Backed out changeset bf6ee973f04e because of Android bustage UPGRADE_NSS_RELEASE

--HG--
extra : amend_source : 6502b79382c14536c060c03b428172cb6edc9d3f
This commit is contained in:
Franziskus Kiefer 2017-05-23 13:22:21 +02:00
parent 66f094103a
commit 073576f302
39 changed files with 575 additions and 919 deletions

View File

@ -1 +1 @@
0c3800b6eaba
57e38a8407b3

View File

@ -1,12 +0,0 @@
Functions changes summary: 0 Removed, 0 Changed, 6 Added functions
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
6 Added functions:
'function SECStatus CERT_GetCertIsPerm(const CERTCertificate*, PRBool*)' {CERT_GetCertIsPerm@@NSS_3.31}
'function SECStatus CERT_GetCertIsTemp(const CERTCertificate*, PRBool*)' {CERT_GetCertIsTemp@@NSS_3.31}
'function CERTCertificate* PK11_FindCertFromURI(const char*, void*)' {PK11_FindCertFromURI@@NSS_3.31}
'function CERTCertList* PK11_FindCertsFromURI(const char*, void*)' {PK11_FindCertsFromURI@@NSS_3.31}
'function char* PK11_GetModuleURI(SECMODModule*)' {PK11_GetModuleURI@@NSS_3.31}
'function char* PK11_GetTokenURI()' {PK11_GetTokenURI@@NSS_3.31}

View File

@ -1,12 +0,0 @@
Functions changes summary: 0 Removed, 0 Changed, 6 Added functions
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
6 Added functions:
'function void PK11URI_CreateURI(size_t, size_t)' {PK11URI_CreateURI@@NSSUTIL_3.31}
'function void PK11URI_DestroyURI()' {PK11URI_DestroyURI@@NSSUTIL_3.31}
'function char* PK11URI_FormatURI()' {PK11URI_FormatURI@@NSSUTIL_3.31}
'function const char* PK11URI_GetPathAttribute(const char*)' {PK11URI_GetPathAttribute@@NSSUTIL_3.31}
'function const char* PK11URI_GetQueryAttribute(const char*)' {PK11URI_GetQueryAttribute@@NSSUTIL_3.31}
'function void PK11URI_ParseURI(const char*)' {PK11URI_ParseURI@@NSSUTIL_3.31}

View File

@ -1,14 +0,0 @@
Functions changes summary: 0 Removed, 1 Changed, 0 Added function
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
1 function with some indirect sub-type change:
[C]'function SECStatus SSL_GetPreliminaryChannelInfo(SSLPreliminaryChannelInfo*, PRUintn)' at sslinfo.c:115:1 has some indirect sub-type changes:
parameter 1 of type 'SSLPreliminaryChannelInfo*' has sub-type changes:
in pointed to type 'typedef SSLPreliminaryChannelInfo' at sslt.h:318:1:
underlying type 'struct SSLPreliminaryChannelInfoStr' at sslt.h:287:1 changed:
type size changed from 128 to 160 bits
1 data member insertion:
'PRUint32 SSLPreliminaryChannelInfoStr::maxEarlyDataSize', at offset 128 (in bits) at sslt.h:314:1

