summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-11-04 13:31:30 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-11-04 13:31:30 +0100
commitc5c44d12073791bb1150445ce48bc57fccbb544d (patch)
tree9d7704d17cb06f886b0943d1508c9ff08f4b9570 /security
parenta63272b5303b7aef467e974c630f745146fb983a (diff)
parentbbc2206a0fda053a6f5071b457bd209dab9ed268 (diff)
downloadUXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar
UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.gz
UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.lz
UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.tar.xz
UXP-c5c44d12073791bb1150445ce48bc57fccbb544d.zip
Merge branch 'master' into certexception-work
Diffstat (limited to 'security')
-rw-r--r--security/manager/ssl/nsISiteSecurityService.idl12
-rw-r--r--security/manager/ssl/nsSiteSecurityService.cpp31
-rw-r--r--security/nss/coreconf/coreconf.dep1
-rw-r--r--security/nss/lib/dbm/include/extern.h48
-rw-r--r--security/nss/lib/dbm/include/hash.h50
-rw-r--r--security/nss/lib/dbm/include/mcom_db.h24
-rw-r--r--security/nss/lib/dbm/include/ncompat.h6
-rw-r--r--security/nss/lib/dbm/src/db.c25
-rw-r--r--security/nss/lib/dbm/src/h_bigkey.c61
-rw-r--r--security/nss/lib/dbm/src/h_func.c3
-rw-r--r--security/nss/lib/dbm/src/h_log2.c3
-rw-r--r--security/nss/lib/dbm/src/h_page.c77
-rw-r--r--security/nss/lib/dbm/src/hash.c71
-rw-r--r--security/nss/lib/dbm/src/hash_buf.c25
-rw-r--r--security/nss/lib/freebl/chacha20poly1305.c5
-rw-r--r--security/nss/lib/freebl/ctr.c12
-rw-r--r--security/nss/lib/freebl/gcm.c6
-rw-r--r--security/nss/lib/freebl/intel-gcm-wrap.c22
-rw-r--r--security/nss/lib/freebl/rsapkcs.c20
-rw-r--r--security/nss/lib/nss/nss.h4
-rw-r--r--security/nss/lib/softoken/pkcs11c.c33
-rw-r--r--security/nss/lib/softoken/softkver.h4
-rw-r--r--security/nss/lib/util/nssutil.h4
23 files changed, 315 insertions, 232 deletions
diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl
index 753f32b57..b61577152 100644
--- a/security/manager/ssl/nsISiteSecurityService.idl
+++ b/security/manager/ssl/nsISiteSecurityService.idl
@@ -23,7 +23,7 @@ namespace mozilla
[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
[ref] native mozillaPkixTime(mozilla::pkix::Time);
-[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
+[scriptable, uuid(233908bd-6741-4474-a6e1-f298c6ce9eaf)]
interface nsISiteSecurityService : nsISupports
{
const uint32_t HEADER_HSTS = 0;
@@ -98,15 +98,21 @@ interface nsISiteSecurityService : nsISupports
* Given a header type, removes state relating to that header of a host,
* including the includeSubdomains state that would affect subdomains.
* This essentially removes the state for the domain tree rooted at this
- * host.
+ * host. If any preloaded information is present for that host, that
+ * information will then be used instead of any other previously existing
+ * state, unless the force parameter is set.
+ *
* @param aType the type of security state in question
* @param aURI the URI of the target host
* @param aFlags options for this request as defined in nsISocketProvider:
* NO_PERMANENT_STORAGE
+ * @param force if set, forces no-HSTS state by writing a knockout value,
+ * overriding any preload list state
*/
void removeState(in uint32_t aType,
in nsIURI aURI,
- in uint32_t aFlags);
+ in uint32_t aFlags,
+ [optional] in boolean force);
/**
* See isSecureURI
diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp
index cfee79d8d..44ee7dcc0 100644
--- a/security/manager/ssl/nsSiteSecurityService.cpp
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -330,21 +330,22 @@ nsSiteSecurityService::SetHSTSState(uint32_t aType,
uint32_t flags,
SecurityPropertyState aHSTSState)
{
- // If max-age is zero, that's an indication to immediately remove the
- // security state, so here's a shortcut.
- if (!maxage) {
- return RemoveState(aType, aSourceURI, flags);
+ // Exit early if STS not enabled
+ if (!mUseStsService) {
+ return NS_OK;
+ }
+
+ // If max-age is zero, the host is no longer considered HSTS. If the host was
+ // preloaded, we store an entry indicating that this host is not HSTS, causing
+ // the preloaded information to be ignored.
+ if (maxage == 0) {
+ return RemoveState(aType, aSourceURI, flags, true);
}
MOZ_ASSERT((aHSTSState == SecurityPropertySet ||
aHSTSState == SecurityPropertyNegative),
"HSTS State must be SecurityPropertySet or SecurityPropertyNegative");
- // Exit early if STS not enabled
- if (!mUseStsService) {
- return NS_OK;
- }
-
int64_t expiretime = ExpireTimeFromMaxAge(maxage);
SiteHSTSState siteState(expiretime, aHSTSState, includeSubdomains);
nsAutoCString stateString;
@@ -367,7 +368,7 @@ nsSiteSecurityService::SetHSTSState(uint32_t aType,
NS_IMETHODIMP
nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI,
- uint32_t aFlags)
+ uint32_t aFlags, bool force = false)
{
// Child processes are not allowed direct access to this.
if (!XRE_IsParentProcess()) {
@@ -387,8 +388,9 @@ nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI,
mozilla::DataStorageType storageType = isPrivate
? mozilla::DataStorage_Private
: mozilla::DataStorage_Persistent;
- // If this host is in the preload list, we have to store a knockout entry.
- if (GetPreloadListEntry(hostname.get())) {
+ // If this host is in the preload list, we have to store a knockout entry
+ // if it's explicitly forced to not be HSTS anymore
+ if (force && GetPreloadListEntry(hostname.get())) {
SSSLOG(("SSS: storing knockout entry for %s", hostname.get()));
SiteHSTSState siteState(0, SecurityPropertyKnockout, false);
nsAutoCString stateString;
@@ -769,7 +771,10 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
return NS_ERROR_FAILURE;
}
- // if maxAge == 0 we must delete all state, for now no hole-punching
+ // If maxAge == 0, we remove dynamic HPKP state for this host. Due to
+ // architectural constraints, if this host was preloaded, any future lookups
+ // will use the preloaded state (i.e. we can't store a "this host is not HPKP"
+ // entry like we can for HSTS).
if (maxAge == 0) {
return RemoveState(aType, aSourceURI, aFlags);
}
diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep
index 5182f7555..590d1bfae 100644
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -10,3 +10,4 @@
*/
#error "Do not include this header file."
+
diff --git a/security/nss/lib/dbm/include/extern.h b/security/nss/lib/dbm/include/extern.h
index 897369fb8..4fbdc2d80 100644
--- a/security/nss/lib/dbm/include/extern.h
+++ b/security/nss/lib/dbm/include/extern.h
@@ -31,32 +31,32 @@
* @(#)extern.h 8.4 (Berkeley) 6/16/94
*/
-BUFHEAD *__add_ovflpage(HTAB *, BUFHEAD *);
-int __addel(HTAB *, BUFHEAD *, const DBT *, const DBT *);
-int __big_delete(HTAB *, BUFHEAD *);
-int __big_insert(HTAB *, BUFHEAD *, const DBT *, const DBT *);
-int __big_keydata(HTAB *, BUFHEAD *, DBT *, DBT *, int);
-int __big_return(HTAB *, BUFHEAD *, int, DBT *, int);
-int __big_split(HTAB *, BUFHEAD *, BUFHEAD *, BUFHEAD *,
- uint32, uint32, SPLIT_RETURN *);
-int __buf_free(HTAB *, int, int);
-void __buf_init(HTAB *, int);
-uint32 __call_hash(HTAB *, char *, size_t);
-int __delpair(HTAB *, BUFHEAD *, int);
-int __expand_table(HTAB *);
-int __find_bigpair(HTAB *, BUFHEAD *, int, char *, int);
-uint16 __find_last_page(HTAB *, BUFHEAD **);
-void __free_ovflpage(HTAB *, BUFHEAD *);
-BUFHEAD *__get_buf(HTAB *, uint32, BUFHEAD *, int);
-int __get_page(HTAB *, char *, uint32, int, int, int);
-int __ibitmap(HTAB *, int, int, int);
-uint32 __log2(uint32);
-int __put_page(HTAB *, char *, uint32, int, int);
-void __reclaim_buf(HTAB *, BUFHEAD *);
-int __split_page(HTAB *, uint32, uint32);
+BUFHEAD *dbm_add_ovflpage(HTAB *, BUFHEAD *);
+int dbm_addel(HTAB *, BUFHEAD *, const DBT *, const DBT *);
+int dbm_big_delete(HTAB *, BUFHEAD *);
+int dbm_big_insert(HTAB *, BUFHEAD *, const DBT *, const DBT *);
+int dbm_big_keydata(HTAB *, BUFHEAD *, DBT *, DBT *, int);
+int dbm_big_return(HTAB *, BUFHEAD *, int, DBT *, int);
+int dbm_big_split(HTAB *, BUFHEAD *, BUFHEAD *, BUFHEAD *,
+ uint32, uint32, SPLIT_RETURN *);
+int dbm_buf_free(HTAB *, int, int);
+void dbm_buf_init(HTAB *, int);
+uint32 dbm_call_hash(HTAB *, char *, size_t);
+int dbm_delpair(HTAB *, BUFHEAD *, int);
+int dbm_expand_table(HTAB *);
+int dbm_find_bigpair(HTAB *, BUFHEAD *, int, char *, int);
+uint16 dbm_find_last_page(HTAB *, BUFHEAD **);
+void dbm_free_ovflpage(HTAB *, BUFHEAD *);
+BUFHEAD *dbm_get_buf(HTAB *, uint32, BUFHEAD *, int);
+int dbm_get_page(HTAB *, char *, uint32, int, int, int);
+int dbm_ibitmap(HTAB *, int, int, int);
+uint32 dbm_log2(uint32);
+int dbm_put_page(HTAB *, char *, uint32, int, int);
+void dbm_reclaim_buf(HTAB *, BUFHEAD *);
+int dbm_split_page(HTAB *, uint32, uint32);
/* Default hash routine. */
-extern uint32 (*__default_hash)(const void *, size_t);
+extern uint32 (*dbm_default_hash)(const void *, size_t);
#ifdef HASH_STATISTICS
extern int hash_accesses, hash_collisions, hash_expansions, hash_overflows;
diff --git a/security/nss/lib/dbm/include/hash.h b/security/nss/lib/dbm/include/hash.h
index 7da51dc64..0ce3c3ff2 100644
--- a/security/nss/lib/dbm/include/hash.h
+++ b/security/nss/lib/dbm/include/hash.h
@@ -190,7 +190,7 @@ typedef struct htab { /* Memory resident data structure */
#define OADDR_OF(S, O) ((uint32)((uint32)(S) << SPLITSHIFT) + (O))
#define BUCKET_TO_PAGE(B) \
- (B) + hashp->HDRPAGES + ((B) ? hashp->SPARES[__log2((uint32)((B) + 1)) - 1] : 0)
+ (B) + hashp->HDRPAGES + ((B) ? hashp->SPARES[dbm_log2((uint32)((B) + 1)) - 1] : 0)
#define OADDR_TO_PAGE(B) \
BUCKET_TO_PAGE((1 << SPLITNUM((B))) - 1) + OPAGENUM((B));
@@ -314,28 +314,28 @@ typedef struct htab { /* Memory resident data structure */
#define NEXT_FREE hdr.next_free
#define H_CHARKEY hdr.h_charkey
-extern uint32 (*__default_hash)(const void *, size_t);
-void __buf_init(HTAB *hashp, int32 nbytes);
-int __big_delete(HTAB *hashp, BUFHEAD *bufp);
-BUFHEAD *__get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage);
-uint32 __call_hash(HTAB *hashp, char *k, size_t len);
+extern uint32 (*dbm_default_hash)(const void *, size_t);
+void dbm_buf_init(HTAB *hashp, int32 nbytes);
+int dbm_big_delete(HTAB *hashp, BUFHEAD *bufp);
+BUFHEAD *dbm_get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage);
+uint32 dbm_call_hash(HTAB *hashp, char *k, size_t len);
#include "page.h"
-extern int __big_split(HTAB *hashp, BUFHEAD *op, BUFHEAD *np,
- BUFHEAD *big_keyp, uint32 addr, uint32 obucket, SPLIT_RETURN *ret);
-void __free_ovflpage(HTAB *hashp, BUFHEAD *obufp);
-BUFHEAD *__add_ovflpage(HTAB *hashp, BUFHEAD *bufp);
-int __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val);
-int __expand_table(HTAB *hashp);
-uint32 __log2(uint32 num);
-void __reclaim_buf(HTAB *hashp, BUFHEAD *bp);
-int __get_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_disk, int is_bitmap);
-int __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap);
-int __ibitmap(HTAB *hashp, int pnum, int nbits, int ndx);
-int __buf_free(HTAB *hashp, int do_free, int to_disk);
-int __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size);
-uint16 __find_last_page(HTAB *hashp, BUFHEAD **bpp);
-int __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val);
-int __big_return(HTAB *hashp, BUFHEAD *bufp, int ndx, DBT *val, int set_current);
-int __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx);
-int __big_keydata(HTAB *hashp, BUFHEAD *bufp, DBT *key, DBT *val, int set);
-int __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket);
+extern int dbm_big_split(HTAB *hashp, BUFHEAD *op, BUFHEAD *np,
+ BUFHEAD *big_keyp, uint32 addr, uint32 obucket, SPLIT_RETURN *ret);
+void dbm_free_ovflpage(HTAB *hashp, BUFHEAD *obufp);
+BUFHEAD *dbm_add_ovflpage(HTAB *hashp, BUFHEAD *bufp);
+int dbm_big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val);
+int dbm_expand_table(HTAB *hashp);
+uint32 dbm_log2(uint32 num);
+void dbm_reclaim_buf(HTAB *hashp, BUFHEAD *bp);
+int dbm_get_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_disk, int is_bitmap);
+int dbm_put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap);
+int dbm_ibitmap(HTAB *hashp, int pnum, int nbits, int ndx);
+int dbm_buf_free(HTAB *hashp, int do_free, int to_disk);
+int dbm_find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size);
+uint16 dbm_find_last_page(HTAB *hashp, BUFHEAD **bpp);
+int dbm_addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val);
+int dbm_big_return(HTAB *hashp, BUFHEAD *bufp, int ndx, DBT *val, int set_current);
+int dbm_delpair(HTAB *hashp, BUFHEAD *bufp, int ndx);
+int dbm_big_keydata(HTAB *hashp, BUFHEAD *bufp, DBT *key, DBT *val, int set);
+int dbm_split_page(HTAB *hashp, uint32 obucket, uint32 nbucket);
diff --git a/security/nss/lib/dbm/include/mcom_db.h b/security/nss/lib/dbm/include/mcom_db.h
index 0a4f6dc14..e961dd1b4 100644
--- a/security/nss/lib/dbm/include/mcom_db.h
+++ b/security/nss/lib/dbm/include/mcom_db.h
@@ -287,16 +287,16 @@ typedef enum { LockOutDatabase,
#endif
/* Access method description structure. */
-typedef struct __db {
+typedef struct dbm_db {
DBTYPE type; /* Underlying db type. */
- int (*close)(struct __db *);
- int (*del)(const struct __db *, const DBT *, uint);
- int (*get)(const struct __db *, const DBT *, DBT *, uint);
- int (*put)(const struct __db *, DBT *, const DBT *, uint);
- int (*seq)(const struct __db *, DBT *, DBT *, uint);
- int (*sync)(const struct __db *, uint);
+ int (*close)(struct dbm_db *);
+ int (*del)(const struct dbm_db *, const DBT *, uint);
+ int (*get)(const struct dbm_db *, const DBT *, DBT *, uint);
+ int (*put)(const struct dbm_db *, DBT *, const DBT *, uint);
+ int (*seq)(const struct dbm_db *, DBT *, DBT *, uint);
+ int (*sync)(const struct dbm_db *, uint);
void *internal; /* Access method private. */
- int (*fd)(const struct __db *);
+ int (*fd)(const struct dbm_db *);
} DB;
#define BTREEMAGIC 0x053162
@@ -412,10 +412,10 @@ dbopen(const char *, int, int, DBTYPE, const void *);
void dbSetOrClearDBLock(DBLockFlagEnum type);
#ifdef __DBINTERFACE_PRIVATE
-DB *__bt_open(const char *, int, int, const BTREEINFO *, int);
-DB *__hash_open(const char *, int, int, const HASHINFO *, int);
-DB *__rec_open(const char *, int, int, const RECNOINFO *, int);
-void __dbpanic(DB *dbp);
+DB *dbm_bt_open(const char *, int, int, const BTREEINFO *, int);
+DB *dbm_hash_open(const char *, int, int, const HASHINFO *, int);
+DB *dbm_rec_open(const char *, int, int, const RECNOINFO *, int);
+void dbm_dbpanic(DB *dbp);
#endif
PR_END_EXTERN_C
diff --git a/security/nss/lib/dbm/include/ncompat.h b/security/nss/lib/dbm/include/ncompat.h
index 9fd434799..f9f631622 100644
--- a/security/nss/lib/dbm/include/ncompat.h
+++ b/security/nss/lib/dbm/include/ncompat.h
@@ -89,13 +89,13 @@ typedef unsigned int sigset_t;
#define SIG_UNBLOCK 2
#define SIG_SETMASK 3
-static int __sigtemp; /* For the use of sigprocmask */
+static int dbm_sigtemp; /* For the use of sigprocmask */
/* Repeated test of oset != NULL is to avoid "*0". */
#define sigprocmask(how, set, oset) \
- ((__sigtemp = \
+ ((dbm_sigtemp = \
(((how) == SIG_BLOCK) ? sigblock(0) | *(set) : (((how) == SIG_UNBLOCK) ? sigblock(0) & ~(*(set)) : ((how) == SIG_SETMASK ? *(set) : sigblock(0))))), \
- ((oset) ? (*(oset ? oset : set) = sigsetmask(__sigtemp)) : sigsetmask(__sigtemp)), 0)
+ ((oset) ? (*(oset ? oset : set) = sigsetmask(dbm_sigtemp)) : sigsetmask(dbm_sigtemp)), 0)
#endif
/*
diff --git a/security/nss/lib/dbm/src/db.c b/security/nss/lib/dbm/src/db.c
index 5c35bbd48..4b5810760 100644
--- a/security/nss/lib/dbm/src/db.c
+++ b/security/nss/lib/dbm/src/db.c
@@ -92,16 +92,16 @@ dbopen(const char *fname, int flags, int mode, DBTYPE type, const void *openinfo
/* we don't need btree and recno right now */
#if 0
case DB_BTREE:
- return (__bt_open(fname, flags & USE_OPEN_FLAGS,
+ return (dbm_bt_open(fname, flags & USE_OPEN_FLAGS,
mode, openinfo, flags & DB_FLAGS));
case DB_RECNO:
- return (__rec_open(fname, flags & USE_OPEN_FLAGS,
+ return (dbm_rec_open(fname, flags & USE_OPEN_FLAGS,
mode, openinfo, flags & DB_FLAGS));
#endif
case DB_HASH:
- return (__hash_open(fname, flags & USE_OPEN_FLAGS,
- mode, (const HASHINFO *)openinfo, flags & DB_FLAGS));
+ return (dbm_hash_open(fname, flags & USE_OPEN_FLAGS,
+ mode, (const HASHINFO *)openinfo, flags & DB_FLAGS));
default:
break;
}
@@ -110,7 +110,7 @@ dbopen(const char *fname, int flags, int mode, DBTYPE type, const void *openinfo
}
static int
-__dberr()
+dbm_dberr()
{
return (RET_ERROR);
}
@@ -122,13 +122,14 @@ __dberr()
* dbp: pointer to the DB structure.
*/
void
-__dbpanic(DB *dbp)
+dbm_dbpanic(DB *dbp)
{
/* The only thing that can succeed is a close. */
- dbp->del = (int (*)(const struct __db *, const DBT *, uint))__dberr;
- dbp->fd = (int (*)(const struct __db *))__dberr;
- dbp->get = (int (*)(const struct __db *, const DBT *, DBT *, uint))__dberr;
- dbp->put = (int (*)(const struct __db *, DBT *, const DBT *, uint))__dberr;
- dbp->seq = (int (*)(const struct __db *, DBT *, DBT *, uint))__dberr;
- dbp->sync = (int (*)(const struct __db *, uint))__dberr;
+ dbp->del = (int (*)(const struct dbm_db *, const DBT *, uint))dbm_dberr;
+ dbp->fd = (int (*)(const struct dbm_db *))dbm_dberr;
+ dbp->get = (int (*)(const struct dbm_db *, const DBT *, DBT *, uint))dbm_dberr;
+ dbp->put = (int (*)(const struct dbm_db *, DBT *, const DBT *, uint))dbm_dberr;
+ dbp->seq = (int (*)(const struct dbm_db *, DBT *, DBT *, uint))dbm_dberr;
+ dbp->sync = (int (*)(const struct dbm_db *, uint))dbm_dberr;
+
}
diff --git a/security/nss/lib/dbm/src/h_bigkey.c b/security/nss/lib/dbm/src/h_bigkey.c
index 6edfe7f5a..795c7a09d 100644
--- a/security/nss/lib/dbm/src/h_bigkey.c
+++ b/security/nss/lib/dbm/src/h_bigkey.c
@@ -85,7 +85,7 @@ static int collect_data(HTAB *, BUFHEAD *, int, int);
*-1 ==> ERROR
*/
extern int
-__big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
+dbm_big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
{
register uint16 *p;
uint key_size, n, val_size;
@@ -114,7 +114,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
FREESPACE(p) = off - PAGE_META(n);
OFFSET(p) = off;
p[n] = PARTIAL_KEY;
- bufp = __add_ovflpage(hashp, bufp);
+ bufp = dbm_add_ovflpage(hashp, bufp);
if (!bufp)
return (-1);
n = p[0];
@@ -158,7 +158,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
OFFSET(p) = off;
if (val_size) {
p[n] = FULL_KEY;
- bufp = __add_ovflpage(hashp, bufp);
+ bufp = dbm_add_ovflpage(hashp, bufp);
if (!bufp)
return (-1);
cp = bufp->page;
@@ -182,7 +182,7 @@ __big_insert(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
*-1 => ERROR
*/
extern int
-__big_delete(HTAB *hashp, BUFHEAD *bufp)
+dbm_big_delete(HTAB *hashp, BUFHEAD *bufp)
{
register BUFHEAD *last_bfp, *rbufp;
uint16 *bp, pageno;
@@ -207,9 +207,9 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp)
break;
pageno = bp[bp[0] - 1];
rbufp->flags |= BUF_MOD;
- rbufp = __get_buf(hashp, pageno, rbufp, 0);
+ rbufp = dbm_get_buf(hashp, pageno, rbufp, 0);
if (last_bfp)
- __free_ovflpage(hashp, last_bfp);
+ dbm_free_ovflpage(hashp, last_bfp);
last_bfp = rbufp;
if (!rbufp)
return (-1); /* Error. */
@@ -244,9 +244,9 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp)
bufp->flags |= BUF_MOD;
if (rbufp)
- __free_ovflpage(hashp, rbufp);
+ dbm_free_ovflpage(hashp, rbufp);
if (last_bfp != rbufp)
- __free_ovflpage(hashp, last_bfp);
+ dbm_free_ovflpage(hashp, last_bfp);
hashp->NKEYS--;
return (0);
@@ -259,7 +259,7 @@ __big_delete(HTAB *hashp, BUFHEAD *bufp)
* -3 error
*/
extern int
-__find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size)
+dbm_find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size)
{
register uint16 *bp;
register char *p;
@@ -279,7 +279,7 @@ __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size)
return (-2);
kkey += bytes;
ksize -= bytes;
- bufp = __get_buf(hashp, bp[ndx + 2], bufp, 0);
+ bufp = dbm_get_buf(hashp, bp[ndx + 2], bufp, 0);
if (!bufp)
return (-3);
p = bufp->page;
@@ -306,7 +306,7 @@ __find_bigpair(HTAB *hashp, BUFHEAD *bufp, int ndx, char *key, int size)
* bucket)
*/
extern uint16
-__find_last_page(HTAB *hashp, BUFHEAD **bpp)
+dbm_find_last_page(HTAB *hashp, BUFHEAD **bpp)
{
BUFHEAD *bufp;
uint16 *bp, pageno;
@@ -332,7 +332,7 @@ __find_last_page(HTAB *hashp, BUFHEAD **bpp)
return (0);
pageno = bp[n - 1];
- bufp = __get_buf(hashp, pageno, bufp, 0);
+ bufp = dbm_get_buf(hashp, pageno, bufp, 0);
if (!bufp)
return (0); /* Need to indicate an error! */
bp = (uint16 *)bufp->page;
@@ -350,7 +350,7 @@ __find_last_page(HTAB *hashp, BUFHEAD **bpp)
* index (index should always be 1).
*/
extern int
-__big_return(
+dbm_big_return(
HTAB *hashp,
BUFHEAD *bufp,
int ndx,
@@ -364,7 +364,7 @@ __big_return(
bp = (uint16 *)bufp->page;
while (bp[ndx + 1] == PARTIAL_KEY) {
- bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+ bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!bufp)
return (-1);
bp = (uint16 *)bufp->page;
@@ -372,7 +372,7 @@ __big_return(
}
if (bp[ndx + 1] == FULL_KEY) {
- bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+ bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!bufp)
return (-1);
bp = (uint16 *)bufp->page;
@@ -392,7 +392,7 @@ __big_return(
len = bp[1] - off;
save_p = bufp;
save_addr = bufp->addr;
- bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+ bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!bufp)
return (-1);
bp = (uint16 *)bufp->page;
@@ -409,8 +409,8 @@ __big_return(
hashp->cbucket++;
hashp->cndx = 1;
} else {
- hashp->cpage = __get_buf(hashp,
- bp[bp[0] - 1], bufp, 0);
+ hashp->cpage = dbm_get_buf(hashp,
+ bp[bp[0] - 1], bufp, 0);
if (!hashp->cpage)
return (-1);
hashp->cndx = 1;
@@ -470,7 +470,7 @@ collect_data(
save_bufp->flags |= BUF_PIN;
/* read the length of the buffer */
- for (totlen = len; bufp; bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0)) {
+ for (totlen = len; bufp; bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0)) {
bp = (uint16 *)bufp->page;
mylen = hashp->BSIZE - bp[1];
@@ -502,7 +502,7 @@ collect_data(
/* copy the buffers back into temp buf */
for (bufp = save_bufp; bufp;
- bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0)) {
+ bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0)) {
bp = (uint16 *)bufp->page;
mylen = hashp->BSIZE - bp[1];
memmove(&hashp->tmp_buf[len], (bufp->page) + bp[1], (size_t)mylen);
@@ -522,7 +522,7 @@ collect_data(
hashp->cpage = NULL;
hashp->cbucket++;
} else {
- hashp->cpage = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+ hashp->cpage = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!hashp->cpage)
return (-1);
else if (!((uint16 *)hashp->cpage->page)[0]) {
@@ -538,7 +538,7 @@ collect_data(
* Fill in the key and data for this big pair.
*/
extern int
-__big_keydata(
+dbm_big_keydata(
HTAB *hashp,
BUFHEAD *bufp,
DBT *key, DBT *val,
@@ -579,10 +579,10 @@ collect_key(
free(hashp->tmp_key);
if ((hashp->tmp_key = (char *)malloc((size_t)totlen)) == NULL)
return (-1);
- if (__big_return(hashp, bufp, 1, val, set))
+ if (dbm_big_return(hashp, bufp, 1, val, set))
return (-1);
} else {
- xbp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+ xbp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!xbp || ((totlen =
collect_key(hashp, xbp, totlen, val, set)) < 1))
return (-1);
@@ -601,7 +601,7 @@ collect_key(
* -1 => error
*/
extern int
-__big_split(
+dbm_big_split(
HTAB *hashp,
BUFHEAD *op, /* Pointer to where to put keys that go in old bucket */
BUFHEAD *np, /* Pointer to new bucket page */
@@ -621,13 +621,13 @@ __big_split(
bp = big_keyp;
/* Now figure out where the big key/data goes */
- if (__big_keydata(hashp, big_keyp, &key, &val, 0))
+ if (dbm_big_keydata(hashp, big_keyp, &key, &val, 0))
return (-1);
- change = (__call_hash(hashp, (char *)key.data, key.size) != obucket);
+ change = (dbm_call_hash(hashp, (char *)key.data, key.size) != obucket);
- if ((ret->next_addr = __find_last_page(hashp, &big_keyp))) {
+ if ((ret->next_addr = dbm_find_last_page(hashp, &big_keyp))) {
if (!(ret->nextp =
- __get_buf(hashp, ret->next_addr, big_keyp, 0)))
+ dbm_get_buf(hashp, ret->next_addr, big_keyp, 0)))
return (-1);
;
} else
@@ -692,7 +692,7 @@ __big_split(
tp[0] -= 2;
FREESPACE(tp) = free_space + OVFLSIZE;
OFFSET(tp) = off;
- tmpp = __add_ovflpage(hashp, big_keyp);
+ tmpp = dbm_add_ovflpage(hashp, big_keyp);
if (!tmpp)
return (-1);
tp[4] = n;
@@ -704,4 +704,5 @@ __big_split(
else
ret->oldp = tmpp;
return (0);
+
}
diff --git a/security/nss/lib/dbm/src/h_func.c b/security/nss/lib/dbm/src/h_func.c
index 0d8734e8b..897060992 100644
--- a/security/nss/lib/dbm/src/h_func.c
+++ b/security/nss/lib/dbm/src/h_func.c
@@ -52,7 +52,7 @@ static uint32 hash3(const void *, size_t);
static uint32 hash4(const void *, size_t);
/* Global default hash function */
-uint32 (*__default_hash)(const void *, size_t) = hash4;
+uint32 (*dbm_default_hash)(const void *, size_t) = hash4;
/*
* HASH FUNCTIONS
@@ -205,3 +205,4 @@ hash4(const void *keyarg, register size_t len)
}
return (h);
}
+
diff --git a/security/nss/lib/dbm/src/h_log2.c b/security/nss/lib/dbm/src/h_log2.c
index a42b51a99..0e91fd042 100644
--- a/security/nss/lib/dbm/src/h_log2.c
+++ b/security/nss/lib/dbm/src/h_log2.c
@@ -43,7 +43,7 @@ static char sccsid[] = "@(#)hash_log2.c 8.2 (Berkeley) 5/31/94";
#include "mcom_db.h"
uint32
-__log2(uint32 num)
+dbm_log2(uint32 num)
{
register uint32 i, limit;
@@ -51,4 +51,5 @@ __log2(uint32 num)
for (i = 0; limit < num; limit = limit << 1, i++) {
}
return (i);
+
}
diff --git a/security/nss/lib/dbm/src/h_page.c b/security/nss/lib/dbm/src/h_page.c
index e5623224b..e6f61c623 100644
--- a/security/nss/lib/dbm/src/h_page.c
+++ b/security/nss/lib/dbm/src/h_page.c
@@ -204,7 +204,7 @@ putpair(char *p, const DBT *key, DBT *val)
* -1 error
*/
extern int
-__delpair(HTAB *hashp, BUFHEAD *bufp, int ndx)
+dbm_delpair(HTAB *hashp, BUFHEAD *bufp, int ndx)
{
register uint16 *bp, newoff;
register int n;
@@ -214,7 +214,7 @@ __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx)
n = bp[0];
if (bp[ndx + 1] < REAL_KEY)
- return (__big_delete(hashp, bufp));
+ return (dbm_big_delete(hashp, bufp));
if (ndx != 1)
newoff = bp[ndx - 1];
else
@@ -277,7 +277,7 @@ __delpair(HTAB *hashp, BUFHEAD *bufp, int ndx)
* -1 ==> Error
*/
extern int
-__split_page(HTAB *hashp, uint32 obucket, uint32 nbucket)
+dbm_split_page(HTAB *hashp, uint32 obucket, uint32 nbucket)
{
register BUFHEAD *new_bufp, *old_bufp;
register uint16 *ino;
@@ -292,10 +292,10 @@ __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket)
copyto = (uint16)hashp->BSIZE;
off = (uint16)hashp->BSIZE;
- old_bufp = __get_buf(hashp, obucket, NULL, 0);
+ old_bufp = dbm_get_buf(hashp, obucket, NULL, 0);
if (old_bufp == NULL)
return (-1);
- new_bufp = __get_buf(hashp, nbucket, NULL, 0);
+ new_bufp = dbm_get_buf(hashp, nbucket, NULL, 0);
if (new_bufp == NULL)
return (-1);
@@ -331,7 +331,7 @@ __split_page(HTAB *hashp, uint32 obucket, uint32 nbucket)
assert(((int)key.size) > -1);
#endif
- if (__call_hash(hashp, (char *)key.data, key.size) == obucket) {
+ if (dbm_call_hash(hashp, (char *)key.data, key.size) == obucket) {
/* Don't switch page */
diff = copyto - off;
if (diff) {
@@ -443,8 +443,8 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
return DATABASE_CORRUPTED_ERROR;
if (ino[2] < REAL_KEY && ino[2] != OVFLPAGE) {
- if ((status = __big_split(hashp, old_bufp,
