--- misc/nss-3.39/nss/cmd/signtool/sign.c 2016-06-20 14:11:28.000000000 -0300 +++ misc/build/nss-3.39/nss/cmd/signtool/sign.c 2019-11-01 13:32:56.496828470 -0300 @@ -8,6 +8,10 @@ #include "blapi.h" #include "sechash.h" /* for HASH_GetHashObject() */ +#if defined(_MSC_VER) && _MSC_VER < 1900 +#define snprintf _snprintf +#endif + static int create_pk7(char *dir, char *keyName, int *keyType); static int jar_find_key_type(CERTCertificate *cert); static int manifesto(char *dirname, char *install_script, PRBool recurse); diff -ur misc/nss-3.39/nss/cmd/Makefile misc/build/nss-3.39/nss/cmd/Makefile --- misc/nss-3.39/nss/cmd/Makefile 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/cmd/Makefile 2018-10-22 14:53:30.297923000 -0700 @@ -21,7 +21,8 @@ FIPSTEST_SRCDIR = SHLIBSIGN_SRCDIR = else -BLTEST_SRCDIR = bltest +# BLTEST_SRCDIR = bltest +BLTEST_SRCDIR = ECPERF_SRCDIR = ecperf FREEBL_ECTEST_SRCDIR = fbectest FIPSTEST_SRCDIR = fipstest diff -ur misc/nss-3.39/nss/cmd/lib/secutil.c misc/build/nss-3.39/nss/cmd/lib/secutil.c --- misc/nss-3.39/nss/cmd/lib/secutil.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/cmd/lib/secutil.c 2018-10-22 10:44:05.694582000 -0700 @@ -217,6 +217,7 @@ secuPWData *pwdata = (secuPWData *)arg; secuPWData pwnull = { PW_NONE, 0 }; secuPWData pwxtrn = { PW_EXTERNAL, "external" }; + char *pw; if (pwdata == NULL) pwdata = &pwnull; @@ -240,7 +241,7 @@ sprintf(prompt, "Press Enter, then enter PIN for \"%s\" on external device.\n", PK11_GetTokenName(slot)); - char *pw = SECU_GetPasswordString(NULL, prompt); + pw = SECU_GetPasswordString(NULL, prompt); PORT_Free(pw); /* Fall Through */ case PW_PLAINTEXT: @@ -3841,10 +3842,11 @@ countItems(const char *arg, unsigned int *numItems) { char *str = PORT_Strdup(arg); + char *p; if (!str) { return SECFailure; } - char *p = strtok(str, ","); + p = strtok(str, ","); while (p) { ++(*numItems); p = strtok(NULL, ","); @@ -3943,6 +3945,8 @@ SSLSignatureScheme *schemes; unsigned int numValues = 0; unsigned int count = 0; + char *str; + char *p; if (countItems(arg, &numValues) != SECSuccess) { return SECFailure; @@ -3953,11 +3957,11 @@ } /* Get group names. */ - char *str = PORT_Strdup(arg); + str = PORT_Strdup(arg); if (!str) { goto done; } - char *p = strtok(str, ","); + p = strtok(str, ","); while (p) { SSLSignatureScheme scheme = schemeNameToScheme(p); if (scheme == ssl_sig_none) { diff -ur misc/nss-3.39/nss/cmd/signtool/javascript.c misc/build/nss-3.39/nss/cmd/signtool/javascript.c --- misc/nss-3.39/nss/cmd/signtool/javascript.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/cmd/signtool/javascript.c 2018-10-22 15:02:16.878938000 -0700 @@ -1672,7 +1672,7 @@ { char fn[FNSIZE]; PRDir *dir; - int c = snprintf(fn, sizeof(fn), "%s/%s", basepath, path); + int c = PR_snprintf(fn, sizeof(fn), "%s/%s", basepath, path); if (c >= sizeof(fn)) { return PR_FAILURE; } diff -ur misc/nss-3.39/nss/cmd/signtool/sign.c misc/build/nss-3.39/nss/cmd/signtool/sign.c --- misc/nss-3.39/nss/cmd/signtool/sign.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/cmd/signtool/sign.c 2018-10-22 15:01:53.353243000 -0700 @@ -82,13 +82,13 @@ } /* rsa/dsa to zip */ - count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); + count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); if (count >= sizeof(tempfn)) { PR_fprintf(errorFD, "unable to write key metadata\n"); errorCount++; exit(ERRX); } - count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); + count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); if (count >= sizeof(fullfn)) { PR_fprintf(errorFD, "unable to write key metadata\n"); errorCount++; @@ -103,7 +103,7 @@ } /* mf to zip */ strcpy(tempfn, "META-INF/manifest.mf"); - count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); + count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); if (count >= sizeof(fullfn)) { PR_fprintf(errorFD, "unable to write manifest\n"); errorCount++; @@ -112,13 +112,13 @@ JzipAdd(fullfn, tempfn, zipfile, compression_level); /* sf to zip */ - count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); + count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); if (count >= sizeof(tempfn)) { PR_fprintf(errorFD, "unable to write sf metadata\n"); errorCount++; exit(ERRX); } - count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); + count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); if (count >= sizeof(fullfn)) { PR_fprintf(errorFD, "unable to write sf metadata\n"); errorCount++; @@ -129,13 +129,13 @@ /* Add the rsa/dsa file to the zip archive normally */ if (!xpi_arc) { /* rsa/dsa to zip */ - count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); + count = PR_snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); if (count >= sizeof(tempfn)) { PR_fprintf(errorFD, "unable to write key metadata\n"); errorCount++; exit(ERRX); } - count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); + count = PR_snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); if (count >= sizeof(fullfn)) { PR_fprintf(errorFD, "unable to write key metadata\n"); errorCount++; @@ -456,7 +456,7 @@ if (!PL_HashTableLookup(extensions, ext)) return 0; } - count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); + count = PR_snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); if (count >= sizeof(fullname)) { return 1; } diff -ur misc/nss-3.39/nss/gtests/freebl_gtest/kat/blake2b_kat.h misc/build/nss-3.39/nss/gtests/freebl_gtest/kat/blake2b_kat.h --- misc/nss-3.39/nss/gtests/freebl_gtest/kat/blake2b_kat.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/gtests/freebl_gtest/kat/blake2b_kat.h 2018-10-21 01:47:24.131348000 -0700 @@ -5,7 +5,23 @@ /* https://github.com/BLAKE2/BLAKE2/blob/master/testvectors/blake2b-kat.txt */ #include -#include +#if defined(_MSC_VER) && _MSC_VER < 1600 + #ifdef _WIN64 +typedef unsigned __int64 uintptr_t; + #else +typedef unsigned int uintptr_t; + #endif +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +#define UINT8_MAX 0xff +#define UINT16_MAX 0xffff +#define UINT32_MAX 0xffffffffu +#define UINT64_MAX 0xffffffffffffffffU +#else + #include +#endif const std::vector kat_key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, @@ -4643,4 +4659,4 @@ 0x10, 0x70, 0xfa, 0xa0, 0x37, 0x2a, 0xa4, 0x3e, 0x92, 0x48, 0x4b, 0xe1, 0xc1, 0xe7, 0x3b, 0xa1, 0x09, 0x06, 0xd5, 0xd1, 0x85, 0x3d, 0xb6, 0xa4, 0x10, 0x6e, 0x0a, 0x7b, 0xf9, 0x80, 0x0d, 0x37, 0x3d, - 0x6d, 0xee, 0x2d, 0x46, 0xd6, 0x2e, 0xf2, 0xa4, 0x61}))}; \ No newline at end of file + 0x6d, 0xee, 0x2d, 0x46, 0xd6, 0x2e, 0xf2, 0xa4, 0x61}))}; diff -ur misc/nss-3.39/nss/gtests/ssl_gtest/libssl_internals.h misc/build/nss-3.39/nss/gtests/ssl_gtest/libssl_internals.h --- misc/nss-3.39/nss/gtests/ssl_gtest/libssl_internals.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/gtests/ssl_gtest/libssl_internals.h 2018-10-21 01:47:16.342484000 -0700 @@ -7,7 +7,23 @@ #ifndef libssl_internals_h_ #define libssl_internals_h_ -#include +#if defined(_MSC_VER) && _MSC_VER < 1600 + #ifdef _WIN64 +typedef unsigned __int64 uintptr_t; + #else +typedef unsigned int uintptr_t; + #endif +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +#define UINT8_MAX 0xff +#define UINT16_MAX 0xffff +#define UINT32_MAX 0xffffffffu +#define UINT64_MAX 0xffffffffffffffffU +#else + #include +#endif #include "prio.h" #include "seccomon.h" diff -ur misc/nss-3.39/nss/lib/freebl/blake2b.c misc/build/nss-3.39/nss/lib/freebl/blake2b.c --- misc/nss-3.39/nss/lib/freebl/blake2b.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/blake2b.c 2018-10-21 15:08:03.065644000 -0700 @@ -147,6 +147,7 @@ blake2b_Begin(BLAKE2BContext* ctx, uint8_t outlen, const uint8_t* key, size_t keylen) { + uint64_t param; PORT_Assert(ctx != NULL); if (!ctx) { goto failure; @@ -164,7 +165,7 @@ } /* Mix key size(keylen) and desired hash length(outlen) into h0 */ - uint64_t param = outlen ^ (keylen << 8) ^ (1 << 16) ^ (1 << 24); + param = outlen ^ (keylen << 8) ^ (1 << 16) ^ (1 << 24); PORT_Memcpy(ctx->h, iv, 8 * 8); ctx->h[0] ^= param; ctx->outlen = outlen; @@ -402,12 +403,13 @@ BLAKE2BContext* BLAKE2B_Resurrect(unsigned char* space, void* arg) { + BLAKE2BContext* ctx; PORT_Assert(space != NULL); if (!space) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } - BLAKE2BContext* ctx = BLAKE2B_NewContext(); + ctx = BLAKE2B_NewContext(); if (ctx == NULL) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; diff -ur misc/nss-3.39/nss/lib/freebl/blake2b.h misc/build/nss-3.39/nss/lib/freebl/blake2b.h --- misc/nss-3.39/nss/lib/freebl/blake2b.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/blake2b.h 2018-10-21 01:46:57.467020000 -0700 @@ -9,7 +9,23 @@ #define BLAKE_H #include -#include +#if defined(_MSC_VER) && _MSC_VER < 1600 + #ifdef _WIN64 +typedef unsigned __int64 uintptr_t; + #else +typedef unsigned int uintptr_t; + #endif +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +#define UINT8_MAX 0xff +#define UINT16_MAX 0xffff +#define UINT32_MAX 0xffffffffu +#define UINT64_MAX 0xffffffffffffffffU +#else + #include +#endif struct Blake2bContextStr { uint64_t h[8]; /* chained state */ diff -ur misc/nss-3.39/nss/lib/freebl/chacha20poly1305.c misc/build/nss-3.39/nss/lib/freebl/chacha20poly1305.c --- misc/nss-3.39/nss/lib/freebl/chacha20poly1305.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/chacha20poly1305.c 2018-10-21 21:01:18.295557000 -0700 @@ -77,14 +77,14 @@ Hacl_Poly1305_mk_state(stateStack, stateStack + offset); unsigned char block[16] = { 0 }; + unsigned int i; + unsigned int j; Hacl_Poly1305_init(state, (uint8_t *)key); Poly1305PadUpdate(state, block, ad, adLen); memset(block, 0, 16); Poly1305PadUpdate(state, block, ciphertext, ciphertextLen); - unsigned int i; - unsigned int j; for (i = 0, j = adLen; i < 8; i++, j >>= 8) { block[i] = j; } diff -ur misc/nss-3.39/nss/lib/freebl/ecl/ecp_25519.c misc/build/nss-3.39/nss/lib/freebl/ecl/ecp_25519.c --- misc/nss-3.39/nss/lib/freebl/ecl/ecp_25519.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/ecl/ecp_25519.c 2018-10-21 21:06:07.350639000 -0700 @@ -104,6 +104,7 @@ { PRUint8 *px; PRUint8 basePoint[32] = { 9 }; + SECStatus rv; if (!P) { px = basePoint; @@ -115,7 +116,7 @@ px = P->data; } - SECStatus rv = ec_Curve25519_mul(X->data, k->data, px); + rv = ec_Curve25519_mul(X->data, k->data, px); if (NSS_SecureMemcmpZero(X->data, X->len) == 0) { return SECFailure; } diff -ur misc/nss-3.39/nss/lib/freebl/gcm.h misc/build/nss-3.39/nss/lib/freebl/gcm.h --- misc/nss-3.39/nss/lib/freebl/gcm.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/gcm.h 2018-10-21 01:46:50.706497000 -0700 @@ -6,7 +6,23 @@ #define GCM_H 1 #include "blapii.h" -#include +#if defined(_MSC_VER) && _MSC_VER < 1600 + #ifdef _WIN64 +typedef unsigned __int64 uintptr_t; + #else +typedef unsigned int uintptr_t; + #endif +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +#define UINT8_MAX 0xff +#define UINT16_MAX 0xffff +#define UINT32_MAX 0xffffffffu +#define UINT64_MAX 0xffffffffffffffffU +#else + #include +#endif #ifdef NSS_X86_OR_X64 /* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */ diff -ur misc/nss-3.39/nss/lib/freebl/rijndael.h misc/build/nss-3.39/nss/lib/freebl/rijndael.h --- misc/nss-3.39/nss/lib/freebl/rijndael.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/rijndael.h 2018-10-21 01:47:05.758087000 -0700 @@ -6,7 +6,23 @@ #define _RIJNDAEL_H_ 1 #include "blapii.h" -#include +#if defined(_MSC_VER) && _MSC_VER < 1600 + #ifdef _WIN64 +typedef unsigned __int64 uintptr_t; + #else +typedef unsigned int uintptr_t; + #endif +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +#define UINT8_MAX 0xff +#define UINT16_MAX 0xffff +#define UINT32_MAX 0xffffffffu +#define UINT64_MAX 0xffffffffffffffffU +#else + #include +#endif #if defined(NSS_X86_OR_X64) /* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */ diff -ur misc/nss-3.39/nss/lib/freebl/verified/FStar.c misc/build/nss-3.39/nss/lib/freebl/verified/FStar.c --- misc/nss-3.39/nss/lib/freebl/verified/FStar.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/FStar.c 2018-10-21 23:50:44.099188000 -0700 @@ -32,37 +32,37 @@ FStar_UInt128_uint128 FStar_UInt128_add(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ( - (FStar_UInt128_uint128){ - .low = a.low + b.low, - .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }); + FStar_UInt128_uint128 ret; + ret.low = a.low + b.low; + ret.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return (ret); } FStar_UInt128_uint128 FStar_UInt128_add_mod(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ( - (FStar_UInt128_uint128){ - .low = a.low + b.low, - .high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low) }); + FStar_UInt128_uint128 ret; + ret.low = a.low + b.low; + ret.high = a.high + b.high + FStar_UInt128_carry(a.low + b.low, b.low); + return (ret); } FStar_UInt128_uint128 FStar_UInt128_sub(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ( - (FStar_UInt128_uint128){ - .low = a.low - b.low, - .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }); + FStar_UInt128_uint128 ret; + ret.low = a.low - b.low; + ret.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return (ret); } static FStar_UInt128_uint128 FStar_UInt128_sub_mod_impl(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ( - (FStar_UInt128_uint128){ - .low = a.low - b.low, - .high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low) }); + FStar_UInt128_uint128 ret; + ret.low = a.low - b.low; + ret.high = a.high - b.high - FStar_UInt128_carry(a.low, a.low - b.low); + return (ret); } FStar_UInt128_uint128 @@ -74,25 +74,37 @@ FStar_UInt128_uint128 FStar_UInt128_logand(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ((FStar_UInt128_uint128){.low = a.low & b.low, .high = a.high & b.high }); + FStar_UInt128_uint128 ret; + ret.low = a.low & b.low; + ret.high = a.high & b.high; + return (ret); } FStar_UInt128_uint128 FStar_UInt128_logxor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ((FStar_UInt128_uint128){.low = a.low ^ b.low, .high = a.high ^ b.high }); + FStar_UInt128_uint128 ret; + ret.low = a.low ^ b.low; + ret.high = a.high ^ b.high; + return (ret); } FStar_UInt128_uint128 FStar_UInt128_logor(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ((FStar_UInt128_uint128){.low = a.low | b.low, .high = a.high | b.high }); + FStar_UInt128_uint128 ret; + ret.low = a.low | b.low; + ret.high = a.high | b.high; + return (ret); } FStar_UInt128_uint128 FStar_UInt128_lognot(FStar_UInt128_uint128 a) { - return ((FStar_UInt128_uint128){.low = ~a.low, .high = ~a.high }); + FStar_UInt128_uint128 ret; + ret.low = ~a.low; + ret.high = ~a.high; + return (ret); } static uint32_t FStar_UInt128_u32_64 = (uint32_t)64U; @@ -112,19 +124,23 @@ static FStar_UInt128_uint128 FStar_UInt128_shift_left_small(FStar_UInt128_uint128 a, uint32_t s) { + FStar_UInt128_uint128 ret; if (s == (uint32_t)0U) return a; - else - return ( - (FStar_UInt128_uint128){ - .low = a.low << s, - .high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s) }); + else { + ret.low = a.low << s; + ret.high = FStar_UInt128_add_u64_shift_left_respec(a.high, a.low, s); + return (ret); + } } static FStar_UInt128_uint128 FStar_UInt128_shift_left_large(FStar_UInt128_uint128 a, uint32_t s) { - return ((FStar_UInt128_uint128){.low = (uint64_t)0U, .high = a.low << (s - FStar_UInt128_u32_64) }); + FStar_UInt128_uint128 ret; + ret.low = (uint64_t)0U; + ret.high = a.low << (s - FStar_UInt128_u32_64); + return (ret); } FStar_UInt128_uint128 @@ -151,19 +167,23 @@ static FStar_UInt128_uint128 FStar_UInt128_shift_right_small(FStar_UInt128_uint128 a, uint32_t s) { + FStar_UInt128_uint128 ret; if (s == (uint32_t)0U) return a; - else - return ( - (FStar_UInt128_uint128){ - .low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s), - .high = a.high >> s }); + else { + ret.low = FStar_UInt128_add_u64_shift_right_respec(a.high, a.low, s); + ret.high = a.high >> s; + return (ret); + } } static FStar_UInt128_uint128 FStar_UInt128_shift_right_large(FStar_UInt128_uint128 a, uint32_t s) { - return ((FStar_UInt128_uint128){.low = a.high >> (s - FStar_UInt128_u32_64), .high = (uint64_t)0U }); + FStar_UInt128_uint128 ret; + ret.low = a.high >> (s - FStar_UInt128_u32_64); + ret.high = (uint64_t)0U; + return (ret); } FStar_UInt128_uint128 @@ -178,25 +198,28 @@ FStar_UInt128_uint128 FStar_UInt128_eq_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ( - (FStar_UInt128_uint128){ - .low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high), - .high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high) }); + FStar_UInt128_uint128 ret; + ret.low = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + ret.high = FStar_UInt64_eq_mask(a.low, b.low) & FStar_UInt64_eq_mask(a.high, b.high); + return (ret); } FStar_UInt128_uint128 FStar_UInt128_gte_mask(FStar_UInt128_uint128 a, FStar_UInt128_uint128 b) { - return ( - (FStar_UInt128_uint128){ - .low = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)), - .high = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)) }); + FStar_UInt128_uint128 ret; + ret.low = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); + ret.high = (FStar_UInt64_gte_mask(a.high, b.high) & ~FStar_UInt64_eq_mask(a.high, b.high)) | (FStar_UInt64_eq_mask(a.high, b.high) & FStar_UInt64_gte_mask(a.low, b.low)); + return (ret); } FStar_UInt128_uint128 FStar_UInt128_uint64_to_uint128(uint64_t a) { - return ((FStar_UInt128_uint128){.low = a, .high = (uint64_t)0U }); + FStar_UInt128_uint128 ret; + ret.low = a; + ret.high = (uint64_t)0U; + return (ret); } uint64_t @@ -218,12 +241,13 @@ static K___uint64_t_uint64_t_uint64_t_uint64_t FStar_UInt128_mul_wide_impl_t_(uint64_t x, uint64_t y) { - return ( - (K___uint64_t_uint64_t_uint64_t_uint64_t){ - .fst = FStar_UInt128_u64_mod_32(x), - .snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)), - .thd = x >> FStar_UInt128_u32_32, - .f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32) }); + + K___uint64_t_uint64_t_uint64_t_uint64_t ret; + ret.fst = FStar_UInt128_u64_mod_32(x); + ret.snd = FStar_UInt128_u64_mod_32(FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y)); + ret.thd = x >> FStar_UInt128_u32_32; + ret.f3 = (x >> FStar_UInt128_u32_32) * FStar_UInt128_u64_mod_32(y) + (FStar_UInt128_u64_mod_32(x) * FStar_UInt128_u64_mod_32(y) >> FStar_UInt128_u32_32); + return (ret); } static uint64_t @@ -240,12 +264,12 @@ uint64_t w3 = scrut.snd; uint64_t x_ = scrut.thd; uint64_t t_ = scrut.f3; - return ( - (FStar_UInt128_uint128){ - .low = FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), - w3), - .high = x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + - ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32) }); + FStar_UInt128_uint128 ret; + ret.low = FStar_UInt128_u32_combine_(u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_), + w3); + ret.high = x_ * (y >> FStar_UInt128_u32_32) + (t_ >> FStar_UInt128_u32_32) + + ((u1 * (y >> FStar_UInt128_u32_32) + FStar_UInt128_u64_mod_32(t_)) >> FStar_UInt128_u32_32); + return (ret); } FStar_UInt128_uint128 diff -ur misc/nss-3.39/nss/lib/freebl/verified/FStar.h misc/build/nss-3.39/nss/lib/freebl/verified/FStar.h --- misc/nss-3.39/nss/lib/freebl/verified/FStar.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/FStar.h 2018-10-21 23:03:05.151005000 -0700 @@ -17,6 +17,7 @@ #ifndef __FStar_H #define __FStar_H +#include "secport.h" #include "kremlib_base.h" typedef struct diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.c misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.c --- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.c 2018-10-21 21:47:24.553180000 -0700 @@ -18,7 +18,8 @@ static void Hacl_Lib_LoadStore32_uint32s_from_le_bytes(uint32_t *output, uint8_t *input, uint32_t len) { - for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { uint8_t *x0 = input + (uint32_t)4U * i; uint32_t inputi = load32_le(x0); output[i] = inputi; @@ -28,7 +29,8 @@ static void Hacl_Lib_LoadStore32_uint32s_to_le_bytes(uint8_t *output, uint32_t *input, uint32_t len) { - for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { uint32_t hd1 = input[i]; uint8_t *x0 = output + (uint32_t)4U * i; store32_le(x0, hd1); @@ -46,31 +48,49 @@ { uint32_t sa = st[a]; uint32_t sb0 = st[b]; + uint32_t sd; + uint32_t sa10; + uint32_t sda; + uint32_t sa0; + uint32_t sb1; + uint32_t sd0; + uint32_t sa11; + uint32_t sda0; + uint32_t sa2; + uint32_t sb2; + uint32_t sd1; + uint32_t sa12; + uint32_t sda1; + uint32_t sa3; + uint32_t sb; + uint32_t sd2; + uint32_t sa1; + uint32_t sda2; st[a] = sa + sb0; - uint32_t sd = st[d]; - uint32_t sa10 = st[a]; - uint32_t sda = sd ^ sa10; + sd = st[d]; + sa10 = st[a]; + sda = sd ^ sa10; st[d] = Hacl_Impl_Chacha20_rotate_left(sda, (uint32_t)16U); - uint32_t sa0 = st[c]; - uint32_t sb1 = st[d]; + sa0 = st[c]; + sb1 = st[d]; st[c] = sa0 + sb1; - uint32_t sd0 = st[b]; - uint32_t sa11 = st[c]; - uint32_t sda0 = sd0 ^ sa11; + sd0 = st[b]; + sa11 = st[c]; + sda0 = sd0 ^ sa11; st[b] = Hacl_Impl_Chacha20_rotate_left(sda0, (uint32_t)12U); - uint32_t sa2 = st[a]; - uint32_t sb2 = st[b]; + sa2 = st[a]; + sb2 = st[b]; st[a] = sa2 + sb2; - uint32_t sd1 = st[d]; - uint32_t sa12 = st[a]; - uint32_t sda1 = sd1 ^ sa12; + sd1 = st[d]; + sa12 = st[a]; + sda1 = sd1 ^ sa12; st[d] = Hacl_Impl_Chacha20_rotate_left(sda1, (uint32_t)8U); - uint32_t sa3 = st[c]; - uint32_t sb = st[d]; + sa3 = st[c]; + sb = st[d]; st[c] = sa3 + sb; - uint32_t sd2 = st[b]; - uint32_t sa1 = st[c]; - uint32_t sda2 = sd2 ^ sa1; + sd2 = st[b]; + sa1 = st[c]; + sda2 = sd2 ^ sa1; st[b] = Hacl_Impl_Chacha20_rotate_left(sda2, (uint32_t)7U); } @@ -90,14 +110,16 @@ inline static void Hacl_Impl_Chacha20_rounds(uint32_t *st) { - for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) Hacl_Impl_Chacha20_double_round(st); } inline static void Hacl_Impl_Chacha20_sum_states(uint32_t *st, uint32_t *st_) { - for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { uint32_t xi = st[i]; uint32_t yi = st_[i]; st[i] = xi + yi; @@ -150,9 +172,10 @@ uint32_t *k = b; uint32_t *ib = b + (uint32_t)16U; uint32_t *ob = b + (uint32_t)32U; + uint32_t i; Hacl_Impl_Chacha20_chacha20_core(k, st, ctr); Hacl_Lib_LoadStore32_uint32s_from_le_bytes(ib, plain, (uint32_t)16U); - for (uint32_t i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { + for (i = (uint32_t)0U; i < (uint32_t)16U; i = i + (uint32_t)1U) { uint32_t xi = ib[i]; uint32_t yi = k[i]; ob[i] = xi ^ yi; @@ -169,9 +192,11 @@ uint32_t ctr) { uint8_t block[64U] = { 0U }; + uint8_t *mask; + uint32_t i; Hacl_Impl_Chacha20_chacha20_block(block, st, ctr); - uint8_t *mask = block; - for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { + mask = block; + for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { uint8_t xi = plain[i]; uint8_t yi = mask[i]; output[i] = xi ^ yi; @@ -186,7 +211,8 @@ uint32_t *st, uint32_t ctr) { - for (uint32_t i = (uint32_t)0U; i < num_blocks; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < num_blocks; i = i + (uint32_t)1U) { uint8_t *b = plain + (uint32_t)64U * i; uint8_t *o = output + (uint32_t)64U * i; Hacl_Impl_Chacha20_update(o, b, st, ctr + i); diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.h misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.h --- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20.h 2018-10-21 21:12:36.078858000 -0700 @@ -13,6 +13,7 @@ * limitations under the License. */ +#include "secport.h" #include "kremlib.h" #ifndef __Hacl_Chacha20_H #define __Hacl_Chacha20_H diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c --- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.c 2018-10-21 22:13:55.130785000 -0700 @@ -25,14 +25,18 @@ inline static void Hacl_Impl_Chacha20_Vec128_State_state_to_key_block(uint8_t *stream_block, vec *k) { + uint8_t *a; + uint8_t *b; + uint8_t *c; + uint8_t *d; vec k0 = k[0U]; vec k1 = k[1U]; vec k2 = k[2U]; vec k3 = k[3U]; - uint8_t *a = stream_block; - uint8_t *b = stream_block + (uint32_t)16U; - uint8_t *c = stream_block + (uint32_t)32U; - uint8_t *d = stream_block + (uint32_t)48U; + a = stream_block; + b = stream_block + (uint32_t)16U; + c = stream_block + (uint32_t)32U; + d = stream_block + (uint32_t)48U; vec_store_le(a, k0); vec_store_le(b, k1); vec_store_le(c, k2); @@ -42,21 +46,29 @@ inline static void Hacl_Impl_Chacha20_Vec128_State_state_setup(vec *st, uint8_t *k, uint8_t *n1, uint32_t c) { + vec k0; + vec k1; + uint32_t n0; + uint8_t *x00; + uint32_t n10; + uint8_t *x0; + uint32_t n2; + vec v1; st[0U] = vec_load_32x4((uint32_t)0x61707865U, (uint32_t)0x3320646eU, (uint32_t)0x79622d32U, (uint32_t)0x6b206574U); - vec k0 = vec_load128_le(k); - vec k1 = vec_load128_le(k + (uint32_t)16U); + k0 = vec_load128_le(k); + k1 = vec_load128_le(k + (uint32_t)16U); st[1U] = k0; st[2U] = k1; - uint32_t n0 = load32_le(n1); - uint8_t *x00 = n1 + (uint32_t)4U; - uint32_t n10 = load32_le(x00); - uint8_t *x0 = n1 + (uint32_t)8U; - uint32_t n2 = load32_le(x0); - vec v1 = vec_load_32x4(c, n0, n10, n2); + n0 = load32_le(n1); + x00 = n1 + (uint32_t)4U; + n10 = load32_le(x00); + x0 = n1 + (uint32_t)8U; + n2 = load32_le(x0); + v1 = vec_load_32x4(c, n0, n10, n2); st[3U] = v1; } @@ -68,27 +80,42 @@ vec sd0 = st[3U]; vec sa10 = vec_add(sa, sb0); vec sd10 = vec_rotate_left(vec_xor(sd0, sa10), (uint32_t)16U); + vec sa0; + vec sb1; + vec sd2; + vec sa11; + vec sd11; + vec sa2; + vec sb2; + vec sd3; + vec sa12; + vec sd12; + vec sa3; + vec sb; + vec sd; + vec sa1; + vec sd1; st[0U] = sa10; st[3U] = sd10; - vec sa0 = st[2U]; - vec sb1 = st[3U]; - vec sd2 = st[1U]; - vec sa11 = vec_add(sa0, sb1); - vec sd11 = vec_rotate_left(vec_xor(sd2, sa11), (uint32_t)12U); + sa0 = st[2U]; + sb1 = st[3U]; + sd2 = st[1U]; + sa11 = vec_add(sa0, sb1); + sd11 = vec_rotate_left(vec_xor(sd2, sa11), (uint32_t)12U); st[2U] = sa11; st[1U] = sd11; - vec sa2 = st[0U]; - vec sb2 = st[1U]; - vec sd3 = st[3U]; - vec sa12 = vec_add(sa2, sb2); - vec sd12 = vec_rotate_left(vec_xor(sd3, sa12), (uint32_t)8U); + sa2 = st[0U]; + sb2 = st[1U]; + sd3 = st[3U]; + sa12 = vec_add(sa2, sb2); + sd12 = vec_rotate_left(vec_xor(sd3, sa12), (uint32_t)8U); st[0U] = sa12; st[3U] = sd12; - vec sa3 = st[2U]; - vec sb = st[3U]; - vec sd = st[1U]; - vec sa1 = vec_add(sa3, sb); - vec sd1 = vec_rotate_left(vec_xor(sd, sa1), (uint32_t)7U); + sa3 = st[2U]; + sb = st[3U]; + sd = st[1U]; + sa1 = vec_add(sa3, sb); + sd1 = vec_rotate_left(vec_xor(sd, sa1), (uint32_t)7U); st[2U] = sa1; st[1U] = sd1; } @@ -96,17 +123,23 @@ inline static void Hacl_Impl_Chacha20_Vec128_double_round(vec *st) { + vec r1; + vec r20; + vec r30; + vec r10; + vec r2; + vec r3; Hacl_Impl_Chacha20_Vec128_round(st); - vec r1 = st[1U]; - vec r20 = st[2U]; - vec r30 = st[3U]; + r1 = st[1U]; + r20 = st[2U]; + r30 = st[3U]; st[1U] = vec_shuffle_right(r1, (uint32_t)1U); st[2U] = vec_shuffle_right(r20, (uint32_t)2U); st[3U] = vec_shuffle_right(r30, (uint32_t)3U); Hacl_Impl_Chacha20_Vec128_round(st); - vec r10 = st[1U]; - vec r2 = st[2U]; - vec r3 = st[3U]; + r10 = st[1U]; + r2 = st[2U]; + r3 = st[3U]; st[1U] = vec_shuffle_right(r10, (uint32_t)3U); st[2U] = vec_shuffle_right(r2, (uint32_t)2U); st[3U] = vec_shuffle_right(r3, (uint32_t)1U); @@ -153,8 +186,9 @@ inline static void Hacl_Impl_Chacha20_Vec128_chacha20_core(vec *k, vec *st) { + uint32_t i; Hacl_Impl_Chacha20_Vec128_copy_state(k, st); - for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) + for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) Hacl_Impl_Chacha20_Vec128_double_round(k); Hacl_Impl_Chacha20_Vec128_sum_states(k, st); } @@ -188,8 +222,9 @@ inline static void Hacl_Impl_Chacha20_Vec128_chacha20_core3(vec *k0, vec *k1, vec *k2, vec *st) { + uint32_t i; Hacl_Impl_Chacha20_Vec128_chacha20_incr3(k0, k1, k2, st); - for (uint32_t i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) + for (i = (uint32_t)0U; i < (uint32_t)10U; i = i + (uint32_t)1U) Hacl_Impl_Chacha20_Vec128_double_round3(k0, k1, k2); Hacl_Impl_Chacha20_Vec128_chacha20_sum3(k0, k1, k2, st); } @@ -197,9 +232,10 @@ inline static void Hacl_Impl_Chacha20_Vec128_chacha20_block(uint8_t *stream_block, vec *st) { - KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); vec k[4U]; - for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) + uint32_t _i; + KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); + for (_i = 0U; _i < (uint32_t)4U; ++_i) k[_i] = vec_zero(); Hacl_Impl_Chacha20_Vec128_chacha20_core(k, st); Hacl_Impl_Chacha20_Vec128_State_state_to_key_block(stream_block, k); @@ -215,9 +251,11 @@ Hacl_Impl_Chacha20_Vec128_update_last(uint8_t *output, uint8_t *plain, uint32_t len, vec *st) { uint8_t block[64U] = { 0U }; + uint8_t *mask; + uint32_t i; Hacl_Impl_Chacha20_Vec128_chacha20_block(block, st); - uint8_t *mask = block; - for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { + mask = block; + for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) { uint8_t xi = plain[i]; uint8_t yi = mask[i]; output[i] = xi ^ yi; @@ -252,9 +290,10 @@ static void Hacl_Impl_Chacha20_Vec128_update(uint8_t *output, uint8_t *plain, vec *st) { - KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); vec k[4U]; - for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) + uint32_t _i; + KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); + for (_i = 0U; _i < (uint32_t)4U; ++_i) k[_i] = vec_zero(); Hacl_Impl_Chacha20_Vec128_chacha20_core(k, st); Hacl_Impl_Chacha20_Vec128_xor_block(output, plain, k); @@ -263,25 +302,32 @@ static void Hacl_Impl_Chacha20_Vec128_update3(uint8_t *output, uint8_t *plain, vec *st) { - KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); vec k0[4U]; - for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) + uint32_t _i; + vec k1[4U]; + vec k2[4U]; + uint8_t *p0; + uint8_t *p1; + uint8_t *p2; + uint8_t *o0; + uint8_t *o1; + uint8_t *o2; + KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); + for (_i = 0U; _i < (uint32_t)4U; ++_i) k0[_i] = vec_zero(); KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); - vec k1[4U]; - for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) + for (_i = 0U; _i < (uint32_t)4U; ++_i) k1[_i] = vec_zero(); KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); - vec k2[4U]; - for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) + for (_i = 0U; _i < (uint32_t)4U; ++_i) k2[_i] = vec_zero(); Hacl_Impl_Chacha20_Vec128_chacha20_core3(k0, k1, k2, st); - uint8_t *p0 = plain; - uint8_t *p1 = plain + (uint32_t)64U; - uint8_t *p2 = plain + (uint32_t)128U; - uint8_t *o0 = output; - uint8_t *o1 = output + (uint32_t)64U; - uint8_t *o2 = output + (uint32_t)128U; + p0 = plain; + p1 = plain + (uint32_t)64U; + p2 = plain + (uint32_t)128U; + o0 = output; + o1 = output + (uint32_t)64U; + o2 = output + (uint32_t)128U; Hacl_Impl_Chacha20_Vec128_xor_block(o0, p0, k0); Hacl_Impl_Chacha20_Vec128_xor_block(o1, p1, k1); Hacl_Impl_Chacha20_Vec128_xor_block(o2, p2, k2); @@ -308,7 +354,8 @@ uint32_t len, vec *st) { - for (uint32_t i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) + uint32_t i; + for (i = (uint32_t)0U; i < len; i = i + (uint32_t)1U) Hacl_Impl_Chacha20_Vec128_update3_(output, plain, len, st, i); } @@ -368,11 +415,13 @@ uint8_t *n1, uint32_t ctr) { - KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); vec buf[4U]; - for (uint32_t _i = 0U; _i < (uint32_t)4U; ++_i) + uint32_t _i; + vec *st; + KRML_CHECK_SIZE(vec_zero(), (uint32_t)4U); + for (_i = 0U; _i < (uint32_t)4U; ++_i) buf[_i] = vec_zero(); - vec *st = buf; + st = buf; Hacl_Impl_Chacha20_Vec128_init(st, k, n1, ctr); Hacl_Impl_Chacha20_Vec128_chacha20_counter_mode(output, plain, len, st); } diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h --- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Chacha20_Vec128.h 2018-10-21 21:52:15.090683000 -0700 @@ -13,6 +13,7 @@ * limitations under the License. */ +#include "secport.h" #include "kremlib.h" #ifndef __Hacl_Chacha20_Vec128_H #define __Hacl_Chacha20_Vec128_H diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.c misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.c --- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.c 2018-10-21 22:57:57.044565000 -0700 @@ -129,6 +129,7 @@ Hacl_Bignum_Fmul_shift_reduce(uint64_t *output) { uint64_t tmp = output[4U]; + uint64_t b0; { uint32_t ctr = (uint32_t)5U - (uint32_t)0U - (uint32_t)1U; uint64_t z = output[ctr - (uint32_t)1U]; @@ -150,13 +151,15 @@ output[ctr] = z; } output[0U] = tmp; - uint64_t b0 = output[0U]; + b0 = output[0U]; output[0U] = (uint64_t)19U * b0; } static void Hacl_Bignum_Fmul_mul_shift_reduce_(FStar_UInt128_t *output, uint64_t *input, uint64_t *input21) { + uint32_t i; + uint64_t input2i; { uint64_t