summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-09-17 08:51:49 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-09-17 08:51:49 +0200
commit882aaf5b1fda7b216051b55e268de78fd5126f42 (patch)
treeccb3f6f6299a5d1c603e6b73d3892f635bb96a8e /security/nss/cmd
parent8ee235ca5df26f39ca3066935bef90c4d28dd61a (diff)
parentd118d486a680ed42030b1bdee263a29831da3e86 (diff)
downloadUXP-882aaf5b1fda7b216051b55e268de78fd5126f42.tar
UXP-882aaf5b1fda7b216051b55e268de78fd5126f42.tar.gz
UXP-882aaf5b1fda7b216051b55e268de78fd5126f42.tar.lz
UXP-882aaf5b1fda7b216051b55e268de78fd5126f42.tar.xz
UXP-882aaf5b1fda7b216051b55e268de78fd5126f42.zip
Merge branch 'master' into Pale_Moon-release
# Conflicts: # application/palemoon/config/version.txt # js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h # toolkit/components/search/orginal/nsSearchService.js
Diffstat (limited to 'security/nss/cmd')
-rw-r--r--security/nss/cmd/bltest/blapitest.c6
-rw-r--r--security/nss/cmd/certutil/certutil.c156
-rw-r--r--security/nss/cmd/crlutil/crlutil.c14
-rw-r--r--security/nss/cmd/crmftest/testcrmf.c1
-rw-r--r--security/nss/cmd/dbtest/dbtest.c7
-rw-r--r--security/nss/cmd/httpserv/httpserv.c10
-rw-r--r--security/nss/cmd/lib/secutil.c8
-rw-r--r--security/nss/cmd/listsuites/listsuites.c2
-rw-r--r--security/nss/cmd/lowhashtest/lowhashtest.c4
-rw-r--r--security/nss/cmd/modutil/install-ds.c10
-rw-r--r--security/nss/cmd/mpitests/mpi-test.c16
-rw-r--r--security/nss/cmd/ocspclnt/ocspclnt.c24
-rw-r--r--security/nss/cmd/ocspresp/ocspresp.c6
-rw-r--r--security/nss/cmd/pk12util/pk12util.c12
-rw-r--r--security/nss/cmd/pk1sign/pk1sign.c2
-rw-r--r--security/nss/cmd/rsaperf/rsaperf.c32
-rw-r--r--security/nss/cmd/selfserv/selfserv.c59
-rw-r--r--security/nss/cmd/shlibsign/shlibsign.c2
-rw-r--r--security/nss/cmd/signtool/javascript.c8
-rw-r--r--security/nss/cmd/signtool/sign.c68
-rw-r--r--security/nss/cmd/signtool/zip.c4
-rw-r--r--security/nss/cmd/smimetools/cmsutil.c37
-rw-r--r--security/nss/cmd/strsclnt/strsclnt.c16
-rw-r--r--security/nss/cmd/symkeyutil/symkeyutil.c5
-rw-r--r--security/nss/cmd/tstclnt/tstclnt.c225
-rw-r--r--security/nss/cmd/vfyserv/vfyserv.c6
-rw-r--r--security/nss/cmd/vfyserv/vfyutil.c4
27 files changed, 383 insertions, 361 deletions
diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c
index ca3d6f314..ef8fdd802 100644
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -3724,7 +3724,7 @@ main(int argc, char **argv)
/* test the RSA_PopulatePrivateKey function */
if (bltest.commands[cmd_RSAPopulate].activated) {
unsigned int keySize = 1024;
- unsigned long exponent = 65537;
+ unsigned long keyExponent = 65537;
int rounds = 1;
int ret = -1;
@@ -3735,12 +3735,12 @@ main(int argc, char **argv)
rounds = PORT_Atoi(bltest.options[opt_Rounds].arg);
}
if (bltest.options[opt_Exponent].activated) {
- exponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
+ keyExponent = PORT_Atoi(bltest.options[opt_Exponent].arg);
}
for (i = 0; i < rounds; i++) {
printf("Running RSA Populate test round %d\n", i);
- ret = doRSAPopulateTest(keySize, exponent);
+ ret = doRSAPopulateTest(keySize, keyExponent);
if (ret != 0) {
break;
}
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index 20722ae78..dbb93c922 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -36,9 +36,11 @@
#include "certdb.h"
#include "nss.h"
#include "certutil.h"
+#include "basicutil.h"
+#include "ssl.h"
#define MIN_KEY_BITS 512
-/* MAX_KEY_BITS should agree with MAX_RSA_MODULUS in freebl */
+/* MAX_KEY_BITS should agree with RSA_MAX_MODULUS_BITS in freebl */
#define MAX_KEY_BITS 8192
#define DEFAULT_KEY_BITS 2048
@@ -447,7 +449,8 @@ ChangeTrustAttributes(CERTCertDBHandle *handle, PK11SlotInfo *slot,
}
static SECStatus
-DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii)
+DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii,
+ PRBool simpleSelfSigned)
{
CERTCertificate *the_cert;
CERTCertificateList *chain;
@@ -458,6 +461,14 @@ DumpChain(CERTCertDBHandle *handle, char *name, PRBool ascii)
SECU_PrintError(progName, "Could not find: %s\n", name);
return SECFailure;
}
+ if (simpleSelfSigned &&
+ SECEqual == SECITEM_CompareItem(&the_cert->derIssuer,
+ &the_cert->derSubject)) {
+ printf("\"%s\" [%s]\n\n", the_cert->nickname, the_cert->subjectName);
+ CERT_DestroyCertificate(the_cert);
+ return SECSuccess;
+ }
+
chain = CERT_CertChainFromCert(the_cert, 0, PR_TRUE);
CERT_DestroyCertificate(the_cert);
if (!chain) {
@@ -782,17 +793,17 @@ ValidateCert(CERTCertDBHandle *handle, char *name, char *date,
fprintf(stdout, "%s: certificate is valid\n", progName);
GEN_BREAK(SECSuccess)
} else {
- char *name;
+ char *nick;
CERTVerifyLogNode *node;
node = log->head;
while (node) {
if (node->cert->nickname != NULL) {
- name = node->cert->nickname;
+ nick = node->cert->nickname;
} else {
- name = node->cert->subjectName;
+ nick = node->cert->subjectName;
}
- fprintf(stderr, "%s : %s\n", name,
+ fprintf(stderr, "%s : %s\n", nick,
SECU_Strerror(node->error));
CERT_DestroyCertificate(node->cert);
node = node->next;
@@ -845,7 +856,7 @@ SECItemToHex(const SECItem *item, char *dst)
}
static const char *const keyTypeName[] = {
- "null", "rsa", "dsa", "fortezza", "dh", "kea", "ec"
+ "null", "rsa", "dsa", "fortezza", "dh", "kea", "ec", "rsaPss"
};
#define MAX_CKA_ID_BIN_LEN 20
@@ -999,7 +1010,7 @@ DeleteKey(char *nickname, secuPWData *pwdata)
slot = PK11_GetInternalKeySlot();
if (PK11_NeedLogin(slot)) {
- SECStatus rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
+ rv = PK11_Authenticate(slot, PR_TRUE, pwdata);
if (rv != SECSuccess) {
SECU_PrintError(progName, "could not authenticate to token %s.",
PK11_GetTokenName(slot));
@@ -1066,7 +1077,7 @@ PrintBuildFlags()
}
static void
-PrintSyntax(char *progName)
+PrintSyntax()
{
#define FPS fprintf(stderr,
FPS "Type %s -H for more detailed descriptions\n", progName);
@@ -1115,7 +1126,9 @@ PrintSyntax(char *progName)
FPS "\t%s --build-flags\n", progName);
FPS "\t%s -M -n cert-name -t trustargs [-d certdir] [-P dbprefix]\n",
progName);
- FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n", progName);
+ FPS "\t%s -O -n cert-name [-X] [-d certdir] [-a] [-P dbprefix]\n"
+ "\t\t [--simple-self-signed]\n",
+ progName);
FPS "\t%s -R -s subj -o cert-request-file [-d certdir] [-P dbprefix] [-p phone] [-a]\n"
"\t\t [-7 emailAddrs] [-k key-type-or-id] [-h token-name] [-f pwfile]\n"
"\t\t [-g key-size] [-Z hashAlg]\n",
@@ -1542,6 +1555,8 @@ luO(enum usage_level ul, const char *command)
" -P dbprefix");
FPS "%-20s force the database to open R/W\n",
" -X");
+ FPS "%-20s don't search for a chain if issuer name equals subject name\n",
+ " --simple-self-signed");
FPS "\n");
}
@@ -1560,7 +1575,7 @@ luR(enum usage_level ul, const char *command)
" -o output-req");
FPS "%-20s Type of key pair to generate (\"dsa\", \"ec\", \"rsa\" (default))\n",
" -k key-type-or-id");
- FPS "%-20s or nickname of the cert key to use \n",
+ FPS "%-20s or nickname of the cert key to use, or key id obtained using -K\n",
"");
FPS "%-20s Name of token in which to generate key (default is internal)\n",
" -h token-name");
@@ -1838,7 +1853,7 @@ luBuildFlags(enum usage_level ul, const char *command)
}
static void
-LongUsage(char *progName, enum usage_level ul, const char *command)
+LongUsage(enum usage_level ul, const char *command)
{
luA(ul, command);
luB(ul, command);
@@ -1866,14 +1881,14 @@ LongUsage(char *progName, enum usage_level ul, const char *command)
}
static void
-Usage(char *progName)
+Usage()
{
PR_fprintf(PR_STDERR,
"%s - Utility to manipulate NSS certificate databases\n\n"
"Usage: %s <command> -d <database-directory> <options>\n\n"
"Valid commands:\n",
progName, progName);
- LongUsage(progName, usage_selected, NULL);
+ LongUsage(usage_selected, NULL);
PR_fprintf(PR_STDERR, "\n"
"%s -H <command> : Print available options for the given command\n"
"%s -H : Print complete help output of all commands and options\n"
@@ -2269,10 +2284,10 @@ flagArray opFlagsArray[] =
{ NAME_SIZE(verify_recover), CKF_VERIFY_RECOVER },
{ NAME_SIZE(wrap), CKF_WRAP },
{ NAME_SIZE(unwrap), CKF_UNWRAP },
- { NAME_SIZE(derive), CKF_DERIVE },
+ { NAME_SIZE(derive), CKF_DERIVE }
};
-int opFlagsCount = sizeof(opFlagsArray) / sizeof(flagArray);
+int opFlagsCount = PR_ARRAY_SIZE(opFlagsArray);
flagArray attrFlagsArray[] =
{
@@ -2286,14 +2301,13 @@ flagArray attrFlagsArray[] =
{ NAME_SIZE(insensitive), PK11_ATTR_INSENSITIVE },
{ NAME_SIZE(extractable), PK11_ATTR_EXTRACTABLE },
{ NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE }
-
};
-int attrFlagsCount = sizeof(attrFlagsArray) / sizeof(flagArray);
+int attrFlagsCount = PR_ARRAY_SIZE(attrFlagsArray);
#define MAX_STRING 30
CK_ULONG
-GetFlags(char *flagsString, flagArray *flagArray, int count)
+GetFlags(char *flagsString, flagArray *flags, int count)
{
CK_ULONG flagsValue = strtol(flagsString, NULL, 0);
int i;
@@ -2303,10 +2317,10 @@ GetFlags(char *flagsString, flagArray *flagArray, int count)
}
while (*flagsString) {
for (i = 0; i < count; i++) {
- if (strncmp(flagsString, flagArray[i].name, flagArray[i].nameSize) ==
+ if (strncmp(flagsString, flags[i].name, flags[i].nameSize) ==
0) {
- flagsValue |= flagArray[i].value;
- flagsString += flagArray[i].nameSize;
+ flagsValue |= flags[i].value;
+ flagsString += flags[i].nameSize;
if (*flagsString != 0) {
flagsString++;
}
@@ -2499,6 +2513,7 @@ enum certutilOpts {
opt_NewNickname,
opt_Pss,
opt_PssSign,
+ opt_SimpleSelfSigned,
opt_Help
};
@@ -2623,6 +2638,8 @@ static const secuCommandFlag options_init[] =
"pss" },
{ /* opt_PssSign */ 0, PR_FALSE, 0, PR_FALSE,
"pss-sign" },
+ { /* opt_SimpleSelfSigned */ 0, PR_FALSE, 0, PR_FALSE,
+ "simple-self-signed" },
};
#define NUM_OPTIONS ((sizeof options_init) / (sizeof options_init[0]))
@@ -2691,14 +2708,13 @@ certutil_main(int argc, char **argv, PRBool initialize)
rv = SECU_ParseCommandLine(argc, argv, progName, &certutil);
if (rv != SECSuccess)
- Usage(progName);
+ Usage();
if (certutil.commands[cmd_PrintSyntax].activated) {
- PrintSyntax(progName);
+ PrintSyntax();
}
if (certutil.commands[cmd_PrintHelp].activated) {
- int i;
char buf[2];
const char *command = NULL;
for (i = 0; i < max_cmd; i++) {
@@ -2715,7 +2731,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
break;
}
}
- LongUsage(progName, (command ? usage_selected : usage_all), command);
+ LongUsage((command ? usage_selected : usage_all), command);
exit(1);
}
@@ -2823,7 +2839,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
if (certutil.options[opt_DBPrefix].arg) {
certPrefix = certutil.options[opt_DBPrefix].arg;
} else {
- Usage(progName);
+ Usage();
}
}
@@ -2832,7 +2848,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
if (certutil.options[opt_SourcePrefix].arg) {
srcCertPrefix = certutil.options[opt_SourcePrefix].arg;
} else {
- Usage(progName);
+ Usage();
}
}
@@ -2916,7 +2932,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
return 255;
}
if (commandsEntered == 0) {
- Usage(progName);
+ Usage();
}
if (certutil.commands[cmd_ListCerts].activated ||
@@ -3124,6 +3140,8 @@ certutil_main(int argc, char **argv, PRBool initialize)
}
initialized = PR_TRUE;
SECU_RegisterDynamicOids();
+ /* Ensure the SSL error code table has been registered. Bug 1460284. */
+ SSL_OptionSetDefault(-1, 0);
}
certHandle = CERT_GetDefaultCertDB();
@@ -3350,7 +3368,8 @@ certutil_main(int argc, char **argv, PRBool initialize)
}
if (certutil.commands[cmd_DumpChain].activated) {
rv = DumpChain(certHandle, name,
- certutil.options[opt_ASCIIForIO].activated);
+ certutil.options[opt_ASCIIForIO].activated,
+ certutil.options[opt_SimpleSelfSigned].activated);
goto shutdown;
}
/* XXX needs work */
@@ -3444,37 +3463,80 @@ certutil_main(int argc, char **argv, PRBool initialize)
keycert = CERT_FindCertByNicknameOrEmailAddr(certHandle, keysource);
if (!keycert) {
keycert = PK11_FindCertFromNickname(keysource, NULL);
- if (!keycert) {
- SECU_PrintError(progName,
- "%s is neither a key-type nor a nickname", keysource);
+ }
+
+ if (keycert) {
+ privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata);
+ } else {
+ PLArenaPool *arena = NULL;
+ SECItem keyidItem = { 0 };
+ char *keysourcePtr = keysource;
+ /* Interpret keysource as CKA_ID */
+ if (PK11_NeedLogin(slot)) {
+ rv = PK11_Authenticate(slot, PR_TRUE, &pwdata);
+ if (rv != SECSuccess) {
+ SECU_PrintError(progName, "could not authenticate to token %s.",
+ PK11_GetTokenName(slot));
+ return SECFailure;
+ }
+ }
+ if (0 == PL_strncasecmp("0x", keysource, 2)) {
+ keysourcePtr = keysource + 2; // skip leading "0x"
+ }
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ SECU_PrintError(progName, "unable to allocate arena");
return SECFailure;
}
+ if (SECU_HexString2SECItem(arena, &keyidItem, keysourcePtr)) {
+ privkey = PK11_FindKeyByKeyID(slot, &keyidItem, &pwdata);
+ }
+ PORT_FreeArena(arena, PR_FALSE);
+ }
+
+ if (!privkey) {
+ SECU_PrintError(
+ progName,
+ "%s is neither a key-type nor a nickname nor a key-id", keysource);
+ return SECFailure;
}
- privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata);
- if (privkey)
- pubkey = CERT_ExtractPublicKey(keycert);
+
+ pubkey = SECKEY_ConvertToPublicKey(privkey);
if (!pubkey) {
SECU_PrintError(progName,
"Could not get keys from cert %s", keysource);
+ if (keycert) {
+ CERT_DestroyCertificate(keycert);
+ }
rv = SECFailure;
- CERT_DestroyCertificate(keycert);
goto shutdown;
}
keytype = privkey->keyType;
+
/* On CertReq for renewal if no subject has been
* specified obtain it from the certificate.
*/
if (certutil.commands[cmd_CertReq].activated && !subject) {
- subject = CERT_AsciiToName(keycert->subjectName);
- if (!subject) {
- SECU_PrintError(progName,
- "Could not get subject from certificate %s", keysource);
- CERT_DestroyCertificate(keycert);
+ if (keycert) {
+ subject = CERT_AsciiToName(keycert->subjectName);
+ if (!subject) {
+ SECU_PrintError(
+ progName,
+ "Could not get subject from certificate %s",
+ keysource);
+ CERT_DestroyCertificate(keycert);
+ rv = SECFailure;
+ goto shutdown;
+ }
+ } else {
+ SECU_PrintError(progName, "Subject name not provided");
rv = SECFailure;
goto shutdown;
}
}
- CERT_DestroyCertificate(keycert);
+ if (keycert) {
+ CERT_DestroyCertificate(keycert);
+ }
} else {
privkey =
CERTUTIL_GeneratePrivateKey(keytype, slot, keysize,
@@ -3537,6 +3599,14 @@ certutil_main(int argc, char **argv, PRBool initialize)
}
}
+ if (certutil.options[opt_SimpleSelfSigned].activated &&
+ !certutil.commands[cmd_DumpChain].activated) {
+ PR_fprintf(PR_STDERR,
+ "%s -%c: --simple-self-signed only works with -O.\n",
+ progName, commandToRun);
+ return 255;
+ }
+
/* If we need a list of extensions convert the flags into list format */
if (certutil.commands[cmd_CertReq].activated ||
certutil.commands[cmd_CreateAndAddCert].activated ||
diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c
index c008ecc01..c5527fc93 100644
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -770,7 +770,7 @@ loser:
}
static void
-Usage(char *progName)
+Usage()
{
fprintf(stderr,
"Usage: %s -L [-n nickname] [-d keydir] [-P dbprefix] [-t crlType]\n"
@@ -908,7 +908,7 @@ main(int argc, char **argv)
while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
- Usage(progName);
+ Usage();
break;
case 'T':
@@ -1038,17 +1038,17 @@ main(int argc, char **argv)
}
if (deleteCRL && !nickName)
- Usage(progName);
+ Usage();
if (importCRL && !inFile)
- Usage(progName);
+ Usage();
if (showFileCRL && !inFile)
- Usage(progName);
+ Usage();
if ((generateCRL && !nickName) ||
(modifyCRL && !inFile && !nickName))
- Usage(progName);
+ Usage();
if (!(listCRL || deleteCRL || importCRL || showFileCRL || generateCRL ||
modifyCRL || test || erase))
- Usage(progName);
+ Usage();
if (listCRL || showFileCRL) {
readonly = PR_TRUE;
diff --git a/security/nss/cmd/crmftest/testcrmf.c b/security/nss/cmd/crmftest/testcrmf.c
index cbc680b08..1c1359b1b 100644
--- a/security/nss/cmd/crmftest/testcrmf.c
+++ b/security/nss/cmd/crmftest/testcrmf.c
@@ -577,7 +577,6 @@ Decode(void)
printf("WARNING: The DER contained %d messages.\n", numMsgs);
}
for (i = 0; i < numMsgs; i++) {
- SECStatus rv;
printf("crmftest: Processing cert request %d\n", i);
certReqMsg = CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqMsgs, i);
if (certReqMsg == NULL) {
diff --git a/security/nss/cmd/dbtest/dbtest.c b/security/nss/cmd/dbtest/dbtest.c
index 9a6a034a6..11713c23f 100644
--- a/security/nss/cmd/dbtest/dbtest.c
+++ b/security/nss/cmd/dbtest/dbtest.c
@@ -58,7 +58,7 @@ getPassword(PK11SlotInfo *slot, PRBool retry, void *arg)
}
static void
-Usage(const char *progName)
+Usage()
{
printf("Usage: %s [-r] [-f] [-i] [-d dbdir ] \n",
progName);
@@ -96,7 +96,7 @@ main(int argc, char **argv)
switch (optstate->option) {
case 'h':
default:
- Usage(progName);
+ Usage();
break;
case 'r':
@@ -122,7 +122,7 @@ main(int argc, char **argv)
}
PL_DestroyOptState(optstate);
if (optstatus == PL_OPT_BAD)
- Usage(progName);
+ Usage();
if (dbDir) {
char *tmp = dbDir;
@@ -181,7 +181,6 @@ main(int argc, char **argv)
ret = SUCCESS;
if (doInitTest) {
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
- SECStatus rv;
int passwordSuccess = 0;
int type = CKM_DES3_CBC;
SECItem keyid = { 0, NULL, 0 };
diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c
index 7cf28c65a..71e2ab88d 100644
--- a/security/nss/cmd/httpserv/httpserv.c
+++ b/security/nss/cmd/httpserv/httpserv.c
@@ -682,6 +682,7 @@ handle_connection(
}
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
+ arena = NULL;
}
if (!request || !request->tbsRequest ||
!request->tbsRequest->requestList ||
@@ -753,11 +754,11 @@ handle_connection(
{
PRTime now = PR_Now();
- PLArenaPool *arena = NULL;
CERTOCSPSingleResponse *sr;
CERTOCSPSingleResponse **singleResponses;
SECItem *ocspResponse;
+ PORT_Assert(!arena);
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
if (unknown) {
@@ -787,8 +788,8 @@ handle_connection(
} else {
PR_Write(ssl_sock, outOcspHeader, strlen(outOcspHeader));
PR_Write(ssl_sock, ocspResponse->data, ocspResponse->len);
- PORT_FreeArena(arena, PR_FALSE);
}
+ PORT_FreeArena(arena, PR_FALSE);
}
CERT_DestroyOCSPRequest(request);
break;
@@ -1357,7 +1358,6 @@ main(int argc, char **argv)
caRevoIter = &caRevoInfos->link;
do {
PRFileDesc *inFile;
- int rv = SECFailure;
SECItem crlDER;
crlDER.data = NULL;
@@ -1413,11 +1413,9 @@ main(int argc, char **argv)
if (provideOcsp) {
if (caRevoInfos) {
- PRCList *caRevoIter;
-
caRevoIter = &caRevoInfos->link;
do {
- caRevoInfo *revoInfo = (caRevoInfo *)caRevoIter;
+ revoInfo = (caRevoInfo *)caRevoIter;
if (revoInfo->nickname)
PORT_Free(revoInfo->nickname);
if (revoInfo->crlFilename)
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index 2b33f8963..6be2df432 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -1528,9 +1528,9 @@ SECU_PrintDumpDerIssuerAndSerial(FILE *out, SECItem *der, char *m,
unsigned int i;
for (i = 0; i < c->serialNumber.len; ++i) {
unsigned char *chardata = (unsigned char *)(c->serialNumber.data);
- unsigned char c = *(chardata + i);
+ unsigned char ch = *(chardata + i);
- fprintf(out, "\\x%02x", c);
+ fprintf(out, "\\x%02x", ch);
}
fprintf(out, "\" }\n");
}
@@ -3137,7 +3137,7 @@ typedef enum {
static int
secu_PrintSignedDataSigOpt(FILE *out, SECItem *der, const char *m,
int level, SECU_PPFunc inner,
- SignatureOptionType withSignature)
+ SignatureOptionType signatureOption)
{
PLArenaPool *arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
CERTSignedData *sd;
@@ -3164,7 +3164,7 @@ secu_PrintSignedDataSigOpt(FILE *out, SECItem *der, const char *m,
}
rv = (*inner)(out, &sd->data, "Data", level + 1);
- if (withSignature) {
+ if (signatureOption == withSignature) {
SECU_PrintAlgorithmID(out, &sd->signatureAlgorithm, "Signature Algorithm",
level + 1);
DER_ConvertBitString(&sd->signature);
diff --git a/security/nss/cmd/listsuites/listsuites.c b/security/nss/cmd/listsuites/listsuites.c
index 8eb2c3553..b49f2d8cf 100644
--- a/security/nss/cmd/listsuites/listsuites.c
+++ b/security/nss/cmd/listsuites/listsuites.c
@@ -64,9 +64,7 @@ main(int argc, char **argv)
/* disable all the SSL3 cipher suites */
for (i = 0; i < SSL_NumImplementedCiphers; i++) {
PRUint16 suite = cipherSuites[i];
- SECStatus rv;
PRBool enabled;
- PRErrorCode err;
SSLCipherSuiteInfo info;
rv = SSL_CipherPrefGetDefault(suite, &enabled);
diff --git a/security/nss/cmd/lowhashtest/lowhashtest.c b/security/nss/cmd/lowhashtest/lowhashtest.c
index 29d6ff4fd..fcc06a86e 100644
--- a/security/nss/cmd/lowhashtest/lowhashtest.c
+++ b/security/nss/cmd/lowhashtest/lowhashtest.c
@@ -390,7 +390,7 @@ testSHA512(NSSLOWInitContext *initCtx)
}
static void
-Usage(char *progName)
+Usage()
{
fprintf(stderr, "Usage: %s [algorithm]\n",
progName);
@@ -436,7 +436,7 @@ main(int argc, char **argv)
rv += testSHA512(initCtx);
} else {
SECU_PrintError(progName, "Unsupported hash type %s\n", argv[0]);
- Usage(progName);
+ Usage();
}
NSSLOW_Shutdown(initCtx);
diff --git a/security/nss/cmd/modutil/install-ds.c b/security/nss/cmd/modutil/install-ds.c
index 030568762..576839f8f 100644
--- a/security/nss/cmd/modutil/install-ds.c
+++ b/security/nss/cmd/modutil/install-ds.c
@@ -88,11 +88,11 @@ static const char* errString[] = {
static char* PR_Strdup(const char* str);
-#define PAD(x) \
- { \
- int i; \
- for (i = 0; i < x; i++) \
- printf(" "); \
+#define PAD(x) \
+ { \
+ int pad_i; \
+ for (pad_i = 0; pad_i < (x); pad_i++) \
+ printf(" "); \
}
#define PADINC 4
diff --git a/security/nss/cmd/mpitests/mpi-test.c b/security/nss/cmd/mpitests/mpi-test.c
index 3a1f5d6c2..b7953b6f6 100644
--- a/security/nss/cmd/mpitests/mpi-test.c
+++ b/security/nss/cmd/mpitests/mpi-test.c
@@ -375,14 +375,14 @@ void reason(char *fmt, ...);
char g_intbuf[4096]; /* buffer for integer comparison */
char a_intbuf[4096]; /* buffer for integer comparison */
int g_verbose = 1; /* print out reasons for failure? */
-int res;
-
-#define IFOK(x) \
- { \
- if (MP_OKAY > (res = (x))) { \
- reason("test %s failed: error %d\n", #x, res); \
- return 1; \
- } \
+
+#define IFOK(x) \
+ { \
+ int ifok_res = (x); \
+ if (MP_OKAY > ifok_res) { \
+ reason("test %s failed: error %d\n", #x, ifok_res); \
+ return 1; \
+ } \
}
int
diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c
index afcb7e13f..0927f8ef6 100644
--- a/security/nss/cmd/ocspclnt/ocspclnt.c
+++ b/security/nss/cmd/ocspclnt/ocspclnt.c
@@ -38,7 +38,7 @@
char *program_name;
static void
-synopsis(char *program_name)
+synopsis(char *progname)
{
PRFileDesc *pr_stderr;
@@ -46,44 +46,44 @@ synopsis(char *program_name)
PR_fprintf(pr_stderr, "Usage:");
PR_fprintf(pr_stderr,
"\t%s -p [-d <dir>]\n",
- program_name);
+ progname);
PR_fprintf(pr_stderr,
"\t%s -P [-d <dir>]\n",
- program_name);
+ progname);
PR_fprintf(pr_stderr,
"\t%s -r <name> [-a] [-L] [-s <name>] [-d <dir>]\n",
- program_name);
+ progname);
PR_fprintf(pr_stderr,
"\t%s -R <name> [-a] [-l <location>] [-s <name>] [-d <dir>]\n",
- program_name);
+ progname);
PR_fprintf(pr_stderr,
"\t%s -S <name> [-a] [-l <location> -t <name>]\n",
- program_name);
+ progname);
PR_fprintf(pr_stderr,
"\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
PR_fprintf(pr_stderr,
"\t%s -V <name> [-a] -u <usage> [-l <location> -t <name>]\n",
- program_name);
+ progname);
PR_fprintf(pr_stderr,
"\t\t [-s <name>] [-w <time>] [-d <dir>]\n");
}
static void
-short_usage(char *program_name)
+short_usage(char *progname)
{
PR_fprintf(PR_STDERR,
"Type %s -H for more detailed descriptions\n",
- program_name);
- synopsis(program_name);
+ progname);
+ synopsis(progname);
}
static void
-long_usage(char *program_name)
+long_usage(char *progname)
{
PRFileDesc *pr_stderr;
pr_stderr = PR_STDERR;
- synopsis(program_name);
+ synopsis(progname);
PR_fprintf(pr_stderr, "\nCommands (must specify exactly one):\n");
PR_fprintf(pr_stderr,
" %-13s Pretty-print a binary request read from stdin\n",
diff --git a/security/nss/cmd/ocspresp/ocspresp.c b/security/nss/cmd/ocspresp/ocspresp.c
index 632623c97..d18d32e18 100644
--- a/security/nss/cmd/ocspresp/ocspresp.c
+++ b/security/nss/cmd/ocspresp/ocspresp.c
@@ -194,8 +194,8 @@ main(int argc, char **argv)
&obtainedSignerCert, caCert));
#ifdef DEBUG
{
- SECStatus rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
- obtainedSignerCert, now);
+ rv = CERT_GetOCSPStatusForCertID(certHandle, decodedRev, cid,
+ obtainedSignerCert, now);
PORT_Assert(rv == SECFailure);
PORT_Assert(PORT_GetError() == SEC_ERROR_REVOKED_CERTIFICATE);
}
@@ -211,7 +211,7 @@ main(int argc, char **argv)
decodedFail = CERT_DecodeOCSPResponse(encodedFail);
#ifdef DEBUG
{
- SECStatus rv = CERT_GetOCSPResponseStatus(decodedFail);
+ rv = CERT_GetOCSPResponseStatus(decodedFail);
PORT_Assert(rv == SECFailure);
PORT_Assert(PORT_GetError() == SEC_ERROR_OCSP_TRY_SERVER_LATER);
}
diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c
index 70454a0d8..5884713e3 100644
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -28,7 +28,7 @@ static PRBool pk12uForceUnicode;
PRIntn pk12uErrno = 0;
static void
-Usage(char *progName)
+Usage()
{
#define FPS PR_fprintf(PR_STDERR,
FPS "Usage: %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname]\n",
@@ -1020,26 +1020,26 @@ main(int argc, char **argv)
rv = SECU_ParseCommandLine(argc, argv, progName, &pk12util);
if (rv != SECSuccess)
- Usage(progName);
+ Usage();
pk12_debugging = pk12util.options[opt_Debug].activated;
if ((pk12util.options[opt_Import].activated +
pk12util.options[opt_Export].activated +
pk12util.options[opt_List].activated) != 1) {
- Usage(progName);
+ Usage();
}
if (pk12util.options[opt_Export].activated &&
!pk12util.options[opt_Nickname].activated) {
- Usage(progName);
+ Usage();
}
rv = NSS_OptionGet(__NSS_PKCS12_DECODE_FORCE_UNICODE, &forceUnicode);
if (rv != SECSuccess) {
SECU_PrintError(progName,
"Failed to get NSS_PKCS12_DECODE_FORCE_UNICODE option");
- Usage(progName);
+ Usage();
}
pk12uForceUnicode = forceUnicode;
@@ -1144,7 +1144,7 @@ main(int argc, char **argv)
P12U_ListPKCS12File(import_file, slot, &slotPw, &p12FilePw);
} else {
- Usage(progName);
+ Usage();
pk12uErrno = PK12UERR_USAGE;
}
diff --git a/security/nss/cmd/pk1sign/pk1sign.c b/security/nss/cmd/pk1sign/pk1sign.c
index 085aa1659..d5524c149 100644
--- a/security/nss/cmd/pk1sign/pk1sign.c
+++ b/security/nss/cmd/pk1sign/pk1sign.c
@@ -178,7 +178,7 @@ loser:
SECKEY_DestroyPrivateKey(privKey);
}
if (data) {
- PORT_Free(data);
+ PR_Free(data);
}
PORT_FreeArena(arena, PR_FALSE);
diff --git a/security/nss/cmd/rsaperf/rsaperf.c b/security/nss/cmd/rsaperf/rsaperf.c
index 2bb23856e..7762a465b 100644
--- a/security/nss/cmd/rsaperf/rsaperf.c
+++ b/security/nss/cmd/rsaperf/rsaperf.c
@@ -313,7 +313,7 @@ main(int argc, char **argv)
char *slotname = NULL;
long keybits = 0;
RSAOp fn;
- void *rsaKey = NULL;
+ void *rsaKeyPtr = NULL;
PLOptState *optstate;
PLOptStatus optstatus;
long iters = DEFAULT_ITERS;
@@ -464,7 +464,7 @@ main(int argc, char **argv)
if (doPub) {
/* do public key ops */
fn = (RSAOp)PK11_PublicKeyOp;
- rsaKey = (void *)pubHighKey;
+ rsaKeyPtr = (void *)pubHighKey;
kh = PK11_ImportPublicKey(cert->slot, pubHighKey, PR_FALSE);
if (CK_INVALID_HANDLE == kh) {
@@ -489,7 +489,7 @@ main(int argc, char **argv)
fn = (RSAOp)PK11_PrivateKeyOp;
keys.privKey = privHighKey;
keys.pubKey = pubHighKey;
- rsaKey = (void *)&keys;
+ rsaKeyPtr = (void *)&keys;
printf("Using PKCS#11 for RSA decryption with token %s.\n",
PK11_GetTokenName(privHighKey->pkcs11Slot));
}
@@ -537,13 +537,13 @@ main(int argc, char **argv)
if (doPub) {
/* do public key operations */
fn = (RSAOp)PK11_PublicKeyOp;
- rsaKey = (void *)pubHighKey;
+ rsaKeyPtr = (void *)pubHighKey;
} else {
/* do private key operations */
fn = (RSAOp)PK11_PrivateKeyOp;
keys.privKey = privHighKey;
keys.pubKey = pubHighKey;
- rsaKey = (void *)&keys;
+ rsaKeyPtr = (void *)&keys;
}
} else
@@ -574,7 +574,7 @@ main(int argc, char **argv)
pe.data = &pubEx[0];
pe.type = siBuffer;
- rsaKey = RSA_NewKey(keybits, &pe);
+ rsaKeyPtr = RSA_NewKey(keybits, &pe);
fprintf(stderr, "Keygen completed.\n");
} else {
/* use a hardcoded key */
@@ -589,31 +589,31 @@ main(int argc, char **argv)
if (doPub) {
/* do public key operations */
fn = (RSAOp)RSA_PublicKeyOp;
- if (rsaKey) {
+ if (rsaKeyPtr) {
/* convert the RSAPrivateKey to RSAPublicKey */
pubKeyStr.arena = NULL;
- pubKeyStr.modulus = ((RSAPrivateKey *)rsaKey)->modulus;
+ pubKeyStr.modulus = ((RSAPrivateKey *)rsaKeyPtr)->modulus;
pubKeyStr.publicExponent =
- ((RSAPrivateKey *)rsaKey)->publicExponent;
- rsaKey = &pubKeyStr;
+ ((RSAPrivateKey *)rsaKeyPtr)->publicExponent;
+ rsaKeyPtr = &pubKeyStr;
} else {
/* convert NSSLOWKeyPublicKey to RSAPublicKey */
- rsaKey = (void *)(&pubKey->u.rsa);
+ rsaKeyPtr = (void *)(&pubKey->u.rsa);
}
- PORT_Assert(rsaKey);
+ PORT_Assert(rsaKeyPtr);
} else {
/* do private key operations */
fn = (RSAOp)RSA_PrivateKeyOp;
if (privKey) {
/* convert NSSLOWKeyPrivateKey to RSAPrivateKey */
- rsaKey = (void *)(&privKey->u.rsa);
+ rsaKeyPtr = (void *)(&privKey->u.rsa);
}
- PORT_Assert(rsaKey);
+ PORT_Assert(rsaKeyPtr);
}
}
memset(buf, 1, sizeof buf);
- rv = fn(rsaKey, buf2, buf);
+ rv = fn(rsaKeyPtr, buf2, buf);
if (rv != SECSuccess) {
PRErrorCode errNum;
const char *errStr = NULL;
@@ -638,7 +638,7 @@ main(int argc, char **argv)
runDataArr[i]->fn = fn;
runDataArr[i]->buf = buf;
runDataArr[i]->doIters = &doIters;
- runDataArr[i]->rsaKey = rsaKey;
+ runDataArr[i]->rsaKey = rsaKeyPtr;
runDataArr[i]->seconds = seconds;
runDataArr[i]->iters = iters;
threadsArr[i] =
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c
index fac428e10..c372ec9b8 100644
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -57,7 +57,7 @@
int NumSidCacheEntries = 1024;
-static int handle_connection(PRFileDesc *, PRFileDesc *, int);
+static int handle_connection(PRFileDesc *, PRFileDesc *);
static const char envVarName[] = { SSL_ENV_VAR_NAME };
static const char inheritableSockName[] = { "SELFSERV_LISTEN_SOCKET" };
@@ -509,7 +509,6 @@ typedef struct jobStr {
PRCList link;
PRFileDesc *tcp_sock;
PRFileDesc *model_sock;
- int requestCert;
} JOB;
static PZLock *qLock; /* this lock protects all data immediately below */
@@ -541,7 +540,7 @@ setupJobs(int maxJobs)
return SECSuccess;
}
-typedef int startFn(PRFileDesc *a, PRFileDesc *b, int c);
+typedef int startFn(PRFileDesc *a, PRFileDesc *b);
typedef enum { rs_idle = 0,
rs_running = 1,
@@ -550,7 +549,6 @@ typedef enum { rs_idle = 0,
typedef struct perThreadStr {
PRFileDesc *a;
PRFileDesc *b;
- int c;
int rv;
startFn *startFunc;
PRThread *prThread;
@@ -564,7 +562,7 @@ thread_wrapper(void *arg)
{
perThread *slot = (perThread *)arg;
- slot->rv = (*slot->startFunc)(slot->a, slot->b, slot->c);
+ slot->rv = (*slot->startFunc)(slot->a, slot->b);
/* notify the thread exit handler. */
PZ_Lock(qLock);
@@ -575,7 +573,7 @@ thread_wrapper(void *arg)
}
int
-jobLoop(PRFileDesc *a, PRFileDesc *b, int c)
+jobLoop(PRFileDesc *a, PRFileDesc *b)
{
PRCList *myLink = 0;
JOB *myJob;
@@ -595,8 +593,7 @@ jobLoop(PRFileDesc *a, PRFileDesc *b, int c)
/* myJob will be null when stopping is true and jobQ is empty */
if (!myJob)
break;
- handle_connection(myJob->tcp_sock, myJob->model_sock,
- myJob->requestCert);
+ handle_connection(myJob->tcp_sock, myJob->model_sock);
PZ_Lock(qLock);
PR_APPEND_LINK(myLink, &freeJobs);
PZ_NotifyCondVar(freeListNotEmptyCv);
@@ -609,7 +606,6 @@ launch_threads(
startFn *startFunc,
PRFileDesc *a,
PRFileDesc *b,
- int c,
PRBool local)
{
int i;
@@ -645,7 +641,6 @@ launch_threads(
slot->state = rs_running;
slot->a = a;
slot->b = b;
- slot->c = c;
slot->startFunc = startFunc;
slot->prThread = PR_CreateThread(PR_USER_THREAD,
thread_wrapper, slot, PR_PRIORITY_NORMAL,
@@ -893,8 +888,7 @@ int /* returns count */
int
do_writes(
PRFileDesc *ssl_sock,
- PRFileDesc *model_sock,
- int requestCert)
+ PRFileDesc *model_sock)
{
int sent = 0;
int count = 0;
@@ -925,8 +919,7 @@ do_writes(
static int
handle_fdx_connection(
PRFileDesc *tcp_sock,
- PRFileDesc *model_sock,
- int requestCert)
+ PRFileDesc *model_sock)
{
PRFileDesc *ssl_sock = NULL;
SECStatus result;
@@ -960,8 +953,7 @@ handle_fdx_connection(
lockedVars_AddToCount(&lv, 1);
/* Attempt to launch the writer thread. */
- result = launch_thread(do_writes, ssl_sock, (PRFileDesc *)&lv,
- requestCert);
+ result = launch_thread(do_writes, ssl_sock, (PRFileDesc *)&lv);
if (result == SECSuccess)
do {
@@ -1093,7 +1085,7 @@ makeCorruptedOCSPResponse(PLArenaPool *arena)
}
SECItemArray *
-makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
+makeSignedOCSPResponse(PLArenaPool *arena,
CERTCertificate *cert, secuPWData *pwdata)
{
SECItemArray *result = NULL;
@@ -1117,7 +1109,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
nextUpdate = now + (PRTime)60 * 60 * 24 * PR_USEC_PER_SEC; /* plus 1 day */
- switch (osm) {
+ switch (ocspStaplingMode) {
case osm_good:
case osm_badsig:
sr = CERT_CreateOCSPSingleResponseGood(arena, cid, now,
@@ -1150,7 +1142,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
singleResponses[1] = NULL;
ocspResponse = CERT_CreateEncodedOCSPSuccessResponse(arena,
- (osm == osm_badsig)
+ (ocspStaplingMode == osm_badsig)
? NULL
: ca,
ocspResponderID_byName, now, singleResponses,
@@ -1175,7 +1167,7 @@ makeSignedOCSPResponse(PLArenaPool *arena, ocspStaplingModeType osm,
}
void
-setupCertStatus(PLArenaPool *arena, enum ocspStaplingModeEnum ocspStaplingMode,
+setupCertStatus(PLArenaPool *arena,
CERTCertificate *cert, int index, secuPWData *pwdata)
{
if (ocspStaplingMode == osm_random) {
@@ -1213,7 +1205,7 @@ setupCertStatus(PLArenaPool *arena, enum ocspStaplingModeEnum ocspStaplingMode,
case osm_unknown:
case osm_badsig:
multiOcspResponses =
- makeSignedOCSPResponse(arena, ocspStaplingMode, cert,
+ makeSignedOCSPResponse(arena, cert,
pwdata);
break;
case osm_corrupted:
@@ -1236,10 +1228,7 @@ setupCertStatus(PLArenaPool *arena, enum ocspStaplingModeEnum ocspStaplingMode,
}
int
-handle_connection(
- PRFileDesc *tcp_sock,
- PRFileDesc *model_sock,
- int requestCert)
+handle_connection(PRFileDesc *tcp_sock, PRFileDesc *model_sock)
{
PRFileDesc *ssl_sock = NULL;
PRFileDesc *local_file_fd = NULL;
@@ -1272,7 +1261,6 @@ handle_connection(
VLOG(("selfserv: handle_connection: starting\n"));
if (useModelSocket && model_sock) {
- SECStatus rv;
ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
if (!ssl_sock) {
errWarn("SSL_ImportFD with model");
@@ -1588,8 +1576,7 @@ sigusr1_handler(int sig)
SECStatus
do_accepts(
PRFileDesc *listen_sock,
- PRFileDesc *model_sock,
- int requestCert)
+ PRFileDesc *model_sock)
{
PRNetAddr addr;
PRErrorCode perr;
@@ -1659,7 +1646,6 @@ do_accepts(
JOB *myJob = (JOB *)myLink;
myJob->tcp_sock = tcp_sock;
myJob->model_sock = model_sock;
- myJob->requestCert = requestCert;
}
PR_APPEND_LINK(myLink, &jobQ);
@@ -1818,7 +1804,6 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
void
server_main(
PRFileDesc *listen_sock,
- int requestCert,
SECKEYPrivateKey **privKey,
CERTCertificate **cert,
const char *expectedHostNameVal)
@@ -2021,7 +2006,7 @@ server_main(
/* end of ssl configuration. */
/* Now, do the accepting, here in the main thread. */
- rv = do_accepts(listen_sock, model_sock, requestCert);
+ rv = do_accepts(listen_sock, model_sock);
terminateWorkerThreads();
@@ -2654,9 +2639,8 @@ main(int argc, char **argv)
}
}
if (cipher > 0) {
- SECStatus status;
- status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
- if (status != SECSuccess)
+ rv = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
+ if (rv != SECSuccess)
SECU_PrintError(progName, "SSL_CipherPrefSet()");
} else {
fprintf(stderr,
@@ -2684,7 +2668,7 @@ main(int argc, char **argv)
exit(11);
}
if (privKey[i]->keyType != ecKey)
- setupCertStatus(certStatusArena, ocspStaplingMode, cert[i], i, &pwdata);
+ setupCertStatus(certStatusArena, cert[i], i, &pwdata);
}
if (configureWeakDHE > 0) {
@@ -2697,7 +2681,7 @@ main(int argc, char **argv)
}
/* allocate the array of thread slots, and launch the worker threads. */
- rv = launch_threads(&jobLoop, 0, 0, requestCert, useLocalThreads);
+ rv = launch_threads(&jobLoop, 0, 0, useLocalThreads);
if (rv == SECSuccess && logStats) {
loggerThread = PR_CreateThread(PR_SYSTEM_THREAD,
@@ -2712,7 +2696,7 @@ main(int argc, char **argv)
}
if (rv == SECSuccess) {
- server_main(listen_sock, requestCert, privKey, cert,
+ server_main(listen_sock, privKey, cert,
expectedHostNameVal);
}
@@ -2731,7 +2715,6 @@ cleanup:
}
{
- int i;
for (i = 0; i < certNicknameIndex; i++) {
if (cert[i]) {
CERT_DestroyCertificate(cert[i]);
diff --git a/security/nss/cmd/shlibsign/shlibsign.c b/security/nss/cmd/shlibsign/shlibsign.c
index d93fc422d..221d1e67e 100644
--- a/security/nss/cmd/shlibsign/shlibsign.c
+++ b/security/nss/cmd/shlibsign/shlibsign.c
@@ -148,7 +148,7 @@ writeItem(PRFileDesc *fd, CK_VOID_PTR pValue,
return PR_FAILURE;
}
bytesWritten = PR_Write(fd, pValue, ulValueLen);
- if (bytesWritten != ulValueLen) {
+ if (bytesWritten < 0 || (CK_ULONG)bytesWritten != ulValueLen) {
lperror(file);
return PR_FAILURE;
}
diff --git a/security/nss/cmd/signtool/javascript.c b/security/nss/cmd/signtool/javascript.c
index ffff2db59..58869aa61 100644
--- a/security/nss/cmd/signtool/javascript.c
+++ b/security/nss/cmd/signtool/javascript.c
@@ -1300,7 +1300,6 @@ extract_js(char *filename)
* Now we have a stream of tags and text. Go through and deal with each.
*/
for (curitem = head; curitem; curitem = curitem->next) {
- TagItem *tagp = NULL;
AVPair *pairp = NULL;
char *src = NULL, *id = NULL, *codebase = NULL;
PRBool hasEventHandler = PR_FALSE;
@@ -1669,11 +1668,14 @@ loser:
* Returns PR_SUCCESS if the directory is present, PR_FAILURE otherwise.
*/
static PRStatus
-ensureExists(char *base, char *path)
+ensureExists(char *basepath, char *path)
{
char fn[FNSIZE];
PRDir *dir;
- sprintf(fn, "%s/%s", base, path);
+ int c = snprintf(fn, sizeof(fn), "%s/%s", basepath, path);
+ if (c >= sizeof(fn)) {
+ return PR_FAILURE;
+ }
/*PR_fprintf(outputFD, "Trying to open directory %s.\n", fn);*/
diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c
index 6f8e43946..534530947 100644
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -175,16 +175,16 @@ typedef struct {
*
*/
int
-SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
- char *install_script, int optimize, PRBool recurse)
+SignAllArc(char *jartree, char *keyName, int javascript, char *metafilename,
+ char *install_script, int optimize_level, PRBool recurse)
{
SignArcInfo info;
info.keyName = keyName;
info.javascript = javascript;
- info.metafile = metafile;
+ info.metafile = metafilename;
info.install_script = install_script;
- info.optimize = optimize;
+ info.optimize = optimize_level;
return foreach (jartree, "", sign_all_arc_fn, recurse,
PR_TRUE /*include dirs*/, (void *)&info);
@@ -194,7 +194,7 @@ static int
sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
void *arg)
{
- char *zipfile = NULL;
+ char *zipfilename = NULL;
char *arc = NULL, *archive = NULL;
int retval = 0;
SignArcInfo *infop = (SignArcInfo *)arg;
@@ -212,8 +212,8 @@ sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
}
archive = PR_smprintf("%s/%s", basedir, relpath);
- zipfile = PL_strdup(archive);
- arc = PORT_Strrchr(zipfile, '.');
+ zipfilename = PL_strdup(archive);
+ arc = PORT_Strrchr(zipfilename, '.');
if (arc == NULL) {
PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
@@ -225,17 +225,17 @@ sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
PL_strcpy(arc, ".jar");
if (verbosity >= 0) {
- PR_fprintf(outputFD, "\nsigning: %s\n", zipfile);
+ PR_fprintf(outputFD, "\nsigning: %s\n", zipfilename);
}
- retval = SignArchive(archive, infop->keyName, zipfile,
+ retval = SignArchive(archive, infop->keyName, zipfilename,
infop->javascript, infop->metafile, infop->install_script,
infop->optimize, PR_TRUE /* recurse */);
}
finish:
if (archive)
PR_Free(archive);
- if (zipfile)
- PR_Free(zipfile);
+ if (zipfilename)
+ PR_Free(zipfilename);
return retval;
}
@@ -707,8 +707,8 @@ SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert)
static int
generate_SF_file(char *manifile, char *who)
{
- FILE *sf;
- FILE *mf;
+ FILE *sfFile;
+ FILE *mfFile;
long r1, r2, r3;
char whofile[FNSIZE];
char *buf, *name = NULL;
@@ -718,12 +718,12 @@ generate_SF_file(char *manifile, char *who)
strcpy(whofile, who);
- if ((mf = fopen(manifile, "rb")) == NULL) {
+ if ((mfFile = fopen(manifile, "rb")) == NULL) {
perror(manifile);
exit(ERRX);
}
- if ((sf = fopen(whofile, "wb")) == NULL) {
+ if ((sfFile = fopen(whofile, "wb")) == NULL) {
perror(who);
exit(ERRX);
}
@@ -736,11 +736,11 @@ generate_SF_file(char *manifile, char *who)
if (buf == NULL || name == NULL)
out_of_memory();
- fprintf(sf, "Signature-Version: 1.0\n");
- fprintf(sf, "Created-By: %s\n", CREATOR);
- fprintf(sf, "Comments: %s\n", BREAKAGE);
+ fprintf(sfFile, "Signature-Version: 1.0\n");
+ fprintf(sfFile, "Created-By: %s\n", CREATOR);
+ fprintf(sfFile, "Comments: %s\n", BREAKAGE);
- if (fgets(buf, BUFSIZ, mf) == NULL) {
+ if (fgets(buf, BUFSIZ, mfFile) == NULL) {
PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME);
errorCount++;
exit(ERRX);
@@ -752,15 +752,15 @@ generate_SF_file(char *manifile, char *who)
exit(ERRX);
}
- fseek(mf, 0L, SEEK_SET);
+ fseek(mfFile, 0L, SEEK_SET);
/* Process blocks of headers, and calculate their hashen */
while (1) {
/* Beginning range */
- r1 = ftell(mf);
+ r1 = ftell(mfFile);
- if (fgets(name, BUFSIZ, mf) == NULL)
+ if (fgets(name, BUFSIZ, mfFile) == NULL)
break;
line++;
@@ -774,46 +774,46 @@ generate_SF_file(char *manifile, char *who)
}
r2 = r1;
- while (fgets(buf, BUFSIZ, mf)) {
+ while (fgets(buf, BUFSIZ, mfFile)) {
if (*buf == 0 || *buf == '\n' || *buf == '\r')
break;
line++;
/* Ending range for hashing */
- r2 = ftell(mf);
+ r2 = ftell(mfFile);
}
- r3 = ftell(mf);
+ r3 = ftell(mfFile);
if (r1) {
- fprintf(sf, "\n");
- fprintf(sf, "%s", name);
+ fprintf(sfFile, "\n");
+ fprintf(sfFile, "%s", name);
}
- calculate_MD5_range(mf, r1, r2, &dig);
+ calculate_MD5_range(mfFile, r1, r2, &dig);
if (optimize == 0) {
- fprintf(sf, "Digest-Algorithms: MD5 SHA1\n");
+ fprintf(sfFile, "Digest-Algorithms: MD5 SHA1\n");
md5 = BTOA_DataToAscii(dig.md5, MD5_LENGTH);
- fprintf(sf, "MD5-Digest: %s\n", md5);
+ fprintf(sfFile, "MD5-Digest: %s\n", md5);
PORT_Free(md5);
}
sha1 = BTOA_DataToAscii(dig.sha1, SHA1_LENGTH);
- fprintf(sf, "SHA1-Digest: %s\n", sha1);
+ fprintf(sfFile, "SHA1-Digest: %s\n", sha1);
PORT_Free(sha1);
/* restore normalcy after changing offset position */
- fseek(mf, r3, SEEK_SET);
+ fseek(mfFile, r3, SEEK_SET);
}
PORT_Free(buf);
PORT_Free(name);
- fclose(sf);
- fclose(mf);
+ fclose(sfFile);
+ fclose(mfFile);
return 0;
}
diff --git a/security/nss/cmd/signtool/zip.c b/security/nss/cmd/signtool/zip.c
index 35d5f5733..aeb5d6c54 100644
--- a/security/nss/cmd/signtool/zip.c
+++ b/security/nss/cmd/signtool/zip.c
@@ -129,7 +129,7 @@ handle_zerror(int err, char *msg)
* been opened with JzipOpen.
*/
int
-JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
+JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int lvl)
{
ZIPentry *entry;
PRFileDesc *readfp;
@@ -319,7 +319,7 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
* It causes zlib to leave out its headers and footers, which don't
* work in PKZIP files.
*/
- err = deflateInit2(&zstream, compression_level, Z_DEFLATED,
+ err = deflateInit2(&zstream, lvl, Z_DEFLATED,
-MAX_WBITS, 8 /*default*/, Z_DEFAULT_STRATEGY);
if (err != Z_OK) {
handle_zerror(err, zstream.msg);
diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c
index fe17f26a4..7106521c1 100644
--- a/security/nss/cmd/smimetools/cmsutil.c
+++ b/security/nss/cmd/smimetools/cmsutil.c
@@ -68,7 +68,7 @@ DigestFile(PLArenaPool *poolp, SECItem ***digests, SECItem *input,
}
static void
-Usage(char *progName)
+Usage(void)
{
fprintf(stderr,
"Usage: %s [-C|-D|-E|-O|-S] [<options>] [-d dbdir] [-u certusage]\n"
@@ -280,7 +280,6 @@ decode(FILE *out, SECItem *input, const struct decodeOptionsStr *decodeOptions)
** or might be an invalid message, such as a QA test message
** or a message from an attacker.
*/
- SECStatus rv;
rv = NSS_CMSSignedData_VerifyCertsOnly(sigd,
decodeOptions->options->certHandle,
decodeOptions->options->certUsage);
@@ -1127,7 +1126,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -G only supported with option -S.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
signOptions.signingTime = PR_TRUE;
@@ -1137,7 +1136,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -H only supported with option -S.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
decodeOptions.suppressContent = PR_TRUE;
@@ -1167,7 +1166,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -N only supported with option -S.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
signOptions.nickname = PORT_Strdup(optstate->value);
@@ -1180,7 +1179,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -P only supported with option -S.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
signOptions.smimeProfile = PR_TRUE;
@@ -1193,7 +1192,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -T only supported with option -S.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
signOptions.detached = PR_TRUE;
@@ -1203,7 +1202,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -Y only supported with option -S.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
signOptions.encryptionKeyPreferenceNick = strdup(optstate->value);
@@ -1214,7 +1213,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -b only supported with option -D.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
batch = PR_TRUE;
@@ -1225,7 +1224,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -c only supported with option -D.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
contentFile = PR_Open(optstate->value, PR_RDONLY, 006600);
@@ -1261,7 +1260,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -h only supported with option -D.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
decodeOptions.headerLevel = atoi(optstate->value);
@@ -1288,7 +1287,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -k only supported with option -D.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
decodeOptions.keepCerts = PR_TRUE;
@@ -1299,7 +1298,7 @@ main(int argc, char **argv)
fprintf(stderr,
"%s: option -n only supported with option -D.\n",
progName);
- Usage(progName);
+ Usage();
exit(1);
}
decodeOptions.suppressContent = PR_TRUE;
@@ -1315,7 +1314,7 @@ main(int argc, char **argv)
case 'p':
if (!optstate->value) {
fprintf(stderr, "%s: option -p must have a value.\n", progName);
- Usage(progName);
+ Usage();
exit(1);
}
@@ -1325,7 +1324,7 @@ main(int argc, char **argv)
case 'f':
if (!optstate->value) {
fprintf(stderr, "%s: option -f must have a value.\n", progName);
- Usage(progName);
+ Usage();
exit(1);
}
@@ -1335,7 +1334,7 @@ main(int argc, char **argv)
case 'r':
if (!optstate->value) {
fprintf(stderr, "%s: option -r must have a value.\n", progName);
- Usage(progName);
+ Usage();
exit(1);
}
envelopeOptions.recipients = ptrarray;
@@ -1368,11 +1367,11 @@ main(int argc, char **argv)
}
}
if (status == PL_OPT_BAD)
- Usage(progName);
+ Usage();
PL_DestroyOptState(optstate);
if (mode == UNKNOWN)
- Usage(progName);
+ Usage();
if (mode != CERTSONLY && !batch) {
rv = SECU_FileToItem(&input, inFile);
@@ -1529,7 +1528,7 @@ main(int argc, char **argv)
break;
default:
fprintf(stderr, "One of options -D, -S or -E must be set.\n");
- Usage(progName);
+ Usage();
exitstatus = 1;
}
diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c
index 7d259bd0a..bba53efac 100644
--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ b/security/nss/cmd/strsclnt/strsclnt.c
@@ -137,7 +137,7 @@ SECItem bigBuf;
fprintf
static void
-Usage(const char *progName)
+Usage(void)
{
fprintf(stderr,
"Usage: %s [-n nickname] [-p port] [-d dbdir] [-c connections]\n"
@@ -260,7 +260,6 @@ void
printSecurityInfo(PRFileDesc *fd)
{
CERTCertificate *cert = NULL;
- SSL3Statistics *ssl3stats = SSL_GetStatistics();
SECStatus result;
SSLChannelInfo channel;
SSLCipherSuiteInfo suite;
@@ -1095,7 +1094,6 @@ client_main(
while (0 != (ndx = *cipherString)) {
const char *startCipher = cipherString++;
int cipher = 0;
- SECStatus rv;
if (ndx == ':') {
cipher = hexchar_to_int(*cipherString++);
@@ -1353,7 +1351,7 @@ main(int argc, char **argv)
enabledVersions, &enabledVersions) !=
SECSuccess) {
fprintf(stderr, "Bad version specified.\n");
- Usage(progName);
+ Usage();
}
break;
@@ -1431,27 +1429,27 @@ main(int argc, char **argv)
case 0: /* positional parameter */
if (hostName) {
- Usage(progName);
+ Usage();
}
hostName = PL_strdup(optstate->value);
break;
default:
case '?':
- Usage(progName);
+ Usage();
break;
}
}
PL_DestroyOptState(optstate);
if (!hostName || status == PL_OPT_BAD)
- Usage(progName);
+ Usage();
if (fullhs != NO_FULLHS_PERCENTAGE && (fullhs < 0 || fullhs > 100 || NoReuse))
- Usage(progName);
+ Usage();
if (port == 0)
- Usage(progName);
+ Usage();
if (fileName)
readBigFile(fileName);
diff --git a/security/nss/cmd/symkeyutil/symkeyutil.c b/security/nss/cmd/symkeyutil/symkeyutil.c
index 444456808..31ab4dda4 100644
--- a/security/nss/cmd/symkeyutil/symkeyutil.c
+++ b/security/nss/cmd/symkeyutil/symkeyutil.c
@@ -1034,10 +1034,10 @@ main(int argc, char **argv)
char *targetName = symKeyUtil.options[opt_TargetToken].arg;
PK11SymKey *newKey;
PK11SymKey *symKey = FindKey(slot, name, &keyID, &pwdata);
- char *keyName = PK11_GetSymKeyNickname(symKey);
+ char *keyName;
if (!symKey) {
- char *keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
+ keyName = keyID.data ? BufToHex(&keyID) : PORT_Strdup(name);
PR_fprintf(PR_STDERR, "%s: Couldn't find key %s on %s\n",
progName, keyName, PK11_GetTokenName(slot));
PORT_Free(keyName);
@@ -1061,6 +1061,7 @@ main(int argc, char **argv)
PR_fprintf(PR_STDERR, "%s: Couldn't move the key \n", progName);
goto shutdown;
}
+ keyName = PK11_GetSymKeyNickname(symKey);
if (keyName) {
rv = PK11_SetSymKeyNickname(newKey, keyName);
if (rv != SECSuccess) {
diff --git a/security/nss/cmd/tstclnt/tstclnt.c b/security/nss/cmd/tstclnt/tstclnt.c
index 1ad99502b..6f5a43146 100644
--- a/security/nss/cmd/tstclnt/tstclnt.c
+++ b/security/nss/cmd/tstclnt/tstclnt.c
@@ -51,6 +51,7 @@
#define MAX_WAIT_FOR_SERVER 600
#define WAIT_INTERVAL 100
+#define ZERO_RTT_MAX (2 << 16)
#define EXIT_CODE_HANDSHAKE_FAILED 254
@@ -99,6 +100,7 @@ int renegotiationsDone = 0;
PRBool initializedServerSessionCache = PR_FALSE;
static char *progName;
+static const char *requestFile;
secuPWData pwdata = { PW_NONE, 0 };
@@ -172,7 +174,7 @@ printSecurityInfo(PRFileDesc *fd)
}
static void
-PrintUsageHeader(const char *progName)
+PrintUsageHeader()
{
fprintf(stderr,
"Usage: %s -h host [-a 1st_hs_name ] [-a 2nd_hs_name ] [-p port]\n"
@@ -186,7 +188,7 @@ PrintUsageHeader(const char *progName)
}
static void
-PrintParameterUsage(void)
+PrintParameterUsage()
{
fprintf(stderr, "%-20s Send different SNI name. 1st_hs_name - at first\n"
"%-20s handshake, 2nd_hs_name - at second handshake.\n"
@@ -259,17 +261,17 @@ PrintParameterUsage(void)
}
static void
-Usage(const char *progName)
+Usage()
{
- PrintUsageHeader(progName);
+ PrintUsageHeader();
PrintParameterUsage();
exit(1);
}
static void
-PrintCipherUsage(const char *progName)
+PrintCipherUsage()
{
- PrintUsageHeader(progName);
+ PrintUsageHeader();
fprintf(stderr, "%-20s Letter(s) chosen from the following list\n",
"-c ciphers");
fprintf(stderr,
@@ -303,7 +305,7 @@ milliPause(PRUint32 milli)
}
void
-disableAllSSLCiphers(void)
+disableAllSSLCiphers()
{
const PRUint16 *cipherSuites = SSL_GetImplementedCiphers();
int i = SSL_GetNumImplementedCiphers();
@@ -711,12 +713,18 @@ void
thread_main(void *arg)
{
PRFileDesc *ps = (PRFileDesc *)arg;
- PRFileDesc *std_in = PR_GetSpecialFD(PR_StandardInput);
+ PRFileDesc *std_in;
int wc, rc;
char buf[256];
+ if (requestFile) {
+ std_in = PR_Open(requestFile, PR_RDONLY, 0);
+ } else {
+ std_in = PR_GetSpecialFD(PR_StandardInput);
+ }
+
#ifdef WIN32
- {
+ if (!requestFile) {
/* Put stdin into O_BINARY mode
** or else incoming \r\n's will become \n's.
*/
@@ -737,6 +745,9 @@ thread_main(void *arg)
wc = PR_Send(ps, buf, rc, 0, maxInterval);
} while (wc == rc);
PR_Close(ps);
+ if (requestFile) {
+ PR_Close(std_in);
+ }
}
#endif
@@ -844,7 +855,7 @@ separateReqHeader(const PRFileDesc *outFd, const char *buf, const int nb,
} else if (((c) >= 'A') && ((c) <= 'F')) { \
i = (c) - 'A' + 10; \
} else { \
- Usage(progName); \
+ Usage(); \
}
static SECStatus
@@ -915,22 +926,22 @@ char *hs1SniHostName = NULL;
char *hs2SniHostName = NULL;
PRUint16 portno = 443;
int override = 0;
-char *requestString = NULL;
-PRInt32 requestStringLen = 0;
-PRBool requestSent = PR_FALSE;
PRBool enableZeroRtt = PR_FALSE;
+PRUint8 *zeroRttData;
+unsigned int zeroRttLen = 0;
PRBool enableAltServerHello = PR_FALSE;
PRBool useDTLS = PR_FALSE;
PRBool actAsServer = PR_FALSE;
PRBool stopAfterHandshake = PR_FALSE;
PRBool requestToExit = PR_FALSE;
char *versionString = NULL;
+PRBool handshakeComplete = PR_FALSE;
static int
-writeBytesToServer(PRFileDesc *s, const char *buf, int nb)
+writeBytesToServer(PRFileDesc *s, const PRUint8 *buf, int nb)
{
SECStatus rv;
- const char *bufp = buf;
+ const PRUint8 *bufp = buf;
PRPollDesc pollDesc;
pollDesc.in_flags = PR_POLL_WRITE | PR_POLL_EXCEPT;
@@ -944,12 +955,20 @@ writeBytesToServer(PRFileDesc *s, const char *buf, int nb)
if (cc < 0) {
PRErrorCode err = PR_GetError();
if (err != PR_WOULD_BLOCK_ERROR) {
- SECU_PrintError(progName,
- "write to SSL socket failed");
+ SECU_PrintError(progName, "write to SSL socket failed");
return 254;
}
cc = 0;
}
+ FPRINTF(stderr, "%s: %d bytes written\n", progName, cc);
+ if (enableZeroRtt && !handshakeComplete) {
+ if (zeroRttLen + cc > ZERO_RTT_MAX) {
+ SECU_PrintError(progName, "too much early data to save");
+ return -1;
+ }
+ PORT_Memcpy(zeroRttData + zeroRttLen, bufp, cc);
+ zeroRttLen += cc;
+ }
bufp += cc;
nb -= cc;
if (nb <= 0)
@@ -969,8 +988,7 @@ writeBytesToServer(PRFileDesc *s, const char *buf, int nb)
progName);
cc = PR_Poll(&pollDesc, 1, PR_INTERVAL_NO_TIMEOUT);
if (cc < 0) {
- SECU_PrintError(progName,
- "PR_Poll failed");
+ SECU_PrintError(progName, "PR_Poll failed");
return -1;
}
FPRINTF(stderr,
@@ -993,7 +1011,7 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
SSL_ReHandshake(fd, (renegotiationsToDo < 2));
++renegotiationsDone;
}
- if (requestString && requestSent) {
+ if (zeroRttLen) {
/* This data was sent in 0-RTT. */
SSLChannelInfo info;
SECStatus rv;
@@ -1003,29 +1021,30 @@ handshakeCallback(PRFileDesc *fd, void *client_data)
return;
if (!info.earlyDataAccepted) {
- FPRINTF(stderr, "Early data rejected. Re-sending\n");
- writeBytesToServer(fd, requestString, requestStringLen);
+ FPRINTF(stderr, "Early data rejected. Re-sending %d bytes\n",
+ zeroRttLen);
+ writeBytesToServer(fd, zeroRttData, zeroRttLen);
+ zeroRttLen = 0;
}
}
if (stopAfterHandshake) {
requestToExit = PR_TRUE;
}
+ handshakeComplete = PR_TRUE;
}
-#define REQUEST_WAITING (requestString && !requestSent)
-
static SECStatus
-installServerCertificate(PRFileDesc *s, char *nickname)
+installServerCertificate(PRFileDesc *s, char *nick)
{
CERTCertificate *cert;
SECKEYPrivateKey *privKey = NULL;
- if (!nickname) {
+ if (!nick) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- cert = PK11_FindCertFromNickname(nickname, &pwdata);
+ cert = PK11_FindCertFromNickname(nick, &pwdata);
if (cert == NULL) {
return SECFailure;
}
@@ -1129,20 +1148,19 @@ connectToServer(PRFileDesc *s, PRPollDesc *pollset)
}
static int
-run(void)
+run()
{
int headerSeparatorPtrnId = 0;
int error = 0;
SECStatus rv;
PRStatus status;
PRInt32 filesReady;
- int npds;
PRFileDesc *s = NULL;
PRFileDesc *std_out;
- PRPollDesc pollset[2];
+ PRPollDesc pollset[2] = { { 0 }, { 0 } };
PRBool wrStarted = PR_FALSE;
- requestSent = PR_FALSE;
+ handshakeComplete = PR_FALSE;
/* Create socket */
if (useDTLS) {
@@ -1225,19 +1243,18 @@ run(void)
cipherString++;
} else {
if (!isalpha(ndx))
- Usage(progName);
+ Usage();
ndx = tolower(ndx) - 'a';
if (ndx < PR_ARRAY_SIZE(ssl3CipherSuites)) {
cipher = ssl3CipherSuites[ndx];
}
}
if (cipher > 0) {
- SECStatus status;
- status = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
- if (status != SECSuccess)
+ rv = SSL_CipherPrefSet(s, cipher, SSL_ALLOWED);
+ if (rv != SECSuccess)
SECU_PrintError(progName, "SSL_CipherPrefSet()");
} else {
- Usage(progName);
+ Usage();
}
}
PORT_Free(cstringSaved);
@@ -1394,7 +1411,6 @@ run(void)
/* Try to connect to the server */
rv = connectToServer(s, pollset);
if (rv != SECSuccess) {
- ;
error = 1;
goto done;
}
@@ -1406,13 +1422,18 @@ run(void)
pollset[SSOCK_FD].in_flags |= (clientSpeaksFirst ? 0 : PR_POLL_READ);
else
pollset[SSOCK_FD].in_flags |= PR_POLL_READ;
- pollset[STDIN_FD].fd = PR_GetSpecialFD(PR_StandardInput);
- if (!REQUEST_WAITING) {
- pollset[STDIN_FD].in_flags = PR_POLL_READ;
- npds = 2;
+ if (requestFile) {
+ pollset[STDIN_FD].fd = PR_Open(requestFile, PR_RDONLY, 0);
+ if (!pollset[STDIN_FD].fd) {
+ fprintf(stderr, "%s: unable to open input file: %s\n",
+ progName, requestFile);
+ error = 1;
+ goto done;
+ }
} else {
- npds = 1;
+ pollset[STDIN_FD].fd = PR_GetSpecialFD(PR_StandardInput);
}
+ pollset[STDIN_FD].in_flags = PR_POLL_READ;
std_out = PR_GetSpecialFD(PR_StandardOutput);
#if defined(WIN32) || defined(OS2)
@@ -1458,10 +1479,9 @@ run(void)
requestToExit = PR_FALSE;
FPRINTF(stderr, "%s: ready...\n", progName);
while (!requestToExit &&
- ((pollset[SSOCK_FD].in_flags | pollset[STDIN_FD].in_flags) ||
- REQUEST_WAITING)) {
- char buf[4000]; /* buffer for stdin */
- int nb; /* num bytes read from stdin. */
+ (pollset[SSOCK_FD].in_flags || pollset[STDIN_FD].in_flags)) {
+ PRUint8 buf[4000]; /* buffer for stdin */
+ int nb; /* num bytes read from stdin. */
rv = restartHandshakeAfterServerCertIfNeeded(s, &serverCertAuth,
override);
@@ -1475,7 +1495,8 @@ run(void)
pollset[STDIN_FD].out_flags = 0;
FPRINTF(stderr, "%s: about to call PR_Poll !\n", progName);
- filesReady = PR_Poll(pollset, npds, PR_INTERVAL_NO_TIMEOUT);
+ filesReady = PR_Poll(pollset, PR_ARRAY_SIZE(pollset),
+ PR_INTERVAL_NO_TIMEOUT);
if (filesReady < 0) {
SECU_PrintError(progName, "select failed");
error = 1;
@@ -1497,14 +1518,6 @@ run(void)
"%s: PR_Poll returned 0x%02x for socket out_flags.\n",
progName, pollset[SSOCK_FD].out_flags);
}
- if (REQUEST_WAITING) {
- error = writeBytesToServer(s, requestString, requestStringLen);
- if (error) {
- goto done;
- }
- requestSent = PR_TRUE;
- pollset[SSOCK_FD].in_flags = PR_POLL_READ;
- }
if (pollset[STDIN_FD].out_flags & PR_POLL_READ) {
/* Read from stdin and write to socket */
nb = PR_Read(pollset[STDIN_FD].fd, buf, sizeof(buf));
@@ -1518,6 +1531,8 @@ run(void)
} else if (nb == 0) {
/* EOF on stdin, stop polling stdin for read. */
pollset[STDIN_FD].in_flags = 0;
+ if (actAsServer)
+ requestToExit = PR_TRUE;
} else {
error = writeBytesToServer(s, buf, nb);
if (error) {
@@ -1532,12 +1547,12 @@ run(void)
"%s: PR_Poll returned 0x%02x for socket out_flags.\n",
progName, pollset[SSOCK_FD].out_flags);
}
- if ((pollset[SSOCK_FD].out_flags & PR_POLL_READ) ||
- (pollset[SSOCK_FD].out_flags & PR_POLL_ERR)
#ifdef PR_POLL_HUP
- || (pollset[SSOCK_FD].out_flags & PR_POLL_HUP)
+#define POLL_RECV_FLAGS (PR_POLL_READ | PR_POLL_ERR | PR_POLL_HUP)
+#else
+#define POLL_RECV_FLAGS (PR_POLL_READ | PR_POLL_ERR)
#endif
- ) {
+ if (pollset[SSOCK_FD].out_flags & POLL_RECV_FLAGS) {
/* Read from socket and write to stdout */
nb = PR_Recv(pollset[SSOCK_FD].fd, buf, sizeof buf, 0, maxInterval);
FPRINTF(stderr, "%s: Read from server %d bytes\n", progName, nb);
@@ -1554,7 +1569,7 @@ run(void)
if (skipProtoHeader != PR_TRUE || wrStarted == PR_TRUE) {
PR_Write(std_out, buf, nb);
} else {
- separateReqHeader(std_out, buf, nb, &wrStarted,
+ separateReqHeader(std_out, (char *)buf, nb, &wrStarted,
&headerSeparatorPtrnId);
}
if (verbose)
@@ -1568,42 +1583,10 @@ done:
if (s) {
PR_Close(s);
}
-
- return error;
-}
-
-PRInt32
-ReadFile(const char *filename, char **data)
-{
- char *ret = NULL;
- char buf[8192];
- unsigned int len = 0;
- PRStatus rv;
-
- PRFileDesc *fd = PR_Open(filename, PR_RDONLY, 0);
- if (!fd)
- return -1;
-
- for (;;) {
- rv = PR_Read(fd, buf, sizeof(buf));
- if (rv < 0) {
- PR_Free(ret);
- return rv;
- }
-
- if (!rv)
- break;
-
- ret = PR_Realloc(ret, len + rv);
- if (!ret) {
- return -1;
- }
- PORT_Memcpy(ret + len, buf, rv);
- len += rv;
+ if (requestFile && pollset[STDIN_FD].fd) {
+ PR_Close(pollset[STDIN_FD].fd);
}
-
- *data = ret;
- return len;
+ return error;
}
int
@@ -1653,26 +1636,22 @@ main(int argc, char **argv)
switch (optstate->option) {
case '?':
default:
- Usage(progName);
+ Usage();
break;
case '4':
allowIPv6 = PR_FALSE;
if (!allowIPv4)
- Usage(progName);
+ Usage();
break;
case '6':
allowIPv4 = PR_FALSE;
if (!allowIPv6)
- Usage(progName);
+ Usage();
break;
case 'A':
- requestStringLen = ReadFile(optstate->value, &requestString);
- if (requestStringLen < 0) {
- fprintf(stderr, "Couldn't read file %s\n", optstate->value);
- exit(1);
- }
+ requestFile = PORT_Strdup(optstate->value);
break;
case 'C':
@@ -1735,7 +1714,7 @@ main(int argc, char **argv)
actAsServer = 1;
} else {
if (strcmp(optstate->value, "client")) {
- Usage(progName);
+ Usage();
}
}
break;
@@ -1768,16 +1747,21 @@ main(int argc, char **argv)
if (!strcmp(optstate->value, "alt-server-hello")) {
enableAltServerHello = PR_TRUE;
} else {
- Usage(progName);
+ Usage();
}
break;
case 'Y':
- PrintCipherUsage(progName);
+ PrintCipherUsage();
exit(0);
break;
case 'Z':
enableZeroRtt = PR_TRUE;
+ zeroRttData = PORT_ZAlloc(ZERO_RTT_MAX);
+ if (!zeroRttData) {
+ fprintf(stderr, "Unable to allocate buffer for 0-RTT\n");
+ exit(1);
+ }
break;
case 'a':
@@ -1786,7 +1770,7 @@ main(int argc, char **argv)
} else if (!hs2SniHostName) {
hs2SniHostName = PORT_Strdup(optstate->value);
} else {
- Usage(progName);
+ Usage();
}
break;
@@ -1875,7 +1859,7 @@ main(int argc, char **argv)
if (rv != SECSuccess) {
PL_DestroyOptState(optstate);
fprintf(stderr, "Bad group specified.\n");
- Usage(progName);
+ Usage();
}
break;
}
@@ -1889,18 +1873,18 @@ main(int argc, char **argv)
enabledVersions, &enabledVersions) !=
SECSuccess) {
fprintf(stderr, "Bad version specified.\n");
- Usage(progName);
+ Usage();
}
PORT_Free(versionString);
}
if (optstatus == PL_OPT_BAD) {
- Usage(progName);
+ Usage();
}
if (!host || !portno) {
fprintf(stderr, "%s: parameters -h and -p are mandatory\n", progName);
- Usage(progName);
+ Usage();
}
if (serverCertAuth.testFreshStatusFromSideChannel &&
@@ -2060,20 +2044,13 @@ done:
PR_Close(s);
}
- if (hs1SniHostName) {
- PORT_Free(hs1SniHostName);
- }
- if (hs2SniHostName) {
- PORT_Free(hs2SniHostName);
- }
- if (nickname) {
- PORT_Free(nickname);
- }
- if (pwdata.data) {
- PORT_Free(pwdata.data);
- }
+ PORT_Free((void *)requestFile);
+ PORT_Free(hs1SniHostName);
+ PORT_Free(hs2SniHostName);
+ PORT_Free(nickname);
+ PORT_Free(pwdata.data);
PORT_Free(host);
- PORT_Free(requestString);
+ PORT_Free(zeroRttData);
if (enabledGroups) {
PORT_Free(enabledGroups);
diff --git a/security/nss/cmd/vfyserv/vfyserv.c b/security/nss/cmd/vfyserv/vfyserv.c
index aa648ad8c..4234ecd09 100644
--- a/security/nss/cmd/vfyserv/vfyserv.c
+++ b/security/nss/cmd/vfyserv/vfyserv.c
@@ -327,9 +327,7 @@ do_connects(void *a, int connection)
}
void
-client_main(unsigned short port,
- int connections,
- const char *hostName)
+client_main(int connections)
{
int i;
SECStatus secStatus;
@@ -553,7 +551,7 @@ main(int argc, char **argv)
}
}
- client_main(port, connections, hostName);
+ client_main(connections);
cleanup:
if (doOcspCheck) {
diff --git a/security/nss/cmd/vfyserv/vfyutil.c b/security/nss/cmd/vfyserv/vfyutil.c
index 2f1b53262..d3d8a206e 100644
--- a/security/nss/cmd/vfyserv/vfyutil.c
+++ b/security/nss/cmd/vfyserv/vfyutil.c
@@ -310,13 +310,13 @@ myHandshakeCallback(PRFileDesc *socket, void *arg)
void
disableAllSSLCiphers(void)
{
- const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
+ const PRUint16 *allSuites = SSL_ImplementedCiphers;
int i = SSL_NumImplementedCiphers;
SECStatus rv;
/* disable all the SSL3 cipher suites */
while (--i >= 0) {
- PRUint16 suite = cipherSuites[i];
+ PRUint16 suite = allSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
if (rv != SECSuccess) {
fprintf(stderr,