diff options
Diffstat (limited to 'lib')
133 files changed, 960 insertions, 1015 deletions
diff --git a/lib/base/hash.c b/lib/base/hash.c index 514e547ac..7eaaf6ff0 100644 --- a/lib/base/hash.c +++ b/lib/base/hash.c @@ -51,9 +51,7 @@ nss_identity_hash const void *key ) { - PRUint32 i = (PRUint32)key; - PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); - return (PLHashNumber)i; + return (PLHashNumber)((char *)key - (char *)NULL); } static PLHashNumber diff --git a/lib/base/list.c b/lib/base/list.c index d6773d743..5f34923b2 100644 --- a/lib/base/list.c +++ b/lib/base/list.c @@ -217,9 +217,8 @@ nsslist_add_element(nssList *list, void *data) NSS_IMPLEMENT PRStatus nssList_Add(nssList *list, void *data) { - PRStatus nssrv; NSSLIST_LOCK_IF(list); - nssrv = nsslist_add_element(list, data); + (void)nsslist_add_element(list, data); NSSLIST_UNLOCK_IF(list); return PR_SUCCESS; } diff --git a/lib/base/tracker.c b/lib/base/tracker.c index 95881f911..06e2baf2a 100644 --- a/lib/base/tracker.c +++ b/lib/base/tracker.c @@ -29,7 +29,7 @@ identity_hash const void *key ) { - return (PLHashNumber)key; + return (PLHashNumber)((char *)key - (char *)NULL); } /* diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c index 2581be227..f282bbb9f 100644 --- a/lib/certdb/certdb.c +++ b/lib/certdb/certdb.c @@ -2443,7 +2443,6 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, { unsigned int i; CERTCertificate **certs = NULL; - SECStatus rv; unsigned int fcerts = 0; if ( ncerts ) { @@ -2491,10 +2490,11 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, * know which cert it belongs to. But we still may try * the individual canickname from the cert itself. */ - rv = CERT_AddTempCertToPerm(certs[i], canickname, NULL); + /* Bug 1192442 - propagate errors from these calls. */ + (void)CERT_AddTempCertToPerm(certs[i], canickname, NULL); } else { - rv = CERT_AddTempCertToPerm(certs[i], - nickname?nickname:canickname, NULL); + (void)CERT_AddTempCertToPerm(certs[i], + nickname?nickname:canickname, NULL); } PORT_Free(canickname); @@ -2511,7 +2511,7 @@ CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage, } } - return ((fcerts || !ncerts) ? SECSuccess : SECFailure); + return (fcerts || !ncerts) ? SECSuccess : SECFailure; } /* @@ -2893,15 +2893,16 @@ CERT_LockCertRefCount(CERTCertificate *cert) void CERT_UnlockCertRefCount(CERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certRefCountLock != NULL); - prstat = PZ_Unlock(certRefCountLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certRefCountLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certRefCountLock); +#endif } static PZLock *certTrustLock = NULL; @@ -2973,15 +2974,16 @@ cert_DestroyLocks(void) void CERT_UnlockCertTrust(const CERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certTrustLock != NULL); - prstat = PZ_Unlock(certTrustLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certTrustLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certTrustLock); +#endif } diff --git a/lib/certdb/crl.c b/lib/certdb/crl.c index 9f9aa0b2a..c1a10ef59 100644 --- a/lib/certdb/crl.c +++ b/lib/certdb/crl.c @@ -627,7 +627,6 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, CERTSignedCrl *oldCrl = NULL, *crl = NULL; PRBool deleteOldCrl = PR_FALSE; CK_OBJECT_HANDLE crlHandle = CK_INVALID_HANDLE; - SECStatus rv; PORT_Assert(newCrl); PORT_Assert(derCrl); @@ -640,8 +639,8 @@ crl_storeCRL (PK11SlotInfo *slot,char *url, /* we can't use the cache here because we must look in the same token */ - rv = SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, - &oldCrl, CRL_DECODE_SKIP_ENTRIES); + (void)SEC_FindCrlByKeyOnSlot(slot, &newCrl->crl.derName, type, + &oldCrl, CRL_DECODE_SKIP_ENTRIES); /* if there is an old crl on the token, make sure the one we are installing is newer. If not, exit out, otherwise delete the old crl. @@ -2693,7 +2692,7 @@ cert_CheckCertRevocationStatus(CERTCertificate* cert, CERTCertificate* issuer, } if (SECFailure == rv) { - SECStatus rv2 = CERT_FindCRLEntryReasonExten(entry, &reason); + (void)CERT_FindCRLEntryReasonExten(entry, &reason); PORT_SetError(SEC_ERROR_REVOKED_CERTIFICATE); } break; @@ -3050,7 +3049,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, { NamedCRLCacheEntry* oldEntry, * newEntry = NULL; NamedCRLCache* ncc = NULL; - SECStatus rv = SECSuccess, rv2; + SECStatus rv = SECSuccess; PORT_Assert(namedCRLCache.lock); PORT_Assert(namedCRLCache.entries); @@ -3088,8 +3087,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, (void*) newEntry)) { PORT_Assert(0); - rv2 = NamedCRLCacheEntry_Destroy(newEntry); - PORT_Assert(SECSuccess == rv2); + NamedCRLCacheEntry_Destroy(newEntry); rv = SECFailure; } } @@ -3112,8 +3110,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - rv2 = NamedCRLCacheEntry_Destroy(oldEntry); - PORT_Assert(SECSuccess == rv2); + PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3160,8 +3157,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } else { - rv2 = NamedCRLCacheEntry_Destroy(oldEntry); - PORT_Assert(SECSuccess == rv2); + PORT_AssertSuccess(NamedCRLCacheEntry_Destroy(oldEntry)); } if (NULL == PL_HashTableAdd(namedCRLCache.entries, (void*) newEntry->canonicalizedName, @@ -3173,8 +3169,7 @@ SECStatus cert_CacheCRLByGeneralName(CERTCertDBHandle* dbhandle, SECItem* crl, } } } - rv2 = cert_ReleaseNamedCRLCache(ncc); - PORT_Assert(SECSuccess == rv2); + PORT_AssertSuccess(cert_ReleaseNamedCRLCache(ncc)); return rv; } diff --git a/lib/certdb/genname.c b/lib/certdb/genname.c index 04c8a7712..6529a6a09 100644 --- a/lib/certdb/genname.c +++ b/lib/certdb/genname.c @@ -67,16 +67,6 @@ static const SEC_ASN1Template CERTOtherNameTemplate[] = { sizeof(CERTGeneralName) } }; -static const SEC_ASN1Template CERTOtherName2Template[] = { - { SEC_ASN1_SEQUENCE | SEC_ASN1_CONTEXT_SPECIFIC | 0 , - 0, NULL, sizeof(CERTGeneralName) }, - { SEC_ASN1_OBJECT_ID, - offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, oid) }, - { SEC_ASN1_ANY, - offsetof(CERTGeneralName, name.OthName) + offsetof(OtherName, name) }, - { 0, } -}; - static const SEC_ASN1Template CERT_RFC822NameTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1 , offsetof(CERTGeneralName, name.other), diff --git a/lib/certdb/secname.c b/lib/certdb/secname.c index d070bbfc7..88a0cf75e 100644 --- a/lib/certdb/secname.c +++ b/lib/certdb/secname.c @@ -240,14 +240,6 @@ CERT_CopyAVA(PLArenaPool *arena, CERTAVA *from) return 0; } -/************************************************************************/ -/* XXX This template needs to go away in favor of the new SEC_ASN1 version. */ -static const SEC_ASN1Template cert_RDNTemplate[] = { - { SEC_ASN1_SET_OF, - offsetof(CERTRDN,avas), cert_AVATemplate, sizeof(CERTRDN) } -}; - - CERTRDN * CERT_CreateRDN(PLArenaPool *arena, CERTAVA *ava0, ...) { diff --git a/lib/certhigh/certhigh.c b/lib/certhigh/certhigh.c index 74651baf2..b06b7af33 100644 --- a/lib/certhigh/certhigh.c +++ b/lib/certhigh/certhigh.c @@ -24,8 +24,6 @@ CERT_MatchNickname(char *name1, char *name2) { char *nickname2 = NULL; char *token1; char *token2; - char *token = NULL; - int len; /* first deal with the straight comparison */ if (PORT_Strcmp(name1, name2) == 0) { @@ -40,20 +38,17 @@ CERT_MatchNickname(char *name1, char *name2) { return PR_FALSE; } if (token1) { - token=name1; nickname1=token1; nickname2=name2; } else { - token=name2; nickname1=token2; nickname2=name1; } - len = nickname1-token; nickname1++; if (PORT_Strcmp(nickname1,nickname2) != 0) { return PR_FALSE; } - /* compare the other token with the internal slot here */ + /* Bug 1192443 - compare the other token with the internal slot here */ return PR_TRUE; } diff --git a/lib/certhigh/certvfypkix.c b/lib/certhigh/certvfypkix.c index dcb2dbf2c..35f841e58 100644 --- a/lib/certhigh/certvfypkix.c +++ b/lib/certhigh/certvfypkix.c @@ -1412,13 +1412,13 @@ setRevocationMethod(PKIX_RevocationChecker *revChecker, { PKIX_UInt32 methodFlags = 0; PKIX_Error *error = NULL; - int priority = 0; + PKIX_UInt32 priority = 0; - if (revTest->number_of_defined_methods <= certRevMethod) { + if (revTest->number_of_defined_methods <= (PRUint32)certRevMethod) { return NULL; } if (revTest->preferred_methods) { - int i = 0; + unsigned int i = 0; for (;i < revTest->number_of_preferred_methods;i++) { if (revTest->preferred_methods[i] == certRevMethod) break; diff --git a/lib/certhigh/ocsp.c b/lib/certhigh/ocsp.c index 59b341f1e..86ae0a063 100644 --- a/lib/certhigh/ocsp.c +++ b/lib/certhigh/ocsp.c @@ -559,14 +559,19 @@ ocsp_RemoveCacheItem(OCSPCacheData *cache, OCSPCacheItem *item) * because of an allocation failure, or it could get removed because we're * cleaning up. */ - PRBool couldRemoveFromHashTable; OCSP_TRACE(("OCSP ocsp_RemoveCacheItem, THREADID %p\n", PR_GetCurrentThread())); PR_EnterMonitor(OCSP_Global.monitor); ocsp_RemoveCacheItemFromLinkedList(cache, item); - couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, - item->certID); - PORT_Assert(couldRemoveFromHashTable); +#ifdef DEBUG + { + PRBool couldRemoveFromHashTable = PL_HashTableRemove(cache->entries, + item->certID); + PORT_Assert(couldRemoveFromHashTable); + } +#else + PL_HashTableRemove(cache->entries, item->certID); +#endif --cache->numberOfEntries; ocsp_FreeCacheItem(item); PR_ExitMonitor(OCSP_Global.monitor); diff --git a/lib/ckfw/builtins/binst.c b/lib/ckfw/builtins/binst.c index 8940ea035..8cb057d96 100644 --- a/lib/ckfw/builtins/binst.c +++ b/lib/ckfw/builtins/binst.c @@ -65,10 +65,8 @@ builtins_mdInstance_GetLibraryVersion NSSCKFWInstance *fwInstance ) { - extern const char __nss_builtins_version[]; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_builtins_version[0]; +#define NSS_VERSION_VARIABLE __nss_builtins_version +#include "verref.h" return nss_builtins_LibraryVersion; } diff --git a/lib/ckfw/builtins/certdata.perl b/lib/ckfw/builtins/certdata.perl index 56771f5cb..e77decf9f 100644 --- a/lib/ckfw/builtins/certdata.perl +++ b/lib/ckfw/builtins/certdata.perl @@ -11,7 +11,6 @@ my $o; my @objects = (); my @objsize; -$constants{CKO_DATA} = "static const CK_OBJECT_CLASS cko_data = CKO_DATA;\n"; $constants{CK_TRUE} = "static const CK_BBOOL ck_true = CK_TRUE;\n"; $constants{CK_FALSE} = "static const CK_BBOOL ck_false = CK_FALSE;\n"; diff --git a/lib/ckfw/hash.c b/lib/ckfw/hash.c index 51f53b1a9..e4f6ce2bd 100644 --- a/lib/ckfw/hash.c +++ b/lib/ckfw/hash.c @@ -48,9 +48,7 @@ nss_ckfw_identity_hash const void *key ) { - PRUint32 i = (PRUint32)key; - PR_ASSERT(sizeof(PLHashNumber) == sizeof(PRUint32)); - return (PLHashNumber)i; + return (PLHashNumber)((char *)key - (char *)NULL); } /* diff --git a/lib/ckfw/token.c b/lib/ckfw/token.c index aaaf11888..4a9757643 100644 --- a/lib/ckfw/token.c +++ b/lib/ckfw/token.c @@ -1258,7 +1258,7 @@ nssCKFWToken_GetUTCTime { /* Format is YYYYMMDDhhmmss00 */ int i; - int Y, M, D, h, m, s, z; + int Y, M, D, h, m, s; static int dims[] = { 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; for( i = 0; i < 16; i++ ) { @@ -1274,7 +1274,6 @@ nssCKFWToken_GetUTCTime h = ((utcTime[ 8] - '0') * 10) + (utcTime[ 9] - '0'); m = ((utcTime[10] - '0') * 10) + (utcTime[11] - '0'); s = ((utcTime[12] - '0') * 10) + (utcTime[13] - '0'); - z = ((utcTime[14] - '0') * 10) + (utcTime[15] - '0'); if( (Y < 1990) || (Y > 3000) ) goto badtime; /* Y3K problem. heh heh heh */ if( (M < 1) || (M > 12) ) goto badtime; diff --git a/lib/crmf/cmmfchal.c b/lib/crmf/cmmfchal.c index 8f7b2982a..bf0b7ba37 100644 --- a/lib/crmf/cmmfchal.c +++ b/lib/crmf/cmmfchal.c @@ -30,7 +30,6 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}}; PK11SlotInfo *slot; PK11SymKey *symKey = NULL; - CK_OBJECT_HANDLE id; CERTSubjectPublicKeyInfo *spki = NULL; @@ -76,7 +75,7 @@ cmmf_create_witness_and_challenge(PLArenaPool *poolp, rv = SECFailure; goto loser; } - id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); + (void)PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); /* In order to properly encrypt the data, we import as a symmetric * key, and then wrap that key. That in essence encrypts the data. * This is the method recommended in the PK11 world in order diff --git a/lib/crmf/crmfcont.c b/lib/crmf/crmfcont.c index cc386ea30..4e274d32c 100644 --- a/lib/crmf/crmfcont.c +++ b/lib/crmf/crmfcont.c @@ -857,7 +857,6 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, { SECKEYPublicKey *caPubKey = NULL; CRMFEncryptedKey *encKey = NULL; - CRMFEncryptedValue *dummy; PORT_Assert(inPrivKey != NULL && inCACert != NULL); if (inPrivKey == NULL || inCACert == NULL) { @@ -873,10 +872,17 @@ CRMF_CreateEncryptedKeyWithEncryptedValue (SECKEYPrivateKey *inPrivKey, if (encKey == NULL) { goto loser; } - dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, - caPubKey, - &encKey->value.encryptedValue); - PORT_Assert(dummy == &encKey->value.encryptedValue); +#ifdef DEBUG + { + CRMFEncryptedValue *dummy = + crmf_create_encrypted_value_wrapped_privkey( + inPrivKey, caPubKey, &encKey->value.encryptedValue); + PORT_Assert(dummy == &encKey->value.encryptedValue); + } +#else + crmf_create_encrypted_value_wrapped_privkey( + inPrivKey, caPubKey, &encKey->value.encryptedValue); +#endif /* We won't add the der value here, but rather when it * becomes part of a certificate request. */ diff --git a/lib/crmf/crmfi.h b/lib/crmf/crmfi.h index 0dc9b4986..fd27a9b9a 100644 --- a/lib/crmf/crmfi.h +++ b/lib/crmf/crmfi.h @@ -52,7 +52,7 @@ struct crmfEncoderArg { SECItem *buffer; - long allocatedLen; + unsigned long allocatedLen; }; struct crmfEncoderOutput { diff --git a/lib/crmf/crmfpop.c b/lib/crmf/crmfpop.c index 78381bf79..2d4e32699 100644 --- a/lib/crmf/crmfpop.c +++ b/lib/crmf/crmfpop.c @@ -10,7 +10,7 @@ #include "keyhi.h" #include "cryptohi.h" -#define CRMF_DEFAULT_ALLOC_SIZE 1024 +#define CRMF_DEFAULT_ALLOC_SIZE 1024U SECStatus crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, @@ -33,7 +33,6 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) { - SECItem *dummy; CRMFProofOfPossession *pop; PLArenaPool *poolp; void *mark; @@ -52,9 +51,9 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) pop->popChoice.raVerified.data = NULL; pop->popChoice.raVerified.len = 0; inCertReqMsg->pop = pop; - dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), - &(pop->popChoice.raVerified), - CRMFRAVerifiedTemplate); + (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), + &(pop->popChoice.raVerified), + CRMFRAVerifiedTemplate); return SECSuccess; loser: PORT_ArenaRelease(poolp, mark); diff --git a/lib/crmf/crmftmpl.c b/lib/crmf/crmftmpl.c index 73d75f8b7..320d52463 100644 --- a/lib/crmf/crmftmpl.c +++ b/lib/crmf/crmftmpl.c @@ -138,19 +138,6 @@ const SEC_ASN1Template CRMFCertReqMessagesTemplate[] = { CRMFCertReqMsgTemplate, sizeof (CRMFCertReqMessages)} }; -static const SEC_ASN1Template CRMFPOPOSigningKeyInputTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL,sizeof(CRMFPOPOSigningKeyInput) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | - SEC_ASN1_CONTEXT_SPECIFIC | 0, - offsetof(CRMFPOPOSigningKeyInput, authInfo.sender) }, - { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL | 1, - offsetof (CRMFPOPOSigningKeyInput, authInfo.publicKeyMAC) }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, - offsetof(CRMFPOPOSigningKeyInput, publicKey), - SEC_ASN1_SUB(CERT_SubjectPublicKeyInfoTemplate) }, - { 0 } -}; - const SEC_ASN1Template CRMFRAVerifiedTemplate[] = { { SEC_ASN1_CONTEXT_SPECIFIC | 0 | SEC_ASN1_XTRN, 0, @@ -252,19 +239,3 @@ const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate [] = { CRMFEncryptedValueTemplate}, { 0 } }; - -static const SEC_ASN1Template CRMFSinglePubInfoTemplate[] = { - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (CRMFSinglePubInfo)}, - { SEC_ASN1_INTEGER, offsetof(CRMFSinglePubInfo, pubMethod) }, - { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC, - offsetof(CRMFSinglePubInfo, pubLocation) }, - { 0 } -}; - -static const SEC_ASN1Template CRMFPublicationInfoTemplate[] ={ - { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(CRMFPKIPublicationInfo) }, - { SEC_ASN1_INTEGER, offsetof(CRMFPKIPublicationInfo, action) }, - { SEC_ASN1_POINTER, offsetof(CRMFPKIPublicationInfo, pubInfos), - CRMFSinglePubInfoTemplate}, - { 0 } -}; diff --git a/lib/dbm/src/h_page.c b/lib/dbm/src/h_page.c index 890e86828..cc0249473 100644 --- a/lib/dbm/src/h_page.c +++ b/lib/dbm/src/h_page.c @@ -720,23 +720,6 @@ __get_page(HTAB *hashp, PAGE_INIT(p); } else { -#ifdef DEBUG - if(BYTE_ORDER == LITTLE_ENDIAN) - { - int is_little_endian; - is_little_endian = BYTE_ORDER; - } - else if(BYTE_ORDER == BIG_ENDIAN) - { - int is_big_endian; - is_big_endian = BYTE_ORDER; - } - else - { - assert(0); - } -#endif - if (hashp->LORDER != BYTE_ORDER) { register int i, max; diff --git a/lib/dev/devslot.c b/lib/dev/devslot.c index d97cbba32..f49915ee1 100644 --- a/lib/dev/devslot.c +++ b/lib/dev/devslot.c @@ -25,9 +25,6 @@ /* measured as interval */ static PRIntervalTime s_token_delay_time = 0; -/* The flags needed to open a read-only session. */ -static const CK_FLAGS s_ck_readonly_flags = CKF_SERIAL_SESSION; - NSS_IMPLEMENT PRStatus nssSlot_Destroy ( NSSSlot *slot diff --git a/lib/dev/devtoken.c b/lib/dev/devtoken.c index b6032812f..7223e489b 100644 --- a/lib/dev/devtoken.c +++ b/lib/dev/devtoken.c @@ -1466,7 +1466,6 @@ nssToken_TraverseCertificates ( CK_ATTRIBUTE cert_template[2]; CK_ULONG ctsize; NSSArena *arena; - PRStatus status; PRUint32 arraySize, numHandles; nssCryptokiObject **objects; void *epv = nssToken_GetCryptokiEPV(token); @@ -1544,7 +1543,7 @@ nssToken_TraverseCertificates ( if (objects) { nssCryptokiObject **op; for (op = objects; *op; op++) { - status = (*callback)(*op, arg); + (void)(*callback)(*op, arg); } nss_ZFreeIf(objects); } diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c index 5d4ed18bc..984e05b95 100644 --- a/lib/freebl/cts.c +++ b/lib/freebl/cts.c @@ -185,7 +185,7 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, unsigned char lastBlock[MAX_BLOCK_SIZE]; const unsigned char *tmp; unsigned int tmpLen; - int fullblocks, pad; + unsigned int fullblocks, pad; unsigned int i; SECStatus rv; diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c index cf07eabbe..66c110134 100644 --- a/lib/freebl/dh.c +++ b/lib/freebl/dh.c @@ -205,7 +205,7 @@ DH_Derive(SECItem *publicValue, { mp_int p, Xa, Yb, ZZ, psub1; mp_err err = MP_OKAY; - int len = 0; + unsigned int len = 0; unsigned int nb; unsigned char *secret = NULL; if (!publicValue || !prime || !privateValue || !derivedSecret) { diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c index 4745df4c7..e20db2e6f 100644 --- a/lib/freebl/drbg.c +++ b/lib/freebl/drbg.c @@ -247,26 +247,32 @@ prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, /* * build some fast inline functions for adding. */ -#define PRNG_ADD_CARRY_ONLY(dest, start, cy) \ - carry = cy; \ - for (k1=start; carry && k1 >=0 ; k1--) { \ - carry = !(++dest[k1]); \ - } +#define PRNG_ADD_CARRY_ONLY(dest, start, carry) \ + { \ + int k1; \ + for (k1 = start; carry && k1 >= 0; k1--) { \ + carry = !(++dest[k1]); \ + } \ + } /* * NOTE: dest must be an array for the following to work. */ -#define PRNG_ADD_BITS(dest, dest_len, add, len) \ +#define PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ carry = 0; \ - for (k1=dest_len -1, k2=len-1; k2 >= 0; --k1, --k2) { \ - carry += dest[k1]+ add[k2]; \ - dest[k1] = (PRUint8) carry; \ - carry >>= 8; \ + PORT_Assert((dest_len) >= (len)); \ + { \ + int k1, k2; \ + for (k1 = dest_len - 1, k2 = len - 1; k2 >= 0; --k1, --k2) { \ + carry += dest[k1] + add[k2]; \ + dest[k1] = (PRUint8) carry; \ + carry >>= 8; \ + } \ } -#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len) \ - PRNG_ADD_BITS(dest, dest_len, add, len) \ - PRNG_ADD_CARRY_ONLY(dest, k1, carry) +#define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \ + PRNG_ADD_BITS(dest, dest_len, add, len, carry) \ + PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry) /* * This function expands the internal state of the prng to fulfill any number @@ -286,7 +292,6 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, SHA256Context ctx; unsigned int len; unsigned int carry; - int k1; SHA256_Begin(&ctx); SHA256_Update(&ctx, data, sizeof data); @@ -295,7 +300,8 @@ prng_Hashgen(RNGContext *rng, PRUint8 *returned_bytes, no_of_returned_bytes -= len; /* The carry parameter is a bool (increment or not). * This increments data if no_of_returned_bytes is not zero */ - PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, no_of_returned_bytes); + carry = no_of_returned_bytes; + PRNG_ADD_CARRY_ONLY(data, (sizeof data)- 1, carry); } PORT_Memset(data, 0, sizeof data); } @@ -315,7 +321,6 @@ prng_generateNewBytes(RNGContext *rng, PRUint8 H[SHA256_LENGTH]; /* both H and w since they * aren't used concurrently */ unsigned int carry; - int k1, k2; if (!rng->isValid) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -336,7 +341,7 @@ prng_generateNewBytes(RNGContext *rng, SHA256_Update(&ctx, rng->V_Data, sizeof rng->V_Data); SHA256_Update(&ctx, additional_input, additional_input_len); SHA256_End(&ctx, w, NULL, sizeof w); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w) + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), w, sizeof w, carry) PORT_Memset(w, 0, sizeof w); #undef w } @@ -350,11 +355,12 @@ prng_generateNewBytes(RNGContext *rng, /* advance our internal state... */ rng->V_type = prngGenerateByteType; SHA256_HashBuf(H, rng->V_Data, sizeof rng->V_Data); - PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H) - PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C); + PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), H, sizeof H, carry) + PRNG_ADD_BITS(V(rng), VSize(rng), rng->C, sizeof rng->C, carry); PRNG_ADD_BITS_AND_CARRY(V(rng), VSize(rng), rng->reseed_counter, - sizeof rng->reseed_counter) - PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, 1); + sizeof rng->reseed_counter, carry) + carry = 1; + PRNG_ADD_CARRY_ONLY(rng->reseed_counter,(sizeof rng->reseed_counter)-1, carry); /* continuous rng check */ if (memcmp(V(rng), rng->oldV, sizeof rng->oldV) == 0) { @@ -510,7 +516,7 @@ RNG_RandomUpdate(const void *data, size_t bytes) PR_STATIC_ASSERT(sizeof(size_t) > 4); - if (bytes > PRNG_MAX_ADDITIONAL_BYTES) { + if (bytes > (size_t)PRNG_MAX_ADDITIONAL_BYTES) { bytes = PRNG_MAX_ADDITIONAL_BYTES; } #else diff --git a/lib/freebl/dsa.c b/lib/freebl/dsa.c index ad3ce0043..0da63ed54 100644 --- a/lib/freebl/dsa.c +++ b/lib/freebl/dsa.c @@ -502,7 +502,7 @@ DSA_VerifyDigest(DSAPublicKey *key, const SECItem *signature, mp_int u1, u2, v, w; /* intermediate values used in verification */ mp_int y; /* public key */ mp_err err; - int dsa_subprime_len, dsa_signature_len, offset; + unsigned int dsa_subprime_len, dsa_signature_len, offset; SECItem localDigest; unsigned char localDigestData[DSA_MAX_SUBPRIME_LEN]; SECStatus verified = SECFailure; diff --git a/lib/freebl/ecl/ecl-priv.h b/lib/freebl/ecl/ecl-priv.h index 22dd355a2..16f80a465 100644 --- a/lib/freebl/ecl/ecl-priv.h +++ b/lib/freebl/ecl/ecl-priv.h @@ -29,40 +29,39 @@ ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i)) #if !defined(MP_NO_MP_WORD) && !defined(MP_NO_ADD_WORD) -#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ +#define MP_ADD_CARRY(a1, a2, s, carry) \ { mp_word w; \ - w = ((mp_word)(cin)) + (a1) + (a2); \ + w = ((mp_word)carry) + (a1) + (a2); \ s = ACCUM(w); \ - cout = CARRYOUT(w); } + carry = CARRYOUT(w); } -#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ +#define MP_SUB_BORROW(a1, a2, s, borrow) \ { mp_word w; \ - w = ((mp_word)(a1)) - (a2) - (bin); \ + w = ((mp_word)(a1)) - (a2) - borrow; \ s = ACCUM(w); \ - bout = (w >> MP_DIGIT_BIT) & 1; } + borrow = (w >> MP_DIGIT_BIT) & 1; } #else /* NOTE, - * cin and cout could be the same variable. - * bin and bout could be the same variable. + * carry and borrow are both read and written. * a1 or a2 and s could be the same variable. * don't trash those outputs until their respective inputs have * been read. */ -#define MP_ADD_CARRY(a1, a2, s, cin, cout) \ +#define MP_ADD_CARRY(a1, a2, s, carry) \ { mp_digit tmp,sum; \ tmp = (a1); \ sum = tmp + (a2); \ tmp = (sum < tmp); /* detect overflow */ \ - s = sum += (cin); \ - cout = tmp + (sum < (cin)); } + s = sum += carry; \ + carry = tmp + (sum < carry); } -#define MP_SUB_BORROW(a1, a2, s, bin, bout) \ +#define MP_SUB_BORROW(a1, a2, s, borrow) \ { mp_digit tmp; \ tmp = (a1); \ s = tmp - (a2); \ tmp = (s > tmp); /* detect borrow */ \ - if ((bin) && !s--) tmp++; \ - bout = tmp; } + if (borrow && !s--) tmp++; \ + borrow = tmp; } #endif diff --git a/lib/freebl/ecl/ecl_gf.c b/lib/freebl/ecl/ecl_gf.c index 22047d519..d250d7863 100644 --- a/lib/freebl/ecl/ecl_gf.c +++ b/lib/freebl/ecl/ecl_gf.c @@ -242,9 +242,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -273,9 +274,10 @@ ec_GFp_add_3(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); #else __asm__ ( "subq %3,%0 \n\t" @@ -329,10 +331,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); #else __asm__ ( "xorq %4,%4 \n\t" @@ -364,10 +367,11 @@ ec_GFp_add_4(const mp_int *a, const mp_int *b, mp_int *r, a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); #else __asm__ ( "subq %4,%0 \n\t" @@ -426,11 +430,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); - MP_ADD_CARRY(a4, r4, r4, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a4, r4, r4, carry); MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -450,11 +455,12 @@ ec_GFp_add_5(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); - MP_SUB_BORROW(r4, a4, r4, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r4, a4, r4, carry); MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; MP_DIGIT(r, 2) = r2; @@ -507,12 +513,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, r0 = MP_DIGIT(b,0); } - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); - MP_ADD_CARRY(a3, r3, r3, carry, carry); - MP_ADD_CARRY(a4, r4, r4, carry, carry); - MP_ADD_CARRY(a5, r5, r5, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); + MP_ADD_CARRY(a3, r3, r3, carry); + MP_ADD_CARRY(a4, r4, r4, carry); + MP_ADD_CARRY(a5, r5, r5, carry); MP_CHECKOK(s_mp_pad(r, 6)); MP_DIGIT(r, 5) = r5; @@ -534,12 +541,13 @@ ec_GFp_add_6(const mp_int *a, const mp_int *b, mp_int *r, a2 = MP_DIGIT(&meth->irr,2); a1 = MP_DIGIT(&meth->irr,1); a0 = MP_DIGIT(&meth->irr,0); - MP_SUB_BORROW(r0, a0, r0, 0, carry); - MP_SUB_BORROW(r1, a1, r1, carry, carry); - MP_SUB_BORROW(r2, a2, r2, carry, carry); - MP_SUB_BORROW(r3, a3, r3, carry, carry); - MP_SUB_BORROW(r4, a4, r4, carry, carry); - MP_SUB_BORROW(r5, a5, r5, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a0, r0, carry); + MP_SUB_BORROW(r1, a1, r1, carry); + MP_SUB_BORROW(r2, a2, r2, carry); + MP_SUB_BORROW(r3, a3, r3, carry); + MP_SUB_BORROW(r4, a4, r4, carry); + MP_SUB_BORROW(r5, a5, r5, carry); MP_DIGIT(r, 5) = r5; MP_DIGIT(r, 4) = r4; MP_DIGIT(r, 3) = r3; @@ -587,9 +595,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -610,9 +619,10 @@ ec_GFp_sub_3(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); #else __asm__ ( "addq %3,%0 \n\t" @@ -675,10 +685,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); #else __asm__ ( "xorq %4,%4 \n\t" @@ -701,10 +712,11 @@ ec_GFp_sub_4(const mp_int *a, const mp_int *b, mp_int *r, b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); #else __asm__ ( "addq %4,%0 \n\t" @@ -771,11 +783,12 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -785,10 +798,11 @@ ec_GFp_sub_5(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); } MP_CHECKOK(s_mp_pad(r, 5)); MP_DIGIT(r, 4) = r4; @@ -843,12 +857,13 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b0 = MP_DIGIT(b,0); } - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); - MP_SUB_BORROW(r3, b3, r3, borrow, borrow); - MP_SUB_BORROW(r4, b4, r4, borrow, borrow); - MP_SUB_BORROW(r5, b5, r5, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); + MP_SUB_BORROW(r3, b3, r3, borrow); + MP_SUB_BORROW(r4, b4, r4, borrow); + MP_SUB_BORROW(r5, b5, r5, borrow); /* Do quick 'add' if we've gone under 0 * (subtract the 2's complement of the curve field) */ @@ -859,11 +874,12 @@ ec_GFp_sub_6(const mp_int *a, const mp_int *b, mp_int *r, b2 = MP_DIGIT(&meth->irr,2); b1 = MP_DIGIT(&meth->irr,1); b0 = MP_DIGIT(&meth->irr,0); - MP_ADD_CARRY(b0, r0, r0, 0, borrow); - MP_ADD_CARRY(b1, r1, r1, borrow, borrow); - MP_ADD_CARRY(b2, r2, r2, borrow, borrow); - MP_ADD_CARRY(b3, r3, r3, borrow, borrow); - MP_ADD_CARRY(b4, r4, r4, borrow, borrow); + borrow = 0; + MP_ADD_CARRY(b0, r0, r0, borrow); + MP_ADD_CARRY(b1, r1, r1, borrow); + MP_ADD_CARRY(b2, r2, r2, borrow); + MP_ADD_CARRY(b3, r3, r3, borrow); + MP_ADD_CARRY(b4, r4, r4, borrow); } MP_CHECKOK(s_mp_pad(r, 6)); diff --git a/lib/freebl/ecl/ecl_mult.c b/lib/freebl/ecl/ecl_mult.c index a99ca8250..5932828bd 100644 --- a/lib/freebl/ecl/ecl_mult.c +++ b/lib/freebl/ecl/ecl_mult.c @@ -129,7 +129,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_err res = MP_OKAY; mp_int precomp[4][4][2]; const mp_int *a, *b; - int i, j; + unsigned int i, j; int ai, bi, d; ARGCHK(group != NULL, MP_BADARG); @@ -236,7 +236,7 @@ ec_pts_mul_simul_w2(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_zero(rx); mp_zero(ry); - for (i = d - 1; i >= 0; i--) { + for (i = d; i-- > 0;) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/lib/freebl/ecl/ecp_192.c b/lib/freebl/ecl/ecp_192.c index 70b717a1a..ef11cef99 100644 --- a/lib/freebl/ecl/ecp_192.c +++ b/lib/freebl/ecl/ecp_192.c @@ -72,34 +72,36 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0a = MP_DIGIT(a, 0); /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ - MP_ADD_CARRY(r0a, a3a, r0a, 0, carry); - MP_ADD_CARRY(r0b, a3b, r0b, carry, carry); - MP_ADD_CARRY(r1a, a3a, r1a, carry, carry); - MP_ADD_CARRY(r1b, a3b, r1b, carry, carry); - MP_ADD_CARRY(r2a, a4a, r2a, carry, carry); - MP_ADD_CARRY(r2b, a4b, r2b, carry, carry); + carry = 0; + MP_ADD_CARRY(r0a, a3a, r0a, carry); + MP_ADD_CARRY(r0b, a3b, r0b, carry); + MP_ADD_CARRY(r1a, a3a, r1a, carry); + MP_ADD_CARRY(r1b, a3b, r1b, carry); + MP_ADD_CARRY(r2a, a4a, r2a, carry); + MP_ADD_CARRY(r2b, a4b, r2b, carry); r3 = carry; carry = 0; - MP_ADD_CARRY(r0a, a5a, r0a, 0, carry); - MP_ADD_CARRY(r0b, a5b, r0b, carry, carry); - MP_ADD_CARRY(r1a, a5a, r1a, carry, carry); - MP_ADD_CARRY(r1b, a5b, r1b, carry, carry); - MP_ADD_CARRY(r2a, a5a, r2a, carry, carry); - MP_ADD_CARRY(r2b, a5b, r2b, carry, carry); - r3 += carry; - MP_ADD_CARRY(r1a, a4a, r1a, 0, carry); - MP_ADD_CARRY(r1b, a4b, r1b, carry, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + MP_ADD_CARRY(r0a, a5a, r0a, carry); + MP_ADD_CARRY(r0b, a5b, r0b, carry); + MP_ADD_CARRY(r1a, a5a, r1a, carry); + MP_ADD_CARRY(r1b, a5b, r1b, carry); + MP_ADD_CARRY(r2a, a5a, r2a, carry); + MP_ADD_CARRY(r2b, a5b, r2b, carry); + r3 += carry; carry = 0; + MP_ADD_CARRY(r1a, a4a, r1a, carry); + MP_ADD_CARRY(r1b, a4b, r1b, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); r3 += carry; /* reduce out the carry */ while (r3) { - MP_ADD_CARRY(r0a, r3, r0a, 0, carry); - MP_ADD_CARRY(r0b, 0, r0b, carry, carry); - MP_ADD_CARRY(r1a, r3, r1a, carry, carry); - MP_ADD_CARRY(r1b, 0, r1b, carry, carry); - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); + carry = 0; + MP_ADD_CARRY(r0a, r3, r0a, carry); + MP_ADD_CARRY(r0b, 0, r0b, carry); + MP_ADD_CARRY(r1a, r3, r1a, carry); + MP_ADD_CARRY(r1b, 0, r1b, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); r3 = carry; } @@ -121,8 +123,9 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) (r1a == 0xfffffffe) && (r0a == 0xffffffff) && (r0b == 0xffffffff)) ) { /* do a quick subtract */ - MP_ADD_CARRY(r0a, 1, r0a, 0, carry); - MP_ADD_CARRY(r0b, carry, r0a, 0, carry); + carry = 0; + MP_ADD_CARRY(r0a, 1, r0a, carry); + MP_ADD_CARRY(r0b, carry, r0a, carry); r1a += 1+carry; r1b = r2a = r2b = 0; } @@ -154,16 +157,17 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* implement r = (a2,a1,a0)+(a5,a5,a5)+(a4,a4,0)+(0,a3,a3) */ #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, a3, r0, 0, carry); - MP_ADD_CARRY(r1, a3, r1, carry, carry); - MP_ADD_CARRY(r2, a4, r2, carry, carry); - r3 = carry; - MP_ADD_CARRY(r0, a5, r0, 0, carry); - MP_ADD_CARRY(r1, a5, r1, carry, carry); - MP_ADD_CARRY(r2, a5, r2, carry, carry); - r3 += carry; - MP_ADD_CARRY(r1, a4, r1, 0, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, a3, r0, carry); + MP_ADD_CARRY(r1, a3, r1, carry); + MP_ADD_CARRY(r2, a4, r2, carry); + r3 = carry; carry = 0; + MP_ADD_CARRY(r0, a5, r0, carry); + MP_ADD_CARRY(r1, a5, r1, carry); + MP_ADD_CARRY(r2, a5, r2, carry); + r3 += carry; carry = 0; + MP_ADD_CARRY(r1, a4, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); r3 += carry; #else @@ -195,9 +199,10 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) /* reduce out the carry */ while (r3) { #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, r3, r0, 0, carry); - MP_ADD_CARRY(r1, r3, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, r3, r0, carry); + MP_ADD_CARRY(r1, r3, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); r3 = carry; #else a3=r3; @@ -229,7 +234,8 @@ ec_GFp_nistp192_mod(const mp_int *a, mp_int *r, const GFMethod *meth) ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { /* do a quick subtract */ - MP_ADD_CARRY(r0, 1, r0, 0, carry); + carry = 0; + MP_ADD_CARRY(r0, 1, r0, carry); r1 += 1+carry; r2 = 0; } @@ -280,9 +286,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(a0, r0, r0, 0, carry); - MP_ADD_CARRY(a1, r1, r1, carry, carry); - MP_ADD_CARRY(a2, r2, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(a0, r0, r0, carry); + MP_ADD_CARRY(a1, r1, r1, carry); + MP_ADD_CARRY(a2, r2, r2, carry); #else __asm__ ( "xorq %3,%3 \n\t" @@ -302,9 +309,10 @@ ec_GFp_nistp192_add(const mp_int *a, const mp_int *b, mp_int *r, ((r1 == MP_DIGIT_MAX) || ((r1 == (MP_DIGIT_MAX-1)) && (r0 == MP_DIGIT_MAX))))) { #ifndef MPI_AMD64_ADD - MP_ADD_CARRY(r0, 1, r0, 0, carry); - MP_ADD_CARRY(r1, 1, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, 1, r0, carry); + MP_ADD_CARRY(r1, 1, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); #else __asm__ ( "addq $1,%0 \n\t" @@ -362,9 +370,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, } #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, b0, r0, 0, borrow); - MP_SUB_BORROW(r1, b1, r1, borrow, borrow); - MP_SUB_BORROW(r2, b2, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, b0, r0, borrow); + MP_SUB_BORROW(r1, b1, r1, borrow); + MP_SUB_BORROW(r2, b2, r2, borrow); #else __asm__ ( "xorq %3,%3 \n\t" @@ -382,9 +391,10 @@ ec_GFp_nistp192_sub(const mp_int *a, const mp_int *b, mp_int *r, * (subtract the 2's complement of the curve field) */ if (borrow) { #ifndef MPI_AMD64_ADD - MP_SUB_BORROW(r0, 1, r0, 0, borrow); - MP_SUB_BORROW(r1, 1, r1, borrow, borrow); - MP_SUB_BORROW(r2, 0, r2, borrow, borrow); + borrow = 0; + MP_SUB_BORROW(r0, 1, r0, borrow); + MP_SUB_BORROW(r1, 1, r1, borrow); + MP_SUB_BORROW(r2, 0, r2, borrow); #else __asm__ ( "subq $1,%0 \n\t" diff --git a/lib/freebl/ecl/ecp_224.c b/lib/freebl/ecl/ecp_224.c index 18779ba1b..4faab215b 100644 --- a/lib/freebl/ecl/ecp_224.c +++ b/lib/freebl/ecl/ecp_224.c @@ -72,52 +72,54 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - MP_ADD_CARRY (r1b, a3b, r1b, 0, carry); - MP_ADD_CARRY (r2a, a4a, r2a, carry, carry); - MP_ADD_CARRY (r2b, a4b, r2b, carry, carry); - MP_ADD_CARRY (r3a, a5a, r3a, carry, carry); - r3b = carry; - MP_ADD_CARRY (r1b, a5b, r1b, 0, carry); - MP_ADD_CARRY (r2a, a6a, r2a, carry, carry); - MP_ADD_CARRY (r2b, a6b, r2b, carry, carry); - MP_ADD_CARRY (r3a, 0, r3a, carry, carry); - r3b += carry; - MP_SUB_BORROW(r0a, a3b, r0a, 0, carry); - MP_SUB_BORROW(r0b, a4a, r0b, carry, carry); - MP_SUB_BORROW(r1a, a4b, r1a, carry, carry); - MP_SUB_BORROW(r1b, a5a, r1b, carry, carry); - MP_SUB_BORROW(r2a, a5b, r2a, carry, carry); - MP_SUB_BORROW(r2b, a6a, r2b, carry, carry); - MP_SUB_BORROW(r3a, a6b, r3a, carry, carry); - r3b -= carry; - MP_SUB_BORROW(r0a, a5b, r0a, 0, carry); - MP_SUB_BORROW(r0b, a6a, r0b, carry, carry); - MP_SUB_BORROW(r1a, a6b, r1a, carry, carry); + carry = 0; + MP_ADD_CARRY (r1b, a3b, r1b, carry); + MP_ADD_CARRY (r2a, a4a, r2a, carry); + MP_ADD_CARRY (r2b, a4b, r2b, carry); + MP_ADD_CARRY (r3a, a5a, r3a, carry); + r3b = carry; carry = 0; + MP_ADD_CARRY (r1b, a5b, r1b, carry); + MP_ADD_CARRY (r2a, a6a, r2a, carry); + MP_ADD_CARRY (r2b, a6b, r2b, carry); + MP_ADD_CARRY (r3a, 0, r3a, carry); + r3b += carry; carry = 0; + MP_SUB_BORROW(r0a, a3b, r0a, carry); + MP_SUB_BORROW(r0b, a4a, r0b, carry); + MP_SUB_BORROW(r1a, a4b, r1a, carry); + MP_SUB_BORROW(r1b, a5a, r1b, carry); + MP_SUB_BORROW(r2a, a5b, r2a, carry); + MP_SUB_BORROW(r2b, a6a, r2b, carry); + MP_SUB_BORROW(r3a, a6b, r3a, carry); + r3b -= carry; carry = 0; + MP_SUB_BORROW(r0a, a5b, r0a, carry); + MP_SUB_BORROW(r0b, a6a, r0b, carry); + MP_SUB_BORROW(r1a, a6b, r1a, carry); if (carry) { - MP_SUB_BORROW(r1b, 0, r1b, carry, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry); r3b -= carry; } while (r3b > 0) { int tmp; - MP_ADD_CARRY(r1b, r3b, r1b, 0, carry); + carry = 0; + MP_ADD_CARRY(r1b, r3b, r1b, carry); if (carry) { - MP_ADD_CARRY(r2a, 0, r2a, carry, carry); - MP_ADD_CARRY(r2b, 0, r2b, carry, carry); - MP_ADD_CARRY(r3a, 0, r3a, carry, carry); + MP_ADD_CARRY(r2a, 0, r2a, carry); + MP_ADD_CARRY(r2b, 0, r2b, carry); + MP_ADD_CARRY(r3a, 0, r3a, carry); } - tmp = carry; - MP_SUB_BORROW(r0a, r3b, r0a, 0, carry); + tmp = carry; carry = 0; + MP_SUB_BORROW(r0a, r3b, r0a, carry); if (carry) { - MP_SUB_BORROW(r0b, 0, r0b, carry, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry, carry); - MP_SUB_BORROW(r1b, 0, r1b, carry, carry); - MP_SUB_BORROW(r2a, 0, r2a, carry, carry); - MP_SUB_BORROW(r2b, 0, r2b, carry, carry); - MP_SUB_BORROW(r3a, 0, r3a, carry, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry); + MP_SUB_BORROW(r1b, 0, r1b, carry); + MP_SUB_BORROW(r2a, 0, r2a, carry); + MP_SUB_BORROW(r2b, 0, r2b, carry); + MP_SUB_BORROW(r3a, 0, r3a, carry); tmp -= carry; } r3b = tmp; @@ -125,13 +127,14 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r3b < 0) { mp_digit maxInt = MP_DIGIT_MAX; - MP_ADD_CARRY (r0a, 1, r0a, 0, carry); - MP_ADD_CARRY (r0b, 0, r0b, carry, carry); - MP_ADD_CARRY (r1a, 0, r1a, carry, carry); - MP_ADD_CARRY (r1b, maxInt, r1b, carry, carry); - MP_ADD_CARRY (r2a, maxInt, r2a, carry, carry); - MP_ADD_CARRY (r2b, maxInt, r2b, carry, carry); - MP_ADD_CARRY (r3a, maxInt, r3a, carry, carry); + carry = 0; + MP_ADD_CARRY (r0a, 1, r0a, carry); + MP_ADD_CARRY (r0b, 0, r0b, carry); + MP_ADD_CARRY (r1a, 0, r1a, carry); + MP_ADD_CARRY (r1b, maxInt, r1b, carry); + MP_ADD_CARRY (r2a, maxInt, r2a, carry); + MP_ADD_CARRY (r2b, maxInt, r2b, carry); + MP_ADD_CARRY (r3a, maxInt, r3a, carry); r3b += carry; } /* check for final reduction */ @@ -140,9 +143,10 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && (r2a == MP_DIGIT_MAX) && (r1b == MP_DIGIT_MAX) && ((r1a != 0) || (r0b != 0) || (r0a != 0)) ) { /* one last subraction */ - MP_SUB_BORROW(r0a, 1, r0a, 0, carry); - MP_SUB_BORROW(r0b, 0, r0b, carry, carry); - MP_SUB_BORROW(r1a, 0, r1a, carry, carry); + carry = 0; + MP_SUB_BORROW(r0a, 1, r0a, carry); + MP_SUB_BORROW(r0b, 0, r0b, carry); + MP_SUB_BORROW(r1a, 0, r1a, carry); r1b = r2a = r2b = r3a = 0; } @@ -194,22 +198,26 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) +( 0, a6,a5b, 0) -( 0 0, 0|a6b, a6a|a5b ) -( a6b, a6a|a5b, a5a|a4b, a4a|a3b ) */ - MP_ADD_CARRY (r1, a3b, r1, 0, carry); - MP_ADD_CARRY (r2, a4 , r2, carry, carry); - MP_ADD_CARRY (r3, a5a, r3, carry, carry); - MP_ADD_CARRY (r1, a5b, r1, 0, carry); - MP_ADD_CARRY (r2, a6 , r2, carry, carry); - MP_ADD_CARRY (r3, 0, r3, carry, carry); + carry = 0; + MP_ADD_CARRY (r1, a3b, r1, carry); + MP_ADD_CARRY (r2, a4 , r2, carry); + MP_ADD_CARRY (r3, a5a, r3, carry); + carry = 0; + MP_ADD_CARRY (r1, a5b, r1, carry); + MP_ADD_CARRY (r2, a6 , r2, carry); + MP_ADD_CARRY (r3, 0, r3, carry); - MP_SUB_BORROW(r0, a4a_a3b, r0, 0, carry); - MP_SUB_BORROW(r1, a5a_a4b, r1, carry, carry); - MP_SUB_BORROW(r2, a6a_a5b, r2, carry, carry); - MP_SUB_BORROW(r3, a6b , r3, carry, carry); - MP_SUB_BORROW(r0, a6a_a5b, r0, 0, carry); - MP_SUB_BORROW(r1, a6b , r1, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a4a_a3b, r0, carry); + MP_SUB_BORROW(r1, a5a_a4b, r1, carry); + MP_SUB_BORROW(r2, a6a_a5b, r2, carry); + MP_SUB_BORROW(r3, a6b , r3, carry); + carry = 0; + MP_SUB_BORROW(r0, a6a_a5b, r0, carry); + MP_SUB_BORROW(r1, a6b , r1, carry); if (carry) { - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); } @@ -218,25 +226,28 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r3b = (int)(r3 >>32); while (r3b > 0) { r3 &= 0xffffffff; - MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, 0, carry); + carry = 0; + MP_ADD_CARRY(r1,((mp_digit)r3b) << 32, r1, carry); if (carry) { - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, 0, r3, carry, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, 0, r3, carry); } - MP_SUB_BORROW(r0, r3b, r0, 0, carry); + carry = 0; + MP_SUB_BORROW(r0, r3b, r0, carry); if (carry) { - MP_SUB_BORROW(r1, 0, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); + MP_SUB_BORROW(r1, 0, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); } r3b = (int)(r3 >>32); } while (r3b < 0) { - MP_ADD_CARRY (r0, 1, r0, 0, carry); - MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry, carry); - MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry, carry); - MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry, carry); + carry = 0; + MP_ADD_CARRY (r0, 1, r0, carry); + MP_ADD_CARRY (r1, MP_DIGIT_MAX <<32, r1, carry); + MP_ADD_CARRY (r2, MP_DIGIT_MAX, r2, carry); + MP_ADD_CARRY (r3, MP_DIGIT_MAX >> 32, r3, carry); r3b = (int)(r3 >>32); } /* check for final reduction */ @@ -247,8 +258,9 @@ ec_GFp_nistp224_mod(const mp_int *a, mp_int *r, const GFMethod *meth) && ((r1 & MP_DIGIT_MAX << 32)== MP_DIGIT_MAX << 32) && ((r1 != MP_DIGIT_MAX << 32 ) || (r0 != 0)) ) { /* one last subraction */ - MP_SUB_BORROW(r0, 1, r0, 0, carry); - MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, 1, r0, carry); + MP_SUB_BORROW(r1, MP_DIGIT_MAX << 32, r1, carry); r2 = r3 = 0; } diff --git a/lib/freebl/ecl/ecp_256.c b/lib/freebl/ecl/ecp_256.c index a834d15d4..936ee6ddd 100644 --- a/lib/freebl/ecl/ecp_256.c +++ b/lib/freebl/ecl/ecp_256.c @@ -68,115 +68,118 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r7 = MP_DIGIT(a,7); /* sum 1 */ - MP_ADD_CARRY(r3, a11, r3, 0, carry); - MP_ADD_CARRY(r4, a12, r4, carry, carry); - MP_ADD_CARRY(r5, a13, r5, carry, carry); - MP_ADD_CARRY(r6, a14, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); - r8 = carry; - MP_ADD_CARRY(r3, a11, r3, 0, carry); - MP_ADD_CARRY(r4, a12, r4, carry, carry); - MP_ADD_CARRY(r5, a13, r5, carry, carry); - MP_ADD_CARRY(r6, a14, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); - r8 += carry; + carry = 0; + MP_ADD_CARRY(r3, a11, r3, carry); + MP_ADD_CARRY(r4, a12, r4, carry); + MP_ADD_CARRY(r5, a13, r5, carry); + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); + r8 = carry; carry = 0; + MP_ADD_CARRY(r3, a11, r3, carry); + MP_ADD_CARRY(r4, a12, r4, carry); + MP_ADD_CARRY(r5, a13, r5, carry); + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); + r8 += carry; carry = 0; /* sum 2 */ - MP_ADD_CARRY(r3, a12, r3, 0, carry); - MP_ADD_CARRY(r4, a13, r4, carry, carry); - MP_ADD_CARRY(r5, a14, r5, carry, carry); - MP_ADD_CARRY(r6, a15, r6, carry, carry); - MP_ADD_CARRY(r7, 0, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r3, a12, r3, carry); + MP_ADD_CARRY(r4, a13, r4, carry); + MP_ADD_CARRY(r5, a14, r5, carry); + MP_ADD_CARRY(r6, a15, r6, carry); + MP_ADD_CARRY(r7, 0, r7, carry); + r8 += carry; carry = 0; /* combine last bottom of sum 3 with second sum 2 */ - MP_ADD_CARRY(r0, a8, r0, 0, carry); - MP_ADD_CARRY(r1, a9, r1, carry, carry); - MP_ADD_CARRY(r2, a10, r2, carry, carry); - MP_ADD_CARRY(r3, a12, r3, carry, carry); - MP_ADD_CARRY(r4, a13, r4, carry, carry); - MP_ADD_CARRY(r5, a14, r5, carry, carry); - MP_ADD_CARRY(r6, a15, r6, carry, carry); - MP_ADD_CARRY(r7, a15, r7, carry, carry); /* from sum 3 */ - r8 += carry; + MP_ADD_CARRY(r0, a8, r0, carry); + MP_ADD_CARRY(r1, a9, r1, carry); + MP_ADD_CARRY(r2, a10, r2, carry); + MP_ADD_CARRY(r3, a12, r3, carry); + MP_ADD_CARRY(r4, a13, r4, carry); + MP_ADD_CARRY(r5, a14, r5, carry); + MP_ADD_CARRY(r6, a15, r6, carry); + MP_ADD_CARRY(r7, a15, r7, carry); /* from sum 3 */ + r8 += carry; carry = 0; /* sum 3 (rest of it)*/ - MP_ADD_CARRY(r6, a14, r6, 0, carry); - MP_ADD_CARRY(r7, 0, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r6, a14, r6, carry); + MP_ADD_CARRY(r7, 0, r7, carry); + r8 += carry; carry = 0; /* sum 4 (rest of it)*/ - MP_ADD_CARRY(r0, a9, r0, 0, carry); - MP_ADD_CARRY(r1, a10, r1, carry, carry); - MP_ADD_CARRY(r2, a11, r2, carry, carry); - MP_ADD_CARRY(r3, a13, r3, carry, carry); - MP_ADD_CARRY(r4, a14, r4, carry, carry); - MP_ADD_CARRY(r5, a15, r5, carry, carry); - MP_ADD_CARRY(r6, a13, r6, carry, carry); - MP_ADD_CARRY(r7, a8, r7, carry, carry); - r8 += carry; + MP_ADD_CARRY(r0, a9, r0, carry); + MP_ADD_CARRY(r1, a10, r1, carry); + MP_ADD_CARRY(r2, a11, r2, carry); + MP_ADD_CARRY(r3, a13, r3, carry); + MP_ADD_CARRY(r4, a14, r4, carry); + MP_ADD_CARRY(r5, a15, r5, carry); + MP_ADD_CARRY(r6, a13, r6, carry); + MP_ADD_CARRY(r7, a8, r7, carry); + r8 += carry; carry = 0; /* diff 5 */ - MP_SUB_BORROW(r0, a11, r0, 0, carry); - MP_SUB_BORROW(r1, a12, r1, carry, carry); - MP_SUB_BORROW(r2, a13, r2, carry, carry); - MP_SUB_BORROW(r3, 0, r3, carry, carry); - MP_SUB_BORROW(r4, 0, r4, carry, carry); - MP_SUB_BORROW(r5, 0, r5, carry, carry); - MP_SUB_BORROW(r6, a8, r6, carry, carry); - MP_SUB_BORROW(r7, a10, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a11, r0, carry); + MP_SUB_BORROW(r1, a12, r1, carry); + MP_SUB_BORROW(r2, a13, r2, carry); + MP_SUB_BORROW(r3, 0, r3, carry); + MP_SUB_BORROW(r4, 0, r4, carry); + MP_SUB_BORROW(r5, 0, r5, carry); + MP_SUB_BORROW(r6, a8, r6, carry); + MP_SUB_BORROW(r7, a10, r7, carry); + r8 -= carry; carry = 0; /* diff 6 */ - MP_SUB_BORROW(r0, a12, r0, 0, carry); - MP_SUB_BORROW(r1, a13, r1, carry, carry); - MP_SUB_BORROW(r2, a14, r2, carry, carry); - MP_SUB_BORROW(r3, a15, r3, carry, carry); - MP_SUB_BORROW(r4, 0, r4, carry, carry); - MP_SUB_BORROW(r5, 0, r5, carry, carry); - MP_SUB_BORROW(r6, a9, r6, carry, carry); - MP_SUB_BORROW(r7, a11, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a12, r0, carry); + MP_SUB_BORROW(r1, a13, r1, carry); + MP_SUB_BORROW(r2, a14, r2, carry); + MP_SUB_BORROW(r3, a15, r3, carry); + MP_SUB_BORROW(r4, 0, r4, carry); + MP_SUB_BORROW(r5, 0, r5, carry); + MP_SUB_BORROW(r6, a9, r6, carry); + MP_SUB_BORROW(r7, a11, r7, carry); + r8 -= carry; carry = 0; /* diff 7 */ - MP_SUB_BORROW(r0, a13, r0, 0, carry); - MP_SUB_BORROW(r1, a14, r1, carry, carry); - MP_SUB_BORROW(r2, a15, r2, carry, carry); - MP_SUB_BORROW(r3, a8, r3, carry, carry); - MP_SUB_BORROW(r4, a9, r4, carry, carry); - MP_SUB_BORROW(r5, a10, r5, carry, carry); - MP_SUB_BORROW(r6, 0, r6, carry, carry); - MP_SUB_BORROW(r7, a12, r7, carry, carry); - r8 -= carry; + MP_SUB_BORROW(r0, a13, r0, carry); + MP_SUB_BORROW(r1, a14, r1, carry); + MP_SUB_BORROW(r2, a15, r2, carry); + MP_SUB_BORROW(r3, a8, r3, carry); + MP_SUB_BORROW(r4, a9, r4, carry); + MP_SUB_BORROW(r5, a10, r5, carry); + MP_SUB_BORROW(r6, 0, r6, carry); + MP_SUB_BORROW(r7, a12, r7, carry); + r8 -= carry; carry = 0; /* diff 8 */ - MP_SUB_BORROW(r0, a14, r0, 0, carry); - MP_SUB_BORROW(r1, a15, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, a9, r3, carry, carry); - MP_SUB_BORROW(r4, a10, r4, carry, carry); - MP_SUB_BORROW(r5, a11, r5, carry, carry); - MP_SUB_BORROW(r6, 0, r6, carry, carry); - MP_SUB_BORROW(r7, a13, r7, carry, carry); + MP_SUB_BORROW(r0, a14, r0, carry); + MP_SUB_BORROW(r1, a15, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, a9, r3, carry); + MP_SUB_BORROW(r4, a10, r4, carry); + MP_SUB_BORROW(r5, a11, r5, carry); + MP_SUB_BORROW(r6, 0, r6, carry); + MP_SUB_BORROW(r7, a13, r7, carry); r8 -= carry; /* reduce the overflows */ while (r8 > 0) { - mp_digit r8_d = r8; - MP_ADD_CARRY(r0, r8_d, r0, 0, carry); - MP_ADD_CARRY(r1, 0, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, 0-r8_d, r3, carry, carry); - MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry, carry); - MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry, carry); - MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry, carry); - MP_ADD_CARRY(r7, (r8_d-1), r7, carry, carry); + mp_digit r8_d = r8; carry = 0; + carry = 0; + MP_ADD_CARRY(r0, r8_d, r0, carry); + MP_ADD_CARRY(r1, 0, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, 0-r8_d, r3, carry); + MP_ADD_CARRY(r4, MP_DIGIT_MAX, r4, carry); + MP_ADD_CARRY(r5, MP_DIGIT_MAX, r5, carry); + MP_ADD_CARRY(r6, 0-(r8_d+1), r6, carry); + MP_ADD_CARRY(r7, (r8_d-1), r7, carry); r8 = carry; } /* reduce the underflows */ while (r8 < 0) { mp_digit r8_d = -r8; - MP_SUB_BORROW(r0, r8_d, r0, 0, carry); - MP_SUB_BORROW(r1, 0, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, 0-r8_d, r3, carry, carry); - MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry, carry); - MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry, carry); - MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry, carry); - MP_SUB_BORROW(r7, (r8_d-1), r7, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, r8_d, r0, carry); + MP_SUB_BORROW(r1, 0, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, 0-r8_d, r3, carry); + MP_SUB_BORROW(r4, MP_DIGIT_MAX, r4, carry); + MP_SUB_BORROW(r5, MP_DIGIT_MAX, r5, carry); + MP_SUB_BORROW(r6, 0-(r8_d+1), r6, carry); + MP_SUB_BORROW(r7, (r8_d-1), r7, carry); r8 = 0-carry; } if (a != r) { @@ -229,69 +232,82 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) r0 = MP_DIGIT(a,0); /* sum 1 */ - MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); - MP_ADD_CARRY(r2, a6, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 = carry; - MP_ADD_CARRY(r1, a5h << 32, r1, 0, carry); - MP_ADD_CARRY(r2, a6, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 += carry; + carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, carry); + MP_ADD_CARRY(r2, a6, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 = carry; carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a5h << 32, r1, carry); + MP_ADD_CARRY(r2, a6, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 += carry; carry = 0; /* sum 2 */ - MP_ADD_CARRY(r1, a6l, r1, 0, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); - MP_ADD_CARRY(r3, a7h, r3, carry, carry); - r4 += carry; - MP_ADD_CARRY(r1, a6l, r1, 0, carry); - MP_ADD_CARRY(r2, a6h | a7l, r2, carry, carry); - MP_ADD_CARRY(r3, a7h, r3, carry, carry); - r4 += carry; + carry = 0; + MP_ADD_CARRY(r1, a6l, r1, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry); + MP_ADD_CARRY(r3, a7h, r3, carry); + r4 += carry; carry = 0; + carry = 0; + MP_ADD_CARRY(r1, a6l, r1, carry); + MP_ADD_CARRY(r2, a6h | a7l, r2, carry); + MP_ADD_CARRY(r3, a7h, r3, carry); + r4 += carry; carry = 0; /* sum 3 */ - MP_ADD_CARRY(r0, a4, r0, 0, carry); - MP_ADD_CARRY(r1, a5l >> 32, r1, carry, carry); - MP_ADD_CARRY(r2, 0, r2, carry, carry); - MP_ADD_CARRY(r3, a7, r3, carry, carry); - r4 += carry; + carry = 0; + MP_ADD_CARRY(r0, a4, r0, carry); + MP_ADD_CARRY(r1, a5l >> 32, r1, carry); + MP_ADD_CARRY(r2, 0, r2, carry); + MP_ADD_CARRY(r3, a7, r3, carry); + r4 += carry; carry = 0; /* sum 4 */ - MP_ADD_CARRY(r0, a4h | a5l, r0, 0, carry); - MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry, carry); - MP_ADD_CARRY(r2, a7, r2, carry, carry); - MP_ADD_CARRY(r3, a6h | a4l, r3, carry, carry); + carry = 0; + MP_ADD_CARRY(r0, a4h | a5l, r0, carry); + MP_ADD_CARRY(r1, a5h|(a6h<<32), r1, carry); + MP_ADD_CARRY(r2, a7, r2, carry); + MP_ADD_CARRY(r3, a6h | a4l, r3, carry); r4 += carry; /* diff 5 */ - MP_SUB_BORROW(r0, a5h | a6l, r0, 0, carry); - MP_SUB_BORROW(r1, a6h, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a5h | a6l, r0, carry); + MP_SUB_BORROW(r1, a6h, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, (a4l>>32)|a5l,r3, carry); r4 -= carry; /* diff 6 */ - MP_SUB_BORROW(r0, a6, r0, 0, carry); - MP_SUB_BORROW(r1, a7, r1, carry, carry); - MP_SUB_BORROW(r2, 0, r2, carry, carry); - MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a6, r0, carry); + MP_SUB_BORROW(r1, a7, r1, carry); + MP_SUB_BORROW(r2, 0, r2, carry); + MP_SUB_BORROW(r3, a4h|(a5h<<32),r3, carry); r4 -= carry; /* diff 7 */ - MP_SUB_BORROW(r0, a6h|a7l, r0, 0, carry); - MP_SUB_BORROW(r1, a7h|a4l, r1, carry, carry); - MP_SUB_BORROW(r2, a4h|a5l, r2, carry, carry); - MP_SUB_BORROW(r3, a6l, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a6h|a7l, r0, carry); + MP_SUB_BORROW(r1, a7h|a4l, r1, carry); + MP_SUB_BORROW(r2, a4h|a5l, r2, carry); + MP_SUB_BORROW(r3, a6l, r3, carry); r4 -= carry; /* diff 8 */ - MP_SUB_BORROW(r0, a7, r0, 0, carry); - MP_SUB_BORROW(r1, a4h<<32, r1, carry, carry); - MP_SUB_BORROW(r2, a5, r2, carry, carry); - MP_SUB_BORROW(r3, a6h<<32, r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, a7, r0, carry); + MP_SUB_BORROW(r1, a4h<<32, r1, carry); + MP_SUB_BORROW(r2, a5, r2, carry); + MP_SUB_BORROW(r3, a6h<<32, r3, carry); r4 -= carry; /* reduce the overflows */ while (r4 > 0) { mp_digit r4_long = r4; mp_digit r4l = (r4_long << 32); - MP_ADD_CARRY(r0, r4_long, r0, 0, carry); - MP_ADD_CARRY(r1, 0-r4l, r1, carry, carry); - MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry, carry); - MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry, carry); + carry = 0; + carry = 0; + MP_ADD_CARRY(r0, r4_long, r0, carry); + MP_ADD_CARRY(r1, 0-r4l, r1, carry); + MP_ADD_CARRY(r2, MP_DIGIT_MAX, r2, carry); + MP_ADD_CARRY(r3, r4l-r4_long-1,r3, carry); r4 = carry; } @@ -299,10 +315,11 @@ ec_GFp_nistp256_mod(const mp_int *a, mp_int *r, const GFMethod *meth) while (r4 < 0) { mp_digit r4_long = -r4; mp_digit r4l = (r4_long << 32); - MP_SUB_BORROW(r0, r4_long, r0, 0, carry); - MP_SUB_BORROW(r1, 0-r4l, r1, carry, carry); - MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry, carry); - MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry, carry); + carry = 0; + MP_SUB_BORROW(r0, r4_long, r0, carry); + MP_SUB_BORROW(r1, 0-r4l, r1, carry); + MP_SUB_BORROW(r2, MP_DIGIT_MAX, r2, carry); + MP_SUB_BORROW(r3, r4l-r4_long-1,r3, carry); r4 = 0-carry; } diff --git a/lib/freebl/ecl/ecp_521.c b/lib/freebl/ecl/ecp_521.c index 7eac0f075..f70c2f439 100644 --- a/lib/freebl/ecl/ecp_521.c +++ b/lib/freebl/ecl/ecp_521.c @@ -17,7 +17,7 @@ ec_GFp_nistp521_mod(const mp_int *a, mp_int *r, const GFMethod *meth) { mp_err res = MP_OKAY; int a_bits = mpl_significant_bits(a); - int i; + unsigned int i; /* m1, m2 are statically-allocated mp_int of exactly the size we need */ mp_int m1; diff --git a/lib/freebl/ecl/ecp_jac.c b/lib/freebl/ecl/ecp_jac.c index e31730def..f174b1692 100644 --- a/lib/freebl/ecl/ecp_jac.c +++ b/lib/freebl/ecl/ecp_jac.c @@ -387,7 +387,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, mp_int precomp[4][4][2]; mp_int rz; const mp_int *a, *b; - int i, j; + unsigned int i, j; int ai, bi, d; for (i = 0; i < 4; i++) { @@ -494,7 +494,7 @@ ec_GFp_pts_mul_jac(const mp_int *k1, const mp_int *k2, const mp_int *px, MP_CHECKOK(mp_init(&rz)); MP_CHECKOK(ec_GFp_pt_set_inf_jac(rx, ry, &rz)); - for (i = d - 1; i >= 0; i--) { + for (i = d; i-- > 0;) { ai = MP_GET_BIT(a, 2 * i + 1); ai <<= 1; ai |= MP_GET_BIT(a, 2 * i); diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c index c6ace1876..1d9affec2 100644 --- a/lib/freebl/ldvector.c +++ b/lib/freebl/ldvector.c @@ -294,12 +294,9 @@ static const struct FREEBLVectorStr vector = const FREEBLVector * FREEBL_GetVector(void) { - extern const char __nss_freebl_version[]; +#define NSS_VERSION_VARIABLE __nss_freebl_version +#include "verref.h" - /* force a reference that won't get optimized away */ - volatile char c; - - c = __nss_freebl_version[0]; #ifdef FREEBL_NO_DEPEND FREEBL_InitStubs(); #endif diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c index 5eb50de95..9105a6900 100644 --- a/lib/freebl/loader.c +++ b/lib/freebl/loader.c @@ -132,7 +132,6 @@ freebl_LoadDSO( void ) handle = loader_LoadLibrary(name); if (handle) { PRFuncPtr address = PR_FindFunctionSymbol(handle, "FREEBL_GetVector"); - PRStatus status; if (address) { FREEBLGetVectorFn * getVector = (FREEBLGetVectorFn *)address; const FREEBLVector * dsoVector = getVector(); @@ -149,8 +148,14 @@ freebl_LoadDSO( void ) } } } - status = PR_UnloadLibrary(handle); - PORT_Assert(PR_SUCCESS == status); +#ifdef DEBUG + { + PRStatus status = PR_UnloadLibrary(blLib); + PORT_Assert(PR_SUCCESS == status); + } +#else + PR_UnloadLibrary(blLib); +#endif } return PR_FAILURE; } @@ -901,8 +906,12 @@ BL_Unload(void) if (blLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { +#ifdef DEBUG PRStatus status = PR_UnloadLibrary(blLib); PORT_Assert(PR_SUCCESS == status); +#else + PR_UnloadLibrary(blLib); +#endif } blLib = NULL; } diff --git a/lib/freebl/mpi/mpcpucache.c b/lib/freebl/mpi/mpcpucache.c index 9a4a9d30c..925006110 100644 --- a/lib/freebl/mpi/mpcpucache.c +++ b/lib/freebl/mpi/mpcpucache.c @@ -3,6 +3,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "mpi.h" +#include "prtypes.h" /* * This file implements a single function: s_mpi_getProcessorLineSize(); @@ -619,35 +620,17 @@ unsigned long s_mpi_is_sse2() { unsigned long eax, ebx, ecx, edx; - int manufacturer = MAN_UNKNOWN; - int i; - char string[13]; if (is386() || is486()) { return 0; } freebl_cpuid(0, &eax, &ebx, &ecx, &edx); - /* string holds the CPU's manufacturer ID string - a twelve - * character ASCII string stored in ebx, edx, ecx, and - * the 32-bit extended feature flags are in edx, ecx. - */ - *(int *)string = ebx; - *(int *)&string[4] = (int)edx; - *(int *)&string[8] = (int)ecx; - string[12] = 0; /* has no SSE2 extensions */ if (eax == 0) { return 0; } - for (i=0; i < n_manufacturers; i++) { - if ( strcmp(manMap[i],string) == 0) { - manufacturer = i; - break; - } - } - freebl_cpuid(1,&eax,&ebx,&ecx,&edx); return (edx & SSE2_FLAG) == SSE2_FLAG; } @@ -657,11 +640,12 @@ unsigned long s_mpi_getProcessorLineSize() { unsigned long eax, ebx, ecx, edx; + PRUint32 cpuid[3]; unsigned long cpuidLevel; unsigned long cacheLineSize = 0; int manufacturer = MAN_UNKNOWN; int i; - char string[65]; + char string[13]; #if !defined(AMD_64) if (is386()) { @@ -678,9 +662,10 @@ s_mpi_getProcessorLineSize() * character ASCII string stored in ebx, edx, ecx, and * the 32-bit extended feature flags are in edx, ecx. */ - *(int *)string = ebx; - *(int *)&string[4] = (int)edx; - *(int *)&string[8] = (int)ecx; + cpuid[0] = ebx; + cpuid[1] = ecx; + cpuid[2] = edx; + memcpy(string, cpuid, sizeof(cpuid)); string[12] = 0; manufacturer = MAN_UNKNOWN; diff --git a/lib/freebl/mpi/mpi-priv.h b/lib/freebl/mpi/mpi-priv.h index e81d0fe0e..7a0725f46 100644 --- a/lib/freebl/mpi/mpi-priv.h +++ b/lib/freebl/mpi/mpi-priv.h @@ -254,8 +254,10 @@ mp_err MPI_ASM_DECL s_mpv_div_2dx1d(mp_digit Nhi, mp_digit Nlo, mp_digit divisor, mp_digit *quot, mp_digit *rem); /* c += a * b * (MP_RADIX ** offset); */ +/* Callers of this macro should be aware that the return type might vary; + * it should be treated as a void function. */ #define s_mp_mul_d_add_offset(a, b, c, off) \ -(s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off), MP_OKAY) + s_mpv_mul_d_add_prop(MP_DIGITS(a), MP_USED(a), b, MP_DIGITS(c) + off) typedef struct { mp_int N; /* modulus N */ diff --git a/lib/freebl/mpi/mpi.c b/lib/freebl/mpi/mpi.c index 2a3719b88..43ce83ae6 100644 --- a/lib/freebl/mpi/mpi.c +++ b/lib/freebl/mpi/mpi.c @@ -1095,7 +1095,7 @@ mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c) mp_int s, x; mp_err res; mp_digit d; - int dig, bit; + unsigned int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -1470,7 +1470,7 @@ mp_err s_mp_exptmod(const mp_int *a, const mp_int *b, const mp_int *m, mp_int *c mp_int s, x, mu; mp_err res; mp_digit d; - int dig, bit; + unsigned int dig, bit; ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); @@ -2004,7 +2004,7 @@ mp_size mp_trailing_zeros(const mp_int *mp) { mp_digit d; mp_size n = 0; - int ix; + unsigned int ix; if (!mp || !MP_DIGITS(mp) || !mp_cmp_z(mp)) return n; @@ -2916,8 +2916,7 @@ void s_mp_exch(mp_int *a, mp_int *b) mp_err s_mp_lshd(mp_int *mp, mp_size p) { mp_err res; - mp_size pos; - int ix; + unsigned int ix; if(p == 0) return MP_OKAY; @@ -2928,14 +2927,13 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p) if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY) return res; - pos = USED(mp) - 1; - /* Shift all the significant figures over as needed */ - for(ix = pos - p; ix >= 0; ix--) + for (ix = USED(mp) - p; ix-- > 0;) { DIGIT(mp, ix + p) = DIGIT(mp, ix); + } /* Fill the bottom digits with zeroes */ - for(ix = 0; ix < p; ix++) + for(ix = 0; (mp_size)ix < p; ix++) DIGIT(mp, ix) = 0; return MP_OKAY; @@ -3046,7 +3044,7 @@ void s_mp_div_2(mp_int *mp) mp_err s_mp_mul_2(mp_int *mp) { mp_digit *pd; - int ix, used; + unsigned int ix, used; mp_digit kin = 0; /* Shift digits leftward by 1 bit */ @@ -4672,10 +4670,10 @@ mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len) /* }}} */ /* {{{ mp_unsigned_octet_size(mp) */ -int +unsigned int mp_unsigned_octet_size(const mp_int *mp) { - int bytes; + unsigned int bytes; int ix; mp_digit d = 0; @@ -4712,12 +4710,12 @@ mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); + ARGCHK(bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4744,12 +4742,12 @@ mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= maxlen, MP_BADARG); + ARGCHK(bytes <= maxlen, MP_BADARG); /* Iterate over each digit... */ for(ix = USED(mp) - 1; ix >= 0; ix--) { @@ -4784,12 +4782,12 @@ mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size length) { int ix, pos = 0; - int bytes; + unsigned int bytes; ARGCHK(mp != NULL && str != NULL && !SIGN(mp), MP_BADARG); bytes = mp_unsigned_octet_size(mp); - ARGCHK(bytes >= 0 && bytes <= length, MP_BADARG); + ARGCHK(bytes <= length, MP_BADARG); /* place any needed leading zeros */ for (;length > bytes; --length) { diff --git a/lib/freebl/mpi/mpi.h b/lib/freebl/mpi/mpi.h index a556c17e9..b1b45d257 100644 --- a/lib/freebl/mpi/mpi.h +++ b/lib/freebl/mpi/mpi.h @@ -258,7 +258,7 @@ const char *mp_strerror(mp_err ec); /* Octet string conversion functions */ mp_err mp_read_unsigned_octets(mp_int *mp, const unsigned char *str, mp_size len); -int mp_unsigned_octet_size(const mp_int *mp); +unsigned int mp_unsigned_octet_size(const mp_int *mp); mp_err mp_to_unsigned_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_signed_octets(const mp_int *mp, unsigned char *str, mp_size maxlen); mp_err mp_to_fixlen_octets(const mp_int *mp, unsigned char *str, mp_size len); diff --git a/lib/freebl/mpi/mplogic.c b/lib/freebl/mpi/mplogic.c index dbec7acfc..df0aad0e1 100644 --- a/lib/freebl/mpi/mplogic.c +++ b/lib/freebl/mpi/mplogic.c @@ -403,9 +403,9 @@ mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits) returns number of significnant bits in abs(a). returns 1 if value is zero. */ -mp_err mpl_significant_bits(const mp_int *a) +mp_size mpl_significant_bits(const mp_int *a) { - mp_err bits = 0; + mp_size bits = 0; int ix; ARGCHK(a != NULL, MP_BADARG); diff --git a/lib/freebl/mpi/mplogic.h b/lib/freebl/mpi/mplogic.h index f45fe3665..e05374a82 100644 --- a/lib/freebl/mpi/mplogic.h +++ b/lib/freebl/mpi/mplogic.h @@ -47,6 +47,6 @@ mp_err mpl_parity(mp_int *a); /* determine parity */ mp_err mpl_set_bit(mp_int *a, mp_size bitNum, mp_size value); mp_err mpl_get_bit(const mp_int *a, mp_size bitNum); mp_err mpl_get_bits(const mp_int *a, mp_size lsbNum, mp_size numBits); -mp_err mpl_significant_bits(const mp_int *a); +mp_size mpl_significant_bits(const mp_int *a); #endif /* end _H_MPLOGIC_ */ diff --git a/lib/freebl/mpi/mpmontg.c b/lib/freebl/mpi/mpmontg.c index d619360aa..9667755d0 100644 --- a/lib/freebl/mpi/mpmontg.c +++ b/lib/freebl/mpi/mpmontg.c @@ -47,7 +47,7 @@ mp_err s_mp_redc(mp_int *T, mp_mont_modulus *mmm) for (i = 0; i < MP_USED(&mmm->N); ++i ) { mp_digit m_i = MP_DIGIT(T, i) * mmm->n0prime; /* T += N * m_i * (MP_RADIX ** i); */ - MP_CHECKOK( s_mp_mul_d_add_offset(&mmm->N, m_i, T, i) ); + s_mp_mul_d_add_offset(&mmm->N, m_i, T, i); } s_mp_clamp(T); diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c index f0baf9d2a..9b97fb206 100644 --- a/lib/freebl/mpi/mpprime.c +++ b/lib/freebl/mpi/mpprime.c @@ -394,7 +394,7 @@ mp_err mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong, { mp_digit np; mp_err res; - int i = 0; + unsigned int i = 0; mp_int trial; mp_int q; mp_size num_tests; diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c index e6a634aef..a9ab5b738 100644 --- a/lib/freebl/nsslowhash.c +++ b/lib/freebl/nsslowhash.c @@ -285,14 +285,9 @@ static NSSLOWInitContext dummyContext = { 0 }; NSSLOWInitContext * NSSLOW_Init(void) { - SECStatus rv; CK_RV crv; #ifdef FREEBL_NO_DEPEND - PRBool nsprAvailable = PR_FALSE; - - - rv = FREEBL_InitStubs(); - nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE; + (void)FREEBL_InitStubs(); #endif if (post_failed) { diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c index 56cdd20cc..f79715572 100644 --- a/lib/freebl/pqg.c +++ b/lib/freebl/pqg.c @@ -494,7 +494,7 @@ makePrimefromPrimesShaweTaylor( mp_int * q, /* sub prime, can be 1 */ mp_int * prime, /* output. */ SECItem * prime_seed, /* input/output. */ - int * prime_gen_counter) /* input/output. */ + unsigned int *prime_gen_counter) /* input/output. */ { mp_int c; mp_int c0_2; @@ -727,7 +727,7 @@ makePrimefromSeedShaweTaylor( const SECItem * input_seed, /* input. */ mp_int * prime, /* output. */ SECItem * prime_seed, /* output. */ - int * prime_gen_counter) /* output. */ + unsigned int *prime_gen_counter) /* output. */ { mp_int c; mp_int c0; @@ -882,7 +882,7 @@ findQfromSeed( const SECItem * seed, /* input. */ mp_int * Q, /* input. */ mp_int * Q_, /* output. */ - int * qseed_len, /* output */ + unsigned int *qseed_len, /* output */ HASH_HashType *hashtypePtr, /* output. Hash uses */ pqgGenType *typePtr) /* output. Generation Type used */ { @@ -937,7 +937,7 @@ const SECItem * seed, /* input. */ firstseed.len = seed->len/3; for (hashtype = getFirstHash(L,N); hashtype != HASH_AlgTOTAL; hashtype=getNextHash(hashtype)) { - int count; + unsigned int count; rv = makePrimefromSeedShaweTaylor(hashtype, N, &firstseed, Q_, &qseed, &count); @@ -1229,7 +1229,6 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, unsigned int seedBytes, PQGParams **pParams, PQGVerify **pVfy) { unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ - unsigned int b; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/ unsigned int counter; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ @@ -1309,8 +1308,7 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */ n = (L - 1) / outlen; - /* Step 4: b = L -1 - (n*outlen); (same as n = (L-1) mod outlen) */ - b = (L - 1) % outlen; + /* Step 4: (skipped since we don't use b): b = L -1 - (n*outlen); */ seedlen = seedBytes * PR_BITS_PER_BYTE; /* bits in seed */ step_5: /* ****************************************************************** @@ -1348,7 +1346,7 @@ step_5: CHECK_SEC_OK( makeQ2fromSeed(hashtype, N, seed, &Q) ); } else { /* FIPS186_3_ST_TYPE */ - int qgen_counter, pgen_counter; + unsigned int qgen_counter, pgen_counter; /* Step 1 (L,N) already checked for acceptability */ @@ -1589,7 +1587,7 @@ PQG_VerifyParams(const PQGParams *params, mp_err err = MP_OKAY; int j; unsigned int counter_max = 0; /* handle legacy L < 1024 */ - int qseed_len; + unsigned int qseed_len; SECItem pseed_ = {0, 0, 0}; HASH_HashType hashtype; pqgGenType type; @@ -1682,8 +1680,8 @@ PQG_VerifyParams(const PQGParams *params, if (type == FIPS186_3_ST_TYPE) { SECItem qseed = { 0, 0, 0 }; SECItem pseed = { 0, 0, 0 }; - int first_seed_len; - int pgen_counter = 0; + unsigned int first_seed_len; + unsigned int pgen_counter = 0; /* extract pseed and qseed from domain_parameter_seed, which is * first_seed || pseed || qseed. qseed is first_seed + small_integer diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c index 498cc96bc..f885acc44 100644 --- a/lib/freebl/rsa.c +++ b/lib/freebl/rsa.c @@ -248,7 +248,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) PLArenaPool *arena = NULL; /* Require key size to be a multiple of 16 bits. */ if (!publicExponent || keySizeInBits % 16 != 0 || - BAD_RSA_KEY_SIZE(keySizeInBits/8, publicExponent->len)) { + BAD_RSA_KEY_SIZE((unsigned int)keySizeInBits/8, publicExponent->len)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } diff --git a/lib/freebl/sha512.c b/lib/freebl/sha512.c index 0e6baa87f..718e6e3db 100644 --- a/lib/freebl/sha512.c +++ b/lib/freebl/sha512.c @@ -928,10 +928,14 @@ SHA512_Compress(SHA512Context *ctx) #if defined(IS_LITTLE_ENDIAN) { #if defined(HAVE_LONG_LONG) +#if defined(SHA_MASK16) PRUint64 t1; +#endif #else +#if defined(SHA4MASK) PRUint32 t1; #endif +#endif BYTESWAP8(W[0]); BYTESWAP8(W[1]); BYTESWAP8(W[2]); @@ -1223,11 +1227,15 @@ SHA512_End(SHA512Context *ctx, unsigned char *digest, { #if defined(HAVE_LONG_LONG) unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f; +#if defined(SHA_MASK16) PRUint64 t1; +#endif #else unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f; +#if defined(SHA4MASK) PRUint32 t1; #endif +#endif unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf); PRUint64 lo; LL_SHL(lo, ctx->sizeLo, 3); @@ -1269,10 +1277,14 @@ SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest, unsigned int *digestLen, unsigned int maxDigestLen) { #if defined(HAVE_LONG_LONG) +#if defined(SHA_MASK16) PRUint64 t1; +#endif #else +#if defined(SHA4MASK) PRUint32 t1; #endif +#endif PRUint64 h[8]; unsigned int len; diff --git a/lib/freebl/sha_fast.c b/lib/freebl/sha_fast.c index b826cf93a..290194953 100644 --- a/lib/freebl/sha_fast.c +++ b/lib/freebl/sha_fast.c @@ -148,7 +148,6 @@ SHA1_End(SHA1Context *ctx, unsigned char *hashout, { register PRUint64 size; register PRUint32 lenB; - PRUint32 tmpbuf[5]; static const unsigned char bulk_pad[64] = { 0x80,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, @@ -188,7 +187,6 @@ SHA1_EndRaw(SHA1Context *ctx, unsigned char *hashout, #if defined(SHA_NEED_TMP_VARIABLE) register PRUint32 tmp; #endif - PRUint32 tmpbuf[5]; PORT_Assert (maxDigestLen >= SHA1_LENGTH); SHA_STORE_RESULT; diff --git a/lib/jar/jarfile.c b/lib/jar/jarfile.c index a604f19cd..3346dbec0 100644 --- a/lib/jar/jarfile.c +++ b/lib/jar/jarfile.c @@ -36,11 +36,12 @@ jar_inflate_memory(unsigned int method, long *length, long expected_out_len, char **data); static int -jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length); +jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length); static int -jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, - unsigned int method); +jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length, unsigned int method); static int jar_verify_extract(JAR *jar, char *path, char *physical_path); @@ -74,6 +75,10 @@ static int dostime(char *time, const char *s); #ifdef NSS_X86_OR_X64 +/* The following macros throw up warnings. */ +#ifdef __GNUC__ +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif #define x86ShortToUint32(ii) ((const PRUint32)*((const PRUint16 *)(ii))) #define x86LongToUint32(ii) (*(const PRUint32 *)(ii)) #else @@ -241,7 +246,8 @@ JAR_extract(JAR *jar, char *path, char *outpath) #define CHUNK 32768 static int -jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) +jar_physical_extraction(JAR_FILE fp, char *outpath, unsigned long offset, + unsigned long length) { JAR_FILE out; char *buffer = (char *)PORT_ZAlloc(CHUNK); @@ -251,7 +257,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) return JAR_ERR_MEMORY; if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - long at = 0; + unsigned long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { @@ -289,7 +295,7 @@ jar_physical_extraction(JAR_FILE fp, char *outpath, long offset, long length) #define OCHUNK 32768 static int -jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, +jar_physical_inflate(JAR_FILE fp, char *outpath, unsigned long offset, unsigned long length, unsigned int method) { char *inbuf, *outbuf; @@ -315,11 +321,11 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, } if ((out = JAR_FOPEN (outpath, "wb")) != NULL) { - long at = 0; + unsigned long at = 0; JAR_FSEEK (fp, offset, (PRSeekWhence)0); while (at < length) { - long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; + unsigned long chunk = (at + ICHUNK <= length) ? ICHUNK : length - at; unsigned long tin; if (JAR_FREAD (fp, inbuf, chunk) != chunk) { @@ -353,7 +359,7 @@ jar_physical_inflate(JAR_FILE fp, char *outpath, long offset, long length, return JAR_ERR_CORRUPT; } ochunk = zs.total_out - prev_total; - if (JAR_FWRITE (out, outbuf, ochunk) < ochunk) { + if (JAR_FWRITE (out, outbuf, ochunk) < (long)ochunk) { /* most likely a disk full error */ status = JAR_ERR_DISK; break; @@ -820,8 +826,7 @@ jar_listtar(JAR *jar, JAR_FILE fp) char *s; JAR_Physical *phy; long pos = 0L; - long sz, mode; - time_t when; + long sz; union TarEntry tarball; while (1) { @@ -833,9 +838,7 @@ jar_listtar(JAR *jar, JAR_FILE fp) if (!*tarball.val.filename) break; - when = octalToLong (tarball.val.time); sz = octalToLong (tarball.val.size); - mode = octalToLong (tarball.val.mode); /* Tag the end of filename */ s = tarball.val.filename; diff --git a/lib/jar/jarsign.c b/lib/jar/jarsign.c index 9d05d9b5b..f0299b1ce 100644 --- a/lib/jar/jarsign.c +++ b/lib/jar/jarsign.c @@ -171,7 +171,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, { SEC_PKCS7ContentInfo *cinfo; const SECHashObject *hashObj; - char *errstring; void *mw = NULL; void *hashcx; unsigned int len; @@ -231,7 +230,6 @@ jar_create_pk7(CERTCertDBHandle *certdb, void *keydb, CERTCertificate *cert, status = PORT_GetError(); SEC_PKCS7DestroyContentInfo (cinfo); if (rv != SECSuccess) { - errstring = JAR_get_error (status); return ((status < 0) ? status : JAR_ERR_GENERAL); } return 0; diff --git a/lib/libpkix/include/pkix_certstore.h b/lib/libpkix/include/pkix_certstore.h index 2feb3334d..fb705644e 100755 --- a/lib/libpkix/include/pkix_certstore.h +++ b/lib/libpkix/include/pkix_certstore.h @@ -10,6 +10,7 @@ #define _PKIX_CERTSTORE_H #include "pkixt.h" +#include "certt.h" #ifdef __cplusplus extern "C" { @@ -327,7 +328,7 @@ typedef PKIX_Error * PKIX_PL_Cert *issuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, PKIX_RevocationStatus *revStatus, void *plContext); diff --git a/lib/libpkix/pkix/checker/pkix_crlchecker.c b/lib/libpkix/pkix/checker/pkix_crlchecker.c index c77ac8ef1..d6f5b6bcc 100644 --- a/lib/libpkix/pkix/checker/pkix_crlchecker.c +++ b/lib/libpkix/pkix/checker/pkix_crlchecker.c @@ -195,7 +195,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void *plContext) { PKIX_CertStore_CheckRevokationByCrlCallback storeCheckRevocationFn; @@ -294,7 +294,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/lib/libpkix/pkix/checker/pkix_crlchecker.h b/lib/libpkix/pkix/checker/pkix_crlchecker.h index d7213aadb..35f1a4745 100644 --- a/lib/libpkix/pkix/checker/pkix_crlchecker.h +++ b/lib/libpkix/pkix/checker/pkix_crlchecker.h @@ -31,7 +31,7 @@ pkix_CrlChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); PKIX_Error * @@ -43,7 +43,7 @@ pkix_CrlChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); diff --git a/lib/libpkix/pkix/checker/pkix_ocspchecker.c b/lib/libpkix/pkix/checker/pkix_ocspchecker.c index 481aa52b5..b6fca9a35 100644 --- a/lib/libpkix/pkix/checker/pkix_ocspchecker.c +++ b/lib/libpkix/pkix/checker/pkix_ocspchecker.c @@ -147,7 +147,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void *plContext) { PKIX_PL_OcspCertID *cid = NULL; @@ -222,7 +222,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, void **pNBIOContext, void *plContext) { diff --git a/lib/libpkix/pkix/checker/pkix_ocspchecker.h b/lib/libpkix/pkix/checker/pkix_ocspchecker.h index 547b403b4..fbec315f9 100644 --- a/lib/libpkix/pkix/checker/pkix_ocspchecker.h +++ b/lib/libpkix/pkix/checker/pkix_ocspchecker.h @@ -30,7 +30,7 @@ pkix_OcspChecker_CheckLocal( PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); PKIX_Error * @@ -42,7 +42,7 @@ pkix_OcspChecker_CheckExternal( PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); diff --git a/lib/libpkix/pkix/checker/pkix_revocationchecker.c b/lib/libpkix/pkix/checker/pkix_revocationchecker.c index ebe37739f..7bed9b886 100755 --- a/lib/libpkix/pkix/checker/pkix_revocationchecker.c +++ b/lib/libpkix/pkix/checker/pkix_revocationchecker.c @@ -349,7 +349,7 @@ PKIX_RevocationChecker_Check( * first we are going to test all local(cached) info * second, all remote info(fetching) */ for (tries = 0;tries < 2;tries++) { - int methodNum = 0; + unsigned int methodNum = 0; for (;methodNum < revList->length;methodNum++) { PKIX_UInt32 methodFlags = 0; @@ -372,7 +372,8 @@ PKIX_RevocationChecker_Check( methodFlags, chainVerificationState, &revStatus, - pReasonCode, plContext), + (CERTCRLEntryReasonCode *)pReasonCode, + plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; if (revStatus == PKIX_RevStatus_Revoked) { @@ -397,7 +398,8 @@ PKIX_RevocationChecker_Check( (*method->externalRevChecker)(cert, issuer, date, method, procParams, methodFlags, - &revStatus, pReasonCode, + &revStatus, + (CERTCRLEntryReasonCode *)pReasonCode, &nbioContext, plContext), PKIX_REVCHECKERCHECKFAILED); methodStatus[methodNum] = revStatus; diff --git a/lib/libpkix/pkix/checker/pkix_revocationchecker.h b/lib/libpkix/pkix/checker/pkix_revocationchecker.h index 80d9eeaa2..20dfe3778 100755 --- a/lib/libpkix/pkix/checker/pkix_revocationchecker.h +++ b/lib/libpkix/pkix/checker/pkix_revocationchecker.h @@ -12,6 +12,7 @@ #define _PKIX_REVOCATIONCHECKER_H #include "pkixt.h" +#include "certt.h" #ifdef __cplusplus extern "C" { diff --git a/lib/libpkix/pkix/checker/pkix_revocationmethod.h b/lib/libpkix/pkix/checker/pkix_revocationmethod.h index 193223731..a97c7620a 100644 --- a/lib/libpkix/pkix/checker/pkix_revocationmethod.h +++ b/lib/libpkix/pkix/checker/pkix_revocationmethod.h @@ -31,7 +31,7 @@ pkix_LocalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_UInt32 methodFlags, PKIX_Boolean chainVerificationState, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void *plContext); /* External revocation check function prototype definition. @@ -44,7 +44,7 @@ pkix_ExternalRevocationCheckFn(PKIX_PL_Cert *cert, PKIX_PL_Cert *issuer, PKIX_ProcessingParams *procParams, PKIX_UInt32 methodFlags, PKIX_RevocationStatus *pRevStatus, - PKIX_UInt32 *reasonCode, + CERTCRLEntryReasonCode *reasonCode, void **pNBIOContext, void *plContext); /* Revocation method structure assosiates revocation types with diff --git a/lib/libpkix/pkix/crlsel/pkix_crlselector.c b/lib/libpkix/pkix/crlsel/pkix_crlselector.c index 9967af9b8..e9a9c03df 100755 --- a/lib/libpkix/pkix/crlsel/pkix_crlselector.c +++ b/lib/libpkix/pkix/crlsel/pkix_crlselector.c @@ -190,7 +190,7 @@ pkix_CRLSelector_Hashcode( PKIX_HASHCODE(crlSelector->context, &contextHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = 31 * ((PKIX_UInt32)crlSelector->matchCallback + + hash = 31 * ((PKIX_UInt32)((char *)crlSelector->matchCallback - (char *)NULL) + (contextHash << 3)) + paramsHash; *pHashcode = hash; diff --git a/lib/libpkix/pkix/results/pkix_policynode.c b/lib/libpkix/pkix/results/pkix_policynode.c index 91d8a74b6..fd8cee982 100755 --- a/lib/libpkix/pkix/results/pkix_policynode.c +++ b/lib/libpkix/pkix/results/pkix_policynode.c @@ -824,7 +824,7 @@ pkix_PolicyNode_Hashcode( (node, &nodeHash, plContext), PKIX_SINGLEPOLICYNODEHASHCODEFAILED); - nodeHash = 31*nodeHash + (PKIX_UInt32)(node->parent); + nodeHash = 31*nodeHash + (PKIX_UInt32)((char *)node->parent - (char *)NULL); PKIX_HASHCODE (node->children, diff --git a/lib/libpkix/pkix/store/pkix_store.c b/lib/libpkix/pkix/store/pkix_store.c index 31c21ea16..af8be2bb2 100755 --- a/lib/libpkix/pkix/store/pkix_store.c +++ b/lib/libpkix/pkix/store/pkix_store.c @@ -74,11 +74,11 @@ pkix_CertStore_Hashcode( PKIX_CERTSTOREHASHCODEFAILED); } - *pHashcode = (PKIX_UInt32) certStore->certCallback + - (PKIX_UInt32) certStore->crlCallback + - (PKIX_UInt32) certStore->certContinue + - (PKIX_UInt32) certStore->crlContinue + - (PKIX_UInt32) certStore->trustCallback + + *pHashcode = (PKIX_UInt32)((char *)certStore->certCallback - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->crlCallback - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->certContinue - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->crlContinue - (char *)NULL) + + (PKIX_UInt32)((char *)certStore->trustCallback - (char *)NULL) + (tempHash << 7); cleanup: diff --git a/lib/libpkix/pkix/top/pkix_build.c b/lib/libpkix/pkix/top/pkix_build.c index 9ca307e43..94515785b 100755 --- a/lib/libpkix/pkix/top/pkix_build.c +++ b/lib/libpkix/pkix/top/pkix_build.c @@ -1526,7 +1526,7 @@ pkix_Build_SelectCertsFromTrustAnchors( PKIX_List **pMatchList, void *plContext) { - int anchorIndex = 0; + unsigned int anchorIndex = 0; PKIX_TrustAnchor *anchor = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_List *matchList = NULL; diff --git a/lib/libpkix/pkix/util/pkix_error.c b/lib/libpkix/pkix/util/pkix_error.c index e6fba866a..9d730ca16 100755 --- a/lib/libpkix/pkix/util/pkix_error.c +++ b/lib/libpkix/pkix/util/pkix_error.c @@ -325,7 +325,7 @@ pkix_Error_Hashcode( /* XXX Unimplemented */ /* XXX Need to make hashcodes equal when two errors are equal */ - *pResult = (PKIX_UInt32)object; + *pResult = (PKIX_UInt32)((char *)object - (char *)NULL); PKIX_RETURN(ERROR); } diff --git a/lib/libpkix/pkix/util/pkix_logger.c b/lib/libpkix/pkix/util/pkix_logger.c index cfd870def..a916e6e4f 100644 --- a/lib/libpkix/pkix/util/pkix_logger.c +++ b/lib/libpkix/pkix/util/pkix_logger.c @@ -492,7 +492,7 @@ pkix_Logger_Hashcode( PKIX_HASHCODE(logger->context, &tempHash, plContext, PKIX_OBJECTHASHCODEFAILED); - hash = (((((PKIX_UInt32) logger->callback + tempHash) << 7) + + hash = (((((PKIX_UInt32)((char *)logger->callback - (char *)NULL) + tempHash) << 7) + logger->maxLevel) << 7) + (PKIX_UInt32)logger->logComponent; *pHashcode = hash; diff --git a/lib/libpkix/pkix/util/pkix_tools.h b/lib/libpkix/pkix/util/pkix_tools.h index fe6ce6346..1a4689da7 100755 --- a/lib/libpkix/pkix/util/pkix_tools.h +++ b/lib/libpkix/pkix/util/pkix_tools.h @@ -1437,8 +1437,8 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key); typedef struct pkix_ClassTable_EntryStruct pkix_ClassTable_Entry; struct pkix_ClassTable_EntryStruct { char *description; - PKIX_Int32 objCounter; - PKIX_Int32 typeObjectSize; + PKIX_UInt32 objCounter; + PKIX_UInt32 typeObjectSize; PKIX_PL_DestructorCallback destructor; PKIX_PL_EqualsCallback equalsFunction; PKIX_PL_HashcodeCallback hashcodeFunction; diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c index d459a4a7b..9954f0ca6 100644 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_httpdefaultclient.c @@ -265,7 +265,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( contentLength = /* Try to reserve 4K+ buffer */ client->filledupBytes + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && - contentLength > client->maxResponseLen) { + contentLength > (PKIX_Int32)client->maxResponseLen) { if (client->filledupBytes < client->maxResponseLen) { contentLength = client->maxResponseLen; } else { @@ -282,7 +282,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( default: client->rcv_http_data_len = contentLength; if (client->maxResponseLen > 0 && - client->maxResponseLen < contentLength) { + (PKIX_Int32)client->maxResponseLen < contentLength) { client->connectStatus = HTTP_ERROR; goto cleanup; } @@ -290,7 +290,7 @@ pkix_pl_HttpDefaultClient_HdrCheckComplete( /* * Do we have all of the message body, or do we need to read some more? */ - if (client->filledupBytes < contentLength) { + if ((PKIX_Int32)client->filledupBytes < contentLength) { client->connectStatus = HTTP_RECV_BODY; *pKeepGoing = PKIX_TRUE; } else { @@ -935,7 +935,7 @@ pkix_pl_HttpDefaultClient_RecvBody( * plus remaining capacity, plus new expansion. */ int currBuffSize = client->capacity; /* Try to increase the buffer by 4K */ - int newLength = currBuffSize + HTTP_DATA_BUFSIZE; + unsigned int newLength = currBuffSize + HTTP_DATA_BUFSIZE; if (client->maxResponseLen > 0 && newLength > client->maxResponseLen) { newLength = client->maxResponseLen; @@ -1480,8 +1480,6 @@ pkix_pl_HttpDefaultClient_Cancel( SEC_HTTP_REQUEST_SESSION request, void *plContext) { - PKIX_PL_HttpDefaultClient *client = NULL; - PKIX_ENTER(HTTPDEFAULTCLIENT, "pkix_pl_HttpDefaultClient_Cancel"); PKIX_NULLCHECK_ONE(request); @@ -1491,8 +1489,6 @@ pkix_pl_HttpDefaultClient_Cancel( plContext), PKIX_REQUESTNOTANHTTPDEFAULTCLIENT); - client = (PKIX_PL_HttpDefaultClient *)request; - /* XXX Not implemented */ cleanup: diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c index 51ffce97c..4546e339a 100644 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaprequest.c @@ -263,16 +263,12 @@ pkix_pl_LdapRequest_Destroy( PKIX_PL_Object *object, void *plContext) { - PKIX_PL_LdapRequest *ldapRq = NULL; - PKIX_ENTER(LDAPREQUEST, "pkix_pl_LdapRequest_Destroy"); PKIX_NULLCHECK_ONE(object); PKIX_CHECK(pkix_CheckType(object, PKIX_LDAPREQUEST_TYPE, plContext), PKIX_OBJECTNOTLDAPREQUEST); - ldapRq = (PKIX_PL_LdapRequest *)object; - /* * All dynamic fields in an LDAPRequest are allocated * in an arena, and will be freed when the arena is destroyed. diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c index 078862c8b..7de614ea6 100755 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c @@ -379,14 +379,12 @@ NameCacheHasFetchedCrlInfo(PKIX_PL_Cert *pkixCert, PKIX_Boolean hasFetchedCrlInCache = PKIX_TRUE; PKIX_List *dpList = NULL; pkix_pl_CrlDp *dp = NULL; - CERTCertificate *cert; PKIX_UInt32 dpIndex = 0; SECStatus rv = SECSuccess; PRTime reloadDelay = 0, badCrlInvalDelay = 0; PKIX_ENTER(CERTSTORE, "ChechCacheHasFetchedCrl"); - cert = pkixCert->nssCert; reloadDelay = ((PKIX_PL_NssContext*)plContext)->crlReloadDelay * PR_USEC_PER_SEC; @@ -480,7 +478,7 @@ pkix_pl_Pk11CertStore_CheckRevByCrl( PKIX_PL_Cert *pkixIssuer, PKIX_PL_Date *date, PKIX_Boolean crlDownloadDone, - PKIX_UInt32 *pReasonCode, + CERTCRLEntryReasonCode *pReasonCode, PKIX_RevocationStatus *pStatus, void *plContext) { @@ -675,7 +673,7 @@ RemovePartitionedDpsFromList(PKIX_List *dpList, PKIX_PL_Date *date, { NamedCRLCache* nameCrlCache = NULL; pkix_pl_CrlDp *dp = NULL; - int dpIndex = 0; + unsigned int dpIndex = 0; PRTime time; PRTime reloadDelay = 0, badCrlInvalDelay = 0; SECStatus rv; @@ -779,7 +777,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, SECItem *derCrlCopy = NULL; CERTSignedCrl *nssCrl = NULL; CERTGeneralName *genName = NULL; - PKIX_Int32 savedError = -1; SECItem **derGenNames = NULL; SECItem *derGenName = NULL; @@ -799,13 +796,11 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (!derGenName || !genName->name.other.data) { /* get to next name if no data. */ - savedError = PKIX_UNSUPPORTEDCRLDPTYPE; break; } uri = &genName->name.other; location = (char*)PR_Malloc(1 + uri->len); if (!location) { - savedError = PKIX_ALLOCERROR; break; } PORT_Memcpy(location, uri->data, uri->len); @@ -813,7 +808,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if (CERT_ParseURL(location, &hostname, &port, &path) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); - savedError = PKIX_URLPARSINGFAILED; break; } @@ -823,7 +817,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, if ((*hcv1->createSessionFcn)(hostname, port, &pServerSession) != SECSuccess) { PORT_SetError(SEC_ERROR_BAD_CRL_DP_URL); - savedError = PKIX_URLPARSINGFAILED; break; } @@ -835,7 +828,6 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, PR_SecondsToInterval( ((PKIX_PL_NssContext*)plContext)->timeoutSeconds), &pRequestSession) != SECSuccess) { - savedError = PKIX_HTTPSERVERERROR; break; } @@ -858,12 +850,10 @@ DownloadCrl(pkix_pl_CrlDp *dp, PKIX_PL_CRL **crl, NULL, &myHttpResponseData, &myHttpResponseDataLen) != SECSuccess) { - savedError = PKIX_HTTPSERVERERROR; break; } if (myHttpResponseCode != 200) { - savedError = PKIX_HTTPSERVERERROR; break; } } while(0); diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c index 2afd680c6..540a36033 100644 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c @@ -62,7 +62,11 @@ static PKIX_Boolean socketTraceFlag = PKIX_FALSE; static void pkix_pl_socket_timestamp() { PRInt64 prTime; prTime = PR_Now(); +#if PR_BYTES_PER_LONG == 8 + printf("%ld:\n", prTime); +#else printf("%lld:\n", prTime); +#endif } /* @@ -140,7 +144,7 @@ static void pkix_pl_socket_linePrefix(PKIX_UInt32 addr) { */ static void pkix_pl_socket_traceLine(char *ptr) { PKIX_UInt32 i = 0; - pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); for (i = 0; i < 16; i++) { printf(" "); pkix_pl_socket_hexDigit(ptr[i]); @@ -184,7 +188,7 @@ static void pkix_pl_socket_traceLine(char *ptr) { static void pkix_pl_socket_tracePartialLine(char *ptr, PKIX_UInt32 nBytes) { PKIX_UInt32 i = 0; if (nBytes > 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)ptr); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)ptr - (char *)NULL)); } for (i = 0; i < nBytes; i++) { printf(" "); @@ -243,7 +247,7 @@ void pkix_pl_socket_tracebuff(void *buf, PKIX_UInt32 nBytes) { * Special case: if called with length of zero, just do address */ if (nBytes == 0) { - pkix_pl_socket_linePrefix((PKIX_UInt32)buf); + pkix_pl_socket_linePrefix((PKIX_UInt32)((char *)buf - (char *)NULL)); printf("\n"); } else { while (bytesRemaining >= 16) { diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index 2036f5c9f..fa8f1851e 100644 --- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -1515,7 +1515,6 @@ PKIX_PL_Cert_Create( SECItem *derCertItem = NULL; void *derBytes = NULL; PKIX_UInt32 derLength; - PKIX_Boolean copyDER; PKIX_PL_Cert *cert = NULL; CERTCertDBHandle *handle; @@ -1542,7 +1541,6 @@ PKIX_PL_Cert_Create( * allowing us to free our copy without worrying about whether NSS * is still using it */ - copyDER = PKIX_TRUE; handle = CERT_GetDefaultCertDB(); nssCert = CERT_NewTempCertificate(handle, derCertItem, /* nickname */ NULL, diff --git a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c index 0f6d78333..b83db357a 100644 --- a/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c +++ b/lib/libpkix/pkix_pl_nss/pki/pkix_pl_crl.c @@ -351,7 +351,7 @@ pkix_pl_CRL_ToString_Helper( void *plContext) { char *asciiFormat = NULL; - PKIX_UInt32 crlVersion; + PKIX_UInt32 crlVersion = 0; PKIX_PL_X500Name *crlIssuer = NULL; PKIX_PL_OID *nssSignatureAlgId = NULL; PKIX_PL_BigInt *crlNumber = NULL; diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c index 6bc74b611..338eb1c01 100755 --- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c +++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_lifecycle.c @@ -73,7 +73,7 @@ pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable) PKIX_UInt32 pkix_pl_lifecycle_ObjectLeakCheck(int *initObjCountTable) { - int typeCounter = 0; + unsigned int typeCounter = 0; PKIX_UInt32 numObjects = 0; char classNameBuff[128]; char *className = NULL; @@ -245,7 +245,9 @@ cleanup: PKIX_Error * PKIX_PL_Shutdown(void *plContext) { +#ifdef DEBUG PKIX_UInt32 numLeakedObjects = 0; +#endif PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown"); @@ -258,10 +260,14 @@ PKIX_PL_Shutdown(void *plContext) pkix_pl_HttpCertStore_Shutdown(plContext); +#ifdef DEBUG numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL); if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { PORT_Assert(numLeakedObjects == 0); } +#else + pkix_pl_lifecycle_ObjectLeakCheck(NULL); +#endif if (plContext != NULL) { PKIX_PL_NssContext_Destroy(plContext); diff --git a/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c index 881a1ed54..9a33fd5e5 100755 --- a/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c +++ b/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c @@ -371,7 +371,7 @@ pkix_pl_Object_Hashcode_Default( PKIX_ENTER(OBJECT, "pkix_pl_Object_Hashcode_Default"); PKIX_NULLCHECK_TWO(object, pValue); - *pValue = (PKIX_UInt32)object; + *pValue = (PKIX_UInt32)((char *)object - (char *)NULL); PKIX_RETURN(OBJECT); } diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c index 3966c35e2..b22f9151e 100644 --- a/lib/nss/nssinit.c +++ b/lib/nss/nssinit.c @@ -491,10 +491,6 @@ struct NSSInitContextStr { #define NSS_INIT_MAGIC 0x1413A91C static SECStatus nss_InitShutdownList(void); -#ifdef DEBUG -static CERTCertificate dummyCert; -#endif - /* All initialized to zero in BSS */ static PRCallOnceType nssInitOnce; static PZLock *nssInitLock; @@ -571,8 +567,11 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix, * functions */ if (!isReallyInitted) { +#ifdef DEBUG + CERTCertificate dummyCert; /* New option bits must not change the size of CERTCertificate. */ PORT_Assert(sizeof(dummyCert.options) == sizeof(void *)); +#endif if (SECSuccess != cert_InitLocks()) { goto loser; @@ -1246,9 +1245,8 @@ NSS_VersionCheck(const char *importedVersion) */ int vmajor = 0, vminor = 0, vpatch = 0, vbuild = 0; const char *ptr = importedVersion; - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_base_version[0]; +#define NSS_VERSION_VARIABLE __nss_base_version +#include "verref.h" while (isdigit(*ptr)) { vmajor = 10 * vmajor + *ptr - '0'; diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c index 1bf8a7f50..d2a753001 100644 --- a/lib/pk11wrap/pk11cert.c +++ b/lib/pk11wrap/pk11cert.c @@ -228,7 +228,6 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, nssPKIObject *pkio; NSSToken *token; NSSTrustDomain *td = STAN_GetDefaultTrustDomain(); - PRStatus status; /* Get the cryptoki object from the handle */ token = PK11Slot_GetNSSToken(slot); @@ -278,7 +277,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, * different NSSCertificate that it found in the cache. * Presumably, the nickname which we just output above remains valid. :) */ - status = nssTrustDomain_AddCertsToCache(td, &c, 1); + (void)nssTrustDomain_AddCertsToCache(td, &c, 1); return STAN_GetCERTCertificateOrRelease(c); } @@ -2005,7 +2004,6 @@ SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, SECStatus(* callback)(CERTCertificate*, void *), void *arg) { - struct nss3_cert_cbstr pk11cb; PRStatus nssrv = PR_SUCCESS; NSSToken *token; NSSTrustDomain *td; @@ -2016,8 +2014,6 @@ PK11_TraverseCertsForNicknameInSlot(SECItem *nickname, PK11SlotInfo *slot, NSSCertificate **certs; nssList *nameList = NULL; nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly; - pk11cb.callback = callback; - pk11cb.arg = arg; token = PK11Slot_GetNSSToken(slot); if (!nssToken_IsPresent(token)) { return SECSuccess; @@ -2700,7 +2696,8 @@ __PK11_SetCertificateNickname(CERTCertificate *cert, const char *nickname) { /* Can't set nickname of temp cert. */ if (!cert->slot || cert->pkcs11ID == CK_INVALID_HANDLE) { - return SEC_ERROR_INVALID_ARGS; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return PK11_SetObjectNickname(cert->slot, cert->pkcs11ID, nickname); } diff --git a/lib/pk11wrap/pk11load.c b/lib/pk11wrap/pk11load.c index 6700180ad..e3ba1226e 100644 --- a/lib/pk11wrap/pk11load.c +++ b/lib/pk11wrap/pk11load.c @@ -589,8 +589,12 @@ SECMOD_UnloadModule(SECMODModule *mod) { if (softokenLib) { disableUnload = PR_GetEnv("NSS_DISABLE_UNLOAD"); if (!disableUnload) { +#ifdef DEBUG PRStatus status = PR_UnloadLibrary(softokenLib); PORT_Assert(PR_SUCCESS == status); +#else + PR_UnloadLibrary(softokenLib); +#endif } softokenLib = NULL; } diff --git a/lib/pk11wrap/pk11merge.c b/lib/pk11wrap/pk11merge.c index ad9b1fda6..187e2e1f6 100644 --- a/lib/pk11wrap/pk11merge.c +++ b/lib/pk11wrap/pk11merge.c @@ -750,8 +750,7 @@ pk11_mergeCert(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, CK_ATTRIBUTE sourceCKAID = {CKA_ID, NULL, 0}; CK_ATTRIBUTE targetCKAID = {CKA_ID, NULL, 0}; SECStatus lrv = SECSuccess; - int error; - + int error = SEC_ERROR_LIBRARY_FAILURE; sourceCert = PK11_MakeCertFromHandle(sourceSlot, id, NULL); if (sourceCert == NULL) { diff --git a/lib/pk11wrap/pk11obj.c b/lib/pk11wrap/pk11obj.c index 708029481..e09d22768 100644 --- a/lib/pk11wrap/pk11obj.c +++ b/lib/pk11wrap/pk11obj.c @@ -1781,7 +1781,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, int tsize = sizeof(theTemplate)/sizeof(theTemplate[0]); /* if you change the array, change the variable below as well */ CK_OBJECT_HANDLE peerID; - CK_OBJECT_HANDLE parent; PLArenaPool *arena; CK_RV crv; @@ -1810,7 +1809,6 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE searchID, /* * issue the find */ - parent = *(CK_OBJECT_CLASS *)(keyclass->pValue); *(CK_OBJECT_CLASS *)(keyclass->pValue) = matchclass; peerID = pk11_FindObjectByTemplate(slot,theTemplate,tsize); diff --git a/lib/pk11wrap/pk11pk12.c b/lib/pk11wrap/pk11pk12.c index 471e57b33..2152a41e7 100644 --- a/lib/pk11wrap/pk11pk12.c +++ b/lib/pk11wrap/pk11pk12.c @@ -422,7 +422,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, PRBool isPerm, PRBool isPrivate, unsigned int keyUsage, SECKEYPrivateKey **privk, void *wincx) { - CK_KEY_TYPE keyType = CKK_RSA; SECStatus rv = SECFailure; SECKEYRawPrivateKey *lpk = NULL; const SEC_ASN1Template *keyTemplate, *paramTemplate; @@ -449,7 +448,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = rsaKey; - keyType = CKK_RSA; break; case SEC_OID_ANSIX9_DSA_SIGNATURE: prepare_dsa_priv_key_export_for_asn1(lpk); @@ -457,7 +455,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = SECKEY_PQGParamsTemplate; paramDest = &(lpk->u.dsa.params); lpk->keyType = dsaKey; - keyType = CKK_DSA; break; case SEC_OID_X942_DIFFIE_HELMAN_KEY: if(!publicValue) { @@ -468,7 +465,6 @@ PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, paramTemplate = NULL; paramDest = NULL; lpk->keyType = dhKey; - keyType = CKK_DH; break; default: diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c index 1f6597b5e..044956fe4 100644 --- a/lib/pk11wrap/pk11slot.c +++ b/lib/pk11wrap/pk11slot.c @@ -555,10 +555,10 @@ PK11_FindSlotsByNames(const char *dllName, const char* slotName, break; } if ((PR_FALSE == presentOnly || PK11_IsPresent(tmpSlot)) && - ( (!tokenName) || (tmpSlot->token_name && - (0==PORT_Strcmp(tmpSlot->token_name, tokenName)))) && - ( (!slotName) || (tmpSlot->slot_name && - (0==PORT_Strcmp(tmpSlot->slot_name, slotName)))) ) { + ( (!tokenName) || + (0==PORT_Strcmp(tmpSlot->token_name, tokenName)) ) && + ( (!slotName) || + (0==PORT_Strcmp(tmpSlot->slot_name, slotName)) ) ) { if (tmpSlot) { PK11_AddSlotToList(slotList, tmpSlot, PR_TRUE); slotcount++; @@ -1105,7 +1105,6 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) { CK_TOKEN_INFO tokenInfo; CK_RV crv; - char *tmp; SECStatus rv; PRStatus status; @@ -1139,8 +1138,8 @@ PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts) if (slot->isActiveCard) { slot->protectedAuthPath = PR_FALSE; } - tmp = PK11_MakeString(NULL,slot->token_name, - (char *)tokenInfo.label, sizeof(tokenInfo.label)); + (void)PK11_MakeString(NULL,slot->token_name, + (char *)tokenInfo.label, sizeof(tokenInfo.label)); slot->minPassword = tokenInfo.ulMinPinLen; slot->maxPassword = tokenInfo.ulMaxPinLen; PORT_Memcpy(slot->serial,tokenInfo.serialNumber,sizeof(slot->serial)); @@ -1349,7 +1348,6 @@ void PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) { SECStatus rv; - char *tmp; CK_SLOT_INFO slotInfo; slot->functionList = mod->functionList; @@ -1371,7 +1369,7 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot) * works because modules keep implicit references * from their slots, and won't unload and disappear * until all their slots have been freed */ - tmp = PK11_MakeString(NULL,slot->slot_name, + (void)PK11_MakeString(NULL,slot->slot_name, (char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription)); slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT); #define ACTIVE_CARD "ActivCard SA" @@ -2052,7 +2050,7 @@ PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type, PK11SlotInfo *slot = NULL; PRBool freeit = PR_FALSE; PRBool listNeedLogin = PR_FALSE; - int i; + unsigned int i; SECStatus rv; list = PK11_GetSlotList(type[0]); diff --git a/lib/pkcs12/p12d.c b/lib/pkcs12/p12d.c index 6a3a38c94..51bf0f7f5 100644 --- a/lib/pkcs12/p12d.c +++ b/lib/pkcs12/p12d.c @@ -2810,7 +2810,7 @@ SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, return SECFailure; } - for (i = 0; safeBag = p12dcx->safeBags[i]; i++) { + for (i = 0; (safeBag = p12dcx->safeBags[i]); i++) { SECItem *newNickname = NULL; SECItem *defaultNickname = NULL; SECStatus rename_rv; diff --git a/lib/pkcs12/p12e.c b/lib/pkcs12/p12e.c index 5584407f8..4efd9abb7 100644 --- a/lib/pkcs12/p12e.c +++ b/lib/pkcs12/p12e.c @@ -695,7 +695,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, void *bagData) { sec_PKCS12SafeBag *safeBag; - PRBool setName = PR_TRUE; void *mark = NULL; SECStatus rv = SECSuccess; SECOidData *oidData = NULL; @@ -740,7 +739,6 @@ sec_PKCS12CreateSafeBag(SEC_PKCS12ExportContext *p12ctxt, SECOidTag bagType, case SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID: safeBag->safeBagContent.safeContents = (sec_PKCS12SafeContents *)bagData; - setName = PR_FALSE; break; default: goto loser; @@ -1532,8 +1530,6 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) * it is confirmed that integrity must be in place */ if(p12exp->integrityEnabled && !p12exp->pwdIntegrity) { - SECStatus rv; - /* create public key integrity mode */ p12enc->aSafeCinfo = SEC_PKCS7CreateSignedData( p12exp->integrityInfo.pubkeyInfo.cert, @@ -1549,8 +1545,7 @@ sec_pkcs12_encoder_start_context(SEC_PKCS12ExportContext *p12exp) if(SEC_PKCS7IncludeCertChain(p12enc->aSafeCinfo,NULL) != SECSuccess) { goto loser; } - rv = SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo); - PORT_Assert(rv == SECSuccess); + PORT_AssertSuccess(SEC_PKCS7AddSigningTime(p12enc->aSafeCinfo)); } else { p12enc->aSafeCinfo = SEC_PKCS7CreateData(); diff --git a/lib/pkcs7/p7decode.c b/lib/pkcs7/p7decode.c index 80689544e..7a52d8203 100644 --- a/lib/pkcs7/p7decode.c +++ b/lib/pkcs7/p7decode.c @@ -1290,7 +1290,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, const SECItem *digest; SECItem **digests; SECItem **rawcerts; - CERTSignedCrl **crls; SEC_PKCS7SignerInfo **signerinfos, *signerinfo; CERTCertificate *cert, **certs; PRBool goodsig; @@ -1340,7 +1339,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = sdp->digestAlgorithms; digests = sdp->digests; rawcerts = sdp->rawCerts; - crls = sdp->crls; signerinfos = sdp->signerInfos; content_type = &(sdp->contentInfo.contentType); sigkey = NULL; @@ -1355,7 +1353,6 @@ sec_pkcs7_verify_signature(SEC_PKCS7ContentInfo *cinfo, digestalgs = saedp->digestAlgorithms; digests = saedp->digests; rawcerts = saedp->rawCerts; - crls = saedp->crls; signerinfos = saedp->signerInfos; content_type = &(saedp->encContentInfo.contentType); sigkey = saedp->sigKey; diff --git a/lib/pkcs7/p7encode.c b/lib/pkcs7/p7encode.c index 99b68ee51..349bc8461 100644 --- a/lib/pkcs7/p7encode.c +++ b/lib/pkcs7/p7encode.c @@ -59,13 +59,10 @@ sec_pkcs7_encoder_start_encrypt (SEC_PKCS7ContentInfo *cinfo, SECKEYPublicKey *publickey = NULL; SECKEYPrivateKey *ourPrivKey = NULL; PK11SymKey *bulkkey; - void *mark, *wincx; + void *mark; int i; PLArenaPool *arena = NULL; - /* Get the context in case we need it below. */ - wincx = cinfo->pwfn_arg; - kind = SEC_PKCS7ContentType (cinfo); switch (kind) { default: diff --git a/lib/pkcs7/p7local.c b/lib/pkcs7/p7local.c index 6a7af1f80..8c5e0bfa5 100644 --- a/lib/pkcs7/p7local.c +++ b/lib/pkcs7/p7local.c @@ -397,7 +397,7 @@ sec_PKCS7Decrypt (sec_PKCS7CipherObject *obj, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - int blocks, bsize, pcount, padsize; + unsigned int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/lib/pki/certificate.c b/lib/pki/certificate.c index ed6145a55..fdf147c9e 100644 --- a/lib/pki/certificate.c +++ b/lib/pki/certificate.c @@ -895,7 +895,6 @@ nssCertificateList_DoCallback ( { nssListIterator *certs; NSSCertificate *cert; - PRStatus nssrv; certs = nssList_CreateIterator(certList); if (!certs) { return PR_FAILURE; @@ -904,7 +903,7 @@ nssCertificateList_DoCallback ( cert != (NSSCertificate *)NULL; cert = (NSSCertificate *)nssListIterator_Next(certs)) { - nssrv = (*callback)(cert, arg); + (void)(*callback)(cert, arg); } nssListIterator_Finish(certs); nssListIterator_Destroy(certs); diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c index 953d73800..a415ace4c 100644 --- a/lib/pki/pki3hack.c +++ b/lib/pki/pki3hack.c @@ -1272,7 +1272,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject) { int numNotDestroyed = 0; /* the ones skipped plus the failures */ int failureCount = 0; /* actual deletion failures by devices */ - int index; + unsigned int index; nssPKIObject_AddRef(tObject); nssPKIObject_Lock(tObject); @@ -1327,7 +1327,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c) /* caller made sure nssTrust isn't NULL */ nssPKIObject *tobject = &nssTrust->object; nssPKIObject *cobject = &c->object; - int i; + unsigned int i; /* Iterate through the cert and trust object instances looking for * those with matching pk11 slots to delete. Even if some device diff --git a/lib/pki/pkibase.c b/lib/pki/pkibase.c index 083b9b66a..c86e5bb42 100644 --- a/lib/pki/pkibase.c +++ b/lib/pki/pkibase.c @@ -903,7 +903,6 @@ nssPKIObjectCollection_Traverse ( nssPKIObjectCallback *callback ) { - PRStatus status; PRCList *link = PR_NEXT_LINK(&collection->head); pkiObjectCollectionNode *node; while (link != &collection->head) { @@ -920,19 +919,19 @@ nssPKIObjectCollection_Traverse ( } switch (collection->objectType) { case pkiObjectType_Certificate: - status = (*callback->func.cert)((NSSCertificate *)node->object, + (void)(*callback->func.cert)((NSSCertificate *)node->object, callback->arg); break; case pkiObjectType_CRL: - status = (*callback->func.crl)((NSSCRL *)node->object, + (void)(*callback->func.crl)((NSSCRL *)node->object, callback->arg); break; case pkiObjectType_PrivateKey: - status = (*callback->func.pvkey)((NSSPrivateKey *)node->object, + (void)(*callback->func.pvkey)((NSSPrivateKey *)node->object, callback->arg); break; case pkiObjectType_PublicKey: - status = (*callback->func.pbkey)((NSSPublicKey *)node->object, + (void)(*callback->func.pbkey)((NSSPublicKey *)node->object, callback->arg); break; } @@ -1057,7 +1056,6 @@ nssCertificateCollection_Create ( NSSCertificate **certsOpt ) { - PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKIMonitor); collection->objectType = pkiObjectType_Certificate; @@ -1068,7 +1066,7 @@ nssCertificateCollection_Create ( if (certsOpt) { for (; *certsOpt; certsOpt++) { nssPKIObject *object = (nssPKIObject *)(*certsOpt); - status = nssPKIObjectCollection_AddObject(collection, object); + (void)nssPKIObjectCollection_AddObject(collection, object); } } return collection; @@ -1164,7 +1162,6 @@ nssCRLCollection_Create ( NSSCRL **crlsOpt ) { - PRStatus status; nssPKIObjectCollection *collection; collection = nssPKIObjectCollection_Create(td, NULL, nssPKILock); collection->objectType = pkiObjectType_CRL; @@ -1175,7 +1172,7 @@ nssCRLCollection_Create ( if (crlsOpt) { for (; *crlsOpt; crlsOpt++) { nssPKIObject *object = (nssPKIObject *)(*crlsOpt); - status = nssPKIObjectCollection_AddObject(collection, object); + (void)nssPKIObjectCollection_AddObject(collection, object); } } return collection; diff --git a/lib/pki/tdcache.c b/lib/pki/tdcache.c index 7842189ca..5f9dfdd5c 100644 --- a/lib/pki/tdcache.c +++ b/lib/pki/tdcache.c @@ -329,7 +329,7 @@ nssTrustDomain_RemoveCertFromCacheLOCKED ( nssList *subjectList; cache_entry *ce; NSSArena *arena; - NSSUTF8 *nickname; + NSSUTF8 *nickname = NULL; #ifdef DEBUG_CACHE log_cert_ref("attempt to remove cert", cert); @@ -776,14 +776,18 @@ add_cert_to_cache ( added++; /* If a new subject entry was created, also need nickname and/or email */ if (subjectList != NULL) { +#ifdef nodef PRBool handle = PR_FALSE; +#endif if (certNickname) { nssrv = add_nickname_entry(arena, td->cache, certNickname, subjectList); if (nssrv != PR_SUCCESS) { goto loser; } +#ifdef nodef handle = PR_TRUE; +#endif added++; } if (cert->email) { @@ -791,7 +795,9 @@ add_cert_to_cache ( if (nssrv != PR_SUCCESS) { goto loser; } +#ifdef nodef handle = PR_TRUE; +#endif added += 2; } #ifdef nodef diff --git a/lib/pki/trustdomain.c b/lib/pki/trustdomain.c index a3d26a88d..90e8f268d 100644 --- a/lib/pki/trustdomain.c +++ b/lib/pki/trustdomain.c @@ -991,7 +991,6 @@ NSSTrustDomain_TraverseCertificates ( void *arg ) { - PRStatus status = PR_FAILURE; NSSToken *token = NULL; NSSSlot **slots = NULL; NSSSlot **slotp; @@ -1028,7 +1027,7 @@ NSSTrustDomain_TraverseCertificates ( session = nssTrustDomain_GetSessionForToken(td, token); if (session) { /* perform the traversal */ - status = nssToken_TraverseCertificates(token, + (void)nssToken_TraverseCertificates(token, session, tokenOnly, collector, @@ -1041,7 +1040,7 @@ NSSTrustDomain_TraverseCertificates ( /* Traverse the collection */ pkiCallback.func.cert = callback; pkiCallback.arg = arg; - status = nssPKIObjectCollection_Traverse(collection, &pkiCallback); + (void)nssPKIObjectCollection_Traverse(collection, &pkiCallback); loser: if (slots) { nssSlotArray_Destroy(slots); diff --git a/lib/smime/cmsasn1.c b/lib/smime/cmsasn1.c index 4519363b9..b09a2e18c 100644 --- a/lib/smime/cmsasn1.c +++ b/lib/smime/cmsasn1.c @@ -51,10 +51,6 @@ const SEC_ASN1Template NSSCMSMessageTemplate[] = { { 0 } }; -static const SEC_ASN1Template NSS_PointerToCMSMessageTemplate[] = { - { SEC_ASN1_POINTER, 0, NSSCMSMessageTemplate } -}; - /* ----------------------------------------------------------------------------- * ENCAPSULATED & ENCRYPTED CONTENTINFO * (both use a NSSCMSContentInfo) diff --git a/lib/smime/cmscipher.c b/lib/smime/cmscipher.c index 16d643615..958d4e473 100644 --- a/lib/smime/cmscipher.c +++ b/lib/smime/cmscipher.c @@ -366,7 +366,7 @@ NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output, const unsigned char *input, unsigned int input_len, PRBool final) { - int blocks, bsize, pcount, padsize; + unsigned int blocks, bsize, pcount, padsize; unsigned int max_needed, ifraglen, ofraglen, output_len; unsigned char *pbuf; SECStatus rv; diff --git a/lib/smime/cmsencode.c b/lib/smime/cmsencode.c index 651f0865a..3025740b5 100644 --- a/lib/smime/cmsencode.c +++ b/lib/smime/cmsencode.c @@ -122,7 +122,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) NSSCMSEncoderContext *p7ecx; NSSCMSContentInfo *rootcinfo, *cinfo; PRBool after = !before; - PLArenaPool *poolp; SECOidTag childtype; SECItem *item; @@ -130,7 +129,6 @@ nss_cms_encoder_notify(void *arg, PRBool before, void *dest, int depth) PORT_Assert(p7ecx != NULL); rootcinfo = &(p7ecx->cmsg->contentInfo); - poolp = p7ecx->cmsg->poolp; #ifdef CMSDEBUG fprintf(stderr, "%6.6s, dest = 0x%08x, depth = %d\n", before ? "before" : "after", dest, depth); @@ -201,12 +199,9 @@ nss_cms_before_data(NSSCMSEncoderContext *p7ecx) SECStatus rv; SECOidTag childtype; NSSCMSContentInfo *cinfo; - PLArenaPool *poolp; NSSCMSEncoderContext *childp7ecx; const SEC_ASN1Template *template; - poolp = p7ecx->cmsg->poolp; - /* call _Encode_BeforeData handlers */ switch (p7ecx->type) { case SEC_OID_PKCS7_SIGNED_DATA: diff --git a/lib/smime/cmsrecinfo.c b/lib/smime/cmsrecinfo.c index 5e08870b2..abc22542c 100644 --- a/lib/smime/cmsrecinfo.c +++ b/lib/smime/cmsrecinfo.c @@ -526,7 +526,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, CERTCertificate *cert, SECKEYPrivateKey *privkey, SECOidTag bulkalgtag) { PK11SymKey *bulkkey = NULL; - SECAlgorithmID *encalg; SECOidTag encalgtag; SECItem *enckey; int error; @@ -536,7 +535,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, switch (ri->recipientInfoType) { case NSSCMSRecipientInfoID_KeyTrans: - encalg = &(ri->ri.keyTransRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyTransRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyTransRecipientInfo.encKey); /* ignore subIndex */ switch (encalgtag) { @@ -551,7 +549,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KeyAgree: - encalg = &(ri->ri.keyAgreeRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.keyAgreeRecipientInfo.keyEncAlg)); enckey = &(ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[subIndex]->encKey); switch (encalgtag) { @@ -573,7 +570,6 @@ NSS_CMSRecipientInfo_UnwrapBulkKey(NSSCMSRecipientInfo *ri, int subIndex, } break; case NSSCMSRecipientInfoID_KEK: - encalg = &(ri->ri.kekRecipientInfo.keyEncAlg); encalgtag = SECOID_GetAlgorithmTag(&(ri->ri.kekRecipientInfo.keyEncAlg)); enckey = &(ri->ri.kekRecipientInfo.encKey); /* not supported yet */ diff --git a/lib/smime/cmsudf.c b/lib/smime/cmsudf.c index 13071113e..472b6d663 100644 --- a/lib/smime/cmsudf.c +++ b/lib/smime/cmsudf.c @@ -79,14 +79,14 @@ nss_cmstype_shutdown(void *appData, void *reserved) static PLHashNumber nss_cmstype_hash_key(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } static PRIntn nss_cmstype_compare_keys(const void *v1, const void *v2) { - PLHashNumber value1 = (PLHashNumber) v1; - PLHashNumber value2 = (PLHashNumber) v2; + PLHashNumber value1 = nss_cmstype_hash_key(v1); + PLHashNumber value2 = nss_cmstype_hash_key(v2); return (value1 == value2); } diff --git a/lib/smime/smimeutil.c b/lib/smime/smimeutil.c index fbb61b9c1..84d1960a0 100644 --- a/lib/smime/smimeutil.c +++ b/lib/smime/smimeutil.c @@ -759,6 +759,8 @@ extern const char __nss_smime_version[]; PRBool NSSSMIME_VersionCheck(const char *importedVersion) { +#define NSS_VERSION_VARIABLE __nss_smime_version +#include "verref.h" /* * This is the secret handshake algorithm. * @@ -768,10 +770,6 @@ NSSSMIME_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_smime_version[0]; - return NSS_VersionCheck(importedVersion); } diff --git a/lib/softoken/legacydb/keydb.c b/lib/softoken/legacydb/keydb.c index 085b2be20..c3dd887b0 100644 --- a/lib/softoken/legacydb/keydb.c +++ b/lib/softoken/legacydb/keydb.c @@ -1476,7 +1476,9 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, SECItem *cipherText = NULL; SECItem *dummy = NULL; #ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug = NULL; +#endif int savelen; #endif @@ -1589,9 +1591,11 @@ seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, goto loser; } +#ifdef EC_DEBUG fordebug = &(pki->privateKey); SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey", pk->keyType, fordebug); +#endif break; #endif /* NSS_DISABLE_ECC */ @@ -1704,7 +1708,7 @@ seckey_decrypt_private_key(SECItem*epki, SECStatus rv = SECFailure; PLArenaPool *temparena = NULL, *permarena = NULL; SECItem *dest = NULL; -#ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug = NULL; #endif @@ -1817,9 +1821,11 @@ seckey_decrypt_private_key(SECItem*epki, pk->keyType = NSSLOWKEYECKey; lg_prepare_low_ec_priv_key_for_asn1(pk); +#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey", pk->keyType, fordebug); +#endif if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey, &pki->privateKey) ) break; rv = SEC_QuickDERDecodeItem(permarena, pk, @@ -1990,12 +1996,10 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, SECItem *encCheck) { SECOidData *oidData; - SECStatus rv; oidData = SECOID_FindOIDByTag(alg); if ( oidData == NULL ) { - rv = SECFailure; - goto loser; + return SECFailure; } entry->len = 1 + oidData->oid.len + encCheck->len; @@ -2006,7 +2010,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, } if ( entry->data == NULL ) { - goto loser; + return SECFailure; } /* first length of oid */ @@ -2017,10 +2021,7 @@ encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg, PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data, encCheck->len); - return(SECSuccess); - -loser: - return(SECFailure); + return SECSuccess; } @@ -2032,7 +2033,6 @@ static SECStatus nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) { SECStatus rv; - int ret; int errors = 0; if ( handle->db == NULL ) { @@ -2080,7 +2080,7 @@ nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle) done: /* sync the database */ - ret = keydb_Sync(handle, 0); + (void)keydb_Sync(handle, 0); db_InitComplete(handle->db); return (errors == 0 ? SECSuccess : SECFailure); @@ -2089,7 +2089,6 @@ done: static int keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2099,7 +2098,7 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2107,7 +2106,6 @@ keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret = 0; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2117,7 +2115,7 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2125,7 +2123,6 @@ keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static int keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2135,7 +2132,7 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) ret = (* db->sync)(db, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2143,7 +2140,6 @@ keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags) static int keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2153,7 +2149,7 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2161,7 +2157,6 @@ keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags) static int keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2171,7 +2166,7 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - prstat = PZ_Unlock(kdbLock); + (void)PZ_Unlock(kdbLock); return(ret); } @@ -2179,7 +2174,6 @@ keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags) static void keydb_Close(NSSLOWKEYDBHandle *kdb) { - PRStatus prstat; PRLock *kdbLock = kdb->lock; DB *db = kdb->db; @@ -2188,7 +2182,7 @@ keydb_Close(NSSLOWKEYDBHandle *kdb) (* db->close)(db); - SKIP_AFTER_FORK(prstat = PZ_Unlock(kdbLock)); + SKIP_AFTER_FORK(PZ_Unlock(kdbLock)); return; } diff --git a/lib/softoken/legacydb/lgattr.c b/lib/softoken/legacydb/lgattr.c index 00a0a746d..7c80c568e 100644 --- a/lib/softoken/legacydb/lgattr.c +++ b/lib/softoken/legacydb/lgattr.c @@ -210,8 +210,6 @@ static const CK_ATTRIBUTE lg_StaticFalseAttr = LG_DEF_ATTRIBUTE(&lg_staticFalseValue,sizeof(lg_staticFalseValue)); static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL,0); char lg_StaticOneValue = 1; -static const CK_ATTRIBUTE lg_StaticOneAttr = - LG_DEF_ATTRIBUTE(&lg_StaticOneValue,sizeof(lg_StaticOneValue)); /* * helper functions which get the database and call the underlying @@ -434,11 +432,6 @@ lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) { return pubItem; } -static const SEC_ASN1Template lg_SerialTemplate[] = { - { SEC_ASN1_INTEGER, offsetof(NSSLOWCERTCertificate,serialNumber) }, - { 0 } -}; - static CK_RV lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attribute) diff --git a/lib/softoken/legacydb/lginit.c b/lib/softoken/legacydb/lginit.c index d08d4506a..47da8f042 100644 --- a/lib/softoken/legacydb/lginit.c +++ b/lib/softoken/legacydb/lginit.c @@ -476,14 +476,14 @@ lg_Close(SDB *sdb) static PLHashNumber lg_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } PRIntn lg_CompareValues(const void *v1, const void *v2) { - PLHashNumber value1 = (PLHashNumber) v1; - PLHashNumber value2 = (PLHashNumber) v2; + PLHashNumber value1 = lg_HashNumber(v1); + PLHashNumber value2 = lg_HashNumber(v2); return (value1 == value2); } @@ -587,9 +587,9 @@ legacy_Open(const char *configdir, const char *certPrefix, CK_RV crv = CKR_OK; SECStatus rv; PRBool readOnly = (flags == SDB_RDONLY)? PR_TRUE: PR_FALSE; - volatile char c; /* force a reference that won't get optimized away */ - c = __nss_dbm_version[0]; +#define NSS_VERSION_VARIABLE __nss_dbm_version +#include "verref.h" rv = SECOID_Init(); if (SECSuccess != rv) { diff --git a/lib/softoken/legacydb/pcertdb.c b/lib/softoken/legacydb/pcertdb.c index 5f7670062..4eda4f0f4 100644 --- a/lib/softoken/legacydb/pcertdb.c +++ b/lib/softoken/legacydb/pcertdb.c @@ -103,13 +103,12 @@ nsslowcert_LockDB(NSSLOWCERTCertDBHandle *handle) static void nsslowcert_UnlockDB(NSSLOWCERTCertDBHandle *handle) { - PRStatus prstat; - - prstat = PZ_ExitMonitor(handle->dbMon); - +#ifdef DEBUG + PRStatus prstat = PZ_ExitMonitor(handle->dbMon); PORT_Assert(prstat == PR_SUCCESS); - - return; +#else + PZ_ExitMonitor(handle->dbMon); +#endif } @@ -134,15 +133,16 @@ nsslowcert_LockCertRefCount(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertRefCount(NSSLOWCERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certRefCountLock != NULL); - prstat = PZ_Unlock(certRefCountLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certRefCountLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certRefCountLock); +#endif } /* @@ -166,15 +166,16 @@ nsslowcert_LockCertTrust(NSSLOWCERTCertificate *cert) static void nsslowcert_UnlockCertTrust(NSSLOWCERTCertificate *cert) { - PRStatus prstat; - PORT_Assert(certTrustLock != NULL); - prstat = PZ_Unlock(certTrustLock); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PZ_Unlock(certTrustLock); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + PZ_Unlock(certTrustLock); +#endif } @@ -199,15 +200,17 @@ nsslowcert_LockFreeList(void) static void nsslowcert_UnlockFreeList(void) { - PRStatus prstat = PR_SUCCESS; - PORT_Assert(freeListLock != NULL); - SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); - - PORT_Assert(prstat == PR_SUCCESS); - - return; +#ifdef DEBUG + { + PRStatus prstat = PR_SUCCESS; + SKIP_AFTER_FORK(prstat = PZ_Unlock(freeListLock)); + PORT_Assert(prstat == PR_SUCCESS); + } +#else + SKIP_AFTER_FORK(PZ_Unlock(freeListLock)); +#endif } NSSLOWCERTCertificate * @@ -224,7 +227,6 @@ nsslowcert_DupCertificate(NSSLOWCERTCertificate *c) static int certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -232,7 +234,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->get)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -240,7 +242,6 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret = 0; PORT_Assert(dbLock != NULL); @@ -248,7 +249,7 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->put)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -256,7 +257,6 @@ certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags) static int certdb_Sync(DB *db, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -264,7 +264,7 @@ certdb_Sync(DB *db, unsigned int flags) ret = (* db->sync)(db, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -273,7 +273,6 @@ certdb_Sync(DB *db, unsigned int flags) static int certdb_Del(DB *db, DBT *key, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -281,7 +280,7 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) ret = (* db->del)(db, key, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); /* don't fail if the record is already deleted */ if (ret == DB_NOT_FOUND) { @@ -294,7 +293,6 @@ certdb_Del(DB *db, DBT *key, unsigned int flags) static int certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) { - PRStatus prstat; int ret; PORT_Assert(dbLock != NULL); @@ -302,7 +300,7 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) ret = (* db->seq)(db, key, data, flags); - prstat = PZ_Unlock(dbLock); + (void)PZ_Unlock(dbLock); return(ret); } @@ -310,14 +308,12 @@ certdb_Seq(DB *db, DBT *key, DBT *data, unsigned int flags) static void certdb_Close(DB *db) { - PRStatus prstat = PR_SUCCESS; - PORT_Assert(dbLock != NULL); SKIP_AFTER_FORK(PZ_Lock(dbLock)); (* db->close)(db); - SKIP_AFTER_FORK(prstat = PZ_Unlock(dbLock)); + SKIP_AFTER_FORK(PZ_Unlock(dbLock)); return; } @@ -2430,7 +2426,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, certDBEntrySubject *entry; SECStatus rv; unsigned int nnlen; - unsigned int eaddrlen; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ( arena == NULL ) { @@ -2480,7 +2475,6 @@ NewDBSubjectEntry(SECItem *derSubject, SECItem *certKey, goto loser; } - eaddrlen = PORT_Strlen(emailAddr) + 1; entry->emailAddrs = (char **)PORT_ArenaAlloc(arena, sizeof(char *)); if ( entry->emailAddrs == NULL ) { PORT_Free(emailAddr); @@ -3586,7 +3580,6 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) certDBEntrySMime *emailEntry = NULL; char *nickname; char *emailAddr; - SECStatus rv; /* * Sequence through the old database and copy all of the entries @@ -3700,7 +3693,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) if ( subjectEntry->nickname ) { PORT_Memcpy(subjectEntry->nickname, nickname, key.size - 1); - rv = WriteDBSubjectEntry(handle, subjectEntry); + (void)WriteDBSubjectEntry(handle, subjectEntry); } } else if ( type == certDBEntryTypeSMimeProfile ) { emailAddr = &((char *)key.data)[1]; @@ -3729,7 +3722,7 @@ UpdateV6DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) PORT_Memcpy(subjectEntry->emailAddrs[0], emailAddr, key.size - 1); subjectEntry->nemailAddrs = 1; - rv = WriteDBSubjectEntry(handle, subjectEntry); + (void)WriteDBSubjectEntry(handle, subjectEntry); } } } @@ -3791,14 +3784,13 @@ static SECStatus UpdateV5DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) { NSSLOWCERTCertDBHandle updatehandle; - SECStatus rv; updatehandle.permCertDB = updatedb; updatehandle.dbMon = PZ_NewMonitor(nssILockCertDB); updatehandle.dbVerify = 0; updatehandle.ref = 1; /* prevent premature close */ - rv = nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, + (void)nsslowcert_TraversePermCerts(&updatehandle, updateV5Callback, (void *)handle); PZ_DestroyMonitor(updatehandle.dbMon); @@ -5071,7 +5063,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, PRBool isKRL) { SECItem keyitem; - DBT key; SECStatus rv; PLArenaPool *arena = NULL; certDBEntryRevocation *entry = NULL; @@ -5088,9 +5079,6 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, goto loser; } - key.data = keyitem.data; - key.size = keyitem.len; - /* find in perm database */ entry = ReadDBCrlEntry(handle, crlKey, crlType); diff --git a/lib/softoken/lowpbe.c b/lib/softoken/lowpbe.c index c0949fec0..16d4c9141 100644 --- a/lib/softoken/lowpbe.c +++ b/lib/softoken/lowpbe.c @@ -516,7 +516,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *hashObject, } PORT_Memcpy(Ai, iterBuf, hashLength); - for (Bidx = 0; Bidx < B.len; Bidx += hashLength) { + for (Bidx = 0; Bidx < (int)B.len; Bidx += hashLength) { PORT_Memcpy(B.data+Bidx,iterBuf,NSSPBE_MIN(B.len-Bidx,hashLength)); } diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c index baa090037..e52c57db8 100644 --- a/lib/softoken/pkcs11.c +++ b/lib/softoken/pkcs11.c @@ -1746,7 +1746,7 @@ NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,CK_KEY_TYPE key_type, crv = sftk_Attribute2SSecItem(arena,&pubKey->u.ec.publicValue, object,CKA_EC_POINT); if (crv == CKR_OK) { - int keyLen,curveLen; + unsigned int keyLen,curveLen; curveLen = (pubKey->u.ec.ecParams.fieldID.size +7)/8; keyLen = (2*curveLen)+1; @@ -2221,7 +2221,7 @@ CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) static PLHashNumber sftk_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } /* @@ -3144,11 +3144,11 @@ extern const char __nss_softokn_version[]; /* NSC_GetInfo returns general information about Cryptoki. */ CK_RV NSC_GetInfo(CK_INFO_PTR pInfo) { - volatile char c; /* force a reference that won't get optimized away */ +#define NSS_VERSION_VARIABLE __nss_softokn_version +#include "verref.h" CHECK_FORK(); - c = __nss_softokn_version[0]; pInfo->cryptokiVersion.major = 2; pInfo->cryptokiVersion.minor = 20; PORT_Memcpy(pInfo->manufacturerID,manufacturerID,32); @@ -4005,7 +4005,7 @@ static CK_RV sftk_CreateNewSlot(SFTKSlot *slot, CK_OBJECT_CLASS class, PRBool isValidFIPSUserSlot = PR_FALSE; PRBool isValidSlot = PR_FALSE; PRBool isFIPS = PR_FALSE; - unsigned long moduleIndex; + unsigned long moduleIndex = NSC_NON_FIPS_MODULE; SFTKAttribute *attribute; sftk_parameters paramStrings; char *paramString; @@ -4514,7 +4514,7 @@ sftk_emailhack(SFTKSlot *slot, SFTKDBHandle *handle, { PRBool isCert = PR_FALSE; int emailIndex = -1; - int i; + unsigned int i; SFTKSearchResults smime_search; CK_ATTRIBUTE smime_template[2]; CK_OBJECT_CLASS smime_class = CKO_NETSCAPE_SMIME; diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c index 2ae4a74bc..0a2c5dc89 100644 --- a/lib/softoken/pkcs11c.c +++ b/lib/softoken/pkcs11c.c @@ -73,6 +73,7 @@ static void sftk_Null(void *data, PRBool freeit) } \ printf("\n") #else +#undef EC_DEBUG #define SEC_PRINT(a, b, c, d) #endif #endif /* NSS_DISABLE_ECC */ @@ -4081,7 +4082,7 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, CK_MECHANISM mech = {0, NULL, 0}; CK_ULONG modulusLen; - CK_ULONG subPrimeLen; + CK_ULONG subPrimeLen = 0; PRBool isEncryptable = PR_FALSE; PRBool canSignVerify = PR_FALSE; PRBool isDerivable = PR_FALSE; @@ -4379,7 +4380,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, DSAPrivateKey * dsaPriv; /* Diffie Hellman */ - int private_value_bits = 0; DHPrivateKey * dhPriv; #ifndef NSS_DISABLE_ECC @@ -4431,7 +4431,6 @@ CK_RV NSC_GenerateKeyPair (CK_SESSION_HANDLE hSession, */ for (i=0; i < (int) ulPrivateKeyAttributeCount; i++) { if (pPrivateKeyTemplate[i].type == CKA_VALUE_BITS) { - private_value_bits = *(CK_ULONG *)pPrivateKeyTemplate[i].pValue; continue; } @@ -4901,7 +4900,9 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) SECStatus rv = SECSuccess; SECItem *encodedKey = NULL; #ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG SECItem *fordebug; +#endif int savelen; #endif @@ -4974,9 +4975,11 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) lk->u.ec.ecParams.curveOID.len = savelen; lk->u.ec.publicValue.len >>= 3; +#ifdef EC_DEBUG fordebug = &pki->privateKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKey", lk->keyType, fordebug); +#endif param = SECITEM_DupItem(&lk->u.ec.ecParams.DEREncoding); @@ -5015,7 +5018,7 @@ static SECItem *sftk_PackagePrivateKey(SFTKObject *key, CK_RV *crvp) nsslowkey_PrivateKeyInfoTemplate); *crvp = encodedKey ? CKR_OK : CKR_DEVICE_ERROR; -#ifndef NSS_DISABLE_ECC +#ifdef EC_DEBUG fordebug = encodedKey; SEC_PRINT("sftk_PackagePrivateKey()", "PrivateKeyInfo", lk->keyType, fordebug); @@ -6805,7 +6808,7 @@ key_and_mac_derive_fail: PRBool withCofactor = PR_FALSE; unsigned char *secret; unsigned char *keyData = NULL; - int secretlen, curveLen, pubKeyLen; + unsigned int secretlen, curveLen, pubKeyLen; CK_ECDH1_DERIVE_PARAMS *mechParams; NSSLOWKEYPrivateKey *privKey; PLArenaPool *arena = NULL; diff --git a/lib/softoken/pkcs11u.c b/lib/softoken/pkcs11u.c index 78e2fdc9c..de5cbbc29 100644 --- a/lib/softoken/pkcs11u.c +++ b/lib/softoken/pkcs11u.c @@ -1174,7 +1174,6 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) { SFTKSlot *slot = sftk_SlotFromSession(session); SFTKSessionObject *so = sftk_narrowToSessionObject(object); - SFTKTokenObject *to = sftk_narrowToTokenObject(object); CK_RV crv = CKR_OK; PRUint32 index = sftk_hash(object->handle, slot->sessObjHashSize); @@ -1191,8 +1190,10 @@ sftk_DeleteObject(SFTKSession *session, SFTKObject *object) sftk_FreeObject(object); /* free the reference owned by the queue */ } else { SFTKDBHandle *handle = sftk_getDBForTokenObject(slot, object->handle); - +#ifdef DEBUG + SFTKTokenObject *to = sftk_narrowToTokenObject(object); PORT_Assert(to); +#endif crv = sftkdb_DestroyObject(handle, object->handle); sftk_freeDB(handle); } @@ -1899,7 +1900,6 @@ SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) { SFTKObject *object = NULL; - SFTKTokenObject *tokObject = NULL; PRBool hasLocks = PR_FALSE; CK_RV crv; @@ -1908,7 +1908,6 @@ sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE handle) if (object == NULL) { return NULL; } - tokObject = (SFTKTokenObject *) object; object->handle = handle; /* every object must have a class, if we can't get it, the object diff --git a/lib/softoken/sdb.c b/lib/softoken/sdb.c index 83150bb38..16848604c 100644 --- a/lib/softoken/sdb.c +++ b/lib/softoken/sdb.c @@ -689,7 +689,7 @@ sdb_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *template, CK_ULONG count, char *join=""; int sqlerr = SQLITE_OK; CK_RV error = CKR_OK; - int i; + unsigned int i; LOCK_SQLITE() *find = NULL; @@ -836,7 +836,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, CK_RV error = CKR_OK; int found = 0; int retry = 0; - int i; + unsigned int i; /* open a new db if necessary */ @@ -879,7 +879,7 @@ sdb_GetAttributeValueNoLock(SDB *sdb, CK_OBJECT_HANDLE object_id, PR_Sleep(SDB_BUSY_RETRY_TIME); } if (sqlerr == SQLITE_ROW) { - int blobSize; + unsigned int blobSize; const char *blobData; blobSize = sqlite3_column_bytes(stmt, 0); @@ -963,7 +963,7 @@ sdb_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id, int sqlerr = SQLITE_OK; int retry = 0; CK_RV error = CKR_OK; - int i; + unsigned int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; @@ -1115,7 +1115,7 @@ sdb_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *object_id, CK_RV error = CKR_OK; CK_OBJECT_HANDLE this_object = CK_INVALID_HANDLE; int retry = 0; - int i; + unsigned int i; if ((sdb->sdb_flags & SDB_RDONLY) != 0) { return CKR_TOKEN_WRITE_PROTECTED; diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c index 149191018..b686e8e10 100644 --- a/lib/softoken/sftkdb.c +++ b/lib/softoken/sftkdb.c @@ -325,9 +325,7 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID, if (sftkdb_isULONGAttribute(template[i].type)) { if (template[i].pValue) { CK_ULONG value; - unsigned char *data; - data = (unsigned char *)ntemplate[i].pValue; value = sftk_SDBULong2ULong(ntemplate[i].pValue); if (length < sizeof(CK_ULONG)) { template[i].ulValueLen = -1; @@ -475,7 +473,7 @@ sftk_signTemplate(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE objectID, const CK_ATTRIBUTE *template, CK_ULONG count) { - int i; + unsigned int i; CK_RV crv; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -573,11 +571,8 @@ sftkdb_CreateObject(PLArenaPool *arena, SFTKDBHandle *handle, SDB *db, CK_OBJECT_HANDLE *objectID, CK_ATTRIBUTE *template, CK_ULONG count) { - PRBool inTransaction = PR_FALSE; CK_RV crv; - inTransaction = PR_TRUE; - crv = (*db->sdb_CreateObject)(db, objectID, template, count); if (crv != CKR_OK) { goto loser; @@ -595,9 +590,9 @@ sftk_ExtractTemplate(PLArenaPool *arena, SFTKObject *object, SFTKDBHandle *handle,CK_ULONG *pcount, CK_RV *crv) { - int count; + unsigned int count; CK_ATTRIBUTE *template; - int i, templateIndex; + unsigned int i, templateIndex; SFTKSessionObject *sessObject = sftk_narrowToSessionObject(object); PRBool doEnc = PR_TRUE; @@ -1021,7 +1016,7 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, { CK_ATTRIBUTE *attr; char *nickname, *newNickname; - int end, digit; + unsigned int end, digit; /* sanity checks. We should never get here with these errors */ if (objectType != CKO_CERTIFICATE) { @@ -1060,9 +1055,11 @@ sftkdb_resolveConflicts(PLArenaPool *arena, CK_OBJECT_CLASS objectType, return CKR_OK; } - for (end = attr->ulValueLen - 1; - end >= 0 && (digit = nickname[end]) <= '9' && digit >= '0'; - end--) { + for (end = attr->ulValueLen; end-- > 0;) { + digit = nickname[end]; + if (digit > '9' || digit < '0') { + break; + } if (digit < '9') { nickname[end]++; return CKR_OK; @@ -1257,7 +1254,7 @@ sftkdb_FindObjects(SFTKDBHandle *handle, SDBFind *find, crv = (*db->sdb_FindObjects)(db, find, ids, arraySize, count); if (crv == CKR_OK) { - int i; + unsigned int i; for (i=0; i < *count; i++) { ids[i] |= (handle->type | SFTK_TOKEN_TYPE); } @@ -1600,14 +1597,14 @@ static const CK_ATTRIBUTE_TYPE known_attributes[] = { CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS }; -static int known_attributes_size= sizeof(known_attributes)/ +static unsigned int known_attributes_size= sizeof(known_attributes)/ sizeof(known_attributes[0]); static CK_RV sftkdb_GetObjectTemplate(SDB *source, CK_OBJECT_HANDLE id, CK_ATTRIBUTE *ptemplate, CK_ULONG *max) { - int i,j; + unsigned int i,j; CK_RV crv; if (*max < known_attributes_size) { @@ -2011,7 +2008,6 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, {CKA_ID, NULL, 0}, {CKA_LABEL, NULL, 0} }; - CK_RV crv; attr1 = sftkdb_getAttributeFromTemplate(CKA_LABEL, ptemplate, *plen); attr2 = sftkdb_getAttributeFromTemplate(CKA_ID, ptemplate, *plen); @@ -2023,7 +2019,7 @@ sftkdb_handleIDAndName(PLArenaPool *arena, SDB *db, CK_OBJECT_HANDLE id, } /* the source has either an id or a label, see what the target has */ - crv = (*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); + (void)(*db->sdb_GetAttributeValue)(db, id, ttemplate, 2); /* if the target has neither, update from the source */ if ( ((ttemplate[0].ulValueLen == 0) || @@ -2168,7 +2164,7 @@ sftkdb_mergeObject(SFTKDBHandle *handle, CK_OBJECT_HANDLE id, CK_OBJECT_CLASS objectType; SDB *source = handle->update; SDB *target = handle->db; - int i; + unsigned int i; CK_RV crv; PLArenaPool *arena = NULL; @@ -2257,7 +2253,7 @@ sftkdb_Update(SFTKDBHandle *handle, SECItem *key) SECItem *updatePasswordKey = NULL; CK_RV crv, crv2; PRBool inTransaction = PR_FALSE; - int i; + unsigned int i; if (handle == NULL) { return CKR_OK; diff --git a/lib/softoken/sftkhmac.c b/lib/softoken/sftkhmac.c index 04c4e63dd..692a35359 100644 --- a/lib/softoken/sftkhmac.c +++ b/lib/softoken/sftkhmac.c @@ -146,28 +146,26 @@ void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - SECStatus rv = HMAC_ConstantTime( + PORT_AssertSuccess(HMAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength); - PORT_Assert(rv == SECSuccess); + ctx->totalLength)); } void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len) { sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; - SECStatus rv = SSLv3_MAC_ConstantTime( + PORT_AssertSuccess(SSLv3_MAC_ConstantTime( ctx->mac, NULL, sizeof(ctx->mac), ctx->hash, ctx->secret, ctx->secretLength, ctx->header, ctx->headerLength, data, len, - ctx->totalLength); - PORT_Assert(rv == SECSuccess); + ctx->totalLength)); } void diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c index 670744c1c..d8ce85775 100644 --- a/lib/softoken/sftkpwd.c +++ b/lib/softoken/sftkpwd.c @@ -864,8 +864,6 @@ static CK_RV sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, CK_OBJECT_HANDLE id, SECItem *newKey) { - CK_RV crv = CKR_OK; - CK_RV crv2; CK_ATTRIBUTE authAttrs[] = { {CKA_MODULUS, NULL, 0}, {CKA_PUBLIC_EXPONENT, NULL, 0}, @@ -879,7 +877,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, {CKA_NSS_OVERRIDE_EXTENSIONS, NULL, 0}, }; CK_ULONG authAttrCount = sizeof(authAttrs)/sizeof(CK_ATTRIBUTE); - int i, count; + unsigned int i, count; SFTKDBHandle *keyHandle = handle; SDB *keyTarget = NULL; @@ -902,7 +900,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, /* * STEP 1: find the MACed attributes of this object */ - crv2 = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); count = 0; /* allocate space for the attributes */ for (i=0; i < authAttrCount; i++) { @@ -912,7 +910,6 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, count++; authAttrs[i].pValue = PORT_ArenaAlloc(arena,authAttrs[i].ulValueLen); if (authAttrs[i].pValue == NULL) { - crv = CKR_HOST_MEMORY; break; } } @@ -922,7 +919,7 @@ sftk_updateMacs(PLArenaPool *arena, SFTKDBHandle *handle, return CKR_OK; } - crv = sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); + (void)sftkdb_GetAttributeValue(handle, id, authAttrs, authAttrCount); /* ignore error code, we expect some possible errors */ /* GetAttributeValue just verified the old macs, safe to write @@ -969,7 +966,7 @@ sftk_updateEncrypted(PLArenaPool *arena, SFTKDBHandle *keydb, {CKA_EXPONENT_2, NULL, 0}, {CKA_COEFFICIENT, NULL, 0} }; CK_ULONG privAttrCount = sizeof(privAttrs)/sizeof(CK_ATTRIBUTE); - int i, count; + unsigned int i, count; /* * STEP 1. Read the old attributes in the clear. @@ -1113,7 +1110,7 @@ sftkdb_convertObjects(SFTKDBHandle *handle, CK_ATTRIBUTE *template, CK_ULONG idCount = SFTK_MAX_IDS; CK_OBJECT_HANDLE ids[SFTK_MAX_IDS]; CK_RV crv, crv2; - int i; + unsigned int i; crv = sftkdb_FindObjectsInit(handle, template, count, &find); diff --git a/lib/sqlite/Makefile b/lib/sqlite/Makefile index a2f0cf7d5..dd8ea1434 100644 --- a/lib/sqlite/Makefile +++ b/lib/sqlite/Makefile @@ -46,3 +46,8 @@ include $(CORE_DEPTH)/coreconf/rules.mk export:: private_export +ifeq (WINNT,$(OS_ARCH)) +# sqlite calls the deprecated GetVersionExA method +OS_CFLAGS += -w44996 +endif + diff --git a/lib/sqlite/sqlite3.c b/lib/sqlite/sqlite3.c index 8ec2bb950..8f261e801 100644 --- a/lib/sqlite/sqlite3.c +++ b/lib/sqlite/sqlite3.c @@ -8149,17 +8149,17 @@ typedef INT8_TYPE i8; /* 1-byte signed integer */ ** Macros to determine whether the machine is big or little endian, ** evaluated at runtime. */ -#ifdef SQLITE_AMALGAMATION -SQLITE_PRIVATE const int sqlite3one = 1; -#else -SQLITE_PRIVATE const int sqlite3one; -#endif #if defined(i386) || defined(__i386__) || defined(_M_IX86)\ || defined(__x86_64) || defined(__x86_64__) # define SQLITE_BIGENDIAN 0 # define SQLITE_LITTLEENDIAN 1 # define SQLITE_UTF16NATIVE SQLITE_UTF16LE #else +# ifdef SQLITE_AMALGAMATION +SQLITE_PRIVATE const int sqlite3one = 1; +# else +SQLITE_PRIVATE const int sqlite3one; +# endif # define SQLITE_BIGENDIAN (*(char *)(&sqlite3one)==0) # define SQLITE_LITTLEENDIAN (*(char *)(&sqlite3one)==1) # define SQLITE_UTF16NATIVE (SQLITE_BIGENDIAN?SQLITE_UTF16BE:SQLITE_UTF16LE) diff --git a/lib/ssl/dtlscon.c b/lib/ssl/dtlscon.c index cb63b2cc0..47c839727 100644 --- a/lib/ssl/dtlscon.c +++ b/lib/ssl/dtlscon.c @@ -104,9 +104,7 @@ ssl3_DisableNonDTLSSuites(sslSocket * ss) const ssl3CipherSuite * suite; for (suite = nonDTLSSuites; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_AssertSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); } return SECSuccess; } @@ -396,7 +394,7 @@ dtls_HandleHandshake(sslSocket *ss, sslBuffer *origBuf) * This avoids having to fill in the bitmask in the common * case of adjacent fragments received in sequence */ - if (fragment_offset <= ss->ssl3.hs.recvdHighWater) { + if (fragment_offset <= (unsigned int)ss->ssl3.hs.recvdHighWater) { /* Either this is the adjacent fragment or an overlapping * fragment */ ss->ssl3.hs.recvdHighWater = fragment_offset + @@ -676,7 +674,7 @@ dtls_TransmitMessageFlight(sslSocket *ss) /* The reason we use 8 here is that that's the length of * the new DTLS data that we add to the header */ - fragment_len = PR_MIN(room_left - (SSL3_BUFFER_FUDGE + 8), + fragment_len = PR_MIN((PRUint32)room_left - (SSL3_BUFFER_FUDGE + 8), content_len - fragment_offset); PORT_Assert(fragment_len < DTLS_MAX_MTU - 12); /* Make totally sure that we are within the buffer. diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 220feaa70..befcb7722 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -2558,7 +2558,7 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec, PRUint32 fragLen; PRUint32 p1Len, p2Len, oddLen = 0; PRUint16 headerLen; - int ivLen = 0; + unsigned int ivLen = 0; int cipherBytes = 0; unsigned char pseudoHeader[13]; unsigned int pseudoHeaderLen; @@ -3120,7 +3120,8 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) { static const PRInt32 allowedFlags = ssl_SEND_FLAG_FORCE_INTO_BUFFER | ssl_SEND_FLAG_CAP_RECORD_VERSION; - PRInt32 rv = SECSuccess; + PRInt32 count = -1; + SECStatus rv = SECSuccess; PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -3134,18 +3135,19 @@ ssl3_FlushHandshakeMessages(sslSocket *ss, PRInt32 flags) PORT_SetError(SEC_ERROR_INVALID_ARGS); rv = SECFailure; } else { - rv = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, + count = ssl3_SendRecord(ss, 0, content_handshake, ss->sec.ci.sendBuf.buf, ss->sec.ci.sendBuf.len, flags); } - if (rv < 0) { + if (count < 0) { int err = PORT_GetError(); PORT_Assert(err != PR_WOULD_BLOCK_ERROR); if (err == PR_WOULD_BLOCK_ERROR) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } - } else if (rv < ss->sec.ci.sendBuf.len) { + rv = SECFailure; + } else if ((unsigned int)count < ss->sec.ci.sendBuf.len) { /* short write should never happen */ - PORT_Assert(rv >= ss->sec.ci.sendBuf.len); + PORT_Assert((unsigned int)count >= ss->sec.ci.sendBuf.len); PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; } else { @@ -7609,7 +7611,7 @@ ssl3_SendServerHelloSequence(sslSocket *ss) if (kea_def->is_limited && kea_def->exchKeyType == kt_rsa) { /* see if we can legally use the key in the cert. */ - int keyLen; /* bytes */ + unsigned int keyLen; /* bytes */ keyLen = PK11_GetPrivateModulusLen( ss->serverCerts[kea_def->exchKeyType].SERVERKEY); @@ -8362,7 +8364,7 @@ compression_found: ret = SSL_SNI_SEND_ALERT; break; } - } else if (ret < ss->xtnData.sniNameArrSize) { + } else if ((unsigned int)ret < ss->xtnData.sniNameArrSize) { /* Application has configured new socket info. Lets check it * and save the name. */ SECStatus rv; @@ -8413,7 +8415,7 @@ compression_found: ssl3_SendServerNameXtn); } else { /* Callback returned index outside of the boundary. */ - PORT_Assert(ret < ss->xtnData.sniNameArrSize); + PORT_Assert((unsigned int)ret < ss->xtnData.sniNameArrSize); errCode = SSL_ERROR_INTERNAL_ERROR_ALERT; desc = internal_error; ret = SSL_SNI_SEND_ALERT; @@ -11644,7 +11646,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf) SSL3Opaque *givenHash; sslBuffer *plaintext; sslBuffer temp_buf; - PRUint64 dtls_seq_num; + PRUint64 dtls_seq_num = 0; unsigned int ivLen = 0; unsigned int originalLen = 0; unsigned int good; diff --git a/lib/ssl/ssl3ecc.c b/lib/ssl/ssl3ecc.c index c9e1f3b80..6177888c3 100644 --- a/lib/ssl/ssl3ecc.c +++ b/lib/ssl/ssl3ecc.c @@ -967,9 +967,7 @@ ssl3_DisableECCSuites(sslSocket * ss, const ssl3CipherSuite * suite) if (!suite) suite = ecSuites; for (; *suite; ++suite) { - SECStatus rv = ssl3_CipherPrefSet(ss, *suite, PR_FALSE); - - PORT_Assert(rv == SECSuccess); /* else is coding error */ + PORT_AssertSuccess(ssl3_CipherPrefSet(ss, *suite, PR_FALSE)); } return SECSuccess; } @@ -1128,7 +1126,10 @@ ssl3_SendSupportedCurvesXtn( ecList = tlsECList; } - if (append && maxBytes >= ecListSize) { + if (maxBytes < (PRUint32)ecListSize) { + return 0; + } + if (append) { SECStatus rv = ssl3_AppendHandshake(ss, ecList, ecListSize); if (rv != SECSuccess) return -1; diff --git a/lib/ssl/ssl3ext.c b/lib/ssl/ssl3ext.c index db653db9e..1b6e9f22d 100644 --- a/lib/ssl/ssl3ext.c +++ b/lib/ssl/ssl3ext.c @@ -311,7 +311,7 @@ ssl3HelloExtensionSender clientHelloSendersSSL3[SSL_MAX_EXTENSIONS] = { static PRBool arrayContainsExtension(const PRUint16 *array, PRUint32 len, PRUint16 ex_type) { - int i; + unsigned int i; for (i = 0; i < len; i++) { if (ex_type == array[i]) return PR_TRUE; @@ -451,7 +451,7 @@ ssl3_HandleServerNameXtn(sslSocket * ss, PRUint16 ex_type, SECItem *data) return SECFailure; } for (i = 0;i < listCount;i++) { - int j; + unsigned int j; PRInt32 type; SECStatus rv; PRBool nametypePresent = PR_FALSE; @@ -539,7 +539,11 @@ ssl3_SendSessionTicketXtn( } } - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_session_ticket_xtn, 2); @@ -562,9 +566,6 @@ ssl3_SendSessionTicketXtn( xtnData->advertised[xtnData->numAdvertised++] = ssl_session_ticket_xtn; } - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; @@ -804,7 +805,10 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, extension_length = 4; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_next_proto_nego_xtn, 2); if (rv != SECSuccess) @@ -814,8 +818,6 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocket * ss, PRBool append, goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_next_proto_nego_xtn; - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -839,7 +841,10 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list length */ + ss->opt.nextProtoNego.len; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { /* NPN requires that the client's fallback protocol is first in the * list. However, ALPN sends protocols in preference order. So we * allocate a buffer and move the first protocol to the end of the @@ -879,8 +884,6 @@ ssl3_ClientSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_app_layer_protocol_xtn; - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -908,7 +911,10 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* protocol name list */ + 1 /* name length */ + ss->ssl3.nextProto.len; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_app_layer_protocol_xtn, 2); if (rv != SECSuccess) { @@ -927,8 +933,6 @@ ssl3_ServerSendAppProtoXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) if (rv != SECSuccess) { return -1; } - } else if (maxBytes < extension_length) { - return 0; } return extension_length; @@ -975,7 +979,10 @@ ssl3_ServerSendStatusRequestXtn( return 0; extension_length = 2 + 2; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + return 0; + } + if (append) { /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2); if (rv != SECSuccess) @@ -1008,7 +1015,11 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, */ extension_length = 9; - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; TLSExtensionData *xtnData; @@ -1036,9 +1047,6 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, xtnData = &ss->xtnData; xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; } @@ -1050,7 +1058,7 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append, SECStatus ssl3_SendNewSessionTicket(sslSocket *ss) { - int i; + PRUint32 i; SECStatus rv; NewSessionTicket ticket; SECItem plaintext; @@ -1426,7 +1434,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type, if (data->len == 0) { ss->xtnData.emptySessionTicket = PR_TRUE; } else { - int i; + PRUint32 i; SECItem extension_data; EncryptedSessionTicket enc_session_ticket; unsigned char computed_mac[TLS_EX_SESS_TICKET_MAC_LENGTH]; @@ -2016,7 +2024,10 @@ ssl3_SendRenegotiationInfoXtn( (ss->sec.isServer ? ss->ssl3.hs.finishedBytes * 2 : ss->ssl3.hs.finishedBytes); needed = 5 + len; - if (append && maxBytes >= needed) { + if (maxBytes < (PRUint32)needed) { + return 0; + } + if (append) { SECStatus rv; /* extension_type */ rv = ssl3_AppendHandshakeNumber(ss, ssl_renegotiation_info_xtn, 2); @@ -2404,7 +2415,11 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) 2 /* supported_signature_algorithms length */ + sizeof(signatureAlgorithms); - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_signature_algorithms_xtn, 2); if (rv != SECSuccess) @@ -2418,9 +2433,6 @@ ssl3_ClientSendSigAlgsXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_signature_algorithms_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; @@ -2494,7 +2506,11 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) } extension_length = 6; /* Type + length + number */ - if (append && maxBytes >= extension_length) { + if (maxBytes < (PRUint32)extension_length) { + PORT_Assert(0); + return 0; + } + if (append) { SECStatus rv; rv = ssl3_AppendHandshakeNumber(ss, ssl_tls13_draft_version_xtn, 2); if (rv != SECSuccess) @@ -2507,9 +2523,6 @@ ssl3_ClientSendDraftVersionXtn(sslSocket * ss, PRBool append, PRUint32 maxBytes) goto loser; ss->xtnData.advertised[ss->xtnData.numAdvertised++] = ssl_tls13_draft_version_xtn; - } else if (maxBytes < extension_length) { - PORT_Assert(0); - return 0; } return extension_length; diff --git a/lib/ssl/ssl3gthr.c b/lib/ssl/ssl3gthr.c index cd487c667..23b9755b6 100644 --- a/lib/ssl/ssl3gthr.c +++ b/lib/ssl/ssl3gthr.c @@ -71,8 +71,8 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags) break; } - PORT_Assert( nb <= gs->remainder ); - if (nb > gs->remainder) { + PORT_Assert( (unsigned int)nb <= gs->remainder ); + if ((unsigned int)nb > gs->remainder) { /* ssl_DefRecv is misbehaving! this error is fatal to SSL. */ gs->state = GS_INIT; /* so we don't crash next time */ rv = SECFailure; diff --git a/lib/ssl/sslauth.c b/lib/ssl/sslauth.c index ed74d94c6..b144336db 100644 --- a/lib/ssl/sslauth.c +++ b/lib/ssl/sslauth.c @@ -264,8 +264,7 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer) &certStatusArray->items[0], ss->pkcs11PinArg) != SECSuccess) { - PRErrorCode error = PR_GetError(); - PORT_Assert(error != 0); + PORT_Assert(PR_GetError() != 0); } } diff --git a/lib/ssl/sslcon.c b/lib/ssl/sslcon.c index 24e4d673f..ccd00260e 100644 --- a/lib/ssl/sslcon.c +++ b/lib/ssl/sslcon.c @@ -22,20 +22,6 @@ static PRBool policyWasSet; -/* This ordered list is indexed by (SSL_CK_xx * 3) */ -/* Second and third bytes are MSB and LSB of master key length. */ -static const PRUint8 allCipherSuites[] = { - 0, 0, 0, - SSL_CK_RC4_128_WITH_MD5, 0x00, 0x80, - SSL_CK_RC4_128_EXPORT40_WITH_MD5, 0x00, 0x80, - SSL_CK_RC2_128_CBC_WITH_MD5, 0x00, 0x80, - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5, 0x00, 0x80, - SSL_CK_IDEA_128_CBC_WITH_MD5, 0x00, 0x80, - SSL_CK_DES_64_CBC_WITH_MD5, 0x00, 0x40, - SSL_CK_DES_192_EDE3_CBC_WITH_MD5, 0x00, 0xC0, - 0, 0, 0 -}; - #define ssl2_NUM_SUITES_IMPLEMENTED 6 /* This list is sent back to the client when the client-hello message @@ -851,7 +837,7 @@ ssl2_SendClear(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) { PRUint8 * out; int rv; - int amount; + unsigned int amount; int count = 0; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -927,7 +913,7 @@ ssl2_SendStream(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; PRUint8 macLen; int nout; - int buflen; + unsigned int buflen; PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1031,7 +1017,7 @@ ssl2_SendBlock(sslSocket *ss, const PRUint8 *in, PRInt32 len, PRInt32 flags) int amount; /* of plaintext to go in record. */ unsigned int padding; /* add this many padding byte. */ int nout; /* ciphertext size after header. */ - int buflen; /* size of generated record. */ + unsigned int buflen; /* size of generated record. */ PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss) ); @@ -1555,7 +1541,7 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, unsigned int ddLen; /* length of RSA decrypted data in kbuf */ unsigned int keySize; unsigned int dkLen; /* decrypted key length in bytes */ - int modulusLen; + int modulusLen; SECStatus rv; PRUint16 allowed; /* cipher kinds enabled and allowed by policy */ PRUint8 mkbuf[SSL_MAX_MASTER_KEY_BYTES]; @@ -1617,11 +1603,11 @@ ssl2_ServerSetupSessionCypher(sslSocket *ss, int cipher, unsigned int keyBits, } modulusLen = PK11_GetPrivateModulusLen(sc->SERVERKEY); - if (modulusLen == -1) { + if (modulusLen < 0) { /* XXX If the key is bad, then PK11_PubDecryptRaw will fail below. */ modulusLen = ekLen; } - if (ekLen > modulusLen || ekLen + ckLen < keySize) { + if (ekLen > (unsigned int)modulusLen || ekLen + ckLen < keySize) { SSL_DBG(("%d: SSL[%d]: invalid encrypted key length, ekLen=%d (bytes)!", SSL_GETPID(), ss->fd, ekLen)); PORT_SetError(SSL_ERROR_BAD_CLIENT); @@ -2495,7 +2481,6 @@ ssl2_HandleMessage(sslSocket *ss) PRUint8 * cid; unsigned len, certType, certLen, responseLen; int rv; - int rv2; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -2613,7 +2598,7 @@ ssl2_HandleMessage(sslSocket *ss) data + SSL_HL_CLIENT_CERTIFICATE_HBYTES + certLen, responseLen); if (rv) { - rv2 = ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); + (void)ssl2_SendErrorMessage(ss, SSL_PE_BAD_CERTIFICATE); SET_ERROR_CODE goto loser; } @@ -2741,7 +2726,7 @@ ssl2_HandleServerHelloMessage(sslSocket *ss) PRUint8 * cs; PRUint8 * data; SECStatus rv; - int needed, sidHit, certLen, csLen, cidLen, certType, err; + unsigned int needed, sidHit, certLen, csLen, cidLen, certType, err; PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); @@ -3674,6 +3659,9 @@ extern const char __nss_ssl_version[]; PRBool NSSSSL_VersionCheck(const char *importedVersion) { +#define NSS_VERSION_VARIABLE __nss_ssl_version +#include "verref.h" + /* * This is the secret handshake algorithm. * @@ -3683,9 +3671,6 @@ NSSSSL_VersionCheck(const char *importedVersion) * not compatible with future major, minor, or * patch releases. */ - volatile char c; /* force a reference that won't get optimized away */ - - c = __nss_ssl_version[0]; return NSS_VersionCheck(importedVersion); } diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h index e32654609..cc53ee82e 100644 --- a/lib/ssl/sslimpl.h +++ b/lib/ssl/sslimpl.h @@ -740,7 +740,7 @@ typedef struct { * is_limited identifies a suite as having a limit on the key size. * key_size_limit provides the corresponding limit. */ PRBool is_limited; - int key_size_limit; + unsigned int key_size_limit; PRBool tls_keygen; /* True if the key exchange for the suite is ephemeral. Or to be more * precise: true if the ServerKeyExchange message is always required. */ @@ -1006,7 +1006,7 @@ struct ssl3StateStr { PRBool dheWeakGroupEnabled; /* used by server */ }; -#define DTLS_MAX_MTU 1500 /* Ethernet MTU but without subtracting the +#define DTLS_MAX_MTU 1500U /* Ethernet MTU but without subtracting the * headers, so slightly larger than expected */ #define IS_DTLS(ss) (ss->protocolVariant == ssl_variant_datagram) diff --git a/lib/ssl/sslinfo.c b/lib/ssl/sslinfo.c index 96a715f90..297dd2269 100644 --- a/lib/ssl/sslinfo.c +++ b/lib/ssl/sslinfo.c @@ -283,12 +283,10 @@ SSL_DisableDefaultExportCipherSuites(void) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; - SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - rv = SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE); - PORT_Assert(rv == SECSuccess); + PORT_AssertSuccess(SSL_CipherPrefSetDefault(pInfo->cipherSuite, PR_FALSE)); } } return SECSuccess; @@ -304,12 +302,10 @@ SSL_DisableExportCipherSuites(PRFileDesc * fd) { const SSLCipherSuiteInfo * pInfo = suiteInfo; unsigned int i; - SECStatus rv; for (i = 0; i < NUM_SUITEINFOS; ++i, ++pInfo) { if (pInfo->isExportable) { - rv = SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE); - PORT_Assert(rv == SECSuccess); + PORT_AssertSuccess(SSL_CipherPrefSet(fd, pInfo->cipherSuite, PR_FALSE)); } } return SECSuccess; diff --git a/lib/ssl/sslsecur.c b/lib/ssl/sslsecur.c index af91aa653..53b488586 100644 --- a/lib/ssl/sslsecur.c +++ b/lib/ssl/sslsecur.c @@ -1196,11 +1196,8 @@ ssl_SecureShutdown(sslSocket *ss, int nsprHow) int ssl_SecureRecv(sslSocket *ss, unsigned char *buf, int len, int flags) { - sslSecurityInfo *sec; int rv = 0; - sec = &ss->sec; - if (ss->shutdownHow & ssl_SHUTDOWN_RCV) { PORT_SetError(PR_SOCKET_SHUTDOWN_ERROR); return PR_FAILURE; diff --git a/lib/ssl/sslsnce.c b/lib/ssl/sslsnce.c index 4d9ef380c..cf458a55b 100644 --- a/lib/ssl/sslsnce.c +++ b/lib/ssl/sslsnce.c @@ -1228,6 +1228,10 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, /* Fix pointers in our private copy of cache descriptor to point to ** spaces in shared memory */ +#ifdef __GNUC__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wstrict-aliasing" +#endif ptr = (ptrdiff_t)cache->cacheMem; *(ptrdiff_t *)(&cache->sidCacheLocks) += ptr; *(ptrdiff_t *)(&cache->keyCacheLock ) += ptr; @@ -1242,6 +1246,9 @@ InitCache(cacheDesc *cache, int maxCacheEntries, int maxCertCacheEntries, *(ptrdiff_t *)(&cache->ticketMacKey ) += ptr; *(ptrdiff_t *)(&cache->ticketKeysValid) += ptr; *(ptrdiff_t *)(&cache->srvNameCacheData) += ptr; +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif /* initialize the locks */ init_time = ssl_Time(); diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index f2e820a1c..78b5764ce 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -1422,7 +1422,7 @@ static PQGParams *gWeakParamsPQG; static ssl3DHParams *gWeakDHParams; static PRStatus -ssl3_CreateWeakDHParams() +ssl3_CreateWeakDHParams(void) { PQGVerify *vfy; SECStatus rv, passed; diff --git a/lib/util/derdec.c b/lib/util/derdec.c index c62191487..2c17ce939 100644 --- a/lib/util/derdec.c +++ b/lib/util/derdec.c @@ -175,7 +175,7 @@ der_capture(unsigned char *buf, unsigned char *end, return SECFailure; } - *header_len_p = bp - buf; + *header_len_p = (int)(bp - buf); *contents_len_p = contents_len; return SECSuccess; diff --git a/lib/util/derenc.c b/lib/util/derenc.c index 90a9d2dfc..4a02e1a71 100644 --- a/lib/util/derenc.c +++ b/lib/util/derenc.c @@ -279,7 +279,7 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) int header_len; PRUint32 contents_len; unsigned long encode_kind, under_kind; - PRBool explicit, optional, universal; + PRBool explicit, universal; /* @@ -301,7 +301,6 @@ der_encode(unsigned char *buf, DERTemplate *dtemplate, void *src) encode_kind = dtemplate->kind; explicit = (encode_kind & DER_EXPLICIT) ? PR_TRUE : PR_FALSE; - optional = (encode_kind & DER_OPTIONAL) ? PR_TRUE : PR_FALSE; encode_kind &= ~DER_OPTIONAL; universal = ((encode_kind & DER_CLASS_MASK) == DER_UNIVERSAL) ? PR_TRUE : PR_FALSE; diff --git a/lib/util/manifest.mn b/lib/util/manifest.mn index 9ff3758f0..36c2d1dfe 100644 --- a/lib/util/manifest.mn +++ b/lib/util/manifest.mn @@ -43,6 +43,7 @@ EXPORTS = \ $(NULL) PRIVATE_EXPORTS = \ + verref.h \ templates.c \ $(NULL) diff --git a/lib/util/nssb64e.c b/lib/util/nssb64e.c index da0702c08..5959982bb 100644 --- a/lib/util/nssb64e.c +++ b/lib/util/nssb64e.c @@ -632,7 +632,7 @@ NSSBase64_EncodeItem (PLArenaPool *arenaOpt, char *outStrOpt, { char *out_string = outStrOpt; PRUint32 max_out_len; - PRUint32 out_len; + PRUint32 out_len = 0; void *mark = NULL; char *dummy; diff --git a/lib/util/nssrwlk.c b/lib/util/nssrwlk.c index 65fceda2e..fbbfbd6ee 100644 --- a/lib/util/nssrwlk.c +++ b/lib/util/nssrwlk.c @@ -91,7 +91,7 @@ NSSRWLock_New(PRUint32 lock_rank, const char *lock_name) goto loser; } if (lock_name != NULL) { - rwlock->rw_name = (char*) PR_Malloc(strlen(lock_name) + 1); + rwlock->rw_name = (char*) PR_Malloc((PRUint32)strlen(lock_name) + 1); if (rwlock->rw_name == NULL) { goto loser; } diff --git a/lib/util/quickder.c b/lib/util/quickder.c index f9776bb9d..bdac9b30f 100644 --- a/lib/util/quickder.c +++ b/lib/util/quickder.c @@ -146,7 +146,7 @@ static SECStatus GetItem(SECItem* src, SECItem* dest, PRBool includeTag) PORT_SetError(SEC_ERROR_BAD_DER); return SECFailure; } - src->len -= (dest->data - src->data) + dest->len; + src->len -= (int)(dest->data - src->data) + dest->len; src->data = dest->data + dest->len; return SECSuccess; } @@ -270,13 +270,9 @@ static SECStatus MatchComponentType(const SEC_ASN1Template* templateEntry, if ( (tag & SEC_ASN1_CLASS_MASK) != (((unsigned char)kind) & SEC_ASN1_CLASS_MASK) ) { -#ifdef DEBUG /* this is only to help debugging of the decoder in case of problems */ - unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; - unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; - tagclass = tagclass; - expectedclass = expectedclass; -#endif + /* unsigned char tagclass = tag & SEC_ASN1_CLASS_MASK; */ + /* unsigned char expectedclass = (unsigned char)kind & SEC_ASN1_CLASS_MASK; */ *match = PR_FALSE; return SECSuccess; } @@ -663,7 +659,6 @@ static SECStatus DecodeItem(void* dest, PRBool save = PR_FALSE; unsigned long kind; PRBool match = PR_TRUE; - PRBool optional = PR_FALSE; PR_ASSERT(src && dest && templateEntry && arena); #if 0 @@ -678,7 +673,6 @@ static SECStatus DecodeItem(void* dest, { /* do the template validation */ kind = templateEntry->kind; - optional = (0 != (kind & SEC_ASN1_OPTIONAL)); if (!kind) { PORT_SetError(SEC_ERROR_BAD_TEMPLATE); diff --git a/lib/util/secoid.c b/lib/util/secoid.c index a8ef5ec1f..0414c47e4 100644 --- a/lib/util/secoid.c +++ b/lib/util/secoid.c @@ -486,9 +486,6 @@ CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4}; -CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2}; -CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3}; -CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4}; CONST_OID sha256[] = { SHAXXX, 1 }; CONST_OID sha384[] = { SHAXXX, 2 }; @@ -1872,7 +1869,7 @@ static PLHashTable *oidmechhash = NULL; static PLHashNumber secoid_HashNumber(const void *key) { - return (PLHashNumber) key; + return (PLHashNumber)((char *)key - (char *)NULL); } static void @@ -1913,9 +1910,9 @@ SECOID_Init(void) const SECOidData *oid; int i; char * envVal; - volatile char c; /* force a reference that won't get optimized away */ - c = __nss_util_version[0]; +#define NSS_VERSION_VARIABLE __nss_util_version +#include "verref.h" if (oidhash) { return SECSuccess; /* already initialized */ diff --git a/lib/util/secport.c b/lib/util/secport.c index 106399d24..723d89b35 100644 --- a/lib/util/secport.c +++ b/lib/util/secport.c @@ -466,7 +466,7 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) PZ_Lock(pool->lock); #ifdef THREADMARK { - threadmark_mark **pw, *tm; + threadmark_mark **pw; if (PR_GetCurrentThread() != pool->marking_thread ) { PZ_Unlock(pool->lock); @@ -488,7 +488,6 @@ port_ArenaRelease(PLArenaPool *arena, void *mark, PRBool zero) return /* no error indication available */ ; } - tm = *pw; *pw = (threadmark_mark *)NULL; if (zero) { @@ -536,7 +535,7 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) #ifdef THREADMARK PORTArenaPool *pool = (PORTArenaPool *)arena; if (ARENAPOOL_MAGIC == pool->magic ) { - threadmark_mark **pw, *tm; + threadmark_mark **pw; PZ_Lock(pool->lock); @@ -560,7 +559,6 @@ PORT_ArenaUnmark(PLArenaPool *arena, void *mark) return /* no error indication available */ ; } - tm = *pw; *pw = (threadmark_mark *)NULL; if (! pool->first_mark ) { diff --git a/lib/util/secport.h b/lib/util/secport.h index 5b09b9cb8..2f50f9657 100644 --- a/lib/util/secport.h +++ b/lib/util/secport.h @@ -87,6 +87,13 @@ extern char *PORT_ArenaStrdup(PLArenaPool *arena, const char *str); SEC_END_PROTOS #define PORT_Assert PR_ASSERT +/* Unlike PORT_Assert, which does nothing in an optimized build, PORT_AssertSuccess + * is run all the time. */ +#ifdef DEBUG +#define PORT_AssertSuccess(f) PR_ASSERT((f) == SECSuccess) +#else +#define PORT_AssertSuccess(f) (f) +#endif #define PORT_ZNew(type) (type*)PORT_ZAlloc(sizeof(type)) #define PORT_New(type) (type*)PORT_Alloc(sizeof(type)) #define PORT_ArenaNew(poolp, type) \ diff --git a/lib/util/verref.h b/lib/util/verref.h new file mode 100644 index 000000000..b6a44a677 --- /dev/null +++ b/lib/util/verref.h @@ -0,0 +1,40 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* This header is used inline in a function to ensure that a version string + * symbol is linked in and not optimized out. A volatile reference is added to + * the variable identified by NSS_VERSION_VARIABLE. + * + * Use this as follows: + * + * #define NSS_VERSION_VARIABLE __nss_ssl_version + * #include "verref.h" + */ + +/* Suppress unused variable warnings. */ +#ifdef _MSC_VER +#pragma warning(push) +#pragma warning(disable: 4101) +#endif +/* This works for both gcc and clang */ +#ifdef __GNUC__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wunused-variable" +#endif + +#ifndef NSS_VERSION_VARIABLE +#error NSS_VERSION_VARIABLE must be set before including "verref.h" +#endif +{ + extern const char NSS_VERSION_VARIABLE[]; + volatile const char _nss_version_c = NSS_VERSION_VARIABLE[0]; +} +#undef NSS_VERSION_VARIABLE + +#ifdef _MSC_VER +#pragma warning(pop) +#endif +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif |