summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/util
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/util')
-rw-r--r--security/nss/lib/util/nssb64d.c2
-rw-r--r--security/nss/lib/util/nssrwlk.c2
-rw-r--r--security/nss/lib/util/nssutil.def16
-rw-r--r--security/nss/lib/util/nssutil.h6
-rw-r--r--security/nss/lib/util/pkcs11uri.c2
-rw-r--r--security/nss/lib/util/quickder.c3
-rw-r--r--security/nss/lib/util/secasn1d.c4
-rw-r--r--security/nss/lib/util/secoid.c20
-rw-r--r--security/nss/lib/util/secport.c62
-rw-r--r--security/nss/lib/util/secport.h7
-rw-r--r--security/nss/lib/util/utilmod.c190
-rw-r--r--security/nss/lib/util/utilpars.c7
-rw-r--r--security/nss/lib/util/utilpars.h6
-rw-r--r--security/nss/lib/util/utilparst.h2
-rw-r--r--security/nss/lib/util/utilrename.h2
15 files changed, 294 insertions, 37 deletions
diff --git a/security/nss/lib/util/nssb64d.c b/security/nss/lib/util/nssb64d.c
index 886ce21c0..e4bb20a3e 100644
--- a/security/nss/lib/util/nssb64d.c
+++ b/security/nss/lib/util/nssb64d.c
@@ -249,7 +249,7 @@ pl_base64_decode_buffer(PLBase64Decoder *data, const unsigned char *in,
}
i = 0;
- PR_ASSERT((out - data->output_buffer + 3) <= data->output_buflen);
+ PR_ASSERT((PRUint32)(out - data->output_buffer + 3) <= data->output_buflen);
/*
* Assume we are not at the end; the following function only works
diff --git a/security/nss/lib/util/nssrwlk.c b/security/nss/lib/util/nssrwlk.c
index dbaeca24b..5af021762 100644
--- a/security/nss/lib/util/nssrwlk.c
+++ b/security/nss/lib/util/nssrwlk.c
@@ -120,6 +120,8 @@ NSSRWLock_Destroy(NSSRWLock *rwlock)
{
PR_ASSERT(rwlock != NULL);
PR_ASSERT(rwlock->rw_waiting_readers == 0);
+ PR_ASSERT(rwlock->rw_writer_locks == 0);
+ PR_ASSERT(rwlock->rw_reader_locks == 0);
/* XXX Shouldn't we lock the PZLock before destroying this?? */
diff --git a/security/nss/lib/util/nssutil.def b/security/nss/lib/util/nssutil.def
index f4b9ef7ba..936455f6e 100644
--- a/security/nss/lib/util/nssutil.def
+++ b/security/nss/lib/util/nssutil.def
@@ -307,3 +307,19 @@ PK11URI_GetQueryAttribute;
;+ local:
;+ *;
;+};
+;+NSSUTIL_3.33 { # NSS Utilities 3.33 release
+;+ global:
+PORT_ZAllocAligned_Util;
+PORT_ZAllocAlignedOffset_Util;
+NSS_SecureMemcmpZero;
+;+ local:
+;+ *;
+;+};
+;-NSSUTIL_3.35 { # NSS Utilities 3.35 release
+;- global:
+;-# private exports for softoken
+_NSSUTIL_UTF8ToWide;-
+_NSSUTIL_Access;-
+;- local:
+;- *;
+;-};
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index e8cb52aed..f86dfa91e 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -19,10 +19,10 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
-#define NSSUTIL_VERSION "3.32.1"
+#define NSSUTIL_VERSION "3.35"
#define NSSUTIL_VMAJOR 3
-#define NSSUTIL_VMINOR 32
-#define NSSUTIL_VPATCH 1
+#define NSSUTIL_VMINOR 35
+#define NSSUTIL_VPATCH 0
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_FALSE