input2i = input21[0U]; Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); @@ -177,8 +180,8 @@ Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); Hacl_Bignum_Fmul_shift_reduce(input); } - uint32_t i = (uint32_t)4U; - uint64_t input2i = input21[i]; + i = (uint32_t)4U; + input2i = input21[i]; Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); } @@ -186,29 +189,35 @@ Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input21) { uint64_t tmp[5U] = { 0U }; + uint32_t _i; + FStar_UInt128_t b4; + FStar_UInt128_t b0; + FStar_UInt128_t b4_; + FStar_UInt128_t b0_; + FStar_UInt128_t t[5U]; + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); - FStar_UInt128_t t[5U]; - for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) + for (_i = 0U; _i < (uint32_t)5U; ++_i) t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input21); Hacl_Bignum_Fproduct_carry_wide_(t); - FStar_UInt128_t b4 = t[4U]; - FStar_UInt128_t b0 = t[0U]; - FStar_UInt128_t - b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); - FStar_UInt128_t - b0_ = - FStar_UInt128_add(b0, + b4 = t[4U]; + b0 = t[0U]; + b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); + b0_ = FStar_UInt128_add(b0, FStar_UInt128_mul_wide((uint64_t)19U, FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); t[4U] = b4_; t[0U] = b0_; Hacl_Bignum_Fproduct_copy_from_wide_(output, t); - uint64_t i0 = output[0U]; - uint64_t i1 = output[1U]; - uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; - uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); + i0 = output[0U]; + i1 = output[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); output[0U] = i0_; output[1U] = i1_; } @@ -226,28 +235,28 @@ uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U; uint64_t d419 = r4 * (uint64_t)19U; uint64_t d4 = d419 * (uint64_t)2U; - FStar_UInt128_t - s0 = + FStar_UInt128_t s0; + FStar_UInt128_t s1; + FStar_UInt128_t s2; + FStar_UInt128_t s3; + FStar_UInt128_t s4; + s0 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(r0, r0), FStar_UInt128_mul_wide(d4, r1)), FStar_UInt128_mul_wide(d2, r3)); - FStar_UInt128_t - s1 = + s1 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r1), FStar_UInt128_mul_wide(d4, r2)), FStar_UInt128_mul_wide(r3 * (uint64_t)19U, r3)); - FStar_UInt128_t - s2 = + s2 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r2), FStar_UInt128_mul_wide(r1, r1)), FStar_UInt128_mul_wide(d4, r3)); - FStar_UInt128_t - s3 = + s3 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r3), FStar_UInt128_mul_wide(d1, r2)), FStar_UInt128_mul_wide(r4, d419)); - FStar_UInt128_t - s4 = + s4 = FStar_UInt128_add(FStar_UInt128_add(FStar_UInt128_mul_wide(d0, r4), FStar_UInt128_mul_wide(d1, r3)), FStar_UInt128_mul_wide(r2, r2)); @@ -261,24 +270,30 @@ inline static void Hacl_Bignum_Fsquare_fsquare_(FStar_UInt128_t *tmp, uint64_t *output) { + FStar_UInt128_t b4; + FStar_UInt128_t b0; + FStar_UInt128_t b4_; + FStar_UInt128_t b0_; + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; Hacl_Bignum_Fsquare_fsquare__(tmp, output); Hacl_Bignum_Fproduct_carry_wide_(tmp); - FStar_UInt128_t b4 = tmp[4U]; - FStar_UInt128_t b0 = tmp[0U]; - FStar_UInt128_t - b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); - FStar_UInt128_t - b0_ = + b4 = tmp[4U]; + b0 = tmp[0U]; + b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); + b0_ = FStar_UInt128_add(b0, FStar_UInt128_mul_wide((uint64_t)19U, FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); tmp[4U] = b4_; tmp[0U] = b0_; Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); - uint64_t i0 = output[0U]; - uint64_t i1 = output[1U]; - uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; - uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); + i0 = output[0U]; + i1 = output[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); output[0U] = i0_; output[1U] = i1_; } @@ -286,17 +301,19 @@ static void Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, FStar_UInt128_t *tmp, uint32_t count1) { + uint32_t i; Hacl_Bignum_Fsquare_fsquare_(tmp, input); - for (uint32_t i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) + for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) Hacl_Bignum_Fsquare_fsquare_(tmp, input); } inline static void Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1) { - KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); FStar_UInt128_t t[5U]; - for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) + uint32_t _i; + KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); + for (_i = 0U; _i < (uint32_t)5U; ++_i) t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); memcpy(output, input, (uint32_t)5U * sizeof input[0U]); Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); @@ -305,9 +322,10 @@ inline static void Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1) { - KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); FStar_UInt128_t t[5U]; - for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) + uint32_t _i; + KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); + for (_i = 0U; _i < (uint32_t)5U; ++_i) t[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); } @@ -319,6 +337,13 @@ uint64_t *a = buf; uint64_t *t00 = buf + (uint32_t)5U; uint64_t *b0 = buf + (uint32_t)10U; + uint64_t *t01; + uint64_t *b1; + uint64_t *c0; + uint64_t *a0; + uint64_t *t0; + uint64_t *b; + uint64_t *c; Hacl_Bignum_Fsquare_fsquare_times(a, z, (uint32_t)1U); Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)2U); Hacl_Bignum_Fmul_fmul(b0, t00, z); @@ -326,9 +351,9 @@ Hacl_Bignum_Fsquare_fsquare_times(t00, a, (uint32_t)1U); Hacl_Bignum_Fmul_fmul(b0, t00, b0); Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U); - uint64_t *t01 = buf + (uint32_t)5U; - uint64_t *b1 = buf + (uint32_t)10U; - uint64_t *c0 = buf + (uint32_t)15U; + t01 = buf + (uint32_t)5U; + b1 = buf + (uint32_t)10U; + c0 = buf + (uint32_t)15U; Hacl_Bignum_Fmul_fmul(b1, t01, b1); Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U); Hacl_Bignum_Fmul_fmul(c0, t01, b1); @@ -337,10 +362,10 @@ Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U); Hacl_Bignum_Fmul_fmul(b1, t01, b1); Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U); - uint64_t *a0 = buf; - uint64_t *t0 = buf + (uint32_t)5U; - uint64_t *b = buf + (uint32_t)10U; - uint64_t *c = buf + (uint32_t)15U; + a0 = buf; + t0 = buf + (uint32_t)5U; + b = buf + (uint32_t)10U; + c = buf + (uint32_t)15U; Hacl_Bignum_Fmul_fmul(c, t0, b); Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U); Hacl_Bignum_Fmul_fmul(t0, t0, c); @@ -384,12 +409,17 @@ Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b) { uint64_t tmp[5U] = { 0U }; + uint64_t b0; + uint64_t b1; + uint64_t b2; + uint64_t b3; + uint64_t b4; memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]); - uint64_t b0 = tmp[0U]; - uint64_t b1 = tmp[1U]; - uint64_t b2 = tmp[2U]; - uint64_t b3 = tmp[3U]; - uint64_t b4 = tmp[4U]; + b0 = tmp[0U]; + b1 = tmp[1U]; + b2 = tmp[2U]; + b3 = tmp[3U]; + b4 = tmp[4U]; tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U; tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U; tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U; @@ -425,9 +455,14 @@ inline static void Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s) { - KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); FStar_UInt128_t tmp[5U]; - for (uint32_t _i = 0U; _i < (uint32_t)5U; ++_i) + uint32_t _i; + FStar_UInt128_t b4; + FStar_UInt128_t b0; + FStar_UInt128_t b4_; + FStar_UInt128_t b0_; + KRML_CHECK_SIZE(FStar_UInt128_uint64_to_uint128((uint64_t)0U), (uint32_t)5U); + for (_i = 0U; _i < (uint32_t)5U; ++_i) tmp[_i] = FStar_UInt128_uint64_to_uint128((uint64_t)0U); { uint64_t xi = b[0U]; @@ -450,12 +485,10 @@ tmp[4U] = FStar_UInt128_mul_wide(xi, s); } Hacl_Bignum_Fproduct_carry_wide_(tmp); - FStar_UInt128_t b4 = tmp[4U]; - FStar_UInt128_t b0 = tmp[0U]; - FStar_UInt128_t - b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); - FStar_UInt128_t - b0_ = + b4 = tmp[4U]; + b0 = tmp[0U]; + b4_ = FStar_UInt128_logand(b4, FStar_UInt128_uint64_to_uint128((uint64_t)0x7ffffffffffffU)); + b0_ = FStar_UInt128_add(b0, FStar_UInt128_mul_wide((uint64_t)19U, FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(b4, (uint32_t)51U)))); @@ -492,9 +525,10 @@ static void Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) { + uint32_t i; if (!(ctr == (uint32_t)0U)) { Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr); - uint32_t i = ctr - (uint32_t)1U; + i = ctr - (uint32_t)1U; Hacl_EC_Point_swap_conditional_(a, b, swap1, i); } } @@ -538,6 +572,16 @@ uint64_t *origxprime = buf + (uint32_t)5U; uint64_t *xxprime0 = buf + (uint32_t)25U; uint64_t *zzprime0 = buf + (uint32_t)30U; + uint64_t *origxprime0; + uint64_t *xx0; + uint64_t *zz0; + uint64_t *xxprime; + uint64_t *zzprime; + uint64_t *zzzprime; + uint64_t *zzz; + uint64_t *xx; + uint64_t *zz; + uint64_t scalar = (uint64_t)121665U; memcpy(origx, x, (uint32_t)5U * sizeof x[0U]); Hacl_Bignum_fsum(x, z); Hacl_Bignum_fdifference(z, origx); @@ -546,12 +590,12 @@ Hacl_Bignum_fdifference(zprime, origxprime); Hacl_Bignum_fmul(xxprime0, xprime, z); Hacl_Bignum_fmul(zzprime0, x, zprime); - uint64_t *origxprime0 = buf + (uint32_t)5U; - uint64_t *xx0 = buf + (uint32_t)15U; - uint64_t *zz0 = buf + (uint32_t)20U; - uint64_t *xxprime = buf + (uint32_t)25U; - uint64_t *zzprime = buf + (uint32_t)30U; - uint64_t *zzzprime = buf + (uint32_t)35U; + origxprime0 = buf + (uint32_t)5U; + xx0 = buf + (uint32_t)15U; + zz0 = buf + (uint32_t)20U; + xxprime = buf + (uint32_t)25U; + zzprime = buf + (uint32_t)30U; + zzzprime = buf + (uint32_t)35U; memcpy(origxprime0, xxprime, (uint32_t)5U * sizeof xxprime[0U]); Hacl_Bignum_fsum(xxprime, zzprime); Hacl_Bignum_fdifference(zzprime, origxprime0); @@ -560,12 +604,11 @@ Hacl_Bignum_fmul(z3, zzzprime, qx); Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U); Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U); - uint64_t *zzz = buf + (uint32_t)10U; - uint64_t *xx = buf + (uint32_t)15U; - uint64_t *zz = buf + (uint32_t)20U; + zzz = buf + (uint32_t)10U; + xx = buf + (uint32_t)15U; + zz = buf + (uint32_t)20U; Hacl_Bignum_fmul(x2, xx, zz); Hacl_Bignum_fdifference(zz, xx); - uint64_t scalar = (uint64_t)121665U; Hacl_Bignum_fscalar(zzz, zz, scalar); Hacl_Bignum_fsum(zzz, xx); Hacl_Bignum_fmul(z2, zzz, zz); @@ -581,9 +624,10 @@ uint8_t byt) { uint64_t bit = (uint64_t)(byt >> (uint32_t)7U); + uint64_t bit0; Hacl_EC_Point_swap_conditional(nq, nqpq, bit); Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q); - uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U); + bit0 = (uint64_t)(byt >> (uint32_t)7U); Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit0); } @@ -596,8 +640,9 @@ uint64_t *q, uint8_t byt) { + uint8_t byt1; Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt); - uint8_t byt1 = byt << (uint32_t)1U; + byt1 = byt << (uint32_t)1U; Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1); } @@ -613,8 +658,9 @@ { if (!(i == (uint32_t)0U)) { uint32_t i_ = i - (uint32_t)1U; + uint8_t byt_; Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt); - uint8_t byt_ = byt << (uint32_t)2U; + byt_ = byt << (uint32_t)2U; Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_); } } @@ -731,12 +777,16 @@ static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input) { + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; Hacl_EC_Format_fcontract_second_carry_pass(input); Hacl_Bignum_Modulo_carry_top(input); - uint64_t i0 = input[0U]; - uint64_t i1 = input[1U]; - uint64_t i0_ = i0 & (uint64_t)0x7ffffffffffffU; - uint64_t i1_ = i1 + (i0 >> (uint32_t)51U); + i0 = input[0U]; + i1 = input[1U]; + i0_ = i0 & (uint64_t)0x7ffffffffffffU; + i1_ = i1 + (i0 >> (uint32_t)51U); input[0U] = i0_; input[1U] = i1_; } @@ -817,22 +867,31 @@ uint64_t buf0[10U] = { 0U }; uint64_t *x0 = buf0; uint64_t *z = buf0 + (uint32_t)5U; + uint64_t *q; + uint8_t e[32U] = { 0U }; + uint8_t e0; + uint8_t e31; + uint8_t e01; + uint8_t e311; + uint8_t e312; + uint8_t *scalar; + uint64_t buf[15U] = { 0U }; + uint64_t *nq; + uint64_t *x; Hacl_EC_Format_fexpand(x0, basepoint); z[0U] = (uint64_t)1U; - uint64_t *q = buf0; - uint8_t e[32U] = { 0U }; + q = buf0; memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]); - uint8_t e0 = e[0U]; - uint8_t e31 = e[31U]; - uint8_t e01 = e0 & (uint8_t)248U; - uint8_t e311 = e31 & (uint8_t)127U; - uint8_t e312 = e311 | (uint8_t)64U; + e0 = e[0U]; + e31 = e[31U]; + e01 = e0 & (uint8_t)248U; + e311 = e31 & (uint8_t)127U; + e312 = e311 | (uint8_t)64U; e[0U] = e01; e[31U] = e312; - uint8_t *scalar = e; - uint64_t buf[15U] = { 0U }; - uint64_t *nq = buf; - uint64_t *x = nq; + scalar = e; + nq = buf; + x = nq; x[0U] = (uint64_t)1U; Hacl_EC_Ladder_cmult(nq, scalar, q); Hacl_EC_Format_scalar_of_point(mypublic, nq); diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.h misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.h --- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Curve25519.h 2018-10-21 22:18:23.286647000 -0700 @@ -13,6 +13,7 @@ * limitations under the License. */ +#include "secport.h" #include "kremlib.h" #ifndef __Hacl_Curve25519_H #define __Hacl_Curve25519_H diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.c misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.c --- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.c 2018-10-22 00:58:55.601973000 -0700 @@ -47,7 +47,8 @@ inline static void Hacl_Bignum_Fproduct_copy_from_wide_(uint32_t *output, uint64_t *input) { - for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { uint64_t xi = input[i]; output[i] = (uint32_t)xi; } @@ -56,7 +57,8 @@ inline static void Hacl_Bignum_Fproduct_sum_scalar_multiplication_(uint64_t *output, uint32_t *input, uint32_t s) { - for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { uint64_t xi = output[i]; uint32_t yi = input[i]; uint64_t x_wide = (uint64_t)yi; @@ -68,7 +70,8 @@ inline static void Hacl_Bignum_Fproduct_carry_wide_(uint64_t *tmp) { - for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { uint32_t ctr = i; uint64_t tctr = tmp[ctr]; uint64_t tctrp1 = tmp[ctr + (uint32_t)1U]; @@ -82,7 +85,8 @@ inline static void Hacl_Bignum_Fproduct_carry_limb_(uint32_t *tmp) { - for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { uint32_t ctr = i; uint32_t tctr = tmp[ctr]; uint32_t tctrp1 = tmp[ctr + (uint32_t)1U]; @@ -97,7 +101,8 @@ Hacl_Bignum_Fmul_shift_reduce(uint32_t *output) { uint32_t tmp = output[4U]; - for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U; uint32_t z = output[ctr - (uint32_t)1U]; output[ctr] = z; @@ -109,13 +114,15 @@ static void Hacl_Bignum_Fmul_mul_shift_reduce_(uint64_t *output, uint32_t *input, uint32_t *input2) { - for (uint32_t i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { + uint32_t i; + uint32_t input2i; + for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) { uint32_t input2i = input2[i]; Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); Hacl_Bignum_Fmul_shift_reduce(input); } - uint32_t i = (uint32_t)4U; - uint32_t input2i = input2[i]; + i = (uint32_t)4U; + input2i = input2[i]; Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); } @@ -123,16 +130,20 @@ Hacl_Bignum_Fmul_fmul(uint32_t *output, uint32_t *input, uint32_t *input2) { uint32_t tmp[5U] = { 0U }; - memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); uint64_t t[5U] = { 0U }; + uint32_t i0; + uint32_t i1; + uint32_t i0_; + uint32_t i1_; + memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); Hacl_Bignum_Fproduct_carry_wide_(t); Hacl_Bignum_Modulo_carry_top_wide(t); Hacl_Bignum_Fproduct_copy_from_wide_(output, t); - uint32_t i0 = output[0U]; - uint32_t i1 = output[1U]; - uint32_t i0_ = i0 & (uint32_t)0x3ffffffU; - uint32_t i1_ = i1 + (i0 >> (uint32_t)26U); + i0 = output[0U]; + i1 = output[1U]; + i0_ = i0 & (uint32_t)0x3ffffffU; + i1_ = i1 + (i0 >> (uint32_t)26U); output[0U] = i0_; output[1U] = i1_; } @@ -140,7 +151,8 @@ inline static void Hacl_Bignum_AddAndMultiply_add_and_multiply(uint32_t *acc, uint32_t *block, uint32_t *r) { - for (uint32_t i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { + uint32_t i; + for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) { uint32_t xi = acc[i]; uint32_t yi = block[i]; acc[i] = xi + yi; @@ -175,13 +187,15 @@ uint32_t r2 = i2 >> (uint32_t)4U & (uint32_t)0x3ffffffU; uint32_t r3 = i3 >> (uint32_t)6U & (uint32_t)0x3ffffffU; uint32_t r4 = i4 >> (uint32_t)8U; + uint32_t b4; + uint32_t b4_; tmp[0U] = r0; tmp[1U] = r1; tmp[2U] = r2; tmp[3U] = r3; tmp[4U] = r4; - uint32_t b4 = tmp[4U]; - uint32_t b4_ = (uint32_t)0x1000000U | b4; + b4 = tmp[4U]; + b4_ = (uint32_t)0x1000000U | b4; tmp[4U] = b4_; Hacl_Bignum_AddAndMultiply_add_and_multiply(acc, tmp, r5); } @@ -209,15 +223,19 @@ uint32_t r2 = i2 >> (uint32_t)4U & (uint32_t)0x3ffffffU; uint32_t r3 = i3 >> (uint32_t)6U & (uint32_t)0x3ffffffU; uint32_t r4 = i4 >> (uint32_t)8U; + Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; + uint32_t *h; + Hacl_Impl_Poly1305_32_State_poly1305_state scrut; + uint32_t *r; tmp[0U] = r0; tmp[1U] = r1; tmp[2U] = r2; tmp[3U] = r3; tmp[4U] = r4; - Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; - uint32_t *h = scrut0.h; - Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; - uint32_t *r = scrut.r; + scrut0 = st; + h = scrut0.h; + scrut = st; + r = scrut.r; Hacl_Bignum_AddAndMultiply_add_and_multiply(h, tmp, r); } @@ -228,12 +246,15 @@ uint64_t rem_) { uint8_t zero1 = (uint8_t)0U; - KRML_CHECK_SIZE(zero1, (uint32_t)16U); uint8_t block[16U]; - for (uint32_t _i = 0U; _i < (uint32_t)16U; ++_i) + uint32_t _i; + uint32_t i0; + uint32_t i; + KRML_CHECK_SIZE(zero1, (uint32_t)16U); + for (_i = 0U; _i < (uint32_t)16U; ++_i) block[_i] = zero1; - uint32_t i0 = (uint32_t)rem_; - uint32_t i = (uint32_t)rem_; + i0 = (uint32_t)rem_; + i = (uint32_t)rem_; memcpy(block, m, i * sizeof m[0U]); block[i0] = (uint8_t)1U; Hacl_Impl_Poly1305_32_poly1305_process_last_block_(block, st, m, rem_); @@ -242,69 +263,116 @@ static void Hacl_Impl_Poly1305_32_poly1305_last_pass(uint32_t *acc) { + uint32_t t0; + uint32_t t10; + uint32_t t20; + uint32_t t30; + uint32_t t40; + uint32_t t1_; + uint32_t mask_261; + uint32_t t0_; + uint32_t t2_; + uint32_t t1__; + uint32_t t3_; + uint32_t t2__; + uint32_t t4_; + uint32_t t3__; + uint32_t t00; + uint32_t t1; + uint32_t t2; + uint32_t t3; + uint32_t t4; + uint32_t t1_0; + uint32_t t0_0; + uint32_t t2_0; + uint32_t t1__0; + uint32_t t3_0; + uint32_t t2__0; + uint32_t t4_0; + uint32_t t3__0; + uint32_t i0; + uint32_t i1; + uint32_t i0_; + uint32_t i1_; + uint32_t a0; + uint32_t a1; + uint32_t a2; + uint32_t a3; + uint32_t a4; + uint32_t mask0; + uint32_t mask1; + uint32_t mask2; + uint32_t mask3; + uint32_t mask4; + uint32_t mask; + uint32_t a0_; + uint32_t a1_; + uint32_t a2_; + uint32_t a3_; + uint32_t a4_; Hacl_Bignum_Fproduct_carry_limb_(acc); Hacl_Bignum_Modulo_carry_top(acc); - uint32_t t0 = acc[0U]; - uint32_t t10 = acc[1U]; - uint32_t t20 = acc[2U]; - uint32_t t30 = acc[3U]; - uint32_t t40 = acc[4U]; - uint32_t t1_ = t10 + (t0 >> (uint32_t)26U); - uint32_t mask_261 = (uint32_t)0x3ffffffU; - uint32_t t0_ = t0 & mask_261; - uint32_t t2_ = t20 + (t1_ >> (uint32_t)26U); - uint32_t t1__ = t1_ & mask_261; - uint32_t t3_ = t30 + (t2_ >> (uint32_t)26U); - uint32_t t2__ = t2_ & mask_261; - uint32_t t4_ = t40 + (t3_ >> (uint32_t)26U); - uint32_t t3__ = t3_ & mask_261; + t0 = acc[0U]; + t10 = acc[1U]; + t20 = acc[2U]; + t30 = acc[3U]; + t40 = acc[4U]; + t1_ = t10 + (t0 >> (uint32_t)26U); + mask_261 = (uint32_t)0x3ffffffU; + t0_ = t0 & mask_261; + t2_ = t20 + (t1_ >> (uint32_t)26U); + t1__ = t1_ & mask_261; + t3_ = t30 + (t2_ >> (uint32_t)26U); + t2__ = t2_ & mask_261; + t4_ = t40 + (t3_ >> (uint32_t)26U); + t3__ = t3_ & mask_261; acc[0U] = t0_; acc[1U] = t1__; acc[2U] = t2__; acc[3U] = t3__; acc[4U] = t4_; Hacl_Bignum_Modulo_carry_top(acc); - uint32_t t00 = acc[0U]; - uint32_t t1 = acc[1U]; - uint32_t t2 = acc[2U]; - uint32_t t3 = acc[3U]; - uint32_t t4 = acc[4U]; - uint32_t t1_0 = t1 + (t00 >> (uint32_t)26U); - uint32_t t0_0 = t00 & (uint32_t)0x3ffffffU; - uint32_t t2_0 = t2 + (t1_0 >> (uint32_t)26U); - uint32_t t1__0 = t1_0 & (uint32_t)0x3ffffffU; - uint32_t t3_0 = t3 + (t2_0 >> (uint32_t)26U); - uint32_t t2__0 = t2_0 & (uint32_t)0x3ffffffU; - uint32_t t4_0 = t4 + (t3_0 >> (uint32_t)26U); - uint32_t t3__0 = t3_0 & (uint32_t)0x3ffffffU; + t00 = acc[0U]; + t1 = acc[1U]; + t2 = acc[2U]; + t3 = acc[3U]; + t4 = acc[4U]; + t1_0 = t1 + (t00 >> (uint32_t)26U); + t0_0 = t00 & (uint32_t)0x3ffffffU; + t2_0 = t2 + (t1_0 >> (uint32_t)26U); + t1__0 = t1_0 & (uint32_t)0x3ffffffU; + t3_0 = t3 + (t2_0 >> (uint32_t)26U); + t2__0 = t2_0 & (uint32_t)0x3ffffffU; + t4_0 = t4 + (t3_0 >> (uint32_t)26U); + t3__0 = t3_0 & (uint32_t)0x3ffffffU; acc[0U] = t0_0; acc[1U] = t1__0; acc[2U] = t2__0; acc[3U] = t3__0; acc[4U] = t4_0; Hacl_Bignum_Modulo_carry_top(acc); - uint32_t i0 = acc[0U]; - uint32_t i1 = acc[1U]; - uint32_t i0_ = i0 & (uint32_t)0x3ffffffU; - uint32_t i1_ = i1 + (i0 >> (uint32_t)26U); + i0 = acc[0U]; + i1 = acc[1U]; + i0_ = i0 & (uint32_t)0x3ffffffU; + i1_ = i1 + (i0 >> (uint32_t)26U); acc[0U] = i0_; acc[1U] = i1_; - uint32_t a0 = acc[0U]; - uint32_t a1 = acc[1U]; - uint32_t a2 = acc[2U]; - uint32_t a3 = acc[3U]; - uint32_t a4 = acc[4U]; - uint32_t mask0 = FStar_UInt32_gte_mask(a0, (uint32_t)0x3fffffbU); - uint32_t mask1 = FStar_UInt32_eq_mask(a1, (uint32_t)0x3ffffffU); - uint32_t mask2 = FStar_UInt32_eq_mask(a2, (uint32_t)0x3ffffffU); - uint32_t mask3 = FStar_UInt32_eq_mask(a3, (uint32_t)0x3ffffffU); - uint32_t mask4 = FStar_UInt32_eq_mask(a4, (uint32_t)0x3ffffffU); - uint32_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4; - uint32_t a0_ = a0 - ((uint32_t)0x3fffffbU & mask); - uint32_t a1_ = a1 - ((uint32_t)0x3ffffffU & mask); - uint32_t a2_ = a2 - ((uint32_t)0x3ffffffU & mask); - uint32_t a3_ = a3 - ((uint32_t)0x3ffffffU & mask); - uint32_t a4_ = a4 - ((uint32_t)0x3ffffffU & mask); + a0 = acc[0U]; + a1 = acc[1U]; + a2 = acc[2U]; + a3 = acc[3U]; + a4 = acc[4U]; + mask0 = FStar_UInt32_gte_mask(a0, (uint32_t)0x3fffffbU); + mask1 = FStar_UInt32_eq_mask(a1, (uint32_t)0x3ffffffU); + mask2 = FStar_UInt32_eq_mask(a2, (uint32_t)0x3ffffffU); + mask3 = FStar_UInt32_eq_mask(a3, (uint32_t)0x3ffffffU); + mask4 = FStar_UInt32_eq_mask(a4, (uint32_t)0x3ffffffU); + mask = (((mask0 & mask1) & mask2) & mask3) & mask4; + a0_ = a0 - ((uint32_t)0x3fffffbU & mask); + a1_ = a1 - ((uint32_t)0x3ffffffU & mask); + a2_ = a2 - ((uint32_t)0x3ffffffU & mask); + a3_ = a3 - ((uint32_t)0x3ffffffU & mask); + a4_ = a4 - ((uint32_t)0x3ffffffU & mask); acc[0U] = a0_; acc[1U] = a1_; acc[2U] = a2_; @@ -315,7 +383,10 @@ static Hacl_Impl_Poly1305_32_State_poly1305_state Hacl_Impl_Poly1305_32_mk_state(uint32_t *r, uint32_t *h) { - return ((Hacl_Impl_Poly1305_32_State_poly1305_state){.r = r, .h = h }); + Hacl_Impl_Poly1305_32_State_poly1305_state ret; + ret.r = r; + ret.h = h; + return (ret); } static void @@ -327,8 +398,9 @@ if (!