- new_bufp, bufp, bufp->addr, obucket, &ret)))
+ if ((status = dbm_big_split(hashp, old_bufp,
+ new_bufp, bufp, bufp->addr, obucket, &ret)))
return (status);
old_bufp = ret.oldp;
if (!old_bufp)
@@ -477,7 +477,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
scopyto - sizeof(uint16) * (ino[0] + 3);
OFFSET(ino) = scopyto;
- bufp = __get_buf(hashp, ov_addr, bufp, 0);
+ bufp = dbm_get_buf(hashp, ov_addr, bufp, 0);
if (!bufp)
return (-1);
@@ -487,7 +487,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
moved = 0;
if (last_bfp)
- __free_ovflpage(hashp, last_bfp);
+ dbm_free_ovflpage(hashp, last_bfp);
last_bfp = bufp;
}
/* Move regular sized pairs of there are any */
@@ -506,13 +506,13 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
val.size = ino[n] - ino[n + 1];
off = ino[n + 1];
- if (__call_hash(hashp, (char *)key.data, key.size) == obucket) {
+ if (dbm_call_hash(hashp, (char *)key.data, key.size) == obucket) {
/* Keep on old page */
if (PAIRFITS(op, (&key), (&val)))
putpair((char *)op, &key, &val);
else {
old_bufp =
- __add_ovflpage(hashp, old_bufp);
+ dbm_add_ovflpage(hashp, old_bufp);
if (!old_bufp)
return (-1);
op = (uint16 *)old_bufp->page;
@@ -525,7 +525,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
putpair((char *)np, &key, &val);
else {
new_bufp =
- __add_ovflpage(hashp, new_bufp);
+ dbm_add_ovflpage(hashp, new_bufp);
if (!new_bufp)
return (-1);
np = (uint16 *)new_bufp->page;
@@ -536,7 +536,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
}
}
if (last_bfp)
- __free_ovflpage(hashp, last_bfp);
+ dbm_free_ovflpage(hashp, last_bfp);
return (0);
}
@@ -548,7 +548,7 @@ ugly_split(HTAB *hashp, uint32 obucket, BUFHEAD *old_bufp,
* 1 ==> failure
*/
extern int
-__addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
+dbm_addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
{
register uint16 *bp, *sop;
int do_expand;
@@ -562,7 +562,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
and we need to add another page */
break;
else if (bp[2] < REAL_KEY && bp[bp[0]] != OVFLPAGE) {
- bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+ bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!bufp) {
#ifdef DEBUG
assert(0);
@@ -585,7 +585,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
return (0);
}
} else {
- bufp = __get_buf(hashp, bp[bp[0] - 1], bufp, 0);
+ bufp = dbm_get_buf(hashp, bp[bp[0] - 1], bufp, 0);
if (!bufp) {
#ifdef DEBUG
assert(0);
@@ -599,7 +599,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
putpair(bufp->page, key, (DBT *)val);
else {
do_expand = 1;
- bufp = __add_ovflpage(hashp, bufp);
+ bufp = dbm_add_ovflpage(hashp, bufp);
if (!bufp) {
#ifdef DEBUG
assert(0);
@@ -610,7 +610,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
if (PAIRFITS(sop, key, val))
putpair((char *)sop, key, (DBT *)val);
- else if (__big_insert(hashp, bufp, key, val)) {
+ else if (dbm_big_insert(hashp, bufp, key, val)) {
#ifdef DEBUG
assert(0);
#endif
@@ -625,7 +625,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
hashp->NKEYS++;
if (do_expand ||
(hashp->NKEYS / (hashp->MAX_BUCKET + 1) > hashp->FFACTOR))
- return (__expand_table(hashp));
+ return (dbm_expand_table(hashp));
return (0);
}
@@ -636,7 +636,7 @@ __addel(HTAB *hashp, BUFHEAD *bufp, const DBT *key, const DBT *val)
* NULL on error
*/
extern BUFHEAD *
-__add_ovflpage(HTAB *hashp, BUFHEAD *bufp)
+dbm_add_ovflpage(HTAB *hashp, BUFHEAD *bufp)
{
register uint16 *sp;
uint16 ndx, ovfl_num;
@@ -657,7 +657,7 @@ __add_ovflpage(HTAB *hashp, BUFHEAD *bufp)
tmp1 = bufp->addr;
tmp2 = bufp->ovfl ? bufp->ovfl->addr : 0;
#endif
- if (!ovfl_num || !(bufp->ovfl = __get_buf(hashp, ovfl_num, bufp, 1)))
+ if (!ovfl_num || !(bufp->ovfl = dbm_get_buf(hashp, ovfl_num, bufp, 1)))
return (NULL);
bufp->ovfl->flags |= BUF_MOD;
#ifdef DEBUG1
@@ -687,12 +687,12 @@ __add_ovflpage(HTAB *hashp, BUFHEAD *bufp)
* -1 indicates FAILURE
*/
extern int
-__get_page(HTAB *hashp,
- char *p,
- uint32 bucket,
- int is_bucket,
- int is_disk,
- int is_bitmap)
+dbm_get_page(HTAB *hashp,
+ char *p,
+ uint32 bucket,
+ int is_bucket,
+ int is_disk,
+ int is_bitmap)
{
register int fd, page;
size_t size;
@@ -805,7 +805,7 @@ __get_page(HTAB *hashp,
* -1 ==>failure
*/
extern int
-__put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap)
+dbm_put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap)
{
register int fd, page;
size_t size;
@@ -895,7 +895,7 @@ __put_page(HTAB *hashp, char *p, uint32 bucket, int is_bucket, int is_bitmap)
* once they are read in.
*/
extern int
-__ibitmap(HTAB *hashp, int pnum, int nbits, int ndx)
+dbm_ibitmap(HTAB *hashp, int pnum, int nbits, int ndx)
{
uint32 *ip;
size_t clearbytes, clearints;
@@ -1011,8 +1011,8 @@ overflow_page(HTAB *hashp)
* don't have to if we tell init_bitmap not to leave it clear
* in the first place.
*/
- if (__ibitmap(hashp,
- (int)OADDR_OF(splitnum, offset), 1, free_page))
+ if (dbm_ibitmap(hashp,
+ (int)OADDR_OF(splitnum, offset), 1, free_page))
return (0);
hashp->SPARES[splitnum]++;
#ifdef DEBUG2
@@ -1084,7 +1084,7 @@ found:
* Mark this overflow page as free.
*/
extern void
-__free_ovflpage(HTAB *hashp, BUFHEAD *obufp)
+dbm_free_ovflpage(HTAB *hashp, BUFHEAD *obufp)
{
uint16 addr;
uint32 *freep;
@@ -1125,7 +1125,7 @@ __free_ovflpage(HTAB *hashp, BUFHEAD *obufp)
(void)fprintf(stderr, "FREE_OVFLPAGE: ADDR: %d BIT: %d PAGE %d\n",
obufp->addr, free_bit, free_page);
#endif
- __reclaim_buf(hashp, obufp);
+ dbm_reclaim_buf(hashp, obufp);
}
/*
@@ -1236,8 +1236,8 @@ fetch_bitmap(HTAB *hashp, uint32 ndx)
return (NULL);
if ((hashp->mapp[ndx] = (uint32 *)malloc((size_t)hashp->BSIZE)) == NULL)
return (NULL);
- if (__get_page(hashp,
- (char *)hashp->mapp[ndx], hashp->BITMAPS[ndx], 0, 1, 1)) {
+ if (dbm_get_page(hashp,
+ (char *)hashp->mapp[ndx], hashp->BITMAPS[ndx], 0, 1, 1)) {
free(hashp->mapp[ndx]);
hashp->mapp[ndx] = NULL; /* NEW: 9-11-95 */
return (NULL);
@@ -1253,15 +1253,16 @@ print_chain(int addr)
short *bp, oaddr;
(void)fprintf(stderr, "%d ", addr);
- bufp = __get_buf(hashp, addr, NULL, 0);
+ bufp = dbm_get_buf(hashp, addr, NULL, 0);
bp = (short *)bufp->page;
while (bp[0] && ((bp[bp[0]] == OVFLPAGE) ||
((bp[0] > 2) && bp[2] < REAL_KEY))) {
oaddr = bp[bp[0] - 1];
(void)fprintf(stderr, "%d ", (int)oaddr);
- bufp = __get_buf(hashp, (int)oaddr, bufp, 0);
+ bufp = dbm_get_buf(hashp, (int)oaddr, bufp, 0);
bp = (short *)bufp->page;
}
(void)fprintf(stderr, "\n");
}
+
#endif
diff --git a/security/nss/lib/dbm/src/hash.c b/security/nss/lib/dbm/src/hash.c
index 98b1c07c7..100bbad27 100644
--- a/security/nss/lib/dbm/src/hash.c
+++ b/security/nss/lib/dbm/src/hash.c
@@ -118,7 +118,7 @@ int hash_accesses, hash_collisions, hash_expansions, hash_overflows;
* This closes the file, flushing buffers as appropriate.
*/
static void
-__remove_database(DB *dbp)
+dbm_remove_database(DB *dbp)
{
HTAB *hashp = (HTAB *)dbp->internal;
@@ -134,7 +134,7 @@ __remove_database(DB *dbp)
/* OPEN/CLOSE */
extern DB *
-__hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dflags)
+dbm_hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dflags)
{
HTAB *hashp = NULL;
struct stat statbuf;
@@ -199,7 +199,7 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl
if (info && info->hash)
hashp->hash = info->hash;
else
- hashp->hash = __default_hash;
+ hashp->hash = dbm_default_hash;
hdrsize = read(hashp->fp, (char *)&hashp->hdr, sizeof(HASHHDR));
if (hdrsize == -1)
@@ -243,9 +243,9 @@ __hash_open(const char *file, int flags, int mode, const HASHINFO *info, int dfl
/* Initialize Buffer Manager */
if (info && info->cachesize)
- __buf_init(hashp, (int32)info->cachesize);
+ dbm_buf_init(hashp, (int32)info->cachesize);
else
- __buf_init(hashp, DEF_BUFSIZE);
+ dbm_buf_init(hashp, DEF_BUFSIZE);
hashp->new_file = new_table;
#ifdef macintosh
@@ -331,7 +331,7 @@ init_hash(HTAB *hashp, const char *file, HASHINFO *info)
hashp->SSHIFT = DEF_SEGSIZE_SHIFT;
hashp->DSIZE = DEF_DIRSIZE;
hashp->FFACTOR = DEF_FFACTOR;
- hashp->hash = __default_hash;
+ hashp->hash = dbm_default_hash;
memset(hashp->SPARES, 0, sizeof(hashp->SPARES));
memset(hashp->BITMAPS, 0, sizeof(hashp->BITMAPS));
@@ -353,13 +353,13 @@ init_hash(HTAB *hashp, const char *file, HASHINFO *info)
if (hashp->BSIZE > MAX_BSIZE)
hashp->BSIZE = MAX_BSIZE;
#endif
- hashp->BSHIFT = __log2((uint32)hashp->BSIZE);
+ hashp->BSHIFT = dbm_log2((uint32)hashp->BSIZE);
}
if (info) {
if (info->bsize) {
/* Round pagesize up to power of 2 */
- hashp->BSHIFT = __log2(info->bsize);
+ hashp->BSHIFT = dbm_log2(info->bsize);
hashp->BSIZE = 1 << hashp->BSHIFT;
if (hashp->BSIZE > MAX_BSIZE) {
errno = EINVAL;
@@ -406,7 +406,7 @@ init_htab(HTAB *hashp, int nelem)
*/
nelem = (nelem - 1) / hashp->FFACTOR + 1;
- l2 = __log2((uint32)PR_MAX(nelem, 2));
+ l2 = dbm_log2((uint32)PR_MAX(nelem, 2));
nbuckets = 1 << l2;
hashp->SPARES[l2] = l2 + 1;
@@ -415,7 +415,7 @@ init_htab(HTAB *hashp, int nelem)
hashp->LAST_FREED = 2;
/* First bitmap page is at: splitpoint l2 page offset 1 */
- if (__ibitmap(hashp, (int)OADDR_OF(l2, 1), l2 + 1, 0))
+ if (dbm_ibitmap(hashp, (int)OADDR_OF(l2, 1), l2 + 1, 0))
return (-1);
hashp->MAX_BUCKET = hashp->LOW_MASK = nbuckets - 1;
@@ -425,7 +425,7 @@ init_htab(HTAB *hashp, int nelem)
1;
nsegs = (nbuckets - 1) / hashp->SGSIZE + 1;
- nsegs = 1 << __log2((uint32)nsegs);
+ nsegs = 1 << dbm_log2((uint32)nsegs);
if (nsegs > hashp->DSIZE)
hashp->DSIZE = nsegs;
@@ -463,7 +463,7 @@ hdestroy(HTAB *hashp)
* Call on buffer manager to free buffers, and if required,
* write them to disk.
*/
- if (__buf_free(hashp, 1, hashp->save_file))
+ if (dbm_buf_free(hashp, 1, hashp->save_file))
save_errno = errno;
if (hashp->dir) {
free(*hashp->dir); /* Free initial segments */
@@ -585,7 +585,7 @@ hash_sync(const DB *dbp, uint flags)
if (!hashp->save_file)
return (0);
- if (__buf_free(hashp, 0, 1) || flush_meta(hashp))
+ if (dbm_buf_free(hashp, 0, 1) || flush_meta(hashp))
return (DBM_ERROR);
#if defined(_WIN32) || defined(_WINDOWS)
if (hashp->updateEOF && hashp->filename && !hashp->is_temp) {
@@ -635,8 +635,8 @@ flush_meta(HTAB *hashp)
}
for (i = 0; i < NCACHED; i++)
if (hashp->mapp[i])
- if (__put_page(hashp, (char *)hashp->mapp[i],
- hashp->BITMAPS[i], 0, 1))
+ if (dbm_put_page(hashp, (char *)hashp->mapp[i],
+ hashp->BITMAPS[i], 0, 1))
return (-1);
return (0);
}
@@ -675,7 +675,7 @@ hash_get(
#if defined(unix) && defined(DEBUG)
printf("\n\nDBM Database has been corrupted, tell Lou...\n\n");
#endif
- __remove_database((DB *)dbp);
+ dbm_remove_database((DB *)dbp);
}
return (rv);
@@ -711,7 +711,7 @@ hash_put(
#if defined(unix) && defined(DEBUG)
printf("\n\nDBM Database has been corrupted, tell Lou...\n\n");
#endif
- __remove_database((DB *)dbp);
+ dbm_remove_database((DB *)dbp);
}
return (rv);
@@ -744,7 +744,7 @@ hash_delete(
#if defined(unix) && defined(DEBUG)
printf("\n\nDBM Database has been corrupted, tell Lou...\n\n");
#endif
- __remove_database((DB *)dbp);
+ dbm_remove_database((DB *)dbp);
}
return (rv);
@@ -777,7 +777,7 @@ hash_access(
off = hashp->BSIZE;
size = key->size;
kp = (char *)key->data;
- rbufp = __get_buf(hashp, __call_hash(hashp, kp, size), NULL, 0);
+ rbufp = dbm_get_buf(hashp, dbm_call_hash(hashp, kp, size), NULL, 0);
if (!rbufp)
return (DATABASE_CORRUPTED_ERROR);
save_bufp = rbufp;
@@ -805,7 +805,7 @@ hash_access(
last_overflow_page_no = *bp;
- rbufp = __get_buf(hashp, *bp, rbufp, 0);
+ rbufp = dbm_get_buf(hashp, *bp, rbufp, 0);
if (!rbufp) {
save_bufp->flags &= ~BUF_PIN;
return (DBM_ERROR);
@@ -822,17 +822,17 @@ hash_access(
off = hashp->BSIZE;
} else if (bp[1] < REAL_KEY) {
if ((ndx =
- __find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0)
+ dbm_find_bigpair(hashp, rbufp, ndx, kp, (int)size)) > 0)
goto found;
if (ndx == -2) {
bufp = rbufp;
if (!(pageno =
- __find_last_page(hashp, &bufp))) {
+ dbm_find_last_page(hashp, &bufp))) {
ndx = 0;
rbufp = bufp;
break; /* FOR */
}
- rbufp = __get_buf(hashp, pageno, bufp, 0);
+ rbufp = dbm_get_buf(hashp, pageno, bufp, 0);
if (!rbufp) {
save_bufp->flags &= ~BUF_PIN;
return (DBM_ERROR);
@@ -853,7 +853,7 @@ hash_access(
switch (action) {
case HASH_PUT:
case HASH_PUTNEW:
- if (__addel(hashp, rbufp, key, val)) {
+ if (dbm_addel(hashp, rbufp, key, val)) {
save_bufp->flags &= ~BUF_PIN;
return (DBM_ERROR);
} else {
@@ -875,7 +875,7 @@ found:
case HASH_GET:
bp = (uint16 *)rbufp->page;
if (bp[ndx + 1] < REAL_KEY) {
- if (__big_return(hashp, rbufp, ndx, val, 0))
+ if (dbm_big_return(hashp, rbufp, ndx, val, 0))
return (DBM_ERROR);
} else {
val->data = (uint8 *)rbufp->page + (int)bp[ndx + 1];
@@ -883,14 +883,14 @@ found:
}
break;
case HASH_PUT:
- if ((__delpair(hashp, rbufp, ndx)) ||
- (__addel(hashp, rbufp, key, val))) {
+ if ((dbm_delpair(hashp, rbufp, ndx)) ||
+ (dbm_addel(hashp, rbufp, key, val))) {
save_bufp->flags &= ~BUF_PIN;
return (DBM_ERROR);
}
break;
case HASH_DELETE:
- if (__delpair(hashp, rbufp, ndx))
+ if (dbm_delpair(hashp, rbufp, ndx))
return (DBM_ERROR);
break;
default:
@@ -933,7 +933,7 @@ hash_seq(
for (bucket = hashp->cbucket;
bucket <= (uint32)hashp->MAX_BUCKET;
bucket++, hashp->cndx = 1) {
- bufp = __get_buf(hashp, bucket, NULL, 0);
+ bufp = dbm_get_buf(hashp, bucket, NULL, 0);
if (!bufp)
return (DBM_ERROR);
hashp->cpage = bufp;
@@ -955,7 +955,7 @@ hash_seq(
#endif
while (bp[hashp->cndx + 1] == OVFLPAGE) {
bufp = hashp->cpage =
- __get_buf(hashp, bp[hashp->cndx], bufp, 0);
+ dbm_get_buf(hashp, bp[hashp->cndx], bufp, 0);
if (!bufp)
return (DBM_ERROR);
bp = (uint16 *)(bufp->page);
@@ -968,7 +968,7 @@ hash_seq(
}
ndx = hashp->cndx;
if (bp[ndx + 1] < REAL_KEY) {
- if (__big_keydata(hashp, bufp, key, data, 1))
+ if (dbm_big_keydata(hashp, bufp, key, data, 1))
return (DBM_ERROR);
} else {
key->data = (uint8 *)hashp->cpage->page + bp[ndx];
@@ -994,7 +994,7 @@ hash_seq(
* -1 ==> Error
*/
extern int
-__expand_table(HTAB *hashp)
+dbm_expand_table(HTAB *hashp)
{
uint32 old_bucket, new_bucket;
int new_segnum, spare_ndx;
@@ -1029,7 +1029,7 @@ __expand_table(HTAB *hashp)
* * increases), we need to copy the current contents of the spare
* split bucket to the next bucket.
*/
- spare_ndx = __log2((uint32)(hashp->MAX_BUCKET + 1));
+ spare_ndx = dbm_log2((uint32)(hashp->MAX_BUCKET + 1));
if (spare_ndx > hashp->OVFL_POINT) {
hashp->SPARES[spare_ndx] = hashp->SPARES[hashp->OVFL_POINT];
hashp->OVFL_POINT = spare_ndx;
@@ -1041,7 +1041,7 @@ __expand_table(HTAB *hashp)
hashp->HIGH_MASK = new_bucket | hashp->LOW_MASK;
}
/* Relocate records to the new bucket */
- return (__split_page(hashp, old_bucket, new_bucket));
+ return (dbm_split_page(hashp, old_bucket, new_bucket));
}
/*
@@ -1065,7 +1065,7 @@ hash_realloc(
}
extern uint32
-__call_hash(HTAB *hashp, char *k, size_t len)
+dbm_call_hash(HTAB *hashp, char *k, size_t len)
{
uint32 n, bucket;
@@ -1168,4 +1168,5 @@ swap_header(HTAB *hashp)
M_16_SWAP(hdrp->bitmaps[i]);
}
}
+
#endif
diff --git a/security/nss/lib/dbm/src/hash_buf.c b/security/nss/lib/dbm/src/hash_buf.c
index a7cd2d076..02deb81c5 100644
--- a/security/nss/lib/dbm/src/hash_buf.c
+++ b/security/nss/lib/dbm/src/hash_buf.c
@@ -104,7 +104,7 @@ static BUFHEAD *newbuf(HTAB *, uint32, BUFHEAD *);
* address you are seeking.
*/
extern BUFHEAD *
-__get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
+dbm_get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
/* If prev_bp set, indicates a new overflow page. */
{
register BUFHEAD *bp;
@@ -124,7 +124,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
/* Grab buffer out of directory */
segment_ndx = addr & (hashp->SGSIZE - 1);
- /* valid segment ensured by __call_hash() */
+ /* valid segment ensured by dbm_call_hash() */
segp = hashp->dir[addr >> hashp->SSHIFT];
#ifdef DEBUG
assert(segp != NULL);
@@ -140,7 +140,7 @@ __get_buf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp, int newpage)
bp = newbuf(hashp, addr, prev_bp);
if (!bp)
return (NULL);
- if (__get_page(hashp, bp->page, addr, !prev_bp, is_disk, 0)) {
+ if (dbm_get_page(hashp, bp->page, addr, !prev_bp, is_disk, 0)) {
/* free bp and its page */
if (prev_bp) {
/* if prev_bp is set then the new page that
@@ -242,8 +242,8 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp)
}
oaddr = shortp[shortp[0] - 1];
}
- if ((bp->flags & BUF_MOD) && __put_page(hashp, bp->page,
- bp->addr, (int)IS_BUCKET(bp->flags), 0))
+ if ((bp->flags & BUF_MOD) && dbm_put_page(hashp, bp->page,
+ bp->addr, (int)IS_BUCKET(bp->flags), 0))
return (NULL);
/*
* Update the pointer to this page (i.e. invalidate it).
@@ -298,8 +298,8 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp)
/* set before __put_page */
oaddr = shortp[shortp[0] - 1];
}
- if ((xbp->flags & BUF_MOD) && __put_page(hashp,
- xbp->page, xbp->addr, 0, 0))
+ if ((xbp->flags & BUF_MOD) && dbm_put_page(hashp,
+ xbp->page, xbp->addr, 0, 0))
return (NULL);
xbp->addr = 0;
xbp->flags = 0;
@@ -335,7 +335,7 @@ newbuf(HTAB *hashp, uint32 addr, BUFHEAD *prev_bp)
}
extern void
-__buf_init(HTAB *hashp, int32 nbytes)
+dbm_buf_init(HTAB *hashp, int32 nbytes)
{
BUFHEAD *bfp;
int npages;
@@ -358,7 +358,7 @@ __buf_init(HTAB *hashp, int32 nbytes)
}
extern int
-__buf_free(HTAB *hashp, int do_free, int to_disk)
+dbm_buf_free(HTAB *hashp, int do_free, int to_disk)
{
BUFHEAD *bp;
int status = -1;
@@ -370,8 +370,8 @@ __buf_free(HTAB *hashp, int do_free, int to_disk)
/* Check that the buffer is valid */
if (bp->addr || IS_BUCKET(bp->flags)) {
if (to_disk && (bp->flags & BUF_MOD) &&
- (status = __put_page(hashp, bp->page,
- bp->addr, IS_BUCKET(bp->flags), 0))) {
+ (status = dbm_put_page(hashp, bp->page,
+ bp->addr, IS_BUCKET(bp->flags), 0))) {
if (do_free) {
if (bp->page)
@@ -397,11 +397,12 @@ __buf_free(HTAB *hashp, int do_free, int to_disk)
}
extern void
-__reclaim_buf(HTAB *hashp, BUFHEAD *bp)
+dbm_reclaim_buf(HTAB *hashp, BUFHEAD *bp)
{
bp->ovfl = 0;
bp->addr = 0;
bp->flags = 0;
BUF_REMOVE(bp);
LRU_INSERT(bp);
+
}
diff --git a/security/nss/lib/freebl/chacha20poly1305.c b/security/nss/lib/freebl/chacha20poly1305.c
index 302f0db9e..8fdaf3fec 100644
--- a/security/nss/lib/freebl/chacha20poly1305.c
+++ b/security/nss/lib/freebl/chacha20poly1305.c
@@ -234,6 +234,11 @@ ChaCha20Poly1305_Open(const ChaCha20Poly1305Context *ctx, unsigned char *output,
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
return SECFailure;
}
+ // ChaCha has a 64 octet block, with a 32-bit block counter.
+ if (inputLen >= (1ULL << (6 + 32)) + ctx->tagLen) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
PORT_Memset(block, 0, sizeof(block));
// Generate a block of keystream. The first 32 bytes will be the poly1305
diff --git a/security/nss/lib/freebl/ctr.c b/security/nss/lib/freebl/ctr.c
index d7652c060..4d26a5b06 100644
--- a/security/nss/lib/freebl/ctr.c
+++ b/security/nss/lib/freebl/ctr.c
@@ -128,6 +128,12 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf,
unsigned int tmp;
SECStatus rv;
+ // Limit block count to 2^counterBits - 2
+ if (ctr->counterBits < (sizeof(unsigned int) * 8) &&
+ inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
if (maxout < inlen) {
*outlen = inlen;
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -199,6 +205,12 @@ CTR_Update_HW_AES(CTRContext *ctr, unsigned char *outbuf,
unsigned int tmp;
SECStatus rv;
+ // Limit block count to 2^counterBits - 2
+ if (ctr->counterBits < (sizeof(unsigned int) * 8) &&
+ inlen > ((1 << ctr->counterBits) - 2) * AES_BLOCK_SIZE) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
if (maxout < inlen) {
*outlen = inlen;
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
diff --git a/security/nss/lib/freebl/gcm.c b/security/nss/lib/freebl/gcm.c
index f1e16da78..e93970b88 100644
--- a/security/nss/lib/freebl/gcm.c
+++ b/security/nss/lib/freebl/gcm.c
@@ -469,6 +469,12 @@ gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD,
{
SECStatus rv;
+ // Limit AADLen in accordance with SP800-38D
+ if (sizeof(AADLen) >= 8 && AADLen > (1ULL << 61) - 1) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
+
ghash->cLen = 0;
PORT_Memset(ghash->counterBuf, 0, GCM_HASH_LEN_LEN * 2);
ghash->bufLen = 0;
diff --git a/security/nss/lib/freebl/intel-gcm-wrap.c b/security/nss/lib/freebl/intel-gcm-wrap.c
index 37a1af765..f69bc7c7a 100644
--- a/security/nss/lib/freebl/intel-gcm-wrap.c
+++ b/security/nss/lib/freebl/intel-gcm-wrap.c
@@ -62,6 +62,12 @@ intel_AES_GCM_CreateContext(void *context,
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
+ // Limit AADLen in accordance with SP800-38D
+ if (sizeof(AAD_whole_len) >= 8 && AAD_whole_len > (1ULL << 61) - 1) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return NULL;
+ }
+
gcm = PORT_ZNew(intel_AES_GCMContext);
if (gcm == NULL) {
return NULL;
@@ -159,6 +165,14 @@ intel_AES_GCM_EncryptUpdate(intel_AES_GCMContext *gcm,
unsigned char T[AES_BLOCK_SIZE];
unsigned int j;
+ // GCM has a 16 octet block, with a 32-bit block counter
+ // Limit in accordance with SP800-38D
+ if (sizeof(inlen) > 4 &&
+ inlen >= ((1ULL << 32) - 2) * AES_BLOCK_SIZE) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
+
tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
if (UINT_MAX - inlen < tagBytes) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
@@ -216,6 +230,14 @@ intel_AES_GCM_DecryptUpdate(intel_AES_GCMContext *gcm,
inlen -= tagBytes;
intag = inbuf + inlen;
+ // GCM has a 16 octet block, with a 32-bit block counter
+ // Limit in accordance with SP800-38D
+ if (sizeof(inlen) > 4 &&
+ inlen >= ((1ULL << 32) - 2) * AES_BLOCK_SIZE) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ return SECFailure;
+ }
+
if (maxout < inlen) {
*outlen = inlen;
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
diff --git a/security/nss/lib/freebl/rsapkcs.c b/security/nss/lib/freebl/rsapkcs.c
index 875e4e28d..6f94770ad 100644
--- a/security/nss/lib/freebl/rsapkcs.c
+++ b/security/nss/lib/freebl/rsapkcs.c
@@ -115,7 +115,7 @@ rsa_FormatOneBlock(unsigned modulusLen,
{
unsigned char *block;
unsigned char *bp;
- int padLen;
+ unsigned int padLen;
int i, j;
SECStatus rv;
@@ -135,14 +135,14 @@ rsa_FormatOneBlock(unsigned modulusLen,
switch (blockType) {
/*
- * Blocks intended for private-key operation.
- */
+ * Blocks intended for private-key operation.
+ */
case RSA_BlockPrivate: /* preferred method */
/*
- * 0x00 || BT || Pad || 0x00 || ActualData
- * 1 1 padLen 1 data->len
- * Pad is either all 0x00 or all 0xff bytes, depending on blockType.
- */
+ * 0x00 || BT || Pad || 0x00 || ActualData
+ * 1 1 padLen 1 data->len
+ * Pad is either all 0x00 or all 0xff bytes, depending on blockType.
+ */
padLen = modulusLen - data->len - 3;
PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
@@ -162,7 +162,7 @@ rsa_FormatOneBlock(unsigned modulusLen,
/*
* 0x00 || BT || Pad || 0x00 || ActualData
* 1 1 padLen 1 data->len
- * Pad is all non-zero random bytes.
+ * Pad is 8 or more non-zero random bytes.
*
* Build the block left to right.
* Fill the entire block from Pad to the end with random bytes.
@@ -236,7 +236,9 @@ rsa_FormatBlock(SECItem *result,
* The "3" below is the first octet + the second octet + the 0x00
* octet that always comes just before the ActualData.
*/
- PORT_Assert(data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
+ if (data->len > (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN))) {
+ return SECFailure;
+ }
result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
if (result->data == NULL) {
diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index ea54ce0cd..f6b83a01c 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -22,10 +22,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define NSS_VERSION "3.41.2" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.41.3" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 41
-#define NSS_VPATCH 2
+#define NSS_VPATCH 3
#define NSS_VBUILD 0
#define NSS_BETA PR_FALSE
diff --git a/security/nss/lib/softoken/pkcs11c.c b/security/nss/lib/softoken/pkcs11c.c
index 884702cc1..327a67d5c 100644
--- a/security/nss/lib/softoken/pkcs11c.c
+++ b/security/nss/lib/softoken/pkcs11c.c
@@ -7668,9 +7668,11 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
const SECHashObject *rawHash;
unsigned hashLen;
CK_BYTE hashbuf[HASH_LENGTH_MAX];
- CK_BYTE *prk; /* psuedo-random key */
+ CK_BYTE *prk; /* psuedo-random key */
CK_ULONG prkLen;
- CK_BYTE *okm; /* output keying material */
+ CK_BYTE *okm; /* output keying material */
+ unsigned allocated_space = 0; /* If we need more work space, track it */
+ unsigned char *key_buf = &key_block[0];
rawHash = HASH_GetRawHashObject(hashType);
if (rawHash == NULL || rawHash->length > sizeof(hashbuf)) {
@@ -7686,7 +7688,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
crv = CKR_MECHANISM_PARAM_INVALID;
break;
}
- if (keySize == 0 || keySize > sizeof key_block ||
+ if (keySize == 0 ||
(!params->bExpand && keySize > hashLen) ||
(params->bExpand && keySize > 255 * hashLen)) {
crv = CKR_TEMPLATE_INCONSISTENT;
@@ -7736,34 +7738,49 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession,
/* T(1) = HMAC-Hash(prk, "" | info | 0x01)
* T(n) = HMAC-Hash(prk, T(n-1) | info | n
* key material = T(1) | ... | T(n)
+ *
+ * If the requested output length does not fit
+ * within |key_block|, allocate space for expansion.
*/
HMACContext *hmac;
CK_BYTE bi;
- unsigned iterations = PR_ROUNDUP(keySize, hashLen) / hashLen;
+ unsigned n_bytes = PR_ROUNDUP(keySize, hashLen);
+ unsigned iterations = n_bytes / hashLen;
hmac = HMAC_Create(rawHash, prk, prkLen, isFIPS);
if (hmac == NULL) {
crv = CKR_HOST_MEMORY;
break;
}
- for (bi = 1; bi <= iterations; ++bi) {
+ if (n_bytes > sizeof(key_block)) {
+ key_buf = PORT_Alloc(n_bytes);
+ if (key_buf == NULL) {
+ crv = CKR_HOST_MEMORY;
+ break;
+ }
+ allocated_space = n_bytes;
+ }
+ for (bi = 1; bi <= iterations && bi > 0; ++bi) {
unsigned len;
HMAC_Begin(hmac);
if (bi > 1) {
- HMAC_Update(hmac, key_block + ((bi - 2) * hashLen), hashLen);
+ HMAC_Update(hmac, key_buf + ((bi - 2) * hashLen), hashLen);
}
if (params->ulInfoLen != 0) {
HMAC_Update(hmac, params->pInfo, params->ulInfoLen);
}
HMAC_Update(hmac, &bi, 1);
- HMAC_Finish(hmac, key_block + ((bi - 1) * hashLen), &len,
+ HMAC_Finish(hmac, key_buf + ((bi - 1) * hashLen), &len,
hashLen);
PORT_Assert(len == hashLen);
}
HMAC_Destroy(hmac, PR_TRUE);
- okm = key_block;
+ okm = key_buf;
}
/* key material = prk */
crv = sftk_forceAttribute(key, CKA_VALUE, okm, keySize);
+ if (allocated_space) {
+ PORT_ZFree(key_buf, allocated_space);
+ }
break;
} /* end of CKM_NSS_HKDF_* */
diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
index 73a38b010..ab2e91018 100644
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -17,10 +17,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
-#define SOFTOKEN_VERSION "3.41.2" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.41.3" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 41
-#define SOFTOKEN_VPATCH 2
+#define SOFTOKEN_VPATCH 3
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_FALSE
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index a2be260b0..f880fb55e 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -19,10 +19,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.41.2"
+#define NSSUTIL_VERSION "3.41.3"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 41
-#define NSSUTIL_VPATCH 2
+#define NSSUTIL_VPATCH 3
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE