summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/base/hash.c4
-rw-r--r--lib/base/list.c3
-rw-r--r--lib/base/tracker.c2
-rw-r--r--lib/certdb/certdb.c40
-rw-r--r--lib/certdb/crl.c21
-rw-r--r--lib/certdb/genname.c10
-rw-r--r--lib/certdb/secname.c8
-rw-r--r--lib/certhigh/certhigh.c7
-rw-r--r--lib/certhigh/certvfypkix.c6
-rw-r--r--lib/certhigh/ocsp.c13
-rw-r--r--lib/ckfw/builtins/binst.c6
-rw-r--r--lib/ckfw/builtins/certdata.perl1
-rw-r--r--lib/ckfw/hash.c4
-rw-r--r--lib/ckfw/token.c3
-rw-r--r--lib/crmf/cmmfchal.c3
-rw-r--r--lib/crmf/crmfcont.c16
-rw-r--r--lib/crmf/crmfi.h2
-rw-r--r--lib/crmf/crmfpop.c9
-rw-r--r--lib/crmf/crmftmpl.c29
-rw-r--r--lib/dbm/src/h_page.c17
-rw-r--r--lib/dev/devslot.c3
-rw-r--r--lib/dev/devtoken.c3
-rw-r--r--lib/freebl/cts.c2
-rw-r--r--lib/freebl/dh.c2
-rw-r--r--lib/freebl/drbg.c50
-rw-r--r--lib/freebl/dsa.c2
-rw-r--r--lib/freebl/ecl/ecl-priv.h27
-rw-r--r--lib/freebl/ecl/ecl_gf.c156
-rw-r--r--lib/freebl/ecl/ecl_mult.c4
-rw-r--r--lib/freebl/ecl/ecp_192.c112
-rw-r--r--lib/freebl/ecl/ecp_224.c160
-rw-r--r--lib/freebl/ecl/ecp_256.c297
-rw-r--r--lib/freebl/ecl/ecp_521.c2
-rw-r--r--lib/freebl/ecl/ecp_jac.c4
-rw-r--r--lib/freebl/ldvector.c7
-rw-r--r--lib/freebl/loader.c15
-rw-r--r--lib/freebl/mpi/mpcpucache.c29
-rw-r--r--lib/freebl/mpi/mpi-priv.h4
-rw-r--r--lib/freebl/mpi/mpi.c34
-rw-r--r--lib/freebl/mpi/mpi.h2
-rw-r--r--lib/freebl/mpi/mplogic.c4
-rw-r--r--lib/freebl/mpi/mplogic.h2
-rw-r--r--lib/freebl/mpi/mpmontg.c2
-rw-r--r--lib/freebl/mpi/mpprime.c2
-rw-r--r--lib/freebl/nsslowhash.c7
-rw-r--r--lib/freebl/pqg.c20
-rw-r--r--lib/freebl/rsa.c2
-rw-r--r--lib/freebl/sha512.c12
-rw-r--r--lib/freebl/sha_fast.c2
-rw-r--r--lib/jar/jarfile.c29
-rw-r--r--lib/jar/jarsign.c2
-rwxr-xr-xlib/libpkix/include/pkix_certstore.h3
-rw-r--r--lib/libpkix/pkix/checker/pkix_crlchecker.c4
-rw-r--r--lib/libpkix/pkix/checker/pkix_crlchecker.h4
-rw-r--r--lib/libpkix/pkix/checker/pkix_ocspchecker.c4
-rw-r--r--lib/libpkix/pkix/checker/pkix_ocspchecker.h4
-rwxr-xr-xlib/libpkix/pkix/checker/pkix_revocationchecker.c8
-rwxr-xr-xlib/libpkix/pkix/checker/pkix_revocationchecker.h1
-rw-r--r--lib/libpkix/pkix/checker/pkix_revocationmethod.h4
-rwxr-xr-xlib/libpkix/pkix/crlsel/pkix_crlselector.c2
-rwxr-xr-xlib/libpkix/pkix/results/pkix_policynode.c2
-rwxr-xr-xlib/libpkix/pkix/store/pkix_store.c10
-rwxr-xr-xlib/libpkix/pkix/top/pkix_build.c2
-rwxr-xr-xlib/libpkix/pkix/util/pkix_error.c2
-rw-r--r--lib/libpkix/pkix/util/pkix_logger.c2
-rwxr-xr-xlib/libpkix/pkix/util/pkix_tools.h4
-rw-r--r--lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c12
-rw-r--r--lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c4
-rwxr-xr-xlib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c14
-rw-r--r--lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c10
-rw-r--r--lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c2
-rw-r--r--lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c2
-rwxr-xr-xlib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c8
-rwxr-xr-xlib/libpkix/pkix_pl_nss/system/pkix_pl_object.c2
-rw-r--r--lib/nss/nssinit.c12
-rw-r--r--lib/pk11wrap/pk11cert.c9
-rw-r--r--lib/pk11wrap/pk11load.c4
-rw-r--r--lib/pk11wrap/pk11merge.c3
-rw-r--r--lib/pk11wrap/pk11obj.c2
-rw-r--r--lib/pk11wrap/pk11pk12.c4
-rw-r--r--lib/pk11wrap/pk11slot.c18
-rw-r--r--lib/pkcs12/p12d.c2
-rw-r--r--lib/pkcs12/p12e.c7
-rw-r--r--lib/pkcs7/p7decode.c3
-rw-r--r--lib/pkcs7/p7encode.c5
-rw-r--r--lib/pkcs7/p7local.c2
-rw-r--r--lib/pki/certificate.c3
-rw-r--r--lib/pki/pki3hack.c4
-rw-r--r--lib/pki/pkibase.c15
-rw-r--r--lib/pki/tdcache.c8
-rw-r--r--lib/pki/trustdomain.c5
-rw-r--r--lib/smime/cmsasn1.c4
-rw-r--r--lib/smime/cmscipher.c2
-rw-r--r--lib/smime/cmsencode.c5
-rw-r--r--lib/smime/cmsrecinfo.c4
-rw-r--r--lib/smime/cmsudf.c6
-rw-r--r--lib/smime/smimeutil.c6
-rw-r--r--lib/softoken/legacydb/keydb.c40
-rw-r--r--lib/softoken/legacydb/lgattr.c7
-rw-r--r--lib/softoken/legacydb/lginit.c10
-rw-r--r--lib/softoken/legacydb/pcertdb.c90
-rw-r--r--lib/softoken/lowpbe.c2
-rw-r--r--lib/softoken/pkcs11.c12
-rw-r--r--lib/softoken/pkcs11c.c13
-rw-r--r--lib/softoken/pkcs11u.c7
-rw-r--r--lib/softoken/sdb.c10
-rw-r--r--lib/softoken/sftkdb.c34
-rw-r--r--lib/softoken/sftkhmac.c10
-rw-r--r--lib/softoken/sftkpwd.c13
-rw-r--r--lib/sqlite/Makefile5
-rw-r--r--lib/sqlite/sqlite3.c10
-rw-r--r--lib/ssl/dtlscon.c8
-rw-r--r--lib/ssl/ssl3con.c22
-rw-r--r--lib/ssl/ssl3ecc.c9
-rw-r--r--lib/ssl/ssl3ext.c75
-rw-r--r--lib/ssl/ssl3gthr.c4
-rw-r--r--lib/ssl/sslauth.c3
-rw-r--r--lib/ssl/sslcon.c37
-rw-r--r--lib/ssl/sslimpl.h4
-rw-r--r--lib/ssl/sslinfo.c8
-rw-r--r--lib/ssl/sslsecur.c3
-rw-r--r--lib/ssl/sslsnce.c7
-rw-r--r--lib/ssl/sslsock.c2
-rw-r--r--lib/util/derdec.c2
-rw-r--r--lib/util/derenc.c3
-rw-r--r--lib/util/manifest.mn1
-rw-r--r--lib/util/nssb64e.c2
-rw-r--r--lib/util/nssrwlk.c2
-rw-r--r--lib/util/quickder.c12
-rw-r--r--lib/util/secoid.c9
-rw-r--r--lib/util/secport.c6
-rw-r--r--lib/util/secport.h7
-rw-r--r--lib/util/verref.h40
133 files changed, 960 insertions, 1015 deletions
diff --git a/lib/base/hash.c b/lib/base/hash.c
index 514e547ac..7eaaf6ff0 100644
--- a/lib/base/hash.c
+++ b/lib/base/hash.c
@@ -51,9 +51,7 @@ nss_identity_hash
const void *key
)
{
- PRUint32 i = (PRUint32)key;
- PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32));
- return (PLHashNumber)i;
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
static PLHashNumber
diff --git a/lib/base/list.c b/lib/base/list.c
index d6773d743..5f34923b2 100644
--- a/lib/base/list.c
+++ b/lib/base/list.c
@@ -217,9 +217,8 @@ nsslist_add_element(nssList *list, void *data)
NSS_IMPLEMENT PRStatus
nssList_Add(nssList *list, void *data)
{
- PRStatus nssrv;
NSSLIST_LOCK_IF(list);
- nssrv = nsslist_add_element(list, data);
+ (void)nsslist_add_element(list, data);
NSSLIST_UNLOCK_IF(list);
return PR_SUCCESS;
}
diff --git a/lib/base/tracker.c b/lib/base/tracker.c
index 95881f911..06e2baf2a 100644
--- a/lib/base/tracker.c
+++ b/lib/base/tracker.c
@@ -29,7 +29,7 @@ identity_hash
const void *key
)
{
- return (PLHashNumber)key;
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
/*
diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c
index 2581be227..f282bbb9f 100644
--- a/lib/certdb/certdb.c
+++ b/lib/certdb/certdb.c
@@ -2443,7 +2443,6 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
{
unsigned int i;
CERTCertificate **certs = NULL;
- SECStatus rv;
unsigned int fcerts = 0;
if ( ncerts ) {
@@ -2491,10 +2490,11 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
* know which cert it belongs to. But we still may try
* the individual canickname from the cert itself.
*/
- rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL);
+ /* Bug 1192442 - propagate errors from these calls. */
+ (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL);
} else {
- rv = CERT_AddTempCertToPerm(certs[i],
- nickname?nickname:canickname, NULL);
+ (void)CERT_AddTempCertToPerm(certs[i],
+ nickname?nickname:canickname, NULL);
}
PORT_Free(canickname);
@@ -2511,7 +2511,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,
}
}
- return ((fcerts || !ncerts) ? SECSuccess : SECFailure);
+ return (fcerts || !ncerts) ? SECSuccess : SECFailure;
}
/*
@@ -2893,15 +2893,16 @@ CERT_LockCertRefCount(CERTCertificate *cert)
void
CERT_UnlockCertRefCount(CERTCertificate *cert)
{
- PRStatus prstat;
-
PORT_Assert(certRefCountLock != NULL);
- prstat = PZ_Unlock(certRefCountLock);
-
- PORT_Assert(prstat == PR_SUCCESS);
-
- return;
+#ifdef DEBUG
+ {
+ PRStatus prstat = PZ_Unlock(certRefCountLock);
+ PORT_Assert(prstat == PR_SUCCESS);
+ }
+#else
+ PZ_Unlock(certRefCountLock);
+#endif
}
static PZLock *certTrustLock = NULL;
@@ -2973,15 +2974,16 @@ cert_DestroyLocks(void)
void
CERT_UnlockCertTrust(const CERTCertificate *cert)
{
- PRStatus prstat;
-
PORT_Assert(certTrustLock != NULL);
- prstat = PZ_Unlock(certTrustLock);
-
- PORT_Assert(prstat == PR_SUCCESS);
-
- return;
+#ifdef DEBUG
+ {
+ PRStatus prstat = PZ_Unlock(certTrustLock);
+ PORT_Assert(prstat == PR_SUCCESS);
+ }
+#else
+ PZ_Unlock(certTrustLock);
+#endif
}
diff --git a/lib/certdb/crl.c b/lib/certdb/crl.c
index 9f9aa0b2a..c1a10ef59 100644
--- a/lib/certdb/crl.c
+++ b/lib/certdb/crl.c
@@ -627,7 +627,6 @@ crl_storeCRL (PK11SlotInfo *slot,char *url,
CERTSignedCrl *oldCrl = NULL, *crl = NULL;
PRBool deleteOldCrl = PR_FALSE;
CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE;
- SECStatus rv;
PORT_Assert(newCrl);
PORT_Assert(derCrl);
@@ -640,8 +639,8 @@ crl_storeCRL (PK11SlotInfo *slot,char *url,
/* we can't use the cache here because we must look in the same
token */
- rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type,
- &oldCrl, CRL_DECODE_SKIP_ENTRIES);
+ (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type,
+ &oldCrl, CRL_DECODE_SKIP_ENTRIES);
/* if there is an old crl on the token, make sure the one we are
installing is newer. If not, exit out, otherwise delete the
old crl.
@@ -2693,7 +2692,7 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer,
}
if (SECFailure == rv)
{
- SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason);
+ (void)CERT_FindCRLEntryReasonExten(entry, &reason);
PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE);
}
break;
@@ -3050,7 +3049,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
{
NamedCRLCacheEntry* oldEntry, * newEntry = NULL;
NamedCRLCache* ncc = NULL;
- SECStatus rv = SECSuccess, rv2;
+ SECStatus rv = SECSuccess;
PORT_Assert(namedCRLCache.lock);
PORT_Assert(namedCRLCache.entries);
@@ -3088,8 +3087,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
(void*) newEntry))
{
PORT_Assert(0);
- rv2 = NamedCRLCacheEntry_Destroy(newEntry);
- PORT_Assert(SECSuccess == rv2);
+ NamedCRLCacheEntry_Destroy(newEntry);
rv = SECFailure;
}
}
@@ -3112,8 +3110,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
}
else
{
- rv2 = NamedCRLCacheEntry_Destroy(oldEntry);
- PORT_Assert(SECSuccess == rv2);
+ PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
}
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
(void*) newEntry->canonicalizedName,
@@ -3160,8 +3157,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
}
else
{
- rv2 = NamedCRLCacheEntry_Destroy(oldEntry);
- PORT_Assert(SECSuccess == rv2);
+ PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry));
}
if (NULL == PL_HashTableAdd(namedCRLCache.entries,
(void*) newEntry->canonicalizedName,
@@ -3173,8 +3169,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl,
}
}
}
- rv2 = cert_ReleaseNamedCRLCache(ncc);
- PORT_Assert(SECSuccess == rv2);
+ PORT_AssertSuccess(cert_ReleaseNamedCRLCache(ncc));
return rv;
}
diff --git a/lib/certdb/genname.c b/lib/certdb/genname.c
index 04c8a7712..6529a6a09 100644
--- a/lib/certdb/genname.c
+++ b/lib/certdb/genname.c
@@ -67,16 +67,6 @@ static const SEC_ASN1Template CERTOtherNameTemplate[] = {
sizeof(CERTGeneralName) }
};
-static const SEC_ASN1Template CERTOtherName2Template[] = {
- { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 ,
- 0, NULL, sizeof(CERTGeneralName) },
- { SEC_ASN1_OBJECT_ID,
- offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) },
- { SEC_ASN1_ANY,
- offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) },
- { 0, }
-};
-
static const SEC_ASN1Template CERT_RFC822NameTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 ,
offsetof(CERTGeneralName, name.other),
diff --git a/lib/certdb/secname.c b/lib/certdb/secname.c
index d070bbfc7..88a0cf75e 100644
--- a/lib/certdb/secname.c
+++ b/lib/certdb/secname.c
@@ -240,14 +240,6 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from)
return 0;
}
-/************************************************************************/
-/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */
-static const SEC_ASN1Template cert_RDNTemplate[] = {
- { SEC_ASN1_SET_OF,
- offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) }
-};
-
-
CERTRDN *
CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...)
{
diff --git a/lib/certhigh/certhigh.c b/lib/certhigh/certhigh.c
index 74651baf2..b06b7af33 100644
--- a/lib/certhigh/certhigh.c
+++ b/lib/certhigh/certhigh.c
@@ -24,8 +24,6 @@ CERT_MatchNickname(char *name1, char *name2) {
char *nickname2 = NULL;
char *token1;
char *token2;
- char *token = NULL;
- int len;
/* first deal with the straight comparison */
if (PORT_Strcmp(name1, name2) == 0) {
@@ -40,20 +38,17 @@ CERT_MatchNickname(char *name1, char *name2) {
return PR_FALSE;
}
if (token1) {
- token=name1;
nickname1=token1;
nickname2=name2;
} else {
- token=name2;
nickname1=token2;
nickname2=name1;
}
- len = nickname1-token;
nickname1++;
if (PORT_Strcmp(nickname1,nickname2) != 0) {
return PR_FALSE;
}
- /* compare the other token with the internal slot here */
+ /* Bug 1192443 - compare the other token with the internal slot here */
return PR_TRUE;
}
diff --git a/lib/certhigh/certvfypkix.c b/lib/certhigh/certvfypkix.c
index dcb2dbf2c..35f841e58 100644
--- a/lib/certhigh/certvfypkix.c
+++ b/lib/certhigh/certvfypkix.c
@@ -1412,13 +1412,13 @@ setRevocationMethod(PKIX_RevocationChecker *revChecker,
{
PKIX_UInt32 methodFlags = 0;
PKIX_Error *error = NULL;
- int priority = 0;
+ PKIX_UInt32 priority = 0;
- if (revTest->number_of_defined_methods <= certRevMethod) {
+ if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) {
return NULL;
}
if (revTest->preferred_methods) {
- int i = 0;
+ unsigned int i = 0;
for (;i < revTest->number_of_preferred_methods;i++) {
if (revTest->preferred_methods[i] == certRevMethod)
break;
diff --git a/lib/certhigh/ocsp.c b/lib/certhigh/ocsp.c
index 59b341f1e..86ae0a063 100644
--- a/lib/certhigh/ocsp.c
+++ b/lib/certhigh/ocsp.c
@@ -559,14 +559,19 @@ ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item)
* because of an allocation failure, or it could get removed because we're
* cleaning up.
*/
- PRBool couldRemoveFromHashTable;
OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread()));
PR_EnterMonitor(OCSP_Global.monitor);
ocsp_RemoveCacheItemFromLinkedList(cache, item);
- couldRemoveFromHashTable = PL_HashTableRemove(cache->entries,
- item->certID);
- PORT_Assert(couldRemoveFromHashTable);
+#ifdef DEBUG
+ {
+ PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries,
+ item->certID);
+ PORT_Assert(couldRemoveFromHashTable);
+ }
+#else
+ PL_HashTableRemove(cache->entries, item->certID);
+#endif
--cache->numberOfEntries;
ocsp_FreeCacheItem(item);
PR_ExitMonitor(OCSP_Global.monitor);
diff --git a/lib/ckfw/builtins/binst.c b/lib/ckfw/builtins/binst.c
index 8940ea035..8cb057d96 100644
--- a/lib/ckfw/builtins/binst.c
+++ b/lib/ckfw/builtins/binst.c
@@ -65,10 +65,8 @@ builtins_mdInstance_GetLibraryVersion
NSSCKFWInstance *fwInstance
)
{
- extern const char __nss_builtins_version[];
- volatile char c; /* force a reference that won't get optimized away */
-
- c = __nss_builtins_version[0];
+#define NSS_VERSION_VARIABLE __nss_builtins_version
+#include "verref.h"
return nss_builtins_LibraryVersion;
}
diff --git a/lib/ckfw/builtins/certdata.perl b/lib/ckfw/builtins/certdata.perl
index 56771f5cb..e77decf9f 100644
--- a/lib/ckfw/builtins/certdata.perl
+++ b/lib/ckfw/builtins/certdata.perl
@@ -11,7 +11,6 @@ my $o;
my @objects = ();
my @objsize;
-$constants{CKO_DATA} = "static const CK_OBJECT_CLASS cko_data = CKO_DATA;\n";
$constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n";
$constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n";
diff --git a/lib/ckfw/hash.c b/lib/ckfw/hash.c
index 51f53b1a9..e4f6ce2bd 100644
--- a/lib/ckfw/hash.c
+++ b/lib/ckfw/hash.c
@@ -48,9 +48,7 @@ nss_ckfw_identity_hash
const void *key
)
{
- PRUint32 i = (PRUint32)key;
- PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32));
- return (PLHashNumber)i;
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
/*
diff --git a/lib/ckfw/token.c b/lib/ckfw/token.c
index aaaf11888..4a9757643 100644
--- a/lib/ckfw/token.c
+++ b/lib/ckfw/token.c
@@ -1258,7 +1258,7 @@ nssCKFWToken_GetUTCTime
{
/* Format is YYYYMMDDhhmmss00 */
int i;
- int Y, M, D, h, m, s, z;
+ int Y, M, D, h, m, s;
static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
for( i = 0; i < 16; i++ ) {
@@ -1274,7 +1274,6 @@ nssCKFWToken_GetUTCTime
h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0');
m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0');
s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0');
- z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0');
if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */
if( (M < 1) || (M > 12) ) goto badtime;
diff --git a/lib/crmf/cmmfchal.c b/lib/crmf/cmmfchal.c
index 8f7b2982a..bf0b7ba37 100644
--- a/lib/crmf/cmmfchal.c
+++ b/lib/crmf/cmmfchal.c
@@ -30,7 +30,6 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp,
CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}};
PK11SlotInfo *slot;
PK11SymKey *symKey = NULL;
- CK_OBJECT_HANDLE id;
CERTSubjectPublicKeyInfo *spki = NULL;
@@ -76,7 +75,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp,
rv = SECFailure;
goto loser;
}
- id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE);
+ (void)PK11_ImportPublicKey(slot, inPubKey, PR_FALSE);
/* In order to properly encrypt the data, we import as a symmetric
* key, and then wrap that key. That in essence encrypts the data.
* This is the method recommended in the PK11 world in order
diff --git a/lib/crmf/crmfcont.c b/lib/crmf/crmfcont.c
index cc386ea30..4e274d32c 100644
--- a/lib/crmf/crmfcont.c
+++ b/lib/crmf/crmfcont.c
@@ -857,7 +857,6 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey,
{
SECKEYPublicKey *caPubKey = NULL;
CRMFEncryptedKey *encKey = NULL;
- CRMFEncryptedValue *dummy;
PORT_Assert(inPrivKey != NULL && inCACert != NULL);
if (inPrivKey == NULL || inCACert == NULL) {
@@ -873,10 +872,17 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey,
if (encKey == NULL) {
goto loser;
}
- dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey,
- caPubKey,
- &encKey->value.encryptedValue);
- PORT_Assert(dummy == &encKey->value.encryptedValue);
+#ifdef DEBUG
+ {
+ CRMFEncryptedValue *dummy =
+ crmf_create_encrypted_value_wrapped_privkey(
+ inPrivKey, caPubKey, &encKey->value.encryptedValue);
+ PORT_Assert(dummy == &encKey->value.encryptedValue);
+ }
+#else
+ crmf_create_encrypted_value_wrapped_privkey(
+ inPrivKey, caPubKey, &encKey->value.encryptedValue);
+#endif
/* We won't add the der value here, but rather when it
* becomes part of a certificate request.
*/
diff --git a/lib/crmf/crmfi.h b/lib/crmf/crmfi.h
index 0dc9b4986..fd27a9b9a 100644
--- a/lib/crmf/crmfi.h
+++ b/lib/crmf/crmfi.h
@@ -52,7 +52,7 @@
struct crmfEncoderArg {
SECItem *buffer;
- long allocatedLen;
+ unsigned long allocatedLen;
};
struct crmfEncoderOutput {
diff --git a/lib/crmf/crmfpop.c b/lib/crmf/crmfpop.c
index 78381bf79..2d4e32699 100644
--- a/lib/crmf/crmfpop.c
+++ b/lib/crmf/crmfpop.c
@@ -10,7 +10,7 @@
#include "keyhi.h"
#include "cryptohi.h"
-#define CRMF_DEFAULT_ALLOC_SIZE 1024
+#define CRMF_DEFAULT_ALLOC_SIZE 1024U
SECStatus
crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
@@ -33,7 +33,6 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
SECStatus
CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
{
- SECItem *dummy;
CRMFProofOfPossession *pop;
PLArenaPool *poolp;
void *mark;
@@ -52,9 +51,9 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
pop->popChoice.raVerified.data = NULL;
pop->popChoice.raVerified.len = 0;
inCertReqMsg->pop = pop;
- dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
- &(pop->popChoice.raVerified),
- CRMFRAVerifiedTemplate);
+ (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
+ &(pop->popChoice.raVerified),
+ CRMFRAVerifiedTemplate);
return SECSuccess;
loser:
PORT_ArenaRelease(poolp, mark);
diff --git a/lib/crmf/crmftmpl.c b/lib/crmf/crmftmpl.c
index 73d75f8b7..320d52463 100644
--- a/lib/crmf/crmftmpl.c
+++ b/lib/crmf/crmftmpl.c
@@ -138,19 +138,6 @@ const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = {
CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)}
};
-static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
- SEC_ASN1_CONTEXT_SPECIFIC | 0,
- offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) },
- { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1,
- offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CRMFPOPOSigningKeyInput, publicKey),
- SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) },
- { 0 }
-};
-
const SEC_ASN1Template CRMFRAVerifiedTemplate[] = {
{ SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN,
0,
@@ -252,19 +239,3 @@ const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = {
CRMFEncryptedValueTemplate},
{ 0 }
};
-
-static const SEC_ASN1Template CRMFSinglePubInfoTemplate[] = {
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFSinglePubInfo)},
- { SEC_ASN1_INTEGER, offsetof(CRMFSinglePubInfo, pubMethod) },
- { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC,
- offsetof(CRMFSinglePubInfo, pubLocation) },
- { 0 }
-};
-
-static const SEC_ASN1Template CRMFPublicationInfoTemplate[] ={
- { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPKIPublicationInfo) },
- { SEC_ASN1_INTEGER, offsetof(CRMFPKIPublicationInfo, action) },
- { SEC_ASN1_POINTER, offsetof(CRMFPKIPublicationInfo, pubInfos),
- CRMFSinglePubInfoTemplate},
- { 0 }
-};
diff --git a/lib/dbm/src/h_page.c b/lib/dbm/src/h_page.c
index 890e86828..cc0249473 100644
--- a/lib/dbm/src/h_page.c
+++ b/lib/dbm/src/h_page.c
@@ -720,23 +720,6 @@ __get_page(HTAB *hashp,
PAGE_INIT(p);
} else {
-#ifdef DEBUG
- if(BYTE_ORDER == LITTLE_ENDIAN)
- {
- int is_little_endian;
- is_little_endian = BYTE_ORDER;
- }
- else if(BYTE_ORDER == BIG_ENDIAN)
- {
- int is_big_endian;
- is_big_endian = BYTE_ORDER;
- }
- else
- {
- assert(0);
- }
-#endif
-
if (hashp->LORDER != BYTE_ORDER) {
register int i, max;
diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c
index d97cbba32..f49915ee1 100644
--- a/lib/dev/devslot.c
+++ b/lib/dev/devslot.c
@@ -25,9 +25,6 @@
/* measured as interval */
static PRIntervalTime s_token_delay_time = 0;
-/* The flags needed to open a read-only session. */
-static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION;
-
NSS_IMPLEMENT PRStatus
nssSlot_Destroy (
NSSSlot *slot
diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c
index b6032812f..7223e489b 100644
--- a/lib/dev/devtoken.c
+++ b/lib/dev/devtoken.c
@@ -1466,7 +1466,6 @@ nssToken_TraverseCertificates (
CK_ATTRIBUTE cert_template[2];
CK_ULONG ctsize;
NSSArena *arena;
- PRStatus status;
PRUint32 arraySize, numHandles;
nssCryptokiObject **objects;
void *epv = nssToken_GetCryptokiEPV(token);
@@ -1544,7 +1543,7 @@ nssToken_TraverseCertificates (
if (objects) {
nssCryptokiObject **op;
for (op = objects; *op; op++) {
- status = (*callback)(*op, arg);
+ (void)(*callback)(*op, arg);
}
nss_ZFreeIf(objects);
}
diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c
index 5d4ed18bc..984e05b95 100644
--- a/lib/freebl/cts.c
+++ b/lib/freebl/cts.c
@@ -185,7 +185,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf,
unsigned char lastBlock[MAX_BLOCK_SIZE];
const unsigned char *tmp;
unsigned int tmpLen;
- int fullblocks, pad;
+ unsigned int fullblocks, pad;
unsigned int i;
SECStatus rv;
diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c
index cf07eabbe..66c110134 100644
--- a/lib/freebl/dh.c
+++ b/lib/freebl/dh.c
@@ -205,7 +205,7 @@ DH_Derive(SECItem *publicValue,
{
mp_int p, Xa, Yb, ZZ, psub1;
mp_err err = MP_OKAY;
- int len = 0;
+ unsigned int len = 0;
unsigned int nb;
unsigned char *secret = NULL;
if (!publicValue || !prime || !privateValue || !derivedSecret) {
diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c
index 4745df4c7..e20db2e6f 100644
--- a/lib/freebl/drbg.c
+++ b/lib/freebl/drbg.c
@@ -247,26 +247,32 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy,
/*
* build some fast inline functions for adding.
*/
-#define PRNG_ADD_CARRY_ONLY(dest, start, cy) \
- carry = cy; \
- for (k1=start; carry && k1 >=0 ; k1--) { \
- carry = !(++dest[k1]); \
- }
+#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \
+ { \
+ int k1; \
+ for (k1 = start; carry && k1 >= 0; k1--) { \
+ carry = !(++dest[k1]); \
+ } \
+ }
/*
* NOTE: dest must be an array for the following to work.
*/
-#define PRNG_ADD_BITS(dest, dest_len, add, len) \
+#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
carry = 0; \
- for (k1=dest_len -1, k2=len-1; k2 >= 0; --k1, --k2) { \
- carry += dest[k1]+ add[k2]; \
- dest[k1] = (PRUint8) carry; \
- carry >>= 8; \
+ PORT_Assert((dest_len) >= (len)); \
+ { \
+ int k1, k2; \
+ for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \
+ carry += dest[k1] + add[k2]; \
+ dest[k1] = (PRUint8) carry; \
+ carry >>= 8; \
+ } \
}
-#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len) \
- PRNG_ADD_BITS(dest, dest_len, add, len) \
- PRNG_ADD_CARRY_ONLY(dest, k1, carry)
+#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
+ PRNG_ADD_BITS(dest, dest_len, add, len, carry) \
+ PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry)
/*
* This function expands the internal state of the prng to fulfill any number
@@ -286,7 +292,6 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes,
SHA256Context ctx;
unsigned int len;
unsigned int carry;
- int k1;
SHA256_Begin(&ctx);
SHA256_Update(&ctx, data, sizeof data);
@@ -295,7 +300,8 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes,
no_of_returned_bytes -= len;
/* The carry parameter is a bool (increment or not).
* This increments data if no_of_returned_bytes is not zero */
- PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes);
+ carry = no_of_returned_bytes;
+ PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry);
}
PORT_Memset(data, 0, sizeof data);
}
@@ -315,7 +321,6 @@ prng_generateNewBytes(RNGContext *rng,
PRUint8 H[SHA256_LENGTH]; /* both H and w since they
* aren't used concurrently */
unsigned int carry;
- int k1, k2;
if (!rng->isValid) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -336,7 +341,7 @@ prng_generateNewBytes(RNGContext *rng,
SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data);
SHA256_Update(&ctx, additional_input, additional_input_len);
SHA256_End(&ctx, w, NULL, sizeof w);
- PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w)
+ PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry)
PORT_Memset(w, 0, sizeof w);
#undef w
}
@@ -350,11 +355,12 @@ prng_generateNewBytes(RNGContext *rng,
/* advance our internal state... */
rng->V_type = prngGenerateByteType;
SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data);
- PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H)
- PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C);
+ PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry)
+ PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry);
PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter,
- sizeof rng->reseed_counter)
- PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1);
+ sizeof rng->reseed_counter, carry)
+ carry = 1;
+ PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry);
/* continuous rng check */
if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) {
@@ -510,7 +516,7 @@ RNG_RandomUpdate(const void *data, size_t bytes)
PR_STATIC_ASSERT(sizeof(size_t) > 4);
- if (bytes > PRNG_MAX_ADDITIONAL_BYTES) {
+ if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) {
bytes = PRNG_MAX_ADDITIONAL_BYTES;
}
#else
diff --git a/lib/freebl/dsa.c b/lib/freebl/dsa.c
index ad3ce0043..0da63ed54 100644
--- a/lib/freebl/dsa.c
+++ b/lib/freebl/dsa.c
@@ -502,7 +502,7 @@ DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature,
mp_int u1, u2, v, w; /* intermediate values used in verification */
mp_int y; /* public key */
mp_err err;
- int dsa_subprime_len, dsa_signature_len, offset;
+ unsigned int dsa_subprime_len, dsa_signature_len, offset;
SECItem localDigest;
unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN];
SECStatus verified = SECFailure;
diff --git a/lib/freebl/ecl/ecl-priv.h b/lib/freebl/ecl/ecl-priv.h
index 22dd355a2..16f80a465 100644
--- a/lib/freebl/ecl/ecl-priv.h
+++ b/lib/freebl/ecl/ecl-priv.h
@@ -29,40 +29,39 @@
((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD)
-#define MP_ADD_CARRY(a1, a2, s, cin, cout) \
+#define MP_ADD_CARRY(a1, a2, s, carry) \
{ mp_word w; \
- w = ((mp_word)(cin)) + (a1) + (a2); \
+ w = ((mp_word)carry) + (a1) + (a2); \
s = ACCUM(w); \
- cout = CARRYOUT(w); }
+ carry = CARRYOUT(w); }
-#define MP_SUB_BORROW(a1, a2, s, bin, bout) \
+#define MP_SUB_BORROW(a1, a2, s, borrow) \
{ mp_word w; \
- w = ((mp_word)(a1)) - (a2) - (bin); \
+ w = ((mp_word)(a1)) - (a2) - borrow; \
s = ACCUM(w); \
- bout = (w >> MP_DIGIT_BIT) & 1; }
+ borrow = (w >> MP_DIGIT_BIT) & 1; }
#else
/* NOTE,
- * cin and cout could be the same variable.
- * bin and bout could be the same variable.
+ * carry and borrow are both read and written.
* a1 or a2 and s could be the same variable.
* don't trash those outputs until their respective inputs have
* been read. */
-#define MP_ADD_CARRY(a1, a2, s, cin, cout) \
+#define MP_ADD_CARRY(a1, a2, s, carry) \
{ mp_digit tmp,sum; \
tmp = (a1); \
sum = tmp + (a2); \
tmp = (sum < tmp); /* detect overflow */ \
- s = sum += (cin); \
- cout = tmp + (sum < (cin)); }
+ s = sum += carry; \
+ carry = tmp + (sum < carry); }
-#define MP_SUB_BORROW(a1, a2, s, bin, bout) \
+#define MP_SUB_BORROW(a1, a2, s, borrow) \
{ mp_digit tmp; \
tmp = (a1); \
s = tmp - (a2); \
tmp = (s > tmp); /* detect borrow */ \
- if ((bin) && !s--) tmp++; \
- bout = tmp; }
+ if (borrow && !s--) tmp++; \
+ borrow = tmp; }
#endif
diff --git a/lib/freebl/ecl/ecl_gf.c b/lib/freebl/ecl/ecl_gf.c
index 22047d519..d250d7863 100644
--- a/lib/freebl/ecl/ecl_gf.c
+++ b/lib/freebl/ecl/ecl_gf.c
@@ -242,9 +242,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r,
}
#ifndef MPI_AMD64_ADD
- MP_ADD_CARRY(a0, r0, r0, 0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry, carry);
- MP_ADD_CARRY(a2, r2, r2, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
#else
__asm__ (
"xorq %3,%3 \n\t"
@@ -273,9 +274,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r,
a1 = MP_DIGIT(&meth->irr,1);
a0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
- MP_SUB_BORROW(r0, a0, r0, 0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry, carry);
- MP_SUB_BORROW(r2, a2, r2, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a0, r0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry);
#else
__asm__ (
"subq %3,%0 \n\t"
@@ -329,10 +331,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r,
}
#ifndef MPI_AMD64_ADD
- MP_ADD_CARRY(a0, r0, r0, 0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry, carry);
- MP_ADD_CARRY(a2, r2, r2, carry, carry);
- MP_ADD_CARRY(a3, r3, r3, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry);
#else
__asm__ (
"xorq %4,%4 \n\t"
@@ -364,10 +367,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r,
a1 = MP_DIGIT(&meth->irr,1);
a0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
- MP_SUB_BORROW(r0, a0, r0, 0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry, carry);
- MP_SUB_BORROW(r2, a2, r2, carry, carry);
- MP_SUB_BORROW(r3, a3, r3, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a0, r0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry);
#else
__asm__ (
"subq %4,%0 \n\t"
@@ -426,11 +430,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r,
r0 = MP_DIGIT(b,0);
}
- MP_ADD_CARRY(a0, r0, r0, 0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry, carry);
- MP_ADD_CARRY(a2, r2, r2, carry, carry);
- MP_ADD_CARRY(a3, r3, r3, carry, carry);
- MP_ADD_CARRY(a4, r4, r4, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry);
+ MP_ADD_CARRY(a4, r4, r4, carry);
MP_CHECKOK(s_mp_pad(r, 5));
MP_DIGIT(r, 4) = r4;
@@ -450,11 +455,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r,
a2 = MP_DIGIT(&meth->irr,2);
a1 = MP_DIGIT(&meth->irr,1);
a0 = MP_DIGIT(&meth->irr,0);
- MP_SUB_BORROW(r0, a0, r0, 0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry, carry);
- MP_SUB_BORROW(r2, a2, r2, carry, carry);
- MP_SUB_BORROW(r3, a3, r3, carry, carry);
- MP_SUB_BORROW(r4, a4, r4, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a0, r0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry);
+ MP_SUB_BORROW(r4, a4, r4, carry);
MP_DIGIT(r, 4) = r4;
MP_DIGIT(r, 3) = r3;
MP_DIGIT(r, 2) = r2;
@@ -507,12 +513,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
r0 = MP_DIGIT(b,0);
}
- MP_ADD_CARRY(a0, r0, r0, 0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry, carry);
- MP_ADD_CARRY(a2, r2, r2, carry, carry);
- MP_ADD_CARRY(a3, r3, r3, carry, carry);
- MP_ADD_CARRY(a4, r4, r4, carry, carry);
- MP_ADD_CARRY(a5, r5, r5, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
+ MP_ADD_CARRY(a3, r3, r3, carry);
+ MP_ADD_CARRY(a4, r4, r4, carry);
+ MP_ADD_CARRY(a5, r5, r5, carry);
MP_CHECKOK(s_mp_pad(r, 6));
MP_DIGIT(r, 5) = r5;
@@ -534,12 +541,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r,
a2 = MP_DIGIT(&meth->irr,2);
a1 = MP_DIGIT(&meth->irr,1);
a0 = MP_DIGIT(&meth->irr,0);
- MP_SUB_BORROW(r0, a0, r0, 0, carry);
- MP_SUB_BORROW(r1, a1, r1, carry, carry);
- MP_SUB_BORROW(r2, a2, r2, carry, carry);
- MP_SUB_BORROW(r3, a3, r3, carry, carry);
- MP_SUB_BORROW(r4, a4, r4, carry, carry);
- MP_SUB_BORROW(r5, a5, r5, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a0, r0, carry);
+ MP_SUB_BORROW(r1, a1, r1, carry);
+ MP_SUB_BORROW(r2, a2, r2, carry);
+ MP_SUB_BORROW(r3, a3, r3, carry);
+ MP_SUB_BORROW(r4, a4, r4, carry);
+ MP_SUB_BORROW(r5, a5, r5, carry);
MP_DIGIT(r, 5) = r5;
MP_DIGIT(r, 4) = r4;
MP_DIGIT(r, 3) = r3;
@@ -587,9 +595,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r,
}
#ifndef MPI_AMD64_ADD
- MP_SUB_BORROW(r0, b0, r0, 0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
#else
__asm__ (
"xorq %3,%3 \n\t"
@@ -610,9 +619,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r,
b1 = MP_DIGIT(&meth->irr,1);
b0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
- MP_ADD_CARRY(b0, r0, r0, 0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
+ borrow = 0;
+ MP_ADD_CARRY(b0, r0, r0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow);
#else
__asm__ (
"addq %3,%0 \n\t"
@@ -675,10 +685,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r,
}
#ifndef MPI_AMD64_ADD
- MP_SUB_BORROW(r0, b0, r0, 0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow);
#else
__asm__ (
"xorq %4,%4 \n\t"
@@ -701,10 +712,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r,
b1 = MP_DIGIT(&meth->irr,1);
b0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
- MP_ADD_CARRY(b0, r0, r0, 0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
+ borrow = 0;
+ MP_ADD_CARRY(b0, r0, r0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow);
#else
__asm__ (
"addq %4,%0 \n\t"
@@ -771,11 +783,12 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r,
b0 = MP_DIGIT(b,0);
}
- MP_SUB_BORROW(r0, b0, r0, 0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
- MP_SUB_BORROW(r4, b4, r4, borrow, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow);
+ MP_SUB_BORROW(r4, b4, r4, borrow);
/* Do quick 'add' if we've gone under 0
* (subtract the 2's complement of the curve field) */
@@ -785,10 +798,11 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r,
b2 = MP_DIGIT(&meth->irr,2);
b1 = MP_DIGIT(&meth->irr,1);
b0 = MP_DIGIT(&meth->irr,0);
- MP_ADD_CARRY(b0, r0, r0, 0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
+ borrow = 0;
+ MP_ADD_CARRY(b0, r0, r0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow);
}
MP_CHECKOK(s_mp_pad(r, 5));
MP_DIGIT(r, 4) = r4;
@@ -843,12 +857,13 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r,
b0 = MP_DIGIT(b,0);
}
- MP_SUB_BORROW(r0, b0, r0, 0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
- MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
- MP_SUB_BORROW(r4, b4, r4, borrow, borrow);
- MP_SUB_BORROW(r5, b5, r5, borrow, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
+ MP_SUB_BORROW(r3, b3, r3, borrow);
+ MP_SUB_BORROW(r4, b4, r4, borrow);
+ MP_SUB_BORROW(r5, b5, r5, borrow);
/* Do quick 'add' if we've gone under 0
* (subtract the 2's complement of the curve field) */
@@ -859,11 +874,12 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r,
b2 = MP_DIGIT(&meth->irr,2);
b1 = MP_DIGIT(&meth->irr,1);
b0 = MP_DIGIT(&meth->irr,0);
- MP_ADD_CARRY(b0, r0, r0, 0, borrow);
- MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
- MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
- MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
- MP_ADD_CARRY(b4, r4, r4, borrow, borrow);
+ borrow = 0;
+ MP_ADD_CARRY(b0, r0, r0, borrow);
+ MP_ADD_CARRY(b1, r1, r1, borrow);
+ MP_ADD_CARRY(b2, r2, r2, borrow);
+ MP_ADD_CARRY(b3, r3, r3, borrow);
+ MP_ADD_CARRY(b4, r4, r4, borrow);
}
MP_CHECKOK(s_mp_pad(r, 6));
diff --git a/lib/freebl/ecl/ecl_mult.c b/lib/freebl/ecl/ecl_mult.c
index a99ca8250..5932828bd 100644
--- a/lib/freebl/ecl/ecl_mult.c
+++ b/lib/freebl/ecl/ecl_mult.c
@@ -129,7 +129,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
mp_err res = MP_OKAY;
mp_int precomp[4][4][2];
const mp_int *a, *b;
- int i, j;
+ unsigned int i, j;
int ai, bi, d;
ARGCHK(group != NULL, MP_BADARG);
@@ -236,7 +236,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px,
mp_zero(rx);
mp_zero(ry);
- for (i = d - 1; i >= 0; i--) {
+ for (i = d; i-- > 0;) {
ai = MP_GET_BIT(a, 2 * i + 1);
ai <<= 1;
ai |= MP_GET_BIT(a, 2 * i);
diff --git a/lib/freebl/ecl/ecp_192.c b/lib/freebl/ecl/ecp_192.c
index 70b717a1a..ef11cef99 100644
--- a/lib/freebl/ecl/ecp_192.c
+++ b/lib/freebl/ecl/ecp_192.c
@@ -72,34 +72,36 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
r0a = MP_DIGIT(a, 0);
/* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
- MP_ADD_CARRY(r0a, a3a, r0a, 0, carry);
- MP_ADD_CARRY(r0b, a3b, r0b, carry, carry);
- MP_ADD_CARRY(r1a, a3a, r1a, carry, carry);
- MP_ADD_CARRY(r1b, a3b, r1b, carry, carry);
- MP_ADD_CARRY(r2a, a4a, r2a, carry, carry);
- MP_ADD_CARRY(r2b, a4b, r2b, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0a, a3a, r0a, carry);
+ MP_ADD_CARRY(r0b, a3b, r0b, carry);
+ MP_ADD_CARRY(r1a, a3a, r1a, carry);
+ MP_ADD_CARRY(r1b, a3b, r1b, carry);
+ MP_ADD_CARRY(r2a, a4a, r2a, carry);
+ MP_ADD_CARRY(r2b, a4b, r2b, carry);
r3 = carry; carry = 0;
- MP_ADD_CARRY(r0a, a5a, r0a, 0, carry);
- MP_ADD_CARRY(r0b, a5b, r0b, carry, carry);
- MP_ADD_CARRY(r1a, a5a, r1a, carry, carry);
- MP_ADD_CARRY(r1b, a5b, r1b, carry, carry);
- MP_ADD_CARRY(r2a, a5a, r2a, carry, carry);
- MP_ADD_CARRY(r2b, a5b, r2b, carry, carry);
- r3 += carry;
- MP_ADD_CARRY(r1a, a4a, r1a, 0, carry);
- MP_ADD_CARRY(r1b, a4b, r1b, carry, carry);
- MP_ADD_CARRY(r2a, 0, r2a, carry, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry, carry);
+ MP_ADD_CARRY(r0a, a5a, r0a, carry);
+ MP_ADD_CARRY(r0b, a5b, r0b, carry);
+ MP_ADD_CARRY(r1a, a5a, r1a, carry);
+ MP_ADD_CARRY(r1b, a5b, r1b, carry);
+ MP_ADD_CARRY(r2a, a5a, r2a, carry);
+ MP_ADD_CARRY(r2b, a5b, r2b, carry);
+ r3 += carry; carry = 0;
+ MP_ADD_CARRY(r1a, a4a, r1a, carry);
+ MP_ADD_CARRY(r1b, a4b, r1b, carry);
+ MP_ADD_CARRY(r2a, 0, r2a, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry);
r3 += carry;
/* reduce out the carry */
while (r3) {
- MP_ADD_CARRY(r0a, r3, r0a, 0, carry);
- MP_ADD_CARRY(r0b, 0, r0b, carry, carry);
- MP_ADD_CARRY(r1a, r3, r1a, carry, carry);
- MP_ADD_CARRY(r1b, 0, r1b, carry, carry);
- MP_ADD_CARRY(r2a, 0, r2a, carry, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0a, r3, r0a, carry);
+ MP_ADD_CARRY(r0b, 0, r0b, carry);
+ MP_ADD_CARRY(r1a, r3, r1a, carry);
+ MP_ADD_CARRY(r1b, 0, r1b, carry);
+ MP_ADD_CARRY(r2a, 0, r2a, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry);
r3 = carry;
}
@@ -121,8 +123,9 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
(r1a == 0xfffffffe) && (r0a == 0xffffffff) &&
(r0b == 0xffffffff)) ) {
/* do a quick subtract */
- MP_ADD_CARRY(r0a, 1, r0a, 0, carry);
- MP_ADD_CARRY(r0b, carry, r0a, 0, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0a, 1, r0a, carry);
+ MP_ADD_CARRY(r0b, carry, r0a, carry);
r1a += 1+carry;
r1b = r2a = r2b = 0;
}
@@ -154,16 +157,17 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
/* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */
#ifndef MPI_AMD64_ADD
- MP_ADD_CARRY(r0, a3, r0, 0, carry);
- MP_ADD_CARRY(r1, a3, r1, carry, carry);
- MP_ADD_CARRY(r2, a4, r2, carry, carry);
- r3 = carry;
- MP_ADD_CARRY(r0, a5, r0, 0, carry);
- MP_ADD_CARRY(r1, a5, r1, carry, carry);
- MP_ADD_CARRY(r2, a5, r2, carry, carry);
- r3 += carry;
- MP_ADD_CARRY(r1, a4, r1, 0, carry);
- MP_ADD_CARRY(r2, 0, r2, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0, a3, r0, carry);
+ MP_ADD_CARRY(r1, a3, r1, carry);
+ MP_ADD_CARRY(r2, a4, r2, carry);
+ r3 = carry; carry = 0;
+ MP_ADD_CARRY(r0, a5, r0, carry);
+ MP_ADD_CARRY(r1, a5, r1, carry);
+ MP_ADD_CARRY(r2, a5, r2, carry);
+ r3 += carry; carry = 0;
+ MP_ADD_CARRY(r1, a4, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
r3 += carry;
#else
@@ -195,9 +199,10 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
/* reduce out the carry */
while (r3) {
#ifndef MPI_AMD64_ADD
- MP_ADD_CARRY(r0, r3, r0, 0, carry);
- MP_ADD_CARRY(r1, r3, r1, carry, carry);
- MP_ADD_CARRY(r2, 0, r2, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0, r3, r0, carry);
+ MP_ADD_CARRY(r1, r3, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
r3 = carry;
#else
a3=r3;
@@ -229,7 +234,8 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
((r1 == MP_DIGIT_MAX) ||
((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) {
/* do a quick subtract */
- MP_ADD_CARRY(r0, 1, r0, 0, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0, 1, r0, carry);
r1 += 1+carry;
r2 = 0;
}
@@ -280,9 +286,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r,
}
#ifndef MPI_AMD64_ADD
- MP_ADD_CARRY(a0, r0, r0, 0, carry);
- MP_ADD_CARRY(a1, r1, r1, carry, carry);
- MP_ADD_CARRY(a2, r2, r2, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(a0, r0, r0, carry);
+ MP_ADD_CARRY(a1, r1, r1, carry);
+ MP_ADD_CARRY(a2, r2, r2, carry);
#else
__asm__ (
"xorq %3,%3 \n\t"
@@ -302,9 +309,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r,
((r1 == MP_DIGIT_MAX) ||
((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) {
#ifndef MPI_AMD64_ADD
- MP_ADD_CARRY(r0, 1, r0, 0, carry);
- MP_ADD_CARRY(r1, 1, r1, carry, carry);
- MP_ADD_CARRY(r2, 0, r2, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0, 1, r0, carry);
+ MP_ADD_CARRY(r1, 1, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
#else
__asm__ (
"addq $1,%0 \n\t"
@@ -362,9 +370,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r,
}
#ifndef MPI_AMD64_ADD
- MP_SUB_BORROW(r0, b0, r0, 0, borrow);
- MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
- MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, b0, r0, borrow);
+ MP_SUB_BORROW(r1, b1, r1, borrow);
+ MP_SUB_BORROW(r2, b2, r2, borrow);
#else
__asm__ (
"xorq %3,%3 \n\t"
@@ -382,9 +391,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r,
* (subtract the 2's complement of the curve field) */
if (borrow) {
#ifndef MPI_AMD64_ADD
- MP_SUB_BORROW(r0, 1, r0, 0, borrow);
- MP_SUB_BORROW(r1, 1, r1, borrow, borrow);
- MP_SUB_BORROW(r2, 0, r2, borrow, borrow);
+ borrow = 0;
+ MP_SUB_BORROW(r0, 1, r0, borrow);
+ MP_SUB_BORROW(r1, 1, r1, borrow);
+ MP_SUB_BORROW(r2, 0, r2, borrow);
#else
__asm__ (
"subq $1,%0 \n\t"
diff --git a/lib/freebl/ecl/ecp_224.c b/lib/freebl/ecl/ecp_224.c
index 18779ba1b..4faab215b 100644
--- a/lib/freebl/ecl/ecp_224.c
+++ b/lib/freebl/ecl/ecp_224.c
@@ -72,52 +72,54 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+( 0, a6,a5b, 0)
-( 0 0, 0|a6b, a6a|a5b )
-( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
- MP_ADD_CARRY (r1b, a3b, r1b, 0, carry);
- MP_ADD_CARRY (r2a, a4a, r2a, carry, carry);
- MP_ADD_CARRY (r2b, a4b, r2b, carry, carry);
- MP_ADD_CARRY (r3a, a5a, r3a, carry, carry);
- r3b = carry;
- MP_ADD_CARRY (r1b, a5b, r1b, 0, carry);
- MP_ADD_CARRY (r2a, a6a, r2a, carry, carry);
- MP_ADD_CARRY (r2b, a6b, r2b, carry, carry);
- MP_ADD_CARRY (r3a, 0, r3a, carry, carry);
- r3b += carry;
- MP_SUB_BORROW(r0a, a3b, r0a, 0, carry);
- MP_SUB_BORROW(r0b, a4a, r0b, carry, carry);
- MP_SUB_BORROW(r1a, a4b, r1a, carry, carry);
- MP_SUB_BORROW(r1b, a5a, r1b, carry, carry);
- MP_SUB_BORROW(r2a, a5b, r2a, carry, carry);
- MP_SUB_BORROW(r2b, a6a, r2b, carry, carry);
- MP_SUB_BORROW(r3a, a6b, r3a, carry, carry);
- r3b -= carry;
- MP_SUB_BORROW(r0a, a5b, r0a, 0, carry);
- MP_SUB_BORROW(r0b, a6a, r0b, carry, carry);
- MP_SUB_BORROW(r1a, a6b, r1a, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY (r1b, a3b, r1b, carry);
+ MP_ADD_CARRY (r2a, a4a, r2a, carry);
+ MP_ADD_CARRY (r2b, a4b, r2b, carry);
+ MP_ADD_CARRY (r3a, a5a, r3a, carry);
+ r3b = carry; carry = 0;
+ MP_ADD_CARRY (r1b, a5b, r1b, carry);
+ MP_ADD_CARRY (r2a, a6a, r2a, carry);
+ MP_ADD_CARRY (r2b, a6b, r2b, carry);
+ MP_ADD_CARRY (r3a, 0, r3a, carry);
+ r3b += carry; carry = 0;
+ MP_SUB_BORROW(r0a, a3b, r0a, carry);
+ MP_SUB_BORROW(r0b, a4a, r0b, carry);
+ MP_SUB_BORROW(r1a, a4b, r1a, carry);
+ MP_SUB_BORROW(r1b, a5a, r1b, carry);
+ MP_SUB_BORROW(r2a, a5b, r2a, carry);
+ MP_SUB_BORROW(r2b, a6a, r2b, carry);
+ MP_SUB_BORROW(r3a, a6b, r3a, carry);
+ r3b -= carry; carry = 0;
+ MP_SUB_BORROW(r0a, a5b, r0a, carry);
+ MP_SUB_BORROW(r0b, a6a, r0b, carry);
+ MP_SUB_BORROW(r1a, a6b, r1a, carry);
if (carry) {
- MP_SUB_BORROW(r1b, 0, r1b, carry, carry);
- MP_SUB_BORROW(r2a, 0, r2a, carry, carry);
- MP_SUB_BORROW(r2b, 0, r2b, carry, carry);
- MP_SUB_BORROW(r3a, 0, r3a, carry, carry);
+ MP_SUB_BORROW(r1b, 0, r1b, carry);
+ MP_SUB_BORROW(r2a, 0, r2a, carry);
+ MP_SUB_BORROW(r2b, 0, r2b, carry);
+ MP_SUB_BORROW(r3a, 0, r3a, carry);
r3b -= carry;
}
while (r3b > 0) {
int tmp;
- MP_ADD_CARRY(r1b, r3b, r1b, 0, carry);
+ carry = 0;
+ MP_ADD_CARRY(r1b, r3b, r1b, carry);
if (carry) {
- MP_ADD_CARRY(r2a, 0, r2a, carry, carry);
- MP_ADD_CARRY(r2b, 0, r2b, carry, carry);
- MP_ADD_CARRY(r3a, 0, r3a, carry, carry);
+ MP_ADD_CARRY(r2a, 0, r2a, carry);
+ MP_ADD_CARRY(r2b, 0, r2b, carry);
+ MP_ADD_CARRY(r3a, 0, r3a, carry);
}
- tmp = carry;
- MP_SUB_BORROW(r0a, r3b, r0a, 0, carry);
+ tmp = carry; carry = 0;
+ MP_SUB_BORROW(r0a, r3b, r0a, carry);
if (carry) {
- MP_SUB_BORROW(r0b, 0, r0b, carry, carry);
- MP_SUB_BORROW(r1a, 0, r1a, carry, carry);
- MP_SUB_BORROW(r1b, 0, r1b, carry, carry);
- MP_SUB_BORROW(r2a, 0, r2a, carry, carry);
- MP_SUB_BORROW(r2b, 0, r2b, carry, carry);
- MP_SUB_BORROW(r3a, 0, r3a, carry, carry);
+ MP_SUB_BORROW(r0b, 0, r0b, carry);
+ MP_SUB_BORROW(r1a, 0, r1a, carry);
+ MP_SUB_BORROW(r1b, 0, r1b, carry);
+ MP_SUB_BORROW(r2a, 0, r2a, carry);
+ MP_SUB_BORROW(r2b, 0, r2b, carry);
+ MP_SUB_BORROW(r3a, 0, r3a, carry);
tmp -= carry;
}
r3b = tmp;
@@ -125,13 +127,14 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
while (r3b < 0) {
mp_digit maxInt = MP_DIGIT_MAX;
- MP_ADD_CARRY (r0a, 1, r0a, 0, carry);
- MP_ADD_CARRY (r0b, 0, r0b, carry, carry);
- MP_ADD_CARRY (r1a, 0, r1a, carry, carry);
- MP_ADD_CARRY (r1b, maxInt, r1b, carry, carry);
- MP_ADD_CARRY (r2a, maxInt, r2a, carry, carry);
- MP_ADD_CARRY (r2b, maxInt, r2b, carry, carry);
- MP_ADD_CARRY (r3a, maxInt, r3a, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY (r0a, 1, r0a, carry);
+ MP_ADD_CARRY (r0b, 0, r0b, carry);
+ MP_ADD_CARRY (r1a, 0, r1a, carry);
+ MP_ADD_CARRY (r1b, maxInt, r1b, carry);
+ MP_ADD_CARRY (r2a, maxInt, r2a, carry);
+ MP_ADD_CARRY (r2b, maxInt, r2b, carry);
+ MP_ADD_CARRY (r3a, maxInt, r3a, carry);
r3b += carry;
}
/* check for final reduction */
@@ -140,9 +143,10 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
&& (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) &&
((r1a != 0) || (r0b != 0) || (r0a != 0)) ) {
/* one last subraction */
- MP_SUB_BORROW(r0a, 1, r0a, 0, carry);
- MP_SUB_BORROW(r0b, 0, r0b, carry, carry);
- MP_SUB_BORROW(r1a, 0, r1a, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0a, 1, r0a, carry);
+ MP_SUB_BORROW(r0b, 0, r0b, carry);
+ MP_SUB_BORROW(r1a, 0, r1a, carry);
r1b = r2a = r2b = r3a = 0;
}
@@ -194,22 +198,26 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+( 0, a6,a5b, 0)
-( 0 0, 0|a6b, a6a|a5b )
-( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */
- MP_ADD_CARRY (r1, a3b, r1, 0, carry);
- MP_ADD_CARRY (r2, a4 , r2, carry, carry);
- MP_ADD_CARRY (r3, a5a, r3, carry, carry);
- MP_ADD_CARRY (r1, a5b, r1, 0, carry);
- MP_ADD_CARRY (r2, a6 , r2, carry, carry);
- MP_ADD_CARRY (r3, 0, r3, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY (r1, a3b, r1, carry);
+ MP_ADD_CARRY (r2, a4 , r2, carry);
+ MP_ADD_CARRY (r3, a5a, r3, carry);
+ carry = 0;
+ MP_ADD_CARRY (r1, a5b, r1, carry);
+ MP_ADD_CARRY (r2, a6 , r2, carry);
+ MP_ADD_CARRY (r3, 0, r3, carry);
- MP_SUB_BORROW(r0, a4a_a3b, r0, 0, carry);
- MP_SUB_BORROW(r1, a5a_a4b, r1, carry, carry);
- MP_SUB_BORROW(r2, a6a_a5b, r2, carry, carry);
- MP_SUB_BORROW(r3, a6b , r3, carry, carry);
- MP_SUB_BORROW(r0, a6a_a5b, r0, 0, carry);
- MP_SUB_BORROW(r1, a6b , r1, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a4a_a3b, r0, carry);
+ MP_SUB_BORROW(r1, a5a_a4b, r1, carry);
+ MP_SUB_BORROW(r2, a6a_a5b, r2, carry);
+ MP_SUB_BORROW(r3, a6b , r3, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a6a_a5b, r0, carry);
+ MP_SUB_BORROW(r1, a6b , r1, carry);
if (carry) {
- MP_SUB_BORROW(r2, 0, r2, carry, carry);
- MP_SUB_BORROW(r3, 0, r3, carry, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry);
}
@@ -218,25 +226,28 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
r3b = (int)(r3 >>32);
while (r3b > 0) {
r3 &= 0xffffffff;
- MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, 0, carry);
+ carry = 0;
+ MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, carry);
if (carry) {
- MP_ADD_CARRY(r2, 0, r2, carry, carry);
- MP_ADD_CARRY(r3, 0, r3, carry, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r3, 0, r3, carry);
}
- MP_SUB_BORROW(r0, r3b, r0, 0, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, r3b, r0, carry);
if (carry) {
- MP_SUB_BORROW(r1, 0, r1, carry, carry);
- MP_SUB_BORROW(r2, 0, r2, carry, carry);
- MP_SUB_BORROW(r3, 0, r3, carry, carry);
+ MP_SUB_BORROW(r1, 0, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry);
}
r3b = (int)(r3 >>32);
}
while (r3b < 0) {
- MP_ADD_CARRY (r0, 1, r0, 0, carry);
- MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry, carry);
- MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry, carry);
- MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY (r0, 1, r0, carry);
+ MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry);
+ MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry);
+ MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry);
r3b = (int)(r3 >>32);
}
/* check for final reduction */
@@ -247,8 +258,9 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
&& ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) &&
((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) {
/* one last subraction */
- MP_SUB_BORROW(r0, 1, r0, 0, carry);
- MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, 1, r0, carry);
+ MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry);
r2 = r3 = 0;
}
diff --git a/lib/freebl/ecl/ecp_256.c b/lib/freebl/ecl/ecp_256.c
index a834d15d4..936ee6ddd 100644
--- a/lib/freebl/ecl/ecp_256.c
+++ b/lib/freebl/ecl/ecp_256.c
@@ -68,115 +68,118 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
r7 = MP_DIGIT(a,7);
/* sum 1 */
- MP_ADD_CARRY(r3, a11, r3, 0, carry);
- MP_ADD_CARRY(r4, a12, r4, carry, carry);
- MP_ADD_CARRY(r5, a13, r5, carry, carry);
- MP_ADD_CARRY(r6, a14, r6, carry, carry);
- MP_ADD_CARRY(r7, a15, r7, carry, carry);
- r8 = carry;
- MP_ADD_CARRY(r3, a11, r3, 0, carry);
- MP_ADD_CARRY(r4, a12, r4, carry, carry);
- MP_ADD_CARRY(r5, a13, r5, carry, carry);
- MP_ADD_CARRY(r6, a14, r6, carry, carry);
- MP_ADD_CARRY(r7, a15, r7, carry, carry);
- r8 += carry;
+ carry = 0;
+ MP_ADD_CARRY(r3, a11, r3, carry);
+ MP_ADD_CARRY(r4, a12, r4, carry);
+ MP_ADD_CARRY(r5, a13, r5, carry);
+ MP_ADD_CARRY(r6, a14, r6, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry);
+ r8 = carry; carry = 0;
+ MP_ADD_CARRY(r3, a11, r3, carry);
+ MP_ADD_CARRY(r4, a12, r4, carry);
+ MP_ADD_CARRY(r5, a13, r5, carry);
+ MP_ADD_CARRY(r6, a14, r6, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry);
+ r8 += carry; carry = 0;
/* sum 2 */
- MP_ADD_CARRY(r3, a12, r3, 0, carry);
- MP_ADD_CARRY(r4, a13, r4, carry, carry);
- MP_ADD_CARRY(r5, a14, r5, carry, carry);
- MP_ADD_CARRY(r6, a15, r6, carry, carry);
- MP_ADD_CARRY(r7, 0, r7, carry, carry);
- r8 += carry;
+ MP_ADD_CARRY(r3, a12, r3, carry);
+ MP_ADD_CARRY(r4, a13, r4, carry);
+ MP_ADD_CARRY(r5, a14, r5, carry);
+ MP_ADD_CARRY(r6, a15, r6, carry);
+ MP_ADD_CARRY(r7, 0, r7, carry);
+ r8 += carry; carry = 0;
/* combine last bottom of sum 3 with second sum 2 */
- MP_ADD_CARRY(r0, a8, r0, 0, carry);
- MP_ADD_CARRY(r1, a9, r1, carry, carry);
- MP_ADD_CARRY(r2, a10, r2, carry, carry);
- MP_ADD_CARRY(r3, a12, r3, carry, carry);
- MP_ADD_CARRY(r4, a13, r4, carry, carry);
- MP_ADD_CARRY(r5, a14, r5, carry, carry);
- MP_ADD_CARRY(r6, a15, r6, carry, carry);
- MP_ADD_CARRY(r7, a15, r7, carry, carry); /* from sum 3 */
- r8 += carry;
+ MP_ADD_CARRY(r0, a8, r0, carry);
+ MP_ADD_CARRY(r1, a9, r1, carry);
+ MP_ADD_CARRY(r2, a10, r2, carry);
+ MP_ADD_CARRY(r3, a12, r3, carry);
+ MP_ADD_CARRY(r4, a13, r4, carry);
+ MP_ADD_CARRY(r5, a14, r5, carry);
+ MP_ADD_CARRY(r6, a15, r6, carry);
+ MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */
+ r8 += carry; carry = 0;
/* sum 3 (rest of it)*/
- MP_ADD_CARRY(r6, a14, r6, 0, carry);
- MP_ADD_CARRY(r7, 0, r7, carry, carry);
- r8 += carry;
+ MP_ADD_CARRY(r6, a14, r6, carry);
+ MP_ADD_CARRY(r7, 0, r7, carry);
+ r8 += carry; carry = 0;
/* sum 4 (rest of it)*/
- MP_ADD_CARRY(r0, a9, r0, 0, carry);
- MP_ADD_CARRY(r1, a10, r1, carry, carry);
- MP_ADD_CARRY(r2, a11, r2, carry, carry);
- MP_ADD_CARRY(r3, a13, r3, carry, carry);
- MP_ADD_CARRY(r4, a14, r4, carry, carry);
- MP_ADD_CARRY(r5, a15, r5, carry, carry);
- MP_ADD_CARRY(r6, a13, r6, carry, carry);
- MP_ADD_CARRY(r7, a8, r7, carry, carry);
- r8 += carry;
+ MP_ADD_CARRY(r0, a9, r0, carry);
+ MP_ADD_CARRY(r1, a10, r1, carry);
+ MP_ADD_CARRY(r2, a11, r2, carry);
+ MP_ADD_CARRY(r3, a13, r3, carry);
+ MP_ADD_CARRY(r4, a14, r4, carry);
+ MP_ADD_CARRY(r5, a15, r5, carry);
+ MP_ADD_CARRY(r6, a13, r6, carry);
+ MP_ADD_CARRY(r7, a8, r7, carry);
+ r8 += carry; carry = 0;
/* diff 5 */
- MP_SUB_BORROW(r0, a11, r0, 0, carry);
- MP_SUB_BORROW(r1, a12, r1, carry, carry);
- MP_SUB_BORROW(r2, a13, r2, carry, carry);
- MP_SUB_BORROW(r3, 0, r3, carry, carry);
- MP_SUB_BORROW(r4, 0, r4, carry, carry);
- MP_SUB_BORROW(r5, 0, r5, carry, carry);
- MP_SUB_BORROW(r6, a8, r6, carry, carry);
- MP_SUB_BORROW(r7, a10, r7, carry, carry);
- r8 -= carry;
+ MP_SUB_BORROW(r0, a11, r0, carry);
+ MP_SUB_BORROW(r1, a12, r1, carry);
+ MP_SUB_BORROW(r2, a13, r2, carry);
+ MP_SUB_BORROW(r3, 0, r3, carry);
+ MP_SUB_BORROW(r4, 0, r4, carry);
+ MP_SUB_BORROW(r5, 0, r5, carry);
+ MP_SUB_BORROW(r6, a8, r6, carry);
+ MP_SUB_BORROW(r7, a10, r7, carry);
+ r8 -= carry; carry = 0;
/* diff 6 */
- MP_SUB_BORROW(r0, a12, r0, 0, carry);
- MP_SUB_BORROW(r1, a13, r1, carry, carry);
- MP_SUB_BORROW(r2, a14, r2, carry, carry);
- MP_SUB_BORROW(r3, a15, r3, carry, carry);
- MP_SUB_BORROW(r4, 0, r4, carry, carry);
- MP_SUB_BORROW(r5, 0, r5, carry, carry);
- MP_SUB_BORROW(r6, a9, r6, carry, carry);
- MP_SUB_BORROW(r7, a11, r7, carry, carry);
- r8 -= carry;
+ MP_SUB_BORROW(r0, a12, r0, carry);
+ MP_SUB_BORROW(r1, a13, r1, carry);
+ MP_SUB_BORROW(r2, a14, r2, carry);
+ MP_SUB_BORROW(r3, a15, r3, carry);
+ MP_SUB_BORROW(r4, 0, r4, carry);
+ MP_SUB_BORROW(r5, 0, r5, carry);
+ MP_SUB_BORROW(r6, a9, r6, carry);
+ MP_SUB_BORROW(r7, a11, r7, carry);
+ r8 -= carry; carry = 0;
/* diff 7 */
- MP_SUB_BORROW(r0, a13, r0, 0, carry);
- MP_SUB_BORROW(r1, a14, r1, carry, carry);
- MP_SUB_BORROW(r2, a15, r2, carry, carry);
- MP_SUB_BORROW(r3, a8, r3, carry, carry);
- MP_SUB_BORROW(r4, a9, r4, carry, carry);
- MP_SUB_BORROW(r5, a10, r5, carry, carry);
- MP_SUB_BORROW(r6, 0, r6, carry, carry);
- MP_SUB_BORROW(r7, a12, r7, carry, carry);
- r8 -= carry;
+ MP_SUB_BORROW(r0, a13, r0, carry);
+ MP_SUB_BORROW(r1, a14, r1, carry);
+ MP_SUB_BORROW(r2, a15, r2, carry);
+ MP_SUB_BORROW(r3, a8, r3, carry);
+ MP_SUB_BORROW(r4, a9, r4, carry);
+ MP_SUB_BORROW(r5, a10, r5, carry);
+ MP_SUB_BORROW(r6, 0, r6, carry);
+ MP_SUB_BORROW(r7, a12, r7, carry);
+ r8 -= carry; carry = 0;
/* diff 8 */
- MP_SUB_BORROW(r0, a14, r0, 0, carry);
- MP_SUB_BORROW(r1, a15, r1, carry, carry);
- MP_SUB_BORROW(r2, 0, r2, carry, carry);
- MP_SUB_BORROW(r3, a9, r3, carry, carry);
- MP_SUB_BORROW(r4, a10, r4, carry, carry);
- MP_SUB_BORROW(r5, a11, r5, carry, carry);
- MP_SUB_BORROW(r6, 0, r6, carry, carry);
- MP_SUB_BORROW(r7, a13, r7, carry, carry);
+ MP_SUB_BORROW(r0, a14, r0, carry);
+ MP_SUB_BORROW(r1, a15, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, a9, r3, carry);
+ MP_SUB_BORROW(r4, a10, r4, carry);
+ MP_SUB_BORROW(r5, a11, r5, carry);
+ MP_SUB_BORROW(r6, 0, r6, carry);
+ MP_SUB_BORROW(r7, a13, r7, carry);
r8 -= carry;
/* reduce the overflows */
while (r8 > 0) {
- mp_digit r8_d = r8;
- MP_ADD_CARRY(r0, r8_d, r0, 0, carry);
- MP_ADD_CARRY(r1, 0, r1, carry, carry);
- MP_ADD_CARRY(r2, 0, r2, carry, carry);
- MP_ADD_CARRY(r3, 0-r8_d, r3, carry, carry);
- MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry, carry);
- MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry, carry);
- MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry, carry);
- MP_ADD_CARRY(r7, (r8_d-1), r7, carry, carry);
+ mp_digit r8_d = r8; carry = 0;
+ carry = 0;
+ MP_ADD_CARRY(r0, r8_d, r0, carry);
+ MP_ADD_CARRY(r1, 0, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r3, 0-r8_d, r3, carry);
+ MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry);
+ MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry);
+ MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry);
+ MP_ADD_CARRY(r7, (r8_d-1), r7, carry);
r8 = carry;
}
/* reduce the underflows */
while (r8 < 0) {
mp_digit r8_d = -r8;
- MP_SUB_BORROW(r0, r8_d, r0, 0, carry);
- MP_SUB_BORROW(r1, 0, r1, carry, carry);
- MP_SUB_BORROW(r2, 0, r2, carry, carry);
- MP_SUB_BORROW(r3, 0-r8_d, r3, carry, carry);
- MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry, carry);
- MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry, carry);
- MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry, carry);
- MP_SUB_BORROW(r7, (r8_d-1), r7, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, r8_d, r0, carry);
+ MP_SUB_BORROW(r1, 0, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, 0-r8_d, r3, carry);
+ MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry);
+ MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry);
+ MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry);
+ MP_SUB_BORROW(r7, (r8_d-1), r7, carry);
r8 = 0-carry;
}
if (a != r) {
@@ -229,69 +232,82 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
r0 = MP_DIGIT(a,0);
/* sum 1 */
- MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry);
- MP_ADD_CARRY(r2, a6, r2, carry, carry);
- MP_ADD_CARRY(r3, a7, r3, carry, carry);
- r4 = carry;
- MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry);
- MP_ADD_CARRY(r2, a6, r2, carry, carry);
- MP_ADD_CARRY(r3, a7, r3, carry, carry);
- r4 += carry;
+ carry = 0;
+ carry = 0;
+ MP_ADD_CARRY(r1, a5h << 32, r1, carry);
+ MP_ADD_CARRY(r2, a6, r2, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry);
+ r4 = carry; carry = 0;
+ carry = 0;
+ MP_ADD_CARRY(r1, a5h << 32, r1, carry);
+ MP_ADD_CARRY(r2, a6, r2, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry);
+ r4 += carry; carry = 0;
/* sum 2 */
- MP_ADD_CARRY(r1, a6l, r1, 0, carry);
- MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry);
- MP_ADD_CARRY(r3, a7h, r3, carry, carry);
- r4 += carry;
- MP_ADD_CARRY(r1, a6l, r1, 0, carry);
- MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry);
- MP_ADD_CARRY(r3, a7h, r3, carry, carry);
- r4 += carry;
+ carry = 0;
+ MP_ADD_CARRY(r1, a6l, r1, carry);
+ MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
+ MP_ADD_CARRY(r3, a7h, r3, carry);
+ r4 += carry; carry = 0;
+ carry = 0;
+ MP_ADD_CARRY(r1, a6l, r1, carry);
+ MP_ADD_CARRY(r2, a6h | a7l, r2, carry);
+ MP_ADD_CARRY(r3, a7h, r3, carry);
+ r4 += carry; carry = 0;
/* sum 3 */
- MP_ADD_CARRY(r0, a4, r0, 0, carry);
- MP_ADD_CARRY(r1, a5l >> 32, r1, carry, carry);
- MP_ADD_CARRY(r2, 0, r2, carry, carry);
- MP_ADD_CARRY(r3, a7, r3, carry, carry);
- r4 += carry;
+ carry = 0;
+ MP_ADD_CARRY(r0, a4, r0, carry);
+ MP_ADD_CARRY(r1, a5l >> 32, r1, carry);
+ MP_ADD_CARRY(r2, 0, r2, carry);
+ MP_ADD_CARRY(r3, a7, r3, carry);
+ r4 += carry; carry = 0;
/* sum 4 */
- MP_ADD_CARRY(r0, a4h | a5l, r0, 0, carry);
- MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry, carry);
- MP_ADD_CARRY(r2, a7, r2, carry, carry);
- MP_ADD_CARRY(r3, a6h | a4l, r3, carry, carry);
+ carry = 0;
+ MP_ADD_CARRY(r0, a4h | a5l, r0, carry);
+ MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry);
+ MP_ADD_CARRY(r2, a7, r2, carry);
+ MP_ADD_CARRY(r3, a6h | a4l, r3, carry);
r4 += carry;
/* diff 5 */
- MP_SUB_BORROW(r0, a5h | a6l, r0, 0, carry);
- MP_SUB_BORROW(r1, a6h, r1, carry, carry);
- MP_SUB_BORROW(r2, 0, r2, carry, carry);
- MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a5h | a6l, r0, carry);
+ MP_SUB_BORROW(r1, a6h, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry);
r4 -= carry;
/* diff 6 */
- MP_SUB_BORROW(r0, a6, r0, 0, carry);
- MP_SUB_BORROW(r1, a7, r1, carry, carry);
- MP_SUB_BORROW(r2, 0, r2, carry, carry);
- MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a6, r0, carry);
+ MP_SUB_BORROW(r1, a7, r1, carry);
+ MP_SUB_BORROW(r2, 0, r2, carry);
+ MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry);
r4 -= carry;
/* diff 7 */
- MP_SUB_BORROW(r0, a6h|a7l, r0, 0, carry);
- MP_SUB_BORROW(r1, a7h|a4l, r1, carry, carry);
- MP_SUB_BORROW(r2, a4h|a5l, r2, carry, carry);
- MP_SUB_BORROW(r3, a6l, r3, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a6h|a7l, r0, carry);
+ MP_SUB_BORROW(r1, a7h|a4l, r1, carry);
+ MP_SUB_BORROW(r2, a4h|a5l, r2, carry);
+ MP_SUB_BORROW(r3, a6l, r3, carry);
r4 -= carry;
/* diff 8 */
- MP_SUB_BORROW(r0, a7, r0, 0, carry);
- MP_SUB_BORROW(r1, a4h<<32, r1, carry, carry);
- MP_SUB_BORROW(r2, a5, r2, carry, carry);
- MP_SUB_BORROW(r3, a6h<<32, r3, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, a7, r0, carry);
+ MP_SUB_BORROW(r1, a4h<<32, r1, carry);
+ MP_SUB_BORROW(r2, a5, r2, carry);
+ MP_SUB_BORROW(r3, a6h<<32, r3, carry);
r4 -= carry;
/* reduce the overflows */
while (r4 > 0) {
mp_digit r4_long = r4;
mp_digit r4l = (r4_long << 32);
- MP_ADD_CARRY(r0, r4_long, r0, 0, carry);
- MP_ADD_CARRY(r1, 0-r4l, r1, carry, carry);
- MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry, carry);
- MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry, carry);
+ carry = 0;
+ carry = 0;
+ MP_ADD_CARRY(r0, r4_long, r0, carry);
+ MP_ADD_CARRY(r1, 0-r4l, r1, carry);
+ MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry);
+ MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry);
r4 = carry;
}
@@ -299,10 +315,11 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
while (r4 < 0) {
mp_digit r4_long = -r4;
mp_digit r4l = (r4_long << 32);
- MP_SUB_BORROW(r0, r4_long, r0, 0, carry);
- MP_SUB_BORROW(r1, 0-r4l, r1, carry, carry);
- MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry, carry);
- MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry, carry);
+ carry = 0;
+ MP_SUB_BORROW(r0, r4_long, r0, carry);
+ MP_SUB_BORROW(r1, 0-r4l, r1, carry);
+ MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry);
+ MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry);
r4 = 0-carry;
}
diff --git a/lib/freebl/ecl/ecp_521.c b/lib/freebl/ecl/ecp_521.c
index 7eac0f075..f70c2f439 100644
--- a/lib/freebl/ecl/ecp_521.c
+++ b/lib/freebl/ecl/ecp_521.c
@@ -17,7 +17,7 @@ ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
{
mp_err res = MP_OKAY;
int a_bits = mpl_significant_bits(a);
- int i;
+ unsigned int i;
/* m1, m2 are statically-allocated mp_int of exactly the size we need */
mp_int m1;
diff --git a/lib/freebl/ecl/ecp_jac.c b/lib/freebl/ecl/ecp_jac.c
index e31730def..f174b1692 100644
--- a/lib/freebl/ecl/ecp_jac.c
+++ b/lib/freebl/ecl/ecp_jac.c
@@ -387,7 +387,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
mp_int precomp[4][4][2];
mp_int rz;
const mp_int *a, *b;
- int i, j;
+ unsigned int i, j;
int ai, bi, d;
for (i = 0; i < 4; i++) {
@@ -494,7 +494,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px,
MP_CHECKOK(mp_init(&rz));
MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz));
- for (i = d - 1; i >= 0; i--) {
+ for (i = d; i-- > 0;) {
ai = MP_GET_BIT(a, 2 * i + 1);
ai <<= 1;
ai |= MP_GET_BIT(a, 2 * i);
diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c
index c6ace1876..1d9affec2 100644
--- a/lib/freebl/ldvector.c
+++ b/lib/freebl/ldvector.c
@@ -294,12 +294,9 @@ static const struct FREEBLVectorStr vector =
const FREEBLVector *
FREEBL_GetVector(void)
{
- extern const char __nss_freebl_version[];
+#define NSS_VERSION_VARIABLE __nss_freebl_version
+#include "verref.h"
- /* force a reference that won't get optimized away */
- volatile char c;
-
- c = __nss_freebl_version[0];
#ifdef FREEBL_NO_DEPEND
FREEBL_InitStubs();
#endif
diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
index 5eb50de95..9105a6900 100644
--- a/lib/freebl/loader.c
+++ b/lib/freebl/loader.c
@@ -132,7 +132,6 @@ freebl_LoadDSO( void )
handle = loader_LoadLibrary(name);
if (handle) {
PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector");
- PRStatus status;
if (address) {
FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address;
const FREEBLVector * dsoVector = getVector();
@@ -149,8 +148,14 @@ freebl_LoadDSO( void )
}
}
}
- status = PR_UnloadLibrary(handle);
- PORT_Assert(PR_SUCCESS == status);
+#ifdef DEBUG
+ {
+ PRStatus status = PR_UnloadLibrary(blLib);
+ PORT_Assert(PR_SUCCESS == status);
+ }
+#else
+ PR_UnloadLibrary(blLib);
+#endif
}
return PR_FAILURE;
}
@@ -901,8 +906,12 @@ BL_Unload(void)
if (blLib) {
disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
+#ifdef DEBUG
PRStatus status = PR_UnloadLibrary(blLib);
PORT_Assert(PR_SUCCESS == status);
+#else
+ PR_UnloadLibrary(blLib);
+#endif
}
blLib = NULL;
}
diff --git a/lib/freebl/mpi/mpcpucache.c b/lib/freebl/mpi/mpcpucache.c
index 9a4a9d30c..925006110 100644
--- a/lib/freebl/mpi/mpcpucache.c
+++ b/lib/freebl/mpi/mpcpucache.c
@@ -3,6 +3,7 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "mpi.h"
+#include "prtypes.h"
/*
* This file implements a single function: s_mpi_getProcessorLineSize();
@@ -619,35 +620,17 @@ unsigned long
s_mpi_is_sse2()
{
unsigned long eax, ebx, ecx, edx;
- int manufacturer = MAN_UNKNOWN;
- int i;
- char string[13];
if (is386() || is486()) {
return 0;
}
freebl_cpuid(0, &eax, &ebx, &ecx, &edx);
- /* string holds the CPU's manufacturer ID string - a twelve
- * character ASCII string stored in ebx, edx, ecx, and
- * the 32-bit extended feature flags are in edx, ecx.
- */
- *(int *)string = ebx;
- *(int *)&string[4] = (int)edx;
- *(int *)&string[8] = (int)ecx;
- string[12] = 0;
/* has no SSE2 extensions */
if (eax == 0) {
return 0;
}
- for (i=0; i < n_manufacturers; i++) {
- if ( strcmp(manMap[i],string) == 0) {
- manufacturer = i;
- break;
- }
- }
-
freebl_cpuid(1,&eax,&ebx,&ecx,&edx);
return (edx & SSE2_FLAG) == SSE2_FLAG;
}
@@ -657,11 +640,12 @@ unsigned long
s_mpi_getProcessorLineSize()
{
unsigned long eax, ebx, ecx, edx;
+ PRUint32 cpuid[3];
unsigned long cpuidLevel;
unsigned long cacheLineSize = 0;
int manufacturer = MAN_UNKNOWN;
int i;
- char string[65];
+ char string[13];
#if !defined(AMD_64)
if (is386()) {
@@ -678,9 +662,10 @@ s_mpi_getProcessorLineSize()
* character ASCII string stored in ebx, edx, ecx, and
* the 32-bit extended feature flags are in edx, ecx.
*/
- *(int *)string = ebx;
- *(int *)&string[4] = (int)edx;
- *(int *)&string[8] = (int)ecx;
+ cpuid[0] = ebx;
+ cpuid[1] = ecx;
+ cpuid[2] = edx;
+ memcpy(string, cpuid, sizeof(cpuid));
string[12] = 0;
manufacturer = MAN_UNKNOWN;
diff --git a/lib/freebl/mpi/mpi-priv.h b/lib/freebl/mpi/mpi-priv.h
index e81d0fe0e..7a0725f46 100644
--- a/lib/freebl/mpi/mpi-priv.h
+++ b/lib/freebl/mpi/mpi-priv.h
@@ -254,8 +254,10 @@ mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo,
mp_digit divisor, mp_digit *quot, mp_digit *rem);
/* c += a * b * (MP_RADIX ** offset); */
+/* Callers of this macro should be aware that the return type might vary;
+ * it should be treated as a void function. */
#define s_mp_mul_d_add_offset(a, b, c, off) \
-(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY)
+ s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off)
typedef struct {
mp_int N; /* modulus N */
diff --git a/lib/freebl/mpi/mpi.c b/lib/freebl/mpi/mpi.c
index 2a3719b88..43ce83ae6 100644
--- a/lib/freebl/mpi/mpi.c
+++ b/lib/freebl/mpi/mpi.c
@@ -1095,7 +1095,7 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c)
mp_int s, x;
mp_err res;
mp_digit d;
- int dig, bit;
+ unsigned int dig, bit;
ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
@@ -1470,7 +1470,7 @@ mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c
mp_int s, x, mu;
mp_err res;
mp_digit d;
- int dig, bit;
+ unsigned int dig, bit;
ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG);
@@ -2004,7 +2004,7 @@ mp_size mp_trailing_zeros(const mp_int *mp)
{
mp_digit d;
mp_size n = 0;
- int ix;
+ unsigned int ix;
if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp))
return n;
@@ -2916,8 +2916,7 @@ void s_mp_exch(mp_int *a, mp_int *b)
mp_err s_mp_lshd(mp_int *mp, mp_size p)
{
mp_err res;
- mp_size pos;
- int ix;
+ unsigned int ix;
if(p == 0)
return MP_OKAY;
@@ -2928,14 +2927,13 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p)
if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY)
return res;
- pos = USED(mp) - 1;
-
/* Shift all the significant figures over as needed */
- for(ix = pos - p; ix >= 0; ix--)
+ for (ix = USED(mp) - p; ix-- > 0;) {
DIGIT(mp, ix + p) = DIGIT(mp, ix);
+ }
/* Fill the bottom digits with zeroes */
- for(ix = 0; ix < p; ix++)
+ for(ix = 0; (mp_size)ix < p; ix++)
DIGIT(mp, ix) = 0;
return MP_OKAY;
@@ -3046,7 +3044,7 @@ void s_mp_div_2(mp_int *mp)
mp_err s_mp_mul_2(mp_int *mp)
{
mp_digit *pd;
- int ix, used;
+ unsigned int ix, used;
mp_digit kin = 0;
/* Shift digits leftward by 1 bit */
@@ -4672,10 +4670,10 @@ mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len)
/* }}} */
/* {{{ mp_unsigned_octet_size(mp) */
-int
+unsigned int
mp_unsigned_octet_size(const mp_int *mp)
{
- int bytes;
+ unsigned int bytes;
int ix;
mp_digit d = 0;
@@ -4712,12 +4710,12 @@ mp_err
mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
{
int ix, pos = 0;
- int bytes;
+ unsigned int bytes;
ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG);
+ ARGCHK(bytes <= maxlen, MP_BADARG);
/* Iterate over each digit... */
for(ix = USED(mp) - 1; ix >= 0; ix--) {
@@ -4744,12 +4742,12 @@ mp_err
mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen)
{
int ix, pos = 0;
- int bytes;
+ unsigned int bytes;
ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG);
+ ARGCHK(bytes <= maxlen, MP_BADARG);
/* Iterate over each digit... */
for(ix = USED(mp) - 1; ix >= 0; ix--) {
@@ -4784,12 +4782,12 @@ mp_err
mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length)
{
int ix, pos = 0;
- int bytes;
+ unsigned int bytes;
ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG);
bytes = mp_unsigned_octet_size(mp);
- ARGCHK(bytes >= 0 && bytes <= length, MP_BADARG);
+ ARGCHK(bytes <= length, MP_BADARG);
/* place any needed leading zeros */
for (;length > bytes; --length) {
diff --git a/lib/freebl/mpi/mpi.h b/lib/freebl/mpi/mpi.h
index a556c17e9..b1b45d257 100644
--- a/lib/freebl/mpi/mpi.h
+++ b/lib/freebl/mpi/mpi.h
@@ -258,7 +258,7 @@ const char *mp_strerror(mp_err ec);
/* Octet string conversion functions */
mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len);
-int mp_unsigned_octet_size(const mp_int *mp);
+unsigned int mp_unsigned_octet_size(const mp_int *mp);
mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen);
mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen);
mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len);
diff --git a/lib/freebl/mpi/mplogic.c b/lib/freebl/mpi/mplogic.c
index dbec7acfc..df0aad0e1 100644
--- a/lib/freebl/mpi/mplogic.c
+++ b/lib/freebl/mpi/mplogic.c
@@ -403,9 +403,9 @@ mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits)
returns number of significnant bits in abs(a).
returns 1 if value is zero.
*/
-mp_err mpl_significant_bits(const mp_int *a)
+mp_size mpl_significant_bits(const mp_int *a)
{
- mp_err bits = 0;
+ mp_size bits = 0;
int ix;
ARGCHK(a != NULL, MP_BADARG);
diff --git a/lib/freebl/mpi/mplogic.h b/lib/freebl/mpi/mplogic.h
index f45fe3665..e05374a82 100644
--- a/lib/freebl/mpi/mplogic.h
+++ b/lib/freebl/mpi/mplogic.h
@@ -47,6 +47,6 @@ mp_err mpl_parity(mp_int *a); /* determine parity */
mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value);
mp_err mpl_get_bit(const mp_int *a, mp_size bitNum);
mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits);
-mp_err mpl_significant_bits(const mp_int *a);
+mp_size mpl_significant_bits(const mp_int *a);
#endif /* end _H_MPLOGIC_ */
diff --git a/lib/freebl/mpi/mpmontg.c b/lib/freebl/mpi/mpmontg.c
index d619360aa..9667755d0 100644
--- a/lib/freebl/mpi/mpmontg.c
+++ b/lib/freebl/mpi/mpmontg.c
@@ -47,7 +47,7 @@ mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm)
for (i = 0; i < MP_USED(&mmm->N); ++i ) {
mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime;
/* T += N * m_i * (MP_RADIX ** i); */
- MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) );
+ s_mp_mul_d_add_offset(&mmm->N, m_i, T, i);
}
s_mp_clamp(T);
diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c
index f0baf9d2a..9b97fb206 100644
--- a/lib/freebl/mpi/mpprime.c
+++ b/lib/freebl/mpi/mpprime.c
@@ -394,7 +394,7 @@ mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong,
{
mp_digit np;
mp_err res;
- int i = 0;
+ unsigned int i = 0;
mp_int trial;
mp_int q;
mp_size num_tests;
diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c
index e6a634aef..a9ab5b738 100644
--- a/lib/freebl/nsslowhash.c
+++ b/lib/freebl/nsslowhash.c
@@ -285,14 +285,9 @@ static NSSLOWInitContext dummyContext = { 0 };
NSSLOWInitContext *
NSSLOW_Init(void)
{
- SECStatus rv;
CK_RV crv;
#ifdef FREEBL_NO_DEPEND
- PRBool nsprAvailable = PR_FALSE;
-
-
- rv = FREEBL_InitStubs();
- nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE;
+ (void)FREEBL_InitStubs();
#endif
if (post_failed) {
diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
index 56cdd20cc..f79715572 100644
--- a/lib/freebl/pqg.c
+++ b/lib/freebl/pqg.c
@@ -494,7 +494,7 @@ makePrimefromPrimesShaweTaylor(
mp_int * q, /* sub prime, can be 1 */
mp_int * prime, /* output. */
SECItem * prime_seed, /* input/output. */
- int * prime_gen_counter) /* input/output. */
+ unsigned int *prime_gen_counter) /* input/output. */
{
mp_int c;
mp_int c0_2;
@@ -727,7 +727,7 @@ makePrimefromSeedShaweTaylor(
const SECItem * input_seed, /* input. */
mp_int * prime, /* output. */
SECItem * prime_seed, /* output. */
- int * prime_gen_counter) /* output. */
+ unsigned int *prime_gen_counter) /* output. */
{
mp_int c;
mp_int c0;
@@ -882,7 +882,7 @@ findQfromSeed(
const SECItem * seed, /* input. */
mp_int * Q, /* input. */
mp_int * Q_, /* output. */
- int * qseed_len, /* output */
+ unsigned int *qseed_len, /* output */
HASH_HashType *hashtypePtr, /* output. Hash uses */
pqgGenType *typePtr) /* output. Generation Type used */
{
@@ -937,7 +937,7 @@ const SECItem * seed, /* input. */
firstseed.len = seed->len/3;
for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL;
hashtype=getNextHash(hashtype)) {
- int count;
+ unsigned int count;
rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_,
&qseed, &count);
@@ -1229,7 +1229,6 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy)
{
unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
- unsigned int b; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/
unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
@@ -1309,8 +1308,7 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
/* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
n = (L - 1) / outlen;
- /* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */
- b = (L - 1) % outlen;
+ /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */
seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */
step_5:
/* ******************************************************************
@@ -1348,7 +1346,7 @@ step_5:
CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) );
} else {
/* FIPS186_3_ST_TYPE */
- int qgen_counter, pgen_counter;
+ unsigned int qgen_counter, pgen_counter;
/* Step 1 (L,N) already checked for acceptability */
@@ -1589,7 +1587,7 @@ PQG_VerifyParams(const PQGParams *params,
mp_err err = MP_OKAY;
int j;
unsigned int counter_max = 0; /* handle legacy L < 1024 */
- int qseed_len;
+ unsigned int qseed_len;
SECItem pseed_ = {0, 0, 0};
HASH_HashType hashtype;
pqgGenType type;
@@ -1682,8 +1680,8 @@ PQG_VerifyParams(const PQGParams *params,
if (type == FIPS186_3_ST_TYPE) {
SECItem qseed = { 0, 0, 0 };
SECItem pseed = { 0, 0, 0 };
- int first_seed_len;
- int pgen_counter = 0;
+ unsigned int first_seed_len;
+ unsigned int pgen_counter = 0;
/* extract pseed and qseed from domain_parameter_seed, which is
* first_seed || pseed || qseed. qseed is first_seed + small_integer
diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c
index 498cc96bc..f885acc44 100644
--- a/lib/freebl/rsa.c
+++ b/lib/freebl/rsa.c
@@ -248,7 +248,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
PLArenaPool *arena = NULL;
/* Require key size to be a multiple of 16 bits. */
if (!publicExponent || keySizeInBits % 16 != 0 ||
- BAD_RSA_KEY_SIZE(keySizeInBits/8, publicExponent->len)) {
+ BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits/8, publicExponent->len)) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
diff --git a/lib/freebl/sha512.c b/lib/freebl/sha512.c
index 0e6baa87f..718e6e3db 100644
--- a/lib/freebl/sha512.c
+++ b/lib/freebl/sha512.c
@@ -928,10 +928,14 @@ SHA512_Compress(SHA512Context *ctx)
#if defined(IS_LITTLE_ENDIAN)
{
#if defined(HAVE_LONG_LONG)
+#if defined(SHA_MASK16)
PRUint64 t1;
+#endif
#else
+#if defined(SHA4MASK)
PRUint32 t1;
#endif
+#endif
BYTESWAP8(W[0]);
BYTESWAP8(W[1]);
BYTESWAP8(W[2]);
@@ -1223,11 +1227,15 @@ SHA512_End(SHA512Context *ctx, unsigned char *digest,
{
#if defined(HAVE_LONG_LONG)
unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
+#if defined(SHA_MASK16)
PRUint64 t1;
+#endif
#else
unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
+#if defined(SHA4MASK)
PRUint32 t1;
#endif
+#endif
unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
PRUint64 lo;
LL_SHL(lo, ctx->sizeLo, 3);
@@ -1269,10 +1277,14 @@ SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest,
unsigned int *digestLen, unsigned int maxDigestLen)
{
#if defined(HAVE_LONG_LONG)
+#if defined(SHA_MASK16)
PRUint64 t1;
+#endif
#else
+#if defined(SHA4MASK)
PRUint32 t1;
#endif
+#endif
PRUint64 h[8];
unsigned int len;
diff --git a/lib/freebl/sha_fast.c b/lib/freebl/sha_fast.c
index b826cf93a..290194953 100644
--- a/lib/freebl/sha_fast.c
+++ b/lib/freebl/sha_fast.c
@@ -148,7 +148,6 @@ SHA1_End(SHA1Context *ctx, unsigned char *hashout,
{
register PRUint64 size;
register PRUint32 lenB;
- PRUint32 tmpbuf[5];
static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
@@ -188,7 +187,6 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout,
#if defined(SHA_NEED_TMP_VARIABLE)
register PRUint32 tmp;
#endif
- PRUint32 tmpbuf[5];
PORT_Assert (maxDigestLen >= SHA1_LENGTH);
SHA_STORE_RESULT;
diff --git a/lib/jar/jarfile.c b/lib/jar/jarfile.c
index a604f19cd..3346dbec0 100644
--- a/lib/jar/jarfile.c
+++ b/lib/jar/jarfile.c
@@ -36,11 +36,12 @@ jar_inflate_memory(unsigned int method, long *length, long expected_out_len,
char **data);
static int
-jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length);
+jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset,
+ unsigned long length);
static int
-jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length,
- unsigned int method);
+jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset,
+ unsigned long length, unsigned int method);
static int
jar_verify_extract(JAR *jar, char *path, char *physical_path);
@@ -74,6 +75,10 @@ static int
dostime(char *time, const char *s);
#ifdef NSS_X86_OR_X64
+/* The following macros throw up warnings. */
+#ifdef __GNUC__
+#pragma GCC diagnostic ignored "-Wstrict-aliasing"
+#endif
#define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii)))
#define x86LongToUint32(ii) (*(const PRUint32 *)(ii))
#else
@@ -241,7 +246,8 @@ JAR_extract(JAR *jar, char *path, char *outpath)
#define CHUNK 32768
static int
-jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length)
+jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset,
+ unsigned long length)
{
JAR_FILE out;
char *buffer = (char *)PORT_ZAlloc(CHUNK);
@@ -251,7 +257,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length)
return JAR_ERR_MEMORY;
if ((out = JAR_FOPEN (outpath, "wb")) != NULL) {
- long at = 0;
+ unsigned long at = 0;
JAR_FSEEK (fp, offset, (PRSeekWhence)0);
while (at < length) {
@@ -289,7 +295,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length)
#define OCHUNK 32768
static int
-jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length,
+jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned long length,
unsigned int method)
{
char *inbuf, *outbuf;
@@ -315,11 +321,11 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length,
}
if ((out = JAR_FOPEN (outpath, "wb")) != NULL) {
- long at = 0;
+ unsigned long at = 0;
JAR_FSEEK (fp, offset, (PRSeekWhence)0);
while (at < length) {
- long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at;
+ unsigned long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at;
unsigned long tin;
if (JAR_FREAD (fp, inbuf, chunk) != chunk) {
@@ -353,7 +359,7 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length,
return JAR_ERR_CORRUPT;
}
ochunk = zs.total_out - prev_total;
- if (JAR_FWRITE (out, outbuf, ochunk) < ochunk) {
+ if (JAR_FWRITE (out, outbuf, ochunk) < (long)ochunk) {
/* most likely a disk full error */
status = JAR_ERR_DISK;
break;
@@ -820,8 +826,7 @@ jar_listtar(JAR *jar, JAR_FILE fp)
char *s;
JAR_Physical *phy;
long pos = 0L;
- long sz, mode;
- time_t when;
+ long sz;
union TarEntry tarball;
while (1) {
@@ -833,9 +838,7 @@ jar_listtar(JAR *jar, JAR_FILE fp)
if (!*tarball.val.filename)
break;
- when = octalToLong (tarball.val.time);
sz = octalToLong (tarball.val.size);
- mode = octalToLong (tarball.val.mode);
/* Tag the end of filename */
s = tarball.val.filename;
diff --git a/lib/jar/jarsign.c b/lib/jar/jarsign.c
index 9d05d9b5b..f0299b1ce 100644
--- a/lib/jar/jarsign.c
+++ b/lib/jar/jarsign.c
@@ -171,7 +171,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert,
{
SEC_PKCS7ContentInfo *cinfo;
const SECHashObject *hashObj;
- char *errstring;
void *mw = NULL;
void *hashcx;
unsigned int len;
@@ -231,7 +230,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert,
status = PORT_GetError();
SEC_PKCS7DestroyContentInfo (cinfo);
if (rv != SECSuccess) {
- errstring = JAR_get_error (status);
return ((status < 0) ? status : JAR_ERR_GENERAL);
}
return 0;
diff --git a/lib/libpkix/include/pkix_certstore.h b/lib/libpkix/include/pkix_certstore.h
index 2feb3334d..fb705644e 100755
--- a/lib/libpkix/include/pkix_certstore.h
+++ b/lib/libpkix/include/pkix_certstore.h
@@ -10,6 +10,7 @@
#define _PKIX_CERTSTORE_H
#include "pkixt.h"
+#include "certt.h"
#ifdef __cplusplus
extern "C" {
@@ -327,7 +328,7 @@ typedef PKIX_Error *
PKIX_PL_Cert *issuer,
PKIX_PL_Date *date,
PKIX_Boolean crlDownloadDone,
- PKIX_UInt32 *reasonCode,
+ CERTCRLEntryReasonCode *reasonCode,
PKIX_RevocationStatus *revStatus,
void *plContext);
diff --git a/lib/libpkix/pkix/checker/pkix_crlchecker.c b/lib/libpkix/pkix/checker/pkix_crlchecker.c
index c77ac8ef1..d6f5b6bcc 100644
--- a/lib/libpkix/pkix/checker/pkix_crlchecker.c
+++ b/lib/libpkix/pkix/checker/pkix_crlchecker.c
@@ -195,7 +195,7 @@ pkix_CrlChecker_CheckLocal(
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
+ CERTCRLEntryReasonCode *pReasonCode,
void *plContext)
{
PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn;
@@ -294,7 +294,7 @@ pkix_CrlChecker_CheckExternal(
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
+ CERTCRLEntryReasonCode *pReasonCode,
void **pNBIOContext,
void *plContext)
{
diff --git a/lib/libpkix/pkix/checker/pkix_crlchecker.h b/lib/libpkix/pkix/checker/pkix_crlchecker.h
index d7213aadb..35f1a4745 100644
--- a/lib/libpkix/pkix/checker/pkix_crlchecker.h
+++ b/lib/libpkix/pkix/checker/pkix_crlchecker.h
@@ -31,7 +31,7 @@ pkix_CrlChecker_CheckLocal(
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
+ CERTCRLEntryReasonCode *reasonCode,
void *plContext);
PKIX_Error *
@@ -43,7 +43,7 @@ pkix_CrlChecker_CheckExternal(
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
+ CERTCRLEntryReasonCode *reasonCode,
void **pNBIOContext,
void *plContext);
diff --git a/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/lib/libpkix/pkix/checker/pkix_ocspchecker.c
index 481aa52b5..b6fca9a35 100644
--- a/lib/libpkix/pkix/checker/pkix_ocspchecker.c
+++ b/lib/libpkix/pkix/checker/pkix_ocspchecker.c
@@ -147,7 +147,7 @@ pkix_OcspChecker_CheckLocal(
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
+ CERTCRLEntryReasonCode *pReasonCode,
void *plContext)
{
PKIX_PL_OcspCertID *cid = NULL;
@@ -222,7 +222,7 @@ pkix_OcspChecker_CheckExternal(
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *pReasonCode,
+ CERTCRLEntryReasonCode *pReasonCode,
void **pNBIOContext,
void *plContext)
{
diff --git a/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/lib/libpkix/pkix/checker/pkix_ocspchecker.h
index 547b403b4..fbec315f9 100644
--- a/lib/libpkix/pkix/checker/pkix_ocspchecker.h
+++ b/lib/libpkix/pkix/checker/pkix_ocspchecker.h
@@ -30,7 +30,7 @@ pkix_OcspChecker_CheckLocal(
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
+ CERTCRLEntryReasonCode *reasonCode,
void *plContext);
PKIX_Error *
@@ -42,7 +42,7 @@ pkix_OcspChecker_CheckExternal(
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
+ CERTCRLEntryReasonCode *reasonCode,
void **pNBIOContext,
void *plContext);
diff --git a/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/lib/libpkix/pkix/checker/pkix_revocationchecker.c
index ebe37739f..7bed9b886 100755
--- a/lib/libpkix/pkix/checker/pkix_revocationchecker.c
+++ b/lib/libpkix/pkix/checker/pkix_revocationchecker.c
@@ -349,7 +349,7 @@ PKIX_RevocationChecker_Check(
* first we are going to test all local(cached) info
* second, all remote info(fetching) */
for (tries = 0;tries < 2;tries++) {
- int methodNum = 0;
+ unsigned int methodNum = 0;
for (;methodNum < revList->length;methodNum++) {
PKIX_UInt32 methodFlags = 0;
@@ -372,7 +372,8 @@ PKIX_RevocationChecker_Check(
methodFlags,
chainVerificationState,
&revStatus,
- pReasonCode, plContext),
+ (CERTCRLEntryReasonCode *)pReasonCode,
+ plContext),
PKIX_REVCHECKERCHECKFAILED);
methodStatus[methodNum] = revStatus;
if (revStatus == PKIX_RevStatus_Revoked) {
@@ -397,7 +398,8 @@ PKIX_RevocationChecker_Check(
(*method->externalRevChecker)(cert, issuer, date,
method,
procParams, methodFlags,
- &revStatus, pReasonCode,
+ &revStatus,
+ (CERTCRLEntryReasonCode *)pReasonCode,
&nbioContext, plContext),
PKIX_REVCHECKERCHECKFAILED);
methodStatus[methodNum] = revStatus;
diff --git a/lib/libpkix/pkix/checker/pkix_revocationchecker.h b/lib/libpkix/pkix/checker/pkix_revocationchecker.h
index 80d9eeaa2..20dfe3778 100755
--- a/lib/libpkix/pkix/checker/pkix_revocationchecker.h
+++ b/lib/libpkix/pkix/checker/pkix_revocationchecker.h
@@ -12,6 +12,7 @@
#define _PKIX_REVOCATIONCHECKER_H
#include "pkixt.h"
+#include "certt.h"
#ifdef __cplusplus
extern "C" {
diff --git a/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/lib/libpkix/pkix/checker/pkix_revocationmethod.h
index 193223731..a97c7620a 100644
--- a/lib/libpkix/pkix/checker/pkix_revocationmethod.h
+++ b/lib/libpkix/pkix/checker/pkix_revocationmethod.h
@@ -31,7 +31,7 @@ pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
PKIX_UInt32 methodFlags,
PKIX_Boolean chainVerificationState,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
+ CERTCRLEntryReasonCode *reasonCode,
void *plContext);
/* External revocation check function prototype definition.
@@ -44,7 +44,7 @@ pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer,
PKIX_ProcessingParams *procParams,
PKIX_UInt32 methodFlags,
PKIX_RevocationStatus *pRevStatus,
- PKIX_UInt32 *reasonCode,
+ CERTCRLEntryReasonCode *reasonCode,
void **pNBIOContext, void *plContext);
/* Revocation method structure assosiates revocation types with
diff --git a/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/lib/libpkix/pkix/crlsel/pkix_crlselector.c
index 9967af9b8..e9a9c03df 100755
--- a/lib/libpkix/pkix/crlsel/pkix_crlselector.c
+++ b/lib/libpkix/pkix/crlsel/pkix_crlselector.c
@@ -190,7 +190,7 @@ pkix_CRLSelector_Hashcode(
PKIX_HASHCODE(crlSelector->context, &contextHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
- hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback +
+ hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) +
(contextHash << 3)) + paramsHash;
*pHashcode = hash;
diff --git a/lib/libpkix/pkix/results/pkix_policynode.c b/lib/libpkix/pkix/results/pkix_policynode.c
index 91d8a74b6..fd8cee982 100755
--- a/lib/libpkix/pkix/results/pkix_policynode.c
+++ b/lib/libpkix/pkix/results/pkix_policynode.c
@@ -824,7 +824,7 @@ pkix_PolicyNode_Hashcode(
(node, &nodeHash, plContext),
PKIX_SINGLEPOLICYNODEHASHCODEFAILED);
- nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent);
+ nodeHash = 31*nodeHash + (PKIX_UInt32)((char *)node->parent - (char *)NULL);
PKIX_HASHCODE
(node->children,
diff --git a/lib/libpkix/pkix/store/pkix_store.c b/lib/libpkix/pkix/store/pkix_store.c
index 31c21ea16..af8be2bb2 100755
--- a/lib/libpkix/pkix/store/pkix_store.c
+++ b/lib/libpkix/pkix/store/pkix_store.c
@@ -74,11 +74,11 @@ pkix_CertStore_Hashcode(
PKIX_CERTSTOREHASHCODEFAILED);
}
- *pHashcode = (PKIX_UInt32) certStore->certCallback +
- (PKIX_UInt32) certStore->crlCallback +
- (PKIX_UInt32) certStore->certContinue +
- (PKIX_UInt32) certStore->crlContinue +
- (PKIX_UInt32) certStore->trustCallback +
+ *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) +
+ (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) +
+ (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) +
+ (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) +
+ (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) +
(tempHash << 7);
cleanup:
diff --git a/lib/libpkix/pkix/top/pkix_build.c b/lib/libpkix/pkix/top/pkix_build.c
index 9ca307e43..94515785b 100755
--- a/lib/libpkix/pkix/top/pkix_build.c
+++ b/lib/libpkix/pkix/top/pkix_build.c
@@ -1526,7 +1526,7 @@ pkix_Build_SelectCertsFromTrustAnchors(
PKIX_List **pMatchList,
void *plContext)
{
- int anchorIndex = 0;
+ unsigned int anchorIndex = 0;
PKIX_TrustAnchor *anchor = NULL;
PKIX_PL_Cert *trustedCert = NULL;
PKIX_List *matchList = NULL;
diff --git a/lib/libpkix/pkix/util/pkix_error.c b/lib/libpkix/pkix/util/pkix_error.c
index e6fba866a..9d730ca16 100755
--- a/lib/libpkix/pkix/util/pkix_error.c
+++ b/lib/libpkix/pkix/util/pkix_error.c
@@ -325,7 +325,7 @@ pkix_Error_Hashcode(
/* XXX Unimplemented */
/* XXX Need to make hashcodes equal when two errors are equal */
- *pResult = (PKIX_UInt32)object;
+ *pResult = (PKIX_UInt32)((char *)object - (char *)NULL);
PKIX_RETURN(ERROR);
}
diff --git a/lib/libpkix/pkix/util/pkix_logger.c b/lib/libpkix/pkix/util/pkix_logger.c
index cfd870def..a916e6e4f 100644
--- a/lib/libpkix/pkix/util/pkix_logger.c
+++ b/lib/libpkix/pkix/util/pkix_logger.c
@@ -492,7 +492,7 @@ pkix_Logger_Hashcode(
PKIX_HASHCODE(logger->context, &tempHash, plContext,
PKIX_OBJECTHASHCODEFAILED);
- hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) +
+ hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) +
logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent;
*pHashcode = hash;
diff --git a/lib/libpkix/pkix/util/pkix_tools.h b/lib/libpkix/pkix/util/pkix_tools.h
index fe6ce6346..1a4689da7 100755
--- a/lib/libpkix/pkix/util/pkix_tools.h
+++ b/lib/libpkix/pkix/util/pkix_tools.h
@@ -1437,8 +1437,8 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key);
typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry;
struct pkix_ClassTable_EntryStruct {
char *description;
- PKIX_Int32 objCounter;
- PKIX_Int32 typeObjectSize;
+ PKIX_UInt32 objCounter;
+ PKIX_UInt32 typeObjectSize;
PKIX_PL_DestructorCallback destructor;
PKIX_PL_EqualsCallback equalsFunction;
PKIX_PL_HashcodeCallback hashcodeFunction;
diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
index d459a4a7b..9954f0ca6 100644
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c
@@ -265,7 +265,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete(
contentLength = /* Try to reserve 4K+ buffer */
client->filledupBytes + HTTP_DATA_BUFSIZE;
if (client->maxResponseLen > 0 &&
- contentLength > client->maxResponseLen) {
+ contentLength > (PKIX_Int32)client->maxResponseLen) {
if (client->filledupBytes < client->maxResponseLen) {
contentLength = client->maxResponseLen;
} else {
@@ -282,7 +282,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete(
default:
client->rcv_http_data_len = contentLength;
if (client->maxResponseLen > 0 &&
- client->maxResponseLen < contentLength) {
+ (PKIX_Int32)client->maxResponseLen < contentLength) {
client->connectStatus = HTTP_ERROR;
goto cleanup;
}
@@ -290,7 +290,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete(
/*
* Do we have all of the message body, or do we need to read some more?
*/
- if (client->filledupBytes < contentLength) {
+ if ((PKIX_Int32)client->filledupBytes < contentLength) {
client->connectStatus = HTTP_RECV_BODY;
*pKeepGoing = PKIX_TRUE;
} else {
@@ -935,7 +935,7 @@ pkix_pl_HttpDefaultClient_RecvBody(
* plus remaining capacity, plus new expansion. */
int currBuffSize = client->capacity;
/* Try to increase the buffer by 4K */
- int newLength = currBuffSize + HTTP_DATA_BUFSIZE;
+ unsigned int newLength = currBuffSize + HTTP_DATA_BUFSIZE;
if (client->maxResponseLen > 0 &&
newLength > client->maxResponseLen) {
newLength = client->maxResponseLen;
@@ -1480,8 +1480,6 @@ pkix_pl_HttpDefaultClient_Cancel(
SEC_HTTP_REQUEST_SESSION request,
void *plContext)
{
- PKIX_PL_HttpDefaultClient *client = NULL;
-
PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel");
PKIX_NULLCHECK_ONE(request);
@@ -1491,8 +1489,6 @@ pkix_pl_HttpDefaultClient_Cancel(
plContext),
PKIX_REQUESTNOTANHTTPDEFAULTCLIENT);
- client = (PKIX_PL_HttpDefaultClient *)request;
-
/* XXX Not implemented */
cleanup:
diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
index 51ffce97c..4546e339a 100644
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c
@@ -263,16 +263,12 @@ pkix_pl_LdapRequest_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
- PKIX_PL_LdapRequest *ldapRq = NULL;
-
PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy");
PKIX_NULLCHECK_ONE(object);
PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext),
PKIX_OBJECTNOTLDAPREQUEST);
- ldapRq = (PKIX_PL_LdapRequest *)object;
-
/*
* All dynamic fields in an LDAPRequest are allocated
* in an arena, and will be freed when the arena is destroyed.
diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
index 078862c8b..7de614ea6 100755
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
@@ -379,14 +379,12 @@ NameCacheHasFetchedCrlInfo(PKIX_PL_Cert *pkixCert,
PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE;
PKIX_List *dpList = NULL;
pkix_pl_CrlDp *dp = NULL;
- CERTCertificate *cert;
PKIX_UInt32 dpIndex = 0;
SECStatus rv = SECSuccess;
PRTime reloadDelay = 0, badCrlInvalDelay = 0;
PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl");
- cert = pkixCert->nssCert;
reloadDelay =
((PKIX_PL_NssContext*)plContext)->crlReloadDelay *
PR_USEC_PER_SEC;
@@ -480,7 +478,7 @@ pkix_pl_Pk11CertStore_CheckRevByCrl(
PKIX_PL_Cert *pkixIssuer,
PKIX_PL_Date *date,
PKIX_Boolean crlDownloadDone,
- PKIX_UInt32 *pReasonCode,
+ CERTCRLEntryReasonCode *pReasonCode,
PKIX_RevocationStatus *pStatus,
void *plContext)
{
@@ -675,7 +673,7 @@ RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date,
{
NamedCRLCache* nameCrlCache = NULL;
pkix_pl_CrlDp *dp = NULL;
- int dpIndex = 0;
+ unsigned int dpIndex = 0;
PRTime time;
PRTime reloadDelay = 0, badCrlInvalDelay = 0;
SECStatus rv;
@@ -779,7 +777,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
SECItem *derCrlCopy = NULL;
CERTSignedCrl *nssCrl = NULL;
CERTGeneralName *genName = NULL;
- PKIX_Int32 savedError = -1;
SECItem **derGenNames = NULL;
SECItem *derGenName = NULL;
@@ -799,13 +796,11 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
if (!derGenName ||
!genName->name.other.data) {
/* get to next name if no data. */
- savedError = PKIX_UNSUPPORTEDCRLDPTYPE;
break;
}
uri = &genName->name.other;
location = (char*)PR_Malloc(1 + uri->len);
if (!location) {
- savedError = PKIX_ALLOCERROR;
break;
}
PORT_Memcpy(location, uri->data, uri->len);
@@ -813,7 +808,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
if (CERT_ParseURL(location, &hostname,
&port, &path) != SECSuccess) {
PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL);
- savedError = PKIX_URLPARSINGFAILED;
break;
}
@@ -823,7 +817,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
if ((*hcv1->createSessionFcn)(hostname, port,
&pServerSession) != SECSuccess) {
PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL);
- savedError = PKIX_URLPARSINGFAILED;
break;
}
@@ -835,7 +828,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
PR_SecondsToInterval(
((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
&pRequestSession) != SECSuccess) {
- savedError = PKIX_HTTPSERVERERROR;
break;
}
@@ -858,12 +850,10 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl,
NULL,
&myHttpResponseData,
&myHttpResponseDataLen) != SECSuccess) {
- savedError = PKIX_HTTPSERVERERROR;
break;
}
if (myHttpResponseCode != 200) {
- savedError = PKIX_HTTPSERVERERROR;
break;
}
} while(0);
diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
index 2afd680c6..540a36033 100644
--- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
+++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
@@ -62,7 +62,11 @@ static PKIX_Boolean socketTraceFlag = PKIX_FALSE;
static void pkix_pl_socket_timestamp() {
PRInt64 prTime;
prTime = PR_Now();
+#if PR_BYTES_PER_LONG == 8
+ printf("%ld:\n", prTime);
+#else
printf("%lld:\n", prTime);
+#endif
}
/*
@@ -140,7 +144,7 @@ static void pkix_pl_socket_linePrefix(PKIX_UInt32 addr) {
*/
static void pkix_pl_socket_traceLine(char *ptr) {
PKIX_UInt32 i = 0;
- pkix_pl_socket_linePrefix((PKIX_UInt32)ptr);
+ pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL));
for (i = 0; i < 16; i++) {
printf(" ");
pkix_pl_socket_hexDigit(ptr[i]);
@@ -184,7 +188,7 @@ static void pkix_pl_socket_traceLine(char *ptr) {
static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) {
PKIX_UInt32 i = 0;
if (nBytes > 0) {
- pkix_pl_socket_linePrefix((PKIX_UInt32)ptr);
+ pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL));
}
for (i = 0; i < nBytes; i++) {
printf(" ");
@@ -243,7 +247,7 @@ void pkix_pl_socket_tracebuff(void *buf, PKIX_UInt32 nBytes) {
* Special case: if called with length of zero, just do address
*/
if (nBytes == 0) {
- pkix_pl_socket_linePrefix((PKIX_UInt32)buf);
+ pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)buf - (char *)NULL));
printf("\n");
} else {
while (bytesRemaining >= 16) {
diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
index 2036f5c9f..fa8f1851e 100644
--- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c
@@ -1515,7 +1515,6 @@ PKIX_PL_Cert_Create(
SECItem *derCertItem = NULL;
void *derBytes = NULL;
PKIX_UInt32 derLength;
- PKIX_Boolean copyDER;
PKIX_PL_Cert *cert = NULL;
CERTCertDBHandle *handle;
@@ -1542,7 +1541,6 @@ PKIX_PL_Cert_Create(
* allowing us to free our copy without worrying about whether NSS
* is still using it
*/
- copyDER = PKIX_TRUE;
handle = CERT_GetDefaultCertDB();
nssCert = CERT_NewTempCertificate(handle, derCertItem,
/* nickname */ NULL,
diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
index 0f6d78333..b83db357a 100644
--- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
+++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c
@@ -351,7 +351,7 @@ pkix_pl_CRL_ToString_Helper(
void *plContext)
{
char *asciiFormat = NULL;
- PKIX_UInt32 crlVersion;
+ PKIX_UInt32 crlVersion = 0;
PKIX_PL_X500Name *crlIssuer = NULL;
PKIX_PL_OID *nssSignatureAlgId = NULL;
PKIX_PL_BigInt *crlNumber = NULL;
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
index 6bc74b611..338eb1c01 100755
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c
@@ -73,7 +73,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable)
PKIX_UInt32
pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable)
{
- int typeCounter = 0;
+ unsigned int typeCounter = 0;
PKIX_UInt32 numObjects = 0;
char classNameBuff[128];
char *className = NULL;
@@ -245,7 +245,9 @@ cleanup:
PKIX_Error *
PKIX_PL_Shutdown(void *plContext)
{
+#ifdef DEBUG
PKIX_UInt32 numLeakedObjects = 0;
+#endif
PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown");
@@ -258,10 +260,14 @@ PKIX_PL_Shutdown(void *plContext)
pkix_pl_HttpCertStore_Shutdown(plContext);
+#ifdef DEBUG
numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL);
if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) {
PORT_Assert(numLeakedObjects == 0);
}
+#else
+ pkix_pl_lifecycle_ObjectLeakCheck(NULL);
+#endif
if (plContext != NULL) {
PKIX_PL_NssContext_Destroy(plContext);
diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
index 881a1ed54..9a33fd5e5 100755
--- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
+++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
@@ -371,7 +371,7 @@ pkix_pl_Object_Hashcode_Default(
PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default");
PKIX_NULLCHECK_TWO(object, pValue);
- *pValue = (PKIX_UInt32)object;
+ *pValue = (PKIX_UInt32)((char *)object - (char *)NULL);
PKIX_RETURN(OBJECT);
}
diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c
index 3966c35e2..b22f9151e 100644
--- a/lib/nss/nssinit.c
+++ b/lib/nss/nssinit.c
@@ -491,10 +491,6 @@ struct NSSInitContextStr {
#define NSS_INIT_MAGIC 0x1413A91C
static SECStatus nss_InitShutdownList(void);
-#ifdef DEBUG
-static CERTCertificate dummyCert;
-#endif
-
/* All initialized to zero in BSS */
static PRCallOnceType nssInitOnce;
static PZLock *nssInitLock;
@@ -571,8 +567,11 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
* functions */
if (!isReallyInitted) {
+#ifdef DEBUG
+ CERTCertificate dummyCert;
/* New option bits must not change the size of CERTCertificate. */
PORT_Assert(sizeof(dummyCert.options) == sizeof(void *));
+#endif
if (SECSuccess != cert_InitLocks()) {
goto loser;
@@ -1246,9 +1245,8 @@ NSS_VersionCheck(const char *importedVersion)
*/
int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0;
const char *ptr = importedVersion;
- volatile char c; /* force a reference that won't get optimized away */
-
- c = __nss_base_version[0];
+#define NSS_VERSION_VARIABLE __nss_base_version
+#include "verref.h"
while (isdigit(*ptr)) {
vmajor = 10 * vmajor + *ptr - '0';
diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
index 1bf8a7f50..d2a753001 100644
--- a/lib/pk11wrap/pk11cert.c
+++ b/lib/pk11wrap/pk11cert.c
@@ -228,7 +228,6 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
nssPKIObject *pkio;
NSSToken *token;
NSSTrustDomain *td = STAN_GetDefaultTrustDomain();
- PRStatus status;
/* Get the cryptoki object from the handle */
token = PK11Slot_GetNSSToken(slot);
@@ -278,7 +277,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
* different NSSCertificate that it found in the cache.
* Presumably, the nickname which we just output above remains valid. :)
*/
- status = nssTrustDomain_AddCertsToCache(td, &c, 1);
+ (void)nssTrustDomain_AddCertsToCache(td, &c, 1);
return STAN_GetCERTCertificateOrRelease(c);
}
@@ -2005,7 +2004,6 @@ SECStatus
PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot,
SECStatus(* callback)(CERTCertificate*, void *), void *arg)
{
- struct nss3_cert_cbstr pk11cb;
PRStatus nssrv = PR_SUCCESS;
NSSToken *token;
NSSTrustDomain *td;
@@ -2016,8 +2014,6 @@ PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot,
NSSCertificate **certs;
nssList *nameList = NULL;
nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
- pk11cb.callback = callback;
- pk11cb.arg = arg;
token = PK11Slot_GetNSSToken(slot);
if (!nssToken_IsPresent(token)) {
return SECSuccess;
@@ -2700,7 +2696,8 @@ __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname)
{
/* Can't set nickname of temp cert. */
if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) {
- return SEC_ERROR_INVALID_ARGS;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname);
}
diff --git a/lib/pk11wrap/pk11load.c b/lib/pk11wrap/pk11load.c
index 6700180ad..e3ba1226e 100644
--- a/lib/pk11wrap/pk11load.c
+++ b/lib/pk11wrap/pk11load.c
@@ -589,8 +589,12 @@ SECMOD_UnloadModule(SECMODModule *mod) {
if (softokenLib) {
disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD");
if (!disableUnload) {
+#ifdef DEBUG
PRStatus status = PR_UnloadLibrary(softokenLib);
PORT_Assert(PR_SUCCESS == status);
+#else
+ PR_UnloadLibrary(softokenLib);
+#endif
}
softokenLib = NULL;
}
diff --git a/lib/pk11wrap/pk11merge.c b/lib/pk11wrap/pk11merge.c
index ad9b1fda6..187e2e1f6 100644
--- a/lib/pk11wrap/pk11merge.c
+++ b/lib/pk11wrap/pk11merge.c
@@ -750,8 +750,7 @@ pk11_mergeCert(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
CK_ATTRIBUTE sourceCKAID = {CKA_ID, NULL, 0};
CK_ATTRIBUTE targetCKAID = {CKA_ID, NULL, 0};
SECStatus lrv = SECSuccess;
- int error;
-
+ int error = SEC_ERROR_LIBRARY_FAILURE;
sourceCert = PK11_MakeCertFromHandle(sourceSlot, id, NULL);
if (sourceCert == NULL) {
diff --git a/lib/pk11wrap/pk11obj.c b/lib/pk11wrap/pk11obj.c
index 708029481..e09d22768 100644
--- a/lib/pk11wrap/pk11obj.c
+++ b/lib/pk11wrap/pk11obj.c
@@ -1781,7 +1781,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID,
int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]);
/* if you change the array, change the variable below as well */
CK_OBJECT_HANDLE peerID;
- CK_OBJECT_HANDLE parent;
PLArenaPool *arena;
CK_RV crv;
@@ -1810,7 +1809,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID,
/*
* issue the find
*/
- parent = *(CK_OBJECT_CLASS *)(keyclass->pValue);
*(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass;
peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize);
diff --git a/lib/pk11wrap/pk11pk12.c b/lib/pk11wrap/pk11pk12.c
index 471e57b33..2152a41e7 100644
--- a/lib/pk11wrap/pk11pk12.c
+++ b/lib/pk11wrap/pk11pk12.c
@@ -422,7 +422,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
PRBool isPerm, PRBool isPrivate, unsigned int keyUsage,
SECKEYPrivateKey **privk, void *wincx)
{
- CK_KEY_TYPE keyType = CKK_RSA;
SECStatus rv = SECFailure;
SECKEYRawPrivateKey *lpk = NULL;
const SEC_ASN1Template *keyTemplate, *paramTemplate;
@@ -449,7 +448,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
paramTemplate = NULL;
paramDest = NULL;
lpk->keyType = rsaKey;
- keyType = CKK_RSA;
break;
case SEC_OID_ANSIX9_DSA_SIGNATURE:
prepare_dsa_priv_key_export_for_asn1(lpk);
@@ -457,7 +455,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
paramTemplate = SECKEY_PQGParamsTemplate;
paramDest = &(lpk->u.dsa.params);
lpk->keyType = dsaKey;
- keyType = CKK_DSA;
break;
case SEC_OID_X942_DIFFIE_HELMAN_KEY:
if(!publicValue) {
@@ -468,7 +465,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
paramTemplate = NULL;
paramDest = NULL;
lpk->keyType = dhKey;
- keyType = CKK_DH;
break;
default:
diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c
index 1f6597b5e..044956fe4 100644
--- a/lib/pk11wrap/pk11slot.c
+++ b/lib/pk11wrap/pk11slot.c
@@ -555,10 +555,10 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName,
break;
}
if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) &&
- ( (!tokenName) || (tmpSlot->token_name &&
- (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) &&
- ( (!slotName) || (tmpSlot->slot_name &&
- (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) {
+ ( (!tokenName) ||
+ (0==PORT_Strcmp(tmpSlot->token_name, tokenName)) ) &&
+ ( (!slotName) ||
+ (0==PORT_Strcmp(tmpSlot->slot_name, slotName)) ) ) {
if (tmpSlot) {
PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE);
slotcount++;
@@ -1105,7 +1105,6 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
{
CK_TOKEN_INFO tokenInfo;
CK_RV crv;
- char *tmp;
SECStatus rv;
PRStatus status;
@@ -1139,8 +1138,8 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts)
if (slot->isActiveCard) {
slot->protectedAuthPath = PR_FALSE;
}
- tmp = PK11_MakeString(NULL,slot->token_name,
- (char *)tokenInfo.label, sizeof(tokenInfo.label));
+ (void)PK11_MakeString(NULL,slot->token_name,
+ (char *)tokenInfo.label, sizeof(tokenInfo.label));
slot->minPassword = tokenInfo.ulMinPinLen;
slot->maxPassword = tokenInfo.ulMaxPinLen;
PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial));
@@ -1349,7 +1348,6 @@ void
PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
{
SECStatus rv;
- char *tmp;
CK_SLOT_INFO slotInfo;
slot->functionList = mod->functionList;
@@ -1371,7 +1369,7 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot)
* works because modules keep implicit references
* from their slots, and won't unload and disappear
* until all their slots have been freed */
- tmp = PK11_MakeString(NULL,slot->slot_name,
+ (void)PK11_MakeString(NULL,slot->slot_name,
(char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);
#define ACTIVE_CARD "ActivCard SA"
@@ -2052,7 +2050,7 @@ PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type,
PK11SlotInfo *slot = NULL;
PRBool freeit = PR_FALSE;
PRBool listNeedLogin = PR_FALSE;
- int i;
+ unsigned int i;
SECStatus rv;
list = PK11_GetSlotList(type[0]);
diff --git a/lib/pkcs12/p12d.c b/lib/pkcs12/p12d.c
index 6a3a38c94..51bf0f7f5 100644
--- a/lib/pkcs12/p12d.c
+++ b/lib/pkcs12/p12d.c
@@ -2810,7 +2810,7 @@ SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx,
return SECFailure;
}
- for (i = 0; safeBag = p12dcx->safeBags[i]; i++) {
+ for (i = 0; (safeBag = p12dcx->safeBags[i]); i++) {
SECItem *newNickname = NULL;
SECItem *defaultNickname = NULL;
SECStatus rename_rv;
diff --git a/lib/pkcs12/p12e.c b/lib/pkcs12/p12e.c
index 5584407f8..4efd9abb7 100644
--- a/lib/pkcs12/p12e.c
+++ b/lib/pkcs12/p12e.c
@@ -695,7 +695,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType,
void *bagData)
{
sec_PKCS12SafeBag *safeBag;
- PRBool setName = PR_TRUE;
void *mark = NULL;
SECStatus rv = SECSuccess;
SECOidData *oidData = NULL;
@@ -740,7 +739,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType,
case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID:
safeBag->safeBagContent.safeContents =
(sec_PKCS12SafeContents *)bagData;
- setName = PR_FALSE;
break;
default:
goto loser;
@@ -1532,8 +1530,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp)
* it is confirmed that integrity must be in place
*/
if(p12exp->integrityEnabled && !p12exp->pwdIntegrity) {
- SECStatus rv;
-
/* create public key integrity mode */
p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData(
p12exp->integrityInfo.pubkeyInfo.cert,
@@ -1549,8 +1545,7 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp)
if(SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo,NULL) != SECSuccess) {
goto loser;
}
- rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo);
- PORT_Assert(rv == SECSuccess);
+ PORT_AssertSuccess(SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo));
} else {
p12enc->aSafeCinfo = SEC_PKCS7CreateData();
diff --git a/lib/pkcs7/p7decode.c b/lib/pkcs7/p7decode.c
index 80689544e..7a52d8203 100644
--- a/lib/pkcs7/p7decode.c
+++ b/lib/pkcs7/p7decode.c
@@ -1290,7 +1290,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
const SECItem *digest;
SECItem **digests;
SECItem **rawcerts;
- CERTSignedCrl **crls;
SEC_PKCS7SignerInfo **signerinfos, *signerinfo;
CERTCertificate *cert, **certs;
PRBool goodsig;
@@ -1340,7 +1339,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
digestalgs = sdp->digestAlgorithms;
digests = sdp->digests;
rawcerts = sdp->rawCerts;
- crls = sdp->crls;
signerinfos = sdp->signerInfos;
content_type = &(sdp->contentInfo.contentType);
sigkey = NULL;
@@ -1355,7 +1353,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo,
digestalgs = saedp->digestAlgorithms;
digests = saedp->digests;
rawcerts = saedp->rawCerts;
- crls = saedp->crls;
signerinfos = saedp->signerInfos;
content_type = &(saedp->encContentInfo.contentType);
sigkey = saedp->sigKey;
diff --git a/lib/pkcs7/p7encode.c b/lib/pkcs7/p7encode.c
index 99b68ee51..349bc8461 100644
--- a/lib/pkcs7/p7encode.c
+++ b/lib/pkcs7/p7encode.c
@@ -59,13 +59,10 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo,
SECKEYPublicKey *publickey = NULL;
SECKEYPrivateKey *ourPrivKey = NULL;
PK11SymKey *bulkkey;
- void *mark, *wincx;
+ void *mark;
int i;
PLArenaPool *arena = NULL;
- /* Get the context in case we need it below. */
- wincx = cinfo->pwfn_arg;
-
kind = SEC_PKCS7ContentType (cinfo);
switch (kind) {
default:
diff --git a/lib/pkcs7/p7local.c b/lib/pkcs7/p7local.c
index 6a7af1f80..8c5e0bfa5 100644
--- a/lib/pkcs7/p7local.c
+++ b/lib/pkcs7/p7local.c
@@ -397,7 +397,7 @@ sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, unsigned char *output,
const unsigned char *input, unsigned int input_len,
PRBool final)
{
- int blocks, bsize, pcount, padsize;
+ unsigned int blocks, bsize, pcount, padsize;
unsigned int max_needed, ifraglen, ofraglen, output_len;
unsigned char *pbuf;
SECStatus rv;
diff --git a/lib/pki/certificate.c b/lib/pki/certificate.c
index ed6145a55..fdf147c9e 100644
--- a/lib/pki/certificate.c
+++ b/lib/pki/certificate.c
@@ -895,7 +895,6 @@ nssCertificateList_DoCallback (
{
nssListIterator *certs;
NSSCertificate *cert;
- PRStatus nssrv;
certs = nssList_CreateIterator(certList);
if (!certs) {
return PR_FAILURE;
@@ -904,7 +903,7 @@ nssCertificateList_DoCallback (
cert != (NSSCertificate *)NULL;
cert = (NSSCertificate *)nssListIterator_Next(certs))
{
- nssrv = (*callback)(cert, arg);
+ (void)(*callback)(cert, arg);
}
nssListIterator_Finish(certs);
nssListIterator_Destroy(certs);
diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c
index 953d73800..a415ace4c 100644
--- a/lib/pki/pki3hack.c
+++ b/lib/pki/pki3hack.c
@@ -1272,7 +1272,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject)
{
int numNotDestroyed = 0; /* the ones skipped plus the failures */
int failureCount = 0; /* actual deletion failures by devices */
- int index;
+ unsigned int index;
nssPKIObject_AddRef(tObject);
nssPKIObject_Lock(tObject);
@@ -1327,7 +1327,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c)
/* caller made sure nssTrust isn't NULL */
nssPKIObject *tobject = &nssTrust->object;
nssPKIObject *cobject = &c->object;
- int i;
+ unsigned int i;
/* Iterate through the cert and trust object instances looking for
* those with matching pk11 slots to delete. Even if some device
diff --git a/lib/pki/pkibase.c b/lib/pki/pkibase.c
index 083b9b66a..c86e5bb42 100644
--- a/lib/pki/pkibase.c
+++ b/lib/pki/pkibase.c
@@ -903,7 +903,6 @@ nssPKIObjectCollection_Traverse (
nssPKIObjectCallback *callback
)
{
- PRStatus status;
PRCList *link = PR_NEXT_LINK(&collection->head);
pkiObjectCollectionNode *node;
while (link != &collection->head) {
@@ -920,19 +919,19 @@ nssPKIObjectCollection_Traverse (
}
switch (collection->objectType) {
case pkiObjectType_Certificate:
- status = (*callback->func.cert)((NSSCertificate *)node->object,
+ (void)(*callback->func.cert)((NSSCertificate *)node->object,
callback->arg);
break;
case pkiObjectType_CRL:
- status = (*callback->func.crl)((NSSCRL *)node->object,
+ (void)(*callback->func.crl)((NSSCRL *)node->object,
callback->arg);
break;
case pkiObjectType_PrivateKey:
- status = (*callback->func.pvkey)((NSSPrivateKey *)node->object,
+ (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object,
callback->arg);
break;
case pkiObjectType_PublicKey:
- status = (*callback->func.pbkey)((NSSPublicKey *)node->object,
+ (void)(*callback->func.pbkey)((NSSPublicKey *)node->object,
callback->arg);
break;
}
@@ -1057,7 +1056,6 @@ nssCertificateCollection_Create (
NSSCertificate **certsOpt
)
{
- PRStatus status;
nssPKIObjectCollection *collection;
collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor);
collection->objectType = pkiObjectType_Certificate;
@@ -1068,7 +1066,7 @@ nssCertificateCollection_Create (
if (certsOpt) {
for (; *certsOpt; certsOpt++) {
nssPKIObject *object = (nssPKIObject *)(*certsOpt);
- status = nssPKIObjectCollection_AddObject(collection, object);
+ (void)nssPKIObjectCollection_AddObject(collection, object);
}
}
return collection;
@@ -1164,7 +1162,6 @@ nssCRLCollection_Create (
NSSCRL **crlsOpt
)
{
- PRStatus status;
nssPKIObjectCollection *collection;
collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock);
collection->objectType = pkiObjectType_CRL;
@@ -1175,7 +1172,7 @@ nssCRLCollection_Create (
if (crlsOpt) {
for (; *crlsOpt; crlsOpt++) {
nssPKIObject *object = (nssPKIObject *)(*crlsOpt);
- status = nssPKIObjectCollection_AddObject(collection, object);
+ (void)nssPKIObjectCollection_AddObject(collection, object);
}
}
return collection;
diff --git a/lib/pki/tdcache.c b/lib/pki/tdcache.c
index 7842189ca..5f9dfdd5c 100644
--- a/lib/pki/tdcache.c
+++ b/lib/pki/tdcache.c
@@ -329,7 +329,7 @@ nssTrustDomain_RemoveCertFromCacheLOCKED (
nssList *subjectList;
cache_entry *ce;
NSSArena *arena;
- NSSUTF8 *nickname;
+ NSSUTF8 *nickname = NULL;
#ifdef DEBUG_CACHE
log_cert_ref("attempt to remove cert", cert);
@@ -776,14 +776,18 @@ add_cert_to_cache (
added++;
/* If a new subject entry was created, also need nickname and/or email */
if (subjectList != NULL) {
+#ifdef nodef
PRBool handle = PR_FALSE;
+#endif
if (certNickname) {
nssrv = add_nickname_entry(arena, td->cache,
certNickname, subjectList);
if (nssrv != PR_SUCCESS) {
goto loser;
}
+#ifdef nodef
handle = PR_TRUE;
+#endif
added++;
}
if (cert->email) {
@@ -791,7 +795,9 @@ add_cert_to_cache (
if (nssrv != PR_SUCCESS) {
goto loser;
}
+#ifdef nodef
handle = PR_TRUE;
+#endif
added += 2;
}
#ifdef nodef
diff --git a/lib/pki/trustdomain.c b/lib/pki/trustdomain.c
index a3d26a88d..90e8f268d 100644
--- a/lib/pki/trustdomain.c
+++ b/lib/pki/trustdomain.c
@@ -991,7 +991,6 @@ NSSTrustDomain_TraverseCertificates (
void *arg
)
{
- PRStatus status = PR_FAILURE;
NSSToken *token = NULL;
NSSSlot **slots = NULL;
NSSSlot **slotp;
@@ -1028,7 +1027,7 @@ NSSTrustDomain_TraverseCertificates (
session = nssTrustDomain_GetSessionForToken(td, token);
if (session) {
/* perform the traversal */
- status = nssToken_TraverseCertificates(token,
+ (void)nssToken_TraverseCertificates(token,
session,
tokenOnly,
collector,
@@ -1041,7 +1040,7 @@ NSSTrustDomain_TraverseCertificates (
/* Traverse the collection */
pkiCallback.func.cert = callback;
pkiCallback.arg = arg;
- status = nssPKIObjectCollection_Traverse(collection, &pkiCallback);
+ (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback);
loser:
if (slots) {
nssSlotArray_Destroy(slots);
diff --git a/lib/smime/cmsasn1.c b/lib/smime/cmsasn1.c
index 4519363b9..b09a2e18c 100644
--- a/lib/smime/cmsasn1.c
+++ b/lib/smime/cmsasn1.c
@@ -51,10 +51,6 @@ const SEC_ASN1Template NSSCMSMessageTemplate[] = {
{ 0 }
};
-static const SEC_ASN1Template NSS_PointerToCMSMessageTemplate[] = {
- { SEC_ASN1_POINTER, 0, NSSCMSMessageTemplate }
-};
-
/* -----------------------------------------------------------------------------
* ENCAPSULATED & ENCRYPTED CONTENTINFO
* (both use a NSSCMSContentInfo)
diff --git a/lib/smime/cmscipher.c b/lib/smime/cmscipher.c
index 16d643615..958d4e473 100644
--- a/lib/smime/cmscipher.c
+++ b/lib/smime/cmscipher.c
@@ -366,7 +366,7 @@ NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output,
const unsigned char *input, unsigned int input_len,
PRBool final)
{
- int blocks, bsize, pcount, padsize;
+ unsigned int blocks, bsize, pcount, padsize;
unsigned int max_needed, ifraglen, ofraglen, output_len;
unsigned char *pbuf;
SECStatus rv;
diff --git a/lib/smime/cmsencode.c b/lib/smime/cmsencode.c
index 651f0865a..3025740b5 100644
--- a/lib/smime/cmsencode.c
+++ b/lib/smime/cmsencode.c
@@ -122,7 +122,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth)
NSSCMSEncoderContext *p7ecx;
NSSCMSContentInfo *rootcinfo, *cinfo;
PRBool after = !before;
- PLArenaPool *poolp;
SECOidTag childtype;
SECItem *item;
@@ -130,7 +129,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth)
PORT_Assert(p7ecx != NULL);
rootcinfo = &(p7ecx->cmsg->contentInfo);
- poolp = p7ecx->cmsg->poolp;
#ifdef CMSDEBUG
fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth);
@@ -201,12 +199,9 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx)
SECStatus rv;
SECOidTag childtype;
NSSCMSContentInfo *cinfo;
- PLArenaPool *poolp;
NSSCMSEncoderContext *childp7ecx;
const SEC_ASN1Template *template;
- poolp = p7ecx->cmsg->poolp;
-
/* call _Encode_BeforeData handlers */
switch (p7ecx->type) {
case SEC_OID_PKCS7_SIGNED_DATA:
diff --git a/lib/smime/cmsrecinfo.c b/lib/smime/cmsrecinfo.c
index 5e08870b2..abc22542c 100644
--- a/lib/smime/cmsrecinfo.c
+++ b/lib/smime/cmsrecinfo.c
@@ -526,7 +526,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag)
{
PK11SymKey *bulkkey = NULL;
- SECAlgorithmID *encalg;
SECOidTag encalgtag;
SECItem *enckey;
int error;
@@ -536,7 +535,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
switch (ri->recipientInfoType) {
case NSSCMSRecipientInfoID_KeyTrans:
- encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg);
encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg));
enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */
switch (encalgtag) {
@@ -551,7 +549,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
}
break;
case NSSCMSRecipientInfoID_KeyAgree:
- encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg);
encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg));
enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey);
switch (encalgtag) {
@@ -573,7 +570,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex,
}
break;
case NSSCMSRecipientInfoID_KEK:
- encalg = &(ri->ri.kekRecipientInfo.keyEncAlg);
encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg));
enckey = &(ri->ri.kekRecipientInfo.encKey);
/* not supported yet */
diff --git a/lib/smime/cmsudf.c b/lib/smime/cmsudf.c
index 13071113e..472b6d663 100644
--- a/lib/smime/cmsudf.c
+++ b/lib/smime/cmsudf.c
@@ -79,14 +79,14 @@ nss_cmstype_shutdown(void *appData, void *reserved)
static PLHashNumber
nss_cmstype_hash_key(const void *key)
{
- return (PLHashNumber) key;
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
static PRIntn
nss_cmstype_compare_keys(const void *v1, const void *v2)
{
- PLHashNumber value1 = (PLHashNumber) v1;
- PLHashNumber value2 = (PLHashNumber) v2;
+ PLHashNumber value1 = nss_cmstype_hash_key(v1);
+ PLHashNumber value2 = nss_cmstype_hash_key(v2);
return (value1 == value2);
}
diff --git a/lib/smime/smimeutil.c b/lib/smime/smimeutil.c
index fbb61b9c1..84d1960a0 100644
--- a/lib/smime/smimeutil.c
+++ b/lib/smime/smimeutil.c
@@ -759,6 +759,8 @@ extern const char __nss_smime_version[];
PRBool
NSSSMIME_VersionCheck(const char *importedVersion)
{
+#define NSS_VERSION_VARIABLE __nss_smime_version
+#include "verref.h"
/*
* This is the secret handshake algorithm.
*
@@ -768,10 +770,6 @@ NSSSMIME_VersionCheck(const char *importedVersion)
* not compatible with future major, minor, or
* patch releases.
*/
- volatile char c; /* force a reference that won't get optimized away */
-
- c = __nss_smime_version[0];
-
return NSS_VersionCheck(importedVersion);
}
diff --git a/lib/softoken/legacydb/keydb.c b/lib/softoken/legacydb/keydb.c
index 085b2be20..c3dd887b0 100644
--- a/lib/softoken/legacydb/keydb.c
+++ b/lib/softoken/legacydb/keydb.c
@@ -1476,7 +1476,9 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
SECItem *cipherText = NULL;
SECItem *dummy = NULL;
#ifndef NSS_DISABLE_ECC
+#ifdef EC_DEBUG
SECItem *fordebug = NULL;
+#endif
int savelen;
#endif
@@ -1589,9 +1591,11 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
goto loser;
}
+#ifdef EC_DEBUG
fordebug = &(pki->privateKey);
SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey",
pk->keyType, fordebug);
+#endif
break;
#endif /* NSS_DISABLE_ECC */
@@ -1704,7 +1708,7 @@ seckey_decrypt_private_key(SECItem*epki,
SECStatus rv = SECFailure;
PLArenaPool *temparena = NULL, *permarena = NULL;
SECItem *dest = NULL;
-#ifndef NSS_DISABLE_ECC
+#ifdef EC_DEBUG
SECItem *fordebug = NULL;
#endif
@@ -1817,9 +1821,11 @@ seckey_decrypt_private_key(SECItem*epki,
pk->keyType = NSSLOWKEYECKey;
lg_prepare_low_ec_priv_key_for_asn1(pk);
+#ifdef EC_DEBUG
fordebug = &pki->privateKey;
SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey",
pk->keyType, fordebug);
+#endif
if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
&pki->privateKey) ) break;
rv = SEC_QuickDERDecodeItem(permarena, pk,
@@ -1990,12 +1996,10 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
SECItem *encCheck)
{
SECOidData *oidData;
- SECStatus rv;
oidData = SECOID_FindOIDByTag(alg);
if ( oidData == NULL ) {
- rv = SECFailure;
- goto loser;
+ return SECFailure;
}
entry->len = 1 + oidData->oid.len + encCheck->len;
@@ -2006,7 +2010,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
}
if ( entry->data == NULL ) {
- goto loser;
+ return SECFailure;
}
/* first length of oid */
@@ -2017,10 +2021,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data,
encCheck->len);
- return(SECSuccess);
-
-loser:
- return(SECFailure);
+ return SECSuccess;
}
@@ -2032,7 +2033,6 @@ static SECStatus
nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle)
{
SECStatus rv;
- int ret;
int errors = 0;
if ( handle->db == NULL ) {
@@ -2080,7 +2080,7 @@ nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle)
done:
/* sync the database */
- ret = keydb_Sync(handle, 0);
+ (void)keydb_Sync(handle, 0);
db_InitComplete(handle->db);
return (errors == 0 ? SECSuccess : SECFailure);
@@ -2089,7 +2089,6 @@ done:
static int
keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
{
- PRStatus prstat;
int ret;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
@@ -2099,7 +2098,7 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
ret = (* db->get)(db, key, data, flags);
- prstat = PZ_Unlock(kdbLock);
+ (void)PZ_Unlock(kdbLock);
return(ret);
}
@@ -2107,7 +2106,6 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
static int
keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
{
- PRStatus prstat;
int ret = 0;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
@@ -2117,7 +2115,7 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
ret = (* db->put)(db, key, data, flags);
- prstat = PZ_Unlock(kdbLock);
+ (void)PZ_Unlock(kdbLock);
return(ret);
}
@@ -2125,7 +2123,6 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
static int
keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags)
{
- PRStatus prstat;
int ret;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
@@ -2135,7 +2132,7 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags)
ret = (* db->sync)(db, flags);
- prstat = PZ_Unlock(kdbLock);
+ (void)PZ_Unlock(kdbLock);
return(ret);
}
@@ -2143,7 +2140,6 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags)
static int
keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags)
{
- PRStatus prstat;
int ret;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
@@ -2153,7 +2149,7 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags)
ret = (* db->del)(db, key, flags);
- prstat = PZ_Unlock(kdbLock);
+ (void)PZ_Unlock(kdbLock);
return(ret);
}
@@ -2161,7 +2157,6 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags)
static int
keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
{
- PRStatus prstat;
int ret;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
@@ -2171,7 +2166,7 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
ret = (* db->seq)(db, key, data, flags);
- prstat = PZ_Unlock(kdbLock);
+ (void)PZ_Unlock(kdbLock);
return(ret);
}
@@ -2179,7 +2174,6 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
static void
keydb_Close(NSSLOWKEYDBHandle *kdb)
{
- PRStatus prstat;
PRLock *kdbLock = kdb->lock;
DB *db = kdb->db;
@@ -2188,7 +2182,7 @@ keydb_Close(NSSLOWKEYDBHandle *kdb)
(* db->close)(db);
- SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock));
+ SKIP_AFTER_FORK(PZ_Unlock(kdbLock));
return;
}
diff --git a/lib/softoken/legacydb/lgattr.c b/lib/softoken/legacydb/lgattr.c
index 00a0a746d..7c80c568e 100644
--- a/lib/softoken/legacydb/lgattr.c
+++ b/lib/softoken/legacydb/lgattr.c
@@ -210,8 +210,6 @@ static const CK_ATTRIBUTE lg_StaticFalseAttr =
LG_DEF_ATTRIBUTE(&lg_staticFalseValue,sizeof(lg_staticFalseValue));
static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL,0);
char lg_StaticOneValue = 1;
-static const CK_ATTRIBUTE lg_StaticOneAttr =
- LG_DEF_ATTRIBUTE(&lg_StaticOneValue,sizeof(lg_StaticOneValue));
/*
* helper functions which get the database and call the underlying
@@ -434,11 +432,6 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) {
return pubItem;
}
-static const SEC_ASN1Template lg_SerialTemplate[] = {
- { SEC_ASN1_INTEGER, offsetof(NSSLOWCERTCertificate,serialNumber) },
- { 0 }
-};
-
static CK_RV
lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
CK_ATTRIBUTE *attribute)
diff --git a/lib/softoken/legacydb/lginit.c b/lib/softoken/legacydb/lginit.c
index d08d4506a..47da8f042 100644
--- a/lib/softoken/legacydb/lginit.c
+++ b/lib/softoken/legacydb/lginit.c
@@ -476,14 +476,14 @@ lg_Close(SDB *sdb)
static PLHashNumber
lg_HashNumber(const void *key)
{
- return (PLHashNumber) key;
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
PRIntn
lg_CompareValues(const void *v1, const void *v2)
{
- PLHashNumber value1 = (PLHashNumber) v1;
- PLHashNumber value2 = (PLHashNumber) v2;
+ PLHashNumber value1 = lg_HashNumber(v1);
+ PLHashNumber value2 = lg_HashNumber(v2);
return (value1 == value2);
}
@@ -587,9 +587,9 @@ legacy_Open(const char *configdir, const char *certPrefix,
CK_RV crv = CKR_OK;
SECStatus rv;
PRBool readOnly = (flags == SDB_RDONLY)? PR_TRUE: PR_FALSE;
- volatile char c; /* force a reference that won't get optimized away */
- c = __nss_dbm_version[0];
+#define NSS_VERSION_VARIABLE __nss_dbm_version
+#include "verref.h"
rv = SECOID_Init();
if (SECSuccess != rv) {
diff --git a/lib/softoken/legacydb/pcertdb.c b/lib/softoken/legacydb/pcertdb.c
index 5f7670062..4eda4f0f4 100644
--- a/lib/softoken/legacydb/pcertdb.c
+++ b/lib/softoken/legacydb/pcertdb.c
@@ -103,13 +103,12 @@ nsslowcert_LockDB(NSSLOWCERTCertDBHandle *handle)
static void
nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle)
{
- PRStatus prstat;
-
- prstat = PZ_ExitMonitor(handle->dbMon);
-
+#ifdef DEBUG
+ PRStatus prstat = PZ_ExitMonitor(handle->dbMon);
PORT_Assert(prstat == PR_SUCCESS);
-
- return;
+#else
+ PZ_ExitMonitor(handle->dbMon);
+#endif
}
@@ -134,15 +133,16 @@ nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert)
static void
nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert)
{
- PRStatus prstat;
-
PORT_Assert(certRefCountLock != NULL);
- prstat = PZ_Unlock(certRefCountLock);
-
- PORT_Assert(prstat == PR_SUCCESS);
-
- return;
+#ifdef DEBUG
+ {
+ PRStatus prstat = PZ_Unlock(certRefCountLock);
+ PORT_Assert(prstat == PR_SUCCESS);
+ }
+#else
+ PZ_Unlock(certRefCountLock);
+#endif
}
/*
@@ -166,15 +166,16 @@ nsslowcert_LockCertTrust(NSSLOWCERTCertificate *cert)
static void
nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert)
{
- PRStatus prstat;
-
PORT_Assert(certTrustLock != NULL);
- prstat = PZ_Unlock(certTrustLock);
-
- PORT_Assert(prstat == PR_SUCCESS);
-
- return;
+#ifdef DEBUG
+ {
+ PRStatus prstat = PZ_Unlock(certTrustLock);
+ PORT_Assert(prstat == PR_SUCCESS);
+ }
+#else
+ PZ_Unlock(certTrustLock);
+#endif
}
@@ -199,15 +200,17 @@ nsslowcert_LockFreeList(void)
static void
nsslowcert_UnlockFreeList(void)
{
- PRStatus prstat = PR_SUCCESS;
-
PORT_Assert(freeListLock != NULL);
- SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock));
-
- PORT_Assert(prstat == PR_SUCCESS);
-
- return;
+#ifdef DEBUG
+ {
+ PRStatus prstat = PR_SUCCESS;
+ SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock));
+ PORT_Assert(prstat == PR_SUCCESS);
+ }
+#else
+ SKIP_AFTER_FORK(PZ_Unlock(freeListLock));
+#endif
}
NSSLOWCERTCertificate *
@@ -224,7 +227,6 @@ nsslowcert_DupCertificate(NSSLOWCERTCertificate *c)
static int
certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags)
{
- PRStatus prstat;
int ret;
PORT_Assert(dbLock != NULL);
@@ -232,7 +234,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags)
ret = (* db->get)(db, key, data, flags);
- prstat = PZ_Unlock(dbLock);
+ (void)PZ_Unlock(dbLock);
return(ret);
}
@@ -240,7 +242,6 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags)
static int
certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags)
{
- PRStatus prstat;
int ret = 0;
PORT_Assert(dbLock != NULL);
@@ -248,7 +249,7 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags)
ret = (* db->put)(db, key, data, flags);
- prstat = PZ_Unlock(dbLock);
+ (void)PZ_Unlock(dbLock);
return(ret);
}
@@ -256,7 +257,6 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags)
static int
certdb_Sync(DB *db, unsigned int flags)
{
- PRStatus prstat;
int ret;
PORT_Assert(dbLock != NULL);
@@ -264,7 +264,7 @@ certdb_Sync(DB *db, unsigned int flags)
ret = (* db->sync)(db, flags);
- prstat = PZ_Unlock(dbLock);
+ (void)PZ_Unlock(dbLock);
return(ret);
}
@@ -273,7 +273,6 @@ certdb_Sync(DB *db, unsigned int flags)
static int
certdb_Del(DB *db, DBT *key, unsigned int flags)
{
- PRStatus prstat;
int ret;
PORT_Assert(dbLock != NULL);
@@ -281,7 +280,7 @@ certdb_Del(DB *db, DBT *key, unsigned int flags)
ret = (* db->del)(db, key, flags);
- prstat = PZ_Unlock(dbLock);
+ (void)PZ_Unlock(dbLock);
/* don't fail if the record is already deleted */
if (ret == DB_NOT_FOUND) {
@@ -294,7 +293,6 @@ certdb_Del(DB *db, DBT *key, unsigned int flags)
static int
certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags)
{
- PRStatus prstat;
int ret;
PORT_Assert(dbLock != NULL);
@@ -302,7 +300,7 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags)
ret = (* db->seq)(db, key, data, flags);
- prstat = PZ_Unlock(dbLock);
+ (void)PZ_Unlock(dbLock);
return(ret);
}
@@ -310,14 +308,12 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags)
static void
certdb_Close(DB *db)
{
- PRStatus prstat = PR_SUCCESS;
-
PORT_Assert(dbLock != NULL);
SKIP_AFTER_FORK(PZ_Lock(dbLock));
(* db->close)(db);
- SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock));
+ SKIP_AFTER_FORK(PZ_Unlock(dbLock));
return;
}
@@ -2430,7 +2426,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey,
certDBEntrySubject *entry;
SECStatus rv;
unsigned int nnlen;
- unsigned int eaddrlen;
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if ( arena == NULL ) {
@@ -2480,7 +2475,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey,
goto loser;
}
- eaddrlen = PORT_Strlen(emailAddr) + 1;
entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *));
if ( entry->emailAddrs == NULL ) {
PORT_Free(emailAddr);
@@ -3586,7 +3580,6 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
certDBEntrySMime *emailEntry = NULL;
char *nickname;
char *emailAddr;
- SECStatus rv;
/*
* Sequence through the old database and copy all of the entries
@@ -3700,7 +3693,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
if ( subjectEntry->nickname ) {
PORT_Memcpy(subjectEntry->nickname, nickname,
key.size - 1);
- rv = WriteDBSubjectEntry(handle, subjectEntry);
+ (void)WriteDBSubjectEntry(handle, subjectEntry);
}
} else if ( type == certDBEntryTypeSMimeProfile ) {
emailAddr = &((char *)key.data)[1];
@@ -3729,7 +3722,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr,
key.size - 1);
subjectEntry->nemailAddrs = 1;
- rv = WriteDBSubjectEntry(handle, subjectEntry);
+ (void)WriteDBSubjectEntry(handle, subjectEntry);
}
}
}
@@ -3791,14 +3784,13 @@ static SECStatus
UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb)
{
NSSLOWCERTCertDBHandle updatehandle;
- SECStatus rv;
updatehandle.permCertDB = updatedb;
updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB);
updatehandle.dbVerify = 0;
updatehandle.ref = 1; /* prevent premature close */
- rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback,
+ (void)nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback,
(void *)handle);
PZ_DestroyMonitor(updatehandle.dbMon);
@@ -5071,7 +5063,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
SECItem *crlKey, PRBool isKRL)
{
SECItem keyitem;
- DBT key;
SECStatus rv;
PLArenaPool *arena = NULL;
certDBEntryRevocation *entry = NULL;
@@ -5088,9 +5079,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
goto loser;
}
- key.data = keyitem.data;
- key.size = keyitem.len;
-
/* find in perm database */
entry = ReadDBCrlEntry(handle, crlKey, crlType);
diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c
index c0949fec0..16d4c9141 100644
--- a/lib/softoken/lowpbe.c
+++ b/lib/softoken/lowpbe.c
@@ -516,7 +516,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject,
}
PORT_Memcpy(Ai, iterBuf, hashLength);
- for (Bidx = 0; Bidx < B.len; Bidx += hashLength) {
+ for (Bidx = 0; Bidx < (int)B.len; Bidx += hashLength) {
PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength));
}
diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c
index baa090037..e52c57db8 100644
--- a/lib/softoken/pkcs11.c
+++ b/lib/softoken/pkcs11.c
@@ -1746,7 +1746,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type,
crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue,
object,CKA_EC_POINT);
if (crv == CKR_OK) {
- int keyLen,curveLen;
+ unsigned int keyLen,curveLen;
curveLen = (pubKey->u.ec.ecParams.fieldID.size +7)/8;
keyLen = (2*curveLen)+1;
@@ -2221,7 +2221,7 @@ CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList)
static PLHashNumber
sftk_HashNumber(const void *key)
{
- return (PLHashNumber) key;
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
/*
@@ -3144,11 +3144,11 @@ extern const char __nss_softokn_version[];
/* NSC_GetInfo returns general information about Cryptoki. */
CK_RV NSC_GetInfo(CK_INFO_PTR pInfo)
{
- volatile char c; /* force a reference that won't get optimized away */
+#define NSS_VERSION_VARIABLE __nss_softokn_version
+#include "verref.h"
CHECK_FORK();
- c = __nss_softokn_version[0];
pInfo->cryptokiVersion.major = 2;
pInfo->cryptokiVersion.minor = 20;
PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32);
@@ -4005,7 +4005,7 @@ static CK_RV sftk_CreateNewSlot(SFTKSlot *slot, CK_OBJECT_CLASS class,
PRBool isValidFIPSUserSlot = PR_FALSE;
PRBool isValidSlot = PR_FALSE;
PRBool isFIPS = PR_FALSE;
- unsigned long moduleIndex;
+ unsigned long moduleIndex = NSC_NON_FIPS_MODULE;
SFTKAttribute *attribute;
sftk_parameters paramStrings;
char *paramString;
@@ -4514,7 +4514,7 @@ sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle,
{
PRBool isCert = PR_FALSE;
int emailIndex = -1;
- int i;
+ unsigned int i;
SFTKSearchResults smime_search;
CK_ATTRIBUTE smime_template[2];
CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME;
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
index 2ae4a74bc..0a2c5dc89 100644
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -73,6 +73,7 @@ static void sftk_Null(void *data, PRBool freeit)
} \
printf("\n")
#else
+#undef EC_DEBUG
#define SEC_PRINT(a, b, c, d)
#endif
#endif /* NSS_DISABLE_ECC */
@@ -4081,7 +4082,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
CK_MECHANISM mech = {0, NULL, 0};
CK_ULONG modulusLen;
- CK_ULONG subPrimeLen;
+ CK_ULONG subPrimeLen = 0;
PRBool isEncryptable = PR_FALSE;
PRBool canSignVerify = PR_FALSE;
PRBool isDerivable = PR_FALSE;
@@ -4379,7 +4380,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
DSAPrivateKey * dsaPriv;
/* Diffie Hellman */
- int private_value_bits = 0;
DHPrivateKey * dhPriv;
#ifndef NSS_DISABLE_ECC
@@ -4431,7 +4431,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
*/
for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) {
if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) {
- private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue;
continue;
}
@@ -4901,7 +4900,9 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
SECStatus rv = SECSuccess;
SECItem *encodedKey = NULL;
#ifndef NSS_DISABLE_ECC
+#ifdef EC_DEBUG
SECItem *fordebug;
+#endif
int savelen;
#endif
@@ -4974,9 +4975,11 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
lk->u.ec.ecParams.curveOID.len = savelen;
lk->u.ec.publicValue.len >>= 3;
+#ifdef EC_DEBUG
fordebug = &pki->privateKey;
SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType,
fordebug);
+#endif
param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding);
@@ -5015,7 +5018,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp)
nsslowkey_PrivateKeyInfoTemplate);
*crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR;
-#ifndef NSS_DISABLE_ECC
+#ifdef EC_DEBUG
fordebug = encodedKey;
SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType,
fordebug);
@@ -6805,7 +6808,7 @@ key_and_mac_derive_fail:
PRBool withCofactor = PR_FALSE;
unsigned char *secret;
unsigned char *keyData = NULL;
- int secretlen, curveLen, pubKeyLen;
+ unsigned int secretlen, curveLen, pubKeyLen;
CK_ECDH1_DERIVE_PARAMS *mechParams;
NSSLOWKEYPrivateKey *privKey;
PLArenaPool *arena = NULL;
diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c
index 78e2fdc9c..de5cbbc29 100644
--- a/lib/softoken/pkcs11u.c
+++ b/lib/softoken/pkcs11u.c
@@ -1174,7 +1174,6 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object)
{
SFTKSlot *slot = sftk_SlotFromSession(session);
SFTKSessionObject *so = sftk_narrowToSessionObject(object);
- SFTKTokenObject *to = sftk_narrowToTokenObject(object);
CK_RV crv = CKR_OK;
PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize);
@@ -1191,8 +1190,10 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object)
sftk_FreeObject(object); /* free the reference owned by the queue */
} else {
SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle);
-
+#ifdef DEBUG
+ SFTKTokenObject *to = sftk_narrowToTokenObject(object);
PORT_Assert(to);
+#endif
crv = sftkdb_DestroyObject(handle, object->handle);
sftk_freeDB(handle);
}
@@ -1899,7 +1900,6 @@ SFTKObject *
sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle)
{
SFTKObject *object = NULL;
- SFTKTokenObject *tokObject = NULL;
PRBool hasLocks = PR_FALSE;
CK_RV crv;
@@ -1908,7 +1908,6 @@ sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle)
if (object == NULL) {
return NULL;
}
- tokObject = (SFTKTokenObject *) object;
object->handle = handle;
/* every object must have a class, if we can't get it, the object
diff --git a/lib/softoken/sdb.c b/lib/softoken/sdb.c
index 83150bb38..16848604c 100644
--- a/lib/softoken/sdb.c
+++ b/lib/softoken/sdb.c
@@ -689,7 +689,7 @@ sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count,
char *join="";
int sqlerr = SQLITE_OK;
CK_RV error = CKR_OK;
- int i;
+ unsigned int i;
LOCK_SQLITE()
*find = NULL;
@@ -836,7 +836,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id,
CK_RV error = CKR_OK;
int found = 0;
int retry = 0;
- int i;
+ unsigned int i;
/* open a new db if necessary */
@@ -879,7 +879,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id,
PR_Sleep(SDB_BUSY_RETRY_TIME);
}
if (sqlerr == SQLITE_ROW) {
- int blobSize;
+ unsigned int blobSize;
const char *blobData;
blobSize = sqlite3_column_bytes(stmt, 0);
@@ -963,7 +963,7 @@ sdb_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id,
int sqlerr = SQLITE_OK;
int retry = 0;
CK_RV error = CKR_OK;
- int i;
+ unsigned int i;
if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
return CKR_TOKEN_WRITE_PROTECTED;
@@ -1115,7 +1115,7 @@ sdb_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *object_id,
CK_RV error = CKR_OK;
CK_OBJECT_HANDLE this_object = CK_INVALID_HANDLE;
int retry = 0;
- int i;
+ unsigned int i;
if ((sdb->sdb_flags & SDB_RDONLY) != 0) {
return CKR_TOKEN_WRITE_PROTECTED;
diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c
index 149191018..b686e8e10 100644
--- a/lib/softoken/sftkdb.c
+++ b/lib/softoken/sftkdb.c
@@ -325,9 +325,7 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID,
if (sftkdb_isULONGAttribute(template[i].type)) {
if (template[i].pValue) {
CK_ULONG value;
- unsigned char *data;
- data = (unsigned char *)ntemplate[i].pValue;
value = sftk_SDBULong2ULong(ntemplate[i].pValue);
if (length < sizeof(CK_ULONG)) {
template[i].ulValueLen = -1;
@@ -475,7 +473,7 @@ sftk_signTemplate(PLArenaPool *arena, SFTKDBHandle *handle,
CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template,
CK_ULONG count)
{
- int i;
+ unsigned int i;
CK_RV crv;
SFTKDBHandle *keyHandle = handle;
SDB *keyTarget = NULL;
@@ -573,11 +571,8 @@ sftkdb_CreateObject(PLArenaPool *arena, SFTKDBHandle *handle,
SDB *db, CK_OBJECT_HANDLE *objectID,
CK_ATTRIBUTE *template, CK_ULONG count)
{
- PRBool inTransaction = PR_FALSE;
CK_RV crv;
- inTransaction = PR_TRUE;
-
crv = (*db->sdb_CreateObject)(db, objectID, template, count);
if (crv != CKR_OK) {
goto loser;
@@ -595,9 +590,9 @@ sftk_ExtractTemplate(PLArenaPool *arena, SFTKObject *object,
SFTKDBHandle *handle,CK_ULONG *pcount,
CK_RV *crv)
{
- int count;
+ unsigned int count;
CK_ATTRIBUTE *template;
- int i, templateIndex;
+ unsigned int i, templateIndex;
SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object);
PRBool doEnc = PR_TRUE;
@@ -1021,7 +1016,7 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType,
{
CK_ATTRIBUTE *attr;
char *nickname, *newNickname;
- int end, digit;
+ unsigned int end, digit;
/* sanity checks. We should never get here with these errors */
if (objectType != CKO_CERTIFICATE) {
@@ -1060,9 +1055,11 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType,
return CKR_OK;
}
- for (end = attr->ulValueLen - 1;
- end >= 0 && (digit = nickname[end]) <= '9' && digit >= '0';
- end--) {
+ for (end = attr->ulValueLen; end-- > 0;) {
+ digit = nickname[end];
+ if (digit > '9' || digit < '0') {
+ break;
+ }
if (digit < '9') {
nickname[end]++;
return CKR_OK;
@@ -1257,7 +1254,7 @@ sftkdb_FindObjects(SFTKDBHandle *handle, SDBFind *find,
crv = (*db->sdb_FindObjects)(db, find, ids,
arraySize, count);
if (crv == CKR_OK) {
- int i;
+ unsigned int i;
for (i=0; i < *count; i++) {
ids[i] |= (handle->type | SFTK_TOKEN_TYPE);
}
@@ -1600,14 +1597,14 @@ static const CK_ATTRIBUTE_TYPE known_attributes[] = {
CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS
};
-static int known_attributes_size= sizeof(known_attributes)/
+static unsigned int known_attributes_size= sizeof(known_attributes)/
sizeof(known_attributes[0]);
static CK_RV
sftkdb_GetObjectTemplate(SDB *source, CK_OBJECT_HANDLE id,
CK_ATTRIBUTE *ptemplate, CK_ULONG *max)
{
- int i,j;
+ unsigned int i,j;
CK_RV crv;
if (*max < known_attributes_size) {
@@ -2011,7 +2008,6 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
{CKA_ID, NULL, 0},
{CKA_LABEL, NULL, 0}
};
- CK_RV crv;
attr1 = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen);
attr2 = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen);
@@ -2023,7 +2019,7 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id,
}
/* the source has either an id or a label, see what the target has */
- crv = (*db->sdb_GetAttributeValue)(db, id, ttemplate, 2);
+ (void)(*db->sdb_GetAttributeValue)(db, id, ttemplate, 2);
/* if the target has neither, update from the source */
if ( ((ttemplate[0].ulValueLen == 0) ||
@@ -2168,7 +2164,7 @@ sftkdb_mergeObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE id,
CK_OBJECT_CLASS objectType;
SDB *source = handle->update;
SDB *target = handle->db;
- int i;
+ unsigned int i;
CK_RV crv;
PLArenaPool *arena = NULL;
@@ -2257,7 +2253,7 @@ sftkdb_Update(SFTKDBHandle *handle, SECItem *key)
SECItem *updatePasswordKey = NULL;
CK_RV crv, crv2;
PRBool inTransaction = PR_FALSE;
- int i;
+ unsigned int i;
if (handle == NULL) {
return CKR_OK;
diff --git a/lib/softoken/sftkhmac.c b/lib/softoken/sftkhmac.c
index 04c4e63dd..692a35359 100644
--- a/lib/softoken/sftkhmac.c
+++ b/lib/softoken/sftkhmac.c
@@ -146,28 +146,26 @@ void
sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len)
{
sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx;
- SECStatus rv = HMAC_ConstantTime(
+ PORT_AssertSuccess(HMAC_ConstantTime(
ctx->mac, NULL, sizeof(ctx->mac),
ctx->hash,
ctx->secret, ctx->secretLength,
ctx->header, ctx->headerLength,
data, len,
- ctx->totalLength);
- PORT_Assert(rv == SECSuccess);
+ ctx->totalLength));
}
void
sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len)
{
sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx;
- SECStatus rv = SSLv3_MAC_ConstantTime(
+ PORT_AssertSuccess(SSLv3_MAC_ConstantTime(
ctx->mac, NULL, sizeof(ctx->mac),
ctx->hash,
ctx->secret, ctx->secretLength,
ctx->header, ctx->headerLength,
data, len,
- ctx->totalLength);
- PORT_Assert(rv == SECSuccess);
+ ctx->totalLength));
}
void
diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c
index 670744c1c..d8ce85775 100644
--- a/lib/softoken/sftkpwd.c
+++ b/lib/softoken/sftkpwd.c
@@ -864,8 +864,6 @@ static CK_RV
sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
CK_OBJECT_HANDLE id, SECItem *newKey)
{
- CK_RV crv = CKR_OK;
- CK_RV crv2;
CK_ATTRIBUTE authAttrs[] = {
{CKA_MODULUS, NULL, 0},
{CKA_PUBLIC_EXPONENT, NULL, 0},
@@ -879,7 +877,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
{CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0},
};
CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE);
- int i, count;
+ unsigned int i, count;
SFTKDBHandle *keyHandle = handle;
SDB *keyTarget = NULL;
@@ -902,7 +900,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
/*
* STEP 1: find the MACed attributes of this object
*/
- crv2 = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
+ (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
count = 0;
/* allocate space for the attributes */
for (i=0; i < authAttrCount; i++) {
@@ -912,7 +910,6 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
count++;
authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen);
if (authAttrs[i].pValue == NULL) {
- crv = CKR_HOST_MEMORY;
break;
}
}
@@ -922,7 +919,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle,
return CKR_OK;
}
- crv = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
+ (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount);
/* ignore error code, we expect some possible errors */
/* GetAttributeValue just verified the old macs, safe to write
@@ -969,7 +966,7 @@ sftk_updateEncrypted(PLArenaPool *arena, SFTKDBHandle *keydb,
{CKA_EXPONENT_2, NULL, 0},
{CKA_COEFFICIENT, NULL, 0} };
CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE);
- int i, count;
+ unsigned int i, count;
/*
* STEP 1. Read the old attributes in the clear.
@@ -1113,7 +1110,7 @@ sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template,
CK_ULONG idCount = SFTK_MAX_IDS;
CK_OBJECT_HANDLE ids[SFTK_MAX_IDS];
CK_RV crv, crv2;
- int i;
+ unsigned int i;
crv = sftkdb_FindObjectsInit(handle, template, count, &find);
diff --git a/lib/sqlite/Makefile b/lib/sqlite/Makefile
index a2f0cf7d5..dd8ea1434 100644
--- a/lib/sqlite/Makefile
+++ b/lib/sqlite/Makefile
@@ -46,3 +46,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk
export:: private_export
+ifeq (WINNT,$(OS_ARCH))
+# sqlite calls the deprecated GetVersionExA method
+OS_CFLAGS += -w44996
+endif
+
diff --git a/lib/sqlite/sqlite3.c b/lib/sqlite/sqlite3.c
index 8ec2bb950..8f261e801 100644
--- a/lib/sqlite/sqlite3.c
+++ b/lib/sqlite/sqlite3.c
@@ -8149,17 +8149,17 @@ typedef INT8_TYPE i8; /* 1-byte signed integer */
** Macros to determine whether the machine is big or little endian,
** evaluated at runtime.
*/
-#ifdef SQLITE_AMALGAMATION
-SQLITE_PRIVATE const int sqlite3one = 1;
-#else
-SQLITE_PRIVATE const int sqlite3one;
-#endif
#if defined(i386) || defined(__i386__) || defined(_M_IX86)\
|| defined(__x86_64) || defined(__x86_64__)
# define SQLITE_BIGENDIAN 0
# define SQLITE_LITTLEENDIAN 1
# define SQLITE_UTF16NATIVE SQLITE_UTF16LE
#else
+# ifdef SQLITE_AMALGAMATION
+SQLITE_PRIVATE const int sqlite3one = 1;
+# else
+SQLITE_PRIVATE const int sqlite3one;
+# endif
# define SQLITE_BIGENDIAN (*(char *)(&sqlite3one)==0)
# define SQLITE_LITTLEENDIAN (*(char *)(&sqlite3one)==1)
# define SQLITE_UTF16NATIVE (SQLITE_BIGENDIAN?SQLITE_UTF16BE:SQLITE_UTF16LE)
diff --git a/lib/ssl/dtlscon.c b/lib/ssl/dtlscon.c
index cb63b2cc0..47c839727 100644
--- a/lib/ssl/dtlscon.c
+++ b/lib/ssl/dtlscon.c
@@ -104,9 +104,7 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss)
const ssl3CipherSuite * suite;
for (suite = nonDTLSSuites; *suite; ++suite) {
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
-
- PORT_Assert(rv == SECSuccess); /* else is coding error */
+ PORT_AssertSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
}
return SECSuccess;
}
@@ -396,7 +394,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
* This avoids having to fill in the bitmask in the common
* case of adjacent fragments received in sequence
*/
- if (fragment_offset <= ss->ssl3.hs.recvdHighWater) {
+ if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) {
/* Either this is the adjacent fragment or an overlapping
* fragment */
ss->ssl3.hs.recvdHighWater = fragment_offset +
@@ -676,7 +674,7 @@ dtls_TransmitMessageFlight(sslSocket *ss)
/* The reason we use 8 here is that that's the length of
* the new DTLS data that we add to the header */
- fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8),
+ fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8),
content_len - fragment_offset);
PORT_Assert(fragment_len < DTLS_MAX_MTU - 12);
/* Make totally sure that we are within the buffer.
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 220feaa70..befcb7722 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -2558,7 +2558,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,
PRUint32 fragLen;
PRUint32 p1Len, p2Len, oddLen = 0;
PRUint16 headerLen;
- int ivLen = 0;
+ unsigned int ivLen = 0;
int cipherBytes = 0;
unsigned char pseudoHeader[13];
unsigned int pseudoHeaderLen;
@@ -3120,7 +3120,8 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
{
static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER |
ssl_SEND_FLAG_CAP_RECORD_VERSION;
- PRInt32 rv = SECSuccess;
+ PRInt32 count = -1;
+ SECStatus rv = SECSuccess;
PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
@@ -3134,18 +3135,19 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags)
PORT_SetError(SEC_ERROR_INVALID_ARGS);
rv = SECFailure;
} else {
- rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf,
+ count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf,
ss->sec.ci.sendBuf.len, flags);
}
- if (rv < 0) {
+ if (count < 0) {
int err = PORT_GetError();
PORT_Assert(err != PR_WOULD_BLOCK_ERROR);
if (err == PR_WOULD_BLOCK_ERROR) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
}
- } else if (rv < ss->sec.ci.sendBuf.len) {
+ rv = SECFailure;
+ } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) {
/* short write should never happen */
- PORT_Assert(rv >= ss->sec.ci.sendBuf.len);
+ PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len);
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
rv = SECFailure;
} else {
@@ -7609,7 +7611,7 @@ ssl3_SendServerHelloSequence(sslSocket *ss)
if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) {
/* see if we can legally use the key in the cert. */
- int keyLen; /* bytes */
+ unsigned int keyLen; /* bytes */
keyLen = PK11_GetPrivateModulusLen(
ss->serverCerts[kea_def->exchKeyType].SERVERKEY);
@@ -8362,7 +8364,7 @@ compression_found:
ret = SSL_SNI_SEND_ALERT;
break;
}
- } else if (ret < ss->xtnData.sniNameArrSize) {
+ } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) {
/* Application has configured new socket info. Lets check it
* and save the name. */
SECStatus rv;
@@ -8413,7 +8415,7 @@ compression_found:
ssl3_SendServerNameXtn);
} else {
/* Callback returned index outside of the boundary. */
- PORT_Assert(ret < ss->xtnData.sniNameArrSize);
+ PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize);
errCode = SSL_ERROR_INTERNAL_ERROR_ALERT;
desc = internal_error;
ret = SSL_SNI_SEND_ALERT;
@@ -11644,7 +11646,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
SSL3Opaque *givenHash;
sslBuffer *plaintext;
sslBuffer temp_buf;
- PRUint64 dtls_seq_num;
+ PRUint64 dtls_seq_num = 0;
unsigned int ivLen = 0;
unsigned int originalLen = 0;
unsigned int good;
diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c
index c9e1f3b80..6177888c3 100644
--- a/lib/ssl/ssl3ecc.c
+++ b/lib/ssl/ssl3ecc.c
@@ -967,9 +967,7 @@ ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite)
if (!suite)
suite = ecSuites;
for (; *suite; ++suite) {
- SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE);
-
- PORT_Assert(rv == SECSuccess); /* else is coding error */
+ PORT_AssertSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE));
}
return SECSuccess;
}
@@ -1128,7 +1126,10 @@ ssl3_SendSupportedCurvesXtn(
ecList = tlsECList;
}
- if (append && maxBytes >= ecListSize) {
+ if (maxBytes < (PRUint32)ecListSize) {
+ return 0;
+ }
+ if (append) {
SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize);
if (rv != SECSuccess)
return -1;
diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c
index db653db9e..1b6e9f22d 100644
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -311,7 +311,7 @@ ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = {
static PRBool
arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type)
{
- int i;
+ unsigned int i;
for (i = 0; i < len; i++) {
if (ex_type == array[i])
return PR_TRUE;
@@ -451,7 +451,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data)
return SECFailure;
}
for (i = 0;i < listCount;i++) {
- int j;
+ unsigned int j;
PRInt32 type;
SECStatus rv;
PRBool nametypePresent = PR_FALSE;
@@ -539,7 +539,11 @@ ssl3_SendSessionTicketXtn(
}
}
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+ if (append) {
SECStatus rv;
/* extension_type */
rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2);
@@ -562,9 +566,6 @@ ssl3_SendSessionTicketXtn(
xtnData->advertised[xtnData->numAdvertised++] =
ssl_session_ticket_xtn;
}
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
@@ -804,7 +805,10 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
extension_length = 4;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ return 0;
+ }
+ if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2);
if (rv != SECSuccess)
@@ -814,8 +818,6 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append,
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_next_proto_nego_xtn;
- } else if (maxBytes < extension_length) {
- return 0;
}
return extension_length;
@@ -839,7 +841,10 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
2 /* protocol name list length */ +
ss->opt.nextProtoNego.len;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ return 0;
+ }
+ if (append) {
/* NPN requires that the client's fallback protocol is first in the
* list. However, ALPN sends protocols in preference order. So we
* allocate a buffer and move the first protocol to the end of the
@@ -879,8 +884,6 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
}
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_app_layer_protocol_xtn;
- } else if (maxBytes < extension_length) {
- return 0;
}
return extension_length;
@@ -908,7 +911,10 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
2 /* protocol name list */ + 1 /* name length */ +
ss->ssl3.nextProto.len;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ return 0;
+ }
+ if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2);
if (rv != SECSuccess) {
@@ -927,8 +933,6 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
if (rv != SECSuccess) {
return -1;
}
- } else if (maxBytes < extension_length) {
- return 0;
}
return extension_length;
@@ -975,7 +979,10 @@ ssl3_ServerSendStatusRequestXtn(
return 0;
extension_length = 2 + 2;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ return 0;
+ }
+ if (append) {
/* extension_type */
rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
if (rv != SECSuccess)
@@ -1008,7 +1015,11 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
*/
extension_length = 9;
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+ if (append) {
SECStatus rv;
TLSExtensionData *xtnData;
@@ -1036,9 +1047,6 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
xtnData = &ss->xtnData;
xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
}
@@ -1050,7 +1058,7 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
SECStatus
ssl3_SendNewSessionTicket(sslSocket *ss)
{
- int i;
+ PRUint32 i;
SECStatus rv;
NewSessionTicket ticket;
SECItem plaintext;
@@ -1426,7 +1434,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
if (data->len == 0) {
ss->xtnData.emptySessionTicket = PR_TRUE;
} else {
- int i;
+ PRUint32 i;
SECItem extension_data;
EncryptedSessionTicket enc_session_ticket;
unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH];
@@ -2016,7 +2024,10 @@ ssl3_SendRenegotiationInfoXtn(
(ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2
: ss->ssl3.hs.finishedBytes);
needed = 5 + len;
- if (append && maxBytes >= needed) {
+ if (maxBytes < (PRUint32)needed) {
+ return 0;
+ }
+ if (append) {
SECStatus rv;
/* extension_type */
rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2);
@@ -2404,7 +2415,11 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
2 /* supported_signature_algorithms length */ +
sizeof(signatureAlgorithms);
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+ if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2);
if (rv != SECSuccess)
@@ -2418,9 +2433,6 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_signature_algorithms_xtn;
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
@@ -2494,7 +2506,11 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
}
extension_length = 6; /* Type + length + number */
- if (append && maxBytes >= extension_length) {
+ if (maxBytes < (PRUint32)extension_length) {
+ PORT_Assert(0);
+ return 0;
+ }
+ if (append) {
SECStatus rv;
rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2);
if (rv != SECSuccess)
@@ -2507,9 +2523,6 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes)
goto loser;
ss->xtnData.advertised[ss->xtnData.numAdvertised++] =
ssl_tls13_draft_version_xtn;
- } else if (maxBytes < extension_length) {
- PORT_Assert(0);
- return 0;
}
return extension_length;
diff --git a/lib/ssl/ssl3gthr.c b/lib/ssl/ssl3gthr.c
index cd487c667..23b9755b6 100644
--- a/lib/ssl/ssl3gthr.c
+++ b/lib/ssl/ssl3gthr.c
@@ -71,8 +71,8 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags)
break;
}
- PORT_Assert( nb <= gs->remainder );
- if (nb > gs->remainder) {
+ PORT_Assert( (unsigned int)nb <= gs->remainder );
+ if ((unsigned int)nb > gs->remainder) {
/* ssl_DefRecv is misbehaving! this error is fatal to SSL. */
gs->state = GS_INIT; /* so we don't crash next time */
rv = SECFailure;
diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c
index ed74d94c6..b144336db 100644
--- a/lib/ssl/sslauth.c
+++ b/lib/ssl/sslauth.c
@@ -264,8 +264,7 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
&certStatusArray->items[0],
ss->pkcs11PinArg)
!= SECSuccess) {
- PRErrorCode error = PR_GetError();
- PORT_Assert(error != 0);
+ PORT_Assert(PR_GetError() != 0);
}
}
diff --git a/lib/ssl/sslcon.c b/lib/ssl/sslcon.c
index 24e4d673f..ccd00260e 100644
--- a/lib/ssl/sslcon.c
+++ b/lib/ssl/sslcon.c
@@ -22,20 +22,6 @@
static PRBool policyWasSet;
-/* This ordered list is indexed by (SSL_CK_xx * 3) */
-/* Second and third bytes are MSB and LSB of master key length. */
-static const PRUint8 allCipherSuites[] = {
- 0, 0, 0,
- SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80,
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80,
- SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80,
- SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40,
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0,
- 0, 0, 0
-};
-
#define ssl2_NUM_SUITES_IMPLEMENTED 6
/* This list is sent back to the client when the client-hello message
@@ -851,7 +837,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
{
PRUint8 * out;
int rv;
- int amount;
+ unsigned int amount;
int count = 0;
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
@@ -927,7 +913,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
int amount;
PRUint8 macLen;
int nout;
- int buflen;
+ unsigned int buflen;
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
@@ -1031,7 +1017,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags)
int amount; /* of plaintext to go in record. */
unsigned int padding; /* add this many padding byte. */
int nout; /* ciphertext size after header. */
- int buflen; /* size of generated record. */
+ unsigned int buflen; /* size of generated record. */
PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) );
@@ -1555,7 +1541,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits,
unsigned int ddLen; /* length of RSA decrypted data in kbuf */
unsigned int keySize;
unsigned int dkLen; /* decrypted key length in bytes */
- int modulusLen;
+ int modulusLen;
SECStatus rv;
PRUint16 allowed; /* cipher kinds enabled and allowed by policy */
PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES];
@@ -1617,11 +1603,11 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits,
}
modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY);
- if (modulusLen == -1) {
+ if (modulusLen < 0) {
/* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */
modulusLen = ekLen;
}
- if (ekLen > modulusLen || ekLen + ckLen < keySize) {
+ if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) {
SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!",
SSL_GETPID(), ss->fd, ekLen));
PORT_SetError(SSL_ERROR_BAD_CLIENT);
@@ -2495,7 +2481,6 @@ ssl2_HandleMessage(sslSocket *ss)
PRUint8 * cid;
unsigned len, certType, certLen, responseLen;
int rv;
- int rv2;
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
@@ -2613,7 +2598,7 @@ ssl2_HandleMessage(sslSocket *ss)
data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen,
responseLen);
if (rv) {
- rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
+ (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE);
SET_ERROR_CODE
goto loser;
}
@@ -2741,7 +2726,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss)
PRUint8 * cs;
PRUint8 * data;
SECStatus rv;
- int needed, sidHit, certLen, csLen, cidLen, certType, err;
+ unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err;
PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) );
@@ -3674,6 +3659,9 @@ extern const char __nss_ssl_version[];
PRBool
NSSSSL_VersionCheck(const char *importedVersion)
{
+#define NSS_VERSION_VARIABLE __nss_ssl_version
+#include "verref.h"
+
/*
* This is the secret handshake algorithm.
*
@@ -3683,9 +3671,6 @@ NSSSSL_VersionCheck(const char *importedVersion)
* not compatible with future major, minor, or
* patch releases.
*/
- volatile char c; /* force a reference that won't get optimized away */
-
- c = __nss_ssl_version[0];
return NSS_VersionCheck(importedVersion);
}
diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
index e32654609..cc53ee82e 100644
--- a/lib/ssl/sslimpl.h
+++ b/lib/ssl/sslimpl.h
@@ -740,7 +740,7 @@ typedef struct {
* is_limited identifies a suite as having a limit on the key size.
* key_size_limit provides the corresponding limit. */
PRBool is_limited;
- int key_size_limit;
+ unsigned int key_size_limit;
PRBool tls_keygen;
/* True if the key exchange for the suite is ephemeral. Or to be more
* precise: true if the ServerKeyExchange message is always required. */
@@ -1006,7 +1006,7 @@ struct ssl3StateStr {
PRBool dheWeakGroupEnabled; /* used by server */
};
-#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the
+#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the
* headers, so slightly larger than expected */
#define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram)
diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c
index 96a715f90..297dd2269 100644
--- a/lib/ssl/sslinfo.c
+++ b/lib/ssl/sslinfo.c
@@ -283,12 +283,10 @@ SSL_DisableDefaultExportCipherSuites(void)
{
const SSLCipherSuiteInfo * pInfo = suiteInfo;
unsigned int i;
- SECStatus rv;
for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
if (pInfo->isExportable) {
- rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE);
- PORT_Assert(rv == SECSuccess);
+ PORT_AssertSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE));
}
}
return SECSuccess;
@@ -304,12 +302,10 @@ SSL_DisableExportCipherSuites(PRFileDesc * fd)
{
const SSLCipherSuiteInfo * pInfo = suiteInfo;
unsigned int i;
- SECStatus rv;
for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) {
if (pInfo->isExportable) {
- rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE);
- PORT_Assert(rv == SECSuccess);
+ PORT_AssertSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE));
}
}
return SECSuccess;
diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c
index af91aa653..53b488586 100644
--- a/lib/ssl/sslsecur.c
+++ b/lib/ssl/sslsecur.c
@@ -1196,11 +1196,8 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow)
int
ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags)
{
- sslSecurityInfo *sec;
int rv = 0;
- sec = &ss->sec;
-
if (ss->shutdownHow & ssl_SHUTDOWN_RCV) {
PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR);
return PR_FAILURE;
diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c
index 4d9ef380c..cf458a55b 100644
--- a/lib/ssl/sslsnce.c
+++ b/lib/ssl/sslsnce.c
@@ -1228,6 +1228,10 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
/* Fix pointers in our private copy of cache descriptor to point to
** spaces in shared memory
*/
+#ifdef __GNUC__
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wstrict-aliasing"
+#endif
ptr = (ptrdiff_t)cache->cacheMem;
*(ptrdiff_t *)(&cache->sidCacheLocks) += ptr;
*(ptrdiff_t *)(&cache->keyCacheLock ) += ptr;
@@ -1242,6 +1246,9 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries,
*(ptrdiff_t *)(&cache->ticketMacKey ) += ptr;
*(ptrdiff_t *)(&cache->ticketKeysValid) += ptr;
*(ptrdiff_t *)(&cache->srvNameCacheData) += ptr;
+#ifdef __GNUC__
+#pragma GCC diagnostic pop
+#endif
/* initialize the locks */
init_time = ssl_Time();
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index f2e820a1c..78b5764ce 100644
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -1422,7 +1422,7 @@ static PQGParams *gWeakParamsPQG;
static ssl3DHParams *gWeakDHParams;
static PRStatus
-ssl3_CreateWeakDHParams()
+ssl3_CreateWeakDHParams(void)
{
PQGVerify *vfy;
SECStatus rv, passed;
diff --git a/lib/util/derdec.c b/lib/util/derdec.c
index c62191487..2c17ce939 100644
--- a/lib/util/derdec.c
+++ b/lib/util/derdec.c
@@ -175,7 +175,7 @@ der_capture(unsigned char *buf, unsigned char *end,
return SECFailure;
}
- *header_len_p = bp - buf;
+ *header_len_p = (int)(bp - buf);
*contents_len_p = contents_len;
return SECSuccess;
diff --git a/lib/util/derenc.c b/lib/util/derenc.c
index 90a9d2dfc..4a02e1a71 100644
--- a/lib/util/derenc.c
+++ b/lib/util/derenc.c
@@ -279,7 +279,7 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src)
int header_len;
PRUint32 contents_len;
unsigned long encode_kind, under_kind;
- PRBool explicit, optional, universal;
+ PRBool explicit, universal;
/*
@@ -301,7 +301,6 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src)
encode_kind = dtemplate->kind;
explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE;
- optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE;
encode_kind &= ~DER_OPTIONAL;
universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL)
? PR_TRUE : PR_FALSE;
diff --git a/lib/util/manifest.mn b/lib/util/manifest.mn
index 9ff3758f0..36c2d1dfe 100644
--- a/lib/util/manifest.mn
+++ b/lib/util/manifest.mn
@@ -43,6 +43,7 @@ EXPORTS = \
$(NULL)
PRIVATE_EXPORTS = \
+ verref.h \
templates.c \
$(NULL)
diff --git a/lib/util/nssb64e.c b/lib/util/nssb64e.c
index da0702c08..5959982bb 100644
--- a/lib/util/nssb64e.c
+++ b/lib/util/nssb64e.c
@@ -632,7 +632,7 @@ NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt,
{
char *out_string = outStrOpt;
PRUint32 max_out_len;
- PRUint32 out_len;
+ PRUint32 out_len = 0;
void *mark = NULL;
char *dummy;
diff --git a/lib/util/nssrwlk.c b/lib/util/nssrwlk.c
index 65fceda2e..fbbfbd6ee 100644
--- a/lib/util/nssrwlk.c
+++ b/lib/util/nssrwlk.c
@@ -91,7 +91,7 @@ NSSRWLock_New(PRUint32 lock_rank, const char *lock_name)
goto loser;
}
if (lock_name != NULL) {
- rwlock->rw_name = (char*) PR_Malloc(strlen(lock_name) + 1);
+ rwlock->rw_name = (char*) PR_Malloc((PRUint32)strlen(lock_name) + 1);
if (rwlock->rw_name == NULL) {
goto loser;
}
diff --git a/lib/util/quickder.c b/lib/util/quickder.c
index f9776bb9d..bdac9b30f 100644
--- a/lib/util/quickder.c
+++ b/lib/util/quickder.c
@@ -146,7 +146,7 @@ static SECStatus GetItem(SECItem* src, SECItem* dest, PRBool includeTag)
PORT_SetError(SEC_ERROR_BAD_DER);
return SECFailure;
}
- src->len -= (dest->data - src->data) + dest->len;
+ src->len -= (int)(dest->data - src->data) + dest->len;
src->data = dest->data + dest->len;
return SECSuccess;
}
@@ -270,13 +270,9 @@ static SECStatus MatchComponentType(const SEC_ASN1Template* templateEntry,
if ( (tag & SEC_ASN1_CLASS_MASK) !=
(((unsigned char)kind) & SEC_ASN1_CLASS_MASK) )
{
-#ifdef DEBUG
/* this is only to help debugging of the decoder in case of problems */
- unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK;
- unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK;
- tagclass = tagclass;
- expectedclass = expectedclass;
-#endif
+ /* unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; */
+ /* unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; */
*match = PR_FALSE;
return SECSuccess;
}
@@ -663,7 +659,6 @@ static SECStatus DecodeItem(void* dest,
PRBool save = PR_FALSE;
unsigned long kind;
PRBool match = PR_TRUE;
- PRBool optional = PR_FALSE;
PR_ASSERT(src && dest && templateEntry && arena);
#if 0
@@ -678,7 +673,6 @@ static SECStatus DecodeItem(void* dest,
{
/* do the template validation */
kind = templateEntry->kind;
- optional = (0 != (kind & SEC_ASN1_OPTIONAL));
if (!kind)
{
PORT_SetError(SEC_ERROR_BAD_TEMPLATE);
diff --git a/lib/util/secoid.c b/lib/util/secoid.c
index a8ef5ec1f..0414c47e4 100644
--- a/lib/util/secoid.c
+++ b/lib/util/secoid.c
@@ -486,9 +486,6 @@ CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2};
CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3};
CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4};
-CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2};
-CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3};
-CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4};
CONST_OID sha256[] = { SHAXXX, 1 };
CONST_OID sha384[] = { SHAXXX, 2 };
@@ -1872,7 +1869,7 @@ static PLHashTable *oidmechhash = NULL;
static PLHashNumber
secoid_HashNumber(const void *key)
{
- return (PLHashNumber) key;
+ return (PLHashNumber)((char *)key - (char *)NULL);
}
static void
@@ -1913,9 +1910,9 @@ SECOID_Init(void)
const SECOidData *oid;
int i;
char * envVal;
- volatile char c; /* force a reference that won't get optimized away */
- c = __nss_util_version[0];
+#define NSS_VERSION_VARIABLE __nss_util_version
+#include "verref.h"
if (oidhash) {
return SECSuccess; /* already initialized */
diff --git a/lib/util/secport.c b/lib/util/secport.c
index 106399d24..723d89b35 100644
--- a/lib/util/secport.c
+++ b/lib/util/secport.c
@@ -466,7 +466,7 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero)
PZ_Lock(pool->lock);
#ifdef THREADMARK
{
- threadmark_mark **pw, *tm;
+ threadmark_mark **pw;
if (PR_GetCurrentThread() != pool->marking_thread ) {
PZ_Unlock(pool->lock);
@@ -488,7 +488,6 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero)
return /* no error indication available */ ;
}
- tm = *pw;
*pw = (threadmark_mark *)NULL;
if (zero) {
@@ -536,7 +535,7 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark)
#ifdef THREADMARK
PORTArenaPool *pool = (PORTArenaPool *)arena;
if (ARENAPOOL_MAGIC == pool->magic ) {
- threadmark_mark **pw, *tm;
+ threadmark_mark **pw;
PZ_Lock(pool->lock);
@@ -560,7 +559,6 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark)
return /* no error indication available */ ;
}
- tm = *pw;
*pw = (threadmark_mark *)NULL;
if (! pool->first_mark ) {
diff --git a/lib/util/secport.h b/lib/util/secport.h
index 5b09b9cb8..2f50f9657 100644
--- a/lib/util/secport.h
+++ b/lib/util/secport.h
@@ -87,6 +87,13 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str);
SEC_END_PROTOS
#define PORT_Assert PR_ASSERT
+/* Unlike PORT_Assert, which does nothing in an optimized build, PORT_AssertSuccess
+ * is run all the time. */
+#ifdef DEBUG
+#define PORT_AssertSuccess(f) PR_ASSERT((f) == SECSuccess)
+#else
+#define PORT_AssertSuccess(f) (f)
+#endif
#define PORT_ZNew(type) (type*)PORT_ZAlloc(sizeof(type))
#define PORT_New(type) (type*)PORT_Alloc(sizeof(type))
#define PORT_ArenaNew(poolp, type) \
diff --git a/lib/util/verref.h b/lib/util/verref.h
new file mode 100644
index 000000000..b6a44a677
--- /dev/null
+++ b/lib/util/verref.h
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This header is used inline in a function to ensure that a version string
+ * symbol is linked in and not optimized out. A volatile reference is added to
+ * the variable identified by NSS_VERSION_VARIABLE.
+ *
+ * Use this as follows:
+ *
+ * #define NSS_VERSION_VARIABLE __nss_ssl_version
+ * #include "verref.h"
+ */
+
+/* Suppress unused variable warnings. */
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable: 4101)
+#endif
+/* This works for both gcc and clang */
+#ifdef __GNUC__
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-variable"
+#endif
+
+#ifndef NSS_VERSION_VARIABLE
+#error NSS_VERSION_VARIABLE must be set before including "verref.h"
+#endif
+{
+ extern const char NSS_VERSION_VARIABLE[];
+ volatile const char _nss_version_c = NSS_VERSION_VARIABLE[0];
+}
+#undef NSS_VERSION_VARIABLE
+
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+#ifdef __GNUC__
+#pragma GCC diagnostic pop
+#endif