View File

@ -1 +0,0 @@
NSPR_4_14_BRANCH

View File

@ -1 +0,0 @@
NSS_3_30_BRANCH

View File

@ -19,9 +19,6 @@ proc_args()
"--test-nss")
TEST_NSS=1
;;
"--check-abi")
CHECK_ABI=1
;;
"--build-jss")
BUILD_JSS=1
;;
@ -43,7 +40,6 @@ proc_args()
echo " --build-jss"
echo " --test-nss"
echo " --test-jss"
echo " --check-abi"
exit 1
;;
esac
@ -219,71 +215,6 @@ test_nss()
return ${RET}
}
check_abi()
{
print_log "######## NSS ABI CHECK - ${BITS} bits - ${OPT} ########"
rm -rf ${HGDIR}/baseline
mkdir ${HGDIR}/baseline
BASE_NSPR=`cat ${HGDIR}/nss/automation/abi-check/previous-nspr-release`
BASE_NSS=`cat ${HGDIR}/nss/automation/abi-check/previous-nss-release`
print_log "######## creating temporary HG clones ########"
hg clone -u "${BASE_NSPR}" "${HGDIR}/nspr" "${HGDIR}/baseline/nspr"
if [ $? -ne 0 ]; then
echo "invalid tag in automation/abi-check/previous-nspr-release"
return 1
fi
hg clone -u "${BASE_NSS}" "${HGDIR}/nss" "${HGDIR}/baseline/nss"
if [ $? -ne 0 ]; then
echo "invalid tag in automation/abi-check/previous-nss-release"
return 1
fi
print_log "######## building older NSPR/NSS ########"
print_log "$ pushd ${HGDIR}/baseline/nss"
pushd ${HGDIR}/baseline/nss
print_log "$ ${MAKE} ${NSS_BUILD_TARGET}"
#${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}"
${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL}
RET=$?
print_result "NSS - build - ${BITS} bits - ${OPT}" ${RET} 0
if [ ${RET} -ne 0 ]; then
tail -100 ${LOG_ALL}
return ${RET}
fi
print_log "$ popd"
popd
ABI_REPORT=${OUTPUTDIR}/abi-diff.txt
rm -f ${ABI_REPORT}
PREVDIST=${HGDIR}/baseline/dist
NEWDIST=${HGDIR}/dist
ALL_SOs="libfreebl3.so libfreeblpriv3.so libnspr4.so libnss3.so libnssckbi.so libnssdbm3.so libnsssysinit.so libnssutil3.so libplc4.so libplds4.so libsmime3.so libsoftokn3.so libssl3.so"
for SO in ${ALL_SOs}; do
if [ ! -f nss/automation/abi-check/expected-report-$SO.txt ]; then
touch nss/automation/abi-check/expected-report-$SO.txt
fi
abidiff --hd1 $PREVDIST/public/ --hd2 $NEWDIST/public \
$PREVDIST/*/lib/$SO $NEWDIST/*/lib/$SO \
> nss/automation/abi-check/new-report-$SO.txt
diff -u nss/automation/abi-check/expected-report-$SO.txt \
nss/automation/abi-check/new-report-$SO.txt >> ${ABI_REPORT}
done
if [ -s ${ABI_REPORT} ]; then
print_log "FAILED: there are new unexpected ABI changes"
cat ${ABI_REPORT}
return 1
fi
return 0
}
test_jss()
{
print_log "######## JSS - tests - ${BITS} bits - ${OPT} ########"
@ -357,11 +288,6 @@ build_and_test()
[ $? -eq 0 ] || return 1
fi
if [ -n "${CHECK_ABI}" ]; then
check_abi
[ $? -eq 0 ] || return 1
fi
if [ -n "${BUILD_JSS}" ]; then
create_objdir_dist_link
build_jss
@ -434,7 +360,6 @@ main()
{
VALID=0
RET=1
FAIL=0
for BITS in 32 64; do
echo ${RUN_BITS} | grep ${BITS} > /dev/null
@ -447,10 +372,7 @@ main()
set_env
run_all
RET=$?
print_log "### result of run_all is ${RET}"
if [ ${RET} -ne 0 ]; then
FAIL=${RET}
fi
print_log "### result of run_all is ${RET}"
done
done
@ -459,7 +381,7 @@ main()
return 1
fi
return ${FAIL}
return ${RET}
}
#function killallsub()
@ -487,8 +409,6 @@ echo "tinderbox args: $0 $@"
proc_args "$@"
main
RET=$?
print_log "### result of main is ${RET}"
#RET=$?
#rm $IS_RUNNING_FILE
exit ${RET}
#exit ${RET}

View File

@ -1,10 +0,0 @@
4.15
# The first line of this file must contain the human readable NSPR
# version number, which is the minimum required version of NSPR
# that is supported by this version of NSS.
#
# This information is used by release automation,
# when creating an NSS source archive.
#
# All other lines in this file are ignored.

View File

@ -171,13 +171,11 @@ def set_4_digit_release_number():
set_all_lib_versions(version, major, minor, patch, build)
def create_nss_release_archive():
ensure_arguments_after_action(3, "nss_release_version nss_hg_release_tag path_to_stage_directory")
ensure_arguments_after_action(4, "nss_release_version nss_hg_release_tag nspr_release_version path_to_stage_directory")
nssrel = args[1].strip() #e.g. 3.19.3
nssreltag = args[2].strip() #e.g. NSS_3_19_3_RTM
stagedir = args[3].strip() #e.g. ../stage
with open('automation/release/nspr-version.txt') as nspr_version_file:
nsprrel = next(nspr_version_file).strip()
nsprrel = args[3].strip() #e.g. 4.10.8
stagedir = args[4].strip() #e.g. ../stage
nspr_tar = "nspr-" + nsprrel + ".tar.gz"
nsprtar_with_path= stagedir + "/v" + nsprrel + "/src/" + nspr_tar

View File

@ -22,10 +22,6 @@ apt_packages+=('ninja-build')
apt_packages+=('pkg-config')
apt_packages+=('zlib1g-dev')
# 32-bit builds
apt_packages+=('gcc-multilib')
apt_packages+=('g++-multilib')
# Latest Mercurial.
apt_packages+=('mercurial')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
@ -35,11 +31,6 @@ echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" >
apt-get -y update
apt-get install -y --no-install-recommends ${apt_packages[@]}
# 32-bit builds
dpkg --add-architecture i386
apt-get -y update
apt-get install -y --no-install-recommends libssl-dev:i386
# Install LLVM/clang-4.0.
mkdir clang-tmp
git clone -n --depth 1 https://chromium.googlesource.com/chromium/src/tools/clang clang-tmp/clang

View File

@ -63,6 +63,11 @@ queue.filter(task => {
if (task.collection == "make") {
return false;
}
// Disable mpi tests for now on 32-bit builds (bug 1362392)
if (task.platform == "linux32") {
return false;
}
}
@ -163,7 +168,6 @@ export default async function main() {
});
await scheduleFuzzing();
await scheduleFuzzing32();
await scheduleTools();
@ -411,110 +415,6 @@ async function scheduleFuzzing() {
return queue.submit();
}
async function scheduleFuzzing32() {
let base = {
env: {
ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1",
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
CC: "clang",
CCC: "clang++"
},
features: ["allowPtrace"],
platform: "linux32",
collection: "fuzz",
image: FUZZ_IMAGE
};
// Build base definition.
let build_base = merge({
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz -m32"
],
artifacts: {
public: {
expires: 24 * 7,
type: "directory",
path: "/home/worker/artifacts"
}
},
kind: "build",
symbol: "B"
}, base);
// The task that builds NSPR+NSS.
let task_build = queue.scheduleTask(merge(build_base, {
name: "Linux 32 (debug, fuzz)"
}));
// The task that builds NSPR+NSS (TLS fuzzing mode).
let task_build_tls = queue.scheduleTask(merge(build_base, {
name: "Linux 32 (debug, TLS fuzz)",
symbol: "B",
group: "TLS",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls -m32"
],
}));
// Schedule tests.
queue.scheduleTask(merge(base, {
parent: task_build_tls,
name: "Gtests",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh"
],
env: {GTESTFILTER: "*Fuzz*"},
tests: "ssl_gtests gtests",
cycle: "standard",
symbol: "Gtest",
kind: "test"
}));
// Schedule fuzzing runs.
let run_base = merge(base, {parent: task_build, kind: "test"});
scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096);
scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000);
// Schedule MPI fuzzing runs.
let mpi_base = merge(run_base, {group: "MPI"});
let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr",
"sqrmod", "sub", "submod"];
for (let name of mpi_names) {
scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name);
}
scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod");
// Schedule TLS fuzzing runs (non-fuzzing mode).
let tls_base = merge(run_base, {group: "TLS"});
scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm",
"tls-client-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", 20000, "server-nfm",
"tls-server-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client", 20000,
"dtls-client-nfm", "dtls-client-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server", 20000,
"dtls-server-nfm", "dtls-server-no_fuzzer_mode");
// Schedule TLS fuzzing runs (fuzzing mode).
let tls_fm_base = merge(tls_base, {parent: task_build_tls});
scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client");
scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", 20000, "server");
scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", 20000, "dtls-client");
scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", 20000, "dtls-server");
return queue.submit();
}
/*****************************************************************************/
async function scheduleTestBuilds(base, args = "") {

View File

@ -23,7 +23,7 @@ function parseOptions(opts) {
// Parse platforms.
let allPlatforms = ["linux", "linux64", "linux64-asan", "win64",
"linux64-make", "linux-make", "linux-fuzz", "linux64-fuzz", "aarch64"];
"linux64-make", "linux-make", "linux64-fuzz", "aarch64"];
let platforms = intersect(opts.platform.split(/\s*,\s*/), allPlatforms);
// If the given value is nonsense or "none" default to all platforms.
@ -104,7 +104,6 @@ function filter(opts) {
let found = opts.platforms.some(platform => {
let aliases = {
"linux": "linux32",
"linux-fuzz": "linux32",
"linux64-asan": "linux64",
"linux64-fuzz": "linux64",
"linux64-make": "linux64",
@ -120,7 +119,7 @@ function filter(opts) {
keep &= coll("asan");
} else if (platform == "linux64-make" || platform == "linux-make") {
keep &= coll("make");
} else if (platform == "linux64-fuzz" || platform == "linux-fuzz") {
} else if (platform == "linux64-fuzz") {
keep &= coll("fuzz");
} else {
keep &= coll("opt") || coll("debug");

View File

@ -1261,13 +1261,11 @@ DoChallengeResponse(SECKEYPrivateKey *privKey,
return 908;
}
keyID = PK11_MakeIDFromPubKey(publicValue);
SECITEM_FreeItem(publicValue, PR_TRUE);
if (keyID == NULL) {
printf("Could not make the keyID from the public value\n");
return 909;
}
foundPrivKey = PK11_FindKeyByKeyID(privKey->pkcs11Slot, keyID, &pwdata);
SECITEM_FreeItem(keyID, PR_TRUE);
if (foundPrivKey == NULL) {
printf("Could not find the private key corresponding to the public"
" value.\n");

View File

@ -31,18 +31,7 @@
'include_dirs': [
'<(DEPTH)/lib/freebl/mpi',
'<(DEPTH)/lib/util',
],
# This uses test builds and has to set defines for MPI.
'conditions': [
[ 'target_arch=="ia32"', {
'defines': [
'MP_USE_UINT_DIGIT',
'MP_ASSEMBLY_MULTIPLY',
'MP_ASSEMBLY_SQUARE',
'MP_ASSEMBLY_DIV_2DX1D',
],
}],
],
]
},
'variables': {
'module': 'nss'

View File

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."

View File

@ -24,10 +24,7 @@ if [ "$fuzz_oss" = 1 ]; then
gyp_params+=(-Dno_zdefs=1 -Dfuzz_oss=1)
else
enable_sanitizer asan
# Ubsan doesn't build on 32-bit at the moment. Disable it.
if [ "$build_64" = 1 ]; then
enable_ubsan
fi
enable_ubsan
enable_sancov
fi

View File

@ -88,15 +88,6 @@
'-lcrypto',
],
}],
# For test builds we have to set MPI defines.
[ 'target_arch=="ia32"', {
'defines': [
'MP_USE_UINT_DIGIT',
'MP_ASSEMBLY_MULTIPLY',
'MP_ASSEMBLY_SQUARE',
'MP_ASSEMBLY_DIV_2DX1D',
],
}],
],
},
},

View File

@ -29,6 +29,13 @@
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
],
'conditions': [
[ 'ct_verif==1', {
'defines': [
'CT_VERIF',
],
}],
],
},
{
'target_name': 'prng_gtest',
@ -55,23 +62,7 @@
'target_defaults': {
'include_dirs': [
'<(DEPTH)/lib/freebl/mpi',
],
# For test builds we have to set MPI defines.
'conditions': [
[ 'ct_verif==1', {
'defines': [
'CT_VERIF',
],
}],
[ 'target_arch=="ia32"', {
'defines': [
'MP_USE_UINT_DIGIT',
'MP_ASSEMBLY_MULTIPLY',
'MP_ASSEMBLY_SQUARE',
'MP_ASSEMBLY_DIV_2DX1D',
],
}],
],
]
},
'variables': {
'module': 'nss'

View File

@ -53,39 +53,13 @@ class MPITest : public ::testing::Test {
mp_clear(&a);
mp_clear(&b);
}
void TestDiv(const std::string a_string, const std::string b_string,
const std::string result) {
mp_int a, b, c;
MP_DIGITS(&a) = 0;
MP_DIGITS(&b) = 0;
MP_DIGITS(&c) = 0;
ASSERT_EQ(MP_OKAY, mp_init(&a));
ASSERT_EQ(MP_OKAY, mp_init(&b));
ASSERT_EQ(MP_OKAY, mp_init(&c));
mp_read_radix(&a, a_string.c_str(), 16);
mp_read_radix(&b, b_string.c_str(), 16);
mp_read_radix(&c, result.c_str(), 16);
EXPECT_EQ(MP_OKAY, mp_div(&a, &b, &a, &b));
EXPECT_EQ(0, mp_cmp(&a, &c));
mp_clear(&a);
mp_clear(&b);
mp_clear(&c);
}
};
TEST_F(MPITest, MpiCmp01Test) { TestCmp("0", "1", -1); }
TEST_F(MPITest, MpiCmp10Test) { TestCmp("1", "0", 1); }
TEST_F(MPITest, MpiCmp00Test) { TestCmp("0", "0", 0); }
TEST_F(MPITest, MpiCmp11Test) { TestCmp("1", "1", 0); }
TEST_F(MPITest, MpiDiv32ErrorTest) {
TestDiv("FFFF00FFFFFFFF000000000000", "FFFF00FFFFFFFFFF", "FFFFFFFFFF");
}
#ifdef NSS_X64
// This tests assumes 64-bit mp_digits.
TEST_F(MPITest, MpiCmpUnalignedTest) {
mp_int a, b, c;
MP_DIGITS(&a) = 0;
@ -116,7 +90,6 @@ TEST_F(MPITest, MpiCmpUnalignedTest) {
mp_clear(&b);
mp_clear(&c);
}
#endif
// This test is slow. Disable it by default so we can run these tests on CI.
class DISABLED_MPITest : public ::testing::Test {};

View File

@ -31,17 +31,13 @@ class PK11URITest : public ::testing::Test {
size_t i;
for (i = 0; i < num_pattrs; i++) {
const char *value = PK11URI_GetPathAttribute(tmp.get(), pattrs[i].name);
EXPECT_TRUE(value);
if (value) {
EXPECT_EQ(std::string(value), std::string(pattrs[i].value));
}
ASSERT_TRUE(value);
ASSERT_EQ(std::string(value), std::string(pattrs[i].value));
}
for (i = 0; i < num_qattrs; i++) {
const char *value = PK11URI_GetQueryAttribute(tmp.get(), qattrs[i].name);
EXPECT_TRUE(value);
if (value) {
EXPECT_EQ(std::string(value), std::string(qattrs[i].value));
}
ASSERT_TRUE(value);
ASSERT_EQ(std::string(value), std::string(qattrs[i].value));
}
}
@ -52,10 +48,8 @@ class PK11URITest : public ::testing::Test {
PK11URI_CreateURI(pattrs, num_pattrs, qattrs, num_qattrs));
ASSERT_TRUE(tmp);
char *out = PK11URI_FormatURI(nullptr, tmp.get());
EXPECT_TRUE(out);
if (out) {
EXPECT_EQ(std::string(out), formatted);
}
ASSERT_TRUE(out);
ASSERT_EQ(std::string(out), formatted);
PORT_Free(out);
}
@ -73,17 +67,13 @@ class PK11URITest : public ::testing::Test {
size_t i;
for (i = 0; i < num_pattrs; i++) {
const char *value = PK11URI_GetPathAttribute(tmp.get(), pattrs[i].name);
EXPECT_TRUE(value);
if (value) {
EXPECT_EQ(std::string(value), std::string(pattrs[i].value));
}
ASSERT_TRUE(value);
ASSERT_EQ(std::string(value), std::string(pattrs[i].value));
}
for (i = 0; i < num_qattrs; i++) {
const char *value = PK11URI_GetQueryAttribute(tmp.get(), qattrs[i].name);
EXPECT_TRUE(value);
if (value) {
EXPECT_EQ(std::string(value), std::string(qattrs[i].value));
}
ASSERT_TRUE(value);
ASSERT_EQ(std::string(value), std::string(qattrs[i].value));
}
}
@ -91,11 +81,9 @@ class PK11URITest : public ::testing::Test {
ScopedPK11URI tmp(PK11URI_ParseURI(str.c_str()));
ASSERT_TRUE(tmp);
char *out = PK11URI_FormatURI(nullptr, tmp.get());
EXPECT_TRUE(out);
if (out) {
EXPECT_EQ(std::string(out), formatted);
PORT_Free(out);
}
ASSERT_TRUE(out);
ASSERT_EQ(std::string(out), formatted);
PORT_Free(out);
}
protected:

View File

@ -2859,9 +2859,6 @@ void
s_mp_exch(mp_int *a, mp_int *b)
{
mp_int tmp;
if (!a || !b) {
return;
}
tmp = *a;
*a = *b;
@ -4167,7 +4164,11 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
mp_int *quot) /* i: 0; o: quotient */
{
mp_int part, t;
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
mp_word q_msd;
#else
mp_digit q_msd;
#endif
mp_err res;
mp_digit d;
mp_digit div_msd;
@ -4212,7 +4213,7 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
MP_USED(&part) = MP_USED(div);
/* We have now truncated the part of the remainder to the same length as
* the divisor. If part is smaller than div, extend part by one digit. */
* the divisor. If part is smaller than div, extend part by one digit. */
if (s_mp_cmp(&part, div) < 0) {
--unusedRem;
#if MP_ARGCHK == 2
@ -4229,12 +4230,18 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
div_msd = MP_DIGIT(div, MP_USED(div) - 1);
if (!partExtended) {
/* In this case, q_msd /= div_msd is always 1. First, since div_msd is
* normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since
* we didn't extend part, q_msd >= div_msd. Therefore we know that
* div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we
* get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */
* normalized to have the high bit set, 2*div_msd > MP_DIGIT_MAX. Since
* we didn't extend part, q_msd >= div_msd. Therefore we know that
* div_msd <= q_msd <= MP_DIGIT_MAX < 2*div_msd. Dividing by div_msd we
* get 1 <= q_msd/div_msd < 2. So q_msd /= div_msd must be 1. */
q_msd = 1;
} else {
#if !defined(MP_NO_MP_WORD) && !defined(MP_NO_DIV_WORD)
q_msd = (q_msd << MP_DIGIT_BIT) | MP_DIGIT(&part, MP_USED(&part) - 2);
q_msd /= div_msd;
if (q_msd == RADIX)
--q_msd;
#else
if (q_msd == div_msd) {
q_msd = MP_DIGIT_MAX;
} else {
@ -4242,6 +4249,7 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
MP_CHECKOK(s_mpv_div_2dx1d(q_msd, MP_DIGIT(&part, MP_USED(&part) - 2),
div_msd, &q_msd, &r));
}
#endif
}
#if MP_ARGCHK == 2
assert(q_msd > 0); /* This case should never occur any more. */
@ -4251,15 +4259,15 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
/* See what that multiplies out to */
mp_copy(div, &t);
MP_CHECKOK(s_mp_mul_d(&t, q_msd));
MP_CHECKOK(s_mp_mul_d(&t, (mp_digit)q_msd));
/*
If it's too big, back it off. We should not have to do this
more than once, or, in rare cases, twice. Knuth describes a
method by which this could be reduced to a maximum of once, but
I didn't implement that here.
When using s_mpv_div_2dx1d, we may have to do this 3 times.
*/
If it's too big, back it off. We should not have to do this
more than once, or, in rare cases, twice. Knuth describes a
method by which this could be reduced to a maximum of once, but
I didn't implement that here.
* When using s_mpv_div_2dx1d, we may have to do this 3 times.
*/
for (i = 4; s_mp_cmp(&t, &part) > 0 && i > 0; --i) {
--q_msd;
MP_CHECKOK(s_mp_sub(&t, div)); /* t -= div */
@ -4274,11 +4282,11 @@ mp_err s_mp_div(mp_int *rem, /* i: dividend, o: remainder */
s_mp_clamp(rem);
/*
Include the digit in the quotient. We allocated enough memory
for any quotient we could ever possibly get, so we should not
have to check for failures here
*/
MP_DIGIT(quot, unusedRem) = q_msd;
Include the digit in the quotient. We allocated enough memory
for any quotient we could ever possibly get, so we should not
have to check for failures here
*/
MP_DIGIT(quot, unusedRem) = (mp_digit)q_msd;
}
/* Denormalize remainder */

View File

@ -765,12 +765,7 @@ find_certs_from_nickname(const char *nickname, void *wincx)
*delimit = ':';
} else {
slot = PK11_GetInternalKeySlot();
token = PK11Slot_GetNSSToken(slot);
if (token) {
nssToken_AddRef(token);
} else {
PORT_SetError(SEC_ERROR_NO_TOKEN);
}
token = nssToken_AddRef(PK11Slot_GetNSSToken(slot));
}
if (token) {
nssList *certList;

View File

@ -38,6 +38,13 @@
#include "zlib.h"
#endif
#ifndef PK11_SETATTRS
#define PK11_SETATTRS(x, id, v, l) \
(x)->type = (id); \
(x)->pValue = (v); \
(x)->ulValueLen = (l);
#endif
static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
PK11SlotInfo *serverKeySlot);
static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);

View File

@ -31,6 +31,13 @@
#include <stdio.h>
#ifndef PK11_SETATTRS
#define PK11_SETATTRS(x, id, v, l) \
(x)->type = (id); \
(x)->pValue = (v); \
(x)->ulValueLen = (l);
#endif
SECStatus
ssl_NamedGroup2ECParams(PLArenaPool *arena, const sslNamedGroupDef *ecGroup,
SECKEYECParams *params)

File diff suppressed because it is too large Load Diff

View File

@ -305,6 +305,13 @@ typedef enum {
CLIENT_AUTH_CERTIFICATE = 1
} ClientAuthenticationType;
typedef struct {
ClientAuthenticationType client_auth_type;
union {
SSL3Opaque *certificate_list;
} identity;
} ClientIdentity;
#define SESS_TICKET_KEY_NAME_LEN 16
#define SESS_TICKET_KEY_NAME_PREFIX "NSS!"
#define SESS_TICKET_KEY_NAME_PREFIX_LEN 4
@ -317,4 +324,8 @@ typedef struct {
unsigned char *mac;
} EncryptedSessionTicket;
#define TLS_EX_SESS_TICKET_MAC_LENGTH 32
#define TLS_STE_NO_SERVER_NAME -1
#endif /* __ssl3proto_h_ */

View File

@ -992,7 +992,7 @@ typedef struct SSLWrappedSymWrappingKeyStr {
} SSLWrappedSymWrappingKey;
typedef struct SessionTicketStr {
PRBool valid;
PRUint16 ticket_version;
SSL3ProtocolVersion ssl_version;
ssl3CipherSuite cipher_suite;
SSLCompressionMethod compression_method;
@ -1010,7 +1010,7 @@ typedef struct SessionTicketStr {
PRUint16 ms_length;
SSL3Opaque master_secret[48];
PRBool extendedMasterSecretUsed;
ClientAuthenticationType client_auth_type;
ClientIdentity client_identity;
SECItem peer_cert;
PRUint32 timestamp;
PRUint32 flags;

View File

@ -1808,7 +1808,6 @@ ssl_GetSessionTicketKeys(sslSocket *ss, unsigned char *keyName,
}
if (!ssl_session_ticket_keys.encKey || !ssl_session_ticket_keys.macKey) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}

View File

@ -681,7 +681,7 @@ PK11URI_ParseURI(const char *string)
result = pk11uri_AllocURI();
if (result == NULL) {
return NULL;
goto fail;
}
/* Parse the path component and its attributes. */