diff options
Diffstat (limited to 'cmd')
40 files changed, 239 insertions, 388 deletions
diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c index 776191808..81c3061bb 100644 --- a/cmd/bltest/blapitest.c +++ b/cmd/bltest/blapitest.c @@ -56,8 +56,7 @@ char *testdir = NULL; #define TIMEMARK(seconds) \ time1 = PR_SecondsToInterval(seconds); \ { \ - PRInt64 tmp, L100; \ - LL_I2L(L100, 100); \ + PRInt64 tmp; \ if (time2 == 0) { \ time2 = 1; \ } \ @@ -313,7 +312,6 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file) { unsigned char len[4]; int i; - SECStatus status; NSSBase64Encoder *cx; cx = NSSBase64Encoder_Create(output_ascii, file); for (i=0; i<ni; i++, it++) { @@ -321,11 +319,11 @@ serialize_key(SECItem *it, int ni, PRFileDesc *file) len[1] = (it->len >> 16) & 0xff; len[2] = (it->len >> 8) & 0xff; len[3] = (it->len & 0xff); - status = NSSBase64Encoder_Update(cx, len, 4); - status = NSSBase64Encoder_Update(cx, it->data, it->len); + NSSBase64Encoder_Update(cx, len, 4); + NSSBase64Encoder_Update(cx, it->data, it->len); } - status = NSSBase64Encoder_Destroy(cx, PR_FALSE); - status = PR_Write(file, "\r\n", 2); + NSSBase64Encoder_Destroy(cx, PR_FALSE); + PR_Write(file, "\r\n", 2); } void @@ -1436,7 +1434,7 @@ bltest_aes_init(bltestCipherInfo *cipherInfo, PRBool encrypt) int minorMode; int i; int keylen = aesp->key.buf.len; - int blocklen = AES_BLOCK_SIZE; + unsigned int blocklen = AES_BLOCK_SIZE; PRIntervalTime time1, time2; unsigned char *params; int len; @@ -1635,6 +1633,8 @@ bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt) cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP : rsa_decryptOAEP; break; + default: + break; } return SECSuccess; } @@ -2569,8 +2569,6 @@ printPR_smpString(const char *sformat, char *reportStr, fprintf(stdout, sformat, reportStr); PR_smprintf_free(reportStr); } else { - int prnRes; - LL_L2I(prnRes, rNum); fprintf(stdout, nformat, rNum); } } @@ -2791,8 +2789,8 @@ mode_str_to_hash_alg(const SECItem *modeStr) case bltestSHA256: return HASH_AlgSHA256; case bltestSHA384: return HASH_AlgSHA384; case bltestSHA512: return HASH_AlgSHA512; + default: return HASH_AlgNULL; } - return HASH_AlgNULL; } void @@ -3004,7 +3002,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, bltestIO pt, ct; bltestCipherMode mode; bltestParams *params; - int i, j, nummodes, numtests; + unsigned int i, j, nummodes, numtests; char *modestr; char filename[256]; PLArenaPool *arena; @@ -3457,13 +3455,12 @@ static secuCommandFlag bltest_options[] = int main(int argc, char **argv) { - char *infileName, *outfileName, *keyfileName, *ivfileName; SECStatus rv = SECFailure; - double totalTime; + double totalTime = 0.0; PRIntervalTime time1, time2; PRFileDesc *outfile = NULL; - bltestCipherInfo *cipherInfoListHead, *cipherInfo; + bltestCipherInfo *cipherInfoListHead, *cipherInfo = NULL; bltestIOMode ioMode; int bufsize, exponent, curThrdNum; #ifndef NSS_DISABLE_ECC @@ -3511,8 +3508,6 @@ int main(int argc, char **argv) cipherInfo = PORT_ZNew(bltestCipherInfo); cipherInfoListHead = cipherInfo; - /* set some defaults */ - infileName = outfileName = keyfileName = ivfileName = NULL; /* Check the number of commands entered on the command line. */ commandsEntered = 0; @@ -3712,8 +3707,10 @@ int main(int argc, char **argv) fprintf(stderr, "%s: You must specify a signature file with -f.\n", progName); - print_usage: - PORT_Free(cipherInfo); +print_usage: + if (cipherInfo) { + PORT_Free(cipherInfo); + } Usage(); } diff --git a/cmd/certcgi/certcgi.c b/cmd/certcgi/certcgi.c index 9bfa4e869..889de2540 100644 --- a/cmd/certcgi/certcgi.c +++ b/cmd/certcgi/certcgi.c @@ -356,81 +356,6 @@ find_field_bool(Pair *data, } } -static char * -update_data_by_name(Pair *data, - char *field_name, - char *new_data) - /* replaces the data in the data structure associated with - a name with new data, returns null if not found */ -{ - int i = 0; - int found = 0; - int length = 100; - char *new; - - while (return_name(data, i) != NULL) { - if (PORT_Strcmp(return_name(data, i), field_name) == 0) { - new = make_copy_string( new_data, length, '\0'); - PORT_Free(return_data(data, i)); - found = 1; - (*(data + i)).data = new; - break; - } - i++; - } - if (!found) { - new = NULL; - } - return new; -} - -static char * -update_data_by_index(Pair *data, - int n, - char *new_data) - /* replaces the data of a particular index in the data structure */ -{ - int length = 100; - char *new; - - new = make_copy_string(new_data, length, '\0'); - PORT_Free(return_data(data, n)); - (*(data + n)).data = new; - return new; -} - - -static Pair * -add_field(Pair *data, - char* field_name, - char* field_data) - /* adds a new name/data pair to the data structure */ -{ - int i = 0; - int j; - int name_length = 100; - int data_length = 100; - - while(return_name(data, i) != NULL) { - i++; - } - j = START_FIELDS; - while ( j < (i + 1) ) { - j = j * 2; - } - if (j == (i + 1)) { - data = (Pair *) PORT_Realloc(data, (j * 2) * sizeof(Pair)); - if (data == NULL) { - error_allocate(); - } - } - (*(data + i)).name = make_copy_string(field_name, name_length, '\0'); - (*(data + i)).data = make_copy_string(field_data, data_length, '\0'); - (data + i + 1)->name = NULL; - return data; -} - - static CERTCertificateRequest * makeCertReq(Pair *form_data, int which_priv_key) @@ -527,10 +452,6 @@ MakeV1Cert(CERTCertDBHandle *handle, PRExplodedTime printableTime; PRTime now, after; - SECStatus rv; - - - if ( !selfsign ) { issuerCert = CERT_FindCertByNameString(handle, issuerNameStr); if (!issuerCert) { @@ -539,7 +460,7 @@ MakeV1Cert(CERTCertDBHandle *handle, } } if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); + (void)DER_AsciiToTime(&now, find_field(data, "notBefore", PR_TRUE)); } else { now = PR_Now(); } @@ -550,7 +471,7 @@ MakeV1Cert(CERTCertDBHandle *handle, PR_ExplodeTime (now, PR_GMTParameters, &printableTime); } if (find_field_bool(data, "manValidity", PR_TRUE)) { - rv = DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); + (void)DER_AsciiToTime(&after, find_field(data, "notAfter", PR_TRUE)); PR_ExplodeTime (after, PR_GMTParameters, &printableTime); } else { printableTime.tm_month += 3; @@ -591,7 +512,7 @@ get_serial_number(Pair *data) if (ferror(serialFile) != 0) { error_out("Error: Unable to read serial number file"); } - if (serial == 4294967295) { + if (serial == -1) { serial = 21; } fclose(serialFile); @@ -1417,52 +1338,49 @@ string_to_ipaddress(char *string) return ipaddress; } +static int +chr_to_hex(char c) { + if (isdigit(c)) { + return c - '0'; + } + if (isxdigit(c)) { + return toupper(c) - 'A' + 10; + } + return -1; +} + static SECItem * -string_to_binary(char *string) +string_to_binary(char *string) { SECItem *rv; - int high_digit; - int low_digit; rv = (SECItem *) PORT_ZAlloc(sizeof(SECItem)); if (rv == NULL) { error_allocate(); } rv->data = (unsigned char *) PORT_ZAlloc((PORT_Strlen(string))/3 + 2); - while (!isxdigit(*string)) { + rv->len = 0; + while (*string && !isxdigit(*string)) { string++; } - rv->len = 0; - while (*string != '\0') { - if (isxdigit(*string)) { - if (*string >= '0' && *string <= '9') { - high_digit = *string - '0'; - } else { - *string = toupper(*string); - high_digit = *string - 'A' + 10; - } - string++; - if (*string >= '0' && *string <= '9') { - low_digit = *string - '0'; - } else { - *string = toupper(*string); - low_digit = *string - 'A' + 10; - } - (rv->len)++; - } else { - if (*string == ':') { - string++; - } else { - if (*string == ' ') { - while (*string == ' ') { - string++; - } - } - if (*string != '\0') { - error_out("ERROR: Improperly formated binary encoding"); - } - } - } + while (*string) { + int high, low; + high = chr_to_hex(*string++); + low = chr_to_hex(*string++); + if (high < 0 || low < 0) { + error_out("ERROR: Improperly formated binary encoding"); + } + rv->data[(rv->len)++] = high << 4 | low; + if (*string != ':') { + break; + } + ++string; + } + while (*string == ' ') { + ++string; + } + if (*string) { + error_out("ERROR: Junk after binary encoding"); } return rv; diff --git a/cmd/checkcert/checkcert.c b/cmd/checkcert/checkcert.c index 2a62a08ee..235451c39 100644 --- a/cmd/checkcert/checkcert.c +++ b/cmd/checkcert/checkcert.c @@ -122,7 +122,6 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, SECStatus rv; VFYContext *cx; SECOidData *sigAlgOid, *oiddata; - SECOidTag sigAlgTag; SECOidTag hashAlgTag; int showDigestOid=0; @@ -134,8 +133,6 @@ OurVerifyData(unsigned char *buf, int len, SECKEYPublicKey *key, sigAlgOid = SECOID_FindOID(&sigAlgorithm->algorithm); if (sigAlgOid == 0) return SECFailure; - sigAlgTag = sigAlgOid->offset; - if (showDigestOid) { oiddata = SECOID_FindOIDByTag(hashAlgTag); @@ -388,7 +385,7 @@ int main(int argc, char **argv) SECU_RegisterDynamicOids(); rv = SECU_PrintSignedData(stdout, &derCert, "Certificate", 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) { fprintf(stderr, "%s: Unable to pretty print cert. Error: %d\n", diff --git a/cmd/crlutil/crlgen.c b/cmd/crlutil/crlgen.c index 4eb16f71f..1fad32490 100644 --- a/cmd/crlutil/crlgen.c +++ b/cmd/crlutil/crlgen.c @@ -545,7 +545,7 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; void *dummy; - void *mark; + void *mark = NULL; int code = 0; PORT_Assert(arena && dataArr); @@ -583,7 +583,9 @@ crlgen_CreateReasonCode(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - PORT_ArenaRelease (arena, mark); + if (mark) { + PORT_ArenaRelease (arena, mark); + } return NULL; } @@ -595,7 +597,7 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, { SECItem *encodedItem; int length = 0; - void *mark; + void *mark = NULL; PORT_Assert(arena && dataArr); if (!arena || !dataArr) { @@ -624,7 +626,9 @@ crlgen_CreateInvalidityDate(PLArenaPool *arena, const char **dataArr, return encodedItem; loser: - PORT_ArenaRelease(arena, mark); + if (mark) { + PORT_ArenaRelease(arena, mark); + } return NULL; } @@ -1079,7 +1083,6 @@ static SECStatus crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) { PRUint64 i = 0; - PLArenaPool *arena; PORT_Assert(crlGenData && certId); if (!crlGenData || !certId) { @@ -1087,8 +1090,6 @@ crlgen_RmCert(CRLGENGeneratorData *crlGenData, char *certId) return SECFailure; } - arena = crlGenData->signCrl->arena; - if (crlgen_SetNewRangeField(crlGenData, certId) == SECFailure && certId) { return SECFailure; diff --git a/cmd/crlutil/crlutil.c b/cmd/crlutil/crlutil.c index dd9f4932e..d50137140 100644 --- a/cmd/crlutil/crlutil.c +++ b/cmd/crlutil/crlutil.c @@ -128,7 +128,7 @@ static void ListCRLNames (CERTCertDBHandle *certHandle, int crlType, PRBool dele while (crlNode) { char* asciiname = NULL; CERTCertificate *cert = NULL; - if (crlNode->crl && &crlNode->crl->crl.derName) { + if (crlNode->crl && crlNode->crl->crl.derName.data != NULL) { cert = CERT_FindCertByName(certHandle, &crlNode->crl->crl.derName); if (!cert) { @@ -698,6 +698,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, signCrl = CreateModifiedCRLCopy(arena, certHandle, &cert, certNickName, inFile, decodeOptions, importOptions); if (signCrl == NULL) { + rv = SECFailure; goto loser; } } @@ -705,6 +706,7 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, if (!cert) { cert = FindSigningCert(certHandle, signCrl, certNickName); if (cert == NULL) { + rv = SECFailure; goto loser; } } @@ -721,8 +723,10 @@ GenerateCRL (CERTCertDBHandle *certHandle, char *certNickName, outFileName); } signCrl = CreateNewCrl(arena, certHandle, cert); - if (!signCrl) + if (!signCrl) { + rv = SECFailure; goto loser; + } } rv = UpdateCrl(signCrl, inCrlInitFile); diff --git a/cmd/crmftest/testcrmf.c b/cmd/crmftest/testcrmf.c index ce3d7cfb9..a1343436e 100644 --- a/cmd/crmftest/testcrmf.c +++ b/cmd/crmftest/testcrmf.c @@ -127,13 +127,17 @@ debug_test(SECItem *src, char *filePath) SECStatus get_serial_number(long *dest) { - SECStatus rv; + SECStatus rv; - if (dest == NULL) { + if (dest == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; - } + } rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long)); + if (rv != SECSuccess) { + /* PK11_GenerateRandom calls PORT_SetError */ + return SECFailure; + } /* make serial number positive */ if (*dest < 0L) *dest = - *dest; @@ -937,18 +941,6 @@ DoCMMFStuff(void) return rv; } -static CK_MECHANISM_TYPE -mapWrapKeyType(KeyType keyType) -{ - switch (keyType) { - case rsaKey: - return CKM_RSA_PKCS; - default: - break; - } - return CKM_INVALID_MECHANISM; -} - #define KNOWN_MESSAGE_LENGTH 20 /*160 bits*/ int @@ -1533,10 +1525,6 @@ main(int argc, char **argv) PRUint32 flags = 0; SECStatus rv; PRBool nssInit = PR_FALSE; - PRBool pArg = PR_FALSE; - PRBool eArg = PR_FALSE; - PRBool sArg = PR_FALSE; - PRBool PArg = PR_FALSE; memset( &signPair, 0, sizeof signPair); memset( &cryptPair, 0, sizeof cryptPair); @@ -1559,7 +1547,6 @@ main(int argc, char **argv) printf ("-p failed\n"); return 603; } - pArg = PR_TRUE; break; case 'e': recoveryEncrypter = PORT_Strdup(optstate->value); @@ -1567,7 +1554,6 @@ main(int argc, char **argv) printf ("-e failed\n"); return 602; } - eArg = PR_TRUE; break; case 's': caCertName = PORT_Strdup(optstate->value); @@ -1575,7 +1561,6 @@ main(int argc, char **argv) printf ("-s failed\n"); return 604; } - sArg = PR_TRUE; break; case 'P': password = PORT_Strdup(optstate->value); @@ -1585,7 +1570,6 @@ main(int argc, char **argv) } pwdata.source = PW_PLAINTEXT; pwdata.data = password; - PArg = PR_TRUE; break; case 'f': pwfile = PORT_Strdup(optstate->value); diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c index cdd6b1aa5..1561e7377 100644 --- a/cmd/fipstest/fipstest.c +++ b/cmd/fipstest/fipstest.c @@ -288,7 +288,7 @@ tdea_kat_mmt(char *reqfn) FILE *req; /* input stream from the REQUEST file */ FILE *resp; /* output stream to the RESPONSE file */ int i, j; - int mode; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ + int mode = NSS_DES_EDE3; /* NSS_DES_EDE3 (ECB) or NSS_DES_EDE3_CBC */ int crypt = DECRYPT; /* 1 means encrypt, 0 means decrypt */ unsigned char key[24]; /* TDEA 3 key bundle */ unsigned int numKeys = 0; @@ -997,10 +997,10 @@ aes_kat_mmt(char *reqfn) FILE *aesreq; /* input stream from the REQUEST file */ FILE *aesresp; /* output stream to the RESPONSE file */ int i, j; - int mode; /* NSS_AES (ECB) or NSS_AES_CBC */ + int mode = NSS_AES; /* NSS_AES (ECB) or NSS_AES_CBC */ int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char iv[16]; /* for all modes except ECB */ unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen; @@ -1197,7 +1197,7 @@ aes_ecb_mct(char *reqfn) int i, j; int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char plaintext[16]; /* PT[j] */ unsigned char plaintext_1[16]; /* PT[j-1] */ unsigned char ciphertext[16]; /* CT[j] */ @@ -1480,7 +1480,7 @@ aes_cbc_mct(char *reqfn) int i, j; int encrypt = 0; /* 1 means encrypt, 0 means decrypt */ unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 0; unsigned char iv[16]; unsigned char plaintext[16]; /* PT[j] */ unsigned char plaintext_1[16]; /* PT[j-1] */ @@ -2103,7 +2103,7 @@ ecdsa_pkv_test(char *reqfn) ECParams *ecparams = NULL; SECItem pubkey; unsigned int i; - unsigned int len; + unsigned int len = 0; PRBool keyvalid = PR_TRUE; ecdsareq = fopen(reqfn, "r"); @@ -2360,10 +2360,10 @@ ecdsa_sigver_test(char *reqfn) char curve[16]; /* "nistxddd" */ ECPublicKey ecpub; unsigned int i, j; - unsigned int flen; /* length in bytes of the field size */ - unsigned int olen; /* length in bytes of the base point order */ + unsigned int flen = 0; /* length in bytes of the field size */ + unsigned int olen = 0; /* length in bytes of the base point order */ unsigned char msg[512]; /* message that was signed (<= 128 bytes) */ - unsigned int msglen; + unsigned int msglen = 0; unsigned char sha1[20]; /* SHA-1 hash (160 bits) */ unsigned char sig[2*MAX_ECKEY_LEN]; SECItem signature, digest; @@ -2532,43 +2532,6 @@ loser: } #endif /* NSS_DISABLE_ECC */ - -/* - * Read a value from the test and allocate the result. - */ -static unsigned char * -alloc_value(char *buf, int *len) -{ - unsigned char * value; - int i, count; - - if (strncmp(buf, "<None>", 6) == 0) { - *len = 0; - return NULL; - } - - /* find the length of the number */ - for (count = 0; isxdigit(buf[count]); count++); - *len = count/2; - - if (*len == 0) { - return NULL; - } - - value = PORT_Alloc(*len); - if (!value) { - *len = 0; - return NULL; - } - - for (i=0; i<*len; buf+=2 , i++) { - hex_to_byteval(buf, &value[i]); - } - - - return value; -} - PRBool isblankline(char *b) { @@ -2599,7 +2562,9 @@ drbg(char *reqfn) FILE *rngresp; /* output stream to the RESPONSE file */ unsigned int i, j; +#if 0 PRBool predictionResistance = PR_FALSE; +#endif unsigned char *nonce = NULL; int nonceLen = 0; unsigned char *personalizationString = NULL; @@ -2722,11 +2687,12 @@ drbg(char *reqfn) continue; } +#if 0 /* currently unsupported */ if (strncmp(buf, "[PredictionResistance", 21) == 0) { i = 21; while (isspace(buf[i]) || buf[i] == '=') { i++; - } + } if (strncmp(buf, "False", 5) == 0) { predictionResistance = PR_FALSE; } else { @@ -2736,6 +2702,7 @@ drbg(char *reqfn) fputs(buf, rngresp); continue; } +#endif if (strncmp(buf, "[EntropyInputLen", 16) == 0) { if (entropyInput) { @@ -2990,7 +2957,7 @@ rng_vst(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[DSA1_SIGNATURE_LEN]; @@ -3113,7 +3080,7 @@ rng_mct(char *reqfn) unsigned int i, j; unsigned char Q[DSA1_SUBPRIME_LEN]; PRBool hasQ = PR_FALSE; - unsigned int b; /* 160 <= b <= 512, b is a multiple of 8 */ + unsigned int b = 0; /* 160 <= b <= 512, b is a multiple of 8 */ unsigned char XKey[512/8]; unsigned char XSeed[512/8]; unsigned char GENX[2*SHA1_LENGTH]; @@ -3416,8 +3383,8 @@ SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp) void sha_test(char *reqfn) { unsigned int i, j; - unsigned int MDlen; /* the length of the Message Digest in Bytes */ - unsigned int msgLen; /* the length of the input Message in Bytes */ + unsigned int MDlen = 0; /* the length of the Message Digest in Bytes */ + unsigned int msgLen = 0; /* the length of the input Message in Bytes */ unsigned char *msg = NULL; /* holds the message to digest.*/ size_t bufSize = 25608; /*MAX buffer size */ char *buf = NULL; /* holds one line from the input REQUEST file.*/ @@ -3594,18 +3561,18 @@ void hmac_test(char *reqfn) unsigned int i, j; size_t bufSize = 400; /* MAX buffer size */ char *buf = NULL; /* holds one line from the input REQUEST file.*/ - unsigned int keyLen; /* Key Length */ + unsigned int keyLen = 0; /* Key Length */ unsigned char key[200]; /* key MAX size = 184 */ unsigned int msgLen = 128; /* the length of the input */ /* Message is always 128 Bytes */ unsigned char *msg = NULL; /* holds the message to digest.*/ - unsigned int HMACLen; /* the length of the HMAC Bytes */ - unsigned int TLen; /* the length of the requested */ + unsigned int HMACLen = 0; /* the length of the HMAC Bytes */ + unsigned int TLen = 0; /* the length of the requested */ /* truncated HMAC Bytes */ unsigned char HMAC[HASH_LENGTH_MAX]; /* computed HMAC */ unsigned char expectedHMAC[HASH_LENGTH_MAX]; /* for .fax files that have */ /* supplied known answer */ - HASH_HashType hash_alg; /* HMAC type */ + HASH_HashType hash_alg = HASH_AlgNULL; /* HMAC type */ FILE *req = NULL; /* input stream from the REQUEST file */ @@ -3901,7 +3868,7 @@ dsa_pqgver_test(char *reqfn) unsigned int i, j; PQGParams pqg; PQGVerify vfy; - unsigned int pghSize; /* size for p, g, and h */ + unsigned int pghSize = 0; /* size for p, g, and h */ dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); @@ -4234,7 +4201,7 @@ dsa_pqggen_test(char *reqfn) unsigned int j; PQGParams *pqg = NULL; PQGVerify *vfy = NULL; - unsigned int keySizeIndex; + unsigned int keySizeIndex = 0; dsa_pqg_type type = FIPS186_1; dsareq = fopen(reqfn, "r"); diff --git a/cmd/httpserv/httpserv.c b/cmd/httpserv/httpserv.c index 875b62bbd..b01da4b8f 100644 --- a/cmd/httpserv/httpserv.c +++ b/cmd/httpserv/httpserv.c @@ -339,7 +339,6 @@ static enum { static const char stopCmd[] = { "GET /stop " }; static const char getCmd[] = { "GET " }; -static const char EOFmsg[] = { "EOF\r\n\r\n\r\n" }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Generic Web Server\r\n" @@ -712,8 +711,8 @@ handle_connection( /* else good status response */ if (!isPost && ocspMethodsAllowed == ocspGetUnknown) { unknown = PR_TRUE; - nextUpdate = PR_Now() + 60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ - revoDate = PR_Now() - 60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ + nextUpdate = PR_Now() + (PRTime)60*60*24 * PR_USEC_PER_SEC; /*tomorrow*/ + revoDate = PR_Now() - (PRTime)60*60*24 * PR_USEC_PER_SEC; /*yesterday*/ } } } diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c index 94c28f59a..77b70b1e6 100644 --- a/cmd/lib/basicutil.c +++ b/cmd/lib/basicutil.c @@ -684,7 +684,7 @@ static unsigned char nibble(char c) { SECStatus SECU_SECItemHexStringToBinary(SECItem* srcdest) { - int i; + unsigned int i; if (!srcdest) { PORT_SetError(SEC_ERROR_INVALID_ARGS); diff --git a/cmd/lib/derprint.c b/cmd/lib/derprint.c index b4eb0ffb4..75811df3f 100644 --- a/cmd/lib/derprint.c +++ b/cmd/lib/derprint.c @@ -446,7 +446,7 @@ prettyPrintLength(FILE *out, const unsigned char *data, const unsigned char *end } lenLen = nb + 1; if (raw) { - int i; + unsigned int i; rv = prettyPrintByte(out, lbyte, lv); if (rv < 0) diff --git a/cmd/lib/pk11table.c b/cmd/lib/pk11table.c index d979835a0..f76dafe81 100644 --- a/cmd/lib/pk11table.c +++ b/cmd/lib/pk11table.c @@ -577,7 +577,7 @@ const Constant _consts[] = { }; const Constant *consts = &_consts[0]; -const int constCount = sizeof(_consts)/sizeof(_consts[0]); +const unsigned int constCount = sizeof(_consts)/sizeof(_consts[0]); const Commands _commands[] = { {"C_Initialize", F_C_Initialize, @@ -1389,7 +1389,7 @@ const int topicCount = sizeof(_topics) / sizeof(_topics[0]); const char * getName(CK_ULONG value, ConstType type) { - int i; + unsigned int i; for (i=0; i < constCount; i++) { if (consts[i].type == type && consts[i].value == value) { @@ -1409,9 +1409,9 @@ getNameFromAttribute(CK_ATTRIBUTE_TYPE type) return getName(type, ConstAttribute); } -int totalKnownType(ConstType type) { - int count = 0; - int i; +unsigned int totalKnownType(ConstType type) { + unsigned int count = 0; + unsigned int i; for (i=0; i < constCount; i++) { if (consts[i].type == type) count++; diff --git a/cmd/lib/pk11table.h b/cmd/lib/pk11table.h index cdc4325fc..0c4052ece 100644 --- a/cmd/lib/pk11table.h +++ b/cmd/lib/pk11table.h @@ -162,7 +162,7 @@ extern const int valueCount; extern const char **constTypeString; extern const int constTypeCount; extern const Constant *consts; -extern const int constCount; +extern const unsigned int constCount; extern const Commands *commands; extern const int commandCount; extern const Topics *topics; @@ -174,7 +174,7 @@ getName(CK_ULONG value, ConstType type); extern const char * getNameFromAttribute(CK_ATTRIBUTE_TYPE type); -extern int totalKnownType(ConstType type); +extern unsigned int totalKnownType(ConstType type); #endif /* _PK11_TABLE_H_ */ diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c index 97331c9c2..92f64f75c 100644 --- a/cmd/lib/secutil.c +++ b/cmd/lib/secutil.c @@ -375,7 +375,8 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, PR_fprintf(PR_STDERR, "Invalid password.\n"); PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - return SECFailure; + rv = SECFailure; + goto done; } } else break; @@ -385,20 +386,22 @@ SECU_ChangePW2(PK11SlotInfo *slot, char *oldPass, char *newPass, newpw = secu_InitSlotPassword(slot, PR_FALSE, &newpwdata); - if (PK11_ChangePW(slot, oldpw, newpw) != SECSuccess) { + rv = PK11_ChangePW(slot, oldpw, newpw); + if (rv != SECSuccess) { PR_fprintf(PR_STDERR, "Failed to change password.\n"); - return SECFailure; + } else { + PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); } PORT_Memset(oldpw, 0, PL_strlen(oldpw)); PORT_Free(oldpw); - PR_fprintf(PR_STDOUT, "Password changed successfully.\n"); - done: - PORT_Memset(newpw, 0, PL_strlen(newpw)); - PORT_Free(newpw); - return SECSuccess; + if (newpw) { + PORT_Memset(newpw, 0, PL_strlen(newpw)); + PORT_Free(newpw); + } + return rv; } struct matchobj { @@ -1550,7 +1553,7 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m, fprintf(out, "Serial DER as C source: \n{ %d, \"", c->serialNumber.len); { - int i; + unsigned int i; for (i=0; i < c->serialNumber.len; ++i) { unsigned char *chardata = (unsigned char*)(c->serialNumber.data); unsigned char c = *(chardata + i); @@ -2417,7 +2420,6 @@ SECU_PrintCertificateBasicInfo(FILE *out, const SECItem *der, const char *m, int PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); CERTCertificate *c; int rv = SEC_ERROR_NO_MEMORY; - int iv; if (!arena) return rv; @@ -2743,7 +2745,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) return rv; } @@ -2862,7 +2864,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, while ((aCert = src->rawCerts[iv++]) != NULL) { sprintf(om, "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) return rv; } @@ -3192,7 +3194,7 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert, data.len = cert->derCert.len; rv = SECU_PrintSignedData(stdout, &data, label, 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); if (rv) { return(SECFailure); } @@ -3283,7 +3285,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, errstr = NULL; switch (node->error) { case SEC_ERROR_INADEQUATE_KEY_USAGE: - flags = (unsigned int)node->arg; + flags = (unsigned int)((char *)node->arg - (char *)NULL); switch (flags) { case KU_DIGITAL_SIGNATURE: errstr = "Cert cannot sign."; @@ -3299,7 +3301,7 @@ SECU_displayVerifyLog(FILE *outfile, CERTVerifyLog *log, break; } case SEC_ERROR_INADEQUATE_CERT_TYPE: - flags = (unsigned int)node->arg; + flags = (unsigned int)((char *)node->arg - (char *)NULL); switch (flags) { case NS_CERT_TYPE_SSL_CLIENT: case NS_CERT_TYPE_SSL_SERVER: diff --git a/cmd/modutil/error.h b/cmd/modutil/error.h index 36ed5a4eb..ba42264b5 100644 --- a/cmd/modutil/error.h +++ b/cmd/modutil/error.h @@ -133,25 +133,7 @@ typedef enum { LAST_MSG /* must be last */ } Message; -static char *msgStrings[] = { - "FIPS mode enabled.\n", - "FIPS mode disabled.\n", - "Using database directory %s...\n", - "Creating \"%s\"...", - "Module \"%s\" added to database.\n", - "Module \"%s\" deleted from database.\n", - "Token \"%s\" password changed successfully.\n", - "Incorrect password, try again...\n", - "Passwords do not match, try again...\n", - "done.\n", - "Slot \"%s\" %s.\n", - "Successfully changed defaults.\n", - "Successfully changed defaults.\n", -"\nWARNING: Performing this operation while the browser is running could cause" -"\ncorruption of your security databases. If the browser is currently running," -"\nyou should exit browser before continuing this operation. Type " -"\n'q <enter>' to abort, or <enter> to continue: ", - "\nAborting...\n" -}; +/* defined in modutil.c */ +extern char *msgStrings[]; #endif /* MODUTIL_ERROR_H */ diff --git a/cmd/modutil/installparse.c b/cmd/modutil/installparse.c index e23bbcc98..3691c6388 100644 --- a/cmd/modutil/installparse.c +++ b/cmd/modutil/installparse.c @@ -203,7 +203,7 @@ yyparse() register char *yys; extern char *getenv(); - if (yys = getenv("YYDEBUG")) + if ((yys = getenv("YYDEBUG")) != NULL) { yyn = *yys; if (yyn >= '0' && yyn <= '9') @@ -220,7 +220,7 @@ yyparse() *yyssp = yystate = 0; yyloop: - if (yyn = yydefred[yystate]) goto yyreduce; + if ((yyn = yydefred[yystate]) != 0) goto yyreduce; if (yychar < 0) { if ((yychar = yylex()) < 0) yychar = 0; diff --git a/cmd/modutil/lex.Pk11Install_yy.c b/cmd/modutil/lex.Pk11Install_yy.c index 59d9bb597..4533e0c76 100644 --- a/cmd/modutil/lex.Pk11Install_yy.c +++ b/cmd/modutil/lex.Pk11Install_yy.c @@ -1100,6 +1100,7 @@ register char *yy_bp; #endif /* ifndef YY_NO_UNPUT */ +#ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput() #else @@ -1171,6 +1172,7 @@ static int input() return c; } +#endif /* ifndef YY_NO_INPUT */ #ifdef YY_USE_PROTOS diff --git a/cmd/modutil/manifest.mn b/cmd/modutil/manifest.mn index 9929a8059..a92ca68c1 100644 --- a/cmd/modutil/manifest.mn +++ b/cmd/modutil/manifest.mn @@ -24,7 +24,7 @@ PROGRAM = modutil REQUIRES = seccmd nss dbm -DEFINES = -DNSPR20 +DEFINES = -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT # sigh #INCLUDES += -I$(CORE_DEPTH)/nss/lib/pk11wrap diff --git a/cmd/modutil/modutil.c b/cmd/modutil/modutil.c index ba07bba4f..64212024f 100644 --- a/cmd/modutil/modutil.c +++ b/cmd/modutil/modutil.c @@ -122,6 +122,27 @@ static char *optionStrings[] = { "-chkfips", }; +char *msgStrings[] = { + "FIPS mode enabled.\n", + "FIPS mode disabled.\n", + "Using database directory %s...\n", + "Creating \"%s\"...", + "Module \"%s\" added to database.\n", + "Module \"%s\" deleted from database.\n", + "Token \"%s\" password changed successfully.\n", + "Incorrect password, try again...\n", + "Passwords do not match, try again...\n", + "done.\n", + "Slot \"%s\" %s.\n", + "Successfully changed defaults.\n", + "Successfully changed defaults.\n", +"\nWARNING: Performing this operation while the browser is running could cause" +"\ncorruption of your security databases. If the browser is currently running," +"\nyou should exit browser before continuing this operation. Type " +"\n'q <enter>' to abort, or <enter> to continue: ", + "\nAborting...\n" +}; + /* Increment i if doing so would have i still be less than j. If you are able to do this, return 0. Otherwise return 1. */ #define TRY_INC(i,j) ( ((i+1)<j) ? (++i, 0) : 1 ) diff --git a/cmd/multinit/multinit.c b/cmd/multinit/multinit.c index e2ba4cca6..32c3eb401 100644 --- a/cmd/multinit/multinit.c +++ b/cmd/multinit/multinit.c @@ -314,27 +314,6 @@ appendHex(unsigned char nibble) } /* - * append a secitem as colon separated hex bytes. - */ -static void -appendItem(SECItem *item) -{ - int i; - - if (!buffer.data) { - return; - } - - appendLabel(':'); - for (i=0; i < item->len; i++) { - unsigned char byte=item->data[i]; - appendHex(byte >> 4); - appendHex(byte & 0xf); - appendLabel(':'); - } -} - -/* * append a 32 bit integer (even on a 64 bit platform). * for simplicity append it as a hex value, full extension with 0x prefix. */ @@ -493,7 +472,7 @@ do_list_certs(const char *progName, int log) CERTCertList *sorted; CERTCertListNode *node; CERTCertTrust trust; - int i; + unsigned int i; list = PK11_ListCerts(PK11CertListUnique, NULL); if (list == NULL) { diff --git a/cmd/ocspclnt/ocspclnt.c b/cmd/ocspclnt/ocspclnt.c index e302bb5b8..edf146a21 100644 --- a/cmd/ocspclnt/ocspclnt.c +++ b/cmd/ocspclnt/ocspclnt.c @@ -562,7 +562,7 @@ print_raw_certificates (FILE *out_file, SECItem **raw_certs, int level) while ((raw_cert = raw_certs[i++]) != NULL) { sprintf (cert_label, "Certificate (%d)", i); (void) SECU_PrintSignedData (out_file, raw_cert, cert_label, level + 1, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); } } @@ -964,7 +964,7 @@ main (int argc, char **argv) PLOptState *optstate; SECStatus rv; CERTCertDBHandle *handle = NULL; - SECCertUsage cert_usage; + SECCertUsage cert_usage = certUsageSSLClient; PRTime verify_time; CERTCertificate *cert = NULL; PRBool ascii = PR_FALSE; diff --git a/cmd/ocspresp/ocspresp.c b/cmd/ocspresp/ocspresp.c index 3e9774714..cbc826929 100644 --- a/cmd/ocspresp/ocspresp.c +++ b/cmd/ocspresp/ocspresp.c @@ -129,15 +129,12 @@ main(int argc, char **argv) SECItem *encoded = NULL; CERTOCSPResponse *decoded = NULL; - SECStatus statusDecoded; SECItem *encodedRev = NULL; CERTOCSPResponse *decodedRev = NULL; - SECStatus statusDecodedRev; SECItem *encodedFail = NULL; CERTOCSPResponse *decodedFail = NULL; - SECStatus statusDecodedFail; CERTCertificate *obtainedSignerCert = NULL; @@ -181,40 +178,47 @@ main(int argc, char **argv) encoded = encode(arena, cid, caCert); PORT_Assert(encoded); decoded = CERT_DecodeOCSPResponse(encoded); - statusDecoded = CERT_GetOCSPResponseStatus(decoded); - PORT_Assert(statusDecoded == SECSuccess); - - statusDecoded = CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, - &obtainedSignerCert, caCert); - PORT_Assert(statusDecoded == SECSuccess); - statusDecoded = CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, - obtainedSignerCert, now); - PORT_Assert(statusDecoded == SECSuccess); + PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decoded)); + + PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decoded, certHandle, &pwdata, + &obtainedSignerCert, caCert)); + PORT_CheckSuccess(CERT_GetOCSPStatusForCertID(certHandle, decoded, cid, + obtainedSignerCert, now)); CERT_DestroyCertificate(obtainedSignerCert); encodedRev = encodeRevoked(arena, cid, caCert); PORT_Assert(encodedRev); decodedRev = CERT_DecodeOCSPResponse(encodedRev); - statusDecodedRev = CERT_GetOCSPResponseStatus(decodedRev); - PORT_Assert(statusDecodedRev == SECSuccess); + PORT_CheckSuccess(CERT_GetOCSPResponseStatus(decodedRev)); - statusDecodedRev = CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, - &obtainedSignerCert, caCert); - PORT_Assert(statusDecodedRev == SECSuccess); - statusDecodedRev = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + PORT_CheckSuccess(CERT_VerifyOCSPResponseSignature(decodedRev, certHandle, &pwdata, + &obtainedSignerCert, caCert)); +#ifdef DEBUG + { + SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, obtainedSignerCert, now); - PORT_Assert(statusDecodedRev == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); + PORT_Assert(rv == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE); + } +#else + (void)CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid, + obtainedSignerCert, now); +#endif CERT_DestroyCertificate(obtainedSignerCert); encodedFail = CERT_CreateEncodedOCSPErrorResponse( arena, SEC_ERROR_OCSP_TRY_SERVER_LATER); PORT_Assert(encodedFail); decodedFail = CERT_DecodeOCSPResponse(encodedFail); - statusDecodedFail = CERT_GetOCSPResponseStatus(decodedFail); - PORT_Assert(statusDecodedFail == SECFailure); - PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); - +#ifdef DEBUG + { + SECStatus rv = CERT_GetOCSPResponseStatus(decodedFail); + PORT_Assert(rv == SECFailure); + PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER); + } +#else + (void)CERT_GetOCSPResponseStatus(decodedFail); +#endif retval = 0; loser: if (retval != 0) diff --git a/cmd/oidcalc/oidcalc.c b/cmd/oidcalc/oidcalc.c index 39d300e36..c767099a4 100644 --- a/cmd/oidcalc/oidcalc.c +++ b/cmd/oidcalc/oidcalc.c @@ -44,13 +44,13 @@ main(int argc, char **argv) secondval = atoi(curstr); - if ( ( firstval < 0 ) || ( firstval > 2 ) ) { + if ( firstval > 2 ) { fprintf(stderr, "first component out of range\n"); exit(-1); } - if ( ( secondval < 0 ) || ( secondval > 39 ) ) { + if ( secondval > 39 ) { fprintf(stderr, "second component out of range\n"); exit(-1); } diff --git a/cmd/p7env/p7env.c b/cmd/p7env/p7env.c index 01b35df94..338f9cf30 100644 --- a/cmd/p7env/p7env.c +++ b/cmd/p7env/p7env.c @@ -130,7 +130,6 @@ main(int argc, char **argv) { char *progName; FILE *inFile, *outFile; - char *certName; CERTCertDBHandle *certHandle; struct recipient *recipients, *rcpt; PLOptState *optstate; @@ -142,7 +141,6 @@ main(int argc, char **argv) inFile = NULL; outFile = NULL; - certName = NULL; recipients = NULL; rcpt = NULL; diff --git a/cmd/pk11gcmtest/pk11gcmtest.c b/cmd/pk11gcmtest/pk11gcmtest.c index 35e08ef68..63f4b330b 100644 --- a/cmd/pk11gcmtest/pk11gcmtest.c +++ b/cmd/pk11gcmtest/pk11gcmtest.c @@ -166,22 +166,22 @@ aes_gcm_kat(const char *respfn) FILE *aesresp; /* input stream from the RESPONSE file */ int i, j; unsigned int test_group = 0; - unsigned int num_tests; + unsigned int num_tests = 0; PRBool is_encrypt; unsigned char key[32]; /* 128, 192, or 256 bits */ - unsigned int keysize; + unsigned int keysize = 16; unsigned char iv[10*16]; /* 1 to 10 blocks */ - unsigned int ivsize; + unsigned int ivsize = 12; unsigned char plaintext[10*16]; /* 1 to 10 blocks */ unsigned int plaintextlen = 0; unsigned char aad[10*16]; /* 1 to 10 blocks */ unsigned int aadlen = 0; unsigned char ciphertext[10*16]; /* 1 to 10 blocks */ - unsigned int ciphertextlen; + unsigned int ciphertextlen = 0; unsigned char tag[16]; - unsigned int tagsize; + unsigned int tagsize = 16; unsigned char output[10*16]; /* 1 to 10 blocks */ - unsigned int outputlen; + unsigned int outputlen = 0; unsigned int expected_keylen = 0; unsigned int expected_ivlen = 0; diff --git a/cmd/pk11mode/pk11mode.c b/cmd/pk11mode/pk11mode.c index a9f89f31a..ce89945a8 100644 --- a/cmd/pk11mode/pk11mode.c +++ b/cmd/pk11mode/pk11mode.c @@ -3506,8 +3506,8 @@ CK_RV PKM_FindAllObjects(CK_FUNCTION_LIST_PTR pFunctionList, CK_ATTRIBUTE_PTR pTemplate; CK_ULONG tnObjects = 0; int curMode; - int i; - int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); + unsigned int i; + unsigned int number_of_all_known_attribute_types = totalKnownType(ConstAttribute); NUMTESTS++; /* increment NUMTESTS */ @@ -4558,7 +4558,7 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, CK_SESSION_HANDLE hSession; CK_RV crv; CK_MECHANISM mk_mech; - CK_VERSION expected_version, version; + CK_VERSION version; CK_OBJECT_CLASS class = CKO_SECRET_KEY; CK_KEY_TYPE type = CKK_GENERIC_SECRET; CK_BBOOL derive_bool = true; @@ -4625,8 +4625,6 @@ PKM_TLSMasterKeyDerive( CK_FUNCTION_LIST_PTR pFunctionList, case CKM_TLS_MASTER_KEY_DERIVE: attrs[3].pValue = NULL; attrs[3].ulValueLen = 0; - expected_version.major = 3; - expected_version.minor = 1; mkd_params.RandomInfo.pClientRandom = (unsigned char * ) TLSClientRandom; mkd_params.RandomInfo.ulClientRandomLen = diff --git a/cmd/pk12util/pk12util.c b/cmd/pk12util/pk12util.c index 7b0467f23..398c0f843 100644 --- a/cmd/pk12util/pk12util.c +++ b/cmd/pk12util/pk12util.c @@ -756,7 +756,7 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot, } else if (SECU_PrintSignedData(stdout, dip->der, (dip->hasKey) ? "(has private key)" : "", - 0, SECU_PrintCertificate) != 0) { + 0, (SECU_PPFunc)SECU_PrintCertificate) != 0) { SECU_PrintError(progName,"PKCS12 print cert bag failed"); } if (dip->friendlyName != NULL) { diff --git a/cmd/pk1sign/pk1sign.c b/cmd/pk1sign/pk1sign.c index 5750cdb2d..5f58f8c78 100644 --- a/cmd/pk1sign/pk1sign.c +++ b/cmd/pk1sign/pk1sign.c @@ -175,7 +175,7 @@ main(int argc, char **argv) PRFileDesc *inFile; char *keyName = NULL; CERTCertDBHandle *certHandle; - CERTCertificate *cert; + CERTCertificate *cert = NULL; PLOptState *optstate; PLOptStatus status; SECStatus rv; diff --git a/cmd/pp/pp.c b/cmd/pp/pp.c index 31e766112..73bf0764e 100644 --- a/cmd/pp/pp.c +++ b/cmd/pp/pp.c @@ -136,7 +136,7 @@ int main(int argc, char **argv) if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE) == 0 || PORT_Strcmp(typeTag, "c") == 0) { rv = SECU_PrintSignedData(outFile, &data, "Certificate", 0, - SECU_PrintCertificate); + (SECU_PPFunc)SECU_PrintCertificate); } else if (PORT_Strcmp(typeTag, SEC_CT_CERTIFICATE_ID) == 0 || PORT_Strcmp(typeTag, "ci") == 0) { rv = SECU_PrintSignedContent(outFile, &data, 0, 0, diff --git a/cmd/sdrtest/sdrtest.c b/cmd/sdrtest/sdrtest.c index 5740876d5..ba6350624 100644 --- a/cmd/sdrtest/sdrtest.c +++ b/cmd/sdrtest/sdrtest.c @@ -71,9 +71,9 @@ long_usage (char *program_name) int readStdin(SECItem * result) { - int bufsize = 0; + unsigned int bufsize = 0; int cc; - int wanted = 8192; + unsigned int wanted = 8192U; result->len = 0; result->data = NULL; diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index a3be7022c..9509892d3 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -502,8 +502,8 @@ mySSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr, pwdata = SSL_RevealPinArg(fd); - for (;current && i < sniNameArrSize;i++) { - int j = 0; + for (;current && (PRUint32)i < sniNameArrSize;i++) { + unsigned int j = 0; for (;j < MAX_VIRT_SERVER_NAME_ARRAY_INDEX && nameArr[j];j++) { if (!PORT_Strncmp(nameArr[j], (const char *)current[i].data, @@ -1129,7 +1129,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, SECItemArray *result = NULL; SECItem *ocspResponse = NULL; CERTOCSPSingleResponse **singleResponses; - CERTOCSPSingleResponse *sr; + CERTOCSPSingleResponse *sr = NULL; CERTOCSPCertID *cid = NULL; CERTCertificate *ca; PRTime now = PR_Now(); @@ -1145,7 +1145,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, if (!cid) errExit("cannot created cid"); - nextUpdate = now + 60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ + nextUpdate = now + (PRTime)60*60*24 * PR_USEC_PER_SEC; /* plus 1 day */ switch (osm) { case osm_good: @@ -1160,7 +1160,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm, case osm_revoked: sr = CERT_CreateOCSPSingleResponseRevoked(arena, cid, now, &nextUpdate, - now - 60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ + now - (PRTime)60*60*24 * PR_USEC_PER_SEC, /* minus 1 day */ NULL); break; default: diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c index cc8a546f5..0a4edc113 100644 --- a/cmd/shlibsign/shlibsign.c +++ b/cmd/shlibsign/shlibsign.c @@ -707,7 +707,7 @@ int main(int argc, char **argv) int bytesWritten; unsigned char file_buf[512]; int count=0; - int keySize = 0; + unsigned int keySize = 0; int i; PRBool verify = PR_FALSE; static PRBool FIPSMODE = PR_FALSE; diff --git a/cmd/signtool/certgen.c b/cmd/signtool/certgen.c index 92c33fdb9..0f7c596dd 100644 --- a/cmd/signtool/certgen.c +++ b/cmd/signtool/certgen.c @@ -420,7 +420,6 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) SECItem der2; SECItem * result2; - void *dummy; SECOidTag alg = SEC_OID_UNKNOWN; alg = SEC_GetSignatureAlgorithmOidTag(privk->keyType, SEC_OID_UNKNOWN); @@ -440,7 +439,7 @@ sign_cert(CERTCertificate *cert, SECKEYPrivateKey *privk) der2.len = 0; der2.data = NULL; - dummy = SEC_ASN1EncodeItem + (void)SEC_ASN1EncodeItem (cert->arena, &der2, cert, SEC_ASN1_GET(CERT_CertificateTemplate)); if (rv != SECSuccess) { diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c index 74a208e5e..73568d1ba 100644 --- a/cmd/signtool/util.c +++ b/cmd/signtool/util.c @@ -16,9 +16,11 @@ static int is_dir (char *filename); long *mozilla_event_queue = 0; #ifndef XP_WIN -char *XP_GetString (int i) +char *XP_GetString (int i) { - return SECU_Strerror (i); + /* nasty hackish cast to avoid changing the signature of + * JAR_init_callbacks() */ + return (char *)SECU_Strerror (i); } #endif diff --git a/cmd/ssltap/ssltap.c b/cmd/ssltap/ssltap.c index 170420a6f..8ea465ef3 100644 --- a/cmd/ssltap/ssltap.c +++ b/cmd/ssltap/ssltap.c @@ -41,12 +41,12 @@ struct _DataBuffer; typedef struct _DataBufferList { struct _DataBuffer *first,*last; - int size; + unsigned int size; int isEncrypted; unsigned char * msgBuf; - int msgBufOffset; - int msgBufSize; - int hMACsize; + unsigned int msgBufOffset; + unsigned int msgBufSize; + unsigned int hMACsize; } DataBufferList; typedef struct _DataBuffer { @@ -566,7 +566,7 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor (PRUint32)(GET_SHORT((chv2->rndlength))), (PRUint32)(GET_SHORT((chv2->rndlength)))); PR_fprintf(PR_STDOUT," cipher-suites = { \n"); - for (p=0;p<GET_SHORT((chv2->cslength));p+=3) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->cslength));p+=3) { PRUint32 cs_int = GET_24((&chv2->csuites[p])); const char *cs_str = V2CipherString(cs_int); @@ -575,17 +575,17 @@ void print_sslv2(DataBufferList *s, unsigned char *recordBuf, unsigned int recor } q = p; PR_fprintf(PR_STDOUT," }\n"); - if (chv2->sidlength) { + if (GET_SHORT((chv2->sidlength))) { PR_fprintf(PR_STDOUT," session-id = { "); - for (p=0;p<GET_SHORT((chv2->sidlength));p+=2) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->sidlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } } q += p; PR_fprintf(PR_STDOUT,"}\n"); - if (chv2->rndlength) { + if (GET_SHORT((chv2->rndlength))) { PR_fprintf(PR_STDOUT," challenge = { "); - for (p=0;p<GET_SHORT((chv2->rndlength));p+=2) { + for (p=0;p<(PRUint32)GET_SHORT((chv2->rndlength));p+=2) { PR_fprintf(PR_STDOUT,"0x%04x ",(PRUint32)(GET_SHORT((&chv2->csuites[p+q])))); } PR_fprintf(PR_STDOUT,"}\n"); @@ -978,7 +978,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, { struct sslhandshake sslh; unsigned char * hsdata; - int offset=0; + unsigned int offset=0; PR_fprintf(PR_STDOUT," handshake {\n"); @@ -1365,7 +1365,7 @@ void print_ssl3_handshake(unsigned char *recordBuf, offset += sslh.length + 4; } /* while */ if (offset < recordLen) { /* stuff left over */ - int newMsgLen = recordLen - offset; + unsigned int newMsgLen = recordLen - offset; if (!s->msgBuf) { s->msgBuf = PORT_Alloc(newMsgLen); if (!s->msgBuf) { diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c index 43d121e27..f4825050f 100644 --- a/cmd/strsclnt/strsclnt.c +++ b/cmd/strsclnt/strsclnt.c @@ -498,7 +498,6 @@ init_thread_data(void) PRBool useModelSocket = PR_TRUE; -static const char stopCmd[] = { "GET /stop " }; static const char outHeader[] = { "HTTP/1.0 200 OK\r\n" "Server: Netscape-Enterprise/2.0a\r\n" @@ -567,8 +566,8 @@ do_writes( { PRFileDesc * ssl_sock = (PRFileDesc *)a; lockedVars * lv = (lockedVars *)b; - int sent = 0; - int count = 0; + unsigned int sent = 0; + int count = 0; while (sent < bigBuf.len) { @@ -712,7 +711,7 @@ PRInt32 lastFullHandshakePeerID; void myHandshakeCallback(PRFileDesc *socket, void *arg) { - PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32) arg); + PR_ATOMIC_SET(&lastFullHandshakePeerID, (PRInt32)((char *)arg - (char *)NULL)); } #endif @@ -732,7 +731,6 @@ do_connects( PRFileDesc * tcp_sock = 0; PRStatus prStatus; PRUint32 sleepInterval = 50; /* milliseconds */ - SECStatus result; int rv = SECSuccess; PRSocketOptionData opt; @@ -839,7 +837,8 @@ retry: PR_snprintf(sockPeerIDString, sizeof(sockPeerIDString), "ID%d", thisPeerID); SSL_SetSockPeerID(ssl_sock, sockPeerIDString); - SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, (void*)thisPeerID); + SSL_HandshakeCallback(ssl_sock, myHandshakeCallback, + (char *)NULL + thisPeerID); #else /* force a full handshake by setting the no cache option */ SSL_OptionSet(ssl_sock, SSL_NO_CACHE, 1); @@ -854,9 +853,9 @@ retry: PR_ATOMIC_INCREMENT(&numConnected); if (bigBuf.data != NULL) { - result = handle_fdx_connection( ssl_sock, tid); + (void)handle_fdx_connection( ssl_sock, tid); } else { - result = handle_connection( ssl_sock, tid); + (void)handle_connection( ssl_sock, tid); } PR_ATOMIC_DECREMENT(&numConnected); diff --git a/cmd/symkeyutil/symkeyutil.c b/cmd/symkeyutil/symkeyutil.c index 05de7d873..353da711b 100644 --- a/cmd/symkeyutil/symkeyutil.c +++ b/cmd/symkeyutil/symkeyutil.c @@ -1015,8 +1015,7 @@ main(int argc, char **argv) } } if (se) { - SECStatus rv2 = PK11_FreeSlotListElement(slotList, se); - PORT_Assert(SECSuccess == rv2); + PORT_CheckSuccess(PK11_FreeSlotListElement(slotList, se)); } PK11_FreeSlotList(slotList); } diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c index 72f53badf..ddfadafd5 100644 --- a/cmd/tstclnt/tstclnt.c +++ b/cmd/tstclnt/tstclnt.c @@ -534,9 +534,9 @@ dumpServerCertificateChain(PRFileDesc *fd) return; } else if (dumpServerChain == 1) { - dumpFunction = SECU_PrintCertificateBasicInfo; + dumpFunction = (SECU_PPFunc)SECU_PrintCertificateBasicInfo; } else { - dumpFunction = SECU_PrintCertificate; + dumpFunction = (SECU_PPFunc)SECU_PrintCertificate; if (dumpServerChain > 2) { dumpCertPEM = PR_TRUE; } @@ -566,7 +566,7 @@ dumpServerCertificateChain(PRFileDesc *fd) PR_TRUE); } if (foundChain) { - int count = 0; + unsigned int count = 0; fprintf(stderr, "==== locally found issuer certificate(s): ====\n"); for(count = 0; count < (unsigned int)foundChain->len; count++) { CERTCertificate *c; @@ -619,7 +619,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (!serverCertAuth->shouldPause) { CERTCertificate *cert; - int i; + unsigned int i; const SECItemArray *csa; if (!serverCertAuth->testFreshStatusFromSideChannel) { @@ -644,8 +644,7 @@ ownAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, if (CERT_CacheOCSPResponseFromSideChannel( serverCertAuth->dbHandle, cert, PR_Now(), &csa->items[i], arg) != SECSuccess) { - PRErrorCode error = PR_GetError(); - PORT_Assert(error != 0); + PORT_Assert(PR_GetError() != 0); } } } @@ -1283,7 +1282,7 @@ int main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp; + int ctmp = 0; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/cmd/vfychain/vfychain.c b/cmd/vfychain/vfychain.c index 216fa365d..f9f1787cc 100644 --- a/cmd/vfychain/vfychain.c +++ b/cmd/vfychain/vfychain.c @@ -333,7 +333,7 @@ configureRevocationParams(CERTRevocationFlags *flags) int i; unsigned int testType = REVCONFIG_TEST_UNDEFINED; static CERTRevocationTests *revTests = NULL; - PRUint64 *revFlags; + PRUint64 *revFlags = NULL; for(i = 0;i < REV_METHOD_INDEX_MAX;i++) { if (revMethodsData[i].testType == REVCONFIG_TEST_UNDEFINED) { diff --git a/cmd/vfyserv/vfyserv.c b/cmd/vfyserv/vfyserv.c index d83fc3959..6ee22489a 100644 --- a/cmd/vfyserv/vfyserv.c +++ b/cmd/vfyserv/vfyserv.c @@ -510,7 +510,7 @@ main(int argc, char **argv) int cipher; if (ndx == ':') { - int ctmp; + int ctmp = 0; cipher = 0; HEXCHAR_TO_INT(*cipherString, ctmp) diff --git a/cmd/vfyserv/vfyutil.c b/cmd/vfyserv/vfyutil.c index 15f0d9781..686c7b13f 100644 --- a/cmd/vfyserv/vfyutil.c +++ b/cmd/vfyserv/vfyutil.c @@ -603,7 +603,7 @@ void dumpCertChain(CERTCertificate *cert, SECCertUsage usage) { CERTCertificateList *certList; - int count = 0; + unsigned int count = 0; certList = CERT_CertChainFromCert(cert, usage, PR_TRUE); if (certList == NULL) { |