(len1 == (uint64_t)0U)) { uint8_t *block = m; uint8_t *tail1 = m + (uint32_t)16U; + uint64_t len2; Hacl_Impl_Poly1305_32_poly1305_update(st, block); - uint64_t len2 = len1 - (uint64_t)1U; + len2 = len1 - (uint64_t)1U; Hacl_Standalone_Poly1305_32_poly1305_blocks(st, tail1, len2); } } @@ -363,14 +435,17 @@ uint32_t r4 = (uint32_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)104U)) & (uint32_t)0x3ffffffU; + Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; + uint32_t *h; + uint32_t *x00; x0[0U] = r0; x0[1U] = r1; x0[2U] = r2; x0[3U] = r3; x0[4U] = r4; - Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; - uint32_t *h = scrut0.h; - uint32_t *x00 = h; + scrut0 = st; + h = scrut0.h; + x00 = h; x00[0U] = (uint32_t)0U; x00[1U] = (uint32_t)0U; x00[2U] = (uint32_t)0U; @@ -391,12 +466,15 @@ uint64_t rem16 = len1 & (uint64_t)0xfU; uint8_t *part_input = m; uint8_t *last_block = m + (uint32_t)((uint64_t)16U * len16); + Hacl_Impl_Poly1305_32_State_poly1305_state scrut; + uint32_t *h; + uint32_t *acc; Hacl_Standalone_Poly1305_32_poly1305_partial(st, part_input, len16, kr); if (!(rem16 == (uint64_t)0U)) Hacl_Impl_Poly1305_32_poly1305_process_last_block(st, last_block, rem16); - Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; - uint32_t *h = scrut.h; - uint32_t *acc = h; + scrut = st; + h = scrut.h; + acc = h; Hacl_Impl_Poly1305_32_poly1305_last_pass(acc); } @@ -410,20 +488,31 @@ uint32_t buf[10U] = { 0U }; uint32_t *r = buf; uint32_t *h = buf + (uint32_t)5U; + uint8_t *key_s; + Hacl_Impl_Poly1305_32_State_poly1305_state scrut; + uint32_t *h5; + uint32_t *acc; + FStar_UInt128_t k_; + uint32_t h0; + uint32_t h1; + uint32_t h2; + uint32_t h3; + uint32_t h4; + FStar_UInt128_t acc_; + FStar_UInt128_t mac_; Hacl_Impl_Poly1305_32_State_poly1305_state st = Hacl_Impl_Poly1305_32_mk_state(r, h); - uint8_t *key_s = k1 + (uint32_t)16U; + key_s = k1 + (uint32_t)16U; Hacl_Standalone_Poly1305_32_poly1305_complete(st, input, len1, k1); - Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; - uint32_t *h5 = scrut.h; - uint32_t *acc = h5; - FStar_UInt128_t k_ = load128_le(key_s); - uint32_t h0 = acc[0U]; - uint32_t h1 = acc[1U]; - uint32_t h2 = acc[2U]; - uint32_t h3 = acc[3U]; - uint32_t h4 = acc[4U]; - FStar_UInt128_t - acc_ = + scrut = st; + h5 = scrut.h; + acc = h5; + k_ = load128_le(key_s); + h0 = acc[0U]; + h1 = acc[1U]; + h2 = acc[2U]; + h3 = acc[3U]; + h4 = acc[4U]; + acc_ = FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)h4), (uint32_t)104U), FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)h3), @@ -433,7 +522,7 @@ FStar_UInt128_logor(FStar_UInt128_shift_left(FStar_UInt128_uint64_to_uint128((uint64_t)h1), (uint32_t)26U), FStar_UInt128_uint64_to_uint128((uint64_t)h0))))); - FStar_UInt128_t mac_ = FStar_UInt128_add_mod(acc_, k_); + mac_ = FStar_UInt128_add_mod(acc_, k_); store128_le(output, mac_); } @@ -485,14 +574,17 @@ uint32_t r4 = (uint32_t)FStar_UInt128_uint128_to_uint64(FStar_UInt128_shift_right(k_clamped, (uint32_t)104U)) & (uint32_t)0x3ffffffU; + Hacl_Impl_Poly1305_32_State_poly1305_state scrut0; + uint32_t *h; + uint32_t *x00; x0[0U] = r0; x0[1U] = r1; x0[2U] = r2; x0[3U] = r3; x0[4U] = r4; - Hacl_Impl_Poly1305_32_State_poly1305_state scrut0 = st; - uint32_t *h = scrut0.h; - uint32_t *x00 = h; + scrut0 = st; + h = scrut0.h; + x00 = h; x00[0U] = (uint32_t)0U; x00[1U] = (uint32_t)0U; x00[2U] = (uint32_t)0U; @@ -529,11 +621,14 @@ uint8_t *m, uint32_t len1) { + Hacl_Impl_Poly1305_32_State_poly1305_state scrut; + uint32_t *h; + uint32_t *acc; if (!((uint64_t)len1 == (uint64_t)0U)) Hacl_Impl_Poly1305_32_poly1305_process_last_block(st, m, (uint64_t)len1); - Hacl_Impl_Poly1305_32_State_poly1305_state scrut = st; - uint32_t *h = scrut.h; - uint32_t *acc = h; + scrut = st; + h = scrut.h; + acc = h; Hacl_Impl_Poly1305_32_poly1305_last_pass(acc); } diff -ur misc/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.h misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.h --- misc/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/Hacl_Poly1305_32.h 2018-10-22 00:11:45.152423000 -0700 @@ -13,6 +13,7 @@ * limitations under the License. */ +#include "secport.h" #include "kremlib.h" #ifndef __Hacl_Poly1305_32_H #define __Hacl_Poly1305_32_H diff -ur misc/nss-3.39/nss/lib/freebl/verified/kremlib_base.h misc/build/nss-3.39/nss/lib/freebl/verified/kremlib_base.h --- misc/nss-3.39/nss/lib/freebl/verified/kremlib_base.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/freebl/verified/kremlib_base.h 2018-10-21 20:56:12.848112000 -0700 @@ -16,9 +16,26 @@ #ifndef __KREMLIB_BASE_H #define __KREMLIB_BASE_H -#include +#if defined(_MSC_VER) && _MSC_VER < 1800 + #define PRIx8 "x" + #define PRIx16 "x" + #define PRIx32 "x" + #ifdef _WIN64 + #define PRIx64 "lx" + #else + #define PRIx64 "llx" + #endif +#else + #include +#endif #include -#include +#if defined(_MSC_VER) && _MSC_VER < 1600 + #define false 0 + #define true 1 +typedef int bool; +#else + #include +#endif #include #include #include @@ -47,6 +64,9 @@ #ifdef __GNUC__ #define inline __inline__ +#endif +#if defined(_MSC_VER) +#define inline __inline #endif /* GCC-specific attribute syntax; everyone else gets the standard C inline diff -ur misc/nss-3.39/nss/lib/pk11wrap/pk11skey.c misc/build/nss-3.39/nss/lib/pk11wrap/pk11skey.c --- misc/nss-3.39/nss/lib/pk11wrap/pk11skey.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/pk11wrap/pk11skey.c 2018-10-22 01:25:27.313788000 -0700 @@ -2217,12 +2217,13 @@ /* old PKCS #11 spec was ambiguous on what needed to be passed, * try this again with an encoded public key */ if (crv != CKR_OK) { + SECItem *pubValue; /* For curves that only use X as public value and no encoding we don't * have to try again. (Currently only Curve25519) */ if (pk11_ECGetPubkeyEncoding(pubKey) == ECPoint_XOnly) { goto loser; } - SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, + pubValue = SEC_ASN1EncodeItem(NULL, NULL, &pubKey->u.ec.publicValue, SEC_ASN1_GET(SEC_OctetStringTemplate)); if (pubValue == NULL) { diff -ur misc/nss-3.39/nss/lib/pkcs7/p7create.c misc/build/nss-3.39/nss/lib/pkcs7/p7create.c --- misc/nss-3.39/nss/lib/pkcs7/p7create.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/pkcs7/p7create.c 2018-10-22 10:00:01.127657000 -0700 @@ -1263,6 +1263,7 @@ SECAlgorithmID *algid; SEC_PKCS7EncryptedData *enc_data; SECStatus rv; + SECAlgorithmID *pbe_algid; PORT_Assert(SEC_PKCS5IsAlgorithmPBEAlgTag(pbe_algorithm)); @@ -1274,7 +1275,6 @@ enc_data = cinfo->content.encryptedData; algid = &(enc_data->encContentInfo.contentEncAlg); - SECAlgorithmID *pbe_algid; pbe_algid = PK11_CreatePBEV2AlgorithmID(pbe_algorithm, cipher_algorithm, prf_algorithm, diff -ur misc/nss-3.39/nss/lib/softoken/pkcs11c.c misc/build/nss-3.39/nss/lib/softoken/pkcs11c.c --- misc/nss-3.39/nss/lib/softoken/pkcs11c.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/softoken/pkcs11c.c 2018-10-22 01:08:34.274286000 -0700 @@ -5125,8 +5125,9 @@ crv = sftk_AddAttributeType(publicKey, CKA_EC_POINT, sftk_item_expand(&ecPriv->publicValue)); } else { + SECItem *pubValue; PORT_FreeArena(ecParams->arena, PR_TRUE); - SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, + pubValue = SEC_ASN1EncodeItem(NULL, NULL, &ecPriv->publicValue, SEC_ASN1_GET(SEC_OctetStringTemplate)); if (!pubValue) { diff -ur misc/nss-3.39/nss/lib/softoken/sdb.c misc/build/nss-3.39/nss/lib/softoken/sdb.c --- misc/nss-3.39/nss/lib/softoken/sdb.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/softoken/sdb.c 2018-10-22 01:18:14.220773000 -0700 @@ -206,12 +206,13 @@ sdb_chmod(const char *filename, int pmode) { int result; + wchar_t *filenameWide; if (!filename) { return -1; } - wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); + filenameWide = _NSSUTIL_UTF8ToWide(filename); if (!filenameWide) { return -1; } diff -ur misc/nss-3.39/nss/lib/ssl/dtls13con.c misc/build/nss-3.39/nss/lib/ssl/dtls13con.c --- misc/nss-3.39/nss/lib/ssl/dtls13con.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/dtls13con.c 2018-10-22 01:31:19.795730000 -0700 @@ -64,7 +64,7 @@ } DTLSHandshakeRecordEntry; /* Combine the epoch and sequence number into a single value. */ -static inline sslSequenceNumber +static __inline sslSequenceNumber dtls_CombineSequenceNumber(DTLSEpoch epoch, sslSequenceNumber seqNum) { PORT_Assert(seqNum <= RECORD_SEQ_MAX); diff -ur misc/nss-3.39/nss/lib/ssl/selfencrypt.c misc/build/nss-3.39/nss/lib/ssl/selfencrypt.c --- misc/nss-3.39/nss/lib/ssl/selfencrypt.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/selfencrypt.c 2018-10-22 03:36:02.726686000 -0700 @@ -193,6 +193,14 @@ PRUint8 *out, unsigned int *outLen, unsigned int maxOutLen) { sslReader reader = SSL_READER(in, inLen); + sslReadBuffer ivBuffer = { 0 }; + PRUint64 cipherTextLen = 0; + sslReadBuffer cipherTextBuffer = { 0 }; + unsigned int bytesToMac; + sslReadBuffer encodedMacBuffer = { 0 }; + unsigned char computedMac[SHA256_LENGTH]; + unsigned int computedMacLen = 0; + SECItem ivItem = { siBuffer, (unsigned char *)ivBuffer.buf, AES_BLOCK_SIZE }; sslReadBuffer encodedKeyNameBuffer = { 0 }; SECStatus rv = sslRead_Read(&reader, SELF_ENCRYPT_KEY_NAME_LEN, @@ -201,26 +209,22 @@ return SECFailure; } - sslReadBuffer ivBuffer = { 0 }; rv = sslRead_Read(&reader, AES_BLOCK_SIZE, &ivBuffer); if (rv != SECSuccess) { return SECFailure; } - PRUint64 cipherTextLen = 0; rv = sslRead_ReadNumber(&reader, 2, &cipherTextLen); if (rv != SECSuccess) { return SECFailure; } - sslReadBuffer cipherTextBuffer = { 0 }; rv = sslRead_Read(&reader, (unsigned int)cipherTextLen, &cipherTextBuffer); if (rv != SECSuccess) { return SECFailure; } - unsigned int bytesToMac = reader.offset; + bytesToMac = reader.offset; - sslReadBuffer encodedMacBuffer = { 0 }; rv = sslRead_Read(&reader, SHA256_LENGTH, &encodedMacBuffer); if (rv != SECSuccess) { return SECFailure; @@ -240,8 +244,6 @@ } /* 2. Check the MAC */ - unsigned char computedMac[SHA256_LENGTH]; - unsigned int computedMacLen = 0; rv = ssl_MacBuffer(macKey, CKM_SHA256_HMAC, in, bytesToMac, computedMac, &computedMacLen, sizeof(computedMac)); if (rv != SECSuccess) { @@ -254,7 +256,6 @@ } /* 3. OK, it verifies, now decrypt. */ - SECItem ivItem = { siBuffer, (unsigned char *)ivBuffer.buf, AES_BLOCK_SIZE }; rv = PK11_Decrypt(encKey, CKM_AES_CBC_PAD, &ivItem, out, outLen, maxOutLen, cipherTextBuffer.buf, cipherTextLen); if (rv != SECSuccess) { diff -ur misc/nss-3.39/nss/lib/ssl/ssl3con.c misc/build/nss-3.39/nss/lib/ssl/ssl3con.c --- misc/nss-3.39/nss/lib/ssl/ssl3con.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/ssl3con.c 2018-10-22 01:44:48.945390000 -0700 @@ -5718,6 +5718,7 @@ SECStatus rv = SECFailure; SECItem enc_pms = { siBuffer, NULL, 0 }; PRBool isTLS; + unsigned int svrPubKeyBits; PORT_Assert(ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss)); PORT_Assert(ss->opt.noLocks || ssl_HaveXmitBufLock(ss)); @@ -5734,7 +5735,7 @@ } /* Get the wrapped (encrypted) pre-master secret, enc_pms */ - unsigned int svrPubKeyBits = SECKEY_PublicKeyStrengthInBits(svrPubKey); + svrPubKeyBits = SECKEY_PublicKeyStrengthInBits(svrPubKey); enc_pms.len = (svrPubKeyBits + 7) / 8; /* Check that the RSA key isn't larger than 8k bit. */ if (svrPubKeyBits > SSL_MAX_RSA_KEY_BITS) { @@ -8123,6 +8124,7 @@ ssl_GenerateServerRandom(sslSocket *ss) { SECStatus rv = ssl3_GetNewRandom(ss->ssl3.hs.server_random); + PRUint8 *downgradeSentinel; if (rv != SECSuccess) { return SECFailure; } @@ -8154,7 +8156,7 @@ * * 44 4F 57 4E 47 52 44 00 */ - PRUint8 *downgradeSentinel = + downgradeSentinel = ss->ssl3.hs.server_random + SSL3_RANDOM_LENGTH - sizeof(tls13_downgrade_random); @@ -11986,11 +11988,13 @@ } for (i = 0; i < toCheck; i++) { + unsigned char mask; + unsigned char b; t = paddingLength - i; /* If i <= paddingLength then the MSB of t is zero and mask is * 0xff. Otherwise, mask is 0. */ - unsigned char mask = DUPLICATE_MSB_TO_ALL(~t); - unsigned char b = plaintext->buf[plaintext->len - 1 - i]; + mask = DUPLICATE_MSB_TO_ALL(~t); + b = plaintext->buf[plaintext->len - 1 - i]; /* The final |paddingLength+1| bytes should all have the value * |paddingLength|. Therefore the XOR should be zero. */ good &= ~(mask & (paddingLength ^ b)); @@ -12532,6 +12536,7 @@ } if (rv != SECSuccess) { + int errCode; ssl_ReleaseSpecReadLock(ss); /***************************/ SSL_DBG(("%d: SSL3[%d]: decryption failed", SSL_GETPID(), ss->fd)); @@ -12562,7 +12567,7 @@ return SECSuccess; } - int errCode = PORT_GetError(); + errCode = PORT_GetError(); SSL3_SendAlert(ss, alert_fatal, alert); /* Reset the error code in case SSL3_SendAlert called * PORT_SetError(). */ diff -ur misc/nss-3.39/nss/lib/ssl/ssl3exthandle.c misc/build/nss-3.39/nss/lib/ssl/ssl3exthandle.c --- misc/nss-3.39/nss/lib/ssl/ssl3exthandle.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/ssl3exthandle.c 2018-10-22 02:03:24.559698000 -0700 @@ -1915,6 +1915,8 @@ sslBuffer *buf, PRBool *added) { PRUint32 maxLimit; + PRUint32 limit; + SECStatus rv; if (ss->sec.isServer) { maxLimit = (ss->version >= SSL_LIBRARY_VERSION_TLS_1_3) ? (MAX_FRAGMENT_LENGTH + 1) @@ -1924,8 +1926,8 @@ ? (MAX_FRAGMENT_LENGTH + 1) : MAX_FRAGMENT_LENGTH; } - PRUint32 limit = PR_MIN(ss->opt.recordSizeLimit, maxLimit); - SECStatus rv = sslBuffer_AppendNumber(buf, limit, 2); + limit = PR_MIN(ss->opt.recordSizeLimit, maxLimit); + rv = sslBuffer_AppendNumber(buf, limit, 2); if (rv != SECSuccess) { return SECFailure; } diff -ur misc/nss-3.39/nss/lib/ssl/sslbloom.c misc/build/nss-3.39/nss/lib/ssl/sslbloom.c --- misc/nss-3.39/nss/lib/ssl/sslbloom.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/sslbloom.c 2018-10-22 01:50:48.294197000 -0700 @@ -10,7 +10,7 @@ #include "prnetdb.h" #include "secport.h" -static inline unsigned int +static __inline unsigned int sslBloom_Size(unsigned int bits) { return (bits >= 3) ? (1 << (bits - 3)) : 1; diff -ur misc/nss-3.39/nss/lib/ssl/sslencode.c misc/build/nss-3.39/nss/lib/ssl/sslencode.c --- misc/nss-3.39/nss/lib/ssl/sslencode.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/sslencode.c 2018-10-22 01:55:55.317356000 -0700 @@ -214,6 +214,8 @@ SECStatus sslRead_ReadNumber(sslReader *reader, unsigned int bytes, PRUint64 *num) { + unsigned int i; + PRUint64 number = 0; if (!reader || !num) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -224,8 +226,6 @@ PORT_SetError(SEC_ERROR_BAD_DATA); return SECFailure; } - unsigned int i; - PRUint64 number = 0; for (i = 0; i < bytes; i++) { number = (number << 8) + reader->buf.buf[i + reader->offset]; } diff -ur misc/nss-3.39/nss/lib/ssl/sslnonce.c misc/build/nss-3.39/nss/lib/ssl/sslnonce.c --- misc/nss-3.39/nss/lib/ssl/sslnonce.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/sslnonce.c 2018-10-22 02:55:25.098750000 -0700 @@ -439,6 +439,10 @@ ssl_DecodeResumptionToken(sslSessionID *sid, const PRUint8 *encodedToken, PRUint32 encodedTokenLen) { + sslReader reader; + PRUint64 tmpInt = 0; + sslReadBuffer readerBuffer = { 0 }; + PORT_Assert(encodedTokenLen); PORT_Assert(encodedToken); PORT_Assert(sid); @@ -454,10 +458,11 @@ } /* These variables are used across macros. Don't use them outside. */ - sslReader reader = SSL_READER(encodedToken, encodedTokenLen); + // sslReader reader = SSL_READER(encodedToken, encodedTokenLen); + reader.buf.buf = encodedToken; + reader.buf.len = encodedTokenLen; + reader.offset = 0; reader.offset += 1; // We read the version already. Skip the first byte. - sslReadBuffer readerBuffer = { 0 }; - PRUint64 tmpInt = 0; if (sslRead_ReadNumber(&reader, 8, &tmpInt) != SECSuccess) { return SECFailure; @@ -494,9 +499,13 @@ return SECFailure; } if (readerBuffer.len) { + SECItem tempItem; PORT_Assert(!sid->peerCert); - SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, - readerBuffer.len }; + // tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, + // readerBuffer.len }; + tempItem.type = siBuffer; + tempItem.data = (unsigned char *)readerBuffer.buf; + tempItem.len = readerBuffer.len; sid->peerCert = CERT_NewTempCertificate(NULL, /* dbHandle */ &tempItem, NULL, PR_FALSE, PR_TRUE); @@ -510,12 +519,16 @@ return SECFailure; } if (readerBuffer.len) { + SECItem tempItem; SECITEM_AllocArray(NULL, &sid->peerCertStatus, 1); if (!sid->peerCertStatus.items) { return SECFailure; } - SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, - readerBuffer.len }; + // SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, + // readerBuffer.len }; + tempItem.type = siBuffer; + tempItem.data = (unsigned char *)readerBuffer.buf; + tempItem.len = readerBuffer.len; SECITEM_CopyItem(NULL, &sid->peerCertStatus.items[0], &tempItem); } @@ -545,9 +558,13 @@ return SECFailure; } if (readerBuffer.len) { + SECItem tempItem; PORT_Assert(!sid->localCert); - SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, - readerBuffer.len }; + //SECItem tempItem = { siBuffer, (unsigned char *)readerBuffer.buf, + // readerBuffer.len }; + tempItem.type = siBuffer; + tempItem.data = (unsigned char *)readerBuffer.buf; + tempItem.len = readerBuffer.len; sid->localCert = CERT_NewTempCertificate(NULL, /* dbHandle */ &tempItem, NULL, PR_FALSE, PR_TRUE); @@ -706,13 +723,15 @@ PRBool ssl_IsResumptionTokenValid(sslSocket *ss) { + sslSessionID *sid; + PRTime endTime = 0; + NewSessionTicket *ticket; PORT_Assert(ss); - sslSessionID *sid = ss->sec.ci.sid; + sid = ss->sec.ci.sid; PORT_Assert(sid); // Check that the ticket didn't expire. - PRTime endTime = 0; - NewSessionTicket *ticket = &sid->u.ssl3.locked.sessionTicket; + ticket = &sid->u.ssl3.locked.sessionTicket; if (ticket->ticket_lifetime_hint != 0) { endTime = ticket->received_timestamp + (PRTime)(ticket->ticket_lifetime_hint * PR_USEC_PER_SEC); @@ -746,6 +765,9 @@ static SECStatus ssl_EncodeResumptionToken(sslSessionID *sid, sslBuffer *encodedTokenBuf) { + SECStatus rv; + PRUint64 len; + PORT_Assert(encodedTokenBuf); PORT_Assert(sid); if (!sid || !sid->u.ssl3.locked.sessionTicket.ticket.len || @@ -760,7 +782,7 @@ * SECItems are prepended with a 64-bit length field followed by the bytes. * Optional bytes are encoded as a 0-length item if not present. */ - SECStatus rv = sslBuffer_AppendNumber(encodedTokenBuf, + rv = sslBuffer_AppendNumber(encodedTokenBuf, SSLResumptionTokenVersion, 1); if (rv != SECSuccess) { return SECFailure; @@ -843,7 +865,7 @@ } } - PRUint64 len = sid->peerID ? strlen(sid->peerID) : 0; + len = sid->peerID ? strlen(sid->peerID) : 0; if (len > PR_UINT8_MAX) { // This string really shouldn't be that long. PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); @@ -1052,8 +1074,11 @@ void ssl_CacheExternalToken(sslSocket *ss) { + sslSessionID *sid; + sslBuffer encodedToken = SSL_BUFFER_EMPTY; + PORT_Assert(ss); - sslSessionID *sid = ss->sec.ci.sid; + sid = ss->sec.ci.sid; PORT_Assert(sid); PORT_Assert(sid->cached == never_cached); PORT_Assert(ss->resumptionTokenCallback); @@ -1083,8 +1108,6 @@ sid->expirationTime = sid->creationTime + ssl3_sid_timeout; } - sslBuffer encodedToken = SSL_BUFFER_EMPTY; - if (ssl_EncodeResumptionToken(sid, &encodedToken) != SECSuccess) { SSL_TRC(3, ("SSL [%d]: encoding resumption token failed", ss->fd)); return; @@ -1127,11 +1150,12 @@ void ssl_UncacheSessionID(sslSocket *ss) { + sslSecurityInfo *sec; if (ss->opt.noCache) { return; } - sslSecurityInfo *sec = &ss->sec; + sec = &ss->sec; PORT_Assert(sec); if (sec->ci.sid) { diff -ur misc/nss-3.39/nss/lib/ssl/sslsnce.c misc/build/nss-3.39/nss/lib/ssl/sslsnce.c --- misc/nss-3.39/nss/lib/ssl/sslsnce.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/sslsnce.c 2018-10-22 03:10:53.707928000 -0700 @@ -732,11 +732,11 @@ void ssl_ServerCacheSessionID(sslSessionID *sid) { - PORT_Assert(sid); - sidCacheEntry sce; PRUint32 now = 0; cacheDesc *cache = &globalCache; + + PORT_Assert(sid); if (sid->u.ssl3.sessionIDLength == 0) { return; diff -ur misc/nss-3.39/nss/lib/ssl/sslsock.c misc/build/nss-3.39/nss/lib/ssl/sslsock.c --- misc/nss-3.39/nss/lib/ssl/sslsock.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/sslsock.c 2018-10-22 03:26:21.638950000 -0700 @@ -53,38 +53,38 @@ ** default settings for socket enables */ static sslOptions ssl_defaults = { - .nextProtoNego = { siBuffer, NULL, 0 }, - .maxEarlyDataSize = 1 << 16, - .recordSizeLimit = MAX_FRAGMENT_LENGTH + 1, - .useSecurity = PR_TRUE, - .useSocks = PR_FALSE, - .requestCertificate = PR_FALSE, - .requireCertificate = SSL_REQUIRE_FIRST_HANDSHAKE, - .handshakeAsClient = PR_FALSE, - .handshakeAsServer = PR_FALSE, - .noCache = PR_FALSE, - .fdx = PR_FALSE, - .detectRollBack = PR_TRUE, - .noLocks = PR_FALSE, - .enableSessionTickets = PR_FALSE, - .enableDeflate = PR_FALSE, - .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN, - .requireSafeNegotiation = PR_FALSE, - .enableFalseStart = PR_FALSE, - .cbcRandomIV = PR_TRUE, - .enableOCSPStapling = PR_FALSE, - .enableALPN = PR_TRUE, - .reuseServerECDHEKey = PR_TRUE, - .enableFallbackSCSV = PR_FALSE, - .enableServerDhe = PR_TRUE, - .enableExtendedMS = PR_FALSE, - .enableSignedCertTimestamps = PR_FALSE, - .requireDHENamedGroups = PR_FALSE, - .enable0RttData = PR_FALSE, - .enableTls13CompatMode = PR_FALSE, - .enableDtlsShortHeader = PR_FALSE, - .enableHelloDowngradeCheck = PR_FALSE, - .enableV2CompatibleHello = PR_FALSE + /* .nextProtoNego = */ { siBuffer, NULL, 0 }, + /* .recordSizeLimit = */ MAX_FRAGMENT_LENGTH + 1, + /* .maxEarlyDataSize = */ 1 << 16, + /* .useSecurity = */ PR_TRUE, + /* .useSocks = */ PR_FALSE, + /* .requestCertificate = */ PR_FALSE, + /* .requireCertificate = */ SSL_REQUIRE_FIRST_HANDSHAKE, + /* .handshakeAsClient = */ PR_FALSE, + /* .handshakeAsServer = */ PR_FALSE, + /* .noCache = */ PR_FALSE, + /* .fdx = */ PR_FALSE, + /* .detectRollBack = */ PR_TRUE, + /* .noLocks = */ PR_FALSE, + /* .enableSessionTickets = */ PR_FALSE, + /* .enableDeflate = */ PR_FALSE, + /* .enableRenegotiation = */ SSL_RENEGOTIATE_REQUIRES_XTN, + /* .requireSafeNegotiation = */ PR_FALSE, + /* .enableFalseStart = */ PR_FALSE, + /* .cbcRandomIV = */ PR_TRUE, + /* .enableOCSPStapling = */ PR_FALSE, + /* .enableALPN = */ PR_TRUE, + /* .reuseServerECDHEKey = */ PR_TRUE, + /* .enableFallbackSCSV = */ PR_FALSE, + /* .enableServerDhe = */ PR_TRUE, + /* .enableExtendedMS = */ PR_FALSE, + /* .enableSignedCertTimestamps = */ PR_FALSE, + /* .requireDHENamedGroups = */ PR_FALSE, + /* .enable0RttData = */ PR_FALSE, + /* .enableTls13CompatMode = */ PR_FALSE, + /* .enableDtlsShortHeader = */ PR_FALSE, + /* .enableHelloDowngradeCheck = */ PR_FALSE, + /* .enableV2CompatibleHello = */ PR_FALSE }; /* @@ -2032,6 +2032,7 @@ unsigned int length) { sslSocket *ss; + size_t firstLen; ss = ssl_FindSocket(fd); if (!ss) { @@ -2050,7 +2051,7 @@ ssl_GetSSL3HandshakeLock(ss); SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE); SECITEM_AllocItem(NULL, &ss->opt.nextProtoNego, length); - size_t firstLen = data[0] + 1; + firstLen = data[0] + 1; /* firstLen <= length is ensured by ssl3_ValidateAppProtocol. */ PORT_Memcpy(ss->opt.nextProtoNego.data + (length - firstLen), data, firstLen); PORT_Memcpy(ss->opt.nextProtoNego.data, data + firstLen, length - firstLen); @@ -4079,6 +4080,7 @@ unsigned int len) { sslSocket *ss = ssl_FindSocket(fd); + SECStatus rv; if (!ss) { SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetResumptionToken", @@ -4109,7 +4111,7 @@ } /* Populate NewSessionTicket values */ - SECStatus rv = ssl_DecodeResumptionToken(ss->sec.ci.sid, token, len); + rv = ssl_DecodeResumptionToken(ss->sec.ci.sid, token, len); if (rv != SECSuccess) { // If decoding fails, we assume the token is bad. PORT_SetError(SSL_ERROR_BAD_RESUMPTION_TOKEN_ERROR); @@ -4163,13 +4165,14 @@ SSLExp_GetResumptionTokenInfo(const PRUint8 *tokenData, unsigned int tokenLen, SSLResumptionTokenInfo *tokenOut, PRUintn len) { + sslSessionID sid = { 0 }; + SSLResumptionTokenInfo token; + if (!tokenData || !tokenOut || !tokenLen || len > sizeof(SSLResumptionTokenInfo)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } - sslSessionID sid = { 0 }; - SSLResumptionTokenInfo token; /* Populate sid values */ if (ssl_DecodeResumptionToken(&sid, tokenData, tokenLen) != SECSuccess) { diff -ur misc/nss-3.39/nss/lib/ssl/tls13exthandle.c misc/build/nss-3.39/nss/lib/ssl/tls13exthandle.c --- misc/nss-3.39/nss/lib/ssl/tls13exthandle.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/tls13exthandle.c 2018-10-22 03:41:59.569200000 -0700 @@ -773,6 +773,7 @@ sslBuffer *buf, PRBool *added) { SECStatus rv; + PRUint16 ver; if (ss->version < SSL_LIBRARY_VERSION_TLS_1_3) { return SECSuccess; @@ -781,7 +782,7 @@ SSL_TRC(3, ("%d: TLS13[%d]: server send supported_versions extension", SSL_GETPID(), ss->fd)); - PRUint16 ver = tls13_EncodeDraftVersion(SSL_LIBRARY_VERSION_TLS_1_3, + ver = tls13_EncodeDraftVersion(SSL_LIBRARY_VERSION_TLS_1_3, ss->protocolVariant); rv = sslBuffer_AppendNumber(buf, ver, 2); if (rv != SECSuccess) { diff -ur misc/nss-3.39/nss/lib/ssl/tls13hashstate.c misc/build/nss-3.39/nss/lib/ssl/tls13hashstate.c --- misc/nss-3.39/nss/lib/ssl/tls13hashstate.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/ssl/tls13hashstate.c 2018-10-22 04:03:39.133885000 -0700 @@ -95,6 +95,9 @@ PRUint64 group; const sslNamedGroupDef *selectedGroup; PRUint64 appTokenLen; + sslReader reader = SSL_READER(plaintext, plaintextLen); + sslReadBuffer appTokenReader = { 0 }; + unsigned int hashLen; rv = ssl_SelfEncryptUnprotect(ss, cookie, cookieLen, plaintext, &plaintextLen, sizeof(plaintext)); @@ -102,7 +105,10 @@ return SECFailure; } - sslReader reader = SSL_READER(plaintext, plaintextLen); + // reader = SSL_READER(plaintext, plaintextLen); + reader.buf.buf = plaintext; + reader.buf.len = plaintextLen; + reader.offset = 0; /* Should start with 0xff. */ rv = sslRead_ReadNumber(&reader, 1, &sentinel); @@ -138,7 +144,6 @@ return SECFailure; } ss->xtnData.applicationToken.len = appTokenLen; - sslReadBuffer appTokenReader = { 0 }; rv = sslRead_Read(&reader, appTokenLen, &appTokenReader); if (rv != SECSuccess) { FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter); @@ -148,7 +153,7 @@ PORT_Memcpy(ss->xtnData.applicationToken.data, appTokenReader.buf, appTokenLen); /* The remainder is the hash. */ - unsigned int hashLen = SSL_READER_REMAINING(&reader); + hashLen = SSL_READER_REMAINING(&reader); if (hashLen != tls13_GetHashSize(ss)) { FATAL_ERROR(ss, SSL_ERROR_RX_MALFORMED_CLIENT_HELLO, illegal_parameter); return SECFailure; diff -ur misc/nss-3.39/nss/lib/util/quickder.c misc/build/nss-3.39/nss/lib/util/quickder.c --- misc/nss-3.39/nss/lib/util/quickder.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/util/quickder.c 2018-09-10 17:24:47.548844000 -0700 @@ -408,11 +408,12 @@ { const SEC_ASN1Template* ptrTemplate = SEC_ASN1GetSubtemplate(templateEntry, dest, PR_FALSE); + void* subdata; if (!ptrTemplate) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } - void* subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size); + subdata = PORT_ArenaZAlloc(arena, ptrTemplate->size); *(void**)((char*)dest + templateEntry->offset) = subdata; if (subdata) { return DecodeItem(subdata, ptrTemplate, src, arena, checkTag); diff -ur misc/nss-3.39/nss/lib/util/secport.c misc/build/nss-3.39/nss/lib/util/secport.c --- misc/nss-3.39/nss/lib/util/secport.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/util/secport.c 2018-10-21 01:46:42.919736000 -0700 @@ -21,7 +21,23 @@ #include "prenv.h" #include "prinit.h" -#include +#if defined(_MSC_VER) && _MSC_VER < 1600 + #ifdef _WIN64 +typedef unsigned __int64 uintptr_t; + #else +typedef unsigned int uintptr_t; + #endif +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +#define UINT8_MAX 0xff +#define UINT16_MAX 0xffff +#define UINT32_MAX 0xffffffffu +#define UINT64_MAX 0xffffffffffffffffU +#else + #include +#endif #ifdef DEBUG #define THREADMARK @@ -150,13 +166,14 @@ void * PORT_ZAllocAlignedOffset(size_t size, size_t alignment, size_t offset) { + void *mem = NULL; + void *v; PORT_Assert(offset < size); if (offset > size) { return NULL; } - void *mem = NULL; - void *v = PORT_ZAllocAligned(size, alignment, &mem); + v = PORT_ZAllocAligned(size, alignment, &mem); if (!v) { return NULL; } diff -ur misc/nss-3.39/nss/lib/util/secport.h misc/build/nss-3.39/nss/lib/util/secport.h --- misc/nss-3.39/nss/lib/util/secport.h 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/util/secport.h 2018-10-21 20:43:01.473838000 -0700 @@ -45,7 +45,30 @@ #include #include #include -#include +#if defined(_MSC_VER) && _MSC_VER < 1600 + #ifdef _WIN64 +typedef unsigned __int64 uintptr_t; + #else +typedef unsigned int uintptr_t; + #endif +typedef unsigned char uint8_t; +typedef unsigned short uint16_t; +typedef unsigned int uint32_t; +typedef unsigned __int64 uint64_t; +typedef char int8_t; +typedef short int16_t; +typedef int int32_t; +typedef __int64 int64_t; +#define UINT8_MAX 0xff +#define UINT16_MAX 0xffff +#define UINT32_MAX 0xffffffffu +#define UINT64_MAX 0xffffffffffffffffU +#define UINT64_C(x) ((x) + (UINT64_MAX - UINT64_MAX)) +#define INT32_MIN (-0x7fffffff - 1) +#define INT32_MAX 0x7fffffff +#else + #include +#endif #include "prtypes.h" #include "prlog.h" /* for PR_ASSERT */ #include "plarena.h" diff -ur misc/nss-3.39/nss/lib/util/utilmod.c misc/build/nss-3.39/nss/lib/util/utilmod.c --- misc/nss-3.39/nss/lib/util/utilmod.c 2018-08-31 05:55:53.000000000 -0700 +++ misc/build/nss-3.39/nss/lib/util/utilmod.c 2018-09-11 01:58:56.505884000 -0700 @@ -75,12 +75,13 @@ os_open(const char *filename, int oflag, int pmode) { int fd; + wchar_t *filenameWide; if (!filename) { return -1; } - wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); + filenameWide = _NSSUTIL_UTF8ToWide(filename); if (!filenameWide) { return -1; } @@ -94,12 +95,13 @@ os_stat(const char *path, os_stat_type *buffer) { int result; + wchar_t *pathWide; if (!path) { return -1; } - wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path); + pathWide = _NSSUTIL_UTF8ToWide(path); if (!pathWide) { return -1; } @@ -113,16 +115,18 @@ os_fopen(const char *filename, const char *mode) { FILE *fp; + wchar_t *filenameWide; + wchar_t *modeWide; if (!filename || !mode) { return NULL; } - wchar_t *filenameWide = _NSSUTIL_UTF8ToWide(filename); + filenameWide = _NSSUTIL_UTF8ToWide(filename); if (!filenameWide) { return NULL; } - wchar_t *modeWide = _NSSUTIL_UTF8ToWide(mode); + modeWide = _NSSUTIL_UTF8ToWide(mode); if (!modeWide) { PORT_Free(filenameWide); return NULL; @@ -138,12 +142,13 @@ _NSSUTIL_Access(const char *path, PRAccessHow how) { int result; + int mode; + wchar_t *pathWide; if (!path) { return PR_FAILURE; } - int mode; switch (how) { case PR_ACCESS_WRITE_OK: mode = 2; @@ -158,7 +163,7 @@ return PR_FAILURE; } - wchar_t *pathWide = _NSSUTIL_UTF8ToWide(path); + pathWide = _NSSUTIL_UTF8ToWide(path); if (!pathWide) { return PR_FAILURE; } @@ -172,12 +177,13 @@ nssutil_Delete(const char *name) { BOOL result; + wchar_t *nameWide; if (!name) { return PR_FAILURE; } - wchar_t *nameWide = _NSSUTIL_UTF8ToWide(name); + nameWide = _NSSUTIL_UTF8ToWide(name); if (!nameWide) { return PR_FAILURE; } @@ -191,16 +197,18 @@ nssutil_Rename(const char *from, const char *to) { BOOL result; + wchar_t *fromWide; + wchar_t *toWide; if (!from || !to) { return PR_FAILURE; } - wchar_t *fromWide = _NSSUTIL_UTF8ToWide(from); + fromWide = _NSSUTIL_UTF8ToWide(from); if (!fromWide) { return PR_FAILURE; } - wchar_t *toWide = _NSSUTIL_UTF8ToWide(to); + toWide = _NSSUTIL_UTF8ToWide(to); if (!toWide) { PORT_Free(fromWide); return PR_FAILURE;