ retry: PR_snprintf(sockPeerIDString, sizeof(sockPeerIDString), "ID%d", thisPeerID); SSL_SetSockPeerID(ssl_sock, sockPeerIDString); - SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, (void*)thisPeerID); + SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, + (char *)NULL + thisPeerID); #else /* force a full handshake by setting the no cache option */ SSL_OptionSet(ssl_sock, SSL_NO_CACHE, 1); @@ -854,9 +853,9 @@ retry: PR_ATOMIC_INCREMENT(&numConnected); if (bigBuf.data != NULL) { - result = handle_fdx_connection( ssl_sock, tid); + (void)handle_fdx_connection( ssl_sock, tid); } else { - result = handle_connection( ssl_sock, tid); + (void)handle_connection( ssl_sock, tid); } PR_ATOMIC_DECREMENT(&numConnected); diff --git a/cmd/symkeyutil/symkeyutil.c b/cmd/symkeyutil/symkeyutil.c index 05de7d873..353da711b 100644 --- a/cmd/symkeyutil/symkeyutil.c +++ b/cmd/symkeyutil/symkeyutil.c @@ -1015,8 +1015,7 @@ main(int argc, char **argv) } } if (se) { - SECStatus rv2 = PK11_FreeSlotListElement(slotList, se); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(PK11_FreeSlotListElement(slotList, se)); } PK11_FreeSlotList(slotList); } diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c index 72f53badf..ddfadafd5 100644 --- a/cmd/tstclnt/tstclnt.c +++ b/cmd/tstclnt/tstclnt.c @@ -534,9 +534,9 @@ dumpServerCertificateChain(PRFileDesc *fd) return; } else if (dumpServerChain == 1) { - dumpFunction = SECU_PrintCertificateBasicInfo; + dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo; } else { - dumpFunction = SECU_PrintCertificate; + dumpFunction = (SECU_PPFunc)SECU_PrintCertificate; if (dumpServerChain > 2) { dumpCertPEM = PR_TRUE; } @@ -566,7 +566,7 @@ dumpServerCertificateChain(PRFileDesc *fd) PR_TRUE); } if (foundChain) { - int count = 0; + unsigned int count = 0; fprintf(stderr, "==== locally found issuer certificate(s): ====\n"); for(count = 0; count < (unsigned int)foundChain->len; count++) { CERTCertificate *c; @@ -619,7 +619,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (!serverCertAuth->shouldPause) { CERTCertificate *cert; - int i; + unsigned int i; const SECItemArray *csa; if (!serverCertAuth->testFreshStatusFromSideChannel) { @@ -644,8 +644,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (CERT_CacheOCSPResponseFromSideChannel( serverCertAuth->dbHandle, cert, PR_Now(), &csa->items[i], arg) != SECSuccess) { - PRErrorCode error = PR_GetError(); - PORT_Assert(error != 0); + PORT_Assert(PR_GetError() != 0); } } } @@ -1283,7 +1282,7 @@ int main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp; + int ctmp = 0; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/cmd/vfychain/vfychain.c b/cmd/vfychain/vfychain.c index 216fa365d..f9f1787cc 100644 --- a/cmd/vfychain/vfychain.c +++ b/cmd/vfychain/vfychain.c @@ -333,7 +333,7 @@ configureRevocationParams(CERTRevocationFlags *flags) int i; unsigned int testType = REVCONFIG_TEST_UNDEFINED; static CERTRevocationTests *revTests = NULL; - PRUint64 *revFlags; + PRUint64 *revFlags = NULL; for(i = 0;i < REV_METHOD_INDEX_MAX;i++) { if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) { diff --git a/cmd/vfyserv/vfyserv.c b/cmd/vfyserv/vfyserv.c index d83fc3959..6ee22489a 100644 --- a/cmd/vfyserv/vfyserv.c +++ b/cmd/vfyserv/vfyserv.c @@ -510,7 +510,7 @@ main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp; + int ctmp = 0; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/cmd/vfyserv/vfyutil.c b/cmd/vfyserv/vfyutil.c index 15f0d9781..686c7b13f 100644 --- a/cmd/vfyserv/vfyutil.c +++ b/cmd/vfyserv/vfyutil.c @@ -603,7 +603,7 @@ void dumpCertChain(CERTCertificate *cert, SECCertUsage usage) { CERTCertificateList *certList; - int count = 0; + unsigned int count = 0; certList = CERT_CertChainFromCert(cert, usage, PR_TRUE); if (certList == NULL) { diff --git a/coreconf/Linux.mk b/coreconf/Linux.mk index 177a3c874..bbb48ef3c 100644 --- a/coreconf/Linux.mk +++ b/coreconf/Linux.mk @@ -125,14 +125,58 @@ ifdef MOZ_DEBUG_SYMBOLS endif endif +ifndef COMPILER_TAG +COMPILER_TAG = _$(shell $(CC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') +CCC_COMPILER_TAG = _$(shell $(CCC) -? 2>&1 >/dev/null | sed -e 's/:.*//;1q') +endif ifeq ($(USE_PTHREADS),1) OS_PTHREAD = -lpthread endif -OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror-implicit-function-declaration -Wno-switch -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR +OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLAGS) $(ARCHFLAG) -Wall -Werror -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR OS_LIBS = $(OS_PTHREAD) -ldl -lc +ifeq ($(COMPILER_TAG),_clang) +# -Qunused-arguments : clang objects to arguments that it doesn't understand +# and fixing this would require rearchitecture +# -Wno-parentheses-equality : because clang warns about macro expansions +OS_CFLAGS += -Qunused-arguments -Wno-parentheses-equality +ifdef BUILD_OPT +# clang is unable to handle glib's expansion of strcmp and similar for optimized +# builds, so ignore the resulting errors. +# See https://llvm.org/bugs/show_bug.cgi?id=20144 +OS_CFLAGS += -Wno-array-bounds -Wno-unevaluated-expression +endif +# Clang reports its version as an older gcc, but it's OK +NSS_HAS_GCC48 = true +endif + +# Check for the existence of gcc 4.8 +ifndef NSS_HAS_GCC48 +define GCC48_TEST = +int main() {\n +#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)\n + return 1;\n +#else\n + return 0;\n +#endif\n +}\n +endef +TEST_GCC48 := /tmp/test_gcc48_$(shell echo $$$$) +NSS_HAS_GCC48 := (,$(shell echo -e "$(GCC48_TEST)" > $(TEST_GCC48).c && \ + $(CC) -o $(TEST_GCC48) $(TEST_GCC48).c && \ + $(TEST_GCC48) && echo true || echo false; \ + rm -f $(TEST_GCC48) $(TEST_GCC48).c)) +export NSS_HAS_GCC48 +endif + +ifeq (true,$(NSS_HAS_GCC48)) +# Old versions of gcc (< 4.8) don't support #pragma diagnostic in functions. +# Here, we disable use of that #pragma and the warnings it suppresses. +OS_CFLAGS += -DNSS_NO_GCC48 -Wno-unused-variable +endif + ifdef USE_PTHREADS DEFINES += -D_REENTRANT endif diff --git a/coreconf/WIN32.mk b/coreconf/WIN32.mk index 97db9ef92..f891e770d 100644 --- a/coreconf/WIN32.mk +++ b/coreconf/WIN32.mk @@ -24,8 +24,9 @@ else CC = cl CCC = cl LINK = link + LDFLAGS += -nologo AR = lib - AR += -NOLOGO -OUT:$@ + AR += -nologo -OUT:$@ RANLIB = echo BSDECHO = echo RC = rc.exe @@ -103,7 +104,7 @@ endif DLL_SUFFIX = dll ifdef NS_USE_GCC - OS_CFLAGS += -mwindows -mms-bitfields + OS_CFLAGS += -mwindows -mms-bitfields -Werror _GEN_IMPORT_LIB=-Wl,--out-implib,$(IMPORT_LIBRARY) DLLFLAGS += -mwindows -o $@ -shared -Wl,--export-all-symbols $(if $(IMPORT_LIBRARY),$(_GEN_IMPORT_LIB)) ifdef BUILD_OPT @@ -122,7 +123,7 @@ ifdef NS_USE_GCC DEFINES += -DDEBUG -D_DEBUG -UNDEBUG -DDEBUG_$(USERNAME) endif else # !NS_USE_GCC - OS_CFLAGS += -W3 -nologo -D_CRT_SECURE_NO_WARNINGS \ + OS_CFLAGS += -W3 -WX -nologo -D_CRT_SECURE_NO_WARNINGS \ -D_CRT_NONSTDC_NO_WARNINGS OS_DLLFLAGS += -nologo -DLL -SUBSYSTEM:WINDOWS ifeq ($(_MSC_VER),$(_MSC_VER_6)) @@ -187,11 +188,11 @@ endif LDFLAGS += /FIXED:NO endif ifneq ($(_MSC_VER),$(_MSC_VER_6)) - # Convert certain deadly warnings to errors (see list at end of file) - OS_CFLAGS += -we4002 -we4003 -we4004 -we4006 -we4009 -we4013 \ - -we4015 -we4028 -we4033 -we4035 -we4045 -we4047 -we4053 -we4054 -we4063 \ - -we4064 -we4078 -we4087 -we4090 -we4098 -we4390 -we4551 -we4553 -we4715 - + # NSS has too many of these to fix, downgrade the warning + # Disable C4267: conversion from 'size_t' to 'type', possible loss of data + # Disable C4244: conversion from 'type1' to 'type2', possible loss of data + # Disable C4018: 'expression' : signed/unsigned mismatch + OS_CFLAGS += -w44267 -w44244 -w44018 ifeq ($(_MSC_VER_GE_12),1) OS_CFLAGS += -FS endif @@ -365,32 +366,3 @@ endif ifndef TARGETS TARGETS = $(LIBRARY) $(SHARED_LIBRARY) $(IMPORT_LIBRARY) $(PROGRAM) endif - -# list of MSVC warnings converted to errors above: -# 4002: too many actual parameters for macro 'identifier' -# 4003: not enough actual parameters for macro 'identifier' -# 4004: incorrect construction after 'defined' -# 4006: #undef expected an identifier -# 4009: string too big; trailing characters truncated -# 4015: 'identifier' : type of bit field must be integral -# 4028: formal parameter different from declaration -# 4033: 'function' must return a value -# 4035: 'function' : no return value -# 4045: 'identifier' : array bounds overflow -# 4047: 'function' : 'type 1' differs in levels of indirection from 'type 2' -# 4053: one void operand for '?:' -# 4054: 'conversion' : from function pointer 'type1' to data pointer 'type2' -# 4059: pascal string too big, length byte is length % 256 -# 4063: case 'identifier' is not a valid value for switch of enum 'identifier' -# 4064: switch of incomplete enum 'identifier' -# 4078: case constant 'value' too big for the type of the switch expression -# 4087: 'function' : declared with 'void' parameter list -# 4090: 'function' : different 'const' qualifiers -# 4098: 'function' : void function returning a value -# 4390: ';' : empty controlled statement found; is this the intent? -# 4541: RTTI train wreck -# 4715: not all control paths return a value -# 4013: function undefined; assuming extern returning int -# 4553: '==' : operator has no effect; did you intend '='? -# 4551: function call missing argument list - diff --git a/coreconf/rules.mk b/coreconf/rules.mk index 5495b0c32..0a891ebc7 100644 --- a/coreconf/rules.mk +++ b/coreconf/rules.mk @@ -272,6 +272,10 @@ $(IMPORT_LIBRARY): $(MAPFILE) $(IMPLIB) $@ $< $(RANLIB) $@ endif +ifeq ($(OS_ARCH),WINNT) +$(IMPORT_LIBRARY): $(LIBRARY) + cp -f $< $@ +endif ifdef SHARED_LIBRARY_LIBS ifdef BUILD_TREE @@ -433,8 +437,22 @@ endif # Please keep the next two rules in sync. # $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cc - @$(MAKE_OBJDIR) + $(MAKE_OBJDIR) +ifdef STRICT_CPLUSPLUS_SUFFIX + echo "#line 1 \"$<\"" | cat - $< > $(OBJDIR)/t_$*.cc + $(CCC) -o $@ -c $(CFLAGS) $(OBJDIR)/t_$*.cc + rm -f $(OBJDIR)/t_$*.cc +else +ifdef USE_NT_C_SYNTAX + $(CCC) -Fo$@ -c $(CFLAGS) $(call core_abspath,$<) +else +ifdef NEED_ABSOLUTE_PATH + $(CCC) -o $@ -c $(CFLAGS) $(call core_abspath,$<) +else $(CCC) -o $@ -c $(CFLAGS) $< +endif +endif +endif #STRICT_CPLUSPLUS_SUFFIX $(OBJDIR)/$(PROG_PREFIX)%$(OBJ_SUFFIX): %.cpp @$(MAKE_OBJDIR) diff --git a/external_tests/google_test/Makefile b/external_tests/google_test/Makefile index ac7276e78..8a3c1fae6 100644 --- a/external_tests/google_test/Makefile +++ b/external_tests/google_test/Makefile @@ -42,4 +42,13 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### -MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS) +MKSHLIB = $(CCC) $(DSO_LDOPTS) $(DARWIN_SDK_SHLIBFLAGS) +ifeq (WINNT,$(OS_ARCH)) + # -MTd (not -MD) because that makes it link to the right library + # -EHsc because gtest has exception handlers + OS_CFLAGS := $(filterout -MD,$(OS_CFLAGS)) + OS_CFLAGS += -MTd -EHsc + # On windows, we need to create the parent directory + # Needed because we include files from a subdirectory + MAKE_OBJDIR = $(INSTALL) -D $(dir $@) +endif diff --git a/external_tests/ssl_gtest/Makefile b/external_tests/ssl_gtest/Makefile index 9b9ed8915..61965a20a 100644 --- a/external_tests/ssl_gtest/Makefile +++ b/external_tests/ssl_gtest/Makefile @@ -42,7 +42,19 @@ include $(CORE_DEPTH)/coreconf/rules.mk # (7) Execute "local" rules. (OPTIONAL). # ####################################################################### -MKPROG = $(CXX) -CFLAGS += -std=c++0x +MKPROG = $(CCC) include ../../cmd/platrules.mk +ifeq (WINNT,$(OS_ARCH)) + # -MTd (not -MD) because that makes it link to the right library + # -EHsc because gtest has exception handlers + OS_CFLAGS := $(filterout -MD,$(OS_CFLAGS)) + OS_CFLAGS += -MTd -EHsc -nologo + # http://www.suodenjoki.dk/us/archive/2010/min-max.htm + OS_CFLAGS += -DNOMINMAX + + # Linking to winsock to get htonl + OS_LIBS += Ws2_32.lib +else + CFLAGS += -std=c++0x +endif diff --git a/external_tests/ssl_gtest/databuffer.h b/external_tests/ssl_gtest/databuffer.h index c3d3bb9be..5735c2cef 100644 --- a/external_tests/ssl_gtest/databuffer.h +++ b/external_tests/ssl_gtest/databuffer.h @@ -12,6 +12,11 @@ #include <cstring> #include <iomanip> #include <iostream> +#if defined(WIN32) || defined(WIN64) +#include <winsock2.h> +#else +#include <arpa/inet.h> +#endif namespace nss_test { diff --git a/external_tests/ssl_gtest/ssl_loopback_unittest.cc b/external_tests/ssl_gtest/ssl_loopback_unittest.cc index a4a9e78ec..deb690a8f 100644 --- a/external_tests/ssl_gtest/ssl_loopback_unittest.cc +++ b/external_tests/ssl_gtest/ssl_loopback_unittest.cc @@ -318,10 +318,10 @@ TEST_P(TlsConnectStream, ShortRead) { server_->SendData(1200, 1200); // Read the first tranche. WAIT_(client_->received_bytes() == 1024, 2000); - ASSERT_EQ(1024, client_->received_bytes()); + ASSERT_EQ(1024U, client_->received_bytes()); // The second tranche should now immediately be available. client_->ReadBytes(); - ASSERT_EQ(1200, client_->received_bytes()); + ASSERT_EQ(1200U, client_->received_bytes()); } INSTANTIATE_TEST_CASE_P(VariantsStream10, TlsConnectGeneric, diff --git a/external_tests/ssl_gtest/tls_agent.cc b/external_tests/ssl_gtest/tls_agent.cc index ed2ef04a2..a12037a15 100644 --- a/external_tests/ssl_gtest/tls_agent.cc +++ b/external_tests/ssl_gtest/tls_agent.cc @@ -27,7 +27,7 @@ TlsAgent::TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea adapter_(nullptr), ssl_fd_(nullptr), role_(role), - state_(INIT), + state_(STATE_INIT), falsestart_enabled_(false), expected_version_(0), expected_cipher_suite_(0), @@ -122,7 +122,7 @@ void TlsAgent::StartConnect() { SECStatus rv; rv = SSL_ResetHandshake(ssl_fd_, role_ == SERVER ? PR_TRUE : PR_FALSE); EXPECT_EQ(SECSuccess, rv); - SetState(CONNECTING); + SetState(STATE_CONNECTING); } void TlsAgent::EnableSomeEcdheCiphers() { @@ -192,12 +192,12 @@ void TlsAgent::SetExpectedReadError(bool err) { } void TlsAgent::CheckKEAType(SSLKEAType type) const { - EXPECT_EQ(CONNECTED, state_); + EXPECT_EQ(STATE_CONNECTED, state_); EXPECT_EQ(type, csinfo_.keaType); } void TlsAgent::CheckAuthType(SSLAuthType type) const { - EXPECT_EQ(CONNECTED, state_); + EXPECT_EQ(STATE_CONNECTED, state_); EXPECT_EQ(type, csinfo_.authAlgorithm); } @@ -252,7 +252,7 @@ void TlsAgent::CheckSrtp() const { } void TlsAgent::CheckErrorCode(int32_t expected) const { - EXPECT_EQ(ERROR, state_); + EXPECT_EQ(STATE_ERROR, state_); EXPECT_EQ(expected, error_code_); } @@ -315,7 +315,7 @@ void TlsAgent::Connected() { rv = SSL_GetCipherSuiteInfo(info_.cipherSuite, &csinfo_, sizeof(csinfo_)); EXPECT_EQ(SECSuccess, rv); - SetState(CONNECTED); + SetState(STATE_CONNECTED); } void TlsAgent::Handshake() { @@ -344,15 +344,15 @@ void TlsAgent::Handshake() { default: LOG("Handshake failed with error " << err); error_code_ = err; - SetState(ERROR); + SetState(STATE_ERROR); return; } } void TlsAgent::PrepareForRenegotiate() { - EXPECT_EQ(CONNECTED, state_); + EXPECT_EQ(STATE_CONNECTED, state_); - SetState(CONNECTING); + SetState(STATE_CONNECTING); } void TlsAgent::StartRenegotiate() { @@ -377,7 +377,7 @@ void TlsAgent::SendData(size_t bytes, size_t blocksize) { LOG("Writing " << tosend << " bytes"); int32_t rv = PR_Write(ssl_fd_, block, tosend); - ASSERT_EQ(tosend, rv); + ASSERT_EQ(tosend, static_cast<size_t>(rv)); bytes -= tosend; } @@ -396,8 +396,9 @@ void TlsAgent::ReadBytes() { error_code_ = err; } else { ASSERT_LE(0, rv); - LOG("Read " << rv << " bytes"); - for (size_t i = 0; i < rv; ++i) { + size_t count = static_cast<size_t>(rv); + LOG("Read " << count << " bytes"); + for (size_t i = 0; i < count; ++i) { ASSERT_EQ(recv_ctr_ & 0xff, block[i]); recv_ctr_++; } diff --git a/external_tests/ssl_gtest/tls_agent.h b/external_tests/ssl_gtest/tls_agent.h index bfa39107f..ecf614d5f 100644 --- a/external_tests/ssl_gtest/tls_agent.h +++ b/external_tests/ssl_gtest/tls_agent.h @@ -31,7 +31,7 @@ enum SessionResumptionMode { class TlsAgent : public PollTarget { public: enum Role { CLIENT, SERVER }; - enum State { INIT, CONNECTING, CONNECTED, ERROR }; + enum State { STATE_INIT, STATE_CONNECTING, STATE_CONNECTED, STATE_ERROR }; TlsAgent(const std::string& name, Role role, Mode mode, SSLKEAType kea); virtual ~TlsAgent(); @@ -96,19 +96,19 @@ class TlsAgent : public PollTarget { uint16_t min_version() const { return vrange_.min; } uint16_t max_version() const { return vrange_.max; } uint16_t version() const { - EXPECT_EQ(CONNECTED, state_); + EXPECT_EQ(STATE_CONNECTED, state_); return info_.protocolVersion; } bool cipher_suite(int16_t* cipher_suite) const { - if (state_ != CONNECTED) return false; + if (state_ != STATE_CONNECTED) return false; *cipher_suite = info_.cipherSuite; return true; } std::string cipher_suite_name() const { - if (state_ != CONNECTED) return "UNKNOWN"; + if (state_ != STATE_CONNECTED) return "UNKNOWN"; return csinfo_.cipherSuiteName; } @@ -150,10 +150,10 @@ class TlsAgent : public PollTarget { void ReadableCallback_int() { LOG("Readable"); switch (state_) { - case CONNECTING: + case STATE_CONNECTING: Handshake(); break; - case CONNECTED: + case STATE_CONNECTED: ReadBytes(); break; default: diff --git a/external_tests/ssl_gtest/tls_connect.cc b/external_tests/ssl_gtest/tls_connect.cc index e13e094ce..4084cecc5 100644 --- a/external_tests/ssl_gtest/tls_connect.cc +++ b/external_tests/ssl_gtest/tls_connect.cc @@ -131,8 +131,8 @@ void TlsConnectTestBase::Handshake() { client_->Handshake(); server_->Handshake(); - ASSERT_TRUE_WAIT((client_->state() != TlsAgent::CONNECTING) && - (server_->state() != TlsAgent::CONNECTING), + ASSERT_TRUE_WAIT((client_->state() != TlsAgent::STATE_CONNECTING) && + (server_->state() != TlsAgent::STATE_CONNECTING), 5000); } @@ -150,8 +150,8 @@ void TlsConnectTestBase::CheckConnected() { server_->max_version()), client_->version()); - EXPECT_EQ(TlsAgent::CONNECTED, client_->state()); - EXPECT_EQ(TlsAgent::CONNECTED, server_->state()); + EXPECT_EQ(TlsAgent::STATE_CONNECTED, client_->state()); + EXPECT_EQ(TlsAgent::STATE_CONNECTED, server_->state()); int16_t cipher_suite1, cipher_suite2; bool ret = client_->cipher_suite(&cipher_suite1); @@ -180,8 +180,8 @@ void TlsConnectTestBase::ConnectExpectFail() { client_->StartConnect(); Handshake(); - ASSERT_EQ(TlsAgent::ERROR, client_->state()); - ASSERT_EQ(TlsAgent::ERROR, server_->state()); + ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state()); + ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state()); } void TlsConnectTestBase::SetExpectedVersion(uint16_t version) { @@ -252,8 +252,8 @@ void TlsConnectTestBase::SendReceive() { WAIT_( client_->received_bytes() == 50 && server_->received_bytes() == 50, 2000); - ASSERT_EQ(50, client_->received_bytes()); - ASSERT_EQ(50, server_->received_bytes()); + ASSERT_EQ(50U, client_->received_bytes()); + ASSERT_EQ(50U, server_->received_bytes()); } TlsConnectGeneric::TlsConnectGeneric() diff --git a/external_tests/ssl_gtest/tls_parser.h b/external_tests/ssl_gtest/tls_parser.h index 3e6ac24c6..a17933047 100644 --- a/external_tests/ssl_gtest/tls_parser.h +++ b/external_tests/ssl_gtest/tls_parser.h @@ -10,7 +10,11 @@ #include <memory> #include <cstdint> #include <cstring> +#if defined(WIN32) || defined(WIN64) +#include <winsock2.h> +#else #include <arpa/inet.h> +#endif #include "databuffer.h" namespace nss_test { diff --git a/lib/base/hash.c b/lib/base/hash.c index 514e547ac..7eaaf6ff0 100644 --- a/lib/base/hash.c +++ b/lib/base/hash.c @@ -51,9 +51,7 @@ nss_identity_hash const void *key ) { - PRUint32 i = (PRUint32)key; - PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); - return (PLHashNumber)i; + return (PLHashNumber)((char *)key - (char *)NULL); } static PLHashNumber diff --git a/lib/base/list.c b/lib/base/list.c index d6773d743..5f34923b2 100644 --- a/lib/base/list.c +++ b/lib/base/list.c @@ -217,9 +217,8 @@ nsslist_add_element(nssList *list, void *data) NSS_IMPLEMENT PRStatus nssList_Add(nssList *list, void *data) { - PRStatus nssrv; NSSLIST_LOCK_IF(list); - nssrv = nsslist_add_element(list, data); + (void)nsslist_add_element(list, data); NSSLIST_UNLOCK_IF(list); return PR_SUCCESS; } diff --git a/lib/base/tracker.c b/lib/base/tracker.c index 95881f911..06e2baf2a 100644 --- a/lib/base/tracker.c +++ b/lib/base/tracker.c @@ -29,7 +29,7 @@ identity_hash const void *key ) { - return (PLHashNumber)key; + return (PLHashNumber)((char *)key - (char *)NULL); } /* diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c index 2581be227..f282bbb9f 100644 --- a/lib/certdb/certdb.c +++ b/lib/certdb/certdb.c @@ -2443,7 +2443,6 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, { unsigned int i; CERTCertificate **certs = NULL; - SECStatus rv; unsigned int fcerts = 0; if ( ncerts ) { @@ -2491,10 +2490,11 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, * know which cert it belongs to. But we still may try * the individual canickname from the cert itself. */ - rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL); + /* Bug 1192442 - propagate errors from these calls. */ + (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); } else { - rv = CERT_AddTempCertToPerm(certs[i], - nickname?nickname:canickname, NULL); + (void)CERT_AddTempCertToPerm(certs[i], + nickname?nickname:canickname, NULL); } PORT_Free(canickname); @@ -2511,7 +2511,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, } } - return ((fcerts || !ncerts) ? SECSuccess : SECFailure); + return (fcerts || !ncerts) ? SECSuccess : SECFailure; } /* @@ -2893,15 +2893,16 @@ CERT_LockCertRefCount(CERTCertificate *cert) void CERT_UnlockCertRefCount(CERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certRefCountLock != NULL); - prstat = PZ_Unlock(certRefCountLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certRefCountLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certRefCountLock); +#endif } static PZLock *certTrustLock = NULL; @@ -2973,15 +2974,16 @@ cert_DestroyLocks(void) void CERT_UnlockCertTrust(const CERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certTrustLock != NULL); - prstat = PZ_Unlock(certTrustLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certTrustLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certTrustLock); +#endif } diff --git a/lib/certdb/crl.c b/lib/certdb/crl.c index 9f9aa0b2a..05ded1368 100644 --- a/lib/certdb/crl.c +++ b/lib/certdb/crl.c @@ -627,7 +627,6 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, CERTSignedCrl *oldCrl = NULL, *crl = NULL; PRBool deleteOldCrl = PR_FALSE; CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; - SECStatus rv; PORT_Assert(newCrl); PORT_Assert(derCrl); @@ -640,8 +639,8 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, /* we can't use the cache here because we must look in the same token */ - rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, - &oldCrl, CRL_DECODE_SKIP_ENTRIES); + (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, + &oldCrl, CRL_DECODE_SKIP_ENTRIES); /* if there is an old crl on the token, make sure the one we are installing is newer. If not, exit out, otherwise delete the old crl. @@ -2693,7 +2692,7 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer, } if (SECFailure == rv) { - SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); + (void)CERT_FindCRLEntryReasonExten(entry, &reason); PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); } break; @@ -3050,7 +3049,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, { NamedCRLCacheEntry* oldEntry, * newEntry = NULL; NamedCRLCache* ncc = NULL; - SECStatus rv = SECSuccess, rv2; + SECStatus rv = SECSuccess; PORT_Assert(namedCRLCache.lock); PORT_Assert(namedCRLCache.entries); @@ -3088,8 +3087,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, (void*) newEntry)) { PORT_Assert(0); - rv2 = NamedCRLCacheEntry_Destroy(newEntry); - PORT_Assert(SECSuccess == rv2); + NamedCRLCacheEntry_Destroy(newEntry); rv = SECFailure; } } @@ -3112,8 +3110,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - rv2 = NamedCRLCacheEntry_Destroy(oldEntry); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3160,8 +3157,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - rv2 = NamedCRLCacheEntry_Destroy(oldEntry); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3173,8 +3169,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } } } - rv2 = cert_ReleaseNamedCRLCache(ncc); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(cert_ReleaseNamedCRLCache(ncc)); return rv; } diff --git a/lib/certdb/genname.c b/lib/certdb/genname.c index 04c8a7712..6529a6a09 100644 --- a/lib/certdb/genname.c +++ b/lib/certdb/genname.c @@ -67,16 +67,6 @@ static const SEC_ASN1Template CERTOtherNameTemplate[] = { sizeof(CERTGeneralName) } }; -static const SEC_ASN1Template CERTOtherName2Template[] = { - { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 , - 0, NULL, sizeof(CERTGeneralName) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) }, - { SEC_ASN1_ANY, - offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) }, - { 0, } -}; - static const SEC_ASN1Template CERT_RFC822NameTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 , offsetof(CERTGeneralName, name.other), diff --git a/lib/certdb/secname.c b/lib/certdb/secname.c index d070bbfc7..88a0cf75e 100644 --- a/lib/certdb/secname.c +++ b/lib/certdb/secname.c @@ -240,14 +240,6 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from) return 0; } -/************************************************************************/ -/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */ -static const SEC_ASN1Template cert_RDNTemplate[] = { - { SEC_ASN1_SET_OF, - offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } -}; - - CERTRDN * CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...) { diff --git a/lib/certhigh/certhigh.c b/lib/certhigh/certhigh.c index 74651baf2..b06b7af33 100644 --- a/lib/certhigh/certhigh.c +++ b/lib/certhigh/certhigh.c @@ -24,8 +24,6 @@ CERT_MatchNickname(char *name1, char *name2) { char *nickname2 = NULL; char *token1; char *token2; - char *token = NULL; - int len; /* first deal with the straight comparison */ if (PORT_Strcmp(name1, name2) == 0) { @@ -40,20 +38,17 @@ CERT_MatchNickname(char *name1, char *name2) { return PR_FALSE; } if (token1) { - token=name1; nickname1=token1; nickname2=name2; } else { - token=name2; nickname1=token2; nickname2=name1; } - len = nickname1-token; nickname1++; if (PORT_Strcmp(nickname1,nickname2) != 0) { return PR_FALSE; } - /* compare the other token with the internal slot here */ + /* Bug 1192443 - compare the other token with the internal slot here */ return PR_TRUE; } diff --git a/lib/certhigh/certvfypkix.c b/lib/certhigh/certvfypkix.c index dcb2dbf2c..35f841e58 100644 --- a/lib/certhigh/certvfypkix.c +++ b/lib/certhigh/certvfypkix.c @@ -1412,13 +1412,13 @@ setRevocationMethod(PKIX_RevocationChecker *revChecker, { PKIX_UInt32 methodFlags = 0; PKIX_Error *error = NULL; - int priority = 0; + PKIX_UInt32 priority = 0; - if (revTest->number_of_defined_methods <= certRevMethod) { + if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) { return NULL; } if (revTest->preferred_methods) { - int i = 0; + unsigned int i = 0; for (;i < revTest->number_of_preferred_methods;i++) { if (revTest->preferred_methods[i] == certRevMethod) break; diff --git a/lib/certhigh/ocsp.c b/lib/certhigh/ocsp.c index 59b341f1e..86ae0a063 100644 --- a/lib/certhigh/ocsp.c +++ b/lib/certhigh/ocsp.c @@ -559,14 +559,19 @@ ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item) * because of an allocation failure, or it could get removed because we're * cleaning up. */ - PRBool couldRemoveFromHashTable; OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread())); PR_EnterMonitor(OCSP_Global.monitor); ocsp_RemoveCacheItemFromLinkedList(cache, item); - couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, - item->certID); - PORT_Assert(couldRemoveFromHashTable); +#ifdef DEBUG + { + PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, + item->certID); + PORT_Assert(couldRemoveFromHashTable); + } +#else + PL_HashTableRemove(cache->entries, item->certID); +#endif --cache->numberOfEntries; ocsp_FreeCacheItem(item); PR_ExitMonitor(OCSP_Global.monitor); diff --git a/lib/certhigh/xcrldist.c b/lib/certhigh/xcrldist.c index 286dc3775..291a9d888 100644 --- a/lib/certhigh/xcrldist.c +++ b/lib/certhigh/xcrldist.c @@ -101,9 +101,6 @@ CERT_EncodeCRLDistributionPoints (PLArenaPool *arena, rv = SECFailure; break; - /* distributionPointName is omitted */ - case 0: break; - default: PORT_SetError (SEC_ERROR_EXTENSION_VALUE_INVALID); rv = SECFailure; diff --git a/lib/ckfw/builtins/binst.c b/lib/ckfw/builtins/binst.c index 8940ea035..8cb057d96 100644 --- a/lib/ckfw/builtins/binst.c +++ b/lib/ckfw/builtins/binst.c @@ -65,10 +65,8 @@ builtins_mdInstance_GetLibraryVersion NSSCKFWInstance *fwInstance ) { - extern const char __nss_builtins_version[]; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_builtins_version[0]; +#define NSS_VERSION_VARIABLE __nss_builtins_version +#include "verref.h" return nss_builtins_LibraryVersion; } diff --git a/lib/ckfw/builtins/certdata.perl b/lib/ckfw/builtins/certdata.perl index 56771f5cb..e77decf9f 100644 --- a/lib/ckfw/builtins/certdata.perl +++ b/lib/ckfw/builtins/certdata.perl @@ -11,7 +11,6 @@ my $o; my @objects = (); my @objsize; -$constants{CKO_DATA} = "static const CK_OBJECT_CLASS cko_data = CKO_DATA;\n"; $constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n"; $constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n"; diff --git a/lib/ckfw/hash.c b/lib/ckfw/hash.c index 51f53b1a9..e4f6ce2bd 100644 --- a/lib/ckfw/hash.c +++ b/lib/ckfw/hash.c @@ -48,9 +48,7 @@ nss_ckfw_identity_hash const void *key ) { - PRUint32 i = (PRUint32)key; - PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); - return (PLHashNumber)i; + return (PLHashNumber)((char *)key - (char *)NULL); } /* diff --git a/lib/ckfw/token.c b/lib/ckfw/token.c index aaaf11888..4a9757643 100644 --- a/lib/ckfw/token.c +++ b/lib/ckfw/token.c @@ -1258,7 +1258,7 @@ nssCKFWToken_GetUTCTime { /* Format is YYYYMMDDhhmmss00 */ int i; - int Y, M, D, h, m, s, z; + int Y, M, D, h, m, s; static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; for( i = 0; i < 16; i++ ) { @@ -1274,7 +1274,6 @@ nssCKFWToken_GetUTCTime h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0'); m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); - z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0'); if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */ if( (M < 1) || (M > 12) ) goto badtime; diff --git a/lib/crmf/cmmfchal.c b/lib/crmf/cmmfchal.c index 8f7b2982a..bf0b7ba37 100644 --- a/lib/crmf/cmmfchal.c +++ b/lib/crmf/cmmfchal.c @@ -30,7 +30,6 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}}; PK11SlotInfo *slot; PK11SymKey *symKey = NULL; - CK_OBJECT_HANDLE id; CERTSubjectPublicKeyInfo *spki = NULL; @@ -76,7 +75,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, rv = SECFailure; goto loser; } - id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); + (void)PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); /* In order to properly encrypt the data, we import as a symmetric * key, and then wrap that key. That in essence encrypts the data. * This is the method recommended in the PK11 world in order diff --git a/lib/crmf/crmfcont.c b/lib/crmf/crmfcont.c index cc386ea30..4e274d32c 100644 --- a/lib/crmf/crmfcont.c +++ b/lib/crmf/crmfcont.c @@ -857,7 +857,6 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, { SECKEYPublicKey *caPubKey = NULL; CRMFEncryptedKey *encKey = NULL; - CRMFEncryptedValue *dummy; PORT_Assert(inPrivKey != NULL && inCACert != NULL); if (inPrivKey == NULL || inCACert == NULL) { @@ -873,10 +872,17 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, if (encKey == NULL) { goto loser; } - dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, - caPubKey, - &encKey->value.encryptedValue); - PORT_Assert(dummy == &encKey->value.encryptedValue); +#ifdef DEBUG + { + CRMFEncryptedValue *dummy = + crmf_create_encrypted_value_wrapped_privkey( + inPrivKey, caPubKey, &encKey->value.encryptedValue); + PORT_Assert(dummy == &encKey->value.encryptedValue); + } +#else + crmf_create_encrypted_value_wrapped_privkey( + inPrivKey, caPubKey, &encKey->value.encryptedValue); +#endif /* We won't add the der value here, but rather when it * becomes part of a certificate request. */ diff --git a/lib/crmf/crmfi.h b/lib/crmf/crmfi.h index 0dc9b4986..fd27a9b9a 100644 --- a/lib/crmf/crmfi.h +++ b/lib/crmf/crmfi.h @@ -52,7 +52,7 @@ struct crmfEncoderArg { SECItem *buffer; - long allocatedLen; + unsigned long allocatedLen; }; struct crmfEncoderOutput { diff --git a/lib/crmf/crmfpop.c b/lib/crmf/crmfpop.c index 78381bf79..2d4e32699 100644 --- a/lib/crmf/crmfpop.c +++ b/lib/crmf/crmfpop.c @@ -10,7 +10,7 @@ #include "keyhi.h" #include "cryptohi.h" -#define CRMF_DEFAULT_ALLOC_SIZE 1024 +#define CRMF_DEFAULT_ALLOC_SIZE 1024U SECStatus crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, @@ -33,7 +33,6 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) { - SECItem *dummy; CRMFProofOfPossession *pop; PLArenaPool *poolp; void *mark; @@ -52,9 +51,9 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) pop->popChoice.raVerified.data = NULL; pop->popChoice.raVerified.len = 0; inCertReqMsg->pop = pop; - dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), - &(pop->popChoice.raVerified), - CRMFRAVerifiedTemplate); + (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), + &(pop->popChoice.raVerified), + CRMFRAVerifiedTemplate); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); diff --git a/lib/crmf/crmftmpl.c b/lib/crmf/crmftmpl.c index 73d75f8b7..320d52463 100644 --- a/lib/crmf/crmftmpl.c +++ b/lib/crmf/crmftmpl.c @@ -138,19 +138,6 @@ const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = { CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)} }; -static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) }, - { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1, - offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, - offsetof(CRMFPOPOSigningKeyInput, publicKey), - SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) }, - { 0 } -}; - const SEC_ASN1Template CRMFRAVerifiedTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN, 0, @@ -252,19 +239,3 @@ const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = { CRMFEncryptedValueTemplate}, { 0 } }; - -static const SEC_ASN1Template CRMFSinglePubInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFSinglePubInfo)}, - { SEC_ASN1_INTEGER, offsetof(CRMFSinglePubInfo, pubMethod) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC, - offsetof(CRMFSinglePubInfo, pubLocation) }, - { 0 } -}; - -static const SEC_ASN1Template CRMFPublicationInfoTemplate[] ={ - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPKIPublicationInfo) }, - { SEC_ASN1_INTEGER, offsetof(CRMFPKIPublicationInfo, action) }, - { SEC_ASN1_POINTER, offsetof(CRMFPKIPublicationInfo, pubInfos), - CRMFSinglePubInfoTemplate}, - { 0 } -}; diff --git a/lib/dbm/src/h_page.c b/lib/dbm/src/h_page.c index 890e86828..cc0249473 100644 --- a/lib/dbm/src/h_page.c +++ b/lib/dbm/src/h_page.c @@ -720,23 +720,6 @@ __get_page(HTAB *hashp, PAGE_INIT(p); } else { -#ifdef DEBUG - if(BYTE_ORDER == LITTLE_ENDIAN) - { - int is_little_endian; - is_little_endian = BYTE_ORDER; - } - else if(BYTE_ORDER == BIG_ENDIAN) - { - int is_big_endian; - is_big_endian = BYTE_ORDER; - } - else - { - assert(0); - } -#endif - if (hashp->LORDER != BYTE_ORDER) { register int i, max; diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c index d97cbba32..f49915ee1 100644 --- a/lib/dev/devslot.c +++ b/lib/dev/devslot.c @@ -25,9 +25,6 @@ /* measured as interval */ static PRIntervalTime s_token_delay_time = 0; -/* The flags needed to open a read-only session. */ -static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION; - NSS_IMPLEMENT PRStatus nssSlot_Destroy ( NSSSlot *slot diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c index b6032812f..7223e489b 100644 --- a/lib/dev/devtoken.c +++ b/lib/dev/devtoken.c @@ -1466,7 +1466,6 @@ nssToken_TraverseCertificates ( CK_ATTRIBUTE cert_template[2]; CK_ULONG ctsize; NSSArena *arena; - PRStatus status; PRUint32 arraySize, numHandles; nssCryptokiObject **objects; void *epv = nssToken_GetCryptokiEPV(token); @@ -1544,7 +1543,7 @@ nssToken_TraverseCertificates ( if (objects) { nssCryptokiObject **op; for (op = objects; *op; op++) { - status = (*callback)(*op, arg); + (void)(*callback)(*op, arg); } nss_ZFreeIf(objects); } diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c index 5d4ed18bc..984e05b95 100644 --- a/lib/freebl/cts.c +++ b/lib/freebl/cts.c @@ -185,7 +185,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, unsigned char lastBlock[MAX_BLOCK_SIZE]; const unsigned char *tmp; unsigned int tmpLen; - int fullblocks, pad; + unsigned int fullblocks, pad; unsigned int i; SECStatus rv; diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c index cf07eabbe..66c110134 100644 --- a/lib/freebl/dh.c +++ b/lib/freebl/dh.c @@ -205,7 +205,7 @@ DH_Derive(SECItem *publicValue, { mp_int p, Xa, Yb, ZZ, psub1; mp_err err = MP_OKAY; - int len = 0; + unsigned int len = 0; unsigned int nb; unsigned char *secret = NULL; if (!publicValue || !prime || !privateValue || !derivedSecret) { diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c index 4745df4c7..e20db2e6f 100644 --- a/lib/freebl/drbg.c +++ b/lib/freebl/drbg.c @@ -247,26 +247,32 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, /* * build some fast inline functions for adding. */ -#define PRNG_ADD_CARRY_ONLY(dest, start, cy) \ - carry = cy; \ - for (k1=start; carry && k1 >=0 ; k1--) { \ - carry = !(++dest[k1]); \ - } +#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \ + { \ + int k1; \ + for (k1 = start; carry && k1 >= 0; k1--) { \ + carry = !(++dest[k1]); \ + } \ + } /* * NOTE: dest must be an array for the following to work. */ -#define PRNG_ADD_BITS(dest, dest_len, add, len) \ +#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ carry = 0; \ - for (k1=dest_len -1, k2=len-1; k2 >= 0; --k1, --k2) { \ - carry += dest[k1]+ add[k2]; \ - dest[k1] = (PRUint8) carry; \ - carry >>= 8; \ + PORT_Assert((dest_len) >= (len)); \ + { \ + int k1, k2; \ + for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \ + carry += dest[k1] + add[k2]; \ + dest[k1] = (PRUint8) carry; \ + carry >>= 8; \ + } \ } -#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len) \ - PRNG_ADD_BITS(dest, dest_len, add, len) \ - PRNG_ADD_CARRY_ONLY(dest, k1, carry) +#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ + PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ + PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) /* * This function expands the internal state of the prng to fulfill any number @@ -286,7 +292,6 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, SHA256Context ctx; unsigned int len; unsigned int carry; - int k1; SHA256_Begin(&ctx); SHA256_Update(&ctx, data, sizeof data); @@ -295,7 +300,8 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, no_of_returned_bytes -= len; /* The carry parameter is a bool (increment or not). * This increments data if no_of_returned_bytes is not zero */ - PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes); + carry = no_of_returned_bytes; + PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry); } PORT_Memset(data, 0, sizeof data); } @@ -315,7 +321,6 @@ prng_generateNewBytes(RNGContext *rng, PRUint8 H[SHA256_LENGTH]; /* both H and w since they * aren't used concurrently */ unsigned int carry; - int k1, k2; if (!rng->isValid) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -336,7 +341,7 @@ prng_generateNewBytes(RNGContext *rng, SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data); SHA256_Update(&ctx, additional_input, additional_input_len); SHA256_End(&ctx, w, NULL, sizeof w); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w) + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry) PORT_Memset(w, 0, sizeof w); #undef w } @@ -350,11 +355,12 @@ prng_generateNewBytes(RNGContext *rng, /* advance our internal state... */ rng->V_type = prngGenerateByteType; SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H) - PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C); + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry) + PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry); PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter, - sizeof rng->reseed_counter) - PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1); + sizeof rng->reseed_counter, carry) + carry = 1; + PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry); /* continuous rng check */ if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) { @@ -510,7 +516,7 @@ RNG_RandomUpdate(const void *data, size_t bytes) PR_STATIC_ASSERT(sizeof(size_t) > 4); - if (bytes > PRNG_MAX_ADDITIONAL_BYTES) { + if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) { bytes = PRNG_MAX_ADDITIONAL_BYTES; } #else diff --git a/lib/freebl/dsa.c b/lib/freebl/dsa.c index ad3ce0043..0da63ed54 100644 --- a/lib/freebl/dsa.c +++ b/lib/freebl/dsa.c @@ -502,7 +502,7 @@ DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature, mp_int u1, u2, v, w; /* intermediate values used in verification */ mp_int y; /* public key */ mp_err err; - int dsa_subprime_len, dsa_signature_len, offset; + unsigned int dsa_subprime_len, dsa_signature_len, offset; SECItem localDigest; unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN]; SECStatus verified = SECFailure; diff --git a/lib/freebl/ecl/ecl-priv.h b/lib/freebl/ecl/ecl-priv.h index 22dd355a2..16f80a465 100644 --- a/lib/freebl/ecl/ecl-priv.h +++ b/lib/freebl/ecl/ecl-priv.h @@ -29,40 +29,39 @@ ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i)) #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) -#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ +#define MP_ADD_CARRY(a1, a2, s, carry) \ { mp_word w; \ - w = ((mp_word)(cin)) + (a1) + (a2); \ + w = ((mp_word)carry) + (a1) + (a2); \ s = ACCUM(w); \ - cout = CARRYOUT(w); } + carry = CARRYOUT(w); } -#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ +#define MP_SUB_BORROW(a1, a2, s, borrow) \ { mp_word w; \ - w = ((mp_word)(a1)) - (a2) - (bin); \ + w = ((mp_word)(a1)) - (a2) - borrow; \ s = ACCUM(w); \ - bout = (w >> MP_DIGIT_BIT) & 1; } + borrow = (w >> MP_DIGIT_BIT) & 1; } #else /* NOTE, - * cin and cout could be the same variable. - * bin and bout could be the same variable. + * carry and borrow are both read and written. * a1 or a2 and s could be the same variable. * don't trash those outputs until their respective inputs have * been read. */ -#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ +#define MP_ADD_CARRY(a1, a2, s, carry) \ { mp_digit tmp,sum; \ tmp = (a1); \ sum = tmp + (a2); \ tmp = (sum < tmp); /* detect overflow */ \ - s = sum += (cin); \ - cout = tmp + (sum < (cin)); } + s = sum += carry; \ + carry = tmp + (sum < carry); } -#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ +#define MP_SUB_BORROW(a1, a2, s, borrow) \ { mp_digit tmp; \ tmp = (a1); \ s = tmp - (a2); \ tmp = (s > tmp); /* detect borrow */ \ - if ((bin) && !s--) tmp++; \ - bout = tmp; } + if (borrow && !s--) tmp++; \ + borrow = tmp; } #endif diff --git a/lib/freebl/ecl/ecl_gf.c b/lib/freebl/ecl/ecl_gf.c index 22047d519..d250d7863 100644 --- a/lib/freebl/ecl/ecl_gf.c +++ b/lib/freebl/ecl/ecl_gf.c @@ -242,9 +242,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -273,9 +274,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); #else __asm__ ( "subq %3,%0 \n\t" @@ -329,10 +331,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); #else __asm__ ( "xorq %4,%4 \n\t" @@ -364,10 +367,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); #else __asm__ ( "subq %4,%0 \n\t" @@ -426,11 +430,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); - MP_ADD_CARRY(a4, r4, r4, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a4, r4, r4, carry); MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -450,11 +455,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); - MP_SUB_BORROW(r4, a4, r4, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r4, a4, r4, carry); MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; MP_DIGIT(r, 2) = r2; @@ -507,12 +513,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); - MP_ADD_CARRY(a4, r4, r4, carry, carry); - MP_ADD_CARRY(a5, r5, r5, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a4, r4, r4, carry); + MP_ADD_CARRY(a5, r5, r5, carry); MP_CHECKOK(s_mp_pad(r, 6)); MP_DIGIT(r, 5) = r5; @@ -534,12 +541,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); - MP_SUB_BORROW(r4, a4, r4, carry, carry); - MP_SUB_BORROW(r5, a5, r5, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r4, a4, r4, carry); + MP_SUB_BORROW(r5, a5, r5, carry); MP_DIGIT(r, 5) = r5; MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; @@ -587,9 +595,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -610,9 +619,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); #else __asm__ ( "addq %3,%0 \n\t" @@ -675,10 +685,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); #else __asm__ ( "xorq %4,%4 \n\t" @@ -701,10 +712,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); #else __asm__ ( "addq %4,%0 \n\t" @@ -771,11 +783,12 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -785,10 +798,11 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); } MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -843,12 +857,13 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow, borrow); - MP_SUB_BORROW(r5, b5, r5, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow); + MP_SUB_BORROW(r5, b5, r5, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -859,11 +874,12 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); - MP_ADD_CARRY(b4, r4, r4, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); + MP_ADD_CARRY(b4, r4, r4, borrow); } MP_CHECKOK(s_mp_pad(r, 6)); diff --git a/lib/freebl/ecl/ecl_mult.c b/lib/freebl/ecl/ecl_mult.c index a99ca8250..5932828bd 100644 --- a/lib/freebl/ecl/ecl_mult.c +++ b/lib/freebl/ecl/ecl_mult.c @@ -129,7 +129,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_err res = MP_OKAY; mp_int precomp[4][4][2]; const mp_int *a, *b; - int i, j; + unsigned int i, j; int ai, bi, d; ARGCHK(group != NULL, MP_BADARG); @@ -236,7 +236,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_zero(rx); mp_zero(ry); - for (i = d - 1; i >= 0; i--) { + for (i = d; i-- > 0;) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/lib/freebl/ecl/ecp_192.c b/lib/freebl/ecl/ecp_192.c index 70b717a1a..ef11cef99 100644 --- a/lib/freebl/ecl/ecp_192.c +++ b/lib/freebl/ecl/ecp_192.c @@ -72,34 +72,36 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0a = MP_DIGIT(a, 0); /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ - MP_ADD_CARRY(r0a, a3a, r0a, 0, carry); - MP_ADD_CARRY(r0b, a3b, r0b, carry, carry); - MP_ADD_CARRY(r1a, a3a, r1a, carry, carry); - MP_ADD_CARRY(r1b, a3b, r1b, carry, carry); - MP_ADD_CARRY(r2a, a4a, r2a, carry, carry); - MP_ADD_CARRY(r2b, a4b, r2b, carry, carry); + carry = 0; + MP_ADD_CARRY(r0a, a3a, r0a, carry); + MP_ADD_CARRY(r0b, a3b, r0b, carry); + MP_ADD_CARRY(r1a, a3a, r1a, carry); + MP_ADD_CARRY(r1b, a3b, r1b, carry); + MP_ADD_CARRY(r2a, a4a, r2a, carry); + MP_ADD_CARRY(r2b, a4b, r2b, carry); r3 = carry; carry = 0; - MP_ADD_CARRY(r0a, a5a, r0a, 0, carry); - MP_ADD_CARRY(r0b, a5b, r0b, carry, carry); - MP_ADD_CARRY(r1a, a5a, r1a, carry, carry); - MP_ADD_CARRY(r1b, a5b, r1b, carry, carry); - MP_ADD_CARRY(r2a, a5a, r2a, carry, carry); - MP_ADD_CARRY(r2b, a5b, r2b, carry, carry); - r3 += carry; - MP_ADD_CARRY(r1a, a4a, r1a, 0, carry); - MP_ADD_CARRY(r1b, a4b, r1b, carry, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + MP_ADD_CARRY(r0a, a5a, r0a, carry); + MP_ADD_CARRY(r0b, a5b, r0b, carry); + MP_ADD_CARRY(r1a, a5a, r1a, carry); + MP_ADD_CARRY(r1b, a5b, r1b, carry); + MP_ADD_CARRY(r2a, a5a, r2a, carry); + MP_ADD_CARRY(r2b, a5b, r2b, carry); + r3 += carry; carry = 0; + MP_ADD_CARRY(r1a, a4a, r1a, carry); + MP_ADD_CARRY(r1b, a4b, r1b, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); r3 += carry; /* reduce out the carry */ while (r3) { - MP_ADD_CARRY(r0a, r3, r0a, 0, carry); - MP_ADD_CARRY(r0b, 0, r0b, carry, carry); - MP_ADD_CARRY(r1a, r3, r1a, carry, carry); - MP_ADD_CARRY(r1b, 0, r1b, carry, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + carry = 0; + MP_ADD_CARRY(r0a, r3, r0a, carry); + MP_ADD_CARRY(r0b, 0, r0b, carry); + MP_ADD_CARRY(r1a, r3, r1a, carry); + MP_ADD_CARRY(r1b, 0, r1b, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); r3 = carry; } @@ -121,8 +123,9 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) (r1a == 0xfffffffe) && (r0a == 0xffffffff) && (r0b == 0xffffffff)) ) { /* do a quick subtract */ - MP_ADD_CARRY(r0a, 1, r0a, 0, carry); - MP_ADD_CARRY(r0b, carry, r0a, 0, carry); + carry = 0; + MP_ADD_CARRY(r0a, 1, r0a, carry); + MP_ADD_CARRY(r0b, carry, r0a, carry); r1a += 1+carry; r1b = r2a = r2b = 0; } @@ -154,16 +157,17 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, a3, r0, 0, carry); - MP_ADD_CARRY(r1, a3, r1, carry, carry); - MP_ADD_CARRY(r2, a4, r2, carry, carry); - r3 = carry; - MP_ADD_CARRY(r0, a5, r0, 0, carry); - MP_ADD_CARRY(r1, a5, r1, carry, carry); - MP_ADD_CARRY(r2, a5, r2, carry, carry); - r3 += carry; - MP_ADD_CARRY(r1, a4, r1, 0, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, a3, r0, carry); + MP_ADD_CARRY(r1, a3, r1, carry); + MP_ADD_CARRY(r2, a4, r2, carry); + r3 = carry; carry = 0; + MP_ADD_CARRY(r0, a5, r0, carry); + MP_ADD_CARRY(r1, a5, r1, carry); + MP_ADD_CARRY(r2, a5, r2, carry); + r3 += carry; carry = 0; + MP_ADD_CARRY(r1, a4, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); r3 += carry; #else @@ -195,9 +199,10 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* reduce out the carry */ while (r3) { #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, r3, r0, 0, carry); - MP_ADD_CARRY(r1, r3, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, r3, r0, carry); + MP_ADD_CARRY(r1, r3, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); r3 = carry; #else a3=r3; @@ -229,7 +234,8 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { /* do a quick subtract */ - MP_ADD_CARRY(r0, 1, r0, 0, carry); + carry = 0; + MP_ADD_CARRY(r0, 1, r0, carry); r1 += 1+carry; r2 = 0; } @@ -280,9 +286,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -302,9 +309,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, 1, r0, 0, carry); - MP_ADD_CARRY(r1, 1, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, 1, r0, carry); + MP_ADD_CARRY(r1, 1, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); #else __asm__ ( "addq $1,%0 \n\t" @@ -362,9 +370,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -382,9 +391,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, * (subtract the 2's complement of the curve field) */ if (borrow) { #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, 1, r0, 0, borrow); - MP_SUB_BORROW(r1, 1, r1, borrow, borrow); - MP_SUB_BORROW(r2, 0, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, 1, r0, borrow); + MP_SUB_BORROW(r1, 1, r1, borrow); + MP_SUB_BORROW(r2, 0, r2, borrow); #else __asm__ ( "subq $1,%0 \n\t" diff --git a/lib/freebl/ecl/ecp_224.c b/lib/freebl/ecl/ecp_224.c index 18779ba1b..4faab215b 100644 --- a/lib/freebl/ecl/ecp_224.c +++ b/lib/freebl/ecl/ecp_224.c @@ -72,52 +72,54 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - MP_ADD_CARRY (r1b, a3b, r1b, 0, carry); - MP_ADD_CARRY (r2a, a4a, r2a, carry, carry); - MP_ADD_CARRY (r2b, a4b, r2b, carry, carry); - MP_ADD_CARRY (r3a, a5a, r3a, carry, carry); - r3b = carry; - MP_ADD_CARRY (r1b, a5b, r1b, 0, carry); - MP_ADD_CARRY (r2a, a6a, r2a, carry, carry); - MP_ADD_CARRY (r2b, a6b, r2b, carry, carry); - MP_ADD_CARRY (r3a, 0, r3a, carry, carry); - r3b += carry; - MP_SUB_BORROW(r0a, a3b, r0a, 0, carry); - MP_SUB_BORROW(r0b, a4a, r0b, carry, carry); - MP_SUB_BORROW(r1a, a4b, r1a, carry, carry); - MP_SUB_BORROW(r1b, a5a, r1b, carry, carry); - MP_SUB_BORROW(r2a, a5b, r2a, carry, carry); - MP_SUB_BORROW(r2b, a6a, r2b, carry, carry); - MP_SUB_BORROW(r3a, a6b, r3a, carry, carry); - r3b -= carry; - MP_SUB_BORROW(r0a, a5b, r0a, 0, carry); - MP_SUB_BORROW(r0b, a6a, r0b, carry, carry); - MP_SUB_BORROW(r1a, a6b, r1a, carry, carry); + carry = 0; + MP_ADD_CARRY (r1b, a3b, r1b, carry); + MP_ADD_CARRY (r2a, a4a, r2a, carry); + MP_ADD_CARRY (r2b, a4b, r2b, carry); + MP_ADD_CARRY (r3a, a5a, r3a, carry); + r3b = carry; carry = 0; + MP_ADD_CARRY (r1b, a5b, r1b, carry); + MP_ADD_CARRY (r2a, a6a, r2a, carry); + MP_ADD_CARRY (r2b, a6b, r2b, carry); + MP_ADD_CARRY (r3a, 0, r3a, carry); + r3b += carry; carry = 0; + MP_SUB_BORROW(r0a, a3b, r0a, carry); + MP_SUB_BORROW(r0b, a4a, r0b, carry); + MP_SUB_BORROW(r1a, a4b, r1a, carry); + MP_SUB_BORROW(r1b, a5a, r1b, carry); + MP_SUB_BORROW(r2a, a5b, r2a, carry); + MP_SUB_BORROW(r2b, a6a, r2b, carry); + MP_SUB_BORROW(r3a, a6b, r3a, carry); + r3b -= carry; carry = 0; + MP_SUB_BORROW(r0a, a5b, r0a, carry); + MP_SUB_BORROW(r0b, a6a, r0b, carry); + MP_SUB_BORROW(r1a, a6b, r1a, carry); if (carry) { - MP_SUB_BORROW(r1b, 0, r1b, carry, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry); r3b -= carry; } while (r3b > 0) { int tmp; - MP_ADD_CARRY(r1b, r3b, r1b, 0, carry); + carry = 0; + MP_ADD_CARRY(r1b, r3b, r1b, carry); if (carry) { - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); - MP_ADD_CARRY(r3a, 0, r3a, carry, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); + MP_ADD_CARRY(r3a, 0, r3a, carry); } - tmp = carry; - MP_SUB_BORROW(r0a, r3b, r0a, 0, carry); + tmp = carry; carry = 0; + MP_SUB_BORROW(r0a, r3b, r0a, carry); if (carry) { - MP_SUB_BORROW(r0b, 0, r0b, carry, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry, carry); - MP_SUB_BORROW(r1b, 0, r1b, carry, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry); tmp -= carry; } r3b = tmp; @@ -125,13 +127,14 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r3b < 0) { mp_digit maxInt = MP_DIGIT_MAX; - MP_ADD_CARRY (r0a, 1, r0a, 0, carry); - MP_ADD_CARRY (r0b, 0, r0b, carry, carry); - MP_ADD_CARRY (r1a, 0, r1a, carry, carry); - MP_ADD_CARRY (r1b, maxInt, r1b, carry, carry); - MP_ADD_CARRY (r2a, maxInt, r2a, carry, carry); - MP_ADD_CARRY (r2b, maxInt, r2b, carry, carry); - MP_ADD_CARRY (r3a, maxInt, r3a, carry, carry); + carry = 0; + MP_ADD_CARRY (r0a, 1, r0a, carry); + MP_ADD_CARRY (r0b, 0, r0b, carry); + MP_ADD_CARRY (r1a, 0, r1a, carry); + MP_ADD_CARRY (r1b, maxInt, r1b, carry); + MP_ADD_CARRY (r2a, maxInt, r2a, carry); + MP_ADD_CARRY (r2b, maxInt, r2b, carry); + MP_ADD_CARRY (r3a, maxInt, r3a, carry); r3b += carry; } /* check for final reduction */ @@ -140,9 +143,10 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) && ((r1a != 0) || (r0b != 0) || (r0a != 0)) ) { /* one last subraction */ - MP_SUB_BORROW(r0a, 1, r0a, 0, carry); - MP_SUB_BORROW(r0b, 0, r0b, carry, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry, carry); + carry = 0; + MP_SUB_BORROW(r0a, 1, r0a, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry); r1b = r2a = r2b = r3a = 0; } @@ -194,22 +198,26 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - MP_ADD_CARRY (r1, a3b, r1, 0, carry); - MP_ADD_CARRY (r2, a4 , r2, carry, carry); - MP_ADD_CARRY (r3, a5a, r3, carry, carry); - MP_ADD_CARRY (r1, a5b, r1, 0, carry); - MP_ADD_CARRY (r2, a6 , r2, carry, carry); - MP_ADD_CARRY (r3, 0, r3, carry, carry); + carry = 0; + MP_ADD_CARRY (r1, a3b, r1, carry); + MP_ADD_CARRY (r2, a4 , r2, carry); + MP_ADD_CARRY (r3, a5a, r3, carry); + carry = 0; + MP_ADD_CARRY (r1, a5b, r1, carry); + MP_ADD_CARRY (r2, a6 , r2, carry); + MP_ADD_CARRY (r3, 0, r3, carry); - MP_SUB_BORROW(r0, a4a_a3b, r0, 0, carry); - MP_SUB_BORROW(r1, a5a_a4b, r1, carry, carry); - MP_SUB_BORROW(r2, a6a_a5b, r2, carry, carry); - MP_SUB_BORROW(r3, a6b , r3, carry, carry); - MP_SUB_BORROW(r0, a6a_a5b, r0, 0, carry); - MP_SUB_BORROW(r1, a6b , r1, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a4a_a3b, r0, carry); + MP_SUB_BORROW(r1, a5a_a4b, r1, carry); + MP_SUB_BORROW(r2, a6a_a5b, r2, carry); + MP_SUB_BORROW(r3, a6b , r3, carry); + carry = 0; + MP_SUB_BORROW(r0, a6a_a5b, r0, carry); + MP_SUB_BORROW(r1, a6b , r1, carry); if (carry) { - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); } @@ -218,25 +226,28 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r3b = (int)(r3 >>32); while (r3b > 0) { r3 &= 0xffffffff; - MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, 0, carry); + carry = 0; + MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, carry); if (carry) { - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, 0, r3, carry, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, 0, r3, carry); } - MP_SUB_BORROW(r0, r3b, r0, 0, carry); + carry = 0; + MP_SUB_BORROW(r0, r3b, r0, carry); if (carry) { - MP_SUB_BORROW(r1, 0, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r1, 0, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); } r3b = (int)(r3 >>32); } while (r3b < 0) { - MP_ADD_CARRY (r0, 1, r0, 0, carry); - MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry, carry); - MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry, carry); - MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry, carry); + carry = 0; + MP_ADD_CARRY (r0, 1, r0, carry); + MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry); + MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry); + MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry); r3b = (int)(r3 >>32); } /* check for final reduction */ @@ -247,8 +258,9 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) && ((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) { /* one last subraction */ - MP_SUB_BORROW(r0, 1, r0, 0, carry); - MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, 1, r0, carry); + MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry); r2 = r3 = 0; } diff --git a/lib/freebl/ecl/ecp_256.c b/lib/freebl/ecl/ecp_256.c index a834d15d4..936ee6ddd 100644 --- a/lib/freebl/ecl/ecp_256.c +++ b/lib/freebl/ecl/ecp_256.c @@ -68,115 +68,118 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r7 = MP_DIGIT(a,7); /* sum 1 */ - MP_ADD_CARRY(r3, a11, r3, 0, carry); - MP_ADD_CARRY(r4, a12, r4, carry, carry); - MP_ADD_CARRY(r5, a13, r5, carry, carry); - MP_ADD_CARRY(r6, a14, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); - r8 = carry; - MP_ADD_CARRY(r3, a11, r3, 0, carry); - MP_ADD_CARRY(r4, a12, r4, carry, carry); - MP_ADD_CARRY(r5, a13, r5, carry, carry); - MP_ADD_CARRY(r6, a14, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); - r8 += carry; + carry = 0; + MP_ADD_CARRY(r3, a11, r3, carry); + MP_ADD_CARRY(r4, a12, r4, carry); + MP_ADD_CARRY(r5, a13, r5, carry); + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); + r8 = carry; carry = 0; + MP_ADD_CARRY(r3, a11, r3, carry); + MP_ADD_CARRY(r4, a12, r4, carry); + MP_ADD_CARRY(r5, a13, r5, carry); + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); + r8 += carry; carry = 0; /* sum 2 */ - MP_ADD_CARRY(r3, a12, r3, 0, carry); - MP_ADD_CARRY(r4, a13, r4, carry, carry); - MP_ADD_CARRY(r5, a14, r5, carry, carry); - MP_ADD_CARRY(r6, a15, r6, carry, carry); - MP_ADD_CARRY(r7, 0, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r3, a12, r3, carry); + MP_ADD_CARRY(r4, a13, r4, carry); + MP_ADD_CARRY(r5, a14, r5, carry); + MP_ADD_CARRY(r6, a15, r6, carry); + MP_ADD_CARRY(r7, 0, r7, carry); + r8 += carry; carry = 0; /* combine last bottom of sum 3 with second sum 2 */ - MP_ADD_CARRY(r0, a8, r0, 0, carry); - MP_ADD_CARRY(r1, a9, r1, carry, carry); - MP_ADD_CARRY(r2, a10, r2, carry, carry); - MP_ADD_CARRY(r3, a12, r3, carry, carry); - MP_ADD_CARRY(r4, a13, r4, carry, carry); - MP_ADD_CARRY(r5, a14, r5, carry, carry); - MP_ADD_CARRY(r6, a15, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); /* from sum 3 */ - r8 += carry; + MP_ADD_CARRY(r0, a8, r0, carry); + MP_ADD_CARRY(r1, a9, r1, carry); + MP_ADD_CARRY(r2, a10, r2, carry); + MP_ADD_CARRY(r3, a12, r3, carry); + MP_ADD_CARRY(r4, a13, r4, carry); + MP_ADD_CARRY(r5, a14, r5, carry); + MP_ADD_CARRY(r6, a15, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */ + r8 += carry; carry = 0; /* sum 3 (rest of it)*/ - MP_ADD_CARRY(r6, a14, r6, 0, carry); - MP_ADD_CARRY(r7, 0, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, 0, r7, carry); + r8 += carry; carry = 0; /* sum 4 (rest of it)*/ - MP_ADD_CARRY(r0, a9, r0, 0, carry); - MP_ADD_CARRY(r1, a10, r1, carry, carry); - MP_ADD_CARRY(r2, a11, r2, carry, carry); - MP_ADD_CARRY(r3, a13, r3, carry, carry); - MP_ADD_CARRY(r4, a14, r4, carry, carry); - MP_ADD_CARRY(r5, a15, r5, carry, carry); - MP_ADD_CARRY(r6, a13, r6, carry, carry); - MP_ADD_CARRY(r7, a8, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r0, a9, r0, carry); + MP_ADD_CARRY(r1, a10, r1, carry); + MP_ADD_CARRY(r2, a11, r2, carry); + MP_ADD_CARRY(r3, a13, r3, carry); + MP_ADD_CARRY(r4, a14, r4, carry); + MP_ADD_CARRY(r5, a15, r5, carry); + MP_ADD_CARRY(r6, a13, r6, carry); + MP_ADD_CARRY(r7, a8, r7, carry); + r8 += carry; carry = 0; /* diff 5 */ - MP_SUB_BORROW(r0, a11, r0, 0, carry); - MP_SUB_BORROW(r1, a12, r1, carry, carry); - MP_SUB_BORROW(r2, a13, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); - MP_SUB_BORROW(r4, 0, r4, carry, carry); - MP_SUB_BORROW(r5, 0, r5, carry, carry); - MP_SUB_BORROW(r6, a8, r6, carry, carry); - MP_SUB_BORROW(r7, a10, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a11, r0, carry); + MP_SUB_BORROW(r1, a12, r1, carry); + MP_SUB_BORROW(r2, a13, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); + MP_SUB_BORROW(r4, 0, r4, carry); + MP_SUB_BORROW(r5, 0, r5, carry); + MP_SUB_BORROW(r6, a8, r6, carry); + MP_SUB_BORROW(r7, a10, r7, carry); + r8 -= carry; carry = 0; /* diff 6 */ - MP_SUB_BORROW(r0, a12, r0, 0, carry); - MP_SUB_BORROW(r1, a13, r1, carry, carry); - MP_SUB_BORROW(r2, a14, r2, carry, carry); - MP_SUB_BORROW(r3, a15, r3, carry, carry); - MP_SUB_BORROW(r4, 0, r4, carry, carry); - MP_SUB_BORROW(r5, 0, r5, carry, carry); - MP_SUB_BORROW(r6, a9, r6, carry, carry); - MP_SUB_BORROW(r7, a11, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a12, r0, carry); + MP_SUB_BORROW(r1, a13, r1, carry); + MP_SUB_BORROW(r2, a14, r2, carry); + MP_SUB_BORROW(r3, a15, r3, carry); + MP_SUB_BORROW(r4, 0, r4, carry); + MP_SUB_BORROW(r5, 0, r5, carry); + MP_SUB_BORROW(r6, a9, r6, carry); + MP_SUB_BORROW(r7, a11, r7, carry); + r8 -= carry; carry = 0; /* diff 7 */ - MP_SUB_BORROW(r0, a13, r0, 0, carry); - MP_SUB_BORROW(r1, a14, r1, carry, carry); - MP_SUB_BORROW(r2, a15, r2, carry, carry); - MP_SUB_BORROW(r3, a8, r3, carry, carry); - MP_SUB_BORROW(r4, a9, r4, carry, carry); - MP_SUB_BORROW(r5, a10, r5, carry, carry); - MP_SUB_BORROW(r6, 0, r6, carry, carry); - MP_SUB_BORROW(r7, a12, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a13, r0, carry); + MP_SUB_BORROW(r1, a14, r1, carry); + MP_SUB_BORROW(r2, a15, r2, carry); + MP_SUB_BORROW(r3, a8, r3, carry); + MP_SUB_BORROW(r4, a9, r4, carry); + MP_SUB_BORROW(r5, a10, r5, carry); + MP_SUB_BORROW(r6, 0, r6, carry); + MP_SUB_BORROW(r7, a12, r7, carry); + r8 -= carry; carry = 0; /* diff 8 */ - MP_SUB_BORROW(r0, a14, r0, 0, carry); - MP_SUB_BORROW(r1, a15, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, a9, r3, carry, carry); - MP_SUB_BORROW(r4, a10, r4, carry, carry); - MP_SUB_BORROW(r5, a11, r5, carry, carry); - MP_SUB_BORROW(r6, 0, r6, carry, carry); - MP_SUB_BORROW(r7, a13, r7, carry, carry); + MP_SUB_BORROW(r0, a14, r0, carry); + MP_SUB_BORROW(r1, a15, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, a9, r3, carry); + MP_SUB_BORROW(r4, a10, r4, carry); + MP_SUB_BORROW(r5, a11, r5, carry); + MP_SUB_BORROW(r6, 0, r6, carry); + MP_SUB_BORROW(r7, a13, r7, carry); r8 -= carry; /* reduce the overflows */ while (r8 > 0) { - mp_digit r8_d = r8; - MP_ADD_CARRY(r0, r8_d, r0, 0, carry); - MP_ADD_CARRY(r1, 0, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, 0-r8_d, r3, carry, carry); - MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry, carry); - MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry, carry); - MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry, carry); - MP_ADD_CARRY(r7, (r8_d-1), r7, carry, carry); + mp_digit r8_d = r8; carry = 0; + carry = 0; + MP_ADD_CARRY(r0, r8_d, r0, carry); + MP_ADD_CARRY(r1, 0, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, 0-r8_d, r3, carry); + MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry); + MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry); + MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry); + MP_ADD_CARRY(r7, (r8_d-1), r7, carry); r8 = carry; } /* reduce the underflows */ while (r8 < 0) { mp_digit r8_d = -r8; - MP_SUB_BORROW(r0, r8_d, r0, 0, carry); - MP_SUB_BORROW(r1, 0, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0-r8_d, r3, carry, carry); - MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry, carry); - MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry, carry); - MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry, carry); - MP_SUB_BORROW(r7, (r8_d-1), r7, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, r8_d, r0, carry); + MP_SUB_BORROW(r1, 0, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0-r8_d, r3, carry); + MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry); + MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry); + MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry); + MP_SUB_BORROW(r7, (r8_d-1), r7, carry); r8 = 0-carry; } if (a != r) { @@ -229,69 +232,82 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0 = MP_DIGIT(a,0); /* sum 1 */ - MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); - MP_ADD_CARRY(r2, a6, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 = carry; - MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); - MP_ADD_CARRY(r2, a6, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 += carry; + carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, carry); + MP_ADD_CARRY(r2, a6, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 = carry; carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, carry); + MP_ADD_CARRY(r2, a6, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 += carry; carry = 0; /* sum 2 */ - MP_ADD_CARRY(r1, a6l, r1, 0, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); - MP_ADD_CARRY(r3, a7h, r3, carry, carry); - r4 += carry; - MP_ADD_CARRY(r1, a6l, r1, 0, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); - MP_ADD_CARRY(r3, a7h, r3, carry, carry); - r4 += carry; + carry = 0; + MP_ADD_CARRY(r1, a6l, r1, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry); + MP_ADD_CARRY(r3, a7h, r3, carry); + r4 += carry; carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a6l, r1, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry); + MP_ADD_CARRY(r3, a7h, r3, carry); + r4 += carry; carry = 0; /* sum 3 */ - MP_ADD_CARRY(r0, a4, r0, 0, carry); - MP_ADD_CARRY(r1, a5l >> 32, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 += carry; + carry = 0; + MP_ADD_CARRY(r0, a4, r0, carry); + MP_ADD_CARRY(r1, a5l >> 32, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 += carry; carry = 0; /* sum 4 */ - MP_ADD_CARRY(r0, a4h | a5l, r0, 0, carry); - MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry, carry); - MP_ADD_CARRY(r2, a7, r2, carry, carry); - MP_ADD_CARRY(r3, a6h | a4l, r3, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, a4h | a5l, r0, carry); + MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry); + MP_ADD_CARRY(r2, a7, r2, carry); + MP_ADD_CARRY(r3, a6h | a4l, r3, carry); r4 += carry; /* diff 5 */ - MP_SUB_BORROW(r0, a5h | a6l, r0, 0, carry); - MP_SUB_BORROW(r1, a6h, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a5h | a6l, r0, carry); + MP_SUB_BORROW(r1, a6h, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry); r4 -= carry; /* diff 6 */ - MP_SUB_BORROW(r0, a6, r0, 0, carry); - MP_SUB_BORROW(r1, a7, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a6, r0, carry); + MP_SUB_BORROW(r1, a7, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry); r4 -= carry; /* diff 7 */ - MP_SUB_BORROW(r0, a6h|a7l, r0, 0, carry); - MP_SUB_BORROW(r1, a7h|a4l, r1, carry, carry); - MP_SUB_BORROW(r2, a4h|a5l, r2, carry, carry); - MP_SUB_BORROW(r3, a6l, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a6h|a7l, r0, carry); + MP_SUB_BORROW(r1, a7h|a4l, r1, carry); + MP_SUB_BORROW(r2, a4h|a5l, r2, carry); + MP_SUB_BORROW(r3, a6l, r3, carry); r4 -= carry; /* diff 8 */ - MP_SUB_BORROW(r0, a7, r0, 0, carry); - MP_SUB_BORROW(r1, a4h<<32, r1, carry, carry); - MP_SUB_BORROW(r2, a5, r2, carry, carry); - MP_SUB_BORROW(r3, a6h<<32, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a7, r0, carry); + MP_SUB_BORROW(r1, a4h<<32, r1, carry); + MP_SUB_BORROW(r2, a5, r2, carry); + MP_SUB_BORROW(r3, a6h<<32, r3, carry); r4 -= carry; /* reduce the overflows */ while (r4 > 0) { mp_digit r4_long = r4; mp_digit r4l = (r4_long << 32); - MP_ADD_CARRY(r0, r4_long, r0, 0, carry); - MP_ADD_CARRY(r1, 0-r4l, r1, carry, carry); - MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry, carry); - MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry, carry); + carry = 0; + carry = 0; + MP_ADD_CARRY(r0, r4_long, r0, carry); + MP_ADD_CARRY(r1, 0-r4l, r1, carry); + MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry); + MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry); r4 = carry; } @@ -299,10 +315,11 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r4 < 0) { mp_digit r4_long = -r4; mp_digit r4l = (r4_long << 32); - MP_SUB_BORROW(r0, r4_long, r0, 0, carry); - MP_SUB_BORROW(r1, 0-r4l, r1, carry, carry); - MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry, carry); - MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, r4_long, r0, carry); + MP_SUB_BORROW(r1, 0-r4l, r1, carry); + MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry); + MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry); r4 = 0-carry; } diff --git a/lib/freebl/ecl/ecp_521.c b/lib/freebl/ecl/ecp_521.c index 7eac0f075..f70c2f439 100644 --- a/lib/freebl/ecl/ecp_521.c +++ b/lib/freebl/ecl/ecp_521.c @@ -17,7 +17,7 @@ ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth) { mp_err res = MP_OKAY; int a_bits = mpl_significant_bits(a); - int i; + unsigned int i; /* m1, m2 are statically-allocated mp_int of exactly the size we need */ mp_int m1; diff --git a/lib/freebl/ecl/ecp_jac.c b/lib/freebl/ecl/ecp_jac.c index e31730def..f174b1692 100644 --- a/lib/freebl/ecl/ecp_jac.c +++ b/lib/freebl/ecl/ecp_jac.c @@ -387,7 +387,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_int precomp[4][4][2]; mp_int rz; const mp_int *a, *b; - int i, j; + unsigned int i, j; int ai, bi, d; for (i = 0; i < 4; i++) { @@ -494,7 +494,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, MP_CHECKOK(mp_init(&rz)); MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz)); - for (i = d - 1; i >= 0; i--) { + for (i = d; i-- > 0;) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c index c6ace1876..1d9affec2 100644 --- a/lib/freebl/ldvector.c +++ b/lib/freebl/ldvector.c @@ -294,12 +294,9 @@ static const struct FREEBLVectorStr vector = const FREEBLVector * FREEBL_GetVector(void) { - extern const char __nss_freebl_version[]; +#define NSS_VERSION_VARIABLE __nss_freebl_version +#include "verref.h" - /* force a reference that won't get optimized away */ - volatile char c; - - c = __nss_freebl_version[0]; #ifdef FREEBL_NO_DEPEND FREEBL_InitStubs(); #endif diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c index 5eb50de95..9105a6900 100644 --- a/lib/freebl/loader.c +++ b/lib/freebl/loader.c @@ -132,7 +132,6 @@ freebl_LoadDSO( void ) handle = loader_LoadLibrary(name); if (handle) { PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); - PRStatus status; if (address) { FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address; const FREEBLVector * dsoVector = getVector(); @@ -149,8 +148,14 @@ freebl_LoadDSO( void ) } } } - status = PR_UnloadLibrary(handle); - PORT_Assert(PR_SUCCESS == status); +#ifdef DEBUG + { + PRStatus status = PR_UnloadLibrary(blLib); + PORT_Assert(PR_SUCCESS == status); + } +#else + PR_UnloadLibrary(blLib); +#endif } return PR_FAILURE; } @@ -901,8 +906,12 @@ BL_Unload(void) if (blLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { +#ifdef DEBUG PRStatus status = PR_UnloadLibrary(blLib); PORT_Assert(PR_SUCCESS == status); +#else + PR_UnloadLibrary(blLib); +#endif } blLib = NULL; } diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c index 1a0916e2d..6ac15b64b 100644 --- a/lib/freebl/md5.c +++ b/lib/freebl/md5.c @@ -259,7 +259,7 @@ MD5_Begin(MD5Context *cx) (i32) #else #define lendian(i32) \ - (tmp = i32 >> 16 | i32 << 16, (tmp & MASK) << 8 | tmp >> 8 & MASK) + (tmp = (i32 >> 16) | (i32 << 16), ((tmp & MASK) << 8) | ((tmp >> 8) & MASK)) #endif #ifndef IS_LITTLE_ENDIAN diff --git a/lib/freebl/mpi/mpcpucache.c b/lib/freebl/mpi/mpcpucache.c index 9a4a9d30c..925006110 100644 --- a/lib/freebl/mpi/mpcpucache.c +++ b/lib/freebl/mpi/mpcpucache.c @@ -3,6 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "mpi.h" +#include "prtypes.h" /* * This file implements a single function: s_mpi_getProcessorLineSize(); @@ -619,35 +620,17 @@ unsigned long s_mpi_is_sse2() { unsigned long eax, ebx, ecx, edx; - int manufacturer = MAN_UNKNOWN; - int i; - char string[13]; if (is386() || is486()) { return 0; } freebl_cpuid(0, &eax, &ebx, &ecx, &edx); - /* string holds the CPU's manufacturer ID string - a twelve - * character ASCII string stored in ebx, edx, ecx, and - * the 32-bit extended feature flags are in edx, ecx. - */ - *(int *)string = ebx; - *(int *)&string[4] = (int)edx; - *(int *)&string[8] = (int)ecx; - string[12] = 0; /* has no SSE2 extensions */ if (eax == 0) { return 0; } - for (i=0; i < n_manufacturers; i++) { - if ( strcmp(manMap[i],string) == 0) { - manufacturer = i; - break; - } - } - freebl_cpuid(1,&eax,&ebx,&ecx,&edx); return (edx & SSE2_FLAG) == SSE2_FLAG; } @@ -657,11 +640,12 @@ unsigned long s_mpi_getProcessorLineSize() { unsigned long eax, ebx, ecx, edx; + PRUint32 cpuid[3]; unsigned long cpuidLevel; unsigned long cacheLineSize = 0; int manufacturer = MAN_UNKNOWN; int i; - char string[65]; + char string[13]; #if !defined(AMD_64) if (is386()) { @@ -678,9 +662,10 @@ s_mpi_getProcessorLineSize() * character ASCII string stored in ebx, edx, ecx, and * the 32-bit extended feature flags are in edx, ecx. */ - *(int *)string = ebx; - *(int *)&string[4] = (int)edx; - *(int *)&string[8] = (int)ecx; + cpuid[0] = ebx; + cpuid[1] = ecx; + cpuid[2] = edx; + memcpy(string, cpuid, sizeof(cpuid)); string[12] = 0; manufacturer = MAN_UNKNOWN; diff --git a/lib/freebl/mpi/mpi-priv.h b/lib/freebl/mpi/mpi-priv.h index e81d0fe0e..7a0725f46 100644 --- a/lib/freebl/mpi/mpi-priv.h +++ b/lib/freebl/mpi/mpi-priv.h @@ -254,8 +254,10 @@ mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, mp_digit *quot, mp_digit *rem); /* c += a * b * (MP_RADIX ** offset); */ +/* Callers of this macro should be aware that the return type might vary; + * it should be treated as a void function. */ #define s_mp_mul_d_add_offset(a, b, c, off) \ -(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY) + s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off) typedef struct { mp_int N; /* modulus N */ diff --git a/lib/freebl/mpi/mpi.c b/lib/freebl/mpi/mpi.c index 2a3719b88..43ce83ae6 100644 --- a/lib/freebl/mpi/mpi.c +++ b/lib/freebl/mpi/mpi.c @@ -1095,7 +1095,7 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c) mp_int s, x; mp_err res; mp_digit d; - int dig, bit; + unsigned int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -1470,7 +1470,7 @@ mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c mp_int s, x, mu; mp_err res; mp_digit d; - int dig, bit; + unsigned int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -2004,7 +2004,7 @@ mp_size mp_trailing_zeros(const mp_int *mp) { mp_digit d; mp_size n = 0; - int ix; + unsigned int ix; if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp)) return n; @@ -2916,8 +2916,7 @@ void s_mp_exch(mp_int *a, mp_int *b) mp_err s_mp_lshd(mp_int *mp, mp_size p) { mp_err res; - mp_size pos; - int ix; + unsigned int ix; if(p == 0) return MP_OKAY; @@ -2928,14 +2927,13 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p) if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY) return res; - pos = USED(mp) - 1; - /* Shift all the significant figures over as needed */ - for(ix = pos - p; ix >= 0; ix--) + for (ix = USED(mp) - p; ix-- > 0;) { DIGIT(mp, ix + p) = DIGIT(mp, ix); + } /* Fill the bottom digits with zeroes */ - for(ix = 0; ix < p; ix++) + for(ix = 0; (mp_size)ix < p; ix++) DIGIT(mp, ix) = 0; return MP_OKAY; @@ -3046,7 +3044,7 @@ void s_mp_div_2(mp_int *mp) mp_err s_mp_mul_2(mp_int *mp) { mp_digit *pd; - int ix, used; + unsigned int ix, used; mp_digit kin = 0; /* Shift digits leftward by 1 bit */ @@ -4672,10 +4670,10 @@ mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len) /* }}} */ /* {{{ mp_unsigned_octet_size(mp) */ -int +unsigned int mp_unsigned_octet_size(const mp_int *mp) { - int bytes; + unsigned int bytes; int ix; mp_digit d = 0; @@ -4712,12 +4710,12 @@ mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); + ARGCHK(bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4744,12 +4742,12 @@ mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); + ARGCHK(bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4784,12 +4782,12 @@ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= length, MP_BADARG); + ARGCHK(bytes <= length, MP_BADARG); /* place any needed leading zeros */ for (;length > bytes; --length) { diff --git a/lib/freebl/mpi/mpi.h b/lib/freebl/mpi/mpi.h index a556c17e9..b1b45d257 100644 --- a/lib/freebl/mpi/mpi.h +++ b/lib/freebl/mpi/mpi.h @@ -258,7 +258,7 @@ const char *mp_strerror(mp_err ec); /* Octet string conversion functions */ mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len); -int mp_unsigned_octet_size(const mp_int *mp); +unsigned int mp_unsigned_octet_size(const mp_int *mp); mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len); diff --git a/lib/freebl/mpi/mplogic.c b/lib/freebl/mpi/mplogic.c index dbec7acfc..df0aad0e1 100644 --- a/lib/freebl/mpi/mplogic.c +++ b/lib/freebl/mpi/mplogic.c @@ -403,9 +403,9 @@ mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits) returns number of significnant bits in abs(a). returns 1 if value is zero. */ -mp_err mpl_significant_bits(const mp_int *a) +mp_size mpl_significant_bits(const mp_int *a) { - mp_err bits = 0; + mp_size bits = 0; int ix; ARGCHK(a != NULL, MP_BADARG); diff --git a/lib/freebl/mpi/mplogic.h b/lib/freebl/mpi/mplogic.h index f45fe3665..e05374a82 100644 --- a/lib/freebl/mpi/mplogic.h +++ b/lib/freebl/mpi/mplogic.h @@ -47,6 +47,6 @@ mp_err mpl_parity(mp_int *a); /* determine parity */ mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value); mp_err mpl_get_bit(const mp_int *a, mp_size bitNum); mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits); -mp_err mpl_significant_bits(const mp_int *a); +mp_size mpl_significant_bits(const mp_int *a); #endif /* end _H_MPLOGIC_ */ diff --git a/lib/freebl/mpi/mpmontg.c b/lib/freebl/mpi/mpmontg.c index d619360aa..9667755d0 100644 --- a/lib/freebl/mpi/mpmontg.c +++ b/lib/freebl/mpi/mpmontg.c @@ -47,7 +47,7 @@ mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm) for (i = 0; i < MP_USED(&mmm->N); ++i ) { mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime; /* T += N * m_i * (MP_RADIX ** i); */ - MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) ); + s_mp_mul_d_add_offset(&mmm->N, m_i, T, i); } s_mp_clamp(T); diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c index f0baf9d2a..9b97fb206 100644 --- a/lib/freebl/mpi/mpprime.c +++ b/lib/freebl/mpi/mpprime.c @@ -394,7 +394,7 @@ mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, { mp_digit np; mp_err res; - int i = 0; + unsigned int i = 0; mp_int trial; mp_int q; mp_size num_tests; diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c index e6a634aef..a9ab5b738 100644 --- a/lib/freebl/nsslowhash.c +++ b/lib/freebl/nsslowhash.c @@ -285,14 +285,9 @@ static NSSLOWInitContext dummyContext = { 0 }; NSSLOWInitContext * NSSLOW_Init(void) { - SECStatus rv; CK_RV crv; #ifdef FREEBL_NO_DEPEND - PRBool nsprAvailable = PR_FALSE; - - - rv = FREEBL_InitStubs(); - nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE; + (void)FREEBL_InitStubs(); #endif if (post_failed) { diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c index 56cdd20cc..f79715572 100644 --- a/lib/freebl/pqg.c +++ b/lib/freebl/pqg.c @@ -494,7 +494,7 @@ makePrimefromPrimesShaweTaylor( mp_int * q, /* sub prime, can be 1 */ mp_int * prime, /* output. */ SECItem * prime_seed, /* input/output. */ - int * prime_gen_counter) /* input/output. */ + unsigned int *prime_gen_counter) /* input/output. */ { mp_int c; mp_int c0_2; @@ -727,7 +727,7 @@ makePrimefromSeedShaweTaylor( const SECItem * input_seed, /* input. */ mp_int * prime, /* output. */ SECItem * prime_seed, /* output. */ - int * prime_gen_counter) /* output. */ + unsigned int *prime_gen_counter) /* output. */ { mp_int c; mp_int c0; @@ -882,7 +882,7 @@ findQfromSeed( const SECItem * seed, /* input. */ mp_int * Q, /* input. */ mp_int * Q_, /* output. */ - int * qseed_len, /* output */ + unsigned int *qseed_len, /* output */ HASH_HashType *hashtypePtr, /* output. Hash uses */ pqgGenType *typePtr) /* output. Generation Type used */ { @@ -937,7 +937,7 @@ const SECItem * seed, /* input. */ firstseed.len = seed->len/3; for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL; hashtype=getNextHash(hashtype)) { - int count; + unsigned int count; rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_, &qseed, &count); @@ -1229,7 +1229,6 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy) { unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ - unsigned int b; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/ unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ @@ -1309,8 +1308,7 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */ n = (L - 1) / outlen; - /* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */ - b = (L - 1) % outlen; + /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */ seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */ step_5: /* ****************************************************************** @@ -1348,7 +1346,7 @@ step_5: CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) ); } else { /* FIPS186_3_ST_TYPE */ - int qgen_counter, pgen_counter; + unsigned int qgen_counter, pgen_counter; /* Step 1 (L,N) already checked for acceptability */ @@ -1589,7 +1587,7 @@ PQG_VerifyParams(const PQGParams *params, mp_err err = MP_OKAY; int j; unsigned int counter_max = 0; /* handle legacy L < 1024 */ - int qseed_len; + unsigned int qseed_len; SECItem pseed_ = {0, 0, 0}; HASH_HashType hashtype; pqgGenType type; @@ -1682,8 +1680,8 @@ PQG_VerifyParams(const PQGParams *params, if (type == FIPS186_3_ST_TYPE) { SECItem qseed = { 0, 0, 0 }; SECItem pseed = { 0, 0, 0 }; - int first_seed_len; - int pgen_counter = 0; + unsigned int first_seed_len; + unsigned int pgen_counter = 0; /* extract pseed and qseed from domain_parameter_seed, which is * first_seed || pseed || qseed. qseed is first_seed + small_integer diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c index 498cc96bc..f885acc44 100644 --- a/lib/freebl/rsa.c +++ b/lib/freebl/rsa.c @@ -248,7 +248,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) PLArenaPool *arena = NULL; /* Require key size to be a multiple of 16 bits. */ if (!publicExponent || keySizeInBits % 16 != 0 || - BAD_RSA_KEY_SIZE(keySizeInBits/8, publicExponent->len)) { + BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits/8, publicExponent->len)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } diff --git a/lib/freebl/sha512.c b/lib/freebl/sha512.c index 0e6baa87f..378673b2c 100644 --- a/lib/freebl/sha512.c +++ b/lib/freebl/sha512.c @@ -142,8 +142,8 @@ static __inline__ PRUint32 swap4b(PRUint32 value) /* Capitol Sigma and lower case sigma functions */ #define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22)) #define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25)) -#define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3)) -#define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10)) +#define s0(x) (ROTR32(x, 7) ^ ROTR32(x,18) ^ SHR(x, 3)) +#define s1(x) (ROTR32(x,17) ^ ROTR32(x,19) ^ SHR(x,10)) SHA256Context * SHA256_NewContext(void) @@ -172,8 +172,6 @@ static void SHA256_Compress(SHA256Context *ctx) { { - register PRUint32 t1, t2; - #if defined(IS_LITTLE_ENDIAN) BYTESWAP4(W[0]); BYTESWAP4(W[1]); @@ -654,8 +652,8 @@ void SHA224_Clone(SHA224Context *dest, SHA224Context *src) #define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39)) #define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41)) -#define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7)) -#define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6)) +#define s0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SHR(x,7)) +#define s1(x) (ROTR64(x,19) ^ ROTR64(x,61) ^ SHR(x,6)) #if PR_BYTES_PER_LONG == 8 #define ULLC(hi,lo) 0x ## hi ## lo ## UL @@ -680,10 +678,14 @@ static __inline__ PRUint64 swap8b(PRUint64 value) #else #define SHA_MASK16 ULLC(0000FFFF,0000FFFF) #define SHA_MASK8 ULLC(00FF00FF,00FF00FF) -#define SHA_HTONLL(x) (t1 = x, \ - t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \ - t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \ - (t1 >> 32) | (t1 << 32)) +static PRUint64 swap8b(PRUint64 x) +{ + PRUint64 t1 = x; + t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ); + t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16); + return (t1 >> 32) | (t1 << 32); +} +#define SHA_HTONLL(x) swap8b(x) #endif #define BYTESWAP8(x) x = SHA_HTONLL(x) @@ -927,11 +929,6 @@ SHA512_Compress(SHA512Context *ctx) { #if defined(IS_LITTLE_ENDIAN) { -#if defined(HAVE_LONG_LONG) - PRUint64 t1; -#else - PRUint32 t1; -#endif BYTESWAP8(W[0]); BYTESWAP8(W[1]); BYTESWAP8(W[2]); @@ -952,7 +949,6 @@ SHA512_Compress(SHA512Context *ctx) #endif { - PRUint64 t1, t2; #ifdef NOUNROLL512 { /* prepare the "message schedule" */ @@ -1223,10 +1219,8 @@ SHA512_End(SHA512Context *ctx, unsigned char *digest, { #if defined(HAVE_LONG_LONG) unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f; - PRUint64 t1; #else unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f; - PRUint32 t1; #endif unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); PRUint64 lo; @@ -1268,11 +1262,6 @@ void SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen) { -#if defined(HAVE_LONG_LONG) - PRUint64 t1; -#else - PRUint32 t1; -#endif PRUint64 h[8]; unsigned int len; diff --git a/lib/freebl/sha_fast.c b/lib/freebl/sha_fast.c index b826cf93a..290194953 100644 --- a/lib/freebl/sha_fast.c +++ b/lib/freebl/sha_fast.c @@ -148,7 +148,6 @@ SHA1_End(SHA1Context *ctx, unsigned char *hashout, { register PRUint64 size; register PRUint32 lenB; - PRUint32 tmpbuf[5]; static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -188,7 +187,6 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout, #if defined(SHA_NEED_TMP_VARIABLE) register PRUint32 tmp; #endif - PRUint32 tmpbuf[5]; PORT_Assert (maxDigestLen >= SHA1_LENGTH); SHA_STORE_RESULT; diff --git a/lib/freebl/sha_fast.h b/lib/freebl/sha_fast.h index 9d47aba42..256e1900d 100644 --- a/lib/freebl/sha_fast.h +++ b/lib/freebl/sha_fast.h @@ -147,6 +147,7 @@ static __inline__ PRUint32 swap4b(PRUint32 value) SHA_STORE(3); \ SHA_STORE(4); \ } else { \ + PRUint32 tmpbuf[5]; \ tmpbuf[0] = SHA_HTONL(ctx->H[0]); \ tmpbuf[1] = SHA_HTONL(ctx->H[1]); \ tmpbuf[2] = SHA_HTONL(ctx->H[2]); \ diff --git a/lib/freebl/stubs.c b/lib/freebl/stubs.c index 1de9b4971..993d01e18 100644 --- a/lib/freebl/stubs.c +++ b/lib/freebl/stubs.c @@ -324,7 +324,7 @@ extern PROffset32 PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence) { int *lfd; - int lwhence = SEEK_SET;; + int lwhence = SEEK_SET; STUB_SAFE_CALL3(PR_Seek, fd, offset, whence); lfd = (int *)fd; switch (whence) { @@ -334,6 +334,8 @@ PR_Seek_stub(PRFileDesc *fd, PROffset32 offset, PRSeekWhence whence) case PR_SEEK_END: lwhence = SEEK_END; break; + case PR_SEEK_SET: + break; } return lseek(*lfd, offset, lwhence); diff --git a/lib/jar/jarfile.c b/lib/jar/jarfile.c index a604f19cd..3346dbec0 100644 --- a/lib/jar/jarfile.c +++ b/lib/jar/jarfile.c @@ -36,11 +36,12 @@ jar_inflate_memory(unsigned int method, long *length, long expected_out_len, char **data); static int -jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length); +jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length); static int -jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, - unsigned int method); +jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length, unsigned int method); static int jar_verify_extract(JAR *jar, char *path, char *physical_path); @@ -74,6 +75,10 @@ static int dostime(char *time, const char *s); #ifdef NSS_X86_OR_X64 +/* The following macros throw up warnings. */ +#ifdef __GNUC__ +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif #define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii))) #define x86LongToUint32(ii) (*(const PRUint32 *)(ii)) #else @@ -241,7 +246,8 @@ JAR_extract(JAR *jar, char *path, char *outpath) #define CHUNK 32768 static int -jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) +jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length) { JAR_FILE out; char *buffer = (char *)PORT_ZAlloc(CHUNK); @@ -251,7 +257,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) return JAR_ERR_MEMORY; if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - long at = 0; + unsigned long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { @@ -289,7 +295,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) #define OCHUNK 32768 static int -jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, +jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned long length, unsigned int method) { char *inbuf, *outbuf; @@ -315,11 +321,11 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, } if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - long at = 0; + unsigned long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { - long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; + unsigned long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; unsigned long tin; if (JAR_FREAD (fp, inbuf, chunk) != chunk) { @@ -353,7 +359,7 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, return JAR_ERR_CORRUPT; } ochunk = zs.total_out - prev_total; - if (JAR_FWRITE (out, outbuf, ochunk) < ochunk) { + if (JAR_FWRITE (out, outbuf, ochunk) < (long)ochunk) { /* most likely a disk full error */ status = JAR_ERR_DISK; break; @@ -820,8 +826,7 @@ jar_listtar(JAR *jar, JAR_FILE fp) char *s; JAR_Physical *phy; long pos = 0L; - long sz, mode; - time_t when; + long sz; union TarEntry tarball; while (1) { @@ -833,9 +838,7 @@ jar_listtar(JAR *jar, JAR_FILE fp) if (!*tarball.val.filename) break; - when = octalToLong (tarball.val.time); sz = octalToLong (tarball.val.size); - mode = octalToLong (tarball.val.mode); /* Tag the end of filename */ s = tarball.val.filename; diff --git a/lib/jar/jarsign.c b/lib/jar/jarsign.c index 9d05d9b5b..f0299b1ce 100644 --- a/lib/jar/jarsign.c +++ b/lib/jar/jarsign.c @@ -171,7 +171,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, { SEC_PKCS7ContentInfo *cinfo; const SECHashObject *hashObj; - char *errstring; void *mw = NULL; void *hashcx; unsigned int len; @@ -231,7 +230,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, status = PORT_GetError(); SEC_PKCS7DestroyContentInfo (cinfo); if (rv != SECSuccess) { - errstring = JAR_get_error (status); return ((status < 0) ? status : JAR_ERR_GENERAL); } return 0; diff --git a/lib/libpkix/include/pkix_certstore.h b/lib/libpkix/include/pkix_certstore.h index 2feb3334d..fb705644e 100755 --- a/lib/libpkix/include/pkix_certstore.h +++ b/lib/libpkix/include/pkix_certstore.h @@ -10,6 +10,7 @@ #define _PKIX_CERTSTORE_H #include "pkixt.h" +#include "certt.h" #ifdef __cplusplus extern "C" { @@ -327,7 +328,7 @@ typedef PKIX_Error * PKIX_PL_Cert *issuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, PKIX_RevocationStatus *revStatus, void *plContext); diff --git a/lib/libpkix/pkix/checker/pkix_crlchecker.c b/lib/libpkix/pkix/checker/pkix_crlchecker.c index c77ac8ef1..d6f5b6bcc 100644 --- a/lib/libpkix/pkix/checker/pkix_crlchecker.c +++ b/lib/libpkix/pkix/checker/pkix_crlchecker.c @@ -195,7 +195,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void *plContext) { PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn; @@ -294,7 +294,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/lib/libpkix/pkix/checker/pkix_crlchecker.h b/lib/libpkix/pkix/checker/pkix_crlchecker.h index d7213aadb..35f1a4745 100644 --- a/lib/libpkix/pkix/checker/pkix_crlchecker.h +++ b/lib/libpkix/pkix/checker/pkix_crlchecker.h @@ -31,7 +31,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); PKIX_Error * @@ -43,7 +43,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); diff --git a/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/lib/libpkix/pkix/checker/pkix_ocspchecker.c index 481aa52b5..b6fca9a35 100644 --- a/lib/libpkix/pkix/checker/pkix_ocspchecker.c +++ b/lib/libpkix/pkix/checker/pkix_ocspchecker.c @@ -147,7 +147,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void *plContext) { PKIX_PL_OcspCertID *cid = NULL; @@ -222,7 +222,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/lib/libpkix/pkix/checker/pkix_ocspchecker.h index 547b403b4..fbec315f9 100644 --- a/lib/libpkix/pkix/checker/pkix_ocspchecker.h +++ b/lib/libpkix/pkix/checker/pkix_ocspchecker.h @@ -30,7 +30,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); PKIX_Error * @@ -42,7 +42,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); diff --git a/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/lib/libpkix/pkix/checker/pkix_revocationchecker.c index ebe37739f..7bed9b886 100755 --- a/lib/libpkix/pkix/checker/pkix_revocationchecker.c +++ b/lib/libpkix/pkix/checker/pkix_revocationchecker.c @@ -349,7 +349,7 @@ PKIX_RevocationChecker_Check( * first we are going to test all local(cached) info * second, all remote info(fetching) */ for (tries = 0;tries < 2;tries++) { - int methodNum = 0; + unsigned int methodNum = 0; for (;methodNum < revList->length;methodNum++) { PKIX_UInt32 methodFlags = 0; @@ -372,7 +372,8 @@ PKIX_RevocationChecker_Check( methodFlags, chainVerificationState, &revStatus, - pReasonCode, plContext), + (CERTCRLEntryReasonCode *)pReasonCode, + plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; if (revStatus == PKIX_RevStatus_Revoked) { @@ -397,7 +398,8 @@ PKIX_RevocationChecker_Check( (*method->externalRevChecker)(cert, issuer, date, method, procParams, methodFlags, - &revStatus, pReasonCode, + &revStatus, + (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; diff --git a/lib/libpkix/pkix/checker/pkix_revocationchecker.h b/lib/libpkix/pkix/checker/pkix_revocationchecker.h index 80d9eeaa2..20dfe3778 100755 --- a/lib/libpkix/pkix/checker/pkix_revocationchecker.h +++ b/lib/libpkix/pkix/checker/pkix_revocationchecker.h @@ -12,6 +12,7 @@ #define _PKIX_REVOCATIONCHECKER_H #include "pkixt.h" +#include "certt.h" #ifdef __cplusplus extern "C" { diff --git a/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/lib/libpkix/pkix/checker/pkix_revocationmethod.h index 193223731..a97c7620a 100644 --- a/lib/libpkix/pkix/checker/pkix_revocationmethod.h +++ b/lib/libpkix/pkix/checker/pkix_revocationmethod.h @@ -31,7 +31,7 @@ pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); /* External revocation check function prototype definition. @@ -44,7 +44,7 @@ pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); /* Revocation method structure assosiates revocation types with diff --git a/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/lib/libpkix/pkix/crlsel/pkix_crlselector.c index 9967af9b8..e9a9c03df 100755 --- a/lib/libpkix/pkix/crlsel/pkix_crlselector.c +++ b/lib/libpkix/pkix/crlsel/pkix_crlselector.c @@ -190,7 +190,7 @@ pkix_CRLSelector_Hashcode( PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + + hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) + (contextHash << 3)) + paramsHash; *pHashcode = hash; diff --git a/lib/libpkix/pkix/results/pkix_policynode.c b/lib/libpkix/pkix/results/pkix_policynode.c index 91d8a74b6..fd8cee982 100755 --- a/lib/libpkix/pkix/results/pkix_policynode.c +++ b/lib/libpkix/pkix/results/pkix_policynode.c @@ -824,7 +824,7 @@ pkix_PolicyNode_Hashcode( (node, &nodeHash, plContext), PKIX_SINGLEPOLICYNODEHASHCODEFAILED); - nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent); + nodeHash = 31*nodeHash + (PKIX_UInt32)((char *)node->parent - (char *)NULL); PKIX_HASHCODE (node->children, diff --git a/lib/libpkix/pkix/store/pkix_store.c b/lib/libpkix/pkix/store/pkix_store.c index 31c21ea16..af8be2bb2 100755 --- a/lib/libpkix/pkix/store/pkix_store.c +++ b/lib/libpkix/pkix/store/pkix_store.c @@ -74,11 +74,11 @@ pkix_CertStore_Hashcode( PKIX_CERTSTOREHASHCODEFAILED); } - *pHashcode = (PKIX_UInt32) certStore->certCallback + - (PKIX_UInt32) certStore->crlCallback + - (PKIX_UInt32) certStore->certContinue + - (PKIX_UInt32) certStore->crlContinue + - (PKIX_UInt32) certStore->trustCallback + + *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) + (tempHash << 7); cleanup: diff --git a/lib/libpkix/pkix/top/pkix_build.c b/lib/libpkix/pkix/top/pkix_build.c index 9ca307e43..94515785b 100755 --- a/lib/libpkix/pkix/top/pkix_build.c +++ b/lib/libpkix/pkix/top/pkix_build.c @@ -1526,7 +1526,7 @@ pkix_Build_SelectCertsFromTrustAnchors( PKIX_List **pMatchList, void *plContext) { - int anchorIndex = 0; + unsigned int anchorIndex = 0; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_List *matchList = NULL; diff --git a/lib/libpkix/pkix/util/pkix_error.c b/lib/libpkix/pkix/util/pkix_error.c index e6fba866a..9d730ca16 100755 --- a/lib/libpkix/pkix/util/pkix_error.c +++ b/lib/libpkix/pkix/util/pkix_error.c @@ -325,7 +325,7 @@ pkix_Error_Hashcode( /* XXX Unimplemented */ /* XXX Need to make hashcodes equal when two errors are equal */ - *pResult = (PKIX_UInt32)object; + *pResult = (PKIX_UInt32)((char *)object - (char *)NULL); PKIX_RETURN(ERROR); } diff --git a/lib/libpkix/pkix/util/pkix_logger.c b/lib/libpkix/pkix/util/pkix_logger.c index cfd870def..a916e6e4f 100644 --- a/lib/libpkix/pkix/util/pkix_logger.c +++ b/lib/libpkix/pkix/util/pkix_logger.c @@ -492,7 +492,7 @@ pkix_Logger_Hashcode( PKIX_HASHCODE(logger->context, &tempHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) + + hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) + logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent; *pHashcode = hash; diff --git a/lib/libpkix/pkix/util/pkix_tools.h b/lib/libpkix/pkix/util/pkix_tools.h index fe6ce6346..1a4689da7 100755 --- a/lib/libpkix/pkix/util/pkix_tools.h +++ b/lib/libpkix/pkix/util/pkix_tools.h @@ -1437,8 +1437,8 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key); typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry; struct pkix_ClassTable_EntryStruct { char *description; - PKIX_Int32 objCounter; - PKIX_Int32 typeObjectSize; + PKIX_UInt32 objCounter; + PKIX_UInt32 typeObjectSize; PKIX_PL_DestructorCallback destructor; PKIX_PL_EqualsCallback equalsFunction; PKIX_PL_HashcodeCallback hashcodeFunction; diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c index d459a4a7b..9954f0ca6 100644 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c @@ -265,7 +265,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( contentLength = /* Try to reserve 4K+ buffer */ client->filledupBytes + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && - contentLength > client->maxResponseLen) { + contentLength > (PKIX_Int32)client->maxResponseLen) { if (client->filledupBytes < client->maxResponseLen) { contentLength = client->maxResponseLen; } else { @@ -282,7 +282,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( default: client->rcv_http_data_len = contentLength; if (client->maxResponseLen > 0 && - client->maxResponseLen < contentLength) { + (PKIX_Int32)client->maxResponseLen < contentLength) { client->connectStatus = HTTP_ERROR; goto cleanup; } @@ -290,7 +290,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( /* * Do we have all of the message body, or do we need to read some more? */ - if (client->filledupBytes < contentLength) { + if ((PKIX_Int32)client->filledupBytes < contentLength) { client->connectStatus = HTTP_RECV_BODY; *pKeepGoing = PKIX_TRUE; } else { @@ -935,7 +935,7 @@ pkix_pl_HttpDefaultClient_RecvBody( * plus remaining capacity, plus new expansion. */ int currBuffSize = client->capacity; /* Try to increase the buffer by 4K */ - int newLength = currBuffSize + HTTP_DATA_BUFSIZE; + unsigned int newLength = currBuffSize + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && newLength > client->maxResponseLen) { newLength = client->maxResponseLen; @@ -1480,8 +1480,6 @@ pkix_pl_HttpDefaultClient_Cancel( SEC_HTTP_REQUEST_SESSION request, void *plContext) { - PKIX_PL_HttpDefaultClient *client = NULL; - PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel"); PKIX_NULLCHECK_ONE(request); @@ -1491,8 +1489,6 @@ pkix_pl_HttpDefaultClient_Cancel( plContext), PKIX_REQUESTNOTANHTTPDEFAULTCLIENT); - client = (PKIX_PL_HttpDefaultClient *)request; - /* XXX Not implemented */ cleanup: diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c index 51ffce97c..4546e339a 100644 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c @@ -263,16 +263,12 @@ pkix_pl_LdapRequest_Destroy( PKIX_PL_Object *object, void *plContext) { - PKIX_PL_LdapRequest *ldapRq = NULL; - PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy"); PKIX_NULLCHECK_ONE(object); PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext), PKIX_OBJECTNOTLDAPREQUEST); - ldapRq = (PKIX_PL_LdapRequest *)object; - /* * All dynamic fields in an LDAPRequest are allocated * in an arena, and will be freed when the arena is destroyed. diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c index 078862c8b..7de614ea6 100755 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c @@ -379,14 +379,12 @@ NameCacheHasFetchedCrlInfo(PKIX_PL_Cert *pkixCert, PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE; PKIX_List *dpList = NULL; pkix_pl_CrlDp *dp = NULL; - CERTCertificate *cert; PKIX_UInt32 dpIndex = 0; SECStatus rv = SECSuccess; PRTime reloadDelay = 0, badCrlInvalDelay = 0; PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl"); - cert = pkixCert->nssCert; reloadDelay = ((PKIX_PL_NssContext*)plContext)->crlReloadDelay * PR_USEC_PER_SEC; @@ -480,7 +478,7 @@ pkix_pl_Pk11CertStore_CheckRevByCrl( PKIX_PL_Cert *pkixIssuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, PKIX_RevocationStatus *pStatus, void *plContext) { @@ -675,7 +673,7 @@ RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date, { NamedCRLCache* nameCrlCache = NULL; pkix_pl_CrlDp *dp = NULL; - int dpIndex = 0; + unsigned int dpIndex = 0; PRTime time; PRTime reloadDelay = 0, badCrlInvalDelay = 0; SECStatus rv; @@ -779,7 +777,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, SECItem *derCrlCopy = NULL; CERTSignedCrl *nssCrl = NULL; CERTGeneralName *genName = NULL; - PKIX_Int32 savedError = -1; SECItem **derGenNames = NULL; SECItem *derGenName = NULL; @@ -799,13 +796,11 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (!derGenName || !genName->name.other.data) { /* get to next name if no data. */ - savedError = PKIX_UNSUPPORTEDCRLDPTYPE; break; } uri = &genName->name.other; location = (char*)PR_Malloc(1 + uri->len); if (!location) { - savedError = PKIX_ALLOCERROR; break; } PORT_Memcpy(location, uri->data, uri->len); @@ -813,7 +808,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (CERT_ParseURL(location, &hostname, &port, &path) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); - savedError = PKIX_URLPARSINGFAILED; break; } @@ -823,7 +817,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if ((*hcv1->createSessionFcn)(hostname, port, &pServerSession) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); - savedError = PKIX_URLPARSINGFAILED; break; } @@ -835,7 +828,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, PR_SecondsToInterval( ((PKIX_PL_NssContext*)plContext)->timeoutSeconds), &pRequestSession) != SECSuccess) { - savedError = PKIX_HTTPSERVERERROR; break; } @@ -858,12 +850,10 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, NULL, &myHttpResponseData, &myHttpResponseDataLen) != SECSuccess) { - savedError = PKIX_HTTPSERVERERROR; break; } if (myHttpResponseCode != 200) { - savedError = PKIX_HTTPSERVERERROR; break; } } while(0); diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c index 2afd680c6..6bd0a3a09 100644 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c @@ -62,7 +62,12 @@ static PKIX_Boolean socketTraceFlag = PKIX_FALSE; static void pkix_pl_socket_timestamp() { PRInt64 prTime; prTime = PR_Now(); +/* We shouldn't use PR_ALTERNATE_INT64_TYPEDEF, but nor can we use PRId64 */ +#if PR_BYTES_PER_LONG == 8 && !defined(PR_ALTERNATE_INT64_TYPEDEF) + printf("%ld:\n", prTime); +#else printf("%lld:\n", prTime); +#endif } /* @@ -140,7 +145,7 @@ static void pkix_pl_socket_linePrefix(PKIX_UInt32 addr) { */ static void pkix_pl_socket_traceLine(char *ptr) { PKIX_UInt32 i = 0; - pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); for (i = 0; i < 16; i++) { printf(" "); pkix_pl_socket_hexDigit(ptr[i]); @@ -184,7 +189,7 @@ static void pkix_pl_socket_traceLine(char *ptr) { static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) { PKIX_UInt32 i = 0; if (nBytes > 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); } for (i = 0; i < nBytes; i++) { printf(" "); @@ -243,7 +248,7 @@ void pkix_pl_socket_tracebuff(void *buf, PKIX_UInt32 nBytes) { * Special case: if called with length of zero, just do address */ if (nBytes == 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)buf); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)buf - (char *)NULL)); printf("\n"); } else { while (bytesRemaining >= 16) { diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index 2036f5c9f..fa8f1851e 100644 --- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -1515,7 +1515,6 @@ PKIX_PL_Cert_Create( SECItem *derCertItem = NULL; void *derBytes = NULL; PKIX_UInt32 derLength; - PKIX_Boolean copyDER; PKIX_PL_Cert *cert = NULL; CERTCertDBHandle *handle; @@ -1542,7 +1541,6 @@ PKIX_PL_Cert_Create( * allowing us to free our copy without worrying about whether NSS * is still using it */ - copyDER = PKIX_TRUE; handle = CERT_GetDefaultCertDB(); nssCert = CERT_NewTempCertificate(handle, derCertItem, /* nickname */ NULL, diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c index 0f6d78333..b83db357a 100644 --- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c +++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c @@ -351,7 +351,7 @@ pkix_pl_CRL_ToString_Helper( void *plContext) { char *asciiFormat = NULL; - PKIX_UInt32 crlVersion; + PKIX_UInt32 crlVersion = 0; PKIX_PL_X500Name *crlIssuer = NULL; PKIX_PL_OID *nssSignatureAlgId = NULL; PKIX_PL_BigInt *crlNumber = NULL; diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c index 6bc74b611..338eb1c01 100755 --- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c +++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c @@ -73,7 +73,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable) PKIX_UInt32 pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable) { - int typeCounter = 0; + unsigned int typeCounter = 0; PKIX_UInt32 numObjects = 0; char classNameBuff[128]; char *className = NULL; @@ -245,7 +245,9 @@ cleanup: PKIX_Error * PKIX_PL_Shutdown(void *plContext) { +#ifdef DEBUG PKIX_UInt32 numLeakedObjects = 0; +#endif PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown"); @@ -258,10 +260,14 @@ PKIX_PL_Shutdown(void *plContext) pkix_pl_HttpCertStore_Shutdown(plContext); +#ifdef DEBUG numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL); if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { PORT_Assert(numLeakedObjects == 0); } +#else + pkix_pl_lifecycle_ObjectLeakCheck(NULL); +#endif if (plContext != NULL) { PKIX_PL_NssContext_Destroy(plContext); diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c index 881a1ed54..9a33fd5e5 100755 --- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c +++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c @@ -371,7 +371,7 @@ pkix_pl_Object_Hashcode_Default( PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default"); PKIX_NULLCHECK_TWO(object, pValue); - *pValue = (PKIX_UInt32)object; + *pValue = (PKIX_UInt32)((char *)object - (char *)NULL); PKIX_RETURN(OBJECT); } diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c index 3966c35e2..b22f9151e 100644 --- a/lib/nss/nssinit.c +++ b/lib/nss/nssinit.c @@ -491,10 +491,6 @@ struct NSSInitContextStr { #define NSS_INIT_MAGIC 0x1413A91C static SECStatus nss_InitShutdownList(void); -#ifdef DEBUG -static CERTCertificate dummyCert; -#endif - /* All initialized to zero in BSS */ static PRCallOnceType nssInitOnce; static PZLock *nssInitLock; @@ -571,8 +567,11 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, * functions */ if (!isReallyInitted) { +#ifdef DEBUG + CERTCertificate dummyCert; /* New option bits must not change the size of CERTCertificate. */ PORT_Assert(sizeof(dummyCert.options) == sizeof(void *)); +#endif if (SECSuccess != cert_InitLocks()) { goto loser; @@ -1246,9 +1245,8 @@ NSS_VersionCheck(const char *importedVersion) */ int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0; const char *ptr = importedVersion; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_base_version[0]; +#define NSS_VERSION_VARIABLE __nss_base_version +#include "verref.h" while (isdigit(*ptr)) { vmajor = 10 * vmajor + *ptr - '0'; diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c index 1bf8a7f50..dbf6b9614 100644 --- a/lib/pk11wrap/pk11cert.c +++ b/lib/pk11wrap/pk11cert.c @@ -143,6 +143,8 @@ PK11_IsUserCert(PK11SlotInfo *slot, CERTCertificate *cert, PK11_SETATTRS(&theTemplate,0,NULL,0); switch (pubKey->keyType) { case rsaKey: + case rsaPssKey: + case rsaOaepKey: PK11_SETATTRS(&theTemplate,CKA_MODULUS, pubKey->u.rsa.modulus.data, pubKey->u.rsa.modulus.len); break; @@ -228,7 +230,6 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, nssPKIObject *pkio; NSSToken *token; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); - PRStatus status; /* Get the cryptoki object from the handle */ token = PK11Slot_GetNSSToken(slot); @@ -278,7 +279,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, * different NSSCertificate that it found in the cache. * Presumably, the nickname which we just output above remains valid. :) */ - status = nssTrustDomain_AddCertsToCache(td, &c, 1); + (void)nssTrustDomain_AddCertsToCache(td, &c, 1); return STAN_GetCERTCertificateOrRelease(c); } @@ -2005,7 +2006,6 @@ SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, SECStatus(* callback)(CERTCertificate*, void *), void *arg) { - struct nss3_cert_cbstr pk11cb; PRStatus nssrv = PR_SUCCESS; NSSToken *token; NSSTrustDomain *td; @@ -2016,8 +2016,6 @@ PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, NSSCertificate **certs; nssList *nameList = NULL; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - pk11cb.callback = callback; - pk11cb.arg = arg; token = PK11Slot_GetNSSToken(slot); if (!nssToken_IsPresent(token)) { return SECSuccess; @@ -2700,7 +2698,8 @@ __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) { /* Can't set nickname of temp cert. */ if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { - return SEC_ERROR_INVALID_ARGS; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); } diff --git a/lib/pk11wrap/pk11load.c b/lib/pk11wrap/pk11load.c index 6700180ad..e3ba1226e 100644 --- a/lib/pk11wrap/pk11load.c +++ b/lib/pk11wrap/pk11load.c @@ -589,8 +589,12 @@ SECMOD_UnloadModule(SECMODModule *mod) { if (softokenLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { +#ifdef DEBUG PRStatus status = PR_UnloadLibrary(softokenLib); PORT_Assert(PR_SUCCESS == status); +#else + PR_UnloadLibrary(softokenLib); +#endif } softokenLib = NULL; } diff --git a/lib/pk11wrap/pk11merge.c b/lib/pk11wrap/pk11merge.c index ad9b1fda6..187e2e1f6 100644 --- a/lib/pk11wrap/pk11merge.c +++ b/lib/pk11wrap/pk11merge.c @@ -750,8 +750,7 @@ pk11_mergeCert(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, CK_ATTRIBUTE sourceCKAID = {CKA_ID, NULL, 0}; CK_ATTRIBUTE targetCKAID = {CKA_ID, NULL, 0}; SECStatus lrv = SECSuccess; - int error; - + int error = SEC_ERROR_LIBRARY_FAILURE; sourceCert = PK11_MakeCertFromHandle(sourceSlot, id, NULL); if (sourceCert == NULL) { diff --git a/lib/pk11wrap/pk11obj.c b/lib/pk11wrap/pk11obj.c index 708029481..e09d22768 100644 --- a/lib/pk11wrap/pk11obj.c +++ b/lib/pk11wrap/pk11obj.c @@ -1781,7 +1781,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]); /* if you change the array, change the variable below as well */ CK_OBJECT_HANDLE peerID; - CK_OBJECT_HANDLE parent; PLArenaPool *arena; CK_RV crv; @@ -1810,7 +1809,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, /* * issue the find */ - parent = *(CK_OBJECT_CLASS *)(keyclass->pValue); *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass; peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize); diff --git a/lib/pk11wrap/pk11pk12.c b/lib/pk11wrap/pk11pk12.c index 471e57b33..2152a41e7 100644 --- a/lib/pk11wrap/pk11pk12.c +++ b/lib/pk11wrap/pk11pk12.c @@ -422,7 +422,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk, void *wincx) { - CK_KEY_TYPE keyType = CKK_RSA; SECStatus rv = SECFailure; SECKEYRawPrivateKey *lpk = NULL; const SEC_ASN1Template *keyTemplate, *paramTemplate; @@ -449,7 +448,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = rsaKey; - keyType = CKK_RSA; break; case SEC_OID_ANSIX9_DSA_SIGNATURE: prepare_dsa_priv_key_export_for_asn1(lpk); @@ -457,7 +455,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = SECKEY_PQGParamsTemplate; paramDest = &(lpk->u.dsa.params); lpk->keyType = dsaKey; - keyType = CKK_DSA; break; case SEC_OID_X942_DIFFIE_HELMAN_KEY: if(!publicValue) { @@ -468,7 +465,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = dhKey; - keyType = CKK_DH; break; default: diff --git a/lib/pk11wrap/pk11skey.c b/lib/pk11wrap/pk11skey.c index 4c5b9f16a..20d9eaad9 100644 --- a/lib/pk11wrap/pk11skey.c +++ b/lib/pk11wrap/pk11skey.c @@ -1821,6 +1821,8 @@ PK11_PubDerive(SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey, switch (privKey->keyType) { case rsaKey: + case rsaPssKey: + case rsaOaepKey: case nullKey: PORT_SetError(SEC_ERROR_BAD_KEY); break; diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c index 1f6597b5e..044956fe4 100644 --- a/lib/pk11wrap/pk11slot.c +++ b/lib/pk11wrap/pk11slot.c @@ -555,10 +555,10 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName, break; } if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) && - ( (!tokenName) || (tmpSlot->token_name && - (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) && - ( (!slotName) || (tmpSlot->slot_name && - (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) { + ( (!tokenName) || + (0==PORT_Strcmp(tmpSlot->token_name, tokenName)) ) && + ( (!slotName) || + (0==PORT_Strcmp(tmpSlot->slot_name, slotName)) ) ) { if (tmpSlot) { PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE); slotcount++; @@ -1105,7 +1105,6 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) { CK_TOKEN_INFO tokenInfo; CK_RV crv; - char *tmp; SECStatus rv; PRStatus status; @@ -1139,8 +1138,8 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) if (slot->isActiveCard) { slot->protectedAuthPath = PR_FALSE; } - tmp = PK11_MakeString(NULL,slot->token_name, - (char *)tokenInfo.label, sizeof(tokenInfo.label)); + (void)PK11_MakeString(NULL,slot->token_name, + (char *)tokenInfo.label, sizeof(tokenInfo.label)); slot->minPassword = tokenInfo.ulMinPinLen; slot->maxPassword = tokenInfo.ulMaxPinLen; PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial)); @@ -1349,7 +1348,6 @@ void PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) { SECStatus rv; - char *tmp; CK_SLOT_INFO slotInfo; slot->functionList = mod->functionList; @@ -1371,7 +1369,7 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) * works because modules keep implicit references * from their slots, and won't unload and disappear * until all their slots have been freed */ - tmp = PK11_MakeString(NULL,slot->slot_name, + (void)PK11_MakeString(NULL,slot->slot_name, (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); #define ACTIVE_CARD "ActivCard SA" @@ -2052,7 +2050,7 @@ PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type, PK11SlotInfo *slot = NULL; PRBool freeit = PR_FALSE; PRBool listNeedLogin = PR_FALSE; - int i; + unsigned int i; SECStatus rv; list = PK11_GetSlotList(type[0]); diff --git a/lib/pkcs12/p12d.c b/lib/pkcs12/p12d.c index 6a3a38c94..51bf0f7f5 100644 --- a/lib/pkcs12/p12d.c +++ b/lib/pkcs12/p12d.c @@ -2810,7 +2810,7 @@ SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, return SECFailure; } - for (i = 0; safeBag = p12dcx->safeBags[i]; i++) { + for (i = 0; (safeBag = p12dcx->safeBags[i]); i++) { SECItem *newNickname = NULL; SECItem *defaultNickname = NULL; SECStatus rename_rv; diff --git a/lib/pkcs12/p12e.c b/lib/pkcs12/p12e.c index 5584407f8..766938490 100644 --- a/lib/pkcs12/p12e.c +++ b/lib/pkcs12/p12e.c @@ -695,7 +695,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, void *bagData) { sec_PKCS12SafeBag *safeBag; - PRBool setName = PR_TRUE; void *mark = NULL; SECStatus rv = SECSuccess; SECOidData *oidData = NULL; @@ -740,7 +739,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID: safeBag->safeBagContent.safeContents = (sec_PKCS12SafeContents *)bagData; - setName = PR_FALSE; break; default: goto loser; @@ -1532,8 +1530,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) * it is confirmed that integrity must be in place */ if(p12exp->integrityEnabled && !p12exp->pwdIntegrity) { - SECStatus rv; - /* create public key integrity mode */ p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData( p12exp->integrityInfo.pubkeyInfo.cert, @@ -1549,8 +1545,7 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) if(SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo,NULL) != SECSuccess) { goto loser; } - rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo)); } else { p12enc->aSafeCinfo = SEC_PKCS7CreateData(); diff --git a/lib/pkcs7/p7decode.c b/lib/pkcs7/p7decode.c index 80689544e..7a52d8203 100644 --- a/lib/pkcs7/p7decode.c +++ b/lib/pkcs7/p7decode.c @@ -1290,7 +1290,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, const SECItem *digest; SECItem **digests; SECItem **rawcerts; - CERTSignedCrl **crls; SEC_PKCS7SignerInfo **signerinfos, *signerinfo; CERTCertificate *cert, **certs; PRBool goodsig; @@ -1340,7 +1339,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = sdp->digestAlgorithms; digests = sdp->digests; rawcerts = sdp->rawCerts; - crls = sdp->crls; signerinfos = sdp->signerInfos; content_type = &(sdp->contentInfo.contentType); sigkey = NULL; @@ -1355,7 +1353,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = saedp->digestAlgorithms; digests = saedp->digests; rawcerts = saedp->rawCerts; - crls = saedp->crls; signerinfos = saedp->signerInfos; content_type = &(saedp->encContentInfo.contentType); sigkey = saedp->sigKey; diff --git a/lib/pkcs7/p7encode.c b/lib/pkcs7/p7encode.c index 99b68ee51..349bc8461 100644 --- a/lib/pkcs7/p7encode.c +++ b/lib/pkcs7/p7encode.c @@ -59,13 +59,10 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, SECKEYPublicKey *publickey = NULL; SECKEYPrivateKey *ourPrivKey = NULL; PK11SymKey *bulkkey; - void *mark, *wincx; + void *mark; int i; PLArenaPool *arena = NULL; - /* Get the context in case we need it below. */ - wincx = cinfo->pwfn_arg; - kind = SEC_PKCS7ContentType (cinfo); switch (kind) { default: diff --git a/lib/pkcs7/p7local.c b/lib/pkcs7/p7local.c index 6a7af1f80..8c5e0bfa5 100644 --- a/lib/pkcs7/p7local.c +++ b/lib/pkcs7/p7local.c @@ -397,7 +397,7 @@ sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - int blocks, bsize, pcount, padsize; + unsigned int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/lib/pki/certificate.c b/lib/pki/certificate.c index ed6145a55..fdf147c9e 100644 --- a/lib/pki/certificate.c +++ b/lib/pki/certificate.c @@ -895,7 +895,6 @@ nssCertificateList_DoCallback ( { nssListIterator *certs; NSSCertificate *cert; - PRStatus nssrv; certs = nssList_CreateIterator(certList); if (!certs) { return PR_FAILURE; @@ -904,7 +903,7 @@ nssCertificateList_DoCallback ( cert != (NSSCertificate *)NULL; cert = (NSSCertificate *)nssListIterator_Next(certs)) { - nssrv = (*callback)(cert, arg); + (void)(*callback)(cert, arg); } nssListIterator_Finish(certs); nssListIterator_Destroy(certs); diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c index 953d73800..a415ace4c 100644 --- a/lib/pki/pki3hack.c +++ b/lib/pki/pki3hack.c @@ -1272,7 +1272,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) { int numNotDestroyed = 0; /* the ones skipped plus the failures */ int failureCount = 0; /* actual deletion failures by devices */ - int index; + unsigned int index; nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); @@ -1327,7 +1327,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) /* caller made sure nssTrust isn't NULL */ nssPKIObject *tobject = &nssTrust->object; nssPKIObject *cobject = &c->object; - int i; + unsigned int i; /* Iterate through the cert and trust object instances looking for * those with matching pk11 slots to delete. Even if some device diff --git a/lib/pki/pkibase.c b/lib/pki/pkibase.c index 083b9b66a..c86e5bb42 100644 --- a/lib/pki/pkibase.c +++ b/lib/pki/pkibase.c @@ -903,7 +903,6 @@ nssPKIObjectCollection_Traverse ( nssPKIObjectCallback *callback ) { - PRStatus status; PRCList *link = PR_NEXT_LINK(&collection->head); pkiObjectCollectionNode *node; while (link != &collection->head) { @@ -920,19 +919,19 @@ nssPKIObjectCollection_Traverse ( } switch (collection->objectType) { case pkiObjectType_Certificate: - status = (*callback->func.cert)((NSSCertificate *)node->object, + (void)(*callback->func.cert)((NSSCertificate *)node->object, callback->arg); break; case pkiObjectType_CRL: - status = (*callback->func.crl)((NSSCRL *)node->object, + (void)(*callback->func.crl)((NSSCRL *)node->object, callback->arg); break; case pkiObjectType_PrivateKey: - status = (*callback->func.pvkey)((NSSPrivateKey *)node->object, + (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object, callback->arg); break; case pkiObjectType_PublicKey: - status = (*callback->func.pbkey)((NSSPublicKey *)node->object, + (void)(*callback->func.pbkey)((NSSPublicKey *)node->object, callback->arg); break; } @@ -1057,7 +1056,6 @@ nssCertificateCollection_Create ( NSSCertificate **certsOpt ) { - PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor); collection->objectType = pkiObjectType_Certificate; @@ -1068,7 +1066,7 @@ nssCertificateCollection_Create ( if (certsOpt) { for (; *certsOpt; certsOpt++) { nssPKIObject *object = (nssPKIObject *)(*certsOpt); - status = nssPKIObjectCollection_AddObject(collection, object); + (void)nssPKIObjectCollection_AddObject(collection, object); } } return collection; @@ -1164,7 +1162,6 @@ nssCRLCollection_Create ( NSSCRL **crlsOpt ) { - PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock); collection->objectType = pkiObjectType_CRL; @@ -1175,7 +1172,7 @@ nssCRLCollection_Create ( if (crlsOpt) { for (; *crlsOpt; crlsOpt++) { nssPKIObject *object = (nssPKIObject *)(*crlsOpt); - status = nssPKIObjectCollection_AddObject(collection, object); + (void)nssPKIObjectCollection_AddObject(collection, object); } } return collection; diff --git a/lib/pki/tdcache.c b/lib/pki/tdcache.c index 7842189ca..5f9dfdd5c 100644 --- a/lib/pki/tdcache.c +++ b/lib/pki/tdcache.c @@ -329,7 +329,7 @@ nssTrustDomain_RemoveCertFromCacheLOCKED ( nssList *subjectList; cache_entry *ce; NSSArena *arena; - NSSUTF8 *nickname; + NSSUTF8 *nickname = NULL; #ifdef DEBUG_CACHE log_cert_ref("attempt to remove cert", cert); @@ -776,14 +776,18 @@ add_cert_to_cache ( added++; /* If a new subject entry was created, also need nickname and/or email */ if (subjectList != NULL) { +#ifdef nodef PRBool handle = PR_FALSE; +#endif if (certNickname) { nssrv = add_nickname_entry(arena, td->cache, certNickname, subjectList); if (nssrv != PR_SUCCESS) { goto loser; } +#ifdef nodef handle = PR_TRUE; +#endif added++; } if (cert->email) { @@ -791,7 +795,9 @@ add_cert_to_cache ( if (nssrv != PR_SUCCESS) { goto loser; } +#ifdef nodef handle = PR_TRUE; +#endif added += 2; } #ifdef nodef diff --git a/lib/pki/trustdomain.c b/lib/pki/trustdomain.c index a3d26a88d..90e8f268d 100644 --- a/lib/pki/trustdomain.c +++ b/lib/pki/trustdomain.c @@ -991,7 +991,6 @@ NSSTrustDomain_TraverseCertificates ( void *arg ) { - PRStatus status = PR_FAILURE; NSSToken *token = NULL; NSSSlot **slots = NULL; NSSSlot **slotp; @@ -1028,7 +1027,7 @@ NSSTrustDomain_TraverseCertificates ( session = nssTrustDomain_GetSessionForToken(td, token); if (session) { /* perform the traversal */ - status = nssToken_TraverseCertificates(token, + (void)nssToken_TraverseCertificates(token, session, tokenOnly, collector, @@ -1041,7 +1040,7 @@ NSSTrustDomain_TraverseCertificates ( /* Traverse the collection */ pkiCallback.func.cert = callback; pkiCallback.arg = arg; - status = nssPKIObjectCollection_Traverse(collection, &pkiCallback); + (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback); loser: if (slots) { nssSlotArray_Destroy(slots); diff --git a/lib/smime/cmsasn1.c b/lib/smime/cmsasn1.c index 4519363b9..b09a2e18c 100644 --- a/lib/smime/cmsasn1.c +++ b/lib/smime/cmsasn1.c @@ -51,10 +51,6 @@ const SEC_ASN1Template NSSCMSMessageTemplate[] = { { 0 } }; -static const SEC_ASN1Template NSS_PointerToCMSMessageTemplate[] = { - { SEC_ASN1_POINTER, 0, NSSCMSMessageTemplate } -}; - /* ----------------------------------------------------------------------------- * ENCAPSULATED & ENCRYPTED CONTENTINFO * (both use a NSSCMSContentInfo) diff --git a/lib/smime/cmscipher.c b/lib/smime/cmscipher.c index 16d643615..958d4e473 100644 --- a/lib/smime/cmscipher.c +++ b/lib/smime/cmscipher.c @@ -366,7 +366,7 @@ NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - int blocks, bsize, pcount, padsize; + unsigned int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/lib/smime/cmsencode.c b/lib/smime/cmsencode.c index 651f0865a..3025740b5 100644 --- a/lib/smime/cmsencode.c +++ b/lib/smime/cmsencode.c @@ -122,7 +122,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) NSSCMSEncoderContext *p7ecx; NSSCMSContentInfo *rootcinfo, *cinfo; PRBool after = !before; - PLArenaPool *poolp; SECOidTag childtype; SECItem *item; @@ -130,7 +129,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) PORT_Assert(p7ecx != NULL); rootcinfo = &(p7ecx->cmsg->contentInfo); - poolp = p7ecx->cmsg->poolp; #ifdef CMSDEBUG fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth); @@ -201,12 +199,9 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx) SECStatus rv; SECOidTag childtype; NSSCMSContentInfo *cinfo; - PLArenaPool *poolp; NSSCMSEncoderContext *childp7ecx; const SEC_ASN1Template *template; - poolp = p7ecx->cmsg->poolp; - /* call _Encode_BeforeData handlers */ switch (p7ecx->type) { case SEC_OID_PKCS7_SIGNED_DATA: diff --git a/lib/smime/cmsrecinfo.c b/lib/smime/cmsrecinfo.c index 5e08870b2..abc22542c 100644 --- a/lib/smime/cmsrecinfo.c +++ b/lib/smime/cmsrecinfo.c @@ -526,7 +526,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag) { PK11SymKey *bulkkey = NULL; - SECAlgorithmID *encalg; SECOidTag encalgtag; SECItem *enckey; int error; @@ -536,7 +535,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, switch (ri->recipientInfoType) { case NSSCMSRecipientInfoID_KeyTrans: - encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */ switch (encalgtag) { @@ -551,7 +549,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KeyAgree: - encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); switch (encalgtag) { @@ -573,7 +570,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KEK: - encalg = &(ri->ri.kekRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg)); enckey = &(ri->ri.kekRecipientInfo.encKey); /* not supported yet */ diff --git a/lib/smime/cmsudf.c b/lib/smime/cmsudf.c index 13071113e..472b6d663 100644 --- a/lib/smime/cmsudf.c +++ b/lib/smime/cmsudf.c @@ -79,14 +79,14 @@ nss_cmstype_shutdown(void *appData, void *reserved) static PLHashNumber nss_cmstype_hash_key(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } static PRIntn nss_cmstype_compare_keys(const void *v1, const void *v2) { - PLHashNumber value1 = (PLHashNumber) v1; - PLHashNumber value2 = (PLHashNumber) v2; + PLHashNumber value1 = nss_cmstype_hash_key(v1); + PLHashNumber value2 = nss_cmstype_hash_key(v2); return (value1 == value2); } diff --git a/lib/smime/smimeutil.c b/lib/smime/smimeutil.c index fbb61b9c1..84d1960a0 100644 --- a/lib/smime/smimeutil.c +++ b/lib/smime/smimeutil.c @@ -759,6 +759,8 @@ extern const char __nss_smime_version[]; PRBool NSSSMIME_VersionCheck(const char *importedVersion) { +#define NSS_VERSION_VARIABLE __nss_smime_version +#include "verref.h" /* * This is the secret handshake algorithm. * @@ -768,10 +770,6 @@ NSSSMIME_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_smime_version[0]; - return NSS_VersionCheck(importedVersion); } diff --git a/lib/softoken/legacydb/keydb.c b/lib/softoken/legacydb/keydb.c index 085b2be20..c3dd887b0 100644 --- a/lib/softoken/legacydb/keydb.c +++ b/lib/softoken/legacydb/keydb.c @@ -1476,7 +1476,9 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, SECItem *cipherText = NULL; SECItem *dummy = NULL; #ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug = NULL; +#endif int savelen; #endif @@ -1589,9 +1591,11 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, goto loser; } +#ifdef EC_DEBUG fordebug = &(pki->privateKey); SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey", pk->keyType, fordebug); +#endif break; #endif /* NSS_DISABLE_ECC */ @@ -1704,7 +1708,7 @@ seckey_decrypt_private_key(SECItem*epki, SECStatus rv = SECFailure; PLArenaPool *temparena = NULL, *permarena = NULL; SECItem *dest = NULL; -#ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug = NULL; #endif @@ -1817,9 +1821,11 @@ seckey_decrypt_private_key(SECItem*epki, pk->keyType = NSSLOWKEYECKey; lg_prepare_low_ec_priv_key_for_asn1(pk); +#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey", pk->keyType, fordebug); +#endif if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey, &pki->privateKey) ) break; rv = SEC_QuickDERDecodeItem(permarena, pk, @@ -1990,12 +1996,10 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, SECItem *encCheck) { SECOidData *oidData; - SECStatus rv; oidData = SECOID_FindOIDByTag(alg); if ( oidData == NULL ) { - rv = SECFailure; - goto loser; + return SECFailure; } entry->len = 1 + oidData->oid.len + encCheck->len; @@ -2006,7 +2010,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, } if ( entry->data == NULL ) { - goto loser; + return SECFailure; } /* first length of oid */ @@ -2017,10 +2021,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data, encCheck->len); - return(SECSuccess); - -loser: - return(SECFailure); + return SECSuccess; } @@ -2032,7 +2033,6 @@ static SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) { SECStatus rv; - int ret; int errors = 0; if ( handle->db == NULL ) { @@ -2080,7 +2080,7 @@ nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) done: /* sync the database */ - ret = keydb_Sync(handle, 0); + (void)keydb_Sync(handle, 0); db_InitComplete(handle->db); return (errors == 0 ? SECSuccess : SECFailure); @@ -2089,7 +2089,6 @@ done: static int keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2099,7 +2098,7 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2107,7 +2106,6 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret = 0; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2117,7 +2115,7 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2125,7 +2123,6 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2135,7 +2132,7 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) ret = (* db->sync)(db, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2143,7 +2140,6 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) static int keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2153,7 +2149,7 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2161,7 +2157,6 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) static int keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2171,7 +2166,7 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2179,7 +2174,6 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static void keydb_Close(NSSLOWKEYDBHandle *kdb) { - PRStatus prstat; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2188,7 +2182,7 @@ keydb_Close(NSSLOWKEYDBHandle *kdb) (* db->close)(db); - SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock)); + SKIP_AFTER_FORK(PZ_Unlock(kdbLock)); return; } diff --git a/lib/softoken/legacydb/lgattr.c b/lib/softoken/legacydb/lgattr.c index 00a0a746d..7c80c568e 100644 --- a/lib/softoken/legacydb/lgattr.c +++ b/lib/softoken/legacydb/lgattr.c @@ -210,8 +210,6 @@ static const CK_ATTRIBUTE lg_StaticFalseAttr = LG_DEF_ATTRIBUTE(&lg_staticFalseValue,sizeof(lg_staticFalseValue)); static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL,0); char lg_StaticOneValue = 1; -static const CK_ATTRIBUTE lg_StaticOneAttr = - LG_DEF_ATTRIBUTE(&lg_StaticOneValue,sizeof(lg_StaticOneValue)); /* * helper functions which get the database and call the underlying @@ -434,11 +432,6 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) { return pubItem; } -static const SEC_ASN1Template lg_SerialTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(NSSLOWCERTCertificate,serialNumber) }, - { 0 } -}; - static CK_RV lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute) diff --git a/lib/softoken/legacydb/lginit.c b/lib/softoken/legacydb/lginit.c index d08d4506a..47da8f042 100644 --- a/lib/softoken/legacydb/lginit.c +++ b/lib/softoken/legacydb/lginit.c @@ -476,14 +476,14 @@ lg_Close(SDB *sdb) static PLHashNumber lg_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } PRIntn lg_CompareValues(const void *v1, const void *v2) { - PLHashNumber value1 = (PLHashNumber) v1; - PLHashNumber value2 = (PLHashNumber) v2; + PLHashNumber value1 = lg_HashNumber(v1); + PLHashNumber value2 = lg_HashNumber(v2); return (value1 == value2); } @@ -587,9 +587,9 @@ legacy_Open(const char *configdir, const char *certPrefix, CK_RV crv = CKR_OK; SECStatus rv; PRBool readOnly = (flags == SDB_RDONLY)? PR_TRUE: PR_FALSE; - volatile char c; /* force a reference that won't get optimized away */ - c = __nss_dbm_version[0]; +#define NSS_VERSION_VARIABLE __nss_dbm_version +#include "verref.h" rv = SECOID_Init(); if (SECSuccess != rv) { diff --git a/lib/softoken/legacydb/pcertdb.c b/lib/softoken/legacydb/pcertdb.c index 5f7670062..4eda4f0f4 100644 --- a/lib/softoken/legacydb/pcertdb.c +++ b/lib/softoken/legacydb/pcertdb.c @@ -103,13 +103,12 @@ nsslowcert_LockDB(NSSLOWCERTCertDBHandle *handle) static void nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle) { - PRStatus prstat; - - prstat = PZ_ExitMonitor(handle->dbMon); - +#ifdef DEBUG + PRStatus prstat = PZ_ExitMonitor(handle->dbMon); PORT_Assert(prstat == PR_SUCCESS); - - return; +#else + PZ_ExitMonitor(handle->dbMon); +#endif } @@ -134,15 +133,16 @@ nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certRefCountLock != NULL); - prstat = PZ_Unlock(certRefCountLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certRefCountLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certRefCountLock); +#endif } /* @@ -166,15 +166,16 @@ nsslowcert_LockCertTrust(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certTrustLock != NULL); - prstat = PZ_Unlock(certTrustLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certTrustLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certTrustLock); +#endif } @@ -199,15 +200,17 @@ nsslowcert_LockFreeList(void) static void nsslowcert_UnlockFreeList(void) { - PRStatus prstat = PR_SUCCESS; - PORT_Assert(freeListLock != NULL); - SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PR_SUCCESS; + SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + SKIP_AFTER_FORK(PZ_Unlock(freeListLock)); +#endif } NSSLOWCERTCertificate * @@ -224,7 +227,6 @@ nsslowcert_DupCertificate(NSSLOWCERTCertificate *c) static int certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -232,7 +234,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -240,7 +242,6 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret = 0; PORT_Assert(dbLock != NULL); @@ -248,7 +249,7 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -256,7 +257,6 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Sync(DB *db, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -264,7 +264,7 @@ certdb_Sync(DB *db, unsigned int flags) ret = (* db->sync)(db, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -273,7 +273,6 @@ certdb_Sync(DB *db, unsigned int flags) static int certdb_Del(DB *db, DBT *key, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -281,7 +280,7 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); /* don't fail if the record is already deleted */ if (ret == DB_NOT_FOUND) { @@ -294,7 +293,6 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) static int certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -302,7 +300,7 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -310,14 +308,12 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) static void certdb_Close(DB *db) { - PRStatus prstat = PR_SUCCESS; - PORT_Assert(dbLock != NULL); SKIP_AFTER_FORK(PZ_Lock(dbLock)); (* db->close)(db); - SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock)); + SKIP_AFTER_FORK(PZ_Unlock(dbLock)); return; } @@ -2430,7 +2426,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, certDBEntrySubject *entry; SECStatus rv; unsigned int nnlen; - unsigned int eaddrlen; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ( arena == NULL ) { @@ -2480,7 +2475,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, goto loser; } - eaddrlen = PORT_Strlen(emailAddr) + 1; entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *)); if ( entry->emailAddrs == NULL ) { PORT_Free(emailAddr); @@ -3586,7 +3580,6 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) certDBEntrySMime *emailEntry = NULL; char *nickname; char *emailAddr; - SECStatus rv; /* * Sequence through the old database and copy all of the entries @@ -3700,7 +3693,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) if ( subjectEntry->nickname ) { PORT_Memcpy(subjectEntry->nickname, nickname, key.size - 1); - rv = WriteDBSubjectEntry(handle, subjectEntry); + (void)WriteDBSubjectEntry(handle, subjectEntry); } } else if ( type == certDBEntryTypeSMimeProfile ) { emailAddr = &((char *)key.data)[1]; @@ -3729,7 +3722,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr, key.size - 1); subjectEntry->nemailAddrs = 1; - rv = WriteDBSubjectEntry(handle, subjectEntry); + (void)WriteDBSubjectEntry(handle, subjectEntry); } } } @@ -3791,14 +3784,13 @@ static SECStatus UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) { NSSLOWCERTCertDBHandle updatehandle; - SECStatus rv; updatehandle.permCertDB = updatedb; updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB); updatehandle.dbVerify = 0; updatehandle.ref = 1; /* prevent premature close */ - rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, + (void)nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, (void *)handle); PZ_DestroyMonitor(updatehandle.dbMon); @@ -5071,7 +5063,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, PRBool isKRL) { SECItem keyitem; - DBT key; SECStatus rv; PLArenaPool *arena = NULL; certDBEntryRevocation *entry = NULL; @@ -5088,9 +5079,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, goto loser; } - key.data = keyitem.data; - key.size = keyitem.len; - /* find in perm database */ entry = ReadDBCrlEntry(handle, crlKey, crlType); diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c index c0949fec0..16d4c9141 100644 --- a/lib/softoken/lowpbe.c +++ b/lib/softoken/lowpbe.c @@ -516,7 +516,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, } PORT_Memcpy(Ai, iterBuf, hashLength); - for (Bidx = 0; Bidx < B.len; Bidx += hashLength) { + for (Bidx = 0; Bidx < (int)B.len; Bidx += hashLength) { PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength)); } diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c index baa090037..e52c57db8 100644 --- a/lib/softoken/pkcs11.c +++ b/lib/softoken/pkcs11.c @@ -1746,7 +1746,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue, object,CKA_EC_POINT); if (crv == CKR_OK) { - int keyLen,curveLen; + unsigned int keyLen,curveLen; curveLen = (pubKey->u.ec.ecParams.fieldID.size +7)/8; keyLen = (2*curveLen)+1; @@ -2221,7 +2221,7 @@ CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) static PLHashNumber sftk_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } /* @@ -3144,11 +3144,11 @@ extern const char __nss_softokn_version[]; /* NSC_GetInfo returns general information about Cryptoki. */ CK_RV NSC_GetInfo(CK_INFO_PTR pInfo) { - volatile char c; /* force a reference that won't get optimized away */ +#define NSS_VERSION_VARIABLE __nss_softokn_version +#include "verref.h" CHECK_FORK(); - c = __nss_softokn_version[0]; pInfo->cryptokiVersion.major = 2; pInfo->cryptokiVersion.minor = 20; PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32); @@ -4005,7 +4005,7 @@ static CK_RV sftk_CreateNewSlot(SFTKSlot *slot, CK_OBJECT_CLASS class, PRBool isValidFIPSUserSlot = PR_FALSE; PRBool isValidSlot = PR_FALSE; PRBool isFIPS = PR_FALSE; - unsigned long moduleIndex; + unsigned long moduleIndex = NSC_NON_FIPS_MODULE; SFTKAttribute *attribute; sftk_parameters paramStrings; char *paramString; @@ -4514,7 +4514,7 @@ sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle, { PRBool isCert = PR_FALSE; int emailIndex = -1; - int i; + unsigned int i; SFTKSearchResults smime_search; CK_ATTRIBUTE smime_template[2]; CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME; diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index 2ae4a74bc..0a2c5dc89 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -73,6 +73,7 @@ static void sftk_Null(void *data, PRBool freeit) } \ printf("\n") #else +#undef EC_DEBUG #define SEC_PRINT(a, b, c, d) #endif #endif /* NSS_DISABLE_ECC */ @@ -4081,7 +4082,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, CK_MECHANISM mech = {0, NULL, 0}; CK_ULONG modulusLen; - CK_ULONG subPrimeLen; + CK_ULONG subPrimeLen = 0; PRBool isEncryptable = PR_FALSE; PRBool canSignVerify = PR_FALSE; PRBool isDerivable = PR_FALSE; @@ -4379,7 +4380,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, DSAPrivateKey * dsaPriv; /* Diffie Hellman */ - int private_value_bits = 0; DHPrivateKey * dhPriv; #ifndef NSS_DISABLE_ECC @@ -4431,7 +4431,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, */ for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) { if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) { - private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue; continue; } @@ -4901,7 +4900,9 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) SECStatus rv = SECSuccess; SECItem *encodedKey = NULL; #ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug; +#endif int savelen; #endif @@ -4974,9 +4975,11 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) lk->u.ec.ecParams.curveOID.len = savelen; lk->u.ec.publicValue.len >>= 3; +#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, fordebug); +#endif param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); @@ -5015,7 +5018,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PrivateKeyInfoTemplate); *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; -#ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG fordebug = encodedKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); @@ -6805,7 +6808,7 @@ key_and_mac_derive_fail: PRBool withCofactor = PR_FALSE; unsigned char *secret; unsigned char *keyData = NULL; - int secretlen, curveLen, pubKeyLen; + unsigned int secretlen, curveLen, pubKeyLen; CK_ECDH1_DERIVE_PARAMS *mechParams; NSSLOWKEYPrivateKey *privKey; PLArenaPool *arena = NULL; diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c index 78e2fdc9c..de5cbbc29 100644 --- a/lib/softoken/pkcs11u.c +++ b/lib/softoken/pkcs11u.c @@ -1174,7 +1174,6 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) { SFTKSlot *slot = sftk_SlotFromSession(session); SFTKSessionObject *so = sftk_narrowToSessionObject(object); - SFTKTokenObject *to = sftk_narrowToTokenObject(object); CK_RV crv = CKR_OK; PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize); @@ -1191,8 +1190,10 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) sftk_FreeObject(object); /* free the reference owned by the queue */ } else { SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle); - +#ifdef DEBUG + SFTKTokenObject *to = sftk_narrowToTokenObject(object); PORT_Assert(to); +#endif crv = sftkdb_DestroyObject(handle, object->handle); sftk_freeDB(handle); } @@ -1899,7 +1900,6 @@ SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) { SFTKObject *object = NULL; - SFTKTokenObject *tokObject = NULL; PRBool hasLocks = PR_FALSE; CK_RV crv; @@ -1908,7 +1908,6 @@ sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) if (object == NULL) { return NULL; } - tokObject = (SFTKTokenObject *) object; object->handle = handle; /* every object must have a class, if we can't get it, the object diff --git a/lib/softoken/sdb.c b/lib/softoken/sdb.c index 83150bb38..16848604c 100644 --- a/lib/softoken/sdb.c +++ b/lib/softoken/sdb.c @@ -689,7 +689,7 @@ sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count, char *join=""; int sqlerr = SQLITE_OK; CK_RV error = CKR_OK; - int i; + unsigned int i; LOCK_SQLITE() *find = NULL; @@ -836,7 +836,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, CK_RV error = CKR_OK; int found = 0; int retry = 0; - int i; + unsigned int i; /* open a new db if necessary */ @@ -879,7 +879,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, PR_Sleep(SDB_BUSY_RETRY_TIME); } if (sqlerr == SQLITE_ROW) { - int blobSize; + unsigned int blobSize; const char *blobData; blobSize = sqlite3_column_bytes(stmt, 0); @@ -963,7 +963,7 @@ sdb_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id, int sqlerr = SQLITE_OK; int retry = 0; CK_RV error = CKR_OK; - int i; + unsigned int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; @@ -1115,7 +1115,7 @@ sdb_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *object_id, CK_RV error = CKR_OK; CK_OBJECT_HANDLE this_object = CK_INVALID_HANDLE; int retry = 0; - int i; + unsigned int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c index 149191018..b686e8e10 100644 --- a/lib/softoken/sftkdb.c +++ b/lib/softoken/sftkdb.c @@ -325,9 +325,7 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID, if (sftkdb_isULONGAttribute(template[i].type)) { if (template[i].pValue) { CK_ULONG value; - unsigned char *data; - data = (unsigned char *)ntemplate[i].pValue; value = sftk_SDBULong2ULong(ntemplate[i].pValue); if (length < sizeof(CK_ULONG)) { template[i].ulValueLen = -1; @@ -475,7 +473,7 @@ sftk_signTemplate(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template, CK_ULONG count) { - int i; + unsigned int i; CK_RV crv; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -573,11 +571,8 @@ sftkdb_CreateObject(PLArenaPool *arena, SFTKDBHandle *handle, SDB *db, CK_OBJECT_HANDLE *objectID, CK_ATTRIBUTE *template, CK_ULONG count) { - PRBool inTransaction = PR_FALSE; CK_RV crv; - inTransaction = PR_TRUE; - crv = (*db->sdb_CreateObject)(db, objectID, template, count); if (crv != CKR_OK) { goto loser; @@ -595,9 +590,9 @@ sftk_ExtractTemplate(PLArenaPool *arena, SFTKObject *object, SFTKDBHandle *handle,CK_ULONG *pcount, CK_RV *crv) { - int count; + unsigned int count; CK_ATTRIBUTE *template; - int i, templateIndex; + unsigned int i, templateIndex; SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); PRBool doEnc = PR_TRUE; @@ -1021,7 +1016,7 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, { CK_ATTRIBUTE *attr; char *nickname, *newNickname; - int end, digit; + unsigned int end, digit; /* sanity checks. We should never get here with these errors */ if (objectType != CKO_CERTIFICATE) { @@ -1060,9 +1055,11 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, return CKR_OK; } - for (end = attr->ulValueLen - 1; - end >= 0 && (digit = nickname[end]) <= '9' && digit >= '0'; - end--) { + for (end = attr->ulValueLen; end-- > 0;) { + digit = nickname[end]; + if (digit > '9' || digit < '0') { + break; + } if (digit < '9') { nickname[end]++; return CKR_OK; @@ -1257,7 +1254,7 @@ sftkdb_FindObjects(SFTKDBHandle *handle, SDBFind *find, crv = (*db->sdb_FindObjects)(db, find, ids, arraySize, count); if (crv == CKR_OK) { - int i; + unsigned int i; for (i=0; i < *count; i++) { ids[i] |= (handle->type | SFTK_TOKEN_TYPE); } @@ -1600,14 +1597,14 @@ static const CK_ATTRIBUTE_TYPE known_attributes[] = { CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS }; -static int known_attributes_size= sizeof(known_attributes)/ +static unsigned int known_attributes_size= sizeof(known_attributes)/ sizeof(known_attributes[0]); static CK_RV sftkdb_GetObjectTemplate(SDB *source, CK_OBJECT_HANDLE id, CK_ATTRIBUTE *ptemplate, CK_ULONG *max) { - int i,j; + unsigned int i,j; CK_RV crv; if (*max < known_attributes_size) { @@ -2011,7 +2008,6 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, {CKA_ID, NULL, 0}, {CKA_LABEL, NULL, 0} }; - CK_RV crv; attr1 = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen); attr2 = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen); @@ -2023,7 +2019,7 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, } /* the source has either an id or a label, see what the target has */ - crv = (*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); + (void)(*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); /* if the target has neither, update from the source */ if ( ((ttemplate[0].ulValueLen == 0) || @@ -2168,7 +2164,7 @@ sftkdb_mergeObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE id, CK_OBJECT_CLASS objectType; SDB *source = handle->update; SDB *target = handle->db; - int i; + unsigned int i; CK_RV crv; PLArenaPool *arena = NULL; @@ -2257,7 +2253,7 @@ sftkdb_Update(SFTKDBHandle *handle, SECItem *key) SECItem *updatePasswordKey = NULL; CK_RV crv, crv2; PRBool inTransaction = PR_FALSE; - int i; + unsigned int i; if (handle == NULL) { return CKR_OK; diff --git a/lib/softoken/sftkhmac.c b/lib/softoken/sftkhmac.c index 04c4e63dd..f4e859bc8 100644 --- a/lib/softoken/sftkhmac.c +++ b/lib/softoken/sftkhmac.c @@ -146,28 +146,26 @@ void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - SECStatus rv = HMAC_ConstantTime( + PORT_CheckSuccess(HMAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength); - PORT_Assert(rv == SECSuccess); + ctx->totalLength)); } void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - SECStatus rv = SSLv3_MAC_ConstantTime( + PORT_CheckSuccess(SSLv3_MAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength); - PORT_Assert(rv == SECSuccess); + ctx->totalLength)); } void diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c index 670744c1c..d8ce85775 100644 --- a/lib/softoken/sftkpwd.c +++ b/lib/softoken/sftkpwd.c @@ -864,8 +864,6 @@ static CK_RV sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE id, SECItem *newKey) { - CK_RV crv = CKR_OK; - CK_RV crv2; CK_ATTRIBUTE authAttrs[] = { {CKA_MODULUS, NULL, 0}, {CKA_PUBLIC_EXPONENT, NULL, 0}, @@ -879,7 +877,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, {CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0}, }; CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE); - int i, count; + unsigned int i, count; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -902,7 +900,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, /* * STEP 1: find the MACed attributes of this object */ - crv2 = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); count = 0; /* allocate space for the attributes */ for (i=0; i < authAttrCount; i++) { @@ -912,7 +910,6 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, count++; authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen); if (authAttrs[i].pValue == NULL) { - crv = CKR_HOST_MEMORY; break; } } @@ -922,7 +919,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, return CKR_OK; } - crv = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); /* ignore error code, we expect some possible errors */ /* GetAttributeValue just verified the old macs, safe to write @@ -969,7 +966,7 @@ sftk_updateEncrypted(PLArenaPool *arena, SFTKDBHandle *keydb, {CKA_EXPONENT_2, NULL, 0}, {CKA_COEFFICIENT, NULL, 0} }; CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE); - int i, count; + unsigned int i, count; /* * STEP 1. Read the old attributes in the clear. @@ -1113,7 +1110,7 @@ sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template, CK_ULONG idCount = SFTK_MAX_IDS; CK_OBJECT_HANDLE ids[SFTK_MAX_IDS]; CK_RV crv, crv2; - int i; + unsigned int i; crv = sftkdb_FindObjectsInit(handle, template, count, &find); diff --git a/lib/sqlite/Makefile b/lib/sqlite/Makefile index a2f0cf7d5..dd8ea1434 100644 --- a/lib/sqlite/Makefile +++ b/lib/sqlite/Makefile @@ -46,3 +46,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk export:: private_export +ifeq (WINNT,$(OS_ARCH)) +# sqlite calls the deprecated GetVersionExA method +OS_CFLAGS += -w44996 +endif + diff --git a/lib/sqlite/sqlite3.c b/lib/sqlite/sqlite3.c index 8ec2bb950..8f261e801 100644 --- a/lib/sqlite/sqlite3.c +++ b/lib/sqlite/sqlite3.c @@ -8149,17 +8149,17 @@ typedef INT8_TYPE i8; /* 1-byte signed integer */ ** Macros to determine whether the machine is big or little endian, ** evaluated at runtime. */ -#ifdef SQLITE_AMALGAMATION -SQLITE_PRIVATE const int sqlite3one = 1; -#else -SQLITE_PRIVATE const int sqlite3one; -#endif #if defined(i386) || defined(__i386__) || defined(_M_IX86)\ || defined(__x86_64) || defined(__x86_64__) # define SQLITE_BIGENDIAN 0 # define SQLITE_LITTLEENDIAN 1 # define SQLITE_UTF16NATIVE SQLITE_UTF16LE #else +# ifdef SQLITE_AMALGAMATION +SQLITE_PRIVATE const int sqlite3one = 1; +# else +SQLITE_PRIVATE const int sqlite3one; +# endif # define SQLITE_BIGENDIAN (*(char *)(&sqlite3one)==0) # define SQLITE_LITTLEENDIAN (*(char *)(&sqlite3one)==1) # define SQLITE_UTF16NATIVE (SQLITE_BIGENDIAN?SQLITE_UTF16BE:SQLITE_UTF16LE) diff --git a/lib/ssl/dtlscon.c b/lib/ssl/dtlscon.c index cb63b2cc0..1b2110709 100644 --- a/lib/ssl/dtlscon.c +++ b/lib/ssl/dtlscon.c @@ -104,9 +104,7 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) const ssl3CipherSuite * suite; for (suite = nonDTLSSuites; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); } return SECSuccess; } @@ -396,7 +394,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * This avoids having to fill in the bitmask in the common * case of adjacent fragments received in sequence */ - if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { + if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) { /* Either this is the adjacent fragment or an overlapping * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + @@ -676,7 +674,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) /* The reason we use 8 here is that that's the length of * the new DTLS data that we add to the header */ - fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), + fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8), content_len - fragment_offset); PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); /* Make totally sure that we are within the buffer. diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 220feaa70..befcb7722 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -2558,7 +2558,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, PRUint32 fragLen; PRUint32 p1Len, p2Len, oddLen = 0; PRUint16 headerLen; - int ivLen = 0; + unsigned int ivLen = 0; int cipherBytes = 0; unsigned char pseudoHeader[13]; unsigned int pseudoHeaderLen; @@ -3120,7 +3120,8 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) { static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER | ssl_SEND_FLAG_CAP_RECORD_VERSION; - PRInt32 rv = SECSuccess; + PRInt32 count = -1; + SECStatus rv = SECSuccess; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -3134,18 +3135,19 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; } else { - rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, + count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len, flags); } - if (rv < 0) { + if (count < 0) { int err = PORT_GetError(); PORT_Assert(err != PR_WOULD_BLOCK_ERROR); if (err == PR_WOULD_BLOCK_ERROR) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } - } else if (rv < ss->sec.ci.sendBuf.len) { + rv = SECFailure; + } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { /* short write should never happen */ - PORT_Assert(rv >= ss->sec.ci.sendBuf.len); + PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; } else { @@ -7609,7 +7611,7 @@ ssl3_SendServerHelloSequence(sslSocket *ss) if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) { /* see if we can legally use the key in the cert. */ - int keyLen; /* bytes */ + unsigned int keyLen; /* bytes */ keyLen = PK11_GetPrivateModulusLen( ss->serverCerts[kea_def->exchKeyType].SERVERKEY); @@ -8362,7 +8364,7 @@ compression_found: ret = SSL_SNI_SEND_ALERT; break; } - } else if (ret < ss->xtnData.sniNameArrSize) { + } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) { /* Application has configured new socket info. Lets check it * and save the name. */ SECStatus rv; @@ -8413,7 +8415,7 @@ compression_found: ssl3_SendServerNameXtn); } else { /* Callback returned index outside of the boundary. */ - PORT_Assert(ret < ss->xtnData.sniNameArrSize); + PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize); errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; desc = internal_error; ret = SSL_SNI_SEND_ALERT; @@ -11644,7 +11646,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) SSL3Opaque *givenHash; sslBuffer *plaintext; sslBuffer temp_buf; - PRUint64 dtls_seq_num; + PRUint64 dtls_seq_num = 0; unsigned int ivLen = 0; unsigned int originalLen = 0; unsigned int good; diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c index c9e1f3b80..fa3978820 100644 --- a/lib/ssl/ssl3ecc.c +++ b/lib/ssl/ssl3ecc.c @@ -967,9 +967,7 @@ ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) if (!suite) suite = ecSuites; for (; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_CheckSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); } return SECSuccess; } @@ -1128,7 +1126,10 @@ ssl3_SendSupportedCurvesXtn( ecList = tlsECList; } - if (append && maxBytes >= ecListSize) { + if (maxBytes < (PRUint32)ecListSize) { + return 0; + } + if (append) { SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); if (rv != SECSuccess) return -1; diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index db653db9e..1b6e9f22d 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -311,7 +311,7 @@ ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { static PRBool arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) { - int i; + unsigned int i; for (i = 0; i < len; i++) { if (ex_type == array[i]) return PR_TRUE; @@ -451,7 +451,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECFailure; } for (i = 0;i < listCount;i++) { - int j; + unsigned int j; PRInt32 type; SECStatus rv; PRBool nametypePresent = PR_FALSE; @@ -539,7 +539,11 @@ ssl3_SendSessionTicketXtn( } } - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); @@ -562,9 +566,6 @@ ssl3_SendSessionTicketXtn( xtnData->advertised[xtnData->numAdvertised++] = ssl_session_ticket_xtn; } - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; @@ -804,7 +805,10 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, extension_length = 4; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); if (rv != SECSuccess) @@ -814,8 +818,6 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_next_proto_nego_xtn; - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -839,7 +841,10 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list length */ + ss->opt.nextProtoNego.len; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { /* NPN requires that the client's fallback protocol is first in the * list. However, ALPN sends protocols in preference order. So we * allocate a buffer and move the first protocol to the end of the @@ -879,8 +884,6 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_app_layer_protocol_xtn; - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -908,7 +911,10 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list */ + 1 /* name length */ + ss->ssl3.nextProto.len; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); if (rv != SECSuccess) { @@ -927,8 +933,6 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) if (rv != SECSuccess) { return -1; } - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -975,7 +979,10 @@ ssl3_ServerSendStatusRequestXtn( return 0; extension_length = 2 + 2; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); if (rv != SECSuccess) @@ -1008,7 +1015,11 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, */ extension_length = 9; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; TLSExtensionData *xtnData; @@ -1036,9 +1047,6 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; } @@ -1050,7 +1058,7 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, SECStatus ssl3_SendNewSessionTicket(sslSocket *ss) { - int i; + PRUint32 i; SECStatus rv; NewSessionTicket ticket; SECItem plaintext; @@ -1426,7 +1434,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, if (data->len == 0) { ss->xtnData.emptySessionTicket = PR_TRUE; } else { - int i; + PRUint32 i; SECItem extension_data; EncryptedSessionTicket enc_session_ticket; unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; @@ -2016,7 +2024,10 @@ ssl3_SendRenegotiationInfoXtn( (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 : ss->ssl3.hs.finishedBytes); needed = 5 + len; - if (append && maxBytes >= needed) { + if (maxBytes < (PRUint32)needed) { + return 0; + } + if (append) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); @@ -2404,7 +2415,11 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* supported_signature_algorithms length */ + sizeof(signatureAlgorithms); - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); if (rv != SECSuccess) @@ -2418,9 +2433,6 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_signature_algorithms_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; @@ -2494,7 +2506,11 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } extension_length = 6; /* Type + length + number */ - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2); if (rv != SECSuccess) @@ -2507,9 +2523,6 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_tls13_draft_version_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; diff --git a/lib/ssl/ssl3gthr.c b/lib/ssl/ssl3gthr.c index cd487c667..23b9755b6 100644 --- a/lib/ssl/ssl3gthr.c +++ b/lib/ssl/ssl3gthr.c @@ -71,8 +71,8 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) break; } - PORT_Assert( nb <= gs->remainder ); - if (nb > gs->remainder) { + PORT_Assert( (unsigned int)nb <= gs->remainder ); + if ((unsigned int)nb > gs->remainder) { /* ssl_DefRecv is misbehaving! this error is fatal to SSL. */ gs->state = GS_INIT; /* so we don't crash next time */ rv = SECFailure; diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c index ed74d94c6..b144336db 100644 --- a/lib/ssl/sslauth.c +++ b/lib/ssl/sslauth.c @@ -264,8 +264,7 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer) &certStatusArray->items[0], ss->pkcs11PinArg) != SECSuccess) { - PRErrorCode error = PR_GetError(); - PORT_Assert(error != 0); + PORT_Assert(PR_GetError() != 0); } } diff --git a/lib/ssl/sslcon.c b/lib/ssl/sslcon.c index 24e4d673f..ccd00260e 100644 --- a/lib/ssl/sslcon.c +++ b/lib/ssl/sslcon.c @@ -22,20 +22,6 @@ static PRBool policyWasSet; -/* This ordered list is indexed by (SSL_CK_xx * 3) */ -/* Second and third bytes are MSB and LSB of master key length. */ -static const PRUint8 allCipherSuites[] = { - 0, 0, 0, - SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, - SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80, - SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80, - SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80, - SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0, - 0, 0, 0 -}; - #define ssl2_NUM_SUITES_IMPLEMENTED 6 /* This list is sent back to the client when the client-hello message @@ -851,7 +837,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) { PRUint8 * out; int rv; - int amount; + unsigned int amount; int count = 0; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -927,7 +913,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; PRUint8 macLen; int nout; - int buflen; + unsigned int buflen; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1031,7 +1017,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; /* of plaintext to go in record. */ unsigned int padding; /* add this many padding byte. */ int nout; /* ciphertext size after header. */ - int buflen; /* size of generated record. */ + unsigned int buflen; /* size of generated record. */ PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1555,7 +1541,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, unsigned int ddLen; /* length of RSA decrypted data in kbuf */ unsigned int keySize; unsigned int dkLen; /* decrypted key length in bytes */ - int modulusLen; + int modulusLen; SECStatus rv; PRUint16 allowed; /* cipher kinds enabled and allowed by policy */ PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES]; @@ -1617,11 +1603,11 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, } modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY); - if (modulusLen == -1) { + if (modulusLen < 0) { /* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */ modulusLen = ekLen; } - if (ekLen > modulusLen || ekLen + ckLen < keySize) { + if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) { SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!", SSL_GETPID(), ss->fd, ekLen)); PORT_SetError(SSL_ERROR_BAD_CLIENT); @@ -2495,7 +2481,6 @@ ssl2_HandleMessage(sslSocket *ss) PRUint8 * cid; unsigned len, certType, certLen, responseLen; int rv; - int rv2; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -2613,7 +2598,7 @@ ssl2_HandleMessage(sslSocket *ss) data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen, responseLen); if (rv) { - rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); + (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); SET_ERROR_CODE goto loser; } @@ -2741,7 +2726,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) PRUint8 * cs; PRUint8 * data; SECStatus rv; - int needed, sidHit, certLen, csLen, cidLen, certType, err; + unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -3674,6 +3659,9 @@ extern const char __nss_ssl_version[]; PRBool NSSSSL_VersionCheck(const char *importedVersion) { +#define NSS_VERSION_VARIABLE __nss_ssl_version +#include "verref.h" + /* * This is the secret handshake algorithm. * @@ -3683,9 +3671,6 @@ NSSSSL_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_ssl_version[0]; return NSS_VersionCheck(importedVersion); } diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h index e32654609..cc53ee82e 100644 --- a/lib/ssl/sslimpl.h +++ b/lib/ssl/sslimpl.h @@ -740,7 +740,7 @@ typedef struct { * is_limited identifies a suite as having a limit on the key size. * key_size_limit provides the corresponding limit. */ PRBool is_limited; - int key_size_limit; + unsigned int key_size_limit; PRBool tls_keygen; /* True if the key exchange for the suite is ephemeral. Or to be more * precise: true if the ServerKeyExchange message is always required. */ @@ -1006,7 +1006,7 @@ struct ssl3StateStr { PRBool dheWeakGroupEnabled; /* used by server */ }; -#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the +#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the * headers, so slightly larger than expected */ #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c index 96a715f90..d2df8c2ec 100644 --- a/lib/ssl/sslinfo.c +++ b/lib/ssl/sslinfo.c @@ -283,12 +283,10 @@ SSL_DisableDefaultExportCipherSuites(void) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; - SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE)); } } return SECSuccess; @@ -304,12 +302,10 @@ SSL_DisableExportCipherSuites(PRFileDesc * fd) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; - SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); - PORT_Assert(rv == SECSuccess); + PORT_CheckSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE)); } } return SECSuccess; diff --git a/lib/ssl/sslmutex.c b/lib/ssl/sslmutex.c index ff6368069..af683daf5 100644 --- a/lib/ssl/sslmutex.c +++ b/lib/ssl/sslmutex.c @@ -504,7 +504,7 @@ sslMutex_Lock(sslMutex *pMutex) return SECSuccess; } -#elif defined(XP_UNIX) +#elif defined(XP_UNIX) && !defined(DARWIN) #include <errno.h> #include "unix_err.h" diff --git a/lib/ssl/sslmutex.h b/lib/ssl/sslmutex.h index b784baf66..d374a883b 100644 --- a/lib/ssl/sslmutex.h +++ b/lib/ssl/sslmutex.h @@ -67,7 +67,8 @@ typedef struct { } sslMutex; typedef pid_t sslPID; -#elif defined(XP_UNIX) /* other types of Unix */ +/* other types of unix, except OS X */ +#elif defined(XP_UNIX) && !defined(DARWIN) #include <sys/types.h> /* for pid_t */ #include <semaphore.h> /* for sem_t, and sem_* functions */ @@ -83,7 +84,7 @@ typedef struct typedef pid_t sslPID; -#else +#else /* no support for cross-process locking */ /* what platform is this ?? */ @@ -95,7 +96,11 @@ typedef struct { } u; } sslMutex; +#ifdef DARWIN +typedef pid_t sslPID; +#else typedef int sslPID; +#endif #endif diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c index af91aa653..53b488586 100644 --- a/lib/ssl/sslsecur.c +++ b/lib/ssl/sslsecur.c @@ -1196,11 +1196,8 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow) int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags) { - sslSecurityInfo *sec; int rv = 0; - sec = &ss->sec; - if (ss->shutdownHow & ssl_SHUTDOWN_RCV) { PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); return PR_FAILURE; diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c index 4d9ef380c..3a80d060f 100644 --- a/lib/ssl/sslsnce.c +++ b/lib/ssl/sslsnce.c @@ -1027,6 +1027,10 @@ CloseCache(cacheDesc *cache) memset(cache, 0, sizeof *cache); } +#ifdef __GNUC__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif static SECStatus InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, int maxSrvNameCacheEntries, PRUint32 ssl2_timeout, @@ -1266,6 +1270,9 @@ loser: CloseCache(cache); return SECFailure; } +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif PRUint32 SSL_GetMaxServerCacheLocks(void) diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index f2e820a1c..78b5764ce 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -1422,7 +1422,7 @@ static PQGParams *gWeakParamsPQG; static ssl3DHParams *gWeakDHParams; static PRStatus -ssl3_CreateWeakDHParams() +ssl3_CreateWeakDHParams(void) { PQGVerify *vfy; SECStatus rv, passed; diff --git a/lib/util/derdec.c b/lib/util/derdec.c index c62191487..2c17ce939 100644 --- a/lib/util/derdec.c +++ b/lib/util/derdec.c @@ -175,7 +175,7 @@ der_capture(unsigned char *buf, unsigned char *end, return SECFailure; } - *header_len_p = bp - buf; + *header_len_p = (int)(bp - buf); *contents_len_p = contents_len; return SECSuccess; diff --git a/lib/util/derenc.c b/lib/util/derenc.c index 90a9d2dfc..4a02e1a71 100644 --- a/lib/util/derenc.c +++ b/lib/util/derenc.c @@ -279,7 +279,7 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) int header_len; PRUint32 contents_len; unsigned long encode_kind, under_kind; - PRBool explicit, optional, universal; + PRBool explicit, universal; /* @@ -301,7 +301,6 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) encode_kind = dtemplate->kind; explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE; - optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE; encode_kind &= ~DER_OPTIONAL; universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL) ? PR_TRUE : PR_FALSE; diff --git a/lib/util/manifest.mn b/lib/util/manifest.mn index 9ff3758f0..36c2d1dfe 100644 --- a/lib/util/manifest.mn +++ b/lib/util/manifest.mn @@ -43,6 +43,7 @@ EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ + verref.h \ templates.c \ $(NULL) diff --git a/lib/util/nssb64e.c b/lib/util/nssb64e.c index da0702c08..5959982bb 100644 --- a/lib/util/nssb64e.c +++ b/lib/util/nssb64e.c @@ -632,7 +632,7 @@ NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt, { char *out_string = outStrOpt; PRUint32 max_out_len; - PRUint32 out_len; + PRUint32 out_len = 0; void *mark = NULL; char *dummy; diff --git a/lib/util/nssrwlk.c b/lib/util/nssrwlk.c index 65fceda2e..fbbfbd6ee 100644 --- a/lib/util/nssrwlk.c +++ b/lib/util/nssrwlk.c @@ -91,7 +91,7 @@ NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) goto loser; } if (lock_name != NULL) { - rwlock->rw_name = (char*) PR_Malloc(strlen(lock_name) + 1); + rwlock->rw_name = (char*) PR_Malloc((PRUint32)strlen(lock_name) + 1); if (rwlock->rw_name == NULL) { goto loser; } diff --git a/lib/util/quickder.c b/lib/util/quickder.c index f9776bb9d..fe72b293a 100644 --- a/lib/util/quickder.c +++ b/lib/util/quickder.c @@ -146,7 +146,7 @@ static SECStatus GetItem(SECItem* src, SECItem* dest, PRBool includeTag) PORT_SetError(SEC_ERROR_BAD_DER); return SECFailure; } - src->len -= (dest->data - src->data) + dest->len; + src->len -= (int)(dest->data - src->data) + dest->len; src->data = dest->data + dest->len; return SECSuccess; } @@ -270,13 +270,9 @@ static SECStatus MatchComponentType(const SEC_ASN1Template* templateEntry, if ( (tag & SEC_ASN1_CLASS_MASK) != (((unsigned char)kind) & SEC_ASN1_CLASS_MASK) ) { -#ifdef DEBUG /* this is only to help debugging of the decoder in case of problems */ - unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; - unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; - tagclass = tagclass; - expectedclass = expectedclass; -#endif + /* unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; */ + /* unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; */ *match = PR_FALSE; return SECSuccess; } @@ -657,13 +653,12 @@ static SECStatus DecodeItem(void* dest, { SECStatus rv = SECSuccess; SECItem temp; - SECItem mark; + SECItem mark = {siBuffer, NULL, 0}; PRBool pop = PR_FALSE; PRBool decode = PR_TRUE; PRBool save = PR_FALSE; unsigned long kind; PRBool match = PR_TRUE; - PRBool optional = PR_FALSE; PR_ASSERT(src && dest && templateEntry && arena); #if 0 @@ -678,7 +673,6 @@ static SECStatus DecodeItem(void* dest, { /* do the template validation */ kind = templateEntry->kind; - optional = (0 != (kind & SEC_ASN1_OPTIONAL)); if (!kind) { PORT_SetError(SEC_ERROR_BAD_TEMPLATE); diff --git a/lib/util/secoid.c b/lib/util/secoid.c index a8ef5ec1f..0414c47e4 100644 --- a/lib/util/secoid.c +++ b/lib/util/secoid.c @@ -486,9 +486,6 @@ CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4}; -CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2}; -CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3}; -CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4}; CONST_OID sha256[] = { SHAXXX, 1 }; CONST_OID sha384[] = { SHAXXX, 2 }; @@ -1872,7 +1869,7 @@ static PLHashTable *oidmechhash = NULL; static PLHashNumber secoid_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } static void @@ -1913,9 +1910,9 @@ SECOID_Init(void) const SECOidData *oid; int i; char * envVal; - volatile char c; /* force a reference that won't get optimized away */ - c = __nss_util_version[0]; +#define NSS_VERSION_VARIABLE __nss_util_version +#include "verref.h" if (oidhash) { return SECSuccess; /* already initialized */ diff --git a/lib/util/secport.c b/lib/util/secport.c index 106399d24..723d89b35 100644 --- a/lib/util/secport.c +++ b/lib/util/secport.c @@ -466,7 +466,7 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) PZ_Lock(pool->lock); #ifdef THREADMARK { - threadmark_mark **pw, *tm; + threadmark_mark **pw; if (PR_GetCurrentThread() != pool->marking_thread ) { PZ_Unlock(pool->lock); @@ -488,7 +488,6 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) return /* no error indication available */ ; } - tm = *pw; *pw = (threadmark_mark *)NULL; if (zero) { @@ -536,7 +535,7 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) #ifdef THREADMARK PORTArenaPool *pool = (PORTArenaPool *)arena; if (ARENAPOOL_MAGIC == pool->magic ) { - threadmark_mark **pw, *tm; + threadmark_mark **pw; PZ_Lock(pool->lock); @@ -560,7 +559,6 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) return /* no error indication available */ ; } - tm = *pw; *pw = (threadmark_mark *)NULL; if (! pool->first_mark ) { diff --git a/lib/util/secport.h b/lib/util/secport.h index 5b09b9cb8..1b8f4616c 100644 --- a/lib/util/secport.h +++ b/lib/util/secport.h @@ -87,6 +87,13 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); SEC_END_PROTOS #define PORT_Assert PR_ASSERT +/* This runs a function that should return SECSuccess. */ +/* The value is asserted in a debug build, otherwise it is ignored. */ +#ifdef DEBUG +#define PORT_CheckSuccess(f) PR_ASSERT((f) == SECSuccess) +#else +#define PORT_CheckSuccess(f) (f) +#endif #define PORT_ZNew(type) (type*)PORT_ZAlloc(sizeof(type)) #define PORT_New(type) (type*)PORT_Alloc(sizeof(type)) #define PORT_ArenaNew(poolp, type) \ diff --git a/lib/util/utilmod.c b/lib/util/utilmod.c index 0f5970f11..50e6c8390 100644 --- a/lib/util/utilmod.c +++ b/lib/util/utilmod.c @@ -480,7 +480,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName, char *block = NULL; char *name = NULL; char *lib = NULL; - int name_len, lib_len; + int name_len, lib_len = 0; PRBool skip = PR_FALSE; PRBool found = PR_FALSE; diff --git a/lib/util/verref.h b/lib/util/verref.h new file mode 100644 index 000000000..2d141bb5c --- /dev/null +++ b/lib/util/verref.h @@ -0,0 +1,40 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This header is used inline in a function to ensure that a version string + * symbol is linked in and not optimized out. A volatile reference is added to + * the variable identified by NSS_VERSION_VARIABLE. + * + * Use this as follows: + * + * #define NSS_VERSION_VARIABLE __nss_ssl_version + * #include "verref.h" + */ + +/* Suppress unused variable warnings. */ +#ifdef _MSC_VER +#pragma warning(push) +#pragma warning(disable: 4101) +#endif +/* This works for both gcc and clang */ +#if defined(__GNUC__) && !defined(NSS_NO_GCC48) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-variable" +#endif + +#ifndef NSS_VERSION_VARIABLE +#error NSS_VERSION_VARIABLE must be set before including "verref.h" +#endif +{ + extern const char NSS_VERSION_VARIABLE[]; + volatile const char _nss_version_c = NSS_VERSION_VARIABLE[0]; +} +#undef NSS_VERSION_VARIABLE + +#ifdef _MSC_VER +#pragma warning(pop) +#endif +#if defined(__GNUC__) && !defined(NSS_NO_GCC48) +#pragma GCC diagnostic pop +#endif |