diff --git a/security/nss/lib/util/pkcs11uri.c b/security/nss/lib/util/pkcs11uri.c
index 453440293..94b00171e 100644
--- a/security/nss/lib/util/pkcs11uri.c
+++ b/security/nss/lib/util/pkcs11uri.c
@@ -242,7 +242,7 @@ static int
pk11uri_CompareByPosition(const char *a, const char *b,
const char **attr_names, size_t num_attr_names)
{
- int i, j;
+ size_t i, j;
for (i = 0; i < num_attr_names; i++) {
if (strcmp(a, attr_names[i]) == 0) {
diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c
index 1b474822e..7a6ac1c53 100644
--- a/security/nss/lib/util/quickder.c
+++ b/security/nss/lib/util/quickder.c
@@ -520,8 +520,7 @@ DecodeGroup(void* dest,
if (SECSuccess == rv) {
/* allocate room for pointer array and entries */
/* we want to allocate the array even if there is 0 entry */
- entries = (void**)PORT_ArenaZAlloc(arena, sizeof(void*) *
- (totalEntries + 1) + /* the extra one is for NULL termination */
+ entries = (void**)PORT_ArenaZAlloc(arena, sizeof(void*) * (totalEntries + 1) + /* the extra one is for NULL termination */
subTemplate->size * totalEntries);
if (entries) {
diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c
index e6abb5fd5..4c5f0ce4b 100644
--- a/security/nss/lib/util/secasn1d.c
+++ b/security/nss/lib/util/secasn1d.c
@@ -2721,9 +2721,7 @@ dump_states(SEC_ASN1DecoderContext *cx)
(state == cx->current) ? "STATE" : "State",
state->theTemplate,
kindBuf);
- printf(" %s", (state->place >= 0 && state->place <= notInUse)
- ? place_names[state->place]
- : "(undefined)");
+ printf(" %s", (state->place >= 0 && state->place <= notInUse) ? place_names[state->place] : "(undefined)");
if (!i)
printf(", expect 0x%02x",
state->expect_tag_number | state->expect_tag_modifiers);
diff --git a/security/nss/lib/util/secoid.c b/security/nss/lib/util/secoid.c
index da03b7c06..a05621c59 100644
--- a/security/nss/lib/util/secoid.c
+++ b/security/nss/lib/util/secoid.c
@@ -1841,13 +1841,11 @@ secoid_FindDynamic(const SECItem *key)
{
SECOidData *ret = NULL;
+ NSSRWLock_LockRead(dynOidLock);
if (dynOidHash) {
- NSSRWLock_LockRead(dynOidLock);
- if (dynOidHash) { /* must check it again with lock held. */
- ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
- }
- NSSRWLock_UnlockRead(dynOidLock);
+ ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
}
+ NSSRWLock_UnlockRead(dynOidLock);
if (ret == NULL) {
PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
}
@@ -1866,14 +1864,12 @@ secoid_FindDynamicByTag(SECOidTag tagnum)
}
tagNumDiff = tagnum - SEC_OID_TOTAL;
- if (dynOidTable) {
- NSSRWLock_LockRead(dynOidLock);
- if (dynOidTable != NULL && /* must check it again with lock held. */
- tagNumDiff < dynOidEntriesUsed) {
- dxo = dynOidTable[tagNumDiff];
- }
- NSSRWLock_UnlockRead(dynOidLock);
+ NSSRWLock_LockRead(dynOidLock);
+ if (dynOidTable != NULL &&
+ tagNumDiff < dynOidEntriesUsed) {
+ dxo = dynOidTable[tagNumDiff];
}
+ NSSRWLock_UnlockRead(dynOidLock);
if (dxo == NULL) {
PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
}
diff --git a/security/nss/lib/util/secport.c b/security/nss/lib/util/secport.c
index 01a7d0834..e5bd4c1bb 100644
--- a/security/nss/lib/util/secport.c
+++ b/security/nss/lib/util/secport.c
@@ -21,6 +21,8 @@
#include "prenv.h"
#include "prinit.h"
+#include <stdint.h>
+
#ifdef DEBUG
#define THREADMARK
#endif /* DEBUG */
@@ -119,6 +121,51 @@ PORT_ZAlloc(size_t bytes)
return rv;
}
+/* aligned_alloc is C11. This is an alternative to get aligned memory. */
+void *
+PORT_ZAllocAligned(size_t bytes, size_t alignment, void **mem)
+{
+ size_t x = alignment - 1;
+
+ /* This only works if alignment is a power of 2. */
+ if ((alignment == 0) || (alignment & (alignment - 1))) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ if (!mem) {
+ return NULL;
+ }
+
+ /* Always allocate a non-zero amount of bytes */
+ *mem = PORT_ZAlloc((bytes ? bytes : 1) + x);
+ if (!*mem) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return NULL;
+ }
+
+ return (void *)(((uintptr_t)*mem + x) & ~(uintptr_t)x);
+}
+
+void *
+PORT_ZAllocAlignedOffset(size_t size, size_t alignment, size_t offset)
+{
+ PORT_Assert(offset < size);
+ if (offset > size) {
+ return NULL;
+ }
+
+ void *mem = NULL;
+ void *v = PORT_ZAllocAligned(size, alignment, &mem);
+ if (!v) {
+ return NULL;
+ }
+
+ PORT_Assert(mem);
+ *((void **)((uintptr_t)v + offset)) = mem;
+ return v;
+}
+
void
PORT_Free(void *ptr)
{
@@ -733,3 +780,18 @@ NSS_SecureMemcmp(const void *ia, const void *ib, size_t n)
return r;
}
+
+/*
+ * Perform a constant-time check if a memory region is all 0. The return value
+ * is 0 if the memory region is all zero.
+ */
+unsigned int
+NSS_SecureMemcmpZero(const void *mem, size_t n)
+{
+ PRUint8 zero = 0;
+ size_t i;
+ for (i = 0; i < n; ++i) {
+ zero |= *(PRUint8 *)((uintptr_t)mem + i);
+ }
+ return zero;
+}
diff --git a/security/nss/lib/util/secport.h b/security/nss/lib/util/secport.h
index fb9ff4ebb..f1665a2f5 100644
--- a/security/nss/lib/util/secport.h
+++ b/security/nss/lib/util/secport.h
@@ -45,6 +45,7 @@
#include <string.h>
#include <stddef.h>
#include <stdlib.h>
+#include <stdint.h>
#include "prtypes.h"
#include "prlog.h" /* for PR_ASSERT */
#include "plarena.h"
@@ -88,6 +89,9 @@ SEC_BEGIN_PROTOS
extern void *PORT_Alloc(size_t len);
extern void *PORT_Realloc(void *old, size_t len);
extern void *PORT_ZAlloc(size_t len);
+extern void *PORT_ZAllocAligned(size_t bytes, size_t alignment, void **mem);
+extern void *PORT_ZAllocAlignedOffset(size_t bytes, size_t alignment,
+ size_t offset);
extern void PORT_Free(void *ptr);
extern void PORT_ZFree(void *ptr, size_t len);
extern char *PORT_Strdup(const char *s);
@@ -131,6 +135,8 @@ SEC_END_PROTOS
#define PORT_CheckSuccess(f) (f)
#endif
#define PORT_ZNew(type) (type *)PORT_ZAlloc(sizeof(type))
+#define PORT_ZNewAligned(type, alignment, mem) \
+ (type *)PORT_ZAllocAlignedOffset(sizeof(type), alignment, offsetof(type, mem))
#define PORT_New(type) (type *)PORT_Alloc(sizeof(type))
#define PORT_ArenaNew(poolp, type) \
(type *)PORT_ArenaAlloc(poolp, sizeof(type))
@@ -246,6 +252,7 @@ sec_port_iso88591_utf8_conversion_function(
extern int NSS_PutEnv(const char *envVarName, const char *envValue);
extern int NSS_SecureMemcmp(const void *a, const void *b, size_t n);
+extern unsigned int NSS_SecureMemcmpZero(const void *mem, size_t n);
/*
* Load a shared library called "newShLibName" in the same directory as
diff --git a/security/nss/lib/util/utilmod.c b/security/nss/lib/util/utilmod.c
index 971b6c1dc..7d3fcda81 100644
--- a/security/nss/lib/util/utilmod.c
+++ b/security/nss/lib/util/utilmod.c
@@ -24,6 +24,7 @@
#if defined(_WIN32)
#include <io.h>
+#include <windows.h>
#endif
#ifdef XP_UNIX
#include <unistd.h>
@@ -34,15 +35,184 @@
#include <fcntl.h>
#if defined(_WIN32)
-#define os_open _open
#define os_fdopen _fdopen
-#define os_stat _stat
#define os_truncate_open_flags _O_CREAT | _O_RDWR | _O_TRUNC
#define os_append_open_flags _O_CREAT | _O_RDWR | _O_APPEND
#define os_open_permissions_type int
#define os_open_permissions_default _S_IREAD | _S_IWRITE
#define os_stat_type struct _stat
+
+/*
+ * Convert a UTF8 string to Unicode wide character
+ */
+LPWSTR
+_NSSUTIL_UTF8ToWide(const char *buf)
+{
+ DWORD size;
+ LPWSTR wide;
+
+ if (!buf) {
+ return NULL;
+ }
+
+ size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, NULL, 0);
+ if (size == 0) {
+ return NULL;
+ }
+ wide = PORT_Alloc(sizeof(WCHAR) * size);
+ if (!wide) {
+ return NULL;
+ }
+ size = MultiByteToWideChar(CP_UTF8, 0, buf, -1, wide, size);
+ if (size == 0) {
+ PORT_Free(wide);
+ return NULL;
+ }
+ return wide;
+}
+
+static int
+os_open(const char *filename, int oflag, int pmode)
+{
+ int fd;
+
+ if (!filename) {
+ return -1;
+ }
+
+ wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
+ if (!filenameWide) {
+ return -1;
+ }
+ fd = _wopen(filenameWide, oflag, pmode);
+ PORT_Free(filenameWide);
+
+ return fd;
+}
+
+static int
+os_stat(const char *path, os_stat_type *buffer)
+{
+ int result;
+
+ if (!path) {
+ return -1;
+ }
+
+ wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path);
+ if (!pathWide) {
+ return -1;
+ }
+ result = _wstat(pathWide, buffer);
+ PORT_Free(pathWide);
+
+ return result;
+}
+
+static FILE *
+os_fopen(const char *filename, const char *mode)
+{
+ FILE *fp;
+
+ if (!filename || !mode) {
+ return NULL;
+ }
+
+ wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename);
+ if (!filenameWide) {
+ return NULL;
+ }
+ wchar_t *modeWide = _NSSUTIL_UTF8ToWide(mode);
+ if (!modeWide) {
+ PORT_Free(filenameWide);
+ return NULL;
+ }
+ fp = _wfopen(filenameWide, modeWide);
+ PORT_Free(filenameWide);
+ PORT_Free(modeWide);
+
+ return fp;
+}
+
+PRStatus
+_NSSUTIL_Access(const char *path, PRAccessHow how)
+{
+ int result;
+
+ if (!path) {
+ return PR_FAILURE;
+ }
+
+ int mode;
+ switch (how) {
+ case PR_ACCESS_WRITE_OK:
+ mode = 2;
+ break;
+ case PR_ACCESS_READ_OK:
+ mode = 4;
+ break;
+ case PR_ACCESS_EXISTS:
+ mode = 0;
+ break;
+ default:
+ return PR_FAILURE;
+ }
+
+ wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path);
+ if (!pathWide) {
+ return PR_FAILURE;
+ }
+ result = _waccess(pathWide, mode);
+ PORT_Free(pathWide);
+
+ return result < 0 ? PR_FAILURE : PR_SUCCESS;
+}
+
+static PRStatus
+nssutil_Delete(const char *name)
+{
+ BOOL result;
+
+ if (!name) {
+ return PR_FAILURE;
+ }
+
+ wchar_t *nameWide = _NSSUTIL_UTF8ToWide(name);
+ if (!nameWide) {
+ return PR_FAILURE;
+ }
+ result = DeleteFileW(nameWide);
+ PORT_Free(nameWide);
+
+ return result ? PR_SUCCESS : PR_FAILURE;
+}
+
+static PRStatus
+nssutil_Rename(const char *from, const char *to)
+{
+ BOOL result;
+
+ if (!from || !to) {
+ return PR_FAILURE;
+ }
+
+ wchar_t *fromWide = _NSSUTIL_UTF8ToWide(from);
+ if (!fromWide) {
+ return PR_FAILURE;
+ }
+ wchar_t *toWide = _NSSUTIL_UTF8ToWide(to);
+ if (!toWide) {
+ PORT_Free(fromWide);
+ return PR_FAILURE;
+ }
+ result = MoveFileW(fromWide, toWide);
+ PORT_Free(fromWide);
+ PORT_Free(toWide);
+
+ return result ? PR_SUCCESS : PR_FAILURE;
+}
#else
+#define os_fopen fopen
#define os_open open
#define os_fdopen fdopen
#define os_stat stat
@@ -51,6 +221,8 @@
#define os_open_permissions_type mode_t
#define os_open_permissions_default 0600
#define os_stat_type struct stat
+#define nssutil_Delete PR_Delete
+#define nssutil_Rename PR_Rename
#endif
/****************************************************************
@@ -219,7 +391,7 @@ nssutil_ReadSecmodDB(const char *appName,
}
/* do we really want to use streams here */
- fd = fopen(dbname, "r");
+ fd = os_fopen(dbname, "r");
if (fd == NULL)
goto done;
@@ -403,7 +575,7 @@ done:
}
/* old one exists */
- status = PR_Access(olddbname, PR_ACCESS_EXISTS);
+ status = _NSSUTIL_Access(olddbname, PR_ACCESS_EXISTS);
if (status == PR_SUCCESS) {
PR_smprintf_free(olddbname);
PORT_ZFree(moduleList, useCount * sizeof(char *));
@@ -532,7 +704,7 @@ nssutil_DeleteSecmodDBEntry(const char *appName,
}
/* do we really want to use streams here */
- fd = fopen(dbname, "r");
+ fd = os_fopen(dbname, "r");
if (fd == NULL)
goto loser;
@@ -602,10 +774,10 @@ nssutil_DeleteSecmodDBEntry(const char *appName,
fclose(fd2);
if (found) {
/* rename dbname2 to dbname */
- PR_Delete(dbname);
- PR_Rename(dbname2, dbname);
+ nssutil_Delete(dbname);
+ nssutil_Rename(dbname2, dbname);
} else {
- PR_Delete(dbname2);
+ nssutil_Delete(dbname2);
}
PORT_Free(dbname2);
PORT_Free(lib);
@@ -621,7 +793,7 @@ loser:
fclose(fd2);
}
if (dbname2) {
- PR_Delete(dbname2);
+ nssutil_Delete(dbname2);
PORT_Free(dbname2);
}
PORT_Free(lib);
diff --git a/security/nss/lib/util/utilpars.c b/security/nss/lib/util/utilpars.c
index 7116d26f3..e7435bfcc 100644
--- a/security/nss/lib/util/utilpars.c
+++ b/security/nss/lib/util/utilpars.c
@@ -589,6 +589,7 @@ struct nssutilArgSlotFlagTable {
}
static struct nssutilArgSlotFlagTable nssutil_argSlotFlagTable[] = {
NSSUTIL_ARG_ENTRY(RSA, SECMOD_RSA_FLAG),
+ NSSUTIL_ARG_ENTRY(ECC, SECMOD_ECC_FLAG),
NSSUTIL_ARG_ENTRY(DSA, SECMOD_RSA_FLAG),
NSSUTIL_ARG_ENTRY(RC2, SECMOD_RC4_FLAG),
NSSUTIL_ARG_ENTRY(RC4, SECMOD_RC2_FLAG),
@@ -1110,12 +1111,8 @@ _NSSUTIL_EvaluateConfigDir(const char *configdir,
NSSDBType dbType;
PRBool checkEnvDefaultDB = PR_FALSE;
*appName = NULL;
-/* force the default */
-#ifdef NSS_DISABLE_DBM
+ /* force the default */
dbType = NSS_DB_TYPE_SQL;
-#else
- dbType = NSS_DB_TYPE_LEGACY;
-#endif
if (configdir == NULL) {
checkEnvDefaultDB = PR_TRUE;
} else if (PORT_Strncmp(configdir, MULTIACCESS, sizeof(MULTIACCESS) - 1) == 0) {
diff --git a/security/nss/lib/util/utilpars.h b/security/nss/lib/util/utilpars.h
index 70767263a..1b0b1ff1c 100644
--- a/security/nss/lib/util/utilpars.h
+++ b/security/nss/lib/util/utilpars.h
@@ -59,5 +59,11 @@ char *NSSUTIL_MkNSSString(char **slotStrings, int slotCount, PRBool internal,
char *_NSSUTIL_GetSecmodName(const char *param, NSSDBType *dbType,
char **appName, char **filename, PRBool *rw);
const char *_NSSUTIL_EvaluateConfigDir(const char *configdir, NSSDBType *dbType, char **app);
+#if defined(_WIN32)
+wchar_t *_NSSUTIL_UTF8ToWide(const char *buf);
+PRStatus _NSSUTIL_Access(const char *path, PRAccessHow how);
+#else
+#define _NSSUTIL_Access(path, how) PR_Access((path), (how))
+#endif
#endif /* _UTILPARS_H_ */
diff --git a/security/nss/lib/util/utilparst.h b/security/nss/lib/util/utilparst.h
index f2148e6e3..5dda09028 100644
--- a/security/nss/lib/util/utilparst.h
+++ b/security/nss/lib/util/utilparst.h
@@ -43,7 +43,7 @@
#define NSSUTIL_DEFAULT_INTERNAL_INIT3 \
" askpw=any timeout=30})\""
#define NSSUTIL_DEFAULT_SFTKN_FLAGS \
- "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
+ "slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
#define NSSUTIL_DEFAULT_CIPHER_ORDER 0
#define NSSUTIL_DEFAULT_TRUST_ORDER 50
diff --git a/security/nss/lib/util/utilrename.h b/security/nss/lib/util/utilrename.h
index 1aea3d284..19ddba666 100644
--- a/security/nss/lib/util/utilrename.h
+++ b/security/nss/lib/util/utilrename.h
@@ -70,6 +70,8 @@
#define PORT_UCS2_ASCIIConversion PORT_UCS2_ASCIIConversion_Util
#define PORT_UCS2_UTF8Conversion PORT_UCS2_UTF8Conversion_Util
#define PORT_ZAlloc PORT_ZAlloc_Util
+#define PORT_ZAllocAligned PORT_ZAllocAligned_Util
+#define PORT_ZAllocAlignedOffset PORT_ZAllocAlignedOffset_Util
#define PORT_ZFree PORT_ZFree_Util
#define SEC_ASN1Decode SEC_ASN1Decode_Util
#define SEC_ASN1DecodeInteger SEC_ASN1DecodeInteger_Util